1. Packages
  2. Consul Provider
  3. API Docs
  4. ConfigEntryServiceIntentions
Consul v3.12.2 published on Wednesday, Oct 16, 2024 by Pulumi

consul.ConfigEntryServiceIntentions

Explore with Pulumi AI

consul logo
Consul v3.12.2 published on Wednesday, Oct 16, 2024 by Pulumi

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as consul from "@pulumi/consul";
    
    const jwtProvider = new consul.ConfigEntry("jwt_provider", {
        name: "okta",
        kind: "jwt-provider",
        configJson: JSON.stringify({
            ClockSkewSeconds: 30,
            Issuer: "test-issuer",
            JSONWebKeySet: {
                Remote: {
                    URI: "https://127.0.0.1:9091",
                    FetchAsynchronously: true,
                },
            },
        }),
    });
    const web = new consul.ConfigEntryServiceIntentions("web", {
        name: "web",
        jwts: [{
            providers: [{
                name: jwtProvider.name,
                verifyClaims: [{
                    paths: [
                        "perms",
                        "role",
                    ],
                    value: "admin",
                }],
            }],
        }],
        sources: [
            {
                name: "frontend-webapp",
                type: "consul",
                action: "allow",
            },
            {
                name: "nightly-cronjob",
                type: "consul",
                action: "deny",
            },
        ],
    });
    
    import pulumi
    import json
    import pulumi_consul as consul
    
    jwt_provider = consul.ConfigEntry("jwt_provider",
        name="okta",
        kind="jwt-provider",
        config_json=json.dumps({
            "ClockSkewSeconds": 30,
            "Issuer": "test-issuer",
            "JSONWebKeySet": {
                "Remote": {
                    "URI": "https://127.0.0.1:9091",
                    "FetchAsynchronously": True,
                },
            },
        }))
    web = consul.ConfigEntryServiceIntentions("web",
        name="web",
        jwts=[{
            "providers": [{
                "name": jwt_provider.name,
                "verify_claims": [{
                    "paths": [
                        "perms",
                        "role",
                    ],
                    "value": "admin",
                }],
            }],
        }],
        sources=[
            {
                "name": "frontend-webapp",
                "type": "consul",
                "action": "allow",
            },
            {
                "name": "nightly-cronjob",
                "type": "consul",
                "action": "deny",
            },
        ])
    
    package main
    
    import (
    	"encoding/json"
    
    	"github.com/pulumi/pulumi-consul/sdk/v3/go/consul"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		tmpJSON0, err := json.Marshal(map[string]interface{}{
    			"ClockSkewSeconds": 30,
    			"Issuer":           "test-issuer",
    			"JSONWebKeySet": map[string]interface{}{
    				"Remote": map[string]interface{}{
    					"URI":                 "https://127.0.0.1:9091",
    					"FetchAsynchronously": true,
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		json0 := string(tmpJSON0)
    		jwtProvider, err := consul.NewConfigEntry(ctx, "jwt_provider", &consul.ConfigEntryArgs{
    			Name:       pulumi.String("okta"),
    			Kind:       pulumi.String("jwt-provider"),
    			ConfigJson: pulumi.String(json0),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = consul.NewConfigEntryServiceIntentions(ctx, "web", &consul.ConfigEntryServiceIntentionsArgs{
    			Name: pulumi.String("web"),
    			Jwts: consul.ConfigEntryServiceIntentionsJwtArray{
    				&consul.ConfigEntryServiceIntentionsJwtArgs{
    					Providers: consul.ConfigEntryServiceIntentionsJwtProviderArray{
    						&consul.ConfigEntryServiceIntentionsJwtProviderArgs{
    							Name: jwtProvider.Name,
    							VerifyClaims: consul.ConfigEntryServiceIntentionsJwtProviderVerifyClaimArray{
    								&consul.ConfigEntryServiceIntentionsJwtProviderVerifyClaimArgs{
    									Paths: pulumi.StringArray{
    										pulumi.String("perms"),
    										pulumi.String("role"),
    									},
    									Value: pulumi.String("admin"),
    								},
    							},
    						},
    					},
    				},
    			},
    			Sources: consul.ConfigEntryServiceIntentionsSourceArray{
    				&consul.ConfigEntryServiceIntentionsSourceArgs{
    					Name:   pulumi.String("frontend-webapp"),
    					Type:   pulumi.String("consul"),
    					Action: pulumi.String("allow"),
    				},
    				&consul.ConfigEntryServiceIntentionsSourceArgs{
    					Name:   pulumi.String("nightly-cronjob"),
    					Type:   pulumi.String("consul"),
    					Action: pulumi.String("deny"),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using System.Text.Json;
    using Pulumi;
    using Consul = Pulumi.Consul;
    
    return await Deployment.RunAsync(() => 
    {
        var jwtProvider = new Consul.ConfigEntry("jwt_provider", new()
        {
            Name = "okta",
            Kind = "jwt-provider",
            ConfigJson = JsonSerializer.Serialize(new Dictionary<string, object?>
            {
                ["ClockSkewSeconds"] = 30,
                ["Issuer"] = "test-issuer",
                ["JSONWebKeySet"] = new Dictionary<string, object?>
                {
                    ["Remote"] = new Dictionary<string, object?>
                    {
                        ["URI"] = "https://127.0.0.1:9091",
                        ["FetchAsynchronously"] = true,
                    },
                },
            }),
        });
    
        var web = new Consul.ConfigEntryServiceIntentions("web", new()
        {
            Name = "web",
            Jwts = new[]
            {
                new Consul.Inputs.ConfigEntryServiceIntentionsJwtArgs
                {
                    Providers = new[]
                    {
                        new Consul.Inputs.ConfigEntryServiceIntentionsJwtProviderArgs
                        {
                            Name = jwtProvider.Name,
                            VerifyClaims = new[]
                            {
                                new Consul.Inputs.ConfigEntryServiceIntentionsJwtProviderVerifyClaimArgs
                                {
                                    Paths = new[]
                                    {
                                        "perms",
                                        "role",
                                    },
                                    Value = "admin",
                                },
                            },
                        },
                    },
                },
            },
            Sources = new[]
            {
                new Consul.Inputs.ConfigEntryServiceIntentionsSourceArgs
                {
                    Name = "frontend-webapp",
                    Type = "consul",
                    Action = "allow",
                },
                new Consul.Inputs.ConfigEntryServiceIntentionsSourceArgs
                {
                    Name = "nightly-cronjob",
                    Type = "consul",
                    Action = "deny",
                },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.consul.ConfigEntry;
    import com.pulumi.consul.ConfigEntryArgs;
    import com.pulumi.consul.ConfigEntryServiceIntentions;
    import com.pulumi.consul.ConfigEntryServiceIntentionsArgs;
    import com.pulumi.consul.inputs.ConfigEntryServiceIntentionsJwtArgs;
    import com.pulumi.consul.inputs.ConfigEntryServiceIntentionsSourceArgs;
    import static com.pulumi.codegen.internal.Serialization.*;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var jwtProvider = new ConfigEntry("jwtProvider", ConfigEntryArgs.builder()
                .name("okta")
                .kind("jwt-provider")
                .configJson(serializeJson(
                    jsonObject(
                        jsonProperty("ClockSkewSeconds", 30),
                        jsonProperty("Issuer", "test-issuer"),
                        jsonProperty("JSONWebKeySet", jsonObject(
                            jsonProperty("Remote", jsonObject(
                                jsonProperty("URI", "https://127.0.0.1:9091"),
                                jsonProperty("FetchAsynchronously", true)
                            ))
                        ))
                    )))
                .build());
    
            var web = new ConfigEntryServiceIntentions("web", ConfigEntryServiceIntentionsArgs.builder()
                .name("web")
                .jwts(ConfigEntryServiceIntentionsJwtArgs.builder()
                    .providers(ConfigEntryServiceIntentionsJwtProviderArgs.builder()
                        .name(jwtProvider.name())
                        .verifyClaims(ConfigEntryServiceIntentionsJwtProviderVerifyClaimArgs.builder()
                            .paths(                        
                                "perms",
                                "role")
                            .value("admin")
                            .build())
                        .build())
                    .build())
                .sources(            
                    ConfigEntryServiceIntentionsSourceArgs.builder()
                        .name("frontend-webapp")
                        .type("consul")
                        .action("allow")
                        .build(),
                    ConfigEntryServiceIntentionsSourceArgs.builder()
                        .name("nightly-cronjob")
                        .type("consul")
                        .action("deny")
                        .build())
                .build());
    
        }
    }
    
    resources:
      jwtProvider:
        type: consul:ConfigEntry
        name: jwt_provider
        properties:
          name: okta
          kind: jwt-provider
          configJson:
            fn::toJSON:
              ClockSkewSeconds: 30
              Issuer: test-issuer
              JSONWebKeySet:
                Remote:
                  URI: https://127.0.0.1:9091
                  FetchAsynchronously: true
      web:
        type: consul:ConfigEntryServiceIntentions
        properties:
          name: web
          jwts:
            - providers:
                - name: ${jwtProvider.name}
                  verifyClaims:
                    - paths:
                        - perms
                        - role
                      value: admin
          sources:
            - name: frontend-webapp
              type: consul
              action: allow
            - name: nightly-cronjob
              type: consul
              action: deny
    

    Create ConfigEntryServiceIntentions Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new ConfigEntryServiceIntentions(name: string, args?: ConfigEntryServiceIntentionsArgs, opts?: CustomResourceOptions);
    @overload
    def ConfigEntryServiceIntentions(resource_name: str,
                                     args: Optional[ConfigEntryServiceIntentionsArgs] = None,
                                     opts: Optional[ResourceOptions] = None)
    
    @overload
    def ConfigEntryServiceIntentions(resource_name: str,
                                     opts: Optional[ResourceOptions] = None,
                                     jwts: Optional[Sequence[ConfigEntryServiceIntentionsJwtArgs]] = None,
                                     meta: Optional[Mapping[str, str]] = None,
                                     name: Optional[str] = None,
                                     namespace: Optional[str] = None,
                                     partition: Optional[str] = None,
                                     sources: Optional[Sequence[ConfigEntryServiceIntentionsSourceArgs]] = None)
    func NewConfigEntryServiceIntentions(ctx *Context, name string, args *ConfigEntryServiceIntentionsArgs, opts ...ResourceOption) (*ConfigEntryServiceIntentions, error)
    public ConfigEntryServiceIntentions(string name, ConfigEntryServiceIntentionsArgs? args = null, CustomResourceOptions? opts = null)
    public ConfigEntryServiceIntentions(String name, ConfigEntryServiceIntentionsArgs args)
    public ConfigEntryServiceIntentions(String name, ConfigEntryServiceIntentionsArgs args, CustomResourceOptions options)
    
    type: consul:ConfigEntryServiceIntentions
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args ConfigEntryServiceIntentionsArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args ConfigEntryServiceIntentionsArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args ConfigEntryServiceIntentionsArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args ConfigEntryServiceIntentionsArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args ConfigEntryServiceIntentionsArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var configEntryServiceIntentionsResource = new Consul.ConfigEntryServiceIntentions("configEntryServiceIntentionsResource", new()
    {
        Jwts = new[]
        {
            new Consul.Inputs.ConfigEntryServiceIntentionsJwtArgs
            {
                Providers = new[]
                {
                    new Consul.Inputs.ConfigEntryServiceIntentionsJwtProviderArgs
                    {
                        Name = "string",
                        VerifyClaims = new[]
                        {
                            new Consul.Inputs.ConfigEntryServiceIntentionsJwtProviderVerifyClaimArgs
                            {
                                Paths = new[]
                                {
                                    "string",
                                },
                                Value = "string",
                            },
                        },
                    },
                },
            },
        },
        Meta = 
        {
            { "string", "string" },
        },
        Name = "string",
        Namespace = "string",
        Partition = "string",
        Sources = new[]
        {
            new Consul.Inputs.ConfigEntryServiceIntentionsSourceArgs
            {
                Action = "string",
                Description = "string",
                Name = "string",
                Namespace = "string",
                Partition = "string",
                Peer = "string",
                Permissions = new[]
                {
                    new Consul.Inputs.ConfigEntryServiceIntentionsSourcePermissionArgs
                    {
                        Action = "string",
                        Https = new[]
                        {
                            new Consul.Inputs.ConfigEntryServiceIntentionsSourcePermissionHttpArgs
                            {
                                Headers = new[]
                                {
                                    new Consul.Inputs.ConfigEntryServiceIntentionsSourcePermissionHttpHeaderArgs
                                    {
                                        Name = "string",
                                        Exact = "string",
                                        Invert = false,
                                        Prefix = "string",
                                        Present = false,
                                        Regex = "string",
                                        Suffix = "string",
                                    },
                                },
                                Methods = new[]
                                {
                                    "string",
                                },
                                PathExact = "string",
                                PathPrefix = "string",
                                PathRegex = "string",
                            },
                        },
                    },
                },
                Precedence = 0,
                SamenessGroup = "string",
                Type = "string",
            },
        },
    });
    
    example, err := consul.NewConfigEntryServiceIntentions(ctx, "configEntryServiceIntentionsResource", &consul.ConfigEntryServiceIntentionsArgs{
    	Jwts: consul.ConfigEntryServiceIntentionsJwtArray{
    		&consul.ConfigEntryServiceIntentionsJwtArgs{
    			Providers: consul.ConfigEntryServiceIntentionsJwtProviderArray{
    				&consul.ConfigEntryServiceIntentionsJwtProviderArgs{
    					Name: pulumi.String("string"),
    					VerifyClaims: consul.ConfigEntryServiceIntentionsJwtProviderVerifyClaimArray{
    						&consul.ConfigEntryServiceIntentionsJwtProviderVerifyClaimArgs{
    							Paths: pulumi.StringArray{
    								pulumi.String("string"),
    							},
    							Value: pulumi.String("string"),
    						},
    					},
    				},
    			},
    		},
    	},
    	Meta: pulumi.StringMap{
    		"string": pulumi.String("string"),
    	},
    	Name:      pulumi.String("string"),
    	Namespace: pulumi.String("string"),
    	Partition: pulumi.String("string"),
    	Sources: consul.ConfigEntryServiceIntentionsSourceArray{
    		&consul.ConfigEntryServiceIntentionsSourceArgs{
    			Action:      pulumi.String("string"),
    			Description: pulumi.String("string"),
    			Name:        pulumi.String("string"),
    			Namespace:   pulumi.String("string"),
    			Partition:   pulumi.String("string"),
    			Peer:        pulumi.String("string"),
    			Permissions: consul.ConfigEntryServiceIntentionsSourcePermissionArray{
    				&consul.ConfigEntryServiceIntentionsSourcePermissionArgs{
    					Action: pulumi.String("string"),
    					Https: consul.ConfigEntryServiceIntentionsSourcePermissionHttpArray{
    						&consul.ConfigEntryServiceIntentionsSourcePermissionHttpArgs{
    							Headers: consul.ConfigEntryServiceIntentionsSourcePermissionHttpHeaderArray{
    								&consul.ConfigEntryServiceIntentionsSourcePermissionHttpHeaderArgs{
    									Name:    pulumi.String("string"),
    									Exact:   pulumi.String("string"),
    									Invert:  pulumi.Bool(false),
    									Prefix:  pulumi.String("string"),
    									Present: pulumi.Bool(false),
    									Regex:   pulumi.String("string"),
    									Suffix:  pulumi.String("string"),
    								},
    							},
    							Methods: pulumi.StringArray{
    								pulumi.String("string"),
    							},
    							PathExact:  pulumi.String("string"),
    							PathPrefix: pulumi.String("string"),
    							PathRegex:  pulumi.String("string"),
    						},
    					},
    				},
    			},
    			Precedence:    pulumi.Int(0),
    			SamenessGroup: pulumi.String("string"),
    			Type:          pulumi.String("string"),
    		},
    	},
    })
    
    var configEntryServiceIntentionsResource = new ConfigEntryServiceIntentions("configEntryServiceIntentionsResource", ConfigEntryServiceIntentionsArgs.builder()
        .jwts(ConfigEntryServiceIntentionsJwtArgs.builder()
            .providers(ConfigEntryServiceIntentionsJwtProviderArgs.builder()
                .name("string")
                .verifyClaims(ConfigEntryServiceIntentionsJwtProviderVerifyClaimArgs.builder()
                    .paths("string")
                    .value("string")
                    .build())
                .build())
            .build())
        .meta(Map.of("string", "string"))
        .name("string")
        .namespace("string")
        .partition("string")
        .sources(ConfigEntryServiceIntentionsSourceArgs.builder()
            .action("string")
            .description("string")
            .name("string")
            .namespace("string")
            .partition("string")
            .peer("string")
            .permissions(ConfigEntryServiceIntentionsSourcePermissionArgs.builder()
                .action("string")
                .https(ConfigEntryServiceIntentionsSourcePermissionHttpArgs.builder()
                    .headers(ConfigEntryServiceIntentionsSourcePermissionHttpHeaderArgs.builder()
                        .name("string")
                        .exact("string")
                        .invert(false)
                        .prefix("string")
                        .present(false)
                        .regex("string")
                        .suffix("string")
                        .build())
                    .methods("string")
                    .pathExact("string")
                    .pathPrefix("string")
                    .pathRegex("string")
                    .build())
                .build())
            .precedence(0)
            .samenessGroup("string")
            .type("string")
            .build())
        .build());
    
    config_entry_service_intentions_resource = consul.ConfigEntryServiceIntentions("configEntryServiceIntentionsResource",
        jwts=[consul.ConfigEntryServiceIntentionsJwtArgs(
            providers=[consul.ConfigEntryServiceIntentionsJwtProviderArgs(
                name="string",
                verify_claims=[consul.ConfigEntryServiceIntentionsJwtProviderVerifyClaimArgs(
                    paths=["string"],
                    value="string",
                )],
            )],
        )],
        meta={
            "string": "string",
        },
        name="string",
        namespace="string",
        partition="string",
        sources=[consul.ConfigEntryServiceIntentionsSourceArgs(
            action="string",
            description="string",
            name="string",
            namespace="string",
            partition="string",
            peer="string",
            permissions=[consul.ConfigEntryServiceIntentionsSourcePermissionArgs(
                action="string",
                https=[consul.ConfigEntryServiceIntentionsSourcePermissionHttpArgs(
                    headers=[consul.ConfigEntryServiceIntentionsSourcePermissionHttpHeaderArgs(
                        name="string",
                        exact="string",
                        invert=False,
                        prefix="string",
                        present=False,
                        regex="string",
                        suffix="string",
                    )],
                    methods=["string"],
                    path_exact="string",
                    path_prefix="string",
                    path_regex="string",
                )],
            )],
            precedence=0,
            sameness_group="string",
            type="string",
        )])
    
    const configEntryServiceIntentionsResource = new consul.ConfigEntryServiceIntentions("configEntryServiceIntentionsResource", {
        jwts: [{
            providers: [{
                name: "string",
                verifyClaims: [{
                    paths: ["string"],
                    value: "string",
                }],
            }],
        }],
        meta: {
            string: "string",
        },
        name: "string",
        namespace: "string",
        partition: "string",
        sources: [{
            action: "string",
            description: "string",
            name: "string",
            namespace: "string",
            partition: "string",
            peer: "string",
            permissions: [{
                action: "string",
                https: [{
                    headers: [{
                        name: "string",
                        exact: "string",
                        invert: false,
                        prefix: "string",
                        present: false,
                        regex: "string",
                        suffix: "string",
                    }],
                    methods: ["string"],
                    pathExact: "string",
                    pathPrefix: "string",
                    pathRegex: "string",
                }],
            }],
            precedence: 0,
            samenessGroup: "string",
            type: "string",
        }],
    });
    
    type: consul:ConfigEntryServiceIntentions
    properties:
        jwts:
            - providers:
                - name: string
                  verifyClaims:
                    - paths:
                        - string
                      value: string
        meta:
            string: string
        name: string
        namespace: string
        partition: string
        sources:
            - action: string
              description: string
              name: string
              namespace: string
              partition: string
              peer: string
              permissions:
                - action: string
                  https:
                    - headers:
                        - exact: string
                          invert: false
                          name: string
                          prefix: string
                          present: false
                          regex: string
                          suffix: string
                      methods:
                        - string
                      pathExact: string
                      pathPrefix: string
                      pathRegex: string
              precedence: 0
              samenessGroup: string
              type: string
    

    ConfigEntryServiceIntentions Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The ConfigEntryServiceIntentions resource accepts the following input properties:

    Jwts List<ConfigEntryServiceIntentionsJwt>
    Specifies a JSON Web Token provider configured in a JWT provider configuration entry, as well as additional configurations for verifying a service's JWT before authorizing communication between services
    Meta Dictionary<string, string>
    Specifies key-value pairs to add to the KV store.
    Name string
    Specifies a name of the destination service for all intentions defined in the configuration entry.
    Namespace string
    Specifies the namespace to apply the configuration entry.
    Partition string
    Specifies the admin partition to apply the configuration entry.
    Sources List<ConfigEntryServiceIntentionsSource>
    List of configurations that define intention sources and the authorization granted to the sources.
    Jwts []ConfigEntryServiceIntentionsJwtArgs
    Specifies a JSON Web Token provider configured in a JWT provider configuration entry, as well as additional configurations for verifying a service's JWT before authorizing communication between services
    Meta map[string]string
    Specifies key-value pairs to add to the KV store.
    Name string
    Specifies a name of the destination service for all intentions defined in the configuration entry.
    Namespace string
    Specifies the namespace to apply the configuration entry.
    Partition string
    Specifies the admin partition to apply the configuration entry.
    Sources []ConfigEntryServiceIntentionsSourceArgs
    List of configurations that define intention sources and the authorization granted to the sources.
    jwts List<ConfigEntryServiceIntentionsJwt>
    Specifies a JSON Web Token provider configured in a JWT provider configuration entry, as well as additional configurations for verifying a service's JWT before authorizing communication between services
    meta Map<String,String>
    Specifies key-value pairs to add to the KV store.
    name String
    Specifies a name of the destination service for all intentions defined in the configuration entry.
    namespace String
    Specifies the namespace to apply the configuration entry.
    partition String
    Specifies the admin partition to apply the configuration entry.
    sources List<ConfigEntryServiceIntentionsSource>
    List of configurations that define intention sources and the authorization granted to the sources.
    jwts ConfigEntryServiceIntentionsJwt[]
    Specifies a JSON Web Token provider configured in a JWT provider configuration entry, as well as additional configurations for verifying a service's JWT before authorizing communication between services
    meta {[key: string]: string}
    Specifies key-value pairs to add to the KV store.
    name string
    Specifies a name of the destination service for all intentions defined in the configuration entry.
    namespace string
    Specifies the namespace to apply the configuration entry.
    partition string
    Specifies the admin partition to apply the configuration entry.
    sources ConfigEntryServiceIntentionsSource[]
    List of configurations that define intention sources and the authorization granted to the sources.
    jwts Sequence[ConfigEntryServiceIntentionsJwtArgs]
    Specifies a JSON Web Token provider configured in a JWT provider configuration entry, as well as additional configurations for verifying a service's JWT before authorizing communication between services
    meta Mapping[str, str]
    Specifies key-value pairs to add to the KV store.
    name str
    Specifies a name of the destination service for all intentions defined in the configuration entry.
    namespace str
    Specifies the namespace to apply the configuration entry.
    partition str
    Specifies the admin partition to apply the configuration entry.
    sources Sequence[ConfigEntryServiceIntentionsSourceArgs]
    List of configurations that define intention sources and the authorization granted to the sources.
    jwts List<Property Map>
    Specifies a JSON Web Token provider configured in a JWT provider configuration entry, as well as additional configurations for verifying a service's JWT before authorizing communication between services
    meta Map<String>
    Specifies key-value pairs to add to the KV store.
    name String
    Specifies a name of the destination service for all intentions defined in the configuration entry.
    namespace String
    Specifies the namespace to apply the configuration entry.
    partition String
    Specifies the admin partition to apply the configuration entry.
    sources List<Property Map>
    List of configurations that define intention sources and the authorization granted to the sources.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the ConfigEntryServiceIntentions resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing ConfigEntryServiceIntentions Resource

    Get an existing ConfigEntryServiceIntentions resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: ConfigEntryServiceIntentionsState, opts?: CustomResourceOptions): ConfigEntryServiceIntentions
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            jwts: Optional[Sequence[ConfigEntryServiceIntentionsJwtArgs]] = None,
            meta: Optional[Mapping[str, str]] = None,
            name: Optional[str] = None,
            namespace: Optional[str] = None,
            partition: Optional[str] = None,
            sources: Optional[Sequence[ConfigEntryServiceIntentionsSourceArgs]] = None) -> ConfigEntryServiceIntentions
    func GetConfigEntryServiceIntentions(ctx *Context, name string, id IDInput, state *ConfigEntryServiceIntentionsState, opts ...ResourceOption) (*ConfigEntryServiceIntentions, error)
    public static ConfigEntryServiceIntentions Get(string name, Input<string> id, ConfigEntryServiceIntentionsState? state, CustomResourceOptions? opts = null)
    public static ConfigEntryServiceIntentions get(String name, Output<String> id, ConfigEntryServiceIntentionsState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    Jwts List<ConfigEntryServiceIntentionsJwt>
    Specifies a JSON Web Token provider configured in a JWT provider configuration entry, as well as additional configurations for verifying a service's JWT before authorizing communication between services
    Meta Dictionary<string, string>
    Specifies key-value pairs to add to the KV store.
    Name string
    Specifies a name of the destination service for all intentions defined in the configuration entry.
    Namespace string
    Specifies the namespace to apply the configuration entry.
    Partition string
    Specifies the admin partition to apply the configuration entry.
    Sources List<ConfigEntryServiceIntentionsSource>
    List of configurations that define intention sources and the authorization granted to the sources.
    Jwts []ConfigEntryServiceIntentionsJwtArgs
    Specifies a JSON Web Token provider configured in a JWT provider configuration entry, as well as additional configurations for verifying a service's JWT before authorizing communication between services
    Meta map[string]string
    Specifies key-value pairs to add to the KV store.
    Name string
    Specifies a name of the destination service for all intentions defined in the configuration entry.
    Namespace string
    Specifies the namespace to apply the configuration entry.
    Partition string
    Specifies the admin partition to apply the configuration entry.
    Sources []ConfigEntryServiceIntentionsSourceArgs
    List of configurations that define intention sources and the authorization granted to the sources.
    jwts List<ConfigEntryServiceIntentionsJwt>
    Specifies a JSON Web Token provider configured in a JWT provider configuration entry, as well as additional configurations for verifying a service's JWT before authorizing communication between services
    meta Map<String,String>
    Specifies key-value pairs to add to the KV store.
    name String
    Specifies a name of the destination service for all intentions defined in the configuration entry.
    namespace String
    Specifies the namespace to apply the configuration entry.
    partition String
    Specifies the admin partition to apply the configuration entry.
    sources List<ConfigEntryServiceIntentionsSource>
    List of configurations that define intention sources and the authorization granted to the sources.
    jwts ConfigEntryServiceIntentionsJwt[]
    Specifies a JSON Web Token provider configured in a JWT provider configuration entry, as well as additional configurations for verifying a service's JWT before authorizing communication between services
    meta {[key: string]: string}
    Specifies key-value pairs to add to the KV store.
    name string
    Specifies a name of the destination service for all intentions defined in the configuration entry.
    namespace string
    Specifies the namespace to apply the configuration entry.
    partition string
    Specifies the admin partition to apply the configuration entry.
    sources ConfigEntryServiceIntentionsSource[]
    List of configurations that define intention sources and the authorization granted to the sources.
    jwts Sequence[ConfigEntryServiceIntentionsJwtArgs]
    Specifies a JSON Web Token provider configured in a JWT provider configuration entry, as well as additional configurations for verifying a service's JWT before authorizing communication between services
    meta Mapping[str, str]
    Specifies key-value pairs to add to the KV store.
    name str
    Specifies a name of the destination service for all intentions defined in the configuration entry.
    namespace str
    Specifies the namespace to apply the configuration entry.
    partition str
    Specifies the admin partition to apply the configuration entry.
    sources Sequence[ConfigEntryServiceIntentionsSourceArgs]
    List of configurations that define intention sources and the authorization granted to the sources.
    jwts List<Property Map>
    Specifies a JSON Web Token provider configured in a JWT provider configuration entry, as well as additional configurations for verifying a service's JWT before authorizing communication between services
    meta Map<String>
    Specifies key-value pairs to add to the KV store.
    name String
    Specifies a name of the destination service for all intentions defined in the configuration entry.
    namespace String
    Specifies the namespace to apply the configuration entry.
    partition String
    Specifies the admin partition to apply the configuration entry.
    sources List<Property Map>
    List of configurations that define intention sources and the authorization granted to the sources.

    Supporting Types

    ConfigEntryServiceIntentionsJwt, ConfigEntryServiceIntentionsJwtArgs

    Providers List<ConfigEntryServiceIntentionsJwtProvider>
    Specifies the names of one or more previously configured JWT provider configuration entries, which include the information necessary to validate a JSON web token.
    Providers []ConfigEntryServiceIntentionsJwtProvider
    Specifies the names of one or more previously configured JWT provider configuration entries, which include the information necessary to validate a JSON web token.
    providers List<ConfigEntryServiceIntentionsJwtProvider>
    Specifies the names of one or more previously configured JWT provider configuration entries, which include the information necessary to validate a JSON web token.
    providers ConfigEntryServiceIntentionsJwtProvider[]
    Specifies the names of one or more previously configured JWT provider configuration entries, which include the information necessary to validate a JSON web token.
    providers Sequence[ConfigEntryServiceIntentionsJwtProvider]
    Specifies the names of one or more previously configured JWT provider configuration entries, which include the information necessary to validate a JSON web token.
    providers List<Property Map>
    Specifies the names of one or more previously configured JWT provider configuration entries, which include the information necessary to validate a JSON web token.

    ConfigEntryServiceIntentionsJwtProvider, ConfigEntryServiceIntentionsJwtProviderArgs

    Name string
    Specifies the name of a JWT provider defined in the Name field of the jwt-provider configuration entry.
    VerifyClaims List<ConfigEntryServiceIntentionsJwtProviderVerifyClaim>
    Specifies additional token information to verify beyond what is configured in the JWT provider configuration entry.
    Name string
    Specifies the name of a JWT provider defined in the Name field of the jwt-provider configuration entry.
    VerifyClaims []ConfigEntryServiceIntentionsJwtProviderVerifyClaim
    Specifies additional token information to verify beyond what is configured in the JWT provider configuration entry.
    name String
    Specifies the name of a JWT provider defined in the Name field of the jwt-provider configuration entry.
    verifyClaims List<ConfigEntryServiceIntentionsJwtProviderVerifyClaim>
    Specifies additional token information to verify beyond what is configured in the JWT provider configuration entry.
    name string
    Specifies the name of a JWT provider defined in the Name field of the jwt-provider configuration entry.
    verifyClaims ConfigEntryServiceIntentionsJwtProviderVerifyClaim[]
    Specifies additional token information to verify beyond what is configured in the JWT provider configuration entry.
    name str
    Specifies the name of a JWT provider defined in the Name field of the jwt-provider configuration entry.
    verify_claims Sequence[ConfigEntryServiceIntentionsJwtProviderVerifyClaim]
    Specifies additional token information to verify beyond what is configured in the JWT provider configuration entry.
    name String
    Specifies the name of a JWT provider defined in the Name field of the jwt-provider configuration entry.
    verifyClaims List<Property Map>
    Specifies additional token information to verify beyond what is configured in the JWT provider configuration entry.

    ConfigEntryServiceIntentionsJwtProviderVerifyClaim, ConfigEntryServiceIntentionsJwtProviderVerifyClaimArgs

    Paths List<string>
    Specifies the path to the claim in the JSON web token.
    Value string
    Specifies the value to match on when verifying the the claim designated in path.
    Paths []string
    Specifies the path to the claim in the JSON web token.
    Value string
    Specifies the value to match on when verifying the the claim designated in path.
    paths List<String>
    Specifies the path to the claim in the JSON web token.
    value String
    Specifies the value to match on when verifying the the claim designated in path.
    paths string[]
    Specifies the path to the claim in the JSON web token.
    value string
    Specifies the value to match on when verifying the the claim designated in path.
    paths Sequence[str]
    Specifies the path to the claim in the JSON web token.
    value str
    Specifies the value to match on when verifying the the claim designated in path.
    paths List<String>
    Specifies the path to the claim in the JSON web token.
    value String
    Specifies the value to match on when verifying the the claim designated in path.

    ConfigEntryServiceIntentionsSource, ConfigEntryServiceIntentionsSourceArgs

    Action string
    Specifies the action to take when the source sends traffic to the destination service.
    Description string
    Specifies a description of the intention.
    Name string
    Specifies the name of the source that the intention allows or denies traffic from.
    Namespace string
    Specifies the traffic source namespace that the intention allows or denies traffic from.
    Partition string
    Specifies the name of an admin partition that the intention allows or denies traffic from.
    Peer string
    Specifies the name of a peered Consul cluster that the intention allows or denies traffic from
    Permissions List<ConfigEntryServiceIntentionsSourcePermission>
    Specifies a list of permissions for L7 traffic sources. The list contains one or more actions and a set of match criteria for each action.
    Precedence int
    The Precedence field contains a read-only integer. Consul generates the value based on name configurations for the source and destination services.
    SamenessGroup string
    Specifies the name of a sameness group that the intention allows or denies traffic from.
    Type string
    Specifies the type of destination service that the configuration entry applies to.
    Action string
    Specifies the action to take when the source sends traffic to the destination service.
    Description string
    Specifies a description of the intention.
    Name string
    Specifies the name of the source that the intention allows or denies traffic from.
    Namespace string
    Specifies the traffic source namespace that the intention allows or denies traffic from.
    Partition string
    Specifies the name of an admin partition that the intention allows or denies traffic from.
    Peer string
    Specifies the name of a peered Consul cluster that the intention allows or denies traffic from
    Permissions []ConfigEntryServiceIntentionsSourcePermission
    Specifies a list of permissions for L7 traffic sources. The list contains one or more actions and a set of match criteria for each action.
    Precedence int
    The Precedence field contains a read-only integer. Consul generates the value based on name configurations for the source and destination services.
    SamenessGroup string
    Specifies the name of a sameness group that the intention allows or denies traffic from.
    Type string
    Specifies the type of destination service that the configuration entry applies to.
    action String
    Specifies the action to take when the source sends traffic to the destination service.
    description String
    Specifies a description of the intention.
    name String
    Specifies the name of the source that the intention allows or denies traffic from.
    namespace String
    Specifies the traffic source namespace that the intention allows or denies traffic from.
    partition String
    Specifies the name of an admin partition that the intention allows or denies traffic from.
    peer String
    Specifies the name of a peered Consul cluster that the intention allows or denies traffic from
    permissions List<ConfigEntryServiceIntentionsSourcePermission>
    Specifies a list of permissions for L7 traffic sources. The list contains one or more actions and a set of match criteria for each action.
    precedence Integer
    The Precedence field contains a read-only integer. Consul generates the value based on name configurations for the source and destination services.
    samenessGroup String
    Specifies the name of a sameness group that the intention allows or denies traffic from.
    type String
    Specifies the type of destination service that the configuration entry applies to.
    action string
    Specifies the action to take when the source sends traffic to the destination service.
    description string
    Specifies a description of the intention.
    name string
    Specifies the name of the source that the intention allows or denies traffic from.
    namespace string
    Specifies the traffic source namespace that the intention allows or denies traffic from.
    partition string
    Specifies the name of an admin partition that the intention allows or denies traffic from.
    peer string
    Specifies the name of a peered Consul cluster that the intention allows or denies traffic from
    permissions ConfigEntryServiceIntentionsSourcePermission[]
    Specifies a list of permissions for L7 traffic sources. The list contains one or more actions and a set of match criteria for each action.
    precedence number
    The Precedence field contains a read-only integer. Consul generates the value based on name configurations for the source and destination services.
    samenessGroup string
    Specifies the name of a sameness group that the intention allows or denies traffic from.
    type string
    Specifies the type of destination service that the configuration entry applies to.
    action str
    Specifies the action to take when the source sends traffic to the destination service.
    description str
    Specifies a description of the intention.
    name str
    Specifies the name of the source that the intention allows or denies traffic from.
    namespace str
    Specifies the traffic source namespace that the intention allows or denies traffic from.
    partition str
    Specifies the name of an admin partition that the intention allows or denies traffic from.
    peer str
    Specifies the name of a peered Consul cluster that the intention allows or denies traffic from
    permissions Sequence[ConfigEntryServiceIntentionsSourcePermission]
    Specifies a list of permissions for L7 traffic sources. The list contains one or more actions and a set of match criteria for each action.
    precedence int
    The Precedence field contains a read-only integer. Consul generates the value based on name configurations for the source and destination services.
    sameness_group str
    Specifies the name of a sameness group that the intention allows or denies traffic from.
    type str
    Specifies the type of destination service that the configuration entry applies to.
    action String
    Specifies the action to take when the source sends traffic to the destination service.
    description String
    Specifies a description of the intention.
    name String
    Specifies the name of the source that the intention allows or denies traffic from.
    namespace String
    Specifies the traffic source namespace that the intention allows or denies traffic from.
    partition String
    Specifies the name of an admin partition that the intention allows or denies traffic from.
    peer String
    Specifies the name of a peered Consul cluster that the intention allows or denies traffic from
    permissions List<Property Map>
    Specifies a list of permissions for L7 traffic sources. The list contains one or more actions and a set of match criteria for each action.
    precedence Number
    The Precedence field contains a read-only integer. Consul generates the value based on name configurations for the source and destination services.
    samenessGroup String
    Specifies the name of a sameness group that the intention allows or denies traffic from.
    type String
    Specifies the type of destination service that the configuration entry applies to.

    ConfigEntryServiceIntentionsSourcePermission, ConfigEntryServiceIntentionsSourcePermissionArgs

    Action string
    Specifies the action to take when the source sends traffic to the destination service. The value is either allow or deny.
    Https List<ConfigEntryServiceIntentionsSourcePermissionHttp>
    Specifies a set of HTTP-specific match criteria.
    Action string
    Specifies the action to take when the source sends traffic to the destination service. The value is either allow or deny.
    Https []ConfigEntryServiceIntentionsSourcePermissionHttp
    Specifies a set of HTTP-specific match criteria.
    action String
    Specifies the action to take when the source sends traffic to the destination service. The value is either allow or deny.
    https List<ConfigEntryServiceIntentionsSourcePermissionHttp>
    Specifies a set of HTTP-specific match criteria.
    action string
    Specifies the action to take when the source sends traffic to the destination service. The value is either allow or deny.
    https ConfigEntryServiceIntentionsSourcePermissionHttp[]
    Specifies a set of HTTP-specific match criteria.
    action str
    Specifies the action to take when the source sends traffic to the destination service. The value is either allow or deny.
    https Sequence[ConfigEntryServiceIntentionsSourcePermissionHttp]
    Specifies a set of HTTP-specific match criteria.
    action String
    Specifies the action to take when the source sends traffic to the destination service. The value is either allow or deny.
    https List<Property Map>
    Specifies a set of HTTP-specific match criteria.

    ConfigEntryServiceIntentionsSourcePermissionHttp, ConfigEntryServiceIntentionsSourcePermissionHttpArgs

    Headers List<ConfigEntryServiceIntentionsSourcePermissionHttpHeader>
    Specifies a header name and matching criteria for HTTP request headers.
    Methods List<string>
    Specifies a list of HTTP methods.
    PathExact string
    Specifies an exact path to match on the HTTP request path.
    PathPrefix string
    Specifies a path prefix to match on the HTTP request path.
    PathRegex string
    Defines a regular expression to match on the HTTP request path.
    Headers []ConfigEntryServiceIntentionsSourcePermissionHttpHeader
    Specifies a header name and matching criteria for HTTP request headers.
    Methods []string
    Specifies a list of HTTP methods.
    PathExact string
    Specifies an exact path to match on the HTTP request path.
    PathPrefix string
    Specifies a path prefix to match on the HTTP request path.
    PathRegex string
    Defines a regular expression to match on the HTTP request path.
    headers List<ConfigEntryServiceIntentionsSourcePermissionHttpHeader>
    Specifies a header name and matching criteria for HTTP request headers.
    methods List<String>
    Specifies a list of HTTP methods.
    pathExact String
    Specifies an exact path to match on the HTTP request path.
    pathPrefix String
    Specifies a path prefix to match on the HTTP request path.
    pathRegex String
    Defines a regular expression to match on the HTTP request path.
    headers ConfigEntryServiceIntentionsSourcePermissionHttpHeader[]
    Specifies a header name and matching criteria for HTTP request headers.
    methods string[]
    Specifies a list of HTTP methods.
    pathExact string
    Specifies an exact path to match on the HTTP request path.
    pathPrefix string
    Specifies a path prefix to match on the HTTP request path.
    pathRegex string
    Defines a regular expression to match on the HTTP request path.
    headers Sequence[ConfigEntryServiceIntentionsSourcePermissionHttpHeader]
    Specifies a header name and matching criteria for HTTP request headers.
    methods Sequence[str]
    Specifies a list of HTTP methods.
    path_exact str
    Specifies an exact path to match on the HTTP request path.
    path_prefix str
    Specifies a path prefix to match on the HTTP request path.
    path_regex str
    Defines a regular expression to match on the HTTP request path.
    headers List<Property Map>
    Specifies a header name and matching criteria for HTTP request headers.
    methods List<String>
    Specifies a list of HTTP methods.
    pathExact String
    Specifies an exact path to match on the HTTP request path.
    pathPrefix String
    Specifies a path prefix to match on the HTTP request path.
    pathRegex String
    Defines a regular expression to match on the HTTP request path.

    ConfigEntryServiceIntentionsSourcePermissionHttpHeader, ConfigEntryServiceIntentionsSourcePermissionHttpHeaderArgs

    Name string
    Specifies the name of the header to match.
    Exact string
    Specifies a value for the header key set in the Name field. If the request header value matches the Exact value, Consul applies the permission.
    Invert bool
    Inverts the matching logic configured in the Header.
    Prefix string
    Specifies a prefix value for the header key set in the Name field.
    Present bool
    Enables a match if the header configured in the Name field appears in the request. Consul matches on any value as long as the header key appears in the request.
    Regex string
    Specifies a regular expression pattern as the value for the header key set in the Name field.
    Suffix string
    Specifies a suffix value for the header key set in the Name field.
    Name string
    Specifies the name of the header to match.
    Exact string
    Specifies a value for the header key set in the Name field. If the request header value matches the Exact value, Consul applies the permission.
    Invert bool
    Inverts the matching logic configured in the Header.
    Prefix string
    Specifies a prefix value for the header key set in the Name field.
    Present bool
    Enables a match if the header configured in the Name field appears in the request. Consul matches on any value as long as the header key appears in the request.
    Regex string
    Specifies a regular expression pattern as the value for the header key set in the Name field.
    Suffix string
    Specifies a suffix value for the header key set in the Name field.
    name String
    Specifies the name of the header to match.
    exact String
    Specifies a value for the header key set in the Name field. If the request header value matches the Exact value, Consul applies the permission.
    invert Boolean
    Inverts the matching logic configured in the Header.
    prefix String
    Specifies a prefix value for the header key set in the Name field.
    present Boolean
    Enables a match if the header configured in the Name field appears in the request. Consul matches on any value as long as the header key appears in the request.
    regex String
    Specifies a regular expression pattern as the value for the header key set in the Name field.
    suffix String
    Specifies a suffix value for the header key set in the Name field.
    name string
    Specifies the name of the header to match.
    exact string
    Specifies a value for the header key set in the Name field. If the request header value matches the Exact value, Consul applies the permission.
    invert boolean
    Inverts the matching logic configured in the Header.
    prefix string
    Specifies a prefix value for the header key set in the Name field.
    present boolean
    Enables a match if the header configured in the Name field appears in the request. Consul matches on any value as long as the header key appears in the request.
    regex string
    Specifies a regular expression pattern as the value for the header key set in the Name field.
    suffix string
    Specifies a suffix value for the header key set in the Name field.
    name str
    Specifies the name of the header to match.
    exact str
    Specifies a value for the header key set in the Name field. If the request header value matches the Exact value, Consul applies the permission.
    invert bool
    Inverts the matching logic configured in the Header.
    prefix str
    Specifies a prefix value for the header key set in the Name field.
    present bool
    Enables a match if the header configured in the Name field appears in the request. Consul matches on any value as long as the header key appears in the request.
    regex str
    Specifies a regular expression pattern as the value for the header key set in the Name field.
    suffix str
    Specifies a suffix value for the header key set in the Name field.
    name String
    Specifies the name of the header to match.
    exact String
    Specifies a value for the header key set in the Name field. If the request header value matches the Exact value, Consul applies the permission.
    invert Boolean
    Inverts the matching logic configured in the Header.
    prefix String
    Specifies a prefix value for the header key set in the Name field.
    present Boolean
    Enables a match if the header configured in the Name field appears in the request. Consul matches on any value as long as the header key appears in the request.
    regex String
    Specifies a regular expression pattern as the value for the header key set in the Name field.
    suffix String
    Specifies a suffix value for the header key set in the Name field.

    Package Details

    Repository
    HashiCorp Consul pulumi/pulumi-consul
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the consul Terraform Provider.
    consul logo
    Consul v3.12.2 published on Wednesday, Oct 16, 2024 by Pulumi