com.pulumi.vault.jwt.kotlin.AuthBackend.kt Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of pulumi-vault-kotlin Show documentation
Show all versions of pulumi-vault-kotlin Show documentation
Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.
@file:Suppress("NAME_SHADOWING", "DEPRECATION")
package com.pulumi.vault.jwt.kotlin
import com.pulumi.core.Output
import com.pulumi.kotlin.KotlinCustomResource
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.kotlin.ResourceMapper
import com.pulumi.kotlin.options.CustomResourceOptions
import com.pulumi.kotlin.options.CustomResourceOptionsBuilder
import com.pulumi.resources.Resource
import com.pulumi.vault.jwt.kotlin.outputs.AuthBackendTune
import com.pulumi.vault.jwt.kotlin.outputs.AuthBackendTune.Companion.toKotlin
import kotlin.Boolean
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
import kotlin.collections.List
import kotlin.collections.Map
/**
* Builder for [AuthBackend].
*/
@PulumiTagMarker
public class AuthBackendResourceBuilder internal constructor() {
public var name: String? = null
public var args: AuthBackendArgs = AuthBackendArgs()
public var opts: CustomResourceOptions = CustomResourceOptions()
/**
* @param name The _unique_ name of the resulting resource.
*/
public fun name(`value`: String) {
this.name = value
}
/**
* @param block The arguments to use to populate this resource's properties.
*/
public suspend fun args(block: suspend AuthBackendArgsBuilder.() -> Unit) {
val builder = AuthBackendArgsBuilder()
block(builder)
this.args = builder.build()
}
/**
* @param block A bag of options that control this resource's behavior.
*/
public suspend fun opts(block: suspend CustomResourceOptionsBuilder.() -> Unit) {
this.opts = com.pulumi.kotlin.options.CustomResourceOptions.opts(block)
}
internal fun build(): AuthBackend {
val builtJavaResource = com.pulumi.vault.jwt.AuthBackend(
this.name,
this.args.toJava(),
this.opts.toJava(),
)
return AuthBackend(builtJavaResource)
}
}
/**
* Provides a resource for managing an
* [JWT auth backend within Vault](https://www.vaultproject.io/docs/auth/jwt.html).
* ## Example Usage
* Manage JWT auth backend:
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as vault from "@pulumi/vault";
* const example = new vault.jwt.AuthBackend("example", {
* description: "Demonstration of the Terraform JWT auth backend",
* path: "jwt",
* oidcDiscoveryUrl: "https://myco.auth0.com/",
* boundIssuer: "https://myco.auth0.com/",
* });
* ```
* ```python
* import pulumi
* import pulumi_vault as vault
* example = vault.jwt.AuthBackend("example",
* description="Demonstration of the Terraform JWT auth backend",
* path="jwt",
* oidc_discovery_url="https://myco.auth0.com/",
* bound_issuer="https://myco.auth0.com/")
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Vault = Pulumi.Vault;
* return await Deployment.RunAsync(() =>
* {
* var example = new Vault.Jwt.AuthBackend("example", new()
* {
* Description = "Demonstration of the Terraform JWT auth backend",
* Path = "jwt",
* OidcDiscoveryUrl = "https://myco.auth0.com/",
* BoundIssuer = "https://myco.auth0.com/",
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-vault/sdk/v6/go/vault/jwt"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* _, err := jwt.NewAuthBackend(ctx, "example", &jwt.AuthBackendArgs{
* Description: pulumi.String("Demonstration of the Terraform JWT auth backend"),
* Path: pulumi.String("jwt"),
* OidcDiscoveryUrl: pulumi.String("https://myco.auth0.com/"),
* BoundIssuer: pulumi.String("https://myco.auth0.com/"),
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.vault.jwt.AuthBackend;
* import com.pulumi.vault.jwt.AuthBackendArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var example = new AuthBackend("example", AuthBackendArgs.builder()
* .description("Demonstration of the Terraform JWT auth backend")
* .path("jwt")
* .oidcDiscoveryUrl("https://myco.auth0.com/")
* .boundIssuer("https://myco.auth0.com/")
* .build());
* }
* }
* ```
* ```yaml
* resources:
* example:
* type: vault:jwt:AuthBackend
* properties:
* description: Demonstration of the Terraform JWT auth backend
* path: jwt
* oidcDiscoveryUrl: https://myco.auth0.com/
* boundIssuer: https://myco.auth0.com/
* ```
*
* Manage OIDC auth backend:
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as vault from "@pulumi/vault";
* const example = new vault.jwt.AuthBackend("example", {
* description: "Demonstration of the Terraform JWT auth backend",
* path: "oidc",
* type: "oidc",
* oidcDiscoveryUrl: "https://myco.auth0.com/",
* oidcClientId: "1234567890",
* oidcClientSecret: "secret123456",
* boundIssuer: "https://myco.auth0.com/",
* tune: {
* listingVisibility: "unauth",
* },
* });
* ```
* ```python
* import pulumi
* import pulumi_vault as vault
* example = vault.jwt.AuthBackend("example",
* description="Demonstration of the Terraform JWT auth backend",
* path="oidc",
* type="oidc",
* oidc_discovery_url="https://myco.auth0.com/",
* oidc_client_id="1234567890",
* oidc_client_secret="secret123456",
* bound_issuer="https://myco.auth0.com/",
* tune=vault.jwt.AuthBackendTuneArgs(
* listing_visibility="unauth",
* ))
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Vault = Pulumi.Vault;
* return await Deployment.RunAsync(() =>
* {
* var example = new Vault.Jwt.AuthBackend("example", new()
* {
* Description = "Demonstration of the Terraform JWT auth backend",
* Path = "oidc",
* Type = "oidc",
* OidcDiscoveryUrl = "https://myco.auth0.com/",
* OidcClientId = "1234567890",
* OidcClientSecret = "secret123456",
* BoundIssuer = "https://myco.auth0.com/",
* Tune = new Vault.Jwt.Inputs.AuthBackendTuneArgs
* {
* ListingVisibility = "unauth",
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-vault/sdk/v6/go/vault/jwt"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* _, err := jwt.NewAuthBackend(ctx, "example", &jwt.AuthBackendArgs{
* Description: pulumi.String("Demonstration of the Terraform JWT auth backend"),
* Path: pulumi.String("oidc"),
* Type: pulumi.String("oidc"),
* OidcDiscoveryUrl: pulumi.String("https://myco.auth0.com/"),
* OidcClientId: pulumi.String("1234567890"),
* OidcClientSecret: pulumi.String("secret123456"),
* BoundIssuer: pulumi.String("https://myco.auth0.com/"),
* Tune: &jwt.AuthBackendTuneArgs{
* ListingVisibility: pulumi.String("unauth"),
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.vault.jwt.AuthBackend;
* import com.pulumi.vault.jwt.AuthBackendArgs;
* import com.pulumi.vault.jwt.inputs.AuthBackendTuneArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var example = new AuthBackend("example", AuthBackendArgs.builder()
* .description("Demonstration of the Terraform JWT auth backend")
* .path("oidc")
* .type("oidc")
* .oidcDiscoveryUrl("https://myco.auth0.com/")
* .oidcClientId("1234567890")
* .oidcClientSecret("secret123456")
* .boundIssuer("https://myco.auth0.com/")
* .tune(AuthBackendTuneArgs.builder()
* .listingVisibility("unauth")
* .build())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* example:
* type: vault:jwt:AuthBackend
* properties:
* description: Demonstration of the Terraform JWT auth backend
* path: oidc
* type: oidc
* oidcDiscoveryUrl: https://myco.auth0.com/
* oidcClientId: '1234567890'
* oidcClientSecret: secret123456
* boundIssuer: https://myco.auth0.com/
* tune:
* listingVisibility: unauth
* ```
*
* Configuring the auth backend with a `provider_config:
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as vault from "@pulumi/vault";
* const gsuite = new vault.jwt.AuthBackend("gsuite", {
* description: "OIDC backend",
* oidcDiscoveryUrl: "https://accounts.google.com",
* path: "oidc",
* type: "oidc",
* providerConfig: {
* provider: "gsuite",
* fetch_groups: "true",
* fetch_user_info: "true",
* groups_recurse_max_depth: "1",
* },
* });
* ```
* ```python
* import pulumi
* import pulumi_vault as vault
* gsuite = vault.jwt.AuthBackend("gsuite",
* description="OIDC backend",
* oidc_discovery_url="https://accounts.google.com",
* path="oidc",
* type="oidc",
* provider_config={
* "provider": "gsuite",
* "fetch_groups": "true",
* "fetch_user_info": "true",
* "groups_recurse_max_depth": "1",
* })
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Vault = Pulumi.Vault;
* return await Deployment.RunAsync(() =>
* {
* var gsuite = new Vault.Jwt.AuthBackend("gsuite", new()
* {
* Description = "OIDC backend",
* OidcDiscoveryUrl = "https://accounts.google.com",
* Path = "oidc",
* Type = "oidc",
* ProviderConfig =
* {
* { "provider", "gsuite" },
* { "fetch_groups", "true" },
* { "fetch_user_info", "true" },
* { "groups_recurse_max_depth", "1" },
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-vault/sdk/v6/go/vault/jwt"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* _, err := jwt.NewAuthBackend(ctx, "gsuite", &jwt.AuthBackendArgs{
* Description: pulumi.String("OIDC backend"),
* OidcDiscoveryUrl: pulumi.String("https://accounts.google.com"),
* Path: pulumi.String("oidc"),
* Type: pulumi.String("oidc"),
* ProviderConfig: pulumi.StringMap{
* "provider": pulumi.String("gsuite"),
* "fetch_groups": pulumi.String("true"),
* "fetch_user_info": pulumi.String("true"),
* "groups_recurse_max_depth": pulumi.String("1"),
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.vault.jwt.AuthBackend;
* import com.pulumi.vault.jwt.AuthBackendArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var gsuite = new AuthBackend("gsuite", AuthBackendArgs.builder()
* .description("OIDC backend")
* .oidcDiscoveryUrl("https://accounts.google.com")
* .path("oidc")
* .type("oidc")
* .providerConfig(Map.ofEntries(
* Map.entry("provider", "gsuite"),
* Map.entry("fetch_groups", true),
* Map.entry("fetch_user_info", true),
* Map.entry("groups_recurse_max_depth", 1)
* ))
* .build());
* }
* }
* ```
* ```yaml
* resources:
* gsuite:
* type: vault:jwt:AuthBackend
* properties:
* description: OIDC backend
* oidcDiscoveryUrl: https://accounts.google.com
* path: oidc
* type: oidc
* providerConfig:
* provider: gsuite
* fetch_groups: true
* fetch_user_info: true
* groups_recurse_max_depth: 1
* ```
*
* ## Import
* JWT auth backend can be imported using the `path`, e.g.
* ```sh
* $ pulumi import vault:jwt/authBackend:AuthBackend oidc oidc
* ```
* or
* ```sh
* $ pulumi import vault:jwt/authBackend:AuthBackend jwt jwt
* ```
*/
public class AuthBackend internal constructor(
override val javaResource: com.pulumi.vault.jwt.AuthBackend,
) : KotlinCustomResource(javaResource, AuthBackendMapper) {
/**
* The accessor for this auth method
*/
public val accessor: Output
get() = javaResource.accessor().applyValue({ args0 -> args0 })
/**
* The value against which to match the iss claim in a JWT
*/
public val boundIssuer: Output?
get() = javaResource.boundIssuer().applyValue({ args0 ->
args0.map({ args0 ->
args0
}).orElse(null)
})
/**
* The default role to use if none is provided during login
*/
public val defaultRole: Output?
get() = javaResource.defaultRole().applyValue({ args0 ->
args0.map({ args0 ->
args0
}).orElse(null)
})
/**
* The description of the auth backend
*/
public val description: Output?
get() = javaResource.description().applyValue({ args0 ->
args0.map({ args0 ->
args0
}).orElse(null)
})
/**
* If set, opts out of mount migration on path updates.
* See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
*/
public val disableRemount: Output?
get() = javaResource.disableRemount().applyValue({ args0 ->
args0.map({ args0 ->
args0
}).orElse(null)
})
/**
* The CA certificate or chain of certificates, in PEM format, to use to validate connections to the JWKS URL. If not set, system certificates are used.
*/
public val jwksCaPem: Output?
get() = javaResource.jwksCaPem().applyValue({ args0 -> args0.map({ args0 -> args0 }).orElse(null) })
/**
* JWKS URL to use to authenticate signatures. Cannot be used with "oidc_discovery_url" or "jwt_validation_pubkeys".
*/
public val jwksUrl: Output?
get() = javaResource.jwksUrl().applyValue({ args0 -> args0.map({ args0 -> args0 }).orElse(null) })
/**
* A list of supported signing algorithms. Vault 1.1.0 defaults to [RS256] but future or past versions of Vault may differ
*/
public val jwtSupportedAlgs: Output>?
get() = javaResource.jwtSupportedAlgs().applyValue({ args0 ->
args0.map({ args0 ->
args0.map({ args0 -> args0 })
}).orElse(null)
})
/**
* A list of PEM-encoded public keys to use to authenticate signatures locally. Cannot be used in combination with `oidc_discovery_url`
*/
public val jwtValidationPubkeys: Output>?
get() = javaResource.jwtValidationPubkeys().applyValue({ args0 ->
args0.map({ args0 ->
args0.map({ args0 -> args0 })
}).orElse(null)
})
/**
* Specifies if the auth method is local only.
*/
public val local: Output?
get() = javaResource.local().applyValue({ args0 -> args0.map({ args0 -> args0 }).orElse(null) })
/**
* The namespace to provision the resource in.
* The value should not contain leading or trailing forward slashes.
* The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
* *Available only for Vault Enterprise*.
*/
public val namespace: Output?
get() = javaResource.namespace().applyValue({ args0 -> args0.map({ args0 -> args0 }).orElse(null) })
/**
* Pass namespace in the OIDC state parameter instead of as a separate query parameter. With this setting, the allowed redirect URL(s) in Vault and on the provider side should not contain a namespace query parameter. This means only one redirect URL entry needs to be maintained on the OIDC provider side for all vault namespaces that will be authenticating against it. Defaults to true for new configs
* * tune - (Optional) Extra configuration block. Structure is documented below.
* The `tune` block is used to tune the auth backend:
*/
public val namespaceInState: Output?
get() = javaResource.namespaceInState().applyValue({ args0 ->
args0.map({ args0 ->
args0
}).orElse(null)
})
/**
* Client ID used for OIDC backends
*/
public val oidcClientId: Output?
get() = javaResource.oidcClientId().applyValue({ args0 ->
args0.map({ args0 ->
args0
}).orElse(null)
})
/**
* Client Secret used for OIDC backends
*/
public val oidcClientSecret: Output?
get() = javaResource.oidcClientSecret().applyValue({ args0 ->
args0.map({ args0 ->
args0
}).orElse(null)
})
/**
* The CA certificate or chain of certificates, in PEM format, to use to validate connections to the OIDC Discovery URL. If not set, system certificates are used
*/
public val oidcDiscoveryCaPem: Output?
get() = javaResource.oidcDiscoveryCaPem().applyValue({ args0 ->
args0.map({ args0 ->
args0
}).orElse(null)
})
/**
* The OIDC Discovery URL, without any .well-known component (base path). Cannot be used in combination with `jwt_validation_pubkeys`
*/
public val oidcDiscoveryUrl: Output?
get() = javaResource.oidcDiscoveryUrl().applyValue({ args0 ->
args0.map({ args0 ->
args0
}).orElse(null)
})
/**
* The response mode to be used in the OAuth2 request. Allowed values are `query` and `form_post`. Defaults to `query`. If using Vault namespaces, and `oidc_response_mode` is `form_post`, then `namespace_in_state` should be set to `false`.
*/
public val oidcResponseMode: Output?
get() = javaResource.oidcResponseMode().applyValue({ args0 ->
args0.map({ args0 ->
args0
}).orElse(null)
})
/**
* List of response types to request. Allowed values are 'code' and 'id_token'. Defaults to `["code"]`. Note: `id_token` may only be used if `oidc_response_mode` is set to `form_post`.
*/
public val oidcResponseTypes: Output>?
get() = javaResource.oidcResponseTypes().applyValue({ args0 ->
args0.map({ args0 ->
args0.map({ args0 -> args0 })
}).orElse(null)
})
/**
* Path to mount the JWT/OIDC auth backend
*/
public val path: Output?
get() = javaResource.path().applyValue({ args0 -> args0.map({ args0 -> args0 }).orElse(null) })
/**
* Provider specific handling configuration. All values may be strings, and the provider will convert to the appropriate type when configuring Vault.
*/
public val providerConfig: Output>?
get() = javaResource.providerConfig().applyValue({ args0 ->
args0.map({ args0 ->
args0.map({ args0 -> args0.key.to(args0.value) }).toMap()
}).orElse(null)
})
public val tune: Output
get() = javaResource.tune().applyValue({ args0 -> args0.let({ args0 -> toKotlin(args0) }) })
/**
* Type of auth backend. Should be one of `jwt` or `oidc`. Default - `jwt`
*/
public val type: Output?
get() = javaResource.type().applyValue({ args0 -> args0.map({ args0 -> args0 }).orElse(null) })
}
public object AuthBackendMapper : ResourceMapper {
override fun supportsMappingOfType(javaResource: Resource): Boolean =
com.pulumi.vault.jwt.AuthBackend::class == javaResource::class
override fun map(javaResource: Resource): AuthBackend = AuthBackend(
javaResource as
com.pulumi.vault.jwt.AuthBackend,
)
}
/**
* @see [AuthBackend].
* @param name The _unique_ name of the resulting resource.
* @param block Builder for [AuthBackend].
*/
public suspend fun authBackend(name: String, block: suspend AuthBackendResourceBuilder.() -> Unit): AuthBackend {
val builder = AuthBackendResourceBuilder()
builder.name(name)
block(builder)
return builder.build()
}
/**
* @see [AuthBackend].
* @param name The _unique_ name of the resulting resource.
*/
public fun authBackend(name: String): AuthBackend {
val builder = AuthBackendResourceBuilder()
builder.name(name)
return builder.build()
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy