com.pulumi.vault.kubernetes.kotlin.AuthBackendConfigArgs.kt Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of pulumi-vault-kotlin Show documentation
Show all versions of pulumi-vault-kotlin Show documentation
Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.
@file:Suppress("NAME_SHADOWING", "DEPRECATION")
package com.pulumi.vault.kubernetes.kotlin
import com.pulumi.core.Output
import com.pulumi.core.Output.of
import com.pulumi.kotlin.ConvertibleToJava
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.vault.kubernetes.AuthBackendConfigArgs.builder
import kotlin.Boolean
import kotlin.String
import kotlin.Suppress
import kotlin.collections.List
import kotlin.jvm.JvmName
/**
* Manages an Kubernetes auth backend config in a Vault server. See the [Vault
* documentation](https://www.vaultproject.io/docs/auth/kubernetes.html) for more
* information.
* ## Example Usage
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as vault from "@pulumi/vault";
* const kubernetes = new vault.AuthBackend("kubernetes", {type: "kubernetes"});
* const example = new vault.kubernetes.AuthBackendConfig("example", {
* backend: kubernetes.path,
* kubernetesHost: "http://example.com:443",
* kubernetesCaCert: `-----BEGIN CERTIFICATE-----
* example
* -----END CERTIFICATE-----`,
* tokenReviewerJwt: "ZXhhbXBsZQo=",
* issuer: "api",
* disableIssValidation: true,
* });
* ```
* ```python
* import pulumi
* import pulumi_vault as vault
* kubernetes = vault.AuthBackend("kubernetes", type="kubernetes")
* example = vault.kubernetes.AuthBackendConfig("example",
* backend=kubernetes.path,
* kubernetes_host="http://example.com:443",
* kubernetes_ca_cert="""-----BEGIN CERTIFICATE-----
* example
* -----END CERTIFICATE-----""",
* token_reviewer_jwt="ZXhhbXBsZQo=",
* issuer="api",
* disable_iss_validation=True)
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Vault = Pulumi.Vault;
* return await Deployment.RunAsync(() =>
* {
* var kubernetes = new Vault.AuthBackend("kubernetes", new()
* {
* Type = "kubernetes",
* });
* var example = new Vault.Kubernetes.AuthBackendConfig("example", new()
* {
* Backend = kubernetes.Path,
* KubernetesHost = "http://example.com:443",
* KubernetesCaCert = @"-----BEGIN CERTIFICATE-----
* example
* -----END CERTIFICATE-----",
* TokenReviewerJwt = "ZXhhbXBsZQo=",
* Issuer = "api",
* DisableIssValidation = true,
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-vault/sdk/v6/go/vault"
* "github.com/pulumi/pulumi-vault/sdk/v6/go/vault/kubernetes"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* kubernetes, err := vault.NewAuthBackend(ctx, "kubernetes", &vault.AuthBackendArgs{
* Type: pulumi.String("kubernetes"),
* })
* if err != nil {
* return err
* }
* _, err = kubernetes.NewAuthBackendConfig(ctx, "example", &kubernetes.AuthBackendConfigArgs{
* Backend: kubernetes.Path,
* KubernetesHost: pulumi.String("http://example.com:443"),
* KubernetesCaCert: pulumi.String("-----BEGIN CERTIFICATE-----\nexample\n-----END CERTIFICATE-----"),
* TokenReviewerJwt: pulumi.String("ZXhhbXBsZQo="),
* Issuer: pulumi.String("api"),
* DisableIssValidation: pulumi.Bool(true),
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.vault.AuthBackend;
* import com.pulumi.vault.AuthBackendArgs;
* import com.pulumi.vault.kubernetes.AuthBackendConfig;
* import com.pulumi.vault.kubernetes.AuthBackendConfigArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var kubernetes = new AuthBackend("kubernetes", AuthBackendArgs.builder()
* .type("kubernetes")
* .build());
* var example = new AuthBackendConfig("example", AuthBackendConfigArgs.builder()
* .backend(kubernetes.path())
* .kubernetesHost("http://example.com:443")
* .kubernetesCaCert("""
* -----BEGIN CERTIFICATE-----
* example
* -----END CERTIFICATE----- """)
* .tokenReviewerJwt("ZXhhbXBsZQo=")
* .issuer("api")
* .disableIssValidation("true")
* .build());
* }
* }
* ```
* ```yaml
* resources:
* kubernetes:
* type: vault:AuthBackend
* properties:
* type: kubernetes
* example:
* type: vault:kubernetes:AuthBackendConfig
* properties:
* backend: ${kubernetes.path}
* kubernetesHost: http://example.com:443
* kubernetesCaCert: |-
* -----BEGIN CERTIFICATE-----
* example
* -----END CERTIFICATE-----
* tokenReviewerJwt: ZXhhbXBsZQo=
* issuer: api
* disableIssValidation: 'true'
* ```
*
* ## Import
* Kubernetes authentication backend can be imported using the `path`, e.g.
* ```sh
* $ pulumi import vault:kubernetes/authBackendConfig:AuthBackendConfig config auth/kubernetes/config
* ```
* @property backend Unique name of the kubernetes backend to configure.
* @property disableIssValidation Disable JWT issuer validation. Allows to skip ISS validation. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
* @property disableLocalCaJwt Disable defaulting to the local CA cert and service account JWT when running in a Kubernetes pod. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
* @property issuer JWT issuer. If no issuer is specified, `kubernetes.io/serviceaccount` will be used as the default issuer.
* @property kubernetesCaCert PEM encoded CA cert for use by the TLS client used to talk with the Kubernetes API.
* @property kubernetesHost Host must be a host string, a host:port pair, or a URL to the base of the Kubernetes API server.
* @property namespace The namespace to provision the resource in.
* The value should not contain leading or trailing forward slashes.
* The `namespace` is always relative to the provider's configured namespace.
* *Available only for Vault Enterprise*.
* @property pemKeys List of PEM-formatted public keys or certificates used to verify the signatures of Kubernetes service account JWTs. If a certificate is given, its public key will be extracted. Not every installation of Kubernetes exposes these keys.
* @property tokenReviewerJwt A service account JWT (or other token) used as a bearer token to access the TokenReview API to validate other JWTs during login. If not set the JWT used for login will be used to access the API.
*/
public data class AuthBackendConfigArgs(
public val backend: Output? = null,
public val disableIssValidation: Output? = null,
public val disableLocalCaJwt: Output? = null,
public val issuer: Output? = null,
public val kubernetesCaCert: Output? = null,
public val kubernetesHost: Output? = null,
public val namespace: Output? = null,
public val pemKeys: Output>? = null,
public val tokenReviewerJwt: Output? = null,
) : ConvertibleToJava {
override fun toJava(): com.pulumi.vault.kubernetes.AuthBackendConfigArgs =
com.pulumi.vault.kubernetes.AuthBackendConfigArgs.builder()
.backend(backend?.applyValue({ args0 -> args0 }))
.disableIssValidation(disableIssValidation?.applyValue({ args0 -> args0 }))
.disableLocalCaJwt(disableLocalCaJwt?.applyValue({ args0 -> args0 }))
.issuer(issuer?.applyValue({ args0 -> args0 }))
.kubernetesCaCert(kubernetesCaCert?.applyValue({ args0 -> args0 }))
.kubernetesHost(kubernetesHost?.applyValue({ args0 -> args0 }))
.namespace(namespace?.applyValue({ args0 -> args0 }))
.pemKeys(pemKeys?.applyValue({ args0 -> args0.map({ args0 -> args0 }) }))
.tokenReviewerJwt(tokenReviewerJwt?.applyValue({ args0 -> args0 })).build()
}
/**
* Builder for [AuthBackendConfigArgs].
*/
@PulumiTagMarker
public class AuthBackendConfigArgsBuilder internal constructor() {
private var backend: Output? = null
private var disableIssValidation: Output? = null
private var disableLocalCaJwt: Output? = null
private var issuer: Output? = null
private var kubernetesCaCert: Output? = null
private var kubernetesHost: Output? = null
private var namespace: Output? = null
private var pemKeys: Output>? = null
private var tokenReviewerJwt: Output? = null
/**
* @param value Unique name of the kubernetes backend to configure.
*/
@JvmName("broqufguclebpcos")
public suspend fun backend(`value`: Output) {
this.backend = value
}
/**
* @param value Disable JWT issuer validation. Allows to skip ISS validation. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
*/
@JvmName("nsmhtuxbioywiygi")
public suspend fun disableIssValidation(`value`: Output) {
this.disableIssValidation = value
}
/**
* @param value Disable defaulting to the local CA cert and service account JWT when running in a Kubernetes pod. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
*/
@JvmName("vqphsurewdprwhuk")
public suspend fun disableLocalCaJwt(`value`: Output) {
this.disableLocalCaJwt = value
}
/**
* @param value JWT issuer. If no issuer is specified, `kubernetes.io/serviceaccount` will be used as the default issuer.
*/
@JvmName("ofriwkfumtngmebg")
public suspend fun issuer(`value`: Output) {
this.issuer = value
}
/**
* @param value PEM encoded CA cert for use by the TLS client used to talk with the Kubernetes API.
*/
@JvmName("tpjmpjhvieenpuyy")
public suspend fun kubernetesCaCert(`value`: Output) {
this.kubernetesCaCert = value
}
/**
* @param value Host must be a host string, a host:port pair, or a URL to the base of the Kubernetes API server.
*/
@JvmName("xwlmxfvpmpanknas")
public suspend fun kubernetesHost(`value`: Output) {
this.kubernetesHost = value
}
/**
* @param value The namespace to provision the resource in.
* The value should not contain leading or trailing forward slashes.
* The `namespace` is always relative to the provider's configured namespace.
* *Available only for Vault Enterprise*.
*/
@JvmName("hqdycespbasouklw")
public suspend fun namespace(`value`: Output) {
this.namespace = value
}
/**
* @param value List of PEM-formatted public keys or certificates used to verify the signatures of Kubernetes service account JWTs. If a certificate is given, its public key will be extracted. Not every installation of Kubernetes exposes these keys.
*/
@JvmName("imqhpobgugbkixlj")
public suspend fun pemKeys(`value`: Output>) {
this.pemKeys = value
}
@JvmName("qjjjknywmcvcpssj")
public suspend fun pemKeys(vararg values: Output) {
this.pemKeys = Output.all(values.asList())
}
/**
* @param values List of PEM-formatted public keys or certificates used to verify the signatures of Kubernetes service account JWTs. If a certificate is given, its public key will be extracted. Not every installation of Kubernetes exposes these keys.
*/
@JvmName("ltuhncgfnarxwpin")
public suspend fun pemKeys(values: List>) {
this.pemKeys = Output.all(values)
}
/**
* @param value A service account JWT (or other token) used as a bearer token to access the TokenReview API to validate other JWTs during login. If not set the JWT used for login will be used to access the API.
*/
@JvmName("hqylwnovfssuhtdm")
public suspend fun tokenReviewerJwt(`value`: Output) {
this.tokenReviewerJwt = value
}
/**
* @param value Unique name of the kubernetes backend to configure.
*/
@JvmName("qlbybihmnbkwgolb")
public suspend fun backend(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.backend = mapped
}
/**
* @param value Disable JWT issuer validation. Allows to skip ISS validation. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
*/
@JvmName("yvconcybhjauvnum")
public suspend fun disableIssValidation(`value`: Boolean?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.disableIssValidation = mapped
}
/**
* @param value Disable defaulting to the local CA cert and service account JWT when running in a Kubernetes pod. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
*/
@JvmName("guhwnjpsddjidtju")
public suspend fun disableLocalCaJwt(`value`: Boolean?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.disableLocalCaJwt = mapped
}
/**
* @param value JWT issuer. If no issuer is specified, `kubernetes.io/serviceaccount` will be used as the default issuer.
*/
@JvmName("kcassblwnvvpvclo")
public suspend fun issuer(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.issuer = mapped
}
/**
* @param value PEM encoded CA cert for use by the TLS client used to talk with the Kubernetes API.
*/
@JvmName("kafoqkxjecoxjdrb")
public suspend fun kubernetesCaCert(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.kubernetesCaCert = mapped
}
/**
* @param value Host must be a host string, a host:port pair, or a URL to the base of the Kubernetes API server.
*/
@JvmName("hkqxghvncmmwucle")
public suspend fun kubernetesHost(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.kubernetesHost = mapped
}
/**
* @param value The namespace to provision the resource in.
* The value should not contain leading or trailing forward slashes.
* The `namespace` is always relative to the provider's configured namespace.
* *Available only for Vault Enterprise*.
*/
@JvmName("apdoxbjcwmwbbwni")
public suspend fun namespace(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.namespace = mapped
}
/**
* @param value List of PEM-formatted public keys or certificates used to verify the signatures of Kubernetes service account JWTs. If a certificate is given, its public key will be extracted. Not every installation of Kubernetes exposes these keys.
*/
@JvmName("tcdqoxwxospkrpbg")
public suspend fun pemKeys(`value`: List?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.pemKeys = mapped
}
/**
* @param values List of PEM-formatted public keys or certificates used to verify the signatures of Kubernetes service account JWTs. If a certificate is given, its public key will be extracted. Not every installation of Kubernetes exposes these keys.
*/
@JvmName("tsvnxafymwswpvsk")
public suspend fun pemKeys(vararg values: String) {
val toBeMapped = values.toList()
val mapped = toBeMapped.let({ args0 -> of(args0) })
this.pemKeys = mapped
}
/**
* @param value A service account JWT (or other token) used as a bearer token to access the TokenReview API to validate other JWTs during login. If not set the JWT used for login will be used to access the API.
*/
@JvmName("rkwtqdenipcfxsxu")
public suspend fun tokenReviewerJwt(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.tokenReviewerJwt = mapped
}
internal fun build(): AuthBackendConfigArgs = AuthBackendConfigArgs(
backend = backend,
disableIssValidation = disableIssValidation,
disableLocalCaJwt = disableLocalCaJwt,
issuer = issuer,
kubernetesCaCert = kubernetesCaCert,
kubernetesHost = kubernetesHost,
namespace = namespace,
pemKeys = pemKeys,
tokenReviewerJwt = tokenReviewerJwt,
)
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy