com.pulumi.vault.kubernetes.kotlin.SecretBackendArgs.kt Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of pulumi-vault-kotlin Show documentation
Show all versions of pulumi-vault-kotlin Show documentation
Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.
@file:Suppress("NAME_SHADOWING", "DEPRECATION")
package com.pulumi.vault.kubernetes.kotlin
import com.pulumi.core.Output
import com.pulumi.core.Output.of
import com.pulumi.kotlin.ConvertibleToJava
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.vault.kubernetes.SecretBackendArgs.builder
import kotlin.Any
import kotlin.Boolean
import kotlin.Int
import kotlin.Pair
import kotlin.String
import kotlin.Suppress
import kotlin.collections.List
import kotlin.collections.Map
import kotlin.jvm.JvmName
/**
* ## Example Usage
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as std from "@pulumi/std";
* import * as vault from "@pulumi/vault";
* const config = new vault.kubernetes.SecretBackend("config", {
* path: "kubernetes",
* description: "kubernetes secrets engine description",
* defaultLeaseTtlSeconds: 43200,
* maxLeaseTtlSeconds: 86400,
* kubernetesHost: "https://127.0.0.1:61233",
* kubernetesCaCert: std.file({
* input: "/path/to/cert",
* }).then(invoke => invoke.result),
* serviceAccountJwt: std.file({
* input: "/path/to/token",
* }).then(invoke => invoke.result),
* disableLocalCaJwt: false,
* });
* ```
* ```python
* import pulumi
* import pulumi_std as std
* import pulumi_vault as vault
* config = vault.kubernetes.SecretBackend("config",
* path="kubernetes",
* description="kubernetes secrets engine description",
* default_lease_ttl_seconds=43200,
* max_lease_ttl_seconds=86400,
* kubernetes_host="https://127.0.0.1:61233",
* kubernetes_ca_cert=std.file(input="/path/to/cert").result,
* service_account_jwt=std.file(input="/path/to/token").result,
* disable_local_ca_jwt=False)
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Std = Pulumi.Std;
* using Vault = Pulumi.Vault;
* return await Deployment.RunAsync(() =>
* {
* var config = new Vault.Kubernetes.SecretBackend("config", new()
* {
* Path = "kubernetes",
* Description = "kubernetes secrets engine description",
* DefaultLeaseTtlSeconds = 43200,
* MaxLeaseTtlSeconds = 86400,
* KubernetesHost = "https://127.0.0.1:61233",
* KubernetesCaCert = Std.File.Invoke(new()
* {
* Input = "/path/to/cert",
* }).Apply(invoke => invoke.Result),
* ServiceAccountJwt = Std.File.Invoke(new()
* {
* Input = "/path/to/token",
* }).Apply(invoke => invoke.Result),
* DisableLocalCaJwt = false,
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-std/sdk/go/std"
* "github.com/pulumi/pulumi-vault/sdk/v6/go/vault/kubernetes"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* invokeFile, err := std.File(ctx, &std.FileArgs{
* Input: "/path/to/cert",
* }, nil)
* if err != nil {
* return err
* }
* invokeFile1, err := std.File(ctx, &std.FileArgs{
* Input: "/path/to/token",
* }, nil)
* if err != nil {
* return err
* }
* _, err = kubernetes.NewSecretBackend(ctx, "config", &kubernetes.SecretBackendArgs{
* Path: pulumi.String("kubernetes"),
* Description: pulumi.String("kubernetes secrets engine description"),
* DefaultLeaseTtlSeconds: pulumi.Int(43200),
* MaxLeaseTtlSeconds: pulumi.Int(86400),
* KubernetesHost: pulumi.String("https://127.0.0.1:61233"),
* KubernetesCaCert: pulumi.String(invokeFile.Result),
* ServiceAccountJwt: pulumi.String(invokeFile1.Result),
* DisableLocalCaJwt: pulumi.Bool(false),
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.vault.kubernetes.SecretBackend;
* import com.pulumi.vault.kubernetes.SecretBackendArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var config = new SecretBackend("config", SecretBackendArgs.builder()
* .path("kubernetes")
* .description("kubernetes secrets engine description")
* .defaultLeaseTtlSeconds(43200)
* .maxLeaseTtlSeconds(86400)
* .kubernetesHost("https://127.0.0.1:61233")
* .kubernetesCaCert(StdFunctions.file(FileArgs.builder()
* .input("/path/to/cert")
* .build()).result())
* .serviceAccountJwt(StdFunctions.file(FileArgs.builder()
* .input("/path/to/token")
* .build()).result())
* .disableLocalCaJwt(false)
* .build());
* }
* }
* ```
* ```yaml
* resources:
* config:
* type: vault:kubernetes:SecretBackend
* properties:
* path: kubernetes
* description: kubernetes secrets engine description
* defaultLeaseTtlSeconds: 43200
* maxLeaseTtlSeconds: 86400
* kubernetesHost: https://127.0.0.1:61233
* kubernetesCaCert:
* fn::invoke:
* Function: std:file
* Arguments:
* input: /path/to/cert
* Return: result
* serviceAccountJwt:
* fn::invoke:
* Function: std:file
* Arguments:
* input: /path/to/token
* Return: result
* disableLocalCaJwt: false
* ```
*
* ## Import
* The Kubernetes secret backend can be imported using its `path` e.g.
* ```sh
* $ pulumi import vault:kubernetes/secretBackend:SecretBackend config kubernetes
* ```
* @property allowedManagedKeys List of managed key registry entry names that the mount in question is allowed to access
* @property allowedResponseHeaders List of headers to allow and pass from the request to the plugin
* @property auditNonHmacRequestKeys Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
* @property auditNonHmacResponseKeys Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
* @property defaultLeaseTtlSeconds Default lease duration for tokens and secrets in seconds
* @property delegatedAuthAccessors List of headers to allow and pass from the request to the plugin
* @property description Human-friendly description of the mount
* @property disableLocalCaJwt Disable defaulting to the local CA certificate and
* service account JWT when Vault is running in a Kubernetes pod.
* @property externalEntropyAccess Enable the secrets engine to access Vault's external entropy source
* @property identityTokenKey The key to use for signing plugin workload identity tokens
* @property kubernetesCaCert A PEM-encoded CA certificate used by the
* secrets engine to verify the Kubernetes API server certificate. Defaults to the local
* pod’s CA if Vault is running in Kubernetes. Otherwise, defaults to the root CA set where
* Vault is running.
* @property kubernetesHost The Kubernetes API URL to connect to. Required if the
* standard pod environment variables `KUBERNETES_SERVICE_HOST` or `KUBERNETES_SERVICE_PORT`
* are not set on the host that Vault is running on.
* @property listingVisibility Specifies whether to show this mount in the UI-specific listing endpoint
* @property local Local mount flag that can be explicitly set to true to enforce local mount in HA environment
* @property maxLeaseTtlSeconds Maximum possible lease duration for tokens and secrets in seconds
* @property namespace The namespace to provision the resource in.
* The value should not contain leading or trailing forward slashes.
* The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
* *Available only for Vault Enterprise*.
* @property options Specifies mount type specific options that are passed to the backend
* @property passthroughRequestHeaders List of headers to allow and pass from the request to the plugin
* @property path Where the secret backend will be mounted
* @property pluginVersion Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
* @property sealWrap Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
* @property serviceAccountJwt The JSON web token of the service account used by the
* secrets engine to manage Kubernetes credentials. Defaults to the local pod’s JWT if Vault
* is running in Kubernetes.
*/
public data class SecretBackendArgs(
public val allowedManagedKeys: Output>? = null,
public val allowedResponseHeaders: Output>? = null,
public val auditNonHmacRequestKeys: Output>? = null,
public val auditNonHmacResponseKeys: Output>? = null,
public val defaultLeaseTtlSeconds: Output? = null,
public val delegatedAuthAccessors: Output>? = null,
public val description: Output? = null,
public val disableLocalCaJwt: Output? = null,
public val externalEntropyAccess: Output? = null,
public val identityTokenKey: Output? = null,
public val kubernetesCaCert: Output? = null,
public val kubernetesHost: Output? = null,
public val listingVisibility: Output? = null,
public val local: Output? = null,
public val maxLeaseTtlSeconds: Output? = null,
public val namespace: Output? = null,
public val options: Output>? = null,
public val passthroughRequestHeaders: Output>? = null,
public val path: Output? = null,
public val pluginVersion: Output? = null,
public val sealWrap: Output? = null,
public val serviceAccountJwt: Output? = null,
) : ConvertibleToJava {
override fun toJava(): com.pulumi.vault.kubernetes.SecretBackendArgs =
com.pulumi.vault.kubernetes.SecretBackendArgs.builder()
.allowedManagedKeys(allowedManagedKeys?.applyValue({ args0 -> args0.map({ args0 -> args0 }) }))
.allowedResponseHeaders(
allowedResponseHeaders?.applyValue({ args0 ->
args0.map({ args0 ->
args0
})
}),
)
.auditNonHmacRequestKeys(
auditNonHmacRequestKeys?.applyValue({ args0 ->
args0.map({ args0 ->
args0
})
}),
)
.auditNonHmacResponseKeys(
auditNonHmacResponseKeys?.applyValue({ args0 ->
args0.map({ args0 ->
args0
})
}),
)
.defaultLeaseTtlSeconds(defaultLeaseTtlSeconds?.applyValue({ args0 -> args0 }))
.delegatedAuthAccessors(
delegatedAuthAccessors?.applyValue({ args0 ->
args0.map({ args0 ->
args0
})
}),
)
.description(description?.applyValue({ args0 -> args0 }))
.disableLocalCaJwt(disableLocalCaJwt?.applyValue({ args0 -> args0 }))
.externalEntropyAccess(externalEntropyAccess?.applyValue({ args0 -> args0 }))
.identityTokenKey(identityTokenKey?.applyValue({ args0 -> args0 }))
.kubernetesCaCert(kubernetesCaCert?.applyValue({ args0 -> args0 }))
.kubernetesHost(kubernetesHost?.applyValue({ args0 -> args0 }))
.listingVisibility(listingVisibility?.applyValue({ args0 -> args0 }))
.local(local?.applyValue({ args0 -> args0 }))
.maxLeaseTtlSeconds(maxLeaseTtlSeconds?.applyValue({ args0 -> args0 }))
.namespace(namespace?.applyValue({ args0 -> args0 }))
.options(options?.applyValue({ args0 -> args0.map({ args0 -> args0.key.to(args0.value) }).toMap() }))
.passthroughRequestHeaders(
passthroughRequestHeaders?.applyValue({ args0 ->
args0.map({ args0 ->
args0
})
}),
)
.path(path?.applyValue({ args0 -> args0 }))
.pluginVersion(pluginVersion?.applyValue({ args0 -> args0 }))
.sealWrap(sealWrap?.applyValue({ args0 -> args0 }))
.serviceAccountJwt(serviceAccountJwt?.applyValue({ args0 -> args0 })).build()
}
/**
* Builder for [SecretBackendArgs].
*/
@PulumiTagMarker
public class SecretBackendArgsBuilder internal constructor() {
private var allowedManagedKeys: Output>? = null
private var allowedResponseHeaders: Output>? = null
private var auditNonHmacRequestKeys: Output>? = null
private var auditNonHmacResponseKeys: Output>? = null
private var defaultLeaseTtlSeconds: Output? = null
private var delegatedAuthAccessors: Output>? = null
private var description: Output? = null
private var disableLocalCaJwt: Output? = null
private var externalEntropyAccess: Output? = null
private var identityTokenKey: Output? = null
private var kubernetesCaCert: Output? = null
private var kubernetesHost: Output? = null
private var listingVisibility: Output? = null
private var local: Output? = null
private var maxLeaseTtlSeconds: Output? = null
private var namespace: Output? = null
private var options: Output>? = null
private var passthroughRequestHeaders: Output>? = null
private var path: Output? = null
private var pluginVersion: Output? = null
private var sealWrap: Output? = null
private var serviceAccountJwt: Output? = null
/**
* @param value List of managed key registry entry names that the mount in question is allowed to access
*/
@JvmName("uwasuoltuxurinag")
public suspend fun allowedManagedKeys(`value`: Output>) {
this.allowedManagedKeys = value
}
@JvmName("xfwiuaednntkrapn")
public suspend fun allowedManagedKeys(vararg values: Output) {
this.allowedManagedKeys = Output.all(values.asList())
}
/**
* @param values List of managed key registry entry names that the mount in question is allowed to access
*/
@JvmName("dydnonctvhmemnpd")
public suspend fun allowedManagedKeys(values: List>) {
this.allowedManagedKeys = Output.all(values)
}
/**
* @param value List of headers to allow and pass from the request to the plugin
*/
@JvmName("iyjxtikudqhgrlcn")
public suspend fun allowedResponseHeaders(`value`: Output>) {
this.allowedResponseHeaders = value
}
@JvmName("xvkxrmhxauiwwykm")
public suspend fun allowedResponseHeaders(vararg values: Output) {
this.allowedResponseHeaders = Output.all(values.asList())
}
/**
* @param values List of headers to allow and pass from the request to the plugin
*/
@JvmName("eyealvlesmvgovnn")
public suspend fun allowedResponseHeaders(values: List>) {
this.allowedResponseHeaders = Output.all(values)
}
/**
* @param value Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
*/
@JvmName("ygkayjntfnbbrpqy")
public suspend fun auditNonHmacRequestKeys(`value`: Output>) {
this.auditNonHmacRequestKeys = value
}
@JvmName("jhcqigcgfaebjxqq")
public suspend fun auditNonHmacRequestKeys(vararg values: Output) {
this.auditNonHmacRequestKeys = Output.all(values.asList())
}
/**
* @param values Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
*/
@JvmName("luurctoubjghjsxc")
public suspend fun auditNonHmacRequestKeys(values: List>) {
this.auditNonHmacRequestKeys = Output.all(values)
}
/**
* @param value Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
*/
@JvmName("eohyhsyalcdxmjck")
public suspend fun auditNonHmacResponseKeys(`value`: Output>) {
this.auditNonHmacResponseKeys = value
}
@JvmName("pfiatnnqfvvemgvm")
public suspend fun auditNonHmacResponseKeys(vararg values: Output) {
this.auditNonHmacResponseKeys = Output.all(values.asList())
}
/**
* @param values Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
*/
@JvmName("ojolltdaaircndks")
public suspend fun auditNonHmacResponseKeys(values: List>) {
this.auditNonHmacResponseKeys = Output.all(values)
}
/**
* @param value Default lease duration for tokens and secrets in seconds
*/
@JvmName("qlmpouxdaenngqus")
public suspend fun defaultLeaseTtlSeconds(`value`: Output) {
this.defaultLeaseTtlSeconds = value
}
/**
* @param value List of headers to allow and pass from the request to the plugin
*/
@JvmName("crrfavvsjmmltouj")
public suspend fun delegatedAuthAccessors(`value`: Output>) {
this.delegatedAuthAccessors = value
}
@JvmName("thfkjqsduqsgrveb")
public suspend fun delegatedAuthAccessors(vararg values: Output) {
this.delegatedAuthAccessors = Output.all(values.asList())
}
/**
* @param values List of headers to allow and pass from the request to the plugin
*/
@JvmName("ftovfaxporjrlirq")
public suspend fun delegatedAuthAccessors(values: List>) {
this.delegatedAuthAccessors = Output.all(values)
}
/**
* @param value Human-friendly description of the mount
*/
@JvmName("pobqlgwwcajfcpxc")
public suspend fun description(`value`: Output) {
this.description = value
}
/**
* @param value Disable defaulting to the local CA certificate and
* service account JWT when Vault is running in a Kubernetes pod.
*/
@JvmName("emowacqphhnathuw")
public suspend fun disableLocalCaJwt(`value`: Output) {
this.disableLocalCaJwt = value
}
/**
* @param value Enable the secrets engine to access Vault's external entropy source
*/
@JvmName("jgxpsudprwqsdwwp")
public suspend fun externalEntropyAccess(`value`: Output) {
this.externalEntropyAccess = value
}
/**
* @param value The key to use for signing plugin workload identity tokens
*/
@JvmName("lxbdhspuyanrjpip")
public suspend fun identityTokenKey(`value`: Output) {
this.identityTokenKey = value
}
/**
* @param value A PEM-encoded CA certificate used by the
* secrets engine to verify the Kubernetes API server certificate. Defaults to the local
* pod’s CA if Vault is running in Kubernetes. Otherwise, defaults to the root CA set where
* Vault is running.
*/
@JvmName("jwbmutcmsnpdjljy")
public suspend fun kubernetesCaCert(`value`: Output) {
this.kubernetesCaCert = value
}
/**
* @param value The Kubernetes API URL to connect to. Required if the
* standard pod environment variables `KUBERNETES_SERVICE_HOST` or `KUBERNETES_SERVICE_PORT`
* are not set on the host that Vault is running on.
*/
@JvmName("xmxjgqilrsuksmyn")
public suspend fun kubernetesHost(`value`: Output) {
this.kubernetesHost = value
}
/**
* @param value Specifies whether to show this mount in the UI-specific listing endpoint
*/
@JvmName("ogayygihpfgaimex")
public suspend fun listingVisibility(`value`: Output) {
this.listingVisibility = value
}
/**
* @param value Local mount flag that can be explicitly set to true to enforce local mount in HA environment
*/
@JvmName("aswsybylektrlwbo")
public suspend fun local(`value`: Output) {
this.local = value
}
/**
* @param value Maximum possible lease duration for tokens and secrets in seconds
*/
@JvmName("bdwsnkrbyudmnmsn")
public suspend fun maxLeaseTtlSeconds(`value`: Output) {
this.maxLeaseTtlSeconds = value
}
/**
* @param value The namespace to provision the resource in.
* The value should not contain leading or trailing forward slashes.
* The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
* *Available only for Vault Enterprise*.
*/
@JvmName("jvlserxaycdwagxd")
public suspend fun namespace(`value`: Output) {
this.namespace = value
}
/**
* @param value Specifies mount type specific options that are passed to the backend
*/
@JvmName("qrvkwdyqyfmwodni")
public suspend fun options(`value`: Output>) {
this.options = value
}
/**
* @param value List of headers to allow and pass from the request to the plugin
*/
@JvmName("gsoagimwglwffnlw")
public suspend fun passthroughRequestHeaders(`value`: Output>) {
this.passthroughRequestHeaders = value
}
@JvmName("gupqgrlhbsnbaumu")
public suspend fun passthroughRequestHeaders(vararg values: Output) {
this.passthroughRequestHeaders = Output.all(values.asList())
}
/**
* @param values List of headers to allow and pass from the request to the plugin
*/
@JvmName("ibcnnjtrfcbacdsg")
public suspend fun passthroughRequestHeaders(values: List>) {
this.passthroughRequestHeaders = Output.all(values)
}
/**
* @param value Where the secret backend will be mounted
*/
@JvmName("wtdprlgkyogmaujr")
public suspend fun path(`value`: Output) {
this.path = value
}
/**
* @param value Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
*/
@JvmName("dewoyfvjuuvyqjkh")
public suspend fun pluginVersion(`value`: Output) {
this.pluginVersion = value
}
/**
* @param value Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
*/
@JvmName("pcarslitjialtugf")
public suspend fun sealWrap(`value`: Output) {
this.sealWrap = value
}
/**
* @param value The JSON web token of the service account used by the
* secrets engine to manage Kubernetes credentials. Defaults to the local pod’s JWT if Vault
* is running in Kubernetes.
*/
@JvmName("lwlwcgbfnavaifwg")
public suspend fun serviceAccountJwt(`value`: Output) {
this.serviceAccountJwt = value
}
/**
* @param value List of managed key registry entry names that the mount in question is allowed to access
*/
@JvmName("icrqhodowuqsvetx")
public suspend fun allowedManagedKeys(`value`: List?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.allowedManagedKeys = mapped
}
/**
* @param values List of managed key registry entry names that the mount in question is allowed to access
*/
@JvmName("sxrqhuchkitblgne")
public suspend fun allowedManagedKeys(vararg values: String) {
val toBeMapped = values.toList()
val mapped = toBeMapped.let({ args0 -> of(args0) })
this.allowedManagedKeys = mapped
}
/**
* @param value List of headers to allow and pass from the request to the plugin
*/
@JvmName("pxuwxxrmywxfxifj")
public suspend fun allowedResponseHeaders(`value`: List?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.allowedResponseHeaders = mapped
}
/**
* @param values List of headers to allow and pass from the request to the plugin
*/
@JvmName("ujyglygxkajychqv")
public suspend fun allowedResponseHeaders(vararg values: String) {
val toBeMapped = values.toList()
val mapped = toBeMapped.let({ args0 -> of(args0) })
this.allowedResponseHeaders = mapped
}
/**
* @param value Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
*/
@JvmName("dwsilndbknvqlglj")
public suspend fun auditNonHmacRequestKeys(`value`: List?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.auditNonHmacRequestKeys = mapped
}
/**
* @param values Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
*/
@JvmName("ocirtcbpokspfrkf")
public suspend fun auditNonHmacRequestKeys(vararg values: String) {
val toBeMapped = values.toList()
val mapped = toBeMapped.let({ args0 -> of(args0) })
this.auditNonHmacRequestKeys = mapped
}
/**
* @param value Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
*/
@JvmName("rkikucqdevjtedej")
public suspend fun auditNonHmacResponseKeys(`value`: List?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.auditNonHmacResponseKeys = mapped
}
/**
* @param values Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
*/
@JvmName("bovthwlwsboesqvr")
public suspend fun auditNonHmacResponseKeys(vararg values: String) {
val toBeMapped = values.toList()
val mapped = toBeMapped.let({ args0 -> of(args0) })
this.auditNonHmacResponseKeys = mapped
}
/**
* @param value Default lease duration for tokens and secrets in seconds
*/
@JvmName("jawradhhmpuhkbvk")
public suspend fun defaultLeaseTtlSeconds(`value`: Int?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.defaultLeaseTtlSeconds = mapped
}
/**
* @param value List of headers to allow and pass from the request to the plugin
*/
@JvmName("eqkgijhijrklmepo")
public suspend fun delegatedAuthAccessors(`value`: List?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.delegatedAuthAccessors = mapped
}
/**
* @param values List of headers to allow and pass from the request to the plugin
*/
@JvmName("pycfmnobgdekjdpb")
public suspend fun delegatedAuthAccessors(vararg values: String) {
val toBeMapped = values.toList()
val mapped = toBeMapped.let({ args0 -> of(args0) })
this.delegatedAuthAccessors = mapped
}
/**
* @param value Human-friendly description of the mount
*/
@JvmName("wvcuncwpiismdedw")
public suspend fun description(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.description = mapped
}
/**
* @param value Disable defaulting to the local CA certificate and
* service account JWT when Vault is running in a Kubernetes pod.
*/
@JvmName("iodrphsdljrwvoyl")
public suspend fun disableLocalCaJwt(`value`: Boolean?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.disableLocalCaJwt = mapped
}
/**
* @param value Enable the secrets engine to access Vault's external entropy source
*/
@JvmName("eosssrnqneukulpg")
public suspend fun externalEntropyAccess(`value`: Boolean?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.externalEntropyAccess = mapped
}
/**
* @param value The key to use for signing plugin workload identity tokens
*/
@JvmName("yetqokxaddfwdctp")
public suspend fun identityTokenKey(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.identityTokenKey = mapped
}
/**
* @param value A PEM-encoded CA certificate used by the
* secrets engine to verify the Kubernetes API server certificate. Defaults to the local
* pod’s CA if Vault is running in Kubernetes. Otherwise, defaults to the root CA set where
* Vault is running.
*/
@JvmName("ursyjnwilkyinbhs")
public suspend fun kubernetesCaCert(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.kubernetesCaCert = mapped
}
/**
* @param value The Kubernetes API URL to connect to. Required if the
* standard pod environment variables `KUBERNETES_SERVICE_HOST` or `KUBERNETES_SERVICE_PORT`
* are not set on the host that Vault is running on.
*/
@JvmName("vvjomtxsvdpgrkxy")
public suspend fun kubernetesHost(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.kubernetesHost = mapped
}
/**
* @param value Specifies whether to show this mount in the UI-specific listing endpoint
*/
@JvmName("aveavypsyjodfhjh")
public suspend fun listingVisibility(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.listingVisibility = mapped
}
/**
* @param value Local mount flag that can be explicitly set to true to enforce local mount in HA environment
*/
@JvmName("nwwpdmrktmndoypi")
public suspend fun local(`value`: Boolean?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.local = mapped
}
/**
* @param value Maximum possible lease duration for tokens and secrets in seconds
*/
@JvmName("wgfvurfhbonuvrdq")
public suspend fun maxLeaseTtlSeconds(`value`: Int?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.maxLeaseTtlSeconds = mapped
}
/**
* @param value The namespace to provision the resource in.
* The value should not contain leading or trailing forward slashes.
* The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
* *Available only for Vault Enterprise*.
*/
@JvmName("ekbhaghkysmtueqi")
public suspend fun namespace(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.namespace = mapped
}
/**
* @param value Specifies mount type specific options that are passed to the backend
*/
@JvmName("rdrlqfunxosdfknk")
public suspend fun options(`value`: Map?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.options = mapped
}
/**
* @param values Specifies mount type specific options that are passed to the backend
*/
@JvmName("crtryglqoiovcmft")
public fun options(vararg values: Pair) {
val toBeMapped = values.toMap()
val mapped = toBeMapped.let({ args0 -> of(args0) })
this.options = mapped
}
/**
* @param value List of headers to allow and pass from the request to the plugin
*/
@JvmName("kndqhbqugxghlpyd")
public suspend fun passthroughRequestHeaders(`value`: List?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.passthroughRequestHeaders = mapped
}
/**
* @param values List of headers to allow and pass from the request to the plugin
*/
@JvmName("ocargywevnnkuuwd")
public suspend fun passthroughRequestHeaders(vararg values: String) {
val toBeMapped = values.toList()
val mapped = toBeMapped.let({ args0 -> of(args0) })
this.passthroughRequestHeaders = mapped
}
/**
* @param value Where the secret backend will be mounted
*/
@JvmName("cehtmdbkfklmqsnf")
public suspend fun path(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.path = mapped
}
/**
* @param value Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
*/
@JvmName("hafkhffqxsecjuun")
public suspend fun pluginVersion(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.pluginVersion = mapped
}
/**
* @param value Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
*/
@JvmName("lwxbvfpqevyoirpq")
public suspend fun sealWrap(`value`: Boolean?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.sealWrap = mapped
}
/**
* @param value The JSON web token of the service account used by the
* secrets engine to manage Kubernetes credentials. Defaults to the local pod’s JWT if Vault
* is running in Kubernetes.
*/
@JvmName("fuyeoowtepalaooe")
public suspend fun serviceAccountJwt(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.serviceAccountJwt = mapped
}
internal fun build(): SecretBackendArgs = SecretBackendArgs(
allowedManagedKeys = allowedManagedKeys,
allowedResponseHeaders = allowedResponseHeaders,
auditNonHmacRequestKeys = auditNonHmacRequestKeys,
auditNonHmacResponseKeys = auditNonHmacResponseKeys,
defaultLeaseTtlSeconds = defaultLeaseTtlSeconds,
delegatedAuthAccessors = delegatedAuthAccessors,
description = description,
disableLocalCaJwt = disableLocalCaJwt,
externalEntropyAccess = externalEntropyAccess,
identityTokenKey = identityTokenKey,
kubernetesCaCert = kubernetesCaCert,
kubernetesHost = kubernetesHost,
listingVisibility = listingVisibility,
local = local,
maxLeaseTtlSeconds = maxLeaseTtlSeconds,
namespace = namespace,
options = options,
passthroughRequestHeaders = passthroughRequestHeaders,
path = path,
pluginVersion = pluginVersion,
sealWrap = sealWrap,
serviceAccountJwt = serviceAccountJwt,
)
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy