azure

package
v5.20.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 20, 2024 License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AuthBackendConfig 

type AuthBackendConfig struct {
	pulumi.CustomResourceState

	// The path the Azure auth backend being configured was
	// mounted at.  Defaults to `azure`.
	Backend pulumi.StringPtrOutput `pulumi:"backend"`
	// The client id for credentials to query the Azure APIs.
	// Currently read permissions to query compute resources are required.
	ClientId pulumi.StringPtrOutput `pulumi:"clientId"`
	// The client secret for credentials to query the
	// Azure APIs.
	ClientSecret pulumi.StringPtrOutput `pulumi:"clientSecret"`
	// The Azure cloud environment. Valid values:
	// AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud,
	// AzureGermanCloud.  Defaults to `AzurePublicCloud`.
	Environment pulumi.StringPtrOutput `pulumi:"environment"`
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrOutput `pulumi:"namespace"`
	// The configured URL for the application registered in
	// Azure Active Directory.
	Resource pulumi.StringOutput `pulumi:"resource"`
	// The tenant id for the Azure Active Directory
	// organization.
	TenantId pulumi.StringOutput `pulumi:"tenantId"`
}

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-vault/sdk/v5/go/vault"
"github.com/pulumi/pulumi-vault/sdk/v5/go/vault/azure"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleAuthBackend, err := vault.NewAuthBackend(ctx, "exampleAuthBackend", &vault.AuthBackendArgs{
			Type: pulumi.String("azure"),
		})
		if err != nil {
			return err
		}
		_, err = azure.NewAuthBackendConfig(ctx, "exampleAuthBackendConfig", &azure.AuthBackendConfigArgs{
			Backend:      exampleAuthBackend.Path,
			TenantId:     pulumi.String("11111111-2222-3333-4444-555555555555"),
			ClientId:     pulumi.String("11111111-2222-3333-4444-555555555555"),
			ClientSecret: pulumi.String("01234567890123456789"),
			Resource:     pulumi.String("https://vault.hashicorp.com"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Azure auth backends can be imported using `auth/`, the `backend` path, and `/config` e.g.

```sh 

$ pulumi import vault:azure/authBackendConfig:AuthBackendConfig example auth/azure/config

```

func GetAuthBackendConfig 

func GetAuthBackendConfig(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AuthBackendConfigState, opts ...pulumi.ResourceOption) (*AuthBackendConfig, error)

GetAuthBackendConfig gets an existing AuthBackendConfig resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAuthBackendConfig 

func NewAuthBackendConfig(ctx *pulumi.Context,
	name string, args *AuthBackendConfigArgs, opts ...pulumi.ResourceOption) (*AuthBackendConfig, error)

NewAuthBackendConfig registers a new resource with the given unique name, arguments, and options.

func (*AuthBackendConfig) ElementType 

func (*AuthBackendConfig) ElementType() reflect.Type

func (*AuthBackendConfig) ToAuthBackendConfigOutput 

func (i *AuthBackendConfig) ToAuthBackendConfigOutput() AuthBackendConfigOutput

func (*AuthBackendConfig) ToAuthBackendConfigOutputWithContext 

func (i *AuthBackendConfig) ToAuthBackendConfigOutputWithContext(ctx context.Context) AuthBackendConfigOutput

type AuthBackendConfigArgs 

type AuthBackendConfigArgs struct {
	// The path the Azure auth backend being configured was
	// mounted at.  Defaults to `azure`.
	Backend pulumi.StringPtrInput
	// The client id for credentials to query the Azure APIs.
	// Currently read permissions to query compute resources are required.
	ClientId pulumi.StringPtrInput
	// The client secret for credentials to query the
	// Azure APIs.
	ClientSecret pulumi.StringPtrInput
	// The Azure cloud environment. Valid values:
	// AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud,
	// AzureGermanCloud.  Defaults to `AzurePublicCloud`.
	Environment pulumi.StringPtrInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// The configured URL for the application registered in
	// Azure Active Directory.
	Resource pulumi.StringInput
	// The tenant id for the Azure Active Directory
	// organization.
	TenantId pulumi.StringInput
}

The set of arguments for constructing a AuthBackendConfig resource.

func (AuthBackendConfigArgs) ElementType 

func (AuthBackendConfigArgs) ElementType() reflect.Type

type AuthBackendConfigArray 

type AuthBackendConfigArray []AuthBackendConfigInput

func (AuthBackendConfigArray) ElementType 

func (AuthBackendConfigArray) ElementType() reflect.Type

func (AuthBackendConfigArray) ToAuthBackendConfigArrayOutput 

func (i AuthBackendConfigArray) ToAuthBackendConfigArrayOutput() AuthBackendConfigArrayOutput

func (AuthBackendConfigArray) ToAuthBackendConfigArrayOutputWithContext 

func (i AuthBackendConfigArray) ToAuthBackendConfigArrayOutputWithContext(ctx context.Context) AuthBackendConfigArrayOutput

type AuthBackendConfigArrayInput 

type AuthBackendConfigArrayInput interface {
	pulumi.Input

	ToAuthBackendConfigArrayOutput() AuthBackendConfigArrayOutput
	ToAuthBackendConfigArrayOutputWithContext(context.Context) AuthBackendConfigArrayOutput
}

AuthBackendConfigArrayInput is an input type that accepts AuthBackendConfigArray and AuthBackendConfigArrayOutput values. You can construct a concrete instance of `AuthBackendConfigArrayInput` via: 

AuthBackendConfigArray{ AuthBackendConfigArgs{...} }

type AuthBackendConfigArrayOutput 

type AuthBackendConfigArrayOutput struct{ *pulumi.OutputState }

func (AuthBackendConfigArrayOutput) ElementType 

func (AuthBackendConfigArrayOutput) ElementType() reflect.Type

func (AuthBackendConfigArrayOutput) Index 

func (o AuthBackendConfigArrayOutput) Index(i pulumi.IntInput) AuthBackendConfigOutput

func (AuthBackendConfigArrayOutput) ToAuthBackendConfigArrayOutput 

func (o AuthBackendConfigArrayOutput) ToAuthBackendConfigArrayOutput() AuthBackendConfigArrayOutput

func (AuthBackendConfigArrayOutput) ToAuthBackendConfigArrayOutputWithContext 

func (o AuthBackendConfigArrayOutput) ToAuthBackendConfigArrayOutputWithContext(ctx context.Context) AuthBackendConfigArrayOutput

type AuthBackendConfigInput 

type AuthBackendConfigInput interface {
	pulumi.Input

	ToAuthBackendConfigOutput() AuthBackendConfigOutput
	ToAuthBackendConfigOutputWithContext(ctx context.Context) AuthBackendConfigOutput
}

type AuthBackendConfigMap 

type AuthBackendConfigMap map[string]AuthBackendConfigInput

func (AuthBackendConfigMap) ElementType 

func (AuthBackendConfigMap) ElementType() reflect.Type

func (AuthBackendConfigMap) ToAuthBackendConfigMapOutput 

func (i AuthBackendConfigMap) ToAuthBackendConfigMapOutput() AuthBackendConfigMapOutput

func (AuthBackendConfigMap) ToAuthBackendConfigMapOutputWithContext 

func (i AuthBackendConfigMap) ToAuthBackendConfigMapOutputWithContext(ctx context.Context) AuthBackendConfigMapOutput

type AuthBackendConfigMapInput 

type AuthBackendConfigMapInput interface {
	pulumi.Input

	ToAuthBackendConfigMapOutput() AuthBackendConfigMapOutput
	ToAuthBackendConfigMapOutputWithContext(context.Context) AuthBackendConfigMapOutput
}

AuthBackendConfigMapInput is an input type that accepts AuthBackendConfigMap and AuthBackendConfigMapOutput values. You can construct a concrete instance of `AuthBackendConfigMapInput` via: 

AuthBackendConfigMap{ "key": AuthBackendConfigArgs{...} }

type AuthBackendConfigMapOutput 

type AuthBackendConfigMapOutput struct{ *pulumi.OutputState }

func (AuthBackendConfigMapOutput) ElementType 

func (AuthBackendConfigMapOutput) ElementType() reflect.Type

func (AuthBackendConfigMapOutput) MapIndex 

func (o AuthBackendConfigMapOutput) MapIndex(k pulumi.StringInput) AuthBackendConfigOutput

func (AuthBackendConfigMapOutput) ToAuthBackendConfigMapOutput 

func (o AuthBackendConfigMapOutput) ToAuthBackendConfigMapOutput() AuthBackendConfigMapOutput

func (AuthBackendConfigMapOutput) ToAuthBackendConfigMapOutputWithContext 

func (o AuthBackendConfigMapOutput) ToAuthBackendConfigMapOutputWithContext(ctx context.Context) AuthBackendConfigMapOutput

type AuthBackendConfigOutput 

type AuthBackendConfigOutput struct{ *pulumi.OutputState }

func (AuthBackendConfigOutput) Backend added in v5.6.0 

func (o AuthBackendConfigOutput) Backend() pulumi.StringPtrOutput

The path the Azure auth backend being configured was mounted at. Defaults to `azure`.

func (AuthBackendConfigOutput) ClientId added in v5.6.0 

func (o AuthBackendConfigOutput) ClientId() pulumi.StringPtrOutput

The client id for credentials to query the Azure APIs. Currently read permissions to query compute resources are required.

func (AuthBackendConfigOutput) ClientSecret added in v5.6.0 

func (o AuthBackendConfigOutput) ClientSecret() pulumi.StringPtrOutput

The client secret for credentials to query the Azure APIs.

func (AuthBackendConfigOutput) ElementType 

func (AuthBackendConfigOutput) ElementType() reflect.Type

func (AuthBackendConfigOutput) Environment added in v5.6.0 

func (o AuthBackendConfigOutput) Environment() pulumi.StringPtrOutput

The Azure cloud environment. Valid values: AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud, AzureGermanCloud. Defaults to `AzurePublicCloud`.

func (AuthBackendConfigOutput) Namespace added in v5.7.0 

func (o AuthBackendConfigOutput) Namespace() pulumi.StringPtrOutput

The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). *Available only for Vault Enterprise*.

func (AuthBackendConfigOutput) Resource added in v5.6.0 

func (o AuthBackendConfigOutput) Resource() pulumi.StringOutput

The configured URL for the application registered in Azure Active Directory.

func (AuthBackendConfigOutput) TenantId added in v5.6.0 

func (o AuthBackendConfigOutput) TenantId() pulumi.StringOutput

The tenant id for the Azure Active Directory organization.

func (AuthBackendConfigOutput) ToAuthBackendConfigOutput 

func (o AuthBackendConfigOutput) ToAuthBackendConfigOutput() AuthBackendConfigOutput

func (AuthBackendConfigOutput) ToAuthBackendConfigOutputWithContext 

func (o AuthBackendConfigOutput) ToAuthBackendConfigOutputWithContext(ctx context.Context) AuthBackendConfigOutput

type AuthBackendConfigState 

type AuthBackendConfigState struct {
	// The path the Azure auth backend being configured was
	// mounted at.  Defaults to `azure`.
	Backend pulumi.StringPtrInput
	// The client id for credentials to query the Azure APIs.
	// Currently read permissions to query compute resources are required.
	ClientId pulumi.StringPtrInput
	// The client secret for credentials to query the
	// Azure APIs.
	ClientSecret pulumi.StringPtrInput
	// The Azure cloud environment. Valid values:
	// AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud,
	// AzureGermanCloud.  Defaults to `AzurePublicCloud`.
	Environment pulumi.StringPtrInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// The configured URL for the application registered in
	// Azure Active Directory.
	Resource pulumi.StringPtrInput
	// The tenant id for the Azure Active Directory
	// organization.
	TenantId pulumi.StringPtrInput
}

func (AuthBackendConfigState) ElementType 

func (AuthBackendConfigState) ElementType() reflect.Type

type AuthBackendRole 

type AuthBackendRole struct {
	pulumi.CustomResourceState

	// Unique name of the auth backend to configure.
	Backend pulumi.StringPtrOutput `pulumi:"backend"`
	// If set, defines a constraint on the groups
	// that can perform the login operation that they should be using the group
	// ID specified by this field.
	BoundGroupIds pulumi.StringArrayOutput `pulumi:"boundGroupIds"`
	// If set, defines a constraint on the virtual machines
	// that can perform the login operation that the location in their identity
	// document must match the one specified by this field.
	BoundLocations pulumi.StringArrayOutput `pulumi:"boundLocations"`
	// If set, defines a constraint on the virtual
	// machines that can perform the login operation that they be associated with
	// the resource group that matches the value specified by this field.
	BoundResourceGroups pulumi.StringArrayOutput `pulumi:"boundResourceGroups"`
	// If set, defines a constraint on the virtual
	// machines that can perform the login operation that they must match the scale set
	// specified by this field.
	BoundScaleSets pulumi.StringArrayOutput `pulumi:"boundScaleSets"`
	// If set, defines a constraint on the
	// service principals that can perform the login operation that they should be possess
	// the ids specified by this field.
	BoundServicePrincipalIds pulumi.StringArrayOutput `pulumi:"boundServicePrincipalIds"`
	// If set, defines a constraint on the subscriptions
	// that can perform the login operation to ones which  matches the value specified by this
	// field.
	BoundSubscriptionIds pulumi.StringArrayOutput `pulumi:"boundSubscriptionIds"`
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrOutput `pulumi:"namespace"`
	// The name of the role.
	Role pulumi.StringOutput `pulumi:"role"`
	// List of CIDR blocks; if set, specifies blocks of IP
	// addresses which can authenticate successfully, and ties the resulting token to these blocks
	// as well.
	TokenBoundCidrs pulumi.StringArrayOutput `pulumi:"tokenBoundCidrs"`
	// If set, will encode an
	// [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
	// onto the token in number of seconds. This is a hard cap even if `tokenTtl` and
	// `tokenMaxTtl` would otherwise allow a renewal.
	TokenExplicitMaxTtl pulumi.IntPtrOutput `pulumi:"tokenExplicitMaxTtl"`
	// The maximum lifetime for generated tokens in number of seconds.
	// Its current value will be referenced at renewal time.
	TokenMaxTtl pulumi.IntPtrOutput `pulumi:"tokenMaxTtl"`
	// If set, the default policy will not be set on
	// generated tokens; otherwise it will be added to the policies set in token_policies.
	TokenNoDefaultPolicy pulumi.BoolPtrOutput `pulumi:"tokenNoDefaultPolicy"`
	// The [maximum number](https://www.vaultproject.io/api-docs/azure#token_num_uses)
	// of times a generated token may be used (within its lifetime); 0 means unlimited.
	TokenNumUses pulumi.IntPtrOutput `pulumi:"tokenNumUses"`
	// If set, indicates that the
	// token generated using this role should never expire. The token should be renewed within the
	// duration specified by this value. At each renewal, the token's TTL will be set to the
	// value of this field. Specified in seconds.
	TokenPeriod pulumi.IntPtrOutput `pulumi:"tokenPeriod"`
	// List of policies to encode onto generated tokens. Depending
	// on the auth method, this list may be supplemented by user/group/other values.
	TokenPolicies pulumi.StringArrayOutput `pulumi:"tokenPolicies"`
	// The incremental lifetime for generated tokens in number of seconds.
	// Its current value will be referenced at renewal time.
	TokenTtl pulumi.IntPtrOutput `pulumi:"tokenTtl"`
	// The type of token that should be generated. Can be `service`,
	// `batch`, or `default` to use the mount's tuned default (which unless changed will be
	// `service` tokens). For token store roles, there are two additional possibilities:
	// `default-service` and `default-batch` which specify the type to return unless the client
	// requests a different type at generation time.
	TokenType pulumi.StringPtrOutput `pulumi:"tokenType"`
}

Manages an Azure auth backend role in a Vault server. Roles constrain the instances or principals that can perform the login operation against the backend. See the [Vault documentation](https://www.vaultproject.io/docs/auth/azure.html) for more information.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-vault/sdk/v5/go/vault"
"github.com/pulumi/pulumi-vault/sdk/v5/go/vault/azure"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		azure, err := vault.NewAuthBackend(ctx, "azure", &vault.AuthBackendArgs{
			Type: pulumi.String("azure"),
		})
		if err != nil {
			return err
		}
		_, err = azure.NewAuthBackendRole(ctx, "example", &azure.AuthBackendRoleArgs{
			Backend: azure.Path,
			Role:    pulumi.String("test-role"),
			BoundSubscriptionIds: pulumi.StringArray{
				pulumi.String("11111111-2222-3333-4444-555555555555"),
			},
			BoundResourceGroups: pulumi.StringArray{
				pulumi.String("123456789012"),
			},
			TokenTtl:    pulumi.Int(60),
			TokenMaxTtl: pulumi.Int(120),
			TokenPolicies: pulumi.StringArray{
				pulumi.String("default"),
				pulumi.String("dev"),
				pulumi.String("prod"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Azure auth backend roles can be imported using `auth/`, the `backend` path, `/role/`, and the `role` name e.g.

```sh 

$ pulumi import vault:azure/authBackendRole:AuthBackendRole example auth/azure/role/test-role

```

func GetAuthBackendRole 

func GetAuthBackendRole(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AuthBackendRoleState, opts ...pulumi.ResourceOption) (*AuthBackendRole, error)

GetAuthBackendRole gets an existing AuthBackendRole resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAuthBackendRole 

func NewAuthBackendRole(ctx *pulumi.Context,
	name string, args *AuthBackendRoleArgs, opts ...pulumi.ResourceOption) (*AuthBackendRole, error)

NewAuthBackendRole registers a new resource with the given unique name, arguments, and options.

func (*AuthBackendRole) ElementType 

func (*AuthBackendRole) ElementType() reflect.Type

func (*AuthBackendRole) ToAuthBackendRoleOutput 

func (i *AuthBackendRole) ToAuthBackendRoleOutput() AuthBackendRoleOutput

func (*AuthBackendRole) ToAuthBackendRoleOutputWithContext 

func (i *AuthBackendRole) ToAuthBackendRoleOutputWithContext(ctx context.Context) AuthBackendRoleOutput

type AuthBackendRoleArgs 

type AuthBackendRoleArgs struct {
	// Unique name of the auth backend to configure.
	Backend pulumi.StringPtrInput
	// If set, defines a constraint on the groups
	// that can perform the login operation that they should be using the group
	// ID specified by this field.
	BoundGroupIds pulumi.StringArrayInput
	// If set, defines a constraint on the virtual machines
	// that can perform the login operation that the location in their identity
	// document must match the one specified by this field.
	BoundLocations pulumi.StringArrayInput
	// If set, defines a constraint on the virtual
	// machines that can perform the login operation that they be associated with
	// the resource group that matches the value specified by this field.
	BoundResourceGroups pulumi.StringArrayInput
	// If set, defines a constraint on the virtual
	// machines that can perform the login operation that they must match the scale set
	// specified by this field.
	BoundScaleSets pulumi.StringArrayInput
	// If set, defines a constraint on the
	// service principals that can perform the login operation that they should be possess
	// the ids specified by this field.
	BoundServicePrincipalIds pulumi.StringArrayInput
	// If set, defines a constraint on the subscriptions
	// that can perform the login operation to ones which  matches the value specified by this
	// field.
	BoundSubscriptionIds pulumi.StringArrayInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// The name of the role.
	Role pulumi.StringInput
	// List of CIDR blocks; if set, specifies blocks of IP
	// addresses which can authenticate successfully, and ties the resulting token to these blocks
	// as well.
	TokenBoundCidrs pulumi.StringArrayInput
	// If set, will encode an
	// [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
	// onto the token in number of seconds. This is a hard cap even if `tokenTtl` and
	// `tokenMaxTtl` would otherwise allow a renewal.
	TokenExplicitMaxTtl pulumi.IntPtrInput
	// The maximum lifetime for generated tokens in number of seconds.
	// Its current value will be referenced at renewal time.
	TokenMaxTtl pulumi.IntPtrInput
	// If set, the default policy will not be set on
	// generated tokens; otherwise it will be added to the policies set in token_policies.
	TokenNoDefaultPolicy pulumi.BoolPtrInput
	// The [maximum number](https://www.vaultproject.io/api-docs/azure#token_num_uses)
	// of times a generated token may be used (within its lifetime); 0 means unlimited.
	TokenNumUses pulumi.IntPtrInput
	// If set, indicates that the
	// token generated using this role should never expire. The token should be renewed within the
	// duration specified by this value. At each renewal, the token's TTL will be set to the
	// value of this field. Specified in seconds.
	TokenPeriod pulumi.IntPtrInput
	// List of policies to encode onto generated tokens. Depending
	// on the auth method, this list may be supplemented by user/group/other values.
	TokenPolicies pulumi.StringArrayInput
	// The incremental lifetime for generated tokens in number of seconds.
	// Its current value will be referenced at renewal time.
	TokenTtl pulumi.IntPtrInput
	// The type of token that should be generated. Can be `service`,
	// `batch`, or `default` to use the mount's tuned default (which unless changed will be
	// `service` tokens). For token store roles, there are two additional possibilities:
	// `default-service` and `default-batch` which specify the type to return unless the client
	// requests a different type at generation time.
	TokenType pulumi.StringPtrInput
}

The set of arguments for constructing a AuthBackendRole resource.

func (AuthBackendRoleArgs) ElementType 

func (AuthBackendRoleArgs) ElementType() reflect.Type

type AuthBackendRoleArray 

type AuthBackendRoleArray []AuthBackendRoleInput

func (AuthBackendRoleArray) ElementType 

func (AuthBackendRoleArray) ElementType() reflect.Type

func (AuthBackendRoleArray) ToAuthBackendRoleArrayOutput 

func (i AuthBackendRoleArray) ToAuthBackendRoleArrayOutput() AuthBackendRoleArrayOutput

func (AuthBackendRoleArray) ToAuthBackendRoleArrayOutputWithContext 

func (i AuthBackendRoleArray) ToAuthBackendRoleArrayOutputWithContext(ctx context.Context) AuthBackendRoleArrayOutput

type AuthBackendRoleArrayInput 

type AuthBackendRoleArrayInput interface {
	pulumi.Input

	ToAuthBackendRoleArrayOutput() AuthBackendRoleArrayOutput
	ToAuthBackendRoleArrayOutputWithContext(context.Context) AuthBackendRoleArrayOutput
}

AuthBackendRoleArrayInput is an input type that accepts AuthBackendRoleArray and AuthBackendRoleArrayOutput values. You can construct a concrete instance of `AuthBackendRoleArrayInput` via: 

AuthBackendRoleArray{ AuthBackendRoleArgs{...} }

type AuthBackendRoleArrayOutput 

type AuthBackendRoleArrayOutput struct{ *pulumi.OutputState }

func (AuthBackendRoleArrayOutput) ElementType 

func (AuthBackendRoleArrayOutput) ElementType() reflect.Type

func (AuthBackendRoleArrayOutput) Index 

func (o AuthBackendRoleArrayOutput) Index(i pulumi.IntInput) AuthBackendRoleOutput

func (AuthBackendRoleArrayOutput) ToAuthBackendRoleArrayOutput 

func (o AuthBackendRoleArrayOutput) ToAuthBackendRoleArrayOutput() AuthBackendRoleArrayOutput

func (AuthBackendRoleArrayOutput) ToAuthBackendRoleArrayOutputWithContext 

func (o AuthBackendRoleArrayOutput) ToAuthBackendRoleArrayOutputWithContext(ctx context.Context) AuthBackendRoleArrayOutput

type AuthBackendRoleInput 

type AuthBackendRoleInput interface {
	pulumi.Input

	ToAuthBackendRoleOutput() AuthBackendRoleOutput
	ToAuthBackendRoleOutputWithContext(ctx context.Context) AuthBackendRoleOutput
}

type AuthBackendRoleMap 

type AuthBackendRoleMap map[string]AuthBackendRoleInput

func (AuthBackendRoleMap) ElementType 

func (AuthBackendRoleMap) ElementType() reflect.Type

func (AuthBackendRoleMap) ToAuthBackendRoleMapOutput 

func (i AuthBackendRoleMap) ToAuthBackendRoleMapOutput() AuthBackendRoleMapOutput

func (AuthBackendRoleMap) ToAuthBackendRoleMapOutputWithContext 

func (i AuthBackendRoleMap) ToAuthBackendRoleMapOutputWithContext(ctx context.Context) AuthBackendRoleMapOutput

type AuthBackendRoleMapInput 

type AuthBackendRoleMapInput interface {
	pulumi.Input

	ToAuthBackendRoleMapOutput() AuthBackendRoleMapOutput
	ToAuthBackendRoleMapOutputWithContext(context.Context) AuthBackendRoleMapOutput
}

AuthBackendRoleMapInput is an input type that accepts AuthBackendRoleMap and AuthBackendRoleMapOutput values. You can construct a concrete instance of `AuthBackendRoleMapInput` via: 

AuthBackendRoleMap{ "key": AuthBackendRoleArgs{...} }

type AuthBackendRoleMapOutput 

type AuthBackendRoleMapOutput struct{ *pulumi.OutputState }

func (AuthBackendRoleMapOutput) ElementType 

func (AuthBackendRoleMapOutput) ElementType() reflect.Type

func (AuthBackendRoleMapOutput) MapIndex 

func (o AuthBackendRoleMapOutput) MapIndex(k pulumi.StringInput) AuthBackendRoleOutput

func (AuthBackendRoleMapOutput) ToAuthBackendRoleMapOutput 

func (o AuthBackendRoleMapOutput) ToAuthBackendRoleMapOutput() AuthBackendRoleMapOutput

func (AuthBackendRoleMapOutput) ToAuthBackendRoleMapOutputWithContext 

func (o AuthBackendRoleMapOutput) ToAuthBackendRoleMapOutputWithContext(ctx context.Context) AuthBackendRoleMapOutput

type AuthBackendRoleOutput 

type AuthBackendRoleOutput struct{ *pulumi.OutputState }

func (AuthBackendRoleOutput) Backend added in v5.6.0 

func (o AuthBackendRoleOutput) Backend() pulumi.StringPtrOutput

Unique name of the auth backend to configure.

func (AuthBackendRoleOutput) BoundGroupIds added in v5.6.0 

func (o AuthBackendRoleOutput) BoundGroupIds() pulumi.StringArrayOutput

If set, defines a constraint on the groups that can perform the login operation that they should be using the group ID specified by this field.

func (AuthBackendRoleOutput) BoundLocations added in v5.6.0 

func (o AuthBackendRoleOutput) BoundLocations() pulumi.StringArrayOutput

If set, defines a constraint on the virtual machines that can perform the login operation that the location in their identity document must match the one specified by this field.

func (AuthBackendRoleOutput) BoundResourceGroups added in v5.6.0 

func (o AuthBackendRoleOutput) BoundResourceGroups() pulumi.StringArrayOutput

If set, defines a constraint on the virtual machines that can perform the login operation that they be associated with the resource group that matches the value specified by this field.

func (AuthBackendRoleOutput) BoundScaleSets added in v5.6.0 

func (o AuthBackendRoleOutput) BoundScaleSets() pulumi.StringArrayOutput

If set, defines a constraint on the virtual machines that can perform the login operation that they must match the scale set specified by this field.

func (AuthBackendRoleOutput) BoundServicePrincipalIds added in v5.6.0 

func (o AuthBackendRoleOutput) BoundServicePrincipalIds() pulumi.StringArrayOutput

If set, defines a constraint on the service principals that can perform the login operation that they should be possess the ids specified by this field.

func (AuthBackendRoleOutput) BoundSubscriptionIds added in v5.6.0 

func (o AuthBackendRoleOutput) BoundSubscriptionIds() pulumi.StringArrayOutput

If set, defines a constraint on the subscriptions that can perform the login operation to ones which matches the value specified by this field.

func (AuthBackendRoleOutput) ElementType 

func (AuthBackendRoleOutput) ElementType() reflect.Type

func (AuthBackendRoleOutput) Namespace added in v5.7.0 

func (o AuthBackendRoleOutput) Namespace() pulumi.StringPtrOutput

The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). *Available only for Vault Enterprise*.

func (AuthBackendRoleOutput) Role added in v5.6.0 

func (o AuthBackendRoleOutput) Role() pulumi.StringOutput

The name of the role.

func (AuthBackendRoleOutput) ToAuthBackendRoleOutput 

func (o AuthBackendRoleOutput) ToAuthBackendRoleOutput() AuthBackendRoleOutput

func (AuthBackendRoleOutput) ToAuthBackendRoleOutputWithContext 

func (o AuthBackendRoleOutput) ToAuthBackendRoleOutputWithContext(ctx context.Context) AuthBackendRoleOutput

func (AuthBackendRoleOutput) TokenBoundCidrs added in v5.6.0 

func (o AuthBackendRoleOutput) TokenBoundCidrs() pulumi.StringArrayOutput

List of CIDR blocks; if set, specifies blocks of IP addresses which can authenticate successfully, and ties the resulting token to these blocks as well.

func (AuthBackendRoleOutput) TokenExplicitMaxTtl added in v5.6.0 

func (o AuthBackendRoleOutput) TokenExplicitMaxTtl() pulumi.IntPtrOutput

If set, will encode an [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls) onto the token in number of seconds. This is a hard cap even if `tokenTtl` and `tokenMaxTtl` would otherwise allow a renewal.

func (AuthBackendRoleOutput) TokenMaxTtl added in v5.6.0 

func (o AuthBackendRoleOutput) TokenMaxTtl() pulumi.IntPtrOutput

The maximum lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.

func (AuthBackendRoleOutput) TokenNoDefaultPolicy added in v5.6.0 

func (o AuthBackendRoleOutput) TokenNoDefaultPolicy() pulumi.BoolPtrOutput

If set, the default policy will not be set on generated tokens; otherwise it will be added to the policies set in token_policies.

func (AuthBackendRoleOutput) TokenNumUses added in v5.6.0 

func (o AuthBackendRoleOutput) TokenNumUses() pulumi.IntPtrOutput

The [maximum number](https://www.vaultproject.io/api-docs/azure#token_num_uses) of times a generated token may be used (within its lifetime); 0 means unlimited.

func (AuthBackendRoleOutput) TokenPeriod added in v5.6.0 

func (o AuthBackendRoleOutput) TokenPeriod() pulumi.IntPtrOutput

If set, indicates that the token generated using this role should never expire. The token should be renewed within the duration specified by this value. At each renewal, the token's TTL will be set to the value of this field. Specified in seconds.

func (AuthBackendRoleOutput) TokenPolicies added in v5.6.0 

func (o AuthBackendRoleOutput) TokenPolicies() pulumi.StringArrayOutput

List of policies to encode onto generated tokens. Depending on the auth method, this list may be supplemented by user/group/other values.

func (AuthBackendRoleOutput) TokenTtl added in v5.6.0 

func (o AuthBackendRoleOutput) TokenTtl() pulumi.IntPtrOutput

The incremental lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.

func (AuthBackendRoleOutput) TokenType added in v5.6.0 

func (o AuthBackendRoleOutput) TokenType() pulumi.StringPtrOutput

The type of token that should be generated. Can be `service`, `batch`, or `default` to use the mount's tuned default (which unless changed will be `service` tokens). For token store roles, there are two additional possibilities: `default-service` and `default-batch` which specify the type to return unless the client requests a different type at generation time.

type AuthBackendRoleState 

type AuthBackendRoleState struct {
	// Unique name of the auth backend to configure.
	Backend pulumi.StringPtrInput
	// If set, defines a constraint on the groups
	// that can perform the login operation that they should be using the group
	// ID specified by this field.
	BoundGroupIds pulumi.StringArrayInput
	// If set, defines a constraint on the virtual machines
	// that can perform the login operation that the location in their identity
	// document must match the one specified by this field.
	BoundLocations pulumi.StringArrayInput
	// If set, defines a constraint on the virtual
	// machines that can perform the login operation that they be associated with
	// the resource group that matches the value specified by this field.
	BoundResourceGroups pulumi.StringArrayInput
	// If set, defines a constraint on the virtual
	// machines that can perform the login operation that they must match the scale set
	// specified by this field.
	BoundScaleSets pulumi.StringArrayInput
	// If set, defines a constraint on the
	// service principals that can perform the login operation that they should be possess
	// the ids specified by this field.
	BoundServicePrincipalIds pulumi.StringArrayInput
	// If set, defines a constraint on the subscriptions
	// that can perform the login operation to ones which  matches the value specified by this
	// field.
	BoundSubscriptionIds pulumi.StringArrayInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// The name of the role.
	Role pulumi.StringPtrInput
	// List of CIDR blocks; if set, specifies blocks of IP
	// addresses which can authenticate successfully, and ties the resulting token to these blocks
	// as well.
	TokenBoundCidrs pulumi.StringArrayInput
	// If set, will encode an
	// [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
	// onto the token in number of seconds. This is a hard cap even if `tokenTtl` and
	// `tokenMaxTtl` would otherwise allow a renewal.
	TokenExplicitMaxTtl pulumi.IntPtrInput
	// The maximum lifetime for generated tokens in number of seconds.
	// Its current value will be referenced at renewal time.
	TokenMaxTtl pulumi.IntPtrInput
	// If set, the default policy will not be set on
	// generated tokens; otherwise it will be added to the policies set in token_policies.
	TokenNoDefaultPolicy pulumi.BoolPtrInput
	// The [maximum number](https://www.vaultproject.io/api-docs/azure#token_num_uses)
	// of times a generated token may be used (within its lifetime); 0 means unlimited.
	TokenNumUses pulumi.IntPtrInput
	// If set, indicates that the
	// token generated using this role should never expire. The token should be renewed within the
	// duration specified by this value. At each renewal, the token's TTL will be set to the
	// value of this field. Specified in seconds.
	TokenPeriod pulumi.IntPtrInput
	// List of policies to encode onto generated tokens. Depending
	// on the auth method, this list may be supplemented by user/group/other values.
	TokenPolicies pulumi.StringArrayInput
	// The incremental lifetime for generated tokens in number of seconds.
	// Its current value will be referenced at renewal time.
	TokenTtl pulumi.IntPtrInput
	// The type of token that should be generated. Can be `service`,
	// `batch`, or `default` to use the mount's tuned default (which unless changed will be
	// `service` tokens). For token store roles, there are two additional possibilities:
	// `default-service` and `default-batch` which specify the type to return unless the client
	// requests a different type at generation time.
	TokenType pulumi.StringPtrInput
}

func (AuthBackendRoleState) ElementType 

func (AuthBackendRoleState) ElementType() reflect.Type

type Backend 

type Backend struct {
	pulumi.CustomResourceState

	// The OAuth2 client id to connect to Azure.
	ClientId pulumi.StringPtrOutput `pulumi:"clientId"`
	// The OAuth2 client secret to connect to Azure.
	ClientSecret pulumi.StringPtrOutput `pulumi:"clientSecret"`
	// Human-friendly description of the mount for the backend.
	Description pulumi.StringPtrOutput `pulumi:"description"`
	// If set, opts out of mount migration on path updates.
	// See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
	DisableRemount pulumi.BoolPtrOutput `pulumi:"disableRemount"`
	// The Azure environment.
	Environment pulumi.StringPtrOutput `pulumi:"environment"`
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrOutput `pulumi:"namespace"`
	// The unique path this backend should be mounted at. Defaults to `azure`.
	Path pulumi.StringPtrOutput `pulumi:"path"`
	// The subscription id for the Azure Active Directory.
	SubscriptionId pulumi.StringOutput `pulumi:"subscriptionId"`
	// The tenant id for the Azure Active Directory.
	TenantId pulumi.StringOutput `pulumi:"tenantId"`
	// Use the Microsoft Graph API. Should be set to true on vault-1.10+
	UseMicrosoftGraphApi pulumi.BoolOutput `pulumi:"useMicrosoftGraphApi"`
}

## Example Usage ### *Vault-1.9 And Above*

```go package main

import ( 

"github.com/pulumi/pulumi-vault/sdk/v5/go/vault/azure"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := azure.NewBackend(ctx, "azure", &azure.BackendArgs{
			ClientId:             pulumi.String("11111111-2222-3333-4444-333333333333"),
			ClientSecret:         pulumi.String("12345678901234567890"),
			Environment:          pulumi.String("AzurePublicCloud"),
			SubscriptionId:       pulumi.String("11111111-2222-3333-4444-111111111111"),
			TenantId:             pulumi.String("11111111-2222-3333-4444-222222222222"),
			UseMicrosoftGraphApi: pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### *Vault-1.8 And Below*

```go package main

import ( 

"github.com/pulumi/pulumi-vault/sdk/v5/go/vault/azure"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := azure.NewBackend(ctx, "azure", &azure.BackendArgs{
			ClientId:             pulumi.String("11111111-2222-3333-4444-333333333333"),
			ClientSecret:         pulumi.String("12345678901234567890"),
			Environment:          pulumi.String("AzurePublicCloud"),
			SubscriptionId:       pulumi.String("11111111-2222-3333-4444-111111111111"),
			TenantId:             pulumi.String("11111111-2222-3333-4444-222222222222"),
			UseMicrosoftGraphApi: pulumi.Bool(false),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

func GetBackend 

func GetBackend(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *BackendState, opts ...pulumi.ResourceOption) (*Backend, error)

GetBackend gets an existing Backend resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewBackend 

func NewBackend(ctx *pulumi.Context,
	name string, args *BackendArgs, opts ...pulumi.ResourceOption) (*Backend, error)

NewBackend registers a new resource with the given unique name, arguments, and options.

func (*Backend) ElementType 

func (*Backend) ElementType() reflect.Type

func (*Backend) ToBackendOutput 

func (i *Backend) ToBackendOutput() BackendOutput

func (*Backend) ToBackendOutputWithContext 

func (i *Backend) ToBackendOutputWithContext(ctx context.Context) BackendOutput

type BackendArgs 

type BackendArgs struct {
	// The OAuth2 client id to connect to Azure.
	ClientId pulumi.StringPtrInput
	// The OAuth2 client secret to connect to Azure.
	ClientSecret pulumi.StringPtrInput
	// Human-friendly description of the mount for the backend.
	Description pulumi.StringPtrInput
	// If set, opts out of mount migration on path updates.
	// See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
	DisableRemount pulumi.BoolPtrInput
	// The Azure environment.
	Environment pulumi.StringPtrInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// The unique path this backend should be mounted at. Defaults to `azure`.
	Path pulumi.StringPtrInput
	// The subscription id for the Azure Active Directory.
	SubscriptionId pulumi.StringInput
	// The tenant id for the Azure Active Directory.
	TenantId pulumi.StringInput
	// Use the Microsoft Graph API. Should be set to true on vault-1.10+
	UseMicrosoftGraphApi pulumi.BoolPtrInput
}

The set of arguments for constructing a Backend resource.

func (BackendArgs) ElementType 

func (BackendArgs) ElementType() reflect.Type

type BackendArray 

type BackendArray []BackendInput

func (BackendArray) ElementType 

func (BackendArray) ElementType() reflect.Type

func (BackendArray) ToBackendArrayOutput 

func (i BackendArray) ToBackendArrayOutput() BackendArrayOutput

func (BackendArray) ToBackendArrayOutputWithContext 

func (i BackendArray) ToBackendArrayOutputWithContext(ctx context.Context) BackendArrayOutput

type BackendArrayInput 

type BackendArrayInput interface {
	pulumi.Input

	ToBackendArrayOutput() BackendArrayOutput
	ToBackendArrayOutputWithContext(context.Context) BackendArrayOutput
}

BackendArrayInput is an input type that accepts BackendArray and BackendArrayOutput values. You can construct a concrete instance of `BackendArrayInput` via: 

BackendArray{ BackendArgs{...} }

type BackendArrayOutput 

type BackendArrayOutput struct{ *pulumi.OutputState }

func (BackendArrayOutput) ElementType 

func (BackendArrayOutput) ElementType() reflect.Type

func (BackendArrayOutput) Index 

func (o BackendArrayOutput) Index(i pulumi.IntInput) BackendOutput

func (BackendArrayOutput) ToBackendArrayOutput 

func (o BackendArrayOutput) ToBackendArrayOutput() BackendArrayOutput

func (BackendArrayOutput) ToBackendArrayOutputWithContext 

func (o BackendArrayOutput) ToBackendArrayOutputWithContext(ctx context.Context) BackendArrayOutput

type BackendInput 

type BackendInput interface {
	pulumi.Input

	ToBackendOutput() BackendOutput
	ToBackendOutputWithContext(ctx context.Context) BackendOutput
}

type BackendMap 

type BackendMap map[string]BackendInput

func (BackendMap) ElementType 

func (BackendMap) ElementType() reflect.Type

func (BackendMap) ToBackendMapOutput 

func (i BackendMap) ToBackendMapOutput() BackendMapOutput

func (BackendMap) ToBackendMapOutputWithContext 

func (i BackendMap) ToBackendMapOutputWithContext(ctx context.Context) BackendMapOutput

type BackendMapInput 

type BackendMapInput interface {
	pulumi.Input

	ToBackendMapOutput() BackendMapOutput
	ToBackendMapOutputWithContext(context.Context) BackendMapOutput
}

BackendMapInput is an input type that accepts BackendMap and BackendMapOutput values. You can construct a concrete instance of `BackendMapInput` via: 

BackendMap{ "key": BackendArgs{...} }

type BackendMapOutput 

type BackendMapOutput struct{ *pulumi.OutputState }

func (BackendMapOutput) ElementType 

func (BackendMapOutput) ElementType() reflect.Type

func (BackendMapOutput) MapIndex 

func (o BackendMapOutput) MapIndex(k pulumi.StringInput) BackendOutput

func (BackendMapOutput) ToBackendMapOutput 

func (o BackendMapOutput) ToBackendMapOutput() BackendMapOutput

func (BackendMapOutput) ToBackendMapOutputWithContext 

func (o BackendMapOutput) ToBackendMapOutputWithContext(ctx context.Context) BackendMapOutput

type BackendOutput 

type BackendOutput struct{ *pulumi.OutputState }

func (BackendOutput) ClientId added in v5.6.0 

func (o BackendOutput) ClientId() pulumi.StringPtrOutput

The OAuth2 client id to connect to Azure.

func (BackendOutput) ClientSecret added in v5.6.0 

func (o BackendOutput) ClientSecret() pulumi.StringPtrOutput

The OAuth2 client secret to connect to Azure.

func (BackendOutput) Description added in v5.6.0 

func (o BackendOutput) Description() pulumi.StringPtrOutput

Human-friendly description of the mount for the backend.

func (BackendOutput) DisableRemount added in v5.7.0 

func (o BackendOutput) DisableRemount() pulumi.BoolPtrOutput

If set, opts out of mount migration on path updates. See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)

func (BackendOutput) ElementType 

func (BackendOutput) ElementType() reflect.Type

func (BackendOutput) Environment added in v5.6.0 

func (o BackendOutput) Environment() pulumi.StringPtrOutput

The Azure environment.

func (BackendOutput) Namespace added in v5.7.0 

func (o BackendOutput) Namespace() pulumi.StringPtrOutput

The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). *Available only for Vault Enterprise*.

func (BackendOutput) Path added in v5.6.0 

func (o BackendOutput) Path() pulumi.StringPtrOutput

The unique path this backend should be mounted at. Defaults to `azure`.

func (BackendOutput) SubscriptionId added in v5.6.0 

func (o BackendOutput) SubscriptionId() pulumi.StringOutput

The subscription id for the Azure Active Directory.

func (BackendOutput) TenantId added in v5.6.0 

func (o BackendOutput) TenantId() pulumi.StringOutput

The tenant id for the Azure Active Directory.

func (BackendOutput) ToBackendOutput 

func (o BackendOutput) ToBackendOutput() BackendOutput

func (BackendOutput) ToBackendOutputWithContext 

func (o BackendOutput) ToBackendOutputWithContext(ctx context.Context) BackendOutput

func (BackendOutput) UseMicrosoftGraphApi added in v5.6.0 

func (o BackendOutput) UseMicrosoftGraphApi() pulumi.BoolOutput

Use the Microsoft Graph API. Should be set to true on vault-1.10+

type BackendRole 

type BackendRole struct {
	pulumi.CustomResourceState

	// Application Object ID for an existing service principal that will
	// be used instead of creating dynamic service principals. If present, `azureRoles` and `permanentlyDelete` will be ignored.
	ApplicationObjectId pulumi.StringPtrOutput `pulumi:"applicationObjectId"`
	// List of Azure groups to be assigned to the generated service principal.
	AzureGroups BackendRoleAzureGroupArrayOutput `pulumi:"azureGroups"`
	// List of Azure roles to be assigned to the generated service principal.
	AzureRoles BackendRoleAzureRoleArrayOutput `pulumi:"azureRoles"`
	// Path to the mounted Azure auth backend
	Backend pulumi.StringPtrOutput `pulumi:"backend"`
	// Human-friendly description of the mount for the backend.
	Description pulumi.StringPtrOutput `pulumi:"description"`
	// Specifies the maximum TTL for service principals generated using this role. Accepts time
	// suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine max TTL time.
	MaxTtl pulumi.StringPtrOutput `pulumi:"maxTtl"`
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrOutput `pulumi:"namespace"`
	// Indicates whether the applications and service principals created by Vault will be permanently
	// deleted when the corresponding leases expire. Defaults to `false`. For Vault v1.12+.
	PermanentlyDelete pulumi.BoolOutput `pulumi:"permanentlyDelete"`
	// Name of the Azure role
	Role pulumi.StringOutput `pulumi:"role"`
	// Specifies the security principal types that are allowed to sign in to the application.
	// Valid values are: AzureADMyOrg, AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount, PersonalMicrosoftAccount. Requires Vault 1.16+.
	SignInAudience pulumi.StringPtrOutput `pulumi:"signInAudience"`
	// A list of Azure tags to attach to an application. Requires Vault 1.16+.
	Tags pulumi.StringArrayOutput `pulumi:"tags"`
	// Specifies the default TTL for service principals generated using this role.
	// Accepts time suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine default TTL time.
	Ttl pulumi.StringPtrOutput `pulumi:"ttl"`
}

## Example Usage

```go package main

import ( 

"fmt"

"github.com/pulumi/pulumi-vault/sdk/v5/go/vault/azure"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		azure, err := azure.NewBackend(ctx, "azure", &azure.BackendArgs{
			SubscriptionId: pulumi.Any(_var.Subscription_id),
			TenantId:       pulumi.Any(_var.Tenant_id),
			ClientSecret:   pulumi.Any(_var.Client_secret),
			ClientId:       pulumi.Any(_var.Client_id),
		})
		if err != nil {
			return err
		}
		_, err = azure.NewBackendRole(ctx, "generatedRole", &azure.BackendRoleArgs{
			Backend:        azure.Path,
			Role:           pulumi.String("generated_role"),
			SignInAudience: pulumi.String("AzureADMyOrg"),
			Tags: pulumi.StringArray{
				pulumi.String("team:engineering"),
				pulumi.String("environment:development"),
			},
			Ttl:    pulumi.String("300"),
			MaxTtl: pulumi.String("600"),
			AzureRoles: azure.BackendRoleAzureRoleArray{
				&azure.BackendRoleAzureRoleArgs{
					RoleName: pulumi.String("Reader"),
					Scope:    pulumi.String(fmt.Sprintf("/subscriptions/%v/resourceGroups/azure-vault-group", _var.Subscription_id)),
				},
			},
		})
		if err != nil {
			return err
		}
		_, err = azure.NewBackendRole(ctx, "existingObjectId", &azure.BackendRoleArgs{
			Backend:             azure.Path,
			Role:                pulumi.String("existing_object_id"),
			ApplicationObjectId: pulumi.String("11111111-2222-3333-4444-44444444444"),
			Ttl:                 pulumi.String("300"),
			MaxTtl:              pulumi.String("600"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

func GetBackendRole 

func GetBackendRole(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *BackendRoleState, opts ...pulumi.ResourceOption) (*BackendRole, error)

GetBackendRole gets an existing BackendRole resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewBackendRole 

func NewBackendRole(ctx *pulumi.Context,
	name string, args *BackendRoleArgs, opts ...pulumi.ResourceOption) (*BackendRole, error)

NewBackendRole registers a new resource with the given unique name, arguments, and options.

func (*BackendRole) ElementType 

func (*BackendRole) ElementType() reflect.Type

func (*BackendRole) ToBackendRoleOutput 

func (i *BackendRole) ToBackendRoleOutput() BackendRoleOutput

func (*BackendRole) ToBackendRoleOutputWithContext 

func (i *BackendRole) ToBackendRoleOutputWithContext(ctx context.Context) BackendRoleOutput

type BackendRoleArgs 

type BackendRoleArgs struct {
	// Application Object ID for an existing service principal that will
	// be used instead of creating dynamic service principals. If present, `azureRoles` and `permanentlyDelete` will be ignored.
	ApplicationObjectId pulumi.StringPtrInput
	// List of Azure groups to be assigned to the generated service principal.
	AzureGroups BackendRoleAzureGroupArrayInput
	// List of Azure roles to be assigned to the generated service principal.
	AzureRoles BackendRoleAzureRoleArrayInput
	// Path to the mounted Azure auth backend
	Backend pulumi.StringPtrInput
	// Human-friendly description of the mount for the backend.
	Description pulumi.StringPtrInput
	// Specifies the maximum TTL for service principals generated using this role. Accepts time
	// suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine max TTL time.
	MaxTtl pulumi.StringPtrInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// Indicates whether the applications and service principals created by Vault will be permanently
	// deleted when the corresponding leases expire. Defaults to `false`. For Vault v1.12+.
	PermanentlyDelete pulumi.BoolPtrInput
	// Name of the Azure role
	Role pulumi.StringInput
	// Specifies the security principal types that are allowed to sign in to the application.
	// Valid values are: AzureADMyOrg, AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount, PersonalMicrosoftAccount. Requires Vault 1.16+.
	SignInAudience pulumi.StringPtrInput
	// A list of Azure tags to attach to an application. Requires Vault 1.16+.
	Tags pulumi.StringArrayInput
	// Specifies the default TTL for service principals generated using this role.
	// Accepts time suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine default TTL time.
	Ttl pulumi.StringPtrInput
}

The set of arguments for constructing a BackendRole resource.

func (BackendRoleArgs) ElementType 

func (BackendRoleArgs) ElementType() reflect.Type

type BackendRoleArray 

type BackendRoleArray []BackendRoleInput

func (BackendRoleArray) ElementType 

func (BackendRoleArray) ElementType() reflect.Type

func (BackendRoleArray) ToBackendRoleArrayOutput 

func (i BackendRoleArray) ToBackendRoleArrayOutput() BackendRoleArrayOutput

func (BackendRoleArray) ToBackendRoleArrayOutputWithContext 

func (i BackendRoleArray) ToBackendRoleArrayOutputWithContext(ctx context.Context) BackendRoleArrayOutput

type BackendRoleArrayInput 

type BackendRoleArrayInput interface {
	pulumi.Input

	ToBackendRoleArrayOutput() BackendRoleArrayOutput
	ToBackendRoleArrayOutputWithContext(context.Context) BackendRoleArrayOutput
}

BackendRoleArrayInput is an input type that accepts BackendRoleArray and BackendRoleArrayOutput values. You can construct a concrete instance of `BackendRoleArrayInput` via: 

BackendRoleArray{ BackendRoleArgs{...} }

type BackendRoleArrayOutput 

type BackendRoleArrayOutput struct{ *pulumi.OutputState }

func (BackendRoleArrayOutput) ElementType 

func (BackendRoleArrayOutput) ElementType() reflect.Type

func (BackendRoleArrayOutput) Index 

func (o BackendRoleArrayOutput) Index(i pulumi.IntInput) BackendRoleOutput

func (BackendRoleArrayOutput) ToBackendRoleArrayOutput 

func (o BackendRoleArrayOutput) ToBackendRoleArrayOutput() BackendRoleArrayOutput

func (BackendRoleArrayOutput) ToBackendRoleArrayOutputWithContext 

func (o BackendRoleArrayOutput) ToBackendRoleArrayOutputWithContext(ctx context.Context) BackendRoleArrayOutput

type BackendRoleAzureGroup 

type BackendRoleAzureGroup struct {
	GroupName string  `pulumi:"groupName"`
	ObjectId  *string `pulumi:"objectId"`
}

type BackendRoleAzureGroupArgs 

type BackendRoleAzureGroupArgs struct {
	GroupName pulumi.StringInput    `pulumi:"groupName"`
	ObjectId  pulumi.StringPtrInput `pulumi:"objectId"`
}

func (BackendRoleAzureGroupArgs) ElementType 

func (BackendRoleAzureGroupArgs) ElementType() reflect.Type

func (BackendRoleAzureGroupArgs) ToBackendRoleAzureGroupOutput 

func (i BackendRoleAzureGroupArgs) ToBackendRoleAzureGroupOutput() BackendRoleAzureGroupOutput

func (BackendRoleAzureGroupArgs) ToBackendRoleAzureGroupOutputWithContext 

func (i BackendRoleAzureGroupArgs) ToBackendRoleAzureGroupOutputWithContext(ctx context.Context) BackendRoleAzureGroupOutput

type BackendRoleAzureGroupArray 

type BackendRoleAzureGroupArray []BackendRoleAzureGroupInput

func (BackendRoleAzureGroupArray) ElementType 

func (BackendRoleAzureGroupArray) ElementType() reflect.Type

func (BackendRoleAzureGroupArray) ToBackendRoleAzureGroupArrayOutput 

func (i BackendRoleAzureGroupArray) ToBackendRoleAzureGroupArrayOutput() BackendRoleAzureGroupArrayOutput

func (BackendRoleAzureGroupArray) ToBackendRoleAzureGroupArrayOutputWithContext 

func (i BackendRoleAzureGroupArray) ToBackendRoleAzureGroupArrayOutputWithContext(ctx context.Context) BackendRoleAzureGroupArrayOutput

type BackendRoleAzureGroupArrayInput 

type BackendRoleAzureGroupArrayInput interface {
	pulumi.Input

	ToBackendRoleAzureGroupArrayOutput() BackendRoleAzureGroupArrayOutput
	ToBackendRoleAzureGroupArrayOutputWithContext(context.Context) BackendRoleAzureGroupArrayOutput
}

BackendRoleAzureGroupArrayInput is an input type that accepts BackendRoleAzureGroupArray and BackendRoleAzureGroupArrayOutput values. You can construct a concrete instance of `BackendRoleAzureGroupArrayInput` via: 

BackendRoleAzureGroupArray{ BackendRoleAzureGroupArgs{...} }

type BackendRoleAzureGroupArrayOutput 

type BackendRoleAzureGroupArrayOutput struct{ *pulumi.OutputState }

func (BackendRoleAzureGroupArrayOutput) ElementType 

func (BackendRoleAzureGroupArrayOutput) ElementType() reflect.Type

func (BackendRoleAzureGroupArrayOutput) Index 

func (o BackendRoleAzureGroupArrayOutput) Index(i pulumi.IntInput) BackendRoleAzureGroupOutput

func (BackendRoleAzureGroupArrayOutput) ToBackendRoleAzureGroupArrayOutput 

func (o BackendRoleAzureGroupArrayOutput) ToBackendRoleAzureGroupArrayOutput() BackendRoleAzureGroupArrayOutput

func (BackendRoleAzureGroupArrayOutput) ToBackendRoleAzureGroupArrayOutputWithContext 

func (o BackendRoleAzureGroupArrayOutput) ToBackendRoleAzureGroupArrayOutputWithContext(ctx context.Context) BackendRoleAzureGroupArrayOutput

type BackendRoleAzureGroupInput 

type BackendRoleAzureGroupInput interface {
	pulumi.Input

	ToBackendRoleAzureGroupOutput() BackendRoleAzureGroupOutput
	ToBackendRoleAzureGroupOutputWithContext(context.Context) BackendRoleAzureGroupOutput
}

BackendRoleAzureGroupInput is an input type that accepts BackendRoleAzureGroupArgs and BackendRoleAzureGroupOutput values. You can construct a concrete instance of `BackendRoleAzureGroupInput` via: 

BackendRoleAzureGroupArgs{...}

type BackendRoleAzureGroupOutput 

type BackendRoleAzureGroupOutput struct{ *pulumi.OutputState }

func (BackendRoleAzureGroupOutput) ElementType 

func (BackendRoleAzureGroupOutput) ElementType() reflect.Type

func (BackendRoleAzureGroupOutput) GroupName 

func (o BackendRoleAzureGroupOutput) GroupName() pulumi.StringOutput

func (BackendRoleAzureGroupOutput) ObjectId 

func (o BackendRoleAzureGroupOutput) ObjectId() pulumi.StringPtrOutput

func (BackendRoleAzureGroupOutput) ToBackendRoleAzureGroupOutput 

func (o BackendRoleAzureGroupOutput) ToBackendRoleAzureGroupOutput() BackendRoleAzureGroupOutput

func (BackendRoleAzureGroupOutput) ToBackendRoleAzureGroupOutputWithContext 

func (o BackendRoleAzureGroupOutput) ToBackendRoleAzureGroupOutputWithContext(ctx context.Context) BackendRoleAzureGroupOutput

type BackendRoleAzureRole 

type BackendRoleAzureRole struct {
	RoleId   *string `pulumi:"roleId"`
	RoleName *string `pulumi:"roleName"`
	Scope    string  `pulumi:"scope"`
}

type BackendRoleAzureRoleArgs 

type BackendRoleAzureRoleArgs struct {
	RoleId   pulumi.StringPtrInput `pulumi:"roleId"`
	RoleName pulumi.StringPtrInput `pulumi:"roleName"`
	Scope    pulumi.StringInput    `pulumi:"scope"`
}

func (BackendRoleAzureRoleArgs) ElementType 

func (BackendRoleAzureRoleArgs) ElementType() reflect.Type

func (BackendRoleAzureRoleArgs) ToBackendRoleAzureRoleOutput 

func (i BackendRoleAzureRoleArgs) ToBackendRoleAzureRoleOutput() BackendRoleAzureRoleOutput

func (BackendRoleAzureRoleArgs) ToBackendRoleAzureRoleOutputWithContext 

func (i BackendRoleAzureRoleArgs) ToBackendRoleAzureRoleOutputWithContext(ctx context.Context) BackendRoleAzureRoleOutput

type BackendRoleAzureRoleArray 

type BackendRoleAzureRoleArray []BackendRoleAzureRoleInput

func (BackendRoleAzureRoleArray) ElementType 

func (BackendRoleAzureRoleArray) ElementType() reflect.Type

func (BackendRoleAzureRoleArray) ToBackendRoleAzureRoleArrayOutput 

func (i BackendRoleAzureRoleArray) ToBackendRoleAzureRoleArrayOutput() BackendRoleAzureRoleArrayOutput

func (BackendRoleAzureRoleArray) ToBackendRoleAzureRoleArrayOutputWithContext 

func (i BackendRoleAzureRoleArray) ToBackendRoleAzureRoleArrayOutputWithContext(ctx context.Context) BackendRoleAzureRoleArrayOutput

type BackendRoleAzureRoleArrayInput 

type BackendRoleAzureRoleArrayInput interface {
	pulumi.Input

	ToBackendRoleAzureRoleArrayOutput() BackendRoleAzureRoleArrayOutput
	ToBackendRoleAzureRoleArrayOutputWithContext(context.Context) BackendRoleAzureRoleArrayOutput
}

BackendRoleAzureRoleArrayInput is an input type that accepts BackendRoleAzureRoleArray and BackendRoleAzureRoleArrayOutput values. You can construct a concrete instance of `BackendRoleAzureRoleArrayInput` via: 

BackendRoleAzureRoleArray{ BackendRoleAzureRoleArgs{...} }

type BackendRoleAzureRoleArrayOutput 

type BackendRoleAzureRoleArrayOutput struct{ *pulumi.OutputState }

func (BackendRoleAzureRoleArrayOutput) ElementType 

func (BackendRoleAzureRoleArrayOutput) ElementType() reflect.Type

func (BackendRoleAzureRoleArrayOutput) Index 

func (o BackendRoleAzureRoleArrayOutput) Index(i pulumi.IntInput) BackendRoleAzureRoleOutput

func (BackendRoleAzureRoleArrayOutput) ToBackendRoleAzureRoleArrayOutput 

func (o BackendRoleAzureRoleArrayOutput) ToBackendRoleAzureRoleArrayOutput() BackendRoleAzureRoleArrayOutput

func (BackendRoleAzureRoleArrayOutput) ToBackendRoleAzureRoleArrayOutputWithContext 

func (o BackendRoleAzureRoleArrayOutput) ToBackendRoleAzureRoleArrayOutputWithContext(ctx context.Context) BackendRoleAzureRoleArrayOutput

type BackendRoleAzureRoleInput 

type BackendRoleAzureRoleInput interface {
	pulumi.Input

	ToBackendRoleAzureRoleOutput() BackendRoleAzureRoleOutput
	ToBackendRoleAzureRoleOutputWithContext(context.Context) BackendRoleAzureRoleOutput
}

BackendRoleAzureRoleInput is an input type that accepts BackendRoleAzureRoleArgs and BackendRoleAzureRoleOutput values. You can construct a concrete instance of `BackendRoleAzureRoleInput` via: 

BackendRoleAzureRoleArgs{...}

type BackendRoleAzureRoleOutput 

type BackendRoleAzureRoleOutput struct{ *pulumi.OutputState }

func (BackendRoleAzureRoleOutput) ElementType 

func (BackendRoleAzureRoleOutput) ElementType() reflect.Type

func (BackendRoleAzureRoleOutput) RoleId 

func (o BackendRoleAzureRoleOutput) RoleId() pulumi.StringPtrOutput

func (BackendRoleAzureRoleOutput) RoleName 

func (o BackendRoleAzureRoleOutput) RoleName() pulumi.StringPtrOutput

func (BackendRoleAzureRoleOutput) Scope 

func (o BackendRoleAzureRoleOutput) Scope() pulumi.StringOutput

func (BackendRoleAzureRoleOutput) ToBackendRoleAzureRoleOutput 

func (o BackendRoleAzureRoleOutput) ToBackendRoleAzureRoleOutput() BackendRoleAzureRoleOutput

func (BackendRoleAzureRoleOutput) ToBackendRoleAzureRoleOutputWithContext 

func (o BackendRoleAzureRoleOutput) ToBackendRoleAzureRoleOutputWithContext(ctx context.Context) BackendRoleAzureRoleOutput

type BackendRoleInput 

type BackendRoleInput interface {
	pulumi.Input

	ToBackendRoleOutput() BackendRoleOutput
	ToBackendRoleOutputWithContext(ctx context.Context) BackendRoleOutput
}

type BackendRoleMap 

type BackendRoleMap map[string]BackendRoleInput

func (BackendRoleMap) ElementType 

func (BackendRoleMap) ElementType() reflect.Type

func (BackendRoleMap) ToBackendRoleMapOutput 

func (i BackendRoleMap) ToBackendRoleMapOutput() BackendRoleMapOutput

func (BackendRoleMap) ToBackendRoleMapOutputWithContext 

func (i BackendRoleMap) ToBackendRoleMapOutputWithContext(ctx context.Context) BackendRoleMapOutput

type BackendRoleMapInput 

type BackendRoleMapInput interface {
	pulumi.Input

	ToBackendRoleMapOutput() BackendRoleMapOutput
	ToBackendRoleMapOutputWithContext(context.Context) BackendRoleMapOutput
}

BackendRoleMapInput is an input type that accepts BackendRoleMap and BackendRoleMapOutput values. You can construct a concrete instance of `BackendRoleMapInput` via: 

BackendRoleMap{ "key": BackendRoleArgs{...} }

type BackendRoleMapOutput 

type BackendRoleMapOutput struct{ *pulumi.OutputState }

func (BackendRoleMapOutput) ElementType 

func (BackendRoleMapOutput) ElementType() reflect.Type

func (BackendRoleMapOutput) MapIndex 

func (o BackendRoleMapOutput) MapIndex(k pulumi.StringInput) BackendRoleOutput

func (BackendRoleMapOutput) ToBackendRoleMapOutput 

func (o BackendRoleMapOutput) ToBackendRoleMapOutput() BackendRoleMapOutput

func (BackendRoleMapOutput) ToBackendRoleMapOutputWithContext 

func (o BackendRoleMapOutput) ToBackendRoleMapOutputWithContext(ctx context.Context) BackendRoleMapOutput

type BackendRoleOutput 

type BackendRoleOutput struct{ *pulumi.OutputState }

func (BackendRoleOutput) ApplicationObjectId added in v5.6.0 

func (o BackendRoleOutput) ApplicationObjectId() pulumi.StringPtrOutput

Application Object ID for an existing service principal that will be used instead of creating dynamic service principals. If present, `azureRoles` and `permanentlyDelete` will be ignored.

func (BackendRoleOutput) AzureGroups added in v5.6.0 

func (o BackendRoleOutput) AzureGroups() BackendRoleAzureGroupArrayOutput

List of Azure groups to be assigned to the generated service principal.

func (BackendRoleOutput) AzureRoles added in v5.6.0 

func (o BackendRoleOutput) AzureRoles() BackendRoleAzureRoleArrayOutput

List of Azure roles to be assigned to the generated service principal.

func (BackendRoleOutput) Backend added in v5.6.0 

func (o BackendRoleOutput) Backend() pulumi.StringPtrOutput

Path to the mounted Azure auth backend

func (BackendRoleOutput) Description added in v5.6.0 

func (o BackendRoleOutput) Description() pulumi.StringPtrOutput

Human-friendly description of the mount for the backend.

func (BackendRoleOutput) ElementType 

func (BackendRoleOutput) ElementType() reflect.Type

func (BackendRoleOutput) MaxTtl added in v5.6.0 

func (o BackendRoleOutput) MaxTtl() pulumi.StringPtrOutput

Specifies the maximum TTL for service principals generated using this role. Accepts time suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine max TTL time.

func (BackendRoleOutput) Namespace added in v5.7.0 

func (o BackendRoleOutput) Namespace() pulumi.StringPtrOutput

The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). *Available only for Vault Enterprise*.

func (BackendRoleOutput) PermanentlyDelete added in v5.15.0 

func (o BackendRoleOutput) PermanentlyDelete() pulumi.BoolOutput

Indicates whether the applications and service principals created by Vault will be permanently deleted when the corresponding leases expire. Defaults to `false`. For Vault v1.12+.

func (BackendRoleOutput) Role added in v5.6.0 

func (o BackendRoleOutput) Role() pulumi.StringOutput

Name of the Azure role

func (BackendRoleOutput) SignInAudience added in v5.19.0 

func (o BackendRoleOutput) SignInAudience() pulumi.StringPtrOutput

Specifies the security principal types that are allowed to sign in to the application. Valid values are: AzureADMyOrg, AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount, PersonalMicrosoftAccount. Requires Vault 1.16+.

func (BackendRoleOutput) Tags added in v5.19.0 

func (o BackendRoleOutput) Tags() pulumi.StringArrayOutput

A list of Azure tags to attach to an application. Requires Vault 1.16+.

func (BackendRoleOutput) ToBackendRoleOutput 

func (o BackendRoleOutput) ToBackendRoleOutput() BackendRoleOutput

func (BackendRoleOutput) ToBackendRoleOutputWithContext 

func (o BackendRoleOutput) ToBackendRoleOutputWithContext(ctx context.Context) BackendRoleOutput

func (BackendRoleOutput) Ttl added in v5.6.0 

func (o BackendRoleOutput) Ttl() pulumi.StringPtrOutput

Specifies the default TTL for service principals generated using this role. Accepts time suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine default TTL time.

type BackendRoleState 

type BackendRoleState struct {
	// Application Object ID for an existing service principal that will
	// be used instead of creating dynamic service principals. If present, `azureRoles` and `permanentlyDelete` will be ignored.
	ApplicationObjectId pulumi.StringPtrInput
	// List of Azure groups to be assigned to the generated service principal.
	AzureGroups BackendRoleAzureGroupArrayInput
	// List of Azure roles to be assigned to the generated service principal.
	AzureRoles BackendRoleAzureRoleArrayInput
	// Path to the mounted Azure auth backend
	Backend pulumi.StringPtrInput
	// Human-friendly description of the mount for the backend.
	Description pulumi.StringPtrInput
	// Specifies the maximum TTL for service principals generated using this role. Accepts time
	// suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine max TTL time.
	MaxTtl pulumi.StringPtrInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// Indicates whether the applications and service principals created by Vault will be permanently
	// deleted when the corresponding leases expire. Defaults to `false`. For Vault v1.12+.
	PermanentlyDelete pulumi.BoolPtrInput
	// Name of the Azure role
	Role pulumi.StringPtrInput
	// Specifies the security principal types that are allowed to sign in to the application.
	// Valid values are: AzureADMyOrg, AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount, PersonalMicrosoftAccount. Requires Vault 1.16+.
	SignInAudience pulumi.StringPtrInput
	// A list of Azure tags to attach to an application. Requires Vault 1.16+.
	Tags pulumi.StringArrayInput
	// Specifies the default TTL for service principals generated using this role.
	// Accepts time suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine default TTL time.
	Ttl pulumi.StringPtrInput
}

func (BackendRoleState) ElementType 

func (BackendRoleState) ElementType() reflect.Type

type BackendState 

type BackendState struct {
	// The OAuth2 client id to connect to Azure.
	ClientId pulumi.StringPtrInput
	// The OAuth2 client secret to connect to Azure.
	ClientSecret pulumi.StringPtrInput
	// Human-friendly description of the mount for the backend.
	Description pulumi.StringPtrInput
	// If set, opts out of mount migration on path updates.
	// See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
	DisableRemount pulumi.BoolPtrInput
	// The Azure environment.
	Environment pulumi.StringPtrInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// The unique path this backend should be mounted at. Defaults to `azure`.
	Path pulumi.StringPtrInput
	// The subscription id for the Azure Active Directory.
	SubscriptionId pulumi.StringPtrInput
	// The tenant id for the Azure Active Directory.
	TenantId pulumi.StringPtrInput
	// Use the Microsoft Graph API. Should be set to true on vault-1.10+
	UseMicrosoftGraphApi pulumi.BoolPtrInput
}

func (BackendState) ElementType 

func (BackendState) ElementType() reflect.Type

type GetAccessCredentialsArgs 

type GetAccessCredentialsArgs struct {
	// The path to the Azure secret backend to
	// read credentials from, with no leading or trailing `/`s.
	Backend string `pulumi:"backend"`
	// The Azure environment to use during credential validation.
	// Defaults to the environment configured in the Vault backend.
	// Some possible values: `AzurePublicCloud`, `AzureGovernmentCloud`
	// *See the caveats section for more information on this field.*
	Environment *string `pulumi:"environment"`
	// If 'validate_creds' is true,
	// the number of seconds after which to give up validating credentials. Defaults
	// to 300.
	MaxCredValidationSeconds *int `pulumi:"maxCredValidationSeconds"`
	// The namespace of the target resource.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
	// *Available only for Vault Enterprise*.
	Namespace *string `pulumi:"namespace"`
	// If 'validate_creds' is true,
	// the number of seconds to wait between each test of generated credentials.
	// Defaults to 1.
	NumSecondsBetweenTests *int `pulumi:"numSecondsBetweenTests"`
	// If 'validate_creds' is true,
	// the number of sequential successes required to validate generated
	// credentials. Defaults to 8.
	NumSequentialSuccesses *int `pulumi:"numSequentialSuccesses"`
	// The name of the Azure secret backend role to read
	// credentials from, with no leading or trailing `/`s.
	Role string `pulumi:"role"`
	// The subscription ID to use during credential
	// validation. Defaults to the subscription ID configured in the Vault `backend`.
	// *See the caveats section for more information on this field.*
	SubscriptionId *string `pulumi:"subscriptionId"`
	// The tenant ID to use during credential validation.
	// Defaults to the tenant ID configured in the Vault `backend`.
	// *See the caveats section for more information on this field.*
	TenantId *string `pulumi:"tenantId"`
	// Whether generated credentials should be
	// validated before being returned. Defaults to `false`, which returns
	// credentials without checking whether they have fully propagated throughout
	// Azure Active Directory. Designating `true` activates testing.
	ValidateCreds *bool `pulumi:"validateCreds"`
}

A collection of arguments for invoking getAccessCredentials.

type GetAccessCredentialsOutputArgs 

type GetAccessCredentialsOutputArgs struct {
	// The path to the Azure secret backend to
	// read credentials from, with no leading or trailing `/`s.
	Backend pulumi.StringInput `pulumi:"backend"`
	// The Azure environment to use during credential validation.
	// Defaults to the environment configured in the Vault backend.
	// Some possible values: `AzurePublicCloud`, `AzureGovernmentCloud`
	// *See the caveats section for more information on this field.*
	Environment pulumi.StringPtrInput `pulumi:"environment"`
	// If 'validate_creds' is true,
	// the number of seconds after which to give up validating credentials. Defaults
	// to 300.
	MaxCredValidationSeconds pulumi.IntPtrInput `pulumi:"maxCredValidationSeconds"`
	// The namespace of the target resource.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput `pulumi:"namespace"`
	// If 'validate_creds' is true,
	// the number of seconds to wait between each test of generated credentials.
	// Defaults to 1.
	NumSecondsBetweenTests pulumi.IntPtrInput `pulumi:"numSecondsBetweenTests"`
	// If 'validate_creds' is true,
	// the number of sequential successes required to validate generated
	// credentials. Defaults to 8.
	NumSequentialSuccesses pulumi.IntPtrInput `pulumi:"numSequentialSuccesses"`
	// The name of the Azure secret backend role to read
	// credentials from, with no leading or trailing `/`s.
	Role pulumi.StringInput `pulumi:"role"`
	// The subscription ID to use during credential
	// validation. Defaults to the subscription ID configured in the Vault `backend`.
	// *See the caveats section for more information on this field.*
	SubscriptionId pulumi.StringPtrInput `pulumi:"subscriptionId"`
	// The tenant ID to use during credential validation.
	// Defaults to the tenant ID configured in the Vault `backend`.
	// *See the caveats section for more information on this field.*
	TenantId pulumi.StringPtrInput `pulumi:"tenantId"`
	// Whether generated credentials should be
	// validated before being returned. Defaults to `false`, which returns
	// credentials without checking whether they have fully propagated throughout
	// Azure Active Directory. Designating `true` activates testing.
	ValidateCreds pulumi.BoolPtrInput `pulumi:"validateCreds"`
}

A collection of arguments for invoking getAccessCredentials.

func (GetAccessCredentialsOutputArgs) ElementType 

func (GetAccessCredentialsOutputArgs) ElementType() reflect.Type

type GetAccessCredentialsResult 

type GetAccessCredentialsResult struct {
	Backend string `pulumi:"backend"`
	// The client id for credentials to query the Azure APIs.
	ClientId string `pulumi:"clientId"`
	// The client secret for credentials to query the Azure APIs.
	ClientSecret string  `pulumi:"clientSecret"`
	Environment  *string `pulumi:"environment"`
	// The provider-assigned unique ID for this managed resource.
	Id string `pulumi:"id"`
	// The duration of the secret lease, in seconds relative
	// to the time the data was requested. Once this time has passed any plan
	// generated with this data may fail to apply.
	LeaseDuration int `pulumi:"leaseDuration"`
	// The lease identifier assigned by Vault.
	LeaseId                  string  `pulumi:"leaseId"`
	LeaseRenewable           bool    `pulumi:"leaseRenewable"`
	LeaseStartTime           string  `pulumi:"leaseStartTime"`
	MaxCredValidationSeconds *int    `pulumi:"maxCredValidationSeconds"`
	Namespace                *string `pulumi:"namespace"`
	NumSecondsBetweenTests   *int    `pulumi:"numSecondsBetweenTests"`
	NumSequentialSuccesses   *int    `pulumi:"numSequentialSuccesses"`
	Role                     string  `pulumi:"role"`
	SubscriptionId           *string `pulumi:"subscriptionId"`
	TenantId                 *string `pulumi:"tenantId"`
	ValidateCreds            *bool   `pulumi:"validateCreds"`
}

A collection of values returned by getAccessCredentials.

func GetAccessCredentials 

func GetAccessCredentials(ctx *pulumi.Context, args *GetAccessCredentialsArgs, opts ...pulumi.InvokeOption) (*GetAccessCredentialsResult, error)

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-vault/sdk/v5/go/vault/azure"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := azure.GetAccessCredentials(ctx, &azure.GetAccessCredentialsArgs{
			Role:                     "my-role",
			ValidateCreds:            pulumi.BoolRef(true),
			NumSequentialSuccesses:   pulumi.IntRef(8),
			NumSecondsBetweenTests:   pulumi.IntRef(1),
			MaxCredValidationSeconds: pulumi.IntRef(300),
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

``` ## Caveats

The `validateCreds` option requires read-access to the `backend` config endpoint. If the effective Vault role does not have the required permissions then valid values are required to be set for: `subscriptionId`, `tenantId`, `environment`.

type GetAccessCredentialsResultOutput 

type GetAccessCredentialsResultOutput struct{ *pulumi.OutputState }

A collection of values returned by getAccessCredentials.

func GetAccessCredentialsOutput 

func GetAccessCredentialsOutput(ctx *pulumi.Context, args GetAccessCredentialsOutputArgs, opts ...pulumi.InvokeOption) GetAccessCredentialsResultOutput

func (GetAccessCredentialsResultOutput) Backend 

func (o GetAccessCredentialsResultOutput) Backend() pulumi.StringOutput

func (GetAccessCredentialsResultOutput) ClientId 

func (o GetAccessCredentialsResultOutput) ClientId() pulumi.StringOutput

The client id for credentials to query the Azure APIs.

func (GetAccessCredentialsResultOutput) ClientSecret 

func (o GetAccessCredentialsResultOutput) ClientSecret() pulumi.StringOutput

The client secret for credentials to query the Azure APIs.

func (GetAccessCredentialsResultOutput) ElementType 

func (GetAccessCredentialsResultOutput) ElementType() reflect.Type

func (GetAccessCredentialsResultOutput) Environment added in v5.4.1 

func (o GetAccessCredentialsResultOutput) Environment() pulumi.StringPtrOutput

func (GetAccessCredentialsResultOutput) Id 

func (o GetAccessCredentialsResultOutput) Id() pulumi.StringOutput

The provider-assigned unique ID for this managed resource.

func (GetAccessCredentialsResultOutput) LeaseDuration 

func (o GetAccessCredentialsResultOutput) LeaseDuration() pulumi.IntOutput

The duration of the secret lease, in seconds relative to the time the data was requested. Once this time has passed any plan generated with this data may fail to apply.

func (GetAccessCredentialsResultOutput) LeaseId 

func (o GetAccessCredentialsResultOutput) LeaseId() pulumi.StringOutput

The lease identifier assigned by Vault.

func (GetAccessCredentialsResultOutput) LeaseRenewable 

func (o GetAccessCredentialsResultOutput) LeaseRenewable() pulumi.BoolOutput

func (GetAccessCredentialsResultOutput) LeaseStartTime 

func (o GetAccessCredentialsResultOutput) LeaseStartTime() pulumi.StringOutput

func (GetAccessCredentialsResultOutput) MaxCredValidationSeconds 

func (o GetAccessCredentialsResultOutput) MaxCredValidationSeconds() pulumi.IntPtrOutput

func (GetAccessCredentialsResultOutput) Namespace added in v5.7.0 

func (o GetAccessCredentialsResultOutput) Namespace() pulumi.StringPtrOutput

func (GetAccessCredentialsResultOutput) NumSecondsBetweenTests 

func (o GetAccessCredentialsResultOutput) NumSecondsBetweenTests() pulumi.IntPtrOutput

func (GetAccessCredentialsResultOutput) NumSequentialSuccesses 

func (o GetAccessCredentialsResultOutput) NumSequentialSuccesses() pulumi.IntPtrOutput

func (GetAccessCredentialsResultOutput) Role 

func (o GetAccessCredentialsResultOutput) Role() pulumi.StringOutput

func (GetAccessCredentialsResultOutput) SubscriptionId added in v5.4.0 

func (o GetAccessCredentialsResultOutput) SubscriptionId() pulumi.StringPtrOutput

func (GetAccessCredentialsResultOutput) TenantId added in v5.4.0 

func (o GetAccessCredentialsResultOutput) TenantId() pulumi.StringPtrOutput

func (GetAccessCredentialsResultOutput) ToGetAccessCredentialsResultOutput 

func (o GetAccessCredentialsResultOutput) ToGetAccessCredentialsResultOutput() GetAccessCredentialsResultOutput

func (GetAccessCredentialsResultOutput) ToGetAccessCredentialsResultOutputWithContext 

func (o GetAccessCredentialsResultOutput) ToGetAccessCredentialsResultOutputWithContext(ctx context.Context) GetAccessCredentialsResultOutput

func (GetAccessCredentialsResultOutput) ValidateCreds 

func (o GetAccessCredentialsResultOutput) ValidateCreds() pulumi.BoolPtrOutput

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.