/*
* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License").
* You may not use this file except in compliance with the License.
* A copy of the License is located at
*
* http://aws.amazon.com/apache2.0
*
* or in the "license" file accompanying this file. This file is distributed
* on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
* express or implied. See the License for the specific language governing
* permissions and limitations under the License.
*/
/*
* Do not modify this file. This file is generated from the eks-2017-11-01.normal.json service model.
*/
using System;
using System.Collections.Generic;
using System.Xml.Serialization;
using System.Text;
using System.IO;
using System.Net;
using Amazon.Runtime;
using Amazon.Runtime.Internal;
namespace Amazon.EKS.Model
{
///
/// An object representing an OpenID Connect (OIDC) configuration. Before associating
/// an OIDC identity provider to your cluster, review the considerations in Authenticating
/// users for your cluster from an OpenID Connect identity provider in the Amazon
/// EKS User Guide.
///
public partial class OidcIdentityProviderConfigRequest
{
private string _clientId;
private string _groupsClaim;
private string _groupsPrefix;
private string _identityProviderConfigName;
private string _issuerUrl;
private Dictionary _requiredClaims = new Dictionary();
private string _usernameClaim;
private string _usernamePrefix;
///
/// Gets and sets the property ClientId.
///
/// This is also known as audience. The ID for the client application that makes
/// authentication requests to the OpenID identity provider.
///
///
[AWSProperty(Required=true)]
public string ClientId
{
get { return this._clientId; }
set { this._clientId = value; }
}
// Check to see if ClientId property is set
internal bool IsSetClientId()
{
return this._clientId != null;
}
///
/// Gets and sets the property GroupsClaim.
///
/// The JWT claim that the provider uses to return your groups.
///
///
public string GroupsClaim
{
get { return this._groupsClaim; }
set { this._groupsClaim = value; }
}
// Check to see if GroupsClaim property is set
internal bool IsSetGroupsClaim()
{
return this._groupsClaim != null;
}
///
/// Gets and sets the property GroupsPrefix.
///
/// The prefix that is prepended to group claims to prevent clashes with existing names
/// (such as system: groups). For example, the value oidc: will
/// create group names like oidc:engineering and oidc:infra.
///
///
public string GroupsPrefix
{
get { return this._groupsPrefix; }
set { this._groupsPrefix = value; }
}
// Check to see if GroupsPrefix property is set
internal bool IsSetGroupsPrefix()
{
return this._groupsPrefix != null;
}
///
/// Gets and sets the property IdentityProviderConfigName.
///
/// The name of the OIDC provider configuration.
///
///
[AWSProperty(Required=true)]
public string IdentityProviderConfigName
{
get { return this._identityProviderConfigName; }
set { this._identityProviderConfigName = value; }
}
// Check to see if IdentityProviderConfigName property is set
internal bool IsSetIdentityProviderConfigName()
{
return this._identityProviderConfigName != null;
}
///
/// Gets and sets the property IssuerUrl.
///
/// The URL of the OpenID identity provider that allows the API server to discover public
/// signing keys for verifying tokens. The URL must begin with https:// and
/// should correspond to the iss claim in the provider's OIDC ID tokens.
/// Per the OIDC standard, path components are allowed but query parameters are not. Typically
/// the URL consists of only a hostname, like https://server.example.org
/// or https://example.com. This URL should point to the level below .well-known/openid-configuration
/// and must be publicly accessible over the internet.
///
///
[AWSProperty(Required=true)]
public string IssuerUrl
{
get { return this._issuerUrl; }
set { this._issuerUrl = value; }
}
// Check to see if IssuerUrl property is set
internal bool IsSetIssuerUrl()
{
return this._issuerUrl != null;
}
///
/// Gets and sets the property RequiredClaims.
///
/// The key value pairs that describe required claims in the identity token. If set, each
/// claim is verified to be present in the token with a matching value. For the maximum
/// number of claims that you can require, see Amazon
/// EKS service quotas in the Amazon EKS User Guide.
///
///
public Dictionary RequiredClaims
{
get { return this._requiredClaims; }
set { this._requiredClaims = value; }
}
// Check to see if RequiredClaims property is set
internal bool IsSetRequiredClaims()
{
return this._requiredClaims != null && this._requiredClaims.Count > 0;
}
///
/// Gets and sets the property UsernameClaim.
///
/// The JSON Web Token (JWT) claim to use as the username. The default is sub,
/// which is expected to be a unique identifier of the end user. You can choose other
/// claims, such as email or name, depending on the OpenID identity
/// provider. Claims other than email are prefixed with the issuer URL to
/// prevent naming clashes with other plug-ins.
///
///
public string UsernameClaim
{
get { return this._usernameClaim; }
set { this._usernameClaim = value; }
}
// Check to see if UsernameClaim property is set
internal bool IsSetUsernameClaim()
{
return this._usernameClaim != null;
}
///
/// Gets and sets the property UsernamePrefix.
///
/// The prefix that is prepended to username claims to prevent clashes with existing names.
/// If you do not provide this field, and username is a value other than
/// email, the prefix defaults to issuerurl#. You can use the
/// value - to disable all prefixing.
///
///
public string UsernamePrefix
{
get { return this._usernamePrefix; }
set { this._usernamePrefix = value; }
}
// Check to see if UsernamePrefix property is set
internal bool IsSetUsernamePrefix()
{
return this._usernamePrefix != null;
}
}
}