Auth
data class AuthBackendRoleSecretIdArgs(val backend: Output<String>? = null, val cidrLists: Output<List<String>>? = null, val metadata: Output<String>? = null, val namespace: Output<String>? = null, val numUses: Output<Int>? = null, val roleName: Output<String>? = null, val secretId: Output<String>? = null, val ttl: Output<Int>? = null, val withWrappedAccessor: Output<Boolean>? = null, val wrappingTtl: Output<String>? = null) : ConvertibleToJava<AuthBackendRoleSecretIdArgs>
Manages an AppRole auth backend SecretID in a Vault server. See the [Vault
documentation](https://www.vaultproject.io/docs/auth/approle) for more information.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";
const approle = new vault.AuthBackend("approle", {type: "approle"});
const example = new vault.approle.AuthBackendRole("example", {
backend: approle.path,
roleName: "test-role",
tokenPolicies: [
"default",
"dev",
"prod",
],
});
const id = new vault.approle.AuthBackendRoleSecretId("id", {
backend: approle.path,
roleName: example.roleName,
metadata: JSON.stringify({
hello: "world",
}),
});Content copied to clipboard
import pulumi
import json
import pulumi_vault as vault
approle = vault.AuthBackend("approle", type="approle")
example = vault.app_role.AuthBackendRole("example",
backend=approle.path,
role_name="test-role",
token_policies=[
"default",
"dev",
"prod",
])
id = vault.app_role.AuthBackendRoleSecretId("id",
backend=approle.path,
role_name=example.role_name,
metadata=json.dumps({
"hello": "world",
}))Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using System.Text.Json;
using Pulumi;
using Vault = Pulumi.Vault;
return await Deployment.RunAsync(() =>
{
var approle = new Vault.AuthBackend("approle", new()
{
Type = "approle",
});
var example = new Vault.AppRole.AuthBackendRole("example", new()
{
Backend = approle.Path,
RoleName = "test-role",
TokenPolicies = new[]
{
"default",
"dev",
"prod",
},
});
var id = new Vault.AppRole.AuthBackendRoleSecretId("id", new()
{
Backend = approle.Path,
RoleName = example.RoleName,
Metadata = JsonSerializer.Serialize(new Dictionary<string, object?>
{
["hello"] = "world",
}),
});
});Content copied to clipboard
package main
import (
"encoding/json"
"github.com/pulumi/pulumi-vault/sdk/v6/go/vault"
"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/approle"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
approle, err := vault.NewAuthBackend(ctx, "approle", &vault.AuthBackendArgs{
Type: pulumi.String("approle"),
})
if err != nil {
return err
}
example, err := approle.NewAuthBackendRole(ctx, "example", &approle.AuthBackendRoleArgs{
Backend: approle.Path,
RoleName: pulumi.String("test-role"),
TokenPolicies: pulumi.StringArray{
pulumi.String("default"),
pulumi.String("dev"),
pulumi.String("prod"),
},
})
if err != nil {
return err
}
tmpJSON0, err := json.Marshal(map[string]interface{}{
"hello": "world",
})
if err != nil {
return err
}
json0 := string(tmpJSON0)
_, err = approle.NewAuthBackendRoleSecretId(ctx, "id", &approle.AuthBackendRoleSecretIdArgs{
Backend: approle.Path,
RoleName: example.RoleName,
Metadata: pulumi.String(json0),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vault.AuthBackend;
import com.pulumi.vault.AuthBackendArgs;
import com.pulumi.vault.appRole.AuthBackendRole;
import com.pulumi.vault.appRole.AuthBackendRoleArgs;
import com.pulumi.vault.appRole.AuthBackendRoleSecretId;
import com.pulumi.vault.appRole.AuthBackendRoleSecretIdArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var approle = new AuthBackend("approle", AuthBackendArgs.builder()
.type("approle")
.build());
var example = new AuthBackendRole("example", AuthBackendRoleArgs.builder()
.backend(approle.path())
.roleName("test-role")
.tokenPolicies(
"default",
"dev",
"prod")
.build());
var id = new AuthBackendRoleSecretId("id", AuthBackendRoleSecretIdArgs.builder()
.backend(approle.path())
.roleName(example.roleName())
.metadata(serializeJson(
jsonObject(
jsonProperty("hello", "world")
)))
.build());
}
}Content copied to clipboard
resources:
approle:
type: vault:AuthBackend
properties:
type: approle
example:
type: vault:appRole:AuthBackendRole
properties:
backend: ${approle.path}
roleName: test-role
tokenPolicies:
- default
- dev
- prod
id:
type: vault:appRole:AuthBackendRoleSecretId
properties:
backend: ${approle.path}
roleName: ${example.roleName}
metadata:
fn::toJSON:
hello: worldContent copied to clipboard
Constructors
Link copied to clipboard
constructor(backend: Output<String>? = null, cidrLists: Output<List<String>>? = null, metadata: Output<String>? = null, namespace: Output<String>? = null, numUses: Output<Int>? = null, roleName: Output<String>? = null, secretId: Output<String>? = null, ttl: Output<Int>? = null, withWrappedAccessor: Output<Boolean>? = null, wrappingTtl: Output<String>? = null)
Properties
Link copied to clipboard
Set to true to use the wrapped secret-id accessor as the resource ID. If false (default value), a fresh secret ID will be regenerated whenever the wrapping token is expired or invalidated through unwrapping.
Link copied to clipboard
If set, the SecretID response will be response-wrapped and available for the duration specified. Only a single unwrapping of the token is allowed.