pulumi-vault-kotlin/com.pulumi.vault.tokenauth.kotlin/AuthBackendRoleArgs

AuthBackendRoleArgs

data class AuthBackendRoleArgs(val allowedEntityAliases: Output<List<String>>? = null, val allowedPolicies: Output<List<String>>? = null, val allowedPoliciesGlobs: Output<List<String>>? = null, val disallowedPolicies: Output<List<String>>? = null, val disallowedPoliciesGlobs: Output<List<String>>? = null, val namespace: Output<String>? = null, val orphan: Output<Boolean>? = null, val pathSuffix: Output<String>? = null, val renewable: Output<Boolean>? = null, val roleName: Output<String>? = null, val tokenBoundCidrs: Output<List<String>>? = null, val tokenExplicitMaxTtl: Output<Int>? = null, val tokenMaxTtl: Output<Int>? = null, val tokenNoDefaultPolicy: Output<Boolean>? = null, val tokenNumUses: Output<Int>? = null, val tokenPeriod: Output<Int>? = null, val tokenPolicies: Output<List<String>>? = null, val tokenTtl: Output<Int>? = null, val tokenType: Output<String>? = null) : ConvertibleToJava<AuthBackendRoleArgs>

Manages Token auth backend role in a Vault server. See the [Vault

documentation](https://www.vaultproject.io/docs/auth/token.html) for more information.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";
const example = new vault.tokenauth.AuthBackendRole("example", {
    roleName: "my-role",
    allowedPolicies: [
        "dev",
        "test",
    ],
    disallowedPolicies: ["default"],
    allowedEntityAliases: ["test_entity"],
    orphan: true,
    tokenPeriod: 86400,
    renewable: true,
    tokenExplicitMaxTtl: 115200,
    pathSuffix: "path-suffix",
});

import pulumi
import pulumi_vault as vault
example = vault.tokenauth.AuthBackendRole("example",
    role_name="my-role",
    allowed_policies=[
        "dev",
        "test",
    ],
    disallowed_policies=["default"],
    allowed_entity_aliases=["test_entity"],
    orphan=True,
    token_period=86400,
    renewable=True,
    token_explicit_max_ttl=115200,
    path_suffix="path-suffix")

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Vault = Pulumi.Vault;
return await Deployment.RunAsync(() =>
{
    var example = new Vault.TokenAuth.AuthBackendRole("example", new()
    {
        RoleName = "my-role",
        AllowedPolicies = new[]
        {
            "dev",
            "test",
        },
        DisallowedPolicies = new[]
        {
            "default",
        },
        AllowedEntityAliases = new[]
        {
            "test_entity",
        },
        Orphan = true,
        TokenPeriod = 86400,
        Renewable = true,
        TokenExplicitMaxTtl = 115200,
        PathSuffix = "path-suffix",
    });
});

package main
import (
	"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/tokenauth"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := tokenauth.NewAuthBackendRole(ctx, "example", &tokenauth.AuthBackendRoleArgs{
			RoleName: pulumi.String("my-role"),
			AllowedPolicies: pulumi.StringArray{
				pulumi.String("dev"),
				pulumi.String("test"),
			},
			DisallowedPolicies: pulumi.StringArray{
				pulumi.String("default"),
			},
			AllowedEntityAliases: pulumi.StringArray{
				pulumi.String("test_entity"),
			},
			Orphan:              pulumi.Bool(true),
			TokenPeriod:         pulumi.Int(86400),
			Renewable:           pulumi.Bool(true),
			TokenExplicitMaxTtl: pulumi.Int(115200),
			PathSuffix:          pulumi.String("path-suffix"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vault.tokenauth.AuthBackendRole;
import com.pulumi.vault.tokenauth.AuthBackendRoleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var example = new AuthBackendRole("example", AuthBackendRoleArgs.builder()
            .roleName("my-role")
            .allowedPolicies(
                "dev",
                "test")
            .disallowedPolicies("default")
            .allowedEntityAliases("test_entity")
            .orphan(true)
            .tokenPeriod(86400)
            .renewable(true)
            .tokenExplicitMaxTtl(115200)
            .pathSuffix("path-suffix")
            .build());
    }
}

resources:
  example:
    type: vault:tokenauth:AuthBackendRole
    properties:
      roleName: my-role
      allowedPolicies:
        - dev
        - test
      disallowedPolicies:
        - default
      allowedEntityAliases:
        - test_entity
      orphan: true
      tokenPeriod: '86400'
      renewable: true
      tokenExplicitMaxTtl: '115200'
      pathSuffix: path-suffix

Import

Token auth backend roles can be imported with auth/token/roles/ followed by the role_name, e.g.

$ pulumi import vault:tokenauth/authBackendRole:AuthBackendRole example auth/token/roles/my-role

Constructors

AuthBackendRoleArgs

constructor(allowedEntityAliases: Output<List<String>>? = null, allowedPolicies: Output<List<String>>? = null, allowedPoliciesGlobs: Output<List<String>>? = null, disallowedPolicies: Output<List<String>>? = null, disallowedPoliciesGlobs: Output<List<String>>? = null, namespace: Output<String>? = null, orphan: Output<Boolean>? = null, pathSuffix: Output<String>? = null, renewable: Output<Boolean>? = null, roleName: Output<String>? = null, tokenBoundCidrs: Output<List<String>>? = null, tokenExplicitMaxTtl: Output<Int>? = null, tokenMaxTtl: Output<Int>? = null, tokenNoDefaultPolicy: Output<Boolean>? = null, tokenNumUses: Output<Int>? = null, tokenPeriod: Output<Int>? = null, tokenPolicies: Output<List<String>>? = null, tokenTtl: Output<Int>? = null, tokenType: Output<String>? = null)

Properties

allowedEntityAliases

val allowedEntityAliases: Output<List<String>>? = null

List of allowed entity aliases.

allowedPolicies

val allowedPolicies: Output<List<String>>? = null

List of allowed policies for given role.

allowedPoliciesGlobs

val allowedPoliciesGlobs: Output<List<String>>? = null

Set of allowed policies with glob match for given role.

disallowedPolicies

val disallowedPolicies: Output<List<String>>? = null

List of disallowed policies for given role.

disallowedPoliciesGlobs

val disallowedPoliciesGlobs: Output<List<String>>? = null

Set of disallowed policies with glob match for given role.

namespace

val namespace: Output<String>? = null

The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.

orphan

val orphan: Output<Boolean>? = null

If true, tokens created against this policy will be orphan tokens.

pathSuffix

val pathSuffix: Output<String>? = null

Tokens created against this role will have the given suffix as part of their path in addition to the role name.

renewable

val renewable: Output<Boolean>? = null

Whether to disable the ability of the token to be renewed past its initial TTL.

roleName

val roleName: Output<String>? = null

The name of the role.