com.pulumi.vault.kubernetes.kotlin.AuthBackendRoleArgs.kt Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of pulumi-vault-kotlin Show documentation
Show all versions of pulumi-vault-kotlin Show documentation
Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.
@file:Suppress("NAME_SHADOWING", "DEPRECATION")
package com.pulumi.vault.kubernetes.kotlin
import com.pulumi.core.Output
import com.pulumi.core.Output.of
import com.pulumi.kotlin.ConvertibleToJava
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.vault.kubernetes.AuthBackendRoleArgs.builder
import kotlin.Boolean
import kotlin.Int
import kotlin.String
import kotlin.Suppress
import kotlin.collections.List
import kotlin.jvm.JvmName
/**
* Manages an Kubernetes auth backend role in a Vault server. See the [Vault
* documentation](https://www.vaultproject.io/docs/auth/kubernetes.html) for more
* information.
* ## Example Usage
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as vault from "@pulumi/vault";
* const kubernetes = new vault.AuthBackend("kubernetes", {type: "kubernetes"});
* const example = new vault.kubernetes.AuthBackendRole("example", {
* backend: kubernetes.path,
* roleName: "example-role",
* boundServiceAccountNames: ["example"],
* boundServiceAccountNamespaces: ["example"],
* tokenTtl: 3600,
* tokenPolicies: [
* "default",
* "dev",
* "prod",
* ],
* audience: "vault",
* });
* ```
* ```python
* import pulumi
* import pulumi_vault as vault
* kubernetes = vault.AuthBackend("kubernetes", type="kubernetes")
* example = vault.kubernetes.AuthBackendRole("example",
* backend=kubernetes.path,
* role_name="example-role",
* bound_service_account_names=["example"],
* bound_service_account_namespaces=["example"],
* token_ttl=3600,
* token_policies=[
* "default",
* "dev",
* "prod",
* ],
* audience="vault")
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Vault = Pulumi.Vault;
* return await Deployment.RunAsync(() =>
* {
* var kubernetes = new Vault.AuthBackend("kubernetes", new()
* {
* Type = "kubernetes",
* });
* var example = new Vault.Kubernetes.AuthBackendRole("example", new()
* {
* Backend = kubernetes.Path,
* RoleName = "example-role",
* BoundServiceAccountNames = new[]
* {
* "example",
* },
* BoundServiceAccountNamespaces = new[]
* {
* "example",
* },
* TokenTtl = 3600,
* TokenPolicies = new[]
* {
* "default",
* "dev",
* "prod",
* },
* Audience = "vault",
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-vault/sdk/v6/go/vault"
* "github.com/pulumi/pulumi-vault/sdk/v6/go/vault/kubernetes"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* kubernetes, err := vault.NewAuthBackend(ctx, "kubernetes", &vault.AuthBackendArgs{
* Type: pulumi.String("kubernetes"),
* })
* if err != nil {
* return err
* }
* _, err = kubernetes.NewAuthBackendRole(ctx, "example", &kubernetes.AuthBackendRoleArgs{
* Backend: kubernetes.Path,
* RoleName: pulumi.String("example-role"),
* BoundServiceAccountNames: pulumi.StringArray{
* pulumi.String("example"),
* },
* BoundServiceAccountNamespaces: pulumi.StringArray{
* pulumi.String("example"),
* },
* TokenTtl: pulumi.Int(3600),
* TokenPolicies: pulumi.StringArray{
* pulumi.String("default"),
* pulumi.String("dev"),
* pulumi.String("prod"),
* },
* Audience: pulumi.String("vault"),
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.vault.AuthBackend;
* import com.pulumi.vault.AuthBackendArgs;
* import com.pulumi.vault.kubernetes.AuthBackendRole;
* import com.pulumi.vault.kubernetes.AuthBackendRoleArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var kubernetes = new AuthBackend("kubernetes", AuthBackendArgs.builder()
* .type("kubernetes")
* .build());
* var example = new AuthBackendRole("example", AuthBackendRoleArgs.builder()
* .backend(kubernetes.path())
* .roleName("example-role")
* .boundServiceAccountNames("example")
* .boundServiceAccountNamespaces("example")
* .tokenTtl(3600)
* .tokenPolicies(
* "default",
* "dev",
* "prod")
* .audience("vault")
* .build());
* }
* }
* ```
* ```yaml
* resources:
* kubernetes:
* type: vault:AuthBackend
* properties:
* type: kubernetes
* example:
* type: vault:kubernetes:AuthBackendRole
* properties:
* backend: ${kubernetes.path}
* roleName: example-role
* boundServiceAccountNames:
* - example
* boundServiceAccountNamespaces:
* - example
* tokenTtl: 3600
* tokenPolicies:
* - default
* - dev
* - prod
* audience: vault
* ```
*
* ## Import
* Kubernetes auth backend role can be imported using the `path`, e.g.
* ```sh
* $ pulumi import vault:kubernetes/authBackendRole:AuthBackendRole foo auth/kubernetes/role/foo
* ```
* @property aliasNameSource Configures how identity aliases are generated.
* Valid choices are: `serviceaccount_uid`, `serviceaccount_name`. (vault-1.9+)
* @property audience Audience claim to verify in the JWT.
* > Please see [alias_name_source](https://www.vaultproject.io/api-docs/auth/kubernetes#alias_name_source)
* before setting this to something other its default value. There are **important** security
* implications to be aware of.
* @property backend Unique name of the kubernetes backend to configure.
* @property boundServiceAccountNames List of service account names able to access this role. If set to `["*"]` all names are allowed, both this and bound_service_account_namespaces can not be "*".
* @property boundServiceAccountNamespaces List of namespaces allowed to access this role. If set to `["*"]` all namespaces are allowed, both this and bound_service_account_names can not be set to "*".
* @property namespace The namespace to provision the resource in.
* The value should not contain leading or trailing forward slashes.
* The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
* *Available only for Vault Enterprise*.
* @property roleName Name of the role.
* @property tokenBoundCidrs Specifies the blocks of IP addresses which are allowed to use the generated token
* @property tokenExplicitMaxTtl Generated Token's Explicit Maximum TTL in seconds
* @property tokenMaxTtl The maximum lifetime of the generated token
* @property tokenNoDefaultPolicy If true, the 'default' policy will not automatically be added to generated tokens
* @property tokenNumUses The maximum number of times a token may be used, a value of zero means unlimited
* @property tokenPeriod Generated Token's Period
* @property tokenPolicies Generated Token's Policies
* @property tokenTtl The initial ttl of the token to generate in seconds
* @property tokenType The type of token to generate, service or batch
*/
public data class AuthBackendRoleArgs(
public val aliasNameSource: Output? = null,
public val audience: Output? = null,
public val backend: Output? = null,
public val boundServiceAccountNames: Output>? = null,
public val boundServiceAccountNamespaces: Output>? = null,
public val namespace: Output? = null,
public val roleName: Output? = null,
public val tokenBoundCidrs: Output>? = null,
public val tokenExplicitMaxTtl: Output? = null,
public val tokenMaxTtl: Output? = null,
public val tokenNoDefaultPolicy: Output? = null,
public val tokenNumUses: Output? = null,
public val tokenPeriod: Output? = null,
public val tokenPolicies: Output>? = null,
public val tokenTtl: Output? = null,
public val tokenType: Output? = null,
) : ConvertibleToJava {
override fun toJava(): com.pulumi.vault.kubernetes.AuthBackendRoleArgs =
com.pulumi.vault.kubernetes.AuthBackendRoleArgs.builder()
.aliasNameSource(aliasNameSource?.applyValue({ args0 -> args0 }))
.audience(audience?.applyValue({ args0 -> args0 }))
.backend(backend?.applyValue({ args0 -> args0 }))
.boundServiceAccountNames(
boundServiceAccountNames?.applyValue({ args0 ->
args0.map({ args0 ->
args0
})
}),
)
.boundServiceAccountNamespaces(
boundServiceAccountNamespaces?.applyValue({ args0 ->
args0.map({ args0 -> args0 })
}),
)
.namespace(namespace?.applyValue({ args0 -> args0 }))
.roleName(roleName?.applyValue({ args0 -> args0 }))
.tokenBoundCidrs(tokenBoundCidrs?.applyValue({ args0 -> args0.map({ args0 -> args0 }) }))
.tokenExplicitMaxTtl(tokenExplicitMaxTtl?.applyValue({ args0 -> args0 }))
.tokenMaxTtl(tokenMaxTtl?.applyValue({ args0 -> args0 }))
.tokenNoDefaultPolicy(tokenNoDefaultPolicy?.applyValue({ args0 -> args0 }))
.tokenNumUses(tokenNumUses?.applyValue({ args0 -> args0 }))
.tokenPeriod(tokenPeriod?.applyValue({ args0 -> args0 }))
.tokenPolicies(tokenPolicies?.applyValue({ args0 -> args0.map({ args0 -> args0 }) }))
.tokenTtl(tokenTtl?.applyValue({ args0 -> args0 }))
.tokenType(tokenType?.applyValue({ args0 -> args0 })).build()
}
/**
* Builder for [AuthBackendRoleArgs].
*/
@PulumiTagMarker
public class AuthBackendRoleArgsBuilder internal constructor() {
private var aliasNameSource: Output? = null
private var audience: Output? = null
private var backend: Output? = null
private var boundServiceAccountNames: Output>? = null
private var boundServiceAccountNamespaces: Output>? = null
private var namespace: Output? = null
private var roleName: Output? = null
private var tokenBoundCidrs: Output>? = null
private var tokenExplicitMaxTtl: Output? = null
private var tokenMaxTtl: Output? = null
private var tokenNoDefaultPolicy: Output? = null
private var tokenNumUses: Output? = null
private var tokenPeriod: Output? = null
private var tokenPolicies: Output>? = null
private var tokenTtl: Output? = null
private var tokenType: Output? = null
/**
* @param value Configures how identity aliases are generated.
* Valid choices are: `serviceaccount_uid`, `serviceaccount_name`. (vault-1.9+)
*/
@JvmName("pxywixnqtssofvhf")
public suspend fun aliasNameSource(`value`: Output) {
this.aliasNameSource = value
}
/**
* @param value Audience claim to verify in the JWT.
* > Please see [alias_name_source](https://www.vaultproject.io/api-docs/auth/kubernetes#alias_name_source)
* before setting this to something other its default value. There are **important** security
* implications to be aware of.
*/
@JvmName("iobevyhbnlxevhqu")
public suspend fun audience(`value`: Output) {
this.audience = value
}
/**
* @param value Unique name of the kubernetes backend to configure.
*/
@JvmName("hcnojplbvdxuuejq")
public suspend fun backend(`value`: Output) {
this.backend = value
}
/**
* @param value List of service account names able to access this role. If set to `["*"]` all names are allowed, both this and bound_service_account_namespaces can not be "*".
*/
@JvmName("wgddmcvmvluihxeq")
public suspend fun boundServiceAccountNames(`value`: Output>) {
this.boundServiceAccountNames = value
}
@JvmName("qlegdpsoqxrdbqfv")
public suspend fun boundServiceAccountNames(vararg values: Output) {
this.boundServiceAccountNames = Output.all(values.asList())
}
/**
* @param values List of service account names able to access this role. If set to `["*"]` all names are allowed, both this and bound_service_account_namespaces can not be "*".
*/
@JvmName("bqgkmjokxwxkldpd")
public suspend fun boundServiceAccountNames(values: List>) {
this.boundServiceAccountNames = Output.all(values)
}
/**
* @param value List of namespaces allowed to access this role. If set to `["*"]` all namespaces are allowed, both this and bound_service_account_names can not be set to "*".
*/
@JvmName("yxvusvurbhmjokkn")
public suspend fun boundServiceAccountNamespaces(`value`: Output>) {
this.boundServiceAccountNamespaces = value
}
@JvmName("vxtxavypnropebjj")
public suspend fun boundServiceAccountNamespaces(vararg values: Output) {
this.boundServiceAccountNamespaces = Output.all(values.asList())
}
/**
* @param values List of namespaces allowed to access this role. If set to `["*"]` all namespaces are allowed, both this and bound_service_account_names can not be set to "*".
*/
@JvmName("volvydoccrivwfwx")
public suspend fun boundServiceAccountNamespaces(values: List>) {
this.boundServiceAccountNamespaces = Output.all(values)
}
/**
* @param value The namespace to provision the resource in.
* The value should not contain leading or trailing forward slashes.
* The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
* *Available only for Vault Enterprise*.
*/
@JvmName("cmdmopfvouvptlec")
public suspend fun namespace(`value`: Output) {
this.namespace = value
}
/**
* @param value Name of the role.
*/
@JvmName("dgeyyphpvtyfrafa")
public suspend fun roleName(`value`: Output) {
this.roleName = value
}
/**
* @param value Specifies the blocks of IP addresses which are allowed to use the generated token
*/
@JvmName("eklewflmyxwcxmyw")
public suspend fun tokenBoundCidrs(`value`: Output>) {
this.tokenBoundCidrs = value
}
@JvmName("ahrspqtjbwwyahyd")
public suspend fun tokenBoundCidrs(vararg values: Output) {
this.tokenBoundCidrs = Output.all(values.asList())
}
/**
* @param values Specifies the blocks of IP addresses which are allowed to use the generated token
*/
@JvmName("jdkmneiyvfogoint")
public suspend fun tokenBoundCidrs(values: List>) {
this.tokenBoundCidrs = Output.all(values)
}
/**
* @param value Generated Token's Explicit Maximum TTL in seconds
*/
@JvmName("lvcxqsdsapbqvxda")
public suspend fun tokenExplicitMaxTtl(`value`: Output) {
this.tokenExplicitMaxTtl = value
}
/**
* @param value The maximum lifetime of the generated token
*/
@JvmName("alblmpjnehycogxm")
public suspend fun tokenMaxTtl(`value`: Output) {
this.tokenMaxTtl = value
}
/**
* @param value If true, the 'default' policy will not automatically be added to generated tokens
*/
@JvmName("rfewuovihnjpsxta")
public suspend fun tokenNoDefaultPolicy(`value`: Output) {
this.tokenNoDefaultPolicy = value
}
/**
* @param value The maximum number of times a token may be used, a value of zero means unlimited
*/
@JvmName("tjfvlqtqrulxnoqt")
public suspend fun tokenNumUses(`value`: Output) {
this.tokenNumUses = value
}
/**
* @param value Generated Token's Period
*/
@JvmName("icbuhyqgmdamqqgq")
public suspend fun tokenPeriod(`value`: Output) {
this.tokenPeriod = value
}
/**
* @param value Generated Token's Policies
*/
@JvmName("rctvfukbhgotowpy")
public suspend fun tokenPolicies(`value`: Output>) {
this.tokenPolicies = value
}
@JvmName("ngkdqpyjgntrchwg")
public suspend fun tokenPolicies(vararg values: Output) {
this.tokenPolicies = Output.all(values.asList())
}
/**
* @param values Generated Token's Policies
*/
@JvmName("lfckbrfsdpuyejfu")
public suspend fun tokenPolicies(values: List>) {
this.tokenPolicies = Output.all(values)
}
/**
* @param value The initial ttl of the token to generate in seconds
*/
@JvmName("ppirguxsqvqjxfew")
public suspend fun tokenTtl(`value`: Output) {
this.tokenTtl = value
}
/**
* @param value The type of token to generate, service or batch
*/
@JvmName("fqurisbgkcwbxfle")
public suspend fun tokenType(`value`: Output) {
this.tokenType = value
}
/**
* @param value Configures how identity aliases are generated.
* Valid choices are: `serviceaccount_uid`, `serviceaccount_name`. (vault-1.9+)
*/
@JvmName("mwjfkquklquuikwg")
public suspend fun aliasNameSource(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.aliasNameSource = mapped
}
/**
* @param value Audience claim to verify in the JWT.
* > Please see [alias_name_source](https://www.vaultproject.io/api-docs/auth/kubernetes#alias_name_source)
* before setting this to something other its default value. There are **important** security
* implications to be aware of.
*/
@JvmName("hjoyidhclkfhhjxh")
public suspend fun audience(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.audience = mapped
}
/**
* @param value Unique name of the kubernetes backend to configure.
*/
@JvmName("ajngchjswdfhptwa")
public suspend fun backend(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.backend = mapped
}
/**
* @param value List of service account names able to access this role. If set to `["*"]` all names are allowed, both this and bound_service_account_namespaces can not be "*".
*/
@JvmName("twidcoxkakskfavd")
public suspend fun boundServiceAccountNames(`value`: List?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.boundServiceAccountNames = mapped
}
/**
* @param values List of service account names able to access this role. If set to `["*"]` all names are allowed, both this and bound_service_account_namespaces can not be "*".
*/
@JvmName("ulwnyouucbtfjeld")
public suspend fun boundServiceAccountNames(vararg values: String) {
val toBeMapped = values.toList()
val mapped = toBeMapped.let({ args0 -> of(args0) })
this.boundServiceAccountNames = mapped
}
/**
* @param value List of namespaces allowed to access this role. If set to `["*"]` all namespaces are allowed, both this and bound_service_account_names can not be set to "*".
*/
@JvmName("vthvqumdteetglfq")
public suspend fun boundServiceAccountNamespaces(`value`: List?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.boundServiceAccountNamespaces = mapped
}
/**
* @param values List of namespaces allowed to access this role. If set to `["*"]` all namespaces are allowed, both this and bound_service_account_names can not be set to "*".
*/
@JvmName("yixhmnbbufrjqqji")
public suspend fun boundServiceAccountNamespaces(vararg values: String) {
val toBeMapped = values.toList()
val mapped = toBeMapped.let({ args0 -> of(args0) })
this.boundServiceAccountNamespaces = mapped
}
/**
* @param value The namespace to provision the resource in.
* The value should not contain leading or trailing forward slashes.
* The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
* *Available only for Vault Enterprise*.
*/
@JvmName("iyjahresatrmfhew")
public suspend fun namespace(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.namespace = mapped
}
/**
* @param value Name of the role.
*/
@JvmName("jrpyppudycphjsvt")
public suspend fun roleName(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.roleName = mapped
}
/**
* @param value Specifies the blocks of IP addresses which are allowed to use the generated token
*/
@JvmName("duluqjbrvwjmtrsv")
public suspend fun tokenBoundCidrs(`value`: List?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.tokenBoundCidrs = mapped
}
/**
* @param values Specifies the blocks of IP addresses which are allowed to use the generated token
*/
@JvmName("kryhbgoeywhpcysv")
public suspend fun tokenBoundCidrs(vararg values: String) {
val toBeMapped = values.toList()
val mapped = toBeMapped.let({ args0 -> of(args0) })
this.tokenBoundCidrs = mapped
}
/**
* @param value Generated Token's Explicit Maximum TTL in seconds
*/
@JvmName("vrusujsrmjbpjiir")
public suspend fun tokenExplicitMaxTtl(`value`: Int?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.tokenExplicitMaxTtl = mapped
}
/**
* @param value The maximum lifetime of the generated token
*/
@JvmName("nbksfpdftcmepasj")
public suspend fun tokenMaxTtl(`value`: Int?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.tokenMaxTtl = mapped
}
/**
* @param value If true, the 'default' policy will not automatically be added to generated tokens
*/
@JvmName("ubylqekvvidqgogj")
public suspend fun tokenNoDefaultPolicy(`value`: Boolean?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.tokenNoDefaultPolicy = mapped
}
/**
* @param value The maximum number of times a token may be used, a value of zero means unlimited
*/
@JvmName("cnwholrmkoqygtcc")
public suspend fun tokenNumUses(`value`: Int?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.tokenNumUses = mapped
}
/**
* @param value Generated Token's Period
*/
@JvmName("iwtqxfsacskepovl")
public suspend fun tokenPeriod(`value`: Int?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.tokenPeriod = mapped
}
/**
* @param value Generated Token's Policies
*/
@JvmName("vlaytyooxregmxvm")
public suspend fun tokenPolicies(`value`: List?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.tokenPolicies = mapped
}
/**
* @param values Generated Token's Policies
*/
@JvmName("fqupvmuudokixloj")
public suspend fun tokenPolicies(vararg values: String) {
val toBeMapped = values.toList()
val mapped = toBeMapped.let({ args0 -> of(args0) })
this.tokenPolicies = mapped
}
/**
* @param value The initial ttl of the token to generate in seconds
*/
@JvmName("kwnxtxyofdtopjag")
public suspend fun tokenTtl(`value`: Int?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.tokenTtl = mapped
}
/**
* @param value The type of token to generate, service or batch
*/
@JvmName("wyeskjfeshaujqcc")
public suspend fun tokenType(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.tokenType = mapped
}
internal fun build(): AuthBackendRoleArgs = AuthBackendRoleArgs(
aliasNameSource = aliasNameSource,
audience = audience,
backend = backend,
boundServiceAccountNames = boundServiceAccountNames,
boundServiceAccountNamespaces = boundServiceAccountNamespaces,
namespace = namespace,
roleName = roleName,
tokenBoundCidrs = tokenBoundCidrs,
tokenExplicitMaxTtl = tokenExplicitMaxTtl,
tokenMaxTtl = tokenMaxTtl,
tokenNoDefaultPolicy = tokenNoDefaultPolicy,
tokenNumUses = tokenNumUses,
tokenPeriod = tokenPeriod,
tokenPolicies = tokenPolicies,
tokenTtl = tokenTtl,
tokenType = tokenType,
)
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy