ALIYUN::RAM::OIDCProvider_资源编排(ROS)-阿里云帮助中心

ALIYUN::RAM::OIDCProvider类型用于创建OIDC身份提供商。

语法

{
  "Type": "ALIYUN::RAM::OIDCProvider",
  "Properties": {
    "Fingerprints": List,
    "IssuerUrl": String,
    "OIDCProviderName": String,
    "ClientIds": List,
    "Description": String,
    "IssuanceLimitTime": Integer
  }
}

属性

属性名称	类型	必须	允许更新	描述	约束
Fingerprints	List	是	否	HTTPS CA 证书的验证指纹列表。	由外部 IdP 提供，最多支持输入5组配置。
IssuerUrl	String	是	否	颁发者 URL。	无
OIDCProviderName	String	是	否	OIDC 身份提供商的名称。	无
ClientIds	List	否	是	客户端 ID。	无
Description	String	否	是	OIDC 身份提供商的描述。	无
IssuanceLimitTime	Integer	否	是	允许外部 IdP 颁发 ID Token 的最早签发时间。	ID Token 中的 iat 字段如果距离当前时间大于这个值则请求会被拒绝。单位：小时。取值范围：1~168。

返回值

Fn::GetAtt

OIDCProviderName：OIDC 身份提供商的名称。

示例

YAML

ROSTemplateFormatVersion: '2015-09-01'
Parameters:
  OIDCProviderName:
    Type: String
    Description:
      en: |-
        The name of the OIDC IdP.
        The name can contain letters, digits, and special characters and cannot start or end with the special characters. The special characters are periods, (.), hyphens (-), and underscores (_).``
        The name can be up to 128 characters in length.
    AllowedPattern: ^[a-zA-Z0-9][a-zA-Z0-9._-]{0,126}[a-zA-Z0-9]$
    Required: true
    MaxLength: 128
  Fingerprints:
    AssociationPropertyMetadata:
      Parameter:
        Type: String
        Description:
          en: |-
            The fingerprint of the HTTPS certificate, which is provided by the external IdP Okta. If you want to specify multiple fingerprints, separate the fingerprints with commas (,).
            The fingerprint can contain letters and digits.
            The fingerprint can be up to 40 characters in length.
        Required: false
        AllowedPattern: ^[a-zA-Z0-9]{0,40}$
        MaxLength: 40
    AssociationProperty: List[Parameter]
    Type: Json
    Description:
      en: The list of the fingerprints, max length is 5
    Required: true
    MinLength: 1
    MaxLength: 5
  IssuerUrl:
    Type: String
    Description:
      en: |-
        The URL of the issuer, which is provided by the external IdP. The URL of the issuer must be unique within an Alibaba Cloud account.
        The URL of the issuer must start with https and be in the valid URL format. The URL cannot contain query parameters that follow a question mark (?) or logon information that is identified by at signs (@). The URL cannot be a fragment URL that contains number signs (#).
        The URL can be up to 255 characters in length.
    Required: true
    MaxLength: 255
Resources:
  OIDCProvider:
    Type: ALIYUN::RAM::OIDCProvider
    Properties:
      OIDCProviderName:
        Ref: OIDCProviderName
      Fingerprints:
        Ref: Fingerprints
      IssuerUrl:
        Ref: IssuerUrl
Outputs:
  OIDCProviderName:
    Description: |-
      The name of the OIDC IdP.
      The name can contain letters, digits, and special characters and cannot start or end with the special characters. The special characters are periods, (.), hyphens (-), and underscores (_).``
      The name can be up to 128 characters in length.
    Value:
      Fn::GetAtt:
        - OIDCProvider
        - OIDCProviderName

JSON

{
  "ROSTemplateFormatVersion": "2015-09-01",
  "Parameters": {
    "OIDCProviderName": {
      "Type": "String",
      "Description": {
        "en": "The name of the OIDC IdP.\nThe name can contain letters, digits, and special characters and cannot start or end with the special characters. The special characters are periods, (.), hyphens (-), and underscores (_).``\nThe name can be up to 128 characters in length."
      },
      "AllowedPattern": "^[a-zA-Z0-9][a-zA-Z0-9._-]{0,126}[a-zA-Z0-9]$",
      "Required": true,
      "MaxLength": 128
    },
    "Fingerprints": {
      "AssociationPropertyMetadata": {
        "Parameter": {
          "Type": "String",
          "Description": {
            "en": "The fingerprint of the HTTPS certificate, which is provided by the external IdP Okta. If you want to specify multiple fingerprints, separate the fingerprints with commas (,).\nThe fingerprint can contain letters and digits.\nThe fingerprint can be up to 40 characters in length."
          },
          "Required": false,
          "AllowedPattern": "^[a-zA-Z0-9]{0,40}$",
          "MaxLength": 40
        }
      },
      "AssociationProperty": "List[Parameter]",
      "Type": "Json",
      "Description": {
        "en": "The list of the fingerprints, max length is 5"
      },
      "Required": true,
      "MinLength": 1,
      "MaxLength": 5
    },
    "IssuerUrl": {
      "Type": "String",
      "Description": {
        "en": "The URL of the issuer, which is provided by the external IdP. The URL of the issuer must be unique within an Alibaba Cloud account.\nThe URL of the issuer must start with https and be in the valid URL format. The URL cannot contain query parameters that follow a question mark (?) or logon information that is identified by at signs (@). The URL cannot be a fragment URL that contains number signs (#).\nThe URL can be up to 255 characters in length."
      },
      "Required": true,
      "MaxLength": 255
    }
  },
  "Resources": {
    "OIDCProvider": {
      "Type": "ALIYUN::RAM::OIDCProvider",
      "Properties": {
        "OIDCProviderName": {
          "Ref": "OIDCProviderName"
        },
        "Fingerprints": {
          "Ref": "Fingerprints"
        },
        "IssuerUrl": {
          "Ref": "IssuerUrl"
        }
      }
    }
  },
  "Outputs": {
    "OIDCProviderName": {
      "Description": "The name of the OIDC IdP.\nThe name can contain letters, digits, and special characters and cannot start or end with the special characters. The special characters are periods, (.), hyphens (-), and underscores (_).``\nThe name can be up to 128 characters in length.",
      "Value": {
        "Fn::GetAtt": [
          "OIDCProvider",
          "OIDCProviderName"
        ]
      }
    }
  }
}