@pulumi/harness 0.0.7-alpha.1719955866

package/platform/vaultConnector.d.ts

@@ -0,0 +1,573 @@
+import * as pulumi from "@pulumi/pulumi";
+/**
+ * Resource for creating a HashiCorp Vault Secret Manager connector.
+ *
+ * ## Example Usage
+ *
+ * ```typescript
+ * import * as pulumi from "@pulumi/pulumi";
+ * import * as harness from "@pulumi/harness";
+ *
+ * const awsAuth = new harness.platform.VaultConnector("aws_auth", {
+ *     identifier: "identifier",
+ *     name: "name",
+ *     description: "test",
+ *     tags: ["foo:bar"],
+ *     awsRegion: "aws_region",
+ *     basePath: "base_path",
+ *     accessType: "AWS_IAM",
+ *     "default": false,
+ *     xvaultAwsIamServerId: `account.${test.id}`,
+ *     readOnly: true,
+ *     renewalIntervalMinutes: 60,
+ *     secretEngineManuallyConfigured: true,
+ *     secretEngineName: "secret_engine_name",
+ *     secretEngineVersion: 2,
+ *     vaultAwsIamRole: "vault_aws_iam_role",
+ *     useAwsIam: true,
+ *     useK8sAuth: false,
+ *     useVaultAgent: false,
+ *     delegateSelectors: ["harness-delegate"],
+ *     vaultUrl: "https://vault_url.com",
+ * });
+ * const appRole = new harness.platform.VaultConnector("app_role", {
+ *     identifier: "identifier",
+ *     name: "name",
+ *     description: "test",
+ *     tags: ["foo:bar"],
+ *     appRoleId: "app_role_id",
+ *     basePath: "base_path",
+ *     accessType: "APP_ROLE",
+ *     "default": false,
+ *     secretId: `account.${test.id}`,
+ *     readOnly: true,
+ *     renewalIntervalMinutes: 60,
+ *     secretEngineManuallyConfigured: true,
+ *     secretEngineName: "secret_engine_name",
+ *     secretEngineVersion: 2,
+ *     useAwsIam: false,
+ *     useK8sAuth: false,
+ *     useVaultAgent: false,
+ *     renewAppRoleToken: true,
+ *     delegateSelectors: ["harness-delegate"],
+ *     vaultUrl: "https://vault_url.com",
+ * });
+ * const k8sAuth = new harness.platform.VaultConnector("k8s_auth", {
+ *     identifier: "identifier",
+ *     name: "name",
+ *     description: "test",
+ *     tags: ["foo:bar"],
+ *     authToken: `account.${test.id}`,
+ *     basePath: "base_path",
+ *     accessType: "K8s_AUTH",
+ *     "default": false,
+ *     k8sAuthEndpoint: "k8s_auth_endpoint",
+ *     namespace: "namespace",
+ *     readOnly: true,
+ *     renewalIntervalMinutes: 10,
+ *     secretEngineManuallyConfigured: true,
+ *     secretEngineName: "secret_engine_name",
+ *     secretEngineVersion: 2,
+ *     serviceAccountTokenPath: "service_account_token_path",
+ *     useAwsIam: false,
+ *     useK8sAuth: true,
+ *     useVaultAgent: false,
+ *     vaultK8sAuthRole: "vault_k8s_auth_role",
+ *     vaultAwsIamRole: "vault_aws_iam_role",
+ *     delegateSelectors: ["harness-delegate"],
+ *     vaultUrl: "https://vault_url.com",
+ * });
+ * const vaultAgent = new harness.platform.VaultConnector("vault_agent", {
+ *     identifier: "identifier",
+ *     name: "name",
+ *     description: "test",
+ *     tags: ["foo:bar"],
+ *     authToken: `account.${test.id}`,
+ *     basePath: "base_path",
+ *     accessType: "VAULT_AGENT",
+ *     "default": false,
+ *     namespace: "namespace",
+ *     readOnly: true,
+ *     renewalIntervalMinutes: 10,
+ *     secretEngineManuallyConfigured: true,
+ *     secretEngineName: "secret_engine_name",
+ *     secretEngineVersion: 2,
+ *     useAwsIam: false,
+ *     useK8sAuth: false,
+ *     useVaultAgent: true,
+ *     sinkPath: "sink_path",
+ *     delegateSelectors: ["harness-delegate"],
+ *     vaultUrl: "https://vault_url.com",
+ * });
+ * const token = new harness.platform.VaultConnector("token", {
+ *     identifier: "identifier",
+ *     name: "name",
+ *     description: "test",
+ *     tags: ["foo:bar"],
+ *     authToken: `account.${test.id}`,
+ *     basePath: "base_path",
+ *     accessType: "TOKEN",
+ *     "default": false,
+ *     namespace: "namespace",
+ *     readOnly: true,
+ *     renewalIntervalMinutes: 10,
+ *     secretEngineManuallyConfigured: true,
+ *     secretEngineName: "secret_engine_name",
+ *     secretEngineVersion: 2,
+ *     useAwsIam: false,
+ *     useK8sAuth: false,
+ *     vaultUrl: "https://vault_url.com",
+ * });
+ * ```
+ *
+ * ## Import
+ *
+ * Import account level vault connector
+ *
+ * ```sh
+ * $ pulumi import harness:platform/vaultConnector:VaultConnector example <connector_id>
+ * ```
+ *
+ * Import org level vault connector
+ *
+ * ```sh
+ * $ pulumi import harness:platform/vaultConnector:VaultConnector example <ord_id>/<connector_id>
+ * ```
+ *
+ * Import project level vault connector
+ *
+ * ```sh
+ * $ pulumi import harness:platform/vaultConnector:VaultConnector example <org_id>/<project_id>/<connector_id>
+ * ```
+ */
+export declare class VaultConnector extends pulumi.CustomResource {
+    /**
+     * Get an existing VaultConnector resource's state with the given name, ID, and optional extra
+     * properties used to qualify the lookup.
+     *
+     * @param name The _unique_ name of the resulting resource.
+     * @param id The _unique_ provider ID of the resource to lookup.
+     * @param state Any extra arguments used during the lookup.
+     * @param opts Optional settings to control the behavior of the CustomResource.
+     */
+    static get(name: string, id: pulumi.Input<pulumi.ID>, state?: VaultConnectorState, opts?: pulumi.CustomResourceOptions): VaultConnector;
+    /**
+     * Returns true if the given object is an instance of VaultConnector.  This is designed to work even
+     * when multiple copies of the Pulumi SDK have been loaded into the same process.
+     */
+    static isInstance(obj: any): obj is VaultConnector;
+    /**
+     * Access type.
+     */
+    readonly accessType: pulumi.Output<string | undefined>;
+    /**
+     * ID of App Role.
+     */
+    readonly appRoleId: pulumi.Output<string | undefined>;
+    /**
+     * Authentication token for Vault.
+     */
+    readonly authToken: pulumi.Output<string>;
+    /**
+     * AWS region where the AWS IAM authentication will happen.
+     */
+    readonly awsRegion: pulumi.Output<string | undefined>;
+    /**
+     * Location of the Vault directory where the secret will be stored.
+     */
+    readonly basePath: pulumi.Output<string | undefined>;
+    /**
+     * Is default or not.
+     */
+    readonly default: pulumi.Output<boolean | undefined>;
+    /**
+     * List of Delegate Selectors that belong to the same Delegate and are used to connect to the Secret Manager.
+     */
+    readonly delegateSelectors: pulumi.Output<string[] | undefined>;
+    /**
+     * Description of the resource.
+     */
+    readonly description: pulumi.Output<string | undefined>;
+    /**
+     * Unique identifier of the resource.
+     */
+    readonly identifier: pulumi.Output<string>;
+    /**
+     * Is default or not.
+     */
+    readonly isDefault: pulumi.Output<boolean | undefined>;
+    /**
+     * Read only or not.
+     */
+    readonly isReadOnly: pulumi.Output<boolean | undefined>;
+    /**
+     * The path where Kubernetes Auth is enabled in Vault.
+     */
+    readonly k8sAuthEndpoint: pulumi.Output<string | undefined>;
+    /**
+     * Name of the resource.
+     */
+    readonly name: pulumi.Output<string>;
+    /**
+     * Vault namespace where the Secret will be created.
+     */
+    readonly namespace: pulumi.Output<string | undefined>;
+    /**
+     * Unique identifier of the organization.
+     */
+    readonly orgId: pulumi.Output<string | undefined>;
+    /**
+     * Unique identifier of the project.
+     */
+    readonly projectId: pulumi.Output<string | undefined>;
+    /**
+     * Read only.
+     */
+    readonly readOnly: pulumi.Output<boolean | undefined>;
+    /**
+     * Boolean value to indicate if AppRole token renewal is enabled or not.
+     */
+    readonly renewAppRoleToken: pulumi.Output<boolean>;
+    /**
+     * The time interval for the token renewal.
+     */
+    readonly renewalIntervalMinutes: pulumi.Output<number>;
+    /**
+     * Manually entered Secret Engine.
+     */
+    readonly secretEngineManuallyConfigured: pulumi.Output<boolean | undefined>;
+    /**
+     * Name of the Secret Engine.
+     */
+    readonly secretEngineName: pulumi.Output<string | undefined>;
+    /**
+     * Version of Secret Engine.
+     */
+    readonly secretEngineVersion: pulumi.Output<number | undefined>;
+    /**
+     * ID of the Secret.
+     */
+    readonly secretId: pulumi.Output<string | undefined>;
+    /**
+     * The Service Account token path in the K8s pod where the token is mounted.
+     */
+    readonly serviceAccountTokenPath: pulumi.Output<string | undefined>;
+    /**
+     * The location from which the authentication token should be read.
+     */
+    readonly sinkPath: pulumi.Output<string | undefined>;
+    /**
+     * Tags to associate with the resource.
+     */
+    readonly tags: pulumi.Output<string[] | undefined>;
+    /**
+     * Boolean value to indicate if AWS IAM is used for authentication.
+     */
+    readonly useAwsIam: pulumi.Output<boolean | undefined>;
+    /**
+     * Boolean value to indicate if K8s Auth is used for authentication.
+     */
+    readonly useK8sAuth: pulumi.Output<boolean | undefined>;
+    /**
+     * Boolean value to indicate if Vault Agent is used for authentication.
+     */
+    readonly useVaultAgent: pulumi.Output<boolean | undefined>;
+    /**
+     * The Vault role defined to bind to aws iam account/role being accessed.
+     */
+    readonly vaultAwsIamRole: pulumi.Output<string | undefined>;
+    /**
+     * The role where K8s Auth will happen.
+     */
+    readonly vaultK8sAuthRole: pulumi.Output<string | undefined>;
+    /**
+     * URL of the HashiCorp Vault.
+     */
+    readonly vaultUrl: pulumi.Output<string>;
+    /**
+     * The AWS IAM Header Server ID that has been configured for this AWS IAM instance.
+     */
+    readonly xvaultAwsIamServerId: pulumi.Output<string | undefined>;
+    /**
+     * Create a VaultConnector resource with the given unique name, arguments, and options.
+     *
+     * @param name The _unique_ name of the resource.
+     * @param args The arguments to use to populate this resource's properties.
+     * @param opts A bag of options that control this resource's behavior.
+     */
+    constructor(name: string, args: VaultConnectorArgs, opts?: pulumi.CustomResourceOptions);
+}
+/**
+ * Input properties used for looking up and filtering VaultConnector resources.
+ */
+export interface VaultConnectorState {
+    /**
+     * Access type.
+     */
+    accessType?: pulumi.Input<string>;
+    /**
+     * ID of App Role.
+     */
+    appRoleId?: pulumi.Input<string>;
+    /**
+     * Authentication token for Vault.
+     */
+    authToken?: pulumi.Input<string>;
+    /**
+     * AWS region where the AWS IAM authentication will happen.
+     */
+    awsRegion?: pulumi.Input<string>;
+    /**
+     * Location of the Vault directory where the secret will be stored.
+     */
+    basePath?: pulumi.Input<string>;
+    /**
+     * Is default or not.
+     */
+    default?: pulumi.Input<boolean>;
+    /**
+     * List of Delegate Selectors that belong to the same Delegate and are used to connect to the Secret Manager.
+     */
+    delegateSelectors?: pulumi.Input<pulumi.Input<string>[]>;
+    /**
+     * Description of the resource.
+     */
+    description?: pulumi.Input<string>;
+    /**
+     * Unique identifier of the resource.
+     */
+    identifier?: pulumi.Input<string>;
+    /**
+     * Is default or not.
+     */
+    isDefault?: pulumi.Input<boolean>;
+    /**
+     * Read only or not.
+     */
+    isReadOnly?: pulumi.Input<boolean>;
+    /**
+     * The path where Kubernetes Auth is enabled in Vault.
+     */
+    k8sAuthEndpoint?: pulumi.Input<string>;
+    /**
+     * Name of the resource.
+     */
+    name?: pulumi.Input<string>;
+    /**
+     * Vault namespace where the Secret will be created.
+     */
+    namespace?: pulumi.Input<string>;
+    /**
+     * Unique identifier of the organization.
+     */
+    orgId?: pulumi.Input<string>;
+    /**
+     * Unique identifier of the project.
+     */
+    projectId?: pulumi.Input<string>;
+    /**
+     * Read only.
+     */
+    readOnly?: pulumi.Input<boolean>;
+    /**
+     * Boolean value to indicate if AppRole token renewal is enabled or not.
+     */
+    renewAppRoleToken?: pulumi.Input<boolean>;
+    /**
+     * The time interval for the token renewal.
+     */
+    renewalIntervalMinutes?: pulumi.Input<number>;
+    /**
+     * Manually entered Secret Engine.
+     */
+    secretEngineManuallyConfigured?: pulumi.Input<boolean>;
+    /**
+     * Name of the Secret Engine.
+     */
+    secretEngineName?: pulumi.Input<string>;
+    /**
+     * Version of Secret Engine.
+     */
+    secretEngineVersion?: pulumi.Input<number>;
+    /**
+     * ID of the Secret.
+     */
+    secretId?: pulumi.Input<string>;
+    /**
+     * The Service Account token path in the K8s pod where the token is mounted.
+     */
+    serviceAccountTokenPath?: pulumi.Input<string>;
+    /**
+     * The location from which the authentication token should be read.
+     */
+    sinkPath?: pulumi.Input<string>;
+    /**
+     * Tags to associate with the resource.
+     */
+    tags?: pulumi.Input<pulumi.Input<string>[]>;
+    /**
+     * Boolean value to indicate if AWS IAM is used for authentication.
+     */
+    useAwsIam?: pulumi.Input<boolean>;
+    /**
+     * Boolean value to indicate if K8s Auth is used for authentication.
+     */
+    useK8sAuth?: pulumi.Input<boolean>;
+    /**
+     * Boolean value to indicate if Vault Agent is used for authentication.
+     */
+    useVaultAgent?: pulumi.Input<boolean>;
+    /**
+     * The Vault role defined to bind to aws iam account/role being accessed.
+     */
+    vaultAwsIamRole?: pulumi.Input<string>;
+    /**
+     * The role where K8s Auth will happen.
+     */
+    vaultK8sAuthRole?: pulumi.Input<string>;
+    /**
+     * URL of the HashiCorp Vault.
+     */
+    vaultUrl?: pulumi.Input<string>;
+    /**
+     * The AWS IAM Header Server ID that has been configured for this AWS IAM instance.
+     */
+    xvaultAwsIamServerId?: pulumi.Input<string>;
+}
+/**
+ * The set of arguments for constructing a VaultConnector resource.
+ */
+export interface VaultConnectorArgs {
+    /**
+     * Access type.
+     */
+    accessType?: pulumi.Input<string>;
+    /**
+     * ID of App Role.
+     */
+    appRoleId?: pulumi.Input<string>;
+    /**
+     * Authentication token for Vault.
+     */
+    authToken?: pulumi.Input<string>;
+    /**
+     * AWS region where the AWS IAM authentication will happen.
+     */
+    awsRegion?: pulumi.Input<string>;
+    /**
+     * Location of the Vault directory where the secret will be stored.
+     */
+    basePath?: pulumi.Input<string>;
+    /**
+     * Is default or not.
+     */
+    default?: pulumi.Input<boolean>;
+    /**
+     * List of Delegate Selectors that belong to the same Delegate and are used to connect to the Secret Manager.
+     */
+    delegateSelectors?: pulumi.Input<pulumi.Input<string>[]>;
+    /**
+     * Description of the resource.
+     */
+    description?: pulumi.Input<string>;
+    /**
+     * Unique identifier of the resource.
+     */
+    identifier: pulumi.Input<string>;
+    /**
+     * Is default or not.
+     */
+    isDefault?: pulumi.Input<boolean>;
+    /**
+     * Read only or not.
+     */
+    isReadOnly?: pulumi.Input<boolean>;
+    /**
+     * The path where Kubernetes Auth is enabled in Vault.
+     */
+    k8sAuthEndpoint?: pulumi.Input<string>;
+    /**
+     * Name of the resource.
+     */
+    name?: pulumi.Input<string>;
+    /**
+     * Vault namespace where the Secret will be created.
+     */
+    namespace?: pulumi.Input<string>;
+    /**
+     * Unique identifier of the organization.
+     */
+    orgId?: pulumi.Input<string>;
+    /**
+     * Unique identifier of the project.
+     */
+    projectId?: pulumi.Input<string>;
+    /**
+     * Read only.
+     */
+    readOnly?: pulumi.Input<boolean>;
+    /**
+     * Boolean value to indicate if AppRole token renewal is enabled or not.
+     */
+    renewAppRoleToken?: pulumi.Input<boolean>;
+    /**
+     * The time interval for the token renewal.
+     */
+    renewalIntervalMinutes: pulumi.Input<number>;
+    /**
+     * Manually entered Secret Engine.
+     */
+    secretEngineManuallyConfigured?: pulumi.Input<boolean>;
+    /**
+     * Name of the Secret Engine.
+     */
+    secretEngineName?: pulumi.Input<string>;
+    /**
+     * Version of Secret Engine.
+     */
+    secretEngineVersion?: pulumi.Input<number>;
+    /**
+     * ID of the Secret.
+     */
+    secretId?: pulumi.Input<string>;
+    /**
+     * The Service Account token path in the K8s pod where the token is mounted.
+     */
+    serviceAccountTokenPath?: pulumi.Input<string>;
+    /**
+     * The location from which the authentication token should be read.
+     */
+    sinkPath?: pulumi.Input<string>;
+    /**
+     * Tags to associate with the resource.
+     */
+    tags?: pulumi.Input<pulumi.Input<string>[]>;
+    /**
+     * Boolean value to indicate if AWS IAM is used for authentication.
+     */
+    useAwsIam?: pulumi.Input<boolean>;
+    /**
+     * Boolean value to indicate if K8s Auth is used for authentication.
+     */
+    useK8sAuth?: pulumi.Input<boolean>;
+    /**
+     * Boolean value to indicate if Vault Agent is used for authentication.
+     */
+    useVaultAgent?: pulumi.Input<boolean>;
+    /**
+     * The Vault role defined to bind to aws iam account/role being accessed.
+     */
+    vaultAwsIamRole?: pulumi.Input<string>;
+    /**
+     * The role where K8s Auth will happen.
+     */
+    vaultK8sAuthRole?: pulumi.Input<string>;
+    /**
+     * URL of the HashiCorp Vault.
+     */
+    vaultUrl: pulumi.Input<string>;
+    /**
+     * The AWS IAM Header Server ID that has been configured for this AWS IAM instance.
+     */
+    xvaultAwsIamServerId?: pulumi.Input<string>;
+}