@pulumi/consul
Version:
A Pulumi package for creating and managing consul resources.
238 lines (237 loc) • 8.52 kB
TypeScript
import * as pulumi from "@pulumi/pulumi";
import * as inputs from "./types/input";
import * as outputs from "./types/output";
/**
* Starting with Consul 1.5.0, the `consul.AclAuthMethod` resource can be used to managed [Consul ACL auth methods](https://www.consul.io/docs/acl/auth-methods).
*
* ## Example Usage
*
* Define a `kubernetes` auth method:
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as consul from "@pulumi/consul";
*
* const minikube = new consul.AclAuthMethod("minikube", {
* name: "minikube",
* type: "kubernetes",
* description: "dev minikube cluster",
* configJson: JSON.stringify({
* Host: "https://192.0.2.42:8443",
* CACert: `-----BEGIN CERTIFICATE-----
* ...-----END CERTIFICATE-----
* `,
* ServiceAccountJWT: "eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9...",
* }),
* });
* ```
*
* Define a `jwt` auth method:
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as consul from "@pulumi/consul";
*
* const oidc = new consul.AclAuthMethod("oidc", {
* name: "auth0",
* type: "oidc",
* maxTokenTtl: "5m",
* configJson: JSON.stringify({
* AllowedRedirectURIs: [
* "http://localhost:8550/oidc/callback",
* "http://localhost:8500/ui/oidc/callback",
* ],
* BoundAudiences: ["V1RPi2MYptMV1RPi2MYptMV1RPi2MYpt"],
* ClaimMappings: {
* "http://example.com/first_name": "first_name",
* "http://example.com/last_name": "last_name",
* },
* ListClaimMappings: {
* "http://consul.com/groups": "groups",
* },
* OIDCClientID: "V1RPi2MYptMV1RPi2MYptMV1RPi2MYpt",
* OIDCClientSecret: "...(omitted)...",
* OIDCDiscoveryURL: "https://my-corp-app-name.auth0.com/",
* }),
* });
* ```
*/
export declare class AclAuthMethod extends pulumi.CustomResource {
/**
* Get an existing AclAuthMethod resource's state with the given name, ID, and optional extra
* properties used to qualify the lookup.
*
* @param name The _unique_ name of the resulting resource.
* @param id The _unique_ provider ID of the resource to lookup.
* @param state Any extra arguments used during the lookup.
* @param opts Optional settings to control the behavior of the CustomResource.
*/
static get(name: string, id: pulumi.Input<pulumi.ID>, state?: AclAuthMethodState, opts?: pulumi.CustomResourceOptions): AclAuthMethod;
/**
* Returns true if the given object is an instance of AclAuthMethod. This is designed to work even
* when multiple copies of the Pulumi SDK have been loaded into the same process.
*/
static isInstance(obj: any): obj is AclAuthMethod;
/**
* The raw configuration for this ACL auth method.
*
* @deprecated The config attribute is deprecated, please use `configJson` instead.
*/
readonly config: pulumi.Output<{
[key: string]: string;
} | undefined>;
/**
* The raw configuration for this ACL auth method.
*/
readonly configJson: pulumi.Output<string | undefined>;
/**
* A free form human readable description of the auth method.
*/
readonly description: pulumi.Output<string | undefined>;
/**
* An optional name to use instead of the name attribute when displaying information about this auth method.
*/
readonly displayName: pulumi.Output<string | undefined>;
/**
* The maximum life of any token created by this auth method. **This attribute is required and must be set to a nonzero for the OIDC auth method.**
*/
readonly maxTokenTtl: pulumi.Output<string | undefined>;
/**
* The name of the ACL auth method.
*/
readonly name: pulumi.Output<string>;
/**
* The namespace in which to create the auth method.
*/
readonly namespace: pulumi.Output<string | undefined>;
/**
* A set of rules that control which namespace tokens created via this auth method will be created within.
*/
readonly namespaceRules: pulumi.Output<outputs.AclAuthMethodNamespaceRule[] | undefined>;
/**
* The partition the ACL auth method is associated with.
*/
readonly partition: pulumi.Output<string | undefined>;
/**
* The kind of token that this auth method produces. This can be either 'local' or 'global'.
*/
readonly tokenLocality: pulumi.Output<string | undefined>;
/**
* The type of the ACL auth method.
*/
readonly type: pulumi.Output<string>;
/**
* Create a AclAuthMethod resource with the given unique name, arguments, and options.
*
* @param name The _unique_ name of the resource.
* @param args The arguments to use to populate this resource's properties.
* @param opts A bag of options that control this resource's behavior.
*/
constructor(name: string, args: AclAuthMethodArgs, opts?: pulumi.CustomResourceOptions);
}
/**
* Input properties used for looking up and filtering AclAuthMethod resources.
*/
export interface AclAuthMethodState {
/**
* The raw configuration for this ACL auth method.
*
* @deprecated The config attribute is deprecated, please use `configJson` instead.
*/
config?: pulumi.Input<{
[key: string]: pulumi.Input<string>;
}>;
/**
* The raw configuration for this ACL auth method.
*/
configJson?: pulumi.Input<string>;
/**
* A free form human readable description of the auth method.
*/
description?: pulumi.Input<string>;
/**
* An optional name to use instead of the name attribute when displaying information about this auth method.
*/
displayName?: pulumi.Input<string>;
/**
* The maximum life of any token created by this auth method. **This attribute is required and must be set to a nonzero for the OIDC auth method.**
*/
maxTokenTtl?: pulumi.Input<string>;
/**
* The name of the ACL auth method.
*/
name?: pulumi.Input<string>;
/**
* The namespace in which to create the auth method.
*/
namespace?: pulumi.Input<string>;
/**
* A set of rules that control which namespace tokens created via this auth method will be created within.
*/
namespaceRules?: pulumi.Input<pulumi.Input<inputs.AclAuthMethodNamespaceRule>[]>;
/**
* The partition the ACL auth method is associated with.
*/
partition?: pulumi.Input<string>;
/**
* The kind of token that this auth method produces. This can be either 'local' or 'global'.
*/
tokenLocality?: pulumi.Input<string>;
/**
* The type of the ACL auth method.
*/
type?: pulumi.Input<string>;
}
/**
* The set of arguments for constructing a AclAuthMethod resource.
*/
export interface AclAuthMethodArgs {
/**
* The raw configuration for this ACL auth method.
*
* @deprecated The config attribute is deprecated, please use `configJson` instead.
*/
config?: pulumi.Input<{
[key: string]: pulumi.Input<string>;
}>;
/**
* The raw configuration for this ACL auth method.
*/
configJson?: pulumi.Input<string>;
/**
* A free form human readable description of the auth method.
*/
description?: pulumi.Input<string>;
/**
* An optional name to use instead of the name attribute when displaying information about this auth method.
*/
displayName?: pulumi.Input<string>;
/**
* The maximum life of any token created by this auth method. **This attribute is required and must be set to a nonzero for the OIDC auth method.**
*/
maxTokenTtl?: pulumi.Input<string>;
/**
* The name of the ACL auth method.
*/
name?: pulumi.Input<string>;
/**
* The namespace in which to create the auth method.
*/
namespace?: pulumi.Input<string>;
/**
* A set of rules that control which namespace tokens created via this auth method will be created within.
*/
namespaceRules?: pulumi.Input<pulumi.Input<inputs.AclAuthMethodNamespaceRule>[]>;
/**
* The partition the ACL auth method is associated with.
*/
partition?: pulumi.Input<string>;
/**
* The kind of token that this auth method produces. This can be either 'local' or 'global'.
*/
tokenLocality?: pulumi.Input<string>;
/**
* The type of the ACL auth method.
*/
type: pulumi.Input<string>;
}