com.pulumi.vault.kv.kotlin.SecretV2.kt Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of pulumi-vault-kotlin Show documentation
Show all versions of pulumi-vault-kotlin Show documentation
Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.
@file:Suppress("NAME_SHADOWING", "DEPRECATION")
package com.pulumi.vault.kv.kotlin
import com.pulumi.core.Output
import com.pulumi.kotlin.KotlinCustomResource
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.kotlin.ResourceMapper
import com.pulumi.kotlin.options.CustomResourceOptions
import com.pulumi.kotlin.options.CustomResourceOptionsBuilder
import com.pulumi.resources.Resource
import com.pulumi.vault.kv.kotlin.outputs.SecretV2CustomMetadata
import com.pulumi.vault.kv.kotlin.outputs.SecretV2CustomMetadata.Companion.toKotlin
import kotlin.Any
import kotlin.Boolean
import kotlin.Int
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
import kotlin.collections.Map
/**
* Builder for [SecretV2].
*/
@PulumiTagMarker
public class SecretV2ResourceBuilder internal constructor() {
public var name: String? = null
public var args: SecretV2Args = SecretV2Args()
public var opts: CustomResourceOptions = CustomResourceOptions()
/**
* @param name The _unique_ name of the resulting resource.
*/
public fun name(`value`: String) {
this.name = value
}
/**
* @param block The arguments to use to populate this resource's properties.
*/
public suspend fun args(block: suspend SecretV2ArgsBuilder.() -> Unit) {
val builder = SecretV2ArgsBuilder()
block(builder)
this.args = builder.build()
}
/**
* @param block A bag of options that control this resource's behavior.
*/
public suspend fun opts(block: suspend CustomResourceOptionsBuilder.() -> Unit) {
this.opts = com.pulumi.kotlin.options.CustomResourceOptions.opts(block)
}
internal fun build(): SecretV2 {
val builtJavaResource = com.pulumi.vault.kv.SecretV2(
this.name,
this.args.toJava(),
this.opts.toJava(),
)
return SecretV2(builtJavaResource)
}
}
/**
* Writes a KV-V2 secret to a given path in Vault.
* For more information on Vault's KV-V2 secret backend
* [see here](https://www.vaultproject.io/docs/secrets/kv/kv-v2).
* ## Example Usage
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as vault from "@pulumi/vault";
* const kvv2 = new vault.Mount("kvv2", {
* path: "kvv2",
* type: "kv",
* options: {
* version: "2",
* },
* description: "KV Version 2 secret engine mount",
* });
* const example = new vault.kv.SecretV2("example", {
* mount: kvv2.path,
* name: "secret",
* cas: 1,
* deleteAllVersions: true,
* dataJson: JSON.stringify({
* zip: "zap",
* foo: "bar",
* }),
* customMetadata: {
* maxVersions: 5,
* data: {
* foo: "[email protected]",
* bar: "12345",
* },
* },
* });
* ```
* ```python
* import pulumi
* import json
* import pulumi_vault as vault
* kvv2 = vault.Mount("kvv2",
* path="kvv2",
* type="kv",
* options={
* "version": "2",
* },
* description="KV Version 2 secret engine mount")
* example = vault.kv.SecretV2("example",
* mount=kvv2.path,
* name="secret",
* cas=1,
* delete_all_versions=True,
* data_json=json.dumps({
* "zip": "zap",
* "foo": "bar",
* }),
* custom_metadata=vault.kv.SecretV2CustomMetadataArgs(
* max_versions=5,
* data={
* "foo": "[email protected]",
* "bar": "12345",
* },
* ))
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using System.Text.Json;
* using Pulumi;
* using Vault = Pulumi.Vault;
* return await Deployment.RunAsync(() =>
* {
* var kvv2 = new Vault.Mount("kvv2", new()
* {
* Path = "kvv2",
* Type = "kv",
* Options =
* {
* { "version", "2" },
* },
* Description = "KV Version 2 secret engine mount",
* });
* var example = new Vault.Kv.SecretV2("example", new()
* {
* Mount = kvv2.Path,
* Name = "secret",
* Cas = 1,
* DeleteAllVersions = true,
* DataJson = JsonSerializer.Serialize(new Dictionary
* {
* ["zip"] = "zap",
* ["foo"] = "bar",
* }),
* CustomMetadata = new Vault.kv.Inputs.SecretV2CustomMetadataArgs
* {
* MaxVersions = 5,
* Data =
* {
* { "foo", "[email protected]" },
* { "bar", "12345" },
* },
* },
* });
* });
* ```
* ```go
* package main
* import (
* "encoding/json"
* "github.com/pulumi/pulumi-vault/sdk/v6/go/vault"
* "github.com/pulumi/pulumi-vault/sdk/v6/go/vault/kv"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* kvv2, err := vault.NewMount(ctx, "kvv2", &vault.MountArgs{
* Path: pulumi.String("kvv2"),
* Type: pulumi.String("kv"),
* Options: pulumi.Map{
* "version": pulumi.Any("2"),
* },
* Description: pulumi.String("KV Version 2 secret engine mount"),
* })
* if err != nil {
* return err
* }
* tmpJSON0, err := json.Marshal(map[string]interface{}{
* "zip": "zap",
* "foo": "bar",
* })
* if err != nil {
* return err
* }
* json0 := string(tmpJSON0)
* _, err = kv.NewSecretV2(ctx, "example", &kv.SecretV2Args{
* Mount: kvv2.Path,
* Name: pulumi.String("secret"),
* Cas: pulumi.Int(1),
* DeleteAllVersions: pulumi.Bool(true),
* DataJson: pulumi.String(json0),
* CustomMetadata: &kv.SecretV2CustomMetadataArgs{
* MaxVersions: pulumi.Int(5),
* Data: pulumi.Map{
* "foo": pulumi.Any("[email protected]"),
* "bar": pulumi.Any("12345"),
* },
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.vault.Mount;
* import com.pulumi.vault.MountArgs;
* import com.pulumi.vault.kv.SecretV2;
* import com.pulumi.vault.kv.SecretV2Args;
* import com.pulumi.vault.kv.inputs.SecretV2CustomMetadataArgs;
* import static com.pulumi.codegen.internal.Serialization.*;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var kvv2 = new Mount("kvv2", MountArgs.builder()
* .path("kvv2")
* .type("kv")
* .options(Map.of("version", "2"))
* .description("KV Version 2 secret engine mount")
* .build());
* var example = new SecretV2("example", SecretV2Args.builder()
* .mount(kvv2.path())
* .name("secret")
* .cas(1)
* .deleteAllVersions(true)
* .dataJson(serializeJson(
* jsonObject(
* jsonProperty("zip", "zap"),
* jsonProperty("foo", "bar")
* )))
* .customMetadata(SecretV2CustomMetadataArgs.builder()
* .maxVersions(5)
* .data(Map.ofEntries(
* Map.entry("foo", "[email protected]"),
* Map.entry("bar", "12345")
* ))
* .build())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* kvv2:
* type: vault:Mount
* properties:
* path: kvv2
* type: kv
* options:
* version: '2'
* description: KV Version 2 secret engine mount
* example:
* type: vault:kv:SecretV2
* properties:
* mount: ${kvv2.path}
* name: secret
* cas: 1
* deleteAllVersions: true
* dataJson:
* fn::toJSON:
* zip: zap
* foo: bar
* customMetadata:
* maxVersions: 5
* data:
* foo: [email protected]
* bar: '12345'
* ```
*
* ## Required Vault Capabilities
* Use of this resource requires the `create` or `update` capability
* (depending on whether the resource already exists) on the given path,
* the `delete` capability if the resource is removed from configuration,
* and the `read` capability for drift detection (by default).
* ### Custom Metadata Configuration Options
* * `max_versions` - (Optional) The number of versions to keep per key.
* * `cas_required` - (Optional) If true, all keys will require the cas
* parameter to be set on all write requests.
* * `delete_version_after` - (Optional) If set, specifies the length of time before
* a version is deleted. Accepts duration in integer seconds.
* * `data` - (Optional) A string to string map describing the secret.
* ## Import
* KV-V2 secrets can be imported using the `path`, e.g.
* ```sh
* $ pulumi import vault:kv/secretV2:SecretV2 example kvv2/data/secret
* ```
*/
public class SecretV2 internal constructor(
override val javaResource: com.pulumi.vault.kv.SecretV2,
) : KotlinCustomResource(javaResource, SecretV2Mapper) {
/**
* This flag is required if `cas_required` is set to true
* on either the secret or the engine's config. In order for a
* write operation to be successful, cas must be set to the current version
* of the secret.
*/
public val cas: Output?
get() = javaResource.cas().applyValue({ args0 -> args0.map({ args0 -> args0 }).orElse(null) })
/**
* A nested block that allows configuring metadata for the
* KV secret. Refer to the
* Configuration Options for more info.
*/
public val customMetadata: Output
get() = javaResource.customMetadata().applyValue({ args0 ->
args0.let({ args0 ->
toKotlin(args0)
})
})
/**
* A mapping whose keys are the top-level data keys returned from
* Vault and whose values are the corresponding values. This map can only
* represent string data, so any non-string values returned from Vault are
* serialized as JSON.
*/
public val `data`: Output>
get() = javaResource.`data`().applyValue({ args0 ->
args0.map({ args0 ->
args0.key.to(args0.value)
}).toMap()
})
/**
* JSON-encoded string that will be
* written as the secret data at the given path.
*/
public val dataJson: Output
get() = javaResource.dataJson().applyValue({ args0 -> args0 })
/**
* If set to true, permanently deletes all
* versions for the specified key.
*/
public val deleteAllVersions: Output?
get() = javaResource.deleteAllVersions().applyValue({ args0 ->
args0.map({ args0 ->
args0
}).orElse(null)
})
/**
* If set to true, disables reading secret from Vault;
* note: drift won't be detected.
*/
public val disableRead: Output?
get() = javaResource.disableRead().applyValue({ args0 ->
args0.map({ args0 ->
args0
}).orElse(null)
})
/**
* Metadata associated with this secret read from Vault.
*/
public val metadata: Output>
get() = javaResource.metadata().applyValue({ args0 ->
args0.map({ args0 ->
args0.key.to(args0.value)
}).toMap()
})
/**
* Path where KV-V2 engine is mounted.
*/
public val mount: Output
get() = javaResource.mount().applyValue({ args0 -> args0 })
/**
* Full name of the secret. For a nested secret
* the name is the nested path excluding the mount and data
* prefix. For example, for a secret at `kvv2/data/foo/bar/baz`
* the name is `foo/bar/baz`.
*/
public val name: Output
get() = javaResource.name().applyValue({ args0 -> args0 })
/**
* The namespace to provision the resource in.
* The value should not contain leading or trailing forward slashes.
* The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
* *Available only for Vault Enterprise*.
*/
public val namespace: Output?
get() = javaResource.namespace().applyValue({ args0 -> args0.map({ args0 -> args0 }).orElse(null) })
/**
* An object that holds option settings.
*/
public val options: Output>?
get() = javaResource.options().applyValue({ args0 ->
args0.map({ args0 ->
args0.map({ args0 ->
args0.key.to(args0.value)
}).toMap()
}).orElse(null)
})
/**
* Full path where the KV-V2 secret will be written.
*/
public val path: Output
get() = javaResource.path().applyValue({ args0 -> args0 })
}
public object SecretV2Mapper : ResourceMapper {
override fun supportsMappingOfType(javaResource: Resource): Boolean =
com.pulumi.vault.kv.SecretV2::class == javaResource::class
override fun map(javaResource: Resource): SecretV2 = SecretV2(
javaResource as
com.pulumi.vault.kv.SecretV2,
)
}
/**
* @see [SecretV2].
* @param name The _unique_ name of the resulting resource.
* @param block Builder for [SecretV2].
*/
public suspend fun secretV2(name: String, block: suspend SecretV2ResourceBuilder.() -> Unit): SecretV2 {
val builder = SecretV2ResourceBuilder()
builder.name(name)
block(builder)
return builder.build()
}
/**
* @see [SecretV2].
* @param name The _unique_ name of the resulting resource.
*/
public fun secretV2(name: String): SecretV2 {
val builder = SecretV2ResourceBuilder()
builder.name(name)
return builder.build()
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy