Secret
data class SecretBackendRoleArgs(val backend: Output<String>? = null, val consulNamespace: Output<String>? = null, val consulPolicies: Output<List<String>>? = null, val consulRoles: Output<List<String>>? = null, val local: Output<Boolean>? = null, val maxTtl: Output<Int>? = null, val name: Output<String>? = null, val namespace: Output<String>? = null, val nodeIdentities: Output<List<String>>? = null, val partition: Output<String>? = null, val policies: Output<List<String>>? = null, val serviceIdentities: Output<List<String>>? = null, val ttl: Output<Int>? = null) : ConvertibleToJava<SecretBackendRoleArgs>
Manages a Consul secrets role for a Consul secrets engine in Vault. Consul secret backends can then issue Consul tokens.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";
const test = new vault.consul.SecretBackend("test", {
path: "consul",
description: "Manages the Consul backend",
address: "127.0.0.1:8500",
token: "4240861b-ce3d-8530-115a-521ff070dd29",
});
const example = new vault.consul.SecretBackendRole("example", {
name: "test-role",
backend: test.path,
consulPolicies: ["example-policy"],
});Content copied to clipboard
import pulumi
import pulumi_vault as vault
test = vault.consul.SecretBackend("test",
path="consul",
description="Manages the Consul backend",
address="127.0.0.1:8500",
token="4240861b-ce3d-8530-115a-521ff070dd29")
example = vault.consul.SecretBackendRole("example",
name="test-role",
backend=test.path,
consul_policies=["example-policy"])Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Vault = Pulumi.Vault;
return await Deployment.RunAsync(() =>
{
var test = new Vault.Consul.SecretBackend("test", new()
{
Path = "consul",
Description = "Manages the Consul backend",
Address = "127.0.0.1:8500",
Token = "4240861b-ce3d-8530-115a-521ff070dd29",
});
var example = new Vault.Consul.SecretBackendRole("example", new()
{
Name = "test-role",
Backend = test.Path,
ConsulPolicies = new[]
{
"example-policy",
},
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/consul"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
test, err := consul.NewSecretBackend(ctx, "test", &consul.SecretBackendArgs{
Path: pulumi.String("consul"),
Description: pulumi.String("Manages the Consul backend"),
Address: pulumi.String("127.0.0.1:8500"),
Token: pulumi.String("4240861b-ce3d-8530-115a-521ff070dd29"),
})
if err != nil {
return err
}
_, err = consul.NewSecretBackendRole(ctx, "example", &consul.SecretBackendRoleArgs{
Name: pulumi.String("test-role"),
Backend: test.Path,
ConsulPolicies: pulumi.StringArray{
pulumi.String("example-policy"),
},
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vault.consul.SecretBackend;
import com.pulumi.vault.consul.SecretBackendArgs;
import com.pulumi.vault.consul.SecretBackendRole;
import com.pulumi.vault.consul.SecretBackendRoleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var test = new SecretBackend("test", SecretBackendArgs.builder()
.path("consul")
.description("Manages the Consul backend")
.address("127.0.0.1:8500")
.token("4240861b-ce3d-8530-115a-521ff070dd29")
.build());
var example = new SecretBackendRole("example", SecretBackendRoleArgs.builder()
.name("test-role")
.backend(test.path())
.consulPolicies("example-policy")
.build());
}
}Content copied to clipboard
resources:
test:
type: vault:consul:SecretBackend
properties:
path: consul
description: Manages the Consul backend
address: 127.0.0.1:8500
token: 4240861b-ce3d-8530-115a-521ff070dd29
example:
type: vault:consul:SecretBackendRole
properties:
name: test-role
backend: ${test.path}
consulPolicies:
- example-policyContent copied to clipboard
Note About Required Arguments
At least one of the four arguments consul_policies, consul_roles, service_identities, or node_identities is required for a token. If desired, any combination of the four arguments up-to and including all four, is valid.
Import
Consul secret backend roles can be imported using the backend, /roles/, and the name e.g.
$ pulumi import vault:consul/secretBackendRole:SecretBackendRole example consul/roles/my-roleContent copied to clipboard
Constructors
Link copied to clipboard
constructor(backend: Output<String>? = null, consulNamespace: Output<String>? = null, consulPolicies: Output<List<String>>? = null, consulRoles: Output<List<String>>? = null, local: Output<Boolean>? = null, maxTtl: Output<Int>? = null, name: Output<String>? = null, namespace: Output<String>? = null, nodeIdentities: Output<List<String>>? = null, partition: Output<String>? = null, policies: Output<List<String>>? = null, serviceIdentities: Output<List<String>>? = null, ttl: Output<Int>? = null)
Properties
Link copied to clipboard
The Consul namespace that the token will be created in. Applicable for Vault 1.10+ and Consul 1.7+".
Link copied to clipboard
SEE NOTE The list of Consul ACL policies to associate with these roles.
Link copied to clipboard
SEE NOTE Set of Consul roles to attach to the token. Applicable for Vault 1.10+ with Consul 1.5+.
Link copied to clipboard
SEE NOTE Set of Consul node identities to attach to the token. Applicable for Vault 1.11+ with Consul 1.8+.
Link copied to clipboard
Link copied to clipboard
SEE NOTE Set of Consul service identities to attach to the token. Applicable for Vault 1.11+ with Consul 1.5+.