com.pulumi.vault.saml.kotlin.AuthBackendRoleArgs.kt Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of pulumi-vault-kotlin Show documentation
Show all versions of pulumi-vault-kotlin Show documentation
Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.
@file:Suppress("NAME_SHADOWING", "DEPRECATION")
package com.pulumi.vault.saml.kotlin
import com.pulumi.core.Output
import com.pulumi.core.Output.of
import com.pulumi.kotlin.ConvertibleToJava
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.vault.saml.AuthBackendRoleArgs.builder
import kotlin.Any
import kotlin.Boolean
import kotlin.Int
import kotlin.Pair
import kotlin.String
import kotlin.Suppress
import kotlin.collections.List
import kotlin.collections.Map
import kotlin.jvm.JvmName
/**
* Manages an SAML auth backend role in a Vault server. See the [Vault
* documentation](https://www.vaultproject.io/docs/auth/saml.html) for more
* information.
* ## Example Usage
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as vault from "@pulumi/vault";
* const example = new vault.saml.AuthBackend("example", {
* path: "saml",
* idpMetadataUrl: "https://company.okta.com/app/abc123eb9xnIfzlaf697/sso/saml/metadata",
* entityId: "https://my.vault/v1/auth/saml",
* acsUrls: ["https://my.vault.primary/v1/auth/saml/callback"],
* defaultRole: "default-role",
* });
* const exampleAuthBackendRole = new vault.saml.AuthBackendRole("example", {
* path: example.path,
* name: "my-role",
* groupsAttribute: "groups",
* boundAttributes: {
* group: "admin",
* },
* boundSubjects: ["*example.com"],
* tokenPolicies: ["writer"],
* tokenTtl: 86400,
* });
* ```
* ```python
* import pulumi
* import pulumi_vault as vault
* example = vault.saml.AuthBackend("example",
* path="saml",
* idp_metadata_url="https://company.okta.com/app/abc123eb9xnIfzlaf697/sso/saml/metadata",
* entity_id="https://my.vault/v1/auth/saml",
* acs_urls=["https://my.vault.primary/v1/auth/saml/callback"],
* default_role="default-role")
* example_auth_backend_role = vault.saml.AuthBackendRole("example",
* path=example.path,
* name="my-role",
* groups_attribute="groups",
* bound_attributes={
* "group": "admin",
* },
* bound_subjects=["*example.com"],
* token_policies=["writer"],
* token_ttl=86400)
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Vault = Pulumi.Vault;
* return await Deployment.RunAsync(() =>
* {
* var example = new Vault.Saml.AuthBackend("example", new()
* {
* Path = "saml",
* IdpMetadataUrl = "https://company.okta.com/app/abc123eb9xnIfzlaf697/sso/saml/metadata",
* EntityId = "https://my.vault/v1/auth/saml",
* AcsUrls = new[]
* {
* "https://my.vault.primary/v1/auth/saml/callback",
* },
* DefaultRole = "default-role",
* });
* var exampleAuthBackendRole = new Vault.Saml.AuthBackendRole("example", new()
* {
* Path = example.Path,
* Name = "my-role",
* GroupsAttribute = "groups",
* BoundAttributes =
* {
* { "group", "admin" },
* },
* BoundSubjects = new[]
* {
* "*example.com",
* },
* TokenPolicies = new[]
* {
* "writer",
* },
* TokenTtl = 86400,
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-vault/sdk/v6/go/vault/saml"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* example, err := saml.NewAuthBackend(ctx, "example", &saml.AuthBackendArgs{
* Path: pulumi.String("saml"),
* IdpMetadataUrl: pulumi.String("https://company.okta.com/app/abc123eb9xnIfzlaf697/sso/saml/metadata"),
* EntityId: pulumi.String("https://my.vault/v1/auth/saml"),
* AcsUrls: pulumi.StringArray{
* pulumi.String("https://my.vault.primary/v1/auth/saml/callback"),
* },
* DefaultRole: pulumi.String("default-role"),
* })
* if err != nil {
* return err
* }
* _, err = saml.NewAuthBackendRole(ctx, "example", &saml.AuthBackendRoleArgs{
* Path: example.Path,
* Name: pulumi.String("my-role"),
* GroupsAttribute: pulumi.String("groups"),
* BoundAttributes: pulumi.Map{
* "group": pulumi.Any("admin"),
* },
* BoundSubjects: pulumi.StringArray{
* pulumi.String("*example.com"),
* },
* TokenPolicies: pulumi.StringArray{
* pulumi.String("writer"),
* },
* TokenTtl: pulumi.Int(86400),
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.vault.saml.AuthBackend;
* import com.pulumi.vault.saml.AuthBackendArgs;
* import com.pulumi.vault.saml.AuthBackendRole;
* import com.pulumi.vault.saml.AuthBackendRoleArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var example = new AuthBackend("example", AuthBackendArgs.builder()
* .path("saml")
* .idpMetadataUrl("https://company.okta.com/app/abc123eb9xnIfzlaf697/sso/saml/metadata")
* .entityId("https://my.vault/v1/auth/saml")
* .acsUrls("https://my.vault.primary/v1/auth/saml/callback")
* .defaultRole("default-role")
* .build());
* var exampleAuthBackendRole = new AuthBackendRole("exampleAuthBackendRole", AuthBackendRoleArgs.builder()
* .path(example.path())
* .name("my-role")
* .groupsAttribute("groups")
* .boundAttributes(Map.of("group", "admin"))
* .boundSubjects("*example.com")
* .tokenPolicies("writer")
* .tokenTtl(86400)
* .build());
* }
* }
* ```
* ```yaml
* resources:
* example:
* type: vault:saml:AuthBackend
* properties:
* path: saml
* idpMetadataUrl: https://company.okta.com/app/abc123eb9xnIfzlaf697/sso/saml/metadata
* entityId: https://my.vault/v1/auth/saml
* acsUrls:
* - https://my.vault.primary/v1/auth/saml/callback
* defaultRole: default-role
* exampleAuthBackendRole:
* type: vault:saml:AuthBackendRole
* name: example
* properties:
* path: ${example.path}
* name: my-role
* groupsAttribute: groups
* boundAttributes:
* group: admin
* boundSubjects:
* - '*example.com'
* tokenPolicies:
* - writer
* tokenTtl: 86400
* ```
*
* ## Import
* SAML authentication backend roles can be imported using the `path`, e.g.
* ```sh
* $ pulumi import vault:saml/authBackendRole:AuthBackendRole example auth/saml/role/my-role
* ```
* @property boundAttributes Mapping of attribute names to values that are expected to
* exist in the SAML assertion.
* @property boundAttributesType The type of matching assertion to perform on
* `bound_attributes_type`.
* @property boundSubjects List of subjects being asserted for SAML authentication.
* @property boundSubjectsType The type of matching assertion to perform on `bound_subjects`.
* @property groupsAttribute The attribute to use to identify the set of groups to which the
* user belongs.
* @property name Unique name of the role.
* @property namespace The namespace to provision the resource in.
* The value should not contain leading or trailing forward slashes.
* The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
* *Available only for Vault Enterprise*.
* @property path Path where the auth backend is mounted.
* @property tokenBoundCidrs Specifies the blocks of IP addresses which are allowed to use the generated token
* @property tokenExplicitMaxTtl Generated Token's Explicit Maximum TTL in seconds
* @property tokenMaxTtl The maximum lifetime of the generated token
* @property tokenNoDefaultPolicy If true, the 'default' policy will not automatically be added to generated tokens
* @property tokenNumUses The maximum number of times a token may be used, a value of zero means unlimited
* @property tokenPeriod Generated Token's Period
* @property tokenPolicies Generated Token's Policies
* @property tokenTtl The initial ttl of the token to generate in seconds
* @property tokenType The type of token to generate, service or batch
*/
public data class AuthBackendRoleArgs(
public val boundAttributes: Output>? = null,
public val boundAttributesType: Output? = null,
public val boundSubjects: Output>? = null,
public val boundSubjectsType: Output? = null,
public val groupsAttribute: Output? = null,
public val name: Output? = null,
public val namespace: Output? = null,
public val path: Output? = null,
public val tokenBoundCidrs: Output>? = null,
public val tokenExplicitMaxTtl: Output? = null,
public val tokenMaxTtl: Output? = null,
public val tokenNoDefaultPolicy: Output? = null,
public val tokenNumUses: Output? = null,
public val tokenPeriod: Output? = null,
public val tokenPolicies: Output>? = null,
public val tokenTtl: Output? = null,
public val tokenType: Output? = null,
) : ConvertibleToJava {
override fun toJava(): com.pulumi.vault.saml.AuthBackendRoleArgs =
com.pulumi.vault.saml.AuthBackendRoleArgs.builder()
.boundAttributes(
boundAttributes?.applyValue({ args0 ->
args0.map({ args0 ->
args0.key.to(args0.value)
}).toMap()
}),
)
.boundAttributesType(boundAttributesType?.applyValue({ args0 -> args0 }))
.boundSubjects(boundSubjects?.applyValue({ args0 -> args0.map({ args0 -> args0 }) }))
.boundSubjectsType(boundSubjectsType?.applyValue({ args0 -> args0 }))
.groupsAttribute(groupsAttribute?.applyValue({ args0 -> args0 }))
.name(name?.applyValue({ args0 -> args0 }))
.namespace(namespace?.applyValue({ args0 -> args0 }))
.path(path?.applyValue({ args0 -> args0 }))
.tokenBoundCidrs(tokenBoundCidrs?.applyValue({ args0 -> args0.map({ args0 -> args0 }) }))
.tokenExplicitMaxTtl(tokenExplicitMaxTtl?.applyValue({ args0 -> args0 }))
.tokenMaxTtl(tokenMaxTtl?.applyValue({ args0 -> args0 }))
.tokenNoDefaultPolicy(tokenNoDefaultPolicy?.applyValue({ args0 -> args0 }))
.tokenNumUses(tokenNumUses?.applyValue({ args0 -> args0 }))
.tokenPeriod(tokenPeriod?.applyValue({ args0 -> args0 }))
.tokenPolicies(tokenPolicies?.applyValue({ args0 -> args0.map({ args0 -> args0 }) }))
.tokenTtl(tokenTtl?.applyValue({ args0 -> args0 }))
.tokenType(tokenType?.applyValue({ args0 -> args0 })).build()
}
/**
* Builder for [AuthBackendRoleArgs].
*/
@PulumiTagMarker
public class AuthBackendRoleArgsBuilder internal constructor() {
private var boundAttributes: Output>? = null
private var boundAttributesType: Output? = null
private var boundSubjects: Output>? = null
private var boundSubjectsType: Output? = null
private var groupsAttribute: Output? = null
private var name: Output? = null
private var namespace: Output? = null
private var path: Output? = null
private var tokenBoundCidrs: Output>? = null
private var tokenExplicitMaxTtl: Output? = null
private var tokenMaxTtl: Output? = null
private var tokenNoDefaultPolicy: Output? = null
private var tokenNumUses: Output? = null
private var tokenPeriod: Output? = null
private var tokenPolicies: Output>? = null
private var tokenTtl: Output? = null
private var tokenType: Output? = null
/**
* @param value Mapping of attribute names to values that are expected to
* exist in the SAML assertion.
*/
@JvmName("eycjmorjytjdeaud")
public suspend fun boundAttributes(`value`: Output>) {
this.boundAttributes = value
}
/**
* @param value The type of matching assertion to perform on
* `bound_attributes_type`.
*/
@JvmName("ctmxgacwrhtveggx")
public suspend fun boundAttributesType(`value`: Output) {
this.boundAttributesType = value
}
/**
* @param value List of subjects being asserted for SAML authentication.
*/
@JvmName("okvawnytgbigkjjx")
public suspend fun boundSubjects(`value`: Output>) {
this.boundSubjects = value
}
@JvmName("hdkvxojvxrhgbhjf")
public suspend fun boundSubjects(vararg values: Output) {
this.boundSubjects = Output.all(values.asList())
}
/**
* @param values List of subjects being asserted for SAML authentication.
*/
@JvmName("sgknlsflprqhrips")
public suspend fun boundSubjects(values: List>) {
this.boundSubjects = Output.all(values)
}
/**
* @param value The type of matching assertion to perform on `bound_subjects`.
*/
@JvmName("xtlccgrsafurluvt")
public suspend fun boundSubjectsType(`value`: Output) {
this.boundSubjectsType = value
}
/**
* @param value The attribute to use to identify the set of groups to which the
* user belongs.
*/
@JvmName("phmaqstlgyagftdp")
public suspend fun groupsAttribute(`value`: Output) {
this.groupsAttribute = value
}
/**
* @param value Unique name of the role.
*/
@JvmName("kgwvcaegcfiiqfie")
public suspend fun name(`value`: Output) {
this.name = value
}
/**
* @param value The namespace to provision the resource in.
* The value should not contain leading or trailing forward slashes.
* The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
* *Available only for Vault Enterprise*.
*/
@JvmName("yfybvktagvrtcxgr")
public suspend fun namespace(`value`: Output) {
this.namespace = value
}
/**
* @param value Path where the auth backend is mounted.
*/
@JvmName("bqjeykvrtnwuptbf")
public suspend fun path(`value`: Output) {
this.path = value
}
/**
* @param value Specifies the blocks of IP addresses which are allowed to use the generated token
*/
@JvmName("rvcntkkjpyuaiplf")
public suspend fun tokenBoundCidrs(`value`: Output>) {
this.tokenBoundCidrs = value
}
@JvmName("qlqhctpstikdbsle")
public suspend fun tokenBoundCidrs(vararg values: Output) {
this.tokenBoundCidrs = Output.all(values.asList())
}
/**
* @param values Specifies the blocks of IP addresses which are allowed to use the generated token
*/
@JvmName("ihpdcslgbnlbsqxk")
public suspend fun tokenBoundCidrs(values: List>) {
this.tokenBoundCidrs = Output.all(values)
}
/**
* @param value Generated Token's Explicit Maximum TTL in seconds
*/
@JvmName("sshwfeqidplwosjf")
public suspend fun tokenExplicitMaxTtl(`value`: Output) {
this.tokenExplicitMaxTtl = value
}
/**
* @param value The maximum lifetime of the generated token
*/
@JvmName("wqhipweowrxekhom")
public suspend fun tokenMaxTtl(`value`: Output) {
this.tokenMaxTtl = value
}
/**
* @param value If true, the 'default' policy will not automatically be added to generated tokens
*/
@JvmName("fqyrqdpkmwncdnbb")
public suspend fun tokenNoDefaultPolicy(`value`: Output) {
this.tokenNoDefaultPolicy = value
}
/**
* @param value The maximum number of times a token may be used, a value of zero means unlimited
*/
@JvmName("eabphkrxrafgfqcy")
public suspend fun tokenNumUses(`value`: Output) {
this.tokenNumUses = value
}
/**
* @param value Generated Token's Period
*/
@JvmName("ntcpjcehvrgbdjui")
public suspend fun tokenPeriod(`value`: Output) {
this.tokenPeriod = value
}
/**
* @param value Generated Token's Policies
*/
@JvmName("smvanyfwfhglpmhd")
public suspend fun tokenPolicies(`value`: Output>) {
this.tokenPolicies = value
}
@JvmName("vcxmxlxqwnqfdvsf")
public suspend fun tokenPolicies(vararg values: Output) {
this.tokenPolicies = Output.all(values.asList())
}
/**
* @param values Generated Token's Policies
*/
@JvmName("alnbialaocnpplww")
public suspend fun tokenPolicies(values: List>) {
this.tokenPolicies = Output.all(values)
}
/**
* @param value The initial ttl of the token to generate in seconds
*/
@JvmName("pubeppewbefswmxk")
public suspend fun tokenTtl(`value`: Output) {
this.tokenTtl = value
}
/**
* @param value The type of token to generate, service or batch
*/
@JvmName("geerhwotexgivvxm")
public suspend fun tokenType(`value`: Output) {
this.tokenType = value
}
/**
* @param value Mapping of attribute names to values that are expected to
* exist in the SAML assertion.
*/
@JvmName("hbdwoqedvputyojg")
public suspend fun boundAttributes(`value`: Map?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.boundAttributes = mapped
}
/**
* @param values Mapping of attribute names to values that are expected to
* exist in the SAML assertion.
*/
@JvmName("hkrqgrcaxxefyfyi")
public fun boundAttributes(vararg values: Pair) {
val toBeMapped = values.toMap()
val mapped = toBeMapped.let({ args0 -> of(args0) })
this.boundAttributes = mapped
}
/**
* @param value The type of matching assertion to perform on
* `bound_attributes_type`.
*/
@JvmName("itolxvtqakjnqomy")
public suspend fun boundAttributesType(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.boundAttributesType = mapped
}
/**
* @param value List of subjects being asserted for SAML authentication.
*/
@JvmName("qfvcogtqljufoicd")
public suspend fun boundSubjects(`value`: List?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.boundSubjects = mapped
}
/**
* @param values List of subjects being asserted for SAML authentication.
*/
@JvmName("hgnuhlrmjyfjgafb")
public suspend fun boundSubjects(vararg values: String) {
val toBeMapped = values.toList()
val mapped = toBeMapped.let({ args0 -> of(args0) })
this.boundSubjects = mapped
}
/**
* @param value The type of matching assertion to perform on `bound_subjects`.
*/
@JvmName("ddsvbeixaaihyqwu")
public suspend fun boundSubjectsType(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.boundSubjectsType = mapped
}
/**
* @param value The attribute to use to identify the set of groups to which the
* user belongs.
*/
@JvmName("joobqyeaqmftkunj")
public suspend fun groupsAttribute(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.groupsAttribute = mapped
}
/**
* @param value Unique name of the role.
*/
@JvmName("edxgnkfkreruuvvb")
public suspend fun name(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.name = mapped
}
/**
* @param value The namespace to provision the resource in.
* The value should not contain leading or trailing forward slashes.
* The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
* *Available only for Vault Enterprise*.
*/
@JvmName("xqowsptiomrhncbj")
public suspend fun namespace(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.namespace = mapped
}
/**
* @param value Path where the auth backend is mounted.
*/
@JvmName("hcvgyivfudaxjssy")
public suspend fun path(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.path = mapped
}
/**
* @param value Specifies the blocks of IP addresses which are allowed to use the generated token
*/
@JvmName("ljkhulntveoglmgo")
public suspend fun tokenBoundCidrs(`value`: List?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.tokenBoundCidrs = mapped
}
/**
* @param values Specifies the blocks of IP addresses which are allowed to use the generated token
*/
@JvmName("ggvpijryjhpleawh")
public suspend fun tokenBoundCidrs(vararg values: String) {
val toBeMapped = values.toList()
val mapped = toBeMapped.let({ args0 -> of(args0) })
this.tokenBoundCidrs = mapped
}
/**
* @param value Generated Token's Explicit Maximum TTL in seconds
*/
@JvmName("bmiwrjgkpovwfaga")
public suspend fun tokenExplicitMaxTtl(`value`: Int?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.tokenExplicitMaxTtl = mapped
}
/**
* @param value The maximum lifetime of the generated token
*/
@JvmName("jjvcbejligbshdae")
public suspend fun tokenMaxTtl(`value`: Int?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.tokenMaxTtl = mapped
}
/**
* @param value If true, the 'default' policy will not automatically be added to generated tokens
*/
@JvmName("siblumcygeynormt")
public suspend fun tokenNoDefaultPolicy(`value`: Boolean?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.tokenNoDefaultPolicy = mapped
}
/**
* @param value The maximum number of times a token may be used, a value of zero means unlimited
*/
@JvmName("nvxioqcqmewoxmso")
public suspend fun tokenNumUses(`value`: Int?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.tokenNumUses = mapped
}
/**
* @param value Generated Token's Period
*/
@JvmName("afehsqtktjksiedm")
public suspend fun tokenPeriod(`value`: Int?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.tokenPeriod = mapped
}
/**
* @param value Generated Token's Policies
*/
@JvmName("ctypbowswieoqpgn")
public suspend fun tokenPolicies(`value`: List?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.tokenPolicies = mapped
}
/**
* @param values Generated Token's Policies
*/
@JvmName("cujweecrwdlsvkyj")
public suspend fun tokenPolicies(vararg values: String) {
val toBeMapped = values.toList()
val mapped = toBeMapped.let({ args0 -> of(args0) })
this.tokenPolicies = mapped
}
/**
* @param value The initial ttl of the token to generate in seconds
*/
@JvmName("cfbrlvncnjwpfygm")
public suspend fun tokenTtl(`value`: Int?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.tokenTtl = mapped
}
/**
* @param value The type of token to generate, service or batch
*/
@JvmName("ouhhocakfasmkqur")
public suspend fun tokenType(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.tokenType = mapped
}
internal fun build(): AuthBackendRoleArgs = AuthBackendRoleArgs(
boundAttributes = boundAttributes,
boundAttributesType = boundAttributesType,
boundSubjects = boundSubjects,
boundSubjectsType = boundSubjectsType,
groupsAttribute = groupsAttribute,
name = name,
namespace = namespace,
path = path,
tokenBoundCidrs = tokenBoundCidrs,
tokenExplicitMaxTtl = tokenExplicitMaxTtl,
tokenMaxTtl = tokenMaxTtl,
tokenNoDefaultPolicy = tokenNoDefaultPolicy,
tokenNumUses = tokenNumUses,
tokenPeriod = tokenPeriod,
tokenPolicies = tokenPolicies,
tokenTtl = tokenTtl,
tokenType = tokenType,
)
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy