pulumi-vault-kotlin/com.pulumi.vault.pkiSecret.kotlin/BackendConfigEstArgs

BackendConfigEstArgs

data class BackendConfigEstArgs(val auditFields: Output<List<String>>? = null, val authenticators: Output<BackendConfigEstAuthenticatorsArgs>? = null, val backend: Output<String>? = null, val defaultMount: Output<Boolean>? = null, val defaultPathPolicy: Output<String>? = null, val enableSentinelParsing: Output<Boolean>? = null, val enabled: Output<Boolean>? = null, val labelToPathPolicy: Output<Map<String, String>>? = null, val namespace: Output<String>? = null) : ConvertibleToJava<BackendConfigEstArgs>

Allows setting the EST configuration on a PKI Secret Backend

Import

The PKI config cluster can be imported using the resource's id. In the case of the example above the id would be pki-root/config/est, where the pki-root component is the resource's backend, e.g.

$ pulumi import vault:pkiSecret/backendConfigEst:BackendConfigEst example pki-root/config/est
Content copied to clipboard

Constructors

Link copied to clipboard
constructor(auditFields: Output<List<String>>? = null, authenticators: Output<BackendConfigEstAuthenticatorsArgs>? = null, backend: Output<String>? = null, defaultMount: Output<Boolean>? = null, defaultPathPolicy: Output<String>? = null, enableSentinelParsing: Output<Boolean>? = null, enabled: Output<Boolean>? = null, labelToPathPolicy: Output<Map<String, String>>? = null, namespace: Output<String>? = null)

Properties

Link copied to clipboard
val auditFields: Output<List<String>>? = null

Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.

Link copied to clipboard
val authenticators: Output<BackendConfigEstAuthenticatorsArgs>? = null

Lists the mount accessors EST should delegate authentication requests towards (see below for nested schema).

Link copied to clipboard
val backend: Output<String>? = null

The path to the PKI secret backend to read the EST configuration from, with no leading or trailing /s.

Link copied to clipboard
val defaultMount: Output<Boolean>? = null

If set, this mount will register the default .well-known/est URL path. Only a single mount can enable this across a Vault cluster.

Link copied to clipboard
val defaultPathPolicy: Output<String>? = null

Required to be set if default_mount is enabled. Specifies the behavior for requests using the default EST label. Can be sign-verbatim or a role given by role:.

Link copied to clipboard
val enabled: Output<Boolean>? = null

Specifies whether EST is enabled.

Link copied to clipboard
val enableSentinelParsing: Output<Boolean>? = null

If set, parse out fields from the provided CSR making them available for Sentinel policies.

Link copied to clipboard
val labelToPathPolicy: Output<Map<String, String>>? = null

Configures a pairing of an EST label with the redirected behavior for requests hitting that role. The path policy can be sign-verbatim or a role given by role:. Labels must be unique across Vault cluster, and will register .well-known/est/

Link copied to clipboard
val namespace: Output<String>? = null

The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.

Functions

Link copied to clipboard
open override fun toJava(): BackendConfigEstArgs