@pulumi/vault/jwt/authBackendRole.js

A Pulumi package for creating and managing HashiCorp Vault cloud resources.

"use strict";
// *** WARNING: this file was generated by pulumi-language-nodejs. ***
// *** Do not edit by hand unless you're certain you know what you are doing! ***
Object.defineProperty(exports, "__esModule", { value: true });
exports.AuthBackendRole = void 0;
const pulumi = require("@pulumi/pulumi");
const utilities = require("../utilities");
/**
 * Manages an JWT/OIDC auth backend role in a Vault server. See the [Vault
 * documentation](https://www.vaultproject.io/docs/auth/jwt.html) for more
 * information.
 *
 * ## Example Usage
 *
 * Role for JWT backend:
 *
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as vault from "@pulumi/vault";
 *
 * const jwt = new vault.jwt.AuthBackend("jwt", {path: "jwt"});
 * const example = new vault.jwt.AuthBackendRole("example", {
 *     backend: jwt.path,
 *     roleName: "test-role",
 *     tokenPolicies: [
 *         "default",
 *         "dev",
 *         "prod",
 *     ],
 *     boundAudiences: ["https://myco.test"],
 *     boundClaims: {
 *         color: "red,green,blue",
 *     },
 *     userClaim: "https://vault/user",
 *     roleType: "jwt",
 * });
 * ```
 *
 * Role for OIDC backend:
 *
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as vault from "@pulumi/vault";
 *
 * const oidc = new vault.jwt.AuthBackend("oidc", {
 *     path: "oidc",
 *     defaultRole: "test-role",
 * });
 * const example = new vault.jwt.AuthBackendRole("example", {
 *     backend: oidc.path,
 *     roleName: "test-role",
 *     tokenPolicies: [
 *         "default",
 *         "dev",
 *         "prod",
 *     ],
 *     userClaim: "https://vault/user",
 *     roleType: "oidc",
 *     allowedRedirectUris: ["http://localhost:8200/ui/vault/auth/oidc/oidc/callback"],
 * });
 * ```
 *
 * ## Import
 *
 * JWT authentication backend roles can be imported using the `path`, e.g.
 *
 * ```sh
 * $ pulumi import vault:jwt/authBackendRole:AuthBackendRole example auth/jwt/role/test-role
 * ```
 */
class AuthBackendRole extends pulumi.CustomResource {
    /**
     * Get an existing AuthBackendRole resource's state with the given name, ID, and optional extra
     * properties used to qualify the lookup.
     *
     * @param name The _unique_ name of the resulting resource.
     * @param id The _unique_ provider ID of the resource to lookup.
     * @param state Any extra arguments used during the lookup.
     * @param opts Optional settings to control the behavior of the CustomResource.
     */
    static get(name, id, state, opts) {
        return new AuthBackendRole(name, state, { ...opts, id: id });
    }
    /**
     * Returns true if the given object is an instance of AuthBackendRole.  This is designed to work even
     * when multiple copies of the Pulumi SDK have been loaded into the same process.
     */
    static isInstance(obj) {
        if (obj === undefined || obj === null) {
            return false;
        }
        return obj['__pulumiType'] === AuthBackendRole.__pulumiType;
    }
    constructor(name, argsOrState, opts) {
        let resourceInputs = {};
        opts = opts || {};
        if (opts.id) {
            const state = argsOrState;
            resourceInputs["allowedRedirectUris"] = state?.allowedRedirectUris;
            resourceInputs["backend"] = state?.backend;
            resourceInputs["boundAudiences"] = state?.boundAudiences;
            resourceInputs["boundClaims"] = state?.boundClaims;
            resourceInputs["boundClaimsType"] = state?.boundClaimsType;
            resourceInputs["boundSubject"] = state?.boundSubject;
            resourceInputs["claimMappings"] = state?.claimMappings;
            resourceInputs["clockSkewLeeway"] = state?.clockSkewLeeway;
            resourceInputs["disableBoundClaimsParsing"] = state?.disableBoundClaimsParsing;
            resourceInputs["expirationLeeway"] = state?.expirationLeeway;
            resourceInputs["groupsClaim"] = state?.groupsClaim;
            resourceInputs["maxAge"] = state?.maxAge;
            resourceInputs["namespace"] = state?.namespace;
            resourceInputs["notBeforeLeeway"] = state?.notBeforeLeeway;
            resourceInputs["oidcScopes"] = state?.oidcScopes;
            resourceInputs["roleName"] = state?.roleName;
            resourceInputs["roleType"] = state?.roleType;
            resourceInputs["tokenBoundCidrs"] = state?.tokenBoundCidrs;
            resourceInputs["tokenExplicitMaxTtl"] = state?.tokenExplicitMaxTtl;
            resourceInputs["tokenMaxTtl"] = state?.tokenMaxTtl;
            resourceInputs["tokenNoDefaultPolicy"] = state?.tokenNoDefaultPolicy;
            resourceInputs["tokenNumUses"] = state?.tokenNumUses;
            resourceInputs["tokenPeriod"] = state?.tokenPeriod;
            resourceInputs["tokenPolicies"] = state?.tokenPolicies;
            resourceInputs["tokenTtl"] = state?.tokenTtl;
            resourceInputs["tokenType"] = state?.tokenType;
            resourceInputs["userClaim"] = state?.userClaim;
            resourceInputs["userClaimJsonPointer"] = state?.userClaimJsonPointer;
            resourceInputs["verboseOidcLogging"] = state?.verboseOidcLogging;
        }
        else {
            const args = argsOrState;
            if (args?.roleName === undefined && !opts.urn) {
                throw new Error("Missing required property 'roleName'");
            }
            if (args?.userClaim === undefined && !opts.urn) {
                throw new Error("Missing required property 'userClaim'");
            }
            resourceInputs["allowedRedirectUris"] = args?.allowedRedirectUris;
            resourceInputs["backend"] = args?.backend;
            resourceInputs["boundAudiences"] = args?.boundAudiences;
            resourceInputs["boundClaims"] = args?.boundClaims;
            resourceInputs["boundClaimsType"] = args?.boundClaimsType;
            resourceInputs["boundSubject"] = args?.boundSubject;
            resourceInputs["claimMappings"] = args?.claimMappings;
            resourceInputs["clockSkewLeeway"] = args?.clockSkewLeeway;
            resourceInputs["disableBoundClaimsParsing"] = args?.disableBoundClaimsParsing;
            resourceInputs["expirationLeeway"] = args?.expirationLeeway;
            resourceInputs["groupsClaim"] = args?.groupsClaim;
            resourceInputs["maxAge"] = args?.maxAge;
            resourceInputs["namespace"] = args?.namespace;
            resourceInputs["notBeforeLeeway"] = args?.notBeforeLeeway;
            resourceInputs["oidcScopes"] = args?.oidcScopes;
            resourceInputs["roleName"] = args?.roleName;
            resourceInputs["roleType"] = args?.roleType;
            resourceInputs["tokenBoundCidrs"] = args?.tokenBoundCidrs;
            resourceInputs["tokenExplicitMaxTtl"] = args?.tokenExplicitMaxTtl;
            resourceInputs["tokenMaxTtl"] = args?.tokenMaxTtl;
            resourceInputs["tokenNoDefaultPolicy"] = args?.tokenNoDefaultPolicy;
            resourceInputs["tokenNumUses"] = args?.tokenNumUses;
            resourceInputs["tokenPeriod"] = args?.tokenPeriod;
            resourceInputs["tokenPolicies"] = args?.tokenPolicies;
            resourceInputs["tokenTtl"] = args?.tokenTtl;
            resourceInputs["tokenType"] = args?.tokenType;
            resourceInputs["userClaim"] = args?.userClaim;
            resourceInputs["userClaimJsonPointer"] = args?.userClaimJsonPointer;
            resourceInputs["verboseOidcLogging"] = args?.verboseOidcLogging;
        }
        opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts);
        super(AuthBackendRole.__pulumiType, name, resourceInputs, opts);
    }
}
exports.AuthBackendRole = AuthBackendRole;
/** @internal */
AuthBackendRole.__pulumiType = 'vault:jwt/authBackendRole:AuthBackendRole';
//# sourceMappingURL=authBackendRole.js.map