Class: Aws::EKS::Types::OidcIdentityProviderConfigRequest

Inherits:
Struct
  • Object
show all
Includes:
Structure
Defined in:
lib/aws-sdk-eks/types.rb

Overview

An object representing an OpenID Connect (OIDC) configuration. Before associating an OIDC identity provider to your cluster, review the considerations in [Authenticating users for your cluster from an OIDC identity provider] in the *Amazon EKS User Guide*.

[1]: docs.aws.amazon.com/eks/latest/userguide/authenticate-oidc-identity-provider.html

See Also:

Constant Summary collapse

SENSITIVE = 
[]

Instance Attribute Summary collapse

Instance Attribute Details

#client_idString

This is also known as audience. The ID for the client application that makes authentication requests to the OIDC identity provider.

Returns:

  • (String) 


5058
5059
5060
5061
5062
5063
5064
5065
5066
5067
5068
5069
 
# File 'lib/aws-sdk-eks/types.rb', line 5058

class OidcIdentityProviderConfigRequest < Struct.new(
  :identity_provider_config_name,
  :issuer_url,
  :client_id,
  :username_claim,
  :username_prefix,
  :groups_claim,
  :groups_prefix,
  :required_claims)
  SENSITIVE = []
  include Aws::Structure
end

#groups_claimString

The JWT claim that the provider uses to return your groups.

Returns:

  • (String) 


5058
5059
5060
5061
5062
5063
5064
5065
5066
5067
5068
5069
 
# File 'lib/aws-sdk-eks/types.rb', line 5058

class OidcIdentityProviderConfigRequest < Struct.new(
  :identity_provider_config_name,
  :issuer_url,
  :client_id,
  :username_claim,
  :username_prefix,
  :groups_claim,
  :groups_prefix,
  :required_claims)
  SENSITIVE = []
  include Aws::Structure
end

#groups_prefixString

The prefix that is prepended to group claims to prevent clashes with existing names (such as ‘system:` groups). For example, the value` oidc:` will create group names like `oidc:engineering` and `oidc:infra`.

Returns:

  • (String) 


5058
5059
5060
5061
5062
5063
5064
5065
5066
5067
5068
5069
 
# File 'lib/aws-sdk-eks/types.rb', line 5058

class OidcIdentityProviderConfigRequest < Struct.new(
  :identity_provider_config_name,
  :issuer_url,
  :client_id,
  :username_claim,
  :username_prefix,
  :groups_claim,
  :groups_prefix,
  :required_claims)
  SENSITIVE = []
  include Aws::Structure
end

#identity_provider_config_nameString

The name of the OIDC provider configuration.

Returns:

  • (String) 


5058
5059
5060
5061
5062
5063
5064
5065
5066
5067
5068
5069
 
# File 'lib/aws-sdk-eks/types.rb', line 5058

class OidcIdentityProviderConfigRequest < Struct.new(
  :identity_provider_config_name,
  :issuer_url,
  :client_id,
  :username_claim,
  :username_prefix,
  :groups_claim,
  :groups_prefix,
  :required_claims)
  SENSITIVE = []
  include Aws::Structure
end

#issuer_urlString

The URL of the OIDC identity provider that allows the API server to discover public signing keys for verifying tokens. The URL must begin with ‘https://` and should correspond to the `iss` claim in the provider’s OIDC ID tokens. Based on the OIDC standard, path components are allowed but query parameters are not. Typically the URL consists of only a hostname, like ‘server.example.org` or `example.com`. This URL should point to the level below `.well-known/openid-configuration` and must be publicly accessible over the internet.

Returns:

  • (String) 


5058
5059
5060
5061
5062
5063
5064
5065
5066
5067
5068
5069
 
# File 'lib/aws-sdk-eks/types.rb', line 5058

class OidcIdentityProviderConfigRequest < Struct.new(
  :identity_provider_config_name,
  :issuer_url,
  :client_id,
  :username_claim,
  :username_prefix,
  :groups_claim,
  :groups_prefix,
  :required_claims)
  SENSITIVE = []
  include Aws::Structure
end

#required_claimsHash<String,String>

The key value pairs that describe required claims in the identity token. If set, each claim is verified to be present in the token with a matching value. For the maximum number of claims that you can require, see [Amazon EKS service quotas] in the *Amazon EKS User Guide*.

[1]: docs.aws.amazon.com/eks/latest/userguide/service-quotas.html

Returns:

  • (Hash<String,String>) 


5058
5059
5060
5061
5062
5063
5064
5065
5066
5067
5068
5069
 
# File 'lib/aws-sdk-eks/types.rb', line 5058

class OidcIdentityProviderConfigRequest < Struct.new(
  :identity_provider_config_name,
  :issuer_url,
  :client_id,
  :username_claim,
  :username_prefix,
  :groups_claim,
  :groups_prefix,
  :required_claims)
  SENSITIVE = []
  include Aws::Structure
end

#username_claimString

The JSON Web Token (JWT) claim to use as the username. The default is ‘sub`, which is expected to be a unique identifier of the end user. You can choose other claims, such as `email` or `name`, depending on the OIDC identity provider. Claims other than `email` are prefixed with the issuer URL to prevent naming clashes with other plug-ins.

Returns:

  • (String) 


5058
5059
5060
5061
5062
5063
5064
5065
5066
5067
5068
5069
 
# File 'lib/aws-sdk-eks/types.rb', line 5058

class OidcIdentityProviderConfigRequest < Struct.new(
  :identity_provider_config_name,
  :issuer_url,
  :client_id,
  :username_claim,
  :username_prefix,
  :groups_claim,
  :groups_prefix,
  :required_claims)
  SENSITIVE = []
  include Aws::Structure
end

#username_prefixString

The prefix that is prepended to username claims to prevent clashes with existing names. If you do not provide this field, and ‘username` is a value other than `email`, the prefix defaults to `issuerurl#`. You can use the value `-` to disable all prefixing.

Returns:

  • (String) 


5058
5059
5060
5061
5062
5063
5064
5065
5066
5067
5068
5069
 
# File 'lib/aws-sdk-eks/types.rb', line 5058

class OidcIdentityProviderConfigRequest < Struct.new(
  :identity_provider_config_name,
  :issuer_url,
  :client_id,
  :username_claim,
  :username_prefix,
  :groups_claim,
  :groups_prefix,
  :required_claims)
  SENSITIVE = []
  include Aws::Structure
end