com.pulumi.vault.jwt.kotlin.AuthBackendArgs.kt Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of pulumi-vault-kotlin Show documentation
Show all versions of pulumi-vault-kotlin Show documentation
Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.
@file:Suppress("NAME_SHADOWING", "DEPRECATION")
package com.pulumi.vault.jwt.kotlin
import com.pulumi.core.Output
import com.pulumi.core.Output.of
import com.pulumi.kotlin.ConvertibleToJava
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.kotlin.applySuspend
import com.pulumi.vault.jwt.AuthBackendArgs.builder
import com.pulumi.vault.jwt.kotlin.inputs.AuthBackendTuneArgs
import com.pulumi.vault.jwt.kotlin.inputs.AuthBackendTuneArgsBuilder
import kotlin.Boolean
import kotlin.Pair
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
import kotlin.collections.List
import kotlin.collections.Map
import kotlin.jvm.JvmName
/**
* Provides a resource for managing an
* [JWT auth backend within Vault](https://www.vaultproject.io/docs/auth/jwt.html).
* ## Example Usage
* Manage JWT auth backend:
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as vault from "@pulumi/vault";
* const example = new vault.jwt.AuthBackend("example", {
* description: "Demonstration of the Terraform JWT auth backend",
* path: "jwt",
* oidcDiscoveryUrl: "https://myco.auth0.com/",
* boundIssuer: "https://myco.auth0.com/",
* });
* ```
* ```python
* import pulumi
* import pulumi_vault as vault
* example = vault.jwt.AuthBackend("example",
* description="Demonstration of the Terraform JWT auth backend",
* path="jwt",
* oidc_discovery_url="https://myco.auth0.com/",
* bound_issuer="https://myco.auth0.com/")
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Vault = Pulumi.Vault;
* return await Deployment.RunAsync(() =>
* {
* var example = new Vault.Jwt.AuthBackend("example", new()
* {
* Description = "Demonstration of the Terraform JWT auth backend",
* Path = "jwt",
* OidcDiscoveryUrl = "https://myco.auth0.com/",
* BoundIssuer = "https://myco.auth0.com/",
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-vault/sdk/v6/go/vault/jwt"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* _, err := jwt.NewAuthBackend(ctx, "example", &jwt.AuthBackendArgs{
* Description: pulumi.String("Demonstration of the Terraform JWT auth backend"),
* Path: pulumi.String("jwt"),
* OidcDiscoveryUrl: pulumi.String("https://myco.auth0.com/"),
* BoundIssuer: pulumi.String("https://myco.auth0.com/"),
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.vault.jwt.AuthBackend;
* import com.pulumi.vault.jwt.AuthBackendArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var example = new AuthBackend("example", AuthBackendArgs.builder()
* .description("Demonstration of the Terraform JWT auth backend")
* .path("jwt")
* .oidcDiscoveryUrl("https://myco.auth0.com/")
* .boundIssuer("https://myco.auth0.com/")
* .build());
* }
* }
* ```
* ```yaml
* resources:
* example:
* type: vault:jwt:AuthBackend
* properties:
* description: Demonstration of the Terraform JWT auth backend
* path: jwt
* oidcDiscoveryUrl: https://myco.auth0.com/
* boundIssuer: https://myco.auth0.com/
* ```
*
* Manage OIDC auth backend:
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as vault from "@pulumi/vault";
* const example = new vault.jwt.AuthBackend("example", {
* description: "Demonstration of the Terraform JWT auth backend",
* path: "oidc",
* type: "oidc",
* oidcDiscoveryUrl: "https://myco.auth0.com/",
* oidcClientId: "1234567890",
* oidcClientSecret: "secret123456",
* boundIssuer: "https://myco.auth0.com/",
* tune: {
* listingVisibility: "unauth",
* },
* });
* ```
* ```python
* import pulumi
* import pulumi_vault as vault
* example = vault.jwt.AuthBackend("example",
* description="Demonstration of the Terraform JWT auth backend",
* path="oidc",
* type="oidc",
* oidc_discovery_url="https://myco.auth0.com/",
* oidc_client_id="1234567890",
* oidc_client_secret="secret123456",
* bound_issuer="https://myco.auth0.com/",
* tune=vault.jwt.AuthBackendTuneArgs(
* listing_visibility="unauth",
* ))
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Vault = Pulumi.Vault;
* return await Deployment.RunAsync(() =>
* {
* var example = new Vault.Jwt.AuthBackend("example", new()
* {
* Description = "Demonstration of the Terraform JWT auth backend",
* Path = "oidc",
* Type = "oidc",
* OidcDiscoveryUrl = "https://myco.auth0.com/",
* OidcClientId = "1234567890",
* OidcClientSecret = "secret123456",
* BoundIssuer = "https://myco.auth0.com/",
* Tune = new Vault.Jwt.Inputs.AuthBackendTuneArgs
* {
* ListingVisibility = "unauth",
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-vault/sdk/v6/go/vault/jwt"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* _, err := jwt.NewAuthBackend(ctx, "example", &jwt.AuthBackendArgs{
* Description: pulumi.String("Demonstration of the Terraform JWT auth backend"),
* Path: pulumi.String("oidc"),
* Type: pulumi.String("oidc"),
* OidcDiscoveryUrl: pulumi.String("https://myco.auth0.com/"),
* OidcClientId: pulumi.String("1234567890"),
* OidcClientSecret: pulumi.String("secret123456"),
* BoundIssuer: pulumi.String("https://myco.auth0.com/"),
* Tune: &jwt.AuthBackendTuneArgs{
* ListingVisibility: pulumi.String("unauth"),
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.vault.jwt.AuthBackend;
* import com.pulumi.vault.jwt.AuthBackendArgs;
* import com.pulumi.vault.jwt.inputs.AuthBackendTuneArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var example = new AuthBackend("example", AuthBackendArgs.builder()
* .description("Demonstration of the Terraform JWT auth backend")
* .path("oidc")
* .type("oidc")
* .oidcDiscoveryUrl("https://myco.auth0.com/")
* .oidcClientId("1234567890")
* .oidcClientSecret("secret123456")
* .boundIssuer("https://myco.auth0.com/")
* .tune(AuthBackendTuneArgs.builder()
* .listingVisibility("unauth")
* .build())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* example:
* type: vault:jwt:AuthBackend
* properties:
* description: Demonstration of the Terraform JWT auth backend
* path: oidc
* type: oidc
* oidcDiscoveryUrl: https://myco.auth0.com/
* oidcClientId: '1234567890'
* oidcClientSecret: secret123456
* boundIssuer: https://myco.auth0.com/
* tune:
* listingVisibility: unauth
* ```
*
* Configuring the auth backend with a `provider_config:
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as vault from "@pulumi/vault";
* const gsuite = new vault.jwt.AuthBackend("gsuite", {
* description: "OIDC backend",
* oidcDiscoveryUrl: "https://accounts.google.com",
* path: "oidc",
* type: "oidc",
* providerConfig: {
* provider: "gsuite",
* fetch_groups: "true",
* fetch_user_info: "true",
* groups_recurse_max_depth: "1",
* },
* });
* ```
* ```python
* import pulumi
* import pulumi_vault as vault
* gsuite = vault.jwt.AuthBackend("gsuite",
* description="OIDC backend",
* oidc_discovery_url="https://accounts.google.com",
* path="oidc",
* type="oidc",
* provider_config={
* "provider": "gsuite",
* "fetch_groups": "true",
* "fetch_user_info": "true",
* "groups_recurse_max_depth": "1",
* })
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Vault = Pulumi.Vault;
* return await Deployment.RunAsync(() =>
* {
* var gsuite = new Vault.Jwt.AuthBackend("gsuite", new()
* {
* Description = "OIDC backend",
* OidcDiscoveryUrl = "https://accounts.google.com",
* Path = "oidc",
* Type = "oidc",
* ProviderConfig =
* {
* { "provider", "gsuite" },
* { "fetch_groups", "true" },
* { "fetch_user_info", "true" },
* { "groups_recurse_max_depth", "1" },
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-vault/sdk/v6/go/vault/jwt"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* _, err := jwt.NewAuthBackend(ctx, "gsuite", &jwt.AuthBackendArgs{
* Description: pulumi.String("OIDC backend"),
* OidcDiscoveryUrl: pulumi.String("https://accounts.google.com"),
* Path: pulumi.String("oidc"),
* Type: pulumi.String("oidc"),
* ProviderConfig: pulumi.StringMap{
* "provider": pulumi.String("gsuite"),
* "fetch_groups": pulumi.String("true"),
* "fetch_user_info": pulumi.String("true"),
* "groups_recurse_max_depth": pulumi.String("1"),
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.vault.jwt.AuthBackend;
* import com.pulumi.vault.jwt.AuthBackendArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var gsuite = new AuthBackend("gsuite", AuthBackendArgs.builder()
* .description("OIDC backend")
* .oidcDiscoveryUrl("https://accounts.google.com")
* .path("oidc")
* .type("oidc")
* .providerConfig(Map.ofEntries(
* Map.entry("provider", "gsuite"),
* Map.entry("fetch_groups", true),
* Map.entry("fetch_user_info", true),
* Map.entry("groups_recurse_max_depth", 1)
* ))
* .build());
* }
* }
* ```
* ```yaml
* resources:
* gsuite:
* type: vault:jwt:AuthBackend
* properties:
* description: OIDC backend
* oidcDiscoveryUrl: https://accounts.google.com
* path: oidc
* type: oidc
* providerConfig:
* provider: gsuite
* fetch_groups: true
* fetch_user_info: true
* groups_recurse_max_depth: 1
* ```
*
* ## Import
* JWT auth backend can be imported using the `path`, e.g.
* ```sh
* $ pulumi import vault:jwt/authBackend:AuthBackend oidc oidc
* ```
* or
* ```sh
* $ pulumi import vault:jwt/authBackend:AuthBackend jwt jwt
* ```
* @property boundIssuer The value against which to match the iss claim in a JWT
* @property defaultRole The default role to use if none is provided during login
* @property description The description of the auth backend
* @property disableRemount If set, opts out of mount migration on path updates.
* See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
* @property jwksCaPem The CA certificate or chain of certificates, in PEM format, to use to validate connections to the JWKS URL. If not set, system certificates are used.
* @property jwksUrl JWKS URL to use to authenticate signatures. Cannot be used with "oidc_discovery_url" or "jwt_validation_pubkeys".
* @property jwtSupportedAlgs A list of supported signing algorithms. Vault 1.1.0 defaults to [RS256] but future or past versions of Vault may differ
* @property jwtValidationPubkeys A list of PEM-encoded public keys to use to authenticate signatures locally. Cannot be used in combination with `oidc_discovery_url`
* @property local Specifies if the auth method is local only.
* @property namespace The namespace to provision the resource in.
* The value should not contain leading or trailing forward slashes.
* The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
* *Available only for Vault Enterprise*.
* @property namespaceInState Pass namespace in the OIDC state parameter instead of as a separate query parameter. With this setting, the allowed redirect URL(s) in Vault and on the provider side should not contain a namespace query parameter. This means only one redirect URL entry needs to be maintained on the OIDC provider side for all vault namespaces that will be authenticating against it. Defaults to true for new configs
* * tune - (Optional) Extra configuration block. Structure is documented below.
* The `tune` block is used to tune the auth backend:
* @property oidcClientId Client ID used for OIDC backends
* @property oidcClientSecret Client Secret used for OIDC backends
* @property oidcDiscoveryCaPem The CA certificate or chain of certificates, in PEM format, to use to validate connections to the OIDC Discovery URL. If not set, system certificates are used
* @property oidcDiscoveryUrl The OIDC Discovery URL, without any .well-known component (base path). Cannot be used in combination with `jwt_validation_pubkeys`
* @property oidcResponseMode The response mode to be used in the OAuth2 request. Allowed values are `query` and `form_post`. Defaults to `query`. If using Vault namespaces, and `oidc_response_mode` is `form_post`, then `namespace_in_state` should be set to `false`.
* @property oidcResponseTypes List of response types to request. Allowed values are 'code' and 'id_token'. Defaults to `["code"]`. Note: `id_token` may only be used if `oidc_response_mode` is set to `form_post`.
* @property path Path to mount the JWT/OIDC auth backend
* @property providerConfig Provider specific handling configuration. All values may be strings, and the provider will convert to the appropriate type when configuring Vault.
* @property tune
* @property type Type of auth backend. Should be one of `jwt` or `oidc`. Default - `jwt`
*/
public data class AuthBackendArgs(
public val boundIssuer: Output? = null,
public val defaultRole: Output? = null,
public val description: Output? = null,
public val disableRemount: Output? = null,
public val jwksCaPem: Output? = null,
public val jwksUrl: Output? = null,
public val jwtSupportedAlgs: Output>? = null,
public val jwtValidationPubkeys: Output>? = null,
public val local: Output? = null,
public val namespace: Output? = null,
public val namespaceInState: Output? = null,
public val oidcClientId: Output? = null,
public val oidcClientSecret: Output? = null,
public val oidcDiscoveryCaPem: Output? = null,
public val oidcDiscoveryUrl: Output? = null,
public val oidcResponseMode: Output? = null,
public val oidcResponseTypes: Output>? = null,
public val path: Output? = null,
public val providerConfig: Output>? = null,
public val tune: Output? = null,
public val type: Output? = null,
) : ConvertibleToJava {
override fun toJava(): com.pulumi.vault.jwt.AuthBackendArgs =
com.pulumi.vault.jwt.AuthBackendArgs.builder()
.boundIssuer(boundIssuer?.applyValue({ args0 -> args0 }))
.defaultRole(defaultRole?.applyValue({ args0 -> args0 }))
.description(description?.applyValue({ args0 -> args0 }))
.disableRemount(disableRemount?.applyValue({ args0 -> args0 }))
.jwksCaPem(jwksCaPem?.applyValue({ args0 -> args0 }))
.jwksUrl(jwksUrl?.applyValue({ args0 -> args0 }))
.jwtSupportedAlgs(jwtSupportedAlgs?.applyValue({ args0 -> args0.map({ args0 -> args0 }) }))
.jwtValidationPubkeys(jwtValidationPubkeys?.applyValue({ args0 -> args0.map({ args0 -> args0 }) }))
.local(local?.applyValue({ args0 -> args0 }))
.namespace(namespace?.applyValue({ args0 -> args0 }))
.namespaceInState(namespaceInState?.applyValue({ args0 -> args0 }))
.oidcClientId(oidcClientId?.applyValue({ args0 -> args0 }))
.oidcClientSecret(oidcClientSecret?.applyValue({ args0 -> args0 }))
.oidcDiscoveryCaPem(oidcDiscoveryCaPem?.applyValue({ args0 -> args0 }))
.oidcDiscoveryUrl(oidcDiscoveryUrl?.applyValue({ args0 -> args0 }))
.oidcResponseMode(oidcResponseMode?.applyValue({ args0 -> args0 }))
.oidcResponseTypes(oidcResponseTypes?.applyValue({ args0 -> args0.map({ args0 -> args0 }) }))
.path(path?.applyValue({ args0 -> args0 }))
.providerConfig(
providerConfig?.applyValue({ args0 ->
args0.map({ args0 ->
args0.key.to(args0.value)
}).toMap()
}),
)
.tune(tune?.applyValue({ args0 -> args0.let({ args0 -> args0.toJava() }) }))
.type(type?.applyValue({ args0 -> args0 })).build()
}
/**
* Builder for [AuthBackendArgs].
*/
@PulumiTagMarker
public class AuthBackendArgsBuilder internal constructor() {
private var boundIssuer: Output? = null
private var defaultRole: Output? = null
private var description: Output? = null
private var disableRemount: Output? = null
private var jwksCaPem: Output? = null
private var jwksUrl: Output? = null
private var jwtSupportedAlgs: Output>? = null
private var jwtValidationPubkeys: Output>? = null
private var local: Output? = null
private var namespace: Output? = null
private var namespaceInState: Output? = null
private var oidcClientId: Output? = null
private var oidcClientSecret: Output? = null
private var oidcDiscoveryCaPem: Output? = null
private var oidcDiscoveryUrl: Output? = null
private var oidcResponseMode: Output? = null
private var oidcResponseTypes: Output>? = null
private var path: Output? = null
private var providerConfig: Output>? = null
private var tune: Output? = null
private var type: Output? = null
/**
* @param value The value against which to match the iss claim in a JWT
*/
@JvmName("vjsygrcwmjnxwwwk")
public suspend fun boundIssuer(`value`: Output) {
this.boundIssuer = value
}
/**
* @param value The default role to use if none is provided during login
*/
@JvmName("pdnaubjamgbcaekh")
public suspend fun defaultRole(`value`: Output) {
this.defaultRole = value
}
/**
* @param value The description of the auth backend
*/
@JvmName("icvjcqnevegoijbs")
public suspend fun description(`value`: Output) {
this.description = value
}
/**
* @param value If set, opts out of mount migration on path updates.
* See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
*/
@JvmName("piastladqjlfltnq")
public suspend fun disableRemount(`value`: Output) {
this.disableRemount = value
}
/**
* @param value The CA certificate or chain of certificates, in PEM format, to use to validate connections to the JWKS URL. If not set, system certificates are used.
*/
@JvmName("uvbabcspfraqjysa")
public suspend fun jwksCaPem(`value`: Output) {
this.jwksCaPem = value
}
/**
* @param value JWKS URL to use to authenticate signatures. Cannot be used with "oidc_discovery_url" or "jwt_validation_pubkeys".
*/
@JvmName("ashwhoyamegxdrpu")
public suspend fun jwksUrl(`value`: Output) {
this.jwksUrl = value
}
/**
* @param value A list of supported signing algorithms. Vault 1.1.0 defaults to [RS256] but future or past versions of Vault may differ
*/
@JvmName("yvkbeenbckwahahj")
public suspend fun jwtSupportedAlgs(`value`: Output>) {
this.jwtSupportedAlgs = value
}
@JvmName("wpedxejsocokgygl")
public suspend fun jwtSupportedAlgs(vararg values: Output) {
this.jwtSupportedAlgs = Output.all(values.asList())
}
/**
* @param values A list of supported signing algorithms. Vault 1.1.0 defaults to [RS256] but future or past versions of Vault may differ
*/
@JvmName("kfbswyedhbsbmaoe")
public suspend fun jwtSupportedAlgs(values: List>) {
this.jwtSupportedAlgs = Output.all(values)
}
/**
* @param value A list of PEM-encoded public keys to use to authenticate signatures locally. Cannot be used in combination with `oidc_discovery_url`
*/
@JvmName("hqjfqlxfgyjovoxk")
public suspend fun jwtValidationPubkeys(`value`: Output>) {
this.jwtValidationPubkeys = value
}
@JvmName("snfrrkgfjxlsxtgu")
public suspend fun jwtValidationPubkeys(vararg values: Output) {
this.jwtValidationPubkeys = Output.all(values.asList())
}
/**
* @param values A list of PEM-encoded public keys to use to authenticate signatures locally. Cannot be used in combination with `oidc_discovery_url`
*/
@JvmName("dcrqqnkgragqljey")
public suspend fun jwtValidationPubkeys(values: List>) {
this.jwtValidationPubkeys = Output.all(values)
}
/**
* @param value Specifies if the auth method is local only.
*/
@JvmName("qmdfqolwkiskibvf")
public suspend fun local(`value`: Output) {
this.local = value
}
/**
* @param value The namespace to provision the resource in.
* The value should not contain leading or trailing forward slashes.
* The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
* *Available only for Vault Enterprise*.
*/
@JvmName("bfifkckovccxieqj")
public suspend fun namespace(`value`: Output) {
this.namespace = value
}
/**
* @param value Pass namespace in the OIDC state parameter instead of as a separate query parameter. With this setting, the allowed redirect URL(s) in Vault and on the provider side should not contain a namespace query parameter. This means only one redirect URL entry needs to be maintained on the OIDC provider side for all vault namespaces that will be authenticating against it. Defaults to true for new configs
* * tune - (Optional) Extra configuration block. Structure is documented below.
* The `tune` block is used to tune the auth backend:
*/
@JvmName("piuxprxwtyxsueox")
public suspend fun namespaceInState(`value`: Output) {
this.namespaceInState = value
}
/**
* @param value Client ID used for OIDC backends
*/
@JvmName("widkctlgpfmtdttu")
public suspend fun oidcClientId(`value`: Output) {
this.oidcClientId = value
}
/**
* @param value Client Secret used for OIDC backends
*/
@JvmName("vjeigslsnbjulyyo")
public suspend fun oidcClientSecret(`value`: Output) {
this.oidcClientSecret = value
}
/**
* @param value The CA certificate or chain of certificates, in PEM format, to use to validate connections to the OIDC Discovery URL. If not set, system certificates are used
*/
@JvmName("gitascvefiwkfkhj")
public suspend fun oidcDiscoveryCaPem(`value`: Output) {
this.oidcDiscoveryCaPem = value
}
/**
* @param value The OIDC Discovery URL, without any .well-known component (base path). Cannot be used in combination with `jwt_validation_pubkeys`
*/
@JvmName("qrkfpwvywtfuqprx")
public suspend fun oidcDiscoveryUrl(`value`: Output) {
this.oidcDiscoveryUrl = value
}
/**
* @param value The response mode to be used in the OAuth2 request. Allowed values are `query` and `form_post`. Defaults to `query`. If using Vault namespaces, and `oidc_response_mode` is `form_post`, then `namespace_in_state` should be set to `false`.
*/
@JvmName("hkjnukmerbelbmfo")
public suspend fun oidcResponseMode(`value`: Output) {
this.oidcResponseMode = value
}
/**
* @param value List of response types to request. Allowed values are 'code' and 'id_token'. Defaults to `["code"]`. Note: `id_token` may only be used if `oidc_response_mode` is set to `form_post`.
*/
@JvmName("leyledpoagkyhtie")
public suspend fun oidcResponseTypes(`value`: Output>) {
this.oidcResponseTypes = value
}
@JvmName("xxkyhtadbwfwftcp")
public suspend fun oidcResponseTypes(vararg values: Output) {
this.oidcResponseTypes = Output.all(values.asList())
}
/**
* @param values List of response types to request. Allowed values are 'code' and 'id_token'. Defaults to `["code"]`. Note: `id_token` may only be used if `oidc_response_mode` is set to `form_post`.
*/
@JvmName("kdhcxhxwsokijfea")
public suspend fun oidcResponseTypes(values: List>) {
this.oidcResponseTypes = Output.all(values)
}
/**
* @param value Path to mount the JWT/OIDC auth backend
*/
@JvmName("ofjphrwlkjdvnhcj")
public suspend fun path(`value`: Output) {
this.path = value
}
/**
* @param value Provider specific handling configuration. All values may be strings, and the provider will convert to the appropriate type when configuring Vault.
*/
@JvmName("xliuwifdfitrqvtc")
public suspend fun providerConfig(`value`: Output>) {
this.providerConfig = value
}
/**
* @param value
*/
@JvmName("xwfniupxqfeduktj")
public suspend fun tune(`value`: Output) {
this.tune = value
}
/**
* @param value Type of auth backend. Should be one of `jwt` or `oidc`. Default - `jwt`
*/
@JvmName("lgnggijojajcwbtx")
public suspend fun type(`value`: Output) {
this.type = value
}
/**
* @param value The value against which to match the iss claim in a JWT
*/
@JvmName("xistmsfkxxmnolre")
public suspend fun boundIssuer(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.boundIssuer = mapped
}
/**
* @param value The default role to use if none is provided during login
*/
@JvmName("yjqrvoihaykmuekg")
public suspend fun defaultRole(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.defaultRole = mapped
}
/**
* @param value The description of the auth backend
*/
@JvmName("vkiabfhwvjbijjjw")
public suspend fun description(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.description = mapped
}
/**
* @param value If set, opts out of mount migration on path updates.
* See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
*/
@JvmName("afpilughaohqwpih")
public suspend fun disableRemount(`value`: Boolean?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.disableRemount = mapped
}
/**
* @param value The CA certificate or chain of certificates, in PEM format, to use to validate connections to the JWKS URL. If not set, system certificates are used.
*/
@JvmName("qxoigbnatssmbniu")
public suspend fun jwksCaPem(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.jwksCaPem = mapped
}
/**
* @param value JWKS URL to use to authenticate signatures. Cannot be used with "oidc_discovery_url" or "jwt_validation_pubkeys".
*/
@JvmName("hunqjkqyddlulwvi")
public suspend fun jwksUrl(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.jwksUrl = mapped
}
/**
* @param value A list of supported signing algorithms. Vault 1.1.0 defaults to [RS256] but future or past versions of Vault may differ
*/
@JvmName("vuxuhakrigonfqum")
public suspend fun jwtSupportedAlgs(`value`: List?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.jwtSupportedAlgs = mapped
}
/**
* @param values A list of supported signing algorithms. Vault 1.1.0 defaults to [RS256] but future or past versions of Vault may differ
*/
@JvmName("uiaxudbjnivuflwx")
public suspend fun jwtSupportedAlgs(vararg values: String) {
val toBeMapped = values.toList()
val mapped = toBeMapped.let({ args0 -> of(args0) })
this.jwtSupportedAlgs = mapped
}
/**
* @param value A list of PEM-encoded public keys to use to authenticate signatures locally. Cannot be used in combination with `oidc_discovery_url`
*/
@JvmName("dsanfamewqhndbud")
public suspend fun jwtValidationPubkeys(`value`: List?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.jwtValidationPubkeys = mapped
}
/**
* @param values A list of PEM-encoded public keys to use to authenticate signatures locally. Cannot be used in combination with `oidc_discovery_url`
*/
@JvmName("hblqrywqxeagftyv")
public suspend fun jwtValidationPubkeys(vararg values: String) {
val toBeMapped = values.toList()
val mapped = toBeMapped.let({ args0 -> of(args0) })
this.jwtValidationPubkeys = mapped
}
/**
* @param value Specifies if the auth method is local only.
*/
@JvmName("rjtaimdftdvnrlnu")
public suspend fun local(`value`: Boolean?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.local = mapped
}
/**
* @param value The namespace to provision the resource in.
* The value should not contain leading or trailing forward slashes.
* The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
* *Available only for Vault Enterprise*.
*/
@JvmName("aplngcjmgmoaxbwn")
public suspend fun namespace(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.namespace = mapped
}
/**
* @param value Pass namespace in the OIDC state parameter instead of as a separate query parameter. With this setting, the allowed redirect URL(s) in Vault and on the provider side should not contain a namespace query parameter. This means only one redirect URL entry needs to be maintained on the OIDC provider side for all vault namespaces that will be authenticating against it. Defaults to true for new configs
* * tune - (Optional) Extra configuration block. Structure is documented below.
* The `tune` block is used to tune the auth backend:
*/
@JvmName("rycsnghrgljthmwk")
public suspend fun namespaceInState(`value`: Boolean?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.namespaceInState = mapped
}
/**
* @param value Client ID used for OIDC backends
*/
@JvmName("joinlaswtooxbhvq")
public suspend fun oidcClientId(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.oidcClientId = mapped
}
/**
* @param value Client Secret used for OIDC backends
*/
@JvmName("vlntewfjdgqlgvcm")
public suspend fun oidcClientSecret(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.oidcClientSecret = mapped
}
/**
* @param value The CA certificate or chain of certificates, in PEM format, to use to validate connections to the OIDC Discovery URL. If not set, system certificates are used
*/
@JvmName("eckjfbemevhgvmay")
public suspend fun oidcDiscoveryCaPem(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.oidcDiscoveryCaPem = mapped
}
/**
* @param value The OIDC Discovery URL, without any .well-known component (base path). Cannot be used in combination with `jwt_validation_pubkeys`
*/
@JvmName("hlyjasbsdmjivipp")
public suspend fun oidcDiscoveryUrl(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.oidcDiscoveryUrl = mapped
}
/**
* @param value The response mode to be used in the OAuth2 request. Allowed values are `query` and `form_post`. Defaults to `query`. If using Vault namespaces, and `oidc_response_mode` is `form_post`, then `namespace_in_state` should be set to `false`.
*/
@JvmName("muelewwfxiovdhyf")
public suspend fun oidcResponseMode(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.oidcResponseMode = mapped
}
/**
* @param value List of response types to request. Allowed values are 'code' and 'id_token'. Defaults to `["code"]`. Note: `id_token` may only be used if `oidc_response_mode` is set to `form_post`.
*/
@JvmName("jvojpfcxiyqerdio")
public suspend fun oidcResponseTypes(`value`: List?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.oidcResponseTypes = mapped
}
/**
* @param values List of response types to request. Allowed values are 'code' and 'id_token'. Defaults to `["code"]`. Note: `id_token` may only be used if `oidc_response_mode` is set to `form_post`.
*/
@JvmName("mnuhhrprqarrdbad")
public suspend fun oidcResponseTypes(vararg values: String) {
val toBeMapped = values.toList()
val mapped = toBeMapped.let({ args0 -> of(args0) })
this.oidcResponseTypes = mapped
}
/**
* @param value Path to mount the JWT/OIDC auth backend
*/
@JvmName("cwwljqyufnyadsxx")
public suspend fun path(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.path = mapped
}
/**
* @param value Provider specific handling configuration. All values may be strings, and the provider will convert to the appropriate type when configuring Vault.
*/
@JvmName("ldyajxxdqqlcphyx")
public suspend fun providerConfig(`value`: Map?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.providerConfig = mapped
}
/**
* @param values Provider specific handling configuration. All values may be strings, and the provider will convert to the appropriate type when configuring Vault.
*/
@JvmName("ivexkjofhyirgnbn")
public fun providerConfig(vararg values: Pair) {
val toBeMapped = values.toMap()
val mapped = toBeMapped.let({ args0 -> of(args0) })
this.providerConfig = mapped
}
/**
* @param value
*/
@JvmName("lpicaawglhaqwjqw")
public suspend fun tune(`value`: AuthBackendTuneArgs?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.tune = mapped
}
/**
* @param argument
*/
@JvmName("nejjcgxtyvtotvcs")
public suspend fun tune(argument: suspend AuthBackendTuneArgsBuilder.() -> Unit) {
val toBeMapped = AuthBackendTuneArgsBuilder().applySuspend { argument() }.build()
val mapped = of(toBeMapped)
this.tune = mapped
}
/**
* @param value Type of auth backend. Should be one of `jwt` or `oidc`. Default - `jwt`
*/
@JvmName("loufqosrjxhpniqr")
public suspend fun type(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.type = mapped
}
internal fun build(): AuthBackendArgs = AuthBackendArgs(
boundIssuer = boundIssuer,
defaultRole = defaultRole,
description = description,
disableRemount = disableRemount,
jwksCaPem = jwksCaPem,
jwksUrl = jwksUrl,
jwtSupportedAlgs = jwtSupportedAlgs,
jwtValidationPubkeys = jwtValidationPubkeys,
local = local,
namespace = namespace,
namespaceInState = namespaceInState,
oidcClientId = oidcClientId,
oidcClientSecret = oidcClientSecret,
oidcDiscoveryCaPem = oidcDiscoveryCaPem,
oidcDiscoveryUrl = oidcDiscoveryUrl,
oidcResponseMode = oidcResponseMode,
oidcResponseTypes = oidcResponseTypes,
path = path,
providerConfig = providerConfig,
tune = tune,
type = type,
)
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy