oss.v1alpha1.ssoSettings
"SsoSettings is the Schema for the SsoSettingss API. Manages Grafana SSO Settings for OAuth2, SAML and LDAP. Support for LDAP is currently in preview, it will be available in Grafana starting with v11.3. Official documentation https://grafana.com/docs/grafana/latest/setup-grafana/configure-security/configure-authentication/HTTP API https://grafana.com/docs/grafana/latest/developers/http_api/sso-settings/"
Index
fn new(name)obj metadatafn withAnnotations(annotations)fn withAnnotationsMixin(annotations)fn withClusterName(clusterName)fn withCreationTimestamp(creationTimestamp)fn withDeletionGracePeriodSeconds(deletionGracePeriodSeconds)fn withDeletionTimestamp(deletionTimestamp)fn withFinalizers(finalizers)fn withFinalizersMixin(finalizers)fn withGenerateName(generateName)fn withGeneration(generation)fn withLabels(labels)fn withLabelsMixin(labels)fn withName(name)fn withNamespace(namespace)fn withOwnerReferences(ownerReferences)fn withOwnerReferencesMixin(ownerReferences)fn withResourceVersion(resourceVersion)fn withSelfLink(selfLink)fn withUid(uid)
obj specfn withManagementPolicies(managementPolicies)fn withManagementPoliciesMixin(managementPolicies)obj spec.forProviderfn withLdapSettings(ldapSettings)fn withLdapSettingsMixin(ldapSettings)fn withOauth2Settings(oauth2Settings)fn withOauth2SettingsMixin(oauth2Settings)fn withProviderName(providerName)fn withSamlSettings(samlSettings)fn withSamlSettingsMixin(samlSettings)obj spec.forProvider.ldapSettingsfn withAllowSignUp(allowSignUp)fn withConfig(config)fn withConfigMixin(config)fn withEnabled(enabled)fn withSkipOrgRoleSync(skipOrgRoleSync)obj spec.forProvider.ldapSettings.configfn withServers(servers)fn withServersMixin(servers)obj spec.forProvider.ldapSettings.config.serversfn withAttributes(attributes)fn withAttributesMixin(attributes)fn withBindDn(bindDn)fn withClientCert(clientCert)fn withClientCertValue(clientCertValue)fn withGroupMappings(groupMappings)fn withGroupMappingsMixin(groupMappings)fn withGroupSearchBaseDns(groupSearchBaseDns)fn withGroupSearchBaseDnsMixin(groupSearchBaseDns)fn withGroupSearchFilter(groupSearchFilter)fn withGroupSearchFilterUserAttribute(groupSearchFilterUserAttribute)fn withHost(host)fn withMinTlsVersion(minTlsVersion)fn withPort(port)fn withRootCaCert(rootCaCert)fn withRootCaCertValue(rootCaCertValue)fn withRootCaCertValueMixin(rootCaCertValue)fn withSearchBaseDns(searchBaseDns)fn withSearchBaseDnsMixin(searchBaseDns)fn withSearchFilter(searchFilter)fn withSslSkipVerify(sslSkipVerify)fn withStartTls(startTls)fn withTimeout(timeout)fn withTlsCiphers(tlsCiphers)fn withTlsCiphersMixin(tlsCiphers)fn withUseSsl(useSsl)obj spec.forProvider.ldapSettings.config.servers.bindPasswordSecretRefobj spec.forProvider.ldapSettings.config.servers.clientKeySecretRefobj spec.forProvider.ldapSettings.config.servers.clientKeyValueSecretRefobj spec.forProvider.ldapSettings.config.servers.groupMappings
obj spec.forProvider.oauth2Settingsfn withAllowAssignGrafanaAdmin(allowAssignGrafanaAdmin)fn withAllowSignUp(allowSignUp)fn withAllowedDomains(allowedDomains)fn withAllowedGroups(allowedGroups)fn withAllowedOrganizations(allowedOrganizations)fn withApiUrl(apiUrl)fn withAuthStyle(authStyle)fn withAuthUrl(authUrl)fn withAutoLogin(autoLogin)fn withClientId(clientId)fn withCustom(custom)fn withCustomMixin(custom)fn withDefineAllowedGroups(defineAllowedGroups)fn withDefineAllowedTeamsIds(defineAllowedTeamsIds)fn withEmailAttributeName(emailAttributeName)fn withEmailAttributePath(emailAttributePath)fn withEmptyScopes(emptyScopes)fn withEnabled(enabled)fn withGroupsAttributePath(groupsAttributePath)fn withIdTokenAttributeName(idTokenAttributeName)fn withLoginAttributePath(loginAttributePath)fn withLoginPrompt(loginPrompt)fn withName(name)fn withNameAttributePath(nameAttributePath)fn withOrgAttributePath(orgAttributePath)fn withOrgMapping(orgMapping)fn withRoleAttributePath(roleAttributePath)fn withRoleAttributeStrict(roleAttributeStrict)fn withScopes(scopes)fn withSignoutRedirectUrl(signoutRedirectUrl)fn withSkipOrgRoleSync(skipOrgRoleSync)fn withTeamIds(teamIds)fn withTeamIdsAttributePath(teamIdsAttributePath)fn withTeamsUrl(teamsUrl)fn withTlsClientCa(tlsClientCa)fn withTlsClientCert(tlsClientCert)fn withTlsClientKey(tlsClientKey)fn withTlsSkipVerifyInsecure(tlsSkipVerifyInsecure)fn withTokenUrl(tokenUrl)fn withUsePkce(usePkce)fn withUseRefreshToken(useRefreshToken)obj spec.forProvider.oauth2Settings.clientSecretSecretRef
obj spec.forProvider.samlSettingsfn withAllowIdpInitiated(allowIdpInitiated)fn withAllowSignUp(allowSignUp)fn withAllowedOrganizations(allowedOrganizations)fn withAssertionAttributeEmail(assertionAttributeEmail)fn withAssertionAttributeExternalUid(assertionAttributeExternalUid)fn withAssertionAttributeGroups(assertionAttributeGroups)fn withAssertionAttributeLogin(assertionAttributeLogin)fn withAssertionAttributeName(assertionAttributeName)fn withAssertionAttributeOrg(assertionAttributeOrg)fn withAssertionAttributeRole(assertionAttributeRole)fn withAutoLogin(autoLogin)fn withCertificatePath(certificatePath)fn withClientId(clientId)fn withClientSecret(clientSecret)fn withEnabled(enabled)fn withEntityId(entityId)fn withForceUseGraphApi(forceUseGraphApi)fn withIdpMetadata(idpMetadata)fn withIdpMetadataPath(idpMetadataPath)fn withIdpMetadataUrl(idpMetadataUrl)fn withMaxIssueDelay(maxIssueDelay)fn withMetadataValidDuration(metadataValidDuration)fn withName(name)fn withNameIdFormat(nameIdFormat)fn withOrgMapping(orgMapping)fn withPrivateKeyPath(privateKeyPath)fn withRelayState(relayState)fn withRoleValuesAdmin(roleValuesAdmin)fn withRoleValuesEditor(roleValuesEditor)fn withRoleValuesGrafanaAdmin(roleValuesGrafanaAdmin)fn withRoleValuesNone(roleValuesNone)fn withRoleValuesViewer(roleValuesViewer)fn withSignatureAlgorithm(signatureAlgorithm)fn withSingleLogout(singleLogout)fn withSkipOrgRoleSync(skipOrgRoleSync)fn withTokenUrl(tokenUrl)obj spec.forProvider.samlSettings.certificateSecretRefobj spec.forProvider.samlSettings.privateKeySecretRef
obj spec.initProviderfn withLdapSettings(ldapSettings)fn withLdapSettingsMixin(ldapSettings)fn withOauth2Settings(oauth2Settings)fn withOauth2SettingsMixin(oauth2Settings)fn withProviderName(providerName)fn withSamlSettings(samlSettings)fn withSamlSettingsMixin(samlSettings)obj spec.initProvider.ldapSettingsfn withAllowSignUp(allowSignUp)fn withConfig(config)fn withConfigMixin(config)fn withEnabled(enabled)fn withSkipOrgRoleSync(skipOrgRoleSync)obj spec.initProvider.ldapSettings.configfn withServers(servers)fn withServersMixin(servers)obj spec.initProvider.ldapSettings.config.serversfn withAttributes(attributes)fn withAttributesMixin(attributes)fn withBindDn(bindDn)fn withClientCert(clientCert)fn withClientCertValue(clientCertValue)fn withGroupMappings(groupMappings)fn withGroupMappingsMixin(groupMappings)fn withGroupSearchBaseDns(groupSearchBaseDns)fn withGroupSearchBaseDnsMixin(groupSearchBaseDns)fn withGroupSearchFilter(groupSearchFilter)fn withGroupSearchFilterUserAttribute(groupSearchFilterUserAttribute)fn withHost(host)fn withMinTlsVersion(minTlsVersion)fn withPort(port)fn withRootCaCert(rootCaCert)fn withRootCaCertValue(rootCaCertValue)fn withRootCaCertValueMixin(rootCaCertValue)fn withSearchBaseDns(searchBaseDns)fn withSearchBaseDnsMixin(searchBaseDns)fn withSearchFilter(searchFilter)fn withSslSkipVerify(sslSkipVerify)fn withStartTls(startTls)fn withTimeout(timeout)fn withTlsCiphers(tlsCiphers)fn withTlsCiphersMixin(tlsCiphers)fn withUseSsl(useSsl)obj spec.initProvider.ldapSettings.config.servers.bindPasswordSecretRefobj spec.initProvider.ldapSettings.config.servers.clientKeySecretRefobj spec.initProvider.ldapSettings.config.servers.clientKeyValueSecretRefobj spec.initProvider.ldapSettings.config.servers.groupMappings
obj spec.initProvider.oauth2Settingsfn withAllowAssignGrafanaAdmin(allowAssignGrafanaAdmin)fn withAllowSignUp(allowSignUp)fn withAllowedDomains(allowedDomains)fn withAllowedGroups(allowedGroups)fn withAllowedOrganizations(allowedOrganizations)fn withApiUrl(apiUrl)fn withAuthStyle(authStyle)fn withAuthUrl(authUrl)fn withAutoLogin(autoLogin)fn withClientId(clientId)fn withCustom(custom)fn withCustomMixin(custom)fn withDefineAllowedGroups(defineAllowedGroups)fn withDefineAllowedTeamsIds(defineAllowedTeamsIds)fn withEmailAttributeName(emailAttributeName)fn withEmailAttributePath(emailAttributePath)fn withEmptyScopes(emptyScopes)fn withEnabled(enabled)fn withGroupsAttributePath(groupsAttributePath)fn withIdTokenAttributeName(idTokenAttributeName)fn withLoginAttributePath(loginAttributePath)fn withLoginPrompt(loginPrompt)fn withName(name)fn withNameAttributePath(nameAttributePath)fn withOrgAttributePath(orgAttributePath)fn withOrgMapping(orgMapping)fn withRoleAttributePath(roleAttributePath)fn withRoleAttributeStrict(roleAttributeStrict)fn withScopes(scopes)fn withSignoutRedirectUrl(signoutRedirectUrl)fn withSkipOrgRoleSync(skipOrgRoleSync)fn withTeamIds(teamIds)fn withTeamIdsAttributePath(teamIdsAttributePath)fn withTeamsUrl(teamsUrl)fn withTlsClientCa(tlsClientCa)fn withTlsClientCert(tlsClientCert)fn withTlsClientKey(tlsClientKey)fn withTlsSkipVerifyInsecure(tlsSkipVerifyInsecure)fn withTokenUrl(tokenUrl)fn withUsePkce(usePkce)fn withUseRefreshToken(useRefreshToken)obj spec.initProvider.oauth2Settings.clientSecretSecretRef
obj spec.initProvider.samlSettingsfn withAllowIdpInitiated(allowIdpInitiated)fn withAllowSignUp(allowSignUp)fn withAllowedOrganizations(allowedOrganizations)fn withAssertionAttributeEmail(assertionAttributeEmail)fn withAssertionAttributeExternalUid(assertionAttributeExternalUid)fn withAssertionAttributeGroups(assertionAttributeGroups)fn withAssertionAttributeLogin(assertionAttributeLogin)fn withAssertionAttributeName(assertionAttributeName)fn withAssertionAttributeOrg(assertionAttributeOrg)fn withAssertionAttributeRole(assertionAttributeRole)fn withAutoLogin(autoLogin)fn withCertificatePath(certificatePath)fn withClientId(clientId)fn withClientSecret(clientSecret)fn withEnabled(enabled)fn withEntityId(entityId)fn withForceUseGraphApi(forceUseGraphApi)fn withIdpMetadata(idpMetadata)fn withIdpMetadataPath(idpMetadataPath)fn withIdpMetadataUrl(idpMetadataUrl)fn withMaxIssueDelay(maxIssueDelay)fn withMetadataValidDuration(metadataValidDuration)fn withName(name)fn withNameIdFormat(nameIdFormat)fn withOrgMapping(orgMapping)fn withPrivateKeyPath(privateKeyPath)fn withRelayState(relayState)fn withRoleValuesAdmin(roleValuesAdmin)fn withRoleValuesEditor(roleValuesEditor)fn withRoleValuesGrafanaAdmin(roleValuesGrafanaAdmin)fn withRoleValuesNone(roleValuesNone)fn withRoleValuesViewer(roleValuesViewer)fn withSignatureAlgorithm(signatureAlgorithm)fn withSingleLogout(singleLogout)fn withSkipOrgRoleSync(skipOrgRoleSync)fn withTokenUrl(tokenUrl)obj spec.initProvider.samlSettings.certificateSecretRefobj spec.initProvider.samlSettings.privateKeySecretRef
obj spec.providerConfigRefobj spec.writeConnectionSecretToRef
Fields
fn new
new(name)
new returns an instance of SsoSettings
obj metadata
"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create."
fn metadata.withAnnotations
withAnnotations(annotations)
"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"
fn metadata.withAnnotationsMixin
withAnnotationsMixin(annotations)
"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"
Note: This function appends passed data to existing values
fn metadata.withClusterName
withClusterName(clusterName)
"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request."
fn metadata.withCreationTimestamp
withCreationTimestamp(creationTimestamp)
"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."
fn metadata.withDeletionGracePeriodSeconds
withDeletionGracePeriodSeconds(deletionGracePeriodSeconds)
"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only."
fn metadata.withDeletionTimestamp
withDeletionTimestamp(deletionTimestamp)
"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."
fn metadata.withFinalizers
withFinalizers(finalizers)
"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."
fn metadata.withFinalizersMixin
withFinalizersMixin(finalizers)
"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."
Note: This function appends passed data to existing values
fn metadata.withGenerateName
withGenerateName(generateName)
"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency"
fn metadata.withGeneration
withGeneration(generation)
"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only."
fn metadata.withLabels
withLabels(labels)
"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"
fn metadata.withLabelsMixin
withLabelsMixin(labels)
"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"
Note: This function appends passed data to existing values
fn metadata.withName
withName(name)
"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names"
fn metadata.withNamespace
withNamespace(namespace)
"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces"
fn metadata.withOwnerReferences
withOwnerReferences(ownerReferences)
"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."
fn metadata.withOwnerReferencesMixin
withOwnerReferencesMixin(ownerReferences)
"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."
Note: This function appends passed data to existing values
fn metadata.withResourceVersion
withResourceVersion(resourceVersion)
"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency"
fn metadata.withSelfLink
withSelfLink(selfLink)
"SelfLink is a URL representing this object. Populated by the system. Read-only.\n\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release."
fn metadata.withUid
withUid(uid)
"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids"
obj spec
"SsoSettingsSpec defines the desired state of SsoSettings"
fn spec.withManagementPolicies
withManagementPolicies(managementPolicies)
"THIS IS A BETA FIELD. It is on by default but can be opted out\nthrough a Crossplane feature flag.\nManagementPolicies specify the array of actions Crossplane is allowed to\ntake on the managed and external resources.\nSee the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223\nand this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md"
fn spec.withManagementPoliciesMixin
withManagementPoliciesMixin(managementPolicies)
"THIS IS A BETA FIELD. It is on by default but can be opted out\nthrough a Crossplane feature flag.\nManagementPolicies specify the array of actions Crossplane is allowed to\ntake on the managed and external resources.\nSee the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223\nand this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md"
Note: This function appends passed data to existing values
obj spec.forProvider
fn spec.forProvider.withLdapSettings
withLdapSettings(ldapSettings)
"(Block Set, Max: 1) The LDAP settings set. Required for the ldap provider. (see below for nested schema)\nThe LDAP settings set. Required for the ldap provider."
fn spec.forProvider.withLdapSettingsMixin
withLdapSettingsMixin(ldapSettings)
"(Block Set, Max: 1) The LDAP settings set. Required for the ldap provider. (see below for nested schema)\nThe LDAP settings set. Required for the ldap provider."
Note: This function appends passed data to existing values
fn spec.forProvider.withOauth2Settings
withOauth2Settings(oauth2Settings)
"(Block Set, Max: 1) The OAuth2 settings set. Required for github, gitlab, google, azuread, okta, generic_oauth providers. (see below for nested schema)\nThe OAuth2 settings set. Required for github, gitlab, google, azuread, okta, generic_oauth providers."
fn spec.forProvider.withOauth2SettingsMixin
withOauth2SettingsMixin(oauth2Settings)
"(Block Set, Max: 1) The OAuth2 settings set. Required for github, gitlab, google, azuread, okta, generic_oauth providers. (see below for nested schema)\nThe OAuth2 settings set. Required for github, gitlab, google, azuread, okta, generic_oauth providers."
Note: This function appends passed data to existing values
fn spec.forProvider.withProviderName
withProviderName(providerName)
"(String) The name of the SSO provider. Supported values: github, gitlab, google, azuread, okta, generic_oauth, saml, ldap.\nThe name of the SSO provider. Supported values: github, gitlab, google, azuread, okta, generic_oauth, saml, ldap."
fn spec.forProvider.withSamlSettings
withSamlSettings(samlSettings)
"(Block Set, Max: 1) The SAML settings set. Required for the saml provider. (see below for nested schema)\nThe SAML settings set. Required for the saml provider."
fn spec.forProvider.withSamlSettingsMixin
withSamlSettingsMixin(samlSettings)
"(Block Set, Max: 1) The SAML settings set. Required for the saml provider. (see below for nested schema)\nThe SAML settings set. Required for the saml provider."
Note: This function appends passed data to existing values
obj spec.forProvider.ldapSettings
"(Block Set, Max: 1) The LDAP settings set. Required for the ldap provider. (see below for nested schema)\nThe LDAP settings set. Required for the ldap provider."
fn spec.forProvider.ldapSettings.withAllowSignUp
withAllowSignUp(allowSignUp)
"(Boolean) Whether to allow new Grafana user creation through LDAP login. If set to false, then only existing Grafana users can log in with LDAP.\nWhether to allow new Grafana user creation through LDAP login. If set to false, then only existing Grafana users can log in with LDAP."
fn spec.forProvider.ldapSettings.withConfig
withConfig(config)
"(Block List, Min: 1, Max: 1) The LDAP configuration. (see below for nested schema)\nThe LDAP configuration."
fn spec.forProvider.ldapSettings.withConfigMixin
withConfigMixin(config)
"(Block List, Min: 1, Max: 1) The LDAP configuration. (see below for nested schema)\nThe LDAP configuration."
Note: This function appends passed data to existing values
fn spec.forProvider.ldapSettings.withEnabled
withEnabled(enabled)
"(Boolean) Define whether this configuration is enabled for LDAP. Defaults to true.\nDefine whether this configuration is enabled for LDAP. Defaults to true."
fn spec.forProvider.ldapSettings.withSkipOrgRoleSync
withSkipOrgRoleSync(skipOrgRoleSync)
"(Boolean) Prevent synchronizing users’ organization roles from LDAP.\nPrevent synchronizing users’ organization roles from LDAP."
obj spec.forProvider.ldapSettings.config
"(Block List, Min: 1, Max: 1) The LDAP configuration. (see below for nested schema)\nThe LDAP configuration."
fn spec.forProvider.ldapSettings.config.withServers
withServers(servers)
"(Block List, Min: 1) The LDAP servers configuration. (see below for nested schema)\nThe LDAP servers configuration."
fn spec.forProvider.ldapSettings.config.withServersMixin
withServersMixin(servers)
"(Block List, Min: 1) The LDAP servers configuration. (see below for nested schema)\nThe LDAP servers configuration."
Note: This function appends passed data to existing values
obj spec.forProvider.ldapSettings.config.servers
"(Block List, Min: 1) The LDAP servers configuration. (see below for nested schema)\nThe LDAP servers configuration."
fn spec.forProvider.ldapSettings.config.servers.withAttributes
withAttributes(attributes)
"(Map of String) The LDAP server attributes. The following attributes can be configured: email, member_of, name, surname, username.\nThe LDAP server attributes. The following attributes can be configured: email, member_of, name, surname, username."
fn spec.forProvider.ldapSettings.config.servers.withAttributesMixin
withAttributesMixin(attributes)
"(Map of String) The LDAP server attributes. The following attributes can be configured: email, member_of, name, surname, username.\nThe LDAP server attributes. The following attributes can be configured: email, member_of, name, surname, username."
Note: This function appends passed data to existing values
fn spec.forProvider.ldapSettings.config.servers.withBindDn
withBindDn(bindDn)
"(String) The search user bind DN.\nThe search user bind DN."
fn spec.forProvider.ldapSettings.config.servers.withClientCert
withClientCert(clientCert)
"(String) The path to the client certificate.\nThe path to the client certificate."
fn spec.forProvider.ldapSettings.config.servers.withClientCertValue
withClientCertValue(clientCertValue)
"(String) The Base64 encoded value of the client certificate.\nThe Base64 encoded value of the client certificate."
fn spec.forProvider.ldapSettings.config.servers.withGroupMappings
withGroupMappings(groupMappings)
"(Block List) For mapping an LDAP group to a Grafana organization and role. (see below for nested schema)\nFor mapping an LDAP group to a Grafana organization and role."
fn spec.forProvider.ldapSettings.config.servers.withGroupMappingsMixin
withGroupMappingsMixin(groupMappings)
"(Block List) For mapping an LDAP group to a Grafana organization and role. (see below for nested schema)\nFor mapping an LDAP group to a Grafana organization and role."
Note: This function appends passed data to existing values
fn spec.forProvider.ldapSettings.config.servers.withGroupSearchBaseDns
withGroupSearchBaseDns(groupSearchBaseDns)
"(List of String) An array of the base DNs to search through for groups. Typically uses ou=groups.\nAn array of the base DNs to search through for groups. Typically uses ou=groups."
fn spec.forProvider.ldapSettings.config.servers.withGroupSearchBaseDnsMixin
withGroupSearchBaseDnsMixin(groupSearchBaseDns)
"(List of String) An array of the base DNs to search through for groups. Typically uses ou=groups.\nAn array of the base DNs to search through for groups. Typically uses ou=groups."
Note: This function appends passed data to existing values
fn spec.forProvider.ldapSettings.config.servers.withGroupSearchFilter
withGroupSearchFilter(groupSearchFilter)
"(String) Group search filter, to retrieve the groups of which the user is a member (only set if memberOf attribute is not available).\nGroup search filter, to retrieve the groups of which the user is a member (only set if memberOf attribute is not available)."
fn spec.forProvider.ldapSettings.config.servers.withGroupSearchFilterUserAttribute
withGroupSearchFilterUserAttribute(groupSearchFilterUserAttribute)
"(String) The %s in the search filter will be replaced with the attribute defined in this field.\nThe %s in the search filter will be replaced with the attribute defined in this field."
fn spec.forProvider.ldapSettings.config.servers.withHost
withHost(host)
"(String) The LDAP server host.\nThe LDAP server host."
fn spec.forProvider.ldapSettings.config.servers.withMinTlsVersion
withMinTlsVersion(minTlsVersion)
"(String) Minimum TLS version allowed. Accepted values are: TLS1.2, TLS1.3.\nMinimum TLS version allowed. Accepted values are: TLS1.2, TLS1.3."
fn spec.forProvider.ldapSettings.config.servers.withPort
withPort(port)
"(Number) The LDAP server port.\nThe LDAP server port."
fn spec.forProvider.ldapSettings.config.servers.withRootCaCert
withRootCaCert(rootCaCert)
"(String) The path to the root CA certificate.\nThe path to the root CA certificate."
fn spec.forProvider.ldapSettings.config.servers.withRootCaCertValue
withRootCaCertValue(rootCaCertValue)
"(List of String) The Base64 encoded values of the root CA certificates.\nThe Base64 encoded values of the root CA certificates."
fn spec.forProvider.ldapSettings.config.servers.withRootCaCertValueMixin
withRootCaCertValueMixin(rootCaCertValue)
"(List of String) The Base64 encoded values of the root CA certificates.\nThe Base64 encoded values of the root CA certificates."
Note: This function appends passed data to existing values
fn spec.forProvider.ldapSettings.config.servers.withSearchBaseDns
withSearchBaseDns(searchBaseDns)
"(List of String) An array of base DNs to search through.\nAn array of base DNs to search through."
fn spec.forProvider.ldapSettings.config.servers.withSearchBaseDnsMixin
withSearchBaseDnsMixin(searchBaseDns)
"(List of String) An array of base DNs to search through.\nAn array of base DNs to search through."
Note: This function appends passed data to existing values
fn spec.forProvider.ldapSettings.config.servers.withSearchFilter
withSearchFilter(searchFilter)
"(String) The user search filter, for example \"(cn=%s)\" or \"(sAMAccountName=%s)\" or \"(uid=%s)\".\nThe user search filter, for example \"(cn=%s)\" or \"(sAMAccountName=%s)\" or \"(uid=%s)\"."
fn spec.forProvider.ldapSettings.config.servers.withSslSkipVerify
withSslSkipVerify(sslSkipVerify)
"(Boolean) If set to true, the SSL cert validation will be skipped.\nIf set to true, the SSL cert validation will be skipped."
fn spec.forProvider.ldapSettings.config.servers.withStartTls
withStartTls(startTls)
"(Boolean) If set to true, use LDAP with STARTTLS instead of LDAPS.\nIf set to true, use LDAP with STARTTLS instead of LDAPS."
fn spec.forProvider.ldapSettings.config.servers.withTimeout
withTimeout(timeout)
"(Number) The timeout in seconds for connecting to the LDAP host.\nThe timeout in seconds for connecting to the LDAP host."
fn spec.forProvider.ldapSettings.config.servers.withTlsCiphers
withTlsCiphers(tlsCiphers)
"(List of String) Accepted TLS ciphers. For a complete list of supported ciphers, refer to: https://go.dev/src/crypto/tls/cipher_suites.go.\nAccepted TLS ciphers. For a complete list of supported ciphers, refer to: https://go.dev/src/crypto/tls/cipher_suites.go."
fn spec.forProvider.ldapSettings.config.servers.withTlsCiphersMixin
withTlsCiphersMixin(tlsCiphers)
"(List of String) Accepted TLS ciphers. For a complete list of supported ciphers, refer to: https://go.dev/src/crypto/tls/cipher_suites.go.\nAccepted TLS ciphers. For a complete list of supported ciphers, refer to: https://go.dev/src/crypto/tls/cipher_suites.go."
Note: This function appends passed data to existing values
fn spec.forProvider.ldapSettings.config.servers.withUseSsl
withUseSsl(useSsl)
"(Boolean) Set to true if LDAP server should use an encrypted TLS connection (either with STARTTLS or LDAPS).\nSet to true if LDAP server should use an encrypted TLS connection (either with STARTTLS or LDAPS)."
obj spec.forProvider.ldapSettings.config.servers.bindPasswordSecretRef
"(String, Sensitive) The search user bind password.\nThe search user bind password."
fn spec.forProvider.ldapSettings.config.servers.bindPasswordSecretRef.withKey
withKey(key)
fn spec.forProvider.ldapSettings.config.servers.bindPasswordSecretRef.withName
withName(name)
"Name of the secret."
obj spec.forProvider.ldapSettings.config.servers.clientKeySecretRef
"(String, Sensitive) The path to the client private key.\nThe path to the client private key."
fn spec.forProvider.ldapSettings.config.servers.clientKeySecretRef.withKey
withKey(key)
fn spec.forProvider.ldapSettings.config.servers.clientKeySecretRef.withName
withName(name)
"Name of the secret."
obj spec.forProvider.ldapSettings.config.servers.clientKeyValueSecretRef
"(String, Sensitive) The Base64 encoded value of the client private key.\nThe Base64 encoded value of the client private key."
fn spec.forProvider.ldapSettings.config.servers.clientKeyValueSecretRef.withKey
withKey(key)
fn spec.forProvider.ldapSettings.config.servers.clientKeyValueSecretRef.withName
withName(name)
"Name of the secret."
obj spec.forProvider.ldapSettings.config.servers.groupMappings
"(Block List) For mapping an LDAP group to a Grafana organization and role. (see below for nested schema)\nFor mapping an LDAP group to a Grafana organization and role."
fn spec.forProvider.ldapSettings.config.servers.groupMappings.withGrafanaAdmin
withGrafanaAdmin(grafanaAdmin)
"(Boolean) If set to true, it makes the user of group_dn Grafana server admin.\nIf set to true, it makes the user of group_dn Grafana server admin."
fn spec.forProvider.ldapSettings.config.servers.groupMappings.withGroupDn
withGroupDn(groupDn)
"(String) LDAP distinguished name (DN) of LDAP group. If you want to match all (or no LDAP groups) then you can use wildcard (\"\").\nLDAP distinguished name (DN) of LDAP group. If you want to match all (or no LDAP groups) then you can use wildcard (\"\")."
fn spec.forProvider.ldapSettings.config.servers.groupMappings.withOrgId
withOrgId(orgId)
"(Number) The Grafana organization database id.\nThe Grafana organization database id."
fn spec.forProvider.ldapSettings.config.servers.groupMappings.withOrgRole
withOrgRole(orgRole)
"(String) Assign users of group_dn the organization role Admin, Editor, or Viewer.\nAssign users of group_dn the organization role Admin, Editor, or Viewer."
obj spec.forProvider.oauth2Settings
"(Block Set, Max: 1) The OAuth2 settings set. Required for github, gitlab, google, azuread, okta, generic_oauth providers. (see below for nested schema)\nThe OAuth2 settings set. Required for github, gitlab, google, azuread, okta, generic_oauth providers."
fn spec.forProvider.oauth2Settings.withAllowAssignGrafanaAdmin
withAllowAssignGrafanaAdmin(allowAssignGrafanaAdmin)
"(Boolean) If enabled, it will automatically sync the Grafana server administrator role.\nIf enabled, it will automatically sync the Grafana server administrator role."
fn spec.forProvider.oauth2Settings.withAllowSignUp
withAllowSignUp(allowSignUp)
"(Boolean) Whether to allow new Grafana user creation through LDAP login. If set to false, then only existing Grafana users can log in with LDAP.\nIf not enabled, only existing Grafana users can log in using OAuth."
fn spec.forProvider.oauth2Settings.withAllowedDomains
withAllowedDomains(allowedDomains)
"or space-separated domains. The user should belong to at least one domain to log in.\nList of comma- or space-separated domains. The user should belong to at least one domain to log in."
fn spec.forProvider.oauth2Settings.withAllowedGroups
withAllowedGroups(allowedGroups)
"or space-separated groups. The user should be a member of at least one group to log in. For Generic OAuth, if you configure allowed_groups, you must also configure groups_attribute_path.\nList of comma- or space-separated groups. The user should be a member of at least one group to log in. For Generic OAuth, if you configure allowed_groups, you must also configure groups_attribute_path."
fn spec.forProvider.oauth2Settings.withAllowedOrganizations
withAllowedOrganizations(allowedOrganizations)
"or space-separated organizations. The user should be a member of at least one organization to log in.\nList of comma- or space-separated organizations. The user should be a member of at least one organization to log in."
fn spec.forProvider.oauth2Settings.withApiUrl
withApiUrl(apiUrl)
"(String) The user information endpoint of your OAuth2 provider. Required for okta and generic_oauth providers.\nThe user information endpoint of your OAuth2 provider. Required for okta and generic_oauth providers."
fn spec.forProvider.oauth2Settings.withAuthStyle
withAuthStyle(authStyle)
"(String) It determines how client_id and client_secret are sent to Oauth2 provider. Possible values are AutoDetect, InParams, InHeader. Default is AutoDetect.\nIt determines how client_id and client_secret are sent to Oauth2 provider. Possible values are AutoDetect, InParams, InHeader. Default is AutoDetect."
fn spec.forProvider.oauth2Settings.withAuthUrl
withAuthUrl(authUrl)
"(String) The authorization endpoint of your OAuth2 provider. Required for azuread, okta and generic_oauth providers.\nThe authorization endpoint of your OAuth2 provider. Required for azuread, okta and generic_oauth providers."
fn spec.forProvider.oauth2Settings.withAutoLogin
withAutoLogin(autoLogin)
"(Boolean) Log in automatically, skipping the login screen.\nLog in automatically, skipping the login screen."
fn spec.forProvider.oauth2Settings.withClientId
withClientId(clientId)
"(String) The client Id of your OAuth2 app.\nThe client Id of your OAuth2 app."
fn spec.forProvider.oauth2Settings.withCustom
withCustom(custom)
"(Map of String) Custom fields to configure for OAuth2 such as the force_use_graph_api field.\nCustom fields to configure for OAuth2 such as the force_use_graph_api field."
fn spec.forProvider.oauth2Settings.withCustomMixin
withCustomMixin(custom)
"(Map of String) Custom fields to configure for OAuth2 such as the force_use_graph_api field.\nCustom fields to configure for OAuth2 such as the force_use_graph_api field."
Note: This function appends passed data to existing values
fn spec.forProvider.oauth2Settings.withDefineAllowedGroups
withDefineAllowedGroups(defineAllowedGroups)
"(Boolean) Define allowed groups.\nDefine allowed groups."
fn spec.forProvider.oauth2Settings.withDefineAllowedTeamsIds
withDefineAllowedTeamsIds(defineAllowedTeamsIds)
"(Boolean) Define allowed teams ids.\nDefine allowed teams ids."
fn spec.forProvider.oauth2Settings.withEmailAttributeName
withEmailAttributeName(emailAttributeName)
"(String) Name of the key to use for user email lookup within the attributes map of OAuth2 ID token. Only applicable to Generic OAuth.\nName of the key to use for user email lookup within the attributes map of OAuth2 ID token. Only applicable to Generic OAuth."
fn spec.forProvider.oauth2Settings.withEmailAttributePath
withEmailAttributePath(emailAttributePath)
"(String) JMESPath expression to use for user email lookup from the user information. Only applicable to Generic OAuth.\nJMESPath expression to use for user email lookup from the user information. Only applicable to Generic OAuth."
fn spec.forProvider.oauth2Settings.withEmptyScopes
withEmptyScopes(emptyScopes)
"(Boolean) If enabled, no scopes will be sent to the OAuth2 provider.\nIf enabled, no scopes will be sent to the OAuth2 provider."
fn spec.forProvider.oauth2Settings.withEnabled
withEnabled(enabled)
"(Boolean) Define whether this configuration is enabled for LDAP. Defaults to true.\nDefine whether this configuration is enabled for the specified provider. Defaults to true."
fn spec.forProvider.oauth2Settings.withGroupsAttributePath
withGroupsAttributePath(groupsAttributePath)
"(String) JMESPath expression to use for user group lookup. If you configure allowed_groups, you must also configure groups_attribute_path.\nJMESPath expression to use for user group lookup. If you configure allowed_groups, you must also configure groups_attribute_path."
fn spec.forProvider.oauth2Settings.withIdTokenAttributeName
withIdTokenAttributeName(idTokenAttributeName)
"(String) The name of the key used to extract the ID token from the returned OAuth2 token. Only applicable to Generic OAuth.\nThe name of the key used to extract the ID token from the returned OAuth2 token. Only applicable to Generic OAuth."
fn spec.forProvider.oauth2Settings.withLoginAttributePath
withLoginAttributePath(loginAttributePath)
"(String) JMESPath expression to use for user login lookup from the user ID token. Only applicable to Generic OAuth.\nJMESPath expression to use for user login lookup from the user ID token. Only applicable to Generic OAuth."
fn spec.forProvider.oauth2Settings.withLoginPrompt
withLoginPrompt(loginPrompt)
"(String) Indicates the type of user interaction when the user logs in with the IdP. Available values are login, consent and select_account.\nIndicates the type of user interaction when the user logs in with the IdP. Available values are login, consent and select_account."
fn spec.forProvider.oauth2Settings.withName
withName(name)
"(String) Helpful if you use more than one identity providers or SSO protocols.\nHelpful if you use more than one identity providers or SSO protocols."
fn spec.forProvider.oauth2Settings.withNameAttributePath
withNameAttributePath(nameAttributePath)
"(String) JMESPath expression to use for user name lookup from the user ID token. This name will be used as the user’s display name. Only applicable to Generic OAuth.\nJMESPath expression to use for user name lookup from the user ID token. This name will be used as the user’s display name. Only applicable to Generic OAuth."
fn spec.forProvider.oauth2Settings.withOrgAttributePath
withOrgAttributePath(orgAttributePath)
"(String) JMESPath expression to use for the organization mapping lookup from the user ID token. The extracted list will be used for the organization mapping (to match \"Organization\" in the \"org_mapping\"). Only applicable to Generic OAuth and Okta.\nJMESPath expression to use for the organization mapping lookup from the user ID token. The extracted list will be used for the organization mapping (to match \"Organization\" in the \"org_mapping\"). Only applicable to Generic OAuth and Okta."
fn spec.forProvider.oauth2Settings.withOrgMapping
withOrgMapping(orgMapping)
"or space-separated Organization:OrgIdOrOrgName:Role mappings. Organization can be * meaning “All users”. Role is optional and can have the following values: None, Viewer, Editor or Admin.\nList of comma- or space-separated Organization:OrgIdOrOrgName:Role mappings. Organization can be * meaning “All users”. Role is optional and can have the following values: None, Viewer, Editor or Admin."
fn spec.forProvider.oauth2Settings.withRoleAttributePath
withRoleAttributePath(roleAttributePath)
"(String) JMESPath expression to use for Grafana role lookup.\nJMESPath expression to use for Grafana role lookup."
fn spec.forProvider.oauth2Settings.withRoleAttributeStrict
withRoleAttributeStrict(roleAttributeStrict)
"(Boolean) If enabled, denies user login if the Grafana role cannot be extracted using Role attribute path.\nIf enabled, denies user login if the Grafana role cannot be extracted using Role attribute path."
fn spec.forProvider.oauth2Settings.withScopes
withScopes(scopes)
"or space-separated OAuth2 scopes.\nList of comma- or space-separated OAuth2 scopes."
fn spec.forProvider.oauth2Settings.withSignoutRedirectUrl
withSignoutRedirectUrl(signoutRedirectUrl)
"(String) The URL to redirect the user to after signing out from Grafana.\nThe URL to redirect the user to after signing out from Grafana."
fn spec.forProvider.oauth2Settings.withSkipOrgRoleSync
withSkipOrgRoleSync(skipOrgRoleSync)
"(Boolean) Prevent synchronizing users’ organization roles from LDAP.\nPrevent synchronizing users’ organization roles from your IdP."
fn spec.forProvider.oauth2Settings.withTeamIds
withTeamIds(teamIds)
"(String) String list of Team Ids. If set, the user must be a member of one of the given teams to log in. If you configure team_ids, you must also configure teams_url and team_ids_attribute_path.\nString list of Team Ids. If set, the user must be a member of one of the given teams to log in. If you configure team_ids, you must also configure teams_url and team_ids_attribute_path."
fn spec.forProvider.oauth2Settings.withTeamIdsAttributePath
withTeamIdsAttributePath(teamIdsAttributePath)
"(String) The JMESPath expression to use for Grafana Team Id lookup within the results returned by the teams_url endpoint. Only applicable to Generic OAuth.\nThe JMESPath expression to use for Grafana Team Id lookup within the results returned by the teams_url endpoint. Only applicable to Generic OAuth."
fn spec.forProvider.oauth2Settings.withTeamsUrl
withTeamsUrl(teamsUrl)
"(String) The URL used to query for Team Ids. If not set, the default value is /teams. If you configure teams_url, you must also configure team_ids_attribute_path. Only applicable to Generic OAuth.\nThe URL used to query for Team Ids. If not set, the default value is /teams. If you configure teams_url, you must also configure team_ids_attribute_path. Only applicable to Generic OAuth."
fn spec.forProvider.oauth2Settings.withTlsClientCa
withTlsClientCa(tlsClientCa)
"(String) The path to the trusted certificate authority list. Is not applicable on Grafana Cloud.\nThe path to the trusted certificate authority list. Is not applicable on Grafana Cloud."
fn spec.forProvider.oauth2Settings.withTlsClientCert
withTlsClientCert(tlsClientCert)
"(String) The path to the certificate. Is not applicable on Grafana Cloud.\nThe path to the certificate. Is not applicable on Grafana Cloud."
fn spec.forProvider.oauth2Settings.withTlsClientKey
withTlsClientKey(tlsClientKey)
"(String) The path to the key. Is not applicable on Grafana Cloud.\nThe path to the key. Is not applicable on Grafana Cloud."
fn spec.forProvider.oauth2Settings.withTlsSkipVerifyInsecure
withTlsSkipVerifyInsecure(tlsSkipVerifyInsecure)
"in-the-middle attacks.\nIf enabled, the client accepts any certificate presented by the server and any host name in that certificate. You should only use this for testing, because this mode leaves SSL/TLS susceptible to man-in-the-middle attacks."
fn spec.forProvider.oauth2Settings.withTokenUrl
withTokenUrl(tokenUrl)
"(String) The token endpoint of your OAuth2 provider. Required for azuread, okta and generic_oauth providers.\nThe token endpoint of your OAuth2 provider. Required for azuread, okta and generic_oauth providers."
fn spec.forProvider.oauth2Settings.withUsePkce
withUsePkce(usePkce)
"(Boolean) If enabled, Grafana will use Proof Key for Code Exchange (PKCE) with the OAuth2 Authorization Code Grant.\nIf enabled, Grafana will use Proof Key for Code Exchange (PKCE) with the OAuth2 Authorization Code Grant."
fn spec.forProvider.oauth2Settings.withUseRefreshToken
withUseRefreshToken(useRefreshToken)
"(Boolean) If enabled, Grafana will fetch a new access token using the refresh token provided by the OAuth2 provider.\nIf enabled, Grafana will fetch a new access token using the refresh token provided by the OAuth2 provider."
obj spec.forProvider.oauth2Settings.clientSecretSecretRef
"(String, Sensitive) The client secret of your OAuth2 app.\nThe client secret of your OAuth2 app."
fn spec.forProvider.oauth2Settings.clientSecretSecretRef.withKey
withKey(key)
fn spec.forProvider.oauth2Settings.clientSecretSecretRef.withName
withName(name)
"Name of the secret."
obj spec.forProvider.samlSettings
"(Block Set, Max: 1) The SAML settings set. Required for the saml provider. (see below for nested schema)\nThe SAML settings set. Required for the saml provider."
fn spec.forProvider.samlSettings.withAllowIdpInitiated
withAllowIdpInitiated(allowIdpInitiated)
"initiated login is allowed.\nWhether SAML IdP-initiated login is allowed."
fn spec.forProvider.samlSettings.withAllowSignUp
withAllowSignUp(allowSignUp)
"(Boolean) Whether to allow new Grafana user creation through LDAP login. If set to false, then only existing Grafana users can log in with LDAP.\nWhether to allow new Grafana user creation through SAML login. If set to false, then only existing Grafana users can log in with SAML."
fn spec.forProvider.samlSettings.withAllowedOrganizations
withAllowedOrganizations(allowedOrganizations)
"or space-separated organizations. The user should be a member of at least one organization to log in.\nList of comma- or space-separated organizations. User should be a member of at least one organization to log in."
fn spec.forProvider.samlSettings.withAssertionAttributeEmail
withAssertionAttributeEmail(assertionAttributeEmail)
"(String) Friendly name or name of the attribute within the SAML assertion to use as the user email.\nFriendly name or name of the attribute within the SAML assertion to use as the user email."
fn spec.forProvider.samlSettings.withAssertionAttributeExternalUid
withAssertionAttributeExternalUid(assertionAttributeExternalUid)
"(String) Friendly name of the attribute within the SAML assertion to use as the external user ID. Only used for SCIM provisioned users.\nFriendly name of the attribute within the SAML assertion to use as the external user ID. Only used for SCIM provisioned users."
fn spec.forProvider.samlSettings.withAssertionAttributeGroups
withAssertionAttributeGroups(assertionAttributeGroups)
"(String) Friendly name or name of the attribute within the SAML assertion to use as the user groups.\nFriendly name or name of the attribute within the SAML assertion to use as the user groups."
fn spec.forProvider.samlSettings.withAssertionAttributeLogin
withAssertionAttributeLogin(assertionAttributeLogin)
"(String) Friendly name or name of the attribute within the SAML assertion to use as the user login handle.\nFriendly name or name of the attribute within the SAML assertion to use as the user login handle."
fn spec.forProvider.samlSettings.withAssertionAttributeName
withAssertionAttributeName(assertionAttributeName)
"(String) Friendly name or name of the attribute within the SAML assertion to use as the user name. Alternatively, this can be a template with variables that match the names of attributes within the SAML assertion.\nFriendly name or name of the attribute within the SAML assertion to use as the user name. Alternatively, this can be a template with variables that match the names of attributes within the SAML assertion."
fn spec.forProvider.samlSettings.withAssertionAttributeOrg
withAssertionAttributeOrg(assertionAttributeOrg)
"(String) Friendly name or name of the attribute within the SAML assertion to use as the user organization.\nFriendly name or name of the attribute within the SAML assertion to use as the user organization."
fn spec.forProvider.samlSettings.withAssertionAttributeRole
withAssertionAttributeRole(assertionAttributeRole)
"(String) Friendly name or name of the attribute within the SAML assertion to use as the user roles.\nFriendly name or name of the attribute within the SAML assertion to use as the user roles."
fn spec.forProvider.samlSettings.withAutoLogin
withAutoLogin(autoLogin)
"(Boolean) Log in automatically, skipping the login screen.\nWhether SAML auto login is enabled."
fn spec.forProvider.samlSettings.withCertificatePath
withCertificatePath(certificatePath)
"(String) Path for the SP X.509 certificate.\nPath for the SP X.509 certificate."
fn spec.forProvider.samlSettings.withClientId
withClientId(clientId)
"(String) The client Id of your OAuth2 app.\nThe client Id of your OAuth2 app."
fn spec.forProvider.samlSettings.withClientSecret
withClientSecret(clientSecret)
"(String, Sensitive) The client secret of your OAuth2 app.\nThe client secret of your OAuth2 app."
fn spec.forProvider.samlSettings.withEnabled
withEnabled(enabled)
"(Boolean) Define whether this configuration is enabled for LDAP. Defaults to true.\nDefine whether this configuration is enabled for SAML. Defaults to true."
fn spec.forProvider.samlSettings.withEntityId
withEntityId(entityId)
"(String) The entity ID is a globally unique identifier for the service provider. It is used to identify the service provider to the identity provider. Defaults to the URL of the Grafana instance if not set.\nThe entity ID is a globally unique identifier for the service provider. It is used to identify the service provider to the identity provider. Defaults to the URL of the Grafana instance if not set."
fn spec.forProvider.samlSettings.withForceUseGraphApi
withForceUseGraphApi(forceUseGraphApi)
"(Boolean) If enabled, Grafana will fetch groups from Microsoft Graph API instead of using the groups claim from the ID token.\nIf enabled, Grafana will fetch groups from Microsoft Graph API instead of using the groups claim from the ID token."
fn spec.forProvider.samlSettings.withIdpMetadata
withIdpMetadata(idpMetadata)
"encoded string for the IdP SAML metadata XML.\nBase64-encoded string for the IdP SAML metadata XML."
fn spec.forProvider.samlSettings.withIdpMetadataPath
withIdpMetadataPath(idpMetadataPath)
"(String) Path for the IdP SAML metadata XML.\nPath for the IdP SAML metadata XML."
fn spec.forProvider.samlSettings.withIdpMetadataUrl
withIdpMetadataUrl(idpMetadataUrl)
"(String) URL for the IdP SAML metadata XML.\nURL for the IdP SAML metadata XML."
fn spec.forProvider.samlSettings.withMaxIssueDelay
withMaxIssueDelay(maxIssueDelay)
"(String) Duration, since the IdP issued a response and the SP is allowed to process it. For example: 90s, 1h.\nDuration, since the IdP issued a response and the SP is allowed to process it. For example: 90s, 1h."
fn spec.forProvider.samlSettings.withMetadataValidDuration
withMetadataValidDuration(metadataValidDuration)
"(String) Duration, for how long the SP metadata is valid. For example: 48h, 5d.\nDuration, for how long the SP metadata is valid. For example: 48h, 5d."
fn spec.forProvider.samlSettings.withName
withName(name)
"(String) Helpful if you use more than one identity providers or SSO protocols.\nName used to refer to the SAML authentication."
fn spec.forProvider.samlSettings.withNameIdFormat
withNameIdFormat(nameIdFormat)
"format:transient\nThe Name ID Format to request within the SAML assertion. Defaults to urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
fn spec.forProvider.samlSettings.withOrgMapping
withOrgMapping(orgMapping)
"or space-separated Organization:OrgIdOrOrgName:Role mappings. Organization can be * meaning “All users”. Role is optional and can have the following values: None, Viewer, Editor or Admin.\nList of comma- or space-separated Organization:OrgId:Role mappings. Organization can be * meaning “All users”. Role is optional and can have the following values: Viewer, Editor or Admin."
fn spec.forProvider.samlSettings.withPrivateKeyPath
withPrivateKeyPath(privateKeyPath)
"(String) Path for the SP private key.\nPath for the SP private key."
fn spec.forProvider.samlSettings.withRelayState
withRelayState(relayState)
"initiated login. Should match relay state configured in IdP.\nRelay state for IdP-initiated login. Should match relay state configured in IdP."
fn spec.forProvider.samlSettings.withRoleValuesAdmin
withRoleValuesAdmin(roleValuesAdmin)
"or space-separated roles which will be mapped into the Admin role.\nList of comma- or space-separated roles which will be mapped into the Admin role."
fn spec.forProvider.samlSettings.withRoleValuesEditor
withRoleValuesEditor(roleValuesEditor)
"or space-separated roles which will be mapped into the Editor role.\nList of comma- or space-separated roles which will be mapped into the Editor role."
fn spec.forProvider.samlSettings.withRoleValuesGrafanaAdmin
withRoleValuesGrafanaAdmin(roleValuesGrafanaAdmin)
"or space-separated roles which will be mapped into the Grafana Admin (Super Admin) role.\nList of comma- or space-separated roles which will be mapped into the Grafana Admin (Super Admin) role."
fn spec.forProvider.samlSettings.withRoleValuesNone
withRoleValuesNone(roleValuesNone)
"or space-separated roles which will be mapped into the None role.\nList of comma- or space-separated roles which will be mapped into the None role."
fn spec.forProvider.samlSettings.withRoleValuesViewer
withRoleValuesViewer(roleValuesViewer)
"or space-separated roles which will be mapped into the Viewer role.\nList of comma- or space-separated roles which will be mapped into the Viewer role."
fn spec.forProvider.samlSettings.withSignatureAlgorithm
withSignatureAlgorithm(signatureAlgorithm)
"sha1, rsa-sha256, rsa-sha512.\nSignature algorithm used for signing requests to the IdP. Supported values are rsa-sha1, rsa-sha256, rsa-sha512."
fn spec.forProvider.samlSettings.withSingleLogout
withSingleLogout(singleLogout)
"(Boolean) Whether SAML Single Logout is enabled.\nWhether SAML Single Logout is enabled."
fn spec.forProvider.samlSettings.withSkipOrgRoleSync
withSkipOrgRoleSync(skipOrgRoleSync)
"(Boolean) Prevent synchronizing users’ organization roles from LDAP.\nPrevent synchronizing users’ organization roles from your IdP."
fn spec.forProvider.samlSettings.withTokenUrl
withTokenUrl(tokenUrl)
"(String) The token endpoint of your OAuth2 provider. Required for azuread, okta and generic_oauth providers.\nThe token endpoint of your OAuth2 provider. Required for Azure AD providers."
obj spec.forProvider.samlSettings.certificateSecretRef
"encoded string for the SP X.509 certificate.\nBase64-encoded string for the SP X.509 certificate."
fn spec.forProvider.samlSettings.certificateSecretRef.withKey
withKey(key)
fn spec.forProvider.samlSettings.certificateSecretRef.withName
withName(name)
"Name of the secret."
obj spec.forProvider.samlSettings.privateKeySecretRef
"encoded string for the SP private key.\nBase64-encoded string for the SP private key."
fn spec.forProvider.samlSettings.privateKeySecretRef.withKey
withKey(key)
fn spec.forProvider.samlSettings.privateKeySecretRef.withName
withName(name)
"Name of the secret."
obj spec.initProvider
"THIS IS A BETA FIELD. It will be honored\nunless the Management Policies feature flag is disabled.\nInitProvider holds the same fields as ForProvider, with the exception\nof Identifier and other resource reference fields. The fields that are\nin InitProvider are merged into ForProvider when the resource is created.\nThe same fields are also added to the terraform ignore_changes hook, to\navoid updating them after creation. This is useful for fields that are\nrequired on creation, but we do not desire to update them after creation,\nfor example because of an external controller is managing them, like an\nautoscaler."
fn spec.initProvider.withLdapSettings
withLdapSettings(ldapSettings)
"(Block Set, Max: 1) The LDAP settings set. Required for the ldap provider. (see below for nested schema)\nThe LDAP settings set. Required for the ldap provider."
fn spec.initProvider.withLdapSettingsMixin
withLdapSettingsMixin(ldapSettings)
"(Block Set, Max: 1) The LDAP settings set. Required for the ldap provider. (see below for nested schema)\nThe LDAP settings set. Required for the ldap provider."
Note: This function appends passed data to existing values
fn spec.initProvider.withOauth2Settings
withOauth2Settings(oauth2Settings)
"(Block Set, Max: 1) The OAuth2 settings set. Required for github, gitlab, google, azuread, okta, generic_oauth providers. (see below for nested schema)\nThe OAuth2 settings set. Required for github, gitlab, google, azuread, okta, generic_oauth providers."
fn spec.initProvider.withOauth2SettingsMixin
withOauth2SettingsMixin(oauth2Settings)
"(Block Set, Max: 1) The OAuth2 settings set. Required for github, gitlab, google, azuread, okta, generic_oauth providers. (see below for nested schema)\nThe OAuth2 settings set. Required for github, gitlab, google, azuread, okta, generic_oauth providers."
Note: This function appends passed data to existing values
fn spec.initProvider.withProviderName
withProviderName(providerName)
"(String) The name of the SSO provider. Supported values: github, gitlab, google, azuread, okta, generic_oauth, saml, ldap.\nThe name of the SSO provider. Supported values: github, gitlab, google, azuread, okta, generic_oauth, saml, ldap."
fn spec.initProvider.withSamlSettings
withSamlSettings(samlSettings)
"(Block Set, Max: 1) The SAML settings set. Required for the saml provider. (see below for nested schema)\nThe SAML settings set. Required for the saml provider."
fn spec.initProvider.withSamlSettingsMixin
withSamlSettingsMixin(samlSettings)
"(Block Set, Max: 1) The SAML settings set. Required for the saml provider. (see below for nested schema)\nThe SAML settings set. Required for the saml provider."
Note: This function appends passed data to existing values
obj spec.initProvider.ldapSettings
"(Block Set, Max: 1) The LDAP settings set. Required for the ldap provider. (see below for nested schema)\nThe LDAP settings set. Required for the ldap provider."
fn spec.initProvider.ldapSettings.withAllowSignUp
withAllowSignUp(allowSignUp)
"(Boolean) Whether to allow new Grafana user creation through LDAP login. If set to false, then only existing Grafana users can log in with LDAP.\nWhether to allow new Grafana user creation through LDAP login. If set to false, then only existing Grafana users can log in with LDAP."
fn spec.initProvider.ldapSettings.withConfig
withConfig(config)
"(Block List, Min: 1, Max: 1) The LDAP configuration. (see below for nested schema)\nThe LDAP configuration."
fn spec.initProvider.ldapSettings.withConfigMixin
withConfigMixin(config)
"(Block List, Min: 1, Max: 1) The LDAP configuration. (see below for nested schema)\nThe LDAP configuration."
Note: This function appends passed data to existing values
fn spec.initProvider.ldapSettings.withEnabled
withEnabled(enabled)
"(Boolean) Define whether this configuration is enabled for LDAP. Defaults to true.\nDefine whether this configuration is enabled for LDAP. Defaults to true."
fn spec.initProvider.ldapSettings.withSkipOrgRoleSync
withSkipOrgRoleSync(skipOrgRoleSync)
"(Boolean) Prevent synchronizing users’ organization roles from LDAP.\nPrevent synchronizing users’ organization roles from LDAP."
obj spec.initProvider.ldapSettings.config
"(Block List, Min: 1, Max: 1) The LDAP configuration. (see below for nested schema)\nThe LDAP configuration."
fn spec.initProvider.ldapSettings.config.withServers
withServers(servers)
"(Block List, Min: 1) The LDAP servers configuration. (see below for nested schema)\nThe LDAP servers configuration."
fn spec.initProvider.ldapSettings.config.withServersMixin
withServersMixin(servers)
"(Block List, Min: 1) The LDAP servers configuration. (see below for nested schema)\nThe LDAP servers configuration."
Note: This function appends passed data to existing values
obj spec.initProvider.ldapSettings.config.servers
"(Block List, Min: 1) The LDAP servers configuration. (see below for nested schema)\nThe LDAP servers configuration."
fn spec.initProvider.ldapSettings.config.servers.withAttributes
withAttributes(attributes)
"(Map of String) The LDAP server attributes. The following attributes can be configured: email, member_of, name, surname, username.\nThe LDAP server attributes. The following attributes can be configured: email, member_of, name, surname, username."
fn spec.initProvider.ldapSettings.config.servers.withAttributesMixin
withAttributesMixin(attributes)
"(Map of String) The LDAP server attributes. The following attributes can be configured: email, member_of, name, surname, username.\nThe LDAP server attributes. The following attributes can be configured: email, member_of, name, surname, username."
Note: This function appends passed data to existing values
fn spec.initProvider.ldapSettings.config.servers.withBindDn
withBindDn(bindDn)
"(String) The search user bind DN.\nThe search user bind DN."
fn spec.initProvider.ldapSettings.config.servers.withClientCert
withClientCert(clientCert)
"(String) The path to the client certificate.\nThe path to the client certificate."
fn spec.initProvider.ldapSettings.config.servers.withClientCertValue
withClientCertValue(clientCertValue)
"(String) The Base64 encoded value of the client certificate.\nThe Base64 encoded value of the client certificate."
fn spec.initProvider.ldapSettings.config.servers.withGroupMappings
withGroupMappings(groupMappings)
"(Block List) For mapping an LDAP group to a Grafana organization and role. (see below for nested schema)\nFor mapping an LDAP group to a Grafana organization and role."
fn spec.initProvider.ldapSettings.config.servers.withGroupMappingsMixin
withGroupMappingsMixin(groupMappings)
"(Block List) For mapping an LDAP group to a Grafana organization and role. (see below for nested schema)\nFor mapping an LDAP group to a Grafana organization and role."
Note: This function appends passed data to existing values
fn spec.initProvider.ldapSettings.config.servers.withGroupSearchBaseDns
withGroupSearchBaseDns(groupSearchBaseDns)
"(List of String) An array of the base DNs to search through for groups. Typically uses ou=groups.\nAn array of the base DNs to search through for groups. Typically uses ou=groups."
fn spec.initProvider.ldapSettings.config.servers.withGroupSearchBaseDnsMixin
withGroupSearchBaseDnsMixin(groupSearchBaseDns)
"(List of String) An array of the base DNs to search through for groups. Typically uses ou=groups.\nAn array of the base DNs to search through for groups. Typically uses ou=groups."
Note: This function appends passed data to existing values
fn spec.initProvider.ldapSettings.config.servers.withGroupSearchFilter
withGroupSearchFilter(groupSearchFilter)
"(String) Group search filter, to retrieve the groups of which the user is a member (only set if memberOf attribute is not available).\nGroup search filter, to retrieve the groups of which the user is a member (only set if memberOf attribute is not available)."
fn spec.initProvider.ldapSettings.config.servers.withGroupSearchFilterUserAttribute
withGroupSearchFilterUserAttribute(groupSearchFilterUserAttribute)
"(String) The %s in the search filter will be replaced with the attribute defined in this field.\nThe %s in the search filter will be replaced with the attribute defined in this field."
fn spec.initProvider.ldapSettings.config.servers.withHost
withHost(host)
"(String) The LDAP server host.\nThe LDAP server host."
fn spec.initProvider.ldapSettings.config.servers.withMinTlsVersion
withMinTlsVersion(minTlsVersion)
"(String) Minimum TLS version allowed. Accepted values are: TLS1.2, TLS1.3.\nMinimum TLS version allowed. Accepted values are: TLS1.2, TLS1.3."
fn spec.initProvider.ldapSettings.config.servers.withPort
withPort(port)
"(Number) The LDAP server port.\nThe LDAP server port."
fn spec.initProvider.ldapSettings.config.servers.withRootCaCert
withRootCaCert(rootCaCert)
"(String) The path to the root CA certificate.\nThe path to the root CA certificate."
fn spec.initProvider.ldapSettings.config.servers.withRootCaCertValue
withRootCaCertValue(rootCaCertValue)
"(List of String) The Base64 encoded values of the root CA certificates.\nThe Base64 encoded values of the root CA certificates."
fn spec.initProvider.ldapSettings.config.servers.withRootCaCertValueMixin
withRootCaCertValueMixin(rootCaCertValue)
"(List of String) The Base64 encoded values of the root CA certificates.\nThe Base64 encoded values of the root CA certificates."
Note: This function appends passed data to existing values
fn spec.initProvider.ldapSettings.config.servers.withSearchBaseDns
withSearchBaseDns(searchBaseDns)
"(List of String) An array of base DNs to search through.\nAn array of base DNs to search through."
fn spec.initProvider.ldapSettings.config.servers.withSearchBaseDnsMixin
withSearchBaseDnsMixin(searchBaseDns)
"(List of String) An array of base DNs to search through.\nAn array of base DNs to search through."
Note: This function appends passed data to existing values
fn spec.initProvider.ldapSettings.config.servers.withSearchFilter
withSearchFilter(searchFilter)
"(String) The user search filter, for example \"(cn=%s)\" or \"(sAMAccountName=%s)\" or \"(uid=%s)\".\nThe user search filter, for example \"(cn=%s)\" or \"(sAMAccountName=%s)\" or \"(uid=%s)\"."
fn spec.initProvider.ldapSettings.config.servers.withSslSkipVerify
withSslSkipVerify(sslSkipVerify)
"(Boolean) If set to true, the SSL cert validation will be skipped.\nIf set to true, the SSL cert validation will be skipped."
fn spec.initProvider.ldapSettings.config.servers.withStartTls
withStartTls(startTls)
"(Boolean) If set to true, use LDAP with STARTTLS instead of LDAPS.\nIf set to true, use LDAP with STARTTLS instead of LDAPS."
fn spec.initProvider.ldapSettings.config.servers.withTimeout
withTimeout(timeout)
"(Number) The timeout in seconds for connecting to the LDAP host.\nThe timeout in seconds for connecting to the LDAP host."
fn spec.initProvider.ldapSettings.config.servers.withTlsCiphers
withTlsCiphers(tlsCiphers)
"(List of String) Accepted TLS ciphers. For a complete list of supported ciphers, refer to: https://go.dev/src/crypto/tls/cipher_suites.go.\nAccepted TLS ciphers. For a complete list of supported ciphers, refer to: https://go.dev/src/crypto/tls/cipher_suites.go."
fn spec.initProvider.ldapSettings.config.servers.withTlsCiphersMixin
withTlsCiphersMixin(tlsCiphers)
"(List of String) Accepted TLS ciphers. For a complete list of supported ciphers, refer to: https://go.dev/src/crypto/tls/cipher_suites.go.\nAccepted TLS ciphers. For a complete list of supported ciphers, refer to: https://go.dev/src/crypto/tls/cipher_suites.go."
Note: This function appends passed data to existing values
fn spec.initProvider.ldapSettings.config.servers.withUseSsl
withUseSsl(useSsl)
"(Boolean) Set to true if LDAP server should use an encrypted TLS connection (either with STARTTLS or LDAPS).\nSet to true if LDAP server should use an encrypted TLS connection (either with STARTTLS or LDAPS)."
obj spec.initProvider.ldapSettings.config.servers.bindPasswordSecretRef
"(String, Sensitive) The search user bind password.\nThe search user bind password."
fn spec.initProvider.ldapSettings.config.servers.bindPasswordSecretRef.withKey
withKey(key)
fn spec.initProvider.ldapSettings.config.servers.bindPasswordSecretRef.withName
withName(name)
"Name of the secret."
obj spec.initProvider.ldapSettings.config.servers.clientKeySecretRef
"(String, Sensitive) The path to the client private key.\nThe path to the client private key."
fn spec.initProvider.ldapSettings.config.servers.clientKeySecretRef.withKey
withKey(key)
fn spec.initProvider.ldapSettings.config.servers.clientKeySecretRef.withName
withName(name)
"Name of the secret."
obj spec.initProvider.ldapSettings.config.servers.clientKeyValueSecretRef
"(String, Sensitive) The Base64 encoded value of the client private key.\nThe Base64 encoded value of the client private key."
fn spec.initProvider.ldapSettings.config.servers.clientKeyValueSecretRef.withKey
withKey(key)
fn spec.initProvider.ldapSettings.config.servers.clientKeyValueSecretRef.withName
withName(name)
"Name of the secret."
obj spec.initProvider.ldapSettings.config.servers.groupMappings
"(Block List) For mapping an LDAP group to a Grafana organization and role. (see below for nested schema)\nFor mapping an LDAP group to a Grafana organization and role."
fn spec.initProvider.ldapSettings.config.servers.groupMappings.withGrafanaAdmin
withGrafanaAdmin(grafanaAdmin)
"(Boolean) If set to true, it makes the user of group_dn Grafana server admin.\nIf set to true, it makes the user of group_dn Grafana server admin."
fn spec.initProvider.ldapSettings.config.servers.groupMappings.withGroupDn
withGroupDn(groupDn)
"(String) LDAP distinguished name (DN) of LDAP group. If you want to match all (or no LDAP groups) then you can use wildcard (\"\").\nLDAP distinguished name (DN) of LDAP group. If you want to match all (or no LDAP groups) then you can use wildcard (\"\")."
fn spec.initProvider.ldapSettings.config.servers.groupMappings.withOrgId
withOrgId(orgId)
"(Number) The Grafana organization database id.\nThe Grafana organization database id."
fn spec.initProvider.ldapSettings.config.servers.groupMappings.withOrgRole
withOrgRole(orgRole)
"(String) Assign users of group_dn the organization role Admin, Editor, or Viewer.\nAssign users of group_dn the organization role Admin, Editor, or Viewer."
obj spec.initProvider.oauth2Settings
"(Block Set, Max: 1) The OAuth2 settings set. Required for github, gitlab, google, azuread, okta, generic_oauth providers. (see below for nested schema)\nThe OAuth2 settings set. Required for github, gitlab, google, azuread, okta, generic_oauth providers."
fn spec.initProvider.oauth2Settings.withAllowAssignGrafanaAdmin
withAllowAssignGrafanaAdmin(allowAssignGrafanaAdmin)
"(Boolean) If enabled, it will automatically sync the Grafana server administrator role.\nIf enabled, it will automatically sync the Grafana server administrator role."
fn spec.initProvider.oauth2Settings.withAllowSignUp
withAllowSignUp(allowSignUp)
"(Boolean) Whether to allow new Grafana user creation through LDAP login. If set to false, then only existing Grafana users can log in with LDAP.\nIf not enabled, only existing Grafana users can log in using OAuth."
fn spec.initProvider.oauth2Settings.withAllowedDomains
withAllowedDomains(allowedDomains)
"or space-separated domains. The user should belong to at least one domain to log in.\nList of comma- or space-separated domains. The user should belong to at least one domain to log in."
fn spec.initProvider.oauth2Settings.withAllowedGroups
withAllowedGroups(allowedGroups)
"or space-separated groups. The user should be a member of at least one group to log in. For Generic OAuth, if you configure allowed_groups, you must also configure groups_attribute_path.\nList of comma- or space-separated groups. The user should be a member of at least one group to log in. For Generic OAuth, if you configure allowed_groups, you must also configure groups_attribute_path."
fn spec.initProvider.oauth2Settings.withAllowedOrganizations
withAllowedOrganizations(allowedOrganizations)
"or space-separated organizations. The user should be a member of at least one organization to log in.\nList of comma- or space-separated organizations. The user should be a member of at least one organization to log in."
fn spec.initProvider.oauth2Settings.withApiUrl
withApiUrl(apiUrl)
"(String) The user information endpoint of your OAuth2 provider. Required for okta and generic_oauth providers.\nThe user information endpoint of your OAuth2 provider. Required for okta and generic_oauth providers."
fn spec.initProvider.oauth2Settings.withAuthStyle
withAuthStyle(authStyle)
"(String) It determines how client_id and client_secret are sent to Oauth2 provider. Possible values are AutoDetect, InParams, InHeader. Default is AutoDetect.\nIt determines how client_id and client_secret are sent to Oauth2 provider. Possible values are AutoDetect, InParams, InHeader. Default is AutoDetect."
fn spec.initProvider.oauth2Settings.withAuthUrl
withAuthUrl(authUrl)
"(String) The authorization endpoint of your OAuth2 provider. Required for azuread, okta and generic_oauth providers.\nThe authorization endpoint of your OAuth2 provider. Required for azuread, okta and generic_oauth providers."
fn spec.initProvider.oauth2Settings.withAutoLogin
withAutoLogin(autoLogin)
"(Boolean) Log in automatically, skipping the login screen.\nLog in automatically, skipping the login screen."
fn spec.initProvider.oauth2Settings.withClientId
withClientId(clientId)
"(String) The client Id of your OAuth2 app.\nThe client Id of your OAuth2 app."
fn spec.initProvider.oauth2Settings.withCustom
withCustom(custom)
"(Map of String) Custom fields to configure for OAuth2 such as the force_use_graph_api field.\nCustom fields to configure for OAuth2 such as the force_use_graph_api field."
fn spec.initProvider.oauth2Settings.withCustomMixin
withCustomMixin(custom)
"(Map of String) Custom fields to configure for OAuth2 such as the force_use_graph_api field.\nCustom fields to configure for OAuth2 such as the force_use_graph_api field."
Note: This function appends passed data to existing values
fn spec.initProvider.oauth2Settings.withDefineAllowedGroups
withDefineAllowedGroups(defineAllowedGroups)
"(Boolean) Define allowed groups.\nDefine allowed groups."
fn spec.initProvider.oauth2Settings.withDefineAllowedTeamsIds
withDefineAllowedTeamsIds(defineAllowedTeamsIds)
"(Boolean) Define allowed teams ids.\nDefine allowed teams ids."
fn spec.initProvider.oauth2Settings.withEmailAttributeName
withEmailAttributeName(emailAttributeName)
"(String) Name of the key to use for user email lookup within the attributes map of OAuth2 ID token. Only applicable to Generic OAuth.\nName of the key to use for user email lookup within the attributes map of OAuth2 ID token. Only applicable to Generic OAuth."
fn spec.initProvider.oauth2Settings.withEmailAttributePath
withEmailAttributePath(emailAttributePath)
"(String) JMESPath expression to use for user email lookup from the user information. Only applicable to Generic OAuth.\nJMESPath expression to use for user email lookup from the user information. Only applicable to Generic OAuth."
fn spec.initProvider.oauth2Settings.withEmptyScopes
withEmptyScopes(emptyScopes)
"(Boolean) If enabled, no scopes will be sent to the OAuth2 provider.\nIf enabled, no scopes will be sent to the OAuth2 provider."
fn spec.initProvider.oauth2Settings.withEnabled
withEnabled(enabled)
"(Boolean) Define whether this configuration is enabled for LDAP. Defaults to true.\nDefine whether this configuration is enabled for the specified provider. Defaults to true."
fn spec.initProvider.oauth2Settings.withGroupsAttributePath
withGroupsAttributePath(groupsAttributePath)
"(String) JMESPath expression to use for user group lookup. If you configure allowed_groups, you must also configure groups_attribute_path.\nJMESPath expression to use for user group lookup. If you configure allowed_groups, you must also configure groups_attribute_path."
fn spec.initProvider.oauth2Settings.withIdTokenAttributeName
withIdTokenAttributeName(idTokenAttributeName)
"(String) The name of the key used to extract the ID token from the returned OAuth2 token. Only applicable to Generic OAuth.\nThe name of the key used to extract the ID token from the returned OAuth2 token. Only applicable to Generic OAuth."
fn spec.initProvider.oauth2Settings.withLoginAttributePath
withLoginAttributePath(loginAttributePath)
"(String) JMESPath expression to use for user login lookup from the user ID token. Only applicable to Generic OAuth.\nJMESPath expression to use for user login lookup from the user ID token. Only applicable to Generic OAuth."
fn spec.initProvider.oauth2Settings.withLoginPrompt
withLoginPrompt(loginPrompt)
"(String) Indicates the type of user interaction when the user logs in with the IdP. Available values are login, consent and select_account.\nIndicates the type of user interaction when the user logs in with the IdP. Available values are login, consent and select_account."
fn spec.initProvider.oauth2Settings.withName
withName(name)
"(String) Helpful if you use more than one identity providers or SSO protocols.\nHelpful if you use more than one identity providers or SSO protocols."
fn spec.initProvider.oauth2Settings.withNameAttributePath
withNameAttributePath(nameAttributePath)
"(String) JMESPath expression to use for user name lookup from the user ID token. This name will be used as the user’s display name. Only applicable to Generic OAuth.\nJMESPath expression to use for user name lookup from the user ID token. This name will be used as the user’s display name. Only applicable to Generic OAuth."
fn spec.initProvider.oauth2Settings.withOrgAttributePath
withOrgAttributePath(orgAttributePath)
"(String) JMESPath expression to use for the organization mapping lookup from the user ID token. The extracted list will be used for the organization mapping (to match \"Organization\" in the \"org_mapping\"). Only applicable to Generic OAuth and Okta.\nJMESPath expression to use for the organization mapping lookup from the user ID token. The extracted list will be used for the organization mapping (to match \"Organization\" in the \"org_mapping\"). Only applicable to Generic OAuth and Okta."
fn spec.initProvider.oauth2Settings.withOrgMapping
withOrgMapping(orgMapping)
"or space-separated Organization:OrgIdOrOrgName:Role mappings. Organization can be * meaning “All users”. Role is optional and can have the following values: None, Viewer, Editor or Admin.\nList of comma- or space-separated Organization:OrgIdOrOrgName:Role mappings. Organization can be * meaning “All users”. Role is optional and can have the following values: None, Viewer, Editor or Admin."
fn spec.initProvider.oauth2Settings.withRoleAttributePath
withRoleAttributePath(roleAttributePath)
"(String) JMESPath expression to use for Grafana role lookup.\nJMESPath expression to use for Grafana role lookup."
fn spec.initProvider.oauth2Settings.withRoleAttributeStrict
withRoleAttributeStrict(roleAttributeStrict)
"(Boolean) If enabled, denies user login if the Grafana role cannot be extracted using Role attribute path.\nIf enabled, denies user login if the Grafana role cannot be extracted using Role attribute path."
fn spec.initProvider.oauth2Settings.withScopes
withScopes(scopes)
"or space-separated OAuth2 scopes.\nList of comma- or space-separated OAuth2 scopes."
fn spec.initProvider.oauth2Settings.withSignoutRedirectUrl
withSignoutRedirectUrl(signoutRedirectUrl)
"(String) The URL to redirect the user to after signing out from Grafana.\nThe URL to redirect the user to after signing out from Grafana."
fn spec.initProvider.oauth2Settings.withSkipOrgRoleSync
withSkipOrgRoleSync(skipOrgRoleSync)
"(Boolean) Prevent synchronizing users’ organization roles from LDAP.\nPrevent synchronizing users’ organization roles from your IdP."
fn spec.initProvider.oauth2Settings.withTeamIds
withTeamIds(teamIds)
"(String) String list of Team Ids. If set, the user must be a member of one of the given teams to log in. If you configure team_ids, you must also configure teams_url and team_ids_attribute_path.\nString list of Team Ids. If set, the user must be a member of one of the given teams to log in. If you configure team_ids, you must also configure teams_url and team_ids_attribute_path."
fn spec.initProvider.oauth2Settings.withTeamIdsAttributePath
withTeamIdsAttributePath(teamIdsAttributePath)
"(String) The JMESPath expression to use for Grafana Team Id lookup within the results returned by the teams_url endpoint. Only applicable to Generic OAuth.\nThe JMESPath expression to use for Grafana Team Id lookup within the results returned by the teams_url endpoint. Only applicable to Generic OAuth."
fn spec.initProvider.oauth2Settings.withTeamsUrl
withTeamsUrl(teamsUrl)
"(String) The URL used to query for Team Ids. If not set, the default value is /teams. If you configure teams_url, you must also configure team_ids_attribute_path. Only applicable to Generic OAuth.\nThe URL used to query for Team Ids. If not set, the default value is /teams. If you configure teams_url, you must also configure team_ids_attribute_path. Only applicable to Generic OAuth."
fn spec.initProvider.oauth2Settings.withTlsClientCa
withTlsClientCa(tlsClientCa)
"(String) The path to the trusted certificate authority list. Is not applicable on Grafana Cloud.\nThe path to the trusted certificate authority list. Is not applicable on Grafana Cloud."
fn spec.initProvider.oauth2Settings.withTlsClientCert
withTlsClientCert(tlsClientCert)
"(String) The path to the certificate. Is not applicable on Grafana Cloud.\nThe path to the certificate. Is not applicable on Grafana Cloud."
fn spec.initProvider.oauth2Settings.withTlsClientKey
withTlsClientKey(tlsClientKey)
"(String) The path to the key. Is not applicable on Grafana Cloud.\nThe path to the key. Is not applicable on Grafana Cloud."
fn spec.initProvider.oauth2Settings.withTlsSkipVerifyInsecure
withTlsSkipVerifyInsecure(tlsSkipVerifyInsecure)
"in-the-middle attacks.\nIf enabled, the client accepts any certificate presented by the server and any host name in that certificate. You should only use this for testing, because this mode leaves SSL/TLS susceptible to man-in-the-middle attacks."
fn spec.initProvider.oauth2Settings.withTokenUrl
withTokenUrl(tokenUrl)
"(String) The token endpoint of your OAuth2 provider. Required for azuread, okta and generic_oauth providers.\nThe token endpoint of your OAuth2 provider. Required for azuread, okta and generic_oauth providers."
fn spec.initProvider.oauth2Settings.withUsePkce
withUsePkce(usePkce)
"(Boolean) If enabled, Grafana will use Proof Key for Code Exchange (PKCE) with the OAuth2 Authorization Code Grant.\nIf enabled, Grafana will use Proof Key for Code Exchange (PKCE) with the OAuth2 Authorization Code Grant."
fn spec.initProvider.oauth2Settings.withUseRefreshToken
withUseRefreshToken(useRefreshToken)
"(Boolean) If enabled, Grafana will fetch a new access token using the refresh token provided by the OAuth2 provider.\nIf enabled, Grafana will fetch a new access token using the refresh token provided by the OAuth2 provider."
obj spec.initProvider.oauth2Settings.clientSecretSecretRef
"(String, Sensitive) The client secret of your OAuth2 app.\nThe client secret of your OAuth2 app."
fn spec.initProvider.oauth2Settings.clientSecretSecretRef.withKey
withKey(key)
fn spec.initProvider.oauth2Settings.clientSecretSecretRef.withName
withName(name)
"Name of the secret."
obj spec.initProvider.samlSettings
"(Block Set, Max: 1) The SAML settings set. Required for the saml provider. (see below for nested schema)\nThe SAML settings set. Required for the saml provider."
fn spec.initProvider.samlSettings.withAllowIdpInitiated
withAllowIdpInitiated(allowIdpInitiated)
"initiated login is allowed.\nWhether SAML IdP-initiated login is allowed."
fn spec.initProvider.samlSettings.withAllowSignUp
withAllowSignUp(allowSignUp)
"(Boolean) Whether to allow new Grafana user creation through LDAP login. If set to false, then only existing Grafana users can log in with LDAP.\nWhether to allow new Grafana user creation through SAML login. If set to false, then only existing Grafana users can log in with SAML."
fn spec.initProvider.samlSettings.withAllowedOrganizations
withAllowedOrganizations(allowedOrganizations)
"or space-separated organizations. The user should be a member of at least one organization to log in.\nList of comma- or space-separated organizations. User should be a member of at least one organization to log in."
fn spec.initProvider.samlSettings.withAssertionAttributeEmail
withAssertionAttributeEmail(assertionAttributeEmail)
"(String) Friendly name or name of the attribute within the SAML assertion to use as the user email.\nFriendly name or name of the attribute within the SAML assertion to use as the user email."
fn spec.initProvider.samlSettings.withAssertionAttributeExternalUid
withAssertionAttributeExternalUid(assertionAttributeExternalUid)
"(String) Friendly name of the attribute within the SAML assertion to use as the external user ID. Only used for SCIM provisioned users.\nFriendly name of the attribute within the SAML assertion to use as the external user ID. Only used for SCIM provisioned users."
fn spec.initProvider.samlSettings.withAssertionAttributeGroups
withAssertionAttributeGroups(assertionAttributeGroups)
"(String) Friendly name or name of the attribute within the SAML assertion to use as the user groups.\nFriendly name or name of the attribute within the SAML assertion to use as the user groups."
fn spec.initProvider.samlSettings.withAssertionAttributeLogin
withAssertionAttributeLogin(assertionAttributeLogin)
"(String) Friendly name or name of the attribute within the SAML assertion to use as the user login handle.\nFriendly name or name of the attribute within the SAML assertion to use as the user login handle."
fn spec.initProvider.samlSettings.withAssertionAttributeName
withAssertionAttributeName(assertionAttributeName)
"(String) Friendly name or name of the attribute within the SAML assertion to use as the user name. Alternatively, this can be a template with variables that match the names of attributes within the SAML assertion.\nFriendly name or name of the attribute within the SAML assertion to use as the user name. Alternatively, this can be a template with variables that match the names of attributes within the SAML assertion."
fn spec.initProvider.samlSettings.withAssertionAttributeOrg
withAssertionAttributeOrg(assertionAttributeOrg)
"(String) Friendly name or name of the attribute within the SAML assertion to use as the user organization.\nFriendly name or name of the attribute within the SAML assertion to use as the user organization."
fn spec.initProvider.samlSettings.withAssertionAttributeRole
withAssertionAttributeRole(assertionAttributeRole)
"(String) Friendly name or name of the attribute within the SAML assertion to use as the user roles.\nFriendly name or name of the attribute within the SAML assertion to use as the user roles."
fn spec.initProvider.samlSettings.withAutoLogin
withAutoLogin(autoLogin)
"(Boolean) Log in automatically, skipping the login screen.\nWhether SAML auto login is enabled."
fn spec.initProvider.samlSettings.withCertificatePath
withCertificatePath(certificatePath)
"(String) Path for the SP X.509 certificate.\nPath for the SP X.509 certificate."
fn spec.initProvider.samlSettings.withClientId
withClientId(clientId)
"(String) The client Id of your OAuth2 app.\nThe client Id of your OAuth2 app."
fn spec.initProvider.samlSettings.withClientSecret
withClientSecret(clientSecret)
"(String, Sensitive) The client secret of your OAuth2 app.\nThe client secret of your OAuth2 app."
fn spec.initProvider.samlSettings.withEnabled
withEnabled(enabled)
"(Boolean) Define whether this configuration is enabled for LDAP. Defaults to true.\nDefine whether this configuration is enabled for SAML. Defaults to true."
fn spec.initProvider.samlSettings.withEntityId
withEntityId(entityId)
"(String) The entity ID is a globally unique identifier for the service provider. It is used to identify the service provider to the identity provider. Defaults to the URL of the Grafana instance if not set.\nThe entity ID is a globally unique identifier for the service provider. It is used to identify the service provider to the identity provider. Defaults to the URL of the Grafana instance if not set."
fn spec.initProvider.samlSettings.withForceUseGraphApi
withForceUseGraphApi(forceUseGraphApi)
"(Boolean) If enabled, Grafana will fetch groups from Microsoft Graph API instead of using the groups claim from the ID token.\nIf enabled, Grafana will fetch groups from Microsoft Graph API instead of using the groups claim from the ID token."
fn spec.initProvider.samlSettings.withIdpMetadata
withIdpMetadata(idpMetadata)
"encoded string for the IdP SAML metadata XML.\nBase64-encoded string for the IdP SAML metadata XML."
fn spec.initProvider.samlSettings.withIdpMetadataPath
withIdpMetadataPath(idpMetadataPath)
"(String) Path for the IdP SAML metadata XML.\nPath for the IdP SAML metadata XML."
fn spec.initProvider.samlSettings.withIdpMetadataUrl
withIdpMetadataUrl(idpMetadataUrl)
"(String) URL for the IdP SAML metadata XML.\nURL for the IdP SAML metadata XML."
fn spec.initProvider.samlSettings.withMaxIssueDelay
withMaxIssueDelay(maxIssueDelay)
"(String) Duration, since the IdP issued a response and the SP is allowed to process it. For example: 90s, 1h.\nDuration, since the IdP issued a response and the SP is allowed to process it. For example: 90s, 1h."
fn spec.initProvider.samlSettings.withMetadataValidDuration
withMetadataValidDuration(metadataValidDuration)
"(String) Duration, for how long the SP metadata is valid. For example: 48h, 5d.\nDuration, for how long the SP metadata is valid. For example: 48h, 5d."
fn spec.initProvider.samlSettings.withName
withName(name)
"(String) Helpful if you use more than one identity providers or SSO protocols.\nName used to refer to the SAML authentication."
fn spec.initProvider.samlSettings.withNameIdFormat
withNameIdFormat(nameIdFormat)
"format:transient\nThe Name ID Format to request within the SAML assertion. Defaults to urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
fn spec.initProvider.samlSettings.withOrgMapping
withOrgMapping(orgMapping)
"or space-separated Organization:OrgIdOrOrgName:Role mappings. Organization can be * meaning “All users”. Role is optional and can have the following values: None, Viewer, Editor or Admin.\nList of comma- or space-separated Organization:OrgId:Role mappings. Organization can be * meaning “All users”. Role is optional and can have the following values: Viewer, Editor or Admin."
fn spec.initProvider.samlSettings.withPrivateKeyPath
withPrivateKeyPath(privateKeyPath)
"(String) Path for the SP private key.\nPath for the SP private key."
fn spec.initProvider.samlSettings.withRelayState
withRelayState(relayState)
"initiated login. Should match relay state configured in IdP.\nRelay state for IdP-initiated login. Should match relay state configured in IdP."
fn spec.initProvider.samlSettings.withRoleValuesAdmin
withRoleValuesAdmin(roleValuesAdmin)
"or space-separated roles which will be mapped into the Admin role.\nList of comma- or space-separated roles which will be mapped into the Admin role."
fn spec.initProvider.samlSettings.withRoleValuesEditor
withRoleValuesEditor(roleValuesEditor)
"or space-separated roles which will be mapped into the Editor role.\nList of comma- or space-separated roles which will be mapped into the Editor role."
fn spec.initProvider.samlSettings.withRoleValuesGrafanaAdmin
withRoleValuesGrafanaAdmin(roleValuesGrafanaAdmin)
"or space-separated roles which will be mapped into the Grafana Admin (Super Admin) role.\nList of comma- or space-separated roles which will be mapped into the Grafana Admin (Super Admin) role."
fn spec.initProvider.samlSettings.withRoleValuesNone
withRoleValuesNone(roleValuesNone)
"or space-separated roles which will be mapped into the None role.\nList of comma- or space-separated roles which will be mapped into the None role."
fn spec.initProvider.samlSettings.withRoleValuesViewer
withRoleValuesViewer(roleValuesViewer)
"or space-separated roles which will be mapped into the Viewer role.\nList of comma- or space-separated roles which will be mapped into the Viewer role."
fn spec.initProvider.samlSettings.withSignatureAlgorithm
withSignatureAlgorithm(signatureAlgorithm)
"sha1, rsa-sha256, rsa-sha512.\nSignature algorithm used for signing requests to the IdP. Supported values are rsa-sha1, rsa-sha256, rsa-sha512."
fn spec.initProvider.samlSettings.withSingleLogout
withSingleLogout(singleLogout)
"(Boolean) Whether SAML Single Logout is enabled.\nWhether SAML Single Logout is enabled."
fn spec.initProvider.samlSettings.withSkipOrgRoleSync
withSkipOrgRoleSync(skipOrgRoleSync)
"(Boolean) Prevent synchronizing users’ organization roles from LDAP.\nPrevent synchronizing users’ organization roles from your IdP."
fn spec.initProvider.samlSettings.withTokenUrl
withTokenUrl(tokenUrl)
"(String) The token endpoint of your OAuth2 provider. Required for azuread, okta and generic_oauth providers.\nThe token endpoint of your OAuth2 provider. Required for Azure AD providers."
obj spec.initProvider.samlSettings.certificateSecretRef
"encoded string for the SP X.509 certificate.\nBase64-encoded string for the SP X.509 certificate."
fn spec.initProvider.samlSettings.certificateSecretRef.withKey
withKey(key)
fn spec.initProvider.samlSettings.certificateSecretRef.withName
withName(name)
"Name of the secret."
obj spec.initProvider.samlSettings.privateKeySecretRef
"encoded string for the SP private key.\nBase64-encoded string for the SP private key."
fn spec.initProvider.samlSettings.privateKeySecretRef.withKey
withKey(key)
fn spec.initProvider.samlSettings.privateKeySecretRef.withName
withName(name)
"Name of the secret."
obj spec.providerConfigRef
"ProviderConfigReference specifies how the provider that will be used to\ncreate, observe, update, and delete this managed resource should be\nconfigured."
fn spec.providerConfigRef.withKind
withKind(kind)
"Kind of the referenced object."
fn spec.providerConfigRef.withName
withName(name)
"Name of the referenced object."
obj spec.writeConnectionSecretToRef
"WriteConnectionSecretToReference specifies the namespace and name of a\nSecret to which any connection details for this managed resource should\nbe written. Connection details frequently include the endpoint, username,\nand password required to connect to the managed resource."
fn spec.writeConnectionSecretToRef.withName
withName(name)
"Name of the secret."