The highest tagged major version is
Documentation
¶
Overview ¶
nolint: lll
nolint: lll
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type SecretBackendCa ¶
type SecretBackendCa struct {
pulumi.CustomResourceState
// The path where the SSH secret backend is mounted. Defaults to 'ssh'
Backend pulumi.StringPtrOutput `pulumi:"backend"`
// Whether Vault should generate the signing key pair internally. Defaults to true
GenerateSigningKey pulumi.BoolPtrOutput `pulumi:"generateSigningKey"`
// The private key part the SSH CA key pair; required if generateSigningKey is false.
PrivateKey pulumi.StringOutput `pulumi:"privateKey"`
// The public key part the SSH CA key pair; required if generateSigningKey is false.
PublicKey pulumi.StringOutput `pulumi:"publicKey"`
}
Provides a resource to manage CA information in an SSH secret backend [SSH secret backend within Vault](https://www.vaultproject.io/docs/secrets/ssh/index.html).
> This content is derived from https://github.com/terraform-providers/terraform-provider-vault/blob/master/website/docs/r/ssh_secret_backend_ca.html.md.
func GetSecretBackendCa ¶
func GetSecretBackendCa(ctx *pulumi.Context, name string, id pulumi.IDInput, state *SecretBackendCaState, opts ...pulumi.ResourceOption) (*SecretBackendCa, error)
GetSecretBackendCa gets an existing SecretBackendCa resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewSecretBackendCa ¶
func NewSecretBackendCa(ctx *pulumi.Context, name string, args *SecretBackendCaArgs, opts ...pulumi.ResourceOption) (*SecretBackendCa, error)
NewSecretBackendCa registers a new resource with the given unique name, arguments, and options.
type SecretBackendCaArgs ¶
type SecretBackendCaArgs struct {
// The path where the SSH secret backend is mounted. Defaults to 'ssh'
Backend pulumi.StringPtrInput
// Whether Vault should generate the signing key pair internally. Defaults to true
GenerateSigningKey pulumi.BoolPtrInput
// The private key part the SSH CA key pair; required if generateSigningKey is false.
PrivateKey pulumi.StringPtrInput
// The public key part the SSH CA key pair; required if generateSigningKey is false.
PublicKey pulumi.StringPtrInput
}
The set of arguments for constructing a SecretBackendCa resource.
func (SecretBackendCaArgs) ElementType ¶
func (SecretBackendCaArgs) ElementType() reflect.Type
type SecretBackendCaState ¶
type SecretBackendCaState struct {
// The path where the SSH secret backend is mounted. Defaults to 'ssh'
Backend pulumi.StringPtrInput
// Whether Vault should generate the signing key pair internally. Defaults to true
GenerateSigningKey pulumi.BoolPtrInput
// The private key part the SSH CA key pair; required if generateSigningKey is false.
PrivateKey pulumi.StringPtrInput
// The public key part the SSH CA key pair; required if generateSigningKey is false.
PublicKey pulumi.StringPtrInput
}
func (SecretBackendCaState) ElementType ¶
func (SecretBackendCaState) ElementType() reflect.Type
type SecretBackendRole ¶
type SecretBackendRole struct {
pulumi.CustomResourceState
// Specifies if host certificates that are requested are allowed to use the base domains listed in `allowedDomains`.
AllowBareDomains pulumi.BoolPtrOutput `pulumi:"allowBareDomains"`
// Specifies if certificates are allowed to be signed for use as a 'host'.
AllowHostCertificates pulumi.BoolPtrOutput `pulumi:"allowHostCertificates"`
// Specifies if host certificates that are requested are allowed to be subdomains of those listed in `allowedDomains`.
AllowSubdomains pulumi.BoolPtrOutput `pulumi:"allowSubdomains"`
// Specifies if certificates are allowed to be signed for use as a 'user'.
AllowUserCertificates pulumi.BoolPtrOutput `pulumi:"allowUserCertificates"`
// Specifies if users can override the key ID for a signed certificate with the `keyId` field.
AllowUserKeyIds pulumi.BoolPtrOutput `pulumi:"allowUserKeyIds"`
// Specifies a comma-separated list of critical options that certificates can have when signed.
AllowedCriticalOptions pulumi.StringPtrOutput `pulumi:"allowedCriticalOptions"`
// The list of domains for which a client can request a host certificate.
AllowedDomains pulumi.StringPtrOutput `pulumi:"allowedDomains"`
// Specifies a comma-separated list of extensions that certificates can have when signed.
AllowedExtensions pulumi.StringPtrOutput `pulumi:"allowedExtensions"`
// Specifies a map of ssh key types and their expected sizes which are allowed to be signed by the CA type.
AllowedUserKeyLengths pulumi.MapOutput `pulumi:"allowedUserKeyLengths"`
// Specifies a comma-separated list of usernames that are to be allowed, only if certain usernames are to be allowed.
AllowedUsers pulumi.StringPtrOutput `pulumi:"allowedUsers"`
// The path where the SSH secret backend is mounted.
Backend pulumi.StringOutput `pulumi:"backend"`
// The comma-separated string of CIDR blocks for which this role is applicable.
CidrList pulumi.StringPtrOutput `pulumi:"cidrList"`
// Specifies a map of critical options that certificates have when signed.
DefaultCriticalOptions pulumi.MapOutput `pulumi:"defaultCriticalOptions"`
// Specifies a map of extensions that certificates have when signed.
DefaultExtensions pulumi.MapOutput `pulumi:"defaultExtensions"`
// Specifies the default username for which a credential will be generated.
DefaultUser pulumi.StringPtrOutput `pulumi:"defaultUser"`
// Specifies a custom format for the key id of a signed certificate.
KeyIdFormat pulumi.StringPtrOutput `pulumi:"keyIdFormat"`
// Specifies the type of credentials generated by this role. This can be either `otp`, `dynamic` or `ca`.
KeyType pulumi.StringOutput `pulumi:"keyType"`
// Specifies the maximum Time To Live value.
MaxTtl pulumi.StringOutput `pulumi:"maxTtl"`
// Specifies the name of the role to create.
Name pulumi.StringOutput `pulumi:"name"`
// Specifies the Time To Live value.
Ttl pulumi.StringOutput `pulumi:"ttl"`
}
Provides a resource to manage roles in an SSH secret backend [SSH secret backend within Vault](https://www.vaultproject.io/docs/secrets/ssh/index.html).
> This content is derived from https://github.com/terraform-providers/terraform-provider-vault/blob/master/website/docs/r/ssh_secret_backend_role.html.md.
func GetSecretBackendRole ¶
func GetSecretBackendRole(ctx *pulumi.Context, name string, id pulumi.IDInput, state *SecretBackendRoleState, opts ...pulumi.ResourceOption) (*SecretBackendRole, error)
GetSecretBackendRole gets an existing SecretBackendRole resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewSecretBackendRole ¶
func NewSecretBackendRole(ctx *pulumi.Context, name string, args *SecretBackendRoleArgs, opts ...pulumi.ResourceOption) (*SecretBackendRole, error)
NewSecretBackendRole registers a new resource with the given unique name, arguments, and options.
type SecretBackendRoleArgs ¶
type SecretBackendRoleArgs struct {
// Specifies if host certificates that are requested are allowed to use the base domains listed in `allowedDomains`.
AllowBareDomains pulumi.BoolPtrInput
// Specifies if certificates are allowed to be signed for use as a 'host'.
AllowHostCertificates pulumi.BoolPtrInput
// Specifies if host certificates that are requested are allowed to be subdomains of those listed in `allowedDomains`.
AllowSubdomains pulumi.BoolPtrInput
// Specifies if certificates are allowed to be signed for use as a 'user'.
AllowUserCertificates pulumi.BoolPtrInput
// Specifies if users can override the key ID for a signed certificate with the `keyId` field.
AllowUserKeyIds pulumi.BoolPtrInput
// Specifies a comma-separated list of critical options that certificates can have when signed.
AllowedCriticalOptions pulumi.StringPtrInput
// The list of domains for which a client can request a host certificate.
AllowedDomains pulumi.StringPtrInput
// Specifies a comma-separated list of extensions that certificates can have when signed.
AllowedExtensions pulumi.StringPtrInput
// Specifies a map of ssh key types and their expected sizes which are allowed to be signed by the CA type.
AllowedUserKeyLengths pulumi.MapInput
// Specifies a comma-separated list of usernames that are to be allowed, only if certain usernames are to be allowed.
AllowedUsers pulumi.StringPtrInput
// The path where the SSH secret backend is mounted.
Backend pulumi.StringInput
// The comma-separated string of CIDR blocks for which this role is applicable.
CidrList pulumi.StringPtrInput
// Specifies a map of critical options that certificates have when signed.
DefaultCriticalOptions pulumi.MapInput
// Specifies a map of extensions that certificates have when signed.
DefaultExtensions pulumi.MapInput
// Specifies the default username for which a credential will be generated.
DefaultUser pulumi.StringPtrInput
// Specifies a custom format for the key id of a signed certificate.
KeyIdFormat pulumi.StringPtrInput
// Specifies the type of credentials generated by this role. This can be either `otp`, `dynamic` or `ca`.
KeyType pulumi.StringInput
// Specifies the maximum Time To Live value.
MaxTtl pulumi.StringPtrInput
// Specifies the name of the role to create.
Name pulumi.StringPtrInput
// Specifies the Time To Live value.
Ttl pulumi.StringPtrInput
}
The set of arguments for constructing a SecretBackendRole resource.
func (SecretBackendRoleArgs) ElementType ¶
func (SecretBackendRoleArgs) ElementType() reflect.Type
type SecretBackendRoleState ¶
type SecretBackendRoleState struct {
// Specifies if host certificates that are requested are allowed to use the base domains listed in `allowedDomains`.
AllowBareDomains pulumi.BoolPtrInput
// Specifies if certificates are allowed to be signed for use as a 'host'.
AllowHostCertificates pulumi.BoolPtrInput
// Specifies if host certificates that are requested are allowed to be subdomains of those listed in `allowedDomains`.
AllowSubdomains pulumi.BoolPtrInput
// Specifies if certificates are allowed to be signed for use as a 'user'.
AllowUserCertificates pulumi.BoolPtrInput
// Specifies if users can override the key ID for a signed certificate with the `keyId` field.
AllowUserKeyIds pulumi.BoolPtrInput
// Specifies a comma-separated list of critical options that certificates can have when signed.
AllowedCriticalOptions pulumi.StringPtrInput
// The list of domains for which a client can request a host certificate.
AllowedDomains pulumi.StringPtrInput
// Specifies a comma-separated list of extensions that certificates can have when signed.
AllowedExtensions pulumi.StringPtrInput
// Specifies a map of ssh key types and their expected sizes which are allowed to be signed by the CA type.
AllowedUserKeyLengths pulumi.MapInput
// Specifies a comma-separated list of usernames that are to be allowed, only if certain usernames are to be allowed.
AllowedUsers pulumi.StringPtrInput
// The path where the SSH secret backend is mounted.
Backend pulumi.StringPtrInput
// The comma-separated string of CIDR blocks for which this role is applicable.
CidrList pulumi.StringPtrInput
// Specifies a map of critical options that certificates have when signed.
DefaultCriticalOptions pulumi.MapInput
// Specifies a map of extensions that certificates have when signed.
DefaultExtensions pulumi.MapInput
// Specifies the default username for which a credential will be generated.
DefaultUser pulumi.StringPtrInput
// Specifies a custom format for the key id of a signed certificate.
KeyIdFormat pulumi.StringPtrInput
// Specifies the type of credentials generated by this role. This can be either `otp`, `dynamic` or `ca`.
KeyType pulumi.StringPtrInput
// Specifies the maximum Time To Live value.
MaxTtl pulumi.StringPtrInput
// Specifies the name of the role to create.
Name pulumi.StringPtrInput
// Specifies the Time To Live value.
Ttl pulumi.StringPtrInput
}
func (SecretBackendRoleState) ElementType ¶
func (SecretBackendRoleState) ElementType() reflect.Type
Source Files
Click to show internal directories.
Click to hide internal directories.