pulumi-vault-kotlin/com.pulumi.vault.consul.kotlin/SecretBackendRole

SecretBackendRole

class SecretBackendRole : KotlinCustomResource

Manages a Consul secrets role for a Consul secrets engine in Vault. Consul secret backends can then issue Consul tokens.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";
const test = new vault.consul.SecretBackend("test", {
    path: "consul",
    description: "Manages the Consul backend",
    address: "127.0.0.1:8500",
    token: "4240861b-ce3d-8530-115a-521ff070dd29",
});
const example = new vault.consul.SecretBackendRole("example", {
    name: "test-role",
    backend: test.path,
    consulPolicies: ["example-policy"],
});
Content copied to clipboard
import pulumi
import pulumi_vault as vault
test = vault.consul.SecretBackend("test",
    path="consul",
    description="Manages the Consul backend",
    address="127.0.0.1:8500",
    token="4240861b-ce3d-8530-115a-521ff070dd29")
example = vault.consul.SecretBackendRole("example",
    name="test-role",
    backend=test.path,
    consul_policies=["example-policy"])
Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Vault = Pulumi.Vault;
return await Deployment.RunAsync(() =>
{
    var test = new Vault.Consul.SecretBackend("test", new()
    {
        Path = "consul",
        Description = "Manages the Consul backend",
        Address = "127.0.0.1:8500",
        Token = "4240861b-ce3d-8530-115a-521ff070dd29",
    });
    var example = new Vault.Consul.SecretBackendRole("example", new()
    {
        Name = "test-role",
        Backend = test.Path,
        ConsulPolicies = new[]
        {
            "example-policy",
        },
    });
});
Content copied to clipboard
package main
import (
	"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/consul"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		test, err := consul.NewSecretBackend(ctx, "test", &consul.SecretBackendArgs{
			Path:        pulumi.String("consul"),
			Description: pulumi.String("Manages the Consul backend"),
			Address:     pulumi.String("127.0.0.1:8500"),
			Token:       pulumi.String("4240861b-ce3d-8530-115a-521ff070dd29"),
		})
		if err != nil {
			return err
		}
		_, err = consul.NewSecretBackendRole(ctx, "example", &consul.SecretBackendRoleArgs{
			Name:    pulumi.String("test-role"),
			Backend: test.Path,
			ConsulPolicies: pulumi.StringArray{
				pulumi.String("example-policy"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vault.consul.SecretBackend;
import com.pulumi.vault.consul.SecretBackendArgs;
import com.pulumi.vault.consul.SecretBackendRole;
import com.pulumi.vault.consul.SecretBackendRoleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var test = new SecretBackend("test", SecretBackendArgs.builder()
            .path("consul")
            .description("Manages the Consul backend")
            .address("127.0.0.1:8500")
            .token("4240861b-ce3d-8530-115a-521ff070dd29")
            .build());
        var example = new SecretBackendRole("example", SecretBackendRoleArgs.builder()
            .name("test-role")
            .backend(test.path())
            .consulPolicies("example-policy")
            .build());
    }
}
Content copied to clipboard
resources:
  test:
    type: vault:consul:SecretBackend
    properties:
      path: consul
      description: Manages the Consul backend
      address: 127.0.0.1:8500
      token: 4240861b-ce3d-8530-115a-521ff070dd29
  example:
    type: vault:consul:SecretBackendRole
    properties:
      name: test-role
      backend: ${test.path}
      consulPolicies:
        - example-policy
Content copied to clipboard

Note About Required Arguments

At least one of the four arguments consul_policies, consul_roles, service_identities, or node_identities is required for a token. If desired, any combination of the four arguments up-to and including all four, is valid.

Import

Consul secret backend roles can be imported using the backend, /roles/, and the name e.g.

$ pulumi import vault:consul/secretBackendRole:SecretBackendRole example consul/roles/my-role
Content copied to clipboard

Properties

Link copied to clipboard
val backend: Output<String>?

The unique name of an existing Consul secrets backend mount. Must not begin or end with a /. One of path or backend is required.

Link copied to clipboard
val consulNamespace: Output<String>

The Consul namespace that the token will be created in. Applicable for Vault 1.10+ and Consul 1.7+".

Link copied to clipboard
val consulPolicies: Output<List<String>>?

SEE NOTE The list of Consul ACL policies to associate with these roles.

Link copied to clipboard
val consulRoles: Output<List<String>>?

SEE NOTE Set of Consul roles to attach to the token. Applicable for Vault 1.10+ with Consul 1.5+.

Link copied to clipboard
val id: Output<String>
Link copied to clipboard
val local: Output<Boolean>?

Indicates that the token should not be replicated globally and instead be local to the current datacenter.

Link copied to clipboard
val maxTtl: Output<Int>?

Maximum TTL for leases associated with this role, in seconds.

Link copied to clipboard
val name: Output<String>

The name of the Consul secrets engine role to create.

Link copied to clipboard
val namespace: Output<String>?

The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.

Link copied to clipboard
val nodeIdentities: Output<List<String>>?

SEE NOTE Set of Consul node identities to attach to the token. Applicable for Vault 1.11+ with Consul 1.8+.

Link copied to clipboard
val partition: Output<String>

The admin partition that the token will be created in. Applicable for Vault 1.10+ and Consul 1.11+".

Link copied to clipboard
val policies: Output<List<String>>?

The list of Consul ACL policies to associate with these roles. NOTE: The new parameter consul_policies should be used in favor of this. This parameter, policies, remains supported for legacy users, but Vault has deprecated this field.

Link copied to clipboard
val pulumiChildResources: Set<KotlinResource>
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
val serviceIdentities: Output<List<String>>?

SEE NOTE Set of Consul service identities to attach to the token. Applicable for Vault 1.11+ with Consul 1.5+.

Link copied to clipboard
val ttl: Output<Int>?

Specifies the TTL for this role.

Link copied to clipboard
val urn: Output<String>