2022-12-14 12:35:26 +00:00
|
|
|
---
|
|
|
|
layout: docs
|
|
|
|
page_title: 'Commands: acl auth-method create'
|
|
|
|
description: The auth-method create command is used to create new ACL Auth Methods.
|
|
|
|
---
|
|
|
|
|
|
|
|
# Command: acl auth-method create
|
|
|
|
|
|
|
|
The `acl auth-method create` command is used to create new ACL Auth Methods.
|
|
|
|
|
|
|
|
## Usage
|
|
|
|
|
|
|
|
```plaintext
|
|
|
|
nomad acl auth-method create [options]
|
|
|
|
```
|
|
|
|
|
|
|
|
The `acl auth-method create` command requires the correct setting of the create options
|
|
|
|
via flags detailed below.
|
|
|
|
|
|
|
|
## General Options
|
|
|
|
|
|
|
|
@include 'general_options_no_namespace.mdx'
|
|
|
|
|
|
|
|
## Create Options
|
|
|
|
|
|
|
|
- `-name`: Sets the human readable name for the ACL auth method. The name must
|
|
|
|
be between 1-128 characters and is a required parameter.
|
|
|
|
|
|
|
|
- `-description`: A free form text description of the auth-method that must not exceed
|
|
|
|
256 characters.
|
|
|
|
|
|
|
|
- `-type`: Sets the type of the auth method. Currently the only supported type
|
|
|
|
is `OIDC`.
|
|
|
|
|
|
|
|
- `-max-token-ttl`: Sets the duration of time all tokens created by this auth
|
|
|
|
method should be valid for.
|
|
|
|
|
|
|
|
- `-token-locality`: Defines the kind of token that this auth method should
|
|
|
|
produce. This can be either `local` or `global`.
|
|
|
|
|
|
|
|
- `-default`: Specifies whether this auth method should be treated as a default
|
|
|
|
one in case no auth method is explicitly specified for a login command.
|
|
|
|
|
|
|
|
- `-config`: Auth method [configuration] in JSON format. May be prefixed with '@'
|
|
|
|
to indicate that the value is a file path to load the config from. '-' may also
|
|
|
|
be given to indicate that the config is available on stdin.
|
|
|
|
|
|
|
|
- `-json`: Output the ACL auth-method in a JSON format.
|
|
|
|
|
|
|
|
- `-t`: Format and display the ACL auth-method using a Go template.
|
|
|
|
|
|
|
|
## Examples
|
|
|
|
|
2022-12-22 15:36:25 +00:00
|
|
|
Create a new ACL Auth Method:
|
2022-12-14 12:35:26 +00:00
|
|
|
|
|
|
|
```shell-session
|
|
|
|
$ nomad acl auth-method create -name "example-acl-auth-method" -type "OIDC" -max-token-ttl "1h" -token-locality "local" -config "@config.json"
|
|
|
|
Created ACL auth method:
|
|
|
|
Name = example-acl-auth-method
|
|
|
|
Type = OIDC
|
|
|
|
Locality = local
|
|
|
|
MaxTokenTTL = 1h0m0s
|
|
|
|
Default = false
|
|
|
|
OIDC Discovery URL = https://my-corp-app-name.auth0.com/
|
|
|
|
OIDC Client ID = V1RPi2MYptMV1RPi2MYptMV1RPi2MYpt
|
|
|
|
OIDC Client Secret = example-client-secret
|
|
|
|
Bound audiences = V1RPi2MYptMV1RPi2MYptMV1RPi2MYpt
|
|
|
|
Allowed redirects URIs = http://localhost:4646/oidc/callback
|
|
|
|
Discovery CA pem = <none>
|
|
|
|
Signing algorithms = <none>
|
|
|
|
Claim mappings = {http://example.com/first_name: first_name}; {http://example.com/last_name: last_name}
|
|
|
|
List claim mappings = {http://nomad.com/groups: groups}
|
|
|
|
Create Index = 14
|
|
|
|
Modify Index = 14
|
|
|
|
```
|
|
|
|
|
|
|
|
Example config file:
|
|
|
|
|
|
|
|
```json
|
|
|
|
{
|
|
|
|
"OIDCDiscoveryURL": "https://my-corp-app-name.auth0.com/",
|
|
|
|
"OIDCClientID": "V1RPi2MYptMV1RPi2MYptMV1RPi2MYpt",
|
|
|
|
"OIDCClientSecret": "example-client-secret",
|
|
|
|
"BoundAudiences": [
|
|
|
|
"V1RPi2MYptMV1RPi2MYptMV1RPi2MYpt"
|
|
|
|
],
|
|
|
|
"AllowedRedirectURIs": [
|
|
|
|
"http://localhost:4646/oidc/callback"
|
|
|
|
],
|
|
|
|
"ClaimMappings": {
|
|
|
|
"http://example.com/first_name": "first_name",
|
|
|
|
"http://example.com/last_name": "last_name"
|
|
|
|
},
|
|
|
|
"ListClaimMappings": {
|
|
|
|
"http://nomad.com/groups": "groups"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
```
|
|
|
|
|
|
|
|
[configuration]: /api-docs/acl/auth-methods#config
|