-
Notifications
You must be signed in to change notification settings - Fork 155
/
userLoginProfile.ts
155 lines (149 loc) · 7.31 KB
/
userLoginProfile.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
// *** Do not edit by hand unless you're certain you know what you are doing! ***
import * as pulumi from "@pulumi/pulumi";
import * as utilities from "../utilities";
/**
* Manages an IAM User Login Profile with limited support for password creation during Terraform resource creation. Uses PGP to encrypt the password for safe transport to the user. PGP keys can be obtained from Keybase.
*
* > To reset an IAM User login password via Terraform, you can use the [`terraform taint` command](https://www.terraform.io/docs/commands/taint.html) or change any of the arguments.
*
* ## Example Usage
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as aws from "@pulumi/aws";
*
* const exampleUser = new aws.iam.User("example", {
* forceDestroy: true,
* path: "/",
* });
* const exampleUserLoginProfile = new aws.iam.UserLoginProfile("example", {
* pgpKey: "keybase:some_person_that_exists",
* user: exampleUser.name,
* });
*
* export const password = exampleUserLoginProfile.encryptedPassword;
* ```
*/
export class UserLoginProfile extends pulumi.CustomResource {
/**
* Get an existing UserLoginProfile resource's state with the given name, ID, and optional extra
* properties used to qualify the lookup.
*
* @param name The _unique_ name of the resulting resource.
* @param id The _unique_ provider ID of the resource to lookup.
* @param state Any extra arguments used during the lookup.
*/
public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: UserLoginProfileState, opts?: pulumi.CustomResourceOptions): UserLoginProfile {
return new UserLoginProfile(name, <any>state, { ...opts, id: id });
}
/**
* The encrypted password, base64 encoded. Only available if password was handled on Terraform resource creation, not import.
*/
public /*out*/ readonly encryptedPassword!: pulumi.Output<string>;
/**
* The fingerprint of the PGP key used to encrypt the password. Only available if password was handled on Terraform resource creation, not import.
*/
public /*out*/ readonly keyFingerprint!: pulumi.Output<string>;
/**
* The length of the generated password on resource creation. Only applies on resource creation. Drift detection is not possible with this argument.
*/
public readonly passwordLength!: pulumi.Output<number | undefined>;
/**
* Whether the user should be forced to reset the generated password on resource creation. Only applies on resource creation. Drift detection is not possible with this argument.
*/
public readonly passwordResetRequired!: pulumi.Output<boolean | undefined>;
/**
* Either a base-64 encoded PGP public key, or a keybase username in the form `keybase:username`. Only applies on resource creation. Drift detection is not possible with this argument.
*/
public readonly pgpKey!: pulumi.Output<string>;
/**
* The IAM user's name.
*/
public readonly user!: pulumi.Output<string>;
/**
* Create a UserLoginProfile resource with the given unique name, arguments, and options.
*
* @param name The _unique_ name of the resource.
* @param args The arguments to use to populate this resource's properties.
* @param opts A bag of options that control this resource's behavior.
*/
constructor(name: string, args: UserLoginProfileArgs, opts?: pulumi.CustomResourceOptions)
constructor(name: string, argsOrState?: UserLoginProfileArgs | UserLoginProfileState, opts?: pulumi.CustomResourceOptions) {
let inputs: pulumi.Inputs = {};
if (opts && opts.id) {
const state = argsOrState as UserLoginProfileState | undefined;
inputs["encryptedPassword"] = state ? state.encryptedPassword : undefined;
inputs["keyFingerprint"] = state ? state.keyFingerprint : undefined;
inputs["passwordLength"] = state ? state.passwordLength : undefined;
inputs["passwordResetRequired"] = state ? state.passwordResetRequired : undefined;
inputs["pgpKey"] = state ? state.pgpKey : undefined;
inputs["user"] = state ? state.user : undefined;
} else {
const args = argsOrState as UserLoginProfileArgs | undefined;
if (!args || args.pgpKey === undefined) {
throw new Error("Missing required property 'pgpKey'");
}
if (!args || args.user === undefined) {
throw new Error("Missing required property 'user'");
}
inputs["passwordLength"] = args ? args.passwordLength : undefined;
inputs["passwordResetRequired"] = args ? args.passwordResetRequired : undefined;
inputs["pgpKey"] = args ? args.pgpKey : undefined;
inputs["user"] = args ? args.user : undefined;
inputs["encryptedPassword"] = undefined /*out*/;
inputs["keyFingerprint"] = undefined /*out*/;
}
super("aws:iam/userLoginProfile:UserLoginProfile", name, inputs, opts);
}
}
/**
* Input properties used for looking up and filtering UserLoginProfile resources.
*/
export interface UserLoginProfileState {
/**
* The encrypted password, base64 encoded. Only available if password was handled on Terraform resource creation, not import.
*/
readonly encryptedPassword?: pulumi.Input<string>;
/**
* The fingerprint of the PGP key used to encrypt the password. Only available if password was handled on Terraform resource creation, not import.
*/
readonly keyFingerprint?: pulumi.Input<string>;
/**
* The length of the generated password on resource creation. Only applies on resource creation. Drift detection is not possible with this argument.
*/
readonly passwordLength?: pulumi.Input<number>;
/**
* Whether the user should be forced to reset the generated password on resource creation. Only applies on resource creation. Drift detection is not possible with this argument.
*/
readonly passwordResetRequired?: pulumi.Input<boolean>;
/**
* Either a base-64 encoded PGP public key, or a keybase username in the form `keybase:username`. Only applies on resource creation. Drift detection is not possible with this argument.
*/
readonly pgpKey?: pulumi.Input<string>;
/**
* The IAM user's name.
*/
readonly user?: pulumi.Input<string>;
}
/**
* The set of arguments for constructing a UserLoginProfile resource.
*/
export interface UserLoginProfileArgs {
/**
* The length of the generated password on resource creation. Only applies on resource creation. Drift detection is not possible with this argument.
*/
readonly passwordLength?: pulumi.Input<number>;
/**
* Whether the user should be forced to reset the generated password on resource creation. Only applies on resource creation. Drift detection is not possible with this argument.
*/
readonly passwordResetRequired?: pulumi.Input<boolean>;
/**
* Either a base-64 encoded PGP public key, or a keybase username in the form `keybase:username`. Only applies on resource creation. Drift detection is not possible with this argument.
*/
readonly pgpKey: pulumi.Input<string>;
/**
* The IAM user's name.
*/
readonly user: pulumi.Input<string>;
}