schema

package
v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 15, 2023 License: MPL-2.0 Imports: 2 Imported by: 61

Documentation ¶

Index ¶

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type AWSConfigWriteCertificateRequest ¶ 

type AWSConfigWriteCertificateRequest struct {
	// Base64 encoded AWS Public cert required to verify PKCS7 signature of the EC2 instance metadata.
	AwsPublicCert string `json:"aws_public_cert"`

	// Takes the value of either \"pkcs7\" or \"identity\", indicating the type of document which can be verified using the given certificate. The reason is that the PKCS#7 document will have a DSA digest and the identity signature will have an RSA signature, and accordingly the public certificates to verify those also vary. Defaults to \"pkcs7\".
	Type string `json:"type"`
}

AWSConfigWriteCertificateRequest struct for AWSConfigWriteCertificateRequest

func NewAWSConfigWriteCertificateRequestWithDefaults ¶ 

func NewAWSConfigWriteCertificateRequestWithDefaults() *AWSConfigWriteCertificateRequest

NewAWSConfigWriteCertificateRequestWithDefaults instantiates a new AWSConfigWriteCertificateRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (AWSConfigWriteCertificateRequest) MarshalJSON ¶ 

func (o AWSConfigWriteCertificateRequest) MarshalJSON() ([]byte, error)

type AWSConfigWriteClientRequest ¶ 

type AWSConfigWriteClientRequest struct {
	// AWS Access Key ID for the account used to make AWS API requests.
	AccessKey string `json:"access_key"`

	// List of additional headers that are allowed to be in AWS STS request headers
	AllowedStsHeaderValues []string `json:"allowed_sts_header_values"`

	// URL to override the default generated endpoint for making AWS EC2 API calls.
	Endpoint string `json:"endpoint"`

	// URL to override the default generated endpoint for making AWS IAM API calls.
	IamEndpoint string `json:"iam_endpoint"`

	// Value to require in the X-Vault-AWS-IAM-Server-ID request header
	IamServerIdHeaderValue string `json:"iam_server_id_header_value"`

	// Maximum number of retries for recoverable exceptions of AWS APIs
	MaxRetries int32 `json:"max_retries"`

	// AWS Secret Access Key for the account used to make AWS API requests.
	SecretKey string `json:"secret_key"`

	// URL to override the default generated endpoint for making AWS STS API calls.
	StsEndpoint string `json:"sts_endpoint"`

	// The region ID for the sts_endpoint, if set.
	StsRegion string `json:"sts_region"`
}

AWSConfigWriteClientRequest struct for AWSConfigWriteClientRequest

func NewAWSConfigWriteClientRequestWithDefaults ¶ 

func NewAWSConfigWriteClientRequestWithDefaults() *AWSConfigWriteClientRequest

NewAWSConfigWriteClientRequestWithDefaults instantiates a new AWSConfigWriteClientRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (AWSConfigWriteClientRequest) MarshalJSON ¶ 

func (o AWSConfigWriteClientRequest) MarshalJSON() ([]byte, error)

type AWSConfigWriteIdentityAccessListRequest ¶ 

type AWSConfigWriteIdentityAccessListRequest struct {
	// If set to 'true', disables the periodic tidying of the 'identity-accesslist/<instance_id>' entries.
	DisablePeriodicTidy bool `json:"disable_periodic_tidy"`

	// The amount of extra time that must have passed beyond the identity's expiration, before it is removed from the backend storage.
	SafetyBuffer int32 `json:"safety_buffer"`
}

AWSConfigWriteIdentityAccessListRequest struct for AWSConfigWriteIdentityAccessListRequest

func NewAWSConfigWriteIdentityAccessListRequestWithDefaults ¶ 

func NewAWSConfigWriteIdentityAccessListRequestWithDefaults() *AWSConfigWriteIdentityAccessListRequest

NewAWSConfigWriteIdentityAccessListRequestWithDefaults instantiates a new AWSConfigWriteIdentityAccessListRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (AWSConfigWriteIdentityAccessListRequest) MarshalJSON ¶ 

func (o AWSConfigWriteIdentityAccessListRequest) MarshalJSON() ([]byte, error)

type AWSConfigWriteIdentityRequest ¶ 

type AWSConfigWriteIdentityRequest struct {
	// Configure how the AWS auth method generates entity alias when using EC2 auth. Valid values are \"role_id\", \"instance_id\", and \"image_id\". Defaults to \"role_id\".
	Ec2Alias string `json:"ec2_alias"`

	// The metadata to include on the aliases and audit logs generated by this plugin. When set to 'default', includes: account_id, auth_type. These fields are available to add: ami_id, instance_id, region. Not editing this field means the 'default' fields are included. Explicitly setting this field to empty overrides the 'default' and means no metadata will be included. If not using 'default', explicit fields must be sent like: 'field1,field2'.
	Ec2Metadata []string `json:"ec2_metadata"`

	// Configure how the AWS auth method generates entity aliases when using IAM auth. Valid values are \"role_id\", \"unique_id\", and \"full_arn\". Defaults to \"role_id\".
	IamAlias string `json:"iam_alias"`

	// The metadata to include on the aliases and audit logs generated by this plugin. When set to 'default', includes: account_id, auth_type. These fields are available to add: canonical_arn, client_arn, client_user_id, inferred_aws_region, inferred_entity_id, inferred_entity_type. Not editing this field means the 'default' fields are included. Explicitly setting this field to empty overrides the 'default' and means no metadata will be included. If not using 'default', explicit fields must be sent like: 'field1,field2'.
	IamMetadata []string `json:"iam_metadata"`
}

AWSConfigWriteIdentityRequest struct for AWSConfigWriteIdentityRequest

func NewAWSConfigWriteIdentityRequestWithDefaults ¶ 

func NewAWSConfigWriteIdentityRequestWithDefaults() *AWSConfigWriteIdentityRequest

NewAWSConfigWriteIdentityRequestWithDefaults instantiates a new AWSConfigWriteIdentityRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (AWSConfigWriteIdentityRequest) MarshalJSON ¶ 

func (o AWSConfigWriteIdentityRequest) MarshalJSON() ([]byte, error)

type AWSConfigWriteIdentityWhiteListRequest ¶ 

type AWSConfigWriteIdentityWhiteListRequest struct {
	// If set to 'true', disables the periodic tidying of the 'identity-accesslist/<instance_id>' entries.
	DisablePeriodicTidy bool `json:"disable_periodic_tidy"`

	// The amount of extra time that must have passed beyond the identity's expiration, before it is removed from the backend storage.
	SafetyBuffer int32 `json:"safety_buffer"`
}

AWSConfigWriteIdentityWhiteListRequest struct for AWSConfigWriteIdentityWhiteListRequest

func NewAWSConfigWriteIdentityWhiteListRequestWithDefaults ¶ 

func NewAWSConfigWriteIdentityWhiteListRequestWithDefaults() *AWSConfigWriteIdentityWhiteListRequest

NewAWSConfigWriteIdentityWhiteListRequestWithDefaults instantiates a new AWSConfigWriteIdentityWhiteListRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (AWSConfigWriteIdentityWhiteListRequest) MarshalJSON ¶ 

func (o AWSConfigWriteIdentityWhiteListRequest) MarshalJSON() ([]byte, error)

type AWSConfigWriteLeaseRequest ¶ 

type AWSConfigWriteLeaseRequest struct {
	// Default lease for roles.
	Lease string `json:"lease"`

	// Maximum time a credential is valid for.
	LeaseMax string `json:"lease_max"`
}

AWSConfigWriteLeaseRequest struct for AWSConfigWriteLeaseRequest

func NewAWSConfigWriteLeaseRequestWithDefaults ¶ 

func NewAWSConfigWriteLeaseRequestWithDefaults() *AWSConfigWriteLeaseRequest

NewAWSConfigWriteLeaseRequestWithDefaults instantiates a new AWSConfigWriteLeaseRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (AWSConfigWriteLeaseRequest) MarshalJSON ¶ 

func (o AWSConfigWriteLeaseRequest) MarshalJSON() ([]byte, error)

type AWSConfigWriteRoleTagBlackListRequest ¶ 

type AWSConfigWriteRoleTagBlackListRequest struct {
	// If set to 'true', disables the periodic tidying of deny listed entries.
	DisablePeriodicTidy bool `json:"disable_periodic_tidy"`

	// The amount of extra time that must have passed beyond the roletag expiration, before it is removed from the backend storage. Defaults to 4320h (180 days).
	SafetyBuffer int32 `json:"safety_buffer"`
}

AWSConfigWriteRoleTagBlackListRequest struct for AWSConfigWriteRoleTagBlackListRequest

func NewAWSConfigWriteRoleTagBlackListRequestWithDefaults ¶ 

func NewAWSConfigWriteRoleTagBlackListRequestWithDefaults() *AWSConfigWriteRoleTagBlackListRequest

NewAWSConfigWriteRoleTagBlackListRequestWithDefaults instantiates a new AWSConfigWriteRoleTagBlackListRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (AWSConfigWriteRoleTagBlackListRequest) MarshalJSON ¶ 

func (o AWSConfigWriteRoleTagBlackListRequest) MarshalJSON() ([]byte, error)

type AWSConfigWriteRoleTagDenyListRequest ¶ 

type AWSConfigWriteRoleTagDenyListRequest struct {
	// If set to 'true', disables the periodic tidying of deny listed entries.
	DisablePeriodicTidy bool `json:"disable_periodic_tidy"`

	// The amount of extra time that must have passed beyond the roletag expiration, before it is removed from the backend storage. Defaults to 4320h (180 days).
	SafetyBuffer int32 `json:"safety_buffer"`
}

AWSConfigWriteRoleTagDenyListRequest struct for AWSConfigWriteRoleTagDenyListRequest

func NewAWSConfigWriteRoleTagDenyListRequestWithDefaults ¶ 

func NewAWSConfigWriteRoleTagDenyListRequestWithDefaults() *AWSConfigWriteRoleTagDenyListRequest

NewAWSConfigWriteRoleTagDenyListRequestWithDefaults instantiates a new AWSConfigWriteRoleTagDenyListRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (AWSConfigWriteRoleTagDenyListRequest) MarshalJSON ¶ 

func (o AWSConfigWriteRoleTagDenyListRequest) MarshalJSON() ([]byte, error)

type AWSConfigWriteRootIAMCredentialsRequest ¶ 

type AWSConfigWriteRootIAMCredentialsRequest struct {
	// Access key with permission to create new keys.
	AccessKey string `json:"access_key"`

	// Endpoint to custom IAM server URL
	IamEndpoint string `json:"iam_endpoint"`

	// Maximum number of retries for recoverable exceptions of AWS APIs
	MaxRetries int32 `json:"max_retries"`

	// Region for API calls.
	Region string `json:"region"`

	// Secret key with permission to create new keys.
	SecretKey string `json:"secret_key"`

	// Endpoint to custom STS server URL
	StsEndpoint string `json:"sts_endpoint"`

	// Template to generate custom IAM usernames
	UsernameTemplate string `json:"username_template"`
}

AWSConfigWriteRootIAMCredentialsRequest struct for AWSConfigWriteRootIAMCredentialsRequest

func NewAWSConfigWriteRootIAMCredentialsRequestWithDefaults ¶ 

func NewAWSConfigWriteRootIAMCredentialsRequestWithDefaults() *AWSConfigWriteRootIAMCredentialsRequest

NewAWSConfigWriteRootIAMCredentialsRequestWithDefaults instantiates a new AWSConfigWriteRootIAMCredentialsRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (AWSConfigWriteRootIAMCredentialsRequest) MarshalJSON ¶ 

func (o AWSConfigWriteRootIAMCredentialsRequest) MarshalJSON() ([]byte, error)

type AWSConfigWriteSecurityTokenServiceAccountRequest ¶ 

type AWSConfigWriteSecurityTokenServiceAccountRequest struct {
	// AWS ARN for STS role to be assumed when interacting with the account specified. The Vault server must have permissions to assume this role.
	StsRole string `json:"sts_role"`
}

AWSConfigWriteSecurityTokenServiceAccountRequest struct for AWSConfigWriteSecurityTokenServiceAccountRequest

func NewAWSConfigWriteSecurityTokenServiceAccountRequestWithDefaults ¶ 

func NewAWSConfigWriteSecurityTokenServiceAccountRequestWithDefaults() *AWSConfigWriteSecurityTokenServiceAccountRequest

NewAWSConfigWriteSecurityTokenServiceAccountRequestWithDefaults instantiates a new AWSConfigWriteSecurityTokenServiceAccountRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (AWSConfigWriteSecurityTokenServiceAccountRequest) MarshalJSON ¶ 

func (o AWSConfigWriteSecurityTokenServiceAccountRequest) MarshalJSON() ([]byte, error)

type AWSLoginRequest ¶ 

type AWSLoginRequest struct {
	// HTTP method to use for the AWS request when auth_type is iam. This must match what has been signed in the presigned request. Currently, POST is the only supported value
	IamHttpRequestMethod string `json:"iam_http_request_method"`

	// Base64-encoded request body when auth_type is iam. This must match the request body included in the signature.
	IamRequestBody string `json:"iam_request_body"`

	// Key/value pairs of headers for use in the sts:GetCallerIdentity HTTP requests headers when auth_type is iam. Can be either a Base64-encoded, JSON-serialized string, or a JSON object of key/value pairs. This must at a minimum include the headers over which AWS has included a signature.
	IamRequestHeaders string `json:"iam_request_headers"`

	// Base64-encoded full URL against which to make the AWS request when using iam auth_type.
	IamRequestUrl string `json:"iam_request_url"`

	// Base64 encoded EC2 instance identity document. This needs to be supplied along with the 'signature' parameter. If using 'curl' for fetching the identity document, consider using the option '-w 0' while piping the output to 'base64' binary.
	Identity string `json:"identity"`

	// The nonce to be used for subsequent login requests when auth_type is ec2. If this parameter is not specified at all and if reauthentication is allowed, then the backend will generate a random nonce, attaches it to the instance's identity access list entry and returns the nonce back as part of auth metadata. This value should be used with further login requests, to establish client authenticity. Clients can choose to set a custom nonce if preferred, in which case, it is recommended that clients provide a strong nonce. If a nonce is provided but with an empty value, it indicates intent to disable reauthentication. Note that, when 'disallow_reauthentication' option is enabled on either the role or the role tag, the 'nonce' holds no significance.
	Nonce string `json:"nonce"`

	// PKCS7 signature of the identity document when using an auth_type of ec2.
	Pkcs7 string `json:"pkcs7"`

	// Name of the role against which the login is being attempted. If 'role' is not specified, then the login endpoint looks for a role bearing the name of the AMI ID of the EC2 instance that is trying to login. If a matching role is not found, login fails.
	Role string `json:"role"`

	// Base64 encoded SHA256 RSA signature of the instance identity document. This needs to be supplied along with 'identity' parameter.
	Signature string `json:"signature"`
}

AWSLoginRequest struct for AWSLoginRequest

func NewAWSLoginRequestWithDefaults ¶ 

func NewAWSLoginRequestWithDefaults() *AWSLoginRequest

NewAWSLoginRequestWithDefaults instantiates a new AWSLoginRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (AWSLoginRequest) MarshalJSON ¶ 

func (o AWSLoginRequest) MarshalJSON() ([]byte, error)

type AWSWriteAuthRoleRequest ¶ 

type AWSWriteAuthRoleRequest struct {
	// If set, allows migration of the underlying instance where the client resides. This keys off of pendingTime in the metadata document, so essentially, this disables the client nonce check whenever the instance is migrated to a new host and pendingTime is newer than the previously-remembered time. Use with caution. This is only checked when auth_type is ec2.
	AllowInstanceMigration bool `json:"allow_instance_migration"`

	// The auth_type permitted to authenticate to this role. Must be one of iam or ec2 and cannot be changed after role creation.
	AuthType string `json:"auth_type"`

	// If set, defines a constraint on the EC2 instances that the account ID in its identity document to match one of the IDs specified by this parameter. This is only applicable when auth_type is ec2 or inferred_entity_type is ec2_instance.
	BoundAccountId []string `json:"bound_account_id"`

	// If set, defines a constraint on the EC2 instances that they should be using one of the AMI IDs specified by this parameter. This is only applicable when auth_type is ec2 or inferred_entity_type is ec2_instance.
	BoundAmiId []string `json:"bound_ami_id"`

	// If set, defines a constraint on the EC2 instances to have one of the given instance IDs. Can be a list or comma-separated string of EC2 instance IDs. This is only applicable when auth_type is ec2 or inferred_entity_type is ec2_instance.
	BoundEc2InstanceId []string `json:"bound_ec2_instance_id"`

	// If set, defines a constraint on the EC2 instances to be associated with an IAM instance profile ARN which has a prefix that matches one of the values specified by this parameter. The value is prefix-matched (as though it were a glob ending in '*'). This is only applicable when auth_type is ec2 or inferred_entity_type is ec2_instance.
	BoundIamInstanceProfileArn []string `json:"bound_iam_instance_profile_arn"`

	// ARN of the IAM principals to bind to this role. Only applicable when auth_type is iam.
	BoundIamPrincipalArn []string `json:"bound_iam_principal_arn"`

	// If set, defines a constraint on the authenticating EC2 instance that it must match one of the IAM role ARNs specified by this parameter. The value is prefix-matched (as though it were a glob ending in '*'). The configured IAM user or EC2 instance role must be allowed to execute the 'iam:GetInstanceProfile' action if this is specified. This is only applicable when auth_type is ec2 or inferred_entity_type is ec2_instance.
	BoundIamRoleArn []string `json:"bound_iam_role_arn"`

	// If set, defines a constraint on the EC2 instances that the region in its identity document match one of the regions specified by this parameter. This is only applicable when auth_type is ec2.
	BoundRegion []string `json:"bound_region"`

	// If set, defines a constraint on the EC2 instance to be associated with the subnet ID that matches one of the values specified by this parameter. This is only applicable when auth_type is ec2 or inferred_entity_type is ec2_instance.
	BoundSubnetId []string `json:"bound_subnet_id"`

	// If set, defines a constraint on the EC2 instance to be associated with a VPC ID that matches one of the value specified by this parameter. This is only applicable when auth_type is ec2 or inferred_entity_type is ec2_instance.
	BoundVpcId []string `json:"bound_vpc_id"`

	// If set, only allows a single token to be granted per instance ID. In order to perform a fresh login, the entry in the access list for the instance ID needs to be cleared using 'auth/aws-ec2/identity-accesslist/<instance_id>' endpoint. This is only applicable when auth_type is ec2.
	DisallowReauthentication bool `json:"disallow_reauthentication"`

	// When auth_type is iam and inferred_entity_type is set, the region to assume the inferred entity exists in.
	InferredAwsRegion string `json:"inferred_aws_region"`

	// When auth_type is iam, the AWS entity type to infer from the authenticated principal. The only supported value is ec2_instance, which will extract the EC2 instance ID from the authenticated role and apply the following restrictions specific to EC2 instances: bound_ami_id, bound_account_id, bound_iam_role_arn, bound_iam_instance_profile_arn, bound_vpc_id, bound_subnet_id. The configured EC2 client must be able to find the inferred instance ID in the results, and the instance must be running. If unable to determine the EC2 instance ID or unable to find the EC2 instance ID among running instances, then authentication will fail.
	InferredEntityType string `json:"inferred_entity_type"`

	// Use \"token_max_ttl\" instead. If this and \"token_max_ttl\" are both specified, only \"token_max_ttl\" will be used.
	// Deprecated
	MaxTtl int32 `json:"max_ttl"`

	// Use \"token_period\" instead. If this and \"token_period\" are both specified, only \"token_period\" will be used.
	// Deprecated
	Period int32 `json:"period"`

	// Use \"token_policies\" instead. If this and \"token_policies\" are both specified, only \"token_policies\" will be used.
	// Deprecated
	Policies []string `json:"policies"`

	// If set, resolve all AWS IAM ARNs into AWS's internal unique IDs. When an IAM entity (e.g., user, role, or instance profile) is deleted, then all references to it within the role will be invalidated, which prevents a new IAM entity from being created with the same name and matching the role's IAM binds. Once set, this cannot be unset.
	ResolveAwsUniqueIds bool `json:"resolve_aws_unique_ids"`

	// If set, enables the role tags for this role. The value set for this field should be the 'key' of the tag on the EC2 instance. The 'value' of the tag should be generated using 'role/<role>/tag' endpoint. Defaults to an empty string, meaning that role tags are disabled. This is only allowed if auth_type is ec2.
	RoleTag string `json:"role_tag"`

	// Comma separated string or JSON list of CIDR blocks. If set, specifies the blocks of IP addresses which are allowed to use the generated token.
	TokenBoundCidrs []string `json:"token_bound_cidrs"`

	// If set, tokens created via this role carry an explicit maximum TTL. During renewal, the current maximum TTL values of the role and the mount are not checked for changes, and any updates to these values will have no effect on the token being renewed.
	TokenExplicitMaxTtl int32 `json:"token_explicit_max_ttl"`

	// The maximum lifetime of the generated token
	TokenMaxTtl int32 `json:"token_max_ttl"`

	// If true, the 'default' policy will not automatically be added to generated tokens
	TokenNoDefaultPolicy bool `json:"token_no_default_policy"`

	// The maximum number of times a token may be used, a value of zero means unlimited
	TokenNumUses int32 `json:"token_num_uses"`

	// If set, tokens created via this role will have no max lifetime; instead, their renewal period will be fixed to this value. This takes an integer number of seconds, or a string duration (e.g. \"24h\").
	TokenPeriod int32 `json:"token_period"`

	// Comma-separated list of policies
	TokenPolicies []string `json:"token_policies"`

	// The initial ttl of the token to generate
	TokenTtl int32 `json:"token_ttl"`

	// The type of token to generate, service or batch
	TokenType string `json:"token_type"`

	// Use \"token_ttl\" instead. If this and \"token_ttl\" are both specified, only \"token_ttl\" will be used.
	// Deprecated
	Ttl int32 `json:"ttl"`
}

AWSWriteAuthRoleRequest struct for AWSWriteAuthRoleRequest

func NewAWSWriteAuthRoleRequestWithDefaults ¶ 

func NewAWSWriteAuthRoleRequestWithDefaults() *AWSWriteAuthRoleRequest

NewAWSWriteAuthRoleRequestWithDefaults instantiates a new AWSWriteAuthRoleRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (AWSWriteAuthRoleRequest) MarshalJSON ¶ 

func (o AWSWriteAuthRoleRequest) MarshalJSON() ([]byte, error)

type AWSWriteAuthRoleTagRequest ¶ 

type AWSWriteAuthRoleTagRequest struct {
	// If set, allows migration of the underlying instance where the client resides. This keys off of pendingTime in the metadata document, so essentially, this disables the client nonce check whenever the instance is migrated to a new host and pendingTime is newer than the previously-remembered time. Use with caution.
	AllowInstanceMigration bool `json:"allow_instance_migration"`

	// If set, only allows a single token to be granted per instance ID. In order to perform a fresh login, the entry in access list for the instance ID needs to be cleared using the 'auth/aws-ec2/identity-accesslist/<instance_id>' endpoint.
	DisallowReauthentication bool `json:"disallow_reauthentication"`

	// Instance ID for which this tag is intended for. If set, the created tag can only be used by the instance with the given ID.
	InstanceId string `json:"instance_id"`

	// If set, specifies the maximum allowed token lifetime.
	MaxTtl int32 `json:"max_ttl"`

	// Policies to be associated with the tag. If set, must be a subset of the role's policies. If set, but set to an empty value, only the 'default' policy will be given to issued tokens.
	Policies []string `json:"policies"`
}

AWSWriteAuthRoleTagRequest struct for AWSWriteAuthRoleTagRequest

func NewAWSWriteAuthRoleTagRequestWithDefaults ¶ 

func NewAWSWriteAuthRoleTagRequestWithDefaults() *AWSWriteAuthRoleTagRequest

NewAWSWriteAuthRoleTagRequestWithDefaults instantiates a new AWSWriteAuthRoleTagRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (AWSWriteAuthRoleTagRequest) MarshalJSON ¶ 

func (o AWSWriteAuthRoleTagRequest) MarshalJSON() ([]byte, error)

type AWSWriteCredentialsRequest ¶ 

type AWSWriteCredentialsRequest struct {
	// Name of the role
	Name string `json:"name"`

	// ARN of role to assume when credential_type is assumed_role
	RoleArn string `json:"role_arn"`

	// Session name to use when assuming role. Max chars: 64
	RoleSessionName string `json:"role_session_name"`

	// Lifetime of the returned credentials in seconds
	Ttl int32 `json:"ttl"`
}

AWSWriteCredentialsRequest struct for AWSWriteCredentialsRequest

func NewAWSWriteCredentialsRequestWithDefaults ¶ 

func NewAWSWriteCredentialsRequestWithDefaults() *AWSWriteCredentialsRequest

NewAWSWriteCredentialsRequestWithDefaults instantiates a new AWSWriteCredentialsRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (AWSWriteCredentialsRequest) MarshalJSON ¶ 

func (o AWSWriteCredentialsRequest) MarshalJSON() ([]byte, error)

type AWSWriteIdentityAccessListTidySettingsRequest ¶ 

type AWSWriteIdentityAccessListTidySettingsRequest struct {
	// The amount of extra time that must have passed beyond the identity's expiration, before it is removed from the backend storage.
	SafetyBuffer int32 `json:"safety_buffer"`
}

AWSWriteIdentityAccessListTidySettingsRequest struct for AWSWriteIdentityAccessListTidySettingsRequest

func NewAWSWriteIdentityAccessListTidySettingsRequestWithDefaults ¶ 

func NewAWSWriteIdentityAccessListTidySettingsRequestWithDefaults() *AWSWriteIdentityAccessListTidySettingsRequest

NewAWSWriteIdentityAccessListTidySettingsRequestWithDefaults instantiates a new AWSWriteIdentityAccessListTidySettingsRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (AWSWriteIdentityAccessListTidySettingsRequest) MarshalJSON ¶ 

func (o AWSWriteIdentityAccessListTidySettingsRequest) MarshalJSON() ([]byte, error)

type AWSWriteIdentityWhiteListTidySettingsRequest ¶ 

type AWSWriteIdentityWhiteListTidySettingsRequest struct {
	// The amount of extra time that must have passed beyond the identity's expiration, before it is removed from the backend storage.
	SafetyBuffer int32 `json:"safety_buffer"`
}

AWSWriteIdentityWhiteListTidySettingsRequest struct for AWSWriteIdentityWhiteListTidySettingsRequest

func NewAWSWriteIdentityWhiteListTidySettingsRequestWithDefaults ¶ 

func NewAWSWriteIdentityWhiteListTidySettingsRequestWithDefaults() *AWSWriteIdentityWhiteListTidySettingsRequest

NewAWSWriteIdentityWhiteListTidySettingsRequestWithDefaults instantiates a new AWSWriteIdentityWhiteListTidySettingsRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (AWSWriteIdentityWhiteListTidySettingsRequest) MarshalJSON ¶ 

func (o AWSWriteIdentityWhiteListTidySettingsRequest) MarshalJSON() ([]byte, error)

type AWSWriteRoleRequest ¶ 

type AWSWriteRoleRequest struct {
	// Use role_arns or policy_arns instead.
	// Deprecated
	Arn string `json:"arn"`

	// Type of credential to retrieve. Must be one of assumed_role, iam_user, or federation_token
	CredentialType string `json:"credential_type"`

	// Default TTL for assumed_role and federation_token credential types when no TTL is explicitly requested with the credentials
	DefaultStsTtl int32 `json:"default_sts_ttl"`

	// Names of IAM groups that generated IAM users will be added to. For a credential type of assumed_role or federation_token, the policies sent to the corresponding AWS call (sts:AssumeRole or sts:GetFederation) will be the policies from each group in iam_groups combined with the policy_document and policy_arns parameters.
	IamGroups []string `json:"iam_groups"`

	// IAM tags to be set for any users created by this role. These must be presented as Key-Value pairs. This can be represented as a map or a list of equal sign delimited key pairs.
	IamTags map[string]interface{} `json:"iam_tags"`

	// Max allowed TTL for assumed_role and federation_token credential types
	MaxStsTtl int32 `json:"max_sts_ttl"`

	// ARN of an IAM policy to attach as a permissions boundary on IAM user credentials; only valid when credential_type isiam_user
	PermissionsBoundaryArn string `json:"permissions_boundary_arn"`

	// Use policy_document instead.
	// Deprecated
	Policy string `json:"policy"`

	// ARNs of AWS policies. Behavior varies by credential_type. When credential_type is iam_user, then it will attach the specified policies to the generated IAM user. When credential_type is assumed_role or federation_token, the policies will be passed as the PolicyArns parameter, acting as a filter on permissions available.
	PolicyArns []string `json:"policy_arns"`

	// JSON-encoded IAM policy document. Behavior varies by credential_type. When credential_type is iam_user, then it will attach the contents of the policy_document to the IAM user generated. When credential_type is assumed_role or federation_token, this will be passed in as the Policy parameter to the AssumeRole or GetFederationToken API call, acting as a filter on permissions available.
	PolicyDocument string `json:"policy_document"`

	// ARNs of AWS roles allowed to be assumed. Only valid when credential_type is assumed_role
	RoleArns []string `json:"role_arns"`

	// Path for IAM User. Only valid when credential_type is iam_user
	UserPath string `json:"user_path"`
}

AWSWriteRoleRequest struct for AWSWriteRoleRequest

func NewAWSWriteRoleRequestWithDefaults ¶ 

func NewAWSWriteRoleRequestWithDefaults() *AWSWriteRoleRequest

NewAWSWriteRoleRequestWithDefaults instantiates a new AWSWriteRoleRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (AWSWriteRoleRequest) MarshalJSON ¶ 

func (o AWSWriteRoleRequest) MarshalJSON() ([]byte, error)

type AWSWriteRoleTagBlackListTidySettingsRequest ¶ 

type AWSWriteRoleTagBlackListTidySettingsRequest struct {
	// The amount of extra time that must have passed beyond the roletag expiration, before it is removed from the backend storage.
	SafetyBuffer int32 `json:"safety_buffer"`
}

AWSWriteRoleTagBlackListTidySettingsRequest struct for AWSWriteRoleTagBlackListTidySettingsRequest

func NewAWSWriteRoleTagBlackListTidySettingsRequestWithDefaults ¶ 

func NewAWSWriteRoleTagBlackListTidySettingsRequestWithDefaults() *AWSWriteRoleTagBlackListTidySettingsRequest

NewAWSWriteRoleTagBlackListTidySettingsRequestWithDefaults instantiates a new AWSWriteRoleTagBlackListTidySettingsRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (AWSWriteRoleTagBlackListTidySettingsRequest) MarshalJSON ¶ 

func (o AWSWriteRoleTagBlackListTidySettingsRequest) MarshalJSON() ([]byte, error)

type AWSWriteRoleTagDenyListTidySettingsRequest ¶ 

type AWSWriteRoleTagDenyListTidySettingsRequest struct {
	// The amount of extra time that must have passed beyond the roletag expiration, before it is removed from the backend storage.
	SafetyBuffer int32 `json:"safety_buffer"`
}

AWSWriteRoleTagDenyListTidySettingsRequest struct for AWSWriteRoleTagDenyListTidySettingsRequest

func NewAWSWriteRoleTagDenyListTidySettingsRequestWithDefaults ¶ 

func NewAWSWriteRoleTagDenyListTidySettingsRequestWithDefaults() *AWSWriteRoleTagDenyListTidySettingsRequest

NewAWSWriteRoleTagDenyListTidySettingsRequestWithDefaults instantiates a new AWSWriteRoleTagDenyListTidySettingsRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (AWSWriteRoleTagDenyListTidySettingsRequest) MarshalJSON ¶ 

func (o AWSWriteRoleTagDenyListTidySettingsRequest) MarshalJSON() ([]byte, error)

type AWSWriteSecurityTokenServiceRequest ¶ 

type AWSWriteSecurityTokenServiceRequest struct {
	// ARN of role to assume when credential_type is assumed_role
	RoleArn string `json:"role_arn"`

	// Session name to use when assuming role. Max chars: 64
	RoleSessionName string `json:"role_session_name"`

	// Lifetime of the returned credentials in seconds
	Ttl int32 `json:"ttl"`
}

AWSWriteSecurityTokenServiceRequest struct for AWSWriteSecurityTokenServiceRequest

func NewAWSWriteSecurityTokenServiceRequestWithDefaults ¶ 

func NewAWSWriteSecurityTokenServiceRequestWithDefaults() *AWSWriteSecurityTokenServiceRequest

NewAWSWriteSecurityTokenServiceRequestWithDefaults instantiates a new AWSWriteSecurityTokenServiceRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (AWSWriteSecurityTokenServiceRequest) MarshalJSON ¶ 

func (o AWSWriteSecurityTokenServiceRequest) MarshalJSON() ([]byte, error)

type ActiveDirectoryCheckInLibraryRequest ¶ 

type ActiveDirectoryCheckInLibraryRequest struct {
	// The username/logon name for the service accounts to check in.
	ServiceAccountNames []string `json:"service_account_names"`
}

ActiveDirectoryCheckInLibraryRequest struct for ActiveDirectoryCheckInLibraryRequest

func NewActiveDirectoryCheckInLibraryRequestWithDefaults ¶ 

func NewActiveDirectoryCheckInLibraryRequestWithDefaults() *ActiveDirectoryCheckInLibraryRequest

NewActiveDirectoryCheckInLibraryRequestWithDefaults instantiates a new ActiveDirectoryCheckInLibraryRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (ActiveDirectoryCheckInLibraryRequest) MarshalJSON ¶ 

func (o ActiveDirectoryCheckInLibraryRequest) MarshalJSON() ([]byte, error)

type ActiveDirectoryCheckInManageLibraryRequest ¶ 

type ActiveDirectoryCheckInManageLibraryRequest struct {
	// The username/logon name for the service accounts to check in.
	ServiceAccountNames []string `json:"service_account_names"`
}

ActiveDirectoryCheckInManageLibraryRequest struct for ActiveDirectoryCheckInManageLibraryRequest

func NewActiveDirectoryCheckInManageLibraryRequestWithDefaults ¶ 

func NewActiveDirectoryCheckInManageLibraryRequestWithDefaults() *ActiveDirectoryCheckInManageLibraryRequest

NewActiveDirectoryCheckInManageLibraryRequestWithDefaults instantiates a new ActiveDirectoryCheckInManageLibraryRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (ActiveDirectoryCheckInManageLibraryRequest) MarshalJSON ¶ 

func (o ActiveDirectoryCheckInManageLibraryRequest) MarshalJSON() ([]byte, error)

type ActiveDirectoryCheckOutLibraryRequest ¶ 

type ActiveDirectoryCheckOutLibraryRequest struct {
	// The length of time before the check-out will expire, in seconds.
	Ttl int32 `json:"ttl"`
}

ActiveDirectoryCheckOutLibraryRequest struct for ActiveDirectoryCheckOutLibraryRequest

func NewActiveDirectoryCheckOutLibraryRequestWithDefaults ¶ 

func NewActiveDirectoryCheckOutLibraryRequestWithDefaults() *ActiveDirectoryCheckOutLibraryRequest

NewActiveDirectoryCheckOutLibraryRequestWithDefaults instantiates a new ActiveDirectoryCheckOutLibraryRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (ActiveDirectoryCheckOutLibraryRequest) MarshalJSON ¶ 

func (o ActiveDirectoryCheckOutLibraryRequest) MarshalJSON() ([]byte, error)

type ActiveDirectoryWriteConfigRequest ¶ 

type ActiveDirectoryWriteConfigRequest struct {
	// Use anonymous binds when performing LDAP group searches (if true the initial credentials will still be used for the initial connection test).
	AnonymousGroupSearch bool `json:"anonymous_group_search"`

	// LDAP DN for searching for the user DN (optional)
	Binddn string `json:"binddn"`

	// LDAP password for searching for the user DN (optional)
	Bindpass string `json:"bindpass"`

	// If true, case sensitivity will be used when comparing usernames and groups for matching policies.
	CaseSensitiveNames bool `json:"case_sensitive_names"`

	// CA certificate to use when verifying LDAP server certificate, must be x509 PEM encoded (optional)
	Certificate string `json:"certificate"`

	// Client certificate to provide to the LDAP server, must be x509 PEM encoded (optional)
	ClientTlsCert string `json:"client_tls_cert"`

	// Client certificate key to provide to the LDAP server, must be x509 PEM encoded (optional)
	ClientTlsKey string `json:"client_tls_key"`

	// Denies an unauthenticated LDAP bind request if the user's password is empty; defaults to true
	DenyNullBind bool `json:"deny_null_bind"`

	// Use anonymous bind to discover the bind DN of a user (optional)
	Discoverdn bool `json:"discoverdn"`

	// Text to insert the password into, ex. \"customPrefix{{PASSWORD}}customSuffix\".
	// Deprecated
	Formatter string `json:"formatter"`

	// LDAP attribute to follow on objects returned by <groupfilter> in order to enumerate user group membership. Examples: \"cn\" or \"memberOf\", etc. Default: cn
	Groupattr string `json:"groupattr"`

	// LDAP search base to use for group membership search (eg: ou=Groups,dc=example,dc=org)
	Groupdn string `json:"groupdn"`

	// Go template for querying group membership of user (optional) The template can access the following context variables: UserDN, Username Example: (&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}})) Default: (|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}}))
	Groupfilter string `json:"groupfilter"`

	// Skip LDAP server SSL Certificate verification - VERY insecure (optional)
	InsecureTls bool `json:"insecure_tls"`

	// The number of seconds after a Vault rotation where, if Active Directory shows a later rotation, it should be considered out-of-band.
	LastRotationTolerance int32 `json:"last_rotation_tolerance"`

	// The desired length of passwords that Vault generates.
	// Deprecated
	Length int32 `json:"length"`

	// In seconds, the maximum password time-to-live.
	MaxTtl int32 `json:"max_ttl"`

	// Name of the password policy to use to generate passwords.
	PasswordPolicy string `json:"password_policy"`

	// Timeout, in seconds, for the connection when making requests against the server before returning back an error.
	RequestTimeout int32 `json:"request_timeout"`

	// Issue a StartTLS command after establishing unencrypted connection (optional)
	Starttls bool `json:"starttls"`

	// Maximum TLS version to use. Accepted values are 'tls10', 'tls11', 'tls12' or 'tls13'. Defaults to 'tls12'
	TlsMaxVersion string `json:"tls_max_version"`

	// Minimum TLS version to use. Accepted values are 'tls10', 'tls11', 'tls12' or 'tls13'. Defaults to 'tls12'
	TlsMinVersion string `json:"tls_min_version"`

	// In seconds, the default password time-to-live.
	Ttl int32 `json:"ttl"`

	// Enables userPrincipalDomain login with [username]@UPNDomain (optional)
	Upndomain string `json:"upndomain"`

	// LDAP URL to connect to (default: ldap://127.0.0.1). Multiple URLs can be specified by concatenating them with commas; they will be tried in-order.
	Url string `json:"url"`

	// In Vault 1.1.1 a fix for handling group CN values of different cases unfortunately introduced a regression that could cause previously defined groups to not be found due to a change in the resulting name. If set true, the pre-1.1.1 behavior for matching group CNs will be used. This is only needed in some upgrade scenarios for backwards compatibility. It is enabled by default if the config is upgraded but disabled by default on new configurations.
	UsePre111GroupCnBehavior bool `json:"use_pre111_group_cn_behavior"`

	// If true, use the Active Directory tokenGroups constructed attribute of the user to find the group memberships. This will find all security groups including nested ones.
	UseTokenGroups bool `json:"use_token_groups"`

	// Attribute used for users (default: cn)
	Userattr string `json:"userattr"`

	// LDAP domain to use for users (eg: ou=People,dc=example,dc=org)
	Userdn string `json:"userdn"`

	// Go template for LDAP user search filer (optional) The template can access the following context variables: UserAttr, Username Default: ({{.UserAttr}}={{.Username}})
	Userfilter string `json:"userfilter"`

	// If true, sets the alias name to the username
	UsernameAsAlias bool `json:"username_as_alias"`
}

ActiveDirectoryWriteConfigRequest struct for ActiveDirectoryWriteConfigRequest

func NewActiveDirectoryWriteConfigRequestWithDefaults ¶ 

func NewActiveDirectoryWriteConfigRequestWithDefaults() *ActiveDirectoryWriteConfigRequest

NewActiveDirectoryWriteConfigRequestWithDefaults instantiates a new ActiveDirectoryWriteConfigRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (ActiveDirectoryWriteConfigRequest) MarshalJSON ¶ 

func (o ActiveDirectoryWriteConfigRequest) MarshalJSON() ([]byte, error)

type ActiveDirectoryWriteLibraryRequest ¶ 

type ActiveDirectoryWriteLibraryRequest struct {
	// Disable the default behavior of requiring that check-ins are performed by the entity that checked them out.
	DisableCheckInEnforcement bool `json:"disable_check_in_enforcement"`

	// In seconds, the max amount of time a check-out's renewals should last. Defaults to 24 hours.
	MaxTtl int32 `json:"max_ttl"`

	// The username/logon name for the service accounts with which this set will be associated.
	ServiceAccountNames []string `json:"service_account_names"`

	// In seconds, the amount of time a check-out should last. Defaults to 24 hours.
	Ttl int32 `json:"ttl"`
}

ActiveDirectoryWriteLibraryRequest struct for ActiveDirectoryWriteLibraryRequest

func NewActiveDirectoryWriteLibraryRequestWithDefaults ¶ 

func NewActiveDirectoryWriteLibraryRequestWithDefaults() *ActiveDirectoryWriteLibraryRequest

NewActiveDirectoryWriteLibraryRequestWithDefaults instantiates a new ActiveDirectoryWriteLibraryRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (ActiveDirectoryWriteLibraryRequest) MarshalJSON ¶ 

func (o ActiveDirectoryWriteLibraryRequest) MarshalJSON() ([]byte, error)

type ActiveDirectoryWriteRoleRequest ¶ 

type ActiveDirectoryWriteRoleRequest struct {
	// The username/logon name for the service account with which this role will be associated.
	ServiceAccountName string `json:"service_account_name"`

	// In seconds, the default password time-to-live.
	Ttl int32 `json:"ttl"`
}

ActiveDirectoryWriteRoleRequest struct for ActiveDirectoryWriteRoleRequest

func NewActiveDirectoryWriteRoleRequestWithDefaults ¶ 

func NewActiveDirectoryWriteRoleRequestWithDefaults() *ActiveDirectoryWriteRoleRequest

NewActiveDirectoryWriteRoleRequestWithDefaults instantiates a new ActiveDirectoryWriteRoleRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (ActiveDirectoryWriteRoleRequest) MarshalJSON ¶ 

func (o ActiveDirectoryWriteRoleRequest) MarshalJSON() ([]byte, error)

type AliCloudLoginRequest ¶ 

type AliCloudLoginRequest struct {
	// The request headers. This must include the headers over which AliCloud has included a signature.
	IdentityRequestHeaders string `json:"identity_request_headers"`

	// Base64-encoded full URL against which to make the AliCloud request.
	IdentityRequestUrl string `json:"identity_request_url"`

	// Name of the role against which the login is being attempted. If 'role' is not specified, then the login endpoint looks for a role name in the ARN returned by the GetCallerIdentity request. If a matching role is not found, login fails.
	Role string `json:"role"`
}

AliCloudLoginRequest struct for AliCloudLoginRequest

func NewAliCloudLoginRequestWithDefaults ¶ 

func NewAliCloudLoginRequestWithDefaults() *AliCloudLoginRequest

NewAliCloudLoginRequestWithDefaults instantiates a new AliCloudLoginRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (AliCloudLoginRequest) MarshalJSON ¶ 

func (o AliCloudLoginRequest) MarshalJSON() ([]byte, error)

type AliCloudWriteAuthRoleRequest ¶ 

type AliCloudWriteAuthRoleRequest struct {
	// ARN of the RAM to bind to this role.
	Arn string `json:"arn"`

	// Use \"token_bound_cidrs\" instead. If this and \"token_bound_cidrs\" are both specified, only \"token_bound_cidrs\" will be used.
	// Deprecated
	BoundCidrs []string `json:"bound_cidrs"`

	// Use \"token_max_ttl\" instead. If this and \"token_max_ttl\" are both specified, only \"token_max_ttl\" will be used.
	// Deprecated
	MaxTtl int32 `json:"max_ttl"`

	// Use \"token_period\" instead. If this and \"token_period\" are both specified, only \"token_period\" will be used.
	// Deprecated
	Period int32 `json:"period"`

	// Use \"token_policies\" instead. If this and \"token_policies\" are both specified, only \"token_policies\" will be used.
	// Deprecated
	Policies []string `json:"policies"`

	// Comma separated string or JSON list of CIDR blocks. If set, specifies the blocks of IP addresses which are allowed to use the generated token.
	TokenBoundCidrs []string `json:"token_bound_cidrs"`

	// If set, tokens created via this role carry an explicit maximum TTL. During renewal, the current maximum TTL values of the role and the mount are not checked for changes, and any updates to these values will have no effect on the token being renewed.
	TokenExplicitMaxTtl int32 `json:"token_explicit_max_ttl"`

	// The maximum lifetime of the generated token
	TokenMaxTtl int32 `json:"token_max_ttl"`

	// If true, the 'default' policy will not automatically be added to generated tokens
	TokenNoDefaultPolicy bool `json:"token_no_default_policy"`

	// The maximum number of times a token may be used, a value of zero means unlimited
	TokenNumUses int32 `json:"token_num_uses"`

	// If set, tokens created via this role will have no max lifetime; instead, their renewal period will be fixed to this value. This takes an integer number of seconds, or a string duration (e.g. \"24h\").
	TokenPeriod int32 `json:"token_period"`

	// Comma-separated list of policies
	TokenPolicies []string `json:"token_policies"`

	// The initial ttl of the token to generate
	TokenTtl int32 `json:"token_ttl"`

	// The type of token to generate, service or batch
	TokenType string `json:"token_type"`

	// Use \"token_ttl\" instead. If this and \"token_ttl\" are both specified, only \"token_ttl\" will be used.
	// Deprecated
	Ttl int32 `json:"ttl"`
}

AliCloudWriteAuthRoleRequest struct for AliCloudWriteAuthRoleRequest

func NewAliCloudWriteAuthRoleRequestWithDefaults ¶ 

func NewAliCloudWriteAuthRoleRequestWithDefaults() *AliCloudWriteAuthRoleRequest

NewAliCloudWriteAuthRoleRequestWithDefaults instantiates a new AliCloudWriteAuthRoleRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (AliCloudWriteAuthRoleRequest) MarshalJSON ¶ 

func (o AliCloudWriteAuthRoleRequest) MarshalJSON() ([]byte, error)

type AliCloudWriteConfigRequest ¶ 

type AliCloudWriteConfigRequest struct {
	// Access key with appropriate permissions.
	AccessKey string `json:"access_key"`

	// Secret key with appropriate permissions.
	SecretKey string `json:"secret_key"`
}

AliCloudWriteConfigRequest struct for AliCloudWriteConfigRequest

func NewAliCloudWriteConfigRequestWithDefaults ¶ 

func NewAliCloudWriteConfigRequestWithDefaults() *AliCloudWriteConfigRequest

NewAliCloudWriteConfigRequestWithDefaults instantiates a new AliCloudWriteConfigRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (AliCloudWriteConfigRequest) MarshalJSON ¶ 

func (o AliCloudWriteConfigRequest) MarshalJSON() ([]byte, error)

type AliCloudWriteRoleRequest ¶ 

type AliCloudWriteRoleRequest struct {
	// JSON of policies to be dynamically applied to users of this role.
	InlinePolicies string `json:"inline_policies"`

	// The maximum allowed lifetime of tokens issued using this role.
	MaxTtl int32 `json:"max_ttl"`

	// The name and type of each remote policy to be applied. Example: \"name:AliyunRDSReadOnlyAccess,type:System\".
	RemotePolicies []string `json:"remote_policies"`

	// ARN of the role to be assumed. If provided, inline_policies and remote_policies should be blank. At creation time, this role must have configured trusted actors, and the access key and secret that will be used to assume the role (in /config) must qualify as a trusted actor.
	RoleArn string `json:"role_arn"`

	// Duration in seconds after which the issued token should expire. Defaults to 0, in which case the value will fallback to the system/mount defaults.
	Ttl int32 `json:"ttl"`
}

AliCloudWriteRoleRequest struct for AliCloudWriteRoleRequest

func NewAliCloudWriteRoleRequestWithDefaults ¶ 

func NewAliCloudWriteRoleRequestWithDefaults() *AliCloudWriteRoleRequest

NewAliCloudWriteRoleRequestWithDefaults instantiates a new AliCloudWriteRoleRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (AliCloudWriteRoleRequest) MarshalJSON ¶ 

func (o AliCloudWriteRoleRequest) MarshalJSON() ([]byte, error)

type AliasWriteByIDRequest ¶ 

type AliasWriteByIDRequest struct {
	// Entity ID to which this alias should be tied to
	CanonicalId string `json:"canonical_id"`

	// Entity ID to which this alias should be tied to. This field is deprecated in favor of 'canonical_id'.
	EntityId string `json:"entity_id"`

	// Mount accessor to which this alias belongs to
	MountAccessor string `json:"mount_accessor"`

	// Name of the alias
	Name string `json:"name"`
}

AliasWriteByIDRequest struct for AliasWriteByIDRequest

func NewAliasWriteByIDRequestWithDefaults ¶ 

func NewAliasWriteByIDRequestWithDefaults() *AliasWriteByIDRequest

NewAliasWriteByIDRequestWithDefaults instantiates a new AliasWriteByIDRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (AliasWriteByIDRequest) MarshalJSON ¶ 

func (o AliasWriteByIDRequest) MarshalJSON() ([]byte, error)

type AliasWriteRequest ¶ 

type AliasWriteRequest struct {
	// Entity ID to which this alias belongs to
	CanonicalId string `json:"canonical_id"`

	// Entity ID to which this alias belongs to. This field is deprecated in favor of 'canonical_id'.
	EntityId string `json:"entity_id"`

	// ID of the alias
	Id string `json:"id"`

	// Mount accessor to which this alias belongs to
	MountAccessor string `json:"mount_accessor"`

	// Name of the alias
	Name string `json:"name"`
}

AliasWriteRequest struct for AliasWriteRequest

func NewAliasWriteRequestWithDefaults ¶ 

func NewAliasWriteRequestWithDefaults() *AliasWriteRequest

NewAliasWriteRequestWithDefaults instantiates a new AliasWriteRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (AliasWriteRequest) MarshalJSON ¶ 

func (o AliasWriteRequest) MarshalJSON() ([]byte, error)

type AppRoleListRolesResponse ¶ 

type AppRoleListRolesResponse struct {
	Keys []string `json:"keys"`
}

AppRoleListRolesResponse struct for AppRoleListRolesResponse

func NewAppRoleListRolesResponseWithDefaults ¶ 

func NewAppRoleListRolesResponseWithDefaults() *AppRoleListRolesResponse

NewAppRoleListRolesResponseWithDefaults instantiates a new AppRoleListRolesResponse object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (AppRoleListRolesResponse) MarshalJSON ¶ 

func (o AppRoleListRolesResponse) MarshalJSON() ([]byte, error)

type AppRoleListSecretIDResponse ¶ 

type AppRoleListSecretIDResponse struct {
	Keys []string `json:"keys"`
}

AppRoleListSecretIDResponse struct for AppRoleListSecretIDResponse

func NewAppRoleListSecretIDResponseWithDefaults ¶ 

func NewAppRoleListSecretIDResponseWithDefaults() *AppRoleListSecretIDResponse

NewAppRoleListSecretIDResponseWithDefaults instantiates a new AppRoleListSecretIDResponse object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (AppRoleListSecretIDResponse) MarshalJSON ¶ 

func (o AppRoleListSecretIDResponse) MarshalJSON() ([]byte, error)

type AppRoleLoginRequest ¶ 

type AppRoleLoginRequest struct {
	// Unique identifier of the Role. Required to be supplied when the 'bind_secret_id' constraint is set.
	RoleId string `json:"role_id"`

	// SecretID belong to the App role
	SecretId string `json:"secret_id"`
}

AppRoleLoginRequest struct for AppRoleLoginRequest

func NewAppRoleLoginRequestWithDefaults ¶ 

func NewAppRoleLoginRequestWithDefaults() *AppRoleLoginRequest

NewAppRoleLoginRequestWithDefaults instantiates a new AppRoleLoginRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (AppRoleLoginRequest) MarshalJSON ¶ 

func (o AppRoleLoginRequest) MarshalJSON() ([]byte, error)

type AppRoleReadBindSecretIDResponse ¶ 

type AppRoleReadBindSecretIDResponse struct {
	// Impose secret_id to be presented when logging in using this role. Defaults to 'true'.
	BindSecretId bool `json:"bind_secret_id"`
}

AppRoleReadBindSecretIDResponse struct for AppRoleReadBindSecretIDResponse

func NewAppRoleReadBindSecretIDResponseWithDefaults ¶ 

func NewAppRoleReadBindSecretIDResponseWithDefaults() *AppRoleReadBindSecretIDResponse

NewAppRoleReadBindSecretIDResponseWithDefaults instantiates a new AppRoleReadBindSecretIDResponse object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (AppRoleReadBindSecretIDResponse) MarshalJSON ¶ 

func (o AppRoleReadBindSecretIDResponse) MarshalJSON() ([]byte, error)

type AppRoleReadBoundCIDRListResponse ¶ 

type AppRoleReadBoundCIDRListResponse struct {
	// Deprecated: Please use \"secret_id_bound_cidrs\" instead. Comma separated string or list of CIDR blocks. If set, specifies the blocks of IP addresses which can perform the login operation.
	// Deprecated
	BoundCidrList []string `json:"bound_cidr_list"`
}

AppRoleReadBoundCIDRListResponse struct for AppRoleReadBoundCIDRListResponse

func NewAppRoleReadBoundCIDRListResponseWithDefaults ¶ 

func NewAppRoleReadBoundCIDRListResponseWithDefaults() *AppRoleReadBoundCIDRListResponse

NewAppRoleReadBoundCIDRListResponseWithDefaults instantiates a new AppRoleReadBoundCIDRListResponse object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (AppRoleReadBoundCIDRListResponse) MarshalJSON ¶ 

func (o AppRoleReadBoundCIDRListResponse) MarshalJSON() ([]byte, error)

type AppRoleReadLocalSecretIDsResponse ¶ 

type AppRoleReadLocalSecretIDsResponse struct {
	// If true, the secret identifiers generated using this role will be cluster local. This can only be set during role creation and once set, it can't be reset later
	LocalSecretIds bool `json:"local_secret_ids"`
}

AppRoleReadLocalSecretIDsResponse struct for AppRoleReadLocalSecretIDsResponse

func NewAppRoleReadLocalSecretIDsResponseWithDefaults ¶ 

func NewAppRoleReadLocalSecretIDsResponseWithDefaults() *AppRoleReadLocalSecretIDsResponse

NewAppRoleReadLocalSecretIDsResponseWithDefaults instantiates a new AppRoleReadLocalSecretIDsResponse object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (AppRoleReadLocalSecretIDsResponse) MarshalJSON ¶ 

func (o AppRoleReadLocalSecretIDsResponse) MarshalJSON() ([]byte, error)

type AppRoleReadPeriodResponse ¶ 

type AppRoleReadPeriodResponse struct {
	// Use \"token_period\" instead. If this and \"token_period\" are both specified, only \"token_period\" will be used.
	// Deprecated
	Period int32 `json:"period"`

	// If set, tokens created via this role will have no max lifetime; instead, their renewal period will be fixed to this value. This takes an integer number of seconds, or a string duration (e.g. \"24h\").
	TokenPeriod int32 `json:"token_period"`
}

AppRoleReadPeriodResponse struct for AppRoleReadPeriodResponse

func NewAppRoleReadPeriodResponseWithDefaults ¶ 

func NewAppRoleReadPeriodResponseWithDefaults() *AppRoleReadPeriodResponse

NewAppRoleReadPeriodResponseWithDefaults instantiates a new AppRoleReadPeriodResponse object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (AppRoleReadPeriodResponse) MarshalJSON ¶ 

func (o AppRoleReadPeriodResponse) MarshalJSON() ([]byte, error)

type AppRoleReadPoliciesResponse ¶ 

type AppRoleReadPoliciesResponse struct {
	// Use \"token_policies\" instead. If this and \"token_policies\" are both specified, only \"token_policies\" will be used.
	// Deprecated
	Policies []string `json:"policies"`

	// Comma-separated list of policies
	TokenPolicies []string `json:"token_policies"`
}

AppRoleReadPoliciesResponse struct for AppRoleReadPoliciesResponse

func NewAppRoleReadPoliciesResponseWithDefaults ¶ 

func NewAppRoleReadPoliciesResponseWithDefaults() *AppRoleReadPoliciesResponse

NewAppRoleReadPoliciesResponseWithDefaults instantiates a new AppRoleReadPoliciesResponse object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (AppRoleReadPoliciesResponse) MarshalJSON ¶ 

func (o AppRoleReadPoliciesResponse) MarshalJSON() ([]byte, error)

type AppRoleReadRoleIDResponse ¶ 

type AppRoleReadRoleIDResponse struct {
	// Identifier of the role. Defaults to a UUID.
	RoleId string `json:"role_id"`
}

AppRoleReadRoleIDResponse struct for AppRoleReadRoleIDResponse

func NewAppRoleReadRoleIDResponseWithDefaults ¶ 

func NewAppRoleReadRoleIDResponseWithDefaults() *AppRoleReadRoleIDResponse

NewAppRoleReadRoleIDResponseWithDefaults instantiates a new AppRoleReadRoleIDResponse object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (AppRoleReadRoleIDResponse) MarshalJSON ¶ 

func (o AppRoleReadRoleIDResponse) MarshalJSON() ([]byte, error)

type AppRoleReadRoleResponse ¶ 

type AppRoleReadRoleResponse struct {
	// Impose secret ID to be presented when logging in using this role.
	BindSecretId bool `json:"bind_secret_id"`

	// If true, the secret identifiers generated using this role will be cluster local. This can only be set during role creation and once set, it can't be reset later
	LocalSecretIds bool `json:"local_secret_ids"`

	// Use \"token_period\" instead. If this and \"token_period\" are both specified, only \"token_period\" will be used.
	// Deprecated
	Period int32 `json:"period"`

	// Use \"token_policies\" instead. If this and \"token_policies\" are both specified, only \"token_policies\" will be used.
	// Deprecated
	Policies []string `json:"policies"`

	// Comma separated string or list of CIDR blocks. If set, specifies the blocks of IP addresses which can perform the login operation.
	SecretIdBoundCidrs []string `json:"secret_id_bound_cidrs"`

	// Number of times a secret ID can access the role, after which the secret ID will expire.
	SecretIdNumUses int32 `json:"secret_id_num_uses"`

	// Duration in seconds after which the issued secret ID expires.
	SecretIdTtl int32 `json:"secret_id_ttl"`

	// Comma separated string or JSON list of CIDR blocks. If set, specifies the blocks of IP addresses which are allowed to use the generated token.
	TokenBoundCidrs []string `json:"token_bound_cidrs"`

	// If set, tokens created via this role carry an explicit maximum TTL. During renewal, the current maximum TTL values of the role and the mount are not checked for changes, and any updates to these values will have no effect on the token being renewed.
	TokenExplicitMaxTtl int32 `json:"token_explicit_max_ttl"`

	// The maximum lifetime of the generated token
	TokenMaxTtl int32 `json:"token_max_ttl"`

	// If true, the 'default' policy will not automatically be added to generated tokens
	TokenNoDefaultPolicy bool `json:"token_no_default_policy"`

	// The maximum number of times a token may be used, a value of zero means unlimited
	TokenNumUses int32 `json:"token_num_uses"`

	// If set, tokens created via this role will have no max lifetime; instead, their renewal period will be fixed to this value.
	TokenPeriod int32 `json:"token_period"`

	// Comma-separated list of policies
	TokenPolicies []string `json:"token_policies"`

	// The initial ttl of the token to generate
	TokenTtl int32 `json:"token_ttl"`

	// The type of token to generate, service or batch
	TokenType string `json:"token_type"`
}

AppRoleReadRoleResponse struct for AppRoleReadRoleResponse

func NewAppRoleReadRoleResponseWithDefaults ¶ 

func NewAppRoleReadRoleResponseWithDefaults() *AppRoleReadRoleResponse

NewAppRoleReadRoleResponseWithDefaults instantiates a new AppRoleReadRoleResponse object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (AppRoleReadRoleResponse) MarshalJSON ¶ 

func (o AppRoleReadRoleResponse) MarshalJSON() ([]byte, error)

type AppRoleReadSecretIDBoundCIDRsResponse ¶ 

type AppRoleReadSecretIDBoundCIDRsResponse struct {
	// Comma separated string or list of CIDR blocks. If set, specifies the blocks of IP addresses which can perform the login operation.
	SecretIdBoundCidrs []string `json:"secret_id_bound_cidrs"`
}

AppRoleReadSecretIDBoundCIDRsResponse struct for AppRoleReadSecretIDBoundCIDRsResponse

func NewAppRoleReadSecretIDBoundCIDRsResponseWithDefaults ¶ 

func NewAppRoleReadSecretIDBoundCIDRsResponseWithDefaults() *AppRoleReadSecretIDBoundCIDRsResponse

NewAppRoleReadSecretIDBoundCIDRsResponseWithDefaults instantiates a new AppRoleReadSecretIDBoundCIDRsResponse object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (AppRoleReadSecretIDBoundCIDRsResponse) MarshalJSON ¶ 

func (o AppRoleReadSecretIDBoundCIDRsResponse) MarshalJSON() ([]byte, error)

type AppRoleReadSecretIDNumUsesResponse ¶ 

type AppRoleReadSecretIDNumUsesResponse struct {
	// Number of times a secret ID can access the role, after which the SecretID will expire. Defaults to 0 meaning that the secret ID is of unlimited use.
	SecretIdNumUses int32 `json:"secret_id_num_uses"`
}

AppRoleReadSecretIDNumUsesResponse struct for AppRoleReadSecretIDNumUsesResponse

func NewAppRoleReadSecretIDNumUsesResponseWithDefaults ¶ 

func NewAppRoleReadSecretIDNumUsesResponseWithDefaults() *AppRoleReadSecretIDNumUsesResponse

NewAppRoleReadSecretIDNumUsesResponseWithDefaults instantiates a new AppRoleReadSecretIDNumUsesResponse object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (AppRoleReadSecretIDNumUsesResponse) MarshalJSON ¶ 

func (o AppRoleReadSecretIDNumUsesResponse) MarshalJSON() ([]byte, error)

type AppRoleReadSecretIDTTLResponse ¶ 

type AppRoleReadSecretIDTTLResponse struct {
	// Duration in seconds after which the issued secret ID should expire. Defaults to 0, meaning no expiration.
	SecretIdTtl int32 `json:"secret_id_ttl"`
}

AppRoleReadSecretIDTTLResponse struct for AppRoleReadSecretIDTTLResponse

func NewAppRoleReadSecretIDTTLResponseWithDefaults ¶ 

func NewAppRoleReadSecretIDTTLResponseWithDefaults() *AppRoleReadSecretIDTTLResponse

NewAppRoleReadSecretIDTTLResponseWithDefaults instantiates a new AppRoleReadSecretIDTTLResponse object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (AppRoleReadSecretIDTTLResponse) MarshalJSON ¶ 

func (o AppRoleReadSecretIDTTLResponse) MarshalJSON() ([]byte, error)

type AppRoleReadTokenBoundCIDRsResponse ¶ 

type AppRoleReadTokenBoundCIDRsResponse struct {
	// Comma separated string or list of CIDR blocks. If set, specifies the blocks of IP addresses which can use the returned token. Should be a subset of the token CIDR blocks listed on the role, if any.
	TokenBoundCidrs []string `json:"token_bound_cidrs"`
}

AppRoleReadTokenBoundCIDRsResponse struct for AppRoleReadTokenBoundCIDRsResponse

func NewAppRoleReadTokenBoundCIDRsResponseWithDefaults ¶ 

func NewAppRoleReadTokenBoundCIDRsResponseWithDefaults() *AppRoleReadTokenBoundCIDRsResponse

NewAppRoleReadTokenBoundCIDRsResponseWithDefaults instantiates a new AppRoleReadTokenBoundCIDRsResponse object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (AppRoleReadTokenBoundCIDRsResponse) MarshalJSON ¶ 

func (o AppRoleReadTokenBoundCIDRsResponse) MarshalJSON() ([]byte, error)

type AppRoleReadTokenMaxTTLResponse ¶ 

type AppRoleReadTokenMaxTTLResponse struct {
	// The maximum lifetime of the generated token
	TokenMaxTtl int32 `json:"token_max_ttl"`
}

AppRoleReadTokenMaxTTLResponse struct for AppRoleReadTokenMaxTTLResponse

func NewAppRoleReadTokenMaxTTLResponseWithDefaults ¶ 

func NewAppRoleReadTokenMaxTTLResponseWithDefaults() *AppRoleReadTokenMaxTTLResponse

NewAppRoleReadTokenMaxTTLResponseWithDefaults instantiates a new AppRoleReadTokenMaxTTLResponse object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (AppRoleReadTokenMaxTTLResponse) MarshalJSON ¶ 

func (o AppRoleReadTokenMaxTTLResponse) MarshalJSON() ([]byte, error)

type AppRoleReadTokenNumUsesResponse ¶ 

type AppRoleReadTokenNumUsesResponse struct {
	// The maximum number of times a token may be used, a value of zero means unlimited
	TokenNumUses int32 `json:"token_num_uses"`
}

AppRoleReadTokenNumUsesResponse struct for AppRoleReadTokenNumUsesResponse

func NewAppRoleReadTokenNumUsesResponseWithDefaults ¶ 

func NewAppRoleReadTokenNumUsesResponseWithDefaults() *AppRoleReadTokenNumUsesResponse

NewAppRoleReadTokenNumUsesResponseWithDefaults instantiates a new AppRoleReadTokenNumUsesResponse object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (AppRoleReadTokenNumUsesResponse) MarshalJSON ¶ 

func (o AppRoleReadTokenNumUsesResponse) MarshalJSON() ([]byte, error)

type AppRoleReadTokenTTLResponse ¶ 

type AppRoleReadTokenTTLResponse struct {
	// The initial ttl of the token to generate
	TokenTtl int32 `json:"token_ttl"`
}

AppRoleReadTokenTTLResponse struct for AppRoleReadTokenTTLResponse

func NewAppRoleReadTokenTTLResponseWithDefaults ¶ 

func NewAppRoleReadTokenTTLResponseWithDefaults() *AppRoleReadTokenTTLResponse

NewAppRoleReadTokenTTLResponseWithDefaults instantiates a new AppRoleReadTokenTTLResponse object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (AppRoleReadTokenTTLResponse) MarshalJSON ¶ 

func (o AppRoleReadTokenTTLResponse) MarshalJSON() ([]byte, error)

type AppRoleWriteBindSecretIDRequest ¶ 

type AppRoleWriteBindSecretIDRequest struct {
	// Impose secret_id to be presented when logging in using this role.
	BindSecretId bool `json:"bind_secret_id"`
}

AppRoleWriteBindSecretIDRequest struct for AppRoleWriteBindSecretIDRequest

func NewAppRoleWriteBindSecretIDRequestWithDefaults ¶ 

func NewAppRoleWriteBindSecretIDRequestWithDefaults() *AppRoleWriteBindSecretIDRequest

NewAppRoleWriteBindSecretIDRequestWithDefaults instantiates a new AppRoleWriteBindSecretIDRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (AppRoleWriteBindSecretIDRequest) MarshalJSON ¶ 

func (o AppRoleWriteBindSecretIDRequest) MarshalJSON() ([]byte, error)

type AppRoleWriteBoundCIDRListRequest ¶ 

type AppRoleWriteBoundCIDRListRequest struct {
	// Deprecated: Please use \"secret_id_bound_cidrs\" instead. Comma separated string or list of CIDR blocks. If set, specifies the blocks of IP addresses which can perform the login operation.
	BoundCidrList []string `json:"bound_cidr_list"`
}

AppRoleWriteBoundCIDRListRequest struct for AppRoleWriteBoundCIDRListRequest

func NewAppRoleWriteBoundCIDRListRequestWithDefaults ¶ 

func NewAppRoleWriteBoundCIDRListRequestWithDefaults() *AppRoleWriteBoundCIDRListRequest

NewAppRoleWriteBoundCIDRListRequestWithDefaults instantiates a new AppRoleWriteBoundCIDRListRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (AppRoleWriteBoundCIDRListRequest) MarshalJSON ¶ 

func (o AppRoleWriteBoundCIDRListRequest) MarshalJSON() ([]byte, error)

type AppRoleWriteCustomSecretIDRequest ¶ 

type AppRoleWriteCustomSecretIDRequest struct {
	// Comma separated string or list of CIDR blocks enforcing secret IDs to be used from specific set of IP addresses. If 'bound_cidr_list' is set on the role, then the list of CIDR blocks listed here should be a subset of the CIDR blocks listed on the role.
	CidrList []string `json:"cidr_list"`

	// Metadata to be tied to the SecretID. This should be a JSON formatted string containing metadata in key value pairs.
	Metadata string `json:"metadata"`

	// Number of times this SecretID can be used, after which the SecretID expires. Overrides secret_id_num_uses role option when supplied. May not be higher than role's secret_id_num_uses.
	NumUses int32 `json:"num_uses"`

	// SecretID to be attached to the role.
	SecretId string `json:"secret_id"`

	// Comma separated string or list of CIDR blocks. If set, specifies the blocks of IP addresses which can use the returned token. Should be a subset of the token CIDR blocks listed on the role, if any.
	TokenBoundCidrs []string `json:"token_bound_cidrs"`

	// Duration in seconds after which this SecretID expires. Overrides secret_id_ttl role option when supplied. May not be longer than role's secret_id_ttl.
	Ttl int32 `json:"ttl"`
}

AppRoleWriteCustomSecretIDRequest struct for AppRoleWriteCustomSecretIDRequest

func NewAppRoleWriteCustomSecretIDRequestWithDefaults ¶ 

func NewAppRoleWriteCustomSecretIDRequestWithDefaults() *AppRoleWriteCustomSecretIDRequest

NewAppRoleWriteCustomSecretIDRequestWithDefaults instantiates a new AppRoleWriteCustomSecretIDRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (AppRoleWriteCustomSecretIDRequest) MarshalJSON ¶ 

func (o AppRoleWriteCustomSecretIDRequest) MarshalJSON() ([]byte, error)

type AppRoleWriteCustomSecretIDResponse ¶ 

type AppRoleWriteCustomSecretIDResponse struct {
	// Secret ID attached to the role.
	SecretId string `json:"secret_id"`

	// Accessor of the secret ID
	SecretIdAccessor string `json:"secret_id_accessor"`

	// Number of times a secret ID can access the role, after which the secret ID will expire.
	SecretIdNumUses int32 `json:"secret_id_num_uses"`

	// Duration in seconds after which the issued secret ID expires.
	SecretIdTtl int32 `json:"secret_id_ttl"`
}

AppRoleWriteCustomSecretIDResponse struct for AppRoleWriteCustomSecretIDResponse

func NewAppRoleWriteCustomSecretIDResponseWithDefaults ¶ 

func NewAppRoleWriteCustomSecretIDResponseWithDefaults() *AppRoleWriteCustomSecretIDResponse

NewAppRoleWriteCustomSecretIDResponseWithDefaults instantiates a new AppRoleWriteCustomSecretIDResponse object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (AppRoleWriteCustomSecretIDResponse) MarshalJSON ¶ 

func (o AppRoleWriteCustomSecretIDResponse) MarshalJSON() ([]byte, error)

type AppRoleWritePeriodRequest ¶ 

type AppRoleWritePeriodRequest struct {
	// Use \"token_period\" instead. If this and \"token_period\" are both specified, only \"token_period\" will be used.
	// Deprecated
	Period int32 `json:"period"`

	// If set, tokens created via this role will have no max lifetime; instead, their renewal period will be fixed to this value. This takes an integer number of seconds, or a string duration (e.g. \"24h\").
	TokenPeriod int32 `json:"token_period"`
}

AppRoleWritePeriodRequest struct for AppRoleWritePeriodRequest

func NewAppRoleWritePeriodRequestWithDefaults ¶ 

func NewAppRoleWritePeriodRequestWithDefaults() *AppRoleWritePeriodRequest

NewAppRoleWritePeriodRequestWithDefaults instantiates a new AppRoleWritePeriodRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (AppRoleWritePeriodRequest) MarshalJSON ¶ 

func (o AppRoleWritePeriodRequest) MarshalJSON() ([]byte, error)

type AppRoleWritePoliciesRequest ¶ 

type AppRoleWritePoliciesRequest struct {
	// Use \"token_policies\" instead. If this and \"token_policies\" are both specified, only \"token_policies\" will be used.
	// Deprecated
	Policies []string `json:"policies"`

	// Comma-separated list of policies
	TokenPolicies []string `json:"token_policies"`
}

AppRoleWritePoliciesRequest struct for AppRoleWritePoliciesRequest

func NewAppRoleWritePoliciesRequestWithDefaults ¶ 

func NewAppRoleWritePoliciesRequestWithDefaults() *AppRoleWritePoliciesRequest

NewAppRoleWritePoliciesRequestWithDefaults instantiates a new AppRoleWritePoliciesRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (AppRoleWritePoliciesRequest) MarshalJSON ¶ 

func (o AppRoleWritePoliciesRequest) MarshalJSON() ([]byte, error)

type AppRoleWriteRoleIDRequest ¶ 

type AppRoleWriteRoleIDRequest struct {
	// Identifier of the role. Defaults to a UUID.
	RoleId string `json:"role_id"`
}

AppRoleWriteRoleIDRequest struct for AppRoleWriteRoleIDRequest

func NewAppRoleWriteRoleIDRequestWithDefaults ¶ 

func NewAppRoleWriteRoleIDRequestWithDefaults() *AppRoleWriteRoleIDRequest

NewAppRoleWriteRoleIDRequestWithDefaults instantiates a new AppRoleWriteRoleIDRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (AppRoleWriteRoleIDRequest) MarshalJSON ¶ 

func (o AppRoleWriteRoleIDRequest) MarshalJSON() ([]byte, error)

type AppRoleWriteRoleRequest ¶ 

type AppRoleWriteRoleRequest struct {
	// Impose secret_id to be presented when logging in using this role. Defaults to 'true'.
	BindSecretId bool `json:"bind_secret_id"`

	// Use \"secret_id_bound_cidrs\" instead.
	// Deprecated
	BoundCidrList []string `json:"bound_cidr_list"`

	// If set, the secret IDs generated using this role will be cluster local. This can only be set during role creation and once set, it can't be reset later.
	LocalSecretIds bool `json:"local_secret_ids"`

	// Use \"token_period\" instead. If this and \"token_period\" are both specified, only \"token_period\" will be used.
	// Deprecated
	Period int32 `json:"period"`

	// Use \"token_policies\" instead. If this and \"token_policies\" are both specified, only \"token_policies\" will be used.
	// Deprecated
	Policies []string `json:"policies"`

	// Identifier of the role. Defaults to a UUID.
	RoleId string `json:"role_id"`

	// Comma separated string or list of CIDR blocks. If set, specifies the blocks of IP addresses which can perform the login operation.
	SecretIdBoundCidrs []string `json:"secret_id_bound_cidrs"`

	// Number of times a SecretID can access the role, after which the SecretID will expire. Defaults to 0 meaning that the the secret_id is of unlimited use.
	SecretIdNumUses int32 `json:"secret_id_num_uses"`

	// Duration in seconds after which the issued SecretID should expire. Defaults to 0, meaning no expiration.
	SecretIdTtl int32 `json:"secret_id_ttl"`

	// Comma separated string or JSON list of CIDR blocks. If set, specifies the blocks of IP addresses which are allowed to use the generated token.
	TokenBoundCidrs []string `json:"token_bound_cidrs"`

	// If set, tokens created via this role carry an explicit maximum TTL. During renewal, the current maximum TTL values of the role and the mount are not checked for changes, and any updates to these values will have no effect on the token being renewed.
	TokenExplicitMaxTtl int32 `json:"token_explicit_max_ttl"`

	// The maximum lifetime of the generated token
	TokenMaxTtl int32 `json:"token_max_ttl"`

	// If true, the 'default' policy will not automatically be added to generated tokens
	TokenNoDefaultPolicy bool `json:"token_no_default_policy"`

	// The maximum number of times a token may be used, a value of zero means unlimited
	TokenNumUses int32 `json:"token_num_uses"`

	// If set, tokens created via this role will have no max lifetime; instead, their renewal period will be fixed to this value. This takes an integer number of seconds, or a string duration (e.g. \"24h\").
	TokenPeriod int32 `json:"token_period"`

	// Comma-separated list of policies
	TokenPolicies []string `json:"token_policies"`

	// The initial ttl of the token to generate
	TokenTtl int32 `json:"token_ttl"`

	// The type of token to generate, service or batch
	TokenType string `json:"token_type"`
}

AppRoleWriteRoleRequest struct for AppRoleWriteRoleRequest

func NewAppRoleWriteRoleRequestWithDefaults ¶ 

func NewAppRoleWriteRoleRequestWithDefaults() *AppRoleWriteRoleRequest

NewAppRoleWriteRoleRequestWithDefaults instantiates a new AppRoleWriteRoleRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (AppRoleWriteRoleRequest) MarshalJSON ¶ 

func (o AppRoleWriteRoleRequest) MarshalJSON() ([]byte, error)

type AppRoleWriteSecretIDAccessorDestroyRequest ¶ 

type AppRoleWriteSecretIDAccessorDestroyRequest struct {
	// Accessor of the SecretID
	SecretIdAccessor string `json:"secret_id_accessor"`
}

AppRoleWriteSecretIDAccessorDestroyRequest struct for AppRoleWriteSecretIDAccessorDestroyRequest

func NewAppRoleWriteSecretIDAccessorDestroyRequestWithDefaults ¶ 

func NewAppRoleWriteSecretIDAccessorDestroyRequestWithDefaults() *AppRoleWriteSecretIDAccessorDestroyRequest

NewAppRoleWriteSecretIDAccessorDestroyRequestWithDefaults instantiates a new AppRoleWriteSecretIDAccessorDestroyRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (AppRoleWriteSecretIDAccessorDestroyRequest) MarshalJSON ¶ 

func (o AppRoleWriteSecretIDAccessorDestroyRequest) MarshalJSON() ([]byte, error)

type AppRoleWriteSecretIDAccessorLookupRequest ¶ 

type AppRoleWriteSecretIDAccessorLookupRequest struct {
	// Accessor of the SecretID
	SecretIdAccessor string `json:"secret_id_accessor"`
}

AppRoleWriteSecretIDAccessorLookupRequest struct for AppRoleWriteSecretIDAccessorLookupRequest

func NewAppRoleWriteSecretIDAccessorLookupRequestWithDefaults ¶ 

func NewAppRoleWriteSecretIDAccessorLookupRequestWithDefaults() *AppRoleWriteSecretIDAccessorLookupRequest

NewAppRoleWriteSecretIDAccessorLookupRequestWithDefaults instantiates a new AppRoleWriteSecretIDAccessorLookupRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (AppRoleWriteSecretIDAccessorLookupRequest) MarshalJSON ¶ 

func (o AppRoleWriteSecretIDAccessorLookupRequest) MarshalJSON() ([]byte, error)

type AppRoleWriteSecretIDAccessorLookupResponse ¶ 

type AppRoleWriteSecretIDAccessorLookupResponse struct {
	// List of CIDR blocks enforcing secret IDs to be used from specific set of IP addresses. If 'bound_cidr_list' is set on the role, then the list of CIDR blocks listed here should be a subset of the CIDR blocks listed on the role.
	CidrList []string `json:"cidr_list"`

	CreationTime time.Time `json:"creation_time"`

	ExpirationTime time.Time `json:"expiration_time"`

	LastUpdatedTime time.Time `json:"last_updated_time"`

	Metadata map[string]interface{} `json:"metadata"`

	// Accessor of the secret ID
	SecretIdAccessor string `json:"secret_id_accessor"`

	// Number of times a secret ID can access the role, after which the secret ID will expire.
	SecretIdNumUses int32 `json:"secret_id_num_uses"`

	// Duration in seconds after which the issued secret ID expires.
	SecretIdTtl int32 `json:"secret_id_ttl"`

	// List of CIDR blocks. If set, specifies the blocks of IP addresses which can use the returned token. Should be a subset of the token CIDR blocks listed on the role, if any.
	TokenBoundCidrs []string `json:"token_bound_cidrs"`
}

AppRoleWriteSecretIDAccessorLookupResponse struct for AppRoleWriteSecretIDAccessorLookupResponse

func NewAppRoleWriteSecretIDAccessorLookupResponseWithDefaults ¶ 

func NewAppRoleWriteSecretIDAccessorLookupResponseWithDefaults() *AppRoleWriteSecretIDAccessorLookupResponse

NewAppRoleWriteSecretIDAccessorLookupResponseWithDefaults instantiates a new AppRoleWriteSecretIDAccessorLookupResponse object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (AppRoleWriteSecretIDAccessorLookupResponse) MarshalJSON ¶ 

func (o AppRoleWriteSecretIDAccessorLookupResponse) MarshalJSON() ([]byte, error)

type AppRoleWriteSecretIDBoundCIDRsRequest ¶ 

type AppRoleWriteSecretIDBoundCIDRsRequest struct {
	// Comma separated string or list of CIDR blocks. If set, specifies the blocks of IP addresses which can perform the login operation.
	SecretIdBoundCidrs []string `json:"secret_id_bound_cidrs"`
}

AppRoleWriteSecretIDBoundCIDRsRequest struct for AppRoleWriteSecretIDBoundCIDRsRequest

func NewAppRoleWriteSecretIDBoundCIDRsRequestWithDefaults ¶ 

func NewAppRoleWriteSecretIDBoundCIDRsRequestWithDefaults() *AppRoleWriteSecretIDBoundCIDRsRequest

NewAppRoleWriteSecretIDBoundCIDRsRequestWithDefaults instantiates a new AppRoleWriteSecretIDBoundCIDRsRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (AppRoleWriteSecretIDBoundCIDRsRequest) MarshalJSON ¶ 

func (o AppRoleWriteSecretIDBoundCIDRsRequest) MarshalJSON() ([]byte, error)

type AppRoleWriteSecretIDDestroyRequest ¶ 

type AppRoleWriteSecretIDDestroyRequest struct {
	// SecretID attached to the role.
	SecretId string `json:"secret_id"`
}

AppRoleWriteSecretIDDestroyRequest struct for AppRoleWriteSecretIDDestroyRequest

func NewAppRoleWriteSecretIDDestroyRequestWithDefaults ¶ 

func NewAppRoleWriteSecretIDDestroyRequestWithDefaults() *AppRoleWriteSecretIDDestroyRequest

NewAppRoleWriteSecretIDDestroyRequestWithDefaults instantiates a new AppRoleWriteSecretIDDestroyRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (AppRoleWriteSecretIDDestroyRequest) MarshalJSON ¶ 

func (o AppRoleWriteSecretIDDestroyRequest) MarshalJSON() ([]byte, error)

type AppRoleWriteSecretIDLookupRequest ¶ 

type AppRoleWriteSecretIDLookupRequest struct {
	// SecretID attached to the role.
	SecretId string `json:"secret_id"`
}

AppRoleWriteSecretIDLookupRequest struct for AppRoleWriteSecretIDLookupRequest

func NewAppRoleWriteSecretIDLookupRequestWithDefaults ¶ 

func NewAppRoleWriteSecretIDLookupRequestWithDefaults() *AppRoleWriteSecretIDLookupRequest

NewAppRoleWriteSecretIDLookupRequestWithDefaults instantiates a new AppRoleWriteSecretIDLookupRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (AppRoleWriteSecretIDLookupRequest) MarshalJSON ¶ 

func (o AppRoleWriteSecretIDLookupRequest) MarshalJSON() ([]byte, error)

type AppRoleWriteSecretIDLookupResponse ¶ 

type AppRoleWriteSecretIDLookupResponse struct {
	// List of CIDR blocks enforcing secret IDs to be used from specific set of IP addresses. If 'bound_cidr_list' is set on the role, then the list of CIDR blocks listed here should be a subset of the CIDR blocks listed on the role.
	CidrList []string `json:"cidr_list"`

	CreationTime time.Time `json:"creation_time"`

	ExpirationTime time.Time `json:"expiration_time"`

	LastUpdatedTime time.Time `json:"last_updated_time"`

	Metadata map[string]interface{} `json:"metadata"`

	// Accessor of the secret ID
	SecretIdAccessor string `json:"secret_id_accessor"`

	// Number of times a secret ID can access the role, after which the secret ID will expire.
	SecretIdNumUses int32 `json:"secret_id_num_uses"`

	// Duration in seconds after which the issued secret ID expires.
	SecretIdTtl int32 `json:"secret_id_ttl"`

	// List of CIDR blocks. If set, specifies the blocks of IP addresses which can use the returned token. Should be a subset of the token CIDR blocks listed on the role, if any.
	TokenBoundCidrs []string `json:"token_bound_cidrs"`
}

AppRoleWriteSecretIDLookupResponse struct for AppRoleWriteSecretIDLookupResponse

func NewAppRoleWriteSecretIDLookupResponseWithDefaults ¶ 

func NewAppRoleWriteSecretIDLookupResponseWithDefaults() *AppRoleWriteSecretIDLookupResponse

NewAppRoleWriteSecretIDLookupResponseWithDefaults instantiates a new AppRoleWriteSecretIDLookupResponse object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (AppRoleWriteSecretIDLookupResponse) MarshalJSON ¶ 

func (o AppRoleWriteSecretIDLookupResponse) MarshalJSON() ([]byte, error)

type AppRoleWriteSecretIDNumUsesRequest ¶ 

type AppRoleWriteSecretIDNumUsesRequest struct {
	// Number of times a SecretID can access the role, after which the SecretID will expire.
	SecretIdNumUses int32 `json:"secret_id_num_uses"`
}

AppRoleWriteSecretIDNumUsesRequest struct for AppRoleWriteSecretIDNumUsesRequest

func NewAppRoleWriteSecretIDNumUsesRequestWithDefaults ¶ 

func NewAppRoleWriteSecretIDNumUsesRequestWithDefaults() *AppRoleWriteSecretIDNumUsesRequest

NewAppRoleWriteSecretIDNumUsesRequestWithDefaults instantiates a new AppRoleWriteSecretIDNumUsesRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (AppRoleWriteSecretIDNumUsesRequest) MarshalJSON ¶ 

func (o AppRoleWriteSecretIDNumUsesRequest) MarshalJSON() ([]byte, error)

type AppRoleWriteSecretIDRequest ¶ 

type AppRoleWriteSecretIDRequest struct {
	// Comma separated string or list of CIDR blocks enforcing secret IDs to be used from specific set of IP addresses. If 'bound_cidr_list' is set on the role, then the list of CIDR blocks listed here should be a subset of the CIDR blocks listed on the role.
	CidrList []string `json:"cidr_list"`

	// Metadata to be tied to the SecretID. This should be a JSON formatted string containing the metadata in key value pairs.
	Metadata string `json:"metadata"`

	// Number of times this SecretID can be used, after which the SecretID expires. Overrides secret_id_num_uses role option when supplied. May not be higher than role's secret_id_num_uses.
	NumUses int32 `json:"num_uses"`

	// Comma separated string or JSON list of CIDR blocks. If set, specifies the blocks of IP addresses which are allowed to use the generated token.
	TokenBoundCidrs []string `json:"token_bound_cidrs"`

	// Duration in seconds after which this SecretID expires. Overrides secret_id_ttl role option when supplied. May not be longer than role's secret_id_ttl.
	Ttl int32 `json:"ttl"`
}

AppRoleWriteSecretIDRequest struct for AppRoleWriteSecretIDRequest

func NewAppRoleWriteSecretIDRequestWithDefaults ¶ 

func NewAppRoleWriteSecretIDRequestWithDefaults() *AppRoleWriteSecretIDRequest

NewAppRoleWriteSecretIDRequestWithDefaults instantiates a new AppRoleWriteSecretIDRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (AppRoleWriteSecretIDRequest) MarshalJSON ¶ 

func (o AppRoleWriteSecretIDRequest) MarshalJSON() ([]byte, error)

type AppRoleWriteSecretIDResponse ¶ 

type AppRoleWriteSecretIDResponse struct {
	// Secret ID attached to the role.
	SecretId string `json:"secret_id"`

	// Accessor of the secret ID
	SecretIdAccessor string `json:"secret_id_accessor"`

	// Number of times a secret ID can access the role, after which the secret ID will expire.
	SecretIdNumUses int32 `json:"secret_id_num_uses"`

	// Duration in seconds after which the issued secret ID expires.
	SecretIdTtl int32 `json:"secret_id_ttl"`
}

AppRoleWriteSecretIDResponse struct for AppRoleWriteSecretIDResponse

func NewAppRoleWriteSecretIDResponseWithDefaults ¶ 

func NewAppRoleWriteSecretIDResponseWithDefaults() *AppRoleWriteSecretIDResponse

NewAppRoleWriteSecretIDResponseWithDefaults instantiates a new AppRoleWriteSecretIDResponse object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (AppRoleWriteSecretIDResponse) MarshalJSON ¶ 

func (o AppRoleWriteSecretIDResponse) MarshalJSON() ([]byte, error)

type AppRoleWriteSecretIDTTLRequest ¶ 

type AppRoleWriteSecretIDTTLRequest struct {
	// Duration in seconds after which the issued SecretID should expire. Defaults to 0, meaning no expiration.
	SecretIdTtl int32 `json:"secret_id_ttl"`
}

AppRoleWriteSecretIDTTLRequest struct for AppRoleWriteSecretIDTTLRequest

func NewAppRoleWriteSecretIDTTLRequestWithDefaults ¶ 

func NewAppRoleWriteSecretIDTTLRequestWithDefaults() *AppRoleWriteSecretIDTTLRequest

NewAppRoleWriteSecretIDTTLRequestWithDefaults instantiates a new AppRoleWriteSecretIDTTLRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (AppRoleWriteSecretIDTTLRequest) MarshalJSON ¶ 

func (o AppRoleWriteSecretIDTTLRequest) MarshalJSON() ([]byte, error)

type AppRoleWriteTokenBoundCIDRsRequest ¶ 

type AppRoleWriteTokenBoundCIDRsRequest struct {
	// Comma separated string or JSON list of CIDR blocks. If set, specifies the blocks of IP addresses which are allowed to use the generated token.
	TokenBoundCidrs []string `json:"token_bound_cidrs"`
}

AppRoleWriteTokenBoundCIDRsRequest struct for AppRoleWriteTokenBoundCIDRsRequest

func NewAppRoleWriteTokenBoundCIDRsRequestWithDefaults ¶ 

func NewAppRoleWriteTokenBoundCIDRsRequestWithDefaults() *AppRoleWriteTokenBoundCIDRsRequest

NewAppRoleWriteTokenBoundCIDRsRequestWithDefaults instantiates a new AppRoleWriteTokenBoundCIDRsRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (AppRoleWriteTokenBoundCIDRsRequest) MarshalJSON ¶ 

func (o AppRoleWriteTokenBoundCIDRsRequest) MarshalJSON() ([]byte, error)

type AppRoleWriteTokenMaxTTLRequest ¶ 

type AppRoleWriteTokenMaxTTLRequest struct {
	// The maximum lifetime of the generated token
	TokenMaxTtl int32 `json:"token_max_ttl"`
}

AppRoleWriteTokenMaxTTLRequest struct for AppRoleWriteTokenMaxTTLRequest

func NewAppRoleWriteTokenMaxTTLRequestWithDefaults ¶ 

func NewAppRoleWriteTokenMaxTTLRequestWithDefaults() *AppRoleWriteTokenMaxTTLRequest

NewAppRoleWriteTokenMaxTTLRequestWithDefaults instantiates a new AppRoleWriteTokenMaxTTLRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (AppRoleWriteTokenMaxTTLRequest) MarshalJSON ¶ 

func (o AppRoleWriteTokenMaxTTLRequest) MarshalJSON() ([]byte, error)

type AppRoleWriteTokenNumUsesRequest ¶ 

type AppRoleWriteTokenNumUsesRequest struct {
	// The maximum number of times a token may be used, a value of zero means unlimited
	TokenNumUses int32 `json:"token_num_uses"`
}

AppRoleWriteTokenNumUsesRequest struct for AppRoleWriteTokenNumUsesRequest

func NewAppRoleWriteTokenNumUsesRequestWithDefaults ¶ 

func NewAppRoleWriteTokenNumUsesRequestWithDefaults() *AppRoleWriteTokenNumUsesRequest

NewAppRoleWriteTokenNumUsesRequestWithDefaults instantiates a new AppRoleWriteTokenNumUsesRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (AppRoleWriteTokenNumUsesRequest) MarshalJSON ¶ 

func (o AppRoleWriteTokenNumUsesRequest) MarshalJSON() ([]byte, error)

type AppRoleWriteTokenTTLRequest ¶ 

type AppRoleWriteTokenTTLRequest struct {
	// The initial ttl of the token to generate
	TokenTtl int32 `json:"token_ttl"`
}

AppRoleWriteTokenTTLRequest struct for AppRoleWriteTokenTTLRequest

func NewAppRoleWriteTokenTTLRequestWithDefaults ¶ 

func NewAppRoleWriteTokenTTLRequestWithDefaults() *AppRoleWriteTokenTTLRequest

NewAppRoleWriteTokenTTLRequestWithDefaults instantiates a new AppRoleWriteTokenTTLRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (AppRoleWriteTokenTTLRequest) MarshalJSON ¶ 

func (o AppRoleWriteTokenTTLRequest) MarshalJSON() ([]byte, error)

type AzureLoginRequest ¶ 

type AzureLoginRequest struct {
	// A signed JWT
	Jwt string `json:"jwt"`

	// The resource group from the instance.
	ResourceGroupName string `json:"resource_group_name"`

	// The token role.
	Role string `json:"role"`

	// The subscription id for the instance.
	SubscriptionId string `json:"subscription_id"`

	// The name of the virtual machine. This value is ignored if vmss_name is specified.
	VmName string `json:"vm_name"`

	// The name of the virtual machine scale set the instance is in.
	VmssName string `json:"vmss_name"`
}

AzureLoginRequest struct for AzureLoginRequest

func NewAzureLoginRequestWithDefaults ¶ 

func NewAzureLoginRequestWithDefaults() *AzureLoginRequest

NewAzureLoginRequestWithDefaults instantiates a new AzureLoginRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (AzureLoginRequest) MarshalJSON ¶ 

func (o AzureLoginRequest) MarshalJSON() ([]byte, error)

type AzureWriteAuthConfigRequest ¶ 

type AzureWriteAuthConfigRequest struct {
	// The OAuth2 client id to connection to Azure. This value can also be provided with the AZURE_CLIENT_ID environment variable.
	ClientId string `json:"client_id"`

	// The OAuth2 client secret to connection to Azure. This value can also be provided with the AZURE_CLIENT_SECRET environment variable.
	ClientSecret string `json:"client_secret"`

	// The Azure environment name. If not provided, AzurePublicCloud is used. This value can also be provided with the AZURE_ENVIRONMENT environment variable.
	Environment string `json:"environment"`

	// The resource URL for the vault application in Azure Active Directory. This value can also be provided with the AZURE_AD_RESOURCE environment variable.
	Resource string `json:"resource"`

	// The tenant id for the Azure Active Directory. This is sometimes referred to as Directory ID in AD. This value can also be provided with the AZURE_TENANT_ID environment variable.
	TenantId string `json:"tenant_id"`
}

AzureWriteAuthConfigRequest struct for AzureWriteAuthConfigRequest

func NewAzureWriteAuthConfigRequestWithDefaults ¶ 

func NewAzureWriteAuthConfigRequestWithDefaults() *AzureWriteAuthConfigRequest

NewAzureWriteAuthConfigRequestWithDefaults instantiates a new AzureWriteAuthConfigRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (AzureWriteAuthConfigRequest) MarshalJSON ¶ 

func (o AzureWriteAuthConfigRequest) MarshalJSON() ([]byte, error)

type AzureWriteAuthRoleRequest ¶ 

type AzureWriteAuthRoleRequest struct {
	// Comma-separated list of group ids that login is restricted to.
	BoundGroupIds []string `json:"bound_group_ids"`

	// Comma-separated list of locations that login is restricted to.
	BoundLocations []string `json:"bound_locations"`

	// Comma-separated list of resource groups that login is restricted to.
	BoundResourceGroups []string `json:"bound_resource_groups"`

	// Comma-separated list of scale sets that login is restricted to.
	BoundScaleSets []string `json:"bound_scale_sets"`

	// Comma-separated list of service principal ids that login is restricted to.
	BoundServicePrincipalIds []string `json:"bound_service_principal_ids"`

	// Comma-separated list of subscription ids that login is restricted to.
	BoundSubscriptionIds []string `json:"bound_subscription_ids"`

	// Use \"token_max_ttl\" instead. If this and \"token_max_ttl\" are both specified, only \"token_max_ttl\" will be used.
	// Deprecated
	MaxTtl int32 `json:"max_ttl"`

	// Use \"token_num_uses\" instead. If this and \"token_num_uses\" are both specified, only \"token_num_uses\" will be used.
	// Deprecated
	NumUses int32 `json:"num_uses"`

	// Use \"token_period\" instead. If this and \"token_period\" are both specified, only \"token_period\" will be used.
	// Deprecated
	Period int32 `json:"period"`

	// Use \"token_policies\" instead. If this and \"token_policies\" are both specified, only \"token_policies\" will be used.
	// Deprecated
	Policies []string `json:"policies"`

	// Comma separated string or JSON list of CIDR blocks. If set, specifies the blocks of IP addresses which are allowed to use the generated token.
	TokenBoundCidrs []string `json:"token_bound_cidrs"`

	// If set, tokens created via this role carry an explicit maximum TTL. During renewal, the current maximum TTL values of the role and the mount are not checked for changes, and any updates to these values will have no effect on the token being renewed.
	TokenExplicitMaxTtl int32 `json:"token_explicit_max_ttl"`

	// The maximum lifetime of the generated token
	TokenMaxTtl int32 `json:"token_max_ttl"`

	// If true, the 'default' policy will not automatically be added to generated tokens
	TokenNoDefaultPolicy bool `json:"token_no_default_policy"`

	// The maximum number of times a token may be used, a value of zero means unlimited
	TokenNumUses int32 `json:"token_num_uses"`

	// If set, tokens created via this role will have no max lifetime; instead, their renewal period will be fixed to this value. This takes an integer number of seconds, or a string duration (e.g. \"24h\").
	TokenPeriod int32 `json:"token_period"`

	// Comma-separated list of policies
	TokenPolicies []string `json:"token_policies"`

	// The initial ttl of the token to generate
	TokenTtl int32 `json:"token_ttl"`

	// The type of token to generate, service or batch
	TokenType string `json:"token_type"`

	// Use \"token_ttl\" instead. If this and \"token_ttl\" are both specified, only \"token_ttl\" will be used.
	// Deprecated
	Ttl int32 `json:"ttl"`
}

AzureWriteAuthRoleRequest struct for AzureWriteAuthRoleRequest

func NewAzureWriteAuthRoleRequestWithDefaults ¶ 

func NewAzureWriteAuthRoleRequestWithDefaults() *AzureWriteAuthRoleRequest

NewAzureWriteAuthRoleRequestWithDefaults instantiates a new AzureWriteAuthRoleRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (AzureWriteAuthRoleRequest) MarshalJSON ¶ 

func (o AzureWriteAuthRoleRequest) MarshalJSON() ([]byte, error)

type AzureWriteConfigRequest ¶ 

type AzureWriteConfigRequest struct {
	// The OAuth2 client id to connect to Azure. This value can also be provided with the AZURE_CLIENT_ID environment variable.
	ClientId string `json:"client_id"`

	// The OAuth2 client secret to connect to Azure. This value can also be provided with the AZURE_CLIENT_SECRET environment variable.
	ClientSecret string `json:"client_secret"`

	// The Azure environment name. If not provided, AzurePublicCloud is used. This value can also be provided with the AZURE_ENVIRONMENT environment variable.
	Environment string `json:"environment"`

	// Name of the password policy to use to generate passwords for dynamic credentials.
	PasswordPolicy string `json:"password_policy"`

	// The TTL of the root password in Azure. This can be either a number of seconds or a time formatted duration (ex: 24h, 48ds)
	RootPasswordTtl int32 `json:"root_password_ttl"`

	// The subscription id for the Azure Active Directory. This value can also be provided with the AZURE_SUBSCRIPTION_ID environment variable.
	SubscriptionId string `json:"subscription_id"`

	// The tenant id for the Azure Active Directory. This value can also be provided with the AZURE_TENANT_ID environment variable.
	TenantId string `json:"tenant_id"`
}

AzureWriteConfigRequest struct for AzureWriteConfigRequest

func NewAzureWriteConfigRequestWithDefaults ¶ 

func NewAzureWriteConfigRequestWithDefaults() *AzureWriteConfigRequest

NewAzureWriteConfigRequestWithDefaults instantiates a new AzureWriteConfigRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (AzureWriteConfigRequest) MarshalJSON ¶ 

func (o AzureWriteConfigRequest) MarshalJSON() ([]byte, error)

type AzureWriteRoleRequest ¶ 

type AzureWriteRoleRequest struct {
	// Application Object ID to use for static service principal credentials.
	ApplicationObjectId string `json:"application_object_id"`

	// JSON list of Azure groups to add the service principal to.
	AzureGroups string `json:"azure_groups"`

	// JSON list of Azure roles to assign.
	AzureRoles string `json:"azure_roles"`

	// Maximum time a service principal. If not set or set to 0, will use system default.
	MaxTtl int32 `json:"max_ttl"`

	// Indicates whether new application objects should be permanently deleted. If not set, objects will not be permanently deleted.
	PermanentlyDelete bool `json:"permanently_delete"`

	// Default lease for generated credentials. If not set or set to 0, will use system default.
	Ttl int32 `json:"ttl"`
}

AzureWriteRoleRequest struct for AzureWriteRoleRequest

func NewAzureWriteRoleRequestWithDefaults ¶ 

func NewAzureWriteRoleRequestWithDefaults() *AzureWriteRoleRequest

NewAzureWriteRoleRequestWithDefaults instantiates a new AzureWriteRoleRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (AzureWriteRoleRequest) MarshalJSON ¶ 

func (o AzureWriteRoleRequest) MarshalJSON() ([]byte, error)

type CalculateAuditHashRequest ¶ 

type CalculateAuditHashRequest struct {
	Input string `json:"input"`
}

CalculateAuditHashRequest struct for CalculateAuditHashRequest

func NewCalculateAuditHashRequestWithDefaults ¶ 

func NewCalculateAuditHashRequestWithDefaults() *CalculateAuditHashRequest

NewCalculateAuditHashRequestWithDefaults instantiates a new CalculateAuditHashRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (CalculateAuditHashRequest) MarshalJSON ¶ 

func (o CalculateAuditHashRequest) MarshalJSON() ([]byte, error)

type CentrifyLoginRequest ¶ 

type CentrifyLoginRequest struct {
	// Auth mode ('ro' for resource owner, 'cc' for credential client).
	Mode string `json:"mode"`

	// Password for this user.
	Password string `json:"password"`

	// Username of the user.
	Username string `json:"username"`
}

CentrifyLoginRequest struct for CentrifyLoginRequest

func NewCentrifyLoginRequestWithDefaults ¶ 

func NewCentrifyLoginRequestWithDefaults() *CentrifyLoginRequest

NewCentrifyLoginRequestWithDefaults instantiates a new CentrifyLoginRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (CentrifyLoginRequest) MarshalJSON ¶ 

func (o CentrifyLoginRequest) MarshalJSON() ([]byte, error)

type CentrifyWriteConfigRequest ¶ 

type CentrifyWriteConfigRequest struct {
	// OAuth2 App ID
	AppId string `json:"app_id"`

	// OAuth2 Client ID
	ClientId string `json:"client_id"`

	// OAuth2 Client Secret
	ClientSecret string `json:"client_secret"`

	// Use \"token_policies\" instead. If this and \"token_policies\" are both specified, only \"token_policies\" will be used.
	// Deprecated
	Policies []string `json:"policies"`

	// OAuth2 App Scope
	Scope string `json:"scope"`

	// Service URL (https://<tenant>.my.centrify.com)
	ServiceUrl string `json:"service_url"`

	// Comma separated string or JSON list of CIDR blocks. If set, specifies the blocks of IP addresses which are allowed to use the generated token.
	TokenBoundCidrs []string `json:"token_bound_cidrs"`

	// If true, the 'default' policy will not automatically be added to generated tokens
	TokenNoDefaultPolicy bool `json:"token_no_default_policy"`

	// The maximum number of times a token may be used, a value of zero means unlimited
	TokenNumUses int32 `json:"token_num_uses"`

	// Comma-separated list of policies
	TokenPolicies []string `json:"token_policies"`

	// The initial ttl of the token to generate
	TokenTtl int32 `json:"token_ttl"`

	// The type of token to generate, service or batch
	TokenType string `json:"token_type"`
}

CentrifyWriteConfigRequest struct for CentrifyWriteConfigRequest

func NewCentrifyWriteConfigRequestWithDefaults ¶ 

func NewCentrifyWriteConfigRequestWithDefaults() *CentrifyWriteConfigRequest

NewCentrifyWriteConfigRequestWithDefaults instantiates a new CentrifyWriteConfigRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (CentrifyWriteConfigRequest) MarshalJSON ¶ 

func (o CentrifyWriteConfigRequest) MarshalJSON() ([]byte, error)

type CertificatesLoginRequest ¶ 

type CertificatesLoginRequest struct {
	// The name of the certificate role to authenticate against.
	Name string `json:"name"`
}

CertificatesLoginRequest struct for CertificatesLoginRequest

func NewCertificatesLoginRequestWithDefaults ¶ 

func NewCertificatesLoginRequestWithDefaults() *CertificatesLoginRequest

NewCertificatesLoginRequestWithDefaults instantiates a new CertificatesLoginRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (CertificatesLoginRequest) MarshalJSON ¶ 

func (o CertificatesLoginRequest) MarshalJSON() ([]byte, error)

type CertificatesWriteCRLRequest ¶ 

type CertificatesWriteCRLRequest struct {
	// The public CRL that should be trusted to attest to certificates' validity statuses. May be DER or PEM encoded. Note: the expiration time is ignored; if the CRL is no longer valid, delete it using the same name as specified here.
	Crl string `json:"crl"`

	// The URL of a CRL distribution point. Only one of 'crl' or 'url' parameters should be specified.
	Url string `json:"url"`
}

CertificatesWriteCRLRequest struct for CertificatesWriteCRLRequest

func NewCertificatesWriteCRLRequestWithDefaults ¶ 

func NewCertificatesWriteCRLRequestWithDefaults() *CertificatesWriteCRLRequest

NewCertificatesWriteCRLRequestWithDefaults instantiates a new CertificatesWriteCRLRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (CertificatesWriteCRLRequest) MarshalJSON ¶ 

func (o CertificatesWriteCRLRequest) MarshalJSON() ([]byte, error)

type CertificatesWriteConfigRequest ¶ 

type CertificatesWriteConfigRequest struct {
	// If set, during renewal, skips the matching of presented client identity with the client identity used during login. Defaults to false.
	DisableBinding bool `json:"disable_binding"`

	// If set, metadata of the certificate including the metadata corresponding to allowed_metadata_extensions will be stored in the alias. Defaults to false.
	EnableIdentityAliasMetadata bool `json:"enable_identity_alias_metadata"`

	// The size of the in memory OCSP response cache, shared by all configured certs
	OcspCacheSize int32 `json:"ocsp_cache_size"`
}

CertificatesWriteConfigRequest struct for CertificatesWriteConfigRequest

func NewCertificatesWriteConfigRequestWithDefaults ¶ 

func NewCertificatesWriteConfigRequestWithDefaults() *CertificatesWriteConfigRequest

NewCertificatesWriteConfigRequestWithDefaults instantiates a new CertificatesWriteConfigRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (CertificatesWriteConfigRequest) MarshalJSON ¶ 

func (o CertificatesWriteConfigRequest) MarshalJSON() ([]byte, error)

type CertificatesWriteRequest ¶ 

type CertificatesWriteRequest struct {
	// A comma-separated list of names. At least one must exist in the Common Name. Supports globbing.
	AllowedCommonNames []string `json:"allowed_common_names"`

	// A comma-separated list of DNS names. At least one must exist in the SANs. Supports globbing.
	AllowedDnsSans []string `json:"allowed_dns_sans"`

	// A comma-separated list of Email Addresses. At least one must exist in the SANs. Supports globbing.
	AllowedEmailSans []string `json:"allowed_email_sans"`

	// A comma-separated string or array of oid extensions. Upon successful authentication, these extensions will be added as metadata if they are present in the certificate. The metadata key will be the string consisting of the oid numbers separated by a dash (-) instead of a dot (.) to allow usage in ACL templates.
	AllowedMetadataExtensions []string `json:"allowed_metadata_extensions"`

	// A comma-separated list of names. At least one must exist in either the Common Name or SANs. Supports globbing. This parameter is deprecated, please use allowed_common_names, allowed_dns_sans, allowed_email_sans, allowed_uri_sans.
	AllowedNames []string `json:"allowed_names"`

	// A comma-separated list of Organizational Units names. At least one must exist in the OU field.
	AllowedOrganizationalUnits []string `json:"allowed_organizational_units"`

	// A comma-separated list of URIs. At least one must exist in the SANs. Supports globbing.
	AllowedUriSans []string `json:"allowed_uri_sans"`

	// Use \"token_bound_cidrs\" instead. If this and \"token_bound_cidrs\" are both specified, only \"token_bound_cidrs\" will be used.
	// Deprecated
	BoundCidrs []string `json:"bound_cidrs"`

	// The public certificate that should be trusted. Must be x509 PEM encoded.
	Certificate string `json:"certificate"`

	// The display name to use for clients using this certificate.
	DisplayName string `json:"display_name"`

	// Use \"token_ttl\" instead. If this and \"token_ttl\" are both specified, only \"token_ttl\" will be used.
	// Deprecated
	Lease int32 `json:"lease"`

	// Use \"token_max_ttl\" instead. If this and \"token_max_ttl\" are both specified, only \"token_max_ttl\" will be used.
	// Deprecated
	MaxTtl int32 `json:"max_ttl"`

	// Any additional CA certificates needed to communicate with OCSP servers
	OcspCaCertificates string `json:"ocsp_ca_certificates"`

	// Whether to attempt OCSP verification of certificates at login
	OcspEnabled bool `json:"ocsp_enabled"`

	// If set to true, if an OCSP revocation cannot be made successfully, login will proceed rather than failing. If false, failing to get an OCSP status fails the request.
	OcspFailOpen bool `json:"ocsp_fail_open"`

	// If set to true, rather than accepting the first successful OCSP response, query all servers and consider the certificate valid only if all servers agree.
	OcspQueryAllServers bool `json:"ocsp_query_all_servers"`

	// A comma-separated list of OCSP server addresses. If unset, the OCSP server is determined from the AuthorityInformationAccess extension on the certificate being inspected.
	OcspServersOverride []string `json:"ocsp_servers_override"`

	// Use \"token_period\" instead. If this and \"token_period\" are both specified, only \"token_period\" will be used.
	// Deprecated
	Period int32 `json:"period"`

	// Use \"token_policies\" instead. If this and \"token_policies\" are both specified, only \"token_policies\" will be used.
	// Deprecated
	Policies []string `json:"policies"`

	// A comma-separated string or array of extensions formatted as \"oid:value\". Expects the extension value to be some type of ASN1 encoded string. All values much match. Supports globbing on \"value\".
	RequiredExtensions []string `json:"required_extensions"`

	// Comma separated string or JSON list of CIDR blocks. If set, specifies the blocks of IP addresses which are allowed to use the generated token.
	TokenBoundCidrs []string `json:"token_bound_cidrs"`

	// If set, tokens created via this role carry an explicit maximum TTL. During renewal, the current maximum TTL values of the role and the mount are not checked for changes, and any updates to these values will have no effect on the token being renewed.
	TokenExplicitMaxTtl int32 `json:"token_explicit_max_ttl"`

	// The maximum lifetime of the generated token
	TokenMaxTtl int32 `json:"token_max_ttl"`

	// If true, the 'default' policy will not automatically be added to generated tokens
	TokenNoDefaultPolicy bool `json:"token_no_default_policy"`

	// The maximum number of times a token may be used, a value of zero means unlimited
	TokenNumUses int32 `json:"token_num_uses"`

	// If set, tokens created via this role will have no max lifetime; instead, their renewal period will be fixed to this value. This takes an integer number of seconds, or a string duration (e.g. \"24h\").
	TokenPeriod int32 `json:"token_period"`

	// Comma-separated list of policies
	TokenPolicies []string `json:"token_policies"`

	// The initial ttl of the token to generate
	TokenTtl int32 `json:"token_ttl"`

	// The type of token to generate, service or batch
	TokenType string `json:"token_type"`

	// Use \"token_ttl\" instead. If this and \"token_ttl\" are both specified, only \"token_ttl\" will be used.
	// Deprecated
	Ttl int32 `json:"ttl"`
}

CertificatesWriteRequest struct for CertificatesWriteRequest

func NewCertificatesWriteRequestWithDefaults ¶ 

func NewCertificatesWriteRequestWithDefaults() *CertificatesWriteRequest

NewCertificatesWriteRequestWithDefaults instantiates a new CertificatesWriteRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (CertificatesWriteRequest) MarshalJSON ¶ 

func (o CertificatesWriteRequest) MarshalJSON() ([]byte, error)

type CloudFoundryLoginRequest ¶ 

type CloudFoundryLoginRequest struct {
	// The full body of the file available at the CF_INSTANCE_CERT path on the CF instance.
	CfInstanceCert string `json:"cf_instance_cert"`

	// The name of the role to authenticate against.
	Role string `json:"role"`

	// The signature generated by the client certificate's private key.
	Signature string `json:"signature"`

	// The date and time used to construct the signature.
	SigningTime string `json:"signing_time"`
}

CloudFoundryLoginRequest struct for CloudFoundryLoginRequest

func NewCloudFoundryLoginRequestWithDefaults ¶ 

func NewCloudFoundryLoginRequestWithDefaults() *CloudFoundryLoginRequest

NewCloudFoundryLoginRequestWithDefaults instantiates a new CloudFoundryLoginRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (CloudFoundryLoginRequest) MarshalJSON ¶ 

func (o CloudFoundryLoginRequest) MarshalJSON() ([]byte, error)

type CloudFoundryWriteConfigRequest ¶ 

type CloudFoundryWriteConfigRequest struct {
	// CF’s API address.
	CfApiAddr string `json:"cf_api_addr"`

	// The PEM-format certificates that are presented for mutual TLS with the CloudFoundry API. If not set, mutual TLS is not used
	CfApiMutualTlsCertificate string `json:"cf_api_mutual_tls_certificate"`

	// The PEM-format private key that are used for mutual TLS with the CloudFoundry API. If not set, mutual TLS is not used
	CfApiMutualTlsKey string `json:"cf_api_mutual_tls_key"`

	// The PEM-format CA certificates that are acceptable for the CF API to present.
	CfApiTrustedCertificates []string `json:"cf_api_trusted_certificates"`

	// The client id for CF’s API.
	CfClientId string `json:"cf_client_id"`

	// The client secret for CF’s API.
	CfClientSecret string `json:"cf_client_secret"`

	// The password for CF’s API.
	CfPassword string `json:"cf_password"`

	// The username for CF’s API.
	CfUsername string `json:"cf_username"`

	// The PEM-format CA certificates that are required to have issued the instance certificates presented for logging in.
	IdentityCaCertificates []string `json:"identity_ca_certificates"`

	// Duration in seconds for the maximum acceptable length in the future a \"signing_time\" can be. Useful for clock drift. Set low to reduce the opportunity for replay attacks.
	LoginMaxSecondsNotAfter int32 `json:"login_max_seconds_not_after"`

	// Duration in seconds for the maximum acceptable age of a \"signing_time\". Useful for clock drift. Set low to reduce the opportunity for replay attacks.
	LoginMaxSecondsNotBefore int32 `json:"login_max_seconds_not_before"`

	// Deprecated. Please use \"cf_api_addr\".
	// Deprecated
	PcfApiAddr string `json:"pcf_api_addr"`

	// Deprecated. Please use \"cf_api_trusted_certificates\".
	// Deprecated
	PcfApiTrustedCertificates []string `json:"pcf_api_trusted_certificates"`

	// Deprecated. Please use \"cf_password\".
	// Deprecated
	PcfPassword string `json:"pcf_password"`

	// Deprecated. Please use \"cf_username\".
	// Deprecated
	PcfUsername string `json:"pcf_username"`
}

CloudFoundryWriteConfigRequest struct for CloudFoundryWriteConfigRequest

func NewCloudFoundryWriteConfigRequestWithDefaults ¶ 

func NewCloudFoundryWriteConfigRequestWithDefaults() *CloudFoundryWriteConfigRequest

NewCloudFoundryWriteConfigRequestWithDefaults instantiates a new CloudFoundryWriteConfigRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (CloudFoundryWriteConfigRequest) MarshalJSON ¶ 

func (o CloudFoundryWriteConfigRequest) MarshalJSON() ([]byte, error)

type CloudFoundryWriteRoleRequest ¶ 

type CloudFoundryWriteRoleRequest struct {
	// Require that the client certificate presented has at least one of these app IDs.
	BoundApplicationIds []string `json:"bound_application_ids"`

	// Use \"token_bound_cidrs\" instead. If this and \"token_bound_cidrs\" are both specified, only \"token_bound_cidrs\" will be used.
	// Deprecated
	BoundCidrs []string `json:"bound_cidrs"`

	// Require that the client certificate presented has at least one of these instance IDs.
	BoundInstanceIds []string `json:"bound_instance_ids"`

	// Require that the client certificate presented has at least one of these org IDs.
	BoundOrganizationIds []string `json:"bound_organization_ids"`

	// Require that the client certificate presented has at least one of these space IDs.
	BoundSpaceIds []string `json:"bound_space_ids"`

	// If set to true, disables the default behavior that logging in must be performed from an acceptable IP address described by the certificate presented.
	DisableIpMatching bool `json:"disable_ip_matching"`

	// Use \"token_max_ttl\" instead. If this and \"token_max_ttl\" are both specified, only \"token_max_ttl\" will be used.
	// Deprecated
	MaxTtl int32 `json:"max_ttl"`

	// Use \"token_period\" instead. If this and \"token_period\" are both specified, only \"token_period\" will be used.
	// Deprecated
	Period int32 `json:"period"`

	// Use \"token_policies\" instead. If this and \"token_policies\" are both specified, only \"token_policies\" will be used.
	// Deprecated
	Policies []string `json:"policies"`

	// Comma separated string or JSON list of CIDR blocks. If set, specifies the blocks of IP addresses which are allowed to use the generated token.
	TokenBoundCidrs []string `json:"token_bound_cidrs"`

	// If set, tokens created via this role carry an explicit maximum TTL. During renewal, the current maximum TTL values of the role and the mount are not checked for changes, and any updates to these values will have no effect on the token being renewed.
	TokenExplicitMaxTtl int32 `json:"token_explicit_max_ttl"`

	// The maximum lifetime of the generated token
	TokenMaxTtl int32 `json:"token_max_ttl"`

	// If true, the 'default' policy will not automatically be added to generated tokens
	TokenNoDefaultPolicy bool `json:"token_no_default_policy"`

	// The maximum number of times a token may be used, a value of zero means unlimited
	TokenNumUses int32 `json:"token_num_uses"`

	// If set, tokens created via this role will have no max lifetime; instead, their renewal period will be fixed to this value. This takes an integer number of seconds, or a string duration (e.g. \"24h\").
	TokenPeriod int32 `json:"token_period"`

	// Comma-separated list of policies
	TokenPolicies []string `json:"token_policies"`

	// The initial ttl of the token to generate
	TokenTtl int32 `json:"token_ttl"`

	// The type of token to generate, service or batch
	TokenType string `json:"token_type"`

	// Use \"token_ttl\" instead. If this and \"token_ttl\" are both specified, only \"token_ttl\" will be used.
	// Deprecated
	Ttl int32 `json:"ttl"`
}

CloudFoundryWriteRoleRequest struct for CloudFoundryWriteRoleRequest

func NewCloudFoundryWriteRoleRequestWithDefaults ¶ 

func NewCloudFoundryWriteRoleRequestWithDefaults() *CloudFoundryWriteRoleRequest

NewCloudFoundryWriteRoleRequestWithDefaults instantiates a new CloudFoundryWriteRoleRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (CloudFoundryWriteRoleRequest) MarshalJSON ¶ 

func (o CloudFoundryWriteRoleRequest) MarshalJSON() ([]byte, error)

type ConsulWriteAccessConfigRequest ¶ 

type ConsulWriteAccessConfigRequest struct {
	// Consul server address
	Address string `json:"address"`

	// CA certificate to use when verifying Consul server certificate, must be x509 PEM encoded.
	CaCert string `json:"ca_cert"`

	// Client certificate used for Consul's TLS communication, must be x509 PEM encoded and if this is set you need to also set client_key.
	ClientCert string `json:"client_cert"`

	// Client key used for Consul's TLS communication, must be x509 PEM encoded and if this is set you need to also set client_cert.
	ClientKey string `json:"client_key"`

	// URI scheme for the Consul address
	Scheme string `json:"scheme"`

	// Token for API calls
	Token string `json:"token"`
}

ConsulWriteAccessConfigRequest struct for ConsulWriteAccessConfigRequest

func NewConsulWriteAccessConfigRequestWithDefaults ¶ 

func NewConsulWriteAccessConfigRequestWithDefaults() *ConsulWriteAccessConfigRequest

NewConsulWriteAccessConfigRequestWithDefaults instantiates a new ConsulWriteAccessConfigRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (ConsulWriteAccessConfigRequest) MarshalJSON ¶ 

func (o ConsulWriteAccessConfigRequest) MarshalJSON() ([]byte, error)

type ConsulWriteRoleRequest ¶ 

type ConsulWriteRoleRequest struct {
	// Indicates which namespace that the token will be created within. Defaults to 'default'. Available in Consul 1.7 and above.
	ConsulNamespace string `json:"consul_namespace"`

	// List of policies to attach to the token. Either \"consul_policies\" or \"consul_roles\" are required for Consul 1.5 and above, or just \"consul_policies\" if using Consul 1.4.
	ConsulPolicies []string `json:"consul_policies"`

	// List of Consul roles to attach to the token. Either \"policies\" or \"consul_roles\" are required for Consul 1.5 and above.
	ConsulRoles []string `json:"consul_roles"`

	// Use \"ttl\" instead.
	// Deprecated
	Lease int32 `json:"lease"`

	// Indicates that the token should not be replicated globally and instead be local to the current datacenter. Available in Consul 1.4 and above.
	Local bool `json:"local"`

	// Max TTL for the Consul token created from the role.
	MaxTtl int32 `json:"max_ttl"`

	// List of Node Identities to attach to the token. Available in Consul 1.8.1 or above.
	NodeIdentities []string `json:"node_identities"`

	// Indicates which admin partition that the token will be created within. Defaults to 'default'. Available in Consul 1.11 and above.
	Partition string `json:"partition"`

	// Use \"consul_policies\" instead.
	// Deprecated
	Policies []string `json:"policies"`

	// Policy document, base64 encoded. Required for 'client' tokens. Required for Consul pre-1.4.
	// Deprecated
	Policy string `json:"policy"`

	// List of Service Identities to attach to the token, separated by semicolons. Available in Consul 1.5 or above.
	ServiceIdentities []string `json:"service_identities"`

	// Which type of token to create: 'client' or 'management'. If a 'management' token, the \"policy\", \"policies\", and \"consul_roles\" parameters are not required. Defaults to 'client'.
	// Deprecated
	TokenType string `json:"token_type"`

	// TTL for the Consul token created from the role.
	Ttl int32 `json:"ttl"`
}

ConsulWriteRoleRequest struct for ConsulWriteRoleRequest

func NewConsulWriteRoleRequestWithDefaults ¶ 

func NewConsulWriteRoleRequestWithDefaults() *ConsulWriteRoleRequest

NewConsulWriteRoleRequestWithDefaults instantiates a new ConsulWriteRoleRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (ConsulWriteRoleRequest) MarshalJSON ¶ 

func (o ConsulWriteRoleRequest) MarshalJSON() ([]byte, error)

type DatabaseWriteConfigRequest ¶ 

type DatabaseWriteConfigRequest struct {
	// Comma separated string or array of the role names allowed to get creds from this database connection. If empty no roles are allowed. If \"*\" all roles are allowed.
	AllowedRoles []string `json:"allowed_roles"`

	// Password policy to use when generating passwords.
	PasswordPolicy string `json:"password_policy"`

	// The name of a builtin or previously registered plugin known to vault. This endpoint will create an instance of that plugin type.
	PluginName string `json:"plugin_name"`

	// The version of the plugin to use.
	PluginVersion string `json:"plugin_version"`

	// Specifies the database statements to be executed to rotate the root user's credentials. See the plugin's API page for more information on support and formatting for this parameter.
	RootRotationStatements []string `json:"root_rotation_statements"`

	// If true, the connection details are verified by actually connecting to the database. Defaults to true.
	VerifyConnection bool `json:"verify_connection"`
}

DatabaseWriteConfigRequest struct for DatabaseWriteConfigRequest

func NewDatabaseWriteConfigRequestWithDefaults ¶ 

func NewDatabaseWriteConfigRequestWithDefaults() *DatabaseWriteConfigRequest

NewDatabaseWriteConfigRequestWithDefaults instantiates a new DatabaseWriteConfigRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (DatabaseWriteConfigRequest) MarshalJSON ¶ 

func (o DatabaseWriteConfigRequest) MarshalJSON() ([]byte, error)

type DatabaseWriteRoleRequest ¶ 

type DatabaseWriteRoleRequest struct {
	// Specifies the database statements executed to create and configure a user. See the plugin's API page for more information on support and formatting for this parameter.
	CreationStatements []string `json:"creation_statements"`

	// The configuration for the given credential_type.
	CredentialConfig map[string]interface{} `json:"credential_config"`

	// The type of credential to manage. Options include: 'password', 'rsa_private_key'. Defaults to 'password'.
	CredentialType string `json:"credential_type"`

	// Name of the database this role acts on.
	DbName string `json:"db_name"`

	// Default ttl for role.
	DefaultTtl int32 `json:"default_ttl"`

	// Maximum time a credential is valid for
	MaxTtl int32 `json:"max_ttl"`

	// Specifies the database statements to be executed to renew a user. Not every plugin type will support this functionality. See the plugin's API page for more information on support and formatting for this parameter.
	RenewStatements []string `json:"renew_statements"`

	// Specifies the database statements to be executed to revoke a user. See the plugin's API page for more information on support and formatting for this parameter.
	RevocationStatements []string `json:"revocation_statements"`

	// Specifies the database statements to be executed rollback a create operation in the event of an error. Not every plugin type will support this functionality. See the plugin's API page for more information on support and formatting for this parameter.
	RollbackStatements []string `json:"rollback_statements"`
}

DatabaseWriteRoleRequest struct for DatabaseWriteRoleRequest

func NewDatabaseWriteRoleRequestWithDefaults ¶ 

func NewDatabaseWriteRoleRequestWithDefaults() *DatabaseWriteRoleRequest

NewDatabaseWriteRoleRequestWithDefaults instantiates a new DatabaseWriteRoleRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (DatabaseWriteRoleRequest) MarshalJSON ¶ 

func (o DatabaseWriteRoleRequest) MarshalJSON() ([]byte, error)

type DatabaseWriteStaticRoleRequest ¶ 

type DatabaseWriteStaticRoleRequest struct {
	// The configuration for the given credential_type.
	CredentialConfig map[string]interface{} `json:"credential_config"`

	// The type of credential to manage. Options include: 'password', 'rsa_private_key'. Defaults to 'password'.
	CredentialType string `json:"credential_type"`

	// Name of the database this role acts on.
	DbName string `json:"db_name"`

	// Period for automatic credential rotation of the given username. Not valid unless used with \"username\".
	RotationPeriod int32 `json:"rotation_period"`

	// Specifies the database statements to be executed to rotate the accounts credentials. Not every plugin type will support this functionality. See the plugin's API page for more information on support and formatting for this parameter.
	RotationStatements []string `json:"rotation_statements"`

	// Name of the static user account for Vault to manage. Requires \"rotation_period\" to be specified
	Username string `json:"username"`
}

DatabaseWriteStaticRoleRequest struct for DatabaseWriteStaticRoleRequest

func NewDatabaseWriteStaticRoleRequestWithDefaults ¶ 

func NewDatabaseWriteStaticRoleRequestWithDefaults() *DatabaseWriteStaticRoleRequest

NewDatabaseWriteStaticRoleRequestWithDefaults instantiates a new DatabaseWriteStaticRoleRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (DatabaseWriteStaticRoleRequest) MarshalJSON ¶ 

func (o DatabaseWriteStaticRoleRequest) MarshalJSON() ([]byte, error)

type EntityBatchDeleteRequest ¶ 

type EntityBatchDeleteRequest struct {
	// Entity IDs to delete
	EntityIds []string `json:"entity_ids"`
}

EntityBatchDeleteRequest struct for EntityBatchDeleteRequest

func NewEntityBatchDeleteRequestWithDefaults ¶ 

func NewEntityBatchDeleteRequestWithDefaults() *EntityBatchDeleteRequest

NewEntityBatchDeleteRequestWithDefaults instantiates a new EntityBatchDeleteRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (EntityBatchDeleteRequest) MarshalJSON ¶ 

func (o EntityBatchDeleteRequest) MarshalJSON() ([]byte, error)

type EntityLookupRequest ¶ 

type EntityLookupRequest struct {
	// ID of the alias.
	AliasId string `json:"alias_id"`

	// Accessor of the mount to which the alias belongs to. This should be supplied in conjunction with 'alias_name'.
	AliasMountAccessor string `json:"alias_mount_accessor"`

	// Name of the alias. This should be supplied in conjunction with 'alias_mount_accessor'.
	AliasName string `json:"alias_name"`

	// ID of the entity.
	Id string `json:"id"`

	// Name of the entity.
	Name string `json:"name"`
}

EntityLookupRequest struct for EntityLookupRequest

func NewEntityLookupRequestWithDefaults ¶ 

func NewEntityLookupRequestWithDefaults() *EntityLookupRequest

NewEntityLookupRequestWithDefaults instantiates a new EntityLookupRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (EntityLookupRequest) MarshalJSON ¶ 

func (o EntityLookupRequest) MarshalJSON() ([]byte, error)

type EntityMergeRequest ¶ 

type EntityMergeRequest struct {
	// Alias IDs to keep in case of conflicting aliases. Ignored if no conflicting aliases found
	ConflictingAliasIdsToKeep []string `json:"conflicting_alias_ids_to_keep"`

	// Setting this will follow the 'mine' strategy for merging MFA secrets. If there are secrets of the same type both in entities that are merged from and in entity into which all others are getting merged, secrets in the destination will be unaltered. If not set, this API will throw an error containing all the conflicts.
	Force bool `json:"force"`

	// Entity IDs which need to get merged
	FromEntityIds []string `json:"from_entity_ids"`

	// Entity ID into which all the other entities need to get merged
	ToEntityId string `json:"to_entity_id"`
}

EntityMergeRequest struct for EntityMergeRequest

func NewEntityMergeRequestWithDefaults ¶ 

func NewEntityMergeRequestWithDefaults() *EntityMergeRequest

NewEntityMergeRequestWithDefaults instantiates a new EntityMergeRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (EntityMergeRequest) MarshalJSON ¶ 

func (o EntityMergeRequest) MarshalJSON() ([]byte, error)

type EntityWriteAliasByIDRequest ¶ 

type EntityWriteAliasByIDRequest struct {
	// Entity ID to which this alias should be tied to
	CanonicalId string `json:"canonical_id"`

	// User provided key-value pairs
	CustomMetadata map[string]interface{} `json:"custom_metadata"`

	// Entity ID to which this alias belongs to. This field is deprecated, use canonical_id.
	EntityId string `json:"entity_id"`

	// (Unused)
	MountAccessor string `json:"mount_accessor"`

	// (Unused)
	Name string `json:"name"`
}

EntityWriteAliasByIDRequest struct for EntityWriteAliasByIDRequest

func NewEntityWriteAliasByIDRequestWithDefaults ¶ 

func NewEntityWriteAliasByIDRequestWithDefaults() *EntityWriteAliasByIDRequest

NewEntityWriteAliasByIDRequestWithDefaults instantiates a new EntityWriteAliasByIDRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (EntityWriteAliasByIDRequest) MarshalJSON ¶ 

func (o EntityWriteAliasByIDRequest) MarshalJSON() ([]byte, error)

type EntityWriteAliasRequest ¶ 

type EntityWriteAliasRequest struct {
	// Entity ID to which this alias belongs
	CanonicalId string `json:"canonical_id"`

	// User provided key-value pairs
	CustomMetadata map[string]interface{} `json:"custom_metadata"`

	// Entity ID to which this alias belongs. This field is deprecated, use canonical_id.
	EntityId string `json:"entity_id"`

	// ID of the entity alias. If set, updates the corresponding entity alias.
	Id string `json:"id"`

	// Mount accessor to which this alias belongs to; unused for a modify
	MountAccessor string `json:"mount_accessor"`

	// Name of the alias; unused for a modify
	Name string `json:"name"`
}

EntityWriteAliasRequest struct for EntityWriteAliasRequest

func NewEntityWriteAliasRequestWithDefaults ¶ 

func NewEntityWriteAliasRequestWithDefaults() *EntityWriteAliasRequest

NewEntityWriteAliasRequestWithDefaults instantiates a new EntityWriteAliasRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (EntityWriteAliasRequest) MarshalJSON ¶ 

func (o EntityWriteAliasRequest) MarshalJSON() ([]byte, error)

type EntityWriteByIDRequest ¶ 

type EntityWriteByIDRequest struct {
	// If set true, tokens tied to this identity will not be able to be used (but will not be revoked).
	Disabled bool `json:"disabled"`

	// Metadata to be associated with the entity. In CLI, this parameter can be repeated multiple times, and it all gets merged together. For example: vault <command> <path> metadata=key1=value1 metadata=key2=value2
	Metadata map[string]interface{} `json:"metadata"`

	// Name of the entity
	Name string `json:"name"`

	// Policies to be tied to the entity.
	Policies []string `json:"policies"`
}

EntityWriteByIDRequest struct for EntityWriteByIDRequest

func NewEntityWriteByIDRequestWithDefaults ¶ 

func NewEntityWriteByIDRequestWithDefaults() *EntityWriteByIDRequest

NewEntityWriteByIDRequestWithDefaults instantiates a new EntityWriteByIDRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (EntityWriteByIDRequest) MarshalJSON ¶ 

func (o EntityWriteByIDRequest) MarshalJSON() ([]byte, error)

type EntityWriteByNameRequest ¶ 

type EntityWriteByNameRequest struct {
	// If set true, tokens tied to this identity will not be able to be used (but will not be revoked).
	Disabled bool `json:"disabled"`

	// ID of the entity. If set, updates the corresponding existing entity.
	Id string `json:"id"`

	// Metadata to be associated with the entity. In CLI, this parameter can be repeated multiple times, and it all gets merged together. For example: vault <command> <path> metadata=key1=value1 metadata=key2=value2
	Metadata map[string]interface{} `json:"metadata"`

	// Policies to be tied to the entity.
	Policies []string `json:"policies"`
}

EntityWriteByNameRequest struct for EntityWriteByNameRequest

func NewEntityWriteByNameRequestWithDefaults ¶ 

func NewEntityWriteByNameRequestWithDefaults() *EntityWriteByNameRequest

NewEntityWriteByNameRequestWithDefaults instantiates a new EntityWriteByNameRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (EntityWriteByNameRequest) MarshalJSON ¶ 

func (o EntityWriteByNameRequest) MarshalJSON() ([]byte, error)

type EntityWriteRequest ¶ 

type EntityWriteRequest struct {
	// If set true, tokens tied to this identity will not be able to be used (but will not be revoked).
	Disabled bool `json:"disabled"`

	// ID of the entity. If set, updates the corresponding existing entity.
	Id string `json:"id"`

	// Metadata to be associated with the entity. In CLI, this parameter can be repeated multiple times, and it all gets merged together. For example: vault <command> <path> metadata=key1=value1 metadata=key2=value2
	Metadata map[string]interface{} `json:"metadata"`

	// Name of the entity
	Name string `json:"name"`

	// Policies to be tied to the entity.
	Policies []string `json:"policies"`
}

EntityWriteRequest struct for EntityWriteRequest

func NewEntityWriteRequestWithDefaults ¶ 

func NewEntityWriteRequestWithDefaults() *EntityWriteRequest

NewEntityWriteRequestWithDefaults instantiates a new EntityWriteRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (EntityWriteRequest) MarshalJSON ¶ 

func (o EntityWriteRequest) MarshalJSON() ([]byte, error)

type GitHubLoginRequest ¶ 

type GitHubLoginRequest struct {
	// GitHub personal API token
	Token string `json:"token"`
}

GitHubLoginRequest struct for GitHubLoginRequest

func NewGitHubLoginRequestWithDefaults ¶ 

func NewGitHubLoginRequestWithDefaults() *GitHubLoginRequest

NewGitHubLoginRequestWithDefaults instantiates a new GitHubLoginRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (GitHubLoginRequest) MarshalJSON ¶ 

func (o GitHubLoginRequest) MarshalJSON() ([]byte, error)

type GitHubWriteConfigRequest ¶ 

type GitHubWriteConfigRequest struct {
	// The API endpoint to use. Useful if you are running GitHub Enterprise or an API-compatible authentication server.
	BaseUrl string `json:"base_url"`

	// Use \"token_max_ttl\" instead. If this and \"token_max_ttl\" are both specified, only \"token_max_ttl\" will be used.
	// Deprecated
	MaxTtl int32 `json:"max_ttl"`

	// The organization users must be part of
	Organization string `json:"organization"`

	// The ID of the organization users must be part of
	OrganizationId int64 `json:"organization_id"`

	// Comma separated string or JSON list of CIDR blocks. If set, specifies the blocks of IP addresses which are allowed to use the generated token.
	TokenBoundCidrs []string `json:"token_bound_cidrs"`

	// If set, tokens created via this role carry an explicit maximum TTL. During renewal, the current maximum TTL values of the role and the mount are not checked for changes, and any updates to these values will have no effect on the token being renewed.
	TokenExplicitMaxTtl int32 `json:"token_explicit_max_ttl"`

	// The maximum lifetime of the generated token
	TokenMaxTtl int32 `json:"token_max_ttl"`

	// If true, the 'default' policy will not automatically be added to generated tokens
	TokenNoDefaultPolicy bool `json:"token_no_default_policy"`

	// The maximum number of times a token may be used, a value of zero means unlimited
	TokenNumUses int32 `json:"token_num_uses"`

	// If set, tokens created via this role will have no max lifetime; instead, their renewal period will be fixed to this value. This takes an integer number of seconds, or a string duration (e.g. \"24h\").
	TokenPeriod int32 `json:"token_period"`

	// Comma-separated list of policies. This will apply to all tokens generated by this auth method, in addition to any policies configured for specific users/groups.
	TokenPolicies []string `json:"token_policies"`

	// The initial ttl of the token to generate
	TokenTtl int32 `json:"token_ttl"`

	// The type of token to generate, service or batch
	TokenType string `json:"token_type"`

	// Use \"token_ttl\" instead. If this and \"token_ttl\" are both specified, only \"token_ttl\" will be used.
	// Deprecated
	Ttl int32 `json:"ttl"`
}

GitHubWriteConfigRequest struct for GitHubWriteConfigRequest

func NewGitHubWriteConfigRequestWithDefaults ¶ 

func NewGitHubWriteConfigRequestWithDefaults() *GitHubWriteConfigRequest

NewGitHubWriteConfigRequestWithDefaults instantiates a new GitHubWriteConfigRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (GitHubWriteConfigRequest) MarshalJSON ¶ 

func (o GitHubWriteConfigRequest) MarshalJSON() ([]byte, error)

type GitHubWriteMapTeamRequest ¶ 

type GitHubWriteMapTeamRequest struct {
	// Value for teams mapping
	Value string `json:"value"`
}

GitHubWriteMapTeamRequest struct for GitHubWriteMapTeamRequest

func NewGitHubWriteMapTeamRequestWithDefaults ¶ 

func NewGitHubWriteMapTeamRequestWithDefaults() *GitHubWriteMapTeamRequest

NewGitHubWriteMapTeamRequestWithDefaults instantiates a new GitHubWriteMapTeamRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (GitHubWriteMapTeamRequest) MarshalJSON ¶ 

func (o GitHubWriteMapTeamRequest) MarshalJSON() ([]byte, error)

type GitHubWriteMapUserRequest ¶ 

type GitHubWriteMapUserRequest struct {
	// Value for users mapping
	Value string `json:"value"`
}

GitHubWriteMapUserRequest struct for GitHubWriteMapUserRequest

func NewGitHubWriteMapUserRequestWithDefaults ¶ 

func NewGitHubWriteMapUserRequestWithDefaults() *GitHubWriteMapUserRequest

NewGitHubWriteMapUserRequestWithDefaults instantiates a new GitHubWriteMapUserRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (GitHubWriteMapUserRequest) MarshalJSON ¶ 

func (o GitHubWriteMapUserRequest) MarshalJSON() ([]byte, error)

type GoogleCloudKMSDecryptRequest ¶ 

type GoogleCloudKMSDecryptRequest struct {
	// Optional data that was specified during encryption of this payload.
	AdditionalAuthenticatedData string `json:"additional_authenticated_data"`

	// Ciphertext to decrypt as previously returned from an encrypt operation. This must be base64-encoded ciphertext as previously returned from an encrypt operation.
	Ciphertext string `json:"ciphertext"`

	// Integer version of the crypto key version to use for decryption. This is required for asymmetric keys. For symmetric keys, Cloud KMS will choose the correct version automatically.
	KeyVersion int32 `json:"key_version"`
}

GoogleCloudKMSDecryptRequest struct for GoogleCloudKMSDecryptRequest

func NewGoogleCloudKMSDecryptRequestWithDefaults ¶ 

func NewGoogleCloudKMSDecryptRequestWithDefaults() *GoogleCloudKMSDecryptRequest

NewGoogleCloudKMSDecryptRequestWithDefaults instantiates a new GoogleCloudKMSDecryptRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (GoogleCloudKMSDecryptRequest) MarshalJSON ¶ 

func (o GoogleCloudKMSDecryptRequest) MarshalJSON() ([]byte, error)

type GoogleCloudKMSEncryptRequest ¶ 

type GoogleCloudKMSEncryptRequest struct {
	// Optional base64-encoded data that, if specified, must also be provided to decrypt this payload.
	AdditionalAuthenticatedData string `json:"additional_authenticated_data"`

	// Integer version of the crypto key version to use for encryption. If unspecified, this defaults to the latest active crypto key version.
	KeyVersion int32 `json:"key_version"`

	// Plaintext value to be encrypted. This can be a string or binary, but the size is limited. See the Google Cloud KMS documentation for information on size limitations by key types.
	Plaintext string `json:"plaintext"`
}

GoogleCloudKMSEncryptRequest struct for GoogleCloudKMSEncryptRequest

func NewGoogleCloudKMSEncryptRequestWithDefaults ¶ 

func NewGoogleCloudKMSEncryptRequestWithDefaults() *GoogleCloudKMSEncryptRequest

NewGoogleCloudKMSEncryptRequestWithDefaults instantiates a new GoogleCloudKMSEncryptRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (GoogleCloudKMSEncryptRequest) MarshalJSON ¶ 

func (o GoogleCloudKMSEncryptRequest) MarshalJSON() ([]byte, error)

type GoogleCloudKMSReencryptRequest ¶ 

type GoogleCloudKMSReencryptRequest struct {
	// Optional data that, if specified, must also be provided during decryption.
	AdditionalAuthenticatedData string `json:"additional_authenticated_data"`

	// Ciphertext to be re-encrypted to the latest key version. This must be ciphertext that Vault previously generated for this named key.
	Ciphertext string `json:"ciphertext"`

	// Integer version of the crypto key version to use for the new encryption. If unspecified, this defaults to the latest active crypto key version.
	KeyVersion int32 `json:"key_version"`
}

GoogleCloudKMSReencryptRequest struct for GoogleCloudKMSReencryptRequest

func NewGoogleCloudKMSReencryptRequestWithDefaults ¶ 

func NewGoogleCloudKMSReencryptRequestWithDefaults() *GoogleCloudKMSReencryptRequest

NewGoogleCloudKMSReencryptRequestWithDefaults instantiates a new GoogleCloudKMSReencryptRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (GoogleCloudKMSReencryptRequest) MarshalJSON ¶ 

func (o GoogleCloudKMSReencryptRequest) MarshalJSON() ([]byte, error)

type GoogleCloudKMSRegisterKeyRequest ¶ 

type GoogleCloudKMSRegisterKeyRequest struct {
	// Full resource ID of the crypto key including the project, location, key ring, and crypto key like \"projects/%s/locations/%s/keyRings/%s/cryptoKeys/%s\". This crypto key must already exist in Google Cloud KMS unless verify is set to \"false\".
	CryptoKey string `json:"crypto_key"`

	// Verify that the given Google Cloud KMS crypto key exists and is accessible before creating the storage entry in Vault. Set this to \"false\" if the key will not exist at creation time.
	Verify bool `json:"verify"`
}

GoogleCloudKMSRegisterKeyRequest struct for GoogleCloudKMSRegisterKeyRequest

func NewGoogleCloudKMSRegisterKeyRequestWithDefaults ¶ 

func NewGoogleCloudKMSRegisterKeyRequestWithDefaults() *GoogleCloudKMSRegisterKeyRequest

NewGoogleCloudKMSRegisterKeyRequestWithDefaults instantiates a new GoogleCloudKMSRegisterKeyRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (GoogleCloudKMSRegisterKeyRequest) MarshalJSON ¶ 

func (o GoogleCloudKMSRegisterKeyRequest) MarshalJSON() ([]byte, error)

type GoogleCloudKMSSignRequest ¶ 

type GoogleCloudKMSSignRequest struct {
	// Digest to sign. This digest must use the same SHA algorithm as the underlying Cloud KMS key. The digest must be the base64-encoded binary value. This field is required.
	Digest string `json:"digest"`

	// Integer version of the crypto key version to use for signing. This field is required.
	KeyVersion int32 `json:"key_version"`
}

GoogleCloudKMSSignRequest struct for GoogleCloudKMSSignRequest

func NewGoogleCloudKMSSignRequestWithDefaults ¶ 

func NewGoogleCloudKMSSignRequestWithDefaults() *GoogleCloudKMSSignRequest

NewGoogleCloudKMSSignRequestWithDefaults instantiates a new GoogleCloudKMSSignRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (GoogleCloudKMSSignRequest) MarshalJSON ¶ 

func (o GoogleCloudKMSSignRequest) MarshalJSON() ([]byte, error)

type GoogleCloudKMSVerifyRequest ¶ 

type GoogleCloudKMSVerifyRequest struct {
	// Digest to verify. This digest must use the same SHA algorithm as the underlying Cloud KMS key. The digest must be the base64-encoded binary value. This field is required.
	Digest string `json:"digest"`

	// Integer version of the crypto key version to use for verification. This field is required.
	KeyVersion int32 `json:"key_version"`

	// Base64-encoded signature to use for verification. This field is required.
	Signature string `json:"signature"`
}

GoogleCloudKMSVerifyRequest struct for GoogleCloudKMSVerifyRequest

func NewGoogleCloudKMSVerifyRequestWithDefaults ¶ 

func NewGoogleCloudKMSVerifyRequestWithDefaults() *GoogleCloudKMSVerifyRequest

NewGoogleCloudKMSVerifyRequestWithDefaults instantiates a new GoogleCloudKMSVerifyRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (GoogleCloudKMSVerifyRequest) MarshalJSON ¶ 

func (o GoogleCloudKMSVerifyRequest) MarshalJSON() ([]byte, error)

type GoogleCloudKMSWriteConfigRequest ¶ 

type GoogleCloudKMSWriteConfigRequest struct {
	// The credentials to use for authenticating to Google Cloud. Leave this blank to use the Default Application Credentials or instance metadata authentication.
	Credentials string `json:"credentials"`

	// The list of full-URL scopes to request when authenticating. By default, this requests https://www.googleapis.com/auth/cloudkms.
	Scopes []string `json:"scopes"`
}

GoogleCloudKMSWriteConfigRequest struct for GoogleCloudKMSWriteConfigRequest

func NewGoogleCloudKMSWriteConfigRequestWithDefaults ¶ 

func NewGoogleCloudKMSWriteConfigRequestWithDefaults() *GoogleCloudKMSWriteConfigRequest

NewGoogleCloudKMSWriteConfigRequestWithDefaults instantiates a new GoogleCloudKMSWriteConfigRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (GoogleCloudKMSWriteConfigRequest) MarshalJSON ¶ 

func (o GoogleCloudKMSWriteConfigRequest) MarshalJSON() ([]byte, error)

type GoogleCloudKMSWriteKeyConfigRequest ¶ 

type GoogleCloudKMSWriteKeyConfigRequest struct {
	// Maximum allowed crypto key version. If set to a positive value, key versions greater than the given value are not permitted to be used. If set to 0 or a negative value, there is no maximum key version.
	MaxVersion int32 `json:"max_version"`

	// Minimum allowed crypto key version. If set to a positive value, key versions less than the given value are not permitted to be used. If set to 0 or a negative value, there is no minimum key version. This value only affects encryption/re-encryption, not decryption. To restrict old values from being decrypted, increase this value and then perform a trim operation.
	MinVersion int32 `json:"min_version"`
}

GoogleCloudKMSWriteKeyConfigRequest struct for GoogleCloudKMSWriteKeyConfigRequest

func NewGoogleCloudKMSWriteKeyConfigRequestWithDefaults ¶ 

func NewGoogleCloudKMSWriteKeyConfigRequestWithDefaults() *GoogleCloudKMSWriteKeyConfigRequest

NewGoogleCloudKMSWriteKeyConfigRequestWithDefaults instantiates a new GoogleCloudKMSWriteKeyConfigRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (GoogleCloudKMSWriteKeyConfigRequest) MarshalJSON ¶ 

func (o GoogleCloudKMSWriteKeyConfigRequest) MarshalJSON() ([]byte, error)

type GoogleCloudKMSWriteKeyRequest ¶ 

type GoogleCloudKMSWriteKeyRequest struct {
	// Algorithm to use for encryption, decryption, or signing. The value depends on the key purpose. The value cannot be changed after creation. For a key purpose of \"encrypt_decrypt\", the valid values are: - symmetric_encryption (default) For a key purpose of \"asymmetric_sign\", valid values are: - rsa_sign_pss_2048_sha256 - rsa_sign_pss_3072_sha256 - rsa_sign_pss_4096_sha256 - rsa_sign_pkcs1_2048_sha256 - rsa_sign_pkcs1_3072_sha256 - rsa_sign_pkcs1_4096_sha256 - ec_sign_p256_sha256 - ec_sign_p384_sha384 For a key purpose of \"asymmetric_decrypt\", valid values are: - rsa_decrypt_oaep_2048_sha256 - rsa_decrypt_oaep_3072_sha256 - rsa_decrypt_oaep_4096_sha256
	Algorithm string `json:"algorithm"`

	// Name of the crypto key to use. If the given crypto key does not exist, Vault will try to create it. This defaults to the name of the key given to Vault as the parameter if unspecified.
	CryptoKey string `json:"crypto_key"`

	// Full Google Cloud resource ID of the key ring with the project and location (e.g. projects/my-project/locations/global/keyRings/my-keyring). If the given key ring does not exist, Vault will try to create it during a create operation.
	KeyRing string `json:"key_ring"`

	// Arbitrary key=value label to apply to the crypto key. To specify multiple labels, specify this argument multiple times (e.g. labels=\"a=b\" labels=\"c=d\").
	Labels map[string]interface{} `json:"labels"`

	// Level of protection to use for the key management. Valid values are \"software\" and \"hsm\". The default value is \"software\". The value cannot be changed after creation.
	ProtectionLevel string `json:"protection_level"`

	// Purpose of the key. Valid options are \"asymmetric_decrypt\", \"asymmetric_sign\", and \"encrypt_decrypt\". The default value is \"encrypt_decrypt\". The value cannot be changed after creation.
	Purpose string `json:"purpose"`

	// Amount of time between crypto key version rotations. This is specified as a time duration value like 72h (72 hours). The smallest possible value is 24h. This value only applies to keys with a purpose of \"encrypt_decrypt\".
	RotationPeriod int32 `json:"rotation_period"`
}

GoogleCloudKMSWriteKeyRequest struct for GoogleCloudKMSWriteKeyRequest

func NewGoogleCloudKMSWriteKeyRequestWithDefaults ¶ 

func NewGoogleCloudKMSWriteKeyRequestWithDefaults() *GoogleCloudKMSWriteKeyRequest

NewGoogleCloudKMSWriteKeyRequestWithDefaults instantiates a new GoogleCloudKMSWriteKeyRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (GoogleCloudKMSWriteKeyRequest) MarshalJSON ¶ 

func (o GoogleCloudKMSWriteKeyRequest) MarshalJSON() ([]byte, error)

type GoogleCloudLoginRequest ¶ 

type GoogleCloudLoginRequest struct {
	// A signed JWT. This is either a self-signed service account JWT ('iam' roles only) or a GCE identity metadata token ('iam', 'gce' roles).
	Jwt string `json:"jwt"`

	// Name of the role against which the login is being attempted. Required.
	Role string `json:"role"`
}

GoogleCloudLoginRequest struct for GoogleCloudLoginRequest

func NewGoogleCloudLoginRequestWithDefaults ¶ 

func NewGoogleCloudLoginRequestWithDefaults() *GoogleCloudLoginRequest

NewGoogleCloudLoginRequestWithDefaults instantiates a new GoogleCloudLoginRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (GoogleCloudLoginRequest) MarshalJSON ¶ 

func (o GoogleCloudLoginRequest) MarshalJSON() ([]byte, error)

type GoogleCloudWriteAuthConfigRequest ¶ 

type GoogleCloudWriteAuthConfigRequest struct {
	// Google credentials JSON that Vault will use to verify users against GCP APIs. If not specified, will use application default credentials
	Credentials string `json:"credentials"`

	// Specifies overrides for various Google API Service Endpoints used in requests.
	CustomEndpoint map[string]interface{} `json:"custom_endpoint"`

	// Indicates what value to use when generating an alias for GCE authentications.
	GceAlias string `json:"gce_alias"`

	// The metadata to include on the aliases and audit logs generated by this plugin. When set to 'default', includes: instance_creation_timestamp, instance_id, instance_name, project_id, project_number, role, service_account_id, service_account_email, zone. Not editing this field means the 'default' fields are included. Explicitly setting this field to empty overrides the 'default' and means no metadata will be included. If not using 'default', explicit fields must be sent like: 'field1,field2'.
	GceMetadata []string `json:"gce_metadata"`

	// Deprecated. This field does nothing and be removed in a future release
	// Deprecated
	GoogleCertsEndpoint string `json:"google_certs_endpoint"`

	// Indicates what value to use when generating an alias for IAM authentications.
	IamAlias string `json:"iam_alias"`

	// The metadata to include on the aliases and audit logs generated by this plugin. When set to 'default', includes: project_id, role, service_account_id, service_account_email. Not editing this field means the 'default' fields are included. Explicitly setting this field to empty overrides the 'default' and means no metadata will be included. If not using 'default', explicit fields must be sent like: 'field1,field2'.
	IamMetadata []string `json:"iam_metadata"`
}

GoogleCloudWriteAuthConfigRequest struct for GoogleCloudWriteAuthConfigRequest

func NewGoogleCloudWriteAuthConfigRequestWithDefaults ¶ 

func NewGoogleCloudWriteAuthConfigRequestWithDefaults() *GoogleCloudWriteAuthConfigRequest

NewGoogleCloudWriteAuthConfigRequestWithDefaults instantiates a new GoogleCloudWriteAuthConfigRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (GoogleCloudWriteAuthConfigRequest) MarshalJSON ¶ 

func (o GoogleCloudWriteAuthConfigRequest) MarshalJSON() ([]byte, error)

type GoogleCloudWriteConfigRequest ¶ 

type GoogleCloudWriteConfigRequest struct {
	// GCP IAM service account credentials JSON with permissions to create new service accounts and set IAM policies
	Credentials string `json:"credentials"`

	// Maximum time a service account key is valid for. If <= 0, will use system default.
	MaxTtl int32 `json:"max_ttl"`

	// Default lease for generated keys. If <= 0, will use system default.
	Ttl int32 `json:"ttl"`
}

GoogleCloudWriteConfigRequest struct for GoogleCloudWriteConfigRequest

func NewGoogleCloudWriteConfigRequestWithDefaults ¶ 

func NewGoogleCloudWriteConfigRequestWithDefaults() *GoogleCloudWriteConfigRequest

NewGoogleCloudWriteConfigRequestWithDefaults instantiates a new GoogleCloudWriteConfigRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (GoogleCloudWriteConfigRequest) MarshalJSON ¶ 

func (o GoogleCloudWriteConfigRequest) MarshalJSON() ([]byte, error)

type GoogleCloudWriteKeyRequest ¶ 

type GoogleCloudWriteKeyRequest struct {
	// Private key algorithm for service account key - defaults to KEY_ALG_RSA_2048\"
	KeyAlgorithm string `json:"key_algorithm"`

	// Private key type for service account key - defaults to TYPE_GOOGLE_CREDENTIALS_FILE\"
	KeyType string `json:"key_type"`

	// Lifetime of the service account key
	Ttl int32 `json:"ttl"`
}

GoogleCloudWriteKeyRequest struct for GoogleCloudWriteKeyRequest

func NewGoogleCloudWriteKeyRequestWithDefaults ¶ 

func NewGoogleCloudWriteKeyRequestWithDefaults() *GoogleCloudWriteKeyRequest

NewGoogleCloudWriteKeyRequestWithDefaults instantiates a new GoogleCloudWriteKeyRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (GoogleCloudWriteKeyRequest) MarshalJSON ¶ 

func (o GoogleCloudWriteKeyRequest) MarshalJSON() ([]byte, error)

type GoogleCloudWriteRoleLabelsRequest ¶ 

type GoogleCloudWriteRoleLabelsRequest struct {
	// BoundLabels to add (in $key:$value)
	Add []string `json:"add"`

	// Label key values to remove
	Remove []string `json:"remove"`
}

GoogleCloudWriteRoleLabelsRequest struct for GoogleCloudWriteRoleLabelsRequest

func NewGoogleCloudWriteRoleLabelsRequestWithDefaults ¶ 

func NewGoogleCloudWriteRoleLabelsRequestWithDefaults() *GoogleCloudWriteRoleLabelsRequest

NewGoogleCloudWriteRoleLabelsRequestWithDefaults instantiates a new GoogleCloudWriteRoleLabelsRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (GoogleCloudWriteRoleLabelsRequest) MarshalJSON ¶ 

func (o GoogleCloudWriteRoleLabelsRequest) MarshalJSON() ([]byte, error)

type GoogleCloudWriteRoleRequest ¶ 

type GoogleCloudWriteRoleRequest struct {
	// If true, will add group aliases to auth tokens generated under this role. This will add the full list of ancestors (projects, folders, organizations) for the given entity's project. Requires IAM permission `resourcemanager.projects.get` on this project.
	AddGroupAliases bool `json:"add_group_aliases"`

	// 'iam' roles only. If false, Vault will not not allow GCE instances to login in against this role
	AllowGceInference bool `json:"allow_gce_inference"`

	// Deprecated: use \"bound_instance_groups\" instead.
	BoundInstanceGroup string `json:"bound_instance_group"`

	// Comma-separated list of permitted instance groups to which the GCE instance must belong. This option only applies to \"gce\" roles.
	BoundInstanceGroups []string `json:"bound_instance_groups"`

	// Comma-separated list of GCP labels formatted as\"key:value\" strings that must be present on the GCE instance in order to authenticate. This option only applies to \"gce\" roles.
	BoundLabels []string `json:"bound_labels"`

	// GCP Projects that authenticating entities must belong to.
	BoundProjects []string `json:"bound_projects"`

	// Deprecated: use \"bound_regions\" instead.
	BoundRegion string `json:"bound_region"`

	// Comma-separated list of permitted regions to which the GCE instance must belong. If a group is provided, it is assumed to be a regional group. If \"zone\" is provided, this option is ignored. This can be a self-link or region name. This option only applies to \"gce\" roles.
	BoundRegions []string `json:"bound_regions"`

	// Can be set for both 'iam' and 'gce' roles (required for 'iam'). A comma-seperated list of authorized service accounts. If the single value \"*\" is given, this is assumed to be all service accounts under the role's project. If this is set on a GCE role, the inferred service account from the instance metadata token will be used.
	BoundServiceAccounts []string `json:"bound_service_accounts"`

	// Deprecated: use \"bound_zones\" instead.
	BoundZone string `json:"bound_zone"`

	// Comma-separated list of permitted zones to which the GCE instance must belong. If a group is provided, it is assumed to be a zonal group. This can be a self-link or zone name. This option only applies to \"gce\" roles.
	BoundZones []string `json:"bound_zones"`

	// Currently enabled for 'iam' only. Duration in seconds from time of validation that a JWT must expire within.
	MaxJwtExp int32 `json:"max_jwt_exp"`

	// Use \"token_max_ttl\" instead. If this and \"token_max_ttl\" are both specified, only \"token_max_ttl\" will be used.
	// Deprecated
	MaxTtl int32 `json:"max_ttl"`

	// Use \"token_period\" instead. If this and \"token_period\" are both specified, only \"token_period\" will be used.
	// Deprecated
	Period int32 `json:"period"`

	// Use \"token_policies\" instead. If this and \"token_policies\" are both specified, only \"token_policies\" will be used.
	// Deprecated
	Policies []string `json:"policies"`

	// Deprecated: use \"bound_projects\" instead
	ProjectId string `json:"project_id"`

	// Deprecated: use \"bound_service_accounts\" instead.
	ServiceAccounts []string `json:"service_accounts"`

	// Comma separated string or JSON list of CIDR blocks. If set, specifies the blocks of IP addresses which are allowed to use the generated token.
	TokenBoundCidrs []string `json:"token_bound_cidrs"`

	// If set, tokens created via this role carry an explicit maximum TTL. During renewal, the current maximum TTL values of the role and the mount are not checked for changes, and any updates to these values will have no effect on the token being renewed.
	TokenExplicitMaxTtl int32 `json:"token_explicit_max_ttl"`

	// The maximum lifetime of the generated token
	TokenMaxTtl int32 `json:"token_max_ttl"`

	// If true, the 'default' policy will not automatically be added to generated tokens
	TokenNoDefaultPolicy bool `json:"token_no_default_policy"`

	// The maximum number of times a token may be used, a value of zero means unlimited
	TokenNumUses int32 `json:"token_num_uses"`

	// If set, tokens created via this role will have no max lifetime; instead, their renewal period will be fixed to this value. This takes an integer number of seconds, or a string duration (e.g. \"24h\").
	TokenPeriod int32 `json:"token_period"`

	// Comma-separated list of policies
	TokenPolicies []string `json:"token_policies"`

	// The initial ttl of the token to generate
	TokenTtl int32 `json:"token_ttl"`

	// The type of token to generate, service or batch
	TokenType string `json:"token_type"`

	// Use \"token_ttl\" instead. If this and \"token_ttl\" are both specified, only \"token_ttl\" will be used.
	// Deprecated
	Ttl int32 `json:"ttl"`

	// Type of the role. Currently supported: iam, gce
	Type string `json:"type"`
}

GoogleCloudWriteRoleRequest struct for GoogleCloudWriteRoleRequest

func NewGoogleCloudWriteRoleRequestWithDefaults ¶ 

func NewGoogleCloudWriteRoleRequestWithDefaults() *GoogleCloudWriteRoleRequest

NewGoogleCloudWriteRoleRequestWithDefaults instantiates a new GoogleCloudWriteRoleRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (GoogleCloudWriteRoleRequest) MarshalJSON ¶ 

func (o GoogleCloudWriteRoleRequest) MarshalJSON() ([]byte, error)

type GoogleCloudWriteRoleServiceAccountsRequest ¶ 

type GoogleCloudWriteRoleServiceAccountsRequest struct {
	// Service-account emails or IDs to add.
	Add []string `json:"add"`

	// Service-account emails or IDs to remove.
	Remove []string `json:"remove"`
}

GoogleCloudWriteRoleServiceAccountsRequest struct for GoogleCloudWriteRoleServiceAccountsRequest

func NewGoogleCloudWriteRoleServiceAccountsRequestWithDefaults ¶ 

func NewGoogleCloudWriteRoleServiceAccountsRequestWithDefaults() *GoogleCloudWriteRoleServiceAccountsRequest

NewGoogleCloudWriteRoleServiceAccountsRequestWithDefaults instantiates a new GoogleCloudWriteRoleServiceAccountsRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (GoogleCloudWriteRoleServiceAccountsRequest) MarshalJSON ¶ 

func (o GoogleCloudWriteRoleServiceAccountsRequest) MarshalJSON() ([]byte, error)

type GoogleCloudWriteRolesetKeyRequest ¶ 

type GoogleCloudWriteRolesetKeyRequest struct {
	// Private key algorithm for service account key - defaults to KEY_ALG_RSA_2048\"
	KeyAlgorithm string `json:"key_algorithm"`

	// Private key type for service account key - defaults to TYPE_GOOGLE_CREDENTIALS_FILE\"
	KeyType string `json:"key_type"`

	// Lifetime of the service account key
	Ttl int32 `json:"ttl"`
}

GoogleCloudWriteRolesetKeyRequest struct for GoogleCloudWriteRolesetKeyRequest

func NewGoogleCloudWriteRolesetKeyRequestWithDefaults ¶ 

func NewGoogleCloudWriteRolesetKeyRequestWithDefaults() *GoogleCloudWriteRolesetKeyRequest

NewGoogleCloudWriteRolesetKeyRequestWithDefaults instantiates a new GoogleCloudWriteRolesetKeyRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (GoogleCloudWriteRolesetKeyRequest) MarshalJSON ¶ 

func (o GoogleCloudWriteRolesetKeyRequest) MarshalJSON() ([]byte, error)

type GoogleCloudWriteRolesetRequest ¶ 

type GoogleCloudWriteRolesetRequest struct {
	// Bindings configuration string.
	Bindings string `json:"bindings"`

	// Name of the GCP project that this roleset's service account will belong to.
	Project string `json:"project"`

	// Type of secret generated for this role set. Defaults to 'access_token'
	SecretType string `json:"secret_type"`

	// List of OAuth scopes to assign to credentials generated under this role set
	TokenScopes []string `json:"token_scopes"`
}

GoogleCloudWriteRolesetRequest struct for GoogleCloudWriteRolesetRequest

func NewGoogleCloudWriteRolesetRequestWithDefaults ¶ 

func NewGoogleCloudWriteRolesetRequestWithDefaults() *GoogleCloudWriteRolesetRequest

NewGoogleCloudWriteRolesetRequestWithDefaults instantiates a new GoogleCloudWriteRolesetRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (GoogleCloudWriteRolesetRequest) MarshalJSON ¶ 

func (o GoogleCloudWriteRolesetRequest) MarshalJSON() ([]byte, error)

type GoogleCloudWriteStaticAccountKeyRequest ¶ 

type GoogleCloudWriteStaticAccountKeyRequest struct {
	// Private key algorithm for service account key. Defaults to KEY_ALG_RSA_2048.\"
	KeyAlgorithm string `json:"key_algorithm"`

	// Private key type for service account key. Defaults to TYPE_GOOGLE_CREDENTIALS_FILE.\"
	KeyType string `json:"key_type"`

	// Lifetime of the service account key
	Ttl int32 `json:"ttl"`
}

GoogleCloudWriteStaticAccountKeyRequest struct for GoogleCloudWriteStaticAccountKeyRequest

func NewGoogleCloudWriteStaticAccountKeyRequestWithDefaults ¶ 

func NewGoogleCloudWriteStaticAccountKeyRequestWithDefaults() *GoogleCloudWriteStaticAccountKeyRequest

NewGoogleCloudWriteStaticAccountKeyRequestWithDefaults instantiates a new GoogleCloudWriteStaticAccountKeyRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (GoogleCloudWriteStaticAccountKeyRequest) MarshalJSON ¶ 

func (o GoogleCloudWriteStaticAccountKeyRequest) MarshalJSON() ([]byte, error)

type GoogleCloudWriteStaticAccountRequest ¶ 

type GoogleCloudWriteStaticAccountRequest struct {
	// Bindings configuration string.
	Bindings string `json:"bindings"`

	// Type of secret generated for this account. Cannot be updated. Defaults to \"access_token\"
	SecretType string `json:"secret_type"`

	// Required. Email of the GCP service account to manage. Cannot be updated.
	ServiceAccountEmail string `json:"service_account_email"`

	// List of OAuth scopes to assign to access tokens generated under this account. Ignored if \"secret_type\" is not \"\"access_token\"\"
	TokenScopes []string `json:"token_scopes"`
}

GoogleCloudWriteStaticAccountRequest struct for GoogleCloudWriteStaticAccountRequest

func NewGoogleCloudWriteStaticAccountRequestWithDefaults ¶ 

func NewGoogleCloudWriteStaticAccountRequestWithDefaults() *GoogleCloudWriteStaticAccountRequest

NewGoogleCloudWriteStaticAccountRequestWithDefaults instantiates a new GoogleCloudWriteStaticAccountRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (GoogleCloudWriteStaticAccountRequest) MarshalJSON ¶ 

func (o GoogleCloudWriteStaticAccountRequest) MarshalJSON() ([]byte, error)

type GroupLookupRequest ¶ 

type GroupLookupRequest struct {
	// ID of the alias.
	AliasId string `json:"alias_id"`

	// Accessor of the mount to which the alias belongs to. This should be supplied in conjunction with 'alias_name'.
	AliasMountAccessor string `json:"alias_mount_accessor"`

	// Name of the alias. This should be supplied in conjunction with 'alias_mount_accessor'.
	AliasName string `json:"alias_name"`

	// ID of the group.
	Id string `json:"id"`

	// Name of the group.
	Name string `json:"name"`
}

GroupLookupRequest struct for GroupLookupRequest

func NewGroupLookupRequestWithDefaults ¶ 

func NewGroupLookupRequestWithDefaults() *GroupLookupRequest

NewGroupLookupRequestWithDefaults instantiates a new GroupLookupRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (GroupLookupRequest) MarshalJSON ¶ 

func (o GroupLookupRequest) MarshalJSON() ([]byte, error)

type GroupWriteAliasByIDRequest ¶ 

type GroupWriteAliasByIDRequest struct {
	// ID of the group to which this is an alias.
	CanonicalId string `json:"canonical_id"`

	// Mount accessor to which this alias belongs to.
	MountAccessor string `json:"mount_accessor"`

	// Alias of the group.
	Name string `json:"name"`
}

GroupWriteAliasByIDRequest struct for GroupWriteAliasByIDRequest

func NewGroupWriteAliasByIDRequestWithDefaults ¶ 

func NewGroupWriteAliasByIDRequestWithDefaults() *GroupWriteAliasByIDRequest

NewGroupWriteAliasByIDRequestWithDefaults instantiates a new GroupWriteAliasByIDRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (GroupWriteAliasByIDRequest) MarshalJSON ¶ 

func (o GroupWriteAliasByIDRequest) MarshalJSON() ([]byte, error)

type GroupWriteAliasRequest ¶ 

type GroupWriteAliasRequest struct {
	// ID of the group to which this is an alias.
	CanonicalId string `json:"canonical_id"`

	// ID of the group alias.
	Id string `json:"id"`

	// Mount accessor to which this alias belongs to.
	MountAccessor string `json:"mount_accessor"`

	// Alias of the group.
	Name string `json:"name"`
}

GroupWriteAliasRequest struct for GroupWriteAliasRequest

func NewGroupWriteAliasRequestWithDefaults ¶ 

func NewGroupWriteAliasRequestWithDefaults() *GroupWriteAliasRequest

NewGroupWriteAliasRequestWithDefaults instantiates a new GroupWriteAliasRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (GroupWriteAliasRequest) MarshalJSON ¶ 

func (o GroupWriteAliasRequest) MarshalJSON() ([]byte, error)

type GroupWriteByIDRequest ¶ 

type GroupWriteByIDRequest struct {
	// Entity IDs to be assigned as group members.
	MemberEntityIds []string `json:"member_entity_ids"`

	// Group IDs to be assigned as group members.
	MemberGroupIds []string `json:"member_group_ids"`

	// Metadata to be associated with the group. In CLI, this parameter can be repeated multiple times, and it all gets merged together. For example: vault <command> <path> metadata=key1=value1 metadata=key2=value2
	Metadata map[string]interface{} `json:"metadata"`

	// Name of the group.
	Name string `json:"name"`

	// Policies to be tied to the group.
	Policies []string `json:"policies"`

	// Type of the group, 'internal' or 'external'. Defaults to 'internal'
	Type string `json:"type"`
}

GroupWriteByIDRequest struct for GroupWriteByIDRequest

func NewGroupWriteByIDRequestWithDefaults ¶ 

func NewGroupWriteByIDRequestWithDefaults() *GroupWriteByIDRequest

NewGroupWriteByIDRequestWithDefaults instantiates a new GroupWriteByIDRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (GroupWriteByIDRequest) MarshalJSON ¶ 

func (o GroupWriteByIDRequest) MarshalJSON() ([]byte, error)

type GroupWriteByNameRequest ¶ 

type GroupWriteByNameRequest struct {
	// ID of the group. If set, updates the corresponding existing group.
	Id string `json:"id"`

	// Entity IDs to be assigned as group members.
	MemberEntityIds []string `json:"member_entity_ids"`

	// Group IDs to be assigned as group members.
	MemberGroupIds []string `json:"member_group_ids"`

	// Metadata to be associated with the group. In CLI, this parameter can be repeated multiple times, and it all gets merged together. For example: vault <command> <path> metadata=key1=value1 metadata=key2=value2
	Metadata map[string]interface{} `json:"metadata"`

	// Policies to be tied to the group.
	Policies []string `json:"policies"`

	// Type of the group, 'internal' or 'external'. Defaults to 'internal'
	Type string `json:"type"`
}

GroupWriteByNameRequest struct for GroupWriteByNameRequest

func NewGroupWriteByNameRequestWithDefaults ¶ 

func NewGroupWriteByNameRequestWithDefaults() *GroupWriteByNameRequest

NewGroupWriteByNameRequestWithDefaults instantiates a new GroupWriteByNameRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (GroupWriteByNameRequest) MarshalJSON ¶ 

func (o GroupWriteByNameRequest) MarshalJSON() ([]byte, error)

type GroupWriteRequest ¶ 

type GroupWriteRequest struct {
	// ID of the group. If set, updates the corresponding existing group.
	Id string `json:"id"`

	// Entity IDs to be assigned as group members.
	MemberEntityIds []string `json:"member_entity_ids"`

	// Group IDs to be assigned as group members.
	MemberGroupIds []string `json:"member_group_ids"`

	// Metadata to be associated with the group. In CLI, this parameter can be repeated multiple times, and it all gets merged together. For example: vault <command> <path> metadata=key1=value1 metadata=key2=value2
	Metadata map[string]interface{} `json:"metadata"`

	// Name of the group.
	Name string `json:"name"`

	// Policies to be tied to the group.
	Policies []string `json:"policies"`

	// Type of the group, 'internal' or 'external'. Defaults to 'internal'
	Type string `json:"type"`
}

GroupWriteRequest struct for GroupWriteRequest

func NewGroupWriteRequestWithDefaults ¶ 

func NewGroupWriteRequestWithDefaults() *GroupWriteRequest

NewGroupWriteRequestWithDefaults instantiates a new GroupWriteRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (GroupWriteRequest) MarshalJSON ¶ 

func (o GroupWriteRequest) MarshalJSON() ([]byte, error)

type JWTLoginRequest ¶ 

type JWTLoginRequest struct {
	// The signed JWT to validate.
	Jwt string `json:"jwt"`

	// The role to log in against.
	Role string `json:"role"`
}

JWTLoginRequest struct for JWTLoginRequest

func NewJWTLoginRequestWithDefaults ¶ 

func NewJWTLoginRequestWithDefaults() *JWTLoginRequest

NewJWTLoginRequestWithDefaults instantiates a new JWTLoginRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (JWTLoginRequest) MarshalJSON ¶ 

func (o JWTLoginRequest) MarshalJSON() ([]byte, error)

type JWTWriteConfigRequest ¶ 

type JWTWriteConfigRequest struct {
	// The value against which to match the 'iss' claim in a JWT. Optional.
	BoundIssuer string `json:"bound_issuer"`

	// The default role to use if none is provided during login. If not set, a role is required during login.
	DefaultRole string `json:"default_role"`

	// The CA certificate or chain of certificates, in PEM format, to use to validate connections to the JWKS URL. If not set, system certificates are used.
	JwksCaPem string `json:"jwks_ca_pem"`

	// JWKS URL to use to authenticate signatures. Cannot be used with \"oidc_discovery_url\" or \"jwt_validation_pubkeys\".
	JwksUrl string `json:"jwks_url"`

	// A list of supported signing algorithms. Defaults to RS256.
	JwtSupportedAlgs []string `json:"jwt_supported_algs"`

	// A list of PEM-encoded public keys to use to authenticate signatures locally. Cannot be used with \"jwks_url\" or \"oidc_discovery_url\".
	JwtValidationPubkeys []string `json:"jwt_validation_pubkeys"`

	// Pass namespace in the OIDC state parameter instead of as a separate query parameter. With this setting, the allowed redirect URL(s) in Vault and on the provider side should not contain a namespace query parameter. This means only one redirect URL entry needs to be maintained on the provider side for all vault namespaces that will be authenticating against it. Defaults to true for new configs.
	NamespaceInState bool `json:"namespace_in_state"`

	// The OAuth Client ID configured with your OIDC provider.
	OidcClientId string `json:"oidc_client_id"`

	// The OAuth Client Secret configured with your OIDC provider.
	OidcClientSecret string `json:"oidc_client_secret"`

	// The CA certificate or chain of certificates, in PEM format, to use to validate connections to the OIDC Discovery URL. If not set, system certificates are used.
	OidcDiscoveryCaPem string `json:"oidc_discovery_ca_pem"`

	// OIDC Discovery URL, without any .well-known component (base path). Cannot be used with \"jwks_url\" or \"jwt_validation_pubkeys\".
	OidcDiscoveryUrl string `json:"oidc_discovery_url"`

	// The response mode to be used in the OAuth2 request. Allowed values are 'query' and 'form_post'.
	OidcResponseMode string `json:"oidc_response_mode"`

	// The response types to request. Allowed values are 'code' and 'id_token'. Defaults to 'code'.
	OidcResponseTypes []string `json:"oidc_response_types"`

	// Provider-specific configuration. Optional.
	ProviderConfig map[string]interface{} `json:"provider_config"`
}

JWTWriteConfigRequest struct for JWTWriteConfigRequest

func NewJWTWriteConfigRequestWithDefaults ¶ 

func NewJWTWriteConfigRequestWithDefaults() *JWTWriteConfigRequest

NewJWTWriteConfigRequestWithDefaults instantiates a new JWTWriteConfigRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (JWTWriteConfigRequest) MarshalJSON ¶ 

func (o JWTWriteConfigRequest) MarshalJSON() ([]byte, error)

type JWTWriteOIDCAuthURLRequest ¶ 

type JWTWriteOIDCAuthURLRequest struct {
	// Optional client-provided nonce that must match during callback, if present.
	ClientNonce string `json:"client_nonce"`

	// The OAuth redirect_uri to use in the authorization URL.
	RedirectUri string `json:"redirect_uri"`

	// The role to issue an OIDC authorization URL against.
	Role string `json:"role"`
}

JWTWriteOIDCAuthURLRequest struct for JWTWriteOIDCAuthURLRequest

func NewJWTWriteOIDCAuthURLRequestWithDefaults ¶ 

func NewJWTWriteOIDCAuthURLRequestWithDefaults() *JWTWriteOIDCAuthURLRequest

NewJWTWriteOIDCAuthURLRequestWithDefaults instantiates a new JWTWriteOIDCAuthURLRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (JWTWriteOIDCAuthURLRequest) MarshalJSON ¶ 

func (o JWTWriteOIDCAuthURLRequest) MarshalJSON() ([]byte, error)

type JWTWriteOIDCCallbackRequest ¶ 

type JWTWriteOIDCCallbackRequest struct {
	ClientNonce string `json:"client_nonce"`

	Code string `json:"code"`

	IdToken string `json:"id_token"`

	State string `json:"state"`
}

JWTWriteOIDCCallbackRequest struct for JWTWriteOIDCCallbackRequest

func NewJWTWriteOIDCCallbackRequestWithDefaults ¶ 

func NewJWTWriteOIDCCallbackRequestWithDefaults() *JWTWriteOIDCCallbackRequest

NewJWTWriteOIDCCallbackRequestWithDefaults instantiates a new JWTWriteOIDCCallbackRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (JWTWriteOIDCCallbackRequest) MarshalJSON ¶ 

func (o JWTWriteOIDCCallbackRequest) MarshalJSON() ([]byte, error)

type JWTWriteRoleRequest ¶ 

type JWTWriteRoleRequest struct {
	// Comma-separated list of allowed values for redirect_uri
	AllowedRedirectUris []string `json:"allowed_redirect_uris"`

	// Comma-separated list of 'aud' claims that are valid for login; any match is sufficient
	BoundAudiences []string `json:"bound_audiences"`

	// Use \"token_bound_cidrs\" instead. If this and \"token_bound_cidrs\" are both specified, only \"token_bound_cidrs\" will be used.
	// Deprecated
	BoundCidrs []string `json:"bound_cidrs"`

	// Map of claims/values which must match for login
	BoundClaims map[string]interface{} `json:"bound_claims"`

	// How to interpret values in the map of claims/values (which must match for login): allowed values are 'string' or 'glob'
	BoundClaimsType string `json:"bound_claims_type"`

	// The 'sub' claim that is valid for login. Optional.
	BoundSubject string `json:"bound_subject"`

	// Mappings of claims (key) that will be copied to a metadata field (value)
	ClaimMappings map[string]interface{} `json:"claim_mappings"`

	// Duration in seconds of leeway when validating all claims to account for clock skew. Defaults to 60 (1 minute) if set to 0 and can be disabled if set to -1.
	ClockSkewLeeway int32 `json:"clock_skew_leeway"`

	// Duration in seconds of leeway when validating expiration of a token to account for clock skew. Defaults to 150 (2.5 minutes) if set to 0 and can be disabled if set to -1.
	ExpirationLeeway int32 `json:"expiration_leeway"`

	// The claim to use for the Identity group alias names
	GroupsClaim string `json:"groups_claim"`

	// Specifies the allowable elapsed time in seconds since the last time the user was actively authenticated.
	MaxAge int32 `json:"max_age"`

	// Use \"token_max_ttl\" instead. If this and \"token_max_ttl\" are both specified, only \"token_max_ttl\" will be used.
	// Deprecated
	MaxTtl int32 `json:"max_ttl"`

	// Duration in seconds of leeway when validating not before values of a token to account for clock skew. Defaults to 150 (2.5 minutes) if set to 0 and can be disabled if set to -1.
	NotBeforeLeeway int32 `json:"not_before_leeway"`

	// Use \"token_num_uses\" instead. If this and \"token_num_uses\" are both specified, only \"token_num_uses\" will be used.
	// Deprecated
	NumUses int32 `json:"num_uses"`

	// Comma-separated list of OIDC scopes
	OidcScopes []string `json:"oidc_scopes"`

	// Use \"token_period\" instead. If this and \"token_period\" are both specified, only \"token_period\" will be used.
	// Deprecated
	Period int32 `json:"period"`

	// Use \"token_policies\" instead. If this and \"token_policies\" are both specified, only \"token_policies\" will be used.
	// Deprecated
	Policies []string `json:"policies"`

	// Type of the role, either 'jwt' or 'oidc'.
	RoleType string `json:"role_type"`

	// Comma separated string or JSON list of CIDR blocks. If set, specifies the blocks of IP addresses which are allowed to use the generated token.
	TokenBoundCidrs []string `json:"token_bound_cidrs"`

	// If set, tokens created via this role carry an explicit maximum TTL. During renewal, the current maximum TTL values of the role and the mount are not checked for changes, and any updates to these values will have no effect on the token being renewed.
	TokenExplicitMaxTtl int32 `json:"token_explicit_max_ttl"`

	// The maximum lifetime of the generated token
	TokenMaxTtl int32 `json:"token_max_ttl"`

	// If true, the 'default' policy will not automatically be added to generated tokens
	TokenNoDefaultPolicy bool `json:"token_no_default_policy"`

	// The maximum number of times a token may be used, a value of zero means unlimited
	TokenNumUses int32 `json:"token_num_uses"`

	// If set, tokens created via this role will have no max lifetime; instead, their renewal period will be fixed to this value. This takes an integer number of seconds, or a string duration (e.g. \"24h\").
	TokenPeriod int32 `json:"token_period"`

	// Comma-separated list of policies
	TokenPolicies []string `json:"token_policies"`

	// The initial ttl of the token to generate
	TokenTtl int32 `json:"token_ttl"`

	// The type of token to generate, service or batch
	TokenType string `json:"token_type"`

	// Use \"token_ttl\" instead. If this and \"token_ttl\" are both specified, only \"token_ttl\" will be used.
	// Deprecated
	Ttl int32 `json:"ttl"`

	// The claim to use for the Identity entity alias name
	UserClaim string `json:"user_claim"`

	// If true, the user_claim value will use JSON pointer syntax for referencing claims.
	UserClaimJsonPointer bool `json:"user_claim_json_pointer"`

	// Log received OIDC tokens and claims when debug-level logging is active. Not recommended in production since sensitive information may be present in OIDC responses.
	VerboseOidcLogging bool `json:"verbose_oidc_logging"`
}

JWTWriteRoleRequest struct for JWTWriteRoleRequest

func NewJWTWriteRoleRequestWithDefaults ¶ 

func NewJWTWriteRoleRequestWithDefaults() *JWTWriteRoleRequest

NewJWTWriteRoleRequestWithDefaults instantiates a new JWTWriteRoleRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (JWTWriteRoleRequest) MarshalJSON ¶ 

func (o JWTWriteRoleRequest) MarshalJSON() ([]byte, error)

type KVv2DeleteVersionsRequest ¶ 

type KVv2DeleteVersionsRequest struct {
	// The versions to be archived. The versioned data will not be deleted, but it will no longer be returned in normal get requests.
	Versions []int32 `json:"versions"`
}

KVv2DeleteVersionsRequest struct for KVv2DeleteVersionsRequest

func NewKVv2DeleteVersionsRequestWithDefaults ¶ 

func NewKVv2DeleteVersionsRequestWithDefaults() *KVv2DeleteVersionsRequest

NewKVv2DeleteVersionsRequestWithDefaults instantiates a new KVv2DeleteVersionsRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (KVv2DeleteVersionsRequest) MarshalJSON ¶ 

func (o KVv2DeleteVersionsRequest) MarshalJSON() ([]byte, error)

type KVv2DestroyVersionsRequest ¶ 

type KVv2DestroyVersionsRequest struct {
	// The versions to destroy. Their data will be permanently deleted.
	Versions []int32 `json:"versions"`
}

KVv2DestroyVersionsRequest struct for KVv2DestroyVersionsRequest

func NewKVv2DestroyVersionsRequestWithDefaults ¶ 

func NewKVv2DestroyVersionsRequestWithDefaults() *KVv2DestroyVersionsRequest

NewKVv2DestroyVersionsRequestWithDefaults instantiates a new KVv2DestroyVersionsRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (KVv2DestroyVersionsRequest) MarshalJSON ¶ 

func (o KVv2DestroyVersionsRequest) MarshalJSON() ([]byte, error)

type KVv2UndeleteVersionsRequest ¶ 

type KVv2UndeleteVersionsRequest struct {
	// The versions to unarchive. The versions will be restored and their data will be returned on normal get requests.
	Versions []int32 `json:"versions"`
}

KVv2UndeleteVersionsRequest struct for KVv2UndeleteVersionsRequest

func NewKVv2UndeleteVersionsRequestWithDefaults ¶ 

func NewKVv2UndeleteVersionsRequestWithDefaults() *KVv2UndeleteVersionsRequest

NewKVv2UndeleteVersionsRequestWithDefaults instantiates a new KVv2UndeleteVersionsRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (KVv2UndeleteVersionsRequest) MarshalJSON ¶ 

func (o KVv2UndeleteVersionsRequest) MarshalJSON() ([]byte, error)

type KVv2WriteConfigRequest ¶ 

type KVv2WriteConfigRequest struct {
	// If true, the backend will require the cas parameter to be set for each write
	CasRequired bool `json:"cas_required"`

	// If set, the length of time before a version is deleted. A negative duration disables the use of delete_version_after on all keys. A zero duration clears the current setting. Accepts a Go duration format string.
	DeleteVersionAfter int32 `json:"delete_version_after"`

	// The number of versions to keep for each key. Defaults to 10
	MaxVersions int32 `json:"max_versions"`
}

KVv2WriteConfigRequest struct for KVv2WriteConfigRequest

func NewKVv2WriteConfigRequestWithDefaults ¶ 

func NewKVv2WriteConfigRequestWithDefaults() *KVv2WriteConfigRequest

NewKVv2WriteConfigRequestWithDefaults instantiates a new KVv2WriteConfigRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (KVv2WriteConfigRequest) MarshalJSON ¶ 

func (o KVv2WriteConfigRequest) MarshalJSON() ([]byte, error)

type KVv2WriteMetadataRequest ¶ 

type KVv2WriteMetadataRequest struct {
	// If true the key will require the cas parameter to be set on all write requests. If false, the backend’s configuration will be used.
	CasRequired bool `json:"cas_required"`

	// User-provided key-value pairs that are used to describe arbitrary and version-agnostic information about a secret.
	CustomMetadata map[string]interface{} `json:"custom_metadata"`

	// The length of time before a version is deleted. If not set, the backend's configured delete_version_after is used. Cannot be greater than the backend's delete_version_after. A zero duration clears the current setting. A negative duration will cause an error.
	DeleteVersionAfter int32 `json:"delete_version_after"`

	// The number of versions to keep. If not set, the backend’s configured max version is used.
	MaxVersions int32 `json:"max_versions"`
}

KVv2WriteMetadataRequest struct for KVv2WriteMetadataRequest

func NewKVv2WriteMetadataRequestWithDefaults ¶ 

func NewKVv2WriteMetadataRequestWithDefaults() *KVv2WriteMetadataRequest

NewKVv2WriteMetadataRequestWithDefaults instantiates a new KVv2WriteMetadataRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (KVv2WriteMetadataRequest) MarshalJSON ¶ 

func (o KVv2WriteMetadataRequest) MarshalJSON() ([]byte, error)

type KVv2WriteRequest ¶ 

type KVv2WriteRequest struct {
	// The contents of the data map will be stored and returned on read.
	Data map[string]interface{} `json:"data"`

	// Options for writing a KV entry. Set the \"cas\" value to use a Check-And-Set operation. If not set the write will be allowed. If set to 0 a write will only be allowed if the key doesn’t exist. If the index is non-zero the write will only be allowed if the key’s current version matches the version specified in the cas parameter.
	Options map[string]interface{} `json:"options"`

	// If provided during a read, the value at the version number will be returned
	Version int32 `json:"version"`
}

KVv2WriteRequest struct for KVv2WriteRequest

func NewKVv2WriteRequestWithDefaults ¶ 

func NewKVv2WriteRequestWithDefaults() *KVv2WriteRequest

NewKVv2WriteRequestWithDefaults instantiates a new KVv2WriteRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (KVv2WriteRequest) MarshalJSON ¶ 

func (o KVv2WriteRequest) MarshalJSON() ([]byte, error)

type KerberosLoginRequest ¶ 

type KerberosLoginRequest struct {
	// SPNEGO Authorization header. Required.
	Authorization string `json:"authorization"`
}

KerberosLoginRequest struct for KerberosLoginRequest

func NewKerberosLoginRequestWithDefaults ¶ 

func NewKerberosLoginRequestWithDefaults() *KerberosLoginRequest

NewKerberosLoginRequestWithDefaults instantiates a new KerberosLoginRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (KerberosLoginRequest) MarshalJSON ¶ 

func (o KerberosLoginRequest) MarshalJSON() ([]byte, error)

type KerberosWriteConfigRequest ¶ 

type KerberosWriteConfigRequest struct {
	// If set to true, returns any groups found in LDAP as a group alias.
	AddGroupAliases bool `json:"add_group_aliases"`

	// Base64 encoded keytab
	Keytab string `json:"keytab"`

	// Remove instance/FQDN from keytab principal names.
	RemoveInstanceName bool `json:"remove_instance_name"`

	// Service Account
	ServiceAccount string `json:"service_account"`
}

KerberosWriteConfigRequest struct for KerberosWriteConfigRequest

func NewKerberosWriteConfigRequestWithDefaults ¶ 

func NewKerberosWriteConfigRequestWithDefaults() *KerberosWriteConfigRequest

NewKerberosWriteConfigRequestWithDefaults instantiates a new KerberosWriteConfigRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (KerberosWriteConfigRequest) MarshalJSON ¶ 

func (o KerberosWriteConfigRequest) MarshalJSON() ([]byte, error)

type KerberosWriteGroupRequest ¶ 

type KerberosWriteGroupRequest struct {
	// Comma-separated list of policies associated to the group.
	Policies []string `json:"policies"`
}

KerberosWriteGroupRequest struct for KerberosWriteGroupRequest

func NewKerberosWriteGroupRequestWithDefaults ¶ 

func NewKerberosWriteGroupRequestWithDefaults() *KerberosWriteGroupRequest

NewKerberosWriteGroupRequestWithDefaults instantiates a new KerberosWriteGroupRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (KerberosWriteGroupRequest) MarshalJSON ¶ 

func (o KerberosWriteGroupRequest) MarshalJSON() ([]byte, error)

type KerberosWriteLDAPConfigRequest ¶ 

type KerberosWriteLDAPConfigRequest struct {
	// Use anonymous binds when performing LDAP group searches (if true the initial credentials will still be used for the initial connection test).
	AnonymousGroupSearch bool `json:"anonymous_group_search"`

	// LDAP DN for searching for the user DN (optional)
	Binddn string `json:"binddn"`

	// LDAP password for searching for the user DN (optional)
	Bindpass string `json:"bindpass"`

	// If true, case sensitivity will be used when comparing usernames and groups for matching policies.
	CaseSensitiveNames bool `json:"case_sensitive_names"`

	// CA certificate to use when verifying LDAP server certificate, must be x509 PEM encoded (optional)
	Certificate string `json:"certificate"`

	// Client certificate to provide to the LDAP server, must be x509 PEM encoded (optional)
	ClientTlsCert string `json:"client_tls_cert"`

	// Client certificate key to provide to the LDAP server, must be x509 PEM encoded (optional)
	ClientTlsKey string `json:"client_tls_key"`

	// Denies an unauthenticated LDAP bind request if the user's password is empty; defaults to true
	DenyNullBind bool `json:"deny_null_bind"`

	// Use anonymous bind to discover the bind DN of a user (optional)
	Discoverdn bool `json:"discoverdn"`

	// LDAP attribute to follow on objects returned by <groupfilter> in order to enumerate user group membership. Examples: \"cn\" or \"memberOf\", etc. Default: cn
	Groupattr string `json:"groupattr"`

	// LDAP search base to use for group membership search (eg: ou=Groups,dc=example,dc=org)
	Groupdn string `json:"groupdn"`

	// Go template for querying group membership of user (optional) The template can access the following context variables: UserDN, Username Example: (&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}})) Default: (|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}}))
	Groupfilter string `json:"groupfilter"`

	// Skip LDAP server SSL Certificate verification - VERY insecure (optional)
	InsecureTls bool `json:"insecure_tls"`

	// Timeout, in seconds, for the connection when making requests against the server before returning back an error.
	RequestTimeout int32 `json:"request_timeout"`

	// Issue a StartTLS command after establishing unencrypted connection (optional)
	Starttls bool `json:"starttls"`

	// Maximum TLS version to use. Accepted values are 'tls10', 'tls11', 'tls12' or 'tls13'. Defaults to 'tls12'
	TlsMaxVersion string `json:"tls_max_version"`

	// Minimum TLS version to use. Accepted values are 'tls10', 'tls11', 'tls12' or 'tls13'. Defaults to 'tls12'
	TlsMinVersion string `json:"tls_min_version"`

	// Comma separated string or JSON list of CIDR blocks. If set, specifies the blocks of IP addresses which are allowed to use the generated token.
	TokenBoundCidrs []string `json:"token_bound_cidrs"`

	// If set, tokens created via this role carry an explicit maximum TTL. During renewal, the current maximum TTL values of the role and the mount are not checked for changes, and any updates to these values will have no effect on the token being renewed.
	TokenExplicitMaxTtl int32 `json:"token_explicit_max_ttl"`

	// The maximum lifetime of the generated token
	TokenMaxTtl int32 `json:"token_max_ttl"`

	// If true, the 'default' policy will not automatically be added to generated tokens
	TokenNoDefaultPolicy bool `json:"token_no_default_policy"`

	// The maximum number of times a token may be used, a value of zero means unlimited
	TokenNumUses int32 `json:"token_num_uses"`

	// If set, tokens created via this role will have no max lifetime; instead, their renewal period will be fixed to this value. This takes an integer number of seconds, or a string duration (e.g. \"24h\").
	TokenPeriod int32 `json:"token_period"`

	// Comma-separated list of policies. This will apply to all tokens generated by this auth method, in addition to any configured for specific users/groups.
	TokenPolicies []string `json:"token_policies"`

	// The initial ttl of the token to generate
	TokenTtl int32 `json:"token_ttl"`

	// The type of token to generate, service or batch
	TokenType string `json:"token_type"`

	// Enables userPrincipalDomain login with [username]@UPNDomain (optional)
	Upndomain string `json:"upndomain"`

	// LDAP URL to connect to (default: ldap://127.0.0.1). Multiple URLs can be specified by concatenating them with commas; they will be tried in-order.
	Url string `json:"url"`

	// In Vault 1.1.1 a fix for handling group CN values of different cases unfortunately introduced a regression that could cause previously defined groups to not be found due to a change in the resulting name. If set true, the pre-1.1.1 behavior for matching group CNs will be used. This is only needed in some upgrade scenarios for backwards compatibility. It is enabled by default if the config is upgraded but disabled by default on new configurations.
	UsePre111GroupCnBehavior bool `json:"use_pre111_group_cn_behavior"`

	// If true, use the Active Directory tokenGroups constructed attribute of the user to find the group memberships. This will find all security groups including nested ones.
	UseTokenGroups bool `json:"use_token_groups"`

	// Attribute used for users (default: cn)
	Userattr string `json:"userattr"`

	// LDAP domain to use for users (eg: ou=People,dc=example,dc=org)
	Userdn string `json:"userdn"`

	// Go template for LDAP user search filer (optional) The template can access the following context variables: UserAttr, Username Default: ({{.UserAttr}}={{.Username}})
	Userfilter string `json:"userfilter"`

	// If true, sets the alias name to the username
	UsernameAsAlias bool `json:"username_as_alias"`
}

KerberosWriteLDAPConfigRequest struct for KerberosWriteLDAPConfigRequest

func NewKerberosWriteLDAPConfigRequestWithDefaults ¶ 

func NewKerberosWriteLDAPConfigRequestWithDefaults() *KerberosWriteLDAPConfigRequest

NewKerberosWriteLDAPConfigRequestWithDefaults instantiates a new KerberosWriteLDAPConfigRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (KerberosWriteLDAPConfigRequest) MarshalJSON ¶ 

func (o KerberosWriteLDAPConfigRequest) MarshalJSON() ([]byte, error)

type KubernetesLoginRequest ¶ 

type KubernetesLoginRequest struct {
	// A signed JWT for authenticating a service account. This field is required.
	Jwt string `json:"jwt"`

	// Name of the role against which the login is being attempted. This field is required
	Role string `json:"role"`
}

KubernetesLoginRequest struct for KubernetesLoginRequest

func NewKubernetesLoginRequestWithDefaults ¶ 

func NewKubernetesLoginRequestWithDefaults() *KubernetesLoginRequest

NewKubernetesLoginRequestWithDefaults instantiates a new KubernetesLoginRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (KubernetesLoginRequest) MarshalJSON ¶ 

func (o KubernetesLoginRequest) MarshalJSON() ([]byte, error)

type KubernetesWriteAuthConfigRequest ¶ 

type KubernetesWriteAuthConfigRequest struct {
	// Disable JWT issuer validation (Deprecated, will be removed in a future release)
	// Deprecated
	DisableIssValidation bool `json:"disable_iss_validation"`

	// Disable defaulting to the local CA cert and service account JWT when running in a Kubernetes pod
	DisableLocalCaJwt bool `json:"disable_local_ca_jwt"`

	// Optional JWT issuer. If no issuer is specified, then this plugin will use kubernetes.io/serviceaccount as the default issuer. (Deprecated, will be removed in a future release)
	// Deprecated
	Issuer string `json:"issuer"`

	// PEM encoded CA cert for use by the TLS client used to talk with the API.
	KubernetesCaCert string `json:"kubernetes_ca_cert"`

	// Host must be a host string, a host:port pair, or a URL to the base of the Kubernetes API server.
	KubernetesHost string `json:"kubernetes_host"`

	// Optional list of PEM-formated public keys or certificates used to verify the signatures of kubernetes service account JWTs. If a certificate is given, its public key will be extracted. Not every installation of Kubernetes exposes these keys.
	PemKeys []string `json:"pem_keys"`

	// A service account JWT used to access the TokenReview API to validate other JWTs during login. If not set the JWT used for login will be used to access the API.
	TokenReviewerJwt string `json:"token_reviewer_jwt"`
}

KubernetesWriteAuthConfigRequest struct for KubernetesWriteAuthConfigRequest

func NewKubernetesWriteAuthConfigRequestWithDefaults ¶ 

func NewKubernetesWriteAuthConfigRequestWithDefaults() *KubernetesWriteAuthConfigRequest

NewKubernetesWriteAuthConfigRequestWithDefaults instantiates a new KubernetesWriteAuthConfigRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (KubernetesWriteAuthConfigRequest) MarshalJSON ¶ 

func (o KubernetesWriteAuthConfigRequest) MarshalJSON() ([]byte, error)

type KubernetesWriteAuthRoleRequest ¶ 

type KubernetesWriteAuthRoleRequest struct {
	// Source to use when deriving the Alias name. valid choices: \"serviceaccount_uid\" : <token.uid> e.g. 474b11b5-0f20-4f9d-8ca5-65715ab325e0 (most secure choice) \"serviceaccount_name\" : <namespace>/<serviceaccount> e.g. vault/vault-agent default: \"serviceaccount_uid\"
	AliasNameSource string `json:"alias_name_source"`

	// Optional Audience claim to verify in the jwt.
	Audience string `json:"audience"`

	// Use \"token_bound_cidrs\" instead. If this and \"token_bound_cidrs\" are both specified, only \"token_bound_cidrs\" will be used.
	// Deprecated
	BoundCidrs []string `json:"bound_cidrs"`

	// List of service account names able to access this role. If set to \"*\" all names are allowed.
	BoundServiceAccountNames []string `json:"bound_service_account_names"`

	// List of namespaces allowed to access this role. If set to \"*\" all namespaces are allowed.
	BoundServiceAccountNamespaces []string `json:"bound_service_account_namespaces"`

	// Use \"token_max_ttl\" instead. If this and \"token_max_ttl\" are both specified, only \"token_max_ttl\" will be used.
	// Deprecated
	MaxTtl int32 `json:"max_ttl"`

	// Use \"token_num_uses\" instead. If this and \"token_num_uses\" are both specified, only \"token_num_uses\" will be used.
	// Deprecated
	NumUses int32 `json:"num_uses"`

	// Use \"token_period\" instead. If this and \"token_period\" are both specified, only \"token_period\" will be used.
	// Deprecated
	Period int32 `json:"period"`

	// Use \"token_policies\" instead. If this and \"token_policies\" are both specified, only \"token_policies\" will be used.
	// Deprecated
	Policies []string `json:"policies"`

	// Comma separated string or JSON list of CIDR blocks. If set, specifies the blocks of IP addresses which are allowed to use the generated token.
	TokenBoundCidrs []string `json:"token_bound_cidrs"`

	// If set, tokens created via this role carry an explicit maximum TTL. During renewal, the current maximum TTL values of the role and the mount are not checked for changes, and any updates to these values will have no effect on the token being renewed.
	TokenExplicitMaxTtl int32 `json:"token_explicit_max_ttl"`

	// The maximum lifetime of the generated token
	TokenMaxTtl int32 `json:"token_max_ttl"`

	// If true, the 'default' policy will not automatically be added to generated tokens
	TokenNoDefaultPolicy bool `json:"token_no_default_policy"`

	// The maximum number of times a token may be used, a value of zero means unlimited
	TokenNumUses int32 `json:"token_num_uses"`

	// If set, tokens created via this role will have no max lifetime; instead, their renewal period will be fixed to this value. This takes an integer number of seconds, or a string duration (e.g. \"24h\").
	TokenPeriod int32 `json:"token_period"`

	// Comma-separated list of policies
	TokenPolicies []string `json:"token_policies"`

	// The initial ttl of the token to generate
	TokenTtl int32 `json:"token_ttl"`

	// The type of token to generate, service or batch
	TokenType string `json:"token_type"`

	// Use \"token_ttl\" instead. If this and \"token_ttl\" are both specified, only \"token_ttl\" will be used.
	// Deprecated
	Ttl int32 `json:"ttl"`
}

KubernetesWriteAuthRoleRequest struct for KubernetesWriteAuthRoleRequest

func NewKubernetesWriteAuthRoleRequestWithDefaults ¶ 

func NewKubernetesWriteAuthRoleRequestWithDefaults() *KubernetesWriteAuthRoleRequest

NewKubernetesWriteAuthRoleRequestWithDefaults instantiates a new KubernetesWriteAuthRoleRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (KubernetesWriteAuthRoleRequest) MarshalJSON ¶ 

func (o KubernetesWriteAuthRoleRequest) MarshalJSON() ([]byte, error)

type KubernetesWriteConfigRequest ¶ 

type KubernetesWriteConfigRequest struct {
	// Disable defaulting to the local CA certificate and service account JWT when running in a Kubernetes pod.
	DisableLocalCaJwt bool `json:"disable_local_ca_jwt"`

	// PEM encoded CA certificate to use to verify the Kubernetes API server certificate. Defaults to the local pod's CA if found.
	KubernetesCaCert string `json:"kubernetes_ca_cert"`

	// Kubernetes API URL to connect to. Defaults to https://$KUBERNETES_SERVICE_HOST:KUBERNETES_SERVICE_PORT if those environment variables are set.
	KubernetesHost string `json:"kubernetes_host"`

	// The JSON web token of the service account used by the secret engine to manage Kubernetes credentials. Defaults to the local pod's JWT if found.
	ServiceAccountJwt string `json:"service_account_jwt"`
}

KubernetesWriteConfigRequest struct for KubernetesWriteConfigRequest

func NewKubernetesWriteConfigRequestWithDefaults ¶ 

func NewKubernetesWriteConfigRequestWithDefaults() *KubernetesWriteConfigRequest

NewKubernetesWriteConfigRequestWithDefaults instantiates a new KubernetesWriteConfigRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (KubernetesWriteConfigRequest) MarshalJSON ¶ 

func (o KubernetesWriteConfigRequest) MarshalJSON() ([]byte, error)

type KubernetesWriteCredentialsRequest ¶ 

type KubernetesWriteCredentialsRequest struct {
	// If true, generate a ClusterRoleBinding to grant permissions across the whole cluster instead of within a namespace. Requires the Vault role to have kubernetes_role_type set to ClusterRole.
	ClusterRoleBinding bool `json:"cluster_role_binding"`

	// The name of the Kubernetes namespace in which to generate the credentials
	KubernetesNamespace string `json:"kubernetes_namespace"`

	// The TTL of the generated credentials
	Ttl int32 `json:"ttl"`
}

KubernetesWriteCredentialsRequest struct for KubernetesWriteCredentialsRequest

func NewKubernetesWriteCredentialsRequestWithDefaults ¶ 

func NewKubernetesWriteCredentialsRequestWithDefaults() *KubernetesWriteCredentialsRequest

NewKubernetesWriteCredentialsRequestWithDefaults instantiates a new KubernetesWriteCredentialsRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (KubernetesWriteCredentialsRequest) MarshalJSON ¶ 

func (o KubernetesWriteCredentialsRequest) MarshalJSON() ([]byte, error)

type KubernetesWriteRoleRequest ¶ 

type KubernetesWriteRoleRequest struct {
	// A label selector for Kubernetes namespaces in which credentials can be generated. Accepts either a JSON or YAML object. If set with allowed_kubernetes_namespaces, the conditions are conjuncted.
	AllowedKubernetesNamespaceSelector string `json:"allowed_kubernetes_namespace_selector"`

	// A list of the Kubernetes namespaces in which credentials can be generated. If set to \"*\" all namespaces are allowed.
	AllowedKubernetesNamespaces []string `json:"allowed_kubernetes_namespaces"`

	// Additional annotations to apply to all generated Kubernetes objects.
	ExtraAnnotations map[string]interface{} `json:"extra_annotations"`

	// Additional labels to apply to all generated Kubernetes objects.
	ExtraLabels map[string]interface{} `json:"extra_labels"`

	// The Role or ClusterRole rules to use when generating a role. Accepts either a JSON or YAML object. If set, the entire chain of Kubernetes objects will be generated.
	GeneratedRoleRules string `json:"generated_role_rules"`

	// The pre-existing Role or ClusterRole to bind a generated service account to. If set, Kubernetes token, service account, and role binding objects will be created.
	KubernetesRoleName string `json:"kubernetes_role_name"`

	// Specifies whether the Kubernetes role is a Role or ClusterRole.
	KubernetesRoleType string `json:"kubernetes_role_type"`

	// The name template to use when generating service accounts, roles and role bindings. If unset, a default template is used.
	NameTemplate string `json:"name_template"`

	// The pre-existing service account to generate tokens for. Mutually exclusive with all role parameters. If set, only a Kubernetes service account token will be created.
	ServiceAccountName string `json:"service_account_name"`

	// The default ttl for generated Kubernetes service account tokens. If not set or set to 0, will use system default.
	TokenDefaultTtl int32 `json:"token_default_ttl"`

	// The maximum ttl for generated Kubernetes service account tokens. If not set or set to 0, will use system default.
	TokenMaxTtl int32 `json:"token_max_ttl"`
}

KubernetesWriteRoleRequest struct for KubernetesWriteRoleRequest

func NewKubernetesWriteRoleRequestWithDefaults ¶ 

func NewKubernetesWriteRoleRequestWithDefaults() *KubernetesWriteRoleRequest

NewKubernetesWriteRoleRequestWithDefaults instantiates a new KubernetesWriteRoleRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (KubernetesWriteRoleRequest) MarshalJSON ¶ 

func (o KubernetesWriteRoleRequest) MarshalJSON() ([]byte, error)

type LDAPCheckInLibraryRequest ¶ 

type LDAPCheckInLibraryRequest struct {
	// The username/logon name for the service accounts to check in.
	ServiceAccountNames []string `json:"service_account_names"`
}

LDAPCheckInLibraryRequest struct for LDAPCheckInLibraryRequest

func NewLDAPCheckInLibraryRequestWithDefaults ¶ 

func NewLDAPCheckInLibraryRequestWithDefaults() *LDAPCheckInLibraryRequest

NewLDAPCheckInLibraryRequestWithDefaults instantiates a new LDAPCheckInLibraryRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (LDAPCheckInLibraryRequest) MarshalJSON ¶ 

func (o LDAPCheckInLibraryRequest) MarshalJSON() ([]byte, error)

type LDAPCheckInManageLibraryRequest ¶ 

type LDAPCheckInManageLibraryRequest struct {
	// The username/logon name for the service accounts to check in.
	ServiceAccountNames []string `json:"service_account_names"`
}

LDAPCheckInManageLibraryRequest struct for LDAPCheckInManageLibraryRequest

func NewLDAPCheckInManageLibraryRequestWithDefaults ¶ 

func NewLDAPCheckInManageLibraryRequestWithDefaults() *LDAPCheckInManageLibraryRequest

NewLDAPCheckInManageLibraryRequestWithDefaults instantiates a new LDAPCheckInManageLibraryRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (LDAPCheckInManageLibraryRequest) MarshalJSON ¶ 

func (o LDAPCheckInManageLibraryRequest) MarshalJSON() ([]byte, error)

type LDAPCheckOutLibraryRequest ¶ 

type LDAPCheckOutLibraryRequest struct {
	// The length of time before the check-out will expire, in seconds.
	Ttl int32 `json:"ttl"`
}

LDAPCheckOutLibraryRequest struct for LDAPCheckOutLibraryRequest

func NewLDAPCheckOutLibraryRequestWithDefaults ¶ 

func NewLDAPCheckOutLibraryRequestWithDefaults() *LDAPCheckOutLibraryRequest

NewLDAPCheckOutLibraryRequestWithDefaults instantiates a new LDAPCheckOutLibraryRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (LDAPCheckOutLibraryRequest) MarshalJSON ¶ 

func (o LDAPCheckOutLibraryRequest) MarshalJSON() ([]byte, error)

type LDAPLoginRequest ¶ 

type LDAPLoginRequest struct {
	// Password for this user.
	Password string `json:"password"`
}

LDAPLoginRequest struct for LDAPLoginRequest

func NewLDAPLoginRequestWithDefaults ¶ 

func NewLDAPLoginRequestWithDefaults() *LDAPLoginRequest

NewLDAPLoginRequestWithDefaults instantiates a new LDAPLoginRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (LDAPLoginRequest) MarshalJSON ¶ 

func (o LDAPLoginRequest) MarshalJSON() ([]byte, error)

type LDAPWriteAuthConfigRequest ¶ 

type LDAPWriteAuthConfigRequest struct {
	// Use anonymous binds when performing LDAP group searches (if true the initial credentials will still be used for the initial connection test).
	AnonymousGroupSearch bool `json:"anonymous_group_search"`

	// LDAP DN for searching for the user DN (optional)
	Binddn string `json:"binddn"`

	// LDAP password for searching for the user DN (optional)
	Bindpass string `json:"bindpass"`

	// If true, case sensitivity will be used when comparing usernames and groups for matching policies.
	CaseSensitiveNames bool `json:"case_sensitive_names"`

	// CA certificate to use when verifying LDAP server certificate, must be x509 PEM encoded (optional)
	Certificate string `json:"certificate"`

	// Client certificate to provide to the LDAP server, must be x509 PEM encoded (optional)
	ClientTlsCert string `json:"client_tls_cert"`

	// Client certificate key to provide to the LDAP server, must be x509 PEM encoded (optional)
	ClientTlsKey string `json:"client_tls_key"`

	// Denies an unauthenticated LDAP bind request if the user's password is empty; defaults to true
	DenyNullBind bool `json:"deny_null_bind"`

	// Use anonymous bind to discover the bind DN of a user (optional)
	Discoverdn bool `json:"discoverdn"`

	// LDAP attribute to follow on objects returned by <groupfilter> in order to enumerate user group membership. Examples: \"cn\" or \"memberOf\", etc. Default: cn
	Groupattr string `json:"groupattr"`

	// LDAP search base to use for group membership search (eg: ou=Groups,dc=example,dc=org)
	Groupdn string `json:"groupdn"`

	// Go template for querying group membership of user (optional) The template can access the following context variables: UserDN, Username Example: (&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}})) Default: (|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}}))
	Groupfilter string `json:"groupfilter"`

	// Skip LDAP server SSL Certificate verification - VERY insecure (optional)
	InsecureTls bool `json:"insecure_tls"`

	// Timeout, in seconds, for the connection when making requests against the server before returning back an error.
	RequestTimeout int32 `json:"request_timeout"`

	// Issue a StartTLS command after establishing unencrypted connection (optional)
	Starttls bool `json:"starttls"`

	// Maximum TLS version to use. Accepted values are 'tls10', 'tls11', 'tls12' or 'tls13'. Defaults to 'tls12'
	TlsMaxVersion string `json:"tls_max_version"`

	// Minimum TLS version to use. Accepted values are 'tls10', 'tls11', 'tls12' or 'tls13'. Defaults to 'tls12'
	TlsMinVersion string `json:"tls_min_version"`

	// Comma separated string or JSON list of CIDR blocks. If set, specifies the blocks of IP addresses which are allowed to use the generated token.
	TokenBoundCidrs []string `json:"token_bound_cidrs"`

	// If set, tokens created via this role carry an explicit maximum TTL. During renewal, the current maximum TTL values of the role and the mount are not checked for changes, and any updates to these values will have no effect on the token being renewed.
	TokenExplicitMaxTtl int32 `json:"token_explicit_max_ttl"`

	// The maximum lifetime of the generated token
	TokenMaxTtl int32 `json:"token_max_ttl"`

	// If true, the 'default' policy will not automatically be added to generated tokens
	TokenNoDefaultPolicy bool `json:"token_no_default_policy"`

	// The maximum number of times a token may be used, a value of zero means unlimited
	TokenNumUses int32 `json:"token_num_uses"`

	// If set, tokens created via this role will have no max lifetime; instead, their renewal period will be fixed to this value. This takes an integer number of seconds, or a string duration (e.g. \"24h\").
	TokenPeriod int32 `json:"token_period"`

	// Comma-separated list of policies. This will apply to all tokens generated by this auth method, in addition to any configured for specific users/groups.
	TokenPolicies []string `json:"token_policies"`

	// The initial ttl of the token to generate
	TokenTtl int32 `json:"token_ttl"`

	// The type of token to generate, service or batch
	TokenType string `json:"token_type"`

	// Enables userPrincipalDomain login with [username]@UPNDomain (optional)
	Upndomain string `json:"upndomain"`

	// LDAP URL to connect to (default: ldap://127.0.0.1). Multiple URLs can be specified by concatenating them with commas; they will be tried in-order.
	Url string `json:"url"`

	// In Vault 1.1.1 a fix for handling group CN values of different cases unfortunately introduced a regression that could cause previously defined groups to not be found due to a change in the resulting name. If set true, the pre-1.1.1 behavior for matching group CNs will be used. This is only needed in some upgrade scenarios for backwards compatibility. It is enabled by default if the config is upgraded but disabled by default on new configurations.
	UsePre111GroupCnBehavior bool `json:"use_pre111_group_cn_behavior"`

	// If true, use the Active Directory tokenGroups constructed attribute of the user to find the group memberships. This will find all security groups including nested ones.
	UseTokenGroups bool `json:"use_token_groups"`

	// Attribute used for users (default: cn)
	Userattr string `json:"userattr"`

	// LDAP domain to use for users (eg: ou=People,dc=example,dc=org)
	Userdn string `json:"userdn"`

	// Go template for LDAP user search filer (optional) The template can access the following context variables: UserAttr, Username Default: ({{.UserAttr}}={{.Username}})
	Userfilter string `json:"userfilter"`

	// If true, sets the alias name to the username
	UsernameAsAlias bool `json:"username_as_alias"`
}

LDAPWriteAuthConfigRequest struct for LDAPWriteAuthConfigRequest

func NewLDAPWriteAuthConfigRequestWithDefaults ¶ 

func NewLDAPWriteAuthConfigRequestWithDefaults() *LDAPWriteAuthConfigRequest

NewLDAPWriteAuthConfigRequestWithDefaults instantiates a new LDAPWriteAuthConfigRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (LDAPWriteAuthConfigRequest) MarshalJSON ¶ 

func (o LDAPWriteAuthConfigRequest) MarshalJSON() ([]byte, error)

type LDAPWriteConfigRequest ¶ 

type LDAPWriteConfigRequest struct {
	// Use anonymous binds when performing LDAP group searches (if true the initial credentials will still be used for the initial connection test).
	AnonymousGroupSearch bool `json:"anonymous_group_search"`

	// LDAP DN for searching for the user DN (optional)
	Binddn string `json:"binddn"`

	// LDAP password for searching for the user DN (optional)
	Bindpass string `json:"bindpass"`

	// If true, case sensitivity will be used when comparing usernames and groups for matching policies.
	CaseSensitiveNames bool `json:"case_sensitive_names"`

	// CA certificate to use when verifying LDAP server certificate, must be x509 PEM encoded (optional)
	Certificate string `json:"certificate"`

	// Client certificate to provide to the LDAP server, must be x509 PEM encoded (optional)
	ClientTlsCert string `json:"client_tls_cert"`

	// Client certificate key to provide to the LDAP server, must be x509 PEM encoded (optional)
	ClientTlsKey string `json:"client_tls_key"`

	// Denies an unauthenticated LDAP bind request if the user's password is empty; defaults to true
	DenyNullBind bool `json:"deny_null_bind"`

	// Use anonymous bind to discover the bind DN of a user (optional)
	Discoverdn bool `json:"discoverdn"`

	// LDAP attribute to follow on objects returned by <groupfilter> in order to enumerate user group membership. Examples: \"cn\" or \"memberOf\", etc. Default: cn
	Groupattr string `json:"groupattr"`

	// LDAP search base to use for group membership search (eg: ou=Groups,dc=example,dc=org)
	Groupdn string `json:"groupdn"`

	// Go template for querying group membership of user (optional) The template can access the following context variables: UserDN, Username Example: (&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}})) Default: (|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}}))
	Groupfilter string `json:"groupfilter"`

	// Skip LDAP server SSL Certificate verification - VERY insecure (optional)
	InsecureTls bool `json:"insecure_tls"`

	// The desired length of passwords that Vault generates.
	// Deprecated
	Length int32 `json:"length"`

	// The maximum password time-to-live.
	MaxTtl int32 `json:"max_ttl"`

	// Password policy to use to generate passwords
	PasswordPolicy string `json:"password_policy"`

	// Timeout, in seconds, for the connection when making requests against the server before returning back an error.
	RequestTimeout int32 `json:"request_timeout"`

	// The desired LDAP schema used when modifying user account passwords.
	Schema string `json:"schema"`

	// Issue a StartTLS command after establishing unencrypted connection (optional)
	Starttls bool `json:"starttls"`

	// Maximum TLS version to use. Accepted values are 'tls10', 'tls11', 'tls12' or 'tls13'. Defaults to 'tls12'
	TlsMaxVersion string `json:"tls_max_version"`

	// Minimum TLS version to use. Accepted values are 'tls10', 'tls11', 'tls12' or 'tls13'. Defaults to 'tls12'
	TlsMinVersion string `json:"tls_min_version"`

	// The default password time-to-live.
	Ttl int32 `json:"ttl"`

	// Enables userPrincipalDomain login with [username]@UPNDomain (optional)
	Upndomain string `json:"upndomain"`

	// LDAP URL to connect to (default: ldap://127.0.0.1). Multiple URLs can be specified by concatenating them with commas; they will be tried in-order.
	Url string `json:"url"`

	// In Vault 1.1.1 a fix for handling group CN values of different cases unfortunately introduced a regression that could cause previously defined groups to not be found due to a change in the resulting name. If set true, the pre-1.1.1 behavior for matching group CNs will be used. This is only needed in some upgrade scenarios for backwards compatibility. It is enabled by default if the config is upgraded but disabled by default on new configurations.
	UsePre111GroupCnBehavior bool `json:"use_pre111_group_cn_behavior"`

	// If true, use the Active Directory tokenGroups constructed attribute of the user to find the group memberships. This will find all security groups including nested ones.
	UseTokenGroups bool `json:"use_token_groups"`

	// Attribute used for users (default: cn)
	Userattr string `json:"userattr"`

	// LDAP domain to use for users (eg: ou=People,dc=example,dc=org)
	Userdn string `json:"userdn"`

	// Go template for LDAP user search filer (optional) The template can access the following context variables: UserAttr, Username Default: ({{.UserAttr}}={{.Username}})
	Userfilter string `json:"userfilter"`

	// If true, sets the alias name to the username
	UsernameAsAlias bool `json:"username_as_alias"`
}

LDAPWriteConfigRequest struct for LDAPWriteConfigRequest

func NewLDAPWriteConfigRequestWithDefaults ¶ 

func NewLDAPWriteConfigRequestWithDefaults() *LDAPWriteConfigRequest

NewLDAPWriteConfigRequestWithDefaults instantiates a new LDAPWriteConfigRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (LDAPWriteConfigRequest) MarshalJSON ¶ 

func (o LDAPWriteConfigRequest) MarshalJSON() ([]byte, error)

type LDAPWriteGroupRequest ¶ 

type LDAPWriteGroupRequest struct {
	// Comma-separated list of policies associated to the group.
	Policies []string `json:"policies"`
}

LDAPWriteGroupRequest struct for LDAPWriteGroupRequest

func NewLDAPWriteGroupRequestWithDefaults ¶ 

func NewLDAPWriteGroupRequestWithDefaults() *LDAPWriteGroupRequest

NewLDAPWriteGroupRequestWithDefaults instantiates a new LDAPWriteGroupRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (LDAPWriteGroupRequest) MarshalJSON ¶ 

func (o LDAPWriteGroupRequest) MarshalJSON() ([]byte, error)

type LDAPWriteLibraryRequest ¶ 

type LDAPWriteLibraryRequest struct {
	// Disable the default behavior of requiring that check-ins are performed by the entity that checked them out.
	DisableCheckInEnforcement bool `json:"disable_check_in_enforcement"`

	// In seconds, the max amount of time a check-out's renewals should last. Defaults to 24 hours.
	MaxTtl int32 `json:"max_ttl"`

	// The username/logon name for the service accounts with which this set will be associated.
	ServiceAccountNames []string `json:"service_account_names"`

	// In seconds, the amount of time a check-out should last. Defaults to 24 hours.
	Ttl int32 `json:"ttl"`
}

LDAPWriteLibraryRequest struct for LDAPWriteLibraryRequest

func NewLDAPWriteLibraryRequestWithDefaults ¶ 

func NewLDAPWriteLibraryRequestWithDefaults() *LDAPWriteLibraryRequest

NewLDAPWriteLibraryRequestWithDefaults instantiates a new LDAPWriteLibraryRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (LDAPWriteLibraryRequest) MarshalJSON ¶ 

func (o LDAPWriteLibraryRequest) MarshalJSON() ([]byte, error)

type LDAPWriteRoleRequest ¶ 

type LDAPWriteRoleRequest struct {
	// LDIF string used to create new entities within the LDAP system. This LDIF can be templated.
	CreationLdif string `json:"creation_ldif"`

	// Default TTL for dynamic credentials
	DefaultTtl int32 `json:"default_ttl"`

	// LDIF string used to delete entities created within the LDAP system. This LDIF can be templated.
	DeletionLdif string `json:"deletion_ldif"`

	// Max TTL a dynamic credential can be extended to
	MaxTtl int32 `json:"max_ttl"`

	// LDIF string used to rollback changes in the event of a failure to create credentials. This LDIF can be templated.
	RollbackLdif string `json:"rollback_ldif"`

	// The template used to create a username
	UsernameTemplate string `json:"username_template"`
}

LDAPWriteRoleRequest struct for LDAPWriteRoleRequest

func NewLDAPWriteRoleRequestWithDefaults ¶ 

func NewLDAPWriteRoleRequestWithDefaults() *LDAPWriteRoleRequest

NewLDAPWriteRoleRequestWithDefaults instantiates a new LDAPWriteRoleRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (LDAPWriteRoleRequest) MarshalJSON ¶ 

func (o LDAPWriteRoleRequest) MarshalJSON() ([]byte, error)

type LDAPWriteStaticRoleRequest ¶ 

type LDAPWriteStaticRoleRequest struct {
	// The distinguished name of the entry to manage.
	Dn string `json:"dn"`

	// Period for automatic credential rotation of the given entry.
	RotationPeriod int32 `json:"rotation_period"`

	// The username/logon name for the entry with which this role will be associated.
	Username string `json:"username"`
}

LDAPWriteStaticRoleRequest struct for LDAPWriteStaticRoleRequest

func NewLDAPWriteStaticRoleRequestWithDefaults ¶ 

func NewLDAPWriteStaticRoleRequestWithDefaults() *LDAPWriteStaticRoleRequest

NewLDAPWriteStaticRoleRequestWithDefaults instantiates a new LDAPWriteStaticRoleRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (LDAPWriteStaticRoleRequest) MarshalJSON ¶ 

func (o LDAPWriteStaticRoleRequest) MarshalJSON() ([]byte, error)

type LDAPWriteUserRequest ¶ 

type LDAPWriteUserRequest struct {
	// Comma-separated list of additional groups associated with the user.
	Groups []string `json:"groups"`

	// Comma-separated list of policies associated with the user.
	Policies []string `json:"policies"`
}

LDAPWriteUserRequest struct for LDAPWriteUserRequest

func NewLDAPWriteUserRequestWithDefaults ¶ 

func NewLDAPWriteUserRequestWithDefaults() *LDAPWriteUserRequest

NewLDAPWriteUserRequestWithDefaults instantiates a new LDAPWriteUserRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (LDAPWriteUserRequest) MarshalJSON ¶ 

func (o LDAPWriteUserRequest) MarshalJSON() ([]byte, error)

type MFAMethodAdminDestroyTOTPRequest ¶ 

type MFAMethodAdminDestroyTOTPRequest struct {
	// Identifier of the entity from which the MFA method secret needs to be removed.
	EntityId string `json:"entity_id"`

	// The unique identifier for this MFA method.
	MethodId string `json:"method_id"`
}

MFAMethodAdminDestroyTOTPRequest struct for MFAMethodAdminDestroyTOTPRequest

func NewMFAMethodAdminDestroyTOTPRequestWithDefaults ¶ 

func NewMFAMethodAdminDestroyTOTPRequestWithDefaults() *MFAMethodAdminDestroyTOTPRequest

NewMFAMethodAdminDestroyTOTPRequestWithDefaults instantiates a new MFAMethodAdminDestroyTOTPRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (MFAMethodAdminDestroyTOTPRequest) MarshalJSON ¶ 

func (o MFAMethodAdminDestroyTOTPRequest) MarshalJSON() ([]byte, error)

type MFAMethodAdminGenerateTOTPRequest ¶ 

type MFAMethodAdminGenerateTOTPRequest struct {
	// Entity ID on which the generated secret needs to get stored.
	EntityId string `json:"entity_id"`

	// The unique identifier for this MFA method.
	MethodId string `json:"method_id"`
}

MFAMethodAdminGenerateTOTPRequest struct for MFAMethodAdminGenerateTOTPRequest

func NewMFAMethodAdminGenerateTOTPRequestWithDefaults ¶ 

func NewMFAMethodAdminGenerateTOTPRequestWithDefaults() *MFAMethodAdminGenerateTOTPRequest

NewMFAMethodAdminGenerateTOTPRequestWithDefaults instantiates a new MFAMethodAdminGenerateTOTPRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (MFAMethodAdminGenerateTOTPRequest) MarshalJSON ¶ 

func (o MFAMethodAdminGenerateTOTPRequest) MarshalJSON() ([]byte, error)

type MFAMethodGenerateTOTPRequest ¶ 

type MFAMethodGenerateTOTPRequest struct {
	// The unique identifier for this MFA method.
	MethodId string `json:"method_id"`
}

MFAMethodGenerateTOTPRequest struct for MFAMethodGenerateTOTPRequest

func NewMFAMethodGenerateTOTPRequestWithDefaults ¶ 

func NewMFAMethodGenerateTOTPRequestWithDefaults() *MFAMethodGenerateTOTPRequest

NewMFAMethodGenerateTOTPRequestWithDefaults instantiates a new MFAMethodGenerateTOTPRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (MFAMethodGenerateTOTPRequest) MarshalJSON ¶ 

func (o MFAMethodGenerateTOTPRequest) MarshalJSON() ([]byte, error)

type MFAMethodWriteDuoRequest ¶ 

type MFAMethodWriteDuoRequest struct {
	// API host name for Duo.
	ApiHostname string `json:"api_hostname"`

	// Integration key for Duo.
	IntegrationKey string `json:"integration_key"`

	// The unique identifier for this MFA method.
	MethodId string `json:"method_id"`

	// Push information for Duo.
	PushInfo string `json:"push_info"`

	// Secret key for Duo.
	SecretKey string `json:"secret_key"`

	// If true, the user is reminded to use the passcode upon MFA validation. This option does not enforce using the passcode. Defaults to false.
	UsePasscode bool `json:"use_passcode"`

	// A template string for mapping Identity names to MFA method names. Values to subtitute should be placed in {{}}. For example, \"{{alias.name}}@example.com\". Currently-supported mappings: alias.name: The name returned by the mount configured via the mount_accessor parameter If blank, the Alias's name field will be used as-is.
	UsernameFormat string `json:"username_format"`
}

MFAMethodWriteDuoRequest struct for MFAMethodWriteDuoRequest

func NewMFAMethodWriteDuoRequestWithDefaults ¶ 

func NewMFAMethodWriteDuoRequestWithDefaults() *MFAMethodWriteDuoRequest

NewMFAMethodWriteDuoRequestWithDefaults instantiates a new MFAMethodWriteDuoRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (MFAMethodWriteDuoRequest) MarshalJSON ¶ 

func (o MFAMethodWriteDuoRequest) MarshalJSON() ([]byte, error)

type MFAMethodWriteOktaRequest ¶ 

type MFAMethodWriteOktaRequest struct {
	// Okta API key.
	ApiToken string `json:"api_token"`

	// The base domain to use for the Okta API. When not specified in the configuration, \"okta.com\" is used.
	BaseUrl string `json:"base_url"`

	// The unique identifier for this MFA method.
	MethodId string `json:"method_id"`

	// Name of the organization to be used in the Okta API.
	OrgName string `json:"org_name"`

	// If true, the username will only match the primary email for the account. Defaults to false.
	PrimaryEmail bool `json:"primary_email"`

	// (DEPRECATED) Use base_url instead.
	Production bool `json:"production"`

	// A template string for mapping Identity names to MFA method names. Values to substitute should be placed in {{}}. For example, \"{{entity.name}}@example.com\". If blank, the Entity's name field will be used as-is.
	UsernameFormat string `json:"username_format"`
}

MFAMethodWriteOktaRequest struct for MFAMethodWriteOktaRequest

func NewMFAMethodWriteOktaRequestWithDefaults ¶ 

func NewMFAMethodWriteOktaRequestWithDefaults() *MFAMethodWriteOktaRequest

NewMFAMethodWriteOktaRequestWithDefaults instantiates a new MFAMethodWriteOktaRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (MFAMethodWriteOktaRequest) MarshalJSON ¶ 

func (o MFAMethodWriteOktaRequest) MarshalJSON() ([]byte, error)

type MFAMethodWritePingIDRequest ¶ 

type MFAMethodWritePingIDRequest struct {
	// The unique identifier for this MFA method.
	MethodId string `json:"method_id"`

	// The settings file provided by Ping, Base64-encoded. This must be a settings file suitable for third-party clients, not the PingID SDK or PingFederate.
	SettingsFileBase64 string `json:"settings_file_base64"`

	// A template string for mapping Identity names to MFA method names. Values to subtitute should be placed in {{}}. For example, \"{{alias.name}}@example.com\". Currently-supported mappings: alias.name: The name returned by the mount configured via the mount_accessor parameter If blank, the Alias's name field will be used as-is.
	UsernameFormat string `json:"username_format"`
}

MFAMethodWritePingIDRequest struct for MFAMethodWritePingIDRequest

func NewMFAMethodWritePingIDRequestWithDefaults ¶ 

func NewMFAMethodWritePingIDRequestWithDefaults() *MFAMethodWritePingIDRequest

NewMFAMethodWritePingIDRequestWithDefaults instantiates a new MFAMethodWritePingIDRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (MFAMethodWritePingIDRequest) MarshalJSON ¶ 

func (o MFAMethodWritePingIDRequest) MarshalJSON() ([]byte, error)

type MFAMethodWriteTOTPRequest ¶ 

type MFAMethodWriteTOTPRequest struct {
	// The hashing algorithm used to generate the TOTP token. Options include SHA1, SHA256 and SHA512.
	Algorithm string `json:"algorithm"`

	// The number of digits in the generated TOTP token. This value can either be 6 or 8.
	Digits int32 `json:"digits"`

	// The name of the key's issuing organization.
	Issuer string `json:"issuer"`

	// Determines the size in bytes of the generated key.
	KeySize int32 `json:"key_size"`

	// Max number of allowed validation attempts.
	MaxValidationAttempts int32 `json:"max_validation_attempts"`

	// The unique identifier for this MFA method.
	MethodId string `json:"method_id"`

	// The length of time used to generate a counter for the TOTP token calculation.
	Period int32 `json:"period"`

	// The pixel size of the generated square QR code.
	QrSize int32 `json:"qr_size"`

	// The number of delay periods that are allowed when validating a TOTP token. This value can either be 0 or 1.
	Skew int32 `json:"skew"`
}

MFAMethodWriteTOTPRequest struct for MFAMethodWriteTOTPRequest

func NewMFAMethodWriteTOTPRequestWithDefaults ¶ 

func NewMFAMethodWriteTOTPRequestWithDefaults() *MFAMethodWriteTOTPRequest

NewMFAMethodWriteTOTPRequestWithDefaults instantiates a new MFAMethodWriteTOTPRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (MFAMethodWriteTOTPRequest) MarshalJSON ¶ 

func (o MFAMethodWriteTOTPRequest) MarshalJSON() ([]byte, error)

type MFAValidateRequest ¶ 

type MFAValidateRequest struct {
	// A map from MFA method ID to a slice of passcodes or an empty slice if the method does not use passcodes
	MfaPayload map[string]interface{} `json:"mfa_payload"`

	// ID for this MFA request
	MfaRequestId string `json:"mfa_request_id"`
}

MFAValidateRequest struct for MFAValidateRequest

func NewMFAValidateRequestWithDefaults ¶ 

func NewMFAValidateRequestWithDefaults() *MFAValidateRequest

NewMFAValidateRequestWithDefaults instantiates a new MFAValidateRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (MFAValidateRequest) MarshalJSON ¶ 

func (o MFAValidateRequest) MarshalJSON() ([]byte, error)

type MFAWriteLoginEnforcementRequest ¶ 

type MFAWriteLoginEnforcementRequest struct {
	// Array of auth mount accessor IDs
	AuthMethodAccessors []string `json:"auth_method_accessors"`

	// Array of auth mount types
	AuthMethodTypes []string `json:"auth_method_types"`

	// Array of identity entity IDs
	IdentityEntityIds []string `json:"identity_entity_ids"`

	// Array of identity group IDs
	IdentityGroupIds []string `json:"identity_group_ids"`

	// Array of Method IDs that determine what methods will be enforced
	MfaMethodIds []string `json:"mfa_method_ids"`
}

MFAWriteLoginEnforcementRequest struct for MFAWriteLoginEnforcementRequest

func NewMFAWriteLoginEnforcementRequestWithDefaults ¶ 

func NewMFAWriteLoginEnforcementRequestWithDefaults() *MFAWriteLoginEnforcementRequest

NewMFAWriteLoginEnforcementRequestWithDefaults instantiates a new MFAWriteLoginEnforcementRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (MFAWriteLoginEnforcementRequest) MarshalJSON ¶ 

func (o MFAWriteLoginEnforcementRequest) MarshalJSON() ([]byte, error)

type MongoDBAtlasWriteConfigRequest ¶ 

type MongoDBAtlasWriteConfigRequest struct {
	// MongoDB Atlas Programmatic Private Key
	PrivateKey string `json:"private_key"`

	// MongoDB Atlas Programmatic Public Key
	PublicKey string `json:"public_key"`
}

MongoDBAtlasWriteConfigRequest struct for MongoDBAtlasWriteConfigRequest

func NewMongoDBAtlasWriteConfigRequestWithDefaults ¶ 

func NewMongoDBAtlasWriteConfigRequestWithDefaults() *MongoDBAtlasWriteConfigRequest

NewMongoDBAtlasWriteConfigRequestWithDefaults instantiates a new MongoDBAtlasWriteConfigRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (MongoDBAtlasWriteConfigRequest) MarshalJSON ¶ 

func (o MongoDBAtlasWriteConfigRequest) MarshalJSON() ([]byte, error)

type MongoDBAtlasWriteRoleRequest ¶ 

type MongoDBAtlasWriteRoleRequest struct {
	// Access list entry in CIDR notation to be added for the API key. Optional for organization and project keys.
	CidrBlocks []string `json:"cidr_blocks"`

	// IP address to be added to the access list for the API key. Optional for organization and project keys.
	IpAddresses []string `json:"ip_addresses"`

	// The maximum allowed lifetime of credentials issued using this role.
	MaxTtl int32 `json:"max_ttl"`

	// Organization ID required for an organization API key
	OrganizationId string `json:"organization_id"`

	// Project ID the project API key belongs to.
	ProjectId string `json:"project_id"`

	// Roles assigned when an organization API Key is assigned to a project API key
	ProjectRoles []string `json:"project_roles"`

	// List of roles that the API Key should be granted. A minimum of one role must be provided. Any roles provided must be valid for the assigned Project, required for organization and project keys.
	Roles []string `json:"roles"`

	// Duration in seconds after which the issued credential should expire. Defaults to 0, in which case the value will fallback to the system/mount defaults.
	Ttl int32 `json:"ttl"`
}

MongoDBAtlasWriteRoleRequest struct for MongoDBAtlasWriteRoleRequest

func NewMongoDBAtlasWriteRoleRequestWithDefaults ¶ 

func NewMongoDBAtlasWriteRoleRequestWithDefaults() *MongoDBAtlasWriteRoleRequest

NewMongoDBAtlasWriteRoleRequestWithDefaults instantiates a new MongoDBAtlasWriteRoleRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (MongoDBAtlasWriteRoleRequest) MarshalJSON ¶ 

func (o MongoDBAtlasWriteRoleRequest) MarshalJSON() ([]byte, error)

type NomadWriteAccessConfigRequest ¶ 

type NomadWriteAccessConfigRequest struct {
	// Nomad server address
	Address string `json:"address"`

	// CA certificate to use when verifying Nomad server certificate, must be x509 PEM encoded.
	CaCert string `json:"ca_cert"`

	// Client certificate used for Nomad's TLS communication, must be x509 PEM encoded and if this is set you need to also set client_key.
	ClientCert string `json:"client_cert"`

	// Client key used for Nomad's TLS communication, must be x509 PEM encoded and if this is set you need to also set client_cert.
	ClientKey string `json:"client_key"`

	// Max length for name of generated Nomad tokens
	MaxTokenNameLength int32 `json:"max_token_name_length"`

	// Token for API calls
	Token string `json:"token"`
}

NomadWriteAccessConfigRequest struct for NomadWriteAccessConfigRequest

func NewNomadWriteAccessConfigRequestWithDefaults ¶ 

func NewNomadWriteAccessConfigRequestWithDefaults() *NomadWriteAccessConfigRequest

NewNomadWriteAccessConfigRequestWithDefaults instantiates a new NomadWriteAccessConfigRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (NomadWriteAccessConfigRequest) MarshalJSON ¶ 

func (o NomadWriteAccessConfigRequest) MarshalJSON() ([]byte, error)

type NomadWriteLeaseConfigRequest ¶ 

type NomadWriteLeaseConfigRequest struct {
	// Duration after which the issued token should not be allowed to be renewed
	MaxTtl int32 `json:"max_ttl"`

	// Duration before which the issued token needs renewal
	Ttl int32 `json:"ttl"`
}

NomadWriteLeaseConfigRequest struct for NomadWriteLeaseConfigRequest

func NewNomadWriteLeaseConfigRequestWithDefaults ¶ 

func NewNomadWriteLeaseConfigRequestWithDefaults() *NomadWriteLeaseConfigRequest

NewNomadWriteLeaseConfigRequestWithDefaults instantiates a new NomadWriteLeaseConfigRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (NomadWriteLeaseConfigRequest) MarshalJSON ¶ 

func (o NomadWriteLeaseConfigRequest) MarshalJSON() ([]byte, error)

type NomadWriteRoleRequest ¶ 

type NomadWriteRoleRequest struct {
	// Boolean value describing if the token should be global or not. Defaults to false.
	Global bool `json:"global"`

	// Comma-separated string or list of policies as previously created in Nomad. Required for 'client' token.
	Policies []string `json:"policies"`

	// Which type of token to create: 'client' or 'management'. If a 'management' token, the \"policies\" parameter is not required. Defaults to 'client'.
	Type string `json:"type"`
}

NomadWriteRoleRequest struct for NomadWriteRoleRequest

func NewNomadWriteRoleRequestWithDefaults ¶ 

func NewNomadWriteRoleRequestWithDefaults() *NomadWriteRoleRequest

NewNomadWriteRoleRequestWithDefaults instantiates a new NomadWriteRoleRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (NomadWriteRoleRequest) MarshalJSON ¶ 

func (o NomadWriteRoleRequest) MarshalJSON() ([]byte, error)

type OCILoginWithRoleRequest ¶ 

type OCILoginWithRoleRequest struct {
	// The signed headers of the client
	RequestHeaders string `json:"request_headers"`
}

OCILoginWithRoleRequest struct for OCILoginWithRoleRequest

func NewOCILoginWithRoleRequestWithDefaults ¶ 

func NewOCILoginWithRoleRequestWithDefaults() *OCILoginWithRoleRequest

NewOCILoginWithRoleRequestWithDefaults instantiates a new OCILoginWithRoleRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (OCILoginWithRoleRequest) MarshalJSON ¶ 

func (o OCILoginWithRoleRequest) MarshalJSON() ([]byte, error)

type OCIWriteConfigRequest ¶ 

type OCIWriteConfigRequest struct {
	// The tenancy id of the account.
	HomeTenancyId string `json:"home_tenancy_id"`
}

OCIWriteConfigRequest struct for OCIWriteConfigRequest

func NewOCIWriteConfigRequestWithDefaults ¶ 

func NewOCIWriteConfigRequestWithDefaults() *OCIWriteConfigRequest

NewOCIWriteConfigRequestWithDefaults instantiates a new OCIWriteConfigRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (OCIWriteConfigRequest) MarshalJSON ¶ 

func (o OCIWriteConfigRequest) MarshalJSON() ([]byte, error)

type OCIWriteRoleRequest ¶ 

type OCIWriteRoleRequest struct {
	// A comma separated list of Group or Dynamic Group OCIDs that are allowed to take this role.
	OcidList []string `json:"ocid_list"`

	// Comma separated string or JSON list of CIDR blocks. If set, specifies the blocks of IP addresses which are allowed to use the generated token.
	TokenBoundCidrs []string `json:"token_bound_cidrs"`

	// If set, tokens created via this role carry an explicit maximum TTL. During renewal, the current maximum TTL values of the role and the mount are not checked for changes, and any updates to these values will have no effect on the token being renewed.
	TokenExplicitMaxTtl int32 `json:"token_explicit_max_ttl"`

	// The maximum lifetime of the generated token
	TokenMaxTtl int32 `json:"token_max_ttl"`

	// If true, the 'default' policy will not automatically be added to generated tokens
	TokenNoDefaultPolicy bool `json:"token_no_default_policy"`

	// The maximum number of times a token may be used, a value of zero means unlimited
	TokenNumUses int32 `json:"token_num_uses"`

	// If set, tokens created via this role will have no max lifetime; instead, their renewal period will be fixed to this value. This takes an integer number of seconds, or a string duration (e.g. \"24h\").
	TokenPeriod int32 `json:"token_period"`

	// Comma-separated list of policies
	TokenPolicies []string `json:"token_policies"`

	// The initial ttl of the token to generate
	TokenTtl int32 `json:"token_ttl"`

	// The type of token to generate, service or batch
	TokenType string `json:"token_type"`
}

OCIWriteRoleRequest struct for OCIWriteRoleRequest

func NewOCIWriteRoleRequestWithDefaults ¶ 

func NewOCIWriteRoleRequestWithDefaults() *OCIWriteRoleRequest

NewOCIWriteRoleRequestWithDefaults instantiates a new OCIWriteRoleRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (OCIWriteRoleRequest) MarshalJSON ¶ 

func (o OCIWriteRoleRequest) MarshalJSON() ([]byte, error)

type OIDCIntrospectRequest ¶ 

type OIDCIntrospectRequest struct {
	// Optional client_id to verify
	ClientId string `json:"client_id"`

	// Token to verify
	Token string `json:"token"`
}

OIDCIntrospectRequest struct for OIDCIntrospectRequest

func NewOIDCIntrospectRequestWithDefaults ¶ 

func NewOIDCIntrospectRequestWithDefaults() *OIDCIntrospectRequest

NewOIDCIntrospectRequestWithDefaults instantiates a new OIDCIntrospectRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (OIDCIntrospectRequest) MarshalJSON ¶ 

func (o OIDCIntrospectRequest) MarshalJSON() ([]byte, error)

type OIDCLoginRequest ¶ 

type OIDCLoginRequest struct {
	// The signed JWT to validate.
	Jwt string `json:"jwt"`

	// The role to log in against.
	Role string `json:"role"`
}

OIDCLoginRequest struct for OIDCLoginRequest

func NewOIDCLoginRequestWithDefaults ¶ 

func NewOIDCLoginRequestWithDefaults() *OIDCLoginRequest

NewOIDCLoginRequestWithDefaults instantiates a new OIDCLoginRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (OIDCLoginRequest) MarshalJSON ¶ 

func (o OIDCLoginRequest) MarshalJSON() ([]byte, error)

type OIDCRotateKeyRequest ¶ 

type OIDCRotateKeyRequest struct {
	// Controls how long the public portion of a key will be available for verification after being rotated. Setting verification_ttl here will override the verification_ttl set on the key.
	VerificationTtl int32 `json:"verification_ttl"`
}

OIDCRotateKeyRequest struct for OIDCRotateKeyRequest

func NewOIDCRotateKeyRequestWithDefaults ¶ 

func NewOIDCRotateKeyRequestWithDefaults() *OIDCRotateKeyRequest

NewOIDCRotateKeyRequestWithDefaults instantiates a new OIDCRotateKeyRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (OIDCRotateKeyRequest) MarshalJSON ¶ 

func (o OIDCRotateKeyRequest) MarshalJSON() ([]byte, error)

type OIDCWriteAssignmentRequest ¶ 

type OIDCWriteAssignmentRequest struct {
	// Comma separated string or array of identity entity IDs
	EntityIds []string `json:"entity_ids"`

	// Comma separated string or array of identity group IDs
	GroupIds []string `json:"group_ids"`
}

OIDCWriteAssignmentRequest struct for OIDCWriteAssignmentRequest

func NewOIDCWriteAssignmentRequestWithDefaults ¶ 

func NewOIDCWriteAssignmentRequestWithDefaults() *OIDCWriteAssignmentRequest

NewOIDCWriteAssignmentRequestWithDefaults instantiates a new OIDCWriteAssignmentRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (OIDCWriteAssignmentRequest) MarshalJSON ¶ 

func (o OIDCWriteAssignmentRequest) MarshalJSON() ([]byte, error)

type OIDCWriteAuthConfigRequest ¶ 

type OIDCWriteAuthConfigRequest struct {
	// The value against which to match the 'iss' claim in a JWT. Optional.
	BoundIssuer string `json:"bound_issuer"`

	// The default role to use if none is provided during login. If not set, a role is required during login.
	DefaultRole string `json:"default_role"`

	// The CA certificate or chain of certificates, in PEM format, to use to validate connections to the JWKS URL. If not set, system certificates are used.
	JwksCaPem string `json:"jwks_ca_pem"`

	// JWKS URL to use to authenticate signatures. Cannot be used with \"oidc_discovery_url\" or \"jwt_validation_pubkeys\".
	JwksUrl string `json:"jwks_url"`

	// A list of supported signing algorithms. Defaults to RS256.
	JwtSupportedAlgs []string `json:"jwt_supported_algs"`

	// A list of PEM-encoded public keys to use to authenticate signatures locally. Cannot be used with \"jwks_url\" or \"oidc_discovery_url\".
	JwtValidationPubkeys []string `json:"jwt_validation_pubkeys"`

	// Pass namespace in the OIDC state parameter instead of as a separate query parameter. With this setting, the allowed redirect URL(s) in Vault and on the provider side should not contain a namespace query parameter. This means only one redirect URL entry needs to be maintained on the provider side for all vault namespaces that will be authenticating against it. Defaults to true for new configs.
	NamespaceInState bool `json:"namespace_in_state"`

	// The OAuth Client ID configured with your OIDC provider.
	OidcClientId string `json:"oidc_client_id"`

	// The OAuth Client Secret configured with your OIDC provider.
	OidcClientSecret string `json:"oidc_client_secret"`

	// The CA certificate or chain of certificates, in PEM format, to use to validate connections to the OIDC Discovery URL. If not set, system certificates are used.
	OidcDiscoveryCaPem string `json:"oidc_discovery_ca_pem"`

	// OIDC Discovery URL, without any .well-known component (base path). Cannot be used with \"jwks_url\" or \"jwt_validation_pubkeys\".
	OidcDiscoveryUrl string `json:"oidc_discovery_url"`

	// The response mode to be used in the OAuth2 request. Allowed values are 'query' and 'form_post'.
	OidcResponseMode string `json:"oidc_response_mode"`

	// The response types to request. Allowed values are 'code' and 'id_token'. Defaults to 'code'.
	OidcResponseTypes []string `json:"oidc_response_types"`

	// Provider-specific configuration. Optional.
	ProviderConfig map[string]interface{} `json:"provider_config"`
}

OIDCWriteAuthConfigRequest struct for OIDCWriteAuthConfigRequest

func NewOIDCWriteAuthConfigRequestWithDefaults ¶ 

func NewOIDCWriteAuthConfigRequestWithDefaults() *OIDCWriteAuthConfigRequest

NewOIDCWriteAuthConfigRequestWithDefaults instantiates a new OIDCWriteAuthConfigRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (OIDCWriteAuthConfigRequest) MarshalJSON ¶ 

func (o OIDCWriteAuthConfigRequest) MarshalJSON() ([]byte, error)

type OIDCWriteAuthRoleRequest ¶ 

type OIDCWriteAuthRoleRequest struct {
	// Comma-separated list of allowed values for redirect_uri
	AllowedRedirectUris []string `json:"allowed_redirect_uris"`

	// Comma-separated list of 'aud' claims that are valid for login; any match is sufficient
	BoundAudiences []string `json:"bound_audiences"`

	// Use \"token_bound_cidrs\" instead. If this and \"token_bound_cidrs\" are both specified, only \"token_bound_cidrs\" will be used.
	// Deprecated
	BoundCidrs []string `json:"bound_cidrs"`

	// Map of claims/values which must match for login
	BoundClaims map[string]interface{} `json:"bound_claims"`

	// How to interpret values in the map of claims/values (which must match for login): allowed values are 'string' or 'glob'
	BoundClaimsType string `json:"bound_claims_type"`

	// The 'sub' claim that is valid for login. Optional.
	BoundSubject string `json:"bound_subject"`

	// Mappings of claims (key) that will be copied to a metadata field (value)
	ClaimMappings map[string]interface{} `json:"claim_mappings"`

	// Duration in seconds of leeway when validating all claims to account for clock skew. Defaults to 60 (1 minute) if set to 0 and can be disabled if set to -1.
	ClockSkewLeeway int32 `json:"clock_skew_leeway"`

	// Duration in seconds of leeway when validating expiration of a token to account for clock skew. Defaults to 150 (2.5 minutes) if set to 0 and can be disabled if set to -1.
	ExpirationLeeway int32 `json:"expiration_leeway"`

	// The claim to use for the Identity group alias names
	GroupsClaim string `json:"groups_claim"`

	// Specifies the allowable elapsed time in seconds since the last time the user was actively authenticated.
	MaxAge int32 `json:"max_age"`

	// Use \"token_max_ttl\" instead. If this and \"token_max_ttl\" are both specified, only \"token_max_ttl\" will be used.
	// Deprecated
	MaxTtl int32 `json:"max_ttl"`

	// Duration in seconds of leeway when validating not before values of a token to account for clock skew. Defaults to 150 (2.5 minutes) if set to 0 and can be disabled if set to -1.
	NotBeforeLeeway int32 `json:"not_before_leeway"`

	// Use \"token_num_uses\" instead. If this and \"token_num_uses\" are both specified, only \"token_num_uses\" will be used.
	// Deprecated
	NumUses int32 `json:"num_uses"`

	// Comma-separated list of OIDC scopes
	OidcScopes []string `json:"oidc_scopes"`

	// Use \"token_period\" instead. If this and \"token_period\" are both specified, only \"token_period\" will be used.
	// Deprecated
	Period int32 `json:"period"`

	// Use \"token_policies\" instead. If this and \"token_policies\" are both specified, only \"token_policies\" will be used.
	// Deprecated
	Policies []string `json:"policies"`

	// Type of the role, either 'jwt' or 'oidc'.
	RoleType string `json:"role_type"`

	// Comma separated string or JSON list of CIDR blocks. If set, specifies the blocks of IP addresses which are allowed to use the generated token.
	TokenBoundCidrs []string `json:"token_bound_cidrs"`

	// If set, tokens created via this role carry an explicit maximum TTL. During renewal, the current maximum TTL values of the role and the mount are not checked for changes, and any updates to these values will have no effect on the token being renewed.
	TokenExplicitMaxTtl int32 `json:"token_explicit_max_ttl"`

	// The maximum lifetime of the generated token
	TokenMaxTtl int32 `json:"token_max_ttl"`

	// If true, the 'default' policy will not automatically be added to generated tokens
	TokenNoDefaultPolicy bool `json:"token_no_default_policy"`

	// The maximum number of times a token may be used, a value of zero means unlimited
	TokenNumUses int32 `json:"token_num_uses"`

	// If set, tokens created via this role will have no max lifetime; instead, their renewal period will be fixed to this value. This takes an integer number of seconds, or a string duration (e.g. \"24h\").
	TokenPeriod int32 `json:"token_period"`

	// Comma-separated list of policies
	TokenPolicies []string `json:"token_policies"`

	// The initial ttl of the token to generate
	TokenTtl int32 `json:"token_ttl"`

	// The type of token to generate, service or batch
	TokenType string `json:"token_type"`

	// Use \"token_ttl\" instead. If this and \"token_ttl\" are both specified, only \"token_ttl\" will be used.
	// Deprecated
	Ttl int32 `json:"ttl"`

	// The claim to use for the Identity entity alias name
	UserClaim string `json:"user_claim"`

	// If true, the user_claim value will use JSON pointer syntax for referencing claims.
	UserClaimJsonPointer bool `json:"user_claim_json_pointer"`

	// Log received OIDC tokens and claims when debug-level logging is active. Not recommended in production since sensitive information may be present in OIDC responses.
	VerboseOidcLogging bool `json:"verbose_oidc_logging"`
}

OIDCWriteAuthRoleRequest struct for OIDCWriteAuthRoleRequest

func NewOIDCWriteAuthRoleRequestWithDefaults ¶ 

func NewOIDCWriteAuthRoleRequestWithDefaults() *OIDCWriteAuthRoleRequest

NewOIDCWriteAuthRoleRequestWithDefaults instantiates a new OIDCWriteAuthRoleRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (OIDCWriteAuthRoleRequest) MarshalJSON ¶ 

func (o OIDCWriteAuthRoleRequest) MarshalJSON() ([]byte, error)

type OIDCWriteAuthURLRequest ¶ 

type OIDCWriteAuthURLRequest struct {
	// Optional client-provided nonce that must match during callback, if present.
	ClientNonce string `json:"client_nonce"`

	// The OAuth redirect_uri to use in the authorization URL.
	RedirectUri string `json:"redirect_uri"`

	// The role to issue an OIDC authorization URL against.
	Role string `json:"role"`
}

OIDCWriteAuthURLRequest struct for OIDCWriteAuthURLRequest

func NewOIDCWriteAuthURLRequestWithDefaults ¶ 

func NewOIDCWriteAuthURLRequestWithDefaults() *OIDCWriteAuthURLRequest

NewOIDCWriteAuthURLRequestWithDefaults instantiates a new OIDCWriteAuthURLRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (OIDCWriteAuthURLRequest) MarshalJSON ¶ 

func (o OIDCWriteAuthURLRequest) MarshalJSON() ([]byte, error)

type OIDCWriteCallbackRequest ¶ 

type OIDCWriteCallbackRequest struct {
	ClientNonce string `json:"client_nonce"`

	Code string `json:"code"`

	IdToken string `json:"id_token"`

	State string `json:"state"`
}

OIDCWriteCallbackRequest struct for OIDCWriteCallbackRequest

func NewOIDCWriteCallbackRequestWithDefaults ¶ 

func NewOIDCWriteCallbackRequestWithDefaults() *OIDCWriteCallbackRequest

NewOIDCWriteCallbackRequestWithDefaults instantiates a new OIDCWriteCallbackRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (OIDCWriteCallbackRequest) MarshalJSON ¶ 

func (o OIDCWriteCallbackRequest) MarshalJSON() ([]byte, error)

type OIDCWriteClientRequest ¶ 

type OIDCWriteClientRequest struct {
	// The time-to-live for access tokens obtained by the client.
	AccessTokenTtl int32 `json:"access_token_ttl"`

	// Comma separated string or array of assignment resources.
	Assignments []string `json:"assignments"`

	// The client type based on its ability to maintain confidentiality of credentials. The following client types are supported: 'confidential', 'public'. Defaults to 'confidential'.
	ClientType string `json:"client_type"`

	// The time-to-live for ID tokens obtained by the client.
	IdTokenTtl int32 `json:"id_token_ttl"`

	// A reference to a named key resource. Cannot be modified after creation. Defaults to the 'default' key.
	Key string `json:"key"`

	// Comma separated string or array of redirect URIs used by the client. One of these values must exactly match the redirect_uri parameter value used in each authentication request.
	RedirectUris []string `json:"redirect_uris"`
}

OIDCWriteClientRequest struct for OIDCWriteClientRequest

func NewOIDCWriteClientRequestWithDefaults ¶ 

func NewOIDCWriteClientRequestWithDefaults() *OIDCWriteClientRequest

NewOIDCWriteClientRequestWithDefaults instantiates a new OIDCWriteClientRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (OIDCWriteClientRequest) MarshalJSON ¶ 

func (o OIDCWriteClientRequest) MarshalJSON() ([]byte, error)

type OIDCWriteConfigRequest ¶ 

type OIDCWriteConfigRequest struct {
	// Issuer URL to be used in the iss claim of the token. If not set, Vault's app_addr will be used.
	Issuer string `json:"issuer"`
}

OIDCWriteConfigRequest struct for OIDCWriteConfigRequest

func NewOIDCWriteConfigRequestWithDefaults ¶ 

func NewOIDCWriteConfigRequestWithDefaults() *OIDCWriteConfigRequest

NewOIDCWriteConfigRequestWithDefaults instantiates a new OIDCWriteConfigRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (OIDCWriteConfigRequest) MarshalJSON ¶ 

func (o OIDCWriteConfigRequest) MarshalJSON() ([]byte, error)

type OIDCWriteKeyRequest ¶ 

type OIDCWriteKeyRequest struct {
	// Signing algorithm to use. This will default to RS256.
	Algorithm string `json:"algorithm"`

	// Comma separated string or array of role client ids allowed to use this key for signing. If empty no roles are allowed. If \"*\" all roles are allowed.
	AllowedClientIds []string `json:"allowed_client_ids"`

	// How often to generate a new keypair.
	RotationPeriod int32 `json:"rotation_period"`

	// Controls how long the public portion of a key will be available for verification after being rotated.
	VerificationTtl int32 `json:"verification_ttl"`
}

OIDCWriteKeyRequest struct for OIDCWriteKeyRequest

func NewOIDCWriteKeyRequestWithDefaults ¶ 

func NewOIDCWriteKeyRequestWithDefaults() *OIDCWriteKeyRequest

NewOIDCWriteKeyRequestWithDefaults instantiates a new OIDCWriteKeyRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (OIDCWriteKeyRequest) MarshalJSON ¶ 

func (o OIDCWriteKeyRequest) MarshalJSON() ([]byte, error)

type OIDCWriteProviderAuthorizeRequest ¶ 

type OIDCWriteProviderAuthorizeRequest struct {
	// The ID of the requesting client.
	ClientId string `json:"client_id"`

	// The code challenge derived from the code verifier.
	CodeChallenge string `json:"code_challenge"`

	// The method that was used to derive the code challenge. The following methods are supported: 'S256', 'plain'. Defaults to 'plain'.
	CodeChallengeMethod string `json:"code_challenge_method"`

	// The allowable elapsed time in seconds since the last time the end-user was actively authenticated.
	MaxAge int32 `json:"max_age"`

	// The value that will be returned in the ID token nonce claim after a token exchange.
	Nonce string `json:"nonce"`

	// The redirection URI to which the response will be sent.
	RedirectUri string `json:"redirect_uri"`

	// The OIDC authentication flow to be used. The following response types are supported: 'code'
	ResponseType string `json:"response_type"`

	// A space-delimited, case-sensitive list of scopes to be requested. The 'openid' scope is required.
	Scope string `json:"scope"`

	// The value used to maintain state between the authentication request and client.
	State string `json:"state"`
}

OIDCWriteProviderAuthorizeRequest struct for OIDCWriteProviderAuthorizeRequest

func NewOIDCWriteProviderAuthorizeRequestWithDefaults ¶ 

func NewOIDCWriteProviderAuthorizeRequestWithDefaults() *OIDCWriteProviderAuthorizeRequest

NewOIDCWriteProviderAuthorizeRequestWithDefaults instantiates a new OIDCWriteProviderAuthorizeRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (OIDCWriteProviderAuthorizeRequest) MarshalJSON ¶ 

func (o OIDCWriteProviderAuthorizeRequest) MarshalJSON() ([]byte, error)

type OIDCWriteProviderRequest ¶ 

type OIDCWriteProviderRequest struct {
	// The client IDs that are permitted to use the provider
	AllowedClientIds []string `json:"allowed_client_ids"`

	// Specifies what will be used for the iss claim of ID tokens.
	Issuer string `json:"issuer"`

	// The scopes supported for requesting on the provider
	ScopesSupported []string `json:"scopes_supported"`
}

OIDCWriteProviderRequest struct for OIDCWriteProviderRequest

func NewOIDCWriteProviderRequestWithDefaults ¶ 

func NewOIDCWriteProviderRequestWithDefaults() *OIDCWriteProviderRequest

NewOIDCWriteProviderRequestWithDefaults instantiates a new OIDCWriteProviderRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (OIDCWriteProviderRequest) MarshalJSON ¶ 

func (o OIDCWriteProviderRequest) MarshalJSON() ([]byte, error)

type OIDCWriteProviderTokenRequest ¶ 

type OIDCWriteProviderTokenRequest struct {
	// The ID of the requesting client.
	ClientId string `json:"client_id"`

	// The secret of the requesting client.
	ClientSecret string `json:"client_secret"`

	// The authorization code received from the provider's authorization endpoint.
	Code string `json:"code"`

	// The code verifier associated with the authorization code.
	CodeVerifier string `json:"code_verifier"`

	// The authorization grant type. The following grant types are supported: 'authorization_code'.
	GrantType string `json:"grant_type"`

	// The callback location where the authentication response was sent.
	RedirectUri string `json:"redirect_uri"`
}

OIDCWriteProviderTokenRequest struct for OIDCWriteProviderTokenRequest

func NewOIDCWriteProviderTokenRequestWithDefaults ¶ 

func NewOIDCWriteProviderTokenRequestWithDefaults() *OIDCWriteProviderTokenRequest

NewOIDCWriteProviderTokenRequestWithDefaults instantiates a new OIDCWriteProviderTokenRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (OIDCWriteProviderTokenRequest) MarshalJSON ¶ 

func (o OIDCWriteProviderTokenRequest) MarshalJSON() ([]byte, error)

type OIDCWriteRoleRequest ¶ 

type OIDCWriteRoleRequest struct {
	// Optional client_id
	ClientId string `json:"client_id"`

	// The OIDC key to use for generating tokens. The specified key must already exist.
	Key string `json:"key"`

	// The template string to use for generating tokens. This may be in string-ified JSON or base64 format.
	Template string `json:"template"`

	// TTL of the tokens generated against the role.
	Ttl int32 `json:"ttl"`
}

OIDCWriteRoleRequest struct for OIDCWriteRoleRequest

func NewOIDCWriteRoleRequestWithDefaults ¶ 

func NewOIDCWriteRoleRequestWithDefaults() *OIDCWriteRoleRequest

NewOIDCWriteRoleRequestWithDefaults instantiates a new OIDCWriteRoleRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (OIDCWriteRoleRequest) MarshalJSON ¶ 

func (o OIDCWriteRoleRequest) MarshalJSON() ([]byte, error)

type OIDCWriteScopeRequest ¶ 

type OIDCWriteScopeRequest struct {
	// The description of the scope
	Description string `json:"description"`

	// The template string to use for the scope. This may be in string-ified JSON or base64 format.
	Template string `json:"template"`
}

OIDCWriteScopeRequest struct for OIDCWriteScopeRequest

func NewOIDCWriteScopeRequestWithDefaults ¶ 

func NewOIDCWriteScopeRequestWithDefaults() *OIDCWriteScopeRequest

NewOIDCWriteScopeRequestWithDefaults instantiates a new OIDCWriteScopeRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (OIDCWriteScopeRequest) MarshalJSON ¶ 

func (o OIDCWriteScopeRequest) MarshalJSON() ([]byte, error)

type OktaLoginRequest ¶ 

type OktaLoginRequest struct {
	// Nonce provided if performing login that requires number verification challenge. Logins through the vault login CLI command will automatically generate a nonce.
	Nonce string `json:"nonce"`

	// Password for this user.
	Password string `json:"password"`

	// Preferred factor provider.
	Provider string `json:"provider"`

	// TOTP passcode.
	Totp string `json:"totp"`
}

OktaLoginRequest struct for OktaLoginRequest

func NewOktaLoginRequestWithDefaults ¶ 

func NewOktaLoginRequestWithDefaults() *OktaLoginRequest

NewOktaLoginRequestWithDefaults instantiates a new OktaLoginRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (OktaLoginRequest) MarshalJSON ¶ 

func (o OktaLoginRequest) MarshalJSON() ([]byte, error)

type OktaWriteConfigRequest ¶ 

type OktaWriteConfigRequest struct {
	// Okta API key.
	ApiToken string `json:"api_token"`

	// The base domain to use for the Okta API. When not specified in the configuration, \"okta.com\" is used.
	BaseUrl string `json:"base_url"`

	// When set true, requests by Okta for a MFA check will be bypassed. This also disallows certain status checks on the account, such as whether the password is expired.
	BypassOktaMfa bool `json:"bypass_okta_mfa"`

	// Use \"token_max_ttl\" instead. If this and \"token_max_ttl\" are both specified, only \"token_max_ttl\" will be used.
	// Deprecated
	MaxTtl int32 `json:"max_ttl"`

	// Name of the organization to be used in the Okta API.
	OrgName string `json:"org_name"`

	// Use org_name instead.
	// Deprecated
	Organization string `json:"organization"`

	// Use base_url instead.
	// Deprecated
	Production bool `json:"production"`

	// Use api_token instead.
	// Deprecated
	Token string `json:"token"`

	// Comma separated string or JSON list of CIDR blocks. If set, specifies the blocks of IP addresses which are allowed to use the generated token.
	TokenBoundCidrs []string `json:"token_bound_cidrs"`

	// If set, tokens created via this role carry an explicit maximum TTL. During renewal, the current maximum TTL values of the role and the mount are not checked for changes, and any updates to these values will have no effect on the token being renewed.
	TokenExplicitMaxTtl int32 `json:"token_explicit_max_ttl"`

	// The maximum lifetime of the generated token
	TokenMaxTtl int32 `json:"token_max_ttl"`

	// If true, the 'default' policy will not automatically be added to generated tokens
	TokenNoDefaultPolicy bool `json:"token_no_default_policy"`

	// The maximum number of times a token may be used, a value of zero means unlimited
	TokenNumUses int32 `json:"token_num_uses"`

	// If set, tokens created via this role will have no max lifetime; instead, their renewal period will be fixed to this value. This takes an integer number of seconds, or a string duration (e.g. \"24h\").
	TokenPeriod int32 `json:"token_period"`

	// Comma-separated list of policies. This will apply to all tokens generated by this auth method, in addition to any configured for specific users/groups.
	TokenPolicies []string `json:"token_policies"`

	// The initial ttl of the token to generate
	TokenTtl int32 `json:"token_ttl"`

	// The type of token to generate, service or batch
	TokenType string `json:"token_type"`

	// Use \"token_ttl\" instead. If this and \"token_ttl\" are both specified, only \"token_ttl\" will be used.
	// Deprecated
	Ttl int32 `json:"ttl"`
}

OktaWriteConfigRequest struct for OktaWriteConfigRequest

func NewOktaWriteConfigRequestWithDefaults ¶ 

func NewOktaWriteConfigRequestWithDefaults() *OktaWriteConfigRequest

NewOktaWriteConfigRequestWithDefaults instantiates a new OktaWriteConfigRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (OktaWriteConfigRequest) MarshalJSON ¶ 

func (o OktaWriteConfigRequest) MarshalJSON() ([]byte, error)

type OktaWriteGroupRequest ¶ 

type OktaWriteGroupRequest struct {
	// Comma-separated list of policies associated to the group.
	Policies []string `json:"policies"`
}

OktaWriteGroupRequest struct for OktaWriteGroupRequest

func NewOktaWriteGroupRequestWithDefaults ¶ 

func NewOktaWriteGroupRequestWithDefaults() *OktaWriteGroupRequest

NewOktaWriteGroupRequestWithDefaults instantiates a new OktaWriteGroupRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (OktaWriteGroupRequest) MarshalJSON ¶ 

func (o OktaWriteGroupRequest) MarshalJSON() ([]byte, error)

type OktaWriteUserRequest ¶ 

type OktaWriteUserRequest struct {
	// List of groups associated with the user.
	Groups []string `json:"groups"`

	// List of policies associated with the user.
	Policies []string `json:"policies"`
}

OktaWriteUserRequest struct for OktaWriteUserRequest

func NewOktaWriteUserRequestWithDefaults ¶ 

func NewOktaWriteUserRequestWithDefaults() *OktaWriteUserRequest

NewOktaWriteUserRequestWithDefaults instantiates a new OktaWriteUserRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (OktaWriteUserRequest) MarshalJSON ¶ 

func (o OktaWriteUserRequest) MarshalJSON() ([]byte, error)

type OpenLDAPCheckInLibraryRequest ¶ 

type OpenLDAPCheckInLibraryRequest struct {
	// The username/logon name for the service accounts to check in.
	ServiceAccountNames []string `json:"service_account_names"`
}

OpenLDAPCheckInLibraryRequest struct for OpenLDAPCheckInLibraryRequest

func NewOpenLDAPCheckInLibraryRequestWithDefaults ¶ 

func NewOpenLDAPCheckInLibraryRequestWithDefaults() *OpenLDAPCheckInLibraryRequest

NewOpenLDAPCheckInLibraryRequestWithDefaults instantiates a new OpenLDAPCheckInLibraryRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (OpenLDAPCheckInLibraryRequest) MarshalJSON ¶ 

func (o OpenLDAPCheckInLibraryRequest) MarshalJSON() ([]byte, error)

type OpenLDAPCheckInManageLibraryRequest ¶ 

type OpenLDAPCheckInManageLibraryRequest struct {
	// The username/logon name for the service accounts to check in.
	ServiceAccountNames []string `json:"service_account_names"`
}

OpenLDAPCheckInManageLibraryRequest struct for OpenLDAPCheckInManageLibraryRequest

func NewOpenLDAPCheckInManageLibraryRequestWithDefaults ¶ 

func NewOpenLDAPCheckInManageLibraryRequestWithDefaults() *OpenLDAPCheckInManageLibraryRequest

NewOpenLDAPCheckInManageLibraryRequestWithDefaults instantiates a new OpenLDAPCheckInManageLibraryRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (OpenLDAPCheckInManageLibraryRequest) MarshalJSON ¶ 

func (o OpenLDAPCheckInManageLibraryRequest) MarshalJSON() ([]byte, error)

type OpenLDAPCheckOutLibraryRequest ¶ 

type OpenLDAPCheckOutLibraryRequest struct {
	// The length of time before the check-out will expire, in seconds.
	Ttl int32 `json:"ttl"`
}

OpenLDAPCheckOutLibraryRequest struct for OpenLDAPCheckOutLibraryRequest

func NewOpenLDAPCheckOutLibraryRequestWithDefaults ¶ 

func NewOpenLDAPCheckOutLibraryRequestWithDefaults() *OpenLDAPCheckOutLibraryRequest

NewOpenLDAPCheckOutLibraryRequestWithDefaults instantiates a new OpenLDAPCheckOutLibraryRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (OpenLDAPCheckOutLibraryRequest) MarshalJSON ¶ 

func (o OpenLDAPCheckOutLibraryRequest) MarshalJSON() ([]byte, error)

type OpenLDAPWriteConfigRequest ¶ 

type OpenLDAPWriteConfigRequest struct {
	// Use anonymous binds when performing LDAP group searches (if true the initial credentials will still be used for the initial connection test).
	AnonymousGroupSearch bool `json:"anonymous_group_search"`

	// LDAP DN for searching for the user DN (optional)
	Binddn string `json:"binddn"`

	// LDAP password for searching for the user DN (optional)
	Bindpass string `json:"bindpass"`

	// If true, case sensitivity will be used when comparing usernames and groups for matching policies.
	CaseSensitiveNames bool `json:"case_sensitive_names"`

	// CA certificate to use when verifying LDAP server certificate, must be x509 PEM encoded (optional)
	Certificate string `json:"certificate"`

	// Client certificate to provide to the LDAP server, must be x509 PEM encoded (optional)
	ClientTlsCert string `json:"client_tls_cert"`

	// Client certificate key to provide to the LDAP server, must be x509 PEM encoded (optional)
	ClientTlsKey string `json:"client_tls_key"`

	// Denies an unauthenticated LDAP bind request if the user's password is empty; defaults to true
	DenyNullBind bool `json:"deny_null_bind"`

	// Use anonymous bind to discover the bind DN of a user (optional)
	Discoverdn bool `json:"discoverdn"`

	// LDAP attribute to follow on objects returned by <groupfilter> in order to enumerate user group membership. Examples: \"cn\" or \"memberOf\", etc. Default: cn
	Groupattr string `json:"groupattr"`

	// LDAP search base to use for group membership search (eg: ou=Groups,dc=example,dc=org)
	Groupdn string `json:"groupdn"`

	// Go template for querying group membership of user (optional) The template can access the following context variables: UserDN, Username Example: (&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}})) Default: (|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}}))
	Groupfilter string `json:"groupfilter"`

	// Skip LDAP server SSL Certificate verification - VERY insecure (optional)
	InsecureTls bool `json:"insecure_tls"`

	// The desired length of passwords that Vault generates.
	// Deprecated
	Length int32 `json:"length"`

	// The maximum password time-to-live.
	MaxTtl int32 `json:"max_ttl"`

	// Password policy to use to generate passwords
	PasswordPolicy string `json:"password_policy"`

	// Timeout, in seconds, for the connection when making requests against the server before returning back an error.
	RequestTimeout int32 `json:"request_timeout"`

	// The desired LDAP schema used when modifying user account passwords.
	Schema string `json:"schema"`

	// Issue a StartTLS command after establishing unencrypted connection (optional)
	Starttls bool `json:"starttls"`

	// Maximum TLS version to use. Accepted values are 'tls10', 'tls11', 'tls12' or 'tls13'. Defaults to 'tls12'
	TlsMaxVersion string `json:"tls_max_version"`

	// Minimum TLS version to use. Accepted values are 'tls10', 'tls11', 'tls12' or 'tls13'. Defaults to 'tls12'
	TlsMinVersion string `json:"tls_min_version"`

	// The default password time-to-live.
	Ttl int32 `json:"ttl"`

	// Enables userPrincipalDomain login with [username]@UPNDomain (optional)
	Upndomain string `json:"upndomain"`

	// LDAP URL to connect to (default: ldap://127.0.0.1). Multiple URLs can be specified by concatenating them with commas; they will be tried in-order.
	Url string `json:"url"`

	// In Vault 1.1.1 a fix for handling group CN values of different cases unfortunately introduced a regression that could cause previously defined groups to not be found due to a change in the resulting name. If set true, the pre-1.1.1 behavior for matching group CNs will be used. This is only needed in some upgrade scenarios for backwards compatibility. It is enabled by default if the config is upgraded but disabled by default on new configurations.
	UsePre111GroupCnBehavior bool `json:"use_pre111_group_cn_behavior"`

	// If true, use the Active Directory tokenGroups constructed attribute of the user to find the group memberships. This will find all security groups including nested ones.
	UseTokenGroups bool `json:"use_token_groups"`

	// Attribute used for users (default: cn)
	Userattr string `json:"userattr"`

	// LDAP domain to use for users (eg: ou=People,dc=example,dc=org)
	Userdn string `json:"userdn"`

	// Go template for LDAP user search filer (optional) The template can access the following context variables: UserAttr, Username Default: ({{.UserAttr}}={{.Username}})
	Userfilter string `json:"userfilter"`

	// If true, sets the alias name to the username
	UsernameAsAlias bool `json:"username_as_alias"`
}

OpenLDAPWriteConfigRequest struct for OpenLDAPWriteConfigRequest

func NewOpenLDAPWriteConfigRequestWithDefaults ¶ 

func NewOpenLDAPWriteConfigRequestWithDefaults() *OpenLDAPWriteConfigRequest

NewOpenLDAPWriteConfigRequestWithDefaults instantiates a new OpenLDAPWriteConfigRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (OpenLDAPWriteConfigRequest) MarshalJSON ¶ 

func (o OpenLDAPWriteConfigRequest) MarshalJSON() ([]byte, error)

type OpenLDAPWriteLibraryRequest ¶ 

type OpenLDAPWriteLibraryRequest struct {
	// Disable the default behavior of requiring that check-ins are performed by the entity that checked them out.
	DisableCheckInEnforcement bool `json:"disable_check_in_enforcement"`

	// In seconds, the max amount of time a check-out's renewals should last. Defaults to 24 hours.
	MaxTtl int32 `json:"max_ttl"`

	// The username/logon name for the service accounts with which this set will be associated.
	ServiceAccountNames []string `json:"service_account_names"`

	// In seconds, the amount of time a check-out should last. Defaults to 24 hours.
	Ttl int32 `json:"ttl"`
}

OpenLDAPWriteLibraryRequest struct for OpenLDAPWriteLibraryRequest

func NewOpenLDAPWriteLibraryRequestWithDefaults ¶ 

func NewOpenLDAPWriteLibraryRequestWithDefaults() *OpenLDAPWriteLibraryRequest

NewOpenLDAPWriteLibraryRequestWithDefaults instantiates a new OpenLDAPWriteLibraryRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (OpenLDAPWriteLibraryRequest) MarshalJSON ¶ 

func (o OpenLDAPWriteLibraryRequest) MarshalJSON() ([]byte, error)

type OpenLDAPWriteRoleRequest ¶ 

type OpenLDAPWriteRoleRequest struct {
	// LDIF string used to create new entities within the LDAP system. This LDIF can be templated.
	CreationLdif string `json:"creation_ldif"`

	// Default TTL for dynamic credentials
	DefaultTtl int32 `json:"default_ttl"`

	// LDIF string used to delete entities created within the LDAP system. This LDIF can be templated.
	DeletionLdif string `json:"deletion_ldif"`

	// Max TTL a dynamic credential can be extended to
	MaxTtl int32 `json:"max_ttl"`

	// LDIF string used to rollback changes in the event of a failure to create credentials. This LDIF can be templated.
	RollbackLdif string `json:"rollback_ldif"`

	// The template used to create a username
	UsernameTemplate string `json:"username_template"`
}

OpenLDAPWriteRoleRequest struct for OpenLDAPWriteRoleRequest

func NewOpenLDAPWriteRoleRequestWithDefaults ¶ 

func NewOpenLDAPWriteRoleRequestWithDefaults() *OpenLDAPWriteRoleRequest

NewOpenLDAPWriteRoleRequestWithDefaults instantiates a new OpenLDAPWriteRoleRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (OpenLDAPWriteRoleRequest) MarshalJSON ¶ 

func (o OpenLDAPWriteRoleRequest) MarshalJSON() ([]byte, error)

type OpenLDAPWriteStaticRoleRequest ¶ 

type OpenLDAPWriteStaticRoleRequest struct {
	// The distinguished name of the entry to manage.
	Dn string `json:"dn"`

	// Period for automatic credential rotation of the given entry.
	RotationPeriod int32 `json:"rotation_period"`

	// The username/logon name for the entry with which this role will be associated.
	Username string `json:"username"`
}

OpenLDAPWriteStaticRoleRequest struct for OpenLDAPWriteStaticRoleRequest

func NewOpenLDAPWriteStaticRoleRequestWithDefaults ¶ 

func NewOpenLDAPWriteStaticRoleRequestWithDefaults() *OpenLDAPWriteStaticRoleRequest

NewOpenLDAPWriteStaticRoleRequestWithDefaults instantiates a new OpenLDAPWriteStaticRoleRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (OpenLDAPWriteStaticRoleRequest) MarshalJSON ¶ 

func (o OpenLDAPWriteStaticRoleRequest) MarshalJSON() ([]byte, error)

type PKIBundleWriteRequest ¶ 

type PKIBundleWriteRequest struct {
	// PEM-format, concatenated unencrypted secret-key (optional) and certificates.
	PemBundle string `json:"pem_bundle"`
}

PKIBundleWriteRequest struct for PKIBundleWriteRequest

func NewPKIBundleWriteRequestWithDefaults ¶ 

func NewPKIBundleWriteRequestWithDefaults() *PKIBundleWriteRequest

NewPKIBundleWriteRequestWithDefaults instantiates a new PKIBundleWriteRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (PKIBundleWriteRequest) MarshalJSON ¶ 

func (o PKIBundleWriteRequest) MarshalJSON() ([]byte, error)

type PKIGenerateRootRequest ¶ 

type PKIGenerateRootRequest struct {
	// The requested Subject Alternative Names, if any, in a comma-delimited list. May contain both DNS names and email addresses.
	AltNames string `json:"alt_names"`

	// The requested common name; if you want more than one, specify the alternative names in the alt_names map. If not specified when signing, the common name will be taken from the CSR; other names must still be specified in alt_names or ip_sans.
	CommonName string `json:"common_name"`

	// If set, Country will be set to this value.
	Country []string `json:"country"`

	// If true, the Common Name will not be included in DNS or Email Subject Alternate Names. Defaults to false (CN is included).
	ExcludeCnFromSans bool `json:"exclude_cn_from_sans"`

	// Format for returned data. Can be \"pem\", \"der\", or \"pem_bundle\". If \"pem_bundle\", any private key and issuing cert will be appended to the certificate pem. If \"der\", the value will be base64 encoded. Defaults to \"pem\".
	Format string `json:"format"`

	// The requested IP SANs, if any, in a comma-delimited list
	IpSans []string `json:"ip_sans"`

	// Provide a name to the generated or existing issuer, the name must be unique across all issuers and not be the reserved value 'default'
	IssuerName string `json:"issuer_name"`

	// The number of bits to use. Allowed values are 0 (universal default); with rsa key_type: 2048 (default), 3072, or 4096; with ec key_type: 224, 256 (default), 384, or 521; ignored with ed25519.
	KeyBits int32 `json:"key_bits"`

	// Provide a name to the generated or existing key, the name must be unique across all keys and not be the reserved value 'default'
	KeyName string `json:"key_name"`

	// Reference to a existing key; either \"default\" for the configured default key, an identifier or the name assigned to the key.
	KeyRef string `json:"key_ref"`

	// The type of key to use; defaults to RSA. \"rsa\" \"ec\" and \"ed25519\" are the only valid values.
	KeyType string `json:"key_type"`

	// If set, Locality will be set to this value.
	Locality []string `json:"locality"`

	// The name of the managed key to use when the exported type is kms. When kms type is the key type, this field or managed_key_name is required. Ignored for other types.
	ManagedKeyId string `json:"managed_key_id"`

	// The name of the managed key to use when the exported type is kms. When kms type is the key type, this field or managed_key_id is required. Ignored for other types.
	ManagedKeyName string `json:"managed_key_name"`

	// The maximum allowable path length
	MaxPathLength int32 `json:"max_path_length"`

	// Set the not after field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ
	NotAfter string `json:"not_after"`

	// The duration before now which the certificate needs to be backdated by.
	NotBeforeDuration int32 `json:"not_before_duration"`

	// If set, O (Organization) will be set to this value.
	Organization []string `json:"organization"`

	// Requested other SANs, in an array with the format <oid>;UTF8:<utf8 string value> for each entry.
	OtherSans []string `json:"other_sans"`

	// If set, OU (OrganizationalUnit) will be set to this value.
	Ou []string `json:"ou"`

	// Domains for which this certificate is allowed to sign or issue child certificates. If set, all DNS names (subject and alt) on child certs must be exact matches or subsets of the given domains (see https://tools.ietf.org/html/rfc5280#section-4.2.1.10).
	PermittedDnsDomains []string `json:"permitted_dns_domains"`

	// If set, Postal Code will be set to this value.
	PostalCode []string `json:"postal_code"`

	// Format for the returned private key. Generally the default will be controlled by the \"format\" parameter as either base64-encoded DER or PEM-encoded DER. However, this can be set to \"pkcs8\" to have the returned private key contain base64-encoded pkcs8 or PEM-encoded pkcs8 instead. Defaults to \"der\".
	PrivateKeyFormat string `json:"private_key_format"`

	// If set, Province will be set to this value.
	Province []string `json:"province"`

	// The Subject's requested serial number, if any. See RFC 4519 Section 2.31 'serialNumber' for a description of this field. If you want more than one, specify alternative names in the alt_names map using OID 2.5.4.5. This has no impact on the final certificate's Serial Number field.
	SerialNumber string `json:"serial_number"`

	// The number of bits to use in the signature algorithm; accepts 256 for SHA-2-256, 384 for SHA-2-384, and 512 for SHA-2-512. Defaults to 0 to automatically detect based on key length (SHA-2-256 for RSA keys, and matching the curve size for NIST P-Curves).
	SignatureBits int32 `json:"signature_bits"`

	// If set, Street Address will be set to this value.
	StreetAddress []string `json:"street_address"`

	// The requested Time To Live for the certificate; sets the expiration date. If not specified the role default, backend default, or system default TTL is used, in that order. Cannot be larger than the mount max TTL. Note: this only has an effect when generating a CA cert or signing a CA cert, not when generating a CSR for an intermediate CA.
	Ttl int32 `json:"ttl"`

	// The requested URI SANs, if any, in a comma-delimited list.
	UriSans []string `json:"uri_sans"`

	// Whether or not to use PSS signatures when using a RSA key-type issuer. Defaults to false.
	UsePss bool `json:"use_pss"`
}

PKIGenerateRootRequest struct for PKIGenerateRootRequest

func NewPKIGenerateRootRequestWithDefaults ¶ 

func NewPKIGenerateRootRequestWithDefaults() *PKIGenerateRootRequest

NewPKIGenerateRootRequestWithDefaults instantiates a new PKIGenerateRootRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (PKIGenerateRootRequest) MarshalJSON ¶ 

func (o PKIGenerateRootRequest) MarshalJSON() ([]byte, error)

type PKIImportKeysRequest ¶ 

type PKIImportKeysRequest struct {
	// Optional name to be used for this key
	KeyName string `json:"key_name"`

	// PEM-format, unencrypted secret key
	PemBundle string `json:"pem_bundle"`
}

PKIImportKeysRequest struct for PKIImportKeysRequest

func NewPKIImportKeysRequestWithDefaults ¶ 

func NewPKIImportKeysRequestWithDefaults() *PKIImportKeysRequest

NewPKIImportKeysRequestWithDefaults instantiates a new PKIImportKeysRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (PKIImportKeysRequest) MarshalJSON ¶ 

func (o PKIImportKeysRequest) MarshalJSON() ([]byte, error)

type PKIIssuerIssueRoleRequest ¶ 

type PKIIssuerIssueRoleRequest struct {
	// The requested Subject Alternative Names, if any, in a comma-delimited list. If email protection is enabled for the role, this may contain email addresses.
	AltNames string `json:"alt_names"`

	// The requested common name; if you want more than one, specify the alternative names in the alt_names map. If email protection is enabled in the role, this may be an email address.
	CommonName string `json:"common_name"`

	// If true, the Common Name will not be included in DNS or Email Subject Alternate Names. Defaults to false (CN is included).
	ExcludeCnFromSans bool `json:"exclude_cn_from_sans"`

	// Format for returned data. Can be \"pem\", \"der\", or \"pem_bundle\". If \"pem_bundle\", any private key and issuing cert will be appended to the certificate pem. If \"der\", the value will be base64 encoded. Defaults to \"pem\".
	Format string `json:"format"`

	// The requested IP SANs, if any, in a comma-delimited list
	IpSans []string `json:"ip_sans"`

	// Set the not after field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ
	NotAfter string `json:"not_after"`

	// Requested other SANs, in an array with the format <oid>;UTF8:<utf8 string value> for each entry.
	OtherSans []string `json:"other_sans"`

	// Format for the returned private key. Generally the default will be controlled by the \"format\" parameter as either base64-encoded DER or PEM-encoded DER. However, this can be set to \"pkcs8\" to have the returned private key contain base64-encoded pkcs8 or PEM-encoded pkcs8 instead. Defaults to \"der\".
	PrivateKeyFormat string `json:"private_key_format"`

	// Whether or not to remove self-signed CA certificates in the output of the ca_chain field.
	RemoveRootsFromChain bool `json:"remove_roots_from_chain"`

	// The Subject's requested serial number, if any. See RFC 4519 Section 2.31 'serialNumber' for a description of this field. If you want more than one, specify alternative names in the alt_names map using OID 2.5.4.5. This has no impact on the final certificate's Serial Number field.
	SerialNumber string `json:"serial_number"`

	// The requested Time To Live for the certificate; sets the expiration date. If not specified the role default, backend default, or system default TTL is used, in that order. Cannot be larger than the role max TTL.
	Ttl int32 `json:"ttl"`

	// The requested URI SANs, if any, in a comma-delimited list.
	UriSans []string `json:"uri_sans"`
}

PKIIssuerIssueRoleRequest struct for PKIIssuerIssueRoleRequest

func NewPKIIssuerIssueRoleRequestWithDefaults ¶ 

func NewPKIIssuerIssueRoleRequestWithDefaults() *PKIIssuerIssueRoleRequest

NewPKIIssuerIssueRoleRequestWithDefaults instantiates a new PKIIssuerIssueRoleRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (PKIIssuerIssueRoleRequest) MarshalJSON ¶ 

func (o PKIIssuerIssueRoleRequest) MarshalJSON() ([]byte, error)

type PKIIssuerResignCRLsRequest ¶ 

type PKIIssuerResignCRLsRequest struct {
	// The sequence number to be written within the CRL Number extension.
	CrlNumber int32 `json:"crl_number"`

	// A list of PEM encoded CRLs to combine, originally signed by the requested issuer.
	Crls []string `json:"crls"`

	// Using a zero or greater value specifies the base CRL revision number to encode within a Delta CRL indicator extension, otherwise the extension will not be added.
	DeltaCrlBaseNumber int32 `json:"delta_crl_base_number"`

	// The format of the combined CRL, can be \"pem\" or \"der\". If \"der\", the value will be base64 encoded. Defaults to \"pem\".
	Format string `json:"format"`

	// The amount of time the generated CRL should be valid; defaults to 72 hours.
	NextUpdate string `json:"next_update"`
}

PKIIssuerResignCRLsRequest struct for PKIIssuerResignCRLsRequest

func NewPKIIssuerResignCRLsRequestWithDefaults ¶ 

func NewPKIIssuerResignCRLsRequestWithDefaults() *PKIIssuerResignCRLsRequest

NewPKIIssuerResignCRLsRequestWithDefaults instantiates a new PKIIssuerResignCRLsRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (PKIIssuerResignCRLsRequest) MarshalJSON ¶ 

func (o PKIIssuerResignCRLsRequest) MarshalJSON() ([]byte, error)

type PKIIssuerSignIntermediateRequest ¶ 

type PKIIssuerSignIntermediateRequest struct {
	// The requested Subject Alternative Names, if any, in a comma-delimited list. May contain both DNS names and email addresses.
	AltNames string `json:"alt_names"`

	// The requested common name; if you want more than one, specify the alternative names in the alt_names map. If not specified when signing, the common name will be taken from the CSR; other names must still be specified in alt_names or ip_sans.
	CommonName string `json:"common_name"`

	// If set, Country will be set to this value.
	Country []string `json:"country"`

	// PEM-format CSR to be signed.
	Csr string `json:"csr"`

	// If true, the Common Name will not be included in DNS or Email Subject Alternate Names. Defaults to false (CN is included).
	ExcludeCnFromSans bool `json:"exclude_cn_from_sans"`

	// Format for returned data. Can be \"pem\", \"der\", or \"pem_bundle\". If \"pem_bundle\", any private key and issuing cert will be appended to the certificate pem. If \"der\", the value will be base64 encoded. Defaults to \"pem\".
	Format string `json:"format"`

	// The requested IP SANs, if any, in a comma-delimited list
	IpSans []string `json:"ip_sans"`

	// Provide a name to the generated or existing issuer, the name must be unique across all issuers and not be the reserved value 'default'
	IssuerName string `json:"issuer_name"`

	// If set, Locality will be set to this value.
	Locality []string `json:"locality"`

	// The maximum allowable path length
	MaxPathLength int32 `json:"max_path_length"`

	// Set the not after field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ
	NotAfter string `json:"not_after"`

	// The duration before now which the certificate needs to be backdated by.
	NotBeforeDuration int32 `json:"not_before_duration"`

	// If set, O (Organization) will be set to this value.
	Organization []string `json:"organization"`

	// Requested other SANs, in an array with the format <oid>;UTF8:<utf8 string value> for each entry.
	OtherSans []string `json:"other_sans"`

	// If set, OU (OrganizationalUnit) will be set to this value.
	Ou []string `json:"ou"`

	// Domains for which this certificate is allowed to sign or issue child certificates. If set, all DNS names (subject and alt) on child certs must be exact matches or subsets of the given domains (see https://tools.ietf.org/html/rfc5280#section-4.2.1.10).
	PermittedDnsDomains []string `json:"permitted_dns_domains"`

	// If set, Postal Code will be set to this value.
	PostalCode []string `json:"postal_code"`

	// Format for the returned private key. Generally the default will be controlled by the \"format\" parameter as either base64-encoded DER or PEM-encoded DER. However, this can be set to \"pkcs8\" to have the returned private key contain base64-encoded pkcs8 or PEM-encoded pkcs8 instead. Defaults to \"der\".
	PrivateKeyFormat string `json:"private_key_format"`

	// If set, Province will be set to this value.
	Province []string `json:"province"`

	// The Subject's requested serial number, if any. See RFC 4519 Section 2.31 'serialNumber' for a description of this field. If you want more than one, specify alternative names in the alt_names map using OID 2.5.4.5. This has no impact on the final certificate's Serial Number field.
	SerialNumber string `json:"serial_number"`

	// The number of bits to use in the signature algorithm; accepts 256 for SHA-2-256, 384 for SHA-2-384, and 512 for SHA-2-512. Defaults to 0 to automatically detect based on key length (SHA-2-256 for RSA keys, and matching the curve size for NIST P-Curves).
	SignatureBits int32 `json:"signature_bits"`

	// Value for the Subject Key Identifier field (RFC 5280 Section 4.2.1.2). This value should ONLY be used when cross-signing to mimic the existing certificate's SKID value; this is necessary to allow certain TLS implementations (such as OpenSSL) which use SKID/AKID matches in chain building to restrict possible valid chains. Specified as a string in hex format. Default is empty, allowing Vault to automatically calculate the SKID according to method one in the above RFC section.
	Skid string `json:"skid"`

	// If set, Street Address will be set to this value.
	StreetAddress []string `json:"street_address"`

	// The requested Time To Live for the certificate; sets the expiration date. If not specified the role default, backend default, or system default TTL is used, in that order. Cannot be larger than the mount max TTL. Note: this only has an effect when generating a CA cert or signing a CA cert, not when generating a CSR for an intermediate CA.
	Ttl int32 `json:"ttl"`

	// The requested URI SANs, if any, in a comma-delimited list.
	UriSans []string `json:"uri_sans"`

	// If true, then: 1) Subject information, including names and alternate names, will be preserved from the CSR rather than using values provided in the other parameters to this path; 2) Any key usages requested in the CSR will be added to the basic set of key usages used for CA certs signed by this path; for instance, the non-repudiation flag; 3) Extensions requested in the CSR will be copied into the issued certificate.
	UseCsrValues bool `json:"use_csr_values"`

	// Whether or not to use PSS signatures when using a RSA key-type issuer. Defaults to false.
	UsePss bool `json:"use_pss"`
}

PKIIssuerSignIntermediateRequest struct for PKIIssuerSignIntermediateRequest

func NewPKIIssuerSignIntermediateRequestWithDefaults ¶ 

func NewPKIIssuerSignIntermediateRequestWithDefaults() *PKIIssuerSignIntermediateRequest

NewPKIIssuerSignIntermediateRequestWithDefaults instantiates a new PKIIssuerSignIntermediateRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (PKIIssuerSignIntermediateRequest) MarshalJSON ¶ 

func (o PKIIssuerSignIntermediateRequest) MarshalJSON() ([]byte, error)

type PKIIssuerSignRevocationListRequest ¶ 

type PKIIssuerSignRevocationListRequest struct {
	// The sequence number to be written within the CRL Number extension.
	CrlNumber int32 `json:"crl_number"`

	// Using a zero or greater value specifies the base CRL revision number to encode within a Delta CRL indicator extension, otherwise the extension will not be added.
	DeltaCrlBaseNumber int32 `json:"delta_crl_base_number"`

	// A list of maps containing extensions with keys id (string), critical (bool), value (string)
	Extensions []map[string]interface{} `json:"extensions"`

	// The format of the combined CRL, can be \"pem\" or \"der\". If \"der\", the value will be base64 encoded. Defaults to \"pem\".
	Format string `json:"format"`

	// The amount of time the generated CRL should be valid; defaults to 72 hours.
	NextUpdate string `json:"next_update"`

	// A list of maps containing the keys serial_number (string), revocation_time (string), and extensions (map with keys id (string), critical (bool), value (string))
	RevokedCerts []map[string]interface{} `json:"revoked_certs"`
}

PKIIssuerSignRevocationListRequest struct for PKIIssuerSignRevocationListRequest

func NewPKIIssuerSignRevocationListRequestWithDefaults ¶ 

func NewPKIIssuerSignRevocationListRequestWithDefaults() *PKIIssuerSignRevocationListRequest

NewPKIIssuerSignRevocationListRequestWithDefaults instantiates a new PKIIssuerSignRevocationListRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (PKIIssuerSignRevocationListRequest) MarshalJSON ¶ 

func (o PKIIssuerSignRevocationListRequest) MarshalJSON() ([]byte, error)

type PKIIssuerSignRoleRequest ¶ 

type PKIIssuerSignRoleRequest struct {
	// The requested Subject Alternative Names, if any, in a comma-delimited list. If email protection is enabled for the role, this may contain email addresses.
	AltNames string `json:"alt_names"`

	// The requested common name; if you want more than one, specify the alternative names in the alt_names map. If email protection is enabled in the role, this may be an email address.
	CommonName string `json:"common_name"`

	// PEM-format CSR to be signed.
	Csr string `json:"csr"`

	// If true, the Common Name will not be included in DNS or Email Subject Alternate Names. Defaults to false (CN is included).
	ExcludeCnFromSans bool `json:"exclude_cn_from_sans"`

	// Format for returned data. Can be \"pem\", \"der\", or \"pem_bundle\". If \"pem_bundle\", any private key and issuing cert will be appended to the certificate pem. If \"der\", the value will be base64 encoded. Defaults to \"pem\".
	Format string `json:"format"`

	// The requested IP SANs, if any, in a comma-delimited list
	IpSans []string `json:"ip_sans"`

	// Set the not after field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ
	NotAfter string `json:"not_after"`

	// Requested other SANs, in an array with the format <oid>;UTF8:<utf8 string value> for each entry.
	OtherSans []string `json:"other_sans"`

	// Format for the returned private key. Generally the default will be controlled by the \"format\" parameter as either base64-encoded DER or PEM-encoded DER. However, this can be set to \"pkcs8\" to have the returned private key contain base64-encoded pkcs8 or PEM-encoded pkcs8 instead. Defaults to \"der\".
	PrivateKeyFormat string `json:"private_key_format"`

	// Whether or not to remove self-signed CA certificates in the output of the ca_chain field.
	RemoveRootsFromChain bool `json:"remove_roots_from_chain"`

	// The Subject's requested serial number, if any. See RFC 4519 Section 2.31 'serialNumber' for a description of this field. If you want more than one, specify alternative names in the alt_names map using OID 2.5.4.5. This has no impact on the final certificate's Serial Number field.
	SerialNumber string `json:"serial_number"`

	// The requested Time To Live for the certificate; sets the expiration date. If not specified the role default, backend default, or system default TTL is used, in that order. Cannot be larger than the role max TTL.
	Ttl int32 `json:"ttl"`

	// The requested URI SANs, if any, in a comma-delimited list.
	UriSans []string `json:"uri_sans"`
}

PKIIssuerSignRoleRequest struct for PKIIssuerSignRoleRequest

func NewPKIIssuerSignRoleRequestWithDefaults ¶ 

func NewPKIIssuerSignRoleRequestWithDefaults() *PKIIssuerSignRoleRequest

NewPKIIssuerSignRoleRequestWithDefaults instantiates a new PKIIssuerSignRoleRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (PKIIssuerSignRoleRequest) MarshalJSON ¶ 

func (o PKIIssuerSignRoleRequest) MarshalJSON() ([]byte, error)

type PKIIssuerSignSelfIssuedRequest ¶ 

type PKIIssuerSignSelfIssuedRequest struct {
	// PEM-format self-issued certificate to be signed.
	Certificate string `json:"certificate"`

	// If true, require the public key algorithm of the signer to match that of the self issued certificate.
	RequireMatchingCertificateAlgorithms bool `json:"require_matching_certificate_algorithms"`
}

PKIIssuerSignSelfIssuedRequest struct for PKIIssuerSignSelfIssuedRequest

func NewPKIIssuerSignSelfIssuedRequestWithDefaults ¶ 

func NewPKIIssuerSignSelfIssuedRequestWithDefaults() *PKIIssuerSignSelfIssuedRequest

NewPKIIssuerSignSelfIssuedRequestWithDefaults instantiates a new PKIIssuerSignSelfIssuedRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (PKIIssuerSignSelfIssuedRequest) MarshalJSON ¶ 

func (o PKIIssuerSignSelfIssuedRequest) MarshalJSON() ([]byte, error)

type PKIIssuerSignVerbatimRequest ¶ 

type PKIIssuerSignVerbatimRequest struct {
	// The requested Subject Alternative Names, if any, in a comma-delimited list. If email protection is enabled for the role, this may contain email addresses.
	AltNames string `json:"alt_names"`

	// The requested common name; if you want more than one, specify the alternative names in the alt_names map. If email protection is enabled in the role, this may be an email address.
	CommonName string `json:"common_name"`

	// PEM-format CSR to be signed. Values will be taken verbatim from the CSR, except for basic constraints.
	Csr string `json:"csr"`

	// If true, the Common Name will not be included in DNS or Email Subject Alternate Names. Defaults to false (CN is included).
	ExcludeCnFromSans bool `json:"exclude_cn_from_sans"`

	// A comma-separated string or list of extended key usages. Valid values can be found at https://golang.org/pkg/crypto/x509/#ExtKeyUsage -- simply drop the \"ExtKeyUsage\" part of the name. To remove all key usages from being set, set this value to an empty list.
	ExtKeyUsage []string `json:"ext_key_usage"`

	// A comma-separated string or list of extended key usage oids.
	ExtKeyUsageOids []string `json:"ext_key_usage_oids"`

	// Format for returned data. Can be \"pem\", \"der\", or \"pem_bundle\". If \"pem_bundle\", any private key and issuing cert will be appended to the certificate pem. If \"der\", the value will be base64 encoded. Defaults to \"pem\".
	Format string `json:"format"`

	// The requested IP SANs, if any, in a comma-delimited list
	IpSans []string `json:"ip_sans"`

	// A comma-separated string or list of key usages (not extended key usages). Valid values can be found at https://golang.org/pkg/crypto/x509/#KeyUsage -- simply drop the \"KeyUsage\" part of the name. To remove all key usages from being set, set this value to an empty list.
	KeyUsage []string `json:"key_usage"`

	// Set the not after field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ
	NotAfter string `json:"not_after"`

	// Requested other SANs, in an array with the format <oid>;UTF8:<utf8 string value> for each entry.
	OtherSans []string `json:"other_sans"`

	// Format for the returned private key. Generally the default will be controlled by the \"format\" parameter as either base64-encoded DER or PEM-encoded DER. However, this can be set to \"pkcs8\" to have the returned private key contain base64-encoded pkcs8 or PEM-encoded pkcs8 instead. Defaults to \"der\".
	PrivateKeyFormat string `json:"private_key_format"`

	// Whether or not to remove self-signed CA certificates in the output of the ca_chain field.
	RemoveRootsFromChain bool `json:"remove_roots_from_chain"`

	// The desired role with configuration for this request
	Role string `json:"role"`

	// The Subject's requested serial number, if any. See RFC 4519 Section 2.31 'serialNumber' for a description of this field. If you want more than one, specify alternative names in the alt_names map using OID 2.5.4.5. This has no impact on the final certificate's Serial Number field.
	SerialNumber string `json:"serial_number"`

	// The number of bits to use in the signature algorithm; accepts 256 for SHA-2-256, 384 for SHA-2-384, and 512 for SHA-2-512. Defaults to 0 to automatically detect based on key length (SHA-2-256 for RSA keys, and matching the curve size for NIST P-Curves).
	SignatureBits int32 `json:"signature_bits"`

	// The requested Time To Live for the certificate; sets the expiration date. If not specified the role default, backend default, or system default TTL is used, in that order. Cannot be larger than the role max TTL.
	Ttl int32 `json:"ttl"`

	// The requested URI SANs, if any, in a comma-delimited list.
	UriSans []string `json:"uri_sans"`

	// Whether or not to use PSS signatures when using a RSA key-type issuer. Defaults to false.
	UsePss bool `json:"use_pss"`
}

PKIIssuerSignVerbatimRequest struct for PKIIssuerSignVerbatimRequest

func NewPKIIssuerSignVerbatimRequestWithDefaults ¶ 

func NewPKIIssuerSignVerbatimRequestWithDefaults() *PKIIssuerSignVerbatimRequest

NewPKIIssuerSignVerbatimRequestWithDefaults instantiates a new PKIIssuerSignVerbatimRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (PKIIssuerSignVerbatimRequest) MarshalJSON ¶ 

func (o PKIIssuerSignVerbatimRequest) MarshalJSON() ([]byte, error)

type PKIIssuerSignVerbatimRoleRequest ¶ 

type PKIIssuerSignVerbatimRoleRequest struct {
	// The requested Subject Alternative Names, if any, in a comma-delimited list. If email protection is enabled for the role, this may contain email addresses.
	AltNames string `json:"alt_names"`

	// The requested common name; if you want more than one, specify the alternative names in the alt_names map. If email protection is enabled in the role, this may be an email address.
	CommonName string `json:"common_name"`

	// PEM-format CSR to be signed. Values will be taken verbatim from the CSR, except for basic constraints.
	Csr string `json:"csr"`

	// If true, the Common Name will not be included in DNS or Email Subject Alternate Names. Defaults to false (CN is included).
	ExcludeCnFromSans bool `json:"exclude_cn_from_sans"`

	// A comma-separated string or list of extended key usages. Valid values can be found at https://golang.org/pkg/crypto/x509/#ExtKeyUsage -- simply drop the \"ExtKeyUsage\" part of the name. To remove all key usages from being set, set this value to an empty list.
	ExtKeyUsage []string `json:"ext_key_usage"`

	// A comma-separated string or list of extended key usage oids.
	ExtKeyUsageOids []string `json:"ext_key_usage_oids"`

	// Format for returned data. Can be \"pem\", \"der\", or \"pem_bundle\". If \"pem_bundle\", any private key and issuing cert will be appended to the certificate pem. If \"der\", the value will be base64 encoded. Defaults to \"pem\".
	Format string `json:"format"`

	// The requested IP SANs, if any, in a comma-delimited list
	IpSans []string `json:"ip_sans"`

	// A comma-separated string or list of key usages (not extended key usages). Valid values can be found at https://golang.org/pkg/crypto/x509/#KeyUsage -- simply drop the \"KeyUsage\" part of the name. To remove all key usages from being set, set this value to an empty list.
	KeyUsage []string `json:"key_usage"`

	// Set the not after field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ
	NotAfter string `json:"not_after"`

	// Requested other SANs, in an array with the format <oid>;UTF8:<utf8 string value> for each entry.
	OtherSans []string `json:"other_sans"`

	// Format for the returned private key. Generally the default will be controlled by the \"format\" parameter as either base64-encoded DER or PEM-encoded DER. However, this can be set to \"pkcs8\" to have the returned private key contain base64-encoded pkcs8 or PEM-encoded pkcs8 instead. Defaults to \"der\".
	PrivateKeyFormat string `json:"private_key_format"`

	// Whether or not to remove self-signed CA certificates in the output of the ca_chain field.
	RemoveRootsFromChain bool `json:"remove_roots_from_chain"`

	// The Subject's requested serial number, if any. See RFC 4519 Section 2.31 'serialNumber' for a description of this field. If you want more than one, specify alternative names in the alt_names map using OID 2.5.4.5. This has no impact on the final certificate's Serial Number field.
	SerialNumber string `json:"serial_number"`

	// The number of bits to use in the signature algorithm; accepts 256 for SHA-2-256, 384 for SHA-2-384, and 512 for SHA-2-512. Defaults to 0 to automatically detect based on key length (SHA-2-256 for RSA keys, and matching the curve size for NIST P-Curves).
	SignatureBits int32 `json:"signature_bits"`

	// The requested Time To Live for the certificate; sets the expiration date. If not specified the role default, backend default, or system default TTL is used, in that order. Cannot be larger than the role max TTL.
	Ttl int32 `json:"ttl"`

	// The requested URI SANs, if any, in a comma-delimited list.
	UriSans []string `json:"uri_sans"`

	// Whether or not to use PSS signatures when using a RSA key-type issuer. Defaults to false.
	UsePss bool `json:"use_pss"`
}

PKIIssuerSignVerbatimRoleRequest struct for PKIIssuerSignVerbatimRoleRequest

func NewPKIIssuerSignVerbatimRoleRequestWithDefaults ¶ 

func NewPKIIssuerSignVerbatimRoleRequestWithDefaults() *PKIIssuerSignVerbatimRoleRequest

NewPKIIssuerSignVerbatimRoleRequestWithDefaults instantiates a new PKIIssuerSignVerbatimRoleRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (PKIIssuerSignVerbatimRoleRequest) MarshalJSON ¶ 

func (o PKIIssuerSignVerbatimRoleRequest) MarshalJSON() ([]byte, error)

type PKIIssuersGenerateIntermediateRequest ¶ 

type PKIIssuersGenerateIntermediateRequest struct {
	// Whether to add a Basic Constraints extension with CA: true. Only needed as a workaround in some compatibility scenarios with Active Directory Certificate Services.
	AddBasicConstraints bool `json:"add_basic_constraints"`

	// The requested Subject Alternative Names, if any, in a comma-delimited list. May contain both DNS names and email addresses.
	AltNames string `json:"alt_names"`

	// The requested common name; if you want more than one, specify the alternative names in the alt_names map. If not specified when signing, the common name will be taken from the CSR; other names must still be specified in alt_names or ip_sans.
	CommonName string `json:"common_name"`

	// If set, Country will be set to this value.
	Country []string `json:"country"`

	// If true, the Common Name will not be included in DNS or Email Subject Alternate Names. Defaults to false (CN is included).
	ExcludeCnFromSans bool `json:"exclude_cn_from_sans"`

	// Format for returned data. Can be \"pem\", \"der\", or \"pem_bundle\". If \"pem_bundle\", any private key and issuing cert will be appended to the certificate pem. If \"der\", the value will be base64 encoded. Defaults to \"pem\".
	Format string `json:"format"`

	// The requested IP SANs, if any, in a comma-delimited list
	IpSans []string `json:"ip_sans"`

	// The number of bits to use. Allowed values are 0 (universal default); with rsa key_type: 2048 (default), 3072, or 4096; with ec key_type: 224, 256 (default), 384, or 521; ignored with ed25519.
	KeyBits int32 `json:"key_bits"`

	// Provide a name to the generated or existing key, the name must be unique across all keys and not be the reserved value 'default'
	KeyName string `json:"key_name"`

	// Reference to a existing key; either \"default\" for the configured default key, an identifier or the name assigned to the key.
	KeyRef string `json:"key_ref"`

	// The type of key to use; defaults to RSA. \"rsa\" \"ec\" and \"ed25519\" are the only valid values.
	KeyType string `json:"key_type"`

	// If set, Locality will be set to this value.
	Locality []string `json:"locality"`

	// The name of the managed key to use when the exported type is kms. When kms type is the key type, this field or managed_key_name is required. Ignored for other types.
	ManagedKeyId string `json:"managed_key_id"`

	// The name of the managed key to use when the exported type is kms. When kms type is the key type, this field or managed_key_id is required. Ignored for other types.
	ManagedKeyName string `json:"managed_key_name"`

	// Set the not after field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ
	NotAfter string `json:"not_after"`

	// The duration before now which the certificate needs to be backdated by.
	NotBeforeDuration int32 `json:"not_before_duration"`

	// If set, O (Organization) will be set to this value.
	Organization []string `json:"organization"`

	// Requested other SANs, in an array with the format <oid>;UTF8:<utf8 string value> for each entry.
	OtherSans []string `json:"other_sans"`

	// If set, OU (OrganizationalUnit) will be set to this value.
	Ou []string `json:"ou"`

	// If set, Postal Code will be set to this value.
	PostalCode []string `json:"postal_code"`

	// Format for the returned private key. Generally the default will be controlled by the \"format\" parameter as either base64-encoded DER or PEM-encoded DER. However, this can be set to \"pkcs8\" to have the returned private key contain base64-encoded pkcs8 or PEM-encoded pkcs8 instead. Defaults to \"der\".
	PrivateKeyFormat string `json:"private_key_format"`

	// If set, Province will be set to this value.
	Province []string `json:"province"`

	// The Subject's requested serial number, if any. See RFC 4519 Section 2.31 'serialNumber' for a description of this field. If you want more than one, specify alternative names in the alt_names map using OID 2.5.4.5. This has no impact on the final certificate's Serial Number field.
	SerialNumber string `json:"serial_number"`

	// The number of bits to use in the signature algorithm; accepts 256 for SHA-2-256, 384 for SHA-2-384, and 512 for SHA-2-512. Defaults to 0 to automatically detect based on key length (SHA-2-256 for RSA keys, and matching the curve size for NIST P-Curves).
	SignatureBits int32 `json:"signature_bits"`

	// If set, Street Address will be set to this value.
	StreetAddress []string `json:"street_address"`

	// The requested Time To Live for the certificate; sets the expiration date. If not specified the role default, backend default, or system default TTL is used, in that order. Cannot be larger than the mount max TTL. Note: this only has an effect when generating a CA cert or signing a CA cert, not when generating a CSR for an intermediate CA.
	Ttl int32 `json:"ttl"`

	// The requested URI SANs, if any, in a comma-delimited list.
	UriSans []string `json:"uri_sans"`
}

PKIIssuersGenerateIntermediateRequest struct for PKIIssuersGenerateIntermediateRequest

func NewPKIIssuersGenerateIntermediateRequestWithDefaults ¶ 

func NewPKIIssuersGenerateIntermediateRequestWithDefaults() *PKIIssuersGenerateIntermediateRequest

NewPKIIssuersGenerateIntermediateRequestWithDefaults instantiates a new PKIIssuersGenerateIntermediateRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (PKIIssuersGenerateIntermediateRequest) MarshalJSON ¶ 

func (o PKIIssuersGenerateIntermediateRequest) MarshalJSON() ([]byte, error)

type PKIIssuersGenerateRootRequest ¶ 

type PKIIssuersGenerateRootRequest struct {
	// The requested Subject Alternative Names, if any, in a comma-delimited list. May contain both DNS names and email addresses.
	AltNames string `json:"alt_names"`

	// The requested common name; if you want more than one, specify the alternative names in the alt_names map. If not specified when signing, the common name will be taken from the CSR; other names must still be specified in alt_names or ip_sans.
	CommonName string `json:"common_name"`

	// If set, Country will be set to this value.
	Country []string `json:"country"`

	// If true, the Common Name will not be included in DNS or Email Subject Alternate Names. Defaults to false (CN is included).
	ExcludeCnFromSans bool `json:"exclude_cn_from_sans"`

	// Format for returned data. Can be \"pem\", \"der\", or \"pem_bundle\". If \"pem_bundle\", any private key and issuing cert will be appended to the certificate pem. If \"der\", the value will be base64 encoded. Defaults to \"pem\".
	Format string `json:"format"`

	// The requested IP SANs, if any, in a comma-delimited list
	IpSans []string `json:"ip_sans"`

	// Provide a name to the generated or existing issuer, the name must be unique across all issuers and not be the reserved value 'default'
	IssuerName string `json:"issuer_name"`

	// The number of bits to use. Allowed values are 0 (universal default); with rsa key_type: 2048 (default), 3072, or 4096; with ec key_type: 224, 256 (default), 384, or 521; ignored with ed25519.
	KeyBits int32 `json:"key_bits"`

	// Provide a name to the generated or existing key, the name must be unique across all keys and not be the reserved value 'default'
	KeyName string `json:"key_name"`

	// Reference to a existing key; either \"default\" for the configured default key, an identifier or the name assigned to the key.
	KeyRef string `json:"key_ref"`

	// The type of key to use; defaults to RSA. \"rsa\" \"ec\" and \"ed25519\" are the only valid values.
	KeyType string `json:"key_type"`

	// If set, Locality will be set to this value.
	Locality []string `json:"locality"`

	// The name of the managed key to use when the exported type is kms. When kms type is the key type, this field or managed_key_name is required. Ignored for other types.
	ManagedKeyId string `json:"managed_key_id"`

	// The name of the managed key to use when the exported type is kms. When kms type is the key type, this field or managed_key_id is required. Ignored for other types.
	ManagedKeyName string `json:"managed_key_name"`

	// The maximum allowable path length
	MaxPathLength int32 `json:"max_path_length"`

	// Set the not after field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ
	NotAfter string `json:"not_after"`

	// The duration before now which the certificate needs to be backdated by.
	NotBeforeDuration int32 `json:"not_before_duration"`

	// If set, O (Organization) will be set to this value.
	Organization []string `json:"organization"`

	// Requested other SANs, in an array with the format <oid>;UTF8:<utf8 string value> for each entry.
	OtherSans []string `json:"other_sans"`

	// If set, OU (OrganizationalUnit) will be set to this value.
	Ou []string `json:"ou"`

	// Domains for which this certificate is allowed to sign or issue child certificates. If set, all DNS names (subject and alt) on child certs must be exact matches or subsets of the given domains (see https://tools.ietf.org/html/rfc5280#section-4.2.1.10).
	PermittedDnsDomains []string `json:"permitted_dns_domains"`

	// If set, Postal Code will be set to this value.
	PostalCode []string `json:"postal_code"`

	// Format for the returned private key. Generally the default will be controlled by the \"format\" parameter as either base64-encoded DER or PEM-encoded DER. However, this can be set to \"pkcs8\" to have the returned private key contain base64-encoded pkcs8 or PEM-encoded pkcs8 instead. Defaults to \"der\".
	PrivateKeyFormat string `json:"private_key_format"`

	// If set, Province will be set to this value.
	Province []string `json:"province"`

	// The Subject's requested serial number, if any. See RFC 4519 Section 2.31 'serialNumber' for a description of this field. If you want more than one, specify alternative names in the alt_names map using OID 2.5.4.5. This has no impact on the final certificate's Serial Number field.
	SerialNumber string `json:"serial_number"`

	// The number of bits to use in the signature algorithm; accepts 256 for SHA-2-256, 384 for SHA-2-384, and 512 for SHA-2-512. Defaults to 0 to automatically detect based on key length (SHA-2-256 for RSA keys, and matching the curve size for NIST P-Curves).
	SignatureBits int32 `json:"signature_bits"`

	// If set, Street Address will be set to this value.
	StreetAddress []string `json:"street_address"`

	// The requested Time To Live for the certificate; sets the expiration date. If not specified the role default, backend default, or system default TTL is used, in that order. Cannot be larger than the mount max TTL. Note: this only has an effect when generating a CA cert or signing a CA cert, not when generating a CSR for an intermediate CA.
	Ttl int32 `json:"ttl"`

	// The requested URI SANs, if any, in a comma-delimited list.
	UriSans []string `json:"uri_sans"`

	// Whether or not to use PSS signatures when using a RSA key-type issuer. Defaults to false.
	UsePss bool `json:"use_pss"`
}

PKIIssuersGenerateRootRequest struct for PKIIssuersGenerateRootRequest

func NewPKIIssuersGenerateRootRequestWithDefaults ¶ 

func NewPKIIssuersGenerateRootRequestWithDefaults() *PKIIssuersGenerateRootRequest

NewPKIIssuersGenerateRootRequestWithDefaults instantiates a new PKIIssuersGenerateRootRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (PKIIssuersGenerateRootRequest) MarshalJSON ¶ 

func (o PKIIssuersGenerateRootRequest) MarshalJSON() ([]byte, error)

type PKIReplaceRootRequest ¶ 

type PKIReplaceRootRequest struct {
	// Reference (name or identifier) to the default issuer.
	Default string `json:"default"`
}

PKIReplaceRootRequest struct for PKIReplaceRootRequest

func NewPKIReplaceRootRequestWithDefaults ¶ 

func NewPKIReplaceRootRequestWithDefaults() *PKIReplaceRootRequest

NewPKIReplaceRootRequestWithDefaults instantiates a new PKIReplaceRootRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (PKIReplaceRootRequest) MarshalJSON ¶ 

func (o PKIReplaceRootRequest) MarshalJSON() ([]byte, error)

type PKIRevokeRequest ¶ 

type PKIRevokeRequest struct {
	// Certificate to revoke in PEM format; must be signed by an issuer in this mount.
	Certificate string `json:"certificate"`

	// Certificate serial number, in colon- or hyphen-separated octal
	SerialNumber string `json:"serial_number"`
}

PKIRevokeRequest struct for PKIRevokeRequest

func NewPKIRevokeRequestWithDefaults ¶ 

func NewPKIRevokeRequestWithDefaults() *PKIRevokeRequest

NewPKIRevokeRequestWithDefaults instantiates a new PKIRevokeRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (PKIRevokeRequest) MarshalJSON ¶ 

func (o PKIRevokeRequest) MarshalJSON() ([]byte, error)

type PKIRevokeWithKeyRequest ¶ 

type PKIRevokeWithKeyRequest struct {
	// Certificate to revoke in PEM format; must be signed by an issuer in this mount.
	Certificate string `json:"certificate"`

	// Key to use to verify revocation permission; must be in PEM format.
	PrivateKey string `json:"private_key"`

	// Certificate serial number, in colon- or hyphen-separated octal
	SerialNumber string `json:"serial_number"`
}

PKIRevokeWithKeyRequest struct for PKIRevokeWithKeyRequest

func NewPKIRevokeWithKeyRequestWithDefaults ¶ 

func NewPKIRevokeWithKeyRequestWithDefaults() *PKIRevokeWithKeyRequest

NewPKIRevokeWithKeyRequestWithDefaults instantiates a new PKIRevokeWithKeyRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (PKIRevokeWithKeyRequest) MarshalJSON ¶ 

func (o PKIRevokeWithKeyRequest) MarshalJSON() ([]byte, error)

type PKIRootSignIntermediateRequest ¶ 

type PKIRootSignIntermediateRequest struct {
	// The requested Subject Alternative Names, if any, in a comma-delimited list. May contain both DNS names and email addresses.
	AltNames string `json:"alt_names"`

	// The requested common name; if you want more than one, specify the alternative names in the alt_names map. If not specified when signing, the common name will be taken from the CSR; other names must still be specified in alt_names or ip_sans.
	CommonName string `json:"common_name"`

	// If set, Country will be set to this value.
	Country []string `json:"country"`

	// PEM-format CSR to be signed.
	Csr string `json:"csr"`

	// If true, the Common Name will not be included in DNS or Email Subject Alternate Names. Defaults to false (CN is included).
	ExcludeCnFromSans bool `json:"exclude_cn_from_sans"`

	// Format for returned data. Can be \"pem\", \"der\", or \"pem_bundle\". If \"pem_bundle\", any private key and issuing cert will be appended to the certificate pem. If \"der\", the value will be base64 encoded. Defaults to \"pem\".
	Format string `json:"format"`

	// The requested IP SANs, if any, in a comma-delimited list
	IpSans []string `json:"ip_sans"`

	// Provide a name to the generated or existing issuer, the name must be unique across all issuers and not be the reserved value 'default'
	IssuerName string `json:"issuer_name"`

	// Reference to a existing issuer; either \"default\" for the configured default issuer, an identifier or the name assigned to the issuer.
	IssuerRef string `json:"issuer_ref"`

	// If set, Locality will be set to this value.
	Locality []string `json:"locality"`

	// The maximum allowable path length
	MaxPathLength int32 `json:"max_path_length"`

	// Set the not after field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ
	NotAfter string `json:"not_after"`

	// The duration before now which the certificate needs to be backdated by.
	NotBeforeDuration int32 `json:"not_before_duration"`

	// If set, O (Organization) will be set to this value.
	Organization []string `json:"organization"`

	// Requested other SANs, in an array with the format <oid>;UTF8:<utf8 string value> for each entry.
	OtherSans []string `json:"other_sans"`

	// If set, OU (OrganizationalUnit) will be set to this value.
	Ou []string `json:"ou"`

	// Domains for which this certificate is allowed to sign or issue child certificates. If set, all DNS names (subject and alt) on child certs must be exact matches or subsets of the given domains (see https://tools.ietf.org/html/rfc5280#section-4.2.1.10).
	PermittedDnsDomains []string `json:"permitted_dns_domains"`

	// If set, Postal Code will be set to this value.
	PostalCode []string `json:"postal_code"`

	// Format for the returned private key. Generally the default will be controlled by the \"format\" parameter as either base64-encoded DER or PEM-encoded DER. However, this can be set to \"pkcs8\" to have the returned private key contain base64-encoded pkcs8 or PEM-encoded pkcs8 instead. Defaults to \"der\".
	PrivateKeyFormat string `json:"private_key_format"`

	// If set, Province will be set to this value.
	Province []string `json:"province"`

	// The Subject's requested serial number, if any. See RFC 4519 Section 2.31 'serialNumber' for a description of this field. If you want more than one, specify alternative names in the alt_names map using OID 2.5.4.5. This has no impact on the final certificate's Serial Number field.
	SerialNumber string `json:"serial_number"`

	// The number of bits to use in the signature algorithm; accepts 256 for SHA-2-256, 384 for SHA-2-384, and 512 for SHA-2-512. Defaults to 0 to automatically detect based on key length (SHA-2-256 for RSA keys, and matching the curve size for NIST P-Curves).
	SignatureBits int32 `json:"signature_bits"`

	// Value for the Subject Key Identifier field (RFC 5280 Section 4.2.1.2). This value should ONLY be used when cross-signing to mimic the existing certificate's SKID value; this is necessary to allow certain TLS implementations (such as OpenSSL) which use SKID/AKID matches in chain building to restrict possible valid chains. Specified as a string in hex format. Default is empty, allowing Vault to automatically calculate the SKID according to method one in the above RFC section.
	Skid string `json:"skid"`

	// If set, Street Address will be set to this value.
	StreetAddress []string `json:"street_address"`

	// The requested Time To Live for the certificate; sets the expiration date. If not specified the role default, backend default, or system default TTL is used, in that order. Cannot be larger than the mount max TTL. Note: this only has an effect when generating a CA cert or signing a CA cert, not when generating a CSR for an intermediate CA.
	Ttl int32 `json:"ttl"`

	// The requested URI SANs, if any, in a comma-delimited list.
	UriSans []string `json:"uri_sans"`

	// If true, then: 1) Subject information, including names and alternate names, will be preserved from the CSR rather than using values provided in the other parameters to this path; 2) Any key usages requested in the CSR will be added to the basic set of key usages used for CA certs signed by this path; for instance, the non-repudiation flag; 3) Extensions requested in the CSR will be copied into the issued certificate.
	UseCsrValues bool `json:"use_csr_values"`

	// Whether or not to use PSS signatures when using a RSA key-type issuer. Defaults to false.
	UsePss bool `json:"use_pss"`
}

PKIRootSignIntermediateRequest struct for PKIRootSignIntermediateRequest

func NewPKIRootSignIntermediateRequestWithDefaults ¶ 

func NewPKIRootSignIntermediateRequestWithDefaults() *PKIRootSignIntermediateRequest

NewPKIRootSignIntermediateRequestWithDefaults instantiates a new PKIRootSignIntermediateRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (PKIRootSignIntermediateRequest) MarshalJSON ¶ 

func (o PKIRootSignIntermediateRequest) MarshalJSON() ([]byte, error)

type PKIRootSignSelfIssuedRequest ¶ 

type PKIRootSignSelfIssuedRequest struct {
	// PEM-format self-issued certificate to be signed.
	Certificate string `json:"certificate"`

	// Reference to a existing issuer; either \"default\" for the configured default issuer, an identifier or the name assigned to the issuer.
	IssuerRef string `json:"issuer_ref"`

	// If true, require the public key algorithm of the signer to match that of the self issued certificate.
	RequireMatchingCertificateAlgorithms bool `json:"require_matching_certificate_algorithms"`
}

PKIRootSignSelfIssuedRequest struct for PKIRootSignSelfIssuedRequest

func NewPKIRootSignSelfIssuedRequestWithDefaults ¶ 

func NewPKIRootSignSelfIssuedRequestWithDefaults() *PKIRootSignSelfIssuedRequest

NewPKIRootSignSelfIssuedRequestWithDefaults instantiates a new PKIRootSignSelfIssuedRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (PKIRootSignSelfIssuedRequest) MarshalJSON ¶ 

func (o PKIRootSignSelfIssuedRequest) MarshalJSON() ([]byte, error)

type PKIRotateRootRequest ¶ 

type PKIRotateRootRequest struct {
	// The requested Subject Alternative Names, if any, in a comma-delimited list. May contain both DNS names and email addresses.
	AltNames string `json:"alt_names"`

	// The requested common name; if you want more than one, specify the alternative names in the alt_names map. If not specified when signing, the common name will be taken from the CSR; other names must still be specified in alt_names or ip_sans.
	CommonName string `json:"common_name"`

	// If set, Country will be set to this value.
	Country []string `json:"country"`

	// If true, the Common Name will not be included in DNS or Email Subject Alternate Names. Defaults to false (CN is included).
	ExcludeCnFromSans bool `json:"exclude_cn_from_sans"`

	// Format for returned data. Can be \"pem\", \"der\", or \"pem_bundle\". If \"pem_bundle\", any private key and issuing cert will be appended to the certificate pem. If \"der\", the value will be base64 encoded. Defaults to \"pem\".
	Format string `json:"format"`

	// The requested IP SANs, if any, in a comma-delimited list
	IpSans []string `json:"ip_sans"`

	// Provide a name to the generated or existing issuer, the name must be unique across all issuers and not be the reserved value 'default'
	IssuerName string `json:"issuer_name"`

	// The number of bits to use. Allowed values are 0 (universal default); with rsa key_type: 2048 (default), 3072, or 4096; with ec key_type: 224, 256 (default), 384, or 521; ignored with ed25519.
	KeyBits int32 `json:"key_bits"`

	// Provide a name to the generated or existing key, the name must be unique across all keys and not be the reserved value 'default'
	KeyName string `json:"key_name"`

	// Reference to a existing key; either \"default\" for the configured default key, an identifier or the name assigned to the key.
	KeyRef string `json:"key_ref"`

	// The type of key to use; defaults to RSA. \"rsa\" \"ec\" and \"ed25519\" are the only valid values.
	KeyType string `json:"key_type"`

	// If set, Locality will be set to this value.
	Locality []string `json:"locality"`

	// The name of the managed key to use when the exported type is kms. When kms type is the key type, this field or managed_key_name is required. Ignored for other types.
	ManagedKeyId string `json:"managed_key_id"`

	// The name of the managed key to use when the exported type is kms. When kms type is the key type, this field or managed_key_id is required. Ignored for other types.
	ManagedKeyName string `json:"managed_key_name"`

	// The maximum allowable path length
	MaxPathLength int32 `json:"max_path_length"`

	// Set the not after field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ
	NotAfter string `json:"not_after"`

	// The duration before now which the certificate needs to be backdated by.
	NotBeforeDuration int32 `json:"not_before_duration"`

	// If set, O (Organization) will be set to this value.
	Organization []string `json:"organization"`

	// Requested other SANs, in an array with the format <oid>;UTF8:<utf8 string value> for each entry.
	OtherSans []string `json:"other_sans"`

	// If set, OU (OrganizationalUnit) will be set to this value.
	Ou []string `json:"ou"`

	// Domains for which this certificate is allowed to sign or issue child certificates. If set, all DNS names (subject and alt) on child certs must be exact matches or subsets of the given domains (see https://tools.ietf.org/html/rfc5280#section-4.2.1.10).
	PermittedDnsDomains []string `json:"permitted_dns_domains"`

	// If set, Postal Code will be set to this value.
	PostalCode []string `json:"postal_code"`

	// Format for the returned private key. Generally the default will be controlled by the \"format\" parameter as either base64-encoded DER or PEM-encoded DER. However, this can be set to \"pkcs8\" to have the returned private key contain base64-encoded pkcs8 or PEM-encoded pkcs8 instead. Defaults to \"der\".
	PrivateKeyFormat string `json:"private_key_format"`

	// If set, Province will be set to this value.
	Province []string `json:"province"`

	// The Subject's requested serial number, if any. See RFC 4519 Section 2.31 'serialNumber' for a description of this field. If you want more than one, specify alternative names in the alt_names map using OID 2.5.4.5. This has no impact on the final certificate's Serial Number field.
	SerialNumber string `json:"serial_number"`

	// The number of bits to use in the signature algorithm; accepts 256 for SHA-2-256, 384 for SHA-2-384, and 512 for SHA-2-512. Defaults to 0 to automatically detect based on key length (SHA-2-256 for RSA keys, and matching the curve size for NIST P-Curves).
	SignatureBits int32 `json:"signature_bits"`

	// If set, Street Address will be set to this value.
	StreetAddress []string `json:"street_address"`

	// The requested Time To Live for the certificate; sets the expiration date. If not specified the role default, backend default, or system default TTL is used, in that order. Cannot be larger than the mount max TTL. Note: this only has an effect when generating a CA cert or signing a CA cert, not when generating a CSR for an intermediate CA.
	Ttl int32 `json:"ttl"`

	// The requested URI SANs, if any, in a comma-delimited list.
	UriSans []string `json:"uri_sans"`

	// Whether or not to use PSS signatures when using a RSA key-type issuer. Defaults to false.
	UsePss bool `json:"use_pss"`
}

PKIRotateRootRequest struct for PKIRotateRootRequest

func NewPKIRotateRootRequestWithDefaults ¶ 

func NewPKIRotateRootRequestWithDefaults() *PKIRotateRootRequest

NewPKIRotateRootRequestWithDefaults instantiates a new PKIRotateRootRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (PKIRotateRootRequest) MarshalJSON ¶ 

func (o PKIRotateRootRequest) MarshalJSON() ([]byte, error)

type PKISignRoleRequest ¶ 

type PKISignRoleRequest struct {
	// The requested Subject Alternative Names, if any, in a comma-delimited list. If email protection is enabled for the role, this may contain email addresses.
	AltNames string `json:"alt_names"`

	// The requested common name; if you want more than one, specify the alternative names in the alt_names map. If email protection is enabled in the role, this may be an email address.
	CommonName string `json:"common_name"`

	// PEM-format CSR to be signed.
	Csr string `json:"csr"`

	// If true, the Common Name will not be included in DNS or Email Subject Alternate Names. Defaults to false (CN is included).
	ExcludeCnFromSans bool `json:"exclude_cn_from_sans"`

	// Format for returned data. Can be \"pem\", \"der\", or \"pem_bundle\". If \"pem_bundle\", any private key and issuing cert will be appended to the certificate pem. If \"der\", the value will be base64 encoded. Defaults to \"pem\".
	Format string `json:"format"`

	// The requested IP SANs, if any, in a comma-delimited list
	IpSans []string `json:"ip_sans"`

	// Reference to a existing issuer; either \"default\" for the configured default issuer, an identifier or the name assigned to the issuer.
	IssuerRef string `json:"issuer_ref"`

	// Set the not after field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ
	NotAfter string `json:"not_after"`

	// Requested other SANs, in an array with the format <oid>;UTF8:<utf8 string value> for each entry.
	OtherSans []string `json:"other_sans"`

	// Format for the returned private key. Generally the default will be controlled by the \"format\" parameter as either base64-encoded DER or PEM-encoded DER. However, this can be set to \"pkcs8\" to have the returned private key contain base64-encoded pkcs8 or PEM-encoded pkcs8 instead. Defaults to \"der\".
	PrivateKeyFormat string `json:"private_key_format"`

	// Whether or not to remove self-signed CA certificates in the output of the ca_chain field.
	RemoveRootsFromChain bool `json:"remove_roots_from_chain"`

	// The Subject's requested serial number, if any. See RFC 4519 Section 2.31 'serialNumber' for a description of this field. If you want more than one, specify alternative names in the alt_names map using OID 2.5.4.5. This has no impact on the final certificate's Serial Number field.
	SerialNumber string `json:"serial_number"`

	// The requested Time To Live for the certificate; sets the expiration date. If not specified the role default, backend default, or system default TTL is used, in that order. Cannot be larger than the role max TTL.
	Ttl int32 `json:"ttl"`

	// The requested URI SANs, if any, in a comma-delimited list.
	UriSans []string `json:"uri_sans"`
}

PKISignRoleRequest struct for PKISignRoleRequest

func NewPKISignRoleRequestWithDefaults ¶ 

func NewPKISignRoleRequestWithDefaults() *PKISignRoleRequest

NewPKISignRoleRequestWithDefaults instantiates a new PKISignRoleRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (PKISignRoleRequest) MarshalJSON ¶ 

func (o PKISignRoleRequest) MarshalJSON() ([]byte, error)

type PKISignVerbatimRequest ¶ 

type PKISignVerbatimRequest struct {
	// The requested Subject Alternative Names, if any, in a comma-delimited list. If email protection is enabled for the role, this may contain email addresses.
	AltNames string `json:"alt_names"`

	// The requested common name; if you want more than one, specify the alternative names in the alt_names map. If email protection is enabled in the role, this may be an email address.
	CommonName string `json:"common_name"`

	// PEM-format CSR to be signed. Values will be taken verbatim from the CSR, except for basic constraints.
	Csr string `json:"csr"`

	// If true, the Common Name will not be included in DNS or Email Subject Alternate Names. Defaults to false (CN is included).
	ExcludeCnFromSans bool `json:"exclude_cn_from_sans"`

	// A comma-separated string or list of extended key usages. Valid values can be found at https://golang.org/pkg/crypto/x509/#ExtKeyUsage -- simply drop the \"ExtKeyUsage\" part of the name. To remove all key usages from being set, set this value to an empty list.
	ExtKeyUsage []string `json:"ext_key_usage"`

	// A comma-separated string or list of extended key usage oids.
	ExtKeyUsageOids []string `json:"ext_key_usage_oids"`

	// Format for returned data. Can be \"pem\", \"der\", or \"pem_bundle\". If \"pem_bundle\", any private key and issuing cert will be appended to the certificate pem. If \"der\", the value will be base64 encoded. Defaults to \"pem\".
	Format string `json:"format"`

	// The requested IP SANs, if any, in a comma-delimited list
	IpSans []string `json:"ip_sans"`

	// Reference to a existing issuer; either \"default\" for the configured default issuer, an identifier or the name assigned to the issuer.
	IssuerRef string `json:"issuer_ref"`

	// A comma-separated string or list of key usages (not extended key usages). Valid values can be found at https://golang.org/pkg/crypto/x509/#KeyUsage -- simply drop the \"KeyUsage\" part of the name. To remove all key usages from being set, set this value to an empty list.
	KeyUsage []string `json:"key_usage"`

	// Set the not after field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ
	NotAfter string `json:"not_after"`

	// Requested other SANs, in an array with the format <oid>;UTF8:<utf8 string value> for each entry.
	OtherSans []string `json:"other_sans"`

	// Format for the returned private key. Generally the default will be controlled by the \"format\" parameter as either base64-encoded DER or PEM-encoded DER. However, this can be set to \"pkcs8\" to have the returned private key contain base64-encoded pkcs8 or PEM-encoded pkcs8 instead. Defaults to \"der\".
	PrivateKeyFormat string `json:"private_key_format"`

	// Whether or not to remove self-signed CA certificates in the output of the ca_chain field.
	RemoveRootsFromChain bool `json:"remove_roots_from_chain"`

	// The desired role with configuration for this request
	Role string `json:"role"`

	// The Subject's requested serial number, if any. See RFC 4519 Section 2.31 'serialNumber' for a description of this field. If you want more than one, specify alternative names in the alt_names map using OID 2.5.4.5. This has no impact on the final certificate's Serial Number field.
	SerialNumber string `json:"serial_number"`

	// The number of bits to use in the signature algorithm; accepts 256 for SHA-2-256, 384 for SHA-2-384, and 512 for SHA-2-512. Defaults to 0 to automatically detect based on key length (SHA-2-256 for RSA keys, and matching the curve size for NIST P-Curves).
	SignatureBits int32 `json:"signature_bits"`

	// The requested Time To Live for the certificate; sets the expiration date. If not specified the role default, backend default, or system default TTL is used, in that order. Cannot be larger than the role max TTL.
	Ttl int32 `json:"ttl"`

	// The requested URI SANs, if any, in a comma-delimited list.
	UriSans []string `json:"uri_sans"`

	// Whether or not to use PSS signatures when using a RSA key-type issuer. Defaults to false.
	UsePss bool `json:"use_pss"`
}

PKISignVerbatimRequest struct for PKISignVerbatimRequest

func NewPKISignVerbatimRequestWithDefaults ¶ 

func NewPKISignVerbatimRequestWithDefaults() *PKISignVerbatimRequest

NewPKISignVerbatimRequestWithDefaults instantiates a new PKISignVerbatimRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (PKISignVerbatimRequest) MarshalJSON ¶ 

func (o PKISignVerbatimRequest) MarshalJSON() ([]byte, error)

type PKISignVerbatimRoleRequest ¶ 

type PKISignVerbatimRoleRequest struct {
	// The requested Subject Alternative Names, if any, in a comma-delimited list. If email protection is enabled for the role, this may contain email addresses.
	AltNames string `json:"alt_names"`

	// The requested common name; if you want more than one, specify the alternative names in the alt_names map. If email protection is enabled in the role, this may be an email address.
	CommonName string `json:"common_name"`

	// PEM-format CSR to be signed. Values will be taken verbatim from the CSR, except for basic constraints.
	Csr string `json:"csr"`

	// If true, the Common Name will not be included in DNS or Email Subject Alternate Names. Defaults to false (CN is included).
	ExcludeCnFromSans bool `json:"exclude_cn_from_sans"`

	// A comma-separated string or list of extended key usages. Valid values can be found at https://golang.org/pkg/crypto/x509/#ExtKeyUsage -- simply drop the \"ExtKeyUsage\" part of the name. To remove all key usages from being set, set this value to an empty list.
	ExtKeyUsage []string `json:"ext_key_usage"`

	// A comma-separated string or list of extended key usage oids.
	ExtKeyUsageOids []string `json:"ext_key_usage_oids"`

	// Format for returned data. Can be \"pem\", \"der\", or \"pem_bundle\". If \"pem_bundle\", any private key and issuing cert will be appended to the certificate pem. If \"der\", the value will be base64 encoded. Defaults to \"pem\".
	Format string `json:"format"`

	// The requested IP SANs, if any, in a comma-delimited list
	IpSans []string `json:"ip_sans"`

	// Reference to a existing issuer; either \"default\" for the configured default issuer, an identifier or the name assigned to the issuer.
	IssuerRef string `json:"issuer_ref"`

	// A comma-separated string or list of key usages (not extended key usages). Valid values can be found at https://golang.org/pkg/crypto/x509/#KeyUsage -- simply drop the \"KeyUsage\" part of the name. To remove all key usages from being set, set this value to an empty list.
	KeyUsage []string `json:"key_usage"`

	// Set the not after field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ
	NotAfter string `json:"not_after"`

	// Requested other SANs, in an array with the format <oid>;UTF8:<utf8 string value> for each entry.
	OtherSans []string `json:"other_sans"`

	// Format for the returned private key. Generally the default will be controlled by the \"format\" parameter as either base64-encoded DER or PEM-encoded DER. However, this can be set to \"pkcs8\" to have the returned private key contain base64-encoded pkcs8 or PEM-encoded pkcs8 instead. Defaults to \"der\".
	PrivateKeyFormat string `json:"private_key_format"`

	// Whether or not to remove self-signed CA certificates in the output of the ca_chain field.
	RemoveRootsFromChain bool `json:"remove_roots_from_chain"`

	// The Subject's requested serial number, if any. See RFC 4519 Section 2.31 'serialNumber' for a description of this field. If you want more than one, specify alternative names in the alt_names map using OID 2.5.4.5. This has no impact on the final certificate's Serial Number field.
	SerialNumber string `json:"serial_number"`

	// The number of bits to use in the signature algorithm; accepts 256 for SHA-2-256, 384 for SHA-2-384, and 512 for SHA-2-512. Defaults to 0 to automatically detect based on key length (SHA-2-256 for RSA keys, and matching the curve size for NIST P-Curves).
	SignatureBits int32 `json:"signature_bits"`

	// The requested Time To Live for the certificate; sets the expiration date. If not specified the role default, backend default, or system default TTL is used, in that order. Cannot be larger than the role max TTL.
	Ttl int32 `json:"ttl"`

	// The requested URI SANs, if any, in a comma-delimited list.
	UriSans []string `json:"uri_sans"`

	// Whether or not to use PSS signatures when using a RSA key-type issuer. Defaults to false.
	UsePss bool `json:"use_pss"`
}

PKISignVerbatimRoleRequest struct for PKISignVerbatimRoleRequest

func NewPKISignVerbatimRoleRequestWithDefaults ¶ 

func NewPKISignVerbatimRoleRequestWithDefaults() *PKISignVerbatimRoleRequest

NewPKISignVerbatimRoleRequestWithDefaults instantiates a new PKISignVerbatimRoleRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (PKISignVerbatimRoleRequest) MarshalJSON ¶ 

func (o PKISignVerbatimRoleRequest) MarshalJSON() ([]byte, error)

type PKITidyRequest ¶ 

type PKITidyRequest struct {
	// The amount of extra time that must have passed beyond issuer's expiration before it is removed from the backend storage. Defaults to 8760 hours (1 year).
	IssuerSafetyBuffer int32 `json:"issuer_safety_buffer"`

	// The amount of time to wait between processing certificates. This allows operators to change the execution profile of tidy to take consume less resources by slowing down how long it takes to run. Note that the entire list of certificates will be stored in memory during the entire tidy operation, but resources to read/process/update existing entries will be spread out over a greater period of time. By default this is zero seconds.
	PauseDuration string `json:"pause_duration"`

	// The amount of extra time that must have passed beyond certificate expiration before it is removed from the backend storage and/or revocation list. Defaults to 72 hours.
	SafetyBuffer int32 `json:"safety_buffer"`

	// Set to true to enable tidying up the certificate store
	TidyCertStore bool `json:"tidy_cert_store"`

	// Set to true to automatically remove expired issuers past the issuer_safety_buffer. No keys will be removed as part of this operation.
	TidyExpiredIssuers bool `json:"tidy_expired_issuers"`

	// Deprecated; synonym for 'tidy_revoked_certs
	TidyRevocationList bool `json:"tidy_revocation_list"`

	// Set to true to validate issuer associations on revocation entries. This helps increase the performance of CRL building and OCSP responses.
	TidyRevokedCertIssuerAssociations bool `json:"tidy_revoked_cert_issuer_associations"`

	// Set to true to expire all revoked and expired certificates, removing them both from the CRL and from storage. The CRL will be rotated if this causes any values to be removed.
	TidyRevokedCerts bool `json:"tidy_revoked_certs"`
}

PKITidyRequest struct for PKITidyRequest

func NewPKITidyRequestWithDefaults ¶ 

func NewPKITidyRequestWithDefaults() *PKITidyRequest

NewPKITidyRequestWithDefaults instantiates a new PKITidyRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (PKITidyRequest) MarshalJSON ¶ 

func (o PKITidyRequest) MarshalJSON() ([]byte, error)

type PKIWriteAutoTidyConfigRequest ¶ 

type PKIWriteAutoTidyConfigRequest struct {
	// Set to true to enable automatic tidy operations.
	Enabled bool `json:"enabled"`

	// Interval at which to run an auto-tidy operation. This is the time between tidy invocations (after one finishes to the start of the next). Running a manual tidy will reset this duration.
	IntervalDuration int32 `json:"interval_duration"`

	// The amount of extra time that must have passed beyond issuer's expiration before it is removed from the backend storage. Defaults to 8760 hours (1 year).
	IssuerSafetyBuffer int32 `json:"issuer_safety_buffer"`

	// The amount of time to wait between processing certificates. This allows operators to change the execution profile of tidy to take consume less resources by slowing down how long it takes to run. Note that the entire list of certificates will be stored in memory during the entire tidy operation, but resources to read/process/update existing entries will be spread out over a greater period of time. By default this is zero seconds.
	PauseDuration string `json:"pause_duration"`

	// The amount of extra time that must have passed beyond certificate expiration before it is removed from the backend storage and/or revocation list. Defaults to 72 hours.
	SafetyBuffer int32 `json:"safety_buffer"`

	// Set to true to enable tidying up the certificate store
	TidyCertStore bool `json:"tidy_cert_store"`

	// Set to true to automatically remove expired issuers past the issuer_safety_buffer. No keys will be removed as part of this operation.
	TidyExpiredIssuers bool `json:"tidy_expired_issuers"`

	// Deprecated; synonym for 'tidy_revoked_certs
	TidyRevocationList bool `json:"tidy_revocation_list"`

	// Set to true to validate issuer associations on revocation entries. This helps increase the performance of CRL building and OCSP responses.
	TidyRevokedCertIssuerAssociations bool `json:"tidy_revoked_cert_issuer_associations"`

	// Set to true to expire all revoked and expired certificates, removing them both from the CRL and from storage. The CRL will be rotated if this causes any values to be removed.
	TidyRevokedCerts bool `json:"tidy_revoked_certs"`
}

PKIWriteAutoTidyConfigRequest struct for PKIWriteAutoTidyConfigRequest

func NewPKIWriteAutoTidyConfigRequestWithDefaults ¶ 

func NewPKIWriteAutoTidyConfigRequestWithDefaults() *PKIWriteAutoTidyConfigRequest

NewPKIWriteAutoTidyConfigRequestWithDefaults instantiates a new PKIWriteAutoTidyConfigRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (PKIWriteAutoTidyConfigRequest) MarshalJSON ¶ 

func (o PKIWriteAutoTidyConfigRequest) MarshalJSON() ([]byte, error)

type PKIWriteCAConfigRequest ¶ 

type PKIWriteCAConfigRequest struct {
	// PEM-format, concatenated unencrypted secret key and certificate.
	PemBundle string `json:"pem_bundle"`
}

PKIWriteCAConfigRequest struct for PKIWriteCAConfigRequest

func NewPKIWriteCAConfigRequestWithDefaults ¶ 

func NewPKIWriteCAConfigRequestWithDefaults() *PKIWriteCAConfigRequest

NewPKIWriteCAConfigRequestWithDefaults instantiates a new PKIWriteCAConfigRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (PKIWriteCAConfigRequest) MarshalJSON ¶ 

func (o PKIWriteCAConfigRequest) MarshalJSON() ([]byte, error)

type PKIWriteCRLConfigRequest ¶ 

type PKIWriteCRLConfigRequest struct {
	// If set to true, enables automatic rebuilding of the CRL
	AutoRebuild bool `json:"auto_rebuild"`

	// The time before the CRL expires to automatically rebuild it, when enabled. Must be shorter than the CRL expiry. Defaults to 12h.
	AutoRebuildGracePeriod string `json:"auto_rebuild_grace_period"`

	// The time between delta CRL rebuilds if a new revocation has occurred. Must be shorter than the CRL expiry. Defaults to 15m.
	DeltaRebuildInterval string `json:"delta_rebuild_interval"`

	// If set to true, disables generating the CRL entirely.
	Disable bool `json:"disable"`

	// Whether to enable delta CRLs between authoritative CRL rebuilds
	EnableDelta bool `json:"enable_delta"`

	// The amount of time the generated CRL should be valid; defaults to 72 hours
	Expiry string `json:"expiry"`

	// If set to true, ocsp unauthorized responses will be returned.
	OcspDisable bool `json:"ocsp_disable"`

	// The amount of time an OCSP response will be valid (controls the NextUpdate field); defaults to 12 hours
	OcspExpiry string `json:"ocsp_expiry"`
}

PKIWriteCRLConfigRequest struct for PKIWriteCRLConfigRequest

func NewPKIWriteCRLConfigRequestWithDefaults ¶ 

func NewPKIWriteCRLConfigRequestWithDefaults() *PKIWriteCRLConfigRequest

NewPKIWriteCRLConfigRequestWithDefaults instantiates a new PKIWriteCRLConfigRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (PKIWriteCRLConfigRequest) MarshalJSON ¶ 

func (o PKIWriteCRLConfigRequest) MarshalJSON() ([]byte, error)

type PKIWriteCertsRequest ¶ 

type PKIWriteCertsRequest struct {
	// PEM-format, concatenated unencrypted secret-key (optional) and certificates.
	PemBundle string `json:"pem_bundle"`
}

PKIWriteCertsRequest struct for PKIWriteCertsRequest

func NewPKIWriteCertsRequestWithDefaults ¶ 

func NewPKIWriteCertsRequestWithDefaults() *PKIWriteCertsRequest

NewPKIWriteCertsRequestWithDefaults instantiates a new PKIWriteCertsRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (PKIWriteCertsRequest) MarshalJSON ¶ 

func (o PKIWriteCertsRequest) MarshalJSON() ([]byte, error)

type PKIWriteClusterConfigRequest ¶ 

type PKIWriteClusterConfigRequest struct {
	// Canonical URI to this mount on this performance replication cluster's external address. This is for resolving AIA URLs and providing the {{cluster_path}} template parameter but might be used for other purposes in the future. This should only point back to this particular PR replica and should not ever point to another PR cluster. It may point to any node in the PR replica, including standby nodes, and need not always point to the active node. For example: https://pr1.vault.example.com:8200/v1/pki
	Path string `json:"path"`
}

PKIWriteClusterConfigRequest struct for PKIWriteClusterConfigRequest

func NewPKIWriteClusterConfigRequestWithDefaults ¶ 

func NewPKIWriteClusterConfigRequestWithDefaults() *PKIWriteClusterConfigRequest

NewPKIWriteClusterConfigRequestWithDefaults instantiates a new PKIWriteClusterConfigRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (PKIWriteClusterConfigRequest) MarshalJSON ¶ 

func (o PKIWriteClusterConfigRequest) MarshalJSON() ([]byte, error)

type PKIWriteIntermediateCrossSignRequest ¶ 

type PKIWriteIntermediateCrossSignRequest struct {
	// Whether to add a Basic Constraints extension with CA: true. Only needed as a workaround in some compatibility scenarios with Active Directory Certificate Services.
	AddBasicConstraints bool `json:"add_basic_constraints"`

	// The requested Subject Alternative Names, if any, in a comma-delimited list. May contain both DNS names and email addresses.
	AltNames string `json:"alt_names"`

	// The requested common name; if you want more than one, specify the alternative names in the alt_names map. If not specified when signing, the common name will be taken from the CSR; other names must still be specified in alt_names or ip_sans.
	CommonName string `json:"common_name"`

	// If set, Country will be set to this value.
	Country []string `json:"country"`

	// If true, the Common Name will not be included in DNS or Email Subject Alternate Names. Defaults to false (CN is included).
	ExcludeCnFromSans bool `json:"exclude_cn_from_sans"`

	// Must be \"internal\", \"exported\" or \"kms\". If set to \"exported\", the generated private key will be returned. This is your *only* chance to retrieve the private key!
	Exported string `json:"exported"`

	// Format for returned data. Can be \"pem\", \"der\", or \"pem_bundle\". If \"pem_bundle\", any private key and issuing cert will be appended to the certificate pem. If \"der\", the value will be base64 encoded. Defaults to \"pem\".
	Format string `json:"format"`

	// The requested IP SANs, if any, in a comma-delimited list
	IpSans []string `json:"ip_sans"`

	// The number of bits to use. Allowed values are 0 (universal default); with rsa key_type: 2048 (default), 3072, or 4096; with ec key_type: 224, 256 (default), 384, or 521; ignored with ed25519.
	KeyBits int32 `json:"key_bits"`

	// Provide a name to the generated or existing key, the name must be unique across all keys and not be the reserved value 'default'
	KeyName string `json:"key_name"`

	// Reference to a existing key; either \"default\" for the configured default key, an identifier or the name assigned to the key.
	KeyRef string `json:"key_ref"`

	// The type of key to use; defaults to RSA. \"rsa\" \"ec\" and \"ed25519\" are the only valid values.
	KeyType string `json:"key_type"`

	// If set, Locality will be set to this value.
	Locality []string `json:"locality"`

	// The name of the managed key to use when the exported type is kms. When kms type is the key type, this field or managed_key_name is required. Ignored for other types.
	ManagedKeyId string `json:"managed_key_id"`

	// The name of the managed key to use when the exported type is kms. When kms type is the key type, this field or managed_key_id is required. Ignored for other types.
	ManagedKeyName string `json:"managed_key_name"`

	// Set the not after field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ
	NotAfter string `json:"not_after"`

	// The duration before now which the certificate needs to be backdated by.
	NotBeforeDuration int32 `json:"not_before_duration"`

	// If set, O (Organization) will be set to this value.
	Organization []string `json:"organization"`

	// Requested other SANs, in an array with the format <oid>;UTF8:<utf8 string value> for each entry.
	OtherSans []string `json:"other_sans"`

	// If set, OU (OrganizationalUnit) will be set to this value.
	Ou []string `json:"ou"`

	// If set, Postal Code will be set to this value.
	PostalCode []string `json:"postal_code"`

	// Format for the returned private key. Generally the default will be controlled by the \"format\" parameter as either base64-encoded DER or PEM-encoded DER. However, this can be set to \"pkcs8\" to have the returned private key contain base64-encoded pkcs8 or PEM-encoded pkcs8 instead. Defaults to \"der\".
	PrivateKeyFormat string `json:"private_key_format"`

	// If set, Province will be set to this value.
	Province []string `json:"province"`

	// The Subject's requested serial number, if any. See RFC 4519 Section 2.31 'serialNumber' for a description of this field. If you want more than one, specify alternative names in the alt_names map using OID 2.5.4.5. This has no impact on the final certificate's Serial Number field.
	SerialNumber string `json:"serial_number"`

	// The number of bits to use in the signature algorithm; accepts 256 for SHA-2-256, 384 for SHA-2-384, and 512 for SHA-2-512. Defaults to 0 to automatically detect based on key length (SHA-2-256 for RSA keys, and matching the curve size for NIST P-Curves).
	SignatureBits int32 `json:"signature_bits"`

	// If set, Street Address will be set to this value.
	StreetAddress []string `json:"street_address"`

	// The requested Time To Live for the certificate; sets the expiration date. If not specified the role default, backend default, or system default TTL is used, in that order. Cannot be larger than the mount max TTL. Note: this only has an effect when generating a CA cert or signing a CA cert, not when generating a CSR for an intermediate CA.
	Ttl int32 `json:"ttl"`

	// The requested URI SANs, if any, in a comma-delimited list.
	UriSans []string `json:"uri_sans"`
}

PKIWriteIntermediateCrossSignRequest struct for PKIWriteIntermediateCrossSignRequest

func NewPKIWriteIntermediateCrossSignRequestWithDefaults ¶ 

func NewPKIWriteIntermediateCrossSignRequestWithDefaults() *PKIWriteIntermediateCrossSignRequest

NewPKIWriteIntermediateCrossSignRequestWithDefaults instantiates a new PKIWriteIntermediateCrossSignRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (PKIWriteIntermediateCrossSignRequest) MarshalJSON ¶ 

func (o PKIWriteIntermediateCrossSignRequest) MarshalJSON() ([]byte, error)

type PKIWriteIntermediateGenerateRequest ¶ 

type PKIWriteIntermediateGenerateRequest struct {
	// Whether to add a Basic Constraints extension with CA: true. Only needed as a workaround in some compatibility scenarios with Active Directory Certificate Services.
	AddBasicConstraints bool `json:"add_basic_constraints"`

	// The requested Subject Alternative Names, if any, in a comma-delimited list. May contain both DNS names and email addresses.
	AltNames string `json:"alt_names"`

	// The requested common name; if you want more than one, specify the alternative names in the alt_names map. If not specified when signing, the common name will be taken from the CSR; other names must still be specified in alt_names or ip_sans.
	CommonName string `json:"common_name"`

	// If set, Country will be set to this value.
	Country []string `json:"country"`

	// If true, the Common Name will not be included in DNS or Email Subject Alternate Names. Defaults to false (CN is included).
	ExcludeCnFromSans bool `json:"exclude_cn_from_sans"`

	// Format for returned data. Can be \"pem\", \"der\", or \"pem_bundle\". If \"pem_bundle\", any private key and issuing cert will be appended to the certificate pem. If \"der\", the value will be base64 encoded. Defaults to \"pem\".
	Format string `json:"format"`

	// The requested IP SANs, if any, in a comma-delimited list
	IpSans []string `json:"ip_sans"`

	// The number of bits to use. Allowed values are 0 (universal default); with rsa key_type: 2048 (default), 3072, or 4096; with ec key_type: 224, 256 (default), 384, or 521; ignored with ed25519.
	KeyBits int32 `json:"key_bits"`

	// Provide a name to the generated or existing key, the name must be unique across all keys and not be the reserved value 'default'
	KeyName string `json:"key_name"`

	// Reference to a existing key; either \"default\" for the configured default key, an identifier or the name assigned to the key.
	KeyRef string `json:"key_ref"`

	// The type of key to use; defaults to RSA. \"rsa\" \"ec\" and \"ed25519\" are the only valid values.
	KeyType string `json:"key_type"`

	// If set, Locality will be set to this value.
	Locality []string `json:"locality"`

	// The name of the managed key to use when the exported type is kms. When kms type is the key type, this field or managed_key_name is required. Ignored for other types.
	ManagedKeyId string `json:"managed_key_id"`

	// The name of the managed key to use when the exported type is kms. When kms type is the key type, this field or managed_key_id is required. Ignored for other types.
	ManagedKeyName string `json:"managed_key_name"`

	// Set the not after field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ
	NotAfter string `json:"not_after"`

	// The duration before now which the certificate needs to be backdated by.
	NotBeforeDuration int32 `json:"not_before_duration"`

	// If set, O (Organization) will be set to this value.
	Organization []string `json:"organization"`

	// Requested other SANs, in an array with the format <oid>;UTF8:<utf8 string value> for each entry.
	OtherSans []string `json:"other_sans"`

	// If set, OU (OrganizationalUnit) will be set to this value.
	Ou []string `json:"ou"`

	// If set, Postal Code will be set to this value.
	PostalCode []string `json:"postal_code"`

	// Format for the returned private key. Generally the default will be controlled by the \"format\" parameter as either base64-encoded DER or PEM-encoded DER. However, this can be set to \"pkcs8\" to have the returned private key contain base64-encoded pkcs8 or PEM-encoded pkcs8 instead. Defaults to \"der\".
	PrivateKeyFormat string `json:"private_key_format"`

	// If set, Province will be set to this value.
	Province []string `json:"province"`

	// The Subject's requested serial number, if any. See RFC 4519 Section 2.31 'serialNumber' for a description of this field. If you want more than one, specify alternative names in the alt_names map using OID 2.5.4.5. This has no impact on the final certificate's Serial Number field.
	SerialNumber string `json:"serial_number"`

	// The number of bits to use in the signature algorithm; accepts 256 for SHA-2-256, 384 for SHA-2-384, and 512 for SHA-2-512. Defaults to 0 to automatically detect based on key length (SHA-2-256 for RSA keys, and matching the curve size for NIST P-Curves).
	SignatureBits int32 `json:"signature_bits"`

	// If set, Street Address will be set to this value.
	StreetAddress []string `json:"street_address"`

	// The requested Time To Live for the certificate; sets the expiration date. If not specified the role default, backend default, or system default TTL is used, in that order. Cannot be larger than the mount max TTL. Note: this only has an effect when generating a CA cert or signing a CA cert, not when generating a CSR for an intermediate CA.
	Ttl int32 `json:"ttl"`

	// The requested URI SANs, if any, in a comma-delimited list.
	UriSans []string `json:"uri_sans"`
}

PKIWriteIntermediateGenerateRequest struct for PKIWriteIntermediateGenerateRequest

func NewPKIWriteIntermediateGenerateRequestWithDefaults ¶ 

func NewPKIWriteIntermediateGenerateRequestWithDefaults() *PKIWriteIntermediateGenerateRequest

NewPKIWriteIntermediateGenerateRequestWithDefaults instantiates a new PKIWriteIntermediateGenerateRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (PKIWriteIntermediateGenerateRequest) MarshalJSON ¶ 

func (o PKIWriteIntermediateGenerateRequest) MarshalJSON() ([]byte, error)

type PKIWriteIntermediateSetSignedRequest ¶ 

type PKIWriteIntermediateSetSignedRequest struct {
	// PEM-format certificate. This must be a CA certificate with a public key matching the previously-generated key from the generation endpoint. Additional parent CAs may be optionally appended to the bundle.
	Certificate string `json:"certificate"`
}

PKIWriteIntermediateSetSignedRequest struct for PKIWriteIntermediateSetSignedRequest

func NewPKIWriteIntermediateSetSignedRequestWithDefaults ¶ 

func NewPKIWriteIntermediateSetSignedRequestWithDefaults() *PKIWriteIntermediateSetSignedRequest

NewPKIWriteIntermediateSetSignedRequestWithDefaults instantiates a new PKIWriteIntermediateSetSignedRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (PKIWriteIntermediateSetSignedRequest) MarshalJSON ¶ 

func (o PKIWriteIntermediateSetSignedRequest) MarshalJSON() ([]byte, error)

type PKIWriteInternalExportedRequest ¶ 

type PKIWriteInternalExportedRequest struct {
	// The number of bits to use. Allowed values are 0 (universal default); with rsa key_type: 2048 (default), 3072, or 4096; with ec key_type: 224, 256 (default), 384, or 521; ignored with ed25519.
	KeyBits int32 `json:"key_bits"`

	// Optional name to be used for this key
	KeyName string `json:"key_name"`

	// The type of key to use; defaults to RSA. \"rsa\" \"ec\" and \"ed25519\" are the only valid values.
	KeyType string `json:"key_type"`

	// The name of the managed key to use when the exported type is kms. When kms type is the key type, this field or managed_key_name is required. Ignored for other types.
	ManagedKeyId string `json:"managed_key_id"`

	// The name of the managed key to use when the exported type is kms. When kms type is the key type, this field or managed_key_id is required. Ignored for other types.
	ManagedKeyName string `json:"managed_key_name"`
}

PKIWriteInternalExportedRequest struct for PKIWriteInternalExportedRequest

func NewPKIWriteInternalExportedRequestWithDefaults ¶ 

func NewPKIWriteInternalExportedRequestWithDefaults() *PKIWriteInternalExportedRequest

NewPKIWriteInternalExportedRequestWithDefaults instantiates a new PKIWriteInternalExportedRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (PKIWriteInternalExportedRequest) MarshalJSON ¶ 

func (o PKIWriteInternalExportedRequest) MarshalJSON() ([]byte, error)

type PKIWriteIssueRoleRequest ¶ 

type PKIWriteIssueRoleRequest struct {
	// The requested Subject Alternative Names, if any, in a comma-delimited list. If email protection is enabled for the role, this may contain email addresses.
	AltNames string `json:"alt_names"`

	// The requested common name; if you want more than one, specify the alternative names in the alt_names map. If email protection is enabled in the role, this may be an email address.
	CommonName string `json:"common_name"`

	// If true, the Common Name will not be included in DNS or Email Subject Alternate Names. Defaults to false (CN is included).
	ExcludeCnFromSans bool `json:"exclude_cn_from_sans"`

	// Format for returned data. Can be \"pem\", \"der\", or \"pem_bundle\". If \"pem_bundle\", any private key and issuing cert will be appended to the certificate pem. If \"der\", the value will be base64 encoded. Defaults to \"pem\".
	Format string `json:"format"`

	// The requested IP SANs, if any, in a comma-delimited list
	IpSans []string `json:"ip_sans"`

	// Reference to a existing issuer; either \"default\" for the configured default issuer, an identifier or the name assigned to the issuer.
	IssuerRef string `json:"issuer_ref"`

	// Set the not after field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ
	NotAfter string `json:"not_after"`

	// Requested other SANs, in an array with the format <oid>;UTF8:<utf8 string value> for each entry.
	OtherSans []string `json:"other_sans"`

	// Format for the returned private key. Generally the default will be controlled by the \"format\" parameter as either base64-encoded DER or PEM-encoded DER. However, this can be set to \"pkcs8\" to have the returned private key contain base64-encoded pkcs8 or PEM-encoded pkcs8 instead. Defaults to \"der\".
	PrivateKeyFormat string `json:"private_key_format"`

	// Whether or not to remove self-signed CA certificates in the output of the ca_chain field.
	RemoveRootsFromChain bool `json:"remove_roots_from_chain"`

	// The Subject's requested serial number, if any. See RFC 4519 Section 2.31 'serialNumber' for a description of this field. If you want more than one, specify alternative names in the alt_names map using OID 2.5.4.5. This has no impact on the final certificate's Serial Number field.
	SerialNumber string `json:"serial_number"`

	// The requested Time To Live for the certificate; sets the expiration date. If not specified the role default, backend default, or system default TTL is used, in that order. Cannot be larger than the role max TTL.
	Ttl int32 `json:"ttl"`

	// The requested URI SANs, if any, in a comma-delimited list.
	UriSans []string `json:"uri_sans"`
}

PKIWriteIssueRoleRequest struct for PKIWriteIssueRoleRequest

func NewPKIWriteIssueRoleRequestWithDefaults ¶ 

func NewPKIWriteIssueRoleRequestWithDefaults() *PKIWriteIssueRoleRequest

NewPKIWriteIssueRoleRequestWithDefaults instantiates a new PKIWriteIssueRoleRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (PKIWriteIssueRoleRequest) MarshalJSON ¶ 

func (o PKIWriteIssueRoleRequest) MarshalJSON() ([]byte, error)

type PKIWriteIssuersConfigRequest ¶ 

type PKIWriteIssuersConfigRequest struct {
	// Reference (name or identifier) to the default issuer.
	Default string `json:"default"`

	// Whether the default issuer should automatically follow the latest generated or imported issuer. Defaults to false.
	DefaultFollowsLatestIssuer bool `json:"default_follows_latest_issuer"`
}

PKIWriteIssuersConfigRequest struct for PKIWriteIssuersConfigRequest

func NewPKIWriteIssuersConfigRequestWithDefaults ¶ 

func NewPKIWriteIssuersConfigRequestWithDefaults() *PKIWriteIssuersConfigRequest

NewPKIWriteIssuersConfigRequestWithDefaults instantiates a new PKIWriteIssuersConfigRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (PKIWriteIssuersConfigRequest) MarshalJSON ¶ 

func (o PKIWriteIssuersConfigRequest) MarshalJSON() ([]byte, error)

type PKIWriteKMSRequest ¶ 

type PKIWriteKMSRequest struct {
	// The number of bits to use. Allowed values are 0 (universal default); with rsa key_type: 2048 (default), 3072, or 4096; with ec key_type: 224, 256 (default), 384, or 521; ignored with ed25519.
	KeyBits int32 `json:"key_bits"`

	// Optional name to be used for this key
	KeyName string `json:"key_name"`

	// The type of key to use; defaults to RSA. \"rsa\" \"ec\" and \"ed25519\" are the only valid values.
	KeyType string `json:"key_type"`

	// The name of the managed key to use when the exported type is kms. When kms type is the key type, this field or managed_key_name is required. Ignored for other types.
	ManagedKeyId string `json:"managed_key_id"`

	// The name of the managed key to use when the exported type is kms. When kms type is the key type, this field or managed_key_id is required. Ignored for other types.
	ManagedKeyName string `json:"managed_key_name"`
}

PKIWriteKMSRequest struct for PKIWriteKMSRequest

func NewPKIWriteKMSRequestWithDefaults ¶ 

func NewPKIWriteKMSRequestWithDefaults() *PKIWriteKMSRequest

NewPKIWriteKMSRequestWithDefaults instantiates a new PKIWriteKMSRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (PKIWriteKMSRequest) MarshalJSON ¶ 

func (o PKIWriteKMSRequest) MarshalJSON() ([]byte, error)

type PKIWriteKeyRequest ¶ 

type PKIWriteKeyRequest struct {
	// Human-readable name for this key.
	KeyName string `json:"key_name"`
}

PKIWriteKeyRequest struct for PKIWriteKeyRequest

func NewPKIWriteKeyRequestWithDefaults ¶ 

func NewPKIWriteKeyRequestWithDefaults() *PKIWriteKeyRequest

NewPKIWriteKeyRequestWithDefaults instantiates a new PKIWriteKeyRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (PKIWriteKeyRequest) MarshalJSON ¶ 

func (o PKIWriteKeyRequest) MarshalJSON() ([]byte, error)

type PKIWriteKeysConfigRequest ¶ 

type PKIWriteKeysConfigRequest struct {
	// Reference (name or identifier) of the default key.
	Default string `json:"default"`
}

PKIWriteKeysConfigRequest struct for PKIWriteKeysConfigRequest

func NewPKIWriteKeysConfigRequestWithDefaults ¶ 

func NewPKIWriteKeysConfigRequestWithDefaults() *PKIWriteKeysConfigRequest

NewPKIWriteKeysConfigRequestWithDefaults instantiates a new PKIWriteKeysConfigRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (PKIWriteKeysConfigRequest) MarshalJSON ¶ 

func (o PKIWriteKeysConfigRequest) MarshalJSON() ([]byte, error)

type PKIWriteRoleRequest ¶ 

type PKIWriteRoleRequest struct {
	// If set, clients can request certificates for any domain, regardless of allowed_domains restrictions. See the documentation for more information.
	AllowAnyName bool `json:"allow_any_name"`

	// If set, clients can request certificates for the base domains themselves, e.g. \"example.com\" of domains listed in allowed_domains. This is a separate option as in some cases this can be considered a security threat. See the documentation for more information.
	AllowBareDomains bool `json:"allow_bare_domains"`

	// If set, domains specified in allowed_domains can include shell-style glob patterns, e.g. \"ftp*.example.com\". See the documentation for more information.
	AllowGlobDomains bool `json:"allow_glob_domains"`

	// If set, IP Subject Alternative Names are allowed. Any valid IP is accepted and No authorization checking is performed.
	AllowIpSans bool `json:"allow_ip_sans"`

	// Whether to allow \"localhost\" and \"localdomain\" as a valid common name in a request, independent of allowed_domains value.
	AllowLocalhost bool `json:"allow_localhost"`

	// If set, clients can request certificates for subdomains of domains listed in allowed_domains, including wildcard subdomains. See the documentation for more information.
	AllowSubdomains bool `json:"allow_subdomains"`

	// If set, allows certificates with wildcards in the common name to be issued, conforming to RFC 6125's Section 6.4.3; e.g., \"*.example.net\" or \"b*z.example.net\". See the documentation for more information.
	AllowWildcardCertificates bool `json:"allow_wildcard_certificates"`

	// Specifies the domains this role is allowed to issue certificates for. This is used with the allow_bare_domains, allow_subdomains, and allow_glob_domains to determine matches for the common name, DNS-typed SAN entries, and Email-typed SAN entries of certificates. See the documentation for more information. This parameter accepts a comma-separated string or list of domains.
	AllowedDomains []string `json:"allowed_domains"`

	// If set, Allowed domains can be specified using identity template policies. Non-templated domains are also permitted.
	AllowedDomainsTemplate bool `json:"allowed_domains_template"`

	// If set, an array of allowed other names to put in SANs. These values support globbing and must be in the format <oid>;<type>:<value>. Currently only \"utf8\" is a valid type. All values, including globbing values, must use this syntax, with the exception being a single \"*\" which allows any OID and any value (but type must still be utf8).
	AllowedOtherSans []string `json:"allowed_other_sans"`

	// If set, an array of allowed serial numbers to put in Subject. These values support globbing.
	AllowedSerialNumbers []string `json:"allowed_serial_numbers"`

	// If set, an array of allowed URIs for URI Subject Alternative Names. Any valid URI is accepted, these values support globbing.
	AllowedUriSans []string `json:"allowed_uri_sans"`

	// If set, Allowed URI SANs can be specified using identity template policies. Non-templated URI SANs are also permitted.
	AllowedUriSansTemplate bool `json:"allowed_uri_sans_template"`

	// Backend Type
	Backend string `json:"backend"`

	// Mark Basic Constraints valid when issuing non-CA certificates.
	BasicConstraintsValidForNonCa bool `json:"basic_constraints_valid_for_non_ca"`

	// If set, certificates are flagged for client auth use. Defaults to true. See also RFC 5280 Section 4.2.1.12.
	ClientFlag bool `json:"client_flag"`

	// List of allowed validations to run against the Common Name field. Values can include 'email' to validate the CN is a email address, 'hostname' to validate the CN is a valid hostname (potentially including wildcards). When multiple validations are specified, these take OR semantics (either email OR hostname are allowed). The special value 'disabled' allows disabling all CN name validations, allowing for arbitrary non-Hostname, non-Email address CNs.
	CnValidations []string `json:"cn_validations"`

	// If set, certificates are flagged for code signing use. Defaults to false. See also RFC 5280 Section 4.2.1.12.
	CodeSigningFlag bool `json:"code_signing_flag"`

	// If set, Country will be set to this value in certificates issued by this role.
	Country []string `json:"country"`

	// If set, certificates are flagged for email protection use. Defaults to false. See also RFC 5280 Section 4.2.1.12.
	EmailProtectionFlag bool `json:"email_protection_flag"`

	// If set, only valid host names are allowed for CN and DNS SANs, and the host part of email addresses. Defaults to true.
	EnforceHostnames bool `json:"enforce_hostnames"`

	// A comma-separated string or list of extended key usages. Valid values can be found at https://golang.org/pkg/crypto/x509/#ExtKeyUsage -- simply drop the \"ExtKeyUsage\" part of the name. To remove all key usages from being set, set this value to an empty list. See also RFC 5280 Section 4.2.1.12.
	ExtKeyUsage []string `json:"ext_key_usage"`

	// A comma-separated string or list of extended key usage oids.
	ExtKeyUsageOids []string `json:"ext_key_usage_oids"`

	// If set, certificates issued/signed against this role will have Vault leases attached to them. Defaults to \"false\". Certificates can be added to the CRL by \"vault revoke <lease_id>\" when certificates are associated with leases. It can also be done using the \"pki/revoke\" endpoint. However, when lease generation is disabled, invoking \"pki/revoke\" would be the only way to add the certificates to the CRL. When large number of certificates are generated with long lifetimes, it is recommended that lease generation be disabled, as large amount of leases adversely affect the startup time of Vault.
	GenerateLease bool `json:"generate_lease"`

	// Reference to the issuer used to sign requests serviced by this role.
	IssuerRef string `json:"issuer_ref"`

	// The number of bits to use. Allowed values are 0 (universal default); with rsa key_type: 2048 (default), 3072, or 4096; with ec key_type: 224, 256 (default), 384, or 521; ignored with ed25519.
	KeyBits int32 `json:"key_bits"`

	// The type of key to use; defaults to RSA. \"rsa\" \"ec\", \"ed25519\" and \"any\" are the only valid values.
	KeyType string `json:"key_type"`

	// A comma-separated string or list of key usages (not extended key usages). Valid values can be found at https://golang.org/pkg/crypto/x509/#KeyUsage -- simply drop the \"KeyUsage\" part of the name. To remove all key usages from being set, set this value to an empty list. See also RFC 5280 Section 4.2.1.3.
	KeyUsage []string `json:"key_usage"`

	// If set, Locality will be set to this value in certificates issued by this role.
	Locality []string `json:"locality"`

	// The maximum allowed lease duration. If not set, defaults to the system maximum lease TTL.
	MaxTtl int32 `json:"max_ttl"`

	// If set, certificates issued/signed against this role will not be stored in the storage backend. This can improve performance when issuing large numbers of certificates. However, certificates issued in this way cannot be enumerated or revoked, so this option is recommended only for certificates that are non-sensitive, or extremely short-lived. This option implies a value of \"false\" for \"generate_lease\".
	NoStore bool `json:"no_store"`

	// Set the not after field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ.
	NotAfter string `json:"not_after"`

	// The duration before now which the certificate needs to be backdated by.
	NotBeforeDuration int32 `json:"not_before_duration"`

	// If set, O (Organization) will be set to this value in certificates issued by this role.
	Organization []string `json:"organization"`

	// If set, OU (OrganizationalUnit) will be set to this value in certificates issued by this role.
	Ou []string `json:"ou"`

	// A comma-separated string or list of policy OIDs, or a JSON list of qualified policy information, which must include an oid, and may include a notice and/or cps url, using the form [{\"oid\"=\"1.3.6.1.4.1.7.8\",\"notice\"=\"I am a user Notice\"}, {\"oid\"=\"1.3.6.1.4.1.44947.1.2.4 \",\"cps\"=\"https://example.com\"}].
	PolicyIdentifiers []string `json:"policy_identifiers"`

	// If set, Postal Code will be set to this value in certificates issued by this role.
	PostalCode []string `json:"postal_code"`

	// If set, Province will be set to this value in certificates issued by this role.
	Province []string `json:"province"`

	// If set to false, makes the 'common_name' field optional while generating a certificate.
	RequireCn bool `json:"require_cn"`

	// If set, certificates are flagged for server auth use. Defaults to true. See also RFC 5280 Section 4.2.1.12.
	ServerFlag bool `json:"server_flag"`

	// The number of bits to use in the signature algorithm; accepts 256 for SHA-2-256, 384 for SHA-2-384, and 512 for SHA-2-512. Defaults to 0 to automatically detect based on key length (SHA-2-256 for RSA keys, and matching the curve size for NIST P-Curves).
	SignatureBits int32 `json:"signature_bits"`

	// If set, Street Address will be set to this value in certificates issued by this role.
	StreetAddress []string `json:"street_address"`

	// The lease duration (validity period of the certificate) if no specific lease duration is requested. The lease duration controls the expiration of certificates issued by this backend. Defaults to the system default value or the value of max_ttl, whichever is shorter.
	Ttl int32 `json:"ttl"`

	// If set, when used with a signing profile, the common name in the CSR will be used. This does *not* include any requested Subject Alternative Names; use use_csr_sans for that. Defaults to true.
	UseCsrCommonName bool `json:"use_csr_common_name"`

	// If set, when used with a signing profile, the SANs in the CSR will be used. This does *not* include the Common Name (cn); use use_csr_common_name for that. Defaults to true.
	UseCsrSans bool `json:"use_csr_sans"`

	// Whether or not to use PSS signatures when using a RSA key-type issuer. Defaults to false.
	UsePss bool `json:"use_pss"`
}

PKIWriteRoleRequest struct for PKIWriteRoleRequest

func NewPKIWriteRoleRequestWithDefaults ¶ 

func NewPKIWriteRoleRequestWithDefaults() *PKIWriteRoleRequest

NewPKIWriteRoleRequestWithDefaults instantiates a new PKIWriteRoleRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (PKIWriteRoleRequest) MarshalJSON ¶ 

func (o PKIWriteRoleRequest) MarshalJSON() ([]byte, error)

type PKIWriteURLConfigRequest ¶ 

type PKIWriteURLConfigRequest struct {
	// Comma-separated list of URLs to be used for the CRL distribution points attribute. See also RFC 5280 Section 4.2.1.13.
	CrlDistributionPoints []string `json:"crl_distribution_points"`

	// Whether or not to enabling templating of the above AIA fields. When templating is enabled the special values '{{issuer_id}}' and '{{cluster_path}}' are available, but the addresses are not checked for URI validity until issuance time. This requires /config/cluster's path to be set on all PR Secondary clusters.
	EnableTemplating bool `json:"enable_templating"`

	// Comma-separated list of URLs to be used for the issuing certificate attribute. See also RFC 5280 Section 4.2.2.1.
	IssuingCertificates []string `json:"issuing_certificates"`

	// Comma-separated list of URLs to be used for the OCSP servers attribute. See also RFC 5280 Section 4.2.2.1.
	OcspServers []string `json:"ocsp_servers"`
}

PKIWriteURLConfigRequest struct for PKIWriteURLConfigRequest

func NewPKIWriteURLConfigRequestWithDefaults ¶ 

func NewPKIWriteURLConfigRequestWithDefaults() *PKIWriteURLConfigRequest

NewPKIWriteURLConfigRequestWithDefaults instantiates a new PKIWriteURLConfigRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (PKIWriteURLConfigRequest) MarshalJSON ¶ 

func (o PKIWriteURLConfigRequest) MarshalJSON() ([]byte, error)

type PersonaIDWriteByIDRequest ¶ 

type PersonaIDWriteByIDRequest struct {
	// Entity ID to which this persona should be tied to
	EntityId string `json:"entity_id"`

	// Metadata to be associated with the persona. In CLI, this parameter can be repeated multiple times, and it all gets merged together. For example: vault <command> <path> metadata=key1=value1 metadata=key2=value2
	Metadata map[string]interface{} `json:"metadata"`

	// Mount accessor to which this persona belongs to
	MountAccessor string `json:"mount_accessor"`

	// Name of the persona
	Name string `json:"name"`
}

PersonaIDWriteByIDRequest struct for PersonaIDWriteByIDRequest

func NewPersonaIDWriteByIDRequestWithDefaults ¶ 

func NewPersonaIDWriteByIDRequestWithDefaults() *PersonaIDWriteByIDRequest

NewPersonaIDWriteByIDRequestWithDefaults instantiates a new PersonaIDWriteByIDRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (PersonaIDWriteByIDRequest) MarshalJSON ¶ 

func (o PersonaIDWriteByIDRequest) MarshalJSON() ([]byte, error)

type PersonaWriteRequest ¶ 

type PersonaWriteRequest struct {
	// Entity ID to which this persona belongs to
	EntityId string `json:"entity_id"`

	// ID of the persona
	Id string `json:"id"`

	// Metadata to be associated with the persona. In CLI, this parameter can be repeated multiple times, and it all gets merged together. For example: vault <command> <path> metadata=key1=value1 metadata=key2=value2
	Metadata map[string]interface{} `json:"metadata"`

	// Mount accessor to which this persona belongs to
	MountAccessor string `json:"mount_accessor"`

	// Name of the persona
	Name string `json:"name"`
}

PersonaWriteRequest struct for PersonaWriteRequest

func NewPersonaWriteRequestWithDefaults ¶ 

func NewPersonaWriteRequestWithDefaults() *PersonaWriteRequest

NewPersonaWriteRequestWithDefaults instantiates a new PersonaWriteRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (PersonaWriteRequest) MarshalJSON ¶ 

func (o PersonaWriteRequest) MarshalJSON() ([]byte, error)

type PkiWriteIssuerRefDerPemRequest ¶ 

type PkiWriteIssuerRefDerPemRequest struct {
	// Comma-separated list of URLs to be used for the CRL distribution points attribute. See also RFC 5280 Section 4.2.1.13.
	CrlDistributionPoints []string `json:"crl_distribution_points"`

	// Whether or not to enabling templating of the above AIA fields. When templating is enabled the special values '{{issuer_id}}' and '{{cluster_path}}' are available, but the addresses are not checked for URL validity until issuance time. This requires /config/cluster's path to be set on all PR Secondary clusters.
	EnableAiaUrlTemplating bool `json:"enable_aia_url_templating"`

	// Provide a name to the generated or existing issuer, the name must be unique across all issuers and not be the reserved value 'default'
	IssuerName string `json:"issuer_name"`

	// Comma-separated list of URLs to be used for the issuing certificate attribute. See also RFC 5280 Section 4.2.2.1.
	IssuingCertificates []string `json:"issuing_certificates"`

	// Behavior of leaf's NotAfter fields: \"err\" to error if the computed NotAfter date exceeds that of this issuer; \"truncate\" to silently truncate to that of this issuer; or \"permit\" to allow this issuance to succeed (with NotAfter exceeding that of an issuer). Note that not all values will results in certificates that can be validated through the entire validity period. It is suggested to use \"truncate\" for intermediate CAs and \"permit\" only for root CAs.
	LeafNotAfterBehavior string `json:"leaf_not_after_behavior"`

	// Chain of issuer references to use to build this issuer's computed CAChain field, when non-empty.
	ManualChain []string `json:"manual_chain"`

	// Comma-separated list of URLs to be used for the OCSP servers attribute. See also RFC 5280 Section 4.2.2.1.
	OcspServers []string `json:"ocsp_servers"`

	// Which x509.SignatureAlgorithm name to use for signing CRLs. This parameter allows differentiation between PKCS#1v1.5 and PSS keys and choice of signature hash algorithm. The default (empty string) value is for Go to select the signature algorithm. This can fail if the underlying key does not support the requested signature algorithm, which may not be known at modification time (such as with PKCS#11 managed RSA keys).
	RevocationSignatureAlgorithm string `json:"revocation_signature_algorithm"`

	// Comma-separated list (or string slice) of usages for this issuer; valid values are \"read-only\", \"issuing-certificates\", \"crl-signing\", and \"ocsp-signing\". Multiple values may be specified. Read-only is implicit and always set.
	Usage []string `json:"usage"`
}

PkiWriteIssuerRefDerPemRequest struct for PkiWriteIssuerRefDerPemRequest

func NewPkiWriteIssuerRefDerPemRequestWithDefaults ¶ 

func NewPkiWriteIssuerRefDerPemRequestWithDefaults() *PkiWriteIssuerRefDerPemRequest

NewPkiWriteIssuerRefDerPemRequestWithDefaults instantiates a new PkiWriteIssuerRefDerPemRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (PkiWriteIssuerRefDerPemRequest) MarshalJSON ¶ 

func (o PkiWriteIssuerRefDerPemRequest) MarshalJSON() ([]byte, error)

type PkiWriteJsonRequest ¶ 

type PkiWriteJsonRequest struct {
	// Comma-separated list of URLs to be used for the CRL distribution points attribute. See also RFC 5280 Section 4.2.1.13.
	CrlDistributionPoints []string `json:"crl_distribution_points"`

	// Whether or not to enabling templating of the above AIA fields. When templating is enabled the special values '{{issuer_id}}' and '{{cluster_path}}' are available, but the addresses are not checked for URL validity until issuance time. This requires /config/cluster's path to be set on all PR Secondary clusters.
	EnableAiaUrlTemplating bool `json:"enable_aia_url_templating"`

	// Provide a name to the generated or existing issuer, the name must be unique across all issuers and not be the reserved value 'default'
	IssuerName string `json:"issuer_name"`

	// Reference to a existing issuer; either \"default\" for the configured default issuer, an identifier or the name assigned to the issuer.
	IssuerRef string `json:"issuer_ref"`

	// Comma-separated list of URLs to be used for the issuing certificate attribute. See also RFC 5280 Section 4.2.2.1.
	IssuingCertificates []string `json:"issuing_certificates"`

	// Behavior of leaf's NotAfter fields: \"err\" to error if the computed NotAfter date exceeds that of this issuer; \"truncate\" to silently truncate to that of this issuer; or \"permit\" to allow this issuance to succeed (with NotAfter exceeding that of an issuer). Note that not all values will results in certificates that can be validated through the entire validity period. It is suggested to use \"truncate\" for intermediate CAs and \"permit\" only for root CAs.
	LeafNotAfterBehavior string `json:"leaf_not_after_behavior"`

	// Chain of issuer references to use to build this issuer's computed CAChain field, when non-empty.
	ManualChain []string `json:"manual_chain"`

	// Comma-separated list of URLs to be used for the OCSP servers attribute. See also RFC 5280 Section 4.2.2.1.
	OcspServers []string `json:"ocsp_servers"`

	// Which x509.SignatureAlgorithm name to use for signing CRLs. This parameter allows differentiation between PKCS#1v1.5 and PSS keys and choice of signature hash algorithm. The default (empty string) value is for Go to select the signature algorithm. This can fail if the underlying key does not support the requested signature algorithm, which may not be known at modification time (such as with PKCS#11 managed RSA keys).
	RevocationSignatureAlgorithm string `json:"revocation_signature_algorithm"`

	// Comma-separated list (or string slice) of usages for this issuer; valid values are \"read-only\", \"issuing-certificates\", \"crl-signing\", and \"ocsp-signing\". Multiple values may be specified. Read-only is implicit and always set.
	Usage []string `json:"usage"`
}

PkiWriteJsonRequest struct for PkiWriteJsonRequest

func NewPkiWriteJsonRequestWithDefaults ¶ 

func NewPkiWriteJsonRequestWithDefaults() *PkiWriteJsonRequest

NewPkiWriteJsonRequestWithDefaults instantiates a new PkiWriteJsonRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (PkiWriteJsonRequest) MarshalJSON ¶ 

func (o PkiWriteJsonRequest) MarshalJSON() ([]byte, error)

type RabbitMQWriteConnectionConfigRequest ¶ 

type RabbitMQWriteConnectionConfigRequest struct {
	// RabbitMQ Management URI
	ConnectionUri string `json:"connection_uri"`

	// Password of the provided RabbitMQ management user
	Password string `json:"password"`

	// Name of the password policy to use to generate passwords for dynamic credentials.
	PasswordPolicy string `json:"password_policy"`

	// Username of a RabbitMQ management administrator
	Username string `json:"username"`

	// Template describing how dynamic usernames are generated.
	UsernameTemplate string `json:"username_template"`

	// If set, connection_uri is verified by actually connecting to the RabbitMQ management API
	VerifyConnection bool `json:"verify_connection"`
}

RabbitMQWriteConnectionConfigRequest struct for RabbitMQWriteConnectionConfigRequest

func NewRabbitMQWriteConnectionConfigRequestWithDefaults ¶ 

func NewRabbitMQWriteConnectionConfigRequestWithDefaults() *RabbitMQWriteConnectionConfigRequest

NewRabbitMQWriteConnectionConfigRequestWithDefaults instantiates a new RabbitMQWriteConnectionConfigRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (RabbitMQWriteConnectionConfigRequest) MarshalJSON ¶ 

func (o RabbitMQWriteConnectionConfigRequest) MarshalJSON() ([]byte, error)

type RabbitMQWriteLeaseConfigRequest ¶ 

type RabbitMQWriteLeaseConfigRequest struct {
	// Duration after which the issued credentials should not be allowed to be renewed
	MaxTtl int32 `json:"max_ttl"`

	// Duration before which the issued credentials needs renewal
	Ttl int32 `json:"ttl"`
}

RabbitMQWriteLeaseConfigRequest struct for RabbitMQWriteLeaseConfigRequest

func NewRabbitMQWriteLeaseConfigRequestWithDefaults ¶ 

func NewRabbitMQWriteLeaseConfigRequestWithDefaults() *RabbitMQWriteLeaseConfigRequest

NewRabbitMQWriteLeaseConfigRequestWithDefaults instantiates a new RabbitMQWriteLeaseConfigRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (RabbitMQWriteLeaseConfigRequest) MarshalJSON ¶ 

func (o RabbitMQWriteLeaseConfigRequest) MarshalJSON() ([]byte, error)

type RabbitMQWriteRoleRequest ¶ 

type RabbitMQWriteRoleRequest struct {
	// Comma-separated list of tags for this role.
	Tags string `json:"tags"`

	// A nested map of virtual hosts and exchanges to topic permissions.
	VhostTopics string `json:"vhost_topics"`

	// A map of virtual hosts to permissions.
	Vhosts string `json:"vhosts"`
}

RabbitMQWriteRoleRequest struct for RabbitMQWriteRoleRequest

func NewRabbitMQWriteRoleRequestWithDefaults ¶ 

func NewRabbitMQWriteRoleRequestWithDefaults() *RabbitMQWriteRoleRequest

NewRabbitMQWriteRoleRequestWithDefaults instantiates a new RabbitMQWriteRoleRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (RabbitMQWriteRoleRequest) MarshalJSON ¶ 

func (o RabbitMQWriteRoleRequest) MarshalJSON() ([]byte, error)

type RadiusLoginRequest ¶ 

type RadiusLoginRequest struct {
	// Password for this user.
	Password string `json:"password"`

	// Username to be used for login. (URL parameter)
	Urlusername string `json:"urlusername"`

	// Username to be used for login. (POST request body)
	Username string `json:"username"`
}

RadiusLoginRequest struct for RadiusLoginRequest

func NewRadiusLoginRequestWithDefaults ¶ 

func NewRadiusLoginRequestWithDefaults() *RadiusLoginRequest

NewRadiusLoginRequestWithDefaults instantiates a new RadiusLoginRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (RadiusLoginRequest) MarshalJSON ¶ 

func (o RadiusLoginRequest) MarshalJSON() ([]byte, error)

type RadiusLoginWithUsernameRequest ¶ 

type RadiusLoginWithUsernameRequest struct {
	// Password for this user.
	Password string `json:"password"`

	// Username to be used for login. (POST request body)
	Username string `json:"username"`
}

RadiusLoginWithUsernameRequest struct for RadiusLoginWithUsernameRequest

func NewRadiusLoginWithUsernameRequestWithDefaults ¶ 

func NewRadiusLoginWithUsernameRequestWithDefaults() *RadiusLoginWithUsernameRequest

NewRadiusLoginWithUsernameRequestWithDefaults instantiates a new RadiusLoginWithUsernameRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (RadiusLoginWithUsernameRequest) MarshalJSON ¶ 

func (o RadiusLoginWithUsernameRequest) MarshalJSON() ([]byte, error)

type RadiusWriteConfigRequest ¶ 

type RadiusWriteConfigRequest struct {
	// Number of seconds before connect times out (default: 10)
	DialTimeout int32 `json:"dial_timeout"`

	// RADIUS server host
	Host string `json:"host"`

	// RADIUS NAS Identifier field (optional)
	NasIdentifier string `json:"nas_identifier"`

	// RADIUS NAS port field (default: 10)
	NasPort int32 `json:"nas_port"`

	// RADIUS server port (default: 1812)
	Port int32 `json:"port"`

	// Number of seconds before response times out (default: 10)
	ReadTimeout int32 `json:"read_timeout"`

	// Secret shared with the RADIUS server
	Secret string `json:"secret"`

	// Comma separated string or JSON list of CIDR blocks. If set, specifies the blocks of IP addresses which are allowed to use the generated token.
	TokenBoundCidrs []string `json:"token_bound_cidrs"`

	// If set, tokens created via this role carry an explicit maximum TTL. During renewal, the current maximum TTL values of the role and the mount are not checked for changes, and any updates to these values will have no effect on the token being renewed.
	TokenExplicitMaxTtl int32 `json:"token_explicit_max_ttl"`

	// The maximum lifetime of the generated token
	TokenMaxTtl int32 `json:"token_max_ttl"`

	// If true, the 'default' policy will not automatically be added to generated tokens
	TokenNoDefaultPolicy bool `json:"token_no_default_policy"`

	// The maximum number of times a token may be used, a value of zero means unlimited
	TokenNumUses int32 `json:"token_num_uses"`

	// If set, tokens created via this role will have no max lifetime; instead, their renewal period will be fixed to this value. This takes an integer number of seconds, or a string duration (e.g. \"24h\").
	TokenPeriod int32 `json:"token_period"`

	// Comma-separated list of policies. This will apply to all tokens generated by this auth method, in addition to any configured for specific users.
	TokenPolicies []string `json:"token_policies"`

	// The initial ttl of the token to generate
	TokenTtl int32 `json:"token_ttl"`

	// The type of token to generate, service or batch
	TokenType string `json:"token_type"`

	// Comma-separated list of policies to grant upon successful RADIUS authentication of an unregisted user (default: empty)
	UnregisteredUserPolicies string `json:"unregistered_user_policies"`
}

RadiusWriteConfigRequest struct for RadiusWriteConfigRequest

func NewRadiusWriteConfigRequestWithDefaults ¶ 

func NewRadiusWriteConfigRequestWithDefaults() *RadiusWriteConfigRequest

NewRadiusWriteConfigRequestWithDefaults instantiates a new RadiusWriteConfigRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (RadiusWriteConfigRequest) MarshalJSON ¶ 

func (o RadiusWriteConfigRequest) MarshalJSON() ([]byte, error)

type RadiusWriteUserRequest ¶ 

type RadiusWriteUserRequest struct {
	// Comma-separated list of policies associated to the user.
	Policies []string `json:"policies"`
}

RadiusWriteUserRequest struct for RadiusWriteUserRequest

func NewRadiusWriteUserRequestWithDefaults ¶ 

func NewRadiusWriteUserRequestWithDefaults() *RadiusWriteUserRequest

NewRadiusWriteUserRequestWithDefaults instantiates a new RadiusWriteUserRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (RadiusWriteUserRequest) MarshalJSON ¶ 

func (o RadiusWriteUserRequest) MarshalJSON() ([]byte, error)

type RemountRequest ¶ 

type RemountRequest struct {
	// The previous mount point.
	From string `json:"from"`

	// The new mount point.
	To string `json:"to"`
}

RemountRequest struct for RemountRequest

func NewRemountRequestWithDefaults ¶ 

func NewRemountRequestWithDefaults() *RemountRequest

NewRemountRequestWithDefaults instantiates a new RemountRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (RemountRequest) MarshalJSON ¶ 

func (o RemountRequest) MarshalJSON() ([]byte, error)

type RenewForRequest ¶ 

type RenewForRequest struct {
	// The desired increment in seconds to the lease
	Increment int32 `json:"increment"`

	// The lease identifier to renew. This is included with a lease.
	LeaseId string `json:"lease_id"`
}

RenewForRequest struct for RenewForRequest

func NewRenewForRequestWithDefaults ¶ 

func NewRenewForRequestWithDefaults() *RenewForRequest

NewRenewForRequestWithDefaults instantiates a new RenewForRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (RenewForRequest) MarshalJSON ¶ 

func (o RenewForRequest) MarshalJSON() ([]byte, error)

type RenewRequest ¶ 

type RenewRequest struct {
	// The desired increment in seconds to the lease
	Increment int32 `json:"increment"`

	// The lease identifier to renew. This is included with a lease.
	LeaseId string `json:"lease_id"`

	// The lease identifier to renew. This is included with a lease.
	UrlLeaseId string `json:"url_lease_id"`
}

RenewRequest struct for RenewRequest

func NewRenewRequestWithDefaults ¶ 

func NewRenewRequestWithDefaults() *RenewRequest

NewRenewRequestWithDefaults instantiates a new RenewRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (RenewRequest) MarshalJSON ¶ 

func (o RenewRequest) MarshalJSON() ([]byte, error)

type RevokeLeaseRequest ¶ 

type RevokeLeaseRequest struct {
	// The lease identifier to renew. This is included with a lease.
	LeaseId string `json:"lease_id"`

	// Whether or not to perform the revocation synchronously
	Sync bool `json:"sync"`
}

RevokeLeaseRequest struct for RevokeLeaseRequest

func NewRevokeLeaseRequestWithDefaults ¶ 

func NewRevokeLeaseRequestWithDefaults() *RevokeLeaseRequest

NewRevokeLeaseRequestWithDefaults instantiates a new RevokeLeaseRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (RevokeLeaseRequest) MarshalJSON ¶ 

func (o RevokeLeaseRequest) MarshalJSON() ([]byte, error)

type RevokePrefixRequest ¶ 

type RevokePrefixRequest struct {
	// Whether or not to perform the revocation synchronously
	Sync bool `json:"sync"`
}

RevokePrefixRequest struct for RevokePrefixRequest

func NewRevokePrefixRequestWithDefaults ¶ 

func NewRevokePrefixRequestWithDefaults() *RevokePrefixRequest

NewRevokePrefixRequestWithDefaults instantiates a new RevokePrefixRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (RevokePrefixRequest) MarshalJSON ¶ 

func (o RevokePrefixRequest) MarshalJSON() ([]byte, error)

type RevokeRequest ¶ 

type RevokeRequest struct {
	// The lease identifier to renew. This is included with a lease.
	LeaseId string `json:"lease_id"`

	// Whether or not to perform the revocation synchronously
	Sync bool `json:"sync"`

	// The lease identifier to renew. This is included with a lease.
	UrlLeaseId string `json:"url_lease_id"`
}

RevokeRequest struct for RevokeRequest

func NewRevokeRequestWithDefaults ¶ 

func NewRevokeRequestWithDefaults() *RevokeRequest

NewRevokeRequestWithDefaults instantiates a new RevokeRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (RevokeRequest) MarshalJSON ¶ 

func (o RevokeRequest) MarshalJSON() ([]byte, error)

type SSHLookupRequest ¶ 

type SSHLookupRequest struct {
	// [Required] IP address of remote host
	Ip string `json:"ip"`
}

SSHLookupRequest struct for SSHLookupRequest

func NewSSHLookupRequestWithDefaults ¶ 

func NewSSHLookupRequestWithDefaults() *SSHLookupRequest

NewSSHLookupRequestWithDefaults instantiates a new SSHLookupRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (SSHLookupRequest) MarshalJSON ¶ 

func (o SSHLookupRequest) MarshalJSON() ([]byte, error)

type SSHSignRequest ¶ 

type SSHSignRequest struct {
	// Type of certificate to be created; either \"user\" or \"host\".
	CertType string `json:"cert_type"`

	// Critical options that the certificate should be signed for.
	CriticalOptions map[string]interface{} `json:"critical_options"`

	// Extensions that the certificate should be signed for.
	Extensions map[string]interface{} `json:"extensions"`

	// Key id that the created certificate should have. If not specified, the display name of the token will be used.
	KeyId string `json:"key_id"`

	// SSH public key that should be signed.
	PublicKey string `json:"public_key"`

	// The requested Time To Live for the SSH certificate; sets the expiration date. If not specified the role default, backend default, or system default TTL is used, in that order. Cannot be later than the role max TTL.
	Ttl int32 `json:"ttl"`

	// Valid principals, either usernames or hostnames, that the certificate should be signed for.
	ValidPrincipals string `json:"valid_principals"`
}

SSHSignRequest struct for SSHSignRequest

func NewSSHSignRequestWithDefaults ¶ 

func NewSSHSignRequestWithDefaults() *SSHSignRequest

NewSSHSignRequestWithDefaults instantiates a new SSHSignRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (SSHSignRequest) MarshalJSON ¶ 

func (o SSHSignRequest) MarshalJSON() ([]byte, error)

type SSHVerifyRequest ¶ 

type SSHVerifyRequest struct {
	// [Required] One-Time-Key that needs to be validated
	Otp string `json:"otp"`
}

SSHVerifyRequest struct for SSHVerifyRequest

func NewSSHVerifyRequestWithDefaults ¶ 

func NewSSHVerifyRequestWithDefaults() *SSHVerifyRequest

NewSSHVerifyRequestWithDefaults instantiates a new SSHVerifyRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (SSHVerifyRequest) MarshalJSON ¶ 

func (o SSHVerifyRequest) MarshalJSON() ([]byte, error)

type SSHWriteCAConfigRequest ¶ 

type SSHWriteCAConfigRequest struct {
	// Generate SSH key pair internally rather than use the private_key and public_key fields.
	GenerateSigningKey bool `json:"generate_signing_key"`

	// Specifies the desired key bits when generating variable-length keys (such as when key_type=\"ssh-rsa\") or which NIST P-curve to use when key_type=\"ec\" (256, 384, or 521).
	KeyBits int32 `json:"key_bits"`

	// Specifies the desired key type when generating; could be a OpenSSH key type identifier (ssh-rsa, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521, or ssh-ed25519) or an algorithm (rsa, ec, ed25519).
	KeyType string `json:"key_type"`

	// Private half of the SSH key that will be used to sign certificates.
	PrivateKey string `json:"private_key"`

	// Public half of the SSH key that will be used to sign certificates.
	PublicKey string `json:"public_key"`
}

SSHWriteCAConfigRequest struct for SSHWriteCAConfigRequest

func NewSSHWriteCAConfigRequestWithDefaults ¶ 

func NewSSHWriteCAConfigRequestWithDefaults() *SSHWriteCAConfigRequest

NewSSHWriteCAConfigRequestWithDefaults instantiates a new SSHWriteCAConfigRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (SSHWriteCAConfigRequest) MarshalJSON ¶ 

func (o SSHWriteCAConfigRequest) MarshalJSON() ([]byte, error)

type SSHWriteCredentialsRequest ¶ 

type SSHWriteCredentialsRequest struct {
	// [Required] IP of the remote host
	Ip string `json:"ip"`

	// [Optional] Username in remote host
	Username string `json:"username"`
}

SSHWriteCredentialsRequest struct for SSHWriteCredentialsRequest

func NewSSHWriteCredentialsRequestWithDefaults ¶ 

func NewSSHWriteCredentialsRequestWithDefaults() *SSHWriteCredentialsRequest

NewSSHWriteCredentialsRequestWithDefaults instantiates a new SSHWriteCredentialsRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (SSHWriteCredentialsRequest) MarshalJSON ¶ 

func (o SSHWriteCredentialsRequest) MarshalJSON() ([]byte, error)

type SSHWriteIssueRequest ¶ 

type SSHWriteIssueRequest struct {
	// Type of certificate to be created; either \"user\" or \"host\".
	CertType string `json:"cert_type"`

	// Critical options that the certificate should be signed for.
	CriticalOptions map[string]interface{} `json:"critical_options"`

	// Extensions that the certificate should be signed for.
	Extensions map[string]interface{} `json:"extensions"`

	// Specifies the number of bits to use for the generated keys.
	KeyBits int32 `json:"key_bits"`

	// Key id that the created certificate should have. If not specified, the display name of the token will be used.
	KeyId string `json:"key_id"`

	// Specifies the desired key type; must be `rsa`, `ed25519` or `ec`
	KeyType string `json:"key_type"`

	// The requested Time To Live for the SSH certificate; sets the expiration date. If not specified the role default, backend default, or system default TTL is used, in that order. Cannot be later than the role max TTL.
	Ttl int32 `json:"ttl"`

	// Valid principals, either usernames or hostnames, that the certificate should be signed for.
	ValidPrincipals string `json:"valid_principals"`
}

SSHWriteIssueRequest struct for SSHWriteIssueRequest

func NewSSHWriteIssueRequestWithDefaults ¶ 

func NewSSHWriteIssueRequestWithDefaults() *SSHWriteIssueRequest

NewSSHWriteIssueRequestWithDefaults instantiates a new SSHWriteIssueRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (SSHWriteIssueRequest) MarshalJSON ¶ 

func (o SSHWriteIssueRequest) MarshalJSON() ([]byte, error)

type SSHWriteKeysRequest ¶ 

type SSHWriteKeysRequest struct {
	// [Required] SSH private key with super user privileges in host
	Key string `json:"key"`
}

SSHWriteKeysRequest struct for SSHWriteKeysRequest

func NewSSHWriteKeysRequestWithDefaults ¶ 

func NewSSHWriteKeysRequestWithDefaults() *SSHWriteKeysRequest

NewSSHWriteKeysRequestWithDefaults instantiates a new SSHWriteKeysRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (SSHWriteKeysRequest) MarshalJSON ¶ 

func (o SSHWriteKeysRequest) MarshalJSON() ([]byte, error)

type SSHWriteRoleRequest ¶ 

type SSHWriteRoleRequest struct {
	// [Required for Dynamic type] [Not applicable for OTP type] [Not applicable for CA type] Admin user at remote host. The shared key being registered should be for this user and should have root privileges. Everytime a dynamic credential is being generated for other users, Vault uses this admin username to login to remote host and install the generated credential for the other user.
	AdminUser string `json:"admin_user"`

	// When supplied, this value specifies a signing algorithm for the key. Possible values: ssh-rsa, rsa-sha2-256, rsa-sha2-512, default, or the empty string.
	AlgorithmSigner string `json:"algorithm_signer"`

	// [Not applicable for Dynamic type] [Not applicable for OTP type] [Optional for CA type] If set, host certificates that are requested are allowed to use the base domains listed in \"allowed_domains\", e.g. \"example.com\". This is a separate option as in some cases this can be considered a security threat.
	AllowBareDomains bool `json:"allow_bare_domains"`

	// [Not applicable for Dynamic type] [Not applicable for OTP type] [Optional for CA type] If set, certificates are allowed to be signed for use as a 'host'.
	AllowHostCertificates bool `json:"allow_host_certificates"`

	// [Not applicable for Dynamic type] [Not applicable for OTP type] [Optional for CA type] If set, host certificates that are requested are allowed to use subdomains of those listed in \"allowed_domains\".
	AllowSubdomains bool `json:"allow_subdomains"`

	// [Not applicable for Dynamic type] [Not applicable for OTP type] [Optional for CA type] If set, certificates are allowed to be signed for use as a 'user'.
	AllowUserCertificates bool `json:"allow_user_certificates"`

	// [Not applicable for Dynamic type] [Not applicable for OTP type] [Optional for CA type] If true, users can override the key ID for a signed certificate with the \"key_id\" field. When false, the key ID will always be the token display name. The key ID is logged by the SSH server and can be useful for auditing.
	AllowUserKeyIds bool `json:"allow_user_key_ids"`

	// [Not applicable for Dynamic type] [Not applicable for OTP type] [Optional for CA type] A comma-separated list of critical options that certificates can have when signed. To allow any critical options, set this to an empty string.
	AllowedCriticalOptions string `json:"allowed_critical_options"`

	// [Not applicable for Dynamic type] [Not applicable for OTP type] [Optional for CA type] If this option is not specified, client can request for a signed certificate for any valid host. If only certain domains are allowed, then this list enforces it.
	AllowedDomains string `json:"allowed_domains"`

	// [Not applicable for Dynamic type] [Not applicable for OTP type] [Optional for CA type] If set, Allowed domains can be specified using identity template policies. Non-templated domains are also permitted.
	AllowedDomainsTemplate bool `json:"allowed_domains_template"`

	// [Not applicable for Dynamic type] [Not applicable for OTP type] [Optional for CA type] A comma-separated list of extensions that certificates can have when signed. An empty list means that no extension overrides are allowed by an end-user; explicitly specify '*' to allow any extensions to be set.
	AllowedExtensions string `json:"allowed_extensions"`

	// [Not applicable for Dynamic type] [Not applicable for OTP type] [Optional for CA type] If set, allows the enforcement of key types and minimum key sizes to be signed.
	AllowedUserKeyLengths map[string]interface{} `json:"allowed_user_key_lengths"`

	// [Optional for all types] [Works differently for CA type] If this option is not specified, or is '*', client can request a credential for any valid user at the remote host, including the admin user. If only certain usernames are to be allowed, then this list enforces it. If this field is set, then credentials can only be created for default_user and usernames present in this list. Setting this option will enable all the users with access to this role to fetch credentials for all other usernames in this list. Use with caution. N.B.: with the CA type, an empty list means that no users are allowed; explicitly specify '*' to allow any user.
	AllowedUsers string `json:"allowed_users"`

	// [Not applicable for Dynamic type] [Not applicable for OTP type] [Optional for CA type] If set, Allowed users can be specified using identity template policies. Non-templated users are also permitted.
	AllowedUsersTemplate bool `json:"allowed_users_template"`

	// [Optional for Dynamic type] [Optional for OTP type] [Not applicable for CA type] Comma separated list of CIDR blocks for which the role is applicable for. CIDR blocks can belong to more than one role.
	CidrList string `json:"cidr_list"`

	// [Not applicable for Dynamic type] [Not applicable for OTP type] [Optional for CA type] Critical options certificates should have if none are provided when signing. This field takes in key value pairs in JSON format. Note that these are not restricted by \"allowed_critical_options\". Defaults to none.
	DefaultCriticalOptions map[string]interface{} `json:"default_critical_options"`

	// [Not applicable for Dynamic type] [Not applicable for OTP type] [Optional for CA type] Extensions certificates should have if none are provided when signing. This field takes in key value pairs in JSON format. Note that these are not restricted by \"allowed_extensions\". Defaults to none.
	DefaultExtensions map[string]interface{} `json:"default_extensions"`

	// [Not applicable for Dynamic type] [Not applicable for OTP type] [Optional for CA type] If set, Default extension values can be specified using identity template policies. Non-templated extension values are also permitted.
	DefaultExtensionsTemplate bool `json:"default_extensions_template"`

	// [Required for Dynamic type] [Required for OTP type] [Optional for CA type] Default username for which a credential will be generated. When the endpoint 'creds/' is used without a username, this value will be used as default username.
	DefaultUser string `json:"default_user"`

	// [Not applicable for Dynamic type] [Not applicable for OTP type] [Optional for CA type] If set, Default user can be specified using identity template policies. Non-templated users are also permitted.
	DefaultUserTemplate bool `json:"default_user_template"`

	// [Optional for Dynamic type] [Optional for OTP type] [Not applicable for CA type] Comma separated list of CIDR blocks. IP addresses belonging to these blocks are not accepted by the role. This is particularly useful when big CIDR blocks are being used by the role and certain parts of it needs to be kept out.
	ExcludeCidrList string `json:"exclude_cidr_list"`

	// [Optional for Dynamic type] [Not-applicable for OTP type] [Not applicable for CA type] Script used to install and uninstall public keys in the target machine. The inbuilt default install script will be for Linux hosts. For sample script, refer the project documentation website.
	InstallScript string `json:"install_script"`

	// [Required for Dynamic type] [Not applicable for OTP type] [Not applicable for CA type] Name of the registered key in Vault. Before creating the role, use the 'keys/' endpoint to create a named key.
	Key string `json:"key"`

	// [Optional for Dynamic type] [Not applicable for OTP type] [Not applicable for CA type] Length of the RSA dynamic key in bits. It is 1024 by default or it can be 2048.
	KeyBits int32 `json:"key_bits"`

	// [Not applicable for Dynamic type] [Not applicable for OTP type] [Optional for CA type] When supplied, this value specifies a custom format for the key id of a signed certificate. The following variables are available for use: '{{token_display_name}}' - The display name of the token used to make the request. '{{role_name}}' - The name of the role signing the request. '{{public_key_hash}}' - A SHA256 checksum of the public key that is being signed.
	KeyIdFormat string `json:"key_id_format"`

	// [Optional for Dynamic type] [Not applicable for OTP type] [Not applicable for CA type] Comma separated option specifications which will be prefixed to RSA key in authorized_keys file. Options should be valid and comply with authorized_keys file format and should not contain spaces.
	KeyOptionSpecs string `json:"key_option_specs"`

	// [Required for all types] Type of key used to login to hosts. It can be either 'otp', 'dynamic' or 'ca'. 'otp' type requires agent to be installed in remote hosts.
	KeyType string `json:"key_type"`

	// [Not applicable for Dynamic type] [Not applicable for OTP type] [Optional for CA type] The maximum allowed lease duration
	MaxTtl int32 `json:"max_ttl"`

	// The duration that the SSH certificate should be backdated by at issuance.
	NotBeforeDuration int32 `json:"not_before_duration"`

	// [Optional for Dynamic type] [Optional for OTP type] [Not applicable for CA type] Port number for SSH connection. Default is '22'. Port number does not play any role in creation of OTP. For 'otp' type, this is just a way to inform client about the port number to use. Port number will be returned to client by Vault server along with OTP.
	Port int32 `json:"port"`

	// [Not applicable for Dynamic type] [Not applicable for OTP type] [Optional for CA type] The lease duration if no specific lease duration is requested. The lease duration controls the expiration of certificates issued by this backend. Defaults to the value of max_ttl.
	Ttl int32 `json:"ttl"`
}

SSHWriteRoleRequest struct for SSHWriteRoleRequest

func NewSSHWriteRoleRequestWithDefaults ¶ 

func NewSSHWriteRoleRequestWithDefaults() *SSHWriteRoleRequest

NewSSHWriteRoleRequestWithDefaults instantiates a new SSHWriteRoleRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (SSHWriteRoleRequest) MarshalJSON ¶ 

func (o SSHWriteRoleRequest) MarshalJSON() ([]byte, error)

type SSHWriteZeroAddressConfigRequest ¶ 

type SSHWriteZeroAddressConfigRequest struct {
	// [Required] Comma separated list of role names which allows credentials to be requested for any IP address. CIDR blocks previously registered under these roles will be ignored.
	Roles []string `json:"roles"`
}

SSHWriteZeroAddressConfigRequest struct for SSHWriteZeroAddressConfigRequest

func NewSSHWriteZeroAddressConfigRequestWithDefaults ¶ 

func NewSSHWriteZeroAddressConfigRequestWithDefaults() *SSHWriteZeroAddressConfigRequest

NewSSHWriteZeroAddressConfigRequestWithDefaults instantiates a new SSHWriteZeroAddressConfigRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (SSHWriteZeroAddressConfigRequest) MarshalJSON ¶ 

func (o SSHWriteZeroAddressConfigRequest) MarshalJSON() ([]byte, error)

type SysWritePluginsCatalogNameRequest ¶ 

type SysWritePluginsCatalogNameRequest struct {
	// The args passed to plugin command.
	Args []string `json:"args"`

	// The command used to start the plugin. The executable defined in this command must exist in vault's plugin directory.
	Command string `json:"command"`

	// The environment variables passed to plugin command. Each entry is of the form \"key=value\".
	Env []string `json:"env"`

	// The SHA256 sum of the executable used in the command field. This should be HEX encoded.
	Sha256 string `json:"sha256"`

	// The type of the plugin, may be auth, secret, or database
	Type string `json:"type"`

	// The semantic version of the plugin to use.
	Version string `json:"version"`
}

SysWritePluginsCatalogNameRequest struct for SysWritePluginsCatalogNameRequest

func NewSysWritePluginsCatalogNameRequestWithDefaults ¶ 

func NewSysWritePluginsCatalogNameRequestWithDefaults() *SysWritePluginsCatalogNameRequest

NewSysWritePluginsCatalogNameRequestWithDefaults instantiates a new SysWritePluginsCatalogNameRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (SysWritePluginsCatalogNameRequest) MarshalJSON ¶ 

func (o SysWritePluginsCatalogNameRequest) MarshalJSON() ([]byte, error)

type SysWriteToolsRandomUrlbytesRequest ¶ 

type SysWriteToolsRandomUrlbytesRequest struct {
	// The number of bytes to generate (POST body parameter). Defaults to 32 (256 bits).
	Bytes int32 `json:"bytes"`

	// Encoding format to use. Can be \"hex\" or \"base64\". Defaults to \"base64\".
	Format string `json:"format"`

	// Which system to source random data from, ether \"platform\", \"seal\", or \"all\".
	Source string `json:"source"`
}

SysWriteToolsRandomUrlbytesRequest struct for SysWriteToolsRandomUrlbytesRequest

func NewSysWriteToolsRandomUrlbytesRequestWithDefaults ¶ 

func NewSysWriteToolsRandomUrlbytesRequestWithDefaults() *SysWriteToolsRandomUrlbytesRequest

NewSysWriteToolsRandomUrlbytesRequestWithDefaults instantiates a new SysWriteToolsRandomUrlbytesRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (SysWriteToolsRandomUrlbytesRequest) MarshalJSON ¶ 

func (o SysWriteToolsRandomUrlbytesRequest) MarshalJSON() ([]byte, error)

type TOTPWriteCodeRequest ¶ 

type TOTPWriteCodeRequest struct {
	// TOTP code to be validated.
	Code string `json:"code"`
}

TOTPWriteCodeRequest struct for TOTPWriteCodeRequest

func NewTOTPWriteCodeRequestWithDefaults ¶ 

func NewTOTPWriteCodeRequestWithDefaults() *TOTPWriteCodeRequest

NewTOTPWriteCodeRequestWithDefaults instantiates a new TOTPWriteCodeRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (TOTPWriteCodeRequest) MarshalJSON ¶ 

func (o TOTPWriteCodeRequest) MarshalJSON() ([]byte, error)

type TOTPWriteKeyRequest ¶ 

type TOTPWriteKeyRequest struct {
	// The name of the account associated with the key. Required if generate is true.
	AccountName string `json:"account_name"`

	// The hashing algorithm used to generate the TOTP token. Options include SHA1, SHA256 and SHA512.
	Algorithm string `json:"algorithm"`

	// The number of digits in the generated TOTP token. This value can either be 6 or 8.
	Digits int32 `json:"digits"`

	// Determines if a QR code and url are returned upon generating a key. Only used if generate is true.
	Exported bool `json:"exported"`

	// Determines if a key should be generated by Vault or if a key is being passed from another service.
	Generate bool `json:"generate"`

	// The name of the key's issuing organization. Required if generate is true.
	Issuer string `json:"issuer"`

	// The shared master key used to generate a TOTP token. Only used if generate is false.
	Key string `json:"key"`

	// Determines the size in bytes of the generated key. Only used if generate is true.
	KeySize int32 `json:"key_size"`

	// The length of time used to generate a counter for the TOTP token calculation.
	Period int32 `json:"period"`

	// The pixel size of the generated square QR code. Only used if generate is true and exported is true. If this value is 0, a QR code will not be returned.
	QrSize int32 `json:"qr_size"`

	// The number of delay periods that are allowed when validating a TOTP token. This value can either be 0 or 1. Only used if generate is true.
	Skew int32 `json:"skew"`

	// A TOTP url string containing all of the parameters for key setup. Only used if generate is false.
	Url string `json:"url"`
}

TOTPWriteKeyRequest struct for TOTPWriteKeyRequest

func NewTOTPWriteKeyRequestWithDefaults ¶ 

func NewTOTPWriteKeyRequestWithDefaults() *TOTPWriteKeyRequest

NewTOTPWriteKeyRequestWithDefaults instantiates a new TOTPWriteKeyRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (TOTPWriteKeyRequest) MarshalJSON ¶ 

func (o TOTPWriteKeyRequest) MarshalJSON() ([]byte, error)

type TerraformWriteConfigRequest ¶ 

type TerraformWriteConfigRequest struct {
	// The address to access Terraform Cloud or Enterprise. Default is \"https://app.terraform.io\".
	Address string `json:"address"`

	// The base path for the Terraform Cloud or Enterprise API. Default is \"/api/v2/\".
	BasePath string `json:"base_path"`

	// The token to access Terraform Cloud
	Token string `json:"token"`
}

TerraformWriteConfigRequest struct for TerraformWriteConfigRequest

func NewTerraformWriteConfigRequestWithDefaults ¶ 

func NewTerraformWriteConfigRequestWithDefaults() *TerraformWriteConfigRequest

NewTerraformWriteConfigRequestWithDefaults instantiates a new TerraformWriteConfigRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (TerraformWriteConfigRequest) MarshalJSON ¶ 

func (o TerraformWriteConfigRequest) MarshalJSON() ([]byte, error)

type TerraformWriteRoleRequest ¶ 

type TerraformWriteRoleRequest struct {
	// Maximum time for role. If not set or set to 0, will use system default.
	MaxTtl int32 `json:"max_ttl"`

	// Name of the Terraform Cloud or Enterprise organization
	Organization string `json:"organization"`

	// ID of the Terraform Cloud or Enterprise team under organization (e.g., settings/teams/team-xxxxxxxxxxxxx)
	TeamId string `json:"team_id"`

	// Default lease for generated credentials. If not set or set to 0, will use system default.
	Ttl int32 `json:"ttl"`

	// ID of the Terraform Cloud or Enterprise user (e.g., user-xxxxxxxxxxxxxxxx)
	UserId string `json:"user_id"`
}

TerraformWriteRoleRequest struct for TerraformWriteRoleRequest

func NewTerraformWriteRoleRequestWithDefaults ¶ 

func NewTerraformWriteRoleRequestWithDefaults() *TerraformWriteRoleRequest

NewTerraformWriteRoleRequestWithDefaults instantiates a new TerraformWriteRoleRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (TerraformWriteRoleRequest) MarshalJSON ¶ 

func (o TerraformWriteRoleRequest) MarshalJSON() ([]byte, error)

type TokenRenewAccessorRequest ¶ 

type TokenRenewAccessorRequest struct {
	// Accessor of the token to renew (request body)
	Accessor string `json:"accessor"`

	// The desired increment in seconds to the token expiration
	Increment int32 `json:"increment"`
}

TokenRenewAccessorRequest struct for TokenRenewAccessorRequest

func NewTokenRenewAccessorRequestWithDefaults ¶ 

func NewTokenRenewAccessorRequestWithDefaults() *TokenRenewAccessorRequest

NewTokenRenewAccessorRequestWithDefaults instantiates a new TokenRenewAccessorRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (TokenRenewAccessorRequest) MarshalJSON ¶ 

func (o TokenRenewAccessorRequest) MarshalJSON() ([]byte, error)

type TokenRenewRequest ¶ 

type TokenRenewRequest struct {
	// The desired increment in seconds to the token expiration
	Increment int32 `json:"increment"`

	// Token to renew (request body)
	Token string `json:"token"`
}

TokenRenewRequest struct for TokenRenewRequest

func NewTokenRenewRequestWithDefaults ¶ 

func NewTokenRenewRequestWithDefaults() *TokenRenewRequest

NewTokenRenewRequestWithDefaults instantiates a new TokenRenewRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (TokenRenewRequest) MarshalJSON ¶ 

func (o TokenRenewRequest) MarshalJSON() ([]byte, error)

type TokenRenewSelfRequest ¶ 

type TokenRenewSelfRequest struct {
	// The desired increment in seconds to the token expiration
	Increment int32 `json:"increment"`

	// Token to renew (unused, does not need to be set)
	Token string `json:"token"`
}

TokenRenewSelfRequest struct for TokenRenewSelfRequest

func NewTokenRenewSelfRequestWithDefaults ¶ 

func NewTokenRenewSelfRequestWithDefaults() *TokenRenewSelfRequest

NewTokenRenewSelfRequestWithDefaults instantiates a new TokenRenewSelfRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (TokenRenewSelfRequest) MarshalJSON ¶ 

func (o TokenRenewSelfRequest) MarshalJSON() ([]byte, error)

type TokenRevokeAccessorRequest ¶ 

type TokenRevokeAccessorRequest struct {
	// Accessor of the token (request body)
	Accessor string `json:"accessor"`
}

TokenRevokeAccessorRequest struct for TokenRevokeAccessorRequest

func NewTokenRevokeAccessorRequestWithDefaults ¶ 

func NewTokenRevokeAccessorRequestWithDefaults() *TokenRevokeAccessorRequest

NewTokenRevokeAccessorRequestWithDefaults instantiates a new TokenRevokeAccessorRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (TokenRevokeAccessorRequest) MarshalJSON ¶ 

func (o TokenRevokeAccessorRequest) MarshalJSON() ([]byte, error)

type TokenRevokeOrphanRequest ¶ 

type TokenRevokeOrphanRequest struct {
	// Token to revoke (request body)
	Token string `json:"token"`
}

TokenRevokeOrphanRequest struct for TokenRevokeOrphanRequest

func NewTokenRevokeOrphanRequestWithDefaults ¶ 

func NewTokenRevokeOrphanRequestWithDefaults() *TokenRevokeOrphanRequest

NewTokenRevokeOrphanRequestWithDefaults instantiates a new TokenRevokeOrphanRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (TokenRevokeOrphanRequest) MarshalJSON ¶ 

func (o TokenRevokeOrphanRequest) MarshalJSON() ([]byte, error)

type TokenRevokeRequest ¶ 

type TokenRevokeRequest struct {
	// Token to revoke (request body)
	Token string `json:"token"`
}

TokenRevokeRequest struct for TokenRevokeRequest

func NewTokenRevokeRequestWithDefaults ¶ 

func NewTokenRevokeRequestWithDefaults() *TokenRevokeRequest

NewTokenRevokeRequestWithDefaults instantiates a new TokenRevokeRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (TokenRevokeRequest) MarshalJSON ¶ 

func (o TokenRevokeRequest) MarshalJSON() ([]byte, error)

type TokenWriteCreateOrphanRequest ¶ 

type TokenWriteCreateOrphanRequest struct {
	// Name to associate with this token
	DisplayName string `json:"display_name"`

	// Name of the entity alias to associate with this token
	EntityAlias string `json:"entity_alias"`

	// Explicit Max TTL of this token
	ExplicitMaxTtl string `json:"explicit_max_ttl"`

	// Value for the token
	Id string `json:"id"`

	// Arbitrary key=value metadata to associate with the token
	Metadata map[string]interface{} `json:"metadata"`

	// Do not include default policy for this token
	NoDefaultPolicy bool `json:"no_default_policy"`

	// Create the token with no parent
	NoParent bool `json:"no_parent"`

	// Max number of uses for this token
	NumUses int32 `json:"num_uses"`

	// Renew period
	Period string `json:"period"`

	// List of policies for the token
	Policies []string `json:"policies"`

	// Allow token to be renewed past its initial TTL up to system/mount maximum TTL
	Renewable bool `json:"renewable"`

	// Name of the role
	RoleName string `json:"role_name"`

	// Time to live for this token
	Ttl string `json:"ttl"`

	// Token type
	Type string `json:"type"`
}

TokenWriteCreateOrphanRequest struct for TokenWriteCreateOrphanRequest

func NewTokenWriteCreateOrphanRequestWithDefaults ¶ 

func NewTokenWriteCreateOrphanRequestWithDefaults() *TokenWriteCreateOrphanRequest

NewTokenWriteCreateOrphanRequestWithDefaults instantiates a new TokenWriteCreateOrphanRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (TokenWriteCreateOrphanRequest) MarshalJSON ¶ 

func (o TokenWriteCreateOrphanRequest) MarshalJSON() ([]byte, error)

type TokenWriteCreateRequest ¶ 

type TokenWriteCreateRequest struct {
	// Name to associate with this token
	DisplayName string `json:"display_name"`

	// Name of the entity alias to associate with this token
	EntityAlias string `json:"entity_alias"`

	// Explicit Max TTL of this token
	ExplicitMaxTtl string `json:"explicit_max_ttl"`

	// Value for the token
	Id string `json:"id"`

	// Arbitrary key=value metadata to associate with the token
	Metadata map[string]interface{} `json:"metadata"`

	// Do not include default policy for this token
	NoDefaultPolicy bool `json:"no_default_policy"`

	// Create the token with no parent
	NoParent bool `json:"no_parent"`

	// Max number of uses for this token
	NumUses int32 `json:"num_uses"`

	// Renew period
	Period string `json:"period"`

	// List of policies for the token
	Policies []string `json:"policies"`

	// Allow token to be renewed past its initial TTL up to system/mount maximum TTL
	Renewable bool `json:"renewable"`

	// Time to live for this token
	Ttl string `json:"ttl"`

	// Token type
	Type string `json:"type"`
}

TokenWriteCreateRequest struct for TokenWriteCreateRequest

func NewTokenWriteCreateRequestWithDefaults ¶ 

func NewTokenWriteCreateRequestWithDefaults() *TokenWriteCreateRequest

NewTokenWriteCreateRequestWithDefaults instantiates a new TokenWriteCreateRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (TokenWriteCreateRequest) MarshalJSON ¶ 

func (o TokenWriteCreateRequest) MarshalJSON() ([]byte, error)

type TokenWriteCreateWithRoleRequest ¶ 

type TokenWriteCreateWithRoleRequest struct {
	// Name to associate with this token
	DisplayName string `json:"display_name"`

	// Name of the entity alias to associate with this token
	EntityAlias string `json:"entity_alias"`

	// Explicit Max TTL of this token
	ExplicitMaxTtl string `json:"explicit_max_ttl"`

	// Value for the token
	Id string `json:"id"`

	// Arbitrary key=value metadata to associate with the token
	Metadata map[string]interface{} `json:"metadata"`

	// Do not include default policy for this token
	NoDefaultPolicy bool `json:"no_default_policy"`

	// Create the token with no parent
	NoParent bool `json:"no_parent"`

	// Max number of uses for this token
	NumUses int32 `json:"num_uses"`

	// Renew period
	Period string `json:"period"`

	// List of policies for the token
	Policies []string `json:"policies"`

	// Allow token to be renewed past its initial TTL up to system/mount maximum TTL
	Renewable bool `json:"renewable"`

	// Time to live for this token
	Ttl string `json:"ttl"`

	// Token type
	Type string `json:"type"`
}

TokenWriteCreateWithRoleRequest struct for TokenWriteCreateWithRoleRequest

func NewTokenWriteCreateWithRoleRequestWithDefaults ¶ 

func NewTokenWriteCreateWithRoleRequestWithDefaults() *TokenWriteCreateWithRoleRequest

NewTokenWriteCreateWithRoleRequestWithDefaults instantiates a new TokenWriteCreateWithRoleRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (TokenWriteCreateWithRoleRequest) MarshalJSON ¶ 

func (o TokenWriteCreateWithRoleRequest) MarshalJSON() ([]byte, error)

type TokenWriteLookupAccessorRequest ¶ 

type TokenWriteLookupAccessorRequest struct {
	// Accessor of the token to look up (request body)
	Accessor string `json:"accessor"`
}

TokenWriteLookupAccessorRequest struct for TokenWriteLookupAccessorRequest

func NewTokenWriteLookupAccessorRequestWithDefaults ¶ 

func NewTokenWriteLookupAccessorRequestWithDefaults() *TokenWriteLookupAccessorRequest

NewTokenWriteLookupAccessorRequestWithDefaults instantiates a new TokenWriteLookupAccessorRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (TokenWriteLookupAccessorRequest) MarshalJSON ¶ 

func (o TokenWriteLookupAccessorRequest) MarshalJSON() ([]byte, error)

type TokenWriteLookupRequest ¶ 

type TokenWriteLookupRequest struct {
	// Token to lookup (POST request body)
	Token string `json:"token"`
}

TokenWriteLookupRequest struct for TokenWriteLookupRequest

func NewTokenWriteLookupRequestWithDefaults ¶ 

func NewTokenWriteLookupRequestWithDefaults() *TokenWriteLookupRequest

NewTokenWriteLookupRequestWithDefaults instantiates a new TokenWriteLookupRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (TokenWriteLookupRequest) MarshalJSON ¶ 

func (o TokenWriteLookupRequest) MarshalJSON() ([]byte, error)

type TokenWriteLookupSelfRequest ¶ 

type TokenWriteLookupSelfRequest struct {
	// Token to look up (unused, does not need to be set)
	Token string `json:"token"`
}

TokenWriteLookupSelfRequest struct for TokenWriteLookupSelfRequest

func NewTokenWriteLookupSelfRequestWithDefaults ¶ 

func NewTokenWriteLookupSelfRequestWithDefaults() *TokenWriteLookupSelfRequest

NewTokenWriteLookupSelfRequestWithDefaults instantiates a new TokenWriteLookupSelfRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (TokenWriteLookupSelfRequest) MarshalJSON ¶ 

func (o TokenWriteLookupSelfRequest) MarshalJSON() ([]byte, error)

type TokenWriteRoleRequest ¶ 

type TokenWriteRoleRequest struct {
	// String or JSON list of allowed entity aliases. If set, specifies the entity aliases which are allowed to be used during token generation. This field supports globbing.
	AllowedEntityAliases []string `json:"allowed_entity_aliases"`

	// If set, tokens can be created with any subset of the policies in this list, rather than the normal semantics of tokens being a subset of the calling token's policies. The parameter is a comma-delimited string of policy names.
	AllowedPolicies []string `json:"allowed_policies"`

	// If set, tokens can be created with any subset of glob matched policies in this list, rather than the normal semantics of tokens being a subset of the calling token's policies. The parameter is a comma-delimited string of policy name globs.
	AllowedPoliciesGlob []string `json:"allowed_policies_glob"`

	// Use 'token_bound_cidrs' instead.
	// Deprecated
	BoundCidrs []string `json:"bound_cidrs"`

	// If set, successful token creation via this role will require that no policies in the given list are requested. The parameter is a comma-delimited string of policy names.
	DisallowedPolicies []string `json:"disallowed_policies"`

	// If set, successful token creation via this role will require that no requested policies glob match any of policies in this list. The parameter is a comma-delimited string of policy name globs.
	DisallowedPoliciesGlob []string `json:"disallowed_policies_glob"`

	// Use 'token_explicit_max_ttl' instead.
	// Deprecated
	ExplicitMaxTtl int32 `json:"explicit_max_ttl"`

	// If true, tokens created via this role will be orphan tokens (have no parent)
	Orphan bool `json:"orphan"`

	// If set, tokens created via this role will contain the given suffix as a part of their path. This can be used to assist use of the 'revoke-prefix' endpoint later on. The given suffix must match the regular expression.\\w[\\w-.]+\\w
	PathSuffix string `json:"path_suffix"`

	// Use 'token_period' instead.
	// Deprecated
	Period int32 `json:"period"`

	// Tokens created via this role will be renewable or not according to this value. Defaults to \"true\".
	Renewable bool `json:"renewable"`

	// Comma separated string or JSON list of CIDR blocks. If set, specifies the blocks of IP addresses which are allowed to use the generated token.
	TokenBoundCidrs []string `json:"token_bound_cidrs"`

	// If set, tokens created via this role carry an explicit maximum TTL. During renewal, the current maximum TTL values of the role and the mount are not checked for changes, and any updates to these values will have no effect on the token being renewed.
	TokenExplicitMaxTtl int32 `json:"token_explicit_max_ttl"`

	// If true, the 'default' policy will not automatically be added to generated tokens
	TokenNoDefaultPolicy bool `json:"token_no_default_policy"`

	// The maximum number of times a token may be used, a value of zero means unlimited
	TokenNumUses int32 `json:"token_num_uses"`

	// If set, tokens created via this role will have no max lifetime; instead, their renewal period will be fixed to this value. This takes an integer number of seconds, or a string duration (e.g. \"24h\").
	TokenPeriod int32 `json:"token_period"`

	// The type of token to generate, service or batch
	TokenType string `json:"token_type"`
}

TokenWriteRoleRequest struct for TokenWriteRoleRequest

func NewTokenWriteRoleRequestWithDefaults ¶ 

func NewTokenWriteRoleRequestWithDefaults() *TokenWriteRoleRequest

NewTokenWriteRoleRequestWithDefaults instantiates a new TokenWriteRoleRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (TokenWriteRoleRequest) MarshalJSON ¶ 

func (o TokenWriteRoleRequest) MarshalJSON() ([]byte, error)

type ToolsGenerateRandomRequest ¶ 

type ToolsGenerateRandomRequest struct {
	// The number of bytes to generate (POST body parameter). Defaults to 32 (256 bits).
	Bytes int32 `json:"bytes"`

	// Encoding format to use. Can be \"hex\" or \"base64\". Defaults to \"base64\".
	Format string `json:"format"`

	// Which system to source random data from, ether \"platform\", \"seal\", or \"all\".
	Source string `json:"source"`

	// The number of bytes to generate (POST URL parameter)
	Urlbytes string `json:"urlbytes"`
}

ToolsGenerateRandomRequest struct for ToolsGenerateRandomRequest

func NewToolsGenerateRandomRequestWithDefaults ¶ 

func NewToolsGenerateRandomRequestWithDefaults() *ToolsGenerateRandomRequest

NewToolsGenerateRandomRequestWithDefaults instantiates a new ToolsGenerateRandomRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (ToolsGenerateRandomRequest) MarshalJSON ¶ 

func (o ToolsGenerateRandomRequest) MarshalJSON() ([]byte, error)

type ToolsGenerateRandomSourceBytesRequest ¶ 

type ToolsGenerateRandomSourceBytesRequest struct {
	// The number of bytes to generate (POST body parameter). Defaults to 32 (256 bits).
	Bytes int32 `json:"bytes"`

	// Encoding format to use. Can be \"hex\" or \"base64\". Defaults to \"base64\".
	Format string `json:"format"`
}

ToolsGenerateRandomSourceBytesRequest struct for ToolsGenerateRandomSourceBytesRequest

func NewToolsGenerateRandomSourceBytesRequestWithDefaults ¶ 

func NewToolsGenerateRandomSourceBytesRequestWithDefaults() *ToolsGenerateRandomSourceBytesRequest

NewToolsGenerateRandomSourceBytesRequestWithDefaults instantiates a new ToolsGenerateRandomSourceBytesRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (ToolsGenerateRandomSourceBytesRequest) MarshalJSON ¶ 

func (o ToolsGenerateRandomSourceBytesRequest) MarshalJSON() ([]byte, error)

type ToolsGenerateRandomSourceRequest ¶ 

type ToolsGenerateRandomSourceRequest struct {
	// The number of bytes to generate (POST body parameter). Defaults to 32 (256 bits).
	Bytes int32 `json:"bytes"`

	// Encoding format to use. Can be \"hex\" or \"base64\". Defaults to \"base64\".
	Format string `json:"format"`

	// The number of bytes to generate (POST URL parameter)
	Urlbytes string `json:"urlbytes"`
}

ToolsGenerateRandomSourceRequest struct for ToolsGenerateRandomSourceRequest

func NewToolsGenerateRandomSourceRequestWithDefaults ¶ 

func NewToolsGenerateRandomSourceRequestWithDefaults() *ToolsGenerateRandomSourceRequest

NewToolsGenerateRandomSourceRequestWithDefaults instantiates a new ToolsGenerateRandomSourceRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (ToolsGenerateRandomSourceRequest) MarshalJSON ¶ 

func (o ToolsGenerateRandomSourceRequest) MarshalJSON() ([]byte, error)

type ToolsHashRequest ¶ 

type ToolsHashRequest struct {
	// Algorithm to use (POST body parameter). Valid values are: * sha2-224 * sha2-256 * sha2-384 * sha2-512 Defaults to \"sha2-256\".
	Algorithm string `json:"algorithm"`

	// Encoding format to use. Can be \"hex\" or \"base64\". Defaults to \"hex\".
	Format string `json:"format"`

	// The base64-encoded input data
	Input string `json:"input"`

	// Algorithm to use (POST URL parameter)
	Urlalgorithm string `json:"urlalgorithm"`
}

ToolsHashRequest struct for ToolsHashRequest

func NewToolsHashRequestWithDefaults ¶ 

func NewToolsHashRequestWithDefaults() *ToolsHashRequest

NewToolsHashRequestWithDefaults instantiates a new ToolsHashRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (ToolsHashRequest) MarshalJSON ¶ 

func (o ToolsHashRequest) MarshalJSON() ([]byte, error)

type ToolsHashWithRequest ¶ 

type ToolsHashWithRequest struct {
	// Algorithm to use (POST body parameter). Valid values are: * sha2-224 * sha2-256 * sha2-384 * sha2-512 Defaults to \"sha2-256\".
	Algorithm string `json:"algorithm"`

	// Encoding format to use. Can be \"hex\" or \"base64\". Defaults to \"hex\".
	Format string `json:"format"`

	// The base64-encoded input data
	Input string `json:"input"`
}

ToolsHashWithRequest struct for ToolsHashWithRequest

func NewToolsHashWithRequestWithDefaults ¶ 

func NewToolsHashWithRequestWithDefaults() *ToolsHashWithRequest

NewToolsHashWithRequestWithDefaults instantiates a new ToolsHashWithRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (ToolsHashWithRequest) MarshalJSON ¶ 

func (o ToolsHashWithRequest) MarshalJSON() ([]byte, error)

type TransitDecryptRequest ¶ 

type TransitDecryptRequest struct {
	// When using an AEAD cipher mode, such as AES-GCM, this parameter allows passing associated data (AD/AAD) into the encryption function; this data must be passed on subsequent decryption requests but can be transited in plaintext. On successful decryption, both the ciphertext and the associated data are attested not to have been tampered with.
	AssociatedData string `json:"associated_data"`

	// The ciphertext to decrypt, provided as returned by encrypt.
	Ciphertext string `json:"ciphertext"`

	// Base64 encoded context for key derivation. Required if key derivation is enabled.
	Context string `json:"context"`

	// Base64 encoded nonce value used during encryption. Must be provided if convergent encryption is enabled for this key and the key was generated with Vault 0.6.1. Not required for keys created in 0.6.2+.
	Nonce string `json:"nonce"`

	// Ordinarily, if a batch item fails to decrypt due to a bad input, but other batch items succeed, the HTTP response code is 400 (Bad Request). Some applications may want to treat partial failures differently. Providing the parameter returns the given response code integer instead of a 400 in this case. If all values fail HTTP 400 is still returned.
	PartialFailureResponseCode int32 `json:"partial_failure_response_code"`
}

TransitDecryptRequest struct for TransitDecryptRequest

func NewTransitDecryptRequestWithDefaults ¶ 

func NewTransitDecryptRequestWithDefaults() *TransitDecryptRequest

NewTransitDecryptRequestWithDefaults instantiates a new TransitDecryptRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (TransitDecryptRequest) MarshalJSON ¶ 

func (o TransitDecryptRequest) MarshalJSON() ([]byte, error)

type TransitEncryptRequest ¶ 

type TransitEncryptRequest struct {
	// When using an AEAD cipher mode, such as AES-GCM, this parameter allows passing associated data (AD/AAD) into the encryption function; this data must be passed on subsequent decryption requests but can be transited in plaintext. On successful decryption, both the ciphertext and the associated data are attested not to have been tampered with.
	AssociatedData string `json:"associated_data"`

	// Base64 encoded context for key derivation. Required if key derivation is enabled
	Context string `json:"context"`

	// This parameter will only be used when a key is expected to be created. Whether to support convergent encryption. This is only supported when using a key with key derivation enabled and will require all requests to carry both a context and 96-bit (12-byte) nonce. The given nonce will be used in place of a randomly generated nonce. As a result, when the same context and nonce are supplied, the same ciphertext is generated. It is *very important* when using this mode that you ensure that all nonces are unique for a given context. Failing to do so will severely impact the ciphertext's security.
	ConvergentEncryption bool `json:"convergent_encryption"`

	// The version of the key to use for encryption. Must be 0 (for latest) or a value greater than or equal to the min_encryption_version configured on the key.
	KeyVersion int32 `json:"key_version"`

	// Base64 encoded nonce value. Must be provided if convergent encryption is enabled for this key and the key was generated with Vault 0.6.1. Not required for keys created in 0.6.2+. The value must be exactly 96 bits (12 bytes) long and the user must ensure that for any given context (and thus, any given encryption key) this nonce value is **never reused**.
	Nonce string `json:"nonce"`

	// Ordinarily, if a batch item fails to encrypt due to a bad input, but other batch items succeed, the HTTP response code is 400 (Bad Request). Some applications may want to treat partial failures differently. Providing the parameter returns the given response code integer instead of a 400 in this case. If all values fail HTTP 400 is still returned.
	PartialFailureResponseCode int32 `json:"partial_failure_response_code"`

	// Base64 encoded plaintext value to be encrypted
	Plaintext string `json:"plaintext"`

	// This parameter is required when encryption key is expected to be created. When performing an upsert operation, the type of key to create. Currently, \"aes128-gcm96\" (symmetric) and \"aes256-gcm96\" (symmetric) are the only types supported. Defaults to \"aes256-gcm96\".
	Type string `json:"type"`
}

TransitEncryptRequest struct for TransitEncryptRequest

func NewTransitEncryptRequestWithDefaults ¶ 

func NewTransitEncryptRequestWithDefaults() *TransitEncryptRequest

NewTransitEncryptRequestWithDefaults instantiates a new TransitEncryptRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (TransitEncryptRequest) MarshalJSON ¶ 

func (o TransitEncryptRequest) MarshalJSON() ([]byte, error)

type TransitGenerateDataKeyRequest ¶ 

type TransitGenerateDataKeyRequest struct {
	// Number of bits for the key; currently 128, 256, and 512 bits are supported. Defaults to 256.
	Bits int32 `json:"bits"`

	// Context for key derivation. Required for derived keys.
	Context string `json:"context"`

	// The version of the Vault key to use for encryption of the data key. Must be 0 (for latest) or a value greater than or equal to the min_encryption_version configured on the key.
	KeyVersion int32 `json:"key_version"`

	// Nonce for when convergent encryption v1 is used (only in Vault 0.6.1)
	Nonce string `json:"nonce"`
}

TransitGenerateDataKeyRequest struct for TransitGenerateDataKeyRequest

func NewTransitGenerateDataKeyRequestWithDefaults ¶ 

func NewTransitGenerateDataKeyRequestWithDefaults() *TransitGenerateDataKeyRequest

NewTransitGenerateDataKeyRequestWithDefaults instantiates a new TransitGenerateDataKeyRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (TransitGenerateDataKeyRequest) MarshalJSON ¶ 

func (o TransitGenerateDataKeyRequest) MarshalJSON() ([]byte, error)

type TransitGenerateHMACRequest ¶ 

type TransitGenerateHMACRequest struct {
	// Algorithm to use (POST body parameter). Valid values are: * sha2-224 * sha2-256 * sha2-384 * sha2-512 * sha3-224 * sha3-256 * sha3-384 * sha3-512 Defaults to \"sha2-256\".
	Algorithm string `json:"algorithm"`

	// The base64-encoded input data
	Input string `json:"input"`

	// The version of the key to use for generating the HMAC. Must be 0 (for latest) or a value greater than or equal to the min_encryption_version configured on the key.
	KeyVersion int32 `json:"key_version"`

	// Algorithm to use (POST URL parameter)
	Urlalgorithm string `json:"urlalgorithm"`
}

TransitGenerateHMACRequest struct for TransitGenerateHMACRequest

func NewTransitGenerateHMACRequestWithDefaults ¶ 

func NewTransitGenerateHMACRequestWithDefaults() *TransitGenerateHMACRequest

NewTransitGenerateHMACRequestWithDefaults instantiates a new TransitGenerateHMACRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (TransitGenerateHMACRequest) MarshalJSON ¶ 

func (o TransitGenerateHMACRequest) MarshalJSON() ([]byte, error)

type TransitGenerateHMACWithAlgorithmRequest ¶ 

type TransitGenerateHMACWithAlgorithmRequest struct {
	// Algorithm to use (POST body parameter). Valid values are: * sha2-224 * sha2-256 * sha2-384 * sha2-512 * sha3-224 * sha3-256 * sha3-384 * sha3-512 Defaults to \"sha2-256\".
	Algorithm string `json:"algorithm"`

	// The base64-encoded input data
	Input string `json:"input"`

	// The version of the key to use for generating the HMAC. Must be 0 (for latest) or a value greater than or equal to the min_encryption_version configured on the key.
	KeyVersion int32 `json:"key_version"`
}

TransitGenerateHMACWithAlgorithmRequest struct for TransitGenerateHMACWithAlgorithmRequest

func NewTransitGenerateHMACWithAlgorithmRequestWithDefaults ¶ 

func NewTransitGenerateHMACWithAlgorithmRequestWithDefaults() *TransitGenerateHMACWithAlgorithmRequest

NewTransitGenerateHMACWithAlgorithmRequestWithDefaults instantiates a new TransitGenerateHMACWithAlgorithmRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (TransitGenerateHMACWithAlgorithmRequest) MarshalJSON ¶ 

func (o TransitGenerateHMACWithAlgorithmRequest) MarshalJSON() ([]byte, error)

type TransitGenerateRandomRequest ¶ 

type TransitGenerateRandomRequest struct {
	// The number of bytes to generate (POST body parameter). Defaults to 32 (256 bits).
	Bytes int32 `json:"bytes"`

	// Encoding format to use. Can be \"hex\" or \"base64\". Defaults to \"base64\".
	Format string `json:"format"`

	// Which system to source random data from, ether \"platform\", \"seal\", or \"all\".
	Source string `json:"source"`

	// The number of bytes to generate (POST URL parameter)
	Urlbytes string `json:"urlbytes"`
}

TransitGenerateRandomRequest struct for TransitGenerateRandomRequest

func NewTransitGenerateRandomRequestWithDefaults ¶ 

func NewTransitGenerateRandomRequestWithDefaults() *TransitGenerateRandomRequest

NewTransitGenerateRandomRequestWithDefaults instantiates a new TransitGenerateRandomRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (TransitGenerateRandomRequest) MarshalJSON ¶ 

func (o TransitGenerateRandomRequest) MarshalJSON() ([]byte, error)

type TransitGenerateRandomSourceBytesRequest ¶ 

type TransitGenerateRandomSourceBytesRequest struct {
	// The number of bytes to generate (POST body parameter). Defaults to 32 (256 bits).
	Bytes int32 `json:"bytes"`

	// Encoding format to use. Can be \"hex\" or \"base64\". Defaults to \"base64\".
	Format string `json:"format"`
}

TransitGenerateRandomSourceBytesRequest struct for TransitGenerateRandomSourceBytesRequest

func NewTransitGenerateRandomSourceBytesRequestWithDefaults ¶ 

func NewTransitGenerateRandomSourceBytesRequestWithDefaults() *TransitGenerateRandomSourceBytesRequest

NewTransitGenerateRandomSourceBytesRequestWithDefaults instantiates a new TransitGenerateRandomSourceBytesRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (TransitGenerateRandomSourceBytesRequest) MarshalJSON ¶ 

func (o TransitGenerateRandomSourceBytesRequest) MarshalJSON() ([]byte, error)

type TransitGenerateRandomSourceRequest ¶ 

type TransitGenerateRandomSourceRequest struct {
	// The number of bytes to generate (POST body parameter). Defaults to 32 (256 bits).
	Bytes int32 `json:"bytes"`

	// Encoding format to use. Can be \"hex\" or \"base64\". Defaults to \"base64\".
	Format string `json:"format"`

	// The number of bytes to generate (POST URL parameter)
	Urlbytes string `json:"urlbytes"`
}

TransitGenerateRandomSourceRequest struct for TransitGenerateRandomSourceRequest

func NewTransitGenerateRandomSourceRequestWithDefaults ¶ 

func NewTransitGenerateRandomSourceRequestWithDefaults() *TransitGenerateRandomSourceRequest

NewTransitGenerateRandomSourceRequestWithDefaults instantiates a new TransitGenerateRandomSourceRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (TransitGenerateRandomSourceRequest) MarshalJSON ¶ 

func (o TransitGenerateRandomSourceRequest) MarshalJSON() ([]byte, error)

type TransitHashRequest ¶ 

type TransitHashRequest struct {
	// Algorithm to use (POST body parameter). Valid values are: * sha2-224 * sha2-256 * sha2-384 * sha2-512 * sha3-224 * sha3-256 * sha3-384 * sha3-512 Defaults to \"sha2-256\".
	Algorithm string `json:"algorithm"`

	// Encoding format to use. Can be \"hex\" or \"base64\". Defaults to \"hex\".
	Format string `json:"format"`

	// The base64-encoded input data
	Input string `json:"input"`

	// Algorithm to use (POST URL parameter)
	Urlalgorithm string `json:"urlalgorithm"`
}

TransitHashRequest struct for TransitHashRequest

func NewTransitHashRequestWithDefaults ¶ 

func NewTransitHashRequestWithDefaults() *TransitHashRequest

NewTransitHashRequestWithDefaults instantiates a new TransitHashRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (TransitHashRequest) MarshalJSON ¶ 

func (o TransitHashRequest) MarshalJSON() ([]byte, error)

type TransitHashWithAlgorithmRequest ¶ 

type TransitHashWithAlgorithmRequest struct {
	// Algorithm to use (POST body parameter). Valid values are: * sha2-224 * sha2-256 * sha2-384 * sha2-512 * sha3-224 * sha3-256 * sha3-384 * sha3-512 Defaults to \"sha2-256\".
	Algorithm string `json:"algorithm"`

	// Encoding format to use. Can be \"hex\" or \"base64\". Defaults to \"hex\".
	Format string `json:"format"`

	// The base64-encoded input data
	Input string `json:"input"`
}

TransitHashWithAlgorithmRequest struct for TransitHashWithAlgorithmRequest

func NewTransitHashWithAlgorithmRequestWithDefaults ¶ 

func NewTransitHashWithAlgorithmRequestWithDefaults() *TransitHashWithAlgorithmRequest

NewTransitHashWithAlgorithmRequestWithDefaults instantiates a new TransitHashWithAlgorithmRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (TransitHashWithAlgorithmRequest) MarshalJSON ¶ 

func (o TransitHashWithAlgorithmRequest) MarshalJSON() ([]byte, error)

type TransitImportKeyRequest ¶ 

type TransitImportKeyRequest struct {
	// Enables taking a backup of the named key in plaintext format. Once set, this cannot be disabled.
	AllowPlaintextBackup bool `json:"allow_plaintext_backup"`

	// True if the imported key may be rotated within Vault; false otherwise.
	AllowRotation bool `json:"allow_rotation"`

	// Amount of time the key should live before being automatically rotated. A value of 0 (default) disables automatic rotation for the key.
	AutoRotatePeriod int32 `json:"auto_rotate_period"`

	// The base64-encoded ciphertext of the keys. The AES key should be encrypted using OAEP with the wrapping key and then concatenated with the import key, wrapped by the AES key.
	Ciphertext string `json:"ciphertext"`

	// Base64 encoded context for key derivation. When reading a key with key derivation enabled, if the key type supports public keys, this will return the public key for the given context.
	Context string `json:"context"`

	// Enables key derivation mode. This allows for per-transaction unique keys for encryption operations.
	Derived bool `json:"derived"`

	// Enables keys to be exportable. This allows for all the valid keys in the key ring to be exported.
	Exportable bool `json:"exportable"`

	// The hash function used as a random oracle in the OAEP wrapping of the user-generated, ephemeral AES key. Can be one of \"SHA1\", \"SHA224\", \"SHA256\" (default), \"SHA384\", or \"SHA512\"
	HashFunction string `json:"hash_function"`

	// The type of key being imported. Currently, \"aes128-gcm96\" (symmetric), \"aes256-gcm96\" (symmetric), \"ecdsa-p256\" (asymmetric), \"ecdsa-p384\" (asymmetric), \"ecdsa-p521\" (asymmetric), \"ed25519\" (asymmetric), \"rsa-2048\" (asymmetric), \"rsa-3072\" (asymmetric), \"rsa-4096\" (asymmetric) are supported. Defaults to \"aes256-gcm96\".
	Type string `json:"type"`
}

TransitImportKeyRequest struct for TransitImportKeyRequest

func NewTransitImportKeyRequestWithDefaults ¶ 

func NewTransitImportKeyRequestWithDefaults() *TransitImportKeyRequest

NewTransitImportKeyRequestWithDefaults instantiates a new TransitImportKeyRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (TransitImportKeyRequest) MarshalJSON ¶ 

func (o TransitImportKeyRequest) MarshalJSON() ([]byte, error)

type TransitImportKeyVersionRequest ¶ 

type TransitImportKeyVersionRequest struct {
	// The base64-encoded ciphertext of the keys. The AES key should be encrypted using OAEP with the wrapping key and then concatenated with the import key, wrapped by the AES key.
	Ciphertext string `json:"ciphertext"`

	// The hash function used as a random oracle in the OAEP wrapping of the user-generated, ephemeral AES key. Can be one of \"SHA1\", \"SHA224\", \"SHA256\" (default), \"SHA384\", or \"SHA512\"
	HashFunction string `json:"hash_function"`
}

TransitImportKeyVersionRequest struct for TransitImportKeyVersionRequest

func NewTransitImportKeyVersionRequestWithDefaults ¶ 

func NewTransitImportKeyVersionRequestWithDefaults() *TransitImportKeyVersionRequest

NewTransitImportKeyVersionRequestWithDefaults instantiates a new TransitImportKeyVersionRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (TransitImportKeyVersionRequest) MarshalJSON ¶ 

func (o TransitImportKeyVersionRequest) MarshalJSON() ([]byte, error)

type TransitRestoreKeyRequest ¶ 

type TransitRestoreKeyRequest struct {
	// Backed up key data to be restored. This should be the output from the 'backup/' endpoint.
	Backup string `json:"backup"`

	// If set and a key by the given name exists, force the restore operation and override the key.
	Force bool `json:"force"`
}

TransitRestoreKeyRequest struct for TransitRestoreKeyRequest

func NewTransitRestoreKeyRequestWithDefaults ¶ 

func NewTransitRestoreKeyRequestWithDefaults() *TransitRestoreKeyRequest

NewTransitRestoreKeyRequestWithDefaults instantiates a new TransitRestoreKeyRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (TransitRestoreKeyRequest) MarshalJSON ¶ 

func (o TransitRestoreKeyRequest) MarshalJSON() ([]byte, error)

type TransitRestoreRequest ¶ 

type TransitRestoreRequest struct {
	// Backed up key data to be restored. This should be the output from the 'backup/' endpoint.
	Backup string `json:"backup"`

	// If set and a key by the given name exists, force the restore operation and override the key.
	Force bool `json:"force"`

	// If set, this will be the name of the restored key.
	Name string `json:"name"`
}

TransitRestoreRequest struct for TransitRestoreRequest

func NewTransitRestoreRequestWithDefaults ¶ 

func NewTransitRestoreRequestWithDefaults() *TransitRestoreRequest

NewTransitRestoreRequestWithDefaults instantiates a new TransitRestoreRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (TransitRestoreRequest) MarshalJSON ¶ 

func (o TransitRestoreRequest) MarshalJSON() ([]byte, error)

type TransitRewrapRequest ¶ 

type TransitRewrapRequest struct {
	// Ciphertext value to rewrap
	Ciphertext string `json:"ciphertext"`

	// Base64 encoded context for key derivation. Required for derived keys.
	Context string `json:"context"`

	// The version of the key to use for encryption. Must be 0 (for latest) or a value greater than or equal to the min_encryption_version configured on the key.
	KeyVersion int32 `json:"key_version"`

	// Nonce for when convergent encryption is used
	Nonce string `json:"nonce"`
}

TransitRewrapRequest struct for TransitRewrapRequest

func NewTransitRewrapRequestWithDefaults ¶ 

func NewTransitRewrapRequestWithDefaults() *TransitRewrapRequest

NewTransitRewrapRequestWithDefaults instantiates a new TransitRewrapRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (TransitRewrapRequest) MarshalJSON ¶ 

func (o TransitRewrapRequest) MarshalJSON() ([]byte, error)

type TransitSignRequest ¶ 

type TransitSignRequest struct {
	// Deprecated: use \"hash_algorithm\" instead.
	Algorithm string `json:"algorithm"`

	// Base64 encoded context for key derivation. Required if key derivation is enabled; currently only available with ed25519 keys.
	Context string `json:"context"`

	// Hash algorithm to use (POST body parameter). Valid values are: * sha1 * sha2-224 * sha2-256 * sha2-384 * sha2-512 * sha3-224 * sha3-256 * sha3-384 * sha3-512 * none Defaults to \"sha2-256\". Not valid for all key types, including ed25519. Using none requires setting prehashed=true and signature_algorithm=pkcs1v15, yielding a PKCSv1_5_NoOID instead of the usual PKCSv1_5_DERnull signature.
	HashAlgorithm string `json:"hash_algorithm"`

	// The base64-encoded input data
	Input string `json:"input"`

	// The version of the key to use for signing. Must be 0 (for latest) or a value greater than or equal to the min_encryption_version configured on the key.
	KeyVersion int32 `json:"key_version"`

	// The method by which to marshal the signature. The default is 'asn1' which is used by openssl and X.509. It can also be set to 'jws' which is used for JWT signatures; setting it to this will also cause the encoding of the signature to be url-safe base64 instead of using standard base64 encoding. Currently only valid for ECDSA P-256 key types\".
	MarshalingAlgorithm string `json:"marshaling_algorithm"`

	// Set to 'true' when the input is already hashed. If the key type is 'rsa-2048', 'rsa-3072' or 'rsa-4096', then the algorithm used to hash the input should be indicated by the 'algorithm' parameter.
	Prehashed bool `json:"prehashed"`

	// The salt length used to sign. Currently only applies to the RSA PSS signature scheme. Options are 'auto' (the default used by Golang, causing the salt to be as large as possible when signing), 'hash' (causes the salt length to equal the length of the hash used in the signature), or an integer between the minimum and the maximum permissible salt lengths for the given RSA key size. Defaults to 'auto'.
	SaltLength string `json:"salt_length"`

	// The signature algorithm to use for signing. Currently only applies to RSA key types. Options are 'pss' or 'pkcs1v15'. Defaults to 'pss'
	SignatureAlgorithm string `json:"signature_algorithm"`

	// Hash algorithm to use (POST URL parameter)
	Urlalgorithm string `json:"urlalgorithm"`
}

TransitSignRequest struct for TransitSignRequest

func NewTransitSignRequestWithDefaults ¶ 

func NewTransitSignRequestWithDefaults() *TransitSignRequest

NewTransitSignRequestWithDefaults instantiates a new TransitSignRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (TransitSignRequest) MarshalJSON ¶ 

func (o TransitSignRequest) MarshalJSON() ([]byte, error)

type TransitSignWithAlgorithmRequest ¶ 

type TransitSignWithAlgorithmRequest struct {
	// Deprecated: use \"hash_algorithm\" instead.
	Algorithm string `json:"algorithm"`

	// Base64 encoded context for key derivation. Required if key derivation is enabled; currently only available with ed25519 keys.
	Context string `json:"context"`

	// Hash algorithm to use (POST body parameter). Valid values are: * sha1 * sha2-224 * sha2-256 * sha2-384 * sha2-512 * sha3-224 * sha3-256 * sha3-384 * sha3-512 * none Defaults to \"sha2-256\". Not valid for all key types, including ed25519. Using none requires setting prehashed=true and signature_algorithm=pkcs1v15, yielding a PKCSv1_5_NoOID instead of the usual PKCSv1_5_DERnull signature.
	HashAlgorithm string `json:"hash_algorithm"`

	// The base64-encoded input data
	Input string `json:"input"`

	// The version of the key to use for signing. Must be 0 (for latest) or a value greater than or equal to the min_encryption_version configured on the key.
	KeyVersion int32 `json:"key_version"`

	// The method by which to marshal the signature. The default is 'asn1' which is used by openssl and X.509. It can also be set to 'jws' which is used for JWT signatures; setting it to this will also cause the encoding of the signature to be url-safe base64 instead of using standard base64 encoding. Currently only valid for ECDSA P-256 key types\".
	MarshalingAlgorithm string `json:"marshaling_algorithm"`

	// Set to 'true' when the input is already hashed. If the key type is 'rsa-2048', 'rsa-3072' or 'rsa-4096', then the algorithm used to hash the input should be indicated by the 'algorithm' parameter.
	Prehashed bool `json:"prehashed"`

	// The salt length used to sign. Currently only applies to the RSA PSS signature scheme. Options are 'auto' (the default used by Golang, causing the salt to be as large as possible when signing), 'hash' (causes the salt length to equal the length of the hash used in the signature), or an integer between the minimum and the maximum permissible salt lengths for the given RSA key size. Defaults to 'auto'.
	SaltLength string `json:"salt_length"`

	// The signature algorithm to use for signing. Currently only applies to RSA key types. Options are 'pss' or 'pkcs1v15'. Defaults to 'pss'
	SignatureAlgorithm string `json:"signature_algorithm"`
}

TransitSignWithAlgorithmRequest struct for TransitSignWithAlgorithmRequest

func NewTransitSignWithAlgorithmRequestWithDefaults ¶ 

func NewTransitSignWithAlgorithmRequestWithDefaults() *TransitSignWithAlgorithmRequest

NewTransitSignWithAlgorithmRequestWithDefaults instantiates a new TransitSignWithAlgorithmRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (TransitSignWithAlgorithmRequest) MarshalJSON ¶ 

func (o TransitSignWithAlgorithmRequest) MarshalJSON() ([]byte, error)

type TransitTrimKeyRequest ¶ 

type TransitTrimKeyRequest struct {
	// The minimum available version for the key ring. All versions before this version will be permanently deleted. This value can at most be equal to the lesser of 'min_decryption_version' and 'min_encryption_version'. This is not allowed to be set when either 'min_encryption_version' or 'min_decryption_version' is set to zero.
	MinAvailableVersion int32 `json:"min_available_version"`
}

TransitTrimKeyRequest struct for TransitTrimKeyRequest

func NewTransitTrimKeyRequestWithDefaults ¶ 

func NewTransitTrimKeyRequestWithDefaults() *TransitTrimKeyRequest

NewTransitTrimKeyRequestWithDefaults instantiates a new TransitTrimKeyRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (TransitTrimKeyRequest) MarshalJSON ¶ 

func (o TransitTrimKeyRequest) MarshalJSON() ([]byte, error)

type TransitVerifyRequest ¶ 

type TransitVerifyRequest struct {
	// Deprecated: use \"hash_algorithm\" instead.
	Algorithm string `json:"algorithm"`

	// Base64 encoded context for key derivation. Required if key derivation is enabled; currently only available with ed25519 keys.
	Context string `json:"context"`

	// Hash algorithm to use (POST body parameter). Valid values are: * sha1 * sha2-224 * sha2-256 * sha2-384 * sha2-512 * sha3-224 * sha3-256 * sha3-384 * sha3-512 * none Defaults to \"sha2-256\". Not valid for all key types. See note about none on signing path.
	HashAlgorithm string `json:"hash_algorithm"`

	// The HMAC, including vault header/key version
	Hmac string `json:"hmac"`

	// The base64-encoded input data to verify
	Input string `json:"input"`

	// The method by which to unmarshal the signature when verifying. The default is 'asn1' which is used by openssl and X.509; can also be set to 'jws' which is used for JWT signatures in which case the signature is also expected to be url-safe base64 encoding instead of standard base64 encoding. Currently only valid for ECDSA P-256 key types\".
	MarshalingAlgorithm string `json:"marshaling_algorithm"`

	// Set to 'true' when the input is already hashed. If the key type is 'rsa-2048', 'rsa-3072' or 'rsa-4096', then the algorithm used to hash the input should be indicated by the 'algorithm' parameter.
	Prehashed bool `json:"prehashed"`

	// The salt length used to sign. Currently only applies to the RSA PSS signature scheme. Options are 'auto' (the default used by Golang, causing the salt to be as large as possible when signing), 'hash' (causes the salt length to equal the length of the hash used in the signature), or an integer between the minimum and the maximum permissible salt lengths for the given RSA key size. Defaults to 'auto'.
	SaltLength string `json:"salt_length"`

	// The signature, including vault header/key version
	Signature string `json:"signature"`

	// The signature algorithm to use for signature verification. Currently only applies to RSA key types. Options are 'pss' or 'pkcs1v15'. Defaults to 'pss'
	SignatureAlgorithm string `json:"signature_algorithm"`

	// Hash algorithm to use (POST URL parameter)
	Urlalgorithm string `json:"urlalgorithm"`
}

TransitVerifyRequest struct for TransitVerifyRequest

func NewTransitVerifyRequestWithDefaults ¶ 

func NewTransitVerifyRequestWithDefaults() *TransitVerifyRequest

NewTransitVerifyRequestWithDefaults instantiates a new TransitVerifyRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (TransitVerifyRequest) MarshalJSON ¶ 

func (o TransitVerifyRequest) MarshalJSON() ([]byte, error)

type TransitVerifyWithAlgorithmRequest ¶ 

type TransitVerifyWithAlgorithmRequest struct {
	// Deprecated: use \"hash_algorithm\" instead.
	Algorithm string `json:"algorithm"`

	// Base64 encoded context for key derivation. Required if key derivation is enabled; currently only available with ed25519 keys.
	Context string `json:"context"`

	// Hash algorithm to use (POST body parameter). Valid values are: * sha1 * sha2-224 * sha2-256 * sha2-384 * sha2-512 * sha3-224 * sha3-256 * sha3-384 * sha3-512 * none Defaults to \"sha2-256\". Not valid for all key types. See note about none on signing path.
	HashAlgorithm string `json:"hash_algorithm"`

	// The HMAC, including vault header/key version
	Hmac string `json:"hmac"`

	// The base64-encoded input data to verify
	Input string `json:"input"`

	// The method by which to unmarshal the signature when verifying. The default is 'asn1' which is used by openssl and X.509; can also be set to 'jws' which is used for JWT signatures in which case the signature is also expected to be url-safe base64 encoding instead of standard base64 encoding. Currently only valid for ECDSA P-256 key types\".
	MarshalingAlgorithm string `json:"marshaling_algorithm"`

	// Set to 'true' when the input is already hashed. If the key type is 'rsa-2048', 'rsa-3072' or 'rsa-4096', then the algorithm used to hash the input should be indicated by the 'algorithm' parameter.
	Prehashed bool `json:"prehashed"`

	// The salt length used to sign. Currently only applies to the RSA PSS signature scheme. Options are 'auto' (the default used by Golang, causing the salt to be as large as possible when signing), 'hash' (causes the salt length to equal the length of the hash used in the signature), or an integer between the minimum and the maximum permissible salt lengths for the given RSA key size. Defaults to 'auto'.
	SaltLength string `json:"salt_length"`

	// The signature, including vault header/key version
	Signature string `json:"signature"`

	// The signature algorithm to use for signature verification. Currently only applies to RSA key types. Options are 'pss' or 'pkcs1v15'. Defaults to 'pss'
	SignatureAlgorithm string `json:"signature_algorithm"`
}

TransitVerifyWithAlgorithmRequest struct for TransitVerifyWithAlgorithmRequest

func NewTransitVerifyWithAlgorithmRequestWithDefaults ¶ 

func NewTransitVerifyWithAlgorithmRequestWithDefaults() *TransitVerifyWithAlgorithmRequest

NewTransitVerifyWithAlgorithmRequestWithDefaults instantiates a new TransitVerifyWithAlgorithmRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (TransitVerifyWithAlgorithmRequest) MarshalJSON ¶ 

func (o TransitVerifyWithAlgorithmRequest) MarshalJSON() ([]byte, error)

type TransitWriteCacheConfigRequest ¶ 

type TransitWriteCacheConfigRequest struct {
	// Size of cache, use 0 for an unlimited cache size, defaults to 0
	Size int32 `json:"size"`
}

TransitWriteCacheConfigRequest struct for TransitWriteCacheConfigRequest

func NewTransitWriteCacheConfigRequestWithDefaults ¶ 

func NewTransitWriteCacheConfigRequestWithDefaults() *TransitWriteCacheConfigRequest

NewTransitWriteCacheConfigRequestWithDefaults instantiates a new TransitWriteCacheConfigRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (TransitWriteCacheConfigRequest) MarshalJSON ¶ 

func (o TransitWriteCacheConfigRequest) MarshalJSON() ([]byte, error)

type TransitWriteConfigKeysRequest ¶ 

type TransitWriteConfigKeysRequest struct {
	// Whether to allow automatic upserting (creation) of keys on the encrypt endpoint.
	DisableUpsert bool `json:"disable_upsert"`
}

TransitWriteConfigKeysRequest struct for TransitWriteConfigKeysRequest

func NewTransitWriteConfigKeysRequestWithDefaults ¶ 

func NewTransitWriteConfigKeysRequestWithDefaults() *TransitWriteConfigKeysRequest

NewTransitWriteConfigKeysRequestWithDefaults instantiates a new TransitWriteConfigKeysRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (TransitWriteConfigKeysRequest) MarshalJSON ¶ 

func (o TransitWriteConfigKeysRequest) MarshalJSON() ([]byte, error)

type TransitWriteKeyConfigRequest ¶ 

type TransitWriteKeyConfigRequest struct {
	// Enables taking a backup of the named key in plaintext format. Once set, this cannot be disabled.
	AllowPlaintextBackup bool `json:"allow_plaintext_backup"`

	// Amount of time the key should live before being automatically rotated. A value of 0 disables automatic rotation for the key.
	AutoRotatePeriod int32 `json:"auto_rotate_period"`

	// Whether to allow deletion of the key
	DeletionAllowed bool `json:"deletion_allowed"`

	// Enables export of the key. Once set, this cannot be disabled.
	Exportable bool `json:"exportable"`

	// If set, the minimum version of the key allowed to be decrypted. For signing keys, the minimum version allowed to be used for verification.
	MinDecryptionVersion int32 `json:"min_decryption_version"`

	// If set, the minimum version of the key allowed to be used for encryption; or for signing keys, to be used for signing. If set to zero, only the latest version of the key is allowed.
	MinEncryptionVersion int32 `json:"min_encryption_version"`
}

TransitWriteKeyConfigRequest struct for TransitWriteKeyConfigRequest

func NewTransitWriteKeyConfigRequestWithDefaults ¶ 

func NewTransitWriteKeyConfigRequestWithDefaults() *TransitWriteKeyConfigRequest

NewTransitWriteKeyConfigRequestWithDefaults instantiates a new TransitWriteKeyConfigRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (TransitWriteKeyConfigRequest) MarshalJSON ¶ 

func (o TransitWriteKeyConfigRequest) MarshalJSON() ([]byte, error)

type TransitWriteKeyRequest ¶ 

type TransitWriteKeyRequest struct {
	// Enables taking a backup of the named key in plaintext format. Once set, this cannot be disabled.
	AllowPlaintextBackup bool `json:"allow_plaintext_backup"`

	// Amount of time the key should live before being automatically rotated. A value of 0 (default) disables automatic rotation for the key.
	AutoRotatePeriod int32 `json:"auto_rotate_period"`

	// Base64 encoded context for key derivation. When reading a key with key derivation enabled, if the key type supports public keys, this will return the public key for the given context.
	Context string `json:"context"`

	// Whether to support convergent encryption. This is only supported when using a key with key derivation enabled and will require all requests to carry both a context and 96-bit (12-byte) nonce. The given nonce will be used in place of a randomly generated nonce. As a result, when the same context and nonce are supplied, the same ciphertext is generated. It is *very important* when using this mode that you ensure that all nonces are unique for a given context. Failing to do so will severely impact the ciphertext's security.
	ConvergentEncryption bool `json:"convergent_encryption"`

	// Enables key derivation mode. This allows for per-transaction unique keys for encryption operations.
	Derived bool `json:"derived"`

	// Enables keys to be exportable. This allows for all the valid keys in the key ring to be exported.
	Exportable bool `json:"exportable"`

	// The key size in bytes for the algorithm. Only applies to HMAC and must be no fewer than 32 bytes and no more than 512
	KeySize int32 `json:"key_size"`

	// The type of key to create. Currently, \"aes128-gcm96\" (symmetric), \"aes256-gcm96\" (symmetric), \"ecdsa-p256\" (asymmetric), \"ecdsa-p384\" (asymmetric), \"ecdsa-p521\" (asymmetric), \"ed25519\" (asymmetric), \"rsa-2048\" (asymmetric), \"rsa-3072\" (asymmetric), \"rsa-4096\" (asymmetric) are supported. Defaults to \"aes256-gcm96\".
	Type string `json:"type"`
}

TransitWriteKeyRequest struct for TransitWriteKeyRequest

func NewTransitWriteKeyRequestWithDefaults ¶ 

func NewTransitWriteKeyRequestWithDefaults() *TransitWriteKeyRequest

NewTransitWriteKeyRequestWithDefaults instantiates a new TransitWriteKeyRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (TransitWriteKeyRequest) MarshalJSON ¶ 

func (o TransitWriteKeyRequest) MarshalJSON() ([]byte, error)

type TransitWriteRandomUrlbytesRequest ¶ 

type TransitWriteRandomUrlbytesRequest struct {
	// The number of bytes to generate (POST body parameter). Defaults to 32 (256 bits).
	Bytes int32 `json:"bytes"`

	// Encoding format to use. Can be \"hex\" or \"base64\". Defaults to \"base64\".
	Format string `json:"format"`

	// Which system to source random data from, ether \"platform\", \"seal\", or \"all\".
	Source string `json:"source"`
}

TransitWriteRandomUrlbytesRequest struct for TransitWriteRandomUrlbytesRequest

func NewTransitWriteRandomUrlbytesRequestWithDefaults ¶ 

func NewTransitWriteRandomUrlbytesRequestWithDefaults() *TransitWriteRandomUrlbytesRequest

NewTransitWriteRandomUrlbytesRequestWithDefaults instantiates a new TransitWriteRandomUrlbytesRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (TransitWriteRandomUrlbytesRequest) MarshalJSON ¶ 

func (o TransitWriteRandomUrlbytesRequest) MarshalJSON() ([]byte, error)

type UnsealRequest ¶ 

type UnsealRequest struct {
	// Specifies a single unseal key share. This is required unless reset is true.
	Key string `json:"key"`

	// Specifies if previously-provided unseal keys are discarded and the unseal process is reset.
	Reset bool `json:"reset"`
}

UnsealRequest struct for UnsealRequest

func NewUnsealRequestWithDefaults ¶ 

func NewUnsealRequestWithDefaults() *UnsealRequest

NewUnsealRequestWithDefaults instantiates a new UnsealRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (UnsealRequest) MarshalJSON ¶ 

func (o UnsealRequest) MarshalJSON() ([]byte, error)

type UserpassLoginRequest ¶ 

type UserpassLoginRequest struct {
	// Password for this user.
	Password string `json:"password"`
}

UserpassLoginRequest struct for UserpassLoginRequest

func NewUserpassLoginRequestWithDefaults ¶ 

func NewUserpassLoginRequestWithDefaults() *UserpassLoginRequest

NewUserpassLoginRequestWithDefaults instantiates a new UserpassLoginRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (UserpassLoginRequest) MarshalJSON ¶ 

func (o UserpassLoginRequest) MarshalJSON() ([]byte, error)

type UserpassWriteUserPasswordRequest ¶ 

type UserpassWriteUserPasswordRequest struct {
	// Password for this user.
	Password string `json:"password"`
}

UserpassWriteUserPasswordRequest struct for UserpassWriteUserPasswordRequest

func NewUserpassWriteUserPasswordRequestWithDefaults ¶ 

func NewUserpassWriteUserPasswordRequestWithDefaults() *UserpassWriteUserPasswordRequest

NewUserpassWriteUserPasswordRequestWithDefaults instantiates a new UserpassWriteUserPasswordRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (UserpassWriteUserPasswordRequest) MarshalJSON ¶ 

func (o UserpassWriteUserPasswordRequest) MarshalJSON() ([]byte, error)

type UserpassWriteUserPoliciesRequest ¶ 

type UserpassWriteUserPoliciesRequest struct {
	// Use \"token_policies\" instead. If this and \"token_policies\" are both specified, only \"token_policies\" will be used.
	// Deprecated
	Policies []string `json:"policies"`

	// Comma-separated list of policies
	TokenPolicies []string `json:"token_policies"`
}

UserpassWriteUserPoliciesRequest struct for UserpassWriteUserPoliciesRequest

func NewUserpassWriteUserPoliciesRequestWithDefaults ¶ 

func NewUserpassWriteUserPoliciesRequestWithDefaults() *UserpassWriteUserPoliciesRequest

NewUserpassWriteUserPoliciesRequestWithDefaults instantiates a new UserpassWriteUserPoliciesRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (UserpassWriteUserPoliciesRequest) MarshalJSON ¶ 

func (o UserpassWriteUserPoliciesRequest) MarshalJSON() ([]byte, error)

type UserpassWriteUserRequest ¶ 

type UserpassWriteUserRequest struct {
	// Use \"token_bound_cidrs\" instead. If this and \"token_bound_cidrs\" are both specified, only \"token_bound_cidrs\" will be used.
	// Deprecated
	BoundCidrs []string `json:"bound_cidrs"`

	// Use \"token_max_ttl\" instead. If this and \"token_max_ttl\" are both specified, only \"token_max_ttl\" will be used.
	// Deprecated
	MaxTtl int32 `json:"max_ttl"`

	// Password for this user.
	Password string `json:"password"`

	// Use \"token_policies\" instead. If this and \"token_policies\" are both specified, only \"token_policies\" will be used.
	// Deprecated
	Policies []string `json:"policies"`

	// Comma separated string or JSON list of CIDR blocks. If set, specifies the blocks of IP addresses which are allowed to use the generated token.
	TokenBoundCidrs []string `json:"token_bound_cidrs"`

	// If set, tokens created via this role carry an explicit maximum TTL. During renewal, the current maximum TTL values of the role and the mount are not checked for changes, and any updates to these values will have no effect on the token being renewed.
	TokenExplicitMaxTtl int32 `json:"token_explicit_max_ttl"`

	// The maximum lifetime of the generated token
	TokenMaxTtl int32 `json:"token_max_ttl"`

	// If true, the 'default' policy will not automatically be added to generated tokens
	TokenNoDefaultPolicy bool `json:"token_no_default_policy"`

	// The maximum number of times a token may be used, a value of zero means unlimited
	TokenNumUses int32 `json:"token_num_uses"`

	// If set, tokens created via this role will have no max lifetime; instead, their renewal period will be fixed to this value. This takes an integer number of seconds, or a string duration (e.g. \"24h\").
	TokenPeriod int32 `json:"token_period"`

	// Comma-separated list of policies
	TokenPolicies []string `json:"token_policies"`

	// The initial ttl of the token to generate
	TokenTtl int32 `json:"token_ttl"`

	// The type of token to generate, service or batch
	TokenType string `json:"token_type"`

	// Use \"token_ttl\" instead. If this and \"token_ttl\" are both specified, only \"token_ttl\" will be used.
	// Deprecated
	Ttl int32 `json:"ttl"`
}

UserpassWriteUserRequest struct for UserpassWriteUserRequest

func NewUserpassWriteUserRequestWithDefaults ¶ 

func NewUserpassWriteUserRequestWithDefaults() *UserpassWriteUserRequest

NewUserpassWriteUserRequestWithDefaults instantiates a new UserpassWriteUserRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (UserpassWriteUserRequest) MarshalJSON ¶ 

func (o UserpassWriteUserRequest) MarshalJSON() ([]byte, error)

type WrappingRewrapRequest ¶ 

type WrappingRewrapRequest struct {
	Token string `json:"token"`
}

WrappingRewrapRequest struct for WrappingRewrapRequest

func NewWrappingRewrapRequestWithDefaults ¶ 

func NewWrappingRewrapRequestWithDefaults() *WrappingRewrapRequest

NewWrappingRewrapRequestWithDefaults instantiates a new WrappingRewrapRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (WrappingRewrapRequest) MarshalJSON ¶ 

func (o WrappingRewrapRequest) MarshalJSON() ([]byte, error)

type WrappingUnwrapRequest ¶ 

type WrappingUnwrapRequest struct {
	Token string `json:"token"`
}

WrappingUnwrapRequest struct for WrappingUnwrapRequest

func NewWrappingUnwrapRequestWithDefaults ¶ 

func NewWrappingUnwrapRequestWithDefaults() *WrappingUnwrapRequest

NewWrappingUnwrapRequestWithDefaults instantiates a new WrappingUnwrapRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (WrappingUnwrapRequest) MarshalJSON ¶ 

func (o WrappingUnwrapRequest) MarshalJSON() ([]byte, error)

type WrappingWriteLookupRequest ¶ 

type WrappingWriteLookupRequest struct {
	Token string `json:"token"`
}

WrappingWriteLookupRequest struct for WrappingWriteLookupRequest

func NewWrappingWriteLookupRequestWithDefaults ¶ 

func NewWrappingWriteLookupRequestWithDefaults() *WrappingWriteLookupRequest

NewWrappingWriteLookupRequestWithDefaults instantiates a new WrappingWriteLookupRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (WrappingWriteLookupRequest) MarshalJSON ¶ 

func (o WrappingWriteLookupRequest) MarshalJSON() ([]byte, error)

type WriteAuditDeviceRequest ¶ 

type WriteAuditDeviceRequest struct {
	// User-friendly description for this audit backend.
	Description string `json:"description"`

	// Mark the mount as a local mount, which is not replicated and is unaffected by replication.
	Local bool `json:"local"`

	// Configuration options for the audit backend.
	Options map[string]interface{} `json:"options"`

	// The type of the backend. Example: \"mysql\"
	Type string `json:"type"`
}

WriteAuditDeviceRequest struct for WriteAuditDeviceRequest

func NewWriteAuditDeviceRequestWithDefaults ¶ 

func NewWriteAuditDeviceRequestWithDefaults() *WriteAuditDeviceRequest

NewWriteAuditDeviceRequestWithDefaults instantiates a new WriteAuditDeviceRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (WriteAuditDeviceRequest) MarshalJSON ¶ 

func (o WriteAuditDeviceRequest) MarshalJSON() ([]byte, error)

type WriteAuthMethodRequest ¶ 

type WriteAuthMethodRequest struct {
	// Configuration for this mount, such as plugin_name.
	Config map[string]interface{} `json:"config"`

	// User-friendly description for this credential backend.
	Description string `json:"description"`

	// Whether to give the mount access to Vault's external entropy.
	ExternalEntropyAccess bool `json:"external_entropy_access"`

	// Mark the mount as a local mount, which is not replicated and is unaffected by replication.
	Local bool `json:"local"`

	// The options to pass into the backend. Should be a json object with string keys and values.
	Options map[string]interface{} `json:"options"`

	// Name of the auth plugin to use based from the name in the plugin catalog.
	PluginName string `json:"plugin_name"`

	// The semantic version of the plugin to use.
	PluginVersion string `json:"plugin_version"`

	// Whether to turn on seal wrapping for the mount.
	SealWrap bool `json:"seal_wrap"`

	// The type of the backend. Example: \"userpass\"
	Type string `json:"type"`
}

WriteAuthMethodRequest struct for WriteAuthMethodRequest

func NewWriteAuthMethodRequestWithDefaults ¶ 

func NewWriteAuthMethodRequestWithDefaults() *WriteAuthMethodRequest

NewWriteAuthMethodRequestWithDefaults instantiates a new WriteAuthMethodRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (WriteAuthMethodRequest) MarshalJSON ¶ 

func (o WriteAuthMethodRequest) MarshalJSON() ([]byte, error)

type WriteAuthMethodTuneRequest ¶ 

type WriteAuthMethodTuneRequest struct {
	// A list of headers to whitelist and allow a plugin to set on responses.
	AllowedResponseHeaders []string `json:"allowed_response_headers"`

	// The list of keys in the request data object that will not be HMAC'ed by audit devices.
	AuditNonHmacRequestKeys []string `json:"audit_non_hmac_request_keys"`

	// The list of keys in the response data object that will not be HMAC'ed by audit devices.
	AuditNonHmacResponseKeys []string `json:"audit_non_hmac_response_keys"`

	// The default lease TTL for this mount.
	DefaultLeaseTtl string `json:"default_lease_ttl"`

	// User-friendly description for this credential backend.
	Description string `json:"description"`

	// Determines the visibility of the mount in the UI-specific listing endpoint. Accepted value are 'unauth' and 'hidden', with the empty default (”) behaving like 'hidden'.
	ListingVisibility string `json:"listing_visibility"`

	// The max lease TTL for this mount.
	MaxLeaseTtl string `json:"max_lease_ttl"`

	// The options to pass into the backend. Should be a json object with string keys and values.
	Options map[string]interface{} `json:"options"`

	// A list of headers to whitelist and pass from the request to the plugin.
	PassthroughRequestHeaders []string `json:"passthrough_request_headers"`

	// The semantic version of the plugin to use.
	PluginVersion string `json:"plugin_version"`

	// The type of token to issue (service or batch).
	TokenType string `json:"token_type"`

	// The user lockout configuration to pass into the backend. Should be a json object with string keys and values.
	UserLockoutConfig map[string]interface{} `json:"user_lockout_config"`
}

WriteAuthMethodTuneRequest struct for WriteAuthMethodTuneRequest

func NewWriteAuthMethodTuneRequestWithDefaults ¶ 

func NewWriteAuthMethodTuneRequestWithDefaults() *WriteAuthMethodTuneRequest

NewWriteAuthMethodTuneRequestWithDefaults instantiates a new WriteAuthMethodTuneRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (WriteAuthMethodTuneRequest) MarshalJSON ¶ 

func (o WriteAuthMethodTuneRequest) MarshalJSON() ([]byte, error)

type WriteCapabilitiesAccessorRequest ¶ 

type WriteCapabilitiesAccessorRequest struct {
	// Accessor of the token for which capabilities are being queried.
	Accessor string `json:"accessor"`

	// Use 'paths' instead.
	// Deprecated
	Path []string `json:"path"`

	// Paths on which capabilities are being queried.
	Paths []string `json:"paths"`
}

WriteCapabilitiesAccessorRequest struct for WriteCapabilitiesAccessorRequest

func NewWriteCapabilitiesAccessorRequestWithDefaults ¶ 

func NewWriteCapabilitiesAccessorRequestWithDefaults() *WriteCapabilitiesAccessorRequest

NewWriteCapabilitiesAccessorRequestWithDefaults instantiates a new WriteCapabilitiesAccessorRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (WriteCapabilitiesAccessorRequest) MarshalJSON ¶ 

func (o WriteCapabilitiesAccessorRequest) MarshalJSON() ([]byte, error)

type WriteCapabilitiesRequest ¶ 

type WriteCapabilitiesRequest struct {
	// Use 'paths' instead.
	// Deprecated
	Path []string `json:"path"`

	// Paths on which capabilities are being queried.
	Paths []string `json:"paths"`

	// Token for which capabilities are being queried.
	Token string `json:"token"`
}

WriteCapabilitiesRequest struct for WriteCapabilitiesRequest

func NewWriteCapabilitiesRequestWithDefaults ¶ 

func NewWriteCapabilitiesRequestWithDefaults() *WriteCapabilitiesRequest

NewWriteCapabilitiesRequestWithDefaults instantiates a new WriteCapabilitiesRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (WriteCapabilitiesRequest) MarshalJSON ¶ 

func (o WriteCapabilitiesRequest) MarshalJSON() ([]byte, error)

type WriteCapabilitiesSelfRequest ¶ 

type WriteCapabilitiesSelfRequest struct {
	// Use 'paths' instead.
	// Deprecated
	Path []string `json:"path"`

	// Paths on which capabilities are being queried.
	Paths []string `json:"paths"`

	// Token for which capabilities are being queried.
	Token string `json:"token"`
}

WriteCapabilitiesSelfRequest struct for WriteCapabilitiesSelfRequest

func NewWriteCapabilitiesSelfRequestWithDefaults ¶ 

func NewWriteCapabilitiesSelfRequestWithDefaults() *WriteCapabilitiesSelfRequest

NewWriteCapabilitiesSelfRequestWithDefaults instantiates a new WriteCapabilitiesSelfRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (WriteCapabilitiesSelfRequest) MarshalJSON ¶ 

func (o WriteCapabilitiesSelfRequest) MarshalJSON() ([]byte, error)

type WriteConfigAuditingRequestHeaderRequest ¶ 

type WriteConfigAuditingRequestHeaderRequest struct {
	Hmac bool `json:"hmac"`
}

WriteConfigAuditingRequestHeaderRequest struct for WriteConfigAuditingRequestHeaderRequest

func NewWriteConfigAuditingRequestHeaderRequestWithDefaults ¶ 

func NewWriteConfigAuditingRequestHeaderRequestWithDefaults() *WriteConfigAuditingRequestHeaderRequest

NewWriteConfigAuditingRequestHeaderRequestWithDefaults instantiates a new WriteConfigAuditingRequestHeaderRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (WriteConfigAuditingRequestHeaderRequest) MarshalJSON ¶ 

func (o WriteConfigAuditingRequestHeaderRequest) MarshalJSON() ([]byte, error)

type WriteConfigCORSRequest ¶ 

type WriteConfigCORSRequest struct {
	// A comma-separated string or array of strings indicating headers that are allowed on cross-origin requests.
	AllowedHeaders []string `json:"allowed_headers"`

	// A comma-separated string or array of strings indicating origins that may make cross-origin requests.
	AllowedOrigins []string `json:"allowed_origins"`

	// Enables or disables CORS headers on requests.
	Enable bool `json:"enable"`
}

WriteConfigCORSRequest struct for WriteConfigCORSRequest

func NewWriteConfigCORSRequestWithDefaults ¶ 

func NewWriteConfigCORSRequestWithDefaults() *WriteConfigCORSRequest

NewWriteConfigCORSRequestWithDefaults instantiates a new WriteConfigCORSRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (WriteConfigCORSRequest) MarshalJSON ¶ 

func (o WriteConfigCORSRequest) MarshalJSON() ([]byte, error)

type WriteConfigUIHeaderRequest ¶ 

type WriteConfigUIHeaderRequest struct {
	// Returns multiple values if true
	Multivalue bool `json:"multivalue"`

	// The values to set the header.
	Values []string `json:"values"`
}

WriteConfigUIHeaderRequest struct for WriteConfigUIHeaderRequest

func NewWriteConfigUIHeaderRequestWithDefaults ¶ 

func NewWriteConfigUIHeaderRequestWithDefaults() *WriteConfigUIHeaderRequest

NewWriteConfigUIHeaderRequestWithDefaults instantiates a new WriteConfigUIHeaderRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (WriteConfigUIHeaderRequest) MarshalJSON ¶ 

func (o WriteConfigUIHeaderRequest) MarshalJSON() ([]byte, error)

type WriteGenerateRootAttemptRequest ¶ 

type WriteGenerateRootAttemptRequest struct {
	// Specifies a base64-encoded PGP public key.
	PgpKey string `json:"pgp_key"`
}

WriteGenerateRootAttemptRequest struct for WriteGenerateRootAttemptRequest

func NewWriteGenerateRootAttemptRequestWithDefaults ¶ 

func NewWriteGenerateRootAttemptRequestWithDefaults() *WriteGenerateRootAttemptRequest

NewWriteGenerateRootAttemptRequestWithDefaults instantiates a new WriteGenerateRootAttemptRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (WriteGenerateRootAttemptRequest) MarshalJSON ¶ 

func (o WriteGenerateRootAttemptRequest) MarshalJSON() ([]byte, error)

type WriteGenerateRootRequest ¶ 

type WriteGenerateRootRequest struct {
	// Specifies a base64-encoded PGP public key.
	PgpKey string `json:"pgp_key"`
}

WriteGenerateRootRequest struct for WriteGenerateRootRequest

func NewWriteGenerateRootRequestWithDefaults ¶ 

func NewWriteGenerateRootRequestWithDefaults() *WriteGenerateRootRequest

NewWriteGenerateRootRequestWithDefaults instantiates a new WriteGenerateRootRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (WriteGenerateRootRequest) MarshalJSON ¶ 

func (o WriteGenerateRootRequest) MarshalJSON() ([]byte, error)

type WriteGenerateRootUpdateRequest ¶ 

type WriteGenerateRootUpdateRequest struct {
	// Specifies a single unseal key share.
	Key string `json:"key"`

	// Specifies the nonce of the attempt.
	Nonce string `json:"nonce"`
}

WriteGenerateRootUpdateRequest struct for WriteGenerateRootUpdateRequest

func NewWriteGenerateRootUpdateRequestWithDefaults ¶ 

func NewWriteGenerateRootUpdateRequestWithDefaults() *WriteGenerateRootUpdateRequest

NewWriteGenerateRootUpdateRequestWithDefaults instantiates a new WriteGenerateRootUpdateRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (WriteGenerateRootUpdateRequest) MarshalJSON ¶ 

func (o WriteGenerateRootUpdateRequest) MarshalJSON() ([]byte, error)

type WriteInitRequest ¶ 

type WriteInitRequest struct {
	// Specifies an array of PGP public keys used to encrypt the output unseal keys. Ordering is preserved. The keys must be base64-encoded from their original binary representation. The size of this array must be the same as `secret_shares`.
	PgpKeys []string `json:"pgp_keys"`

	// Specifies an array of PGP public keys used to encrypt the output recovery keys. Ordering is preserved. The keys must be base64-encoded from their original binary representation. The size of this array must be the same as `recovery_shares`.
	RecoveryPgpKeys []string `json:"recovery_pgp_keys"`

	// Specifies the number of shares to split the recovery key into.
	RecoveryShares int32 `json:"recovery_shares"`

	// Specifies the number of shares required to reconstruct the recovery key. This must be less than or equal to `recovery_shares`.
	RecoveryThreshold int32 `json:"recovery_threshold"`

	// Specifies a PGP public key used to encrypt the initial root token. The key must be base64-encoded from its original binary representation.
	RootTokenPgpKey string `json:"root_token_pgp_key"`

	// Specifies the number of shares to split the unseal key into.
	SecretShares int32 `json:"secret_shares"`

	// Specifies the number of shares required to reconstruct the unseal key. This must be less than or equal secret_shares. If using Vault HSM with auto-unsealing, this value must be the same as `secret_shares`.
	SecretThreshold int32 `json:"secret_threshold"`

	// Specifies the number of shares that should be encrypted by the HSM and stored for auto-unsealing. Currently must be the same as `secret_shares`.
	StoredShares int32 `json:"stored_shares"`
}

WriteInitRequest struct for WriteInitRequest

func NewWriteInitRequestWithDefaults ¶ 

func NewWriteInitRequestWithDefaults() *WriteInitRequest

NewWriteInitRequestWithDefaults instantiates a new WriteInitRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (WriteInitRequest) MarshalJSON ¶ 

func (o WriteInitRequest) MarshalJSON() ([]byte, error)

type WriteInternalCountersConfigRequest ¶ 

type WriteInternalCountersConfigRequest struct {
	// Number of months to report if no start date specified.
	DefaultReportMonths int32 `json:"default_report_months"`

	// Enable or disable collection of client count: enable, disable, or default.
	Enabled string `json:"enabled"`

	// Number of months of client data to retain. Setting to 0 will clear all existing data.
	RetentionMonths int32 `json:"retention_months"`
}

WriteInternalCountersConfigRequest struct for WriteInternalCountersConfigRequest

func NewWriteInternalCountersConfigRequestWithDefaults ¶ 

func NewWriteInternalCountersConfigRequestWithDefaults() *WriteInternalCountersConfigRequest

NewWriteInternalCountersConfigRequestWithDefaults instantiates a new WriteInternalCountersConfigRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (WriteInternalCountersConfigRequest) MarshalJSON ¶ 

func (o WriteInternalCountersConfigRequest) MarshalJSON() ([]byte, error)

type WriteInternalSpecsOpenAPIRequest ¶ 

type WriteInternalSpecsOpenAPIRequest struct {
	// Context string appended to every operationId
	Context string `json:"context"`
}

WriteInternalSpecsOpenAPIRequest struct for WriteInternalSpecsOpenAPIRequest

func NewWriteInternalSpecsOpenAPIRequestWithDefaults ¶ 

func NewWriteInternalSpecsOpenAPIRequestWithDefaults() *WriteInternalSpecsOpenAPIRequest

NewWriteInternalSpecsOpenAPIRequestWithDefaults instantiates a new WriteInternalSpecsOpenAPIRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (WriteInternalSpecsOpenAPIRequest) MarshalJSON ¶ 

func (o WriteInternalSpecsOpenAPIRequest) MarshalJSON() ([]byte, error)

type WriteLeasesLookupRequest ¶ 

type WriteLeasesLookupRequest struct {
	// The lease identifier to renew. This is included with a lease.
	LeaseId string `json:"lease_id"`
}

WriteLeasesLookupRequest struct for WriteLeasesLookupRequest

func NewWriteLeasesLookupRequestWithDefaults ¶ 

func NewWriteLeasesLookupRequestWithDefaults() *WriteLeasesLookupRequest

NewWriteLeasesLookupRequestWithDefaults instantiates a new WriteLeasesLookupRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (WriteLeasesLookupRequest) MarshalJSON ¶ 

func (o WriteLeasesLookupRequest) MarshalJSON() ([]byte, error)

type WriteLeasesRenew2Request ¶ 

type WriteLeasesRenew2Request struct {
	// The desired increment in seconds to the lease
	Increment int32 `json:"increment"`

	// The lease identifier to renew. This is included with a lease.
	LeaseId string `json:"lease_id"`
}

WriteLeasesRenew2Request struct for WriteLeasesRenew2Request

func NewWriteLeasesRenew2RequestWithDefaults ¶ 

func NewWriteLeasesRenew2RequestWithDefaults() *WriteLeasesRenew2Request

NewWriteLeasesRenew2RequestWithDefaults instantiates a new WriteLeasesRenew2Request object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (WriteLeasesRenew2Request) MarshalJSON ¶ 

func (o WriteLeasesRenew2Request) MarshalJSON() ([]byte, error)

type WriteLeasesRenewRequest ¶ 

type WriteLeasesRenewRequest struct {
	// The desired increment in seconds to the lease
	Increment int32 `json:"increment"`

	// The lease identifier to renew. This is included with a lease.
	LeaseId string `json:"lease_id"`

	// The lease identifier to renew. This is included with a lease.
	UrlLeaseId string `json:"url_lease_id"`
}

WriteLeasesRenewRequest struct for WriteLeasesRenewRequest

func NewWriteLeasesRenewRequestWithDefaults ¶ 

func NewWriteLeasesRenewRequestWithDefaults() *WriteLeasesRenewRequest

NewWriteLeasesRenewRequestWithDefaults instantiates a new WriteLeasesRenewRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (WriteLeasesRenewRequest) MarshalJSON ¶ 

func (o WriteLeasesRenewRequest) MarshalJSON() ([]byte, error)

type WriteLeasesRevoke2Request ¶ 

type WriteLeasesRevoke2Request struct {
	// The lease identifier to renew. This is included with a lease.
	LeaseId string `json:"lease_id"`

	// Whether or not to perform the revocation synchronously
	Sync bool `json:"sync"`
}

WriteLeasesRevoke2Request struct for WriteLeasesRevoke2Request

func NewWriteLeasesRevoke2RequestWithDefaults ¶ 

func NewWriteLeasesRevoke2RequestWithDefaults() *WriteLeasesRevoke2Request

NewWriteLeasesRevoke2RequestWithDefaults instantiates a new WriteLeasesRevoke2Request object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (WriteLeasesRevoke2Request) MarshalJSON ¶ 

func (o WriteLeasesRevoke2Request) MarshalJSON() ([]byte, error)

type WriteLeasesRevokePrefixRequest ¶ 

type WriteLeasesRevokePrefixRequest struct {
	// Whether or not to perform the revocation synchronously
	Sync bool `json:"sync"`
}

WriteLeasesRevokePrefixRequest struct for WriteLeasesRevokePrefixRequest

func NewWriteLeasesRevokePrefixRequestWithDefaults ¶ 

func NewWriteLeasesRevokePrefixRequestWithDefaults() *WriteLeasesRevokePrefixRequest

NewWriteLeasesRevokePrefixRequestWithDefaults instantiates a new WriteLeasesRevokePrefixRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (WriteLeasesRevokePrefixRequest) MarshalJSON ¶ 

func (o WriteLeasesRevokePrefixRequest) MarshalJSON() ([]byte, error)

type WriteLeasesRevokeRequest ¶ 

type WriteLeasesRevokeRequest struct {
	// The lease identifier to renew. This is included with a lease.
	LeaseId string `json:"lease_id"`

	// Whether or not to perform the revocation synchronously
	Sync bool `json:"sync"`

	// The lease identifier to renew. This is included with a lease.
	UrlLeaseId string `json:"url_lease_id"`
}

WriteLeasesRevokeRequest struct for WriteLeasesRevokeRequest

func NewWriteLeasesRevokeRequestWithDefaults ¶ 

func NewWriteLeasesRevokeRequestWithDefaults() *WriteLeasesRevokeRequest

NewWriteLeasesRevokeRequestWithDefaults instantiates a new WriteLeasesRevokeRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (WriteLeasesRevokeRequest) MarshalJSON ¶ 

func (o WriteLeasesRevokeRequest) MarshalJSON() ([]byte, error)

type WriteLoggerRequest ¶ 

type WriteLoggerRequest struct {
	// Log verbosity level. Supported values (in order of detail) are \"trace\", \"debug\", \"info\", \"warn\", and \"error\".
	Level string `json:"level"`
}

WriteLoggerRequest struct for WriteLoggerRequest

func NewWriteLoggerRequestWithDefaults ¶ 

func NewWriteLoggerRequestWithDefaults() *WriteLoggerRequest

NewWriteLoggerRequestWithDefaults instantiates a new WriteLoggerRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (WriteLoggerRequest) MarshalJSON ¶ 

func (o WriteLoggerRequest) MarshalJSON() ([]byte, error)

type WriteLoggersRequest ¶ 

type WriteLoggersRequest struct {
	// Log verbosity level. Supported values (in order of detail) are \"trace\", \"debug\", \"info\", \"warn\", and \"error\".
	Level string `json:"level"`
}

WriteLoggersRequest struct for WriteLoggersRequest

func NewWriteLoggersRequestWithDefaults ¶ 

func NewWriteLoggersRequestWithDefaults() *WriteLoggersRequest

NewWriteLoggersRequestWithDefaults instantiates a new WriteLoggersRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (WriteLoggersRequest) MarshalJSON ¶ 

func (o WriteLoggersRequest) MarshalJSON() ([]byte, error)

type WriteMountRequest ¶ 

type WriteMountRequest struct {
	// Configuration for this mount, such as default_lease_ttl and max_lease_ttl.
	Config map[string]interface{} `json:"config"`

	// User-friendly description for this mount.
	Description string `json:"description"`

	// Whether to give the mount access to Vault's external entropy.
	ExternalEntropyAccess bool `json:"external_entropy_access"`

	// Mark the mount as a local mount, which is not replicated and is unaffected by replication.
	Local bool `json:"local"`

	// The options to pass into the backend. Should be a json object with string keys and values.
	Options map[string]interface{} `json:"options"`

	// Name of the plugin to mount based from the name registered in the plugin catalog.
	PluginName string `json:"plugin_name"`

	// The semantic version of the plugin to use.
	PluginVersion string `json:"plugin_version"`

	// Whether to turn on seal wrapping for the mount.
	SealWrap bool `json:"seal_wrap"`

	// The type of the backend. Example: \"passthrough\"
	Type string `json:"type"`
}

WriteMountRequest struct for WriteMountRequest

func NewWriteMountRequestWithDefaults ¶ 

func NewWriteMountRequestWithDefaults() *WriteMountRequest

NewWriteMountRequestWithDefaults instantiates a new WriteMountRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (WriteMountRequest) MarshalJSON ¶ 

func (o WriteMountRequest) MarshalJSON() ([]byte, error)

type WriteMountsConfigRequest ¶ 

type WriteMountsConfigRequest struct {
	AllowedManagedKeys []string `json:"allowed_managed_keys"`

	// A list of headers to whitelist and allow a plugin to set on responses.
	AllowedResponseHeaders []string `json:"allowed_response_headers"`

	// The list of keys in the request data object that will not be HMAC'ed by audit devices.
	AuditNonHmacRequestKeys []string `json:"audit_non_hmac_request_keys"`

	// The list of keys in the response data object that will not be HMAC'ed by audit devices.
	AuditNonHmacResponseKeys []string `json:"audit_non_hmac_response_keys"`

	// The default lease TTL for this mount.
	DefaultLeaseTtl string `json:"default_lease_ttl"`

	// User-friendly description for this credential backend.
	Description string `json:"description"`

	// Determines the visibility of the mount in the UI-specific listing endpoint. Accepted value are 'unauth' and 'hidden', with the empty default (”) behaving like 'hidden'.
	ListingVisibility string `json:"listing_visibility"`

	// The max lease TTL for this mount.
	MaxLeaseTtl string `json:"max_lease_ttl"`

	// The options to pass into the backend. Should be a json object with string keys and values.
	Options map[string]interface{} `json:"options"`

	// A list of headers to whitelist and pass from the request to the plugin.
	PassthroughRequestHeaders []string `json:"passthrough_request_headers"`

	// The semantic version of the plugin to use.
	PluginVersion string `json:"plugin_version"`

	// The type of token to issue (service or batch).
	TokenType string `json:"token_type"`

	// The user lockout configuration to pass into the backend. Should be a json object with string keys and values.
	UserLockoutConfig map[string]interface{} `json:"user_lockout_config"`
}

WriteMountsConfigRequest struct for WriteMountsConfigRequest

func NewWriteMountsConfigRequestWithDefaults ¶ 

func NewWriteMountsConfigRequestWithDefaults() *WriteMountsConfigRequest

NewWriteMountsConfigRequestWithDefaults instantiates a new WriteMountsConfigRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (WriteMountsConfigRequest) MarshalJSON ¶ 

func (o WriteMountsConfigRequest) MarshalJSON() ([]byte, error)

type WritePluginsCatalogByTypeByNameRequest ¶ 

type WritePluginsCatalogByTypeByNameRequest struct {
	// The args passed to plugin command.
	Args []string `json:"args"`

	// The command used to start the plugin. The executable defined in this command must exist in vault's plugin directory.
	Command string `json:"command"`

	// The environment variables passed to plugin command. Each entry is of the form \"key=value\".
	Env []string `json:"env"`

	// The SHA256 sum of the executable used in the command field. This should be HEX encoded.
	Sha256 string `json:"sha256"`

	// The semantic version of the plugin to use.
	Version string `json:"version"`
}

WritePluginsCatalogByTypeByNameRequest struct for WritePluginsCatalogByTypeByNameRequest

func NewWritePluginsCatalogByTypeByNameRequestWithDefaults ¶ 

func NewWritePluginsCatalogByTypeByNameRequestWithDefaults() *WritePluginsCatalogByTypeByNameRequest

NewWritePluginsCatalogByTypeByNameRequestWithDefaults instantiates a new WritePluginsCatalogByTypeByNameRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (WritePluginsCatalogByTypeByNameRequest) MarshalJSON ¶ 

func (o WritePluginsCatalogByTypeByNameRequest) MarshalJSON() ([]byte, error)

type WritePluginsReloadBackendRequest ¶ 

type WritePluginsReloadBackendRequest struct {
	// The mount paths of the plugin backends to reload.
	Mounts []string `json:"mounts"`

	// The name of the plugin to reload, as registered in the plugin catalog.
	Plugin string `json:"plugin"`

	Scope string `json:"scope"`
}

WritePluginsReloadBackendRequest struct for WritePluginsReloadBackendRequest

func NewWritePluginsReloadBackendRequestWithDefaults ¶ 

func NewWritePluginsReloadBackendRequestWithDefaults() *WritePluginsReloadBackendRequest

NewWritePluginsReloadBackendRequestWithDefaults instantiates a new WritePluginsReloadBackendRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (WritePluginsReloadBackendRequest) MarshalJSON ¶ 

func (o WritePluginsReloadBackendRequest) MarshalJSON() ([]byte, error)

type WritePoliciesACLRequest ¶ 

type WritePoliciesACLRequest struct {
	// The rules of the policy.
	Policy string `json:"policy"`
}

WritePoliciesACLRequest struct for WritePoliciesACLRequest

func NewWritePoliciesACLRequestWithDefaults ¶ 

func NewWritePoliciesACLRequestWithDefaults() *WritePoliciesACLRequest

NewWritePoliciesACLRequestWithDefaults instantiates a new WritePoliciesACLRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (WritePoliciesACLRequest) MarshalJSON ¶ 

func (o WritePoliciesACLRequest) MarshalJSON() ([]byte, error)

type WritePoliciesPasswordRequest ¶ 

type WritePoliciesPasswordRequest struct {
	// The password policy
	Policy string `json:"policy"`
}

WritePoliciesPasswordRequest struct for WritePoliciesPasswordRequest

func NewWritePoliciesPasswordRequestWithDefaults ¶ 

func NewWritePoliciesPasswordRequestWithDefaults() *WritePoliciesPasswordRequest

NewWritePoliciesPasswordRequestWithDefaults instantiates a new WritePoliciesPasswordRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (WritePoliciesPasswordRequest) MarshalJSON ¶ 

func (o WritePoliciesPasswordRequest) MarshalJSON() ([]byte, error)

type WritePolicyRequest ¶ 

type WritePolicyRequest struct {
	// The rules of the policy.
	Policy string `json:"policy"`

	// The rules of the policy.
	// Deprecated
	Rules string `json:"rules"`
}

WritePolicyRequest struct for WritePolicyRequest

func NewWritePolicyRequestWithDefaults ¶ 

func NewWritePolicyRequestWithDefaults() *WritePolicyRequest

NewWritePolicyRequestWithDefaults instantiates a new WritePolicyRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (WritePolicyRequest) MarshalJSON ¶ 

func (o WritePolicyRequest) MarshalJSON() ([]byte, error)

type WriteQuotasConfigRequest ¶ 

type WriteQuotasConfigRequest struct {
	// If set, starts audit logging of requests that get rejected due to rate limit quota rule violations.
	EnableRateLimitAuditLogging bool `json:"enable_rate_limit_audit_logging"`

	// If set, additional rate limit quota HTTP headers will be added to responses.
	EnableRateLimitResponseHeaders bool `json:"enable_rate_limit_response_headers"`

	// Specifies the list of exempt paths from all rate limit quotas. If empty no paths will be exempt.
	RateLimitExemptPaths []string `json:"rate_limit_exempt_paths"`
}

WriteQuotasConfigRequest struct for WriteQuotasConfigRequest

func NewWriteQuotasConfigRequestWithDefaults ¶ 

func NewWriteQuotasConfigRequestWithDefaults() *WriteQuotasConfigRequest

NewWriteQuotasConfigRequestWithDefaults instantiates a new WriteQuotasConfigRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (WriteQuotasConfigRequest) MarshalJSON ¶ 

func (o WriteQuotasConfigRequest) MarshalJSON() ([]byte, error)

type WriteQuotasRateLimitRequest ¶ 

type WriteQuotasRateLimitRequest struct {
	// If set, when a client reaches a rate limit threshold, the client will be prohibited from any further requests until after the 'block_interval' has elapsed.
	BlockInterval int32 `json:"block_interval"`

	// The duration to enforce rate limiting for (default '1s').
	Interval int32 `json:"interval"`

	// Path of the mount or namespace to apply the quota. A blank path configures a global quota. For example namespace1/ adds a quota to a full namespace, namespace1/auth/userpass adds a quota to userpass in namespace1.
	Path string `json:"path"`

	// The maximum number of requests in a given interval to be allowed by the quota rule. The 'rate' must be positive.
	Rate float32 `json:"rate"`

	// Login role to apply this quota to. Note that when set, path must be configured to a valid auth method with a concept of roles.
	Role string `json:"role"`

	// Type of the quota rule.
	Type string `json:"type"`
}

WriteQuotasRateLimitRequest struct for WriteQuotasRateLimitRequest

func NewWriteQuotasRateLimitRequestWithDefaults ¶ 

func NewWriteQuotasRateLimitRequestWithDefaults() *WriteQuotasRateLimitRequest

NewWriteQuotasRateLimitRequestWithDefaults instantiates a new WriteQuotasRateLimitRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (WriteQuotasRateLimitRequest) MarshalJSON ¶ 

func (o WriteQuotasRateLimitRequest) MarshalJSON() ([]byte, error)

type WriteRawPathRequest ¶ 

type WriteRawPathRequest struct {
	Compressed bool `json:"compressed"`

	CompressionType string `json:"compression_type"`

	Encoding string `json:"encoding"`

	Value string `json:"value"`
}

WriteRawPathRequest struct for WriteRawPathRequest

func NewWriteRawPathRequestWithDefaults ¶ 

func NewWriteRawPathRequestWithDefaults() *WriteRawPathRequest

NewWriteRawPathRequestWithDefaults instantiates a new WriteRawPathRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (WriteRawPathRequest) MarshalJSON ¶ 

func (o WriteRawPathRequest) MarshalJSON() ([]byte, error)

type WriteRawRequest ¶ 

type WriteRawRequest struct {
	Compressed bool `json:"compressed"`

	CompressionType string `json:"compression_type"`

	Encoding string `json:"encoding"`

	Path string `json:"path"`

	Value string `json:"value"`
}

WriteRawRequest struct for WriteRawRequest

func NewWriteRawRequestWithDefaults ¶ 

func NewWriteRawRequestWithDefaults() *WriteRawRequest

NewWriteRawRequestWithDefaults instantiates a new WriteRawRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (WriteRawRequest) MarshalJSON ¶ 

func (o WriteRawRequest) MarshalJSON() ([]byte, error)

type WriteRekeyInitRequest ¶ 

type WriteRekeyInitRequest struct {
	// Specifies if using PGP-encrypted keys, whether Vault should also store a plaintext backup of the PGP-encrypted keys.
	Backup bool `json:"backup"`

	// Specifies an array of PGP public keys used to encrypt the output unseal keys. Ordering is preserved. The keys must be base64-encoded from their original binary representation. The size of this array must be the same as secret_shares.
	PgpKeys []string `json:"pgp_keys"`

	// Turns on verification functionality
	RequireVerification bool `json:"require_verification"`

	// Specifies the number of shares to split the unseal key into.
	SecretShares int32 `json:"secret_shares"`

	// Specifies the number of shares required to reconstruct the unseal key. This must be less than or equal secret_shares. If using Vault HSM with auto-unsealing, this value must be the same as secret_shares.
	SecretThreshold int32 `json:"secret_threshold"`
}

WriteRekeyInitRequest struct for WriteRekeyInitRequest

func NewWriteRekeyInitRequestWithDefaults ¶ 

func NewWriteRekeyInitRequestWithDefaults() *WriteRekeyInitRequest

NewWriteRekeyInitRequestWithDefaults instantiates a new WriteRekeyInitRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (WriteRekeyInitRequest) MarshalJSON ¶ 

func (o WriteRekeyInitRequest) MarshalJSON() ([]byte, error)

type WriteRekeyUpdateRequest ¶ 

type WriteRekeyUpdateRequest struct {
	// Specifies a single unseal key share.
	Key string `json:"key"`

	// Specifies the nonce of the rekey attempt.
	Nonce string `json:"nonce"`
}

WriteRekeyUpdateRequest struct for WriteRekeyUpdateRequest

func NewWriteRekeyUpdateRequestWithDefaults ¶ 

func NewWriteRekeyUpdateRequestWithDefaults() *WriteRekeyUpdateRequest

NewWriteRekeyUpdateRequestWithDefaults instantiates a new WriteRekeyUpdateRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (WriteRekeyUpdateRequest) MarshalJSON ¶ 

func (o WriteRekeyUpdateRequest) MarshalJSON() ([]byte, error)

type WriteRekeyVerifyRequest ¶ 

type WriteRekeyVerifyRequest struct {
	// Specifies a single unseal share key from the new set of shares.
	Key string `json:"key"`

	// Specifies the nonce of the rekey verification operation.
	Nonce string `json:"nonce"`
}

WriteRekeyVerifyRequest struct for WriteRekeyVerifyRequest

func NewWriteRekeyVerifyRequestWithDefaults ¶ 

func NewWriteRekeyVerifyRequestWithDefaults() *WriteRekeyVerifyRequest

NewWriteRekeyVerifyRequestWithDefaults instantiates a new WriteRekeyVerifyRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (WriteRekeyVerifyRequest) MarshalJSON ¶ 

func (o WriteRekeyVerifyRequest) MarshalJSON() ([]byte, error)

type WriteRotateConfigRequest ¶ 

type WriteRotateConfigRequest struct {
	// Whether automatic rotation is enabled.
	Enabled bool `json:"enabled"`

	// How long after installation of an active key term that the key will be automatically rotated.
	Interval int32 `json:"interval"`

	// The number of encryption operations performed before the barrier key is automatically rotated.
	MaxOperations int64 `json:"max_operations"`
}

WriteRotateConfigRequest struct for WriteRotateConfigRequest

func NewWriteRotateConfigRequestWithDefaults ¶ 

func NewWriteRotateConfigRequestWithDefaults() *WriteRotateConfigRequest

NewWriteRotateConfigRequestWithDefaults instantiates a new WriteRotateConfigRequest object This constructor will only assign default values to properties that have it defined, but it doesn't guarantee that properties required by API are set

func (WriteRotateConfigRequest) MarshalJSON ¶ 

func (o WriteRotateConfigRequest) MarshalJSON() ([]byte, error)

Source Files ¶

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.