com.pulumi.vault.aws.kotlin.AuthBackendClient.kt Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of pulumi-vault-kotlin Show documentation
Show all versions of pulumi-vault-kotlin Show documentation
Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.
@file:Suppress("NAME_SHADOWING", "DEPRECATION")
package com.pulumi.vault.aws.kotlin
import com.pulumi.core.Output
import com.pulumi.kotlin.KotlinCustomResource
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.kotlin.ResourceMapper
import com.pulumi.kotlin.options.CustomResourceOptions
import com.pulumi.kotlin.options.CustomResourceOptionsBuilder
import com.pulumi.resources.Resource
import kotlin.Boolean
import kotlin.Int
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
/**
* Builder for [AuthBackendClient].
*/
@PulumiTagMarker
public class AuthBackendClientResourceBuilder internal constructor() {
public var name: String? = null
public var args: AuthBackendClientArgs = AuthBackendClientArgs()
public var opts: CustomResourceOptions = CustomResourceOptions()
/**
* @param name The _unique_ name of the resulting resource.
*/
public fun name(`value`: String) {
this.name = value
}
/**
* @param block The arguments to use to populate this resource's properties.
*/
public suspend fun args(block: suspend AuthBackendClientArgsBuilder.() -> Unit) {
val builder = AuthBackendClientArgsBuilder()
block(builder)
this.args = builder.build()
}
/**
* @param block A bag of options that control this resource's behavior.
*/
public suspend fun opts(block: suspend CustomResourceOptionsBuilder.() -> Unit) {
this.opts = com.pulumi.kotlin.options.CustomResourceOptions.opts(block)
}
internal fun build(): AuthBackendClient {
val builtJavaResource = com.pulumi.vault.aws.AuthBackendClient(
this.name,
this.args.toJava(),
this.opts.toJava(),
)
return AuthBackendClient(builtJavaResource)
}
}
/**
* ## Example Usage
* You can setup the AWS auth engine with Workload Identity Federation (WIF) for a secret-less configuration:
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as vault from "@pulumi/vault";
* const example = new vault.AuthBackend("example", {type: "aws"});
* const exampleAuthBackendClient = new vault.aws.AuthBackendClient("example", {
* identityTokenAudience: "",
* identityTokenTtl: "",
* roleArn: "",
* });
* ```
* ```python
* import pulumi
* import pulumi_vault as vault
* example = vault.AuthBackend("example", type="aws")
* example_auth_backend_client = vault.aws.AuthBackendClient("example",
* identity_token_audience="",
* identity_token_ttl="",
* role_arn="")
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Vault = Pulumi.Vault;
* return await Deployment.RunAsync(() =>
* {
* var example = new Vault.AuthBackend("example", new()
* {
* Type = "aws",
* });
* var exampleAuthBackendClient = new Vault.Aws.AuthBackendClient("example", new()
* {
* IdentityTokenAudience = "",
* IdentityTokenTtl = "",
* RoleArn = "",
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-vault/sdk/v6/go/vault"
* "github.com/pulumi/pulumi-vault/sdk/v6/go/vault/aws"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* _, err := vault.NewAuthBackend(ctx, "example", &vault.AuthBackendArgs{
* Type: pulumi.String("aws"),
* })
* if err != nil {
* return err
* }
* _, err = aws.NewAuthBackendClient(ctx, "example", &aws.AuthBackendClientArgs{
* IdentityTokenAudience: pulumi.String(""),
* IdentityTokenTtl: pulumi.Int(""),
* RoleArn: pulumi.String(""),
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.vault.AuthBackend;
* import com.pulumi.vault.AuthBackendArgs;
* import com.pulumi.vault.aws.AuthBackendClient;
* import com.pulumi.vault.aws.AuthBackendClientArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var example = new AuthBackend("example", AuthBackendArgs.builder()
* .type("aws")
* .build());
* var exampleAuthBackendClient = new AuthBackendClient("exampleAuthBackendClient", AuthBackendClientArgs.builder()
* .identityTokenAudience("")
* .identityTokenTtl("")
* .roleArn("")
* .build());
* }
* }
* ```
* ```yaml
* resources:
* example:
* type: vault:AuthBackend
* properties:
* type: aws
* exampleAuthBackendClient:
* type: vault:aws:AuthBackendClient
* name: example
* properties:
* identityTokenAudience:
* identityTokenTtl:
* roleArn:
* ```
*
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as vault from "@pulumi/vault";
* const example = new vault.AuthBackend("example", {type: "aws"});
* const exampleAuthBackendClient = new vault.aws.AuthBackendClient("example", {
* backend: example.path,
* accessKey: "INSERT_AWS_ACCESS_KEY",
* secretKey: "INSERT_AWS_SECRET_KEY",
* });
* ```
* ```python
* import pulumi
* import pulumi_vault as vault
* example = vault.AuthBackend("example", type="aws")
* example_auth_backend_client = vault.aws.AuthBackendClient("example",
* backend=example.path,
* access_key="INSERT_AWS_ACCESS_KEY",
* secret_key="INSERT_AWS_SECRET_KEY")
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Vault = Pulumi.Vault;
* return await Deployment.RunAsync(() =>
* {
* var example = new Vault.AuthBackend("example", new()
* {
* Type = "aws",
* });
* var exampleAuthBackendClient = new Vault.Aws.AuthBackendClient("example", new()
* {
* Backend = example.Path,
* AccessKey = "INSERT_AWS_ACCESS_KEY",
* SecretKey = "INSERT_AWS_SECRET_KEY",
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-vault/sdk/v6/go/vault"
* "github.com/pulumi/pulumi-vault/sdk/v6/go/vault/aws"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* example, err := vault.NewAuthBackend(ctx, "example", &vault.AuthBackendArgs{
* Type: pulumi.String("aws"),
* })
* if err != nil {
* return err
* }
* _, err = aws.NewAuthBackendClient(ctx, "example", &aws.AuthBackendClientArgs{
* Backend: example.Path,
* AccessKey: pulumi.String("INSERT_AWS_ACCESS_KEY"),
* SecretKey: pulumi.String("INSERT_AWS_SECRET_KEY"),
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.vault.AuthBackend;
* import com.pulumi.vault.AuthBackendArgs;
* import com.pulumi.vault.aws.AuthBackendClient;
* import com.pulumi.vault.aws.AuthBackendClientArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var example = new AuthBackend("example", AuthBackendArgs.builder()
* .type("aws")
* .build());
* var exampleAuthBackendClient = new AuthBackendClient("exampleAuthBackendClient", AuthBackendClientArgs.builder()
* .backend(example.path())
* .accessKey("INSERT_AWS_ACCESS_KEY")
* .secretKey("INSERT_AWS_SECRET_KEY")
* .build());
* }
* }
* ```
* ```yaml
* resources:
* example:
* type: vault:AuthBackend
* properties:
* type: aws
* exampleAuthBackendClient:
* type: vault:aws:AuthBackendClient
* name: example
* properties:
* backend: ${example.path}
* accessKey: INSERT_AWS_ACCESS_KEY
* secretKey: INSERT_AWS_SECRET_KEY
* ```
*
* ## Import
* AWS auth backend clients can be imported using `auth/`, the `backend` path, and `/config/client` e.g.
* ```sh
* $ pulumi import vault:aws/authBackendClient:AuthBackendClient example auth/aws/config/client
* ```
*/
public class AuthBackendClient internal constructor(
override val javaResource: com.pulumi.vault.aws.AuthBackendClient,
) : KotlinCustomResource(javaResource, AuthBackendClientMapper) {
/**
* The AWS access key that Vault should use for the
* auth backend. Mutually exclusive with `identity_token_audience`.
*/
public val accessKey: Output?
get() = javaResource.accessKey().applyValue({ args0 -> args0.map({ args0 -> args0 }).orElse(null) })
/**
* The path the AWS auth backend being configured was
* mounted at. Defaults to `aws`.
*/
public val backend: Output?
get() = javaResource.backend().applyValue({ args0 -> args0.map({ args0 -> args0 }).orElse(null) })
/**
* Override the URL Vault uses when making EC2 API
* calls.
*/
public val ec2Endpoint: Output?
get() = javaResource.ec2Endpoint().applyValue({ args0 ->
args0.map({ args0 ->
args0
}).orElse(null)
})
/**
* Override the URL Vault uses when making IAM API
* calls.
*/
public val iamEndpoint: Output?
get() = javaResource.iamEndpoint().applyValue({ args0 ->
args0.map({ args0 ->
args0
}).orElse(null)
})
/**
* The value to require in the
* `X-Vault-AWS-IAM-Server-ID` header as part of `GetCallerIdentity` requests
* that are used in the IAM auth method.
*/
public val iamServerIdHeaderValue: Output?
get() = javaResource.iamServerIdHeaderValue().applyValue({ args0 ->
args0.map({ args0 ->
args0
}).orElse(null)
})
/**
* The audience claim value. Mutually exclusive with `access_key`.
* Requires Vault 1.17+. *Available only for Vault Enterprise*
*/
public val identityTokenAudience: Output?
get() = javaResource.identityTokenAudience().applyValue({ args0 ->
args0.map({ args0 ->
args0
}).orElse(null)
})
/**
* The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
* *Available only for Vault Enterprise*
*/
public val identityTokenTtl: Output
get() = javaResource.identityTokenTtl().applyValue({ args0 -> args0 })
/**
* Number of max retries the client should use for recoverable errors.
* The default `-1` falls back to the AWS SDK's default behavior.
*/
public val maxRetries: Output?
get() = javaResource.maxRetries().applyValue({ args0 ->
args0.map({ args0 ->
args0
}).orElse(null)
})
/**
* The namespace to provision the resource in.
* The value should not contain leading or trailing forward slashes.
* The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
* *Available only for Vault Enterprise*.
*/
public val namespace: Output?
get() = javaResource.namespace().applyValue({ args0 -> args0.map({ args0 -> args0 }).orElse(null) })
/**
* Role ARN to assume for plugin identity token federation. Requires Vault 1.17+.
* *Available only for Vault Enterprise*
*/
public val roleArn: Output?
get() = javaResource.roleArn().applyValue({ args0 -> args0.map({ args0 -> args0 }).orElse(null) })
/**
* The AWS secret key that Vault should use for the
* auth backend.
*/
public val secretKey: Output?
get() = javaResource.secretKey().applyValue({ args0 -> args0.map({ args0 -> args0 }).orElse(null) })
/**
* Override the URL Vault uses when making STS API
* calls.
*/
public val stsEndpoint: Output?
get() = javaResource.stsEndpoint().applyValue({ args0 ->
args0.map({ args0 ->
args0
}).orElse(null)
})
/**
* Override the default region when making STS API
* calls. The `sts_endpoint` argument must be set when using `sts_region`.
*/
public val stsRegion: Output?
get() = javaResource.stsRegion().applyValue({ args0 -> args0.map({ args0 -> args0 }).orElse(null) })
/**
* Available in Vault v1.15+. If set,
* overrides both `sts_endpoint` and `sts_region` to instead use the region
* specified in the client request headers for IAM-based authentication.
* This can be useful when you have client requests coming from different
* regions and want flexibility in which regional STS API is used.
*/
public val useStsRegionFromClient: Output
get() = javaResource.useStsRegionFromClient().applyValue({ args0 -> args0 })
}
public object AuthBackendClientMapper : ResourceMapper {
override fun supportsMappingOfType(javaResource: Resource): Boolean =
com.pulumi.vault.aws.AuthBackendClient::class == javaResource::class
override fun map(javaResource: Resource): AuthBackendClient = AuthBackendClient(
javaResource as
com.pulumi.vault.aws.AuthBackendClient,
)
}
/**
* @see [AuthBackendClient].
* @param name The _unique_ name of the resulting resource.
* @param block Builder for [AuthBackendClient].
*/
public suspend fun authBackendClient(
name: String,
block: suspend AuthBackendClientResourceBuilder.() -> Unit,
): AuthBackendClient {
val builder = AuthBackendClientResourceBuilder()
builder.name(name)
block(builder)
return builder.build()
}
/**
* @see [AuthBackendClient].
* @param name The _unique_ name of the resulting resource.
*/
public fun authBackendClient(name: String): AuthBackendClient {
val builder = AuthBackendClientResourceBuilder()
builder.name(name)
return builder.build()
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy