pulumi-vault-kotlin/com.pulumi.vault.database.kotlin/SecretBackendRoleArgs

SecretBackendRoleArgs

data class SecretBackendRoleArgs(val backend: Output<String>? = null, val creationStatements: Output<List<String>>? = null, val credentialConfig: Output<Map<String, String>>? = null, val credentialType: Output<String>? = null, val dbName: Output<String>? = null, val defaultTtl: Output<Int>? = null, val maxTtl: Output<Int>? = null, val name: Output<String>? = null, val namespace: Output<String>? = null, val renewStatements: Output<List<String>>? = null, val revocationStatements: Output<List<String>>? = null, val rollbackStatements: Output<List<String>>? = null) : ConvertibleToJava<SecretBackendRoleArgs>

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";
const db = new vault.Mount("db", {
    path: "postgres",
    type: "database",
});
const postgres = new vault.database.SecretBackendConnection("postgres", {
    backend: db.path,
    name: "postgres",
    allowedRoles: [
        "dev",
        "prod",
    ],
    postgresql: {
        connectionUrl: "postgres://username:password@host:port/database",
    },
});
const role = new vault.database.SecretBackendRole("role", {
    backend: db.path,
    name: "dev",
    dbName: postgres.name,
    creationStatements: ["CREATE ROLE \"{{name}}\" WITH LOGIN PASSWORD '{{password}}' VALID UNTIL '{{expiration}}';"],
});

import pulumi
import pulumi_vault as vault
db = vault.Mount("db",
    path="postgres",
    type="database")
postgres = vault.database.SecretBackendConnection("postgres",
    backend=db.path,
    name="postgres",
    allowed_roles=[
        "dev",
        "prod",
    ],
    postgresql={
        "connection_url": "postgres://username:password@host:port/database",
    })
role = vault.database.SecretBackendRole("role",
    backend=db.path,
    name="dev",
    db_name=postgres.name,
    creation_statements=["CREATE ROLE \"{{name}}\" WITH LOGIN PASSWORD '{{password}}' VALID UNTIL '{{expiration}}';"])

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Vault = Pulumi.Vault;
return await Deployment.RunAsync(() =>
{
    var db = new Vault.Mount("db", new()
    {
        Path = "postgres",
        Type = "database",
    });
    var postgres = new Vault.Database.SecretBackendConnection("postgres", new()
    {
        Backend = db.Path,
        Name = "postgres",
        AllowedRoles = new[]
        {
            "dev",
            "prod",
        },
        Postgresql = new Vault.Database.Inputs.SecretBackendConnectionPostgresqlArgs
        {
            ConnectionUrl = "postgres://username:password@host:port/database",
        },
    });
    var role = new Vault.Database.SecretBackendRole("role", new()
    {
        Backend = db.Path,
        Name = "dev",
        DbName = postgres.Name,
        CreationStatements = new[]
        {
            "CREATE ROLE \"{{name}}\" WITH LOGIN PASSWORD '{{password}}' VALID UNTIL '{{expiration}}';",
        },
    });
});

package main
import (
	"github.com/pulumi/pulumi-vault/sdk/v6/go/vault"
	"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/database"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		db, err := vault.NewMount(ctx, "db", &vault.MountArgs{
			Path: pulumi.String("postgres"),
			Type: pulumi.String("database"),
		})
		if err != nil {
			return err
		}
		postgres, err := database.NewSecretBackendConnection(ctx, "postgres", &database.SecretBackendConnectionArgs{
			Backend: db.Path,
			Name:    pulumi.String("postgres"),
			AllowedRoles: pulumi.StringArray{
				pulumi.String("dev"),
				pulumi.String("prod"),
			},
			Postgresql: &database.SecretBackendConnectionPostgresqlArgs{
				ConnectionUrl: pulumi.String("postgres://username:password@host:port/database"),
			},
		})
		if err != nil {
			return err
		}
		_, err = database.NewSecretBackendRole(ctx, "role", &database.SecretBackendRoleArgs{
			Backend: db.Path,
			Name:    pulumi.String("dev"),
			DbName:  postgres.Name,
			CreationStatements: pulumi.StringArray{
				pulumi.String("CREATE ROLE \"{{name}}\" WITH LOGIN PASSWORD '{{password}}' VALID UNTIL '{{expiration}}';"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vault.Mount;
import com.pulumi.vault.MountArgs;
import com.pulumi.vault.database.SecretBackendConnection;
import com.pulumi.vault.database.SecretBackendConnectionArgs;
import com.pulumi.vault.database.inputs.SecretBackendConnectionPostgresqlArgs;
import com.pulumi.vault.database.SecretBackendRole;
import com.pulumi.vault.database.SecretBackendRoleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var db = new Mount("db", MountArgs.builder()
            .path("postgres")
            .type("database")
            .build());
        var postgres = new SecretBackendConnection("postgres", SecretBackendConnectionArgs.builder()
            .backend(db.path())
            .name("postgres")
            .allowedRoles(
                "dev",
                "prod")
            .postgresql(SecretBackendConnectionPostgresqlArgs.builder()
                .connectionUrl("postgres://username:password@host:port/database")
                .build())
            .build());
        var role = new SecretBackendRole("role", SecretBackendRoleArgs.builder()
            .backend(db.path())
            .name("dev")
            .dbName(postgres.name())
            .creationStatements("CREATE ROLE \"{{name}}\" WITH LOGIN PASSWORD '{{password}}' VALID UNTIL '{{expiration}}';")
            .build());
    }
}

resources:
  db:
    type: vault:Mount
    properties:
      path: postgres
      type: database
  postgres:
    type: vault:database:SecretBackendConnection
    properties:
      backend: ${db.path}
      name: postgres
      allowedRoles:
        - dev
        - prod
      postgresql:
        connectionUrl: postgres://username:password@host:port/database
  role:
    type: vault:database:SecretBackendRole
    properties:
      backend: ${db.path}
      name: dev
      dbName: ${postgres.name}
      creationStatements:
        - CREATE ROLE "{{name}}" WITH LOGIN PASSWORD '{{password}}' VALID UNTIL '{{expiration}}';

Import

Database secret backend roles can be imported using the backend, /roles/, and the name e.g.

$ pulumi import vault:database/secretBackendRole:SecretBackendRole example postgres/roles/my-role

Constructors

SecretBackendRoleArgs

constructor(backend: Output<String>? = null, creationStatements: Output<List<String>>? = null, credentialConfig: Output<Map<String, String>>? = null, credentialType: Output<String>? = null, dbName: Output<String>? = null, defaultTtl: Output<Int>? = null, maxTtl: Output<Int>? = null, name: Output<String>? = null, namespace: Output<String>? = null, renewStatements: Output<List<String>>? = null, revocationStatements: Output<List<String>>? = null, rollbackStatements: Output<List<String>>? = null)

Properties

backend

val backend: Output<String>? = null

The unique name of the Vault mount to configure.

creationStatements

val creationStatements: Output<List<String>>? = null

The database statements to execute when creating a user.

credentialConfig

val credentialConfig: Output<Map<String, String>>? = null

Specifies the configuration for the given credential_type. The following options are available for each credential_type value:

credentialType

val credentialType: Output<String>? = null

Specifies the type of credential that will be generated for the role. Options include: password, rsa_private_key, client_certificate. See the plugin's API page for credential types supported by individual databases.

dbName

val dbName: Output<String>? = null

The unique name of the database connection to use for the role.

defaultTtl

val defaultTtl: Output<Int>? = null

The default number of seconds for leases for this role.

maxTtl

val maxTtl: Output<Int>? = null

The maximum number of seconds for leases for this role.

name

val name: Output<String>? = null

A unique name to give the role.

namespace

val namespace: Output<String>? = null

The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.

renewStatements

val renewStatements: Output<List<String>>? = null

The database statements to execute when renewing a user.

revocationStatements

val revocationStatements: Output<List<String>>? = null

The database statements to execute when revoking a user.

rollbackStatements

val rollbackStatements: Output<List<String>>? = null

The database statements to execute when rolling back creation due to an error.

Functions

toJava

open override fun toJava(): SecretBackendRoleArgs