@pulumi/vault/gcp/secretRoleset.js

A Pulumi package for creating and managing HashiCorp Vault cloud resources.

"use strict";
// *** WARNING: this file was generated by pulumi-language-nodejs. ***
// *** Do not edit by hand unless you're certain you know what you are doing! ***
Object.defineProperty(exports, "__esModule", { value: true });
exports.SecretRoleset = void 0;
const pulumi = require("@pulumi/pulumi");
const utilities = require("../utilities");
/**
 * Creates a Roleset in the [GCP Secrets Engine](https://www.vaultproject.io/docs/secrets/gcp/index.html) for Vault.
 *
 * Each Roleset is [tied](https://www.vaultproject.io/docs/secrets/gcp/index.html#service-accounts-are-tied-to-rolesets) to a Service Account, and can have one or more [bindings](https://www.vaultproject.io/docs/secrets/gcp/index.html#roleset-bindings) associated with it.
 *
 * ## Example Usage
 *
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as std from "@pulumi/std";
 * import * as vault from "@pulumi/vault";
 *
 * const project = "my-awesome-project";
 * const gcp = new vault.gcp.SecretBackend("gcp", {
 *     path: "gcp",
 *     credentials: std.file({
 *         input: "credentials.json",
 *     }).then(invoke => invoke.result),
 * });
 * const roleset = new vault.gcp.SecretRoleset("roleset", {
 *     backend: gcp.path,
 *     roleset: "project_viewer",
 *     secretType: "access_token",
 *     project: project,
 *     tokenScopes: ["https://www.googleapis.com/auth/cloud-platform"],
 *     bindings: [{
 *         resource: `//cloudresourcemanager.googleapis.com/projects/${project}`,
 *         roles: ["roles/viewer"],
 *     }],
 * });
 * ```
 *
 * ## Import
 *
 * A roleset can be imported using its Vault Path. For example, referencing the example above,
 *
 * ```sh
 * $ pulumi import vault:gcp/secretRoleset:SecretRoleset roleset gcp/roleset/project_viewer
 * ```
 */
class SecretRoleset extends pulumi.CustomResource {
    /**
     * Get an existing SecretRoleset resource's state with the given name, ID, and optional extra
     * properties used to qualify the lookup.
     *
     * @param name The _unique_ name of the resulting resource.
     * @param id The _unique_ provider ID of the resource to lookup.
     * @param state Any extra arguments used during the lookup.
     * @param opts Optional settings to control the behavior of the CustomResource.
     */
    static get(name, id, state, opts) {
        return new SecretRoleset(name, state, { ...opts, id: id });
    }
    /**
     * Returns true if the given object is an instance of SecretRoleset.  This is designed to work even
     * when multiple copies of the Pulumi SDK have been loaded into the same process.
     */
    static isInstance(obj) {
        if (obj === undefined || obj === null) {
            return false;
        }
        return obj['__pulumiType'] === SecretRoleset.__pulumiType;
    }
    constructor(name, argsOrState, opts) {
        let resourceInputs = {};
        opts = opts || {};
        if (opts.id) {
            const state = argsOrState;
            resourceInputs["backend"] = state?.backend;
            resourceInputs["bindings"] = state?.bindings;
            resourceInputs["namespace"] = state?.namespace;
            resourceInputs["project"] = state?.project;
            resourceInputs["roleset"] = state?.roleset;
            resourceInputs["secretType"] = state?.secretType;
            resourceInputs["serviceAccountEmail"] = state?.serviceAccountEmail;
            resourceInputs["tokenScopes"] = state?.tokenScopes;
        }
        else {
            const args = argsOrState;
            if (args?.backend === undefined && !opts.urn) {
                throw new Error("Missing required property 'backend'");
            }
            if (args?.bindings === undefined && !opts.urn) {
                throw new Error("Missing required property 'bindings'");
            }
            if (args?.project === undefined && !opts.urn) {
                throw new Error("Missing required property 'project'");
            }
            if (args?.roleset === undefined && !opts.urn) {
                throw new Error("Missing required property 'roleset'");
            }
            resourceInputs["backend"] = args?.backend;
            resourceInputs["bindings"] = args?.bindings;
            resourceInputs["namespace"] = args?.namespace;
            resourceInputs["project"] = args?.project;
            resourceInputs["roleset"] = args?.roleset;
            resourceInputs["secretType"] = args?.secretType;
            resourceInputs["tokenScopes"] = args?.tokenScopes;
            resourceInputs["serviceAccountEmail"] = undefined /*out*/;
        }
        opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts);
        super(SecretRoleset.__pulumiType, name, resourceInputs, opts);
    }
}
exports.SecretRoleset = SecretRoleset;
/** @internal */
SecretRoleset.__pulumiType = 'vault:gcp/secretRoleset:SecretRoleset';
//# sourceMappingURL=secretRoleset.js.map