gcp_secret_static_account.md

permalink
/gcp_secret_static_account/

gcp_secret_static_account

gcp_secret_static_account represents the vault_gcp_secret_static_account Terraform resource.

This package contains functions and utilities for setting up the resource using Jsonnet code.

Index

• fn new()
• fn newAttrs()
• fn withBackend()
• fn withBinding()
• fn withBindingMixin()
• fn withNamespace()
• fn withSecretType()
• fn withServiceAccountEmail()
• fn withStaticAccount()
• fn withTokenScopes()
• obj binding
  • fn new()

Fields

fn new

new()

vault.gcp_secret_static_account.new injects a new vault_gcp_secret_static_account Terraform resource block into the root module document.

Additionally, this inserts a private function into the _ref attribute that generates references to attributes of the resource. For example, if you added a new instance to the root using:

# arguments omitted for brevity
vault.gcp_secret_static_account.new('some_id')

You can get the reference to the id field of the created vault.gcp_secret_static_account using the reference:

$._ref.vault_gcp_secret_static_account.some_id.get('id')

This is the same as directly entering "${ vault_gcp_secret_static_account.some_id.id }" as the value.

NOTE: if you are chaining multiple resources together in a merge operation, you may not be able to use super, self, or $ to refer to the root object. Instead, make an explicit outer object using local.

Args:

• resourceLabel (string): The name label of the block.
• backend (string): Path where the GCP secrets engine is mounted.
• namespace (string): Target namespace. (requires Enterprise) When null, the namespace field will be omitted from the resulting object.
• secret_type (string): Type of secret generated for this static account. Defaults to access_token. Accepted values: access_token, service_account_key When null, the secret_type field will be omitted from the resulting object.
• service_account_email (string): Email of the GCP service account.
• static_account (string): Name of the Static Account to create
• token_scopes (list): List of OAuth scopes to assign to access_token secrets generated under this static account (access_token static accounts only) When null, the token_scopes field will be omitted from the resulting object.
• binding (list[obj]): Set the binding field on the resulting resource block. When null, the binding sub block will be omitted from the resulting object. When setting the sub block, it is recommended to construct the object using the vault.gcp_secret_static_account.binding.new constructor.

Returns:

• A mixin object that injects the new resource into the root Terraform configuration.

fn newAttrs

newAttrs()

vault.gcp_secret_static_account.newAttrs constructs a new object with attributes and blocks configured for the gcp_secret_static_account Terraform resource.

Unlike vault.gcp_secret_static_account.new, this function will not inject the resource block into the root Terraform document. Instead, this must be passed in as the attrs argument for the tf.withResource function to build a complete block.

This is most useful when you need to preprocess the attributes with functions, conditional, or looping logic prior to injecting into a complete block.

Args:

• backend (string): Path where the GCP secrets engine is mounted.
• namespace (string): Target namespace. (requires Enterprise) When null, the namespace field will be omitted from the resulting object.
• secret_type (string): Type of secret generated for this static account. Defaults to access_token. Accepted values: access_token, service_account_key When null, the secret_type field will be omitted from the resulting object.
• service_account_email (string): Email of the GCP service account.
• static_account (string): Name of the Static Account to create
• token_scopes (list): List of OAuth scopes to assign to access_token secrets generated under this static account (access_token static accounts only) When null, the token_scopes field will be omitted from the resulting object.
• binding (list[obj]): Set the binding field on the resulting object. When null, the binding sub block will be omitted from the resulting object. When setting the sub block, it is recommended to construct the object using the vault.gcp_secret_static_account.binding.new constructor.

Returns:

• An attribute object that can be used with tf.withResource to construct a new gcp_secret_static_account resource into the root Terraform configuration.

fn withBackend

withBackend()

vault.string.withBackend constructs a mixin object that can be merged into the string Terraform resource block to set or update the backend field.

Args:

• resourceLabel (string): The name label of the block to update.
• value (string): The value to set for the backend field.

fn withBinding

withBinding()

vault.list[obj].withBinding constructs a mixin object that can be merged into the list[obj] Terraform resource block to set or update the binding field.

This function will replace the array with the passed in value. If you wish to instead append the passed in value to the existing array, use the vault.list[obj].withBindingMixin function.

Args:

• resourceLabel (string): The name label of the block to update.
• value (list[obj]): The value to set for the binding field.

fn withBindingMixin

withBindingMixin()

vault.list[obj].withBindingMixin constructs a mixin object that can be merged into the list[obj] Terraform resource block to set or update the binding field.

This function will append the passed in array or object to the existing array. If you wish to instead replace the array with the passed in value, use the vault.list[obj].withBinding function.

Args:

• resourceLabel (string): The name label of the block to update.
• value (list[obj]): The value to set for the binding field.

fn withNamespace

withNamespace()

vault.string.withNamespace constructs a mixin object that can be merged into the string Terraform resource block to set or update the namespace field.

Args:

• resourceLabel (string): The name label of the block to update.
• value (string): The value to set for the namespace field.

fn withSecretType

withSecretType()

vault.string.withSecretType constructs a mixin object that can be merged into the string Terraform resource block to set or update the secret_type field.

Args:

• resourceLabel (string): The name label of the block to update.
• value (string): The value to set for the secret_type field.

fn withServiceAccountEmail

withServiceAccountEmail()

vault.string.withServiceAccountEmail constructs a mixin object that can be merged into the string Terraform resource block to set or update the service_account_email field.

Args:

• resourceLabel (string): The name label of the block to update.
• value (string): The value to set for the service_account_email field.

fn withStaticAccount

withStaticAccount()

vault.string.withStaticAccount constructs a mixin object that can be merged into the string Terraform resource block to set or update the static_account field.

Args:

• resourceLabel (string): The name label of the block to update.
• value (string): The value to set for the static_account field.

fn withTokenScopes

withTokenScopes()

vault.list.withTokenScopes constructs a mixin object that can be merged into the list Terraform resource block to set or update the token_scopes field.

Args:

• resourceLabel (string): The name label of the block to update.
• value (list): The value to set for the token_scopes field.

obj binding

fn binding.new

new()

vault.gcp_secret_static_account.binding.new constructs a new object with attributes and blocks configured for the binding Terraform sub block.

Args:

• resource (string): Resource name
• roles (list): List of roles to apply to the resource

Returns:

• An attribute object that represents the binding sub block.