com.pulumi.vault.gcp.kotlin.AuthBackendArgs.kt Maven / Gradle / Ivy
@file:Suppress("NAME_SHADOWING", "DEPRECATION")
package com.pulumi.vault.gcp.kotlin
import com.pulumi.core.Output
import com.pulumi.core.Output.of
import com.pulumi.kotlin.ConvertibleToJava
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.kotlin.applySuspend
import com.pulumi.vault.gcp.AuthBackendArgs.builder
import com.pulumi.vault.gcp.kotlin.inputs.AuthBackendCustomEndpointArgs
import com.pulumi.vault.gcp.kotlin.inputs.AuthBackendCustomEndpointArgsBuilder
import com.pulumi.vault.gcp.kotlin.inputs.AuthBackendTuneArgs
import com.pulumi.vault.gcp.kotlin.inputs.AuthBackendTuneArgsBuilder
import kotlin.Boolean
import kotlin.Int
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
import kotlin.jvm.JvmName
/**
* Provides a resource to configure the [GCP auth backend within Vault](https://www.vaultproject.io/docs/auth/gcp.html).
* ## Example Usage
* You can setup the GCP auth backend with Workload Identity Federation (WIF) for a secret-less configuration:
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as vault from "@pulumi/vault";
* const gcp = new vault.gcp.AuthBackend("gcp", {
* identityTokenKey: "example-key",
* identityTokenTtl: 1800,
* identityTokenAudience: "",
* serviceAccountEmail: "",
* });
* ```
* ```python
* import pulumi
* import pulumi_vault as vault
* gcp = vault.gcp.AuthBackend("gcp",
* identity_token_key="example-key",
* identity_token_ttl=1800,
* identity_token_audience="",
* service_account_email="")
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Vault = Pulumi.Vault;
* return await Deployment.RunAsync(() =>
* {
* var gcp = new Vault.Gcp.AuthBackend("gcp", new()
* {
* IdentityTokenKey = "example-key",
* IdentityTokenTtl = 1800,
* IdentityTokenAudience = "",
* ServiceAccountEmail = "",
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-vault/sdk/v6/go/vault/gcp"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* _, err := gcp.NewAuthBackend(ctx, "gcp", &gcp.AuthBackendArgs{
* IdentityTokenKey: pulumi.String("example-key"),
* IdentityTokenTtl: pulumi.Int(1800),
* IdentityTokenAudience: pulumi.String(""),
* ServiceAccountEmail: pulumi.String(""),
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.vault.gcp.AuthBackend;
* import com.pulumi.vault.gcp.AuthBackendArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var gcp = new AuthBackend("gcp", AuthBackendArgs.builder()
* .identityTokenKey("example-key")
* .identityTokenTtl(1800)
* .identityTokenAudience("")
* .serviceAccountEmail("")
* .build());
* }
* }
* ```
* ```yaml
* resources:
* gcp:
* type: vault:gcp:AuthBackend
* properties:
* identityTokenKey: example-key
* identityTokenTtl: 1800
* identityTokenAudience:
* serviceAccountEmail:
* ```
*
* ## Import
* GCP authentication backends can be imported using the backend name, e.g.
* ```sh
* $ pulumi import vault:gcp/authBackend:AuthBackend gcp gcp
* ```
* @property clientEmail The clients email associated with the credentials
* @property clientId The Client ID of the credentials
* @property credentials A JSON string containing the contents of a GCP credentials file. If this value is empty, Vault will try to use Application Default Credentials from the machine on which the Vault server is running.
* @property customEndpoint Specifies overrides to
* [service endpoints](https://cloud.google.com/apis/design/glossary#api_service_endpoint)
* used when making API requests. This allows specific requests made during authentication
* to target alternative service endpoints for use in [Private Google Access](https://cloud.google.com/vpc/docs/configure-private-google-access)
* environments. Requires Vault 1.11+.
* Overrides are set at the subdomain level using the following keys:
* @property description A description of the auth method.
* @property disableRemount If set, opts out of mount migration on path updates.
* See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
* @property identityTokenAudience The audience claim value for plugin identity
* tokens. Must match an allowed audience configured for the target [Workload Identity Pool](https://cloud.google.com/iam/docs/workload-identity-federation-with-other-providers#prepare).
* Mutually exclusive with `credentials`. Requires Vault 1.17+. *Available only for Vault Enterprise*.
* @property identityTokenKey The key to use for signing plugin identity
* tokens. Requires Vault 1.17+. *Available only for Vault Enterprise*.
* @property identityTokenTtl The TTL of generated tokens.
* @property local Specifies if the auth method is local only.
* @property namespace The namespace to provision the resource in.
* The value should not contain leading or trailing forward slashes.
* The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
* *Available only for Vault Enterprise*.
* @property path The path to mount the auth method — this defaults to 'gcp'.
* @property privateKeyId The ID of the private key from the credentials
* @property projectId The GCP Project ID
* @property serviceAccountEmail Service Account to impersonate for plugin workload identity federation.
* Required with `identity_token_audience`. Requires Vault 1.17+. *Available only for Vault Enterprise*.
* @property tune Extra configuration block. Structure is documented below.
* The `tune` block is used to tune the auth backend:
*/
public data class AuthBackendArgs(
public val clientEmail: Output? = null,
public val clientId: Output? = null,
public val credentials: Output? = null,
public val customEndpoint: Output? = null,
public val description: Output? = null,
public val disableRemount: Output? = null,
public val identityTokenAudience: Output? = null,
public val identityTokenKey: Output? = null,
public val identityTokenTtl: Output? = null,
public val local: Output? = null,
public val namespace: Output? = null,
public val path: Output? = null,
public val privateKeyId: Output? = null,
public val projectId: Output? = null,
public val serviceAccountEmail: Output? = null,
public val tune: Output? = null,
) : ConvertibleToJava {
override fun toJava(): com.pulumi.vault.gcp.AuthBackendArgs =
com.pulumi.vault.gcp.AuthBackendArgs.builder()
.clientEmail(clientEmail?.applyValue({ args0 -> args0 }))
.clientId(clientId?.applyValue({ args0 -> args0 }))
.credentials(credentials?.applyValue({ args0 -> args0 }))
.customEndpoint(customEndpoint?.applyValue({ args0 -> args0.let({ args0 -> args0.toJava() }) }))
.description(description?.applyValue({ args0 -> args0 }))
.disableRemount(disableRemount?.applyValue({ args0 -> args0 }))
.identityTokenAudience(identityTokenAudience?.applyValue({ args0 -> args0 }))
.identityTokenKey(identityTokenKey?.applyValue({ args0 -> args0 }))
.identityTokenTtl(identityTokenTtl?.applyValue({ args0 -> args0 }))
.local(local?.applyValue({ args0 -> args0 }))
.namespace(namespace?.applyValue({ args0 -> args0 }))
.path(path?.applyValue({ args0 -> args0 }))
.privateKeyId(privateKeyId?.applyValue({ args0 -> args0 }))
.projectId(projectId?.applyValue({ args0 -> args0 }))
.serviceAccountEmail(serviceAccountEmail?.applyValue({ args0 -> args0 }))
.tune(tune?.applyValue({ args0 -> args0.let({ args0 -> args0.toJava() }) })).build()
}
/**
* Builder for [AuthBackendArgs].
*/
@PulumiTagMarker
public class AuthBackendArgsBuilder internal constructor() {
private var clientEmail: Output? = null
private var clientId: Output? = null
private var credentials: Output? = null
private var customEndpoint: Output? = null
private var description: Output? = null
private var disableRemount: Output? = null
private var identityTokenAudience: Output? = null
private var identityTokenKey: Output? = null
private var identityTokenTtl: Output? = null
private var local: Output? = null
private var namespace: Output? = null
private var path: Output? = null
private var privateKeyId: Output? = null
private var projectId: Output? = null
private var serviceAccountEmail: Output? = null
private var tune: Output? = null
/**
* @param value The clients email associated with the credentials
*/
@JvmName("ycsxcqlbmstsmnrs")
public suspend fun clientEmail(`value`: Output) {
this.clientEmail = value
}
/**
* @param value The Client ID of the credentials
*/
@JvmName("gbagaraheuitsqcw")
public suspend fun clientId(`value`: Output) {
this.clientId = value
}
/**
* @param value A JSON string containing the contents of a GCP credentials file. If this value is empty, Vault will try to use Application Default Credentials from the machine on which the Vault server is running.
*/
@JvmName("ccomlsiokmcjsyix")
public suspend fun credentials(`value`: Output) {
this.credentials = value
}
/**
* @param value Specifies overrides to
* [service endpoints](https://cloud.google.com/apis/design/glossary#api_service_endpoint)
* used when making API requests. This allows specific requests made during authentication
* to target alternative service endpoints for use in [Private Google Access](https://cloud.google.com/vpc/docs/configure-private-google-access)
* environments. Requires Vault 1.11+.
* Overrides are set at the subdomain level using the following keys:
*/
@JvmName("cscbfuowsfuusdgk")
public suspend fun customEndpoint(`value`: Output) {
this.customEndpoint = value
}
/**
* @param value A description of the auth method.
*/
@JvmName("yhbgnwbxlrvhandv")
public suspend fun description(`value`: Output) {
this.description = value
}
/**
* @param value If set, opts out of mount migration on path updates.
* See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
*/
@JvmName("iqporvtbtcowticq")
public suspend fun disableRemount(`value`: Output) {
this.disableRemount = value
}
/**
* @param value The audience claim value for plugin identity
* tokens. Must match an allowed audience configured for the target [Workload Identity Pool](https://cloud.google.com/iam/docs/workload-identity-federation-with-other-providers#prepare).
* Mutually exclusive with `credentials`. Requires Vault 1.17+. *Available only for Vault Enterprise*.
*/
@JvmName("mkkxfajmdliddown")
public suspend fun identityTokenAudience(`value`: Output) {
this.identityTokenAudience = value
}
/**
* @param value The key to use for signing plugin identity
* tokens. Requires Vault 1.17+. *Available only for Vault Enterprise*.
*/
@JvmName("senuptgwpymxboxw")
public suspend fun identityTokenKey(`value`: Output) {
this.identityTokenKey = value
}
/**
* @param value The TTL of generated tokens.
*/
@JvmName("cpytvlpgyvewkxlk")
public suspend fun identityTokenTtl(`value`: Output) {
this.identityTokenTtl = value
}
/**
* @param value Specifies if the auth method is local only.
*/
@JvmName("icfoiwwknshjypah")
public suspend fun local(`value`: Output) {
this.local = value
}
/**
* @param value The namespace to provision the resource in.
* The value should not contain leading or trailing forward slashes.
* The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
* *Available only for Vault Enterprise*.
*/
@JvmName("wnofbarumajosbpk")
public suspend fun namespace(`value`: Output) {
this.namespace = value
}
/**
* @param value The path to mount the auth method — this defaults to 'gcp'.
*/
@JvmName("gwkmnvhyffabjkqp")
public suspend fun path(`value`: Output) {
this.path = value
}
/**
* @param value The ID of the private key from the credentials
*/
@JvmName("uctkqcgpnqjhialc")
public suspend fun privateKeyId(`value`: Output) {
this.privateKeyId = value
}
/**
* @param value The GCP Project ID
*/
@JvmName("mswbukffxrvukvun")
public suspend fun projectId(`value`: Output) {
this.projectId = value
}
/**
* @param value Service Account to impersonate for plugin workload identity federation.
* Required with `identity_token_audience`. Requires Vault 1.17+. *Available only for Vault Enterprise*.
*/
@JvmName("agwjxqmofpoovidp")
public suspend fun serviceAccountEmail(`value`: Output) {
this.serviceAccountEmail = value
}
/**
* @param value Extra configuration block. Structure is documented below.
* The `tune` block is used to tune the auth backend:
*/
@JvmName("ufqaibnylqhmjtmn")
public suspend fun tune(`value`: Output) {
this.tune = value
}
/**
* @param value The clients email associated with the credentials
*/
@JvmName("pwomirjgpskmmfvb")
public suspend fun clientEmail(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.clientEmail = mapped
}
/**
* @param value The Client ID of the credentials
*/
@JvmName("wlcwkaervqodlgul")
public suspend fun clientId(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.clientId = mapped
}
/**
* @param value A JSON string containing the contents of a GCP credentials file. If this value is empty, Vault will try to use Application Default Credentials from the machine on which the Vault server is running.
*/
@JvmName("kyumfyiadkqvpgmt")
public suspend fun credentials(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.credentials = mapped
}
/**
* @param value Specifies overrides to
* [service endpoints](https://cloud.google.com/apis/design/glossary#api_service_endpoint)
* used when making API requests. This allows specific requests made during authentication
* to target alternative service endpoints for use in [Private Google Access](https://cloud.google.com/vpc/docs/configure-private-google-access)
* environments. Requires Vault 1.11+.
* Overrides are set at the subdomain level using the following keys:
*/
@JvmName("qeqqbacgbyseesuk")
public suspend fun customEndpoint(`value`: AuthBackendCustomEndpointArgs?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.customEndpoint = mapped
}
/**
* @param argument Specifies overrides to
* [service endpoints](https://cloud.google.com/apis/design/glossary#api_service_endpoint)
* used when making API requests. This allows specific requests made during authentication
* to target alternative service endpoints for use in [Private Google Access](https://cloud.google.com/vpc/docs/configure-private-google-access)
* environments. Requires Vault 1.11+.
* Overrides are set at the subdomain level using the following keys:
*/
@JvmName("vlikwblfdhukhkrl")
public suspend fun customEndpoint(argument: suspend AuthBackendCustomEndpointArgsBuilder.() -> Unit) {
val toBeMapped = AuthBackendCustomEndpointArgsBuilder().applySuspend { argument() }.build()
val mapped = of(toBeMapped)
this.customEndpoint = mapped
}
/**
* @param value A description of the auth method.
*/
@JvmName("lanyvypnmmkgetqp")
public suspend fun description(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.description = mapped
}
/**
* @param value If set, opts out of mount migration on path updates.
* See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
*/
@JvmName("vfeqatifofbmborc")
public suspend fun disableRemount(`value`: Boolean?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.disableRemount = mapped
}
/**
* @param value The audience claim value for plugin identity
* tokens. Must match an allowed audience configured for the target [Workload Identity Pool](https://cloud.google.com/iam/docs/workload-identity-federation-with-other-providers#prepare).
* Mutually exclusive with `credentials`. Requires Vault 1.17+. *Available only for Vault Enterprise*.
*/
@JvmName("infcfnwmkurldbkm")
public suspend fun identityTokenAudience(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.identityTokenAudience = mapped
}
/**
* @param value The key to use for signing plugin identity
* tokens. Requires Vault 1.17+. *Available only for Vault Enterprise*.
*/
@JvmName("bhqyqehbqpsfnqio")
public suspend fun identityTokenKey(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.identityTokenKey = mapped
}
/**
* @param value The TTL of generated tokens.
*/
@JvmName("ythnoppcdmysouas")
public suspend fun identityTokenTtl(`value`: Int?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.identityTokenTtl = mapped
}
/**
* @param value Specifies if the auth method is local only.
*/
@JvmName("mmqrikugohxtudtd")
public suspend fun local(`value`: Boolean?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.local = mapped
}
/**
* @param value The namespace to provision the resource in.
* The value should not contain leading or trailing forward slashes.
* The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
* *Available only for Vault Enterprise*.
*/
@JvmName("vroyanmfwybrmiqg")
public suspend fun namespace(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.namespace = mapped
}
/**
* @param value The path to mount the auth method — this defaults to 'gcp'.
*/
@JvmName("ssgecfiagbinudvt")
public suspend fun path(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.path = mapped
}
/**
* @param value The ID of the private key from the credentials
*/
@JvmName("wnonedmqtohmpxmu")
public suspend fun privateKeyId(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.privateKeyId = mapped
}
/**
* @param value The GCP Project ID
*/
@JvmName("vgwfrtwskfyvkssu")
public suspend fun projectId(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.projectId = mapped
}
/**
* @param value Service Account to impersonate for plugin workload identity federation.
* Required with `identity_token_audience`. Requires Vault 1.17+. *Available only for Vault Enterprise*.
*/
@JvmName("jehwfjwqbwnqtrlm")
public suspend fun serviceAccountEmail(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.serviceAccountEmail = mapped
}
/**
* @param value Extra configuration block. Structure is documented below.
* The `tune` block is used to tune the auth backend:
*/
@JvmName("avobofmxsvmwjvry")
public suspend fun tune(`value`: AuthBackendTuneArgs?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.tune = mapped
}
/**
* @param argument Extra configuration block. Structure is documented below.
* The `tune` block is used to tune the auth backend:
*/
@JvmName("vsxlbrxhhpipcmof")
public suspend fun tune(argument: suspend AuthBackendTuneArgsBuilder.() -> Unit) {
val toBeMapped = AuthBackendTuneArgsBuilder().applySuspend { argument() }.build()
val mapped = of(toBeMapped)
this.tune = mapped
}
internal fun build(): AuthBackendArgs = AuthBackendArgs(
clientEmail = clientEmail,
clientId = clientId,
credentials = credentials,
customEndpoint = customEndpoint,
description = description,
disableRemount = disableRemount,
identityTokenAudience = identityTokenAudience,
identityTokenKey = identityTokenKey,
identityTokenTtl = identityTokenTtl,
local = local,
namespace = namespace,
path = path,
privateKeyId = privateKeyId,
projectId = projectId,
serviceAccountEmail = serviceAccountEmail,
tune = tune,
)
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy