Auth
data class AuthBackendRoleArgs(val backend: Output<String>? = null, val bindSecretId: Output<Boolean>? = null, val namespace: Output<String>? = null, val roleId: Output<String>? = null, val roleName: Output<String>? = null, val secretIdBoundCidrs: Output<List<String>>? = null, val secretIdNumUses: Output<Int>? = null, val secretIdTtl: Output<Int>? = null, val tokenBoundCidrs: Output<List<String>>? = null, val tokenExplicitMaxTtl: Output<Int>? = null, val tokenMaxTtl: Output<Int>? = null, val tokenNoDefaultPolicy: Output<Boolean>? = null, val tokenNumUses: Output<Int>? = null, val tokenPeriod: Output<Int>? = null, val tokenPolicies: Output<List<String>>? = null, val tokenTtl: Output<Int>? = null, val tokenType: Output<String>? = null) : ConvertibleToJava<AuthBackendRoleArgs>
Manages an AppRole auth backend role in a Vault server. See the [Vault
documentation](https://www.vaultproject.io/docs/auth/approle) for more information.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";
const approle = new vault.AuthBackend("approle", {type: "approle"});
const example = new vault.approle.AuthBackendRole("example", {
backend: approle.path,
roleName: "test-role",
tokenPolicies: [
"default",
"dev",
"prod",
],
});Content copied to clipboard
import pulumi
import pulumi_vault as vault
approle = vault.AuthBackend("approle", type="approle")
example = vault.app_role.AuthBackendRole("example",
backend=approle.path,
role_name="test-role",
token_policies=[
"default",
"dev",
"prod",
])Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Vault = Pulumi.Vault;
return await Deployment.RunAsync(() =>
{
var approle = new Vault.AuthBackend("approle", new()
{
Type = "approle",
});
var example = new Vault.AppRole.AuthBackendRole("example", new()
{
Backend = approle.Path,
RoleName = "test-role",
TokenPolicies = new[]
{
"default",
"dev",
"prod",
},
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-vault/sdk/v6/go/vault"
"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/approle"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
approle, err := vault.NewAuthBackend(ctx, "approle", &vault.AuthBackendArgs{
Type: pulumi.String("approle"),
})
if err != nil {
return err
}
_, err = approle.NewAuthBackendRole(ctx, "example", &approle.AuthBackendRoleArgs{
Backend: approle.Path,
RoleName: pulumi.String("test-role"),
TokenPolicies: pulumi.StringArray{
pulumi.String("default"),
pulumi.String("dev"),
pulumi.String("prod"),
},
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vault.AuthBackend;
import com.pulumi.vault.AuthBackendArgs;
import com.pulumi.vault.appRole.AuthBackendRole;
import com.pulumi.vault.appRole.AuthBackendRoleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var approle = new AuthBackend("approle", AuthBackendArgs.builder()
.type("approle")
.build());
var example = new AuthBackendRole("example", AuthBackendRoleArgs.builder()
.backend(approle.path())
.roleName("test-role")
.tokenPolicies(
"default",
"dev",
"prod")
.build());
}
}Content copied to clipboard
resources:
approle:
type: vault:AuthBackend
properties:
type: approle
example:
type: vault:appRole:AuthBackendRole
properties:
backend: ${approle.path}
roleName: test-role
tokenPolicies:
- default
- dev
- prodContent copied to clipboard
Import
AppRole authentication backend roles can be imported using the path, e.g.
$ pulumi import vault:appRole/authBackendRole:AuthBackendRole example auth/approle/role/test-roleContent copied to clipboard
Constructors
Link copied to clipboard
constructor(backend: Output<String>? = null, bindSecretId: Output<Boolean>? = null, namespace: Output<String>? = null, roleId: Output<String>? = null, roleName: Output<String>? = null, secretIdBoundCidrs: Output<List<String>>? = null, secretIdNumUses: Output<Int>? = null, secretIdTtl: Output<Int>? = null, tokenBoundCidrs: Output<List<String>>? = null, tokenExplicitMaxTtl: Output<Int>? = null, tokenMaxTtl: Output<Int>? = null, tokenNoDefaultPolicy: Output<Boolean>? = null, tokenNumUses: Output<Int>? = null, tokenPeriod: Output<Int>? = null, tokenPolicies: Output<List<String>>? = null, tokenTtl: Output<Int>? = null, tokenType: Output<String>? = null)
Properties
Link copied to clipboard
Whether or not to require secret_id to be presented when logging in using this AppRole. Defaults to true.
Link copied to clipboard
If set, specifies blocks of IP addresses which can perform the login operation.
Link copied to clipboard
The number of times any particular SecretID can be used to fetch a token from this AppRole, after which the SecretID will expire. A value of zero will allow unlimited uses.
Link copied to clipboard
The number of seconds after which any SecretID expires.
Link copied to clipboard
Specifies the blocks of IP addresses which are allowed to use the generated token
Link copied to clipboard
Generated Token's Explicit Maximum TTL in seconds
Link copied to clipboard
The maximum lifetime of the generated token
Link copied to clipboard
If true, the 'default' policy will not automatically be added to generated tokens
Link copied to clipboard
The maximum number of times a token may be used, a value of zero means unlimited
Link copied to clipboard
Generated Token's Period
Link copied to clipboard
Generated Token's Policies