Documentation ¶
Index ¶
- type AuthBackend
- func (*AuthBackend) ElementType() reflect.Type
- func (i *AuthBackend) ToAuthBackendOutput() AuthBackendOutput
- func (i *AuthBackend) ToAuthBackendOutputWithContext(ctx context.Context) AuthBackendOutput
- func (i *AuthBackend) ToAuthBackendPtrOutput() AuthBackendPtrOutput
- func (i *AuthBackend) ToAuthBackendPtrOutputWithContext(ctx context.Context) AuthBackendPtrOutput
- type AuthBackendArgs
- type AuthBackendArray
- type AuthBackendArrayInput
- type AuthBackendArrayOutput
- func (AuthBackendArrayOutput) ElementType() reflect.Type
- func (o AuthBackendArrayOutput) Index(i pulumi.IntInput) AuthBackendOutput
- func (o AuthBackendArrayOutput) ToAuthBackendArrayOutput() AuthBackendArrayOutput
- func (o AuthBackendArrayOutput) ToAuthBackendArrayOutputWithContext(ctx context.Context) AuthBackendArrayOutput
- type AuthBackendInput
- type AuthBackendMap
- type AuthBackendMapInput
- type AuthBackendMapOutput
- func (AuthBackendMapOutput) ElementType() reflect.Type
- func (o AuthBackendMapOutput) MapIndex(k pulumi.StringInput) AuthBackendOutput
- func (o AuthBackendMapOutput) ToAuthBackendMapOutput() AuthBackendMapOutput
- func (o AuthBackendMapOutput) ToAuthBackendMapOutputWithContext(ctx context.Context) AuthBackendMapOutput
- type AuthBackendOutput
- func (AuthBackendOutput) ElementType() reflect.Type
- func (o AuthBackendOutput) ToAuthBackendOutput() AuthBackendOutput
- func (o AuthBackendOutput) ToAuthBackendOutputWithContext(ctx context.Context) AuthBackendOutput
- func (o AuthBackendOutput) ToAuthBackendPtrOutput() AuthBackendPtrOutput
- func (o AuthBackendOutput) ToAuthBackendPtrOutputWithContext(ctx context.Context) AuthBackendPtrOutput
- type AuthBackendPtrInput
- type AuthBackendPtrOutput
- type AuthBackendRole
- func (*AuthBackendRole) ElementType() reflect.Type
- func (i *AuthBackendRole) ToAuthBackendRoleOutput() AuthBackendRoleOutput
- func (i *AuthBackendRole) ToAuthBackendRoleOutputWithContext(ctx context.Context) AuthBackendRoleOutput
- func (i *AuthBackendRole) ToAuthBackendRolePtrOutput() AuthBackendRolePtrOutput
- func (i *AuthBackendRole) ToAuthBackendRolePtrOutputWithContext(ctx context.Context) AuthBackendRolePtrOutput
- type AuthBackendRoleArgs
- type AuthBackendRoleArray
- type AuthBackendRoleArrayInput
- type AuthBackendRoleArrayOutput
- func (AuthBackendRoleArrayOutput) ElementType() reflect.Type
- func (o AuthBackendRoleArrayOutput) Index(i pulumi.IntInput) AuthBackendRoleOutput
- func (o AuthBackendRoleArrayOutput) ToAuthBackendRoleArrayOutput() AuthBackendRoleArrayOutput
- func (o AuthBackendRoleArrayOutput) ToAuthBackendRoleArrayOutputWithContext(ctx context.Context) AuthBackendRoleArrayOutput
- type AuthBackendRoleInput
- type AuthBackendRoleMap
- type AuthBackendRoleMapInput
- type AuthBackendRoleMapOutput
- func (AuthBackendRoleMapOutput) ElementType() reflect.Type
- func (o AuthBackendRoleMapOutput) MapIndex(k pulumi.StringInput) AuthBackendRoleOutput
- func (o AuthBackendRoleMapOutput) ToAuthBackendRoleMapOutput() AuthBackendRoleMapOutput
- func (o AuthBackendRoleMapOutput) ToAuthBackendRoleMapOutputWithContext(ctx context.Context) AuthBackendRoleMapOutput
- type AuthBackendRoleOutput
- func (AuthBackendRoleOutput) ElementType() reflect.Type
- func (o AuthBackendRoleOutput) ToAuthBackendRoleOutput() AuthBackendRoleOutput
- func (o AuthBackendRoleOutput) ToAuthBackendRoleOutputWithContext(ctx context.Context) AuthBackendRoleOutput
- func (o AuthBackendRoleOutput) ToAuthBackendRolePtrOutput() AuthBackendRolePtrOutput
- func (o AuthBackendRoleOutput) ToAuthBackendRolePtrOutputWithContext(ctx context.Context) AuthBackendRolePtrOutput
- type AuthBackendRolePtrInput
- type AuthBackendRolePtrOutput
- type AuthBackendRoleState
- type AuthBackendState
- type SecretBackend
- func (*SecretBackend) ElementType() reflect.Type
- func (i *SecretBackend) ToSecretBackendOutput() SecretBackendOutput
- func (i *SecretBackend) ToSecretBackendOutputWithContext(ctx context.Context) SecretBackendOutput
- func (i *SecretBackend) ToSecretBackendPtrOutput() SecretBackendPtrOutput
- func (i *SecretBackend) ToSecretBackendPtrOutputWithContext(ctx context.Context) SecretBackendPtrOutput
- type SecretBackendArgs
- type SecretBackendArray
- type SecretBackendArrayInput
- type SecretBackendArrayOutput
- func (SecretBackendArrayOutput) ElementType() reflect.Type
- func (o SecretBackendArrayOutput) Index(i pulumi.IntInput) SecretBackendOutput
- func (o SecretBackendArrayOutput) ToSecretBackendArrayOutput() SecretBackendArrayOutput
- func (o SecretBackendArrayOutput) ToSecretBackendArrayOutputWithContext(ctx context.Context) SecretBackendArrayOutput
- type SecretBackendInput
- type SecretBackendMap
- type SecretBackendMapInput
- type SecretBackendMapOutput
- func (SecretBackendMapOutput) ElementType() reflect.Type
- func (o SecretBackendMapOutput) MapIndex(k pulumi.StringInput) SecretBackendOutput
- func (o SecretBackendMapOutput) ToSecretBackendMapOutput() SecretBackendMapOutput
- func (o SecretBackendMapOutput) ToSecretBackendMapOutputWithContext(ctx context.Context) SecretBackendMapOutput
- type SecretBackendOutput
- func (SecretBackendOutput) ElementType() reflect.Type
- func (o SecretBackendOutput) ToSecretBackendOutput() SecretBackendOutput
- func (o SecretBackendOutput) ToSecretBackendOutputWithContext(ctx context.Context) SecretBackendOutput
- func (o SecretBackendOutput) ToSecretBackendPtrOutput() SecretBackendPtrOutput
- func (o SecretBackendOutput) ToSecretBackendPtrOutputWithContext(ctx context.Context) SecretBackendPtrOutput
- type SecretBackendPtrInput
- type SecretBackendPtrOutput
- type SecretBackendState
- type SecretRoleset
- func (*SecretRoleset) ElementType() reflect.Type
- func (i *SecretRoleset) ToSecretRolesetOutput() SecretRolesetOutput
- func (i *SecretRoleset) ToSecretRolesetOutputWithContext(ctx context.Context) SecretRolesetOutput
- func (i *SecretRoleset) ToSecretRolesetPtrOutput() SecretRolesetPtrOutput
- func (i *SecretRoleset) ToSecretRolesetPtrOutputWithContext(ctx context.Context) SecretRolesetPtrOutput
- type SecretRolesetArgs
- type SecretRolesetArray
- type SecretRolesetArrayInput
- type SecretRolesetArrayOutput
- func (SecretRolesetArrayOutput) ElementType() reflect.Type
- func (o SecretRolesetArrayOutput) Index(i pulumi.IntInput) SecretRolesetOutput
- func (o SecretRolesetArrayOutput) ToSecretRolesetArrayOutput() SecretRolesetArrayOutput
- func (o SecretRolesetArrayOutput) ToSecretRolesetArrayOutputWithContext(ctx context.Context) SecretRolesetArrayOutput
- type SecretRolesetBinding
- type SecretRolesetBindingArgs
- type SecretRolesetBindingArray
- type SecretRolesetBindingArrayInput
- type SecretRolesetBindingArrayOutput
- func (SecretRolesetBindingArrayOutput) ElementType() reflect.Type
- func (o SecretRolesetBindingArrayOutput) Index(i pulumi.IntInput) SecretRolesetBindingOutput
- func (o SecretRolesetBindingArrayOutput) ToSecretRolesetBindingArrayOutput() SecretRolesetBindingArrayOutput
- func (o SecretRolesetBindingArrayOutput) ToSecretRolesetBindingArrayOutputWithContext(ctx context.Context) SecretRolesetBindingArrayOutput
- type SecretRolesetBindingInput
- type SecretRolesetBindingOutput
- func (SecretRolesetBindingOutput) ElementType() reflect.Type
- func (o SecretRolesetBindingOutput) Resource() pulumi.StringOutput
- func (o SecretRolesetBindingOutput) Roles() pulumi.StringArrayOutput
- func (o SecretRolesetBindingOutput) ToSecretRolesetBindingOutput() SecretRolesetBindingOutput
- func (o SecretRolesetBindingOutput) ToSecretRolesetBindingOutputWithContext(ctx context.Context) SecretRolesetBindingOutput
- type SecretRolesetInput
- type SecretRolesetMap
- type SecretRolesetMapInput
- type SecretRolesetMapOutput
- func (SecretRolesetMapOutput) ElementType() reflect.Type
- func (o SecretRolesetMapOutput) MapIndex(k pulumi.StringInput) SecretRolesetOutput
- func (o SecretRolesetMapOutput) ToSecretRolesetMapOutput() SecretRolesetMapOutput
- func (o SecretRolesetMapOutput) ToSecretRolesetMapOutputWithContext(ctx context.Context) SecretRolesetMapOutput
- type SecretRolesetOutput
- func (SecretRolesetOutput) ElementType() reflect.Type
- func (o SecretRolesetOutput) ToSecretRolesetOutput() SecretRolesetOutput
- func (o SecretRolesetOutput) ToSecretRolesetOutputWithContext(ctx context.Context) SecretRolesetOutput
- func (o SecretRolesetOutput) ToSecretRolesetPtrOutput() SecretRolesetPtrOutput
- func (o SecretRolesetOutput) ToSecretRolesetPtrOutputWithContext(ctx context.Context) SecretRolesetPtrOutput
- type SecretRolesetPtrInput
- type SecretRolesetPtrOutput
- type SecretRolesetState
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AuthBackend ¶
type AuthBackend struct { pulumi.CustomResourceState // The clients email associated with the credentials ClientEmail pulumi.StringOutput `pulumi:"clientEmail"` // The Client ID of the credentials ClientId pulumi.StringOutput `pulumi:"clientId"` // A JSON string containing the contents of a GCP credentials file. If this value is empty, Vault will try to use Application Default Credentials from the machine on which the Vault server is running. Credentials pulumi.StringPtrOutput `pulumi:"credentials"` // A description of the auth method. Description pulumi.StringPtrOutput `pulumi:"description"` // Specifies if the auth method is local only. Local pulumi.BoolPtrOutput `pulumi:"local"` // The path to mount the auth method — this defaults to 'gcp'. Path pulumi.StringPtrOutput `pulumi:"path"` // The ID of the private key from the credentials PrivateKeyId pulumi.StringOutput `pulumi:"privateKeyId"` // The GCP Project ID ProjectId pulumi.StringOutput `pulumi:"projectId"` }
Provides a resource to configure the [GCP auth backend within Vault](https://www.vaultproject.io/docs/auth/gcp.html).
## Import
GCP authentication backends can be imported using the backend name, e.g.
```sh
$ pulumi import vault:gcp/authBackend:AuthBackend gcp gcp
```
func GetAuthBackend ¶
func GetAuthBackend(ctx *pulumi.Context, name string, id pulumi.IDInput, state *AuthBackendState, opts ...pulumi.ResourceOption) (*AuthBackend, error)
GetAuthBackend gets an existing AuthBackend resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewAuthBackend ¶
func NewAuthBackend(ctx *pulumi.Context, name string, args *AuthBackendArgs, opts ...pulumi.ResourceOption) (*AuthBackend, error)
NewAuthBackend registers a new resource with the given unique name, arguments, and options.
func (*AuthBackend) ElementType ¶ added in v3.0.2
func (*AuthBackend) ElementType() reflect.Type
func (*AuthBackend) ToAuthBackendOutput ¶ added in v3.0.2
func (i *AuthBackend) ToAuthBackendOutput() AuthBackendOutput
func (*AuthBackend) ToAuthBackendOutputWithContext ¶ added in v3.0.2
func (i *AuthBackend) ToAuthBackendOutputWithContext(ctx context.Context) AuthBackendOutput
func (*AuthBackend) ToAuthBackendPtrOutput ¶ added in v3.4.1
func (i *AuthBackend) ToAuthBackendPtrOutput() AuthBackendPtrOutput
func (*AuthBackend) ToAuthBackendPtrOutputWithContext ¶ added in v3.4.1
func (i *AuthBackend) ToAuthBackendPtrOutputWithContext(ctx context.Context) AuthBackendPtrOutput
type AuthBackendArgs ¶
type AuthBackendArgs struct { // The clients email associated with the credentials ClientEmail pulumi.StringPtrInput // The Client ID of the credentials ClientId pulumi.StringPtrInput // A JSON string containing the contents of a GCP credentials file. If this value is empty, Vault will try to use Application Default Credentials from the machine on which the Vault server is running. Credentials pulumi.StringPtrInput // A description of the auth method. Description pulumi.StringPtrInput // Specifies if the auth method is local only. Local pulumi.BoolPtrInput // The path to mount the auth method — this defaults to 'gcp'. Path pulumi.StringPtrInput // The ID of the private key from the credentials PrivateKeyId pulumi.StringPtrInput // The GCP Project ID ProjectId pulumi.StringPtrInput }
The set of arguments for constructing a AuthBackend resource.
func (AuthBackendArgs) ElementType ¶
func (AuthBackendArgs) ElementType() reflect.Type
type AuthBackendArray ¶ added in v3.4.1
type AuthBackendArray []AuthBackendInput
func (AuthBackendArray) ElementType ¶ added in v3.4.1
func (AuthBackendArray) ElementType() reflect.Type
func (AuthBackendArray) ToAuthBackendArrayOutput ¶ added in v3.4.1
func (i AuthBackendArray) ToAuthBackendArrayOutput() AuthBackendArrayOutput
func (AuthBackendArray) ToAuthBackendArrayOutputWithContext ¶ added in v3.4.1
func (i AuthBackendArray) ToAuthBackendArrayOutputWithContext(ctx context.Context) AuthBackendArrayOutput
type AuthBackendArrayInput ¶ added in v3.4.1
type AuthBackendArrayInput interface { pulumi.Input ToAuthBackendArrayOutput() AuthBackendArrayOutput ToAuthBackendArrayOutputWithContext(context.Context) AuthBackendArrayOutput }
AuthBackendArrayInput is an input type that accepts AuthBackendArray and AuthBackendArrayOutput values. You can construct a concrete instance of `AuthBackendArrayInput` via:
AuthBackendArray{ AuthBackendArgs{...} }
type AuthBackendArrayOutput ¶ added in v3.4.1
type AuthBackendArrayOutput struct{ *pulumi.OutputState }
func (AuthBackendArrayOutput) ElementType ¶ added in v3.4.1
func (AuthBackendArrayOutput) ElementType() reflect.Type
func (AuthBackendArrayOutput) Index ¶ added in v3.4.1
func (o AuthBackendArrayOutput) Index(i pulumi.IntInput) AuthBackendOutput
func (AuthBackendArrayOutput) ToAuthBackendArrayOutput ¶ added in v3.4.1
func (o AuthBackendArrayOutput) ToAuthBackendArrayOutput() AuthBackendArrayOutput
func (AuthBackendArrayOutput) ToAuthBackendArrayOutputWithContext ¶ added in v3.4.1
func (o AuthBackendArrayOutput) ToAuthBackendArrayOutputWithContext(ctx context.Context) AuthBackendArrayOutput
type AuthBackendInput ¶ added in v3.0.2
type AuthBackendInput interface { pulumi.Input ToAuthBackendOutput() AuthBackendOutput ToAuthBackendOutputWithContext(ctx context.Context) AuthBackendOutput }
type AuthBackendMap ¶ added in v3.4.1
type AuthBackendMap map[string]AuthBackendInput
func (AuthBackendMap) ElementType ¶ added in v3.4.1
func (AuthBackendMap) ElementType() reflect.Type
func (AuthBackendMap) ToAuthBackendMapOutput ¶ added in v3.4.1
func (i AuthBackendMap) ToAuthBackendMapOutput() AuthBackendMapOutput
func (AuthBackendMap) ToAuthBackendMapOutputWithContext ¶ added in v3.4.1
func (i AuthBackendMap) ToAuthBackendMapOutputWithContext(ctx context.Context) AuthBackendMapOutput
type AuthBackendMapInput ¶ added in v3.4.1
type AuthBackendMapInput interface { pulumi.Input ToAuthBackendMapOutput() AuthBackendMapOutput ToAuthBackendMapOutputWithContext(context.Context) AuthBackendMapOutput }
AuthBackendMapInput is an input type that accepts AuthBackendMap and AuthBackendMapOutput values. You can construct a concrete instance of `AuthBackendMapInput` via:
AuthBackendMap{ "key": AuthBackendArgs{...} }
type AuthBackendMapOutput ¶ added in v3.4.1
type AuthBackendMapOutput struct{ *pulumi.OutputState }
func (AuthBackendMapOutput) ElementType ¶ added in v3.4.1
func (AuthBackendMapOutput) ElementType() reflect.Type
func (AuthBackendMapOutput) MapIndex ¶ added in v3.4.1
func (o AuthBackendMapOutput) MapIndex(k pulumi.StringInput) AuthBackendOutput
func (AuthBackendMapOutput) ToAuthBackendMapOutput ¶ added in v3.4.1
func (o AuthBackendMapOutput) ToAuthBackendMapOutput() AuthBackendMapOutput
func (AuthBackendMapOutput) ToAuthBackendMapOutputWithContext ¶ added in v3.4.1
func (o AuthBackendMapOutput) ToAuthBackendMapOutputWithContext(ctx context.Context) AuthBackendMapOutput
type AuthBackendOutput ¶ added in v3.0.2
type AuthBackendOutput struct {
*pulumi.OutputState
}
func (AuthBackendOutput) ElementType ¶ added in v3.0.2
func (AuthBackendOutput) ElementType() reflect.Type
func (AuthBackendOutput) ToAuthBackendOutput ¶ added in v3.0.2
func (o AuthBackendOutput) ToAuthBackendOutput() AuthBackendOutput
func (AuthBackendOutput) ToAuthBackendOutputWithContext ¶ added in v3.0.2
func (o AuthBackendOutput) ToAuthBackendOutputWithContext(ctx context.Context) AuthBackendOutput
func (AuthBackendOutput) ToAuthBackendPtrOutput ¶ added in v3.4.1
func (o AuthBackendOutput) ToAuthBackendPtrOutput() AuthBackendPtrOutput
func (AuthBackendOutput) ToAuthBackendPtrOutputWithContext ¶ added in v3.4.1
func (o AuthBackendOutput) ToAuthBackendPtrOutputWithContext(ctx context.Context) AuthBackendPtrOutput
type AuthBackendPtrInput ¶ added in v3.4.1
type AuthBackendPtrInput interface { pulumi.Input ToAuthBackendPtrOutput() AuthBackendPtrOutput ToAuthBackendPtrOutputWithContext(ctx context.Context) AuthBackendPtrOutput }
type AuthBackendPtrOutput ¶ added in v3.4.1
type AuthBackendPtrOutput struct {
*pulumi.OutputState
}
func (AuthBackendPtrOutput) ElementType ¶ added in v3.4.1
func (AuthBackendPtrOutput) ElementType() reflect.Type
func (AuthBackendPtrOutput) ToAuthBackendPtrOutput ¶ added in v3.4.1
func (o AuthBackendPtrOutput) ToAuthBackendPtrOutput() AuthBackendPtrOutput
func (AuthBackendPtrOutput) ToAuthBackendPtrOutputWithContext ¶ added in v3.4.1
func (o AuthBackendPtrOutput) ToAuthBackendPtrOutputWithContext(ctx context.Context) AuthBackendPtrOutput
type AuthBackendRole ¶
type AuthBackendRole struct { pulumi.CustomResourceState AddGroupAliases pulumi.BoolOutput `pulumi:"addGroupAliases"` // A flag to determine if this role should allow GCE instances to authenticate by inferring service accounts from the GCE identity metadata token. AllowGceInference pulumi.BoolOutput `pulumi:"allowGceInference"` // Path to the mounted GCP auth backend Backend pulumi.StringPtrOutput `pulumi:"backend"` // The instance groups that an authorized instance must belong to in order to be authenticated. If specified, either `boundZones` or `boundRegions` must be set too. BoundInstanceGroups pulumi.StringArrayOutput `pulumi:"boundInstanceGroups"` // A comma-separated list of GCP labels formatted as `"key:value"` strings that must be set on authorized GCE instances. Because GCP labels are not currently ACL'd, we recommend that this be used in conjunction with other restrictions. BoundLabels pulumi.StringArrayOutput `pulumi:"boundLabels"` // GCP Projects that the role exists within BoundProjects pulumi.StringArrayOutput `pulumi:"boundProjects"` // The list of regions that a GCE instance must belong to in order to be authenticated. If boundInstanceGroups is provided, it is assumed to be a regional group and the group must belong to this region. If boundZones are provided, this attribute is ignored. BoundRegions pulumi.StringArrayOutput `pulumi:"boundRegions"` // GCP Service Accounts allowed to issue tokens under this role. (Note: **Required** if role is `iam`) BoundServiceAccounts pulumi.StringArrayOutput `pulumi:"boundServiceAccounts"` // The list of zones that a GCE instance must belong to in order to be authenticated. If boundInstanceGroups is provided, it is assumed to be a zonal group and the group must belong to this zone. BoundZones pulumi.StringArrayOutput `pulumi:"boundZones"` // The number of seconds past the time of authentication that the login param JWT must expire within. For example, if a user attempts to login with a token that expires within an hour and this is set to 15 minutes, Vault will return an error prompting the user to create a new signed JWT with a shorter `exp`. The GCE metadata tokens currently do not allow the `exp` claim to be customized. MaxJwtExp pulumi.StringOutput `pulumi:"maxJwtExp"` // The maximum allowed lifetime of tokens // issued using this role, provided as a number of seconds. // // Deprecated: use `token_max_ttl` instead if you are running Vault >= 1.2 MaxTtl pulumi.StringOutput `pulumi:"maxTtl"` // If set, indicates that the // token generated using this role should never expire. The token should be renewed within the // duration specified by this value. At each renewal, the token's TTL will be set to the // value of this field. Specified in seconds. // // Deprecated: use `token_period` instead if you are running Vault >= 1.2 Period pulumi.StringOutput `pulumi:"period"` // An array of strings // specifying the policies to be set on tokens issued using this role. // // Deprecated: use `token_policies` instead if you are running Vault >= 1.2 Policies pulumi.StringArrayOutput `pulumi:"policies"` // Name of the GCP role Role pulumi.StringOutput `pulumi:"role"` // List of CIDR blocks; if set, specifies blocks of IP // addresses which can authenticate successfully, and ties the resulting token to these blocks // as well. TokenBoundCidrs pulumi.StringArrayOutput `pulumi:"tokenBoundCidrs"` // If set, will encode an // [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls) // onto the token in number of seconds. This is a hard cap even if `tokenTtl` and // `tokenMaxTtl` would otherwise allow a renewal. TokenExplicitMaxTtl pulumi.IntPtrOutput `pulumi:"tokenExplicitMaxTtl"` // The maximum lifetime for generated tokens in number of seconds. // Its current value will be referenced at renewal time. TokenMaxTtl pulumi.IntPtrOutput `pulumi:"tokenMaxTtl"` // If set, the default policy will not be set on // generated tokens; otherwise it will be added to the policies set in token_policies. TokenNoDefaultPolicy pulumi.BoolPtrOutput `pulumi:"tokenNoDefaultPolicy"` // The // [period](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls), // if any, in number of seconds to set on the token. TokenNumUses pulumi.IntPtrOutput `pulumi:"tokenNumUses"` // If set, indicates that the // token generated using this role should never expire. The token should be renewed within the // duration specified by this value. At each renewal, the token's TTL will be set to the // value of this field. Specified in seconds. TokenPeriod pulumi.IntPtrOutput `pulumi:"tokenPeriod"` // List of policies to encode onto generated tokens. Depending // on the auth method, this list may be supplemented by user/group/other values. TokenPolicies pulumi.StringArrayOutput `pulumi:"tokenPolicies"` // The incremental lifetime for generated tokens in number of seconds. // Its current value will be referenced at renewal time. TokenTtl pulumi.IntPtrOutput `pulumi:"tokenTtl"` // The type of token that should be generated. Can be `service`, // `batch`, or `default` to use the mount's tuned default (which unless changed will be // `service` tokens). For token store roles, there are two additional possibilities: // `default-service` and `default-batch` which specify the type to return unless the client // requests a different type at generation time. TokenType pulumi.StringPtrOutput `pulumi:"tokenType"` // The TTL period of tokens issued // using this role, provided as a number of seconds. // // Deprecated: use `token_ttl` instead if you are running Vault >= 1.2 Ttl pulumi.StringOutput `pulumi:"ttl"` // Type of GCP authentication role (either `gce` or `iam`) Type pulumi.StringOutput `pulumi:"type"` }
Provides a resource to create a role in an [GCP auth backend within Vault](https://www.vaultproject.io/docs/auth/gcp.html).
## Import
GCP authentication roles can be imported using the `path`, e.g.
```sh
$ pulumi import vault:gcp/authBackendRole:AuthBackendRole my_role auth/gcp/role/my_role
```
func GetAuthBackendRole ¶
func GetAuthBackendRole(ctx *pulumi.Context, name string, id pulumi.IDInput, state *AuthBackendRoleState, opts ...pulumi.ResourceOption) (*AuthBackendRole, error)
GetAuthBackendRole gets an existing AuthBackendRole resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewAuthBackendRole ¶
func NewAuthBackendRole(ctx *pulumi.Context, name string, args *AuthBackendRoleArgs, opts ...pulumi.ResourceOption) (*AuthBackendRole, error)
NewAuthBackendRole registers a new resource with the given unique name, arguments, and options.
func (*AuthBackendRole) ElementType ¶ added in v3.0.2
func (*AuthBackendRole) ElementType() reflect.Type
func (*AuthBackendRole) ToAuthBackendRoleOutput ¶ added in v3.0.2
func (i *AuthBackendRole) ToAuthBackendRoleOutput() AuthBackendRoleOutput
func (*AuthBackendRole) ToAuthBackendRoleOutputWithContext ¶ added in v3.0.2
func (i *AuthBackendRole) ToAuthBackendRoleOutputWithContext(ctx context.Context) AuthBackendRoleOutput
func (*AuthBackendRole) ToAuthBackendRolePtrOutput ¶ added in v3.4.1
func (i *AuthBackendRole) ToAuthBackendRolePtrOutput() AuthBackendRolePtrOutput
func (*AuthBackendRole) ToAuthBackendRolePtrOutputWithContext ¶ added in v3.4.1
func (i *AuthBackendRole) ToAuthBackendRolePtrOutputWithContext(ctx context.Context) AuthBackendRolePtrOutput
type AuthBackendRoleArgs ¶
type AuthBackendRoleArgs struct { AddGroupAliases pulumi.BoolPtrInput // A flag to determine if this role should allow GCE instances to authenticate by inferring service accounts from the GCE identity metadata token. AllowGceInference pulumi.BoolPtrInput // Path to the mounted GCP auth backend Backend pulumi.StringPtrInput // The instance groups that an authorized instance must belong to in order to be authenticated. If specified, either `boundZones` or `boundRegions` must be set too. BoundInstanceGroups pulumi.StringArrayInput // A comma-separated list of GCP labels formatted as `"key:value"` strings that must be set on authorized GCE instances. Because GCP labels are not currently ACL'd, we recommend that this be used in conjunction with other restrictions. BoundLabels pulumi.StringArrayInput // GCP Projects that the role exists within BoundProjects pulumi.StringArrayInput // The list of regions that a GCE instance must belong to in order to be authenticated. If boundInstanceGroups is provided, it is assumed to be a regional group and the group must belong to this region. If boundZones are provided, this attribute is ignored. BoundRegions pulumi.StringArrayInput // GCP Service Accounts allowed to issue tokens under this role. (Note: **Required** if role is `iam`) BoundServiceAccounts pulumi.StringArrayInput // The list of zones that a GCE instance must belong to in order to be authenticated. If boundInstanceGroups is provided, it is assumed to be a zonal group and the group must belong to this zone. BoundZones pulumi.StringArrayInput // The number of seconds past the time of authentication that the login param JWT must expire within. For example, if a user attempts to login with a token that expires within an hour and this is set to 15 minutes, Vault will return an error prompting the user to create a new signed JWT with a shorter `exp`. The GCE metadata tokens currently do not allow the `exp` claim to be customized. MaxJwtExp pulumi.StringPtrInput // The maximum allowed lifetime of tokens // issued using this role, provided as a number of seconds. // // Deprecated: use `token_max_ttl` instead if you are running Vault >= 1.2 MaxTtl pulumi.StringPtrInput // If set, indicates that the // token generated using this role should never expire. The token should be renewed within the // duration specified by this value. At each renewal, the token's TTL will be set to the // value of this field. Specified in seconds. // // Deprecated: use `token_period` instead if you are running Vault >= 1.2 Period pulumi.StringPtrInput // An array of strings // specifying the policies to be set on tokens issued using this role. // // Deprecated: use `token_policies` instead if you are running Vault >= 1.2 Policies pulumi.StringArrayInput // Name of the GCP role Role pulumi.StringInput // List of CIDR blocks; if set, specifies blocks of IP // addresses which can authenticate successfully, and ties the resulting token to these blocks // as well. TokenBoundCidrs pulumi.StringArrayInput // If set, will encode an // [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls) // onto the token in number of seconds. This is a hard cap even if `tokenTtl` and // `tokenMaxTtl` would otherwise allow a renewal. TokenExplicitMaxTtl pulumi.IntPtrInput // The maximum lifetime for generated tokens in number of seconds. // Its current value will be referenced at renewal time. TokenMaxTtl pulumi.IntPtrInput // If set, the default policy will not be set on // generated tokens; otherwise it will be added to the policies set in token_policies. TokenNoDefaultPolicy pulumi.BoolPtrInput // The // [period](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls), // if any, in number of seconds to set on the token. TokenNumUses pulumi.IntPtrInput // If set, indicates that the // token generated using this role should never expire. The token should be renewed within the // duration specified by this value. At each renewal, the token's TTL will be set to the // value of this field. Specified in seconds. TokenPeriod pulumi.IntPtrInput // List of policies to encode onto generated tokens. Depending // on the auth method, this list may be supplemented by user/group/other values. TokenPolicies pulumi.StringArrayInput // The incremental lifetime for generated tokens in number of seconds. // Its current value will be referenced at renewal time. TokenTtl pulumi.IntPtrInput // The type of token that should be generated. Can be `service`, // `batch`, or `default` to use the mount's tuned default (which unless changed will be // `service` tokens). For token store roles, there are two additional possibilities: // `default-service` and `default-batch` which specify the type to return unless the client // requests a different type at generation time. TokenType pulumi.StringPtrInput // The TTL period of tokens issued // using this role, provided as a number of seconds. // // Deprecated: use `token_ttl` instead if you are running Vault >= 1.2 Ttl pulumi.StringPtrInput // Type of GCP authentication role (either `gce` or `iam`) Type pulumi.StringInput }
The set of arguments for constructing a AuthBackendRole resource.
func (AuthBackendRoleArgs) ElementType ¶
func (AuthBackendRoleArgs) ElementType() reflect.Type
type AuthBackendRoleArray ¶ added in v3.4.1
type AuthBackendRoleArray []AuthBackendRoleInput
func (AuthBackendRoleArray) ElementType ¶ added in v3.4.1
func (AuthBackendRoleArray) ElementType() reflect.Type
func (AuthBackendRoleArray) ToAuthBackendRoleArrayOutput ¶ added in v3.4.1
func (i AuthBackendRoleArray) ToAuthBackendRoleArrayOutput() AuthBackendRoleArrayOutput
func (AuthBackendRoleArray) ToAuthBackendRoleArrayOutputWithContext ¶ added in v3.4.1
func (i AuthBackendRoleArray) ToAuthBackendRoleArrayOutputWithContext(ctx context.Context) AuthBackendRoleArrayOutput
type AuthBackendRoleArrayInput ¶ added in v3.4.1
type AuthBackendRoleArrayInput interface { pulumi.Input ToAuthBackendRoleArrayOutput() AuthBackendRoleArrayOutput ToAuthBackendRoleArrayOutputWithContext(context.Context) AuthBackendRoleArrayOutput }
AuthBackendRoleArrayInput is an input type that accepts AuthBackendRoleArray and AuthBackendRoleArrayOutput values. You can construct a concrete instance of `AuthBackendRoleArrayInput` via:
AuthBackendRoleArray{ AuthBackendRoleArgs{...} }
type AuthBackendRoleArrayOutput ¶ added in v3.4.1
type AuthBackendRoleArrayOutput struct{ *pulumi.OutputState }
func (AuthBackendRoleArrayOutput) ElementType ¶ added in v3.4.1
func (AuthBackendRoleArrayOutput) ElementType() reflect.Type
func (AuthBackendRoleArrayOutput) Index ¶ added in v3.4.1
func (o AuthBackendRoleArrayOutput) Index(i pulumi.IntInput) AuthBackendRoleOutput
func (AuthBackendRoleArrayOutput) ToAuthBackendRoleArrayOutput ¶ added in v3.4.1
func (o AuthBackendRoleArrayOutput) ToAuthBackendRoleArrayOutput() AuthBackendRoleArrayOutput
func (AuthBackendRoleArrayOutput) ToAuthBackendRoleArrayOutputWithContext ¶ added in v3.4.1
func (o AuthBackendRoleArrayOutput) ToAuthBackendRoleArrayOutputWithContext(ctx context.Context) AuthBackendRoleArrayOutput
type AuthBackendRoleInput ¶ added in v3.0.2
type AuthBackendRoleInput interface { pulumi.Input ToAuthBackendRoleOutput() AuthBackendRoleOutput ToAuthBackendRoleOutputWithContext(ctx context.Context) AuthBackendRoleOutput }
type AuthBackendRoleMap ¶ added in v3.4.1
type AuthBackendRoleMap map[string]AuthBackendRoleInput
func (AuthBackendRoleMap) ElementType ¶ added in v3.4.1
func (AuthBackendRoleMap) ElementType() reflect.Type
func (AuthBackendRoleMap) ToAuthBackendRoleMapOutput ¶ added in v3.4.1
func (i AuthBackendRoleMap) ToAuthBackendRoleMapOutput() AuthBackendRoleMapOutput
func (AuthBackendRoleMap) ToAuthBackendRoleMapOutputWithContext ¶ added in v3.4.1
func (i AuthBackendRoleMap) ToAuthBackendRoleMapOutputWithContext(ctx context.Context) AuthBackendRoleMapOutput
type AuthBackendRoleMapInput ¶ added in v3.4.1
type AuthBackendRoleMapInput interface { pulumi.Input ToAuthBackendRoleMapOutput() AuthBackendRoleMapOutput ToAuthBackendRoleMapOutputWithContext(context.Context) AuthBackendRoleMapOutput }
AuthBackendRoleMapInput is an input type that accepts AuthBackendRoleMap and AuthBackendRoleMapOutput values. You can construct a concrete instance of `AuthBackendRoleMapInput` via:
AuthBackendRoleMap{ "key": AuthBackendRoleArgs{...} }
type AuthBackendRoleMapOutput ¶ added in v3.4.1
type AuthBackendRoleMapOutput struct{ *pulumi.OutputState }
func (AuthBackendRoleMapOutput) ElementType ¶ added in v3.4.1
func (AuthBackendRoleMapOutput) ElementType() reflect.Type
func (AuthBackendRoleMapOutput) MapIndex ¶ added in v3.4.1
func (o AuthBackendRoleMapOutput) MapIndex(k pulumi.StringInput) AuthBackendRoleOutput
func (AuthBackendRoleMapOutput) ToAuthBackendRoleMapOutput ¶ added in v3.4.1
func (o AuthBackendRoleMapOutput) ToAuthBackendRoleMapOutput() AuthBackendRoleMapOutput
func (AuthBackendRoleMapOutput) ToAuthBackendRoleMapOutputWithContext ¶ added in v3.4.1
func (o AuthBackendRoleMapOutput) ToAuthBackendRoleMapOutputWithContext(ctx context.Context) AuthBackendRoleMapOutput
type AuthBackendRoleOutput ¶ added in v3.0.2
type AuthBackendRoleOutput struct {
*pulumi.OutputState
}
func (AuthBackendRoleOutput) ElementType ¶ added in v3.0.2
func (AuthBackendRoleOutput) ElementType() reflect.Type
func (AuthBackendRoleOutput) ToAuthBackendRoleOutput ¶ added in v3.0.2
func (o AuthBackendRoleOutput) ToAuthBackendRoleOutput() AuthBackendRoleOutput
func (AuthBackendRoleOutput) ToAuthBackendRoleOutputWithContext ¶ added in v3.0.2
func (o AuthBackendRoleOutput) ToAuthBackendRoleOutputWithContext(ctx context.Context) AuthBackendRoleOutput
func (AuthBackendRoleOutput) ToAuthBackendRolePtrOutput ¶ added in v3.4.1
func (o AuthBackendRoleOutput) ToAuthBackendRolePtrOutput() AuthBackendRolePtrOutput
func (AuthBackendRoleOutput) ToAuthBackendRolePtrOutputWithContext ¶ added in v3.4.1
func (o AuthBackendRoleOutput) ToAuthBackendRolePtrOutputWithContext(ctx context.Context) AuthBackendRolePtrOutput
type AuthBackendRolePtrInput ¶ added in v3.4.1
type AuthBackendRolePtrInput interface { pulumi.Input ToAuthBackendRolePtrOutput() AuthBackendRolePtrOutput ToAuthBackendRolePtrOutputWithContext(ctx context.Context) AuthBackendRolePtrOutput }
type AuthBackendRolePtrOutput ¶ added in v3.4.1
type AuthBackendRolePtrOutput struct {
*pulumi.OutputState
}
func (AuthBackendRolePtrOutput) ElementType ¶ added in v3.4.1
func (AuthBackendRolePtrOutput) ElementType() reflect.Type
func (AuthBackendRolePtrOutput) ToAuthBackendRolePtrOutput ¶ added in v3.4.1
func (o AuthBackendRolePtrOutput) ToAuthBackendRolePtrOutput() AuthBackendRolePtrOutput
func (AuthBackendRolePtrOutput) ToAuthBackendRolePtrOutputWithContext ¶ added in v3.4.1
func (o AuthBackendRolePtrOutput) ToAuthBackendRolePtrOutputWithContext(ctx context.Context) AuthBackendRolePtrOutput
type AuthBackendRoleState ¶
type AuthBackendRoleState struct { AddGroupAliases pulumi.BoolPtrInput // A flag to determine if this role should allow GCE instances to authenticate by inferring service accounts from the GCE identity metadata token. AllowGceInference pulumi.BoolPtrInput // Path to the mounted GCP auth backend Backend pulumi.StringPtrInput // The instance groups that an authorized instance must belong to in order to be authenticated. If specified, either `boundZones` or `boundRegions` must be set too. BoundInstanceGroups pulumi.StringArrayInput // A comma-separated list of GCP labels formatted as `"key:value"` strings that must be set on authorized GCE instances. Because GCP labels are not currently ACL'd, we recommend that this be used in conjunction with other restrictions. BoundLabels pulumi.StringArrayInput // GCP Projects that the role exists within BoundProjects pulumi.StringArrayInput // The list of regions that a GCE instance must belong to in order to be authenticated. If boundInstanceGroups is provided, it is assumed to be a regional group and the group must belong to this region. If boundZones are provided, this attribute is ignored. BoundRegions pulumi.StringArrayInput // GCP Service Accounts allowed to issue tokens under this role. (Note: **Required** if role is `iam`) BoundServiceAccounts pulumi.StringArrayInput // The list of zones that a GCE instance must belong to in order to be authenticated. If boundInstanceGroups is provided, it is assumed to be a zonal group and the group must belong to this zone. BoundZones pulumi.StringArrayInput // The number of seconds past the time of authentication that the login param JWT must expire within. For example, if a user attempts to login with a token that expires within an hour and this is set to 15 minutes, Vault will return an error prompting the user to create a new signed JWT with a shorter `exp`. The GCE metadata tokens currently do not allow the `exp` claim to be customized. MaxJwtExp pulumi.StringPtrInput // The maximum allowed lifetime of tokens // issued using this role, provided as a number of seconds. // // Deprecated: use `token_max_ttl` instead if you are running Vault >= 1.2 MaxTtl pulumi.StringPtrInput // If set, indicates that the // token generated using this role should never expire. The token should be renewed within the // duration specified by this value. At each renewal, the token's TTL will be set to the // value of this field. Specified in seconds. // // Deprecated: use `token_period` instead if you are running Vault >= 1.2 Period pulumi.StringPtrInput // An array of strings // specifying the policies to be set on tokens issued using this role. // // Deprecated: use `token_policies` instead if you are running Vault >= 1.2 Policies pulumi.StringArrayInput // Name of the GCP role Role pulumi.StringPtrInput // List of CIDR blocks; if set, specifies blocks of IP // addresses which can authenticate successfully, and ties the resulting token to these blocks // as well. TokenBoundCidrs pulumi.StringArrayInput // If set, will encode an // [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls) // onto the token in number of seconds. This is a hard cap even if `tokenTtl` and // `tokenMaxTtl` would otherwise allow a renewal. TokenExplicitMaxTtl pulumi.IntPtrInput // The maximum lifetime for generated tokens in number of seconds. // Its current value will be referenced at renewal time. TokenMaxTtl pulumi.IntPtrInput // If set, the default policy will not be set on // generated tokens; otherwise it will be added to the policies set in token_policies. TokenNoDefaultPolicy pulumi.BoolPtrInput // The // [period](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls), // if any, in number of seconds to set on the token. TokenNumUses pulumi.IntPtrInput // If set, indicates that the // token generated using this role should never expire. The token should be renewed within the // duration specified by this value. At each renewal, the token's TTL will be set to the // value of this field. Specified in seconds. TokenPeriod pulumi.IntPtrInput // List of policies to encode onto generated tokens. Depending // on the auth method, this list may be supplemented by user/group/other values. TokenPolicies pulumi.StringArrayInput // The incremental lifetime for generated tokens in number of seconds. // Its current value will be referenced at renewal time. TokenTtl pulumi.IntPtrInput // The type of token that should be generated. Can be `service`, // `batch`, or `default` to use the mount's tuned default (which unless changed will be // `service` tokens). For token store roles, there are two additional possibilities: // `default-service` and `default-batch` which specify the type to return unless the client // requests a different type at generation time. TokenType pulumi.StringPtrInput // The TTL period of tokens issued // using this role, provided as a number of seconds. // // Deprecated: use `token_ttl` instead if you are running Vault >= 1.2 Ttl pulumi.StringPtrInput // Type of GCP authentication role (either `gce` or `iam`) Type pulumi.StringPtrInput }
func (AuthBackendRoleState) ElementType ¶
func (AuthBackendRoleState) ElementType() reflect.Type
type AuthBackendState ¶
type AuthBackendState struct { // The clients email associated with the credentials ClientEmail pulumi.StringPtrInput // The Client ID of the credentials ClientId pulumi.StringPtrInput // A JSON string containing the contents of a GCP credentials file. If this value is empty, Vault will try to use Application Default Credentials from the machine on which the Vault server is running. Credentials pulumi.StringPtrInput // A description of the auth method. Description pulumi.StringPtrInput // Specifies if the auth method is local only. Local pulumi.BoolPtrInput // The path to mount the auth method — this defaults to 'gcp'. Path pulumi.StringPtrInput // The ID of the private key from the credentials PrivateKeyId pulumi.StringPtrInput // The GCP Project ID ProjectId pulumi.StringPtrInput }
func (AuthBackendState) ElementType ¶
func (AuthBackendState) ElementType() reflect.Type
type SecretBackend ¶
type SecretBackend struct { pulumi.CustomResourceState // The GCP service account credentials in JSON format. Credentials pulumi.StringPtrOutput `pulumi:"credentials"` // The default TTL for credentials // issued by this backend. Defaults to '0'. DefaultLeaseTtlSeconds pulumi.IntPtrOutput `pulumi:"defaultLeaseTtlSeconds"` // A human-friendly description for this backend. Description pulumi.StringPtrOutput `pulumi:"description"` // Boolean flag that can be explicitly set to true to enforce local mount in HA environment Local pulumi.BoolPtrOutput `pulumi:"local"` // The maximum TTL that can be requested // for credentials issued by this backend. Defaults to '0'. MaxLeaseTtlSeconds pulumi.IntPtrOutput `pulumi:"maxLeaseTtlSeconds"` // The unique path this backend should be mounted at. Must // not begin or end with a `/`. Defaults to `gcp`. Path pulumi.StringPtrOutput `pulumi:"path"` }
func GetSecretBackend ¶
func GetSecretBackend(ctx *pulumi.Context, name string, id pulumi.IDInput, state *SecretBackendState, opts ...pulumi.ResourceOption) (*SecretBackend, error)
GetSecretBackend gets an existing SecretBackend resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewSecretBackend ¶
func NewSecretBackend(ctx *pulumi.Context, name string, args *SecretBackendArgs, opts ...pulumi.ResourceOption) (*SecretBackend, error)
NewSecretBackend registers a new resource with the given unique name, arguments, and options.
func (*SecretBackend) ElementType ¶ added in v3.0.2
func (*SecretBackend) ElementType() reflect.Type
func (*SecretBackend) ToSecretBackendOutput ¶ added in v3.0.2
func (i *SecretBackend) ToSecretBackendOutput() SecretBackendOutput
func (*SecretBackend) ToSecretBackendOutputWithContext ¶ added in v3.0.2
func (i *SecretBackend) ToSecretBackendOutputWithContext(ctx context.Context) SecretBackendOutput
func (*SecretBackend) ToSecretBackendPtrOutput ¶ added in v3.4.1
func (i *SecretBackend) ToSecretBackendPtrOutput() SecretBackendPtrOutput
func (*SecretBackend) ToSecretBackendPtrOutputWithContext ¶ added in v3.4.1
func (i *SecretBackend) ToSecretBackendPtrOutputWithContext(ctx context.Context) SecretBackendPtrOutput
type SecretBackendArgs ¶
type SecretBackendArgs struct { // The GCP service account credentials in JSON format. Credentials pulumi.StringPtrInput // The default TTL for credentials // issued by this backend. Defaults to '0'. DefaultLeaseTtlSeconds pulumi.IntPtrInput // A human-friendly description for this backend. Description pulumi.StringPtrInput // Boolean flag that can be explicitly set to true to enforce local mount in HA environment Local pulumi.BoolPtrInput // The maximum TTL that can be requested // for credentials issued by this backend. Defaults to '0'. MaxLeaseTtlSeconds pulumi.IntPtrInput // The unique path this backend should be mounted at. Must // not begin or end with a `/`. Defaults to `gcp`. Path pulumi.StringPtrInput }
The set of arguments for constructing a SecretBackend resource.
func (SecretBackendArgs) ElementType ¶
func (SecretBackendArgs) ElementType() reflect.Type
type SecretBackendArray ¶ added in v3.4.1
type SecretBackendArray []SecretBackendInput
func (SecretBackendArray) ElementType ¶ added in v3.4.1
func (SecretBackendArray) ElementType() reflect.Type
func (SecretBackendArray) ToSecretBackendArrayOutput ¶ added in v3.4.1
func (i SecretBackendArray) ToSecretBackendArrayOutput() SecretBackendArrayOutput
func (SecretBackendArray) ToSecretBackendArrayOutputWithContext ¶ added in v3.4.1
func (i SecretBackendArray) ToSecretBackendArrayOutputWithContext(ctx context.Context) SecretBackendArrayOutput
type SecretBackendArrayInput ¶ added in v3.4.1
type SecretBackendArrayInput interface { pulumi.Input ToSecretBackendArrayOutput() SecretBackendArrayOutput ToSecretBackendArrayOutputWithContext(context.Context) SecretBackendArrayOutput }
SecretBackendArrayInput is an input type that accepts SecretBackendArray and SecretBackendArrayOutput values. You can construct a concrete instance of `SecretBackendArrayInput` via:
SecretBackendArray{ SecretBackendArgs{...} }
type SecretBackendArrayOutput ¶ added in v3.4.1
type SecretBackendArrayOutput struct{ *pulumi.OutputState }
func (SecretBackendArrayOutput) ElementType ¶ added in v3.4.1
func (SecretBackendArrayOutput) ElementType() reflect.Type
func (SecretBackendArrayOutput) Index ¶ added in v3.4.1
func (o SecretBackendArrayOutput) Index(i pulumi.IntInput) SecretBackendOutput
func (SecretBackendArrayOutput) ToSecretBackendArrayOutput ¶ added in v3.4.1
func (o SecretBackendArrayOutput) ToSecretBackendArrayOutput() SecretBackendArrayOutput
func (SecretBackendArrayOutput) ToSecretBackendArrayOutputWithContext ¶ added in v3.4.1
func (o SecretBackendArrayOutput) ToSecretBackendArrayOutputWithContext(ctx context.Context) SecretBackendArrayOutput
type SecretBackendInput ¶ added in v3.0.2
type SecretBackendInput interface { pulumi.Input ToSecretBackendOutput() SecretBackendOutput ToSecretBackendOutputWithContext(ctx context.Context) SecretBackendOutput }
type SecretBackendMap ¶ added in v3.4.1
type SecretBackendMap map[string]SecretBackendInput
func (SecretBackendMap) ElementType ¶ added in v3.4.1
func (SecretBackendMap) ElementType() reflect.Type
func (SecretBackendMap) ToSecretBackendMapOutput ¶ added in v3.4.1
func (i SecretBackendMap) ToSecretBackendMapOutput() SecretBackendMapOutput
func (SecretBackendMap) ToSecretBackendMapOutputWithContext ¶ added in v3.4.1
func (i SecretBackendMap) ToSecretBackendMapOutputWithContext(ctx context.Context) SecretBackendMapOutput
type SecretBackendMapInput ¶ added in v3.4.1
type SecretBackendMapInput interface { pulumi.Input ToSecretBackendMapOutput() SecretBackendMapOutput ToSecretBackendMapOutputWithContext(context.Context) SecretBackendMapOutput }
SecretBackendMapInput is an input type that accepts SecretBackendMap and SecretBackendMapOutput values. You can construct a concrete instance of `SecretBackendMapInput` via:
SecretBackendMap{ "key": SecretBackendArgs{...} }
type SecretBackendMapOutput ¶ added in v3.4.1
type SecretBackendMapOutput struct{ *pulumi.OutputState }
func (SecretBackendMapOutput) ElementType ¶ added in v3.4.1
func (SecretBackendMapOutput) ElementType() reflect.Type
func (SecretBackendMapOutput) MapIndex ¶ added in v3.4.1
func (o SecretBackendMapOutput) MapIndex(k pulumi.StringInput) SecretBackendOutput
func (SecretBackendMapOutput) ToSecretBackendMapOutput ¶ added in v3.4.1
func (o SecretBackendMapOutput) ToSecretBackendMapOutput() SecretBackendMapOutput
func (SecretBackendMapOutput) ToSecretBackendMapOutputWithContext ¶ added in v3.4.1
func (o SecretBackendMapOutput) ToSecretBackendMapOutputWithContext(ctx context.Context) SecretBackendMapOutput
type SecretBackendOutput ¶ added in v3.0.2
type SecretBackendOutput struct {
*pulumi.OutputState
}
func (SecretBackendOutput) ElementType ¶ added in v3.0.2
func (SecretBackendOutput) ElementType() reflect.Type
func (SecretBackendOutput) ToSecretBackendOutput ¶ added in v3.0.2
func (o SecretBackendOutput) ToSecretBackendOutput() SecretBackendOutput
func (SecretBackendOutput) ToSecretBackendOutputWithContext ¶ added in v3.0.2
func (o SecretBackendOutput) ToSecretBackendOutputWithContext(ctx context.Context) SecretBackendOutput
func (SecretBackendOutput) ToSecretBackendPtrOutput ¶ added in v3.4.1
func (o SecretBackendOutput) ToSecretBackendPtrOutput() SecretBackendPtrOutput
func (SecretBackendOutput) ToSecretBackendPtrOutputWithContext ¶ added in v3.4.1
func (o SecretBackendOutput) ToSecretBackendPtrOutputWithContext(ctx context.Context) SecretBackendPtrOutput
type SecretBackendPtrInput ¶ added in v3.4.1
type SecretBackendPtrInput interface { pulumi.Input ToSecretBackendPtrOutput() SecretBackendPtrOutput ToSecretBackendPtrOutputWithContext(ctx context.Context) SecretBackendPtrOutput }
type SecretBackendPtrOutput ¶ added in v3.4.1
type SecretBackendPtrOutput struct {
*pulumi.OutputState
}
func (SecretBackendPtrOutput) ElementType ¶ added in v3.4.1
func (SecretBackendPtrOutput) ElementType() reflect.Type
func (SecretBackendPtrOutput) ToSecretBackendPtrOutput ¶ added in v3.4.1
func (o SecretBackendPtrOutput) ToSecretBackendPtrOutput() SecretBackendPtrOutput
func (SecretBackendPtrOutput) ToSecretBackendPtrOutputWithContext ¶ added in v3.4.1
func (o SecretBackendPtrOutput) ToSecretBackendPtrOutputWithContext(ctx context.Context) SecretBackendPtrOutput
type SecretBackendState ¶
type SecretBackendState struct { // The GCP service account credentials in JSON format. Credentials pulumi.StringPtrInput // The default TTL for credentials // issued by this backend. Defaults to '0'. DefaultLeaseTtlSeconds pulumi.IntPtrInput // A human-friendly description for this backend. Description pulumi.StringPtrInput // Boolean flag that can be explicitly set to true to enforce local mount in HA environment Local pulumi.BoolPtrInput // The maximum TTL that can be requested // for credentials issued by this backend. Defaults to '0'. MaxLeaseTtlSeconds pulumi.IntPtrInput // The unique path this backend should be mounted at. Must // not begin or end with a `/`. Defaults to `gcp`. Path pulumi.StringPtrInput }
func (SecretBackendState) ElementType ¶
func (SecretBackendState) ElementType() reflect.Type
type SecretRoleset ¶
type SecretRoleset struct { pulumi.CustomResourceState // Path where the GCP Secrets Engine is mounted Backend pulumi.StringOutput `pulumi:"backend"` // Bindings to create for this roleset. This can be specified multiple times for multiple bindings. Structure is documented below. Bindings SecretRolesetBindingArrayOutput `pulumi:"bindings"` // Name of the GCP project that this roleset's service account will belong to. Project pulumi.StringOutput `pulumi:"project"` // Name of the Roleset to create Roleset pulumi.StringOutput `pulumi:"roleset"` // Type of secret generated for this role set. Accepted values: `accessToken`, `serviceAccountKey`. Defaults to `accessToken`. SecretType pulumi.StringOutput `pulumi:"secretType"` // Email of the service account created by Vault for this Roleset ServiceAccountEmail pulumi.StringOutput `pulumi:"serviceAccountEmail"` // List of OAuth scopes to assign to `accessToken` secrets generated under this role set (`accessToken` role sets only). TokenScopes pulumi.StringArrayOutput `pulumi:"tokenScopes"` }
Creates a Roleset in the [GCP Secrets Engine](https://www.vaultproject.io/docs/secrets/gcp/index.html) for Vault.
Each Roleset is [tied](https://www.vaultproject.io/docs/secrets/gcp/index.html#service-accounts-are-tied-to-rolesets) to a Service Account, and can have one or more [bindings](https://www.vaultproject.io/docs/secrets/gcp/index.html#roleset-bindings) associated with it.
## Import
A roleset can be imported using its Vault Path. For example, referencing the example above,
```sh
$ pulumi import vault:gcp/secretRoleset:SecretRoleset roleset gcp/roleset/project_viewer
```
func GetSecretRoleset ¶
func GetSecretRoleset(ctx *pulumi.Context, name string, id pulumi.IDInput, state *SecretRolesetState, opts ...pulumi.ResourceOption) (*SecretRoleset, error)
GetSecretRoleset gets an existing SecretRoleset resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewSecretRoleset ¶
func NewSecretRoleset(ctx *pulumi.Context, name string, args *SecretRolesetArgs, opts ...pulumi.ResourceOption) (*SecretRoleset, error)
NewSecretRoleset registers a new resource with the given unique name, arguments, and options.
func (*SecretRoleset) ElementType ¶ added in v3.0.2
func (*SecretRoleset) ElementType() reflect.Type
func (*SecretRoleset) ToSecretRolesetOutput ¶ added in v3.0.2
func (i *SecretRoleset) ToSecretRolesetOutput() SecretRolesetOutput
func (*SecretRoleset) ToSecretRolesetOutputWithContext ¶ added in v3.0.2
func (i *SecretRoleset) ToSecretRolesetOutputWithContext(ctx context.Context) SecretRolesetOutput
func (*SecretRoleset) ToSecretRolesetPtrOutput ¶ added in v3.4.1
func (i *SecretRoleset) ToSecretRolesetPtrOutput() SecretRolesetPtrOutput
func (*SecretRoleset) ToSecretRolesetPtrOutputWithContext ¶ added in v3.4.1
func (i *SecretRoleset) ToSecretRolesetPtrOutputWithContext(ctx context.Context) SecretRolesetPtrOutput
type SecretRolesetArgs ¶
type SecretRolesetArgs struct { // Path where the GCP Secrets Engine is mounted Backend pulumi.StringInput // Bindings to create for this roleset. This can be specified multiple times for multiple bindings. Structure is documented below. Bindings SecretRolesetBindingArrayInput // Name of the GCP project that this roleset's service account will belong to. Project pulumi.StringInput // Name of the Roleset to create Roleset pulumi.StringInput // Type of secret generated for this role set. Accepted values: `accessToken`, `serviceAccountKey`. Defaults to `accessToken`. SecretType pulumi.StringPtrInput // List of OAuth scopes to assign to `accessToken` secrets generated under this role set (`accessToken` role sets only). TokenScopes pulumi.StringArrayInput }
The set of arguments for constructing a SecretRoleset resource.
func (SecretRolesetArgs) ElementType ¶
func (SecretRolesetArgs) ElementType() reflect.Type
type SecretRolesetArray ¶ added in v3.4.1
type SecretRolesetArray []SecretRolesetInput
func (SecretRolesetArray) ElementType ¶ added in v3.4.1
func (SecretRolesetArray) ElementType() reflect.Type
func (SecretRolesetArray) ToSecretRolesetArrayOutput ¶ added in v3.4.1
func (i SecretRolesetArray) ToSecretRolesetArrayOutput() SecretRolesetArrayOutput
func (SecretRolesetArray) ToSecretRolesetArrayOutputWithContext ¶ added in v3.4.1
func (i SecretRolesetArray) ToSecretRolesetArrayOutputWithContext(ctx context.Context) SecretRolesetArrayOutput
type SecretRolesetArrayInput ¶ added in v3.4.1
type SecretRolesetArrayInput interface { pulumi.Input ToSecretRolesetArrayOutput() SecretRolesetArrayOutput ToSecretRolesetArrayOutputWithContext(context.Context) SecretRolesetArrayOutput }
SecretRolesetArrayInput is an input type that accepts SecretRolesetArray and SecretRolesetArrayOutput values. You can construct a concrete instance of `SecretRolesetArrayInput` via:
SecretRolesetArray{ SecretRolesetArgs{...} }
type SecretRolesetArrayOutput ¶ added in v3.4.1
type SecretRolesetArrayOutput struct{ *pulumi.OutputState }
func (SecretRolesetArrayOutput) ElementType ¶ added in v3.4.1
func (SecretRolesetArrayOutput) ElementType() reflect.Type
func (SecretRolesetArrayOutput) Index ¶ added in v3.4.1
func (o SecretRolesetArrayOutput) Index(i pulumi.IntInput) SecretRolesetOutput
func (SecretRolesetArrayOutput) ToSecretRolesetArrayOutput ¶ added in v3.4.1
func (o SecretRolesetArrayOutput) ToSecretRolesetArrayOutput() SecretRolesetArrayOutput
func (SecretRolesetArrayOutput) ToSecretRolesetArrayOutputWithContext ¶ added in v3.4.1
func (o SecretRolesetArrayOutput) ToSecretRolesetArrayOutputWithContext(ctx context.Context) SecretRolesetArrayOutput
type SecretRolesetBinding ¶
type SecretRolesetBinding struct { // Resource or resource path for which IAM policy information will be bound. The resource path may be specified in a few different [formats](https://www.vaultproject.io/docs/secrets/gcp/index.html#roleset-bindings). Resource string `pulumi:"resource"` // List of [GCP IAM roles](https://cloud.google.com/iam/docs/understanding-roles) for the resource. Roles []string `pulumi:"roles"` }
type SecretRolesetBindingArgs ¶
type SecretRolesetBindingArgs struct { // Resource or resource path for which IAM policy information will be bound. The resource path may be specified in a few different [formats](https://www.vaultproject.io/docs/secrets/gcp/index.html#roleset-bindings). Resource pulumi.StringInput `pulumi:"resource"` // List of [GCP IAM roles](https://cloud.google.com/iam/docs/understanding-roles) for the resource. Roles pulumi.StringArrayInput `pulumi:"roles"` }
func (SecretRolesetBindingArgs) ElementType ¶
func (SecretRolesetBindingArgs) ElementType() reflect.Type
func (SecretRolesetBindingArgs) ToSecretRolesetBindingOutput ¶
func (i SecretRolesetBindingArgs) ToSecretRolesetBindingOutput() SecretRolesetBindingOutput
func (SecretRolesetBindingArgs) ToSecretRolesetBindingOutputWithContext ¶
func (i SecretRolesetBindingArgs) ToSecretRolesetBindingOutputWithContext(ctx context.Context) SecretRolesetBindingOutput
type SecretRolesetBindingArray ¶
type SecretRolesetBindingArray []SecretRolesetBindingInput
func (SecretRolesetBindingArray) ElementType ¶
func (SecretRolesetBindingArray) ElementType() reflect.Type
func (SecretRolesetBindingArray) ToSecretRolesetBindingArrayOutput ¶
func (i SecretRolesetBindingArray) ToSecretRolesetBindingArrayOutput() SecretRolesetBindingArrayOutput
func (SecretRolesetBindingArray) ToSecretRolesetBindingArrayOutputWithContext ¶
func (i SecretRolesetBindingArray) ToSecretRolesetBindingArrayOutputWithContext(ctx context.Context) SecretRolesetBindingArrayOutput
type SecretRolesetBindingArrayInput ¶
type SecretRolesetBindingArrayInput interface { pulumi.Input ToSecretRolesetBindingArrayOutput() SecretRolesetBindingArrayOutput ToSecretRolesetBindingArrayOutputWithContext(context.Context) SecretRolesetBindingArrayOutput }
SecretRolesetBindingArrayInput is an input type that accepts SecretRolesetBindingArray and SecretRolesetBindingArrayOutput values. You can construct a concrete instance of `SecretRolesetBindingArrayInput` via:
SecretRolesetBindingArray{ SecretRolesetBindingArgs{...} }
type SecretRolesetBindingArrayOutput ¶
type SecretRolesetBindingArrayOutput struct{ *pulumi.OutputState }
func (SecretRolesetBindingArrayOutput) ElementType ¶
func (SecretRolesetBindingArrayOutput) ElementType() reflect.Type
func (SecretRolesetBindingArrayOutput) Index ¶
func (o SecretRolesetBindingArrayOutput) Index(i pulumi.IntInput) SecretRolesetBindingOutput
func (SecretRolesetBindingArrayOutput) ToSecretRolesetBindingArrayOutput ¶
func (o SecretRolesetBindingArrayOutput) ToSecretRolesetBindingArrayOutput() SecretRolesetBindingArrayOutput
func (SecretRolesetBindingArrayOutput) ToSecretRolesetBindingArrayOutputWithContext ¶
func (o SecretRolesetBindingArrayOutput) ToSecretRolesetBindingArrayOutputWithContext(ctx context.Context) SecretRolesetBindingArrayOutput
type SecretRolesetBindingInput ¶
type SecretRolesetBindingInput interface { pulumi.Input ToSecretRolesetBindingOutput() SecretRolesetBindingOutput ToSecretRolesetBindingOutputWithContext(context.Context) SecretRolesetBindingOutput }
SecretRolesetBindingInput is an input type that accepts SecretRolesetBindingArgs and SecretRolesetBindingOutput values. You can construct a concrete instance of `SecretRolesetBindingInput` via:
SecretRolesetBindingArgs{...}
type SecretRolesetBindingOutput ¶
type SecretRolesetBindingOutput struct{ *pulumi.OutputState }
func (SecretRolesetBindingOutput) ElementType ¶
func (SecretRolesetBindingOutput) ElementType() reflect.Type
func (SecretRolesetBindingOutput) Resource ¶
func (o SecretRolesetBindingOutput) Resource() pulumi.StringOutput
Resource or resource path for which IAM policy information will be bound. The resource path may be specified in a few different [formats](https://www.vaultproject.io/docs/secrets/gcp/index.html#roleset-bindings).
func (SecretRolesetBindingOutput) Roles ¶
func (o SecretRolesetBindingOutput) Roles() pulumi.StringArrayOutput
List of [GCP IAM roles](https://cloud.google.com/iam/docs/understanding-roles) for the resource.
func (SecretRolesetBindingOutput) ToSecretRolesetBindingOutput ¶
func (o SecretRolesetBindingOutput) ToSecretRolesetBindingOutput() SecretRolesetBindingOutput
func (SecretRolesetBindingOutput) ToSecretRolesetBindingOutputWithContext ¶
func (o SecretRolesetBindingOutput) ToSecretRolesetBindingOutputWithContext(ctx context.Context) SecretRolesetBindingOutput
type SecretRolesetInput ¶ added in v3.0.2
type SecretRolesetInput interface { pulumi.Input ToSecretRolesetOutput() SecretRolesetOutput ToSecretRolesetOutputWithContext(ctx context.Context) SecretRolesetOutput }
type SecretRolesetMap ¶ added in v3.4.1
type SecretRolesetMap map[string]SecretRolesetInput
func (SecretRolesetMap) ElementType ¶ added in v3.4.1
func (SecretRolesetMap) ElementType() reflect.Type
func (SecretRolesetMap) ToSecretRolesetMapOutput ¶ added in v3.4.1
func (i SecretRolesetMap) ToSecretRolesetMapOutput() SecretRolesetMapOutput
func (SecretRolesetMap) ToSecretRolesetMapOutputWithContext ¶ added in v3.4.1
func (i SecretRolesetMap) ToSecretRolesetMapOutputWithContext(ctx context.Context) SecretRolesetMapOutput
type SecretRolesetMapInput ¶ added in v3.4.1
type SecretRolesetMapInput interface { pulumi.Input ToSecretRolesetMapOutput() SecretRolesetMapOutput ToSecretRolesetMapOutputWithContext(context.Context) SecretRolesetMapOutput }
SecretRolesetMapInput is an input type that accepts SecretRolesetMap and SecretRolesetMapOutput values. You can construct a concrete instance of `SecretRolesetMapInput` via:
SecretRolesetMap{ "key": SecretRolesetArgs{...} }
type SecretRolesetMapOutput ¶ added in v3.4.1
type SecretRolesetMapOutput struct{ *pulumi.OutputState }
func (SecretRolesetMapOutput) ElementType ¶ added in v3.4.1
func (SecretRolesetMapOutput) ElementType() reflect.Type
func (SecretRolesetMapOutput) MapIndex ¶ added in v3.4.1
func (o SecretRolesetMapOutput) MapIndex(k pulumi.StringInput) SecretRolesetOutput
func (SecretRolesetMapOutput) ToSecretRolesetMapOutput ¶ added in v3.4.1
func (o SecretRolesetMapOutput) ToSecretRolesetMapOutput() SecretRolesetMapOutput
func (SecretRolesetMapOutput) ToSecretRolesetMapOutputWithContext ¶ added in v3.4.1
func (o SecretRolesetMapOutput) ToSecretRolesetMapOutputWithContext(ctx context.Context) SecretRolesetMapOutput
type SecretRolesetOutput ¶ added in v3.0.2
type SecretRolesetOutput struct {
*pulumi.OutputState
}
func (SecretRolesetOutput) ElementType ¶ added in v3.0.2
func (SecretRolesetOutput) ElementType() reflect.Type
func (SecretRolesetOutput) ToSecretRolesetOutput ¶ added in v3.0.2
func (o SecretRolesetOutput) ToSecretRolesetOutput() SecretRolesetOutput
func (SecretRolesetOutput) ToSecretRolesetOutputWithContext ¶ added in v3.0.2
func (o SecretRolesetOutput) ToSecretRolesetOutputWithContext(ctx context.Context) SecretRolesetOutput
func (SecretRolesetOutput) ToSecretRolesetPtrOutput ¶ added in v3.4.1
func (o SecretRolesetOutput) ToSecretRolesetPtrOutput() SecretRolesetPtrOutput
func (SecretRolesetOutput) ToSecretRolesetPtrOutputWithContext ¶ added in v3.4.1
func (o SecretRolesetOutput) ToSecretRolesetPtrOutputWithContext(ctx context.Context) SecretRolesetPtrOutput
type SecretRolesetPtrInput ¶ added in v3.4.1
type SecretRolesetPtrInput interface { pulumi.Input ToSecretRolesetPtrOutput() SecretRolesetPtrOutput ToSecretRolesetPtrOutputWithContext(ctx context.Context) SecretRolesetPtrOutput }
type SecretRolesetPtrOutput ¶ added in v3.4.1
type SecretRolesetPtrOutput struct {
*pulumi.OutputState
}
func (SecretRolesetPtrOutput) ElementType ¶ added in v3.4.1
func (SecretRolesetPtrOutput) ElementType() reflect.Type
func (SecretRolesetPtrOutput) ToSecretRolesetPtrOutput ¶ added in v3.4.1
func (o SecretRolesetPtrOutput) ToSecretRolesetPtrOutput() SecretRolesetPtrOutput
func (SecretRolesetPtrOutput) ToSecretRolesetPtrOutputWithContext ¶ added in v3.4.1
func (o SecretRolesetPtrOutput) ToSecretRolesetPtrOutputWithContext(ctx context.Context) SecretRolesetPtrOutput
type SecretRolesetState ¶
type SecretRolesetState struct { // Path where the GCP Secrets Engine is mounted Backend pulumi.StringPtrInput // Bindings to create for this roleset. This can be specified multiple times for multiple bindings. Structure is documented below. Bindings SecretRolesetBindingArrayInput // Name of the GCP project that this roleset's service account will belong to. Project pulumi.StringPtrInput // Name of the Roleset to create Roleset pulumi.StringPtrInput // Type of secret generated for this role set. Accepted values: `accessToken`, `serviceAccountKey`. Defaults to `accessToken`. SecretType pulumi.StringPtrInput // Email of the service account created by Vault for this Roleset ServiceAccountEmail pulumi.StringPtrInput // List of OAuth scopes to assign to `accessToken` secrets generated under this role set (`accessToken` role sets only). TokenScopes pulumi.StringArrayInput }
func (SecretRolesetState) ElementType ¶
func (SecretRolesetState) ElementType() reflect.Type