Package com.hashicorp.cdktf

Interface AzurermBackendConfig

All Superinterfaces:

software.amazon.jsii.JsiiSerializable

All Known Subinterfaces:

DataTerraformRemoteStateAzurermConfig

All Known Implementing Classes:

AzurermBackendConfig.Jsii$Proxy, DataTerraformRemoteStateAzurermConfig.Jsii$Proxy

@Generated(value="jsii-pacmak/1.98.0 (build 00b106d)",
           date="2024-07-01T08:06:00.295Z")
@Stability(Experimental)
public interface AzurermBackendConfig
extends software.amazon.jsii.JsiiSerializable

(experimental) Stores the state as a Blob with the given Key within the Blob Container within the Blob Storage Account.

This backend supports state locking and consistency checking with Azure Blob Storage native capabilities.

Note: By default the Azure Backend uses ADAL for authentication which is deprecated in favour of MSAL - MSAL can be used by setting use_microsoft_graph to true. The default for this will change in Terraform 1.2, so that MSAL authentication is used by default.

Read more about this backend in the Terraform docs: https://developer.hashicorp.com/terraform/language/settings/backends/azurerm

Nested Class Summary

Nested Classes

Modifier and Type	Interface	Description
static final class	AzurermBackendConfig.Builder	A builder for AzurermBackendConfig
static final class	AzurermBackendConfig.Jsii$Proxy	An implementation for AzurermBackendConfig

Method Summary

Modifier and Type	Method	Description
static AzurermBackendConfig.Builder	builder()
default String	getAccessKey()	(experimental) access_key - (Optional) The Access Key used to access the Blob Storage Account.
default String	getClientCertificatePassword()	(experimental) (Optional) The password associated with the Client Certificate specified in client_certificate_path.
default String	getClientCertificatePath()	(experimental) (Optional) The path to the PFX file used as the Client Certificate when authenticating as a Service Principal.
default String	getClientId()	(experimental) (Optional) The Client ID of the Service Principal.
default String	getClientSecret()	(experimental) (Optional) The Client Secret of the Service Principal.
String	getContainerName()	(experimental) (Required) The Name of the Storage Container within the Storage Account.
default String	getEndpoint()	(experimental) (Optional) The Custom Endpoint for Azure Resource Manager.
default String	getEnvironment()	(experimental) (Optional) The Azure Environment which should be used.
String	getKey()	(experimental) (Required) The name of the Blob used to retrieve/store Terraform's State file inside the Storage Container.
default String	getMetadataHost()	(experimental) (Optional) The Hostname of the Azure Metadata Service (for example management.azure.com), used to obtain the Cloud Environment when using a Custom Azure Environment.
default String	getMsiEndpoint()	(experimental) (Optional) The path to a custom Managed Service Identity endpoint which is automatically determined if not specified.
default String	getOidcRequestToken()	(experimental) (Optional) The bearer token for the request to the OIDC provider.
default String	getOidcRequestUrl()	(experimental) (Optional) The URL for the OIDC provider from which to request an ID token.
default String	getOidcToken()	(experimental) (Optional) The ID token when authenticating using OpenID Connect (OIDC).
default String	getOidcTokenFilePath()	(experimental) (Optional) The path to a file containing an ID token when authenticating using OpenID Connect (OIDC).
default String	getResourceGroupName()	(experimental) (Required) The Name of the Resource Group in which the Storage Account exists.
default String	getSasToken()	(experimental) (Optional) The SAS Token used to access the Blob Storage Account.
default Boolean	getSnapshot()	(experimental) (Optional) Should the Blob used to store the Terraform Statefile be snapshotted before use?
String	getStorageAccountName()	(experimental) (Required) The Name of the Storage Account.
default String	getSubscriptionId()	(experimental) (Optional) The Subscription ID in which the Storage Account exists.
default String	getTenantId()	(experimental) (Optional) The Tenant ID in which the Subscription exists.
default Boolean	getUseAzureadAuth()	(experimental) (Optional) Should AzureAD Authentication be used to access the Blob Storage Account.
default Boolean	getUseMicrosoftGraph()	(experimental) (Optional) Should MSAL be used for authentication instead of ADAL, and should Microsoft Graph be used instead of Azure Active Directory Graph?
default Boolean	getUseMsi()	(experimental) (Optional) Should Managed Service Identity authentication be used?
default Boolean	getUseOidc()	(experimental) (Optional) Should OIDC authentication be used? This can also be sourced from the ARM_USE_OIDC environment variable.

Methods inherited from interface software.amazon.jsii.JsiiSerializable

$jsii$toJson

Method Details

getContainerName

@Stability(Experimental)
@NotNull
String getContainerName()

(experimental) (Required) The Name of the Storage Container within the Storage Account.

getKey

@Stability(Experimental)
@NotNull
String getKey()

(experimental) (Required) The name of the Blob used to retrieve/store Terraform's State file inside the Storage Container.

getStorageAccountName

@Stability(Experimental)
@NotNull
String getStorageAccountName()

(experimental) (Required) The Name of the Storage Account.

getAccessKey

@Stability(Experimental)
@Nullable
default String getAccessKey()

(experimental) access_key - (Optional) The Access Key used to access the Blob Storage Account.

This can also be sourced from the ARM_ACCESS_KEY environment variable.

getClientCertificatePassword

@Stability(Experimental)
@Nullable
default String getClientCertificatePassword()

(experimental) (Optional) The password associated with the Client Certificate specified in client_certificate_path.

This can also be sourced from the ARM_CLIENT_CERTIFICATE_PASSWORD environment variable.

getClientCertificatePath

@Stability(Experimental)
@Nullable
default String getClientCertificatePath()

(experimental) (Optional) The path to the PFX file used as the Client Certificate when authenticating as a Service Principal.

This can also be sourced from the ARM_CLIENT_CERTIFICATE_PATH environment variable.

getClientId

@Stability(Experimental)
@Nullable
default String getClientId()

(experimental) (Optional) The Client ID of the Service Principal.

This can also be sourced from the ARM_CLIENT_ID environment variable.

getClientSecret

@Stability(Experimental)
@Nullable
default String getClientSecret()

(experimental) (Optional) The Client Secret of the Service Principal.

This can also be sourced from the ARM_CLIENT_SECRET environment variable.

getEndpoint

@Stability(Experimental)
@Nullable
default String getEndpoint()

(experimental) (Optional) The Custom Endpoint for Azure Resource Manager. This can also be sourced from the ARM_ENDPOINT environment variable.

NOTE: An endpoint should only be configured when using Azure Stack.

getEnvironment

@Stability(Experimental)
@Nullable
default String getEnvironment()

(experimental) (Optional) The Azure Environment which should be used.

This can also be sourced from the ARM_ENVIRONMENT environment variable. Possible values are public, china, german, stack and usgovernment. Defaults to public.

getMetadataHost

@Stability(Experimental)
@Nullable
default String getMetadataHost()

(experimental) (Optional) The Hostname of the Azure Metadata Service (for example management.azure.com), used to obtain the Cloud Environment when using a Custom Azure Environment. This can also be sourced from the ARM_METADATA_HOSTNAME Environment Variable.).

getMsiEndpoint

@Stability(Experimental)
@Nullable
default String getMsiEndpoint()

(experimental) (Optional) The path to a custom Managed Service Identity endpoint which is automatically determined if not specified.

This can also be sourced from the ARM_MSI_ENDPOINT environment variable.

getOidcRequestToken

@Stability(Experimental)
@Nullable
default String getOidcRequestToken()

(experimental) (Optional) The bearer token for the request to the OIDC provider.

This can also be sourced from the ARM_OIDC_REQUEST_TOKEN or ACTIONS_ID_TOKEN_REQUEST_TOKEN environment variables.

getOidcRequestUrl

@Stability(Experimental)
@Nullable
default String getOidcRequestUrl()

(experimental) (Optional) The URL for the OIDC provider from which to request an ID token.

This can also be sourced from the ARM_OIDC_REQUEST_URL or ACTIONS_ID_TOKEN_REQUEST_URL environment variables.

getOidcToken

@Stability(Experimental)
@Nullable
default String getOidcToken()

(experimental) (Optional) The ID token when authenticating using OpenID Connect (OIDC).

This can also be sourced from the ARM_OIDC_TOKEN environment variable.

getOidcTokenFilePath

@Stability(Experimental)
@Nullable
default String getOidcTokenFilePath()

(experimental) (Optional) The path to a file containing an ID token when authenticating using OpenID Connect (OIDC).

This can also be sourced from the ARM_OIDC_TOKEN_FILE_PATH environment variable.

getResourceGroupName

@Stability(Experimental)
@Nullable
default String getResourceGroupName()

(experimental) (Required) The Name of the Resource Group in which the Storage Account exists.

getSasToken

@Stability(Experimental)
@Nullable
default String getSasToken()

(experimental) (Optional) The SAS Token used to access the Blob Storage Account.

This can also be sourced from the ARM_SAS_TOKEN environment variable.

getSnapshot

@Stability(Experimental)
@Nullable
default Boolean getSnapshot()

(experimental) (Optional) Should the Blob used to store the Terraform Statefile be snapshotted before use?

Defaults to false. This value can also be sourced from the ARM_SNAPSHOT environment variable.

getSubscriptionId

@Stability(Experimental)
@Nullable
default String getSubscriptionId()

(experimental) (Optional) The Subscription ID in which the Storage Account exists.

This can also be sourced from the ARM_SUBSCRIPTION_ID environment variable.

getTenantId

@Stability(Experimental)
@Nullable
default String getTenantId()

(experimental) (Optional) The Tenant ID in which the Subscription exists.

This can also be sourced from the ARM_TENANT_ID environment variable.

getUseAzureadAuth

@Stability(Experimental)
@Nullable
default Boolean getUseAzureadAuth()

(experimental) (Optional) Should AzureAD Authentication be used to access the Blob Storage Account.

This can also be sourced from the ARM_USE_AZUREAD environment variable.

Note: When using AzureAD for Authentication to Storage you also need to ensure the Storage Blob Data Owner role is assigned.

getUseMicrosoftGraph

@Stability(Experimental)
@Nullable
default Boolean getUseMicrosoftGraph()

(experimental) (Optional) Should MSAL be used for authentication instead of ADAL, and should Microsoft Graph be used instead of Azure Active Directory Graph?

Defaults to true.

Note: In Terraform 1.2 the Azure Backend uses MSAL (and Microsoft Graph) rather than ADAL (and Azure Active Directory Graph) for authentication by default - you can disable this by setting use_microsoft_graph to false. This setting will be removed in Terraform 1.3, due to Microsoft's deprecation of ADAL.

getUseMsi

@Stability(Experimental)
@Nullable
default Boolean getUseMsi()

(experimental) (Optional) Should Managed Service Identity authentication be used?

This can also be sourced from the ARM_USE_MSI environment variable.

getUseOidc

@Stability(Experimental)
@Nullable
default Boolean getUseOidc()

(experimental) (Optional) Should OIDC authentication be used? This can also be sourced from the ARM_USE_OIDC environment variable.

Note: When using OIDC for authentication, use_microsoft_graph must be set to true (which is the default).

builder

@Stability(Experimental)
static AzurermBackendConfig.Builder builder()

Returns:

a AzurermBackendConfig.Builder of AzurermBackendConfig