jwt

package
v6.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 4, 2024 License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AuthBackend 

type AuthBackend struct {
	pulumi.CustomResourceState

	// The accessor for this auth method
	Accessor pulumi.StringOutput `pulumi:"accessor"`
	// The value against which to match the iss claim in a JWT
	BoundIssuer pulumi.StringPtrOutput `pulumi:"boundIssuer"`
	// The default role to use if none is provided during login
	DefaultRole pulumi.StringPtrOutput `pulumi:"defaultRole"`
	// The description of the auth backend
	Description pulumi.StringPtrOutput `pulumi:"description"`
	// If set, opts out of mount migration on path updates.
	// See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
	DisableRemount pulumi.BoolPtrOutput `pulumi:"disableRemount"`
	// The CA certificate or chain of certificates, in PEM format, to use to validate connections to the JWKS URL. If not set, system certificates are used.
	JwksCaPem pulumi.StringPtrOutput `pulumi:"jwksCaPem"`
	// JWKS URL to use to authenticate signatures. Cannot be used with "oidcDiscoveryUrl" or "jwtValidationPubkeys".
	JwksUrl pulumi.StringPtrOutput `pulumi:"jwksUrl"`
	// A list of supported signing algorithms. Vault 1.1.0 defaults to [RS256] but future or past versions of Vault may differ
	JwtSupportedAlgs pulumi.StringArrayOutput `pulumi:"jwtSupportedAlgs"`
	// A list of PEM-encoded public keys to use to authenticate signatures locally. Cannot be used in combination with `oidcDiscoveryUrl`
	JwtValidationPubkeys pulumi.StringArrayOutput `pulumi:"jwtValidationPubkeys"`
	// Specifies if the auth method is local only.
	Local pulumi.BoolPtrOutput `pulumi:"local"`
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrOutput `pulumi:"namespace"`
	// Pass namespace in the OIDC state parameter instead of as a separate query parameter. With this setting, the allowed redirect URL(s) in Vault and on the provider side should not contain a namespace query parameter. This means only one redirect URL entry needs to be maintained on the OIDC provider side for all vault namespaces that will be authenticating against it. Defaults to true for new configs
	//
	// * tune - (Optional) Extra configuration block. Structure is documented below.
	//
	// The `tune` block is used to tune the auth backend:
	NamespaceInState pulumi.BoolPtrOutput `pulumi:"namespaceInState"`
	// Client ID used for OIDC backends
	OidcClientId pulumi.StringPtrOutput `pulumi:"oidcClientId"`
	// Client Secret used for OIDC backends
	OidcClientSecret pulumi.StringPtrOutput `pulumi:"oidcClientSecret"`
	// The CA certificate or chain of certificates, in PEM format, to use to validate connections to the OIDC Discovery URL. If not set, system certificates are used
	OidcDiscoveryCaPem pulumi.StringPtrOutput `pulumi:"oidcDiscoveryCaPem"`
	// The OIDC Discovery URL, without any .well-known component (base path). Cannot be used in combination with `jwtValidationPubkeys`
	OidcDiscoveryUrl pulumi.StringPtrOutput `pulumi:"oidcDiscoveryUrl"`
	// The response mode to be used in the OAuth2 request. Allowed values are `query` and `formPost`. Defaults to `query`. If using Vault namespaces, and `oidcResponseMode` is `formPost`, then `namespaceInState` should be set to `false`.
	OidcResponseMode pulumi.StringPtrOutput `pulumi:"oidcResponseMode"`
	// List of response types to request. Allowed values are 'code' and 'id_token'. Defaults to `["code"]`. Note: `idToken` may only be used if `oidcResponseMode` is set to `formPost`.
	OidcResponseTypes pulumi.StringArrayOutput `pulumi:"oidcResponseTypes"`
	// Path to mount the JWT/OIDC auth backend
	Path pulumi.StringPtrOutput `pulumi:"path"`
	// Provider specific handling configuration. All values may be strings, and the provider will convert to the appropriate type when configuring Vault.
	ProviderConfig pulumi.StringMapOutput `pulumi:"providerConfig"`
	Tune           AuthBackendTuneOutput  `pulumi:"tune"`
	// Type of auth backend. Should be one of `jwt` or `oidc`. Default - `jwt`
	Type pulumi.StringPtrOutput `pulumi:"type"`
}

Provides a resource for managing an [JWT auth backend within Vault](https://www.vaultproject.io/docs/auth/jwt.html).

## Example Usage

Manage JWT auth backend:

<!--Start PulumiCodeChooser --> ```go package main

import ( 

"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/jwt"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := jwt.NewAuthBackend(ctx, "example", &jwt.AuthBackendArgs{
			BoundIssuer:      pulumi.String("https://myco.auth0.com/"),
			Description:      pulumi.String("Demonstration of the Terraform JWT auth backend"),
			OidcDiscoveryUrl: pulumi.String("https://myco.auth0.com/"),
			Path:             pulumi.String("jwt"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` <!--End PulumiCodeChooser -->

Manage OIDC auth backend:

<!--Start PulumiCodeChooser --> ```go package main

import ( 

"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/jwt"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := jwt.NewAuthBackend(ctx, "example", &jwt.AuthBackendArgs{
			BoundIssuer:      pulumi.String("https://myco.auth0.com/"),
			Description:      pulumi.String("Demonstration of the Terraform JWT auth backend"),
			OidcClientId:     pulumi.String("1234567890"),
			OidcClientSecret: pulumi.String("secret123456"),
			OidcDiscoveryUrl: pulumi.String("https://myco.auth0.com/"),
			Path:             pulumi.String("oidc"),
			Tune: &jwt.AuthBackendTuneArgs{
				ListingVisibility: pulumi.String("unauth"),
			},
			Type: pulumi.String("oidc"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` <!--End PulumiCodeChooser -->

Configuring the auth backend with a `provider_config:

<!--Start PulumiCodeChooser --> ```go package main

import ( 

"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/jwt"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := jwt.NewAuthBackend(ctx, "gsuite", &jwt.AuthBackendArgs{
			Description:      pulumi.String("OIDC backend"),
			OidcDiscoveryUrl: pulumi.String("https://accounts.google.com"),
			Path:             pulumi.String("oidc"),
			ProviderConfig: pulumi.StringMap{
				"fetch_groups":             pulumi.String("true"),
				"fetch_user_info":          pulumi.String("true"),
				"groups_recurse_max_depth": pulumi.String("1"),
				"provider":                 pulumi.String("gsuite"),
			},
			Type: pulumi.String("oidc"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` <!--End PulumiCodeChooser -->

## Import

JWT auth backend can be imported using the `path`, e.g.

```sh $ pulumi import vault:jwt/authBackend:AuthBackend oidc oidc ``` or

```sh $ pulumi import vault:jwt/authBackend:AuthBackend jwt jwt ```

func GetAuthBackend 

func GetAuthBackend(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AuthBackendState, opts ...pulumi.ResourceOption) (*AuthBackend, error)

GetAuthBackend gets an existing AuthBackend resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAuthBackend 

func NewAuthBackend(ctx *pulumi.Context,
	name string, args *AuthBackendArgs, opts ...pulumi.ResourceOption) (*AuthBackend, error)

NewAuthBackend registers a new resource with the given unique name, arguments, and options.

func (*AuthBackend) ElementType 

func (*AuthBackend) ElementType() reflect.Type

func (*AuthBackend) ToAuthBackendOutput 

func (i *AuthBackend) ToAuthBackendOutput() AuthBackendOutput

func (*AuthBackend) ToAuthBackendOutputWithContext 

func (i *AuthBackend) ToAuthBackendOutputWithContext(ctx context.Context) AuthBackendOutput

type AuthBackendArgs 

type AuthBackendArgs struct {
	// The value against which to match the iss claim in a JWT
	BoundIssuer pulumi.StringPtrInput
	// The default role to use if none is provided during login
	DefaultRole pulumi.StringPtrInput
	// The description of the auth backend
	Description pulumi.StringPtrInput
	// If set, opts out of mount migration on path updates.
	// See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
	DisableRemount pulumi.BoolPtrInput
	// The CA certificate or chain of certificates, in PEM format, to use to validate connections to the JWKS URL. If not set, system certificates are used.
	JwksCaPem pulumi.StringPtrInput
	// JWKS URL to use to authenticate signatures. Cannot be used with "oidcDiscoveryUrl" or "jwtValidationPubkeys".
	JwksUrl pulumi.StringPtrInput
	// A list of supported signing algorithms. Vault 1.1.0 defaults to [RS256] but future or past versions of Vault may differ
	JwtSupportedAlgs pulumi.StringArrayInput
	// A list of PEM-encoded public keys to use to authenticate signatures locally. Cannot be used in combination with `oidcDiscoveryUrl`
	JwtValidationPubkeys pulumi.StringArrayInput
	// Specifies if the auth method is local only.
	Local pulumi.BoolPtrInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// Pass namespace in the OIDC state parameter instead of as a separate query parameter. With this setting, the allowed redirect URL(s) in Vault and on the provider side should not contain a namespace query parameter. This means only one redirect URL entry needs to be maintained on the OIDC provider side for all vault namespaces that will be authenticating against it. Defaults to true for new configs
	//
	// * tune - (Optional) Extra configuration block. Structure is documented below.
	//
	// The `tune` block is used to tune the auth backend:
	NamespaceInState pulumi.BoolPtrInput
	// Client ID used for OIDC backends
	OidcClientId pulumi.StringPtrInput
	// Client Secret used for OIDC backends
	OidcClientSecret pulumi.StringPtrInput
	// The CA certificate or chain of certificates, in PEM format, to use to validate connections to the OIDC Discovery URL. If not set, system certificates are used
	OidcDiscoveryCaPem pulumi.StringPtrInput
	// The OIDC Discovery URL, without any .well-known component (base path). Cannot be used in combination with `jwtValidationPubkeys`
	OidcDiscoveryUrl pulumi.StringPtrInput
	// The response mode to be used in the OAuth2 request. Allowed values are `query` and `formPost`. Defaults to `query`. If using Vault namespaces, and `oidcResponseMode` is `formPost`, then `namespaceInState` should be set to `false`.
	OidcResponseMode pulumi.StringPtrInput
	// List of response types to request. Allowed values are 'code' and 'id_token'. Defaults to `["code"]`. Note: `idToken` may only be used if `oidcResponseMode` is set to `formPost`.
	OidcResponseTypes pulumi.StringArrayInput
	// Path to mount the JWT/OIDC auth backend
	Path pulumi.StringPtrInput
	// Provider specific handling configuration. All values may be strings, and the provider will convert to the appropriate type when configuring Vault.
	ProviderConfig pulumi.StringMapInput
	Tune           AuthBackendTunePtrInput
	// Type of auth backend. Should be one of `jwt` or `oidc`. Default - `jwt`
	Type pulumi.StringPtrInput
}

The set of arguments for constructing a AuthBackend resource.

func (AuthBackendArgs) ElementType 

func (AuthBackendArgs) ElementType() reflect.Type

type AuthBackendArray 

type AuthBackendArray []AuthBackendInput

func (AuthBackendArray) ElementType 

func (AuthBackendArray) ElementType() reflect.Type

func (AuthBackendArray) ToAuthBackendArrayOutput 

func (i AuthBackendArray) ToAuthBackendArrayOutput() AuthBackendArrayOutput

func (AuthBackendArray) ToAuthBackendArrayOutputWithContext 

func (i AuthBackendArray) ToAuthBackendArrayOutputWithContext(ctx context.Context) AuthBackendArrayOutput

type AuthBackendArrayInput 

type AuthBackendArrayInput interface {
	pulumi.Input

	ToAuthBackendArrayOutput() AuthBackendArrayOutput
	ToAuthBackendArrayOutputWithContext(context.Context) AuthBackendArrayOutput
}

AuthBackendArrayInput is an input type that accepts AuthBackendArray and AuthBackendArrayOutput values. You can construct a concrete instance of `AuthBackendArrayInput` via: 

AuthBackendArray{ AuthBackendArgs{...} }

type AuthBackendArrayOutput 

type AuthBackendArrayOutput struct{ *pulumi.OutputState }

func (AuthBackendArrayOutput) ElementType 

func (AuthBackendArrayOutput) ElementType() reflect.Type

func (AuthBackendArrayOutput) Index 

func (o AuthBackendArrayOutput) Index(i pulumi.IntInput) AuthBackendOutput

func (AuthBackendArrayOutput) ToAuthBackendArrayOutput 

func (o AuthBackendArrayOutput) ToAuthBackendArrayOutput() AuthBackendArrayOutput

func (AuthBackendArrayOutput) ToAuthBackendArrayOutputWithContext 

func (o AuthBackendArrayOutput) ToAuthBackendArrayOutputWithContext(ctx context.Context) AuthBackendArrayOutput

type AuthBackendInput 

type AuthBackendInput interface {
	pulumi.Input

	ToAuthBackendOutput() AuthBackendOutput
	ToAuthBackendOutputWithContext(ctx context.Context) AuthBackendOutput
}

type AuthBackendMap 

type AuthBackendMap map[string]AuthBackendInput

func (AuthBackendMap) ElementType 

func (AuthBackendMap) ElementType() reflect.Type

func (AuthBackendMap) ToAuthBackendMapOutput 

func (i AuthBackendMap) ToAuthBackendMapOutput() AuthBackendMapOutput

func (AuthBackendMap) ToAuthBackendMapOutputWithContext 

func (i AuthBackendMap) ToAuthBackendMapOutputWithContext(ctx context.Context) AuthBackendMapOutput

type AuthBackendMapInput 

type AuthBackendMapInput interface {
	pulumi.Input

	ToAuthBackendMapOutput() AuthBackendMapOutput
	ToAuthBackendMapOutputWithContext(context.Context) AuthBackendMapOutput
}

AuthBackendMapInput is an input type that accepts AuthBackendMap and AuthBackendMapOutput values. You can construct a concrete instance of `AuthBackendMapInput` via: 

AuthBackendMap{ "key": AuthBackendArgs{...} }

type AuthBackendMapOutput 

type AuthBackendMapOutput struct{ *pulumi.OutputState }

func (AuthBackendMapOutput) ElementType 

func (AuthBackendMapOutput) ElementType() reflect.Type

func (AuthBackendMapOutput) MapIndex 

func (o AuthBackendMapOutput) MapIndex(k pulumi.StringInput) AuthBackendOutput

func (AuthBackendMapOutput) ToAuthBackendMapOutput 

func (o AuthBackendMapOutput) ToAuthBackendMapOutput() AuthBackendMapOutput

func (AuthBackendMapOutput) ToAuthBackendMapOutputWithContext 

func (o AuthBackendMapOutput) ToAuthBackendMapOutputWithContext(ctx context.Context) AuthBackendMapOutput

type AuthBackendOutput 

type AuthBackendOutput struct{ *pulumi.OutputState }

func (AuthBackendOutput) Accessor 

func (o AuthBackendOutput) Accessor() pulumi.StringOutput

The accessor for this auth method

func (AuthBackendOutput) BoundIssuer 

func (o AuthBackendOutput) BoundIssuer() pulumi.StringPtrOutput

The value against which to match the iss claim in a JWT

func (AuthBackendOutput) DefaultRole 

func (o AuthBackendOutput) DefaultRole() pulumi.StringPtrOutput

The default role to use if none is provided during login

func (AuthBackendOutput) Description 

func (o AuthBackendOutput) Description() pulumi.StringPtrOutput

The description of the auth backend

func (AuthBackendOutput) DisableRemount 

func (o AuthBackendOutput) DisableRemount() pulumi.BoolPtrOutput

If set, opts out of mount migration on path updates. See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)

func (AuthBackendOutput) ElementType 

func (AuthBackendOutput) ElementType() reflect.Type

func (AuthBackendOutput) JwksCaPem 

func (o AuthBackendOutput) JwksCaPem() pulumi.StringPtrOutput

The CA certificate or chain of certificates, in PEM format, to use to validate connections to the JWKS URL. If not set, system certificates are used.

func (AuthBackendOutput) JwksUrl 

func (o AuthBackendOutput) JwksUrl() pulumi.StringPtrOutput

JWKS URL to use to authenticate signatures. Cannot be used with "oidcDiscoveryUrl" or "jwtValidationPubkeys".

func (AuthBackendOutput) JwtSupportedAlgs 

func (o AuthBackendOutput) JwtSupportedAlgs() pulumi.StringArrayOutput

A list of supported signing algorithms. Vault 1.1.0 defaults to [RS256] but future or past versions of Vault may differ

func (AuthBackendOutput) JwtValidationPubkeys 

func (o AuthBackendOutput) JwtValidationPubkeys() pulumi.StringArrayOutput

A list of PEM-encoded public keys to use to authenticate signatures locally. Cannot be used in combination with `oidcDiscoveryUrl`

func (AuthBackendOutput) Local 

func (o AuthBackendOutput) Local() pulumi.BoolPtrOutput

Specifies if the auth method is local only.

func (AuthBackendOutput) Namespace 

func (o AuthBackendOutput) Namespace() pulumi.StringPtrOutput

The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). *Available only for Vault Enterprise*.

func (AuthBackendOutput) NamespaceInState 

func (o AuthBackendOutput) NamespaceInState() pulumi.BoolPtrOutput

Pass namespace in the OIDC state parameter instead of as a separate query parameter. With this setting, the allowed redirect URL(s) in Vault and on the provider side should not contain a namespace query parameter. This means only one redirect URL entry needs to be maintained on the OIDC provider side for all vault namespaces that will be authenticating against it. Defaults to true for new configs

* tune - (Optional) Extra configuration block. Structure is documented below.

The `tune` block is used to tune the auth backend:

func (AuthBackendOutput) OidcClientId 

func (o AuthBackendOutput) OidcClientId() pulumi.StringPtrOutput

Client ID used for OIDC backends

func (AuthBackendOutput) OidcClientSecret 

func (o AuthBackendOutput) OidcClientSecret() pulumi.StringPtrOutput

Client Secret used for OIDC backends

func (AuthBackendOutput) OidcDiscoveryCaPem 

func (o AuthBackendOutput) OidcDiscoveryCaPem() pulumi.StringPtrOutput

The CA certificate or chain of certificates, in PEM format, to use to validate connections to the OIDC Discovery URL. If not set, system certificates are used

func (AuthBackendOutput) OidcDiscoveryUrl 

func (o AuthBackendOutput) OidcDiscoveryUrl() pulumi.StringPtrOutput

The OIDC Discovery URL, without any .well-known component (base path). Cannot be used in combination with `jwtValidationPubkeys`

func (AuthBackendOutput) OidcResponseMode 

func (o AuthBackendOutput) OidcResponseMode() pulumi.StringPtrOutput

The response mode to be used in the OAuth2 request. Allowed values are `query` and `formPost`. Defaults to `query`. If using Vault namespaces, and `oidcResponseMode` is `formPost`, then `namespaceInState` should be set to `false`.

func (AuthBackendOutput) OidcResponseTypes 

func (o AuthBackendOutput) OidcResponseTypes() pulumi.StringArrayOutput

List of response types to request. Allowed values are 'code' and 'id_token'. Defaults to `["code"]`. Note: `idToken` may only be used if `oidcResponseMode` is set to `formPost`.

func (AuthBackendOutput) Path 

func (o AuthBackendOutput) Path() pulumi.StringPtrOutput

Path to mount the JWT/OIDC auth backend

func (AuthBackendOutput) ProviderConfig 

func (o AuthBackendOutput) ProviderConfig() pulumi.StringMapOutput

Provider specific handling configuration. All values may be strings, and the provider will convert to the appropriate type when configuring Vault.

func (AuthBackendOutput) ToAuthBackendOutput 

func (o AuthBackendOutput) ToAuthBackendOutput() AuthBackendOutput

func (AuthBackendOutput) ToAuthBackendOutputWithContext 

func (o AuthBackendOutput) ToAuthBackendOutputWithContext(ctx context.Context) AuthBackendOutput

func (AuthBackendOutput) Tune 

func (o AuthBackendOutput) Tune() AuthBackendTuneOutput

func (AuthBackendOutput) Type 

func (o AuthBackendOutput) Type() pulumi.StringPtrOutput

Type of auth backend. Should be one of `jwt` or `oidc`. Default - `jwt`

type AuthBackendRole 

type AuthBackendRole struct {
	pulumi.CustomResourceState

	// The list of allowed values for redirectUri during OIDC logins.
	// Required for OIDC roles
	AllowedRedirectUris pulumi.StringArrayOutput `pulumi:"allowedRedirectUris"`
	// The unique name of the auth backend to configure.
	// Defaults to `jwt`.
	Backend pulumi.StringPtrOutput `pulumi:"backend"`
	// (For "jwt" roles, at least one of `boundAudiences`, `boundSubject`, `boundClaims`
	// or `tokenBoundCidrs` is required. Optional for "oidc" roles.) List of `aud` claims to match against.
	// Any match is sufficient.
	BoundAudiences pulumi.StringArrayOutput `pulumi:"boundAudiences"`
	// If set, a map of claims to values to match against.
	// A claim's value must be a string, which may contain one value or multiple
	// comma-separated values, e.g. `"red"` or `"red,green,blue"`.
	BoundClaims pulumi.MapOutput `pulumi:"boundClaims"`
	// How to interpret values in the claims/values
	// map (`boundClaims`): can be either `string` (exact match) or `glob` (wildcard
	// match). Requires Vault 1.4.0 or above.
	BoundClaimsType pulumi.StringOutput `pulumi:"boundClaimsType"`
	// If set, requires that the `sub` claim matches
	// this value.
	BoundSubject pulumi.StringPtrOutput `pulumi:"boundSubject"`
	// If set, a map of claims (keys) to be copied
	// to specified metadata fields (values).
	ClaimMappings pulumi.MapOutput `pulumi:"claimMappings"`
	// The amount of leeway to add to all claims to account for clock skew, in
	// seconds. Defaults to `60` seconds if set to `0` and can be disabled if set to `-1`.
	// Only applicable with "jwt" roles.
	ClockSkewLeeway pulumi.IntPtrOutput `pulumi:"clockSkewLeeway"`
	// Disable bound claim value parsing. Useful when values contain commas.
	DisableBoundClaimsParsing pulumi.BoolPtrOutput `pulumi:"disableBoundClaimsParsing"`
	// The amount of leeway to add to expiration (`exp`) claims to account for
	// clock skew, in seconds. Defaults to `60` seconds if set to `0` and can be disabled if set to `-1`.
	// Only applicable with "jwt" roles.
	ExpirationLeeway pulumi.IntPtrOutput `pulumi:"expirationLeeway"`
	// The claim to use to uniquely identify
	// the set of groups to which the user belongs; this will be used as the names
	// for the Identity group aliases created due to a successful login. The claim
	// value must be a list of strings.
	GroupsClaim pulumi.StringPtrOutput `pulumi:"groupsClaim"`
	// Specifies the allowable elapsed time in seconds since the last time
	// the user was actively authenticated with the OIDC provider.
	MaxAge pulumi.IntPtrOutput `pulumi:"maxAge"`
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrOutput `pulumi:"namespace"`
	// The amount of leeway to add to not before (`nbf`) claims to account for
	// clock skew, in seconds. Defaults to `60` seconds if set to `0` and can be disabled if set to `-1`.
	// Only applicable with "jwt" roles.
	NotBeforeLeeway pulumi.IntPtrOutput `pulumi:"notBeforeLeeway"`
	// If set, a list of OIDC scopes to be used with an OIDC role.
	// The standard scope "openid" is automatically included and need not be specified.
	OidcScopes pulumi.StringArrayOutput `pulumi:"oidcScopes"`
	// The name of the role.
	RoleName pulumi.StringOutput `pulumi:"roleName"`
	// Type of role, either "oidc" (default) or "jwt".
	RoleType pulumi.StringOutput `pulumi:"roleType"`
	// List of CIDR blocks; if set, specifies blocks of IP
	// addresses which can authenticate successfully, and ties the resulting token to these blocks
	// as well.
	TokenBoundCidrs pulumi.StringArrayOutput `pulumi:"tokenBoundCidrs"`
	// If set, will encode an
	// [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
	// onto the token in number of seconds. This is a hard cap even if `tokenTtl` and
	// `tokenMaxTtl` would otherwise allow a renewal.
	TokenExplicitMaxTtl pulumi.IntPtrOutput `pulumi:"tokenExplicitMaxTtl"`
	// The maximum lifetime for generated tokens in number of seconds.
	// Its current value will be referenced at renewal time.
	TokenMaxTtl pulumi.IntPtrOutput `pulumi:"tokenMaxTtl"`
	// If set, the default policy will not be set on
	// generated tokens; otherwise it will be added to the policies set in token_policies.
	TokenNoDefaultPolicy pulumi.BoolPtrOutput `pulumi:"tokenNoDefaultPolicy"`
	// The [maximum number](https://www.vaultproject.io/api-docs/jwt#token_num_uses)
	// of times a generated token may be used (within its lifetime); 0 means unlimited.
	TokenNumUses pulumi.IntPtrOutput `pulumi:"tokenNumUses"`
	// If set, indicates that the
	// token generated using this role should never expire. The token should be renewed within the
	// duration specified by this value. At each renewal, the token's TTL will be set to the
	// value of this field. Specified in seconds.
	TokenPeriod pulumi.IntPtrOutput `pulumi:"tokenPeriod"`
	// List of policies to encode onto generated tokens. Depending
	// on the auth method, this list may be supplemented by user/group/other values.
	TokenPolicies pulumi.StringArrayOutput `pulumi:"tokenPolicies"`
	// The incremental lifetime for generated tokens in number of seconds.
	// Its current value will be referenced at renewal time.
	TokenTtl pulumi.IntPtrOutput `pulumi:"tokenTtl"`
	// The type of token that should be generated. Can be `service`,
	// `batch`, or `default` to use the mount's tuned default (which unless changed will be
	// `service` tokens). For token store roles, there are two additional possibilities:
	// `default-service` and `default-batch` which specify the type to return unless the client
	// requests a different type at generation time.
	TokenType pulumi.StringPtrOutput `pulumi:"tokenType"`
	// The claim to use to uniquely identify
	// the user; this will be used as the name for the Identity entity alias created
	// due to a successful login.
	UserClaim pulumi.StringOutput `pulumi:"userClaim"`
	// Specifies if the `userClaim` value uses
	// [JSON pointer](https://www.vaultproject.io/docs/auth/jwt#claim-specifications-and-json-pointer)
	// syntax for referencing claims. By default, the `userClaim` value will not use JSON pointer.
	// Requires Vault 1.11+.
	UserClaimJsonPointer pulumi.BoolPtrOutput `pulumi:"userClaimJsonPointer"`
	// Log received OIDC tokens and claims when debug-level
	// logging is active. Not recommended in production since sensitive information may be present
	// in OIDC responses.
	VerboseOidcLogging pulumi.BoolPtrOutput `pulumi:"verboseOidcLogging"`
}

Manages an JWT/OIDC auth backend role in a Vault server. See the [Vault documentation](https://www.vaultproject.io/docs/auth/jwt.html) for more information.

## Example Usage

Role for JWT backend:

<!--Start PulumiCodeChooser --> ```go package main

import ( 

"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/jwt"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		jwt, err := jwt.NewAuthBackend(ctx, "jwt", &jwt.AuthBackendArgs{
			Path: pulumi.String("jwt"),
		})
		if err != nil {
			return err
		}
		_, err = jwt.NewAuthBackendRole(ctx, "example", &jwt.AuthBackendRoleArgs{
			Backend:  jwt.Path,
			RoleName: pulumi.String("test-role"),
			TokenPolicies: pulumi.StringArray{
				pulumi.String("default"),
				pulumi.String("dev"),
				pulumi.String("prod"),
			},
			BoundAudiences: pulumi.StringArray{
				pulumi.String("https://myco.test"),
			},
			BoundClaims: pulumi.Map{
				"color": pulumi.Any("red,green,blue"),
			},
			UserClaim: pulumi.String("https://vault/user"),
			RoleType:  pulumi.String("jwt"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` <!--End PulumiCodeChooser -->

Role for OIDC backend:

<!--Start PulumiCodeChooser --> ```go package main

import ( 

"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/jwt"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		oidc, err := jwt.NewAuthBackend(ctx, "oidc", &jwt.AuthBackendArgs{
			Path:        pulumi.String("oidc"),
			DefaultRole: pulumi.String("test-role"),
		})
		if err != nil {
			return err
		}
		_, err = jwt.NewAuthBackendRole(ctx, "example", &jwt.AuthBackendRoleArgs{
			Backend:  oidc.Path,
			RoleName: pulumi.String("test-role"),
			TokenPolicies: pulumi.StringArray{
				pulumi.String("default"),
				pulumi.String("dev"),
				pulumi.String("prod"),
			},
			UserClaim: pulumi.String("https://vault/user"),
			RoleType:  pulumi.String("oidc"),
			AllowedRedirectUris: pulumi.StringArray{
				pulumi.String("http://localhost:8200/ui/vault/auth/oidc/oidc/callback"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` <!--End PulumiCodeChooser -->

## Import

JWT authentication backend roles can be imported using the `path`, e.g.

```sh $ pulumi import vault:jwt/authBackendRole:AuthBackendRole example auth/jwt/role/test-role ```

func GetAuthBackendRole 

func GetAuthBackendRole(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AuthBackendRoleState, opts ...pulumi.ResourceOption) (*AuthBackendRole, error)

GetAuthBackendRole gets an existing AuthBackendRole resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAuthBackendRole 

func NewAuthBackendRole(ctx *pulumi.Context,
	name string, args *AuthBackendRoleArgs, opts ...pulumi.ResourceOption) (*AuthBackendRole, error)

NewAuthBackendRole registers a new resource with the given unique name, arguments, and options.

func (*AuthBackendRole) ElementType 

func (*AuthBackendRole) ElementType() reflect.Type

func (*AuthBackendRole) ToAuthBackendRoleOutput 

func (i *AuthBackendRole) ToAuthBackendRoleOutput() AuthBackendRoleOutput

func (*AuthBackendRole) ToAuthBackendRoleOutputWithContext 

func (i *AuthBackendRole) ToAuthBackendRoleOutputWithContext(ctx context.Context) AuthBackendRoleOutput

type AuthBackendRoleArgs 

type AuthBackendRoleArgs struct {
	// The list of allowed values for redirectUri during OIDC logins.
	// Required for OIDC roles
	AllowedRedirectUris pulumi.StringArrayInput
	// The unique name of the auth backend to configure.
	// Defaults to `jwt`.
	Backend pulumi.StringPtrInput
	// (For "jwt" roles, at least one of `boundAudiences`, `boundSubject`, `boundClaims`
	// or `tokenBoundCidrs` is required. Optional for "oidc" roles.) List of `aud` claims to match against.
	// Any match is sufficient.
	BoundAudiences pulumi.StringArrayInput
	// If set, a map of claims to values to match against.
	// A claim's value must be a string, which may contain one value or multiple
	// comma-separated values, e.g. `"red"` or `"red,green,blue"`.
	BoundClaims pulumi.MapInput
	// How to interpret values in the claims/values
	// map (`boundClaims`): can be either `string` (exact match) or `glob` (wildcard
	// match). Requires Vault 1.4.0 or above.
	BoundClaimsType pulumi.StringPtrInput
	// If set, requires that the `sub` claim matches
	// this value.
	BoundSubject pulumi.StringPtrInput
	// If set, a map of claims (keys) to be copied
	// to specified metadata fields (values).
	ClaimMappings pulumi.MapInput
	// The amount of leeway to add to all claims to account for clock skew, in
	// seconds. Defaults to `60` seconds if set to `0` and can be disabled if set to `-1`.
	// Only applicable with "jwt" roles.
	ClockSkewLeeway pulumi.IntPtrInput
	// Disable bound claim value parsing. Useful when values contain commas.
	DisableBoundClaimsParsing pulumi.BoolPtrInput
	// The amount of leeway to add to expiration (`exp`) claims to account for
	// clock skew, in seconds. Defaults to `60` seconds if set to `0` and can be disabled if set to `-1`.
	// Only applicable with "jwt" roles.
	ExpirationLeeway pulumi.IntPtrInput
	// The claim to use to uniquely identify
	// the set of groups to which the user belongs; this will be used as the names
	// for the Identity group aliases created due to a successful login. The claim
	// value must be a list of strings.
	GroupsClaim pulumi.StringPtrInput
	// Specifies the allowable elapsed time in seconds since the last time
	// the user was actively authenticated with the OIDC provider.
	MaxAge pulumi.IntPtrInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// The amount of leeway to add to not before (`nbf`) claims to account for
	// clock skew, in seconds. Defaults to `60` seconds if set to `0` and can be disabled if set to `-1`.
	// Only applicable with "jwt" roles.
	NotBeforeLeeway pulumi.IntPtrInput
	// If set, a list of OIDC scopes to be used with an OIDC role.
	// The standard scope "openid" is automatically included and need not be specified.
	OidcScopes pulumi.StringArrayInput
	// The name of the role.
	RoleName pulumi.StringInput
	// Type of role, either "oidc" (default) or "jwt".
	RoleType pulumi.StringPtrInput
	// List of CIDR blocks; if set, specifies blocks of IP
	// addresses which can authenticate successfully, and ties the resulting token to these blocks
	// as well.
	TokenBoundCidrs pulumi.StringArrayInput
	// If set, will encode an
	// [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
	// onto the token in number of seconds. This is a hard cap even if `tokenTtl` and
	// `tokenMaxTtl` would otherwise allow a renewal.
	TokenExplicitMaxTtl pulumi.IntPtrInput
	// The maximum lifetime for generated tokens in number of seconds.
	// Its current value will be referenced at renewal time.
	TokenMaxTtl pulumi.IntPtrInput
	// If set, the default policy will not be set on
	// generated tokens; otherwise it will be added to the policies set in token_policies.
	TokenNoDefaultPolicy pulumi.BoolPtrInput
	// The [maximum number](https://www.vaultproject.io/api-docs/jwt#token_num_uses)
	// of times a generated token may be used (within its lifetime); 0 means unlimited.
	TokenNumUses pulumi.IntPtrInput
	// If set, indicates that the
	// token generated using this role should never expire. The token should be renewed within the
	// duration specified by this value. At each renewal, the token's TTL will be set to the
	// value of this field. Specified in seconds.
	TokenPeriod pulumi.IntPtrInput
	// List of policies to encode onto generated tokens. Depending
	// on the auth method, this list may be supplemented by user/group/other values.
	TokenPolicies pulumi.StringArrayInput
	// The incremental lifetime for generated tokens in number of seconds.
	// Its current value will be referenced at renewal time.
	TokenTtl pulumi.IntPtrInput
	// The type of token that should be generated. Can be `service`,
	// `batch`, or `default` to use the mount's tuned default (which unless changed will be
	// `service` tokens). For token store roles, there are two additional possibilities:
	// `default-service` and `default-batch` which specify the type to return unless the client
	// requests a different type at generation time.
	TokenType pulumi.StringPtrInput
	// The claim to use to uniquely identify
	// the user; this will be used as the name for the Identity entity alias created
	// due to a successful login.
	UserClaim pulumi.StringInput
	// Specifies if the `userClaim` value uses
	// [JSON pointer](https://www.vaultproject.io/docs/auth/jwt#claim-specifications-and-json-pointer)
	// syntax for referencing claims. By default, the `userClaim` value will not use JSON pointer.
	// Requires Vault 1.11+.
	UserClaimJsonPointer pulumi.BoolPtrInput
	// Log received OIDC tokens and claims when debug-level
	// logging is active. Not recommended in production since sensitive information may be present
	// in OIDC responses.
	VerboseOidcLogging pulumi.BoolPtrInput
}

The set of arguments for constructing a AuthBackendRole resource.

func (AuthBackendRoleArgs) ElementType 

func (AuthBackendRoleArgs) ElementType() reflect.Type

type AuthBackendRoleArray 

type AuthBackendRoleArray []AuthBackendRoleInput

func (AuthBackendRoleArray) ElementType 

func (AuthBackendRoleArray) ElementType() reflect.Type

func (AuthBackendRoleArray) ToAuthBackendRoleArrayOutput 

func (i AuthBackendRoleArray) ToAuthBackendRoleArrayOutput() AuthBackendRoleArrayOutput

func (AuthBackendRoleArray) ToAuthBackendRoleArrayOutputWithContext 

func (i AuthBackendRoleArray) ToAuthBackendRoleArrayOutputWithContext(ctx context.Context) AuthBackendRoleArrayOutput

type AuthBackendRoleArrayInput 

type AuthBackendRoleArrayInput interface {
	pulumi.Input

	ToAuthBackendRoleArrayOutput() AuthBackendRoleArrayOutput
	ToAuthBackendRoleArrayOutputWithContext(context.Context) AuthBackendRoleArrayOutput
}

AuthBackendRoleArrayInput is an input type that accepts AuthBackendRoleArray and AuthBackendRoleArrayOutput values. You can construct a concrete instance of `AuthBackendRoleArrayInput` via: 

AuthBackendRoleArray{ AuthBackendRoleArgs{...} }

type AuthBackendRoleArrayOutput 

type AuthBackendRoleArrayOutput struct{ *pulumi.OutputState }

func (AuthBackendRoleArrayOutput) ElementType 

func (AuthBackendRoleArrayOutput) ElementType() reflect.Type

func (AuthBackendRoleArrayOutput) Index 

func (o AuthBackendRoleArrayOutput) Index(i pulumi.IntInput) AuthBackendRoleOutput

func (AuthBackendRoleArrayOutput) ToAuthBackendRoleArrayOutput 

func (o AuthBackendRoleArrayOutput) ToAuthBackendRoleArrayOutput() AuthBackendRoleArrayOutput

func (AuthBackendRoleArrayOutput) ToAuthBackendRoleArrayOutputWithContext 

func (o AuthBackendRoleArrayOutput) ToAuthBackendRoleArrayOutputWithContext(ctx context.Context) AuthBackendRoleArrayOutput

type AuthBackendRoleInput 

type AuthBackendRoleInput interface {
	pulumi.Input

	ToAuthBackendRoleOutput() AuthBackendRoleOutput
	ToAuthBackendRoleOutputWithContext(ctx context.Context) AuthBackendRoleOutput
}

type AuthBackendRoleMap 

type AuthBackendRoleMap map[string]AuthBackendRoleInput

func (AuthBackendRoleMap) ElementType 

func (AuthBackendRoleMap) ElementType() reflect.Type

func (AuthBackendRoleMap) ToAuthBackendRoleMapOutput 

func (i AuthBackendRoleMap) ToAuthBackendRoleMapOutput() AuthBackendRoleMapOutput

func (AuthBackendRoleMap) ToAuthBackendRoleMapOutputWithContext 

func (i AuthBackendRoleMap) ToAuthBackendRoleMapOutputWithContext(ctx context.Context) AuthBackendRoleMapOutput

type AuthBackendRoleMapInput 

type AuthBackendRoleMapInput interface {
	pulumi.Input

	ToAuthBackendRoleMapOutput() AuthBackendRoleMapOutput
	ToAuthBackendRoleMapOutputWithContext(context.Context) AuthBackendRoleMapOutput
}

AuthBackendRoleMapInput is an input type that accepts AuthBackendRoleMap and AuthBackendRoleMapOutput values. You can construct a concrete instance of `AuthBackendRoleMapInput` via: 

AuthBackendRoleMap{ "key": AuthBackendRoleArgs{...} }

type AuthBackendRoleMapOutput 

type AuthBackendRoleMapOutput struct{ *pulumi.OutputState }

func (AuthBackendRoleMapOutput) ElementType 

func (AuthBackendRoleMapOutput) ElementType() reflect.Type

func (AuthBackendRoleMapOutput) MapIndex 

func (o AuthBackendRoleMapOutput) MapIndex(k pulumi.StringInput) AuthBackendRoleOutput

func (AuthBackendRoleMapOutput) ToAuthBackendRoleMapOutput 

func (o AuthBackendRoleMapOutput) ToAuthBackendRoleMapOutput() AuthBackendRoleMapOutput

func (AuthBackendRoleMapOutput) ToAuthBackendRoleMapOutputWithContext 

func (o AuthBackendRoleMapOutput) ToAuthBackendRoleMapOutputWithContext(ctx context.Context) AuthBackendRoleMapOutput

type AuthBackendRoleOutput 

type AuthBackendRoleOutput struct{ *pulumi.OutputState }

func (AuthBackendRoleOutput) AllowedRedirectUris 

func (o AuthBackendRoleOutput) AllowedRedirectUris() pulumi.StringArrayOutput

The list of allowed values for redirectUri during OIDC logins. Required for OIDC roles

func (AuthBackendRoleOutput) Backend 

func (o AuthBackendRoleOutput) Backend() pulumi.StringPtrOutput

The unique name of the auth backend to configure. Defaults to `jwt`.

func (AuthBackendRoleOutput) BoundAudiences 

func (o AuthBackendRoleOutput) BoundAudiences() pulumi.StringArrayOutput

(For "jwt" roles, at least one of `boundAudiences`, `boundSubject`, `boundClaims` or `tokenBoundCidrs` is required. Optional for "oidc" roles.) List of `aud` claims to match against. Any match is sufficient.

func (AuthBackendRoleOutput) BoundClaims 

func (o AuthBackendRoleOutput) BoundClaims() pulumi.MapOutput

If set, a map of claims to values to match against. A claim's value must be a string, which may contain one value or multiple comma-separated values, e.g. `"red"` or `"red,green,blue"`.

func (AuthBackendRoleOutput) BoundClaimsType 

func (o AuthBackendRoleOutput) BoundClaimsType() pulumi.StringOutput

How to interpret values in the claims/values map (`boundClaims`): can be either `string` (exact match) or `glob` (wildcard match). Requires Vault 1.4.0 or above.

func (AuthBackendRoleOutput) BoundSubject 

func (o AuthBackendRoleOutput) BoundSubject() pulumi.StringPtrOutput

If set, requires that the `sub` claim matches this value.

func (AuthBackendRoleOutput) ClaimMappings 

func (o AuthBackendRoleOutput) ClaimMappings() pulumi.MapOutput

If set, a map of claims (keys) to be copied to specified metadata fields (values).

func (AuthBackendRoleOutput) ClockSkewLeeway 

func (o AuthBackendRoleOutput) ClockSkewLeeway() pulumi.IntPtrOutput

The amount of leeway to add to all claims to account for clock skew, in seconds. Defaults to `60` seconds if set to `0` and can be disabled if set to `-1`. Only applicable with "jwt" roles.

func (AuthBackendRoleOutput) DisableBoundClaimsParsing 

func (o AuthBackendRoleOutput) DisableBoundClaimsParsing() pulumi.BoolPtrOutput

Disable bound claim value parsing. Useful when values contain commas.

func (AuthBackendRoleOutput) ElementType 

func (AuthBackendRoleOutput) ElementType() reflect.Type

func (AuthBackendRoleOutput) ExpirationLeeway 

func (o AuthBackendRoleOutput) ExpirationLeeway() pulumi.IntPtrOutput

The amount of leeway to add to expiration (`exp`) claims to account for clock skew, in seconds. Defaults to `60` seconds if set to `0` and can be disabled if set to `-1`. Only applicable with "jwt" roles.

func (AuthBackendRoleOutput) GroupsClaim 

func (o AuthBackendRoleOutput) GroupsClaim() pulumi.StringPtrOutput

The claim to use to uniquely identify the set of groups to which the user belongs; this will be used as the names for the Identity group aliases created due to a successful login. The claim value must be a list of strings.

func (AuthBackendRoleOutput) MaxAge 

func (o AuthBackendRoleOutput) MaxAge() pulumi.IntPtrOutput

Specifies the allowable elapsed time in seconds since the last time the user was actively authenticated with the OIDC provider.

func (AuthBackendRoleOutput) Namespace 

func (o AuthBackendRoleOutput) Namespace() pulumi.StringPtrOutput

The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). *Available only for Vault Enterprise*.

func (AuthBackendRoleOutput) NotBeforeLeeway 

func (o AuthBackendRoleOutput) NotBeforeLeeway() pulumi.IntPtrOutput

The amount of leeway to add to not before (`nbf`) claims to account for clock skew, in seconds. Defaults to `60` seconds if set to `0` and can be disabled if set to `-1`. Only applicable with "jwt" roles.

func (AuthBackendRoleOutput) OidcScopes 

func (o AuthBackendRoleOutput) OidcScopes() pulumi.StringArrayOutput

If set, a list of OIDC scopes to be used with an OIDC role. The standard scope "openid" is automatically included and need not be specified.

func (AuthBackendRoleOutput) RoleName 

func (o AuthBackendRoleOutput) RoleName() pulumi.StringOutput

The name of the role.

func (AuthBackendRoleOutput) RoleType 

func (o AuthBackendRoleOutput) RoleType() pulumi.StringOutput

Type of role, either "oidc" (default) or "jwt".

func (AuthBackendRoleOutput) ToAuthBackendRoleOutput 

func (o AuthBackendRoleOutput) ToAuthBackendRoleOutput() AuthBackendRoleOutput

func (AuthBackendRoleOutput) ToAuthBackendRoleOutputWithContext 

func (o AuthBackendRoleOutput) ToAuthBackendRoleOutputWithContext(ctx context.Context) AuthBackendRoleOutput

func (AuthBackendRoleOutput) TokenBoundCidrs 

func (o AuthBackendRoleOutput) TokenBoundCidrs() pulumi.StringArrayOutput

List of CIDR blocks; if set, specifies blocks of IP addresses which can authenticate successfully, and ties the resulting token to these blocks as well.

func (AuthBackendRoleOutput) TokenExplicitMaxTtl 

func (o AuthBackendRoleOutput) TokenExplicitMaxTtl() pulumi.IntPtrOutput

If set, will encode an [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls) onto the token in number of seconds. This is a hard cap even if `tokenTtl` and `tokenMaxTtl` would otherwise allow a renewal.

func (AuthBackendRoleOutput) TokenMaxTtl 

func (o AuthBackendRoleOutput) TokenMaxTtl() pulumi.IntPtrOutput

The maximum lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.

func (AuthBackendRoleOutput) TokenNoDefaultPolicy 

func (o AuthBackendRoleOutput) TokenNoDefaultPolicy() pulumi.BoolPtrOutput

If set, the default policy will not be set on generated tokens; otherwise it will be added to the policies set in token_policies.

func (AuthBackendRoleOutput) TokenNumUses 

func (o AuthBackendRoleOutput) TokenNumUses() pulumi.IntPtrOutput

The [maximum number](https://www.vaultproject.io/api-docs/jwt#token_num_uses) of times a generated token may be used (within its lifetime); 0 means unlimited.

func (AuthBackendRoleOutput) TokenPeriod 

func (o AuthBackendRoleOutput) TokenPeriod() pulumi.IntPtrOutput

If set, indicates that the token generated using this role should never expire. The token should be renewed within the duration specified by this value. At each renewal, the token's TTL will be set to the value of this field. Specified in seconds.

func (AuthBackendRoleOutput) TokenPolicies 

func (o AuthBackendRoleOutput) TokenPolicies() pulumi.StringArrayOutput

List of policies to encode onto generated tokens. Depending on the auth method, this list may be supplemented by user/group/other values.

func (AuthBackendRoleOutput) TokenTtl 

func (o AuthBackendRoleOutput) TokenTtl() pulumi.IntPtrOutput

The incremental lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.

func (AuthBackendRoleOutput) TokenType 

func (o AuthBackendRoleOutput) TokenType() pulumi.StringPtrOutput

The type of token that should be generated. Can be `service`, `batch`, or `default` to use the mount's tuned default (which unless changed will be `service` tokens). For token store roles, there are two additional possibilities: `default-service` and `default-batch` which specify the type to return unless the client requests a different type at generation time.

func (AuthBackendRoleOutput) UserClaim 

func (o AuthBackendRoleOutput) UserClaim() pulumi.StringOutput

The claim to use to uniquely identify the user; this will be used as the name for the Identity entity alias created due to a successful login.

func (AuthBackendRoleOutput) UserClaimJsonPointer 

func (o AuthBackendRoleOutput) UserClaimJsonPointer() pulumi.BoolPtrOutput

Specifies if the `userClaim` value uses [JSON pointer](https://www.vaultproject.io/docs/auth/jwt#claim-specifications-and-json-pointer) syntax for referencing claims. By default, the `userClaim` value will not use JSON pointer. Requires Vault 1.11+.

func (AuthBackendRoleOutput) VerboseOidcLogging 

func (o AuthBackendRoleOutput) VerboseOidcLogging() pulumi.BoolPtrOutput

Log received OIDC tokens and claims when debug-level logging is active. Not recommended in production since sensitive information may be present in OIDC responses.

type AuthBackendRoleState 

type AuthBackendRoleState struct {
	// The list of allowed values for redirectUri during OIDC logins.
	// Required for OIDC roles
	AllowedRedirectUris pulumi.StringArrayInput
	// The unique name of the auth backend to configure.
	// Defaults to `jwt`.
	Backend pulumi.StringPtrInput
	// (For "jwt" roles, at least one of `boundAudiences`, `boundSubject`, `boundClaims`
	// or `tokenBoundCidrs` is required. Optional for "oidc" roles.) List of `aud` claims to match against.
	// Any match is sufficient.
	BoundAudiences pulumi.StringArrayInput
	// If set, a map of claims to values to match against.
	// A claim's value must be a string, which may contain one value or multiple
	// comma-separated values, e.g. `"red"` or `"red,green,blue"`.
	BoundClaims pulumi.MapInput
	// How to interpret values in the claims/values
	// map (`boundClaims`): can be either `string` (exact match) or `glob` (wildcard
	// match). Requires Vault 1.4.0 or above.
	BoundClaimsType pulumi.StringPtrInput
	// If set, requires that the `sub` claim matches
	// this value.
	BoundSubject pulumi.StringPtrInput
	// If set, a map of claims (keys) to be copied
	// to specified metadata fields (values).
	ClaimMappings pulumi.MapInput
	// The amount of leeway to add to all claims to account for clock skew, in
	// seconds. Defaults to `60` seconds if set to `0` and can be disabled if set to `-1`.
	// Only applicable with "jwt" roles.
	ClockSkewLeeway pulumi.IntPtrInput
	// Disable bound claim value parsing. Useful when values contain commas.
	DisableBoundClaimsParsing pulumi.BoolPtrInput
	// The amount of leeway to add to expiration (`exp`) claims to account for
	// clock skew, in seconds. Defaults to `60` seconds if set to `0` and can be disabled if set to `-1`.
	// Only applicable with "jwt" roles.
	ExpirationLeeway pulumi.IntPtrInput
	// The claim to use to uniquely identify
	// the set of groups to which the user belongs; this will be used as the names
	// for the Identity group aliases created due to a successful login. The claim
	// value must be a list of strings.
	GroupsClaim pulumi.StringPtrInput
	// Specifies the allowable elapsed time in seconds since the last time
	// the user was actively authenticated with the OIDC provider.
	MaxAge pulumi.IntPtrInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// The amount of leeway to add to not before (`nbf`) claims to account for
	// clock skew, in seconds. Defaults to `60` seconds if set to `0` and can be disabled if set to `-1`.
	// Only applicable with "jwt" roles.
	NotBeforeLeeway pulumi.IntPtrInput
	// If set, a list of OIDC scopes to be used with an OIDC role.
	// The standard scope "openid" is automatically included and need not be specified.
	OidcScopes pulumi.StringArrayInput
	// The name of the role.
	RoleName pulumi.StringPtrInput
	// Type of role, either "oidc" (default) or "jwt".
	RoleType pulumi.StringPtrInput
	// List of CIDR blocks; if set, specifies blocks of IP
	// addresses which can authenticate successfully, and ties the resulting token to these blocks
	// as well.
	TokenBoundCidrs pulumi.StringArrayInput
	// If set, will encode an
	// [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
	// onto the token in number of seconds. This is a hard cap even if `tokenTtl` and
	// `tokenMaxTtl` would otherwise allow a renewal.
	TokenExplicitMaxTtl pulumi.IntPtrInput
	// The maximum lifetime for generated tokens in number of seconds.
	// Its current value will be referenced at renewal time.
	TokenMaxTtl pulumi.IntPtrInput
	// If set, the default policy will not be set on
	// generated tokens; otherwise it will be added to the policies set in token_policies.
	TokenNoDefaultPolicy pulumi.BoolPtrInput
	// The [maximum number](https://www.vaultproject.io/api-docs/jwt#token_num_uses)
	// of times a generated token may be used (within its lifetime); 0 means unlimited.
	TokenNumUses pulumi.IntPtrInput
	// If set, indicates that the
	// token generated using this role should never expire. The token should be renewed within the
	// duration specified by this value. At each renewal, the token's TTL will be set to the
	// value of this field. Specified in seconds.
	TokenPeriod pulumi.IntPtrInput
	// List of policies to encode onto generated tokens. Depending
	// on the auth method, this list may be supplemented by user/group/other values.
	TokenPolicies pulumi.StringArrayInput
	// The incremental lifetime for generated tokens in number of seconds.
	// Its current value will be referenced at renewal time.
	TokenTtl pulumi.IntPtrInput
	// The type of token that should be generated. Can be `service`,
	// `batch`, or `default` to use the mount's tuned default (which unless changed will be
	// `service` tokens). For token store roles, there are two additional possibilities:
	// `default-service` and `default-batch` which specify the type to return unless the client
	// requests a different type at generation time.
	TokenType pulumi.StringPtrInput
	// The claim to use to uniquely identify
	// the user; this will be used as the name for the Identity entity alias created
	// due to a successful login.
	UserClaim pulumi.StringPtrInput
	// Specifies if the `userClaim` value uses
	// [JSON pointer](https://www.vaultproject.io/docs/auth/jwt#claim-specifications-and-json-pointer)
	// syntax for referencing claims. By default, the `userClaim` value will not use JSON pointer.
	// Requires Vault 1.11+.
	UserClaimJsonPointer pulumi.BoolPtrInput
	// Log received OIDC tokens and claims when debug-level
	// logging is active. Not recommended in production since sensitive information may be present
	// in OIDC responses.
	VerboseOidcLogging pulumi.BoolPtrInput
}

func (AuthBackendRoleState) ElementType 

func (AuthBackendRoleState) ElementType() reflect.Type

type AuthBackendState 

type AuthBackendState struct {
	// The accessor for this auth method
	Accessor pulumi.StringPtrInput
	// The value against which to match the iss claim in a JWT
	BoundIssuer pulumi.StringPtrInput
	// The default role to use if none is provided during login
	DefaultRole pulumi.StringPtrInput
	// The description of the auth backend
	Description pulumi.StringPtrInput
	// If set, opts out of mount migration on path updates.
	// See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
	DisableRemount pulumi.BoolPtrInput
	// The CA certificate or chain of certificates, in PEM format, to use to validate connections to the JWKS URL. If not set, system certificates are used.
	JwksCaPem pulumi.StringPtrInput
	// JWKS URL to use to authenticate signatures. Cannot be used with "oidcDiscoveryUrl" or "jwtValidationPubkeys".
	JwksUrl pulumi.StringPtrInput
	// A list of supported signing algorithms. Vault 1.1.0 defaults to [RS256] but future or past versions of Vault may differ
	JwtSupportedAlgs pulumi.StringArrayInput
	// A list of PEM-encoded public keys to use to authenticate signatures locally. Cannot be used in combination with `oidcDiscoveryUrl`
	JwtValidationPubkeys pulumi.StringArrayInput
	// Specifies if the auth method is local only.
	Local pulumi.BoolPtrInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// Pass namespace in the OIDC state parameter instead of as a separate query parameter. With this setting, the allowed redirect URL(s) in Vault and on the provider side should not contain a namespace query parameter. This means only one redirect URL entry needs to be maintained on the OIDC provider side for all vault namespaces that will be authenticating against it. Defaults to true for new configs
	//
	// * tune - (Optional) Extra configuration block. Structure is documented below.
	//
	// The `tune` block is used to tune the auth backend:
	NamespaceInState pulumi.BoolPtrInput
	// Client ID used for OIDC backends
	OidcClientId pulumi.StringPtrInput
	// Client Secret used for OIDC backends
	OidcClientSecret pulumi.StringPtrInput
	// The CA certificate or chain of certificates, in PEM format, to use to validate connections to the OIDC Discovery URL. If not set, system certificates are used
	OidcDiscoveryCaPem pulumi.StringPtrInput
	// The OIDC Discovery URL, without any .well-known component (base path). Cannot be used in combination with `jwtValidationPubkeys`
	OidcDiscoveryUrl pulumi.StringPtrInput
	// The response mode to be used in the OAuth2 request. Allowed values are `query` and `formPost`. Defaults to `query`. If using Vault namespaces, and `oidcResponseMode` is `formPost`, then `namespaceInState` should be set to `false`.
	OidcResponseMode pulumi.StringPtrInput
	// List of response types to request. Allowed values are 'code' and 'id_token'. Defaults to `["code"]`. Note: `idToken` may only be used if `oidcResponseMode` is set to `formPost`.
	OidcResponseTypes pulumi.StringArrayInput
	// Path to mount the JWT/OIDC auth backend
	Path pulumi.StringPtrInput
	// Provider specific handling configuration. All values may be strings, and the provider will convert to the appropriate type when configuring Vault.
	ProviderConfig pulumi.StringMapInput
	Tune           AuthBackendTunePtrInput
	// Type of auth backend. Should be one of `jwt` or `oidc`. Default - `jwt`
	Type pulumi.StringPtrInput
}

func (AuthBackendState) ElementType 

func (AuthBackendState) ElementType() reflect.Type

type AuthBackendTune 

type AuthBackendTune struct {
	// List of headers to whitelist and allowing
	// a plugin to include them in the response.
	AllowedResponseHeaders []string `pulumi:"allowedResponseHeaders"`
	// Specifies the list of keys that will
	// not be HMAC'd by audit devices in the request data object.
	AuditNonHmacRequestKeys []string `pulumi:"auditNonHmacRequestKeys"`
	// Specifies the list of keys that will
	// not be HMAC'd by audit devices in the response data object.
	AuditNonHmacResponseKeys []string `pulumi:"auditNonHmacResponseKeys"`
	// Specifies the default time-to-live.
	// If set, this overrides the global default.
	// Must be a valid [duration string](https://golang.org/pkg/time/#ParseDuration)
	DefaultLeaseTtl *string `pulumi:"defaultLeaseTtl"`
	// Specifies whether to show this mount in
	// the UI-specific listing endpoint. Valid values are "unauth" or "hidden".
	ListingVisibility *string `pulumi:"listingVisibility"`
	// Specifies the maximum time-to-live.
	// If set, this overrides the global default.
	// Must be a valid [duration string](https://golang.org/pkg/time/#ParseDuration)
	MaxLeaseTtl *string `pulumi:"maxLeaseTtl"`
	// List of headers to whitelist and
	// pass from the request to the backend.
	PassthroughRequestHeaders []string `pulumi:"passthroughRequestHeaders"`
	// Specifies the type of tokens that should be returned by
	// the mount. Valid values are "default-service", "default-batch", "service", "batch".
	TokenType *string `pulumi:"tokenType"`
}

type AuthBackendTuneArgs 

type AuthBackendTuneArgs struct {
	// List of headers to whitelist and allowing
	// a plugin to include them in the response.
	AllowedResponseHeaders pulumi.StringArrayInput `pulumi:"allowedResponseHeaders"`
	// Specifies the list of keys that will
	// not be HMAC'd by audit devices in the request data object.
	AuditNonHmacRequestKeys pulumi.StringArrayInput `pulumi:"auditNonHmacRequestKeys"`
	// Specifies the list of keys that will
	// not be HMAC'd by audit devices in the response data object.
	AuditNonHmacResponseKeys pulumi.StringArrayInput `pulumi:"auditNonHmacResponseKeys"`
	// Specifies the default time-to-live.
	// If set, this overrides the global default.
	// Must be a valid [duration string](https://golang.org/pkg/time/#ParseDuration)
	DefaultLeaseTtl pulumi.StringPtrInput `pulumi:"defaultLeaseTtl"`
	// Specifies whether to show this mount in
	// the UI-specific listing endpoint. Valid values are "unauth" or "hidden".
	ListingVisibility pulumi.StringPtrInput `pulumi:"listingVisibility"`
	// Specifies the maximum time-to-live.
	// If set, this overrides the global default.
	// Must be a valid [duration string](https://golang.org/pkg/time/#ParseDuration)
	MaxLeaseTtl pulumi.StringPtrInput `pulumi:"maxLeaseTtl"`
	// List of headers to whitelist and
	// pass from the request to the backend.
	PassthroughRequestHeaders pulumi.StringArrayInput `pulumi:"passthroughRequestHeaders"`
	// Specifies the type of tokens that should be returned by
	// the mount. Valid values are "default-service", "default-batch", "service", "batch".
	TokenType pulumi.StringPtrInput `pulumi:"tokenType"`
}

func (AuthBackendTuneArgs) ElementType 

func (AuthBackendTuneArgs) ElementType() reflect.Type

func (AuthBackendTuneArgs) ToAuthBackendTuneOutput 

func (i AuthBackendTuneArgs) ToAuthBackendTuneOutput() AuthBackendTuneOutput

func (AuthBackendTuneArgs) ToAuthBackendTuneOutputWithContext 

func (i AuthBackendTuneArgs) ToAuthBackendTuneOutputWithContext(ctx context.Context) AuthBackendTuneOutput

func (AuthBackendTuneArgs) ToAuthBackendTunePtrOutput 

func (i AuthBackendTuneArgs) ToAuthBackendTunePtrOutput() AuthBackendTunePtrOutput

func (AuthBackendTuneArgs) ToAuthBackendTunePtrOutputWithContext 

func (i AuthBackendTuneArgs) ToAuthBackendTunePtrOutputWithContext(ctx context.Context) AuthBackendTunePtrOutput

type AuthBackendTuneInput 

type AuthBackendTuneInput interface {
	pulumi.Input

	ToAuthBackendTuneOutput() AuthBackendTuneOutput
	ToAuthBackendTuneOutputWithContext(context.Context) AuthBackendTuneOutput
}

AuthBackendTuneInput is an input type that accepts AuthBackendTuneArgs and AuthBackendTuneOutput values. You can construct a concrete instance of `AuthBackendTuneInput` via: 

AuthBackendTuneArgs{...}

type AuthBackendTuneOutput 

type AuthBackendTuneOutput struct{ *pulumi.OutputState }

func (AuthBackendTuneOutput) AllowedResponseHeaders 

func (o AuthBackendTuneOutput) AllowedResponseHeaders() pulumi.StringArrayOutput

List of headers to whitelist and allowing a plugin to include them in the response.

func (AuthBackendTuneOutput) AuditNonHmacRequestKeys 

func (o AuthBackendTuneOutput) AuditNonHmacRequestKeys() pulumi.StringArrayOutput

Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.

func (AuthBackendTuneOutput) AuditNonHmacResponseKeys 

func (o AuthBackendTuneOutput) AuditNonHmacResponseKeys() pulumi.StringArrayOutput

Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.

func (AuthBackendTuneOutput) DefaultLeaseTtl 

func (o AuthBackendTuneOutput) DefaultLeaseTtl() pulumi.StringPtrOutput

Specifies the default time-to-live. If set, this overrides the global default. Must be a valid [duration string](https://golang.org/pkg/time/#ParseDuration)

func (AuthBackendTuneOutput) ElementType 

func (AuthBackendTuneOutput) ElementType() reflect.Type

func (AuthBackendTuneOutput) ListingVisibility 

func (o AuthBackendTuneOutput) ListingVisibility() pulumi.StringPtrOutput

Specifies whether to show this mount in the UI-specific listing endpoint. Valid values are "unauth" or "hidden".

func (AuthBackendTuneOutput) MaxLeaseTtl 

func (o AuthBackendTuneOutput) MaxLeaseTtl() pulumi.StringPtrOutput

Specifies the maximum time-to-live. If set, this overrides the global default. Must be a valid [duration string](https://golang.org/pkg/time/#ParseDuration)

func (AuthBackendTuneOutput) PassthroughRequestHeaders 

func (o AuthBackendTuneOutput) PassthroughRequestHeaders() pulumi.StringArrayOutput

List of headers to whitelist and pass from the request to the backend.

func (AuthBackendTuneOutput) ToAuthBackendTuneOutput 

func (o AuthBackendTuneOutput) ToAuthBackendTuneOutput() AuthBackendTuneOutput

func (AuthBackendTuneOutput) ToAuthBackendTuneOutputWithContext 

func (o AuthBackendTuneOutput) ToAuthBackendTuneOutputWithContext(ctx context.Context) AuthBackendTuneOutput

func (AuthBackendTuneOutput) ToAuthBackendTunePtrOutput 

func (o AuthBackendTuneOutput) ToAuthBackendTunePtrOutput() AuthBackendTunePtrOutput

func (AuthBackendTuneOutput) ToAuthBackendTunePtrOutputWithContext 

func (o AuthBackendTuneOutput) ToAuthBackendTunePtrOutputWithContext(ctx context.Context) AuthBackendTunePtrOutput

func (AuthBackendTuneOutput) TokenType 

func (o AuthBackendTuneOutput) TokenType() pulumi.StringPtrOutput

Specifies the type of tokens that should be returned by the mount. Valid values are "default-service", "default-batch", "service", "batch".

type AuthBackendTunePtrInput 

type AuthBackendTunePtrInput interface {
	pulumi.Input

	ToAuthBackendTunePtrOutput() AuthBackendTunePtrOutput
	ToAuthBackendTunePtrOutputWithContext(context.Context) AuthBackendTunePtrOutput
}

AuthBackendTunePtrInput is an input type that accepts AuthBackendTuneArgs, AuthBackendTunePtr and AuthBackendTunePtrOutput values. You can construct a concrete instance of `AuthBackendTunePtrInput` via: 

        AuthBackendTuneArgs{...}

or:

        nil

func AuthBackendTunePtr 

func AuthBackendTunePtr(v *AuthBackendTuneArgs) AuthBackendTunePtrInput

type AuthBackendTunePtrOutput 

type AuthBackendTunePtrOutput struct{ *pulumi.OutputState }

func (AuthBackendTunePtrOutput) AllowedResponseHeaders 

func (o AuthBackendTunePtrOutput) AllowedResponseHeaders() pulumi.StringArrayOutput

List of headers to whitelist and allowing a plugin to include them in the response.

func (AuthBackendTunePtrOutput) AuditNonHmacRequestKeys 

func (o AuthBackendTunePtrOutput) AuditNonHmacRequestKeys() pulumi.StringArrayOutput

Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.

func (AuthBackendTunePtrOutput) AuditNonHmacResponseKeys 

func (o AuthBackendTunePtrOutput) AuditNonHmacResponseKeys() pulumi.StringArrayOutput

Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.

func (AuthBackendTunePtrOutput) DefaultLeaseTtl 

func (o AuthBackendTunePtrOutput) DefaultLeaseTtl() pulumi.StringPtrOutput

Specifies the default time-to-live. If set, this overrides the global default. Must be a valid [duration string](https://golang.org/pkg/time/#ParseDuration)

func (AuthBackendTunePtrOutput) Elem 

func (o AuthBackendTunePtrOutput) Elem() AuthBackendTuneOutput

func (AuthBackendTunePtrOutput) ElementType 

func (AuthBackendTunePtrOutput) ElementType() reflect.Type

func (AuthBackendTunePtrOutput) ListingVisibility 

func (o AuthBackendTunePtrOutput) ListingVisibility() pulumi.StringPtrOutput

Specifies whether to show this mount in the UI-specific listing endpoint. Valid values are "unauth" or "hidden".

func (AuthBackendTunePtrOutput) MaxLeaseTtl 

func (o AuthBackendTunePtrOutput) MaxLeaseTtl() pulumi.StringPtrOutput

Specifies the maximum time-to-live. If set, this overrides the global default. Must be a valid [duration string](https://golang.org/pkg/time/#ParseDuration)

func (AuthBackendTunePtrOutput) PassthroughRequestHeaders 

func (o AuthBackendTunePtrOutput) PassthroughRequestHeaders() pulumi.StringArrayOutput

List of headers to whitelist and pass from the request to the backend.

func (AuthBackendTunePtrOutput) ToAuthBackendTunePtrOutput 

func (o AuthBackendTunePtrOutput) ToAuthBackendTunePtrOutput() AuthBackendTunePtrOutput

func (AuthBackendTunePtrOutput) ToAuthBackendTunePtrOutputWithContext 

func (o AuthBackendTunePtrOutput) ToAuthBackendTunePtrOutputWithContext(ctx context.Context) AuthBackendTunePtrOutput

func (AuthBackendTunePtrOutput) TokenType 

func (o AuthBackendTunePtrOutput) TokenType() pulumi.StringPtrOutput

Specifies the type of tokens that should be returned by the mount. Valid values are "default-service", "default-batch", "service", "batch".

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.