Auth
data class AuthBackendRoleArgs(val boundAttributes: Output<Map<String, String>>? = null, val boundAttributesType: Output<String>? = null, val boundSubjects: Output<List<String>>? = null, val boundSubjectsType: Output<String>? = null, val groupsAttribute: Output<String>? = null, val name: Output<String>? = null, val namespace: Output<String>? = null, val path: Output<String>? = null, val tokenBoundCidrs: Output<List<String>>? = null, val tokenExplicitMaxTtl: Output<Int>? = null, val tokenMaxTtl: Output<Int>? = null, val tokenNoDefaultPolicy: Output<Boolean>? = null, val tokenNumUses: Output<Int>? = null, val tokenPeriod: Output<Int>? = null, val tokenPolicies: Output<List<String>>? = null, val tokenTtl: Output<Int>? = null, val tokenType: Output<String>? = null) : ConvertibleToJava<AuthBackendRoleArgs>
Manages an SAML auth backend role in a Vault server. See the [Vault
documentation](https://www.vaultproject.io/docs/auth/saml.html) for more information.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";
const example = new vault.saml.AuthBackend("example", {
path: "saml",
idpMetadataUrl: "https://company.okta.com/app/abc123eb9xnIfzlaf697/sso/saml/metadata",
entityId: "https://my.vault/v1/auth/saml",
acsUrls: ["https://my.vault.primary/v1/auth/saml/callback"],
defaultRole: "default-role",
});
const exampleAuthBackendRole = new vault.saml.AuthBackendRole("example", {
path: example.path,
name: "my-role",
groupsAttribute: "groups",
boundAttributes: {
group: "admin",
},
boundSubjects: ["*example.com"],
tokenPolicies: ["writer"],
tokenTtl: 86400,
});Content copied to clipboard
import pulumi
import pulumi_vault as vault
example = vault.saml.AuthBackend("example",
path="saml",
idp_metadata_url="https://company.okta.com/app/abc123eb9xnIfzlaf697/sso/saml/metadata",
entity_id="https://my.vault/v1/auth/saml",
acs_urls=["https://my.vault.primary/v1/auth/saml/callback"],
default_role="default-role")
example_auth_backend_role = vault.saml.AuthBackendRole("example",
path=example.path,
name="my-role",
groups_attribute="groups",
bound_attributes={
"group": "admin",
},
bound_subjects=["*example.com"],
token_policies=["writer"],
token_ttl=86400)Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Vault = Pulumi.Vault;
return await Deployment.RunAsync(() =>
{
var example = new Vault.Saml.AuthBackend("example", new()
{
Path = "saml",
IdpMetadataUrl = "https://company.okta.com/app/abc123eb9xnIfzlaf697/sso/saml/metadata",
EntityId = "https://my.vault/v1/auth/saml",
AcsUrls = new[]
{
"https://my.vault.primary/v1/auth/saml/callback",
},
DefaultRole = "default-role",
});
var exampleAuthBackendRole = new Vault.Saml.AuthBackendRole("example", new()
{
Path = example.Path,
Name = "my-role",
GroupsAttribute = "groups",
BoundAttributes =
{
{ "group", "admin" },
},
BoundSubjects = new[]
{
"*example.com",
},
TokenPolicies = new[]
{
"writer",
},
TokenTtl = 86400,
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/saml"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := saml.NewAuthBackend(ctx, "example", &saml.AuthBackendArgs{
Path: pulumi.String("saml"),
IdpMetadataUrl: pulumi.String("https://company.okta.com/app/abc123eb9xnIfzlaf697/sso/saml/metadata"),
EntityId: pulumi.String("https://my.vault/v1/auth/saml"),
AcsUrls: pulumi.StringArray{
pulumi.String("https://my.vault.primary/v1/auth/saml/callback"),
},
DefaultRole: pulumi.String("default-role"),
})
if err != nil {
return err
}
_, err = saml.NewAuthBackendRole(ctx, "example", &saml.AuthBackendRoleArgs{
Path: example.Path,
Name: pulumi.String("my-role"),
GroupsAttribute: pulumi.String("groups"),
BoundAttributes: pulumi.StringMap{
"group": pulumi.String("admin"),
},
BoundSubjects: pulumi.StringArray{
pulumi.String("*example.com"),
},
TokenPolicies: pulumi.StringArray{
pulumi.String("writer"),
},
TokenTtl: pulumi.Int(86400),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vault.saml.AuthBackend;
import com.pulumi.vault.saml.AuthBackendArgs;
import com.pulumi.vault.saml.AuthBackendRole;
import com.pulumi.vault.saml.AuthBackendRoleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new AuthBackend("example", AuthBackendArgs.builder()
.path("saml")
.idpMetadataUrl("https://company.okta.com/app/abc123eb9xnIfzlaf697/sso/saml/metadata")
.entityId("https://my.vault/v1/auth/saml")
.acsUrls("https://my.vault.primary/v1/auth/saml/callback")
.defaultRole("default-role")
.build());
var exampleAuthBackendRole = new AuthBackendRole("exampleAuthBackendRole", AuthBackendRoleArgs.builder()
.path(example.path())
.name("my-role")
.groupsAttribute("groups")
.boundAttributes(Map.of("group", "admin"))
.boundSubjects("*example.com")
.tokenPolicies("writer")
.tokenTtl(86400)
.build());
}
}Content copied to clipboard
resources:
example:
type: vault:saml:AuthBackend
properties:
path: saml
idpMetadataUrl: https://company.okta.com/app/abc123eb9xnIfzlaf697/sso/saml/metadata
entityId: https://my.vault/v1/auth/saml
acsUrls:
- https://my.vault.primary/v1/auth/saml/callback
defaultRole: default-role
exampleAuthBackendRole:
type: vault:saml:AuthBackendRole
name: example
properties:
path: ${example.path}
name: my-role
groupsAttribute: groups
boundAttributes:
group: admin
boundSubjects:
- '*example.com'
tokenPolicies:
- writer
tokenTtl: 86400Content copied to clipboard
Import
SAML authentication backend roles can be imported using the path, e.g.
$ pulumi import vault:saml/authBackendRole:AuthBackendRole example auth/saml/role/my-roleContent copied to clipboard
Constructors
Link copied to clipboard
constructor(boundAttributes: Output<Map<String, String>>? = null, boundAttributesType: Output<String>? = null, boundSubjects: Output<List<String>>? = null, boundSubjectsType: Output<String>? = null, groupsAttribute: Output<String>? = null, name: Output<String>? = null, namespace: Output<String>? = null, path: Output<String>? = null, tokenBoundCidrs: Output<List<String>>? = null, tokenExplicitMaxTtl: Output<Int>? = null, tokenMaxTtl: Output<Int>? = null, tokenNoDefaultPolicy: Output<Boolean>? = null, tokenNumUses: Output<Int>? = null, tokenPeriod: Output<Int>? = null, tokenPolicies: Output<List<String>>? = null, tokenTtl: Output<Int>? = null, tokenType: Output<String>? = null)
Properties
Link copied to clipboard
Mapping of attribute names to values that are expected to exist in the SAML assertion.
Link copied to clipboard
The type of matching assertion to perform on bound_attributes_type.
Link copied to clipboard
List of subjects being asserted for SAML authentication.
Link copied to clipboard
The type of matching assertion to perform on bound_subjects.
Link copied to clipboard
The attribute to use to identify the set of groups to which the user belongs.
Link copied to clipboard
Specifies the blocks of IP addresses which are allowed to use the generated token
Link copied to clipboard
Generated Token's Explicit Maximum TTL in seconds
Link copied to clipboard
The maximum lifetime of the generated token
Link copied to clipboard
If true, the 'default' policy will not automatically be added to generated tokens
Link copied to clipboard
The maximum number of times a token may be used, a value of zero means unlimited
Link copied to clipboard
Generated Token's Period
Link copied to clipboard
Generated Token's Policies