gcp

package
v3.6.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 12, 2021 License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AuthBackend 

type AuthBackend struct {
	pulumi.CustomResourceState

	// The clients email associated with the credentials
	ClientEmail pulumi.StringOutput `pulumi:"clientEmail"`
	// The Client ID of the credentials
	ClientId pulumi.StringOutput `pulumi:"clientId"`
	// A JSON string containing the contents of a GCP credentials file. If this value is empty, Vault will try to use Application Default Credentials from the machine on which the Vault server is running.
	Credentials pulumi.StringPtrOutput `pulumi:"credentials"`
	// A description of the auth method.
	Description pulumi.StringPtrOutput `pulumi:"description"`
	// Specifies if the auth method is local only.
	Local pulumi.BoolPtrOutput `pulumi:"local"`
	// The path to mount the auth method — this defaults to 'gcp'.
	Path pulumi.StringPtrOutput `pulumi:"path"`
	// The ID of the private key from the credentials
	PrivateKeyId pulumi.StringOutput `pulumi:"privateKeyId"`
	// The GCP Project ID
	ProjectId pulumi.StringOutput `pulumi:"projectId"`
}

Provides a resource to configure the [GCP auth backend within Vault](https://www.vaultproject.io/docs/auth/gcp.html).

## Import

GCP authentication backends can be imported using the backend name, e.g.

```sh 

$ pulumi import vault:gcp/authBackend:AuthBackend gcp gcp

```

func GetAuthBackend 

func GetAuthBackend(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AuthBackendState, opts ...pulumi.ResourceOption) (*AuthBackend, error)

GetAuthBackend gets an existing AuthBackend resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAuthBackend 

func NewAuthBackend(ctx *pulumi.Context,
	name string, args *AuthBackendArgs, opts ...pulumi.ResourceOption) (*AuthBackend, error)

NewAuthBackend registers a new resource with the given unique name, arguments, and options.

func (*AuthBackend) ElementType added in v3.0.2 

func (*AuthBackend) ElementType() reflect.Type

func (*AuthBackend) ToAuthBackendOutput added in v3.0.2 

func (i *AuthBackend) ToAuthBackendOutput() AuthBackendOutput

func (*AuthBackend) ToAuthBackendOutputWithContext added in v3.0.2 

func (i *AuthBackend) ToAuthBackendOutputWithContext(ctx context.Context) AuthBackendOutput

func (*AuthBackend) ToAuthBackendPtrOutput added in v3.4.1 

func (i *AuthBackend) ToAuthBackendPtrOutput() AuthBackendPtrOutput

func (*AuthBackend) ToAuthBackendPtrOutputWithContext added in v3.4.1 

func (i *AuthBackend) ToAuthBackendPtrOutputWithContext(ctx context.Context) AuthBackendPtrOutput

type AuthBackendArgs 

type AuthBackendArgs struct {
	// The clients email associated with the credentials
	ClientEmail pulumi.StringPtrInput
	// The Client ID of the credentials
	ClientId pulumi.StringPtrInput
	// A JSON string containing the contents of a GCP credentials file. If this value is empty, Vault will try to use Application Default Credentials from the machine on which the Vault server is running.
	Credentials pulumi.StringPtrInput
	// A description of the auth method.
	Description pulumi.StringPtrInput
	// Specifies if the auth method is local only.
	Local pulumi.BoolPtrInput
	// The path to mount the auth method — this defaults to 'gcp'.
	Path pulumi.StringPtrInput
	// The ID of the private key from the credentials
	PrivateKeyId pulumi.StringPtrInput
	// The GCP Project ID
	ProjectId pulumi.StringPtrInput
}

The set of arguments for constructing a AuthBackend resource.

func (AuthBackendArgs) ElementType 

func (AuthBackendArgs) ElementType() reflect.Type

type AuthBackendArray added in v3.4.1 

type AuthBackendArray []AuthBackendInput

func (AuthBackendArray) ElementType added in v3.4.1 

func (AuthBackendArray) ElementType() reflect.Type

func (AuthBackendArray) ToAuthBackendArrayOutput added in v3.4.1 

func (i AuthBackendArray) ToAuthBackendArrayOutput() AuthBackendArrayOutput

func (AuthBackendArray) ToAuthBackendArrayOutputWithContext added in v3.4.1 

func (i AuthBackendArray) ToAuthBackendArrayOutputWithContext(ctx context.Context) AuthBackendArrayOutput

type AuthBackendArrayInput added in v3.4.1 

type AuthBackendArrayInput interface {
	pulumi.Input

	ToAuthBackendArrayOutput() AuthBackendArrayOutput
	ToAuthBackendArrayOutputWithContext(context.Context) AuthBackendArrayOutput
}

AuthBackendArrayInput is an input type that accepts AuthBackendArray and AuthBackendArrayOutput values. You can construct a concrete instance of `AuthBackendArrayInput` via: 

AuthBackendArray{ AuthBackendArgs{...} }

type AuthBackendArrayOutput added in v3.4.1 

type AuthBackendArrayOutput struct{ *pulumi.OutputState }

func (AuthBackendArrayOutput) ElementType added in v3.4.1 

func (AuthBackendArrayOutput) ElementType() reflect.Type

func (AuthBackendArrayOutput) Index added in v3.4.1 

func (o AuthBackendArrayOutput) Index(i pulumi.IntInput) AuthBackendOutput

func (AuthBackendArrayOutput) ToAuthBackendArrayOutput added in v3.4.1 

func (o AuthBackendArrayOutput) ToAuthBackendArrayOutput() AuthBackendArrayOutput

func (AuthBackendArrayOutput) ToAuthBackendArrayOutputWithContext added in v3.4.1 

func (o AuthBackendArrayOutput) ToAuthBackendArrayOutputWithContext(ctx context.Context) AuthBackendArrayOutput

type AuthBackendInput added in v3.0.2 

type AuthBackendInput interface {
	pulumi.Input

	ToAuthBackendOutput() AuthBackendOutput
	ToAuthBackendOutputWithContext(ctx context.Context) AuthBackendOutput
}

type AuthBackendMap added in v3.4.1 

type AuthBackendMap map[string]AuthBackendInput

func (AuthBackendMap) ElementType added in v3.4.1 

func (AuthBackendMap) ElementType() reflect.Type

func (AuthBackendMap) ToAuthBackendMapOutput added in v3.4.1 

func (i AuthBackendMap) ToAuthBackendMapOutput() AuthBackendMapOutput

func (AuthBackendMap) ToAuthBackendMapOutputWithContext added in v3.4.1 

func (i AuthBackendMap) ToAuthBackendMapOutputWithContext(ctx context.Context) AuthBackendMapOutput

type AuthBackendMapInput added in v3.4.1 

type AuthBackendMapInput interface {
	pulumi.Input

	ToAuthBackendMapOutput() AuthBackendMapOutput
	ToAuthBackendMapOutputWithContext(context.Context) AuthBackendMapOutput
}

AuthBackendMapInput is an input type that accepts AuthBackendMap and AuthBackendMapOutput values. You can construct a concrete instance of `AuthBackendMapInput` via: 

AuthBackendMap{ "key": AuthBackendArgs{...} }

type AuthBackendMapOutput added in v3.4.1 

type AuthBackendMapOutput struct{ *pulumi.OutputState }

func (AuthBackendMapOutput) ElementType added in v3.4.1 

func (AuthBackendMapOutput) ElementType() reflect.Type

func (AuthBackendMapOutput) MapIndex added in v3.4.1 

func (o AuthBackendMapOutput) MapIndex(k pulumi.StringInput) AuthBackendOutput

func (AuthBackendMapOutput) ToAuthBackendMapOutput added in v3.4.1 

func (o AuthBackendMapOutput) ToAuthBackendMapOutput() AuthBackendMapOutput

func (AuthBackendMapOutput) ToAuthBackendMapOutputWithContext added in v3.4.1 

func (o AuthBackendMapOutput) ToAuthBackendMapOutputWithContext(ctx context.Context) AuthBackendMapOutput

type AuthBackendOutput added in v3.0.2 

type AuthBackendOutput struct {
	*pulumi.OutputState
}

func (AuthBackendOutput) ElementType added in v3.0.2 

func (AuthBackendOutput) ElementType() reflect.Type

func (AuthBackendOutput) ToAuthBackendOutput added in v3.0.2 

func (o AuthBackendOutput) ToAuthBackendOutput() AuthBackendOutput

func (AuthBackendOutput) ToAuthBackendOutputWithContext added in v3.0.2 

func (o AuthBackendOutput) ToAuthBackendOutputWithContext(ctx context.Context) AuthBackendOutput

func (AuthBackendOutput) ToAuthBackendPtrOutput added in v3.4.1 

func (o AuthBackendOutput) ToAuthBackendPtrOutput() AuthBackendPtrOutput

func (AuthBackendOutput) ToAuthBackendPtrOutputWithContext added in v3.4.1 

func (o AuthBackendOutput) ToAuthBackendPtrOutputWithContext(ctx context.Context) AuthBackendPtrOutput

type AuthBackendPtrInput added in v3.4.1 

type AuthBackendPtrInput interface {
	pulumi.Input

	ToAuthBackendPtrOutput() AuthBackendPtrOutput
	ToAuthBackendPtrOutputWithContext(ctx context.Context) AuthBackendPtrOutput
}

type AuthBackendPtrOutput added in v3.4.1 

type AuthBackendPtrOutput struct {
	*pulumi.OutputState
}

func (AuthBackendPtrOutput) ElementType added in v3.4.1 

func (AuthBackendPtrOutput) ElementType() reflect.Type

func (AuthBackendPtrOutput) ToAuthBackendPtrOutput added in v3.4.1 

func (o AuthBackendPtrOutput) ToAuthBackendPtrOutput() AuthBackendPtrOutput

func (AuthBackendPtrOutput) ToAuthBackendPtrOutputWithContext added in v3.4.1 

func (o AuthBackendPtrOutput) ToAuthBackendPtrOutputWithContext(ctx context.Context) AuthBackendPtrOutput

type AuthBackendRole 

type AuthBackendRole struct {
	pulumi.CustomResourceState

	AddGroupAliases pulumi.BoolOutput `pulumi:"addGroupAliases"`
	// A flag to determine if this role should allow GCE instances to authenticate by inferring service accounts from the GCE identity metadata token.
	AllowGceInference pulumi.BoolOutput `pulumi:"allowGceInference"`
	// Path to the mounted GCP auth backend
	Backend pulumi.StringPtrOutput `pulumi:"backend"`
	// The instance groups that an authorized instance must belong to in order to be authenticated. If specified, either `boundZones` or `boundRegions` must be set too.
	BoundInstanceGroups pulumi.StringArrayOutput `pulumi:"boundInstanceGroups"`
	// A comma-separated list of GCP labels formatted as `"key:value"` strings that must be set on authorized GCE instances. Because GCP labels are not currently ACL'd, we recommend that this be used in conjunction with other restrictions.
	BoundLabels pulumi.StringArrayOutput `pulumi:"boundLabels"`
	// GCP Projects that the role exists within
	BoundProjects pulumi.StringArrayOutput `pulumi:"boundProjects"`
	// The list of regions that a GCE instance must belong to in order to be authenticated. If boundInstanceGroups is provided, it is assumed to be a regional group and the group must belong to this region. If boundZones are provided, this attribute is ignored.
	BoundRegions pulumi.StringArrayOutput `pulumi:"boundRegions"`
	// GCP Service Accounts allowed to issue tokens under this role. (Note: **Required** if role is `iam`)
	BoundServiceAccounts pulumi.StringArrayOutput `pulumi:"boundServiceAccounts"`
	// The list of zones that a GCE instance must belong to in order to be authenticated. If boundInstanceGroups is provided, it is assumed to be a zonal group and the group must belong to this zone.
	BoundZones pulumi.StringArrayOutput `pulumi:"boundZones"`
	// The number of seconds past the time of authentication that the login param JWT must expire within. For example, if a user attempts to login with a token that expires within an hour and this is set to 15 minutes, Vault will return an error prompting the user to create a new signed JWT with a shorter `exp`. The GCE metadata tokens currently do not allow the `exp` claim to be customized.
	MaxJwtExp pulumi.StringOutput `pulumi:"maxJwtExp"`
	// The maximum allowed lifetime of tokens
	// issued using this role, provided as a number of seconds.
	//
	// Deprecated: use `token_max_ttl` instead if you are running Vault >= 1.2
	MaxTtl pulumi.StringOutput `pulumi:"maxTtl"`
	// If set, indicates that the
	// token generated using this role should never expire. The token should be renewed within the
	// duration specified by this value. At each renewal, the token's TTL will be set to the
	// value of this field. Specified in seconds.
	//
	// Deprecated: use `token_period` instead if you are running Vault >= 1.2
	Period pulumi.StringOutput `pulumi:"period"`
	// An array of strings
	// specifying the policies to be set on tokens issued using this role.
	//
	// Deprecated: use `token_policies` instead if you are running Vault >= 1.2
	Policies pulumi.StringArrayOutput `pulumi:"policies"`
	// Name of the GCP role
	Role pulumi.StringOutput `pulumi:"role"`
	// List of CIDR blocks; if set, specifies blocks of IP
	// addresses which can authenticate successfully, and ties the resulting token to these blocks
	// as well.
	TokenBoundCidrs pulumi.StringArrayOutput `pulumi:"tokenBoundCidrs"`
	// If set, will encode an
	// [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
	// onto the token in number of seconds. This is a hard cap even if `tokenTtl` and
	// `tokenMaxTtl` would otherwise allow a renewal.
	TokenExplicitMaxTtl pulumi.IntPtrOutput `pulumi:"tokenExplicitMaxTtl"`
	// The maximum lifetime for generated tokens in number of seconds.
	// Its current value will be referenced at renewal time.
	TokenMaxTtl pulumi.IntPtrOutput `pulumi:"tokenMaxTtl"`
	// If set, the default policy will not be set on
	// generated tokens; otherwise it will be added to the policies set in token_policies.
	TokenNoDefaultPolicy pulumi.BoolPtrOutput `pulumi:"tokenNoDefaultPolicy"`
	// The
	// [period](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls),
	// if any, in number of seconds to set on the token.
	TokenNumUses pulumi.IntPtrOutput `pulumi:"tokenNumUses"`
	// If set, indicates that the
	// token generated using this role should never expire. The token should be renewed within the
	// duration specified by this value. At each renewal, the token's TTL will be set to the
	// value of this field. Specified in seconds.
	TokenPeriod pulumi.IntPtrOutput `pulumi:"tokenPeriod"`
	// List of policies to encode onto generated tokens. Depending
	// on the auth method, this list may be supplemented by user/group/other values.
	TokenPolicies pulumi.StringArrayOutput `pulumi:"tokenPolicies"`
	// The incremental lifetime for generated tokens in number of seconds.
	// Its current value will be referenced at renewal time.
	TokenTtl pulumi.IntPtrOutput `pulumi:"tokenTtl"`
	// The type of token that should be generated. Can be `service`,
	// `batch`, or `default` to use the mount's tuned default (which unless changed will be
	// `service` tokens). For token store roles, there are two additional possibilities:
	// `default-service` and `default-batch` which specify the type to return unless the client
	// requests a different type at generation time.
	TokenType pulumi.StringPtrOutput `pulumi:"tokenType"`
	// The TTL period of tokens issued
	// using this role, provided as a number of seconds.
	//
	// Deprecated: use `token_ttl` instead if you are running Vault >= 1.2
	Ttl pulumi.StringOutput `pulumi:"ttl"`
	// Type of GCP authentication role (either `gce` or `iam`)
	Type pulumi.StringOutput `pulumi:"type"`
}

Provides a resource to create a role in an [GCP auth backend within Vault](https://www.vaultproject.io/docs/auth/gcp.html).

## Import

GCP authentication roles can be imported using the `path`, e.g.

```sh 

$ pulumi import vault:gcp/authBackendRole:AuthBackendRole my_role auth/gcp/role/my_role

```

func GetAuthBackendRole 

func GetAuthBackendRole(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AuthBackendRoleState, opts ...pulumi.ResourceOption) (*AuthBackendRole, error)

GetAuthBackendRole gets an existing AuthBackendRole resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAuthBackendRole 

func NewAuthBackendRole(ctx *pulumi.Context,
	name string, args *AuthBackendRoleArgs, opts ...pulumi.ResourceOption) (*AuthBackendRole, error)

NewAuthBackendRole registers a new resource with the given unique name, arguments, and options.

func (*AuthBackendRole) ElementType added in v3.0.2 

func (*AuthBackendRole) ElementType() reflect.Type

func (*AuthBackendRole) ToAuthBackendRoleOutput added in v3.0.2 

func (i *AuthBackendRole) ToAuthBackendRoleOutput() AuthBackendRoleOutput

func (*AuthBackendRole) ToAuthBackendRoleOutputWithContext added in v3.0.2 

func (i *AuthBackendRole) ToAuthBackendRoleOutputWithContext(ctx context.Context) AuthBackendRoleOutput

func (*AuthBackendRole) ToAuthBackendRolePtrOutput added in v3.4.1 

func (i *AuthBackendRole) ToAuthBackendRolePtrOutput() AuthBackendRolePtrOutput

func (*AuthBackendRole) ToAuthBackendRolePtrOutputWithContext added in v3.4.1 

func (i *AuthBackendRole) ToAuthBackendRolePtrOutputWithContext(ctx context.Context) AuthBackendRolePtrOutput

type AuthBackendRoleArgs 

type AuthBackendRoleArgs struct {
	AddGroupAliases pulumi.BoolPtrInput
	// A flag to determine if this role should allow GCE instances to authenticate by inferring service accounts from the GCE identity metadata token.
	AllowGceInference pulumi.BoolPtrInput
	// Path to the mounted GCP auth backend
	Backend pulumi.StringPtrInput
	// The instance groups that an authorized instance must belong to in order to be authenticated. If specified, either `boundZones` or `boundRegions` must be set too.
	BoundInstanceGroups pulumi.StringArrayInput
	// A comma-separated list of GCP labels formatted as `"key:value"` strings that must be set on authorized GCE instances. Because GCP labels are not currently ACL'd, we recommend that this be used in conjunction with other restrictions.
	BoundLabels pulumi.StringArrayInput
	// GCP Projects that the role exists within
	BoundProjects pulumi.StringArrayInput
	// The list of regions that a GCE instance must belong to in order to be authenticated. If boundInstanceGroups is provided, it is assumed to be a regional group and the group must belong to this region. If boundZones are provided, this attribute is ignored.
	BoundRegions pulumi.StringArrayInput
	// GCP Service Accounts allowed to issue tokens under this role. (Note: **Required** if role is `iam`)
	BoundServiceAccounts pulumi.StringArrayInput
	// The list of zones that a GCE instance must belong to in order to be authenticated. If boundInstanceGroups is provided, it is assumed to be a zonal group and the group must belong to this zone.
	BoundZones pulumi.StringArrayInput
	// The number of seconds past the time of authentication that the login param JWT must expire within. For example, if a user attempts to login with a token that expires within an hour and this is set to 15 minutes, Vault will return an error prompting the user to create a new signed JWT with a shorter `exp`. The GCE metadata tokens currently do not allow the `exp` claim to be customized.
	MaxJwtExp pulumi.StringPtrInput
	// The maximum allowed lifetime of tokens
	// issued using this role, provided as a number of seconds.
	//
	// Deprecated: use `token_max_ttl` instead if you are running Vault >= 1.2
	MaxTtl pulumi.StringPtrInput
	// If set, indicates that the
	// token generated using this role should never expire. The token should be renewed within the
	// duration specified by this value. At each renewal, the token's TTL will be set to the
	// value of this field. Specified in seconds.
	//
	// Deprecated: use `token_period` instead if you are running Vault >= 1.2
	Period pulumi.StringPtrInput
	// An array of strings
	// specifying the policies to be set on tokens issued using this role.
	//
	// Deprecated: use `token_policies` instead if you are running Vault >= 1.2
	Policies pulumi.StringArrayInput
	// Name of the GCP role
	Role pulumi.StringInput
	// List of CIDR blocks; if set, specifies blocks of IP
	// addresses which can authenticate successfully, and ties the resulting token to these blocks
	// as well.
	TokenBoundCidrs pulumi.StringArrayInput
	// If set, will encode an
	// [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
	// onto the token in number of seconds. This is a hard cap even if `tokenTtl` and
	// `tokenMaxTtl` would otherwise allow a renewal.
	TokenExplicitMaxTtl pulumi.IntPtrInput
	// The maximum lifetime for generated tokens in number of seconds.
	// Its current value will be referenced at renewal time.
	TokenMaxTtl pulumi.IntPtrInput
	// If set, the default policy will not be set on
	// generated tokens; otherwise it will be added to the policies set in token_policies.
	TokenNoDefaultPolicy pulumi.BoolPtrInput
	// The
	// [period](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls),
	// if any, in number of seconds to set on the token.
	TokenNumUses pulumi.IntPtrInput
	// If set, indicates that the
	// token generated using this role should never expire. The token should be renewed within the
	// duration specified by this value. At each renewal, the token's TTL will be set to the
	// value of this field. Specified in seconds.
	TokenPeriod pulumi.IntPtrInput
	// List of policies to encode onto generated tokens. Depending
	// on the auth method, this list may be supplemented by user/group/other values.
	TokenPolicies pulumi.StringArrayInput
	// The incremental lifetime for generated tokens in number of seconds.
	// Its current value will be referenced at renewal time.
	TokenTtl pulumi.IntPtrInput
	// The type of token that should be generated. Can be `service`,
	// `batch`, or `default` to use the mount's tuned default (which unless changed will be
	// `service` tokens). For token store roles, there are two additional possibilities:
	// `default-service` and `default-batch` which specify the type to return unless the client
	// requests a different type at generation time.
	TokenType pulumi.StringPtrInput
	// The TTL period of tokens issued
	// using this role, provided as a number of seconds.
	//
	// Deprecated: use `token_ttl` instead if you are running Vault >= 1.2
	Ttl pulumi.StringPtrInput
	// Type of GCP authentication role (either `gce` or `iam`)
	Type pulumi.StringInput
}

The set of arguments for constructing a AuthBackendRole resource.

func (AuthBackendRoleArgs) ElementType 

func (AuthBackendRoleArgs) ElementType() reflect.Type

type AuthBackendRoleArray added in v3.4.1 

type AuthBackendRoleArray []AuthBackendRoleInput

func (AuthBackendRoleArray) ElementType added in v3.4.1 

func (AuthBackendRoleArray) ElementType() reflect.Type

func (AuthBackendRoleArray) ToAuthBackendRoleArrayOutput added in v3.4.1 

func (i AuthBackendRoleArray) ToAuthBackendRoleArrayOutput() AuthBackendRoleArrayOutput

func (AuthBackendRoleArray) ToAuthBackendRoleArrayOutputWithContext added in v3.4.1 

func (i AuthBackendRoleArray) ToAuthBackendRoleArrayOutputWithContext(ctx context.Context) AuthBackendRoleArrayOutput

type AuthBackendRoleArrayInput added in v3.4.1 

type AuthBackendRoleArrayInput interface {
	pulumi.Input

	ToAuthBackendRoleArrayOutput() AuthBackendRoleArrayOutput
	ToAuthBackendRoleArrayOutputWithContext(context.Context) AuthBackendRoleArrayOutput
}

AuthBackendRoleArrayInput is an input type that accepts AuthBackendRoleArray and AuthBackendRoleArrayOutput values. You can construct a concrete instance of `AuthBackendRoleArrayInput` via: 

AuthBackendRoleArray{ AuthBackendRoleArgs{...} }

type AuthBackendRoleArrayOutput added in v3.4.1 

type AuthBackendRoleArrayOutput struct{ *pulumi.OutputState }

func (AuthBackendRoleArrayOutput) ElementType added in v3.4.1 

func (AuthBackendRoleArrayOutput) ElementType() reflect.Type

func (AuthBackendRoleArrayOutput) Index added in v3.4.1 

func (o AuthBackendRoleArrayOutput) Index(i pulumi.IntInput) AuthBackendRoleOutput

func (AuthBackendRoleArrayOutput) ToAuthBackendRoleArrayOutput added in v3.4.1 

func (o AuthBackendRoleArrayOutput) ToAuthBackendRoleArrayOutput() AuthBackendRoleArrayOutput

func (AuthBackendRoleArrayOutput) ToAuthBackendRoleArrayOutputWithContext added in v3.4.1 

func (o AuthBackendRoleArrayOutput) ToAuthBackendRoleArrayOutputWithContext(ctx context.Context) AuthBackendRoleArrayOutput

type AuthBackendRoleInput added in v3.0.2 

type AuthBackendRoleInput interface {
	pulumi.Input

	ToAuthBackendRoleOutput() AuthBackendRoleOutput
	ToAuthBackendRoleOutputWithContext(ctx context.Context) AuthBackendRoleOutput
}

type AuthBackendRoleMap added in v3.4.1 

type AuthBackendRoleMap map[string]AuthBackendRoleInput

func (AuthBackendRoleMap) ElementType added in v3.4.1 

func (AuthBackendRoleMap) ElementType() reflect.Type

func (AuthBackendRoleMap) ToAuthBackendRoleMapOutput added in v3.4.1 

func (i AuthBackendRoleMap) ToAuthBackendRoleMapOutput() AuthBackendRoleMapOutput

func (AuthBackendRoleMap) ToAuthBackendRoleMapOutputWithContext added in v3.4.1 

func (i AuthBackendRoleMap) ToAuthBackendRoleMapOutputWithContext(ctx context.Context) AuthBackendRoleMapOutput

type AuthBackendRoleMapInput added in v3.4.1 

type AuthBackendRoleMapInput interface {
	pulumi.Input

	ToAuthBackendRoleMapOutput() AuthBackendRoleMapOutput
	ToAuthBackendRoleMapOutputWithContext(context.Context) AuthBackendRoleMapOutput
}

AuthBackendRoleMapInput is an input type that accepts AuthBackendRoleMap and AuthBackendRoleMapOutput values. You can construct a concrete instance of `AuthBackendRoleMapInput` via: 

AuthBackendRoleMap{ "key": AuthBackendRoleArgs{...} }

type AuthBackendRoleMapOutput added in v3.4.1 

type AuthBackendRoleMapOutput struct{ *pulumi.OutputState }

func (AuthBackendRoleMapOutput) ElementType added in v3.4.1 

func (AuthBackendRoleMapOutput) ElementType() reflect.Type

func (AuthBackendRoleMapOutput) MapIndex added in v3.4.1 

func (o AuthBackendRoleMapOutput) MapIndex(k pulumi.StringInput) AuthBackendRoleOutput

func (AuthBackendRoleMapOutput) ToAuthBackendRoleMapOutput added in v3.4.1 

func (o AuthBackendRoleMapOutput) ToAuthBackendRoleMapOutput() AuthBackendRoleMapOutput

func (AuthBackendRoleMapOutput) ToAuthBackendRoleMapOutputWithContext added in v3.4.1 

func (o AuthBackendRoleMapOutput) ToAuthBackendRoleMapOutputWithContext(ctx context.Context) AuthBackendRoleMapOutput

type AuthBackendRoleOutput added in v3.0.2 

type AuthBackendRoleOutput struct {
	*pulumi.OutputState
}

func (AuthBackendRoleOutput) ElementType added in v3.0.2 

func (AuthBackendRoleOutput) ElementType() reflect.Type

func (AuthBackendRoleOutput) ToAuthBackendRoleOutput added in v3.0.2 

func (o AuthBackendRoleOutput) ToAuthBackendRoleOutput() AuthBackendRoleOutput

func (AuthBackendRoleOutput) ToAuthBackendRoleOutputWithContext added in v3.0.2 

func (o AuthBackendRoleOutput) ToAuthBackendRoleOutputWithContext(ctx context.Context) AuthBackendRoleOutput

func (AuthBackendRoleOutput) ToAuthBackendRolePtrOutput added in v3.4.1 

func (o AuthBackendRoleOutput) ToAuthBackendRolePtrOutput() AuthBackendRolePtrOutput

func (AuthBackendRoleOutput) ToAuthBackendRolePtrOutputWithContext added in v3.4.1 

func (o AuthBackendRoleOutput) ToAuthBackendRolePtrOutputWithContext(ctx context.Context) AuthBackendRolePtrOutput

type AuthBackendRolePtrInput added in v3.4.1 

type AuthBackendRolePtrInput interface {
	pulumi.Input

	ToAuthBackendRolePtrOutput() AuthBackendRolePtrOutput
	ToAuthBackendRolePtrOutputWithContext(ctx context.Context) AuthBackendRolePtrOutput
}

type AuthBackendRolePtrOutput added in v3.4.1 

type AuthBackendRolePtrOutput struct {
	*pulumi.OutputState
}

func (AuthBackendRolePtrOutput) ElementType added in v3.4.1 

func (AuthBackendRolePtrOutput) ElementType() reflect.Type

func (AuthBackendRolePtrOutput) ToAuthBackendRolePtrOutput added in v3.4.1 

func (o AuthBackendRolePtrOutput) ToAuthBackendRolePtrOutput() AuthBackendRolePtrOutput

func (AuthBackendRolePtrOutput) ToAuthBackendRolePtrOutputWithContext added in v3.4.1 

func (o AuthBackendRolePtrOutput) ToAuthBackendRolePtrOutputWithContext(ctx context.Context) AuthBackendRolePtrOutput

type AuthBackendRoleState 

type AuthBackendRoleState struct {
	AddGroupAliases pulumi.BoolPtrInput
	// A flag to determine if this role should allow GCE instances to authenticate by inferring service accounts from the GCE identity metadata token.
	AllowGceInference pulumi.BoolPtrInput
	// Path to the mounted GCP auth backend
	Backend pulumi.StringPtrInput
	// The instance groups that an authorized instance must belong to in order to be authenticated. If specified, either `boundZones` or `boundRegions` must be set too.
	BoundInstanceGroups pulumi.StringArrayInput
	// A comma-separated list of GCP labels formatted as `"key:value"` strings that must be set on authorized GCE instances. Because GCP labels are not currently ACL'd, we recommend that this be used in conjunction with other restrictions.
	BoundLabels pulumi.StringArrayInput
	// GCP Projects that the role exists within
	BoundProjects pulumi.StringArrayInput
	// The list of regions that a GCE instance must belong to in order to be authenticated. If boundInstanceGroups is provided, it is assumed to be a regional group and the group must belong to this region. If boundZones are provided, this attribute is ignored.
	BoundRegions pulumi.StringArrayInput
	// GCP Service Accounts allowed to issue tokens under this role. (Note: **Required** if role is `iam`)
	BoundServiceAccounts pulumi.StringArrayInput
	// The list of zones that a GCE instance must belong to in order to be authenticated. If boundInstanceGroups is provided, it is assumed to be a zonal group and the group must belong to this zone.
	BoundZones pulumi.StringArrayInput
	// The number of seconds past the time of authentication that the login param JWT must expire within. For example, if a user attempts to login with a token that expires within an hour and this is set to 15 minutes, Vault will return an error prompting the user to create a new signed JWT with a shorter `exp`. The GCE metadata tokens currently do not allow the `exp` claim to be customized.
	MaxJwtExp pulumi.StringPtrInput
	// The maximum allowed lifetime of tokens
	// issued using this role, provided as a number of seconds.
	//
	// Deprecated: use `token_max_ttl` instead if you are running Vault >= 1.2
	MaxTtl pulumi.StringPtrInput
	// If set, indicates that the
	// token generated using this role should never expire. The token should be renewed within the
	// duration specified by this value. At each renewal, the token's TTL will be set to the
	// value of this field. Specified in seconds.
	//
	// Deprecated: use `token_period` instead if you are running Vault >= 1.2
	Period pulumi.StringPtrInput
	// An array of strings
	// specifying the policies to be set on tokens issued using this role.
	//
	// Deprecated: use `token_policies` instead if you are running Vault >= 1.2
	Policies pulumi.StringArrayInput
	// Name of the GCP role
	Role pulumi.StringPtrInput
	// List of CIDR blocks; if set, specifies blocks of IP
	// addresses which can authenticate successfully, and ties the resulting token to these blocks
	// as well.
	TokenBoundCidrs pulumi.StringArrayInput
	// If set, will encode an
	// [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
	// onto the token in number of seconds. This is a hard cap even if `tokenTtl` and
	// `tokenMaxTtl` would otherwise allow a renewal.
	TokenExplicitMaxTtl pulumi.IntPtrInput
	// The maximum lifetime for generated tokens in number of seconds.
	// Its current value will be referenced at renewal time.
	TokenMaxTtl pulumi.IntPtrInput
	// If set, the default policy will not be set on
	// generated tokens; otherwise it will be added to the policies set in token_policies.
	TokenNoDefaultPolicy pulumi.BoolPtrInput
	// The
	// [period](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls),
	// if any, in number of seconds to set on the token.
	TokenNumUses pulumi.IntPtrInput
	// If set, indicates that the
	// token generated using this role should never expire. The token should be renewed within the
	// duration specified by this value. At each renewal, the token's TTL will be set to the
	// value of this field. Specified in seconds.
	TokenPeriod pulumi.IntPtrInput
	// List of policies to encode onto generated tokens. Depending
	// on the auth method, this list may be supplemented by user/group/other values.
	TokenPolicies pulumi.StringArrayInput
	// The incremental lifetime for generated tokens in number of seconds.
	// Its current value will be referenced at renewal time.
	TokenTtl pulumi.IntPtrInput
	// The type of token that should be generated. Can be `service`,
	// `batch`, or `default` to use the mount's tuned default (which unless changed will be
	// `service` tokens). For token store roles, there are two additional possibilities:
	// `default-service` and `default-batch` which specify the type to return unless the client
	// requests a different type at generation time.
	TokenType pulumi.StringPtrInput
	// The TTL period of tokens issued
	// using this role, provided as a number of seconds.
	//
	// Deprecated: use `token_ttl` instead if you are running Vault >= 1.2
	Ttl pulumi.StringPtrInput
	// Type of GCP authentication role (either `gce` or `iam`)
	Type pulumi.StringPtrInput
}

func (AuthBackendRoleState) ElementType 

func (AuthBackendRoleState) ElementType() reflect.Type

type AuthBackendState 

type AuthBackendState struct {
	// The clients email associated with the credentials
	ClientEmail pulumi.StringPtrInput
	// The Client ID of the credentials
	ClientId pulumi.StringPtrInput
	// A JSON string containing the contents of a GCP credentials file. If this value is empty, Vault will try to use Application Default Credentials from the machine on which the Vault server is running.
	Credentials pulumi.StringPtrInput
	// A description of the auth method.
	Description pulumi.StringPtrInput
	// Specifies if the auth method is local only.
	Local pulumi.BoolPtrInput
	// The path to mount the auth method — this defaults to 'gcp'.
	Path pulumi.StringPtrInput
	// The ID of the private key from the credentials
	PrivateKeyId pulumi.StringPtrInput
	// The GCP Project ID
	ProjectId pulumi.StringPtrInput
}

func (AuthBackendState) ElementType 

func (AuthBackendState) ElementType() reflect.Type

type SecretBackend 

type SecretBackend struct {
	pulumi.CustomResourceState

	// The GCP service account credentials in JSON format.
	Credentials pulumi.StringPtrOutput `pulumi:"credentials"`
	// The default TTL for credentials
	// issued by this backend. Defaults to '0'.
	DefaultLeaseTtlSeconds pulumi.IntPtrOutput `pulumi:"defaultLeaseTtlSeconds"`
	// A human-friendly description for this backend.
	Description pulumi.StringPtrOutput `pulumi:"description"`
	// Boolean flag that can be explicitly set to true to enforce local mount in HA environment
	Local pulumi.BoolPtrOutput `pulumi:"local"`
	// The maximum TTL that can be requested
	// for credentials issued by this backend. Defaults to '0'.
	MaxLeaseTtlSeconds pulumi.IntPtrOutput `pulumi:"maxLeaseTtlSeconds"`
	// The unique path this backend should be mounted at. Must
	// not begin or end with a `/`. Defaults to `gcp`.
	Path pulumi.StringPtrOutput `pulumi:"path"`
}

func GetSecretBackend 

func GetSecretBackend(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *SecretBackendState, opts ...pulumi.ResourceOption) (*SecretBackend, error)

GetSecretBackend gets an existing SecretBackend resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewSecretBackend 

func NewSecretBackend(ctx *pulumi.Context,
	name string, args *SecretBackendArgs, opts ...pulumi.ResourceOption) (*SecretBackend, error)

NewSecretBackend registers a new resource with the given unique name, arguments, and options.

func (*SecretBackend) ElementType added in v3.0.2 

func (*SecretBackend) ElementType() reflect.Type

func (*SecretBackend) ToSecretBackendOutput added in v3.0.2 

func (i *SecretBackend) ToSecretBackendOutput() SecretBackendOutput

func (*SecretBackend) ToSecretBackendOutputWithContext added in v3.0.2 

func (i *SecretBackend) ToSecretBackendOutputWithContext(ctx context.Context) SecretBackendOutput

func (*SecretBackend) ToSecretBackendPtrOutput added in v3.4.1 

func (i *SecretBackend) ToSecretBackendPtrOutput() SecretBackendPtrOutput

func (*SecretBackend) ToSecretBackendPtrOutputWithContext added in v3.4.1 

func (i *SecretBackend) ToSecretBackendPtrOutputWithContext(ctx context.Context) SecretBackendPtrOutput

type SecretBackendArgs 

type SecretBackendArgs struct {
	// The GCP service account credentials in JSON format.
	Credentials pulumi.StringPtrInput
	// The default TTL for credentials
	// issued by this backend. Defaults to '0'.
	DefaultLeaseTtlSeconds pulumi.IntPtrInput
	// A human-friendly description for this backend.
	Description pulumi.StringPtrInput
	// Boolean flag that can be explicitly set to true to enforce local mount in HA environment
	Local pulumi.BoolPtrInput
	// The maximum TTL that can be requested
	// for credentials issued by this backend. Defaults to '0'.
	MaxLeaseTtlSeconds pulumi.IntPtrInput
	// The unique path this backend should be mounted at. Must
	// not begin or end with a `/`. Defaults to `gcp`.
	Path pulumi.StringPtrInput
}

The set of arguments for constructing a SecretBackend resource.

func (SecretBackendArgs) ElementType 

func (SecretBackendArgs) ElementType() reflect.Type

type SecretBackendArray added in v3.4.1 

type SecretBackendArray []SecretBackendInput

func (SecretBackendArray) ElementType added in v3.4.1 

func (SecretBackendArray) ElementType() reflect.Type

func (SecretBackendArray) ToSecretBackendArrayOutput added in v3.4.1 

func (i SecretBackendArray) ToSecretBackendArrayOutput() SecretBackendArrayOutput

func (SecretBackendArray) ToSecretBackendArrayOutputWithContext added in v3.4.1 

func (i SecretBackendArray) ToSecretBackendArrayOutputWithContext(ctx context.Context) SecretBackendArrayOutput

type SecretBackendArrayInput added in v3.4.1 

type SecretBackendArrayInput interface {
	pulumi.Input

	ToSecretBackendArrayOutput() SecretBackendArrayOutput
	ToSecretBackendArrayOutputWithContext(context.Context) SecretBackendArrayOutput
}

SecretBackendArrayInput is an input type that accepts SecretBackendArray and SecretBackendArrayOutput values. You can construct a concrete instance of `SecretBackendArrayInput` via: 

SecretBackendArray{ SecretBackendArgs{...} }

type SecretBackendArrayOutput added in v3.4.1 

type SecretBackendArrayOutput struct{ *pulumi.OutputState }

func (SecretBackendArrayOutput) ElementType added in v3.4.1 

func (SecretBackendArrayOutput) ElementType() reflect.Type

func (SecretBackendArrayOutput) Index added in v3.4.1 

func (o SecretBackendArrayOutput) Index(i pulumi.IntInput) SecretBackendOutput

func (SecretBackendArrayOutput) ToSecretBackendArrayOutput added in v3.4.1 

func (o SecretBackendArrayOutput) ToSecretBackendArrayOutput() SecretBackendArrayOutput

func (SecretBackendArrayOutput) ToSecretBackendArrayOutputWithContext added in v3.4.1 

func (o SecretBackendArrayOutput) ToSecretBackendArrayOutputWithContext(ctx context.Context) SecretBackendArrayOutput

type SecretBackendInput added in v3.0.2 

type SecretBackendInput interface {
	pulumi.Input

	ToSecretBackendOutput() SecretBackendOutput
	ToSecretBackendOutputWithContext(ctx context.Context) SecretBackendOutput
}

type SecretBackendMap added in v3.4.1 

type SecretBackendMap map[string]SecretBackendInput

func (SecretBackendMap) ElementType added in v3.4.1 

func (SecretBackendMap) ElementType() reflect.Type

func (SecretBackendMap) ToSecretBackendMapOutput added in v3.4.1 

func (i SecretBackendMap) ToSecretBackendMapOutput() SecretBackendMapOutput

func (SecretBackendMap) ToSecretBackendMapOutputWithContext added in v3.4.1 

func (i SecretBackendMap) ToSecretBackendMapOutputWithContext(ctx context.Context) SecretBackendMapOutput

type SecretBackendMapInput added in v3.4.1 

type SecretBackendMapInput interface {
	pulumi.Input

	ToSecretBackendMapOutput() SecretBackendMapOutput
	ToSecretBackendMapOutputWithContext(context.Context) SecretBackendMapOutput
}

SecretBackendMapInput is an input type that accepts SecretBackendMap and SecretBackendMapOutput values. You can construct a concrete instance of `SecretBackendMapInput` via: 

SecretBackendMap{ "key": SecretBackendArgs{...} }

type SecretBackendMapOutput added in v3.4.1 

type SecretBackendMapOutput struct{ *pulumi.OutputState }

func (SecretBackendMapOutput) ElementType added in v3.4.1 

func (SecretBackendMapOutput) ElementType() reflect.Type

func (SecretBackendMapOutput) MapIndex added in v3.4.1 

func (o SecretBackendMapOutput) MapIndex(k pulumi.StringInput) SecretBackendOutput

func (SecretBackendMapOutput) ToSecretBackendMapOutput added in v3.4.1 

func (o SecretBackendMapOutput) ToSecretBackendMapOutput() SecretBackendMapOutput

func (SecretBackendMapOutput) ToSecretBackendMapOutputWithContext added in v3.4.1 

func (o SecretBackendMapOutput) ToSecretBackendMapOutputWithContext(ctx context.Context) SecretBackendMapOutput

type SecretBackendOutput added in v3.0.2 

type SecretBackendOutput struct {
	*pulumi.OutputState
}

func (SecretBackendOutput) ElementType added in v3.0.2 

func (SecretBackendOutput) ElementType() reflect.Type

func (SecretBackendOutput) ToSecretBackendOutput added in v3.0.2 

func (o SecretBackendOutput) ToSecretBackendOutput() SecretBackendOutput

func (SecretBackendOutput) ToSecretBackendOutputWithContext added in v3.0.2 

func (o SecretBackendOutput) ToSecretBackendOutputWithContext(ctx context.Context) SecretBackendOutput

func (SecretBackendOutput) ToSecretBackendPtrOutput added in v3.4.1 

func (o SecretBackendOutput) ToSecretBackendPtrOutput() SecretBackendPtrOutput

func (SecretBackendOutput) ToSecretBackendPtrOutputWithContext added in v3.4.1 

func (o SecretBackendOutput) ToSecretBackendPtrOutputWithContext(ctx context.Context) SecretBackendPtrOutput

type SecretBackendPtrInput added in v3.4.1 

type SecretBackendPtrInput interface {
	pulumi.Input

	ToSecretBackendPtrOutput() SecretBackendPtrOutput
	ToSecretBackendPtrOutputWithContext(ctx context.Context) SecretBackendPtrOutput
}

type SecretBackendPtrOutput added in v3.4.1 

type SecretBackendPtrOutput struct {
	*pulumi.OutputState
}

func (SecretBackendPtrOutput) ElementType added in v3.4.1 

func (SecretBackendPtrOutput) ElementType() reflect.Type

func (SecretBackendPtrOutput) ToSecretBackendPtrOutput added in v3.4.1 

func (o SecretBackendPtrOutput) ToSecretBackendPtrOutput() SecretBackendPtrOutput

func (SecretBackendPtrOutput) ToSecretBackendPtrOutputWithContext added in v3.4.1 

func (o SecretBackendPtrOutput) ToSecretBackendPtrOutputWithContext(ctx context.Context) SecretBackendPtrOutput

type SecretBackendState 

type SecretBackendState struct {
	// The GCP service account credentials in JSON format.
	Credentials pulumi.StringPtrInput
	// The default TTL for credentials
	// issued by this backend. Defaults to '0'.
	DefaultLeaseTtlSeconds pulumi.IntPtrInput
	// A human-friendly description for this backend.
	Description pulumi.StringPtrInput
	// Boolean flag that can be explicitly set to true to enforce local mount in HA environment
	Local pulumi.BoolPtrInput
	// The maximum TTL that can be requested
	// for credentials issued by this backend. Defaults to '0'.
	MaxLeaseTtlSeconds pulumi.IntPtrInput
	// The unique path this backend should be mounted at. Must
	// not begin or end with a `/`. Defaults to `gcp`.
	Path pulumi.StringPtrInput
}

func (SecretBackendState) ElementType 

func (SecretBackendState) ElementType() reflect.Type

type SecretRoleset 

type SecretRoleset struct {
	pulumi.CustomResourceState

	// Path where the GCP Secrets Engine is mounted
	Backend pulumi.StringOutput `pulumi:"backend"`
	// Bindings to create for this roleset. This can be specified multiple times for multiple bindings. Structure is documented below.
	Bindings SecretRolesetBindingArrayOutput `pulumi:"bindings"`
	// Name of the GCP project that this roleset's service account will belong to.
	Project pulumi.StringOutput `pulumi:"project"`
	// Name of the Roleset to create
	Roleset pulumi.StringOutput `pulumi:"roleset"`
	// Type of secret generated for this role set. Accepted values: `accessToken`, `serviceAccountKey`. Defaults to `accessToken`.
	SecretType pulumi.StringOutput `pulumi:"secretType"`
	// Email of the service account created by Vault for this Roleset
	ServiceAccountEmail pulumi.StringOutput `pulumi:"serviceAccountEmail"`
	// List of OAuth scopes to assign to `accessToken` secrets generated under this role set (`accessToken` role sets only).
	TokenScopes pulumi.StringArrayOutput `pulumi:"tokenScopes"`
}

Creates a Roleset in the [GCP Secrets Engine](https://www.vaultproject.io/docs/secrets/gcp/index.html) for Vault.

Each Roleset is [tied](https://www.vaultproject.io/docs/secrets/gcp/index.html#service-accounts-are-tied-to-rolesets) to a Service Account, and can have one or more [bindings](https://www.vaultproject.io/docs/secrets/gcp/index.html#roleset-bindings) associated with it.

## Import

A roleset can be imported using its Vault Path. For example, referencing the example above,

```sh 

$ pulumi import vault:gcp/secretRoleset:SecretRoleset roleset gcp/roleset/project_viewer

```

func GetSecretRoleset 

func GetSecretRoleset(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *SecretRolesetState, opts ...pulumi.ResourceOption) (*SecretRoleset, error)

GetSecretRoleset gets an existing SecretRoleset resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewSecretRoleset 

func NewSecretRoleset(ctx *pulumi.Context,
	name string, args *SecretRolesetArgs, opts ...pulumi.ResourceOption) (*SecretRoleset, error)

NewSecretRoleset registers a new resource with the given unique name, arguments, and options.

func (*SecretRoleset) ElementType added in v3.0.2 

func (*SecretRoleset) ElementType() reflect.Type

func (*SecretRoleset) ToSecretRolesetOutput added in v3.0.2 

func (i *SecretRoleset) ToSecretRolesetOutput() SecretRolesetOutput

func (*SecretRoleset) ToSecretRolesetOutputWithContext added in v3.0.2 

func (i *SecretRoleset) ToSecretRolesetOutputWithContext(ctx context.Context) SecretRolesetOutput

func (*SecretRoleset) ToSecretRolesetPtrOutput added in v3.4.1 

func (i *SecretRoleset) ToSecretRolesetPtrOutput() SecretRolesetPtrOutput

func (*SecretRoleset) ToSecretRolesetPtrOutputWithContext added in v3.4.1 

func (i *SecretRoleset) ToSecretRolesetPtrOutputWithContext(ctx context.Context) SecretRolesetPtrOutput

type SecretRolesetArgs 

type SecretRolesetArgs struct {
	// Path where the GCP Secrets Engine is mounted
	Backend pulumi.StringInput
	// Bindings to create for this roleset. This can be specified multiple times for multiple bindings. Structure is documented below.
	Bindings SecretRolesetBindingArrayInput
	// Name of the GCP project that this roleset's service account will belong to.
	Project pulumi.StringInput
	// Name of the Roleset to create
	Roleset pulumi.StringInput
	// Type of secret generated for this role set. Accepted values: `accessToken`, `serviceAccountKey`. Defaults to `accessToken`.
	SecretType pulumi.StringPtrInput
	// List of OAuth scopes to assign to `accessToken` secrets generated under this role set (`accessToken` role sets only).
	TokenScopes pulumi.StringArrayInput
}

The set of arguments for constructing a SecretRoleset resource.

func (SecretRolesetArgs) ElementType 

func (SecretRolesetArgs) ElementType() reflect.Type

type SecretRolesetArray added in v3.4.1 

type SecretRolesetArray []SecretRolesetInput

func (SecretRolesetArray) ElementType added in v3.4.1 

func (SecretRolesetArray) ElementType() reflect.Type

func (SecretRolesetArray) ToSecretRolesetArrayOutput added in v3.4.1 

func (i SecretRolesetArray) ToSecretRolesetArrayOutput() SecretRolesetArrayOutput

func (SecretRolesetArray) ToSecretRolesetArrayOutputWithContext added in v3.4.1 

func (i SecretRolesetArray) ToSecretRolesetArrayOutputWithContext(ctx context.Context) SecretRolesetArrayOutput

type SecretRolesetArrayInput added in v3.4.1 

type SecretRolesetArrayInput interface {
	pulumi.Input

	ToSecretRolesetArrayOutput() SecretRolesetArrayOutput
	ToSecretRolesetArrayOutputWithContext(context.Context) SecretRolesetArrayOutput
}

SecretRolesetArrayInput is an input type that accepts SecretRolesetArray and SecretRolesetArrayOutput values. You can construct a concrete instance of `SecretRolesetArrayInput` via: 

SecretRolesetArray{ SecretRolesetArgs{...} }

type SecretRolesetArrayOutput added in v3.4.1 

type SecretRolesetArrayOutput struct{ *pulumi.OutputState }

func (SecretRolesetArrayOutput) ElementType added in v3.4.1 

func (SecretRolesetArrayOutput) ElementType() reflect.Type

func (SecretRolesetArrayOutput) Index added in v3.4.1 

func (o SecretRolesetArrayOutput) Index(i pulumi.IntInput) SecretRolesetOutput

func (SecretRolesetArrayOutput) ToSecretRolesetArrayOutput added in v3.4.1 

func (o SecretRolesetArrayOutput) ToSecretRolesetArrayOutput() SecretRolesetArrayOutput

func (SecretRolesetArrayOutput) ToSecretRolesetArrayOutputWithContext added in v3.4.1 

func (o SecretRolesetArrayOutput) ToSecretRolesetArrayOutputWithContext(ctx context.Context) SecretRolesetArrayOutput

type SecretRolesetBinding 

type SecretRolesetBinding struct {
	// Resource or resource path for which IAM policy information will be bound. The resource path may be specified in a few different [formats](https://www.vaultproject.io/docs/secrets/gcp/index.html#roleset-bindings).
	Resource string `pulumi:"resource"`
	// List of [GCP IAM roles](https://cloud.google.com/iam/docs/understanding-roles) for the resource.
	Roles []string `pulumi:"roles"`
}

type SecretRolesetBindingArgs 

type SecretRolesetBindingArgs struct {
	// Resource or resource path for which IAM policy information will be bound. The resource path may be specified in a few different [formats](https://www.vaultproject.io/docs/secrets/gcp/index.html#roleset-bindings).
	Resource pulumi.StringInput `pulumi:"resource"`
	// List of [GCP IAM roles](https://cloud.google.com/iam/docs/understanding-roles) for the resource.
	Roles pulumi.StringArrayInput `pulumi:"roles"`
}

func (SecretRolesetBindingArgs) ElementType 

func (SecretRolesetBindingArgs) ElementType() reflect.Type

func (SecretRolesetBindingArgs) ToSecretRolesetBindingOutput 

func (i SecretRolesetBindingArgs) ToSecretRolesetBindingOutput() SecretRolesetBindingOutput

func (SecretRolesetBindingArgs) ToSecretRolesetBindingOutputWithContext 

func (i SecretRolesetBindingArgs) ToSecretRolesetBindingOutputWithContext(ctx context.Context) SecretRolesetBindingOutput

type SecretRolesetBindingArray 

type SecretRolesetBindingArray []SecretRolesetBindingInput

func (SecretRolesetBindingArray) ElementType 

func (SecretRolesetBindingArray) ElementType() reflect.Type

func (SecretRolesetBindingArray) ToSecretRolesetBindingArrayOutput 

func (i SecretRolesetBindingArray) ToSecretRolesetBindingArrayOutput() SecretRolesetBindingArrayOutput

func (SecretRolesetBindingArray) ToSecretRolesetBindingArrayOutputWithContext 

func (i SecretRolesetBindingArray) ToSecretRolesetBindingArrayOutputWithContext(ctx context.Context) SecretRolesetBindingArrayOutput

type SecretRolesetBindingArrayInput 

type SecretRolesetBindingArrayInput interface {
	pulumi.Input

	ToSecretRolesetBindingArrayOutput() SecretRolesetBindingArrayOutput
	ToSecretRolesetBindingArrayOutputWithContext(context.Context) SecretRolesetBindingArrayOutput
}

SecretRolesetBindingArrayInput is an input type that accepts SecretRolesetBindingArray and SecretRolesetBindingArrayOutput values. You can construct a concrete instance of `SecretRolesetBindingArrayInput` via: 

SecretRolesetBindingArray{ SecretRolesetBindingArgs{...} }

type SecretRolesetBindingArrayOutput 

type SecretRolesetBindingArrayOutput struct{ *pulumi.OutputState }

func (SecretRolesetBindingArrayOutput) ElementType 

func (SecretRolesetBindingArrayOutput) ElementType() reflect.Type

func (SecretRolesetBindingArrayOutput) Index 

func (o SecretRolesetBindingArrayOutput) Index(i pulumi.IntInput) SecretRolesetBindingOutput

func (SecretRolesetBindingArrayOutput) ToSecretRolesetBindingArrayOutput 

func (o SecretRolesetBindingArrayOutput) ToSecretRolesetBindingArrayOutput() SecretRolesetBindingArrayOutput

func (SecretRolesetBindingArrayOutput) ToSecretRolesetBindingArrayOutputWithContext 

func (o SecretRolesetBindingArrayOutput) ToSecretRolesetBindingArrayOutputWithContext(ctx context.Context) SecretRolesetBindingArrayOutput

type SecretRolesetBindingInput 

type SecretRolesetBindingInput interface {
	pulumi.Input

	ToSecretRolesetBindingOutput() SecretRolesetBindingOutput
	ToSecretRolesetBindingOutputWithContext(context.Context) SecretRolesetBindingOutput
}

SecretRolesetBindingInput is an input type that accepts SecretRolesetBindingArgs and SecretRolesetBindingOutput values. You can construct a concrete instance of `SecretRolesetBindingInput` via: 

SecretRolesetBindingArgs{...}

type SecretRolesetBindingOutput 

type SecretRolesetBindingOutput struct{ *pulumi.OutputState }

func (SecretRolesetBindingOutput) ElementType 

func (SecretRolesetBindingOutput) ElementType() reflect.Type

func (SecretRolesetBindingOutput) Resource 

func (o SecretRolesetBindingOutput) Resource() pulumi.StringOutput

Resource or resource path for which IAM policy information will be bound. The resource path may be specified in a few different [formats](https://www.vaultproject.io/docs/secrets/gcp/index.html#roleset-bindings).

func (SecretRolesetBindingOutput) Roles 

func (o SecretRolesetBindingOutput) Roles() pulumi.StringArrayOutput

List of [GCP IAM roles](https://cloud.google.com/iam/docs/understanding-roles) for the resource.

func (SecretRolesetBindingOutput) ToSecretRolesetBindingOutput 

func (o SecretRolesetBindingOutput) ToSecretRolesetBindingOutput() SecretRolesetBindingOutput

func (SecretRolesetBindingOutput) ToSecretRolesetBindingOutputWithContext 

func (o SecretRolesetBindingOutput) ToSecretRolesetBindingOutputWithContext(ctx context.Context) SecretRolesetBindingOutput

type SecretRolesetInput added in v3.0.2 

type SecretRolesetInput interface {
	pulumi.Input

	ToSecretRolesetOutput() SecretRolesetOutput
	ToSecretRolesetOutputWithContext(ctx context.Context) SecretRolesetOutput
}

type SecretRolesetMap added in v3.4.1 

type SecretRolesetMap map[string]SecretRolesetInput

func (SecretRolesetMap) ElementType added in v3.4.1 

func (SecretRolesetMap) ElementType() reflect.Type

func (SecretRolesetMap) ToSecretRolesetMapOutput added in v3.4.1 

func (i SecretRolesetMap) ToSecretRolesetMapOutput() SecretRolesetMapOutput

func (SecretRolesetMap) ToSecretRolesetMapOutputWithContext added in v3.4.1 

func (i SecretRolesetMap) ToSecretRolesetMapOutputWithContext(ctx context.Context) SecretRolesetMapOutput

type SecretRolesetMapInput added in v3.4.1 

type SecretRolesetMapInput interface {
	pulumi.Input

	ToSecretRolesetMapOutput() SecretRolesetMapOutput
	ToSecretRolesetMapOutputWithContext(context.Context) SecretRolesetMapOutput
}

SecretRolesetMapInput is an input type that accepts SecretRolesetMap and SecretRolesetMapOutput values. You can construct a concrete instance of `SecretRolesetMapInput` via: 

SecretRolesetMap{ "key": SecretRolesetArgs{...} }

type SecretRolesetMapOutput added in v3.4.1 

type SecretRolesetMapOutput struct{ *pulumi.OutputState }

func (SecretRolesetMapOutput) ElementType added in v3.4.1 

func (SecretRolesetMapOutput) ElementType() reflect.Type

func (SecretRolesetMapOutput) MapIndex added in v3.4.1 

func (o SecretRolesetMapOutput) MapIndex(k pulumi.StringInput) SecretRolesetOutput

func (SecretRolesetMapOutput) ToSecretRolesetMapOutput added in v3.4.1 

func (o SecretRolesetMapOutput) ToSecretRolesetMapOutput() SecretRolesetMapOutput

func (SecretRolesetMapOutput) ToSecretRolesetMapOutputWithContext added in v3.4.1 

func (o SecretRolesetMapOutput) ToSecretRolesetMapOutputWithContext(ctx context.Context) SecretRolesetMapOutput

type SecretRolesetOutput added in v3.0.2 

type SecretRolesetOutput struct {
	*pulumi.OutputState
}

func (SecretRolesetOutput) ElementType added in v3.0.2 

func (SecretRolesetOutput) ElementType() reflect.Type

func (SecretRolesetOutput) ToSecretRolesetOutput added in v3.0.2 

func (o SecretRolesetOutput) ToSecretRolesetOutput() SecretRolesetOutput

func (SecretRolesetOutput) ToSecretRolesetOutputWithContext added in v3.0.2 

func (o SecretRolesetOutput) ToSecretRolesetOutputWithContext(ctx context.Context) SecretRolesetOutput

func (SecretRolesetOutput) ToSecretRolesetPtrOutput added in v3.4.1 

func (o SecretRolesetOutput) ToSecretRolesetPtrOutput() SecretRolesetPtrOutput

func (SecretRolesetOutput) ToSecretRolesetPtrOutputWithContext added in v3.4.1 

func (o SecretRolesetOutput) ToSecretRolesetPtrOutputWithContext(ctx context.Context) SecretRolesetPtrOutput

type SecretRolesetPtrInput added in v3.4.1 

type SecretRolesetPtrInput interface {
	pulumi.Input

	ToSecretRolesetPtrOutput() SecretRolesetPtrOutput
	ToSecretRolesetPtrOutputWithContext(ctx context.Context) SecretRolesetPtrOutput
}

type SecretRolesetPtrOutput added in v3.4.1 

type SecretRolesetPtrOutput struct {
	*pulumi.OutputState
}

func (SecretRolesetPtrOutput) ElementType added in v3.4.1 

func (SecretRolesetPtrOutput) ElementType() reflect.Type

func (SecretRolesetPtrOutput) ToSecretRolesetPtrOutput added in v3.4.1 

func (o SecretRolesetPtrOutput) ToSecretRolesetPtrOutput() SecretRolesetPtrOutput

func (SecretRolesetPtrOutput) ToSecretRolesetPtrOutputWithContext added in v3.4.1 

func (o SecretRolesetPtrOutput) ToSecretRolesetPtrOutputWithContext(ctx context.Context) SecretRolesetPtrOutput

type SecretRolesetState 

type SecretRolesetState struct {
	// Path where the GCP Secrets Engine is mounted
	Backend pulumi.StringPtrInput
	// Bindings to create for this roleset. This can be specified multiple times for multiple bindings. Structure is documented below.
	Bindings SecretRolesetBindingArrayInput
	// Name of the GCP project that this roleset's service account will belong to.
	Project pulumi.StringPtrInput
	// Name of the Roleset to create
	Roleset pulumi.StringPtrInput
	// Type of secret generated for this role set. Accepted values: `accessToken`, `serviceAccountKey`. Defaults to `accessToken`.
	SecretType pulumi.StringPtrInput
	// Email of the service account created by Vault for this Roleset
	ServiceAccountEmail pulumi.StringPtrInput
	// List of OAuth scopes to assign to `accessToken` secrets generated under this role set (`accessToken` role sets only).
	TokenScopes pulumi.StringArrayInput
}

func (SecretRolesetState) ElementType 

func (SecretRolesetState) ElementType() reflect.Type

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.