vault

package
v3.0.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 9, 2020 License: Apache-2.0 Imports: 6 Imported by: 0

Documentation

Overview

A Pulumi package for creating and managing vault cloud resources.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Audit 

type Audit struct {
	pulumi.CustomResourceState

	// Human-friendly description of the audit device.
	Description pulumi.StringPtrOutput `pulumi:"description"`
	// Configuration options to pass to the audit device itself.
	Options pulumi.StringMapOutput `pulumi:"options"`
	// The path to mount the audit device. This defaults to the type.
	Path pulumi.StringOutput `pulumi:"path"`
	// Type of the audit device, such as 'file'.
	Type pulumi.StringOutput `pulumi:"type"`
}

## Example Usage ### File Audit Device)

```go package main

import ( 

"github.com/pulumi/pulumi-vault/sdk/v3/go/vault"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := vault.NewAudit(ctx, "test", &vault.AuditArgs{
			Options: pulumi.StringMap{
				"file_path": pulumi.String("C:/temp/audit.txt"),
			},
			Type: pulumi.String("file"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Socket Audit Device)

```go package main

import ( 

"github.com/pulumi/pulumi-vault/sdk/v3/go/vault"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := vault.NewAudit(ctx, "test", &vault.AuditArgs{
			Options: pulumi.StringMap{
				"address":     pulumi.String("127.0.0.1:8000"),
				"description": pulumi.String("application x socket"),
				"socket_type": pulumi.String("tcp"),
			},
			Path: pulumi.String("app_socket"),
			Type: pulumi.String("socket"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

func GetAudit 

func GetAudit(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AuditState, opts ...pulumi.ResourceOption) (*Audit, error)

GetAudit gets an existing Audit resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAudit 

func NewAudit(ctx *pulumi.Context,
	name string, args *AuditArgs, opts ...pulumi.ResourceOption) (*Audit, error)

NewAudit registers a new resource with the given unique name, arguments, and options.

type AuditArgs 

type AuditArgs struct {
	// Human-friendly description of the audit device.
	Description pulumi.StringPtrInput
	// Configuration options to pass to the audit device itself.
	Options pulumi.StringMapInput
	// The path to mount the audit device. This defaults to the type.
	Path pulumi.StringPtrInput
	// Type of the audit device, such as 'file'.
	Type pulumi.StringInput
}

The set of arguments for constructing a Audit resource.

func (AuditArgs) ElementType 

func (AuditArgs) ElementType() reflect.Type

type AuditState 

type AuditState struct {
	// Human-friendly description of the audit device.
	Description pulumi.StringPtrInput
	// Configuration options to pass to the audit device itself.
	Options pulumi.StringMapInput
	// The path to mount the audit device. This defaults to the type.
	Path pulumi.StringPtrInput
	// Type of the audit device, such as 'file'.
	Type pulumi.StringPtrInput
}

func (AuditState) ElementType 

func (AuditState) ElementType() reflect.Type

type AuthBackend 

type AuthBackend struct {
	pulumi.CustomResourceState

	// The accessor for this auth method
	Accessor pulumi.StringOutput `pulumi:"accessor"`
	// (Optional; Deprecated, use `tune.default_lease_ttl` if you are using Vault provider version >= 1.8) The default lease duration in seconds.
	//
	// Deprecated: Use the tune configuration block to avoid forcing creation of new resource on an update
	DefaultLeaseTtlSeconds pulumi.IntOutput `pulumi:"defaultLeaseTtlSeconds"`
	// A description of the auth method
	Description pulumi.StringPtrOutput `pulumi:"description"`
	// Specifies whether to show this mount in
	// the UI-specific listing endpoint. Valid values are "unauth" or "hidden".
	//
	// Deprecated: Use the tune configuration block to avoid forcing creation of new resource on an update
	ListingVisibility pulumi.StringOutput `pulumi:"listingVisibility"`
	// Specifies if the auth method is local only.
	Local pulumi.BoolPtrOutput `pulumi:"local"`
	// (Optional; Deprecated, use `tune.max_lease_ttl` if you are using Vault provider version >= 1.8) The maximum lease duration in seconds.
	//
	// Deprecated: Use the tune configuration block to avoid forcing creation of new resource on an update
	MaxLeaseTtlSeconds pulumi.IntOutput `pulumi:"maxLeaseTtlSeconds"`
	// The path to mount the auth method — this defaults to the name of the type
	Path pulumi.StringOutput `pulumi:"path"`
	// Extra configuration block. Structure is documented below.
	Tune AuthBackendTuneOutput `pulumi:"tune"`
	// The name of the auth method type
	Type pulumi.StringOutput `pulumi:"type"`
}

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-vault/sdk/v3/go/vault"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := vault.NewAuthBackend(ctx, "example", &vault.AuthBackendArgs{
			Tune: &vault.AuthBackendTuneArgs{
				ListingVisibility: pulumi.String("unauth"),
				MaxLeaseTtl:       pulumi.String("90000s"),
			},
			Type: pulumi.String("github"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

func GetAuthBackend 

func GetAuthBackend(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AuthBackendState, opts ...pulumi.ResourceOption) (*AuthBackend, error)

GetAuthBackend gets an existing AuthBackend resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAuthBackend 

func NewAuthBackend(ctx *pulumi.Context,
	name string, args *AuthBackendArgs, opts ...pulumi.ResourceOption) (*AuthBackend, error)

NewAuthBackend registers a new resource with the given unique name, arguments, and options.

type AuthBackendArgs 

type AuthBackendArgs struct {
	// (Optional; Deprecated, use `tune.default_lease_ttl` if you are using Vault provider version >= 1.8) The default lease duration in seconds.
	//
	// Deprecated: Use the tune configuration block to avoid forcing creation of new resource on an update
	DefaultLeaseTtlSeconds pulumi.IntPtrInput
	// A description of the auth method
	Description pulumi.StringPtrInput
	// Specifies whether to show this mount in
	// the UI-specific listing endpoint. Valid values are "unauth" or "hidden".
	//
	// Deprecated: Use the tune configuration block to avoid forcing creation of new resource on an update
	ListingVisibility pulumi.StringPtrInput
	// Specifies if the auth method is local only.
	Local pulumi.BoolPtrInput
	// (Optional; Deprecated, use `tune.max_lease_ttl` if you are using Vault provider version >= 1.8) The maximum lease duration in seconds.
	//
	// Deprecated: Use the tune configuration block to avoid forcing creation of new resource on an update
	MaxLeaseTtlSeconds pulumi.IntPtrInput
	// The path to mount the auth method — this defaults to the name of the type
	Path pulumi.StringPtrInput
	// Extra configuration block. Structure is documented below.
	Tune AuthBackendTunePtrInput
	// The name of the auth method type
	Type pulumi.StringInput
}

The set of arguments for constructing a AuthBackend resource.

func (AuthBackendArgs) ElementType 

func (AuthBackendArgs) ElementType() reflect.Type

type AuthBackendState 

type AuthBackendState struct {
	// The accessor for this auth method
	Accessor pulumi.StringPtrInput
	// (Optional; Deprecated, use `tune.default_lease_ttl` if you are using Vault provider version >= 1.8) The default lease duration in seconds.
	//
	// Deprecated: Use the tune configuration block to avoid forcing creation of new resource on an update
	DefaultLeaseTtlSeconds pulumi.IntPtrInput
	// A description of the auth method
	Description pulumi.StringPtrInput
	// Specifies whether to show this mount in
	// the UI-specific listing endpoint. Valid values are "unauth" or "hidden".
	//
	// Deprecated: Use the tune configuration block to avoid forcing creation of new resource on an update
	ListingVisibility pulumi.StringPtrInput
	// Specifies if the auth method is local only.
	Local pulumi.BoolPtrInput
	// (Optional; Deprecated, use `tune.max_lease_ttl` if you are using Vault provider version >= 1.8) The maximum lease duration in seconds.
	//
	// Deprecated: Use the tune configuration block to avoid forcing creation of new resource on an update
	MaxLeaseTtlSeconds pulumi.IntPtrInput
	// The path to mount the auth method — this defaults to the name of the type
	Path pulumi.StringPtrInput
	// Extra configuration block. Structure is documented below.
	Tune AuthBackendTunePtrInput
	// The name of the auth method type
	Type pulumi.StringPtrInput
}

func (AuthBackendState) ElementType 

func (AuthBackendState) ElementType() reflect.Type

type AuthBackendTune 

type AuthBackendTune struct {
	// List of headers to whitelist and allowing
	// a plugin to include them in the response.
	AllowedResponseHeaders []string `pulumi:"allowedResponseHeaders"`
	// Specifies the list of keys that will
	// not be HMAC'd by audit devices in the request data object.
	AuditNonHmacRequestKeys []string `pulumi:"auditNonHmacRequestKeys"`
	// Specifies the list of keys that will
	// not be HMAC'd by audit devices in the response data object.
	AuditNonHmacResponseKeys []string `pulumi:"auditNonHmacResponseKeys"`
	// Specifies the default time-to-live.
	// If set, this overrides the global default.
	// Must be a valid [duration string](https://golang.org/pkg/time/#ParseDuration)
	DefaultLeaseTtl *string `pulumi:"defaultLeaseTtl"`
	// Specifies whether to show this mount in
	// the UI-specific listing endpoint. Valid values are "unauth" or "hidden".
	ListingVisibility *string `pulumi:"listingVisibility"`
	// Specifies the maximum time-to-live.
	// If set, this overrides the global default.
	// Must be a valid [duration string](https://golang.org/pkg/time/#ParseDuration)
	MaxLeaseTtl *string `pulumi:"maxLeaseTtl"`
	// List of headers to whitelist and
	// pass from the request to the backend.
	PassthroughRequestHeaders []string `pulumi:"passthroughRequestHeaders"`
	// Specifies the type of tokens that should be returned by
	// the mount. Valid values are "default-service", "default-batch", "service", "batch".
	TokenType *string `pulumi:"tokenType"`
}

type AuthBackendTuneArgs 

type AuthBackendTuneArgs struct {
	// List of headers to whitelist and allowing
	// a plugin to include them in the response.
	AllowedResponseHeaders pulumi.StringArrayInput `pulumi:"allowedResponseHeaders"`
	// Specifies the list of keys that will
	// not be HMAC'd by audit devices in the request data object.
	AuditNonHmacRequestKeys pulumi.StringArrayInput `pulumi:"auditNonHmacRequestKeys"`
	// Specifies the list of keys that will
	// not be HMAC'd by audit devices in the response data object.
	AuditNonHmacResponseKeys pulumi.StringArrayInput `pulumi:"auditNonHmacResponseKeys"`
	// Specifies the default time-to-live.
	// If set, this overrides the global default.
	// Must be a valid [duration string](https://golang.org/pkg/time/#ParseDuration)
	DefaultLeaseTtl pulumi.StringPtrInput `pulumi:"defaultLeaseTtl"`
	// Specifies whether to show this mount in
	// the UI-specific listing endpoint. Valid values are "unauth" or "hidden".
	ListingVisibility pulumi.StringPtrInput `pulumi:"listingVisibility"`
	// Specifies the maximum time-to-live.
	// If set, this overrides the global default.
	// Must be a valid [duration string](https://golang.org/pkg/time/#ParseDuration)
	MaxLeaseTtl pulumi.StringPtrInput `pulumi:"maxLeaseTtl"`
	// List of headers to whitelist and
	// pass from the request to the backend.
	PassthroughRequestHeaders pulumi.StringArrayInput `pulumi:"passthroughRequestHeaders"`
	// Specifies the type of tokens that should be returned by
	// the mount. Valid values are "default-service", "default-batch", "service", "batch".
	TokenType pulumi.StringPtrInput `pulumi:"tokenType"`
}

func (AuthBackendTuneArgs) ElementType 

func (AuthBackendTuneArgs) ElementType() reflect.Type

func (AuthBackendTuneArgs) ToAuthBackendTuneOutput 

func (i AuthBackendTuneArgs) ToAuthBackendTuneOutput() AuthBackendTuneOutput

func (AuthBackendTuneArgs) ToAuthBackendTuneOutputWithContext 

func (i AuthBackendTuneArgs) ToAuthBackendTuneOutputWithContext(ctx context.Context) AuthBackendTuneOutput

func (AuthBackendTuneArgs) ToAuthBackendTunePtrOutput 

func (i AuthBackendTuneArgs) ToAuthBackendTunePtrOutput() AuthBackendTunePtrOutput

func (AuthBackendTuneArgs) ToAuthBackendTunePtrOutputWithContext 

func (i AuthBackendTuneArgs) ToAuthBackendTunePtrOutputWithContext(ctx context.Context) AuthBackendTunePtrOutput

type AuthBackendTuneInput 

type AuthBackendTuneInput interface {
	pulumi.Input

	ToAuthBackendTuneOutput() AuthBackendTuneOutput
	ToAuthBackendTuneOutputWithContext(context.Context) AuthBackendTuneOutput
}

AuthBackendTuneInput is an input type that accepts AuthBackendTuneArgs and AuthBackendTuneOutput values. You can construct a concrete instance of `AuthBackendTuneInput` via: 

AuthBackendTuneArgs{...}

type AuthBackendTuneOutput 

type AuthBackendTuneOutput struct{ *pulumi.OutputState }

func (AuthBackendTuneOutput) AllowedResponseHeaders 

func (o AuthBackendTuneOutput) AllowedResponseHeaders() pulumi.StringArrayOutput

List of headers to whitelist and allowing a plugin to include them in the response.

func (AuthBackendTuneOutput) AuditNonHmacRequestKeys 

func (o AuthBackendTuneOutput) AuditNonHmacRequestKeys() pulumi.StringArrayOutput

Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.

func (AuthBackendTuneOutput) AuditNonHmacResponseKeys 

func (o AuthBackendTuneOutput) AuditNonHmacResponseKeys() pulumi.StringArrayOutput

Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.

func (AuthBackendTuneOutput) DefaultLeaseTtl 

func (o AuthBackendTuneOutput) DefaultLeaseTtl() pulumi.StringPtrOutput

Specifies the default time-to-live. If set, this overrides the global default. Must be a valid [duration string](https://golang.org/pkg/time/#ParseDuration)

func (AuthBackendTuneOutput) ElementType 

func (AuthBackendTuneOutput) ElementType() reflect.Type

func (AuthBackendTuneOutput) ListingVisibility 

func (o AuthBackendTuneOutput) ListingVisibility() pulumi.StringPtrOutput

Specifies whether to show this mount in the UI-specific listing endpoint. Valid values are "unauth" or "hidden".

func (AuthBackendTuneOutput) MaxLeaseTtl 

func (o AuthBackendTuneOutput) MaxLeaseTtl() pulumi.StringPtrOutput

Specifies the maximum time-to-live. If set, this overrides the global default. Must be a valid [duration string](https://golang.org/pkg/time/#ParseDuration)

func (AuthBackendTuneOutput) PassthroughRequestHeaders 

func (o AuthBackendTuneOutput) PassthroughRequestHeaders() pulumi.StringArrayOutput

List of headers to whitelist and pass from the request to the backend.

func (AuthBackendTuneOutput) ToAuthBackendTuneOutput 

func (o AuthBackendTuneOutput) ToAuthBackendTuneOutput() AuthBackendTuneOutput

func (AuthBackendTuneOutput) ToAuthBackendTuneOutputWithContext 

func (o AuthBackendTuneOutput) ToAuthBackendTuneOutputWithContext(ctx context.Context) AuthBackendTuneOutput

func (AuthBackendTuneOutput) ToAuthBackendTunePtrOutput 

func (o AuthBackendTuneOutput) ToAuthBackendTunePtrOutput() AuthBackendTunePtrOutput

func (AuthBackendTuneOutput) ToAuthBackendTunePtrOutputWithContext 

func (o AuthBackendTuneOutput) ToAuthBackendTunePtrOutputWithContext(ctx context.Context) AuthBackendTunePtrOutput

func (AuthBackendTuneOutput) TokenType 

func (o AuthBackendTuneOutput) TokenType() pulumi.StringPtrOutput

Specifies the type of tokens that should be returned by the mount. Valid values are "default-service", "default-batch", "service", "batch".

type AuthBackendTunePtrInput 

type AuthBackendTunePtrInput interface {
	pulumi.Input

	ToAuthBackendTunePtrOutput() AuthBackendTunePtrOutput
	ToAuthBackendTunePtrOutputWithContext(context.Context) AuthBackendTunePtrOutput
}

AuthBackendTunePtrInput is an input type that accepts AuthBackendTuneArgs, AuthBackendTunePtr and AuthBackendTunePtrOutput values. You can construct a concrete instance of `AuthBackendTunePtrInput` via: 

        AuthBackendTuneArgs{...}

or:

        nil

func AuthBackendTunePtr 

func AuthBackendTunePtr(v *AuthBackendTuneArgs) AuthBackendTunePtrInput

type AuthBackendTunePtrOutput 

type AuthBackendTunePtrOutput struct{ *pulumi.OutputState }

func (AuthBackendTunePtrOutput) AllowedResponseHeaders 

func (o AuthBackendTunePtrOutput) AllowedResponseHeaders() pulumi.StringArrayOutput

List of headers to whitelist and allowing a plugin to include them in the response.

func (AuthBackendTunePtrOutput) AuditNonHmacRequestKeys 

func (o AuthBackendTunePtrOutput) AuditNonHmacRequestKeys() pulumi.StringArrayOutput

Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.

func (AuthBackendTunePtrOutput) AuditNonHmacResponseKeys 

func (o AuthBackendTunePtrOutput) AuditNonHmacResponseKeys() pulumi.StringArrayOutput

Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.

func (AuthBackendTunePtrOutput) DefaultLeaseTtl 

func (o AuthBackendTunePtrOutput) DefaultLeaseTtl() pulumi.StringPtrOutput

Specifies the default time-to-live. If set, this overrides the global default. Must be a valid [duration string](https://golang.org/pkg/time/#ParseDuration)

func (AuthBackendTunePtrOutput) Elem 

func (o AuthBackendTunePtrOutput) Elem() AuthBackendTuneOutput

func (AuthBackendTunePtrOutput) ElementType 

func (AuthBackendTunePtrOutput) ElementType() reflect.Type

func (AuthBackendTunePtrOutput) ListingVisibility 

func (o AuthBackendTunePtrOutput) ListingVisibility() pulumi.StringPtrOutput

Specifies whether to show this mount in the UI-specific listing endpoint. Valid values are "unauth" or "hidden".

func (AuthBackendTunePtrOutput) MaxLeaseTtl 

func (o AuthBackendTunePtrOutput) MaxLeaseTtl() pulumi.StringPtrOutput

Specifies the maximum time-to-live. If set, this overrides the global default. Must be a valid [duration string](https://golang.org/pkg/time/#ParseDuration)

func (AuthBackendTunePtrOutput) PassthroughRequestHeaders 

func (o AuthBackendTunePtrOutput) PassthroughRequestHeaders() pulumi.StringArrayOutput

List of headers to whitelist and pass from the request to the backend.

func (AuthBackendTunePtrOutput) ToAuthBackendTunePtrOutput 

func (o AuthBackendTunePtrOutput) ToAuthBackendTunePtrOutput() AuthBackendTunePtrOutput

func (AuthBackendTunePtrOutput) ToAuthBackendTunePtrOutputWithContext 

func (o AuthBackendTunePtrOutput) ToAuthBackendTunePtrOutputWithContext(ctx context.Context) AuthBackendTunePtrOutput

func (AuthBackendTunePtrOutput) TokenType 

func (o AuthBackendTunePtrOutput) TokenType() pulumi.StringPtrOutput

Specifies the type of tokens that should be returned by the mount. Valid values are "default-service", "default-batch", "service", "batch".

type CertAuthBackendRole 

type CertAuthBackendRole struct {
	pulumi.CustomResourceState

	// Allowed the common names for authenticated client certificates
	AllowedCommonNames pulumi.StringArrayOutput `pulumi:"allowedCommonNames"`
	// Allowed alternative dns names for authenticated client certificates
	AllowedDnsSans pulumi.StringArrayOutput `pulumi:"allowedDnsSans"`
	// Allowed emails for authenticated client certificates
	AllowedEmailSans pulumi.StringArrayOutput `pulumi:"allowedEmailSans"`
	// Allowed subject names for authenticated client certificates
	AllowedNames pulumi.StringArrayOutput `pulumi:"allowedNames"`
	// Allowed organization units for authenticated client certificates
	AllowedOrganizationUnits pulumi.StringArrayOutput `pulumi:"allowedOrganizationUnits"`
	// Allowed URIs for authenticated client certificates
	AllowedUriSans pulumi.StringArrayOutput `pulumi:"allowedUriSans"`
	// Path to the mounted Cert auth backend
	Backend pulumi.StringPtrOutput `pulumi:"backend"`
	// Restriction usage of the
	// certificates to client IPs falling within the range of the specified CIDRs
	//
	// Deprecated: use `token_bound_cidrs` instead if you are running Vault >= 1.2
	BoundCidrs pulumi.StringArrayOutput `pulumi:"boundCidrs"`
	// CA certificate used to validate client certificates
	Certificate pulumi.StringOutput `pulumi:"certificate"`
	// The name to display on tokens issued under this role.
	DisplayName pulumi.StringOutput `pulumi:"displayName"`
	// The maximum allowed lifetime of tokens
	// issued using this role, provided as a number of seconds.
	//
	// Deprecated: use `token_max_ttl` instead if you are running Vault >= 1.2
	MaxTtl pulumi.StringOutput `pulumi:"maxTtl"`
	// Name of the role
	Name pulumi.StringOutput `pulumi:"name"`
	// If set, indicates that the
	// token generated using this role should never expire. The token should be renewed within the
	// duration specified by this value. At each renewal, the token's TTL will be set to the
	// value of this field. Specified in seconds.
	//
	// Deprecated: use `token_period` instead if you are running Vault >= 1.2
	Period pulumi.StringOutput `pulumi:"period"`
	// An array of strings
	// specifying the policies to be set on tokens issued using this role.
	//
	// Deprecated: use `token_policies` instead if you are running Vault >= 1.2
	Policies pulumi.StringArrayOutput `pulumi:"policies"`
	// TLS extensions required on client certificates
	RequiredExtensions pulumi.StringArrayOutput `pulumi:"requiredExtensions"`
	// List of CIDR blocks; if set, specifies blocks of IP
	// addresses which can authenticate successfully, and ties the resulting token to these blocks
	// as well.
	TokenBoundCidrs pulumi.StringArrayOutput `pulumi:"tokenBoundCidrs"`
	// If set, will encode an
	// [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
	// onto the token in number of seconds. This is a hard cap even if `tokenTtl` and
	// `tokenMaxTtl` would otherwise allow a renewal.
	TokenExplicitMaxTtl pulumi.IntPtrOutput `pulumi:"tokenExplicitMaxTtl"`
	// The maximum lifetime for generated tokens in number of seconds.
	// Its current value will be referenced at renewal time.
	TokenMaxTtl pulumi.IntPtrOutput `pulumi:"tokenMaxTtl"`
	// If set, the default policy will not be set on
	// generated tokens; otherwise it will be added to the policies set in token_policies.
	TokenNoDefaultPolicy pulumi.BoolPtrOutput `pulumi:"tokenNoDefaultPolicy"`
	// The
	// [period](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls),
	// if any, in number of seconds to set on the token.
	TokenNumUses pulumi.IntPtrOutput `pulumi:"tokenNumUses"`
	// If set, indicates that the
	// token generated using this role should never expire. The token should be renewed within the
	// duration specified by this value. At each renewal, the token's TTL will be set to the
	// value of this field. Specified in seconds.
	TokenPeriod pulumi.IntPtrOutput `pulumi:"tokenPeriod"`
	// List of policies to encode onto generated tokens. Depending
	// on the auth method, this list may be supplemented by user/group/other values.
	TokenPolicies pulumi.StringArrayOutput `pulumi:"tokenPolicies"`
	// The incremental lifetime for generated tokens in number of seconds.
	// Its current value will be referenced at renewal time.
	TokenTtl pulumi.IntPtrOutput `pulumi:"tokenTtl"`
	// The type of token that should be generated. Can be `service`,
	// `batch`, or `default` to use the mount's tuned default (which unless changed will be
	// `service` tokens). For token store roles, there are two additional possibilities:
	// `default-service` and `default-batch` which specify the type to return unless the client
	// requests a different type at generation time.
	TokenType pulumi.StringPtrOutput `pulumi:"tokenType"`
	// The TTL period of tokens issued
	// using this role, provided as a number of seconds.
	//
	// Deprecated: use `token_ttl` instead if you are running Vault >= 1.2
	Ttl pulumi.StringOutput `pulumi:"ttl"`
}

Provides a resource to create a role in an [Cert auth backend within Vault](https://www.vaultproject.io/docs/auth/cert.html).

func GetCertAuthBackendRole 

func GetCertAuthBackendRole(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *CertAuthBackendRoleState, opts ...pulumi.ResourceOption) (*CertAuthBackendRole, error)

GetCertAuthBackendRole gets an existing CertAuthBackendRole resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewCertAuthBackendRole 

func NewCertAuthBackendRole(ctx *pulumi.Context,
	name string, args *CertAuthBackendRoleArgs, opts ...pulumi.ResourceOption) (*CertAuthBackendRole, error)

NewCertAuthBackendRole registers a new resource with the given unique name, arguments, and options.

type CertAuthBackendRoleArgs 

type CertAuthBackendRoleArgs struct {
	// Allowed the common names for authenticated client certificates
	AllowedCommonNames pulumi.StringArrayInput
	// Allowed alternative dns names for authenticated client certificates
	AllowedDnsSans pulumi.StringArrayInput
	// Allowed emails for authenticated client certificates
	AllowedEmailSans pulumi.StringArrayInput
	// Allowed subject names for authenticated client certificates
	AllowedNames pulumi.StringArrayInput
	// Allowed organization units for authenticated client certificates
	AllowedOrganizationUnits pulumi.StringArrayInput
	// Allowed URIs for authenticated client certificates
	AllowedUriSans pulumi.StringArrayInput
	// Path to the mounted Cert auth backend
	Backend pulumi.StringPtrInput
	// Restriction usage of the
	// certificates to client IPs falling within the range of the specified CIDRs
	//
	// Deprecated: use `token_bound_cidrs` instead if you are running Vault >= 1.2
	BoundCidrs pulumi.StringArrayInput
	// CA certificate used to validate client certificates
	Certificate pulumi.StringInput
	// The name to display on tokens issued under this role.
	DisplayName pulumi.StringPtrInput
	// The maximum allowed lifetime of tokens
	// issued using this role, provided as a number of seconds.
	//
	// Deprecated: use `token_max_ttl` instead if you are running Vault >= 1.2
	MaxTtl pulumi.StringPtrInput
	// Name of the role
	Name pulumi.StringPtrInput
	// If set, indicates that the
	// token generated using this role should never expire. The token should be renewed within the
	// duration specified by this value. At each renewal, the token's TTL will be set to the
	// value of this field. Specified in seconds.
	//
	// Deprecated: use `token_period` instead if you are running Vault >= 1.2
	Period pulumi.StringPtrInput
	// An array of strings
	// specifying the policies to be set on tokens issued using this role.
	//
	// Deprecated: use `token_policies` instead if you are running Vault >= 1.2
	Policies pulumi.StringArrayInput
	// TLS extensions required on client certificates
	RequiredExtensions pulumi.StringArrayInput
	// List of CIDR blocks; if set, specifies blocks of IP
	// addresses which can authenticate successfully, and ties the resulting token to these blocks
	// as well.
	TokenBoundCidrs pulumi.StringArrayInput
	// If set, will encode an
	// [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
	// onto the token in number of seconds. This is a hard cap even if `tokenTtl` and
	// `tokenMaxTtl` would otherwise allow a renewal.
	TokenExplicitMaxTtl pulumi.IntPtrInput
	// The maximum lifetime for generated tokens in number of seconds.
	// Its current value will be referenced at renewal time.
	TokenMaxTtl pulumi.IntPtrInput
	// If set, the default policy will not be set on
	// generated tokens; otherwise it will be added to the policies set in token_policies.
	TokenNoDefaultPolicy pulumi.BoolPtrInput
	// The
	// [period](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls),
	// if any, in number of seconds to set on the token.
	TokenNumUses pulumi.IntPtrInput
	// If set, indicates that the
	// token generated using this role should never expire. The token should be renewed within the
	// duration specified by this value. At each renewal, the token's TTL will be set to the
	// value of this field. Specified in seconds.
	TokenPeriod pulumi.IntPtrInput
	// List of policies to encode onto generated tokens. Depending
	// on the auth method, this list may be supplemented by user/group/other values.
	TokenPolicies pulumi.StringArrayInput
	// The incremental lifetime for generated tokens in number of seconds.
	// Its current value will be referenced at renewal time.
	TokenTtl pulumi.IntPtrInput
	// The type of token that should be generated. Can be `service`,
	// `batch`, or `default` to use the mount's tuned default (which unless changed will be
	// `service` tokens). For token store roles, there are two additional possibilities:
	// `default-service` and `default-batch` which specify the type to return unless the client
	// requests a different type at generation time.
	TokenType pulumi.StringPtrInput
	// The TTL period of tokens issued
	// using this role, provided as a number of seconds.
	//
	// Deprecated: use `token_ttl` instead if you are running Vault >= 1.2
	Ttl pulumi.StringPtrInput
}

The set of arguments for constructing a CertAuthBackendRole resource.

func (CertAuthBackendRoleArgs) ElementType 

func (CertAuthBackendRoleArgs) ElementType() reflect.Type

type CertAuthBackendRoleState 

type CertAuthBackendRoleState struct {
	// Allowed the common names for authenticated client certificates
	AllowedCommonNames pulumi.StringArrayInput
	// Allowed alternative dns names for authenticated client certificates
	AllowedDnsSans pulumi.StringArrayInput
	// Allowed emails for authenticated client certificates
	AllowedEmailSans pulumi.StringArrayInput
	// Allowed subject names for authenticated client certificates
	AllowedNames pulumi.StringArrayInput
	// Allowed organization units for authenticated client certificates
	AllowedOrganizationUnits pulumi.StringArrayInput
	// Allowed URIs for authenticated client certificates
	AllowedUriSans pulumi.StringArrayInput
	// Path to the mounted Cert auth backend
	Backend pulumi.StringPtrInput
	// Restriction usage of the
	// certificates to client IPs falling within the range of the specified CIDRs
	//
	// Deprecated: use `token_bound_cidrs` instead if you are running Vault >= 1.2
	BoundCidrs pulumi.StringArrayInput
	// CA certificate used to validate client certificates
	Certificate pulumi.StringPtrInput
	// The name to display on tokens issued under this role.
	DisplayName pulumi.StringPtrInput
	// The maximum allowed lifetime of tokens
	// issued using this role, provided as a number of seconds.
	//
	// Deprecated: use `token_max_ttl` instead if you are running Vault >= 1.2
	MaxTtl pulumi.StringPtrInput
	// Name of the role
	Name pulumi.StringPtrInput
	// If set, indicates that the
	// token generated using this role should never expire. The token should be renewed within the
	// duration specified by this value. At each renewal, the token's TTL will be set to the
	// value of this field. Specified in seconds.
	//
	// Deprecated: use `token_period` instead if you are running Vault >= 1.2
	Period pulumi.StringPtrInput
	// An array of strings
	// specifying the policies to be set on tokens issued using this role.
	//
	// Deprecated: use `token_policies` instead if you are running Vault >= 1.2
	Policies pulumi.StringArrayInput
	// TLS extensions required on client certificates
	RequiredExtensions pulumi.StringArrayInput
	// List of CIDR blocks; if set, specifies blocks of IP
	// addresses which can authenticate successfully, and ties the resulting token to these blocks
	// as well.
	TokenBoundCidrs pulumi.StringArrayInput
	// If set, will encode an
	// [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
	// onto the token in number of seconds. This is a hard cap even if `tokenTtl` and
	// `tokenMaxTtl` would otherwise allow a renewal.
	TokenExplicitMaxTtl pulumi.IntPtrInput
	// The maximum lifetime for generated tokens in number of seconds.
	// Its current value will be referenced at renewal time.
	TokenMaxTtl pulumi.IntPtrInput
	// If set, the default policy will not be set on
	// generated tokens; otherwise it will be added to the policies set in token_policies.
	TokenNoDefaultPolicy pulumi.BoolPtrInput
	// The
	// [period](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls),
	// if any, in number of seconds to set on the token.
	TokenNumUses pulumi.IntPtrInput
	// If set, indicates that the
	// token generated using this role should never expire. The token should be renewed within the
	// duration specified by this value. At each renewal, the token's TTL will be set to the
	// value of this field. Specified in seconds.
	TokenPeriod pulumi.IntPtrInput
	// List of policies to encode onto generated tokens. Depending
	// on the auth method, this list may be supplemented by user/group/other values.
	TokenPolicies pulumi.StringArrayInput
	// The incremental lifetime for generated tokens in number of seconds.
	// Its current value will be referenced at renewal time.
	TokenTtl pulumi.IntPtrInput
	// The type of token that should be generated. Can be `service`,
	// `batch`, or `default` to use the mount's tuned default (which unless changed will be
	// `service` tokens). For token store roles, there are two additional possibilities:
	// `default-service` and `default-batch` which specify the type to return unless the client
	// requests a different type at generation time.
	TokenType pulumi.StringPtrInput
	// The TTL period of tokens issued
	// using this role, provided as a number of seconds.
	//
	// Deprecated: use `token_ttl` instead if you are running Vault >= 1.2
	Ttl pulumi.StringPtrInput
}

func (CertAuthBackendRoleState) ElementType 

func (CertAuthBackendRoleState) ElementType() reflect.Type

type EgpPolicy 

type EgpPolicy struct {
	pulumi.CustomResourceState

	// Enforcement level of Sentinel policy. Can be either `advisory` or `soft-mandatory` or `hard-mandatory`
	EnforcementLevel pulumi.StringOutput `pulumi:"enforcementLevel"`
	// The name of the policy
	Name pulumi.StringOutput `pulumi:"name"`
	// List of paths to which the policy will be applied to
	Paths pulumi.StringArrayOutput `pulumi:"paths"`
	// String containing a Sentinel policy
	Policy pulumi.StringOutput `pulumi:"policy"`
}

Provides a resource to manage Endpoint Governing Policy (EGP) via [Sentinel](https://www.vaultproject.io/docs/enterprise/sentinel/index.html).

**Note** this feature is available only with Vault Enterprise.

## Example Usage

```go package main

import ( 

"fmt"

"github.com/pulumi/pulumi-vault/sdk/v3/go/vault"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := vault.NewEgpPolicy(ctx, "allow_all", &vault.EgpPolicyArgs{
			EnforcementLevel: pulumi.String("soft-mandatory"),
			Paths: pulumi.StringArray{
				pulumi.String("*"),
			},
			Policy: pulumi.String(fmt.Sprintf("%v%v%v%v", "main = rule {\n", "  true\n", "}\n", "\n")),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

func GetEgpPolicy 

func GetEgpPolicy(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *EgpPolicyState, opts ...pulumi.ResourceOption) (*EgpPolicy, error)

GetEgpPolicy gets an existing EgpPolicy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewEgpPolicy 

func NewEgpPolicy(ctx *pulumi.Context,
	name string, args *EgpPolicyArgs, opts ...pulumi.ResourceOption) (*EgpPolicy, error)

NewEgpPolicy registers a new resource with the given unique name, arguments, and options.

type EgpPolicyArgs 

type EgpPolicyArgs struct {
	// Enforcement level of Sentinel policy. Can be either `advisory` or `soft-mandatory` or `hard-mandatory`
	EnforcementLevel pulumi.StringInput
	// The name of the policy
	Name pulumi.StringPtrInput
	// List of paths to which the policy will be applied to
	Paths pulumi.StringArrayInput
	// String containing a Sentinel policy
	Policy pulumi.StringInput
}

The set of arguments for constructing a EgpPolicy resource.

func (EgpPolicyArgs) ElementType 

func (EgpPolicyArgs) ElementType() reflect.Type

type EgpPolicyState 

type EgpPolicyState struct {
	// Enforcement level of Sentinel policy. Can be either `advisory` or `soft-mandatory` or `hard-mandatory`
	EnforcementLevel pulumi.StringPtrInput
	// The name of the policy
	Name pulumi.StringPtrInput
	// List of paths to which the policy will be applied to
	Paths pulumi.StringArrayInput
	// String containing a Sentinel policy
	Policy pulumi.StringPtrInput
}

func (EgpPolicyState) ElementType 

func (EgpPolicyState) ElementType() reflect.Type

type GetPolicyDocumentArgs 

type GetPolicyDocumentArgs struct {
	Rules []GetPolicyDocumentRule `pulumi:"rules"`
}

A collection of arguments for invoking getPolicyDocument.

type GetPolicyDocumentResult 

type GetPolicyDocumentResult struct {
	// The above arguments serialized as a standard Vault HCL policy document.
	Hcl string `pulumi:"hcl"`
	// The provider-assigned unique ID for this managed resource.
	Id    string                  `pulumi:"id"`
	Rules []GetPolicyDocumentRule `pulumi:"rules"`
}

A collection of values returned by getPolicyDocument.

func GetPolicyDocument 

func GetPolicyDocument(ctx *pulumi.Context, args *GetPolicyDocumentArgs, opts ...pulumi.InvokeOption) (*GetPolicyDocumentResult, error)

This is a data source which can be used to construct a HCL representation of an Vault policy document, for use with resources which expect policy documents, such as the `Policy` resource.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-vault/sdk/v3/go/vault"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		examplePolicyDocument, err := vault.GetPolicyDocument(ctx, &vault.GetPolicyDocumentArgs{
			Rules: []vault.GetPolicyDocumentRule{
				vault.GetPolicyDocumentRule{
					Capabilities: []string{
						"create",
						"read",
						"update",
						"delete",
						"list",
					},
					Description: "allow all on secrets",
					Path:        "secret/*",
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = vault.NewPolicy(ctx, "examplePolicy", &vault.PolicyArgs{
			Policy: pulumi.String(examplePolicyDocument.Hcl),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

type GetPolicyDocumentRule 

type GetPolicyDocumentRule struct {
	// Whitelists a list of keys and values that are permitted on the given path. See Parameters below.
	AllowedParameters []GetPolicyDocumentRuleAllowedParameter `pulumi:"allowedParameters"`
	// A list of capabilities that this rule apply to `path`. For example, ["read", "write"].
	Capabilities []string `pulumi:"capabilities"`
	// Blacklists a list of parameter and values. Any values specified here take precedence over `allowedParameter`. See Parameters below.
	DeniedParameters []GetPolicyDocumentRuleDeniedParameter `pulumi:"deniedParameters"`
	// Description of the rule. Will be added as a commend to rendered rule.
	Description *string `pulumi:"description"`
	// The maximum allowed TTL that clients can specify for a wrapped response.
	MaxWrappingTtl *string `pulumi:"maxWrappingTtl"`
	// The minimum allowed TTL that clients can specify for a wrapped response.
	MinWrappingTtl *string `pulumi:"minWrappingTtl"`
	// A path in Vault that this rule applies to.
	Path string `pulumi:"path"`
	// A list of parameters that must be specified.
	RequiredParameters []string `pulumi:"requiredParameters"`
}

type GetPolicyDocumentRuleAllowedParameter 

type GetPolicyDocumentRuleAllowedParameter struct {
	// name of permitted or denied parameter.
	Key string `pulumi:"key"`
	// list of values what are permitted or denied by policy rule.
	Values []string `pulumi:"values"`
}

type GetPolicyDocumentRuleAllowedParameterArgs 

type GetPolicyDocumentRuleAllowedParameterArgs struct {
	// name of permitted or denied parameter.
	Key pulumi.StringInput `pulumi:"key"`
	// list of values what are permitted or denied by policy rule.
	Values pulumi.StringArrayInput `pulumi:"values"`
}

func (GetPolicyDocumentRuleAllowedParameterArgs) ElementType 

func (GetPolicyDocumentRuleAllowedParameterArgs) ElementType() reflect.Type

func (GetPolicyDocumentRuleAllowedParameterArgs) ToGetPolicyDocumentRuleAllowedParameterOutput 

func (i GetPolicyDocumentRuleAllowedParameterArgs) ToGetPolicyDocumentRuleAllowedParameterOutput() GetPolicyDocumentRuleAllowedParameterOutput

func (GetPolicyDocumentRuleAllowedParameterArgs) ToGetPolicyDocumentRuleAllowedParameterOutputWithContext 

func (i GetPolicyDocumentRuleAllowedParameterArgs) ToGetPolicyDocumentRuleAllowedParameterOutputWithContext(ctx context.Context) GetPolicyDocumentRuleAllowedParameterOutput

type GetPolicyDocumentRuleAllowedParameterArray 

type GetPolicyDocumentRuleAllowedParameterArray []GetPolicyDocumentRuleAllowedParameterInput

func (GetPolicyDocumentRuleAllowedParameterArray) ElementType 

func (GetPolicyDocumentRuleAllowedParameterArray) ElementType() reflect.Type

func (GetPolicyDocumentRuleAllowedParameterArray) ToGetPolicyDocumentRuleAllowedParameterArrayOutput 

func (i GetPolicyDocumentRuleAllowedParameterArray) ToGetPolicyDocumentRuleAllowedParameterArrayOutput() GetPolicyDocumentRuleAllowedParameterArrayOutput

func (GetPolicyDocumentRuleAllowedParameterArray) ToGetPolicyDocumentRuleAllowedParameterArrayOutputWithContext 

func (i GetPolicyDocumentRuleAllowedParameterArray) ToGetPolicyDocumentRuleAllowedParameterArrayOutputWithContext(ctx context.Context) GetPolicyDocumentRuleAllowedParameterArrayOutput

type GetPolicyDocumentRuleAllowedParameterArrayInput 

type GetPolicyDocumentRuleAllowedParameterArrayInput interface {
	pulumi.Input

	ToGetPolicyDocumentRuleAllowedParameterArrayOutput() GetPolicyDocumentRuleAllowedParameterArrayOutput
	ToGetPolicyDocumentRuleAllowedParameterArrayOutputWithContext(context.Context) GetPolicyDocumentRuleAllowedParameterArrayOutput
}

GetPolicyDocumentRuleAllowedParameterArrayInput is an input type that accepts GetPolicyDocumentRuleAllowedParameterArray and GetPolicyDocumentRuleAllowedParameterArrayOutput values. You can construct a concrete instance of `GetPolicyDocumentRuleAllowedParameterArrayInput` via: 

GetPolicyDocumentRuleAllowedParameterArray{ GetPolicyDocumentRuleAllowedParameterArgs{...} }

type GetPolicyDocumentRuleAllowedParameterArrayOutput 

type GetPolicyDocumentRuleAllowedParameterArrayOutput struct{ *pulumi.OutputState }

func (GetPolicyDocumentRuleAllowedParameterArrayOutput) ElementType 

func (GetPolicyDocumentRuleAllowedParameterArrayOutput) ElementType() reflect.Type

func (GetPolicyDocumentRuleAllowedParameterArrayOutput) Index 

func (o GetPolicyDocumentRuleAllowedParameterArrayOutput) Index(i pulumi.IntInput) GetPolicyDocumentRuleAllowedParameterOutput

func (GetPolicyDocumentRuleAllowedParameterArrayOutput) ToGetPolicyDocumentRuleAllowedParameterArrayOutput 

func (o GetPolicyDocumentRuleAllowedParameterArrayOutput) ToGetPolicyDocumentRuleAllowedParameterArrayOutput() GetPolicyDocumentRuleAllowedParameterArrayOutput

func (GetPolicyDocumentRuleAllowedParameterArrayOutput) ToGetPolicyDocumentRuleAllowedParameterArrayOutputWithContext 

func (o GetPolicyDocumentRuleAllowedParameterArrayOutput) ToGetPolicyDocumentRuleAllowedParameterArrayOutputWithContext(ctx context.Context) GetPolicyDocumentRuleAllowedParameterArrayOutput

type GetPolicyDocumentRuleAllowedParameterInput 

type GetPolicyDocumentRuleAllowedParameterInput interface {
	pulumi.Input

	ToGetPolicyDocumentRuleAllowedParameterOutput() GetPolicyDocumentRuleAllowedParameterOutput
	ToGetPolicyDocumentRuleAllowedParameterOutputWithContext(context.Context) GetPolicyDocumentRuleAllowedParameterOutput
}

GetPolicyDocumentRuleAllowedParameterInput is an input type that accepts GetPolicyDocumentRuleAllowedParameterArgs and GetPolicyDocumentRuleAllowedParameterOutput values. You can construct a concrete instance of `GetPolicyDocumentRuleAllowedParameterInput` via: 

GetPolicyDocumentRuleAllowedParameterArgs{...}

type GetPolicyDocumentRuleAllowedParameterOutput 

type GetPolicyDocumentRuleAllowedParameterOutput struct{ *pulumi.OutputState }

func (GetPolicyDocumentRuleAllowedParameterOutput) ElementType 

func (GetPolicyDocumentRuleAllowedParameterOutput) ElementType() reflect.Type

func (GetPolicyDocumentRuleAllowedParameterOutput) Key 

func (o GetPolicyDocumentRuleAllowedParameterOutput) Key() pulumi.StringOutput

name of permitted or denied parameter.

func (GetPolicyDocumentRuleAllowedParameterOutput) ToGetPolicyDocumentRuleAllowedParameterOutput 

func (o GetPolicyDocumentRuleAllowedParameterOutput) ToGetPolicyDocumentRuleAllowedParameterOutput() GetPolicyDocumentRuleAllowedParameterOutput

func (GetPolicyDocumentRuleAllowedParameterOutput) ToGetPolicyDocumentRuleAllowedParameterOutputWithContext 

func (o GetPolicyDocumentRuleAllowedParameterOutput) ToGetPolicyDocumentRuleAllowedParameterOutputWithContext(ctx context.Context) GetPolicyDocumentRuleAllowedParameterOutput

func (GetPolicyDocumentRuleAllowedParameterOutput) Values 

func (o GetPolicyDocumentRuleAllowedParameterOutput) Values() pulumi.StringArrayOutput

list of values what are permitted or denied by policy rule.

type GetPolicyDocumentRuleArgs 

type GetPolicyDocumentRuleArgs struct {
	// Whitelists a list of keys and values that are permitted on the given path. See Parameters below.
	AllowedParameters GetPolicyDocumentRuleAllowedParameterArrayInput `pulumi:"allowedParameters"`
	// A list of capabilities that this rule apply to `path`. For example, ["read", "write"].
	Capabilities pulumi.StringArrayInput `pulumi:"capabilities"`
	// Blacklists a list of parameter and values. Any values specified here take precedence over `allowedParameter`. See Parameters below.
	DeniedParameters GetPolicyDocumentRuleDeniedParameterArrayInput `pulumi:"deniedParameters"`
	// Description of the rule. Will be added as a commend to rendered rule.
	Description pulumi.StringPtrInput `pulumi:"description"`
	// The maximum allowed TTL that clients can specify for a wrapped response.
	MaxWrappingTtl pulumi.StringPtrInput `pulumi:"maxWrappingTtl"`
	// The minimum allowed TTL that clients can specify for a wrapped response.
	MinWrappingTtl pulumi.StringPtrInput `pulumi:"minWrappingTtl"`
	// A path in Vault that this rule applies to.
	Path pulumi.StringInput `pulumi:"path"`
	// A list of parameters that must be specified.
	RequiredParameters pulumi.StringArrayInput `pulumi:"requiredParameters"`
}

func (GetPolicyDocumentRuleArgs) ElementType 

func (GetPolicyDocumentRuleArgs) ElementType() reflect.Type

func (GetPolicyDocumentRuleArgs) ToGetPolicyDocumentRuleOutput 

func (i GetPolicyDocumentRuleArgs) ToGetPolicyDocumentRuleOutput() GetPolicyDocumentRuleOutput

func (GetPolicyDocumentRuleArgs) ToGetPolicyDocumentRuleOutputWithContext 

func (i GetPolicyDocumentRuleArgs) ToGetPolicyDocumentRuleOutputWithContext(ctx context.Context) GetPolicyDocumentRuleOutput

type GetPolicyDocumentRuleArray 

type GetPolicyDocumentRuleArray []GetPolicyDocumentRuleInput

func (GetPolicyDocumentRuleArray) ElementType 

func (GetPolicyDocumentRuleArray) ElementType() reflect.Type

func (GetPolicyDocumentRuleArray) ToGetPolicyDocumentRuleArrayOutput 

func (i GetPolicyDocumentRuleArray) ToGetPolicyDocumentRuleArrayOutput() GetPolicyDocumentRuleArrayOutput

func (GetPolicyDocumentRuleArray) ToGetPolicyDocumentRuleArrayOutputWithContext 

func (i GetPolicyDocumentRuleArray) ToGetPolicyDocumentRuleArrayOutputWithContext(ctx context.Context) GetPolicyDocumentRuleArrayOutput

type GetPolicyDocumentRuleArrayInput 

type GetPolicyDocumentRuleArrayInput interface {
	pulumi.Input

	ToGetPolicyDocumentRuleArrayOutput() GetPolicyDocumentRuleArrayOutput
	ToGetPolicyDocumentRuleArrayOutputWithContext(context.Context) GetPolicyDocumentRuleArrayOutput
}

GetPolicyDocumentRuleArrayInput is an input type that accepts GetPolicyDocumentRuleArray and GetPolicyDocumentRuleArrayOutput values. You can construct a concrete instance of `GetPolicyDocumentRuleArrayInput` via: 

GetPolicyDocumentRuleArray{ GetPolicyDocumentRuleArgs{...} }

type GetPolicyDocumentRuleArrayOutput 

type GetPolicyDocumentRuleArrayOutput struct{ *pulumi.OutputState }

func (GetPolicyDocumentRuleArrayOutput) ElementType 

func (GetPolicyDocumentRuleArrayOutput) ElementType() reflect.Type

func (GetPolicyDocumentRuleArrayOutput) Index 

func (o GetPolicyDocumentRuleArrayOutput) Index(i pulumi.IntInput) GetPolicyDocumentRuleOutput

func (GetPolicyDocumentRuleArrayOutput) ToGetPolicyDocumentRuleArrayOutput 

func (o GetPolicyDocumentRuleArrayOutput) ToGetPolicyDocumentRuleArrayOutput() GetPolicyDocumentRuleArrayOutput

func (GetPolicyDocumentRuleArrayOutput) ToGetPolicyDocumentRuleArrayOutputWithContext 

func (o GetPolicyDocumentRuleArrayOutput) ToGetPolicyDocumentRuleArrayOutputWithContext(ctx context.Context) GetPolicyDocumentRuleArrayOutput

type GetPolicyDocumentRuleDeniedParameter 

type GetPolicyDocumentRuleDeniedParameter struct {
	// name of permitted or denied parameter.
	Key string `pulumi:"key"`
	// list of values what are permitted or denied by policy rule.
	Values []string `pulumi:"values"`
}

type GetPolicyDocumentRuleDeniedParameterArgs 

type GetPolicyDocumentRuleDeniedParameterArgs struct {
	// name of permitted or denied parameter.
	Key pulumi.StringInput `pulumi:"key"`
	// list of values what are permitted or denied by policy rule.
	Values pulumi.StringArrayInput `pulumi:"values"`
}

func (GetPolicyDocumentRuleDeniedParameterArgs) ElementType 

func (GetPolicyDocumentRuleDeniedParameterArgs) ElementType() reflect.Type

func (GetPolicyDocumentRuleDeniedParameterArgs) ToGetPolicyDocumentRuleDeniedParameterOutput 

func (i GetPolicyDocumentRuleDeniedParameterArgs) ToGetPolicyDocumentRuleDeniedParameterOutput() GetPolicyDocumentRuleDeniedParameterOutput

func (GetPolicyDocumentRuleDeniedParameterArgs) ToGetPolicyDocumentRuleDeniedParameterOutputWithContext 

func (i GetPolicyDocumentRuleDeniedParameterArgs) ToGetPolicyDocumentRuleDeniedParameterOutputWithContext(ctx context.Context) GetPolicyDocumentRuleDeniedParameterOutput

type GetPolicyDocumentRuleDeniedParameterArray 

type GetPolicyDocumentRuleDeniedParameterArray []GetPolicyDocumentRuleDeniedParameterInput

func (GetPolicyDocumentRuleDeniedParameterArray) ElementType 

func (GetPolicyDocumentRuleDeniedParameterArray) ElementType() reflect.Type

func (GetPolicyDocumentRuleDeniedParameterArray) ToGetPolicyDocumentRuleDeniedParameterArrayOutput 

func (i GetPolicyDocumentRuleDeniedParameterArray) ToGetPolicyDocumentRuleDeniedParameterArrayOutput() GetPolicyDocumentRuleDeniedParameterArrayOutput

func (GetPolicyDocumentRuleDeniedParameterArray) ToGetPolicyDocumentRuleDeniedParameterArrayOutputWithContext 

func (i GetPolicyDocumentRuleDeniedParameterArray) ToGetPolicyDocumentRuleDeniedParameterArrayOutputWithContext(ctx context.Context) GetPolicyDocumentRuleDeniedParameterArrayOutput

type GetPolicyDocumentRuleDeniedParameterArrayInput 

type GetPolicyDocumentRuleDeniedParameterArrayInput interface {
	pulumi.Input

	ToGetPolicyDocumentRuleDeniedParameterArrayOutput() GetPolicyDocumentRuleDeniedParameterArrayOutput
	ToGetPolicyDocumentRuleDeniedParameterArrayOutputWithContext(context.Context) GetPolicyDocumentRuleDeniedParameterArrayOutput
}

GetPolicyDocumentRuleDeniedParameterArrayInput is an input type that accepts GetPolicyDocumentRuleDeniedParameterArray and GetPolicyDocumentRuleDeniedParameterArrayOutput values. You can construct a concrete instance of `GetPolicyDocumentRuleDeniedParameterArrayInput` via: 

GetPolicyDocumentRuleDeniedParameterArray{ GetPolicyDocumentRuleDeniedParameterArgs{...} }

type GetPolicyDocumentRuleDeniedParameterArrayOutput 

type GetPolicyDocumentRuleDeniedParameterArrayOutput struct{ *pulumi.OutputState }

func (GetPolicyDocumentRuleDeniedParameterArrayOutput) ElementType 

func (GetPolicyDocumentRuleDeniedParameterArrayOutput) ElementType() reflect.Type

func (GetPolicyDocumentRuleDeniedParameterArrayOutput) Index 

func (o GetPolicyDocumentRuleDeniedParameterArrayOutput) Index(i pulumi.IntInput) GetPolicyDocumentRuleDeniedParameterOutput

func (GetPolicyDocumentRuleDeniedParameterArrayOutput) ToGetPolicyDocumentRuleDeniedParameterArrayOutput 

func (o GetPolicyDocumentRuleDeniedParameterArrayOutput) ToGetPolicyDocumentRuleDeniedParameterArrayOutput() GetPolicyDocumentRuleDeniedParameterArrayOutput

func (GetPolicyDocumentRuleDeniedParameterArrayOutput) ToGetPolicyDocumentRuleDeniedParameterArrayOutputWithContext 

func (o GetPolicyDocumentRuleDeniedParameterArrayOutput) ToGetPolicyDocumentRuleDeniedParameterArrayOutputWithContext(ctx context.Context) GetPolicyDocumentRuleDeniedParameterArrayOutput

type GetPolicyDocumentRuleDeniedParameterInput 

type GetPolicyDocumentRuleDeniedParameterInput interface {
	pulumi.Input

	ToGetPolicyDocumentRuleDeniedParameterOutput() GetPolicyDocumentRuleDeniedParameterOutput
	ToGetPolicyDocumentRuleDeniedParameterOutputWithContext(context.Context) GetPolicyDocumentRuleDeniedParameterOutput
}

GetPolicyDocumentRuleDeniedParameterInput is an input type that accepts GetPolicyDocumentRuleDeniedParameterArgs and GetPolicyDocumentRuleDeniedParameterOutput values. You can construct a concrete instance of `GetPolicyDocumentRuleDeniedParameterInput` via: 

GetPolicyDocumentRuleDeniedParameterArgs{...}

type GetPolicyDocumentRuleDeniedParameterOutput 

type GetPolicyDocumentRuleDeniedParameterOutput struct{ *pulumi.OutputState }

func (GetPolicyDocumentRuleDeniedParameterOutput) ElementType 

func (GetPolicyDocumentRuleDeniedParameterOutput) ElementType() reflect.Type

func (GetPolicyDocumentRuleDeniedParameterOutput) Key 

func (o GetPolicyDocumentRuleDeniedParameterOutput) Key() pulumi.StringOutput

name of permitted or denied parameter.

func (GetPolicyDocumentRuleDeniedParameterOutput) ToGetPolicyDocumentRuleDeniedParameterOutput 

func (o GetPolicyDocumentRuleDeniedParameterOutput) ToGetPolicyDocumentRuleDeniedParameterOutput() GetPolicyDocumentRuleDeniedParameterOutput

func (GetPolicyDocumentRuleDeniedParameterOutput) ToGetPolicyDocumentRuleDeniedParameterOutputWithContext 

func (o GetPolicyDocumentRuleDeniedParameterOutput) ToGetPolicyDocumentRuleDeniedParameterOutputWithContext(ctx context.Context) GetPolicyDocumentRuleDeniedParameterOutput

func (GetPolicyDocumentRuleDeniedParameterOutput) Values 

func (o GetPolicyDocumentRuleDeniedParameterOutput) Values() pulumi.StringArrayOutput

list of values what are permitted or denied by policy rule.

type GetPolicyDocumentRuleInput 

type GetPolicyDocumentRuleInput interface {
	pulumi.Input

	ToGetPolicyDocumentRuleOutput() GetPolicyDocumentRuleOutput
	ToGetPolicyDocumentRuleOutputWithContext(context.Context) GetPolicyDocumentRuleOutput
}

GetPolicyDocumentRuleInput is an input type that accepts GetPolicyDocumentRuleArgs and GetPolicyDocumentRuleOutput values. You can construct a concrete instance of `GetPolicyDocumentRuleInput` via: 

GetPolicyDocumentRuleArgs{...}

type GetPolicyDocumentRuleOutput 

type GetPolicyDocumentRuleOutput struct{ *pulumi.OutputState }

func (GetPolicyDocumentRuleOutput) AllowedParameters 

func (o GetPolicyDocumentRuleOutput) AllowedParameters() GetPolicyDocumentRuleAllowedParameterArrayOutput

Whitelists a list of keys and values that are permitted on the given path. See Parameters below.

func (GetPolicyDocumentRuleOutput) Capabilities 

func (o GetPolicyDocumentRuleOutput) Capabilities() pulumi.StringArrayOutput

A list of capabilities that this rule apply to `path`. For example, ["read", "write"].

func (GetPolicyDocumentRuleOutput) DeniedParameters 

func (o GetPolicyDocumentRuleOutput) DeniedParameters() GetPolicyDocumentRuleDeniedParameterArrayOutput

Blacklists a list of parameter and values. Any values specified here take precedence over `allowedParameter`. See Parameters below.

func (GetPolicyDocumentRuleOutput) Description 

func (o GetPolicyDocumentRuleOutput) Description() pulumi.StringPtrOutput

Description of the rule. Will be added as a commend to rendered rule.

func (GetPolicyDocumentRuleOutput) ElementType 

func (GetPolicyDocumentRuleOutput) ElementType() reflect.Type

func (GetPolicyDocumentRuleOutput) MaxWrappingTtl 

func (o GetPolicyDocumentRuleOutput) MaxWrappingTtl() pulumi.StringPtrOutput

The maximum allowed TTL that clients can specify for a wrapped response.

func (GetPolicyDocumentRuleOutput) MinWrappingTtl 

func (o GetPolicyDocumentRuleOutput) MinWrappingTtl() pulumi.StringPtrOutput

The minimum allowed TTL that clients can specify for a wrapped response.

func (GetPolicyDocumentRuleOutput) Path 

func (o GetPolicyDocumentRuleOutput) Path() pulumi.StringOutput

A path in Vault that this rule applies to.

func (GetPolicyDocumentRuleOutput) RequiredParameters 

func (o GetPolicyDocumentRuleOutput) RequiredParameters() pulumi.StringArrayOutput

A list of parameters that must be specified.

func (GetPolicyDocumentRuleOutput) ToGetPolicyDocumentRuleOutput 

func (o GetPolicyDocumentRuleOutput) ToGetPolicyDocumentRuleOutput() GetPolicyDocumentRuleOutput

func (GetPolicyDocumentRuleOutput) ToGetPolicyDocumentRuleOutputWithContext 

func (o GetPolicyDocumentRuleOutput) ToGetPolicyDocumentRuleOutputWithContext(ctx context.Context) GetPolicyDocumentRuleOutput

type LookupAuthBackendArgs 

type LookupAuthBackendArgs struct {
	// The auth backend mount point.
	Path string `pulumi:"path"`
}

A collection of arguments for invoking getAuthBackend.

type LookupAuthBackendResult 

type LookupAuthBackendResult struct {
	// The accessor for this auth method
	Accessor string `pulumi:"accessor"`
	// The default lease duration in seconds.
	DefaultLeaseTtlSeconds int `pulumi:"defaultLeaseTtlSeconds"`
	// A description of the auth method.
	Description string `pulumi:"description"`
	// The provider-assigned unique ID for this managed resource.
	Id string `pulumi:"id"`
	// Speficies whether to show this mount in the UI-specific listing endpoint.
	ListingVisibility string `pulumi:"listingVisibility"`
	// Specifies if the auth method is local only.
	Local bool `pulumi:"local"`
	// The maximum lease duration in seconds.
	MaxLeaseTtlSeconds int    `pulumi:"maxLeaseTtlSeconds"`
	Path               string `pulumi:"path"`
	// The name of the auth method type.
	Type string `pulumi:"type"`
}

A collection of values returned by getAuthBackend.

func LookupAuthBackend 

func LookupAuthBackend(ctx *pulumi.Context, args *LookupAuthBackendArgs, opts ...pulumi.InvokeOption) (*LookupAuthBackendResult, error)

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-vault/sdk/v3/go/vault"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := vault.LookupAuthBackend(ctx, &vault.LookupAuthBackendArgs{
			Path: "userpass",
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

```

type MfaDuo 

type MfaDuo struct {
	pulumi.CustomResourceState

	// `(string: <required>)` - API hostname for Duo.
	ApiHostname pulumi.StringOutput `pulumi:"apiHostname"`
	// `(string: <required>)` - Integration key for Duo.
	IntegrationKey pulumi.StringOutput `pulumi:"integrationKey"`
	// `(string: <required>)` - The mount to tie this method to for use in automatic mappings. The mapping will use the Name field of Aliases associated with this mount as the username in the mapping.
	MountAccessor pulumi.StringOutput `pulumi:"mountAccessor"`
	// `(string: <required>)` – Name of the MFA method.
	Name pulumi.StringOutput `pulumi:"name"`
	// `(string)` - Push information for Duo.
	PushInfo pulumi.StringPtrOutput `pulumi:"pushInfo"`
	// `(string: <required>)` - Secret key for Duo.
	SecretKey pulumi.StringOutput `pulumi:"secretKey"`
	// `(string)` - A format string for mapping Identity names to MFA method names. Values to substitute should be placed in `{{}}`. For example, `"{{alias.name}}@example.com"`. If blank, the Alias's Name field will be used as-is. Currently-supported mappings:
	// - alias.name: The name returned by the mount configured via the `mountAccessor` parameter
	// - entity.name: The name configured for the Entity
	// - alias.metadata.`<key>`: The value of the Alias's metadata parameter
	// - entity.metadata.`<key>`: The value of the Entity's metadata parameter
	UsernameFormat pulumi.StringPtrOutput `pulumi:"usernameFormat"`
}

Provides a resource to manage [Duo MFA](https://www.vaultproject.io/docs/enterprise/mfa/mfa-duo.html).

**Note** this feature is available only with Vault Enterprise.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-vault/sdk/v3/go/vault"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		userpass, err := vault.NewAuthBackend(ctx, "userpass", &vault.AuthBackendArgs{
			Path: pulumi.String("userpass"),
			Type: pulumi.String("userpass"),
		})
		if err != nil {
			return err
		}
		_, err = vault.NewMfaDuo(ctx, "myDuo", &vault.MfaDuoArgs{
			ApiHostname:    pulumi.String("api-2b5c39f5.duosecurity.com"),
			IntegrationKey: pulumi.String("BIACEUEAXI20BNWTEYXT"),
			MountAccessor:  userpass.Accessor,
			SecretKey:      pulumi.String("8C7THtrIigh2rPZQMbguugt8IUftWhMRCOBzbuyz"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

func GetMfaDuo 

func GetMfaDuo(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *MfaDuoState, opts ...pulumi.ResourceOption) (*MfaDuo, error)

GetMfaDuo gets an existing MfaDuo resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewMfaDuo 

func NewMfaDuo(ctx *pulumi.Context,
	name string, args *MfaDuoArgs, opts ...pulumi.ResourceOption) (*MfaDuo, error)

NewMfaDuo registers a new resource with the given unique name, arguments, and options.

type MfaDuoArgs 

type MfaDuoArgs struct {
	// `(string: <required>)` - API hostname for Duo.
	ApiHostname pulumi.StringInput
	// `(string: <required>)` - Integration key for Duo.
	IntegrationKey pulumi.StringInput
	// `(string: <required>)` - The mount to tie this method to for use in automatic mappings. The mapping will use the Name field of Aliases associated with this mount as the username in the mapping.
	MountAccessor pulumi.StringInput
	// `(string: <required>)` – Name of the MFA method.
	Name pulumi.StringPtrInput
	// `(string)` - Push information for Duo.
	PushInfo pulumi.StringPtrInput
	// `(string: <required>)` - Secret key for Duo.
	SecretKey pulumi.StringInput
	// `(string)` - A format string for mapping Identity names to MFA method names. Values to substitute should be placed in `{{}}`. For example, `"{{alias.name}}@example.com"`. If blank, the Alias's Name field will be used as-is. Currently-supported mappings:
	// - alias.name: The name returned by the mount configured via the `mountAccessor` parameter
	// - entity.name: The name configured for the Entity
	// - alias.metadata.`<key>`: The value of the Alias's metadata parameter
	// - entity.metadata.`<key>`: The value of the Entity's metadata parameter
	UsernameFormat pulumi.StringPtrInput
}

The set of arguments for constructing a MfaDuo resource.

func (MfaDuoArgs) ElementType 

func (MfaDuoArgs) ElementType() reflect.Type

type MfaDuoState 

type MfaDuoState struct {
	// `(string: <required>)` - API hostname for Duo.
	ApiHostname pulumi.StringPtrInput
	// `(string: <required>)` - Integration key for Duo.
	IntegrationKey pulumi.StringPtrInput
	// `(string: <required>)` - The mount to tie this method to for use in automatic mappings. The mapping will use the Name field of Aliases associated with this mount as the username in the mapping.
	MountAccessor pulumi.StringPtrInput
	// `(string: <required>)` – Name of the MFA method.
	Name pulumi.StringPtrInput
	// `(string)` - Push information for Duo.
	PushInfo pulumi.StringPtrInput
	// `(string: <required>)` - Secret key for Duo.
	SecretKey pulumi.StringPtrInput
	// `(string)` - A format string for mapping Identity names to MFA method names. Values to substitute should be placed in `{{}}`. For example, `"{{alias.name}}@example.com"`. If blank, the Alias's Name field will be used as-is. Currently-supported mappings:
	// - alias.name: The name returned by the mount configured via the `mountAccessor` parameter
	// - entity.name: The name configured for the Entity
	// - alias.metadata.`<key>`: The value of the Alias's metadata parameter
	// - entity.metadata.`<key>`: The value of the Entity's metadata parameter
	UsernameFormat pulumi.StringPtrInput
}

func (MfaDuoState) ElementType 

func (MfaDuoState) ElementType() reflect.Type

type Mount 

type Mount struct {
	pulumi.CustomResourceState

	// The accessor for this mount.
	Accessor pulumi.StringOutput `pulumi:"accessor"`
	// Default lease duration for tokens and secrets in seconds
	DefaultLeaseTtlSeconds pulumi.IntOutput `pulumi:"defaultLeaseTtlSeconds"`
	// Human-friendly description of the mount
	Description pulumi.StringPtrOutput `pulumi:"description"`
	// Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source
	ExternalEntropyAccess pulumi.BoolPtrOutput `pulumi:"externalEntropyAccess"`
	// Boolean flag that can be explicitly set to true to enforce local mount in HA environment
	Local pulumi.BoolPtrOutput `pulumi:"local"`
	// Maximum possible lease duration for tokens and secrets in seconds
	MaxLeaseTtlSeconds pulumi.IntOutput `pulumi:"maxLeaseTtlSeconds"`
	// Specifies mount type specific options that are passed to the backend
	Options pulumi.MapOutput `pulumi:"options"`
	// Where the secret backend will be mounted
	Path pulumi.StringOutput `pulumi:"path"`
	// Boolean flag that can be explicitly set to true to enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
	SealWrap pulumi.BoolOutput `pulumi:"sealWrap"`
	// Type of the backend, such as "aws"
	Type pulumi.StringOutput `pulumi:"type"`
}

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-vault/sdk/v3/go/vault"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := vault.NewMount(ctx, "example", &vault.MountArgs{
			Description: pulumi.String("This is an example mount"),
			Path:        pulumi.String("dummy"),
			Type:        pulumi.String("generic"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

func GetMount 

func GetMount(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *MountState, opts ...pulumi.ResourceOption) (*Mount, error)

GetMount gets an existing Mount resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewMount 

func NewMount(ctx *pulumi.Context,
	name string, args *MountArgs, opts ...pulumi.ResourceOption) (*Mount, error)

NewMount registers a new resource with the given unique name, arguments, and options.

type MountArgs 

type MountArgs struct {
	// Default lease duration for tokens and secrets in seconds
	DefaultLeaseTtlSeconds pulumi.IntPtrInput
	// Human-friendly description of the mount
	Description pulumi.StringPtrInput
	// Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source
	ExternalEntropyAccess pulumi.BoolPtrInput
	// Boolean flag that can be explicitly set to true to enforce local mount in HA environment
	Local pulumi.BoolPtrInput
	// Maximum possible lease duration for tokens and secrets in seconds
	MaxLeaseTtlSeconds pulumi.IntPtrInput
	// Specifies mount type specific options that are passed to the backend
	Options pulumi.MapInput
	// Where the secret backend will be mounted
	Path pulumi.StringInput
	// Boolean flag that can be explicitly set to true to enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
	SealWrap pulumi.BoolPtrInput
	// Type of the backend, such as "aws"
	Type pulumi.StringInput
}

The set of arguments for constructing a Mount resource.

func (MountArgs) ElementType 

func (MountArgs) ElementType() reflect.Type

type MountState 

type MountState struct {
	// The accessor for this mount.
	Accessor pulumi.StringPtrInput
	// Default lease duration for tokens and secrets in seconds
	DefaultLeaseTtlSeconds pulumi.IntPtrInput
	// Human-friendly description of the mount
	Description pulumi.StringPtrInput
	// Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source
	ExternalEntropyAccess pulumi.BoolPtrInput
	// Boolean flag that can be explicitly set to true to enforce local mount in HA environment
	Local pulumi.BoolPtrInput
	// Maximum possible lease duration for tokens and secrets in seconds
	MaxLeaseTtlSeconds pulumi.IntPtrInput
	// Specifies mount type specific options that are passed to the backend
	Options pulumi.MapInput
	// Where the secret backend will be mounted
	Path pulumi.StringPtrInput
	// Boolean flag that can be explicitly set to true to enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
	SealWrap pulumi.BoolPtrInput
	// Type of the backend, such as "aws"
	Type pulumi.StringPtrInput
}

func (MountState) ElementType 

func (MountState) ElementType() reflect.Type

type Namespace 

type Namespace struct {
	pulumi.CustomResourceState

	// ID of the namepsace.
	NamespaceId pulumi.StringOutput `pulumi:"namespaceId"`
	// The path of the namespace. Must not have a trailing `/`
	Path pulumi.StringOutput `pulumi:"path"`
}

Provides a resource to manage [Namespaces](https://www.vaultproject.io/docs/enterprise/namespaces/index.html).

**Note** this feature is available only with Vault Enterprise.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-vault/sdk/v3/go/vault"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := vault.NewNamespace(ctx, "ns1", &vault.NamespaceArgs{
			Path: pulumi.String("ns1"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

func GetNamespace 

func GetNamespace(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *NamespaceState, opts ...pulumi.ResourceOption) (*Namespace, error)

GetNamespace gets an existing Namespace resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewNamespace 

func NewNamespace(ctx *pulumi.Context,
	name string, args *NamespaceArgs, opts ...pulumi.ResourceOption) (*Namespace, error)

NewNamespace registers a new resource with the given unique name, arguments, and options.

type NamespaceArgs 

type NamespaceArgs struct {
	// The path of the namespace. Must not have a trailing `/`
	Path pulumi.StringInput
}

The set of arguments for constructing a Namespace resource.

func (NamespaceArgs) ElementType 

func (NamespaceArgs) ElementType() reflect.Type

type NamespaceState 

type NamespaceState struct {
	// ID of the namepsace.
	NamespaceId pulumi.StringPtrInput
	// The path of the namespace. Must not have a trailing `/`
	Path pulumi.StringPtrInput
}

func (NamespaceState) ElementType 

func (NamespaceState) ElementType() reflect.Type

type Policy 

type Policy struct {
	pulumi.CustomResourceState

	// The name of the policy
	Name pulumi.StringOutput `pulumi:"name"`
	// String containing a Vault policy
	Policy pulumi.StringOutput `pulumi:"policy"`
}

## Example Usage

```go package main

import ( 

"fmt"

"github.com/pulumi/pulumi-vault/sdk/v3/go/vault"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := vault.NewPolicy(ctx, "example", &vault.PolicyArgs{
			Policy: pulumi.String(fmt.Sprintf("%v%v%v%v", "path \"secret/my_app\" {\n", "  capabilities = [\"update\"]\n", "}\n", "\n")),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

func GetPolicy 

func GetPolicy(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *PolicyState, opts ...pulumi.ResourceOption) (*Policy, error)

GetPolicy gets an existing Policy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewPolicy 

func NewPolicy(ctx *pulumi.Context,
	name string, args *PolicyArgs, opts ...pulumi.ResourceOption) (*Policy, error)

NewPolicy registers a new resource with the given unique name, arguments, and options.

type PolicyArgs 

type PolicyArgs struct {
	// The name of the policy
	Name pulumi.StringPtrInput
	// String containing a Vault policy
	Policy pulumi.StringInput
}

The set of arguments for constructing a Policy resource.

func (PolicyArgs) ElementType 

func (PolicyArgs) ElementType() reflect.Type

type PolicyState 

type PolicyState struct {
	// The name of the policy
	Name pulumi.StringPtrInput
	// String containing a Vault policy
	Policy pulumi.StringPtrInput
}

func (PolicyState) ElementType 

func (PolicyState) ElementType() reflect.Type

type Provider 

type Provider struct {
	pulumi.ProviderResourceState
}

The provider type for the vault package. By default, resources use package-wide configuration settings, however an explicit `Provider` instance may be created and passed during resource construction to achieve fine-grained programmatic control over provider settings. See the [documentation](https://www.pulumi.com/docs/reference/programming-model/#providers) for more information.

func NewProvider 

func NewProvider(ctx *pulumi.Context,
	name string, args *ProviderArgs, opts ...pulumi.ResourceOption) (*Provider, error)

NewProvider registers a new resource with the given unique name, arguments, and options.

type ProviderArgs 

type ProviderArgs struct {
	// If true, adds the value of the `address` argument to the Terraform process environment.
	AddAddressToEnv pulumi.StringPtrInput
	// URL of the root of the target Vault server.
	Address pulumi.StringPtrInput
	// Login to vault with an existing auth method using auth/<mount>/login
	AuthLogins ProviderAuthLoginArrayInput
	// Path to directory containing CA certificate files to validate the server's certificate.
	CaCertDir pulumi.StringPtrInput
	// Path to a CA certificate file to validate the server's certificate.
	CaCertFile pulumi.StringPtrInput
	// Client authentication credentials.
	ClientAuths ProviderClientAuthArrayInput
	// The headers to send with each Vault request.
	Headers ProviderHeaderArrayInput
	// Maximum TTL for secret leases requested by this provider
	MaxLeaseTtlSeconds pulumi.IntPtrInput
	// Maximum number of retries when a 5xx error code is encountered.
	MaxRetries pulumi.IntPtrInput
	// The namespace to use. Available only for Vault Enterprise
	Namespace pulumi.StringPtrInput
	// Set this to true only if the target Vault server is an insecure development instance.
	SkipTlsVerify pulumi.BoolPtrInput
	// Token to use to authenticate to Vault.
	Token pulumi.StringPtrInput
	// Token name to use for creating the Vault child token.
	TokenName pulumi.StringPtrInput
}

The set of arguments for constructing a Provider resource.

func (ProviderArgs) ElementType 

func (ProviderArgs) ElementType() reflect.Type

type ProviderAuthLogin 

type ProviderAuthLogin struct {
	Namespace  *string           `pulumi:"namespace"`
	Parameters map[string]string `pulumi:"parameters"`
	Path       string            `pulumi:"path"`
}

type ProviderAuthLoginArgs 

type ProviderAuthLoginArgs struct {
	Namespace  pulumi.StringPtrInput `pulumi:"namespace"`
	Parameters pulumi.StringMapInput `pulumi:"parameters"`
	Path       pulumi.StringInput    `pulumi:"path"`
}

func (ProviderAuthLoginArgs) ElementType 

func (ProviderAuthLoginArgs) ElementType() reflect.Type

func (ProviderAuthLoginArgs) ToProviderAuthLoginOutput 

func (i ProviderAuthLoginArgs) ToProviderAuthLoginOutput() ProviderAuthLoginOutput

func (ProviderAuthLoginArgs) ToProviderAuthLoginOutputWithContext 

func (i ProviderAuthLoginArgs) ToProviderAuthLoginOutputWithContext(ctx context.Context) ProviderAuthLoginOutput

type ProviderAuthLoginArray 

type ProviderAuthLoginArray []ProviderAuthLoginInput

func (ProviderAuthLoginArray) ElementType 

func (ProviderAuthLoginArray) ElementType() reflect.Type

func (ProviderAuthLoginArray) ToProviderAuthLoginArrayOutput 

func (i ProviderAuthLoginArray) ToProviderAuthLoginArrayOutput() ProviderAuthLoginArrayOutput

func (ProviderAuthLoginArray) ToProviderAuthLoginArrayOutputWithContext 

func (i ProviderAuthLoginArray) ToProviderAuthLoginArrayOutputWithContext(ctx context.Context) ProviderAuthLoginArrayOutput

type ProviderAuthLoginArrayInput 

type ProviderAuthLoginArrayInput interface {
	pulumi.Input

	ToProviderAuthLoginArrayOutput() ProviderAuthLoginArrayOutput
	ToProviderAuthLoginArrayOutputWithContext(context.Context) ProviderAuthLoginArrayOutput
}

ProviderAuthLoginArrayInput is an input type that accepts ProviderAuthLoginArray and ProviderAuthLoginArrayOutput values. You can construct a concrete instance of `ProviderAuthLoginArrayInput` via: 

ProviderAuthLoginArray{ ProviderAuthLoginArgs{...} }

type ProviderAuthLoginArrayOutput 

type ProviderAuthLoginArrayOutput struct{ *pulumi.OutputState }

func (ProviderAuthLoginArrayOutput) ElementType 

func (ProviderAuthLoginArrayOutput) ElementType() reflect.Type

func (ProviderAuthLoginArrayOutput) Index 

func (o ProviderAuthLoginArrayOutput) Index(i pulumi.IntInput) ProviderAuthLoginOutput

func (ProviderAuthLoginArrayOutput) ToProviderAuthLoginArrayOutput 

func (o ProviderAuthLoginArrayOutput) ToProviderAuthLoginArrayOutput() ProviderAuthLoginArrayOutput

func (ProviderAuthLoginArrayOutput) ToProviderAuthLoginArrayOutputWithContext 

func (o ProviderAuthLoginArrayOutput) ToProviderAuthLoginArrayOutputWithContext(ctx context.Context) ProviderAuthLoginArrayOutput

type ProviderAuthLoginInput 

type ProviderAuthLoginInput interface {
	pulumi.Input

	ToProviderAuthLoginOutput() ProviderAuthLoginOutput
	ToProviderAuthLoginOutputWithContext(context.Context) ProviderAuthLoginOutput
}

ProviderAuthLoginInput is an input type that accepts ProviderAuthLoginArgs and ProviderAuthLoginOutput values. You can construct a concrete instance of `ProviderAuthLoginInput` via: 

ProviderAuthLoginArgs{...}

type ProviderAuthLoginOutput 

type ProviderAuthLoginOutput struct{ *pulumi.OutputState }

func (ProviderAuthLoginOutput) ElementType 

func (ProviderAuthLoginOutput) ElementType() reflect.Type

func (ProviderAuthLoginOutput) Namespace 

func (o ProviderAuthLoginOutput) Namespace() pulumi.StringPtrOutput

func (ProviderAuthLoginOutput) Parameters 

func (o ProviderAuthLoginOutput) Parameters() pulumi.StringMapOutput

func (ProviderAuthLoginOutput) Path 

func (o ProviderAuthLoginOutput) Path() pulumi.StringOutput

func (ProviderAuthLoginOutput) ToProviderAuthLoginOutput 

func (o ProviderAuthLoginOutput) ToProviderAuthLoginOutput() ProviderAuthLoginOutput

func (ProviderAuthLoginOutput) ToProviderAuthLoginOutputWithContext 

func (o ProviderAuthLoginOutput) ToProviderAuthLoginOutputWithContext(ctx context.Context) ProviderAuthLoginOutput

type ProviderClientAuth 

type ProviderClientAuth struct {
	CertFile string `pulumi:"certFile"`
	KeyFile  string `pulumi:"keyFile"`
}

type ProviderClientAuthArgs 

type ProviderClientAuthArgs struct {
	CertFile pulumi.StringInput `pulumi:"certFile"`
	KeyFile  pulumi.StringInput `pulumi:"keyFile"`
}

func (ProviderClientAuthArgs) ElementType 

func (ProviderClientAuthArgs) ElementType() reflect.Type

func (ProviderClientAuthArgs) ToProviderClientAuthOutput 

func (i ProviderClientAuthArgs) ToProviderClientAuthOutput() ProviderClientAuthOutput

func (ProviderClientAuthArgs) ToProviderClientAuthOutputWithContext 

func (i ProviderClientAuthArgs) ToProviderClientAuthOutputWithContext(ctx context.Context) ProviderClientAuthOutput

type ProviderClientAuthArray 

type ProviderClientAuthArray []ProviderClientAuthInput

func (ProviderClientAuthArray) ElementType 

func (ProviderClientAuthArray) ElementType() reflect.Type

func (ProviderClientAuthArray) ToProviderClientAuthArrayOutput 

func (i ProviderClientAuthArray) ToProviderClientAuthArrayOutput() ProviderClientAuthArrayOutput

func (ProviderClientAuthArray) ToProviderClientAuthArrayOutputWithContext 

func (i ProviderClientAuthArray) ToProviderClientAuthArrayOutputWithContext(ctx context.Context) ProviderClientAuthArrayOutput

type ProviderClientAuthArrayInput 

type ProviderClientAuthArrayInput interface {
	pulumi.Input

	ToProviderClientAuthArrayOutput() ProviderClientAuthArrayOutput
	ToProviderClientAuthArrayOutputWithContext(context.Context) ProviderClientAuthArrayOutput
}

ProviderClientAuthArrayInput is an input type that accepts ProviderClientAuthArray and ProviderClientAuthArrayOutput values. You can construct a concrete instance of `ProviderClientAuthArrayInput` via: 

ProviderClientAuthArray{ ProviderClientAuthArgs{...} }

type ProviderClientAuthArrayOutput 

type ProviderClientAuthArrayOutput struct{ *pulumi.OutputState }

func (ProviderClientAuthArrayOutput) ElementType 

func (ProviderClientAuthArrayOutput) ElementType() reflect.Type

func (ProviderClientAuthArrayOutput) Index 

func (o ProviderClientAuthArrayOutput) Index(i pulumi.IntInput) ProviderClientAuthOutput

func (ProviderClientAuthArrayOutput) ToProviderClientAuthArrayOutput 

func (o ProviderClientAuthArrayOutput) ToProviderClientAuthArrayOutput() ProviderClientAuthArrayOutput

func (ProviderClientAuthArrayOutput) ToProviderClientAuthArrayOutputWithContext 

func (o ProviderClientAuthArrayOutput) ToProviderClientAuthArrayOutputWithContext(ctx context.Context) ProviderClientAuthArrayOutput

type ProviderClientAuthInput 

type ProviderClientAuthInput interface {
	pulumi.Input

	ToProviderClientAuthOutput() ProviderClientAuthOutput
	ToProviderClientAuthOutputWithContext(context.Context) ProviderClientAuthOutput
}

ProviderClientAuthInput is an input type that accepts ProviderClientAuthArgs and ProviderClientAuthOutput values. You can construct a concrete instance of `ProviderClientAuthInput` via: 

ProviderClientAuthArgs{...}

type ProviderClientAuthOutput 

type ProviderClientAuthOutput struct{ *pulumi.OutputState }

func (ProviderClientAuthOutput) CertFile 

func (o ProviderClientAuthOutput) CertFile() pulumi.StringOutput

func (ProviderClientAuthOutput) ElementType 

func (ProviderClientAuthOutput) ElementType() reflect.Type

func (ProviderClientAuthOutput) KeyFile 

func (o ProviderClientAuthOutput) KeyFile() pulumi.StringOutput

func (ProviderClientAuthOutput) ToProviderClientAuthOutput 

func (o ProviderClientAuthOutput) ToProviderClientAuthOutput() ProviderClientAuthOutput

func (ProviderClientAuthOutput) ToProviderClientAuthOutputWithContext 

func (o ProviderClientAuthOutput) ToProviderClientAuthOutputWithContext(ctx context.Context) ProviderClientAuthOutput

type ProviderHeader 

type ProviderHeader struct {
	Name  string `pulumi:"name"`
	Value string `pulumi:"value"`
}

type ProviderHeaderArgs 

type ProviderHeaderArgs struct {
	Name  pulumi.StringInput `pulumi:"name"`
	Value pulumi.StringInput `pulumi:"value"`
}

func (ProviderHeaderArgs) ElementType 

func (ProviderHeaderArgs) ElementType() reflect.Type

func (ProviderHeaderArgs) ToProviderHeaderOutput 

func (i ProviderHeaderArgs) ToProviderHeaderOutput() ProviderHeaderOutput

func (ProviderHeaderArgs) ToProviderHeaderOutputWithContext 

func (i ProviderHeaderArgs) ToProviderHeaderOutputWithContext(ctx context.Context) ProviderHeaderOutput

type ProviderHeaderArray 

type ProviderHeaderArray []ProviderHeaderInput

func (ProviderHeaderArray) ElementType 

func (ProviderHeaderArray) ElementType() reflect.Type

func (ProviderHeaderArray) ToProviderHeaderArrayOutput 

func (i ProviderHeaderArray) ToProviderHeaderArrayOutput() ProviderHeaderArrayOutput

func (ProviderHeaderArray) ToProviderHeaderArrayOutputWithContext 

func (i ProviderHeaderArray) ToProviderHeaderArrayOutputWithContext(ctx context.Context) ProviderHeaderArrayOutput

type ProviderHeaderArrayInput 

type ProviderHeaderArrayInput interface {
	pulumi.Input

	ToProviderHeaderArrayOutput() ProviderHeaderArrayOutput
	ToProviderHeaderArrayOutputWithContext(context.Context) ProviderHeaderArrayOutput
}

ProviderHeaderArrayInput is an input type that accepts ProviderHeaderArray and ProviderHeaderArrayOutput values. You can construct a concrete instance of `ProviderHeaderArrayInput` via: 

ProviderHeaderArray{ ProviderHeaderArgs{...} }

type ProviderHeaderArrayOutput 

type ProviderHeaderArrayOutput struct{ *pulumi.OutputState }

func (ProviderHeaderArrayOutput) ElementType 

func (ProviderHeaderArrayOutput) ElementType() reflect.Type

func (ProviderHeaderArrayOutput) Index 

func (o ProviderHeaderArrayOutput) Index(i pulumi.IntInput) ProviderHeaderOutput

func (ProviderHeaderArrayOutput) ToProviderHeaderArrayOutput 

func (o ProviderHeaderArrayOutput) ToProviderHeaderArrayOutput() ProviderHeaderArrayOutput

func (ProviderHeaderArrayOutput) ToProviderHeaderArrayOutputWithContext 

func (o ProviderHeaderArrayOutput) ToProviderHeaderArrayOutputWithContext(ctx context.Context) ProviderHeaderArrayOutput

type ProviderHeaderInput 

type ProviderHeaderInput interface {
	pulumi.Input

	ToProviderHeaderOutput() ProviderHeaderOutput
	ToProviderHeaderOutputWithContext(context.Context) ProviderHeaderOutput
}

ProviderHeaderInput is an input type that accepts ProviderHeaderArgs and ProviderHeaderOutput values. You can construct a concrete instance of `ProviderHeaderInput` via: 

ProviderHeaderArgs{...}

type ProviderHeaderOutput 

type ProviderHeaderOutput struct{ *pulumi.OutputState }

func (ProviderHeaderOutput) ElementType 

func (ProviderHeaderOutput) ElementType() reflect.Type

func (ProviderHeaderOutput) Name 

func (o ProviderHeaderOutput) Name() pulumi.StringOutput

func (ProviderHeaderOutput) ToProviderHeaderOutput 

func (o ProviderHeaderOutput) ToProviderHeaderOutput() ProviderHeaderOutput

func (ProviderHeaderOutput) ToProviderHeaderOutputWithContext 

func (o ProviderHeaderOutput) ToProviderHeaderOutputWithContext(ctx context.Context) ProviderHeaderOutput

func (ProviderHeaderOutput) Value 

func (o ProviderHeaderOutput) Value() pulumi.StringOutput

type QuotaRateLimit 

type QuotaRateLimit struct {
	pulumi.CustomResourceState

	// Name of the rate limit quota
	Name pulumi.StringOutput `pulumi:"name"`
	// Path of the mount or namespace to apply the quota. A blank path configures a
	// global rate limit quota. For example `namespace1/` adds a quota to a full namespace,
	// `namespace1/auth/userpass` adds a `quota` to `userpass` in `namespace1`.
	// Updating this field on an existing quota can have "moving" effects. For example, updating
	// `auth/userpass` to `namespace1/auth/userpass` moves this quota from being a global mount quota to
	// a namespace specific mount quota. **Note, namespaces are supported in Enterprise only.**
	Path pulumi.StringPtrOutput `pulumi:"path"`
	// The maximum number of requests at any given second to be allowed by the quota
	// rule. The `rate` must be positive.
	Rate pulumi.Float64Output `pulumi:"rate"`
}

Manage rate limit quotas which enforce API rate limiting using a token bucket algorithm. A rate limit quota can be created at the root level or defined on a namespace or mount by specifying a path when creating the quota.

See [Vault's Documentation](https://www.vaultproject.io/docs/concepts/resource-quotas) for more information.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-vault/sdk/v3/go/vault"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := vault.NewQuotaRateLimit(ctx, "global", &vault.QuotaRateLimitArgs{
			Path: pulumi.String(""),
			Rate: pulumi.Float64(100),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

func GetQuotaRateLimit 

func GetQuotaRateLimit(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *QuotaRateLimitState, opts ...pulumi.ResourceOption) (*QuotaRateLimit, error)

GetQuotaRateLimit gets an existing QuotaRateLimit resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewQuotaRateLimit 

func NewQuotaRateLimit(ctx *pulumi.Context,
	name string, args *QuotaRateLimitArgs, opts ...pulumi.ResourceOption) (*QuotaRateLimit, error)

NewQuotaRateLimit registers a new resource with the given unique name, arguments, and options.

type QuotaRateLimitArgs 

type QuotaRateLimitArgs struct {
	// Name of the rate limit quota
	Name pulumi.StringPtrInput
	// Path of the mount or namespace to apply the quota. A blank path configures a
	// global rate limit quota. For example `namespace1/` adds a quota to a full namespace,
	// `namespace1/auth/userpass` adds a `quota` to `userpass` in `namespace1`.
	// Updating this field on an existing quota can have "moving" effects. For example, updating
	// `auth/userpass` to `namespace1/auth/userpass` moves this quota from being a global mount quota to
	// a namespace specific mount quota. **Note, namespaces are supported in Enterprise only.**
	Path pulumi.StringPtrInput
	// The maximum number of requests at any given second to be allowed by the quota
	// rule. The `rate` must be positive.
	Rate pulumi.Float64Input
}

The set of arguments for constructing a QuotaRateLimit resource.

func (QuotaRateLimitArgs) ElementType 

func (QuotaRateLimitArgs) ElementType() reflect.Type

type QuotaRateLimitState 

type QuotaRateLimitState struct {
	// Name of the rate limit quota
	Name pulumi.StringPtrInput
	// Path of the mount or namespace to apply the quota. A blank path configures a
	// global rate limit quota. For example `namespace1/` adds a quota to a full namespace,
	// `namespace1/auth/userpass` adds a `quota` to `userpass` in `namespace1`.
	// Updating this field on an existing quota can have "moving" effects. For example, updating
	// `auth/userpass` to `namespace1/auth/userpass` moves this quota from being a global mount quota to
	// a namespace specific mount quota. **Note, namespaces are supported in Enterprise only.**
	Path pulumi.StringPtrInput
	// The maximum number of requests at any given second to be allowed by the quota
	// rule. The `rate` must be positive.
	Rate pulumi.Float64PtrInput
}

func (QuotaRateLimitState) ElementType 

func (QuotaRateLimitState) ElementType() reflect.Type

type RgpPolicy 

type RgpPolicy struct {
	pulumi.CustomResourceState

	// Enforcement level of Sentinel policy. Can be either `advisory` or `soft-mandatory` or `hard-mandatory`
	EnforcementLevel pulumi.StringOutput `pulumi:"enforcementLevel"`
	// The name of the policy
	Name pulumi.StringOutput `pulumi:"name"`
	// String containing a Sentinel policy
	Policy pulumi.StringOutput `pulumi:"policy"`
}

Provides a resource to manage Role Governing Policy (RGP) via [Sentinel](https://www.vaultproject.io/docs/enterprise/sentinel/index.html).

**Note** this feature is available only with Vault Enterprise.

## Example Usage

```go package main

import ( 

"fmt"

"github.com/pulumi/pulumi-vault/sdk/v3/go/vault"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := vault.NewRgpPolicy(ctx, "allow_all", &vault.RgpPolicyArgs{
			EnforcementLevel: pulumi.String("soft-mandatory"),
			Policy:           pulumi.String(fmt.Sprintf("%v%v%v%v", "main = rule {\n", "  true\n", "}\n", "\n")),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

func GetRgpPolicy 

func GetRgpPolicy(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *RgpPolicyState, opts ...pulumi.ResourceOption) (*RgpPolicy, error)

GetRgpPolicy gets an existing RgpPolicy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewRgpPolicy 

func NewRgpPolicy(ctx *pulumi.Context,
	name string, args *RgpPolicyArgs, opts ...pulumi.ResourceOption) (*RgpPolicy, error)

NewRgpPolicy registers a new resource with the given unique name, arguments, and options.

type RgpPolicyArgs 

type RgpPolicyArgs struct {
	// Enforcement level of Sentinel policy. Can be either `advisory` or `soft-mandatory` or `hard-mandatory`
	EnforcementLevel pulumi.StringInput
	// The name of the policy
	Name pulumi.StringPtrInput
	// String containing a Sentinel policy
	Policy pulumi.StringInput
}

The set of arguments for constructing a RgpPolicy resource.

func (RgpPolicyArgs) ElementType 

func (RgpPolicyArgs) ElementType() reflect.Type

type RgpPolicyState 

type RgpPolicyState struct {
	// Enforcement level of Sentinel policy. Can be either `advisory` or `soft-mandatory` or `hard-mandatory`
	EnforcementLevel pulumi.StringPtrInput
	// The name of the policy
	Name pulumi.StringPtrInput
	// String containing a Sentinel policy
	Policy pulumi.StringPtrInput
}

func (RgpPolicyState) ElementType 

func (RgpPolicyState) ElementType() reflect.Type

type Token 

type Token struct {
	pulumi.CustomResourceState

	// String containing the client token if stored in present file
	ClientToken pulumi.StringOutput `pulumi:"clientToken"`
	// String containing the token display name
	DisplayName pulumi.StringPtrOutput `pulumi:"displayName"`
	// String containing the client token encrypted with the given `pgpKey` if stored in present file
	EncryptedClientToken pulumi.StringOutput `pulumi:"encryptedClientToken"`
	// The explicit max TTL of this token
	ExplicitMaxTtl pulumi.StringPtrOutput `pulumi:"explicitMaxTtl"`
	// String containing the token lease duration if present in state file
	LeaseDuration pulumi.IntOutput `pulumi:"leaseDuration"`
	// String containing the token lease started time if present in state file
	LeaseStarted pulumi.StringOutput `pulumi:"leaseStarted"`
	// Flag to not attach the default policy to this token
	NoDefaultPolicy pulumi.BoolPtrOutput `pulumi:"noDefaultPolicy"`
	// Flag to create a token without parent
	NoParent pulumi.BoolOutput `pulumi:"noParent"`
	// The number of allowed uses of this token
	NumUses pulumi.IntOutput `pulumi:"numUses"`
	// The period of this token
	Period pulumi.StringPtrOutput `pulumi:"period"`
	// The PGP key (base64 encoded) to encrypt the token.
	PgpKey pulumi.StringPtrOutput `pulumi:"pgpKey"`
	// List of policies to attach to this token
	Policies pulumi.StringArrayOutput `pulumi:"policies"`
	// The renew increment
	RenewIncrement pulumi.IntPtrOutput `pulumi:"renewIncrement"`
	// The minimal lease to renew this token
	RenewMinLease pulumi.IntPtrOutput `pulumi:"renewMinLease"`
	// Flag to allow to renew this token
	Renewable pulumi.BoolOutput `pulumi:"renewable"`
	// The token role name
	RoleName pulumi.StringPtrOutput `pulumi:"roleName"`
	// The TTL period of this token
	Ttl pulumi.StringPtrOutput `pulumi:"ttl"`
	// The client wrapped token.
	WrappedToken pulumi.StringOutput `pulumi:"wrappedToken"`
	// The client wrapping accessor.
	WrappingAccessor pulumi.StringOutput `pulumi:"wrappingAccessor"`
	// The TTL period of the wrapped token.
	WrappingTtl pulumi.StringPtrOutput `pulumi:"wrappingTtl"`
}

func GetToken 

func GetToken(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *TokenState, opts ...pulumi.ResourceOption) (*Token, error)

GetToken gets an existing Token resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewToken 

func NewToken(ctx *pulumi.Context,
	name string, args *TokenArgs, opts ...pulumi.ResourceOption) (*Token, error)

NewToken registers a new resource with the given unique name, arguments, and options.

type TokenArgs 

type TokenArgs struct {
	// String containing the token display name
	DisplayName pulumi.StringPtrInput
	// The explicit max TTL of this token
	ExplicitMaxTtl pulumi.StringPtrInput
	// Flag to not attach the default policy to this token
	NoDefaultPolicy pulumi.BoolPtrInput
	// Flag to create a token without parent
	NoParent pulumi.BoolPtrInput
	// The number of allowed uses of this token
	NumUses pulumi.IntPtrInput
	// The period of this token
	Period pulumi.StringPtrInput
	// The PGP key (base64 encoded) to encrypt the token.
	PgpKey pulumi.StringPtrInput
	// List of policies to attach to this token
	Policies pulumi.StringArrayInput
	// The renew increment
	RenewIncrement pulumi.IntPtrInput
	// The minimal lease to renew this token
	RenewMinLease pulumi.IntPtrInput
	// Flag to allow to renew this token
	Renewable pulumi.BoolPtrInput
	// The token role name
	RoleName pulumi.StringPtrInput
	// The TTL period of this token
	Ttl pulumi.StringPtrInput
	// The TTL period of the wrapped token.
	WrappingTtl pulumi.StringPtrInput
}

The set of arguments for constructing a Token resource.

func (TokenArgs) ElementType 

func (TokenArgs) ElementType() reflect.Type

type TokenState 

type TokenState struct {
	// String containing the client token if stored in present file
	ClientToken pulumi.StringPtrInput
	// String containing the token display name
	DisplayName pulumi.StringPtrInput
	// String containing the client token encrypted with the given `pgpKey` if stored in present file
	EncryptedClientToken pulumi.StringPtrInput
	// The explicit max TTL of this token
	ExplicitMaxTtl pulumi.StringPtrInput
	// String containing the token lease duration if present in state file
	LeaseDuration pulumi.IntPtrInput
	// String containing the token lease started time if present in state file
	LeaseStarted pulumi.StringPtrInput
	// Flag to not attach the default policy to this token
	NoDefaultPolicy pulumi.BoolPtrInput
	// Flag to create a token without parent
	NoParent pulumi.BoolPtrInput
	// The number of allowed uses of this token
	NumUses pulumi.IntPtrInput
	// The period of this token
	Period pulumi.StringPtrInput
	// The PGP key (base64 encoded) to encrypt the token.
	PgpKey pulumi.StringPtrInput
	// List of policies to attach to this token
	Policies pulumi.StringArrayInput
	// The renew increment
	RenewIncrement pulumi.IntPtrInput
	// The minimal lease to renew this token
	RenewMinLease pulumi.IntPtrInput
	// Flag to allow to renew this token
	Renewable pulumi.BoolPtrInput
	// The token role name
	RoleName pulumi.StringPtrInput
	// The TTL period of this token
	Ttl pulumi.StringPtrInput
	// The client wrapped token.
	WrappedToken pulumi.StringPtrInput
	// The client wrapping accessor.
	WrappingAccessor pulumi.StringPtrInput
	// The TTL period of the wrapped token.
	WrappingTtl pulumi.StringPtrInput
}

func (TokenState) ElementType 

func (TokenState) ElementType() reflect.Type

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.