From 05b127977dd5269f5ad25ca5a336a37988df2c26 Mon Sep 17 00:00:00 2001 From: Guinevere Saenger Date: Mon, 4 Apr 2022 14:31:54 -0700 Subject: [PATCH] Upgrade to v0.29.0 of the Auth0 Terraform Provider * See [upstream release notes](https://github.com/auth0/terraform-provider-auth0/releases) for details --- .../cmd/pulumi-resource-auth0/schema.json | 441 ++++- provider/go.mod | 2 +- provider/go.sum | 8 +- provider/resources.go | 2 + sdk/dotnet/AttackProtection.cs | 207 +++ sdk/dotnet/Client.cs | 13 +- sdk/dotnet/Connection.cs | 18 + sdk/dotnet/GetClient.cs | 4 + sdk/dotnet/GetGlobalClient.cs | 4 + sdk/dotnet/GetTenant.cs | 71 + ...ProtectionBreachedPasswordDetectionArgs.cs | 55 + ...tectionBreachedPasswordDetectionGetArgs.cs | 55 + ...ttackProtectionBruteForceProtectionArgs.cs | 61 + ...ckProtectionBruteForceProtectionGetArgs.cs | 61 + ...ackProtectionSuspiciousIpThrottlingArgs.cs | 61 + ...ProtectionSuspiciousIpThrottlingGetArgs.cs | 61 + ...ctionSuspiciousIpThrottlingPreLoginArgs.cs | 28 + ...onSuspiciousIpThrottlingPreLoginGetArgs.cs | 28 + ...iousIpThrottlingPreUserRegistrationArgs.cs | 28 + ...sIpThrottlingPreUserRegistrationGetArgs.cs | 28 + sdk/dotnet/Inputs/ClientAddonsSamlpArgs.cs | 10 +- sdk/dotnet/Inputs/ClientAddonsSamlpGetArgs.cs | 10 +- .../Inputs/ClientAddonsSamlpLogoutArgs.cs | 31 - .../Inputs/ClientAddonsSamlpLogoutGetArgs.cs | 31 - .../Inputs/GlobalClientAddonsSamlpArgs.cs | 7 +- .../Inputs/GlobalClientAddonsSamlpGetArgs.cs | 7 +- .../GlobalClientAddonsSamlpLogoutArgs.cs | 25 - .../GlobalClientAddonsSamlpLogoutGetArgs.cs | 25 - ...tackProtectionBreachedPasswordDetection.cs | 49 + .../AttackProtectionBruteForceProtection.cs | 56 + .../AttackProtectionSuspiciousIpThrottling.cs | 56 + ...rotectionSuspiciousIpThrottlingPreLogin.cs | 32 + ...spiciousIpThrottlingPreUserRegistration.cs | 32 + sdk/dotnet/Outputs/ClientAddonsSamlp.cs | 4 +- sdk/dotnet/Outputs/ClientAddonsSamlpLogout.cs | 35 - .../GetClientAddonSamlpLogoutResult.cs | 29 - .../Outputs/GetClientAddonSamlpResult.cs | 4 +- .../GetGlobalClientAddonSamlpLogoutResult.cs | 29 - .../GetGlobalClientAddonSamlpResult.cs | 4 +- sdk/dotnet/Outputs/GlobalClientAddonsSamlp.cs | 4 +- .../Outputs/GlobalClientAddonsSamlpLogout.cs | 29 - sdk/go/auth0/attackProtection.go | 299 +++ sdk/go/auth0/client.go | 16 +- sdk/go/auth0/connection.go | 10 + sdk/go/auth0/getClient.go | 5 + sdk/go/auth0/getGlobalClient.go | 5 + sdk/go/auth0/getTenant.go | 49 + sdk/go/auth0/init.go | 7 + sdk/go/auth0/pulumiTypes.go | 1646 +++++++++++------ sdk/nodejs/attackProtection.ts | 166 ++ sdk/nodejs/client.ts | 12 +- sdk/nodejs/connection.ts | 14 + sdk/nodejs/getClient.ts | 1 + sdk/nodejs/getGlobalClient.ts | 1 + sdk/nodejs/getTenant.ts | 45 + sdk/nodejs/index.ts | 6 + sdk/nodejs/tsconfig.json | 2 + sdk/nodejs/types/input.ts | 102 +- sdk/nodejs/types/output.ts | 130 +- sdk/python/pulumi_auth0/__init__.py | 10 + sdk/python/pulumi_auth0/_inputs.py | 404 +++- sdk/python/pulumi_auth0/attack_protection.py | 347 ++++ sdk/python/pulumi_auth0/client.py | 24 +- sdk/python/pulumi_auth0/connection.py | 47 + sdk/python/pulumi_auth0/get_client.py | 12 +- sdk/python/pulumi_auth0/get_global_client.py | 12 +- sdk/python/pulumi_auth0/get_tenant.py | 92 + sdk/python/pulumi_auth0/outputs.py | 485 +++-- 68 files changed, 4486 insertions(+), 1208 deletions(-) create mode 100644 sdk/dotnet/AttackProtection.cs create mode 100644 sdk/dotnet/GetTenant.cs create mode 100644 sdk/dotnet/Inputs/AttackProtectionBreachedPasswordDetectionArgs.cs create mode 100644 sdk/dotnet/Inputs/AttackProtectionBreachedPasswordDetectionGetArgs.cs create mode 100644 sdk/dotnet/Inputs/AttackProtectionBruteForceProtectionArgs.cs create mode 100644 sdk/dotnet/Inputs/AttackProtectionBruteForceProtectionGetArgs.cs create mode 100644 sdk/dotnet/Inputs/AttackProtectionSuspiciousIpThrottlingArgs.cs create mode 100644 sdk/dotnet/Inputs/AttackProtectionSuspiciousIpThrottlingGetArgs.cs create mode 100644 sdk/dotnet/Inputs/AttackProtectionSuspiciousIpThrottlingPreLoginArgs.cs create mode 100644 sdk/dotnet/Inputs/AttackProtectionSuspiciousIpThrottlingPreLoginGetArgs.cs create mode 100644 sdk/dotnet/Inputs/AttackProtectionSuspiciousIpThrottlingPreUserRegistrationArgs.cs create mode 100644 sdk/dotnet/Inputs/AttackProtectionSuspiciousIpThrottlingPreUserRegistrationGetArgs.cs delete mode 100644 sdk/dotnet/Inputs/ClientAddonsSamlpLogoutArgs.cs delete mode 100644 sdk/dotnet/Inputs/ClientAddonsSamlpLogoutGetArgs.cs delete mode 100644 sdk/dotnet/Inputs/GlobalClientAddonsSamlpLogoutArgs.cs delete mode 100644 sdk/dotnet/Inputs/GlobalClientAddonsSamlpLogoutGetArgs.cs create mode 100644 sdk/dotnet/Outputs/AttackProtectionBreachedPasswordDetection.cs create mode 100644 sdk/dotnet/Outputs/AttackProtectionBruteForceProtection.cs create mode 100644 sdk/dotnet/Outputs/AttackProtectionSuspiciousIpThrottling.cs create mode 100644 sdk/dotnet/Outputs/AttackProtectionSuspiciousIpThrottlingPreLogin.cs create mode 100644 sdk/dotnet/Outputs/AttackProtectionSuspiciousIpThrottlingPreUserRegistration.cs delete mode 100644 sdk/dotnet/Outputs/ClientAddonsSamlpLogout.cs delete mode 100644 sdk/dotnet/Outputs/GetClientAddonSamlpLogoutResult.cs delete mode 100644 sdk/dotnet/Outputs/GetGlobalClientAddonSamlpLogoutResult.cs delete mode 100644 sdk/dotnet/Outputs/GlobalClientAddonsSamlpLogout.cs create mode 100644 sdk/go/auth0/attackProtection.go create mode 100644 sdk/go/auth0/getTenant.go create mode 100644 sdk/nodejs/attackProtection.ts create mode 100644 sdk/nodejs/getTenant.ts create mode 100644 sdk/python/pulumi_auth0/attack_protection.py create mode 100644 sdk/python/pulumi_auth0/get_tenant.py diff --git a/provider/cmd/pulumi-resource-auth0/schema.json b/provider/cmd/pulumi-resource-auth0/schema.json index bafff2e3..0f3631f7 100644 --- a/provider/cmd/pulumi-resource-auth0/schema.json +++ b/provider/cmd/pulumi-resource-auth0/schema.json @@ -121,6 +121,209 @@ "version" ] }, + "auth0:index/AttackProtectionBreachedPasswordDetection:AttackProtectionBreachedPasswordDetection": { + "properties": { + "adminNotificationFrequencies": { + "type": "array", + "items": { + "type": "string" + }, + "description": "When \"admin_notification\" is enabled, determines how often email notifications are sent. Possible values: `immediately`, `daily`, `weekly`, `monthly`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "enabled": { + "type": "boolean", + "description": "Whether or not breached password detection is active.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "type": "string", + "description": "The subscription level for breached password detection methods. Use \"enhanced\" to enable Credential Guard. Possible values: `standard`, `enhanced`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "shields": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Action to take when a breached password is detected. Possible values: `block`, `user_notification`, `admin_notification`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "auth0:index/AttackProtectionBruteForceProtection:AttackProtectionBruteForceProtection": { + "properties": { + "allowlists": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of trusted IP addresses that will not have attack protection enforced against them.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "enabled": { + "type": "boolean", + "description": "Whether or not breached password detection is active.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "maxAttempts": { + "type": "integer", + "description": "Maximum number of unsuccessful attempts. Only available on public tenants.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "mode": { + "type": "string", + "description": "Determines whether or not IP address is used when counting failed attempts. Possible values: `count_per_identifier_and_ip` or `count_per_identifier`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "shields": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Action to take when a breached password is detected. Possible values: `block`, `user_notification`, `admin_notification`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "auth0:index/AttackProtectionSuspiciousIpThrottling:AttackProtectionSuspiciousIpThrottling": { + "properties": { + "allowlists": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of trusted IP addresses that will not have attack protection enforced against them.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "enabled": { + "type": "boolean", + "description": "Whether or not breached password detection is active.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "preLogin": { + "$ref": "#/types/auth0:index/AttackProtectionSuspiciousIpThrottlingPreLogin:AttackProtectionSuspiciousIpThrottlingPreLogin", + "description": "Configuration options that apply before every login attempt. Only available on public tenants.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "preUserRegistration": { + "$ref": "#/types/auth0:index/AttackProtectionSuspiciousIpThrottlingPreUserRegistration:AttackProtectionSuspiciousIpThrottlingPreUserRegistration", + "description": "Configuration options that apply before every user registration attempt. Only available on public tenants.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "shields": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Action to take when a breached password is detected. Possible values: `block`, `user_notification`, `admin_notification`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "auth0:index/AttackProtectionSuspiciousIpThrottlingPreLogin:AttackProtectionSuspiciousIpThrottlingPreLogin": { + "properties": { + "maxAttempts": { + "type": "integer", + "description": "Maximum number of unsuccessful attempts. Only available on public tenants.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "rate": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "auth0:index/AttackProtectionSuspiciousIpThrottlingPreUserRegistration:AttackProtectionSuspiciousIpThrottlingPreUserRegistration": { + "properties": { + "maxAttempts": { + "type": "integer", + "description": "Maximum number of unsuccessful attempts. Only available on public tenants.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "rate": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, "auth0:index/BrandingColors:BrandingColors": { "properties": { "pageBackground": { @@ -530,7 +733,14 @@ } } }, - "type": "object" + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "samlp" + ] + } + } }, "auth0:index/ClientAddonsSamlp:ClientAddonsSamlp": { "properties": { @@ -607,7 +817,10 @@ } }, "logout": { - "$ref": "#/types/auth0:index/ClientAddonsSamlpLogout:ClientAddonsSamlpLogout", + "type": "object", + "additionalProperties": { + "$ref": "pulumi.json#/Any" + }, "description": "Map(Resource). Configuration settings for logout. For details, see Logout.\n", "language": { "python": { @@ -723,29 +936,6 @@ }, "type": "object" }, - "auth0:index/ClientAddonsSamlpLogout:ClientAddonsSamlpLogout": { - "properties": { - "callback": { - "type": "string", - "description": "String. Service provider's Single Logout Service URL, to which Auth0 will send logout requests and responses.\n", - "language": { - "python": { - "mapCase": false - } - } - }, - "sloEnabled": { - "type": "boolean", - "description": "Boolean. Indicates whether or not Auth0 should notify service providers of session termination.\n", - "language": { - "python": { - "mapCase": false - } - } - } - }, - "type": "object" - }, "auth0:index/ClientJwtConfiguration:ClientJwtConfiguration": { "properties": { "alg": { @@ -1693,9 +1883,14 @@ "language": { "nodejs": { "requiredOutputs": [ + "allowedAudiences", + "domainAliases", + "ips", + "mfa", "nonPersistentAttrs", "passwordHistories", "passwordPolicy", + "scopes", "setUserRootAttributes", "strategyVersion" ] @@ -2361,7 +2556,14 @@ } } }, - "type": "object" + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "samlp" + ] + } + } }, "auth0:index/GlobalClientAddonsSamlp:GlobalClientAddonsSamlp": { "properties": { @@ -2430,7 +2632,10 @@ } }, "logout": { - "$ref": "#/types/auth0:index/GlobalClientAddonsSamlpLogout:GlobalClientAddonsSamlpLogout", + "type": "object", + "additionalProperties": { + "$ref": "pulumi.json#/Any" + }, "language": { "python": { "mapCase": false @@ -2534,27 +2739,6 @@ }, "type": "object" }, - "auth0:index/GlobalClientAddonsSamlpLogout:GlobalClientAddonsSamlpLogout": { - "properties": { - "callback": { - "type": "string", - "language": { - "python": { - "mapCase": false - } - } - }, - "sloEnabled": { - "type": "boolean", - "language": { - "python": { - "mapCase": false - } - } - } - }, - "type": "object" - }, "auth0:index/GlobalClientJwtConfiguration:GlobalClientJwtConfiguration": { "properties": { "alg": { @@ -3858,7 +4042,10 @@ } }, "logout": { - "$ref": "#/types/auth0:index/getClientAddonSamlpLogout:getClientAddonSamlpLogout", + "type": "object", + "additionalProperties": { + "$ref": "pulumi.json#/Any" + }, "language": { "python": { "mapCase": false @@ -3989,27 +4176,6 @@ } } }, - "auth0:index/getClientAddonSamlpLogout:getClientAddonSamlpLogout": { - "properties": { - "callback": { - "type": "string", - "language": { - "python": { - "mapCase": false - } - } - }, - "sloEnabled": { - "type": "boolean", - "language": { - "python": { - "mapCase": false - } - } - } - }, - "type": "object" - }, "auth0:index/getClientJwtConfiguration:getClientJwtConfiguration": { "properties": { "alg": { @@ -4728,7 +4894,10 @@ } }, "logout": { - "$ref": "#/types/auth0:index/getGlobalClientAddonSamlpLogout:getGlobalClientAddonSamlpLogout", + "type": "object", + "additionalProperties": { + "$ref": "pulumi.json#/Any" + }, "language": { "python": { "mapCase": false @@ -4859,27 +5028,6 @@ } } }, - "auth0:index/getGlobalClientAddonSamlpLogout:getGlobalClientAddonSamlpLogout": { - "properties": { - "callback": { - "type": "string", - "language": { - "python": { - "mapCase": false - } - } - }, - "sloEnabled": { - "type": "boolean", - "language": { - "python": { - "mapCase": false - } - } - } - }, - "type": "object" - }, "auth0:index/getGlobalClientJwtConfiguration:getGlobalClientJwtConfiguration": { "properties": { "alg": { @@ -5367,6 +5515,60 @@ "type": "object" } }, + "auth0:index/attackProtection:AttackProtection": { + "description": "Auth0 can detect attacks and stop malicious attempts to access your application such as blocking traffic from certain IPs and displaying CAPTCHA\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as auth0 from \"@pulumi/auth0\";\n\nconst attackProtection = new auth0.AttackProtection(\"attack_protection\", {\n breachedPasswordDetection: {\n adminNotificationFrequencies: [\"daily\"],\n enabled: true,\n method: \"standard\",\n shields: [\n \"admin_notification\",\n \"block\",\n ],\n },\n bruteForceProtection: {\n allowlists: [\"127.0.0.1\"],\n enabled: true,\n maxAttempts: 5,\n mode: \"count_per_identifier_and_ip\",\n shields: [\n \"block\",\n \"user_notification\",\n ],\n },\n suspiciousIpThrottling: {\n allowlists: [\"192.168.1.1\"],\n enabled: true,\n preLogin: {\n maxAttempts: 100,\n rate: 864000,\n },\n preUserRegistration: {\n maxAttempts: 50,\n rate: 1200,\n },\n shields: [\n \"admin_notification\",\n \"block\",\n ],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_auth0 as auth0\n\nattack_protection = auth0.AttackProtection(\"attackProtection\",\n breached_password_detection=auth0.AttackProtectionBreachedPasswordDetectionArgs(\n admin_notification_frequencies=[\"daily\"],\n enabled=True,\n method=\"standard\",\n shields=[\n \"admin_notification\",\n \"block\",\n ],\n ),\n brute_force_protection=auth0.AttackProtectionBruteForceProtectionArgs(\n allowlists=[\"127.0.0.1\"],\n enabled=True,\n max_attempts=5,\n mode=\"count_per_identifier_and_ip\",\n shields=[\n \"block\",\n \"user_notification\",\n ],\n ),\n suspicious_ip_throttling=auth0.AttackProtectionSuspiciousIpThrottlingArgs(\n allowlists=[\"192.168.1.1\"],\n enabled=True,\n pre_login=auth0.AttackProtectionSuspiciousIpThrottlingPreLoginArgs(\n max_attempts=100,\n rate=864000,\n ),\n pre_user_registration=auth0.AttackProtectionSuspiciousIpThrottlingPreUserRegistrationArgs(\n max_attempts=50,\n rate=1200,\n ),\n shields=[\n \"admin_notification\",\n \"block\",\n ],\n ))\n```\n```csharp\nusing Pulumi;\nusing Auth0 = Pulumi.Auth0;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var attackProtection = new Auth0.AttackProtection(\"attackProtection\", new Auth0.AttackProtectionArgs\n {\n BreachedPasswordDetection = new Auth0.Inputs.AttackProtectionBreachedPasswordDetectionArgs\n {\n AdminNotificationFrequencies = \n {\n \"daily\",\n },\n Enabled = true,\n Method = \"standard\",\n Shields = \n {\n \"admin_notification\",\n \"block\",\n },\n },\n BruteForceProtection = new Auth0.Inputs.AttackProtectionBruteForceProtectionArgs\n {\n Allowlists = \n {\n \"127.0.0.1\",\n },\n Enabled = true,\n MaxAttempts = 5,\n Mode = \"count_per_identifier_and_ip\",\n Shields = \n {\n \"block\",\n \"user_notification\",\n },\n },\n SuspiciousIpThrottling = new Auth0.Inputs.AttackProtectionSuspiciousIpThrottlingArgs\n {\n Allowlists = \n {\n \"192.168.1.1\",\n },\n Enabled = true,\n PreLogin = new Auth0.Inputs.AttackProtectionSuspiciousIpThrottlingPreLoginArgs\n {\n MaxAttempts = 100,\n Rate = 864000,\n },\n PreUserRegistration = new Auth0.Inputs.AttackProtectionSuspiciousIpThrottlingPreUserRegistrationArgs\n {\n MaxAttempts = 50,\n Rate = 1200,\n },\n Shields = \n {\n \"admin_notification\",\n \"block\",\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-auth0/sdk/v2/go/auth0\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := auth0.NewAttackProtection(ctx, \"attackProtection\", \u0026auth0.AttackProtectionArgs{\n\t\t\tBreachedPasswordDetection: \u0026AttackProtectionBreachedPasswordDetectionArgs{\n\t\t\t\tAdminNotificationFrequencies: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"daily\"),\n\t\t\t\t},\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\tMethod: pulumi.String(\"standard\"),\n\t\t\t\tShields: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"admin_notification\"),\n\t\t\t\t\tpulumi.String(\"block\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tBruteForceProtection: \u0026AttackProtectionBruteForceProtectionArgs{\n\t\t\t\tAllowlists: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"127.0.0.1\"),\n\t\t\t\t},\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\tMaxAttempts: pulumi.Int(5),\n\t\t\t\tMode: pulumi.String(\"count_per_identifier_and_ip\"),\n\t\t\t\tShields: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"block\"),\n\t\t\t\t\tpulumi.String(\"user_notification\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tSuspiciousIpThrottling: \u0026AttackProtectionSuspiciousIpThrottlingArgs{\n\t\t\t\tAllowlists: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"192.168.1.1\"),\n\t\t\t\t},\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\tPreLogin: \u0026AttackProtectionSuspiciousIpThrottlingPreLoginArgs{\n\t\t\t\t\tMaxAttempts: pulumi.Int(100),\n\t\t\t\t\tRate: pulumi.Int(864000),\n\t\t\t\t},\n\t\t\t\tPreUserRegistration: \u0026AttackProtectionSuspiciousIpThrottlingPreUserRegistrationArgs{\n\t\t\t\t\tMaxAttempts: pulumi.Int(50),\n\t\t\t\t\tRate: pulumi.Int(1200),\n\t\t\t\t},\n\t\t\t\tShields: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"admin_notification\"),\n\t\t\t\t\tpulumi.String(\"block\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAs this is not a resource identifiable by an ID within the Auth0 Management API, guardian can be imported using a random string. We recommend [Version 4 UUID](https://www.uuidgenerator.net/version4) e.g.\n\n```sh\n $ pulumi import auth0:index/attackProtection:AttackProtection default 24940d4b-4bd4-44e7-894e-f92e4de36a40\n```\n\n ", + "properties": { + "breachedPasswordDetection": { + "$ref": "#/types/auth0:index/AttackProtectionBreachedPasswordDetection:AttackProtectionBreachedPasswordDetection", + "description": "Breached password detection protects your applications from bad actors logging in with stolen credentials.\n" + }, + "bruteForceProtection": { + "$ref": "#/types/auth0:index/AttackProtectionBruteForceProtection:AttackProtectionBruteForceProtection", + "description": "Safeguards against a single IP address attacking a single user account.\n" + }, + "suspiciousIpThrottling": { + "$ref": "#/types/auth0:index/AttackProtectionSuspiciousIpThrottling:AttackProtectionSuspiciousIpThrottling", + "description": "Suspicious IP throttling blocks traffic from any IP address that rapidly attempts too many logins or signups.\n" + } + }, + "required": [ + "breachedPasswordDetection", + "bruteForceProtection", + "suspiciousIpThrottling" + ], + "inputProperties": { + "breachedPasswordDetection": { + "$ref": "#/types/auth0:index/AttackProtectionBreachedPasswordDetection:AttackProtectionBreachedPasswordDetection", + "description": "Breached password detection protects your applications from bad actors logging in with stolen credentials.\n" + }, + "bruteForceProtection": { + "$ref": "#/types/auth0:index/AttackProtectionBruteForceProtection:AttackProtectionBruteForceProtection", + "description": "Safeguards against a single IP address attacking a single user account.\n" + }, + "suspiciousIpThrottling": { + "$ref": "#/types/auth0:index/AttackProtectionSuspiciousIpThrottling:AttackProtectionSuspiciousIpThrottling", + "description": "Suspicious IP throttling blocks traffic from any IP address that rapidly attempts too many logins or signups.\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering AttackProtection resources.\n", + "properties": { + "breachedPasswordDetection": { + "$ref": "#/types/auth0:index/AttackProtectionBreachedPasswordDetection:AttackProtectionBreachedPasswordDetection", + "description": "Breached password detection protects your applications from bad actors logging in with stolen credentials.\n" + }, + "bruteForceProtection": { + "$ref": "#/types/auth0:index/AttackProtectionBruteForceProtection:AttackProtectionBruteForceProtection", + "description": "Safeguards against a single IP address attacking a single user account.\n" + }, + "suspiciousIpThrottling": { + "$ref": "#/types/auth0:index/AttackProtectionSuspiciousIpThrottling:AttackProtectionSuspiciousIpThrottling", + "description": "Suspicious IP throttling blocks traffic from any IP address that rapidly attempts too many logins or signups.\n" + } + }, + "type": "object" + } + }, "auth0:index/branding:Branding": { "description": "This resource allows you to manage branding within your Auth0 tenant.\n\nAuth0 can be customized with a look and feel that aligns with your organization's brand requirements and user\nexpectations. \n\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as auth0 from \"@pulumi/auth0\";\n\nconst myBrand = new auth0.Branding(\"my_brand\", {\n colors: {\n pageBackground: \"#000000\",\n primary: \"#0059d6\",\n },\n logoUrl: \"https://mycompany.org/logo.png\",\n universalLogin: {\n body: \"\u003c!DOCTYPE html\u003e\u003chtml\u003e\u003chead\u003e{%- auth0:head -%}\u003c/head\u003e\u003cbody\u003e{%- auth0:widget -%}\u003c/body\u003e\u003c/html\u003e\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_auth0 as auth0\n\nmy_brand = auth0.Branding(\"myBrand\",\n colors=auth0.BrandingColorsArgs(\n page_background=\"#000000\",\n primary=\"#0059d6\",\n ),\n logo_url=\"https://mycompany.org/logo.png\",\n universal_login=auth0.BrandingUniversalLoginArgs(\n body=\"\u003c!DOCTYPE html\u003e\u003chtml\u003e\u003chead\u003e{%- auth0:head -%}\u003c/head\u003e\u003cbody\u003e{%- auth0:widget -%}\u003c/body\u003e\u003c/html\u003e\",\n ))\n```\n```csharp\nusing Pulumi;\nusing Auth0 = Pulumi.Auth0;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var myBrand = new Auth0.Branding(\"myBrand\", new Auth0.BrandingArgs\n {\n Colors = new Auth0.Inputs.BrandingColorsArgs\n {\n PageBackground = \"#000000\",\n Primary = \"#0059d6\",\n },\n LogoUrl = \"https://mycompany.org/logo.png\",\n UniversalLogin = new Auth0.Inputs.BrandingUniversalLoginArgs\n {\n Body = \"\u003c!DOCTYPE html\u003e\u003chtml\u003e\u003chead\u003e{%- auth0:head -%}\u003c/head\u003e\u003cbody\u003e{%- auth0:widget -%}\u003c/body\u003e\u003c/html\u003e\",\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-auth0/sdk/v2/go/auth0\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := auth0.NewBranding(ctx, \"myBrand\", \u0026auth0.BrandingArgs{\n\t\t\tColors: \u0026BrandingColorsArgs{\n\t\t\t\tPageBackground: pulumi.String(\"#000000\"),\n\t\t\t\tPrimary: pulumi.String(\"#0059d6\"),\n\t\t\t},\n\t\t\tLogoUrl: pulumi.String(\"https://mycompany.org/logo.png\"),\n\t\t\tUniversalLogin: \u0026BrandingUniversalLoginArgs{\n\t\t\t\tBody: pulumi.String(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v\", \"\u003c!DOCTYPE html\u003e\u003chtml\u003e\u003chead\u003e{\", \"%\", \"- auth0:head -\", \"%\", \"}\u003c/head\u003e\u003cbody\u003e{\", \"%\", \"- auth0:widget -\", \"%\", \"}\u003c/body\u003e\u003c/html\u003e\")),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", "properties": { @@ -5445,7 +5647,7 @@ } }, "auth0:index/client:Client": { - "description": "With this resource, you can set up applications that use Auth0 for authentication and configure allowed callback URLs and secrets for these applications. Depending on your plan, you may also configure add-ons to allow your application to call another application's API (such as Firebase and AWS) on behalf of an authenticated user.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as auth0 from \"@pulumi/auth0\";\n\nconst myClient = new auth0.Client(\"my_client\", {\n addons: {\n firebase: {\n client_email: \"john.doe@example.com\",\n lifetime_in_seconds: 1,\n private_key: \"wer\",\n private_key_id: \"qwreerwerwe\",\n },\n samlp: {\n audience: \"https://example.com/saml\",\n createUpnClaim: false,\n mapIdentities: false,\n mapUnknownClaimsAsIs: false,\n mappings: {\n email: \"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress\",\n name: \"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name\",\n },\n nameIdentifierFormat: \"urn:oasis:names:tc:SAML:2.0:nameid-format:persistent\",\n nameIdentifierProbes: [\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress\"],\n passthroughClaimsWithNoMapping: false,\n signingCert: \"pemcertificate\",\n },\n },\n allowedClients: [\"https://allowed.example.com\"],\n allowedLogoutUrls: [\"https://example.com\"],\n allowedOrigins: [\"https://example.com\"],\n appType: \"non_interactive\",\n callbacks: [\"https://example.com/callback\"],\n clientMetadata: {\n foo: \"zoo\",\n },\n customLoginPageOn: true,\n description: \"Test Applications Long Description\",\n grantTypes: [\n \"authorization_code\",\n \"http://auth0.com/oauth/grant-type/password-realm\",\n \"implicit\",\n \"password\",\n \"refresh_token\",\n ],\n initiateLoginUri: \"https://example.com/login\",\n isFirstParty: true,\n isTokenEndpointIpHeaderTrusted: true,\n jwtConfiguration: {\n alg: \"RS256\",\n lifetimeInSeconds: 300,\n scopes: {\n foo: \"bar\",\n },\n secretEncoded: true,\n },\n mobile: {\n ios: {\n appBundleIdentifier: \"com.my.bundle.id\",\n teamId: \"9JA89QQLNQ\",\n },\n },\n oidcConformant: false,\n organizationRequireBehavior: \"no_prompt\",\n organizationUsage: \"deny\",\n refreshToken: {\n expirationType: \"expiring\",\n idleTokenLifetime: 1296000,\n infiniteIdleTokenLifetime: true,\n infiniteTokenLifetime: false,\n leeway: 15,\n rotationType: \"rotating\",\n tokenLifetime: 84600,\n },\n tokenEndpointAuthMethod: \"client_secret_post\",\n webOrigins: [\"https://example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_auth0 as auth0\n\nmy_client = auth0.Client(\"myClient\",\n addons=auth0.ClientAddonsArgs(\n firebase={\n \"clientEmail\": \"john.doe@example.com\",\n \"lifetimeInSeconds\": 1,\n \"privateKey\": \"wer\",\n \"privateKeyId\": \"qwreerwerwe\",\n },\n samlp=auth0.ClientAddonsSamlpArgs(\n audience=\"https://example.com/saml\",\n create_upn_claim=False,\n map_identities=False,\n map_unknown_claims_as_is=False,\n mappings={\n \"email\": \"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress\",\n \"name\": \"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name\",\n },\n name_identifier_format=\"urn:oasis:names:tc:SAML:2.0:nameid-format:persistent\",\n name_identifier_probes=[\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress\"],\n passthrough_claims_with_no_mapping=False,\n signing_cert=\"pemcertificate\",\n ),\n ),\n allowed_clients=[\"https://allowed.example.com\"],\n allowed_logout_urls=[\"https://example.com\"],\n allowed_origins=[\"https://example.com\"],\n app_type=\"non_interactive\",\n callbacks=[\"https://example.com/callback\"],\n client_metadata={\n \"foo\": \"zoo\",\n },\n custom_login_page_on=True,\n description=\"Test Applications Long Description\",\n grant_types=[\n \"authorization_code\",\n \"http://auth0.com/oauth/grant-type/password-realm\",\n \"implicit\",\n \"password\",\n \"refresh_token\",\n ],\n initiate_login_uri=\"https://example.com/login\",\n is_first_party=True,\n is_token_endpoint_ip_header_trusted=True,\n jwt_configuration=auth0.ClientJwtConfigurationArgs(\n alg=\"RS256\",\n lifetime_in_seconds=300,\n scopes={\n \"foo\": \"bar\",\n },\n secret_encoded=True,\n ),\n mobile=auth0.ClientMobileArgs(\n ios=auth0.ClientMobileIosArgs(\n app_bundle_identifier=\"com.my.bundle.id\",\n team_id=\"9JA89QQLNQ\",\n ),\n ),\n oidc_conformant=False,\n organization_require_behavior=\"no_prompt\",\n organization_usage=\"deny\",\n refresh_token=auth0.ClientRefreshTokenArgs(\n expiration_type=\"expiring\",\n idle_token_lifetime=1296000,\n infinite_idle_token_lifetime=True,\n infinite_token_lifetime=False,\n leeway=15,\n rotation_type=\"rotating\",\n token_lifetime=84600,\n ),\n token_endpoint_auth_method=\"client_secret_post\",\n web_origins=[\"https://example.com\"])\n```\n```csharp\nusing Pulumi;\nusing Auth0 = Pulumi.Auth0;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var myClient = new Auth0.Client(\"myClient\", new Auth0.ClientArgs\n {\n Addons = new Auth0.Inputs.ClientAddonsArgs\n {\n Firebase = \n {\n { \"clientEmail\", \"john.doe@example.com\" },\n { \"lifetimeInSeconds\", 1 },\n { \"privateKey\", \"wer\" },\n { \"privateKeyId\", \"qwreerwerwe\" },\n },\n Samlp = new Auth0.Inputs.ClientAddonsSamlpArgs\n {\n Audience = \"https://example.com/saml\",\n CreateUpnClaim = false,\n MapIdentities = false,\n MapUnknownClaimsAsIs = false,\n Mappings = \n {\n { \"email\", \"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress\" },\n { \"name\", \"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name\" },\n },\n NameIdentifierFormat = \"urn:oasis:names:tc:SAML:2.0:nameid-format:persistent\",\n NameIdentifierProbes = \n {\n \"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress\",\n },\n PassthroughClaimsWithNoMapping = false,\n SigningCert = \"pemcertificate\",\n },\n },\n AllowedClients = \n {\n \"https://allowed.example.com\",\n },\n AllowedLogoutUrls = \n {\n \"https://example.com\",\n },\n AllowedOrigins = \n {\n \"https://example.com\",\n },\n AppType = \"non_interactive\",\n Callbacks = \n {\n \"https://example.com/callback\",\n },\n ClientMetadata = \n {\n { \"foo\", \"zoo\" },\n },\n CustomLoginPageOn = true,\n Description = \"Test Applications Long Description\",\n GrantTypes = \n {\n \"authorization_code\",\n \"http://auth0.com/oauth/grant-type/password-realm\",\n \"implicit\",\n \"password\",\n \"refresh_token\",\n },\n InitiateLoginUri = \"https://example.com/login\",\n IsFirstParty = true,\n IsTokenEndpointIpHeaderTrusted = true,\n JwtConfiguration = new Auth0.Inputs.ClientJwtConfigurationArgs\n {\n Alg = \"RS256\",\n LifetimeInSeconds = 300,\n Scopes = \n {\n { \"foo\", \"bar\" },\n },\n SecretEncoded = true,\n },\n Mobile = new Auth0.Inputs.ClientMobileArgs\n {\n Ios = new Auth0.Inputs.ClientMobileIosArgs\n {\n AppBundleIdentifier = \"com.my.bundle.id\",\n TeamId = \"9JA89QQLNQ\",\n },\n },\n OidcConformant = false,\n OrganizationRequireBehavior = \"no_prompt\",\n OrganizationUsage = \"deny\",\n RefreshToken = new Auth0.Inputs.ClientRefreshTokenArgs\n {\n ExpirationType = \"expiring\",\n IdleTokenLifetime = 1296000,\n InfiniteIdleTokenLifetime = true,\n InfiniteTokenLifetime = false,\n Leeway = 15,\n RotationType = \"rotating\",\n TokenLifetime = 84600,\n },\n TokenEndpointAuthMethod = \"client_secret_post\",\n WebOrigins = \n {\n \"https://example.com\",\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-auth0/sdk/v2/go/auth0\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := auth0.NewClient(ctx, \"myClient\", \u0026auth0.ClientArgs{\n\t\t\tAddons: \u0026ClientAddonsArgs{\n\t\t\t\tFirebase: pulumi.AnyMap{\n\t\t\t\t\t\"clientEmail\": pulumi.Any(\"john.doe@example.com\"),\n\t\t\t\t\t\"lifetimeInSeconds\": pulumi.Any(1),\n\t\t\t\t\t\"privateKey\": pulumi.Any(\"wer\"),\n\t\t\t\t\t\"privateKeyId\": pulumi.Any(\"qwreerwerwe\"),\n\t\t\t\t},\n\t\t\t\tSamlp: \u0026ClientAddonsSamlpArgs{\n\t\t\t\t\tAudience: pulumi.String(\"https://example.com/saml\"),\n\t\t\t\t\tCreateUpnClaim: pulumi.Bool(false),\n\t\t\t\t\tMapIdentities: pulumi.Bool(false),\n\t\t\t\t\tMapUnknownClaimsAsIs: pulumi.Bool(false),\n\t\t\t\t\tMappings: pulumi.AnyMap{\n\t\t\t\t\t\t\"email\": pulumi.Any(\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress\"),\n\t\t\t\t\t\t\"name\": pulumi.Any(\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name\"),\n\t\t\t\t\t},\n\t\t\t\t\tNameIdentifierFormat: pulumi.String(\"urn:oasis:names:tc:SAML:2.0:nameid-format:persistent\"),\n\t\t\t\t\tNameIdentifierProbes: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress\"),\n\t\t\t\t\t},\n\t\t\t\t\tPassthroughClaimsWithNoMapping: pulumi.Bool(false),\n\t\t\t\t\tSigningCert: pulumi.String(\"pemcertificate\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tAllowedClients: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"https://allowed.example.com\"),\n\t\t\t},\n\t\t\tAllowedLogoutUrls: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"https://example.com\"),\n\t\t\t},\n\t\t\tAllowedOrigins: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"https://example.com\"),\n\t\t\t},\n\t\t\tAppType: pulumi.String(\"non_interactive\"),\n\t\t\tCallbacks: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"https://example.com/callback\"),\n\t\t\t},\n\t\t\tClientMetadata: pulumi.AnyMap{\n\t\t\t\t\"foo\": pulumi.Any(\"zoo\"),\n\t\t\t},\n\t\t\tCustomLoginPageOn: pulumi.Bool(true),\n\t\t\tDescription: pulumi.String(\"Test Applications Long Description\"),\n\t\t\tGrantTypes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"authorization_code\"),\n\t\t\t\tpulumi.String(\"http://auth0.com/oauth/grant-type/password-realm\"),\n\t\t\t\tpulumi.String(\"implicit\"),\n\t\t\t\tpulumi.String(\"password\"),\n\t\t\t\tpulumi.String(\"refresh_token\"),\n\t\t\t},\n\t\t\tInitiateLoginUri: pulumi.String(\"https://example.com/login\"),\n\t\t\tIsFirstParty: pulumi.Bool(true),\n\t\t\tIsTokenEndpointIpHeaderTrusted: pulumi.Bool(true),\n\t\t\tJwtConfiguration: \u0026ClientJwtConfigurationArgs{\n\t\t\t\tAlg: pulumi.String(\"RS256\"),\n\t\t\t\tLifetimeInSeconds: pulumi.Int(300),\n\t\t\t\tScopes: pulumi.StringMap{\n\t\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t\t},\n\t\t\t\tSecretEncoded: pulumi.Bool(true),\n\t\t\t},\n\t\t\tMobile: \u0026ClientMobileArgs{\n\t\t\t\tIos: \u0026ClientMobileIosArgs{\n\t\t\t\t\tAppBundleIdentifier: pulumi.String(\"com.my.bundle.id\"),\n\t\t\t\t\tTeamId: pulumi.String(\"9JA89QQLNQ\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tOidcConformant: pulumi.Bool(false),\n\t\t\tOrganizationRequireBehavior: pulumi.String(\"no_prompt\"),\n\t\t\tOrganizationUsage: pulumi.String(\"deny\"),\n\t\t\tRefreshToken: \u0026ClientRefreshTokenArgs{\n\t\t\t\tExpirationType: pulumi.String(\"expiring\"),\n\t\t\t\tIdleTokenLifetime: pulumi.Int(1296000),\n\t\t\t\tInfiniteIdleTokenLifetime: pulumi.Bool(true),\n\t\t\t\tInfiniteTokenLifetime: pulumi.Bool(false),\n\t\t\t\tLeeway: pulumi.Int(15),\n\t\t\t\tRotationType: pulumi.String(\"rotating\"),\n\t\t\t\tTokenLifetime: pulumi.Int(84600),\n\t\t\t},\n\t\t\tTokenEndpointAuthMethod: pulumi.String(\"client_secret_post\"),\n\t\t\tWebOrigins: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"https://example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nA client can be imported using the client's ID, e.g.\n\n```sh\n $ pulumi import auth0:index/client:Client my_client AaiyAPdpYdesoKnqjj8HJqRn4T5titww\n```\n\n ", + "description": "With this resource, you can set up applications that use Auth0 for authentication and configure allowed callback URLs and secrets for these applications. Depending on your plan, you may also configure add-ons to allow your application to call another application's API (such as Firebase and AWS) on behalf of an authenticated user.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as auth0 from \"@pulumi/auth0\";\n\nconst myClient = new auth0.Client(\"my_client\", {\n addons: {\n firebase: {\n client_email: \"john.doe@example.com\",\n lifetime_in_seconds: 1,\n private_key: \"wer\",\n private_key_id: \"qwreerwerwe\",\n },\n samlp: {\n audience: \"https://example.com/saml\",\n createUpnClaim: false,\n mapIdentities: false,\n mapUnknownClaimsAsIs: false,\n mappings: {\n email: \"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress\",\n name: \"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name\",\n },\n nameIdentifierFormat: \"urn:oasis:names:tc:SAML:2.0:nameid-format:persistent\",\n nameIdentifierProbes: [\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress\"],\n passthroughClaimsWithNoMapping: false,\n signingCert: \"pemcertificate\",\n },\n },\n allowedClients: [\"https://allowed.example.com\"],\n allowedLogoutUrls: [\"https://example.com\"],\n allowedOrigins: [\"https://example.com\"],\n appType: \"non_interactive\",\n callbacks: [\"https://example.com/callback\"],\n clientMetadata: {\n foo: \"zoo\",\n },\n clientSecretRotationTrigger: {\n triggered_at: \"2018-01-02T23:12:01Z\",\n triggered_by: \"auth0\",\n },\n customLoginPageOn: true,\n description: \"Test Applications Long Description\",\n grantTypes: [\n \"authorization_code\",\n \"http://auth0.com/oauth/grant-type/password-realm\",\n \"implicit\",\n \"password\",\n \"refresh_token\",\n ],\n initiateLoginUri: \"https://example.com/login\",\n isFirstParty: true,\n isTokenEndpointIpHeaderTrusted: true,\n jwtConfiguration: {\n alg: \"RS256\",\n lifetimeInSeconds: 300,\n scopes: {\n foo: \"bar\",\n },\n secretEncoded: true,\n },\n mobile: {\n ios: {\n appBundleIdentifier: \"com.my.bundle.id\",\n teamId: \"9JA89QQLNQ\",\n },\n },\n oidcConformant: false,\n organizationRequireBehavior: \"no_prompt\",\n organizationUsage: \"deny\",\n refreshToken: {\n expirationType: \"expiring\",\n idleTokenLifetime: 1296000,\n infiniteIdleTokenLifetime: true,\n infiniteTokenLifetime: false,\n leeway: 15,\n rotationType: \"rotating\",\n tokenLifetime: 84600,\n },\n tokenEndpointAuthMethod: \"client_secret_post\",\n webOrigins: [\"https://example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_auth0 as auth0\n\nmy_client = auth0.Client(\"myClient\",\n addons=auth0.ClientAddonsArgs(\n firebase={\n \"clientEmail\": \"john.doe@example.com\",\n \"lifetimeInSeconds\": 1,\n \"privateKey\": \"wer\",\n \"privateKeyId\": \"qwreerwerwe\",\n },\n samlp=auth0.ClientAddonsSamlpArgs(\n audience=\"https://example.com/saml\",\n create_upn_claim=False,\n map_identities=False,\n map_unknown_claims_as_is=False,\n mappings={\n \"email\": \"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress\",\n \"name\": \"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name\",\n },\n name_identifier_format=\"urn:oasis:names:tc:SAML:2.0:nameid-format:persistent\",\n name_identifier_probes=[\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress\"],\n passthrough_claims_with_no_mapping=False,\n signing_cert=\"pemcertificate\",\n ),\n ),\n allowed_clients=[\"https://allowed.example.com\"],\n allowed_logout_urls=[\"https://example.com\"],\n allowed_origins=[\"https://example.com\"],\n app_type=\"non_interactive\",\n callbacks=[\"https://example.com/callback\"],\n client_metadata={\n \"foo\": \"zoo\",\n },\n client_secret_rotation_trigger={\n \"triggered_at\": \"2018-01-02T23:12:01Z\",\n \"triggered_by\": \"auth0\",\n },\n custom_login_page_on=True,\n description=\"Test Applications Long Description\",\n grant_types=[\n \"authorization_code\",\n \"http://auth0.com/oauth/grant-type/password-realm\",\n \"implicit\",\n \"password\",\n \"refresh_token\",\n ],\n initiate_login_uri=\"https://example.com/login\",\n is_first_party=True,\n is_token_endpoint_ip_header_trusted=True,\n jwt_configuration=auth0.ClientJwtConfigurationArgs(\n alg=\"RS256\",\n lifetime_in_seconds=300,\n scopes={\n \"foo\": \"bar\",\n },\n secret_encoded=True,\n ),\n mobile=auth0.ClientMobileArgs(\n ios=auth0.ClientMobileIosArgs(\n app_bundle_identifier=\"com.my.bundle.id\",\n team_id=\"9JA89QQLNQ\",\n ),\n ),\n oidc_conformant=False,\n organization_require_behavior=\"no_prompt\",\n organization_usage=\"deny\",\n refresh_token=auth0.ClientRefreshTokenArgs(\n expiration_type=\"expiring\",\n idle_token_lifetime=1296000,\n infinite_idle_token_lifetime=True,\n infinite_token_lifetime=False,\n leeway=15,\n rotation_type=\"rotating\",\n token_lifetime=84600,\n ),\n token_endpoint_auth_method=\"client_secret_post\",\n web_origins=[\"https://example.com\"])\n```\n```csharp\nusing Pulumi;\nusing Auth0 = Pulumi.Auth0;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var myClient = new Auth0.Client(\"myClient\", new Auth0.ClientArgs\n {\n Addons = new Auth0.Inputs.ClientAddonsArgs\n {\n Firebase = \n {\n { \"clientEmail\", \"john.doe@example.com\" },\n { \"lifetimeInSeconds\", 1 },\n { \"privateKey\", \"wer\" },\n { \"privateKeyId\", \"qwreerwerwe\" },\n },\n Samlp = new Auth0.Inputs.ClientAddonsSamlpArgs\n {\n Audience = \"https://example.com/saml\",\n CreateUpnClaim = false,\n MapIdentities = false,\n MapUnknownClaimsAsIs = false,\n Mappings = \n {\n { \"email\", \"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress\" },\n { \"name\", \"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name\" },\n },\n NameIdentifierFormat = \"urn:oasis:names:tc:SAML:2.0:nameid-format:persistent\",\n NameIdentifierProbes = \n {\n \"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress\",\n },\n PassthroughClaimsWithNoMapping = false,\n SigningCert = \"pemcertificate\",\n },\n },\n AllowedClients = \n {\n \"https://allowed.example.com\",\n },\n AllowedLogoutUrls = \n {\n \"https://example.com\",\n },\n AllowedOrigins = \n {\n \"https://example.com\",\n },\n AppType = \"non_interactive\",\n Callbacks = \n {\n \"https://example.com/callback\",\n },\n ClientMetadata = \n {\n { \"foo\", \"zoo\" },\n },\n ClientSecretRotationTrigger = \n {\n { \"triggered_at\", \"2018-01-02T23:12:01Z\" },\n { \"triggered_by\", \"auth0\" },\n },\n CustomLoginPageOn = true,\n Description = \"Test Applications Long Description\",\n GrantTypes = \n {\n \"authorization_code\",\n \"http://auth0.com/oauth/grant-type/password-realm\",\n \"implicit\",\n \"password\",\n \"refresh_token\",\n },\n InitiateLoginUri = \"https://example.com/login\",\n IsFirstParty = true,\n IsTokenEndpointIpHeaderTrusted = true,\n JwtConfiguration = new Auth0.Inputs.ClientJwtConfigurationArgs\n {\n Alg = \"RS256\",\n LifetimeInSeconds = 300,\n Scopes = \n {\n { \"foo\", \"bar\" },\n },\n SecretEncoded = true,\n },\n Mobile = new Auth0.Inputs.ClientMobileArgs\n {\n Ios = new Auth0.Inputs.ClientMobileIosArgs\n {\n AppBundleIdentifier = \"com.my.bundle.id\",\n TeamId = \"9JA89QQLNQ\",\n },\n },\n OidcConformant = false,\n OrganizationRequireBehavior = \"no_prompt\",\n OrganizationUsage = \"deny\",\n RefreshToken = new Auth0.Inputs.ClientRefreshTokenArgs\n {\n ExpirationType = \"expiring\",\n IdleTokenLifetime = 1296000,\n InfiniteIdleTokenLifetime = true,\n InfiniteTokenLifetime = false,\n Leeway = 15,\n RotationType = \"rotating\",\n TokenLifetime = 84600,\n },\n TokenEndpointAuthMethod = \"client_secret_post\",\n WebOrigins = \n {\n \"https://example.com\",\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-auth0/sdk/v2/go/auth0\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := auth0.NewClient(ctx, \"myClient\", \u0026auth0.ClientArgs{\n\t\t\tAddons: \u0026ClientAddonsArgs{\n\t\t\t\tFirebase: pulumi.AnyMap{\n\t\t\t\t\t\"clientEmail\": pulumi.Any(\"john.doe@example.com\"),\n\t\t\t\t\t\"lifetimeInSeconds\": pulumi.Any(1),\n\t\t\t\t\t\"privateKey\": pulumi.Any(\"wer\"),\n\t\t\t\t\t\"privateKeyId\": pulumi.Any(\"qwreerwerwe\"),\n\t\t\t\t},\n\t\t\t\tSamlp: \u0026ClientAddonsSamlpArgs{\n\t\t\t\t\tAudience: pulumi.String(\"https://example.com/saml\"),\n\t\t\t\t\tCreateUpnClaim: pulumi.Bool(false),\n\t\t\t\t\tMapIdentities: pulumi.Bool(false),\n\t\t\t\t\tMapUnknownClaimsAsIs: pulumi.Bool(false),\n\t\t\t\t\tMappings: pulumi.AnyMap{\n\t\t\t\t\t\t\"email\": pulumi.Any(\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress\"),\n\t\t\t\t\t\t\"name\": pulumi.Any(\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name\"),\n\t\t\t\t\t},\n\t\t\t\t\tNameIdentifierFormat: pulumi.String(\"urn:oasis:names:tc:SAML:2.0:nameid-format:persistent\"),\n\t\t\t\t\tNameIdentifierProbes: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress\"),\n\t\t\t\t\t},\n\t\t\t\t\tPassthroughClaimsWithNoMapping: pulumi.Bool(false),\n\t\t\t\t\tSigningCert: pulumi.String(\"pemcertificate\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tAllowedClients: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"https://allowed.example.com\"),\n\t\t\t},\n\t\t\tAllowedLogoutUrls: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"https://example.com\"),\n\t\t\t},\n\t\t\tAllowedOrigins: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"https://example.com\"),\n\t\t\t},\n\t\t\tAppType: pulumi.String(\"non_interactive\"),\n\t\t\tCallbacks: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"https://example.com/callback\"),\n\t\t\t},\n\t\t\tClientMetadata: pulumi.AnyMap{\n\t\t\t\t\"foo\": pulumi.Any(\"zoo\"),\n\t\t\t},\n\t\t\tClientSecretRotationTrigger: pulumi.AnyMap{\n\t\t\t\t\"triggered_at\": pulumi.Any(\"2018-01-02T23:12:01Z\"),\n\t\t\t\t\"triggered_by\": pulumi.Any(\"auth0\"),\n\t\t\t},\n\t\t\tCustomLoginPageOn: pulumi.Bool(true),\n\t\t\tDescription: pulumi.String(\"Test Applications Long Description\"),\n\t\t\tGrantTypes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"authorization_code\"),\n\t\t\t\tpulumi.String(\"http://auth0.com/oauth/grant-type/password-realm\"),\n\t\t\t\tpulumi.String(\"implicit\"),\n\t\t\t\tpulumi.String(\"password\"),\n\t\t\t\tpulumi.String(\"refresh_token\"),\n\t\t\t},\n\t\t\tInitiateLoginUri: pulumi.String(\"https://example.com/login\"),\n\t\t\tIsFirstParty: pulumi.Bool(true),\n\t\t\tIsTokenEndpointIpHeaderTrusted: pulumi.Bool(true),\n\t\t\tJwtConfiguration: \u0026ClientJwtConfigurationArgs{\n\t\t\t\tAlg: pulumi.String(\"RS256\"),\n\t\t\t\tLifetimeInSeconds: pulumi.Int(300),\n\t\t\t\tScopes: pulumi.StringMap{\n\t\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t\t},\n\t\t\t\tSecretEncoded: pulumi.Bool(true),\n\t\t\t},\n\t\t\tMobile: \u0026ClientMobileArgs{\n\t\t\t\tIos: \u0026ClientMobileIosArgs{\n\t\t\t\t\tAppBundleIdentifier: pulumi.String(\"com.my.bundle.id\"),\n\t\t\t\t\tTeamId: pulumi.String(\"9JA89QQLNQ\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tOidcConformant: pulumi.Bool(false),\n\t\t\tOrganizationRequireBehavior: pulumi.String(\"no_prompt\"),\n\t\t\tOrganizationUsage: pulumi.String(\"deny\"),\n\t\t\tRefreshToken: \u0026ClientRefreshTokenArgs{\n\t\t\t\tExpirationType: pulumi.String(\"expiring\"),\n\t\t\t\tIdleTokenLifetime: pulumi.Int(1296000),\n\t\t\t\tInfiniteIdleTokenLifetime: pulumi.Bool(true),\n\t\t\t\tInfiniteTokenLifetime: pulumi.Bool(false),\n\t\t\t\tLeeway: pulumi.Int(15),\n\t\t\t\tRotationType: pulumi.String(\"rotating\"),\n\t\t\t\tTokenLifetime: pulumi.Int(84600),\n\t\t\t},\n\t\t\tTokenEndpointAuthMethod: pulumi.String(\"client_secret_post\"),\n\t\t\tWebOrigins: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"https://example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nA client can be imported using the client's ID, e.g.\n\n```sh\n $ pulumi import auth0:index/client:Client my_client AaiyAPdpYdesoKnqjj8HJqRn4T5titww\n```\n\n ", "properties": { "addons": { "$ref": "#/types/auth0:index/ClientAddons:ClientAddons", @@ -5502,7 +5704,7 @@ "additionalProperties": { "$ref": "pulumi.json#/Any" }, - "description": "Map.\n" + "description": "Map. Custom metadata for the rotation. For more info: [rotate-client-secret](https://auth0.com/docs/get-started/applications/rotate-client-secret).\n" }, "crossOriginAuth": { "type": "boolean", @@ -5630,6 +5832,7 @@ "isFirstParty", "isTokenEndpointIpHeaderTrusted", "jwtConfiguration", + "mobile", "name", "nativeSocialLogin", "oidcConformant", @@ -5686,7 +5889,7 @@ "additionalProperties": { "$ref": "pulumi.json#/Any" }, - "description": "Map.\n" + "description": "Map. Custom metadata for the rotation. For more info: [rotate-client-secret](https://auth0.com/docs/get-started/applications/rotate-client-secret).\n" }, "crossOriginAuth": { "type": "boolean", @@ -5853,7 +6056,7 @@ "additionalProperties": { "$ref": "pulumi.json#/Any" }, - "description": "Map.\n" + "description": "Map. Custom metadata for the rotation. For more info: [rotate-client-secret](https://auth0.com/docs/get-started/applications/rotate-client-secret).\n" }, "crossOriginAuth": { "type": "boolean", @@ -6076,6 +6279,10 @@ }, "description": "Defines the realms for which the connection will be used (i.e., email domains). If not specified, the connection name is added as the realm.\n" }, + "showAsButton": { + "type": "boolean", + "description": "Display connection as a button. Only available for enterprise connections.\n" + }, "strategy": { "type": "string", "description": "Type of the connection, which indicates the identity provider. Options include `ad`, `adfs`, `amazon`, `aol`, `apple`, `auth0`, `auth0-adldap`, `auth0-oidc`, `baidu`, `bitbucket`, `bitly`, `box`, `custom`, `daccount`, `dropbox`, `dwolla`, `email`, `evernote`, `evernote-sandbox`, `exact`, `facebook`, `fitbit`, `flickr`, `github`, `google-apps`, `google-oauth2`, `guardian`, `instagram`, `ip`, `line`, `linkedin`, `miicard`, `oauth1`, `oauth2`, `office365`, `oidc`, `paypal`, `paypal-sandbox`, `pingfederate`, `planningcenter`, `renren`, `salesforce`, `salesforce-community`, `salesforce-sandbox` `samlp`, `sharepoint`, `shopify`, `sms`, `soundcloud`, `thecity`, `thecity-sandbox`, `thirtysevensignals`, `twitter`, `untappd`, `vkontakte`, `waad`, `weibo`, `windowslive`, `wordpress`, `yahoo`, `yammer`, `yandex`.\n" @@ -6131,6 +6338,10 @@ }, "description": "Defines the realms for which the connection will be used (i.e., email domains). If not specified, the connection name is added as the realm.\n" }, + "showAsButton": { + "type": "boolean", + "description": "Display connection as a button. Only available for enterprise connections.\n" + }, "strategy": { "type": "string", "description": "Type of the connection, which indicates the identity provider. Options include `ad`, `adfs`, `amazon`, `aol`, `apple`, `auth0`, `auth0-adldap`, `auth0-oidc`, `baidu`, `bitbucket`, `bitly`, `box`, `custom`, `daccount`, `dropbox`, `dwolla`, `email`, `evernote`, `evernote-sandbox`, `exact`, `facebook`, `fitbit`, `flickr`, `github`, `google-apps`, `google-oauth2`, `guardian`, `instagram`, `ip`, `line`, `linkedin`, `miicard`, `oauth1`, `oauth2`, `office365`, `oidc`, `paypal`, `paypal-sandbox`, `pingfederate`, `planningcenter`, `renren`, `salesforce`, `salesforce-community`, `salesforce-sandbox` `samlp`, `sharepoint`, `shopify`, `sms`, `soundcloud`, `thecity`, `thecity-sandbox`, `thirtysevensignals`, `twitter`, `untappd`, `vkontakte`, `waad`, `weibo`, `windowslive`, `wordpress`, `yahoo`, `yammer`, `yandex`.\n" @@ -6183,6 +6394,10 @@ }, "description": "Defines the realms for which the connection will be used (i.e., email domains). If not specified, the connection name is added as the realm.\n" }, + "showAsButton": { + "type": "boolean", + "description": "Display connection as a button. Only available for enterprise connections.\n" + }, "strategy": { "type": "string", "description": "Type of the connection, which indicates the identity provider. Options include `ad`, `adfs`, `amazon`, `aol`, `apple`, `auth0`, `auth0-adldap`, `auth0-oidc`, `baidu`, `bitbucket`, `bitly`, `box`, `custom`, `daccount`, `dropbox`, `dwolla`, `email`, `evernote`, `evernote-sandbox`, `exact`, `facebook`, `fitbit`, `flickr`, `github`, `google-apps`, `google-oauth2`, `guardian`, `instagram`, `ip`, `line`, `linkedin`, `miicard`, `oauth1`, `oauth2`, `office365`, `oidc`, `paypal`, `paypal-sandbox`, `pingfederate`, `planningcenter`, `renren`, `salesforce`, `salesforce-community`, `salesforce-sandbox` `samlp`, `sharepoint`, `shopify`, `sms`, `soundcloud`, `thecity`, `thecity-sandbox`, `thirtysevensignals`, `twitter`, `untappd`, `vkontakte`, `waad`, `weibo`, `windowslive`, `wordpress`, `yahoo`, `yammer`, `yandex`.\n" @@ -8395,6 +8610,9 @@ "$ref": "pulumi.json#/Any" } }, + "clientSecret": { + "type": "string" + }, "crossOriginAuth": { "type": "boolean" }, @@ -8511,6 +8729,7 @@ "appType", "callbacks", "clientMetadata", + "clientSecret", "crossOriginAuth", "crossOriginLoc", "customLoginPage", @@ -8601,6 +8820,9 @@ }, "description": "(Optional) Map(String)\n" }, + "clientSecret": { + "type": "string" + }, "crossOriginAuth": { "type": "boolean" }, @@ -8719,6 +8941,7 @@ "appType", "callbacks", "clientMetadata", + "clientSecret", "crossOriginAuth", "crossOriginLoc", "customLoginPage", @@ -8746,6 +8969,32 @@ "id" ] } + }, + "auth0:index/getTenant:getTenant": { + "description": "Use this data source to access information about the tenant this provider is configured to access.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as auth0 from \"@pulumi/auth0\";\n\nconst current = pulumi.output(auth0.getTenant());\n```\n```python\nimport pulumi\nimport pulumi_auth0 as auth0\n\ncurrent = auth0.get_tenant()\n```\n```csharp\nusing Pulumi;\nusing Auth0 = Pulumi.Auth0;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var current = Output.Create(Auth0.GetTenant.InvokeAsync());\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-auth0/sdk/v2/go/auth0\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := auth0.LookupTenant(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "outputs": { + "description": "A collection of values returned by getTenant.\n", + "properties": { + "domain": { + "type": "string", + "description": "String. Your Auth0 domain name.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "managementApiIdentifier": { + "type": "string", + "description": "String. The identifier value of the built-in Management API resource server, which can be used as an audience when configuring client grants.\n" + } + }, + "type": "object", + "required": [ + "domain", + "managementApiIdentifier", + "id" + ] + } } }, "language": { diff --git a/provider/go.mod b/provider/go.mod index c8e5fe7b..cfffc541 100644 --- a/provider/go.mod +++ b/provider/go.mod @@ -8,7 +8,7 @@ replace ( ) require ( - github.com/auth0/terraform-provider-auth0 v0.27.1 + github.com/auth0/terraform-provider-auth0 v0.29.0 github.com/pulumi/pulumi-terraform-bridge/v3 v3.20.0 github.com/pulumi/pulumi/sdk/v3 v3.27.0 ) diff --git a/provider/go.sum b/provider/go.sum index b4e3bba2..e8a4c8c7 100644 --- a/provider/go.sum +++ b/provider/go.sum @@ -153,10 +153,10 @@ github.com/armon/go-radix v1.0.0 h1:F4z6KzEeeQIMeLFa97iZU6vupzoecKdU5TX24SNppXI= github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= -github.com/auth0/go-auth0 v0.5.0 h1:GRXS+7yr4H7P726nwmXDtBC6LA8IcmlYHYjr3nkC98Y= -github.com/auth0/go-auth0 v0.5.0/go.mod h1:9rEJrEWFALKlt1VVCx1zToCG6+uddn4MLEgtKSRhlEU= -github.com/auth0/terraform-provider-auth0 v0.27.1 h1:GtoMLnhCiGaC2XMDtrF1sy0j6AkvN2g2Mtx0ercMkNk= -github.com/auth0/terraform-provider-auth0 v0.27.1/go.mod h1:LPsv2dE031hpXtu3HxvaXiYB3Pm6VKc65/gCUnSV+TQ= +github.com/auth0/go-auth0 v0.6.1 h1:D6WSxLQyr1+Ozn8qW0KJAKVcy1j7ZxbRoWdZQr0qT8s= +github.com/auth0/go-auth0 v0.6.1/go.mod h1:9rEJrEWFALKlt1VVCx1zToCG6+uddn4MLEgtKSRhlEU= +github.com/auth0/terraform-provider-auth0 v0.29.0 h1:G93krbwIvNB1vL6gQwubwe+tUhExCdNV/s3R60qYWjE= +github.com/auth0/terraform-provider-auth0 v0.29.0/go.mod h1:fVBwgUVJlaESaCS77FqI8kGl6HCFncCfdljFUJJAtCI= github.com/aws/aws-sdk-go v1.15.27/go.mod h1:mFuSZ37Z9YOHbQEwBWztmVzqXrEkub65tZoCYDt7FT0= github.com/aws/aws-sdk-go v1.15.78/go.mod h1:E3/ieXAlvM0XWO57iftYVDLLvQ824smPP3ATZkfNZeM= github.com/aws/aws-sdk-go v1.19.39/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= diff --git a/provider/resources.go b/provider/resources.go index fac6094a..0a5f710a 100644 --- a/provider/resources.go +++ b/provider/resources.go @@ -111,10 +111,12 @@ func Provider() tfbridge.ProviderInfo { "auth0_organization": {Tok: makeResource(mainMod, "Organization")}, "auth0_trigger_binding": {Tok: makeResource(mainMod, "TriggerBinding")}, "auth0_prompt_custom_text": {Tok: makeResource(mainMod, "PromptCustomText")}, + "auth0_attack_protection": {Tok: makeResource(mainMod, "AttackProtection")}, }, DataSources: map[string]*tfbridge.DataSourceInfo{ "auth0_client": {Tok: tfbridge.MakeDataSource(mainPkg, mainMod, "getClient")}, "auth0_global_client": {Tok: tfbridge.MakeDataSource(mainPkg, mainMod, "getGlobalClient")}, + "auth0_tenant": {Tok: tfbridge.MakeDataSource(mainPkg, mainMod, "getTenant")}, }, JavaScript: &tfbridge.JavaScriptInfo{ Dependencies: map[string]string{ diff --git a/sdk/dotnet/AttackProtection.cs b/sdk/dotnet/AttackProtection.cs new file mode 100644 index 00000000..326ada8f --- /dev/null +++ b/sdk/dotnet/AttackProtection.cs @@ -0,0 +1,207 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Auth0 +{ + /// + /// Auth0 can detect attacks and stop malicious attempts to access your application such as blocking traffic from certain IPs and displaying CAPTCHA + /// + /// ## Example Usage + /// + /// ```csharp + /// using Pulumi; + /// using Auth0 = Pulumi.Auth0; + /// + /// class MyStack : Stack + /// { + /// public MyStack() + /// { + /// var attackProtection = new Auth0.AttackProtection("attackProtection", new Auth0.AttackProtectionArgs + /// { + /// BreachedPasswordDetection = new Auth0.Inputs.AttackProtectionBreachedPasswordDetectionArgs + /// { + /// AdminNotificationFrequencies = + /// { + /// "daily", + /// }, + /// Enabled = true, + /// Method = "standard", + /// Shields = + /// { + /// "admin_notification", + /// "block", + /// }, + /// }, + /// BruteForceProtection = new Auth0.Inputs.AttackProtectionBruteForceProtectionArgs + /// { + /// Allowlists = + /// { + /// "127.0.0.1", + /// }, + /// Enabled = true, + /// MaxAttempts = 5, + /// Mode = "count_per_identifier_and_ip", + /// Shields = + /// { + /// "block", + /// "user_notification", + /// }, + /// }, + /// SuspiciousIpThrottling = new Auth0.Inputs.AttackProtectionSuspiciousIpThrottlingArgs + /// { + /// Allowlists = + /// { + /// "192.168.1.1", + /// }, + /// Enabled = true, + /// PreLogin = new Auth0.Inputs.AttackProtectionSuspiciousIpThrottlingPreLoginArgs + /// { + /// MaxAttempts = 100, + /// Rate = 864000, + /// }, + /// PreUserRegistration = new Auth0.Inputs.AttackProtectionSuspiciousIpThrottlingPreUserRegistrationArgs + /// { + /// MaxAttempts = 50, + /// Rate = 1200, + /// }, + /// Shields = + /// { + /// "admin_notification", + /// "block", + /// }, + /// }, + /// }); + /// } + /// + /// } + /// ``` + /// + /// ## Import + /// + /// As this is not a resource identifiable by an ID within the Auth0 Management API, guardian can be imported using a random string. We recommend [Version 4 UUID](https://www.uuidgenerator.net/version4) e.g. + /// + /// ```sh + /// $ pulumi import auth0:index/attackProtection:AttackProtection default 24940d4b-4bd4-44e7-894e-f92e4de36a40 + /// ``` + /// + [Auth0ResourceType("auth0:index/attackProtection:AttackProtection")] + public partial class AttackProtection : Pulumi.CustomResource + { + /// + /// Breached password detection protects your applications from bad actors logging in with stolen credentials. + /// + [Output("breachedPasswordDetection")] + public Output BreachedPasswordDetection { get; private set; } = null!; + + /// + /// Safeguards against a single IP address attacking a single user account. + /// + [Output("bruteForceProtection")] + public Output BruteForceProtection { get; private set; } = null!; + + /// + /// Suspicious IP throttling blocks traffic from any IP address that rapidly attempts too many logins or signups. + /// + [Output("suspiciousIpThrottling")] + public Output SuspiciousIpThrottling { get; private set; } = null!; + + + /// + /// Create a AttackProtection resource with the given unique name, arguments, and options. + /// + /// + /// The unique name of the resource + /// The arguments used to populate this resource's properties + /// A bag of options that control this resource's behavior + public AttackProtection(string name, AttackProtectionArgs? args = null, CustomResourceOptions? options = null) + : base("auth0:index/attackProtection:AttackProtection", name, args ?? new AttackProtectionArgs(), MakeResourceOptions(options, "")) + { + } + + private AttackProtection(string name, Input id, AttackProtectionState? state = null, CustomResourceOptions? options = null) + : base("auth0:index/attackProtection:AttackProtection", name, state, MakeResourceOptions(options, id)) + { + } + + private static CustomResourceOptions MakeResourceOptions(CustomResourceOptions? options, Input? id) + { + var defaultOptions = new CustomResourceOptions + { + Version = Utilities.Version, + }; + var merged = CustomResourceOptions.Merge(defaultOptions, options); + // Override the ID if one was specified for consistency with other language SDKs. + merged.Id = id ?? merged.Id; + return merged; + } + /// + /// Get an existing AttackProtection resource's state with the given name, ID, and optional extra + /// properties used to qualify the lookup. + /// + /// + /// The unique name of the resulting resource. + /// The unique provider ID of the resource to lookup. + /// Any extra arguments used during the lookup. + /// A bag of options that control this resource's behavior + public static AttackProtection Get(string name, Input id, AttackProtectionState? state = null, CustomResourceOptions? options = null) + { + return new AttackProtection(name, id, state, options); + } + } + + public sealed class AttackProtectionArgs : Pulumi.ResourceArgs + { + /// + /// Breached password detection protects your applications from bad actors logging in with stolen credentials. + /// + [Input("breachedPasswordDetection")] + public Input? BreachedPasswordDetection { get; set; } + + /// + /// Safeguards against a single IP address attacking a single user account. + /// + [Input("bruteForceProtection")] + public Input? BruteForceProtection { get; set; } + + /// + /// Suspicious IP throttling blocks traffic from any IP address that rapidly attempts too many logins or signups. + /// + [Input("suspiciousIpThrottling")] + public Input? SuspiciousIpThrottling { get; set; } + + public AttackProtectionArgs() + { + } + } + + public sealed class AttackProtectionState : Pulumi.ResourceArgs + { + /// + /// Breached password detection protects your applications from bad actors logging in with stolen credentials. + /// + [Input("breachedPasswordDetection")] + public Input? BreachedPasswordDetection { get; set; } + + /// + /// Safeguards against a single IP address attacking a single user account. + /// + [Input("bruteForceProtection")] + public Input? BruteForceProtection { get; set; } + + /// + /// Suspicious IP throttling blocks traffic from any IP address that rapidly attempts too many logins or signups. + /// + [Input("suspiciousIpThrottling")] + public Input? SuspiciousIpThrottling { get; set; } + + public AttackProtectionState() + { + } + } +} diff --git a/sdk/dotnet/Client.cs b/sdk/dotnet/Client.cs index 37d08f64..a19957f1 100644 --- a/sdk/dotnet/Client.cs +++ b/sdk/dotnet/Client.cs @@ -74,6 +74,11 @@ namespace Pulumi.Auth0 /// { /// { "foo", "zoo" }, /// }, + /// ClientSecretRotationTrigger = + /// { + /// { "triggered_at", "2018-01-02T23:12:01Z" }, + /// { "triggered_by", "auth0" }, + /// }, /// CustomLoginPageOn = true, /// Description = "Test Applications Long Description", /// GrantTypes = @@ -193,7 +198,7 @@ public partial class Client : Pulumi.CustomResource public Output ClientSecret { get; private set; } = null!; /// - /// Map. + /// Map. Custom metadata for the rotation. For more info: [rotate-client-secret](https://auth0.com/docs/get-started/applications/rotate-client-secret). /// [Output("clientSecretRotationTrigger")] public Output?> ClientSecretRotationTrigger { get; private set; } = null!; @@ -280,7 +285,7 @@ public partial class Client : Pulumi.CustomResource /// List(Resource). Configuration settings for mobile native applications. For details, see Mobile. /// [Output("mobile")] - public Output Mobile { get; private set; } = null!; + public Output Mobile { get; private set; } = null!; /// /// String. Name of the client. @@ -470,7 +475,7 @@ public InputMap ClientMetadata private InputMap? _clientSecretRotationTrigger; /// - /// Map. + /// Map. Custom metadata for the rotation. For more info: [rotate-client-secret](https://auth0.com/docs/get-started/applications/rotate-client-secret). /// public InputMap ClientSecretRotationTrigger { @@ -734,7 +739,7 @@ public InputMap ClientMetadata private InputMap? _clientSecretRotationTrigger; /// - /// Map. + /// Map. Custom metadata for the rotation. For more info: [rotate-client-secret](https://auth0.com/docs/get-started/applications/rotate-client-secret). /// public InputMap ClientSecretRotationTrigger { diff --git a/sdk/dotnet/Connection.cs b/sdk/dotnet/Connection.cs index 47ec4b01..ea06b20d 100644 --- a/sdk/dotnet/Connection.cs +++ b/sdk/dotnet/Connection.cs @@ -110,6 +110,12 @@ public partial class Connection : Pulumi.CustomResource [Output("realms")] public Output> Realms { get; private set; } = null!; + /// + /// Display connection as a button. Only available for enterprise connections. + /// + [Output("showAsButton")] + public Output ShowAsButton { get; private set; } = null!; + /// /// Type of the connection, which indicates the identity provider. Options include `ad`, `adfs`, `amazon`, `aol`, `apple`, `auth0`, `auth0-adldap`, `auth0-oidc`, `baidu`, `bitbucket`, `bitly`, `box`, `custom`, `daccount`, `dropbox`, `dwolla`, `email`, `evernote`, `evernote-sandbox`, `exact`, `facebook`, `fitbit`, `flickr`, `github`, `google-apps`, `google-oauth2`, `guardian`, `instagram`, `ip`, `line`, `linkedin`, `miicard`, `oauth1`, `oauth2`, `office365`, `oidc`, `paypal`, `paypal-sandbox`, `pingfederate`, `planningcenter`, `renren`, `salesforce`, `salesforce-community`, `salesforce-sandbox` `samlp`, `sharepoint`, `shopify`, `sms`, `soundcloud`, `thecity`, `thecity-sandbox`, `thirtysevensignals`, `twitter`, `untappd`, `vkontakte`, `waad`, `weibo`, `windowslive`, `wordpress`, `yahoo`, `yammer`, `yandex`. /// @@ -222,6 +228,12 @@ public InputList Realms set => _realms = value; } + /// + /// Display connection as a button. Only available for enterprise connections. + /// + [Input("showAsButton")] + public Input? ShowAsButton { get; set; } + /// /// Type of the connection, which indicates the identity provider. Options include `ad`, `adfs`, `amazon`, `aol`, `apple`, `auth0`, `auth0-adldap`, `auth0-oidc`, `baidu`, `bitbucket`, `bitly`, `box`, `custom`, `daccount`, `dropbox`, `dwolla`, `email`, `evernote`, `evernote-sandbox`, `exact`, `facebook`, `fitbit`, `flickr`, `github`, `google-apps`, `google-oauth2`, `guardian`, `instagram`, `ip`, `line`, `linkedin`, `miicard`, `oauth1`, `oauth2`, `office365`, `oidc`, `paypal`, `paypal-sandbox`, `pingfederate`, `planningcenter`, `renren`, `salesforce`, `salesforce-community`, `salesforce-sandbox` `samlp`, `sharepoint`, `shopify`, `sms`, `soundcloud`, `thecity`, `thecity-sandbox`, `thirtysevensignals`, `twitter`, `untappd`, `vkontakte`, `waad`, `weibo`, `windowslive`, `wordpress`, `yahoo`, `yammer`, `yandex`. /// @@ -301,6 +313,12 @@ public InputList Realms set => _realms = value; } + /// + /// Display connection as a button. Only available for enterprise connections. + /// + [Input("showAsButton")] + public Input? ShowAsButton { get; set; } + /// /// Type of the connection, which indicates the identity provider. Options include `ad`, `adfs`, `amazon`, `aol`, `apple`, `auth0`, `auth0-adldap`, `auth0-oidc`, `baidu`, `bitbucket`, `bitly`, `box`, `custom`, `daccount`, `dropbox`, `dwolla`, `email`, `evernote`, `evernote-sandbox`, `exact`, `facebook`, `fitbit`, `flickr`, `github`, `google-apps`, `google-oauth2`, `guardian`, `instagram`, `ip`, `line`, `linkedin`, `miicard`, `oauth1`, `oauth2`, `office365`, `oidc`, `paypal`, `paypal-sandbox`, `pingfederate`, `planningcenter`, `renren`, `salesforce`, `salesforce-community`, `salesforce-sandbox` `samlp`, `sharepoint`, `shopify`, `sms`, `soundcloud`, `thecity`, `thecity-sandbox`, `thirtysevensignals`, `twitter`, `untappd`, `vkontakte`, `waad`, `weibo`, `windowslive`, `wordpress`, `yahoo`, `yammer`, `yandex`. /// diff --git a/sdk/dotnet/GetClient.cs b/sdk/dotnet/GetClient.cs index 4df60be2..84f1151b 100644 --- a/sdk/dotnet/GetClient.cs +++ b/sdk/dotnet/GetClient.cs @@ -129,6 +129,7 @@ public sealed class GetClientResult public readonly ImmutableArray Callbacks; public readonly string? ClientId; public readonly ImmutableDictionary ClientMetadata; + public readonly string ClientSecret; public readonly bool CrossOriginAuth; public readonly string CrossOriginLoc; public readonly string CustomLoginPage; @@ -177,6 +178,8 @@ public sealed class GetClientResult ImmutableDictionary clientMetadata, + string clientSecret, + bool crossOriginAuth, string crossOriginLoc, @@ -237,6 +240,7 @@ public sealed class GetClientResult Callbacks = callbacks; ClientId = clientId; ClientMetadata = clientMetadata; + ClientSecret = clientSecret; CrossOriginAuth = crossOriginAuth; CrossOriginLoc = crossOriginLoc; CustomLoginPage = customLoginPage; diff --git a/sdk/dotnet/GetGlobalClient.cs b/sdk/dotnet/GetGlobalClient.cs index cab739be..8b6be599 100644 --- a/sdk/dotnet/GetGlobalClient.cs +++ b/sdk/dotnet/GetGlobalClient.cs @@ -118,6 +118,7 @@ public sealed class GetGlobalClientResult /// (Optional) Map(String) /// public readonly ImmutableDictionary ClientMetadata; + public readonly string ClientSecret; public readonly bool CrossOriginAuth; public readonly string CrossOriginLoc; /// @@ -172,6 +173,8 @@ public sealed class GetGlobalClientResult ImmutableDictionary clientMetadata, + string clientSecret, + bool crossOriginAuth, string crossOriginLoc, @@ -232,6 +235,7 @@ public sealed class GetGlobalClientResult Callbacks = callbacks; ClientId = clientId; ClientMetadata = clientMetadata; + ClientSecret = clientSecret; CrossOriginAuth = crossOriginAuth; CrossOriginLoc = crossOriginLoc; CustomLoginPage = customLoginPage; diff --git a/sdk/dotnet/GetTenant.cs b/sdk/dotnet/GetTenant.cs new file mode 100644 index 00000000..9fe730d2 --- /dev/null +++ b/sdk/dotnet/GetTenant.cs @@ -0,0 +1,71 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Auth0 +{ + public static class GetTenant + { + /// + /// Use this data source to access information about the tenant this provider is configured to access. + /// + /// {{% examples %}} + /// ## Example Usage + /// {{% example %}} + /// + /// ```csharp + /// using Pulumi; + /// using Auth0 = Pulumi.Auth0; + /// + /// class MyStack : Stack + /// { + /// public MyStack() + /// { + /// var current = Output.Create(Auth0.GetTenant.InvokeAsync()); + /// } + /// + /// } + /// ``` + /// {{% /example %}} + /// {{% /examples %}} + /// + public static Task InvokeAsync(InvokeOptions? options = null) + => Pulumi.Deployment.Instance.InvokeAsync("auth0:index/getTenant:getTenant", InvokeArgs.Empty, options.WithDefaults()); + } + + + [OutputType] + public sealed class GetTenantResult + { + /// + /// String. Your Auth0 domain name. + /// + public readonly string Domain; + /// + /// The provider-assigned unique ID for this managed resource. + /// + public readonly string Id; + /// + /// String. The identifier value of the built-in Management API resource server, which can be used as an audience when configuring client grants. + /// + public readonly string ManagementApiIdentifier; + + [OutputConstructor] + private GetTenantResult( + string domain, + + string id, + + string managementApiIdentifier) + { + Domain = domain; + Id = id; + ManagementApiIdentifier = managementApiIdentifier; + } + } +} diff --git a/sdk/dotnet/Inputs/AttackProtectionBreachedPasswordDetectionArgs.cs b/sdk/dotnet/Inputs/AttackProtectionBreachedPasswordDetectionArgs.cs new file mode 100644 index 00000000..8500d2a9 --- /dev/null +++ b/sdk/dotnet/Inputs/AttackProtectionBreachedPasswordDetectionArgs.cs @@ -0,0 +1,55 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Auth0.Inputs +{ + + public sealed class AttackProtectionBreachedPasswordDetectionArgs : Pulumi.ResourceArgs + { + [Input("adminNotificationFrequencies")] + private InputList? _adminNotificationFrequencies; + + /// + /// When "admin_notification" is enabled, determines how often email notifications are sent. Possible values: `immediately`, `daily`, `weekly`, `monthly`. + /// + public InputList AdminNotificationFrequencies + { + get => _adminNotificationFrequencies ?? (_adminNotificationFrequencies = new InputList()); + set => _adminNotificationFrequencies = value; + } + + /// + /// Whether or not breached password detection is active. + /// + [Input("enabled")] + public Input? Enabled { get; set; } + + /// + /// The subscription level for breached password detection methods. Use "enhanced" to enable Credential Guard. Possible values: `standard`, `enhanced`. + /// + [Input("method")] + public Input? Method { get; set; } + + [Input("shields")] + private InputList? _shields; + + /// + /// Action to take when a breached password is detected. Possible values: `block`, `user_notification`, `admin_notification`. + /// + public InputList Shields + { + get => _shields ?? (_shields = new InputList()); + set => _shields = value; + } + + public AttackProtectionBreachedPasswordDetectionArgs() + { + } + } +} diff --git a/sdk/dotnet/Inputs/AttackProtectionBreachedPasswordDetectionGetArgs.cs b/sdk/dotnet/Inputs/AttackProtectionBreachedPasswordDetectionGetArgs.cs new file mode 100644 index 00000000..10fb9630 --- /dev/null +++ b/sdk/dotnet/Inputs/AttackProtectionBreachedPasswordDetectionGetArgs.cs @@ -0,0 +1,55 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Auth0.Inputs +{ + + public sealed class AttackProtectionBreachedPasswordDetectionGetArgs : Pulumi.ResourceArgs + { + [Input("adminNotificationFrequencies")] + private InputList? _adminNotificationFrequencies; + + /// + /// When "admin_notification" is enabled, determines how often email notifications are sent. Possible values: `immediately`, `daily`, `weekly`, `monthly`. + /// + public InputList AdminNotificationFrequencies + { + get => _adminNotificationFrequencies ?? (_adminNotificationFrequencies = new InputList()); + set => _adminNotificationFrequencies = value; + } + + /// + /// Whether or not breached password detection is active. + /// + [Input("enabled")] + public Input? Enabled { get; set; } + + /// + /// The subscription level for breached password detection methods. Use "enhanced" to enable Credential Guard. Possible values: `standard`, `enhanced`. + /// + [Input("method")] + public Input? Method { get; set; } + + [Input("shields")] + private InputList? _shields; + + /// + /// Action to take when a breached password is detected. Possible values: `block`, `user_notification`, `admin_notification`. + /// + public InputList Shields + { + get => _shields ?? (_shields = new InputList()); + set => _shields = value; + } + + public AttackProtectionBreachedPasswordDetectionGetArgs() + { + } + } +} diff --git a/sdk/dotnet/Inputs/AttackProtectionBruteForceProtectionArgs.cs b/sdk/dotnet/Inputs/AttackProtectionBruteForceProtectionArgs.cs new file mode 100644 index 00000000..fadd1d43 --- /dev/null +++ b/sdk/dotnet/Inputs/AttackProtectionBruteForceProtectionArgs.cs @@ -0,0 +1,61 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Auth0.Inputs +{ + + public sealed class AttackProtectionBruteForceProtectionArgs : Pulumi.ResourceArgs + { + [Input("allowlists")] + private InputList? _allowlists; + + /// + /// List of trusted IP addresses that will not have attack protection enforced against them. + /// + public InputList Allowlists + { + get => _allowlists ?? (_allowlists = new InputList()); + set => _allowlists = value; + } + + /// + /// Whether or not breached password detection is active. + /// + [Input("enabled")] + public Input? Enabled { get; set; } + + /// + /// Maximum number of unsuccessful attempts. Only available on public tenants. + /// + [Input("maxAttempts")] + public Input? MaxAttempts { get; set; } + + /// + /// Determines whether or not IP address is used when counting failed attempts. Possible values: `count_per_identifier_and_ip` or `count_per_identifier`. + /// + [Input("mode")] + public Input? Mode { get; set; } + + [Input("shields")] + private InputList? _shields; + + /// + /// Action to take when a breached password is detected. Possible values: `block`, `user_notification`, `admin_notification`. + /// + public InputList Shields + { + get => _shields ?? (_shields = new InputList()); + set => _shields = value; + } + + public AttackProtectionBruteForceProtectionArgs() + { + } + } +} diff --git a/sdk/dotnet/Inputs/AttackProtectionBruteForceProtectionGetArgs.cs b/sdk/dotnet/Inputs/AttackProtectionBruteForceProtectionGetArgs.cs new file mode 100644 index 00000000..d0b6fd3b --- /dev/null +++ b/sdk/dotnet/Inputs/AttackProtectionBruteForceProtectionGetArgs.cs @@ -0,0 +1,61 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Auth0.Inputs +{ + + public sealed class AttackProtectionBruteForceProtectionGetArgs : Pulumi.ResourceArgs + { + [Input("allowlists")] + private InputList? _allowlists; + + /// + /// List of trusted IP addresses that will not have attack protection enforced against them. + /// + public InputList Allowlists + { + get => _allowlists ?? (_allowlists = new InputList()); + set => _allowlists = value; + } + + /// + /// Whether or not breached password detection is active. + /// + [Input("enabled")] + public Input? Enabled { get; set; } + + /// + /// Maximum number of unsuccessful attempts. Only available on public tenants. + /// + [Input("maxAttempts")] + public Input? MaxAttempts { get; set; } + + /// + /// Determines whether or not IP address is used when counting failed attempts. Possible values: `count_per_identifier_and_ip` or `count_per_identifier`. + /// + [Input("mode")] + public Input? Mode { get; set; } + + [Input("shields")] + private InputList? _shields; + + /// + /// Action to take when a breached password is detected. Possible values: `block`, `user_notification`, `admin_notification`. + /// + public InputList Shields + { + get => _shields ?? (_shields = new InputList()); + set => _shields = value; + } + + public AttackProtectionBruteForceProtectionGetArgs() + { + } + } +} diff --git a/sdk/dotnet/Inputs/AttackProtectionSuspiciousIpThrottlingArgs.cs b/sdk/dotnet/Inputs/AttackProtectionSuspiciousIpThrottlingArgs.cs new file mode 100644 index 00000000..7519b74a --- /dev/null +++ b/sdk/dotnet/Inputs/AttackProtectionSuspiciousIpThrottlingArgs.cs @@ -0,0 +1,61 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Auth0.Inputs +{ + + public sealed class AttackProtectionSuspiciousIpThrottlingArgs : Pulumi.ResourceArgs + { + [Input("allowlists")] + private InputList? _allowlists; + + /// + /// List of trusted IP addresses that will not have attack protection enforced against them. + /// + public InputList Allowlists + { + get => _allowlists ?? (_allowlists = new InputList()); + set => _allowlists = value; + } + + /// + /// Whether or not breached password detection is active. + /// + [Input("enabled")] + public Input? Enabled { get; set; } + + /// + /// Configuration options that apply before every login attempt. Only available on public tenants. + /// + [Input("preLogin")] + public Input? PreLogin { get; set; } + + /// + /// Configuration options that apply before every user registration attempt. Only available on public tenants. + /// + [Input("preUserRegistration")] + public Input? PreUserRegistration { get; set; } + + [Input("shields")] + private InputList? _shields; + + /// + /// Action to take when a breached password is detected. Possible values: `block`, `user_notification`, `admin_notification`. + /// + public InputList Shields + { + get => _shields ?? (_shields = new InputList()); + set => _shields = value; + } + + public AttackProtectionSuspiciousIpThrottlingArgs() + { + } + } +} diff --git a/sdk/dotnet/Inputs/AttackProtectionSuspiciousIpThrottlingGetArgs.cs b/sdk/dotnet/Inputs/AttackProtectionSuspiciousIpThrottlingGetArgs.cs new file mode 100644 index 00000000..13ad7ff9 --- /dev/null +++ b/sdk/dotnet/Inputs/AttackProtectionSuspiciousIpThrottlingGetArgs.cs @@ -0,0 +1,61 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Auth0.Inputs +{ + + public sealed class AttackProtectionSuspiciousIpThrottlingGetArgs : Pulumi.ResourceArgs + { + [Input("allowlists")] + private InputList? _allowlists; + + /// + /// List of trusted IP addresses that will not have attack protection enforced against them. + /// + public InputList Allowlists + { + get => _allowlists ?? (_allowlists = new InputList()); + set => _allowlists = value; + } + + /// + /// Whether or not breached password detection is active. + /// + [Input("enabled")] + public Input? Enabled { get; set; } + + /// + /// Configuration options that apply before every login attempt. Only available on public tenants. + /// + [Input("preLogin")] + public Input? PreLogin { get; set; } + + /// + /// Configuration options that apply before every user registration attempt. Only available on public tenants. + /// + [Input("preUserRegistration")] + public Input? PreUserRegistration { get; set; } + + [Input("shields")] + private InputList? _shields; + + /// + /// Action to take when a breached password is detected. Possible values: `block`, `user_notification`, `admin_notification`. + /// + public InputList Shields + { + get => _shields ?? (_shields = new InputList()); + set => _shields = value; + } + + public AttackProtectionSuspiciousIpThrottlingGetArgs() + { + } + } +} diff --git a/sdk/dotnet/Inputs/AttackProtectionSuspiciousIpThrottlingPreLoginArgs.cs b/sdk/dotnet/Inputs/AttackProtectionSuspiciousIpThrottlingPreLoginArgs.cs new file mode 100644 index 00000000..ec4ce00e --- /dev/null +++ b/sdk/dotnet/Inputs/AttackProtectionSuspiciousIpThrottlingPreLoginArgs.cs @@ -0,0 +1,28 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Auth0.Inputs +{ + + public sealed class AttackProtectionSuspiciousIpThrottlingPreLoginArgs : Pulumi.ResourceArgs + { + /// + /// Maximum number of unsuccessful attempts. Only available on public tenants. + /// + [Input("maxAttempts")] + public Input? MaxAttempts { get; set; } + + [Input("rate")] + public Input? Rate { get; set; } + + public AttackProtectionSuspiciousIpThrottlingPreLoginArgs() + { + } + } +} diff --git a/sdk/dotnet/Inputs/AttackProtectionSuspiciousIpThrottlingPreLoginGetArgs.cs b/sdk/dotnet/Inputs/AttackProtectionSuspiciousIpThrottlingPreLoginGetArgs.cs new file mode 100644 index 00000000..bca95034 --- /dev/null +++ b/sdk/dotnet/Inputs/AttackProtectionSuspiciousIpThrottlingPreLoginGetArgs.cs @@ -0,0 +1,28 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Auth0.Inputs +{ + + public sealed class AttackProtectionSuspiciousIpThrottlingPreLoginGetArgs : Pulumi.ResourceArgs + { + /// + /// Maximum number of unsuccessful attempts. Only available on public tenants. + /// + [Input("maxAttempts")] + public Input? MaxAttempts { get; set; } + + [Input("rate")] + public Input? Rate { get; set; } + + public AttackProtectionSuspiciousIpThrottlingPreLoginGetArgs() + { + } + } +} diff --git a/sdk/dotnet/Inputs/AttackProtectionSuspiciousIpThrottlingPreUserRegistrationArgs.cs b/sdk/dotnet/Inputs/AttackProtectionSuspiciousIpThrottlingPreUserRegistrationArgs.cs new file mode 100644 index 00000000..e86e3baa --- /dev/null +++ b/sdk/dotnet/Inputs/AttackProtectionSuspiciousIpThrottlingPreUserRegistrationArgs.cs @@ -0,0 +1,28 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Auth0.Inputs +{ + + public sealed class AttackProtectionSuspiciousIpThrottlingPreUserRegistrationArgs : Pulumi.ResourceArgs + { + /// + /// Maximum number of unsuccessful attempts. Only available on public tenants. + /// + [Input("maxAttempts")] + public Input? MaxAttempts { get; set; } + + [Input("rate")] + public Input? Rate { get; set; } + + public AttackProtectionSuspiciousIpThrottlingPreUserRegistrationArgs() + { + } + } +} diff --git a/sdk/dotnet/Inputs/AttackProtectionSuspiciousIpThrottlingPreUserRegistrationGetArgs.cs b/sdk/dotnet/Inputs/AttackProtectionSuspiciousIpThrottlingPreUserRegistrationGetArgs.cs new file mode 100644 index 00000000..bbdb0721 --- /dev/null +++ b/sdk/dotnet/Inputs/AttackProtectionSuspiciousIpThrottlingPreUserRegistrationGetArgs.cs @@ -0,0 +1,28 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Auth0.Inputs +{ + + public sealed class AttackProtectionSuspiciousIpThrottlingPreUserRegistrationGetArgs : Pulumi.ResourceArgs + { + /// + /// Maximum number of unsuccessful attempts. Only available on public tenants. + /// + [Input("maxAttempts")] + public Input? MaxAttempts { get; set; } + + [Input("rate")] + public Input? Rate { get; set; } + + public AttackProtectionSuspiciousIpThrottlingPreUserRegistrationGetArgs() + { + } + } +} diff --git a/sdk/dotnet/Inputs/ClientAddonsSamlpArgs.cs b/sdk/dotnet/Inputs/ClientAddonsSamlpArgs.cs index 06f11d8e..20ecf4f7 100644 --- a/sdk/dotnet/Inputs/ClientAddonsSamlpArgs.cs +++ b/sdk/dotnet/Inputs/ClientAddonsSamlpArgs.cs @@ -60,11 +60,17 @@ public sealed class ClientAddonsSamlpArgs : Pulumi.ResourceArgs [Input("lifetimeInSeconds")] public Input? LifetimeInSeconds { get; set; } + [Input("logout")] + private InputMap? _logout; + /// /// Map(Resource). Configuration settings for logout. For details, see Logout. /// - [Input("logout")] - public Input? Logout { get; set; } + public InputMap Logout + { + get => _logout ?? (_logout = new InputMap()); + set => _logout = value; + } /// /// Boolean, (Default=true). Indicates whether or not to add additional identity information in the token, such as the provider used and the access_token, if available. diff --git a/sdk/dotnet/Inputs/ClientAddonsSamlpGetArgs.cs b/sdk/dotnet/Inputs/ClientAddonsSamlpGetArgs.cs index 868f8253..6c00e25e 100644 --- a/sdk/dotnet/Inputs/ClientAddonsSamlpGetArgs.cs +++ b/sdk/dotnet/Inputs/ClientAddonsSamlpGetArgs.cs @@ -60,11 +60,17 @@ public sealed class ClientAddonsSamlpGetArgs : Pulumi.ResourceArgs [Input("lifetimeInSeconds")] public Input? LifetimeInSeconds { get; set; } + [Input("logout")] + private InputMap? _logout; + /// /// Map(Resource). Configuration settings for logout. For details, see Logout. /// - [Input("logout")] - public Input? Logout { get; set; } + public InputMap Logout + { + get => _logout ?? (_logout = new InputMap()); + set => _logout = value; + } /// /// Boolean, (Default=true). Indicates whether or not to add additional identity information in the token, such as the provider used and the access_token, if available. diff --git a/sdk/dotnet/Inputs/ClientAddonsSamlpLogoutArgs.cs b/sdk/dotnet/Inputs/ClientAddonsSamlpLogoutArgs.cs deleted file mode 100644 index 6450de3d..00000000 --- a/sdk/dotnet/Inputs/ClientAddonsSamlpLogoutArgs.cs +++ /dev/null @@ -1,31 +0,0 @@ -// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** -// *** Do not edit by hand unless you're certain you know what you are doing! *** - -using System; -using System.Collections.Generic; -using System.Collections.Immutable; -using System.Threading.Tasks; -using Pulumi.Serialization; - -namespace Pulumi.Auth0.Inputs -{ - - public sealed class ClientAddonsSamlpLogoutArgs : Pulumi.ResourceArgs - { - /// - /// String. Service provider's Single Logout Service URL, to which Auth0 will send logout requests and responses. - /// - [Input("callback")] - public Input? Callback { get; set; } - - /// - /// Boolean. Indicates whether or not Auth0 should notify service providers of session termination. - /// - [Input("sloEnabled")] - public Input? SloEnabled { get; set; } - - public ClientAddonsSamlpLogoutArgs() - { - } - } -} diff --git a/sdk/dotnet/Inputs/ClientAddonsSamlpLogoutGetArgs.cs b/sdk/dotnet/Inputs/ClientAddonsSamlpLogoutGetArgs.cs deleted file mode 100644 index 19e9faa6..00000000 --- a/sdk/dotnet/Inputs/ClientAddonsSamlpLogoutGetArgs.cs +++ /dev/null @@ -1,31 +0,0 @@ -// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** -// *** Do not edit by hand unless you're certain you know what you are doing! *** - -using System; -using System.Collections.Generic; -using System.Collections.Immutable; -using System.Threading.Tasks; -using Pulumi.Serialization; - -namespace Pulumi.Auth0.Inputs -{ - - public sealed class ClientAddonsSamlpLogoutGetArgs : Pulumi.ResourceArgs - { - /// - /// String. Service provider's Single Logout Service URL, to which Auth0 will send logout requests and responses. - /// - [Input("callback")] - public Input? Callback { get; set; } - - /// - /// Boolean. Indicates whether or not Auth0 should notify service providers of session termination. - /// - [Input("sloEnabled")] - public Input? SloEnabled { get; set; } - - public ClientAddonsSamlpLogoutGetArgs() - { - } - } -} diff --git a/sdk/dotnet/Inputs/GlobalClientAddonsSamlpArgs.cs b/sdk/dotnet/Inputs/GlobalClientAddonsSamlpArgs.cs index 46a76125..c148adc3 100644 --- a/sdk/dotnet/Inputs/GlobalClientAddonsSamlpArgs.cs +++ b/sdk/dotnet/Inputs/GlobalClientAddonsSamlpArgs.cs @@ -37,7 +37,12 @@ public sealed class GlobalClientAddonsSamlpArgs : Pulumi.ResourceArgs public Input? LifetimeInSeconds { get; set; } [Input("logout")] - public Input? Logout { get; set; } + private InputMap? _logout; + public InputMap Logout + { + get => _logout ?? (_logout = new InputMap()); + set => _logout = value; + } [Input("mapIdentities")] public Input? MapIdentities { get; set; } diff --git a/sdk/dotnet/Inputs/GlobalClientAddonsSamlpGetArgs.cs b/sdk/dotnet/Inputs/GlobalClientAddonsSamlpGetArgs.cs index 58962923..c2872c23 100644 --- a/sdk/dotnet/Inputs/GlobalClientAddonsSamlpGetArgs.cs +++ b/sdk/dotnet/Inputs/GlobalClientAddonsSamlpGetArgs.cs @@ -37,7 +37,12 @@ public sealed class GlobalClientAddonsSamlpGetArgs : Pulumi.ResourceArgs public Input? LifetimeInSeconds { get; set; } [Input("logout")] - public Input? Logout { get; set; } + private InputMap? _logout; + public InputMap Logout + { + get => _logout ?? (_logout = new InputMap()); + set => _logout = value; + } [Input("mapIdentities")] public Input? MapIdentities { get; set; } diff --git a/sdk/dotnet/Inputs/GlobalClientAddonsSamlpLogoutArgs.cs b/sdk/dotnet/Inputs/GlobalClientAddonsSamlpLogoutArgs.cs deleted file mode 100644 index 539ebc9c..00000000 --- a/sdk/dotnet/Inputs/GlobalClientAddonsSamlpLogoutArgs.cs +++ /dev/null @@ -1,25 +0,0 @@ -// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** -// *** Do not edit by hand unless you're certain you know what you are doing! *** - -using System; -using System.Collections.Generic; -using System.Collections.Immutable; -using System.Threading.Tasks; -using Pulumi.Serialization; - -namespace Pulumi.Auth0.Inputs -{ - - public sealed class GlobalClientAddonsSamlpLogoutArgs : Pulumi.ResourceArgs - { - [Input("callback")] - public Input? Callback { get; set; } - - [Input("sloEnabled")] - public Input? SloEnabled { get; set; } - - public GlobalClientAddonsSamlpLogoutArgs() - { - } - } -} diff --git a/sdk/dotnet/Inputs/GlobalClientAddonsSamlpLogoutGetArgs.cs b/sdk/dotnet/Inputs/GlobalClientAddonsSamlpLogoutGetArgs.cs deleted file mode 100644 index 13fccdba..00000000 --- a/sdk/dotnet/Inputs/GlobalClientAddonsSamlpLogoutGetArgs.cs +++ /dev/null @@ -1,25 +0,0 @@ -// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** -// *** Do not edit by hand unless you're certain you know what you are doing! *** - -using System; -using System.Collections.Generic; -using System.Collections.Immutable; -using System.Threading.Tasks; -using Pulumi.Serialization; - -namespace Pulumi.Auth0.Inputs -{ - - public sealed class GlobalClientAddonsSamlpLogoutGetArgs : Pulumi.ResourceArgs - { - [Input("callback")] - public Input? Callback { get; set; } - - [Input("sloEnabled")] - public Input? SloEnabled { get; set; } - - public GlobalClientAddonsSamlpLogoutGetArgs() - { - } - } -} diff --git a/sdk/dotnet/Outputs/AttackProtectionBreachedPasswordDetection.cs b/sdk/dotnet/Outputs/AttackProtectionBreachedPasswordDetection.cs new file mode 100644 index 00000000..7029c061 --- /dev/null +++ b/sdk/dotnet/Outputs/AttackProtectionBreachedPasswordDetection.cs @@ -0,0 +1,49 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Auth0.Outputs +{ + + [OutputType] + public sealed class AttackProtectionBreachedPasswordDetection + { + /// + /// When "admin_notification" is enabled, determines how often email notifications are sent. Possible values: `immediately`, `daily`, `weekly`, `monthly`. + /// + public readonly ImmutableArray AdminNotificationFrequencies; + /// + /// Whether or not breached password detection is active. + /// + public readonly bool? Enabled; + /// + /// The subscription level for breached password detection methods. Use "enhanced" to enable Credential Guard. Possible values: `standard`, `enhanced`. + /// + public readonly string? Method; + /// + /// Action to take when a breached password is detected. Possible values: `block`, `user_notification`, `admin_notification`. + /// + public readonly ImmutableArray Shields; + + [OutputConstructor] + private AttackProtectionBreachedPasswordDetection( + ImmutableArray adminNotificationFrequencies, + + bool? enabled, + + string? method, + + ImmutableArray shields) + { + AdminNotificationFrequencies = adminNotificationFrequencies; + Enabled = enabled; + Method = method; + Shields = shields; + } + } +} diff --git a/sdk/dotnet/Outputs/AttackProtectionBruteForceProtection.cs b/sdk/dotnet/Outputs/AttackProtectionBruteForceProtection.cs new file mode 100644 index 00000000..ffba41da --- /dev/null +++ b/sdk/dotnet/Outputs/AttackProtectionBruteForceProtection.cs @@ -0,0 +1,56 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Auth0.Outputs +{ + + [OutputType] + public sealed class AttackProtectionBruteForceProtection + { + /// + /// List of trusted IP addresses that will not have attack protection enforced against them. + /// + public readonly ImmutableArray Allowlists; + /// + /// Whether or not breached password detection is active. + /// + public readonly bool? Enabled; + /// + /// Maximum number of unsuccessful attempts. Only available on public tenants. + /// + public readonly int? MaxAttempts; + /// + /// Determines whether or not IP address is used when counting failed attempts. Possible values: `count_per_identifier_and_ip` or `count_per_identifier`. + /// + public readonly string? Mode; + /// + /// Action to take when a breached password is detected. Possible values: `block`, `user_notification`, `admin_notification`. + /// + public readonly ImmutableArray Shields; + + [OutputConstructor] + private AttackProtectionBruteForceProtection( + ImmutableArray allowlists, + + bool? enabled, + + int? maxAttempts, + + string? mode, + + ImmutableArray shields) + { + Allowlists = allowlists; + Enabled = enabled; + MaxAttempts = maxAttempts; + Mode = mode; + Shields = shields; + } + } +} diff --git a/sdk/dotnet/Outputs/AttackProtectionSuspiciousIpThrottling.cs b/sdk/dotnet/Outputs/AttackProtectionSuspiciousIpThrottling.cs new file mode 100644 index 00000000..76e09f76 --- /dev/null +++ b/sdk/dotnet/Outputs/AttackProtectionSuspiciousIpThrottling.cs @@ -0,0 +1,56 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Auth0.Outputs +{ + + [OutputType] + public sealed class AttackProtectionSuspiciousIpThrottling + { + /// + /// List of trusted IP addresses that will not have attack protection enforced against them. + /// + public readonly ImmutableArray Allowlists; + /// + /// Whether or not breached password detection is active. + /// + public readonly bool? Enabled; + /// + /// Configuration options that apply before every login attempt. Only available on public tenants. + /// + public readonly Outputs.AttackProtectionSuspiciousIpThrottlingPreLogin? PreLogin; + /// + /// Configuration options that apply before every user registration attempt. Only available on public tenants. + /// + public readonly Outputs.AttackProtectionSuspiciousIpThrottlingPreUserRegistration? PreUserRegistration; + /// + /// Action to take when a breached password is detected. Possible values: `block`, `user_notification`, `admin_notification`. + /// + public readonly ImmutableArray Shields; + + [OutputConstructor] + private AttackProtectionSuspiciousIpThrottling( + ImmutableArray allowlists, + + bool? enabled, + + Outputs.AttackProtectionSuspiciousIpThrottlingPreLogin? preLogin, + + Outputs.AttackProtectionSuspiciousIpThrottlingPreUserRegistration? preUserRegistration, + + ImmutableArray shields) + { + Allowlists = allowlists; + Enabled = enabled; + PreLogin = preLogin; + PreUserRegistration = preUserRegistration; + Shields = shields; + } + } +} diff --git a/sdk/dotnet/Outputs/AttackProtectionSuspiciousIpThrottlingPreLogin.cs b/sdk/dotnet/Outputs/AttackProtectionSuspiciousIpThrottlingPreLogin.cs new file mode 100644 index 00000000..58bab9a9 --- /dev/null +++ b/sdk/dotnet/Outputs/AttackProtectionSuspiciousIpThrottlingPreLogin.cs @@ -0,0 +1,32 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Auth0.Outputs +{ + + [OutputType] + public sealed class AttackProtectionSuspiciousIpThrottlingPreLogin + { + /// + /// Maximum number of unsuccessful attempts. Only available on public tenants. + /// + public readonly int? MaxAttempts; + public readonly int? Rate; + + [OutputConstructor] + private AttackProtectionSuspiciousIpThrottlingPreLogin( + int? maxAttempts, + + int? rate) + { + MaxAttempts = maxAttempts; + Rate = rate; + } + } +} diff --git a/sdk/dotnet/Outputs/AttackProtectionSuspiciousIpThrottlingPreUserRegistration.cs b/sdk/dotnet/Outputs/AttackProtectionSuspiciousIpThrottlingPreUserRegistration.cs new file mode 100644 index 00000000..aedb1088 --- /dev/null +++ b/sdk/dotnet/Outputs/AttackProtectionSuspiciousIpThrottlingPreUserRegistration.cs @@ -0,0 +1,32 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Auth0.Outputs +{ + + [OutputType] + public sealed class AttackProtectionSuspiciousIpThrottlingPreUserRegistration + { + /// + /// Maximum number of unsuccessful attempts. Only available on public tenants. + /// + public readonly int? MaxAttempts; + public readonly int? Rate; + + [OutputConstructor] + private AttackProtectionSuspiciousIpThrottlingPreUserRegistration( + int? maxAttempts, + + int? rate) + { + MaxAttempts = maxAttempts; + Rate = rate; + } + } +} diff --git a/sdk/dotnet/Outputs/ClientAddonsSamlp.cs b/sdk/dotnet/Outputs/ClientAddonsSamlp.cs index 1737bb39..0261772e 100644 --- a/sdk/dotnet/Outputs/ClientAddonsSamlp.cs +++ b/sdk/dotnet/Outputs/ClientAddonsSamlp.cs @@ -48,7 +48,7 @@ public sealed class ClientAddonsSamlp /// /// Map(Resource). Configuration settings for logout. For details, see Logout. /// - public readonly Outputs.ClientAddonsSamlpLogout? Logout; + public readonly ImmutableDictionary? Logout; /// /// Boolean, (Default=true). Indicates whether or not to add additional identity information in the token, such as the provider used and the access_token, if available. /// @@ -112,7 +112,7 @@ public sealed class ClientAddonsSamlp int? lifetimeInSeconds, - Outputs.ClientAddonsSamlpLogout? logout, + ImmutableDictionary? logout, bool? mapIdentities, diff --git a/sdk/dotnet/Outputs/ClientAddonsSamlpLogout.cs b/sdk/dotnet/Outputs/ClientAddonsSamlpLogout.cs deleted file mode 100644 index e21df708..00000000 --- a/sdk/dotnet/Outputs/ClientAddonsSamlpLogout.cs +++ /dev/null @@ -1,35 +0,0 @@ -// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** -// *** Do not edit by hand unless you're certain you know what you are doing! *** - -using System; -using System.Collections.Generic; -using System.Collections.Immutable; -using System.Threading.Tasks; -using Pulumi.Serialization; - -namespace Pulumi.Auth0.Outputs -{ - - [OutputType] - public sealed class ClientAddonsSamlpLogout - { - /// - /// String. Service provider's Single Logout Service URL, to which Auth0 will send logout requests and responses. - /// - public readonly string? Callback; - /// - /// Boolean. Indicates whether or not Auth0 should notify service providers of session termination. - /// - public readonly bool? SloEnabled; - - [OutputConstructor] - private ClientAddonsSamlpLogout( - string? callback, - - bool? sloEnabled) - { - Callback = callback; - SloEnabled = sloEnabled; - } - } -} diff --git a/sdk/dotnet/Outputs/GetClientAddonSamlpLogoutResult.cs b/sdk/dotnet/Outputs/GetClientAddonSamlpLogoutResult.cs deleted file mode 100644 index e7d44e96..00000000 --- a/sdk/dotnet/Outputs/GetClientAddonSamlpLogoutResult.cs +++ /dev/null @@ -1,29 +0,0 @@ -// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** -// *** Do not edit by hand unless you're certain you know what you are doing! *** - -using System; -using System.Collections.Generic; -using System.Collections.Immutable; -using System.Threading.Tasks; -using Pulumi.Serialization; - -namespace Pulumi.Auth0.Outputs -{ - - [OutputType] - public sealed class GetClientAddonSamlpLogoutResult - { - public readonly string? Callback; - public readonly bool? SloEnabled; - - [OutputConstructor] - private GetClientAddonSamlpLogoutResult( - string? callback, - - bool? sloEnabled) - { - Callback = callback; - SloEnabled = sloEnabled; - } - } -} diff --git a/sdk/dotnet/Outputs/GetClientAddonSamlpResult.cs b/sdk/dotnet/Outputs/GetClientAddonSamlpResult.cs index 683eedfc..c49de8d6 100644 --- a/sdk/dotnet/Outputs/GetClientAddonSamlpResult.cs +++ b/sdk/dotnet/Outputs/GetClientAddonSamlpResult.cs @@ -21,7 +21,7 @@ public sealed class GetClientAddonSamlpResult public readonly string DigestAlgorithm; public readonly bool IncludeAttributeNameFormat; public readonly int LifetimeInSeconds; - public readonly Outputs.GetClientAddonSamlpLogoutResult Logout; + public readonly ImmutableDictionary Logout; public readonly bool MapIdentities; public readonly bool MapUnknownClaimsAsIs; public readonly ImmutableDictionary Mappings; @@ -52,7 +52,7 @@ public sealed class GetClientAddonSamlpResult int lifetimeInSeconds, - Outputs.GetClientAddonSamlpLogoutResult logout, + ImmutableDictionary logout, bool mapIdentities, diff --git a/sdk/dotnet/Outputs/GetGlobalClientAddonSamlpLogoutResult.cs b/sdk/dotnet/Outputs/GetGlobalClientAddonSamlpLogoutResult.cs deleted file mode 100644 index 4182ec18..00000000 --- a/sdk/dotnet/Outputs/GetGlobalClientAddonSamlpLogoutResult.cs +++ /dev/null @@ -1,29 +0,0 @@ -// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** -// *** Do not edit by hand unless you're certain you know what you are doing! *** - -using System; -using System.Collections.Generic; -using System.Collections.Immutable; -using System.Threading.Tasks; -using Pulumi.Serialization; - -namespace Pulumi.Auth0.Outputs -{ - - [OutputType] - public sealed class GetGlobalClientAddonSamlpLogoutResult - { - public readonly string? Callback; - public readonly bool? SloEnabled; - - [OutputConstructor] - private GetGlobalClientAddonSamlpLogoutResult( - string? callback, - - bool? sloEnabled) - { - Callback = callback; - SloEnabled = sloEnabled; - } - } -} diff --git a/sdk/dotnet/Outputs/GetGlobalClientAddonSamlpResult.cs b/sdk/dotnet/Outputs/GetGlobalClientAddonSamlpResult.cs index 079b42ea..e53572ad 100644 --- a/sdk/dotnet/Outputs/GetGlobalClientAddonSamlpResult.cs +++ b/sdk/dotnet/Outputs/GetGlobalClientAddonSamlpResult.cs @@ -21,7 +21,7 @@ public sealed class GetGlobalClientAddonSamlpResult public readonly string DigestAlgorithm; public readonly bool IncludeAttributeNameFormat; public readonly int LifetimeInSeconds; - public readonly Outputs.GetGlobalClientAddonSamlpLogoutResult Logout; + public readonly ImmutableDictionary Logout; public readonly bool MapIdentities; public readonly bool MapUnknownClaimsAsIs; public readonly ImmutableDictionary Mappings; @@ -52,7 +52,7 @@ public sealed class GetGlobalClientAddonSamlpResult int lifetimeInSeconds, - Outputs.GetGlobalClientAddonSamlpLogoutResult logout, + ImmutableDictionary logout, bool mapIdentities, diff --git a/sdk/dotnet/Outputs/GlobalClientAddonsSamlp.cs b/sdk/dotnet/Outputs/GlobalClientAddonsSamlp.cs index 53c9564c..c21da073 100644 --- a/sdk/dotnet/Outputs/GlobalClientAddonsSamlp.cs +++ b/sdk/dotnet/Outputs/GlobalClientAddonsSamlp.cs @@ -21,7 +21,7 @@ public sealed class GlobalClientAddonsSamlp public readonly string? DigestAlgorithm; public readonly bool? IncludeAttributeNameFormat; public readonly int? LifetimeInSeconds; - public readonly Outputs.GlobalClientAddonsSamlpLogout? Logout; + public readonly ImmutableDictionary? Logout; public readonly bool? MapIdentities; public readonly bool? MapUnknownClaimsAsIs; public readonly ImmutableDictionary? Mappings; @@ -52,7 +52,7 @@ public sealed class GlobalClientAddonsSamlp int? lifetimeInSeconds, - Outputs.GlobalClientAddonsSamlpLogout? logout, + ImmutableDictionary? logout, bool? mapIdentities, diff --git a/sdk/dotnet/Outputs/GlobalClientAddonsSamlpLogout.cs b/sdk/dotnet/Outputs/GlobalClientAddonsSamlpLogout.cs deleted file mode 100644 index f6cce694..00000000 --- a/sdk/dotnet/Outputs/GlobalClientAddonsSamlpLogout.cs +++ /dev/null @@ -1,29 +0,0 @@ -// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** -// *** Do not edit by hand unless you're certain you know what you are doing! *** - -using System; -using System.Collections.Generic; -using System.Collections.Immutable; -using System.Threading.Tasks; -using Pulumi.Serialization; - -namespace Pulumi.Auth0.Outputs -{ - - [OutputType] - public sealed class GlobalClientAddonsSamlpLogout - { - public readonly string? Callback; - public readonly bool? SloEnabled; - - [OutputConstructor] - private GlobalClientAddonsSamlpLogout( - string? callback, - - bool? sloEnabled) - { - Callback = callback; - SloEnabled = sloEnabled; - } - } -} diff --git a/sdk/go/auth0/attackProtection.go b/sdk/go/auth0/attackProtection.go new file mode 100644 index 00000000..dbc43160 --- /dev/null +++ b/sdk/go/auth0/attackProtection.go @@ -0,0 +1,299 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package auth0 + +import ( + "context" + "reflect" + + "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +) + +// Auth0 can detect attacks and stop malicious attempts to access your application such as blocking traffic from certain IPs and displaying CAPTCHA +// +// ## Example Usage +// +// ```go +// package main +// +// import ( +// "github.com/pulumi/pulumi-auth0/sdk/v2/go/auth0" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := auth0.NewAttackProtection(ctx, "attackProtection", &auth0.AttackProtectionArgs{ +// BreachedPasswordDetection: &AttackProtectionBreachedPasswordDetectionArgs{ +// AdminNotificationFrequencies: pulumi.StringArray{ +// pulumi.String("daily"), +// }, +// Enabled: pulumi.Bool(true), +// Method: pulumi.String("standard"), +// Shields: pulumi.StringArray{ +// pulumi.String("admin_notification"), +// pulumi.String("block"), +// }, +// }, +// BruteForceProtection: &AttackProtectionBruteForceProtectionArgs{ +// Allowlists: pulumi.StringArray{ +// pulumi.String("127.0.0.1"), +// }, +// Enabled: pulumi.Bool(true), +// MaxAttempts: pulumi.Int(5), +// Mode: pulumi.String("count_per_identifier_and_ip"), +// Shields: pulumi.StringArray{ +// pulumi.String("block"), +// pulumi.String("user_notification"), +// }, +// }, +// SuspiciousIpThrottling: &AttackProtectionSuspiciousIpThrottlingArgs{ +// Allowlists: pulumi.StringArray{ +// pulumi.String("192.168.1.1"), +// }, +// Enabled: pulumi.Bool(true), +// PreLogin: &AttackProtectionSuspiciousIpThrottlingPreLoginArgs{ +// MaxAttempts: pulumi.Int(100), +// Rate: pulumi.Int(864000), +// }, +// PreUserRegistration: &AttackProtectionSuspiciousIpThrottlingPreUserRegistrationArgs{ +// MaxAttempts: pulumi.Int(50), +// Rate: pulumi.Int(1200), +// }, +// Shields: pulumi.StringArray{ +// pulumi.String("admin_notification"), +// pulumi.String("block"), +// }, +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// ``` +// +// ## Import +// +// As this is not a resource identifiable by an ID within the Auth0 Management API, guardian can be imported using a random string. We recommend [Version 4 UUID](https://www.uuidgenerator.net/version4) e.g. +// +// ```sh +// $ pulumi import auth0:index/attackProtection:AttackProtection default 24940d4b-4bd4-44e7-894e-f92e4de36a40 +// ``` +type AttackProtection struct { + pulumi.CustomResourceState + + // Breached password detection protects your applications from bad actors logging in with stolen credentials. + BreachedPasswordDetection AttackProtectionBreachedPasswordDetectionOutput `pulumi:"breachedPasswordDetection"` + // Safeguards against a single IP address attacking a single user account. + BruteForceProtection AttackProtectionBruteForceProtectionOutput `pulumi:"bruteForceProtection"` + // Suspicious IP throttling blocks traffic from any IP address that rapidly attempts too many logins or signups. + SuspiciousIpThrottling AttackProtectionSuspiciousIpThrottlingOutput `pulumi:"suspiciousIpThrottling"` +} + +// NewAttackProtection registers a new resource with the given unique name, arguments, and options. +func NewAttackProtection(ctx *pulumi.Context, + name string, args *AttackProtectionArgs, opts ...pulumi.ResourceOption) (*AttackProtection, error) { + if args == nil { + args = &AttackProtectionArgs{} + } + + var resource AttackProtection + err := ctx.RegisterResource("auth0:index/attackProtection:AttackProtection", name, args, &resource, opts...) + if err != nil { + return nil, err + } + return &resource, nil +} + +// GetAttackProtection gets an existing AttackProtection resource's state with the given name, ID, and optional +// state properties that are used to uniquely qualify the lookup (nil if not required). +func GetAttackProtection(ctx *pulumi.Context, + name string, id pulumi.IDInput, state *AttackProtectionState, opts ...pulumi.ResourceOption) (*AttackProtection, error) { + var resource AttackProtection + err := ctx.ReadResource("auth0:index/attackProtection:AttackProtection", name, id, state, &resource, opts...) + if err != nil { + return nil, err + } + return &resource, nil +} + +// Input properties used for looking up and filtering AttackProtection resources. +type attackProtectionState struct { + // Breached password detection protects your applications from bad actors logging in with stolen credentials. + BreachedPasswordDetection *AttackProtectionBreachedPasswordDetection `pulumi:"breachedPasswordDetection"` + // Safeguards against a single IP address attacking a single user account. + BruteForceProtection *AttackProtectionBruteForceProtection `pulumi:"bruteForceProtection"` + // Suspicious IP throttling blocks traffic from any IP address that rapidly attempts too many logins or signups. + SuspiciousIpThrottling *AttackProtectionSuspiciousIpThrottling `pulumi:"suspiciousIpThrottling"` +} + +type AttackProtectionState struct { + // Breached password detection protects your applications from bad actors logging in with stolen credentials. + BreachedPasswordDetection AttackProtectionBreachedPasswordDetectionPtrInput + // Safeguards against a single IP address attacking a single user account. + BruteForceProtection AttackProtectionBruteForceProtectionPtrInput + // Suspicious IP throttling blocks traffic from any IP address that rapidly attempts too many logins or signups. + SuspiciousIpThrottling AttackProtectionSuspiciousIpThrottlingPtrInput +} + +func (AttackProtectionState) ElementType() reflect.Type { + return reflect.TypeOf((*attackProtectionState)(nil)).Elem() +} + +type attackProtectionArgs struct { + // Breached password detection protects your applications from bad actors logging in with stolen credentials. + BreachedPasswordDetection *AttackProtectionBreachedPasswordDetection `pulumi:"breachedPasswordDetection"` + // Safeguards against a single IP address attacking a single user account. + BruteForceProtection *AttackProtectionBruteForceProtection `pulumi:"bruteForceProtection"` + // Suspicious IP throttling blocks traffic from any IP address that rapidly attempts too many logins or signups. + SuspiciousIpThrottling *AttackProtectionSuspiciousIpThrottling `pulumi:"suspiciousIpThrottling"` +} + +// The set of arguments for constructing a AttackProtection resource. +type AttackProtectionArgs struct { + // Breached password detection protects your applications from bad actors logging in with stolen credentials. + BreachedPasswordDetection AttackProtectionBreachedPasswordDetectionPtrInput + // Safeguards against a single IP address attacking a single user account. + BruteForceProtection AttackProtectionBruteForceProtectionPtrInput + // Suspicious IP throttling blocks traffic from any IP address that rapidly attempts too many logins or signups. + SuspiciousIpThrottling AttackProtectionSuspiciousIpThrottlingPtrInput +} + +func (AttackProtectionArgs) ElementType() reflect.Type { + return reflect.TypeOf((*attackProtectionArgs)(nil)).Elem() +} + +type AttackProtectionInput interface { + pulumi.Input + + ToAttackProtectionOutput() AttackProtectionOutput + ToAttackProtectionOutputWithContext(ctx context.Context) AttackProtectionOutput +} + +func (*AttackProtection) ElementType() reflect.Type { + return reflect.TypeOf((**AttackProtection)(nil)).Elem() +} + +func (i *AttackProtection) ToAttackProtectionOutput() AttackProtectionOutput { + return i.ToAttackProtectionOutputWithContext(context.Background()) +} + +func (i *AttackProtection) ToAttackProtectionOutputWithContext(ctx context.Context) AttackProtectionOutput { + return pulumi.ToOutputWithContext(ctx, i).(AttackProtectionOutput) +} + +// AttackProtectionArrayInput is an input type that accepts AttackProtectionArray and AttackProtectionArrayOutput values. +// You can construct a concrete instance of `AttackProtectionArrayInput` via: +// +// AttackProtectionArray{ AttackProtectionArgs{...} } +type AttackProtectionArrayInput interface { + pulumi.Input + + ToAttackProtectionArrayOutput() AttackProtectionArrayOutput + ToAttackProtectionArrayOutputWithContext(context.Context) AttackProtectionArrayOutput +} + +type AttackProtectionArray []AttackProtectionInput + +func (AttackProtectionArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]*AttackProtection)(nil)).Elem() +} + +func (i AttackProtectionArray) ToAttackProtectionArrayOutput() AttackProtectionArrayOutput { + return i.ToAttackProtectionArrayOutputWithContext(context.Background()) +} + +func (i AttackProtectionArray) ToAttackProtectionArrayOutputWithContext(ctx context.Context) AttackProtectionArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(AttackProtectionArrayOutput) +} + +// AttackProtectionMapInput is an input type that accepts AttackProtectionMap and AttackProtectionMapOutput values. +// You can construct a concrete instance of `AttackProtectionMapInput` via: +// +// AttackProtectionMap{ "key": AttackProtectionArgs{...} } +type AttackProtectionMapInput interface { + pulumi.Input + + ToAttackProtectionMapOutput() AttackProtectionMapOutput + ToAttackProtectionMapOutputWithContext(context.Context) AttackProtectionMapOutput +} + +type AttackProtectionMap map[string]AttackProtectionInput + +func (AttackProtectionMap) ElementType() reflect.Type { + return reflect.TypeOf((*map[string]*AttackProtection)(nil)).Elem() +} + +func (i AttackProtectionMap) ToAttackProtectionMapOutput() AttackProtectionMapOutput { + return i.ToAttackProtectionMapOutputWithContext(context.Background()) +} + +func (i AttackProtectionMap) ToAttackProtectionMapOutputWithContext(ctx context.Context) AttackProtectionMapOutput { + return pulumi.ToOutputWithContext(ctx, i).(AttackProtectionMapOutput) +} + +type AttackProtectionOutput struct{ *pulumi.OutputState } + +func (AttackProtectionOutput) ElementType() reflect.Type { + return reflect.TypeOf((**AttackProtection)(nil)).Elem() +} + +func (o AttackProtectionOutput) ToAttackProtectionOutput() AttackProtectionOutput { + return o +} + +func (o AttackProtectionOutput) ToAttackProtectionOutputWithContext(ctx context.Context) AttackProtectionOutput { + return o +} + +type AttackProtectionArrayOutput struct{ *pulumi.OutputState } + +func (AttackProtectionArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]*AttackProtection)(nil)).Elem() +} + +func (o AttackProtectionArrayOutput) ToAttackProtectionArrayOutput() AttackProtectionArrayOutput { + return o +} + +func (o AttackProtectionArrayOutput) ToAttackProtectionArrayOutputWithContext(ctx context.Context) AttackProtectionArrayOutput { + return o +} + +func (o AttackProtectionArrayOutput) Index(i pulumi.IntInput) AttackProtectionOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) *AttackProtection { + return vs[0].([]*AttackProtection)[vs[1].(int)] + }).(AttackProtectionOutput) +} + +type AttackProtectionMapOutput struct{ *pulumi.OutputState } + +func (AttackProtectionMapOutput) ElementType() reflect.Type { + return reflect.TypeOf((*map[string]*AttackProtection)(nil)).Elem() +} + +func (o AttackProtectionMapOutput) ToAttackProtectionMapOutput() AttackProtectionMapOutput { + return o +} + +func (o AttackProtectionMapOutput) ToAttackProtectionMapOutputWithContext(ctx context.Context) AttackProtectionMapOutput { + return o +} + +func (o AttackProtectionMapOutput) MapIndex(k pulumi.StringInput) AttackProtectionOutput { + return pulumi.All(o, k).ApplyT(func(vs []interface{}) *AttackProtection { + return vs[0].(map[string]*AttackProtection)[vs[1].(string)] + }).(AttackProtectionOutput) +} + +func init() { + pulumi.RegisterInputType(reflect.TypeOf((*AttackProtectionInput)(nil)).Elem(), &AttackProtection{}) + pulumi.RegisterInputType(reflect.TypeOf((*AttackProtectionArrayInput)(nil)).Elem(), AttackProtectionArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*AttackProtectionMapInput)(nil)).Elem(), AttackProtectionMap{}) + pulumi.RegisterOutputType(AttackProtectionOutput{}) + pulumi.RegisterOutputType(AttackProtectionArrayOutput{}) + pulumi.RegisterOutputType(AttackProtectionMapOutput{}) +} diff --git a/sdk/go/auth0/client.go b/sdk/go/auth0/client.go index b48f0804..abbaba5a 100644 --- a/sdk/go/auth0/client.go +++ b/sdk/go/auth0/client.go @@ -65,6 +65,10 @@ import ( // ClientMetadata: pulumi.AnyMap{ // "foo": pulumi.Any("zoo"), // }, +// ClientSecretRotationTrigger: pulumi.AnyMap{ +// "triggered_at": pulumi.Any("2018-01-02T23:12:01Z"), +// "triggered_by": pulumi.Any("auth0"), +// }, // CustomLoginPageOn: pulumi.Bool(true), // Description: pulumi.String("Test Applications Long Description"), // GrantTypes: pulumi.StringArray{ @@ -144,7 +148,7 @@ type Client struct { // Map(String) ClientMetadata pulumi.MapOutput `pulumi:"clientMetadata"` ClientSecret pulumi.StringOutput `pulumi:"clientSecret"` - // Map. + // Map. Custom metadata for the rotation. For more info: [rotate-client-secret](https://auth0.com/docs/get-started/applications/rotate-client-secret). ClientSecretRotationTrigger pulumi.MapOutput `pulumi:"clientSecretRotationTrigger"` // Boolean. Indicates whether or not the client can be used to make cross-origin authentication requests. CrossOriginAuth pulumi.BoolPtrOutput `pulumi:"crossOriginAuth"` @@ -173,7 +177,7 @@ type Client struct { // String. URL of the logo for the client. Recommended size is 150px x 150px. If none is set, the default badge for the application type will be shown. LogoUri pulumi.StringPtrOutput `pulumi:"logoUri"` // List(Resource). Configuration settings for mobile native applications. For details, see Mobile. - Mobile ClientMobilePtrOutput `pulumi:"mobile"` + Mobile ClientMobileOutput `pulumi:"mobile"` // String. Name of the client. Name pulumi.StringOutput `pulumi:"name"` // List(Resource). Configuration settings to toggle native social login for mobile native applications. For details, see Native Social Login @@ -248,7 +252,7 @@ type clientState struct { // Map(String) ClientMetadata map[string]interface{} `pulumi:"clientMetadata"` ClientSecret *string `pulumi:"clientSecret"` - // Map. + // Map. Custom metadata for the rotation. For more info: [rotate-client-secret](https://auth0.com/docs/get-started/applications/rotate-client-secret). ClientSecretRotationTrigger map[string]interface{} `pulumi:"clientSecretRotationTrigger"` // Boolean. Indicates whether or not the client can be used to make cross-origin authentication requests. CrossOriginAuth *bool `pulumi:"crossOriginAuth"` @@ -321,7 +325,7 @@ type ClientState struct { // Map(String) ClientMetadata pulumi.MapInput ClientSecret pulumi.StringPtrInput - // Map. + // Map. Custom metadata for the rotation. For more info: [rotate-client-secret](https://auth0.com/docs/get-started/applications/rotate-client-secret). ClientSecretRotationTrigger pulumi.MapInput // Boolean. Indicates whether or not the client can be used to make cross-origin authentication requests. CrossOriginAuth pulumi.BoolPtrInput @@ -394,7 +398,7 @@ type clientArgs struct { Callbacks []string `pulumi:"callbacks"` // Map(String) ClientMetadata map[string]interface{} `pulumi:"clientMetadata"` - // Map. + // Map. Custom metadata for the rotation. For more info: [rotate-client-secret](https://auth0.com/docs/get-started/applications/rotate-client-secret). ClientSecretRotationTrigger map[string]interface{} `pulumi:"clientSecretRotationTrigger"` // Boolean. Indicates whether or not the client can be used to make cross-origin authentication requests. CrossOriginAuth *bool `pulumi:"crossOriginAuth"` @@ -462,7 +466,7 @@ type ClientArgs struct { Callbacks pulumi.StringArrayInput // Map(String) ClientMetadata pulumi.MapInput - // Map. + // Map. Custom metadata for the rotation. For more info: [rotate-client-secret](https://auth0.com/docs/get-started/applications/rotate-client-secret). ClientSecretRotationTrigger pulumi.MapInput // Boolean. Indicates whether or not the client can be used to make cross-origin authentication requests. CrossOriginAuth pulumi.BoolPtrInput diff --git a/sdk/go/auth0/connection.go b/sdk/go/auth0/connection.go index d86c20d5..cf4a71a9 100644 --- a/sdk/go/auth0/connection.go +++ b/sdk/go/auth0/connection.go @@ -83,6 +83,8 @@ type Connection struct { Options ConnectionOptionsPtrOutput `pulumi:"options"` // Defines the realms for which the connection will be used (i.e., email domains). If not specified, the connection name is added as the realm. Realms pulumi.StringArrayOutput `pulumi:"realms"` + // Display connection as a button. Only available for enterprise connections. + ShowAsButton pulumi.BoolPtrOutput `pulumi:"showAsButton"` // Type of the connection, which indicates the identity provider. Options include `ad`, `adfs`, `amazon`, `aol`, `apple`, `auth0`, `auth0-adldap`, `auth0-oidc`, `baidu`, `bitbucket`, `bitly`, `box`, `custom`, `daccount`, `dropbox`, `dwolla`, `email`, `evernote`, `evernote-sandbox`, `exact`, `facebook`, `fitbit`, `flickr`, `github`, `google-apps`, `google-oauth2`, `guardian`, `instagram`, `ip`, `line`, `linkedin`, `miicard`, `oauth1`, `oauth2`, `office365`, `oidc`, `paypal`, `paypal-sandbox`, `pingfederate`, `planningcenter`, `renren`, `salesforce`, `salesforce-community`, `salesforce-sandbox` `samlp`, `sharepoint`, `shopify`, `sms`, `soundcloud`, `thecity`, `thecity-sandbox`, `thirtysevensignals`, `twitter`, `untappd`, `vkontakte`, `waad`, `weibo`, `windowslive`, `wordpress`, `yahoo`, `yammer`, `yandex`. Strategy pulumi.StringOutput `pulumi:"strategy"` // Version 1 is deprecated, use version 2. @@ -135,6 +137,8 @@ type connectionState struct { Options *ConnectionOptions `pulumi:"options"` // Defines the realms for which the connection will be used (i.e., email domains). If not specified, the connection name is added as the realm. Realms []string `pulumi:"realms"` + // Display connection as a button. Only available for enterprise connections. + ShowAsButton *bool `pulumi:"showAsButton"` // Type of the connection, which indicates the identity provider. Options include `ad`, `adfs`, `amazon`, `aol`, `apple`, `auth0`, `auth0-adldap`, `auth0-oidc`, `baidu`, `bitbucket`, `bitly`, `box`, `custom`, `daccount`, `dropbox`, `dwolla`, `email`, `evernote`, `evernote-sandbox`, `exact`, `facebook`, `fitbit`, `flickr`, `github`, `google-apps`, `google-oauth2`, `guardian`, `instagram`, `ip`, `line`, `linkedin`, `miicard`, `oauth1`, `oauth2`, `office365`, `oidc`, `paypal`, `paypal-sandbox`, `pingfederate`, `planningcenter`, `renren`, `salesforce`, `salesforce-community`, `salesforce-sandbox` `samlp`, `sharepoint`, `shopify`, `sms`, `soundcloud`, `thecity`, `thecity-sandbox`, `thirtysevensignals`, `twitter`, `untappd`, `vkontakte`, `waad`, `weibo`, `windowslive`, `wordpress`, `yahoo`, `yammer`, `yandex`. Strategy *string `pulumi:"strategy"` // Version 1 is deprecated, use version 2. @@ -156,6 +160,8 @@ type ConnectionState struct { Options ConnectionOptionsPtrInput // Defines the realms for which the connection will be used (i.e., email domains). If not specified, the connection name is added as the realm. Realms pulumi.StringArrayInput + // Display connection as a button. Only available for enterprise connections. + ShowAsButton pulumi.BoolPtrInput // Type of the connection, which indicates the identity provider. Options include `ad`, `adfs`, `amazon`, `aol`, `apple`, `auth0`, `auth0-adldap`, `auth0-oidc`, `baidu`, `bitbucket`, `bitly`, `box`, `custom`, `daccount`, `dropbox`, `dwolla`, `email`, `evernote`, `evernote-sandbox`, `exact`, `facebook`, `fitbit`, `flickr`, `github`, `google-apps`, `google-oauth2`, `guardian`, `instagram`, `ip`, `line`, `linkedin`, `miicard`, `oauth1`, `oauth2`, `office365`, `oidc`, `paypal`, `paypal-sandbox`, `pingfederate`, `planningcenter`, `renren`, `salesforce`, `salesforce-community`, `salesforce-sandbox` `samlp`, `sharepoint`, `shopify`, `sms`, `soundcloud`, `thecity`, `thecity-sandbox`, `thirtysevensignals`, `twitter`, `untappd`, `vkontakte`, `waad`, `weibo`, `windowslive`, `wordpress`, `yahoo`, `yammer`, `yandex`. Strategy pulumi.StringPtrInput // Version 1 is deprecated, use version 2. @@ -181,6 +187,8 @@ type connectionArgs struct { Options *ConnectionOptions `pulumi:"options"` // Defines the realms for which the connection will be used (i.e., email domains). If not specified, the connection name is added as the realm. Realms []string `pulumi:"realms"` + // Display connection as a button. Only available for enterprise connections. + ShowAsButton *bool `pulumi:"showAsButton"` // Type of the connection, which indicates the identity provider. Options include `ad`, `adfs`, `amazon`, `aol`, `apple`, `auth0`, `auth0-adldap`, `auth0-oidc`, `baidu`, `bitbucket`, `bitly`, `box`, `custom`, `daccount`, `dropbox`, `dwolla`, `email`, `evernote`, `evernote-sandbox`, `exact`, `facebook`, `fitbit`, `flickr`, `github`, `google-apps`, `google-oauth2`, `guardian`, `instagram`, `ip`, `line`, `linkedin`, `miicard`, `oauth1`, `oauth2`, `office365`, `oidc`, `paypal`, `paypal-sandbox`, `pingfederate`, `planningcenter`, `renren`, `salesforce`, `salesforce-community`, `salesforce-sandbox` `samlp`, `sharepoint`, `shopify`, `sms`, `soundcloud`, `thecity`, `thecity-sandbox`, `thirtysevensignals`, `twitter`, `untappd`, `vkontakte`, `waad`, `weibo`, `windowslive`, `wordpress`, `yahoo`, `yammer`, `yandex`. Strategy string `pulumi:"strategy"` // Version 1 is deprecated, use version 2. @@ -203,6 +211,8 @@ type ConnectionArgs struct { Options ConnectionOptionsPtrInput // Defines the realms for which the connection will be used (i.e., email domains). If not specified, the connection name is added as the realm. Realms pulumi.StringArrayInput + // Display connection as a button. Only available for enterprise connections. + ShowAsButton pulumi.BoolPtrInput // Type of the connection, which indicates the identity provider. Options include `ad`, `adfs`, `amazon`, `aol`, `apple`, `auth0`, `auth0-adldap`, `auth0-oidc`, `baidu`, `bitbucket`, `bitly`, `box`, `custom`, `daccount`, `dropbox`, `dwolla`, `email`, `evernote`, `evernote-sandbox`, `exact`, `facebook`, `fitbit`, `flickr`, `github`, `google-apps`, `google-oauth2`, `guardian`, `instagram`, `ip`, `line`, `linkedin`, `miicard`, `oauth1`, `oauth2`, `office365`, `oidc`, `paypal`, `paypal-sandbox`, `pingfederate`, `planningcenter`, `renren`, `salesforce`, `salesforce-community`, `salesforce-sandbox` `samlp`, `sharepoint`, `shopify`, `sms`, `soundcloud`, `thecity`, `thecity-sandbox`, `thirtysevensignals`, `twitter`, `untappd`, `vkontakte`, `waad`, `weibo`, `windowslive`, `wordpress`, `yahoo`, `yammer`, `yandex`. Strategy pulumi.StringInput // Version 1 is deprecated, use version 2. diff --git a/sdk/go/auth0/getClient.go b/sdk/go/auth0/getClient.go index 22fd9a28..2729e37d 100644 --- a/sdk/go/auth0/getClient.go +++ b/sdk/go/auth0/getClient.go @@ -67,6 +67,7 @@ type LookupClientResult struct { Callbacks []string `pulumi:"callbacks"` ClientId *string `pulumi:"clientId"` ClientMetadata map[string]interface{} `pulumi:"clientMetadata"` + ClientSecret string `pulumi:"clientSecret"` CrossOriginAuth bool `pulumi:"crossOriginAuth"` CrossOriginLoc string `pulumi:"crossOriginLoc"` CustomLoginPage string `pulumi:"customLoginPage"` @@ -164,6 +165,10 @@ func (o LookupClientResultOutput) ClientMetadata() pulumi.MapOutput { return o.ApplyT(func(v LookupClientResult) map[string]interface{} { return v.ClientMetadata }).(pulumi.MapOutput) } +func (o LookupClientResultOutput) ClientSecret() pulumi.StringOutput { + return o.ApplyT(func(v LookupClientResult) string { return v.ClientSecret }).(pulumi.StringOutput) +} + func (o LookupClientResultOutput) CrossOriginAuth() pulumi.BoolOutput { return o.ApplyT(func(v LookupClientResult) bool { return v.CrossOriginAuth }).(pulumi.BoolOutput) } diff --git a/sdk/go/auth0/getGlobalClient.go b/sdk/go/auth0/getGlobalClient.go index d0e7863e..e8a3c6f1 100644 --- a/sdk/go/auth0/getGlobalClient.go +++ b/sdk/go/auth0/getGlobalClient.go @@ -62,6 +62,7 @@ type LookupGlobalClientResult struct { ClientId *string `pulumi:"clientId"` // (Optional) Map(String) ClientMetadata map[string]interface{} `pulumi:"clientMetadata"` + ClientSecret string `pulumi:"clientSecret"` CrossOriginAuth bool `pulumi:"crossOriginAuth"` CrossOriginLoc string `pulumi:"crossOriginLoc"` // String. Content of the custom login page. @@ -164,6 +165,10 @@ func (o LookupGlobalClientResultOutput) ClientMetadata() pulumi.MapOutput { return o.ApplyT(func(v LookupGlobalClientResult) map[string]interface{} { return v.ClientMetadata }).(pulumi.MapOutput) } +func (o LookupGlobalClientResultOutput) ClientSecret() pulumi.StringOutput { + return o.ApplyT(func(v LookupGlobalClientResult) string { return v.ClientSecret }).(pulumi.StringOutput) +} + func (o LookupGlobalClientResultOutput) CrossOriginAuth() pulumi.BoolOutput { return o.ApplyT(func(v LookupGlobalClientResult) bool { return v.CrossOriginAuth }).(pulumi.BoolOutput) } diff --git a/sdk/go/auth0/getTenant.go b/sdk/go/auth0/getTenant.go new file mode 100644 index 00000000..5c175396 --- /dev/null +++ b/sdk/go/auth0/getTenant.go @@ -0,0 +1,49 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package auth0 + +import ( + "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +) + +// Use this data source to access information about the tenant this provider is configured to access. +// +// ## Example Usage +// +// ```go +// package main +// +// import ( +// "github.com/pulumi/pulumi-auth0/sdk/v2/go/auth0" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := auth0.LookupTenant(ctx, nil, nil) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// ``` +func LookupTenant(ctx *pulumi.Context, opts ...pulumi.InvokeOption) (*LookupTenantResult, error) { + var rv LookupTenantResult + err := ctx.Invoke("auth0:index/getTenant:getTenant", nil, &rv, opts...) + if err != nil { + return nil, err + } + return &rv, nil +} + +// A collection of values returned by getTenant. +type LookupTenantResult struct { + // String. Your Auth0 domain name. + Domain string `pulumi:"domain"` + // The provider-assigned unique ID for this managed resource. + Id string `pulumi:"id"` + // String. The identifier value of the built-in Management API resource server, which can be used as an audience when configuring client grants. + ManagementApiIdentifier string `pulumi:"managementApiIdentifier"` +} diff --git a/sdk/go/auth0/init.go b/sdk/go/auth0/init.go index 7f7b0a9e..db16d6fa 100644 --- a/sdk/go/auth0/init.go +++ b/sdk/go/auth0/init.go @@ -22,6 +22,8 @@ func (m *module) Construct(ctx *pulumi.Context, name, typ, urn string) (r pulumi switch typ { case "auth0:index/action:Action": r = &Action{} + case "auth0:index/attackProtection:AttackProtection": + r = &AttackProtection{} case "auth0:index/branding:Branding": r = &Branding{} case "auth0:index/client:Client": @@ -102,6 +104,11 @@ func init() { "index/action", &module{version}, ) + pulumi.RegisterResourceModule( + "auth0", + "index/attackProtection", + &module{version}, + ) pulumi.RegisterResourceModule( "auth0", "index/branding", diff --git a/sdk/go/auth0/pulumiTypes.go b/sdk/go/auth0/pulumiTypes.go index 479d5996..8f740450 100644 --- a/sdk/go/auth0/pulumiTypes.go +++ b/sdk/go/auth0/pulumiTypes.go @@ -378,6 +378,934 @@ func (o ActionSupportedTriggersPtrOutput) Version() pulumi.StringPtrOutput { }).(pulumi.StringPtrOutput) } +type AttackProtectionBreachedPasswordDetection struct { + // When "adminNotification" is enabled, determines how often email notifications are sent. Possible values: `immediately`, `daily`, `weekly`, `monthly`. + AdminNotificationFrequencies []string `pulumi:"adminNotificationFrequencies"` + // Whether or not breached password detection is active. + Enabled *bool `pulumi:"enabled"` + // The subscription level for breached password detection methods. Use "enhanced" to enable Credential Guard. Possible values: `standard`, `enhanced`. + Method *string `pulumi:"method"` + // Action to take when a breached password is detected. Possible values: `block`, `userNotification`, `adminNotification`. + Shields []string `pulumi:"shields"` +} + +// AttackProtectionBreachedPasswordDetectionInput is an input type that accepts AttackProtectionBreachedPasswordDetectionArgs and AttackProtectionBreachedPasswordDetectionOutput values. +// You can construct a concrete instance of `AttackProtectionBreachedPasswordDetectionInput` via: +// +// AttackProtectionBreachedPasswordDetectionArgs{...} +type AttackProtectionBreachedPasswordDetectionInput interface { + pulumi.Input + + ToAttackProtectionBreachedPasswordDetectionOutput() AttackProtectionBreachedPasswordDetectionOutput + ToAttackProtectionBreachedPasswordDetectionOutputWithContext(context.Context) AttackProtectionBreachedPasswordDetectionOutput +} + +type AttackProtectionBreachedPasswordDetectionArgs struct { + // When "adminNotification" is enabled, determines how often email notifications are sent. Possible values: `immediately`, `daily`, `weekly`, `monthly`. + AdminNotificationFrequencies pulumi.StringArrayInput `pulumi:"adminNotificationFrequencies"` + // Whether or not breached password detection is active. + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` + // The subscription level for breached password detection methods. Use "enhanced" to enable Credential Guard. Possible values: `standard`, `enhanced`. + Method pulumi.StringPtrInput `pulumi:"method"` + // Action to take when a breached password is detected. Possible values: `block`, `userNotification`, `adminNotification`. + Shields pulumi.StringArrayInput `pulumi:"shields"` +} + +func (AttackProtectionBreachedPasswordDetectionArgs) ElementType() reflect.Type { + return reflect.TypeOf((*AttackProtectionBreachedPasswordDetection)(nil)).Elem() +} + +func (i AttackProtectionBreachedPasswordDetectionArgs) ToAttackProtectionBreachedPasswordDetectionOutput() AttackProtectionBreachedPasswordDetectionOutput { + return i.ToAttackProtectionBreachedPasswordDetectionOutputWithContext(context.Background()) +} + +func (i AttackProtectionBreachedPasswordDetectionArgs) ToAttackProtectionBreachedPasswordDetectionOutputWithContext(ctx context.Context) AttackProtectionBreachedPasswordDetectionOutput { + return pulumi.ToOutputWithContext(ctx, i).(AttackProtectionBreachedPasswordDetectionOutput) +} + +func (i AttackProtectionBreachedPasswordDetectionArgs) ToAttackProtectionBreachedPasswordDetectionPtrOutput() AttackProtectionBreachedPasswordDetectionPtrOutput { + return i.ToAttackProtectionBreachedPasswordDetectionPtrOutputWithContext(context.Background()) +} + +func (i AttackProtectionBreachedPasswordDetectionArgs) ToAttackProtectionBreachedPasswordDetectionPtrOutputWithContext(ctx context.Context) AttackProtectionBreachedPasswordDetectionPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(AttackProtectionBreachedPasswordDetectionOutput).ToAttackProtectionBreachedPasswordDetectionPtrOutputWithContext(ctx) +} + +// AttackProtectionBreachedPasswordDetectionPtrInput is an input type that accepts AttackProtectionBreachedPasswordDetectionArgs, AttackProtectionBreachedPasswordDetectionPtr and AttackProtectionBreachedPasswordDetectionPtrOutput values. +// You can construct a concrete instance of `AttackProtectionBreachedPasswordDetectionPtrInput` via: +// +// AttackProtectionBreachedPasswordDetectionArgs{...} +// +// or: +// +// nil +type AttackProtectionBreachedPasswordDetectionPtrInput interface { + pulumi.Input + + ToAttackProtectionBreachedPasswordDetectionPtrOutput() AttackProtectionBreachedPasswordDetectionPtrOutput + ToAttackProtectionBreachedPasswordDetectionPtrOutputWithContext(context.Context) AttackProtectionBreachedPasswordDetectionPtrOutput +} + +type attackProtectionBreachedPasswordDetectionPtrType AttackProtectionBreachedPasswordDetectionArgs + +func AttackProtectionBreachedPasswordDetectionPtr(v *AttackProtectionBreachedPasswordDetectionArgs) AttackProtectionBreachedPasswordDetectionPtrInput { + return (*attackProtectionBreachedPasswordDetectionPtrType)(v) +} + +func (*attackProtectionBreachedPasswordDetectionPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**AttackProtectionBreachedPasswordDetection)(nil)).Elem() +} + +func (i *attackProtectionBreachedPasswordDetectionPtrType) ToAttackProtectionBreachedPasswordDetectionPtrOutput() AttackProtectionBreachedPasswordDetectionPtrOutput { + return i.ToAttackProtectionBreachedPasswordDetectionPtrOutputWithContext(context.Background()) +} + +func (i *attackProtectionBreachedPasswordDetectionPtrType) ToAttackProtectionBreachedPasswordDetectionPtrOutputWithContext(ctx context.Context) AttackProtectionBreachedPasswordDetectionPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(AttackProtectionBreachedPasswordDetectionPtrOutput) +} + +type AttackProtectionBreachedPasswordDetectionOutput struct{ *pulumi.OutputState } + +func (AttackProtectionBreachedPasswordDetectionOutput) ElementType() reflect.Type { + return reflect.TypeOf((*AttackProtectionBreachedPasswordDetection)(nil)).Elem() +} + +func (o AttackProtectionBreachedPasswordDetectionOutput) ToAttackProtectionBreachedPasswordDetectionOutput() AttackProtectionBreachedPasswordDetectionOutput { + return o +} + +func (o AttackProtectionBreachedPasswordDetectionOutput) ToAttackProtectionBreachedPasswordDetectionOutputWithContext(ctx context.Context) AttackProtectionBreachedPasswordDetectionOutput { + return o +} + +func (o AttackProtectionBreachedPasswordDetectionOutput) ToAttackProtectionBreachedPasswordDetectionPtrOutput() AttackProtectionBreachedPasswordDetectionPtrOutput { + return o.ToAttackProtectionBreachedPasswordDetectionPtrOutputWithContext(context.Background()) +} + +func (o AttackProtectionBreachedPasswordDetectionOutput) ToAttackProtectionBreachedPasswordDetectionPtrOutputWithContext(ctx context.Context) AttackProtectionBreachedPasswordDetectionPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v AttackProtectionBreachedPasswordDetection) *AttackProtectionBreachedPasswordDetection { + return &v + }).(AttackProtectionBreachedPasswordDetectionPtrOutput) +} + +// When "adminNotification" is enabled, determines how often email notifications are sent. Possible values: `immediately`, `daily`, `weekly`, `monthly`. +func (o AttackProtectionBreachedPasswordDetectionOutput) AdminNotificationFrequencies() pulumi.StringArrayOutput { + return o.ApplyT(func(v AttackProtectionBreachedPasswordDetection) []string { return v.AdminNotificationFrequencies }).(pulumi.StringArrayOutput) +} + +// Whether or not breached password detection is active. +func (o AttackProtectionBreachedPasswordDetectionOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v AttackProtectionBreachedPasswordDetection) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) +} + +// The subscription level for breached password detection methods. Use "enhanced" to enable Credential Guard. Possible values: `standard`, `enhanced`. +func (o AttackProtectionBreachedPasswordDetectionOutput) Method() pulumi.StringPtrOutput { + return o.ApplyT(func(v AttackProtectionBreachedPasswordDetection) *string { return v.Method }).(pulumi.StringPtrOutput) +} + +// Action to take when a breached password is detected. Possible values: `block`, `userNotification`, `adminNotification`. +func (o AttackProtectionBreachedPasswordDetectionOutput) Shields() pulumi.StringArrayOutput { + return o.ApplyT(func(v AttackProtectionBreachedPasswordDetection) []string { return v.Shields }).(pulumi.StringArrayOutput) +} + +type AttackProtectionBreachedPasswordDetectionPtrOutput struct{ *pulumi.OutputState } + +func (AttackProtectionBreachedPasswordDetectionPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**AttackProtectionBreachedPasswordDetection)(nil)).Elem() +} + +func (o AttackProtectionBreachedPasswordDetectionPtrOutput) ToAttackProtectionBreachedPasswordDetectionPtrOutput() AttackProtectionBreachedPasswordDetectionPtrOutput { + return o +} + +func (o AttackProtectionBreachedPasswordDetectionPtrOutput) ToAttackProtectionBreachedPasswordDetectionPtrOutputWithContext(ctx context.Context) AttackProtectionBreachedPasswordDetectionPtrOutput { + return o +} + +func (o AttackProtectionBreachedPasswordDetectionPtrOutput) Elem() AttackProtectionBreachedPasswordDetectionOutput { + return o.ApplyT(func(v *AttackProtectionBreachedPasswordDetection) AttackProtectionBreachedPasswordDetection { + if v != nil { + return *v + } + var ret AttackProtectionBreachedPasswordDetection + return ret + }).(AttackProtectionBreachedPasswordDetectionOutput) +} + +// When "adminNotification" is enabled, determines how often email notifications are sent. Possible values: `immediately`, `daily`, `weekly`, `monthly`. +func (o AttackProtectionBreachedPasswordDetectionPtrOutput) AdminNotificationFrequencies() pulumi.StringArrayOutput { + return o.ApplyT(func(v *AttackProtectionBreachedPasswordDetection) []string { + if v == nil { + return nil + } + return v.AdminNotificationFrequencies + }).(pulumi.StringArrayOutput) +} + +// Whether or not breached password detection is active. +func (o AttackProtectionBreachedPasswordDetectionPtrOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *AttackProtectionBreachedPasswordDetection) *bool { + if v == nil { + return nil + } + return v.Enabled + }).(pulumi.BoolPtrOutput) +} + +// The subscription level for breached password detection methods. Use "enhanced" to enable Credential Guard. Possible values: `standard`, `enhanced`. +func (o AttackProtectionBreachedPasswordDetectionPtrOutput) Method() pulumi.StringPtrOutput { + return o.ApplyT(func(v *AttackProtectionBreachedPasswordDetection) *string { + if v == nil { + return nil + } + return v.Method + }).(pulumi.StringPtrOutput) +} + +// Action to take when a breached password is detected. Possible values: `block`, `userNotification`, `adminNotification`. +func (o AttackProtectionBreachedPasswordDetectionPtrOutput) Shields() pulumi.StringArrayOutput { + return o.ApplyT(func(v *AttackProtectionBreachedPasswordDetection) []string { + if v == nil { + return nil + } + return v.Shields + }).(pulumi.StringArrayOutput) +} + +type AttackProtectionBruteForceProtection struct { + // List of trusted IP addresses that will not have attack protection enforced against them. + Allowlists []string `pulumi:"allowlists"` + // Whether or not breached password detection is active. + Enabled *bool `pulumi:"enabled"` + // Maximum number of unsuccessful attempts. Only available on public tenants. + MaxAttempts *int `pulumi:"maxAttempts"` + // Determines whether or not IP address is used when counting failed attempts. Possible values: `countPerIdentifierAndIp` or `countPerIdentifier`. + Mode *string `pulumi:"mode"` + // Action to take when a breached password is detected. Possible values: `block`, `userNotification`, `adminNotification`. + Shields []string `pulumi:"shields"` +} + +// AttackProtectionBruteForceProtectionInput is an input type that accepts AttackProtectionBruteForceProtectionArgs and AttackProtectionBruteForceProtectionOutput values. +// You can construct a concrete instance of `AttackProtectionBruteForceProtectionInput` via: +// +// AttackProtectionBruteForceProtectionArgs{...} +type AttackProtectionBruteForceProtectionInput interface { + pulumi.Input + + ToAttackProtectionBruteForceProtectionOutput() AttackProtectionBruteForceProtectionOutput + ToAttackProtectionBruteForceProtectionOutputWithContext(context.Context) AttackProtectionBruteForceProtectionOutput +} + +type AttackProtectionBruteForceProtectionArgs struct { + // List of trusted IP addresses that will not have attack protection enforced against them. + Allowlists pulumi.StringArrayInput `pulumi:"allowlists"` + // Whether or not breached password detection is active. + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` + // Maximum number of unsuccessful attempts. Only available on public tenants. + MaxAttempts pulumi.IntPtrInput `pulumi:"maxAttempts"` + // Determines whether or not IP address is used when counting failed attempts. Possible values: `countPerIdentifierAndIp` or `countPerIdentifier`. + Mode pulumi.StringPtrInput `pulumi:"mode"` + // Action to take when a breached password is detected. Possible values: `block`, `userNotification`, `adminNotification`. + Shields pulumi.StringArrayInput `pulumi:"shields"` +} + +func (AttackProtectionBruteForceProtectionArgs) ElementType() reflect.Type { + return reflect.TypeOf((*AttackProtectionBruteForceProtection)(nil)).Elem() +} + +func (i AttackProtectionBruteForceProtectionArgs) ToAttackProtectionBruteForceProtectionOutput() AttackProtectionBruteForceProtectionOutput { + return i.ToAttackProtectionBruteForceProtectionOutputWithContext(context.Background()) +} + +func (i AttackProtectionBruteForceProtectionArgs) ToAttackProtectionBruteForceProtectionOutputWithContext(ctx context.Context) AttackProtectionBruteForceProtectionOutput { + return pulumi.ToOutputWithContext(ctx, i).(AttackProtectionBruteForceProtectionOutput) +} + +func (i AttackProtectionBruteForceProtectionArgs) ToAttackProtectionBruteForceProtectionPtrOutput() AttackProtectionBruteForceProtectionPtrOutput { + return i.ToAttackProtectionBruteForceProtectionPtrOutputWithContext(context.Background()) +} + +func (i AttackProtectionBruteForceProtectionArgs) ToAttackProtectionBruteForceProtectionPtrOutputWithContext(ctx context.Context) AttackProtectionBruteForceProtectionPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(AttackProtectionBruteForceProtectionOutput).ToAttackProtectionBruteForceProtectionPtrOutputWithContext(ctx) +} + +// AttackProtectionBruteForceProtectionPtrInput is an input type that accepts AttackProtectionBruteForceProtectionArgs, AttackProtectionBruteForceProtectionPtr and AttackProtectionBruteForceProtectionPtrOutput values. +// You can construct a concrete instance of `AttackProtectionBruteForceProtectionPtrInput` via: +// +// AttackProtectionBruteForceProtectionArgs{...} +// +// or: +// +// nil +type AttackProtectionBruteForceProtectionPtrInput interface { + pulumi.Input + + ToAttackProtectionBruteForceProtectionPtrOutput() AttackProtectionBruteForceProtectionPtrOutput + ToAttackProtectionBruteForceProtectionPtrOutputWithContext(context.Context) AttackProtectionBruteForceProtectionPtrOutput +} + +type attackProtectionBruteForceProtectionPtrType AttackProtectionBruteForceProtectionArgs + +func AttackProtectionBruteForceProtectionPtr(v *AttackProtectionBruteForceProtectionArgs) AttackProtectionBruteForceProtectionPtrInput { + return (*attackProtectionBruteForceProtectionPtrType)(v) +} + +func (*attackProtectionBruteForceProtectionPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**AttackProtectionBruteForceProtection)(nil)).Elem() +} + +func (i *attackProtectionBruteForceProtectionPtrType) ToAttackProtectionBruteForceProtectionPtrOutput() AttackProtectionBruteForceProtectionPtrOutput { + return i.ToAttackProtectionBruteForceProtectionPtrOutputWithContext(context.Background()) +} + +func (i *attackProtectionBruteForceProtectionPtrType) ToAttackProtectionBruteForceProtectionPtrOutputWithContext(ctx context.Context) AttackProtectionBruteForceProtectionPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(AttackProtectionBruteForceProtectionPtrOutput) +} + +type AttackProtectionBruteForceProtectionOutput struct{ *pulumi.OutputState } + +func (AttackProtectionBruteForceProtectionOutput) ElementType() reflect.Type { + return reflect.TypeOf((*AttackProtectionBruteForceProtection)(nil)).Elem() +} + +func (o AttackProtectionBruteForceProtectionOutput) ToAttackProtectionBruteForceProtectionOutput() AttackProtectionBruteForceProtectionOutput { + return o +} + +func (o AttackProtectionBruteForceProtectionOutput) ToAttackProtectionBruteForceProtectionOutputWithContext(ctx context.Context) AttackProtectionBruteForceProtectionOutput { + return o +} + +func (o AttackProtectionBruteForceProtectionOutput) ToAttackProtectionBruteForceProtectionPtrOutput() AttackProtectionBruteForceProtectionPtrOutput { + return o.ToAttackProtectionBruteForceProtectionPtrOutputWithContext(context.Background()) +} + +func (o AttackProtectionBruteForceProtectionOutput) ToAttackProtectionBruteForceProtectionPtrOutputWithContext(ctx context.Context) AttackProtectionBruteForceProtectionPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v AttackProtectionBruteForceProtection) *AttackProtectionBruteForceProtection { + return &v + }).(AttackProtectionBruteForceProtectionPtrOutput) +} + +// List of trusted IP addresses that will not have attack protection enforced against them. +func (o AttackProtectionBruteForceProtectionOutput) Allowlists() pulumi.StringArrayOutput { + return o.ApplyT(func(v AttackProtectionBruteForceProtection) []string { return v.Allowlists }).(pulumi.StringArrayOutput) +} + +// Whether or not breached password detection is active. +func (o AttackProtectionBruteForceProtectionOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v AttackProtectionBruteForceProtection) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) +} + +// Maximum number of unsuccessful attempts. Only available on public tenants. +func (o AttackProtectionBruteForceProtectionOutput) MaxAttempts() pulumi.IntPtrOutput { + return o.ApplyT(func(v AttackProtectionBruteForceProtection) *int { return v.MaxAttempts }).(pulumi.IntPtrOutput) +} + +// Determines whether or not IP address is used when counting failed attempts. Possible values: `countPerIdentifierAndIp` or `countPerIdentifier`. +func (o AttackProtectionBruteForceProtectionOutput) Mode() pulumi.StringPtrOutput { + return o.ApplyT(func(v AttackProtectionBruteForceProtection) *string { return v.Mode }).(pulumi.StringPtrOutput) +} + +// Action to take when a breached password is detected. Possible values: `block`, `userNotification`, `adminNotification`. +func (o AttackProtectionBruteForceProtectionOutput) Shields() pulumi.StringArrayOutput { + return o.ApplyT(func(v AttackProtectionBruteForceProtection) []string { return v.Shields }).(pulumi.StringArrayOutput) +} + +type AttackProtectionBruteForceProtectionPtrOutput struct{ *pulumi.OutputState } + +func (AttackProtectionBruteForceProtectionPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**AttackProtectionBruteForceProtection)(nil)).Elem() +} + +func (o AttackProtectionBruteForceProtectionPtrOutput) ToAttackProtectionBruteForceProtectionPtrOutput() AttackProtectionBruteForceProtectionPtrOutput { + return o +} + +func (o AttackProtectionBruteForceProtectionPtrOutput) ToAttackProtectionBruteForceProtectionPtrOutputWithContext(ctx context.Context) AttackProtectionBruteForceProtectionPtrOutput { + return o +} + +func (o AttackProtectionBruteForceProtectionPtrOutput) Elem() AttackProtectionBruteForceProtectionOutput { + return o.ApplyT(func(v *AttackProtectionBruteForceProtection) AttackProtectionBruteForceProtection { + if v != nil { + return *v + } + var ret AttackProtectionBruteForceProtection + return ret + }).(AttackProtectionBruteForceProtectionOutput) +} + +// List of trusted IP addresses that will not have attack protection enforced against them. +func (o AttackProtectionBruteForceProtectionPtrOutput) Allowlists() pulumi.StringArrayOutput { + return o.ApplyT(func(v *AttackProtectionBruteForceProtection) []string { + if v == nil { + return nil + } + return v.Allowlists + }).(pulumi.StringArrayOutput) +} + +// Whether or not breached password detection is active. +func (o AttackProtectionBruteForceProtectionPtrOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *AttackProtectionBruteForceProtection) *bool { + if v == nil { + return nil + } + return v.Enabled + }).(pulumi.BoolPtrOutput) +} + +// Maximum number of unsuccessful attempts. Only available on public tenants. +func (o AttackProtectionBruteForceProtectionPtrOutput) MaxAttempts() pulumi.IntPtrOutput { + return o.ApplyT(func(v *AttackProtectionBruteForceProtection) *int { + if v == nil { + return nil + } + return v.MaxAttempts + }).(pulumi.IntPtrOutput) +} + +// Determines whether or not IP address is used when counting failed attempts. Possible values: `countPerIdentifierAndIp` or `countPerIdentifier`. +func (o AttackProtectionBruteForceProtectionPtrOutput) Mode() pulumi.StringPtrOutput { + return o.ApplyT(func(v *AttackProtectionBruteForceProtection) *string { + if v == nil { + return nil + } + return v.Mode + }).(pulumi.StringPtrOutput) +} + +// Action to take when a breached password is detected. Possible values: `block`, `userNotification`, `adminNotification`. +func (o AttackProtectionBruteForceProtectionPtrOutput) Shields() pulumi.StringArrayOutput { + return o.ApplyT(func(v *AttackProtectionBruteForceProtection) []string { + if v == nil { + return nil + } + return v.Shields + }).(pulumi.StringArrayOutput) +} + +type AttackProtectionSuspiciousIpThrottling struct { + // List of trusted IP addresses that will not have attack protection enforced against them. + Allowlists []string `pulumi:"allowlists"` + // Whether or not breached password detection is active. + Enabled *bool `pulumi:"enabled"` + // Configuration options that apply before every login attempt. Only available on public tenants. + PreLogin *AttackProtectionSuspiciousIpThrottlingPreLogin `pulumi:"preLogin"` + // Configuration options that apply before every user registration attempt. Only available on public tenants. + PreUserRegistration *AttackProtectionSuspiciousIpThrottlingPreUserRegistration `pulumi:"preUserRegistration"` + // Action to take when a breached password is detected. Possible values: `block`, `userNotification`, `adminNotification`. + Shields []string `pulumi:"shields"` +} + +// AttackProtectionSuspiciousIpThrottlingInput is an input type that accepts AttackProtectionSuspiciousIpThrottlingArgs and AttackProtectionSuspiciousIpThrottlingOutput values. +// You can construct a concrete instance of `AttackProtectionSuspiciousIpThrottlingInput` via: +// +// AttackProtectionSuspiciousIpThrottlingArgs{...} +type AttackProtectionSuspiciousIpThrottlingInput interface { + pulumi.Input + + ToAttackProtectionSuspiciousIpThrottlingOutput() AttackProtectionSuspiciousIpThrottlingOutput + ToAttackProtectionSuspiciousIpThrottlingOutputWithContext(context.Context) AttackProtectionSuspiciousIpThrottlingOutput +} + +type AttackProtectionSuspiciousIpThrottlingArgs struct { + // List of trusted IP addresses that will not have attack protection enforced against them. + Allowlists pulumi.StringArrayInput `pulumi:"allowlists"` + // Whether or not breached password detection is active. + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` + // Configuration options that apply before every login attempt. Only available on public tenants. + PreLogin AttackProtectionSuspiciousIpThrottlingPreLoginPtrInput `pulumi:"preLogin"` + // Configuration options that apply before every user registration attempt. Only available on public tenants. + PreUserRegistration AttackProtectionSuspiciousIpThrottlingPreUserRegistrationPtrInput `pulumi:"preUserRegistration"` + // Action to take when a breached password is detected. Possible values: `block`, `userNotification`, `adminNotification`. + Shields pulumi.StringArrayInput `pulumi:"shields"` +} + +func (AttackProtectionSuspiciousIpThrottlingArgs) ElementType() reflect.Type { + return reflect.TypeOf((*AttackProtectionSuspiciousIpThrottling)(nil)).Elem() +} + +func (i AttackProtectionSuspiciousIpThrottlingArgs) ToAttackProtectionSuspiciousIpThrottlingOutput() AttackProtectionSuspiciousIpThrottlingOutput { + return i.ToAttackProtectionSuspiciousIpThrottlingOutputWithContext(context.Background()) +} + +func (i AttackProtectionSuspiciousIpThrottlingArgs) ToAttackProtectionSuspiciousIpThrottlingOutputWithContext(ctx context.Context) AttackProtectionSuspiciousIpThrottlingOutput { + return pulumi.ToOutputWithContext(ctx, i).(AttackProtectionSuspiciousIpThrottlingOutput) +} + +func (i AttackProtectionSuspiciousIpThrottlingArgs) ToAttackProtectionSuspiciousIpThrottlingPtrOutput() AttackProtectionSuspiciousIpThrottlingPtrOutput { + return i.ToAttackProtectionSuspiciousIpThrottlingPtrOutputWithContext(context.Background()) +} + +func (i AttackProtectionSuspiciousIpThrottlingArgs) ToAttackProtectionSuspiciousIpThrottlingPtrOutputWithContext(ctx context.Context) AttackProtectionSuspiciousIpThrottlingPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(AttackProtectionSuspiciousIpThrottlingOutput).ToAttackProtectionSuspiciousIpThrottlingPtrOutputWithContext(ctx) +} + +// AttackProtectionSuspiciousIpThrottlingPtrInput is an input type that accepts AttackProtectionSuspiciousIpThrottlingArgs, AttackProtectionSuspiciousIpThrottlingPtr and AttackProtectionSuspiciousIpThrottlingPtrOutput values. +// You can construct a concrete instance of `AttackProtectionSuspiciousIpThrottlingPtrInput` via: +// +// AttackProtectionSuspiciousIpThrottlingArgs{...} +// +// or: +// +// nil +type AttackProtectionSuspiciousIpThrottlingPtrInput interface { + pulumi.Input + + ToAttackProtectionSuspiciousIpThrottlingPtrOutput() AttackProtectionSuspiciousIpThrottlingPtrOutput + ToAttackProtectionSuspiciousIpThrottlingPtrOutputWithContext(context.Context) AttackProtectionSuspiciousIpThrottlingPtrOutput +} + +type attackProtectionSuspiciousIpThrottlingPtrType AttackProtectionSuspiciousIpThrottlingArgs + +func AttackProtectionSuspiciousIpThrottlingPtr(v *AttackProtectionSuspiciousIpThrottlingArgs) AttackProtectionSuspiciousIpThrottlingPtrInput { + return (*attackProtectionSuspiciousIpThrottlingPtrType)(v) +} + +func (*attackProtectionSuspiciousIpThrottlingPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**AttackProtectionSuspiciousIpThrottling)(nil)).Elem() +} + +func (i *attackProtectionSuspiciousIpThrottlingPtrType) ToAttackProtectionSuspiciousIpThrottlingPtrOutput() AttackProtectionSuspiciousIpThrottlingPtrOutput { + return i.ToAttackProtectionSuspiciousIpThrottlingPtrOutputWithContext(context.Background()) +} + +func (i *attackProtectionSuspiciousIpThrottlingPtrType) ToAttackProtectionSuspiciousIpThrottlingPtrOutputWithContext(ctx context.Context) AttackProtectionSuspiciousIpThrottlingPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(AttackProtectionSuspiciousIpThrottlingPtrOutput) +} + +type AttackProtectionSuspiciousIpThrottlingOutput struct{ *pulumi.OutputState } + +func (AttackProtectionSuspiciousIpThrottlingOutput) ElementType() reflect.Type { + return reflect.TypeOf((*AttackProtectionSuspiciousIpThrottling)(nil)).Elem() +} + +func (o AttackProtectionSuspiciousIpThrottlingOutput) ToAttackProtectionSuspiciousIpThrottlingOutput() AttackProtectionSuspiciousIpThrottlingOutput { + return o +} + +func (o AttackProtectionSuspiciousIpThrottlingOutput) ToAttackProtectionSuspiciousIpThrottlingOutputWithContext(ctx context.Context) AttackProtectionSuspiciousIpThrottlingOutput { + return o +} + +func (o AttackProtectionSuspiciousIpThrottlingOutput) ToAttackProtectionSuspiciousIpThrottlingPtrOutput() AttackProtectionSuspiciousIpThrottlingPtrOutput { + return o.ToAttackProtectionSuspiciousIpThrottlingPtrOutputWithContext(context.Background()) +} + +func (o AttackProtectionSuspiciousIpThrottlingOutput) ToAttackProtectionSuspiciousIpThrottlingPtrOutputWithContext(ctx context.Context) AttackProtectionSuspiciousIpThrottlingPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v AttackProtectionSuspiciousIpThrottling) *AttackProtectionSuspiciousIpThrottling { + return &v + }).(AttackProtectionSuspiciousIpThrottlingPtrOutput) +} + +// List of trusted IP addresses that will not have attack protection enforced against them. +func (o AttackProtectionSuspiciousIpThrottlingOutput) Allowlists() pulumi.StringArrayOutput { + return o.ApplyT(func(v AttackProtectionSuspiciousIpThrottling) []string { return v.Allowlists }).(pulumi.StringArrayOutput) +} + +// Whether or not breached password detection is active. +func (o AttackProtectionSuspiciousIpThrottlingOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v AttackProtectionSuspiciousIpThrottling) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) +} + +// Configuration options that apply before every login attempt. Only available on public tenants. +func (o AttackProtectionSuspiciousIpThrottlingOutput) PreLogin() AttackProtectionSuspiciousIpThrottlingPreLoginPtrOutput { + return o.ApplyT(func(v AttackProtectionSuspiciousIpThrottling) *AttackProtectionSuspiciousIpThrottlingPreLogin { + return v.PreLogin + }).(AttackProtectionSuspiciousIpThrottlingPreLoginPtrOutput) +} + +// Configuration options that apply before every user registration attempt. Only available on public tenants. +func (o AttackProtectionSuspiciousIpThrottlingOutput) PreUserRegistration() AttackProtectionSuspiciousIpThrottlingPreUserRegistrationPtrOutput { + return o.ApplyT(func(v AttackProtectionSuspiciousIpThrottling) *AttackProtectionSuspiciousIpThrottlingPreUserRegistration { + return v.PreUserRegistration + }).(AttackProtectionSuspiciousIpThrottlingPreUserRegistrationPtrOutput) +} + +// Action to take when a breached password is detected. Possible values: `block`, `userNotification`, `adminNotification`. +func (o AttackProtectionSuspiciousIpThrottlingOutput) Shields() pulumi.StringArrayOutput { + return o.ApplyT(func(v AttackProtectionSuspiciousIpThrottling) []string { return v.Shields }).(pulumi.StringArrayOutput) +} + +type AttackProtectionSuspiciousIpThrottlingPtrOutput struct{ *pulumi.OutputState } + +func (AttackProtectionSuspiciousIpThrottlingPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**AttackProtectionSuspiciousIpThrottling)(nil)).Elem() +} + +func (o AttackProtectionSuspiciousIpThrottlingPtrOutput) ToAttackProtectionSuspiciousIpThrottlingPtrOutput() AttackProtectionSuspiciousIpThrottlingPtrOutput { + return o +} + +func (o AttackProtectionSuspiciousIpThrottlingPtrOutput) ToAttackProtectionSuspiciousIpThrottlingPtrOutputWithContext(ctx context.Context) AttackProtectionSuspiciousIpThrottlingPtrOutput { + return o +} + +func (o AttackProtectionSuspiciousIpThrottlingPtrOutput) Elem() AttackProtectionSuspiciousIpThrottlingOutput { + return o.ApplyT(func(v *AttackProtectionSuspiciousIpThrottling) AttackProtectionSuspiciousIpThrottling { + if v != nil { + return *v + } + var ret AttackProtectionSuspiciousIpThrottling + return ret + }).(AttackProtectionSuspiciousIpThrottlingOutput) +} + +// List of trusted IP addresses that will not have attack protection enforced against them. +func (o AttackProtectionSuspiciousIpThrottlingPtrOutput) Allowlists() pulumi.StringArrayOutput { + return o.ApplyT(func(v *AttackProtectionSuspiciousIpThrottling) []string { + if v == nil { + return nil + } + return v.Allowlists + }).(pulumi.StringArrayOutput) +} + +// Whether or not breached password detection is active. +func (o AttackProtectionSuspiciousIpThrottlingPtrOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *AttackProtectionSuspiciousIpThrottling) *bool { + if v == nil { + return nil + } + return v.Enabled + }).(pulumi.BoolPtrOutput) +} + +// Configuration options that apply before every login attempt. Only available on public tenants. +func (o AttackProtectionSuspiciousIpThrottlingPtrOutput) PreLogin() AttackProtectionSuspiciousIpThrottlingPreLoginPtrOutput { + return o.ApplyT(func(v *AttackProtectionSuspiciousIpThrottling) *AttackProtectionSuspiciousIpThrottlingPreLogin { + if v == nil { + return nil + } + return v.PreLogin + }).(AttackProtectionSuspiciousIpThrottlingPreLoginPtrOutput) +} + +// Configuration options that apply before every user registration attempt. Only available on public tenants. +func (o AttackProtectionSuspiciousIpThrottlingPtrOutput) PreUserRegistration() AttackProtectionSuspiciousIpThrottlingPreUserRegistrationPtrOutput { + return o.ApplyT(func(v *AttackProtectionSuspiciousIpThrottling) *AttackProtectionSuspiciousIpThrottlingPreUserRegistration { + if v == nil { + return nil + } + return v.PreUserRegistration + }).(AttackProtectionSuspiciousIpThrottlingPreUserRegistrationPtrOutput) +} + +// Action to take when a breached password is detected. Possible values: `block`, `userNotification`, `adminNotification`. +func (o AttackProtectionSuspiciousIpThrottlingPtrOutput) Shields() pulumi.StringArrayOutput { + return o.ApplyT(func(v *AttackProtectionSuspiciousIpThrottling) []string { + if v == nil { + return nil + } + return v.Shields + }).(pulumi.StringArrayOutput) +} + +type AttackProtectionSuspiciousIpThrottlingPreLogin struct { + // Maximum number of unsuccessful attempts. Only available on public tenants. + MaxAttempts *int `pulumi:"maxAttempts"` + Rate *int `pulumi:"rate"` +} + +// AttackProtectionSuspiciousIpThrottlingPreLoginInput is an input type that accepts AttackProtectionSuspiciousIpThrottlingPreLoginArgs and AttackProtectionSuspiciousIpThrottlingPreLoginOutput values. +// You can construct a concrete instance of `AttackProtectionSuspiciousIpThrottlingPreLoginInput` via: +// +// AttackProtectionSuspiciousIpThrottlingPreLoginArgs{...} +type AttackProtectionSuspiciousIpThrottlingPreLoginInput interface { + pulumi.Input + + ToAttackProtectionSuspiciousIpThrottlingPreLoginOutput() AttackProtectionSuspiciousIpThrottlingPreLoginOutput + ToAttackProtectionSuspiciousIpThrottlingPreLoginOutputWithContext(context.Context) AttackProtectionSuspiciousIpThrottlingPreLoginOutput +} + +type AttackProtectionSuspiciousIpThrottlingPreLoginArgs struct { + // Maximum number of unsuccessful attempts. Only available on public tenants. + MaxAttempts pulumi.IntPtrInput `pulumi:"maxAttempts"` + Rate pulumi.IntPtrInput `pulumi:"rate"` +} + +func (AttackProtectionSuspiciousIpThrottlingPreLoginArgs) ElementType() reflect.Type { + return reflect.TypeOf((*AttackProtectionSuspiciousIpThrottlingPreLogin)(nil)).Elem() +} + +func (i AttackProtectionSuspiciousIpThrottlingPreLoginArgs) ToAttackProtectionSuspiciousIpThrottlingPreLoginOutput() AttackProtectionSuspiciousIpThrottlingPreLoginOutput { + return i.ToAttackProtectionSuspiciousIpThrottlingPreLoginOutputWithContext(context.Background()) +} + +func (i AttackProtectionSuspiciousIpThrottlingPreLoginArgs) ToAttackProtectionSuspiciousIpThrottlingPreLoginOutputWithContext(ctx context.Context) AttackProtectionSuspiciousIpThrottlingPreLoginOutput { + return pulumi.ToOutputWithContext(ctx, i).(AttackProtectionSuspiciousIpThrottlingPreLoginOutput) +} + +func (i AttackProtectionSuspiciousIpThrottlingPreLoginArgs) ToAttackProtectionSuspiciousIpThrottlingPreLoginPtrOutput() AttackProtectionSuspiciousIpThrottlingPreLoginPtrOutput { + return i.ToAttackProtectionSuspiciousIpThrottlingPreLoginPtrOutputWithContext(context.Background()) +} + +func (i AttackProtectionSuspiciousIpThrottlingPreLoginArgs) ToAttackProtectionSuspiciousIpThrottlingPreLoginPtrOutputWithContext(ctx context.Context) AttackProtectionSuspiciousIpThrottlingPreLoginPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(AttackProtectionSuspiciousIpThrottlingPreLoginOutput).ToAttackProtectionSuspiciousIpThrottlingPreLoginPtrOutputWithContext(ctx) +} + +// AttackProtectionSuspiciousIpThrottlingPreLoginPtrInput is an input type that accepts AttackProtectionSuspiciousIpThrottlingPreLoginArgs, AttackProtectionSuspiciousIpThrottlingPreLoginPtr and AttackProtectionSuspiciousIpThrottlingPreLoginPtrOutput values. +// You can construct a concrete instance of `AttackProtectionSuspiciousIpThrottlingPreLoginPtrInput` via: +// +// AttackProtectionSuspiciousIpThrottlingPreLoginArgs{...} +// +// or: +// +// nil +type AttackProtectionSuspiciousIpThrottlingPreLoginPtrInput interface { + pulumi.Input + + ToAttackProtectionSuspiciousIpThrottlingPreLoginPtrOutput() AttackProtectionSuspiciousIpThrottlingPreLoginPtrOutput + ToAttackProtectionSuspiciousIpThrottlingPreLoginPtrOutputWithContext(context.Context) AttackProtectionSuspiciousIpThrottlingPreLoginPtrOutput +} + +type attackProtectionSuspiciousIpThrottlingPreLoginPtrType AttackProtectionSuspiciousIpThrottlingPreLoginArgs + +func AttackProtectionSuspiciousIpThrottlingPreLoginPtr(v *AttackProtectionSuspiciousIpThrottlingPreLoginArgs) AttackProtectionSuspiciousIpThrottlingPreLoginPtrInput { + return (*attackProtectionSuspiciousIpThrottlingPreLoginPtrType)(v) +} + +func (*attackProtectionSuspiciousIpThrottlingPreLoginPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**AttackProtectionSuspiciousIpThrottlingPreLogin)(nil)).Elem() +} + +func (i *attackProtectionSuspiciousIpThrottlingPreLoginPtrType) ToAttackProtectionSuspiciousIpThrottlingPreLoginPtrOutput() AttackProtectionSuspiciousIpThrottlingPreLoginPtrOutput { + return i.ToAttackProtectionSuspiciousIpThrottlingPreLoginPtrOutputWithContext(context.Background()) +} + +func (i *attackProtectionSuspiciousIpThrottlingPreLoginPtrType) ToAttackProtectionSuspiciousIpThrottlingPreLoginPtrOutputWithContext(ctx context.Context) AttackProtectionSuspiciousIpThrottlingPreLoginPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(AttackProtectionSuspiciousIpThrottlingPreLoginPtrOutput) +} + +type AttackProtectionSuspiciousIpThrottlingPreLoginOutput struct{ *pulumi.OutputState } + +func (AttackProtectionSuspiciousIpThrottlingPreLoginOutput) ElementType() reflect.Type { + return reflect.TypeOf((*AttackProtectionSuspiciousIpThrottlingPreLogin)(nil)).Elem() +} + +func (o AttackProtectionSuspiciousIpThrottlingPreLoginOutput) ToAttackProtectionSuspiciousIpThrottlingPreLoginOutput() AttackProtectionSuspiciousIpThrottlingPreLoginOutput { + return o +} + +func (o AttackProtectionSuspiciousIpThrottlingPreLoginOutput) ToAttackProtectionSuspiciousIpThrottlingPreLoginOutputWithContext(ctx context.Context) AttackProtectionSuspiciousIpThrottlingPreLoginOutput { + return o +} + +func (o AttackProtectionSuspiciousIpThrottlingPreLoginOutput) ToAttackProtectionSuspiciousIpThrottlingPreLoginPtrOutput() AttackProtectionSuspiciousIpThrottlingPreLoginPtrOutput { + return o.ToAttackProtectionSuspiciousIpThrottlingPreLoginPtrOutputWithContext(context.Background()) +} + +func (o AttackProtectionSuspiciousIpThrottlingPreLoginOutput) ToAttackProtectionSuspiciousIpThrottlingPreLoginPtrOutputWithContext(ctx context.Context) AttackProtectionSuspiciousIpThrottlingPreLoginPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v AttackProtectionSuspiciousIpThrottlingPreLogin) *AttackProtectionSuspiciousIpThrottlingPreLogin { + return &v + }).(AttackProtectionSuspiciousIpThrottlingPreLoginPtrOutput) +} + +// Maximum number of unsuccessful attempts. Only available on public tenants. +func (o AttackProtectionSuspiciousIpThrottlingPreLoginOutput) MaxAttempts() pulumi.IntPtrOutput { + return o.ApplyT(func(v AttackProtectionSuspiciousIpThrottlingPreLogin) *int { return v.MaxAttempts }).(pulumi.IntPtrOutput) +} + +func (o AttackProtectionSuspiciousIpThrottlingPreLoginOutput) Rate() pulumi.IntPtrOutput { + return o.ApplyT(func(v AttackProtectionSuspiciousIpThrottlingPreLogin) *int { return v.Rate }).(pulumi.IntPtrOutput) +} + +type AttackProtectionSuspiciousIpThrottlingPreLoginPtrOutput struct{ *pulumi.OutputState } + +func (AttackProtectionSuspiciousIpThrottlingPreLoginPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**AttackProtectionSuspiciousIpThrottlingPreLogin)(nil)).Elem() +} + +func (o AttackProtectionSuspiciousIpThrottlingPreLoginPtrOutput) ToAttackProtectionSuspiciousIpThrottlingPreLoginPtrOutput() AttackProtectionSuspiciousIpThrottlingPreLoginPtrOutput { + return o +} + +func (o AttackProtectionSuspiciousIpThrottlingPreLoginPtrOutput) ToAttackProtectionSuspiciousIpThrottlingPreLoginPtrOutputWithContext(ctx context.Context) AttackProtectionSuspiciousIpThrottlingPreLoginPtrOutput { + return o +} + +func (o AttackProtectionSuspiciousIpThrottlingPreLoginPtrOutput) Elem() AttackProtectionSuspiciousIpThrottlingPreLoginOutput { + return o.ApplyT(func(v *AttackProtectionSuspiciousIpThrottlingPreLogin) AttackProtectionSuspiciousIpThrottlingPreLogin { + if v != nil { + return *v + } + var ret AttackProtectionSuspiciousIpThrottlingPreLogin + return ret + }).(AttackProtectionSuspiciousIpThrottlingPreLoginOutput) +} + +// Maximum number of unsuccessful attempts. Only available on public tenants. +func (o AttackProtectionSuspiciousIpThrottlingPreLoginPtrOutput) MaxAttempts() pulumi.IntPtrOutput { + return o.ApplyT(func(v *AttackProtectionSuspiciousIpThrottlingPreLogin) *int { + if v == nil { + return nil + } + return v.MaxAttempts + }).(pulumi.IntPtrOutput) +} + +func (o AttackProtectionSuspiciousIpThrottlingPreLoginPtrOutput) Rate() pulumi.IntPtrOutput { + return o.ApplyT(func(v *AttackProtectionSuspiciousIpThrottlingPreLogin) *int { + if v == nil { + return nil + } + return v.Rate + }).(pulumi.IntPtrOutput) +} + +type AttackProtectionSuspiciousIpThrottlingPreUserRegistration struct { + // Maximum number of unsuccessful attempts. Only available on public tenants. + MaxAttempts *int `pulumi:"maxAttempts"` + Rate *int `pulumi:"rate"` +} + +// AttackProtectionSuspiciousIpThrottlingPreUserRegistrationInput is an input type that accepts AttackProtectionSuspiciousIpThrottlingPreUserRegistrationArgs and AttackProtectionSuspiciousIpThrottlingPreUserRegistrationOutput values. +// You can construct a concrete instance of `AttackProtectionSuspiciousIpThrottlingPreUserRegistrationInput` via: +// +// AttackProtectionSuspiciousIpThrottlingPreUserRegistrationArgs{...} +type AttackProtectionSuspiciousIpThrottlingPreUserRegistrationInput interface { + pulumi.Input + + ToAttackProtectionSuspiciousIpThrottlingPreUserRegistrationOutput() AttackProtectionSuspiciousIpThrottlingPreUserRegistrationOutput + ToAttackProtectionSuspiciousIpThrottlingPreUserRegistrationOutputWithContext(context.Context) AttackProtectionSuspiciousIpThrottlingPreUserRegistrationOutput +} + +type AttackProtectionSuspiciousIpThrottlingPreUserRegistrationArgs struct { + // Maximum number of unsuccessful attempts. Only available on public tenants. + MaxAttempts pulumi.IntPtrInput `pulumi:"maxAttempts"` + Rate pulumi.IntPtrInput `pulumi:"rate"` +} + +func (AttackProtectionSuspiciousIpThrottlingPreUserRegistrationArgs) ElementType() reflect.Type { + return reflect.TypeOf((*AttackProtectionSuspiciousIpThrottlingPreUserRegistration)(nil)).Elem() +} + +func (i AttackProtectionSuspiciousIpThrottlingPreUserRegistrationArgs) ToAttackProtectionSuspiciousIpThrottlingPreUserRegistrationOutput() AttackProtectionSuspiciousIpThrottlingPreUserRegistrationOutput { + return i.ToAttackProtectionSuspiciousIpThrottlingPreUserRegistrationOutputWithContext(context.Background()) +} + +func (i AttackProtectionSuspiciousIpThrottlingPreUserRegistrationArgs) ToAttackProtectionSuspiciousIpThrottlingPreUserRegistrationOutputWithContext(ctx context.Context) AttackProtectionSuspiciousIpThrottlingPreUserRegistrationOutput { + return pulumi.ToOutputWithContext(ctx, i).(AttackProtectionSuspiciousIpThrottlingPreUserRegistrationOutput) +} + +func (i AttackProtectionSuspiciousIpThrottlingPreUserRegistrationArgs) ToAttackProtectionSuspiciousIpThrottlingPreUserRegistrationPtrOutput() AttackProtectionSuspiciousIpThrottlingPreUserRegistrationPtrOutput { + return i.ToAttackProtectionSuspiciousIpThrottlingPreUserRegistrationPtrOutputWithContext(context.Background()) +} + +func (i AttackProtectionSuspiciousIpThrottlingPreUserRegistrationArgs) ToAttackProtectionSuspiciousIpThrottlingPreUserRegistrationPtrOutputWithContext(ctx context.Context) AttackProtectionSuspiciousIpThrottlingPreUserRegistrationPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(AttackProtectionSuspiciousIpThrottlingPreUserRegistrationOutput).ToAttackProtectionSuspiciousIpThrottlingPreUserRegistrationPtrOutputWithContext(ctx) +} + +// AttackProtectionSuspiciousIpThrottlingPreUserRegistrationPtrInput is an input type that accepts AttackProtectionSuspiciousIpThrottlingPreUserRegistrationArgs, AttackProtectionSuspiciousIpThrottlingPreUserRegistrationPtr and AttackProtectionSuspiciousIpThrottlingPreUserRegistrationPtrOutput values. +// You can construct a concrete instance of `AttackProtectionSuspiciousIpThrottlingPreUserRegistrationPtrInput` via: +// +// AttackProtectionSuspiciousIpThrottlingPreUserRegistrationArgs{...} +// +// or: +// +// nil +type AttackProtectionSuspiciousIpThrottlingPreUserRegistrationPtrInput interface { + pulumi.Input + + ToAttackProtectionSuspiciousIpThrottlingPreUserRegistrationPtrOutput() AttackProtectionSuspiciousIpThrottlingPreUserRegistrationPtrOutput + ToAttackProtectionSuspiciousIpThrottlingPreUserRegistrationPtrOutputWithContext(context.Context) AttackProtectionSuspiciousIpThrottlingPreUserRegistrationPtrOutput +} + +type attackProtectionSuspiciousIpThrottlingPreUserRegistrationPtrType AttackProtectionSuspiciousIpThrottlingPreUserRegistrationArgs + +func AttackProtectionSuspiciousIpThrottlingPreUserRegistrationPtr(v *AttackProtectionSuspiciousIpThrottlingPreUserRegistrationArgs) AttackProtectionSuspiciousIpThrottlingPreUserRegistrationPtrInput { + return (*attackProtectionSuspiciousIpThrottlingPreUserRegistrationPtrType)(v) +} + +func (*attackProtectionSuspiciousIpThrottlingPreUserRegistrationPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**AttackProtectionSuspiciousIpThrottlingPreUserRegistration)(nil)).Elem() +} + +func (i *attackProtectionSuspiciousIpThrottlingPreUserRegistrationPtrType) ToAttackProtectionSuspiciousIpThrottlingPreUserRegistrationPtrOutput() AttackProtectionSuspiciousIpThrottlingPreUserRegistrationPtrOutput { + return i.ToAttackProtectionSuspiciousIpThrottlingPreUserRegistrationPtrOutputWithContext(context.Background()) +} + +func (i *attackProtectionSuspiciousIpThrottlingPreUserRegistrationPtrType) ToAttackProtectionSuspiciousIpThrottlingPreUserRegistrationPtrOutputWithContext(ctx context.Context) AttackProtectionSuspiciousIpThrottlingPreUserRegistrationPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(AttackProtectionSuspiciousIpThrottlingPreUserRegistrationPtrOutput) +} + +type AttackProtectionSuspiciousIpThrottlingPreUserRegistrationOutput struct{ *pulumi.OutputState } + +func (AttackProtectionSuspiciousIpThrottlingPreUserRegistrationOutput) ElementType() reflect.Type { + return reflect.TypeOf((*AttackProtectionSuspiciousIpThrottlingPreUserRegistration)(nil)).Elem() +} + +func (o AttackProtectionSuspiciousIpThrottlingPreUserRegistrationOutput) ToAttackProtectionSuspiciousIpThrottlingPreUserRegistrationOutput() AttackProtectionSuspiciousIpThrottlingPreUserRegistrationOutput { + return o +} + +func (o AttackProtectionSuspiciousIpThrottlingPreUserRegistrationOutput) ToAttackProtectionSuspiciousIpThrottlingPreUserRegistrationOutputWithContext(ctx context.Context) AttackProtectionSuspiciousIpThrottlingPreUserRegistrationOutput { + return o +} + +func (o AttackProtectionSuspiciousIpThrottlingPreUserRegistrationOutput) ToAttackProtectionSuspiciousIpThrottlingPreUserRegistrationPtrOutput() AttackProtectionSuspiciousIpThrottlingPreUserRegistrationPtrOutput { + return o.ToAttackProtectionSuspiciousIpThrottlingPreUserRegistrationPtrOutputWithContext(context.Background()) +} + +func (o AttackProtectionSuspiciousIpThrottlingPreUserRegistrationOutput) ToAttackProtectionSuspiciousIpThrottlingPreUserRegistrationPtrOutputWithContext(ctx context.Context) AttackProtectionSuspiciousIpThrottlingPreUserRegistrationPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v AttackProtectionSuspiciousIpThrottlingPreUserRegistration) *AttackProtectionSuspiciousIpThrottlingPreUserRegistration { + return &v + }).(AttackProtectionSuspiciousIpThrottlingPreUserRegistrationPtrOutput) +} + +// Maximum number of unsuccessful attempts. Only available on public tenants. +func (o AttackProtectionSuspiciousIpThrottlingPreUserRegistrationOutput) MaxAttempts() pulumi.IntPtrOutput { + return o.ApplyT(func(v AttackProtectionSuspiciousIpThrottlingPreUserRegistration) *int { return v.MaxAttempts }).(pulumi.IntPtrOutput) +} + +func (o AttackProtectionSuspiciousIpThrottlingPreUserRegistrationOutput) Rate() pulumi.IntPtrOutput { + return o.ApplyT(func(v AttackProtectionSuspiciousIpThrottlingPreUserRegistration) *int { return v.Rate }).(pulumi.IntPtrOutput) +} + +type AttackProtectionSuspiciousIpThrottlingPreUserRegistrationPtrOutput struct{ *pulumi.OutputState } + +func (AttackProtectionSuspiciousIpThrottlingPreUserRegistrationPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**AttackProtectionSuspiciousIpThrottlingPreUserRegistration)(nil)).Elem() +} + +func (o AttackProtectionSuspiciousIpThrottlingPreUserRegistrationPtrOutput) ToAttackProtectionSuspiciousIpThrottlingPreUserRegistrationPtrOutput() AttackProtectionSuspiciousIpThrottlingPreUserRegistrationPtrOutput { + return o +} + +func (o AttackProtectionSuspiciousIpThrottlingPreUserRegistrationPtrOutput) ToAttackProtectionSuspiciousIpThrottlingPreUserRegistrationPtrOutputWithContext(ctx context.Context) AttackProtectionSuspiciousIpThrottlingPreUserRegistrationPtrOutput { + return o +} + +func (o AttackProtectionSuspiciousIpThrottlingPreUserRegistrationPtrOutput) Elem() AttackProtectionSuspiciousIpThrottlingPreUserRegistrationOutput { + return o.ApplyT(func(v *AttackProtectionSuspiciousIpThrottlingPreUserRegistration) AttackProtectionSuspiciousIpThrottlingPreUserRegistration { + if v != nil { + return *v + } + var ret AttackProtectionSuspiciousIpThrottlingPreUserRegistration + return ret + }).(AttackProtectionSuspiciousIpThrottlingPreUserRegistrationOutput) +} + +// Maximum number of unsuccessful attempts. Only available on public tenants. +func (o AttackProtectionSuspiciousIpThrottlingPreUserRegistrationPtrOutput) MaxAttempts() pulumi.IntPtrOutput { + return o.ApplyT(func(v *AttackProtectionSuspiciousIpThrottlingPreUserRegistration) *int { + if v == nil { + return nil + } + return v.MaxAttempts + }).(pulumi.IntPtrOutput) +} + +func (o AttackProtectionSuspiciousIpThrottlingPreUserRegistrationPtrOutput) Rate() pulumi.IntPtrOutput { + return o.ApplyT(func(v *AttackProtectionSuspiciousIpThrottlingPreUserRegistration) *int { + if v == nil { + return nil + } + return v.Rate + }).(pulumi.IntPtrOutput) +} + type BrandingColors struct { // String, Hexadecimal. Background color of login pages. PageBackground *string `pulumi:"pageBackground"` @@ -1476,7 +2404,7 @@ type ClientAddonsSamlp struct { // Integer, (Default=3600). Number of seconds during which the token is valid. LifetimeInSeconds *int `pulumi:"lifetimeInSeconds"` // Map(Resource). Configuration settings for logout. For details, see Logout. - Logout *ClientAddonsSamlpLogout `pulumi:"logout"` + Logout map[string]interface{} `pulumi:"logout"` // Boolean, (Default=true). Indicates whether or not to add additional identity information in the token, such as the provider used and the access_token, if available. MapIdentities *bool `pulumi:"mapIdentities"` // Boolean, (Default=false). Indicates whether or not to add a prefix of `http://schema.auth0.com` to any claims that are not mapped to the common profile when passed through in the output assertion. @@ -1530,7 +2458,7 @@ type ClientAddonsSamlpArgs struct { // Integer, (Default=3600). Number of seconds during which the token is valid. LifetimeInSeconds pulumi.IntPtrInput `pulumi:"lifetimeInSeconds"` // Map(Resource). Configuration settings for logout. For details, see Logout. - Logout ClientAddonsSamlpLogoutPtrInput `pulumi:"logout"` + Logout pulumi.MapInput `pulumi:"logout"` // Boolean, (Default=true). Indicates whether or not to add additional identity information in the token, such as the provider used and the access_token, if available. MapIdentities pulumi.BoolPtrInput `pulumi:"mapIdentities"` // Boolean, (Default=false). Indicates whether or not to add a prefix of `http://schema.auth0.com` to any claims that are not mapped to the common profile when passed through in the output assertion. @@ -1673,8 +2601,8 @@ func (o ClientAddonsSamlpOutput) LifetimeInSeconds() pulumi.IntPtrOutput { } // Map(Resource). Configuration settings for logout. For details, see Logout. -func (o ClientAddonsSamlpOutput) Logout() ClientAddonsSamlpLogoutPtrOutput { - return o.ApplyT(func(v ClientAddonsSamlp) *ClientAddonsSamlpLogout { return v.Logout }).(ClientAddonsSamlpLogoutPtrOutput) +func (o ClientAddonsSamlpOutput) Logout() pulumi.MapOutput { + return o.ApplyT(func(v ClientAddonsSamlp) map[string]interface{} { return v.Logout }).(pulumi.MapOutput) } // Boolean, (Default=true). Indicates whether or not to add additional identity information in the token, such as the provider used and the access_token, if available. @@ -1837,13 +2765,13 @@ func (o ClientAddonsSamlpPtrOutput) LifetimeInSeconds() pulumi.IntPtrOutput { } // Map(Resource). Configuration settings for logout. For details, see Logout. -func (o ClientAddonsSamlpPtrOutput) Logout() ClientAddonsSamlpLogoutPtrOutput { - return o.ApplyT(func(v *ClientAddonsSamlp) *ClientAddonsSamlpLogout { +func (o ClientAddonsSamlpPtrOutput) Logout() pulumi.MapOutput { + return o.ApplyT(func(v *ClientAddonsSamlp) map[string]interface{} { if v == nil { return nil } return v.Logout - }).(ClientAddonsSamlpLogoutPtrOutput) + }).(pulumi.MapOutput) } // Boolean, (Default=true). Indicates whether or not to add additional identity information in the token, such as the provider used and the access_token, if available. @@ -1956,162 +2884,6 @@ func (o ClientAddonsSamlpPtrOutput) TypedAttributes() pulumi.BoolPtrOutput { }).(pulumi.BoolPtrOutput) } -type ClientAddonsSamlpLogout struct { - // String. Service provider's Single Logout Service URL, to which Auth0 will send logout requests and responses. - Callback *string `pulumi:"callback"` - // Boolean. Indicates whether or not Auth0 should notify service providers of session termination. - SloEnabled *bool `pulumi:"sloEnabled"` -} - -// ClientAddonsSamlpLogoutInput is an input type that accepts ClientAddonsSamlpLogoutArgs and ClientAddonsSamlpLogoutOutput values. -// You can construct a concrete instance of `ClientAddonsSamlpLogoutInput` via: -// -// ClientAddonsSamlpLogoutArgs{...} -type ClientAddonsSamlpLogoutInput interface { - pulumi.Input - - ToClientAddonsSamlpLogoutOutput() ClientAddonsSamlpLogoutOutput - ToClientAddonsSamlpLogoutOutputWithContext(context.Context) ClientAddonsSamlpLogoutOutput -} - -type ClientAddonsSamlpLogoutArgs struct { - // String. Service provider's Single Logout Service URL, to which Auth0 will send logout requests and responses. - Callback pulumi.StringPtrInput `pulumi:"callback"` - // Boolean. Indicates whether or not Auth0 should notify service providers of session termination. - SloEnabled pulumi.BoolPtrInput `pulumi:"sloEnabled"` -} - -func (ClientAddonsSamlpLogoutArgs) ElementType() reflect.Type { - return reflect.TypeOf((*ClientAddonsSamlpLogout)(nil)).Elem() -} - -func (i ClientAddonsSamlpLogoutArgs) ToClientAddonsSamlpLogoutOutput() ClientAddonsSamlpLogoutOutput { - return i.ToClientAddonsSamlpLogoutOutputWithContext(context.Background()) -} - -func (i ClientAddonsSamlpLogoutArgs) ToClientAddonsSamlpLogoutOutputWithContext(ctx context.Context) ClientAddonsSamlpLogoutOutput { - return pulumi.ToOutputWithContext(ctx, i).(ClientAddonsSamlpLogoutOutput) -} - -func (i ClientAddonsSamlpLogoutArgs) ToClientAddonsSamlpLogoutPtrOutput() ClientAddonsSamlpLogoutPtrOutput { - return i.ToClientAddonsSamlpLogoutPtrOutputWithContext(context.Background()) -} - -func (i ClientAddonsSamlpLogoutArgs) ToClientAddonsSamlpLogoutPtrOutputWithContext(ctx context.Context) ClientAddonsSamlpLogoutPtrOutput { - return pulumi.ToOutputWithContext(ctx, i).(ClientAddonsSamlpLogoutOutput).ToClientAddonsSamlpLogoutPtrOutputWithContext(ctx) -} - -// ClientAddonsSamlpLogoutPtrInput is an input type that accepts ClientAddonsSamlpLogoutArgs, ClientAddonsSamlpLogoutPtr and ClientAddonsSamlpLogoutPtrOutput values. -// You can construct a concrete instance of `ClientAddonsSamlpLogoutPtrInput` via: -// -// ClientAddonsSamlpLogoutArgs{...} -// -// or: -// -// nil -type ClientAddonsSamlpLogoutPtrInput interface { - pulumi.Input - - ToClientAddonsSamlpLogoutPtrOutput() ClientAddonsSamlpLogoutPtrOutput - ToClientAddonsSamlpLogoutPtrOutputWithContext(context.Context) ClientAddonsSamlpLogoutPtrOutput -} - -type clientAddonsSamlpLogoutPtrType ClientAddonsSamlpLogoutArgs - -func ClientAddonsSamlpLogoutPtr(v *ClientAddonsSamlpLogoutArgs) ClientAddonsSamlpLogoutPtrInput { - return (*clientAddonsSamlpLogoutPtrType)(v) -} - -func (*clientAddonsSamlpLogoutPtrType) ElementType() reflect.Type { - return reflect.TypeOf((**ClientAddonsSamlpLogout)(nil)).Elem() -} - -func (i *clientAddonsSamlpLogoutPtrType) ToClientAddonsSamlpLogoutPtrOutput() ClientAddonsSamlpLogoutPtrOutput { - return i.ToClientAddonsSamlpLogoutPtrOutputWithContext(context.Background()) -} - -func (i *clientAddonsSamlpLogoutPtrType) ToClientAddonsSamlpLogoutPtrOutputWithContext(ctx context.Context) ClientAddonsSamlpLogoutPtrOutput { - return pulumi.ToOutputWithContext(ctx, i).(ClientAddonsSamlpLogoutPtrOutput) -} - -type ClientAddonsSamlpLogoutOutput struct{ *pulumi.OutputState } - -func (ClientAddonsSamlpLogoutOutput) ElementType() reflect.Type { - return reflect.TypeOf((*ClientAddonsSamlpLogout)(nil)).Elem() -} - -func (o ClientAddonsSamlpLogoutOutput) ToClientAddonsSamlpLogoutOutput() ClientAddonsSamlpLogoutOutput { - return o -} - -func (o ClientAddonsSamlpLogoutOutput) ToClientAddonsSamlpLogoutOutputWithContext(ctx context.Context) ClientAddonsSamlpLogoutOutput { - return o -} - -func (o ClientAddonsSamlpLogoutOutput) ToClientAddonsSamlpLogoutPtrOutput() ClientAddonsSamlpLogoutPtrOutput { - return o.ToClientAddonsSamlpLogoutPtrOutputWithContext(context.Background()) -} - -func (o ClientAddonsSamlpLogoutOutput) ToClientAddonsSamlpLogoutPtrOutputWithContext(ctx context.Context) ClientAddonsSamlpLogoutPtrOutput { - return o.ApplyTWithContext(ctx, func(_ context.Context, v ClientAddonsSamlpLogout) *ClientAddonsSamlpLogout { - return &v - }).(ClientAddonsSamlpLogoutPtrOutput) -} - -// String. Service provider's Single Logout Service URL, to which Auth0 will send logout requests and responses. -func (o ClientAddonsSamlpLogoutOutput) Callback() pulumi.StringPtrOutput { - return o.ApplyT(func(v ClientAddonsSamlpLogout) *string { return v.Callback }).(pulumi.StringPtrOutput) -} - -// Boolean. Indicates whether or not Auth0 should notify service providers of session termination. -func (o ClientAddonsSamlpLogoutOutput) SloEnabled() pulumi.BoolPtrOutput { - return o.ApplyT(func(v ClientAddonsSamlpLogout) *bool { return v.SloEnabled }).(pulumi.BoolPtrOutput) -} - -type ClientAddonsSamlpLogoutPtrOutput struct{ *pulumi.OutputState } - -func (ClientAddonsSamlpLogoutPtrOutput) ElementType() reflect.Type { - return reflect.TypeOf((**ClientAddonsSamlpLogout)(nil)).Elem() -} - -func (o ClientAddonsSamlpLogoutPtrOutput) ToClientAddonsSamlpLogoutPtrOutput() ClientAddonsSamlpLogoutPtrOutput { - return o -} - -func (o ClientAddonsSamlpLogoutPtrOutput) ToClientAddonsSamlpLogoutPtrOutputWithContext(ctx context.Context) ClientAddonsSamlpLogoutPtrOutput { - return o -} - -func (o ClientAddonsSamlpLogoutPtrOutput) Elem() ClientAddonsSamlpLogoutOutput { - return o.ApplyT(func(v *ClientAddonsSamlpLogout) ClientAddonsSamlpLogout { - if v != nil { - return *v - } - var ret ClientAddonsSamlpLogout - return ret - }).(ClientAddonsSamlpLogoutOutput) -} - -// String. Service provider's Single Logout Service URL, to which Auth0 will send logout requests and responses. -func (o ClientAddonsSamlpLogoutPtrOutput) Callback() pulumi.StringPtrOutput { - return o.ApplyT(func(v *ClientAddonsSamlpLogout) *string { - if v == nil { - return nil - } - return v.Callback - }).(pulumi.StringPtrOutput) -} - -// Boolean. Indicates whether or not Auth0 should notify service providers of session termination. -func (o ClientAddonsSamlpLogoutPtrOutput) SloEnabled() pulumi.BoolPtrOutput { - return o.ApplyT(func(v *ClientAddonsSamlpLogout) *bool { - if v == nil { - return nil - } - return v.SloEnabled - }).(pulumi.BoolPtrOutput) -} - type ClientJwtConfiguration struct { // String. Algorithm used to sign JWTs. Alg *string `pulumi:"alg"` @@ -7412,26 +8184,26 @@ func (o GlobalClientAddonsPtrOutput) Zoom() pulumi.MapOutput { } type GlobalClientAddonsSamlp struct { - Audience *string `pulumi:"audience"` - AuthnContextClassRef *string `pulumi:"authnContextClassRef"` - Binding *string `pulumi:"binding"` - CreateUpnClaim *bool `pulumi:"createUpnClaim"` - Destination *string `pulumi:"destination"` - DigestAlgorithm *string `pulumi:"digestAlgorithm"` - IncludeAttributeNameFormat *bool `pulumi:"includeAttributeNameFormat"` - LifetimeInSeconds *int `pulumi:"lifetimeInSeconds"` - Logout *GlobalClientAddonsSamlpLogout `pulumi:"logout"` - MapIdentities *bool `pulumi:"mapIdentities"` - MapUnknownClaimsAsIs *bool `pulumi:"mapUnknownClaimsAsIs"` - Mappings map[string]interface{} `pulumi:"mappings"` - NameIdentifierFormat *string `pulumi:"nameIdentifierFormat"` - NameIdentifierProbes []string `pulumi:"nameIdentifierProbes"` - PassthroughClaimsWithNoMapping *bool `pulumi:"passthroughClaimsWithNoMapping"` - Recipient *string `pulumi:"recipient"` - SignResponse *bool `pulumi:"signResponse"` - SignatureAlgorithm *string `pulumi:"signatureAlgorithm"` - SigningCert *string `pulumi:"signingCert"` - TypedAttributes *bool `pulumi:"typedAttributes"` + Audience *string `pulumi:"audience"` + AuthnContextClassRef *string `pulumi:"authnContextClassRef"` + Binding *string `pulumi:"binding"` + CreateUpnClaim *bool `pulumi:"createUpnClaim"` + Destination *string `pulumi:"destination"` + DigestAlgorithm *string `pulumi:"digestAlgorithm"` + IncludeAttributeNameFormat *bool `pulumi:"includeAttributeNameFormat"` + LifetimeInSeconds *int `pulumi:"lifetimeInSeconds"` + Logout map[string]interface{} `pulumi:"logout"` + MapIdentities *bool `pulumi:"mapIdentities"` + MapUnknownClaimsAsIs *bool `pulumi:"mapUnknownClaimsAsIs"` + Mappings map[string]interface{} `pulumi:"mappings"` + NameIdentifierFormat *string `pulumi:"nameIdentifierFormat"` + NameIdentifierProbes []string `pulumi:"nameIdentifierProbes"` + PassthroughClaimsWithNoMapping *bool `pulumi:"passthroughClaimsWithNoMapping"` + Recipient *string `pulumi:"recipient"` + SignResponse *bool `pulumi:"signResponse"` + SignatureAlgorithm *string `pulumi:"signatureAlgorithm"` + SigningCert *string `pulumi:"signingCert"` + TypedAttributes *bool `pulumi:"typedAttributes"` } // GlobalClientAddonsSamlpInput is an input type that accepts GlobalClientAddonsSamlpArgs and GlobalClientAddonsSamlpOutput values. @@ -7446,26 +8218,26 @@ type GlobalClientAddonsSamlpInput interface { } type GlobalClientAddonsSamlpArgs struct { - Audience pulumi.StringPtrInput `pulumi:"audience"` - AuthnContextClassRef pulumi.StringPtrInput `pulumi:"authnContextClassRef"` - Binding pulumi.StringPtrInput `pulumi:"binding"` - CreateUpnClaim pulumi.BoolPtrInput `pulumi:"createUpnClaim"` - Destination pulumi.StringPtrInput `pulumi:"destination"` - DigestAlgorithm pulumi.StringPtrInput `pulumi:"digestAlgorithm"` - IncludeAttributeNameFormat pulumi.BoolPtrInput `pulumi:"includeAttributeNameFormat"` - LifetimeInSeconds pulumi.IntPtrInput `pulumi:"lifetimeInSeconds"` - Logout GlobalClientAddonsSamlpLogoutPtrInput `pulumi:"logout"` - MapIdentities pulumi.BoolPtrInput `pulumi:"mapIdentities"` - MapUnknownClaimsAsIs pulumi.BoolPtrInput `pulumi:"mapUnknownClaimsAsIs"` - Mappings pulumi.MapInput `pulumi:"mappings"` - NameIdentifierFormat pulumi.StringPtrInput `pulumi:"nameIdentifierFormat"` - NameIdentifierProbes pulumi.StringArrayInput `pulumi:"nameIdentifierProbes"` - PassthroughClaimsWithNoMapping pulumi.BoolPtrInput `pulumi:"passthroughClaimsWithNoMapping"` - Recipient pulumi.StringPtrInput `pulumi:"recipient"` - SignResponse pulumi.BoolPtrInput `pulumi:"signResponse"` - SignatureAlgorithm pulumi.StringPtrInput `pulumi:"signatureAlgorithm"` - SigningCert pulumi.StringPtrInput `pulumi:"signingCert"` - TypedAttributes pulumi.BoolPtrInput `pulumi:"typedAttributes"` + Audience pulumi.StringPtrInput `pulumi:"audience"` + AuthnContextClassRef pulumi.StringPtrInput `pulumi:"authnContextClassRef"` + Binding pulumi.StringPtrInput `pulumi:"binding"` + CreateUpnClaim pulumi.BoolPtrInput `pulumi:"createUpnClaim"` + Destination pulumi.StringPtrInput `pulumi:"destination"` + DigestAlgorithm pulumi.StringPtrInput `pulumi:"digestAlgorithm"` + IncludeAttributeNameFormat pulumi.BoolPtrInput `pulumi:"includeAttributeNameFormat"` + LifetimeInSeconds pulumi.IntPtrInput `pulumi:"lifetimeInSeconds"` + Logout pulumi.MapInput `pulumi:"logout"` + MapIdentities pulumi.BoolPtrInput `pulumi:"mapIdentities"` + MapUnknownClaimsAsIs pulumi.BoolPtrInput `pulumi:"mapUnknownClaimsAsIs"` + Mappings pulumi.MapInput `pulumi:"mappings"` + NameIdentifierFormat pulumi.StringPtrInput `pulumi:"nameIdentifierFormat"` + NameIdentifierProbes pulumi.StringArrayInput `pulumi:"nameIdentifierProbes"` + PassthroughClaimsWithNoMapping pulumi.BoolPtrInput `pulumi:"passthroughClaimsWithNoMapping"` + Recipient pulumi.StringPtrInput `pulumi:"recipient"` + SignResponse pulumi.BoolPtrInput `pulumi:"signResponse"` + SignatureAlgorithm pulumi.StringPtrInput `pulumi:"signatureAlgorithm"` + SigningCert pulumi.StringPtrInput `pulumi:"signingCert"` + TypedAttributes pulumi.BoolPtrInput `pulumi:"typedAttributes"` } func (GlobalClientAddonsSamlpArgs) ElementType() reflect.Type { @@ -7577,8 +8349,8 @@ func (o GlobalClientAddonsSamlpOutput) LifetimeInSeconds() pulumi.IntPtrOutput { return o.ApplyT(func(v GlobalClientAddonsSamlp) *int { return v.LifetimeInSeconds }).(pulumi.IntPtrOutput) } -func (o GlobalClientAddonsSamlpOutput) Logout() GlobalClientAddonsSamlpLogoutPtrOutput { - return o.ApplyT(func(v GlobalClientAddonsSamlp) *GlobalClientAddonsSamlpLogout { return v.Logout }).(GlobalClientAddonsSamlpLogoutPtrOutput) +func (o GlobalClientAddonsSamlpOutput) Logout() pulumi.MapOutput { + return o.ApplyT(func(v GlobalClientAddonsSamlp) map[string]interface{} { return v.Logout }).(pulumi.MapOutput) } func (o GlobalClientAddonsSamlpOutput) MapIdentities() pulumi.BoolPtrOutput { @@ -7721,13 +8493,13 @@ func (o GlobalClientAddonsSamlpPtrOutput) LifetimeInSeconds() pulumi.IntPtrOutpu }).(pulumi.IntPtrOutput) } -func (o GlobalClientAddonsSamlpPtrOutput) Logout() GlobalClientAddonsSamlpLogoutPtrOutput { - return o.ApplyT(func(v *GlobalClientAddonsSamlp) *GlobalClientAddonsSamlpLogout { +func (o GlobalClientAddonsSamlpPtrOutput) Logout() pulumi.MapOutput { + return o.ApplyT(func(v *GlobalClientAddonsSamlp) map[string]interface{} { if v == nil { return nil } return v.Logout - }).(GlobalClientAddonsSamlpLogoutPtrOutput) + }).(pulumi.MapOutput) } func (o GlobalClientAddonsSamlpPtrOutput) MapIdentities() pulumi.BoolPtrOutput { @@ -7829,154 +8601,6 @@ func (o GlobalClientAddonsSamlpPtrOutput) TypedAttributes() pulumi.BoolPtrOutput }).(pulumi.BoolPtrOutput) } -type GlobalClientAddonsSamlpLogout struct { - Callback *string `pulumi:"callback"` - SloEnabled *bool `pulumi:"sloEnabled"` -} - -// GlobalClientAddonsSamlpLogoutInput is an input type that accepts GlobalClientAddonsSamlpLogoutArgs and GlobalClientAddonsSamlpLogoutOutput values. -// You can construct a concrete instance of `GlobalClientAddonsSamlpLogoutInput` via: -// -// GlobalClientAddonsSamlpLogoutArgs{...} -type GlobalClientAddonsSamlpLogoutInput interface { - pulumi.Input - - ToGlobalClientAddonsSamlpLogoutOutput() GlobalClientAddonsSamlpLogoutOutput - ToGlobalClientAddonsSamlpLogoutOutputWithContext(context.Context) GlobalClientAddonsSamlpLogoutOutput -} - -type GlobalClientAddonsSamlpLogoutArgs struct { - Callback pulumi.StringPtrInput `pulumi:"callback"` - SloEnabled pulumi.BoolPtrInput `pulumi:"sloEnabled"` -} - -func (GlobalClientAddonsSamlpLogoutArgs) ElementType() reflect.Type { - return reflect.TypeOf((*GlobalClientAddonsSamlpLogout)(nil)).Elem() -} - -func (i GlobalClientAddonsSamlpLogoutArgs) ToGlobalClientAddonsSamlpLogoutOutput() GlobalClientAddonsSamlpLogoutOutput { - return i.ToGlobalClientAddonsSamlpLogoutOutputWithContext(context.Background()) -} - -func (i GlobalClientAddonsSamlpLogoutArgs) ToGlobalClientAddonsSamlpLogoutOutputWithContext(ctx context.Context) GlobalClientAddonsSamlpLogoutOutput { - return pulumi.ToOutputWithContext(ctx, i).(GlobalClientAddonsSamlpLogoutOutput) -} - -func (i GlobalClientAddonsSamlpLogoutArgs) ToGlobalClientAddonsSamlpLogoutPtrOutput() GlobalClientAddonsSamlpLogoutPtrOutput { - return i.ToGlobalClientAddonsSamlpLogoutPtrOutputWithContext(context.Background()) -} - -func (i GlobalClientAddonsSamlpLogoutArgs) ToGlobalClientAddonsSamlpLogoutPtrOutputWithContext(ctx context.Context) GlobalClientAddonsSamlpLogoutPtrOutput { - return pulumi.ToOutputWithContext(ctx, i).(GlobalClientAddonsSamlpLogoutOutput).ToGlobalClientAddonsSamlpLogoutPtrOutputWithContext(ctx) -} - -// GlobalClientAddonsSamlpLogoutPtrInput is an input type that accepts GlobalClientAddonsSamlpLogoutArgs, GlobalClientAddonsSamlpLogoutPtr and GlobalClientAddonsSamlpLogoutPtrOutput values. -// You can construct a concrete instance of `GlobalClientAddonsSamlpLogoutPtrInput` via: -// -// GlobalClientAddonsSamlpLogoutArgs{...} -// -// or: -// -// nil -type GlobalClientAddonsSamlpLogoutPtrInput interface { - pulumi.Input - - ToGlobalClientAddonsSamlpLogoutPtrOutput() GlobalClientAddonsSamlpLogoutPtrOutput - ToGlobalClientAddonsSamlpLogoutPtrOutputWithContext(context.Context) GlobalClientAddonsSamlpLogoutPtrOutput -} - -type globalClientAddonsSamlpLogoutPtrType GlobalClientAddonsSamlpLogoutArgs - -func GlobalClientAddonsSamlpLogoutPtr(v *GlobalClientAddonsSamlpLogoutArgs) GlobalClientAddonsSamlpLogoutPtrInput { - return (*globalClientAddonsSamlpLogoutPtrType)(v) -} - -func (*globalClientAddonsSamlpLogoutPtrType) ElementType() reflect.Type { - return reflect.TypeOf((**GlobalClientAddonsSamlpLogout)(nil)).Elem() -} - -func (i *globalClientAddonsSamlpLogoutPtrType) ToGlobalClientAddonsSamlpLogoutPtrOutput() GlobalClientAddonsSamlpLogoutPtrOutput { - return i.ToGlobalClientAddonsSamlpLogoutPtrOutputWithContext(context.Background()) -} - -func (i *globalClientAddonsSamlpLogoutPtrType) ToGlobalClientAddonsSamlpLogoutPtrOutputWithContext(ctx context.Context) GlobalClientAddonsSamlpLogoutPtrOutput { - return pulumi.ToOutputWithContext(ctx, i).(GlobalClientAddonsSamlpLogoutPtrOutput) -} - -type GlobalClientAddonsSamlpLogoutOutput struct{ *pulumi.OutputState } - -func (GlobalClientAddonsSamlpLogoutOutput) ElementType() reflect.Type { - return reflect.TypeOf((*GlobalClientAddonsSamlpLogout)(nil)).Elem() -} - -func (o GlobalClientAddonsSamlpLogoutOutput) ToGlobalClientAddonsSamlpLogoutOutput() GlobalClientAddonsSamlpLogoutOutput { - return o -} - -func (o GlobalClientAddonsSamlpLogoutOutput) ToGlobalClientAddonsSamlpLogoutOutputWithContext(ctx context.Context) GlobalClientAddonsSamlpLogoutOutput { - return o -} - -func (o GlobalClientAddonsSamlpLogoutOutput) ToGlobalClientAddonsSamlpLogoutPtrOutput() GlobalClientAddonsSamlpLogoutPtrOutput { - return o.ToGlobalClientAddonsSamlpLogoutPtrOutputWithContext(context.Background()) -} - -func (o GlobalClientAddonsSamlpLogoutOutput) ToGlobalClientAddonsSamlpLogoutPtrOutputWithContext(ctx context.Context) GlobalClientAddonsSamlpLogoutPtrOutput { - return o.ApplyTWithContext(ctx, func(_ context.Context, v GlobalClientAddonsSamlpLogout) *GlobalClientAddonsSamlpLogout { - return &v - }).(GlobalClientAddonsSamlpLogoutPtrOutput) -} - -func (o GlobalClientAddonsSamlpLogoutOutput) Callback() pulumi.StringPtrOutput { - return o.ApplyT(func(v GlobalClientAddonsSamlpLogout) *string { return v.Callback }).(pulumi.StringPtrOutput) -} - -func (o GlobalClientAddonsSamlpLogoutOutput) SloEnabled() pulumi.BoolPtrOutput { - return o.ApplyT(func(v GlobalClientAddonsSamlpLogout) *bool { return v.SloEnabled }).(pulumi.BoolPtrOutput) -} - -type GlobalClientAddonsSamlpLogoutPtrOutput struct{ *pulumi.OutputState } - -func (GlobalClientAddonsSamlpLogoutPtrOutput) ElementType() reflect.Type { - return reflect.TypeOf((**GlobalClientAddonsSamlpLogout)(nil)).Elem() -} - -func (o GlobalClientAddonsSamlpLogoutPtrOutput) ToGlobalClientAddonsSamlpLogoutPtrOutput() GlobalClientAddonsSamlpLogoutPtrOutput { - return o -} - -func (o GlobalClientAddonsSamlpLogoutPtrOutput) ToGlobalClientAddonsSamlpLogoutPtrOutputWithContext(ctx context.Context) GlobalClientAddonsSamlpLogoutPtrOutput { - return o -} - -func (o GlobalClientAddonsSamlpLogoutPtrOutput) Elem() GlobalClientAddonsSamlpLogoutOutput { - return o.ApplyT(func(v *GlobalClientAddonsSamlpLogout) GlobalClientAddonsSamlpLogout { - if v != nil { - return *v - } - var ret GlobalClientAddonsSamlpLogout - return ret - }).(GlobalClientAddonsSamlpLogoutOutput) -} - -func (o GlobalClientAddonsSamlpLogoutPtrOutput) Callback() pulumi.StringPtrOutput { - return o.ApplyT(func(v *GlobalClientAddonsSamlpLogout) *string { - if v == nil { - return nil - } - return v.Callback - }).(pulumi.StringPtrOutput) -} - -func (o GlobalClientAddonsSamlpLogoutPtrOutput) SloEnabled() pulumi.BoolPtrOutput { - return o.ApplyT(func(v *GlobalClientAddonsSamlpLogout) *bool { - if v == nil { - return nil - } - return v.SloEnabled - }).(pulumi.BoolPtrOutput) -} - type GlobalClientJwtConfiguration struct { Alg *string `pulumi:"alg"` LifetimeInSeconds *int `pulumi:"lifetimeInSeconds"` @@ -12051,26 +12675,26 @@ func (o GetClientAddonArrayOutput) Index(i pulumi.IntInput) GetClientAddonOutput } type GetClientAddonSamlp struct { - Audience string `pulumi:"audience"` - AuthnContextClassRef string `pulumi:"authnContextClassRef"` - Binding string `pulumi:"binding"` - CreateUpnClaim bool `pulumi:"createUpnClaim"` - Destination string `pulumi:"destination"` - DigestAlgorithm string `pulumi:"digestAlgorithm"` - IncludeAttributeNameFormat bool `pulumi:"includeAttributeNameFormat"` - LifetimeInSeconds int `pulumi:"lifetimeInSeconds"` - Logout GetClientAddonSamlpLogout `pulumi:"logout"` - MapIdentities bool `pulumi:"mapIdentities"` - MapUnknownClaimsAsIs bool `pulumi:"mapUnknownClaimsAsIs"` - Mappings map[string]interface{} `pulumi:"mappings"` - NameIdentifierFormat string `pulumi:"nameIdentifierFormat"` - NameIdentifierProbes []string `pulumi:"nameIdentifierProbes"` - PassthroughClaimsWithNoMapping bool `pulumi:"passthroughClaimsWithNoMapping"` - Recipient string `pulumi:"recipient"` - SignResponse bool `pulumi:"signResponse"` - SignatureAlgorithm string `pulumi:"signatureAlgorithm"` - SigningCert string `pulumi:"signingCert"` - TypedAttributes bool `pulumi:"typedAttributes"` + Audience string `pulumi:"audience"` + AuthnContextClassRef string `pulumi:"authnContextClassRef"` + Binding string `pulumi:"binding"` + CreateUpnClaim bool `pulumi:"createUpnClaim"` + Destination string `pulumi:"destination"` + DigestAlgorithm string `pulumi:"digestAlgorithm"` + IncludeAttributeNameFormat bool `pulumi:"includeAttributeNameFormat"` + LifetimeInSeconds int `pulumi:"lifetimeInSeconds"` + Logout map[string]interface{} `pulumi:"logout"` + MapIdentities bool `pulumi:"mapIdentities"` + MapUnknownClaimsAsIs bool `pulumi:"mapUnknownClaimsAsIs"` + Mappings map[string]interface{} `pulumi:"mappings"` + NameIdentifierFormat string `pulumi:"nameIdentifierFormat"` + NameIdentifierProbes []string `pulumi:"nameIdentifierProbes"` + PassthroughClaimsWithNoMapping bool `pulumi:"passthroughClaimsWithNoMapping"` + Recipient string `pulumi:"recipient"` + SignResponse bool `pulumi:"signResponse"` + SignatureAlgorithm string `pulumi:"signatureAlgorithm"` + SigningCert string `pulumi:"signingCert"` + TypedAttributes bool `pulumi:"typedAttributes"` } // GetClientAddonSamlpInput is an input type that accepts GetClientAddonSamlpArgs and GetClientAddonSamlpOutput values. @@ -12085,26 +12709,26 @@ type GetClientAddonSamlpInput interface { } type GetClientAddonSamlpArgs struct { - Audience pulumi.StringInput `pulumi:"audience"` - AuthnContextClassRef pulumi.StringInput `pulumi:"authnContextClassRef"` - Binding pulumi.StringInput `pulumi:"binding"` - CreateUpnClaim pulumi.BoolInput `pulumi:"createUpnClaim"` - Destination pulumi.StringInput `pulumi:"destination"` - DigestAlgorithm pulumi.StringInput `pulumi:"digestAlgorithm"` - IncludeAttributeNameFormat pulumi.BoolInput `pulumi:"includeAttributeNameFormat"` - LifetimeInSeconds pulumi.IntInput `pulumi:"lifetimeInSeconds"` - Logout GetClientAddonSamlpLogoutInput `pulumi:"logout"` - MapIdentities pulumi.BoolInput `pulumi:"mapIdentities"` - MapUnknownClaimsAsIs pulumi.BoolInput `pulumi:"mapUnknownClaimsAsIs"` - Mappings pulumi.MapInput `pulumi:"mappings"` - NameIdentifierFormat pulumi.StringInput `pulumi:"nameIdentifierFormat"` - NameIdentifierProbes pulumi.StringArrayInput `pulumi:"nameIdentifierProbes"` - PassthroughClaimsWithNoMapping pulumi.BoolInput `pulumi:"passthroughClaimsWithNoMapping"` - Recipient pulumi.StringInput `pulumi:"recipient"` - SignResponse pulumi.BoolInput `pulumi:"signResponse"` - SignatureAlgorithm pulumi.StringInput `pulumi:"signatureAlgorithm"` - SigningCert pulumi.StringInput `pulumi:"signingCert"` - TypedAttributes pulumi.BoolInput `pulumi:"typedAttributes"` + Audience pulumi.StringInput `pulumi:"audience"` + AuthnContextClassRef pulumi.StringInput `pulumi:"authnContextClassRef"` + Binding pulumi.StringInput `pulumi:"binding"` + CreateUpnClaim pulumi.BoolInput `pulumi:"createUpnClaim"` + Destination pulumi.StringInput `pulumi:"destination"` + DigestAlgorithm pulumi.StringInput `pulumi:"digestAlgorithm"` + IncludeAttributeNameFormat pulumi.BoolInput `pulumi:"includeAttributeNameFormat"` + LifetimeInSeconds pulumi.IntInput `pulumi:"lifetimeInSeconds"` + Logout pulumi.MapInput `pulumi:"logout"` + MapIdentities pulumi.BoolInput `pulumi:"mapIdentities"` + MapUnknownClaimsAsIs pulumi.BoolInput `pulumi:"mapUnknownClaimsAsIs"` + Mappings pulumi.MapInput `pulumi:"mappings"` + NameIdentifierFormat pulumi.StringInput `pulumi:"nameIdentifierFormat"` + NameIdentifierProbes pulumi.StringArrayInput `pulumi:"nameIdentifierProbes"` + PassthroughClaimsWithNoMapping pulumi.BoolInput `pulumi:"passthroughClaimsWithNoMapping"` + Recipient pulumi.StringInput `pulumi:"recipient"` + SignResponse pulumi.BoolInput `pulumi:"signResponse"` + SignatureAlgorithm pulumi.StringInput `pulumi:"signatureAlgorithm"` + SigningCert pulumi.StringInput `pulumi:"signingCert"` + TypedAttributes pulumi.BoolInput `pulumi:"typedAttributes"` } func (GetClientAddonSamlpArgs) ElementType() reflect.Type { @@ -12190,8 +12814,8 @@ func (o GetClientAddonSamlpOutput) LifetimeInSeconds() pulumi.IntOutput { return o.ApplyT(func(v GetClientAddonSamlp) int { return v.LifetimeInSeconds }).(pulumi.IntOutput) } -func (o GetClientAddonSamlpOutput) Logout() GetClientAddonSamlpLogoutOutput { - return o.ApplyT(func(v GetClientAddonSamlp) GetClientAddonSamlpLogout { return v.Logout }).(GetClientAddonSamlpLogoutOutput) +func (o GetClientAddonSamlpOutput) Logout() pulumi.MapOutput { + return o.ApplyT(func(v GetClientAddonSamlp) map[string]interface{} { return v.Logout }).(pulumi.MapOutput) } func (o GetClientAddonSamlpOutput) MapIdentities() pulumi.BoolOutput { @@ -12258,61 +12882,6 @@ func (o GetClientAddonSamlpArrayOutput) Index(i pulumi.IntInput) GetClientAddonS }).(GetClientAddonSamlpOutput) } -type GetClientAddonSamlpLogout struct { - Callback *string `pulumi:"callback"` - SloEnabled *bool `pulumi:"sloEnabled"` -} - -// GetClientAddonSamlpLogoutInput is an input type that accepts GetClientAddonSamlpLogoutArgs and GetClientAddonSamlpLogoutOutput values. -// You can construct a concrete instance of `GetClientAddonSamlpLogoutInput` via: -// -// GetClientAddonSamlpLogoutArgs{...} -type GetClientAddonSamlpLogoutInput interface { - pulumi.Input - - ToGetClientAddonSamlpLogoutOutput() GetClientAddonSamlpLogoutOutput - ToGetClientAddonSamlpLogoutOutputWithContext(context.Context) GetClientAddonSamlpLogoutOutput -} - -type GetClientAddonSamlpLogoutArgs struct { - Callback pulumi.StringPtrInput `pulumi:"callback"` - SloEnabled pulumi.BoolPtrInput `pulumi:"sloEnabled"` -} - -func (GetClientAddonSamlpLogoutArgs) ElementType() reflect.Type { - return reflect.TypeOf((*GetClientAddonSamlpLogout)(nil)).Elem() -} - -func (i GetClientAddonSamlpLogoutArgs) ToGetClientAddonSamlpLogoutOutput() GetClientAddonSamlpLogoutOutput { - return i.ToGetClientAddonSamlpLogoutOutputWithContext(context.Background()) -} - -func (i GetClientAddonSamlpLogoutArgs) ToGetClientAddonSamlpLogoutOutputWithContext(ctx context.Context) GetClientAddonSamlpLogoutOutput { - return pulumi.ToOutputWithContext(ctx, i).(GetClientAddonSamlpLogoutOutput) -} - -type GetClientAddonSamlpLogoutOutput struct{ *pulumi.OutputState } - -func (GetClientAddonSamlpLogoutOutput) ElementType() reflect.Type { - return reflect.TypeOf((*GetClientAddonSamlpLogout)(nil)).Elem() -} - -func (o GetClientAddonSamlpLogoutOutput) ToGetClientAddonSamlpLogoutOutput() GetClientAddonSamlpLogoutOutput { - return o -} - -func (o GetClientAddonSamlpLogoutOutput) ToGetClientAddonSamlpLogoutOutputWithContext(ctx context.Context) GetClientAddonSamlpLogoutOutput { - return o -} - -func (o GetClientAddonSamlpLogoutOutput) Callback() pulumi.StringPtrOutput { - return o.ApplyT(func(v GetClientAddonSamlpLogout) *string { return v.Callback }).(pulumi.StringPtrOutput) -} - -func (o GetClientAddonSamlpLogoutOutput) SloEnabled() pulumi.BoolPtrOutput { - return o.ApplyT(func(v GetClientAddonSamlpLogout) *bool { return v.SloEnabled }).(pulumi.BoolPtrOutput) -} - type GetClientJwtConfiguration struct { Alg string `pulumi:"alg"` LifetimeInSeconds int `pulumi:"lifetimeInSeconds"` @@ -13400,26 +13969,26 @@ func (o GetGlobalClientAddonArrayOutput) Index(i pulumi.IntInput) GetGlobalClien } type GetGlobalClientAddonSamlp struct { - Audience string `pulumi:"audience"` - AuthnContextClassRef string `pulumi:"authnContextClassRef"` - Binding string `pulumi:"binding"` - CreateUpnClaim bool `pulumi:"createUpnClaim"` - Destination string `pulumi:"destination"` - DigestAlgorithm string `pulumi:"digestAlgorithm"` - IncludeAttributeNameFormat bool `pulumi:"includeAttributeNameFormat"` - LifetimeInSeconds int `pulumi:"lifetimeInSeconds"` - Logout GetGlobalClientAddonSamlpLogout `pulumi:"logout"` - MapIdentities bool `pulumi:"mapIdentities"` - MapUnknownClaimsAsIs bool `pulumi:"mapUnknownClaimsAsIs"` - Mappings map[string]interface{} `pulumi:"mappings"` - NameIdentifierFormat string `pulumi:"nameIdentifierFormat"` - NameIdentifierProbes []string `pulumi:"nameIdentifierProbes"` - PassthroughClaimsWithNoMapping bool `pulumi:"passthroughClaimsWithNoMapping"` - Recipient string `pulumi:"recipient"` - SignResponse bool `pulumi:"signResponse"` - SignatureAlgorithm string `pulumi:"signatureAlgorithm"` - SigningCert string `pulumi:"signingCert"` - TypedAttributes bool `pulumi:"typedAttributes"` + Audience string `pulumi:"audience"` + AuthnContextClassRef string `pulumi:"authnContextClassRef"` + Binding string `pulumi:"binding"` + CreateUpnClaim bool `pulumi:"createUpnClaim"` + Destination string `pulumi:"destination"` + DigestAlgorithm string `pulumi:"digestAlgorithm"` + IncludeAttributeNameFormat bool `pulumi:"includeAttributeNameFormat"` + LifetimeInSeconds int `pulumi:"lifetimeInSeconds"` + Logout map[string]interface{} `pulumi:"logout"` + MapIdentities bool `pulumi:"mapIdentities"` + MapUnknownClaimsAsIs bool `pulumi:"mapUnknownClaimsAsIs"` + Mappings map[string]interface{} `pulumi:"mappings"` + NameIdentifierFormat string `pulumi:"nameIdentifierFormat"` + NameIdentifierProbes []string `pulumi:"nameIdentifierProbes"` + PassthroughClaimsWithNoMapping bool `pulumi:"passthroughClaimsWithNoMapping"` + Recipient string `pulumi:"recipient"` + SignResponse bool `pulumi:"signResponse"` + SignatureAlgorithm string `pulumi:"signatureAlgorithm"` + SigningCert string `pulumi:"signingCert"` + TypedAttributes bool `pulumi:"typedAttributes"` } // GetGlobalClientAddonSamlpInput is an input type that accepts GetGlobalClientAddonSamlpArgs and GetGlobalClientAddonSamlpOutput values. @@ -13434,26 +14003,26 @@ type GetGlobalClientAddonSamlpInput interface { } type GetGlobalClientAddonSamlpArgs struct { - Audience pulumi.StringInput `pulumi:"audience"` - AuthnContextClassRef pulumi.StringInput `pulumi:"authnContextClassRef"` - Binding pulumi.StringInput `pulumi:"binding"` - CreateUpnClaim pulumi.BoolInput `pulumi:"createUpnClaim"` - Destination pulumi.StringInput `pulumi:"destination"` - DigestAlgorithm pulumi.StringInput `pulumi:"digestAlgorithm"` - IncludeAttributeNameFormat pulumi.BoolInput `pulumi:"includeAttributeNameFormat"` - LifetimeInSeconds pulumi.IntInput `pulumi:"lifetimeInSeconds"` - Logout GetGlobalClientAddonSamlpLogoutInput `pulumi:"logout"` - MapIdentities pulumi.BoolInput `pulumi:"mapIdentities"` - MapUnknownClaimsAsIs pulumi.BoolInput `pulumi:"mapUnknownClaimsAsIs"` - Mappings pulumi.MapInput `pulumi:"mappings"` - NameIdentifierFormat pulumi.StringInput `pulumi:"nameIdentifierFormat"` - NameIdentifierProbes pulumi.StringArrayInput `pulumi:"nameIdentifierProbes"` - PassthroughClaimsWithNoMapping pulumi.BoolInput `pulumi:"passthroughClaimsWithNoMapping"` - Recipient pulumi.StringInput `pulumi:"recipient"` - SignResponse pulumi.BoolInput `pulumi:"signResponse"` - SignatureAlgorithm pulumi.StringInput `pulumi:"signatureAlgorithm"` - SigningCert pulumi.StringInput `pulumi:"signingCert"` - TypedAttributes pulumi.BoolInput `pulumi:"typedAttributes"` + Audience pulumi.StringInput `pulumi:"audience"` + AuthnContextClassRef pulumi.StringInput `pulumi:"authnContextClassRef"` + Binding pulumi.StringInput `pulumi:"binding"` + CreateUpnClaim pulumi.BoolInput `pulumi:"createUpnClaim"` + Destination pulumi.StringInput `pulumi:"destination"` + DigestAlgorithm pulumi.StringInput `pulumi:"digestAlgorithm"` + IncludeAttributeNameFormat pulumi.BoolInput `pulumi:"includeAttributeNameFormat"` + LifetimeInSeconds pulumi.IntInput `pulumi:"lifetimeInSeconds"` + Logout pulumi.MapInput `pulumi:"logout"` + MapIdentities pulumi.BoolInput `pulumi:"mapIdentities"` + MapUnknownClaimsAsIs pulumi.BoolInput `pulumi:"mapUnknownClaimsAsIs"` + Mappings pulumi.MapInput `pulumi:"mappings"` + NameIdentifierFormat pulumi.StringInput `pulumi:"nameIdentifierFormat"` + NameIdentifierProbes pulumi.StringArrayInput `pulumi:"nameIdentifierProbes"` + PassthroughClaimsWithNoMapping pulumi.BoolInput `pulumi:"passthroughClaimsWithNoMapping"` + Recipient pulumi.StringInput `pulumi:"recipient"` + SignResponse pulumi.BoolInput `pulumi:"signResponse"` + SignatureAlgorithm pulumi.StringInput `pulumi:"signatureAlgorithm"` + SigningCert pulumi.StringInput `pulumi:"signingCert"` + TypedAttributes pulumi.BoolInput `pulumi:"typedAttributes"` } func (GetGlobalClientAddonSamlpArgs) ElementType() reflect.Type { @@ -13539,8 +14108,8 @@ func (o GetGlobalClientAddonSamlpOutput) LifetimeInSeconds() pulumi.IntOutput { return o.ApplyT(func(v GetGlobalClientAddonSamlp) int { return v.LifetimeInSeconds }).(pulumi.IntOutput) } -func (o GetGlobalClientAddonSamlpOutput) Logout() GetGlobalClientAddonSamlpLogoutOutput { - return o.ApplyT(func(v GetGlobalClientAddonSamlp) GetGlobalClientAddonSamlpLogout { return v.Logout }).(GetGlobalClientAddonSamlpLogoutOutput) +func (o GetGlobalClientAddonSamlpOutput) Logout() pulumi.MapOutput { + return o.ApplyT(func(v GetGlobalClientAddonSamlp) map[string]interface{} { return v.Logout }).(pulumi.MapOutput) } func (o GetGlobalClientAddonSamlpOutput) MapIdentities() pulumi.BoolOutput { @@ -13607,61 +14176,6 @@ func (o GetGlobalClientAddonSamlpArrayOutput) Index(i pulumi.IntInput) GetGlobal }).(GetGlobalClientAddonSamlpOutput) } -type GetGlobalClientAddonSamlpLogout struct { - Callback *string `pulumi:"callback"` - SloEnabled *bool `pulumi:"sloEnabled"` -} - -// GetGlobalClientAddonSamlpLogoutInput is an input type that accepts GetGlobalClientAddonSamlpLogoutArgs and GetGlobalClientAddonSamlpLogoutOutput values. -// You can construct a concrete instance of `GetGlobalClientAddonSamlpLogoutInput` via: -// -// GetGlobalClientAddonSamlpLogoutArgs{...} -type GetGlobalClientAddonSamlpLogoutInput interface { - pulumi.Input - - ToGetGlobalClientAddonSamlpLogoutOutput() GetGlobalClientAddonSamlpLogoutOutput - ToGetGlobalClientAddonSamlpLogoutOutputWithContext(context.Context) GetGlobalClientAddonSamlpLogoutOutput -} - -type GetGlobalClientAddonSamlpLogoutArgs struct { - Callback pulumi.StringPtrInput `pulumi:"callback"` - SloEnabled pulumi.BoolPtrInput `pulumi:"sloEnabled"` -} - -func (GetGlobalClientAddonSamlpLogoutArgs) ElementType() reflect.Type { - return reflect.TypeOf((*GetGlobalClientAddonSamlpLogout)(nil)).Elem() -} - -func (i GetGlobalClientAddonSamlpLogoutArgs) ToGetGlobalClientAddonSamlpLogoutOutput() GetGlobalClientAddonSamlpLogoutOutput { - return i.ToGetGlobalClientAddonSamlpLogoutOutputWithContext(context.Background()) -} - -func (i GetGlobalClientAddonSamlpLogoutArgs) ToGetGlobalClientAddonSamlpLogoutOutputWithContext(ctx context.Context) GetGlobalClientAddonSamlpLogoutOutput { - return pulumi.ToOutputWithContext(ctx, i).(GetGlobalClientAddonSamlpLogoutOutput) -} - -type GetGlobalClientAddonSamlpLogoutOutput struct{ *pulumi.OutputState } - -func (GetGlobalClientAddonSamlpLogoutOutput) ElementType() reflect.Type { - return reflect.TypeOf((*GetGlobalClientAddonSamlpLogout)(nil)).Elem() -} - -func (o GetGlobalClientAddonSamlpLogoutOutput) ToGetGlobalClientAddonSamlpLogoutOutput() GetGlobalClientAddonSamlpLogoutOutput { - return o -} - -func (o GetGlobalClientAddonSamlpLogoutOutput) ToGetGlobalClientAddonSamlpLogoutOutputWithContext(ctx context.Context) GetGlobalClientAddonSamlpLogoutOutput { - return o -} - -func (o GetGlobalClientAddonSamlpLogoutOutput) Callback() pulumi.StringPtrOutput { - return o.ApplyT(func(v GetGlobalClientAddonSamlpLogout) *string { return v.Callback }).(pulumi.StringPtrOutput) -} - -func (o GetGlobalClientAddonSamlpLogoutOutput) SloEnabled() pulumi.BoolPtrOutput { - return o.ApplyT(func(v GetGlobalClientAddonSamlpLogout) *bool { return v.SloEnabled }).(pulumi.BoolPtrOutput) -} - type GetGlobalClientJwtConfiguration struct { Alg string `pulumi:"alg"` LifetimeInSeconds int `pulumi:"lifetimeInSeconds"` @@ -14501,6 +15015,16 @@ func init() { pulumi.RegisterInputType(reflect.TypeOf((*ActionSecretArrayInput)(nil)).Elem(), ActionSecretArray{}) pulumi.RegisterInputType(reflect.TypeOf((*ActionSupportedTriggersInput)(nil)).Elem(), ActionSupportedTriggersArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*ActionSupportedTriggersPtrInput)(nil)).Elem(), ActionSupportedTriggersArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*AttackProtectionBreachedPasswordDetectionInput)(nil)).Elem(), AttackProtectionBreachedPasswordDetectionArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*AttackProtectionBreachedPasswordDetectionPtrInput)(nil)).Elem(), AttackProtectionBreachedPasswordDetectionArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*AttackProtectionBruteForceProtectionInput)(nil)).Elem(), AttackProtectionBruteForceProtectionArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*AttackProtectionBruteForceProtectionPtrInput)(nil)).Elem(), AttackProtectionBruteForceProtectionArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*AttackProtectionSuspiciousIpThrottlingInput)(nil)).Elem(), AttackProtectionSuspiciousIpThrottlingArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*AttackProtectionSuspiciousIpThrottlingPtrInput)(nil)).Elem(), AttackProtectionSuspiciousIpThrottlingArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*AttackProtectionSuspiciousIpThrottlingPreLoginInput)(nil)).Elem(), AttackProtectionSuspiciousIpThrottlingPreLoginArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*AttackProtectionSuspiciousIpThrottlingPreLoginPtrInput)(nil)).Elem(), AttackProtectionSuspiciousIpThrottlingPreLoginArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*AttackProtectionSuspiciousIpThrottlingPreUserRegistrationInput)(nil)).Elem(), AttackProtectionSuspiciousIpThrottlingPreUserRegistrationArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*AttackProtectionSuspiciousIpThrottlingPreUserRegistrationPtrInput)(nil)).Elem(), AttackProtectionSuspiciousIpThrottlingPreUserRegistrationArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*BrandingColorsInput)(nil)).Elem(), BrandingColorsArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*BrandingColorsPtrInput)(nil)).Elem(), BrandingColorsArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*BrandingFontInput)(nil)).Elem(), BrandingFontArgs{}) @@ -14511,8 +15035,6 @@ func init() { pulumi.RegisterInputType(reflect.TypeOf((*ClientAddonsPtrInput)(nil)).Elem(), ClientAddonsArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*ClientAddonsSamlpInput)(nil)).Elem(), ClientAddonsSamlpArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*ClientAddonsSamlpPtrInput)(nil)).Elem(), ClientAddonsSamlpArgs{}) - pulumi.RegisterInputType(reflect.TypeOf((*ClientAddonsSamlpLogoutInput)(nil)).Elem(), ClientAddonsSamlpLogoutArgs{}) - pulumi.RegisterInputType(reflect.TypeOf((*ClientAddonsSamlpLogoutPtrInput)(nil)).Elem(), ClientAddonsSamlpLogoutArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*ClientJwtConfigurationInput)(nil)).Elem(), ClientJwtConfigurationArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*ClientJwtConfigurationPtrInput)(nil)).Elem(), ClientJwtConfigurationArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*ClientMobileInput)(nil)).Elem(), ClientMobileArgs{}) @@ -14559,8 +15081,6 @@ func init() { pulumi.RegisterInputType(reflect.TypeOf((*GlobalClientAddonsPtrInput)(nil)).Elem(), GlobalClientAddonsArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*GlobalClientAddonsSamlpInput)(nil)).Elem(), GlobalClientAddonsSamlpArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*GlobalClientAddonsSamlpPtrInput)(nil)).Elem(), GlobalClientAddonsSamlpArgs{}) - pulumi.RegisterInputType(reflect.TypeOf((*GlobalClientAddonsSamlpLogoutInput)(nil)).Elem(), GlobalClientAddonsSamlpLogoutArgs{}) - pulumi.RegisterInputType(reflect.TypeOf((*GlobalClientAddonsSamlpLogoutPtrInput)(nil)).Elem(), GlobalClientAddonsSamlpLogoutArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*GlobalClientJwtConfigurationInput)(nil)).Elem(), GlobalClientJwtConfigurationArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*GlobalClientJwtConfigurationPtrInput)(nil)).Elem(), GlobalClientJwtConfigurationArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*GlobalClientMobileInput)(nil)).Elem(), GlobalClientMobileArgs{}) @@ -14609,7 +15129,6 @@ func init() { pulumi.RegisterInputType(reflect.TypeOf((*GetClientAddonArrayInput)(nil)).Elem(), GetClientAddonArray{}) pulumi.RegisterInputType(reflect.TypeOf((*GetClientAddonSamlpInput)(nil)).Elem(), GetClientAddonSamlpArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*GetClientAddonSamlpArrayInput)(nil)).Elem(), GetClientAddonSamlpArray{}) - pulumi.RegisterInputType(reflect.TypeOf((*GetClientAddonSamlpLogoutInput)(nil)).Elem(), GetClientAddonSamlpLogoutArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*GetClientJwtConfigurationInput)(nil)).Elem(), GetClientJwtConfigurationArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*GetClientJwtConfigurationArrayInput)(nil)).Elem(), GetClientJwtConfigurationArray{}) pulumi.RegisterInputType(reflect.TypeOf((*GetClientMobileInput)(nil)).Elem(), GetClientMobileArgs{}) @@ -14630,7 +15149,6 @@ func init() { pulumi.RegisterInputType(reflect.TypeOf((*GetGlobalClientAddonArrayInput)(nil)).Elem(), GetGlobalClientAddonArray{}) pulumi.RegisterInputType(reflect.TypeOf((*GetGlobalClientAddonSamlpInput)(nil)).Elem(), GetGlobalClientAddonSamlpArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*GetGlobalClientAddonSamlpArrayInput)(nil)).Elem(), GetGlobalClientAddonSamlpArray{}) - pulumi.RegisterInputType(reflect.TypeOf((*GetGlobalClientAddonSamlpLogoutInput)(nil)).Elem(), GetGlobalClientAddonSamlpLogoutArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*GetGlobalClientJwtConfigurationInput)(nil)).Elem(), GetGlobalClientJwtConfigurationArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*GetGlobalClientJwtConfigurationArrayInput)(nil)).Elem(), GetGlobalClientJwtConfigurationArray{}) pulumi.RegisterInputType(reflect.TypeOf((*GetGlobalClientMobileInput)(nil)).Elem(), GetGlobalClientMobileArgs{}) @@ -14653,6 +15171,16 @@ func init() { pulumi.RegisterOutputType(ActionSecretArrayOutput{}) pulumi.RegisterOutputType(ActionSupportedTriggersOutput{}) pulumi.RegisterOutputType(ActionSupportedTriggersPtrOutput{}) + pulumi.RegisterOutputType(AttackProtectionBreachedPasswordDetectionOutput{}) + pulumi.RegisterOutputType(AttackProtectionBreachedPasswordDetectionPtrOutput{}) + pulumi.RegisterOutputType(AttackProtectionBruteForceProtectionOutput{}) + pulumi.RegisterOutputType(AttackProtectionBruteForceProtectionPtrOutput{}) + pulumi.RegisterOutputType(AttackProtectionSuspiciousIpThrottlingOutput{}) + pulumi.RegisterOutputType(AttackProtectionSuspiciousIpThrottlingPtrOutput{}) + pulumi.RegisterOutputType(AttackProtectionSuspiciousIpThrottlingPreLoginOutput{}) + pulumi.RegisterOutputType(AttackProtectionSuspiciousIpThrottlingPreLoginPtrOutput{}) + pulumi.RegisterOutputType(AttackProtectionSuspiciousIpThrottlingPreUserRegistrationOutput{}) + pulumi.RegisterOutputType(AttackProtectionSuspiciousIpThrottlingPreUserRegistrationPtrOutput{}) pulumi.RegisterOutputType(BrandingColorsOutput{}) pulumi.RegisterOutputType(BrandingColorsPtrOutput{}) pulumi.RegisterOutputType(BrandingFontOutput{}) @@ -14663,8 +15191,6 @@ func init() { pulumi.RegisterOutputType(ClientAddonsPtrOutput{}) pulumi.RegisterOutputType(ClientAddonsSamlpOutput{}) pulumi.RegisterOutputType(ClientAddonsSamlpPtrOutput{}) - pulumi.RegisterOutputType(ClientAddonsSamlpLogoutOutput{}) - pulumi.RegisterOutputType(ClientAddonsSamlpLogoutPtrOutput{}) pulumi.RegisterOutputType(ClientJwtConfigurationOutput{}) pulumi.RegisterOutputType(ClientJwtConfigurationPtrOutput{}) pulumi.RegisterOutputType(ClientMobileOutput{}) @@ -14711,8 +15237,6 @@ func init() { pulumi.RegisterOutputType(GlobalClientAddonsPtrOutput{}) pulumi.RegisterOutputType(GlobalClientAddonsSamlpOutput{}) pulumi.RegisterOutputType(GlobalClientAddonsSamlpPtrOutput{}) - pulumi.RegisterOutputType(GlobalClientAddonsSamlpLogoutOutput{}) - pulumi.RegisterOutputType(GlobalClientAddonsSamlpLogoutPtrOutput{}) pulumi.RegisterOutputType(GlobalClientJwtConfigurationOutput{}) pulumi.RegisterOutputType(GlobalClientJwtConfigurationPtrOutput{}) pulumi.RegisterOutputType(GlobalClientMobileOutput{}) @@ -14761,7 +15285,6 @@ func init() { pulumi.RegisterOutputType(GetClientAddonArrayOutput{}) pulumi.RegisterOutputType(GetClientAddonSamlpOutput{}) pulumi.RegisterOutputType(GetClientAddonSamlpArrayOutput{}) - pulumi.RegisterOutputType(GetClientAddonSamlpLogoutOutput{}) pulumi.RegisterOutputType(GetClientJwtConfigurationOutput{}) pulumi.RegisterOutputType(GetClientJwtConfigurationArrayOutput{}) pulumi.RegisterOutputType(GetClientMobileOutput{}) @@ -14782,7 +15305,6 @@ func init() { pulumi.RegisterOutputType(GetGlobalClientAddonArrayOutput{}) pulumi.RegisterOutputType(GetGlobalClientAddonSamlpOutput{}) pulumi.RegisterOutputType(GetGlobalClientAddonSamlpArrayOutput{}) - pulumi.RegisterOutputType(GetGlobalClientAddonSamlpLogoutOutput{}) pulumi.RegisterOutputType(GetGlobalClientJwtConfigurationOutput{}) pulumi.RegisterOutputType(GetGlobalClientJwtConfigurationArrayOutput{}) pulumi.RegisterOutputType(GetGlobalClientMobileOutput{}) diff --git a/sdk/nodejs/attackProtection.ts b/sdk/nodejs/attackProtection.ts new file mode 100644 index 00000000..0962d94a --- /dev/null +++ b/sdk/nodejs/attackProtection.ts @@ -0,0 +1,166 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +import * as pulumi from "@pulumi/pulumi"; +import { input as inputs, output as outputs } from "./types"; +import * as utilities from "./utilities"; + +/** + * Auth0 can detect attacks and stop malicious attempts to access your application such as blocking traffic from certain IPs and displaying CAPTCHA + * + * ## Example Usage + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as auth0 from "@pulumi/auth0"; + * + * const attackProtection = new auth0.AttackProtection("attack_protection", { + * breachedPasswordDetection: { + * adminNotificationFrequencies: ["daily"], + * enabled: true, + * method: "standard", + * shields: [ + * "admin_notification", + * "block", + * ], + * }, + * bruteForceProtection: { + * allowlists: ["127.0.0.1"], + * enabled: true, + * maxAttempts: 5, + * mode: "count_per_identifier_and_ip", + * shields: [ + * "block", + * "user_notification", + * ], + * }, + * suspiciousIpThrottling: { + * allowlists: ["192.168.1.1"], + * enabled: true, + * preLogin: { + * maxAttempts: 100, + * rate: 864000, + * }, + * preUserRegistration: { + * maxAttempts: 50, + * rate: 1200, + * }, + * shields: [ + * "admin_notification", + * "block", + * ], + * }, + * }); + * ``` + * + * ## Import + * + * As this is not a resource identifiable by an ID within the Auth0 Management API, guardian can be imported using a random string. We recommend [Version 4 UUID](https://www.uuidgenerator.net/version4) e.g. + * + * ```sh + * $ pulumi import auth0:index/attackProtection:AttackProtection default 24940d4b-4bd4-44e7-894e-f92e4de36a40 + * ``` + */ +export class AttackProtection extends pulumi.CustomResource { + /** + * Get an existing AttackProtection resource's state with the given name, ID, and optional extra + * properties used to qualify the lookup. + * + * @param name The _unique_ name of the resulting resource. + * @param id The _unique_ provider ID of the resource to lookup. + * @param state Any extra arguments used during the lookup. + * @param opts Optional settings to control the behavior of the CustomResource. + */ + public static get(name: string, id: pulumi.Input, state?: AttackProtectionState, opts?: pulumi.CustomResourceOptions): AttackProtection { + return new AttackProtection(name, state, { ...opts, id: id }); + } + + /** @internal */ + public static readonly __pulumiType = 'auth0:index/attackProtection:AttackProtection'; + + /** + * Returns true if the given object is an instance of AttackProtection. This is designed to work even + * when multiple copies of the Pulumi SDK have been loaded into the same process. + */ + public static isInstance(obj: any): obj is AttackProtection { + if (obj === undefined || obj === null) { + return false; + } + return obj['__pulumiType'] === AttackProtection.__pulumiType; + } + + /** + * Breached password detection protects your applications from bad actors logging in with stolen credentials. + */ + public readonly breachedPasswordDetection!: pulumi.Output; + /** + * Safeguards against a single IP address attacking a single user account. + */ + public readonly bruteForceProtection!: pulumi.Output; + /** + * Suspicious IP throttling blocks traffic from any IP address that rapidly attempts too many logins or signups. + */ + public readonly suspiciousIpThrottling!: pulumi.Output; + + /** + * Create a AttackProtection resource with the given unique name, arguments, and options. + * + * @param name The _unique_ name of the resource. + * @param args The arguments to use to populate this resource's properties. + * @param opts A bag of options that control this resource's behavior. + */ + constructor(name: string, args?: AttackProtectionArgs, opts?: pulumi.CustomResourceOptions) + constructor(name: string, argsOrState?: AttackProtectionArgs | AttackProtectionState, opts?: pulumi.CustomResourceOptions) { + let resourceInputs: pulumi.Inputs = {}; + opts = opts || {}; + if (opts.id) { + const state = argsOrState as AttackProtectionState | undefined; + resourceInputs["breachedPasswordDetection"] = state ? state.breachedPasswordDetection : undefined; + resourceInputs["bruteForceProtection"] = state ? state.bruteForceProtection : undefined; + resourceInputs["suspiciousIpThrottling"] = state ? state.suspiciousIpThrottling : undefined; + } else { + const args = argsOrState as AttackProtectionArgs | undefined; + resourceInputs["breachedPasswordDetection"] = args ? args.breachedPasswordDetection : undefined; + resourceInputs["bruteForceProtection"] = args ? args.bruteForceProtection : undefined; + resourceInputs["suspiciousIpThrottling"] = args ? args.suspiciousIpThrottling : undefined; + } + opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts); + super(AttackProtection.__pulumiType, name, resourceInputs, opts); + } +} + +/** + * Input properties used for looking up and filtering AttackProtection resources. + */ +export interface AttackProtectionState { + /** + * Breached password detection protects your applications from bad actors logging in with stolen credentials. + */ + breachedPasswordDetection?: pulumi.Input; + /** + * Safeguards against a single IP address attacking a single user account. + */ + bruteForceProtection?: pulumi.Input; + /** + * Suspicious IP throttling blocks traffic from any IP address that rapidly attempts too many logins or signups. + */ + suspiciousIpThrottling?: pulumi.Input; +} + +/** + * The set of arguments for constructing a AttackProtection resource. + */ +export interface AttackProtectionArgs { + /** + * Breached password detection protects your applications from bad actors logging in with stolen credentials. + */ + breachedPasswordDetection?: pulumi.Input; + /** + * Safeguards against a single IP address attacking a single user account. + */ + bruteForceProtection?: pulumi.Input; + /** + * Suspicious IP throttling blocks traffic from any IP address that rapidly attempts too many logins or signups. + */ + suspiciousIpThrottling?: pulumi.Input; +} diff --git a/sdk/nodejs/client.ts b/sdk/nodejs/client.ts index 29deda8b..3fd5232b 100644 --- a/sdk/nodejs/client.ts +++ b/sdk/nodejs/client.ts @@ -45,6 +45,10 @@ import * as utilities from "./utilities"; * clientMetadata: { * foo: "zoo", * }, + * clientSecretRotationTrigger: { + * triggered_at: "2018-01-02T23:12:01Z", + * triggered_by: "auth0", + * }, * customLoginPageOn: true, * description: "Test Applications Long Description", * grantTypes: [ @@ -159,7 +163,7 @@ export class Client extends pulumi.CustomResource { public readonly clientMetadata!: pulumi.Output<{[key: string]: any} | undefined>; public /*out*/ readonly clientSecret!: pulumi.Output; /** - * Map. + * Map. Custom metadata for the rotation. For more info: [rotate-client-secret](https://auth0.com/docs/get-started/applications/rotate-client-secret). */ public readonly clientSecretRotationTrigger!: pulumi.Output<{[key: string]: any} | undefined>; /** @@ -217,7 +221,7 @@ export class Client extends pulumi.CustomResource { /** * List(Resource). Configuration settings for mobile native applications. For details, see Mobile. */ - public readonly mobile!: pulumi.Output; + public readonly mobile!: pulumi.Output; /** * String. Name of the client. */ @@ -393,7 +397,7 @@ export interface ClientState { clientMetadata?: pulumi.Input<{[key: string]: any}>; clientSecret?: pulumi.Input; /** - * Map. + * Map. Custom metadata for the rotation. For more info: [rotate-client-secret](https://auth0.com/docs/get-started/applications/rotate-client-secret). */ clientSecretRotationTrigger?: pulumi.Input<{[key: string]: any}>; /** @@ -531,7 +535,7 @@ export interface ClientArgs { */ clientMetadata?: pulumi.Input<{[key: string]: any}>; /** - * Map. + * Map. Custom metadata for the rotation. For more info: [rotate-client-secret](https://auth0.com/docs/get-started/applications/rotate-client-secret). */ clientSecretRotationTrigger?: pulumi.Input<{[key: string]: any}>; /** diff --git a/sdk/nodejs/connection.ts b/sdk/nodejs/connection.ts index 3dc5c09d..be52eef6 100644 --- a/sdk/nodejs/connection.ts +++ b/sdk/nodejs/connection.ts @@ -103,6 +103,10 @@ export class Connection extends pulumi.CustomResource { * Defines the realms for which the connection will be used (i.e., email domains). If not specified, the connection name is added as the realm. */ public readonly realms!: pulumi.Output; + /** + * Display connection as a button. Only available for enterprise connections. + */ + public readonly showAsButton!: pulumi.Output; /** * Type of the connection, which indicates the identity provider. Options include `ad`, `adfs`, `amazon`, `aol`, `apple`, `auth0`, `auth0-adldap`, `auth0-oidc`, `baidu`, `bitbucket`, `bitly`, `box`, `custom`, `daccount`, `dropbox`, `dwolla`, `email`, `evernote`, `evernote-sandbox`, `exact`, `facebook`, `fitbit`, `flickr`, `github`, `google-apps`, `google-oauth2`, `guardian`, `instagram`, `ip`, `line`, `linkedin`, `miicard`, `oauth1`, `oauth2`, `office365`, `oidc`, `paypal`, `paypal-sandbox`, `pingfederate`, `planningcenter`, `renren`, `salesforce`, `salesforce-community`, `salesforce-sandbox` `samlp`, `sharepoint`, `shopify`, `sms`, `soundcloud`, `thecity`, `thecity-sandbox`, `thirtysevensignals`, `twitter`, `untappd`, `vkontakte`, `waad`, `weibo`, `windowslive`, `wordpress`, `yahoo`, `yammer`, `yandex`. */ @@ -135,6 +139,7 @@ export class Connection extends pulumi.CustomResource { resourceInputs["name"] = state ? state.name : undefined; resourceInputs["options"] = state ? state.options : undefined; resourceInputs["realms"] = state ? state.realms : undefined; + resourceInputs["showAsButton"] = state ? state.showAsButton : undefined; resourceInputs["strategy"] = state ? state.strategy : undefined; resourceInputs["strategyVersion"] = state ? state.strategyVersion : undefined; resourceInputs["validation"] = state ? state.validation : undefined; @@ -149,6 +154,7 @@ export class Connection extends pulumi.CustomResource { resourceInputs["name"] = args ? args.name : undefined; resourceInputs["options"] = args ? args.options : undefined; resourceInputs["realms"] = args ? args.realms : undefined; + resourceInputs["showAsButton"] = args ? args.showAsButton : undefined; resourceInputs["strategy"] = args ? args.strategy : undefined; resourceInputs["strategyVersion"] = args ? args.strategyVersion : undefined; resourceInputs["validation"] = args ? args.validation : undefined; @@ -186,6 +192,10 @@ export interface ConnectionState { * Defines the realms for which the connection will be used (i.e., email domains). If not specified, the connection name is added as the realm. */ realms?: pulumi.Input[]>; + /** + * Display connection as a button. Only available for enterprise connections. + */ + showAsButton?: pulumi.Input; /** * Type of the connection, which indicates the identity provider. Options include `ad`, `adfs`, `amazon`, `aol`, `apple`, `auth0`, `auth0-adldap`, `auth0-oidc`, `baidu`, `bitbucket`, `bitly`, `box`, `custom`, `daccount`, `dropbox`, `dwolla`, `email`, `evernote`, `evernote-sandbox`, `exact`, `facebook`, `fitbit`, `flickr`, `github`, `google-apps`, `google-oauth2`, `guardian`, `instagram`, `ip`, `line`, `linkedin`, `miicard`, `oauth1`, `oauth2`, `office365`, `oidc`, `paypal`, `paypal-sandbox`, `pingfederate`, `planningcenter`, `renren`, `salesforce`, `salesforce-community`, `salesforce-sandbox` `samlp`, `sharepoint`, `shopify`, `sms`, `soundcloud`, `thecity`, `thecity-sandbox`, `thirtysevensignals`, `twitter`, `untappd`, `vkontakte`, `waad`, `weibo`, `windowslive`, `wordpress`, `yahoo`, `yammer`, `yandex`. */ @@ -228,6 +238,10 @@ export interface ConnectionArgs { * Defines the realms for which the connection will be used (i.e., email domains). If not specified, the connection name is added as the realm. */ realms?: pulumi.Input[]>; + /** + * Display connection as a button. Only available for enterprise connections. + */ + showAsButton?: pulumi.Input; /** * Type of the connection, which indicates the identity provider. Options include `ad`, `adfs`, `amazon`, `aol`, `apple`, `auth0`, `auth0-adldap`, `auth0-oidc`, `baidu`, `bitbucket`, `bitly`, `box`, `custom`, `daccount`, `dropbox`, `dwolla`, `email`, `evernote`, `evernote-sandbox`, `exact`, `facebook`, `fitbit`, `flickr`, `github`, `google-apps`, `google-oauth2`, `guardian`, `instagram`, `ip`, `line`, `linkedin`, `miicard`, `oauth1`, `oauth2`, `office365`, `oidc`, `paypal`, `paypal-sandbox`, `pingfederate`, `planningcenter`, `renren`, `salesforce`, `salesforce-community`, `salesforce-sandbox` `samlp`, `sharepoint`, `shopify`, `sms`, `soundcloud`, `thecity`, `thecity-sandbox`, `thirtysevensignals`, `twitter`, `untappd`, `vkontakte`, `waad`, `weibo`, `windowslive`, `wordpress`, `yahoo`, `yammer`, `yandex`. */ diff --git a/sdk/nodejs/getClient.ts b/sdk/nodejs/getClient.ts index 3c3b4b88..653b591e 100644 --- a/sdk/nodejs/getClient.ts +++ b/sdk/nodejs/getClient.ts @@ -61,6 +61,7 @@ export interface GetClientResult { readonly callbacks: string[]; readonly clientId?: string; readonly clientMetadata: {[key: string]: any}; + readonly clientSecret: string; readonly crossOriginAuth: boolean; readonly crossOriginLoc: string; readonly customLoginPage: string; diff --git a/sdk/nodejs/getGlobalClient.ts b/sdk/nodejs/getGlobalClient.ts index 036a9575..b80fa2ea 100644 --- a/sdk/nodejs/getGlobalClient.ts +++ b/sdk/nodejs/getGlobalClient.ts @@ -61,6 +61,7 @@ export interface GetGlobalClientResult { * (Optional) Map(String) */ readonly clientMetadata: {[key: string]: any}; + readonly clientSecret: string; readonly crossOriginAuth: boolean; readonly crossOriginLoc: string; /** diff --git a/sdk/nodejs/getTenant.ts b/sdk/nodejs/getTenant.ts new file mode 100644 index 00000000..8927f462 --- /dev/null +++ b/sdk/nodejs/getTenant.ts @@ -0,0 +1,45 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +import * as pulumi from "@pulumi/pulumi"; +import * as utilities from "./utilities"; + +/** + * Use this data source to access information about the tenant this provider is configured to access. + * + * ## Example Usage + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as auth0 from "@pulumi/auth0"; + * + * const current = pulumi.output(auth0.getTenant()); + * ``` + */ +export function getTenant(opts?: pulumi.InvokeOptions): Promise { + if (!opts) { + opts = {} + } + + opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts); + return pulumi.runtime.invoke("auth0:index/getTenant:getTenant", { + }, opts); +} + +/** + * A collection of values returned by getTenant. + */ +export interface GetTenantResult { + /** + * String. Your Auth0 domain name. + */ + readonly domain: string; + /** + * The provider-assigned unique ID for this managed resource. + */ + readonly id: string; + /** + * String. The identifier value of the built-in Management API resource server, which can be used as an audience when configuring client grants. + */ + readonly managementApiIdentifier: string; +} diff --git a/sdk/nodejs/index.ts b/sdk/nodejs/index.ts index f1bfd439..852dcd5e 100644 --- a/sdk/nodejs/index.ts +++ b/sdk/nodejs/index.ts @@ -6,6 +6,7 @@ import * as utilities from "./utilities"; // Export members: export * from "./action"; +export * from "./attackProtection"; export * from "./branding"; export * from "./client"; export * from "./clientGrant"; @@ -16,6 +17,7 @@ export * from "./email"; export * from "./emailTemplate"; export * from "./getClient"; export * from "./getGlobalClient"; +export * from "./getTenant"; export * from "./globalClient"; export * from "./guardian"; export * from "./hook"; @@ -43,6 +45,7 @@ export { // Import resources to register: import { Action } from "./action"; +import { AttackProtection } from "./attackProtection"; import { Branding } from "./branding"; import { Client } from "./client"; import { ClientGrant } from "./clientGrant"; @@ -72,6 +75,8 @@ const _module = { switch (type) { case "auth0:index/action:Action": return new Action(name, undefined, { urn }) + case "auth0:index/attackProtection:AttackProtection": + return new AttackProtection(name, undefined, { urn }) case "auth0:index/branding:Branding": return new Branding(name, undefined, { urn }) case "auth0:index/client:Client": @@ -122,6 +127,7 @@ const _module = { }, }; pulumi.runtime.registerResourceModule("auth0", "index/action", _module) +pulumi.runtime.registerResourceModule("auth0", "index/attackProtection", _module) pulumi.runtime.registerResourceModule("auth0", "index/branding", _module) pulumi.runtime.registerResourceModule("auth0", "index/client", _module) pulumi.runtime.registerResourceModule("auth0", "index/clientGrant", _module) diff --git a/sdk/nodejs/tsconfig.json b/sdk/nodejs/tsconfig.json index 4ce649e5..f4405f9a 100644 --- a/sdk/nodejs/tsconfig.json +++ b/sdk/nodejs/tsconfig.json @@ -14,6 +14,7 @@ }, "files": [ "action.ts", + "attackProtection.ts", "branding.ts", "client.ts", "clientGrant.ts", @@ -26,6 +27,7 @@ "emailTemplate.ts", "getClient.ts", "getGlobalClient.ts", + "getTenant.ts", "globalClient.ts", "guardian.ts", "hook.ts", diff --git a/sdk/nodejs/types/input.ts b/sdk/nodejs/types/input.ts index 89ea51e2..3b935f3c 100644 --- a/sdk/nodejs/types/input.ts +++ b/sdk/nodejs/types/input.ts @@ -37,6 +37,87 @@ export interface ActionSupportedTriggers { version: pulumi.Input; } +export interface AttackProtectionBreachedPasswordDetection { + /** + * When "adminNotification" is enabled, determines how often email notifications are sent. Possible values: `immediately`, `daily`, `weekly`, `monthly`. + */ + adminNotificationFrequencies?: pulumi.Input[]>; + /** + * Whether or not breached password detection is active. + */ + enabled?: pulumi.Input; + /** + * The subscription level for breached password detection methods. Use "enhanced" to enable Credential Guard. Possible values: `standard`, `enhanced`. + */ + method?: pulumi.Input; + /** + * Action to take when a breached password is detected. Possible values: `block`, `userNotification`, `adminNotification`. + */ + shields?: pulumi.Input[]>; +} + +export interface AttackProtectionBruteForceProtection { + /** + * List of trusted IP addresses that will not have attack protection enforced against them. + */ + allowlists?: pulumi.Input[]>; + /** + * Whether or not breached password detection is active. + */ + enabled?: pulumi.Input; + /** + * Maximum number of unsuccessful attempts. Only available on public tenants. + */ + maxAttempts?: pulumi.Input; + /** + * Determines whether or not IP address is used when counting failed attempts. Possible values: `countPerIdentifierAndIp` or `countPerIdentifier`. + */ + mode?: pulumi.Input; + /** + * Action to take when a breached password is detected. Possible values: `block`, `userNotification`, `adminNotification`. + */ + shields?: pulumi.Input[]>; +} + +export interface AttackProtectionSuspiciousIpThrottling { + /** + * List of trusted IP addresses that will not have attack protection enforced against them. + */ + allowlists?: pulumi.Input[]>; + /** + * Whether or not breached password detection is active. + */ + enabled?: pulumi.Input; + /** + * Configuration options that apply before every login attempt. Only available on public tenants. + */ + preLogin?: pulumi.Input; + /** + * Configuration options that apply before every user registration attempt. Only available on public tenants. + */ + preUserRegistration?: pulumi.Input; + /** + * Action to take when a breached password is detected. Possible values: `block`, `userNotification`, `adminNotification`. + */ + shields?: pulumi.Input[]>; +} + +export interface AttackProtectionSuspiciousIpThrottlingPreLogin { + /** + * Maximum number of unsuccessful attempts. Only available on public tenants. + */ + maxAttempts?: pulumi.Input; + rate?: pulumi.Input; +} + +export interface AttackProtectionSuspiciousIpThrottlingPreUserRegistration { + /** + * Maximum number of unsuccessful attempts. Only available on public tenants. + */ + maxAttempts?: pulumi.Input; + rate?: pulumi.Input; +} + export interface BrandingColors { /** * String, Hexadecimal. Background color of login pages. @@ -213,7 +294,7 @@ export interface ClientAddonsSamlp { /** * Map(Resource). Configuration settings for logout. For details, see Logout. */ - logout?: pulumi.Input; + logout?: pulumi.Input<{[key: string]: any}>; /** * Boolean, (Default=true). Indicates whether or not to add additional identity information in the token, such as the provider used and the access_token, if available. */ @@ -260,17 +341,6 @@ export interface ClientAddonsSamlp { typedAttributes?: pulumi.Input; } -export interface ClientAddonsSamlpLogout { - /** - * String. Service provider's Single Logout Service URL, to which Auth0 will send logout requests and responses. - */ - callback?: pulumi.Input; - /** - * Boolean. Indicates whether or not Auth0 should notify service providers of session termination. - */ - sloEnabled?: pulumi.Input; -} - export interface ClientJwtConfiguration { /** * String. Algorithm used to sign JWTs. @@ -796,7 +866,7 @@ export interface GlobalClientAddonsSamlp { digestAlgorithm?: pulumi.Input; includeAttributeNameFormat?: pulumi.Input; lifetimeInSeconds?: pulumi.Input; - logout?: pulumi.Input; + logout?: pulumi.Input<{[key: string]: any}>; mapIdentities?: pulumi.Input; mapUnknownClaimsAsIs?: pulumi.Input; mappings?: pulumi.Input<{[key: string]: any}>; @@ -810,11 +880,6 @@ export interface GlobalClientAddonsSamlp { typedAttributes?: pulumi.Input; } -export interface GlobalClientAddonsSamlpLogout { - callback?: pulumi.Input; - sloEnabled?: pulumi.Input; -} - export interface GlobalClientJwtConfiguration { alg?: pulumi.Input; lifetimeInSeconds?: pulumi.Input; @@ -1131,3 +1196,4 @@ export interface TriggerBindingAction { */ id: pulumi.Input; } + diff --git a/sdk/nodejs/types/output.ts b/sdk/nodejs/types/output.ts index 2379b185..68a50ed0 100644 --- a/sdk/nodejs/types/output.ts +++ b/sdk/nodejs/types/output.ts @@ -37,6 +37,87 @@ export interface ActionSupportedTriggers { version: string; } +export interface AttackProtectionBreachedPasswordDetection { + /** + * When "adminNotification" is enabled, determines how often email notifications are sent. Possible values: `immediately`, `daily`, `weekly`, `monthly`. + */ + adminNotificationFrequencies?: string[]; + /** + * Whether or not breached password detection is active. + */ + enabled?: boolean; + /** + * The subscription level for breached password detection methods. Use "enhanced" to enable Credential Guard. Possible values: `standard`, `enhanced`. + */ + method?: string; + /** + * Action to take when a breached password is detected. Possible values: `block`, `userNotification`, `adminNotification`. + */ + shields?: string[]; +} + +export interface AttackProtectionBruteForceProtection { + /** + * List of trusted IP addresses that will not have attack protection enforced against them. + */ + allowlists?: string[]; + /** + * Whether or not breached password detection is active. + */ + enabled?: boolean; + /** + * Maximum number of unsuccessful attempts. Only available on public tenants. + */ + maxAttempts?: number; + /** + * Determines whether or not IP address is used when counting failed attempts. Possible values: `countPerIdentifierAndIp` or `countPerIdentifier`. + */ + mode?: string; + /** + * Action to take when a breached password is detected. Possible values: `block`, `userNotification`, `adminNotification`. + */ + shields?: string[]; +} + +export interface AttackProtectionSuspiciousIpThrottling { + /** + * List of trusted IP addresses that will not have attack protection enforced against them. + */ + allowlists?: string[]; + /** + * Whether or not breached password detection is active. + */ + enabled?: boolean; + /** + * Configuration options that apply before every login attempt. Only available on public tenants. + */ + preLogin?: outputs.AttackProtectionSuspiciousIpThrottlingPreLogin; + /** + * Configuration options that apply before every user registration attempt. Only available on public tenants. + */ + preUserRegistration?: outputs.AttackProtectionSuspiciousIpThrottlingPreUserRegistration; + /** + * Action to take when a breached password is detected. Possible values: `block`, `userNotification`, `adminNotification`. + */ + shields?: string[]; +} + +export interface AttackProtectionSuspiciousIpThrottlingPreLogin { + /** + * Maximum number of unsuccessful attempts. Only available on public tenants. + */ + maxAttempts?: number; + rate?: number; +} + +export interface AttackProtectionSuspiciousIpThrottlingPreUserRegistration { + /** + * Maximum number of unsuccessful attempts. Only available on public tenants. + */ + maxAttempts?: number; + rate?: number; +} + export interface BrandingColors { /** * String, Hexadecimal. Background color of login pages. @@ -138,7 +219,7 @@ export interface ClientAddons { /** * List(Resource). Configuration settings for a SAML add-on. For details, see SAML. */ - samlp?: outputs.ClientAddonsSamlp; + samlp: outputs.ClientAddonsSamlp; /** * String */ @@ -213,7 +294,7 @@ export interface ClientAddonsSamlp { /** * Map(Resource). Configuration settings for logout. For details, see Logout. */ - logout?: outputs.ClientAddonsSamlpLogout; + logout?: {[key: string]: any}; /** * Boolean, (Default=true). Indicates whether or not to add additional identity information in the token, such as the provider used and the access_token, if available. */ @@ -260,17 +341,6 @@ export interface ClientAddonsSamlp { typedAttributes?: boolean; } -export interface ClientAddonsSamlpLogout { - /** - * String. Service provider's Single Logout Service URL, to which Auth0 will send logout requests and responses. - */ - callback?: string; - /** - * Boolean. Indicates whether or not Auth0 should notify service providers of session termination. - */ - sloEnabled?: boolean; -} - export interface ClientJwtConfiguration { /** * String. Algorithm used to sign JWTs. @@ -387,7 +457,7 @@ export interface ConnectionOptions { /** * List of allowed audiences. */ - allowedAudiences?: string[]; + allowedAudiences: string[]; apiEnableUsers?: boolean; /** * Azure AD domain name. @@ -445,7 +515,7 @@ export interface ConnectionOptions { /** * List of the domains that can be authenticated using the Identity Provider. Only needed for Identifier First authentication flows. */ - domainAliases?: string[]; + domainAliases: string[]; enabledDatabaseCustomization?: boolean; /** * Custom Entity ID for the connection. @@ -472,7 +542,7 @@ export interface ConnectionOptions { * Indicates whether or not you have a legacy user store and want to gradually migrate those users to the Auth0 user store. [Learn more](https://auth0.com/docs/users/guides/configure-automatic-migration). */ importMode?: boolean; - ips?: string[]; + ips: string[]; /** * Issuer URL. E.g. `https://auth.example.com` */ @@ -493,7 +563,7 @@ export interface ConnectionOptions { /** * Configuration settings Options for multifactor authentication. For details, see MFA Options. */ - mfa?: outputs.ConnectionOptionsMfa; + mfa: outputs.ConnectionOptionsMfa; /** * Name of the connection. */ @@ -538,7 +608,7 @@ export interface ConnectionOptions { /** * Scopes required by the connection. The value must be a list, for example `["openid", "profile", "email"]`. */ - scopes?: string[]; + scopes: string[]; scripts?: {[key: string]: string}; /** * Determines whether the 'name', 'given_name', 'family_name', 'nickname', and 'picture' attributes can be independently updated when using the external IdP. Default is `onEachLogin` and can be set to `onFirstLogin`. @@ -796,7 +866,7 @@ export interface GetClientAddonSamlp { digestAlgorithm: string; includeAttributeNameFormat: boolean; lifetimeInSeconds: number; - logout: outputs.GetClientAddonSamlpLogout; + logout: {[key: string]: any}; mapIdentities: boolean; mapUnknownClaimsAsIs: boolean; mappings: {[key: string]: any}; @@ -810,11 +880,6 @@ export interface GetClientAddonSamlp { typedAttributes: boolean; } -export interface GetClientAddonSamlpLogout { - callback?: string; - sloEnabled?: boolean; -} - export interface GetClientJwtConfiguration { alg: string; lifetimeInSeconds: number; @@ -900,7 +965,7 @@ export interface GetGlobalClientAddonSamlp { digestAlgorithm: string; includeAttributeNameFormat: boolean; lifetimeInSeconds: number; - logout: outputs.GetGlobalClientAddonSamlpLogout; + logout: {[key: string]: any}; mapIdentities: boolean; mapUnknownClaimsAsIs: boolean; mappings: {[key: string]: any}; @@ -914,11 +979,6 @@ export interface GetGlobalClientAddonSamlp { typedAttributes: boolean; } -export interface GetGlobalClientAddonSamlpLogout { - callback?: string; - sloEnabled?: boolean; -} - export interface GetGlobalClientJwtConfiguration { alg: string; lifetimeInSeconds: number; @@ -983,7 +1043,7 @@ export interface GlobalClientAddons { salesforce?: {[key: string]: any}; salesforceApi?: {[key: string]: any}; salesforceSandboxApi?: {[key: string]: any}; - samlp?: outputs.GlobalClientAddonsSamlp; + samlp: outputs.GlobalClientAddonsSamlp; sapApi?: {[key: string]: any}; sentry?: {[key: string]: any}; sharepoint?: {[key: string]: any}; @@ -1004,7 +1064,7 @@ export interface GlobalClientAddonsSamlp { digestAlgorithm?: string; includeAttributeNameFormat?: boolean; lifetimeInSeconds?: number; - logout?: outputs.GlobalClientAddonsSamlpLogout; + logout?: {[key: string]: any}; mapIdentities?: boolean; mapUnknownClaimsAsIs?: boolean; mappings?: {[key: string]: any}; @@ -1018,11 +1078,6 @@ export interface GlobalClientAddonsSamlp { typedAttributes?: boolean; } -export interface GlobalClientAddonsSamlpLogout { - callback?: string; - sloEnabled?: boolean; -} - export interface GlobalClientJwtConfiguration { alg?: string; lifetimeInSeconds: number; @@ -1339,3 +1394,4 @@ export interface TriggerBindingAction { */ id: string; } + diff --git a/sdk/python/pulumi_auth0/__init__.py b/sdk/python/pulumi_auth0/__init__.py index 3b326a0a..76d6d84f 100644 --- a/sdk/python/pulumi_auth0/__init__.py +++ b/sdk/python/pulumi_auth0/__init__.py @@ -6,6 +6,7 @@ import typing # Export this package's modules as members: from .action import * +from .attack_protection import * from .branding import * from .client import * from .client_grant import * @@ -16,6 +17,7 @@ from .email_template import * from .get_client import * from .get_global_client import * +from .get_tenant import * from .global_client import * from .guardian import * from .hook import * @@ -52,6 +54,14 @@ "auth0:index/action:Action": "Action" } }, + { + "pkg": "auth0", + "mod": "index/attackProtection", + "fqn": "pulumi_auth0", + "classes": { + "auth0:index/attackProtection:AttackProtection": "AttackProtection" + } + }, { "pkg": "auth0", "mod": "index/branding", diff --git a/sdk/python/pulumi_auth0/_inputs.py b/sdk/python/pulumi_auth0/_inputs.py index 9b5f3772..8a496026 100644 --- a/sdk/python/pulumi_auth0/_inputs.py +++ b/sdk/python/pulumi_auth0/_inputs.py @@ -12,12 +12,16 @@ 'ActionDependencyArgs', 'ActionSecretArgs', 'ActionSupportedTriggersArgs', + 'AttackProtectionBreachedPasswordDetectionArgs', + 'AttackProtectionBruteForceProtectionArgs', + 'AttackProtectionSuspiciousIpThrottlingArgs', + 'AttackProtectionSuspiciousIpThrottlingPreLoginArgs', + 'AttackProtectionSuspiciousIpThrottlingPreUserRegistrationArgs', 'BrandingColorsArgs', 'BrandingFontArgs', 'BrandingUniversalLoginArgs', 'ClientAddonsArgs', 'ClientAddonsSamlpArgs', - 'ClientAddonsSamlpLogoutArgs', 'ClientJwtConfigurationArgs', 'ClientMobileArgs', 'ClientMobileAndroidArgs', @@ -41,7 +45,6 @@ 'EmailCredentialsArgs', 'GlobalClientAddonsArgs', 'GlobalClientAddonsSamlpArgs', - 'GlobalClientAddonsSamlpLogoutArgs', 'GlobalClientJwtConfigurationArgs', 'GlobalClientMobileArgs', 'GlobalClientMobileAndroidArgs', @@ -177,6 +180,321 @@ def version(self, value: pulumi.Input[str]): pulumi.set(self, "version", value) +@pulumi.input_type +class AttackProtectionBreachedPasswordDetectionArgs: + def __init__(__self__, *, + admin_notification_frequencies: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + enabled: Optional[pulumi.Input[bool]] = None, + method: Optional[pulumi.Input[str]] = None, + shields: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + """ + :param pulumi.Input[Sequence[pulumi.Input[str]]] admin_notification_frequencies: When "admin_notification" is enabled, determines how often email notifications are sent. Possible values: `immediately`, `daily`, `weekly`, `monthly`. + :param pulumi.Input[bool] enabled: Whether or not breached password detection is active. + :param pulumi.Input[str] method: The subscription level for breached password detection methods. Use "enhanced" to enable Credential Guard. Possible values: `standard`, `enhanced`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] shields: Action to take when a breached password is detected. Possible values: `block`, `user_notification`, `admin_notification`. + """ + if admin_notification_frequencies is not None: + pulumi.set(__self__, "admin_notification_frequencies", admin_notification_frequencies) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if method is not None: + pulumi.set(__self__, "method", method) + if shields is not None: + pulumi.set(__self__, "shields", shields) + + @property + @pulumi.getter(name="adminNotificationFrequencies") + def admin_notification_frequencies(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + When "admin_notification" is enabled, determines how often email notifications are sent. Possible values: `immediately`, `daily`, `weekly`, `monthly`. + """ + return pulumi.get(self, "admin_notification_frequencies") + + @admin_notification_frequencies.setter + def admin_notification_frequencies(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "admin_notification_frequencies", value) + + @property + @pulumi.getter + def enabled(self) -> Optional[pulumi.Input[bool]]: + """ + Whether or not breached password detection is active. + """ + return pulumi.get(self, "enabled") + + @enabled.setter + def enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enabled", value) + + @property + @pulumi.getter + def method(self) -> Optional[pulumi.Input[str]]: + """ + The subscription level for breached password detection methods. Use "enhanced" to enable Credential Guard. Possible values: `standard`, `enhanced`. + """ + return pulumi.get(self, "method") + + @method.setter + def method(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "method", value) + + @property + @pulumi.getter + def shields(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Action to take when a breached password is detected. Possible values: `block`, `user_notification`, `admin_notification`. + """ + return pulumi.get(self, "shields") + + @shields.setter + def shields(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "shields", value) + + +@pulumi.input_type +class AttackProtectionBruteForceProtectionArgs: + def __init__(__self__, *, + allowlists: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + enabled: Optional[pulumi.Input[bool]] = None, + max_attempts: Optional[pulumi.Input[int]] = None, + mode: Optional[pulumi.Input[str]] = None, + shields: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + """ + :param pulumi.Input[Sequence[pulumi.Input[str]]] allowlists: List of trusted IP addresses that will not have attack protection enforced against them. + :param pulumi.Input[bool] enabled: Whether or not breached password detection is active. + :param pulumi.Input[int] max_attempts: Maximum number of unsuccessful attempts. Only available on public tenants. + :param pulumi.Input[str] mode: Determines whether or not IP address is used when counting failed attempts. Possible values: `count_per_identifier_and_ip` or `count_per_identifier`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] shields: Action to take when a breached password is detected. Possible values: `block`, `user_notification`, `admin_notification`. + """ + if allowlists is not None: + pulumi.set(__self__, "allowlists", allowlists) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if max_attempts is not None: + pulumi.set(__self__, "max_attempts", max_attempts) + if mode is not None: + pulumi.set(__self__, "mode", mode) + if shields is not None: + pulumi.set(__self__, "shields", shields) + + @property + @pulumi.getter + def allowlists(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + List of trusted IP addresses that will not have attack protection enforced against them. + """ + return pulumi.get(self, "allowlists") + + @allowlists.setter + def allowlists(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "allowlists", value) + + @property + @pulumi.getter + def enabled(self) -> Optional[pulumi.Input[bool]]: + """ + Whether or not breached password detection is active. + """ + return pulumi.get(self, "enabled") + + @enabled.setter + def enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enabled", value) + + @property + @pulumi.getter(name="maxAttempts") + def max_attempts(self) -> Optional[pulumi.Input[int]]: + """ + Maximum number of unsuccessful attempts. Only available on public tenants. + """ + return pulumi.get(self, "max_attempts") + + @max_attempts.setter + def max_attempts(self, value: Optional[pulumi.Input[int]]): + pulumi.set(self, "max_attempts", value) + + @property + @pulumi.getter + def mode(self) -> Optional[pulumi.Input[str]]: + """ + Determines whether or not IP address is used when counting failed attempts. Possible values: `count_per_identifier_and_ip` or `count_per_identifier`. + """ + return pulumi.get(self, "mode") + + @mode.setter + def mode(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "mode", value) + + @property + @pulumi.getter + def shields(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Action to take when a breached password is detected. Possible values: `block`, `user_notification`, `admin_notification`. + """ + return pulumi.get(self, "shields") + + @shields.setter + def shields(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "shields", value) + + +@pulumi.input_type +class AttackProtectionSuspiciousIpThrottlingArgs: + def __init__(__self__, *, + allowlists: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + enabled: Optional[pulumi.Input[bool]] = None, + pre_login: Optional[pulumi.Input['AttackProtectionSuspiciousIpThrottlingPreLoginArgs']] = None, + pre_user_registration: Optional[pulumi.Input['AttackProtectionSuspiciousIpThrottlingPreUserRegistrationArgs']] = None, + shields: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + """ + :param pulumi.Input[Sequence[pulumi.Input[str]]] allowlists: List of trusted IP addresses that will not have attack protection enforced against them. + :param pulumi.Input[bool] enabled: Whether or not breached password detection is active. + :param pulumi.Input['AttackProtectionSuspiciousIpThrottlingPreLoginArgs'] pre_login: Configuration options that apply before every login attempt. Only available on public tenants. + :param pulumi.Input['AttackProtectionSuspiciousIpThrottlingPreUserRegistrationArgs'] pre_user_registration: Configuration options that apply before every user registration attempt. Only available on public tenants. + :param pulumi.Input[Sequence[pulumi.Input[str]]] shields: Action to take when a breached password is detected. Possible values: `block`, `user_notification`, `admin_notification`. + """ + if allowlists is not None: + pulumi.set(__self__, "allowlists", allowlists) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if pre_login is not None: + pulumi.set(__self__, "pre_login", pre_login) + if pre_user_registration is not None: + pulumi.set(__self__, "pre_user_registration", pre_user_registration) + if shields is not None: + pulumi.set(__self__, "shields", shields) + + @property + @pulumi.getter + def allowlists(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + List of trusted IP addresses that will not have attack protection enforced against them. + """ + return pulumi.get(self, "allowlists") + + @allowlists.setter + def allowlists(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "allowlists", value) + + @property + @pulumi.getter + def enabled(self) -> Optional[pulumi.Input[bool]]: + """ + Whether or not breached password detection is active. + """ + return pulumi.get(self, "enabled") + + @enabled.setter + def enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enabled", value) + + @property + @pulumi.getter(name="preLogin") + def pre_login(self) -> Optional[pulumi.Input['AttackProtectionSuspiciousIpThrottlingPreLoginArgs']]: + """ + Configuration options that apply before every login attempt. Only available on public tenants. + """ + return pulumi.get(self, "pre_login") + + @pre_login.setter + def pre_login(self, value: Optional[pulumi.Input['AttackProtectionSuspiciousIpThrottlingPreLoginArgs']]): + pulumi.set(self, "pre_login", value) + + @property + @pulumi.getter(name="preUserRegistration") + def pre_user_registration(self) -> Optional[pulumi.Input['AttackProtectionSuspiciousIpThrottlingPreUserRegistrationArgs']]: + """ + Configuration options that apply before every user registration attempt. Only available on public tenants. + """ + return pulumi.get(self, "pre_user_registration") + + @pre_user_registration.setter + def pre_user_registration(self, value: Optional[pulumi.Input['AttackProtectionSuspiciousIpThrottlingPreUserRegistrationArgs']]): + pulumi.set(self, "pre_user_registration", value) + + @property + @pulumi.getter + def shields(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Action to take when a breached password is detected. Possible values: `block`, `user_notification`, `admin_notification`. + """ + return pulumi.get(self, "shields") + + @shields.setter + def shields(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "shields", value) + + +@pulumi.input_type +class AttackProtectionSuspiciousIpThrottlingPreLoginArgs: + def __init__(__self__, *, + max_attempts: Optional[pulumi.Input[int]] = None, + rate: Optional[pulumi.Input[int]] = None): + """ + :param pulumi.Input[int] max_attempts: Maximum number of unsuccessful attempts. Only available on public tenants. + """ + if max_attempts is not None: + pulumi.set(__self__, "max_attempts", max_attempts) + if rate is not None: + pulumi.set(__self__, "rate", rate) + + @property + @pulumi.getter(name="maxAttempts") + def max_attempts(self) -> Optional[pulumi.Input[int]]: + """ + Maximum number of unsuccessful attempts. Only available on public tenants. + """ + return pulumi.get(self, "max_attempts") + + @max_attempts.setter + def max_attempts(self, value: Optional[pulumi.Input[int]]): + pulumi.set(self, "max_attempts", value) + + @property + @pulumi.getter + def rate(self) -> Optional[pulumi.Input[int]]: + return pulumi.get(self, "rate") + + @rate.setter + def rate(self, value: Optional[pulumi.Input[int]]): + pulumi.set(self, "rate", value) + + +@pulumi.input_type +class AttackProtectionSuspiciousIpThrottlingPreUserRegistrationArgs: + def __init__(__self__, *, + max_attempts: Optional[pulumi.Input[int]] = None, + rate: Optional[pulumi.Input[int]] = None): + """ + :param pulumi.Input[int] max_attempts: Maximum number of unsuccessful attempts. Only available on public tenants. + """ + if max_attempts is not None: + pulumi.set(__self__, "max_attempts", max_attempts) + if rate is not None: + pulumi.set(__self__, "rate", rate) + + @property + @pulumi.getter(name="maxAttempts") + def max_attempts(self) -> Optional[pulumi.Input[int]]: + """ + Maximum number of unsuccessful attempts. Only available on public tenants. + """ + return pulumi.get(self, "max_attempts") + + @max_attempts.setter + def max_attempts(self, value: Optional[pulumi.Input[int]]): + pulumi.set(self, "max_attempts", value) + + @property + @pulumi.getter + def rate(self) -> Optional[pulumi.Input[int]]: + return pulumi.get(self, "rate") + + @rate.setter + def rate(self, value: Optional[pulumi.Input[int]]): + pulumi.set(self, "rate", value) + + @pulumi.input_type class BrandingColorsArgs: def __init__(__self__, *, @@ -728,7 +1046,7 @@ def __init__(__self__, *, digest_algorithm: Optional[pulumi.Input[str]] = None, include_attribute_name_format: Optional[pulumi.Input[bool]] = None, lifetime_in_seconds: Optional[pulumi.Input[int]] = None, - logout: Optional[pulumi.Input['ClientAddonsSamlpLogoutArgs']] = None, + logout: Optional[pulumi.Input[Mapping[str, Any]]] = None, map_identities: Optional[pulumi.Input[bool]] = None, map_unknown_claims_as_is: Optional[pulumi.Input[bool]] = None, mappings: Optional[pulumi.Input[Mapping[str, Any]]] = None, @@ -749,7 +1067,7 @@ def __init__(__self__, *, :param pulumi.Input[str] digest_algorithm: String, (Default=`sha1`). Algorithm used to calculate the digest of the SAML Assertion or response. Options include `defaultsha1` and `sha256`. :param pulumi.Input[bool] include_attribute_name_format: Boolean,(Default=true). Indicates whether or not we should infer the NameFormat based on the attribute name. If set to false, the attribute NameFormat is not set in the assertion. :param pulumi.Input[int] lifetime_in_seconds: Integer, (Default=3600). Number of seconds during which the token is valid. - :param pulumi.Input['ClientAddonsSamlpLogoutArgs'] logout: Map(Resource). Configuration settings for logout. For details, see Logout. + :param pulumi.Input[Mapping[str, Any]] logout: Map(Resource). Configuration settings for logout. For details, see Logout. :param pulumi.Input[bool] map_identities: Boolean, (Default=true). Indicates whether or not to add additional identity information in the token, such as the provider used and the access_token, if available. :param pulumi.Input[bool] map_unknown_claims_as_is: Boolean, (Default=false). Indicates whether or not to add a prefix of `http://schema.auth0.com` to any claims that are not mapped to the common profile when passed through in the output assertion. :param pulumi.Input[Mapping[str, Any]] mappings: Map(String). Mappings between the Auth0 user profile property name (`name`) and the output attributes on the SAML attribute in the assertion (`value`). @@ -901,14 +1219,14 @@ def lifetime_in_seconds(self, value: Optional[pulumi.Input[int]]): @property @pulumi.getter - def logout(self) -> Optional[pulumi.Input['ClientAddonsSamlpLogoutArgs']]: + def logout(self) -> Optional[pulumi.Input[Mapping[str, Any]]]: """ Map(Resource). Configuration settings for logout. For details, see Logout. """ return pulumi.get(self, "logout") @logout.setter - def logout(self, value: Optional[pulumi.Input['ClientAddonsSamlpLogoutArgs']]): + def logout(self, value: Optional[pulumi.Input[Mapping[str, Any]]]): pulumi.set(self, "logout", value) @property @@ -1044,45 +1362,6 @@ def typed_attributes(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "typed_attributes", value) -@pulumi.input_type -class ClientAddonsSamlpLogoutArgs: - def __init__(__self__, *, - callback: Optional[pulumi.Input[str]] = None, - slo_enabled: Optional[pulumi.Input[bool]] = None): - """ - :param pulumi.Input[str] callback: String. Service provider's Single Logout Service URL, to which Auth0 will send logout requests and responses. - :param pulumi.Input[bool] slo_enabled: Boolean. Indicates whether or not Auth0 should notify service providers of session termination. - """ - if callback is not None: - pulumi.set(__self__, "callback", callback) - if slo_enabled is not None: - pulumi.set(__self__, "slo_enabled", slo_enabled) - - @property - @pulumi.getter - def callback(self) -> Optional[pulumi.Input[str]]: - """ - String. Service provider's Single Logout Service URL, to which Auth0 will send logout requests and responses. - """ - return pulumi.get(self, "callback") - - @callback.setter - def callback(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "callback", value) - - @property - @pulumi.getter(name="sloEnabled") - def slo_enabled(self) -> Optional[pulumi.Input[bool]]: - """ - Boolean. Indicates whether or not Auth0 should notify service providers of session termination. - """ - return pulumi.get(self, "slo_enabled") - - @slo_enabled.setter - def slo_enabled(self, value: Optional[pulumi.Input[bool]]): - pulumi.set(self, "slo_enabled", value) - - @pulumi.input_type class ClientJwtConfigurationArgs: def __init__(__self__, *, @@ -3515,7 +3794,7 @@ def __init__(__self__, *, digest_algorithm: Optional[pulumi.Input[str]] = None, include_attribute_name_format: Optional[pulumi.Input[bool]] = None, lifetime_in_seconds: Optional[pulumi.Input[int]] = None, - logout: Optional[pulumi.Input['GlobalClientAddonsSamlpLogoutArgs']] = None, + logout: Optional[pulumi.Input[Mapping[str, Any]]] = None, map_identities: Optional[pulumi.Input[bool]] = None, map_unknown_claims_as_is: Optional[pulumi.Input[bool]] = None, mappings: Optional[pulumi.Input[Mapping[str, Any]]] = None, @@ -3642,11 +3921,11 @@ def lifetime_in_seconds(self, value: Optional[pulumi.Input[int]]): @property @pulumi.getter - def logout(self) -> Optional[pulumi.Input['GlobalClientAddonsSamlpLogoutArgs']]: + def logout(self) -> Optional[pulumi.Input[Mapping[str, Any]]]: return pulumi.get(self, "logout") @logout.setter - def logout(self, value: Optional[pulumi.Input['GlobalClientAddonsSamlpLogoutArgs']]): + def logout(self, value: Optional[pulumi.Input[Mapping[str, Any]]]): pulumi.set(self, "logout", value) @property @@ -3749,35 +4028,6 @@ def typed_attributes(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "typed_attributes", value) -@pulumi.input_type -class GlobalClientAddonsSamlpLogoutArgs: - def __init__(__self__, *, - callback: Optional[pulumi.Input[str]] = None, - slo_enabled: Optional[pulumi.Input[bool]] = None): - if callback is not None: - pulumi.set(__self__, "callback", callback) - if slo_enabled is not None: - pulumi.set(__self__, "slo_enabled", slo_enabled) - - @property - @pulumi.getter - def callback(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "callback") - - @callback.setter - def callback(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "callback", value) - - @property - @pulumi.getter(name="sloEnabled") - def slo_enabled(self) -> Optional[pulumi.Input[bool]]: - return pulumi.get(self, "slo_enabled") - - @slo_enabled.setter - def slo_enabled(self, value: Optional[pulumi.Input[bool]]): - pulumi.set(self, "slo_enabled", value) - - @pulumi.input_type class GlobalClientJwtConfigurationArgs: def __init__(__self__, *, diff --git a/sdk/python/pulumi_auth0/attack_protection.py b/sdk/python/pulumi_auth0/attack_protection.py new file mode 100644 index 00000000..63891ea6 --- /dev/null +++ b/sdk/python/pulumi_auth0/attack_protection.py @@ -0,0 +1,347 @@ +# coding=utf-8 +# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +# *** Do not edit by hand unless you're certain you know what you are doing! *** + +import warnings +import pulumi +import pulumi.runtime +from typing import Any, Mapping, Optional, Sequence, Union, overload +from . import _utilities +from . import outputs +from ._inputs import * + +__all__ = ['AttackProtectionArgs', 'AttackProtection'] + +@pulumi.input_type +class AttackProtectionArgs: + def __init__(__self__, *, + breached_password_detection: Optional[pulumi.Input['AttackProtectionBreachedPasswordDetectionArgs']] = None, + brute_force_protection: Optional[pulumi.Input['AttackProtectionBruteForceProtectionArgs']] = None, + suspicious_ip_throttling: Optional[pulumi.Input['AttackProtectionSuspiciousIpThrottlingArgs']] = None): + """ + The set of arguments for constructing a AttackProtection resource. + :param pulumi.Input['AttackProtectionBreachedPasswordDetectionArgs'] breached_password_detection: Breached password detection protects your applications from bad actors logging in with stolen credentials. + :param pulumi.Input['AttackProtectionBruteForceProtectionArgs'] brute_force_protection: Safeguards against a single IP address attacking a single user account. + :param pulumi.Input['AttackProtectionSuspiciousIpThrottlingArgs'] suspicious_ip_throttling: Suspicious IP throttling blocks traffic from any IP address that rapidly attempts too many logins or signups. + """ + if breached_password_detection is not None: + pulumi.set(__self__, "breached_password_detection", breached_password_detection) + if brute_force_protection is not None: + pulumi.set(__self__, "brute_force_protection", brute_force_protection) + if suspicious_ip_throttling is not None: + pulumi.set(__self__, "suspicious_ip_throttling", suspicious_ip_throttling) + + @property + @pulumi.getter(name="breachedPasswordDetection") + def breached_password_detection(self) -> Optional[pulumi.Input['AttackProtectionBreachedPasswordDetectionArgs']]: + """ + Breached password detection protects your applications from bad actors logging in with stolen credentials. + """ + return pulumi.get(self, "breached_password_detection") + + @breached_password_detection.setter + def breached_password_detection(self, value: Optional[pulumi.Input['AttackProtectionBreachedPasswordDetectionArgs']]): + pulumi.set(self, "breached_password_detection", value) + + @property + @pulumi.getter(name="bruteForceProtection") + def brute_force_protection(self) -> Optional[pulumi.Input['AttackProtectionBruteForceProtectionArgs']]: + """ + Safeguards against a single IP address attacking a single user account. + """ + return pulumi.get(self, "brute_force_protection") + + @brute_force_protection.setter + def brute_force_protection(self, value: Optional[pulumi.Input['AttackProtectionBruteForceProtectionArgs']]): + pulumi.set(self, "brute_force_protection", value) + + @property + @pulumi.getter(name="suspiciousIpThrottling") + def suspicious_ip_throttling(self) -> Optional[pulumi.Input['AttackProtectionSuspiciousIpThrottlingArgs']]: + """ + Suspicious IP throttling blocks traffic from any IP address that rapidly attempts too many logins or signups. + """ + return pulumi.get(self, "suspicious_ip_throttling") + + @suspicious_ip_throttling.setter + def suspicious_ip_throttling(self, value: Optional[pulumi.Input['AttackProtectionSuspiciousIpThrottlingArgs']]): + pulumi.set(self, "suspicious_ip_throttling", value) + + +@pulumi.input_type +class _AttackProtectionState: + def __init__(__self__, *, + breached_password_detection: Optional[pulumi.Input['AttackProtectionBreachedPasswordDetectionArgs']] = None, + brute_force_protection: Optional[pulumi.Input['AttackProtectionBruteForceProtectionArgs']] = None, + suspicious_ip_throttling: Optional[pulumi.Input['AttackProtectionSuspiciousIpThrottlingArgs']] = None): + """ + Input properties used for looking up and filtering AttackProtection resources. + :param pulumi.Input['AttackProtectionBreachedPasswordDetectionArgs'] breached_password_detection: Breached password detection protects your applications from bad actors logging in with stolen credentials. + :param pulumi.Input['AttackProtectionBruteForceProtectionArgs'] brute_force_protection: Safeguards against a single IP address attacking a single user account. + :param pulumi.Input['AttackProtectionSuspiciousIpThrottlingArgs'] suspicious_ip_throttling: Suspicious IP throttling blocks traffic from any IP address that rapidly attempts too many logins or signups. + """ + if breached_password_detection is not None: + pulumi.set(__self__, "breached_password_detection", breached_password_detection) + if brute_force_protection is not None: + pulumi.set(__self__, "brute_force_protection", brute_force_protection) + if suspicious_ip_throttling is not None: + pulumi.set(__self__, "suspicious_ip_throttling", suspicious_ip_throttling) + + @property + @pulumi.getter(name="breachedPasswordDetection") + def breached_password_detection(self) -> Optional[pulumi.Input['AttackProtectionBreachedPasswordDetectionArgs']]: + """ + Breached password detection protects your applications from bad actors logging in with stolen credentials. + """ + return pulumi.get(self, "breached_password_detection") + + @breached_password_detection.setter + def breached_password_detection(self, value: Optional[pulumi.Input['AttackProtectionBreachedPasswordDetectionArgs']]): + pulumi.set(self, "breached_password_detection", value) + + @property + @pulumi.getter(name="bruteForceProtection") + def brute_force_protection(self) -> Optional[pulumi.Input['AttackProtectionBruteForceProtectionArgs']]: + """ + Safeguards against a single IP address attacking a single user account. + """ + return pulumi.get(self, "brute_force_protection") + + @brute_force_protection.setter + def brute_force_protection(self, value: Optional[pulumi.Input['AttackProtectionBruteForceProtectionArgs']]): + pulumi.set(self, "brute_force_protection", value) + + @property + @pulumi.getter(name="suspiciousIpThrottling") + def suspicious_ip_throttling(self) -> Optional[pulumi.Input['AttackProtectionSuspiciousIpThrottlingArgs']]: + """ + Suspicious IP throttling blocks traffic from any IP address that rapidly attempts too many logins or signups. + """ + return pulumi.get(self, "suspicious_ip_throttling") + + @suspicious_ip_throttling.setter + def suspicious_ip_throttling(self, value: Optional[pulumi.Input['AttackProtectionSuspiciousIpThrottlingArgs']]): + pulumi.set(self, "suspicious_ip_throttling", value) + + +class AttackProtection(pulumi.CustomResource): + @overload + def __init__(__self__, + resource_name: str, + opts: Optional[pulumi.ResourceOptions] = None, + breached_password_detection: Optional[pulumi.Input[pulumi.InputType['AttackProtectionBreachedPasswordDetectionArgs']]] = None, + brute_force_protection: Optional[pulumi.Input[pulumi.InputType['AttackProtectionBruteForceProtectionArgs']]] = None, + suspicious_ip_throttling: Optional[pulumi.Input[pulumi.InputType['AttackProtectionSuspiciousIpThrottlingArgs']]] = None, + __props__=None): + """ + Auth0 can detect attacks and stop malicious attempts to access your application such as blocking traffic from certain IPs and displaying CAPTCHA + + ## Example Usage + + ```python + import pulumi + import pulumi_auth0 as auth0 + + attack_protection = auth0.AttackProtection("attackProtection", + breached_password_detection=auth0.AttackProtectionBreachedPasswordDetectionArgs( + admin_notification_frequencies=["daily"], + enabled=True, + method="standard", + shields=[ + "admin_notification", + "block", + ], + ), + brute_force_protection=auth0.AttackProtectionBruteForceProtectionArgs( + allowlists=["127.0.0.1"], + enabled=True, + max_attempts=5, + mode="count_per_identifier_and_ip", + shields=[ + "block", + "user_notification", + ], + ), + suspicious_ip_throttling=auth0.AttackProtectionSuspiciousIpThrottlingArgs( + allowlists=["192.168.1.1"], + enabled=True, + pre_login=auth0.AttackProtectionSuspiciousIpThrottlingPreLoginArgs( + max_attempts=100, + rate=864000, + ), + pre_user_registration=auth0.AttackProtectionSuspiciousIpThrottlingPreUserRegistrationArgs( + max_attempts=50, + rate=1200, + ), + shields=[ + "admin_notification", + "block", + ], + )) + ``` + + ## Import + + As this is not a resource identifiable by an ID within the Auth0 Management API, guardian can be imported using a random string. We recommend [Version 4 UUID](https://www.uuidgenerator.net/version4) e.g. + + ```sh + $ pulumi import auth0:index/attackProtection:AttackProtection default 24940d4b-4bd4-44e7-894e-f92e4de36a40 + ``` + + :param str resource_name: The name of the resource. + :param pulumi.ResourceOptions opts: Options for the resource. + :param pulumi.Input[pulumi.InputType['AttackProtectionBreachedPasswordDetectionArgs']] breached_password_detection: Breached password detection protects your applications from bad actors logging in with stolen credentials. + :param pulumi.Input[pulumi.InputType['AttackProtectionBruteForceProtectionArgs']] brute_force_protection: Safeguards against a single IP address attacking a single user account. + :param pulumi.Input[pulumi.InputType['AttackProtectionSuspiciousIpThrottlingArgs']] suspicious_ip_throttling: Suspicious IP throttling blocks traffic from any IP address that rapidly attempts too many logins or signups. + """ + ... + @overload + def __init__(__self__, + resource_name: str, + args: Optional[AttackProtectionArgs] = None, + opts: Optional[pulumi.ResourceOptions] = None): + """ + Auth0 can detect attacks and stop malicious attempts to access your application such as blocking traffic from certain IPs and displaying CAPTCHA + + ## Example Usage + + ```python + import pulumi + import pulumi_auth0 as auth0 + + attack_protection = auth0.AttackProtection("attackProtection", + breached_password_detection=auth0.AttackProtectionBreachedPasswordDetectionArgs( + admin_notification_frequencies=["daily"], + enabled=True, + method="standard", + shields=[ + "admin_notification", + "block", + ], + ), + brute_force_protection=auth0.AttackProtectionBruteForceProtectionArgs( + allowlists=["127.0.0.1"], + enabled=True, + max_attempts=5, + mode="count_per_identifier_and_ip", + shields=[ + "block", + "user_notification", + ], + ), + suspicious_ip_throttling=auth0.AttackProtectionSuspiciousIpThrottlingArgs( + allowlists=["192.168.1.1"], + enabled=True, + pre_login=auth0.AttackProtectionSuspiciousIpThrottlingPreLoginArgs( + max_attempts=100, + rate=864000, + ), + pre_user_registration=auth0.AttackProtectionSuspiciousIpThrottlingPreUserRegistrationArgs( + max_attempts=50, + rate=1200, + ), + shields=[ + "admin_notification", + "block", + ], + )) + ``` + + ## Import + + As this is not a resource identifiable by an ID within the Auth0 Management API, guardian can be imported using a random string. We recommend [Version 4 UUID](https://www.uuidgenerator.net/version4) e.g. + + ```sh + $ pulumi import auth0:index/attackProtection:AttackProtection default 24940d4b-4bd4-44e7-894e-f92e4de36a40 + ``` + + :param str resource_name: The name of the resource. + :param AttackProtectionArgs args: The arguments to use to populate this resource's properties. + :param pulumi.ResourceOptions opts: Options for the resource. + """ + ... + def __init__(__self__, resource_name: str, *args, **kwargs): + resource_args, opts = _utilities.get_resource_args_opts(AttackProtectionArgs, pulumi.ResourceOptions, *args, **kwargs) + if resource_args is not None: + __self__._internal_init(resource_name, opts, **resource_args.__dict__) + else: + __self__._internal_init(resource_name, *args, **kwargs) + + def _internal_init(__self__, + resource_name: str, + opts: Optional[pulumi.ResourceOptions] = None, + breached_password_detection: Optional[pulumi.Input[pulumi.InputType['AttackProtectionBreachedPasswordDetectionArgs']]] = None, + brute_force_protection: Optional[pulumi.Input[pulumi.InputType['AttackProtectionBruteForceProtectionArgs']]] = None, + suspicious_ip_throttling: Optional[pulumi.Input[pulumi.InputType['AttackProtectionSuspiciousIpThrottlingArgs']]] = None, + __props__=None): + if opts is None: + opts = pulumi.ResourceOptions() + if not isinstance(opts, pulumi.ResourceOptions): + raise TypeError('Expected resource options to be a ResourceOptions instance') + if opts.version is None: + opts.version = _utilities.get_version() + if opts.id is None: + if __props__ is not None: + raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource') + __props__ = AttackProtectionArgs.__new__(AttackProtectionArgs) + + __props__.__dict__["breached_password_detection"] = breached_password_detection + __props__.__dict__["brute_force_protection"] = brute_force_protection + __props__.__dict__["suspicious_ip_throttling"] = suspicious_ip_throttling + super(AttackProtection, __self__).__init__( + 'auth0:index/attackProtection:AttackProtection', + resource_name, + __props__, + opts) + + @staticmethod + def get(resource_name: str, + id: pulumi.Input[str], + opts: Optional[pulumi.ResourceOptions] = None, + breached_password_detection: Optional[pulumi.Input[pulumi.InputType['AttackProtectionBreachedPasswordDetectionArgs']]] = None, + brute_force_protection: Optional[pulumi.Input[pulumi.InputType['AttackProtectionBruteForceProtectionArgs']]] = None, + suspicious_ip_throttling: Optional[pulumi.Input[pulumi.InputType['AttackProtectionSuspiciousIpThrottlingArgs']]] = None) -> 'AttackProtection': + """ + Get an existing AttackProtection resource's state with the given name, id, and optional extra + properties used to qualify the lookup. + + :param str resource_name: The unique name of the resulting resource. + :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. + :param pulumi.ResourceOptions opts: Options for the resource. + :param pulumi.Input[pulumi.InputType['AttackProtectionBreachedPasswordDetectionArgs']] breached_password_detection: Breached password detection protects your applications from bad actors logging in with stolen credentials. + :param pulumi.Input[pulumi.InputType['AttackProtectionBruteForceProtectionArgs']] brute_force_protection: Safeguards against a single IP address attacking a single user account. + :param pulumi.Input[pulumi.InputType['AttackProtectionSuspiciousIpThrottlingArgs']] suspicious_ip_throttling: Suspicious IP throttling blocks traffic from any IP address that rapidly attempts too many logins or signups. + """ + opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) + + __props__ = _AttackProtectionState.__new__(_AttackProtectionState) + + __props__.__dict__["breached_password_detection"] = breached_password_detection + __props__.__dict__["brute_force_protection"] = brute_force_protection + __props__.__dict__["suspicious_ip_throttling"] = suspicious_ip_throttling + return AttackProtection(resource_name, opts=opts, __props__=__props__) + + @property + @pulumi.getter(name="breachedPasswordDetection") + def breached_password_detection(self) -> pulumi.Output['outputs.AttackProtectionBreachedPasswordDetection']: + """ + Breached password detection protects your applications from bad actors logging in with stolen credentials. + """ + return pulumi.get(self, "breached_password_detection") + + @property + @pulumi.getter(name="bruteForceProtection") + def brute_force_protection(self) -> pulumi.Output['outputs.AttackProtectionBruteForceProtection']: + """ + Safeguards against a single IP address attacking a single user account. + """ + return pulumi.get(self, "brute_force_protection") + + @property + @pulumi.getter(name="suspiciousIpThrottling") + def suspicious_ip_throttling(self) -> pulumi.Output['outputs.AttackProtectionSuspiciousIpThrottling']: + """ + Suspicious IP throttling blocks traffic from any IP address that rapidly attempts too many logins or signups. + """ + return pulumi.get(self, "suspicious_ip_throttling") + diff --git a/sdk/python/pulumi_auth0/client.py b/sdk/python/pulumi_auth0/client.py index a09dfeda..24fd5593 100644 --- a/sdk/python/pulumi_auth0/client.py +++ b/sdk/python/pulumi_auth0/client.py @@ -56,7 +56,7 @@ def __init__(__self__, *, :param pulumi.Input[str] app_type: String. Type of application the client represents. Options include `native`, `spa`, `regular_web`, `non_interactive`, `rms`, `box`, `cloudbees`, `concur`, `dropbox`, `mscrm`, `echosign`, `egnyte`, `newrelic`, `office365`, `salesforce`, `sentry`, `sharepoint`, `slack`, `springcm`, `zendesk`, `zoom`. :param pulumi.Input[Sequence[pulumi.Input[str]]] callbacks: List(String). URLs that Auth0 may call back to after a user authenticates for the client. Make sure to specify the protocol (https://) otherwise the callback may fail in some cases. With the exception of custom URI schemes for native clients, all callbacks should use protocol https://. :param pulumi.Input[Mapping[str, Any]] client_metadata: Map(String) - :param pulumi.Input[Mapping[str, Any]] client_secret_rotation_trigger: Map. + :param pulumi.Input[Mapping[str, Any]] client_secret_rotation_trigger: Map. Custom metadata for the rotation. For more info: [rotate-client-secret](https://auth0.com/docs/get-started/applications/rotate-client-secret). :param pulumi.Input[bool] cross_origin_auth: Boolean. Indicates whether or not the client can be used to make cross-origin authentication requests. :param pulumi.Input[str] cross_origin_loc: String. URL for the location on your site where the cross-origin verification takes place for the cross-origin auth flow. Used when performing auth in your own domain instead of through the Auth0-hosted login page. :param pulumi.Input[str] custom_login_page: String. Content of the custom login page. @@ -237,7 +237,7 @@ def client_metadata(self, value: Optional[pulumi.Input[Mapping[str, Any]]]): @pulumi.getter(name="clientSecretRotationTrigger") def client_secret_rotation_trigger(self) -> Optional[pulumi.Input[Mapping[str, Any]]]: """ - Map. + Map. Custom metadata for the rotation. For more info: [rotate-client-secret](https://auth0.com/docs/get-started/applications/rotate-client-secret). """ return pulumi.get(self, "client_secret_rotation_trigger") @@ -583,7 +583,7 @@ def __init__(__self__, *, :param pulumi.Input[str] client_id: String. ID of the client. * `client_secret`1 - String. Secret for the client; keep this private. :param pulumi.Input[Mapping[str, Any]] client_metadata: Map(String) - :param pulumi.Input[Mapping[str, Any]] client_secret_rotation_trigger: Map. + :param pulumi.Input[Mapping[str, Any]] client_secret_rotation_trigger: Map. Custom metadata for the rotation. For more info: [rotate-client-secret](https://auth0.com/docs/get-started/applications/rotate-client-secret). :param pulumi.Input[bool] cross_origin_auth: Boolean. Indicates whether or not the client can be used to make cross-origin authentication requests. :param pulumi.Input[str] cross_origin_loc: String. URL for the location on your site where the cross-origin verification takes place for the cross-origin auth flow. Used when performing auth in your own domain instead of through the Auth0-hosted login page. :param pulumi.Input[str] custom_login_page: String. Content of the custom login page. @@ -793,7 +793,7 @@ def client_secret(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="clientSecretRotationTrigger") def client_secret_rotation_trigger(self) -> Optional[pulumi.Input[Mapping[str, Any]]]: """ - Map. + Map. Custom metadata for the rotation. For more info: [rotate-client-secret](https://auth0.com/docs/get-started/applications/rotate-client-secret). """ return pulumi.get(self, "client_secret_rotation_trigger") @@ -1180,6 +1180,10 @@ def __init__(__self__, client_metadata={ "foo": "zoo", }, + client_secret_rotation_trigger={ + "triggered_at": "2018-01-02T23:12:01Z", + "triggered_by": "auth0", + }, custom_login_page_on=True, description="Test Applications Long Description", grant_types=[ @@ -1239,7 +1243,7 @@ def __init__(__self__, :param pulumi.Input[str] app_type: String. Type of application the client represents. Options include `native`, `spa`, `regular_web`, `non_interactive`, `rms`, `box`, `cloudbees`, `concur`, `dropbox`, `mscrm`, `echosign`, `egnyte`, `newrelic`, `office365`, `salesforce`, `sentry`, `sharepoint`, `slack`, `springcm`, `zendesk`, `zoom`. :param pulumi.Input[Sequence[pulumi.Input[str]]] callbacks: List(String). URLs that Auth0 may call back to after a user authenticates for the client. Make sure to specify the protocol (https://) otherwise the callback may fail in some cases. With the exception of custom URI schemes for native clients, all callbacks should use protocol https://. :param pulumi.Input[Mapping[str, Any]] client_metadata: Map(String) - :param pulumi.Input[Mapping[str, Any]] client_secret_rotation_trigger: Map. + :param pulumi.Input[Mapping[str, Any]] client_secret_rotation_trigger: Map. Custom metadata for the rotation. For more info: [rotate-client-secret](https://auth0.com/docs/get-started/applications/rotate-client-secret). :param pulumi.Input[bool] cross_origin_auth: Boolean. Indicates whether or not the client can be used to make cross-origin authentication requests. :param pulumi.Input[str] cross_origin_loc: String. URL for the location on your site where the cross-origin verification takes place for the cross-origin auth flow. Used when performing auth in your own domain instead of through the Auth0-hosted login page. :param pulumi.Input[str] custom_login_page: String. Content of the custom login page. @@ -1311,6 +1315,10 @@ def __init__(__self__, client_metadata={ "foo": "zoo", }, + client_secret_rotation_trigger={ + "triggered_at": "2018-01-02T23:12:01Z", + "triggered_by": "auth0", + }, custom_login_page_on=True, description="Test Applications Long Description", grant_types=[ @@ -1518,7 +1526,7 @@ def get(resource_name: str, :param pulumi.Input[str] client_id: String. ID of the client. * `client_secret`1 - String. Secret for the client; keep this private. :param pulumi.Input[Mapping[str, Any]] client_metadata: Map(String) - :param pulumi.Input[Mapping[str, Any]] client_secret_rotation_trigger: Map. + :param pulumi.Input[Mapping[str, Any]] client_secret_rotation_trigger: Map. Custom metadata for the rotation. For more info: [rotate-client-secret](https://auth0.com/docs/get-started/applications/rotate-client-secret). :param pulumi.Input[bool] cross_origin_auth: Boolean. Indicates whether or not the client can be used to make cross-origin authentication requests. :param pulumi.Input[str] cross_origin_loc: String. URL for the location on your site where the cross-origin verification takes place for the cross-origin auth flow. Used when performing auth in your own domain instead of through the Auth0-hosted login page. :param pulumi.Input[str] custom_login_page: String. Content of the custom login page. @@ -1660,7 +1668,7 @@ def client_secret(self) -> pulumi.Output[str]: @pulumi.getter(name="clientSecretRotationTrigger") def client_secret_rotation_trigger(self) -> pulumi.Output[Optional[Mapping[str, Any]]]: """ - Map. + Map. Custom metadata for the rotation. For more info: [rotate-client-secret](https://auth0.com/docs/get-started/applications/rotate-client-secret). """ return pulumi.get(self, "client_secret_rotation_trigger") @@ -1770,7 +1778,7 @@ def logo_uri(self) -> pulumi.Output[Optional[str]]: @property @pulumi.getter - def mobile(self) -> pulumi.Output[Optional['outputs.ClientMobile']]: + def mobile(self) -> pulumi.Output['outputs.ClientMobile']: """ List(Resource). Configuration settings for mobile native applications. For details, see Mobile. """ diff --git a/sdk/python/pulumi_auth0/connection.py b/sdk/python/pulumi_auth0/connection.py index 5ff2b3b3..4212703c 100644 --- a/sdk/python/pulumi_auth0/connection.py +++ b/sdk/python/pulumi_auth0/connection.py @@ -22,6 +22,7 @@ def __init__(__self__, *, name: Optional[pulumi.Input[str]] = None, options: Optional[pulumi.Input['ConnectionOptionsArgs']] = None, realms: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + show_as_button: Optional[pulumi.Input[bool]] = None, strategy_version: Optional[pulumi.Input[str]] = None, validation: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None): """ @@ -33,6 +34,7 @@ def __init__(__self__, *, :param pulumi.Input[str] name: Name of the connection. :param pulumi.Input['ConnectionOptionsArgs'] options: Configuration settings for connection options. For details, see Options. :param pulumi.Input[Sequence[pulumi.Input[str]]] realms: Defines the realms for which the connection will be used (i.e., email domains). If not specified, the connection name is added as the realm. + :param pulumi.Input[bool] show_as_button: Display connection as a button. Only available for enterprise connections. :param pulumi.Input[str] strategy_version: Version 1 is deprecated, use version 2. :param pulumi.Input[Mapping[str, pulumi.Input[str]]] validation: Validation of the minimum and maximum values allowed for a user to have as username. For details, see Validation. """ @@ -49,6 +51,8 @@ def __init__(__self__, *, pulumi.set(__self__, "options", options) if realms is not None: pulumi.set(__self__, "realms", realms) + if show_as_button is not None: + pulumi.set(__self__, "show_as_button", show_as_button) if strategy_version is not None: pulumi.set(__self__, "strategy_version", strategy_version) if validation is not None: @@ -138,6 +142,18 @@ def realms(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: def realms(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): pulumi.set(self, "realms", value) + @property + @pulumi.getter(name="showAsButton") + def show_as_button(self) -> Optional[pulumi.Input[bool]]: + """ + Display connection as a button. Only available for enterprise connections. + """ + return pulumi.get(self, "show_as_button") + + @show_as_button.setter + def show_as_button(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "show_as_button", value) + @property @pulumi.getter(name="strategyVersion") def strategy_version(self) -> Optional[pulumi.Input[str]]: @@ -172,6 +188,7 @@ def __init__(__self__, *, name: Optional[pulumi.Input[str]] = None, options: Optional[pulumi.Input['ConnectionOptionsArgs']] = None, realms: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + show_as_button: Optional[pulumi.Input[bool]] = None, strategy: Optional[pulumi.Input[str]] = None, strategy_version: Optional[pulumi.Input[str]] = None, validation: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None): @@ -183,6 +200,7 @@ def __init__(__self__, *, :param pulumi.Input[str] name: Name of the connection. :param pulumi.Input['ConnectionOptionsArgs'] options: Configuration settings for connection options. For details, see Options. :param pulumi.Input[Sequence[pulumi.Input[str]]] realms: Defines the realms for which the connection will be used (i.e., email domains). If not specified, the connection name is added as the realm. + :param pulumi.Input[bool] show_as_button: Display connection as a button. Only available for enterprise connections. :param pulumi.Input[str] strategy: Type of the connection, which indicates the identity provider. Options include `ad`, `adfs`, `amazon`, `aol`, `apple`, `auth0`, `auth0-adldap`, `auth0-oidc`, `baidu`, `bitbucket`, `bitly`, `box`, `custom`, `daccount`, `dropbox`, `dwolla`, `email`, `evernote`, `evernote-sandbox`, `exact`, `facebook`, `fitbit`, `flickr`, `github`, `google-apps`, `google-oauth2`, `guardian`, `instagram`, `ip`, `line`, `linkedin`, `miicard`, `oauth1`, `oauth2`, `office365`, `oidc`, `paypal`, `paypal-sandbox`, `pingfederate`, `planningcenter`, `renren`, `salesforce`, `salesforce-community`, `salesforce-sandbox` `samlp`, `sharepoint`, `shopify`, `sms`, `soundcloud`, `thecity`, `thecity-sandbox`, `thirtysevensignals`, `twitter`, `untappd`, `vkontakte`, `waad`, `weibo`, `windowslive`, `wordpress`, `yahoo`, `yammer`, `yandex`. :param pulumi.Input[str] strategy_version: Version 1 is deprecated, use version 2. :param pulumi.Input[Mapping[str, pulumi.Input[str]]] validation: Validation of the minimum and maximum values allowed for a user to have as username. For details, see Validation. @@ -199,6 +217,8 @@ def __init__(__self__, *, pulumi.set(__self__, "options", options) if realms is not None: pulumi.set(__self__, "realms", realms) + if show_as_button is not None: + pulumi.set(__self__, "show_as_button", show_as_button) if strategy is not None: pulumi.set(__self__, "strategy", strategy) if strategy_version is not None: @@ -278,6 +298,18 @@ def realms(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: def realms(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): pulumi.set(self, "realms", value) + @property + @pulumi.getter(name="showAsButton") + def show_as_button(self) -> Optional[pulumi.Input[bool]]: + """ + Display connection as a button. Only available for enterprise connections. + """ + return pulumi.get(self, "show_as_button") + + @show_as_button.setter + def show_as_button(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "show_as_button", value) + @property @pulumi.getter def strategy(self) -> Optional[pulumi.Input[str]]: @@ -326,6 +358,7 @@ def __init__(__self__, name: Optional[pulumi.Input[str]] = None, options: Optional[pulumi.Input[pulumi.InputType['ConnectionOptionsArgs']]] = None, realms: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + show_as_button: Optional[pulumi.Input[bool]] = None, strategy: Optional[pulumi.Input[str]] = None, strategy_version: Optional[pulumi.Input[str]] = None, validation: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, @@ -384,6 +417,7 @@ def __init__(__self__, :param pulumi.Input[str] name: Name of the connection. :param pulumi.Input[pulumi.InputType['ConnectionOptionsArgs']] options: Configuration settings for connection options. For details, see Options. :param pulumi.Input[Sequence[pulumi.Input[str]]] realms: Defines the realms for which the connection will be used (i.e., email domains). If not specified, the connection name is added as the realm. + :param pulumi.Input[bool] show_as_button: Display connection as a button. Only available for enterprise connections. :param pulumi.Input[str] strategy: Type of the connection, which indicates the identity provider. Options include `ad`, `adfs`, `amazon`, `aol`, `apple`, `auth0`, `auth0-adldap`, `auth0-oidc`, `baidu`, `bitbucket`, `bitly`, `box`, `custom`, `daccount`, `dropbox`, `dwolla`, `email`, `evernote`, `evernote-sandbox`, `exact`, `facebook`, `fitbit`, `flickr`, `github`, `google-apps`, `google-oauth2`, `guardian`, `instagram`, `ip`, `line`, `linkedin`, `miicard`, `oauth1`, `oauth2`, `office365`, `oidc`, `paypal`, `paypal-sandbox`, `pingfederate`, `planningcenter`, `renren`, `salesforce`, `salesforce-community`, `salesforce-sandbox` `samlp`, `sharepoint`, `shopify`, `sms`, `soundcloud`, `thecity`, `thecity-sandbox`, `thirtysevensignals`, `twitter`, `untappd`, `vkontakte`, `waad`, `weibo`, `windowslive`, `wordpress`, `yahoo`, `yammer`, `yandex`. :param pulumi.Input[str] strategy_version: Version 1 is deprecated, use version 2. :param pulumi.Input[Mapping[str, pulumi.Input[str]]] validation: Validation of the minimum and maximum values allowed for a user to have as username. For details, see Validation. @@ -461,6 +495,7 @@ def _internal_init(__self__, name: Optional[pulumi.Input[str]] = None, options: Optional[pulumi.Input[pulumi.InputType['ConnectionOptionsArgs']]] = None, realms: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + show_as_button: Optional[pulumi.Input[bool]] = None, strategy: Optional[pulumi.Input[str]] = None, strategy_version: Optional[pulumi.Input[str]] = None, validation: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, @@ -482,6 +517,7 @@ def _internal_init(__self__, __props__.__dict__["name"] = name __props__.__dict__["options"] = options __props__.__dict__["realms"] = realms + __props__.__dict__["show_as_button"] = show_as_button if strategy is None and not opts.urn: raise TypeError("Missing required property 'strategy'") __props__.__dict__["strategy"] = strategy @@ -503,6 +539,7 @@ def get(resource_name: str, name: Optional[pulumi.Input[str]] = None, options: Optional[pulumi.Input[pulumi.InputType['ConnectionOptionsArgs']]] = None, realms: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + show_as_button: Optional[pulumi.Input[bool]] = None, strategy: Optional[pulumi.Input[str]] = None, strategy_version: Optional[pulumi.Input[str]] = None, validation: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None) -> 'Connection': @@ -519,6 +556,7 @@ def get(resource_name: str, :param pulumi.Input[str] name: Name of the connection. :param pulumi.Input[pulumi.InputType['ConnectionOptionsArgs']] options: Configuration settings for connection options. For details, see Options. :param pulumi.Input[Sequence[pulumi.Input[str]]] realms: Defines the realms for which the connection will be used (i.e., email domains). If not specified, the connection name is added as the realm. + :param pulumi.Input[bool] show_as_button: Display connection as a button. Only available for enterprise connections. :param pulumi.Input[str] strategy: Type of the connection, which indicates the identity provider. Options include `ad`, `adfs`, `amazon`, `aol`, `apple`, `auth0`, `auth0-adldap`, `auth0-oidc`, `baidu`, `bitbucket`, `bitly`, `box`, `custom`, `daccount`, `dropbox`, `dwolla`, `email`, `evernote`, `evernote-sandbox`, `exact`, `facebook`, `fitbit`, `flickr`, `github`, `google-apps`, `google-oauth2`, `guardian`, `instagram`, `ip`, `line`, `linkedin`, `miicard`, `oauth1`, `oauth2`, `office365`, `oidc`, `paypal`, `paypal-sandbox`, `pingfederate`, `planningcenter`, `renren`, `salesforce`, `salesforce-community`, `salesforce-sandbox` `samlp`, `sharepoint`, `shopify`, `sms`, `soundcloud`, `thecity`, `thecity-sandbox`, `thirtysevensignals`, `twitter`, `untappd`, `vkontakte`, `waad`, `weibo`, `windowslive`, `wordpress`, `yahoo`, `yammer`, `yandex`. :param pulumi.Input[str] strategy_version: Version 1 is deprecated, use version 2. :param pulumi.Input[Mapping[str, pulumi.Input[str]]] validation: Validation of the minimum and maximum values allowed for a user to have as username. For details, see Validation. @@ -533,6 +571,7 @@ def get(resource_name: str, __props__.__dict__["name"] = name __props__.__dict__["options"] = options __props__.__dict__["realms"] = realms + __props__.__dict__["show_as_button"] = show_as_button __props__.__dict__["strategy"] = strategy __props__.__dict__["strategy_version"] = strategy_version __props__.__dict__["validation"] = validation @@ -586,6 +625,14 @@ def realms(self) -> pulumi.Output[Sequence[str]]: """ return pulumi.get(self, "realms") + @property + @pulumi.getter(name="showAsButton") + def show_as_button(self) -> pulumi.Output[Optional[bool]]: + """ + Display connection as a button. Only available for enterprise connections. + """ + return pulumi.get(self, "show_as_button") + @property @pulumi.getter def strategy(self) -> pulumi.Output[str]: diff --git a/sdk/python/pulumi_auth0/get_client.py b/sdk/python/pulumi_auth0/get_client.py index b6155c49..c1ae778d 100644 --- a/sdk/python/pulumi_auth0/get_client.py +++ b/sdk/python/pulumi_auth0/get_client.py @@ -21,7 +21,7 @@ class GetClientResult: """ A collection of values returned by getClient. """ - def __init__(__self__, addons=None, allowed_clients=None, allowed_logout_urls=None, allowed_origins=None, app_type=None, callbacks=None, client_id=None, client_metadata=None, cross_origin_auth=None, cross_origin_loc=None, custom_login_page=None, custom_login_page_on=None, description=None, encryption_key=None, form_template=None, grant_types=None, id=None, initiate_login_uri=None, is_first_party=None, is_token_endpoint_ip_header_trusted=None, jwt_configurations=None, logo_uri=None, mobiles=None, name=None, native_social_logins=None, oidc_conformant=None, organization_require_behavior=None, organization_usage=None, refresh_tokens=None, signing_keys=None, sso=None, sso_disabled=None, token_endpoint_auth_method=None, web_origins=None): + def __init__(__self__, addons=None, allowed_clients=None, allowed_logout_urls=None, allowed_origins=None, app_type=None, callbacks=None, client_id=None, client_metadata=None, client_secret=None, cross_origin_auth=None, cross_origin_loc=None, custom_login_page=None, custom_login_page_on=None, description=None, encryption_key=None, form_template=None, grant_types=None, id=None, initiate_login_uri=None, is_first_party=None, is_token_endpoint_ip_header_trusted=None, jwt_configurations=None, logo_uri=None, mobiles=None, name=None, native_social_logins=None, oidc_conformant=None, organization_require_behavior=None, organization_usage=None, refresh_tokens=None, signing_keys=None, sso=None, sso_disabled=None, token_endpoint_auth_method=None, web_origins=None): if addons and not isinstance(addons, list): raise TypeError("Expected argument 'addons' to be a list") pulumi.set(__self__, "addons", addons) @@ -46,6 +46,9 @@ def __init__(__self__, addons=None, allowed_clients=None, allowed_logout_urls=No if client_metadata and not isinstance(client_metadata, dict): raise TypeError("Expected argument 'client_metadata' to be a dict") pulumi.set(__self__, "client_metadata", client_metadata) + if client_secret and not isinstance(client_secret, str): + raise TypeError("Expected argument 'client_secret' to be a str") + pulumi.set(__self__, "client_secret", client_secret) if cross_origin_auth and not isinstance(cross_origin_auth, bool): raise TypeError("Expected argument 'cross_origin_auth' to be a bool") pulumi.set(__self__, "cross_origin_auth", cross_origin_auth) @@ -165,6 +168,11 @@ def client_id(self) -> Optional[str]: def client_metadata(self) -> Mapping[str, Any]: return pulumi.get(self, "client_metadata") + @property + @pulumi.getter(name="clientSecret") + def client_secret(self) -> str: + return pulumi.get(self, "client_secret") + @property @pulumi.getter(name="crossOriginAuth") def cross_origin_auth(self) -> bool: @@ -313,6 +321,7 @@ def __await__(self): callbacks=self.callbacks, client_id=self.client_id, client_metadata=self.client_metadata, + client_secret=self.client_secret, cross_origin_auth=self.cross_origin_auth, cross_origin_loc=self.cross_origin_loc, custom_login_page=self.custom_login_page, @@ -379,6 +388,7 @@ def get_client(client_id: Optional[str] = None, callbacks=__ret__.callbacks, client_id=__ret__.client_id, client_metadata=__ret__.client_metadata, + client_secret=__ret__.client_secret, cross_origin_auth=__ret__.cross_origin_auth, cross_origin_loc=__ret__.cross_origin_loc, custom_login_page=__ret__.custom_login_page, diff --git a/sdk/python/pulumi_auth0/get_global_client.py b/sdk/python/pulumi_auth0/get_global_client.py index 8f28f1f4..c46b88c8 100644 --- a/sdk/python/pulumi_auth0/get_global_client.py +++ b/sdk/python/pulumi_auth0/get_global_client.py @@ -21,7 +21,7 @@ class GetGlobalClientResult: """ A collection of values returned by getGlobalClient. """ - def __init__(__self__, addons=None, allowed_clients=None, allowed_logout_urls=None, allowed_origins=None, app_type=None, callbacks=None, client_id=None, client_metadata=None, cross_origin_auth=None, cross_origin_loc=None, custom_login_page=None, custom_login_page_on=None, description=None, encryption_key=None, form_template=None, grant_types=None, id=None, initiate_login_uri=None, is_first_party=None, is_token_endpoint_ip_header_trusted=None, jwt_configurations=None, logo_uri=None, mobiles=None, name=None, native_social_logins=None, oidc_conformant=None, organization_require_behavior=None, organization_usage=None, refresh_tokens=None, signing_keys=None, sso=None, sso_disabled=None, token_endpoint_auth_method=None, web_origins=None): + def __init__(__self__, addons=None, allowed_clients=None, allowed_logout_urls=None, allowed_origins=None, app_type=None, callbacks=None, client_id=None, client_metadata=None, client_secret=None, cross_origin_auth=None, cross_origin_loc=None, custom_login_page=None, custom_login_page_on=None, description=None, encryption_key=None, form_template=None, grant_types=None, id=None, initiate_login_uri=None, is_first_party=None, is_token_endpoint_ip_header_trusted=None, jwt_configurations=None, logo_uri=None, mobiles=None, name=None, native_social_logins=None, oidc_conformant=None, organization_require_behavior=None, organization_usage=None, refresh_tokens=None, signing_keys=None, sso=None, sso_disabled=None, token_endpoint_auth_method=None, web_origins=None): if addons and not isinstance(addons, list): raise TypeError("Expected argument 'addons' to be a list") pulumi.set(__self__, "addons", addons) @@ -46,6 +46,9 @@ def __init__(__self__, addons=None, allowed_clients=None, allowed_logout_urls=No if client_metadata and not isinstance(client_metadata, dict): raise TypeError("Expected argument 'client_metadata' to be a dict") pulumi.set(__self__, "client_metadata", client_metadata) + if client_secret and not isinstance(client_secret, str): + raise TypeError("Expected argument 'client_secret' to be a str") + pulumi.set(__self__, "client_secret", client_secret) if cross_origin_auth and not isinstance(cross_origin_auth, bool): raise TypeError("Expected argument 'cross_origin_auth' to be a bool") pulumi.set(__self__, "cross_origin_auth", cross_origin_auth) @@ -172,6 +175,11 @@ def client_metadata(self) -> Mapping[str, Any]: """ return pulumi.get(self, "client_metadata") + @property + @pulumi.getter(name="clientSecret") + def client_secret(self) -> str: + return pulumi.get(self, "client_secret") + @property @pulumi.getter(name="crossOriginAuth") def cross_origin_auth(self) -> bool: @@ -326,6 +334,7 @@ def __await__(self): callbacks=self.callbacks, client_id=self.client_id, client_metadata=self.client_metadata, + client_secret=self.client_secret, cross_origin_auth=self.cross_origin_auth, cross_origin_loc=self.cross_origin_loc, custom_login_page=self.custom_login_page, @@ -391,6 +400,7 @@ def get_global_client(client_id: Optional[str] = None, callbacks=__ret__.callbacks, client_id=__ret__.client_id, client_metadata=__ret__.client_metadata, + client_secret=__ret__.client_secret, cross_origin_auth=__ret__.cross_origin_auth, cross_origin_loc=__ret__.cross_origin_loc, custom_login_page=__ret__.custom_login_page, diff --git a/sdk/python/pulumi_auth0/get_tenant.py b/sdk/python/pulumi_auth0/get_tenant.py new file mode 100644 index 00000000..13da4b97 --- /dev/null +++ b/sdk/python/pulumi_auth0/get_tenant.py @@ -0,0 +1,92 @@ +# coding=utf-8 +# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +# *** Do not edit by hand unless you're certain you know what you are doing! *** + +import warnings +import pulumi +import pulumi.runtime +from typing import Any, Mapping, Optional, Sequence, Union, overload +from . import _utilities + +__all__ = [ + 'GetTenantResult', + 'AwaitableGetTenantResult', + 'get_tenant', +] + +@pulumi.output_type +class GetTenantResult: + """ + A collection of values returned by getTenant. + """ + def __init__(__self__, domain=None, id=None, management_api_identifier=None): + if domain and not isinstance(domain, str): + raise TypeError("Expected argument 'domain' to be a str") + pulumi.set(__self__, "domain", domain) + if id and not isinstance(id, str): + raise TypeError("Expected argument 'id' to be a str") + pulumi.set(__self__, "id", id) + if management_api_identifier and not isinstance(management_api_identifier, str): + raise TypeError("Expected argument 'management_api_identifier' to be a str") + pulumi.set(__self__, "management_api_identifier", management_api_identifier) + + @property + @pulumi.getter + def domain(self) -> str: + """ + String. Your Auth0 domain name. + """ + return pulumi.get(self, "domain") + + @property + @pulumi.getter + def id(self) -> str: + """ + The provider-assigned unique ID for this managed resource. + """ + return pulumi.get(self, "id") + + @property + @pulumi.getter(name="managementApiIdentifier") + def management_api_identifier(self) -> str: + """ + String. The identifier value of the built-in Management API resource server, which can be used as an audience when configuring client grants. + """ + return pulumi.get(self, "management_api_identifier") + + +class AwaitableGetTenantResult(GetTenantResult): + # pylint: disable=using-constant-test + def __await__(self): + if False: + yield self + return GetTenantResult( + domain=self.domain, + id=self.id, + management_api_identifier=self.management_api_identifier) + + +def get_tenant(opts: Optional[pulumi.InvokeOptions] = None) -> AwaitableGetTenantResult: + """ + Use this data source to access information about the tenant this provider is configured to access. + + ## Example Usage + + ```python + import pulumi + import pulumi_auth0 as auth0 + + current = auth0.get_tenant() + ``` + """ + __args__ = dict() + if opts is None: + opts = pulumi.InvokeOptions() + if opts.version is None: + opts.version = _utilities.get_version() + __ret__ = pulumi.runtime.invoke('auth0:index/getTenant:getTenant', __args__, opts=opts, typ=GetTenantResult).value + + return AwaitableGetTenantResult( + domain=__ret__.domain, + id=__ret__.id, + management_api_identifier=__ret__.management_api_identifier) diff --git a/sdk/python/pulumi_auth0/outputs.py b/sdk/python/pulumi_auth0/outputs.py index 6f8681e1..b8a58002 100644 --- a/sdk/python/pulumi_auth0/outputs.py +++ b/sdk/python/pulumi_auth0/outputs.py @@ -13,12 +13,16 @@ 'ActionDependency', 'ActionSecret', 'ActionSupportedTriggers', + 'AttackProtectionBreachedPasswordDetection', + 'AttackProtectionBruteForceProtection', + 'AttackProtectionSuspiciousIpThrottling', + 'AttackProtectionSuspiciousIpThrottlingPreLogin', + 'AttackProtectionSuspiciousIpThrottlingPreUserRegistration', 'BrandingColors', 'BrandingFont', 'BrandingUniversalLogin', 'ClientAddons', 'ClientAddonsSamlp', - 'ClientAddonsSamlpLogout', 'ClientJwtConfiguration', 'ClientMobile', 'ClientMobileAndroid', @@ -42,7 +46,6 @@ 'EmailCredentials', 'GlobalClientAddons', 'GlobalClientAddonsSamlp', - 'GlobalClientAddonsSamlpLogout', 'GlobalClientJwtConfiguration', 'GlobalClientMobile', 'GlobalClientMobileAndroid', @@ -67,7 +70,6 @@ 'TriggerBindingAction', 'GetClientAddonResult', 'GetClientAddonSamlpResult', - 'GetClientAddonSamlpLogoutResult', 'GetClientJwtConfigurationResult', 'GetClientMobileResult', 'GetClientMobileAndroidResult', @@ -78,7 +80,6 @@ 'GetClientRefreshTokenResult', 'GetGlobalClientAddonResult', 'GetGlobalClientAddonSamlpResult', - 'GetGlobalClientAddonSamlpLogoutResult', 'GetGlobalClientJwtConfigurationResult', 'GetGlobalClientMobileResult', 'GetGlobalClientMobileAndroidResult', @@ -176,6 +177,336 @@ def version(self) -> str: return pulumi.get(self, "version") +@pulumi.output_type +class AttackProtectionBreachedPasswordDetection(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "adminNotificationFrequencies": + suggest = "admin_notification_frequencies" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in AttackProtectionBreachedPasswordDetection. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + AttackProtectionBreachedPasswordDetection.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + AttackProtectionBreachedPasswordDetection.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + admin_notification_frequencies: Optional[Sequence[str]] = None, + enabled: Optional[bool] = None, + method: Optional[str] = None, + shields: Optional[Sequence[str]] = None): + """ + :param Sequence[str] admin_notification_frequencies: When "admin_notification" is enabled, determines how often email notifications are sent. Possible values: `immediately`, `daily`, `weekly`, `monthly`. + :param bool enabled: Whether or not breached password detection is active. + :param str method: The subscription level for breached password detection methods. Use "enhanced" to enable Credential Guard. Possible values: `standard`, `enhanced`. + :param Sequence[str] shields: Action to take when a breached password is detected. Possible values: `block`, `user_notification`, `admin_notification`. + """ + if admin_notification_frequencies is not None: + pulumi.set(__self__, "admin_notification_frequencies", admin_notification_frequencies) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if method is not None: + pulumi.set(__self__, "method", method) + if shields is not None: + pulumi.set(__self__, "shields", shields) + + @property + @pulumi.getter(name="adminNotificationFrequencies") + def admin_notification_frequencies(self) -> Optional[Sequence[str]]: + """ + When "admin_notification" is enabled, determines how often email notifications are sent. Possible values: `immediately`, `daily`, `weekly`, `monthly`. + """ + return pulumi.get(self, "admin_notification_frequencies") + + @property + @pulumi.getter + def enabled(self) -> Optional[bool]: + """ + Whether or not breached password detection is active. + """ + return pulumi.get(self, "enabled") + + @property + @pulumi.getter + def method(self) -> Optional[str]: + """ + The subscription level for breached password detection methods. Use "enhanced" to enable Credential Guard. Possible values: `standard`, `enhanced`. + """ + return pulumi.get(self, "method") + + @property + @pulumi.getter + def shields(self) -> Optional[Sequence[str]]: + """ + Action to take when a breached password is detected. Possible values: `block`, `user_notification`, `admin_notification`. + """ + return pulumi.get(self, "shields") + + +@pulumi.output_type +class AttackProtectionBruteForceProtection(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "maxAttempts": + suggest = "max_attempts" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in AttackProtectionBruteForceProtection. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + AttackProtectionBruteForceProtection.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + AttackProtectionBruteForceProtection.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + allowlists: Optional[Sequence[str]] = None, + enabled: Optional[bool] = None, + max_attempts: Optional[int] = None, + mode: Optional[str] = None, + shields: Optional[Sequence[str]] = None): + """ + :param Sequence[str] allowlists: List of trusted IP addresses that will not have attack protection enforced against them. + :param bool enabled: Whether or not breached password detection is active. + :param int max_attempts: Maximum number of unsuccessful attempts. Only available on public tenants. + :param str mode: Determines whether or not IP address is used when counting failed attempts. Possible values: `count_per_identifier_and_ip` or `count_per_identifier`. + :param Sequence[str] shields: Action to take when a breached password is detected. Possible values: `block`, `user_notification`, `admin_notification`. + """ + if allowlists is not None: + pulumi.set(__self__, "allowlists", allowlists) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if max_attempts is not None: + pulumi.set(__self__, "max_attempts", max_attempts) + if mode is not None: + pulumi.set(__self__, "mode", mode) + if shields is not None: + pulumi.set(__self__, "shields", shields) + + @property + @pulumi.getter + def allowlists(self) -> Optional[Sequence[str]]: + """ + List of trusted IP addresses that will not have attack protection enforced against them. + """ + return pulumi.get(self, "allowlists") + + @property + @pulumi.getter + def enabled(self) -> Optional[bool]: + """ + Whether or not breached password detection is active. + """ + return pulumi.get(self, "enabled") + + @property + @pulumi.getter(name="maxAttempts") + def max_attempts(self) -> Optional[int]: + """ + Maximum number of unsuccessful attempts. Only available on public tenants. + """ + return pulumi.get(self, "max_attempts") + + @property + @pulumi.getter + def mode(self) -> Optional[str]: + """ + Determines whether or not IP address is used when counting failed attempts. Possible values: `count_per_identifier_and_ip` or `count_per_identifier`. + """ + return pulumi.get(self, "mode") + + @property + @pulumi.getter + def shields(self) -> Optional[Sequence[str]]: + """ + Action to take when a breached password is detected. Possible values: `block`, `user_notification`, `admin_notification`. + """ + return pulumi.get(self, "shields") + + +@pulumi.output_type +class AttackProtectionSuspiciousIpThrottling(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "preLogin": + suggest = "pre_login" + elif key == "preUserRegistration": + suggest = "pre_user_registration" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in AttackProtectionSuspiciousIpThrottling. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + AttackProtectionSuspiciousIpThrottling.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + AttackProtectionSuspiciousIpThrottling.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + allowlists: Optional[Sequence[str]] = None, + enabled: Optional[bool] = None, + pre_login: Optional['outputs.AttackProtectionSuspiciousIpThrottlingPreLogin'] = None, + pre_user_registration: Optional['outputs.AttackProtectionSuspiciousIpThrottlingPreUserRegistration'] = None, + shields: Optional[Sequence[str]] = None): + """ + :param Sequence[str] allowlists: List of trusted IP addresses that will not have attack protection enforced against them. + :param bool enabled: Whether or not breached password detection is active. + :param 'AttackProtectionSuspiciousIpThrottlingPreLoginArgs' pre_login: Configuration options that apply before every login attempt. Only available on public tenants. + :param 'AttackProtectionSuspiciousIpThrottlingPreUserRegistrationArgs' pre_user_registration: Configuration options that apply before every user registration attempt. Only available on public tenants. + :param Sequence[str] shields: Action to take when a breached password is detected. Possible values: `block`, `user_notification`, `admin_notification`. + """ + if allowlists is not None: + pulumi.set(__self__, "allowlists", allowlists) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if pre_login is not None: + pulumi.set(__self__, "pre_login", pre_login) + if pre_user_registration is not None: + pulumi.set(__self__, "pre_user_registration", pre_user_registration) + if shields is not None: + pulumi.set(__self__, "shields", shields) + + @property + @pulumi.getter + def allowlists(self) -> Optional[Sequence[str]]: + """ + List of trusted IP addresses that will not have attack protection enforced against them. + """ + return pulumi.get(self, "allowlists") + + @property + @pulumi.getter + def enabled(self) -> Optional[bool]: + """ + Whether or not breached password detection is active. + """ + return pulumi.get(self, "enabled") + + @property + @pulumi.getter(name="preLogin") + def pre_login(self) -> Optional['outputs.AttackProtectionSuspiciousIpThrottlingPreLogin']: + """ + Configuration options that apply before every login attempt. Only available on public tenants. + """ + return pulumi.get(self, "pre_login") + + @property + @pulumi.getter(name="preUserRegistration") + def pre_user_registration(self) -> Optional['outputs.AttackProtectionSuspiciousIpThrottlingPreUserRegistration']: + """ + Configuration options that apply before every user registration attempt. Only available on public tenants. + """ + return pulumi.get(self, "pre_user_registration") + + @property + @pulumi.getter + def shields(self) -> Optional[Sequence[str]]: + """ + Action to take when a breached password is detected. Possible values: `block`, `user_notification`, `admin_notification`. + """ + return pulumi.get(self, "shields") + + +@pulumi.output_type +class AttackProtectionSuspiciousIpThrottlingPreLogin(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "maxAttempts": + suggest = "max_attempts" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in AttackProtectionSuspiciousIpThrottlingPreLogin. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + AttackProtectionSuspiciousIpThrottlingPreLogin.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + AttackProtectionSuspiciousIpThrottlingPreLogin.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + max_attempts: Optional[int] = None, + rate: Optional[int] = None): + """ + :param int max_attempts: Maximum number of unsuccessful attempts. Only available on public tenants. + """ + if max_attempts is not None: + pulumi.set(__self__, "max_attempts", max_attempts) + if rate is not None: + pulumi.set(__self__, "rate", rate) + + @property + @pulumi.getter(name="maxAttempts") + def max_attempts(self) -> Optional[int]: + """ + Maximum number of unsuccessful attempts. Only available on public tenants. + """ + return pulumi.get(self, "max_attempts") + + @property + @pulumi.getter + def rate(self) -> Optional[int]: + return pulumi.get(self, "rate") + + +@pulumi.output_type +class AttackProtectionSuspiciousIpThrottlingPreUserRegistration(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "maxAttempts": + suggest = "max_attempts" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in AttackProtectionSuspiciousIpThrottlingPreUserRegistration. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + AttackProtectionSuspiciousIpThrottlingPreUserRegistration.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + AttackProtectionSuspiciousIpThrottlingPreUserRegistration.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + max_attempts: Optional[int] = None, + rate: Optional[int] = None): + """ + :param int max_attempts: Maximum number of unsuccessful attempts. Only available on public tenants. + """ + if max_attempts is not None: + pulumi.set(__self__, "max_attempts", max_attempts) + if rate is not None: + pulumi.set(__self__, "rate", rate) + + @property + @pulumi.getter(name="maxAttempts") + def max_attempts(self) -> Optional[int]: + """ + Maximum number of unsuccessful attempts. Only available on public tenants. + """ + return pulumi.get(self, "max_attempts") + + @property + @pulumi.getter + def rate(self) -> Optional[int]: + return pulumi.get(self, "rate") + + @pulumi.output_type class BrandingColors(dict): @staticmethod @@ -684,7 +1015,7 @@ def __init__(__self__, *, digest_algorithm: Optional[str] = None, include_attribute_name_format: Optional[bool] = None, lifetime_in_seconds: Optional[int] = None, - logout: Optional['outputs.ClientAddonsSamlpLogout'] = None, + logout: Optional[Mapping[str, Any]] = None, map_identities: Optional[bool] = None, map_unknown_claims_as_is: Optional[bool] = None, mappings: Optional[Mapping[str, Any]] = None, @@ -705,7 +1036,7 @@ def __init__(__self__, *, :param str digest_algorithm: String, (Default=`sha1`). Algorithm used to calculate the digest of the SAML Assertion or response. Options include `defaultsha1` and `sha256`. :param bool include_attribute_name_format: Boolean,(Default=true). Indicates whether or not we should infer the NameFormat based on the attribute name. If set to false, the attribute NameFormat is not set in the assertion. :param int lifetime_in_seconds: Integer, (Default=3600). Number of seconds during which the token is valid. - :param 'ClientAddonsSamlpLogoutArgs' logout: Map(Resource). Configuration settings for logout. For details, see Logout. + :param Mapping[str, Any] logout: Map(Resource). Configuration settings for logout. For details, see Logout. :param bool map_identities: Boolean, (Default=true). Indicates whether or not to add additional identity information in the token, such as the provider used and the access_token, if available. :param bool map_unknown_claims_as_is: Boolean, (Default=false). Indicates whether or not to add a prefix of `http://schema.auth0.com` to any claims that are not mapped to the common profile when passed through in the output assertion. :param Mapping[str, Any] mappings: Map(String). Mappings between the Auth0 user profile property name (`name`) and the output attributes on the SAML attribute in the assertion (`value`). @@ -825,7 +1156,7 @@ def lifetime_in_seconds(self) -> Optional[int]: @property @pulumi.getter - def logout(self) -> Optional['outputs.ClientAddonsSamlpLogout']: + def logout(self) -> Optional[Mapping[str, Any]]: """ Map(Resource). Configuration settings for logout. For details, see Logout. """ @@ -920,54 +1251,6 @@ def typed_attributes(self) -> Optional[bool]: return pulumi.get(self, "typed_attributes") -@pulumi.output_type -class ClientAddonsSamlpLogout(dict): - @staticmethod - def __key_warning(key: str): - suggest = None - if key == "sloEnabled": - suggest = "slo_enabled" - - if suggest: - pulumi.log.warn(f"Key '{key}' not found in ClientAddonsSamlpLogout. Access the value via the '{suggest}' property getter instead.") - - def __getitem__(self, key: str) -> Any: - ClientAddonsSamlpLogout.__key_warning(key) - return super().__getitem__(key) - - def get(self, key: str, default = None) -> Any: - ClientAddonsSamlpLogout.__key_warning(key) - return super().get(key, default) - - def __init__(__self__, *, - callback: Optional[str] = None, - slo_enabled: Optional[bool] = None): - """ - :param str callback: String. Service provider's Single Logout Service URL, to which Auth0 will send logout requests and responses. - :param bool slo_enabled: Boolean. Indicates whether or not Auth0 should notify service providers of session termination. - """ - if callback is not None: - pulumi.set(__self__, "callback", callback) - if slo_enabled is not None: - pulumi.set(__self__, "slo_enabled", slo_enabled) - - @property - @pulumi.getter - def callback(self) -> Optional[str]: - """ - String. Service provider's Single Logout Service URL, to which Auth0 will send logout requests and responses. - """ - return pulumi.get(self, "callback") - - @property - @pulumi.getter(name="sloEnabled") - def slo_enabled(self) -> Optional[bool]: - """ - Boolean. Indicates whether or not Auth0 should notify service providers of session termination. - """ - return pulumi.get(self, "slo_enabled") - - @pulumi.output_type class ClientJwtConfiguration(dict): @staticmethod @@ -3176,7 +3459,7 @@ def __init__(__self__, *, digest_algorithm: Optional[str] = None, include_attribute_name_format: Optional[bool] = None, lifetime_in_seconds: Optional[int] = None, - logout: Optional['outputs.GlobalClientAddonsSamlpLogout'] = None, + logout: Optional[Mapping[str, Any]] = None, map_identities: Optional[bool] = None, map_unknown_claims_as_is: Optional[bool] = None, mappings: Optional[Mapping[str, Any]] = None, @@ -3271,7 +3554,7 @@ def lifetime_in_seconds(self) -> Optional[int]: @property @pulumi.getter - def logout(self) -> Optional['outputs.GlobalClientAddonsSamlpLogout']: + def logout(self) -> Optional[Mapping[str, Any]]: return pulumi.get(self, "logout") @property @@ -3330,44 +3613,6 @@ def typed_attributes(self) -> Optional[bool]: return pulumi.get(self, "typed_attributes") -@pulumi.output_type -class GlobalClientAddonsSamlpLogout(dict): - @staticmethod - def __key_warning(key: str): - suggest = None - if key == "sloEnabled": - suggest = "slo_enabled" - - if suggest: - pulumi.log.warn(f"Key '{key}' not found in GlobalClientAddonsSamlpLogout. Access the value via the '{suggest}' property getter instead.") - - def __getitem__(self, key: str) -> Any: - GlobalClientAddonsSamlpLogout.__key_warning(key) - return super().__getitem__(key) - - def get(self, key: str, default = None) -> Any: - GlobalClientAddonsSamlpLogout.__key_warning(key) - return super().get(key, default) - - def __init__(__self__, *, - callback: Optional[str] = None, - slo_enabled: Optional[bool] = None): - if callback is not None: - pulumi.set(__self__, "callback", callback) - if slo_enabled is not None: - pulumi.set(__self__, "slo_enabled", slo_enabled) - - @property - @pulumi.getter - def callback(self) -> Optional[str]: - return pulumi.get(self, "callback") - - @property - @pulumi.getter(name="sloEnabled") - def slo_enabled(self) -> Optional[bool]: - return pulumi.get(self, "slo_enabled") - - @pulumi.output_type class GlobalClientJwtConfiguration(dict): @staticmethod @@ -4883,7 +5128,7 @@ def __init__(__self__, *, digest_algorithm: str, include_attribute_name_format: bool, lifetime_in_seconds: int, - logout: 'outputs.GetClientAddonSamlpLogoutResult', + logout: Mapping[str, Any], map_identities: bool, map_unknown_claims_as_is: bool, mappings: Mapping[str, Any], @@ -4958,7 +5203,7 @@ def lifetime_in_seconds(self) -> int: @property @pulumi.getter - def logout(self) -> 'outputs.GetClientAddonSamlpLogoutResult': + def logout(self) -> Mapping[str, Any]: return pulumi.get(self, "logout") @property @@ -5017,27 +5262,6 @@ def typed_attributes(self) -> bool: return pulumi.get(self, "typed_attributes") -@pulumi.output_type -class GetClientAddonSamlpLogoutResult(dict): - def __init__(__self__, *, - callback: Optional[str] = None, - slo_enabled: Optional[bool] = None): - if callback is not None: - pulumi.set(__self__, "callback", callback) - if slo_enabled is not None: - pulumi.set(__self__, "slo_enabled", slo_enabled) - - @property - @pulumi.getter - def callback(self) -> Optional[str]: - return pulumi.get(self, "callback") - - @property - @pulumi.getter(name="sloEnabled") - def slo_enabled(self) -> Optional[bool]: - return pulumi.get(self, "slo_enabled") - - @pulumi.output_type class GetClientJwtConfigurationResult(dict): def __init__(__self__, *, @@ -5437,7 +5661,7 @@ def __init__(__self__, *, digest_algorithm: str, include_attribute_name_format: bool, lifetime_in_seconds: int, - logout: 'outputs.GetGlobalClientAddonSamlpLogoutResult', + logout: Mapping[str, Any], map_identities: bool, map_unknown_claims_as_is: bool, mappings: Mapping[str, Any], @@ -5512,7 +5736,7 @@ def lifetime_in_seconds(self) -> int: @property @pulumi.getter - def logout(self) -> 'outputs.GetGlobalClientAddonSamlpLogoutResult': + def logout(self) -> Mapping[str, Any]: return pulumi.get(self, "logout") @property @@ -5571,27 +5795,6 @@ def typed_attributes(self) -> bool: return pulumi.get(self, "typed_attributes") -@pulumi.output_type -class GetGlobalClientAddonSamlpLogoutResult(dict): - def __init__(__self__, *, - callback: Optional[str] = None, - slo_enabled: Optional[bool] = None): - if callback is not None: - pulumi.set(__self__, "callback", callback) - if slo_enabled is not None: - pulumi.set(__self__, "slo_enabled", slo_enabled) - - @property - @pulumi.getter - def callback(self) -> Optional[str]: - return pulumi.get(self, "callback") - - @property - @pulumi.getter(name="sloEnabled") - def slo_enabled(self) -> Optional[bool]: - return pulumi.get(self, "slo_enabled") - - @pulumi.output_type class GetGlobalClientJwtConfigurationResult(dict): def __init__(__self__, *,