Class AuthBackendLogin
Logs into a Vault server using an AWS auth backend. Login can be accomplished using a signed identity request from IAM or using ec2 instance metadata. For more information, see the Vault documentation.
Inherited Members
Namespace: Pulumi.Vault.Aws
Assembly: Pulumi.Vault.dll
Syntax
public class AuthBackendLogin : CustomResourceConstructors
View SourceAuthBackendLogin(String, AuthBackendLoginArgs, CustomResourceOptions)
Create a AuthBackendLogin resource with the given unique name, arguments, and options.
Declaration
public AuthBackendLogin(string name, AuthBackendLoginArgs args = null, CustomResourceOptions options = null)Parameters
| Type | Name | Description |
|---|---|---|
| System.String | name | The unique name of the resource |
| AuthBackendLoginArgs | args | The arguments used to populate this resource's properties |
| CustomResourceOptions | options | A bag of options that control this resource's behavior |
Properties
View SourceAccessor
The token's accessor.
Declaration
public Output<string> Accessor { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
AuthType
The authentication type used to generate this token.
Declaration
public Output<string> AuthType { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
Backend
The unique name of the AWS auth backend. Defaults to 'aws'.
Declaration
public Output<string> Backend { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
ClientToken
The token returned by Vault.
Declaration
public Output<string> ClientToken { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
IamHttpRequestMethod
The HTTP method used in the signed IAM request.
Declaration
public Output<string> IamHttpRequestMethod { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
IamRequestBody
The base64-encoded body of the signed request.
Declaration
public Output<string> IamRequestBody { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
IamRequestHeaders
The base64-encoded, JSON serialized representation of the GetCallerIdentity HTTP request headers.
Declaration
public Output<string> IamRequestHeaders { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
IamRequestUrl
The base64-encoded HTTP URL used in the signed request.
Declaration
public Output<string> IamRequestUrl { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
Identity
The base64-encoded EC2 instance identity document to authenticate with. Can be retrieved from the EC2 metadata server.
Declaration
public Output<string> Identity { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
LeaseDuration
The duration in seconds the token will be valid, relative
to the time in lease_start_time.
Declaration
public Output<int> LeaseDuration { get; }Property Value
| Type | Description |
|---|---|
| Output<System.Int32> |
LeaseStartTime
Time at which the lease was read, using the clock of the system where Terraform was running
Declaration
public Output<string> LeaseStartTime { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
Metadata
A map of information returned by the Vault server about the authentication used to generate this token.
Declaration
public Output<ImmutableDictionary<string, object>> Metadata { get; }Property Value
| Type | Description |
|---|---|
| Output<System.Collections.Immutable.ImmutableDictionary<System.String, System.Object>> |
Nonce
The unique nonce to be used for login requests. Can be set to a user-specified value, or will contain the server-generated value once a token is issued. EC2 instances can only acquire a single token until the whitelist is tidied again unless they keep track of this nonce.
Declaration
public Output<string> Nonce { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
Pkcs7
The PKCS#7 signature of the identity document to authenticate with, with all newline characters removed. Can be retrieved from the EC2 metadata server.
Declaration
public Output<string> Pkcs7 { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
Policies
The Vault policies assigned to this token.
Declaration
public Output<ImmutableArray<string>> Policies { get; }Property Value
| Type | Description |
|---|---|
| Output<System.Collections.Immutable.ImmutableArray<System.String>> |
Renewable
Set to true if the token can be extended through renewal.
Declaration
public Output<bool> Renewable { get; }Property Value
| Type | Description |
|---|---|
| Output<System.Boolean> |
Role
The name of the AWS auth backend role to create tokens against.
Declaration
public Output<string> Role { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
Signature
The base64-encoded SHA256 RSA signature of the instance identity document to authenticate with, with all newline characters removed. Can be retrieved from the EC2 metadata server.
Declaration
public Output<string> Signature { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
Methods
View SourceGet(String, Input<String>, AuthBackendLoginState, CustomResourceOptions)
Get an existing AuthBackendLogin resource's state with the given name, ID, and optional extra properties used to qualify the lookup.
Declaration
public static AuthBackendLogin Get(string name, Input<string> id, AuthBackendLoginState state = null, CustomResourceOptions options = null)Parameters
| Type | Name | Description |
|---|---|---|
| System.String | name | The unique name of the resulting resource. |
| Input<System.String> | id | The unique provider ID of the resource to lookup. |
| AuthBackendLoginState | state | Any extra arguments used during the lookup. |
| CustomResourceOptions | options | A bag of options that control this resource's behavior |
Returns
| Type | Description |
|---|---|
| AuthBackendLogin |