pulumi-vault-kotlin/com.pulumi.vault.kubernetes.kotlin/AuthBackendRoleArgs

AuthBackendRoleArgs

data class AuthBackendRoleArgs(val aliasNameSource: Output<String>? = null, val audience: Output<String>? = null, val backend: Output<String>? = null, val boundServiceAccountNames: Output<List<String>>? = null, val boundServiceAccountNamespaces: Output<List<String>>? = null, val namespace: Output<String>? = null, val roleName: Output<String>? = null, val tokenBoundCidrs: Output<List<String>>? = null, val tokenExplicitMaxTtl: Output<Int>? = null, val tokenMaxTtl: Output<Int>? = null, val tokenNoDefaultPolicy: Output<Boolean>? = null, val tokenNumUses: Output<Int>? = null, val tokenPeriod: Output<Int>? = null, val tokenPolicies: Output<List<String>>? = null, val tokenTtl: Output<Int>? = null, val tokenType: Output<String>? = null) : ConvertibleToJava<AuthBackendRoleArgs>

Manages an Kubernetes auth backend role in a Vault server. See the [Vault

documentation](https://www.vaultproject.io/docs/auth/kubernetes.html) for more information.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";
const kubernetes = new vault.AuthBackend("kubernetes", {type: "kubernetes"});
const example = new vault.kubernetes.AuthBackendRole("example", {
    backend: kubernetes.path,
    roleName: "example-role",
    boundServiceAccountNames: ["example"],
    boundServiceAccountNamespaces: ["example"],
    tokenTtl: 3600,
    tokenPolicies: [
        "default",
        "dev",
        "prod",
    ],
    audience: "vault",
});

import pulumi
import pulumi_vault as vault
kubernetes = vault.AuthBackend("kubernetes", type="kubernetes")
example = vault.kubernetes.AuthBackendRole("example",
    backend=kubernetes.path,
    role_name="example-role",
    bound_service_account_names=["example"],
    bound_service_account_namespaces=["example"],
    token_ttl=3600,
    token_policies=[
        "default",
        "dev",
        "prod",
    ],
    audience="vault")

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Vault = Pulumi.Vault;
return await Deployment.RunAsync(() =>
{
    var kubernetes = new Vault.AuthBackend("kubernetes", new()
    {
        Type = "kubernetes",
    });
    var example = new Vault.Kubernetes.AuthBackendRole("example", new()
    {
        Backend = kubernetes.Path,
        RoleName = "example-role",
        BoundServiceAccountNames = new[]
        {
            "example",
        },
        BoundServiceAccountNamespaces = new[]
        {
            "example",
        },
        TokenTtl = 3600,
        TokenPolicies = new[]
        {
            "default",
            "dev",
            "prod",
        },
        Audience = "vault",
    });
});

package main
import (
	"github.com/pulumi/pulumi-vault/sdk/v6/go/vault"
	"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/kubernetes"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		kubernetes, err := vault.NewAuthBackend(ctx, "kubernetes", &vault.AuthBackendArgs{
			Type: pulumi.String("kubernetes"),
		})
		if err != nil {
			return err
		}
		_, err = kubernetes.NewAuthBackendRole(ctx, "example", &kubernetes.AuthBackendRoleArgs{
			Backend:  kubernetes.Path,
			RoleName: pulumi.String("example-role"),
			BoundServiceAccountNames: pulumi.StringArray{
				pulumi.String("example"),
			},
			BoundServiceAccountNamespaces: pulumi.StringArray{
				pulumi.String("example"),
			},
			TokenTtl: pulumi.Int(3600),
			TokenPolicies: pulumi.StringArray{
				pulumi.String("default"),
				pulumi.String("dev"),
				pulumi.String("prod"),
			},
			Audience: pulumi.String("vault"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vault.AuthBackend;
import com.pulumi.vault.AuthBackendArgs;
import com.pulumi.vault.kubernetes.AuthBackendRole;
import com.pulumi.vault.kubernetes.AuthBackendRoleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var kubernetes = new AuthBackend("kubernetes", AuthBackendArgs.builder()
            .type("kubernetes")
            .build());
        var example = new AuthBackendRole("example", AuthBackendRoleArgs.builder()
            .backend(kubernetes.path())
            .roleName("example-role")
            .boundServiceAccountNames("example")
            .boundServiceAccountNamespaces("example")
            .tokenTtl(3600)
            .tokenPolicies(
                "default",
                "dev",
                "prod")
            .audience("vault")
            .build());
    }
}

resources:
  kubernetes:
    type: vault:AuthBackend
    properties:
      type: kubernetes
  example:
    type: vault:kubernetes:AuthBackendRole
    properties:
      backend: ${kubernetes.path}
      roleName: example-role
      boundServiceAccountNames:
        - example
      boundServiceAccountNamespaces:
        - example
      tokenTtl: 3600
      tokenPolicies:
        - default
        - dev
        - prod
      audience: vault

Import

Kubernetes auth backend role can be imported using the path, e.g.

$ pulumi import vault:kubernetes/authBackendRole:AuthBackendRole foo auth/kubernetes/role/foo

Constructors

AuthBackendRoleArgs

constructor(aliasNameSource: Output<String>? = null, audience: Output<String>? = null, backend: Output<String>? = null, boundServiceAccountNames: Output<List<String>>? = null, boundServiceAccountNamespaces: Output<List<String>>? = null, namespace: Output<String>? = null, roleName: Output<String>? = null, tokenBoundCidrs: Output<List<String>>? = null, tokenExplicitMaxTtl: Output<Int>? = null, tokenMaxTtl: Output<Int>? = null, tokenNoDefaultPolicy: Output<Boolean>? = null, tokenNumUses: Output<Int>? = null, tokenPeriod: Output<Int>? = null, tokenPolicies: Output<List<String>>? = null, tokenTtl: Output<Int>? = null, tokenType: Output<String>? = null)

Properties

aliasNameSource

val aliasNameSource: Output<String>? = null

Configures how identity aliases are generated. Valid choices are: serviceaccount_uid, serviceaccount_name. (vault-1.9+)

audience

val audience: Output<String>? = null

Audience claim to verify in the JWT.

backend

val backend: Output<String>? = null

Unique name of the kubernetes backend to configure.

boundServiceAccountNames

val boundServiceAccountNames: Output<List<String>>? = null

List of service account names able to access this role. If set to ["*"] all names are allowed, both this and bound_service_account_namespaces can not be "*".

boundServiceAccountNamespaces

val boundServiceAccountNamespaces: Output<List<String>>? = null

List of namespaces allowed to access this role. If set to ["*"] all namespaces are allowed, both this and bound_service_account_names can not be set to "*".

namespace

val namespace: Output<String>? = null

The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.

roleName

val roleName: Output<String>? = null

Name of the role.

tokenBoundCidrs