import * as pulumi from "@pulumi/pulumi"; /** * Resource for creating a HashiCorp Vault Secret Manager connector. * * ## Example Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as harness from "@pulumi/harness"; * * const awsAuth = new harness.platform.VaultConnector("aws_auth", { * identifier: "identifier", * name: "name", * description: "test", * tags: ["foo:bar"], * awsRegion: "aws_region", * basePath: "base_path", * accessType: "AWS_IAM", * "default": false, * xvaultAwsIamServerId: `account.${test.id}`, * readOnly: true, * renewalIntervalMinutes: 60, * secretEngineManuallyConfigured: true, * secretEngineName: "secret_engine_name", * secretEngineVersion: 2, * vaultAwsIamRole: "vault_aws_iam_role", * useAwsIam: true, * useK8sAuth: false, * useVaultAgent: false, * delegateSelectors: ["harness-delegate"], * vaultUrl: "https://vault_url.com", * useJwtAuth: false, * }); * const appRole = new harness.platform.VaultConnector("app_role", { * identifier: "identifier", * name: "name", * description: "test", * tags: ["foo:bar"], * appRoleId: "app_role_id", * basePath: "base_path", * accessType: "APP_ROLE", * "default": false, * secretId: `account.${test.id}`, * readOnly: true, * renewalIntervalMinutes: 60, * secretEngineManuallyConfigured: true, * secretEngineName: "secret_engine_name", * secretEngineVersion: 2, * useAwsIam: false, * useK8sAuth: false, * useVaultAgent: false, * renewAppRoleToken: true, * delegateSelectors: ["harness-delegate"], * vaultUrl: "https://vault_url.com", * useJwtAuth: false, * }); * const k8sAuth = new harness.platform.VaultConnector("k8s_auth", { * identifier: "identifier", * name: "name", * description: "test", * tags: ["foo:bar"], * authToken: `account.${test.id}`, * basePath: "base_path", * accessType: "K8s_AUTH", * "default": false, * k8sAuthEndpoint: "k8s_auth_endpoint", * namespace: "namespace", * readOnly: true, * renewalIntervalMinutes: 10, * secretEngineManuallyConfigured: true, * secretEngineName: "secret_engine_name", * secretEngineVersion: 2, * serviceAccountTokenPath: "service_account_token_path", * useAwsIam: false, * useK8sAuth: true, * useVaultAgent: false, * vaultK8sAuthRole: "vault_k8s_auth_role", * vaultAwsIamRole: "vault_aws_iam_role", * delegateSelectors: ["harness-delegate"], * vaultUrl: "https://vault_url.com", * useJwtAuth: false, * }); * const vaultAgent = new harness.platform.VaultConnector("vault_agent", { * identifier: "identifier", * name: "name", * description: "test", * tags: ["foo:bar"], * authToken: `account.${test.id}`, * basePath: "base_path", * accessType: "VAULT_AGENT", * "default": false, * namespace: "namespace", * readOnly: true, * renewalIntervalMinutes: 10, * secretEngineManuallyConfigured: true, * secretEngineName: "secret_engine_name", * secretEngineVersion: 2, * useAwsIam: false, * useK8sAuth: false, * useVaultAgent: true, * sinkPath: "sink_path", * delegateSelectors: ["harness-delegate"], * vaultUrl: "https://vault_url.com", * useJwtAuth: false, * }); * const token = new harness.platform.VaultConnector("token", { * identifier: "identifier", * name: "name", * description: "test", * tags: ["foo:bar"], * authToken: `account.${test.id}`, * basePath: "base_path", * accessType: "TOKEN", * "default": false, * namespace: "namespace", * readOnly: true, * renewalIntervalMinutes: 10, * secretEngineManuallyConfigured: true, * secretEngineName: "secret_engine_name", * secretEngineVersion: 2, * useAwsIam: false, * useK8sAuth: false, * vaultUrl: "https://vault_url.com", * useJwtAuth: false, * }); * const jwt = new harness.platform.VaultConnector("jwt", { * identifier: "identifier", * name: "name", * description: "test", * tags: ["foo:bar"], * basePath: "base_path", * accessType: "JWT", * "default": false, * readOnly: true, * renewalIntervalMinutes: 60, * secretEngineManuallyConfigured: true, * secretEngineName: "secret_engine_name", * secretEngineVersion: 2, * useAwsIam: false, * useK8sAuth: false, * useVaultAgent: false, * renewAppRoleToken: false, * delegateSelectors: ["harness-delegate"], * vaultUrl: "https://vault_url.com", * useJwtAuth: true, * vaultJwtAuthRole: "vault_jwt_auth_role", * vaultJwtAuthPath: "vault_jwt_auth_path", * executeOnDelegate: true, * }); * ``` * * ## Import * * The `pulumi import` command can be used, for example: * * Import account level vault connector * * ```sh * $ pulumi import harness:platform/vaultConnector:VaultConnector example * ``` * * Import org level vault connector * * ```sh * $ pulumi import harness:platform/vaultConnector:VaultConnector example / * ``` * * Import project level vault connector * * ```sh * $ pulumi import harness:platform/vaultConnector:VaultConnector example // * ``` */ export declare class VaultConnector extends pulumi.CustomResource { /** * Get an existing VaultConnector resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: VaultConnectorState, opts?: pulumi.CustomResourceOptions): VaultConnector; /** * Returns true if the given object is an instance of VaultConnector. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is VaultConnector; /** * Access type. */ readonly accessType: pulumi.Output; /** * ID of App Role. */ readonly appRoleId: pulumi.Output; /** * Authentication token for Vault. */ readonly authToken: pulumi.Output; /** * AWS region where the AWS IAM authentication will happen. */ readonly awsRegion: pulumi.Output; /** * Location of the Vault directory where the secret will be stored. */ readonly basePath: pulumi.Output; /** * Is default or not. */ readonly default: pulumi.Output; /** * List of Delegate Selectors that belong to the same Delegate and are used to connect to the Secret Manager. */ readonly delegateSelectors: pulumi.Output; /** * Description of the resource. */ readonly description: pulumi.Output; /** * Execute on delegate or not. */ readonly executeOnDelegate: pulumi.Output; /** * Unique identifier of the resource. */ readonly identifier: pulumi.Output; /** * Is default or not. */ readonly isDefault: pulumi.Output; /** * Read only or not. */ readonly isReadOnly: pulumi.Output; /** * The path where Kubernetes Auth is enabled in Vault. */ readonly k8sAuthEndpoint: pulumi.Output; /** * Name of the resource. */ readonly name: pulumi.Output; /** * Vault namespace where the Secret will be created. */ readonly namespace: pulumi.Output; /** * Unique identifier of the organization. */ readonly orgId: pulumi.Output; /** * Unique identifier of the project. */ readonly projectId: pulumi.Output; /** * Read only. */ readonly readOnly: pulumi.Output; /** * Boolean value to indicate if AppRole token renewal is enabled or not. */ readonly renewAppRoleToken: pulumi.Output; /** * The time interval for the token renewal. */ readonly renewalIntervalMinutes: pulumi.Output; /** * Manually entered Secret Engine. */ readonly secretEngineManuallyConfigured: pulumi.Output; /** * Name of the Secret Engine. */ readonly secretEngineName: pulumi.Output; /** * Version of Secret Engine. */ readonly secretEngineVersion: pulumi.Output; /** * ID of the Secret. */ readonly secretId: pulumi.Output; /** * The Service Account token path in the K8s pod where the token is mounted. */ readonly serviceAccountTokenPath: pulumi.Output; /** * The location from which the authentication token should be read. */ readonly sinkPath: pulumi.Output; /** * Tags to associate with the resource. */ readonly tags: pulumi.Output; /** * Boolean value to indicate if AWS IAM is used for authentication. */ readonly useAwsIam: pulumi.Output; /** * Boolean value to indicate if JWT is used for authentication. */ readonly useJwtAuth: pulumi.Output; /** * Boolean value to indicate if K8s Auth is used for authentication. */ readonly useK8sAuth: pulumi.Output; /** * Boolean value to indicate if Vault Agent is used for authentication. */ readonly useVaultAgent: pulumi.Output; /** * The Vault role defined to bind to aws iam account/role being accessed. */ readonly vaultAwsIamRole: pulumi.Output; /** * Custom path at with JWT auth in enabled for Vault */ readonly vaultJwtAuthPath: pulumi.Output; /** * The Vault role defined with JWT auth type for accessing Vault as per policies binded. */ readonly vaultJwtAuthRole: pulumi.Output; /** * The role where K8s Auth will happen. */ readonly vaultK8sAuthRole: pulumi.Output; /** * URL of the HashiCorp Vault. */ readonly vaultUrl: pulumi.Output; /** * The AWS IAM Header Server ID that has been configured for this AWS IAM instance. */ readonly xvaultAwsIamServerId: pulumi.Output; /** * Create a VaultConnector resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: VaultConnectorArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering VaultConnector resources. */ export interface VaultConnectorState { /** * Access type. */ accessType?: pulumi.Input; /** * ID of App Role. */ appRoleId?: pulumi.Input; /** * Authentication token for Vault. */ authToken?: pulumi.Input; /** * AWS region where the AWS IAM authentication will happen. */ awsRegion?: pulumi.Input; /** * Location of the Vault directory where the secret will be stored. */ basePath?: pulumi.Input; /** * Is default or not. */ default?: pulumi.Input; /** * List of Delegate Selectors that belong to the same Delegate and are used to connect to the Secret Manager. */ delegateSelectors?: pulumi.Input[] | undefined>; /** * Description of the resource. */ description?: pulumi.Input; /** * Execute on delegate or not. */ executeOnDelegate?: pulumi.Input; /** * Unique identifier of the resource. */ identifier?: pulumi.Input; /** * Is default or not. */ isDefault?: pulumi.Input; /** * Read only or not. */ isReadOnly?: pulumi.Input; /** * The path where Kubernetes Auth is enabled in Vault. */ k8sAuthEndpoint?: pulumi.Input; /** * Name of the resource. */ name?: pulumi.Input; /** * Vault namespace where the Secret will be created. */ namespace?: pulumi.Input; /** * Unique identifier of the organization. */ orgId?: pulumi.Input; /** * Unique identifier of the project. */ projectId?: pulumi.Input; /** * Read only. */ readOnly?: pulumi.Input; /** * Boolean value to indicate if AppRole token renewal is enabled or not. */ renewAppRoleToken?: pulumi.Input; /** * The time interval for the token renewal. */ renewalIntervalMinutes?: pulumi.Input; /** * Manually entered Secret Engine. */ secretEngineManuallyConfigured?: pulumi.Input; /** * Name of the Secret Engine. */ secretEngineName?: pulumi.Input; /** * Version of Secret Engine. */ secretEngineVersion?: pulumi.Input; /** * ID of the Secret. */ secretId?: pulumi.Input; /** * The Service Account token path in the K8s pod where the token is mounted. */ serviceAccountTokenPath?: pulumi.Input; /** * The location from which the authentication token should be read. */ sinkPath?: pulumi.Input; /** * Tags to associate with the resource. */ tags?: pulumi.Input[] | undefined>; /** * Boolean value to indicate if AWS IAM is used for authentication. */ useAwsIam?: pulumi.Input; /** * Boolean value to indicate if JWT is used for authentication. */ useJwtAuth?: pulumi.Input; /** * Boolean value to indicate if K8s Auth is used for authentication. */ useK8sAuth?: pulumi.Input; /** * Boolean value to indicate if Vault Agent is used for authentication. */ useVaultAgent?: pulumi.Input; /** * The Vault role defined to bind to aws iam account/role being accessed. */ vaultAwsIamRole?: pulumi.Input; /** * Custom path at with JWT auth in enabled for Vault */ vaultJwtAuthPath?: pulumi.Input; /** * The Vault role defined with JWT auth type for accessing Vault as per policies binded. */ vaultJwtAuthRole?: pulumi.Input; /** * The role where K8s Auth will happen. */ vaultK8sAuthRole?: pulumi.Input; /** * URL of the HashiCorp Vault. */ vaultUrl?: pulumi.Input; /** * The AWS IAM Header Server ID that has been configured for this AWS IAM instance. */ xvaultAwsIamServerId?: pulumi.Input; } /** * The set of arguments for constructing a VaultConnector resource. */ export interface VaultConnectorArgs { /** * Access type. */ accessType?: pulumi.Input; /** * ID of App Role. */ appRoleId?: pulumi.Input; /** * Authentication token for Vault. */ authToken?: pulumi.Input; /** * AWS region where the AWS IAM authentication will happen. */ awsRegion?: pulumi.Input; /** * Location of the Vault directory where the secret will be stored. */ basePath?: pulumi.Input; /** * Is default or not. */ default?: pulumi.Input; /** * List of Delegate Selectors that belong to the same Delegate and are used to connect to the Secret Manager. */ delegateSelectors?: pulumi.Input[] | undefined>; /** * Description of the resource. */ description?: pulumi.Input; /** * Execute on delegate or not. */ executeOnDelegate?: pulumi.Input; /** * Unique identifier of the resource. */ identifier: pulumi.Input; /** * Is default or not. */ isDefault?: pulumi.Input; /** * Read only or not. */ isReadOnly?: pulumi.Input; /** * The path where Kubernetes Auth is enabled in Vault. */ k8sAuthEndpoint?: pulumi.Input; /** * Name of the resource. */ name?: pulumi.Input; /** * Vault namespace where the Secret will be created. */ namespace?: pulumi.Input; /** * Unique identifier of the organization. */ orgId?: pulumi.Input; /** * Unique identifier of the project. */ projectId?: pulumi.Input; /** * Read only. */ readOnly?: pulumi.Input; /** * Boolean value to indicate if AppRole token renewal is enabled or not. */ renewAppRoleToken?: pulumi.Input; /** * The time interval for the token renewal. */ renewalIntervalMinutes: pulumi.Input; /** * Manually entered Secret Engine. */ secretEngineManuallyConfigured?: pulumi.Input; /** * Name of the Secret Engine. */ secretEngineName?: pulumi.Input; /** * Version of Secret Engine. */ secretEngineVersion?: pulumi.Input; /** * ID of the Secret. */ secretId?: pulumi.Input; /** * The Service Account token path in the K8s pod where the token is mounted. */ serviceAccountTokenPath?: pulumi.Input; /** * The location from which the authentication token should be read. */ sinkPath?: pulumi.Input; /** * Tags to associate with the resource. */ tags?: pulumi.Input[] | undefined>; /** * Boolean value to indicate if AWS IAM is used for authentication. */ useAwsIam?: pulumi.Input; /** * Boolean value to indicate if JWT is used for authentication. */ useJwtAuth?: pulumi.Input; /** * Boolean value to indicate if K8s Auth is used for authentication. */ useK8sAuth?: pulumi.Input; /** * Boolean value to indicate if Vault Agent is used for authentication. */ useVaultAgent?: pulumi.Input; /** * The Vault role defined to bind to aws iam account/role being accessed. */ vaultAwsIamRole?: pulumi.Input; /** * Custom path at with JWT auth in enabled for Vault */ vaultJwtAuthPath?: pulumi.Input; /** * The Vault role defined with JWT auth type for accessing Vault as per policies binded. */ vaultJwtAuthRole?: pulumi.Input; /** * The role where K8s Auth will happen. */ vaultK8sAuthRole?: pulumi.Input; /** * URL of the HashiCorp Vault. */ vaultUrl: pulumi.Input; /** * The AWS IAM Header Server ID that has been configured for this AWS IAM instance. */ xvaultAwsIamServerId?: pulumi.Input; } //# sourceMappingURL=vaultConnector.d.ts.map