akeyless 1.9.0, Apr 14 25

akeyless 1.9.0 published on Monday, Apr 14, 2025 by akeyless-community

akeyless-community/terraform-provider-akeyless

akeyless.AuthMethodK8s

Explore with Pulumi AI

akeyless 1.9.0 published on Monday, Apr 14, 2025 by akeyless-community

akeyless-community/terraform-provider-akeyless

Create AuthMethodK8s Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new AuthMethodK8s(name: string, args?: AuthMethodK8sArgs, opts?: CustomResourceOptions);

@overload
def AuthMethodK8s(resource_name: str,
                  args: Optional[AuthMethodK8sArgs] = None,
                  opts: Optional[ResourceOptions] = None)

@overload
def AuthMethodK8s(resource_name: str,
                  opts: Optional[ResourceOptions] = None,
                  access_expires: Optional[float] = None,
                  audience: Optional[str] = None,
                  audit_logs_claims: Optional[Sequence[str]] = None,
                  auth_method_k8s_id: Optional[str] = None,
                  bound_ips: Optional[Sequence[str]] = None,
                  bound_namespaces: Optional[Sequence[str]] = None,
                  bound_pod_names: Optional[Sequence[str]] = None,
                  bound_sa_names: Optional[Sequence[str]] = None,
                  delete_protection: Optional[str] = None,
                  force_sub_claims: Optional[bool] = None,
                  gen_key: Optional[str] = None,
                  jwt_ttl: Optional[float] = None,
                  name: Optional[str] = None,
                  public_key: Optional[str] = None)

func NewAuthMethodK8s(ctx *Context, name string, args *AuthMethodK8sArgs, opts ...ResourceOption) (*AuthMethodK8s, error)

public AuthMethodK8s(string name, AuthMethodK8sArgs? args = null, CustomResourceOptions? opts = null)

public AuthMethodK8s(String name, AuthMethodK8sArgs args)
public AuthMethodK8s(String name, AuthMethodK8sArgs args, CustomResourceOptions options)

type: akeyless:AuthMethodK8s
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args AuthMethodK8sArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args AuthMethodK8sArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args AuthMethodK8sArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args AuthMethodK8sArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args AuthMethodK8sArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var authMethodK8sResource = new Akeyless.AuthMethodK8s("authMethodK8sResource", new()
{
    AccessExpires = 0,
    Audience = "string",
    AuditLogsClaims = new[]
    {
        "string",
    },
    AuthMethodK8sId = "string",
    BoundIps = new[]
    {
        "string",
    },
    BoundNamespaces = new[]
    {
        "string",
    },
    BoundPodNames = new[]
    {
        "string",
    },
    BoundSaNames = new[]
    {
        "string",
    },
    DeleteProtection = "string",
    ForceSubClaims = false,
    GenKey = "string",
    JwtTtl = 0,
    Name = "string",
    PublicKey = "string",
});

example, err := akeyless.NewAuthMethodK8s(ctx, "authMethodK8sResource", &akeyless.AuthMethodK8sArgs{
	AccessExpires: pulumi.Float64(0),
	Audience:      pulumi.String("string"),
	AuditLogsClaims: pulumi.StringArray{
		pulumi.String("string"),
	},
	AuthMethodK8sId: pulumi.String("string"),
	BoundIps: pulumi.StringArray{
		pulumi.String("string"),
	},
	BoundNamespaces: pulumi.StringArray{
		pulumi.String("string"),
	},
	BoundPodNames: pulumi.StringArray{
		pulumi.String("string"),
	},
	BoundSaNames: pulumi.StringArray{
		pulumi.String("string"),
	},
	DeleteProtection: pulumi.String("string"),
	ForceSubClaims:   pulumi.Bool(false),
	GenKey:           pulumi.String("string"),
	JwtTtl:           pulumi.Float64(0),
	Name:             pulumi.String("string"),
	PublicKey:        pulumi.String("string"),
})

var authMethodK8sResource = new AuthMethodK8s("authMethodK8sResource", AuthMethodK8sArgs.builder()
    .accessExpires(0)
    .audience("string")
    .auditLogsClaims("string")
    .authMethodK8sId("string")
    .boundIps("string")
    .boundNamespaces("string")
    .boundPodNames("string")
    .boundSaNames("string")
    .deleteProtection("string")
    .forceSubClaims(false)
    .genKey("string")
    .jwtTtl(0)
    .name("string")
    .publicKey("string")
    .build());

auth_method_k8s_resource = akeyless.AuthMethodK8s("authMethodK8sResource",
    access_expires=0,
    audience="string",
    audit_logs_claims=["string"],
    auth_method_k8s_id="string",
    bound_ips=["string"],
    bound_namespaces=["string"],
    bound_pod_names=["string"],
    bound_sa_names=["string"],
    delete_protection="string",
    force_sub_claims=False,
    gen_key="string",
    jwt_ttl=0,
    name="string",
    public_key="string")

const authMethodK8sResource = new akeyless.AuthMethodK8s("authMethodK8sResource", {
    accessExpires: 0,
    audience: "string",
    auditLogsClaims: ["string"],
    authMethodK8sId: "string",
    boundIps: ["string"],
    boundNamespaces: ["string"],
    boundPodNames: ["string"],
    boundSaNames: ["string"],
    deleteProtection: "string",
    forceSubClaims: false,
    genKey: "string",
    jwtTtl: 0,
    name: "string",
    publicKey: "string",
});

type: akeyless:AuthMethodK8s
properties:
    accessExpires: 0
    audience: string
    auditLogsClaims:
        - string
    authMethodK8sId: string
    boundIps:
        - string
    boundNamespaces:
        - string
    boundPodNames:
        - string
    boundSaNames:
        - string
    deleteProtection: string
    forceSubClaims: false
    genKey: string
    jwtTtl: 0
    name: string
    publicKey: string

AuthMethodK8s Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The AuthMethodK8s resource accepts the following input properties:

AccessExpires double: Access expiration date in Unix timestamp (select 0 for access without expiry date)
Audience string: The audience in the Kubernetes JWT that the access is restricted to
AuditLogsClaims List<string>: Subclaims to include in audit logs
AuthMethodK8sId string: The ID of this resource.
BoundIps List<string>: A CIDR whitelist with the IPs that the access is restricted to
BoundNamespaces List<string>: A list of namespaces that the access is restricted to
BoundPodNames List<string>: A list of pod names that the access is restricted to
BoundSaNames List<string>: A list of service account names that the access is restricted to
DeleteProtection string: Protection from accidental deletion of this auth method, [true/false]
ForceSubClaims bool: enforce role-association must include sub claims
GenKey string: If this flag is set to true, there is no need to manually provide a public key for the Kubernetes Auth Method, and instead, a key pair, will be generated as part of the command and the private part of the key will be returned (the private key is required for the K8S Auth Config in the Akeyless Gateway)
JwtTtl double: Creds expiration time in minutes
Name string: Auth Method name
PublicKey string: The generated public key

AccessExpires float64: Access expiration date in Unix timestamp (select 0 for access without expiry date)
Audience string: The audience in the Kubernetes JWT that the access is restricted to
AuditLogsClaims []string: Subclaims to include in audit logs
AuthMethodK8sId string: The ID of this resource.
BoundIps []string: A CIDR whitelist with the IPs that the access is restricted to
BoundNamespaces []string: A list of namespaces that the access is restricted to
BoundPodNames []string: A list of pod names that the access is restricted to
BoundSaNames []string: A list of service account names that the access is restricted to
DeleteProtection string: Protection from accidental deletion of this auth method, [true/false]
ForceSubClaims bool: enforce role-association must include sub claims
GenKey string: If this flag is set to true, there is no need to manually provide a public key for the Kubernetes Auth Method, and instead, a key pair, will be generated as part of the command and the private part of the key will be returned (the private key is required for the K8S Auth Config in the Akeyless Gateway)
JwtTtl float64: Creds expiration time in minutes
Name string: Auth Method name
PublicKey string: The generated public key

accessExpires Double: Access expiration date in Unix timestamp (select 0 for access without expiry date)
audience String: The audience in the Kubernetes JWT that the access is restricted to
auditLogsClaims List<String>: Subclaims to include in audit logs
authMethodK8sId String: The ID of this resource.
boundIps List<String>: A CIDR whitelist with the IPs that the access is restricted to
boundNamespaces List<String>: A list of namespaces that the access is restricted to
boundPodNames List<String>: A list of pod names that the access is restricted to
boundSaNames List<String>: A list of service account names that the access is restricted to
deleteProtection String: Protection from accidental deletion of this auth method, [true/false]
forceSubClaims Boolean: enforce role-association must include sub claims
genKey String: If this flag is set to true, there is no need to manually provide a public key for the Kubernetes Auth Method, and instead, a key pair, will be generated as part of the command and the private part of the key will be returned (the private key is required for the K8S Auth Config in the Akeyless Gateway)
jwtTtl Double: Creds expiration time in minutes
name String: Auth Method name
publicKey String: The generated public key

accessExpires number: Access expiration date in Unix timestamp (select 0 for access without expiry date)
audience string: The audience in the Kubernetes JWT that the access is restricted to
auditLogsClaims string[]: Subclaims to include in audit logs
authMethodK8sId string: The ID of this resource.
boundIps string[]: A CIDR whitelist with the IPs that the access is restricted to
boundNamespaces string[]: A list of namespaces that the access is restricted to
boundPodNames string[]: A list of pod names that the access is restricted to
boundSaNames string[]: A list of service account names that the access is restricted to
deleteProtection string: Protection from accidental deletion of this auth method, [true/false]
forceSubClaims boolean: enforce role-association must include sub claims
genKey string: If this flag is set to true, there is no need to manually provide a public key for the Kubernetes Auth Method, and instead, a key pair, will be generated as part of the command and the private part of the key will be returned (the private key is required for the K8S Auth Config in the Akeyless Gateway)
jwtTtl number: Creds expiration time in minutes
name string: Auth Method name
publicKey string: The generated public key

access_expires float: Access expiration date in Unix timestamp (select 0 for access without expiry date)
audience str: The audience in the Kubernetes JWT that the access is restricted to
audit_logs_claims Sequence[str]: Subclaims to include in audit logs
auth_method_k8s_id str: The ID of this resource.
bound_ips Sequence[str]: A CIDR whitelist with the IPs that the access is restricted to
bound_namespaces Sequence[str]: A list of namespaces that the access is restricted to
bound_pod_names Sequence[str]: A list of pod names that the access is restricted to
bound_sa_names Sequence[str]: A list of service account names that the access is restricted to
delete_protection str: Protection from accidental deletion of this auth method, [true/false]
force_sub_claims bool: enforce role-association must include sub claims
gen_key str: If this flag is set to true, there is no need to manually provide a public key for the Kubernetes Auth Method, and instead, a key pair, will be generated as part of the command and the private part of the key will be returned (the private key is required for the K8S Auth Config in the Akeyless Gateway)
jwt_ttl float: Creds expiration time in minutes
name str: Auth Method name
public_key str: The generated public key

accessExpires Number: Access expiration date in Unix timestamp (select 0 for access without expiry date)
audience String: The audience in the Kubernetes JWT that the access is restricted to
auditLogsClaims List<String>: Subclaims to include in audit logs
authMethodK8sId String: The ID of this resource.
boundIps List<String>: A CIDR whitelist with the IPs that the access is restricted to
boundNamespaces List<String>: A list of namespaces that the access is restricted to
boundPodNames List<String>: A list of pod names that the access is restricted to
boundSaNames List<String>: A list of service account names that the access is restricted to
deleteProtection String: Protection from accidental deletion of this auth method, [true/false]
forceSubClaims Boolean: enforce role-association must include sub claims
genKey String: If this flag is set to true, there is no need to manually provide a public key for the Kubernetes Auth Method, and instead, a key pair, will be generated as part of the command and the private part of the key will be returned (the private key is required for the K8S Auth Config in the Akeyless Gateway)
jwtTtl Number: Creds expiration time in minutes
name String: Auth Method name
publicKey String: The generated public key

Outputs

All input properties are implicitly available as output properties. Additionally, the AuthMethodK8s resource produces the following output properties:

AccessId string: Auth Method access ID
Id string: The provider-assigned unique ID for this managed resource.
PrivateKey string: The generated private key

AccessId string: Auth Method access ID
Id string: The provider-assigned unique ID for this managed resource.
PrivateKey string: The generated private key

accessId String: Auth Method access ID
id String: The provider-assigned unique ID for this managed resource.
privateKey String: The generated private key

accessId string: Auth Method access ID
id string: The provider-assigned unique ID for this managed resource.
privateKey string: The generated private key

access_id str: Auth Method access ID
id str: The provider-assigned unique ID for this managed resource.
private_key str: The generated private key

accessId String: Auth Method access ID
id String: The provider-assigned unique ID for this managed resource.
privateKey String: The generated private key

Look up Existing AuthMethodK8s Resource

Get an existing AuthMethodK8s resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: AuthMethodK8sState, opts?: CustomResourceOptions): AuthMethodK8s

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        access_expires: Optional[float] = None,
        access_id: Optional[str] = None,
        audience: Optional[str] = None,
        audit_logs_claims: Optional[Sequence[str]] = None,
        auth_method_k8s_id: Optional[str] = None,
        bound_ips: Optional[Sequence[str]] = None,
        bound_namespaces: Optional[Sequence[str]] = None,
        bound_pod_names: Optional[Sequence[str]] = None,
        bound_sa_names: Optional[Sequence[str]] = None,
        delete_protection: Optional[str] = None,
        force_sub_claims: Optional[bool] = None,
        gen_key: Optional[str] = None,
        jwt_ttl: Optional[float] = None,
        name: Optional[str] = None,
        private_key: Optional[str] = None,
        public_key: Optional[str] = None) -> AuthMethodK8s

func GetAuthMethodK8s(ctx *Context, name string, id IDInput, state *AuthMethodK8sState, opts ...ResourceOption) (*AuthMethodK8s, error)

public static AuthMethodK8s Get(string name, Input<string> id, AuthMethodK8sState? state, CustomResourceOptions? opts = null)

public static AuthMethodK8s get(String name, Output<String> id, AuthMethodK8sState state, CustomResourceOptions options)

resources:  _:    type: akeyless:AuthMethodK8s    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AccessExpires double: Access expiration date in Unix timestamp (select 0 for access without expiry date)
AccessId string: Auth Method access ID
Audience string: The audience in the Kubernetes JWT that the access is restricted to
AuditLogsClaims List<string>: Subclaims to include in audit logs
AuthMethodK8sId string: The ID of this resource.
BoundIps List<string>: A CIDR whitelist with the IPs that the access is restricted to
BoundNamespaces List<string>: A list of namespaces that the access is restricted to
BoundPodNames List<string>: A list of pod names that the access is restricted to
BoundSaNames List<string>: A list of service account names that the access is restricted to
DeleteProtection string: Protection from accidental deletion of this auth method, [true/false]
ForceSubClaims bool: enforce role-association must include sub claims
GenKey string: If this flag is set to true, there is no need to manually provide a public key for the Kubernetes Auth Method, and instead, a key pair, will be generated as part of the command and the private part of the key will be returned (the private key is required for the K8S Auth Config in the Akeyless Gateway)
JwtTtl double: Creds expiration time in minutes
Name string: Auth Method name
PrivateKey string: The generated private key
PublicKey string: The generated public key

AccessExpires float64: Access expiration date in Unix timestamp (select 0 for access without expiry date)
AccessId string: Auth Method access ID
Audience string: The audience in the Kubernetes JWT that the access is restricted to
AuditLogsClaims []string: Subclaims to include in audit logs
AuthMethodK8sId string: The ID of this resource.
BoundIps []string: A CIDR whitelist with the IPs that the access is restricted to
BoundNamespaces []string: A list of namespaces that the access is restricted to
BoundPodNames []string: A list of pod names that the access is restricted to
BoundSaNames []string: A list of service account names that the access is restricted to
DeleteProtection string: Protection from accidental deletion of this auth method, [true/false]
ForceSubClaims bool: enforce role-association must include sub claims
GenKey string: If this flag is set to true, there is no need to manually provide a public key for the Kubernetes Auth Method, and instead, a key pair, will be generated as part of the command and the private part of the key will be returned (the private key is required for the K8S Auth Config in the Akeyless Gateway)
JwtTtl float64: Creds expiration time in minutes
Name string: Auth Method name
PrivateKey string: The generated private key
PublicKey string: The generated public key

accessExpires Double: Access expiration date in Unix timestamp (select 0 for access without expiry date)
accessId String: Auth Method access ID
audience String: The audience in the Kubernetes JWT that the access is restricted to
auditLogsClaims List<String>: Subclaims to include in audit logs
authMethodK8sId String: The ID of this resource.
boundIps List<String>: A CIDR whitelist with the IPs that the access is restricted to
boundNamespaces List<String>: A list of namespaces that the access is restricted to
boundPodNames List<String>: A list of pod names that the access is restricted to
boundSaNames List<String>: A list of service account names that the access is restricted to
deleteProtection String: Protection from accidental deletion of this auth method, [true/false]
forceSubClaims Boolean: enforce role-association must include sub claims
genKey String: If this flag is set to true, there is no need to manually provide a public key for the Kubernetes Auth Method, and instead, a key pair, will be generated as part of the command and the private part of the key will be returned (the private key is required for the K8S Auth Config in the Akeyless Gateway)
jwtTtl Double: Creds expiration time in minutes
name String: Auth Method name
privateKey String: The generated private key
publicKey String: The generated public key

accessExpires number: Access expiration date in Unix timestamp (select 0 for access without expiry date)
accessId string: Auth Method access ID
audience string: The audience in the Kubernetes JWT that the access is restricted to
auditLogsClaims string[]: Subclaims to include in audit logs
authMethodK8sId string: The ID of this resource.
boundIps string[]: A CIDR whitelist with the IPs that the access is restricted to
boundNamespaces string[]: A list of namespaces that the access is restricted to
boundPodNames string[]: A list of pod names that the access is restricted to
boundSaNames string[]: A list of service account names that the access is restricted to
deleteProtection string: Protection from accidental deletion of this auth method, [true/false]
forceSubClaims boolean: enforce role-association must include sub claims
genKey string: If this flag is set to true, there is no need to manually provide a public key for the Kubernetes Auth Method, and instead, a key pair, will be generated as part of the command and the private part of the key will be returned (the private key is required for the K8S Auth Config in the Akeyless Gateway)
jwtTtl number: Creds expiration time in minutes
name string: Auth Method name
privateKey string: The generated private key
publicKey string: The generated public key

access_expires float: Access expiration date in Unix timestamp (select 0 for access without expiry date)
access_id str: Auth Method access ID
audience str: The audience in the Kubernetes JWT that the access is restricted to
audit_logs_claims Sequence[str]: Subclaims to include in audit logs
auth_method_k8s_id str: The ID of this resource.
bound_ips Sequence[str]: A CIDR whitelist with the IPs that the access is restricted to
bound_namespaces Sequence[str]: A list of namespaces that the access is restricted to
bound_pod_names Sequence[str]: A list of pod names that the access is restricted to
bound_sa_names Sequence[str]: A list of service account names that the access is restricted to
delete_protection str: Protection from accidental deletion of this auth method, [true/false]
force_sub_claims bool: enforce role-association must include sub claims
gen_key str: If this flag is set to true, there is no need to manually provide a public key for the Kubernetes Auth Method, and instead, a key pair, will be generated as part of the command and the private part of the key will be returned (the private key is required for the K8S Auth Config in the Akeyless Gateway)
jwt_ttl float: Creds expiration time in minutes
name str: Auth Method name
private_key str: The generated private key
public_key str: The generated public key

accessExpires Number: Access expiration date in Unix timestamp (select 0 for access without expiry date)
accessId String: Auth Method access ID
audience String: The audience in the Kubernetes JWT that the access is restricted to
auditLogsClaims List<String>: Subclaims to include in audit logs
authMethodK8sId String: The ID of this resource.
boundIps List<String>: A CIDR whitelist with the IPs that the access is restricted to
boundNamespaces List<String>: A list of namespaces that the access is restricted to
boundPodNames List<String>: A list of pod names that the access is restricted to
boundSaNames List<String>: A list of service account names that the access is restricted to
deleteProtection String: Protection from accidental deletion of this auth method, [true/false]
forceSubClaims Boolean: enforce role-association must include sub claims
genKey String: If this flag is set to true, there is no need to manually provide a public key for the Kubernetes Auth Method, and instead, a key pair, will be generated as part of the command and the private part of the key will be returned (the private key is required for the K8S Auth Config in the Akeyless Gateway)
jwtTtl Number: Creds expiration time in minutes
name String: Auth Method name
privateKey String: The generated private key
publicKey String: The generated public key

Package Details

Repository: akeyless akeyless-community/terraform-provider-akeyless
License
Notes: This Pulumi package is based on the akeyless Terraform Provider.

akeyless 1.9.0 published on Monday, Apr 14, 2025 by akeyless-community

akeyless-community/terraform-provider-akeyless

akeyless.AuthMethodK8s

On this page

On this page

Create AuthMethodK8s Resource

Constructor syntax

Parameters

Constructor example

AuthMethodK8s Resource Properties

Inputs

Outputs

Look up Existing AuthMethodK8s Resource

Package Details

On this page

On this page