Documentation ¶
Index ¶
- type AuthBackendLogin
- func (*AuthBackendLogin) ElementType() reflect.Type
- func (i *AuthBackendLogin) ToAuthBackendLoginOutput() AuthBackendLoginOutput
- func (i *AuthBackendLogin) ToAuthBackendLoginOutputWithContext(ctx context.Context) AuthBackendLoginOutput
- func (i *AuthBackendLogin) ToAuthBackendLoginPtrOutput() AuthBackendLoginPtrOutput
- func (i *AuthBackendLogin) ToAuthBackendLoginPtrOutputWithContext(ctx context.Context) AuthBackendLoginPtrOutput
- type AuthBackendLoginArgs
- type AuthBackendLoginArray
- type AuthBackendLoginArrayInput
- type AuthBackendLoginArrayOutput
- func (AuthBackendLoginArrayOutput) ElementType() reflect.Type
- func (o AuthBackendLoginArrayOutput) Index(i pulumi.IntInput) AuthBackendLoginOutput
- func (o AuthBackendLoginArrayOutput) ToAuthBackendLoginArrayOutput() AuthBackendLoginArrayOutput
- func (o AuthBackendLoginArrayOutput) ToAuthBackendLoginArrayOutputWithContext(ctx context.Context) AuthBackendLoginArrayOutput
- type AuthBackendLoginInput
- type AuthBackendLoginMap
- type AuthBackendLoginMapInput
- type AuthBackendLoginMapOutput
- func (AuthBackendLoginMapOutput) ElementType() reflect.Type
- func (o AuthBackendLoginMapOutput) MapIndex(k pulumi.StringInput) AuthBackendLoginOutput
- func (o AuthBackendLoginMapOutput) ToAuthBackendLoginMapOutput() AuthBackendLoginMapOutput
- func (o AuthBackendLoginMapOutput) ToAuthBackendLoginMapOutputWithContext(ctx context.Context) AuthBackendLoginMapOutput
- type AuthBackendLoginOutput
- func (AuthBackendLoginOutput) ElementType() reflect.Type
- func (o AuthBackendLoginOutput) ToAuthBackendLoginOutput() AuthBackendLoginOutput
- func (o AuthBackendLoginOutput) ToAuthBackendLoginOutputWithContext(ctx context.Context) AuthBackendLoginOutput
- func (o AuthBackendLoginOutput) ToAuthBackendLoginPtrOutput() AuthBackendLoginPtrOutput
- func (o AuthBackendLoginOutput) ToAuthBackendLoginPtrOutputWithContext(ctx context.Context) AuthBackendLoginPtrOutput
- type AuthBackendLoginPtrInput
- type AuthBackendLoginPtrOutput
- type AuthBackendLoginState
- type AuthBackendRole
- func (*AuthBackendRole) ElementType() reflect.Type
- func (i *AuthBackendRole) ToAuthBackendRoleOutput() AuthBackendRoleOutput
- func (i *AuthBackendRole) ToAuthBackendRoleOutputWithContext(ctx context.Context) AuthBackendRoleOutput
- func (i *AuthBackendRole) ToAuthBackendRolePtrOutput() AuthBackendRolePtrOutput
- func (i *AuthBackendRole) ToAuthBackendRolePtrOutputWithContext(ctx context.Context) AuthBackendRolePtrOutput
- type AuthBackendRoleArgs
- type AuthBackendRoleArray
- type AuthBackendRoleArrayInput
- type AuthBackendRoleArrayOutput
- func (AuthBackendRoleArrayOutput) ElementType() reflect.Type
- func (o AuthBackendRoleArrayOutput) Index(i pulumi.IntInput) AuthBackendRoleOutput
- func (o AuthBackendRoleArrayOutput) ToAuthBackendRoleArrayOutput() AuthBackendRoleArrayOutput
- func (o AuthBackendRoleArrayOutput) ToAuthBackendRoleArrayOutputWithContext(ctx context.Context) AuthBackendRoleArrayOutput
- type AuthBackendRoleInput
- type AuthBackendRoleMap
- type AuthBackendRoleMapInput
- type AuthBackendRoleMapOutput
- func (AuthBackendRoleMapOutput) ElementType() reflect.Type
- func (o AuthBackendRoleMapOutput) MapIndex(k pulumi.StringInput) AuthBackendRoleOutput
- func (o AuthBackendRoleMapOutput) ToAuthBackendRoleMapOutput() AuthBackendRoleMapOutput
- func (o AuthBackendRoleMapOutput) ToAuthBackendRoleMapOutputWithContext(ctx context.Context) AuthBackendRoleMapOutput
- type AuthBackendRoleOutput
- func (AuthBackendRoleOutput) ElementType() reflect.Type
- func (o AuthBackendRoleOutput) ToAuthBackendRoleOutput() AuthBackendRoleOutput
- func (o AuthBackendRoleOutput) ToAuthBackendRoleOutputWithContext(ctx context.Context) AuthBackendRoleOutput
- func (o AuthBackendRoleOutput) ToAuthBackendRolePtrOutput() AuthBackendRolePtrOutput
- func (o AuthBackendRoleOutput) ToAuthBackendRolePtrOutputWithContext(ctx context.Context) AuthBackendRolePtrOutput
- type AuthBackendRolePtrInput
- type AuthBackendRolePtrOutput
- type AuthBackendRoleSecretID
- func (*AuthBackendRoleSecretID) ElementType() reflect.Type
- func (i *AuthBackendRoleSecretID) ToAuthBackendRoleSecretIDOutput() AuthBackendRoleSecretIDOutput
- func (i *AuthBackendRoleSecretID) ToAuthBackendRoleSecretIDOutputWithContext(ctx context.Context) AuthBackendRoleSecretIDOutput
- func (i *AuthBackendRoleSecretID) ToAuthBackendRoleSecretIDPtrOutput() AuthBackendRoleSecretIDPtrOutput
- func (i *AuthBackendRoleSecretID) ToAuthBackendRoleSecretIDPtrOutputWithContext(ctx context.Context) AuthBackendRoleSecretIDPtrOutput
- type AuthBackendRoleSecretIDArgs
- type AuthBackendRoleSecretIDArray
- func (AuthBackendRoleSecretIDArray) ElementType() reflect.Type
- func (i AuthBackendRoleSecretIDArray) ToAuthBackendRoleSecretIDArrayOutput() AuthBackendRoleSecretIDArrayOutput
- func (i AuthBackendRoleSecretIDArray) ToAuthBackendRoleSecretIDArrayOutputWithContext(ctx context.Context) AuthBackendRoleSecretIDArrayOutput
- type AuthBackendRoleSecretIDArrayInput
- type AuthBackendRoleSecretIDArrayOutput
- func (AuthBackendRoleSecretIDArrayOutput) ElementType() reflect.Type
- func (o AuthBackendRoleSecretIDArrayOutput) Index(i pulumi.IntInput) AuthBackendRoleSecretIDOutput
- func (o AuthBackendRoleSecretIDArrayOutput) ToAuthBackendRoleSecretIDArrayOutput() AuthBackendRoleSecretIDArrayOutput
- func (o AuthBackendRoleSecretIDArrayOutput) ToAuthBackendRoleSecretIDArrayOutputWithContext(ctx context.Context) AuthBackendRoleSecretIDArrayOutput
- type AuthBackendRoleSecretIDInput
- type AuthBackendRoleSecretIDMap
- func (AuthBackendRoleSecretIDMap) ElementType() reflect.Type
- func (i AuthBackendRoleSecretIDMap) ToAuthBackendRoleSecretIDMapOutput() AuthBackendRoleSecretIDMapOutput
- func (i AuthBackendRoleSecretIDMap) ToAuthBackendRoleSecretIDMapOutputWithContext(ctx context.Context) AuthBackendRoleSecretIDMapOutput
- type AuthBackendRoleSecretIDMapInput
- type AuthBackendRoleSecretIDMapOutput
- func (AuthBackendRoleSecretIDMapOutput) ElementType() reflect.Type
- func (o AuthBackendRoleSecretIDMapOutput) MapIndex(k pulumi.StringInput) AuthBackendRoleSecretIDOutput
- func (o AuthBackendRoleSecretIDMapOutput) ToAuthBackendRoleSecretIDMapOutput() AuthBackendRoleSecretIDMapOutput
- func (o AuthBackendRoleSecretIDMapOutput) ToAuthBackendRoleSecretIDMapOutputWithContext(ctx context.Context) AuthBackendRoleSecretIDMapOutput
- type AuthBackendRoleSecretIDOutput
- func (AuthBackendRoleSecretIDOutput) ElementType() reflect.Type
- func (o AuthBackendRoleSecretIDOutput) ToAuthBackendRoleSecretIDOutput() AuthBackendRoleSecretIDOutput
- func (o AuthBackendRoleSecretIDOutput) ToAuthBackendRoleSecretIDOutputWithContext(ctx context.Context) AuthBackendRoleSecretIDOutput
- func (o AuthBackendRoleSecretIDOutput) ToAuthBackendRoleSecretIDPtrOutput() AuthBackendRoleSecretIDPtrOutput
- func (o AuthBackendRoleSecretIDOutput) ToAuthBackendRoleSecretIDPtrOutputWithContext(ctx context.Context) AuthBackendRoleSecretIDPtrOutput
- type AuthBackendRoleSecretIDPtrInput
- type AuthBackendRoleSecretIDPtrOutput
- func (AuthBackendRoleSecretIDPtrOutput) ElementType() reflect.Type
- func (o AuthBackendRoleSecretIDPtrOutput) ToAuthBackendRoleSecretIDPtrOutput() AuthBackendRoleSecretIDPtrOutput
- func (o AuthBackendRoleSecretIDPtrOutput) ToAuthBackendRoleSecretIDPtrOutputWithContext(ctx context.Context) AuthBackendRoleSecretIDPtrOutput
- type AuthBackendRoleSecretIDState
- type AuthBackendRoleState
- type GetAuthBackendRoleIdArgs
- type GetAuthBackendRoleIdResult
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AuthBackendLogin ¶
type AuthBackendLogin struct { pulumi.CustomResourceState // The accessor for the token. Accessor pulumi.StringOutput `pulumi:"accessor"` // The unique path of the Vault backend to log in with. Backend pulumi.StringPtrOutput `pulumi:"backend"` // The Vault token created. ClientToken pulumi.StringOutput `pulumi:"clientToken"` // How long the token is valid for, in seconds. LeaseDuration pulumi.IntOutput `pulumi:"leaseDuration"` // The date and time the lease started, in RFC 3339 format. LeaseStarted pulumi.StringOutput `pulumi:"leaseStarted"` // The metadata associated with the token. Metadata pulumi.StringMapOutput `pulumi:"metadata"` // A list of policies applied to the token. Policies pulumi.StringArrayOutput `pulumi:"policies"` // Whether the token is renewable or not. Renewable pulumi.BoolOutput `pulumi:"renewable"` // The ID of the role to log in with. RoleId pulumi.StringOutput `pulumi:"roleId"` // The secret ID of the role to log in with. Required // unless `bindSecretId` is set to false on the role. SecretId pulumi.StringPtrOutput `pulumi:"secretId"` }
Logs into Vault using the AppRole auth backend. See the [Vault documentation](https://www.vaultproject.io/docs/auth/approle) for more information.
## Example Usage
```go package main
import (
"github.com/pulumi/pulumi-vault/sdk/v3/go/vault" "github.com/pulumi/pulumi-vault/sdk/v3/go/vault/appRole" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { approle, err := vault.NewAuthBackend(ctx, "approle", &vault.AuthBackendArgs{ Type: pulumi.String("approle"), }) if err != nil { return err } example, err := appRole.NewAuthBackendRole(ctx, "example", &appRole.AuthBackendRoleArgs{ Backend: approle.Path, Policies: pulumi.StringArray{ pulumi.String("default"), pulumi.String("dev"), pulumi.String("prod"), }, RoleName: pulumi.String("test-role"), }) if err != nil { return err } id, err := appRole.NewAuthBackendRoleSecretID(ctx, "id", &appRole.AuthBackendRoleSecretIDArgs{ Backend: approle.Path, RoleName: example.RoleName, }) if err != nil { return err } _, err = appRole.NewAuthBackendLogin(ctx, "login", &appRole.AuthBackendLoginArgs{ Backend: approle.Path, RoleId: example.RoleId, SecretId: id.SecretId, }) if err != nil { return err } return nil }) }
```
func GetAuthBackendLogin ¶
func GetAuthBackendLogin(ctx *pulumi.Context, name string, id pulumi.IDInput, state *AuthBackendLoginState, opts ...pulumi.ResourceOption) (*AuthBackendLogin, error)
GetAuthBackendLogin gets an existing AuthBackendLogin resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewAuthBackendLogin ¶
func NewAuthBackendLogin(ctx *pulumi.Context, name string, args *AuthBackendLoginArgs, opts ...pulumi.ResourceOption) (*AuthBackendLogin, error)
NewAuthBackendLogin registers a new resource with the given unique name, arguments, and options.
func (*AuthBackendLogin) ElementType ¶ added in v3.0.2
func (*AuthBackendLogin) ElementType() reflect.Type
func (*AuthBackendLogin) ToAuthBackendLoginOutput ¶ added in v3.0.2
func (i *AuthBackendLogin) ToAuthBackendLoginOutput() AuthBackendLoginOutput
func (*AuthBackendLogin) ToAuthBackendLoginOutputWithContext ¶ added in v3.0.2
func (i *AuthBackendLogin) ToAuthBackendLoginOutputWithContext(ctx context.Context) AuthBackendLoginOutput
func (*AuthBackendLogin) ToAuthBackendLoginPtrOutput ¶ added in v3.4.1
func (i *AuthBackendLogin) ToAuthBackendLoginPtrOutput() AuthBackendLoginPtrOutput
func (*AuthBackendLogin) ToAuthBackendLoginPtrOutputWithContext ¶ added in v3.4.1
func (i *AuthBackendLogin) ToAuthBackendLoginPtrOutputWithContext(ctx context.Context) AuthBackendLoginPtrOutput
type AuthBackendLoginArgs ¶
type AuthBackendLoginArgs struct { // The unique path of the Vault backend to log in with. Backend pulumi.StringPtrInput // The ID of the role to log in with. RoleId pulumi.StringInput // The secret ID of the role to log in with. Required // unless `bindSecretId` is set to false on the role. SecretId pulumi.StringPtrInput }
The set of arguments for constructing a AuthBackendLogin resource.
func (AuthBackendLoginArgs) ElementType ¶
func (AuthBackendLoginArgs) ElementType() reflect.Type
type AuthBackendLoginArray ¶ added in v3.4.1
type AuthBackendLoginArray []AuthBackendLoginInput
func (AuthBackendLoginArray) ElementType ¶ added in v3.4.1
func (AuthBackendLoginArray) ElementType() reflect.Type
func (AuthBackendLoginArray) ToAuthBackendLoginArrayOutput ¶ added in v3.4.1
func (i AuthBackendLoginArray) ToAuthBackendLoginArrayOutput() AuthBackendLoginArrayOutput
func (AuthBackendLoginArray) ToAuthBackendLoginArrayOutputWithContext ¶ added in v3.4.1
func (i AuthBackendLoginArray) ToAuthBackendLoginArrayOutputWithContext(ctx context.Context) AuthBackendLoginArrayOutput
type AuthBackendLoginArrayInput ¶ added in v3.4.1
type AuthBackendLoginArrayInput interface { pulumi.Input ToAuthBackendLoginArrayOutput() AuthBackendLoginArrayOutput ToAuthBackendLoginArrayOutputWithContext(context.Context) AuthBackendLoginArrayOutput }
AuthBackendLoginArrayInput is an input type that accepts AuthBackendLoginArray and AuthBackendLoginArrayOutput values. You can construct a concrete instance of `AuthBackendLoginArrayInput` via:
AuthBackendLoginArray{ AuthBackendLoginArgs{...} }
type AuthBackendLoginArrayOutput ¶ added in v3.4.1
type AuthBackendLoginArrayOutput struct{ *pulumi.OutputState }
func (AuthBackendLoginArrayOutput) ElementType ¶ added in v3.4.1
func (AuthBackendLoginArrayOutput) ElementType() reflect.Type
func (AuthBackendLoginArrayOutput) Index ¶ added in v3.4.1
func (o AuthBackendLoginArrayOutput) Index(i pulumi.IntInput) AuthBackendLoginOutput
func (AuthBackendLoginArrayOutput) ToAuthBackendLoginArrayOutput ¶ added in v3.4.1
func (o AuthBackendLoginArrayOutput) ToAuthBackendLoginArrayOutput() AuthBackendLoginArrayOutput
func (AuthBackendLoginArrayOutput) ToAuthBackendLoginArrayOutputWithContext ¶ added in v3.4.1
func (o AuthBackendLoginArrayOutput) ToAuthBackendLoginArrayOutputWithContext(ctx context.Context) AuthBackendLoginArrayOutput
type AuthBackendLoginInput ¶ added in v3.0.2
type AuthBackendLoginInput interface { pulumi.Input ToAuthBackendLoginOutput() AuthBackendLoginOutput ToAuthBackendLoginOutputWithContext(ctx context.Context) AuthBackendLoginOutput }
type AuthBackendLoginMap ¶ added in v3.4.1
type AuthBackendLoginMap map[string]AuthBackendLoginInput
func (AuthBackendLoginMap) ElementType ¶ added in v3.4.1
func (AuthBackendLoginMap) ElementType() reflect.Type
func (AuthBackendLoginMap) ToAuthBackendLoginMapOutput ¶ added in v3.4.1
func (i AuthBackendLoginMap) ToAuthBackendLoginMapOutput() AuthBackendLoginMapOutput
func (AuthBackendLoginMap) ToAuthBackendLoginMapOutputWithContext ¶ added in v3.4.1
func (i AuthBackendLoginMap) ToAuthBackendLoginMapOutputWithContext(ctx context.Context) AuthBackendLoginMapOutput
type AuthBackendLoginMapInput ¶ added in v3.4.1
type AuthBackendLoginMapInput interface { pulumi.Input ToAuthBackendLoginMapOutput() AuthBackendLoginMapOutput ToAuthBackendLoginMapOutputWithContext(context.Context) AuthBackendLoginMapOutput }
AuthBackendLoginMapInput is an input type that accepts AuthBackendLoginMap and AuthBackendLoginMapOutput values. You can construct a concrete instance of `AuthBackendLoginMapInput` via:
AuthBackendLoginMap{ "key": AuthBackendLoginArgs{...} }
type AuthBackendLoginMapOutput ¶ added in v3.4.1
type AuthBackendLoginMapOutput struct{ *pulumi.OutputState }
func (AuthBackendLoginMapOutput) ElementType ¶ added in v3.4.1
func (AuthBackendLoginMapOutput) ElementType() reflect.Type
func (AuthBackendLoginMapOutput) MapIndex ¶ added in v3.4.1
func (o AuthBackendLoginMapOutput) MapIndex(k pulumi.StringInput) AuthBackendLoginOutput
func (AuthBackendLoginMapOutput) ToAuthBackendLoginMapOutput ¶ added in v3.4.1
func (o AuthBackendLoginMapOutput) ToAuthBackendLoginMapOutput() AuthBackendLoginMapOutput
func (AuthBackendLoginMapOutput) ToAuthBackendLoginMapOutputWithContext ¶ added in v3.4.1
func (o AuthBackendLoginMapOutput) ToAuthBackendLoginMapOutputWithContext(ctx context.Context) AuthBackendLoginMapOutput
type AuthBackendLoginOutput ¶ added in v3.0.2
type AuthBackendLoginOutput struct {
*pulumi.OutputState
}
func (AuthBackendLoginOutput) ElementType ¶ added in v3.0.2
func (AuthBackendLoginOutput) ElementType() reflect.Type
func (AuthBackendLoginOutput) ToAuthBackendLoginOutput ¶ added in v3.0.2
func (o AuthBackendLoginOutput) ToAuthBackendLoginOutput() AuthBackendLoginOutput
func (AuthBackendLoginOutput) ToAuthBackendLoginOutputWithContext ¶ added in v3.0.2
func (o AuthBackendLoginOutput) ToAuthBackendLoginOutputWithContext(ctx context.Context) AuthBackendLoginOutput
func (AuthBackendLoginOutput) ToAuthBackendLoginPtrOutput ¶ added in v3.4.1
func (o AuthBackendLoginOutput) ToAuthBackendLoginPtrOutput() AuthBackendLoginPtrOutput
func (AuthBackendLoginOutput) ToAuthBackendLoginPtrOutputWithContext ¶ added in v3.4.1
func (o AuthBackendLoginOutput) ToAuthBackendLoginPtrOutputWithContext(ctx context.Context) AuthBackendLoginPtrOutput
type AuthBackendLoginPtrInput ¶ added in v3.4.1
type AuthBackendLoginPtrInput interface { pulumi.Input ToAuthBackendLoginPtrOutput() AuthBackendLoginPtrOutput ToAuthBackendLoginPtrOutputWithContext(ctx context.Context) AuthBackendLoginPtrOutput }
type AuthBackendLoginPtrOutput ¶ added in v3.4.1
type AuthBackendLoginPtrOutput struct {
*pulumi.OutputState
}
func (AuthBackendLoginPtrOutput) ElementType ¶ added in v3.4.1
func (AuthBackendLoginPtrOutput) ElementType() reflect.Type
func (AuthBackendLoginPtrOutput) ToAuthBackendLoginPtrOutput ¶ added in v3.4.1
func (o AuthBackendLoginPtrOutput) ToAuthBackendLoginPtrOutput() AuthBackendLoginPtrOutput
func (AuthBackendLoginPtrOutput) ToAuthBackendLoginPtrOutputWithContext ¶ added in v3.4.1
func (o AuthBackendLoginPtrOutput) ToAuthBackendLoginPtrOutputWithContext(ctx context.Context) AuthBackendLoginPtrOutput
type AuthBackendLoginState ¶
type AuthBackendLoginState struct { // The accessor for the token. Accessor pulumi.StringPtrInput // The unique path of the Vault backend to log in with. Backend pulumi.StringPtrInput // The Vault token created. ClientToken pulumi.StringPtrInput // How long the token is valid for, in seconds. LeaseDuration pulumi.IntPtrInput // The date and time the lease started, in RFC 3339 format. LeaseStarted pulumi.StringPtrInput // The metadata associated with the token. Metadata pulumi.StringMapInput // A list of policies applied to the token. Policies pulumi.StringArrayInput // Whether the token is renewable or not. Renewable pulumi.BoolPtrInput // The ID of the role to log in with. RoleId pulumi.StringPtrInput // The secret ID of the role to log in with. Required // unless `bindSecretId` is set to false on the role. SecretId pulumi.StringPtrInput }
func (AuthBackendLoginState) ElementType ¶
func (AuthBackendLoginState) ElementType() reflect.Type
type AuthBackendRole ¶
type AuthBackendRole struct { pulumi.CustomResourceState // The unique name of the auth backend to configure. // Defaults to `approle`. Backend pulumi.StringPtrOutput `pulumi:"backend"` // Whether or not to require `secretId` to be // presented when logging in using this AppRole. Defaults to `true`. BindSecretId pulumi.BoolPtrOutput `pulumi:"bindSecretId"` // If set, // specifies blocks of IP addresses which can perform the login operation. // // Deprecated: use `secret_id_bound_cidrs` instead BoundCidrLists pulumi.StringArrayOutput `pulumi:"boundCidrLists"` // If set, indicates that the // token generated using this role should never expire. The token should be renewed within the // duration specified by this value. At each renewal, the token's TTL will be set to the // value of this field. Specified in seconds. // // Deprecated: use `token_period` instead if you are running Vault >= 1.2 Period pulumi.IntPtrOutput `pulumi:"period"` // An array of strings // specifying the policies to be set on tokens issued using this role. // // Deprecated: use `token_policies` instead if you are running Vault >= 1.2 Policies pulumi.StringArrayOutput `pulumi:"policies"` // The RoleID of this role. If not specified, one will be // auto-generated. RoleId pulumi.StringOutput `pulumi:"roleId"` // The name of the role. RoleName pulumi.StringOutput `pulumi:"roleName"` // If set, // specifies blocks of IP addresses which can perform the login operation. SecretIdBoundCidrs pulumi.StringArrayOutput `pulumi:"secretIdBoundCidrs"` // The number of times any particular SecretID // can be used to fetch a token from this AppRole, after which the SecretID will // expire. A value of zero will allow unlimited uses. SecretIdNumUses pulumi.IntPtrOutput `pulumi:"secretIdNumUses"` // The number of seconds after which any SecretID // expires. SecretIdTtl pulumi.IntPtrOutput `pulumi:"secretIdTtl"` // List of CIDR blocks; if set, specifies blocks of IP // addresses which can authenticate successfully, and ties the resulting token to these blocks // as well. TokenBoundCidrs pulumi.StringArrayOutput `pulumi:"tokenBoundCidrs"` // If set, will encode an // [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls) // onto the token in number of seconds. This is a hard cap even if `tokenTtl` and // `tokenMaxTtl` would otherwise allow a renewal. TokenExplicitMaxTtl pulumi.IntPtrOutput `pulumi:"tokenExplicitMaxTtl"` // The maximum lifetime for generated tokens in number of seconds. // Its current value will be referenced at renewal time. TokenMaxTtl pulumi.IntPtrOutput `pulumi:"tokenMaxTtl"` // If set, the default policy will not be set on // generated tokens; otherwise it will be added to the policies set in token_policies. TokenNoDefaultPolicy pulumi.BoolPtrOutput `pulumi:"tokenNoDefaultPolicy"` // The // [period](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls), // if any, in number of seconds to set on the token. TokenNumUses pulumi.IntPtrOutput `pulumi:"tokenNumUses"` // If set, indicates that the // token generated using this role should never expire. The token should be renewed within the // duration specified by this value. At each renewal, the token's TTL will be set to the // value of this field. Specified in seconds. TokenPeriod pulumi.IntPtrOutput `pulumi:"tokenPeriod"` // List of policies to encode onto generated tokens. Depending // on the auth method, this list may be supplemented by user/group/other values. TokenPolicies pulumi.StringArrayOutput `pulumi:"tokenPolicies"` // The incremental lifetime for generated tokens in number of seconds. // Its current value will be referenced at renewal time. TokenTtl pulumi.IntPtrOutput `pulumi:"tokenTtl"` // The type of token that should be generated. Can be `service`, // `batch`, or `default` to use the mount's tuned default (which unless changed will be // `service` tokens). For token store roles, there are two additional possibilities: // `default-service` and `default-batch` which specify the type to return unless the client // requests a different type at generation time. TokenType pulumi.StringPtrOutput `pulumi:"tokenType"` }
Manages an AppRole auth backend role in a Vault server. See the [Vault documentation](https://www.vaultproject.io/docs/auth/approle) for more information.
## Example Usage
```go package main
import (
"github.com/pulumi/pulumi-vault/sdk/v3/go/vault" "github.com/pulumi/pulumi-vault/sdk/v3/go/vault/appRole" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { approle, err := vault.NewAuthBackend(ctx, "approle", &vault.AuthBackendArgs{ Type: pulumi.String("approle"), }) if err != nil { return err } _, err = appRole.NewAuthBackendRole(ctx, "example", &appRole.AuthBackendRoleArgs{ Backend: approle.Path, RoleName: pulumi.String("test-role"), TokenPolicies: pulumi.StringArray{ pulumi.String("default"), pulumi.String("dev"), pulumi.String("prod"), }, }) if err != nil { return err } return nil }) }
```
## Import
AppRole authentication backend roles can be imported using the `path`, e.g.
```sh
$ pulumi import vault:appRole/authBackendRole:AuthBackendRole example auth/approle/role/test-role
```
func GetAuthBackendRole ¶
func GetAuthBackendRole(ctx *pulumi.Context, name string, id pulumi.IDInput, state *AuthBackendRoleState, opts ...pulumi.ResourceOption) (*AuthBackendRole, error)
GetAuthBackendRole gets an existing AuthBackendRole resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewAuthBackendRole ¶
func NewAuthBackendRole(ctx *pulumi.Context, name string, args *AuthBackendRoleArgs, opts ...pulumi.ResourceOption) (*AuthBackendRole, error)
NewAuthBackendRole registers a new resource with the given unique name, arguments, and options.
func (*AuthBackendRole) ElementType ¶ added in v3.0.2
func (*AuthBackendRole) ElementType() reflect.Type
func (*AuthBackendRole) ToAuthBackendRoleOutput ¶ added in v3.0.2
func (i *AuthBackendRole) ToAuthBackendRoleOutput() AuthBackendRoleOutput
func (*AuthBackendRole) ToAuthBackendRoleOutputWithContext ¶ added in v3.0.2
func (i *AuthBackendRole) ToAuthBackendRoleOutputWithContext(ctx context.Context) AuthBackendRoleOutput
func (*AuthBackendRole) ToAuthBackendRolePtrOutput ¶ added in v3.4.1
func (i *AuthBackendRole) ToAuthBackendRolePtrOutput() AuthBackendRolePtrOutput
func (*AuthBackendRole) ToAuthBackendRolePtrOutputWithContext ¶ added in v3.4.1
func (i *AuthBackendRole) ToAuthBackendRolePtrOutputWithContext(ctx context.Context) AuthBackendRolePtrOutput
type AuthBackendRoleArgs ¶
type AuthBackendRoleArgs struct { // The unique name of the auth backend to configure. // Defaults to `approle`. Backend pulumi.StringPtrInput // Whether or not to require `secretId` to be // presented when logging in using this AppRole. Defaults to `true`. BindSecretId pulumi.BoolPtrInput // If set, // specifies blocks of IP addresses which can perform the login operation. // // Deprecated: use `secret_id_bound_cidrs` instead BoundCidrLists pulumi.StringArrayInput // If set, indicates that the // token generated using this role should never expire. The token should be renewed within the // duration specified by this value. At each renewal, the token's TTL will be set to the // value of this field. Specified in seconds. // // Deprecated: use `token_period` instead if you are running Vault >= 1.2 Period pulumi.IntPtrInput // An array of strings // specifying the policies to be set on tokens issued using this role. // // Deprecated: use `token_policies` instead if you are running Vault >= 1.2 Policies pulumi.StringArrayInput // The RoleID of this role. If not specified, one will be // auto-generated. RoleId pulumi.StringPtrInput // The name of the role. RoleName pulumi.StringInput // If set, // specifies blocks of IP addresses which can perform the login operation. SecretIdBoundCidrs pulumi.StringArrayInput // The number of times any particular SecretID // can be used to fetch a token from this AppRole, after which the SecretID will // expire. A value of zero will allow unlimited uses. SecretIdNumUses pulumi.IntPtrInput // The number of seconds after which any SecretID // expires. SecretIdTtl pulumi.IntPtrInput // List of CIDR blocks; if set, specifies blocks of IP // addresses which can authenticate successfully, and ties the resulting token to these blocks // as well. TokenBoundCidrs pulumi.StringArrayInput // If set, will encode an // [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls) // onto the token in number of seconds. This is a hard cap even if `tokenTtl` and // `tokenMaxTtl` would otherwise allow a renewal. TokenExplicitMaxTtl pulumi.IntPtrInput // The maximum lifetime for generated tokens in number of seconds. // Its current value will be referenced at renewal time. TokenMaxTtl pulumi.IntPtrInput // If set, the default policy will not be set on // generated tokens; otherwise it will be added to the policies set in token_policies. TokenNoDefaultPolicy pulumi.BoolPtrInput // The // [period](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls), // if any, in number of seconds to set on the token. TokenNumUses pulumi.IntPtrInput // If set, indicates that the // token generated using this role should never expire. The token should be renewed within the // duration specified by this value. At each renewal, the token's TTL will be set to the // value of this field. Specified in seconds. TokenPeriod pulumi.IntPtrInput // List of policies to encode onto generated tokens. Depending // on the auth method, this list may be supplemented by user/group/other values. TokenPolicies pulumi.StringArrayInput // The incremental lifetime for generated tokens in number of seconds. // Its current value will be referenced at renewal time. TokenTtl pulumi.IntPtrInput // The type of token that should be generated. Can be `service`, // `batch`, or `default` to use the mount's tuned default (which unless changed will be // `service` tokens). For token store roles, there are two additional possibilities: // `default-service` and `default-batch` which specify the type to return unless the client // requests a different type at generation time. TokenType pulumi.StringPtrInput }
The set of arguments for constructing a AuthBackendRole resource.
func (AuthBackendRoleArgs) ElementType ¶
func (AuthBackendRoleArgs) ElementType() reflect.Type
type AuthBackendRoleArray ¶ added in v3.4.1
type AuthBackendRoleArray []AuthBackendRoleInput
func (AuthBackendRoleArray) ElementType ¶ added in v3.4.1
func (AuthBackendRoleArray) ElementType() reflect.Type
func (AuthBackendRoleArray) ToAuthBackendRoleArrayOutput ¶ added in v3.4.1
func (i AuthBackendRoleArray) ToAuthBackendRoleArrayOutput() AuthBackendRoleArrayOutput
func (AuthBackendRoleArray) ToAuthBackendRoleArrayOutputWithContext ¶ added in v3.4.1
func (i AuthBackendRoleArray) ToAuthBackendRoleArrayOutputWithContext(ctx context.Context) AuthBackendRoleArrayOutput
type AuthBackendRoleArrayInput ¶ added in v3.4.1
type AuthBackendRoleArrayInput interface { pulumi.Input ToAuthBackendRoleArrayOutput() AuthBackendRoleArrayOutput ToAuthBackendRoleArrayOutputWithContext(context.Context) AuthBackendRoleArrayOutput }
AuthBackendRoleArrayInput is an input type that accepts AuthBackendRoleArray and AuthBackendRoleArrayOutput values. You can construct a concrete instance of `AuthBackendRoleArrayInput` via:
AuthBackendRoleArray{ AuthBackendRoleArgs{...} }
type AuthBackendRoleArrayOutput ¶ added in v3.4.1
type AuthBackendRoleArrayOutput struct{ *pulumi.OutputState }
func (AuthBackendRoleArrayOutput) ElementType ¶ added in v3.4.1
func (AuthBackendRoleArrayOutput) ElementType() reflect.Type
func (AuthBackendRoleArrayOutput) Index ¶ added in v3.4.1
func (o AuthBackendRoleArrayOutput) Index(i pulumi.IntInput) AuthBackendRoleOutput
func (AuthBackendRoleArrayOutput) ToAuthBackendRoleArrayOutput ¶ added in v3.4.1
func (o AuthBackendRoleArrayOutput) ToAuthBackendRoleArrayOutput() AuthBackendRoleArrayOutput
func (AuthBackendRoleArrayOutput) ToAuthBackendRoleArrayOutputWithContext ¶ added in v3.4.1
func (o AuthBackendRoleArrayOutput) ToAuthBackendRoleArrayOutputWithContext(ctx context.Context) AuthBackendRoleArrayOutput
type AuthBackendRoleInput ¶ added in v3.0.2
type AuthBackendRoleInput interface { pulumi.Input ToAuthBackendRoleOutput() AuthBackendRoleOutput ToAuthBackendRoleOutputWithContext(ctx context.Context) AuthBackendRoleOutput }
type AuthBackendRoleMap ¶ added in v3.4.1
type AuthBackendRoleMap map[string]AuthBackendRoleInput
func (AuthBackendRoleMap) ElementType ¶ added in v3.4.1
func (AuthBackendRoleMap) ElementType() reflect.Type
func (AuthBackendRoleMap) ToAuthBackendRoleMapOutput ¶ added in v3.4.1
func (i AuthBackendRoleMap) ToAuthBackendRoleMapOutput() AuthBackendRoleMapOutput
func (AuthBackendRoleMap) ToAuthBackendRoleMapOutputWithContext ¶ added in v3.4.1
func (i AuthBackendRoleMap) ToAuthBackendRoleMapOutputWithContext(ctx context.Context) AuthBackendRoleMapOutput
type AuthBackendRoleMapInput ¶ added in v3.4.1
type AuthBackendRoleMapInput interface { pulumi.Input ToAuthBackendRoleMapOutput() AuthBackendRoleMapOutput ToAuthBackendRoleMapOutputWithContext(context.Context) AuthBackendRoleMapOutput }
AuthBackendRoleMapInput is an input type that accepts AuthBackendRoleMap and AuthBackendRoleMapOutput values. You can construct a concrete instance of `AuthBackendRoleMapInput` via:
AuthBackendRoleMap{ "key": AuthBackendRoleArgs{...} }
type AuthBackendRoleMapOutput ¶ added in v3.4.1
type AuthBackendRoleMapOutput struct{ *pulumi.OutputState }
func (AuthBackendRoleMapOutput) ElementType ¶ added in v3.4.1
func (AuthBackendRoleMapOutput) ElementType() reflect.Type
func (AuthBackendRoleMapOutput) MapIndex ¶ added in v3.4.1
func (o AuthBackendRoleMapOutput) MapIndex(k pulumi.StringInput) AuthBackendRoleOutput
func (AuthBackendRoleMapOutput) ToAuthBackendRoleMapOutput ¶ added in v3.4.1
func (o AuthBackendRoleMapOutput) ToAuthBackendRoleMapOutput() AuthBackendRoleMapOutput
func (AuthBackendRoleMapOutput) ToAuthBackendRoleMapOutputWithContext ¶ added in v3.4.1
func (o AuthBackendRoleMapOutput) ToAuthBackendRoleMapOutputWithContext(ctx context.Context) AuthBackendRoleMapOutput
type AuthBackendRoleOutput ¶ added in v3.0.2
type AuthBackendRoleOutput struct {
*pulumi.OutputState
}
func (AuthBackendRoleOutput) ElementType ¶ added in v3.0.2
func (AuthBackendRoleOutput) ElementType() reflect.Type
func (AuthBackendRoleOutput) ToAuthBackendRoleOutput ¶ added in v3.0.2
func (o AuthBackendRoleOutput) ToAuthBackendRoleOutput() AuthBackendRoleOutput
func (AuthBackendRoleOutput) ToAuthBackendRoleOutputWithContext ¶ added in v3.0.2
func (o AuthBackendRoleOutput) ToAuthBackendRoleOutputWithContext(ctx context.Context) AuthBackendRoleOutput
func (AuthBackendRoleOutput) ToAuthBackendRolePtrOutput ¶ added in v3.4.1
func (o AuthBackendRoleOutput) ToAuthBackendRolePtrOutput() AuthBackendRolePtrOutput
func (AuthBackendRoleOutput) ToAuthBackendRolePtrOutputWithContext ¶ added in v3.4.1
func (o AuthBackendRoleOutput) ToAuthBackendRolePtrOutputWithContext(ctx context.Context) AuthBackendRolePtrOutput
type AuthBackendRolePtrInput ¶ added in v3.4.1
type AuthBackendRolePtrInput interface { pulumi.Input ToAuthBackendRolePtrOutput() AuthBackendRolePtrOutput ToAuthBackendRolePtrOutputWithContext(ctx context.Context) AuthBackendRolePtrOutput }
type AuthBackendRolePtrOutput ¶ added in v3.4.1
type AuthBackendRolePtrOutput struct {
*pulumi.OutputState
}
func (AuthBackendRolePtrOutput) ElementType ¶ added in v3.4.1
func (AuthBackendRolePtrOutput) ElementType() reflect.Type
func (AuthBackendRolePtrOutput) ToAuthBackendRolePtrOutput ¶ added in v3.4.1
func (o AuthBackendRolePtrOutput) ToAuthBackendRolePtrOutput() AuthBackendRolePtrOutput
func (AuthBackendRolePtrOutput) ToAuthBackendRolePtrOutputWithContext ¶ added in v3.4.1
func (o AuthBackendRolePtrOutput) ToAuthBackendRolePtrOutputWithContext(ctx context.Context) AuthBackendRolePtrOutput
type AuthBackendRoleSecretID ¶
type AuthBackendRoleSecretID struct { pulumi.CustomResourceState // The unique ID for this SecretID that can be safely logged. Accessor pulumi.StringOutput `pulumi:"accessor"` // Unique name of the auth backend to configure. Backend pulumi.StringPtrOutput `pulumi:"backend"` // If set, specifies blocks of IP addresses which can // perform the login operation using this SecretID. CidrLists pulumi.StringArrayOutput `pulumi:"cidrLists"` // A JSON-encoded string containing metadata in // key-value pairs to be set on tokens issued with this SecretID. Metadata pulumi.StringPtrOutput `pulumi:"metadata"` // The name of the role to create the SecretID for. RoleName pulumi.StringOutput `pulumi:"roleName"` // The SecretID to be created. If set, uses "Push" // mode. Defaults to Vault auto-generating SecretIDs. SecretId pulumi.StringOutput `pulumi:"secretId"` // The unique ID for the response-wrapped SecretID that can // be safely logged. WrappingAccessor pulumi.StringOutput `pulumi:"wrappingAccessor"` // The token used to retrieve a response-wrapped SecretID. WrappingToken pulumi.StringOutput `pulumi:"wrappingToken"` // If set, the SecretID response will be // [response-wrapped](https://www.vaultproject.io/docs/concepts/response-wrapping) // and available for the duration specified. Only a single unwrapping of the // token is allowed. WrappingTtl pulumi.StringPtrOutput `pulumi:"wrappingTtl"` }
Manages an AppRole auth backend SecretID in a Vault server. See the [Vault documentation](https://www.vaultproject.io/docs/auth/approle) for more information.
## Example Usage
```go package main
import (
"fmt" "github.com/pulumi/pulumi-vault/sdk/v3/go/vault" "github.com/pulumi/pulumi-vault/sdk/v3/go/vault/appRole" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { approle, err := vault.NewAuthBackend(ctx, "approle", &vault.AuthBackendArgs{ Type: pulumi.String("approle"), }) if err != nil { return err } example, err := appRole.NewAuthBackendRole(ctx, "example", &appRole.AuthBackendRoleArgs{ Backend: approle.Path, Policies: pulumi.StringArray{ pulumi.String("default"), pulumi.String("dev"), pulumi.String("prod"), }, RoleName: pulumi.String("test-role"), }) if err != nil { return err } _, err = appRole.NewAuthBackendRoleSecretID(ctx, "id", &appRole.AuthBackendRoleSecretIDArgs{ Backend: approle.Path, Metadata: pulumi.String(fmt.Sprintf("%v%v%v%v", "{\n", " \"hello\": \"world\"\n", "}\n", "\n")), RoleName: example.RoleName, }) if err != nil { return err } return nil }) }
```
func GetAuthBackendRoleSecretID ¶
func GetAuthBackendRoleSecretID(ctx *pulumi.Context, name string, id pulumi.IDInput, state *AuthBackendRoleSecretIDState, opts ...pulumi.ResourceOption) (*AuthBackendRoleSecretID, error)
GetAuthBackendRoleSecretID gets an existing AuthBackendRoleSecretID resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewAuthBackendRoleSecretID ¶
func NewAuthBackendRoleSecretID(ctx *pulumi.Context, name string, args *AuthBackendRoleSecretIDArgs, opts ...pulumi.ResourceOption) (*AuthBackendRoleSecretID, error)
NewAuthBackendRoleSecretID registers a new resource with the given unique name, arguments, and options.
func (*AuthBackendRoleSecretID) ElementType ¶ added in v3.0.2
func (*AuthBackendRoleSecretID) ElementType() reflect.Type
func (*AuthBackendRoleSecretID) ToAuthBackendRoleSecretIDOutput ¶ added in v3.0.2
func (i *AuthBackendRoleSecretID) ToAuthBackendRoleSecretIDOutput() AuthBackendRoleSecretIDOutput
func (*AuthBackendRoleSecretID) ToAuthBackendRoleSecretIDOutputWithContext ¶ added in v3.0.2
func (i *AuthBackendRoleSecretID) ToAuthBackendRoleSecretIDOutputWithContext(ctx context.Context) AuthBackendRoleSecretIDOutput
func (*AuthBackendRoleSecretID) ToAuthBackendRoleSecretIDPtrOutput ¶ added in v3.4.1
func (i *AuthBackendRoleSecretID) ToAuthBackendRoleSecretIDPtrOutput() AuthBackendRoleSecretIDPtrOutput
func (*AuthBackendRoleSecretID) ToAuthBackendRoleSecretIDPtrOutputWithContext ¶ added in v3.4.1
func (i *AuthBackendRoleSecretID) ToAuthBackendRoleSecretIDPtrOutputWithContext(ctx context.Context) AuthBackendRoleSecretIDPtrOutput
type AuthBackendRoleSecretIDArgs ¶
type AuthBackendRoleSecretIDArgs struct { // Unique name of the auth backend to configure. Backend pulumi.StringPtrInput // If set, specifies blocks of IP addresses which can // perform the login operation using this SecretID. CidrLists pulumi.StringArrayInput // A JSON-encoded string containing metadata in // key-value pairs to be set on tokens issued with this SecretID. Metadata pulumi.StringPtrInput // The name of the role to create the SecretID for. RoleName pulumi.StringInput // The SecretID to be created. If set, uses "Push" // mode. Defaults to Vault auto-generating SecretIDs. SecretId pulumi.StringPtrInput // If set, the SecretID response will be // [response-wrapped](https://www.vaultproject.io/docs/concepts/response-wrapping) // and available for the duration specified. Only a single unwrapping of the // token is allowed. WrappingTtl pulumi.StringPtrInput }
The set of arguments for constructing a AuthBackendRoleSecretID resource.
func (AuthBackendRoleSecretIDArgs) ElementType ¶
func (AuthBackendRoleSecretIDArgs) ElementType() reflect.Type
type AuthBackendRoleSecretIDArray ¶ added in v3.4.1
type AuthBackendRoleSecretIDArray []AuthBackendRoleSecretIDInput
func (AuthBackendRoleSecretIDArray) ElementType ¶ added in v3.4.1
func (AuthBackendRoleSecretIDArray) ElementType() reflect.Type
func (AuthBackendRoleSecretIDArray) ToAuthBackendRoleSecretIDArrayOutput ¶ added in v3.4.1
func (i AuthBackendRoleSecretIDArray) ToAuthBackendRoleSecretIDArrayOutput() AuthBackendRoleSecretIDArrayOutput
func (AuthBackendRoleSecretIDArray) ToAuthBackendRoleSecretIDArrayOutputWithContext ¶ added in v3.4.1
func (i AuthBackendRoleSecretIDArray) ToAuthBackendRoleSecretIDArrayOutputWithContext(ctx context.Context) AuthBackendRoleSecretIDArrayOutput
type AuthBackendRoleSecretIDArrayInput ¶ added in v3.4.1
type AuthBackendRoleSecretIDArrayInput interface { pulumi.Input ToAuthBackendRoleSecretIDArrayOutput() AuthBackendRoleSecretIDArrayOutput ToAuthBackendRoleSecretIDArrayOutputWithContext(context.Context) AuthBackendRoleSecretIDArrayOutput }
AuthBackendRoleSecretIDArrayInput is an input type that accepts AuthBackendRoleSecretIDArray and AuthBackendRoleSecretIDArrayOutput values. You can construct a concrete instance of `AuthBackendRoleSecretIDArrayInput` via:
AuthBackendRoleSecretIDArray{ AuthBackendRoleSecretIDArgs{...} }
type AuthBackendRoleSecretIDArrayOutput ¶ added in v3.4.1
type AuthBackendRoleSecretIDArrayOutput struct{ *pulumi.OutputState }
func (AuthBackendRoleSecretIDArrayOutput) ElementType ¶ added in v3.4.1
func (AuthBackendRoleSecretIDArrayOutput) ElementType() reflect.Type
func (AuthBackendRoleSecretIDArrayOutput) Index ¶ added in v3.4.1
func (o AuthBackendRoleSecretIDArrayOutput) Index(i pulumi.IntInput) AuthBackendRoleSecretIDOutput
func (AuthBackendRoleSecretIDArrayOutput) ToAuthBackendRoleSecretIDArrayOutput ¶ added in v3.4.1
func (o AuthBackendRoleSecretIDArrayOutput) ToAuthBackendRoleSecretIDArrayOutput() AuthBackendRoleSecretIDArrayOutput
func (AuthBackendRoleSecretIDArrayOutput) ToAuthBackendRoleSecretIDArrayOutputWithContext ¶ added in v3.4.1
func (o AuthBackendRoleSecretIDArrayOutput) ToAuthBackendRoleSecretIDArrayOutputWithContext(ctx context.Context) AuthBackendRoleSecretIDArrayOutput
type AuthBackendRoleSecretIDInput ¶ added in v3.0.2
type AuthBackendRoleSecretIDInput interface { pulumi.Input ToAuthBackendRoleSecretIDOutput() AuthBackendRoleSecretIDOutput ToAuthBackendRoleSecretIDOutputWithContext(ctx context.Context) AuthBackendRoleSecretIDOutput }
type AuthBackendRoleSecretIDMap ¶ added in v3.4.1
type AuthBackendRoleSecretIDMap map[string]AuthBackendRoleSecretIDInput
func (AuthBackendRoleSecretIDMap) ElementType ¶ added in v3.4.1
func (AuthBackendRoleSecretIDMap) ElementType() reflect.Type
func (AuthBackendRoleSecretIDMap) ToAuthBackendRoleSecretIDMapOutput ¶ added in v3.4.1
func (i AuthBackendRoleSecretIDMap) ToAuthBackendRoleSecretIDMapOutput() AuthBackendRoleSecretIDMapOutput
func (AuthBackendRoleSecretIDMap) ToAuthBackendRoleSecretIDMapOutputWithContext ¶ added in v3.4.1
func (i AuthBackendRoleSecretIDMap) ToAuthBackendRoleSecretIDMapOutputWithContext(ctx context.Context) AuthBackendRoleSecretIDMapOutput
type AuthBackendRoleSecretIDMapInput ¶ added in v3.4.1
type AuthBackendRoleSecretIDMapInput interface { pulumi.Input ToAuthBackendRoleSecretIDMapOutput() AuthBackendRoleSecretIDMapOutput ToAuthBackendRoleSecretIDMapOutputWithContext(context.Context) AuthBackendRoleSecretIDMapOutput }
AuthBackendRoleSecretIDMapInput is an input type that accepts AuthBackendRoleSecretIDMap and AuthBackendRoleSecretIDMapOutput values. You can construct a concrete instance of `AuthBackendRoleSecretIDMapInput` via:
AuthBackendRoleSecretIDMap{ "key": AuthBackendRoleSecretIDArgs{...} }
type AuthBackendRoleSecretIDMapOutput ¶ added in v3.4.1
type AuthBackendRoleSecretIDMapOutput struct{ *pulumi.OutputState }
func (AuthBackendRoleSecretIDMapOutput) ElementType ¶ added in v3.4.1
func (AuthBackendRoleSecretIDMapOutput) ElementType() reflect.Type
func (AuthBackendRoleSecretIDMapOutput) MapIndex ¶ added in v3.4.1
func (o AuthBackendRoleSecretIDMapOutput) MapIndex(k pulumi.StringInput) AuthBackendRoleSecretIDOutput
func (AuthBackendRoleSecretIDMapOutput) ToAuthBackendRoleSecretIDMapOutput ¶ added in v3.4.1
func (o AuthBackendRoleSecretIDMapOutput) ToAuthBackendRoleSecretIDMapOutput() AuthBackendRoleSecretIDMapOutput
func (AuthBackendRoleSecretIDMapOutput) ToAuthBackendRoleSecretIDMapOutputWithContext ¶ added in v3.4.1
func (o AuthBackendRoleSecretIDMapOutput) ToAuthBackendRoleSecretIDMapOutputWithContext(ctx context.Context) AuthBackendRoleSecretIDMapOutput
type AuthBackendRoleSecretIDOutput ¶ added in v3.0.2
type AuthBackendRoleSecretIDOutput struct {
*pulumi.OutputState
}
func (AuthBackendRoleSecretIDOutput) ElementType ¶ added in v3.0.2
func (AuthBackendRoleSecretIDOutput) ElementType() reflect.Type
func (AuthBackendRoleSecretIDOutput) ToAuthBackendRoleSecretIDOutput ¶ added in v3.0.2
func (o AuthBackendRoleSecretIDOutput) ToAuthBackendRoleSecretIDOutput() AuthBackendRoleSecretIDOutput
func (AuthBackendRoleSecretIDOutput) ToAuthBackendRoleSecretIDOutputWithContext ¶ added in v3.0.2
func (o AuthBackendRoleSecretIDOutput) ToAuthBackendRoleSecretIDOutputWithContext(ctx context.Context) AuthBackendRoleSecretIDOutput
func (AuthBackendRoleSecretIDOutput) ToAuthBackendRoleSecretIDPtrOutput ¶ added in v3.4.1
func (o AuthBackendRoleSecretIDOutput) ToAuthBackendRoleSecretIDPtrOutput() AuthBackendRoleSecretIDPtrOutput
func (AuthBackendRoleSecretIDOutput) ToAuthBackendRoleSecretIDPtrOutputWithContext ¶ added in v3.4.1
func (o AuthBackendRoleSecretIDOutput) ToAuthBackendRoleSecretIDPtrOutputWithContext(ctx context.Context) AuthBackendRoleSecretIDPtrOutput
type AuthBackendRoleSecretIDPtrInput ¶ added in v3.4.1
type AuthBackendRoleSecretIDPtrInput interface { pulumi.Input ToAuthBackendRoleSecretIDPtrOutput() AuthBackendRoleSecretIDPtrOutput ToAuthBackendRoleSecretIDPtrOutputWithContext(ctx context.Context) AuthBackendRoleSecretIDPtrOutput }
type AuthBackendRoleSecretIDPtrOutput ¶ added in v3.4.1
type AuthBackendRoleSecretIDPtrOutput struct {
*pulumi.OutputState
}
func (AuthBackendRoleSecretIDPtrOutput) ElementType ¶ added in v3.4.1
func (AuthBackendRoleSecretIDPtrOutput) ElementType() reflect.Type
func (AuthBackendRoleSecretIDPtrOutput) ToAuthBackendRoleSecretIDPtrOutput ¶ added in v3.4.1
func (o AuthBackendRoleSecretIDPtrOutput) ToAuthBackendRoleSecretIDPtrOutput() AuthBackendRoleSecretIDPtrOutput
func (AuthBackendRoleSecretIDPtrOutput) ToAuthBackendRoleSecretIDPtrOutputWithContext ¶ added in v3.4.1
func (o AuthBackendRoleSecretIDPtrOutput) ToAuthBackendRoleSecretIDPtrOutputWithContext(ctx context.Context) AuthBackendRoleSecretIDPtrOutput
type AuthBackendRoleSecretIDState ¶
type AuthBackendRoleSecretIDState struct { // The unique ID for this SecretID that can be safely logged. Accessor pulumi.StringPtrInput // Unique name of the auth backend to configure. Backend pulumi.StringPtrInput // If set, specifies blocks of IP addresses which can // perform the login operation using this SecretID. CidrLists pulumi.StringArrayInput // A JSON-encoded string containing metadata in // key-value pairs to be set on tokens issued with this SecretID. Metadata pulumi.StringPtrInput // The name of the role to create the SecretID for. RoleName pulumi.StringPtrInput // The SecretID to be created. If set, uses "Push" // mode. Defaults to Vault auto-generating SecretIDs. SecretId pulumi.StringPtrInput // The unique ID for the response-wrapped SecretID that can // be safely logged. WrappingAccessor pulumi.StringPtrInput // The token used to retrieve a response-wrapped SecretID. WrappingToken pulumi.StringPtrInput // If set, the SecretID response will be // [response-wrapped](https://www.vaultproject.io/docs/concepts/response-wrapping) // and available for the duration specified. Only a single unwrapping of the // token is allowed. WrappingTtl pulumi.StringPtrInput }
func (AuthBackendRoleSecretIDState) ElementType ¶
func (AuthBackendRoleSecretIDState) ElementType() reflect.Type
type AuthBackendRoleState ¶
type AuthBackendRoleState struct { // The unique name of the auth backend to configure. // Defaults to `approle`. Backend pulumi.StringPtrInput // Whether or not to require `secretId` to be // presented when logging in using this AppRole. Defaults to `true`. BindSecretId pulumi.BoolPtrInput // If set, // specifies blocks of IP addresses which can perform the login operation. // // Deprecated: use `secret_id_bound_cidrs` instead BoundCidrLists pulumi.StringArrayInput // If set, indicates that the // token generated using this role should never expire. The token should be renewed within the // duration specified by this value. At each renewal, the token's TTL will be set to the // value of this field. Specified in seconds. // // Deprecated: use `token_period` instead if you are running Vault >= 1.2 Period pulumi.IntPtrInput // An array of strings // specifying the policies to be set on tokens issued using this role. // // Deprecated: use `token_policies` instead if you are running Vault >= 1.2 Policies pulumi.StringArrayInput // The RoleID of this role. If not specified, one will be // auto-generated. RoleId pulumi.StringPtrInput // The name of the role. RoleName pulumi.StringPtrInput // If set, // specifies blocks of IP addresses which can perform the login operation. SecretIdBoundCidrs pulumi.StringArrayInput // The number of times any particular SecretID // can be used to fetch a token from this AppRole, after which the SecretID will // expire. A value of zero will allow unlimited uses. SecretIdNumUses pulumi.IntPtrInput // The number of seconds after which any SecretID // expires. SecretIdTtl pulumi.IntPtrInput // List of CIDR blocks; if set, specifies blocks of IP // addresses which can authenticate successfully, and ties the resulting token to these blocks // as well. TokenBoundCidrs pulumi.StringArrayInput // If set, will encode an // [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls) // onto the token in number of seconds. This is a hard cap even if `tokenTtl` and // `tokenMaxTtl` would otherwise allow a renewal. TokenExplicitMaxTtl pulumi.IntPtrInput // The maximum lifetime for generated tokens in number of seconds. // Its current value will be referenced at renewal time. TokenMaxTtl pulumi.IntPtrInput // If set, the default policy will not be set on // generated tokens; otherwise it will be added to the policies set in token_policies. TokenNoDefaultPolicy pulumi.BoolPtrInput // The // [period](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls), // if any, in number of seconds to set on the token. TokenNumUses pulumi.IntPtrInput // If set, indicates that the // token generated using this role should never expire. The token should be renewed within the // duration specified by this value. At each renewal, the token's TTL will be set to the // value of this field. Specified in seconds. TokenPeriod pulumi.IntPtrInput // List of policies to encode onto generated tokens. Depending // on the auth method, this list may be supplemented by user/group/other values. TokenPolicies pulumi.StringArrayInput // The incremental lifetime for generated tokens in number of seconds. // Its current value will be referenced at renewal time. TokenTtl pulumi.IntPtrInput // The type of token that should be generated. Can be `service`, // `batch`, or `default` to use the mount's tuned default (which unless changed will be // `service` tokens). For token store roles, there are two additional possibilities: // `default-service` and `default-batch` which specify the type to return unless the client // requests a different type at generation time. TokenType pulumi.StringPtrInput }
func (AuthBackendRoleState) ElementType ¶
func (AuthBackendRoleState) ElementType() reflect.Type
type GetAuthBackendRoleIdArgs ¶
type GetAuthBackendRoleIdArgs struct { // The unique name for the AppRole backend the role to // retrieve a RoleID for resides in. Defaults to "approle". Backend *string `pulumi:"backend"` // The name of the role to retrieve the Role ID for. RoleName string `pulumi:"roleName"` }
A collection of arguments for invoking getAuthBackendRoleId.
type GetAuthBackendRoleIdResult ¶
type GetAuthBackendRoleIdResult struct { Backend *string `pulumi:"backend"` // The provider-assigned unique ID for this managed resource. Id string `pulumi:"id"` // The RoleID of the role. RoleId string `pulumi:"roleId"` RoleName string `pulumi:"roleName"` }
A collection of values returned by getAuthBackendRoleId.
func GetAuthBackendRoleId ¶
func GetAuthBackendRoleId(ctx *pulumi.Context, args *GetAuthBackendRoleIdArgs, opts ...pulumi.InvokeOption) (*GetAuthBackendRoleIdResult, error)
Reads the Role ID of an AppRole from a Vault server.
## Example Usage
```go package main
import (
"github.com/pulumi/pulumi-vault/sdk/v3/go/vault/appRole" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { opt0 := "my-approle-backend" role, err := appRole.GetAuthBackendRoleId(ctx, &appRole.GetAuthBackendRoleIdArgs{ Backend: &opt0, RoleName: "my-role", }, nil) if err != nil { return err } ctx.Export("role-id", role.RoleId) return nil }) }
```