Resource Type: sensu_oidc_auth

Defined in:

lib/puppet/type/sensu_oidc_auth.rb

Providers:

sensuctl
sensu_api

Summary

Manages Sensu OIDC auth.

Overview

Autorequires:

• Package[sensu-go-cli]
• Service[sensu-backend]
• Sensuctl_configure[puppet]
• Sensu_api_validator[sensu]
• Sensu_user[admin]

Examples:

Add an Active Directory auth

sensu_oidc_auth { 'oidc':
  ensure            => 'present',
  additional_scopes => ['email','groups'],
  client_id         => '0oa13ry4ypeDDBpxF357',
  client_secret     => 'DlArQRfND4BKBUyO0mE-TL2PWOVwyGjIO1fdk9gX',
  groups_claim      => 'groups',
  groups_prefix     => 'oidc:',
  redirect_uri      => 'https://sensu-backend.example.com:8080/api/enterprise/authentication/v2/oidc/callback',
  server            => 'https://idp.example.com',
  username_claim    => 'email',
  username_prefix   => 'oidc:'
}

Properties

• additional_scopes

  Scopes to include in the claims

• client_id

  The OIDC provider application "Client ID"

• client_secret

  The OIDC provider application "Client Secret"

• disable_offline_access (defaults to: false)

  Sets if OIDC provider can include the offline_access scope

  Supported values:

  • true
  • false
• ensure (defaults to: present)

  The basic property that the resource should be in.

  Supported values:

  • present
  • absent
• groups_claim

  The claim to use to form the associated RBAC groups.

• groups_prefix

  A prefix to use to form the final RBAC groups if required.

• redirect_uri

  Redirect URL to provide to the OIDC provider.

• server

  The location of the OIDC server you wish to authenticate against.

• username_claim

  The claim to use to form the final RBAC user name.

• username_prefix

  A prefix to use to form the final RBAC user name.

Parameters

• name (namevar)

  The name of the AD auth.

• provider

  The specific backend to use for this sensu_oidc_auth resource. You will seldom need to specify this --- Puppet will usually discover the appropriate provider for your platform.