Package software.amazon.awssdk.services.eks.model

Class OidcIdentityProviderConfigRequest

java.lang.Object
software.amazon.awssdk.services.eks.model.OidcIdentityProviderConfigRequest
All Implemented Interfaces:
Serializable, SdkPojo, ToCopyableBuilder<OidcIdentityProviderConfigRequest.Builder,OidcIdentityProviderConfigRequest>
@Generated("software.amazon.awssdk:codegen") public final class OidcIdentityProviderConfigRequest extends Object implements SdkPojo, Serializable, ToCopyableBuilder<OidcIdentityProviderConfigRequest.Builder,OidcIdentityProviderConfigRequest>

An object representing an OpenID Connect (OIDC) configuration. Before associating an OIDC identity provider to your cluster, review the considerations in Authenticating users for your cluster from an OIDC identity provider in the Amazon EKS User Guide.

See Also:

  • Method Details

    • identityProviderConfigName

      public final String identityProviderConfigName()

      The name of the OIDC provider configuration.

      Returns:
      The name of the OIDC provider configuration.

    • issuerUrl

      public final String issuerUrl()

      The URL of the OIDC identity provider that allows the API server to discover public signing keys for verifying tokens. The URL must begin with https:// and should correspond to the iss claim in the provider's OIDC ID tokens. Based on the OIDC standard, path components are allowed but query parameters are not. Typically the URL consists of only a hostname, like https://server.example.org or https://example.com. This URL should point to the level below .well-known/openid-configuration and must be publicly accessible over the internet.

      Returns:
      The URL of the OIDC identity provider that allows the API server to discover public signing keys for verifying tokens. The URL must begin with https:// and should correspond to the iss claim in the provider's OIDC ID tokens. Based on the OIDC standard, path components are allowed but query parameters are not. Typically the URL consists of only a hostname, like https://server.example.org or https://example.com. This URL should point to the level below .well-known/openid-configuration and must be publicly accessible over the internet.

    • clientId

      public final String clientId()

      This is also known as audience. The ID for the client application that makes authentication requests to the OIDC identity provider.

      Returns:
      This is also known as audience. The ID for the client application that makes authentication requests to the OIDC identity provider.

    • usernameClaim

      public final String usernameClaim()

      The JSON Web Token (JWT) claim to use as the username. The default is sub, which is expected to be a unique identifier of the end user. You can choose other claims, such as email or name, depending on the OIDC identity provider. Claims other than email are prefixed with the issuer URL to prevent naming clashes with other plug-ins.

      Returns:
      The JSON Web Token (JWT) claim to use as the username. The default is sub, which is expected to be a unique identifier of the end user. You can choose other claims, such as email or name, depending on the OIDC identity provider. Claims other than email are prefixed with the issuer URL to prevent naming clashes with other plug-ins.

    • usernamePrefix

      public final String usernamePrefix()

      The prefix that is prepended to username claims to prevent clashes with existing names. If you do not provide this field, and username is a value other than email, the prefix defaults to issuerurl#. You can use the value - to disable all prefixing.

      Returns:
      The prefix that is prepended to username claims to prevent clashes with existing names. If you do not provide this field, and username is a value other than email, the prefix defaults to issuerurl#. You can use the value - to disable all prefixing.

    • groupsClaim

      public final String groupsClaim()

      The JWT claim that the provider uses to return your groups.

      Returns:
      The JWT claim that the provider uses to return your groups.

    • groupsPrefix

      public final String groupsPrefix()

      The prefix that is prepended to group claims to prevent clashes with existing names (such as system: groups). For example, the value oidc: will create group names like oidc:engineering and oidc:infra.

      Returns:
      The prefix that is prepended to group claims to prevent clashes with existing names (such as system: groups). For example, the value oidc: will create group names like oidc:engineering and oidc:infra.

    • hasRequiredClaims

      public final boolean hasRequiredClaims()
      For responses, this returns true if the service returned a value for the RequiredClaims property. This DOES NOT check that the value is non-empty (for which, you should check the isEmpty() method on the property). This is useful because the SDK will never return a null collection or map, but you may need to differentiate between the service returning nothing (or null) and the service returning an empty collection or map. For requests, this returns true if a value for the property was specified in the request builder, and false if a value was not specified.

    • requiredClaims

      public final Map<String,String> requiredClaims()

      The key value pairs that describe required claims in the identity token. If set, each claim is verified to be present in the token with a matching value. For the maximum number of claims that you can require, see Amazon EKS service quotas in the Amazon EKS User Guide.

      Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

      This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the hasRequiredClaims() method.

      Returns:
      The key value pairs that describe required claims in the identity token. If set, each claim is verified to be present in the token with a matching value. For the maximum number of claims that you can require, see Amazon EKS service quotas in the Amazon EKS User Guide.

    • toBuilder

      public OidcIdentityProviderConfigRequest.Builder toBuilder()
      Description copied from interface: ToCopyableBuilder
      Take this object and create a builder that contains all of the current property values of this object.
      Specified by:
      toBuilder in interface ToCopyableBuilder<OidcIdentityProviderConfigRequest.Builder,OidcIdentityProviderConfigRequest>
      Returns:
      a builder for type T

    • builder

      public static OidcIdentityProviderConfigRequest.Builder builder()

    • serializableBuilderClass

      public static Class<? extends OidcIdentityProviderConfigRequest.Builder> serializableBuilderClass()

    • hashCode

      public final int hashCode()
      Overrides:
      hashCode in class Object

    • equals

      public final boolean equals(Object obj)
      Overrides:
      equals in class Object

    • equalsBySdkFields

      public final boolean equalsBySdkFields(Object obj)
      Description copied from interface: SdkPojo
      Indicates whether some other object is "equal to" this one by SDK fields. An SDK field is a modeled, non-inherited field in an SdkPojo class, and is generated based on a service model.

      If an SdkPojo class does not have any inherited fields, equalsBySdkFields and equals are essentially the same.

      Specified by:
      equalsBySdkFields in interface SdkPojo
      Parameters:
      obj - the object to be compared with
      Returns:
      true if the other object equals to this object by sdk fields, false otherwise.

    • toString

      public final String toString()
      Returns a string representation of this object. This is useful for testing and debugging. Sensitive data will be redacted from this string using a placeholder value.
      Overrides:
      toString in class Object

    • getValueForField

      public final <T> Optional<T> getValueForField(String fieldName, Class<T> clazz)

    • sdkFields

      public final List<SdkField<?>> sdkFields()
      Specified by:
      sdkFields in interface SdkPojo
      Returns:
      List of SdkField in this POJO. May be empty list but should never be null.