Class: OCI::ContainerEngine::Models::OpenIdConnectTokenAuthenticationConfig

Inherits:

Object

• Object
• OCI::ContainerEngine::Models::OpenIdConnectTokenAuthenticationConfig

Defined in:

lib/oci/container_engine/models/open_id_connect_token_authentication_config.rb

Overview

The properties that configure OIDC token authentication in kube-apiserver. For more information, see Configuring the API Server.

Instance Attribute Summary

• #ca_certificate ⇒ String

  A Base64 encoded public RSA or ECDSA certificates used to signed your identity provider's web certificate.

• #client_id ⇒ String

  A client id that all tokens must be issued for.

• #configuration_file ⇒ String

  A Base64 encoded string of a Kubernetes OIDC Auth Config file.

• #groups_claim ⇒ String

  JWT claim to use as the user's group.

• #groups_prefix ⇒ String

  Prefix prepended to group claims to prevent clashes with existing names (such as system:groups).

• #is_open_id_connect_auth_enabled ⇒ BOOLEAN

  [Required] Whether the cluster has OIDC Auth Config enabled.

• #issuer_url ⇒ String

  URL of the provider that allows the API server to discover public signing keys.

• #required_claims ⇒ Array<OCI::ContainerEngine::Models::KeyValue>

  A key=value pair that describes a required claim in the ID Token.

• #signing_algorithms ⇒ Array<String>

  The signing algorithms accepted.

• #username_claim ⇒ String

  JWT claim to use as the user name.

• #username_prefix ⇒ String

  Prefix prepended to username claims to prevent clashes with existing names (such as system:users).

Class Method Summary

• .attribute_map ⇒ Object

  Attribute mapping from ruby-style variable name to JSON key.

• .swagger_types ⇒ Object

  Attribute type mapping.

Instance Method Summary

• #==(other) ⇒ Object

  Checks equality by comparing each attribute.

• #build_from_hash(attributes) ⇒ Object

  Builds the object from hash.

• #eql?(other) ⇒ Boolean
• #hash ⇒ Fixnum

  Calculates hash code according to all attributes.

• #initialize(attributes = {}) ⇒ OpenIdConnectTokenAuthenticationConfig constructor

  Initializes the object.

• #to_hash ⇒ Hash

  Returns the object in the form of hash.

• #to_s ⇒ String

  Returns the string representation of the object.

Constructor Details

#initialize(attributes = {}) ⇒ OpenIdConnectTokenAuthenticationConfig

Initializes the object

Parameters:

• attributes (Hash) (defaults to: {}) —

  Model attributes in the form of hash

Options Hash (attributes):

• :issuer_url (String) —

  The value to assign to the #issuer_url property

• :client_id (String) —

  The value to assign to the #client_id property

• :username_claim (String) —

  The value to assign to the #username_claim property

• :username_prefix (String) —

  The value to assign to the #username_prefix property

• :groups_claim (String) —

  The value to assign to the #groups_claim property

• :groups_prefix (String) —

  The value to assign to the #groups_prefix property

• :required_claims (Array<OCI::ContainerEngine::Models::KeyValue>) —

  The value to assign to the #required_claims property

• :ca_certificate (String) —

  The value to assign to the #ca_certificate property

• :signing_algorithms (Array<String>) —

  The value to assign to the #signing_algorithms property

• :is_open_id_connect_auth_enabled (BOOLEAN) —

  The value to assign to the #is_open_id_connect_auth_enabled property

• :configuration_file (String) —

  The value to assign to the #configuration_file property

# File 'lib/oci/container_engine/models/open_id_connect_token_authentication_config.rb', line 131

def initialize(attributes = {})
  return unless attributes.is_a?(Hash)

  # convert string to symbol for hash key
  attributes = attributes.each_with_object({}) { |(k, v), h| h[k.to_sym] = v }

  self.issuer_url = attributes[:'issuerUrl'] if attributes[:'issuerUrl']

  raise 'You cannot provide both :issuerUrl and :issuer_url' if attributes.key?(:'issuerUrl') && attributes.key?(:'issuer_url')

  self.issuer_url = attributes[:'issuer_url'] if attributes[:'issuer_url']

  self.client_id = attributes[:'clientId'] if attributes[:'clientId']

  raise 'You cannot provide both :clientId and :client_id' if attributes.key?(:'clientId') && attributes.key?(:'client_id')

  self.client_id = attributes[:'client_id'] if attributes[:'client_id']

  self.username_claim = attributes[:'usernameClaim'] if attributes[:'usernameClaim']

  raise 'You cannot provide both :usernameClaim and :username_claim' if attributes.key?(:'usernameClaim') && attributes.key?(:'username_claim')

  self.username_claim = attributes[:'username_claim'] if attributes[:'username_claim']

  self.username_prefix = attributes[:'usernamePrefix'] if attributes[:'usernamePrefix']

  raise 'You cannot provide both :usernamePrefix and :username_prefix' if attributes.key?(:'usernamePrefix') && attributes.key?(:'username_prefix')

  self.username_prefix = attributes[:'username_prefix'] if attributes[:'username_prefix']

  self.groups_claim = attributes[:'groupsClaim'] if attributes[:'groupsClaim']

  raise 'You cannot provide both :groupsClaim and :groups_claim' if attributes.key?(:'groupsClaim') && attributes.key?(:'groups_claim')

  self.groups_claim = attributes[:'groups_claim'] if attributes[:'groups_claim']

  self.groups_prefix = attributes[:'groupsPrefix'] if attributes[:'groupsPrefix']

  raise 'You cannot provide both :groupsPrefix and :groups_prefix' if attributes.key?(:'groupsPrefix') && attributes.key?(:'groups_prefix')

  self.groups_prefix = attributes[:'groups_prefix'] if attributes[:'groups_prefix']

  self.required_claims = attributes[:'requiredClaims'] if attributes[:'requiredClaims']

  raise 'You cannot provide both :requiredClaims and :required_claims' if attributes.key?(:'requiredClaims') && attributes.key?(:'required_claims')

  self.required_claims = attributes[:'required_claims'] if attributes[:'required_claims']

  self.ca_certificate = attributes[:'caCertificate'] if attributes[:'caCertificate']

  raise 'You cannot provide both :caCertificate and :ca_certificate' if attributes.key?(:'caCertificate') && attributes.key?(:'ca_certificate')

  self.ca_certificate = attributes[:'ca_certificate'] if attributes[:'ca_certificate']

  self.signing_algorithms = attributes[:'signingAlgorithms'] if attributes[:'signingAlgorithms']

  raise 'You cannot provide both :signingAlgorithms and :signing_algorithms' if attributes.key?(:'signingAlgorithms') && attributes.key?(:'signing_algorithms')

  self.signing_algorithms = attributes[:'signing_algorithms'] if attributes[:'signing_algorithms']

  self.is_open_id_connect_auth_enabled = attributes[:'isOpenIdConnectAuthEnabled'] unless attributes[:'isOpenIdConnectAuthEnabled'].nil?
  self.is_open_id_connect_auth_enabled = false if is_open_id_connect_auth_enabled.nil? && !attributes.key?(:'isOpenIdConnectAuthEnabled') # rubocop:disable Style/StringLiterals

  raise 'You cannot provide both :isOpenIdConnectAuthEnabled and :is_open_id_connect_auth_enabled' if attributes.key?(:'isOpenIdConnectAuthEnabled') && attributes.key?(:'is_open_id_connect_auth_enabled')

  self.is_open_id_connect_auth_enabled = attributes[:'is_open_id_connect_auth_enabled'] unless attributes[:'is_open_id_connect_auth_enabled'].nil?
  self.is_open_id_connect_auth_enabled = false if is_open_id_connect_auth_enabled.nil? && !attributes.key?(:'isOpenIdConnectAuthEnabled') && !attributes.key?(:'is_open_id_connect_auth_enabled') # rubocop:disable Style/StringLiterals

  self.configuration_file = attributes[:'configurationFile'] if attributes[:'configurationFile']

  raise 'You cannot provide both :configurationFile and :configuration_file' if attributes.key?(:'configurationFile') && attributes.key?(:'configuration_file')

  self.configuration_file = attributes[:'configuration_file'] if attributes[:'configuration_file']
end

Instance Attribute Details

#ca_certificate ⇒ String

A Base64 encoded public RSA or ECDSA certificates used to signed your identity provider's web certificate.

Returns:

• (String)

# File 'lib/oci/container_engine/models/open_id_connect_token_authentication_config.rb', line 59

def ca_certificate
  @ca_certificate
end

#client_id ⇒ String

A client id that all tokens must be issued for.

Returns:

• (String)

# File 'lib/oci/container_engine/models/open_id_connect_token_authentication_config.rb', line 23

def client_id
  @client_id
end

#configuration_file ⇒ String

A Base64 encoded string of a Kubernetes OIDC Auth Config file. More info here

Returns:

• (String)

# File 'lib/oci/container_engine/models/open_id_connect_token_authentication_config.rb', line 74

def configuration_file
  @configuration_file
end

#groups_claim ⇒ String

JWT claim to use as the user's group. If the claim is present it must be an array of strings.

Returns:

• (String)

# File 'lib/oci/container_engine/models/open_id_connect_token_authentication_config.rb', line 43

def groups_claim
  @groups_claim
end

#groups_prefix ⇒ String

Prefix prepended to group claims to prevent clashes with existing names (such as system:groups).

Returns:

• (String)

# File 'lib/oci/container_engine/models/open_id_connect_token_authentication_config.rb', line 48

def groups_prefix
  @groups_prefix
end

#is_open_id_connect_auth_enabled ⇒ BOOLEAN

[Required] Whether the cluster has OIDC Auth Config enabled. Defaults to false.

Returns:

• (BOOLEAN)

# File 'lib/oci/container_engine/models/open_id_connect_token_authentication_config.rb', line 69

def is_open_id_connect_auth_enabled
  @is_open_id_connect_auth_enabled
end

#issuer_url ⇒ String

URL of the provider that allows the API server to discover public signing keys. Only URLs that use the https:// scheme are accepted. This is typically the provider's discovery URL, changed to have an empty path.

Returns:

• (String)

# File 'lib/oci/container_engine/models/open_id_connect_token_authentication_config.rb', line 18

def issuer_url
  @issuer_url
end

#required_claims ⇒ Array<OCI::ContainerEngine::Models::KeyValue>

A key=value pair that describes a required claim in the ID Token. If set, the claim is verified to be present in the ID Token with a matching value. Repeat this flag to specify multiple claims.

Returns:

• (Array<OCI::ContainerEngine::Models::KeyValue>)

# File 'lib/oci/container_engine/models/open_id_connect_token_authentication_config.rb', line 54

def required_claims
  @required_claims
end

#signing_algorithms ⇒ Array<String>

The signing algorithms accepted. Default is ["RS256"].

Returns:

• (Array<String>)

# File 'lib/oci/container_engine/models/open_id_connect_token_authentication_config.rb', line 64

def signing_algorithms
  @signing_algorithms
end

#username_claim ⇒ String

JWT claim to use as the user name. By default sub, which is expected to be a unique identifier of the end user. Admins can choose other claims, such as email or name, depending on their provider. However, claims other than email will be prefixed with the issuer URL to prevent naming clashes with other plugins.

Returns:

• (String)

# File 'lib/oci/container_engine/models/open_id_connect_token_authentication_config.rb', line 30

def username_claim
  @username_claim
end

#username_prefix ⇒ String

Prefix prepended to username claims to prevent clashes with existing names (such as system:users). For example, the value oidc: will create usernames like oidc:jane.doe. If this flag isn't provided and –oidc-username-claim is a value other than email the prefix defaults to ( Issuer URL )# where ( Issuer URL ) is the value of –oidc-issuer-url. The value - can be used to disable all prefixing.

Returns:

• (String)

# File 'lib/oci/container_engine/models/open_id_connect_token_authentication_config.rb', line 38

def username_prefix
  @username_prefix
end

Class Method Details

.attribute_map ⇒ Object

Attribute mapping from ruby-style variable name to JSON key.

# File 'lib/oci/container_engine/models/open_id_connect_token_authentication_config.rb', line 77

def self.attribute_map
  {
    # rubocop:disable Style/SymbolLiteral
    'issuer_url': :'issuerUrl',
    'client_id': :'clientId',
    'username_claim': :'usernameClaim',
    'username_prefix': :'usernamePrefix',
    'groups_claim': :'groupsClaim',
    'groups_prefix': :'groupsPrefix',
    'required_claims': :'requiredClaims',
    'ca_certificate': :'caCertificate',
    'signing_algorithms': :'signingAlgorithms',
    'is_open_id_connect_auth_enabled': :'isOpenIdConnectAuthEnabled',
    'configuration_file': :'configurationFile'
    # rubocop:enable Style/SymbolLiteral
  }
end

.swagger_types ⇒ Object

Attribute type mapping.

# File 'lib/oci/container_engine/models/open_id_connect_token_authentication_config.rb', line 96

def self.swagger_types
  {
    # rubocop:disable Style/SymbolLiteral
    'issuer_url': :'String',
    'client_id': :'String',
    'username_claim': :'String',
    'username_prefix': :'String',
    'groups_claim': :'String',
    'groups_prefix': :'String',
    'required_claims': :'Array<OCI::ContainerEngine::Models::KeyValue>',
    'ca_certificate': :'String',
    'signing_algorithms': :'Array<String>',
    'is_open_id_connect_auth_enabled': :'BOOLEAN',
    'configuration_file': :'String'
    # rubocop:enable Style/SymbolLiteral
  }
end

Instance Method Details

#==(other) ⇒ Object

Checks equality by comparing each attribute.

Parameters:

• other (Object) —

  the other object to be compared

# File 'lib/oci/container_engine/models/open_id_connect_token_authentication_config.rb', line 213

def ==(other)
  return true if equal?(other)

  self.class == other.class &&
    issuer_url == other.issuer_url &&
    client_id == other.client_id &&
    username_claim == other.username_claim &&
    username_prefix == other.username_prefix &&
    groups_claim == other.groups_claim &&
    groups_prefix == other.groups_prefix &&
    required_claims == other.required_claims &&
    ca_certificate == other.ca_certificate &&
    signing_algorithms == other.signing_algorithms &&
    is_open_id_connect_auth_enabled == other.is_open_id_connect_auth_enabled &&
    configuration_file == other.configuration_file
end

#build_from_hash(attributes) ⇒ Object

Builds the object from hash

Parameters:

• attributes (Hash) —

  Model attributes in the form of hash

Returns:

• (Object) —

  Returns the model itself

# File 'lib/oci/container_engine/models/open_id_connect_token_authentication_config.rb', line 253

def build_from_hash(attributes)
  return nil unless attributes.is_a?(Hash)

  self.class.swagger_types.each_pair do |key, type|
    if type =~ /^Array<(.*)>/i
      # check to ensure the input is an array given that the the attribute
      # is documented as an array but the input is not
      if attributes[self.class.attribute_map[key]].is_a?(Array)
        public_method("#{key}=").call(
          attributes[self.class.attribute_map[key]]
            .map { |v| OCI::Internal::Util.convert_to_type(Regexp.last_match(1), v) }
        )
      end
    elsif !attributes[self.class.attribute_map[key]].nil?
      public_method("#{key}=").call(
        OCI::Internal::Util.convert_to_type(type, attributes[self.class.attribute_map[key]])
      )
    end
    # or else data not found in attributes(hash), not an issue as the data can be optional
  end

  self
end

#eql?(other) ⇒ Boolean

Parameters:

• other (Object) —

  the other object to be compared

Returns:

• (Boolean)

See Also:

• `==` method

# File 'lib/oci/container_engine/models/open_id_connect_token_authentication_config.rb', line 233

def eql?(other)
  self == other
end

#hash ⇒ Fixnum

Calculates hash code according to all attributes.

Returns:

• (Fixnum) —

  Hash code

# File 'lib/oci/container_engine/models/open_id_connect_token_authentication_config.rb', line 242

def hash
  [issuer_url, client_id, username_claim, username_prefix, groups_claim, groups_prefix, required_claims, ca_certificate, signing_algorithms, is_open_id_connect_auth_enabled, configuration_file].hash
end

#to_hash ⇒ Hash

Returns the object in the form of hash

Returns:

• (Hash) —

  Returns the object in the form of hash

# File 'lib/oci/container_engine/models/open_id_connect_token_authentication_config.rb', line 286

def to_hash
  hash = {}
  self.class.attribute_map.each_pair do |attr, param|
    value = public_method(attr).call
    next if value.nil? && !instance_variable_defined?("@#{attr}")

    hash[param] = _to_hash(value)
  end
  hash
end

#to_s ⇒ String

Returns the string representation of the object

Returns:

• (String) —

  String presentation of the object

# File 'lib/oci/container_engine/models/open_id_connect_token_authentication_config.rb', line 280

def to_s
  to_hash.to_s
end