com.pulumi.vault.jwt.AuthBackendRoleArgs Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of vault Show documentation
Show all versions of vault Show documentation
A Pulumi package for creating and managing HashiCorp Vault cloud resources.
// *** WARNING: this file was generated by pulumi-java-gen. ***
// *** Do not edit by hand unless you're certain you know what you are doing! ***
package com.pulumi.vault.jwt;
import com.pulumi.core.Output;
import com.pulumi.core.annotations.Import;
import com.pulumi.exceptions.MissingRequiredPropertyException;
import java.lang.Boolean;
import java.lang.Integer;
import java.lang.String;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import javax.annotation.Nullable;
public final class AuthBackendRoleArgs extends com.pulumi.resources.ResourceArgs {
public static final AuthBackendRoleArgs Empty = new AuthBackendRoleArgs();
/**
* The list of allowed values for redirect_uri during OIDC logins.
* Required for OIDC roles
*
*/
@Import(name="allowedRedirectUris")
private @Nullable Output> allowedRedirectUris;
/**
* @return The list of allowed values for redirect_uri during OIDC logins.
* Required for OIDC roles
*
*/
public Optional>> allowedRedirectUris() {
return Optional.ofNullable(this.allowedRedirectUris);
}
/**
* The unique name of the auth backend to configure.
* Defaults to `jwt`.
*
*/
@Import(name="backend")
private @Nullable Output backend;
/**
* @return The unique name of the auth backend to configure.
* Defaults to `jwt`.
*
*/
public Optional> backend() {
return Optional.ofNullable(this.backend);
}
/**
* (Required for roles of type `jwt`, optional for roles of
* type `oidc`) List of `aud` claims to match against. Any match is sufficient.
*
*/
@Import(name="boundAudiences")
private @Nullable Output> boundAudiences;
/**
* @return (Required for roles of type `jwt`, optional for roles of
* type `oidc`) List of `aud` claims to match against. Any match is sufficient.
*
*/
public Optional>> boundAudiences() {
return Optional.ofNullable(this.boundAudiences);
}
/**
* If set, a map of claims to values to match against.
* A claim's value must be a string, which may contain one value or multiple
* comma-separated values, e.g. `"red"` or `"red,green,blue"`.
*
*/
@Import(name="boundClaims")
private @Nullable Output> boundClaims;
/**
* @return If set, a map of claims to values to match against.
* A claim's value must be a string, which may contain one value or multiple
* comma-separated values, e.g. `"red"` or `"red,green,blue"`.
*
*/
public Optional>> boundClaims() {
return Optional.ofNullable(this.boundClaims);
}
/**
* How to interpret values in the claims/values
* map (`bound_claims`): can be either `string` (exact match) or `glob` (wildcard
* match). Requires Vault 1.4.0 or above.
*
*/
@Import(name="boundClaimsType")
private @Nullable Output boundClaimsType;
/**
* @return How to interpret values in the claims/values
* map (`bound_claims`): can be either `string` (exact match) or `glob` (wildcard
* match). Requires Vault 1.4.0 or above.
*
*/
public Optional> boundClaimsType() {
return Optional.ofNullable(this.boundClaimsType);
}
/**
* If set, requires that the `sub` claim matches
* this value.
*
*/
@Import(name="boundSubject")
private @Nullable Output boundSubject;
/**
* @return If set, requires that the `sub` claim matches
* this value.
*
*/
public Optional> boundSubject() {
return Optional.ofNullable(this.boundSubject);
}
/**
* If set, a map of claims (keys) to be copied
* to specified metadata fields (values).
*
*/
@Import(name="claimMappings")
private @Nullable Output> claimMappings;
/**
* @return If set, a map of claims (keys) to be copied
* to specified metadata fields (values).
*
*/
public Optional>> claimMappings() {
return Optional.ofNullable(this.claimMappings);
}
/**
* The amount of leeway to add to all claims to account for clock skew, in
* seconds. Defaults to `60` seconds if set to `0` and can be disabled if set to `-1`.
* Only applicable with "jwt" roles.
*
*/
@Import(name="clockSkewLeeway")
private @Nullable Output clockSkewLeeway;
/**
* @return The amount of leeway to add to all claims to account for clock skew, in
* seconds. Defaults to `60` seconds if set to `0` and can be disabled if set to `-1`.
* Only applicable with "jwt" roles.
*
*/
public Optional> clockSkewLeeway() {
return Optional.ofNullable(this.clockSkewLeeway);
}
/**
* Disable bound claim value parsing. Useful when values contain commas.
*
*/
@Import(name="disableBoundClaimsParsing")
private @Nullable Output disableBoundClaimsParsing;
/**
* @return Disable bound claim value parsing. Useful when values contain commas.
*
*/
public Optional> disableBoundClaimsParsing() {
return Optional.ofNullable(this.disableBoundClaimsParsing);
}
/**
* The amount of leeway to add to expiration (`exp`) claims to account for
* clock skew, in seconds. Defaults to `150` seconds if set to `0` and can be disabled if set to `-1`.
* Only applicable with "jwt" roles.
*
*/
@Import(name="expirationLeeway")
private @Nullable Output expirationLeeway;
/**
* @return The amount of leeway to add to expiration (`exp`) claims to account for
* clock skew, in seconds. Defaults to `150` seconds if set to `0` and can be disabled if set to `-1`.
* Only applicable with "jwt" roles.
*
*/
public Optional> expirationLeeway() {
return Optional.ofNullable(this.expirationLeeway);
}
/**
* The claim to use to uniquely identify
* the set of groups to which the user belongs; this will be used as the names
* for the Identity group aliases created due to a successful login. The claim
* value must be a list of strings.
*
*/
@Import(name="groupsClaim")
private @Nullable Output groupsClaim;
/**
* @return The claim to use to uniquely identify
* the set of groups to which the user belongs; this will be used as the names
* for the Identity group aliases created due to a successful login. The claim
* value must be a list of strings.
*
*/
public Optional> groupsClaim() {
return Optional.ofNullable(this.groupsClaim);
}
/**
* Specifies the allowable elapsed time in seconds since the last time
* the user was actively authenticated with the OIDC provider.
*
*/
@Import(name="maxAge")
private @Nullable Output maxAge;
/**
* @return Specifies the allowable elapsed time in seconds since the last time
* the user was actively authenticated with the OIDC provider.
*
*/
public Optional> maxAge() {
return Optional.ofNullable(this.maxAge);
}
/**
* The namespace to provision the resource in.
* The value should not contain leading or trailing forward slashes.
* The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
* *Available only for Vault Enterprise*.
*
*/
@Import(name="namespace")
private @Nullable Output namespace;
/**
* @return The namespace to provision the resource in.
* The value should not contain leading or trailing forward slashes.
* The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
* *Available only for Vault Enterprise*.
*
*/
public Optional> namespace() {
return Optional.ofNullable(this.namespace);
}
/**
* The amount of leeway to add to not before (`nbf`) claims to account for
* clock skew, in seconds. Defaults to `150` seconds if set to `0` and can be disabled if set to `-1`.
* Only applicable with "jwt" roles.
*
*/
@Import(name="notBeforeLeeway")
private @Nullable Output notBeforeLeeway;
/**
* @return The amount of leeway to add to not before (`nbf`) claims to account for
* clock skew, in seconds. Defaults to `150` seconds if set to `0` and can be disabled if set to `-1`.
* Only applicable with "jwt" roles.
*
*/
public Optional> notBeforeLeeway() {
return Optional.ofNullable(this.notBeforeLeeway);
}
/**
* If set, a list of OIDC scopes to be used with an OIDC role.
* The standard scope "openid" is automatically included and need not be specified.
*
*/
@Import(name="oidcScopes")
private @Nullable Output> oidcScopes;
/**
* @return If set, a list of OIDC scopes to be used with an OIDC role.
* The standard scope "openid" is automatically included and need not be specified.
*
*/
public Optional>> oidcScopes() {
return Optional.ofNullable(this.oidcScopes);
}
/**
* The name of the role.
*
*/
@Import(name="roleName", required=true)
private Output roleName;
/**
* @return The name of the role.
*
*/
public Output roleName() {
return this.roleName;
}
/**
* Type of role, either "oidc" (default) or "jwt".
*
*/
@Import(name="roleType")
private @Nullable Output roleType;
/**
* @return Type of role, either "oidc" (default) or "jwt".
*
*/
public Optional> roleType() {
return Optional.ofNullable(this.roleType);
}
/**
* Specifies the blocks of IP addresses which are allowed to use the generated token
*
*/
@Import(name="tokenBoundCidrs")
private @Nullable Output> tokenBoundCidrs;
/**
* @return Specifies the blocks of IP addresses which are allowed to use the generated token
*
*/
public Optional>> tokenBoundCidrs() {
return Optional.ofNullable(this.tokenBoundCidrs);
}
/**
* Generated Token's Explicit Maximum TTL in seconds
*
*/
@Import(name="tokenExplicitMaxTtl")
private @Nullable Output tokenExplicitMaxTtl;
/**
* @return Generated Token's Explicit Maximum TTL in seconds
*
*/
public Optional> tokenExplicitMaxTtl() {
return Optional.ofNullable(this.tokenExplicitMaxTtl);
}
/**
* The maximum lifetime of the generated token
*
*/
@Import(name="tokenMaxTtl")
private @Nullable Output tokenMaxTtl;
/**
* @return The maximum lifetime of the generated token
*
*/
public Optional> tokenMaxTtl() {
return Optional.ofNullable(this.tokenMaxTtl);
}
/**
* If true, the 'default' policy will not automatically be added to generated tokens
*
*/
@Import(name="tokenNoDefaultPolicy")
private @Nullable Output tokenNoDefaultPolicy;
/**
* @return If true, the 'default' policy will not automatically be added to generated tokens
*
*/
public Optional> tokenNoDefaultPolicy() {
return Optional.ofNullable(this.tokenNoDefaultPolicy);
}
/**
* The maximum number of times a token may be used, a value of zero means unlimited
*
*/
@Import(name="tokenNumUses")
private @Nullable Output tokenNumUses;
/**
* @return The maximum number of times a token may be used, a value of zero means unlimited
*
*/
public Optional> tokenNumUses() {
return Optional.ofNullable(this.tokenNumUses);
}
/**
* Generated Token's Period
*
*/
@Import(name="tokenPeriod")
private @Nullable Output tokenPeriod;
/**
* @return Generated Token's Period
*
*/
public Optional> tokenPeriod() {
return Optional.ofNullable(this.tokenPeriod);
}
/**
* Generated Token's Policies
*
*/
@Import(name="tokenPolicies")
private @Nullable Output> tokenPolicies;
/**
* @return Generated Token's Policies
*
*/
public Optional>> tokenPolicies() {
return Optional.ofNullable(this.tokenPolicies);
}
/**
* The initial ttl of the token to generate in seconds
*
*/
@Import(name="tokenTtl")
private @Nullable Output tokenTtl;
/**
* @return The initial ttl of the token to generate in seconds
*
*/
public Optional> tokenTtl() {
return Optional.ofNullable(this.tokenTtl);
}
/**
* The type of token to generate, service or batch
*
*/
@Import(name="tokenType")
private @Nullable Output tokenType;
/**
* @return The type of token to generate, service or batch
*
*/
public Optional> tokenType() {
return Optional.ofNullable(this.tokenType);
}
/**
* The claim to use to uniquely identify
* the user; this will be used as the name for the Identity entity alias created
* due to a successful login.
*
*/
@Import(name="userClaim", required=true)
private Output userClaim;
/**
* @return The claim to use to uniquely identify
* the user; this will be used as the name for the Identity entity alias created
* due to a successful login.
*
*/
public Output userClaim() {
return this.userClaim;
}
/**
* Specifies if the `user_claim` value uses
* [JSON pointer](https://www.vaultproject.io/docs/auth/jwt#claim-specifications-and-json-pointer)
* syntax for referencing claims. By default, the `user_claim` value will not use JSON pointer.
* Requires Vault 1.11+.
*
*/
@Import(name="userClaimJsonPointer")
private @Nullable Output userClaimJsonPointer;
/**
* @return Specifies if the `user_claim` value uses
* [JSON pointer](https://www.vaultproject.io/docs/auth/jwt#claim-specifications-and-json-pointer)
* syntax for referencing claims. By default, the `user_claim` value will not use JSON pointer.
* Requires Vault 1.11+.
*
*/
public Optional> userClaimJsonPointer() {
return Optional.ofNullable(this.userClaimJsonPointer);
}
/**
* Log received OIDC tokens and claims when debug-level
* logging is active. Not recommended in production since sensitive information may be present
* in OIDC responses.
*
*/
@Import(name="verboseOidcLogging")
private @Nullable Output verboseOidcLogging;
/**
* @return Log received OIDC tokens and claims when debug-level
* logging is active. Not recommended in production since sensitive information may be present
* in OIDC responses.
*
*/
public Optional> verboseOidcLogging() {
return Optional.ofNullable(this.verboseOidcLogging);
}
private AuthBackendRoleArgs() {}
private AuthBackendRoleArgs(AuthBackendRoleArgs $) {
this.allowedRedirectUris = $.allowedRedirectUris;
this.backend = $.backend;
this.boundAudiences = $.boundAudiences;
this.boundClaims = $.boundClaims;
this.boundClaimsType = $.boundClaimsType;
this.boundSubject = $.boundSubject;
this.claimMappings = $.claimMappings;
this.clockSkewLeeway = $.clockSkewLeeway;
this.disableBoundClaimsParsing = $.disableBoundClaimsParsing;
this.expirationLeeway = $.expirationLeeway;
this.groupsClaim = $.groupsClaim;
this.maxAge = $.maxAge;
this.namespace = $.namespace;
this.notBeforeLeeway = $.notBeforeLeeway;
this.oidcScopes = $.oidcScopes;
this.roleName = $.roleName;
this.roleType = $.roleType;
this.tokenBoundCidrs = $.tokenBoundCidrs;
this.tokenExplicitMaxTtl = $.tokenExplicitMaxTtl;
this.tokenMaxTtl = $.tokenMaxTtl;
this.tokenNoDefaultPolicy = $.tokenNoDefaultPolicy;
this.tokenNumUses = $.tokenNumUses;
this.tokenPeriod = $.tokenPeriod;
this.tokenPolicies = $.tokenPolicies;
this.tokenTtl = $.tokenTtl;
this.tokenType = $.tokenType;
this.userClaim = $.userClaim;
this.userClaimJsonPointer = $.userClaimJsonPointer;
this.verboseOidcLogging = $.verboseOidcLogging;
}
public static Builder builder() {
return new Builder();
}
public static Builder builder(AuthBackendRoleArgs defaults) {
return new Builder(defaults);
}
public static final class Builder {
private AuthBackendRoleArgs $;
public Builder() {
$ = new AuthBackendRoleArgs();
}
public Builder(AuthBackendRoleArgs defaults) {
$ = new AuthBackendRoleArgs(Objects.requireNonNull(defaults));
}
/**
* @param allowedRedirectUris The list of allowed values for redirect_uri during OIDC logins.
* Required for OIDC roles
*
* @return builder
*
*/
public Builder allowedRedirectUris(@Nullable Output> allowedRedirectUris) {
$.allowedRedirectUris = allowedRedirectUris;
return this;
}
/**
* @param allowedRedirectUris The list of allowed values for redirect_uri during OIDC logins.
* Required for OIDC roles
*
* @return builder
*
*/
public Builder allowedRedirectUris(List allowedRedirectUris) {
return allowedRedirectUris(Output.of(allowedRedirectUris));
}
/**
* @param allowedRedirectUris The list of allowed values for redirect_uri during OIDC logins.
* Required for OIDC roles
*
* @return builder
*
*/
public Builder allowedRedirectUris(String... allowedRedirectUris) {
return allowedRedirectUris(List.of(allowedRedirectUris));
}
/**
* @param backend The unique name of the auth backend to configure.
* Defaults to `jwt`.
*
* @return builder
*
*/
public Builder backend(@Nullable Output backend) {
$.backend = backend;
return this;
}
/**
* @param backend The unique name of the auth backend to configure.
* Defaults to `jwt`.
*
* @return builder
*
*/
public Builder backend(String backend) {
return backend(Output.of(backend));
}
/**
* @param boundAudiences (Required for roles of type `jwt`, optional for roles of
* type `oidc`) List of `aud` claims to match against. Any match is sufficient.
*
* @return builder
*
*/
public Builder boundAudiences(@Nullable Output> boundAudiences) {
$.boundAudiences = boundAudiences;
return this;
}
/**
* @param boundAudiences (Required for roles of type `jwt`, optional for roles of
* type `oidc`) List of `aud` claims to match against. Any match is sufficient.
*
* @return builder
*
*/
public Builder boundAudiences(List boundAudiences) {
return boundAudiences(Output.of(boundAudiences));
}
/**
* @param boundAudiences (Required for roles of type `jwt`, optional for roles of
* type `oidc`) List of `aud` claims to match against. Any match is sufficient.
*
* @return builder
*
*/
public Builder boundAudiences(String... boundAudiences) {
return boundAudiences(List.of(boundAudiences));
}
/**
* @param boundClaims If set, a map of claims to values to match against.
* A claim's value must be a string, which may contain one value or multiple
* comma-separated values, e.g. `"red"` or `"red,green,blue"`.
*
* @return builder
*
*/
public Builder boundClaims(@Nullable Output> boundClaims) {
$.boundClaims = boundClaims;
return this;
}
/**
* @param boundClaims If set, a map of claims to values to match against.
* A claim's value must be a string, which may contain one value or multiple
* comma-separated values, e.g. `"red"` or `"red,green,blue"`.
*
* @return builder
*
*/
public Builder boundClaims(Map boundClaims) {
return boundClaims(Output.of(boundClaims));
}
/**
* @param boundClaimsType How to interpret values in the claims/values
* map (`bound_claims`): can be either `string` (exact match) or `glob` (wildcard
* match). Requires Vault 1.4.0 or above.
*
* @return builder
*
*/
public Builder boundClaimsType(@Nullable Output boundClaimsType) {
$.boundClaimsType = boundClaimsType;
return this;
}
/**
* @param boundClaimsType How to interpret values in the claims/values
* map (`bound_claims`): can be either `string` (exact match) or `glob` (wildcard
* match). Requires Vault 1.4.0 or above.
*
* @return builder
*
*/
public Builder boundClaimsType(String boundClaimsType) {
return boundClaimsType(Output.of(boundClaimsType));
}
/**
* @param boundSubject If set, requires that the `sub` claim matches
* this value.
*
* @return builder
*
*/
public Builder boundSubject(@Nullable Output boundSubject) {
$.boundSubject = boundSubject;
return this;
}
/**
* @param boundSubject If set, requires that the `sub` claim matches
* this value.
*
* @return builder
*
*/
public Builder boundSubject(String boundSubject) {
return boundSubject(Output.of(boundSubject));
}
/**
* @param claimMappings If set, a map of claims (keys) to be copied
* to specified metadata fields (values).
*
* @return builder
*
*/
public Builder claimMappings(@Nullable Output> claimMappings) {
$.claimMappings = claimMappings;
return this;
}
/**
* @param claimMappings If set, a map of claims (keys) to be copied
* to specified metadata fields (values).
*
* @return builder
*
*/
public Builder claimMappings(Map claimMappings) {
return claimMappings(Output.of(claimMappings));
}
/**
* @param clockSkewLeeway The amount of leeway to add to all claims to account for clock skew, in
* seconds. Defaults to `60` seconds if set to `0` and can be disabled if set to `-1`.
* Only applicable with "jwt" roles.
*
* @return builder
*
*/
public Builder clockSkewLeeway(@Nullable Output clockSkewLeeway) {
$.clockSkewLeeway = clockSkewLeeway;
return this;
}
/**
* @param clockSkewLeeway The amount of leeway to add to all claims to account for clock skew, in
* seconds. Defaults to `60` seconds if set to `0` and can be disabled if set to `-1`.
* Only applicable with "jwt" roles.
*
* @return builder
*
*/
public Builder clockSkewLeeway(Integer clockSkewLeeway) {
return clockSkewLeeway(Output.of(clockSkewLeeway));
}
/**
* @param disableBoundClaimsParsing Disable bound claim value parsing. Useful when values contain commas.
*
* @return builder
*
*/
public Builder disableBoundClaimsParsing(@Nullable Output disableBoundClaimsParsing) {
$.disableBoundClaimsParsing = disableBoundClaimsParsing;
return this;
}
/**
* @param disableBoundClaimsParsing Disable bound claim value parsing. Useful when values contain commas.
*
* @return builder
*
*/
public Builder disableBoundClaimsParsing(Boolean disableBoundClaimsParsing) {
return disableBoundClaimsParsing(Output.of(disableBoundClaimsParsing));
}
/**
* @param expirationLeeway The amount of leeway to add to expiration (`exp`) claims to account for
* clock skew, in seconds. Defaults to `150` seconds if set to `0` and can be disabled if set to `-1`.
* Only applicable with "jwt" roles.
*
* @return builder
*
*/
public Builder expirationLeeway(@Nullable Output expirationLeeway) {
$.expirationLeeway = expirationLeeway;
return this;
}
/**
* @param expirationLeeway The amount of leeway to add to expiration (`exp`) claims to account for
* clock skew, in seconds. Defaults to `150` seconds if set to `0` and can be disabled if set to `-1`.
* Only applicable with "jwt" roles.
*
* @return builder
*
*/
public Builder expirationLeeway(Integer expirationLeeway) {
return expirationLeeway(Output.of(expirationLeeway));
}
/**
* @param groupsClaim The claim to use to uniquely identify
* the set of groups to which the user belongs; this will be used as the names
* for the Identity group aliases created due to a successful login. The claim
* value must be a list of strings.
*
* @return builder
*
*/
public Builder groupsClaim(@Nullable Output groupsClaim) {
$.groupsClaim = groupsClaim;
return this;
}
/**
* @param groupsClaim The claim to use to uniquely identify
* the set of groups to which the user belongs; this will be used as the names
* for the Identity group aliases created due to a successful login. The claim
* value must be a list of strings.
*
* @return builder
*
*/
public Builder groupsClaim(String groupsClaim) {
return groupsClaim(Output.of(groupsClaim));
}
/**
* @param maxAge Specifies the allowable elapsed time in seconds since the last time
* the user was actively authenticated with the OIDC provider.
*
* @return builder
*
*/
public Builder maxAge(@Nullable Output maxAge) {
$.maxAge = maxAge;
return this;
}
/**
* @param maxAge Specifies the allowable elapsed time in seconds since the last time
* the user was actively authenticated with the OIDC provider.
*
* @return builder
*
*/
public Builder maxAge(Integer maxAge) {
return maxAge(Output.of(maxAge));
}
/**
* @param namespace The namespace to provision the resource in.
* The value should not contain leading or trailing forward slashes.
* The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
* *Available only for Vault Enterprise*.
*
* @return builder
*
*/
public Builder namespace(@Nullable Output namespace) {
$.namespace = namespace;
return this;
}
/**
* @param namespace The namespace to provision the resource in.
* The value should not contain leading or trailing forward slashes.
* The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
* *Available only for Vault Enterprise*.
*
* @return builder
*
*/
public Builder namespace(String namespace) {
return namespace(Output.of(namespace));
}
/**
* @param notBeforeLeeway The amount of leeway to add to not before (`nbf`) claims to account for
* clock skew, in seconds. Defaults to `150` seconds if set to `0` and can be disabled if set to `-1`.
* Only applicable with "jwt" roles.
*
* @return builder
*
*/
public Builder notBeforeLeeway(@Nullable Output notBeforeLeeway) {
$.notBeforeLeeway = notBeforeLeeway;
return this;
}
/**
* @param notBeforeLeeway The amount of leeway to add to not before (`nbf`) claims to account for
* clock skew, in seconds. Defaults to `150` seconds if set to `0` and can be disabled if set to `-1`.
* Only applicable with "jwt" roles.
*
* @return builder
*
*/
public Builder notBeforeLeeway(Integer notBeforeLeeway) {
return notBeforeLeeway(Output.of(notBeforeLeeway));
}
/**
* @param oidcScopes If set, a list of OIDC scopes to be used with an OIDC role.
* The standard scope "openid" is automatically included and need not be specified.
*
* @return builder
*
*/
public Builder oidcScopes(@Nullable Output> oidcScopes) {
$.oidcScopes = oidcScopes;
return this;
}
/**
* @param oidcScopes If set, a list of OIDC scopes to be used with an OIDC role.
* The standard scope "openid" is automatically included and need not be specified.
*
* @return builder
*
*/
public Builder oidcScopes(List oidcScopes) {
return oidcScopes(Output.of(oidcScopes));
}
/**
* @param oidcScopes If set, a list of OIDC scopes to be used with an OIDC role.
* The standard scope "openid" is automatically included and need not be specified.
*
* @return builder
*
*/
public Builder oidcScopes(String... oidcScopes) {
return oidcScopes(List.of(oidcScopes));
}
/**
* @param roleName The name of the role.
*
* @return builder
*
*/
public Builder roleName(Output roleName) {
$.roleName = roleName;
return this;
}
/**
* @param roleName The name of the role.
*
* @return builder
*
*/
public Builder roleName(String roleName) {
return roleName(Output.of(roleName));
}
/**
* @param roleType Type of role, either "oidc" (default) or "jwt".
*
* @return builder
*
*/
public Builder roleType(@Nullable Output roleType) {
$.roleType = roleType;
return this;
}
/**
* @param roleType Type of role, either "oidc" (default) or "jwt".
*
* @return builder
*
*/
public Builder roleType(String roleType) {
return roleType(Output.of(roleType));
}
/**
* @param tokenBoundCidrs Specifies the blocks of IP addresses which are allowed to use the generated token
*
* @return builder
*
*/
public Builder tokenBoundCidrs(@Nullable Output> tokenBoundCidrs) {
$.tokenBoundCidrs = tokenBoundCidrs;
return this;
}
/**
* @param tokenBoundCidrs Specifies the blocks of IP addresses which are allowed to use the generated token
*
* @return builder
*
*/
public Builder tokenBoundCidrs(List tokenBoundCidrs) {
return tokenBoundCidrs(Output.of(tokenBoundCidrs));
}
/**
* @param tokenBoundCidrs Specifies the blocks of IP addresses which are allowed to use the generated token
*
* @return builder
*
*/
public Builder tokenBoundCidrs(String... tokenBoundCidrs) {
return tokenBoundCidrs(List.of(tokenBoundCidrs));
}
/**
* @param tokenExplicitMaxTtl Generated Token's Explicit Maximum TTL in seconds
*
* @return builder
*
*/
public Builder tokenExplicitMaxTtl(@Nullable Output tokenExplicitMaxTtl) {
$.tokenExplicitMaxTtl = tokenExplicitMaxTtl;
return this;
}
/**
* @param tokenExplicitMaxTtl Generated Token's Explicit Maximum TTL in seconds
*
* @return builder
*
*/
public Builder tokenExplicitMaxTtl(Integer tokenExplicitMaxTtl) {
return tokenExplicitMaxTtl(Output.of(tokenExplicitMaxTtl));
}
/**
* @param tokenMaxTtl The maximum lifetime of the generated token
*
* @return builder
*
*/
public Builder tokenMaxTtl(@Nullable Output tokenMaxTtl) {
$.tokenMaxTtl = tokenMaxTtl;
return this;
}
/**
* @param tokenMaxTtl The maximum lifetime of the generated token
*
* @return builder
*
*/
public Builder tokenMaxTtl(Integer tokenMaxTtl) {
return tokenMaxTtl(Output.of(tokenMaxTtl));
}
/**
* @param tokenNoDefaultPolicy If true, the 'default' policy will not automatically be added to generated tokens
*
* @return builder
*
*/
public Builder tokenNoDefaultPolicy(@Nullable Output tokenNoDefaultPolicy) {
$.tokenNoDefaultPolicy = tokenNoDefaultPolicy;
return this;
}
/**
* @param tokenNoDefaultPolicy If true, the 'default' policy will not automatically be added to generated tokens
*
* @return builder
*
*/
public Builder tokenNoDefaultPolicy(Boolean tokenNoDefaultPolicy) {
return tokenNoDefaultPolicy(Output.of(tokenNoDefaultPolicy));
}
/**
* @param tokenNumUses The maximum number of times a token may be used, a value of zero means unlimited
*
* @return builder
*
*/
public Builder tokenNumUses(@Nullable Output tokenNumUses) {
$.tokenNumUses = tokenNumUses;
return this;
}
/**
* @param tokenNumUses The maximum number of times a token may be used, a value of zero means unlimited
*
* @return builder
*
*/
public Builder tokenNumUses(Integer tokenNumUses) {
return tokenNumUses(Output.of(tokenNumUses));
}
/**
* @param tokenPeriod Generated Token's Period
*
* @return builder
*
*/
public Builder tokenPeriod(@Nullable Output tokenPeriod) {
$.tokenPeriod = tokenPeriod;
return this;
}
/**
* @param tokenPeriod Generated Token's Period
*
* @return builder
*
*/
public Builder tokenPeriod(Integer tokenPeriod) {
return tokenPeriod(Output.of(tokenPeriod));
}
/**
* @param tokenPolicies Generated Token's Policies
*
* @return builder
*
*/
public Builder tokenPolicies(@Nullable Output> tokenPolicies) {
$.tokenPolicies = tokenPolicies;
return this;
}
/**
* @param tokenPolicies Generated Token's Policies
*
* @return builder
*
*/
public Builder tokenPolicies(List tokenPolicies) {
return tokenPolicies(Output.of(tokenPolicies));
}
/**
* @param tokenPolicies Generated Token's Policies
*
* @return builder
*
*/
public Builder tokenPolicies(String... tokenPolicies) {
return tokenPolicies(List.of(tokenPolicies));
}
/**
* @param tokenTtl The initial ttl of the token to generate in seconds
*
* @return builder
*
*/
public Builder tokenTtl(@Nullable Output tokenTtl) {
$.tokenTtl = tokenTtl;
return this;
}
/**
* @param tokenTtl The initial ttl of the token to generate in seconds
*
* @return builder
*
*/
public Builder tokenTtl(Integer tokenTtl) {
return tokenTtl(Output.of(tokenTtl));
}
/**
* @param tokenType The type of token to generate, service or batch
*
* @return builder
*
*/
public Builder tokenType(@Nullable Output tokenType) {
$.tokenType = tokenType;
return this;
}
/**
* @param tokenType The type of token to generate, service or batch
*
* @return builder
*
*/
public Builder tokenType(String tokenType) {
return tokenType(Output.of(tokenType));
}
/**
* @param userClaim The claim to use to uniquely identify
* the user; this will be used as the name for the Identity entity alias created
* due to a successful login.
*
* @return builder
*
*/
public Builder userClaim(Output userClaim) {
$.userClaim = userClaim;
return this;
}
/**
* @param userClaim The claim to use to uniquely identify
* the user; this will be used as the name for the Identity entity alias created
* due to a successful login.
*
* @return builder
*
*/
public Builder userClaim(String userClaim) {
return userClaim(Output.of(userClaim));
}
/**
* @param userClaimJsonPointer Specifies if the `user_claim` value uses
* [JSON pointer](https://www.vaultproject.io/docs/auth/jwt#claim-specifications-and-json-pointer)
* syntax for referencing claims. By default, the `user_claim` value will not use JSON pointer.
* Requires Vault 1.11+.
*
* @return builder
*
*/
public Builder userClaimJsonPointer(@Nullable Output userClaimJsonPointer) {
$.userClaimJsonPointer = userClaimJsonPointer;
return this;
}
/**
* @param userClaimJsonPointer Specifies if the `user_claim` value uses
* [JSON pointer](https://www.vaultproject.io/docs/auth/jwt#claim-specifications-and-json-pointer)
* syntax for referencing claims. By default, the `user_claim` value will not use JSON pointer.
* Requires Vault 1.11+.
*
* @return builder
*
*/
public Builder userClaimJsonPointer(Boolean userClaimJsonPointer) {
return userClaimJsonPointer(Output.of(userClaimJsonPointer));
}
/**
* @param verboseOidcLogging Log received OIDC tokens and claims when debug-level
* logging is active. Not recommended in production since sensitive information may be present
* in OIDC responses.
*
* @return builder
*
*/
public Builder verboseOidcLogging(@Nullable Output verboseOidcLogging) {
$.verboseOidcLogging = verboseOidcLogging;
return this;
}
/**
* @param verboseOidcLogging Log received OIDC tokens and claims when debug-level
* logging is active. Not recommended in production since sensitive information may be present
* in OIDC responses.
*
* @return builder
*
*/
public Builder verboseOidcLogging(Boolean verboseOidcLogging) {
return verboseOidcLogging(Output.of(verboseOidcLogging));
}
public AuthBackendRoleArgs build() {
if ($.roleName == null) {
throw new MissingRequiredPropertyException("AuthBackendRoleArgs", "roleName");
}
if ($.userClaim == null) {
throw new MissingRequiredPropertyException("AuthBackendRoleArgs", "userClaim");
}
return $;
}
}
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy