Documentation ¶
Index ¶
- type AuthBackend
- type AuthBackendArgs
- type AuthBackendArray
- type AuthBackendArrayInput
- type AuthBackendArrayOutput
- func (AuthBackendArrayOutput) ElementType() reflect.Type
- func (o AuthBackendArrayOutput) Index(i pulumi.IntInput) AuthBackendOutput
- func (o AuthBackendArrayOutput) ToAuthBackendArrayOutput() AuthBackendArrayOutput
- func (o AuthBackendArrayOutput) ToAuthBackendArrayOutputWithContext(ctx context.Context) AuthBackendArrayOutput
- type AuthBackendCustomEndpoint
- type AuthBackendCustomEndpointArgs
- func (AuthBackendCustomEndpointArgs) ElementType() reflect.Type
- func (i AuthBackendCustomEndpointArgs) ToAuthBackendCustomEndpointOutput() AuthBackendCustomEndpointOutput
- func (i AuthBackendCustomEndpointArgs) ToAuthBackendCustomEndpointOutputWithContext(ctx context.Context) AuthBackendCustomEndpointOutput
- func (i AuthBackendCustomEndpointArgs) ToAuthBackendCustomEndpointPtrOutput() AuthBackendCustomEndpointPtrOutput
- func (i AuthBackendCustomEndpointArgs) ToAuthBackendCustomEndpointPtrOutputWithContext(ctx context.Context) AuthBackendCustomEndpointPtrOutput
- type AuthBackendCustomEndpointInput
- type AuthBackendCustomEndpointOutput
- func (o AuthBackendCustomEndpointOutput) Api() pulumi.StringPtrOutput
- func (o AuthBackendCustomEndpointOutput) Compute() pulumi.StringPtrOutput
- func (o AuthBackendCustomEndpointOutput) Crm() pulumi.StringPtrOutput
- func (AuthBackendCustomEndpointOutput) ElementType() reflect.Type
- func (o AuthBackendCustomEndpointOutput) Iam() pulumi.StringPtrOutput
- func (o AuthBackendCustomEndpointOutput) ToAuthBackendCustomEndpointOutput() AuthBackendCustomEndpointOutput
- func (o AuthBackendCustomEndpointOutput) ToAuthBackendCustomEndpointOutputWithContext(ctx context.Context) AuthBackendCustomEndpointOutput
- func (o AuthBackendCustomEndpointOutput) ToAuthBackendCustomEndpointPtrOutput() AuthBackendCustomEndpointPtrOutput
- func (o AuthBackendCustomEndpointOutput) ToAuthBackendCustomEndpointPtrOutputWithContext(ctx context.Context) AuthBackendCustomEndpointPtrOutput
- type AuthBackendCustomEndpointPtrInput
- type AuthBackendCustomEndpointPtrOutput
- func (o AuthBackendCustomEndpointPtrOutput) Api() pulumi.StringPtrOutput
- func (o AuthBackendCustomEndpointPtrOutput) Compute() pulumi.StringPtrOutput
- func (o AuthBackendCustomEndpointPtrOutput) Crm() pulumi.StringPtrOutput
- func (o AuthBackendCustomEndpointPtrOutput) Elem() AuthBackendCustomEndpointOutput
- func (AuthBackendCustomEndpointPtrOutput) ElementType() reflect.Type
- func (o AuthBackendCustomEndpointPtrOutput) Iam() pulumi.StringPtrOutput
- func (o AuthBackendCustomEndpointPtrOutput) ToAuthBackendCustomEndpointPtrOutput() AuthBackendCustomEndpointPtrOutput
- func (o AuthBackendCustomEndpointPtrOutput) ToAuthBackendCustomEndpointPtrOutputWithContext(ctx context.Context) AuthBackendCustomEndpointPtrOutput
- type AuthBackendInput
- type AuthBackendMap
- type AuthBackendMapInput
- type AuthBackendMapOutput
- func (AuthBackendMapOutput) ElementType() reflect.Type
- func (o AuthBackendMapOutput) MapIndex(k pulumi.StringInput) AuthBackendOutput
- func (o AuthBackendMapOutput) ToAuthBackendMapOutput() AuthBackendMapOutput
- func (o AuthBackendMapOutput) ToAuthBackendMapOutputWithContext(ctx context.Context) AuthBackendMapOutput
- type AuthBackendOutput
- func (o AuthBackendOutput) Accessor() pulumi.StringOutput
- func (o AuthBackendOutput) ClientEmail() pulumi.StringOutput
- func (o AuthBackendOutput) ClientId() pulumi.StringOutput
- func (o AuthBackendOutput) Credentials() pulumi.StringPtrOutput
- func (o AuthBackendOutput) CustomEndpoint() AuthBackendCustomEndpointPtrOutput
- func (o AuthBackendOutput) Description() pulumi.StringPtrOutput
- func (o AuthBackendOutput) DisableRemount() pulumi.BoolPtrOutput
- func (AuthBackendOutput) ElementType() reflect.Type
- func (o AuthBackendOutput) Local() pulumi.BoolPtrOutput
- func (o AuthBackendOutput) Namespace() pulumi.StringPtrOutput
- func (o AuthBackendOutput) Path() pulumi.StringPtrOutput
- func (o AuthBackendOutput) PrivateKeyId() pulumi.StringOutput
- func (o AuthBackendOutput) ProjectId() pulumi.StringOutput
- func (o AuthBackendOutput) ToAuthBackendOutput() AuthBackendOutput
- func (o AuthBackendOutput) ToAuthBackendOutputWithContext(ctx context.Context) AuthBackendOutput
- func (o AuthBackendOutput) Tune() AuthBackendTuneOutput
- type AuthBackendRole
- type AuthBackendRoleArgs
- type AuthBackendRoleArray
- type AuthBackendRoleArrayInput
- type AuthBackendRoleArrayOutput
- func (AuthBackendRoleArrayOutput) ElementType() reflect.Type
- func (o AuthBackendRoleArrayOutput) Index(i pulumi.IntInput) AuthBackendRoleOutput
- func (o AuthBackendRoleArrayOutput) ToAuthBackendRoleArrayOutput() AuthBackendRoleArrayOutput
- func (o AuthBackendRoleArrayOutput) ToAuthBackendRoleArrayOutputWithContext(ctx context.Context) AuthBackendRoleArrayOutput
- type AuthBackendRoleInput
- type AuthBackendRoleMap
- type AuthBackendRoleMapInput
- type AuthBackendRoleMapOutput
- func (AuthBackendRoleMapOutput) ElementType() reflect.Type
- func (o AuthBackendRoleMapOutput) MapIndex(k pulumi.StringInput) AuthBackendRoleOutput
- func (o AuthBackendRoleMapOutput) ToAuthBackendRoleMapOutput() AuthBackendRoleMapOutput
- func (o AuthBackendRoleMapOutput) ToAuthBackendRoleMapOutputWithContext(ctx context.Context) AuthBackendRoleMapOutput
- type AuthBackendRoleOutput
- func (o AuthBackendRoleOutput) AddGroupAliases() pulumi.BoolOutput
- func (o AuthBackendRoleOutput) AllowGceInference() pulumi.BoolOutput
- func (o AuthBackendRoleOutput) Backend() pulumi.StringPtrOutput
- func (o AuthBackendRoleOutput) BoundInstanceGroups() pulumi.StringArrayOutput
- func (o AuthBackendRoleOutput) BoundLabels() pulumi.StringArrayOutput
- func (o AuthBackendRoleOutput) BoundProjects() pulumi.StringArrayOutput
- func (o AuthBackendRoleOutput) BoundRegions() pulumi.StringArrayOutput
- func (o AuthBackendRoleOutput) BoundServiceAccounts() pulumi.StringArrayOutput
- func (o AuthBackendRoleOutput) BoundZones() pulumi.StringArrayOutput
- func (AuthBackendRoleOutput) ElementType() reflect.Type
- func (o AuthBackendRoleOutput) MaxJwtExp() pulumi.StringOutput
- func (o AuthBackendRoleOutput) Namespace() pulumi.StringPtrOutput
- func (o AuthBackendRoleOutput) Role() pulumi.StringOutput
- func (o AuthBackendRoleOutput) ToAuthBackendRoleOutput() AuthBackendRoleOutput
- func (o AuthBackendRoleOutput) ToAuthBackendRoleOutputWithContext(ctx context.Context) AuthBackendRoleOutput
- func (o AuthBackendRoleOutput) TokenBoundCidrs() pulumi.StringArrayOutput
- func (o AuthBackendRoleOutput) TokenExplicitMaxTtl() pulumi.IntPtrOutput
- func (o AuthBackendRoleOutput) TokenMaxTtl() pulumi.IntPtrOutput
- func (o AuthBackendRoleOutput) TokenNoDefaultPolicy() pulumi.BoolPtrOutput
- func (o AuthBackendRoleOutput) TokenNumUses() pulumi.IntPtrOutput
- func (o AuthBackendRoleOutput) TokenPeriod() pulumi.IntPtrOutput
- func (o AuthBackendRoleOutput) TokenPolicies() pulumi.StringArrayOutput
- func (o AuthBackendRoleOutput) TokenTtl() pulumi.IntPtrOutput
- func (o AuthBackendRoleOutput) TokenType() pulumi.StringPtrOutput
- func (o AuthBackendRoleOutput) Type() pulumi.StringOutput
- type AuthBackendRoleState
- type AuthBackendState
- type AuthBackendTune
- type AuthBackendTuneArgs
- func (AuthBackendTuneArgs) ElementType() reflect.Type
- func (i AuthBackendTuneArgs) ToAuthBackendTuneOutput() AuthBackendTuneOutput
- func (i AuthBackendTuneArgs) ToAuthBackendTuneOutputWithContext(ctx context.Context) AuthBackendTuneOutput
- func (i AuthBackendTuneArgs) ToAuthBackendTunePtrOutput() AuthBackendTunePtrOutput
- func (i AuthBackendTuneArgs) ToAuthBackendTunePtrOutputWithContext(ctx context.Context) AuthBackendTunePtrOutput
- type AuthBackendTuneInput
- type AuthBackendTuneOutput
- func (o AuthBackendTuneOutput) AllowedResponseHeaders() pulumi.StringArrayOutput
- func (o AuthBackendTuneOutput) AuditNonHmacRequestKeys() pulumi.StringArrayOutput
- func (o AuthBackendTuneOutput) AuditNonHmacResponseKeys() pulumi.StringArrayOutput
- func (o AuthBackendTuneOutput) DefaultLeaseTtl() pulumi.StringPtrOutput
- func (AuthBackendTuneOutput) ElementType() reflect.Type
- func (o AuthBackendTuneOutput) ListingVisibility() pulumi.StringPtrOutput
- func (o AuthBackendTuneOutput) MaxLeaseTtl() pulumi.StringPtrOutput
- func (o AuthBackendTuneOutput) PassthroughRequestHeaders() pulumi.StringArrayOutput
- func (o AuthBackendTuneOutput) ToAuthBackendTuneOutput() AuthBackendTuneOutput
- func (o AuthBackendTuneOutput) ToAuthBackendTuneOutputWithContext(ctx context.Context) AuthBackendTuneOutput
- func (o AuthBackendTuneOutput) ToAuthBackendTunePtrOutput() AuthBackendTunePtrOutput
- func (o AuthBackendTuneOutput) ToAuthBackendTunePtrOutputWithContext(ctx context.Context) AuthBackendTunePtrOutput
- func (o AuthBackendTuneOutput) TokenType() pulumi.StringPtrOutput
- type AuthBackendTunePtrInput
- type AuthBackendTunePtrOutput
- func (o AuthBackendTunePtrOutput) AllowedResponseHeaders() pulumi.StringArrayOutput
- func (o AuthBackendTunePtrOutput) AuditNonHmacRequestKeys() pulumi.StringArrayOutput
- func (o AuthBackendTunePtrOutput) AuditNonHmacResponseKeys() pulumi.StringArrayOutput
- func (o AuthBackendTunePtrOutput) DefaultLeaseTtl() pulumi.StringPtrOutput
- func (o AuthBackendTunePtrOutput) Elem() AuthBackendTuneOutput
- func (AuthBackendTunePtrOutput) ElementType() reflect.Type
- func (o AuthBackendTunePtrOutput) ListingVisibility() pulumi.StringPtrOutput
- func (o AuthBackendTunePtrOutput) MaxLeaseTtl() pulumi.StringPtrOutput
- func (o AuthBackendTunePtrOutput) PassthroughRequestHeaders() pulumi.StringArrayOutput
- func (o AuthBackendTunePtrOutput) ToAuthBackendTunePtrOutput() AuthBackendTunePtrOutput
- func (o AuthBackendTunePtrOutput) ToAuthBackendTunePtrOutputWithContext(ctx context.Context) AuthBackendTunePtrOutput
- func (o AuthBackendTunePtrOutput) TokenType() pulumi.StringPtrOutput
- type LookupAuthBackendRoleArgs
- type LookupAuthBackendRoleOutputArgs
- type LookupAuthBackendRoleResult
- type LookupAuthBackendRoleResultOutput
- func (o LookupAuthBackendRoleResultOutput) Backend() pulumi.StringPtrOutput
- func (o LookupAuthBackendRoleResultOutput) BoundInstanceGroups() pulumi.StringArrayOutput
- func (o LookupAuthBackendRoleResultOutput) BoundLabels() pulumi.StringArrayOutput
- func (o LookupAuthBackendRoleResultOutput) BoundProjects() pulumi.StringArrayOutput
- func (o LookupAuthBackendRoleResultOutput) BoundRegions() pulumi.StringArrayOutput
- func (o LookupAuthBackendRoleResultOutput) BoundServiceAccounts() pulumi.StringArrayOutput
- func (o LookupAuthBackendRoleResultOutput) BoundZones() pulumi.StringArrayOutput
- func (LookupAuthBackendRoleResultOutput) ElementType() reflect.Type
- func (o LookupAuthBackendRoleResultOutput) Id() pulumi.StringOutput
- func (o LookupAuthBackendRoleResultOutput) Namespace() pulumi.StringPtrOutput
- func (o LookupAuthBackendRoleResultOutput) RoleId() pulumi.StringOutput
- func (o LookupAuthBackendRoleResultOutput) RoleName() pulumi.StringOutput
- func (o LookupAuthBackendRoleResultOutput) ToLookupAuthBackendRoleResultOutput() LookupAuthBackendRoleResultOutput
- func (o LookupAuthBackendRoleResultOutput) ToLookupAuthBackendRoleResultOutputWithContext(ctx context.Context) LookupAuthBackendRoleResultOutput
- func (o LookupAuthBackendRoleResultOutput) TokenBoundCidrs() pulumi.StringArrayOutput
- func (o LookupAuthBackendRoleResultOutput) TokenExplicitMaxTtl() pulumi.IntPtrOutput
- func (o LookupAuthBackendRoleResultOutput) TokenMaxTtl() pulumi.IntPtrOutput
- func (o LookupAuthBackendRoleResultOutput) TokenNoDefaultPolicy() pulumi.BoolPtrOutput
- func (o LookupAuthBackendRoleResultOutput) TokenNumUses() pulumi.IntPtrOutput
- func (o LookupAuthBackendRoleResultOutput) TokenPeriod() pulumi.IntPtrOutput
- func (o LookupAuthBackendRoleResultOutput) TokenPolicies() pulumi.StringArrayOutput
- func (o LookupAuthBackendRoleResultOutput) TokenTtl() pulumi.IntPtrOutput
- func (o LookupAuthBackendRoleResultOutput) TokenType() pulumi.StringPtrOutput
- func (o LookupAuthBackendRoleResultOutput) Type() pulumi.StringOutput
- type SecretBackend
- type SecretBackendArgs
- type SecretBackendArray
- type SecretBackendArrayInput
- type SecretBackendArrayOutput
- func (SecretBackendArrayOutput) ElementType() reflect.Type
- func (o SecretBackendArrayOutput) Index(i pulumi.IntInput) SecretBackendOutput
- func (o SecretBackendArrayOutput) ToSecretBackendArrayOutput() SecretBackendArrayOutput
- func (o SecretBackendArrayOutput) ToSecretBackendArrayOutputWithContext(ctx context.Context) SecretBackendArrayOutput
- type SecretBackendInput
- type SecretBackendMap
- type SecretBackendMapInput
- type SecretBackendMapOutput
- func (SecretBackendMapOutput) ElementType() reflect.Type
- func (o SecretBackendMapOutput) MapIndex(k pulumi.StringInput) SecretBackendOutput
- func (o SecretBackendMapOutput) ToSecretBackendMapOutput() SecretBackendMapOutput
- func (o SecretBackendMapOutput) ToSecretBackendMapOutputWithContext(ctx context.Context) SecretBackendMapOutput
- type SecretBackendOutput
- func (o SecretBackendOutput) Credentials() pulumi.StringPtrOutput
- func (o SecretBackendOutput) DefaultLeaseTtlSeconds() pulumi.IntPtrOutput
- func (o SecretBackendOutput) Description() pulumi.StringPtrOutput
- func (o SecretBackendOutput) DisableRemount() pulumi.BoolPtrOutput
- func (SecretBackendOutput) ElementType() reflect.Type
- func (o SecretBackendOutput) Local() pulumi.BoolPtrOutput
- func (o SecretBackendOutput) MaxLeaseTtlSeconds() pulumi.IntPtrOutput
- func (o SecretBackendOutput) Namespace() pulumi.StringPtrOutput
- func (o SecretBackendOutput) Path() pulumi.StringPtrOutput
- func (o SecretBackendOutput) ToSecretBackendOutput() SecretBackendOutput
- func (o SecretBackendOutput) ToSecretBackendOutputWithContext(ctx context.Context) SecretBackendOutput
- type SecretBackendState
- type SecretImpersonatedAccount
- type SecretImpersonatedAccountArgs
- type SecretImpersonatedAccountArray
- func (SecretImpersonatedAccountArray) ElementType() reflect.Type
- func (i SecretImpersonatedAccountArray) ToSecretImpersonatedAccountArrayOutput() SecretImpersonatedAccountArrayOutput
- func (i SecretImpersonatedAccountArray) ToSecretImpersonatedAccountArrayOutputWithContext(ctx context.Context) SecretImpersonatedAccountArrayOutput
- type SecretImpersonatedAccountArrayInput
- type SecretImpersonatedAccountArrayOutput
- func (SecretImpersonatedAccountArrayOutput) ElementType() reflect.Type
- func (o SecretImpersonatedAccountArrayOutput) Index(i pulumi.IntInput) SecretImpersonatedAccountOutput
- func (o SecretImpersonatedAccountArrayOutput) ToSecretImpersonatedAccountArrayOutput() SecretImpersonatedAccountArrayOutput
- func (o SecretImpersonatedAccountArrayOutput) ToSecretImpersonatedAccountArrayOutputWithContext(ctx context.Context) SecretImpersonatedAccountArrayOutput
- type SecretImpersonatedAccountInput
- type SecretImpersonatedAccountMap
- func (SecretImpersonatedAccountMap) ElementType() reflect.Type
- func (i SecretImpersonatedAccountMap) ToSecretImpersonatedAccountMapOutput() SecretImpersonatedAccountMapOutput
- func (i SecretImpersonatedAccountMap) ToSecretImpersonatedAccountMapOutputWithContext(ctx context.Context) SecretImpersonatedAccountMapOutput
- type SecretImpersonatedAccountMapInput
- type SecretImpersonatedAccountMapOutput
- func (SecretImpersonatedAccountMapOutput) ElementType() reflect.Type
- func (o SecretImpersonatedAccountMapOutput) MapIndex(k pulumi.StringInput) SecretImpersonatedAccountOutput
- func (o SecretImpersonatedAccountMapOutput) ToSecretImpersonatedAccountMapOutput() SecretImpersonatedAccountMapOutput
- func (o SecretImpersonatedAccountMapOutput) ToSecretImpersonatedAccountMapOutputWithContext(ctx context.Context) SecretImpersonatedAccountMapOutput
- type SecretImpersonatedAccountOutput
- func (o SecretImpersonatedAccountOutput) Backend() pulumi.StringOutput
- func (SecretImpersonatedAccountOutput) ElementType() reflect.Type
- func (o SecretImpersonatedAccountOutput) ImpersonatedAccount() pulumi.StringOutput
- func (o SecretImpersonatedAccountOutput) Namespace() pulumi.StringPtrOutput
- func (o SecretImpersonatedAccountOutput) ServiceAccountEmail() pulumi.StringOutput
- func (o SecretImpersonatedAccountOutput) ServiceAccountProject() pulumi.StringOutput
- func (o SecretImpersonatedAccountOutput) ToSecretImpersonatedAccountOutput() SecretImpersonatedAccountOutput
- func (o SecretImpersonatedAccountOutput) ToSecretImpersonatedAccountOutputWithContext(ctx context.Context) SecretImpersonatedAccountOutput
- func (o SecretImpersonatedAccountOutput) TokenScopes() pulumi.StringArrayOutput
- type SecretImpersonatedAccountState
- type SecretRoleset
- type SecretRolesetArgs
- type SecretRolesetArray
- type SecretRolesetArrayInput
- type SecretRolesetArrayOutput
- func (SecretRolesetArrayOutput) ElementType() reflect.Type
- func (o SecretRolesetArrayOutput) Index(i pulumi.IntInput) SecretRolesetOutput
- func (o SecretRolesetArrayOutput) ToSecretRolesetArrayOutput() SecretRolesetArrayOutput
- func (o SecretRolesetArrayOutput) ToSecretRolesetArrayOutputWithContext(ctx context.Context) SecretRolesetArrayOutput
- type SecretRolesetBinding
- type SecretRolesetBindingArgs
- type SecretRolesetBindingArray
- type SecretRolesetBindingArrayInput
- type SecretRolesetBindingArrayOutput
- func (SecretRolesetBindingArrayOutput) ElementType() reflect.Type
- func (o SecretRolesetBindingArrayOutput) Index(i pulumi.IntInput) SecretRolesetBindingOutput
- func (o SecretRolesetBindingArrayOutput) ToSecretRolesetBindingArrayOutput() SecretRolesetBindingArrayOutput
- func (o SecretRolesetBindingArrayOutput) ToSecretRolesetBindingArrayOutputWithContext(ctx context.Context) SecretRolesetBindingArrayOutput
- type SecretRolesetBindingInput
- type SecretRolesetBindingOutput
- func (SecretRolesetBindingOutput) ElementType() reflect.Type
- func (o SecretRolesetBindingOutput) Resource() pulumi.StringOutput
- func (o SecretRolesetBindingOutput) Roles() pulumi.StringArrayOutput
- func (o SecretRolesetBindingOutput) ToSecretRolesetBindingOutput() SecretRolesetBindingOutput
- func (o SecretRolesetBindingOutput) ToSecretRolesetBindingOutputWithContext(ctx context.Context) SecretRolesetBindingOutput
- type SecretRolesetInput
- type SecretRolesetMap
- type SecretRolesetMapInput
- type SecretRolesetMapOutput
- func (SecretRolesetMapOutput) ElementType() reflect.Type
- func (o SecretRolesetMapOutput) MapIndex(k pulumi.StringInput) SecretRolesetOutput
- func (o SecretRolesetMapOutput) ToSecretRolesetMapOutput() SecretRolesetMapOutput
- func (o SecretRolesetMapOutput) ToSecretRolesetMapOutputWithContext(ctx context.Context) SecretRolesetMapOutput
- type SecretRolesetOutput
- func (o SecretRolesetOutput) Backend() pulumi.StringOutput
- func (o SecretRolesetOutput) Bindings() SecretRolesetBindingArrayOutput
- func (SecretRolesetOutput) ElementType() reflect.Type
- func (o SecretRolesetOutput) Namespace() pulumi.StringPtrOutput
- func (o SecretRolesetOutput) Project() pulumi.StringOutput
- func (o SecretRolesetOutput) Roleset() pulumi.StringOutput
- func (o SecretRolesetOutput) SecretType() pulumi.StringOutput
- func (o SecretRolesetOutput) ServiceAccountEmail() pulumi.StringOutput
- func (o SecretRolesetOutput) ToSecretRolesetOutput() SecretRolesetOutput
- func (o SecretRolesetOutput) ToSecretRolesetOutputWithContext(ctx context.Context) SecretRolesetOutput
- func (o SecretRolesetOutput) TokenScopes() pulumi.StringArrayOutput
- type SecretRolesetState
- type SecretStaticAccount
- type SecretStaticAccountArgs
- type SecretStaticAccountArray
- type SecretStaticAccountArrayInput
- type SecretStaticAccountArrayOutput
- func (SecretStaticAccountArrayOutput) ElementType() reflect.Type
- func (o SecretStaticAccountArrayOutput) Index(i pulumi.IntInput) SecretStaticAccountOutput
- func (o SecretStaticAccountArrayOutput) ToSecretStaticAccountArrayOutput() SecretStaticAccountArrayOutput
- func (o SecretStaticAccountArrayOutput) ToSecretStaticAccountArrayOutputWithContext(ctx context.Context) SecretStaticAccountArrayOutput
- type SecretStaticAccountBinding
- type SecretStaticAccountBindingArgs
- func (SecretStaticAccountBindingArgs) ElementType() reflect.Type
- func (i SecretStaticAccountBindingArgs) ToSecretStaticAccountBindingOutput() SecretStaticAccountBindingOutput
- func (i SecretStaticAccountBindingArgs) ToSecretStaticAccountBindingOutputWithContext(ctx context.Context) SecretStaticAccountBindingOutput
- type SecretStaticAccountBindingArray
- func (SecretStaticAccountBindingArray) ElementType() reflect.Type
- func (i SecretStaticAccountBindingArray) ToSecretStaticAccountBindingArrayOutput() SecretStaticAccountBindingArrayOutput
- func (i SecretStaticAccountBindingArray) ToSecretStaticAccountBindingArrayOutputWithContext(ctx context.Context) SecretStaticAccountBindingArrayOutput
- type SecretStaticAccountBindingArrayInput
- type SecretStaticAccountBindingArrayOutput
- func (SecretStaticAccountBindingArrayOutput) ElementType() reflect.Type
- func (o SecretStaticAccountBindingArrayOutput) Index(i pulumi.IntInput) SecretStaticAccountBindingOutput
- func (o SecretStaticAccountBindingArrayOutput) ToSecretStaticAccountBindingArrayOutput() SecretStaticAccountBindingArrayOutput
- func (o SecretStaticAccountBindingArrayOutput) ToSecretStaticAccountBindingArrayOutputWithContext(ctx context.Context) SecretStaticAccountBindingArrayOutput
- type SecretStaticAccountBindingInput
- type SecretStaticAccountBindingOutput
- func (SecretStaticAccountBindingOutput) ElementType() reflect.Type
- func (o SecretStaticAccountBindingOutput) Resource() pulumi.StringOutput
- func (o SecretStaticAccountBindingOutput) Roles() pulumi.StringArrayOutput
- func (o SecretStaticAccountBindingOutput) ToSecretStaticAccountBindingOutput() SecretStaticAccountBindingOutput
- func (o SecretStaticAccountBindingOutput) ToSecretStaticAccountBindingOutputWithContext(ctx context.Context) SecretStaticAccountBindingOutput
- type SecretStaticAccountInput
- type SecretStaticAccountMap
- type SecretStaticAccountMapInput
- type SecretStaticAccountMapOutput
- func (SecretStaticAccountMapOutput) ElementType() reflect.Type
- func (o SecretStaticAccountMapOutput) MapIndex(k pulumi.StringInput) SecretStaticAccountOutput
- func (o SecretStaticAccountMapOutput) ToSecretStaticAccountMapOutput() SecretStaticAccountMapOutput
- func (o SecretStaticAccountMapOutput) ToSecretStaticAccountMapOutputWithContext(ctx context.Context) SecretStaticAccountMapOutput
- type SecretStaticAccountOutput
- func (o SecretStaticAccountOutput) Backend() pulumi.StringOutput
- func (o SecretStaticAccountOutput) Bindings() SecretStaticAccountBindingArrayOutput
- func (SecretStaticAccountOutput) ElementType() reflect.Type
- func (o SecretStaticAccountOutput) Namespace() pulumi.StringPtrOutput
- func (o SecretStaticAccountOutput) SecretType() pulumi.StringOutput
- func (o SecretStaticAccountOutput) ServiceAccountEmail() pulumi.StringOutput
- func (o SecretStaticAccountOutput) ServiceAccountProject() pulumi.StringOutput
- func (o SecretStaticAccountOutput) StaticAccount() pulumi.StringOutput
- func (o SecretStaticAccountOutput) ToSecretStaticAccountOutput() SecretStaticAccountOutput
- func (o SecretStaticAccountOutput) ToSecretStaticAccountOutputWithContext(ctx context.Context) SecretStaticAccountOutput
- func (o SecretStaticAccountOutput) TokenScopes() pulumi.StringArrayOutput
- type SecretStaticAccountState
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AuthBackend ¶
type AuthBackend struct { pulumi.CustomResourceState // The mount accessor related to the auth mount. It is useful for integration with [Identity Secrets Engine](https://www.vaultproject.io/docs/secrets/identity/index.html). Accessor pulumi.StringOutput `pulumi:"accessor"` // The clients email associated with the credentials ClientEmail pulumi.StringOutput `pulumi:"clientEmail"` // The Client ID of the credentials ClientId pulumi.StringOutput `pulumi:"clientId"` // A JSON string containing the contents of a GCP credentials file. If this value is empty, Vault will try to use Application Default Credentials from the machine on which the Vault server is running. Credentials pulumi.StringPtrOutput `pulumi:"credentials"` // Specifies overrides to // [service endpoints](https://cloud.google.com/apis/design/glossary#api_service_endpoint) // used when making API requests. This allows specific requests made during authentication // to target alternative service endpoints for use in [Private Google Access](https://cloud.google.com/vpc/docs/configure-private-google-access) // environments. Requires Vault 1.11+. // // Overrides are set at the subdomain level using the following keys: CustomEndpoint AuthBackendCustomEndpointPtrOutput `pulumi:"customEndpoint"` // A description of the auth method. Description pulumi.StringPtrOutput `pulumi:"description"` // If set, opts out of mount migration on path updates. // See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration) DisableRemount pulumi.BoolPtrOutput `pulumi:"disableRemount"` // Specifies if the auth method is local only. Local pulumi.BoolPtrOutput `pulumi:"local"` // The namespace to provision the resource in. // The value should not contain leading or trailing forward slashes. // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). // *Available only for Vault Enterprise*. Namespace pulumi.StringPtrOutput `pulumi:"namespace"` // The path to mount the auth method — this defaults to 'gcp'. Path pulumi.StringPtrOutput `pulumi:"path"` // The ID of the private key from the credentials PrivateKeyId pulumi.StringOutput `pulumi:"privateKeyId"` // The GCP Project ID ProjectId pulumi.StringOutput `pulumi:"projectId"` // Extra configuration block. Structure is documented below. // // The `tune` block is used to tune the auth backend: Tune AuthBackendTuneOutput `pulumi:"tune"` }
Provides a resource to configure the [GCP auth backend within Vault](https://www.vaultproject.io/docs/auth/gcp.html).
## Example Usage
<!--Start PulumiCodeChooser --> ```go package main
import (
"os" "github.com/pulumi/pulumi-vault/sdk/v6/go/vault/gcp" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func readFileOrPanic(path string) pulumi.StringPtrInput { data, err := os.ReadFile(path) if err != nil { panic(err.Error()) } return pulumi.String(string(data)) } func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := gcp.NewAuthBackend(ctx, "gcp", &gcp.AuthBackendArgs{ Credentials: readFileOrPanic("vault-gcp-credentials.json"), CustomEndpoint: &gcp.AuthBackendCustomEndpointArgs{ Api: pulumi.String("www.googleapis.com"), Iam: pulumi.String("iam.googleapis.com"), Crm: pulumi.String("cloudresourcemanager.googleapis.com"), Compute: pulumi.String("compute.googleapis.com"), }, }) if err != nil { return err } return nil }) }
``` <!--End PulumiCodeChooser -->
## Import
GCP authentication backends can be imported using the backend name, e.g.
```sh $ pulumi import vault:gcp/authBackend:AuthBackend gcp gcp ```
func GetAuthBackend ¶
func GetAuthBackend(ctx *pulumi.Context, name string, id pulumi.IDInput, state *AuthBackendState, opts ...pulumi.ResourceOption) (*AuthBackend, error)
GetAuthBackend gets an existing AuthBackend resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewAuthBackend ¶
func NewAuthBackend(ctx *pulumi.Context, name string, args *AuthBackendArgs, opts ...pulumi.ResourceOption) (*AuthBackend, error)
NewAuthBackend registers a new resource with the given unique name, arguments, and options.
func (*AuthBackend) ElementType ¶
func (*AuthBackend) ElementType() reflect.Type
func (*AuthBackend) ToAuthBackendOutput ¶
func (i *AuthBackend) ToAuthBackendOutput() AuthBackendOutput
func (*AuthBackend) ToAuthBackendOutputWithContext ¶
func (i *AuthBackend) ToAuthBackendOutputWithContext(ctx context.Context) AuthBackendOutput
type AuthBackendArgs ¶
type AuthBackendArgs struct { // The clients email associated with the credentials ClientEmail pulumi.StringPtrInput // The Client ID of the credentials ClientId pulumi.StringPtrInput // A JSON string containing the contents of a GCP credentials file. If this value is empty, Vault will try to use Application Default Credentials from the machine on which the Vault server is running. Credentials pulumi.StringPtrInput // Specifies overrides to // [service endpoints](https://cloud.google.com/apis/design/glossary#api_service_endpoint) // used when making API requests. This allows specific requests made during authentication // to target alternative service endpoints for use in [Private Google Access](https://cloud.google.com/vpc/docs/configure-private-google-access) // environments. Requires Vault 1.11+. // // Overrides are set at the subdomain level using the following keys: CustomEndpoint AuthBackendCustomEndpointPtrInput // A description of the auth method. Description pulumi.StringPtrInput // If set, opts out of mount migration on path updates. // See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration) DisableRemount pulumi.BoolPtrInput // Specifies if the auth method is local only. Local pulumi.BoolPtrInput // The namespace to provision the resource in. // The value should not contain leading or trailing forward slashes. // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). // *Available only for Vault Enterprise*. Namespace pulumi.StringPtrInput // The path to mount the auth method — this defaults to 'gcp'. Path pulumi.StringPtrInput // The ID of the private key from the credentials PrivateKeyId pulumi.StringPtrInput // The GCP Project ID ProjectId pulumi.StringPtrInput // Extra configuration block. Structure is documented below. // // The `tune` block is used to tune the auth backend: Tune AuthBackendTunePtrInput }
The set of arguments for constructing a AuthBackend resource.
func (AuthBackendArgs) ElementType ¶
func (AuthBackendArgs) ElementType() reflect.Type
type AuthBackendArray ¶
type AuthBackendArray []AuthBackendInput
func (AuthBackendArray) ElementType ¶
func (AuthBackendArray) ElementType() reflect.Type
func (AuthBackendArray) ToAuthBackendArrayOutput ¶
func (i AuthBackendArray) ToAuthBackendArrayOutput() AuthBackendArrayOutput
func (AuthBackendArray) ToAuthBackendArrayOutputWithContext ¶
func (i AuthBackendArray) ToAuthBackendArrayOutputWithContext(ctx context.Context) AuthBackendArrayOutput
type AuthBackendArrayInput ¶
type AuthBackendArrayInput interface { pulumi.Input ToAuthBackendArrayOutput() AuthBackendArrayOutput ToAuthBackendArrayOutputWithContext(context.Context) AuthBackendArrayOutput }
AuthBackendArrayInput is an input type that accepts AuthBackendArray and AuthBackendArrayOutput values. You can construct a concrete instance of `AuthBackendArrayInput` via:
AuthBackendArray{ AuthBackendArgs{...} }
type AuthBackendArrayOutput ¶
type AuthBackendArrayOutput struct{ *pulumi.OutputState }
func (AuthBackendArrayOutput) ElementType ¶
func (AuthBackendArrayOutput) ElementType() reflect.Type
func (AuthBackendArrayOutput) Index ¶
func (o AuthBackendArrayOutput) Index(i pulumi.IntInput) AuthBackendOutput
func (AuthBackendArrayOutput) ToAuthBackendArrayOutput ¶
func (o AuthBackendArrayOutput) ToAuthBackendArrayOutput() AuthBackendArrayOutput
func (AuthBackendArrayOutput) ToAuthBackendArrayOutputWithContext ¶
func (o AuthBackendArrayOutput) ToAuthBackendArrayOutputWithContext(ctx context.Context) AuthBackendArrayOutput
type AuthBackendCustomEndpoint ¶
type AuthBackendCustomEndpoint struct { // Replaces the service endpoint used in API requests to `https://www.googleapis.com`. Api *string `pulumi:"api"` // Replaces the service endpoint used in API requests to `https://compute.googleapis.com`. // // The endpoint value provided for a given key has the form of `scheme://host:port`. // The `scheme://` and `:port` portions of the endpoint value are optional. Compute *string `pulumi:"compute"` // Replaces the service endpoint used in API requests to `https://cloudresourcemanager.googleapis.com`. Crm *string `pulumi:"crm"` // Replaces the service endpoint used in API requests to `https://iam.googleapis.com`. Iam *string `pulumi:"iam"` }
type AuthBackendCustomEndpointArgs ¶
type AuthBackendCustomEndpointArgs struct { // Replaces the service endpoint used in API requests to `https://www.googleapis.com`. Api pulumi.StringPtrInput `pulumi:"api"` // Replaces the service endpoint used in API requests to `https://compute.googleapis.com`. // // The endpoint value provided for a given key has the form of `scheme://host:port`. // The `scheme://` and `:port` portions of the endpoint value are optional. Compute pulumi.StringPtrInput `pulumi:"compute"` // Replaces the service endpoint used in API requests to `https://cloudresourcemanager.googleapis.com`. Crm pulumi.StringPtrInput `pulumi:"crm"` // Replaces the service endpoint used in API requests to `https://iam.googleapis.com`. Iam pulumi.StringPtrInput `pulumi:"iam"` }
func (AuthBackendCustomEndpointArgs) ElementType ¶
func (AuthBackendCustomEndpointArgs) ElementType() reflect.Type
func (AuthBackendCustomEndpointArgs) ToAuthBackendCustomEndpointOutput ¶
func (i AuthBackendCustomEndpointArgs) ToAuthBackendCustomEndpointOutput() AuthBackendCustomEndpointOutput
func (AuthBackendCustomEndpointArgs) ToAuthBackendCustomEndpointOutputWithContext ¶
func (i AuthBackendCustomEndpointArgs) ToAuthBackendCustomEndpointOutputWithContext(ctx context.Context) AuthBackendCustomEndpointOutput
func (AuthBackendCustomEndpointArgs) ToAuthBackendCustomEndpointPtrOutput ¶
func (i AuthBackendCustomEndpointArgs) ToAuthBackendCustomEndpointPtrOutput() AuthBackendCustomEndpointPtrOutput
func (AuthBackendCustomEndpointArgs) ToAuthBackendCustomEndpointPtrOutputWithContext ¶
func (i AuthBackendCustomEndpointArgs) ToAuthBackendCustomEndpointPtrOutputWithContext(ctx context.Context) AuthBackendCustomEndpointPtrOutput
type AuthBackendCustomEndpointInput ¶
type AuthBackendCustomEndpointInput interface { pulumi.Input ToAuthBackendCustomEndpointOutput() AuthBackendCustomEndpointOutput ToAuthBackendCustomEndpointOutputWithContext(context.Context) AuthBackendCustomEndpointOutput }
AuthBackendCustomEndpointInput is an input type that accepts AuthBackendCustomEndpointArgs and AuthBackendCustomEndpointOutput values. You can construct a concrete instance of `AuthBackendCustomEndpointInput` via:
AuthBackendCustomEndpointArgs{...}
type AuthBackendCustomEndpointOutput ¶
type AuthBackendCustomEndpointOutput struct{ *pulumi.OutputState }
func (AuthBackendCustomEndpointOutput) Api ¶
func (o AuthBackendCustomEndpointOutput) Api() pulumi.StringPtrOutput
Replaces the service endpoint used in API requests to `https://www.googleapis.com`.
func (AuthBackendCustomEndpointOutput) Compute ¶
func (o AuthBackendCustomEndpointOutput) Compute() pulumi.StringPtrOutput
Replaces the service endpoint used in API requests to `https://compute.googleapis.com`.
The endpoint value provided for a given key has the form of `scheme://host:port`. The `scheme://` and `:port` portions of the endpoint value are optional.
func (AuthBackendCustomEndpointOutput) Crm ¶
func (o AuthBackendCustomEndpointOutput) Crm() pulumi.StringPtrOutput
Replaces the service endpoint used in API requests to `https://cloudresourcemanager.googleapis.com`.
func (AuthBackendCustomEndpointOutput) ElementType ¶
func (AuthBackendCustomEndpointOutput) ElementType() reflect.Type
func (AuthBackendCustomEndpointOutput) Iam ¶
func (o AuthBackendCustomEndpointOutput) Iam() pulumi.StringPtrOutput
Replaces the service endpoint used in API requests to `https://iam.googleapis.com`.
func (AuthBackendCustomEndpointOutput) ToAuthBackendCustomEndpointOutput ¶
func (o AuthBackendCustomEndpointOutput) ToAuthBackendCustomEndpointOutput() AuthBackendCustomEndpointOutput
func (AuthBackendCustomEndpointOutput) ToAuthBackendCustomEndpointOutputWithContext ¶
func (o AuthBackendCustomEndpointOutput) ToAuthBackendCustomEndpointOutputWithContext(ctx context.Context) AuthBackendCustomEndpointOutput
func (AuthBackendCustomEndpointOutput) ToAuthBackendCustomEndpointPtrOutput ¶
func (o AuthBackendCustomEndpointOutput) ToAuthBackendCustomEndpointPtrOutput() AuthBackendCustomEndpointPtrOutput
func (AuthBackendCustomEndpointOutput) ToAuthBackendCustomEndpointPtrOutputWithContext ¶
func (o AuthBackendCustomEndpointOutput) ToAuthBackendCustomEndpointPtrOutputWithContext(ctx context.Context) AuthBackendCustomEndpointPtrOutput
type AuthBackendCustomEndpointPtrInput ¶
type AuthBackendCustomEndpointPtrInput interface { pulumi.Input ToAuthBackendCustomEndpointPtrOutput() AuthBackendCustomEndpointPtrOutput ToAuthBackendCustomEndpointPtrOutputWithContext(context.Context) AuthBackendCustomEndpointPtrOutput }
AuthBackendCustomEndpointPtrInput is an input type that accepts AuthBackendCustomEndpointArgs, AuthBackendCustomEndpointPtr and AuthBackendCustomEndpointPtrOutput values. You can construct a concrete instance of `AuthBackendCustomEndpointPtrInput` via:
AuthBackendCustomEndpointArgs{...} or: nil
func AuthBackendCustomEndpointPtr ¶
func AuthBackendCustomEndpointPtr(v *AuthBackendCustomEndpointArgs) AuthBackendCustomEndpointPtrInput
type AuthBackendCustomEndpointPtrOutput ¶
type AuthBackendCustomEndpointPtrOutput struct{ *pulumi.OutputState }
func (AuthBackendCustomEndpointPtrOutput) Api ¶
func (o AuthBackendCustomEndpointPtrOutput) Api() pulumi.StringPtrOutput
Replaces the service endpoint used in API requests to `https://www.googleapis.com`.
func (AuthBackendCustomEndpointPtrOutput) Compute ¶
func (o AuthBackendCustomEndpointPtrOutput) Compute() pulumi.StringPtrOutput
Replaces the service endpoint used in API requests to `https://compute.googleapis.com`.
The endpoint value provided for a given key has the form of `scheme://host:port`. The `scheme://` and `:port` portions of the endpoint value are optional.
func (AuthBackendCustomEndpointPtrOutput) Crm ¶
func (o AuthBackendCustomEndpointPtrOutput) Crm() pulumi.StringPtrOutput
Replaces the service endpoint used in API requests to `https://cloudresourcemanager.googleapis.com`.
func (AuthBackendCustomEndpointPtrOutput) Elem ¶
func (o AuthBackendCustomEndpointPtrOutput) Elem() AuthBackendCustomEndpointOutput
func (AuthBackendCustomEndpointPtrOutput) ElementType ¶
func (AuthBackendCustomEndpointPtrOutput) ElementType() reflect.Type
func (AuthBackendCustomEndpointPtrOutput) Iam ¶
func (o AuthBackendCustomEndpointPtrOutput) Iam() pulumi.StringPtrOutput
Replaces the service endpoint used in API requests to `https://iam.googleapis.com`.
func (AuthBackendCustomEndpointPtrOutput) ToAuthBackendCustomEndpointPtrOutput ¶
func (o AuthBackendCustomEndpointPtrOutput) ToAuthBackendCustomEndpointPtrOutput() AuthBackendCustomEndpointPtrOutput
func (AuthBackendCustomEndpointPtrOutput) ToAuthBackendCustomEndpointPtrOutputWithContext ¶
func (o AuthBackendCustomEndpointPtrOutput) ToAuthBackendCustomEndpointPtrOutputWithContext(ctx context.Context) AuthBackendCustomEndpointPtrOutput
type AuthBackendInput ¶
type AuthBackendInput interface { pulumi.Input ToAuthBackendOutput() AuthBackendOutput ToAuthBackendOutputWithContext(ctx context.Context) AuthBackendOutput }
type AuthBackendMap ¶
type AuthBackendMap map[string]AuthBackendInput
func (AuthBackendMap) ElementType ¶
func (AuthBackendMap) ElementType() reflect.Type
func (AuthBackendMap) ToAuthBackendMapOutput ¶
func (i AuthBackendMap) ToAuthBackendMapOutput() AuthBackendMapOutput
func (AuthBackendMap) ToAuthBackendMapOutputWithContext ¶
func (i AuthBackendMap) ToAuthBackendMapOutputWithContext(ctx context.Context) AuthBackendMapOutput
type AuthBackendMapInput ¶
type AuthBackendMapInput interface { pulumi.Input ToAuthBackendMapOutput() AuthBackendMapOutput ToAuthBackendMapOutputWithContext(context.Context) AuthBackendMapOutput }
AuthBackendMapInput is an input type that accepts AuthBackendMap and AuthBackendMapOutput values. You can construct a concrete instance of `AuthBackendMapInput` via:
AuthBackendMap{ "key": AuthBackendArgs{...} }
type AuthBackendMapOutput ¶
type AuthBackendMapOutput struct{ *pulumi.OutputState }
func (AuthBackendMapOutput) ElementType ¶
func (AuthBackendMapOutput) ElementType() reflect.Type
func (AuthBackendMapOutput) MapIndex ¶
func (o AuthBackendMapOutput) MapIndex(k pulumi.StringInput) AuthBackendOutput
func (AuthBackendMapOutput) ToAuthBackendMapOutput ¶
func (o AuthBackendMapOutput) ToAuthBackendMapOutput() AuthBackendMapOutput
func (AuthBackendMapOutput) ToAuthBackendMapOutputWithContext ¶
func (o AuthBackendMapOutput) ToAuthBackendMapOutputWithContext(ctx context.Context) AuthBackendMapOutput
type AuthBackendOutput ¶
type AuthBackendOutput struct{ *pulumi.OutputState }
func (AuthBackendOutput) Accessor ¶
func (o AuthBackendOutput) Accessor() pulumi.StringOutput
The mount accessor related to the auth mount. It is useful for integration with [Identity Secrets Engine](https://www.vaultproject.io/docs/secrets/identity/index.html).
func (AuthBackendOutput) ClientEmail ¶
func (o AuthBackendOutput) ClientEmail() pulumi.StringOutput
The clients email associated with the credentials
func (AuthBackendOutput) ClientId ¶
func (o AuthBackendOutput) ClientId() pulumi.StringOutput
The Client ID of the credentials
func (AuthBackendOutput) Credentials ¶
func (o AuthBackendOutput) Credentials() pulumi.StringPtrOutput
A JSON string containing the contents of a GCP credentials file. If this value is empty, Vault will try to use Application Default Credentials from the machine on which the Vault server is running.
func (AuthBackendOutput) CustomEndpoint ¶
func (o AuthBackendOutput) CustomEndpoint() AuthBackendCustomEndpointPtrOutput
Specifies overrides to [service endpoints](https://cloud.google.com/apis/design/glossary#api_service_endpoint) used when making API requests. This allows specific requests made during authentication to target alternative service endpoints for use in [Private Google Access](https://cloud.google.com/vpc/docs/configure-private-google-access) environments. Requires Vault 1.11+.
Overrides are set at the subdomain level using the following keys:
func (AuthBackendOutput) Description ¶
func (o AuthBackendOutput) Description() pulumi.StringPtrOutput
A description of the auth method.
func (AuthBackendOutput) DisableRemount ¶
func (o AuthBackendOutput) DisableRemount() pulumi.BoolPtrOutput
If set, opts out of mount migration on path updates. See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
func (AuthBackendOutput) ElementType ¶
func (AuthBackendOutput) ElementType() reflect.Type
func (AuthBackendOutput) Local ¶
func (o AuthBackendOutput) Local() pulumi.BoolPtrOutput
Specifies if the auth method is local only.
func (AuthBackendOutput) Namespace ¶
func (o AuthBackendOutput) Namespace() pulumi.StringPtrOutput
The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). *Available only for Vault Enterprise*.
func (AuthBackendOutput) Path ¶
func (o AuthBackendOutput) Path() pulumi.StringPtrOutput
The path to mount the auth method — this defaults to 'gcp'.
func (AuthBackendOutput) PrivateKeyId ¶
func (o AuthBackendOutput) PrivateKeyId() pulumi.StringOutput
The ID of the private key from the credentials
func (AuthBackendOutput) ProjectId ¶
func (o AuthBackendOutput) ProjectId() pulumi.StringOutput
The GCP Project ID
func (AuthBackendOutput) ToAuthBackendOutput ¶
func (o AuthBackendOutput) ToAuthBackendOutput() AuthBackendOutput
func (AuthBackendOutput) ToAuthBackendOutputWithContext ¶
func (o AuthBackendOutput) ToAuthBackendOutputWithContext(ctx context.Context) AuthBackendOutput
func (AuthBackendOutput) Tune ¶
func (o AuthBackendOutput) Tune() AuthBackendTuneOutput
Extra configuration block. Structure is documented below.
The `tune` block is used to tune the auth backend:
type AuthBackendRole ¶
type AuthBackendRole struct { pulumi.CustomResourceState AddGroupAliases pulumi.BoolOutput `pulumi:"addGroupAliases"` // A flag to determine if this role should allow GCE instances to authenticate by inferring service accounts from the GCE identity metadata token. AllowGceInference pulumi.BoolOutput `pulumi:"allowGceInference"` // Path to the mounted GCP auth backend Backend pulumi.StringPtrOutput `pulumi:"backend"` // The instance groups that an authorized instance must belong to in order to be authenticated. If specified, either `boundZones` or `boundRegions` must be set too. BoundInstanceGroups pulumi.StringArrayOutput `pulumi:"boundInstanceGroups"` // A comma-separated list of GCP labels formatted as `"key:value"` strings that must be set on authorized GCE instances. Because GCP labels are not currently ACL'd, we recommend that this be used in conjunction with other restrictions. BoundLabels pulumi.StringArrayOutput `pulumi:"boundLabels"` // An array of GCP project IDs. Only entities belonging to this project can authenticate under the role. BoundProjects pulumi.StringArrayOutput `pulumi:"boundProjects"` // The list of regions that a GCE instance must belong to in order to be authenticated. If boundInstanceGroups is provided, it is assumed to be a regional group and the group must belong to this region. If boundZones are provided, this attribute is ignored. BoundRegions pulumi.StringArrayOutput `pulumi:"boundRegions"` // GCP Service Accounts allowed to issue tokens under this role. (Note: **Required** if role is `iam`) BoundServiceAccounts pulumi.StringArrayOutput `pulumi:"boundServiceAccounts"` // The list of zones that a GCE instance must belong to in order to be authenticated. If boundInstanceGroups is provided, it is assumed to be a zonal group and the group must belong to this zone. BoundZones pulumi.StringArrayOutput `pulumi:"boundZones"` // The number of seconds past the time of authentication that the login param JWT must expire within. For example, if a user attempts to login with a token that expires within an hour and this is set to 15 minutes, Vault will return an error prompting the user to create a new signed JWT with a shorter `exp`. The GCE metadata tokens currently do not allow the `exp` claim to be customized. MaxJwtExp pulumi.StringOutput `pulumi:"maxJwtExp"` // The namespace to provision the resource in. // The value should not contain leading or trailing forward slashes. // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). // *Available only for Vault Enterprise*. Namespace pulumi.StringPtrOutput `pulumi:"namespace"` // Name of the GCP role Role pulumi.StringOutput `pulumi:"role"` // List of CIDR blocks; if set, specifies blocks of IP // addresses which can authenticate successfully, and ties the resulting token to these blocks // as well. TokenBoundCidrs pulumi.StringArrayOutput `pulumi:"tokenBoundCidrs"` // If set, will encode an // [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls) // onto the token in number of seconds. This is a hard cap even if `tokenTtl` and // `tokenMaxTtl` would otherwise allow a renewal. TokenExplicitMaxTtl pulumi.IntPtrOutput `pulumi:"tokenExplicitMaxTtl"` // The maximum lifetime for generated tokens in number of seconds. // Its current value will be referenced at renewal time. TokenMaxTtl pulumi.IntPtrOutput `pulumi:"tokenMaxTtl"` // If set, the default policy will not be set on // generated tokens; otherwise it will be added to the policies set in token_policies. TokenNoDefaultPolicy pulumi.BoolPtrOutput `pulumi:"tokenNoDefaultPolicy"` // The [maximum number](https://www.vaultproject.io/api-docs/gcp#token_num_uses) // of times a generated token may be used (within its lifetime); 0 means unlimited. TokenNumUses pulumi.IntPtrOutput `pulumi:"tokenNumUses"` // If set, indicates that the // token generated using this role should never expire. The token should be renewed within the // duration specified by this value. At each renewal, the token's TTL will be set to the // value of this field. Specified in seconds. TokenPeriod pulumi.IntPtrOutput `pulumi:"tokenPeriod"` // List of policies to encode onto generated tokens. Depending // on the auth method, this list may be supplemented by user/group/other values. TokenPolicies pulumi.StringArrayOutput `pulumi:"tokenPolicies"` // The incremental lifetime for generated tokens in number of seconds. // Its current value will be referenced at renewal time. TokenTtl pulumi.IntPtrOutput `pulumi:"tokenTtl"` // The type of token that should be generated. Can be `service`, // `batch`, or `default` to use the mount's tuned default (which unless changed will be // `service` tokens). For token store roles, there are two additional possibilities: // `default-service` and `default-batch` which specify the type to return unless the client // requests a different type at generation time. TokenType pulumi.StringPtrOutput `pulumi:"tokenType"` // Type of GCP authentication role (either `gce` or `iam`) Type pulumi.StringOutput `pulumi:"type"` }
Provides a resource to create a role in an [GCP auth backend within Vault](https://www.vaultproject.io/docs/auth/gcp.html).
## Example Usage
<!--Start PulumiCodeChooser --> ```go package main
import (
"github.com/pulumi/pulumi-vault/sdk/v6/go/vault" "github.com/pulumi/pulumi-vault/sdk/v6/go/vault/gcp" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { gcp, err := vault.NewAuthBackend(ctx, "gcp", &vault.AuthBackendArgs{ Path: pulumi.String("gcp"), Type: pulumi.String("gcp"), }) if err != nil { return err } _, err = gcp.NewAuthBackendRole(ctx, "test", &gcp.AuthBackendRoleArgs{ Backend: gcp.Path, Role: pulumi.String("test"), Type: pulumi.String("iam"), BoundServiceAccounts: pulumi.StringArray{ pulumi.String("test"), }, BoundProjects: pulumi.StringArray{ pulumi.String("test"), }, TokenTtl: pulumi.Int(300), TokenMaxTtl: pulumi.Int(600), TokenPolicies: pulumi.StringArray{ pulumi.String("policy_a"), pulumi.String("policy_b"), }, AddGroupAliases: pulumi.Bool(true), }) if err != nil { return err } return nil }) }
``` <!--End PulumiCodeChooser -->
## Import
GCP authentication roles can be imported using the `path`, e.g.
```sh $ pulumi import vault:gcp/authBackendRole:AuthBackendRole my_role auth/gcp/role/my_role ```
func GetAuthBackendRole ¶
func GetAuthBackendRole(ctx *pulumi.Context, name string, id pulumi.IDInput, state *AuthBackendRoleState, opts ...pulumi.ResourceOption) (*AuthBackendRole, error)
GetAuthBackendRole gets an existing AuthBackendRole resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewAuthBackendRole ¶
func NewAuthBackendRole(ctx *pulumi.Context, name string, args *AuthBackendRoleArgs, opts ...pulumi.ResourceOption) (*AuthBackendRole, error)
NewAuthBackendRole registers a new resource with the given unique name, arguments, and options.
func (*AuthBackendRole) ElementType ¶
func (*AuthBackendRole) ElementType() reflect.Type
func (*AuthBackendRole) ToAuthBackendRoleOutput ¶
func (i *AuthBackendRole) ToAuthBackendRoleOutput() AuthBackendRoleOutput
func (*AuthBackendRole) ToAuthBackendRoleOutputWithContext ¶
func (i *AuthBackendRole) ToAuthBackendRoleOutputWithContext(ctx context.Context) AuthBackendRoleOutput
type AuthBackendRoleArgs ¶
type AuthBackendRoleArgs struct { AddGroupAliases pulumi.BoolPtrInput // A flag to determine if this role should allow GCE instances to authenticate by inferring service accounts from the GCE identity metadata token. AllowGceInference pulumi.BoolPtrInput // Path to the mounted GCP auth backend Backend pulumi.StringPtrInput // The instance groups that an authorized instance must belong to in order to be authenticated. If specified, either `boundZones` or `boundRegions` must be set too. BoundInstanceGroups pulumi.StringArrayInput // A comma-separated list of GCP labels formatted as `"key:value"` strings that must be set on authorized GCE instances. Because GCP labels are not currently ACL'd, we recommend that this be used in conjunction with other restrictions. BoundLabels pulumi.StringArrayInput // An array of GCP project IDs. Only entities belonging to this project can authenticate under the role. BoundProjects pulumi.StringArrayInput // The list of regions that a GCE instance must belong to in order to be authenticated. If boundInstanceGroups is provided, it is assumed to be a regional group and the group must belong to this region. If boundZones are provided, this attribute is ignored. BoundRegions pulumi.StringArrayInput // GCP Service Accounts allowed to issue tokens under this role. (Note: **Required** if role is `iam`) BoundServiceAccounts pulumi.StringArrayInput // The list of zones that a GCE instance must belong to in order to be authenticated. If boundInstanceGroups is provided, it is assumed to be a zonal group and the group must belong to this zone. BoundZones pulumi.StringArrayInput // The number of seconds past the time of authentication that the login param JWT must expire within. For example, if a user attempts to login with a token that expires within an hour and this is set to 15 minutes, Vault will return an error prompting the user to create a new signed JWT with a shorter `exp`. The GCE metadata tokens currently do not allow the `exp` claim to be customized. MaxJwtExp pulumi.StringPtrInput // The namespace to provision the resource in. // The value should not contain leading or trailing forward slashes. // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). // *Available only for Vault Enterprise*. Namespace pulumi.StringPtrInput // Name of the GCP role Role pulumi.StringInput // List of CIDR blocks; if set, specifies blocks of IP // addresses which can authenticate successfully, and ties the resulting token to these blocks // as well. TokenBoundCidrs pulumi.StringArrayInput // If set, will encode an // [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls) // onto the token in number of seconds. This is a hard cap even if `tokenTtl` and // `tokenMaxTtl` would otherwise allow a renewal. TokenExplicitMaxTtl pulumi.IntPtrInput // The maximum lifetime for generated tokens in number of seconds. // Its current value will be referenced at renewal time. TokenMaxTtl pulumi.IntPtrInput // If set, the default policy will not be set on // generated tokens; otherwise it will be added to the policies set in token_policies. TokenNoDefaultPolicy pulumi.BoolPtrInput // The [maximum number](https://www.vaultproject.io/api-docs/gcp#token_num_uses) // of times a generated token may be used (within its lifetime); 0 means unlimited. TokenNumUses pulumi.IntPtrInput // If set, indicates that the // token generated using this role should never expire. The token should be renewed within the // duration specified by this value. At each renewal, the token's TTL will be set to the // value of this field. Specified in seconds. TokenPeriod pulumi.IntPtrInput // List of policies to encode onto generated tokens. Depending // on the auth method, this list may be supplemented by user/group/other values. TokenPolicies pulumi.StringArrayInput // The incremental lifetime for generated tokens in number of seconds. // Its current value will be referenced at renewal time. TokenTtl pulumi.IntPtrInput // The type of token that should be generated. Can be `service`, // `batch`, or `default` to use the mount's tuned default (which unless changed will be // `service` tokens). For token store roles, there are two additional possibilities: // `default-service` and `default-batch` which specify the type to return unless the client // requests a different type at generation time. TokenType pulumi.StringPtrInput // Type of GCP authentication role (either `gce` or `iam`) Type pulumi.StringInput }
The set of arguments for constructing a AuthBackendRole resource.
func (AuthBackendRoleArgs) ElementType ¶
func (AuthBackendRoleArgs) ElementType() reflect.Type
type AuthBackendRoleArray ¶
type AuthBackendRoleArray []AuthBackendRoleInput
func (AuthBackendRoleArray) ElementType ¶
func (AuthBackendRoleArray) ElementType() reflect.Type
func (AuthBackendRoleArray) ToAuthBackendRoleArrayOutput ¶
func (i AuthBackendRoleArray) ToAuthBackendRoleArrayOutput() AuthBackendRoleArrayOutput
func (AuthBackendRoleArray) ToAuthBackendRoleArrayOutputWithContext ¶
func (i AuthBackendRoleArray) ToAuthBackendRoleArrayOutputWithContext(ctx context.Context) AuthBackendRoleArrayOutput
type AuthBackendRoleArrayInput ¶
type AuthBackendRoleArrayInput interface { pulumi.Input ToAuthBackendRoleArrayOutput() AuthBackendRoleArrayOutput ToAuthBackendRoleArrayOutputWithContext(context.Context) AuthBackendRoleArrayOutput }
AuthBackendRoleArrayInput is an input type that accepts AuthBackendRoleArray and AuthBackendRoleArrayOutput values. You can construct a concrete instance of `AuthBackendRoleArrayInput` via:
AuthBackendRoleArray{ AuthBackendRoleArgs{...} }
type AuthBackendRoleArrayOutput ¶
type AuthBackendRoleArrayOutput struct{ *pulumi.OutputState }
func (AuthBackendRoleArrayOutput) ElementType ¶
func (AuthBackendRoleArrayOutput) ElementType() reflect.Type
func (AuthBackendRoleArrayOutput) Index ¶
func (o AuthBackendRoleArrayOutput) Index(i pulumi.IntInput) AuthBackendRoleOutput
func (AuthBackendRoleArrayOutput) ToAuthBackendRoleArrayOutput ¶
func (o AuthBackendRoleArrayOutput) ToAuthBackendRoleArrayOutput() AuthBackendRoleArrayOutput
func (AuthBackendRoleArrayOutput) ToAuthBackendRoleArrayOutputWithContext ¶
func (o AuthBackendRoleArrayOutput) ToAuthBackendRoleArrayOutputWithContext(ctx context.Context) AuthBackendRoleArrayOutput
type AuthBackendRoleInput ¶
type AuthBackendRoleInput interface { pulumi.Input ToAuthBackendRoleOutput() AuthBackendRoleOutput ToAuthBackendRoleOutputWithContext(ctx context.Context) AuthBackendRoleOutput }
type AuthBackendRoleMap ¶
type AuthBackendRoleMap map[string]AuthBackendRoleInput
func (AuthBackendRoleMap) ElementType ¶
func (AuthBackendRoleMap) ElementType() reflect.Type
func (AuthBackendRoleMap) ToAuthBackendRoleMapOutput ¶
func (i AuthBackendRoleMap) ToAuthBackendRoleMapOutput() AuthBackendRoleMapOutput
func (AuthBackendRoleMap) ToAuthBackendRoleMapOutputWithContext ¶
func (i AuthBackendRoleMap) ToAuthBackendRoleMapOutputWithContext(ctx context.Context) AuthBackendRoleMapOutput
type AuthBackendRoleMapInput ¶
type AuthBackendRoleMapInput interface { pulumi.Input ToAuthBackendRoleMapOutput() AuthBackendRoleMapOutput ToAuthBackendRoleMapOutputWithContext(context.Context) AuthBackendRoleMapOutput }
AuthBackendRoleMapInput is an input type that accepts AuthBackendRoleMap and AuthBackendRoleMapOutput values. You can construct a concrete instance of `AuthBackendRoleMapInput` via:
AuthBackendRoleMap{ "key": AuthBackendRoleArgs{...} }
type AuthBackendRoleMapOutput ¶
type AuthBackendRoleMapOutput struct{ *pulumi.OutputState }
func (AuthBackendRoleMapOutput) ElementType ¶
func (AuthBackendRoleMapOutput) ElementType() reflect.Type
func (AuthBackendRoleMapOutput) MapIndex ¶
func (o AuthBackendRoleMapOutput) MapIndex(k pulumi.StringInput) AuthBackendRoleOutput
func (AuthBackendRoleMapOutput) ToAuthBackendRoleMapOutput ¶
func (o AuthBackendRoleMapOutput) ToAuthBackendRoleMapOutput() AuthBackendRoleMapOutput
func (AuthBackendRoleMapOutput) ToAuthBackendRoleMapOutputWithContext ¶
func (o AuthBackendRoleMapOutput) ToAuthBackendRoleMapOutputWithContext(ctx context.Context) AuthBackendRoleMapOutput
type AuthBackendRoleOutput ¶
type AuthBackendRoleOutput struct{ *pulumi.OutputState }
func (AuthBackendRoleOutput) AddGroupAliases ¶
func (o AuthBackendRoleOutput) AddGroupAliases() pulumi.BoolOutput
func (AuthBackendRoleOutput) AllowGceInference ¶
func (o AuthBackendRoleOutput) AllowGceInference() pulumi.BoolOutput
A flag to determine if this role should allow GCE instances to authenticate by inferring service accounts from the GCE identity metadata token.
func (AuthBackendRoleOutput) Backend ¶
func (o AuthBackendRoleOutput) Backend() pulumi.StringPtrOutput
Path to the mounted GCP auth backend
func (AuthBackendRoleOutput) BoundInstanceGroups ¶
func (o AuthBackendRoleOutput) BoundInstanceGroups() pulumi.StringArrayOutput
The instance groups that an authorized instance must belong to in order to be authenticated. If specified, either `boundZones` or `boundRegions` must be set too.
func (AuthBackendRoleOutput) BoundLabels ¶
func (o AuthBackendRoleOutput) BoundLabels() pulumi.StringArrayOutput
A comma-separated list of GCP labels formatted as `"key:value"` strings that must be set on authorized GCE instances. Because GCP labels are not currently ACL'd, we recommend that this be used in conjunction with other restrictions.
func (AuthBackendRoleOutput) BoundProjects ¶
func (o AuthBackendRoleOutput) BoundProjects() pulumi.StringArrayOutput
An array of GCP project IDs. Only entities belonging to this project can authenticate under the role.
func (AuthBackendRoleOutput) BoundRegions ¶
func (o AuthBackendRoleOutput) BoundRegions() pulumi.StringArrayOutput
The list of regions that a GCE instance must belong to in order to be authenticated. If boundInstanceGroups is provided, it is assumed to be a regional group and the group must belong to this region. If boundZones are provided, this attribute is ignored.
func (AuthBackendRoleOutput) BoundServiceAccounts ¶
func (o AuthBackendRoleOutput) BoundServiceAccounts() pulumi.StringArrayOutput
GCP Service Accounts allowed to issue tokens under this role. (Note: **Required** if role is `iam`)
func (AuthBackendRoleOutput) BoundZones ¶
func (o AuthBackendRoleOutput) BoundZones() pulumi.StringArrayOutput
The list of zones that a GCE instance must belong to in order to be authenticated. If boundInstanceGroups is provided, it is assumed to be a zonal group and the group must belong to this zone.
func (AuthBackendRoleOutput) ElementType ¶
func (AuthBackendRoleOutput) ElementType() reflect.Type
func (AuthBackendRoleOutput) MaxJwtExp ¶
func (o AuthBackendRoleOutput) MaxJwtExp() pulumi.StringOutput
The number of seconds past the time of authentication that the login param JWT must expire within. For example, if a user attempts to login with a token that expires within an hour and this is set to 15 minutes, Vault will return an error prompting the user to create a new signed JWT with a shorter `exp`. The GCE metadata tokens currently do not allow the `exp` claim to be customized.
func (AuthBackendRoleOutput) Namespace ¶
func (o AuthBackendRoleOutput) Namespace() pulumi.StringPtrOutput
The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). *Available only for Vault Enterprise*.
func (AuthBackendRoleOutput) Role ¶
func (o AuthBackendRoleOutput) Role() pulumi.StringOutput
Name of the GCP role
func (AuthBackendRoleOutput) ToAuthBackendRoleOutput ¶
func (o AuthBackendRoleOutput) ToAuthBackendRoleOutput() AuthBackendRoleOutput
func (AuthBackendRoleOutput) ToAuthBackendRoleOutputWithContext ¶
func (o AuthBackendRoleOutput) ToAuthBackendRoleOutputWithContext(ctx context.Context) AuthBackendRoleOutput
func (AuthBackendRoleOutput) TokenBoundCidrs ¶
func (o AuthBackendRoleOutput) TokenBoundCidrs() pulumi.StringArrayOutput
List of CIDR blocks; if set, specifies blocks of IP addresses which can authenticate successfully, and ties the resulting token to these blocks as well.
func (AuthBackendRoleOutput) TokenExplicitMaxTtl ¶
func (o AuthBackendRoleOutput) TokenExplicitMaxTtl() pulumi.IntPtrOutput
If set, will encode an [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls) onto the token in number of seconds. This is a hard cap even if `tokenTtl` and `tokenMaxTtl` would otherwise allow a renewal.
func (AuthBackendRoleOutput) TokenMaxTtl ¶
func (o AuthBackendRoleOutput) TokenMaxTtl() pulumi.IntPtrOutput
The maximum lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.
func (AuthBackendRoleOutput) TokenNoDefaultPolicy ¶
func (o AuthBackendRoleOutput) TokenNoDefaultPolicy() pulumi.BoolPtrOutput
If set, the default policy will not be set on generated tokens; otherwise it will be added to the policies set in token_policies.
func (AuthBackendRoleOutput) TokenNumUses ¶
func (o AuthBackendRoleOutput) TokenNumUses() pulumi.IntPtrOutput
The [maximum number](https://www.vaultproject.io/api-docs/gcp#token_num_uses) of times a generated token may be used (within its lifetime); 0 means unlimited.
func (AuthBackendRoleOutput) TokenPeriod ¶
func (o AuthBackendRoleOutput) TokenPeriod() pulumi.IntPtrOutput
If set, indicates that the token generated using this role should never expire. The token should be renewed within the duration specified by this value. At each renewal, the token's TTL will be set to the value of this field. Specified in seconds.
func (AuthBackendRoleOutput) TokenPolicies ¶
func (o AuthBackendRoleOutput) TokenPolicies() pulumi.StringArrayOutput
List of policies to encode onto generated tokens. Depending on the auth method, this list may be supplemented by user/group/other values.
func (AuthBackendRoleOutput) TokenTtl ¶
func (o AuthBackendRoleOutput) TokenTtl() pulumi.IntPtrOutput
The incremental lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.
func (AuthBackendRoleOutput) TokenType ¶
func (o AuthBackendRoleOutput) TokenType() pulumi.StringPtrOutput
The type of token that should be generated. Can be `service`, `batch`, or `default` to use the mount's tuned default (which unless changed will be `service` tokens). For token store roles, there are two additional possibilities: `default-service` and `default-batch` which specify the type to return unless the client requests a different type at generation time.
func (AuthBackendRoleOutput) Type ¶
func (o AuthBackendRoleOutput) Type() pulumi.StringOutput
Type of GCP authentication role (either `gce` or `iam`)
type AuthBackendRoleState ¶
type AuthBackendRoleState struct { AddGroupAliases pulumi.BoolPtrInput // A flag to determine if this role should allow GCE instances to authenticate by inferring service accounts from the GCE identity metadata token. AllowGceInference pulumi.BoolPtrInput // Path to the mounted GCP auth backend Backend pulumi.StringPtrInput // The instance groups that an authorized instance must belong to in order to be authenticated. If specified, either `boundZones` or `boundRegions` must be set too. BoundInstanceGroups pulumi.StringArrayInput // A comma-separated list of GCP labels formatted as `"key:value"` strings that must be set on authorized GCE instances. Because GCP labels are not currently ACL'd, we recommend that this be used in conjunction with other restrictions. BoundLabels pulumi.StringArrayInput // An array of GCP project IDs. Only entities belonging to this project can authenticate under the role. BoundProjects pulumi.StringArrayInput // The list of regions that a GCE instance must belong to in order to be authenticated. If boundInstanceGroups is provided, it is assumed to be a regional group and the group must belong to this region. If boundZones are provided, this attribute is ignored. BoundRegions pulumi.StringArrayInput // GCP Service Accounts allowed to issue tokens under this role. (Note: **Required** if role is `iam`) BoundServiceAccounts pulumi.StringArrayInput // The list of zones that a GCE instance must belong to in order to be authenticated. If boundInstanceGroups is provided, it is assumed to be a zonal group and the group must belong to this zone. BoundZones pulumi.StringArrayInput // The number of seconds past the time of authentication that the login param JWT must expire within. For example, if a user attempts to login with a token that expires within an hour and this is set to 15 minutes, Vault will return an error prompting the user to create a new signed JWT with a shorter `exp`. The GCE metadata tokens currently do not allow the `exp` claim to be customized. MaxJwtExp pulumi.StringPtrInput // The namespace to provision the resource in. // The value should not contain leading or trailing forward slashes. // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). // *Available only for Vault Enterprise*. Namespace pulumi.StringPtrInput // Name of the GCP role Role pulumi.StringPtrInput // List of CIDR blocks; if set, specifies blocks of IP // addresses which can authenticate successfully, and ties the resulting token to these blocks // as well. TokenBoundCidrs pulumi.StringArrayInput // If set, will encode an // [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls) // onto the token in number of seconds. This is a hard cap even if `tokenTtl` and // `tokenMaxTtl` would otherwise allow a renewal. TokenExplicitMaxTtl pulumi.IntPtrInput // The maximum lifetime for generated tokens in number of seconds. // Its current value will be referenced at renewal time. TokenMaxTtl pulumi.IntPtrInput // If set, the default policy will not be set on // generated tokens; otherwise it will be added to the policies set in token_policies. TokenNoDefaultPolicy pulumi.BoolPtrInput // The [maximum number](https://www.vaultproject.io/api-docs/gcp#token_num_uses) // of times a generated token may be used (within its lifetime); 0 means unlimited. TokenNumUses pulumi.IntPtrInput // If set, indicates that the // token generated using this role should never expire. The token should be renewed within the // duration specified by this value. At each renewal, the token's TTL will be set to the // value of this field. Specified in seconds. TokenPeriod pulumi.IntPtrInput // List of policies to encode onto generated tokens. Depending // on the auth method, this list may be supplemented by user/group/other values. TokenPolicies pulumi.StringArrayInput // The incremental lifetime for generated tokens in number of seconds. // Its current value will be referenced at renewal time. TokenTtl pulumi.IntPtrInput // The type of token that should be generated. Can be `service`, // `batch`, or `default` to use the mount's tuned default (which unless changed will be // `service` tokens). For token store roles, there are two additional possibilities: // `default-service` and `default-batch` which specify the type to return unless the client // requests a different type at generation time. TokenType pulumi.StringPtrInput // Type of GCP authentication role (either `gce` or `iam`) Type pulumi.StringPtrInput }
func (AuthBackendRoleState) ElementType ¶
func (AuthBackendRoleState) ElementType() reflect.Type
type AuthBackendState ¶
type AuthBackendState struct { // The mount accessor related to the auth mount. It is useful for integration with [Identity Secrets Engine](https://www.vaultproject.io/docs/secrets/identity/index.html). Accessor pulumi.StringPtrInput // The clients email associated with the credentials ClientEmail pulumi.StringPtrInput // The Client ID of the credentials ClientId pulumi.StringPtrInput // A JSON string containing the contents of a GCP credentials file. If this value is empty, Vault will try to use Application Default Credentials from the machine on which the Vault server is running. Credentials pulumi.StringPtrInput // Specifies overrides to // [service endpoints](https://cloud.google.com/apis/design/glossary#api_service_endpoint) // used when making API requests. This allows specific requests made during authentication // to target alternative service endpoints for use in [Private Google Access](https://cloud.google.com/vpc/docs/configure-private-google-access) // environments. Requires Vault 1.11+. // // Overrides are set at the subdomain level using the following keys: CustomEndpoint AuthBackendCustomEndpointPtrInput // A description of the auth method. Description pulumi.StringPtrInput // If set, opts out of mount migration on path updates. // See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration) DisableRemount pulumi.BoolPtrInput // Specifies if the auth method is local only. Local pulumi.BoolPtrInput // The namespace to provision the resource in. // The value should not contain leading or trailing forward slashes. // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). // *Available only for Vault Enterprise*. Namespace pulumi.StringPtrInput // The path to mount the auth method — this defaults to 'gcp'. Path pulumi.StringPtrInput // The ID of the private key from the credentials PrivateKeyId pulumi.StringPtrInput // The GCP Project ID ProjectId pulumi.StringPtrInput // Extra configuration block. Structure is documented below. // // The `tune` block is used to tune the auth backend: Tune AuthBackendTunePtrInput }
func (AuthBackendState) ElementType ¶
func (AuthBackendState) ElementType() reflect.Type
type AuthBackendTune ¶
type AuthBackendTune struct { // List of headers to whitelist and allowing // a plugin to include them in the response. AllowedResponseHeaders []string `pulumi:"allowedResponseHeaders"` // Specifies the list of keys that will // not be HMAC'd by audit devices in the request data object. AuditNonHmacRequestKeys []string `pulumi:"auditNonHmacRequestKeys"` // Specifies the list of keys that will // not be HMAC'd by audit devices in the response data object. AuditNonHmacResponseKeys []string `pulumi:"auditNonHmacResponseKeys"` // Specifies the default time-to-live. // If set, this overrides the global default. // Must be a valid [duration string](https://golang.org/pkg/time/#ParseDuration) DefaultLeaseTtl *string `pulumi:"defaultLeaseTtl"` // Specifies whether to show this mount in // the UI-specific listing endpoint. Valid values are "unauth" or "hidden". ListingVisibility *string `pulumi:"listingVisibility"` // Specifies the maximum time-to-live. // If set, this overrides the global default. // Must be a valid [duration string](https://golang.org/pkg/time/#ParseDuration) MaxLeaseTtl *string `pulumi:"maxLeaseTtl"` // List of headers to whitelist and // pass from the request to the backend. PassthroughRequestHeaders []string `pulumi:"passthroughRequestHeaders"` // Specifies the type of tokens that should be returned by // the mount. Valid values are "default-service", "default-batch", "service", "batch". // // For more details on the usage of each argument consult the [Vault GCP API documentation](https://www.vaultproject.io/api-docs/auth/gcp#configure). TokenType *string `pulumi:"tokenType"` }
type AuthBackendTuneArgs ¶
type AuthBackendTuneArgs struct { // List of headers to whitelist and allowing // a plugin to include them in the response. AllowedResponseHeaders pulumi.StringArrayInput `pulumi:"allowedResponseHeaders"` // Specifies the list of keys that will // not be HMAC'd by audit devices in the request data object. AuditNonHmacRequestKeys pulumi.StringArrayInput `pulumi:"auditNonHmacRequestKeys"` // Specifies the list of keys that will // not be HMAC'd by audit devices in the response data object. AuditNonHmacResponseKeys pulumi.StringArrayInput `pulumi:"auditNonHmacResponseKeys"` // Specifies the default time-to-live. // If set, this overrides the global default. // Must be a valid [duration string](https://golang.org/pkg/time/#ParseDuration) DefaultLeaseTtl pulumi.StringPtrInput `pulumi:"defaultLeaseTtl"` // Specifies whether to show this mount in // the UI-specific listing endpoint. Valid values are "unauth" or "hidden". ListingVisibility pulumi.StringPtrInput `pulumi:"listingVisibility"` // Specifies the maximum time-to-live. // If set, this overrides the global default. // Must be a valid [duration string](https://golang.org/pkg/time/#ParseDuration) MaxLeaseTtl pulumi.StringPtrInput `pulumi:"maxLeaseTtl"` // List of headers to whitelist and // pass from the request to the backend. PassthroughRequestHeaders pulumi.StringArrayInput `pulumi:"passthroughRequestHeaders"` // Specifies the type of tokens that should be returned by // the mount. Valid values are "default-service", "default-batch", "service", "batch". // // For more details on the usage of each argument consult the [Vault GCP API documentation](https://www.vaultproject.io/api-docs/auth/gcp#configure). TokenType pulumi.StringPtrInput `pulumi:"tokenType"` }
func (AuthBackendTuneArgs) ElementType ¶
func (AuthBackendTuneArgs) ElementType() reflect.Type
func (AuthBackendTuneArgs) ToAuthBackendTuneOutput ¶
func (i AuthBackendTuneArgs) ToAuthBackendTuneOutput() AuthBackendTuneOutput
func (AuthBackendTuneArgs) ToAuthBackendTuneOutputWithContext ¶
func (i AuthBackendTuneArgs) ToAuthBackendTuneOutputWithContext(ctx context.Context) AuthBackendTuneOutput
func (AuthBackendTuneArgs) ToAuthBackendTunePtrOutput ¶
func (i AuthBackendTuneArgs) ToAuthBackendTunePtrOutput() AuthBackendTunePtrOutput
func (AuthBackendTuneArgs) ToAuthBackendTunePtrOutputWithContext ¶
func (i AuthBackendTuneArgs) ToAuthBackendTunePtrOutputWithContext(ctx context.Context) AuthBackendTunePtrOutput
type AuthBackendTuneInput ¶
type AuthBackendTuneInput interface { pulumi.Input ToAuthBackendTuneOutput() AuthBackendTuneOutput ToAuthBackendTuneOutputWithContext(context.Context) AuthBackendTuneOutput }
AuthBackendTuneInput is an input type that accepts AuthBackendTuneArgs and AuthBackendTuneOutput values. You can construct a concrete instance of `AuthBackendTuneInput` via:
AuthBackendTuneArgs{...}
type AuthBackendTuneOutput ¶
type AuthBackendTuneOutput struct{ *pulumi.OutputState }
func (AuthBackendTuneOutput) AllowedResponseHeaders ¶
func (o AuthBackendTuneOutput) AllowedResponseHeaders() pulumi.StringArrayOutput
List of headers to whitelist and allowing a plugin to include them in the response.
func (AuthBackendTuneOutput) AuditNonHmacRequestKeys ¶
func (o AuthBackendTuneOutput) AuditNonHmacRequestKeys() pulumi.StringArrayOutput
Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
func (AuthBackendTuneOutput) AuditNonHmacResponseKeys ¶
func (o AuthBackendTuneOutput) AuditNonHmacResponseKeys() pulumi.StringArrayOutput
Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
func (AuthBackendTuneOutput) DefaultLeaseTtl ¶
func (o AuthBackendTuneOutput) DefaultLeaseTtl() pulumi.StringPtrOutput
Specifies the default time-to-live. If set, this overrides the global default. Must be a valid [duration string](https://golang.org/pkg/time/#ParseDuration)
func (AuthBackendTuneOutput) ElementType ¶
func (AuthBackendTuneOutput) ElementType() reflect.Type
func (AuthBackendTuneOutput) ListingVisibility ¶
func (o AuthBackendTuneOutput) ListingVisibility() pulumi.StringPtrOutput
Specifies whether to show this mount in the UI-specific listing endpoint. Valid values are "unauth" or "hidden".
func (AuthBackendTuneOutput) MaxLeaseTtl ¶
func (o AuthBackendTuneOutput) MaxLeaseTtl() pulumi.StringPtrOutput
Specifies the maximum time-to-live. If set, this overrides the global default. Must be a valid [duration string](https://golang.org/pkg/time/#ParseDuration)
func (AuthBackendTuneOutput) PassthroughRequestHeaders ¶
func (o AuthBackendTuneOutput) PassthroughRequestHeaders() pulumi.StringArrayOutput
List of headers to whitelist and pass from the request to the backend.
func (AuthBackendTuneOutput) ToAuthBackendTuneOutput ¶
func (o AuthBackendTuneOutput) ToAuthBackendTuneOutput() AuthBackendTuneOutput
func (AuthBackendTuneOutput) ToAuthBackendTuneOutputWithContext ¶
func (o AuthBackendTuneOutput) ToAuthBackendTuneOutputWithContext(ctx context.Context) AuthBackendTuneOutput
func (AuthBackendTuneOutput) ToAuthBackendTunePtrOutput ¶
func (o AuthBackendTuneOutput) ToAuthBackendTunePtrOutput() AuthBackendTunePtrOutput
func (AuthBackendTuneOutput) ToAuthBackendTunePtrOutputWithContext ¶
func (o AuthBackendTuneOutput) ToAuthBackendTunePtrOutputWithContext(ctx context.Context) AuthBackendTunePtrOutput
func (AuthBackendTuneOutput) TokenType ¶
func (o AuthBackendTuneOutput) TokenType() pulumi.StringPtrOutput
Specifies the type of tokens that should be returned by the mount. Valid values are "default-service", "default-batch", "service", "batch".
For more details on the usage of each argument consult the [Vault GCP API documentation](https://www.vaultproject.io/api-docs/auth/gcp#configure).
type AuthBackendTunePtrInput ¶
type AuthBackendTunePtrInput interface { pulumi.Input ToAuthBackendTunePtrOutput() AuthBackendTunePtrOutput ToAuthBackendTunePtrOutputWithContext(context.Context) AuthBackendTunePtrOutput }
AuthBackendTunePtrInput is an input type that accepts AuthBackendTuneArgs, AuthBackendTunePtr and AuthBackendTunePtrOutput values. You can construct a concrete instance of `AuthBackendTunePtrInput` via:
AuthBackendTuneArgs{...} or: nil
func AuthBackendTunePtr ¶
func AuthBackendTunePtr(v *AuthBackendTuneArgs) AuthBackendTunePtrInput
type AuthBackendTunePtrOutput ¶
type AuthBackendTunePtrOutput struct{ *pulumi.OutputState }
func (AuthBackendTunePtrOutput) AllowedResponseHeaders ¶
func (o AuthBackendTunePtrOutput) AllowedResponseHeaders() pulumi.StringArrayOutput
List of headers to whitelist and allowing a plugin to include them in the response.
func (AuthBackendTunePtrOutput) AuditNonHmacRequestKeys ¶
func (o AuthBackendTunePtrOutput) AuditNonHmacRequestKeys() pulumi.StringArrayOutput
Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
func (AuthBackendTunePtrOutput) AuditNonHmacResponseKeys ¶
func (o AuthBackendTunePtrOutput) AuditNonHmacResponseKeys() pulumi.StringArrayOutput
Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
func (AuthBackendTunePtrOutput) DefaultLeaseTtl ¶
func (o AuthBackendTunePtrOutput) DefaultLeaseTtl() pulumi.StringPtrOutput
Specifies the default time-to-live. If set, this overrides the global default. Must be a valid [duration string](https://golang.org/pkg/time/#ParseDuration)
func (AuthBackendTunePtrOutput) Elem ¶
func (o AuthBackendTunePtrOutput) Elem() AuthBackendTuneOutput
func (AuthBackendTunePtrOutput) ElementType ¶
func (AuthBackendTunePtrOutput) ElementType() reflect.Type
func (AuthBackendTunePtrOutput) ListingVisibility ¶
func (o AuthBackendTunePtrOutput) ListingVisibility() pulumi.StringPtrOutput
Specifies whether to show this mount in the UI-specific listing endpoint. Valid values are "unauth" or "hidden".
func (AuthBackendTunePtrOutput) MaxLeaseTtl ¶
func (o AuthBackendTunePtrOutput) MaxLeaseTtl() pulumi.StringPtrOutput
Specifies the maximum time-to-live. If set, this overrides the global default. Must be a valid [duration string](https://golang.org/pkg/time/#ParseDuration)
func (AuthBackendTunePtrOutput) PassthroughRequestHeaders ¶
func (o AuthBackendTunePtrOutput) PassthroughRequestHeaders() pulumi.StringArrayOutput
List of headers to whitelist and pass from the request to the backend.
func (AuthBackendTunePtrOutput) ToAuthBackendTunePtrOutput ¶
func (o AuthBackendTunePtrOutput) ToAuthBackendTunePtrOutput() AuthBackendTunePtrOutput
func (AuthBackendTunePtrOutput) ToAuthBackendTunePtrOutputWithContext ¶
func (o AuthBackendTunePtrOutput) ToAuthBackendTunePtrOutputWithContext(ctx context.Context) AuthBackendTunePtrOutput
func (AuthBackendTunePtrOutput) TokenType ¶
func (o AuthBackendTunePtrOutput) TokenType() pulumi.StringPtrOutput
Specifies the type of tokens that should be returned by the mount. Valid values are "default-service", "default-batch", "service", "batch".
For more details on the usage of each argument consult the [Vault GCP API documentation](https://www.vaultproject.io/api-docs/auth/gcp#configure).
type LookupAuthBackendRoleArgs ¶
type LookupAuthBackendRoleArgs struct { // The unique name for the GCP backend from which to fetch the role. Defaults to "gcp". Backend *string `pulumi:"backend"` // The namespace of the target resource. // The value should not contain leading or trailing forward slashes. // The `namespace` is always relative to the provider's configured namespace. // *Available only for Vault Enterprise*. Namespace *string `pulumi:"namespace"` // The name of the role to retrieve the Role ID for. RoleName string `pulumi:"roleName"` // List of CIDR blocks; if set, specifies blocks of IP // addresses which can authenticate successfully, and ties the resulting token to these blocks // as well. TokenBoundCidrs []string `pulumi:"tokenBoundCidrs"` // If set, will encode an // [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls) // onto the token in number of seconds. This is a hard cap even if `tokenTtl` and // `tokenMaxTtl` would otherwise allow a renewal. TokenExplicitMaxTtl *int `pulumi:"tokenExplicitMaxTtl"` // The maximum lifetime for generated tokens in number of seconds. // Its current value will be referenced at renewal time. TokenMaxTtl *int `pulumi:"tokenMaxTtl"` // If set, the default policy will not be set on // generated tokens; otherwise it will be added to the policies set in token_policies. TokenNoDefaultPolicy *bool `pulumi:"tokenNoDefaultPolicy"` // The // [period](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls), // if any, in number of seconds to set on the token. TokenNumUses *int `pulumi:"tokenNumUses"` // (Optional) If set, indicates that the // token generated using this role should never expire. The token should be renewed within the // duration specified by this value. At each renewal, the token's TTL will be set to the // value of this field. Specified in seconds. TokenPeriod *int `pulumi:"tokenPeriod"` // List of policies to encode onto generated tokens. Depending // on the auth method, this list may be supplemented by user/group/other values. TokenPolicies []string `pulumi:"tokenPolicies"` // The incremental lifetime for generated tokens in number of seconds. // Its current value will be referenced at renewal time. TokenTtl *int `pulumi:"tokenTtl"` // The type of token that should be generated. Can be `service`, // `batch`, or `default` to use the mount's tuned default (which unless changed will be // `service` tokens). For token store roles, there are two additional possibilities: // `default-service` and `default-batch` which specify the type to return unless the client // requests a different type at generation time. TokenType *string `pulumi:"tokenType"` }
A collection of arguments for invoking getAuthBackendRole.
type LookupAuthBackendRoleOutputArgs ¶
type LookupAuthBackendRoleOutputArgs struct { // The unique name for the GCP backend from which to fetch the role. Defaults to "gcp". Backend pulumi.StringPtrInput `pulumi:"backend"` // The namespace of the target resource. // The value should not contain leading or trailing forward slashes. // The `namespace` is always relative to the provider's configured namespace. // *Available only for Vault Enterprise*. Namespace pulumi.StringPtrInput `pulumi:"namespace"` // The name of the role to retrieve the Role ID for. RoleName pulumi.StringInput `pulumi:"roleName"` // List of CIDR blocks; if set, specifies blocks of IP // addresses which can authenticate successfully, and ties the resulting token to these blocks // as well. TokenBoundCidrs pulumi.StringArrayInput `pulumi:"tokenBoundCidrs"` // If set, will encode an // [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls) // onto the token in number of seconds. This is a hard cap even if `tokenTtl` and // `tokenMaxTtl` would otherwise allow a renewal. TokenExplicitMaxTtl pulumi.IntPtrInput `pulumi:"tokenExplicitMaxTtl"` // The maximum lifetime for generated tokens in number of seconds. // Its current value will be referenced at renewal time. TokenMaxTtl pulumi.IntPtrInput `pulumi:"tokenMaxTtl"` // If set, the default policy will not be set on // generated tokens; otherwise it will be added to the policies set in token_policies. TokenNoDefaultPolicy pulumi.BoolPtrInput `pulumi:"tokenNoDefaultPolicy"` // The // [period](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls), // if any, in number of seconds to set on the token. TokenNumUses pulumi.IntPtrInput `pulumi:"tokenNumUses"` // (Optional) If set, indicates that the // token generated using this role should never expire. The token should be renewed within the // duration specified by this value. At each renewal, the token's TTL will be set to the // value of this field. Specified in seconds. TokenPeriod pulumi.IntPtrInput `pulumi:"tokenPeriod"` // List of policies to encode onto generated tokens. Depending // on the auth method, this list may be supplemented by user/group/other values. TokenPolicies pulumi.StringArrayInput `pulumi:"tokenPolicies"` // The incremental lifetime for generated tokens in number of seconds. // Its current value will be referenced at renewal time. TokenTtl pulumi.IntPtrInput `pulumi:"tokenTtl"` // The type of token that should be generated. Can be `service`, // `batch`, or `default` to use the mount's tuned default (which unless changed will be // `service` tokens). For token store roles, there are two additional possibilities: // `default-service` and `default-batch` which specify the type to return unless the client // requests a different type at generation time. TokenType pulumi.StringPtrInput `pulumi:"tokenType"` }
A collection of arguments for invoking getAuthBackendRole.
func (LookupAuthBackendRoleOutputArgs) ElementType ¶
func (LookupAuthBackendRoleOutputArgs) ElementType() reflect.Type
type LookupAuthBackendRoleResult ¶
type LookupAuthBackendRoleResult struct { Backend *string `pulumi:"backend"` // GCP regions bound to the role. Returned when `type` is `gce`. BoundInstanceGroups []string `pulumi:"boundInstanceGroups"` // GCP labels bound to the role. Returned when `type` is `gce`. BoundLabels []string `pulumi:"boundLabels"` // GCP projects bound to the role. BoundProjects []string `pulumi:"boundProjects"` // GCP regions bound to the role. Returned when `type` is `gce`. BoundRegions []string `pulumi:"boundRegions"` // GCP service accounts bound to the role. Returned when `type` is `iam`. BoundServiceAccounts []string `pulumi:"boundServiceAccounts"` // GCP zones bound to the role. Returned when `type` is `gce`. BoundZones []string `pulumi:"boundZones"` // The provider-assigned unique ID for this managed resource. Id string `pulumi:"id"` Namespace *string `pulumi:"namespace"` // The RoleID of the GCP role. RoleId string `pulumi:"roleId"` RoleName string `pulumi:"roleName"` // List of CIDR blocks; if set, specifies blocks of IP // addresses which can authenticate successfully, and ties the resulting token to these blocks // as well. TokenBoundCidrs []string `pulumi:"tokenBoundCidrs"` // If set, will encode an // [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls) // onto the token in number of seconds. This is a hard cap even if `tokenTtl` and // `tokenMaxTtl` would otherwise allow a renewal. TokenExplicitMaxTtl *int `pulumi:"tokenExplicitMaxTtl"` // The maximum lifetime for generated tokens in number of seconds. // Its current value will be referenced at renewal time. TokenMaxTtl *int `pulumi:"tokenMaxTtl"` // If set, the default policy will not be set on // generated tokens; otherwise it will be added to the policies set in token_policies. TokenNoDefaultPolicy *bool `pulumi:"tokenNoDefaultPolicy"` // The // [period](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls), // if any, in number of seconds to set on the token. TokenNumUses *int `pulumi:"tokenNumUses"` // (Optional) If set, indicates that the // token generated using this role should never expire. The token should be renewed within the // duration specified by this value. At each renewal, the token's TTL will be set to the // value of this field. Specified in seconds. TokenPeriod *int `pulumi:"tokenPeriod"` // List of policies to encode onto generated tokens. Depending // on the auth method, this list may be supplemented by user/group/other values. TokenPolicies []string `pulumi:"tokenPolicies"` // The incremental lifetime for generated tokens in number of seconds. // Its current value will be referenced at renewal time. TokenTtl *int `pulumi:"tokenTtl"` // The type of token that should be generated. Can be `service`, // `batch`, or `default` to use the mount's tuned default (which unless changed will be // `service` tokens). For token store roles, there are two additional possibilities: // `default-service` and `default-batch` which specify the type to return unless the client // requests a different type at generation time. TokenType *string `pulumi:"tokenType"` // Type of GCP role. Expected values are `iam` or `gce`. Type string `pulumi:"type"` }
A collection of values returned by getAuthBackendRole.
func LookupAuthBackendRole ¶
func LookupAuthBackendRole(ctx *pulumi.Context, args *LookupAuthBackendRoleArgs, opts ...pulumi.InvokeOption) (*LookupAuthBackendRoleResult, error)
Reads a GCP auth role from a Vault server.
## Example Usage
<!--Start PulumiCodeChooser --> ```go package main
import (
"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/gcp" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { role, err := gcp.LookupAuthBackendRole(ctx, &gcp.LookupAuthBackendRoleArgs{ Backend: pulumi.StringRef("my-gcp-backend"), RoleName: "my-role", }, nil) if err != nil { return err } ctx.Export("role-id", role.RoleId) return nil }) }
``` <!--End PulumiCodeChooser -->
type LookupAuthBackendRoleResultOutput ¶
type LookupAuthBackendRoleResultOutput struct{ *pulumi.OutputState }
A collection of values returned by getAuthBackendRole.
func LookupAuthBackendRoleOutput ¶
func LookupAuthBackendRoleOutput(ctx *pulumi.Context, args LookupAuthBackendRoleOutputArgs, opts ...pulumi.InvokeOption) LookupAuthBackendRoleResultOutput
func (LookupAuthBackendRoleResultOutput) Backend ¶
func (o LookupAuthBackendRoleResultOutput) Backend() pulumi.StringPtrOutput
func (LookupAuthBackendRoleResultOutput) BoundInstanceGroups ¶
func (o LookupAuthBackendRoleResultOutput) BoundInstanceGroups() pulumi.StringArrayOutput
GCP regions bound to the role. Returned when `type` is `gce`.
func (LookupAuthBackendRoleResultOutput) BoundLabels ¶
func (o LookupAuthBackendRoleResultOutput) BoundLabels() pulumi.StringArrayOutput
GCP labels bound to the role. Returned when `type` is `gce`.
func (LookupAuthBackendRoleResultOutput) BoundProjects ¶
func (o LookupAuthBackendRoleResultOutput) BoundProjects() pulumi.StringArrayOutput
GCP projects bound to the role.
func (LookupAuthBackendRoleResultOutput) BoundRegions ¶
func (o LookupAuthBackendRoleResultOutput) BoundRegions() pulumi.StringArrayOutput
GCP regions bound to the role. Returned when `type` is `gce`.
func (LookupAuthBackendRoleResultOutput) BoundServiceAccounts ¶
func (o LookupAuthBackendRoleResultOutput) BoundServiceAccounts() pulumi.StringArrayOutput
GCP service accounts bound to the role. Returned when `type` is `iam`.
func (LookupAuthBackendRoleResultOutput) BoundZones ¶
func (o LookupAuthBackendRoleResultOutput) BoundZones() pulumi.StringArrayOutput
GCP zones bound to the role. Returned when `type` is `gce`.
func (LookupAuthBackendRoleResultOutput) ElementType ¶
func (LookupAuthBackendRoleResultOutput) ElementType() reflect.Type
func (LookupAuthBackendRoleResultOutput) Id ¶
func (o LookupAuthBackendRoleResultOutput) Id() pulumi.StringOutput
The provider-assigned unique ID for this managed resource.
func (LookupAuthBackendRoleResultOutput) Namespace ¶
func (o LookupAuthBackendRoleResultOutput) Namespace() pulumi.StringPtrOutput
func (LookupAuthBackendRoleResultOutput) RoleId ¶
func (o LookupAuthBackendRoleResultOutput) RoleId() pulumi.StringOutput
The RoleID of the GCP role.
func (LookupAuthBackendRoleResultOutput) RoleName ¶
func (o LookupAuthBackendRoleResultOutput) RoleName() pulumi.StringOutput
func (LookupAuthBackendRoleResultOutput) ToLookupAuthBackendRoleResultOutput ¶
func (o LookupAuthBackendRoleResultOutput) ToLookupAuthBackendRoleResultOutput() LookupAuthBackendRoleResultOutput
func (LookupAuthBackendRoleResultOutput) ToLookupAuthBackendRoleResultOutputWithContext ¶
func (o LookupAuthBackendRoleResultOutput) ToLookupAuthBackendRoleResultOutputWithContext(ctx context.Context) LookupAuthBackendRoleResultOutput
func (LookupAuthBackendRoleResultOutput) TokenBoundCidrs ¶
func (o LookupAuthBackendRoleResultOutput) TokenBoundCidrs() pulumi.StringArrayOutput
List of CIDR blocks; if set, specifies blocks of IP addresses which can authenticate successfully, and ties the resulting token to these blocks as well.
func (LookupAuthBackendRoleResultOutput) TokenExplicitMaxTtl ¶
func (o LookupAuthBackendRoleResultOutput) TokenExplicitMaxTtl() pulumi.IntPtrOutput
If set, will encode an [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls) onto the token in number of seconds. This is a hard cap even if `tokenTtl` and `tokenMaxTtl` would otherwise allow a renewal.
func (LookupAuthBackendRoleResultOutput) TokenMaxTtl ¶
func (o LookupAuthBackendRoleResultOutput) TokenMaxTtl() pulumi.IntPtrOutput
The maximum lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.
func (LookupAuthBackendRoleResultOutput) TokenNoDefaultPolicy ¶
func (o LookupAuthBackendRoleResultOutput) TokenNoDefaultPolicy() pulumi.BoolPtrOutput
If set, the default policy will not be set on generated tokens; otherwise it will be added to the policies set in token_policies.
func (LookupAuthBackendRoleResultOutput) TokenNumUses ¶
func (o LookupAuthBackendRoleResultOutput) TokenNumUses() pulumi.IntPtrOutput
The [period](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls), if any, in number of seconds to set on the token.
func (LookupAuthBackendRoleResultOutput) TokenPeriod ¶
func (o LookupAuthBackendRoleResultOutput) TokenPeriod() pulumi.IntPtrOutput
(Optional) If set, indicates that the token generated using this role should never expire. The token should be renewed within the duration specified by this value. At each renewal, the token's TTL will be set to the value of this field. Specified in seconds.
func (LookupAuthBackendRoleResultOutput) TokenPolicies ¶
func (o LookupAuthBackendRoleResultOutput) TokenPolicies() pulumi.StringArrayOutput
List of policies to encode onto generated tokens. Depending on the auth method, this list may be supplemented by user/group/other values.
func (LookupAuthBackendRoleResultOutput) TokenTtl ¶
func (o LookupAuthBackendRoleResultOutput) TokenTtl() pulumi.IntPtrOutput
The incremental lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.
func (LookupAuthBackendRoleResultOutput) TokenType ¶
func (o LookupAuthBackendRoleResultOutput) TokenType() pulumi.StringPtrOutput
The type of token that should be generated. Can be `service`, `batch`, or `default` to use the mount's tuned default (which unless changed will be `service` tokens). For token store roles, there are two additional possibilities: `default-service` and `default-batch` which specify the type to return unless the client requests a different type at generation time.
func (LookupAuthBackendRoleResultOutput) Type ¶
func (o LookupAuthBackendRoleResultOutput) Type() pulumi.StringOutput
Type of GCP role. Expected values are `iam` or `gce`.
type SecretBackend ¶
type SecretBackend struct { pulumi.CustomResourceState // JSON-encoded credentials to use to connect to GCP Credentials pulumi.StringPtrOutput `pulumi:"credentials"` // The default TTL for credentials // issued by this backend. Defaults to '0'. DefaultLeaseTtlSeconds pulumi.IntPtrOutput `pulumi:"defaultLeaseTtlSeconds"` // A human-friendly description for this backend. Description pulumi.StringPtrOutput `pulumi:"description"` // If set, opts out of mount migration on path updates. // See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration) DisableRemount pulumi.BoolPtrOutput `pulumi:"disableRemount"` // Boolean flag that can be explicitly set to true to enforce local mount in HA environment Local pulumi.BoolPtrOutput `pulumi:"local"` // The maximum TTL that can be requested // for credentials issued by this backend. Defaults to '0'. MaxLeaseTtlSeconds pulumi.IntPtrOutput `pulumi:"maxLeaseTtlSeconds"` // The namespace to provision the resource in. // The value should not contain leading or trailing forward slashes. // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). // *Available only for Vault Enterprise*. Namespace pulumi.StringPtrOutput `pulumi:"namespace"` // The unique path this backend should be mounted at. Must // not begin or end with a `/`. Defaults to `gcp`. Path pulumi.StringPtrOutput `pulumi:"path"` }
## Example Usage
<!--Start PulumiCodeChooser --> ```go package main
import (
"os" "github.com/pulumi/pulumi-vault/sdk/v6/go/vault/gcp" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func readFileOrPanic(path string) pulumi.StringPtrInput { data, err := os.ReadFile(path) if err != nil { panic(err.Error()) } return pulumi.String(string(data)) } func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := gcp.NewSecretBackend(ctx, "gcp", &gcp.SecretBackendArgs{ Credentials: readFileOrPanic("credentials.json"), }) if err != nil { return err } return nil }) }
``` <!--End PulumiCodeChooser -->
func GetSecretBackend ¶
func GetSecretBackend(ctx *pulumi.Context, name string, id pulumi.IDInput, state *SecretBackendState, opts ...pulumi.ResourceOption) (*SecretBackend, error)
GetSecretBackend gets an existing SecretBackend resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewSecretBackend ¶
func NewSecretBackend(ctx *pulumi.Context, name string, args *SecretBackendArgs, opts ...pulumi.ResourceOption) (*SecretBackend, error)
NewSecretBackend registers a new resource with the given unique name, arguments, and options.
func (*SecretBackend) ElementType ¶
func (*SecretBackend) ElementType() reflect.Type
func (*SecretBackend) ToSecretBackendOutput ¶
func (i *SecretBackend) ToSecretBackendOutput() SecretBackendOutput
func (*SecretBackend) ToSecretBackendOutputWithContext ¶
func (i *SecretBackend) ToSecretBackendOutputWithContext(ctx context.Context) SecretBackendOutput
type SecretBackendArgs ¶
type SecretBackendArgs struct { // JSON-encoded credentials to use to connect to GCP Credentials pulumi.StringPtrInput // The default TTL for credentials // issued by this backend. Defaults to '0'. DefaultLeaseTtlSeconds pulumi.IntPtrInput // A human-friendly description for this backend. Description pulumi.StringPtrInput // If set, opts out of mount migration on path updates. // See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration) DisableRemount pulumi.BoolPtrInput // Boolean flag that can be explicitly set to true to enforce local mount in HA environment Local pulumi.BoolPtrInput // The maximum TTL that can be requested // for credentials issued by this backend. Defaults to '0'. MaxLeaseTtlSeconds pulumi.IntPtrInput // The namespace to provision the resource in. // The value should not contain leading or trailing forward slashes. // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). // *Available only for Vault Enterprise*. Namespace pulumi.StringPtrInput // The unique path this backend should be mounted at. Must // not begin or end with a `/`. Defaults to `gcp`. Path pulumi.StringPtrInput }
The set of arguments for constructing a SecretBackend resource.
func (SecretBackendArgs) ElementType ¶
func (SecretBackendArgs) ElementType() reflect.Type
type SecretBackendArray ¶
type SecretBackendArray []SecretBackendInput
func (SecretBackendArray) ElementType ¶
func (SecretBackendArray) ElementType() reflect.Type
func (SecretBackendArray) ToSecretBackendArrayOutput ¶
func (i SecretBackendArray) ToSecretBackendArrayOutput() SecretBackendArrayOutput
func (SecretBackendArray) ToSecretBackendArrayOutputWithContext ¶
func (i SecretBackendArray) ToSecretBackendArrayOutputWithContext(ctx context.Context) SecretBackendArrayOutput
type SecretBackendArrayInput ¶
type SecretBackendArrayInput interface { pulumi.Input ToSecretBackendArrayOutput() SecretBackendArrayOutput ToSecretBackendArrayOutputWithContext(context.Context) SecretBackendArrayOutput }
SecretBackendArrayInput is an input type that accepts SecretBackendArray and SecretBackendArrayOutput values. You can construct a concrete instance of `SecretBackendArrayInput` via:
SecretBackendArray{ SecretBackendArgs{...} }
type SecretBackendArrayOutput ¶
type SecretBackendArrayOutput struct{ *pulumi.OutputState }
func (SecretBackendArrayOutput) ElementType ¶
func (SecretBackendArrayOutput) ElementType() reflect.Type
func (SecretBackendArrayOutput) Index ¶
func (o SecretBackendArrayOutput) Index(i pulumi.IntInput) SecretBackendOutput
func (SecretBackendArrayOutput) ToSecretBackendArrayOutput ¶
func (o SecretBackendArrayOutput) ToSecretBackendArrayOutput() SecretBackendArrayOutput
func (SecretBackendArrayOutput) ToSecretBackendArrayOutputWithContext ¶
func (o SecretBackendArrayOutput) ToSecretBackendArrayOutputWithContext(ctx context.Context) SecretBackendArrayOutput
type SecretBackendInput ¶
type SecretBackendInput interface { pulumi.Input ToSecretBackendOutput() SecretBackendOutput ToSecretBackendOutputWithContext(ctx context.Context) SecretBackendOutput }
type SecretBackendMap ¶
type SecretBackendMap map[string]SecretBackendInput
func (SecretBackendMap) ElementType ¶
func (SecretBackendMap) ElementType() reflect.Type
func (SecretBackendMap) ToSecretBackendMapOutput ¶
func (i SecretBackendMap) ToSecretBackendMapOutput() SecretBackendMapOutput
func (SecretBackendMap) ToSecretBackendMapOutputWithContext ¶
func (i SecretBackendMap) ToSecretBackendMapOutputWithContext(ctx context.Context) SecretBackendMapOutput
type SecretBackendMapInput ¶
type SecretBackendMapInput interface { pulumi.Input ToSecretBackendMapOutput() SecretBackendMapOutput ToSecretBackendMapOutputWithContext(context.Context) SecretBackendMapOutput }
SecretBackendMapInput is an input type that accepts SecretBackendMap and SecretBackendMapOutput values. You can construct a concrete instance of `SecretBackendMapInput` via:
SecretBackendMap{ "key": SecretBackendArgs{...} }
type SecretBackendMapOutput ¶
type SecretBackendMapOutput struct{ *pulumi.OutputState }
func (SecretBackendMapOutput) ElementType ¶
func (SecretBackendMapOutput) ElementType() reflect.Type
func (SecretBackendMapOutput) MapIndex ¶
func (o SecretBackendMapOutput) MapIndex(k pulumi.StringInput) SecretBackendOutput
func (SecretBackendMapOutput) ToSecretBackendMapOutput ¶
func (o SecretBackendMapOutput) ToSecretBackendMapOutput() SecretBackendMapOutput
func (SecretBackendMapOutput) ToSecretBackendMapOutputWithContext ¶
func (o SecretBackendMapOutput) ToSecretBackendMapOutputWithContext(ctx context.Context) SecretBackendMapOutput
type SecretBackendOutput ¶
type SecretBackendOutput struct{ *pulumi.OutputState }
func (SecretBackendOutput) Credentials ¶
func (o SecretBackendOutput) Credentials() pulumi.StringPtrOutput
JSON-encoded credentials to use to connect to GCP
func (SecretBackendOutput) DefaultLeaseTtlSeconds ¶
func (o SecretBackendOutput) DefaultLeaseTtlSeconds() pulumi.IntPtrOutput
The default TTL for credentials issued by this backend. Defaults to '0'.
func (SecretBackendOutput) Description ¶
func (o SecretBackendOutput) Description() pulumi.StringPtrOutput
A human-friendly description for this backend.
func (SecretBackendOutput) DisableRemount ¶
func (o SecretBackendOutput) DisableRemount() pulumi.BoolPtrOutput
If set, opts out of mount migration on path updates. See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
func (SecretBackendOutput) ElementType ¶
func (SecretBackendOutput) ElementType() reflect.Type
func (SecretBackendOutput) Local ¶
func (o SecretBackendOutput) Local() pulumi.BoolPtrOutput
Boolean flag that can be explicitly set to true to enforce local mount in HA environment
func (SecretBackendOutput) MaxLeaseTtlSeconds ¶
func (o SecretBackendOutput) MaxLeaseTtlSeconds() pulumi.IntPtrOutput
The maximum TTL that can be requested for credentials issued by this backend. Defaults to '0'.
func (SecretBackendOutput) Namespace ¶
func (o SecretBackendOutput) Namespace() pulumi.StringPtrOutput
The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). *Available only for Vault Enterprise*.
func (SecretBackendOutput) Path ¶
func (o SecretBackendOutput) Path() pulumi.StringPtrOutput
The unique path this backend should be mounted at. Must not begin or end with a `/`. Defaults to `gcp`.
func (SecretBackendOutput) ToSecretBackendOutput ¶
func (o SecretBackendOutput) ToSecretBackendOutput() SecretBackendOutput
func (SecretBackendOutput) ToSecretBackendOutputWithContext ¶
func (o SecretBackendOutput) ToSecretBackendOutputWithContext(ctx context.Context) SecretBackendOutput
type SecretBackendState ¶
type SecretBackendState struct { // JSON-encoded credentials to use to connect to GCP Credentials pulumi.StringPtrInput // The default TTL for credentials // issued by this backend. Defaults to '0'. DefaultLeaseTtlSeconds pulumi.IntPtrInput // A human-friendly description for this backend. Description pulumi.StringPtrInput // If set, opts out of mount migration on path updates. // See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration) DisableRemount pulumi.BoolPtrInput // Boolean flag that can be explicitly set to true to enforce local mount in HA environment Local pulumi.BoolPtrInput // The maximum TTL that can be requested // for credentials issued by this backend. Defaults to '0'. MaxLeaseTtlSeconds pulumi.IntPtrInput // The namespace to provision the resource in. // The value should not contain leading or trailing forward slashes. // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). // *Available only for Vault Enterprise*. Namespace pulumi.StringPtrInput // The unique path this backend should be mounted at. Must // not begin or end with a `/`. Defaults to `gcp`. Path pulumi.StringPtrInput }
func (SecretBackendState) ElementType ¶
func (SecretBackendState) ElementType() reflect.Type
type SecretImpersonatedAccount ¶
type SecretImpersonatedAccount struct { pulumi.CustomResourceState // Path where the GCP Secrets Engine is mounted Backend pulumi.StringOutput `pulumi:"backend"` // Name of the Impersonated Account to create ImpersonatedAccount pulumi.StringOutput `pulumi:"impersonatedAccount"` // Target namespace. (requires Enterprise) Namespace pulumi.StringPtrOutput `pulumi:"namespace"` // Email of the GCP service account to impersonate. ServiceAccountEmail pulumi.StringOutput `pulumi:"serviceAccountEmail"` // Project the service account belongs to. ServiceAccountProject pulumi.StringOutput `pulumi:"serviceAccountProject"` // List of OAuth scopes to assign to access tokens generated under this impersonated account. TokenScopes pulumi.StringArrayOutput `pulumi:"tokenScopes"` }
Creates a Impersonated Account in the [GCP Secrets Engine](https://www.vaultproject.io/docs/secrets/gcp/index.html) for Vault.
Each [impersonated account](https://www.vaultproject.io/docs/secrets/gcp/index.html#impersonated-accounts) is tied to a separately managed Service Account.
## Example Usage
<!--Start PulumiCodeChooser --> ```go package main
import (
"os" "github.com/pulumi/pulumi-gcp/sdk/v5/go/gcp/serviceAccount" "github.com/pulumi/pulumi-vault/sdk/v6/go/vault/gcp" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func readFileOrPanic(path string) pulumi.StringPtrInput { data, err := os.ReadFile(path) if err != nil { panic(err.Error()) } return pulumi.String(string(data)) } func main() { pulumi.Run(func(ctx *pulumi.Context) error { this, err := serviceAccount.NewAccount(ctx, "this", &serviceAccount.AccountArgs{ AccountId: pulumi.String("my-awesome-account"), }) if err != nil { return err } gcp, err := gcp.NewSecretBackend(ctx, "gcp", &gcp.SecretBackendArgs{ Path: pulumi.String("gcp"), Credentials: readFileOrPanic("credentials.json"), }) if err != nil { return err } _, err = gcp.NewSecretImpersonatedAccount(ctx, "impersonatedAccount", &gcp.SecretImpersonatedAccountArgs{ Backend: gcp.Path, ImpersonatedAccount: pulumi.String("this"), ServiceAccountEmail: this.Email, TokenScopes: pulumi.StringArray{ pulumi.String("https://www.googleapis.com/auth/cloud-platform"), }, }) if err != nil { return err } return nil }) }
``` <!--End PulumiCodeChooser -->
## Import
A impersonated account can be imported using its Vault Path. For example, referencing the example above,
```sh $ pulumi import vault:gcp/secretImpersonatedAccount:SecretImpersonatedAccount impersonated_account gcp/impersonated-account/project_viewer ```
func GetSecretImpersonatedAccount ¶
func GetSecretImpersonatedAccount(ctx *pulumi.Context, name string, id pulumi.IDInput, state *SecretImpersonatedAccountState, opts ...pulumi.ResourceOption) (*SecretImpersonatedAccount, error)
GetSecretImpersonatedAccount gets an existing SecretImpersonatedAccount resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewSecretImpersonatedAccount ¶
func NewSecretImpersonatedAccount(ctx *pulumi.Context, name string, args *SecretImpersonatedAccountArgs, opts ...pulumi.ResourceOption) (*SecretImpersonatedAccount, error)
NewSecretImpersonatedAccount registers a new resource with the given unique name, arguments, and options.
func (*SecretImpersonatedAccount) ElementType ¶
func (*SecretImpersonatedAccount) ElementType() reflect.Type
func (*SecretImpersonatedAccount) ToSecretImpersonatedAccountOutput ¶
func (i *SecretImpersonatedAccount) ToSecretImpersonatedAccountOutput() SecretImpersonatedAccountOutput
func (*SecretImpersonatedAccount) ToSecretImpersonatedAccountOutputWithContext ¶
func (i *SecretImpersonatedAccount) ToSecretImpersonatedAccountOutputWithContext(ctx context.Context) SecretImpersonatedAccountOutput
type SecretImpersonatedAccountArgs ¶
type SecretImpersonatedAccountArgs struct { // Path where the GCP Secrets Engine is mounted Backend pulumi.StringInput // Name of the Impersonated Account to create ImpersonatedAccount pulumi.StringInput // Target namespace. (requires Enterprise) Namespace pulumi.StringPtrInput // Email of the GCP service account to impersonate. ServiceAccountEmail pulumi.StringInput // List of OAuth scopes to assign to access tokens generated under this impersonated account. TokenScopes pulumi.StringArrayInput }
The set of arguments for constructing a SecretImpersonatedAccount resource.
func (SecretImpersonatedAccountArgs) ElementType ¶
func (SecretImpersonatedAccountArgs) ElementType() reflect.Type
type SecretImpersonatedAccountArray ¶
type SecretImpersonatedAccountArray []SecretImpersonatedAccountInput
func (SecretImpersonatedAccountArray) ElementType ¶
func (SecretImpersonatedAccountArray) ElementType() reflect.Type
func (SecretImpersonatedAccountArray) ToSecretImpersonatedAccountArrayOutput ¶
func (i SecretImpersonatedAccountArray) ToSecretImpersonatedAccountArrayOutput() SecretImpersonatedAccountArrayOutput
func (SecretImpersonatedAccountArray) ToSecretImpersonatedAccountArrayOutputWithContext ¶
func (i SecretImpersonatedAccountArray) ToSecretImpersonatedAccountArrayOutputWithContext(ctx context.Context) SecretImpersonatedAccountArrayOutput
type SecretImpersonatedAccountArrayInput ¶
type SecretImpersonatedAccountArrayInput interface { pulumi.Input ToSecretImpersonatedAccountArrayOutput() SecretImpersonatedAccountArrayOutput ToSecretImpersonatedAccountArrayOutputWithContext(context.Context) SecretImpersonatedAccountArrayOutput }
SecretImpersonatedAccountArrayInput is an input type that accepts SecretImpersonatedAccountArray and SecretImpersonatedAccountArrayOutput values. You can construct a concrete instance of `SecretImpersonatedAccountArrayInput` via:
SecretImpersonatedAccountArray{ SecretImpersonatedAccountArgs{...} }
type SecretImpersonatedAccountArrayOutput ¶
type SecretImpersonatedAccountArrayOutput struct{ *pulumi.OutputState }
func (SecretImpersonatedAccountArrayOutput) ElementType ¶
func (SecretImpersonatedAccountArrayOutput) ElementType() reflect.Type
func (SecretImpersonatedAccountArrayOutput) Index ¶
func (o SecretImpersonatedAccountArrayOutput) Index(i pulumi.IntInput) SecretImpersonatedAccountOutput
func (SecretImpersonatedAccountArrayOutput) ToSecretImpersonatedAccountArrayOutput ¶
func (o SecretImpersonatedAccountArrayOutput) ToSecretImpersonatedAccountArrayOutput() SecretImpersonatedAccountArrayOutput
func (SecretImpersonatedAccountArrayOutput) ToSecretImpersonatedAccountArrayOutputWithContext ¶
func (o SecretImpersonatedAccountArrayOutput) ToSecretImpersonatedAccountArrayOutputWithContext(ctx context.Context) SecretImpersonatedAccountArrayOutput
type SecretImpersonatedAccountInput ¶
type SecretImpersonatedAccountInput interface { pulumi.Input ToSecretImpersonatedAccountOutput() SecretImpersonatedAccountOutput ToSecretImpersonatedAccountOutputWithContext(ctx context.Context) SecretImpersonatedAccountOutput }
type SecretImpersonatedAccountMap ¶
type SecretImpersonatedAccountMap map[string]SecretImpersonatedAccountInput
func (SecretImpersonatedAccountMap) ElementType ¶
func (SecretImpersonatedAccountMap) ElementType() reflect.Type
func (SecretImpersonatedAccountMap) ToSecretImpersonatedAccountMapOutput ¶
func (i SecretImpersonatedAccountMap) ToSecretImpersonatedAccountMapOutput() SecretImpersonatedAccountMapOutput
func (SecretImpersonatedAccountMap) ToSecretImpersonatedAccountMapOutputWithContext ¶
func (i SecretImpersonatedAccountMap) ToSecretImpersonatedAccountMapOutputWithContext(ctx context.Context) SecretImpersonatedAccountMapOutput
type SecretImpersonatedAccountMapInput ¶
type SecretImpersonatedAccountMapInput interface { pulumi.Input ToSecretImpersonatedAccountMapOutput() SecretImpersonatedAccountMapOutput ToSecretImpersonatedAccountMapOutputWithContext(context.Context) SecretImpersonatedAccountMapOutput }
SecretImpersonatedAccountMapInput is an input type that accepts SecretImpersonatedAccountMap and SecretImpersonatedAccountMapOutput values. You can construct a concrete instance of `SecretImpersonatedAccountMapInput` via:
SecretImpersonatedAccountMap{ "key": SecretImpersonatedAccountArgs{...} }
type SecretImpersonatedAccountMapOutput ¶
type SecretImpersonatedAccountMapOutput struct{ *pulumi.OutputState }
func (SecretImpersonatedAccountMapOutput) ElementType ¶
func (SecretImpersonatedAccountMapOutput) ElementType() reflect.Type
func (SecretImpersonatedAccountMapOutput) MapIndex ¶
func (o SecretImpersonatedAccountMapOutput) MapIndex(k pulumi.StringInput) SecretImpersonatedAccountOutput
func (SecretImpersonatedAccountMapOutput) ToSecretImpersonatedAccountMapOutput ¶
func (o SecretImpersonatedAccountMapOutput) ToSecretImpersonatedAccountMapOutput() SecretImpersonatedAccountMapOutput
func (SecretImpersonatedAccountMapOutput) ToSecretImpersonatedAccountMapOutputWithContext ¶
func (o SecretImpersonatedAccountMapOutput) ToSecretImpersonatedAccountMapOutputWithContext(ctx context.Context) SecretImpersonatedAccountMapOutput
type SecretImpersonatedAccountOutput ¶
type SecretImpersonatedAccountOutput struct{ *pulumi.OutputState }
func (SecretImpersonatedAccountOutput) Backend ¶
func (o SecretImpersonatedAccountOutput) Backend() pulumi.StringOutput
Path where the GCP Secrets Engine is mounted
func (SecretImpersonatedAccountOutput) ElementType ¶
func (SecretImpersonatedAccountOutput) ElementType() reflect.Type
func (SecretImpersonatedAccountOutput) ImpersonatedAccount ¶
func (o SecretImpersonatedAccountOutput) ImpersonatedAccount() pulumi.StringOutput
Name of the Impersonated Account to create
func (SecretImpersonatedAccountOutput) Namespace ¶
func (o SecretImpersonatedAccountOutput) Namespace() pulumi.StringPtrOutput
Target namespace. (requires Enterprise)
func (SecretImpersonatedAccountOutput) ServiceAccountEmail ¶
func (o SecretImpersonatedAccountOutput) ServiceAccountEmail() pulumi.StringOutput
Email of the GCP service account to impersonate.
func (SecretImpersonatedAccountOutput) ServiceAccountProject ¶
func (o SecretImpersonatedAccountOutput) ServiceAccountProject() pulumi.StringOutput
Project the service account belongs to.
func (SecretImpersonatedAccountOutput) ToSecretImpersonatedAccountOutput ¶
func (o SecretImpersonatedAccountOutput) ToSecretImpersonatedAccountOutput() SecretImpersonatedAccountOutput
func (SecretImpersonatedAccountOutput) ToSecretImpersonatedAccountOutputWithContext ¶
func (o SecretImpersonatedAccountOutput) ToSecretImpersonatedAccountOutputWithContext(ctx context.Context) SecretImpersonatedAccountOutput
func (SecretImpersonatedAccountOutput) TokenScopes ¶
func (o SecretImpersonatedAccountOutput) TokenScopes() pulumi.StringArrayOutput
List of OAuth scopes to assign to access tokens generated under this impersonated account.
type SecretImpersonatedAccountState ¶
type SecretImpersonatedAccountState struct { // Path where the GCP Secrets Engine is mounted Backend pulumi.StringPtrInput // Name of the Impersonated Account to create ImpersonatedAccount pulumi.StringPtrInput // Target namespace. (requires Enterprise) Namespace pulumi.StringPtrInput // Email of the GCP service account to impersonate. ServiceAccountEmail pulumi.StringPtrInput // Project the service account belongs to. ServiceAccountProject pulumi.StringPtrInput // List of OAuth scopes to assign to access tokens generated under this impersonated account. TokenScopes pulumi.StringArrayInput }
func (SecretImpersonatedAccountState) ElementType ¶
func (SecretImpersonatedAccountState) ElementType() reflect.Type
type SecretRoleset ¶
type SecretRoleset struct { pulumi.CustomResourceState // Path where the GCP Secrets Engine is mounted Backend pulumi.StringOutput `pulumi:"backend"` // Bindings to create for this roleset. This can be specified multiple times for multiple bindings. Structure is documented below. Bindings SecretRolesetBindingArrayOutput `pulumi:"bindings"` // The namespace to provision the resource in. // The value should not contain leading or trailing forward slashes. // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). // *Available only for Vault Enterprise*. Namespace pulumi.StringPtrOutput `pulumi:"namespace"` // Name of the GCP project that this roleset's service account will belong to. Project pulumi.StringOutput `pulumi:"project"` // Name of the Roleset to create Roleset pulumi.StringOutput `pulumi:"roleset"` // Type of secret generated for this role set. Accepted values: `accessToken`, `serviceAccountKey`. Defaults to `accessToken`. SecretType pulumi.StringOutput `pulumi:"secretType"` // Email of the service account created by Vault for this Roleset. ServiceAccountEmail pulumi.StringOutput `pulumi:"serviceAccountEmail"` // List of OAuth scopes to assign to `accessToken` secrets generated under this role set (`accessToken` role sets only). TokenScopes pulumi.StringArrayOutput `pulumi:"tokenScopes"` }
Creates a Roleset in the [GCP Secrets Engine](https://www.vaultproject.io/docs/secrets/gcp/index.html) for Vault.
Each Roleset is [tied](https://www.vaultproject.io/docs/secrets/gcp/index.html#service-accounts-are-tied-to-rolesets) to a Service Account, and can have one or more [bindings](https://www.vaultproject.io/docs/secrets/gcp/index.html#roleset-bindings) associated with it.
## Example Usage
<!--Start PulumiCodeChooser --> ```go package main
import (
"fmt" "os" "github.com/pulumi/pulumi-vault/sdk/v6/go/vault/gcp" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func readFileOrPanic(path string) pulumi.StringPtrInput { data, err := os.ReadFile(path) if err != nil { panic(err.Error()) } return pulumi.String(string(data)) } func main() { pulumi.Run(func(ctx *pulumi.Context) error { project := "my-awesome-project" gcp, err := gcp.NewSecretBackend(ctx, "gcp", &gcp.SecretBackendArgs{ Path: pulumi.String("gcp"), Credentials: readFileOrPanic("credentials.json"), }) if err != nil { return err } _, err = gcp.NewSecretRoleset(ctx, "roleset", &gcp.SecretRolesetArgs{ Backend: gcp.Path, Roleset: pulumi.String("project_viewer"), SecretType: pulumi.String("access_token"), Project: pulumi.String(project), TokenScopes: pulumi.StringArray{ pulumi.String("https://www.googleapis.com/auth/cloud-platform"), }, Bindings: gcp.SecretRolesetBindingArray{ &gcp.SecretRolesetBindingArgs{ Resource: pulumi.String(fmt.Sprintf("//cloudresourcemanager.googleapis.com/projects/%v", project)), Roles: pulumi.StringArray{ pulumi.String("roles/viewer"), }, }, }, }) if err != nil { return err } return nil }) }
``` <!--End PulumiCodeChooser -->
## Import
A roleset can be imported using its Vault Path. For example, referencing the example above,
```sh $ pulumi import vault:gcp/secretRoleset:SecretRoleset roleset gcp/roleset/project_viewer ```
func GetSecretRoleset ¶
func GetSecretRoleset(ctx *pulumi.Context, name string, id pulumi.IDInput, state *SecretRolesetState, opts ...pulumi.ResourceOption) (*SecretRoleset, error)
GetSecretRoleset gets an existing SecretRoleset resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewSecretRoleset ¶
func NewSecretRoleset(ctx *pulumi.Context, name string, args *SecretRolesetArgs, opts ...pulumi.ResourceOption) (*SecretRoleset, error)
NewSecretRoleset registers a new resource with the given unique name, arguments, and options.
func (*SecretRoleset) ElementType ¶
func (*SecretRoleset) ElementType() reflect.Type
func (*SecretRoleset) ToSecretRolesetOutput ¶
func (i *SecretRoleset) ToSecretRolesetOutput() SecretRolesetOutput
func (*SecretRoleset) ToSecretRolesetOutputWithContext ¶
func (i *SecretRoleset) ToSecretRolesetOutputWithContext(ctx context.Context) SecretRolesetOutput
type SecretRolesetArgs ¶
type SecretRolesetArgs struct { // Path where the GCP Secrets Engine is mounted Backend pulumi.StringInput // Bindings to create for this roleset. This can be specified multiple times for multiple bindings. Structure is documented below. Bindings SecretRolesetBindingArrayInput // The namespace to provision the resource in. // The value should not contain leading or trailing forward slashes. // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). // *Available only for Vault Enterprise*. Namespace pulumi.StringPtrInput // Name of the GCP project that this roleset's service account will belong to. Project pulumi.StringInput // Name of the Roleset to create Roleset pulumi.StringInput // Type of secret generated for this role set. Accepted values: `accessToken`, `serviceAccountKey`. Defaults to `accessToken`. SecretType pulumi.StringPtrInput // List of OAuth scopes to assign to `accessToken` secrets generated under this role set (`accessToken` role sets only). TokenScopes pulumi.StringArrayInput }
The set of arguments for constructing a SecretRoleset resource.
func (SecretRolesetArgs) ElementType ¶
func (SecretRolesetArgs) ElementType() reflect.Type
type SecretRolesetArray ¶
type SecretRolesetArray []SecretRolesetInput
func (SecretRolesetArray) ElementType ¶
func (SecretRolesetArray) ElementType() reflect.Type
func (SecretRolesetArray) ToSecretRolesetArrayOutput ¶
func (i SecretRolesetArray) ToSecretRolesetArrayOutput() SecretRolesetArrayOutput
func (SecretRolesetArray) ToSecretRolesetArrayOutputWithContext ¶
func (i SecretRolesetArray) ToSecretRolesetArrayOutputWithContext(ctx context.Context) SecretRolesetArrayOutput
type SecretRolesetArrayInput ¶
type SecretRolesetArrayInput interface { pulumi.Input ToSecretRolesetArrayOutput() SecretRolesetArrayOutput ToSecretRolesetArrayOutputWithContext(context.Context) SecretRolesetArrayOutput }
SecretRolesetArrayInput is an input type that accepts SecretRolesetArray and SecretRolesetArrayOutput values. You can construct a concrete instance of `SecretRolesetArrayInput` via:
SecretRolesetArray{ SecretRolesetArgs{...} }
type SecretRolesetArrayOutput ¶
type SecretRolesetArrayOutput struct{ *pulumi.OutputState }
func (SecretRolesetArrayOutput) ElementType ¶
func (SecretRolesetArrayOutput) ElementType() reflect.Type
func (SecretRolesetArrayOutput) Index ¶
func (o SecretRolesetArrayOutput) Index(i pulumi.IntInput) SecretRolesetOutput
func (SecretRolesetArrayOutput) ToSecretRolesetArrayOutput ¶
func (o SecretRolesetArrayOutput) ToSecretRolesetArrayOutput() SecretRolesetArrayOutput
func (SecretRolesetArrayOutput) ToSecretRolesetArrayOutputWithContext ¶
func (o SecretRolesetArrayOutput) ToSecretRolesetArrayOutputWithContext(ctx context.Context) SecretRolesetArrayOutput
type SecretRolesetBinding ¶
type SecretRolesetBinding struct { // Resource or resource path for which IAM policy information will be bound. The resource path may be specified in a few different [formats](https://www.vaultproject.io/docs/secrets/gcp/index.html#roleset-bindings). Resource string `pulumi:"resource"` // List of [GCP IAM roles](https://cloud.google.com/iam/docs/understanding-roles) for the resource. Roles []string `pulumi:"roles"` }
type SecretRolesetBindingArgs ¶
type SecretRolesetBindingArgs struct { // Resource or resource path for which IAM policy information will be bound. The resource path may be specified in a few different [formats](https://www.vaultproject.io/docs/secrets/gcp/index.html#roleset-bindings). Resource pulumi.StringInput `pulumi:"resource"` // List of [GCP IAM roles](https://cloud.google.com/iam/docs/understanding-roles) for the resource. Roles pulumi.StringArrayInput `pulumi:"roles"` }
func (SecretRolesetBindingArgs) ElementType ¶
func (SecretRolesetBindingArgs) ElementType() reflect.Type
func (SecretRolesetBindingArgs) ToSecretRolesetBindingOutput ¶
func (i SecretRolesetBindingArgs) ToSecretRolesetBindingOutput() SecretRolesetBindingOutput
func (SecretRolesetBindingArgs) ToSecretRolesetBindingOutputWithContext ¶
func (i SecretRolesetBindingArgs) ToSecretRolesetBindingOutputWithContext(ctx context.Context) SecretRolesetBindingOutput
type SecretRolesetBindingArray ¶
type SecretRolesetBindingArray []SecretRolesetBindingInput
func (SecretRolesetBindingArray) ElementType ¶
func (SecretRolesetBindingArray) ElementType() reflect.Type
func (SecretRolesetBindingArray) ToSecretRolesetBindingArrayOutput ¶
func (i SecretRolesetBindingArray) ToSecretRolesetBindingArrayOutput() SecretRolesetBindingArrayOutput
func (SecretRolesetBindingArray) ToSecretRolesetBindingArrayOutputWithContext ¶
func (i SecretRolesetBindingArray) ToSecretRolesetBindingArrayOutputWithContext(ctx context.Context) SecretRolesetBindingArrayOutput
type SecretRolesetBindingArrayInput ¶
type SecretRolesetBindingArrayInput interface { pulumi.Input ToSecretRolesetBindingArrayOutput() SecretRolesetBindingArrayOutput ToSecretRolesetBindingArrayOutputWithContext(context.Context) SecretRolesetBindingArrayOutput }
SecretRolesetBindingArrayInput is an input type that accepts SecretRolesetBindingArray and SecretRolesetBindingArrayOutput values. You can construct a concrete instance of `SecretRolesetBindingArrayInput` via:
SecretRolesetBindingArray{ SecretRolesetBindingArgs{...} }
type SecretRolesetBindingArrayOutput ¶
type SecretRolesetBindingArrayOutput struct{ *pulumi.OutputState }
func (SecretRolesetBindingArrayOutput) ElementType ¶
func (SecretRolesetBindingArrayOutput) ElementType() reflect.Type
func (SecretRolesetBindingArrayOutput) Index ¶
func (o SecretRolesetBindingArrayOutput) Index(i pulumi.IntInput) SecretRolesetBindingOutput
func (SecretRolesetBindingArrayOutput) ToSecretRolesetBindingArrayOutput ¶
func (o SecretRolesetBindingArrayOutput) ToSecretRolesetBindingArrayOutput() SecretRolesetBindingArrayOutput
func (SecretRolesetBindingArrayOutput) ToSecretRolesetBindingArrayOutputWithContext ¶
func (o SecretRolesetBindingArrayOutput) ToSecretRolesetBindingArrayOutputWithContext(ctx context.Context) SecretRolesetBindingArrayOutput
type SecretRolesetBindingInput ¶
type SecretRolesetBindingInput interface { pulumi.Input ToSecretRolesetBindingOutput() SecretRolesetBindingOutput ToSecretRolesetBindingOutputWithContext(context.Context) SecretRolesetBindingOutput }
SecretRolesetBindingInput is an input type that accepts SecretRolesetBindingArgs and SecretRolesetBindingOutput values. You can construct a concrete instance of `SecretRolesetBindingInput` via:
SecretRolesetBindingArgs{...}
type SecretRolesetBindingOutput ¶
type SecretRolesetBindingOutput struct{ *pulumi.OutputState }
func (SecretRolesetBindingOutput) ElementType ¶
func (SecretRolesetBindingOutput) ElementType() reflect.Type
func (SecretRolesetBindingOutput) Resource ¶
func (o SecretRolesetBindingOutput) Resource() pulumi.StringOutput
Resource or resource path for which IAM policy information will be bound. The resource path may be specified in a few different [formats](https://www.vaultproject.io/docs/secrets/gcp/index.html#roleset-bindings).
func (SecretRolesetBindingOutput) Roles ¶
func (o SecretRolesetBindingOutput) Roles() pulumi.StringArrayOutput
List of [GCP IAM roles](https://cloud.google.com/iam/docs/understanding-roles) for the resource.
func (SecretRolesetBindingOutput) ToSecretRolesetBindingOutput ¶
func (o SecretRolesetBindingOutput) ToSecretRolesetBindingOutput() SecretRolesetBindingOutput
func (SecretRolesetBindingOutput) ToSecretRolesetBindingOutputWithContext ¶
func (o SecretRolesetBindingOutput) ToSecretRolesetBindingOutputWithContext(ctx context.Context) SecretRolesetBindingOutput
type SecretRolesetInput ¶
type SecretRolesetInput interface { pulumi.Input ToSecretRolesetOutput() SecretRolesetOutput ToSecretRolesetOutputWithContext(ctx context.Context) SecretRolesetOutput }
type SecretRolesetMap ¶
type SecretRolesetMap map[string]SecretRolesetInput
func (SecretRolesetMap) ElementType ¶
func (SecretRolesetMap) ElementType() reflect.Type
func (SecretRolesetMap) ToSecretRolesetMapOutput ¶
func (i SecretRolesetMap) ToSecretRolesetMapOutput() SecretRolesetMapOutput
func (SecretRolesetMap) ToSecretRolesetMapOutputWithContext ¶
func (i SecretRolesetMap) ToSecretRolesetMapOutputWithContext(ctx context.Context) SecretRolesetMapOutput
type SecretRolesetMapInput ¶
type SecretRolesetMapInput interface { pulumi.Input ToSecretRolesetMapOutput() SecretRolesetMapOutput ToSecretRolesetMapOutputWithContext(context.Context) SecretRolesetMapOutput }
SecretRolesetMapInput is an input type that accepts SecretRolesetMap and SecretRolesetMapOutput values. You can construct a concrete instance of `SecretRolesetMapInput` via:
SecretRolesetMap{ "key": SecretRolesetArgs{...} }
type SecretRolesetMapOutput ¶
type SecretRolesetMapOutput struct{ *pulumi.OutputState }
func (SecretRolesetMapOutput) ElementType ¶
func (SecretRolesetMapOutput) ElementType() reflect.Type
func (SecretRolesetMapOutput) MapIndex ¶
func (o SecretRolesetMapOutput) MapIndex(k pulumi.StringInput) SecretRolesetOutput
func (SecretRolesetMapOutput) ToSecretRolesetMapOutput ¶
func (o SecretRolesetMapOutput) ToSecretRolesetMapOutput() SecretRolesetMapOutput
func (SecretRolesetMapOutput) ToSecretRolesetMapOutputWithContext ¶
func (o SecretRolesetMapOutput) ToSecretRolesetMapOutputWithContext(ctx context.Context) SecretRolesetMapOutput
type SecretRolesetOutput ¶
type SecretRolesetOutput struct{ *pulumi.OutputState }
func (SecretRolesetOutput) Backend ¶
func (o SecretRolesetOutput) Backend() pulumi.StringOutput
Path where the GCP Secrets Engine is mounted
func (SecretRolesetOutput) Bindings ¶
func (o SecretRolesetOutput) Bindings() SecretRolesetBindingArrayOutput
Bindings to create for this roleset. This can be specified multiple times for multiple bindings. Structure is documented below.
func (SecretRolesetOutput) ElementType ¶
func (SecretRolesetOutput) ElementType() reflect.Type
func (SecretRolesetOutput) Namespace ¶
func (o SecretRolesetOutput) Namespace() pulumi.StringPtrOutput
The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). *Available only for Vault Enterprise*.
func (SecretRolesetOutput) Project ¶
func (o SecretRolesetOutput) Project() pulumi.StringOutput
Name of the GCP project that this roleset's service account will belong to.
func (SecretRolesetOutput) Roleset ¶
func (o SecretRolesetOutput) Roleset() pulumi.StringOutput
Name of the Roleset to create
func (SecretRolesetOutput) SecretType ¶
func (o SecretRolesetOutput) SecretType() pulumi.StringOutput
Type of secret generated for this role set. Accepted values: `accessToken`, `serviceAccountKey`. Defaults to `accessToken`.
func (SecretRolesetOutput) ServiceAccountEmail ¶
func (o SecretRolesetOutput) ServiceAccountEmail() pulumi.StringOutput
Email of the service account created by Vault for this Roleset.
func (SecretRolesetOutput) ToSecretRolesetOutput ¶
func (o SecretRolesetOutput) ToSecretRolesetOutput() SecretRolesetOutput
func (SecretRolesetOutput) ToSecretRolesetOutputWithContext ¶
func (o SecretRolesetOutput) ToSecretRolesetOutputWithContext(ctx context.Context) SecretRolesetOutput
func (SecretRolesetOutput) TokenScopes ¶
func (o SecretRolesetOutput) TokenScopes() pulumi.StringArrayOutput
List of OAuth scopes to assign to `accessToken` secrets generated under this role set (`accessToken` role sets only).
type SecretRolesetState ¶
type SecretRolesetState struct { // Path where the GCP Secrets Engine is mounted Backend pulumi.StringPtrInput // Bindings to create for this roleset. This can be specified multiple times for multiple bindings. Structure is documented below. Bindings SecretRolesetBindingArrayInput // The namespace to provision the resource in. // The value should not contain leading or trailing forward slashes. // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). // *Available only for Vault Enterprise*. Namespace pulumi.StringPtrInput // Name of the GCP project that this roleset's service account will belong to. Project pulumi.StringPtrInput // Name of the Roleset to create Roleset pulumi.StringPtrInput // Type of secret generated for this role set. Accepted values: `accessToken`, `serviceAccountKey`. Defaults to `accessToken`. SecretType pulumi.StringPtrInput // Email of the service account created by Vault for this Roleset. ServiceAccountEmail pulumi.StringPtrInput // List of OAuth scopes to assign to `accessToken` secrets generated under this role set (`accessToken` role sets only). TokenScopes pulumi.StringArrayInput }
func (SecretRolesetState) ElementType ¶
func (SecretRolesetState) ElementType() reflect.Type
type SecretStaticAccount ¶
type SecretStaticAccount struct { pulumi.CustomResourceState // Path where the GCP Secrets Engine is mounted Backend pulumi.StringOutput `pulumi:"backend"` // Bindings to create for this static account. This can be specified multiple times for multiple bindings. Structure is documented below. Bindings SecretStaticAccountBindingArrayOutput `pulumi:"bindings"` // The namespace to provision the resource in. // The value should not contain leading or trailing forward slashes. // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). // *Available only for Vault Enterprise*. Namespace pulumi.StringPtrOutput `pulumi:"namespace"` // Type of secret generated for this static account. Accepted values: `accessToken`, `serviceAccountKey`. Defaults to `accessToken`. SecretType pulumi.StringOutput `pulumi:"secretType"` // Email of the GCP service account to manage. ServiceAccountEmail pulumi.StringOutput `pulumi:"serviceAccountEmail"` // Project the service account belongs to. ServiceAccountProject pulumi.StringOutput `pulumi:"serviceAccountProject"` // Name of the Static Account to create StaticAccount pulumi.StringOutput `pulumi:"staticAccount"` // List of OAuth scopes to assign to `accessToken` secrets generated under this static account (`accessToken` static accounts only). TokenScopes pulumi.StringArrayOutput `pulumi:"tokenScopes"` }
Creates a Static Account in the [GCP Secrets Engine](https://www.vaultproject.io/docs/secrets/gcp/index.html) for Vault.
Each [static account](https://www.vaultproject.io/docs/secrets/gcp/index.html#static-accounts) is tied to a separately managed Service Account, and can have one or more [bindings](https://www.vaultproject.io/docs/secrets/gcp/index.html#bindings) associated with it.
## Example Usage
<!--Start PulumiCodeChooser --> ```go package main
import (
"fmt" "os" "github.com/pulumi/pulumi-gcp/sdk/v5/go/gcp/serviceAccount" "github.com/pulumi/pulumi-vault/sdk/v6/go/vault/gcp" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func readFileOrPanic(path string) pulumi.StringPtrInput { data, err := os.ReadFile(path) if err != nil { panic(err.Error()) } return pulumi.String(string(data)) } func main() { pulumi.Run(func(ctx *pulumi.Context) error { this, err := serviceAccount.NewAccount(ctx, "this", &serviceAccount.AccountArgs{ AccountId: pulumi.String("my-awesome-account"), }) if err != nil { return err } gcp, err := gcp.NewSecretBackend(ctx, "gcp", &gcp.SecretBackendArgs{ Path: pulumi.String("gcp"), Credentials: readFileOrPanic("credentials.json"), }) if err != nil { return err } _, err = gcp.NewSecretStaticAccount(ctx, "staticAccount", &gcp.SecretStaticAccountArgs{ Backend: gcp.Path, StaticAccount: pulumi.String("project_viewer"), SecretType: pulumi.String("access_token"), TokenScopes: pulumi.StringArray{ pulumi.String("https://www.googleapis.com/auth/cloud-platform"), }, ServiceAccountEmail: this.Email, Bindings: gcp.SecretStaticAccountBindingArray{ &gcp.SecretStaticAccountBindingArgs{ Resource: this.Project.ApplyT(func(project string) (string, error) { return fmt.Sprintf("//cloudresourcemanager.googleapis.com/projects/%v", project), nil }).(pulumi.StringOutput), Roles: pulumi.StringArray{ pulumi.String("roles/viewer"), }, }, }, }) if err != nil { return err } return nil }) }
``` <!--End PulumiCodeChooser -->
## Import
A static account can be imported using its Vault Path. For example, referencing the example above,
```sh $ pulumi import vault:gcp/secretStaticAccount:SecretStaticAccount static_account gcp/static-account/project_viewer ```
func GetSecretStaticAccount ¶
func GetSecretStaticAccount(ctx *pulumi.Context, name string, id pulumi.IDInput, state *SecretStaticAccountState, opts ...pulumi.ResourceOption) (*SecretStaticAccount, error)
GetSecretStaticAccount gets an existing SecretStaticAccount resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewSecretStaticAccount ¶
func NewSecretStaticAccount(ctx *pulumi.Context, name string, args *SecretStaticAccountArgs, opts ...pulumi.ResourceOption) (*SecretStaticAccount, error)
NewSecretStaticAccount registers a new resource with the given unique name, arguments, and options.
func (*SecretStaticAccount) ElementType ¶
func (*SecretStaticAccount) ElementType() reflect.Type
func (*SecretStaticAccount) ToSecretStaticAccountOutput ¶
func (i *SecretStaticAccount) ToSecretStaticAccountOutput() SecretStaticAccountOutput
func (*SecretStaticAccount) ToSecretStaticAccountOutputWithContext ¶
func (i *SecretStaticAccount) ToSecretStaticAccountOutputWithContext(ctx context.Context) SecretStaticAccountOutput
type SecretStaticAccountArgs ¶
type SecretStaticAccountArgs struct { // Path where the GCP Secrets Engine is mounted Backend pulumi.StringInput // Bindings to create for this static account. This can be specified multiple times for multiple bindings. Structure is documented below. Bindings SecretStaticAccountBindingArrayInput // The namespace to provision the resource in. // The value should not contain leading or trailing forward slashes. // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). // *Available only for Vault Enterprise*. Namespace pulumi.StringPtrInput // Type of secret generated for this static account. Accepted values: `accessToken`, `serviceAccountKey`. Defaults to `accessToken`. SecretType pulumi.StringPtrInput // Email of the GCP service account to manage. ServiceAccountEmail pulumi.StringInput // Name of the Static Account to create StaticAccount pulumi.StringInput // List of OAuth scopes to assign to `accessToken` secrets generated under this static account (`accessToken` static accounts only). TokenScopes pulumi.StringArrayInput }
The set of arguments for constructing a SecretStaticAccount resource.
func (SecretStaticAccountArgs) ElementType ¶
func (SecretStaticAccountArgs) ElementType() reflect.Type
type SecretStaticAccountArray ¶
type SecretStaticAccountArray []SecretStaticAccountInput
func (SecretStaticAccountArray) ElementType ¶
func (SecretStaticAccountArray) ElementType() reflect.Type
func (SecretStaticAccountArray) ToSecretStaticAccountArrayOutput ¶
func (i SecretStaticAccountArray) ToSecretStaticAccountArrayOutput() SecretStaticAccountArrayOutput
func (SecretStaticAccountArray) ToSecretStaticAccountArrayOutputWithContext ¶
func (i SecretStaticAccountArray) ToSecretStaticAccountArrayOutputWithContext(ctx context.Context) SecretStaticAccountArrayOutput
type SecretStaticAccountArrayInput ¶
type SecretStaticAccountArrayInput interface { pulumi.Input ToSecretStaticAccountArrayOutput() SecretStaticAccountArrayOutput ToSecretStaticAccountArrayOutputWithContext(context.Context) SecretStaticAccountArrayOutput }
SecretStaticAccountArrayInput is an input type that accepts SecretStaticAccountArray and SecretStaticAccountArrayOutput values. You can construct a concrete instance of `SecretStaticAccountArrayInput` via:
SecretStaticAccountArray{ SecretStaticAccountArgs{...} }
type SecretStaticAccountArrayOutput ¶
type SecretStaticAccountArrayOutput struct{ *pulumi.OutputState }
func (SecretStaticAccountArrayOutput) ElementType ¶
func (SecretStaticAccountArrayOutput) ElementType() reflect.Type
func (SecretStaticAccountArrayOutput) Index ¶
func (o SecretStaticAccountArrayOutput) Index(i pulumi.IntInput) SecretStaticAccountOutput
func (SecretStaticAccountArrayOutput) ToSecretStaticAccountArrayOutput ¶
func (o SecretStaticAccountArrayOutput) ToSecretStaticAccountArrayOutput() SecretStaticAccountArrayOutput
func (SecretStaticAccountArrayOutput) ToSecretStaticAccountArrayOutputWithContext ¶
func (o SecretStaticAccountArrayOutput) ToSecretStaticAccountArrayOutputWithContext(ctx context.Context) SecretStaticAccountArrayOutput
type SecretStaticAccountBinding ¶
type SecretStaticAccountBinding struct { // Resource or resource path for which IAM policy information will be bound. The resource path may be specified in a few different [formats](https://www.vaultproject.io/docs/secrets/gcp/index.html#bindings). Resource string `pulumi:"resource"` // List of [GCP IAM roles](https://cloud.google.com/iam/docs/understanding-roles) for the resource. Roles []string `pulumi:"roles"` }
type SecretStaticAccountBindingArgs ¶
type SecretStaticAccountBindingArgs struct { // Resource or resource path for which IAM policy information will be bound. The resource path may be specified in a few different [formats](https://www.vaultproject.io/docs/secrets/gcp/index.html#bindings). Resource pulumi.StringInput `pulumi:"resource"` // List of [GCP IAM roles](https://cloud.google.com/iam/docs/understanding-roles) for the resource. Roles pulumi.StringArrayInput `pulumi:"roles"` }
func (SecretStaticAccountBindingArgs) ElementType ¶
func (SecretStaticAccountBindingArgs) ElementType() reflect.Type
func (SecretStaticAccountBindingArgs) ToSecretStaticAccountBindingOutput ¶
func (i SecretStaticAccountBindingArgs) ToSecretStaticAccountBindingOutput() SecretStaticAccountBindingOutput
func (SecretStaticAccountBindingArgs) ToSecretStaticAccountBindingOutputWithContext ¶
func (i SecretStaticAccountBindingArgs) ToSecretStaticAccountBindingOutputWithContext(ctx context.Context) SecretStaticAccountBindingOutput
type SecretStaticAccountBindingArray ¶
type SecretStaticAccountBindingArray []SecretStaticAccountBindingInput
func (SecretStaticAccountBindingArray) ElementType ¶
func (SecretStaticAccountBindingArray) ElementType() reflect.Type
func (SecretStaticAccountBindingArray) ToSecretStaticAccountBindingArrayOutput ¶
func (i SecretStaticAccountBindingArray) ToSecretStaticAccountBindingArrayOutput() SecretStaticAccountBindingArrayOutput
func (SecretStaticAccountBindingArray) ToSecretStaticAccountBindingArrayOutputWithContext ¶
func (i SecretStaticAccountBindingArray) ToSecretStaticAccountBindingArrayOutputWithContext(ctx context.Context) SecretStaticAccountBindingArrayOutput
type SecretStaticAccountBindingArrayInput ¶
type SecretStaticAccountBindingArrayInput interface { pulumi.Input ToSecretStaticAccountBindingArrayOutput() SecretStaticAccountBindingArrayOutput ToSecretStaticAccountBindingArrayOutputWithContext(context.Context) SecretStaticAccountBindingArrayOutput }
SecretStaticAccountBindingArrayInput is an input type that accepts SecretStaticAccountBindingArray and SecretStaticAccountBindingArrayOutput values. You can construct a concrete instance of `SecretStaticAccountBindingArrayInput` via:
SecretStaticAccountBindingArray{ SecretStaticAccountBindingArgs{...} }
type SecretStaticAccountBindingArrayOutput ¶
type SecretStaticAccountBindingArrayOutput struct{ *pulumi.OutputState }
func (SecretStaticAccountBindingArrayOutput) ElementType ¶
func (SecretStaticAccountBindingArrayOutput) ElementType() reflect.Type
func (SecretStaticAccountBindingArrayOutput) Index ¶
func (o SecretStaticAccountBindingArrayOutput) Index(i pulumi.IntInput) SecretStaticAccountBindingOutput
func (SecretStaticAccountBindingArrayOutput) ToSecretStaticAccountBindingArrayOutput ¶
func (o SecretStaticAccountBindingArrayOutput) ToSecretStaticAccountBindingArrayOutput() SecretStaticAccountBindingArrayOutput
func (SecretStaticAccountBindingArrayOutput) ToSecretStaticAccountBindingArrayOutputWithContext ¶
func (o SecretStaticAccountBindingArrayOutput) ToSecretStaticAccountBindingArrayOutputWithContext(ctx context.Context) SecretStaticAccountBindingArrayOutput
type SecretStaticAccountBindingInput ¶
type SecretStaticAccountBindingInput interface { pulumi.Input ToSecretStaticAccountBindingOutput() SecretStaticAccountBindingOutput ToSecretStaticAccountBindingOutputWithContext(context.Context) SecretStaticAccountBindingOutput }
SecretStaticAccountBindingInput is an input type that accepts SecretStaticAccountBindingArgs and SecretStaticAccountBindingOutput values. You can construct a concrete instance of `SecretStaticAccountBindingInput` via:
SecretStaticAccountBindingArgs{...}
type SecretStaticAccountBindingOutput ¶
type SecretStaticAccountBindingOutput struct{ *pulumi.OutputState }
func (SecretStaticAccountBindingOutput) ElementType ¶
func (SecretStaticAccountBindingOutput) ElementType() reflect.Type
func (SecretStaticAccountBindingOutput) Resource ¶
func (o SecretStaticAccountBindingOutput) Resource() pulumi.StringOutput
Resource or resource path for which IAM policy information will be bound. The resource path may be specified in a few different [formats](https://www.vaultproject.io/docs/secrets/gcp/index.html#bindings).
func (SecretStaticAccountBindingOutput) Roles ¶
func (o SecretStaticAccountBindingOutput) Roles() pulumi.StringArrayOutput
List of [GCP IAM roles](https://cloud.google.com/iam/docs/understanding-roles) for the resource.
func (SecretStaticAccountBindingOutput) ToSecretStaticAccountBindingOutput ¶
func (o SecretStaticAccountBindingOutput) ToSecretStaticAccountBindingOutput() SecretStaticAccountBindingOutput
func (SecretStaticAccountBindingOutput) ToSecretStaticAccountBindingOutputWithContext ¶
func (o SecretStaticAccountBindingOutput) ToSecretStaticAccountBindingOutputWithContext(ctx context.Context) SecretStaticAccountBindingOutput
type SecretStaticAccountInput ¶
type SecretStaticAccountInput interface { pulumi.Input ToSecretStaticAccountOutput() SecretStaticAccountOutput ToSecretStaticAccountOutputWithContext(ctx context.Context) SecretStaticAccountOutput }
type SecretStaticAccountMap ¶
type SecretStaticAccountMap map[string]SecretStaticAccountInput
func (SecretStaticAccountMap) ElementType ¶
func (SecretStaticAccountMap) ElementType() reflect.Type
func (SecretStaticAccountMap) ToSecretStaticAccountMapOutput ¶
func (i SecretStaticAccountMap) ToSecretStaticAccountMapOutput() SecretStaticAccountMapOutput
func (SecretStaticAccountMap) ToSecretStaticAccountMapOutputWithContext ¶
func (i SecretStaticAccountMap) ToSecretStaticAccountMapOutputWithContext(ctx context.Context) SecretStaticAccountMapOutput
type SecretStaticAccountMapInput ¶
type SecretStaticAccountMapInput interface { pulumi.Input ToSecretStaticAccountMapOutput() SecretStaticAccountMapOutput ToSecretStaticAccountMapOutputWithContext(context.Context) SecretStaticAccountMapOutput }
SecretStaticAccountMapInput is an input type that accepts SecretStaticAccountMap and SecretStaticAccountMapOutput values. You can construct a concrete instance of `SecretStaticAccountMapInput` via:
SecretStaticAccountMap{ "key": SecretStaticAccountArgs{...} }
type SecretStaticAccountMapOutput ¶
type SecretStaticAccountMapOutput struct{ *pulumi.OutputState }
func (SecretStaticAccountMapOutput) ElementType ¶
func (SecretStaticAccountMapOutput) ElementType() reflect.Type
func (SecretStaticAccountMapOutput) MapIndex ¶
func (o SecretStaticAccountMapOutput) MapIndex(k pulumi.StringInput) SecretStaticAccountOutput
func (SecretStaticAccountMapOutput) ToSecretStaticAccountMapOutput ¶
func (o SecretStaticAccountMapOutput) ToSecretStaticAccountMapOutput() SecretStaticAccountMapOutput
func (SecretStaticAccountMapOutput) ToSecretStaticAccountMapOutputWithContext ¶
func (o SecretStaticAccountMapOutput) ToSecretStaticAccountMapOutputWithContext(ctx context.Context) SecretStaticAccountMapOutput
type SecretStaticAccountOutput ¶
type SecretStaticAccountOutput struct{ *pulumi.OutputState }
func (SecretStaticAccountOutput) Backend ¶
func (o SecretStaticAccountOutput) Backend() pulumi.StringOutput
Path where the GCP Secrets Engine is mounted
func (SecretStaticAccountOutput) Bindings ¶
func (o SecretStaticAccountOutput) Bindings() SecretStaticAccountBindingArrayOutput
Bindings to create for this static account. This can be specified multiple times for multiple bindings. Structure is documented below.
func (SecretStaticAccountOutput) ElementType ¶
func (SecretStaticAccountOutput) ElementType() reflect.Type
func (SecretStaticAccountOutput) Namespace ¶
func (o SecretStaticAccountOutput) Namespace() pulumi.StringPtrOutput
The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). *Available only for Vault Enterprise*.
func (SecretStaticAccountOutput) SecretType ¶
func (o SecretStaticAccountOutput) SecretType() pulumi.StringOutput
Type of secret generated for this static account. Accepted values: `accessToken`, `serviceAccountKey`. Defaults to `accessToken`.
func (SecretStaticAccountOutput) ServiceAccountEmail ¶
func (o SecretStaticAccountOutput) ServiceAccountEmail() pulumi.StringOutput
Email of the GCP service account to manage.
func (SecretStaticAccountOutput) ServiceAccountProject ¶
func (o SecretStaticAccountOutput) ServiceAccountProject() pulumi.StringOutput
Project the service account belongs to.
func (SecretStaticAccountOutput) StaticAccount ¶
func (o SecretStaticAccountOutput) StaticAccount() pulumi.StringOutput
Name of the Static Account to create
func (SecretStaticAccountOutput) ToSecretStaticAccountOutput ¶
func (o SecretStaticAccountOutput) ToSecretStaticAccountOutput() SecretStaticAccountOutput
func (SecretStaticAccountOutput) ToSecretStaticAccountOutputWithContext ¶
func (o SecretStaticAccountOutput) ToSecretStaticAccountOutputWithContext(ctx context.Context) SecretStaticAccountOutput
func (SecretStaticAccountOutput) TokenScopes ¶
func (o SecretStaticAccountOutput) TokenScopes() pulumi.StringArrayOutput
List of OAuth scopes to assign to `accessToken` secrets generated under this static account (`accessToken` static accounts only).
type SecretStaticAccountState ¶
type SecretStaticAccountState struct { // Path where the GCP Secrets Engine is mounted Backend pulumi.StringPtrInput // Bindings to create for this static account. This can be specified multiple times for multiple bindings. Structure is documented below. Bindings SecretStaticAccountBindingArrayInput // The namespace to provision the resource in. // The value should not contain leading or trailing forward slashes. // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). // *Available only for Vault Enterprise*. Namespace pulumi.StringPtrInput // Type of secret generated for this static account. Accepted values: `accessToken`, `serviceAccountKey`. Defaults to `accessToken`. SecretType pulumi.StringPtrInput // Email of the GCP service account to manage. ServiceAccountEmail pulumi.StringPtrInput // Project the service account belongs to. ServiceAccountProject pulumi.StringPtrInput // Name of the Static Account to create StaticAccount pulumi.StringPtrInput // List of OAuth scopes to assign to `accessToken` secrets generated under this static account (`accessToken` static accounts only). TokenScopes pulumi.StringArrayInput }
func (SecretStaticAccountState) ElementType ¶
func (SecretStaticAccountState) ElementType() reflect.Type