README
¶
vault_kubernetes_secret_backend
Refer to the Terraform Registry for docs: vault_kubernetes_secret_backend.
Documentation
¶
Index ¶
- func KubernetesSecretBackend_GenerateConfigForImport(scope constructs.Construct, importToId *string, importFromId *string, ...) cdktf.ImportableResource
- func KubernetesSecretBackend_IsConstruct(x interface{}) *bool
- func KubernetesSecretBackend_IsTerraformElement(x interface{}) *bool
- func KubernetesSecretBackend_IsTerraformResource(x interface{}) *bool
- func KubernetesSecretBackend_TfResourceType() *string
- func NewKubernetesSecretBackend_Override(k KubernetesSecretBackend, scope constructs.Construct, id *string, ...)
- type KubernetesSecretBackend
- type KubernetesSecretBackendConfig
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func KubernetesSecretBackend_GenerateConfigForImport ¶
func KubernetesSecretBackend_GenerateConfigForImport(scope constructs.Construct, importToId *string, importFromId *string, provider cdktf.TerraformProvider) cdktf.ImportableResource
Generates CDKTF code for importing a KubernetesSecretBackend resource upon running "cdktf plan <stack-name>".
func KubernetesSecretBackend_IsConstruct ¶
func KubernetesSecretBackend_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.
Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.
Returns: true if `x` is an object created from a class which extends `Construct`.
func KubernetesSecretBackend_IsTerraformElement ¶
func KubernetesSecretBackend_IsTerraformElement(x interface{}) *bool
Experimental.
func KubernetesSecretBackend_IsTerraformResource ¶
func KubernetesSecretBackend_IsTerraformResource(x interface{}) *bool
Experimental.
func KubernetesSecretBackend_TfResourceType ¶
func KubernetesSecretBackend_TfResourceType() *string
func NewKubernetesSecretBackend_Override ¶
func NewKubernetesSecretBackend_Override(k KubernetesSecretBackend, scope constructs.Construct, id *string, config *KubernetesSecretBackendConfig)
Create a new {@link https://registry.terraform.io/providers/hashicorp/vault/4.5.0/docs/resources/kubernetes_secret_backend vault_kubernetes_secret_backend} Resource.
Types ¶
type KubernetesSecretBackend ¶
type KubernetesSecretBackend interface {
cdktf.TerraformResource
Accessor() *string
AllowedManagedKeys() *[]*string
SetAllowedManagedKeys(val *[]*string)
AllowedManagedKeysInput() *[]*string
AllowedResponseHeaders() *[]*string
SetAllowedResponseHeaders(val *[]*string)
AllowedResponseHeadersInput() *[]*string
AuditNonHmacRequestKeys() *[]*string
SetAuditNonHmacRequestKeys(val *[]*string)
AuditNonHmacRequestKeysInput() *[]*string
AuditNonHmacResponseKeys() *[]*string
SetAuditNonHmacResponseKeys(val *[]*string)
AuditNonHmacResponseKeysInput() *[]*string
// Experimental.
CdktfStack() cdktf.TerraformStack
// Experimental.
Connection() interface{}
// Experimental.
SetConnection(val interface{})
// Experimental.
ConstructNodeMetadata() *map[string]interface{}
// Experimental.
Count() interface{}
// Experimental.
SetCount(val interface{})
DefaultLeaseTtlSeconds() *float64
SetDefaultLeaseTtlSeconds(val *float64)
DefaultLeaseTtlSecondsInput() *float64
DelegatedAuthAccessors() *[]*string
SetDelegatedAuthAccessors(val *[]*string)
DelegatedAuthAccessorsInput() *[]*string
// Experimental.
DependsOn() *[]*string
// Experimental.
SetDependsOn(val *[]*string)
Description() *string
SetDescription(val *string)
DescriptionInput() *string
DisableLocalCaJwt() interface{}
SetDisableLocalCaJwt(val interface{})
DisableLocalCaJwtInput() interface{}
ExternalEntropyAccess() interface{}
SetExternalEntropyAccess(val interface{})
ExternalEntropyAccessInput() interface{}
// Experimental.
ForEach() cdktf.ITerraformIterator
// Experimental.
SetForEach(val cdktf.ITerraformIterator)
// Experimental.
Fqn() *string
// Experimental.
FriendlyUniqueId() *string
Id() *string
SetId(val *string)
IdentityTokenKey() *string
SetIdentityTokenKey(val *string)
IdentityTokenKeyInput() *string
IdInput() *string
KubernetesCaCert() *string
SetKubernetesCaCert(val *string)
KubernetesCaCertInput() *string
KubernetesHost() *string
SetKubernetesHost(val *string)
KubernetesHostInput() *string
// Experimental.
Lifecycle() *cdktf.TerraformResourceLifecycle
// Experimental.
SetLifecycle(val *cdktf.TerraformResourceLifecycle)
ListingVisibility() *string
SetListingVisibility(val *string)
ListingVisibilityInput() *string
Local() interface{}
SetLocal(val interface{})
LocalInput() interface{}
MaxLeaseTtlSeconds() *float64
SetMaxLeaseTtlSeconds(val *float64)
MaxLeaseTtlSecondsInput() *float64
Namespace() *string
SetNamespace(val *string)
NamespaceInput() *string
// The tree node.
Node() constructs.Node
Options() *map[string]*string
SetOptions(val *map[string]*string)
OptionsInput() *map[string]*string
PassthroughRequestHeaders() *[]*string
SetPassthroughRequestHeaders(val *[]*string)
PassthroughRequestHeadersInput() *[]*string
Path() *string
SetPath(val *string)
PathInput() *string
PluginVersion() *string
SetPluginVersion(val *string)
PluginVersionInput() *string
// Experimental.
Provider() cdktf.TerraformProvider
// Experimental.
SetProvider(val cdktf.TerraformProvider)
// Experimental.
Provisioners() *[]interface{}
// Experimental.
SetProvisioners(val *[]interface{})
// Experimental.
RawOverrides() interface{}
SealWrap() interface{}
SetSealWrap(val interface{})
SealWrapInput() interface{}
ServiceAccountJwt() *string
SetServiceAccountJwt(val *string)
ServiceAccountJwtInput() *string
// Experimental.
TerraformGeneratorMetadata() *cdktf.TerraformProviderGeneratorMetadata
// Experimental.
TerraformMetaArguments() *map[string]interface{}
// Experimental.
TerraformResourceType() *string
// Adds a user defined moveTarget string to this resource to be later used in .moveTo(moveTarget) to resolve the location of the move.
// Experimental.
AddMoveTarget(moveTarget *string)
// Experimental.
AddOverride(path *string, value interface{})
// Experimental.
GetAnyMapAttribute(terraformAttribute *string) *map[string]interface{}
// Experimental.
GetBooleanAttribute(terraformAttribute *string) cdktf.IResolvable
// Experimental.
GetBooleanMapAttribute(terraformAttribute *string) *map[string]*bool
// Experimental.
GetListAttribute(terraformAttribute *string) *[]*string
// Experimental.
GetNumberAttribute(terraformAttribute *string) *float64
// Experimental.
GetNumberListAttribute(terraformAttribute *string) *[]*float64
// Experimental.
GetNumberMapAttribute(terraformAttribute *string) *map[string]*float64
// Experimental.
GetStringAttribute(terraformAttribute *string) *string
// Experimental.
GetStringMapAttribute(terraformAttribute *string) *map[string]*string
// Experimental.
HasResourceMove() interface{}
// Experimental.
ImportFrom(id *string, provider cdktf.TerraformProvider)
// Experimental.
InterpolationForAttribute(terraformAttribute *string) cdktf.IResolvable
// Move the resource corresponding to "id" to this resource.
//
// Note that the resource being moved from must be marked as moved using it's instance function.
// Experimental.
MoveFromId(id *string)
// Moves this resource to the target resource given by moveTarget.
// Experimental.
MoveTo(moveTarget *string, index interface{})
// Moves this resource to the resource corresponding to "id".
// Experimental.
MoveToId(id *string)
// Overrides the auto-generated logical ID with a specific ID.
// Experimental.
OverrideLogicalId(newLogicalId *string)
ResetAllowedManagedKeys()
ResetAllowedResponseHeaders()
ResetAuditNonHmacRequestKeys()
ResetAuditNonHmacResponseKeys()
ResetDefaultLeaseTtlSeconds()
ResetDelegatedAuthAccessors()
ResetDescription()
ResetDisableLocalCaJwt()
ResetExternalEntropyAccess()
ResetId()
ResetIdentityTokenKey()
ResetKubernetesCaCert()
ResetKubernetesHost()
ResetListingVisibility()
ResetLocal()
ResetMaxLeaseTtlSeconds()
ResetNamespace()
ResetOptions()
// Resets a previously passed logical Id to use the auto-generated logical id again.
// Experimental.
ResetOverrideLogicalId()
ResetPassthroughRequestHeaders()
ResetPluginVersion()
ResetSealWrap()
ResetServiceAccountJwt()
SynthesizeAttributes() *map[string]interface{}
SynthesizeHclAttributes() *map[string]interface{}
// Experimental.
ToHclTerraform() interface{}
// Experimental.
ToMetadata() interface{}
// Returns a string representation of this construct.
ToString() *string
// Adds this resource to the terraform JSON output.
// Experimental.
ToTerraform() interface{}
}
Represents a {@link https://registry.terraform.io/providers/hashicorp/vault/4.5.0/docs/resources/kubernetes_secret_backend vault_kubernetes_secret_backend}.
func NewKubernetesSecretBackend ¶
func NewKubernetesSecretBackend(scope constructs.Construct, id *string, config *KubernetesSecretBackendConfig) KubernetesSecretBackend
Create a new {@link https://registry.terraform.io/providers/hashicorp/vault/4.5.0/docs/resources/kubernetes_secret_backend vault_kubernetes_secret_backend} Resource.
type KubernetesSecretBackendConfig ¶
type KubernetesSecretBackendConfig struct {
// Experimental.
Connection interface{} `field:"optional" json:"connection" yaml:"connection"`
// Experimental.
Count interface{} `field:"optional" json:"count" yaml:"count"`
// Experimental.
DependsOn *[]cdktf.ITerraformDependable `field:"optional" json:"dependsOn" yaml:"dependsOn"`
// Experimental.
ForEach cdktf.ITerraformIterator `field:"optional" json:"forEach" yaml:"forEach"`
// Experimental.
Lifecycle *cdktf.TerraformResourceLifecycle `field:"optional" json:"lifecycle" yaml:"lifecycle"`
// Experimental.
Provider cdktf.TerraformProvider `field:"optional" json:"provider" yaml:"provider"`
// Experimental.
Provisioners *[]interface{} `field:"optional" json:"provisioners" yaml:"provisioners"`
// Where the secret backend will be mounted.
//
// Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.5.0/docs/resources/kubernetes_secret_backend#path KubernetesSecretBackend#path}
Path *string `field:"required" json:"path" yaml:"path"`
// List of managed key registry entry names that the mount in question is allowed to access.
//
// Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.5.0/docs/resources/kubernetes_secret_backend#allowed_managed_keys KubernetesSecretBackend#allowed_managed_keys}
AllowedManagedKeys *[]*string `field:"optional" json:"allowedManagedKeys" yaml:"allowedManagedKeys"`
// List of headers to allow and pass from the request to the plugin.
//
// Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.5.0/docs/resources/kubernetes_secret_backend#allowed_response_headers KubernetesSecretBackend#allowed_response_headers}
AllowedResponseHeaders *[]*string `field:"optional" json:"allowedResponseHeaders" yaml:"allowedResponseHeaders"`
// Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
//
// Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.5.0/docs/resources/kubernetes_secret_backend#audit_non_hmac_request_keys KubernetesSecretBackend#audit_non_hmac_request_keys}
AuditNonHmacRequestKeys *[]*string `field:"optional" json:"auditNonHmacRequestKeys" yaml:"auditNonHmacRequestKeys"`
// Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
//
// Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.5.0/docs/resources/kubernetes_secret_backend#audit_non_hmac_response_keys KubernetesSecretBackend#audit_non_hmac_response_keys}
AuditNonHmacResponseKeys *[]*string `field:"optional" json:"auditNonHmacResponseKeys" yaml:"auditNonHmacResponseKeys"`
// Default lease duration for tokens and secrets in seconds.
//
// Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.5.0/docs/resources/kubernetes_secret_backend#default_lease_ttl_seconds KubernetesSecretBackend#default_lease_ttl_seconds}
DefaultLeaseTtlSeconds *float64 `field:"optional" json:"defaultLeaseTtlSeconds" yaml:"defaultLeaseTtlSeconds"`
// List of headers to allow and pass from the request to the plugin.
//
// Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.5.0/docs/resources/kubernetes_secret_backend#delegated_auth_accessors KubernetesSecretBackend#delegated_auth_accessors}
DelegatedAuthAccessors *[]*string `field:"optional" json:"delegatedAuthAccessors" yaml:"delegatedAuthAccessors"`
// Human-friendly description of the mount.
//
// Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.5.0/docs/resources/kubernetes_secret_backend#description KubernetesSecretBackend#description}
Description *string `field:"optional" json:"description" yaml:"description"`
// Disable defaulting to the local CA certificate and service account JWT when running in a Kubernetes pod.
//
// Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.5.0/docs/resources/kubernetes_secret_backend#disable_local_ca_jwt KubernetesSecretBackend#disable_local_ca_jwt}
DisableLocalCaJwt interface{} `field:"optional" json:"disableLocalCaJwt" yaml:"disableLocalCaJwt"`
// Enable the secrets engine to access Vault's external entropy source.
//
// Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.5.0/docs/resources/kubernetes_secret_backend#external_entropy_access KubernetesSecretBackend#external_entropy_access}
ExternalEntropyAccess interface{} `field:"optional" json:"externalEntropyAccess" yaml:"externalEntropyAccess"`
// Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.5.0/docs/resources/kubernetes_secret_backend#id KubernetesSecretBackend#id}.
//
// Please be aware that the id field is automatically added to all resources in Terraform providers using a Terraform provider SDK version below 2.
// If you experience problems setting this value it might not be settable. Please take a look at the provider documentation to ensure it should be settable.
Id *string `field:"optional" json:"id" yaml:"id"`
// The key to use for signing plugin workload identity tokens.
//
// Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.5.0/docs/resources/kubernetes_secret_backend#identity_token_key KubernetesSecretBackend#identity_token_key}
IdentityTokenKey *string `field:"optional" json:"identityTokenKey" yaml:"identityTokenKey"`
// A PEM-encoded CA certificate used by the secret engine to verify the Kubernetes API server certificate.
//
// Defaults to the local pod’s CA if found, or otherwise the host's root CA set.
//
// Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.5.0/docs/resources/kubernetes_secret_backend#kubernetes_ca_cert KubernetesSecretBackend#kubernetes_ca_cert}
KubernetesCaCert *string `field:"optional" json:"kubernetesCaCert" yaml:"kubernetesCaCert"`
// The Kubernetes API URL to connect to.
//
// Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.5.0/docs/resources/kubernetes_secret_backend#kubernetes_host KubernetesSecretBackend#kubernetes_host}
KubernetesHost *string `field:"optional" json:"kubernetesHost" yaml:"kubernetesHost"`
// Specifies whether to show this mount in the UI-specific listing endpoint.
//
// Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.5.0/docs/resources/kubernetes_secret_backend#listing_visibility KubernetesSecretBackend#listing_visibility}
ListingVisibility *string `field:"optional" json:"listingVisibility" yaml:"listingVisibility"`
// Local mount flag that can be explicitly set to true to enforce local mount in HA environment.
//
// Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.5.0/docs/resources/kubernetes_secret_backend#local KubernetesSecretBackend#local}
Local interface{} `field:"optional" json:"local" yaml:"local"`
// Maximum possible lease duration for tokens and secrets in seconds.
//
// Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.5.0/docs/resources/kubernetes_secret_backend#max_lease_ttl_seconds KubernetesSecretBackend#max_lease_ttl_seconds}
MaxLeaseTtlSeconds *float64 `field:"optional" json:"maxLeaseTtlSeconds" yaml:"maxLeaseTtlSeconds"`
// Target namespace. (requires Enterprise).
//
// Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.5.0/docs/resources/kubernetes_secret_backend#namespace KubernetesSecretBackend#namespace}
Namespace *string `field:"optional" json:"namespace" yaml:"namespace"`
// Specifies mount type specific options that are passed to the backend.
//
// Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.5.0/docs/resources/kubernetes_secret_backend#options KubernetesSecretBackend#options}
Options *map[string]*string `field:"optional" json:"options" yaml:"options"`
// List of headers to allow and pass from the request to the plugin.
//
// Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.5.0/docs/resources/kubernetes_secret_backend#passthrough_request_headers KubernetesSecretBackend#passthrough_request_headers}
PassthroughRequestHeaders *[]*string `field:"optional" json:"passthroughRequestHeaders" yaml:"passthroughRequestHeaders"`
// Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'.
//
// Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.5.0/docs/resources/kubernetes_secret_backend#plugin_version KubernetesSecretBackend#plugin_version}
PluginVersion *string `field:"optional" json:"pluginVersion" yaml:"pluginVersion"`
// Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability.
//
// Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.5.0/docs/resources/kubernetes_secret_backend#seal_wrap KubernetesSecretBackend#seal_wrap}
SealWrap interface{} `field:"optional" json:"sealWrap" yaml:"sealWrap"`
// The JSON web token of the service account used by the secrets engine to manage Kubernetes credentials.
//
// Defaults to the local pod’s JWT if found.
//
// Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.5.0/docs/resources/kubernetes_secret_backend#service_account_jwt KubernetesSecretBackend#service_account_jwt}
ServiceAccountJwt *string `field:"optional" json:"serviceAccountJwt" yaml:"serviceAccountJwt"`
}
Source Files
¶
Directories
Click to show internal directories.
Click to hide internal directories.