Documentation ¶
Index ¶
- type AuthBackendRole
- type AuthBackendRoleArgs
- type AuthBackendRoleArray
- type AuthBackendRoleArrayInput
- type AuthBackendRoleArrayOutput
- func (AuthBackendRoleArrayOutput) ElementType() reflect.Type
- func (o AuthBackendRoleArrayOutput) Index(i pulumi.IntInput) AuthBackendRoleOutput
- func (o AuthBackendRoleArrayOutput) ToAuthBackendRoleArrayOutput() AuthBackendRoleArrayOutput
- func (o AuthBackendRoleArrayOutput) ToAuthBackendRoleArrayOutputWithContext(ctx context.Context) AuthBackendRoleArrayOutput
- type AuthBackendRoleInput
- type AuthBackendRoleMap
- type AuthBackendRoleMapInput
- type AuthBackendRoleMapOutput
- func (AuthBackendRoleMapOutput) ElementType() reflect.Type
- func (o AuthBackendRoleMapOutput) MapIndex(k pulumi.StringInput) AuthBackendRoleOutput
- func (o AuthBackendRoleMapOutput) ToAuthBackendRoleMapOutput() AuthBackendRoleMapOutput
- func (o AuthBackendRoleMapOutput) ToAuthBackendRoleMapOutputWithContext(ctx context.Context) AuthBackendRoleMapOutput
- type AuthBackendRoleOutput
- func (o AuthBackendRoleOutput) AllowedEntityAliases() pulumi.StringArrayOutput
- func (o AuthBackendRoleOutput) AllowedPolicies() pulumi.StringArrayOutput
- func (o AuthBackendRoleOutput) AllowedPoliciesGlobs() pulumi.StringArrayOutput
- func (o AuthBackendRoleOutput) DisallowedPolicies() pulumi.StringArrayOutput
- func (o AuthBackendRoleOutput) DisallowedPoliciesGlobs() pulumi.StringArrayOutput
- func (AuthBackendRoleOutput) ElementType() reflect.Type
- func (o AuthBackendRoleOutput) Namespace() pulumi.StringPtrOutput
- func (o AuthBackendRoleOutput) Orphan() pulumi.BoolPtrOutput
- func (o AuthBackendRoleOutput) PathSuffix() pulumi.StringPtrOutput
- func (o AuthBackendRoleOutput) Renewable() pulumi.BoolPtrOutput
- func (o AuthBackendRoleOutput) RoleName() pulumi.StringOutput
- func (o AuthBackendRoleOutput) ToAuthBackendRoleOutput() AuthBackendRoleOutput
- func (o AuthBackendRoleOutput) ToAuthBackendRoleOutputWithContext(ctx context.Context) AuthBackendRoleOutput
- func (o AuthBackendRoleOutput) TokenBoundCidrs() pulumi.StringArrayOutput
- func (o AuthBackendRoleOutput) TokenExplicitMaxTtl() pulumi.IntPtrOutput
- func (o AuthBackendRoleOutput) TokenMaxTtl() pulumi.IntPtrOutput
- func (o AuthBackendRoleOutput) TokenNoDefaultPolicy() pulumi.BoolPtrOutput
- func (o AuthBackendRoleOutput) TokenNumUses() pulumi.IntPtrOutput
- func (o AuthBackendRoleOutput) TokenPeriod() pulumi.IntPtrOutput
- func (o AuthBackendRoleOutput) TokenPolicies() pulumi.StringArrayOutput
- func (o AuthBackendRoleOutput) TokenTtl() pulumi.IntPtrOutput
- func (o AuthBackendRoleOutput) TokenType() pulumi.StringPtrOutput
- type AuthBackendRoleState
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AuthBackendRole ¶
type AuthBackendRole struct { pulumi.CustomResourceState // List of allowed entity aliases. AllowedEntityAliases pulumi.StringArrayOutput `pulumi:"allowedEntityAliases"` // List of allowed policies for given role. AllowedPolicies pulumi.StringArrayOutput `pulumi:"allowedPolicies"` // Set of allowed policies with glob match for given role. AllowedPoliciesGlobs pulumi.StringArrayOutput `pulumi:"allowedPoliciesGlobs"` // List of disallowed policies for given role. DisallowedPolicies pulumi.StringArrayOutput `pulumi:"disallowedPolicies"` // Set of disallowed policies with glob match for given role. DisallowedPoliciesGlobs pulumi.StringArrayOutput `pulumi:"disallowedPoliciesGlobs"` // The namespace to provision the resource in. // The value should not contain leading or trailing forward slashes. // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). // *Available only for Vault Enterprise*. Namespace pulumi.StringPtrOutput `pulumi:"namespace"` // If true, tokens created against this policy will be orphan tokens. Orphan pulumi.BoolPtrOutput `pulumi:"orphan"` // Tokens created against this role will have the given suffix as part of their path in addition to the role name. // // > Due to a bug the resource. This *will* cause all existing tokens issued by this role to be revoked. PathSuffix pulumi.StringPtrOutput `pulumi:"pathSuffix"` // Whether to disable the ability of the token to be renewed past its initial TTL. Renewable pulumi.BoolPtrOutput `pulumi:"renewable"` // The name of the role. RoleName pulumi.StringOutput `pulumi:"roleName"` // List of CIDR blocks; if set, specifies blocks of IP // addresses which can authenticate successfully, and ties the resulting token to these blocks // as well. TokenBoundCidrs pulumi.StringArrayOutput `pulumi:"tokenBoundCidrs"` // If set, will encode an // [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls) // onto the token in number of seconds. This is a hard cap even if `tokenTtl` and // `tokenMaxTtl` would otherwise allow a renewal. TokenExplicitMaxTtl pulumi.IntPtrOutput `pulumi:"tokenExplicitMaxTtl"` // The maximum lifetime for generated tokens in number of seconds. // Its current value will be referenced at renewal time. TokenMaxTtl pulumi.IntPtrOutput `pulumi:"tokenMaxTtl"` // If set, the default policy will not be set on // generated tokens; otherwise it will be added to the policies set in token_policies. TokenNoDefaultPolicy pulumi.BoolPtrOutput `pulumi:"tokenNoDefaultPolicy"` // The [maximum number](https://www.vaultproject.io/api-docs/token#token_num_uses) // of times a generated token may be used (within its lifetime); 0 means unlimited. TokenNumUses pulumi.IntPtrOutput `pulumi:"tokenNumUses"` // If set, indicates that the // token generated using this role should never expire. The token should be renewed within the // duration specified by this value. At each renewal, the token's TTL will be set to the // value of this field. Specified in seconds. TokenPeriod pulumi.IntPtrOutput `pulumi:"tokenPeriod"` // Generated Token's Policies TokenPolicies pulumi.StringArrayOutput `pulumi:"tokenPolicies"` // The incremental lifetime for generated tokens in number of seconds. // Its current value will be referenced at renewal time. TokenTtl pulumi.IntPtrOutput `pulumi:"tokenTtl"` // The type of token that should be generated. Can be `service`, // `batch`, or `default` to use the mount's tuned default (which unless changed will be // `service` tokens). For token store roles, there are two additional possibilities: // `default-service` and `default-batch` which specify the type to return unless the client // requests a different type at generation time. TokenType pulumi.StringPtrOutput `pulumi:"tokenType"` }
Manages Token auth backend role in a Vault server. See the [Vault documentation](https://www.vaultproject.io/docs/auth/token.html) for more information.
## Example Usage
```go package main
import (
"github.com/pulumi/pulumi-vault/sdk/v5/go/vault/tokenauth" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := tokenauth.NewAuthBackendRole(ctx, "example", &tokenauth.AuthBackendRoleArgs{ AllowedEntityAliases: pulumi.StringArray{ pulumi.String("test_entity"), }, AllowedPolicies: pulumi.StringArray{ pulumi.String("dev"), pulumi.String("test"), }, DisallowedPolicies: pulumi.StringArray{ pulumi.String("default"), }, Orphan: pulumi.Bool(true), PathSuffix: pulumi.String("path-suffix"), Renewable: pulumi.Bool(true), RoleName: pulumi.String("my-role"), TokenExplicitMaxTtl: pulumi.Int(115200), TokenPeriod: pulumi.Int(86400), }) if err != nil { return err } return nil }) }
```
## Import
Token auth backend roles can be imported with `auth/token/roles/` followed by the `role_name`, e.g.
```sh
$ pulumi import vault:tokenauth/authBackendRole:AuthBackendRole example auth/token/roles/my-role
```
func GetAuthBackendRole ¶
func GetAuthBackendRole(ctx *pulumi.Context, name string, id pulumi.IDInput, state *AuthBackendRoleState, opts ...pulumi.ResourceOption) (*AuthBackendRole, error)
GetAuthBackendRole gets an existing AuthBackendRole resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewAuthBackendRole ¶
func NewAuthBackendRole(ctx *pulumi.Context, name string, args *AuthBackendRoleArgs, opts ...pulumi.ResourceOption) (*AuthBackendRole, error)
NewAuthBackendRole registers a new resource with the given unique name, arguments, and options.
func (*AuthBackendRole) ElementType ¶
func (*AuthBackendRole) ElementType() reflect.Type
func (*AuthBackendRole) ToAuthBackendRoleOutput ¶
func (i *AuthBackendRole) ToAuthBackendRoleOutput() AuthBackendRoleOutput
func (*AuthBackendRole) ToAuthBackendRoleOutputWithContext ¶
func (i *AuthBackendRole) ToAuthBackendRoleOutputWithContext(ctx context.Context) AuthBackendRoleOutput
type AuthBackendRoleArgs ¶
type AuthBackendRoleArgs struct { // List of allowed entity aliases. AllowedEntityAliases pulumi.StringArrayInput // List of allowed policies for given role. AllowedPolicies pulumi.StringArrayInput // Set of allowed policies with glob match for given role. AllowedPoliciesGlobs pulumi.StringArrayInput // List of disallowed policies for given role. DisallowedPolicies pulumi.StringArrayInput // Set of disallowed policies with glob match for given role. DisallowedPoliciesGlobs pulumi.StringArrayInput // The namespace to provision the resource in. // The value should not contain leading or trailing forward slashes. // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). // *Available only for Vault Enterprise*. Namespace pulumi.StringPtrInput // If true, tokens created against this policy will be orphan tokens. Orphan pulumi.BoolPtrInput // Tokens created against this role will have the given suffix as part of their path in addition to the role name. // // > Due to a bug the resource. This *will* cause all existing tokens issued by this role to be revoked. PathSuffix pulumi.StringPtrInput // Whether to disable the ability of the token to be renewed past its initial TTL. Renewable pulumi.BoolPtrInput // The name of the role. RoleName pulumi.StringInput // List of CIDR blocks; if set, specifies blocks of IP // addresses which can authenticate successfully, and ties the resulting token to these blocks // as well. TokenBoundCidrs pulumi.StringArrayInput // If set, will encode an // [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls) // onto the token in number of seconds. This is a hard cap even if `tokenTtl` and // `tokenMaxTtl` would otherwise allow a renewal. TokenExplicitMaxTtl pulumi.IntPtrInput // The maximum lifetime for generated tokens in number of seconds. // Its current value will be referenced at renewal time. TokenMaxTtl pulumi.IntPtrInput // If set, the default policy will not be set on // generated tokens; otherwise it will be added to the policies set in token_policies. TokenNoDefaultPolicy pulumi.BoolPtrInput // The [maximum number](https://www.vaultproject.io/api-docs/token#token_num_uses) // of times a generated token may be used (within its lifetime); 0 means unlimited. TokenNumUses pulumi.IntPtrInput // If set, indicates that the // token generated using this role should never expire. The token should be renewed within the // duration specified by this value. At each renewal, the token's TTL will be set to the // value of this field. Specified in seconds. TokenPeriod pulumi.IntPtrInput // Generated Token's Policies TokenPolicies pulumi.StringArrayInput // The incremental lifetime for generated tokens in number of seconds. // Its current value will be referenced at renewal time. TokenTtl pulumi.IntPtrInput // The type of token that should be generated. Can be `service`, // `batch`, or `default` to use the mount's tuned default (which unless changed will be // `service` tokens). For token store roles, there are two additional possibilities: // `default-service` and `default-batch` which specify the type to return unless the client // requests a different type at generation time. TokenType pulumi.StringPtrInput }
The set of arguments for constructing a AuthBackendRole resource.
func (AuthBackendRoleArgs) ElementType ¶
func (AuthBackendRoleArgs) ElementType() reflect.Type
type AuthBackendRoleArray ¶
type AuthBackendRoleArray []AuthBackendRoleInput
func (AuthBackendRoleArray) ElementType ¶
func (AuthBackendRoleArray) ElementType() reflect.Type
func (AuthBackendRoleArray) ToAuthBackendRoleArrayOutput ¶
func (i AuthBackendRoleArray) ToAuthBackendRoleArrayOutput() AuthBackendRoleArrayOutput
func (AuthBackendRoleArray) ToAuthBackendRoleArrayOutputWithContext ¶
func (i AuthBackendRoleArray) ToAuthBackendRoleArrayOutputWithContext(ctx context.Context) AuthBackendRoleArrayOutput
type AuthBackendRoleArrayInput ¶
type AuthBackendRoleArrayInput interface { pulumi.Input ToAuthBackendRoleArrayOutput() AuthBackendRoleArrayOutput ToAuthBackendRoleArrayOutputWithContext(context.Context) AuthBackendRoleArrayOutput }
AuthBackendRoleArrayInput is an input type that accepts AuthBackendRoleArray and AuthBackendRoleArrayOutput values. You can construct a concrete instance of `AuthBackendRoleArrayInput` via:
AuthBackendRoleArray{ AuthBackendRoleArgs{...} }
type AuthBackendRoleArrayOutput ¶
type AuthBackendRoleArrayOutput struct{ *pulumi.OutputState }
func (AuthBackendRoleArrayOutput) ElementType ¶
func (AuthBackendRoleArrayOutput) ElementType() reflect.Type
func (AuthBackendRoleArrayOutput) Index ¶
func (o AuthBackendRoleArrayOutput) Index(i pulumi.IntInput) AuthBackendRoleOutput
func (AuthBackendRoleArrayOutput) ToAuthBackendRoleArrayOutput ¶
func (o AuthBackendRoleArrayOutput) ToAuthBackendRoleArrayOutput() AuthBackendRoleArrayOutput
func (AuthBackendRoleArrayOutput) ToAuthBackendRoleArrayOutputWithContext ¶
func (o AuthBackendRoleArrayOutput) ToAuthBackendRoleArrayOutputWithContext(ctx context.Context) AuthBackendRoleArrayOutput
type AuthBackendRoleInput ¶
type AuthBackendRoleInput interface { pulumi.Input ToAuthBackendRoleOutput() AuthBackendRoleOutput ToAuthBackendRoleOutputWithContext(ctx context.Context) AuthBackendRoleOutput }
type AuthBackendRoleMap ¶
type AuthBackendRoleMap map[string]AuthBackendRoleInput
func (AuthBackendRoleMap) ElementType ¶
func (AuthBackendRoleMap) ElementType() reflect.Type
func (AuthBackendRoleMap) ToAuthBackendRoleMapOutput ¶
func (i AuthBackendRoleMap) ToAuthBackendRoleMapOutput() AuthBackendRoleMapOutput
func (AuthBackendRoleMap) ToAuthBackendRoleMapOutputWithContext ¶
func (i AuthBackendRoleMap) ToAuthBackendRoleMapOutputWithContext(ctx context.Context) AuthBackendRoleMapOutput
type AuthBackendRoleMapInput ¶
type AuthBackendRoleMapInput interface { pulumi.Input ToAuthBackendRoleMapOutput() AuthBackendRoleMapOutput ToAuthBackendRoleMapOutputWithContext(context.Context) AuthBackendRoleMapOutput }
AuthBackendRoleMapInput is an input type that accepts AuthBackendRoleMap and AuthBackendRoleMapOutput values. You can construct a concrete instance of `AuthBackendRoleMapInput` via:
AuthBackendRoleMap{ "key": AuthBackendRoleArgs{...} }
type AuthBackendRoleMapOutput ¶
type AuthBackendRoleMapOutput struct{ *pulumi.OutputState }
func (AuthBackendRoleMapOutput) ElementType ¶
func (AuthBackendRoleMapOutput) ElementType() reflect.Type
func (AuthBackendRoleMapOutput) MapIndex ¶
func (o AuthBackendRoleMapOutput) MapIndex(k pulumi.StringInput) AuthBackendRoleOutput
func (AuthBackendRoleMapOutput) ToAuthBackendRoleMapOutput ¶
func (o AuthBackendRoleMapOutput) ToAuthBackendRoleMapOutput() AuthBackendRoleMapOutput
func (AuthBackendRoleMapOutput) ToAuthBackendRoleMapOutputWithContext ¶
func (o AuthBackendRoleMapOutput) ToAuthBackendRoleMapOutputWithContext(ctx context.Context) AuthBackendRoleMapOutput
type AuthBackendRoleOutput ¶
type AuthBackendRoleOutput struct{ *pulumi.OutputState }
func (AuthBackendRoleOutput) AllowedEntityAliases ¶ added in v5.6.0
func (o AuthBackendRoleOutput) AllowedEntityAliases() pulumi.StringArrayOutput
List of allowed entity aliases.
func (AuthBackendRoleOutput) AllowedPolicies ¶ added in v5.6.0
func (o AuthBackendRoleOutput) AllowedPolicies() pulumi.StringArrayOutput
List of allowed policies for given role.
func (AuthBackendRoleOutput) AllowedPoliciesGlobs ¶ added in v5.6.0
func (o AuthBackendRoleOutput) AllowedPoliciesGlobs() pulumi.StringArrayOutput
Set of allowed policies with glob match for given role.
func (AuthBackendRoleOutput) DisallowedPolicies ¶ added in v5.6.0
func (o AuthBackendRoleOutput) DisallowedPolicies() pulumi.StringArrayOutput
List of disallowed policies for given role.
func (AuthBackendRoleOutput) DisallowedPoliciesGlobs ¶ added in v5.6.0
func (o AuthBackendRoleOutput) DisallowedPoliciesGlobs() pulumi.StringArrayOutput
Set of disallowed policies with glob match for given role.
func (AuthBackendRoleOutput) ElementType ¶
func (AuthBackendRoleOutput) ElementType() reflect.Type
func (AuthBackendRoleOutput) Namespace ¶ added in v5.7.0
func (o AuthBackendRoleOutput) Namespace() pulumi.StringPtrOutput
The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). *Available only for Vault Enterprise*.
func (AuthBackendRoleOutput) Orphan ¶ added in v5.6.0
func (o AuthBackendRoleOutput) Orphan() pulumi.BoolPtrOutput
If true, tokens created against this policy will be orphan tokens.
func (AuthBackendRoleOutput) PathSuffix ¶ added in v5.6.0
func (o AuthBackendRoleOutput) PathSuffix() pulumi.StringPtrOutput
Tokens created against this role will have the given suffix as part of their path in addition to the role name.
> Due to a bug the resource. This *will* cause all existing tokens issued by this role to be revoked.
func (AuthBackendRoleOutput) Renewable ¶ added in v5.6.0
func (o AuthBackendRoleOutput) Renewable() pulumi.BoolPtrOutput
Whether to disable the ability of the token to be renewed past its initial TTL.
func (AuthBackendRoleOutput) RoleName ¶ added in v5.6.0
func (o AuthBackendRoleOutput) RoleName() pulumi.StringOutput
The name of the role.
func (AuthBackendRoleOutput) ToAuthBackendRoleOutput ¶
func (o AuthBackendRoleOutput) ToAuthBackendRoleOutput() AuthBackendRoleOutput
func (AuthBackendRoleOutput) ToAuthBackendRoleOutputWithContext ¶
func (o AuthBackendRoleOutput) ToAuthBackendRoleOutputWithContext(ctx context.Context) AuthBackendRoleOutput
func (AuthBackendRoleOutput) TokenBoundCidrs ¶ added in v5.6.0
func (o AuthBackendRoleOutput) TokenBoundCidrs() pulumi.StringArrayOutput
List of CIDR blocks; if set, specifies blocks of IP addresses which can authenticate successfully, and ties the resulting token to these blocks as well.
func (AuthBackendRoleOutput) TokenExplicitMaxTtl ¶ added in v5.6.0
func (o AuthBackendRoleOutput) TokenExplicitMaxTtl() pulumi.IntPtrOutput
If set, will encode an [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls) onto the token in number of seconds. This is a hard cap even if `tokenTtl` and `tokenMaxTtl` would otherwise allow a renewal.
func (AuthBackendRoleOutput) TokenMaxTtl ¶ added in v5.6.0
func (o AuthBackendRoleOutput) TokenMaxTtl() pulumi.IntPtrOutput
The maximum lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.
func (AuthBackendRoleOutput) TokenNoDefaultPolicy ¶ added in v5.6.0
func (o AuthBackendRoleOutput) TokenNoDefaultPolicy() pulumi.BoolPtrOutput
If set, the default policy will not be set on generated tokens; otherwise it will be added to the policies set in token_policies.
func (AuthBackendRoleOutput) TokenNumUses ¶ added in v5.6.0
func (o AuthBackendRoleOutput) TokenNumUses() pulumi.IntPtrOutput
The [maximum number](https://www.vaultproject.io/api-docs/token#token_num_uses) of times a generated token may be used (within its lifetime); 0 means unlimited.
func (AuthBackendRoleOutput) TokenPeriod ¶ added in v5.6.0
func (o AuthBackendRoleOutput) TokenPeriod() pulumi.IntPtrOutput
If set, indicates that the token generated using this role should never expire. The token should be renewed within the duration specified by this value. At each renewal, the token's TTL will be set to the value of this field. Specified in seconds.
func (AuthBackendRoleOutput) TokenPolicies ¶ added in v5.6.0
func (o AuthBackendRoleOutput) TokenPolicies() pulumi.StringArrayOutput
Generated Token's Policies
func (AuthBackendRoleOutput) TokenTtl ¶ added in v5.6.0
func (o AuthBackendRoleOutput) TokenTtl() pulumi.IntPtrOutput
The incremental lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.
func (AuthBackendRoleOutput) TokenType ¶ added in v5.6.0
func (o AuthBackendRoleOutput) TokenType() pulumi.StringPtrOutput
The type of token that should be generated. Can be `service`, `batch`, or `default` to use the mount's tuned default (which unless changed will be `service` tokens). For token store roles, there are two additional possibilities: `default-service` and `default-batch` which specify the type to return unless the client requests a different type at generation time.
type AuthBackendRoleState ¶
type AuthBackendRoleState struct { // List of allowed entity aliases. AllowedEntityAliases pulumi.StringArrayInput // List of allowed policies for given role. AllowedPolicies pulumi.StringArrayInput // Set of allowed policies with glob match for given role. AllowedPoliciesGlobs pulumi.StringArrayInput // List of disallowed policies for given role. DisallowedPolicies pulumi.StringArrayInput // Set of disallowed policies with glob match for given role. DisallowedPoliciesGlobs pulumi.StringArrayInput // The namespace to provision the resource in. // The value should not contain leading or trailing forward slashes. // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). // *Available only for Vault Enterprise*. Namespace pulumi.StringPtrInput // If true, tokens created against this policy will be orphan tokens. Orphan pulumi.BoolPtrInput // Tokens created against this role will have the given suffix as part of their path in addition to the role name. // // > Due to a bug the resource. This *will* cause all existing tokens issued by this role to be revoked. PathSuffix pulumi.StringPtrInput // Whether to disable the ability of the token to be renewed past its initial TTL. Renewable pulumi.BoolPtrInput // The name of the role. RoleName pulumi.StringPtrInput // List of CIDR blocks; if set, specifies blocks of IP // addresses which can authenticate successfully, and ties the resulting token to these blocks // as well. TokenBoundCidrs pulumi.StringArrayInput // If set, will encode an // [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls) // onto the token in number of seconds. This is a hard cap even if `tokenTtl` and // `tokenMaxTtl` would otherwise allow a renewal. TokenExplicitMaxTtl pulumi.IntPtrInput // The maximum lifetime for generated tokens in number of seconds. // Its current value will be referenced at renewal time. TokenMaxTtl pulumi.IntPtrInput // If set, the default policy will not be set on // generated tokens; otherwise it will be added to the policies set in token_policies. TokenNoDefaultPolicy pulumi.BoolPtrInput // The [maximum number](https://www.vaultproject.io/api-docs/token#token_num_uses) // of times a generated token may be used (within its lifetime); 0 means unlimited. TokenNumUses pulumi.IntPtrInput // If set, indicates that the // token generated using this role should never expire. The token should be renewed within the // duration specified by this value. At each renewal, the token's TTL will be set to the // value of this field. Specified in seconds. TokenPeriod pulumi.IntPtrInput // Generated Token's Policies TokenPolicies pulumi.StringArrayInput // The incremental lifetime for generated tokens in number of seconds. // Its current value will be referenced at renewal time. TokenTtl pulumi.IntPtrInput // The type of token that should be generated. Can be `service`, // `batch`, or `default` to use the mount's tuned default (which unless changed will be // `service` tokens). For token store roles, there are two additional possibilities: // `default-service` and `default-batch` which specify the type to return unless the client // requests a different type at generation time. TokenType pulumi.StringPtrInput }
func (AuthBackendRoleState) ElementType ¶
func (AuthBackendRoleState) ElementType() reflect.Type