@pulumi/openstack
Version:
A Pulumi package for creating and managing OpenStack cloud resources.
153 lines • 6.49 kB
JavaScript
;
// *** WARNING: this file was generated by pulumi-language-nodejs. ***
// *** Do not edit by hand unless you're certain you know what you are doing! ***
Object.defineProperty(exports, "__esModule", { value: true });
exports.ApplicationCredential = void 0;
const pulumi = require("@pulumi/pulumi");
const utilities = require("../utilities");
/**
* Manages a V3 Application Credential resource within OpenStack Keystone.
*
* > **Note:** All arguments including the application credential name and secret
* will be stored in the raw state as plain-text. Read more about sensitive data
* in state.
*
* > **Note:** An Application Credential is created within the authenticated user
* project scope and is not visible by an admin or other accounts.
* The Application Credential visibility is similar to
* `openstack.compute.Keypair`.
*
* ## Example Usage
*
* ### Predefined secret
*
* Application credential below will have only one `swiftoperator` role.
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as openstack from "@pulumi/openstack";
*
* const swift = new openstack.identity.ApplicationCredential("swift", {
* name: "swift",
* description: "Swift technical application credential",
* secret: "supersecret",
* roles: ["swiftoperator"],
* expiresAt: "2019-02-13T12:12:12Z",
* });
* ```
*
* ### Unrestricted with autogenerated secret and unlimited TTL
*
* Application credential below will inherit all the current user's roles.
*
* !> **WARNING:** Restrictions on these Identity operations are deliberately
* imposed as a safeguard to prevent a compromised application credential from
* regenerating itself. Disabling this restriction poses an inherent added risk.
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as openstack from "@pulumi/openstack";
*
* const unrestricted = new openstack.identity.ApplicationCredential("unrestricted", {
* name: "unrestricted",
* description: "Unrestricted application credential",
* unrestricted: true,
* });
* export const applicationCredentialSecret = unrestricted.secret;
* ```
*
* ### Application credential with access rules
*
* > **Note:** Application Credential access rules are supported only in Keystone
* starting from [Train](https://releases.openstack.org/train/highlights.html#keystone-identity-service) release.
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as openstack from "@pulumi/openstack";
*
* const monitoring = new openstack.identity.ApplicationCredential("monitoring", {
* name: "monitoring",
* expiresAt: "2019-02-13T12:12:12Z",
* accessRules: [
* {
* path: "/v2.0/metrics",
* service: "monitoring",
* method: "GET",
* },
* {
* path: "/v2.0/metrics",
* service: "monitoring",
* method: "PUT",
* },
* ],
* });
* ```
*
* ## Import
*
* Application Credentials can be imported using the `id`, e.g.
*
* ```sh
* $ pulumi import openstack:identity/applicationCredential:ApplicationCredential application_credential_1 c17304b7-0953-4738-abb0-67005882b0a0
* ```
*/
class ApplicationCredential extends pulumi.CustomResource {
/**
* Get an existing ApplicationCredential resource's state with the given name, ID, and optional extra
* properties used to qualify the lookup.
*
* @param name The _unique_ name of the resulting resource.
* @param id The _unique_ provider ID of the resource to lookup.
* @param state Any extra arguments used during the lookup.
* @param opts Optional settings to control the behavior of the CustomResource.
*/
static get(name, id, state, opts) {
return new ApplicationCredential(name, state, Object.assign(Object.assign({}, opts), { id: id }));
}
/**
* Returns true if the given object is an instance of ApplicationCredential. This is designed to work even
* when multiple copies of the Pulumi SDK have been loaded into the same process.
*/
static isInstance(obj) {
if (obj === undefined || obj === null) {
return false;
}
return obj['__pulumiType'] === ApplicationCredential.__pulumiType;
}
constructor(name, argsOrState, opts) {
let resourceInputs = {};
opts = opts || {};
if (opts.id) {
const state = argsOrState;
resourceInputs["accessRules"] = state ? state.accessRules : undefined;
resourceInputs["description"] = state ? state.description : undefined;
resourceInputs["expiresAt"] = state ? state.expiresAt : undefined;
resourceInputs["name"] = state ? state.name : undefined;
resourceInputs["projectId"] = state ? state.projectId : undefined;
resourceInputs["region"] = state ? state.region : undefined;
resourceInputs["roles"] = state ? state.roles : undefined;
resourceInputs["secret"] = state ? state.secret : undefined;
resourceInputs["unrestricted"] = state ? state.unrestricted : undefined;
}
else {
const args = argsOrState;
resourceInputs["accessRules"] = args ? args.accessRules : undefined;
resourceInputs["description"] = args ? args.description : undefined;
resourceInputs["expiresAt"] = args ? args.expiresAt : undefined;
resourceInputs["name"] = args ? args.name : undefined;
resourceInputs["region"] = args ? args.region : undefined;
resourceInputs["roles"] = args ? args.roles : undefined;
resourceInputs["secret"] = (args === null || args === void 0 ? void 0 : args.secret) ? pulumi.secret(args.secret) : undefined;
resourceInputs["unrestricted"] = args ? args.unrestricted : undefined;
resourceInputs["projectId"] = undefined /*out*/;
}
opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts);
const secretOpts = { additionalSecretOutputs: ["secret"] };
opts = pulumi.mergeOptions(opts, secretOpts);
super(ApplicationCredential.__pulumiType, name, resourceInputs, opts);
}
}
exports.ApplicationCredential = ApplicationCredential;
/** @internal */
ApplicationCredential.__pulumiType = 'openstack:identity/applicationCredential:ApplicationCredential';
//# sourceMappingURL=applicationCredential.js.map