@pulumi/vault/gcp/secretBackend.js

A Pulumi package for creating and managing HashiCorp Vault cloud resources.

"use strict";
// *** WARNING: this file was generated by pulumi-language-nodejs. ***
// *** Do not edit by hand unless you're certain you know what you are doing! ***
Object.defineProperty(exports, "__esModule", { value: true });
exports.SecretBackend = void 0;
const pulumi = require("@pulumi/pulumi");
const utilities = require("../utilities");
/**
 * ## Example Usage
 *
 * You can setup the GCP secret backend with Workload Identity Federation (WIF) for a secret-less configuration:
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as vault from "@pulumi/vault";
 *
 * const gcp = new vault.gcp.SecretBackend("gcp", {
 *     identityTokenKey: "example-key",
 *     identityTokenTtl: 1800,
 *     identityTokenAudience: "<TOKEN_AUDIENCE>",
 *     serviceAccountEmail: "<SERVICE_ACCOUNT_EMAIL>",
 *     rotationSchedule: "0 * * * SAT",
 *     rotationWindow: 3600,
 * });
 * ```
 *
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as std from "@pulumi/std";
 * import * as vault from "@pulumi/vault";
 *
 * const gcp = new vault.gcp.SecretBackend("gcp", {
 *     credentials: std.file({
 *         input: "credentials.json",
 *     }).then(invoke => invoke.result),
 *     rotationSchedule: "0 * * * SAT",
 *     rotationWindow: 3600,
 * });
 * ```
 *
 * ## Ephemeral Attributes Reference
 *
 * The following write-only attributes are supported:
 *
 * * `credentialsWo` - (Optional) The GCP service account credentials in JSON format. Can be updated.
 *   **Note**: This property is write-only and will not be read from the API.
 */
class SecretBackend extends pulumi.CustomResource {
    /**
     * Get an existing SecretBackend resource's state with the given name, ID, and optional extra
     * properties used to qualify the lookup.
     *
     * @param name The _unique_ name of the resulting resource.
     * @param id The _unique_ provider ID of the resource to lookup.
     * @param state Any extra arguments used during the lookup.
     * @param opts Optional settings to control the behavior of the CustomResource.
     */
    static get(name, id, state, opts) {
        return new SecretBackend(name, state, { ...opts, id: id });
    }
    /**
     * Returns true if the given object is an instance of SecretBackend.  This is designed to work even
     * when multiple copies of the Pulumi SDK have been loaded into the same process.
     */
    static isInstance(obj) {
        if (obj === undefined || obj === null) {
            return false;
        }
        return obj['__pulumiType'] === SecretBackend.__pulumiType;
    }
    constructor(name, argsOrState, opts) {
        let resourceInputs = {};
        opts = opts || {};
        if (opts.id) {
            const state = argsOrState;
            resourceInputs["accessor"] = state?.accessor;
            resourceInputs["allowedManagedKeys"] = state?.allowedManagedKeys;
            resourceInputs["allowedResponseHeaders"] = state?.allowedResponseHeaders;
            resourceInputs["auditNonHmacRequestKeys"] = state?.auditNonHmacRequestKeys;
            resourceInputs["auditNonHmacResponseKeys"] = state?.auditNonHmacResponseKeys;
            resourceInputs["credentials"] = state?.credentials;
            resourceInputs["credentialsWoVersion"] = state?.credentialsWoVersion;
            resourceInputs["defaultLeaseTtlSeconds"] = state?.defaultLeaseTtlSeconds;
            resourceInputs["delegatedAuthAccessors"] = state?.delegatedAuthAccessors;
            resourceInputs["description"] = state?.description;
            resourceInputs["disableAutomatedRotation"] = state?.disableAutomatedRotation;
            resourceInputs["disableRemount"] = state?.disableRemount;
            resourceInputs["externalEntropyAccess"] = state?.externalEntropyAccess;
            resourceInputs["forceNoCache"] = state?.forceNoCache;
            resourceInputs["identityTokenAudience"] = state?.identityTokenAudience;
            resourceInputs["identityTokenKey"] = state?.identityTokenKey;
            resourceInputs["identityTokenTtl"] = state?.identityTokenTtl;
            resourceInputs["listingVisibility"] = state?.listingVisibility;
            resourceInputs["local"] = state?.local;
            resourceInputs["maxLeaseTtlSeconds"] = state?.maxLeaseTtlSeconds;
            resourceInputs["namespace"] = state?.namespace;
            resourceInputs["options"] = state?.options;
            resourceInputs["passthroughRequestHeaders"] = state?.passthroughRequestHeaders;
            resourceInputs["path"] = state?.path;
            resourceInputs["pluginVersion"] = state?.pluginVersion;
            resourceInputs["rotationPeriod"] = state?.rotationPeriod;
            resourceInputs["rotationSchedule"] = state?.rotationSchedule;
            resourceInputs["rotationWindow"] = state?.rotationWindow;
            resourceInputs["sealWrap"] = state?.sealWrap;
            resourceInputs["serviceAccountEmail"] = state?.serviceAccountEmail;
        }
        else {
            const args = argsOrState;
            resourceInputs["allowedManagedKeys"] = args?.allowedManagedKeys;
            resourceInputs["allowedResponseHeaders"] = args?.allowedResponseHeaders;
            resourceInputs["auditNonHmacRequestKeys"] = args?.auditNonHmacRequestKeys;
            resourceInputs["auditNonHmacResponseKeys"] = args?.auditNonHmacResponseKeys;
            resourceInputs["credentials"] = args?.credentials ? pulumi.secret(args.credentials) : undefined;
            resourceInputs["credentialsWoVersion"] = args?.credentialsWoVersion;
            resourceInputs["defaultLeaseTtlSeconds"] = args?.defaultLeaseTtlSeconds;
            resourceInputs["delegatedAuthAccessors"] = args?.delegatedAuthAccessors;
            resourceInputs["description"] = args?.description;
            resourceInputs["disableAutomatedRotation"] = args?.disableAutomatedRotation;
            resourceInputs["disableRemount"] = args?.disableRemount;
            resourceInputs["externalEntropyAccess"] = args?.externalEntropyAccess;
            resourceInputs["forceNoCache"] = args?.forceNoCache;
            resourceInputs["identityTokenAudience"] = args?.identityTokenAudience;
            resourceInputs["identityTokenKey"] = args?.identityTokenKey;
            resourceInputs["identityTokenTtl"] = args?.identityTokenTtl;
            resourceInputs["listingVisibility"] = args?.listingVisibility;
            resourceInputs["local"] = args?.local;
            resourceInputs["maxLeaseTtlSeconds"] = args?.maxLeaseTtlSeconds;
            resourceInputs["namespace"] = args?.namespace;
            resourceInputs["options"] = args?.options;
            resourceInputs["passthroughRequestHeaders"] = args?.passthroughRequestHeaders;
            resourceInputs["path"] = args?.path;
            resourceInputs["pluginVersion"] = args?.pluginVersion;
            resourceInputs["rotationPeriod"] = args?.rotationPeriod;
            resourceInputs["rotationSchedule"] = args?.rotationSchedule;
            resourceInputs["rotationWindow"] = args?.rotationWindow;
            resourceInputs["sealWrap"] = args?.sealWrap;
            resourceInputs["serviceAccountEmail"] = args?.serviceAccountEmail;
            resourceInputs["accessor"] = undefined /*out*/;
        }
        opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts);
        const secretOpts = { additionalSecretOutputs: ["credentials"] };
        opts = pulumi.mergeOptions(opts, secretOpts);
        super(SecretBackend.__pulumiType, name, resourceInputs, opts);
    }
}
exports.SecretBackend = SecretBackend;
/** @internal */
SecretBackend.__pulumiType = 'vault:gcp/secretBackend:SecretBackend';
//# sourceMappingURL=secretBackend.js.map