kmip

package
v5.20.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 20, 2024 License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type SecretBackend 

type SecretBackend struct {
	pulumi.CustomResourceState

	// Client certificate key bits, valid values depend on key type.
	DefaultTlsClientKeyBits pulumi.IntOutput `pulumi:"defaultTlsClientKeyBits"`
	// Client certificate key type, `rsa` or `ec`.
	DefaultTlsClientKeyType pulumi.StringOutput `pulumi:"defaultTlsClientKeyType"`
	// Client certificate TTL in seconds
	DefaultTlsClientTtl pulumi.IntOutput `pulumi:"defaultTlsClientTtl"`
	// A human-friendly description for this backend.
	Description pulumi.StringPtrOutput `pulumi:"description"`
	// If set, opts out of mount migration on path updates.
	// See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
	DisableRemount pulumi.BoolPtrOutput `pulumi:"disableRemount"`
	// Addresses the KMIP server should listen on (`host:port`).
	ListenAddrs pulumi.StringArrayOutput `pulumi:"listenAddrs"`
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrOutput `pulumi:"namespace"`
	// The unique path this backend should be mounted at. Must
	// not begin or end with a `/`. Defaults to `kmip`.
	Path pulumi.StringOutput `pulumi:"path"`
	// Hostnames to include in the server's TLS certificate as SAN DNS names. The first will be used as the common name (CN).
	ServerHostnames pulumi.StringArrayOutput `pulumi:"serverHostnames"`
	// IPs to include in the server's TLS certificate as SAN IP addresses.
	ServerIps pulumi.StringArrayOutput `pulumi:"serverIps"`
	// CA key bits, valid values depend on key type.
	TlsCaKeyBits pulumi.IntOutput `pulumi:"tlsCaKeyBits"`
	// CA key type, rsa or ec.
	TlsCaKeyType pulumi.StringOutput `pulumi:"tlsCaKeyType"`
	// Minimum TLS version to accept.
	TlsMinVersion pulumi.StringOutput `pulumi:"tlsMinVersion"`
}

Manages KMIP Secret backends in a Vault server. This feature requires Vault Enterprise. See the [Vault documentation](https://www.vaultproject.io/docs/secrets/kmip) for more information.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-vault/sdk/v5/go/vault/kmip"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := kmip.NewSecretBackend(ctx, "default", &kmip.SecretBackendArgs{
			DefaultTlsClientKeyBits: pulumi.Int(4096),
			DefaultTlsClientKeyType: pulumi.String("rsa"),
			DefaultTlsClientTtl:     pulumi.Int(86400),
			Description:             pulumi.String("Vault KMIP backend"),
			ListenAddrs: pulumi.StringArray{
				pulumi.String("127.0.0.1:5696"),
				pulumi.String("127.0.0.1:8080"),
			},
			Path:         pulumi.String("kmip"),
			TlsCaKeyBits: pulumi.Int(4096),
			TlsCaKeyType: pulumi.String("rsa"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

KMIP Secret backend can be imported using the `path`, e.g.

```sh 

$ pulumi import vault:kmip/secretBackend:SecretBackend default kmip

```

func GetSecretBackend 

func GetSecretBackend(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *SecretBackendState, opts ...pulumi.ResourceOption) (*SecretBackend, error)

GetSecretBackend gets an existing SecretBackend resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewSecretBackend 

func NewSecretBackend(ctx *pulumi.Context,
	name string, args *SecretBackendArgs, opts ...pulumi.ResourceOption) (*SecretBackend, error)

NewSecretBackend registers a new resource with the given unique name, arguments, and options.

func (*SecretBackend) ElementType 

func (*SecretBackend) ElementType() reflect.Type

func (*SecretBackend) ToSecretBackendOutput 

func (i *SecretBackend) ToSecretBackendOutput() SecretBackendOutput

func (*SecretBackend) ToSecretBackendOutputWithContext 

func (i *SecretBackend) ToSecretBackendOutputWithContext(ctx context.Context) SecretBackendOutput

type SecretBackendArgs 

type SecretBackendArgs struct {
	// Client certificate key bits, valid values depend on key type.
	DefaultTlsClientKeyBits pulumi.IntPtrInput
	// Client certificate key type, `rsa` or `ec`.
	DefaultTlsClientKeyType pulumi.StringPtrInput
	// Client certificate TTL in seconds
	DefaultTlsClientTtl pulumi.IntPtrInput
	// A human-friendly description for this backend.
	Description pulumi.StringPtrInput
	// If set, opts out of mount migration on path updates.
	// See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
	DisableRemount pulumi.BoolPtrInput
	// Addresses the KMIP server should listen on (`host:port`).
	ListenAddrs pulumi.StringArrayInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// The unique path this backend should be mounted at. Must
	// not begin or end with a `/`. Defaults to `kmip`.
	Path pulumi.StringInput
	// Hostnames to include in the server's TLS certificate as SAN DNS names. The first will be used as the common name (CN).
	ServerHostnames pulumi.StringArrayInput
	// IPs to include in the server's TLS certificate as SAN IP addresses.
	ServerIps pulumi.StringArrayInput
	// CA key bits, valid values depend on key type.
	TlsCaKeyBits pulumi.IntPtrInput
	// CA key type, rsa or ec.
	TlsCaKeyType pulumi.StringPtrInput
	// Minimum TLS version to accept.
	TlsMinVersion pulumi.StringPtrInput
}

The set of arguments for constructing a SecretBackend resource.

func (SecretBackendArgs) ElementType 

func (SecretBackendArgs) ElementType() reflect.Type

type SecretBackendArray 

type SecretBackendArray []SecretBackendInput

func (SecretBackendArray) ElementType 

func (SecretBackendArray) ElementType() reflect.Type

func (SecretBackendArray) ToSecretBackendArrayOutput 

func (i SecretBackendArray) ToSecretBackendArrayOutput() SecretBackendArrayOutput

func (SecretBackendArray) ToSecretBackendArrayOutputWithContext 

func (i SecretBackendArray) ToSecretBackendArrayOutputWithContext(ctx context.Context) SecretBackendArrayOutput

type SecretBackendArrayInput 

type SecretBackendArrayInput interface {
	pulumi.Input

	ToSecretBackendArrayOutput() SecretBackendArrayOutput
	ToSecretBackendArrayOutputWithContext(context.Context) SecretBackendArrayOutput
}

SecretBackendArrayInput is an input type that accepts SecretBackendArray and SecretBackendArrayOutput values. You can construct a concrete instance of `SecretBackendArrayInput` via: 

SecretBackendArray{ SecretBackendArgs{...} }

type SecretBackendArrayOutput 

type SecretBackendArrayOutput struct{ *pulumi.OutputState }

func (SecretBackendArrayOutput) ElementType 

func (SecretBackendArrayOutput) ElementType() reflect.Type

func (SecretBackendArrayOutput) Index 

func (o SecretBackendArrayOutput) Index(i pulumi.IntInput) SecretBackendOutput

func (SecretBackendArrayOutput) ToSecretBackendArrayOutput 

func (o SecretBackendArrayOutput) ToSecretBackendArrayOutput() SecretBackendArrayOutput

func (SecretBackendArrayOutput) ToSecretBackendArrayOutputWithContext 

func (o SecretBackendArrayOutput) ToSecretBackendArrayOutputWithContext(ctx context.Context) SecretBackendArrayOutput

type SecretBackendInput 

type SecretBackendInput interface {
	pulumi.Input

	ToSecretBackendOutput() SecretBackendOutput
	ToSecretBackendOutputWithContext(ctx context.Context) SecretBackendOutput
}

type SecretBackendMap 

type SecretBackendMap map[string]SecretBackendInput

func (SecretBackendMap) ElementType 

func (SecretBackendMap) ElementType() reflect.Type

func (SecretBackendMap) ToSecretBackendMapOutput 

func (i SecretBackendMap) ToSecretBackendMapOutput() SecretBackendMapOutput

func (SecretBackendMap) ToSecretBackendMapOutputWithContext 

func (i SecretBackendMap) ToSecretBackendMapOutputWithContext(ctx context.Context) SecretBackendMapOutput

type SecretBackendMapInput 

type SecretBackendMapInput interface {
	pulumi.Input

	ToSecretBackendMapOutput() SecretBackendMapOutput
	ToSecretBackendMapOutputWithContext(context.Context) SecretBackendMapOutput
}

SecretBackendMapInput is an input type that accepts SecretBackendMap and SecretBackendMapOutput values. You can construct a concrete instance of `SecretBackendMapInput` via: 

SecretBackendMap{ "key": SecretBackendArgs{...} }

type SecretBackendMapOutput 

type SecretBackendMapOutput struct{ *pulumi.OutputState }

func (SecretBackendMapOutput) ElementType 

func (SecretBackendMapOutput) ElementType() reflect.Type

func (SecretBackendMapOutput) MapIndex 

func (o SecretBackendMapOutput) MapIndex(k pulumi.StringInput) SecretBackendOutput

func (SecretBackendMapOutput) ToSecretBackendMapOutput 

func (o SecretBackendMapOutput) ToSecretBackendMapOutput() SecretBackendMapOutput

func (SecretBackendMapOutput) ToSecretBackendMapOutputWithContext 

func (o SecretBackendMapOutput) ToSecretBackendMapOutputWithContext(ctx context.Context) SecretBackendMapOutput

type SecretBackendOutput 

type SecretBackendOutput struct{ *pulumi.OutputState }

func (SecretBackendOutput) DefaultTlsClientKeyBits added in v5.6.0 

func (o SecretBackendOutput) DefaultTlsClientKeyBits() pulumi.IntOutput

Client certificate key bits, valid values depend on key type.

func (SecretBackendOutput) DefaultTlsClientKeyType added in v5.6.0 

func (o SecretBackendOutput) DefaultTlsClientKeyType() pulumi.StringOutput

Client certificate key type, `rsa` or `ec`.

func (SecretBackendOutput) DefaultTlsClientTtl added in v5.6.0 

func (o SecretBackendOutput) DefaultTlsClientTtl() pulumi.IntOutput

Client certificate TTL in seconds

func (SecretBackendOutput) Description added in v5.6.0 

func (o SecretBackendOutput) Description() pulumi.StringPtrOutput

A human-friendly description for this backend.

func (SecretBackendOutput) DisableRemount added in v5.7.0 

func (o SecretBackendOutput) DisableRemount() pulumi.BoolPtrOutput

If set, opts out of mount migration on path updates. See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)

func (SecretBackendOutput) ElementType 

func (SecretBackendOutput) ElementType() reflect.Type

func (SecretBackendOutput) ListenAddrs added in v5.6.0 

func (o SecretBackendOutput) ListenAddrs() pulumi.StringArrayOutput

Addresses the KMIP server should listen on (`host:port`).

func (SecretBackendOutput) Namespace added in v5.7.0 

func (o SecretBackendOutput) Namespace() pulumi.StringPtrOutput

The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). *Available only for Vault Enterprise*.

func (SecretBackendOutput) Path added in v5.6.0 

func (o SecretBackendOutput) Path() pulumi.StringOutput

The unique path this backend should be mounted at. Must not begin or end with a `/`. Defaults to `kmip`.

func (SecretBackendOutput) ServerHostnames added in v5.6.0 

func (o SecretBackendOutput) ServerHostnames() pulumi.StringArrayOutput

Hostnames to include in the server's TLS certificate as SAN DNS names. The first will be used as the common name (CN).

func (SecretBackendOutput) ServerIps added in v5.6.0 

func (o SecretBackendOutput) ServerIps() pulumi.StringArrayOutput

IPs to include in the server's TLS certificate as SAN IP addresses.

func (SecretBackendOutput) TlsCaKeyBits added in v5.6.0 

func (o SecretBackendOutput) TlsCaKeyBits() pulumi.IntOutput

CA key bits, valid values depend on key type.

func (SecretBackendOutput) TlsCaKeyType added in v5.6.0 

func (o SecretBackendOutput) TlsCaKeyType() pulumi.StringOutput

CA key type, rsa or ec.

func (SecretBackendOutput) TlsMinVersion added in v5.6.0 

func (o SecretBackendOutput) TlsMinVersion() pulumi.StringOutput

Minimum TLS version to accept.

func (SecretBackendOutput) ToSecretBackendOutput 

func (o SecretBackendOutput) ToSecretBackendOutput() SecretBackendOutput

func (SecretBackendOutput) ToSecretBackendOutputWithContext 

func (o SecretBackendOutput) ToSecretBackendOutputWithContext(ctx context.Context) SecretBackendOutput

type SecretBackendState 

type SecretBackendState struct {
	// Client certificate key bits, valid values depend on key type.
	DefaultTlsClientKeyBits pulumi.IntPtrInput
	// Client certificate key type, `rsa` or `ec`.
	DefaultTlsClientKeyType pulumi.StringPtrInput
	// Client certificate TTL in seconds
	DefaultTlsClientTtl pulumi.IntPtrInput
	// A human-friendly description for this backend.
	Description pulumi.StringPtrInput
	// If set, opts out of mount migration on path updates.
	// See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
	DisableRemount pulumi.BoolPtrInput
	// Addresses the KMIP server should listen on (`host:port`).
	ListenAddrs pulumi.StringArrayInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// The unique path this backend should be mounted at. Must
	// not begin or end with a `/`. Defaults to `kmip`.
	Path pulumi.StringPtrInput
	// Hostnames to include in the server's TLS certificate as SAN DNS names. The first will be used as the common name (CN).
	ServerHostnames pulumi.StringArrayInput
	// IPs to include in the server's TLS certificate as SAN IP addresses.
	ServerIps pulumi.StringArrayInput
	// CA key bits, valid values depend on key type.
	TlsCaKeyBits pulumi.IntPtrInput
	// CA key type, rsa or ec.
	TlsCaKeyType pulumi.StringPtrInput
	// Minimum TLS version to accept.
	TlsMinVersion pulumi.StringPtrInput
}

func (SecretBackendState) ElementType 

func (SecretBackendState) ElementType() reflect.Type

type SecretRole 

type SecretRole struct {
	pulumi.CustomResourceState

	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrOutput `pulumi:"namespace"`
	// Grant permission to use the KMIP Activate operation.
	OperationActivate pulumi.BoolOutput `pulumi:"operationActivate"`
	// Grant permission to use the KMIP Add Attribute operation.
	OperationAddAttribute pulumi.BoolOutput `pulumi:"operationAddAttribute"`
	// Grant all permissions to this role. May not be specified with any other `operation_*` params.
	OperationAll pulumi.BoolOutput `pulumi:"operationAll"`
	// Grant permission to use the KMIP Create operation.
	OperationCreate pulumi.BoolOutput `pulumi:"operationCreate"`
	// Grant permission to use the KMIP Destroy operation.
	OperationDestroy pulumi.BoolOutput `pulumi:"operationDestroy"`
	// Grant permission to use the KMIP Discover Version operation.
	OperationDiscoverVersions pulumi.BoolOutput `pulumi:"operationDiscoverVersions"`
	// Grant permission to use the KMIP Get operation.
	OperationGet pulumi.BoolOutput `pulumi:"operationGet"`
	// Grant permission to use the KMIP Get Atrribute List operation.
	OperationGetAttributeList pulumi.BoolOutput `pulumi:"operationGetAttributeList"`
	// Grant permission to use the KMIP Get Atrributes operation.
	OperationGetAttributes pulumi.BoolOutput `pulumi:"operationGetAttributes"`
	// Grant permission to use the KMIP Get Locate operation.
	OperationLocate pulumi.BoolOutput `pulumi:"operationLocate"`
	// Remove all permissions from this role. May not be specified with any other `operation_*` params.
	OperationNone pulumi.BoolOutput `pulumi:"operationNone"`
	// Grant permission to use the KMIP Register operation.
	OperationRegister pulumi.BoolOutput `pulumi:"operationRegister"`
	// Grant permission to use the KMIP Rekey operation.
	OperationRekey pulumi.BoolOutput `pulumi:"operationRekey"`
	// Grant permission to use the KMIP Revoke operation.
	OperationRevoke pulumi.BoolOutput `pulumi:"operationRevoke"`
	// The unique path this backend should be mounted at. Must
	// not begin or end with a `/`. Defaults to `kmip`.
	Path pulumi.StringOutput `pulumi:"path"`
	// Name of the role.
	Role pulumi.StringOutput `pulumi:"role"`
	// Name of the scope.
	Scope pulumi.StringOutput `pulumi:"scope"`
	// Client certificate key bits, valid values depend on key type.
	TlsClientKeyBits pulumi.IntPtrOutput `pulumi:"tlsClientKeyBits"`
	// Client certificate key type, `rsa` or `ec`.
	TlsClientKeyType pulumi.StringPtrOutput `pulumi:"tlsClientKeyType"`
	// Client certificate TTL in seconds.
	TlsClientTtl pulumi.IntPtrOutput `pulumi:"tlsClientTtl"`
}

Manages KMIP Secret roles in a Vault server. This feature requires Vault Enterprise. See the [Vault documentation](https://www.vaultproject.io/docs/secrets/kmip) for more information.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-vault/sdk/v5/go/vault/kmip"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := kmip.NewSecretBackend(ctx, "default", &kmip.SecretBackendArgs{
			Path:        pulumi.String("kmip"),
			Description: pulumi.String("Vault KMIP backend"),
		})
		if err != nil {
			return err
		}
		dev, err := kmip.NewSecretScope(ctx, "dev", &kmip.SecretScopeArgs{
			Path:  _default.Path,
			Scope: pulumi.String("dev"),
			Force: pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		_, err = kmip.NewSecretRole(ctx, "admin", &kmip.SecretRoleArgs{
			Path:                   dev.Path,
			Scope:                  dev.Scope,
			Role:                   pulumi.String("admin"),
			TlsClientKeyType:       pulumi.String("ec"),
			TlsClientKeyBits:       pulumi.Int(256),
			OperationActivate:      pulumi.Bool(true),
			OperationGet:           pulumi.Bool(true),
			OperationGetAttributes: pulumi.Bool(true),
			OperationCreate:        pulumi.Bool(true),
			OperationDestroy:       pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

KMIP Secret role can be imported using the `path`, e.g.

```sh 

$ pulumi import vault:kmip/secretRole:SecretRole admin kmip

```

func GetSecretRole 

func GetSecretRole(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *SecretRoleState, opts ...pulumi.ResourceOption) (*SecretRole, error)

GetSecretRole gets an existing SecretRole resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewSecretRole 

func NewSecretRole(ctx *pulumi.Context,
	name string, args *SecretRoleArgs, opts ...pulumi.ResourceOption) (*SecretRole, error)

NewSecretRole registers a new resource with the given unique name, arguments, and options.

func (*SecretRole) ElementType 

func (*SecretRole) ElementType() reflect.Type

func (*SecretRole) ToSecretRoleOutput 

func (i *SecretRole) ToSecretRoleOutput() SecretRoleOutput

func (*SecretRole) ToSecretRoleOutputWithContext 

func (i *SecretRole) ToSecretRoleOutputWithContext(ctx context.Context) SecretRoleOutput

type SecretRoleArgs 

type SecretRoleArgs struct {
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// Grant permission to use the KMIP Activate operation.
	OperationActivate pulumi.BoolPtrInput
	// Grant permission to use the KMIP Add Attribute operation.
	OperationAddAttribute pulumi.BoolPtrInput
	// Grant all permissions to this role. May not be specified with any other `operation_*` params.
	OperationAll pulumi.BoolPtrInput
	// Grant permission to use the KMIP Create operation.
	OperationCreate pulumi.BoolPtrInput
	// Grant permission to use the KMIP Destroy operation.
	OperationDestroy pulumi.BoolPtrInput
	// Grant permission to use the KMIP Discover Version operation.
	OperationDiscoverVersions pulumi.BoolPtrInput
	// Grant permission to use the KMIP Get operation.
	OperationGet pulumi.BoolPtrInput
	// Grant permission to use the KMIP Get Atrribute List operation.
	OperationGetAttributeList pulumi.BoolPtrInput
	// Grant permission to use the KMIP Get Atrributes operation.
	OperationGetAttributes pulumi.BoolPtrInput
	// Grant permission to use the KMIP Get Locate operation.
	OperationLocate pulumi.BoolPtrInput
	// Remove all permissions from this role. May not be specified with any other `operation_*` params.
	OperationNone pulumi.BoolPtrInput
	// Grant permission to use the KMIP Register operation.
	OperationRegister pulumi.BoolPtrInput
	// Grant permission to use the KMIP Rekey operation.
	OperationRekey pulumi.BoolPtrInput
	// Grant permission to use the KMIP Revoke operation.
	OperationRevoke pulumi.BoolPtrInput
	// The unique path this backend should be mounted at. Must
	// not begin or end with a `/`. Defaults to `kmip`.
	Path pulumi.StringInput
	// Name of the role.
	Role pulumi.StringInput
	// Name of the scope.
	Scope pulumi.StringInput
	// Client certificate key bits, valid values depend on key type.
	TlsClientKeyBits pulumi.IntPtrInput
	// Client certificate key type, `rsa` or `ec`.
	TlsClientKeyType pulumi.StringPtrInput
	// Client certificate TTL in seconds.
	TlsClientTtl pulumi.IntPtrInput
}

The set of arguments for constructing a SecretRole resource.

func (SecretRoleArgs) ElementType 

func (SecretRoleArgs) ElementType() reflect.Type

type SecretRoleArray 

type SecretRoleArray []SecretRoleInput

func (SecretRoleArray) ElementType 

func (SecretRoleArray) ElementType() reflect.Type

func (SecretRoleArray) ToSecretRoleArrayOutput 

func (i SecretRoleArray) ToSecretRoleArrayOutput() SecretRoleArrayOutput

func (SecretRoleArray) ToSecretRoleArrayOutputWithContext 

func (i SecretRoleArray) ToSecretRoleArrayOutputWithContext(ctx context.Context) SecretRoleArrayOutput

type SecretRoleArrayInput 

type SecretRoleArrayInput interface {
	pulumi.Input

	ToSecretRoleArrayOutput() SecretRoleArrayOutput
	ToSecretRoleArrayOutputWithContext(context.Context) SecretRoleArrayOutput
}

SecretRoleArrayInput is an input type that accepts SecretRoleArray and SecretRoleArrayOutput values. You can construct a concrete instance of `SecretRoleArrayInput` via: 

SecretRoleArray{ SecretRoleArgs{...} }

type SecretRoleArrayOutput 

type SecretRoleArrayOutput struct{ *pulumi.OutputState }

func (SecretRoleArrayOutput) ElementType 

func (SecretRoleArrayOutput) ElementType() reflect.Type

func (SecretRoleArrayOutput) Index 

func (o SecretRoleArrayOutput) Index(i pulumi.IntInput) SecretRoleOutput

func (SecretRoleArrayOutput) ToSecretRoleArrayOutput 

func (o SecretRoleArrayOutput) ToSecretRoleArrayOutput() SecretRoleArrayOutput

func (SecretRoleArrayOutput) ToSecretRoleArrayOutputWithContext 

func (o SecretRoleArrayOutput) ToSecretRoleArrayOutputWithContext(ctx context.Context) SecretRoleArrayOutput

type SecretRoleInput 

type SecretRoleInput interface {
	pulumi.Input

	ToSecretRoleOutput() SecretRoleOutput
	ToSecretRoleOutputWithContext(ctx context.Context) SecretRoleOutput
}

type SecretRoleMap 

type SecretRoleMap map[string]SecretRoleInput

func (SecretRoleMap) ElementType 

func (SecretRoleMap) ElementType() reflect.Type

func (SecretRoleMap) ToSecretRoleMapOutput 

func (i SecretRoleMap) ToSecretRoleMapOutput() SecretRoleMapOutput

func (SecretRoleMap) ToSecretRoleMapOutputWithContext 

func (i SecretRoleMap) ToSecretRoleMapOutputWithContext(ctx context.Context) SecretRoleMapOutput

type SecretRoleMapInput 

type SecretRoleMapInput interface {
	pulumi.Input

	ToSecretRoleMapOutput() SecretRoleMapOutput
	ToSecretRoleMapOutputWithContext(context.Context) SecretRoleMapOutput
}

SecretRoleMapInput is an input type that accepts SecretRoleMap and SecretRoleMapOutput values. You can construct a concrete instance of `SecretRoleMapInput` via: 

SecretRoleMap{ "key": SecretRoleArgs{...} }

type SecretRoleMapOutput 

type SecretRoleMapOutput struct{ *pulumi.OutputState }

func (SecretRoleMapOutput) ElementType 

func (SecretRoleMapOutput) ElementType() reflect.Type

func (SecretRoleMapOutput) MapIndex 

func (o SecretRoleMapOutput) MapIndex(k pulumi.StringInput) SecretRoleOutput

func (SecretRoleMapOutput) ToSecretRoleMapOutput 

func (o SecretRoleMapOutput) ToSecretRoleMapOutput() SecretRoleMapOutput

func (SecretRoleMapOutput) ToSecretRoleMapOutputWithContext 

func (o SecretRoleMapOutput) ToSecretRoleMapOutputWithContext(ctx context.Context) SecretRoleMapOutput

type SecretRoleOutput 

type SecretRoleOutput struct{ *pulumi.OutputState }

func (SecretRoleOutput) ElementType 

func (SecretRoleOutput) ElementType() reflect.Type

func (SecretRoleOutput) Namespace added in v5.7.0 

func (o SecretRoleOutput) Namespace() pulumi.StringPtrOutput

The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). *Available only for Vault Enterprise*.

func (SecretRoleOutput) OperationActivate added in v5.6.0 

func (o SecretRoleOutput) OperationActivate() pulumi.BoolOutput

Grant permission to use the KMIP Activate operation.

func (SecretRoleOutput) OperationAddAttribute added in v5.6.0 

func (o SecretRoleOutput) OperationAddAttribute() pulumi.BoolOutput

Grant permission to use the KMIP Add Attribute operation.

func (SecretRoleOutput) OperationAll added in v5.6.0 

func (o SecretRoleOutput) OperationAll() pulumi.BoolOutput

Grant all permissions to this role. May not be specified with any other `operation_*` params.

func (SecretRoleOutput) OperationCreate added in v5.6.0 

func (o SecretRoleOutput) OperationCreate() pulumi.BoolOutput

Grant permission to use the KMIP Create operation.

func (SecretRoleOutput) OperationDestroy added in v5.6.0 

func (o SecretRoleOutput) OperationDestroy() pulumi.BoolOutput

Grant permission to use the KMIP Destroy operation.

func (SecretRoleOutput) OperationDiscoverVersions added in v5.6.0 

func (o SecretRoleOutput) OperationDiscoverVersions() pulumi.BoolOutput

Grant permission to use the KMIP Discover Version operation.

func (SecretRoleOutput) OperationGet added in v5.6.0 

func (o SecretRoleOutput) OperationGet() pulumi.BoolOutput

Grant permission to use the KMIP Get operation.

func (SecretRoleOutput) OperationGetAttributeList added in v5.6.0 

func (o SecretRoleOutput) OperationGetAttributeList() pulumi.BoolOutput

Grant permission to use the KMIP Get Atrribute List operation.

func (SecretRoleOutput) OperationGetAttributes added in v5.6.0 

func (o SecretRoleOutput) OperationGetAttributes() pulumi.BoolOutput

Grant permission to use the KMIP Get Atrributes operation.

func (SecretRoleOutput) OperationLocate added in v5.6.0 

func (o SecretRoleOutput) OperationLocate() pulumi.BoolOutput

Grant permission to use the KMIP Get Locate operation.

func (SecretRoleOutput) OperationNone added in v5.6.0 

func (o SecretRoleOutput) OperationNone() pulumi.BoolOutput

Remove all permissions from this role. May not be specified with any other `operation_*` params.

func (SecretRoleOutput) OperationRegister added in v5.6.0 

func (o SecretRoleOutput) OperationRegister() pulumi.BoolOutput

Grant permission to use the KMIP Register operation.

func (SecretRoleOutput) OperationRekey added in v5.6.0 

func (o SecretRoleOutput) OperationRekey() pulumi.BoolOutput

Grant permission to use the KMIP Rekey operation.

func (SecretRoleOutput) OperationRevoke added in v5.6.0 

func (o SecretRoleOutput) OperationRevoke() pulumi.BoolOutput

Grant permission to use the KMIP Revoke operation.

func (SecretRoleOutput) Path added in v5.6.0 

func (o SecretRoleOutput) Path() pulumi.StringOutput

The unique path this backend should be mounted at. Must not begin or end with a `/`. Defaults to `kmip`.

func (SecretRoleOutput) Role added in v5.6.0 

func (o SecretRoleOutput) Role() pulumi.StringOutput

Name of the role.

func (SecretRoleOutput) Scope added in v5.6.0 

func (o SecretRoleOutput) Scope() pulumi.StringOutput

Name of the scope.

func (SecretRoleOutput) TlsClientKeyBits added in v5.6.0 

func (o SecretRoleOutput) TlsClientKeyBits() pulumi.IntPtrOutput

Client certificate key bits, valid values depend on key type.

func (SecretRoleOutput) TlsClientKeyType added in v5.6.0 

func (o SecretRoleOutput) TlsClientKeyType() pulumi.StringPtrOutput

Client certificate key type, `rsa` or `ec`.

func (SecretRoleOutput) TlsClientTtl added in v5.6.0 

func (o SecretRoleOutput) TlsClientTtl() pulumi.IntPtrOutput

Client certificate TTL in seconds.

func (SecretRoleOutput) ToSecretRoleOutput 

func (o SecretRoleOutput) ToSecretRoleOutput() SecretRoleOutput

func (SecretRoleOutput) ToSecretRoleOutputWithContext 

func (o SecretRoleOutput) ToSecretRoleOutputWithContext(ctx context.Context) SecretRoleOutput

type SecretRoleState 

type SecretRoleState struct {
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// Grant permission to use the KMIP Activate operation.
	OperationActivate pulumi.BoolPtrInput
	// Grant permission to use the KMIP Add Attribute operation.
	OperationAddAttribute pulumi.BoolPtrInput
	// Grant all permissions to this role. May not be specified with any other `operation_*` params.
	OperationAll pulumi.BoolPtrInput
	// Grant permission to use the KMIP Create operation.
	OperationCreate pulumi.BoolPtrInput
	// Grant permission to use the KMIP Destroy operation.
	OperationDestroy pulumi.BoolPtrInput
	// Grant permission to use the KMIP Discover Version operation.
	OperationDiscoverVersions pulumi.BoolPtrInput
	// Grant permission to use the KMIP Get operation.
	OperationGet pulumi.BoolPtrInput
	// Grant permission to use the KMIP Get Atrribute List operation.
	OperationGetAttributeList pulumi.BoolPtrInput
	// Grant permission to use the KMIP Get Atrributes operation.
	OperationGetAttributes pulumi.BoolPtrInput
	// Grant permission to use the KMIP Get Locate operation.
	OperationLocate pulumi.BoolPtrInput
	// Remove all permissions from this role. May not be specified with any other `operation_*` params.
	OperationNone pulumi.BoolPtrInput
	// Grant permission to use the KMIP Register operation.
	OperationRegister pulumi.BoolPtrInput
	// Grant permission to use the KMIP Rekey operation.
	OperationRekey pulumi.BoolPtrInput
	// Grant permission to use the KMIP Revoke operation.
	OperationRevoke pulumi.BoolPtrInput
	// The unique path this backend should be mounted at. Must
	// not begin or end with a `/`. Defaults to `kmip`.
	Path pulumi.StringPtrInput
	// Name of the role.
	Role pulumi.StringPtrInput
	// Name of the scope.
	Scope pulumi.StringPtrInput
	// Client certificate key bits, valid values depend on key type.
	TlsClientKeyBits pulumi.IntPtrInput
	// Client certificate key type, `rsa` or `ec`.
	TlsClientKeyType pulumi.StringPtrInput
	// Client certificate TTL in seconds.
	TlsClientTtl pulumi.IntPtrInput
}

func (SecretRoleState) ElementType 

func (SecretRoleState) ElementType() reflect.Type

type SecretScope 

type SecretScope struct {
	pulumi.CustomResourceState

	// Boolean field to force deletion even if there are managed objects in the scope.
	Force pulumi.BoolPtrOutput `pulumi:"force"`
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrOutput `pulumi:"namespace"`
	// The unique path this backend should be mounted at. Must
	// not begin or end with a `/`. Defaults to `kmip`.
	Path pulumi.StringOutput `pulumi:"path"`
	// Name of the scope.
	Scope pulumi.StringOutput `pulumi:"scope"`
}

Manages KMIP Secret Scopes in a Vault server. This feature requires Vault Enterprise. See the [Vault documentation](https://www.vaultproject.io/docs/secrets/kmip) for more information.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-vault/sdk/v5/go/vault/kmip"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := kmip.NewSecretBackend(ctx, "default", &kmip.SecretBackendArgs{
			Path:        pulumi.String("kmip"),
			Description: pulumi.String("Vault KMIP backend"),
		})
		if err != nil {
			return err
		}
		_, err = kmip.NewSecretScope(ctx, "dev", &kmip.SecretScopeArgs{
			Path:  _default.Path,
			Scope: pulumi.String("dev"),
			Force: pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

KMIP Secret scope can be imported using the `path`, e.g.

```sh 

$ pulumi import vault:kmip/secretScope:SecretScope dev kmip

```

func GetSecretScope 

func GetSecretScope(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *SecretScopeState, opts ...pulumi.ResourceOption) (*SecretScope, error)

GetSecretScope gets an existing SecretScope resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewSecretScope 

func NewSecretScope(ctx *pulumi.Context,
	name string, args *SecretScopeArgs, opts ...pulumi.ResourceOption) (*SecretScope, error)

NewSecretScope registers a new resource with the given unique name, arguments, and options.

func (*SecretScope) ElementType 

func (*SecretScope) ElementType() reflect.Type

func (*SecretScope) ToSecretScopeOutput 

func (i *SecretScope) ToSecretScopeOutput() SecretScopeOutput

func (*SecretScope) ToSecretScopeOutputWithContext 

func (i *SecretScope) ToSecretScopeOutputWithContext(ctx context.Context) SecretScopeOutput

type SecretScopeArgs 

type SecretScopeArgs struct {
	// Boolean field to force deletion even if there are managed objects in the scope.
	Force pulumi.BoolPtrInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// The unique path this backend should be mounted at. Must
	// not begin or end with a `/`. Defaults to `kmip`.
	Path pulumi.StringInput
	// Name of the scope.
	Scope pulumi.StringInput
}

The set of arguments for constructing a SecretScope resource.

func (SecretScopeArgs) ElementType 

func (SecretScopeArgs) ElementType() reflect.Type

type SecretScopeArray 

type SecretScopeArray []SecretScopeInput

func (SecretScopeArray) ElementType 

func (SecretScopeArray) ElementType() reflect.Type

func (SecretScopeArray) ToSecretScopeArrayOutput 

func (i SecretScopeArray) ToSecretScopeArrayOutput() SecretScopeArrayOutput

func (SecretScopeArray) ToSecretScopeArrayOutputWithContext 

func (i SecretScopeArray) ToSecretScopeArrayOutputWithContext(ctx context.Context) SecretScopeArrayOutput

type SecretScopeArrayInput 

type SecretScopeArrayInput interface {
	pulumi.Input

	ToSecretScopeArrayOutput() SecretScopeArrayOutput
	ToSecretScopeArrayOutputWithContext(context.Context) SecretScopeArrayOutput
}

SecretScopeArrayInput is an input type that accepts SecretScopeArray and SecretScopeArrayOutput values. You can construct a concrete instance of `SecretScopeArrayInput` via: 

SecretScopeArray{ SecretScopeArgs{...} }

type SecretScopeArrayOutput 

type SecretScopeArrayOutput struct{ *pulumi.OutputState }

func (SecretScopeArrayOutput) ElementType 

func (SecretScopeArrayOutput) ElementType() reflect.Type

func (SecretScopeArrayOutput) Index 

func (o SecretScopeArrayOutput) Index(i pulumi.IntInput) SecretScopeOutput

func (SecretScopeArrayOutput) ToSecretScopeArrayOutput 

func (o SecretScopeArrayOutput) ToSecretScopeArrayOutput() SecretScopeArrayOutput

func (SecretScopeArrayOutput) ToSecretScopeArrayOutputWithContext 

func (o SecretScopeArrayOutput) ToSecretScopeArrayOutputWithContext(ctx context.Context) SecretScopeArrayOutput

type SecretScopeInput 

type SecretScopeInput interface {
	pulumi.Input

	ToSecretScopeOutput() SecretScopeOutput
	ToSecretScopeOutputWithContext(ctx context.Context) SecretScopeOutput
}

type SecretScopeMap 

type SecretScopeMap map[string]SecretScopeInput

func (SecretScopeMap) ElementType 

func (SecretScopeMap) ElementType() reflect.Type

func (SecretScopeMap) ToSecretScopeMapOutput 

func (i SecretScopeMap) ToSecretScopeMapOutput() SecretScopeMapOutput

func (SecretScopeMap) ToSecretScopeMapOutputWithContext 

func (i SecretScopeMap) ToSecretScopeMapOutputWithContext(ctx context.Context) SecretScopeMapOutput

type SecretScopeMapInput 

type SecretScopeMapInput interface {
	pulumi.Input

	ToSecretScopeMapOutput() SecretScopeMapOutput
	ToSecretScopeMapOutputWithContext(context.Context) SecretScopeMapOutput
}

SecretScopeMapInput is an input type that accepts SecretScopeMap and SecretScopeMapOutput values. You can construct a concrete instance of `SecretScopeMapInput` via: 

SecretScopeMap{ "key": SecretScopeArgs{...} }

type SecretScopeMapOutput 

type SecretScopeMapOutput struct{ *pulumi.OutputState }

func (SecretScopeMapOutput) ElementType 

func (SecretScopeMapOutput) ElementType() reflect.Type

func (SecretScopeMapOutput) MapIndex 

func (o SecretScopeMapOutput) MapIndex(k pulumi.StringInput) SecretScopeOutput

func (SecretScopeMapOutput) ToSecretScopeMapOutput 

func (o SecretScopeMapOutput) ToSecretScopeMapOutput() SecretScopeMapOutput

func (SecretScopeMapOutput) ToSecretScopeMapOutputWithContext 

func (o SecretScopeMapOutput) ToSecretScopeMapOutputWithContext(ctx context.Context) SecretScopeMapOutput

type SecretScopeOutput 

type SecretScopeOutput struct{ *pulumi.OutputState }

func (SecretScopeOutput) ElementType 

func (SecretScopeOutput) ElementType() reflect.Type

func (SecretScopeOutput) Force added in v5.6.0 

func (o SecretScopeOutput) Force() pulumi.BoolPtrOutput

Boolean field to force deletion even if there are managed objects in the scope.

func (SecretScopeOutput) Namespace added in v5.7.0 

func (o SecretScopeOutput) Namespace() pulumi.StringPtrOutput

The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). *Available only for Vault Enterprise*.

func (SecretScopeOutput) Path added in v5.6.0 

func (o SecretScopeOutput) Path() pulumi.StringOutput

The unique path this backend should be mounted at. Must not begin or end with a `/`. Defaults to `kmip`.

func (SecretScopeOutput) Scope added in v5.6.0 

func (o SecretScopeOutput) Scope() pulumi.StringOutput

Name of the scope.

func (SecretScopeOutput) ToSecretScopeOutput 

func (o SecretScopeOutput) ToSecretScopeOutput() SecretScopeOutput

func (SecretScopeOutput) ToSecretScopeOutputWithContext 

func (o SecretScopeOutput) ToSecretScopeOutputWithContext(ctx context.Context) SecretScopeOutput

type SecretScopeState 

type SecretScopeState struct {
	// Boolean field to force deletion even if there are managed objects in the scope.
	Force pulumi.BoolPtrInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// The unique path this backend should be mounted at. Must
	// not begin or end with a `/`. Defaults to `kmip`.
	Path pulumi.StringPtrInput
	// Name of the scope.
	Scope pulumi.StringPtrInput
}

func (SecretScopeState) ElementType 

func (SecretScopeState) ElementType() reflect.Type

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.