com.pulumi.vault.kotlin.CertAuthBackendRole.kt Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of pulumi-vault-kotlin Show documentation
Show all versions of pulumi-vault-kotlin Show documentation
Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.
@file:Suppress("NAME_SHADOWING", "DEPRECATION")
package com.pulumi.vault.kotlin
import com.pulumi.core.Output
import com.pulumi.kotlin.KotlinCustomResource
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.kotlin.ResourceMapper
import com.pulumi.kotlin.options.CustomResourceOptions
import com.pulumi.kotlin.options.CustomResourceOptionsBuilder
import com.pulumi.resources.Resource
import kotlin.Boolean
import kotlin.Int
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
import kotlin.collections.List
/**
* Builder for [CertAuthBackendRole].
*/
@PulumiTagMarker
public class CertAuthBackendRoleResourceBuilder internal constructor() {
public var name: String? = null
public var args: CertAuthBackendRoleArgs = CertAuthBackendRoleArgs()
public var opts: CustomResourceOptions = CustomResourceOptions()
/**
* @param name The _unique_ name of the resulting resource.
*/
public fun name(`value`: String) {
this.name = value
}
/**
* @param block The arguments to use to populate this resource's properties.
*/
public suspend fun args(block: suspend CertAuthBackendRoleArgsBuilder.() -> Unit) {
val builder = CertAuthBackendRoleArgsBuilder()
block(builder)
this.args = builder.build()
}
/**
* @param block A bag of options that control this resource's behavior.
*/
public suspend fun opts(block: suspend CustomResourceOptionsBuilder.() -> Unit) {
this.opts = com.pulumi.kotlin.options.CustomResourceOptions.opts(block)
}
internal fun build(): CertAuthBackendRole {
val builtJavaResource = com.pulumi.vault.CertAuthBackendRole(
this.name,
this.args.toJava(),
this.opts.toJava(),
)
return CertAuthBackendRole(builtJavaResource)
}
}
/**
* Provides a resource to create a role in an [Cert auth backend within Vault](https://www.vaultproject.io/docs/auth/cert.html).
* ## Example Usage
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as std from "@pulumi/std";
* import * as vault from "@pulumi/vault";
* const cert = new vault.AuthBackend("cert", {
* path: "cert",
* type: "cert",
* });
* const certCertAuthBackendRole = new vault.CertAuthBackendRole("cert", {
* name: "foo",
* certificate: std.file({
* input: "/path/to/certs/ca-cert.pem",
* }).then(invoke => invoke.result),
* backend: cert.path,
* allowedNames: [
* "foo.example.org",
* "baz.example.org",
* ],
* tokenTtl: 300,
* tokenMaxTtl: 600,
* tokenPolicies: ["foo"],
* });
* ```
* ```python
* import pulumi
* import pulumi_std as std
* import pulumi_vault as vault
* cert = vault.AuthBackend("cert",
* path="cert",
* type="cert")
* cert_cert_auth_backend_role = vault.CertAuthBackendRole("cert",
* name="foo",
* certificate=std.file(input="/path/to/certs/ca-cert.pem").result,
* backend=cert.path,
* allowed_names=[
* "foo.example.org",
* "baz.example.org",
* ],
* token_ttl=300,
* token_max_ttl=600,
* token_policies=["foo"])
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Std = Pulumi.Std;
* using Vault = Pulumi.Vault;
* return await Deployment.RunAsync(() =>
* {
* var cert = new Vault.AuthBackend("cert", new()
* {
* Path = "cert",
* Type = "cert",
* });
* var certCertAuthBackendRole = new Vault.CertAuthBackendRole("cert", new()
* {
* Name = "foo",
* Certificate = Std.File.Invoke(new()
* {
* Input = "/path/to/certs/ca-cert.pem",
* }).Apply(invoke => invoke.Result),
* Backend = cert.Path,
* AllowedNames = new[]
* {
* "foo.example.org",
* "baz.example.org",
* },
* TokenTtl = 300,
* TokenMaxTtl = 600,
* TokenPolicies = new[]
* {
* "foo",
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-std/sdk/go/std"
* "github.com/pulumi/pulumi-vault/sdk/v6/go/vault"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* cert, err := vault.NewAuthBackend(ctx, "cert", &vault.AuthBackendArgs{
* Path: pulumi.String("cert"),
* Type: pulumi.String("cert"),
* })
* if err != nil {
* return err
* }
* invokeFile, err := std.File(ctx, &std.FileArgs{
* Input: "/path/to/certs/ca-cert.pem",
* }, nil)
* if err != nil {
* return err
* }
* _, err = vault.NewCertAuthBackendRole(ctx, "cert", &vault.CertAuthBackendRoleArgs{
* Name: pulumi.String("foo"),
* Certificate: pulumi.String(invokeFile.Result),
* Backend: cert.Path,
* AllowedNames: pulumi.StringArray{
* pulumi.String("foo.example.org"),
* pulumi.String("baz.example.org"),
* },
* TokenTtl: pulumi.Int(300),
* TokenMaxTtl: pulumi.Int(600),
* TokenPolicies: pulumi.StringArray{
* pulumi.String("foo"),
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.vault.AuthBackend;
* import com.pulumi.vault.AuthBackendArgs;
* import com.pulumi.vault.CertAuthBackendRole;
* import com.pulumi.vault.CertAuthBackendRoleArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var cert = new AuthBackend("cert", AuthBackendArgs.builder()
* .path("cert")
* .type("cert")
* .build());
* var certCertAuthBackendRole = new CertAuthBackendRole("certCertAuthBackendRole", CertAuthBackendRoleArgs.builder()
* .name("foo")
* .certificate(StdFunctions.file(FileArgs.builder()
* .input("/path/to/certs/ca-cert.pem")
* .build()).result())
* .backend(cert.path())
* .allowedNames(
* "foo.example.org",
* "baz.example.org")
* .tokenTtl(300)
* .tokenMaxTtl(600)
* .tokenPolicies("foo")
* .build());
* }
* }
* ```
* ```yaml
* resources:
* cert:
* type: vault:AuthBackend
* properties:
* path: cert
* type: cert
* certCertAuthBackendRole:
* type: vault:CertAuthBackendRole
* name: cert
* properties:
* name: foo
* certificate:
* fn::invoke:
* Function: std:file
* Arguments:
* input: /path/to/certs/ca-cert.pem
* Return: result
* backend: ${cert.path}
* allowedNames:
* - foo.example.org
* - baz.example.org
* tokenTtl: 300
* tokenMaxTtl: 600
* tokenPolicies:
* - foo
* ```
*
*/
public class CertAuthBackendRole internal constructor(
override val javaResource: com.pulumi.vault.CertAuthBackendRole,
) : KotlinCustomResource(javaResource, CertAuthBackendRoleMapper) {
/**
* Allowed the common names for authenticated client certificates
*/
public val allowedCommonNames: Output>
get() = javaResource.allowedCommonNames().applyValue({ args0 -> args0.map({ args0 -> args0 }) })
/**
* Allowed alternative dns names for authenticated client certificates
*/
public val allowedDnsSans: Output>
get() = javaResource.allowedDnsSans().applyValue({ args0 -> args0.map({ args0 -> args0 }) })
/**
* Allowed emails for authenticated client certificates
*/
public val allowedEmailSans: Output>
get() = javaResource.allowedEmailSans().applyValue({ args0 -> args0.map({ args0 -> args0 }) })
/**
* DEPRECATED: Please use the individual `allowed_X_sans` parameters instead. Allowed subject names for authenticated client certificates
*/
public val allowedNames: Output>
get() = javaResource.allowedNames().applyValue({ args0 -> args0.map({ args0 -> args0 }) })
/**
* Allowed organization units for authenticated client certificates.
*/
public val allowedOrganizationalUnits: Output>?
get() = javaResource.allowedOrganizationalUnits().applyValue({ args0 ->
args0.map({ args0 ->
args0.map({ args0 -> args0 })
}).orElse(null)
})
/**
* Allowed URIs for authenticated client certificates
*/
public val allowedUriSans: Output>
get() = javaResource.allowedUriSans().applyValue({ args0 -> args0.map({ args0 -> args0 }) })
/**
* Path to the mounted Cert auth backend
*/
public val backend: Output?
get() = javaResource.backend().applyValue({ args0 -> args0.map({ args0 -> args0 }).orElse(null) })
/**
* CA certificate used to validate client certificates
*/
public val certificate: Output
get() = javaResource.certificate().applyValue({ args0 -> args0 })
/**
* The name to display on tokens issued under this role.
*/
public val displayName: Output
get() = javaResource.displayName().applyValue({ args0 -> args0 })
/**
* Name of the role
*/
public val name: Output
get() = javaResource.name().applyValue({ args0 -> args0 })
/**
* The namespace to provision the resource in.
* The value should not contain leading or trailing forward slashes.
* The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
* *Available only for Vault Enterprise*.
*/
public val namespace: Output?
get() = javaResource.namespace().applyValue({ args0 -> args0.map({ args0 -> args0 }).orElse(null) })
/**
* Any additional CA certificates
* needed to verify OCSP responses. Provided as base64 encoded PEM data.
* Requires Vault version 1.13+.
*/
public val ocspCaCertificates: Output?
get() = javaResource.ocspCaCertificates().applyValue({ args0 ->
args0.map({ args0 ->
args0
}).orElse(null)
})
/**
* If enabled, validate certificates'
* revocation status using OCSP. Requires Vault version 1.13+.
*/
public val ocspEnabled: Output
get() = javaResource.ocspEnabled().applyValue({ args0 -> args0 })
/**
* If true and an OCSP response cannot
* be fetched or is of an unknown status, the login will proceed as if the
* certificate has not been revoked.
* Requires Vault version 1.13+.
*/
public val ocspFailOpen: Output
get() = javaResource.ocspFailOpen().applyValue({ args0 -> args0 })
/**
* If set to true, rather than
* accepting the first successful OCSP response, query all servers and consider
* the certificate valid only if all servers agree.
* Requires Vault version 1.13+.
*/
public val ocspQueryAllServers: Output
get() = javaResource.ocspQueryAllServers().applyValue({ args0 -> args0 })
/**
* : A comma-separated list of OCSP
* server addresses. If unset, the OCSP server is determined from the
* AuthorityInformationAccess extension on the certificate being inspected.
* Requires Vault version 1.13+.
*/
public val ocspServersOverrides: Output>?
get() = javaResource.ocspServersOverrides().applyValue({ args0 ->
args0.map({ args0 ->
args0.map({ args0 -> args0 })
}).orElse(null)
})
/**
* TLS extensions required on
* client certificates
*/
public val requiredExtensions: Output>
get() = javaResource.requiredExtensions().applyValue({ args0 -> args0.map({ args0 -> args0 }) })
/**
* Specifies the blocks of IP addresses which are allowed to use the generated token
*/
public val tokenBoundCidrs: Output>?
get() = javaResource.tokenBoundCidrs().applyValue({ args0 ->
args0.map({ args0 ->
args0.map({ args0 -> args0 })
}).orElse(null)
})
/**
* Generated Token's Explicit Maximum TTL in seconds
*/
public val tokenExplicitMaxTtl: Output?
get() = javaResource.tokenExplicitMaxTtl().applyValue({ args0 ->
args0.map({ args0 ->
args0
}).orElse(null)
})
/**
* The maximum lifetime of the generated token
*/
public val tokenMaxTtl: Output?
get() = javaResource.tokenMaxTtl().applyValue({ args0 ->
args0.map({ args0 ->
args0
}).orElse(null)
})
/**
* If true, the 'default' policy will not automatically be added to generated tokens
*/
public val tokenNoDefaultPolicy: Output?
get() = javaResource.tokenNoDefaultPolicy().applyValue({ args0 ->
args0.map({ args0 ->
args0
}).orElse(null)
})
/**
* The maximum number of times a token may be used, a value of zero means unlimited
*/
public val tokenNumUses: Output?
get() = javaResource.tokenNumUses().applyValue({ args0 ->
args0.map({ args0 ->
args0
}).orElse(null)
})
/**
* Generated Token's Period
*/
public val tokenPeriod: Output?
get() = javaResource.tokenPeriod().applyValue({ args0 ->
args0.map({ args0 ->
args0
}).orElse(null)
})
/**
* Generated Token's Policies
*/
public val tokenPolicies: Output>?
get() = javaResource.tokenPolicies().applyValue({ args0 ->
args0.map({ args0 ->
args0.map({ args0 -> args0 })
}).orElse(null)
})
/**
* The initial ttl of the token to generate in seconds
*/
public val tokenTtl: Output?
get() = javaResource.tokenTtl().applyValue({ args0 -> args0.map({ args0 -> args0 }).orElse(null) })
/**
* The type of token to generate, service or batch
*/
public val tokenType: Output?
get() = javaResource.tokenType().applyValue({ args0 -> args0.map({ args0 -> args0 }).orElse(null) })
}
public object CertAuthBackendRoleMapper : ResourceMapper {
override fun supportsMappingOfType(javaResource: Resource): Boolean =
com.pulumi.vault.CertAuthBackendRole::class == javaResource::class
override fun map(javaResource: Resource): CertAuthBackendRole = CertAuthBackendRole(
javaResource
as com.pulumi.vault.CertAuthBackendRole,
)
}
/**
* @see [CertAuthBackendRole].
* @param name The _unique_ name of the resulting resource.
* @param block Builder for [CertAuthBackendRole].
*/
public suspend fun certAuthBackendRole(
name: String,
block: suspend CertAuthBackendRoleResourceBuilder.() -> Unit,
): CertAuthBackendRole {
val builder = CertAuthBackendRoleResourceBuilder()
builder.name(name)
block(builder)
return builder.build()
}
/**
* @see [CertAuthBackendRole].
* @param name The _unique_ name of the resulting resource.
*/
public fun certAuthBackendRole(name: String): CertAuthBackendRole {
val builder = CertAuthBackendRoleResourceBuilder()
builder.name(name)
return builder.build()
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy