com.pulumi.vault.kubernetes.kotlin.AuthBackendRole.kt Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of pulumi-vault-kotlin Show documentation
Show all versions of pulumi-vault-kotlin Show documentation
Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.
@file:Suppress("NAME_SHADOWING", "DEPRECATION")
package com.pulumi.vault.kubernetes.kotlin
import com.pulumi.core.Output
import com.pulumi.kotlin.KotlinCustomResource
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.kotlin.ResourceMapper
import com.pulumi.kotlin.options.CustomResourceOptions
import com.pulumi.kotlin.options.CustomResourceOptionsBuilder
import com.pulumi.resources.Resource
import kotlin.Boolean
import kotlin.Int
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
import kotlin.collections.List
/**
* Builder for [AuthBackendRole].
*/
@PulumiTagMarker
public class AuthBackendRoleResourceBuilder internal constructor() {
public var name: String? = null
public var args: AuthBackendRoleArgs = AuthBackendRoleArgs()
public var opts: CustomResourceOptions = CustomResourceOptions()
/**
* @param name The _unique_ name of the resulting resource.
*/
public fun name(`value`: String) {
this.name = value
}
/**
* @param block The arguments to use to populate this resource's properties.
*/
public suspend fun args(block: suspend AuthBackendRoleArgsBuilder.() -> Unit) {
val builder = AuthBackendRoleArgsBuilder()
block(builder)
this.args = builder.build()
}
/**
* @param block A bag of options that control this resource's behavior.
*/
public suspend fun opts(block: suspend CustomResourceOptionsBuilder.() -> Unit) {
this.opts = com.pulumi.kotlin.options.CustomResourceOptions.opts(block)
}
internal fun build(): AuthBackendRole {
val builtJavaResource = com.pulumi.vault.kubernetes.AuthBackendRole(
this.name,
this.args.toJava(),
this.opts.toJava(),
)
return AuthBackendRole(builtJavaResource)
}
}
/**
* Manages an Kubernetes auth backend role in a Vault server. See the [Vault
* documentation](https://www.vaultproject.io/docs/auth/kubernetes.html) for more
* information.
* ## Example Usage
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as vault from "@pulumi/vault";
* const kubernetes = new vault.AuthBackend("kubernetes", {type: "kubernetes"});
* const example = new vault.kubernetes.AuthBackendRole("example", {
* backend: kubernetes.path,
* roleName: "example-role",
* boundServiceAccountNames: ["example"],
* boundServiceAccountNamespaces: ["example"],
* tokenTtl: 3600,
* tokenPolicies: [
* "default",
* "dev",
* "prod",
* ],
* audience: "vault",
* });
* ```
* ```python
* import pulumi
* import pulumi_vault as vault
* kubernetes = vault.AuthBackend("kubernetes", type="kubernetes")
* example = vault.kubernetes.AuthBackendRole("example",
* backend=kubernetes.path,
* role_name="example-role",
* bound_service_account_names=["example"],
* bound_service_account_namespaces=["example"],
* token_ttl=3600,
* token_policies=[
* "default",
* "dev",
* "prod",
* ],
* audience="vault")
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Vault = Pulumi.Vault;
* return await Deployment.RunAsync(() =>
* {
* var kubernetes = new Vault.AuthBackend("kubernetes", new()
* {
* Type = "kubernetes",
* });
* var example = new Vault.Kubernetes.AuthBackendRole("example", new()
* {
* Backend = kubernetes.Path,
* RoleName = "example-role",
* BoundServiceAccountNames = new[]
* {
* "example",
* },
* BoundServiceAccountNamespaces = new[]
* {
* "example",
* },
* TokenTtl = 3600,
* TokenPolicies = new[]
* {
* "default",
* "dev",
* "prod",
* },
* Audience = "vault",
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-vault/sdk/v6/go/vault"
* "github.com/pulumi/pulumi-vault/sdk/v6/go/vault/kubernetes"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* kubernetes, err := vault.NewAuthBackend(ctx, "kubernetes", &vault.AuthBackendArgs{
* Type: pulumi.String("kubernetes"),
* })
* if err != nil {
* return err
* }
* _, err = kubernetes.NewAuthBackendRole(ctx, "example", &kubernetes.AuthBackendRoleArgs{
* Backend: kubernetes.Path,
* RoleName: pulumi.String("example-role"),
* BoundServiceAccountNames: pulumi.StringArray{
* pulumi.String("example"),
* },
* BoundServiceAccountNamespaces: pulumi.StringArray{
* pulumi.String("example"),
* },
* TokenTtl: pulumi.Int(3600),
* TokenPolicies: pulumi.StringArray{
* pulumi.String("default"),
* pulumi.String("dev"),
* pulumi.String("prod"),
* },
* Audience: pulumi.String("vault"),
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.vault.AuthBackend;
* import com.pulumi.vault.AuthBackendArgs;
* import com.pulumi.vault.kubernetes.AuthBackendRole;
* import com.pulumi.vault.kubernetes.AuthBackendRoleArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var kubernetes = new AuthBackend("kubernetes", AuthBackendArgs.builder()
* .type("kubernetes")
* .build());
* var example = new AuthBackendRole("example", AuthBackendRoleArgs.builder()
* .backend(kubernetes.path())
* .roleName("example-role")
* .boundServiceAccountNames("example")
* .boundServiceAccountNamespaces("example")
* .tokenTtl(3600)
* .tokenPolicies(
* "default",
* "dev",
* "prod")
* .audience("vault")
* .build());
* }
* }
* ```
* ```yaml
* resources:
* kubernetes:
* type: vault:AuthBackend
* properties:
* type: kubernetes
* example:
* type: vault:kubernetes:AuthBackendRole
* properties:
* backend: ${kubernetes.path}
* roleName: example-role
* boundServiceAccountNames:
* - example
* boundServiceAccountNamespaces:
* - example
* tokenTtl: 3600
* tokenPolicies:
* - default
* - dev
* - prod
* audience: vault
* ```
*
* ## Import
* Kubernetes auth backend role can be imported using the `path`, e.g.
* ```sh
* $ pulumi import vault:kubernetes/authBackendRole:AuthBackendRole foo auth/kubernetes/role/foo
* ```
*/
public class AuthBackendRole internal constructor(
override val javaResource: com.pulumi.vault.kubernetes.AuthBackendRole,
) : KotlinCustomResource(javaResource, AuthBackendRoleMapper) {
/**
* Configures how identity aliases are generated.
* Valid choices are: `serviceaccount_uid`, `serviceaccount_name`. (vault-1.9+)
*/
public val aliasNameSource: Output
get() = javaResource.aliasNameSource().applyValue({ args0 -> args0 })
/**
* Audience claim to verify in the JWT.
* > Please see [alias_name_source](https://www.vaultproject.io/api-docs/auth/kubernetes#alias_name_source)
* before setting this to something other its default value. There are **important** security
* implications to be aware of.
*/
public val audience: Output?
get() = javaResource.audience().applyValue({ args0 -> args0.map({ args0 -> args0 }).orElse(null) })
/**
* Unique name of the kubernetes backend to configure.
*/
public val backend: Output?
get() = javaResource.backend().applyValue({ args0 -> args0.map({ args0 -> args0 }).orElse(null) })
/**
* List of service account names able to access this role. If set to `["*"]` all names are allowed, both this and bound_service_account_namespaces can not be "*".
*/
public val boundServiceAccountNames: Output>
get() = javaResource.boundServiceAccountNames().applyValue({ args0 ->
args0.map({ args0 ->
args0
})
})
/**
* List of namespaces allowed to access this role. If set to `["*"]` all namespaces are allowed, both this and bound_service_account_names can not be set to "*".
*/
public val boundServiceAccountNamespaces: Output>
get() = javaResource.boundServiceAccountNamespaces().applyValue({ args0 ->
args0.map({ args0 ->
args0
})
})
/**
* The namespace to provision the resource in.
* The value should not contain leading or trailing forward slashes.
* The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
* *Available only for Vault Enterprise*.
*/
public val namespace: Output?
get() = javaResource.namespace().applyValue({ args0 -> args0.map({ args0 -> args0 }).orElse(null) })
/**
* Name of the role.
*/
public val roleName: Output
get() = javaResource.roleName().applyValue({ args0 -> args0 })
/**
* Specifies the blocks of IP addresses which are allowed to use the generated token
*/
public val tokenBoundCidrs: Output>?
get() = javaResource.tokenBoundCidrs().applyValue({ args0 ->
args0.map({ args0 ->
args0.map({ args0 -> args0 })
}).orElse(null)
})
/**
* Generated Token's Explicit Maximum TTL in seconds
*/
public val tokenExplicitMaxTtl: Output?
get() = javaResource.tokenExplicitMaxTtl().applyValue({ args0 ->
args0.map({ args0 ->
args0
}).orElse(null)
})
/**
* The maximum lifetime of the generated token
*/
public val tokenMaxTtl: Output?
get() = javaResource.tokenMaxTtl().applyValue({ args0 ->
args0.map({ args0 ->
args0
}).orElse(null)
})
/**
* If true, the 'default' policy will not automatically be added to generated tokens
*/
public val tokenNoDefaultPolicy: Output?
get() = javaResource.tokenNoDefaultPolicy().applyValue({ args0 ->
args0.map({ args0 ->
args0
}).orElse(null)
})
/**
* The maximum number of times a token may be used, a value of zero means unlimited
*/
public val tokenNumUses: Output?
get() = javaResource.tokenNumUses().applyValue({ args0 ->
args0.map({ args0 ->
args0
}).orElse(null)
})
/**
* Generated Token's Period
*/
public val tokenPeriod: Output?
get() = javaResource.tokenPeriod().applyValue({ args0 ->
args0.map({ args0 ->
args0
}).orElse(null)
})
/**
* Generated Token's Policies
*/
public val tokenPolicies: Output>?
get() = javaResource.tokenPolicies().applyValue({ args0 ->
args0.map({ args0 ->
args0.map({ args0 -> args0 })
}).orElse(null)
})
/**
* The initial ttl of the token to generate in seconds
*/
public val tokenTtl: Output?
get() = javaResource.tokenTtl().applyValue({ args0 -> args0.map({ args0 -> args0 }).orElse(null) })
/**
* The type of token to generate, service or batch
*/
public val tokenType: Output?
get() = javaResource.tokenType().applyValue({ args0 -> args0.map({ args0 -> args0 }).orElse(null) })
}
public object AuthBackendRoleMapper : ResourceMapper {
override fun supportsMappingOfType(javaResource: Resource): Boolean =
com.pulumi.vault.kubernetes.AuthBackendRole::class == javaResource::class
override fun map(javaResource: Resource): AuthBackendRole = AuthBackendRole(
javaResource as
com.pulumi.vault.kubernetes.AuthBackendRole,
)
}
/**
* @see [AuthBackendRole].
* @param name The _unique_ name of the resulting resource.
* @param block Builder for [AuthBackendRole].
*/
public suspend fun authBackendRole(
name: String,
block: suspend AuthBackendRoleResourceBuilder.() -> Unit,
): AuthBackendRole {
val builder = AuthBackendRoleResourceBuilder()
builder.name(name)
block(builder)
return builder.build()
}
/**
* @see [AuthBackendRole].
* @param name The _unique_ name of the resulting resource.
*/
public fun authBackendRole(name: String): AuthBackendRole {
val builder = AuthBackendRoleResourceBuilder()
builder.name(name)
return builder.build()
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy