pulumi-vault-kotlin/com.pulumi.vault.saml.kotlin/AuthBackendRole

AuthBackendRole

class AuthBackendRole : KotlinCustomResource

Manages an SAML auth backend role in a Vault server. See the [Vault

documentation](https://www.vaultproject.io/docs/auth/saml.html) for more information.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";
const example = new vault.saml.AuthBackend("example", {
    path: "saml",
    idpMetadataUrl: "https://company.okta.com/app/abc123eb9xnIfzlaf697/sso/saml/metadata",
    entityId: "https://my.vault/v1/auth/saml",
    acsUrls: ["https://my&#46;vault&#46;primary/v1/auth/saml/callback"],
    defaultRole: "default-role",
});
const exampleAuthBackendRole = new vault.saml.AuthBackendRole("example", {
    path: example.path,
    name: "my-role",
    groupsAttribute: "groups",
    boundAttributes: {
        group: "admin",
    },
    boundSubjects: ["*example&#46;com"],
    tokenPolicies: ["writer"],
    tokenTtl: 86400,
});

import pulumi
import pulumi_vault as vault
example = vault.saml.AuthBackend("example",
    path="saml",
    idp_metadata_url="https://company.okta.com/app/abc123eb9xnIfzlaf697/sso/saml/metadata",
    entity_id="https://my.vault/v1/auth/saml",
    acs_urls=["https://my&#46;vault&#46;primary/v1/auth/saml/callback"],
    default_role="default-role")
example_auth_backend_role = vault.saml.AuthBackendRole("example",
    path=example.path,
    name="my-role",
    groups_attribute="groups",
    bound_attributes={
        "group": "admin",
    },
    bound_subjects=["*example&#46;com"],
    token_policies=["writer"],
    token_ttl=86400)

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Vault = Pulumi.Vault;
return await Deployment.RunAsync(() =>
{
    var example = new Vault.Saml.AuthBackend("example", new()
    {
        Path = "saml",
        IdpMetadataUrl = "https://company.okta.com/app/abc123eb9xnIfzlaf697/sso/saml/metadata",
        EntityId = "https://my.vault/v1/auth/saml",
        AcsUrls = new[]
        {
            "https://my.vault.primary/v1/auth/saml/callback",
        },
        DefaultRole = "default-role",
    });
    var exampleAuthBackendRole = new Vault.Saml.AuthBackendRole("example", new()
    {
        Path = example.Path,
        Name = "my-role",
        GroupsAttribute = "groups",
        BoundAttributes =
        {
            { "group", "admin" },
        },
        BoundSubjects = new[]
        {
            "*example.com",
        },
        TokenPolicies = new[]
        {
            "writer",
        },
        TokenTtl = 86400,
    });
});

package main
import (
	"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/saml"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		example, err := saml.NewAuthBackend(ctx, "example", &saml.AuthBackendArgs{
			Path:           pulumi.String("saml"),
			IdpMetadataUrl: pulumi.String("https://company.okta.com/app/abc123eb9xnIfzlaf697/sso/saml/metadata"),
			EntityId:       pulumi.String("https://my.vault/v1/auth/saml"),
			AcsUrls: pulumi.StringArray{
				pulumi.String("https://my.vault.primary/v1/auth/saml/callback"),
			},
			DefaultRole: pulumi.String("default-role"),
		})
		if err != nil {
			return err
		}
		_, err = saml.NewAuthBackendRole(ctx, "example", &saml.AuthBackendRoleArgs{
			Path:            example.Path,
			Name:            pulumi.String("my-role"),
			GroupsAttribute: pulumi.String("groups"),
			BoundAttributes: pulumi.StringMap{
				"group": pulumi.String("admin"),
			},
			BoundSubjects: pulumi.StringArray{
				pulumi.String("*example.com"),
			},
			TokenPolicies: pulumi.StringArray{
				pulumi.String("writer"),
			},
			TokenTtl: pulumi.Int(86400),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vault.saml.AuthBackend;
import com.pulumi.vault.saml.AuthBackendArgs;
import com.pulumi.vault.saml.AuthBackendRole;
import com.pulumi.vault.saml.AuthBackendRoleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var example = new AuthBackend("example", AuthBackendArgs.builder()
            .path("saml")
            .idpMetadataUrl("https://company.okta.com/app/abc123eb9xnIfzlaf697/sso/saml/metadata")
            .entityId("https://my.vault/v1/auth/saml")
            .acsUrls("https://my.vault.primary/v1/auth/saml/callback")
            .defaultRole("default-role")
            .build());
        var exampleAuthBackendRole = new AuthBackendRole("exampleAuthBackendRole", AuthBackendRoleArgs.builder()
            .path(example.path())
            .name("my-role")
            .groupsAttribute("groups")
            .boundAttributes(Map.of("group", "admin"))
            .boundSubjects("*example.com")
            .tokenPolicies("writer")
            .tokenTtl(86400)
            .build());
    }
}

resources:
  example:
    type: vault:saml:AuthBackend
    properties:
      path: saml
      idpMetadataUrl: https://company.okta.com/app/abc123eb9xnIfzlaf697/sso/saml/metadata
      entityId: https://my.vault/v1/auth/saml
      acsUrls:
        - https://my.vault.primary/v1/auth/saml/callback
      defaultRole: default-role
  exampleAuthBackendRole:
    type: vault:saml:AuthBackendRole
    name: example
    properties:
      path: ${example.path}
      name: my-role
      groupsAttribute: groups
      boundAttributes:
        group: admin
      boundSubjects:
        - '*example.com'
      tokenPolicies:
        - writer
      tokenTtl: 86400

Import

SAML authentication backend roles can be imported using the path, e.g.

$ pulumi import vault:saml/authBackendRole:AuthBackendRole example auth/saml/role/my-role

Properties

boundAttributes

val boundAttributes: Output<Map<String, String>>?

Mapping of attribute names to values that are expected to exist in the SAML assertion.

boundAttributesType

val boundAttributesType: Output<String>

The type of matching assertion to perform on bound_attributes_type.

boundSubjects

val boundSubjects: Output<List<String>>?

List of subjects being asserted for SAML authentication.

boundSubjectsType

val boundSubjectsType: Output<String>

The type of matching assertion to perform on bound_subjects.

groupsAttribute

val groupsAttribute: Output<String>?

The attribute to use to identify the set of groups to which the user belongs.

val id: Output<String>

name

val name: Output<String>

Unique name of the role.

namespace

val namespace: Output<String>?

The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.

path

val path: Output<String>

Path where the auth backend is mounted.

pulumiChildResources

val pulumiChildResources: Set<KotlinResource>

pulumiResourceName

val pulumiResourceName: String

pulumiResourceType

val pulumiResourceType: String

tokenBoundCidrs