gcp

package
v4.6.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 11, 2021 License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AuthBackend 

type AuthBackend struct {
	pulumi.CustomResourceState

	// The clients email associated with the credentials
	ClientEmail pulumi.StringOutput `pulumi:"clientEmail"`
	// The Client ID of the credentials
	ClientId pulumi.StringOutput `pulumi:"clientId"`
	// A JSON string containing the contents of a GCP credentials file. If this value is empty, Vault will try to use Application Default Credentials from the machine on which the Vault server is running.
	Credentials pulumi.StringPtrOutput `pulumi:"credentials"`
	// A description of the auth method.
	Description pulumi.StringPtrOutput `pulumi:"description"`
	// Specifies if the auth method is local only.
	Local pulumi.BoolPtrOutput `pulumi:"local"`
	// The path to mount the auth method — this defaults to 'gcp'.
	Path pulumi.StringPtrOutput `pulumi:"path"`
	// The ID of the private key from the credentials
	PrivateKeyId pulumi.StringOutput `pulumi:"privateKeyId"`
	// The GCP Project ID
	ProjectId pulumi.StringOutput `pulumi:"projectId"`
}

Provides a resource to configure the [GCP auth backend within Vault](https://www.vaultproject.io/docs/auth/gcp.html).

## Example Usage

```go package main

import ( 

"io/ioutil"

"github.com/pulumi/pulumi-vault/sdk/v4/go/vault/gcp"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func readFileOrPanic(path string) pulumi.StringPtrInput {
	data, err := ioutil.ReadFile(path)
	if err != nil {
		panic(err.Error())
	}
	return pulumi.String(string(data))
}

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := gcp.NewAuthBackend(ctx, "gcp", &gcp.AuthBackendArgs{
			Credentials: readFileOrPanic("vault-gcp-credentials.json"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

GCP authentication backends can be imported using the backend name, e.g.

```sh 

$ pulumi import vault:gcp/authBackend:AuthBackend gcp gcp

```

func GetAuthBackend 

func GetAuthBackend(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AuthBackendState, opts ...pulumi.ResourceOption) (*AuthBackend, error)

GetAuthBackend gets an existing AuthBackend resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAuthBackend 

func NewAuthBackend(ctx *pulumi.Context,
	name string, args *AuthBackendArgs, opts ...pulumi.ResourceOption) (*AuthBackend, error)

NewAuthBackend registers a new resource with the given unique name, arguments, and options.

func (*AuthBackend) ElementType 

func (*AuthBackend) ElementType() reflect.Type

func (*AuthBackend) ToAuthBackendOutput 

func (i *AuthBackend) ToAuthBackendOutput() AuthBackendOutput

func (*AuthBackend) ToAuthBackendOutputWithContext 

func (i *AuthBackend) ToAuthBackendOutputWithContext(ctx context.Context) AuthBackendOutput

func (*AuthBackend) ToAuthBackendPtrOutput 

func (i *AuthBackend) ToAuthBackendPtrOutput() AuthBackendPtrOutput

func (*AuthBackend) ToAuthBackendPtrOutputWithContext 

func (i *AuthBackend) ToAuthBackendPtrOutputWithContext(ctx context.Context) AuthBackendPtrOutput

type AuthBackendArgs 

type AuthBackendArgs struct {
	// The clients email associated with the credentials
	ClientEmail pulumi.StringPtrInput
	// The Client ID of the credentials
	ClientId pulumi.StringPtrInput
	// A JSON string containing the contents of a GCP credentials file. If this value is empty, Vault will try to use Application Default Credentials from the machine on which the Vault server is running.
	Credentials pulumi.StringPtrInput
	// A description of the auth method.
	Description pulumi.StringPtrInput
	// Specifies if the auth method is local only.
	Local pulumi.BoolPtrInput
	// The path to mount the auth method — this defaults to 'gcp'.
	Path pulumi.StringPtrInput
	// The ID of the private key from the credentials
	PrivateKeyId pulumi.StringPtrInput
	// The GCP Project ID
	ProjectId pulumi.StringPtrInput
}

The set of arguments for constructing a AuthBackend resource.

func (AuthBackendArgs) ElementType 

func (AuthBackendArgs) ElementType() reflect.Type

type AuthBackendArray 

type AuthBackendArray []AuthBackendInput

func (AuthBackendArray) ElementType 

func (AuthBackendArray) ElementType() reflect.Type

func (AuthBackendArray) ToAuthBackendArrayOutput 

func (i AuthBackendArray) ToAuthBackendArrayOutput() AuthBackendArrayOutput

func (AuthBackendArray) ToAuthBackendArrayOutputWithContext 

func (i AuthBackendArray) ToAuthBackendArrayOutputWithContext(ctx context.Context) AuthBackendArrayOutput

type AuthBackendArrayInput 

type AuthBackendArrayInput interface {
	pulumi.Input

	ToAuthBackendArrayOutput() AuthBackendArrayOutput
	ToAuthBackendArrayOutputWithContext(context.Context) AuthBackendArrayOutput
}

AuthBackendArrayInput is an input type that accepts AuthBackendArray and AuthBackendArrayOutput values. You can construct a concrete instance of `AuthBackendArrayInput` via: 

AuthBackendArray{ AuthBackendArgs{...} }

type AuthBackendArrayOutput 

type AuthBackendArrayOutput struct{ *pulumi.OutputState }

func (AuthBackendArrayOutput) ElementType 

func (AuthBackendArrayOutput) ElementType() reflect.Type

func (AuthBackendArrayOutput) Index 

func (o AuthBackendArrayOutput) Index(i pulumi.IntInput) AuthBackendOutput

func (AuthBackendArrayOutput) ToAuthBackendArrayOutput 

func (o AuthBackendArrayOutput) ToAuthBackendArrayOutput() AuthBackendArrayOutput

func (AuthBackendArrayOutput) ToAuthBackendArrayOutputWithContext 

func (o AuthBackendArrayOutput) ToAuthBackendArrayOutputWithContext(ctx context.Context) AuthBackendArrayOutput

type AuthBackendInput 

type AuthBackendInput interface {
	pulumi.Input

	ToAuthBackendOutput() AuthBackendOutput
	ToAuthBackendOutputWithContext(ctx context.Context) AuthBackendOutput
}

type AuthBackendMap 

type AuthBackendMap map[string]AuthBackendInput

func (AuthBackendMap) ElementType 

func (AuthBackendMap) ElementType() reflect.Type

func (AuthBackendMap) ToAuthBackendMapOutput 

func (i AuthBackendMap) ToAuthBackendMapOutput() AuthBackendMapOutput

func (AuthBackendMap) ToAuthBackendMapOutputWithContext 

func (i AuthBackendMap) ToAuthBackendMapOutputWithContext(ctx context.Context) AuthBackendMapOutput

type AuthBackendMapInput 

type AuthBackendMapInput interface {
	pulumi.Input

	ToAuthBackendMapOutput() AuthBackendMapOutput
	ToAuthBackendMapOutputWithContext(context.Context) AuthBackendMapOutput
}

AuthBackendMapInput is an input type that accepts AuthBackendMap and AuthBackendMapOutput values. You can construct a concrete instance of `AuthBackendMapInput` via: 

AuthBackendMap{ "key": AuthBackendArgs{...} }

type AuthBackendMapOutput 

type AuthBackendMapOutput struct{ *pulumi.OutputState }

func (AuthBackendMapOutput) ElementType 

func (AuthBackendMapOutput) ElementType() reflect.Type

func (AuthBackendMapOutput) MapIndex 

func (o AuthBackendMapOutput) MapIndex(k pulumi.StringInput) AuthBackendOutput

func (AuthBackendMapOutput) ToAuthBackendMapOutput 

func (o AuthBackendMapOutput) ToAuthBackendMapOutput() AuthBackendMapOutput

func (AuthBackendMapOutput) ToAuthBackendMapOutputWithContext 

func (o AuthBackendMapOutput) ToAuthBackendMapOutputWithContext(ctx context.Context) AuthBackendMapOutput

type AuthBackendOutput 

type AuthBackendOutput struct{ *pulumi.OutputState }

func (AuthBackendOutput) ElementType 

func (AuthBackendOutput) ElementType() reflect.Type

func (AuthBackendOutput) ToAuthBackendOutput 

func (o AuthBackendOutput) ToAuthBackendOutput() AuthBackendOutput

func (AuthBackendOutput) ToAuthBackendOutputWithContext 

func (o AuthBackendOutput) ToAuthBackendOutputWithContext(ctx context.Context) AuthBackendOutput

func (AuthBackendOutput) ToAuthBackendPtrOutput 

func (o AuthBackendOutput) ToAuthBackendPtrOutput() AuthBackendPtrOutput

func (AuthBackendOutput) ToAuthBackendPtrOutputWithContext 

func (o AuthBackendOutput) ToAuthBackendPtrOutputWithContext(ctx context.Context) AuthBackendPtrOutput

type AuthBackendPtrInput 

type AuthBackendPtrInput interface {
	pulumi.Input

	ToAuthBackendPtrOutput() AuthBackendPtrOutput
	ToAuthBackendPtrOutputWithContext(ctx context.Context) AuthBackendPtrOutput
}

type AuthBackendPtrOutput 

type AuthBackendPtrOutput struct{ *pulumi.OutputState }

func (AuthBackendPtrOutput) Elem added in v4.6.0 

func (o AuthBackendPtrOutput) Elem() AuthBackendOutput

func (AuthBackendPtrOutput) ElementType 

func (AuthBackendPtrOutput) ElementType() reflect.Type

func (AuthBackendPtrOutput) ToAuthBackendPtrOutput 

func (o AuthBackendPtrOutput) ToAuthBackendPtrOutput() AuthBackendPtrOutput

func (AuthBackendPtrOutput) ToAuthBackendPtrOutputWithContext 

func (o AuthBackendPtrOutput) ToAuthBackendPtrOutputWithContext(ctx context.Context) AuthBackendPtrOutput

type AuthBackendRole 

type AuthBackendRole struct {
	pulumi.CustomResourceState

	AddGroupAliases pulumi.BoolOutput `pulumi:"addGroupAliases"`
	// A flag to determine if this role should allow GCE instances to authenticate by inferring service accounts from the GCE identity metadata token.
	AllowGceInference pulumi.BoolOutput `pulumi:"allowGceInference"`
	// Path to the mounted GCP auth backend
	Backend pulumi.StringPtrOutput `pulumi:"backend"`
	// The instance groups that an authorized instance must belong to in order to be authenticated. If specified, either `boundZones` or `boundRegions` must be set too.
	BoundInstanceGroups pulumi.StringArrayOutput `pulumi:"boundInstanceGroups"`
	// A comma-separated list of GCP labels formatted as `"key:value"` strings that must be set on authorized GCE instances. Because GCP labels are not currently ACL'd, we recommend that this be used in conjunction with other restrictions.
	BoundLabels pulumi.StringArrayOutput `pulumi:"boundLabels"`
	// GCP Projects that the role exists within
	BoundProjects pulumi.StringArrayOutput `pulumi:"boundProjects"`
	// The list of regions that a GCE instance must belong to in order to be authenticated. If boundInstanceGroups is provided, it is assumed to be a regional group and the group must belong to this region. If boundZones are provided, this attribute is ignored.
	BoundRegions pulumi.StringArrayOutput `pulumi:"boundRegions"`
	// GCP Service Accounts allowed to issue tokens under this role. (Note: **Required** if role is `iam`)
	BoundServiceAccounts pulumi.StringArrayOutput `pulumi:"boundServiceAccounts"`
	// The list of zones that a GCE instance must belong to in order to be authenticated. If boundInstanceGroups is provided, it is assumed to be a zonal group and the group must belong to this zone.
	BoundZones pulumi.StringArrayOutput `pulumi:"boundZones"`
	// The number of seconds past the time of authentication that the login param JWT must expire within. For example, if a user attempts to login with a token that expires within an hour and this is set to 15 minutes, Vault will return an error prompting the user to create a new signed JWT with a shorter `exp`. The GCE metadata tokens currently do not allow the `exp` claim to be customized.
	MaxJwtExp pulumi.StringOutput `pulumi:"maxJwtExp"`
	// The maximum allowed lifetime of tokens
	// issued using this role, provided as a number of seconds.
	//
	// Deprecated: use `token_max_ttl` instead if you are running Vault >= 1.2
	MaxTtl pulumi.StringOutput `pulumi:"maxTtl"`
	// If set, indicates that the
	// token generated using this role should never expire. The token should be renewed within the
	// duration specified by this value. At each renewal, the token's TTL will be set to the
	// value of this field. Specified in seconds.
	//
	// Deprecated: use `token_period` instead if you are running Vault >= 1.2
	Period pulumi.StringOutput `pulumi:"period"`
	// An array of strings
	// specifying the policies to be set on tokens issued using this role.
	//
	// Deprecated: use `token_policies` instead if you are running Vault >= 1.2
	Policies pulumi.StringArrayOutput `pulumi:"policies"`
	// Name of the GCP role
	Role pulumi.StringOutput `pulumi:"role"`
	// List of CIDR blocks; if set, specifies blocks of IP
	// addresses which can authenticate successfully, and ties the resulting token to these blocks
	// as well.
	TokenBoundCidrs pulumi.StringArrayOutput `pulumi:"tokenBoundCidrs"`
	// If set, will encode an
	// [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
	// onto the token in number of seconds. This is a hard cap even if `tokenTtl` and
	// `tokenMaxTtl` would otherwise allow a renewal.
	TokenExplicitMaxTtl pulumi.IntPtrOutput `pulumi:"tokenExplicitMaxTtl"`
	// The maximum lifetime for generated tokens in number of seconds.
	// Its current value will be referenced at renewal time.
	TokenMaxTtl pulumi.IntPtrOutput `pulumi:"tokenMaxTtl"`
	// If set, the default policy will not be set on
	// generated tokens; otherwise it will be added to the policies set in token_policies.
	TokenNoDefaultPolicy pulumi.BoolPtrOutput `pulumi:"tokenNoDefaultPolicy"`
	// The
	// [period](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls),
	// if any, in number of seconds to set on the token.
	TokenNumUses pulumi.IntPtrOutput `pulumi:"tokenNumUses"`
	// If set, indicates that the
	// token generated using this role should never expire. The token should be renewed within the
	// duration specified by this value. At each renewal, the token's TTL will be set to the
	// value of this field. Specified in seconds.
	TokenPeriod pulumi.IntPtrOutput `pulumi:"tokenPeriod"`
	// List of policies to encode onto generated tokens. Depending
	// on the auth method, this list may be supplemented by user/group/other values.
	TokenPolicies pulumi.StringArrayOutput `pulumi:"tokenPolicies"`
	// The incremental lifetime for generated tokens in number of seconds.
	// Its current value will be referenced at renewal time.
	TokenTtl pulumi.IntPtrOutput `pulumi:"tokenTtl"`
	// The type of token that should be generated. Can be `service`,
	// `batch`, or `default` to use the mount's tuned default (which unless changed will be
	// `service` tokens). For token store roles, there are two additional possibilities:
	// `default-service` and `default-batch` which specify the type to return unless the client
	// requests a different type at generation time.
	TokenType pulumi.StringPtrOutput `pulumi:"tokenType"`
	// The TTL period of tokens issued
	// using this role, provided as a number of seconds.
	//
	// Deprecated: use `token_ttl` instead if you are running Vault >= 1.2
	Ttl pulumi.StringOutput `pulumi:"ttl"`
	// Type of GCP authentication role (either `gce` or `iam`)
	Type pulumi.StringOutput `pulumi:"type"`
}

Provides a resource to create a role in an [GCP auth backend within Vault](https://www.vaultproject.io/docs/auth/gcp.html).

## Import

GCP authentication roles can be imported using the `path`, e.g.

```sh 

$ pulumi import vault:gcp/authBackendRole:AuthBackendRole my_role auth/gcp/role/my_role

```

func GetAuthBackendRole 

func GetAuthBackendRole(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AuthBackendRoleState, opts ...pulumi.ResourceOption) (*AuthBackendRole, error)

GetAuthBackendRole gets an existing AuthBackendRole resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAuthBackendRole 

func NewAuthBackendRole(ctx *pulumi.Context,
	name string, args *AuthBackendRoleArgs, opts ...pulumi.ResourceOption) (*AuthBackendRole, error)

NewAuthBackendRole registers a new resource with the given unique name, arguments, and options.

func (*AuthBackendRole) ElementType 

func (*AuthBackendRole) ElementType() reflect.Type

func (*AuthBackendRole) ToAuthBackendRoleOutput 

func (i *AuthBackendRole) ToAuthBackendRoleOutput() AuthBackendRoleOutput

func (*AuthBackendRole) ToAuthBackendRoleOutputWithContext 

func (i *AuthBackendRole) ToAuthBackendRoleOutputWithContext(ctx context.Context) AuthBackendRoleOutput

func (*AuthBackendRole) ToAuthBackendRolePtrOutput 

func (i *AuthBackendRole) ToAuthBackendRolePtrOutput() AuthBackendRolePtrOutput

func (*AuthBackendRole) ToAuthBackendRolePtrOutputWithContext 

func (i *AuthBackendRole) ToAuthBackendRolePtrOutputWithContext(ctx context.Context) AuthBackendRolePtrOutput

type AuthBackendRoleArgs 

type AuthBackendRoleArgs struct {
	AddGroupAliases pulumi.BoolPtrInput
	// A flag to determine if this role should allow GCE instances to authenticate by inferring service accounts from the GCE identity metadata token.
	AllowGceInference pulumi.BoolPtrInput
	// Path to the mounted GCP auth backend
	Backend pulumi.StringPtrInput
	// The instance groups that an authorized instance must belong to in order to be authenticated. If specified, either `boundZones` or `boundRegions` must be set too.
	BoundInstanceGroups pulumi.StringArrayInput
	// A comma-separated list of GCP labels formatted as `"key:value"` strings that must be set on authorized GCE instances. Because GCP labels are not currently ACL'd, we recommend that this be used in conjunction with other restrictions.
	BoundLabels pulumi.StringArrayInput
	// GCP Projects that the role exists within
	BoundProjects pulumi.StringArrayInput
	// The list of regions that a GCE instance must belong to in order to be authenticated. If boundInstanceGroups is provided, it is assumed to be a regional group and the group must belong to this region. If boundZones are provided, this attribute is ignored.
	BoundRegions pulumi.StringArrayInput
	// GCP Service Accounts allowed to issue tokens under this role. (Note: **Required** if role is `iam`)
	BoundServiceAccounts pulumi.StringArrayInput
	// The list of zones that a GCE instance must belong to in order to be authenticated. If boundInstanceGroups is provided, it is assumed to be a zonal group and the group must belong to this zone.
	BoundZones pulumi.StringArrayInput
	// The number of seconds past the time of authentication that the login param JWT must expire within. For example, if a user attempts to login with a token that expires within an hour and this is set to 15 minutes, Vault will return an error prompting the user to create a new signed JWT with a shorter `exp`. The GCE metadata tokens currently do not allow the `exp` claim to be customized.
	MaxJwtExp pulumi.StringPtrInput
	// The maximum allowed lifetime of tokens
	// issued using this role, provided as a number of seconds.
	//
	// Deprecated: use `token_max_ttl` instead if you are running Vault >= 1.2
	MaxTtl pulumi.StringPtrInput
	// If set, indicates that the
	// token generated using this role should never expire. The token should be renewed within the
	// duration specified by this value. At each renewal, the token's TTL will be set to the
	// value of this field. Specified in seconds.
	//
	// Deprecated: use `token_period` instead if you are running Vault >= 1.2
	Period pulumi.StringPtrInput
	// An array of strings
	// specifying the policies to be set on tokens issued using this role.
	//
	// Deprecated: use `token_policies` instead if you are running Vault >= 1.2
	Policies pulumi.StringArrayInput
	// Name of the GCP role
	Role pulumi.StringInput
	// List of CIDR blocks; if set, specifies blocks of IP
	// addresses which can authenticate successfully, and ties the resulting token to these blocks
	// as well.
	TokenBoundCidrs pulumi.StringArrayInput
	// If set, will encode an
	// [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
	// onto the token in number of seconds. This is a hard cap even if `tokenTtl` and
	// `tokenMaxTtl` would otherwise allow a renewal.
	TokenExplicitMaxTtl pulumi.IntPtrInput
	// The maximum lifetime for generated tokens in number of seconds.
	// Its current value will be referenced at renewal time.
	TokenMaxTtl pulumi.IntPtrInput
	// If set, the default policy will not be set on
	// generated tokens; otherwise it will be added to the policies set in token_policies.
	TokenNoDefaultPolicy pulumi.BoolPtrInput
	// The
	// [period](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls),
	// if any, in number of seconds to set on the token.
	TokenNumUses pulumi.IntPtrInput
	// If set, indicates that the
	// token generated using this role should never expire. The token should be renewed within the
	// duration specified by this value. At each renewal, the token's TTL will be set to the
	// value of this field. Specified in seconds.
	TokenPeriod pulumi.IntPtrInput
	// List of policies to encode onto generated tokens. Depending
	// on the auth method, this list may be supplemented by user/group/other values.
	TokenPolicies pulumi.StringArrayInput
	// The incremental lifetime for generated tokens in number of seconds.
	// Its current value will be referenced at renewal time.
	TokenTtl pulumi.IntPtrInput
	// The type of token that should be generated. Can be `service`,
	// `batch`, or `default` to use the mount's tuned default (which unless changed will be
	// `service` tokens). For token store roles, there are two additional possibilities:
	// `default-service` and `default-batch` which specify the type to return unless the client
	// requests a different type at generation time.
	TokenType pulumi.StringPtrInput
	// The TTL period of tokens issued
	// using this role, provided as a number of seconds.
	//
	// Deprecated: use `token_ttl` instead if you are running Vault >= 1.2
	Ttl pulumi.StringPtrInput
	// Type of GCP authentication role (either `gce` or `iam`)
	Type pulumi.StringInput
}

The set of arguments for constructing a AuthBackendRole resource.

func (AuthBackendRoleArgs) ElementType 

func (AuthBackendRoleArgs) ElementType() reflect.Type

type AuthBackendRoleArray 

type AuthBackendRoleArray []AuthBackendRoleInput

func (AuthBackendRoleArray) ElementType 

func (AuthBackendRoleArray) ElementType() reflect.Type

func (AuthBackendRoleArray) ToAuthBackendRoleArrayOutput 

func (i AuthBackendRoleArray) ToAuthBackendRoleArrayOutput() AuthBackendRoleArrayOutput

func (AuthBackendRoleArray) ToAuthBackendRoleArrayOutputWithContext 

func (i AuthBackendRoleArray) ToAuthBackendRoleArrayOutputWithContext(ctx context.Context) AuthBackendRoleArrayOutput

type AuthBackendRoleArrayInput 

type AuthBackendRoleArrayInput interface {
	pulumi.Input

	ToAuthBackendRoleArrayOutput() AuthBackendRoleArrayOutput
	ToAuthBackendRoleArrayOutputWithContext(context.Context) AuthBackendRoleArrayOutput
}

AuthBackendRoleArrayInput is an input type that accepts AuthBackendRoleArray and AuthBackendRoleArrayOutput values. You can construct a concrete instance of `AuthBackendRoleArrayInput` via: 

AuthBackendRoleArray{ AuthBackendRoleArgs{...} }

type AuthBackendRoleArrayOutput 

type AuthBackendRoleArrayOutput struct{ *pulumi.OutputState }

func (AuthBackendRoleArrayOutput) ElementType 

func (AuthBackendRoleArrayOutput) ElementType() reflect.Type

func (AuthBackendRoleArrayOutput) Index 

func (o AuthBackendRoleArrayOutput) Index(i pulumi.IntInput) AuthBackendRoleOutput

func (AuthBackendRoleArrayOutput) ToAuthBackendRoleArrayOutput 

func (o AuthBackendRoleArrayOutput) ToAuthBackendRoleArrayOutput() AuthBackendRoleArrayOutput

func (AuthBackendRoleArrayOutput) ToAuthBackendRoleArrayOutputWithContext 

func (o AuthBackendRoleArrayOutput) ToAuthBackendRoleArrayOutputWithContext(ctx context.Context) AuthBackendRoleArrayOutput

type AuthBackendRoleInput 

type AuthBackendRoleInput interface {
	pulumi.Input

	ToAuthBackendRoleOutput() AuthBackendRoleOutput
	ToAuthBackendRoleOutputWithContext(ctx context.Context) AuthBackendRoleOutput
}

type AuthBackendRoleMap 

type AuthBackendRoleMap map[string]AuthBackendRoleInput

func (AuthBackendRoleMap) ElementType 

func (AuthBackendRoleMap) ElementType() reflect.Type

func (AuthBackendRoleMap) ToAuthBackendRoleMapOutput 

func (i AuthBackendRoleMap) ToAuthBackendRoleMapOutput() AuthBackendRoleMapOutput

func (AuthBackendRoleMap) ToAuthBackendRoleMapOutputWithContext 

func (i AuthBackendRoleMap) ToAuthBackendRoleMapOutputWithContext(ctx context.Context) AuthBackendRoleMapOutput

type AuthBackendRoleMapInput 

type AuthBackendRoleMapInput interface {
	pulumi.Input

	ToAuthBackendRoleMapOutput() AuthBackendRoleMapOutput
	ToAuthBackendRoleMapOutputWithContext(context.Context) AuthBackendRoleMapOutput
}

AuthBackendRoleMapInput is an input type that accepts AuthBackendRoleMap and AuthBackendRoleMapOutput values. You can construct a concrete instance of `AuthBackendRoleMapInput` via: 

AuthBackendRoleMap{ "key": AuthBackendRoleArgs{...} }

type AuthBackendRoleMapOutput 

type AuthBackendRoleMapOutput struct{ *pulumi.OutputState }

func (AuthBackendRoleMapOutput) ElementType 

func (AuthBackendRoleMapOutput) ElementType() reflect.Type

func (AuthBackendRoleMapOutput) MapIndex 

func (o AuthBackendRoleMapOutput) MapIndex(k pulumi.StringInput) AuthBackendRoleOutput

func (AuthBackendRoleMapOutput) ToAuthBackendRoleMapOutput 

func (o AuthBackendRoleMapOutput) ToAuthBackendRoleMapOutput() AuthBackendRoleMapOutput

func (AuthBackendRoleMapOutput) ToAuthBackendRoleMapOutputWithContext 

func (o AuthBackendRoleMapOutput) ToAuthBackendRoleMapOutputWithContext(ctx context.Context) AuthBackendRoleMapOutput

type AuthBackendRoleOutput 

type AuthBackendRoleOutput struct{ *pulumi.OutputState }

func (AuthBackendRoleOutput) ElementType 

func (AuthBackendRoleOutput) ElementType() reflect.Type

func (AuthBackendRoleOutput) ToAuthBackendRoleOutput 

func (o AuthBackendRoleOutput) ToAuthBackendRoleOutput() AuthBackendRoleOutput

func (AuthBackendRoleOutput) ToAuthBackendRoleOutputWithContext 

func (o AuthBackendRoleOutput) ToAuthBackendRoleOutputWithContext(ctx context.Context) AuthBackendRoleOutput

func (AuthBackendRoleOutput) ToAuthBackendRolePtrOutput 

func (o AuthBackendRoleOutput) ToAuthBackendRolePtrOutput() AuthBackendRolePtrOutput

func (AuthBackendRoleOutput) ToAuthBackendRolePtrOutputWithContext 

func (o AuthBackendRoleOutput) ToAuthBackendRolePtrOutputWithContext(ctx context.Context) AuthBackendRolePtrOutput

type AuthBackendRolePtrInput 

type AuthBackendRolePtrInput interface {
	pulumi.Input

	ToAuthBackendRolePtrOutput() AuthBackendRolePtrOutput
	ToAuthBackendRolePtrOutputWithContext(ctx context.Context) AuthBackendRolePtrOutput
}

type AuthBackendRolePtrOutput 

type AuthBackendRolePtrOutput struct{ *pulumi.OutputState }

func (AuthBackendRolePtrOutput) Elem added in v4.6.0 

func (o AuthBackendRolePtrOutput) Elem() AuthBackendRoleOutput

func (AuthBackendRolePtrOutput) ElementType 

func (AuthBackendRolePtrOutput) ElementType() reflect.Type

func (AuthBackendRolePtrOutput) ToAuthBackendRolePtrOutput 

func (o AuthBackendRolePtrOutput) ToAuthBackendRolePtrOutput() AuthBackendRolePtrOutput

func (AuthBackendRolePtrOutput) ToAuthBackendRolePtrOutputWithContext 

func (o AuthBackendRolePtrOutput) ToAuthBackendRolePtrOutputWithContext(ctx context.Context) AuthBackendRolePtrOutput

type AuthBackendRoleState 

type AuthBackendRoleState struct {
	AddGroupAliases pulumi.BoolPtrInput
	// A flag to determine if this role should allow GCE instances to authenticate by inferring service accounts from the GCE identity metadata token.
	AllowGceInference pulumi.BoolPtrInput
	// Path to the mounted GCP auth backend
	Backend pulumi.StringPtrInput
	// The instance groups that an authorized instance must belong to in order to be authenticated. If specified, either `boundZones` or `boundRegions` must be set too.
	BoundInstanceGroups pulumi.StringArrayInput
	// A comma-separated list of GCP labels formatted as `"key:value"` strings that must be set on authorized GCE instances. Because GCP labels are not currently ACL'd, we recommend that this be used in conjunction with other restrictions.
	BoundLabels pulumi.StringArrayInput
	// GCP Projects that the role exists within
	BoundProjects pulumi.StringArrayInput
	// The list of regions that a GCE instance must belong to in order to be authenticated. If boundInstanceGroups is provided, it is assumed to be a regional group and the group must belong to this region. If boundZones are provided, this attribute is ignored.
	BoundRegions pulumi.StringArrayInput
	// GCP Service Accounts allowed to issue tokens under this role. (Note: **Required** if role is `iam`)
	BoundServiceAccounts pulumi.StringArrayInput
	// The list of zones that a GCE instance must belong to in order to be authenticated. If boundInstanceGroups is provided, it is assumed to be a zonal group and the group must belong to this zone.
	BoundZones pulumi.StringArrayInput
	// The number of seconds past the time of authentication that the login param JWT must expire within. For example, if a user attempts to login with a token that expires within an hour and this is set to 15 minutes, Vault will return an error prompting the user to create a new signed JWT with a shorter `exp`. The GCE metadata tokens currently do not allow the `exp` claim to be customized.
	MaxJwtExp pulumi.StringPtrInput
	// The maximum allowed lifetime of tokens
	// issued using this role, provided as a number of seconds.
	//
	// Deprecated: use `token_max_ttl` instead if you are running Vault >= 1.2
	MaxTtl pulumi.StringPtrInput
	// If set, indicates that the
	// token generated using this role should never expire. The token should be renewed within the
	// duration specified by this value. At each renewal, the token's TTL will be set to the
	// value of this field. Specified in seconds.
	//
	// Deprecated: use `token_period` instead if you are running Vault >= 1.2
	Period pulumi.StringPtrInput
	// An array of strings
	// specifying the policies to be set on tokens issued using this role.
	//
	// Deprecated: use `token_policies` instead if you are running Vault >= 1.2
	Policies pulumi.StringArrayInput
	// Name of the GCP role
	Role pulumi.StringPtrInput
	// List of CIDR blocks; if set, specifies blocks of IP
	// addresses which can authenticate successfully, and ties the resulting token to these blocks
	// as well.
	TokenBoundCidrs pulumi.StringArrayInput
	// If set, will encode an
	// [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
	// onto the token in number of seconds. This is a hard cap even if `tokenTtl` and
	// `tokenMaxTtl` would otherwise allow a renewal.
	TokenExplicitMaxTtl pulumi.IntPtrInput
	// The maximum lifetime for generated tokens in number of seconds.
	// Its current value will be referenced at renewal time.
	TokenMaxTtl pulumi.IntPtrInput
	// If set, the default policy will not be set on
	// generated tokens; otherwise it will be added to the policies set in token_policies.
	TokenNoDefaultPolicy pulumi.BoolPtrInput
	// The
	// [period](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls),
	// if any, in number of seconds to set on the token.
	TokenNumUses pulumi.IntPtrInput
	// If set, indicates that the
	// token generated using this role should never expire. The token should be renewed within the
	// duration specified by this value. At each renewal, the token's TTL will be set to the
	// value of this field. Specified in seconds.
	TokenPeriod pulumi.IntPtrInput
	// List of policies to encode onto generated tokens. Depending
	// on the auth method, this list may be supplemented by user/group/other values.
	TokenPolicies pulumi.StringArrayInput
	// The incremental lifetime for generated tokens in number of seconds.
	// Its current value will be referenced at renewal time.
	TokenTtl pulumi.IntPtrInput
	// The type of token that should be generated. Can be `service`,
	// `batch`, or `default` to use the mount's tuned default (which unless changed will be
	// `service` tokens). For token store roles, there are two additional possibilities:
	// `default-service` and `default-batch` which specify the type to return unless the client
	// requests a different type at generation time.
	TokenType pulumi.StringPtrInput
	// The TTL period of tokens issued
	// using this role, provided as a number of seconds.
	//
	// Deprecated: use `token_ttl` instead if you are running Vault >= 1.2
	Ttl pulumi.StringPtrInput
	// Type of GCP authentication role (either `gce` or `iam`)
	Type pulumi.StringPtrInput
}

func (AuthBackendRoleState) ElementType 

func (AuthBackendRoleState) ElementType() reflect.Type

type AuthBackendState 

type AuthBackendState struct {
	// The clients email associated with the credentials
	ClientEmail pulumi.StringPtrInput
	// The Client ID of the credentials
	ClientId pulumi.StringPtrInput
	// A JSON string containing the contents of a GCP credentials file. If this value is empty, Vault will try to use Application Default Credentials from the machine on which the Vault server is running.
	Credentials pulumi.StringPtrInput
	// A description of the auth method.
	Description pulumi.StringPtrInput
	// Specifies if the auth method is local only.
	Local pulumi.BoolPtrInput
	// The path to mount the auth method — this defaults to 'gcp'.
	Path pulumi.StringPtrInput
	// The ID of the private key from the credentials
	PrivateKeyId pulumi.StringPtrInput
	// The GCP Project ID
	ProjectId pulumi.StringPtrInput
}

func (AuthBackendState) ElementType 

func (AuthBackendState) ElementType() reflect.Type

type LookupAuthBackendRoleArgs added in v4.3.0 

type LookupAuthBackendRoleArgs struct {
	// The unique name for the GCP backend from which to fetch the role. Defaults to "gcp".
	Backend *string `pulumi:"backend"`
	// The name of the role to retrieve the Role ID for.
	RoleName string `pulumi:"roleName"`
	// List of CIDR blocks; if set, specifies blocks of IP
	// addresses which can authenticate successfully, and ties the resulting token to these blocks
	// as well.
	TokenBoundCidrs []string `pulumi:"tokenBoundCidrs"`
	// If set, will encode an
	// [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
	// onto the token in number of seconds. This is a hard cap even if `tokenTtl` and
	// `tokenMaxTtl` would otherwise allow a renewal.
	TokenExplicitMaxTtl *int `pulumi:"tokenExplicitMaxTtl"`
	// The maximum lifetime for generated tokens in number of seconds.
	// Its current value will be referenced at renewal time.
	TokenMaxTtl *int `pulumi:"tokenMaxTtl"`
	// If set, the default policy will not be set on
	// generated tokens; otherwise it will be added to the policies set in token_policies.
	TokenNoDefaultPolicy *bool `pulumi:"tokenNoDefaultPolicy"`
	// The
	// [period](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls),
	// if any, in number of seconds to set on the token.
	TokenNumUses *int `pulumi:"tokenNumUses"`
	// (Optional) If set, indicates that the
	// token generated using this role should never expire. The token should be renewed within the
	// duration specified by this value. At each renewal, the token's TTL will be set to the
	// value of this field. Specified in seconds.
	TokenPeriod *int `pulumi:"tokenPeriod"`
	// List of policies to encode onto generated tokens. Depending
	// on the auth method, this list may be supplemented by user/group/other values.
	TokenPolicies []string `pulumi:"tokenPolicies"`
	// The incremental lifetime for generated tokens in number of seconds.
	// Its current value will be referenced at renewal time.
	TokenTtl *int `pulumi:"tokenTtl"`
	// The type of token that should be generated. Can be `service`,
	// `batch`, or `default` to use the mount's tuned default (which unless changed will be
	// `service` tokens). For token store roles, there are two additional possibilities:
	// `default-service` and `default-batch` which specify the type to return unless the client
	// requests a different type at generation time.
	TokenType *string `pulumi:"tokenType"`
}

A collection of arguments for invoking getAuthBackendRole.

type LookupAuthBackendRoleOutputArgs added in v4.6.0 

type LookupAuthBackendRoleOutputArgs struct {
	// The unique name for the GCP backend from which to fetch the role. Defaults to "gcp".
	Backend pulumi.StringPtrInput `pulumi:"backend"`
	// The name of the role to retrieve the Role ID for.
	RoleName pulumi.StringInput `pulumi:"roleName"`
	// List of CIDR blocks; if set, specifies blocks of IP
	// addresses which can authenticate successfully, and ties the resulting token to these blocks
	// as well.
	TokenBoundCidrs pulumi.StringArrayInput `pulumi:"tokenBoundCidrs"`
	// If set, will encode an
	// [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
	// onto the token in number of seconds. This is a hard cap even if `tokenTtl` and
	// `tokenMaxTtl` would otherwise allow a renewal.
	TokenExplicitMaxTtl pulumi.IntPtrInput `pulumi:"tokenExplicitMaxTtl"`
	// The maximum lifetime for generated tokens in number of seconds.
	// Its current value will be referenced at renewal time.
	TokenMaxTtl pulumi.IntPtrInput `pulumi:"tokenMaxTtl"`
	// If set, the default policy will not be set on
	// generated tokens; otherwise it will be added to the policies set in token_policies.
	TokenNoDefaultPolicy pulumi.BoolPtrInput `pulumi:"tokenNoDefaultPolicy"`
	// The
	// [period](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls),
	// if any, in number of seconds to set on the token.
	TokenNumUses pulumi.IntPtrInput `pulumi:"tokenNumUses"`
	// (Optional) If set, indicates that the
	// token generated using this role should never expire. The token should be renewed within the
	// duration specified by this value. At each renewal, the token's TTL will be set to the
	// value of this field. Specified in seconds.
	TokenPeriod pulumi.IntPtrInput `pulumi:"tokenPeriod"`
	// List of policies to encode onto generated tokens. Depending
	// on the auth method, this list may be supplemented by user/group/other values.
	TokenPolicies pulumi.StringArrayInput `pulumi:"tokenPolicies"`
	// The incremental lifetime for generated tokens in number of seconds.
	// Its current value will be referenced at renewal time.
	TokenTtl pulumi.IntPtrInput `pulumi:"tokenTtl"`
	// The type of token that should be generated. Can be `service`,
	// `batch`, or `default` to use the mount's tuned default (which unless changed will be
	// `service` tokens). For token store roles, there are two additional possibilities:
	// `default-service` and `default-batch` which specify the type to return unless the client
	// requests a different type at generation time.
	TokenType pulumi.StringPtrInput `pulumi:"tokenType"`
}

A collection of arguments for invoking getAuthBackendRole.

func (LookupAuthBackendRoleOutputArgs) ElementType added in v4.6.0 

func (LookupAuthBackendRoleOutputArgs) ElementType() reflect.Type

type LookupAuthBackendRoleResult added in v4.3.0 

type LookupAuthBackendRoleResult struct {
	Backend *string `pulumi:"backend"`
	// GCP regions bound to the role. Returned when `type` is `gce`.
	BoundInstanceGroups []string `pulumi:"boundInstanceGroups"`
	// GCP labels bound to the role. Returned when `type` is `gce`.
	BoundLabels []string `pulumi:"boundLabels"`
	// GCP projects bound to the role.
	BoundProjects []string `pulumi:"boundProjects"`
	// GCP regions bound to the role. Returned when `type` is `gce`.
	BoundRegions []string `pulumi:"boundRegions"`
	// GCP service accounts bound to the role. Returned when `type` is `iam`.
	BoundServiceAccounts []string `pulumi:"boundServiceAccounts"`
	// GCP zones bound to the role. Returned when `type` is `gce`.
	BoundZones []string `pulumi:"boundZones"`
	// The provider-assigned unique ID for this managed resource.
	Id string `pulumi:"id"`
	// The RoleID of the GCP role.
	RoleId   string `pulumi:"roleId"`
	RoleName string `pulumi:"roleName"`
	// List of CIDR blocks; if set, specifies blocks of IP
	// addresses which can authenticate successfully, and ties the resulting token to these blocks
	// as well.
	TokenBoundCidrs []string `pulumi:"tokenBoundCidrs"`
	// If set, will encode an
	// [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
	// onto the token in number of seconds. This is a hard cap even if `tokenTtl` and
	// `tokenMaxTtl` would otherwise allow a renewal.
	TokenExplicitMaxTtl *int `pulumi:"tokenExplicitMaxTtl"`
	// The maximum lifetime for generated tokens in number of seconds.
	// Its current value will be referenced at renewal time.
	TokenMaxTtl *int `pulumi:"tokenMaxTtl"`
	// If set, the default policy will not be set on
	// generated tokens; otherwise it will be added to the policies set in token_policies.
	TokenNoDefaultPolicy *bool `pulumi:"tokenNoDefaultPolicy"`
	// The
	// [period](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls),
	// if any, in number of seconds to set on the token.
	TokenNumUses *int `pulumi:"tokenNumUses"`
	// (Optional) If set, indicates that the
	// token generated using this role should never expire. The token should be renewed within the
	// duration specified by this value. At each renewal, the token's TTL will be set to the
	// value of this field. Specified in seconds.
	TokenPeriod *int `pulumi:"tokenPeriod"`
	// List of policies to encode onto generated tokens. Depending
	// on the auth method, this list may be supplemented by user/group/other values.
	TokenPolicies []string `pulumi:"tokenPolicies"`
	// The incremental lifetime for generated tokens in number of seconds.
	// Its current value will be referenced at renewal time.
	TokenTtl *int `pulumi:"tokenTtl"`
	// The type of token that should be generated. Can be `service`,
	// `batch`, or `default` to use the mount's tuned default (which unless changed will be
	// `service` tokens). For token store roles, there are two additional possibilities:
	// `default-service` and `default-batch` which specify the type to return unless the client
	// requests a different type at generation time.
	TokenType *string `pulumi:"tokenType"`
	// Type of GCP role. Expected values are `iam` or `gce`.
	Type string `pulumi:"type"`
}

A collection of values returned by getAuthBackendRole.

func LookupAuthBackendRole added in v4.3.0 

func LookupAuthBackendRole(ctx *pulumi.Context, args *LookupAuthBackendRoleArgs, opts ...pulumi.InvokeOption) (*LookupAuthBackendRoleResult, error)

Reads a GCP auth role from a Vault server.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-vault/sdk/v4/go/vault/gcp"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		opt0 := "my-gcp-backend"
		role, err := gcp.LookupAuthBackendRole(ctx, &gcp.LookupAuthBackendRoleArgs{
			Backend:  &opt0,
			RoleName: "my-role",
		}, nil)
		if err != nil {
			return err
		}
		ctx.Export("role-id", role.RoleId)
		return nil
	})
}

```

type LookupAuthBackendRoleResultOutput added in v4.6.0 

type LookupAuthBackendRoleResultOutput struct{ *pulumi.OutputState }

A collection of values returned by getAuthBackendRole.

func LookupAuthBackendRoleOutput added in v4.6.0 

func LookupAuthBackendRoleOutput(ctx *pulumi.Context, args LookupAuthBackendRoleOutputArgs, opts ...pulumi.InvokeOption) LookupAuthBackendRoleResultOutput

func (LookupAuthBackendRoleResultOutput) Backend added in v4.6.0 

func (o LookupAuthBackendRoleResultOutput) Backend() pulumi.StringPtrOutput

func (LookupAuthBackendRoleResultOutput) BoundInstanceGroups added in v4.6.0 

func (o LookupAuthBackendRoleResultOutput) BoundInstanceGroups() pulumi.StringArrayOutput

GCP regions bound to the role. Returned when `type` is `gce`.

func (LookupAuthBackendRoleResultOutput) BoundLabels added in v4.6.0 

func (o LookupAuthBackendRoleResultOutput) BoundLabels() pulumi.StringArrayOutput

GCP labels bound to the role. Returned when `type` is `gce`.

func (LookupAuthBackendRoleResultOutput) BoundProjects added in v4.6.0 

func (o LookupAuthBackendRoleResultOutput) BoundProjects() pulumi.StringArrayOutput

GCP projects bound to the role.

func (LookupAuthBackendRoleResultOutput) BoundRegions added in v4.6.0 

func (o LookupAuthBackendRoleResultOutput) BoundRegions() pulumi.StringArrayOutput

GCP regions bound to the role. Returned when `type` is `gce`.

func (LookupAuthBackendRoleResultOutput) BoundServiceAccounts added in v4.6.0 

func (o LookupAuthBackendRoleResultOutput) BoundServiceAccounts() pulumi.StringArrayOutput

GCP service accounts bound to the role. Returned when `type` is `iam`.

func (LookupAuthBackendRoleResultOutput) BoundZones added in v4.6.0 

func (o LookupAuthBackendRoleResultOutput) BoundZones() pulumi.StringArrayOutput

GCP zones bound to the role. Returned when `type` is `gce`.

func (LookupAuthBackendRoleResultOutput) ElementType added in v4.6.0 

func (LookupAuthBackendRoleResultOutput) ElementType() reflect.Type

func (LookupAuthBackendRoleResultOutput) Id added in v4.6.0 

func (o LookupAuthBackendRoleResultOutput) Id() pulumi.StringOutput

The provider-assigned unique ID for this managed resource.

func (LookupAuthBackendRoleResultOutput) RoleId added in v4.6.0 

func (o LookupAuthBackendRoleResultOutput) RoleId() pulumi.StringOutput

The RoleID of the GCP role.

func (LookupAuthBackendRoleResultOutput) RoleName added in v4.6.0 

func (o LookupAuthBackendRoleResultOutput) RoleName() pulumi.StringOutput

func (LookupAuthBackendRoleResultOutput) ToLookupAuthBackendRoleResultOutput added in v4.6.0 

func (o LookupAuthBackendRoleResultOutput) ToLookupAuthBackendRoleResultOutput() LookupAuthBackendRoleResultOutput

func (LookupAuthBackendRoleResultOutput) ToLookupAuthBackendRoleResultOutputWithContext added in v4.6.0 

func (o LookupAuthBackendRoleResultOutput) ToLookupAuthBackendRoleResultOutputWithContext(ctx context.Context) LookupAuthBackendRoleResultOutput

func (LookupAuthBackendRoleResultOutput) TokenBoundCidrs added in v4.6.0 

func (o LookupAuthBackendRoleResultOutput) TokenBoundCidrs() pulumi.StringArrayOutput

List of CIDR blocks; if set, specifies blocks of IP addresses which can authenticate successfully, and ties the resulting token to these blocks as well.

func (LookupAuthBackendRoleResultOutput) TokenExplicitMaxTtl added in v4.6.0 

func (o LookupAuthBackendRoleResultOutput) TokenExplicitMaxTtl() pulumi.IntPtrOutput

If set, will encode an [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls) onto the token in number of seconds. This is a hard cap even if `tokenTtl` and `tokenMaxTtl` would otherwise allow a renewal.

func (LookupAuthBackendRoleResultOutput) TokenMaxTtl added in v4.6.0 

func (o LookupAuthBackendRoleResultOutput) TokenMaxTtl() pulumi.IntPtrOutput

The maximum lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.

func (LookupAuthBackendRoleResultOutput) TokenNoDefaultPolicy added in v4.6.0 

func (o LookupAuthBackendRoleResultOutput) TokenNoDefaultPolicy() pulumi.BoolPtrOutput

If set, the default policy will not be set on generated tokens; otherwise it will be added to the policies set in token_policies.

func (LookupAuthBackendRoleResultOutput) TokenNumUses added in v4.6.0 

func (o LookupAuthBackendRoleResultOutput) TokenNumUses() pulumi.IntPtrOutput

The [period](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls), if any, in number of seconds to set on the token.

func (LookupAuthBackendRoleResultOutput) TokenPeriod added in v4.6.0 

func (o LookupAuthBackendRoleResultOutput) TokenPeriod() pulumi.IntPtrOutput

(Optional) If set, indicates that the token generated using this role should never expire. The token should be renewed within the duration specified by this value. At each renewal, the token's TTL will be set to the value of this field. Specified in seconds.

func (LookupAuthBackendRoleResultOutput) TokenPolicies added in v4.6.0 

func (o LookupAuthBackendRoleResultOutput) TokenPolicies() pulumi.StringArrayOutput

List of policies to encode onto generated tokens. Depending on the auth method, this list may be supplemented by user/group/other values.

func (LookupAuthBackendRoleResultOutput) TokenTtl added in v4.6.0 

func (o LookupAuthBackendRoleResultOutput) TokenTtl() pulumi.IntPtrOutput

The incremental lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.

func (LookupAuthBackendRoleResultOutput) TokenType added in v4.6.0 

func (o LookupAuthBackendRoleResultOutput) TokenType() pulumi.StringPtrOutput

The type of token that should be generated. Can be `service`, `batch`, or `default` to use the mount's tuned default (which unless changed will be `service` tokens). For token store roles, there are two additional possibilities: `default-service` and `default-batch` which specify the type to return unless the client requests a different type at generation time.

func (LookupAuthBackendRoleResultOutput) Type added in v4.6.0 

func (o LookupAuthBackendRoleResultOutput) Type() pulumi.StringOutput

Type of GCP role. Expected values are `iam` or `gce`.

type SecretBackend 

type SecretBackend struct {
	pulumi.CustomResourceState

	// The GCP service account credentials in JSON format.
	Credentials pulumi.StringPtrOutput `pulumi:"credentials"`
	// The default TTL for credentials
	// issued by this backend. Defaults to '0'.
	DefaultLeaseTtlSeconds pulumi.IntPtrOutput `pulumi:"defaultLeaseTtlSeconds"`
	// A human-friendly description for this backend.
	Description pulumi.StringPtrOutput `pulumi:"description"`
	// Boolean flag that can be explicitly set to true to enforce local mount in HA environment
	Local pulumi.BoolPtrOutput `pulumi:"local"`
	// The maximum TTL that can be requested
	// for credentials issued by this backend. Defaults to '0'.
	MaxLeaseTtlSeconds pulumi.IntPtrOutput `pulumi:"maxLeaseTtlSeconds"`
	// The unique path this backend should be mounted at. Must
	// not begin or end with a `/`. Defaults to `gcp`.
	Path pulumi.StringPtrOutput `pulumi:"path"`
}

func GetSecretBackend 

func GetSecretBackend(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *SecretBackendState, opts ...pulumi.ResourceOption) (*SecretBackend, error)

GetSecretBackend gets an existing SecretBackend resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewSecretBackend 

func NewSecretBackend(ctx *pulumi.Context,
	name string, args *SecretBackendArgs, opts ...pulumi.ResourceOption) (*SecretBackend, error)

NewSecretBackend registers a new resource with the given unique name, arguments, and options.

func (*SecretBackend) ElementType 

func (*SecretBackend) ElementType() reflect.Type

func (*SecretBackend) ToSecretBackendOutput 

func (i *SecretBackend) ToSecretBackendOutput() SecretBackendOutput

func (*SecretBackend) ToSecretBackendOutputWithContext 

func (i *SecretBackend) ToSecretBackendOutputWithContext(ctx context.Context) SecretBackendOutput

func (*SecretBackend) ToSecretBackendPtrOutput 

func (i *SecretBackend) ToSecretBackendPtrOutput() SecretBackendPtrOutput

func (*SecretBackend) ToSecretBackendPtrOutputWithContext 

func (i *SecretBackend) ToSecretBackendPtrOutputWithContext(ctx context.Context) SecretBackendPtrOutput

type SecretBackendArgs 

type SecretBackendArgs struct {
	// The GCP service account credentials in JSON format.
	Credentials pulumi.StringPtrInput
	// The default TTL for credentials
	// issued by this backend. Defaults to '0'.
	DefaultLeaseTtlSeconds pulumi.IntPtrInput
	// A human-friendly description for this backend.
	Description pulumi.StringPtrInput
	// Boolean flag that can be explicitly set to true to enforce local mount in HA environment
	Local pulumi.BoolPtrInput
	// The maximum TTL that can be requested
	// for credentials issued by this backend. Defaults to '0'.
	MaxLeaseTtlSeconds pulumi.IntPtrInput
	// The unique path this backend should be mounted at. Must
	// not begin or end with a `/`. Defaults to `gcp`.
	Path pulumi.StringPtrInput
}

The set of arguments for constructing a SecretBackend resource.

func (SecretBackendArgs) ElementType 

func (SecretBackendArgs) ElementType() reflect.Type

type SecretBackendArray 

type SecretBackendArray []SecretBackendInput

func (SecretBackendArray) ElementType 

func (SecretBackendArray) ElementType() reflect.Type

func (SecretBackendArray) ToSecretBackendArrayOutput 

func (i SecretBackendArray) ToSecretBackendArrayOutput() SecretBackendArrayOutput

func (SecretBackendArray) ToSecretBackendArrayOutputWithContext 

func (i SecretBackendArray) ToSecretBackendArrayOutputWithContext(ctx context.Context) SecretBackendArrayOutput

type SecretBackendArrayInput 

type SecretBackendArrayInput interface {
	pulumi.Input

	ToSecretBackendArrayOutput() SecretBackendArrayOutput
	ToSecretBackendArrayOutputWithContext(context.Context) SecretBackendArrayOutput
}

SecretBackendArrayInput is an input type that accepts SecretBackendArray and SecretBackendArrayOutput values. You can construct a concrete instance of `SecretBackendArrayInput` via: 

SecretBackendArray{ SecretBackendArgs{...} }

type SecretBackendArrayOutput 

type SecretBackendArrayOutput struct{ *pulumi.OutputState }

func (SecretBackendArrayOutput) ElementType 

func (SecretBackendArrayOutput) ElementType() reflect.Type

func (SecretBackendArrayOutput) Index 

func (o SecretBackendArrayOutput) Index(i pulumi.IntInput) SecretBackendOutput

func (SecretBackendArrayOutput) ToSecretBackendArrayOutput 

func (o SecretBackendArrayOutput) ToSecretBackendArrayOutput() SecretBackendArrayOutput

func (SecretBackendArrayOutput) ToSecretBackendArrayOutputWithContext 

func (o SecretBackendArrayOutput) ToSecretBackendArrayOutputWithContext(ctx context.Context) SecretBackendArrayOutput

type SecretBackendInput 

type SecretBackendInput interface {
	pulumi.Input

	ToSecretBackendOutput() SecretBackendOutput
	ToSecretBackendOutputWithContext(ctx context.Context) SecretBackendOutput
}

type SecretBackendMap 

type SecretBackendMap map[string]SecretBackendInput

func (SecretBackendMap) ElementType 

func (SecretBackendMap) ElementType() reflect.Type

func (SecretBackendMap) ToSecretBackendMapOutput 

func (i SecretBackendMap) ToSecretBackendMapOutput() SecretBackendMapOutput

func (SecretBackendMap) ToSecretBackendMapOutputWithContext 

func (i SecretBackendMap) ToSecretBackendMapOutputWithContext(ctx context.Context) SecretBackendMapOutput

type SecretBackendMapInput 

type SecretBackendMapInput interface {
	pulumi.Input

	ToSecretBackendMapOutput() SecretBackendMapOutput
	ToSecretBackendMapOutputWithContext(context.Context) SecretBackendMapOutput
}

SecretBackendMapInput is an input type that accepts SecretBackendMap and SecretBackendMapOutput values. You can construct a concrete instance of `SecretBackendMapInput` via: 

SecretBackendMap{ "key": SecretBackendArgs{...} }

type SecretBackendMapOutput 

type SecretBackendMapOutput struct{ *pulumi.OutputState }

func (SecretBackendMapOutput) ElementType 

func (SecretBackendMapOutput) ElementType() reflect.Type

func (SecretBackendMapOutput) MapIndex 

func (o SecretBackendMapOutput) MapIndex(k pulumi.StringInput) SecretBackendOutput

func (SecretBackendMapOutput) ToSecretBackendMapOutput 

func (o SecretBackendMapOutput) ToSecretBackendMapOutput() SecretBackendMapOutput

func (SecretBackendMapOutput) ToSecretBackendMapOutputWithContext 

func (o SecretBackendMapOutput) ToSecretBackendMapOutputWithContext(ctx context.Context) SecretBackendMapOutput

type SecretBackendOutput 

type SecretBackendOutput struct{ *pulumi.OutputState }

func (SecretBackendOutput) ElementType 

func (SecretBackendOutput) ElementType() reflect.Type

func (SecretBackendOutput) ToSecretBackendOutput 

func (o SecretBackendOutput) ToSecretBackendOutput() SecretBackendOutput

func (SecretBackendOutput) ToSecretBackendOutputWithContext 

func (o SecretBackendOutput) ToSecretBackendOutputWithContext(ctx context.Context) SecretBackendOutput

func (SecretBackendOutput) ToSecretBackendPtrOutput 

func (o SecretBackendOutput) ToSecretBackendPtrOutput() SecretBackendPtrOutput

func (SecretBackendOutput) ToSecretBackendPtrOutputWithContext 

func (o SecretBackendOutput) ToSecretBackendPtrOutputWithContext(ctx context.Context) SecretBackendPtrOutput

type SecretBackendPtrInput 

type SecretBackendPtrInput interface {
	pulumi.Input

	ToSecretBackendPtrOutput() SecretBackendPtrOutput
	ToSecretBackendPtrOutputWithContext(ctx context.Context) SecretBackendPtrOutput
}

type SecretBackendPtrOutput 

type SecretBackendPtrOutput struct{ *pulumi.OutputState }

func (SecretBackendPtrOutput) Elem added in v4.6.0 

func (o SecretBackendPtrOutput) Elem() SecretBackendOutput

func (SecretBackendPtrOutput) ElementType 

func (SecretBackendPtrOutput) ElementType() reflect.Type

func (SecretBackendPtrOutput) ToSecretBackendPtrOutput 

func (o SecretBackendPtrOutput) ToSecretBackendPtrOutput() SecretBackendPtrOutput

func (SecretBackendPtrOutput) ToSecretBackendPtrOutputWithContext 

func (o SecretBackendPtrOutput) ToSecretBackendPtrOutputWithContext(ctx context.Context) SecretBackendPtrOutput

type SecretBackendState 

type SecretBackendState struct {
	// The GCP service account credentials in JSON format.
	Credentials pulumi.StringPtrInput
	// The default TTL for credentials
	// issued by this backend. Defaults to '0'.
	DefaultLeaseTtlSeconds pulumi.IntPtrInput
	// A human-friendly description for this backend.
	Description pulumi.StringPtrInput
	// Boolean flag that can be explicitly set to true to enforce local mount in HA environment
	Local pulumi.BoolPtrInput
	// The maximum TTL that can be requested
	// for credentials issued by this backend. Defaults to '0'.
	MaxLeaseTtlSeconds pulumi.IntPtrInput
	// The unique path this backend should be mounted at. Must
	// not begin or end with a `/`. Defaults to `gcp`.
	Path pulumi.StringPtrInput
}

func (SecretBackendState) ElementType 

func (SecretBackendState) ElementType() reflect.Type

type SecretRoleset 

type SecretRoleset struct {
	pulumi.CustomResourceState

	// Path where the GCP Secrets Engine is mounted
	Backend pulumi.StringOutput `pulumi:"backend"`
	// Bindings to create for this roleset. This can be specified multiple times for multiple bindings. Structure is documented below.
	Bindings SecretRolesetBindingArrayOutput `pulumi:"bindings"`
	// Name of the GCP project that this roleset's service account will belong to.
	Project pulumi.StringOutput `pulumi:"project"`
	// Name of the Roleset to create
	Roleset pulumi.StringOutput `pulumi:"roleset"`
	// Type of secret generated for this role set. Accepted values: `accessToken`, `serviceAccountKey`. Defaults to `accessToken`.
	SecretType pulumi.StringOutput `pulumi:"secretType"`
	// Email of the service account created by Vault for this Roleset
	ServiceAccountEmail pulumi.StringOutput `pulumi:"serviceAccountEmail"`
	// List of OAuth scopes to assign to `accessToken` secrets generated under this role set (`accessToken` role sets only).
	TokenScopes pulumi.StringArrayOutput `pulumi:"tokenScopes"`
}

Creates a Roleset in the [GCP Secrets Engine](https://www.vaultproject.io/docs/secrets/gcp/index.html) for Vault.

Each Roleset is [tied](https://www.vaultproject.io/docs/secrets/gcp/index.html#service-accounts-are-tied-to-rolesets) to a Service Account, and can have one or more [bindings](https://www.vaultproject.io/docs/secrets/gcp/index.html#roleset-bindings) associated with it.

## Example Usage

```go package main

import ( 

"fmt"
"io/ioutil"

"github.com/pulumi/pulumi-vault/sdk/v4/go/vault/gcp"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func readFileOrPanic(path string) pulumi.StringPtrInput {
	data, err := ioutil.ReadFile(path)
	if err != nil {
		panic(err.Error())
	}
	return pulumi.String(string(data))
}

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		project := "my-awesome-project"
		gcp, err := gcp.NewSecretBackend(ctx, "gcp", &gcp.SecretBackendArgs{
			Path:        pulumi.String("gcp"),
			Credentials: readFileOrPanic("credentials.json"),
		})
		if err != nil {
			return err
		}
		_, err = gcp.NewSecretRoleset(ctx, "roleset", &gcp.SecretRolesetArgs{
			Backend:    gcp.Path,
			Roleset:    pulumi.String("project_viewer"),
			SecretType: pulumi.String("access_token"),
			Project:    pulumi.String(project),
			TokenScopes: pulumi.StringArray{
				pulumi.String("https://www.googleapis.com/auth/cloud-platform"),
			},
			Bindings: gcp.SecretRolesetBindingArray{
				&gcp.SecretRolesetBindingArgs{
					Resource: pulumi.String(fmt.Sprintf("%v%v", "//cloudresourcemanager.googleapis.com/projects/", project)),
					Roles: pulumi.StringArray{
						pulumi.String("roles/viewer"),
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

A roleset can be imported using its Vault Path. For example, referencing the example above,

```sh 

$ pulumi import vault:gcp/secretRoleset:SecretRoleset roleset gcp/roleset/project_viewer

```

func GetSecretRoleset 

func GetSecretRoleset(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *SecretRolesetState, opts ...pulumi.ResourceOption) (*SecretRoleset, error)

GetSecretRoleset gets an existing SecretRoleset resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewSecretRoleset 

func NewSecretRoleset(ctx *pulumi.Context,
	name string, args *SecretRolesetArgs, opts ...pulumi.ResourceOption) (*SecretRoleset, error)

NewSecretRoleset registers a new resource with the given unique name, arguments, and options.

func (*SecretRoleset) ElementType 

func (*SecretRoleset) ElementType() reflect.Type

func (*SecretRoleset) ToSecretRolesetOutput 

func (i *SecretRoleset) ToSecretRolesetOutput() SecretRolesetOutput

func (*SecretRoleset) ToSecretRolesetOutputWithContext 

func (i *SecretRoleset) ToSecretRolesetOutputWithContext(ctx context.Context) SecretRolesetOutput

func (*SecretRoleset) ToSecretRolesetPtrOutput 

func (i *SecretRoleset) ToSecretRolesetPtrOutput() SecretRolesetPtrOutput

func (*SecretRoleset) ToSecretRolesetPtrOutputWithContext 

func (i *SecretRoleset) ToSecretRolesetPtrOutputWithContext(ctx context.Context) SecretRolesetPtrOutput

type SecretRolesetArgs 

type SecretRolesetArgs struct {
	// Path where the GCP Secrets Engine is mounted
	Backend pulumi.StringInput
	// Bindings to create for this roleset. This can be specified multiple times for multiple bindings. Structure is documented below.
	Bindings SecretRolesetBindingArrayInput
	// Name of the GCP project that this roleset's service account will belong to.
	Project pulumi.StringInput
	// Name of the Roleset to create
	Roleset pulumi.StringInput
	// Type of secret generated for this role set. Accepted values: `accessToken`, `serviceAccountKey`. Defaults to `accessToken`.
	SecretType pulumi.StringPtrInput
	// List of OAuth scopes to assign to `accessToken` secrets generated under this role set (`accessToken` role sets only).
	TokenScopes pulumi.StringArrayInput
}

The set of arguments for constructing a SecretRoleset resource.

func (SecretRolesetArgs) ElementType 

func (SecretRolesetArgs) ElementType() reflect.Type

type SecretRolesetArray 

type SecretRolesetArray []SecretRolesetInput

func (SecretRolesetArray) ElementType 

func (SecretRolesetArray) ElementType() reflect.Type

func (SecretRolesetArray) ToSecretRolesetArrayOutput 

func (i SecretRolesetArray) ToSecretRolesetArrayOutput() SecretRolesetArrayOutput

func (SecretRolesetArray) ToSecretRolesetArrayOutputWithContext 

func (i SecretRolesetArray) ToSecretRolesetArrayOutputWithContext(ctx context.Context) SecretRolesetArrayOutput

type SecretRolesetArrayInput 

type SecretRolesetArrayInput interface {
	pulumi.Input

	ToSecretRolesetArrayOutput() SecretRolesetArrayOutput
	ToSecretRolesetArrayOutputWithContext(context.Context) SecretRolesetArrayOutput
}

SecretRolesetArrayInput is an input type that accepts SecretRolesetArray and SecretRolesetArrayOutput values. You can construct a concrete instance of `SecretRolesetArrayInput` via: 

SecretRolesetArray{ SecretRolesetArgs{...} }

type SecretRolesetArrayOutput 

type SecretRolesetArrayOutput struct{ *pulumi.OutputState }

func (SecretRolesetArrayOutput) ElementType 

func (SecretRolesetArrayOutput) ElementType() reflect.Type

func (SecretRolesetArrayOutput) Index 

func (o SecretRolesetArrayOutput) Index(i pulumi.IntInput) SecretRolesetOutput

func (SecretRolesetArrayOutput) ToSecretRolesetArrayOutput 

func (o SecretRolesetArrayOutput) ToSecretRolesetArrayOutput() SecretRolesetArrayOutput

func (SecretRolesetArrayOutput) ToSecretRolesetArrayOutputWithContext 

func (o SecretRolesetArrayOutput) ToSecretRolesetArrayOutputWithContext(ctx context.Context) SecretRolesetArrayOutput

type SecretRolesetBinding 

type SecretRolesetBinding struct {
	// Resource or resource path for which IAM policy information will be bound. The resource path may be specified in a few different [formats](https://www.vaultproject.io/docs/secrets/gcp/index.html#roleset-bindings).
	Resource string `pulumi:"resource"`
	// List of [GCP IAM roles](https://cloud.google.com/iam/docs/understanding-roles) for the resource.
	Roles []string `pulumi:"roles"`
}

type SecretRolesetBindingArgs 

type SecretRolesetBindingArgs struct {
	// Resource or resource path for which IAM policy information will be bound. The resource path may be specified in a few different [formats](https://www.vaultproject.io/docs/secrets/gcp/index.html#roleset-bindings).
	Resource pulumi.StringInput `pulumi:"resource"`
	// List of [GCP IAM roles](https://cloud.google.com/iam/docs/understanding-roles) for the resource.
	Roles pulumi.StringArrayInput `pulumi:"roles"`
}

func (SecretRolesetBindingArgs) ElementType 

func (SecretRolesetBindingArgs) ElementType() reflect.Type

func (SecretRolesetBindingArgs) ToSecretRolesetBindingOutput 

func (i SecretRolesetBindingArgs) ToSecretRolesetBindingOutput() SecretRolesetBindingOutput

func (SecretRolesetBindingArgs) ToSecretRolesetBindingOutputWithContext 

func (i SecretRolesetBindingArgs) ToSecretRolesetBindingOutputWithContext(ctx context.Context) SecretRolesetBindingOutput

type SecretRolesetBindingArray 

type SecretRolesetBindingArray []SecretRolesetBindingInput

func (SecretRolesetBindingArray) ElementType 

func (SecretRolesetBindingArray) ElementType() reflect.Type

func (SecretRolesetBindingArray) ToSecretRolesetBindingArrayOutput 

func (i SecretRolesetBindingArray) ToSecretRolesetBindingArrayOutput() SecretRolesetBindingArrayOutput

func (SecretRolesetBindingArray) ToSecretRolesetBindingArrayOutputWithContext 

func (i SecretRolesetBindingArray) ToSecretRolesetBindingArrayOutputWithContext(ctx context.Context) SecretRolesetBindingArrayOutput

type SecretRolesetBindingArrayInput 

type SecretRolesetBindingArrayInput interface {
	pulumi.Input

	ToSecretRolesetBindingArrayOutput() SecretRolesetBindingArrayOutput
	ToSecretRolesetBindingArrayOutputWithContext(context.Context) SecretRolesetBindingArrayOutput
}

SecretRolesetBindingArrayInput is an input type that accepts SecretRolesetBindingArray and SecretRolesetBindingArrayOutput values. You can construct a concrete instance of `SecretRolesetBindingArrayInput` via: 

SecretRolesetBindingArray{ SecretRolesetBindingArgs{...} }

type SecretRolesetBindingArrayOutput 

type SecretRolesetBindingArrayOutput struct{ *pulumi.OutputState }

func (SecretRolesetBindingArrayOutput) ElementType 

func (SecretRolesetBindingArrayOutput) ElementType() reflect.Type

func (SecretRolesetBindingArrayOutput) Index 

func (o SecretRolesetBindingArrayOutput) Index(i pulumi.IntInput) SecretRolesetBindingOutput

func (SecretRolesetBindingArrayOutput) ToSecretRolesetBindingArrayOutput 

func (o SecretRolesetBindingArrayOutput) ToSecretRolesetBindingArrayOutput() SecretRolesetBindingArrayOutput

func (SecretRolesetBindingArrayOutput) ToSecretRolesetBindingArrayOutputWithContext 

func (o SecretRolesetBindingArrayOutput) ToSecretRolesetBindingArrayOutputWithContext(ctx context.Context) SecretRolesetBindingArrayOutput

type SecretRolesetBindingInput 

type SecretRolesetBindingInput interface {
	pulumi.Input

	ToSecretRolesetBindingOutput() SecretRolesetBindingOutput
	ToSecretRolesetBindingOutputWithContext(context.Context) SecretRolesetBindingOutput
}

SecretRolesetBindingInput is an input type that accepts SecretRolesetBindingArgs and SecretRolesetBindingOutput values. You can construct a concrete instance of `SecretRolesetBindingInput` via: 

SecretRolesetBindingArgs{...}

type SecretRolesetBindingOutput 

type SecretRolesetBindingOutput struct{ *pulumi.OutputState }

func (SecretRolesetBindingOutput) ElementType 

func (SecretRolesetBindingOutput) ElementType() reflect.Type

func (SecretRolesetBindingOutput) Resource 

func (o SecretRolesetBindingOutput) Resource() pulumi.StringOutput

Resource or resource path for which IAM policy information will be bound. The resource path may be specified in a few different [formats](https://www.vaultproject.io/docs/secrets/gcp/index.html#roleset-bindings).

func (SecretRolesetBindingOutput) Roles 

func (o SecretRolesetBindingOutput) Roles() pulumi.StringArrayOutput

List of [GCP IAM roles](https://cloud.google.com/iam/docs/understanding-roles) for the resource.

func (SecretRolesetBindingOutput) ToSecretRolesetBindingOutput 

func (o SecretRolesetBindingOutput) ToSecretRolesetBindingOutput() SecretRolesetBindingOutput

func (SecretRolesetBindingOutput) ToSecretRolesetBindingOutputWithContext 

func (o SecretRolesetBindingOutput) ToSecretRolesetBindingOutputWithContext(ctx context.Context) SecretRolesetBindingOutput

type SecretRolesetInput 

type SecretRolesetInput interface {
	pulumi.Input

	ToSecretRolesetOutput() SecretRolesetOutput
	ToSecretRolesetOutputWithContext(ctx context.Context) SecretRolesetOutput
}

type SecretRolesetMap 

type SecretRolesetMap map[string]SecretRolesetInput

func (SecretRolesetMap) ElementType 

func (SecretRolesetMap) ElementType() reflect.Type

func (SecretRolesetMap) ToSecretRolesetMapOutput 

func (i SecretRolesetMap) ToSecretRolesetMapOutput() SecretRolesetMapOutput

func (SecretRolesetMap) ToSecretRolesetMapOutputWithContext 

func (i SecretRolesetMap) ToSecretRolesetMapOutputWithContext(ctx context.Context) SecretRolesetMapOutput

type SecretRolesetMapInput 

type SecretRolesetMapInput interface {
	pulumi.Input

	ToSecretRolesetMapOutput() SecretRolesetMapOutput
	ToSecretRolesetMapOutputWithContext(context.Context) SecretRolesetMapOutput
}

SecretRolesetMapInput is an input type that accepts SecretRolesetMap and SecretRolesetMapOutput values. You can construct a concrete instance of `SecretRolesetMapInput` via: 

SecretRolesetMap{ "key": SecretRolesetArgs{...} }

type SecretRolesetMapOutput 

type SecretRolesetMapOutput struct{ *pulumi.OutputState }

func (SecretRolesetMapOutput) ElementType 

func (SecretRolesetMapOutput) ElementType() reflect.Type

func (SecretRolesetMapOutput) MapIndex 

func (o SecretRolesetMapOutput) MapIndex(k pulumi.StringInput) SecretRolesetOutput

func (SecretRolesetMapOutput) ToSecretRolesetMapOutput 

func (o SecretRolesetMapOutput) ToSecretRolesetMapOutput() SecretRolesetMapOutput

func (SecretRolesetMapOutput) ToSecretRolesetMapOutputWithContext 

func (o SecretRolesetMapOutput) ToSecretRolesetMapOutputWithContext(ctx context.Context) SecretRolesetMapOutput

type SecretRolesetOutput 

type SecretRolesetOutput struct{ *pulumi.OutputState }

func (SecretRolesetOutput) ElementType 

func (SecretRolesetOutput) ElementType() reflect.Type

func (SecretRolesetOutput) ToSecretRolesetOutput 

func (o SecretRolesetOutput) ToSecretRolesetOutput() SecretRolesetOutput

func (SecretRolesetOutput) ToSecretRolesetOutputWithContext 

func (o SecretRolesetOutput) ToSecretRolesetOutputWithContext(ctx context.Context) SecretRolesetOutput

func (SecretRolesetOutput) ToSecretRolesetPtrOutput 

func (o SecretRolesetOutput) ToSecretRolesetPtrOutput() SecretRolesetPtrOutput

func (SecretRolesetOutput) ToSecretRolesetPtrOutputWithContext 

func (o SecretRolesetOutput) ToSecretRolesetPtrOutputWithContext(ctx context.Context) SecretRolesetPtrOutput

type SecretRolesetPtrInput 

type SecretRolesetPtrInput interface {
	pulumi.Input

	ToSecretRolesetPtrOutput() SecretRolesetPtrOutput
	ToSecretRolesetPtrOutputWithContext(ctx context.Context) SecretRolesetPtrOutput
}

type SecretRolesetPtrOutput 

type SecretRolesetPtrOutput struct{ *pulumi.OutputState }

func (SecretRolesetPtrOutput) Elem added in v4.6.0 

func (o SecretRolesetPtrOutput) Elem() SecretRolesetOutput

func (SecretRolesetPtrOutput) ElementType 

func (SecretRolesetPtrOutput) ElementType() reflect.Type

func (SecretRolesetPtrOutput) ToSecretRolesetPtrOutput 

func (o SecretRolesetPtrOutput) ToSecretRolesetPtrOutput() SecretRolesetPtrOutput

func (SecretRolesetPtrOutput) ToSecretRolesetPtrOutputWithContext 

func (o SecretRolesetPtrOutput) ToSecretRolesetPtrOutputWithContext(ctx context.Context) SecretRolesetPtrOutput

type SecretRolesetState 

type SecretRolesetState struct {
	// Path where the GCP Secrets Engine is mounted
	Backend pulumi.StringPtrInput
	// Bindings to create for this roleset. This can be specified multiple times for multiple bindings. Structure is documented below.
	Bindings SecretRolesetBindingArrayInput
	// Name of the GCP project that this roleset's service account will belong to.
	Project pulumi.StringPtrInput
	// Name of the Roleset to create
	Roleset pulumi.StringPtrInput
	// Type of secret generated for this role set. Accepted values: `accessToken`, `serviceAccountKey`. Defaults to `accessToken`.
	SecretType pulumi.StringPtrInput
	// Email of the service account created by Vault for this Roleset
	ServiceAccountEmail pulumi.StringPtrInput
	// List of OAuth scopes to assign to `accessToken` secrets generated under this role set (`accessToken` role sets only).
	TokenScopes pulumi.StringArrayInput
}

func (SecretRolesetState) ElementType 

func (SecretRolesetState) ElementType() reflect.Type

type SecretStaticAccount added in v4.4.0 

type SecretStaticAccount struct {
	pulumi.CustomResourceState

	// Path where the GCP Secrets Engine is mounted
	Backend pulumi.StringOutput `pulumi:"backend"`
	// Bindings to create for this static account. This can be specified multiple times for multiple bindings. Structure is documented below.
	Bindings SecretStaticAccountBindingArrayOutput `pulumi:"bindings"`
	// Type of secret generated for this static account. Accepted values: `accessToken`, `serviceAccountKey`. Defaults to `accessToken`.
	SecretType pulumi.StringOutput `pulumi:"secretType"`
	// Email of the GCP service account to manage.
	ServiceAccountEmail pulumi.StringOutput `pulumi:"serviceAccountEmail"`
	// Project the service account belongs to.
	ServiceAccountProject pulumi.StringOutput `pulumi:"serviceAccountProject"`
	// Name of the Static Account to create
	StaticAccount pulumi.StringOutput `pulumi:"staticAccount"`
	// List of OAuth scopes to assign to `accessToken` secrets generated under this static account (`accessToken` static accounts only).
	TokenScopes pulumi.StringArrayOutput `pulumi:"tokenScopes"`
}

Creates a Static Account in the [GCP Secrets Engine](https://www.vaultproject.io/docs/secrets/gcp/index.html) for Vault.

Each [static account](https://www.vaultproject.io/docs/secrets/gcp/index.html#static-accounts) is tied to a separately managed Service Account, and can have one or more [bindings](https://www.vaultproject.io/docs/secrets/gcp/index.html#bindings) associated with it.

## Example Usage

```go package main

import ( 

"fmt"
"io/ioutil"

"github.com/pulumi/pulumi-gcp/sdk/v5/go/gcp/serviceAccount"
"github.com/pulumi/pulumi-vault/sdk/v4/go/vault/gcp"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func readFileOrPanic(path string) pulumi.StringPtrInput {
	data, err := ioutil.ReadFile(path)
	if err != nil {
		panic(err.Error())
	}
	return pulumi.String(string(data))
}

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		this, err := serviceAccount.NewAccount(ctx, "this", &serviceAccount.AccountArgs{
			AccountId: pulumi.String("my-awesome-account"),
		})
		if err != nil {
			return err
		}
		gcp, err := gcp.NewSecretBackend(ctx, "gcp", &gcp.SecretBackendArgs{
			Path:        pulumi.String("gcp"),
			Credentials: readFileOrPanic("credentials.json"),
		})
		if err != nil {
			return err
		}
		_, err = gcp.NewSecretStaticAccount(ctx, "staticAccount", &gcp.SecretStaticAccountArgs{
			Backend:       gcp.Path,
			StaticAccount: pulumi.String("project_viewer"),
			SecretType:    pulumi.String("access_token"),
			TokenScopes: pulumi.StringArray{
				pulumi.String("https://www.googleapis.com/auth/cloud-platform"),
			},
			ServiceAccountEmail: this.Email,
			Bindings: gcp.SecretStaticAccountBindingArray{
				&gcp.SecretStaticAccountBindingArgs{
					Resource: this.Project.ApplyT(func(project string) (string, error) {
						return fmt.Sprintf("%v%v", "//cloudresourcemanager.googleapis.com/projects/", project), nil
					}).(pulumi.StringOutput),
					Roles: pulumi.StringArray{
						pulumi.String("roles/viewer"),
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

A static account can be imported using its Vault Path. For example, referencing the example above,

```sh 

$ pulumi import vault:gcp/secretStaticAccount:SecretStaticAccount static_account gcp/static-account/project_viewer

```

func GetSecretStaticAccount added in v4.4.0 

func GetSecretStaticAccount(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *SecretStaticAccountState, opts ...pulumi.ResourceOption) (*SecretStaticAccount, error)

GetSecretStaticAccount gets an existing SecretStaticAccount resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewSecretStaticAccount added in v4.4.0 

func NewSecretStaticAccount(ctx *pulumi.Context,
	name string, args *SecretStaticAccountArgs, opts ...pulumi.ResourceOption) (*SecretStaticAccount, error)

NewSecretStaticAccount registers a new resource with the given unique name, arguments, and options.

func (*SecretStaticAccount) ElementType added in v4.4.0 

func (*SecretStaticAccount) ElementType() reflect.Type

func (*SecretStaticAccount) ToSecretStaticAccountOutput added in v4.4.0 

func (i *SecretStaticAccount) ToSecretStaticAccountOutput() SecretStaticAccountOutput

func (*SecretStaticAccount) ToSecretStaticAccountOutputWithContext added in v4.4.0 

func (i *SecretStaticAccount) ToSecretStaticAccountOutputWithContext(ctx context.Context) SecretStaticAccountOutput

func (*SecretStaticAccount) ToSecretStaticAccountPtrOutput added in v4.4.0 

func (i *SecretStaticAccount) ToSecretStaticAccountPtrOutput() SecretStaticAccountPtrOutput

func (*SecretStaticAccount) ToSecretStaticAccountPtrOutputWithContext added in v4.4.0 

func (i *SecretStaticAccount) ToSecretStaticAccountPtrOutputWithContext(ctx context.Context) SecretStaticAccountPtrOutput

type SecretStaticAccountArgs added in v4.4.0 

type SecretStaticAccountArgs struct {
	// Path where the GCP Secrets Engine is mounted
	Backend pulumi.StringInput
	// Bindings to create for this static account. This can be specified multiple times for multiple bindings. Structure is documented below.
	Bindings SecretStaticAccountBindingArrayInput
	// Type of secret generated for this static account. Accepted values: `accessToken`, `serviceAccountKey`. Defaults to `accessToken`.
	SecretType pulumi.StringPtrInput
	// Email of the GCP service account to manage.
	ServiceAccountEmail pulumi.StringInput
	// Name of the Static Account to create
	StaticAccount pulumi.StringInput
	// List of OAuth scopes to assign to `accessToken` secrets generated under this static account (`accessToken` static accounts only).
	TokenScopes pulumi.StringArrayInput
}

The set of arguments for constructing a SecretStaticAccount resource.

func (SecretStaticAccountArgs) ElementType added in v4.4.0 

func (SecretStaticAccountArgs) ElementType() reflect.Type

type SecretStaticAccountArray added in v4.4.0 

type SecretStaticAccountArray []SecretStaticAccountInput

func (SecretStaticAccountArray) ElementType added in v4.4.0 

func (SecretStaticAccountArray) ElementType() reflect.Type

func (SecretStaticAccountArray) ToSecretStaticAccountArrayOutput added in v4.4.0 

func (i SecretStaticAccountArray) ToSecretStaticAccountArrayOutput() SecretStaticAccountArrayOutput

func (SecretStaticAccountArray) ToSecretStaticAccountArrayOutputWithContext added in v4.4.0 

func (i SecretStaticAccountArray) ToSecretStaticAccountArrayOutputWithContext(ctx context.Context) SecretStaticAccountArrayOutput

type SecretStaticAccountArrayInput added in v4.4.0 

type SecretStaticAccountArrayInput interface {
	pulumi.Input

	ToSecretStaticAccountArrayOutput() SecretStaticAccountArrayOutput
	ToSecretStaticAccountArrayOutputWithContext(context.Context) SecretStaticAccountArrayOutput
}

SecretStaticAccountArrayInput is an input type that accepts SecretStaticAccountArray and SecretStaticAccountArrayOutput values. You can construct a concrete instance of `SecretStaticAccountArrayInput` via: 

SecretStaticAccountArray{ SecretStaticAccountArgs{...} }

type SecretStaticAccountArrayOutput added in v4.4.0 

type SecretStaticAccountArrayOutput struct{ *pulumi.OutputState }

func (SecretStaticAccountArrayOutput) ElementType added in v4.4.0 

func (SecretStaticAccountArrayOutput) ElementType() reflect.Type

func (SecretStaticAccountArrayOutput) Index added in v4.4.0 

func (o SecretStaticAccountArrayOutput) Index(i pulumi.IntInput) SecretStaticAccountOutput

func (SecretStaticAccountArrayOutput) ToSecretStaticAccountArrayOutput added in v4.4.0 

func (o SecretStaticAccountArrayOutput) ToSecretStaticAccountArrayOutput() SecretStaticAccountArrayOutput

func (SecretStaticAccountArrayOutput) ToSecretStaticAccountArrayOutputWithContext added in v4.4.0 

func (o SecretStaticAccountArrayOutput) ToSecretStaticAccountArrayOutputWithContext(ctx context.Context) SecretStaticAccountArrayOutput

type SecretStaticAccountBinding added in v4.4.0 

type SecretStaticAccountBinding struct {
	// Resource or resource path for which IAM policy information will be bound. The resource path may be specified in a few different [formats](https://www.vaultproject.io/docs/secrets/gcp/index.html#bindings).
	Resource string `pulumi:"resource"`
	// List of [GCP IAM roles](https://cloud.google.com/iam/docs/understanding-roles) for the resource.
	Roles []string `pulumi:"roles"`
}

type SecretStaticAccountBindingArgs added in v4.4.0 

type SecretStaticAccountBindingArgs struct {
	// Resource or resource path for which IAM policy information will be bound. The resource path may be specified in a few different [formats](https://www.vaultproject.io/docs/secrets/gcp/index.html#bindings).
	Resource pulumi.StringInput `pulumi:"resource"`
	// List of [GCP IAM roles](https://cloud.google.com/iam/docs/understanding-roles) for the resource.
	Roles pulumi.StringArrayInput `pulumi:"roles"`
}

func (SecretStaticAccountBindingArgs) ElementType added in v4.4.0 

func (SecretStaticAccountBindingArgs) ElementType() reflect.Type

func (SecretStaticAccountBindingArgs) ToSecretStaticAccountBindingOutput added in v4.4.0 

func (i SecretStaticAccountBindingArgs) ToSecretStaticAccountBindingOutput() SecretStaticAccountBindingOutput

func (SecretStaticAccountBindingArgs) ToSecretStaticAccountBindingOutputWithContext added in v4.4.0 

func (i SecretStaticAccountBindingArgs) ToSecretStaticAccountBindingOutputWithContext(ctx context.Context) SecretStaticAccountBindingOutput

type SecretStaticAccountBindingArray added in v4.4.0 

type SecretStaticAccountBindingArray []SecretStaticAccountBindingInput

func (SecretStaticAccountBindingArray) ElementType added in v4.4.0 

func (SecretStaticAccountBindingArray) ElementType() reflect.Type

func (SecretStaticAccountBindingArray) ToSecretStaticAccountBindingArrayOutput added in v4.4.0 

func (i SecretStaticAccountBindingArray) ToSecretStaticAccountBindingArrayOutput() SecretStaticAccountBindingArrayOutput

func (SecretStaticAccountBindingArray) ToSecretStaticAccountBindingArrayOutputWithContext added in v4.4.0 

func (i SecretStaticAccountBindingArray) ToSecretStaticAccountBindingArrayOutputWithContext(ctx context.Context) SecretStaticAccountBindingArrayOutput

type SecretStaticAccountBindingArrayInput added in v4.4.0 

type SecretStaticAccountBindingArrayInput interface {
	pulumi.Input

	ToSecretStaticAccountBindingArrayOutput() SecretStaticAccountBindingArrayOutput
	ToSecretStaticAccountBindingArrayOutputWithContext(context.Context) SecretStaticAccountBindingArrayOutput
}

SecretStaticAccountBindingArrayInput is an input type that accepts SecretStaticAccountBindingArray and SecretStaticAccountBindingArrayOutput values. You can construct a concrete instance of `SecretStaticAccountBindingArrayInput` via: 

SecretStaticAccountBindingArray{ SecretStaticAccountBindingArgs{...} }

type SecretStaticAccountBindingArrayOutput added in v4.4.0 

type SecretStaticAccountBindingArrayOutput struct{ *pulumi.OutputState }

func (SecretStaticAccountBindingArrayOutput) ElementType added in v4.4.0 

func (SecretStaticAccountBindingArrayOutput) ElementType() reflect.Type

func (SecretStaticAccountBindingArrayOutput) Index added in v4.4.0 

func (o SecretStaticAccountBindingArrayOutput) Index(i pulumi.IntInput) SecretStaticAccountBindingOutput

func (SecretStaticAccountBindingArrayOutput) ToSecretStaticAccountBindingArrayOutput added in v4.4.0 

func (o SecretStaticAccountBindingArrayOutput) ToSecretStaticAccountBindingArrayOutput() SecretStaticAccountBindingArrayOutput

func (SecretStaticAccountBindingArrayOutput) ToSecretStaticAccountBindingArrayOutputWithContext added in v4.4.0 

func (o SecretStaticAccountBindingArrayOutput) ToSecretStaticAccountBindingArrayOutputWithContext(ctx context.Context) SecretStaticAccountBindingArrayOutput

type SecretStaticAccountBindingInput added in v4.4.0 

type SecretStaticAccountBindingInput interface {
	pulumi.Input

	ToSecretStaticAccountBindingOutput() SecretStaticAccountBindingOutput
	ToSecretStaticAccountBindingOutputWithContext(context.Context) SecretStaticAccountBindingOutput
}

SecretStaticAccountBindingInput is an input type that accepts SecretStaticAccountBindingArgs and SecretStaticAccountBindingOutput values. You can construct a concrete instance of `SecretStaticAccountBindingInput` via: 

SecretStaticAccountBindingArgs{...}

type SecretStaticAccountBindingOutput added in v4.4.0 

type SecretStaticAccountBindingOutput struct{ *pulumi.OutputState }

func (SecretStaticAccountBindingOutput) ElementType added in v4.4.0 

func (SecretStaticAccountBindingOutput) ElementType() reflect.Type

func (SecretStaticAccountBindingOutput) Resource added in v4.4.0 

func (o SecretStaticAccountBindingOutput) Resource() pulumi.StringOutput

Resource or resource path for which IAM policy information will be bound. The resource path may be specified in a few different [formats](https://www.vaultproject.io/docs/secrets/gcp/index.html#bindings).

func (SecretStaticAccountBindingOutput) Roles added in v4.4.0 

func (o SecretStaticAccountBindingOutput) Roles() pulumi.StringArrayOutput

List of [GCP IAM roles](https://cloud.google.com/iam/docs/understanding-roles) for the resource.

func (SecretStaticAccountBindingOutput) ToSecretStaticAccountBindingOutput added in v4.4.0 

func (o SecretStaticAccountBindingOutput) ToSecretStaticAccountBindingOutput() SecretStaticAccountBindingOutput

func (SecretStaticAccountBindingOutput) ToSecretStaticAccountBindingOutputWithContext added in v4.4.0 

func (o SecretStaticAccountBindingOutput) ToSecretStaticAccountBindingOutputWithContext(ctx context.Context) SecretStaticAccountBindingOutput

type SecretStaticAccountInput added in v4.4.0 

type SecretStaticAccountInput interface {
	pulumi.Input

	ToSecretStaticAccountOutput() SecretStaticAccountOutput
	ToSecretStaticAccountOutputWithContext(ctx context.Context) SecretStaticAccountOutput
}

type SecretStaticAccountMap added in v4.4.0 

type SecretStaticAccountMap map[string]SecretStaticAccountInput

func (SecretStaticAccountMap) ElementType added in v4.4.0 

func (SecretStaticAccountMap) ElementType() reflect.Type

func (SecretStaticAccountMap) ToSecretStaticAccountMapOutput added in v4.4.0 

func (i SecretStaticAccountMap) ToSecretStaticAccountMapOutput() SecretStaticAccountMapOutput

func (SecretStaticAccountMap) ToSecretStaticAccountMapOutputWithContext added in v4.4.0 

func (i SecretStaticAccountMap) ToSecretStaticAccountMapOutputWithContext(ctx context.Context) SecretStaticAccountMapOutput

type SecretStaticAccountMapInput added in v4.4.0 

type SecretStaticAccountMapInput interface {
	pulumi.Input

	ToSecretStaticAccountMapOutput() SecretStaticAccountMapOutput
	ToSecretStaticAccountMapOutputWithContext(context.Context) SecretStaticAccountMapOutput
}

SecretStaticAccountMapInput is an input type that accepts SecretStaticAccountMap and SecretStaticAccountMapOutput values. You can construct a concrete instance of `SecretStaticAccountMapInput` via: 

SecretStaticAccountMap{ "key": SecretStaticAccountArgs{...} }

type SecretStaticAccountMapOutput added in v4.4.0 

type SecretStaticAccountMapOutput struct{ *pulumi.OutputState }

func (SecretStaticAccountMapOutput) ElementType added in v4.4.0 

func (SecretStaticAccountMapOutput) ElementType() reflect.Type

func (SecretStaticAccountMapOutput) MapIndex added in v4.4.0 

func (o SecretStaticAccountMapOutput) MapIndex(k pulumi.StringInput) SecretStaticAccountOutput

func (SecretStaticAccountMapOutput) ToSecretStaticAccountMapOutput added in v4.4.0 

func (o SecretStaticAccountMapOutput) ToSecretStaticAccountMapOutput() SecretStaticAccountMapOutput

func (SecretStaticAccountMapOutput) ToSecretStaticAccountMapOutputWithContext added in v4.4.0 

func (o SecretStaticAccountMapOutput) ToSecretStaticAccountMapOutputWithContext(ctx context.Context) SecretStaticAccountMapOutput

type SecretStaticAccountOutput added in v4.4.0 

type SecretStaticAccountOutput struct{ *pulumi.OutputState }

func (SecretStaticAccountOutput) ElementType added in v4.4.0 

func (SecretStaticAccountOutput) ElementType() reflect.Type

func (SecretStaticAccountOutput) ToSecretStaticAccountOutput added in v4.4.0 

func (o SecretStaticAccountOutput) ToSecretStaticAccountOutput() SecretStaticAccountOutput

func (SecretStaticAccountOutput) ToSecretStaticAccountOutputWithContext added in v4.4.0 

func (o SecretStaticAccountOutput) ToSecretStaticAccountOutputWithContext(ctx context.Context) SecretStaticAccountOutput

func (SecretStaticAccountOutput) ToSecretStaticAccountPtrOutput added in v4.4.0 

func (o SecretStaticAccountOutput) ToSecretStaticAccountPtrOutput() SecretStaticAccountPtrOutput

func (SecretStaticAccountOutput) ToSecretStaticAccountPtrOutputWithContext added in v4.4.0 

func (o SecretStaticAccountOutput) ToSecretStaticAccountPtrOutputWithContext(ctx context.Context) SecretStaticAccountPtrOutput

type SecretStaticAccountPtrInput added in v4.4.0 

type SecretStaticAccountPtrInput interface {
	pulumi.Input

	ToSecretStaticAccountPtrOutput() SecretStaticAccountPtrOutput
	ToSecretStaticAccountPtrOutputWithContext(ctx context.Context) SecretStaticAccountPtrOutput
}

type SecretStaticAccountPtrOutput added in v4.4.0 

type SecretStaticAccountPtrOutput struct{ *pulumi.OutputState }

func (SecretStaticAccountPtrOutput) Elem added in v4.6.0 

func (o SecretStaticAccountPtrOutput) Elem() SecretStaticAccountOutput

func (SecretStaticAccountPtrOutput) ElementType added in v4.4.0 

func (SecretStaticAccountPtrOutput) ElementType() reflect.Type

func (SecretStaticAccountPtrOutput) ToSecretStaticAccountPtrOutput added in v4.4.0 

func (o SecretStaticAccountPtrOutput) ToSecretStaticAccountPtrOutput() SecretStaticAccountPtrOutput

func (SecretStaticAccountPtrOutput) ToSecretStaticAccountPtrOutputWithContext added in v4.4.0 

func (o SecretStaticAccountPtrOutput) ToSecretStaticAccountPtrOutputWithContext(ctx context.Context) SecretStaticAccountPtrOutput

type SecretStaticAccountState added in v4.4.0 

type SecretStaticAccountState struct {
	// Path where the GCP Secrets Engine is mounted
	Backend pulumi.StringPtrInput
	// Bindings to create for this static account. This can be specified multiple times for multiple bindings. Structure is documented below.
	Bindings SecretStaticAccountBindingArrayInput
	// Type of secret generated for this static account. Accepted values: `accessToken`, `serviceAccountKey`. Defaults to `accessToken`.
	SecretType pulumi.StringPtrInput
	// Email of the GCP service account to manage.
	ServiceAccountEmail pulumi.StringPtrInput
	// Project the service account belongs to.
	ServiceAccountProject pulumi.StringPtrInput
	// Name of the Static Account to create
	StaticAccount pulumi.StringPtrInput
	// List of OAuth scopes to assign to `accessToken` secrets generated under this static account (`accessToken` static accounts only).
	TokenScopes pulumi.StringArrayInput
}

func (SecretStaticAccountState) ElementType added in v4.4.0 

func (SecretStaticAccountState) ElementType() reflect.Type

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.