open-nomad/website/content/docs/commands/acl/auth-method/create.mdx

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

100 lines
3.1 KiB
Plaintext
Raw Normal View History

---
layout: docs
page_title: 'Commands: acl auth-method create'
description: The auth-method create command is used to create new ACL Auth Methods.
---
# Command: acl auth-method create
The `acl auth-method create` command is used to create new ACL Auth Methods.
## Usage
```plaintext
nomad acl auth-method create [options]
```
The `acl auth-method create` command requires the correct setting of the create options
via flags detailed below.
## General Options
@include 'general_options_no_namespace.mdx'
## Create Options
- `-name`: Sets the human readable name for the ACL auth method. The name must
be between 1-128 characters and is a required parameter.
- `-description`: A free form text description of the auth-method that must not exceed
256 characters.
- `-type`: Sets the type of the auth method. Currently the only supported type
is `OIDC`.
- `-max-token-ttl`: Sets the duration of time all tokens created by this auth
method should be valid for.
- `-token-locality`: Defines the kind of token that this auth method should
produce. This can be either `local` or `global`.
- `-default`: Specifies whether this auth method should be treated as a default
one in case no auth method is explicitly specified for a login command.
- `-config`: Auth method [configuration] in JSON format. May be prefixed with '@'
to indicate that the value is a file path to load the config from. '-' may also
be given to indicate that the config is available on stdin.
- `-json`: Output the ACL auth-method in a JSON format.
- `-t`: Format and display the ACL auth-method using a Go template.
## Examples
Create a new ACL Auth Method:
```shell-session
$ nomad acl auth-method create -name "example-acl-auth-method" -type "OIDC" -max-token-ttl "1h" -token-locality "local" -config "@config.json"
Created ACL auth method:
Name = example-acl-auth-method
Type = OIDC
Locality = local
MaxTokenTTL = 1h0m0s
Default = false
OIDC Discovery URL = https://my-corp-app-name.auth0.com/
OIDC Client ID = V1RPi2MYptMV1RPi2MYptMV1RPi2MYpt
OIDC Client Secret = example-client-secret
Bound audiences = V1RPi2MYptMV1RPi2MYptMV1RPi2MYpt
Allowed redirects URIs = http://localhost:4646/oidc/callback
Discovery CA pem = <none>
Signing algorithms = <none>
Claim mappings = {http://example.com/first_name: first_name}; {http://example.com/last_name: last_name}
List claim mappings = {http://nomad.com/groups: groups}
Create Index = 14
Modify Index = 14
```
Example config file:
```json
{
"OIDCDiscoveryURL": "https://my-corp-app-name.auth0.com/",
"OIDCClientID": "V1RPi2MYptMV1RPi2MYptMV1RPi2MYpt",
"OIDCClientSecret": "example-client-secret",
"BoundAudiences": [
"V1RPi2MYptMV1RPi2MYptMV1RPi2MYpt"
],
"AllowedRedirectURIs": [
"http://localhost:4646/oidc/callback"
],
"ClaimMappings": {
"http://example.com/first_name": "first_name",
"http://example.com/last_name": "last_name"
},
"ListClaimMappings": {
"http://nomad.com/groups": "groups"
}
}
```
[configuration]: /api-docs/acl/auth-methods#config