Class: Aws::EKS::Types::OidcIdentityProviderConfigRequest

Inherits:
Struct
  • Object
show all
Includes:
Structure
Defined in:
lib/aws-sdk-eks/types.rb

Overview

Note:

When making an API call, you may pass OidcIdentityProviderConfigRequest data as a hash:

{
  identity_provider_config_name: "String", # required
  issuer_url: "String", # required
  client_id: "String", # required
  username_claim: "String",
  username_prefix: "String",
  groups_claim: "String",
  groups_prefix: "String",
  required_claims: {
    "requiredClaimsKey" => "requiredClaimsValue",
  },
}

An object representing an OpenID Connect (OIDC) configuration. Before associating an OIDC identity provider to your cluster, review the considerations in [Authenticating users for your cluster from an OpenID Connect identity provider] in the *Amazon EKS User Guide*.

[1]: docs.aws.amazon.com/eks/latest/userguide/authenticate-oidc-identity-provider.html

Constant Summary collapse

SENSITIVE =
[]

Instance Attribute Summary collapse

Instance Attribute Details

#client_idString

This is also known as audience. The ID for the client application that makes authentication requests to the OpenID identity provider.

Returns:

  • (String)

3116
3117
3118
3119
3120
3121
3122
3123
3124
3125
3126
3127
# File 'lib/aws-sdk-eks/types.rb', line 3116

class OidcIdentityProviderConfigRequest < Struct.new(
  :identity_provider_config_name,
  :issuer_url,
  :client_id,
  :username_claim,
  :username_prefix,
  :groups_claim,
  :groups_prefix,
  :required_claims)
  SENSITIVE = []
  include Aws::Structure
end

#groups_claimString

The JWT claim that the provider uses to return your groups.

Returns:

  • (String)

3116
3117
3118
3119
3120
3121
3122
3123
3124
3125
3126
3127
# File 'lib/aws-sdk-eks/types.rb', line 3116

class OidcIdentityProviderConfigRequest < Struct.new(
  :identity_provider_config_name,
  :issuer_url,
  :client_id,
  :username_claim,
  :username_prefix,
  :groups_claim,
  :groups_prefix,
  :required_claims)
  SENSITIVE = []
  include Aws::Structure
end

#groups_prefixString

The prefix that is prepended to group claims to prevent clashes with existing names (such as `system:` groups). For example, the value` oidc:` will create group names like `oidc:engineering` and `oidc:infra`.

Returns:

  • (String)

3116
3117
3118
3119
3120
3121
3122
3123
3124
3125
3126
3127
# File 'lib/aws-sdk-eks/types.rb', line 3116

class OidcIdentityProviderConfigRequest < Struct.new(
  :identity_provider_config_name,
  :issuer_url,
  :client_id,
  :username_claim,
  :username_prefix,
  :groups_claim,
  :groups_prefix,
  :required_claims)
  SENSITIVE = []
  include Aws::Structure
end

#identity_provider_config_nameString

The name of the OIDC provider configuration.

Returns:

  • (String)

3116
3117
3118
3119
3120
3121
3122
3123
3124
3125
3126
3127
# File 'lib/aws-sdk-eks/types.rb', line 3116

class OidcIdentityProviderConfigRequest < Struct.new(
  :identity_provider_config_name,
  :issuer_url,
  :client_id,
  :username_claim,
  :username_prefix,
  :groups_claim,
  :groups_prefix,
  :required_claims)
  SENSITIVE = []
  include Aws::Structure
end

#issuer_urlString

The URL of the OpenID identity provider that allows the API server to discover public signing keys for verifying tokens. The URL must begin with `https://` and should correspond to the `iss` claim in the provider's OIDC ID tokens. Per the OIDC standard, path components are allowed but query parameters are not. Typically the URL consists of only a hostname, like `server.example.org` or `example.com`. This URL should point to the level below `.well-known/openid-configuration` and must be publicly accessible over the internet.

Returns:

  • (String)

3116
3117
3118
3119
3120
3121
3122
3123
3124
3125
3126
3127
# File 'lib/aws-sdk-eks/types.rb', line 3116

class OidcIdentityProviderConfigRequest < Struct.new(
  :identity_provider_config_name,
  :issuer_url,
  :client_id,
  :username_claim,
  :username_prefix,
  :groups_claim,
  :groups_prefix,
  :required_claims)
  SENSITIVE = []
  include Aws::Structure
end

#required_claimsHash<String,String>

The key value pairs that describe required claims in the identity token. If set, each claim is verified to be present in the token with a matching value. For the maximum number of claims that you can require, see [Amazon EKS service quotas] in the *Amazon EKS User Guide*.

[1]: docs.aws.amazon.com/eks/latest/userguide/service-quotas.html

Returns:

  • (Hash<String,String>)

3116
3117
3118
3119
3120
3121
3122
3123
3124
3125
3126
3127
# File 'lib/aws-sdk-eks/types.rb', line 3116

class OidcIdentityProviderConfigRequest < Struct.new(
  :identity_provider_config_name,
  :issuer_url,
  :client_id,
  :username_claim,
  :username_prefix,
  :groups_claim,
  :groups_prefix,
  :required_claims)
  SENSITIVE = []
  include Aws::Structure
end

#username_claimString

The JSON Web Token (JWT) claim to use as the username. The default is `sub`, which is expected to be a unique identifier of the end user. You can choose other claims, such as `email` or `name`, depending on the OpenID identity provider. Claims other than `email` are prefixed with the issuer URL to prevent naming clashes with other plug-ins.

Returns:

  • (String)

3116
3117
3118
3119
3120
3121
3122
3123
3124
3125
3126
3127
# File 'lib/aws-sdk-eks/types.rb', line 3116

class OidcIdentityProviderConfigRequest < Struct.new(
  :identity_provider_config_name,
  :issuer_url,
  :client_id,
  :username_claim,
  :username_prefix,
  :groups_claim,
  :groups_prefix,
  :required_claims)
  SENSITIVE = []
  include Aws::Structure
end

#username_prefixString

The prefix that is prepended to username claims to prevent clashes with existing names. If you do not provide this field, and `username` is a value other than `email`, the prefix defaults to `issuerurl#`. You can use the value `-` to disable all prefixing.

Returns:

  • (String)

3116
3117
3118
3119
3120
3121
3122
3123
3124
3125
3126
3127
# File 'lib/aws-sdk-eks/types.rb', line 3116

class OidcIdentityProviderConfigRequest < Struct.new(
  :identity_provider_config_name,
  :issuer_url,
  :client_id,
  :username_claim,
  :username_prefix,
  :groups_claim,
  :groups_prefix,
  :required_claims)
  SENSITIVE = []
  include Aws::Structure
end