com.pulumi.gitlab.kotlin.GroupServiceAccountAccessTokenArgs.kt Maven / Gradle / Ivy

Go to download
Show more of this group Show more artifacts with this name
Show all versions of pulumi-gitlab-kotlin Show documentation
Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.
There is a newer version: 8.4.2.0
Show newest version
@file:Suppress("NAME_SHADOWING", "DEPRECATION")

package com.pulumi.gitlab.kotlin

import com.pulumi.core.Output
import com.pulumi.core.Output.of
import com.pulumi.gitlab.GroupServiceAccountAccessTokenArgs.builder
import com.pulumi.gitlab.kotlin.inputs.GroupServiceAccountAccessTokenRotationConfigurationArgs
import com.pulumi.gitlab.kotlin.inputs.GroupServiceAccountAccessTokenRotationConfigurationArgsBuilder
import com.pulumi.kotlin.ConvertibleToJava
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.kotlin.applySuspend
import kotlin.Int
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
import kotlin.collections.List
import kotlin.jvm.JvmName

/**
 * The `gitlab.GroupServiceAccountAccessToken` resource allows to manage the lifecycle of a group service account access token.
 * > Use of the `timestamp()` function with expires_at will cause the resource to be re-created with every apply, it's recommended to use `plantimestamp()` or a static value instead.
 * > Reading the access token status of a service account requires an admin token or a top-level group owner token on gitlab.com. As a result, this resource will ignore permission errors when attempting to read the token status, and will rely on the values in state instead. This can lead to apply-time failures if the token configured for the provider doesn't have permissions to rotate tokens for the service account.
 * > Use `rotation_configuration` to automatically rotate tokens instead of using `timestamp()` as timestamp will cause changes with every plan. `pulumi up` must still be run to rotate the token.
 * > Due to a limitation in the API, the `rotation_configuration` is unable to set the new expiry date. Instead, when the resource is created, it will default the expiry date to 7 days in the future. On each subsequent apply, the new expiry will be 7 days from the date of the apply.
 * **Upstream API**: [GitLab API docs](https://docs.gitlab.com/ee/api/group_service_accounts.html#create-a-personal-access-token-for-a-service-account-user)
 * ## Import
 * Starting in Terraform v1.5.0 you can use an import block to import `gitlab_group_service_account_access_token`. For example:
 * terraform
 * import {
 *   to = gitlab_group_service_account_access_token.example
 *   id = "see CLI command below for ID"
 * }
 * Import using the CLI is supported using the following syntax:
 * ```sh
 * $ pulumi import gitlab:index/groupServiceAccountAccessToken:GroupServiceAccountAccessToken You can import a service account access token using ` `. The
 * ```
 * `id` is in the form of ::
 * Importing an access token does not import the access token value.
 * ```sh
 * $ pulumi import gitlab:index/groupServiceAccountAccessToken:GroupServiceAccountAccessToken example 1:2:3
 * ```
 * @property expiresAt The service account access token expiry date. When left blank, the token follows the standard rule of expiry for personal access tokens.
 * @property group The ID or URL-encoded path of the group containing the service account. Must be a top level group.
 * @property name The name of the personal access token.
 * @property rotationConfiguration The configuration for when to rotate a token automatically. Will not rotate a token until `pulumi up` is run.
 * @property scopes The scopes of the group service account access token. valid values are: `api`, `read_api`, `read_registry`, `write_registry`, `read_repository`, `write_repository`, `create_runner`, `manage_runner`, `ai_features`, `k8s_proxy`, `read_observability`, `write_observability`
 * @property userId The ID of a service account user.
 */
public data class GroupServiceAccountAccessTokenArgs(
    public val expiresAt: Output? = null,
    public val group: Output? = null,
    public val name: Output? = null,
    public val rotationConfiguration: Output? =
        null,
    public val scopes: Output>? = null,
    public val userId: Output? = null,
) : ConvertibleToJava {
    override fun toJava(): com.pulumi.gitlab.GroupServiceAccountAccessTokenArgs =
        com.pulumi.gitlab.GroupServiceAccountAccessTokenArgs.builder()
            .expiresAt(expiresAt?.applyValue({ args0 -> args0 }))
            .group(group?.applyValue({ args0 -> args0 }))
            .name(name?.applyValue({ args0 -> args0 }))
            .rotationConfiguration(
                rotationConfiguration?.applyValue({ args0 ->
                    args0.let({ args0 ->
                        args0.toJava()
                    })
                }),
            )
            .scopes(scopes?.applyValue({ args0 -> args0.map({ args0 -> args0 }) }))
            .userId(userId?.applyValue({ args0 -> args0 })).build()
}

/**
 * Builder for [GroupServiceAccountAccessTokenArgs].
 */
@PulumiTagMarker
public class GroupServiceAccountAccessTokenArgsBuilder internal constructor() {
    private var expiresAt: Output? = null

    private var group: Output? = null

    private var name: Output? = null

    private var rotationConfiguration:
        Output? = null

    private var scopes: Output>? = null

    private var userId: Output? = null

    /**
     * @param value The service account access token expiry date. When left blank, the token follows the standard rule of expiry for personal access tokens.
     */
    @JvmName("tttjyvfjnuogsivi")
    public suspend fun expiresAt(`value`: Output) {
        this.expiresAt = value
    }

    /**
     * @param value The ID or URL-encoded path of the group containing the service account. Must be a top level group.
     */
    @JvmName("qdyimpypsjvuatnd")
    public suspend fun group(`value`: Output) {
        this.group = value
    }

    /**
     * @param value The name of the personal access token.
     */
    @JvmName("mgxmrapoyvbpgkbg")
    public suspend fun name(`value`: Output) {
        this.name = value
    }

    /**
     * @param value The configuration for when to rotate a token automatically. Will not rotate a token until `pulumi up` is run.
     */
    @JvmName("qgcvxprvdoqsmdvx")
    public suspend fun rotationConfiguration(`value`: Output) {
        this.rotationConfiguration = value
    }

    /**
     * @param value The scopes of the group service account access token. valid values are: `api`, `read_api`, `read_registry`, `write_registry`, `read_repository`, `write_repository`, `create_runner`, `manage_runner`, `ai_features`, `k8s_proxy`, `read_observability`, `write_observability`
     */
    @JvmName("scsikpcvplhytsyx")
    public suspend fun scopes(`value`: Output>) {
        this.scopes = value
    }

    @JvmName("qsfmccagouinhonu")
    public suspend fun scopes(vararg values: Output) {
        this.scopes = Output.all(values.asList())
    }

    /**
     * @param values The scopes of the group service account access token. valid values are: `api`, `read_api`, `read_registry`, `write_registry`, `read_repository`, `write_repository`, `create_runner`, `manage_runner`, `ai_features`, `k8s_proxy`, `read_observability`, `write_observability`
     */
    @JvmName("labcxpobvtoxmfyc")
    public suspend fun scopes(values: List>) {
        this.scopes = Output.all(values)
    }

    /**
     * @param value The ID of a service account user.
     */
    @JvmName("qnwguipsxxdnpssr")
    public suspend fun userId(`value`: Output) {
        this.userId = value
    }

    /**
     * @param value The service account access token expiry date. When left blank, the token follows the standard rule of expiry for personal access tokens.
     */
    @JvmName("cyhsjucblpjtlnhn")
    public suspend fun expiresAt(`value`: String?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.expiresAt = mapped
    }

    /**
     * @param value The ID or URL-encoded path of the group containing the service account. Must be a top level group.
     */
    @JvmName("ilkykloufadjvjbe")
    public suspend fun group(`value`: String?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.group = mapped
    }

    /**
     * @param value The name of the personal access token.
     */
    @JvmName("yelviafrxitowxiq")
    public suspend fun name(`value`: String?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.name = mapped
    }

    /**
     * @param value The configuration for when to rotate a token automatically. Will not rotate a token until `pulumi up` is run.
     */
    @JvmName("dntqupeqevunvmkc")
    public suspend fun rotationConfiguration(`value`: GroupServiceAccountAccessTokenRotationConfigurationArgs?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.rotationConfiguration = mapped
    }

    /**
     * @param argument The configuration for when to rotate a token automatically. Will not rotate a token until `pulumi up` is run.
     */
    @JvmName("othbhsteqhetqano")
    public suspend fun rotationConfiguration(argument: suspend GroupServiceAccountAccessTokenRotationConfigurationArgsBuilder.() -> Unit) {
        val toBeMapped = GroupServiceAccountAccessTokenRotationConfigurationArgsBuilder().applySuspend {
            argument()
        }.build()
        val mapped = of(toBeMapped)
        this.rotationConfiguration = mapped
    }

    /**
     * @param value The scopes of the group service account access token. valid values are: `api`, `read_api`, `read_registry`, `write_registry`, `read_repository`, `write_repository`, `create_runner`, `manage_runner`, `ai_features`, `k8s_proxy`, `read_observability`, `write_observability`
     */
    @JvmName("dfcxyjtmtxmsnwho")
    public suspend fun scopes(`value`: List?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.scopes = mapped
    }

    /**
     * @param values The scopes of the group service account access token. valid values are: `api`, `read_api`, `read_registry`, `write_registry`, `read_repository`, `write_repository`, `create_runner`, `manage_runner`, `ai_features`, `k8s_proxy`, `read_observability`, `write_observability`
     */
    @JvmName("ilcxjcsmcjkqsdby")
    public suspend fun scopes(vararg values: String) {
        val toBeMapped = values.toList()
        val mapped = toBeMapped.let({ args0 -> of(args0) })
        this.scopes = mapped
    }

    /**
     * @param value The ID of a service account user.
     */
    @JvmName("nmuwqlvpwkacpyjm")
    public suspend fun userId(`value`: Int?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.userId = mapped
    }

    internal fun build(): GroupServiceAccountAccessTokenArgs = GroupServiceAccountAccessTokenArgs(
        expiresAt = expiresAt,
        group = group,
        name = name,
        rotationConfiguration = rotationConfiguration,
        scopes = scopes,
        userId = userId,
    )
}