Class SecretRoleset
Creates a Roleset in the GCP Secrets Engine for Vault.
Each Roleset is tied to a Service Account, and can have one or more bindings associated with it.
Example Usage
using System.IO;
using Pulumi;
using Vault = Pulumi.Vault;
class MyStack : Stack
{
public MyStack()
{
var project = "my-awesome-project";
var gcp = new Vault.Gcp.SecretBackend("gcp", new Vault.Gcp.SecretBackendArgs
{
Credentials = File.ReadAllText("credentials.json"),
Path = "gcp",
});
var roleset = new Vault.Gcp.SecretRoleset("roleset", new Vault.Gcp.SecretRolesetArgs
{
Backend = gcp.Path,
Bindings =
{
new Vault.Gcp.Inputs.SecretRolesetBindingArgs
{
Resource = $"//cloudresourcemanager.googleapis.com/projects/{project}",
Roles =
{
"roles/viewer",
},
},
},
Project = project,
Roleset = "project_viewer",
SecretType = "access_token",
TokenScopes =
{
"https://www.googleapis.com/auth/cloud-platform",
},
});
}
}
Inherited Members
Namespace: Pulumi.Vault.Gcp
Assembly: Pulumi.Vault.dll
Syntax
public class SecretRoleset : CustomResourceConstructors
View SourceSecretRoleset(String, SecretRolesetArgs, CustomResourceOptions)
Create a SecretRoleset resource with the given unique name, arguments, and options.
Declaration
public SecretRoleset(string name, SecretRolesetArgs args, CustomResourceOptions options = null)Parameters
| Type | Name | Description |
|---|---|---|
| System.String | name | The unique name of the resource |
| SecretRolesetArgs | args | The arguments used to populate this resource's properties |
| CustomResourceOptions | options | A bag of options that control this resource's behavior |
Properties
View SourceBackend
Path where the GCP Secrets Engine is mounted
Declaration
public Output<string> Backend { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
Bindings
Bindings to create for this roleset. This can be specified multiple times for multiple bindings. Structure is documented below.
Declaration
public Output<ImmutableArray<SecretRolesetBinding>> Bindings { get; }Property Value
| Type | Description |
|---|---|
| Output<System.Collections.Immutable.ImmutableArray<SecretRolesetBinding>> |
Project
Name of the GCP project that this roleset's service account will belong to.
Declaration
public Output<string> Project { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
Roleset
Name of the Roleset to create
Declaration
public Output<string> Roleset { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
SecretType
Type of secret generated for this role set. Accepted values: access_token, service_account_key. Defaults to access_token.
Declaration
public Output<string> SecretType { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
ServiceAccountEmail
Email of the service account created by Vault for this Roleset
Declaration
public Output<string> ServiceAccountEmail { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
TokenScopes
List of OAuth scopes to assign to access_token secrets generated under this role set (access_token role sets only).
Declaration
public Output<ImmutableArray<string>> TokenScopes { get; }Property Value
| Type | Description |
|---|---|
| Output<System.Collections.Immutable.ImmutableArray<System.String>> |
Methods
View SourceGet(String, Input<String>, SecretRolesetState, CustomResourceOptions)
Get an existing SecretRoleset resource's state with the given name, ID, and optional extra properties used to qualify the lookup.
Declaration
public static SecretRoleset Get(string name, Input<string> id, SecretRolesetState state = null, CustomResourceOptions options = null)Parameters
| Type | Name | Description |
|---|---|---|
| System.String | name | The unique name of the resulting resource. |
| Input<System.String> | id | The unique provider ID of the resource to lookup. |
| SecretRolesetState | state | Any extra arguments used during the lookup. |
| CustomResourceOptions | options | A bag of options that control this resource's behavior |
Returns
| Type | Description |
|---|---|
| SecretRoleset |