azure

package
v6.5.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 16, 2025 License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AuthBackendConfig 

type AuthBackendConfig struct {
	pulumi.CustomResourceState

	// The path the Azure auth backend being configured was
	// mounted at.  Defaults to `azure`.
	Backend pulumi.StringPtrOutput `pulumi:"backend"`
	// The client id for credentials to query the Azure APIs.
	// Currently read permissions to query compute resources are required.
	ClientId pulumi.StringPtrOutput `pulumi:"clientId"`
	// The client secret for credentials to query the
	// Azure APIs.
	ClientSecret pulumi.StringPtrOutput `pulumi:"clientSecret"`
	// The Azure cloud environment. Valid values:
	// AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud,
	// AzureGermanCloud.  Defaults to `AzurePublicCloud`.
	Environment pulumi.StringPtrOutput `pulumi:"environment"`
	// The audience claim value for plugin identity tokens. Requires Vault 1.17+.
	// *Available only for Vault Enterprise*
	IdentityTokenAudience pulumi.StringPtrOutput `pulumi:"identityTokenAudience"`
	// The TTL of generated identity tokens in seconds.
	IdentityTokenTtl pulumi.IntOutput `pulumi:"identityTokenTtl"`
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrOutput `pulumi:"namespace"`
	// The configured URL for the application registered in
	// Azure Active Directory.
	Resource pulumi.StringOutput `pulumi:"resource"`
	// The tenant id for the Azure Active Directory
	// organization.
	TenantId pulumi.StringOutput `pulumi:"tenantId"`
}

## Example Usage

You can setup the Azure auth engine with Workload Identity Federation (WIF) for a secret-less configuration: ```go package main

import ( 

"github.com/pulumi/pulumi-vault/sdk/v6/go/vault"
"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/azure"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		example, err := vault.NewAuthBackend(ctx, "example", &vault.AuthBackendArgs{
			Type:             pulumi.String("azure"),
			IdentityTokenKey: pulumi.String("example-key"),
		})
		if err != nil {
			return err
		}
		_, err = azure.NewAuthBackendConfig(ctx, "example", &azure.AuthBackendConfigArgs{
			Backend:               example.Path,
			TenantId:              pulumi.String("11111111-2222-3333-4444-555555555555"),
			ClientId:              pulumi.String("11111111-2222-3333-4444-555555555555"),
			IdentityTokenAudience: pulumi.String("<TOKEN_AUDIENCE>"),
			IdentityTokenTtl:      pulumi.Int("<TOKEN_TTL>"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

```go package main

import ( 

"github.com/pulumi/pulumi-vault/sdk/v6/go/vault"
"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/azure"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		example, err := vault.NewAuthBackend(ctx, "example", &vault.AuthBackendArgs{
			Type: pulumi.String("azure"),
		})
		if err != nil {
			return err
		}
		_, err = azure.NewAuthBackendConfig(ctx, "example", &azure.AuthBackendConfigArgs{
			Backend:      example.Path,
			TenantId:     pulumi.String("11111111-2222-3333-4444-555555555555"),
			ClientId:     pulumi.String("11111111-2222-3333-4444-555555555555"),
			ClientSecret: pulumi.String("01234567890123456789"),
			Resource:     pulumi.String("https://vault.hashicorp.com"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Azure auth backends can be imported using `auth/`, the `backend` path, and `/config` e.g.

```sh $ pulumi import vault:azure/authBackendConfig:AuthBackendConfig example auth/azure/config ```

func GetAuthBackendConfig 

func GetAuthBackendConfig(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AuthBackendConfigState, opts ...pulumi.ResourceOption) (*AuthBackendConfig, error)

GetAuthBackendConfig gets an existing AuthBackendConfig resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAuthBackendConfig 

func NewAuthBackendConfig(ctx *pulumi.Context,
	name string, args *AuthBackendConfigArgs, opts ...pulumi.ResourceOption) (*AuthBackendConfig, error)

NewAuthBackendConfig registers a new resource with the given unique name, arguments, and options.

func (*AuthBackendConfig) ElementType 

func (*AuthBackendConfig) ElementType() reflect.Type

func (*AuthBackendConfig) ToAuthBackendConfigOutput 

func (i *AuthBackendConfig) ToAuthBackendConfigOutput() AuthBackendConfigOutput

func (*AuthBackendConfig) ToAuthBackendConfigOutputWithContext 

func (i *AuthBackendConfig) ToAuthBackendConfigOutputWithContext(ctx context.Context) AuthBackendConfigOutput

type AuthBackendConfigArgs 

type AuthBackendConfigArgs struct {
	// The path the Azure auth backend being configured was
	// mounted at.  Defaults to `azure`.
	Backend pulumi.StringPtrInput
	// The client id for credentials to query the Azure APIs.
	// Currently read permissions to query compute resources are required.
	ClientId pulumi.StringPtrInput
	// The client secret for credentials to query the
	// Azure APIs.
	ClientSecret pulumi.StringPtrInput
	// The Azure cloud environment. Valid values:
	// AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud,
	// AzureGermanCloud.  Defaults to `AzurePublicCloud`.
	Environment pulumi.StringPtrInput
	// The audience claim value for plugin identity tokens. Requires Vault 1.17+.
	// *Available only for Vault Enterprise*
	IdentityTokenAudience pulumi.StringPtrInput
	// The TTL of generated identity tokens in seconds.
	IdentityTokenTtl pulumi.IntPtrInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// The configured URL for the application registered in
	// Azure Active Directory.
	Resource pulumi.StringInput
	// The tenant id for the Azure Active Directory
	// organization.
	TenantId pulumi.StringInput
}

The set of arguments for constructing a AuthBackendConfig resource.

func (AuthBackendConfigArgs) ElementType 

func (AuthBackendConfigArgs) ElementType() reflect.Type

type AuthBackendConfigArray 

type AuthBackendConfigArray []AuthBackendConfigInput

func (AuthBackendConfigArray) ElementType 

func (AuthBackendConfigArray) ElementType() reflect.Type

func (AuthBackendConfigArray) ToAuthBackendConfigArrayOutput 

func (i AuthBackendConfigArray) ToAuthBackendConfigArrayOutput() AuthBackendConfigArrayOutput

func (AuthBackendConfigArray) ToAuthBackendConfigArrayOutputWithContext 

func (i AuthBackendConfigArray) ToAuthBackendConfigArrayOutputWithContext(ctx context.Context) AuthBackendConfigArrayOutput

type AuthBackendConfigArrayInput 

type AuthBackendConfigArrayInput interface {
	pulumi.Input

	ToAuthBackendConfigArrayOutput() AuthBackendConfigArrayOutput
	ToAuthBackendConfigArrayOutputWithContext(context.Context) AuthBackendConfigArrayOutput
}

AuthBackendConfigArrayInput is an input type that accepts AuthBackendConfigArray and AuthBackendConfigArrayOutput values. You can construct a concrete instance of `AuthBackendConfigArrayInput` via: 

AuthBackendConfigArray{ AuthBackendConfigArgs{...} }

type AuthBackendConfigArrayOutput 

type AuthBackendConfigArrayOutput struct{ *pulumi.OutputState }

func (AuthBackendConfigArrayOutput) ElementType 

func (AuthBackendConfigArrayOutput) ElementType() reflect.Type

func (AuthBackendConfigArrayOutput) Index 

func (o AuthBackendConfigArrayOutput) Index(i pulumi.IntInput) AuthBackendConfigOutput

func (AuthBackendConfigArrayOutput) ToAuthBackendConfigArrayOutput 

func (o AuthBackendConfigArrayOutput) ToAuthBackendConfigArrayOutput() AuthBackendConfigArrayOutput

func (AuthBackendConfigArrayOutput) ToAuthBackendConfigArrayOutputWithContext 

func (o AuthBackendConfigArrayOutput) ToAuthBackendConfigArrayOutputWithContext(ctx context.Context) AuthBackendConfigArrayOutput

type AuthBackendConfigInput 

type AuthBackendConfigInput interface {
	pulumi.Input

	ToAuthBackendConfigOutput() AuthBackendConfigOutput
	ToAuthBackendConfigOutputWithContext(ctx context.Context) AuthBackendConfigOutput
}

type AuthBackendConfigMap 

type AuthBackendConfigMap map[string]AuthBackendConfigInput

func (AuthBackendConfigMap) ElementType 

func (AuthBackendConfigMap) ElementType() reflect.Type

func (AuthBackendConfigMap) ToAuthBackendConfigMapOutput 

func (i AuthBackendConfigMap) ToAuthBackendConfigMapOutput() AuthBackendConfigMapOutput

func (AuthBackendConfigMap) ToAuthBackendConfigMapOutputWithContext 

func (i AuthBackendConfigMap) ToAuthBackendConfigMapOutputWithContext(ctx context.Context) AuthBackendConfigMapOutput

type AuthBackendConfigMapInput 

type AuthBackendConfigMapInput interface {
	pulumi.Input

	ToAuthBackendConfigMapOutput() AuthBackendConfigMapOutput
	ToAuthBackendConfigMapOutputWithContext(context.Context) AuthBackendConfigMapOutput
}

AuthBackendConfigMapInput is an input type that accepts AuthBackendConfigMap and AuthBackendConfigMapOutput values. You can construct a concrete instance of `AuthBackendConfigMapInput` via: 

AuthBackendConfigMap{ "key": AuthBackendConfigArgs{...} }

type AuthBackendConfigMapOutput 

type AuthBackendConfigMapOutput struct{ *pulumi.OutputState }

func (AuthBackendConfigMapOutput) ElementType 

func (AuthBackendConfigMapOutput) ElementType() reflect.Type

func (AuthBackendConfigMapOutput) MapIndex 

func (o AuthBackendConfigMapOutput) MapIndex(k pulumi.StringInput) AuthBackendConfigOutput

func (AuthBackendConfigMapOutput) ToAuthBackendConfigMapOutput 

func (o AuthBackendConfigMapOutput) ToAuthBackendConfigMapOutput() AuthBackendConfigMapOutput

func (AuthBackendConfigMapOutput) ToAuthBackendConfigMapOutputWithContext 

func (o AuthBackendConfigMapOutput) ToAuthBackendConfigMapOutputWithContext(ctx context.Context) AuthBackendConfigMapOutput

type AuthBackendConfigOutput 

type AuthBackendConfigOutput struct{ *pulumi.OutputState }

func (AuthBackendConfigOutput) Backend 

func (o AuthBackendConfigOutput) Backend() pulumi.StringPtrOutput

The path the Azure auth backend being configured was mounted at. Defaults to `azure`.

func (AuthBackendConfigOutput) ClientId 

func (o AuthBackendConfigOutput) ClientId() pulumi.StringPtrOutput

The client id for credentials to query the Azure APIs. Currently read permissions to query compute resources are required.

func (AuthBackendConfigOutput) ClientSecret 

func (o AuthBackendConfigOutput) ClientSecret() pulumi.StringPtrOutput

The client secret for credentials to query the Azure APIs.

func (AuthBackendConfigOutput) ElementType 

func (AuthBackendConfigOutput) ElementType() reflect.Type

func (AuthBackendConfigOutput) Environment 

func (o AuthBackendConfigOutput) Environment() pulumi.StringPtrOutput

The Azure cloud environment. Valid values: AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud, AzureGermanCloud. Defaults to `AzurePublicCloud`.

func (AuthBackendConfigOutput) IdentityTokenAudience added in v6.2.0 

func (o AuthBackendConfigOutput) IdentityTokenAudience() pulumi.StringPtrOutput

The audience claim value for plugin identity tokens. Requires Vault 1.17+. *Available only for Vault Enterprise*

func (AuthBackendConfigOutput) IdentityTokenTtl added in v6.2.0 

func (o AuthBackendConfigOutput) IdentityTokenTtl() pulumi.IntOutput

The TTL of generated identity tokens in seconds.

func (AuthBackendConfigOutput) Namespace 

func (o AuthBackendConfigOutput) Namespace() pulumi.StringPtrOutput

The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). *Available only for Vault Enterprise*.

func (AuthBackendConfigOutput) Resource 

func (o AuthBackendConfigOutput) Resource() pulumi.StringOutput

The configured URL for the application registered in Azure Active Directory.

func (AuthBackendConfigOutput) TenantId 

func (o AuthBackendConfigOutput) TenantId() pulumi.StringOutput

The tenant id for the Azure Active Directory organization.

func (AuthBackendConfigOutput) ToAuthBackendConfigOutput 

func (o AuthBackendConfigOutput) ToAuthBackendConfigOutput() AuthBackendConfigOutput

func (AuthBackendConfigOutput) ToAuthBackendConfigOutputWithContext 

func (o AuthBackendConfigOutput) ToAuthBackendConfigOutputWithContext(ctx context.Context) AuthBackendConfigOutput

type AuthBackendConfigState 

type AuthBackendConfigState struct {
	// The path the Azure auth backend being configured was
	// mounted at.  Defaults to `azure`.
	Backend pulumi.StringPtrInput
	// The client id for credentials to query the Azure APIs.
	// Currently read permissions to query compute resources are required.
	ClientId pulumi.StringPtrInput
	// The client secret for credentials to query the
	// Azure APIs.
	ClientSecret pulumi.StringPtrInput
	// The Azure cloud environment. Valid values:
	// AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud,
	// AzureGermanCloud.  Defaults to `AzurePublicCloud`.
	Environment pulumi.StringPtrInput
	// The audience claim value for plugin identity tokens. Requires Vault 1.17+.
	// *Available only for Vault Enterprise*
	IdentityTokenAudience pulumi.StringPtrInput
	// The TTL of generated identity tokens in seconds.
	IdentityTokenTtl pulumi.IntPtrInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// The configured URL for the application registered in
	// Azure Active Directory.
	Resource pulumi.StringPtrInput
	// The tenant id for the Azure Active Directory
	// organization.
	TenantId pulumi.StringPtrInput
}

func (AuthBackendConfigState) ElementType 

func (AuthBackendConfigState) ElementType() reflect.Type

type AuthBackendRole 

type AuthBackendRole struct {
	pulumi.CustomResourceState

	// Unique name of the auth backend to configure.
	Backend pulumi.StringPtrOutput `pulumi:"backend"`
	// If set, defines a constraint on the groups
	// that can perform the login operation that they should be using the group
	// ID specified by this field.
	BoundGroupIds pulumi.StringArrayOutput `pulumi:"boundGroupIds"`
	// If set, defines a constraint on the virtual machines
	// that can perform the login operation that the location in their identity
	// document must match the one specified by this field.
	BoundLocations pulumi.StringArrayOutput `pulumi:"boundLocations"`
	// If set, defines a constraint on the virtual
	// machines that can perform the login operation that they be associated with
	// the resource group that matches the value specified by this field.
	BoundResourceGroups pulumi.StringArrayOutput `pulumi:"boundResourceGroups"`
	// If set, defines a constraint on the virtual
	// machines that can perform the login operation that they must match the scale set
	// specified by this field.
	BoundScaleSets pulumi.StringArrayOutput `pulumi:"boundScaleSets"`
	// If set, defines a constraint on the
	// service principals that can perform the login operation that they should be possess
	// the ids specified by this field.
	BoundServicePrincipalIds pulumi.StringArrayOutput `pulumi:"boundServicePrincipalIds"`
	// If set, defines a constraint on the subscriptions
	// that can perform the login operation to ones which  matches the value specified by this
	// field.
	BoundSubscriptionIds pulumi.StringArrayOutput `pulumi:"boundSubscriptionIds"`
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrOutput `pulumi:"namespace"`
	// The name of the role.
	Role pulumi.StringOutput `pulumi:"role"`
	// Specifies the blocks of IP addresses which are allowed to use the generated token
	TokenBoundCidrs pulumi.StringArrayOutput `pulumi:"tokenBoundCidrs"`
	// Generated Token's Explicit Maximum TTL in seconds
	TokenExplicitMaxTtl pulumi.IntPtrOutput `pulumi:"tokenExplicitMaxTtl"`
	// The maximum lifetime of the generated token
	TokenMaxTtl pulumi.IntPtrOutput `pulumi:"tokenMaxTtl"`
	// If true, the 'default' policy will not automatically be added to generated tokens
	TokenNoDefaultPolicy pulumi.BoolPtrOutput `pulumi:"tokenNoDefaultPolicy"`
	// The maximum number of times a token may be used, a value of zero means unlimited
	TokenNumUses pulumi.IntPtrOutput `pulumi:"tokenNumUses"`
	// Generated Token's Period
	TokenPeriod pulumi.IntPtrOutput `pulumi:"tokenPeriod"`
	// Generated Token's Policies
	TokenPolicies pulumi.StringArrayOutput `pulumi:"tokenPolicies"`
	// The initial ttl of the token to generate in seconds
	TokenTtl pulumi.IntPtrOutput `pulumi:"tokenTtl"`
	// The type of token to generate, service or batch
	TokenType pulumi.StringPtrOutput `pulumi:"tokenType"`
}

Manages an Azure auth backend role in a Vault server. Roles constrain the instances or principals that can perform the login operation against the backend. See the [Vault documentation](https://www.vaultproject.io/docs/auth/azure.html) for more information.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-vault/sdk/v6/go/vault"
"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/azure"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		azure, err := vault.NewAuthBackend(ctx, "azure", &vault.AuthBackendArgs{
			Type: pulumi.String("azure"),
		})
		if err != nil {
			return err
		}
		_, err = azure.NewAuthBackendRole(ctx, "example", &azure.AuthBackendRoleArgs{
			Backend: azure.Path,
			Role:    pulumi.String("test-role"),
			BoundSubscriptionIds: pulumi.StringArray{
				pulumi.String("11111111-2222-3333-4444-555555555555"),
			},
			BoundResourceGroups: pulumi.StringArray{
				pulumi.String("123456789012"),
			},
			TokenTtl:    pulumi.Int(60),
			TokenMaxTtl: pulumi.Int(120),
			TokenPolicies: pulumi.StringArray{
				pulumi.String("default"),
				pulumi.String("dev"),
				pulumi.String("prod"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Azure auth backend roles can be imported using `auth/`, the `backend` path, `/role/`, and the `role` name e.g.

```sh $ pulumi import vault:azure/authBackendRole:AuthBackendRole example auth/azure/role/test-role ```

func GetAuthBackendRole 

func GetAuthBackendRole(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AuthBackendRoleState, opts ...pulumi.ResourceOption) (*AuthBackendRole, error)

GetAuthBackendRole gets an existing AuthBackendRole resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAuthBackendRole 

func NewAuthBackendRole(ctx *pulumi.Context,
	name string, args *AuthBackendRoleArgs, opts ...pulumi.ResourceOption) (*AuthBackendRole, error)

NewAuthBackendRole registers a new resource with the given unique name, arguments, and options.

func (*AuthBackendRole) ElementType 

func (*AuthBackendRole) ElementType() reflect.Type

func (*AuthBackendRole) ToAuthBackendRoleOutput 

func (i *AuthBackendRole) ToAuthBackendRoleOutput() AuthBackendRoleOutput

func (*AuthBackendRole) ToAuthBackendRoleOutputWithContext 

func (i *AuthBackendRole) ToAuthBackendRoleOutputWithContext(ctx context.Context) AuthBackendRoleOutput

type AuthBackendRoleArgs 

type AuthBackendRoleArgs struct {
	// Unique name of the auth backend to configure.
	Backend pulumi.StringPtrInput
	// If set, defines a constraint on the groups
	// that can perform the login operation that they should be using the group
	// ID specified by this field.
	BoundGroupIds pulumi.StringArrayInput
	// If set, defines a constraint on the virtual machines
	// that can perform the login operation that the location in their identity
	// document must match the one specified by this field.
	BoundLocations pulumi.StringArrayInput
	// If set, defines a constraint on the virtual
	// machines that can perform the login operation that they be associated with
	// the resource group that matches the value specified by this field.
	BoundResourceGroups pulumi.StringArrayInput
	// If set, defines a constraint on the virtual
	// machines that can perform the login operation that they must match the scale set
	// specified by this field.
	BoundScaleSets pulumi.StringArrayInput
	// If set, defines a constraint on the
	// service principals that can perform the login operation that they should be possess
	// the ids specified by this field.
	BoundServicePrincipalIds pulumi.StringArrayInput
	// If set, defines a constraint on the subscriptions
	// that can perform the login operation to ones which  matches the value specified by this
	// field.
	BoundSubscriptionIds pulumi.StringArrayInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// The name of the role.
	Role pulumi.StringInput
	// Specifies the blocks of IP addresses which are allowed to use the generated token
	TokenBoundCidrs pulumi.StringArrayInput
	// Generated Token's Explicit Maximum TTL in seconds
	TokenExplicitMaxTtl pulumi.IntPtrInput
	// The maximum lifetime of the generated token
	TokenMaxTtl pulumi.IntPtrInput
	// If true, the 'default' policy will not automatically be added to generated tokens
	TokenNoDefaultPolicy pulumi.BoolPtrInput
	// The maximum number of times a token may be used, a value of zero means unlimited
	TokenNumUses pulumi.IntPtrInput
	// Generated Token's Period
	TokenPeriod pulumi.IntPtrInput
	// Generated Token's Policies
	TokenPolicies pulumi.StringArrayInput
	// The initial ttl of the token to generate in seconds
	TokenTtl pulumi.IntPtrInput
	// The type of token to generate, service or batch
	TokenType pulumi.StringPtrInput
}

The set of arguments for constructing a AuthBackendRole resource.

func (AuthBackendRoleArgs) ElementType 

func (AuthBackendRoleArgs) ElementType() reflect.Type

type AuthBackendRoleArray 

type AuthBackendRoleArray []AuthBackendRoleInput

func (AuthBackendRoleArray) ElementType 

func (AuthBackendRoleArray) ElementType() reflect.Type

func (AuthBackendRoleArray) ToAuthBackendRoleArrayOutput 

func (i AuthBackendRoleArray) ToAuthBackendRoleArrayOutput() AuthBackendRoleArrayOutput

func (AuthBackendRoleArray) ToAuthBackendRoleArrayOutputWithContext 

func (i AuthBackendRoleArray) ToAuthBackendRoleArrayOutputWithContext(ctx context.Context) AuthBackendRoleArrayOutput

type AuthBackendRoleArrayInput 

type AuthBackendRoleArrayInput interface {
	pulumi.Input

	ToAuthBackendRoleArrayOutput() AuthBackendRoleArrayOutput
	ToAuthBackendRoleArrayOutputWithContext(context.Context) AuthBackendRoleArrayOutput
}

AuthBackendRoleArrayInput is an input type that accepts AuthBackendRoleArray and AuthBackendRoleArrayOutput values. You can construct a concrete instance of `AuthBackendRoleArrayInput` via: 

AuthBackendRoleArray{ AuthBackendRoleArgs{...} }

type AuthBackendRoleArrayOutput 

type AuthBackendRoleArrayOutput struct{ *pulumi.OutputState }

func (AuthBackendRoleArrayOutput) ElementType 

func (AuthBackendRoleArrayOutput) ElementType() reflect.Type

func (AuthBackendRoleArrayOutput) Index 

func (o AuthBackendRoleArrayOutput) Index(i pulumi.IntInput) AuthBackendRoleOutput

func (AuthBackendRoleArrayOutput) ToAuthBackendRoleArrayOutput 

func (o AuthBackendRoleArrayOutput) ToAuthBackendRoleArrayOutput() AuthBackendRoleArrayOutput

func (AuthBackendRoleArrayOutput) ToAuthBackendRoleArrayOutputWithContext 

func (o AuthBackendRoleArrayOutput) ToAuthBackendRoleArrayOutputWithContext(ctx context.Context) AuthBackendRoleArrayOutput

type AuthBackendRoleInput 

type AuthBackendRoleInput interface {
	pulumi.Input

	ToAuthBackendRoleOutput() AuthBackendRoleOutput
	ToAuthBackendRoleOutputWithContext(ctx context.Context) AuthBackendRoleOutput
}

type AuthBackendRoleMap 

type AuthBackendRoleMap map[string]AuthBackendRoleInput

func (AuthBackendRoleMap) ElementType 

func (AuthBackendRoleMap) ElementType() reflect.Type

func (AuthBackendRoleMap) ToAuthBackendRoleMapOutput 

func (i AuthBackendRoleMap) ToAuthBackendRoleMapOutput() AuthBackendRoleMapOutput

func (AuthBackendRoleMap) ToAuthBackendRoleMapOutputWithContext 

func (i AuthBackendRoleMap) ToAuthBackendRoleMapOutputWithContext(ctx context.Context) AuthBackendRoleMapOutput

type AuthBackendRoleMapInput 

type AuthBackendRoleMapInput interface {
	pulumi.Input

	ToAuthBackendRoleMapOutput() AuthBackendRoleMapOutput
	ToAuthBackendRoleMapOutputWithContext(context.Context) AuthBackendRoleMapOutput
}

AuthBackendRoleMapInput is an input type that accepts AuthBackendRoleMap and AuthBackendRoleMapOutput values. You can construct a concrete instance of `AuthBackendRoleMapInput` via: 

AuthBackendRoleMap{ "key": AuthBackendRoleArgs{...} }

type AuthBackendRoleMapOutput 

type AuthBackendRoleMapOutput struct{ *pulumi.OutputState }

func (AuthBackendRoleMapOutput) ElementType 

func (AuthBackendRoleMapOutput) ElementType() reflect.Type

func (AuthBackendRoleMapOutput) MapIndex 

func (o AuthBackendRoleMapOutput) MapIndex(k pulumi.StringInput) AuthBackendRoleOutput

func (AuthBackendRoleMapOutput) ToAuthBackendRoleMapOutput 

func (o AuthBackendRoleMapOutput) ToAuthBackendRoleMapOutput() AuthBackendRoleMapOutput

func (AuthBackendRoleMapOutput) ToAuthBackendRoleMapOutputWithContext 

func (o AuthBackendRoleMapOutput) ToAuthBackendRoleMapOutputWithContext(ctx context.Context) AuthBackendRoleMapOutput

type AuthBackendRoleOutput 

type AuthBackendRoleOutput struct{ *pulumi.OutputState }

func (AuthBackendRoleOutput) Backend 

func (o AuthBackendRoleOutput) Backend() pulumi.StringPtrOutput

Unique name of the auth backend to configure.

func (AuthBackendRoleOutput) BoundGroupIds 

func (o AuthBackendRoleOutput) BoundGroupIds() pulumi.StringArrayOutput

If set, defines a constraint on the groups that can perform the login operation that they should be using the group ID specified by this field.

func (AuthBackendRoleOutput) BoundLocations 

func (o AuthBackendRoleOutput) BoundLocations() pulumi.StringArrayOutput

If set, defines a constraint on the virtual machines that can perform the login operation that the location in their identity document must match the one specified by this field.

func (AuthBackendRoleOutput) BoundResourceGroups 

func (o AuthBackendRoleOutput) BoundResourceGroups() pulumi.StringArrayOutput

If set, defines a constraint on the virtual machines that can perform the login operation that they be associated with the resource group that matches the value specified by this field.

func (AuthBackendRoleOutput) BoundScaleSets 

func (o AuthBackendRoleOutput) BoundScaleSets() pulumi.StringArrayOutput

If set, defines a constraint on the virtual machines that can perform the login operation that they must match the scale set specified by this field.

func (AuthBackendRoleOutput) BoundServicePrincipalIds 

func (o AuthBackendRoleOutput) BoundServicePrincipalIds() pulumi.StringArrayOutput

If set, defines a constraint on the service principals that can perform the login operation that they should be possess the ids specified by this field.

func (AuthBackendRoleOutput) BoundSubscriptionIds 

func (o AuthBackendRoleOutput) BoundSubscriptionIds() pulumi.StringArrayOutput

If set, defines a constraint on the subscriptions that can perform the login operation to ones which matches the value specified by this field.

func (AuthBackendRoleOutput) ElementType 

func (AuthBackendRoleOutput) ElementType() reflect.Type

func (AuthBackendRoleOutput) Namespace 

func (o AuthBackendRoleOutput) Namespace() pulumi.StringPtrOutput

The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). *Available only for Vault Enterprise*.

func (AuthBackendRoleOutput) Role 

func (o AuthBackendRoleOutput) Role() pulumi.StringOutput

The name of the role.

func (AuthBackendRoleOutput) ToAuthBackendRoleOutput 

func (o AuthBackendRoleOutput) ToAuthBackendRoleOutput() AuthBackendRoleOutput

func (AuthBackendRoleOutput) ToAuthBackendRoleOutputWithContext 

func (o AuthBackendRoleOutput) ToAuthBackendRoleOutputWithContext(ctx context.Context) AuthBackendRoleOutput

func (AuthBackendRoleOutput) TokenBoundCidrs 

func (o AuthBackendRoleOutput) TokenBoundCidrs() pulumi.StringArrayOutput

Specifies the blocks of IP addresses which are allowed to use the generated token

func (AuthBackendRoleOutput) TokenExplicitMaxTtl 

func (o AuthBackendRoleOutput) TokenExplicitMaxTtl() pulumi.IntPtrOutput

Generated Token's Explicit Maximum TTL in seconds

func (AuthBackendRoleOutput) TokenMaxTtl 

func (o AuthBackendRoleOutput) TokenMaxTtl() pulumi.IntPtrOutput

The maximum lifetime of the generated token

func (AuthBackendRoleOutput) TokenNoDefaultPolicy 

func (o AuthBackendRoleOutput) TokenNoDefaultPolicy() pulumi.BoolPtrOutput

If true, the 'default' policy will not automatically be added to generated tokens

func (AuthBackendRoleOutput) TokenNumUses 

func (o AuthBackendRoleOutput) TokenNumUses() pulumi.IntPtrOutput

The maximum number of times a token may be used, a value of zero means unlimited

func (AuthBackendRoleOutput) TokenPeriod 

func (o AuthBackendRoleOutput) TokenPeriod() pulumi.IntPtrOutput

Generated Token's Period

func (AuthBackendRoleOutput) TokenPolicies 

func (o AuthBackendRoleOutput) TokenPolicies() pulumi.StringArrayOutput

Generated Token's Policies

func (AuthBackendRoleOutput) TokenTtl 

func (o AuthBackendRoleOutput) TokenTtl() pulumi.IntPtrOutput

The initial ttl of the token to generate in seconds

func (AuthBackendRoleOutput) TokenType 

func (o AuthBackendRoleOutput) TokenType() pulumi.StringPtrOutput

The type of token to generate, service or batch

type AuthBackendRoleState 

type AuthBackendRoleState struct {
	// Unique name of the auth backend to configure.
	Backend pulumi.StringPtrInput
	// If set, defines a constraint on the groups
	// that can perform the login operation that they should be using the group
	// ID specified by this field.
	BoundGroupIds pulumi.StringArrayInput
	// If set, defines a constraint on the virtual machines
	// that can perform the login operation that the location in their identity
	// document must match the one specified by this field.
	BoundLocations pulumi.StringArrayInput
	// If set, defines a constraint on the virtual
	// machines that can perform the login operation that they be associated with
	// the resource group that matches the value specified by this field.
	BoundResourceGroups pulumi.StringArrayInput
	// If set, defines a constraint on the virtual
	// machines that can perform the login operation that they must match the scale set
	// specified by this field.
	BoundScaleSets pulumi.StringArrayInput
	// If set, defines a constraint on the
	// service principals that can perform the login operation that they should be possess
	// the ids specified by this field.
	BoundServicePrincipalIds pulumi.StringArrayInput
	// If set, defines a constraint on the subscriptions
	// that can perform the login operation to ones which  matches the value specified by this
	// field.
	BoundSubscriptionIds pulumi.StringArrayInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// The name of the role.
	Role pulumi.StringPtrInput
	// Specifies the blocks of IP addresses which are allowed to use the generated token
	TokenBoundCidrs pulumi.StringArrayInput
	// Generated Token's Explicit Maximum TTL in seconds
	TokenExplicitMaxTtl pulumi.IntPtrInput
	// The maximum lifetime of the generated token
	TokenMaxTtl pulumi.IntPtrInput
	// If true, the 'default' policy will not automatically be added to generated tokens
	TokenNoDefaultPolicy pulumi.BoolPtrInput
	// The maximum number of times a token may be used, a value of zero means unlimited
	TokenNumUses pulumi.IntPtrInput
	// Generated Token's Period
	TokenPeriod pulumi.IntPtrInput
	// Generated Token's Policies
	TokenPolicies pulumi.StringArrayInput
	// The initial ttl of the token to generate in seconds
	TokenTtl pulumi.IntPtrInput
	// The type of token to generate, service or batch
	TokenType pulumi.StringPtrInput
}

func (AuthBackendRoleState) ElementType 

func (AuthBackendRoleState) ElementType() reflect.Type

type Backend 

type Backend struct {
	pulumi.CustomResourceState

	// The OAuth2 client id to connect to Azure.
	ClientId pulumi.StringPtrOutput `pulumi:"clientId"`
	// The OAuth2 client secret to connect to Azure.
	ClientSecret pulumi.StringPtrOutput `pulumi:"clientSecret"`
	// Human-friendly description of the mount for the backend.
	Description pulumi.StringPtrOutput `pulumi:"description"`
	// If set, opts out of mount migration on path updates.
	// See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
	DisableRemount pulumi.BoolPtrOutput `pulumi:"disableRemount"`
	// The Azure environment.
	Environment pulumi.StringPtrOutput `pulumi:"environment"`
	// The audience claim value. Requires Vault 1.17+.
	// *Available only for Vault Enterprise*
	IdentityTokenAudience pulumi.StringPtrOutput `pulumi:"identityTokenAudience"`
	// The key to use for signing identity tokens. Requires Vault 1.17+.
	// *Available only for Vault Enterprise*
	IdentityTokenKey pulumi.StringPtrOutput `pulumi:"identityTokenKey"`
	// The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
	// *Available only for Vault Enterprise*
	IdentityTokenTtl pulumi.IntOutput `pulumi:"identityTokenTtl"`
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrOutput `pulumi:"namespace"`
	// The unique path this backend should be mounted at. Defaults to `azure`.
	Path pulumi.StringPtrOutput `pulumi:"path"`
	// The subscription id for the Azure Active Directory.
	SubscriptionId pulumi.StringOutput `pulumi:"subscriptionId"`
	// The tenant id for the Azure Active Directory.
	TenantId pulumi.StringOutput `pulumi:"tenantId"`
	// Use the Microsoft Graph API. Should be set to true on vault-1.10+
	//
	// Deprecated: This field is not supported in Vault-1.12+ and is the default behavior. This field will be removed in future version of the provider.
	UseMicrosoftGraphApi pulumi.BoolOutput `pulumi:"useMicrosoftGraphApi"`
}

## Example Usage

### *Vault-1.9 And Above*

You can setup the Azure secrets engine with Workload Identity Federation (WIF) for a secret-less configuration: ```go package main

import ( 

"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/azure"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := azure.NewBackend(ctx, "azure", &azure.BackendArgs{
			SubscriptionId:        pulumi.String("11111111-2222-3333-4444-111111111111"),
			TenantId:              pulumi.String("11111111-2222-3333-4444-222222222222"),
			ClientId:              pulumi.String("11111111-2222-3333-4444-333333333333"),
			IdentityTokenAudience: pulumi.String("<TOKEN_AUDIENCE>"),
			IdentityTokenTtl:      pulumi.Int("<TOKEN_TTL>"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

```go package main

import ( 

"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/azure"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := azure.NewBackend(ctx, "azure", &azure.BackendArgs{
			UseMicrosoftGraphApi: pulumi.Bool(true),
			SubscriptionId:       pulumi.String("11111111-2222-3333-4444-111111111111"),
			TenantId:             pulumi.String("11111111-2222-3333-4444-222222222222"),
			ClientId:             pulumi.String("11111111-2222-3333-4444-333333333333"),
			ClientSecret:         pulumi.String("12345678901234567890"),
			Environment:          pulumi.String("AzurePublicCloud"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

### *Vault-1.8 And Below*

```go package main

import ( 

"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/azure"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := azure.NewBackend(ctx, "azure", &azure.BackendArgs{
			UseMicrosoftGraphApi: pulumi.Bool(false),
			SubscriptionId:       pulumi.String("11111111-2222-3333-4444-111111111111"),
			TenantId:             pulumi.String("11111111-2222-3333-4444-222222222222"),
			ClientId:             pulumi.String("11111111-2222-3333-4444-333333333333"),
			ClientSecret:         pulumi.String("12345678901234567890"),
			Environment:          pulumi.String("AzurePublicCloud"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

func GetBackend 

func GetBackend(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *BackendState, opts ...pulumi.ResourceOption) (*Backend, error)

GetBackend gets an existing Backend resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewBackend 

func NewBackend(ctx *pulumi.Context,
	name string, args *BackendArgs, opts ...pulumi.ResourceOption) (*Backend, error)

NewBackend registers a new resource with the given unique name, arguments, and options.

func (*Backend) ElementType 

func (*Backend) ElementType() reflect.Type

func (*Backend) ToBackendOutput 

func (i *Backend) ToBackendOutput() BackendOutput

func (*Backend) ToBackendOutputWithContext 

func (i *Backend) ToBackendOutputWithContext(ctx context.Context) BackendOutput

type BackendArgs 

type BackendArgs struct {
	// The OAuth2 client id to connect to Azure.
	ClientId pulumi.StringPtrInput
	// The OAuth2 client secret to connect to Azure.
	ClientSecret pulumi.StringPtrInput
	// Human-friendly description of the mount for the backend.
	Description pulumi.StringPtrInput
	// If set, opts out of mount migration on path updates.
	// See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
	DisableRemount pulumi.BoolPtrInput
	// The Azure environment.
	Environment pulumi.StringPtrInput
	// The audience claim value. Requires Vault 1.17+.
	// *Available only for Vault Enterprise*
	IdentityTokenAudience pulumi.StringPtrInput
	// The key to use for signing identity tokens. Requires Vault 1.17+.
	// *Available only for Vault Enterprise*
	IdentityTokenKey pulumi.StringPtrInput
	// The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
	// *Available only for Vault Enterprise*
	IdentityTokenTtl pulumi.IntPtrInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// The unique path this backend should be mounted at. Defaults to `azure`.
	Path pulumi.StringPtrInput
	// The subscription id for the Azure Active Directory.
	SubscriptionId pulumi.StringInput
	// The tenant id for the Azure Active Directory.
	TenantId pulumi.StringInput
	// Use the Microsoft Graph API. Should be set to true on vault-1.10+
	//
	// Deprecated: This field is not supported in Vault-1.12+ and is the default behavior. This field will be removed in future version of the provider.
	UseMicrosoftGraphApi pulumi.BoolPtrInput
}

The set of arguments for constructing a Backend resource.

func (BackendArgs) ElementType 

func (BackendArgs) ElementType() reflect.Type

type BackendArray 

type BackendArray []BackendInput

func (BackendArray) ElementType 

func (BackendArray) ElementType() reflect.Type

func (BackendArray) ToBackendArrayOutput 

func (i BackendArray) ToBackendArrayOutput() BackendArrayOutput

func (BackendArray) ToBackendArrayOutputWithContext 

func (i BackendArray) ToBackendArrayOutputWithContext(ctx context.Context) BackendArrayOutput

type BackendArrayInput 

type BackendArrayInput interface {
	pulumi.Input

	ToBackendArrayOutput() BackendArrayOutput
	ToBackendArrayOutputWithContext(context.Context) BackendArrayOutput
}

BackendArrayInput is an input type that accepts BackendArray and BackendArrayOutput values. You can construct a concrete instance of `BackendArrayInput` via: 

BackendArray{ BackendArgs{...} }

type BackendArrayOutput 

type BackendArrayOutput struct{ *pulumi.OutputState }

func (BackendArrayOutput) ElementType 

func (BackendArrayOutput) ElementType() reflect.Type

func (BackendArrayOutput) Index 

func (o BackendArrayOutput) Index(i pulumi.IntInput) BackendOutput

func (BackendArrayOutput) ToBackendArrayOutput 

func (o BackendArrayOutput) ToBackendArrayOutput() BackendArrayOutput

func (BackendArrayOutput) ToBackendArrayOutputWithContext 

func (o BackendArrayOutput) ToBackendArrayOutputWithContext(ctx context.Context) BackendArrayOutput

type BackendInput 

type BackendInput interface {
	pulumi.Input

	ToBackendOutput() BackendOutput
	ToBackendOutputWithContext(ctx context.Context) BackendOutput
}

type BackendMap 

type BackendMap map[string]BackendInput

func (BackendMap) ElementType 

func (BackendMap) ElementType() reflect.Type

func (BackendMap) ToBackendMapOutput 

func (i BackendMap) ToBackendMapOutput() BackendMapOutput

func (BackendMap) ToBackendMapOutputWithContext 

func (i BackendMap) ToBackendMapOutputWithContext(ctx context.Context) BackendMapOutput

type BackendMapInput 

type BackendMapInput interface {
	pulumi.Input

	ToBackendMapOutput() BackendMapOutput
	ToBackendMapOutputWithContext(context.Context) BackendMapOutput
}

BackendMapInput is an input type that accepts BackendMap and BackendMapOutput values. You can construct a concrete instance of `BackendMapInput` via: 

BackendMap{ "key": BackendArgs{...} }

type BackendMapOutput 

type BackendMapOutput struct{ *pulumi.OutputState }

func (BackendMapOutput) ElementType 

func (BackendMapOutput) ElementType() reflect.Type

func (BackendMapOutput) MapIndex 

func (o BackendMapOutput) MapIndex(k pulumi.StringInput) BackendOutput

func (BackendMapOutput) ToBackendMapOutput 

func (o BackendMapOutput) ToBackendMapOutput() BackendMapOutput

func (BackendMapOutput) ToBackendMapOutputWithContext 

func (o BackendMapOutput) ToBackendMapOutputWithContext(ctx context.Context) BackendMapOutput

type BackendOutput 

type BackendOutput struct{ *pulumi.OutputState }

func (BackendOutput) ClientId 

func (o BackendOutput) ClientId() pulumi.StringPtrOutput

The OAuth2 client id to connect to Azure.

func (BackendOutput) ClientSecret 

func (o BackendOutput) ClientSecret() pulumi.StringPtrOutput

The OAuth2 client secret to connect to Azure.

func (BackendOutput) Description 

func (o BackendOutput) Description() pulumi.StringPtrOutput

Human-friendly description of the mount for the backend.

func (BackendOutput) DisableRemount 

func (o BackendOutput) DisableRemount() pulumi.BoolPtrOutput

If set, opts out of mount migration on path updates. See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)

func (BackendOutput) ElementType 

func (BackendOutput) ElementType() reflect.Type

func (BackendOutput) Environment 

func (o BackendOutput) Environment() pulumi.StringPtrOutput

The Azure environment.

func (BackendOutput) IdentityTokenAudience added in v6.2.0 

func (o BackendOutput) IdentityTokenAudience() pulumi.StringPtrOutput

The audience claim value. Requires Vault 1.17+. *Available only for Vault Enterprise*

func (BackendOutput) IdentityTokenKey added in v6.2.0 

func (o BackendOutput) IdentityTokenKey() pulumi.StringPtrOutput

The key to use for signing identity tokens. Requires Vault 1.17+. *Available only for Vault Enterprise*

func (BackendOutput) IdentityTokenTtl added in v6.2.0 

func (o BackendOutput) IdentityTokenTtl() pulumi.IntOutput

The TTL of generated identity tokens in seconds. Requires Vault 1.17+. *Available only for Vault Enterprise*

func (BackendOutput) Namespace 

func (o BackendOutput) Namespace() pulumi.StringPtrOutput

The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). *Available only for Vault Enterprise*.

func (BackendOutput) Path 

func (o BackendOutput) Path() pulumi.StringPtrOutput

The unique path this backend should be mounted at. Defaults to `azure`.

func (BackendOutput) SubscriptionId 

func (o BackendOutput) SubscriptionId() pulumi.StringOutput

The subscription id for the Azure Active Directory.

func (BackendOutput) TenantId 

func (o BackendOutput) TenantId() pulumi.StringOutput

The tenant id for the Azure Active Directory.

func (BackendOutput) ToBackendOutput 

func (o BackendOutput) ToBackendOutput() BackendOutput

func (BackendOutput) ToBackendOutputWithContext 

func (o BackendOutput) ToBackendOutputWithContext(ctx context.Context) BackendOutput

func (BackendOutput) UseMicrosoftGraphApi deprecated 

func (o BackendOutput) UseMicrosoftGraphApi() pulumi.BoolOutput

Use the Microsoft Graph API. Should be set to true on vault-1.10+

Deprecated: This field is not supported in Vault-1.12+ and is the default behavior. This field will be removed in future version of the provider.

type BackendRole 

type BackendRole struct {
	pulumi.CustomResourceState

	// Application Object ID for an existing service principal that will
	// be used instead of creating dynamic service principals. If present, `azureRoles` and `permanentlyDelete` will be ignored.
	ApplicationObjectId pulumi.StringPtrOutput `pulumi:"applicationObjectId"`
	// List of Azure groups to be assigned to the generated service principal.
	AzureGroups BackendRoleAzureGroupArrayOutput `pulumi:"azureGroups"`
	// List of Azure roles to be assigned to the generated service principal.
	AzureRoles BackendRoleAzureRoleArrayOutput `pulumi:"azureRoles"`
	// Path to the mounted Azure auth backend
	Backend pulumi.StringPtrOutput `pulumi:"backend"`
	// Human-friendly description of the mount for the backend.
	Description pulumi.StringPtrOutput `pulumi:"description"`
	// Specifies the maximum TTL for service principals generated using this role. Accepts time
	// suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine max TTL time.
	MaxTtl pulumi.StringPtrOutput `pulumi:"maxTtl"`
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrOutput `pulumi:"namespace"`
	// Indicates whether the applications and service principals created by Vault will be permanently
	// deleted when the corresponding leases expire. Defaults to `false`. For Vault v1.12+.
	PermanentlyDelete pulumi.BoolOutput `pulumi:"permanentlyDelete"`
	// Name of the Azure role
	Role pulumi.StringOutput `pulumi:"role"`
	// Specifies the security principal types that are allowed to sign in to the application.
	// Valid values are: AzureADMyOrg, AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount, PersonalMicrosoftAccount. Requires Vault 1.16+.
	SignInAudience pulumi.StringPtrOutput `pulumi:"signInAudience"`
	// A list of Azure tags to attach to an application. Requires Vault 1.16+.
	Tags pulumi.StringArrayOutput `pulumi:"tags"`
	// Specifies the default TTL for service principals generated using this role.
	// Accepts time suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine default TTL time.
	Ttl pulumi.StringPtrOutput `pulumi:"ttl"`
}

## Example Usage

```go package main

import ( 

"fmt"

"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/azure"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		azure, err := azure.NewBackend(ctx, "azure", &azure.BackendArgs{
			SubscriptionId: pulumi.Any(subscriptionId),
			TenantId:       pulumi.Any(tenantId),
			ClientSecret:   pulumi.Any(clientSecret),
			ClientId:       pulumi.Any(clientId),
		})
		if err != nil {
			return err
		}
		_, err = azure.NewBackendRole(ctx, "generated_role", &azure.BackendRoleArgs{
			Backend:        azure.Path,
			Role:           pulumi.String("generated_role"),
			SignInAudience: pulumi.String("AzureADMyOrg"),
			Tags: pulumi.StringArray{
				pulumi.String("team:engineering"),
				pulumi.String("environment:development"),
			},
			Ttl:    pulumi.String("300"),
			MaxTtl: pulumi.String("600"),
			AzureRoles: azure.BackendRoleAzureRoleArray{
				&azure.BackendRoleAzureRoleArgs{
					RoleName: pulumi.String("Reader"),
					Scope:    pulumi.Sprintf("/subscriptions/%v/resourceGroups/azure-vault-group", subscriptionId),
				},
			},
		})
		if err != nil {
			return err
		}
		_, err = azure.NewBackendRole(ctx, "existing_object_id", &azure.BackendRoleArgs{
			Backend:             azure.Path,
			Role:                pulumi.String("existing_object_id"),
			ApplicationObjectId: pulumi.String("11111111-2222-3333-4444-44444444444"),
			Ttl:                 pulumi.String("300"),
			MaxTtl:              pulumi.String("600"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

func GetBackendRole 

func GetBackendRole(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *BackendRoleState, opts ...pulumi.ResourceOption) (*BackendRole, error)

GetBackendRole gets an existing BackendRole resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewBackendRole 

func NewBackendRole(ctx *pulumi.Context,
	name string, args *BackendRoleArgs, opts ...pulumi.ResourceOption) (*BackendRole, error)

NewBackendRole registers a new resource with the given unique name, arguments, and options.

func (*BackendRole) ElementType 

func (*BackendRole) ElementType() reflect.Type

func (*BackendRole) ToBackendRoleOutput 

func (i *BackendRole) ToBackendRoleOutput() BackendRoleOutput

func (*BackendRole) ToBackendRoleOutputWithContext 

func (i *BackendRole) ToBackendRoleOutputWithContext(ctx context.Context) BackendRoleOutput

type BackendRoleArgs 

type BackendRoleArgs struct {
	// Application Object ID for an existing service principal that will
	// be used instead of creating dynamic service principals. If present, `azureRoles` and `permanentlyDelete` will be ignored.
	ApplicationObjectId pulumi.StringPtrInput
	// List of Azure groups to be assigned to the generated service principal.
	AzureGroups BackendRoleAzureGroupArrayInput
	// List of Azure roles to be assigned to the generated service principal.
	AzureRoles BackendRoleAzureRoleArrayInput
	// Path to the mounted Azure auth backend
	Backend pulumi.StringPtrInput
	// Human-friendly description of the mount for the backend.
	Description pulumi.StringPtrInput
	// Specifies the maximum TTL for service principals generated using this role. Accepts time
	// suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine max TTL time.
	MaxTtl pulumi.StringPtrInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// Indicates whether the applications and service principals created by Vault will be permanently
	// deleted when the corresponding leases expire. Defaults to `false`. For Vault v1.12+.
	PermanentlyDelete pulumi.BoolPtrInput
	// Name of the Azure role
	Role pulumi.StringInput
	// Specifies the security principal types that are allowed to sign in to the application.
	// Valid values are: AzureADMyOrg, AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount, PersonalMicrosoftAccount. Requires Vault 1.16+.
	SignInAudience pulumi.StringPtrInput
	// A list of Azure tags to attach to an application. Requires Vault 1.16+.
	Tags pulumi.StringArrayInput
	// Specifies the default TTL for service principals generated using this role.
	// Accepts time suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine default TTL time.
	Ttl pulumi.StringPtrInput
}

The set of arguments for constructing a BackendRole resource.

func (BackendRoleArgs) ElementType 

func (BackendRoleArgs) ElementType() reflect.Type

type BackendRoleArray 

type BackendRoleArray []BackendRoleInput

func (BackendRoleArray) ElementType 

func (BackendRoleArray) ElementType() reflect.Type

func (BackendRoleArray) ToBackendRoleArrayOutput 

func (i BackendRoleArray) ToBackendRoleArrayOutput() BackendRoleArrayOutput

func (BackendRoleArray) ToBackendRoleArrayOutputWithContext 

func (i BackendRoleArray) ToBackendRoleArrayOutputWithContext(ctx context.Context) BackendRoleArrayOutput

type BackendRoleArrayInput 

type BackendRoleArrayInput interface {
	pulumi.Input

	ToBackendRoleArrayOutput() BackendRoleArrayOutput
	ToBackendRoleArrayOutputWithContext(context.Context) BackendRoleArrayOutput
}

BackendRoleArrayInput is an input type that accepts BackendRoleArray and BackendRoleArrayOutput values. You can construct a concrete instance of `BackendRoleArrayInput` via: 

BackendRoleArray{ BackendRoleArgs{...} }

type BackendRoleArrayOutput 

type BackendRoleArrayOutput struct{ *pulumi.OutputState }

func (BackendRoleArrayOutput) ElementType 

func (BackendRoleArrayOutput) ElementType() reflect.Type

func (BackendRoleArrayOutput) Index 

func (o BackendRoleArrayOutput) Index(i pulumi.IntInput) BackendRoleOutput

func (BackendRoleArrayOutput) ToBackendRoleArrayOutput 

func (o BackendRoleArrayOutput) ToBackendRoleArrayOutput() BackendRoleArrayOutput

func (BackendRoleArrayOutput) ToBackendRoleArrayOutputWithContext 

func (o BackendRoleArrayOutput) ToBackendRoleArrayOutputWithContext(ctx context.Context) BackendRoleArrayOutput

type BackendRoleAzureGroup 

type BackendRoleAzureGroup struct {
	GroupName string  `pulumi:"groupName"`
	ObjectId  *string `pulumi:"objectId"`
}

type BackendRoleAzureGroupArgs 

type BackendRoleAzureGroupArgs struct {
	GroupName pulumi.StringInput    `pulumi:"groupName"`
	ObjectId  pulumi.StringPtrInput `pulumi:"objectId"`
}

func (BackendRoleAzureGroupArgs) ElementType 

func (BackendRoleAzureGroupArgs) ElementType() reflect.Type

func (BackendRoleAzureGroupArgs) ToBackendRoleAzureGroupOutput 

func (i BackendRoleAzureGroupArgs) ToBackendRoleAzureGroupOutput() BackendRoleAzureGroupOutput

func (BackendRoleAzureGroupArgs) ToBackendRoleAzureGroupOutputWithContext 

func (i BackendRoleAzureGroupArgs) ToBackendRoleAzureGroupOutputWithContext(ctx context.Context) BackendRoleAzureGroupOutput

type BackendRoleAzureGroupArray 

type BackendRoleAzureGroupArray []BackendRoleAzureGroupInput

func (BackendRoleAzureGroupArray) ElementType 

func (BackendRoleAzureGroupArray) ElementType() reflect.Type

func (BackendRoleAzureGroupArray) ToBackendRoleAzureGroupArrayOutput 

func (i BackendRoleAzureGroupArray) ToBackendRoleAzureGroupArrayOutput() BackendRoleAzureGroupArrayOutput

func (BackendRoleAzureGroupArray) ToBackendRoleAzureGroupArrayOutputWithContext 

func (i BackendRoleAzureGroupArray) ToBackendRoleAzureGroupArrayOutputWithContext(ctx context.Context) BackendRoleAzureGroupArrayOutput

type BackendRoleAzureGroupArrayInput 

type BackendRoleAzureGroupArrayInput interface {
	pulumi.Input

	ToBackendRoleAzureGroupArrayOutput() BackendRoleAzureGroupArrayOutput
	ToBackendRoleAzureGroupArrayOutputWithContext(context.Context) BackendRoleAzureGroupArrayOutput
}

BackendRoleAzureGroupArrayInput is an input type that accepts BackendRoleAzureGroupArray and BackendRoleAzureGroupArrayOutput values. You can construct a concrete instance of `BackendRoleAzureGroupArrayInput` via: 

BackendRoleAzureGroupArray{ BackendRoleAzureGroupArgs{...} }

type BackendRoleAzureGroupArrayOutput 

type BackendRoleAzureGroupArrayOutput struct{ *pulumi.OutputState }

func (BackendRoleAzureGroupArrayOutput) ElementType 

func (BackendRoleAzureGroupArrayOutput) ElementType() reflect.Type

func (BackendRoleAzureGroupArrayOutput) Index 

func (o BackendRoleAzureGroupArrayOutput) Index(i pulumi.IntInput) BackendRoleAzureGroupOutput

func (BackendRoleAzureGroupArrayOutput) ToBackendRoleAzureGroupArrayOutput 

func (o BackendRoleAzureGroupArrayOutput) ToBackendRoleAzureGroupArrayOutput() BackendRoleAzureGroupArrayOutput

func (BackendRoleAzureGroupArrayOutput) ToBackendRoleAzureGroupArrayOutputWithContext 

func (o BackendRoleAzureGroupArrayOutput) ToBackendRoleAzureGroupArrayOutputWithContext(ctx context.Context) BackendRoleAzureGroupArrayOutput

type BackendRoleAzureGroupInput 

type BackendRoleAzureGroupInput interface {
	pulumi.Input

	ToBackendRoleAzureGroupOutput() BackendRoleAzureGroupOutput
	ToBackendRoleAzureGroupOutputWithContext(context.Context) BackendRoleAzureGroupOutput
}

BackendRoleAzureGroupInput is an input type that accepts BackendRoleAzureGroupArgs and BackendRoleAzureGroupOutput values. You can construct a concrete instance of `BackendRoleAzureGroupInput` via: 

BackendRoleAzureGroupArgs{...}

type BackendRoleAzureGroupOutput 

type BackendRoleAzureGroupOutput struct{ *pulumi.OutputState }

func (BackendRoleAzureGroupOutput) ElementType 

func (BackendRoleAzureGroupOutput) ElementType() reflect.Type

func (BackendRoleAzureGroupOutput) GroupName 

func (o BackendRoleAzureGroupOutput) GroupName() pulumi.StringOutput

func (BackendRoleAzureGroupOutput) ObjectId 

func (o BackendRoleAzureGroupOutput) ObjectId() pulumi.StringPtrOutput

func (BackendRoleAzureGroupOutput) ToBackendRoleAzureGroupOutput 

func (o BackendRoleAzureGroupOutput) ToBackendRoleAzureGroupOutput() BackendRoleAzureGroupOutput

func (BackendRoleAzureGroupOutput) ToBackendRoleAzureGroupOutputWithContext 

func (o BackendRoleAzureGroupOutput) ToBackendRoleAzureGroupOutputWithContext(ctx context.Context) BackendRoleAzureGroupOutput

type BackendRoleAzureRole 

type BackendRoleAzureRole struct {
	RoleId   *string `pulumi:"roleId"`
	RoleName *string `pulumi:"roleName"`
	Scope    string  `pulumi:"scope"`
}

type BackendRoleAzureRoleArgs 

type BackendRoleAzureRoleArgs struct {
	RoleId   pulumi.StringPtrInput `pulumi:"roleId"`
	RoleName pulumi.StringPtrInput `pulumi:"roleName"`
	Scope    pulumi.StringInput    `pulumi:"scope"`
}

func (BackendRoleAzureRoleArgs) ElementType 

func (BackendRoleAzureRoleArgs) ElementType() reflect.Type

func (BackendRoleAzureRoleArgs) ToBackendRoleAzureRoleOutput 

func (i BackendRoleAzureRoleArgs) ToBackendRoleAzureRoleOutput() BackendRoleAzureRoleOutput

func (BackendRoleAzureRoleArgs) ToBackendRoleAzureRoleOutputWithContext 

func (i BackendRoleAzureRoleArgs) ToBackendRoleAzureRoleOutputWithContext(ctx context.Context) BackendRoleAzureRoleOutput

type BackendRoleAzureRoleArray 

type BackendRoleAzureRoleArray []BackendRoleAzureRoleInput

func (BackendRoleAzureRoleArray) ElementType 

func (BackendRoleAzureRoleArray) ElementType() reflect.Type

func (BackendRoleAzureRoleArray) ToBackendRoleAzureRoleArrayOutput 

func (i BackendRoleAzureRoleArray) ToBackendRoleAzureRoleArrayOutput() BackendRoleAzureRoleArrayOutput

func (BackendRoleAzureRoleArray) ToBackendRoleAzureRoleArrayOutputWithContext 

func (i BackendRoleAzureRoleArray) ToBackendRoleAzureRoleArrayOutputWithContext(ctx context.Context) BackendRoleAzureRoleArrayOutput

type BackendRoleAzureRoleArrayInput 

type BackendRoleAzureRoleArrayInput interface {
	pulumi.Input

	ToBackendRoleAzureRoleArrayOutput() BackendRoleAzureRoleArrayOutput
	ToBackendRoleAzureRoleArrayOutputWithContext(context.Context) BackendRoleAzureRoleArrayOutput
}

BackendRoleAzureRoleArrayInput is an input type that accepts BackendRoleAzureRoleArray and BackendRoleAzureRoleArrayOutput values. You can construct a concrete instance of `BackendRoleAzureRoleArrayInput` via: 

BackendRoleAzureRoleArray{ BackendRoleAzureRoleArgs{...} }

type BackendRoleAzureRoleArrayOutput 

type BackendRoleAzureRoleArrayOutput struct{ *pulumi.OutputState }

func (BackendRoleAzureRoleArrayOutput) ElementType 

func (BackendRoleAzureRoleArrayOutput) ElementType() reflect.Type

func (BackendRoleAzureRoleArrayOutput) Index 

func (o BackendRoleAzureRoleArrayOutput) Index(i pulumi.IntInput) BackendRoleAzureRoleOutput

func (BackendRoleAzureRoleArrayOutput) ToBackendRoleAzureRoleArrayOutput 

func (o BackendRoleAzureRoleArrayOutput) ToBackendRoleAzureRoleArrayOutput() BackendRoleAzureRoleArrayOutput

func (BackendRoleAzureRoleArrayOutput) ToBackendRoleAzureRoleArrayOutputWithContext 

func (o BackendRoleAzureRoleArrayOutput) ToBackendRoleAzureRoleArrayOutputWithContext(ctx context.Context) BackendRoleAzureRoleArrayOutput

type BackendRoleAzureRoleInput 

type BackendRoleAzureRoleInput interface {
	pulumi.Input

	ToBackendRoleAzureRoleOutput() BackendRoleAzureRoleOutput
	ToBackendRoleAzureRoleOutputWithContext(context.Context) BackendRoleAzureRoleOutput
}

BackendRoleAzureRoleInput is an input type that accepts BackendRoleAzureRoleArgs and BackendRoleAzureRoleOutput values. You can construct a concrete instance of `BackendRoleAzureRoleInput` via: 

BackendRoleAzureRoleArgs{...}

type BackendRoleAzureRoleOutput 

type BackendRoleAzureRoleOutput struct{ *pulumi.OutputState }

func (BackendRoleAzureRoleOutput) ElementType 

func (BackendRoleAzureRoleOutput) ElementType() reflect.Type

func (BackendRoleAzureRoleOutput) RoleId 

func (o BackendRoleAzureRoleOutput) RoleId() pulumi.StringPtrOutput

func (BackendRoleAzureRoleOutput) RoleName 

func (o BackendRoleAzureRoleOutput) RoleName() pulumi.StringPtrOutput

func (BackendRoleAzureRoleOutput) Scope 

func (o BackendRoleAzureRoleOutput) Scope() pulumi.StringOutput

func (BackendRoleAzureRoleOutput) ToBackendRoleAzureRoleOutput 

func (o BackendRoleAzureRoleOutput) ToBackendRoleAzureRoleOutput() BackendRoleAzureRoleOutput

func (BackendRoleAzureRoleOutput) ToBackendRoleAzureRoleOutputWithContext 

func (o BackendRoleAzureRoleOutput) ToBackendRoleAzureRoleOutputWithContext(ctx context.Context) BackendRoleAzureRoleOutput

type BackendRoleInput 

type BackendRoleInput interface {
	pulumi.Input

	ToBackendRoleOutput() BackendRoleOutput
	ToBackendRoleOutputWithContext(ctx context.Context) BackendRoleOutput
}

type BackendRoleMap 

type BackendRoleMap map[string]BackendRoleInput

func (BackendRoleMap) ElementType 

func (BackendRoleMap) ElementType() reflect.Type

func (BackendRoleMap) ToBackendRoleMapOutput 

func (i BackendRoleMap) ToBackendRoleMapOutput() BackendRoleMapOutput

func (BackendRoleMap) ToBackendRoleMapOutputWithContext 

func (i BackendRoleMap) ToBackendRoleMapOutputWithContext(ctx context.Context) BackendRoleMapOutput

type BackendRoleMapInput 

type BackendRoleMapInput interface {
	pulumi.Input

	ToBackendRoleMapOutput() BackendRoleMapOutput
	ToBackendRoleMapOutputWithContext(context.Context) BackendRoleMapOutput
}

BackendRoleMapInput is an input type that accepts BackendRoleMap and BackendRoleMapOutput values. You can construct a concrete instance of `BackendRoleMapInput` via: 

BackendRoleMap{ "key": BackendRoleArgs{...} }

type BackendRoleMapOutput 

type BackendRoleMapOutput struct{ *pulumi.OutputState }

func (BackendRoleMapOutput) ElementType 

func (BackendRoleMapOutput) ElementType() reflect.Type

func (BackendRoleMapOutput) MapIndex 

func (o BackendRoleMapOutput) MapIndex(k pulumi.StringInput) BackendRoleOutput

func (BackendRoleMapOutput) ToBackendRoleMapOutput 

func (o BackendRoleMapOutput) ToBackendRoleMapOutput() BackendRoleMapOutput

func (BackendRoleMapOutput) ToBackendRoleMapOutputWithContext 

func (o BackendRoleMapOutput) ToBackendRoleMapOutputWithContext(ctx context.Context) BackendRoleMapOutput

type BackendRoleOutput 

type BackendRoleOutput struct{ *pulumi.OutputState }

func (BackendRoleOutput) ApplicationObjectId 

func (o BackendRoleOutput) ApplicationObjectId() pulumi.StringPtrOutput

Application Object ID for an existing service principal that will be used instead of creating dynamic service principals. If present, `azureRoles` and `permanentlyDelete` will be ignored.

func (BackendRoleOutput) AzureGroups 

func (o BackendRoleOutput) AzureGroups() BackendRoleAzureGroupArrayOutput

List of Azure groups to be assigned to the generated service principal.

func (BackendRoleOutput) AzureRoles 

func (o BackendRoleOutput) AzureRoles() BackendRoleAzureRoleArrayOutput

List of Azure roles to be assigned to the generated service principal.

func (BackendRoleOutput) Backend 

func (o BackendRoleOutput) Backend() pulumi.StringPtrOutput

Path to the mounted Azure auth backend

func (BackendRoleOutput) Description 

func (o BackendRoleOutput) Description() pulumi.StringPtrOutput

Human-friendly description of the mount for the backend.

func (BackendRoleOutput) ElementType 

func (BackendRoleOutput) ElementType() reflect.Type

func (BackendRoleOutput) MaxTtl 

func (o BackendRoleOutput) MaxTtl() pulumi.StringPtrOutput

Specifies the maximum TTL for service principals generated using this role. Accepts time suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine max TTL time.

func (BackendRoleOutput) Namespace 

func (o BackendRoleOutput) Namespace() pulumi.StringPtrOutput

The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). *Available only for Vault Enterprise*.

func (BackendRoleOutput) PermanentlyDelete 

func (o BackendRoleOutput) PermanentlyDelete() pulumi.BoolOutput

Indicates whether the applications and service principals created by Vault will be permanently deleted when the corresponding leases expire. Defaults to `false`. For Vault v1.12+.

func (BackendRoleOutput) Role 

func (o BackendRoleOutput) Role() pulumi.StringOutput

Name of the Azure role

func (BackendRoleOutput) SignInAudience 

func (o BackendRoleOutput) SignInAudience() pulumi.StringPtrOutput

Specifies the security principal types that are allowed to sign in to the application. Valid values are: AzureADMyOrg, AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount, PersonalMicrosoftAccount. Requires Vault 1.16+.

func (BackendRoleOutput) Tags 

func (o BackendRoleOutput) Tags() pulumi.StringArrayOutput

A list of Azure tags to attach to an application. Requires Vault 1.16+.

func (BackendRoleOutput) ToBackendRoleOutput 

func (o BackendRoleOutput) ToBackendRoleOutput() BackendRoleOutput

func (BackendRoleOutput) ToBackendRoleOutputWithContext 

func (o BackendRoleOutput) ToBackendRoleOutputWithContext(ctx context.Context) BackendRoleOutput

func (BackendRoleOutput) Ttl 

func (o BackendRoleOutput) Ttl() pulumi.StringPtrOutput

Specifies the default TTL for service principals generated using this role. Accepts time suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine default TTL time.

type BackendRoleState 

type BackendRoleState struct {
	// Application Object ID for an existing service principal that will
	// be used instead of creating dynamic service principals. If present, `azureRoles` and `permanentlyDelete` will be ignored.
	ApplicationObjectId pulumi.StringPtrInput
	// List of Azure groups to be assigned to the generated service principal.
	AzureGroups BackendRoleAzureGroupArrayInput
	// List of Azure roles to be assigned to the generated service principal.
	AzureRoles BackendRoleAzureRoleArrayInput
	// Path to the mounted Azure auth backend
	Backend pulumi.StringPtrInput
	// Human-friendly description of the mount for the backend.
	Description pulumi.StringPtrInput
	// Specifies the maximum TTL for service principals generated using this role. Accepts time
	// suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine max TTL time.
	MaxTtl pulumi.StringPtrInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// Indicates whether the applications and service principals created by Vault will be permanently
	// deleted when the corresponding leases expire. Defaults to `false`. For Vault v1.12+.
	PermanentlyDelete pulumi.BoolPtrInput
	// Name of the Azure role
	Role pulumi.StringPtrInput
	// Specifies the security principal types that are allowed to sign in to the application.
	// Valid values are: AzureADMyOrg, AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount, PersonalMicrosoftAccount. Requires Vault 1.16+.
	SignInAudience pulumi.StringPtrInput
	// A list of Azure tags to attach to an application. Requires Vault 1.16+.
	Tags pulumi.StringArrayInput
	// Specifies the default TTL for service principals generated using this role.
	// Accepts time suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine default TTL time.
	Ttl pulumi.StringPtrInput
}

func (BackendRoleState) ElementType 

func (BackendRoleState) ElementType() reflect.Type

type BackendState 

type BackendState struct {
	// The OAuth2 client id to connect to Azure.
	ClientId pulumi.StringPtrInput
	// The OAuth2 client secret to connect to Azure.
	ClientSecret pulumi.StringPtrInput
	// Human-friendly description of the mount for the backend.
	Description pulumi.StringPtrInput
	// If set, opts out of mount migration on path updates.
	// See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
	DisableRemount pulumi.BoolPtrInput
	// The Azure environment.
	Environment pulumi.StringPtrInput
	// The audience claim value. Requires Vault 1.17+.
	// *Available only for Vault Enterprise*
	IdentityTokenAudience pulumi.StringPtrInput
	// The key to use for signing identity tokens. Requires Vault 1.17+.
	// *Available only for Vault Enterprise*
	IdentityTokenKey pulumi.StringPtrInput
	// The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
	// *Available only for Vault Enterprise*
	IdentityTokenTtl pulumi.IntPtrInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// The unique path this backend should be mounted at. Defaults to `azure`.
	Path pulumi.StringPtrInput
	// The subscription id for the Azure Active Directory.
	SubscriptionId pulumi.StringPtrInput
	// The tenant id for the Azure Active Directory.
	TenantId pulumi.StringPtrInput
	// Use the Microsoft Graph API. Should be set to true on vault-1.10+
	//
	// Deprecated: This field is not supported in Vault-1.12+ and is the default behavior. This field will be removed in future version of the provider.
	UseMicrosoftGraphApi pulumi.BoolPtrInput
}

func (BackendState) ElementType 

func (BackendState) ElementType() reflect.Type

type GetAccessCredentialsArgs 

type GetAccessCredentialsArgs struct {
	// The path to the Azure secret backend to
	// read credentials from, with no leading or trailing `/`s.
	Backend string `pulumi:"backend"`
	// The Azure environment to use during credential validation.
	// Defaults to the environment configured in the Vault backend.
	// Some possible values: `AzurePublicCloud`, `AzureGovernmentCloud`
	// *See the caveats section for more information on this field.*
	Environment *string `pulumi:"environment"`
	// If 'validate_creds' is true,
	// the number of seconds after which to give up validating credentials. Defaults
	// to 300.
	MaxCredValidationSeconds *int `pulumi:"maxCredValidationSeconds"`
	// The namespace of the target resource.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace *string `pulumi:"namespace"`
	// If 'validate_creds' is true,
	// the number of seconds to wait between each test of generated credentials.
	// Defaults to 1.
	NumSecondsBetweenTests *int `pulumi:"numSecondsBetweenTests"`
	// If 'validate_creds' is true,
	// the number of sequential successes required to validate generated
	// credentials. Defaults to 8.
	NumSequentialSuccesses *int `pulumi:"numSequentialSuccesses"`
	// The name of the Azure secret backend role to read
	// credentials from, with no leading or trailing `/`s.
	Role string `pulumi:"role"`
	// The subscription ID to use during credential
	// validation. Defaults to the subscription ID configured in the Vault `backend`.
	// *See the caveats section for more information on this field.*
	SubscriptionId *string `pulumi:"subscriptionId"`
	// The tenant ID to use during credential validation.
	// Defaults to the tenant ID configured in the Vault `backend`.
	// *See the caveats section for more information on this field.*
	TenantId *string `pulumi:"tenantId"`
	// Whether generated credentials should be
	// validated before being returned. Defaults to `false`, which returns
	// credentials without checking whether they have fully propagated throughout
	// Azure Active Directory. Designating `true` activates testing.
	ValidateCreds *bool `pulumi:"validateCreds"`
}

A collection of arguments for invoking getAccessCredentials.

type GetAccessCredentialsOutputArgs 

type GetAccessCredentialsOutputArgs struct {
	// The path to the Azure secret backend to
	// read credentials from, with no leading or trailing `/`s.
	Backend pulumi.StringInput `pulumi:"backend"`
	// The Azure environment to use during credential validation.
	// Defaults to the environment configured in the Vault backend.
	// Some possible values: `AzurePublicCloud`, `AzureGovernmentCloud`
	// *See the caveats section for more information on this field.*
	Environment pulumi.StringPtrInput `pulumi:"environment"`
	// If 'validate_creds' is true,
	// the number of seconds after which to give up validating credentials. Defaults
	// to 300.
	MaxCredValidationSeconds pulumi.IntPtrInput `pulumi:"maxCredValidationSeconds"`
	// The namespace of the target resource.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput `pulumi:"namespace"`
	// If 'validate_creds' is true,
	// the number of seconds to wait between each test of generated credentials.
	// Defaults to 1.
	NumSecondsBetweenTests pulumi.IntPtrInput `pulumi:"numSecondsBetweenTests"`
	// If 'validate_creds' is true,
	// the number of sequential successes required to validate generated
	// credentials. Defaults to 8.
	NumSequentialSuccesses pulumi.IntPtrInput `pulumi:"numSequentialSuccesses"`
	// The name of the Azure secret backend role to read
	// credentials from, with no leading or trailing `/`s.
	Role pulumi.StringInput `pulumi:"role"`
	// The subscription ID to use during credential
	// validation. Defaults to the subscription ID configured in the Vault `backend`.
	// *See the caveats section for more information on this field.*
	SubscriptionId pulumi.StringPtrInput `pulumi:"subscriptionId"`
	// The tenant ID to use during credential validation.
	// Defaults to the tenant ID configured in the Vault `backend`.
	// *See the caveats section for more information on this field.*
	TenantId pulumi.StringPtrInput `pulumi:"tenantId"`
	// Whether generated credentials should be
	// validated before being returned. Defaults to `false`, which returns
	// credentials without checking whether they have fully propagated throughout
	// Azure Active Directory. Designating `true` activates testing.
	ValidateCreds pulumi.BoolPtrInput `pulumi:"validateCreds"`
}

A collection of arguments for invoking getAccessCredentials.

func (GetAccessCredentialsOutputArgs) ElementType 

func (GetAccessCredentialsOutputArgs) ElementType() reflect.Type

type GetAccessCredentialsResult 

type GetAccessCredentialsResult struct {
	Backend string `pulumi:"backend"`
	// The client id for credentials to query the Azure APIs.
	ClientId string `pulumi:"clientId"`
	// The client secret for credentials to query the Azure APIs.
	ClientSecret string  `pulumi:"clientSecret"`
	Environment  *string `pulumi:"environment"`
	// The provider-assigned unique ID for this managed resource.
	Id string `pulumi:"id"`
	// The duration of the secret lease, in seconds relative
	// to the time the data was requested. Once this time has passed any plan
	// generated with this data may fail to apply.
	LeaseDuration int `pulumi:"leaseDuration"`
	// The lease identifier assigned by Vault.
	LeaseId                  string  `pulumi:"leaseId"`
	LeaseRenewable           bool    `pulumi:"leaseRenewable"`
	LeaseStartTime           string  `pulumi:"leaseStartTime"`
	MaxCredValidationSeconds *int    `pulumi:"maxCredValidationSeconds"`
	Namespace                *string `pulumi:"namespace"`
	NumSecondsBetweenTests   *int    `pulumi:"numSecondsBetweenTests"`
	NumSequentialSuccesses   *int    `pulumi:"numSequentialSuccesses"`
	Role                     string  `pulumi:"role"`
	SubscriptionId           *string `pulumi:"subscriptionId"`
	TenantId                 *string `pulumi:"tenantId"`
	ValidateCreds            *bool   `pulumi:"validateCreds"`
}

A collection of values returned by getAccessCredentials.

func GetAccessCredentials 

func GetAccessCredentials(ctx *pulumi.Context, args *GetAccessCredentialsArgs, opts ...pulumi.InvokeOption) (*GetAccessCredentialsResult, error)

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/azure"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := azure.GetAccessCredentials(ctx, &azure.GetAccessCredentialsArgs{
			Role:                     "my-role",
			ValidateCreds:            pulumi.BoolRef(true),
			NumSequentialSuccesses:   pulumi.IntRef(8),
			NumSecondsBetweenTests:   pulumi.IntRef(1),
			MaxCredValidationSeconds: pulumi.IntRef(300),
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Caveats

The `validateCreds` option requires read-access to the `backend` config endpoint. If the effective Vault role does not have the required permissions then valid values are required to be set for: `subscriptionId`, `tenantId`, `environment`.

type GetAccessCredentialsResultOutput 

type GetAccessCredentialsResultOutput struct{ *pulumi.OutputState }

A collection of values returned by getAccessCredentials.

func GetAccessCredentialsOutput 

func GetAccessCredentialsOutput(ctx *pulumi.Context, args GetAccessCredentialsOutputArgs, opts ...pulumi.InvokeOption) GetAccessCredentialsResultOutput

func (GetAccessCredentialsResultOutput) Backend 

func (o GetAccessCredentialsResultOutput) Backend() pulumi.StringOutput

func (GetAccessCredentialsResultOutput) ClientId 

func (o GetAccessCredentialsResultOutput) ClientId() pulumi.StringOutput

The client id for credentials to query the Azure APIs.

func (GetAccessCredentialsResultOutput) ClientSecret 

func (o GetAccessCredentialsResultOutput) ClientSecret() pulumi.StringOutput

The client secret for credentials to query the Azure APIs.

func (GetAccessCredentialsResultOutput) ElementType 

func (GetAccessCredentialsResultOutput) ElementType() reflect.Type

func (GetAccessCredentialsResultOutput) Environment 

func (o GetAccessCredentialsResultOutput) Environment() pulumi.StringPtrOutput

func (GetAccessCredentialsResultOutput) Id 

func (o GetAccessCredentialsResultOutput) Id() pulumi.StringOutput

The provider-assigned unique ID for this managed resource.

func (GetAccessCredentialsResultOutput) LeaseDuration 

func (o GetAccessCredentialsResultOutput) LeaseDuration() pulumi.IntOutput

The duration of the secret lease, in seconds relative to the time the data was requested. Once this time has passed any plan generated with this data may fail to apply.

func (GetAccessCredentialsResultOutput) LeaseId 

func (o GetAccessCredentialsResultOutput) LeaseId() pulumi.StringOutput

The lease identifier assigned by Vault.

func (GetAccessCredentialsResultOutput) LeaseRenewable 

func (o GetAccessCredentialsResultOutput) LeaseRenewable() pulumi.BoolOutput

func (GetAccessCredentialsResultOutput) LeaseStartTime 

func (o GetAccessCredentialsResultOutput) LeaseStartTime() pulumi.StringOutput

func (GetAccessCredentialsResultOutput) MaxCredValidationSeconds 

func (o GetAccessCredentialsResultOutput) MaxCredValidationSeconds() pulumi.IntPtrOutput

func (GetAccessCredentialsResultOutput) Namespace 

func (o GetAccessCredentialsResultOutput) Namespace() pulumi.StringPtrOutput

func (GetAccessCredentialsResultOutput) NumSecondsBetweenTests 

func (o GetAccessCredentialsResultOutput) NumSecondsBetweenTests() pulumi.IntPtrOutput

func (GetAccessCredentialsResultOutput) NumSequentialSuccesses 

func (o GetAccessCredentialsResultOutput) NumSequentialSuccesses() pulumi.IntPtrOutput

func (GetAccessCredentialsResultOutput) Role 

func (o GetAccessCredentialsResultOutput) Role() pulumi.StringOutput

func (GetAccessCredentialsResultOutput) SubscriptionId 

func (o GetAccessCredentialsResultOutput) SubscriptionId() pulumi.StringPtrOutput

func (GetAccessCredentialsResultOutput) TenantId 

func (o GetAccessCredentialsResultOutput) TenantId() pulumi.StringPtrOutput

func (GetAccessCredentialsResultOutput) ToGetAccessCredentialsResultOutput 

func (o GetAccessCredentialsResultOutput) ToGetAccessCredentialsResultOutput() GetAccessCredentialsResultOutput

func (GetAccessCredentialsResultOutput) ToGetAccessCredentialsResultOutputWithContext 

func (o GetAccessCredentialsResultOutput) ToGetAccessCredentialsResultOutputWithContext(ctx context.Context) GetAccessCredentialsResultOutput

func (GetAccessCredentialsResultOutput) ValidateCreds 

func (o GetAccessCredentialsResultOutput) ValidateCreds() pulumi.BoolPtrOutput

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.