com.pulumi.vault.aws.kotlin.SecretBackendRoleArgs.kt Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of pulumi-vault-kotlin Show documentation
Show all versions of pulumi-vault-kotlin Show documentation
Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.
@file:Suppress("NAME_SHADOWING", "DEPRECATION")
package com.pulumi.vault.aws.kotlin
import com.pulumi.core.Output
import com.pulumi.core.Output.of
import com.pulumi.kotlin.ConvertibleToJava
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.vault.aws.SecretBackendRoleArgs.builder
import kotlin.Int
import kotlin.Pair
import kotlin.String
import kotlin.Suppress
import kotlin.collections.List
import kotlin.collections.Map
import kotlin.jvm.JvmName
/**
* ## Example Usage
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as vault from "@pulumi/vault";
* const aws = new vault.aws.SecretBackend("aws", {
* accessKey: "AKIA.....",
* secretKey: "AWS secret key",
* });
* const role = new vault.aws.SecretBackendRole("role", {
* backend: aws.path,
* name: "deploy",
* credentialType: "iam_user",
* policyDocument: `{
* "Version": "2012-10-17",
* "Statement": [
* {
* "Effect": "Allow",
* "Action": "iam:*",
* "Resource": "*"
* }
* ]
* }
* `,
* });
* ```
* ```python
* import pulumi
* import pulumi_vault as vault
* aws = vault.aws.SecretBackend("aws",
* access_key="AKIA.....",
* secret_key="AWS secret key")
* role = vault.aws.SecretBackendRole("role",
* backend=aws.path,
* name="deploy",
* credential_type="iam_user",
* policy_document="""{
* "Version": "2012-10-17",
* "Statement": [
* {
* "Effect": "Allow",
* "Action": "iam:*",
* "Resource": "*"
* }
* ]
* }
* """)
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Vault = Pulumi.Vault;
* return await Deployment.RunAsync(() =>
* {
* var aws = new Vault.Aws.SecretBackend("aws", new()
* {
* AccessKey = "AKIA.....",
* SecretKey = "AWS secret key",
* });
* var role = new Vault.Aws.SecretBackendRole("role", new()
* {
* Backend = aws.Path,
* Name = "deploy",
* CredentialType = "iam_user",
* PolicyDocument = @"{
* ""Version"": ""2012-10-17"",
* ""Statement"": [
* {
* ""Effect"": ""Allow"",
* ""Action"": ""iam:*"",
* ""Resource"": ""*""
* }
* ]
* }
* ",
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-vault/sdk/v6/go/vault/aws"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* aws, err := aws.NewSecretBackend(ctx, "aws", &aws.SecretBackendArgs{
* AccessKey: pulumi.String("AKIA....."),
* SecretKey: pulumi.String("AWS secret key"),
* })
* if err != nil {
* return err
* }
* _, err = aws.NewSecretBackendRole(ctx, "role", &aws.SecretBackendRoleArgs{
* Backend: aws.Path,
* Name: pulumi.String("deploy"),
* CredentialType: pulumi.String("iam_user"),
* PolicyDocument: pulumi.String(`{
* "Version": "2012-10-17",
* "Statement": [
* {
* "Effect": "Allow",
* "Action": "iam:*",
* "Resource": "*"
* }
* ]
* }
* `),
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.vault.aws.SecretBackend;
* import com.pulumi.vault.aws.SecretBackendArgs;
* import com.pulumi.vault.aws.SecretBackendRole;
* import com.pulumi.vault.aws.SecretBackendRoleArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var aws = new SecretBackend("aws", SecretBackendArgs.builder()
* .accessKey("AKIA.....")
* .secretKey("AWS secret key")
* .build());
* var role = new SecretBackendRole("role", SecretBackendRoleArgs.builder()
* .backend(aws.path())
* .name("deploy")
* .credentialType("iam_user")
* .policyDocument("""
* {
* "Version": "2012-10-17",
* "Statement": [
* {
* "Effect": "Allow",
* "Action": "iam:*",
* "Resource": "*"
* }
* ]
* }
* """)
* .build());
* }
* }
* ```
* ```yaml
* resources:
* aws:
* type: vault:aws:SecretBackend
* properties:
* accessKey: AKIA.....
* secretKey: AWS secret key
* role:
* type: vault:aws:SecretBackendRole
* properties:
* backend: ${aws.path}
* name: deploy
* credentialType: iam_user
* policyDocument: |
* {
* "Version": "2012-10-17",
* "Statement": [
* {
* "Effect": "Allow",
* "Action": "iam:*",
* "Resource": "*"
* }
* ]
* }
* ```
*
* ## Import
* AWS secret backend roles can be imported using the `path`, e.g.
* ```sh
* $ pulumi import vault:aws/secretBackendRole:SecretBackendRole role aws/roles/deploy
* ```
* @property backend The path the AWS secret backend is mounted at,
* with no leading or trailing `/`s.
* @property credentialType Specifies the type of credential to be used when
* retrieving credentials from the role. Must be one of `iam_user`, `assumed_role`, or
* `federation_token`.
* @property defaultStsTtl The default TTL in seconds for STS credentials.
* When a TTL is not specified when STS credentials are requested,
* and a default TTL is specified on the role,
* then this default TTL will be used. Valid only when `credential_type` is one of
* `assumed_role` or `federation_token`.
* @property externalId External ID to set for assume role creds.
* Valid only when `credential_type` is set to `assumed_role`.
* @property iamGroups A list of IAM group names. IAM users generated
* against this vault role will be added to these IAM Groups. For a credential
* type of `assumed_role` or `federation_token`, the policies sent to the
* corresponding AWS call (sts:AssumeRole or sts:GetFederation) will be the
* policies from each group in `iam_groups` combined with the `policy_document`
* and `policy_arns` parameters.
* @property iamTags A map of strings representing key/value pairs
* to be used as tags for any IAM user that is created by this role.
* @property maxStsTtl The max allowed TTL in seconds for STS credentials
* (credentials TTL are capped to `max_sts_ttl`). Valid only when `credential_type` is
* one of `assumed_role` or `federation_token`.
* @property name The name to identify this role within the backend.
* Must be unique within the backend.
* @property namespace The namespace to provision the resource in.
* The value should not contain leading or trailing forward slashes.
* The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
* *Available only for Vault Enterprise*.
* @property permissionsBoundaryArn The ARN of the AWS Permissions
* Boundary to attach to IAM users created in the role. Valid only when
* `credential_type` is `iam_user`. If not specified, then no permissions boundary
* policy will be attached.
* @property policyArns Specifies a list of AWS managed policy ARNs. The
* behavior depends on the credential type. With `iam_user`, the policies will be
* attached to IAM users when they are requested. With `assumed_role` and
* `federation_token`, the policy ARNs will act as a filter on what the credentials
* can do, similar to `policy_document`. When `credential_type` is `iam_user` or
* `federation_token`, at least one of `policy_document` or `policy_arns` must
* be specified.
* @property policyDocument The IAM policy document for the role. The
* behavior depends on the credential type. With `iam_user`, the policy document
* will be attached to the IAM user generated and augment the permissions the IAM
* user has. With `assumed_role` and `federation_token`, the policy document will
* act as a filter on what the credentials can do, similar to `policy_arns`.
* @property roleArns Specifies the ARNs of the AWS roles this Vault role
* is allowed to assume. Required when `credential_type` is `assumed_role` and
* prohibited otherwise.
* @property sessionTags A map of strings representing key/value pairs to be set
* during assume role creds creation. Valid only when `credential_type` is set to
* `assumed_role`.
* @property userPath The path for the user name. Valid only when
* `credential_type` is `iam_user`. Default is `/`.
*/
public data class SecretBackendRoleArgs(
public val backend: Output? = null,
public val credentialType: Output? = null,
public val defaultStsTtl: Output? = null,
public val externalId: Output? = null,
public val iamGroups: Output>? = null,
public val iamTags: Output>? = null,
public val maxStsTtl: Output? = null,
public val name: Output? = null,
public val namespace: Output? = null,
public val permissionsBoundaryArn: Output? = null,
public val policyArns: Output>? = null,
public val policyDocument: Output? = null,
public val roleArns: Output>? = null,
public val sessionTags: Output>? = null,
public val userPath: Output? = null,
) : ConvertibleToJava {
override fun toJava(): com.pulumi.vault.aws.SecretBackendRoleArgs =
com.pulumi.vault.aws.SecretBackendRoleArgs.builder()
.backend(backend?.applyValue({ args0 -> args0 }))
.credentialType(credentialType?.applyValue({ args0 -> args0 }))
.defaultStsTtl(defaultStsTtl?.applyValue({ args0 -> args0 }))
.externalId(externalId?.applyValue({ args0 -> args0 }))
.iamGroups(iamGroups?.applyValue({ args0 -> args0.map({ args0 -> args0 }) }))
.iamTags(iamTags?.applyValue({ args0 -> args0.map({ args0 -> args0.key.to(args0.value) }).toMap() }))
.maxStsTtl(maxStsTtl?.applyValue({ args0 -> args0 }))
.name(name?.applyValue({ args0 -> args0 }))
.namespace(namespace?.applyValue({ args0 -> args0 }))
.permissionsBoundaryArn(permissionsBoundaryArn?.applyValue({ args0 -> args0 }))
.policyArns(policyArns?.applyValue({ args0 -> args0.map({ args0 -> args0 }) }))
.policyDocument(policyDocument?.applyValue({ args0 -> args0 }))
.roleArns(roleArns?.applyValue({ args0 -> args0.map({ args0 -> args0 }) }))
.sessionTags(
sessionTags?.applyValue({ args0 ->
args0.map({ args0 ->
args0.key.to(args0.value)
}).toMap()
}),
)
.userPath(userPath?.applyValue({ args0 -> args0 })).build()
}
/**
* Builder for [SecretBackendRoleArgs].
*/
@PulumiTagMarker
public class SecretBackendRoleArgsBuilder internal constructor() {
private var backend: Output? = null
private var credentialType: Output? = null
private var defaultStsTtl: Output? = null
private var externalId: Output? = null
private var iamGroups: Output>? = null
private var iamTags: Output>? = null
private var maxStsTtl: Output? = null
private var name: Output? = null
private var namespace: Output? = null
private var permissionsBoundaryArn: Output? = null
private var policyArns: Output>? = null
private var policyDocument: Output? = null
private var roleArns: Output>? = null
private var sessionTags: Output>? = null
private var userPath: Output? = null
/**
* @param value The path the AWS secret backend is mounted at,
* with no leading or trailing `/`s.
*/
@JvmName("kknpuwadnnawcrdu")
public suspend fun backend(`value`: Output) {
this.backend = value
}
/**
* @param value Specifies the type of credential to be used when
* retrieving credentials from the role. Must be one of `iam_user`, `assumed_role`, or
* `federation_token`.
*/
@JvmName("amcjlutiubwjhtwb")
public suspend fun credentialType(`value`: Output) {
this.credentialType = value
}
/**
* @param value The default TTL in seconds for STS credentials.
* When a TTL is not specified when STS credentials are requested,
* and a default TTL is specified on the role,
* then this default TTL will be used. Valid only when `credential_type` is one of
* `assumed_role` or `federation_token`.
*/
@JvmName("vuxbuejulaopdxoy")
public suspend fun defaultStsTtl(`value`: Output) {
this.defaultStsTtl = value
}
/**
* @param value External ID to set for assume role creds.
* Valid only when `credential_type` is set to `assumed_role`.
*/
@JvmName("txoqygwvelmuqavm")
public suspend fun externalId(`value`: Output) {
this.externalId = value
}
/**
* @param value A list of IAM group names. IAM users generated
* against this vault role will be added to these IAM Groups. For a credential
* type of `assumed_role` or `federation_token`, the policies sent to the
* corresponding AWS call (sts:AssumeRole or sts:GetFederation) will be the
* policies from each group in `iam_groups` combined with the `policy_document`
* and `policy_arns` parameters.
*/
@JvmName("caytfonmccpivkuh")
public suspend fun iamGroups(`value`: Output>) {
this.iamGroups = value
}
@JvmName("cfhjmvkcsiekybcj")
public suspend fun iamGroups(vararg values: Output) {
this.iamGroups = Output.all(values.asList())
}
/**
* @param values A list of IAM group names. IAM users generated
* against this vault role will be added to these IAM Groups. For a credential
* type of `assumed_role` or `federation_token`, the policies sent to the
* corresponding AWS call (sts:AssumeRole or sts:GetFederation) will be the
* policies from each group in `iam_groups` combined with the `policy_document`
* and `policy_arns` parameters.
*/
@JvmName("sbpgxyiiqpamybeo")
public suspend fun iamGroups(values: List>) {
this.iamGroups = Output.all(values)
}
/**
* @param value A map of strings representing key/value pairs
* to be used as tags for any IAM user that is created by this role.
*/
@JvmName("evbujfixbbhqxcqq")
public suspend fun iamTags(`value`: Output>) {
this.iamTags = value
}
/**
* @param value The max allowed TTL in seconds for STS credentials
* (credentials TTL are capped to `max_sts_ttl`). Valid only when `credential_type` is
* one of `assumed_role` or `federation_token`.
*/
@JvmName("qmbpqdjqksnmeghh")
public suspend fun maxStsTtl(`value`: Output) {
this.maxStsTtl = value
}
/**
* @param value The name to identify this role within the backend.
* Must be unique within the backend.
*/
@JvmName("lwbvgjajmysxucvy")
public suspend fun name(`value`: Output) {
this.name = value
}
/**
* @param value The namespace to provision the resource in.
* The value should not contain leading or trailing forward slashes.
* The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
* *Available only for Vault Enterprise*.
*/
@JvmName("qmcrlrvqkvktcqtb")
public suspend fun namespace(`value`: Output) {
this.namespace = value
}
/**
* @param value The ARN of the AWS Permissions
* Boundary to attach to IAM users created in the role. Valid only when
* `credential_type` is `iam_user`. If not specified, then no permissions boundary
* policy will be attached.
*/
@JvmName("fwsrxicxqjajdkfb")
public suspend fun permissionsBoundaryArn(`value`: Output) {
this.permissionsBoundaryArn = value
}
/**
* @param value Specifies a list of AWS managed policy ARNs. The
* behavior depends on the credential type. With `iam_user`, the policies will be
* attached to IAM users when they are requested. With `assumed_role` and
* `federation_token`, the policy ARNs will act as a filter on what the credentials
* can do, similar to `policy_document`. When `credential_type` is `iam_user` or
* `federation_token`, at least one of `policy_document` or `policy_arns` must
* be specified.
*/
@JvmName("wqteneopeqotrtjd")
public suspend fun policyArns(`value`: Output>) {
this.policyArns = value
}
@JvmName("yricshnlbefbsslk")
public suspend fun policyArns(vararg values: Output) {
this.policyArns = Output.all(values.asList())
}
/**
* @param values Specifies a list of AWS managed policy ARNs. The
* behavior depends on the credential type. With `iam_user`, the policies will be
* attached to IAM users when they are requested. With `assumed_role` and
* `federation_token`, the policy ARNs will act as a filter on what the credentials
* can do, similar to `policy_document`. When `credential_type` is `iam_user` or
* `federation_token`, at least one of `policy_document` or `policy_arns` must
* be specified.
*/
@JvmName("iumxesinqqrdmalv")
public suspend fun policyArns(values: List>) {
this.policyArns = Output.all(values)
}
/**
* @param value The IAM policy document for the role. The
* behavior depends on the credential type. With `iam_user`, the policy document
* will be attached to the IAM user generated and augment the permissions the IAM
* user has. With `assumed_role` and `federation_token`, the policy document will
* act as a filter on what the credentials can do, similar to `policy_arns`.
*/
@JvmName("susjmksejqaxqsoy")
public suspend fun policyDocument(`value`: Output) {
this.policyDocument = value
}
/**
* @param value Specifies the ARNs of the AWS roles this Vault role
* is allowed to assume. Required when `credential_type` is `assumed_role` and
* prohibited otherwise.
*/
@JvmName("jlrmwwnouuoxvcra")
public suspend fun roleArns(`value`: Output>) {
this.roleArns = value
}
@JvmName("uhtgoyuqyoggsyrc")
public suspend fun roleArns(vararg values: Output) {
this.roleArns = Output.all(values.asList())
}
/**
* @param values Specifies the ARNs of the AWS roles this Vault role
* is allowed to assume. Required when `credential_type` is `assumed_role` and
* prohibited otherwise.
*/
@JvmName("ulcalwahlijylioy")
public suspend fun roleArns(values: List>) {
this.roleArns = Output.all(values)
}
/**
* @param value A map of strings representing key/value pairs to be set
* during assume role creds creation. Valid only when `credential_type` is set to
* `assumed_role`.
*/
@JvmName("gmulbnujcqooyxne")
public suspend fun sessionTags(`value`: Output>) {
this.sessionTags = value
}
/**
* @param value The path for the user name. Valid only when
* `credential_type` is `iam_user`. Default is `/`.
*/
@JvmName("clxycbashuobsbio")
public suspend fun userPath(`value`: Output) {
this.userPath = value
}
/**
* @param value The path the AWS secret backend is mounted at,
* with no leading or trailing `/`s.
*/
@JvmName("lapklfxoeygymaww")
public suspend fun backend(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.backend = mapped
}
/**
* @param value Specifies the type of credential to be used when
* retrieving credentials from the role. Must be one of `iam_user`, `assumed_role`, or
* `federation_token`.
*/
@JvmName("agmbmvjojttjqleg")
public suspend fun credentialType(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.credentialType = mapped
}
/**
* @param value The default TTL in seconds for STS credentials.
* When a TTL is not specified when STS credentials are requested,
* and a default TTL is specified on the role,
* then this default TTL will be used. Valid only when `credential_type` is one of
* `assumed_role` or `federation_token`.
*/
@JvmName("ratpodysieyrkvbt")
public suspend fun defaultStsTtl(`value`: Int?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.defaultStsTtl = mapped
}
/**
* @param value External ID to set for assume role creds.
* Valid only when `credential_type` is set to `assumed_role`.
*/
@JvmName("yriknfgcvwthmhxu")
public suspend fun externalId(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.externalId = mapped
}
/**
* @param value A list of IAM group names. IAM users generated
* against this vault role will be added to these IAM Groups. For a credential
* type of `assumed_role` or `federation_token`, the policies sent to the
* corresponding AWS call (sts:AssumeRole or sts:GetFederation) will be the
* policies from each group in `iam_groups` combined with the `policy_document`
* and `policy_arns` parameters.
*/
@JvmName("smjdwvxxrlqatnvf")
public suspend fun iamGroups(`value`: List?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.iamGroups = mapped
}
/**
* @param values A list of IAM group names. IAM users generated
* against this vault role will be added to these IAM Groups. For a credential
* type of `assumed_role` or `federation_token`, the policies sent to the
* corresponding AWS call (sts:AssumeRole or sts:GetFederation) will be the
* policies from each group in `iam_groups` combined with the `policy_document`
* and `policy_arns` parameters.
*/
@JvmName("wdcaupwsgoscvlju")
public suspend fun iamGroups(vararg values: String) {
val toBeMapped = values.toList()
val mapped = toBeMapped.let({ args0 -> of(args0) })
this.iamGroups = mapped
}
/**
* @param value A map of strings representing key/value pairs
* to be used as tags for any IAM user that is created by this role.
*/
@JvmName("wtphaqfrnsjlpdkp")
public suspend fun iamTags(`value`: Map?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.iamTags = mapped
}
/**
* @param values A map of strings representing key/value pairs
* to be used as tags for any IAM user that is created by this role.
*/
@JvmName("ofjtibgtrhcevegt")
public fun iamTags(vararg values: Pair) {
val toBeMapped = values.toMap()
val mapped = toBeMapped.let({ args0 -> of(args0) })
this.iamTags = mapped
}
/**
* @param value The max allowed TTL in seconds for STS credentials
* (credentials TTL are capped to `max_sts_ttl`). Valid only when `credential_type` is
* one of `assumed_role` or `federation_token`.
*/
@JvmName("bvgfaqskfwtlxqbm")
public suspend fun maxStsTtl(`value`: Int?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.maxStsTtl = mapped
}
/**
* @param value The name to identify this role within the backend.
* Must be unique within the backend.
*/
@JvmName("ftgyuxkruciyhxlk")
public suspend fun name(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.name = mapped
}
/**
* @param value The namespace to provision the resource in.
* The value should not contain leading or trailing forward slashes.
* The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
* *Available only for Vault Enterprise*.
*/
@JvmName("uigdpusdsroopfsr")
public suspend fun namespace(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.namespace = mapped
}
/**
* @param value The ARN of the AWS Permissions
* Boundary to attach to IAM users created in the role. Valid only when
* `credential_type` is `iam_user`. If not specified, then no permissions boundary
* policy will be attached.
*/
@JvmName("ujwdefafdwrenake")
public suspend fun permissionsBoundaryArn(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.permissionsBoundaryArn = mapped
}
/**
* @param value Specifies a list of AWS managed policy ARNs. The
* behavior depends on the credential type. With `iam_user`, the policies will be
* attached to IAM users when they are requested. With `assumed_role` and
* `federation_token`, the policy ARNs will act as a filter on what the credentials
* can do, similar to `policy_document`. When `credential_type` is `iam_user` or
* `federation_token`, at least one of `policy_document` or `policy_arns` must
* be specified.
*/
@JvmName("ajgjmkchnybnphat")
public suspend fun policyArns(`value`: List?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.policyArns = mapped
}
/**
* @param values Specifies a list of AWS managed policy ARNs. The
* behavior depends on the credential type. With `iam_user`, the policies will be
* attached to IAM users when they are requested. With `assumed_role` and
* `federation_token`, the policy ARNs will act as a filter on what the credentials
* can do, similar to `policy_document`. When `credential_type` is `iam_user` or
* `federation_token`, at least one of `policy_document` or `policy_arns` must
* be specified.
*/
@JvmName("vnfkwcqnosxhdexl")
public suspend fun policyArns(vararg values: String) {
val toBeMapped = values.toList()
val mapped = toBeMapped.let({ args0 -> of(args0) })
this.policyArns = mapped
}
/**
* @param value The IAM policy document for the role. The
* behavior depends on the credential type. With `iam_user`, the policy document
* will be attached to the IAM user generated and augment the permissions the IAM
* user has. With `assumed_role` and `federation_token`, the policy document will
* act as a filter on what the credentials can do, similar to `policy_arns`.
*/
@JvmName("bfefhshteeiuceqw")
public suspend fun policyDocument(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.policyDocument = mapped
}
/**
* @param value Specifies the ARNs of the AWS roles this Vault role
* is allowed to assume. Required when `credential_type` is `assumed_role` and
* prohibited otherwise.
*/
@JvmName("hhksmaacfpohsome")
public suspend fun roleArns(`value`: List?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.roleArns = mapped
}
/**
* @param values Specifies the ARNs of the AWS roles this Vault role
* is allowed to assume. Required when `credential_type` is `assumed_role` and
* prohibited otherwise.
*/
@JvmName("huwporopbhvmtofw")
public suspend fun roleArns(vararg values: String) {
val toBeMapped = values.toList()
val mapped = toBeMapped.let({ args0 -> of(args0) })
this.roleArns = mapped
}
/**
* @param value A map of strings representing key/value pairs to be set
* during assume role creds creation. Valid only when `credential_type` is set to
* `assumed_role`.
*/
@JvmName("utbfelrswicejmyl")
public suspend fun sessionTags(`value`: Map?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.sessionTags = mapped
}
/**
* @param values A map of strings representing key/value pairs to be set
* during assume role creds creation. Valid only when `credential_type` is set to
* `assumed_role`.
*/
@JvmName("obpbhfrudqcgcnep")
public fun sessionTags(vararg values: Pair) {
val toBeMapped = values.toMap()
val mapped = toBeMapped.let({ args0 -> of(args0) })
this.sessionTags = mapped
}
/**
* @param value The path for the user name. Valid only when
* `credential_type` is `iam_user`. Default is `/`.
*/
@JvmName("vrimpoykqsrjnvpu")
public suspend fun userPath(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.userPath = mapped
}
internal fun build(): SecretBackendRoleArgs = SecretBackendRoleArgs(
backend = backend,
credentialType = credentialType,
defaultStsTtl = defaultStsTtl,
externalId = externalId,
iamGroups = iamGroups,
iamTags = iamTags,
maxStsTtl = maxStsTtl,
name = name,
namespace = namespace,
permissionsBoundaryArn = permissionsBoundaryArn,
policyArns = policyArns,
policyDocument = policyDocument,
roleArns = roleArns,
sessionTags = sessionTags,
userPath = userPath,
)
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy