tokenauth

package
v6.5.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 16, 2025 License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AuthBackendRole 

type AuthBackendRole struct {
	pulumi.CustomResourceState

	// List of allowed entity aliases.
	AllowedEntityAliases pulumi.StringArrayOutput `pulumi:"allowedEntityAliases"`
	// List of allowed policies for given role.
	AllowedPolicies pulumi.StringArrayOutput `pulumi:"allowedPolicies"`
	// Set of allowed policies with glob match for given role.
	AllowedPoliciesGlobs pulumi.StringArrayOutput `pulumi:"allowedPoliciesGlobs"`
	// List of disallowed policies for given role.
	DisallowedPolicies pulumi.StringArrayOutput `pulumi:"disallowedPolicies"`
	// Set of disallowed policies with glob match for given role.
	DisallowedPoliciesGlobs pulumi.StringArrayOutput `pulumi:"disallowedPoliciesGlobs"`
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrOutput `pulumi:"namespace"`
	// If true, tokens created against this policy will be orphan tokens.
	Orphan pulumi.BoolPtrOutput `pulumi:"orphan"`
	// Tokens created against this role will have the given suffix as part of their path in addition to the role name.
	PathSuffix pulumi.StringPtrOutput `pulumi:"pathSuffix"`
	// Whether to disable the ability of the token to be renewed past its initial TTL.
	Renewable pulumi.BoolPtrOutput `pulumi:"renewable"`
	// The name of the role.
	RoleName pulumi.StringOutput `pulumi:"roleName"`
	// Specifies the blocks of IP addresses which are allowed to use the generated token
	TokenBoundCidrs pulumi.StringArrayOutput `pulumi:"tokenBoundCidrs"`
	// Generated Token's Explicit Maximum TTL in seconds
	TokenExplicitMaxTtl pulumi.IntPtrOutput `pulumi:"tokenExplicitMaxTtl"`
	// The maximum lifetime of the generated token
	TokenMaxTtl pulumi.IntPtrOutput `pulumi:"tokenMaxTtl"`
	// If true, the 'default' policy will not automatically be added to generated tokens
	TokenNoDefaultPolicy pulumi.BoolPtrOutput `pulumi:"tokenNoDefaultPolicy"`
	// The maximum number of times a token may be used, a value of zero means unlimited
	TokenNumUses pulumi.IntPtrOutput `pulumi:"tokenNumUses"`
	// Generated Token's Period
	TokenPeriod pulumi.IntPtrOutput `pulumi:"tokenPeriod"`
	// Generated Token's Policies
	TokenPolicies pulumi.StringArrayOutput `pulumi:"tokenPolicies"`
	// The initial ttl of the token to generate in seconds
	TokenTtl pulumi.IntPtrOutput `pulumi:"tokenTtl"`
	// The type of token to generate, service or batch
	TokenType pulumi.StringPtrOutput `pulumi:"tokenType"`
}

Manages Token auth backend role in a Vault server. See the [Vault documentation](https://www.vaultproject.io/docs/auth/token.html) for more information.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/tokenauth"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := tokenauth.NewAuthBackendRole(ctx, "example", &tokenauth.AuthBackendRoleArgs{
			RoleName: pulumi.String("my-role"),
			AllowedPolicies: pulumi.StringArray{
				pulumi.String("dev"),
				pulumi.String("test"),
			},
			DisallowedPolicies: pulumi.StringArray{
				pulumi.String("default"),
			},
			AllowedEntityAliases: pulumi.StringArray{
				pulumi.String("test_entity"),
			},
			Orphan:              pulumi.Bool(true),
			TokenPeriod:         pulumi.Int(86400),
			Renewable:           pulumi.Bool(true),
			TokenExplicitMaxTtl: pulumi.Int(115200),
			PathSuffix:          pulumi.String("path-suffix"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Token auth backend roles can be imported with `auth/token/roles/` followed by the `role_name`, e.g.

```sh $ pulumi import vault:tokenauth/authBackendRole:AuthBackendRole example auth/token/roles/my-role ```

func GetAuthBackendRole 

func GetAuthBackendRole(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AuthBackendRoleState, opts ...pulumi.ResourceOption) (*AuthBackendRole, error)

GetAuthBackendRole gets an existing AuthBackendRole resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAuthBackendRole 

func NewAuthBackendRole(ctx *pulumi.Context,
	name string, args *AuthBackendRoleArgs, opts ...pulumi.ResourceOption) (*AuthBackendRole, error)

NewAuthBackendRole registers a new resource with the given unique name, arguments, and options.

func (*AuthBackendRole) ElementType 

func (*AuthBackendRole) ElementType() reflect.Type

func (*AuthBackendRole) ToAuthBackendRoleOutput 

func (i *AuthBackendRole) ToAuthBackendRoleOutput() AuthBackendRoleOutput

func (*AuthBackendRole) ToAuthBackendRoleOutputWithContext 

func (i *AuthBackendRole) ToAuthBackendRoleOutputWithContext(ctx context.Context) AuthBackendRoleOutput

type AuthBackendRoleArgs 

type AuthBackendRoleArgs struct {
	// List of allowed entity aliases.
	AllowedEntityAliases pulumi.StringArrayInput
	// List of allowed policies for given role.
	AllowedPolicies pulumi.StringArrayInput
	// Set of allowed policies with glob match for given role.
	AllowedPoliciesGlobs pulumi.StringArrayInput
	// List of disallowed policies for given role.
	DisallowedPolicies pulumi.StringArrayInput
	// Set of disallowed policies with glob match for given role.
	DisallowedPoliciesGlobs pulumi.StringArrayInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// If true, tokens created against this policy will be orphan tokens.
	Orphan pulumi.BoolPtrInput
	// Tokens created against this role will have the given suffix as part of their path in addition to the role name.
	PathSuffix pulumi.StringPtrInput
	// Whether to disable the ability of the token to be renewed past its initial TTL.
	Renewable pulumi.BoolPtrInput
	// The name of the role.
	RoleName pulumi.StringInput
	// Specifies the blocks of IP addresses which are allowed to use the generated token
	TokenBoundCidrs pulumi.StringArrayInput
	// Generated Token's Explicit Maximum TTL in seconds
	TokenExplicitMaxTtl pulumi.IntPtrInput
	// The maximum lifetime of the generated token
	TokenMaxTtl pulumi.IntPtrInput
	// If true, the 'default' policy will not automatically be added to generated tokens
	TokenNoDefaultPolicy pulumi.BoolPtrInput
	// The maximum number of times a token may be used, a value of zero means unlimited
	TokenNumUses pulumi.IntPtrInput
	// Generated Token's Period
	TokenPeriod pulumi.IntPtrInput
	// Generated Token's Policies
	TokenPolicies pulumi.StringArrayInput
	// The initial ttl of the token to generate in seconds
	TokenTtl pulumi.IntPtrInput
	// The type of token to generate, service or batch
	TokenType pulumi.StringPtrInput
}

The set of arguments for constructing a AuthBackendRole resource.

func (AuthBackendRoleArgs) ElementType 

func (AuthBackendRoleArgs) ElementType() reflect.Type

type AuthBackendRoleArray 

type AuthBackendRoleArray []AuthBackendRoleInput

func (AuthBackendRoleArray) ElementType 

func (AuthBackendRoleArray) ElementType() reflect.Type

func (AuthBackendRoleArray) ToAuthBackendRoleArrayOutput 

func (i AuthBackendRoleArray) ToAuthBackendRoleArrayOutput() AuthBackendRoleArrayOutput

func (AuthBackendRoleArray) ToAuthBackendRoleArrayOutputWithContext 

func (i AuthBackendRoleArray) ToAuthBackendRoleArrayOutputWithContext(ctx context.Context) AuthBackendRoleArrayOutput

type AuthBackendRoleArrayInput 

type AuthBackendRoleArrayInput interface {
	pulumi.Input

	ToAuthBackendRoleArrayOutput() AuthBackendRoleArrayOutput
	ToAuthBackendRoleArrayOutputWithContext(context.Context) AuthBackendRoleArrayOutput
}

AuthBackendRoleArrayInput is an input type that accepts AuthBackendRoleArray and AuthBackendRoleArrayOutput values. You can construct a concrete instance of `AuthBackendRoleArrayInput` via: 

AuthBackendRoleArray{ AuthBackendRoleArgs{...} }

type AuthBackendRoleArrayOutput 

type AuthBackendRoleArrayOutput struct{ *pulumi.OutputState }

func (AuthBackendRoleArrayOutput) ElementType 

func (AuthBackendRoleArrayOutput) ElementType() reflect.Type

func (AuthBackendRoleArrayOutput) Index 

func (o AuthBackendRoleArrayOutput) Index(i pulumi.IntInput) AuthBackendRoleOutput

func (AuthBackendRoleArrayOutput) ToAuthBackendRoleArrayOutput 

func (o AuthBackendRoleArrayOutput) ToAuthBackendRoleArrayOutput() AuthBackendRoleArrayOutput

func (AuthBackendRoleArrayOutput) ToAuthBackendRoleArrayOutputWithContext 

func (o AuthBackendRoleArrayOutput) ToAuthBackendRoleArrayOutputWithContext(ctx context.Context) AuthBackendRoleArrayOutput

type AuthBackendRoleInput 

type AuthBackendRoleInput interface {
	pulumi.Input

	ToAuthBackendRoleOutput() AuthBackendRoleOutput
	ToAuthBackendRoleOutputWithContext(ctx context.Context) AuthBackendRoleOutput
}

type AuthBackendRoleMap 

type AuthBackendRoleMap map[string]AuthBackendRoleInput

func (AuthBackendRoleMap) ElementType 

func (AuthBackendRoleMap) ElementType() reflect.Type

func (AuthBackendRoleMap) ToAuthBackendRoleMapOutput 

func (i AuthBackendRoleMap) ToAuthBackendRoleMapOutput() AuthBackendRoleMapOutput

func (AuthBackendRoleMap) ToAuthBackendRoleMapOutputWithContext 

func (i AuthBackendRoleMap) ToAuthBackendRoleMapOutputWithContext(ctx context.Context) AuthBackendRoleMapOutput

type AuthBackendRoleMapInput 

type AuthBackendRoleMapInput interface {
	pulumi.Input

	ToAuthBackendRoleMapOutput() AuthBackendRoleMapOutput
	ToAuthBackendRoleMapOutputWithContext(context.Context) AuthBackendRoleMapOutput
}

AuthBackendRoleMapInput is an input type that accepts AuthBackendRoleMap and AuthBackendRoleMapOutput values. You can construct a concrete instance of `AuthBackendRoleMapInput` via: 

AuthBackendRoleMap{ "key": AuthBackendRoleArgs{...} }

type AuthBackendRoleMapOutput 

type AuthBackendRoleMapOutput struct{ *pulumi.OutputState }

func (AuthBackendRoleMapOutput) ElementType 

func (AuthBackendRoleMapOutput) ElementType() reflect.Type

func (AuthBackendRoleMapOutput) MapIndex 

func (o AuthBackendRoleMapOutput) MapIndex(k pulumi.StringInput) AuthBackendRoleOutput

func (AuthBackendRoleMapOutput) ToAuthBackendRoleMapOutput 

func (o AuthBackendRoleMapOutput) ToAuthBackendRoleMapOutput() AuthBackendRoleMapOutput

func (AuthBackendRoleMapOutput) ToAuthBackendRoleMapOutputWithContext 

func (o AuthBackendRoleMapOutput) ToAuthBackendRoleMapOutputWithContext(ctx context.Context) AuthBackendRoleMapOutput

type AuthBackendRoleOutput 

type AuthBackendRoleOutput struct{ *pulumi.OutputState }

func (AuthBackendRoleOutput) AllowedEntityAliases 

func (o AuthBackendRoleOutput) AllowedEntityAliases() pulumi.StringArrayOutput

List of allowed entity aliases.

func (AuthBackendRoleOutput) AllowedPolicies 

func (o AuthBackendRoleOutput) AllowedPolicies() pulumi.StringArrayOutput

List of allowed policies for given role.

func (AuthBackendRoleOutput) AllowedPoliciesGlobs 

func (o AuthBackendRoleOutput) AllowedPoliciesGlobs() pulumi.StringArrayOutput

Set of allowed policies with glob match for given role.

func (AuthBackendRoleOutput) DisallowedPolicies 

func (o AuthBackendRoleOutput) DisallowedPolicies() pulumi.StringArrayOutput

List of disallowed policies for given role.

func (AuthBackendRoleOutput) DisallowedPoliciesGlobs 

func (o AuthBackendRoleOutput) DisallowedPoliciesGlobs() pulumi.StringArrayOutput

Set of disallowed policies with glob match for given role.

func (AuthBackendRoleOutput) ElementType 

func (AuthBackendRoleOutput) ElementType() reflect.Type

func (AuthBackendRoleOutput) Namespace 

func (o AuthBackendRoleOutput) Namespace() pulumi.StringPtrOutput

The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). *Available only for Vault Enterprise*.

func (AuthBackendRoleOutput) Orphan 

func (o AuthBackendRoleOutput) Orphan() pulumi.BoolPtrOutput

If true, tokens created against this policy will be orphan tokens.

func (AuthBackendRoleOutput) PathSuffix 

func (o AuthBackendRoleOutput) PathSuffix() pulumi.StringPtrOutput

Tokens created against this role will have the given suffix as part of their path in addition to the role name.

func (AuthBackendRoleOutput) Renewable 

func (o AuthBackendRoleOutput) Renewable() pulumi.BoolPtrOutput

Whether to disable the ability of the token to be renewed past its initial TTL.

func (AuthBackendRoleOutput) RoleName 

func (o AuthBackendRoleOutput) RoleName() pulumi.StringOutput

The name of the role.

func (AuthBackendRoleOutput) ToAuthBackendRoleOutput 

func (o AuthBackendRoleOutput) ToAuthBackendRoleOutput() AuthBackendRoleOutput

func (AuthBackendRoleOutput) ToAuthBackendRoleOutputWithContext 

func (o AuthBackendRoleOutput) ToAuthBackendRoleOutputWithContext(ctx context.Context) AuthBackendRoleOutput

func (AuthBackendRoleOutput) TokenBoundCidrs 

func (o AuthBackendRoleOutput) TokenBoundCidrs() pulumi.StringArrayOutput

Specifies the blocks of IP addresses which are allowed to use the generated token

func (AuthBackendRoleOutput) TokenExplicitMaxTtl 

func (o AuthBackendRoleOutput) TokenExplicitMaxTtl() pulumi.IntPtrOutput

Generated Token's Explicit Maximum TTL in seconds

func (AuthBackendRoleOutput) TokenMaxTtl 

func (o AuthBackendRoleOutput) TokenMaxTtl() pulumi.IntPtrOutput

The maximum lifetime of the generated token

func (AuthBackendRoleOutput) TokenNoDefaultPolicy 

func (o AuthBackendRoleOutput) TokenNoDefaultPolicy() pulumi.BoolPtrOutput

If true, the 'default' policy will not automatically be added to generated tokens

func (AuthBackendRoleOutput) TokenNumUses 

func (o AuthBackendRoleOutput) TokenNumUses() pulumi.IntPtrOutput

The maximum number of times a token may be used, a value of zero means unlimited

func (AuthBackendRoleOutput) TokenPeriod 

func (o AuthBackendRoleOutput) TokenPeriod() pulumi.IntPtrOutput

Generated Token's Period

func (AuthBackendRoleOutput) TokenPolicies 

func (o AuthBackendRoleOutput) TokenPolicies() pulumi.StringArrayOutput

Generated Token's Policies

func (AuthBackendRoleOutput) TokenTtl 

func (o AuthBackendRoleOutput) TokenTtl() pulumi.IntPtrOutput

The initial ttl of the token to generate in seconds

func (AuthBackendRoleOutput) TokenType 

func (o AuthBackendRoleOutput) TokenType() pulumi.StringPtrOutput

The type of token to generate, service or batch

type AuthBackendRoleState 

type AuthBackendRoleState struct {
	// List of allowed entity aliases.
	AllowedEntityAliases pulumi.StringArrayInput
	// List of allowed policies for given role.
	AllowedPolicies pulumi.StringArrayInput
	// Set of allowed policies with glob match for given role.
	AllowedPoliciesGlobs pulumi.StringArrayInput
	// List of disallowed policies for given role.
	DisallowedPolicies pulumi.StringArrayInput
	// Set of disallowed policies with glob match for given role.
	DisallowedPoliciesGlobs pulumi.StringArrayInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// If true, tokens created against this policy will be orphan tokens.
	Orphan pulumi.BoolPtrInput
	// Tokens created against this role will have the given suffix as part of their path in addition to the role name.
	PathSuffix pulumi.StringPtrInput
	// Whether to disable the ability of the token to be renewed past its initial TTL.
	Renewable pulumi.BoolPtrInput
	// The name of the role.
	RoleName pulumi.StringPtrInput
	// Specifies the blocks of IP addresses which are allowed to use the generated token
	TokenBoundCidrs pulumi.StringArrayInput
	// Generated Token's Explicit Maximum TTL in seconds
	TokenExplicitMaxTtl pulumi.IntPtrInput
	// The maximum lifetime of the generated token
	TokenMaxTtl pulumi.IntPtrInput
	// If true, the 'default' policy will not automatically be added to generated tokens
	TokenNoDefaultPolicy pulumi.BoolPtrInput
	// The maximum number of times a token may be used, a value of zero means unlimited
	TokenNumUses pulumi.IntPtrInput
	// Generated Token's Period
	TokenPeriod pulumi.IntPtrInput
	// Generated Token's Policies
	TokenPolicies pulumi.StringArrayInput
	// The initial ttl of the token to generate in seconds
	TokenTtl pulumi.IntPtrInput
	// The type of token to generate, service or batch
	TokenType pulumi.StringPtrInput
}

func (AuthBackendRoleState) ElementType 

func (AuthBackendRoleState) ElementType() reflect.Type

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.