Documentation ¶
Index ¶
- type AuthBackendLogin
- type AuthBackendLoginArgs
- type AuthBackendLoginInput
- type AuthBackendLoginOutput
- type AuthBackendLoginState
- type AuthBackendRole
- type AuthBackendRoleArgs
- type AuthBackendRoleInput
- type AuthBackendRoleOutput
- type AuthBackendRoleSecretID
- type AuthBackendRoleSecretIDArgs
- type AuthBackendRoleSecretIDInput
- type AuthBackendRoleSecretIDOutput
- type AuthBackendRoleSecretIDState
- type AuthBackendRoleState
- type GetAuthBackendRoleIdArgs
- type GetAuthBackendRoleIdResult
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AuthBackendLogin ¶
type AuthBackendLogin struct { pulumi.CustomResourceState // The accessor for the token. Accessor pulumi.StringOutput `pulumi:"accessor"` // The unique path of the Vault backend to log in with. Backend pulumi.StringPtrOutput `pulumi:"backend"` // The Vault token created. ClientToken pulumi.StringOutput `pulumi:"clientToken"` // How long the token is valid for, in seconds. LeaseDuration pulumi.IntOutput `pulumi:"leaseDuration"` // The date and time the lease started, in RFC 3339 format. LeaseStarted pulumi.StringOutput `pulumi:"leaseStarted"` // The metadata associated with the token. Metadata pulumi.StringMapOutput `pulumi:"metadata"` // A list of policies applied to the token. Policies pulumi.StringArrayOutput `pulumi:"policies"` // Whether the token is renewable or not. Renewable pulumi.BoolOutput `pulumi:"renewable"` // The ID of the role to log in with. RoleId pulumi.StringOutput `pulumi:"roleId"` // The secret ID of the role to log in with. Required // unless `bindSecretId` is set to false on the role. SecretId pulumi.StringPtrOutput `pulumi:"secretId"` }
Logs into Vault using the AppRole auth backend. See the [Vault documentation](https://www.vaultproject.io/docs/auth/approle) for more information.
## Example Usage
```go package main
import (
"github.com/pulumi/pulumi-vault/sdk/v3/go/vault" "github.com/pulumi/pulumi-vault/sdk/v3/go/vault/appRole" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { approle, err := vault.NewAuthBackend(ctx, "approle", &vault.AuthBackendArgs{ Type: pulumi.String("approle"), }) if err != nil { return err } example, err := appRole.NewAuthBackendRole(ctx, "example", &appRole.AuthBackendRoleArgs{ Backend: approle.Path, Policies: pulumi.StringArray{ pulumi.String("default"), pulumi.String("dev"), pulumi.String("prod"), }, RoleName: pulumi.String("test-role"), }) if err != nil { return err } id, err := appRole.NewAuthBackendRoleSecretID(ctx, "id", &appRole.AuthBackendRoleSecretIDArgs{ Backend: approle.Path, RoleName: example.RoleName, }) if err != nil { return err } _, err = appRole.NewAuthBackendLogin(ctx, "login", &appRole.AuthBackendLoginArgs{ Backend: approle.Path, RoleId: example.RoleId, SecretId: id.SecretId, }) if err != nil { return err } return nil }) }
```
func GetAuthBackendLogin ¶
func GetAuthBackendLogin(ctx *pulumi.Context, name string, id pulumi.IDInput, state *AuthBackendLoginState, opts ...pulumi.ResourceOption) (*AuthBackendLogin, error)
GetAuthBackendLogin gets an existing AuthBackendLogin resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewAuthBackendLogin ¶
func NewAuthBackendLogin(ctx *pulumi.Context, name string, args *AuthBackendLoginArgs, opts ...pulumi.ResourceOption) (*AuthBackendLogin, error)
NewAuthBackendLogin registers a new resource with the given unique name, arguments, and options.
func (AuthBackendLogin) ElementType ¶ added in v3.0.2
func (AuthBackendLogin) ElementType() reflect.Type
func (AuthBackendLogin) ToAuthBackendLoginOutput ¶ added in v3.0.2
func (i AuthBackendLogin) ToAuthBackendLoginOutput() AuthBackendLoginOutput
func (AuthBackendLogin) ToAuthBackendLoginOutputWithContext ¶ added in v3.0.2
func (i AuthBackendLogin) ToAuthBackendLoginOutputWithContext(ctx context.Context) AuthBackendLoginOutput
type AuthBackendLoginArgs ¶
type AuthBackendLoginArgs struct { // The unique path of the Vault backend to log in with. Backend pulumi.StringPtrInput // The ID of the role to log in with. RoleId pulumi.StringInput // The secret ID of the role to log in with. Required // unless `bindSecretId` is set to false on the role. SecretId pulumi.StringPtrInput }
The set of arguments for constructing a AuthBackendLogin resource.
func (AuthBackendLoginArgs) ElementType ¶
func (AuthBackendLoginArgs) ElementType() reflect.Type
type AuthBackendLoginInput ¶ added in v3.0.2
type AuthBackendLoginInput interface { pulumi.Input ToAuthBackendLoginOutput() AuthBackendLoginOutput ToAuthBackendLoginOutputWithContext(ctx context.Context) AuthBackendLoginOutput }
type AuthBackendLoginOutput ¶ added in v3.0.2
type AuthBackendLoginOutput struct {
*pulumi.OutputState
}
func (AuthBackendLoginOutput) ElementType ¶ added in v3.0.2
func (AuthBackendLoginOutput) ElementType() reflect.Type
func (AuthBackendLoginOutput) ToAuthBackendLoginOutput ¶ added in v3.0.2
func (o AuthBackendLoginOutput) ToAuthBackendLoginOutput() AuthBackendLoginOutput
func (AuthBackendLoginOutput) ToAuthBackendLoginOutputWithContext ¶ added in v3.0.2
func (o AuthBackendLoginOutput) ToAuthBackendLoginOutputWithContext(ctx context.Context) AuthBackendLoginOutput
type AuthBackendLoginState ¶
type AuthBackendLoginState struct { // The accessor for the token. Accessor pulumi.StringPtrInput // The unique path of the Vault backend to log in with. Backend pulumi.StringPtrInput // The Vault token created. ClientToken pulumi.StringPtrInput // How long the token is valid for, in seconds. LeaseDuration pulumi.IntPtrInput // The date and time the lease started, in RFC 3339 format. LeaseStarted pulumi.StringPtrInput // The metadata associated with the token. Metadata pulumi.StringMapInput // A list of policies applied to the token. Policies pulumi.StringArrayInput // Whether the token is renewable or not. Renewable pulumi.BoolPtrInput // The ID of the role to log in with. RoleId pulumi.StringPtrInput // The secret ID of the role to log in with. Required // unless `bindSecretId` is set to false on the role. SecretId pulumi.StringPtrInput }
func (AuthBackendLoginState) ElementType ¶
func (AuthBackendLoginState) ElementType() reflect.Type
type AuthBackendRole ¶
type AuthBackendRole struct { pulumi.CustomResourceState // The unique name of the auth backend to configure. // Defaults to `approle`. Backend pulumi.StringPtrOutput `pulumi:"backend"` // Whether or not to require `secretId` to be // presented when logging in using this AppRole. Defaults to `true`. BindSecretId pulumi.BoolPtrOutput `pulumi:"bindSecretId"` // If set, // specifies blocks of IP addresses which can perform the login operation. // // Deprecated: use `secret_id_bound_cidrs` instead BoundCidrLists pulumi.StringArrayOutput `pulumi:"boundCidrLists"` // If set, indicates that the // token generated using this role should never expire. The token should be renewed within the // duration specified by this value. At each renewal, the token's TTL will be set to the // value of this field. Specified in seconds. // // Deprecated: use `token_period` instead if you are running Vault >= 1.2 Period pulumi.IntPtrOutput `pulumi:"period"` // An array of strings // specifying the policies to be set on tokens issued using this role. // // Deprecated: use `token_policies` instead if you are running Vault >= 1.2 Policies pulumi.StringArrayOutput `pulumi:"policies"` // The RoleID of this role. If not specified, one will be // auto-generated. RoleId pulumi.StringOutput `pulumi:"roleId"` // The name of the role. RoleName pulumi.StringOutput `pulumi:"roleName"` // If set, // specifies blocks of IP addresses which can perform the login operation. SecretIdBoundCidrs pulumi.StringArrayOutput `pulumi:"secretIdBoundCidrs"` // The number of times any particular SecretID // can be used to fetch a token from this AppRole, after which the SecretID will // expire. A value of zero will allow unlimited uses. SecretIdNumUses pulumi.IntPtrOutput `pulumi:"secretIdNumUses"` // The number of seconds after which any SecretID // expires. SecretIdTtl pulumi.IntPtrOutput `pulumi:"secretIdTtl"` // List of CIDR blocks; if set, specifies blocks of IP // addresses which can authenticate successfully, and ties the resulting token to these blocks // as well. TokenBoundCidrs pulumi.StringArrayOutput `pulumi:"tokenBoundCidrs"` // If set, will encode an // [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls) // onto the token in number of seconds. This is a hard cap even if `tokenTtl` and // `tokenMaxTtl` would otherwise allow a renewal. TokenExplicitMaxTtl pulumi.IntPtrOutput `pulumi:"tokenExplicitMaxTtl"` // The maximum lifetime for generated tokens in number of seconds. // Its current value will be referenced at renewal time. TokenMaxTtl pulumi.IntPtrOutput `pulumi:"tokenMaxTtl"` // If set, the default policy will not be set on // generated tokens; otherwise it will be added to the policies set in token_policies. TokenNoDefaultPolicy pulumi.BoolPtrOutput `pulumi:"tokenNoDefaultPolicy"` // The // [period](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls), // if any, in number of seconds to set on the token. TokenNumUses pulumi.IntPtrOutput `pulumi:"tokenNumUses"` // If set, indicates that the // token generated using this role should never expire. The token should be renewed within the // duration specified by this value. At each renewal, the token's TTL will be set to the // value of this field. Specified in seconds. TokenPeriod pulumi.IntPtrOutput `pulumi:"tokenPeriod"` // List of policies to encode onto generated tokens. Depending // on the auth method, this list may be supplemented by user/group/other values. TokenPolicies pulumi.StringArrayOutput `pulumi:"tokenPolicies"` // The incremental lifetime for generated tokens in number of seconds. // Its current value will be referenced at renewal time. TokenTtl pulumi.IntPtrOutput `pulumi:"tokenTtl"` // The type of token that should be generated. Can be `service`, // `batch`, or `default` to use the mount's tuned default (which unless changed will be // `service` tokens). For token store roles, there are two additional possibilities: // `default-service` and `default-batch` which specify the type to return unless the client // requests a different type at generation time. TokenType pulumi.StringPtrOutput `pulumi:"tokenType"` }
Manages an AppRole auth backend role in a Vault server. See the [Vault documentation](https://www.vaultproject.io/docs/auth/approle) for more information.
## Example Usage
```go package main
import (
"github.com/pulumi/pulumi-vault/sdk/v3/go/vault" "github.com/pulumi/pulumi-vault/sdk/v3/go/vault/appRole" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { approle, err := vault.NewAuthBackend(ctx, "approle", &vault.AuthBackendArgs{ Type: pulumi.String("approle"), }) if err != nil { return err } _, err = appRole.NewAuthBackendRole(ctx, "example", &appRole.AuthBackendRoleArgs{ Backend: approle.Path, RoleName: pulumi.String("test-role"), TokenPolicies: pulumi.StringArray{ pulumi.String("default"), pulumi.String("dev"), pulumi.String("prod"), }, }) if err != nil { return err } return nil }) }
```
## Import
AppRole authentication backend roles can be imported using the `path`, e.g.
```sh
$ pulumi import vault:appRole/authBackendRole:AuthBackendRole example auth/approle/role/test-role
```
func GetAuthBackendRole ¶
func GetAuthBackendRole(ctx *pulumi.Context, name string, id pulumi.IDInput, state *AuthBackendRoleState, opts ...pulumi.ResourceOption) (*AuthBackendRole, error)
GetAuthBackendRole gets an existing AuthBackendRole resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewAuthBackendRole ¶
func NewAuthBackendRole(ctx *pulumi.Context, name string, args *AuthBackendRoleArgs, opts ...pulumi.ResourceOption) (*AuthBackendRole, error)
NewAuthBackendRole registers a new resource with the given unique name, arguments, and options.
func (AuthBackendRole) ElementType ¶ added in v3.0.2
func (AuthBackendRole) ElementType() reflect.Type
func (AuthBackendRole) ToAuthBackendRoleOutput ¶ added in v3.0.2
func (i AuthBackendRole) ToAuthBackendRoleOutput() AuthBackendRoleOutput
func (AuthBackendRole) ToAuthBackendRoleOutputWithContext ¶ added in v3.0.2
func (i AuthBackendRole) ToAuthBackendRoleOutputWithContext(ctx context.Context) AuthBackendRoleOutput
type AuthBackendRoleArgs ¶
type AuthBackendRoleArgs struct { // The unique name of the auth backend to configure. // Defaults to `approle`. Backend pulumi.StringPtrInput // Whether or not to require `secretId` to be // presented when logging in using this AppRole. Defaults to `true`. BindSecretId pulumi.BoolPtrInput // If set, // specifies blocks of IP addresses which can perform the login operation. // // Deprecated: use `secret_id_bound_cidrs` instead BoundCidrLists pulumi.StringArrayInput // If set, indicates that the // token generated using this role should never expire. The token should be renewed within the // duration specified by this value. At each renewal, the token's TTL will be set to the // value of this field. Specified in seconds. // // Deprecated: use `token_period` instead if you are running Vault >= 1.2 Period pulumi.IntPtrInput // An array of strings // specifying the policies to be set on tokens issued using this role. // // Deprecated: use `token_policies` instead if you are running Vault >= 1.2 Policies pulumi.StringArrayInput // The RoleID of this role. If not specified, one will be // auto-generated. RoleId pulumi.StringPtrInput // The name of the role. RoleName pulumi.StringInput // If set, // specifies blocks of IP addresses which can perform the login operation. SecretIdBoundCidrs pulumi.StringArrayInput // The number of times any particular SecretID // can be used to fetch a token from this AppRole, after which the SecretID will // expire. A value of zero will allow unlimited uses. SecretIdNumUses pulumi.IntPtrInput // The number of seconds after which any SecretID // expires. SecretIdTtl pulumi.IntPtrInput // List of CIDR blocks; if set, specifies blocks of IP // addresses which can authenticate successfully, and ties the resulting token to these blocks // as well. TokenBoundCidrs pulumi.StringArrayInput // If set, will encode an // [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls) // onto the token in number of seconds. This is a hard cap even if `tokenTtl` and // `tokenMaxTtl` would otherwise allow a renewal. TokenExplicitMaxTtl pulumi.IntPtrInput // The maximum lifetime for generated tokens in number of seconds. // Its current value will be referenced at renewal time. TokenMaxTtl pulumi.IntPtrInput // If set, the default policy will not be set on // generated tokens; otherwise it will be added to the policies set in token_policies. TokenNoDefaultPolicy pulumi.BoolPtrInput // The // [period](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls), // if any, in number of seconds to set on the token. TokenNumUses pulumi.IntPtrInput // If set, indicates that the // token generated using this role should never expire. The token should be renewed within the // duration specified by this value. At each renewal, the token's TTL will be set to the // value of this field. Specified in seconds. TokenPeriod pulumi.IntPtrInput // List of policies to encode onto generated tokens. Depending // on the auth method, this list may be supplemented by user/group/other values. TokenPolicies pulumi.StringArrayInput // The incremental lifetime for generated tokens in number of seconds. // Its current value will be referenced at renewal time. TokenTtl pulumi.IntPtrInput // The type of token that should be generated. Can be `service`, // `batch`, or `default` to use the mount's tuned default (which unless changed will be // `service` tokens). For token store roles, there are two additional possibilities: // `default-service` and `default-batch` which specify the type to return unless the client // requests a different type at generation time. TokenType pulumi.StringPtrInput }
The set of arguments for constructing a AuthBackendRole resource.
func (AuthBackendRoleArgs) ElementType ¶
func (AuthBackendRoleArgs) ElementType() reflect.Type
type AuthBackendRoleInput ¶ added in v3.0.2
type AuthBackendRoleInput interface { pulumi.Input ToAuthBackendRoleOutput() AuthBackendRoleOutput ToAuthBackendRoleOutputWithContext(ctx context.Context) AuthBackendRoleOutput }
type AuthBackendRoleOutput ¶ added in v3.0.2
type AuthBackendRoleOutput struct {
*pulumi.OutputState
}
func (AuthBackendRoleOutput) ElementType ¶ added in v3.0.2
func (AuthBackendRoleOutput) ElementType() reflect.Type
func (AuthBackendRoleOutput) ToAuthBackendRoleOutput ¶ added in v3.0.2
func (o AuthBackendRoleOutput) ToAuthBackendRoleOutput() AuthBackendRoleOutput
func (AuthBackendRoleOutput) ToAuthBackendRoleOutputWithContext ¶ added in v3.0.2
func (o AuthBackendRoleOutput) ToAuthBackendRoleOutputWithContext(ctx context.Context) AuthBackendRoleOutput
type AuthBackendRoleSecretID ¶
type AuthBackendRoleSecretID struct { pulumi.CustomResourceState // The unique ID for this SecretID that can be safely logged. Accessor pulumi.StringOutput `pulumi:"accessor"` // Unique name of the auth backend to configure. Backend pulumi.StringPtrOutput `pulumi:"backend"` // If set, specifies blocks of IP addresses which can // perform the login operation using this SecretID. CidrLists pulumi.StringArrayOutput `pulumi:"cidrLists"` // A JSON-encoded string containing metadata in // key-value pairs to be set on tokens issued with this SecretID. Metadata pulumi.StringPtrOutput `pulumi:"metadata"` // The name of the role to create the SecretID for. RoleName pulumi.StringOutput `pulumi:"roleName"` // The SecretID to be created. If set, uses "Push" // mode. Defaults to Vault auto-generating SecretIDs. SecretId pulumi.StringOutput `pulumi:"secretId"` // The unique ID for the response-wrapped SecretID that can // be safely logged. WrappingAccessor pulumi.StringOutput `pulumi:"wrappingAccessor"` // The token used to retrieve a response-wrapped SecretID. WrappingToken pulumi.StringOutput `pulumi:"wrappingToken"` // If set, the SecretID response will be // [response-wrapped](https://www.vaultproject.io/docs/concepts/response-wrapping) // and available for the duration specified. Only a single unwrapping of the // token is allowed. WrappingTtl pulumi.StringPtrOutput `pulumi:"wrappingTtl"` }
Manages an AppRole auth backend SecretID in a Vault server. See the [Vault documentation](https://www.vaultproject.io/docs/auth/approle) for more information.
## Example Usage
```go package main
import (
"fmt" "github.com/pulumi/pulumi-vault/sdk/v3/go/vault" "github.com/pulumi/pulumi-vault/sdk/v3/go/vault/appRole" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { approle, err := vault.NewAuthBackend(ctx, "approle", &vault.AuthBackendArgs{ Type: pulumi.String("approle"), }) if err != nil { return err } example, err := appRole.NewAuthBackendRole(ctx, "example", &appRole.AuthBackendRoleArgs{ Backend: approle.Path, Policies: pulumi.StringArray{ pulumi.String("default"), pulumi.String("dev"), pulumi.String("prod"), }, RoleName: pulumi.String("test-role"), }) if err != nil { return err } _, err = appRole.NewAuthBackendRoleSecretID(ctx, "id", &appRole.AuthBackendRoleSecretIDArgs{ Backend: approle.Path, Metadata: pulumi.String(fmt.Sprintf("%v%v%v%v", "{\n", " \"hello\": \"world\"\n", "}\n", "\n")), RoleName: example.RoleName, }) if err != nil { return err } return nil }) }
```
func GetAuthBackendRoleSecretID ¶
func GetAuthBackendRoleSecretID(ctx *pulumi.Context, name string, id pulumi.IDInput, state *AuthBackendRoleSecretIDState, opts ...pulumi.ResourceOption) (*AuthBackendRoleSecretID, error)
GetAuthBackendRoleSecretID gets an existing AuthBackendRoleSecretID resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewAuthBackendRoleSecretID ¶
func NewAuthBackendRoleSecretID(ctx *pulumi.Context, name string, args *AuthBackendRoleSecretIDArgs, opts ...pulumi.ResourceOption) (*AuthBackendRoleSecretID, error)
NewAuthBackendRoleSecretID registers a new resource with the given unique name, arguments, and options.
func (AuthBackendRoleSecretID) ElementType ¶ added in v3.0.2
func (AuthBackendRoleSecretID) ElementType() reflect.Type
func (AuthBackendRoleSecretID) ToAuthBackendRoleSecretIDOutput ¶ added in v3.0.2
func (i AuthBackendRoleSecretID) ToAuthBackendRoleSecretIDOutput() AuthBackendRoleSecretIDOutput
func (AuthBackendRoleSecretID) ToAuthBackendRoleSecretIDOutputWithContext ¶ added in v3.0.2
func (i AuthBackendRoleSecretID) ToAuthBackendRoleSecretIDOutputWithContext(ctx context.Context) AuthBackendRoleSecretIDOutput
type AuthBackendRoleSecretIDArgs ¶
type AuthBackendRoleSecretIDArgs struct { // Unique name of the auth backend to configure. Backend pulumi.StringPtrInput // If set, specifies blocks of IP addresses which can // perform the login operation using this SecretID. CidrLists pulumi.StringArrayInput // A JSON-encoded string containing metadata in // key-value pairs to be set on tokens issued with this SecretID. Metadata pulumi.StringPtrInput // The name of the role to create the SecretID for. RoleName pulumi.StringInput // The SecretID to be created. If set, uses "Push" // mode. Defaults to Vault auto-generating SecretIDs. SecretId pulumi.StringPtrInput // If set, the SecretID response will be // [response-wrapped](https://www.vaultproject.io/docs/concepts/response-wrapping) // and available for the duration specified. Only a single unwrapping of the // token is allowed. WrappingTtl pulumi.StringPtrInput }
The set of arguments for constructing a AuthBackendRoleSecretID resource.
func (AuthBackendRoleSecretIDArgs) ElementType ¶
func (AuthBackendRoleSecretIDArgs) ElementType() reflect.Type
type AuthBackendRoleSecretIDInput ¶ added in v3.0.2
type AuthBackendRoleSecretIDInput interface { pulumi.Input ToAuthBackendRoleSecretIDOutput() AuthBackendRoleSecretIDOutput ToAuthBackendRoleSecretIDOutputWithContext(ctx context.Context) AuthBackendRoleSecretIDOutput }
type AuthBackendRoleSecretIDOutput ¶ added in v3.0.2
type AuthBackendRoleSecretIDOutput struct {
*pulumi.OutputState
}
func (AuthBackendRoleSecretIDOutput) ElementType ¶ added in v3.0.2
func (AuthBackendRoleSecretIDOutput) ElementType() reflect.Type
func (AuthBackendRoleSecretIDOutput) ToAuthBackendRoleSecretIDOutput ¶ added in v3.0.2
func (o AuthBackendRoleSecretIDOutput) ToAuthBackendRoleSecretIDOutput() AuthBackendRoleSecretIDOutput
func (AuthBackendRoleSecretIDOutput) ToAuthBackendRoleSecretIDOutputWithContext ¶ added in v3.0.2
func (o AuthBackendRoleSecretIDOutput) ToAuthBackendRoleSecretIDOutputWithContext(ctx context.Context) AuthBackendRoleSecretIDOutput
type AuthBackendRoleSecretIDState ¶
type AuthBackendRoleSecretIDState struct { // The unique ID for this SecretID that can be safely logged. Accessor pulumi.StringPtrInput // Unique name of the auth backend to configure. Backend pulumi.StringPtrInput // If set, specifies blocks of IP addresses which can // perform the login operation using this SecretID. CidrLists pulumi.StringArrayInput // A JSON-encoded string containing metadata in // key-value pairs to be set on tokens issued with this SecretID. Metadata pulumi.StringPtrInput // The name of the role to create the SecretID for. RoleName pulumi.StringPtrInput // The SecretID to be created. If set, uses "Push" // mode. Defaults to Vault auto-generating SecretIDs. SecretId pulumi.StringPtrInput // The unique ID for the response-wrapped SecretID that can // be safely logged. WrappingAccessor pulumi.StringPtrInput // The token used to retrieve a response-wrapped SecretID. WrappingToken pulumi.StringPtrInput // If set, the SecretID response will be // [response-wrapped](https://www.vaultproject.io/docs/concepts/response-wrapping) // and available for the duration specified. Only a single unwrapping of the // token is allowed. WrappingTtl pulumi.StringPtrInput }
func (AuthBackendRoleSecretIDState) ElementType ¶
func (AuthBackendRoleSecretIDState) ElementType() reflect.Type
type AuthBackendRoleState ¶
type AuthBackendRoleState struct { // The unique name of the auth backend to configure. // Defaults to `approle`. Backend pulumi.StringPtrInput // Whether or not to require `secretId` to be // presented when logging in using this AppRole. Defaults to `true`. BindSecretId pulumi.BoolPtrInput // If set, // specifies blocks of IP addresses which can perform the login operation. // // Deprecated: use `secret_id_bound_cidrs` instead BoundCidrLists pulumi.StringArrayInput // If set, indicates that the // token generated using this role should never expire. The token should be renewed within the // duration specified by this value. At each renewal, the token's TTL will be set to the // value of this field. Specified in seconds. // // Deprecated: use `token_period` instead if you are running Vault >= 1.2 Period pulumi.IntPtrInput // An array of strings // specifying the policies to be set on tokens issued using this role. // // Deprecated: use `token_policies` instead if you are running Vault >= 1.2 Policies pulumi.StringArrayInput // The RoleID of this role. If not specified, one will be // auto-generated. RoleId pulumi.StringPtrInput // The name of the role. RoleName pulumi.StringPtrInput // If set, // specifies blocks of IP addresses which can perform the login operation. SecretIdBoundCidrs pulumi.StringArrayInput // The number of times any particular SecretID // can be used to fetch a token from this AppRole, after which the SecretID will // expire. A value of zero will allow unlimited uses. SecretIdNumUses pulumi.IntPtrInput // The number of seconds after which any SecretID // expires. SecretIdTtl pulumi.IntPtrInput // List of CIDR blocks; if set, specifies blocks of IP // addresses which can authenticate successfully, and ties the resulting token to these blocks // as well. TokenBoundCidrs pulumi.StringArrayInput // If set, will encode an // [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls) // onto the token in number of seconds. This is a hard cap even if `tokenTtl` and // `tokenMaxTtl` would otherwise allow a renewal. TokenExplicitMaxTtl pulumi.IntPtrInput // The maximum lifetime for generated tokens in number of seconds. // Its current value will be referenced at renewal time. TokenMaxTtl pulumi.IntPtrInput // If set, the default policy will not be set on // generated tokens; otherwise it will be added to the policies set in token_policies. TokenNoDefaultPolicy pulumi.BoolPtrInput // The // [period](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls), // if any, in number of seconds to set on the token. TokenNumUses pulumi.IntPtrInput // If set, indicates that the // token generated using this role should never expire. The token should be renewed within the // duration specified by this value. At each renewal, the token's TTL will be set to the // value of this field. Specified in seconds. TokenPeriod pulumi.IntPtrInput // List of policies to encode onto generated tokens. Depending // on the auth method, this list may be supplemented by user/group/other values. TokenPolicies pulumi.StringArrayInput // The incremental lifetime for generated tokens in number of seconds. // Its current value will be referenced at renewal time. TokenTtl pulumi.IntPtrInput // The type of token that should be generated. Can be `service`, // `batch`, or `default` to use the mount's tuned default (which unless changed will be // `service` tokens). For token store roles, there are two additional possibilities: // `default-service` and `default-batch` which specify the type to return unless the client // requests a different type at generation time. TokenType pulumi.StringPtrInput }
func (AuthBackendRoleState) ElementType ¶
func (AuthBackendRoleState) ElementType() reflect.Type
type GetAuthBackendRoleIdArgs ¶
type GetAuthBackendRoleIdArgs struct { // The unique name for the AppRole backend the role to // retrieve a RoleID for resides in. Defaults to "approle". Backend *string `pulumi:"backend"` // The name of the role to retrieve the Role ID for. RoleName string `pulumi:"roleName"` }
A collection of arguments for invoking getAuthBackendRoleId.
type GetAuthBackendRoleIdResult ¶
type GetAuthBackendRoleIdResult struct { Backend *string `pulumi:"backend"` // The provider-assigned unique ID for this managed resource. Id string `pulumi:"id"` // The RoleID of the role. RoleId string `pulumi:"roleId"` RoleName string `pulumi:"roleName"` }
A collection of values returned by getAuthBackendRoleId.
func GetAuthBackendRoleId ¶
func GetAuthBackendRoleId(ctx *pulumi.Context, args *GetAuthBackendRoleIdArgs, opts ...pulumi.InvokeOption) (*GetAuthBackendRoleIdResult, error)
Reads the Role ID of an AppRole from a Vault server.
## Example Usage
```go package main
import (
"github.com/pulumi/pulumi-vault/sdk/v3/go/vault/appRole" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { opt0 := "my-approle-backend" role, err := appRole.GetAuthBackendRoleId(ctx, &appRole.GetAuthBackendRoleIdArgs{ Backend: &opt0, RoleName: "my-role", }, nil) if err != nil { return err } ctx.Export("role-id", role.RoleId) return nil }) }
```