@pulumi/vault
Version:
A Pulumi package for creating and managing HashiCorp Vault cloud resources.
118 lines • 4.23 kB
JavaScript
;
// *** WARNING: this file was generated by pulumi-language-nodejs. ***
// *** Do not edit by hand unless you're certain you know what you are doing! ***
Object.defineProperty(exports, "__esModule", { value: true });
exports.OidcRole = void 0;
const pulumi = require("@pulumi/pulumi");
const utilities = require("../utilities");
/**
* ## Example Usage
*
* You need to create a role with a named key.
* At creation time, the key can be created independently of the role. However, the key must
* exist before the role can be used to issue tokens. You must also configure the key with the
* role's Client ID to allow the role to use the key.
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as vault from "@pulumi/vault";
*
* const config = new pulumi.Config();
* // Name of the OIDC Key
* const key = config.get("key") || "key";
* const role = new vault.identity.OidcRole("role", {
* name: "role",
* key: key,
* });
* const keyOidcKey = new vault.identity.OidcKey("key", {
* name: key,
* algorithm: "RS256",
* allowedClientIds: [role.clientId],
* });
* ```
*
* If you want to create the key first before creating the role, you can use a separate
* resource to configure the allowed Client ID on
* the key.
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as vault from "@pulumi/vault";
*
* const key = new vault.identity.OidcKey("key", {
* name: "key",
* algorithm: "RS256",
* });
* const role = new vault.identity.OidcRole("role", {
* name: "role",
* key: key.name,
* });
* const roleOidcKeyAllowedClientID = new vault.identity.OidcKeyAllowedClientID("role", {
* keyName: key.name,
* allowedClientId: role.clientId,
* });
* ```
*
* ## Import
*
* The key can be imported with the role name, for example:
*
* ```sh
* $ pulumi import vault:identity/oidcRole:OidcRole role role
* ```
*/
class OidcRole extends pulumi.CustomResource {
/**
* Get an existing OidcRole resource's state with the given name, ID, and optional extra
* properties used to qualify the lookup.
*
* @param name The _unique_ name of the resulting resource.
* @param id The _unique_ provider ID of the resource to lookup.
* @param state Any extra arguments used during the lookup.
* @param opts Optional settings to control the behavior of the CustomResource.
*/
static get(name, id, state, opts) {
return new OidcRole(name, state, { ...opts, id: id });
}
/**
* Returns true if the given object is an instance of OidcRole. This is designed to work even
* when multiple copies of the Pulumi SDK have been loaded into the same process.
*/
static isInstance(obj) {
if (obj === undefined || obj === null) {
return false;
}
return obj['__pulumiType'] === OidcRole.__pulumiType;
}
constructor(name, argsOrState, opts) {
let resourceInputs = {};
opts = opts || {};
if (opts.id) {
const state = argsOrState;
resourceInputs["clientId"] = state?.clientId;
resourceInputs["key"] = state?.key;
resourceInputs["name"] = state?.name;
resourceInputs["namespace"] = state?.namespace;
resourceInputs["template"] = state?.template;
resourceInputs["ttl"] = state?.ttl;
}
else {
const args = argsOrState;
if (args?.key === undefined && !opts.urn) {
throw new Error("Missing required property 'key'");
}
resourceInputs["clientId"] = args?.clientId;
resourceInputs["key"] = args?.key;
resourceInputs["name"] = args?.name;
resourceInputs["namespace"] = args?.namespace;
resourceInputs["template"] = args?.template;
resourceInputs["ttl"] = args?.ttl;
}
opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts);
super(OidcRole.__pulumiType, name, resourceInputs, opts);
}
}
exports.OidcRole = OidcRole;
/** @internal */
OidcRole.__pulumiType = 'vault:identity/oidcRole:OidcRole';
//# sourceMappingURL=oidcRole.js.map