com.pulumi.vault.identity.kotlin.OidcRole.kt Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of pulumi-vault-kotlin Show documentation
Show all versions of pulumi-vault-kotlin Show documentation
Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.
@file:Suppress("NAME_SHADOWING", "DEPRECATION")
package com.pulumi.vault.identity.kotlin
import com.pulumi.core.Output
import com.pulumi.kotlin.KotlinCustomResource
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.kotlin.ResourceMapper
import com.pulumi.kotlin.options.CustomResourceOptions
import com.pulumi.kotlin.options.CustomResourceOptionsBuilder
import com.pulumi.resources.Resource
import kotlin.Boolean
import kotlin.Int
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
/**
* Builder for [OidcRole].
*/
@PulumiTagMarker
public class OidcRoleResourceBuilder internal constructor() {
public var name: String? = null
public var args: OidcRoleArgs = OidcRoleArgs()
public var opts: CustomResourceOptions = CustomResourceOptions()
/**
* @param name The _unique_ name of the resulting resource.
*/
public fun name(`value`: String) {
this.name = value
}
/**
* @param block The arguments to use to populate this resource's properties.
*/
public suspend fun args(block: suspend OidcRoleArgsBuilder.() -> Unit) {
val builder = OidcRoleArgsBuilder()
block(builder)
this.args = builder.build()
}
/**
* @param block A bag of options that control this resource's behavior.
*/
public suspend fun opts(block: suspend CustomResourceOptionsBuilder.() -> Unit) {
this.opts = com.pulumi.kotlin.options.CustomResourceOptions.opts(block)
}
internal fun build(): OidcRole {
val builtJavaResource = com.pulumi.vault.identity.OidcRole(
this.name,
this.args.toJava(),
this.opts.toJava(),
)
return OidcRole(builtJavaResource)
}
}
/**
* ## Example Usage
* You need to create a role with a named key.
* At creation time, the key can be created independently of the role. However, the key must
* exist before the role can be used to issue tokens. You must also configure the key with the
* role's Client ID to allow the role to use the key.
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as vault from "@pulumi/vault";
* const config = new pulumi.Config();
* // Name of the OIDC Key
* const key = config.get("key") || "key";
* const role = new vault.identity.OidcRole("role", {
* name: "role",
* key: key,
* });
* const keyOidcKey = new vault.identity.OidcKey("key", {
* name: key,
* algorithm: "RS256",
* allowedClientIds: [role.clientId],
* });
* ```
* ```python
* import pulumi
* import pulumi_vault as vault
* config = pulumi.Config()
* # Name of the OIDC Key
* key = config.get("key")
* if key is None:
* key = "key"
* role = vault.identity.OidcRole("role",
* name="role",
* key=key)
* key_oidc_key = vault.identity.OidcKey("key",
* name=key,
* algorithm="RS256",
* allowed_client_ids=[role.client_id])
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Vault = Pulumi.Vault;
* return await Deployment.RunAsync(() =>
* {
* var config = new Config();
* // Name of the OIDC Key
* var key = config.Get("key") ?? "key";
* var role = new Vault.Identity.OidcRole("role", new()
* {
* Name = "role",
* Key = key,
* });
* var keyOidcKey = new Vault.Identity.OidcKey("key", new()
* {
* Name = key,
* Algorithm = "RS256",
* AllowedClientIds = new[]
* {
* role.ClientId,
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-vault/sdk/v6/go/vault/identity"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi/config"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* cfg := config.New(ctx, "")
* // Name of the OIDC Key
* key := "key"
* if param := cfg.Get("key"); param != "" {
* key = param
* }
* role, err := identity.NewOidcRole(ctx, "role", &identity.OidcRoleArgs{
* Name: pulumi.String("role"),
* Key: pulumi.String(key),
* })
* if err != nil {
* return err
* }
* _, err = identity.NewOidcKey(ctx, "key", &identity.OidcKeyArgs{
* Name: pulumi.String(key),
* Algorithm: pulumi.String("RS256"),
* AllowedClientIds: pulumi.StringArray{
* role.ClientId,
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.vault.identity.OidcRole;
* import com.pulumi.vault.identity.OidcRoleArgs;
* import com.pulumi.vault.identity.OidcKey;
* import com.pulumi.vault.identity.OidcKeyArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* final var config = ctx.config();
* final var key = config.get("key").orElse("key");
* var role = new OidcRole("role", OidcRoleArgs.builder()
* .name("role")
* .key(key)
* .build());
* var keyOidcKey = new OidcKey("keyOidcKey", OidcKeyArgs.builder()
* .name(key)
* .algorithm("RS256")
* .allowedClientIds(role.clientId())
* .build());
* }
* }
* ```
* ```yaml
* configuration:
* key:
* type: string
* default: key
* resources:
* keyOidcKey:
* type: vault:identity:OidcKey
* name: key
* properties:
* name: ${key}
* algorithm: RS256
* allowedClientIds:
* - ${role.clientId}
* role:
* type: vault:identity:OidcRole
* properties:
* name: role
* key: ${key}
* ```
*
* If you want to create the key first before creating the role, you can use a separate
* resource to configure the allowed Client ID on
* the key.
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as vault from "@pulumi/vault";
* const key = new vault.identity.OidcKey("key", {
* name: "key",
* algorithm: "RS256",
* });
* const role = new vault.identity.OidcRole("role", {
* name: "role",
* key: key.name,
* });
* const roleOidcKeyAllowedClientID = new vault.identity.OidcKeyAllowedClientID("role", {
* keyName: key.name,
* allowedClientId: role.clientId,
* });
* ```
* ```python
* import pulumi
* import pulumi_vault as vault
* key = vault.identity.OidcKey("key",
* name="key",
* algorithm="RS256")
* role = vault.identity.OidcRole("role",
* name="role",
* key=key.name)
* role_oidc_key_allowed_client_id = vault.identity.OidcKeyAllowedClientID("role",
* key_name=key.name,
* allowed_client_id=role.client_id)
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Vault = Pulumi.Vault;
* return await Deployment.RunAsync(() =>
* {
* var key = new Vault.Identity.OidcKey("key", new()
* {
* Name = "key",
* Algorithm = "RS256",
* });
* var role = new Vault.Identity.OidcRole("role", new()
* {
* Name = "role",
* Key = key.Name,
* });
* var roleOidcKeyAllowedClientID = new Vault.Identity.OidcKeyAllowedClientID("role", new()
* {
* KeyName = key.Name,
* AllowedClientId = role.ClientId,
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-vault/sdk/v6/go/vault/identity"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* key, err := identity.NewOidcKey(ctx, "key", &identity.OidcKeyArgs{
* Name: pulumi.String("key"),
* Algorithm: pulumi.String("RS256"),
* })
* if err != nil {
* return err
* }
* role, err := identity.NewOidcRole(ctx, "role", &identity.OidcRoleArgs{
* Name: pulumi.String("role"),
* Key: key.Name,
* })
* if err != nil {
* return err
* }
* _, err = identity.NewOidcKeyAllowedClientID(ctx, "role", &identity.OidcKeyAllowedClientIDArgs{
* KeyName: key.Name,
* AllowedClientId: role.ClientId,
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.vault.identity.OidcKey;
* import com.pulumi.vault.identity.OidcKeyArgs;
* import com.pulumi.vault.identity.OidcRole;
* import com.pulumi.vault.identity.OidcRoleArgs;
* import com.pulumi.vault.identity.OidcKeyAllowedClientID;
* import com.pulumi.vault.identity.OidcKeyAllowedClientIDArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var key = new OidcKey("key", OidcKeyArgs.builder()
* .name("key")
* .algorithm("RS256")
* .build());
* var role = new OidcRole("role", OidcRoleArgs.builder()
* .name("role")
* .key(key.name())
* .build());
* var roleOidcKeyAllowedClientID = new OidcKeyAllowedClientID("roleOidcKeyAllowedClientID", OidcKeyAllowedClientIDArgs.builder()
* .keyName(key.name())
* .allowedClientId(role.clientId())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* key:
* type: vault:identity:OidcKey
* properties:
* name: key
* algorithm: RS256
* role:
* type: vault:identity:OidcRole
* properties:
* name: role
* key: ${key.name}
* roleOidcKeyAllowedClientID:
* type: vault:identity:OidcKeyAllowedClientID
* name: role
* properties:
* keyName: ${key.name}
* allowedClientId: ${role.clientId}
* ```
*
* ## Import
* The key can be imported with the role name, for example:
* ```sh
* $ pulumi import vault:identity/oidcRole:OidcRole role role
* ```
*/
public class OidcRole internal constructor(
override val javaResource: com.pulumi.vault.identity.OidcRole,
) : KotlinCustomResource(javaResource, OidcRoleMapper) {
/**
* The value that will be included in the `aud` field of all the OIDC identity
* tokens issued by this role
*/
public val clientId: Output
get() = javaResource.clientId().applyValue({ args0 -> args0 })
/**
* A configured named key, the key must already exist
* before tokens can be issued.
*/
public val key: Output
get() = javaResource.key().applyValue({ args0 -> args0 })
/**
* Name of the OIDC Role to create.
*/
public val name: Output
get() = javaResource.name().applyValue({ args0 -> args0 })
/**
* The namespace to provision the resource in.
* The value should not contain leading or trailing forward slashes.
* The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
* *Available only for Vault Enterprise*.
*/
public val namespace: Output?
get() = javaResource.namespace().applyValue({ args0 -> args0.map({ args0 -> args0 }).orElse(null) })
/**
* The template string to use for generating tokens. This may be in
* string-ified JSON or base64 format. See the
* [documentation](https://www.vaultproject.io/docs/secrets/identity/index.html#token-contents-and-templates)
* for the template format.
*/
public val template: Output?
get() = javaResource.template().applyValue({ args0 -> args0.map({ args0 -> args0 }).orElse(null) })
/**
* TTL of the tokens generated against the role in number of seconds.
*/
public val ttl: Output?
get() = javaResource.ttl().applyValue({ args0 -> args0.map({ args0 -> args0 }).orElse(null) })
}
public object OidcRoleMapper : ResourceMapper {
override fun supportsMappingOfType(javaResource: Resource): Boolean =
com.pulumi.vault.identity.OidcRole::class == javaResource::class
override fun map(javaResource: Resource): OidcRole = OidcRole(
javaResource as
com.pulumi.vault.identity.OidcRole,
)
}
/**
* @see [OidcRole].
* @param name The _unique_ name of the resulting resource.
* @param block Builder for [OidcRole].
*/
public suspend fun oidcRole(name: String, block: suspend OidcRoleResourceBuilder.() -> Unit): OidcRole {
val builder = OidcRoleResourceBuilder()
builder.name(name)
block(builder)
return builder.build()
}
/**
* @see [OidcRole].
* @param name The _unique_ name of the resulting resource.
*/
public fun oidcRole(name: String): OidcRole {
val builder = OidcRoleResourceBuilder()
builder.name(name)
return builder.build()
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy