Documentation ¶
Index ¶
- type AuthBackendLogin
- type AuthBackendLoginArgs
- type AuthBackendLoginArray
- type AuthBackendLoginArrayInput
- type AuthBackendLoginArrayOutput
- func (AuthBackendLoginArrayOutput) ElementType() reflect.Type
- func (o AuthBackendLoginArrayOutput) Index(i pulumi.IntInput) AuthBackendLoginOutput
- func (o AuthBackendLoginArrayOutput) ToAuthBackendLoginArrayOutput() AuthBackendLoginArrayOutput
- func (o AuthBackendLoginArrayOutput) ToAuthBackendLoginArrayOutputWithContext(ctx context.Context) AuthBackendLoginArrayOutput
- type AuthBackendLoginInput
- type AuthBackendLoginMap
- type AuthBackendLoginMapInput
- type AuthBackendLoginMapOutput
- func (AuthBackendLoginMapOutput) ElementType() reflect.Type
- func (o AuthBackendLoginMapOutput) MapIndex(k pulumi.StringInput) AuthBackendLoginOutput
- func (o AuthBackendLoginMapOutput) ToAuthBackendLoginMapOutput() AuthBackendLoginMapOutput
- func (o AuthBackendLoginMapOutput) ToAuthBackendLoginMapOutputWithContext(ctx context.Context) AuthBackendLoginMapOutput
- type AuthBackendLoginOutput
- func (o AuthBackendLoginOutput) Accessor() pulumi.StringOutput
- func (o AuthBackendLoginOutput) Backend() pulumi.StringPtrOutput
- func (o AuthBackendLoginOutput) ClientToken() pulumi.StringOutput
- func (AuthBackendLoginOutput) ElementType() reflect.Type
- func (o AuthBackendLoginOutput) LeaseDuration() pulumi.IntOutput
- func (o AuthBackendLoginOutput) LeaseStarted() pulumi.StringOutput
- func (o AuthBackendLoginOutput) Metadata() pulumi.StringMapOutput
- func (o AuthBackendLoginOutput) Namespace() pulumi.StringPtrOutput
- func (o AuthBackendLoginOutput) Policies() pulumi.StringArrayOutput
- func (o AuthBackendLoginOutput) Renewable() pulumi.BoolOutput
- func (o AuthBackendLoginOutput) RoleId() pulumi.StringOutput
- func (o AuthBackendLoginOutput) SecretId() pulumi.StringPtrOutput
- func (o AuthBackendLoginOutput) ToAuthBackendLoginOutput() AuthBackendLoginOutput
- func (o AuthBackendLoginOutput) ToAuthBackendLoginOutputWithContext(ctx context.Context) AuthBackendLoginOutput
- type AuthBackendLoginState
- type AuthBackendRole
- type AuthBackendRoleArgs
- type AuthBackendRoleArray
- type AuthBackendRoleArrayInput
- type AuthBackendRoleArrayOutput
- func (AuthBackendRoleArrayOutput) ElementType() reflect.Type
- func (o AuthBackendRoleArrayOutput) Index(i pulumi.IntInput) AuthBackendRoleOutput
- func (o AuthBackendRoleArrayOutput) ToAuthBackendRoleArrayOutput() AuthBackendRoleArrayOutput
- func (o AuthBackendRoleArrayOutput) ToAuthBackendRoleArrayOutputWithContext(ctx context.Context) AuthBackendRoleArrayOutput
- type AuthBackendRoleInput
- type AuthBackendRoleMap
- type AuthBackendRoleMapInput
- type AuthBackendRoleMapOutput
- func (AuthBackendRoleMapOutput) ElementType() reflect.Type
- func (o AuthBackendRoleMapOutput) MapIndex(k pulumi.StringInput) AuthBackendRoleOutput
- func (o AuthBackendRoleMapOutput) ToAuthBackendRoleMapOutput() AuthBackendRoleMapOutput
- func (o AuthBackendRoleMapOutput) ToAuthBackendRoleMapOutputWithContext(ctx context.Context) AuthBackendRoleMapOutput
- type AuthBackendRoleOutput
- func (o AuthBackendRoleOutput) Backend() pulumi.StringPtrOutput
- func (o AuthBackendRoleOutput) BindSecretId() pulumi.BoolPtrOutput
- func (AuthBackendRoleOutput) ElementType() reflect.Type
- func (o AuthBackendRoleOutput) Namespace() pulumi.StringPtrOutput
- func (o AuthBackendRoleOutput) RoleId() pulumi.StringOutput
- func (o AuthBackendRoleOutput) RoleName() pulumi.StringOutput
- func (o AuthBackendRoleOutput) SecretIdBoundCidrs() pulumi.StringArrayOutput
- func (o AuthBackendRoleOutput) SecretIdNumUses() pulumi.IntPtrOutput
- func (o AuthBackendRoleOutput) SecretIdTtl() pulumi.IntPtrOutput
- func (o AuthBackendRoleOutput) ToAuthBackendRoleOutput() AuthBackendRoleOutput
- func (o AuthBackendRoleOutput) ToAuthBackendRoleOutputWithContext(ctx context.Context) AuthBackendRoleOutput
- func (o AuthBackendRoleOutput) TokenBoundCidrs() pulumi.StringArrayOutput
- func (o AuthBackendRoleOutput) TokenExplicitMaxTtl() pulumi.IntPtrOutput
- func (o AuthBackendRoleOutput) TokenMaxTtl() pulumi.IntPtrOutput
- func (o AuthBackendRoleOutput) TokenNoDefaultPolicy() pulumi.BoolPtrOutput
- func (o AuthBackendRoleOutput) TokenNumUses() pulumi.IntPtrOutput
- func (o AuthBackendRoleOutput) TokenPeriod() pulumi.IntPtrOutput
- func (o AuthBackendRoleOutput) TokenPolicies() pulumi.StringArrayOutput
- func (o AuthBackendRoleOutput) TokenTtl() pulumi.IntPtrOutput
- func (o AuthBackendRoleOutput) TokenType() pulumi.StringPtrOutput
- type AuthBackendRoleSecretId
- type AuthBackendRoleSecretIdArgs
- type AuthBackendRoleSecretIdArray
- func (AuthBackendRoleSecretIdArray) ElementType() reflect.Type
- func (i AuthBackendRoleSecretIdArray) ToAuthBackendRoleSecretIdArrayOutput() AuthBackendRoleSecretIdArrayOutput
- func (i AuthBackendRoleSecretIdArray) ToAuthBackendRoleSecretIdArrayOutputWithContext(ctx context.Context) AuthBackendRoleSecretIdArrayOutput
- type AuthBackendRoleSecretIdArrayInput
- type AuthBackendRoleSecretIdArrayOutput
- func (AuthBackendRoleSecretIdArrayOutput) ElementType() reflect.Type
- func (o AuthBackendRoleSecretIdArrayOutput) Index(i pulumi.IntInput) AuthBackendRoleSecretIdOutput
- func (o AuthBackendRoleSecretIdArrayOutput) ToAuthBackendRoleSecretIdArrayOutput() AuthBackendRoleSecretIdArrayOutput
- func (o AuthBackendRoleSecretIdArrayOutput) ToAuthBackendRoleSecretIdArrayOutputWithContext(ctx context.Context) AuthBackendRoleSecretIdArrayOutput
- type AuthBackendRoleSecretIdInput
- type AuthBackendRoleSecretIdMap
- func (AuthBackendRoleSecretIdMap) ElementType() reflect.Type
- func (i AuthBackendRoleSecretIdMap) ToAuthBackendRoleSecretIdMapOutput() AuthBackendRoleSecretIdMapOutput
- func (i AuthBackendRoleSecretIdMap) ToAuthBackendRoleSecretIdMapOutputWithContext(ctx context.Context) AuthBackendRoleSecretIdMapOutput
- type AuthBackendRoleSecretIdMapInput
- type AuthBackendRoleSecretIdMapOutput
- func (AuthBackendRoleSecretIdMapOutput) ElementType() reflect.Type
- func (o AuthBackendRoleSecretIdMapOutput) MapIndex(k pulumi.StringInput) AuthBackendRoleSecretIdOutput
- func (o AuthBackendRoleSecretIdMapOutput) ToAuthBackendRoleSecretIdMapOutput() AuthBackendRoleSecretIdMapOutput
- func (o AuthBackendRoleSecretIdMapOutput) ToAuthBackendRoleSecretIdMapOutputWithContext(ctx context.Context) AuthBackendRoleSecretIdMapOutput
- type AuthBackendRoleSecretIdOutput
- func (o AuthBackendRoleSecretIdOutput) Accessor() pulumi.StringOutput
- func (o AuthBackendRoleSecretIdOutput) Backend() pulumi.StringPtrOutput
- func (o AuthBackendRoleSecretIdOutput) CidrLists() pulumi.StringArrayOutput
- func (AuthBackendRoleSecretIdOutput) ElementType() reflect.Type
- func (o AuthBackendRoleSecretIdOutput) Metadata() pulumi.StringPtrOutput
- func (o AuthBackendRoleSecretIdOutput) Namespace() pulumi.StringPtrOutput
- func (o AuthBackendRoleSecretIdOutput) RoleName() pulumi.StringOutput
- func (o AuthBackendRoleSecretIdOutput) SecretId() pulumi.StringOutput
- func (o AuthBackendRoleSecretIdOutput) ToAuthBackendRoleSecretIdOutput() AuthBackendRoleSecretIdOutput
- func (o AuthBackendRoleSecretIdOutput) ToAuthBackendRoleSecretIdOutputWithContext(ctx context.Context) AuthBackendRoleSecretIdOutput
- func (o AuthBackendRoleSecretIdOutput) WithWrappedAccessor() pulumi.BoolPtrOutput
- func (o AuthBackendRoleSecretIdOutput) WrappingAccessor() pulumi.StringOutput
- func (o AuthBackendRoleSecretIdOutput) WrappingToken() pulumi.StringOutput
- func (o AuthBackendRoleSecretIdOutput) WrappingTtl() pulumi.StringPtrOutput
- type AuthBackendRoleSecretIdState
- type AuthBackendRoleState
- type GetAuthBackendRoleIdArgs
- type GetAuthBackendRoleIdOutputArgs
- type GetAuthBackendRoleIdResult
- type GetAuthBackendRoleIdResultOutput
- func (o GetAuthBackendRoleIdResultOutput) Backend() pulumi.StringPtrOutput
- func (GetAuthBackendRoleIdResultOutput) ElementType() reflect.Type
- func (o GetAuthBackendRoleIdResultOutput) Id() pulumi.StringOutput
- func (o GetAuthBackendRoleIdResultOutput) Namespace() pulumi.StringPtrOutput
- func (o GetAuthBackendRoleIdResultOutput) RoleId() pulumi.StringOutput
- func (o GetAuthBackendRoleIdResultOutput) RoleName() pulumi.StringOutput
- func (o GetAuthBackendRoleIdResultOutput) ToGetAuthBackendRoleIdResultOutput() GetAuthBackendRoleIdResultOutput
- func (o GetAuthBackendRoleIdResultOutput) ToGetAuthBackendRoleIdResultOutputWithContext(ctx context.Context) GetAuthBackendRoleIdResultOutput
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AuthBackendLogin ¶
type AuthBackendLogin struct { pulumi.CustomResourceState // The accessor for the token. Accessor pulumi.StringOutput `pulumi:"accessor"` // The unique path of the Vault backend to log in with. Backend pulumi.StringPtrOutput `pulumi:"backend"` // The Vault token created. ClientToken pulumi.StringOutput `pulumi:"clientToken"` // How long the token is valid for, in seconds. LeaseDuration pulumi.IntOutput `pulumi:"leaseDuration"` // The date and time the lease started, in RFC 3339 format. LeaseStarted pulumi.StringOutput `pulumi:"leaseStarted"` // The metadata associated with the token. Metadata pulumi.StringMapOutput `pulumi:"metadata"` // The namespace to provision the resource in. // The value should not contain leading or trailing forward slashes. // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). // *Available only for Vault Enterprise*. Namespace pulumi.StringPtrOutput `pulumi:"namespace"` // A list of policies applied to the token. Policies pulumi.StringArrayOutput `pulumi:"policies"` // Whether the token is renewable or not. Renewable pulumi.BoolOutput `pulumi:"renewable"` // The ID of the role to log in with. RoleId pulumi.StringOutput `pulumi:"roleId"` // The secret ID of the role to log in with. Required // unless `bindSecretId` is set to false on the role. SecretId pulumi.StringPtrOutput `pulumi:"secretId"` }
Logs into Vault using the AppRole auth backend. See the [Vault documentation](https://www.vaultproject.io/docs/auth/approle) for more information.
## Example Usage
```go package main
import (
"github.com/pulumi/pulumi-vault/sdk/v5/go/vault" "github.com/pulumi/pulumi-vault/sdk/v5/go/vault/appRole" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { approle, err := vault.NewAuthBackend(ctx, "approle", &vault.AuthBackendArgs{ Type: pulumi.String("approle"), }) if err != nil { return err } example, err := appRole.NewAuthBackendRole(ctx, "example", &appRole.AuthBackendRoleArgs{ Backend: approle.Path, RoleName: pulumi.String("test-role"), TokenPolicies: pulumi.StringArray{ pulumi.String("default"), pulumi.String("dev"), pulumi.String("prod"), }, }) if err != nil { return err } id, err := appRole.NewAuthBackendRoleSecretId(ctx, "id", &appRole.AuthBackendRoleSecretIdArgs{ Backend: approle.Path, RoleName: example.RoleName, }) if err != nil { return err } _, err = appRole.NewAuthBackendLogin(ctx, "login", &appRole.AuthBackendLoginArgs{ Backend: approle.Path, RoleId: example.RoleId, SecretId: id.SecretId, }) if err != nil { return err } return nil }) }
```
func GetAuthBackendLogin ¶
func GetAuthBackendLogin(ctx *pulumi.Context, name string, id pulumi.IDInput, state *AuthBackendLoginState, opts ...pulumi.ResourceOption) (*AuthBackendLogin, error)
GetAuthBackendLogin gets an existing AuthBackendLogin resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewAuthBackendLogin ¶
func NewAuthBackendLogin(ctx *pulumi.Context, name string, args *AuthBackendLoginArgs, opts ...pulumi.ResourceOption) (*AuthBackendLogin, error)
NewAuthBackendLogin registers a new resource with the given unique name, arguments, and options.
func (*AuthBackendLogin) ElementType ¶
func (*AuthBackendLogin) ElementType() reflect.Type
func (*AuthBackendLogin) ToAuthBackendLoginOutput ¶
func (i *AuthBackendLogin) ToAuthBackendLoginOutput() AuthBackendLoginOutput
func (*AuthBackendLogin) ToAuthBackendLoginOutputWithContext ¶
func (i *AuthBackendLogin) ToAuthBackendLoginOutputWithContext(ctx context.Context) AuthBackendLoginOutput
type AuthBackendLoginArgs ¶
type AuthBackendLoginArgs struct { // The unique path of the Vault backend to log in with. Backend pulumi.StringPtrInput // The namespace to provision the resource in. // The value should not contain leading or trailing forward slashes. // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). // *Available only for Vault Enterprise*. Namespace pulumi.StringPtrInput // The ID of the role to log in with. RoleId pulumi.StringInput // The secret ID of the role to log in with. Required // unless `bindSecretId` is set to false on the role. SecretId pulumi.StringPtrInput }
The set of arguments for constructing a AuthBackendLogin resource.
func (AuthBackendLoginArgs) ElementType ¶
func (AuthBackendLoginArgs) ElementType() reflect.Type
type AuthBackendLoginArray ¶
type AuthBackendLoginArray []AuthBackendLoginInput
func (AuthBackendLoginArray) ElementType ¶
func (AuthBackendLoginArray) ElementType() reflect.Type
func (AuthBackendLoginArray) ToAuthBackendLoginArrayOutput ¶
func (i AuthBackendLoginArray) ToAuthBackendLoginArrayOutput() AuthBackendLoginArrayOutput
func (AuthBackendLoginArray) ToAuthBackendLoginArrayOutputWithContext ¶
func (i AuthBackendLoginArray) ToAuthBackendLoginArrayOutputWithContext(ctx context.Context) AuthBackendLoginArrayOutput
type AuthBackendLoginArrayInput ¶
type AuthBackendLoginArrayInput interface { pulumi.Input ToAuthBackendLoginArrayOutput() AuthBackendLoginArrayOutput ToAuthBackendLoginArrayOutputWithContext(context.Context) AuthBackendLoginArrayOutput }
AuthBackendLoginArrayInput is an input type that accepts AuthBackendLoginArray and AuthBackendLoginArrayOutput values. You can construct a concrete instance of `AuthBackendLoginArrayInput` via:
AuthBackendLoginArray{ AuthBackendLoginArgs{...} }
type AuthBackendLoginArrayOutput ¶
type AuthBackendLoginArrayOutput struct{ *pulumi.OutputState }
func (AuthBackendLoginArrayOutput) ElementType ¶
func (AuthBackendLoginArrayOutput) ElementType() reflect.Type
func (AuthBackendLoginArrayOutput) Index ¶
func (o AuthBackendLoginArrayOutput) Index(i pulumi.IntInput) AuthBackendLoginOutput
func (AuthBackendLoginArrayOutput) ToAuthBackendLoginArrayOutput ¶
func (o AuthBackendLoginArrayOutput) ToAuthBackendLoginArrayOutput() AuthBackendLoginArrayOutput
func (AuthBackendLoginArrayOutput) ToAuthBackendLoginArrayOutputWithContext ¶
func (o AuthBackendLoginArrayOutput) ToAuthBackendLoginArrayOutputWithContext(ctx context.Context) AuthBackendLoginArrayOutput
type AuthBackendLoginInput ¶
type AuthBackendLoginInput interface { pulumi.Input ToAuthBackendLoginOutput() AuthBackendLoginOutput ToAuthBackendLoginOutputWithContext(ctx context.Context) AuthBackendLoginOutput }
type AuthBackendLoginMap ¶
type AuthBackendLoginMap map[string]AuthBackendLoginInput
func (AuthBackendLoginMap) ElementType ¶
func (AuthBackendLoginMap) ElementType() reflect.Type
func (AuthBackendLoginMap) ToAuthBackendLoginMapOutput ¶
func (i AuthBackendLoginMap) ToAuthBackendLoginMapOutput() AuthBackendLoginMapOutput
func (AuthBackendLoginMap) ToAuthBackendLoginMapOutputWithContext ¶
func (i AuthBackendLoginMap) ToAuthBackendLoginMapOutputWithContext(ctx context.Context) AuthBackendLoginMapOutput
type AuthBackendLoginMapInput ¶
type AuthBackendLoginMapInput interface { pulumi.Input ToAuthBackendLoginMapOutput() AuthBackendLoginMapOutput ToAuthBackendLoginMapOutputWithContext(context.Context) AuthBackendLoginMapOutput }
AuthBackendLoginMapInput is an input type that accepts AuthBackendLoginMap and AuthBackendLoginMapOutput values. You can construct a concrete instance of `AuthBackendLoginMapInput` via:
AuthBackendLoginMap{ "key": AuthBackendLoginArgs{...} }
type AuthBackendLoginMapOutput ¶
type AuthBackendLoginMapOutput struct{ *pulumi.OutputState }
func (AuthBackendLoginMapOutput) ElementType ¶
func (AuthBackendLoginMapOutput) ElementType() reflect.Type
func (AuthBackendLoginMapOutput) MapIndex ¶
func (o AuthBackendLoginMapOutput) MapIndex(k pulumi.StringInput) AuthBackendLoginOutput
func (AuthBackendLoginMapOutput) ToAuthBackendLoginMapOutput ¶
func (o AuthBackendLoginMapOutput) ToAuthBackendLoginMapOutput() AuthBackendLoginMapOutput
func (AuthBackendLoginMapOutput) ToAuthBackendLoginMapOutputWithContext ¶
func (o AuthBackendLoginMapOutput) ToAuthBackendLoginMapOutputWithContext(ctx context.Context) AuthBackendLoginMapOutput
type AuthBackendLoginOutput ¶
type AuthBackendLoginOutput struct{ *pulumi.OutputState }
func (AuthBackendLoginOutput) Accessor ¶ added in v5.6.0
func (o AuthBackendLoginOutput) Accessor() pulumi.StringOutput
The accessor for the token.
func (AuthBackendLoginOutput) Backend ¶ added in v5.6.0
func (o AuthBackendLoginOutput) Backend() pulumi.StringPtrOutput
The unique path of the Vault backend to log in with.
func (AuthBackendLoginOutput) ClientToken ¶ added in v5.6.0
func (o AuthBackendLoginOutput) ClientToken() pulumi.StringOutput
The Vault token created.
func (AuthBackendLoginOutput) ElementType ¶
func (AuthBackendLoginOutput) ElementType() reflect.Type
func (AuthBackendLoginOutput) LeaseDuration ¶ added in v5.6.0
func (o AuthBackendLoginOutput) LeaseDuration() pulumi.IntOutput
How long the token is valid for, in seconds.
func (AuthBackendLoginOutput) LeaseStarted ¶ added in v5.6.0
func (o AuthBackendLoginOutput) LeaseStarted() pulumi.StringOutput
The date and time the lease started, in RFC 3339 format.
func (AuthBackendLoginOutput) Metadata ¶ added in v5.6.0
func (o AuthBackendLoginOutput) Metadata() pulumi.StringMapOutput
The metadata associated with the token.
func (AuthBackendLoginOutput) Namespace ¶ added in v5.7.0
func (o AuthBackendLoginOutput) Namespace() pulumi.StringPtrOutput
The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). *Available only for Vault Enterprise*.
func (AuthBackendLoginOutput) Policies ¶ added in v5.6.0
func (o AuthBackendLoginOutput) Policies() pulumi.StringArrayOutput
A list of policies applied to the token.
func (AuthBackendLoginOutput) Renewable ¶ added in v5.6.0
func (o AuthBackendLoginOutput) Renewable() pulumi.BoolOutput
Whether the token is renewable or not.
func (AuthBackendLoginOutput) RoleId ¶ added in v5.6.0
func (o AuthBackendLoginOutput) RoleId() pulumi.StringOutput
The ID of the role to log in with.
func (AuthBackendLoginOutput) SecretId ¶ added in v5.6.0
func (o AuthBackendLoginOutput) SecretId() pulumi.StringPtrOutput
The secret ID of the role to log in with. Required unless `bindSecretId` is set to false on the role.
func (AuthBackendLoginOutput) ToAuthBackendLoginOutput ¶
func (o AuthBackendLoginOutput) ToAuthBackendLoginOutput() AuthBackendLoginOutput
func (AuthBackendLoginOutput) ToAuthBackendLoginOutputWithContext ¶
func (o AuthBackendLoginOutput) ToAuthBackendLoginOutputWithContext(ctx context.Context) AuthBackendLoginOutput
type AuthBackendLoginState ¶
type AuthBackendLoginState struct { // The accessor for the token. Accessor pulumi.StringPtrInput // The unique path of the Vault backend to log in with. Backend pulumi.StringPtrInput // The Vault token created. ClientToken pulumi.StringPtrInput // How long the token is valid for, in seconds. LeaseDuration pulumi.IntPtrInput // The date and time the lease started, in RFC 3339 format. LeaseStarted pulumi.StringPtrInput // The metadata associated with the token. Metadata pulumi.StringMapInput // The namespace to provision the resource in. // The value should not contain leading or trailing forward slashes. // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). // *Available only for Vault Enterprise*. Namespace pulumi.StringPtrInput // A list of policies applied to the token. Policies pulumi.StringArrayInput // Whether the token is renewable or not. Renewable pulumi.BoolPtrInput // The ID of the role to log in with. RoleId pulumi.StringPtrInput // The secret ID of the role to log in with. Required // unless `bindSecretId` is set to false on the role. SecretId pulumi.StringPtrInput }
func (AuthBackendLoginState) ElementType ¶
func (AuthBackendLoginState) ElementType() reflect.Type
type AuthBackendRole ¶
type AuthBackendRole struct { pulumi.CustomResourceState // The unique name of the auth backend to configure. // Defaults to `approle`. Backend pulumi.StringPtrOutput `pulumi:"backend"` // Whether or not to require `secretId` to be // presented when logging in using this AppRole. Defaults to `true`. BindSecretId pulumi.BoolPtrOutput `pulumi:"bindSecretId"` // The namespace to provision the resource in. // The value should not contain leading or trailing forward slashes. // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). // *Available only for Vault Enterprise*. Namespace pulumi.StringPtrOutput `pulumi:"namespace"` // The RoleID of this role. If not specified, one will be // auto-generated. RoleId pulumi.StringOutput `pulumi:"roleId"` // The name of the role. RoleName pulumi.StringOutput `pulumi:"roleName"` // If set, // specifies blocks of IP addresses which can perform the login operation. SecretIdBoundCidrs pulumi.StringArrayOutput `pulumi:"secretIdBoundCidrs"` // The number of times any particular SecretID // can be used to fetch a token from this AppRole, after which the SecretID will // expire. A value of zero will allow unlimited uses. SecretIdNumUses pulumi.IntPtrOutput `pulumi:"secretIdNumUses"` // The number of seconds after which any SecretID // expires. SecretIdTtl pulumi.IntPtrOutput `pulumi:"secretIdTtl"` // List of CIDR blocks; if set, specifies blocks of IP // addresses which can authenticate successfully, and ties the resulting token to these blocks // as well. TokenBoundCidrs pulumi.StringArrayOutput `pulumi:"tokenBoundCidrs"` // If set, will encode an // [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls) // onto the token in number of seconds. This is a hard cap even if `tokenTtl` and // `tokenMaxTtl` would otherwise allow a renewal. TokenExplicitMaxTtl pulumi.IntPtrOutput `pulumi:"tokenExplicitMaxTtl"` // The maximum lifetime for generated tokens in number of seconds. // Its current value will be referenced at renewal time. TokenMaxTtl pulumi.IntPtrOutput `pulumi:"tokenMaxTtl"` // If set, the default policy will not be set on // generated tokens; otherwise it will be added to the policies set in token_policies. TokenNoDefaultPolicy pulumi.BoolPtrOutput `pulumi:"tokenNoDefaultPolicy"` // The [maximum number](https://www.vaultproject.io/api-docs/auth/approle#token_num_uses) // of times a generated token may be used (within its lifetime); 0 means unlimited. TokenNumUses pulumi.IntPtrOutput `pulumi:"tokenNumUses"` // If set, indicates that the // token generated using this role should never expire. The token should be renewed within the // duration specified by this value. At each renewal, the token's TTL will be set to the // value of this field. Specified in seconds. TokenPeriod pulumi.IntPtrOutput `pulumi:"tokenPeriod"` // List of policies to encode onto generated tokens. Depending // on the auth method, this list may be supplemented by user/group/other values. TokenPolicies pulumi.StringArrayOutput `pulumi:"tokenPolicies"` // The incremental lifetime for generated tokens in number of seconds. // Its current value will be referenced at renewal time. TokenTtl pulumi.IntPtrOutput `pulumi:"tokenTtl"` // The type of token that should be generated. Can be `service`, // `batch`, or `default` to use the mount's tuned default (which unless changed will be // `service` tokens). For token store roles, there are two additional possibilities: // `default-service` and `default-batch` which specify the type to return unless the client // requests a different type at generation time. TokenType pulumi.StringPtrOutput `pulumi:"tokenType"` }
Manages an AppRole auth backend role in a Vault server. See the [Vault documentation](https://www.vaultproject.io/docs/auth/approle) for more information.
## Example Usage
```go package main
import (
"github.com/pulumi/pulumi-vault/sdk/v5/go/vault" "github.com/pulumi/pulumi-vault/sdk/v5/go/vault/appRole" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { approle, err := vault.NewAuthBackend(ctx, "approle", &vault.AuthBackendArgs{ Type: pulumi.String("approle"), }) if err != nil { return err } _, err = appRole.NewAuthBackendRole(ctx, "example", &appRole.AuthBackendRoleArgs{ Backend: approle.Path, RoleName: pulumi.String("test-role"), TokenPolicies: pulumi.StringArray{ pulumi.String("default"), pulumi.String("dev"), pulumi.String("prod"), }, }) if err != nil { return err } return nil }) }
```
## Import
AppRole authentication backend roles can be imported using the `path`, e.g.
```sh
$ pulumi import vault:appRole/authBackendRole:AuthBackendRole example auth/approle/role/test-role
```
func GetAuthBackendRole ¶
func GetAuthBackendRole(ctx *pulumi.Context, name string, id pulumi.IDInput, state *AuthBackendRoleState, opts ...pulumi.ResourceOption) (*AuthBackendRole, error)
GetAuthBackendRole gets an existing AuthBackendRole resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewAuthBackendRole ¶
func NewAuthBackendRole(ctx *pulumi.Context, name string, args *AuthBackendRoleArgs, opts ...pulumi.ResourceOption) (*AuthBackendRole, error)
NewAuthBackendRole registers a new resource with the given unique name, arguments, and options.
func (*AuthBackendRole) ElementType ¶
func (*AuthBackendRole) ElementType() reflect.Type
func (*AuthBackendRole) ToAuthBackendRoleOutput ¶
func (i *AuthBackendRole) ToAuthBackendRoleOutput() AuthBackendRoleOutput
func (*AuthBackendRole) ToAuthBackendRoleOutputWithContext ¶
func (i *AuthBackendRole) ToAuthBackendRoleOutputWithContext(ctx context.Context) AuthBackendRoleOutput
type AuthBackendRoleArgs ¶
type AuthBackendRoleArgs struct { // The unique name of the auth backend to configure. // Defaults to `approle`. Backend pulumi.StringPtrInput // Whether or not to require `secretId` to be // presented when logging in using this AppRole. Defaults to `true`. BindSecretId pulumi.BoolPtrInput // The namespace to provision the resource in. // The value should not contain leading or trailing forward slashes. // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). // *Available only for Vault Enterprise*. Namespace pulumi.StringPtrInput // The RoleID of this role. If not specified, one will be // auto-generated. RoleId pulumi.StringPtrInput // The name of the role. RoleName pulumi.StringInput // If set, // specifies blocks of IP addresses which can perform the login operation. SecretIdBoundCidrs pulumi.StringArrayInput // The number of times any particular SecretID // can be used to fetch a token from this AppRole, after which the SecretID will // expire. A value of zero will allow unlimited uses. SecretIdNumUses pulumi.IntPtrInput // The number of seconds after which any SecretID // expires. SecretIdTtl pulumi.IntPtrInput // List of CIDR blocks; if set, specifies blocks of IP // addresses which can authenticate successfully, and ties the resulting token to these blocks // as well. TokenBoundCidrs pulumi.StringArrayInput // If set, will encode an // [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls) // onto the token in number of seconds. This is a hard cap even if `tokenTtl` and // `tokenMaxTtl` would otherwise allow a renewal. TokenExplicitMaxTtl pulumi.IntPtrInput // The maximum lifetime for generated tokens in number of seconds. // Its current value will be referenced at renewal time. TokenMaxTtl pulumi.IntPtrInput // If set, the default policy will not be set on // generated tokens; otherwise it will be added to the policies set in token_policies. TokenNoDefaultPolicy pulumi.BoolPtrInput // The [maximum number](https://www.vaultproject.io/api-docs/auth/approle#token_num_uses) // of times a generated token may be used (within its lifetime); 0 means unlimited. TokenNumUses pulumi.IntPtrInput // If set, indicates that the // token generated using this role should never expire. The token should be renewed within the // duration specified by this value. At each renewal, the token's TTL will be set to the // value of this field. Specified in seconds. TokenPeriod pulumi.IntPtrInput // List of policies to encode onto generated tokens. Depending // on the auth method, this list may be supplemented by user/group/other values. TokenPolicies pulumi.StringArrayInput // The incremental lifetime for generated tokens in number of seconds. // Its current value will be referenced at renewal time. TokenTtl pulumi.IntPtrInput // The type of token that should be generated. Can be `service`, // `batch`, or `default` to use the mount's tuned default (which unless changed will be // `service` tokens). For token store roles, there are two additional possibilities: // `default-service` and `default-batch` which specify the type to return unless the client // requests a different type at generation time. TokenType pulumi.StringPtrInput }
The set of arguments for constructing a AuthBackendRole resource.
func (AuthBackendRoleArgs) ElementType ¶
func (AuthBackendRoleArgs) ElementType() reflect.Type
type AuthBackendRoleArray ¶
type AuthBackendRoleArray []AuthBackendRoleInput
func (AuthBackendRoleArray) ElementType ¶
func (AuthBackendRoleArray) ElementType() reflect.Type
func (AuthBackendRoleArray) ToAuthBackendRoleArrayOutput ¶
func (i AuthBackendRoleArray) ToAuthBackendRoleArrayOutput() AuthBackendRoleArrayOutput
func (AuthBackendRoleArray) ToAuthBackendRoleArrayOutputWithContext ¶
func (i AuthBackendRoleArray) ToAuthBackendRoleArrayOutputWithContext(ctx context.Context) AuthBackendRoleArrayOutput
type AuthBackendRoleArrayInput ¶
type AuthBackendRoleArrayInput interface { pulumi.Input ToAuthBackendRoleArrayOutput() AuthBackendRoleArrayOutput ToAuthBackendRoleArrayOutputWithContext(context.Context) AuthBackendRoleArrayOutput }
AuthBackendRoleArrayInput is an input type that accepts AuthBackendRoleArray and AuthBackendRoleArrayOutput values. You can construct a concrete instance of `AuthBackendRoleArrayInput` via:
AuthBackendRoleArray{ AuthBackendRoleArgs{...} }
type AuthBackendRoleArrayOutput ¶
type AuthBackendRoleArrayOutput struct{ *pulumi.OutputState }
func (AuthBackendRoleArrayOutput) ElementType ¶
func (AuthBackendRoleArrayOutput) ElementType() reflect.Type
func (AuthBackendRoleArrayOutput) Index ¶
func (o AuthBackendRoleArrayOutput) Index(i pulumi.IntInput) AuthBackendRoleOutput
func (AuthBackendRoleArrayOutput) ToAuthBackendRoleArrayOutput ¶
func (o AuthBackendRoleArrayOutput) ToAuthBackendRoleArrayOutput() AuthBackendRoleArrayOutput
func (AuthBackendRoleArrayOutput) ToAuthBackendRoleArrayOutputWithContext ¶
func (o AuthBackendRoleArrayOutput) ToAuthBackendRoleArrayOutputWithContext(ctx context.Context) AuthBackendRoleArrayOutput
type AuthBackendRoleInput ¶
type AuthBackendRoleInput interface { pulumi.Input ToAuthBackendRoleOutput() AuthBackendRoleOutput ToAuthBackendRoleOutputWithContext(ctx context.Context) AuthBackendRoleOutput }
type AuthBackendRoleMap ¶
type AuthBackendRoleMap map[string]AuthBackendRoleInput
func (AuthBackendRoleMap) ElementType ¶
func (AuthBackendRoleMap) ElementType() reflect.Type
func (AuthBackendRoleMap) ToAuthBackendRoleMapOutput ¶
func (i AuthBackendRoleMap) ToAuthBackendRoleMapOutput() AuthBackendRoleMapOutput
func (AuthBackendRoleMap) ToAuthBackendRoleMapOutputWithContext ¶
func (i AuthBackendRoleMap) ToAuthBackendRoleMapOutputWithContext(ctx context.Context) AuthBackendRoleMapOutput
type AuthBackendRoleMapInput ¶
type AuthBackendRoleMapInput interface { pulumi.Input ToAuthBackendRoleMapOutput() AuthBackendRoleMapOutput ToAuthBackendRoleMapOutputWithContext(context.Context) AuthBackendRoleMapOutput }
AuthBackendRoleMapInput is an input type that accepts AuthBackendRoleMap and AuthBackendRoleMapOutput values. You can construct a concrete instance of `AuthBackendRoleMapInput` via:
AuthBackendRoleMap{ "key": AuthBackendRoleArgs{...} }
type AuthBackendRoleMapOutput ¶
type AuthBackendRoleMapOutput struct{ *pulumi.OutputState }
func (AuthBackendRoleMapOutput) ElementType ¶
func (AuthBackendRoleMapOutput) ElementType() reflect.Type
func (AuthBackendRoleMapOutput) MapIndex ¶
func (o AuthBackendRoleMapOutput) MapIndex(k pulumi.StringInput) AuthBackendRoleOutput
func (AuthBackendRoleMapOutput) ToAuthBackendRoleMapOutput ¶
func (o AuthBackendRoleMapOutput) ToAuthBackendRoleMapOutput() AuthBackendRoleMapOutput
func (AuthBackendRoleMapOutput) ToAuthBackendRoleMapOutputWithContext ¶
func (o AuthBackendRoleMapOutput) ToAuthBackendRoleMapOutputWithContext(ctx context.Context) AuthBackendRoleMapOutput
type AuthBackendRoleOutput ¶
type AuthBackendRoleOutput struct{ *pulumi.OutputState }
func (AuthBackendRoleOutput) Backend ¶ added in v5.6.0
func (o AuthBackendRoleOutput) Backend() pulumi.StringPtrOutput
The unique name of the auth backend to configure. Defaults to `approle`.
func (AuthBackendRoleOutput) BindSecretId ¶ added in v5.6.0
func (o AuthBackendRoleOutput) BindSecretId() pulumi.BoolPtrOutput
Whether or not to require `secretId` to be presented when logging in using this AppRole. Defaults to `true`.
func (AuthBackendRoleOutput) ElementType ¶
func (AuthBackendRoleOutput) ElementType() reflect.Type
func (AuthBackendRoleOutput) Namespace ¶ added in v5.7.0
func (o AuthBackendRoleOutput) Namespace() pulumi.StringPtrOutput
The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). *Available only for Vault Enterprise*.
func (AuthBackendRoleOutput) RoleId ¶ added in v5.6.0
func (o AuthBackendRoleOutput) RoleId() pulumi.StringOutput
The RoleID of this role. If not specified, one will be auto-generated.
func (AuthBackendRoleOutput) RoleName ¶ added in v5.6.0
func (o AuthBackendRoleOutput) RoleName() pulumi.StringOutput
The name of the role.
func (AuthBackendRoleOutput) SecretIdBoundCidrs ¶ added in v5.6.0
func (o AuthBackendRoleOutput) SecretIdBoundCidrs() pulumi.StringArrayOutput
If set, specifies blocks of IP addresses which can perform the login operation.
func (AuthBackendRoleOutput) SecretIdNumUses ¶ added in v5.6.0
func (o AuthBackendRoleOutput) SecretIdNumUses() pulumi.IntPtrOutput
The number of times any particular SecretID can be used to fetch a token from this AppRole, after which the SecretID will expire. A value of zero will allow unlimited uses.
func (AuthBackendRoleOutput) SecretIdTtl ¶ added in v5.6.0
func (o AuthBackendRoleOutput) SecretIdTtl() pulumi.IntPtrOutput
The number of seconds after which any SecretID expires.
func (AuthBackendRoleOutput) ToAuthBackendRoleOutput ¶
func (o AuthBackendRoleOutput) ToAuthBackendRoleOutput() AuthBackendRoleOutput
func (AuthBackendRoleOutput) ToAuthBackendRoleOutputWithContext ¶
func (o AuthBackendRoleOutput) ToAuthBackendRoleOutputWithContext(ctx context.Context) AuthBackendRoleOutput
func (AuthBackendRoleOutput) TokenBoundCidrs ¶ added in v5.6.0
func (o AuthBackendRoleOutput) TokenBoundCidrs() pulumi.StringArrayOutput
List of CIDR blocks; if set, specifies blocks of IP addresses which can authenticate successfully, and ties the resulting token to these blocks as well.
func (AuthBackendRoleOutput) TokenExplicitMaxTtl ¶ added in v5.6.0
func (o AuthBackendRoleOutput) TokenExplicitMaxTtl() pulumi.IntPtrOutput
If set, will encode an [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls) onto the token in number of seconds. This is a hard cap even if `tokenTtl` and `tokenMaxTtl` would otherwise allow a renewal.
func (AuthBackendRoleOutput) TokenMaxTtl ¶ added in v5.6.0
func (o AuthBackendRoleOutput) TokenMaxTtl() pulumi.IntPtrOutput
The maximum lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.
func (AuthBackendRoleOutput) TokenNoDefaultPolicy ¶ added in v5.6.0
func (o AuthBackendRoleOutput) TokenNoDefaultPolicy() pulumi.BoolPtrOutput
If set, the default policy will not be set on generated tokens; otherwise it will be added to the policies set in token_policies.
func (AuthBackendRoleOutput) TokenNumUses ¶ added in v5.6.0
func (o AuthBackendRoleOutput) TokenNumUses() pulumi.IntPtrOutput
The [maximum number](https://www.vaultproject.io/api-docs/auth/approle#token_num_uses) of times a generated token may be used (within its lifetime); 0 means unlimited.
func (AuthBackendRoleOutput) TokenPeriod ¶ added in v5.6.0
func (o AuthBackendRoleOutput) TokenPeriod() pulumi.IntPtrOutput
If set, indicates that the token generated using this role should never expire. The token should be renewed within the duration specified by this value. At each renewal, the token's TTL will be set to the value of this field. Specified in seconds.
func (AuthBackendRoleOutput) TokenPolicies ¶ added in v5.6.0
func (o AuthBackendRoleOutput) TokenPolicies() pulumi.StringArrayOutput
List of policies to encode onto generated tokens. Depending on the auth method, this list may be supplemented by user/group/other values.
func (AuthBackendRoleOutput) TokenTtl ¶ added in v5.6.0
func (o AuthBackendRoleOutput) TokenTtl() pulumi.IntPtrOutput
The incremental lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.
func (AuthBackendRoleOutput) TokenType ¶ added in v5.6.0
func (o AuthBackendRoleOutput) TokenType() pulumi.StringPtrOutput
The type of token that should be generated. Can be `service`, `batch`, or `default` to use the mount's tuned default (which unless changed will be `service` tokens). For token store roles, there are two additional possibilities: `default-service` and `default-batch` which specify the type to return unless the client requests a different type at generation time.
type AuthBackendRoleSecretId ¶ added in v5.7.0
type AuthBackendRoleSecretId struct { pulumi.CustomResourceState // The unique ID for this SecretID that can be safely logged. Accessor pulumi.StringOutput `pulumi:"accessor"` // Unique name of the auth backend to configure. Backend pulumi.StringPtrOutput `pulumi:"backend"` // If set, specifies blocks of IP addresses which can // perform the login operation using this SecretID. CidrLists pulumi.StringArrayOutput `pulumi:"cidrLists"` // A JSON-encoded string containing metadata in // key-value pairs to be set on tokens issued with this SecretID. Metadata pulumi.StringPtrOutput `pulumi:"metadata"` // The namespace to provision the resource in. // The value should not contain leading or trailing forward slashes. // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). // *Available only for Vault Enterprise*. Namespace pulumi.StringPtrOutput `pulumi:"namespace"` // The name of the role to create the SecretID for. RoleName pulumi.StringOutput `pulumi:"roleName"` // The SecretID to be created. If set, uses "Push" // mode. Defaults to Vault auto-generating SecretIDs. SecretId pulumi.StringOutput `pulumi:"secretId"` // Set to `true` to use the wrapped secret-id accessor as the resource ID. // If `false` (default value), a fresh secret ID will be regenerated whenever the wrapping token is expired or // invalidated through unwrapping. WithWrappedAccessor pulumi.BoolPtrOutput `pulumi:"withWrappedAccessor"` // The unique ID for the response-wrapped SecretID that can // be safely logged. WrappingAccessor pulumi.StringOutput `pulumi:"wrappingAccessor"` // The token used to retrieve a response-wrapped SecretID. WrappingToken pulumi.StringOutput `pulumi:"wrappingToken"` // If set, the SecretID response will be // [response-wrapped](https://www.vaultproject.io/docs/concepts/response-wrapping) // and available for the duration specified. Only a single unwrapping of the // token is allowed. WrappingTtl pulumi.StringPtrOutput `pulumi:"wrappingTtl"` }
Manages an AppRole auth backend SecretID in a Vault server. See the [Vault documentation](https://www.vaultproject.io/docs/auth/approle) for more information.
## Example Usage
```go package main
import (
"encoding/json" "github.com/pulumi/pulumi-vault/sdk/v5/go/vault" "github.com/pulumi/pulumi-vault/sdk/v5/go/vault/appRole" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { approle, err := vault.NewAuthBackend(ctx, "approle", &vault.AuthBackendArgs{ Type: pulumi.String("approle"), }) if err != nil { return err } example, err := appRole.NewAuthBackendRole(ctx, "example", &appRole.AuthBackendRoleArgs{ Backend: approle.Path, RoleName: pulumi.String("test-role"), TokenPolicies: pulumi.StringArray{ pulumi.String("default"), pulumi.String("dev"), pulumi.String("prod"), }, }) if err != nil { return err } tmpJSON0, err := json.Marshal(map[string]interface{}{ "hello": "world", }) if err != nil { return err } json0 := string(tmpJSON0) _, err = appRole.NewAuthBackendRoleSecretId(ctx, "id", &appRole.AuthBackendRoleSecretIdArgs{ Backend: approle.Path, RoleName: example.RoleName, Metadata: pulumi.String(json0), }) if err != nil { return err } return nil }) }
```
func GetAuthBackendRoleSecretId ¶ added in v5.7.0
func GetAuthBackendRoleSecretId(ctx *pulumi.Context, name string, id pulumi.IDInput, state *AuthBackendRoleSecretIdState, opts ...pulumi.ResourceOption) (*AuthBackendRoleSecretId, error)
GetAuthBackendRoleSecretId gets an existing AuthBackendRoleSecretId resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewAuthBackendRoleSecretId ¶ added in v5.7.0
func NewAuthBackendRoleSecretId(ctx *pulumi.Context, name string, args *AuthBackendRoleSecretIdArgs, opts ...pulumi.ResourceOption) (*AuthBackendRoleSecretId, error)
NewAuthBackendRoleSecretId registers a new resource with the given unique name, arguments, and options.
func (*AuthBackendRoleSecretId) ElementType ¶ added in v5.7.0
func (*AuthBackendRoleSecretId) ElementType() reflect.Type
func (*AuthBackendRoleSecretId) ToAuthBackendRoleSecretIdOutput ¶ added in v5.7.0
func (i *AuthBackendRoleSecretId) ToAuthBackendRoleSecretIdOutput() AuthBackendRoleSecretIdOutput
func (*AuthBackendRoleSecretId) ToAuthBackendRoleSecretIdOutputWithContext ¶ added in v5.7.0
func (i *AuthBackendRoleSecretId) ToAuthBackendRoleSecretIdOutputWithContext(ctx context.Context) AuthBackendRoleSecretIdOutput
type AuthBackendRoleSecretIdArgs ¶ added in v5.7.0
type AuthBackendRoleSecretIdArgs struct { // Unique name of the auth backend to configure. Backend pulumi.StringPtrInput // If set, specifies blocks of IP addresses which can // perform the login operation using this SecretID. CidrLists pulumi.StringArrayInput // A JSON-encoded string containing metadata in // key-value pairs to be set on tokens issued with this SecretID. Metadata pulumi.StringPtrInput // The namespace to provision the resource in. // The value should not contain leading or trailing forward slashes. // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). // *Available only for Vault Enterprise*. Namespace pulumi.StringPtrInput // The name of the role to create the SecretID for. RoleName pulumi.StringInput // The SecretID to be created. If set, uses "Push" // mode. Defaults to Vault auto-generating SecretIDs. SecretId pulumi.StringPtrInput // Set to `true` to use the wrapped secret-id accessor as the resource ID. // If `false` (default value), a fresh secret ID will be regenerated whenever the wrapping token is expired or // invalidated through unwrapping. WithWrappedAccessor pulumi.BoolPtrInput // If set, the SecretID response will be // [response-wrapped](https://www.vaultproject.io/docs/concepts/response-wrapping) // and available for the duration specified. Only a single unwrapping of the // token is allowed. WrappingTtl pulumi.StringPtrInput }
The set of arguments for constructing a AuthBackendRoleSecretId resource.
func (AuthBackendRoleSecretIdArgs) ElementType ¶ added in v5.7.0
func (AuthBackendRoleSecretIdArgs) ElementType() reflect.Type
type AuthBackendRoleSecretIdArray ¶ added in v5.7.0
type AuthBackendRoleSecretIdArray []AuthBackendRoleSecretIdInput
func (AuthBackendRoleSecretIdArray) ElementType ¶ added in v5.7.0
func (AuthBackendRoleSecretIdArray) ElementType() reflect.Type
func (AuthBackendRoleSecretIdArray) ToAuthBackendRoleSecretIdArrayOutput ¶ added in v5.7.0
func (i AuthBackendRoleSecretIdArray) ToAuthBackendRoleSecretIdArrayOutput() AuthBackendRoleSecretIdArrayOutput
func (AuthBackendRoleSecretIdArray) ToAuthBackendRoleSecretIdArrayOutputWithContext ¶ added in v5.7.0
func (i AuthBackendRoleSecretIdArray) ToAuthBackendRoleSecretIdArrayOutputWithContext(ctx context.Context) AuthBackendRoleSecretIdArrayOutput
type AuthBackendRoleSecretIdArrayInput ¶ added in v5.7.0
type AuthBackendRoleSecretIdArrayInput interface { pulumi.Input ToAuthBackendRoleSecretIdArrayOutput() AuthBackendRoleSecretIdArrayOutput ToAuthBackendRoleSecretIdArrayOutputWithContext(context.Context) AuthBackendRoleSecretIdArrayOutput }
AuthBackendRoleSecretIdArrayInput is an input type that accepts AuthBackendRoleSecretIdArray and AuthBackendRoleSecretIdArrayOutput values. You can construct a concrete instance of `AuthBackendRoleSecretIdArrayInput` via:
AuthBackendRoleSecretIdArray{ AuthBackendRoleSecretIdArgs{...} }
type AuthBackendRoleSecretIdArrayOutput ¶ added in v5.7.0
type AuthBackendRoleSecretIdArrayOutput struct{ *pulumi.OutputState }
func (AuthBackendRoleSecretIdArrayOutput) ElementType ¶ added in v5.7.0
func (AuthBackendRoleSecretIdArrayOutput) ElementType() reflect.Type
func (AuthBackendRoleSecretIdArrayOutput) Index ¶ added in v5.7.0
func (o AuthBackendRoleSecretIdArrayOutput) Index(i pulumi.IntInput) AuthBackendRoleSecretIdOutput
func (AuthBackendRoleSecretIdArrayOutput) ToAuthBackendRoleSecretIdArrayOutput ¶ added in v5.7.0
func (o AuthBackendRoleSecretIdArrayOutput) ToAuthBackendRoleSecretIdArrayOutput() AuthBackendRoleSecretIdArrayOutput
func (AuthBackendRoleSecretIdArrayOutput) ToAuthBackendRoleSecretIdArrayOutputWithContext ¶ added in v5.7.0
func (o AuthBackendRoleSecretIdArrayOutput) ToAuthBackendRoleSecretIdArrayOutputWithContext(ctx context.Context) AuthBackendRoleSecretIdArrayOutput
type AuthBackendRoleSecretIdInput ¶ added in v5.7.0
type AuthBackendRoleSecretIdInput interface { pulumi.Input ToAuthBackendRoleSecretIdOutput() AuthBackendRoleSecretIdOutput ToAuthBackendRoleSecretIdOutputWithContext(ctx context.Context) AuthBackendRoleSecretIdOutput }
type AuthBackendRoleSecretIdMap ¶ added in v5.7.0
type AuthBackendRoleSecretIdMap map[string]AuthBackendRoleSecretIdInput
func (AuthBackendRoleSecretIdMap) ElementType ¶ added in v5.7.0
func (AuthBackendRoleSecretIdMap) ElementType() reflect.Type
func (AuthBackendRoleSecretIdMap) ToAuthBackendRoleSecretIdMapOutput ¶ added in v5.7.0
func (i AuthBackendRoleSecretIdMap) ToAuthBackendRoleSecretIdMapOutput() AuthBackendRoleSecretIdMapOutput
func (AuthBackendRoleSecretIdMap) ToAuthBackendRoleSecretIdMapOutputWithContext ¶ added in v5.7.0
func (i AuthBackendRoleSecretIdMap) ToAuthBackendRoleSecretIdMapOutputWithContext(ctx context.Context) AuthBackendRoleSecretIdMapOutput
type AuthBackendRoleSecretIdMapInput ¶ added in v5.7.0
type AuthBackendRoleSecretIdMapInput interface { pulumi.Input ToAuthBackendRoleSecretIdMapOutput() AuthBackendRoleSecretIdMapOutput ToAuthBackendRoleSecretIdMapOutputWithContext(context.Context) AuthBackendRoleSecretIdMapOutput }
AuthBackendRoleSecretIdMapInput is an input type that accepts AuthBackendRoleSecretIdMap and AuthBackendRoleSecretIdMapOutput values. You can construct a concrete instance of `AuthBackendRoleSecretIdMapInput` via:
AuthBackendRoleSecretIdMap{ "key": AuthBackendRoleSecretIdArgs{...} }
type AuthBackendRoleSecretIdMapOutput ¶ added in v5.7.0
type AuthBackendRoleSecretIdMapOutput struct{ *pulumi.OutputState }
func (AuthBackendRoleSecretIdMapOutput) ElementType ¶ added in v5.7.0
func (AuthBackendRoleSecretIdMapOutput) ElementType() reflect.Type
func (AuthBackendRoleSecretIdMapOutput) MapIndex ¶ added in v5.7.0
func (o AuthBackendRoleSecretIdMapOutput) MapIndex(k pulumi.StringInput) AuthBackendRoleSecretIdOutput
func (AuthBackendRoleSecretIdMapOutput) ToAuthBackendRoleSecretIdMapOutput ¶ added in v5.7.0
func (o AuthBackendRoleSecretIdMapOutput) ToAuthBackendRoleSecretIdMapOutput() AuthBackendRoleSecretIdMapOutput
func (AuthBackendRoleSecretIdMapOutput) ToAuthBackendRoleSecretIdMapOutputWithContext ¶ added in v5.7.0
func (o AuthBackendRoleSecretIdMapOutput) ToAuthBackendRoleSecretIdMapOutputWithContext(ctx context.Context) AuthBackendRoleSecretIdMapOutput
type AuthBackendRoleSecretIdOutput ¶ added in v5.7.0
type AuthBackendRoleSecretIdOutput struct{ *pulumi.OutputState }
func (AuthBackendRoleSecretIdOutput) Accessor ¶ added in v5.7.0
func (o AuthBackendRoleSecretIdOutput) Accessor() pulumi.StringOutput
The unique ID for this SecretID that can be safely logged.
func (AuthBackendRoleSecretIdOutput) Backend ¶ added in v5.7.0
func (o AuthBackendRoleSecretIdOutput) Backend() pulumi.StringPtrOutput
Unique name of the auth backend to configure.
func (AuthBackendRoleSecretIdOutput) CidrLists ¶ added in v5.7.0
func (o AuthBackendRoleSecretIdOutput) CidrLists() pulumi.StringArrayOutput
If set, specifies blocks of IP addresses which can perform the login operation using this SecretID.
func (AuthBackendRoleSecretIdOutput) ElementType ¶ added in v5.7.0
func (AuthBackendRoleSecretIdOutput) ElementType() reflect.Type
func (AuthBackendRoleSecretIdOutput) Metadata ¶ added in v5.7.0
func (o AuthBackendRoleSecretIdOutput) Metadata() pulumi.StringPtrOutput
A JSON-encoded string containing metadata in key-value pairs to be set on tokens issued with this SecretID.
func (AuthBackendRoleSecretIdOutput) Namespace ¶ added in v5.7.0
func (o AuthBackendRoleSecretIdOutput) Namespace() pulumi.StringPtrOutput
The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). *Available only for Vault Enterprise*.
func (AuthBackendRoleSecretIdOutput) RoleName ¶ added in v5.7.0
func (o AuthBackendRoleSecretIdOutput) RoleName() pulumi.StringOutput
The name of the role to create the SecretID for.
func (AuthBackendRoleSecretIdOutput) SecretId ¶ added in v5.7.0
func (o AuthBackendRoleSecretIdOutput) SecretId() pulumi.StringOutput
The SecretID to be created. If set, uses "Push" mode. Defaults to Vault auto-generating SecretIDs.
func (AuthBackendRoleSecretIdOutput) ToAuthBackendRoleSecretIdOutput ¶ added in v5.7.0
func (o AuthBackendRoleSecretIdOutput) ToAuthBackendRoleSecretIdOutput() AuthBackendRoleSecretIdOutput
func (AuthBackendRoleSecretIdOutput) ToAuthBackendRoleSecretIdOutputWithContext ¶ added in v5.7.0
func (o AuthBackendRoleSecretIdOutput) ToAuthBackendRoleSecretIdOutputWithContext(ctx context.Context) AuthBackendRoleSecretIdOutput
func (AuthBackendRoleSecretIdOutput) WithWrappedAccessor ¶ added in v5.7.0
func (o AuthBackendRoleSecretIdOutput) WithWrappedAccessor() pulumi.BoolPtrOutput
Set to `true` to use the wrapped secret-id accessor as the resource ID. If `false` (default value), a fresh secret ID will be regenerated whenever the wrapping token is expired or invalidated through unwrapping.
func (AuthBackendRoleSecretIdOutput) WrappingAccessor ¶ added in v5.7.0
func (o AuthBackendRoleSecretIdOutput) WrappingAccessor() pulumi.StringOutput
The unique ID for the response-wrapped SecretID that can be safely logged.
func (AuthBackendRoleSecretIdOutput) WrappingToken ¶ added in v5.7.0
func (o AuthBackendRoleSecretIdOutput) WrappingToken() pulumi.StringOutput
The token used to retrieve a response-wrapped SecretID.
func (AuthBackendRoleSecretIdOutput) WrappingTtl ¶ added in v5.7.0
func (o AuthBackendRoleSecretIdOutput) WrappingTtl() pulumi.StringPtrOutput
If set, the SecretID response will be [response-wrapped](https://www.vaultproject.io/docs/concepts/response-wrapping) and available for the duration specified. Only a single unwrapping of the token is allowed.
type AuthBackendRoleSecretIdState ¶ added in v5.7.0
type AuthBackendRoleSecretIdState struct { // The unique ID for this SecretID that can be safely logged. Accessor pulumi.StringPtrInput // Unique name of the auth backend to configure. Backend pulumi.StringPtrInput // If set, specifies blocks of IP addresses which can // perform the login operation using this SecretID. CidrLists pulumi.StringArrayInput // A JSON-encoded string containing metadata in // key-value pairs to be set on tokens issued with this SecretID. Metadata pulumi.StringPtrInput // The namespace to provision the resource in. // The value should not contain leading or trailing forward slashes. // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). // *Available only for Vault Enterprise*. Namespace pulumi.StringPtrInput // The name of the role to create the SecretID for. RoleName pulumi.StringPtrInput // The SecretID to be created. If set, uses "Push" // mode. Defaults to Vault auto-generating SecretIDs. SecretId pulumi.StringPtrInput // Set to `true` to use the wrapped secret-id accessor as the resource ID. // If `false` (default value), a fresh secret ID will be regenerated whenever the wrapping token is expired or // invalidated through unwrapping. WithWrappedAccessor pulumi.BoolPtrInput // The unique ID for the response-wrapped SecretID that can // be safely logged. WrappingAccessor pulumi.StringPtrInput // The token used to retrieve a response-wrapped SecretID. WrappingToken pulumi.StringPtrInput // If set, the SecretID response will be // [response-wrapped](https://www.vaultproject.io/docs/concepts/response-wrapping) // and available for the duration specified. Only a single unwrapping of the // token is allowed. WrappingTtl pulumi.StringPtrInput }
func (AuthBackendRoleSecretIdState) ElementType ¶ added in v5.7.0
func (AuthBackendRoleSecretIdState) ElementType() reflect.Type
type AuthBackendRoleState ¶
type AuthBackendRoleState struct { // The unique name of the auth backend to configure. // Defaults to `approle`. Backend pulumi.StringPtrInput // Whether or not to require `secretId` to be // presented when logging in using this AppRole. Defaults to `true`. BindSecretId pulumi.BoolPtrInput // The namespace to provision the resource in. // The value should not contain leading or trailing forward slashes. // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). // *Available only for Vault Enterprise*. Namespace pulumi.StringPtrInput // The RoleID of this role. If not specified, one will be // auto-generated. RoleId pulumi.StringPtrInput // The name of the role. RoleName pulumi.StringPtrInput // If set, // specifies blocks of IP addresses which can perform the login operation. SecretIdBoundCidrs pulumi.StringArrayInput // The number of times any particular SecretID // can be used to fetch a token from this AppRole, after which the SecretID will // expire. A value of zero will allow unlimited uses. SecretIdNumUses pulumi.IntPtrInput // The number of seconds after which any SecretID // expires. SecretIdTtl pulumi.IntPtrInput // List of CIDR blocks; if set, specifies blocks of IP // addresses which can authenticate successfully, and ties the resulting token to these blocks // as well. TokenBoundCidrs pulumi.StringArrayInput // If set, will encode an // [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls) // onto the token in number of seconds. This is a hard cap even if `tokenTtl` and // `tokenMaxTtl` would otherwise allow a renewal. TokenExplicitMaxTtl pulumi.IntPtrInput // The maximum lifetime for generated tokens in number of seconds. // Its current value will be referenced at renewal time. TokenMaxTtl pulumi.IntPtrInput // If set, the default policy will not be set on // generated tokens; otherwise it will be added to the policies set in token_policies. TokenNoDefaultPolicy pulumi.BoolPtrInput // The [maximum number](https://www.vaultproject.io/api-docs/auth/approle#token_num_uses) // of times a generated token may be used (within its lifetime); 0 means unlimited. TokenNumUses pulumi.IntPtrInput // If set, indicates that the // token generated using this role should never expire. The token should be renewed within the // duration specified by this value. At each renewal, the token's TTL will be set to the // value of this field. Specified in seconds. TokenPeriod pulumi.IntPtrInput // List of policies to encode onto generated tokens. Depending // on the auth method, this list may be supplemented by user/group/other values. TokenPolicies pulumi.StringArrayInput // The incremental lifetime for generated tokens in number of seconds. // Its current value will be referenced at renewal time. TokenTtl pulumi.IntPtrInput // The type of token that should be generated. Can be `service`, // `batch`, or `default` to use the mount's tuned default (which unless changed will be // `service` tokens). For token store roles, there are two additional possibilities: // `default-service` and `default-batch` which specify the type to return unless the client // requests a different type at generation time. TokenType pulumi.StringPtrInput }
func (AuthBackendRoleState) ElementType ¶
func (AuthBackendRoleState) ElementType() reflect.Type
type GetAuthBackendRoleIdArgs ¶
type GetAuthBackendRoleIdArgs struct { // The unique name for the AppRole backend the role to // retrieve a RoleID for resides in. Defaults to "approle". Backend *string `pulumi:"backend"` // The namespace of the target resource. // The value should not contain leading or trailing forward slashes. // The `namespace` is always relative to the provider's configured namespace. // *Available only for Vault Enterprise*. Namespace *string `pulumi:"namespace"` // The name of the role to retrieve the Role ID for. RoleName string `pulumi:"roleName"` }
A collection of arguments for invoking getAuthBackendRoleId.
type GetAuthBackendRoleIdOutputArgs ¶
type GetAuthBackendRoleIdOutputArgs struct { // The unique name for the AppRole backend the role to // retrieve a RoleID for resides in. Defaults to "approle". Backend pulumi.StringPtrInput `pulumi:"backend"` // The namespace of the target resource. // The value should not contain leading or trailing forward slashes. // The `namespace` is always relative to the provider's configured namespace. // *Available only for Vault Enterprise*. Namespace pulumi.StringPtrInput `pulumi:"namespace"` // The name of the role to retrieve the Role ID for. RoleName pulumi.StringInput `pulumi:"roleName"` }
A collection of arguments for invoking getAuthBackendRoleId.
func (GetAuthBackendRoleIdOutputArgs) ElementType ¶
func (GetAuthBackendRoleIdOutputArgs) ElementType() reflect.Type
type GetAuthBackendRoleIdResult ¶
type GetAuthBackendRoleIdResult struct { Backend *string `pulumi:"backend"` // The provider-assigned unique ID for this managed resource. Id string `pulumi:"id"` Namespace *string `pulumi:"namespace"` // The RoleID of the role. RoleId string `pulumi:"roleId"` RoleName string `pulumi:"roleName"` }
A collection of values returned by getAuthBackendRoleId.
func GetAuthBackendRoleId ¶
func GetAuthBackendRoleId(ctx *pulumi.Context, args *GetAuthBackendRoleIdArgs, opts ...pulumi.InvokeOption) (*GetAuthBackendRoleIdResult, error)
Reads the Role ID of an AppRole from a Vault server.
## Example Usage
```go package main
import (
"github.com/pulumi/pulumi-vault/sdk/v5/go/vault/appRole" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { role, err := appRole.GetAuthBackendRoleId(ctx, &approle.GetAuthBackendRoleIdArgs{ Backend: pulumi.StringRef("my-approle-backend"), RoleName: "my-role", }, nil) if err != nil { return err } ctx.Export("role-id", role.RoleId) return nil }) }
```
type GetAuthBackendRoleIdResultOutput ¶
type GetAuthBackendRoleIdResultOutput struct{ *pulumi.OutputState }
A collection of values returned by getAuthBackendRoleId.
func GetAuthBackendRoleIdOutput ¶
func GetAuthBackendRoleIdOutput(ctx *pulumi.Context, args GetAuthBackendRoleIdOutputArgs, opts ...pulumi.InvokeOption) GetAuthBackendRoleIdResultOutput
func (GetAuthBackendRoleIdResultOutput) Backend ¶
func (o GetAuthBackendRoleIdResultOutput) Backend() pulumi.StringPtrOutput
func (GetAuthBackendRoleIdResultOutput) ElementType ¶
func (GetAuthBackendRoleIdResultOutput) ElementType() reflect.Type
func (GetAuthBackendRoleIdResultOutput) Id ¶
func (o GetAuthBackendRoleIdResultOutput) Id() pulumi.StringOutput
The provider-assigned unique ID for this managed resource.
func (GetAuthBackendRoleIdResultOutput) Namespace ¶ added in v5.7.0
func (o GetAuthBackendRoleIdResultOutput) Namespace() pulumi.StringPtrOutput
func (GetAuthBackendRoleIdResultOutput) RoleId ¶
func (o GetAuthBackendRoleIdResultOutput) RoleId() pulumi.StringOutput
The RoleID of the role.
func (GetAuthBackendRoleIdResultOutput) RoleName ¶
func (o GetAuthBackendRoleIdResultOutput) RoleName() pulumi.StringOutput
func (GetAuthBackendRoleIdResultOutput) ToGetAuthBackendRoleIdResultOutput ¶
func (o GetAuthBackendRoleIdResultOutput) ToGetAuthBackendRoleIdResultOutput() GetAuthBackendRoleIdResultOutput
func (GetAuthBackendRoleIdResultOutput) ToGetAuthBackendRoleIdResultOutputWithContext ¶
func (o GetAuthBackendRoleIdResultOutput) ToGetAuthBackendRoleIdResultOutputWithContext(ctx context.Context) GetAuthBackendRoleIdResultOutput