com.pulumi.vault.secrets.kotlin.SyncAwsDestination.kt Maven / Gradle / Ivy
@file:Suppress("NAME_SHADOWING", "DEPRECATION")
package com.pulumi.vault.secrets.kotlin
import com.pulumi.core.Output
import com.pulumi.kotlin.KotlinCustomResource
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.kotlin.ResourceMapper
import com.pulumi.kotlin.options.CustomResourceOptions
import com.pulumi.kotlin.options.CustomResourceOptionsBuilder
import com.pulumi.resources.Resource
import kotlin.Any
import kotlin.Boolean
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
import kotlin.collections.Map
/**
* Builder for [SyncAwsDestination].
*/
@PulumiTagMarker
public class SyncAwsDestinationResourceBuilder internal constructor() {
public var name: String? = null
public var args: SyncAwsDestinationArgs = SyncAwsDestinationArgs()
public var opts: CustomResourceOptions = CustomResourceOptions()
/**
* @param name The _unique_ name of the resulting resource.
*/
public fun name(`value`: String) {
this.name = value
}
/**
* @param block The arguments to use to populate this resource's properties.
*/
public suspend fun args(block: suspend SyncAwsDestinationArgsBuilder.() -> Unit) {
val builder = SyncAwsDestinationArgsBuilder()
block(builder)
this.args = builder.build()
}
/**
* @param block A bag of options that control this resource's behavior.
*/
public suspend fun opts(block: suspend CustomResourceOptionsBuilder.() -> Unit) {
this.opts = com.pulumi.kotlin.options.CustomResourceOptions.opts(block)
}
internal fun build(): SyncAwsDestination {
val builtJavaResource = com.pulumi.vault.secrets.SyncAwsDestination(
this.name,
this.args.toJava(),
this.opts.toJava(),
)
return SyncAwsDestination(builtJavaResource)
}
}
/**
* ## Example Usage
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as vault from "@pulumi/vault";
* const aws = new vault.secrets.SyncAwsDestination("aws", {
* name: "aws-dest",
* accessKeyId: accessKeyId,
* secretAccessKey: secretAccessKey,
* region: "us-east-1",
* roleArn: "role-arn",
* externalId: "external-id",
* secretNameTemplate: "vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}",
* customTags: {
* foo: "bar",
* },
* });
* ```
* ```python
* import pulumi
* import pulumi_vault as vault
* aws = vault.secrets.SyncAwsDestination("aws",
* name="aws-dest",
* access_key_id=access_key_id,
* secret_access_key=secret_access_key,
* region="us-east-1",
* role_arn="role-arn",
* external_id="external-id",
* secret_name_template="vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}",
* custom_tags={
* "foo": "bar",
* })
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Vault = Pulumi.Vault;
* return await Deployment.RunAsync(() =>
* {
* var aws = new Vault.Secrets.SyncAwsDestination("aws", new()
* {
* Name = "aws-dest",
* AccessKeyId = accessKeyId,
* SecretAccessKey = secretAccessKey,
* Region = "us-east-1",
* RoleArn = "role-arn",
* ExternalId = "external-id",
* SecretNameTemplate = "vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}",
* CustomTags =
* {
* { "foo", "bar" },
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-vault/sdk/v6/go/vault/secrets"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* _, err := secrets.NewSyncAwsDestination(ctx, "aws", &secrets.SyncAwsDestinationArgs{
* Name: pulumi.String("aws-dest"),
* AccessKeyId: pulumi.Any(accessKeyId),
* SecretAccessKey: pulumi.Any(secretAccessKey),
* Region: pulumi.String("us-east-1"),
* RoleArn: pulumi.String("role-arn"),
* ExternalId: pulumi.String("external-id"),
* SecretNameTemplate: pulumi.String("vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}"),
* CustomTags: pulumi.Map{
* "foo": pulumi.Any("bar"),
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.vault.secrets.SyncAwsDestination;
* import com.pulumi.vault.secrets.SyncAwsDestinationArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var aws = new SyncAwsDestination("aws", SyncAwsDestinationArgs.builder()
* .name("aws-dest")
* .accessKeyId(accessKeyId)
* .secretAccessKey(secretAccessKey)
* .region("us-east-1")
* .roleArn("role-arn")
* .externalId("external-id")
* .secretNameTemplate("vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}")
* .customTags(Map.of("foo", "bar"))
* .build());
* }
* }
* ```
* ```yaml
* resources:
* aws:
* type: vault:secrets:SyncAwsDestination
* properties:
* name: aws-dest
* accessKeyId: ${accessKeyId}
* secretAccessKey: ${secretAccessKey}
* region: us-east-1
* roleArn: role-arn
* externalId: external-id
* secretNameTemplate: vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}
* customTags:
* foo: bar
* ```
*
* ## Import
* AWS Secrets sync destinations can be imported using the `name`, e.g.
* ```sh
* $ pulumi import vault:secrets/syncAwsDestination:SyncAwsDestination aws aws-dest
* ```
*/
public class SyncAwsDestination internal constructor(
override val javaResource: com.pulumi.vault.secrets.SyncAwsDestination,
) : KotlinCustomResource(javaResource, SyncAwsDestinationMapper) {
/**
* Access key id to authenticate against the AWS secrets manager.
* Can be omitted and directly provided to Vault using the `AWS_ACCESS_KEY_ID` environment
* variable.
*/
public val accessKeyId: Output?
get() = javaResource.accessKeyId().applyValue({ args0 ->
args0.map({ args0 ->
args0
}).orElse(null)
})
/**
* Custom tags to set on the secret managed at the destination.
*/
public val customTags: Output>?
get() = javaResource.customTags().applyValue({ args0 ->
args0.map({ args0 ->
args0.map({ args0 ->
args0.key.to(args0.value)
}).toMap()
}).orElse(null)
})
/**
* Optional extra protection that must match the trust policy granting access to the
* AWS IAM role ARN. We recommend using a different random UUID per destination. The value is generated by users.
* The field is mutable with no special condition, but users must be careful that the new value fits with the trust
* relationship condition they set on AWS otherwise sync operations will start to fail due to client-side access
* denied errors. Ignored if the `role_arn` field is empty.
*/
public val externalId: Output?
get() = javaResource.externalId().applyValue({ args0 ->
args0.map({ args0 ->
args0
}).orElse(null)
})
/**
* Determines what level of information is synced as a distinct resource
* at the destination. Supports `secret-path` and `secret-key`.
*/
public val granularity: Output?
get() = javaResource.granularity().applyValue({ args0 ->
args0.map({ args0 ->
args0
}).orElse(null)
})
/**
* Unique name of the AWS destination.
*/
public val name: Output
get() = javaResource.name().applyValue({ args0 -> args0 })
/**
* The namespace to provision the resource in.
* The value should not contain leading or trailing forward slashes.
* The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
*/
public val namespace: Output?
get() = javaResource.namespace().applyValue({ args0 -> args0.map({ args0 -> args0 }).orElse(null) })
/**
* Region where to manage the secrets manager entries.
* Can be omitted and directly provided to Vault using the `AWS_REGION` environment
* variable.
*/
public val region: Output?
get() = javaResource.region().applyValue({ args0 -> args0.map({ args0 -> args0 }).orElse(null) })
/**
* Specifies a role to assume when connecting to AWS. When assuming a role,
* Vault uses temporary STS credentials to authenticate. An initial session with the proper trust relationship must
* exist for Vault to be able to assume this role. The role can be in a different account.
* The value is mutable as long as the new role targets the same AWS account ID. If not, the BE will return an error.
* It is possible to provide both an access key pair and a role to assume.
*/
public val roleArn: Output?
get() = javaResource.roleArn().applyValue({ args0 -> args0.map({ args0 -> args0 }).orElse(null) })
/**
* Secret access key to authenticate against the AWS secrets manager.
* Can be omitted and directly provided to Vault using the `AWS_SECRET_ACCESS_KEY` environment
* variable.
*/
public val secretAccessKey: Output?
get() = javaResource.secretAccessKey().applyValue({ args0 ->
args0.map({ args0 ->
args0
}).orElse(null)
})
/**
* Template describing how to generate external secret names.
* Supports a subset of the Go Template syntax.
*/
public val secretNameTemplate: Output
get() = javaResource.secretNameTemplate().applyValue({ args0 -> args0 })
/**
* The type of the secrets destination (`aws-sm`).
*/
public val type: Output
get() = javaResource.type().applyValue({ args0 -> args0 })
}
public object SyncAwsDestinationMapper : ResourceMapper {
override fun supportsMappingOfType(javaResource: Resource): Boolean =
com.pulumi.vault.secrets.SyncAwsDestination::class == javaResource::class
override fun map(javaResource: Resource): SyncAwsDestination = SyncAwsDestination(
javaResource as
com.pulumi.vault.secrets.SyncAwsDestination,
)
}
/**
* @see [SyncAwsDestination].
* @param name The _unique_ name of the resulting resource.
* @param block Builder for [SyncAwsDestination].
*/
public suspend fun syncAwsDestination(
name: String,
block: suspend SyncAwsDestinationResourceBuilder.() -> Unit,
): SyncAwsDestination {
val builder = SyncAwsDestinationResourceBuilder()
builder.name(name)
block(builder)
return builder.build()
}
/**
* @see [SyncAwsDestination].
* @param name The _unique_ name of the resulting resource.
*/
public fun syncAwsDestination(name: String): SyncAwsDestination {
val builder = SyncAwsDestinationResourceBuilder()
builder.name(name)
return builder.build()
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy