pulumi-vault-kotlin/com.pulumi.vault.gcp.kotlin/AuthBackendRoleArgs

AuthBackendRoleArgs

data class AuthBackendRoleArgs(val addGroupAliases: Output<Boolean>? = null, val allowGceInference: Output<Boolean>? = null, val backend: Output<String>? = null, val boundInstanceGroups: Output<List<String>>? = null, val boundLabels: Output<List<String>>? = null, val boundProjects: Output<List<String>>? = null, val boundRegions: Output<List<String>>? = null, val boundServiceAccounts: Output<List<String>>? = null, val boundZones: Output<List<String>>? = null, val maxJwtExp: Output<String>? = null, val namespace: Output<String>? = null, val role: Output<String>? = null, val tokenBoundCidrs: Output<List<String>>? = null, val tokenExplicitMaxTtl: Output<Int>? = null, val tokenMaxTtl: Output<Int>? = null, val tokenNoDefaultPolicy: Output<Boolean>? = null, val tokenNumUses: Output<Int>? = null, val tokenPeriod: Output<Int>? = null, val tokenPolicies: Output<List<String>>? = null, val tokenTtl: Output<Int>? = null, val tokenType: Output<String>? = null, val type: Output<String>? = null) : ConvertibleToJava<AuthBackendRoleArgs>

Provides a resource to create a role in an GCP auth backend within Vault.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";
const gcp = new vault.AuthBackend("gcp", {
    path: "gcp",
    type: "gcp",
});
const test = new vault.gcp.AuthBackendRole("test", {
    backend: gcp.path,
    role: "test",
    type: "iam",
    boundServiceAccounts: ["test"],
    boundProjects: ["test"],
    tokenTtl: 300,
    tokenMaxTtl: 600,
    tokenPolicies: [
        "policy_a",
        "policy_b",
    ],
    addGroupAliases: true,
});
Content copied to clipboard
import pulumi
import pulumi_vault as vault
gcp = vault.AuthBackend("gcp",
    path="gcp",
    type="gcp")
test = vault.gcp.AuthBackendRole("test",
    backend=gcp.path,
    role="test",
    type="iam",
    bound_service_accounts=["test"],
    bound_projects=["test"],
    token_ttl=300,
    token_max_ttl=600,
    token_policies=[
        "policy_a",
        "policy_b",
    ],
    add_group_aliases=True)
Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Vault = Pulumi.Vault;
return await Deployment.RunAsync(() =>
{
    var gcp = new Vault.AuthBackend("gcp", new()
    {
        Path = "gcp",
        Type = "gcp",
    });
    var test = new Vault.Gcp.AuthBackendRole("test", new()
    {
        Backend = gcp.Path,
        Role = "test",
        Type = "iam",
        BoundServiceAccounts = new[]
        {
            "test",
        },
        BoundProjects = new[]
        {
            "test",
        },
        TokenTtl = 300,
        TokenMaxTtl = 600,
        TokenPolicies = new[]
        {
            "policy_a",
            "policy_b",
        },
        AddGroupAliases = true,
    });
});
Content copied to clipboard
package main
import (
	"github.com/pulumi/pulumi-vault/sdk/v6/go/vault"
	"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/gcp"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		gcp, err := vault.NewAuthBackend(ctx, "gcp", &vault.AuthBackendArgs{
			Path: pulumi.String("gcp"),
			Type: pulumi.String("gcp"),
		})
		if err != nil {
			return err
		}
		_, err = gcp.NewAuthBackendRole(ctx, "test", &gcp.AuthBackendRoleArgs{
			Backend: gcp.Path,
			Role:    pulumi.String("test"),
			Type:    pulumi.String("iam"),
			BoundServiceAccounts: pulumi.StringArray{
				pulumi.String("test"),
			},
			BoundProjects: pulumi.StringArray{
				pulumi.String("test"),
			},
			TokenTtl:    pulumi.Int(300),
			TokenMaxTtl: pulumi.Int(600),
			TokenPolicies: pulumi.StringArray{
				pulumi.String("policy_a"),
				pulumi.String("policy_b"),
			},
			AddGroupAliases: pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vault.AuthBackend;
import com.pulumi.vault.AuthBackendArgs;
import com.pulumi.vault.gcp.AuthBackendRole;
import com.pulumi.vault.gcp.AuthBackendRoleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var gcp = new AuthBackend("gcp", AuthBackendArgs.builder()
            .path("gcp")
            .type("gcp")
            .build());
        var test = new AuthBackendRole("test", AuthBackendRoleArgs.builder()
            .backend(gcp.path())
            .role("test")
            .type("iam")
            .boundServiceAccounts("test")
            .boundProjects("test")
            .tokenTtl(300)
            .tokenMaxTtl(600)
            .tokenPolicies(
                "policy_a",
                "policy_b")
            .addGroupAliases(true)
            .build());
    }
}
Content copied to clipboard
resources:
  gcp:
    type: vault:AuthBackend
    properties:
      path: gcp
      type: gcp
  test:
    type: vault:gcp:AuthBackendRole
    properties:
      backend: ${gcp.path}
      role: test
      type: iam
      boundServiceAccounts:
        - test
      boundProjects:
        - test
      tokenTtl: 300
      tokenMaxTtl: 600
      tokenPolicies:
        - policy_a
        - policy_b
      addGroupAliases: true
Content copied to clipboard

Import

GCP authentication roles can be imported using the path, e.g.

$ pulumi import vault:gcp/authBackendRole:AuthBackendRole my_role auth/gcp/role/my_role
Content copied to clipboard

Constructors

Link copied to clipboard
constructor(addGroupAliases: Output<Boolean>? = null, allowGceInference: Output<Boolean>? = null, backend: Output<String>? = null, boundInstanceGroups: Output<List<String>>? = null, boundLabels: Output<List<String>>? = null, boundProjects: Output<List<String>>? = null, boundRegions: Output<List<String>>? = null, boundServiceAccounts: Output<List<String>>? = null, boundZones: Output<List<String>>? = null, maxJwtExp: Output<String>? = null, namespace: Output<String>? = null, role: Output<String>? = null, tokenBoundCidrs: Output<List<String>>? = null, tokenExplicitMaxTtl: Output<Int>? = null, tokenMaxTtl: Output<Int>? = null, tokenNoDefaultPolicy: Output<Boolean>? = null, tokenNumUses: Output<Int>? = null, tokenPeriod: Output<Int>? = null, tokenPolicies: Output<List<String>>? = null, tokenTtl: Output<Int>? = null, tokenType: Output<String>? = null, type: Output<String>? = null)

Properties

Link copied to clipboard
val addGroupAliases: Output<Boolean>? = null
Link copied to clipboard
val allowGceInference: Output<Boolean>? = null
Link copied to clipboard
val backend: Output<String>? = null

Path to the mounted GCP auth backend

Link copied to clipboard
val boundInstanceGroups: Output<List<String>>? = null
Link copied to clipboard
val boundLabels: Output<List<String>>? = null
Link copied to clipboard
val boundProjects: Output<List<String>>? = null

An array of GCP project IDs. Only entities belonging to this project can authenticate under the role.

Link copied to clipboard
val boundRegions: Output<List<String>>? = null
Link copied to clipboard
val boundServiceAccounts: Output<List<String>>? = null

GCP Service Accounts allowed to issue tokens under this role. (Note: Required if role is iam)

Link copied to clipboard
val boundZones: Output<List<String>>? = null
Link copied to clipboard
val maxJwtExp: Output<String>? = null
Link copied to clipboard
val namespace: Output<String>? = null

The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.

Link copied to clipboard
val role: Output<String>? = null

Name of the GCP role

Link copied to clipboard
val tokenBoundCidrs: Output<List<String>>? = null

Specifies the blocks of IP addresses which are allowed to use the generated token

Link copied to clipboard
val tokenExplicitMaxTtl: Output<Int>? = null

Generated Token's Explicit Maximum TTL in seconds

Link copied to clipboard
val tokenMaxTtl: Output<Int>? = null

The maximum lifetime of the generated token

Link copied to clipboard
val tokenNoDefaultPolicy: Output<Boolean>? = null

If true, the 'default' policy will not automatically be added to generated tokens

Link copied to clipboard
val tokenNumUses: Output<Int>? = null

The maximum number of times a token may be used, a value of zero means unlimited

Link copied to clipboard
val tokenPeriod: Output<Int>? = null

Generated Token's Period

Link copied to clipboard
val tokenPolicies: Output<List<String>>? = null

Generated Token's Policies

Link copied to clipboard
val tokenTtl: Output<Int>? = null

The initial ttl of the token to generate in seconds

Link copied to clipboard
val tokenType: Output<String>? = null

The type of token to generate, service or batch

Link copied to clipboard
val type: Output<String>? = null

Type of GCP authentication role (either gce or iam)

Functions

Link copied to clipboard
open override fun toJava(): AuthBackendRoleArgs