ssh

package
v6.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 4, 2024 License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type SecretBackendCa 

type SecretBackendCa struct {
	pulumi.CustomResourceState

	// The path where the SSH secret backend is mounted. Defaults to 'ssh'
	Backend pulumi.StringPtrOutput `pulumi:"backend"`
	// Whether Vault should generate the signing key pair internally. Defaults to true
	GenerateSigningKey pulumi.BoolPtrOutput `pulumi:"generateSigningKey"`
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrOutput `pulumi:"namespace"`
	// Private key part the SSH CA key pair; required if generate_signing_key is false.
	PrivateKey pulumi.StringOutput `pulumi:"privateKey"`
	// The public key part the SSH CA key pair; required if generateSigningKey is false.
	PublicKey pulumi.StringOutput `pulumi:"publicKey"`
}

Provides a resource to manage CA information in an SSH secret backend [SSH secret backend within Vault](https://www.vaultproject.io/docs/secrets/ssh/index.html).

## Example Usage

<!--Start PulumiCodeChooser --> ```go package main

import ( 

"github.com/pulumi/pulumi-vault/sdk/v6/go/vault"
"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/ssh"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		example, err := vault.NewMount(ctx, "example", &vault.MountArgs{
			Type: pulumi.String("ssh"),
		})
		if err != nil {
			return err
		}
		_, err = ssh.NewSecretBackendCa(ctx, "foo", &ssh.SecretBackendCaArgs{
			Backend: example.Path,
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` <!--End PulumiCodeChooser -->

## Import

SSH secret backend CAs can be imported using the `path`, e.g.

```sh $ pulumi import vault:ssh/secretBackendCa:SecretBackendCa foo ssh ```

func GetSecretBackendCa 

func GetSecretBackendCa(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *SecretBackendCaState, opts ...pulumi.ResourceOption) (*SecretBackendCa, error)

GetSecretBackendCa gets an existing SecretBackendCa resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewSecretBackendCa 

func NewSecretBackendCa(ctx *pulumi.Context,
	name string, args *SecretBackendCaArgs, opts ...pulumi.ResourceOption) (*SecretBackendCa, error)

NewSecretBackendCa registers a new resource with the given unique name, arguments, and options.

func (*SecretBackendCa) ElementType 

func (*SecretBackendCa) ElementType() reflect.Type

func (*SecretBackendCa) ToSecretBackendCaOutput 

func (i *SecretBackendCa) ToSecretBackendCaOutput() SecretBackendCaOutput

func (*SecretBackendCa) ToSecretBackendCaOutputWithContext 

func (i *SecretBackendCa) ToSecretBackendCaOutputWithContext(ctx context.Context) SecretBackendCaOutput

type SecretBackendCaArgs 

type SecretBackendCaArgs struct {
	// The path where the SSH secret backend is mounted. Defaults to 'ssh'
	Backend pulumi.StringPtrInput
	// Whether Vault should generate the signing key pair internally. Defaults to true
	GenerateSigningKey pulumi.BoolPtrInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// Private key part the SSH CA key pair; required if generate_signing_key is false.
	PrivateKey pulumi.StringPtrInput
	// The public key part the SSH CA key pair; required if generateSigningKey is false.
	PublicKey pulumi.StringPtrInput
}

The set of arguments for constructing a SecretBackendCa resource.

func (SecretBackendCaArgs) ElementType 

func (SecretBackendCaArgs) ElementType() reflect.Type

type SecretBackendCaArray 

type SecretBackendCaArray []SecretBackendCaInput

func (SecretBackendCaArray) ElementType 

func (SecretBackendCaArray) ElementType() reflect.Type

func (SecretBackendCaArray) ToSecretBackendCaArrayOutput 

func (i SecretBackendCaArray) ToSecretBackendCaArrayOutput() SecretBackendCaArrayOutput

func (SecretBackendCaArray) ToSecretBackendCaArrayOutputWithContext 

func (i SecretBackendCaArray) ToSecretBackendCaArrayOutputWithContext(ctx context.Context) SecretBackendCaArrayOutput

type SecretBackendCaArrayInput 

type SecretBackendCaArrayInput interface {
	pulumi.Input

	ToSecretBackendCaArrayOutput() SecretBackendCaArrayOutput
	ToSecretBackendCaArrayOutputWithContext(context.Context) SecretBackendCaArrayOutput
}

SecretBackendCaArrayInput is an input type that accepts SecretBackendCaArray and SecretBackendCaArrayOutput values. You can construct a concrete instance of `SecretBackendCaArrayInput` via: 

SecretBackendCaArray{ SecretBackendCaArgs{...} }

type SecretBackendCaArrayOutput 

type SecretBackendCaArrayOutput struct{ *pulumi.OutputState }

func (SecretBackendCaArrayOutput) ElementType 

func (SecretBackendCaArrayOutput) ElementType() reflect.Type

func (SecretBackendCaArrayOutput) Index 

func (o SecretBackendCaArrayOutput) Index(i pulumi.IntInput) SecretBackendCaOutput

func (SecretBackendCaArrayOutput) ToSecretBackendCaArrayOutput 

func (o SecretBackendCaArrayOutput) ToSecretBackendCaArrayOutput() SecretBackendCaArrayOutput

func (SecretBackendCaArrayOutput) ToSecretBackendCaArrayOutputWithContext 

func (o SecretBackendCaArrayOutput) ToSecretBackendCaArrayOutputWithContext(ctx context.Context) SecretBackendCaArrayOutput

type SecretBackendCaInput 

type SecretBackendCaInput interface {
	pulumi.Input

	ToSecretBackendCaOutput() SecretBackendCaOutput
	ToSecretBackendCaOutputWithContext(ctx context.Context) SecretBackendCaOutput
}

type SecretBackendCaMap 

type SecretBackendCaMap map[string]SecretBackendCaInput

func (SecretBackendCaMap) ElementType 

func (SecretBackendCaMap) ElementType() reflect.Type

func (SecretBackendCaMap) ToSecretBackendCaMapOutput 

func (i SecretBackendCaMap) ToSecretBackendCaMapOutput() SecretBackendCaMapOutput

func (SecretBackendCaMap) ToSecretBackendCaMapOutputWithContext 

func (i SecretBackendCaMap) ToSecretBackendCaMapOutputWithContext(ctx context.Context) SecretBackendCaMapOutput

type SecretBackendCaMapInput 

type SecretBackendCaMapInput interface {
	pulumi.Input

	ToSecretBackendCaMapOutput() SecretBackendCaMapOutput
	ToSecretBackendCaMapOutputWithContext(context.Context) SecretBackendCaMapOutput
}

SecretBackendCaMapInput is an input type that accepts SecretBackendCaMap and SecretBackendCaMapOutput values. You can construct a concrete instance of `SecretBackendCaMapInput` via: 

SecretBackendCaMap{ "key": SecretBackendCaArgs{...} }

type SecretBackendCaMapOutput 

type SecretBackendCaMapOutput struct{ *pulumi.OutputState }

func (SecretBackendCaMapOutput) ElementType 

func (SecretBackendCaMapOutput) ElementType() reflect.Type

func (SecretBackendCaMapOutput) MapIndex 

func (o SecretBackendCaMapOutput) MapIndex(k pulumi.StringInput) SecretBackendCaOutput

func (SecretBackendCaMapOutput) ToSecretBackendCaMapOutput 

func (o SecretBackendCaMapOutput) ToSecretBackendCaMapOutput() SecretBackendCaMapOutput

func (SecretBackendCaMapOutput) ToSecretBackendCaMapOutputWithContext 

func (o SecretBackendCaMapOutput) ToSecretBackendCaMapOutputWithContext(ctx context.Context) SecretBackendCaMapOutput

type SecretBackendCaOutput 

type SecretBackendCaOutput struct{ *pulumi.OutputState }

func (SecretBackendCaOutput) Backend 

func (o SecretBackendCaOutput) Backend() pulumi.StringPtrOutput

The path where the SSH secret backend is mounted. Defaults to 'ssh'

func (SecretBackendCaOutput) ElementType 

func (SecretBackendCaOutput) ElementType() reflect.Type

func (SecretBackendCaOutput) GenerateSigningKey 

func (o SecretBackendCaOutput) GenerateSigningKey() pulumi.BoolPtrOutput

Whether Vault should generate the signing key pair internally. Defaults to true

func (SecretBackendCaOutput) Namespace 

func (o SecretBackendCaOutput) Namespace() pulumi.StringPtrOutput

The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). *Available only for Vault Enterprise*.

func (SecretBackendCaOutput) PrivateKey 

func (o SecretBackendCaOutput) PrivateKey() pulumi.StringOutput

Private key part the SSH CA key pair; required if generate_signing_key is false.

func (SecretBackendCaOutput) PublicKey 

func (o SecretBackendCaOutput) PublicKey() pulumi.StringOutput

The public key part the SSH CA key pair; required if generateSigningKey is false.

func (SecretBackendCaOutput) ToSecretBackendCaOutput 

func (o SecretBackendCaOutput) ToSecretBackendCaOutput() SecretBackendCaOutput

func (SecretBackendCaOutput) ToSecretBackendCaOutputWithContext 

func (o SecretBackendCaOutput) ToSecretBackendCaOutputWithContext(ctx context.Context) SecretBackendCaOutput

type SecretBackendCaState 

type SecretBackendCaState struct {
	// The path where the SSH secret backend is mounted. Defaults to 'ssh'
	Backend pulumi.StringPtrInput
	// Whether Vault should generate the signing key pair internally. Defaults to true
	GenerateSigningKey pulumi.BoolPtrInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// Private key part the SSH CA key pair; required if generate_signing_key is false.
	PrivateKey pulumi.StringPtrInput
	// The public key part the SSH CA key pair; required if generateSigningKey is false.
	PublicKey pulumi.StringPtrInput
}

func (SecretBackendCaState) ElementType 

func (SecretBackendCaState) ElementType() reflect.Type

type SecretBackendRole 

type SecretBackendRole struct {
	pulumi.CustomResourceState

	// When supplied, this value specifies a signing algorithm for the key. Possible values: ssh-rsa, rsa-sha2-256, rsa-sha2-512.
	AlgorithmSigner pulumi.StringOutput `pulumi:"algorithmSigner"`
	// Specifies if host certificates that are requested are allowed to use the base domains listed in `allowedDomains`.
	AllowBareDomains pulumi.BoolPtrOutput `pulumi:"allowBareDomains"`
	// Specifies if certificates are allowed to be signed for use as a 'host'.
	AllowHostCertificates pulumi.BoolPtrOutput `pulumi:"allowHostCertificates"`
	// Specifies if host certificates that are requested are allowed to be subdomains of those listed in `allowedDomains`.
	AllowSubdomains pulumi.BoolPtrOutput `pulumi:"allowSubdomains"`
	// Specifies if certificates are allowed to be signed for use as a 'user'.
	AllowUserCertificates pulumi.BoolPtrOutput `pulumi:"allowUserCertificates"`
	// Specifies if users can override the key ID for a signed certificate with the `keyId` field.
	AllowUserKeyIds pulumi.BoolPtrOutput `pulumi:"allowUserKeyIds"`
	// Specifies a comma-separated list of critical options that certificates can have when signed.
	AllowedCriticalOptions pulumi.StringPtrOutput `pulumi:"allowedCriticalOptions"`
	// The list of domains for which a client can request a host certificate.
	AllowedDomains pulumi.StringPtrOutput `pulumi:"allowedDomains"`
	// Specifies if `allowedDomains` can be declared using
	// identity template policies. Non-templated domains are also permitted.
	AllowedDomainsTemplate pulumi.BoolOutput `pulumi:"allowedDomainsTemplate"`
	// Specifies a comma-separated list of extensions that certificates can have when signed.
	AllowedExtensions pulumi.StringPtrOutput `pulumi:"allowedExtensions"`
	// Set of configuration blocks to define allowed\
	// user key configuration, like key type and their lengths. Can be specified multiple times.
	// *See Configuration-Options for more info*
	AllowedUserKeyConfigs SecretBackendRoleAllowedUserKeyConfigArrayOutput `pulumi:"allowedUserKeyConfigs"`
	// Specifies a comma-separated list of usernames that are to be allowed, only if certain usernames are to be allowed.
	AllowedUsers pulumi.StringPtrOutput `pulumi:"allowedUsers"`
	// Specifies if `allowedUsers` can be declared using identity template policies. Non-templated users are also permitted.
	AllowedUsersTemplate pulumi.BoolPtrOutput `pulumi:"allowedUsersTemplate"`
	// The path where the SSH secret backend is mounted.
	Backend pulumi.StringOutput `pulumi:"backend"`
	// The comma-separated string of CIDR blocks for which this role is applicable.
	CidrList pulumi.StringPtrOutput `pulumi:"cidrList"`
	// Specifies a map of critical options that certificates have when signed.
	DefaultCriticalOptions pulumi.MapOutput `pulumi:"defaultCriticalOptions"`
	// Specifies a map of extensions that certificates have when signed.
	DefaultExtensions pulumi.MapOutput `pulumi:"defaultExtensions"`
	// Specifies the default username for which a credential will be generated.
	DefaultUser pulumi.StringPtrOutput `pulumi:"defaultUser"`
	// If set, `defaultUsers` can be specified using identity template values. A non-templated user is also permitted.
	DefaultUserTemplate pulumi.BoolPtrOutput `pulumi:"defaultUserTemplate"`
	// Specifies a custom format for the key id of a signed certificate.
	KeyIdFormat pulumi.StringPtrOutput `pulumi:"keyIdFormat"`
	// Specifies the type of credentials generated by this role. This can be either `otp`, `dynamic` or `ca`.
	KeyType pulumi.StringOutput `pulumi:"keyType"`
	// Specifies the maximum Time To Live value.
	MaxTtl pulumi.StringOutput `pulumi:"maxTtl"`
	// Specifies the name of the role to create.
	Name pulumi.StringOutput `pulumi:"name"`
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrOutput `pulumi:"namespace"`
	// Specifies the duration by which to backdate the ValidAfter property. Uses duration format strings.
	NotBeforeDuration pulumi.StringOutput `pulumi:"notBeforeDuration"`
	// Specifies the Time To Live value.
	Ttl pulumi.StringOutput `pulumi:"ttl"`
}

Provides a resource to manage roles in an SSH secret backend [SSH secret backend within Vault](https://www.vaultproject.io/docs/secrets/ssh/index.html).

## Example Usage

<!--Start PulumiCodeChooser --> ```go package main

import ( 

"github.com/pulumi/pulumi-vault/sdk/v6/go/vault"
"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/ssh"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		example, err := vault.NewMount(ctx, "example", &vault.MountArgs{
			Type: pulumi.String("ssh"),
		})
		if err != nil {
			return err
		}
		_, err = ssh.NewSecretBackendRole(ctx, "foo", &ssh.SecretBackendRoleArgs{
			Backend:               example.Path,
			KeyType:               pulumi.String("ca"),
			AllowUserCertificates: pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		_, err = ssh.NewSecretBackendRole(ctx, "bar", &ssh.SecretBackendRoleArgs{
			Backend:      example.Path,
			KeyType:      pulumi.String("otp"),
			DefaultUser:  pulumi.String("default"),
			AllowedUsers: pulumi.String("default,baz"),
			CidrList:     pulumi.String("0.0.0.0/0"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` <!--End PulumiCodeChooser -->

## Import

SSH secret backend roles can be imported using the `path`, e.g.

```sh $ pulumi import vault:ssh/secretBackendRole:SecretBackendRole foo ssh/roles/my-role ```

func GetSecretBackendRole 

func GetSecretBackendRole(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *SecretBackendRoleState, opts ...pulumi.ResourceOption) (*SecretBackendRole, error)

GetSecretBackendRole gets an existing SecretBackendRole resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewSecretBackendRole 

func NewSecretBackendRole(ctx *pulumi.Context,
	name string, args *SecretBackendRoleArgs, opts ...pulumi.ResourceOption) (*SecretBackendRole, error)

NewSecretBackendRole registers a new resource with the given unique name, arguments, and options.

func (*SecretBackendRole) ElementType 

func (*SecretBackendRole) ElementType() reflect.Type

func (*SecretBackendRole) ToSecretBackendRoleOutput 

func (i *SecretBackendRole) ToSecretBackendRoleOutput() SecretBackendRoleOutput

func (*SecretBackendRole) ToSecretBackendRoleOutputWithContext 

func (i *SecretBackendRole) ToSecretBackendRoleOutputWithContext(ctx context.Context) SecretBackendRoleOutput

type SecretBackendRoleAllowedUserKeyConfig 

type SecretBackendRoleAllowedUserKeyConfig struct {
	// A list of allowed key lengths as integers.
	// For key types that do not support setting the length a value of `[0]` should be used.
	// Setting multiple lengths is only supported on Vault 1.10+. For prior releases `length`
	// must be set to a single element list.
	//
	// Example configuration blocks that might be included in the `ssh.SecretBackendRole`
	//
	// <!--Start PulumiCodeChooser -->
	// “`go
	// package main
	//
	// import (
	// 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
	// )
	//
	// func main() {
	// 	pulumi.Run(func(ctx *pulumi.Context) error {
	// 		return nil
	// 	})
	// }
	// “`
	// <!--End PulumiCodeChooser -->
	Lengths []int `pulumi:"lengths"`
	// The SSH public key type.\
	// *Supported key types are:*
	// `rsa`, `ecdsa`, `ec`, `dsa`, `ed25519`, `ssh-rsa`, `ssh-dss`, `ssh-ed25519`,
	// `ecdsa-sha2-nistp256`, `ecdsa-sha2-nistp384`, `ecdsa-sha2-nistp521`
	Type string `pulumi:"type"`
}

type SecretBackendRoleAllowedUserKeyConfigArgs 

type SecretBackendRoleAllowedUserKeyConfigArgs struct {
	// A list of allowed key lengths as integers.
	// For key types that do not support setting the length a value of `[0]` should be used.
	// Setting multiple lengths is only supported on Vault 1.10+. For prior releases `length`
	// must be set to a single element list.
	//
	// Example configuration blocks that might be included in the `ssh.SecretBackendRole`
	//
	// <!--Start PulumiCodeChooser -->
	// “`go
	// package main
	//
	// import (
	// 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
	// )
	//
	// func main() {
	// 	pulumi.Run(func(ctx *pulumi.Context) error {
	// 		return nil
	// 	})
	// }
	// “`
	// <!--End PulumiCodeChooser -->
	Lengths pulumi.IntArrayInput `pulumi:"lengths"`
	// The SSH public key type.\
	// *Supported key types are:*
	// `rsa`, `ecdsa`, `ec`, `dsa`, `ed25519`, `ssh-rsa`, `ssh-dss`, `ssh-ed25519`,
	// `ecdsa-sha2-nistp256`, `ecdsa-sha2-nistp384`, `ecdsa-sha2-nistp521`
	Type pulumi.StringInput `pulumi:"type"`
}

func (SecretBackendRoleAllowedUserKeyConfigArgs) ElementType 

func (SecretBackendRoleAllowedUserKeyConfigArgs) ElementType() reflect.Type

func (SecretBackendRoleAllowedUserKeyConfigArgs) ToSecretBackendRoleAllowedUserKeyConfigOutput 

func (i SecretBackendRoleAllowedUserKeyConfigArgs) ToSecretBackendRoleAllowedUserKeyConfigOutput() SecretBackendRoleAllowedUserKeyConfigOutput

func (SecretBackendRoleAllowedUserKeyConfigArgs) ToSecretBackendRoleAllowedUserKeyConfigOutputWithContext 

func (i SecretBackendRoleAllowedUserKeyConfigArgs) ToSecretBackendRoleAllowedUserKeyConfigOutputWithContext(ctx context.Context) SecretBackendRoleAllowedUserKeyConfigOutput

type SecretBackendRoleAllowedUserKeyConfigArray 

type SecretBackendRoleAllowedUserKeyConfigArray []SecretBackendRoleAllowedUserKeyConfigInput

func (SecretBackendRoleAllowedUserKeyConfigArray) ElementType 

func (SecretBackendRoleAllowedUserKeyConfigArray) ElementType() reflect.Type

func (SecretBackendRoleAllowedUserKeyConfigArray) ToSecretBackendRoleAllowedUserKeyConfigArrayOutput 

func (i SecretBackendRoleAllowedUserKeyConfigArray) ToSecretBackendRoleAllowedUserKeyConfigArrayOutput() SecretBackendRoleAllowedUserKeyConfigArrayOutput

func (SecretBackendRoleAllowedUserKeyConfigArray) ToSecretBackendRoleAllowedUserKeyConfigArrayOutputWithContext 

func (i SecretBackendRoleAllowedUserKeyConfigArray) ToSecretBackendRoleAllowedUserKeyConfigArrayOutputWithContext(ctx context.Context) SecretBackendRoleAllowedUserKeyConfigArrayOutput

type SecretBackendRoleAllowedUserKeyConfigArrayInput 

type SecretBackendRoleAllowedUserKeyConfigArrayInput interface {
	pulumi.Input

	ToSecretBackendRoleAllowedUserKeyConfigArrayOutput() SecretBackendRoleAllowedUserKeyConfigArrayOutput
	ToSecretBackendRoleAllowedUserKeyConfigArrayOutputWithContext(context.Context) SecretBackendRoleAllowedUserKeyConfigArrayOutput
}

SecretBackendRoleAllowedUserKeyConfigArrayInput is an input type that accepts SecretBackendRoleAllowedUserKeyConfigArray and SecretBackendRoleAllowedUserKeyConfigArrayOutput values. You can construct a concrete instance of `SecretBackendRoleAllowedUserKeyConfigArrayInput` via: 

SecretBackendRoleAllowedUserKeyConfigArray{ SecretBackendRoleAllowedUserKeyConfigArgs{...} }

type SecretBackendRoleAllowedUserKeyConfigArrayOutput 

type SecretBackendRoleAllowedUserKeyConfigArrayOutput struct{ *pulumi.OutputState }

func (SecretBackendRoleAllowedUserKeyConfigArrayOutput) ElementType 

func (SecretBackendRoleAllowedUserKeyConfigArrayOutput) ElementType() reflect.Type

func (SecretBackendRoleAllowedUserKeyConfigArrayOutput) Index 

func (o SecretBackendRoleAllowedUserKeyConfigArrayOutput) Index(i pulumi.IntInput) SecretBackendRoleAllowedUserKeyConfigOutput

func (SecretBackendRoleAllowedUserKeyConfigArrayOutput) ToSecretBackendRoleAllowedUserKeyConfigArrayOutput 

func (o SecretBackendRoleAllowedUserKeyConfigArrayOutput) ToSecretBackendRoleAllowedUserKeyConfigArrayOutput() SecretBackendRoleAllowedUserKeyConfigArrayOutput

func (SecretBackendRoleAllowedUserKeyConfigArrayOutput) ToSecretBackendRoleAllowedUserKeyConfigArrayOutputWithContext 

func (o SecretBackendRoleAllowedUserKeyConfigArrayOutput) ToSecretBackendRoleAllowedUserKeyConfigArrayOutputWithContext(ctx context.Context) SecretBackendRoleAllowedUserKeyConfigArrayOutput

type SecretBackendRoleAllowedUserKeyConfigInput 

type SecretBackendRoleAllowedUserKeyConfigInput interface {
	pulumi.Input

	ToSecretBackendRoleAllowedUserKeyConfigOutput() SecretBackendRoleAllowedUserKeyConfigOutput
	ToSecretBackendRoleAllowedUserKeyConfigOutputWithContext(context.Context) SecretBackendRoleAllowedUserKeyConfigOutput
}

SecretBackendRoleAllowedUserKeyConfigInput is an input type that accepts SecretBackendRoleAllowedUserKeyConfigArgs and SecretBackendRoleAllowedUserKeyConfigOutput values. You can construct a concrete instance of `SecretBackendRoleAllowedUserKeyConfigInput` via: 

SecretBackendRoleAllowedUserKeyConfigArgs{...}

type SecretBackendRoleAllowedUserKeyConfigOutput 

type SecretBackendRoleAllowedUserKeyConfigOutput struct{ *pulumi.OutputState }

func (SecretBackendRoleAllowedUserKeyConfigOutput) ElementType 

func (SecretBackendRoleAllowedUserKeyConfigOutput) ElementType() reflect.Type

func (SecretBackendRoleAllowedUserKeyConfigOutput) Lengths 

func (o SecretBackendRoleAllowedUserKeyConfigOutput) Lengths() pulumi.IntArrayOutput

A list of allowed key lengths as integers. For key types that do not support setting the length a value of `[0]` should be used. Setting multiple lengths is only supported on Vault 1.10+. For prior releases `length` must be set to a single element list.

Example configuration blocks that might be included in the `ssh.SecretBackendRole`

<!--Start PulumiCodeChooser --> ```go package main

import ( 

"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		return nil
	})
}

``` <!--End PulumiCodeChooser -->

func (SecretBackendRoleAllowedUserKeyConfigOutput) ToSecretBackendRoleAllowedUserKeyConfigOutput 

func (o SecretBackendRoleAllowedUserKeyConfigOutput) ToSecretBackendRoleAllowedUserKeyConfigOutput() SecretBackendRoleAllowedUserKeyConfigOutput

func (SecretBackendRoleAllowedUserKeyConfigOutput) ToSecretBackendRoleAllowedUserKeyConfigOutputWithContext 

func (o SecretBackendRoleAllowedUserKeyConfigOutput) ToSecretBackendRoleAllowedUserKeyConfigOutputWithContext(ctx context.Context) SecretBackendRoleAllowedUserKeyConfigOutput

func (SecretBackendRoleAllowedUserKeyConfigOutput) Type 

func (o SecretBackendRoleAllowedUserKeyConfigOutput) Type() pulumi.StringOutput

The SSH public key type.\ *Supported key types are:* `rsa`, `ecdsa`, `ec`, `dsa`, `ed25519`, `ssh-rsa`, `ssh-dss`, `ssh-ed25519`, `ecdsa-sha2-nistp256`, `ecdsa-sha2-nistp384`, `ecdsa-sha2-nistp521`

type SecretBackendRoleArgs 

type SecretBackendRoleArgs struct {
	// When supplied, this value specifies a signing algorithm for the key. Possible values: ssh-rsa, rsa-sha2-256, rsa-sha2-512.
	AlgorithmSigner pulumi.StringPtrInput
	// Specifies if host certificates that are requested are allowed to use the base domains listed in `allowedDomains`.
	AllowBareDomains pulumi.BoolPtrInput
	// Specifies if certificates are allowed to be signed for use as a 'host'.
	AllowHostCertificates pulumi.BoolPtrInput
	// Specifies if host certificates that are requested are allowed to be subdomains of those listed in `allowedDomains`.
	AllowSubdomains pulumi.BoolPtrInput
	// Specifies if certificates are allowed to be signed for use as a 'user'.
	AllowUserCertificates pulumi.BoolPtrInput
	// Specifies if users can override the key ID for a signed certificate with the `keyId` field.
	AllowUserKeyIds pulumi.BoolPtrInput
	// Specifies a comma-separated list of critical options that certificates can have when signed.
	AllowedCriticalOptions pulumi.StringPtrInput
	// The list of domains for which a client can request a host certificate.
	AllowedDomains pulumi.StringPtrInput
	// Specifies if `allowedDomains` can be declared using
	// identity template policies. Non-templated domains are also permitted.
	AllowedDomainsTemplate pulumi.BoolPtrInput
	// Specifies a comma-separated list of extensions that certificates can have when signed.
	AllowedExtensions pulumi.StringPtrInput
	// Set of configuration blocks to define allowed\
	// user key configuration, like key type and their lengths. Can be specified multiple times.
	// *See Configuration-Options for more info*
	AllowedUserKeyConfigs SecretBackendRoleAllowedUserKeyConfigArrayInput
	// Specifies a comma-separated list of usernames that are to be allowed, only if certain usernames are to be allowed.
	AllowedUsers pulumi.StringPtrInput
	// Specifies if `allowedUsers` can be declared using identity template policies. Non-templated users are also permitted.
	AllowedUsersTemplate pulumi.BoolPtrInput
	// The path where the SSH secret backend is mounted.
	Backend pulumi.StringInput
	// The comma-separated string of CIDR blocks for which this role is applicable.
	CidrList pulumi.StringPtrInput
	// Specifies a map of critical options that certificates have when signed.
	DefaultCriticalOptions pulumi.MapInput
	// Specifies a map of extensions that certificates have when signed.
	DefaultExtensions pulumi.MapInput
	// Specifies the default username for which a credential will be generated.
	DefaultUser pulumi.StringPtrInput
	// If set, `defaultUsers` can be specified using identity template values. A non-templated user is also permitted.
	DefaultUserTemplate pulumi.BoolPtrInput
	// Specifies a custom format for the key id of a signed certificate.
	KeyIdFormat pulumi.StringPtrInput
	// Specifies the type of credentials generated by this role. This can be either `otp`, `dynamic` or `ca`.
	KeyType pulumi.StringInput
	// Specifies the maximum Time To Live value.
	MaxTtl pulumi.StringPtrInput
	// Specifies the name of the role to create.
	Name pulumi.StringPtrInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// Specifies the duration by which to backdate the ValidAfter property. Uses duration format strings.
	NotBeforeDuration pulumi.StringPtrInput
	// Specifies the Time To Live value.
	Ttl pulumi.StringPtrInput
}

The set of arguments for constructing a SecretBackendRole resource.

func (SecretBackendRoleArgs) ElementType 

func (SecretBackendRoleArgs) ElementType() reflect.Type

type SecretBackendRoleArray 

type SecretBackendRoleArray []SecretBackendRoleInput

func (SecretBackendRoleArray) ElementType 

func (SecretBackendRoleArray) ElementType() reflect.Type

func (SecretBackendRoleArray) ToSecretBackendRoleArrayOutput 

func (i SecretBackendRoleArray) ToSecretBackendRoleArrayOutput() SecretBackendRoleArrayOutput

func (SecretBackendRoleArray) ToSecretBackendRoleArrayOutputWithContext 

func (i SecretBackendRoleArray) ToSecretBackendRoleArrayOutputWithContext(ctx context.Context) SecretBackendRoleArrayOutput

type SecretBackendRoleArrayInput 

type SecretBackendRoleArrayInput interface {
	pulumi.Input

	ToSecretBackendRoleArrayOutput() SecretBackendRoleArrayOutput
	ToSecretBackendRoleArrayOutputWithContext(context.Context) SecretBackendRoleArrayOutput
}

SecretBackendRoleArrayInput is an input type that accepts SecretBackendRoleArray and SecretBackendRoleArrayOutput values. You can construct a concrete instance of `SecretBackendRoleArrayInput` via: 

SecretBackendRoleArray{ SecretBackendRoleArgs{...} }

type SecretBackendRoleArrayOutput 

type SecretBackendRoleArrayOutput struct{ *pulumi.OutputState }

func (SecretBackendRoleArrayOutput) ElementType 

func (SecretBackendRoleArrayOutput) ElementType() reflect.Type

func (SecretBackendRoleArrayOutput) Index 

func (o SecretBackendRoleArrayOutput) Index(i pulumi.IntInput) SecretBackendRoleOutput

func (SecretBackendRoleArrayOutput) ToSecretBackendRoleArrayOutput 

func (o SecretBackendRoleArrayOutput) ToSecretBackendRoleArrayOutput() SecretBackendRoleArrayOutput

func (SecretBackendRoleArrayOutput) ToSecretBackendRoleArrayOutputWithContext 

func (o SecretBackendRoleArrayOutput) ToSecretBackendRoleArrayOutputWithContext(ctx context.Context) SecretBackendRoleArrayOutput

type SecretBackendRoleInput 

type SecretBackendRoleInput interface {
	pulumi.Input

	ToSecretBackendRoleOutput() SecretBackendRoleOutput
	ToSecretBackendRoleOutputWithContext(ctx context.Context) SecretBackendRoleOutput
}

type SecretBackendRoleMap 

type SecretBackendRoleMap map[string]SecretBackendRoleInput

func (SecretBackendRoleMap) ElementType 

func (SecretBackendRoleMap) ElementType() reflect.Type

func (SecretBackendRoleMap) ToSecretBackendRoleMapOutput 

func (i SecretBackendRoleMap) ToSecretBackendRoleMapOutput() SecretBackendRoleMapOutput

func (SecretBackendRoleMap) ToSecretBackendRoleMapOutputWithContext 

func (i SecretBackendRoleMap) ToSecretBackendRoleMapOutputWithContext(ctx context.Context) SecretBackendRoleMapOutput

type SecretBackendRoleMapInput 

type SecretBackendRoleMapInput interface {
	pulumi.Input

	ToSecretBackendRoleMapOutput() SecretBackendRoleMapOutput
	ToSecretBackendRoleMapOutputWithContext(context.Context) SecretBackendRoleMapOutput
}

SecretBackendRoleMapInput is an input type that accepts SecretBackendRoleMap and SecretBackendRoleMapOutput values. You can construct a concrete instance of `SecretBackendRoleMapInput` via: 

SecretBackendRoleMap{ "key": SecretBackendRoleArgs{...} }

type SecretBackendRoleMapOutput 

type SecretBackendRoleMapOutput struct{ *pulumi.OutputState }

func (SecretBackendRoleMapOutput) ElementType 

func (SecretBackendRoleMapOutput) ElementType() reflect.Type

func (SecretBackendRoleMapOutput) MapIndex 

func (o SecretBackendRoleMapOutput) MapIndex(k pulumi.StringInput) SecretBackendRoleOutput

func (SecretBackendRoleMapOutput) ToSecretBackendRoleMapOutput 

func (o SecretBackendRoleMapOutput) ToSecretBackendRoleMapOutput() SecretBackendRoleMapOutput

func (SecretBackendRoleMapOutput) ToSecretBackendRoleMapOutputWithContext 

func (o SecretBackendRoleMapOutput) ToSecretBackendRoleMapOutputWithContext(ctx context.Context) SecretBackendRoleMapOutput

type SecretBackendRoleOutput 

type SecretBackendRoleOutput struct{ *pulumi.OutputState }

func (SecretBackendRoleOutput) AlgorithmSigner 

func (o SecretBackendRoleOutput) AlgorithmSigner() pulumi.StringOutput

When supplied, this value specifies a signing algorithm for the key. Possible values: ssh-rsa, rsa-sha2-256, rsa-sha2-512.

func (SecretBackendRoleOutput) AllowBareDomains 

func (o SecretBackendRoleOutput) AllowBareDomains() pulumi.BoolPtrOutput

Specifies if host certificates that are requested are allowed to use the base domains listed in `allowedDomains`.

func (SecretBackendRoleOutput) AllowHostCertificates 

func (o SecretBackendRoleOutput) AllowHostCertificates() pulumi.BoolPtrOutput

Specifies if certificates are allowed to be signed for use as a 'host'.

func (SecretBackendRoleOutput) AllowSubdomains 

func (o SecretBackendRoleOutput) AllowSubdomains() pulumi.BoolPtrOutput

Specifies if host certificates that are requested are allowed to be subdomains of those listed in `allowedDomains`.

func (SecretBackendRoleOutput) AllowUserCertificates 

func (o SecretBackendRoleOutput) AllowUserCertificates() pulumi.BoolPtrOutput

Specifies if certificates are allowed to be signed for use as a 'user'.

func (SecretBackendRoleOutput) AllowUserKeyIds 

func (o SecretBackendRoleOutput) AllowUserKeyIds() pulumi.BoolPtrOutput

Specifies if users can override the key ID for a signed certificate with the `keyId` field.

func (SecretBackendRoleOutput) AllowedCriticalOptions 

func (o SecretBackendRoleOutput) AllowedCriticalOptions() pulumi.StringPtrOutput

Specifies a comma-separated list of critical options that certificates can have when signed.

func (SecretBackendRoleOutput) AllowedDomains 

func (o SecretBackendRoleOutput) AllowedDomains() pulumi.StringPtrOutput

The list of domains for which a client can request a host certificate.

func (SecretBackendRoleOutput) AllowedDomainsTemplate 

func (o SecretBackendRoleOutput) AllowedDomainsTemplate() pulumi.BoolOutput

Specifies if `allowedDomains` can be declared using identity template policies. Non-templated domains are also permitted.

func (SecretBackendRoleOutput) AllowedExtensions 

func (o SecretBackendRoleOutput) AllowedExtensions() pulumi.StringPtrOutput

Specifies a comma-separated list of extensions that certificates can have when signed.

func (SecretBackendRoleOutput) AllowedUserKeyConfigs 

func (o SecretBackendRoleOutput) AllowedUserKeyConfigs() SecretBackendRoleAllowedUserKeyConfigArrayOutput

Set of configuration blocks to define allowed\ user key configuration, like key type and their lengths. Can be specified multiple times. *See Configuration-Options for more info*

func (SecretBackendRoleOutput) AllowedUsers 

func (o SecretBackendRoleOutput) AllowedUsers() pulumi.StringPtrOutput

Specifies a comma-separated list of usernames that are to be allowed, only if certain usernames are to be allowed.

func (SecretBackendRoleOutput) AllowedUsersTemplate 

func (o SecretBackendRoleOutput) AllowedUsersTemplate() pulumi.BoolPtrOutput

Specifies if `allowedUsers` can be declared using identity template policies. Non-templated users are also permitted.

func (SecretBackendRoleOutput) Backend 

func (o SecretBackendRoleOutput) Backend() pulumi.StringOutput

The path where the SSH secret backend is mounted.

func (SecretBackendRoleOutput) CidrList 

func (o SecretBackendRoleOutput) CidrList() pulumi.StringPtrOutput

The comma-separated string of CIDR blocks for which this role is applicable.

func (SecretBackendRoleOutput) DefaultCriticalOptions 

func (o SecretBackendRoleOutput) DefaultCriticalOptions() pulumi.MapOutput

Specifies a map of critical options that certificates have when signed.

func (SecretBackendRoleOutput) DefaultExtensions 

func (o SecretBackendRoleOutput) DefaultExtensions() pulumi.MapOutput

Specifies a map of extensions that certificates have when signed.

func (SecretBackendRoleOutput) DefaultUser 

func (o SecretBackendRoleOutput) DefaultUser() pulumi.StringPtrOutput

Specifies the default username for which a credential will be generated.

func (SecretBackendRoleOutput) DefaultUserTemplate 

func (o SecretBackendRoleOutput) DefaultUserTemplate() pulumi.BoolPtrOutput

If set, `defaultUsers` can be specified using identity template values. A non-templated user is also permitted.

func (SecretBackendRoleOutput) ElementType 

func (SecretBackendRoleOutput) ElementType() reflect.Type

func (SecretBackendRoleOutput) KeyIdFormat 

func (o SecretBackendRoleOutput) KeyIdFormat() pulumi.StringPtrOutput

Specifies a custom format for the key id of a signed certificate.

func (SecretBackendRoleOutput) KeyType 

func (o SecretBackendRoleOutput) KeyType() pulumi.StringOutput

Specifies the type of credentials generated by this role. This can be either `otp`, `dynamic` or `ca`.

func (SecretBackendRoleOutput) MaxTtl 

func (o SecretBackendRoleOutput) MaxTtl() pulumi.StringOutput

Specifies the maximum Time To Live value.

func (SecretBackendRoleOutput) Name 

func (o SecretBackendRoleOutput) Name() pulumi.StringOutput

Specifies the name of the role to create.

func (SecretBackendRoleOutput) Namespace 

func (o SecretBackendRoleOutput) Namespace() pulumi.StringPtrOutput

The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). *Available only for Vault Enterprise*.

func (SecretBackendRoleOutput) NotBeforeDuration 

func (o SecretBackendRoleOutput) NotBeforeDuration() pulumi.StringOutput

Specifies the duration by which to backdate the ValidAfter property. Uses duration format strings.

func (SecretBackendRoleOutput) ToSecretBackendRoleOutput 

func (o SecretBackendRoleOutput) ToSecretBackendRoleOutput() SecretBackendRoleOutput

func (SecretBackendRoleOutput) ToSecretBackendRoleOutputWithContext 

func (o SecretBackendRoleOutput) ToSecretBackendRoleOutputWithContext(ctx context.Context) SecretBackendRoleOutput

func (SecretBackendRoleOutput) Ttl 

func (o SecretBackendRoleOutput) Ttl() pulumi.StringOutput

Specifies the Time To Live value.

type SecretBackendRoleState 

type SecretBackendRoleState struct {
	// When supplied, this value specifies a signing algorithm for the key. Possible values: ssh-rsa, rsa-sha2-256, rsa-sha2-512.
	AlgorithmSigner pulumi.StringPtrInput
	// Specifies if host certificates that are requested are allowed to use the base domains listed in `allowedDomains`.
	AllowBareDomains pulumi.BoolPtrInput
	// Specifies if certificates are allowed to be signed for use as a 'host'.
	AllowHostCertificates pulumi.BoolPtrInput
	// Specifies if host certificates that are requested are allowed to be subdomains of those listed in `allowedDomains`.
	AllowSubdomains pulumi.BoolPtrInput
	// Specifies if certificates are allowed to be signed for use as a 'user'.
	AllowUserCertificates pulumi.BoolPtrInput
	// Specifies if users can override the key ID for a signed certificate with the `keyId` field.
	AllowUserKeyIds pulumi.BoolPtrInput
	// Specifies a comma-separated list of critical options that certificates can have when signed.
	AllowedCriticalOptions pulumi.StringPtrInput
	// The list of domains for which a client can request a host certificate.
	AllowedDomains pulumi.StringPtrInput
	// Specifies if `allowedDomains` can be declared using
	// identity template policies. Non-templated domains are also permitted.
	AllowedDomainsTemplate pulumi.BoolPtrInput
	// Specifies a comma-separated list of extensions that certificates can have when signed.
	AllowedExtensions pulumi.StringPtrInput
	// Set of configuration blocks to define allowed\
	// user key configuration, like key type and their lengths. Can be specified multiple times.
	// *See Configuration-Options for more info*
	AllowedUserKeyConfigs SecretBackendRoleAllowedUserKeyConfigArrayInput
	// Specifies a comma-separated list of usernames that are to be allowed, only if certain usernames are to be allowed.
	AllowedUsers pulumi.StringPtrInput
	// Specifies if `allowedUsers` can be declared using identity template policies. Non-templated users are also permitted.
	AllowedUsersTemplate pulumi.BoolPtrInput
	// The path where the SSH secret backend is mounted.
	Backend pulumi.StringPtrInput
	// The comma-separated string of CIDR blocks for which this role is applicable.
	CidrList pulumi.StringPtrInput
	// Specifies a map of critical options that certificates have when signed.
	DefaultCriticalOptions pulumi.MapInput
	// Specifies a map of extensions that certificates have when signed.
	DefaultExtensions pulumi.MapInput
	// Specifies the default username for which a credential will be generated.
	DefaultUser pulumi.StringPtrInput
	// If set, `defaultUsers` can be specified using identity template values. A non-templated user is also permitted.
	DefaultUserTemplate pulumi.BoolPtrInput
	// Specifies a custom format for the key id of a signed certificate.
	KeyIdFormat pulumi.StringPtrInput
	// Specifies the type of credentials generated by this role. This can be either `otp`, `dynamic` or `ca`.
	KeyType pulumi.StringPtrInput
	// Specifies the maximum Time To Live value.
	MaxTtl pulumi.StringPtrInput
	// Specifies the name of the role to create.
	Name pulumi.StringPtrInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// Specifies the duration by which to backdate the ValidAfter property. Uses duration format strings.
	NotBeforeDuration pulumi.StringPtrInput
	// Specifies the Time To Live value.
	Ttl pulumi.StringPtrInput
}

func (SecretBackendRoleState) ElementType 

func (SecretBackendRoleState) ElementType() reflect.Type

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.