@pulumi/openstack
Version:
A Pulumi package for creating and managing OpenStack cloud resources.
356 lines (355 loc) • 12.9 kB
TypeScript
import * as pulumi from "@pulumi/pulumi";
import * as inputs from "../types/input";
import * as outputs from "../types/output";
/**
* ## Example Usage
*
* ### Simple secret
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as openstack from "@pulumi/openstack";
*
* const secret1 = new openstack.keymanager.SecretV1("secret_1", {
* algorithm: "aes",
* bitLength: 256,
* mode: "cbc",
* name: "mysecret",
* payload: "foobar",
* payloadContentType: "text/plain",
* secretType: "passphrase",
* metadata: {
* key: "foo",
* },
* });
* ```
*
* ### Secret with whitespaces
*
* > **Note** If you want to store payload with leading or trailing whitespaces,
* it's recommended to store it in a base64 encoding. Plain text payload can also
* work, but further addind or removing of the leading or trailing whitespaces
* won't be detected as a state change, e.g. changing plain text payload from
* ` password ` to `password` won't recreate the secret.
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as openstack from "@pulumi/openstack";
* import * as std from "@pulumi/std";
*
* const secret1 = new openstack.keymanager.SecretV1("secret_1", {
* name: "password",
* payload: std.base64encode({
* input: "password with the whitespace at the end ",
* }).then(invoke => invoke.result),
* secretType: "passphrase",
* payloadContentType: "application/octet-stream",
* payloadContentEncoding: "base64",
* });
* ```
*
* ### Secret with the ACL
*
* > **Note** Only read ACLs are supported
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as openstack from "@pulumi/openstack";
* import * as std from "@pulumi/std";
*
* const secret1 = new openstack.keymanager.SecretV1("secret_1", {
* name: "certificate",
* payload: std.file({
* input: "certificate.pem",
* }).then(invoke => invoke.result),
* secretType: "certificate",
* payloadContentType: "text/plain",
* acl: {
* read: {
* projectAccess: false,
* users: [
* "userid1",
* "userid2",
* ],
* },
* },
* });
* ```
*
* ## Import
*
* Secrets can be imported using the secret id (the last part of the secret reference), e.g.:
*
* ```sh
* $ pulumi import openstack:keymanager/secretV1:SecretV1 secret_1 8a7a79c2-cf17-4e65-b2ae-ddc8bfcf6c74
* ```
*/
export declare class SecretV1 extends pulumi.CustomResource {
/**
* Get an existing SecretV1 resource's state with the given name, ID, and optional extra
* properties used to qualify the lookup.
*
* @param name The _unique_ name of the resulting resource.
* @param id The _unique_ provider ID of the resource to lookup.
* @param state Any extra arguments used during the lookup.
* @param opts Optional settings to control the behavior of the CustomResource.
*/
static get(name: string, id: pulumi.Input<pulumi.ID>, state?: SecretV1State, opts?: pulumi.CustomResourceOptions): SecretV1;
/**
* Returns true if the given object is an instance of SecretV1. This is designed to work even
* when multiple copies of the Pulumi SDK have been loaded into the same process.
*/
static isInstance(obj: any): obj is SecretV1;
/**
* Allows to control an access to a secret. Currently only the
* `read` operation is supported. If not specified, the secret is accessible
* project wide.
*/
readonly acl: pulumi.Output<outputs.keymanager.SecretV1Acl>;
/**
* Metadata provided by a user or system for informational purposes.
*/
readonly algorithm: pulumi.Output<string>;
/**
* The map of metadata, assigned on the secret, which has been
* explicitly and implicitly added.
*/
readonly allMetadata: pulumi.Output<{
[key: string]: string;
}>;
/**
* Metadata provided by a user or system for informational purposes.
*/
readonly bitLength: pulumi.Output<number>;
/**
* The map of the content types, assigned on the secret.
*/
readonly contentTypes: pulumi.Output<{
[key: string]: string;
}>;
/**
* The date the secret was created.
*/
readonly createdAt: pulumi.Output<string>;
/**
* The creator of the secret.
*/
readonly creatorId: pulumi.Output<string>;
/**
* The expiration time of the secret in the RFC3339 timestamp format (e.g. `2019-03-09T12:58:49Z`). If omitted, a secret will never expire. Changing this creates a new secret.
*/
readonly expiration: pulumi.Output<string | undefined>;
/**
* Additional Metadata for the secret.
*/
readonly metadata: pulumi.Output<{
[key: string]: string;
} | undefined>;
/**
* Metadata provided by a user or system for informational purposes.
*/
readonly mode: pulumi.Output<string>;
/**
* Human-readable name for the Secret. Does not have
* to be unique.
*/
readonly name: pulumi.Output<string>;
/**
* The secret's data to be stored. **payload\_content\_type** must also be supplied if **payload** is included.
*/
readonly payload: pulumi.Output<string | undefined>;
/**
* (required if **payload** is encoded) The encoding used for the payload to be able to include it in the JSON request. Must be either `base64` or `binary`.
*/
readonly payloadContentEncoding: pulumi.Output<string | undefined>;
/**
* (required if **payload** is included) The media type for the content of the payload. Must be one of `text/plain`, `text/plain;charset=utf-8`, `text/plain; charset=utf-8`, `application/octet-stream`, `application/pkcs8`.
*/
readonly payloadContentType: pulumi.Output<string | undefined>;
/**
* The region in which to obtain the V1 KeyManager client.
* A KeyManager client is needed to create a secret. If omitted, the
* `region` argument of the provider is used. Changing this creates a new
* V1 secret.
*/
readonly region: pulumi.Output<string>;
/**
* The secret reference / where to find the secret.
*/
readonly secretRef: pulumi.Output<string>;
/**
* Used to indicate the type of secret being stored. For more information see [Secret types](https://docs.openstack.org/barbican/latest/api/reference/secret_types.html).
*/
readonly secretType: pulumi.Output<string>;
/**
* The status of the secret.
*/
readonly status: pulumi.Output<string>;
/**
* The date the secret was last updated.
*/
readonly updatedAt: pulumi.Output<string>;
/**
* Create a SecretV1 resource with the given unique name, arguments, and options.
*
* @param name The _unique_ name of the resource.
* @param args The arguments to use to populate this resource's properties.
* @param opts A bag of options that control this resource's behavior.
*/
constructor(name: string, args?: SecretV1Args, opts?: pulumi.CustomResourceOptions);
}
/**
* Input properties used for looking up and filtering SecretV1 resources.
*/
export interface SecretV1State {
/**
* Allows to control an access to a secret. Currently only the
* `read` operation is supported. If not specified, the secret is accessible
* project wide.
*/
acl?: pulumi.Input<inputs.keymanager.SecretV1Acl>;
/**
* Metadata provided by a user or system for informational purposes.
*/
algorithm?: pulumi.Input<string>;
/**
* The map of metadata, assigned on the secret, which has been
* explicitly and implicitly added.
*/
allMetadata?: pulumi.Input<{
[key: string]: pulumi.Input<string>;
}>;
/**
* Metadata provided by a user or system for informational purposes.
*/
bitLength?: pulumi.Input<number>;
/**
* The map of the content types, assigned on the secret.
*/
contentTypes?: pulumi.Input<{
[key: string]: pulumi.Input<string>;
}>;
/**
* The date the secret was created.
*/
createdAt?: pulumi.Input<string>;
/**
* The creator of the secret.
*/
creatorId?: pulumi.Input<string>;
/**
* The expiration time of the secret in the RFC3339 timestamp format (e.g. `2019-03-09T12:58:49Z`). If omitted, a secret will never expire. Changing this creates a new secret.
*/
expiration?: pulumi.Input<string>;
/**
* Additional Metadata for the secret.
*/
metadata?: pulumi.Input<{
[key: string]: pulumi.Input<string>;
}>;
/**
* Metadata provided by a user or system for informational purposes.
*/
mode?: pulumi.Input<string>;
/**
* Human-readable name for the Secret. Does not have
* to be unique.
*/
name?: pulumi.Input<string>;
/**
* The secret's data to be stored. **payload\_content\_type** must also be supplied if **payload** is included.
*/
payload?: pulumi.Input<string>;
/**
* (required if **payload** is encoded) The encoding used for the payload to be able to include it in the JSON request. Must be either `base64` or `binary`.
*/
payloadContentEncoding?: pulumi.Input<string>;
/**
* (required if **payload** is included) The media type for the content of the payload. Must be one of `text/plain`, `text/plain;charset=utf-8`, `text/plain; charset=utf-8`, `application/octet-stream`, `application/pkcs8`.
*/
payloadContentType?: pulumi.Input<string>;
/**
* The region in which to obtain the V1 KeyManager client.
* A KeyManager client is needed to create a secret. If omitted, the
* `region` argument of the provider is used. Changing this creates a new
* V1 secret.
*/
region?: pulumi.Input<string>;
/**
* The secret reference / where to find the secret.
*/
secretRef?: pulumi.Input<string>;
/**
* Used to indicate the type of secret being stored. For more information see [Secret types](https://docs.openstack.org/barbican/latest/api/reference/secret_types.html).
*/
secretType?: pulumi.Input<string>;
/**
* The status of the secret.
*/
status?: pulumi.Input<string>;
/**
* The date the secret was last updated.
*/
updatedAt?: pulumi.Input<string>;
}
/**
* The set of arguments for constructing a SecretV1 resource.
*/
export interface SecretV1Args {
/**
* Allows to control an access to a secret. Currently only the
* `read` operation is supported. If not specified, the secret is accessible
* project wide.
*/
acl?: pulumi.Input<inputs.keymanager.SecretV1Acl>;
/**
* Metadata provided by a user or system for informational purposes.
*/
algorithm?: pulumi.Input<string>;
/**
* Metadata provided by a user or system for informational purposes.
*/
bitLength?: pulumi.Input<number>;
/**
* The expiration time of the secret in the RFC3339 timestamp format (e.g. `2019-03-09T12:58:49Z`). If omitted, a secret will never expire. Changing this creates a new secret.
*/
expiration?: pulumi.Input<string>;
/**
* Additional Metadata for the secret.
*/
metadata?: pulumi.Input<{
[key: string]: pulumi.Input<string>;
}>;
/**
* Metadata provided by a user or system for informational purposes.
*/
mode?: pulumi.Input<string>;
/**
* Human-readable name for the Secret. Does not have
* to be unique.
*/
name?: pulumi.Input<string>;
/**
* The secret's data to be stored. **payload\_content\_type** must also be supplied if **payload** is included.
*/
payload?: pulumi.Input<string>;
/**
* (required if **payload** is encoded) The encoding used for the payload to be able to include it in the JSON request. Must be either `base64` or `binary`.
*/
payloadContentEncoding?: pulumi.Input<string>;
/**
* (required if **payload** is included) The media type for the content of the payload. Must be one of `text/plain`, `text/plain;charset=utf-8`, `text/plain; charset=utf-8`, `application/octet-stream`, `application/pkcs8`.
*/
payloadContentType?: pulumi.Input<string>;
/**
* The region in which to obtain the V1 KeyManager client.
* A KeyManager client is needed to create a secret. If omitted, the
* `region` argument of the provider is used. Changing this creates a new
* V1 secret.
*/
region?: pulumi.Input<string>;
/**
* Used to indicate the type of secret being stored. For more information see [Secret types](https://docs.openstack.org/barbican/latest/api/reference/secret_types.html).
*/
secretType?: pulumi.Input<string>;
}