The highest tagged major version is
Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type SecretBackendCa ¶
type SecretBackendCa struct {
pulumi.CustomResourceState
// The path where the SSH secret backend is mounted. Defaults to 'ssh'
Backend pulumi.StringPtrOutput `pulumi:"backend"`
// Whether Vault should generate the signing key pair internally. Defaults to true
GenerateSigningKey pulumi.BoolPtrOutput `pulumi:"generateSigningKey"`
// The private key part the SSH CA key pair; required if generateSigningKey is false.
PrivateKey pulumi.StringOutput `pulumi:"privateKey"`
// The public key part the SSH CA key pair; required if generateSigningKey is false.
PublicKey pulumi.StringOutput `pulumi:"publicKey"`
}
Provides a resource to manage CA information in an SSH secret backend [SSH secret backend within Vault](https://www.vaultproject.io/docs/secrets/ssh/index.html).
## Example Usage
```go package main
import (
"github.com/pulumi/pulumi-vault/sdk/v3/go/vault" "github.com/pulumi/pulumi-vault/sdk/v3/go/vault/ssh" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := vault.NewMount(ctx, "example", &vault.MountArgs{
Type: pulumi.String("ssh"),
})
if err != nil {
return err
}
_, err = ssh.NewSecretBackendCa(ctx, "foo", &ssh.SecretBackendCaArgs{
Backend: example.Path,
})
if err != nil {
return err
}
return nil
})
}
```
func GetSecretBackendCa ¶
func GetSecretBackendCa(ctx *pulumi.Context, name string, id pulumi.IDInput, state *SecretBackendCaState, opts ...pulumi.ResourceOption) (*SecretBackendCa, error)
GetSecretBackendCa gets an existing SecretBackendCa resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewSecretBackendCa ¶
func NewSecretBackendCa(ctx *pulumi.Context, name string, args *SecretBackendCaArgs, opts ...pulumi.ResourceOption) (*SecretBackendCa, error)
NewSecretBackendCa registers a new resource with the given unique name, arguments, and options.
type SecretBackendCaArgs ¶
type SecretBackendCaArgs struct {
// The path where the SSH secret backend is mounted. Defaults to 'ssh'
Backend pulumi.StringPtrInput
// Whether Vault should generate the signing key pair internally. Defaults to true
GenerateSigningKey pulumi.BoolPtrInput
// The private key part the SSH CA key pair; required if generateSigningKey is false.
PrivateKey pulumi.StringPtrInput
// The public key part the SSH CA key pair; required if generateSigningKey is false.
PublicKey pulumi.StringPtrInput
}
The set of arguments for constructing a SecretBackendCa resource.
func (SecretBackendCaArgs) ElementType ¶
func (SecretBackendCaArgs) ElementType() reflect.Type
type SecretBackendCaState ¶
type SecretBackendCaState struct {
// The path where the SSH secret backend is mounted. Defaults to 'ssh'
Backend pulumi.StringPtrInput
// Whether Vault should generate the signing key pair internally. Defaults to true
GenerateSigningKey pulumi.BoolPtrInput
// The private key part the SSH CA key pair; required if generateSigningKey is false.
PrivateKey pulumi.StringPtrInput
// The public key part the SSH CA key pair; required if generateSigningKey is false.
PublicKey pulumi.StringPtrInput
}
func (SecretBackendCaState) ElementType ¶
func (SecretBackendCaState) ElementType() reflect.Type
type SecretBackendRole ¶
type SecretBackendRole struct {
pulumi.CustomResourceState
// When supplied, this value specifies a signing algorithm for the key. Possible values: ssh-rsa, rsa-sha2-256, rsa-sha2-512.
AlgorithmSigner pulumi.StringOutput `pulumi:"algorithmSigner"`
// Specifies if host certificates that are requested are allowed to use the base domains listed in `allowedDomains`.
AllowBareDomains pulumi.BoolPtrOutput `pulumi:"allowBareDomains"`
// Specifies if certificates are allowed to be signed for use as a 'host'.
AllowHostCertificates pulumi.BoolPtrOutput `pulumi:"allowHostCertificates"`
// Specifies if host certificates that are requested are allowed to be subdomains of those listed in `allowedDomains`.
AllowSubdomains pulumi.BoolPtrOutput `pulumi:"allowSubdomains"`
// Specifies if certificates are allowed to be signed for use as a 'user'.
AllowUserCertificates pulumi.BoolPtrOutput `pulumi:"allowUserCertificates"`
// Specifies if users can override the key ID for a signed certificate with the `keyId` field.
AllowUserKeyIds pulumi.BoolPtrOutput `pulumi:"allowUserKeyIds"`
// Specifies a comma-separated list of critical options that certificates can have when signed.
AllowedCriticalOptions pulumi.StringPtrOutput `pulumi:"allowedCriticalOptions"`
// The list of domains for which a client can request a host certificate.
AllowedDomains pulumi.StringPtrOutput `pulumi:"allowedDomains"`
// Specifies a comma-separated list of extensions that certificates can have when signed.
AllowedExtensions pulumi.StringPtrOutput `pulumi:"allowedExtensions"`
// Specifies a map of ssh key types and their expected sizes which are allowed to be signed by the CA type.
AllowedUserKeyLengths pulumi.MapOutput `pulumi:"allowedUserKeyLengths"`
// Specifies a comma-separated list of usernames that are to be allowed, only if certain usernames are to be allowed.
AllowedUsers pulumi.StringPtrOutput `pulumi:"allowedUsers"`
// Specifies if `allowedUsers` can be declared using identity template policies. Non-templated users are also permitted.
AllowedUsersTemplate pulumi.BoolPtrOutput `pulumi:"allowedUsersTemplate"`
// The path where the SSH secret backend is mounted.
Backend pulumi.StringOutput `pulumi:"backend"`
// The comma-separated string of CIDR blocks for which this role is applicable.
CidrList pulumi.StringPtrOutput `pulumi:"cidrList"`
// Specifies a map of critical options that certificates have when signed.
DefaultCriticalOptions pulumi.MapOutput `pulumi:"defaultCriticalOptions"`
// Specifies a map of extensions that certificates have when signed.
DefaultExtensions pulumi.MapOutput `pulumi:"defaultExtensions"`
// Specifies the default username for which a credential will be generated.
DefaultUser pulumi.StringPtrOutput `pulumi:"defaultUser"`
// Specifies a custom format for the key id of a signed certificate.
KeyIdFormat pulumi.StringPtrOutput `pulumi:"keyIdFormat"`
// Specifies the type of credentials generated by this role. This can be either `otp`, `dynamic` or `ca`.
KeyType pulumi.StringOutput `pulumi:"keyType"`
// Specifies the maximum Time To Live value.
MaxTtl pulumi.StringOutput `pulumi:"maxTtl"`
// Specifies the name of the role to create.
Name pulumi.StringOutput `pulumi:"name"`
// Specifies the Time To Live value.
Ttl pulumi.StringOutput `pulumi:"ttl"`
}
Provides a resource to manage roles in an SSH secret backend [SSH secret backend within Vault](https://www.vaultproject.io/docs/secrets/ssh/index.html).
## Example Usage
```go package main
import (
"github.com/pulumi/pulumi-vault/sdk/v3/go/vault" "github.com/pulumi/pulumi-vault/sdk/v3/go/vault/ssh" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := vault.NewMount(ctx, "example", &vault.MountArgs{
Type: pulumi.String("ssh"),
})
if err != nil {
return err
}
_, err = ssh.NewSecretBackendRole(ctx, "foo", &ssh.SecretBackendRoleArgs{
AllowUserCertificates: pulumi.Bool(true),
Backend: example.Path,
KeyType: pulumi.String("ca"),
})
if err != nil {
return err
}
_, err = ssh.NewSecretBackendRole(ctx, "bar", &ssh.SecretBackendRoleArgs{
AllowedUsers: pulumi.String("default,baz"),
Backend: example.Path,
CidrList: pulumi.String("0.0.0.0/0"),
DefaultUser: pulumi.String("default"),
KeyType: pulumi.String("otp"),
})
if err != nil {
return err
}
return nil
})
}
```
func GetSecretBackendRole ¶
func GetSecretBackendRole(ctx *pulumi.Context, name string, id pulumi.IDInput, state *SecretBackendRoleState, opts ...pulumi.ResourceOption) (*SecretBackendRole, error)
GetSecretBackendRole gets an existing SecretBackendRole resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewSecretBackendRole ¶
func NewSecretBackendRole(ctx *pulumi.Context, name string, args *SecretBackendRoleArgs, opts ...pulumi.ResourceOption) (*SecretBackendRole, error)
NewSecretBackendRole registers a new resource with the given unique name, arguments, and options.
type SecretBackendRoleArgs ¶
type SecretBackendRoleArgs struct {
// When supplied, this value specifies a signing algorithm for the key. Possible values: ssh-rsa, rsa-sha2-256, rsa-sha2-512.
AlgorithmSigner pulumi.StringPtrInput
// Specifies if host certificates that are requested are allowed to use the base domains listed in `allowedDomains`.
AllowBareDomains pulumi.BoolPtrInput
// Specifies if certificates are allowed to be signed for use as a 'host'.
AllowHostCertificates pulumi.BoolPtrInput
// Specifies if host certificates that are requested are allowed to be subdomains of those listed in `allowedDomains`.
AllowSubdomains pulumi.BoolPtrInput
// Specifies if certificates are allowed to be signed for use as a 'user'.
AllowUserCertificates pulumi.BoolPtrInput
// Specifies if users can override the key ID for a signed certificate with the `keyId` field.
AllowUserKeyIds pulumi.BoolPtrInput
// Specifies a comma-separated list of critical options that certificates can have when signed.
AllowedCriticalOptions pulumi.StringPtrInput
// The list of domains for which a client can request a host certificate.
AllowedDomains pulumi.StringPtrInput
// Specifies a comma-separated list of extensions that certificates can have when signed.
AllowedExtensions pulumi.StringPtrInput
// Specifies a map of ssh key types and their expected sizes which are allowed to be signed by the CA type.
AllowedUserKeyLengths pulumi.MapInput
// Specifies a comma-separated list of usernames that are to be allowed, only if certain usernames are to be allowed.
AllowedUsers pulumi.StringPtrInput
// Specifies if `allowedUsers` can be declared using identity template policies. Non-templated users are also permitted.
AllowedUsersTemplate pulumi.BoolPtrInput
// The path where the SSH secret backend is mounted.
Backend pulumi.StringInput
// The comma-separated string of CIDR blocks for which this role is applicable.
CidrList pulumi.StringPtrInput
// Specifies a map of critical options that certificates have when signed.
DefaultCriticalOptions pulumi.MapInput
// Specifies a map of extensions that certificates have when signed.
DefaultExtensions pulumi.MapInput
// Specifies the default username for which a credential will be generated.
DefaultUser pulumi.StringPtrInput
// Specifies a custom format for the key id of a signed certificate.
KeyIdFormat pulumi.StringPtrInput
// Specifies the type of credentials generated by this role. This can be either `otp`, `dynamic` or `ca`.
KeyType pulumi.StringInput
// Specifies the maximum Time To Live value.
MaxTtl pulumi.StringPtrInput
// Specifies the name of the role to create.
Name pulumi.StringPtrInput
// Specifies the Time To Live value.
Ttl pulumi.StringPtrInput
}
The set of arguments for constructing a SecretBackendRole resource.
func (SecretBackendRoleArgs) ElementType ¶
func (SecretBackendRoleArgs) ElementType() reflect.Type
type SecretBackendRoleState ¶
type SecretBackendRoleState struct {
// When supplied, this value specifies a signing algorithm for the key. Possible values: ssh-rsa, rsa-sha2-256, rsa-sha2-512.
AlgorithmSigner pulumi.StringPtrInput
// Specifies if host certificates that are requested are allowed to use the base domains listed in `allowedDomains`.
AllowBareDomains pulumi.BoolPtrInput
// Specifies if certificates are allowed to be signed for use as a 'host'.
AllowHostCertificates pulumi.BoolPtrInput
// Specifies if host certificates that are requested are allowed to be subdomains of those listed in `allowedDomains`.
AllowSubdomains pulumi.BoolPtrInput
// Specifies if certificates are allowed to be signed for use as a 'user'.
AllowUserCertificates pulumi.BoolPtrInput
// Specifies if users can override the key ID for a signed certificate with the `keyId` field.
AllowUserKeyIds pulumi.BoolPtrInput
// Specifies a comma-separated list of critical options that certificates can have when signed.
AllowedCriticalOptions pulumi.StringPtrInput
// The list of domains for which a client can request a host certificate.
AllowedDomains pulumi.StringPtrInput
// Specifies a comma-separated list of extensions that certificates can have when signed.
AllowedExtensions pulumi.StringPtrInput
// Specifies a map of ssh key types and their expected sizes which are allowed to be signed by the CA type.
AllowedUserKeyLengths pulumi.MapInput
// Specifies a comma-separated list of usernames that are to be allowed, only if certain usernames are to be allowed.
AllowedUsers pulumi.StringPtrInput
// Specifies if `allowedUsers` can be declared using identity template policies. Non-templated users are also permitted.
AllowedUsersTemplate pulumi.BoolPtrInput
// The path where the SSH secret backend is mounted.
Backend pulumi.StringPtrInput
// The comma-separated string of CIDR blocks for which this role is applicable.
CidrList pulumi.StringPtrInput
// Specifies a map of critical options that certificates have when signed.
DefaultCriticalOptions pulumi.MapInput
// Specifies a map of extensions that certificates have when signed.
DefaultExtensions pulumi.MapInput
// Specifies the default username for which a credential will be generated.
DefaultUser pulumi.StringPtrInput
// Specifies a custom format for the key id of a signed certificate.
KeyIdFormat pulumi.StringPtrInput
// Specifies the type of credentials generated by this role. This can be either `otp`, `dynamic` or `ca`.
KeyType pulumi.StringPtrInput
// Specifies the maximum Time To Live value.
MaxTtl pulumi.StringPtrInput
// Specifies the name of the role to create.
Name pulumi.StringPtrInput
// Specifies the Time To Live value.
Ttl pulumi.StringPtrInput
}
func (SecretBackendRoleState) ElementType ¶
func (SecretBackendRoleState) ElementType() reflect.Type
Source Files
Click to show internal directories.
Click to hide internal directories.