@pulumi/vault

import * as pulumi from "@pulumi/pulumi"; import * as inputs from "../types/input"; import * as outputs from "../types/output"; /** * ## Example Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as vault from "@pulumi/vault"; * * const azure = new vault.azure.Backend("azure", { * subscriptionId: subscriptionId, * tenantId: tenantId, * clientSecret: clientSecret, * clientId: clientId, * }); * const generatedRole = new vault.azure.BackendRole("generated_role", { * backend: azure.path, * role: "generated_role", * signInAudience: "AzureADMyOrg", * tags: [ * "team:engineering", * "environment:development", * ], * ttl: "300", * maxTtl: "600", * azureRoles: [{ * roleName: "Reader", * scope: `/subscriptions/${subscriptionId}/resourceGroups/azure-vault-group`, * }], * }); * const existingObjectId = new vault.azure.BackendRole("existing_object_id", { * backend: azure.path, * role: "existing_object_id", * applicationObjectId: "11111111-2222-3333-4444-44444444444", * ttl: "300", * maxTtl: "600", * }); * ``` */ export declare class BackendRole extends pulumi.CustomResource { /** * Get an existing BackendRole resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input<pulumi.ID>, state?: BackendRoleState, opts?: pulumi.CustomResourceOptions): BackendRole; /** * Returns true if the given object is an instance of BackendRole. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is BackendRole; /** * Application Object ID for an existing service principal that will * be used instead of creating dynamic service principals. If present, `azureRoles` and `permanentlyDelete` will be ignored. */ readonly applicationObjectId: pulumi.Output<string | undefined>; /** * List of Azure groups to be assigned to the generated service principal. */ readonly azureGroups: pulumi.Output<outputs.azure.BackendRoleAzureGroup[] | undefined>; /** * List of Azure roles to be assigned to the generated service principal. */ readonly azureRoles: pulumi.Output<outputs.azure.BackendRoleAzureRole[] | undefined>; /** * Path to the mounted Azure auth backend */ readonly backend: pulumi.Output<string | undefined>; /** * Human-friendly description of the mount for the backend. */ readonly description: pulumi.Output<string | undefined>; /** * Specifies the explicit maximum lifetime of the lease and service principal generated using this role. If not set or set to 0, will use the system default (10 years). Requires Vault 1.18+. */ readonly explicitMaxTtl: pulumi.Output<string | undefined>; /** * Specifies the maximum TTL for service principals generated using this role. Accepts time * suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine max TTL time. */ readonly maxTtl: pulumi.Output<string | undefined>; /** * The namespace to provision the resource in. * The value should not contain leading or trailing forward slashes. * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). * *Available only for Vault Enterprise*. */ readonly namespace: pulumi.Output<string | undefined>; /** * Indicates whether the applications and service principals created by Vault will be permanently * deleted when the corresponding leases expire. Defaults to `false`. For Vault v1.12+. */ readonly permanentlyDelete: pulumi.Output<boolean>; /** * Name of the Azure role */ readonly role: pulumi.Output<string>; /** * Specifies the security principal types that are allowed to sign in to the application. * Valid values are: AzureADMyOrg, AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount, PersonalMicrosoftAccount. Requires Vault 1.16+. */ readonly signInAudience: pulumi.Output<string | undefined>; /** * A list of Azure tags to attach to an application. Requires Vault 1.16+. */ readonly tags: pulumi.Output<string[] | undefined>; /** * Specifies the default TTL for service principals generated using this role. * Accepts time suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine default TTL time. */ readonly ttl: pulumi.Output<string | undefined>; /** * Create a BackendRole resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: BackendRoleArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering BackendRole resources. */ export interface BackendRoleState { /** * Application Object ID for an existing service principal that will * be used instead of creating dynamic service principals. If present, `azureRoles` and `permanentlyDelete` will be ignored. */ applicationObjectId?: pulumi.Input<string>; /** * List of Azure groups to be assigned to the generated service principal. */ azureGroups?: pulumi.Input<pulumi.Input<inputs.azure.BackendRoleAzureGroup>[]>; /** * List of Azure roles to be assigned to the generated service principal. */ azureRoles?: pulumi.Input<pulumi.Input<inputs.azure.BackendRoleAzureRole>[]>; /** * Path to the mounted Azure auth backend */ backend?: pulumi.Input<string>; /** * Human-friendly description of the mount for the backend. */ description?: pulumi.Input<string>; /** * Specifies the explicit maximum lifetime of the lease and service principal generated using this role. If not set or set to 0, will use the system default (10 years). Requires Vault 1.18+. */ explicitMaxTtl?: pulumi.Input<string>; /** * Specifies the maximum TTL for service principals generated using this role. Accepts time * suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine max TTL time. */ maxTtl?: pulumi.Input<string>; /** * The namespace to provision the resource in. * The value should not contain leading or trailing forward slashes. * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). * *Available only for Vault Enterprise*. */ namespace?: pulumi.Input<string>; /** * Indicates whether the applications and service principals created by Vault will be permanently * deleted when the corresponding leases expire. Defaults to `false`. For Vault v1.12+. */ permanentlyDelete?: pulumi.Input<boolean>; /** * Name of the Azure role */ role?: pulumi.Input<string>; /** * Specifies the security principal types that are allowed to sign in to the application. * Valid values are: AzureADMyOrg, AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount, PersonalMicrosoftAccount. Requires Vault 1.16+. */ signInAudience?: pulumi.Input<string>; /** * A list of Azure tags to attach to an application. Requires Vault 1.16+. */ tags?: pulumi.Input<pulumi.Input<string>[]>; /** * Specifies the default TTL for service principals generated using this role. * Accepts time suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine default TTL time. */ ttl?: pulumi.Input<string>; } /** * The set of arguments for constructing a BackendRole resource. */ export interface BackendRoleArgs { /** * Application Object ID for an existing service principal that will * be used instead of creating dynamic service principals. If present, `azureRoles` and `permanentlyDelete` will be ignored. */ applicationObjectId?: pulumi.Input<string>; /** * List of Azure groups to be assigned to the generated service principal. */ azureGroups?: pulumi.Input<pulumi.Input<inputs.azure.BackendRoleAzureGroup>[]>; /** * List of Azure roles to be assigned to the generated service principal. */ azureRoles?: pulumi.Input<pulumi.Input<inputs.azure.BackendRoleAzureRole>[]>; /** * Path to the mounted Azure auth backend */ backend?: pulumi.Input<string>; /** * Human-friendly description of the mount for the backend. */ description?: pulumi.Input<string>; /** * Specifies the explicit maximum lifetime of the lease and service principal generated using this role. If not set or set to 0, will use the system default (10 years). Requires Vault 1.18+. */ explicitMaxTtl?: pulumi.Input<string>; /** * Specifies the maximum TTL for service principals generated using this role. Accepts time * suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine max TTL time. */ maxTtl?: pulumi.Input<string>; /** * The namespace to provision the resource in. * The value should not contain leading or trailing forward slashes. * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). * *Available only for Vault Enterprise*. */ namespace?: pulumi.Input<string>; /** * Indicates whether the applications and service principals created by Vault will be permanently * deleted when the corresponding leases expire. Defaults to `false`. For Vault v1.12+. */ permanentlyDelete?: pulumi.Input<boolean>; /** * Name of the Azure role */ role: pulumi.Input<string>; /** * Specifies the security principal types that are allowed to sign in to the application. * Valid values are: AzureADMyOrg, AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount, PersonalMicrosoftAccount. Requires Vault 1.16+. */ signInAudience?: pulumi.Input<string>; /** * A list of Azure tags to attach to an application. Requires Vault 1.16+. */ tags?: pulumi.Input<pulumi.Input<string>[]>; /** * Specifies the default TTL for service principals generated using this role. * Accepts time suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine default TTL time. */ ttl?: pulumi.Input<string>; }