The highest tagged major version is
Documentation
¶
Index ¶
- type AuthBackendLogin
- type AuthBackendLoginArgs
- type AuthBackendLoginInput
- type AuthBackendLoginOutput
- type AuthBackendLoginState
- type AuthBackendRole
- type AuthBackendRoleArgs
- type AuthBackendRoleInput
- type AuthBackendRoleOutput
- type AuthBackendRoleSecretID
- type AuthBackendRoleSecretIDArgs
- type AuthBackendRoleSecretIDInput
- type AuthBackendRoleSecretIDOutput
- type AuthBackendRoleSecretIDState
- type AuthBackendRoleState
- type GetAuthBackendRoleIdArgs
- type GetAuthBackendRoleIdResult
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AuthBackendLogin ¶
type AuthBackendLogin struct {
pulumi.CustomResourceState
// The accessor for the token.
Accessor pulumi.StringOutput `pulumi:"accessor"`
// The unique path of the Vault backend to log in with.
Backend pulumi.StringPtrOutput `pulumi:"backend"`
// The Vault token created.
ClientToken pulumi.StringOutput `pulumi:"clientToken"`
// How long the token is valid for, in seconds.
LeaseDuration pulumi.IntOutput `pulumi:"leaseDuration"`
// The date and time the lease started, in RFC 3339 format.
LeaseStarted pulumi.StringOutput `pulumi:"leaseStarted"`
// The metadata associated with the token.
Metadata pulumi.StringMapOutput `pulumi:"metadata"`
// A list of policies applied to the token.
Policies pulumi.StringArrayOutput `pulumi:"policies"`
// Whether the token is renewable or not.
Renewable pulumi.BoolOutput `pulumi:"renewable"`
// The ID of the role to log in with.
RoleId pulumi.StringOutput `pulumi:"roleId"`
// The secret ID of the role to log in with. Required
// unless `bindSecretId` is set to false on the role.
SecretId pulumi.StringPtrOutput `pulumi:"secretId"`
}
Logs into Vault using the AppRole auth backend. See the [Vault documentation](https://www.vaultproject.io/docs/auth/approle) for more information.
## Example Usage
```go package main
import (
"github.com/pulumi/pulumi-vault/sdk/v3/go/vault" "github.com/pulumi/pulumi-vault/sdk/v3/go/vault/appRole" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
approle, err := vault.NewAuthBackend(ctx, "approle", &vault.AuthBackendArgs{
Type: pulumi.String("approle"),
})
if err != nil {
return err
}
example, err := appRole.NewAuthBackendRole(ctx, "example", &appRole.AuthBackendRoleArgs{
Backend: approle.Path,
Policies: pulumi.StringArray{
pulumi.String("default"),
pulumi.String("dev"),
pulumi.String("prod"),
},
RoleName: pulumi.String("test-role"),
})
if err != nil {
return err
}
id, err := appRole.NewAuthBackendRoleSecretID(ctx, "id", &appRole.AuthBackendRoleSecretIDArgs{
Backend: approle.Path,
RoleName: example.RoleName,
})
if err != nil {
return err
}
_, err = appRole.NewAuthBackendLogin(ctx, "login", &appRole.AuthBackendLoginArgs{
Backend: approle.Path,
RoleId: example.RoleId,
SecretId: id.SecretId,
})
if err != nil {
return err
}
return nil
})
}
```
func GetAuthBackendLogin ¶
func GetAuthBackendLogin(ctx *pulumi.Context, name string, id pulumi.IDInput, state *AuthBackendLoginState, opts ...pulumi.ResourceOption) (*AuthBackendLogin, error)
GetAuthBackendLogin gets an existing AuthBackendLogin resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewAuthBackendLogin ¶
func NewAuthBackendLogin(ctx *pulumi.Context, name string, args *AuthBackendLoginArgs, opts ...pulumi.ResourceOption) (*AuthBackendLogin, error)
NewAuthBackendLogin registers a new resource with the given unique name, arguments, and options.
func (AuthBackendLogin) ElementType ¶ added in v3.0.2
func (AuthBackendLogin) ElementType() reflect.Type
func (AuthBackendLogin) ToAuthBackendLoginOutput ¶ added in v3.0.2
func (i AuthBackendLogin) ToAuthBackendLoginOutput() AuthBackendLoginOutput
func (AuthBackendLogin) ToAuthBackendLoginOutputWithContext ¶ added in v3.0.2
func (i AuthBackendLogin) ToAuthBackendLoginOutputWithContext(ctx context.Context) AuthBackendLoginOutput
type AuthBackendLoginArgs ¶
type AuthBackendLoginArgs struct {
// The unique path of the Vault backend to log in with.
Backend pulumi.StringPtrInput
// The ID of the role to log in with.
RoleId pulumi.StringInput
// The secret ID of the role to log in with. Required
// unless `bindSecretId` is set to false on the role.
SecretId pulumi.StringPtrInput
}
The set of arguments for constructing a AuthBackendLogin resource.
func (AuthBackendLoginArgs) ElementType ¶
func (AuthBackendLoginArgs) ElementType() reflect.Type
type AuthBackendLoginInput ¶ added in v3.0.2
type AuthBackendLoginInput interface {
pulumi.Input
ToAuthBackendLoginOutput() AuthBackendLoginOutput
ToAuthBackendLoginOutputWithContext(ctx context.Context) AuthBackendLoginOutput
}
type AuthBackendLoginOutput ¶ added in v3.0.2
type AuthBackendLoginOutput struct {
*pulumi.OutputState
}
func (AuthBackendLoginOutput) ElementType ¶ added in v3.0.2
func (AuthBackendLoginOutput) ElementType() reflect.Type
func (AuthBackendLoginOutput) ToAuthBackendLoginOutput ¶ added in v3.0.2
func (o AuthBackendLoginOutput) ToAuthBackendLoginOutput() AuthBackendLoginOutput
func (AuthBackendLoginOutput) ToAuthBackendLoginOutputWithContext ¶ added in v3.0.2
func (o AuthBackendLoginOutput) ToAuthBackendLoginOutputWithContext(ctx context.Context) AuthBackendLoginOutput
type AuthBackendLoginState ¶
type AuthBackendLoginState struct {
// The accessor for the token.
Accessor pulumi.StringPtrInput
// The unique path of the Vault backend to log in with.
Backend pulumi.StringPtrInput
// The Vault token created.
ClientToken pulumi.StringPtrInput
// How long the token is valid for, in seconds.
LeaseDuration pulumi.IntPtrInput
// The date and time the lease started, in RFC 3339 format.
LeaseStarted pulumi.StringPtrInput
// The metadata associated with the token.
Metadata pulumi.StringMapInput
// A list of policies applied to the token.
Policies pulumi.StringArrayInput
// Whether the token is renewable or not.
Renewable pulumi.BoolPtrInput
// The ID of the role to log in with.
RoleId pulumi.StringPtrInput
// The secret ID of the role to log in with. Required
// unless `bindSecretId` is set to false on the role.
SecretId pulumi.StringPtrInput
}
func (AuthBackendLoginState) ElementType ¶
func (AuthBackendLoginState) ElementType() reflect.Type
type AuthBackendRole ¶
type AuthBackendRole struct {
pulumi.CustomResourceState
// The unique name of the auth backend to configure.
// Defaults to `approle`.
Backend pulumi.StringPtrOutput `pulumi:"backend"`
// Whether or not to require `secretId` to be
// presented when logging in using this AppRole. Defaults to `true`.
BindSecretId pulumi.BoolPtrOutput `pulumi:"bindSecretId"`
// If set,
// specifies blocks of IP addresses which can perform the login operation.
//
// Deprecated: use `secret_id_bound_cidrs` instead
BoundCidrLists pulumi.StringArrayOutput `pulumi:"boundCidrLists"`
// If set, indicates that the
// token generated using this role should never expire. The token should be renewed within the
// duration specified by this value. At each renewal, the token's TTL will be set to the
// value of this field. Specified in seconds.
//
// Deprecated: use `token_period` instead if you are running Vault >= 1.2
Period pulumi.IntPtrOutput `pulumi:"period"`
// An array of strings
// specifying the policies to be set on tokens issued using this role.
//
// Deprecated: use `token_policies` instead if you are running Vault >= 1.2
Policies pulumi.StringArrayOutput `pulumi:"policies"`
// The RoleID of this role. If not specified, one will be
// auto-generated.
RoleId pulumi.StringOutput `pulumi:"roleId"`
// The name of the role.
RoleName pulumi.StringOutput `pulumi:"roleName"`
// If set,
// specifies blocks of IP addresses which can perform the login operation.
SecretIdBoundCidrs pulumi.StringArrayOutput `pulumi:"secretIdBoundCidrs"`
// The number of times any particular SecretID
// can be used to fetch a token from this AppRole, after which the SecretID will
// expire. A value of zero will allow unlimited uses.
SecretIdNumUses pulumi.IntPtrOutput `pulumi:"secretIdNumUses"`
// The number of seconds after which any SecretID
// expires.
SecretIdTtl pulumi.IntPtrOutput `pulumi:"secretIdTtl"`
// List of CIDR blocks; if set, specifies blocks of IP
// addresses which can authenticate successfully, and ties the resulting token to these blocks
// as well.
TokenBoundCidrs pulumi.StringArrayOutput `pulumi:"tokenBoundCidrs"`
// If set, will encode an
// [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
// onto the token in number of seconds. This is a hard cap even if `tokenTtl` and
// `tokenMaxTtl` would otherwise allow a renewal.
TokenExplicitMaxTtl pulumi.IntPtrOutput `pulumi:"tokenExplicitMaxTtl"`
// The maximum lifetime for generated tokens in number of seconds.
// Its current value will be referenced at renewal time.
TokenMaxTtl pulumi.IntPtrOutput `pulumi:"tokenMaxTtl"`
// If set, the default policy will not be set on
// generated tokens; otherwise it will be added to the policies set in token_policies.
TokenNoDefaultPolicy pulumi.BoolPtrOutput `pulumi:"tokenNoDefaultPolicy"`
// The
// [period](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls),
// if any, in number of seconds to set on the token.
TokenNumUses pulumi.IntPtrOutput `pulumi:"tokenNumUses"`
// If set, indicates that the
// token generated using this role should never expire. The token should be renewed within the
// duration specified by this value. At each renewal, the token's TTL will be set to the
// value of this field. Specified in seconds.
TokenPeriod pulumi.IntPtrOutput `pulumi:"tokenPeriod"`
// List of policies to encode onto generated tokens. Depending
// on the auth method, this list may be supplemented by user/group/other values.
TokenPolicies pulumi.StringArrayOutput `pulumi:"tokenPolicies"`
// The incremental lifetime for generated tokens in number of seconds.
// Its current value will be referenced at renewal time.
TokenTtl pulumi.IntPtrOutput `pulumi:"tokenTtl"`
// The type of token that should be generated. Can be `service`,
// `batch`, or `default` to use the mount's tuned default (which unless changed will be
// `service` tokens). For token store roles, there are two additional possibilities:
// `default-service` and `default-batch` which specify the type to return unless the client
// requests a different type at generation time.
TokenType pulumi.StringPtrOutput `pulumi:"tokenType"`
}
Manages an AppRole auth backend role in a Vault server. See the [Vault documentation](https://www.vaultproject.io/docs/auth/approle) for more information.
## Example Usage
```go package main
import (
"github.com/pulumi/pulumi-vault/sdk/v3/go/vault" "github.com/pulumi/pulumi-vault/sdk/v3/go/vault/appRole" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
approle, err := vault.NewAuthBackend(ctx, "approle", &vault.AuthBackendArgs{
Type: pulumi.String("approle"),
})
if err != nil {
return err
}
_, err = appRole.NewAuthBackendRole(ctx, "example", &appRole.AuthBackendRoleArgs{
Backend: approle.Path,
RoleName: pulumi.String("test-role"),
TokenPolicies: pulumi.StringArray{
pulumi.String("default"),
pulumi.String("dev"),
pulumi.String("prod"),
},
})
if err != nil {
return err
}
return nil
})
}
```
## Import
AppRole authentication backend roles can be imported using the `path`, e.g.
```sh
$ pulumi import vault:appRole/authBackendRole:AuthBackendRole example auth/approle/role/test-role
```
func GetAuthBackendRole ¶
func GetAuthBackendRole(ctx *pulumi.Context, name string, id pulumi.IDInput, state *AuthBackendRoleState, opts ...pulumi.ResourceOption) (*AuthBackendRole, error)
GetAuthBackendRole gets an existing AuthBackendRole resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewAuthBackendRole ¶
func NewAuthBackendRole(ctx *pulumi.Context, name string, args *AuthBackendRoleArgs, opts ...pulumi.ResourceOption) (*AuthBackendRole, error)
NewAuthBackendRole registers a new resource with the given unique name, arguments, and options.
func (AuthBackendRole) ElementType ¶ added in v3.0.2
func (AuthBackendRole) ElementType() reflect.Type
func (AuthBackendRole) ToAuthBackendRoleOutput ¶ added in v3.0.2
func (i AuthBackendRole) ToAuthBackendRoleOutput() AuthBackendRoleOutput
func (AuthBackendRole) ToAuthBackendRoleOutputWithContext ¶ added in v3.0.2
func (i AuthBackendRole) ToAuthBackendRoleOutputWithContext(ctx context.Context) AuthBackendRoleOutput
type AuthBackendRoleArgs ¶
type AuthBackendRoleArgs struct {
// The unique name of the auth backend to configure.
// Defaults to `approle`.
Backend pulumi.StringPtrInput
// Whether or not to require `secretId` to be
// presented when logging in using this AppRole. Defaults to `true`.
BindSecretId pulumi.BoolPtrInput
// If set,
// specifies blocks of IP addresses which can perform the login operation.
//
// Deprecated: use `secret_id_bound_cidrs` instead
BoundCidrLists pulumi.StringArrayInput
// If set, indicates that the
// token generated using this role should never expire. The token should be renewed within the
// duration specified by this value. At each renewal, the token's TTL will be set to the
// value of this field. Specified in seconds.
//
// Deprecated: use `token_period` instead if you are running Vault >= 1.2
Period pulumi.IntPtrInput
// An array of strings
// specifying the policies to be set on tokens issued using this role.
//
// Deprecated: use `token_policies` instead if you are running Vault >= 1.2
Policies pulumi.StringArrayInput
// The RoleID of this role. If not specified, one will be
// auto-generated.
RoleId pulumi.StringPtrInput
// The name of the role.
RoleName pulumi.StringInput
// If set,
// specifies blocks of IP addresses which can perform the login operation.
SecretIdBoundCidrs pulumi.StringArrayInput
// The number of times any particular SecretID
// can be used to fetch a token from this AppRole, after which the SecretID will
// expire. A value of zero will allow unlimited uses.
SecretIdNumUses pulumi.IntPtrInput
// The number of seconds after which any SecretID
// expires.
SecretIdTtl pulumi.IntPtrInput
// List of CIDR blocks; if set, specifies blocks of IP
// addresses which can authenticate successfully, and ties the resulting token to these blocks
// as well.
TokenBoundCidrs pulumi.StringArrayInput
// If set, will encode an
// [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
// onto the token in number of seconds. This is a hard cap even if `tokenTtl` and
// `tokenMaxTtl` would otherwise allow a renewal.
TokenExplicitMaxTtl pulumi.IntPtrInput
// The maximum lifetime for generated tokens in number of seconds.
// Its current value will be referenced at renewal time.
TokenMaxTtl pulumi.IntPtrInput
// If set, the default policy will not be set on
// generated tokens; otherwise it will be added to the policies set in token_policies.
TokenNoDefaultPolicy pulumi.BoolPtrInput
// The
// [period](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls),
// if any, in number of seconds to set on the token.
TokenNumUses pulumi.IntPtrInput
// If set, indicates that the
// token generated using this role should never expire. The token should be renewed within the
// duration specified by this value. At each renewal, the token's TTL will be set to the
// value of this field. Specified in seconds.
TokenPeriod pulumi.IntPtrInput
// List of policies to encode onto generated tokens. Depending
// on the auth method, this list may be supplemented by user/group/other values.
TokenPolicies pulumi.StringArrayInput
// The incremental lifetime for generated tokens in number of seconds.
// Its current value will be referenced at renewal time.
TokenTtl pulumi.IntPtrInput
// The type of token that should be generated. Can be `service`,
// `batch`, or `default` to use the mount's tuned default (which unless changed will be
// `service` tokens). For token store roles, there are two additional possibilities:
// `default-service` and `default-batch` which specify the type to return unless the client
// requests a different type at generation time.
TokenType pulumi.StringPtrInput
}
The set of arguments for constructing a AuthBackendRole resource.
func (AuthBackendRoleArgs) ElementType ¶
func (AuthBackendRoleArgs) ElementType() reflect.Type
type AuthBackendRoleInput ¶ added in v3.0.2
type AuthBackendRoleInput interface {
pulumi.Input
ToAuthBackendRoleOutput() AuthBackendRoleOutput
ToAuthBackendRoleOutputWithContext(ctx context.Context) AuthBackendRoleOutput
}
type AuthBackendRoleOutput ¶ added in v3.0.2
type AuthBackendRoleOutput struct {
*pulumi.OutputState
}
func (AuthBackendRoleOutput) ElementType ¶ added in v3.0.2
func (AuthBackendRoleOutput) ElementType() reflect.Type
func (AuthBackendRoleOutput) ToAuthBackendRoleOutput ¶ added in v3.0.2
func (o AuthBackendRoleOutput) ToAuthBackendRoleOutput() AuthBackendRoleOutput
func (AuthBackendRoleOutput) ToAuthBackendRoleOutputWithContext ¶ added in v3.0.2
func (o AuthBackendRoleOutput) ToAuthBackendRoleOutputWithContext(ctx context.Context) AuthBackendRoleOutput
type AuthBackendRoleSecretID ¶
type AuthBackendRoleSecretID struct {
pulumi.CustomResourceState
// The unique ID for this SecretID that can be safely logged.
Accessor pulumi.StringOutput `pulumi:"accessor"`
// Unique name of the auth backend to configure.
Backend pulumi.StringPtrOutput `pulumi:"backend"`
// If set, specifies blocks of IP addresses which can
// perform the login operation using this SecretID.
CidrLists pulumi.StringArrayOutput `pulumi:"cidrLists"`
// A JSON-encoded string containing metadata in
// key-value pairs to be set on tokens issued with this SecretID.
Metadata pulumi.StringPtrOutput `pulumi:"metadata"`
// The name of the role to create the SecretID for.
RoleName pulumi.StringOutput `pulumi:"roleName"`
// The SecretID to be created. If set, uses "Push"
// mode. Defaults to Vault auto-generating SecretIDs.
SecretId pulumi.StringOutput `pulumi:"secretId"`
// The unique ID for the response-wrapped SecretID that can
// be safely logged.
WrappingAccessor pulumi.StringOutput `pulumi:"wrappingAccessor"`
// The token used to retrieve a response-wrapped SecretID.
WrappingToken pulumi.StringOutput `pulumi:"wrappingToken"`
// If set, the SecretID response will be
// [response-wrapped](https://www.vaultproject.io/docs/concepts/response-wrapping)
// and available for the duration specified. Only a single unwrapping of the
// token is allowed.
WrappingTtl pulumi.StringPtrOutput `pulumi:"wrappingTtl"`
}
Manages an AppRole auth backend SecretID in a Vault server. See the [Vault documentation](https://www.vaultproject.io/docs/auth/approle) for more information.
## Example Usage
```go package main
import (
"fmt" "github.com/pulumi/pulumi-vault/sdk/v3/go/vault" "github.com/pulumi/pulumi-vault/sdk/v3/go/vault/appRole" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
approle, err := vault.NewAuthBackend(ctx, "approle", &vault.AuthBackendArgs{
Type: pulumi.String("approle"),
})
if err != nil {
return err
}
example, err := appRole.NewAuthBackendRole(ctx, "example", &appRole.AuthBackendRoleArgs{
Backend: approle.Path,
Policies: pulumi.StringArray{
pulumi.String("default"),
pulumi.String("dev"),
pulumi.String("prod"),
},
RoleName: pulumi.String("test-role"),
})
if err != nil {
return err
}
_, err = appRole.NewAuthBackendRoleSecretID(ctx, "id", &appRole.AuthBackendRoleSecretIDArgs{
Backend: approle.Path,
Metadata: pulumi.String(fmt.Sprintf("%v%v%v%v", "{\n", " \"hello\": \"world\"\n", "}\n", "\n")),
RoleName: example.RoleName,
})
if err != nil {
return err
}
return nil
})
}
```
func GetAuthBackendRoleSecretID ¶
func GetAuthBackendRoleSecretID(ctx *pulumi.Context, name string, id pulumi.IDInput, state *AuthBackendRoleSecretIDState, opts ...pulumi.ResourceOption) (*AuthBackendRoleSecretID, error)
GetAuthBackendRoleSecretID gets an existing AuthBackendRoleSecretID resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewAuthBackendRoleSecretID ¶
func NewAuthBackendRoleSecretID(ctx *pulumi.Context, name string, args *AuthBackendRoleSecretIDArgs, opts ...pulumi.ResourceOption) (*AuthBackendRoleSecretID, error)
NewAuthBackendRoleSecretID registers a new resource with the given unique name, arguments, and options.
func (AuthBackendRoleSecretID) ElementType ¶ added in v3.0.2
func (AuthBackendRoleSecretID) ElementType() reflect.Type
func (AuthBackendRoleSecretID) ToAuthBackendRoleSecretIDOutput ¶ added in v3.0.2
func (i AuthBackendRoleSecretID) ToAuthBackendRoleSecretIDOutput() AuthBackendRoleSecretIDOutput
func (AuthBackendRoleSecretID) ToAuthBackendRoleSecretIDOutputWithContext ¶ added in v3.0.2
func (i AuthBackendRoleSecretID) ToAuthBackendRoleSecretIDOutputWithContext(ctx context.Context) AuthBackendRoleSecretIDOutput
type AuthBackendRoleSecretIDArgs ¶
type AuthBackendRoleSecretIDArgs struct {
// Unique name of the auth backend to configure.
Backend pulumi.StringPtrInput
// If set, specifies blocks of IP addresses which can
// perform the login operation using this SecretID.
CidrLists pulumi.StringArrayInput
// A JSON-encoded string containing metadata in
// key-value pairs to be set on tokens issued with this SecretID.
Metadata pulumi.StringPtrInput
// The name of the role to create the SecretID for.
RoleName pulumi.StringInput
// The SecretID to be created. If set, uses "Push"
// mode. Defaults to Vault auto-generating SecretIDs.
SecretId pulumi.StringPtrInput
// If set, the SecretID response will be
// [response-wrapped](https://www.vaultproject.io/docs/concepts/response-wrapping)
// and available for the duration specified. Only a single unwrapping of the
// token is allowed.
WrappingTtl pulumi.StringPtrInput
}
The set of arguments for constructing a AuthBackendRoleSecretID resource.
func (AuthBackendRoleSecretIDArgs) ElementType ¶
func (AuthBackendRoleSecretIDArgs) ElementType() reflect.Type
type AuthBackendRoleSecretIDInput ¶ added in v3.0.2
type AuthBackendRoleSecretIDInput interface {
pulumi.Input
ToAuthBackendRoleSecretIDOutput() AuthBackendRoleSecretIDOutput
ToAuthBackendRoleSecretIDOutputWithContext(ctx context.Context) AuthBackendRoleSecretIDOutput
}
type AuthBackendRoleSecretIDOutput ¶ added in v3.0.2
type AuthBackendRoleSecretIDOutput struct {
*pulumi.OutputState
}
func (AuthBackendRoleSecretIDOutput) ElementType ¶ added in v3.0.2
func (AuthBackendRoleSecretIDOutput) ElementType() reflect.Type
func (AuthBackendRoleSecretIDOutput) ToAuthBackendRoleSecretIDOutput ¶ added in v3.0.2
func (o AuthBackendRoleSecretIDOutput) ToAuthBackendRoleSecretIDOutput() AuthBackendRoleSecretIDOutput
func (AuthBackendRoleSecretIDOutput) ToAuthBackendRoleSecretIDOutputWithContext ¶ added in v3.0.2
func (o AuthBackendRoleSecretIDOutput) ToAuthBackendRoleSecretIDOutputWithContext(ctx context.Context) AuthBackendRoleSecretIDOutput
type AuthBackendRoleSecretIDState ¶
type AuthBackendRoleSecretIDState struct {
// The unique ID for this SecretID that can be safely logged.
Accessor pulumi.StringPtrInput
// Unique name of the auth backend to configure.
Backend pulumi.StringPtrInput
// If set, specifies blocks of IP addresses which can
// perform the login operation using this SecretID.
CidrLists pulumi.StringArrayInput
// A JSON-encoded string containing metadata in
// key-value pairs to be set on tokens issued with this SecretID.
Metadata pulumi.StringPtrInput
// The name of the role to create the SecretID for.
RoleName pulumi.StringPtrInput
// The SecretID to be created. If set, uses "Push"
// mode. Defaults to Vault auto-generating SecretIDs.
SecretId pulumi.StringPtrInput
// The unique ID for the response-wrapped SecretID that can
// be safely logged.
WrappingAccessor pulumi.StringPtrInput
// The token used to retrieve a response-wrapped SecretID.
WrappingToken pulumi.StringPtrInput
// If set, the SecretID response will be
// [response-wrapped](https://www.vaultproject.io/docs/concepts/response-wrapping)
// and available for the duration specified. Only a single unwrapping of the
// token is allowed.
WrappingTtl pulumi.StringPtrInput
}
func (AuthBackendRoleSecretIDState) ElementType ¶
func (AuthBackendRoleSecretIDState) ElementType() reflect.Type
type AuthBackendRoleState ¶
type AuthBackendRoleState struct {
// The unique name of the auth backend to configure.
// Defaults to `approle`.
Backend pulumi.StringPtrInput
// Whether or not to require `secretId` to be
// presented when logging in using this AppRole. Defaults to `true`.
BindSecretId pulumi.BoolPtrInput
// If set,
// specifies blocks of IP addresses which can perform the login operation.
//
// Deprecated: use `secret_id_bound_cidrs` instead
BoundCidrLists pulumi.StringArrayInput
// If set, indicates that the
// token generated using this role should never expire. The token should be renewed within the
// duration specified by this value. At each renewal, the token's TTL will be set to the
// value of this field. Specified in seconds.
//
// Deprecated: use `token_period` instead if you are running Vault >= 1.2
Period pulumi.IntPtrInput
// An array of strings
// specifying the policies to be set on tokens issued using this role.
//
// Deprecated: use `token_policies` instead if you are running Vault >= 1.2
Policies pulumi.StringArrayInput
// The RoleID of this role. If not specified, one will be
// auto-generated.
RoleId pulumi.StringPtrInput
// The name of the role.
RoleName pulumi.StringPtrInput
// If set,
// specifies blocks of IP addresses which can perform the login operation.
SecretIdBoundCidrs pulumi.StringArrayInput
// The number of times any particular SecretID
// can be used to fetch a token from this AppRole, after which the SecretID will
// expire. A value of zero will allow unlimited uses.
SecretIdNumUses pulumi.IntPtrInput
// The number of seconds after which any SecretID
// expires.
SecretIdTtl pulumi.IntPtrInput
// List of CIDR blocks; if set, specifies blocks of IP
// addresses which can authenticate successfully, and ties the resulting token to these blocks
// as well.
TokenBoundCidrs pulumi.StringArrayInput
// If set, will encode an
// [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
// onto the token in number of seconds. This is a hard cap even if `tokenTtl` and
// `tokenMaxTtl` would otherwise allow a renewal.
TokenExplicitMaxTtl pulumi.IntPtrInput
// The maximum lifetime for generated tokens in number of seconds.
// Its current value will be referenced at renewal time.
TokenMaxTtl pulumi.IntPtrInput
// If set, the default policy will not be set on
// generated tokens; otherwise it will be added to the policies set in token_policies.
TokenNoDefaultPolicy pulumi.BoolPtrInput
// The
// [period](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls),
// if any, in number of seconds to set on the token.
TokenNumUses pulumi.IntPtrInput
// If set, indicates that the
// token generated using this role should never expire. The token should be renewed within the
// duration specified by this value. At each renewal, the token's TTL will be set to the
// value of this field. Specified in seconds.
TokenPeriod pulumi.IntPtrInput
// List of policies to encode onto generated tokens. Depending
// on the auth method, this list may be supplemented by user/group/other values.
TokenPolicies pulumi.StringArrayInput
// The incremental lifetime for generated tokens in number of seconds.
// Its current value will be referenced at renewal time.
TokenTtl pulumi.IntPtrInput
// The type of token that should be generated. Can be `service`,
// `batch`, or `default` to use the mount's tuned default (which unless changed will be
// `service` tokens). For token store roles, there are two additional possibilities:
// `default-service` and `default-batch` which specify the type to return unless the client
// requests a different type at generation time.
TokenType pulumi.StringPtrInput
}
func (AuthBackendRoleState) ElementType ¶
func (AuthBackendRoleState) ElementType() reflect.Type
type GetAuthBackendRoleIdArgs ¶
type GetAuthBackendRoleIdArgs struct {
// The unique name for the AppRole backend the role to
// retrieve a RoleID for resides in. Defaults to "approle".
Backend *string `pulumi:"backend"`
// The name of the role to retrieve the Role ID for.
RoleName string `pulumi:"roleName"`
}
A collection of arguments for invoking getAuthBackendRoleId.
type GetAuthBackendRoleIdResult ¶
type GetAuthBackendRoleIdResult struct {
Backend *string `pulumi:"backend"`
// The provider-assigned unique ID for this managed resource.
Id string `pulumi:"id"`
// The RoleID of the role.
RoleId string `pulumi:"roleId"`
RoleName string `pulumi:"roleName"`
}
A collection of values returned by getAuthBackendRoleId.
func GetAuthBackendRoleId ¶
func GetAuthBackendRoleId(ctx *pulumi.Context, args *GetAuthBackendRoleIdArgs, opts ...pulumi.InvokeOption) (*GetAuthBackendRoleIdResult, error)
Reads the Role ID of an AppRole from a Vault server.
## Example Usage
```go package main
import (
"github.com/pulumi/pulumi-vault/sdk/v3/go/vault/appRole" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
opt0 := "my-approle-backend"
role, err := appRole.GetAuthBackendRoleId(ctx, &appRole.GetAuthBackendRoleIdArgs{
Backend: &opt0,
RoleName: "my-role",
}, nil)
if err != nil {
return err
}
ctx.Export("role-id", role.RoleId)
return nil
})
}
```
Source Files
Click to show internal directories.
Click to hide internal directories.