com.pulumi.vault.identity.kotlin.OidcRoleArgs.kt Maven / Gradle / Ivy
@file:Suppress("NAME_SHADOWING", "DEPRECATION")
package com.pulumi.vault.identity.kotlin
import com.pulumi.core.Output
import com.pulumi.core.Output.of
import com.pulumi.kotlin.ConvertibleToJava
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.vault.identity.OidcRoleArgs.builder
import kotlin.Int
import kotlin.String
import kotlin.Suppress
import kotlin.jvm.JvmName
/**
* ## Example Usage
* You need to create a role with a named key.
* At creation time, the key can be created independently of the role. However, the key must
* exist before the role can be used to issue tokens. You must also configure the key with the
* role's Client ID to allow the role to use the key.
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as vault from "@pulumi/vault";
* const config = new pulumi.Config();
* // Name of the OIDC Key
* const key = config.get("key") || "key";
* const role = new vault.identity.OidcRole("role", {
* name: "role",
* key: key,
* });
* const keyOidcKey = new vault.identity.OidcKey("key", {
* name: key,
* algorithm: "RS256",
* allowedClientIds: [role.clientId],
* });
* ```
* ```python
* import pulumi
* import pulumi_vault as vault
* config = pulumi.Config()
* # Name of the OIDC Key
* key = config.get("key")
* if key is None:
* key = "key"
* role = vault.identity.OidcRole("role",
* name="role",
* key=key)
* key_oidc_key = vault.identity.OidcKey("key",
* name=key,
* algorithm="RS256",
* allowed_client_ids=[role.client_id])
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Vault = Pulumi.Vault;
* return await Deployment.RunAsync(() =>
* {
* var config = new Config();
* // Name of the OIDC Key
* var key = config.Get("key") ?? "key";
* var role = new Vault.Identity.OidcRole("role", new()
* {
* Name = "role",
* Key = key,
* });
* var keyOidcKey = new Vault.Identity.OidcKey("key", new()
* {
* Name = key,
* Algorithm = "RS256",
* AllowedClientIds = new[]
* {
* role.ClientId,
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-vault/sdk/v6/go/vault/identity"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi/config"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* cfg := config.New(ctx, "")
* // Name of the OIDC Key
* key := "key"
* if param := cfg.Get("key"); param != "" {
* key = param
* }
* role, err := identity.NewOidcRole(ctx, "role", &identity.OidcRoleArgs{
* Name: pulumi.String("role"),
* Key: pulumi.String(key),
* })
* if err != nil {
* return err
* }
* _, err = identity.NewOidcKey(ctx, "key", &identity.OidcKeyArgs{
* Name: pulumi.String(key),
* Algorithm: pulumi.String("RS256"),
* AllowedClientIds: pulumi.StringArray{
* role.ClientId,
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.vault.identity.OidcRole;
* import com.pulumi.vault.identity.OidcRoleArgs;
* import com.pulumi.vault.identity.OidcKey;
* import com.pulumi.vault.identity.OidcKeyArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* final var config = ctx.config();
* final var key = config.get("key").orElse("key");
* var role = new OidcRole("role", OidcRoleArgs.builder()
* .name("role")
* .key(key)
* .build());
* var keyOidcKey = new OidcKey("keyOidcKey", OidcKeyArgs.builder()
* .name(key)
* .algorithm("RS256")
* .allowedClientIds(role.clientId())
* .build());
* }
* }
* ```
* ```yaml
* configuration:
* key:
* type: string
* default: key
* resources:
* keyOidcKey:
* type: vault:identity:OidcKey
* name: key
* properties:
* name: ${key}
* algorithm: RS256
* allowedClientIds:
* - ${role.clientId}
* role:
* type: vault:identity:OidcRole
* properties:
* name: role
* key: ${key}
* ```
*
* If you want to create the key first before creating the role, you can use a separate
* resource to configure the allowed Client ID on
* the key.
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as vault from "@pulumi/vault";
* const key = new vault.identity.OidcKey("key", {
* name: "key",
* algorithm: "RS256",
* });
* const role = new vault.identity.OidcRole("role", {
* name: "role",
* key: key.name,
* });
* const roleOidcKeyAllowedClientID = new vault.identity.OidcKeyAllowedClientID("role", {
* keyName: key.name,
* allowedClientId: role.clientId,
* });
* ```
* ```python
* import pulumi
* import pulumi_vault as vault
* key = vault.identity.OidcKey("key",
* name="key",
* algorithm="RS256")
* role = vault.identity.OidcRole("role",
* name="role",
* key=key.name)
* role_oidc_key_allowed_client_id = vault.identity.OidcKeyAllowedClientID("role",
* key_name=key.name,
* allowed_client_id=role.client_id)
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Vault = Pulumi.Vault;
* return await Deployment.RunAsync(() =>
* {
* var key = new Vault.Identity.OidcKey("key", new()
* {
* Name = "key",
* Algorithm = "RS256",
* });
* var role = new Vault.Identity.OidcRole("role", new()
* {
* Name = "role",
* Key = key.Name,
* });
* var roleOidcKeyAllowedClientID = new Vault.Identity.OidcKeyAllowedClientID("role", new()
* {
* KeyName = key.Name,
* AllowedClientId = role.ClientId,
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-vault/sdk/v6/go/vault/identity"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* key, err := identity.NewOidcKey(ctx, "key", &identity.OidcKeyArgs{
* Name: pulumi.String("key"),
* Algorithm: pulumi.String("RS256"),
* })
* if err != nil {
* return err
* }
* role, err := identity.NewOidcRole(ctx, "role", &identity.OidcRoleArgs{
* Name: pulumi.String("role"),
* Key: key.Name,
* })
* if err != nil {
* return err
* }
* _, err = identity.NewOidcKeyAllowedClientID(ctx, "role", &identity.OidcKeyAllowedClientIDArgs{
* KeyName: key.Name,
* AllowedClientId: role.ClientId,
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.vault.identity.OidcKey;
* import com.pulumi.vault.identity.OidcKeyArgs;
* import com.pulumi.vault.identity.OidcRole;
* import com.pulumi.vault.identity.OidcRoleArgs;
* import com.pulumi.vault.identity.OidcKeyAllowedClientID;
* import com.pulumi.vault.identity.OidcKeyAllowedClientIDArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var key = new OidcKey("key", OidcKeyArgs.builder()
* .name("key")
* .algorithm("RS256")
* .build());
* var role = new OidcRole("role", OidcRoleArgs.builder()
* .name("role")
* .key(key.name())
* .build());
* var roleOidcKeyAllowedClientID = new OidcKeyAllowedClientID("roleOidcKeyAllowedClientID", OidcKeyAllowedClientIDArgs.builder()
* .keyName(key.name())
* .allowedClientId(role.clientId())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* key:
* type: vault:identity:OidcKey
* properties:
* name: key
* algorithm: RS256
* role:
* type: vault:identity:OidcRole
* properties:
* name: role
* key: ${key.name}
* roleOidcKeyAllowedClientID:
* type: vault:identity:OidcKeyAllowedClientID
* name: role
* properties:
* keyName: ${key.name}
* allowedClientId: ${role.clientId}
* ```
*
* ## Import
* The key can be imported with the role name, for example:
* ```sh
* $ pulumi import vault:identity/oidcRole:OidcRole role role
* ```
* @property clientId The value that will be included in the `aud` field of all the OIDC identity
* tokens issued by this role
* @property key A configured named key, the key must already exist
* before tokens can be issued.
* @property name Name of the OIDC Role to create.
* @property namespace The namespace to provision the resource in.
* The value should not contain leading or trailing forward slashes.
* The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
* *Available only for Vault Enterprise*.
* @property template The template string to use for generating tokens. This may be in
* string-ified JSON or base64 format. See the
* [documentation](https://www.vaultproject.io/docs/secrets/identity/index.html#token-contents-and-templates)
* for the template format.
* @property ttl TTL of the tokens generated against the role in number of seconds.
*/
public data class OidcRoleArgs(
public val clientId: Output? = null,
public val key: Output? = null,
public val name: Output? = null,
public val namespace: Output? = null,
public val template: Output? = null,
public val ttl: Output? = null,
) : ConvertibleToJava {
override fun toJava(): com.pulumi.vault.identity.OidcRoleArgs =
com.pulumi.vault.identity.OidcRoleArgs.builder()
.clientId(clientId?.applyValue({ args0 -> args0 }))
.key(key?.applyValue({ args0 -> args0 }))
.name(name?.applyValue({ args0 -> args0 }))
.namespace(namespace?.applyValue({ args0 -> args0 }))
.template(template?.applyValue({ args0 -> args0 }))
.ttl(ttl?.applyValue({ args0 -> args0 })).build()
}
/**
* Builder for [OidcRoleArgs].
*/
@PulumiTagMarker
public class OidcRoleArgsBuilder internal constructor() {
private var clientId: Output? = null
private var key: Output? = null
private var name: Output? = null
private var namespace: Output? = null
private var template: Output? = null
private var ttl: Output? = null
/**
* @param value The value that will be included in the `aud` field of all the OIDC identity
* tokens issued by this role
*/
@JvmName("nasxidraquovfpsi")
public suspend fun clientId(`value`: Output) {
this.clientId = value
}
/**
* @param value A configured named key, the key must already exist
* before tokens can be issued.
*/
@JvmName("wtcqfonrdegjveok")
public suspend fun key(`value`: Output) {
this.key = value
}
/**
* @param value Name of the OIDC Role to create.
*/
@JvmName("hdkomdkmylesdptd")
public suspend fun name(`value`: Output) {
this.name = value
}
/**
* @param value The namespace to provision the resource in.
* The value should not contain leading or trailing forward slashes.
* The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
* *Available only for Vault Enterprise*.
*/
@JvmName("hhatpmoglegfkqip")
public suspend fun namespace(`value`: Output) {
this.namespace = value
}
/**
* @param value The template string to use for generating tokens. This may be in
* string-ified JSON or base64 format. See the
* [documentation](https://www.vaultproject.io/docs/secrets/identity/index.html#token-contents-and-templates)
* for the template format.
*/
@JvmName("riraakokrxhjwflr")
public suspend fun template(`value`: Output) {
this.template = value
}
/**
* @param value TTL of the tokens generated against the role in number of seconds.
*/
@JvmName("bdxshpuqfhvhgcpf")
public suspend fun ttl(`value`: Output) {
this.ttl = value
}
/**
* @param value The value that will be included in the `aud` field of all the OIDC identity
* tokens issued by this role
*/
@JvmName("qqfllvxuncjlrggm")
public suspend fun clientId(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.clientId = mapped
}
/**
* @param value A configured named key, the key must already exist
* before tokens can be issued.
*/
@JvmName("cepexnqvwxrvlelg")
public suspend fun key(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.key = mapped
}
/**
* @param value Name of the OIDC Role to create.
*/
@JvmName("bnaahgflmgemljdr")
public suspend fun name(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.name = mapped
}
/**
* @param value The namespace to provision the resource in.
* The value should not contain leading or trailing forward slashes.
* The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
* *Available only for Vault Enterprise*.
*/
@JvmName("qfhkgkqislosdhno")
public suspend fun namespace(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.namespace = mapped
}
/**
* @param value The template string to use for generating tokens. This may be in
* string-ified JSON or base64 format. See the
* [documentation](https://www.vaultproject.io/docs/secrets/identity/index.html#token-contents-and-templates)
* for the template format.
*/
@JvmName("ifqhkrojbnicwhfb")
public suspend fun template(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.template = mapped
}
/**
* @param value TTL of the tokens generated against the role in number of seconds.
*/
@JvmName("tbntownhfwsoaexl")
public suspend fun ttl(`value`: Int?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.ttl = mapped
}
internal fun build(): OidcRoleArgs = OidcRoleArgs(
clientId = clientId,
key = key,
name = name,
namespace = namespace,
template = template,
ttl = ttl,
)
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy