@pulumi/vault
Version:
A Pulumi package for creating and managing HashiCorp Vault cloud resources.
284 lines (283 loc) • 10.3 kB
TypeScript
import * as pulumi from "@pulumi/pulumi";
/**
* Provides a resource to create a role in an [GCP auth backend within Vault](https://www.vaultproject.io/docs/auth/gcp.html).
*
* ## Example Usage
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as vault from "@pulumi/vault";
*
* const gcp = new vault.AuthBackend("gcp", {
* path: "gcp",
* type: "gcp",
* });
* const test = new vault.gcp.AuthBackendRole("test", {
* backend: gcp.path,
* role: "test",
* type: "iam",
* boundServiceAccounts: ["test"],
* boundProjects: ["test"],
* tokenTtl: 300,
* tokenMaxTtl: 600,
* tokenPolicies: [
* "policy_a",
* "policy_b",
* ],
* addGroupAliases: true,
* });
* ```
*
* ## Import
*
* GCP authentication roles can be imported using the `path`, e.g.
*
* ```sh
* $ pulumi import vault:gcp/authBackendRole:AuthBackendRole my_role auth/gcp/role/my_role
* ```
*/
export declare class AuthBackendRole extends pulumi.CustomResource {
/**
* Get an existing AuthBackendRole resource's state with the given name, ID, and optional extra
* properties used to qualify the lookup.
*
* @param name The _unique_ name of the resulting resource.
* @param id The _unique_ provider ID of the resource to lookup.
* @param state Any extra arguments used during the lookup.
* @param opts Optional settings to control the behavior of the CustomResource.
*/
static get(name: string, id: pulumi.Input<pulumi.ID>, state?: AuthBackendRoleState, opts?: pulumi.CustomResourceOptions): AuthBackendRole;
/**
* Returns true if the given object is an instance of AuthBackendRole. This is designed to work even
* when multiple copies of the Pulumi SDK have been loaded into the same process.
*/
static isInstance(obj: any): obj is AuthBackendRole;
readonly addGroupAliases: pulumi.Output<boolean>;
readonly allowGceInference: pulumi.Output<boolean>;
/**
* Path to the mounted GCP auth backend
*/
readonly backend: pulumi.Output<string | undefined>;
readonly boundInstanceGroups: pulumi.Output<string[]>;
readonly boundLabels: pulumi.Output<string[]>;
/**
* An array of GCP project IDs. Only entities belonging to this project can authenticate under the role.
*/
readonly boundProjects: pulumi.Output<string[] | undefined>;
readonly boundRegions: pulumi.Output<string[]>;
/**
* GCP Service Accounts allowed to issue tokens under this role. (Note: **Required** if role is `iam`)
*/
readonly boundServiceAccounts: pulumi.Output<string[]>;
readonly boundZones: pulumi.Output<string[]>;
readonly maxJwtExp: pulumi.Output<string>;
/**
* The namespace to provision the resource in.
* The value should not contain leading or trailing forward slashes.
* The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
* *Available only for Vault Enterprise*.
*/
readonly namespace: pulumi.Output<string | undefined>;
/**
* Name of the GCP role
*/
readonly role: pulumi.Output<string>;
/**
* Specifies the blocks of IP addresses which are allowed to use the generated token
*/
readonly tokenBoundCidrs: pulumi.Output<string[] | undefined>;
/**
* Generated Token's Explicit Maximum TTL in seconds
*/
readonly tokenExplicitMaxTtl: pulumi.Output<number | undefined>;
/**
* The maximum lifetime of the generated token
*/
readonly tokenMaxTtl: pulumi.Output<number | undefined>;
/**
* If true, the 'default' policy will not automatically be added to generated tokens
*/
readonly tokenNoDefaultPolicy: pulumi.Output<boolean | undefined>;
/**
* The maximum number of times a token may be used, a value of zero means unlimited
*/
readonly tokenNumUses: pulumi.Output<number | undefined>;
/**
* Generated Token's Period
*/
readonly tokenPeriod: pulumi.Output<number | undefined>;
/**
* Generated Token's Policies
*/
readonly tokenPolicies: pulumi.Output<string[] | undefined>;
/**
* The initial ttl of the token to generate in seconds
*/
readonly tokenTtl: pulumi.Output<number | undefined>;
/**
* The type of token to generate, service or batch
*/
readonly tokenType: pulumi.Output<string | undefined>;
/**
* Type of GCP authentication role (either `gce` or `iam`)
*/
readonly type: pulumi.Output<string>;
/**
* Create a AuthBackendRole resource with the given unique name, arguments, and options.
*
* @param name The _unique_ name of the resource.
* @param args The arguments to use to populate this resource's properties.
* @param opts A bag of options that control this resource's behavior.
*/
constructor(name: string, args: AuthBackendRoleArgs, opts?: pulumi.CustomResourceOptions);
}
/**
* Input properties used for looking up and filtering AuthBackendRole resources.
*/
export interface AuthBackendRoleState {
addGroupAliases?: pulumi.Input<boolean>;
allowGceInference?: pulumi.Input<boolean>;
/**
* Path to the mounted GCP auth backend
*/
backend?: pulumi.Input<string>;
boundInstanceGroups?: pulumi.Input<pulumi.Input<string>[]>;
boundLabels?: pulumi.Input<pulumi.Input<string>[]>;
/**
* An array of GCP project IDs. Only entities belonging to this project can authenticate under the role.
*/
boundProjects?: pulumi.Input<pulumi.Input<string>[]>;
boundRegions?: pulumi.Input<pulumi.Input<string>[]>;
/**
* GCP Service Accounts allowed to issue tokens under this role. (Note: **Required** if role is `iam`)
*/
boundServiceAccounts?: pulumi.Input<pulumi.Input<string>[]>;
boundZones?: pulumi.Input<pulumi.Input<string>[]>;
maxJwtExp?: pulumi.Input<string>;
/**
* The namespace to provision the resource in.
* The value should not contain leading or trailing forward slashes.
* The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
* *Available only for Vault Enterprise*.
*/
namespace?: pulumi.Input<string>;
/**
* Name of the GCP role
*/
role?: pulumi.Input<string>;
/**
* Specifies the blocks of IP addresses which are allowed to use the generated token
*/
tokenBoundCidrs?: pulumi.Input<pulumi.Input<string>[]>;
/**
* Generated Token's Explicit Maximum TTL in seconds
*/
tokenExplicitMaxTtl?: pulumi.Input<number>;
/**
* The maximum lifetime of the generated token
*/
tokenMaxTtl?: pulumi.Input<number>;
/**
* If true, the 'default' policy will not automatically be added to generated tokens
*/
tokenNoDefaultPolicy?: pulumi.Input<boolean>;
/**
* The maximum number of times a token may be used, a value of zero means unlimited
*/
tokenNumUses?: pulumi.Input<number>;
/**
* Generated Token's Period
*/
tokenPeriod?: pulumi.Input<number>;
/**
* Generated Token's Policies
*/
tokenPolicies?: pulumi.Input<pulumi.Input<string>[]>;
/**
* The initial ttl of the token to generate in seconds
*/
tokenTtl?: pulumi.Input<number>;
/**
* The type of token to generate, service or batch
*/
tokenType?: pulumi.Input<string>;
/**
* Type of GCP authentication role (either `gce` or `iam`)
*/
type?: pulumi.Input<string>;
}
/**
* The set of arguments for constructing a AuthBackendRole resource.
*/
export interface AuthBackendRoleArgs {
addGroupAliases?: pulumi.Input<boolean>;
allowGceInference?: pulumi.Input<boolean>;
/**
* Path to the mounted GCP auth backend
*/
backend?: pulumi.Input<string>;
boundInstanceGroups?: pulumi.Input<pulumi.Input<string>[]>;
boundLabels?: pulumi.Input<pulumi.Input<string>[]>;
/**
* An array of GCP project IDs. Only entities belonging to this project can authenticate under the role.
*/
boundProjects?: pulumi.Input<pulumi.Input<string>[]>;
boundRegions?: pulumi.Input<pulumi.Input<string>[]>;
/**
* GCP Service Accounts allowed to issue tokens under this role. (Note: **Required** if role is `iam`)
*/
boundServiceAccounts?: pulumi.Input<pulumi.Input<string>[]>;
boundZones?: pulumi.Input<pulumi.Input<string>[]>;
maxJwtExp?: pulumi.Input<string>;
/**
* The namespace to provision the resource in.
* The value should not contain leading or trailing forward slashes.
* The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
* *Available only for Vault Enterprise*.
*/
namespace?: pulumi.Input<string>;
/**
* Name of the GCP role
*/
role: pulumi.Input<string>;
/**
* Specifies the blocks of IP addresses which are allowed to use the generated token
*/
tokenBoundCidrs?: pulumi.Input<pulumi.Input<string>[]>;
/**
* Generated Token's Explicit Maximum TTL in seconds
*/
tokenExplicitMaxTtl?: pulumi.Input<number>;
/**
* The maximum lifetime of the generated token
*/
tokenMaxTtl?: pulumi.Input<number>;
/**
* If true, the 'default' policy will not automatically be added to generated tokens
*/
tokenNoDefaultPolicy?: pulumi.Input<boolean>;
/**
* The maximum number of times a token may be used, a value of zero means unlimited
*/
tokenNumUses?: pulumi.Input<number>;
/**
* Generated Token's Period
*/
tokenPeriod?: pulumi.Input<number>;
/**
* Generated Token's Policies
*/
tokenPolicies?: pulumi.Input<pulumi.Input<string>[]>;
/**
* The initial ttl of the token to generate in seconds
*/
tokenTtl?: pulumi.Input<number>;
/**
* The type of token to generate, service or batch
*/
tokenType?: pulumi.Input<string>;
/**
* Type of GCP authentication role (either `gce` or `iam`)
*/
type: pulumi.Input<string>;
}