saml

package
v5.20.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 20, 2024 License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AuthBackend 

type AuthBackend struct {
	pulumi.CustomResourceState

	// The well-formatted URLs of your Assertion Consumer Service (ACS)
	// that should receive a response from the identity provider.
	AcsUrls pulumi.StringArrayOutput `pulumi:"acsUrls"`
	// The role to use if no role is provided during login.
	DefaultRole pulumi.StringPtrOutput `pulumi:"defaultRole"`
	// If set to `true`, opts out of mount migration on path updates.
	// See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
	DisableRemount pulumi.BoolPtrOutput `pulumi:"disableRemount"`
	// The entity ID of the SAML authentication service provider.
	EntityId pulumi.StringOutput `pulumi:"entityId"`
	// The PEM encoded certificate of the identity provider. Mutually exclusive
	// with `idpMetadataUrl`.
	IdpCert pulumi.StringPtrOutput `pulumi:"idpCert"`
	// The entity ID of the identity provider. Mutually exclusive with
	// `idpMetadataUrl`.
	IdpEntityId pulumi.StringPtrOutput `pulumi:"idpEntityId"`
	// The metadata URL of the identity provider.
	IdpMetadataUrl pulumi.StringPtrOutput `pulumi:"idpMetadataUrl"`
	// The SSO URL of the identity provider. Mutually exclusive with
	// `idpMetadataUrl`.
	IdpSsoUrl pulumi.StringPtrOutput `pulumi:"idpSsoUrl"`
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrOutput `pulumi:"namespace"`
	// Path where the auth backend will be mounted. Defaults to `auth/saml`
	// if not specified.
	Path pulumi.StringPtrOutput `pulumi:"path"`
	// If set to `true`, logs additional, potentially sensitive
	// information during the SAML exchange according to the current logging level. Not
	// recommended for production.
	VerboseLogging pulumi.BoolOutput `pulumi:"verboseLogging"`
}

Manages a SAML Auth mount in a Vault server. See the [Vault documentation](https://www.vaultproject.io/docs/auth/saml/) for more information.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-vault/sdk/v5/go/vault/saml"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := saml.NewAuthBackend(ctx, "test", &saml.AuthBackendArgs{
			AcsUrls: pulumi.StringArray{
				pulumi.String("https://my.vault.primary/v1/auth/saml/callback"),
			},
			DefaultRole:    pulumi.String("admin"),
			EntityId:       pulumi.String("https://my.vault/v1/auth/saml"),
			IdpMetadataUrl: pulumi.String("https://company.okta.com/app/abc123eb9xnIfzlaf697/sso/saml/metadata"),
			Path:           pulumi.String("saml"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

SAML authentication mounts can be imported using the `path`, e.g.

```sh 

$ pulumi import vault:saml/authBackend:AuthBackend example saml

```

func GetAuthBackend 

func GetAuthBackend(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AuthBackendState, opts ...pulumi.ResourceOption) (*AuthBackend, error)

GetAuthBackend gets an existing AuthBackend resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAuthBackend 

func NewAuthBackend(ctx *pulumi.Context,
	name string, args *AuthBackendArgs, opts ...pulumi.ResourceOption) (*AuthBackend, error)

NewAuthBackend registers a new resource with the given unique name, arguments, and options.

func (*AuthBackend) ElementType 

func (*AuthBackend) ElementType() reflect.Type

func (*AuthBackend) ToAuthBackendOutput 

func (i *AuthBackend) ToAuthBackendOutput() AuthBackendOutput

func (*AuthBackend) ToAuthBackendOutputWithContext 

func (i *AuthBackend) ToAuthBackendOutputWithContext(ctx context.Context) AuthBackendOutput

type AuthBackendArgs 

type AuthBackendArgs struct {
	// The well-formatted URLs of your Assertion Consumer Service (ACS)
	// that should receive a response from the identity provider.
	AcsUrls pulumi.StringArrayInput
	// The role to use if no role is provided during login.
	DefaultRole pulumi.StringPtrInput
	// If set to `true`, opts out of mount migration on path updates.
	// See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
	DisableRemount pulumi.BoolPtrInput
	// The entity ID of the SAML authentication service provider.
	EntityId pulumi.StringInput
	// The PEM encoded certificate of the identity provider. Mutually exclusive
	// with `idpMetadataUrl`.
	IdpCert pulumi.StringPtrInput
	// The entity ID of the identity provider. Mutually exclusive with
	// `idpMetadataUrl`.
	IdpEntityId pulumi.StringPtrInput
	// The metadata URL of the identity provider.
	IdpMetadataUrl pulumi.StringPtrInput
	// The SSO URL of the identity provider. Mutually exclusive with
	// `idpMetadataUrl`.
	IdpSsoUrl pulumi.StringPtrInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// Path where the auth backend will be mounted. Defaults to `auth/saml`
	// if not specified.
	Path pulumi.StringPtrInput
	// If set to `true`, logs additional, potentially sensitive
	// information during the SAML exchange according to the current logging level. Not
	// recommended for production.
	VerboseLogging pulumi.BoolPtrInput
}

The set of arguments for constructing a AuthBackend resource.

func (AuthBackendArgs) ElementType 

func (AuthBackendArgs) ElementType() reflect.Type

type AuthBackendArray 

type AuthBackendArray []AuthBackendInput

func (AuthBackendArray) ElementType 

func (AuthBackendArray) ElementType() reflect.Type

func (AuthBackendArray) ToAuthBackendArrayOutput 

func (i AuthBackendArray) ToAuthBackendArrayOutput() AuthBackendArrayOutput

func (AuthBackendArray) ToAuthBackendArrayOutputWithContext 

func (i AuthBackendArray) ToAuthBackendArrayOutputWithContext(ctx context.Context) AuthBackendArrayOutput

type AuthBackendArrayInput 

type AuthBackendArrayInput interface {
	pulumi.Input

	ToAuthBackendArrayOutput() AuthBackendArrayOutput
	ToAuthBackendArrayOutputWithContext(context.Context) AuthBackendArrayOutput
}

AuthBackendArrayInput is an input type that accepts AuthBackendArray and AuthBackendArrayOutput values. You can construct a concrete instance of `AuthBackendArrayInput` via: 

AuthBackendArray{ AuthBackendArgs{...} }

type AuthBackendArrayOutput 

type AuthBackendArrayOutput struct{ *pulumi.OutputState }

func (AuthBackendArrayOutput) ElementType 

func (AuthBackendArrayOutput) ElementType() reflect.Type

func (AuthBackendArrayOutput) Index 

func (o AuthBackendArrayOutput) Index(i pulumi.IntInput) AuthBackendOutput

func (AuthBackendArrayOutput) ToAuthBackendArrayOutput 

func (o AuthBackendArrayOutput) ToAuthBackendArrayOutput() AuthBackendArrayOutput

func (AuthBackendArrayOutput) ToAuthBackendArrayOutputWithContext 

func (o AuthBackendArrayOutput) ToAuthBackendArrayOutputWithContext(ctx context.Context) AuthBackendArrayOutput

type AuthBackendInput 

type AuthBackendInput interface {
	pulumi.Input

	ToAuthBackendOutput() AuthBackendOutput
	ToAuthBackendOutputWithContext(ctx context.Context) AuthBackendOutput
}

type AuthBackendMap 

type AuthBackendMap map[string]AuthBackendInput

func (AuthBackendMap) ElementType 

func (AuthBackendMap) ElementType() reflect.Type

func (AuthBackendMap) ToAuthBackendMapOutput 

func (i AuthBackendMap) ToAuthBackendMapOutput() AuthBackendMapOutput

func (AuthBackendMap) ToAuthBackendMapOutputWithContext 

func (i AuthBackendMap) ToAuthBackendMapOutputWithContext(ctx context.Context) AuthBackendMapOutput

type AuthBackendMapInput 

type AuthBackendMapInput interface {
	pulumi.Input

	ToAuthBackendMapOutput() AuthBackendMapOutput
	ToAuthBackendMapOutputWithContext(context.Context) AuthBackendMapOutput
}

AuthBackendMapInput is an input type that accepts AuthBackendMap and AuthBackendMapOutput values. You can construct a concrete instance of `AuthBackendMapInput` via: 

AuthBackendMap{ "key": AuthBackendArgs{...} }

type AuthBackendMapOutput 

type AuthBackendMapOutput struct{ *pulumi.OutputState }

func (AuthBackendMapOutput) ElementType 

func (AuthBackendMapOutput) ElementType() reflect.Type

func (AuthBackendMapOutput) MapIndex 

func (o AuthBackendMapOutput) MapIndex(k pulumi.StringInput) AuthBackendOutput

func (AuthBackendMapOutput) ToAuthBackendMapOutput 

func (o AuthBackendMapOutput) ToAuthBackendMapOutput() AuthBackendMapOutput

func (AuthBackendMapOutput) ToAuthBackendMapOutputWithContext 

func (o AuthBackendMapOutput) ToAuthBackendMapOutputWithContext(ctx context.Context) AuthBackendMapOutput

type AuthBackendOutput 

type AuthBackendOutput struct{ *pulumi.OutputState }

func (AuthBackendOutput) AcsUrls 

func (o AuthBackendOutput) AcsUrls() pulumi.StringArrayOutput

The well-formatted URLs of your Assertion Consumer Service (ACS) that should receive a response from the identity provider.

func (AuthBackendOutput) DefaultRole 

func (o AuthBackendOutput) DefaultRole() pulumi.StringPtrOutput

The role to use if no role is provided during login.

func (AuthBackendOutput) DisableRemount 

func (o AuthBackendOutput) DisableRemount() pulumi.BoolPtrOutput

If set to `true`, opts out of mount migration on path updates. See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)

func (AuthBackendOutput) ElementType 

func (AuthBackendOutput) ElementType() reflect.Type

func (AuthBackendOutput) EntityId 

func (o AuthBackendOutput) EntityId() pulumi.StringOutput

The entity ID of the SAML authentication service provider.

func (AuthBackendOutput) IdpCert 

func (o AuthBackendOutput) IdpCert() pulumi.StringPtrOutput

The PEM encoded certificate of the identity provider. Mutually exclusive with `idpMetadataUrl`.

func (AuthBackendOutput) IdpEntityId 

func (o AuthBackendOutput) IdpEntityId() pulumi.StringPtrOutput

The entity ID of the identity provider. Mutually exclusive with `idpMetadataUrl`.

func (AuthBackendOutput) IdpMetadataUrl 

func (o AuthBackendOutput) IdpMetadataUrl() pulumi.StringPtrOutput

The metadata URL of the identity provider.

func (AuthBackendOutput) IdpSsoUrl 

func (o AuthBackendOutput) IdpSsoUrl() pulumi.StringPtrOutput

The SSO URL of the identity provider. Mutually exclusive with `idpMetadataUrl`.

func (AuthBackendOutput) Namespace 

func (o AuthBackendOutput) Namespace() pulumi.StringPtrOutput

The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). *Available only for Vault Enterprise*.

func (AuthBackendOutput) Path 

func (o AuthBackendOutput) Path() pulumi.StringPtrOutput

Path where the auth backend will be mounted. Defaults to `auth/saml` if not specified.

func (AuthBackendOutput) ToAuthBackendOutput 

func (o AuthBackendOutput) ToAuthBackendOutput() AuthBackendOutput

func (AuthBackendOutput) ToAuthBackendOutputWithContext 

func (o AuthBackendOutput) ToAuthBackendOutputWithContext(ctx context.Context) AuthBackendOutput

func (AuthBackendOutput) VerboseLogging 

func (o AuthBackendOutput) VerboseLogging() pulumi.BoolOutput

If set to `true`, logs additional, potentially sensitive information during the SAML exchange according to the current logging level. Not recommended for production.

type AuthBackendRole 

type AuthBackendRole struct {
	pulumi.CustomResourceState

	// Mapping of attribute names to values that are expected to
	// exist in the SAML assertion.
	BoundAttributes pulumi.MapOutput `pulumi:"boundAttributes"`
	// The type of matching assertion to perform on
	// `boundAttributesType`.
	BoundAttributesType pulumi.StringOutput `pulumi:"boundAttributesType"`
	// List of subjects being asserted for SAML authentication.
	BoundSubjects pulumi.StringArrayOutput `pulumi:"boundSubjects"`
	// The type of matching assertion to perform on `boundSubjects`.
	BoundSubjectsType pulumi.StringOutput `pulumi:"boundSubjectsType"`
	// The attribute to use to identify the set of groups to which the
	// user belongs.
	GroupsAttribute pulumi.StringPtrOutput `pulumi:"groupsAttribute"`
	// Unique name of the role.
	Name pulumi.StringOutput `pulumi:"name"`
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrOutput `pulumi:"namespace"`
	// Path where the auth backend is mounted.
	Path pulumi.StringOutput `pulumi:"path"`
	// List of CIDR blocks; if set, specifies blocks of IP
	// addresses which can authenticate successfully, and ties the resulting token to these blocks
	// as well.
	TokenBoundCidrs pulumi.StringArrayOutput `pulumi:"tokenBoundCidrs"`
	// If set, will encode an
	// [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
	// onto the token in number of seconds. This is a hard cap even if `tokenTtl` and
	// `tokenMaxTtl` would otherwise allow a renewal.
	TokenExplicitMaxTtl pulumi.IntPtrOutput `pulumi:"tokenExplicitMaxTtl"`
	// The maximum lifetime for generated tokens in number of seconds.
	// Its current value will be referenced at renewal time.
	TokenMaxTtl pulumi.IntPtrOutput `pulumi:"tokenMaxTtl"`
	// If set, the default policy will not be set on
	// generated tokens; otherwise it will be added to the policies set in token_policies.
	TokenNoDefaultPolicy pulumi.BoolPtrOutput `pulumi:"tokenNoDefaultPolicy"`
	// The maximum number of times a token may be used, a value of zero means unlimited
	TokenNumUses pulumi.IntPtrOutput `pulumi:"tokenNumUses"`
	// If set, indicates that the
	// token generated using this role should never expire. The token should be renewed within the
	// duration specified by this value. At each renewal, the token's TTL will be set to the
	// value of this field. Specified in seconds.
	TokenPeriod pulumi.IntPtrOutput `pulumi:"tokenPeriod"`
	// List of policies to encode onto generated tokens. Depending
	// on the auth method, this list may be supplemented by user/group/other values.
	TokenPolicies pulumi.StringArrayOutput `pulumi:"tokenPolicies"`
	// The incremental lifetime for generated tokens in number of seconds.
	// Its current value will be referenced at renewal time.
	TokenTtl pulumi.IntPtrOutput `pulumi:"tokenTtl"`
	// The type of token that should be generated. Can be `service`,
	// `batch`, or `default` to use the mount's tuned default (which unless changed will be
	// `service` tokens). For token store roles, there are two additional possibilities:
	// `default-service` and `default-batch` which specify the type to return unless the client
	// requests a different type at generation time.
	TokenType pulumi.StringPtrOutput `pulumi:"tokenType"`
}

Manages an SAML auth backend role in a Vault server. See the [Vault documentation](https://www.vaultproject.io/docs/auth/saml.html) for more information.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-vault/sdk/v5/go/vault/saml"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleAuthBackend, err := saml.NewAuthBackend(ctx, "exampleAuthBackend", &saml.AuthBackendArgs{
			Path:           pulumi.String("saml"),
			IdpMetadataUrl: pulumi.String("https://company.okta.com/app/abc123eb9xnIfzlaf697/sso/saml/metadata"),
			EntityId:       pulumi.String("https://my.vault/v1/auth/saml"),
			AcsUrls: pulumi.StringArray{
				pulumi.String("https://my.vault.primary/v1/auth/saml/callback"),
			},
			DefaultRole: pulumi.String("default-role"),
		})
		if err != nil {
			return err
		}
		_, err = saml.NewAuthBackendRole(ctx, "exampleAuthBackendRole", &saml.AuthBackendRoleArgs{
			Path:            exampleAuthBackend.Path,
			GroupsAttribute: pulumi.String("groups"),
			BoundAttributes: pulumi.Map{
				"group": pulumi.Any("admin"),
			},
			BoundSubjects: pulumi.StringArray{
				pulumi.String("*example.com"),
			},
			TokenPolicies: pulumi.StringArray{
				pulumi.String("writer"),
			},
			TokenTtl: pulumi.Int(86400),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

SAML authentication backend roles can be imported using the `path`, e.g.

```sh 

$ pulumi import vault:saml/authBackendRole:AuthBackendRole example auth/saml/role/my-role

```

func GetAuthBackendRole 

func GetAuthBackendRole(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AuthBackendRoleState, opts ...pulumi.ResourceOption) (*AuthBackendRole, error)

GetAuthBackendRole gets an existing AuthBackendRole resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAuthBackendRole 

func NewAuthBackendRole(ctx *pulumi.Context,
	name string, args *AuthBackendRoleArgs, opts ...pulumi.ResourceOption) (*AuthBackendRole, error)

NewAuthBackendRole registers a new resource with the given unique name, arguments, and options.

func (*AuthBackendRole) ElementType 

func (*AuthBackendRole) ElementType() reflect.Type

func (*AuthBackendRole) ToAuthBackendRoleOutput 

func (i *AuthBackendRole) ToAuthBackendRoleOutput() AuthBackendRoleOutput

func (*AuthBackendRole) ToAuthBackendRoleOutputWithContext 

func (i *AuthBackendRole) ToAuthBackendRoleOutputWithContext(ctx context.Context) AuthBackendRoleOutput

type AuthBackendRoleArgs 

type AuthBackendRoleArgs struct {
	// Mapping of attribute names to values that are expected to
	// exist in the SAML assertion.
	BoundAttributes pulumi.MapInput
	// The type of matching assertion to perform on
	// `boundAttributesType`.
	BoundAttributesType pulumi.StringPtrInput
	// List of subjects being asserted for SAML authentication.
	BoundSubjects pulumi.StringArrayInput
	// The type of matching assertion to perform on `boundSubjects`.
	BoundSubjectsType pulumi.StringPtrInput
	// The attribute to use to identify the set of groups to which the
	// user belongs.
	GroupsAttribute pulumi.StringPtrInput
	// Unique name of the role.
	Name pulumi.StringPtrInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// Path where the auth backend is mounted.
	Path pulumi.StringInput
	// List of CIDR blocks; if set, specifies blocks of IP
	// addresses which can authenticate successfully, and ties the resulting token to these blocks
	// as well.
	TokenBoundCidrs pulumi.StringArrayInput
	// If set, will encode an
	// [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
	// onto the token in number of seconds. This is a hard cap even if `tokenTtl` and
	// `tokenMaxTtl` would otherwise allow a renewal.
	TokenExplicitMaxTtl pulumi.IntPtrInput
	// The maximum lifetime for generated tokens in number of seconds.
	// Its current value will be referenced at renewal time.
	TokenMaxTtl pulumi.IntPtrInput
	// If set, the default policy will not be set on
	// generated tokens; otherwise it will be added to the policies set in token_policies.
	TokenNoDefaultPolicy pulumi.BoolPtrInput
	// The maximum number of times a token may be used, a value of zero means unlimited
	TokenNumUses pulumi.IntPtrInput
	// If set, indicates that the
	// token generated using this role should never expire. The token should be renewed within the
	// duration specified by this value. At each renewal, the token's TTL will be set to the
	// value of this field. Specified in seconds.
	TokenPeriod pulumi.IntPtrInput
	// List of policies to encode onto generated tokens. Depending
	// on the auth method, this list may be supplemented by user/group/other values.
	TokenPolicies pulumi.StringArrayInput
	// The incremental lifetime for generated tokens in number of seconds.
	// Its current value will be referenced at renewal time.
	TokenTtl pulumi.IntPtrInput
	// The type of token that should be generated. Can be `service`,
	// `batch`, or `default` to use the mount's tuned default (which unless changed will be
	// `service` tokens). For token store roles, there are two additional possibilities:
	// `default-service` and `default-batch` which specify the type to return unless the client
	// requests a different type at generation time.
	TokenType pulumi.StringPtrInput
}

The set of arguments for constructing a AuthBackendRole resource.

func (AuthBackendRoleArgs) ElementType 

func (AuthBackendRoleArgs) ElementType() reflect.Type

type AuthBackendRoleArray 

type AuthBackendRoleArray []AuthBackendRoleInput

func (AuthBackendRoleArray) ElementType 

func (AuthBackendRoleArray) ElementType() reflect.Type

func (AuthBackendRoleArray) ToAuthBackendRoleArrayOutput 

func (i AuthBackendRoleArray) ToAuthBackendRoleArrayOutput() AuthBackendRoleArrayOutput

func (AuthBackendRoleArray) ToAuthBackendRoleArrayOutputWithContext 

func (i AuthBackendRoleArray) ToAuthBackendRoleArrayOutputWithContext(ctx context.Context) AuthBackendRoleArrayOutput

type AuthBackendRoleArrayInput 

type AuthBackendRoleArrayInput interface {
	pulumi.Input

	ToAuthBackendRoleArrayOutput() AuthBackendRoleArrayOutput
	ToAuthBackendRoleArrayOutputWithContext(context.Context) AuthBackendRoleArrayOutput
}

AuthBackendRoleArrayInput is an input type that accepts AuthBackendRoleArray and AuthBackendRoleArrayOutput values. You can construct a concrete instance of `AuthBackendRoleArrayInput` via: 

AuthBackendRoleArray{ AuthBackendRoleArgs{...} }

type AuthBackendRoleArrayOutput 

type AuthBackendRoleArrayOutput struct{ *pulumi.OutputState }

func (AuthBackendRoleArrayOutput) ElementType 

func (AuthBackendRoleArrayOutput) ElementType() reflect.Type

func (AuthBackendRoleArrayOutput) Index 

func (o AuthBackendRoleArrayOutput) Index(i pulumi.IntInput) AuthBackendRoleOutput

func (AuthBackendRoleArrayOutput) ToAuthBackendRoleArrayOutput 

func (o AuthBackendRoleArrayOutput) ToAuthBackendRoleArrayOutput() AuthBackendRoleArrayOutput

func (AuthBackendRoleArrayOutput) ToAuthBackendRoleArrayOutputWithContext 

func (o AuthBackendRoleArrayOutput) ToAuthBackendRoleArrayOutputWithContext(ctx context.Context) AuthBackendRoleArrayOutput

type AuthBackendRoleInput 

type AuthBackendRoleInput interface {
	pulumi.Input

	ToAuthBackendRoleOutput() AuthBackendRoleOutput
	ToAuthBackendRoleOutputWithContext(ctx context.Context) AuthBackendRoleOutput
}

type AuthBackendRoleMap 

type AuthBackendRoleMap map[string]AuthBackendRoleInput

func (AuthBackendRoleMap) ElementType 

func (AuthBackendRoleMap) ElementType() reflect.Type

func (AuthBackendRoleMap) ToAuthBackendRoleMapOutput 

func (i AuthBackendRoleMap) ToAuthBackendRoleMapOutput() AuthBackendRoleMapOutput

func (AuthBackendRoleMap) ToAuthBackendRoleMapOutputWithContext 

func (i AuthBackendRoleMap) ToAuthBackendRoleMapOutputWithContext(ctx context.Context) AuthBackendRoleMapOutput

type AuthBackendRoleMapInput 

type AuthBackendRoleMapInput interface {
	pulumi.Input

	ToAuthBackendRoleMapOutput() AuthBackendRoleMapOutput
	ToAuthBackendRoleMapOutputWithContext(context.Context) AuthBackendRoleMapOutput
}

AuthBackendRoleMapInput is an input type that accepts AuthBackendRoleMap and AuthBackendRoleMapOutput values. You can construct a concrete instance of `AuthBackendRoleMapInput` via: 

AuthBackendRoleMap{ "key": AuthBackendRoleArgs{...} }

type AuthBackendRoleMapOutput 

type AuthBackendRoleMapOutput struct{ *pulumi.OutputState }

func (AuthBackendRoleMapOutput) ElementType 

func (AuthBackendRoleMapOutput) ElementType() reflect.Type

func (AuthBackendRoleMapOutput) MapIndex 

func (o AuthBackendRoleMapOutput) MapIndex(k pulumi.StringInput) AuthBackendRoleOutput

func (AuthBackendRoleMapOutput) ToAuthBackendRoleMapOutput 

func (o AuthBackendRoleMapOutput) ToAuthBackendRoleMapOutput() AuthBackendRoleMapOutput

func (AuthBackendRoleMapOutput) ToAuthBackendRoleMapOutputWithContext 

func (o AuthBackendRoleMapOutput) ToAuthBackendRoleMapOutputWithContext(ctx context.Context) AuthBackendRoleMapOutput

type AuthBackendRoleOutput 

type AuthBackendRoleOutput struct{ *pulumi.OutputState }

func (AuthBackendRoleOutput) BoundAttributes 

func (o AuthBackendRoleOutput) BoundAttributes() pulumi.MapOutput

Mapping of attribute names to values that are expected to exist in the SAML assertion.

func (AuthBackendRoleOutput) BoundAttributesType 

func (o AuthBackendRoleOutput) BoundAttributesType() pulumi.StringOutput

The type of matching assertion to perform on `boundAttributesType`.

func (AuthBackendRoleOutput) BoundSubjects 

func (o AuthBackendRoleOutput) BoundSubjects() pulumi.StringArrayOutput

List of subjects being asserted for SAML authentication.

func (AuthBackendRoleOutput) BoundSubjectsType 

func (o AuthBackendRoleOutput) BoundSubjectsType() pulumi.StringOutput

The type of matching assertion to perform on `boundSubjects`.

func (AuthBackendRoleOutput) ElementType 

func (AuthBackendRoleOutput) ElementType() reflect.Type

func (AuthBackendRoleOutput) GroupsAttribute 

func (o AuthBackendRoleOutput) GroupsAttribute() pulumi.StringPtrOutput

The attribute to use to identify the set of groups to which the user belongs.

func (AuthBackendRoleOutput) Name 

func (o AuthBackendRoleOutput) Name() pulumi.StringOutput

Unique name of the role.

func (AuthBackendRoleOutput) Namespace 

func (o AuthBackendRoleOutput) Namespace() pulumi.StringPtrOutput

The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). *Available only for Vault Enterprise*.

func (AuthBackendRoleOutput) Path 

func (o AuthBackendRoleOutput) Path() pulumi.StringOutput

Path where the auth backend is mounted.

func (AuthBackendRoleOutput) ToAuthBackendRoleOutput 

func (o AuthBackendRoleOutput) ToAuthBackendRoleOutput() AuthBackendRoleOutput

func (AuthBackendRoleOutput) ToAuthBackendRoleOutputWithContext 

func (o AuthBackendRoleOutput) ToAuthBackendRoleOutputWithContext(ctx context.Context) AuthBackendRoleOutput

func (AuthBackendRoleOutput) TokenBoundCidrs 

func (o AuthBackendRoleOutput) TokenBoundCidrs() pulumi.StringArrayOutput

List of CIDR blocks; if set, specifies blocks of IP addresses which can authenticate successfully, and ties the resulting token to these blocks as well.

func (AuthBackendRoleOutput) TokenExplicitMaxTtl 

func (o AuthBackendRoleOutput) TokenExplicitMaxTtl() pulumi.IntPtrOutput

If set, will encode an [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls) onto the token in number of seconds. This is a hard cap even if `tokenTtl` and `tokenMaxTtl` would otherwise allow a renewal.

func (AuthBackendRoleOutput) TokenMaxTtl 

func (o AuthBackendRoleOutput) TokenMaxTtl() pulumi.IntPtrOutput

The maximum lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.

func (AuthBackendRoleOutput) TokenNoDefaultPolicy 

func (o AuthBackendRoleOutput) TokenNoDefaultPolicy() pulumi.BoolPtrOutput

If set, the default policy will not be set on generated tokens; otherwise it will be added to the policies set in token_policies.

func (AuthBackendRoleOutput) TokenNumUses 

func (o AuthBackendRoleOutput) TokenNumUses() pulumi.IntPtrOutput

The maximum number of times a token may be used, a value of zero means unlimited

func (AuthBackendRoleOutput) TokenPeriod 

func (o AuthBackendRoleOutput) TokenPeriod() pulumi.IntPtrOutput

If set, indicates that the token generated using this role should never expire. The token should be renewed within the duration specified by this value. At each renewal, the token's TTL will be set to the value of this field. Specified in seconds.

func (AuthBackendRoleOutput) TokenPolicies 

func (o AuthBackendRoleOutput) TokenPolicies() pulumi.StringArrayOutput

List of policies to encode onto generated tokens. Depending on the auth method, this list may be supplemented by user/group/other values.

func (AuthBackendRoleOutput) TokenTtl 

func (o AuthBackendRoleOutput) TokenTtl() pulumi.IntPtrOutput

The incremental lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.

func (AuthBackendRoleOutput) TokenType 

func (o AuthBackendRoleOutput) TokenType() pulumi.StringPtrOutput

The type of token that should be generated. Can be `service`, `batch`, or `default` to use the mount's tuned default (which unless changed will be `service` tokens). For token store roles, there are two additional possibilities: `default-service` and `default-batch` which specify the type to return unless the client requests a different type at generation time.

type AuthBackendRoleState 

type AuthBackendRoleState struct {
	// Mapping of attribute names to values that are expected to
	// exist in the SAML assertion.
	BoundAttributes pulumi.MapInput
	// The type of matching assertion to perform on
	// `boundAttributesType`.
	BoundAttributesType pulumi.StringPtrInput
	// List of subjects being asserted for SAML authentication.
	BoundSubjects pulumi.StringArrayInput
	// The type of matching assertion to perform on `boundSubjects`.
	BoundSubjectsType pulumi.StringPtrInput
	// The attribute to use to identify the set of groups to which the
	// user belongs.
	GroupsAttribute pulumi.StringPtrInput
	// Unique name of the role.
	Name pulumi.StringPtrInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// Path where the auth backend is mounted.
	Path pulumi.StringPtrInput
	// List of CIDR blocks; if set, specifies blocks of IP
	// addresses which can authenticate successfully, and ties the resulting token to these blocks
	// as well.
	TokenBoundCidrs pulumi.StringArrayInput
	// If set, will encode an
	// [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
	// onto the token in number of seconds. This is a hard cap even if `tokenTtl` and
	// `tokenMaxTtl` would otherwise allow a renewal.
	TokenExplicitMaxTtl pulumi.IntPtrInput
	// The maximum lifetime for generated tokens in number of seconds.
	// Its current value will be referenced at renewal time.
	TokenMaxTtl pulumi.IntPtrInput
	// If set, the default policy will not be set on
	// generated tokens; otherwise it will be added to the policies set in token_policies.
	TokenNoDefaultPolicy pulumi.BoolPtrInput
	// The maximum number of times a token may be used, a value of zero means unlimited
	TokenNumUses pulumi.IntPtrInput
	// If set, indicates that the
	// token generated using this role should never expire. The token should be renewed within the
	// duration specified by this value. At each renewal, the token's TTL will be set to the
	// value of this field. Specified in seconds.
	TokenPeriod pulumi.IntPtrInput
	// List of policies to encode onto generated tokens. Depending
	// on the auth method, this list may be supplemented by user/group/other values.
	TokenPolicies pulumi.StringArrayInput
	// The incremental lifetime for generated tokens in number of seconds.
	// Its current value will be referenced at renewal time.
	TokenTtl pulumi.IntPtrInput
	// The type of token that should be generated. Can be `service`,
	// `batch`, or `default` to use the mount's tuned default (which unless changed will be
	// `service` tokens). For token store roles, there are two additional possibilities:
	// `default-service` and `default-batch` which specify the type to return unless the client
	// requests a different type at generation time.
	TokenType pulumi.StringPtrInput
}

func (AuthBackendRoleState) ElementType 

func (AuthBackendRoleState) ElementType() reflect.Type

type AuthBackendState 

type AuthBackendState struct {
	// The well-formatted URLs of your Assertion Consumer Service (ACS)
	// that should receive a response from the identity provider.
	AcsUrls pulumi.StringArrayInput
	// The role to use if no role is provided during login.
	DefaultRole pulumi.StringPtrInput
	// If set to `true`, opts out of mount migration on path updates.
	// See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
	DisableRemount pulumi.BoolPtrInput
	// The entity ID of the SAML authentication service provider.
	EntityId pulumi.StringPtrInput
	// The PEM encoded certificate of the identity provider. Mutually exclusive
	// with `idpMetadataUrl`.
	IdpCert pulumi.StringPtrInput
	// The entity ID of the identity provider. Mutually exclusive with
	// `idpMetadataUrl`.
	IdpEntityId pulumi.StringPtrInput
	// The metadata URL of the identity provider.
	IdpMetadataUrl pulumi.StringPtrInput
	// The SSO URL of the identity provider. Mutually exclusive with
	// `idpMetadataUrl`.
	IdpSsoUrl pulumi.StringPtrInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// Path where the auth backend will be mounted. Defaults to `auth/saml`
	// if not specified.
	Path pulumi.StringPtrInput
	// If set to `true`, logs additional, potentially sensitive
	// information during the SAML exchange according to the current logging level. Not
	// recommended for production.
	VerboseLogging pulumi.BoolPtrInput
}

func (AuthBackendState) ElementType 

func (AuthBackendState) ElementType() reflect.Type

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.