identity_providers
Creates, updates, deletes, gets or lists an identity_providers resource.
Overview
| Name | identity_providers |
| Type | Resource |
| Id | confluent.iam.identity_providers |
Fields
The following fields are returned by SELECT queries:
- get_iam_v2_identity_provider
- list_iam_v2_identity_providers
Identity Provider.
| Name | Datatype | Description |
|---|---|---|
id | string | ID is the "natural identifier" for an object within its scope/namespace; it is normally unique across time but not space. That is, you can assume that the ID will not be reclaimed and reused after an object is deleted ("time"); however, it may collide with IDs for other object kinds or objects of the same kind within a different scope/namespace ("space"). (example: dlz-f3a90de) |
display_name | string | The human-readable name of the OAuth identity provider. (example: My OIDC Provider) |
api_version | string | APIVersion defines the schema version of this representation of a resource. (iam/v2) |
description | string | A description of the identity provider. |
identity_claim | string | The JSON Web Token (JWT) claim to extract the authenticating identity to Confluent resources from Registered Claim Names. This appears in audit log records. Note: if the client specifies mapping to one identity pool ID, the identity claim configured with that pool will be used instead. Note - The attribute is in an Early Access lifecycle stage (example: claims.sub) |
issuer | string (uri) | A publicly accessible URL uniquely identifying the OAuth identity provider authorized to issue access tokens. (example: https://login.microsoftonline.com/{tenantid}/v2.0) |
jwks_uri | string (uri) | A publicly accessible JSON Web Key Set (JWKS) URI for the OAuth identity provider. JWKS provides a set of crypotgraphic keys used to verify the authenticity and integrity of JSON Web Tokens (JWTs) issued by the OAuth identity provider. (example: https://login.microsoftonline.com/common/discovery/v2.0/keys) |
keys | array | The JWKS issued by the OAuth identity provider. Only kid (key ID) and alg (algorithm) properties for each key set are included. |
kind | string | Kind defines the object this REST resource represents. (IdentityProvider) |
metadata | object | ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create. |
state | string | The current state of the identity provider. (example: ENABLED) |
Identity Provider.
| Name | Datatype | Description |
|---|---|---|
id | string | ID is the "natural identifier" for an object within its scope/namespace; it is normally unique across time but not space. That is, you can assume that the ID will not be reclaimed and reused after an object is deleted ("time"); however, it may collide with IDs for other object kinds or objects of the same kind within a different scope/namespace ("space"). (example: dlz-f3a90de) |
display_name | string | The human-readable name of the OAuth identity provider. (example: My OIDC Provider) |
api_version | string | APIVersion defines the schema version of this representation of a resource. (iam/v2) |
description | string | A description of the identity provider. |
identity_claim | string | The JSON Web Token (JWT) claim to extract the authenticating identity to Confluent resources from Registered Claim Names. This appears in audit log records. Note: if the client specifies mapping to one identity pool ID, the identity claim configured with that pool will be used instead. Note - The attribute is in an Early Access lifecycle stage (example: claims.sub) |
issuer | string (uri) | A publicly accessible URL uniquely identifying the OAuth identity provider authorized to issue access tokens. (example: https://login.microsoftonline.com/{tenantid}/v2.0) |
jwks_uri | string (uri) | A publicly accessible JSON Web Key Set (JWKS) URI for the OAuth identity provider. JWKS provides a set of crypotgraphic keys used to verify the authenticity and integrity of JSON Web Tokens (JWTs) issued by the OAuth identity provider. (example: https://login.microsoftonline.com/common/discovery/v2.0/keys) |
keys | array | The JWKS issued by the OAuth identity provider. Only kid (key ID) and alg (algorithm) properties for each key set are included. |
kind | string | Kind defines the object this REST resource represents. (IdentityProvider) |
metadata | object | ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create. |
state | string | The current state of the identity provider. (example: ENABLED) |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
get_iam_v2_identity_provider | select | id | Make a request to read an identity provider. | |
list_iam_v2_identity_providers | select | page_size, page_token | Retrieve a sorted, filtered, paginated list of all identity providers. | |
create_iam_v2_identity_provider | insert | display_name, description, issuer, jwks_uri | Make a request to create an identity provider. | |
update_iam_v2_identity_provider | update | id | Make a request to update an identity provider. | |
delete_iam_v2_identity_provider | delete | id | Make a request to delete an identity provider. | |
refresh_iam_v2_json_web_key_set | exec | provider_id | Make a request to refresh the provider's JWKS |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
id | string | The unique identifier for the identity provider. |
provider_id | string | The Provider |
page_size | integer | A pagination size for collection requests. |
page_token | string | An opaque pagination token for collection requests. |
SELECT examples
- get_iam_v2_identity_provider
- list_iam_v2_identity_providers
Make a request to read an identity provider.
SELECT
id,
display_name,
api_version,
description,
identity_claim,
issuer,
jwks_uri,
keys,
kind,
metadata,
state
FROM confluent.iam.identity_providers
WHERE id = '{{ id }}' -- required
;
Retrieve a sorted, filtered, paginated list of all identity providers.
SELECT
id,
display_name,
api_version,
description,
identity_claim,
issuer,
jwks_uri,
keys,
kind,
metadata,
state
FROM confluent.iam.identity_providers
WHERE page_size = '{{ page_size }}'
AND page_token = '{{ page_token }}'
;
INSERT examples
- create_iam_v2_identity_provider
- Manifest
Make a request to create an identity provider.
INSERT INTO confluent.iam.identity_providers (
display_name,
description,
identity_claim,
issuer,
jwks_uri
)
SELECT
'{{ display_name }}' /* required */,
'{{ description }}' /* required */,
'{{ identity_claim }}',
'{{ issuer }}' /* required */,
'{{ jwks_uri }}' /* required */
RETURNING
id,
display_name,
api_version,
description,
identity_claim,
issuer,
jwks_uri,
keys,
kind,
metadata,
state
;
# Description fields are for documentation purposes
- name: identity_providers
props:
- name: display_name
value: "{{ display_name }}"
description: |
The human-readable name of the OAuth identity provider.
- name: description
value: "{{ description }}"
description: |
A description of the identity provider.
- name: identity_claim
value: "{{ identity_claim }}"
description: |
The JSON Web Token (JWT) claim to extract the authenticating identity to Confluent resources from
[Registered Claim Names](https://datatracker.ietf.org/doc/html/rfc7519#section-4.1). This appears
in audit log records. Note: if the client specifies mapping to one identity pool ID, the identity
claim configured with that pool will be used instead.
Note - The attribute is in an [Early Access lifecycle stage]
(https://docs.confluent.io/cloud/current/api.html#section/Versioning/API-Lifecycle-Policy)
- name: issuer
value: "{{ issuer }}"
description: |
A publicly accessible URL uniquely identifying the OAuth
identity provider authorized to issue access tokens.
- name: jwks_uri
value: "{{ jwks_uri }}"
description: |
A publicly accessible JSON Web Key Set (JWKS) URI for the OAuth
identity provider. JWKS provides a set of crypotgraphic keys
used to verify the authenticity and integrity of JSON Web
Tokens (JWTs) issued by the OAuth identity provider.
UPDATE examples
- update_iam_v2_identity_provider
Make a request to update an identity provider.
UPDATE confluent.iam.identity_providers
SET
display_name = '{{ display_name }}',
description = '{{ description }}',
identity_claim = '{{ identity_claim }}',
issuer = '{{ issuer }}',
jwks_uri = '{{ jwks_uri }}'
WHERE
id = '{{ id }}' --required
RETURNING
id,
display_name,
api_version,
description,
identity_claim,
issuer,
jwks_uri,
keys,
kind,
metadata,
state;
DELETE examples
- delete_iam_v2_identity_provider
Make a request to delete an identity provider.
DELETE FROM confluent.iam.identity_providers
WHERE id = '{{ id }}' --required
;
Lifecycle Methods
- refresh_iam_v2_json_web_key_set
Make a request to refresh the provider's JWKS
EXEC confluent.iam.identity_providers.refresh_iam_v2_json_web_key_set
@provider_id='{{ provider_id }}' --required
@@json=
'{
"spec": "{{ spec }}"
}'
;