com.pulumi.vault.kotlin.CertAuthBackendRoleArgs.kt Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of pulumi-vault-kotlin Show documentation
Show all versions of pulumi-vault-kotlin Show documentation
Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.
@file:Suppress("NAME_SHADOWING", "DEPRECATION")
package com.pulumi.vault.kotlin
import com.pulumi.core.Output
import com.pulumi.core.Output.of
import com.pulumi.kotlin.ConvertibleToJava
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.vault.CertAuthBackendRoleArgs.builder
import kotlin.Boolean
import kotlin.Int
import kotlin.String
import kotlin.Suppress
import kotlin.collections.List
import kotlin.jvm.JvmName
/**
* Provides a resource to create a role in an [Cert auth backend within Vault](https://www.vaultproject.io/docs/auth/cert.html).
* ## Example Usage
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as std from "@pulumi/std";
* import * as vault from "@pulumi/vault";
* const cert = new vault.AuthBackend("cert", {
* path: "cert",
* type: "cert",
* });
* const certCertAuthBackendRole = new vault.CertAuthBackendRole("cert", {
* name: "foo",
* certificate: std.file({
* input: "/path/to/certs/ca-cert.pem",
* }).then(invoke => invoke.result),
* backend: cert.path,
* allowedNames: [
* "foo.example.org",
* "baz.example.org",
* ],
* tokenTtl: 300,
* tokenMaxTtl: 600,
* tokenPolicies: ["foo"],
* });
* ```
* ```python
* import pulumi
* import pulumi_std as std
* import pulumi_vault as vault
* cert = vault.AuthBackend("cert",
* path="cert",
* type="cert")
* cert_cert_auth_backend_role = vault.CertAuthBackendRole("cert",
* name="foo",
* certificate=std.file(input="/path/to/certs/ca-cert.pem").result,
* backend=cert.path,
* allowed_names=[
* "foo.example.org",
* "baz.example.org",
* ],
* token_ttl=300,
* token_max_ttl=600,
* token_policies=["foo"])
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Std = Pulumi.Std;
* using Vault = Pulumi.Vault;
* return await Deployment.RunAsync(() =>
* {
* var cert = new Vault.AuthBackend("cert", new()
* {
* Path = "cert",
* Type = "cert",
* });
* var certCertAuthBackendRole = new Vault.CertAuthBackendRole("cert", new()
* {
* Name = "foo",
* Certificate = Std.File.Invoke(new()
* {
* Input = "/path/to/certs/ca-cert.pem",
* }).Apply(invoke => invoke.Result),
* Backend = cert.Path,
* AllowedNames = new[]
* {
* "foo.example.org",
* "baz.example.org",
* },
* TokenTtl = 300,
* TokenMaxTtl = 600,
* TokenPolicies = new[]
* {
* "foo",
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-std/sdk/go/std"
* "github.com/pulumi/pulumi-vault/sdk/v6/go/vault"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* cert, err := vault.NewAuthBackend(ctx, "cert", &vault.AuthBackendArgs{
* Path: pulumi.String("cert"),
* Type: pulumi.String("cert"),
* })
* if err != nil {
* return err
* }
* invokeFile, err := std.File(ctx, &std.FileArgs{
* Input: "/path/to/certs/ca-cert.pem",
* }, nil)
* if err != nil {
* return err
* }
* _, err = vault.NewCertAuthBackendRole(ctx, "cert", &vault.CertAuthBackendRoleArgs{
* Name: pulumi.String("foo"),
* Certificate: pulumi.String(invokeFile.Result),
* Backend: cert.Path,
* AllowedNames: pulumi.StringArray{
* pulumi.String("foo.example.org"),
* pulumi.String("baz.example.org"),
* },
* TokenTtl: pulumi.Int(300),
* TokenMaxTtl: pulumi.Int(600),
* TokenPolicies: pulumi.StringArray{
* pulumi.String("foo"),
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.vault.AuthBackend;
* import com.pulumi.vault.AuthBackendArgs;
* import com.pulumi.vault.CertAuthBackendRole;
* import com.pulumi.vault.CertAuthBackendRoleArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var cert = new AuthBackend("cert", AuthBackendArgs.builder()
* .path("cert")
* .type("cert")
* .build());
* var certCertAuthBackendRole = new CertAuthBackendRole("certCertAuthBackendRole", CertAuthBackendRoleArgs.builder()
* .name("foo")
* .certificate(StdFunctions.file(FileArgs.builder()
* .input("/path/to/certs/ca-cert.pem")
* .build()).result())
* .backend(cert.path())
* .allowedNames(
* "foo.example.org",
* "baz.example.org")
* .tokenTtl(300)
* .tokenMaxTtl(600)
* .tokenPolicies("foo")
* .build());
* }
* }
* ```
* ```yaml
* resources:
* cert:
* type: vault:AuthBackend
* properties:
* path: cert
* type: cert
* certCertAuthBackendRole:
* type: vault:CertAuthBackendRole
* name: cert
* properties:
* name: foo
* certificate:
* fn::invoke:
* Function: std:file
* Arguments:
* input: /path/to/certs/ca-cert.pem
* Return: result
* backend: ${cert.path}
* allowedNames:
* - foo.example.org
* - baz.example.org
* tokenTtl: 300
* tokenMaxTtl: 600
* tokenPolicies:
* - foo
* ```
*
* @property allowedCommonNames Allowed the common names for authenticated client certificates
* @property allowedDnsSans Allowed alternative dns names for authenticated client certificates
* @property allowedEmailSans Allowed emails for authenticated client certificates
* @property allowedNames DEPRECATED: Please use the individual `allowed_X_sans` parameters instead. Allowed subject names for authenticated client certificates
* @property allowedOrganizationalUnits Allowed organization units for authenticated client certificates.
* @property allowedUriSans Allowed URIs for authenticated client certificates
* @property backend Path to the mounted Cert auth backend
* @property certificate CA certificate used to validate client certificates
* @property displayName The name to display on tokens issued under this role.
* @property name Name of the role
* @property namespace The namespace to provision the resource in.
* The value should not contain leading or trailing forward slashes.
* The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
* *Available only for Vault Enterprise*.
* @property ocspCaCertificates Any additional CA certificates
* needed to verify OCSP responses. Provided as base64 encoded PEM data.
* Requires Vault version 1.13+.
* @property ocspEnabled If enabled, validate certificates'
* revocation status using OCSP. Requires Vault version 1.13+.
* @property ocspFailOpen If true and an OCSP response cannot
* be fetched or is of an unknown status, the login will proceed as if the
* certificate has not been revoked.
* Requires Vault version 1.13+.
* @property ocspQueryAllServers If set to true, rather than
* accepting the first successful OCSP response, query all servers and consider
* the certificate valid only if all servers agree.
* Requires Vault version 1.13+.
* @property ocspServersOverrides : A comma-separated list of OCSP
* server addresses. If unset, the OCSP server is determined from the
* AuthorityInformationAccess extension on the certificate being inspected.
* Requires Vault version 1.13+.
* @property requiredExtensions TLS extensions required on
* client certificates
* @property tokenBoundCidrs Specifies the blocks of IP addresses which are allowed to use the generated token
* @property tokenExplicitMaxTtl Generated Token's Explicit Maximum TTL in seconds
* @property tokenMaxTtl The maximum lifetime of the generated token
* @property tokenNoDefaultPolicy If true, the 'default' policy will not automatically be added to generated tokens
* @property tokenNumUses The maximum number of times a token may be used, a value of zero means unlimited
* @property tokenPeriod Generated Token's Period
* @property tokenPolicies Generated Token's Policies
* @property tokenTtl The initial ttl of the token to generate in seconds
* @property tokenType The type of token to generate, service or batch
*/
public data class CertAuthBackendRoleArgs(
public val allowedCommonNames: Output>? = null,
public val allowedDnsSans: Output>? = null,
public val allowedEmailSans: Output>? = null,
public val allowedNames: Output>? = null,
public val allowedOrganizationalUnits: Output>? = null,
public val allowedUriSans: Output>? = null,
public val backend: Output? = null,
public val certificate: Output? = null,
public val displayName: Output? = null,
public val name: Output? = null,
public val namespace: Output? = null,
public val ocspCaCertificates: Output? = null,
public val ocspEnabled: Output? = null,
public val ocspFailOpen: Output? = null,
public val ocspQueryAllServers: Output? = null,
public val ocspServersOverrides: Output>? = null,
public val requiredExtensions: Output>? = null,
public val tokenBoundCidrs: Output>? = null,
public val tokenExplicitMaxTtl: Output? = null,
public val tokenMaxTtl: Output? = null,
public val tokenNoDefaultPolicy: Output? = null,
public val tokenNumUses: Output? = null,
public val tokenPeriod: Output? = null,
public val tokenPolicies: Output>? = null,
public val tokenTtl: Output? = null,
public val tokenType: Output? = null,
) : ConvertibleToJava {
override fun toJava(): com.pulumi.vault.CertAuthBackendRoleArgs =
com.pulumi.vault.CertAuthBackendRoleArgs.builder()
.allowedCommonNames(allowedCommonNames?.applyValue({ args0 -> args0.map({ args0 -> args0 }) }))
.allowedDnsSans(allowedDnsSans?.applyValue({ args0 -> args0.map({ args0 -> args0 }) }))
.allowedEmailSans(allowedEmailSans?.applyValue({ args0 -> args0.map({ args0 -> args0 }) }))
.allowedNames(allowedNames?.applyValue({ args0 -> args0.map({ args0 -> args0 }) }))
.allowedOrganizationalUnits(
allowedOrganizationalUnits?.applyValue({ args0 ->
args0.map({ args0 ->
args0
})
}),
)
.allowedUriSans(allowedUriSans?.applyValue({ args0 -> args0.map({ args0 -> args0 }) }))
.backend(backend?.applyValue({ args0 -> args0 }))
.certificate(certificate?.applyValue({ args0 -> args0 }))
.displayName(displayName?.applyValue({ args0 -> args0 }))
.name(name?.applyValue({ args0 -> args0 }))
.namespace(namespace?.applyValue({ args0 -> args0 }))
.ocspCaCertificates(ocspCaCertificates?.applyValue({ args0 -> args0 }))
.ocspEnabled(ocspEnabled?.applyValue({ args0 -> args0 }))
.ocspFailOpen(ocspFailOpen?.applyValue({ args0 -> args0 }))
.ocspQueryAllServers(ocspQueryAllServers?.applyValue({ args0 -> args0 }))
.ocspServersOverrides(ocspServersOverrides?.applyValue({ args0 -> args0.map({ args0 -> args0 }) }))
.requiredExtensions(requiredExtensions?.applyValue({ args0 -> args0.map({ args0 -> args0 }) }))
.tokenBoundCidrs(tokenBoundCidrs?.applyValue({ args0 -> args0.map({ args0 -> args0 }) }))
.tokenExplicitMaxTtl(tokenExplicitMaxTtl?.applyValue({ args0 -> args0 }))
.tokenMaxTtl(tokenMaxTtl?.applyValue({ args0 -> args0 }))
.tokenNoDefaultPolicy(tokenNoDefaultPolicy?.applyValue({ args0 -> args0 }))
.tokenNumUses(tokenNumUses?.applyValue({ args0 -> args0 }))
.tokenPeriod(tokenPeriod?.applyValue({ args0 -> args0 }))
.tokenPolicies(tokenPolicies?.applyValue({ args0 -> args0.map({ args0 -> args0 }) }))
.tokenTtl(tokenTtl?.applyValue({ args0 -> args0 }))
.tokenType(tokenType?.applyValue({ args0 -> args0 })).build()
}
/**
* Builder for [CertAuthBackendRoleArgs].
*/
@PulumiTagMarker
public class CertAuthBackendRoleArgsBuilder internal constructor() {
private var allowedCommonNames: Output>? = null
private var allowedDnsSans: Output>? = null
private var allowedEmailSans: Output>? = null
private var allowedNames: Output>? = null
private var allowedOrganizationalUnits: Output>? = null
private var allowedUriSans: Output>? = null
private var backend: Output? = null
private var certificate: Output? = null
private var displayName: Output? = null
private var name: Output? = null
private var namespace: Output? = null
private var ocspCaCertificates: Output? = null
private var ocspEnabled: Output? = null
private var ocspFailOpen: Output? = null
private var ocspQueryAllServers: Output? = null
private var ocspServersOverrides: Output>? = null
private var requiredExtensions: Output>? = null
private var tokenBoundCidrs: Output>? = null
private var tokenExplicitMaxTtl: Output? = null
private var tokenMaxTtl: Output? = null
private var tokenNoDefaultPolicy: Output? = null
private var tokenNumUses: Output? = null
private var tokenPeriod: Output? = null
private var tokenPolicies: Output>? = null
private var tokenTtl: Output? = null
private var tokenType: Output? = null
/**
* @param value Allowed the common names for authenticated client certificates
*/
@JvmName("kyhhaylwnektjmna")
public suspend fun allowedCommonNames(`value`: Output>) {
this.allowedCommonNames = value
}
@JvmName("grsgstnkemqpqrog")
public suspend fun allowedCommonNames(vararg values: Output) {
this.allowedCommonNames = Output.all(values.asList())
}
/**
* @param values Allowed the common names for authenticated client certificates
*/
@JvmName("oebwmtgyjhwgrqjv")
public suspend fun allowedCommonNames(values: List>) {
this.allowedCommonNames = Output.all(values)
}
/**
* @param value Allowed alternative dns names for authenticated client certificates
*/
@JvmName("rwjcvcvhaujtudpv")
public suspend fun allowedDnsSans(`value`: Output>) {
this.allowedDnsSans = value
}
@JvmName("tommbofxnefxfhqj")
public suspend fun allowedDnsSans(vararg values: Output) {
this.allowedDnsSans = Output.all(values.asList())
}
/**
* @param values Allowed alternative dns names for authenticated client certificates
*/
@JvmName("bhnbobtvyhnjqvfv")
public suspend fun allowedDnsSans(values: List>) {
this.allowedDnsSans = Output.all(values)
}
/**
* @param value Allowed emails for authenticated client certificates
*/
@JvmName("cbfocbogelxoaxyh")
public suspend fun allowedEmailSans(`value`: Output>) {
this.allowedEmailSans = value
}
@JvmName("xpyjxpjpqmlueivr")
public suspend fun allowedEmailSans(vararg values: Output) {
this.allowedEmailSans = Output.all(values.asList())
}
/**
* @param values Allowed emails for authenticated client certificates
*/
@JvmName("giqevlwxavuaaihy")
public suspend fun allowedEmailSans(values: List>) {
this.allowedEmailSans = Output.all(values)
}
/**
* @param value DEPRECATED: Please use the individual `allowed_X_sans` parameters instead. Allowed subject names for authenticated client certificates
*/
@JvmName("qgxtlnvqyosxnarp")
public suspend fun allowedNames(`value`: Output>) {
this.allowedNames = value
}
@JvmName("vsyocfqcotqaxbma")
public suspend fun allowedNames(vararg values: Output) {
this.allowedNames = Output.all(values.asList())
}
/**
* @param values DEPRECATED: Please use the individual `allowed_X_sans` parameters instead. Allowed subject names for authenticated client certificates
*/
@JvmName("goocoeqfwtohkknc")
public suspend fun allowedNames(values: List>) {
this.allowedNames = Output.all(values)
}
/**
* @param value Allowed organization units for authenticated client certificates.
*/
@JvmName("wvpylbaarnqdhspk")
public suspend fun allowedOrganizationalUnits(`value`: Output>) {
this.allowedOrganizationalUnits = value
}
@JvmName("agewfdymwfgfrell")
public suspend fun allowedOrganizationalUnits(vararg values: Output) {
this.allowedOrganizationalUnits = Output.all(values.asList())
}
/**
* @param values Allowed organization units for authenticated client certificates.
*/
@JvmName("wwsyjyjxlvclpyaa")
public suspend fun allowedOrganizationalUnits(values: List>) {
this.allowedOrganizationalUnits = Output.all(values)
}
/**
* @param value Allowed URIs for authenticated client certificates
*/
@JvmName("glivhaisetgkgauq")
public suspend fun allowedUriSans(`value`: Output>) {
this.allowedUriSans = value
}
@JvmName("ivclcahlgkybuudk")
public suspend fun allowedUriSans(vararg values: Output) {
this.allowedUriSans = Output.all(values.asList())
}
/**
* @param values Allowed URIs for authenticated client certificates
*/
@JvmName("gbcgaqbedcwudyfo")
public suspend fun allowedUriSans(values: List>) {
this.allowedUriSans = Output.all(values)
}
/**
* @param value Path to the mounted Cert auth backend
*/
@JvmName("mqywkhkffssorykx")
public suspend fun backend(`value`: Output) {
this.backend = value
}
/**
* @param value CA certificate used to validate client certificates
*/
@JvmName("rtrnwoubelraampr")
public suspend fun certificate(`value`: Output) {
this.certificate = value
}
/**
* @param value The name to display on tokens issued under this role.
*/
@JvmName("owwqnxhobdxwwein")
public suspend fun displayName(`value`: Output) {
this.displayName = value
}
/**
* @param value Name of the role
*/
@JvmName("opdpgybsdtxkghig")
public suspend fun name(`value`: Output) {
this.name = value
}
/**
* @param value The namespace to provision the resource in.
* The value should not contain leading or trailing forward slashes.
* The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
* *Available only for Vault Enterprise*.
*/
@JvmName("dvulgfdpdljpofab")
public suspend fun namespace(`value`: Output) {
this.namespace = value
}
/**
* @param value Any additional CA certificates
* needed to verify OCSP responses. Provided as base64 encoded PEM data.
* Requires Vault version 1.13+.
*/
@JvmName("mxwkvrywpewkvdar")
public suspend fun ocspCaCertificates(`value`: Output) {
this.ocspCaCertificates = value
}
/**
* @param value If enabled, validate certificates'
* revocation status using OCSP. Requires Vault version 1.13+.
*/
@JvmName("dckhymbrycstnptt")
public suspend fun ocspEnabled(`value`: Output) {
this.ocspEnabled = value
}
/**
* @param value If true and an OCSP response cannot
* be fetched or is of an unknown status, the login will proceed as if the
* certificate has not been revoked.
* Requires Vault version 1.13+.
*/
@JvmName("jhtgoevncwxislmx")
public suspend fun ocspFailOpen(`value`: Output) {
this.ocspFailOpen = value
}
/**
* @param value If set to true, rather than
* accepting the first successful OCSP response, query all servers and consider
* the certificate valid only if all servers agree.
* Requires Vault version 1.13+.
*/
@JvmName("bhabcdgdvayxwxla")
public suspend fun ocspQueryAllServers(`value`: Output) {
this.ocspQueryAllServers = value
}
/**
* @param value : A comma-separated list of OCSP
* server addresses. If unset, the OCSP server is determined from the
* AuthorityInformationAccess extension on the certificate being inspected.
* Requires Vault version 1.13+.
*/
@JvmName("mjdtgpjdgmjemksm")
public suspend fun ocspServersOverrides(`value`: Output>) {
this.ocspServersOverrides = value
}
@JvmName("cuwsddlqxeslonwr")
public suspend fun ocspServersOverrides(vararg values: Output) {
this.ocspServersOverrides = Output.all(values.asList())
}
/**
* @param values : A comma-separated list of OCSP
* server addresses. If unset, the OCSP server is determined from the
* AuthorityInformationAccess extension on the certificate being inspected.
* Requires Vault version 1.13+.
*/
@JvmName("qfeinhknifvaltrw")
public suspend fun ocspServersOverrides(values: List>) {
this.ocspServersOverrides = Output.all(values)
}
/**
* @param value TLS extensions required on
* client certificates
*/
@JvmName("dnkwixqoaxblirok")
public suspend fun requiredExtensions(`value`: Output>) {
this.requiredExtensions = value
}
@JvmName("cvvahoqxfypungyo")
public suspend fun requiredExtensions(vararg values: Output) {
this.requiredExtensions = Output.all(values.asList())
}
/**
* @param values TLS extensions required on
* client certificates
*/
@JvmName("krxrxwepvahymisd")
public suspend fun requiredExtensions(values: List>) {
this.requiredExtensions = Output.all(values)
}
/**
* @param value Specifies the blocks of IP addresses which are allowed to use the generated token
*/
@JvmName("jdepuwnppcjtmytd")
public suspend fun tokenBoundCidrs(`value`: Output>) {
this.tokenBoundCidrs = value
}
@JvmName("scxwdbffomwhaggn")
public suspend fun tokenBoundCidrs(vararg values: Output) {
this.tokenBoundCidrs = Output.all(values.asList())
}
/**
* @param values Specifies the blocks of IP addresses which are allowed to use the generated token
*/
@JvmName("nykywhujhgeldndq")
public suspend fun tokenBoundCidrs(values: List>) {
this.tokenBoundCidrs = Output.all(values)
}
/**
* @param value Generated Token's Explicit Maximum TTL in seconds
*/
@JvmName("jisjcxapvsgiejdg")
public suspend fun tokenExplicitMaxTtl(`value`: Output) {
this.tokenExplicitMaxTtl = value
}
/**
* @param value The maximum lifetime of the generated token
*/
@JvmName("pnhxcyijfcrsyxqk")
public suspend fun tokenMaxTtl(`value`: Output) {
this.tokenMaxTtl = value
}
/**
* @param value If true, the 'default' policy will not automatically be added to generated tokens
*/
@JvmName("aohjcnhhmqiettyd")
public suspend fun tokenNoDefaultPolicy(`value`: Output) {
this.tokenNoDefaultPolicy = value
}
/**
* @param value The maximum number of times a token may be used, a value of zero means unlimited
*/
@JvmName("cnwnlcftkbtmdjtv")
public suspend fun tokenNumUses(`value`: Output) {
this.tokenNumUses = value
}
/**
* @param value Generated Token's Period
*/
@JvmName("rrvymaegbapplyab")
public suspend fun tokenPeriod(`value`: Output) {
this.tokenPeriod = value
}
/**
* @param value Generated Token's Policies
*/
@JvmName("ffvskthpgrftnwxj")
public suspend fun tokenPolicies(`value`: Output>) {
this.tokenPolicies = value
}
@JvmName("yqrpupawfwsuslmr")
public suspend fun tokenPolicies(vararg values: Output) {
this.tokenPolicies = Output.all(values.asList())
}
/**
* @param values Generated Token's Policies
*/
@JvmName("scdsrlmhhtmpteuv")
public suspend fun tokenPolicies(values: List>) {
this.tokenPolicies = Output.all(values)
}
/**
* @param value The initial ttl of the token to generate in seconds
*/
@JvmName("xpquchpmfhwddlyp")
public suspend fun tokenTtl(`value`: Output) {
this.tokenTtl = value
}
/**
* @param value The type of token to generate, service or batch
*/
@JvmName("vphkwvcwnjcfswex")
public suspend fun tokenType(`value`: Output) {
this.tokenType = value
}
/**
* @param value Allowed the common names for authenticated client certificates
*/
@JvmName("xhkopdqjffqadhlc")
public suspend fun allowedCommonNames(`value`: List?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.allowedCommonNames = mapped
}
/**
* @param values Allowed the common names for authenticated client certificates
*/
@JvmName("angpdrcxhlxdkgul")
public suspend fun allowedCommonNames(vararg values: String) {
val toBeMapped = values.toList()
val mapped = toBeMapped.let({ args0 -> of(args0) })
this.allowedCommonNames = mapped
}
/**
* @param value Allowed alternative dns names for authenticated client certificates
*/
@JvmName("onfgrienymihhdun")
public suspend fun allowedDnsSans(`value`: List?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.allowedDnsSans = mapped
}
/**
* @param values Allowed alternative dns names for authenticated client certificates
*/
@JvmName("hmbmqpacnmskabte")
public suspend fun allowedDnsSans(vararg values: String) {
val toBeMapped = values.toList()
val mapped = toBeMapped.let({ args0 -> of(args0) })
this.allowedDnsSans = mapped
}
/**
* @param value Allowed emails for authenticated client certificates
*/
@JvmName("vduleqckrsaicdqs")
public suspend fun allowedEmailSans(`value`: List?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.allowedEmailSans = mapped
}
/**
* @param values Allowed emails for authenticated client certificates
*/
@JvmName("ojdevhaeuokgijjl")
public suspend fun allowedEmailSans(vararg values: String) {
val toBeMapped = values.toList()
val mapped = toBeMapped.let({ args0 -> of(args0) })
this.allowedEmailSans = mapped
}
/**
* @param value DEPRECATED: Please use the individual `allowed_X_sans` parameters instead. Allowed subject names for authenticated client certificates
*/
@JvmName("vddwsajflddgykcb")
public suspend fun allowedNames(`value`: List?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.allowedNames = mapped
}
/**
* @param values DEPRECATED: Please use the individual `allowed_X_sans` parameters instead. Allowed subject names for authenticated client certificates
*/
@JvmName("dovyurabpsemjloh")
public suspend fun allowedNames(vararg values: String) {
val toBeMapped = values.toList()
val mapped = toBeMapped.let({ args0 -> of(args0) })
this.allowedNames = mapped
}
/**
* @param value Allowed organization units for authenticated client certificates.
*/
@JvmName("uytomjkvywhlhjva")
public suspend fun allowedOrganizationalUnits(`value`: List?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.allowedOrganizationalUnits = mapped
}
/**
* @param values Allowed organization units for authenticated client certificates.
*/
@JvmName("ndnqpwjcqxlxkcka")
public suspend fun allowedOrganizationalUnits(vararg values: String) {
val toBeMapped = values.toList()
val mapped = toBeMapped.let({ args0 -> of(args0) })
this.allowedOrganizationalUnits = mapped
}
/**
* @param value Allowed URIs for authenticated client certificates
*/
@JvmName("vjprdiswxsxanwdu")
public suspend fun allowedUriSans(`value`: List?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.allowedUriSans = mapped
}
/**
* @param values Allowed URIs for authenticated client certificates
*/
@JvmName("ssmupynuimfvmgcu")
public suspend fun allowedUriSans(vararg values: String) {
val toBeMapped = values.toList()
val mapped = toBeMapped.let({ args0 -> of(args0) })
this.allowedUriSans = mapped
}
/**
* @param value Path to the mounted Cert auth backend
*/
@JvmName("dfckryotxdoswsev")
public suspend fun backend(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.backend = mapped
}
/**
* @param value CA certificate used to validate client certificates
*/
@JvmName("wwtrulnoxpsjmdiv")
public suspend fun certificate(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.certificate = mapped
}
/**
* @param value The name to display on tokens issued under this role.
*/
@JvmName("vtfjncxymhnuxjyr")
public suspend fun displayName(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.displayName = mapped
}
/**
* @param value Name of the role
*/
@JvmName("jqtvxtoxtymlcaci")
public suspend fun name(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.name = mapped
}
/**
* @param value The namespace to provision the resource in.
* The value should not contain leading or trailing forward slashes.
* The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
* *Available only for Vault Enterprise*.
*/
@JvmName("uxojixniwkxnerea")
public suspend fun namespace(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.namespace = mapped
}
/**
* @param value Any additional CA certificates
* needed to verify OCSP responses. Provided as base64 encoded PEM data.
* Requires Vault version 1.13+.
*/
@JvmName("neflfghhjcknmqec")
public suspend fun ocspCaCertificates(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.ocspCaCertificates = mapped
}
/**
* @param value If enabled, validate certificates'
* revocation status using OCSP. Requires Vault version 1.13+.
*/
@JvmName("qcuhakvwnmbcqkxk")
public suspend fun ocspEnabled(`value`: Boolean?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.ocspEnabled = mapped
}
/**
* @param value If true and an OCSP response cannot
* be fetched or is of an unknown status, the login will proceed as if the
* certificate has not been revoked.
* Requires Vault version 1.13+.
*/
@JvmName("wnfsobxekhstsfdh")
public suspend fun ocspFailOpen(`value`: Boolean?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.ocspFailOpen = mapped
}
/**
* @param value If set to true, rather than
* accepting the first successful OCSP response, query all servers and consider
* the certificate valid only if all servers agree.
* Requires Vault version 1.13+.
*/
@JvmName("gvglxvulijgnucsk")
public suspend fun ocspQueryAllServers(`value`: Boolean?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.ocspQueryAllServers = mapped
}
/**
* @param value : A comma-separated list of OCSP
* server addresses. If unset, the OCSP server is determined from the
* AuthorityInformationAccess extension on the certificate being inspected.
* Requires Vault version 1.13+.
*/
@JvmName("amvbapoqhiaydtbj")
public suspend fun ocspServersOverrides(`value`: List?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.ocspServersOverrides = mapped
}
/**
* @param values : A comma-separated list of OCSP
* server addresses. If unset, the OCSP server is determined from the
* AuthorityInformationAccess extension on the certificate being inspected.
* Requires Vault version 1.13+.
*/
@JvmName("uxbuahbkmibbbfnw")
public suspend fun ocspServersOverrides(vararg values: String) {
val toBeMapped = values.toList()
val mapped = toBeMapped.let({ args0 -> of(args0) })
this.ocspServersOverrides = mapped
}
/**
* @param value TLS extensions required on
* client certificates
*/
@JvmName("svvrryrtgcscauok")
public suspend fun requiredExtensions(`value`: List?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.requiredExtensions = mapped
}
/**
* @param values TLS extensions required on
* client certificates
*/
@JvmName("eukisacyycyemomn")
public suspend fun requiredExtensions(vararg values: String) {
val toBeMapped = values.toList()
val mapped = toBeMapped.let({ args0 -> of(args0) })
this.requiredExtensions = mapped
}
/**
* @param value Specifies the blocks of IP addresses which are allowed to use the generated token
*/
@JvmName("oiskgfbsvkfkwpjx")
public suspend fun tokenBoundCidrs(`value`: List?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.tokenBoundCidrs = mapped
}
/**
* @param values Specifies the blocks of IP addresses which are allowed to use the generated token
*/
@JvmName("qkfmxrfrdjfrgero")
public suspend fun tokenBoundCidrs(vararg values: String) {
val toBeMapped = values.toList()
val mapped = toBeMapped.let({ args0 -> of(args0) })
this.tokenBoundCidrs = mapped
}
/**
* @param value Generated Token's Explicit Maximum TTL in seconds
*/
@JvmName("rsiigcgahbhdcqbg")
public suspend fun tokenExplicitMaxTtl(`value`: Int?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.tokenExplicitMaxTtl = mapped
}
/**
* @param value The maximum lifetime of the generated token
*/
@JvmName("xypskfinkjmqpsxh")
public suspend fun tokenMaxTtl(`value`: Int?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.tokenMaxTtl = mapped
}
/**
* @param value If true, the 'default' policy will not automatically be added to generated tokens
*/
@JvmName("wcoouvquqknauork")
public suspend fun tokenNoDefaultPolicy(`value`: Boolean?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.tokenNoDefaultPolicy = mapped
}
/**
* @param value The maximum number of times a token may be used, a value of zero means unlimited
*/
@JvmName("ncpoxxejmyyxdruw")
public suspend fun tokenNumUses(`value`: Int?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.tokenNumUses = mapped
}
/**
* @param value Generated Token's Period
*/
@JvmName("hgjjpsncgoxyfyqr")
public suspend fun tokenPeriod(`value`: Int?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.tokenPeriod = mapped
}
/**
* @param value Generated Token's Policies
*/
@JvmName("vglhnttekvajouuk")
public suspend fun tokenPolicies(`value`: List?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.tokenPolicies = mapped
}
/**
* @param values Generated Token's Policies
*/
@JvmName("ooxcymcshfvncfxw")
public suspend fun tokenPolicies(vararg values: String) {
val toBeMapped = values.toList()
val mapped = toBeMapped.let({ args0 -> of(args0) })
this.tokenPolicies = mapped
}
/**
* @param value The initial ttl of the token to generate in seconds
*/
@JvmName("pjiopvftrenokoym")
public suspend fun tokenTtl(`value`: Int?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.tokenTtl = mapped
}
/**
* @param value The type of token to generate, service or batch
*/
@JvmName("dojctyrjrtilklgn")
public suspend fun tokenType(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.tokenType = mapped
}
internal fun build(): CertAuthBackendRoleArgs = CertAuthBackendRoleArgs(
allowedCommonNames = allowedCommonNames,
allowedDnsSans = allowedDnsSans,
allowedEmailSans = allowedEmailSans,
allowedNames = allowedNames,
allowedOrganizationalUnits = allowedOrganizationalUnits,
allowedUriSans = allowedUriSans,
backend = backend,
certificate = certificate,
displayName = displayName,
name = name,
namespace = namespace,
ocspCaCertificates = ocspCaCertificates,
ocspEnabled = ocspEnabled,
ocspFailOpen = ocspFailOpen,
ocspQueryAllServers = ocspQueryAllServers,
ocspServersOverrides = ocspServersOverrides,
requiredExtensions = requiredExtensions,
tokenBoundCidrs = tokenBoundCidrs,
tokenExplicitMaxTtl = tokenExplicitMaxTtl,
tokenMaxTtl = tokenMaxTtl,
tokenNoDefaultPolicy = tokenNoDefaultPolicy,
tokenNumUses = tokenNumUses,
tokenPeriod = tokenPeriod,
tokenPolicies = tokenPolicies,
tokenTtl = tokenTtl,
tokenType = tokenType,
)
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy