consul.AclAuthMethod

Starting with Consul 1.5.0, the consul.AclAuthMethod resource can be used to managed Consul ACL auth methods.

Example Usage

Define a

using System.Collections.Generic;
using System.Text.Json;
using Pulumi;
using Consul = Pulumi.Consul;

class MyStack : Stack
{
    public MyStack()
    {
        var minikube = new Consul.AclAuthMethod("minikube", new Consul.AclAuthMethodArgs
        {
            Type = "kubernetes",
            Description = "dev minikube cluster",
            ConfigJson = JsonSerializer.Serialize(new Dictionary<string, object?>
            {
                { "Host", "https://192.0.2.42:8443" },
                { "CACert", @"-----BEGIN CERTIFICATE-----
...-----END CERTIFICATE-----
" },
                { "ServiceAccountJWT", "eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9..." },
            }),
        });
    }

}
package main

import (
	"encoding/json"

	"github.com/pulumi/pulumi-consul/sdk/v3/go/consul"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		tmpJSON0, err := json.Marshal(map[string]interface{}{
			"Host":              "https://192.0.2.42:8443",
			"CACert":            "-----BEGIN CERTIFICATE-----\n...-----END CERTIFICATE-----\n",
			"ServiceAccountJWT": "eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9...",
		})
		if err != nil {
			return err
		}
		json0 := string(tmpJSON0)
		_, err := consul.NewAclAuthMethod(ctx, "minikube", &consul.AclAuthMethodArgs{
			Type:        pulumi.String("kubernetes"),
			Description: pulumi.String("dev minikube cluster"),
			ConfigJson:  pulumi.String(json0),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

Coming soon!

import pulumi
import json
import pulumi_consul as consul

minikube = consul.AclAuthMethod("minikube",
    type="kubernetes",
    description="dev minikube cluster",
    config_json=json.dumps({
        "Host": "https://192.0.2.42:8443",
        "CACert": """-----BEGIN CERTIFICATE-----
...-----END CERTIFICATE-----
""",
        "ServiceAccountJWT": "eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9...",
    }))
import * as pulumi from "@pulumi/pulumi";
import * as consul from "@pulumi/consul";

const minikube = new consul.AclAuthMethod("minikube", {
    type: "kubernetes",
    description: "dev minikube cluster",
    configJson: JSON.stringify({
        Host: "https://192.0.2.42:8443",
        CACert: `-----BEGIN CERTIFICATE-----
...-----END CERTIFICATE-----
`,
        ServiceAccountJWT: "eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9...",
    }),
});

Coming soon!

auth method

using System.Collections.Generic;
using System.Text.Json;
using Pulumi;
using Consul = Pulumi.Consul;

class MyStack : Stack
{
    public MyStack()
    {
        var minikube = new Consul.AclAuthMethod("minikube", new Consul.AclAuthMethodArgs
        {
            Type = "jwt",
            ConfigJson = JsonSerializer.Serialize(new Dictionary<string, object?>
            {
                { "JWKSURL", "https://example.com/identity/oidc/.well-known/keys" },
                { "JWTSupportedAlgs", "RS256" },
                { "BoundIssuer", "https://example.com" },
                { "ClaimMappings", new Dictionary<string, object?>
                {
                    { "subject", "subject" },
                } },
            }),
        });
    }

}
package main

import (
	"encoding/json"

	"github.com/pulumi/pulumi-consul/sdk/v3/go/consul"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		tmpJSON0, err := json.Marshal(map[string]interface{}{
			"JWKSURL":          "https://example.com/identity/oidc/.well-known/keys",
			"JWTSupportedAlgs": "RS256",
			"BoundIssuer":      "https://example.com",
			"ClaimMappings": map[string]interface{}{
				"subject": "subject",
			},
		})
		if err != nil {
			return err
		}
		json0 := string(tmpJSON0)
		_, err := consul.NewAclAuthMethod(ctx, "minikube", &consul.AclAuthMethodArgs{
			Type:       pulumi.String("jwt"),
			ConfigJson: pulumi.String(json0),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

Coming soon!

import pulumi
import json
import pulumi_consul as consul

minikube = consul.AclAuthMethod("minikube",
    type="jwt",
    config_json=json.dumps({
        "JWKSURL": "https://example.com/identity/oidc/.well-known/keys",
        "JWTSupportedAlgs": "RS256",
        "BoundIssuer": "https://example.com",
        "ClaimMappings": {
            "subject": "subject",
        },
    }))
import * as pulumi from "@pulumi/pulumi";
import * as consul from "@pulumi/consul";

const minikube = new consul.AclAuthMethod("minikube", {
    type: "jwt",
    configJson: JSON.stringify({
        JWKSURL: "https://example.com/identity/oidc/.well-known/keys",
        JWTSupportedAlgs: "RS256",
        BoundIssuer: "https://example.com",
        ClaimMappings: {
            subject: "subject",
        },
    }),
});

Coming soon!

Create AclAuthMethod Resource

new AclAuthMethod(name: string, args: AclAuthMethodArgs, opts?: CustomResourceOptions);
@overload
def AclAuthMethod(resource_name: str,
                  opts: Optional[ResourceOptions] = None,
                  config: Optional[Mapping[str, str]] = None,
                  config_json: Optional[str] = None,
                  description: Optional[str] = None,
                  display_name: Optional[str] = None,
                  max_token_ttl: Optional[str] = None,
                  name: Optional[str] = None,
                  namespace: Optional[str] = None,
                  namespace_rules: Optional[Sequence[AclAuthMethodNamespaceRuleArgs]] = None,
                  partition: Optional[str] = None,
                  token_locality: Optional[str] = None,
                  type: Optional[str] = None)
@overload
def AclAuthMethod(resource_name: str,
                  args: AclAuthMethodArgs,
                  opts: Optional[ResourceOptions] = None)
func NewAclAuthMethod(ctx *Context, name string, args AclAuthMethodArgs, opts ...ResourceOption) (*AclAuthMethod, error)
public AclAuthMethod(string name, AclAuthMethodArgs args, CustomResourceOptions? opts = null)
public AclAuthMethod(String name, AclAuthMethodArgs args)
public AclAuthMethod(String name, AclAuthMethodArgs args, CustomResourceOptions options)
type: consul:AclAuthMethod
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string
The unique name of the resource.
args AclAuthMethodArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args AclAuthMethodArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args AclAuthMethodArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args AclAuthMethodArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name String
The unique name of the resource.
args AclAuthMethodArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

AclAuthMethod Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The AclAuthMethod resource accepts the following input properties:

Type string

The type of the ACL auth method.

Config Dictionary<string, string>

The raw configuration for this ACL auth method. This attribute is deprecated and will be removed in a future version. config_json should be used instead.

Deprecated:

The config attribute is deprecated, please use config_json instead.

ConfigJson string

The raw configuration for this ACL auth method.

Description string

A free form human readable description of the auth method.

DisplayName string

An optional name to use instead of the name attribute when displaying information about this auth method.

MaxTokenTtl string

The maximum life of any token created by this auth method.

Name string

The name of the ACL auth method.

Namespace string

The namespace in which to create the auth method.

NamespaceRules List<AclAuthMethodNamespaceRuleArgs>

A set of rules that control which namespace tokens created via this auth method will be created within.

Partition string

The partition the ACL auth method is associated with.

TokenLocality string

The kind of token that this auth method produces. This can be either 'local' or 'global'.

Type string

The type of the ACL auth method.

Config map[string]string

The raw configuration for this ACL auth method. This attribute is deprecated and will be removed in a future version. config_json should be used instead.

Deprecated:

The config attribute is deprecated, please use config_json instead.

ConfigJson string

The raw configuration for this ACL auth method.

Description string

A free form human readable description of the auth method.

DisplayName string

An optional name to use instead of the name attribute when displaying information about this auth method.

MaxTokenTtl string

The maximum life of any token created by this auth method.

Name string

The name of the ACL auth method.

Namespace string

The namespace in which to create the auth method.

NamespaceRules []AclAuthMethodNamespaceRuleArgs

A set of rules that control which namespace tokens created via this auth method will be created within.

Partition string

The partition the ACL auth method is associated with.

TokenLocality string

The kind of token that this auth method produces. This can be either 'local' or 'global'.

type String

The type of the ACL auth method.

config Map<String,String>

The raw configuration for this ACL auth method. This attribute is deprecated and will be removed in a future version. config_json should be used instead.

Deprecated:

The config attribute is deprecated, please use config_json instead.

configJson String

The raw configuration for this ACL auth method.

description String

A free form human readable description of the auth method.

displayName String

An optional name to use instead of the name attribute when displaying information about this auth method.

maxTokenTtl String

The maximum life of any token created by this auth method.

name String

The name of the ACL auth method.

namespace String

The namespace in which to create the auth method.

namespaceRules List<AclAuthMethodNamespaceRuleArgs>

A set of rules that control which namespace tokens created via this auth method will be created within.

partition String

The partition the ACL auth method is associated with.

tokenLocality String

The kind of token that this auth method produces. This can be either 'local' or 'global'.

type string

The type of the ACL auth method.

config {[key: string]: string}

The raw configuration for this ACL auth method. This attribute is deprecated and will be removed in a future version. config_json should be used instead.

Deprecated:

The config attribute is deprecated, please use config_json instead.

configJson string

The raw configuration for this ACL auth method.

description string

A free form human readable description of the auth method.

displayName string

An optional name to use instead of the name attribute when displaying information about this auth method.

maxTokenTtl string

The maximum life of any token created by this auth method.

name string

The name of the ACL auth method.

namespace string

The namespace in which to create the auth method.

namespaceRules AclAuthMethodNamespaceRuleArgs[]

A set of rules that control which namespace tokens created via this auth method will be created within.

partition string

The partition the ACL auth method is associated with.

tokenLocality string

The kind of token that this auth method produces. This can be either 'local' or 'global'.

type str

The type of the ACL auth method.

config Mapping[str, str]

The raw configuration for this ACL auth method. This attribute is deprecated and will be removed in a future version. config_json should be used instead.

Deprecated:

The config attribute is deprecated, please use config_json instead.

config_json str

The raw configuration for this ACL auth method.

description str

A free form human readable description of the auth method.

display_name str

An optional name to use instead of the name attribute when displaying information about this auth method.

max_token_ttl str

The maximum life of any token created by this auth method.

name str

The name of the ACL auth method.

namespace str

The namespace in which to create the auth method.

namespace_rules Sequence[AclAuthMethodNamespaceRuleArgs]

A set of rules that control which namespace tokens created via this auth method will be created within.

partition str

The partition the ACL auth method is associated with.

token_locality str

The kind of token that this auth method produces. This can be either 'local' or 'global'.

type String

The type of the ACL auth method.

config Map<String>

The raw configuration for this ACL auth method. This attribute is deprecated and will be removed in a future version. config_json should be used instead.

Deprecated:

The config attribute is deprecated, please use config_json instead.

configJson String

The raw configuration for this ACL auth method.

description String

A free form human readable description of the auth method.

displayName String

An optional name to use instead of the name attribute when displaying information about this auth method.

maxTokenTtl String

The maximum life of any token created by this auth method.

name String

The name of the ACL auth method.

namespace String

The namespace in which to create the auth method.

namespaceRules List<Property Map>

A set of rules that control which namespace tokens created via this auth method will be created within.

partition String

The partition the ACL auth method is associated with.

tokenLocality String

The kind of token that this auth method produces. This can be either 'local' or 'global'.

Outputs

All input properties are implicitly available as output properties. Additionally, the AclAuthMethod resource produces the following output properties:

Id string

The provider-assigned unique ID for this managed resource.

Id string

The provider-assigned unique ID for this managed resource.

id String

The provider-assigned unique ID for this managed resource.

id string

The provider-assigned unique ID for this managed resource.

id str

The provider-assigned unique ID for this managed resource.

id String

The provider-assigned unique ID for this managed resource.

Look up Existing AclAuthMethod Resource

Get an existing AclAuthMethod resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: AclAuthMethodState, opts?: CustomResourceOptions): AclAuthMethod
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        config: Optional[Mapping[str, str]] = None,
        config_json: Optional[str] = None,
        description: Optional[str] = None,
        display_name: Optional[str] = None,
        max_token_ttl: Optional[str] = None,
        name: Optional[str] = None,
        namespace: Optional[str] = None,
        namespace_rules: Optional[Sequence[AclAuthMethodNamespaceRuleArgs]] = None,
        partition: Optional[str] = None,
        token_locality: Optional[str] = None,
        type: Optional[str] = None) -> AclAuthMethod
func GetAclAuthMethod(ctx *Context, name string, id IDInput, state *AclAuthMethodState, opts ...ResourceOption) (*AclAuthMethod, error)
public static AclAuthMethod Get(string name, Input<string> id, AclAuthMethodState? state, CustomResourceOptions? opts = null)
public static AclAuthMethod get(String name, Output<String> id, AclAuthMethodState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
Config Dictionary<string, string>

The raw configuration for this ACL auth method. This attribute is deprecated and will be removed in a future version. config_json should be used instead.

Deprecated:

The config attribute is deprecated, please use config_json instead.

ConfigJson string

The raw configuration for this ACL auth method.

Description string

A free form human readable description of the auth method.

DisplayName string

An optional name to use instead of the name attribute when displaying information about this auth method.

MaxTokenTtl string

The maximum life of any token created by this auth method.

Name string

The name of the ACL auth method.

Namespace string

The namespace in which to create the auth method.

NamespaceRules List<AclAuthMethodNamespaceRuleArgs>

A set of rules that control which namespace tokens created via this auth method will be created within.

Partition string

The partition the ACL auth method is associated with.

TokenLocality string

The kind of token that this auth method produces. This can be either 'local' or 'global'.

Type string

The type of the ACL auth method.

Config map[string]string

The raw configuration for this ACL auth method. This attribute is deprecated and will be removed in a future version. config_json should be used instead.

Deprecated:

The config attribute is deprecated, please use config_json instead.

ConfigJson string

The raw configuration for this ACL auth method.

Description string

A free form human readable description of the auth method.

DisplayName string

An optional name to use instead of the name attribute when displaying information about this auth method.

MaxTokenTtl string

The maximum life of any token created by this auth method.

Name string

The name of the ACL auth method.

Namespace string

The namespace in which to create the auth method.

NamespaceRules []AclAuthMethodNamespaceRuleArgs

A set of rules that control which namespace tokens created via this auth method will be created within.

Partition string

The partition the ACL auth method is associated with.

TokenLocality string

The kind of token that this auth method produces. This can be either 'local' or 'global'.

Type string

The type of the ACL auth method.

config Map<String,String>

The raw configuration for this ACL auth method. This attribute is deprecated and will be removed in a future version. config_json should be used instead.

Deprecated:

The config attribute is deprecated, please use config_json instead.

configJson String

The raw configuration for this ACL auth method.

description String

A free form human readable description of the auth method.

displayName String

An optional name to use instead of the name attribute when displaying information about this auth method.

maxTokenTtl String

The maximum life of any token created by this auth method.

name String

The name of the ACL auth method.

namespace String

The namespace in which to create the auth method.

namespaceRules List<AclAuthMethodNamespaceRuleArgs>

A set of rules that control which namespace tokens created via this auth method will be created within.

partition String

The partition the ACL auth method is associated with.

tokenLocality String

The kind of token that this auth method produces. This can be either 'local' or 'global'.

type String

The type of the ACL auth method.

config {[key: string]: string}

The raw configuration for this ACL auth method. This attribute is deprecated and will be removed in a future version. config_json should be used instead.

Deprecated:

The config attribute is deprecated, please use config_json instead.

configJson string

The raw configuration for this ACL auth method.

description string

A free form human readable description of the auth method.

displayName string

An optional name to use instead of the name attribute when displaying information about this auth method.

maxTokenTtl string

The maximum life of any token created by this auth method.

name string

The name of the ACL auth method.

namespace string

The namespace in which to create the auth method.

namespaceRules AclAuthMethodNamespaceRuleArgs[]

A set of rules that control which namespace tokens created via this auth method will be created within.

partition string

The partition the ACL auth method is associated with.

tokenLocality string

The kind of token that this auth method produces. This can be either 'local' or 'global'.

type string

The type of the ACL auth method.

config Mapping[str, str]

The raw configuration for this ACL auth method. This attribute is deprecated and will be removed in a future version. config_json should be used instead.

Deprecated:

The config attribute is deprecated, please use config_json instead.

config_json str

The raw configuration for this ACL auth method.

description str

A free form human readable description of the auth method.

display_name str

An optional name to use instead of the name attribute when displaying information about this auth method.

max_token_ttl str

The maximum life of any token created by this auth method.

name str

The name of the ACL auth method.

namespace str

The namespace in which to create the auth method.

namespace_rules Sequence[AclAuthMethodNamespaceRuleArgs]

A set of rules that control which namespace tokens created via this auth method will be created within.

partition str

The partition the ACL auth method is associated with.

token_locality str

The kind of token that this auth method produces. This can be either 'local' or 'global'.

type str

The type of the ACL auth method.

config Map<String>

The raw configuration for this ACL auth method. This attribute is deprecated and will be removed in a future version. config_json should be used instead.

Deprecated:

The config attribute is deprecated, please use config_json instead.

configJson String

The raw configuration for this ACL auth method.

description String

A free form human readable description of the auth method.

displayName String

An optional name to use instead of the name attribute when displaying information about this auth method.

maxTokenTtl String

The maximum life of any token created by this auth method.

name String

The name of the ACL auth method.

namespace String

The namespace in which to create the auth method.

namespaceRules List<Property Map>

A set of rules that control which namespace tokens created via this auth method will be created within.

partition String

The partition the ACL auth method is associated with.

tokenLocality String

The kind of token that this auth method produces. This can be either 'local' or 'global'.

type String

The type of the ACL auth method.

Supporting Types

AclAuthMethodNamespaceRule

BindNamespace string

If the namespace rule's selector matches then this is used to control the namespace where the token is created.

Selector string

Specifies the expression used to match this namespace rule against valid identities returned from an auth method validation. Defaults to "".

BindNamespace string

If the namespace rule's selector matches then this is used to control the namespace where the token is created.

Selector string

Specifies the expression used to match this namespace rule against valid identities returned from an auth method validation. Defaults to "".

bindNamespace String

If the namespace rule's selector matches then this is used to control the namespace where the token is created.

selector String

Specifies the expression used to match this namespace rule against valid identities returned from an auth method validation. Defaults to "".

bindNamespace string

If the namespace rule's selector matches then this is used to control the namespace where the token is created.

selector string

Specifies the expression used to match this namespace rule against valid identities returned from an auth method validation. Defaults to "".

bind_namespace str

If the namespace rule's selector matches then this is used to control the namespace where the token is created.

selector str

Specifies the expression used to match this namespace rule against valid identities returned from an auth method validation. Defaults to "".

bindNamespace String

If the namespace rule's selector matches then this is used to control the namespace where the token is created.

selector String

Specifies the expression used to match this namespace rule against valid identities returned from an auth method validation. Defaults to "".

Package Details

Repository
HashiCorp Consul pulumi/pulumi-consul
License
Apache-2.0
Notes

This Pulumi package is based on the consul Terraform Provider.