com.pulumi.vault.database.kotlin.SecretBackendStaticRole.kt Maven / Gradle / Ivy
@file:Suppress("NAME_SHADOWING", "DEPRECATION")
package com.pulumi.vault.database.kotlin
import com.pulumi.core.Output
import com.pulumi.kotlin.KotlinCustomResource
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.kotlin.ResourceMapper
import com.pulumi.kotlin.options.CustomResourceOptions
import com.pulumi.kotlin.options.CustomResourceOptionsBuilder
import com.pulumi.resources.Resource
import kotlin.Boolean
import kotlin.Int
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
import kotlin.collections.List
/**
* Builder for [SecretBackendStaticRole].
*/
@PulumiTagMarker
public class SecretBackendStaticRoleResourceBuilder internal constructor() {
public var name: String? = null
public var args: SecretBackendStaticRoleArgs = SecretBackendStaticRoleArgs()
public var opts: CustomResourceOptions = CustomResourceOptions()
/**
* @param name The _unique_ name of the resulting resource.
*/
public fun name(`value`: String) {
this.name = value
}
/**
* @param block The arguments to use to populate this resource's properties.
*/
public suspend fun args(block: suspend SecretBackendStaticRoleArgsBuilder.() -> Unit) {
val builder = SecretBackendStaticRoleArgsBuilder()
block(builder)
this.args = builder.build()
}
/**
* @param block A bag of options that control this resource's behavior.
*/
public suspend fun opts(block: suspend CustomResourceOptionsBuilder.() -> Unit) {
this.opts = com.pulumi.kotlin.options.CustomResourceOptions.opts(block)
}
internal fun build(): SecretBackendStaticRole {
val builtJavaResource =
com.pulumi.vault.database.SecretBackendStaticRole(
this.name,
this.args.toJava(),
this.opts.toJava(),
)
return SecretBackendStaticRole(builtJavaResource)
}
}
/**
* Creates a Database Secret Backend static role in Vault. Database secret backend
* static roles can be used to manage 1-to-1 mapping of a Vault Role to a user in a
* database for the database.
* ## Example Usage
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as vault from "@pulumi/vault";
* const db = new vault.Mount("db", {
* path: "postgres",
* type: "database",
* });
* const postgres = new vault.database.SecretBackendConnection("postgres", {
* backend: db.path,
* name: "postgres",
* allowedRoles: ["*"],
* postgresql: {
* connectionUrl: "postgres://username:password@host:port/database",
* },
* });
* // configure a static role with period-based rotations
* const periodRole = new vault.database.SecretBackendStaticRole("period_role", {
* backend: db.path,
* name: "my-period-role",
* dbName: postgres.name,
* username: "example",
* rotationPeriod: 3600,
* rotationStatements: ["ALTER USER \"{{name}}\" WITH PASSWORD '{{password}}';"],
* });
* // configure a static role with schedule-based rotations
* const scheduleRole = new vault.database.SecretBackendStaticRole("schedule_role", {
* backend: db.path,
* name: "my-schedule-role",
* dbName: postgres.name,
* username: "example",
* rotationSchedule: "0 0 * * SAT",
* rotationWindow: 172800,
* rotationStatements: ["ALTER USER \"{{name}}\" WITH PASSWORD '{{password}}';"],
* });
* ```
* ```python
* import pulumi
* import pulumi_vault as vault
* db = vault.Mount("db",
* path="postgres",
* type="database")
* postgres = vault.database.SecretBackendConnection("postgres",
* backend=db.path,
* name="postgres",
* allowed_roles=["*"],
* postgresql=vault.database.SecretBackendConnectionPostgresqlArgs(
* connection_url="postgres://username:password@host:port/database",
* ))
* # configure a static role with period-based rotations
* period_role = vault.database.SecretBackendStaticRole("period_role",
* backend=db.path,
* name="my-period-role",
* db_name=postgres.name,
* username="example",
* rotation_period=3600,
* rotation_statements=["ALTER USER \"{{name}}\" WITH PASSWORD '{{password}}';"])
* # configure a static role with schedule-based rotations
* schedule_role = vault.database.SecretBackendStaticRole("schedule_role",
* backend=db.path,
* name="my-schedule-role",
* db_name=postgres.name,
* username="example",
* rotation_schedule="0 0 * * SAT",
* rotation_window=172800,
* rotation_statements=["ALTER USER \"{{name}}\" WITH PASSWORD '{{password}}';"])
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Vault = Pulumi.Vault;
* return await Deployment.RunAsync(() =>
* {
* var db = new Vault.Mount("db", new()
* {
* Path = "postgres",
* Type = "database",
* });
* var postgres = new Vault.Database.SecretBackendConnection("postgres", new()
* {
* Backend = db.Path,
* Name = "postgres",
* AllowedRoles = new[]
* {
* "*",
* },
* Postgresql = new Vault.Database.Inputs.SecretBackendConnectionPostgresqlArgs
* {
* ConnectionUrl = "postgres://username:password@host:port/database",
* },
* });
* // configure a static role with period-based rotations
* var periodRole = new Vault.Database.SecretBackendStaticRole("period_role", new()
* {
* Backend = db.Path,
* Name = "my-period-role",
* DbName = postgres.Name,
* Username = "example",
* RotationPeriod = 3600,
* RotationStatements = new[]
* {
* "ALTER USER \"{{name}}\" WITH PASSWORD '{{password}}';",
* },
* });
* // configure a static role with schedule-based rotations
* var scheduleRole = new Vault.Database.SecretBackendStaticRole("schedule_role", new()
* {
* Backend = db.Path,
* Name = "my-schedule-role",
* DbName = postgres.Name,
* Username = "example",
* RotationSchedule = "0 0 * * SAT",
* RotationWindow = 172800,
* RotationStatements = new[]
* {
* "ALTER USER \"{{name}}\" WITH PASSWORD '{{password}}';",
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-vault/sdk/v6/go/vault"
* "github.com/pulumi/pulumi-vault/sdk/v6/go/vault/database"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* db, err := vault.NewMount(ctx, "db", &vault.MountArgs{
* Path: pulumi.String("postgres"),
* Type: pulumi.String("database"),
* })
* if err != nil {
* return err
* }
* postgres, err := database.NewSecretBackendConnection(ctx, "postgres", &database.SecretBackendConnectionArgs{
* Backend: db.Path,
* Name: pulumi.String("postgres"),
* AllowedRoles: pulumi.StringArray{
* pulumi.String("*"),
* },
* Postgresql: &database.SecretBackendConnectionPostgresqlArgs{
* ConnectionUrl: pulumi.String("postgres://username:password@host:port/database"),
* },
* })
* if err != nil {
* return err
* }
* // configure a static role with period-based rotations
* _, err = database.NewSecretBackendStaticRole(ctx, "period_role", &database.SecretBackendStaticRoleArgs{
* Backend: db.Path,
* Name: pulumi.String("my-period-role"),
* DbName: postgres.Name,
* Username: pulumi.String("example"),
* RotationPeriod: pulumi.Int(3600),
* RotationStatements: pulumi.StringArray{
* pulumi.String("ALTER USER \"{{name}}\" WITH PASSWORD '{{password}}';"),
* },
* })
* if err != nil {
* return err
* }
* // configure a static role with schedule-based rotations
* _, err = database.NewSecretBackendStaticRole(ctx, "schedule_role", &database.SecretBackendStaticRoleArgs{
* Backend: db.Path,
* Name: pulumi.String("my-schedule-role"),
* DbName: postgres.Name,
* Username: pulumi.String("example"),
* RotationSchedule: pulumi.String("0 0 * * SAT"),
* RotationWindow: pulumi.Int(172800),
* RotationStatements: pulumi.StringArray{
* pulumi.String("ALTER USER \"{{name}}\" WITH PASSWORD '{{password}}';"),
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.vault.Mount;
* import com.pulumi.vault.MountArgs;
* import com.pulumi.vault.database.SecretBackendConnection;
* import com.pulumi.vault.database.SecretBackendConnectionArgs;
* import com.pulumi.vault.database.inputs.SecretBackendConnectionPostgresqlArgs;
* import com.pulumi.vault.database.SecretBackendStaticRole;
* import com.pulumi.vault.database.SecretBackendStaticRoleArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var db = new Mount("db", MountArgs.builder()
* .path("postgres")
* .type("database")
* .build());
* var postgres = new SecretBackendConnection("postgres", SecretBackendConnectionArgs.builder()
* .backend(db.path())
* .name("postgres")
* .allowedRoles("*")
* .postgresql(SecretBackendConnectionPostgresqlArgs.builder()
* .connectionUrl("postgres://username:password@host:port/database")
* .build())
* .build());
* // configure a static role with period-based rotations
* var periodRole = new SecretBackendStaticRole("periodRole", SecretBackendStaticRoleArgs.builder()
* .backend(db.path())
* .name("my-period-role")
* .dbName(postgres.name())
* .username("example")
* .rotationPeriod("3600")
* .rotationStatements("ALTER USER \"{{name}}\" WITH PASSWORD '{{password}}';")
* .build());
* // configure a static role with schedule-based rotations
* var scheduleRole = new SecretBackendStaticRole("scheduleRole", SecretBackendStaticRoleArgs.builder()
* .backend(db.path())
* .name("my-schedule-role")
* .dbName(postgres.name())
* .username("example")
* .rotationSchedule("0 0 * * SAT")
* .rotationWindow("172800")
* .rotationStatements("ALTER USER \"{{name}}\" WITH PASSWORD '{{password}}';")
* .build());
* }
* }
* ```
* ```yaml
* resources:
* db:
* type: vault:Mount
* properties:
* path: postgres
* type: database
* postgres:
* type: vault:database:SecretBackendConnection
* properties:
* backend: ${db.path}
* name: postgres
* allowedRoles:
* - '*'
* postgresql:
* connectionUrl: postgres://username:password@host:port/database
* # configure a static role with period-based rotations
* periodRole:
* type: vault:database:SecretBackendStaticRole
* name: period_role
* properties:
* backend: ${db.path}
* name: my-period-role
* dbName: ${postgres.name}
* username: example
* rotationPeriod: '3600'
* rotationStatements:
* - ALTER USER "{{name}}" WITH PASSWORD '{{password}}';
* # configure a static role with schedule-based rotations
* scheduleRole:
* type: vault:database:SecretBackendStaticRole
* name: schedule_role
* properties:
* backend: ${db.path}
* name: my-schedule-role
* dbName: ${postgres.name}
* username: example
* rotationSchedule: 0 0 * * SAT
* rotationWindow: '172800'
* rotationStatements:
* - ALTER USER "{{name}}" WITH PASSWORD '{{password}}';
* ```
*
* ## Import
* Database secret backend static roles can be imported using the `backend`, `/static-roles/`, and the `name` e.g.
* ```sh
* $ pulumi import vault:database/secretBackendStaticRole:SecretBackendStaticRole example postgres/static-roles/my-role
* ```
*/
public class SecretBackendStaticRole internal constructor(
override val javaResource: com.pulumi.vault.database.SecretBackendStaticRole,
) : KotlinCustomResource(javaResource, SecretBackendStaticRoleMapper) {
/**
* The unique name of the Vault mount to configure.
*/
public val backend: Output
get() = javaResource.backend().applyValue({ args0 -> args0 })
/**
* The unique name of the database connection to use for the static role.
*/
public val dbName: Output
get() = javaResource.dbName().applyValue({ args0 -> args0 })
/**
* A unique name to give the static role.
*/
public val name: Output
get() = javaResource.name().applyValue({ args0 -> args0 })
/**
* The namespace to provision the resource in.
* The value should not contain leading or trailing forward slashes.
* The `namespace` is always relative to the provider's configured namespace.
* *Available only for Vault Enterprise*.
*/
public val namespace: Output?
get() = javaResource.namespace().applyValue({ args0 -> args0.map({ args0 -> args0 }).orElse(null) })
/**
* The amount of time Vault should wait before rotating the password, in seconds.
* Mutually exclusive with `rotation_schedule`.
*/
public val rotationPeriod: Output?
get() = javaResource.rotationPeriod().applyValue({ args0 ->
args0.map({ args0 ->
args0
}).orElse(null)
})
/**
* A cron-style string that will define the schedule on which rotations should occur.
* Mutually exclusive with `rotation_period`.
* **Warning**: The `rotation_period` and `rotation_schedule` fields are
* mutually exclusive. One of them must be set but not both.
*/
public val rotationSchedule: Output?
get() = javaResource.rotationSchedule().applyValue({ args0 ->
args0.map({ args0 ->
args0
}).orElse(null)
})
/**
* Database statements to execute to rotate the password for the configured database user.
*/
public val rotationStatements: Output>?
get() = javaResource.rotationStatements().applyValue({ args0 ->
args0.map({ args0 ->
args0.map({ args0 -> args0 })
}).orElse(null)
})
/**
* The amount of time, in seconds, in which rotations are allowed to occur starting
* from a given `rotation_schedule`.
*/
public val rotationWindow: Output?
get() = javaResource.rotationWindow().applyValue({ args0 ->
args0.map({ args0 ->
args0
}).orElse(null)
})
/**
* The database username that this static role corresponds to.
*/
public val username: Output
get() = javaResource.username().applyValue({ args0 -> args0 })
}
public object SecretBackendStaticRoleMapper : ResourceMapper {
override fun supportsMappingOfType(javaResource: Resource): Boolean =
com.pulumi.vault.database.SecretBackendStaticRole::class == javaResource::class
override fun map(javaResource: Resource): SecretBackendStaticRole =
SecretBackendStaticRole(javaResource as com.pulumi.vault.database.SecretBackendStaticRole)
}
/**
* @see [SecretBackendStaticRole].
* @param name The _unique_ name of the resulting resource.
* @param block Builder for [SecretBackendStaticRole].
*/
public suspend fun secretBackendStaticRole(
name: String,
block: suspend SecretBackendStaticRoleResourceBuilder.() -> Unit,
): SecretBackendStaticRole {
val builder = SecretBackendStaticRoleResourceBuilder()
builder.name(name)
block(builder)
return builder.build()
}
/**
* @see [SecretBackendStaticRole].
* @param name The _unique_ name of the resulting resource.
*/
public fun secretBackendStaticRole(name: String): SecretBackendStaticRole {
val builder = SecretBackendStaticRoleResourceBuilder()
builder.name(name)
return builder.build()
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy