pulumi-vault-kotlin/com.pulumi.vault.azure.kotlin/AuthBackendRoleArgs

AuthBackendRoleArgs

data class AuthBackendRoleArgs(val backend: Output<String>? = null, val boundGroupIds: Output<List<String>>? = null, val boundLocations: Output<List<String>>? = null, val boundResourceGroups: Output<List<String>>? = null, val boundScaleSets: Output<List<String>>? = null, val boundServicePrincipalIds: Output<List<String>>? = null, val boundSubscriptionIds: Output<List<String>>? = null, val namespace: Output<String>? = null, val role: Output<String>? = null, val tokenBoundCidrs: Output<List<String>>? = null, val tokenExplicitMaxTtl: Output<Int>? = null, val tokenMaxTtl: Output<Int>? = null, val tokenNoDefaultPolicy: Output<Boolean>? = null, val tokenNumUses: Output<Int>? = null, val tokenPeriod: Output<Int>? = null, val tokenPolicies: Output<List<String>>? = null, val tokenTtl: Output<Int>? = null, val tokenType: Output<String>? = null) : ConvertibleToJava<AuthBackendRoleArgs>

Manages an Azure auth backend role in a Vault server. Roles constrain the instances or principals that can perform the login operation against the backend. See the [Vault

  • documentation](https://www.vaultproject.io/docs/auth/azure.html) for more information.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";
const azure = new vault.AuthBackend("azure", {type: "azure"});
const example = new vault.azure.AuthBackendRole("example", {
    backend: azure.path,
    role: "test-role",
    boundSubscriptionIds: ["11111111-2222-3333-4444-555555555555"],
    boundResourceGroups: ["123456789012"],
    tokenTtl: 60,
    tokenMaxTtl: 120,
    tokenPolicies: [
        "default",
        "dev",
        "prod",
    ],
});
Content copied to clipboard
import pulumi
import pulumi_vault as vault
azure = vault.AuthBackend("azure", type="azure")
example = vault.azure.AuthBackendRole("example",
    backend=azure.path,
    role="test-role",
    bound_subscription_ids=["11111111-2222-3333-4444-555555555555"],
    bound_resource_groups=["123456789012"],
    token_ttl=60,
    token_max_ttl=120,
    token_policies=[
        "default",
        "dev",
        "prod",
    ])
Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Vault = Pulumi.Vault;
return await Deployment.RunAsync(() =>
{
    var azure = new Vault.AuthBackend("azure", new()
    {
        Type = "azure",
    });
    var example = new Vault.Azure.AuthBackendRole("example", new()
    {
        Backend = azure.Path,
        Role = "test-role",
        BoundSubscriptionIds = new[]
        {
            "11111111-2222-3333-4444-555555555555",
        },
        BoundResourceGroups = new[]
        {
            "123456789012",
        },
        TokenTtl = 60,
        TokenMaxTtl = 120,
        TokenPolicies = new[]
        {
            "default",
            "dev",
            "prod",
        },
    });
});
Content copied to clipboard
package main
import (
	"github.com/pulumi/pulumi-vault/sdk/v6/go/vault"
	"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/azure"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		azure, err := vault.NewAuthBackend(ctx, "azure", &vault.AuthBackendArgs{
			Type: pulumi.String("azure"),
		})
		if err != nil {
			return err
		}
		_, err = azure.NewAuthBackendRole(ctx, "example", &azure.AuthBackendRoleArgs{
			Backend: azure.Path,
			Role:    pulumi.String("test-role"),
			BoundSubscriptionIds: pulumi.StringArray{
				pulumi.String("11111111-2222-3333-4444-555555555555"),
			},
			BoundResourceGroups: pulumi.StringArray{
				pulumi.String("123456789012"),
			},
			TokenTtl:    pulumi.Int(60),
			TokenMaxTtl: pulumi.Int(120),
			TokenPolicies: pulumi.StringArray{
				pulumi.String("default"),
				pulumi.String("dev"),
				pulumi.String("prod"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vault.AuthBackend;
import com.pulumi.vault.AuthBackendArgs;
import com.pulumi.vault.azure.AuthBackendRole;
import com.pulumi.vault.azure.AuthBackendRoleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var azure = new AuthBackend("azure", AuthBackendArgs.builder()
            .type("azure")
            .build());
        var example = new AuthBackendRole("example", AuthBackendRoleArgs.builder()
            .backend(azure.path())
            .role("test-role")
            .boundSubscriptionIds("11111111-2222-3333-4444-555555555555")
            .boundResourceGroups("123456789012")
            .tokenTtl(60)
            .tokenMaxTtl(120)
            .tokenPolicies(
                "default",
                "dev",
                "prod")
            .build());
    }
}
Content copied to clipboard
resources:
  azure:
    type: vault:AuthBackend
    properties:
      type: azure
  example:
    type: vault:azure:AuthBackendRole
    properties:
      backend: ${azure.path}
      role: test-role
      boundSubscriptionIds:
        - 11111111-2222-3333-4444-555555555555
      boundResourceGroups:
        - '123456789012'
      tokenTtl: 60
      tokenMaxTtl: 120
      tokenPolicies:
        - default
        - dev
        - prod
Content copied to clipboard

Import

Azure auth backend roles can be imported using auth/, the backend path, /role/, and the role name e.g.

$ pulumi import vault:azure/authBackendRole:AuthBackendRole example auth/azure/role/test-role
Content copied to clipboard

Constructors

Link copied to clipboard
constructor(backend: Output<String>? = null, boundGroupIds: Output<List<String>>? = null, boundLocations: Output<List<String>>? = null, boundResourceGroups: Output<List<String>>? = null, boundScaleSets: Output<List<String>>? = null, boundServicePrincipalIds: Output<List<String>>? = null, boundSubscriptionIds: Output<List<String>>? = null, namespace: Output<String>? = null, role: Output<String>? = null, tokenBoundCidrs: Output<List<String>>? = null, tokenExplicitMaxTtl: Output<Int>? = null, tokenMaxTtl: Output<Int>? = null, tokenNoDefaultPolicy: Output<Boolean>? = null, tokenNumUses: Output<Int>? = null, tokenPeriod: Output<Int>? = null, tokenPolicies: Output<List<String>>? = null, tokenTtl: Output<Int>? = null, tokenType: Output<String>? = null)

Properties

Link copied to clipboard
val backend: Output<String>? = null

Unique name of the auth backend to configure.

Link copied to clipboard
val boundGroupIds: Output<List<String>>? = null

If set, defines a constraint on the groups that can perform the login operation that they should be using the group ID specified by this field.

Link copied to clipboard
val boundLocations: Output<List<String>>? = null

If set, defines a constraint on the virtual machines that can perform the login operation that the location in their identity document must match the one specified by this field.

Link copied to clipboard
val boundResourceGroups: Output<List<String>>? = null

If set, defines a constraint on the virtual machines that can perform the login operation that they be associated with the resource group that matches the value specified by this field.

Link copied to clipboard
val boundScaleSets: Output<List<String>>? = null

If set, defines a constraint on the virtual machines that can perform the login operation that they must match the scale set specified by this field.

Link copied to clipboard
val boundServicePrincipalIds: Output<List<String>>? = null

If set, defines a constraint on the service principals that can perform the login operation that they should be possess the ids specified by this field.

Link copied to clipboard
val boundSubscriptionIds: Output<List<String>>? = null

If set, defines a constraint on the subscriptions that can perform the login operation to ones which matches the value specified by this field.

Link copied to clipboard
val namespace: Output<String>? = null

The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.

Link copied to clipboard
val role: Output<String>? = null

The name of the role.

Link copied to clipboard
val tokenBoundCidrs: Output<List<String>>? = null

Specifies the blocks of IP addresses which are allowed to use the generated token

Link copied to clipboard
val tokenExplicitMaxTtl: Output<Int>? = null

Generated Token's Explicit Maximum TTL in seconds

Link copied to clipboard
val tokenMaxTtl: Output<Int>? = null

The maximum lifetime of the generated token

Link copied to clipboard
val tokenNoDefaultPolicy: Output<Boolean>? = null

If true, the 'default' policy will not automatically be added to generated tokens

Link copied to clipboard
val tokenNumUses: Output<Int>? = null

The maximum number of times a token may be used, a value of zero means unlimited

Link copied to clipboard
val tokenPeriod: Output<Int>? = null

Generated Token's Period

Link copied to clipboard
val tokenPolicies: Output<List<String>>? = null

Generated Token's Policies

Link copied to clipboard
val tokenTtl: Output<Int>? = null

The initial ttl of the token to generate in seconds

Link copied to clipboard
val tokenType: Output<String>? = null

The type of token to generate, service or batch

Functions

Link copied to clipboard
open override fun toJava(): AuthBackendRoleArgs