@pulumi/vault
Version:
A Pulumi package for creating and managing HashiCorp Vault cloud resources.
309 lines (308 loc) • 10.9 kB
TypeScript
import * as pulumi from "@pulumi/pulumi";
/**
* Manages Token auth backend role in a Vault server. See the [Vault
* documentation](https://www.vaultproject.io/docs/auth/token.html) for more
* information.
*
* ## Example Usage
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as vault from "@pulumi/vault";
*
* const example = new vault.tokenauth.AuthBackendRole("example", {
* roleName: "my-role",
* allowedPolicies: [
* "dev",
* "test",
* ],
* disallowedPolicies: ["default"],
* allowedEntityAliases: ["test_entity"],
* orphan: true,
* tokenPeriod: 86400,
* renewable: true,
* tokenExplicitMaxTtl: 115200,
* pathSuffix: "path-suffix",
* });
* ```
*
* ## Import
*
* Token auth backend roles can be imported with `auth/token/roles/` followed by the `role_name`, e.g.
*
* ```sh
* $ pulumi import vault:tokenauth/authBackendRole:AuthBackendRole example auth/token/roles/my-role
* ```
*/
export declare class AuthBackendRole extends pulumi.CustomResource {
/**
* Get an existing AuthBackendRole resource's state with the given name, ID, and optional extra
* properties used to qualify the lookup.
*
* @param name The _unique_ name of the resulting resource.
* @param id The _unique_ provider ID of the resource to lookup.
* @param state Any extra arguments used during the lookup.
* @param opts Optional settings to control the behavior of the CustomResource.
*/
static get(name: string, id: pulumi.Input<pulumi.ID>, state?: AuthBackendRoleState, opts?: pulumi.CustomResourceOptions): AuthBackendRole;
/**
* Returns true if the given object is an instance of AuthBackendRole. This is designed to work even
* when multiple copies of the Pulumi SDK have been loaded into the same process.
*/
static isInstance(obj: any): obj is AuthBackendRole;
/**
* List of allowed entity aliases.
*/
readonly allowedEntityAliases: pulumi.Output<string[] | undefined>;
/**
* List of allowed policies for given role.
*/
readonly allowedPolicies: pulumi.Output<string[] | undefined>;
/**
* Set of allowed policies with glob match for given role.
*/
readonly allowedPoliciesGlobs: pulumi.Output<string[] | undefined>;
/**
* List of disallowed policies for given role.
*/
readonly disallowedPolicies: pulumi.Output<string[] | undefined>;
/**
* Set of disallowed policies with glob match for given role.
*/
readonly disallowedPoliciesGlobs: pulumi.Output<string[] | undefined>;
/**
* The namespace to provision the resource in.
* The value should not contain leading or trailing forward slashes.
* The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
* *Available only for Vault Enterprise*.
*/
readonly namespace: pulumi.Output<string | undefined>;
/**
* If true, tokens created against this policy will be orphan tokens.
*/
readonly orphan: pulumi.Output<boolean | undefined>;
/**
* Tokens created against this role will have the given suffix as part of their path in addition to the role name.
*/
readonly pathSuffix: pulumi.Output<string | undefined>;
/**
* Whether to disable the ability of the token to be renewed past its initial TTL.
*/
readonly renewable: pulumi.Output<boolean | undefined>;
/**
* The name of the role.
*/
readonly roleName: pulumi.Output<string>;
/**
* Specifies the blocks of IP addresses which are allowed to use the generated token
*/
readonly tokenBoundCidrs: pulumi.Output<string[] | undefined>;
/**
* Generated Token's Explicit Maximum TTL in seconds
*/
readonly tokenExplicitMaxTtl: pulumi.Output<number | undefined>;
/**
* The maximum lifetime of the generated token
*/
readonly tokenMaxTtl: pulumi.Output<number | undefined>;
/**
* If true, the 'default' policy will not automatically be added to generated tokens
*/
readonly tokenNoDefaultPolicy: pulumi.Output<boolean | undefined>;
/**
* The maximum number of times a token may be used, a value of zero means unlimited
*/
readonly tokenNumUses: pulumi.Output<number | undefined>;
/**
* Generated Token's Period
*/
readonly tokenPeriod: pulumi.Output<number | undefined>;
/**
* Generated Token's Policies
*/
readonly tokenPolicies: pulumi.Output<string[] | undefined>;
/**
* The initial ttl of the token to generate in seconds
*/
readonly tokenTtl: pulumi.Output<number | undefined>;
/**
* The type of token to generate, service or batch
*/
readonly tokenType: pulumi.Output<string | undefined>;
/**
* Create a AuthBackendRole resource with the given unique name, arguments, and options.
*
* @param name The _unique_ name of the resource.
* @param args The arguments to use to populate this resource's properties.
* @param opts A bag of options that control this resource's behavior.
*/
constructor(name: string, args: AuthBackendRoleArgs, opts?: pulumi.CustomResourceOptions);
}
/**
* Input properties used for looking up and filtering AuthBackendRole resources.
*/
export interface AuthBackendRoleState {
/**
* List of allowed entity aliases.
*/
allowedEntityAliases?: pulumi.Input<pulumi.Input<string>[]>;
/**
* List of allowed policies for given role.
*/
allowedPolicies?: pulumi.Input<pulumi.Input<string>[]>;
/**
* Set of allowed policies with glob match for given role.
*/
allowedPoliciesGlobs?: pulumi.Input<pulumi.Input<string>[]>;
/**
* List of disallowed policies for given role.
*/
disallowedPolicies?: pulumi.Input<pulumi.Input<string>[]>;
/**
* Set of disallowed policies with glob match for given role.
*/
disallowedPoliciesGlobs?: pulumi.Input<pulumi.Input<string>[]>;
/**
* The namespace to provision the resource in.
* The value should not contain leading or trailing forward slashes.
* The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
* *Available only for Vault Enterprise*.
*/
namespace?: pulumi.Input<string>;
/**
* If true, tokens created against this policy will be orphan tokens.
*/
orphan?: pulumi.Input<boolean>;
/**
* Tokens created against this role will have the given suffix as part of their path in addition to the role name.
*/
pathSuffix?: pulumi.Input<string>;
/**
* Whether to disable the ability of the token to be renewed past its initial TTL.
*/
renewable?: pulumi.Input<boolean>;
/**
* The name of the role.
*/
roleName?: pulumi.Input<string>;
/**
* Specifies the blocks of IP addresses which are allowed to use the generated token
*/
tokenBoundCidrs?: pulumi.Input<pulumi.Input<string>[]>;
/**
* Generated Token's Explicit Maximum TTL in seconds
*/
tokenExplicitMaxTtl?: pulumi.Input<number>;
/**
* The maximum lifetime of the generated token
*/
tokenMaxTtl?: pulumi.Input<number>;
/**
* If true, the 'default' policy will not automatically be added to generated tokens
*/
tokenNoDefaultPolicy?: pulumi.Input<boolean>;
/**
* The maximum number of times a token may be used, a value of zero means unlimited
*/
tokenNumUses?: pulumi.Input<number>;
/**
* Generated Token's Period
*/
tokenPeriod?: pulumi.Input<number>;
/**
* Generated Token's Policies
*/
tokenPolicies?: pulumi.Input<pulumi.Input<string>[]>;
/**
* The initial ttl of the token to generate in seconds
*/
tokenTtl?: pulumi.Input<number>;
/**
* The type of token to generate, service or batch
*/
tokenType?: pulumi.Input<string>;
}
/**
* The set of arguments for constructing a AuthBackendRole resource.
*/
export interface AuthBackendRoleArgs {
/**
* List of allowed entity aliases.
*/
allowedEntityAliases?: pulumi.Input<pulumi.Input<string>[]>;
/**
* List of allowed policies for given role.
*/
allowedPolicies?: pulumi.Input<pulumi.Input<string>[]>;
/**
* Set of allowed policies with glob match for given role.
*/
allowedPoliciesGlobs?: pulumi.Input<pulumi.Input<string>[]>;
/**
* List of disallowed policies for given role.
*/
disallowedPolicies?: pulumi.Input<pulumi.Input<string>[]>;
/**
* Set of disallowed policies with glob match for given role.
*/
disallowedPoliciesGlobs?: pulumi.Input<pulumi.Input<string>[]>;
/**
* The namespace to provision the resource in.
* The value should not contain leading or trailing forward slashes.
* The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
* *Available only for Vault Enterprise*.
*/
namespace?: pulumi.Input<string>;
/**
* If true, tokens created against this policy will be orphan tokens.
*/
orphan?: pulumi.Input<boolean>;
/**
* Tokens created against this role will have the given suffix as part of their path in addition to the role name.
*/
pathSuffix?: pulumi.Input<string>;
/**
* Whether to disable the ability of the token to be renewed past its initial TTL.
*/
renewable?: pulumi.Input<boolean>;
/**
* The name of the role.
*/
roleName: pulumi.Input<string>;
/**
* Specifies the blocks of IP addresses which are allowed to use the generated token
*/
tokenBoundCidrs?: pulumi.Input<pulumi.Input<string>[]>;
/**
* Generated Token's Explicit Maximum TTL in seconds
*/
tokenExplicitMaxTtl?: pulumi.Input<number>;
/**
* The maximum lifetime of the generated token
*/
tokenMaxTtl?: pulumi.Input<number>;
/**
* If true, the 'default' policy will not automatically be added to generated tokens
*/
tokenNoDefaultPolicy?: pulumi.Input<boolean>;
/**
* The maximum number of times a token may be used, a value of zero means unlimited
*/
tokenNumUses?: pulumi.Input<number>;
/**
* Generated Token's Period
*/
tokenPeriod?: pulumi.Input<number>;
/**
* Generated Token's Policies
*/
tokenPolicies?: pulumi.Input<pulumi.Input<string>[]>;
/**
* The initial ttl of the token to generate in seconds
*/
tokenTtl?: pulumi.Input<number>;
/**
* The type of token to generate, service or batch
*/
tokenType?: pulumi.Input<string>;
}