consul.AclAuthMethod
Explore with Pulumi AI
Starting with Consul 1.5.0, the consul.AclAuthMethod resource can be used to managed Consul ACL auth methods.
Example Usage
Define a
using System.Collections.Generic;
using System.Linq;
using System.Text.Json;
using Pulumi;
using Consul = Pulumi.Consul;
return await Deployment.RunAsync(() =>
{
var minikube = new Consul.AclAuthMethod("minikube", new()
{
Type = "kubernetes",
Description = "dev minikube cluster",
ConfigJson = JsonSerializer.Serialize(new Dictionary<string, object?>
{
["Host"] = "https://192.0.2.42:8443",
["CACert"] = @"-----BEGIN CERTIFICATE-----
...-----END CERTIFICATE-----
",
["ServiceAccountJWT"] = "eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9...",
}),
});
});
package main
import (
"encoding/json"
"github.com/pulumi/pulumi-consul/sdk/v3/go/consul"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
tmpJSON0, err := json.Marshal(map[string]interface{}{
"Host": "https://192.0.2.42:8443",
"CACert": "-----BEGIN CERTIFICATE-----\n...-----END CERTIFICATE-----\n",
"ServiceAccountJWT": "eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9...",
})
if err != nil {
return err
}
json0 := string(tmpJSON0)
_, err = consul.NewAclAuthMethod(ctx, "minikube", &consul.AclAuthMethodArgs{
Type: pulumi.String("kubernetes"),
Description: pulumi.String("dev minikube cluster"),
ConfigJson: pulumi.String(json0),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.consul.AclAuthMethod;
import com.pulumi.consul.AclAuthMethodArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var minikube = new AclAuthMethod("minikube", AclAuthMethodArgs.builder()
.type("kubernetes")
.description("dev minikube cluster")
.configJson(serializeJson(
jsonObject(
jsonProperty("Host", "https://192.0.2.42:8443"),
jsonProperty("CACert", """
-----BEGIN CERTIFICATE-----
...-----END CERTIFICATE-----
"""),
jsonProperty("ServiceAccountJWT", "eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9...")
)))
.build());
}
}
import pulumi
import json
import pulumi_consul as consul
minikube = consul.AclAuthMethod("minikube",
type="kubernetes",
description="dev minikube cluster",
config_json=json.dumps({
"Host": "https://192.0.2.42:8443",
"CACert": """-----BEGIN CERTIFICATE-----
...-----END CERTIFICATE-----
""",
"ServiceAccountJWT": "eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9...",
}))
import * as pulumi from "@pulumi/pulumi";
import * as consul from "@pulumi/consul";
const minikube = new consul.AclAuthMethod("minikube", {
type: "kubernetes",
description: "dev minikube cluster",
configJson: JSON.stringify({
Host: "https://192.0.2.42:8443",
CACert: `-----BEGIN CERTIFICATE-----
...-----END CERTIFICATE-----
`,
ServiceAccountJWT: "eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9...",
}),
});
resources:
minikube:
type: consul:AclAuthMethod
properties:
type: kubernetes
description: dev minikube cluster
configJson:
fn::toJSON:
Host: https://192.0.2.42:8443
CACert: |
-----BEGIN CERTIFICATE-----
...-----END CERTIFICATE-----
ServiceAccountJWT: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9...
auth method
using System.Collections.Generic;
using System.Linq;
using System.Text.Json;
using Pulumi;
using Consul = Pulumi.Consul;
return await Deployment.RunAsync(() =>
{
var minikube = new Consul.AclAuthMethod("minikube", new()
{
Type = "jwt",
ConfigJson = JsonSerializer.Serialize(new Dictionary<string, object?>
{
["JWKSURL"] = "https://example.com/identity/oidc/.well-known/keys",
["JWTSupportedAlgs"] = "RS256",
["BoundIssuer"] = "https://example.com",
["ClaimMappings"] = new Dictionary<string, object?>
{
["subject"] = "subject",
},
}),
});
});
package main
import (
"encoding/json"
"github.com/pulumi/pulumi-consul/sdk/v3/go/consul"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
tmpJSON0, err := json.Marshal(map[string]interface{}{
"JWKSURL": "https://example.com/identity/oidc/.well-known/keys",
"JWTSupportedAlgs": "RS256",
"BoundIssuer": "https://example.com",
"ClaimMappings": map[string]interface{}{
"subject": "subject",
},
})
if err != nil {
return err
}
json0 := string(tmpJSON0)
_, err = consul.NewAclAuthMethod(ctx, "minikube", &consul.AclAuthMethodArgs{
Type: pulumi.String("jwt"),
ConfigJson: pulumi.String(json0),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.consul.AclAuthMethod;
import com.pulumi.consul.AclAuthMethodArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var minikube = new AclAuthMethod("minikube", AclAuthMethodArgs.builder()
.type("jwt")
.configJson(serializeJson(
jsonObject(
jsonProperty("JWKSURL", "https://example.com/identity/oidc/.well-known/keys"),
jsonProperty("JWTSupportedAlgs", "RS256"),
jsonProperty("BoundIssuer", "https://example.com"),
jsonProperty("ClaimMappings", jsonObject(
jsonProperty("subject", "subject")
))
)))
.build());
}
}
import pulumi
import json
import pulumi_consul as consul
minikube = consul.AclAuthMethod("minikube",
type="jwt",
config_json=json.dumps({
"JWKSURL": "https://example.com/identity/oidc/.well-known/keys",
"JWTSupportedAlgs": "RS256",
"BoundIssuer": "https://example.com",
"ClaimMappings": {
"subject": "subject",
},
}))
import * as pulumi from "@pulumi/pulumi";
import * as consul from "@pulumi/consul";
const minikube = new consul.AclAuthMethod("minikube", {
type: "jwt",
configJson: JSON.stringify({
JWKSURL: "https://example.com/identity/oidc/.well-known/keys",
JWTSupportedAlgs: "RS256",
BoundIssuer: "https://example.com",
ClaimMappings: {
subject: "subject",
},
}),
});
resources:
minikube:
type: consul:AclAuthMethod
properties:
type: jwt
configJson:
fn::toJSON:
JWKSURL: https://example.com/identity/oidc/.well-known/keys
JWTSupportedAlgs: RS256
BoundIssuer: https://example.com
ClaimMappings:
subject: subject
Create AclAuthMethod Resource
new AclAuthMethod(name: string, args: AclAuthMethodArgs, opts?: CustomResourceOptions);
@overload
def AclAuthMethod(resource_name: str,
opts: Optional[ResourceOptions] = None,
config: Optional[Mapping[str, str]] = None,
config_json: Optional[str] = None,
description: Optional[str] = None,
display_name: Optional[str] = None,
max_token_ttl: Optional[str] = None,
name: Optional[str] = None,
namespace: Optional[str] = None,
namespace_rules: Optional[Sequence[AclAuthMethodNamespaceRuleArgs]] = None,
partition: Optional[str] = None,
token_locality: Optional[str] = None,
type: Optional[str] = None)
@overload
def AclAuthMethod(resource_name: str,
args: AclAuthMethodArgs,
opts: Optional[ResourceOptions] = None)
func NewAclAuthMethod(ctx *Context, name string, args AclAuthMethodArgs, opts ...ResourceOption) (*AclAuthMethod, error)
public AclAuthMethod(string name, AclAuthMethodArgs args, CustomResourceOptions? opts = null)
public AclAuthMethod(String name, AclAuthMethodArgs args)
public AclAuthMethod(String name, AclAuthMethodArgs args, CustomResourceOptions options)
type: consul:AclAuthMethod
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AclAuthMethodArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args AclAuthMethodArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args AclAuthMethodArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AclAuthMethodArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args AclAuthMethodArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
AclAuthMethod Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The AclAuthMethod resource accepts the following input properties:
- Type string
The type of the ACL auth method.
- Config Dictionary<string, string>
The raw configuration for this ACL auth method. This attribute is deprecated and will be removed in a future version.
config_json
should be used instead.The config attribute is deprecated, please use config_json instead.
- Config
Json string The raw configuration for this ACL auth method.
- Description string
A free form human readable description of the auth method.
- Display
Name string An optional name to use instead of the name attribute when displaying information about this auth method.
- Max
Token stringTtl The maximum life of any token created by this auth method.
- Name string
The name of the ACL auth method.
- Namespace string
The namespace in which to create the auth method.
- Namespace
Rules List<AclAuth Method Namespace Rule> A set of rules that control which namespace tokens created via this auth method will be created within.
- Partition string
The partition the ACL auth method is associated with.
- Token
Locality string The kind of token that this auth method produces. This can be either 'local' or 'global'.
- Type string
The type of the ACL auth method.
- Config map[string]string
The raw configuration for this ACL auth method. This attribute is deprecated and will be removed in a future version.
config_json
should be used instead.The config attribute is deprecated, please use config_json instead.
- Config
Json string The raw configuration for this ACL auth method.
- Description string
A free form human readable description of the auth method.
- Display
Name string An optional name to use instead of the name attribute when displaying information about this auth method.
- Max
Token stringTtl The maximum life of any token created by this auth method.
- Name string
The name of the ACL auth method.
- Namespace string
The namespace in which to create the auth method.
- Namespace
Rules []AclAuth Method Namespace Rule Args A set of rules that control which namespace tokens created via this auth method will be created within.
- Partition string
The partition the ACL auth method is associated with.
- Token
Locality string The kind of token that this auth method produces. This can be either 'local' or 'global'.
- type String
The type of the ACL auth method.
- config Map<String,String>
The raw configuration for this ACL auth method. This attribute is deprecated and will be removed in a future version.
config_json
should be used instead.The config attribute is deprecated, please use config_json instead.
- config
Json String The raw configuration for this ACL auth method.
- description String
A free form human readable description of the auth method.
- display
Name String An optional name to use instead of the name attribute when displaying information about this auth method.
- max
Token StringTtl The maximum life of any token created by this auth method.
- name String
The name of the ACL auth method.
- namespace String
The namespace in which to create the auth method.
- namespace
Rules List<AclAuth Method Namespace Rule> A set of rules that control which namespace tokens created via this auth method will be created within.
- partition String
The partition the ACL auth method is associated with.
- token
Locality String The kind of token that this auth method produces. This can be either 'local' or 'global'.
- type string
The type of the ACL auth method.
- config {[key: string]: string}
The raw configuration for this ACL auth method. This attribute is deprecated and will be removed in a future version.
config_json
should be used instead.The config attribute is deprecated, please use config_json instead.
- config
Json string The raw configuration for this ACL auth method.
- description string
A free form human readable description of the auth method.
- display
Name string An optional name to use instead of the name attribute when displaying information about this auth method.
- max
Token stringTtl The maximum life of any token created by this auth method.
- name string
The name of the ACL auth method.
- namespace string
The namespace in which to create the auth method.
- namespace
Rules AclAuth Method Namespace Rule[] A set of rules that control which namespace tokens created via this auth method will be created within.
- partition string
The partition the ACL auth method is associated with.
- token
Locality string The kind of token that this auth method produces. This can be either 'local' or 'global'.
- type str
The type of the ACL auth method.
- config Mapping[str, str]
The raw configuration for this ACL auth method. This attribute is deprecated and will be removed in a future version.
config_json
should be used instead.The config attribute is deprecated, please use config_json instead.
- config_
json str The raw configuration for this ACL auth method.
- description str
A free form human readable description of the auth method.
- display_
name str An optional name to use instead of the name attribute when displaying information about this auth method.
- max_
token_ strttl The maximum life of any token created by this auth method.
- name str
The name of the ACL auth method.
- namespace str
The namespace in which to create the auth method.
- namespace_
rules Sequence[AclAuth Method Namespace Rule Args] A set of rules that control which namespace tokens created via this auth method will be created within.
- partition str
The partition the ACL auth method is associated with.
- token_
locality str The kind of token that this auth method produces. This can be either 'local' or 'global'.
- type String
The type of the ACL auth method.
- config Map<String>
The raw configuration for this ACL auth method. This attribute is deprecated and will be removed in a future version.
config_json
should be used instead.The config attribute is deprecated, please use config_json instead.
- config
Json String The raw configuration for this ACL auth method.
- description String
A free form human readable description of the auth method.
- display
Name String An optional name to use instead of the name attribute when displaying information about this auth method.
- max
Token StringTtl The maximum life of any token created by this auth method.
- name String
The name of the ACL auth method.
- namespace String
The namespace in which to create the auth method.
- namespace
Rules List<Property Map> A set of rules that control which namespace tokens created via this auth method will be created within.
- partition String
The partition the ACL auth method is associated with.
- token
Locality String The kind of token that this auth method produces. This can be either 'local' or 'global'.
Outputs
All input properties are implicitly available as output properties. Additionally, the AclAuthMethod resource produces the following output properties:
- Id string
The provider-assigned unique ID for this managed resource.
- Id string
The provider-assigned unique ID for this managed resource.
- id String
The provider-assigned unique ID for this managed resource.
- id string
The provider-assigned unique ID for this managed resource.
- id str
The provider-assigned unique ID for this managed resource.
- id String
The provider-assigned unique ID for this managed resource.
Look up Existing AclAuthMethod Resource
Get an existing AclAuthMethod resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: AclAuthMethodState, opts?: CustomResourceOptions): AclAuthMethod
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
config: Optional[Mapping[str, str]] = None,
config_json: Optional[str] = None,
description: Optional[str] = None,
display_name: Optional[str] = None,
max_token_ttl: Optional[str] = None,
name: Optional[str] = None,
namespace: Optional[str] = None,
namespace_rules: Optional[Sequence[AclAuthMethodNamespaceRuleArgs]] = None,
partition: Optional[str] = None,
token_locality: Optional[str] = None,
type: Optional[str] = None) -> AclAuthMethod
func GetAclAuthMethod(ctx *Context, name string, id IDInput, state *AclAuthMethodState, opts ...ResourceOption) (*AclAuthMethod, error)
public static AclAuthMethod Get(string name, Input<string> id, AclAuthMethodState? state, CustomResourceOptions? opts = null)
public static AclAuthMethod get(String name, Output<String> id, AclAuthMethodState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Config Dictionary<string, string>
The raw configuration for this ACL auth method. This attribute is deprecated and will be removed in a future version.
config_json
should be used instead.The config attribute is deprecated, please use config_json instead.
- Config
Json string The raw configuration for this ACL auth method.
- Description string
A free form human readable description of the auth method.
- Display
Name string An optional name to use instead of the name attribute when displaying information about this auth method.
- Max
Token stringTtl The maximum life of any token created by this auth method.
- Name string
The name of the ACL auth method.
- Namespace string
The namespace in which to create the auth method.
- Namespace
Rules List<AclAuth Method Namespace Rule> A set of rules that control which namespace tokens created via this auth method will be created within.
- Partition string
The partition the ACL auth method is associated with.
- Token
Locality string The kind of token that this auth method produces. This can be either 'local' or 'global'.
- Type string
The type of the ACL auth method.
- Config map[string]string
The raw configuration for this ACL auth method. This attribute is deprecated and will be removed in a future version.
config_json
should be used instead.The config attribute is deprecated, please use config_json instead.
- Config
Json string The raw configuration for this ACL auth method.
- Description string
A free form human readable description of the auth method.
- Display
Name string An optional name to use instead of the name attribute when displaying information about this auth method.
- Max
Token stringTtl The maximum life of any token created by this auth method.
- Name string
The name of the ACL auth method.
- Namespace string
The namespace in which to create the auth method.
- Namespace
Rules []AclAuth Method Namespace Rule Args A set of rules that control which namespace tokens created via this auth method will be created within.
- Partition string
The partition the ACL auth method is associated with.
- Token
Locality string The kind of token that this auth method produces. This can be either 'local' or 'global'.
- Type string
The type of the ACL auth method.
- config Map<String,String>
The raw configuration for this ACL auth method. This attribute is deprecated and will be removed in a future version.
config_json
should be used instead.The config attribute is deprecated, please use config_json instead.
- config
Json String The raw configuration for this ACL auth method.
- description String
A free form human readable description of the auth method.
- display
Name String An optional name to use instead of the name attribute when displaying information about this auth method.
- max
Token StringTtl The maximum life of any token created by this auth method.
- name String
The name of the ACL auth method.
- namespace String
The namespace in which to create the auth method.
- namespace
Rules List<AclAuth Method Namespace Rule> A set of rules that control which namespace tokens created via this auth method will be created within.
- partition String
The partition the ACL auth method is associated with.
- token
Locality String The kind of token that this auth method produces. This can be either 'local' or 'global'.
- type String
The type of the ACL auth method.
- config {[key: string]: string}
The raw configuration for this ACL auth method. This attribute is deprecated and will be removed in a future version.
config_json
should be used instead.The config attribute is deprecated, please use config_json instead.
- config
Json string The raw configuration for this ACL auth method.
- description string
A free form human readable description of the auth method.
- display
Name string An optional name to use instead of the name attribute when displaying information about this auth method.
- max
Token stringTtl The maximum life of any token created by this auth method.
- name string
The name of the ACL auth method.
- namespace string
The namespace in which to create the auth method.
- namespace
Rules AclAuth Method Namespace Rule[] A set of rules that control which namespace tokens created via this auth method will be created within.
- partition string
The partition the ACL auth method is associated with.
- token
Locality string The kind of token that this auth method produces. This can be either 'local' or 'global'.
- type string
The type of the ACL auth method.
- config Mapping[str, str]
The raw configuration for this ACL auth method. This attribute is deprecated and will be removed in a future version.
config_json
should be used instead.The config attribute is deprecated, please use config_json instead.
- config_
json str The raw configuration for this ACL auth method.
- description str
A free form human readable description of the auth method.
- display_
name str An optional name to use instead of the name attribute when displaying information about this auth method.
- max_
token_ strttl The maximum life of any token created by this auth method.
- name str
The name of the ACL auth method.
- namespace str
The namespace in which to create the auth method.
- namespace_
rules Sequence[AclAuth Method Namespace Rule Args] A set of rules that control which namespace tokens created via this auth method will be created within.
- partition str
The partition the ACL auth method is associated with.
- token_
locality str The kind of token that this auth method produces. This can be either 'local' or 'global'.
- type str
The type of the ACL auth method.
- config Map<String>
The raw configuration for this ACL auth method. This attribute is deprecated and will be removed in a future version.
config_json
should be used instead.The config attribute is deprecated, please use config_json instead.
- config
Json String The raw configuration for this ACL auth method.
- description String
A free form human readable description of the auth method.
- display
Name String An optional name to use instead of the name attribute when displaying information about this auth method.
- max
Token StringTtl The maximum life of any token created by this auth method.
- name String
The name of the ACL auth method.
- namespace String
The namespace in which to create the auth method.
- namespace
Rules List<Property Map> A set of rules that control which namespace tokens created via this auth method will be created within.
- partition String
The partition the ACL auth method is associated with.
- token
Locality String The kind of token that this auth method produces. This can be either 'local' or 'global'.
- type String
The type of the ACL auth method.
Supporting Types
AclAuthMethodNamespaceRule, AclAuthMethodNamespaceRuleArgs
- Bind
Namespace string If the namespace rule's
selector
matches then this is used to control the namespace where the token is created.- Selector string
Specifies the expression used to match this namespace rule against valid identities returned from an auth method validation. Defaults to
""
.
- Bind
Namespace string If the namespace rule's
selector
matches then this is used to control the namespace where the token is created.- Selector string
Specifies the expression used to match this namespace rule against valid identities returned from an auth method validation. Defaults to
""
.
- bind
Namespace String If the namespace rule's
selector
matches then this is used to control the namespace where the token is created.- selector String
Specifies the expression used to match this namespace rule against valid identities returned from an auth method validation. Defaults to
""
.
- bind
Namespace string If the namespace rule's
selector
matches then this is used to control the namespace where the token is created.- selector string
Specifies the expression used to match this namespace rule against valid identities returned from an auth method validation. Defaults to
""
.
- bind_
namespace str If the namespace rule's
selector
matches then this is used to control the namespace where the token is created.- selector str
Specifies the expression used to match this namespace rule against valid identities returned from an auth method validation. Defaults to
""
.
- bind
Namespace String If the namespace rule's
selector
matches then this is used to control the namespace where the token is created.- selector String
Specifies the expression used to match this namespace rule against valid identities returned from an auth method validation. Defaults to
""
.
Package Details
- Repository
- HashiCorp Consul pulumi/pulumi-consul
- License
- Apache-2.0
- Notes
This Pulumi package is based on the
consul
Terraform Provider.