Namespace Pulumi.Vault.Identity
Classes
Entity
EntityAlias
EntityAliasArgs
EntityAliasState
EntityArgs
EntityPolicies
Manages policies for an Identity Entity for Vault. The Identity secrets engine is the identity management solution for Vault.
Example Usage
Exclusive Policies
using Pulumi;
using Vault = Pulumi.Vault;
class MyStack : Stack
{
public MyStack()
{
var entity = new Vault.Identity.Entity("entity", new Vault.Identity.EntityArgs
{
ExternalPolicies = true,
});
var policies = new Vault.Identity.EntityPolicies("policies", new Vault.Identity.EntityPoliciesArgs
{
Policies =
{
"default",
"test",
},
Exclusive = true,
EntityId = entity.Id,
});
}
}
Non-exclusive Policies
using Pulumi;
using Vault = Pulumi.Vault;
class MyStack : Stack
{
public MyStack()
{
var entity = new Vault.Identity.Entity("entity", new Vault.Identity.EntityArgs
{
ExternalPolicies = true,
});
var @default = new Vault.Identity.EntityPolicies("default", new Vault.Identity.EntityPoliciesArgs
{
Policies =
{
"default",
"test",
},
Exclusive = false,
EntityId = entity.Id,
});
var others = new Vault.Identity.EntityPolicies("others", new Vault.Identity.EntityPoliciesArgs
{
Policies =
{
"others",
},
Exclusive = false,
EntityId = entity.Id,
});
}
}
EntityPoliciesArgs
EntityPoliciesState
EntityState
GetEntity
GetEntityArgs
GetEntityResult
GetGroup
GetGroupArgs
GetGroupResult
Group
Creates an Identity Group for Vault. The Identity secrets engine is the identity management solution for Vault.
A group can contain multiple entities as its members. A group can also have subgroups. Policies set on the group is granted to all members of the group. During request time, when the token's entity ID is being evaluated for the policies that it has access to; along with the policies on the entity itself, policies that are inherited due to group memberships are also granted.
Example Usage
Internal Group
using Pulumi;
using Vault = Pulumi.Vault;
class MyStack : Stack
{
public MyStack()
{
var @internal = new Vault.Identity.Group("internal", new Vault.Identity.GroupArgs
{
Metadata =
{
{ "version", "2" },
},
Policies =
{
"dev",
"test",
},
Type = "internal",
});
}
}
External Group
using Pulumi;
using Vault = Pulumi.Vault;
class MyStack : Stack
{
public MyStack()
{
var @group = new Vault.Identity.Group("group", new Vault.Identity.GroupArgs
{
Metadata =
{
{ "version", "1" },
},
Policies =
{
"test",
},
Type = "external",
});
}
}
GroupAlias
Creates an Identity Group Alias for Vault. The Identity secrets engine is the identity management solution for Vault.
Group aliases allows entity membership in external groups to be managed semi-automatically. External group serves as a mapping to a group that is outside of the identity store. External groups can have one (and only one) alias. This alias should map to a notion of group that is outside of the identity store. For example, groups in LDAP, and teams in GitHub. A username in LDAP, belonging to a group in LDAP, can get its entity ID added as a member of a group in Vault automatically during logins and token renewals. This works only if the group in Vault is an external group and has an alias that maps to the group in LDAP. If the user is removed from the group in LDAP, that change gets reflected in Vault only upon the subsequent login or renewal operation.
Example Usage
using Pulumi;
using Vault = Pulumi.Vault;
class MyStack : Stack
{
public MyStack()
{
var @group = new Vault.Identity.Group("group", new Vault.Identity.GroupArgs
{
Policies =
{
"test",
},
Type = "external",
});
var github = new Vault.AuthBackend("github", new Vault.AuthBackendArgs
{
Path = "github",
Type = "github",
});
var group_alias = new Vault.Identity.GroupAlias("group-alias", new Vault.Identity.GroupAliasArgs
{
CanonicalId = @group.Id,
MountAccessor = github.Accessor,
Name = "Github_Team_Slug",
});
}
}
GroupAliasArgs
GroupAliasState
GroupArgs
GroupPolicies
Manages policies for an Identity Group for Vault. The Identity secrets engine is the identity management solution for Vault.
Example Usage
Exclusive Policies
using Pulumi;
using Vault = Pulumi.Vault;
class MyStack : Stack
{
public MyStack()
{
var @internal = new Vault.Identity.Group("internal", new Vault.Identity.GroupArgs
{
Type = "internal",
ExternalPolicies = true,
Metadata =
{
{ "version", "2" },
},
});
var policies = new Vault.Identity.GroupPolicies("policies", new Vault.Identity.GroupPoliciesArgs
{
Policies =
{
"default",
"test",
},
Exclusive = true,
GroupId = @internal.Id,
});
}
}
Non-exclusive Policies
using Pulumi;
using Vault = Pulumi.Vault;
class MyStack : Stack
{
public MyStack()
{
var @internal = new Vault.Identity.Group("internal", new Vault.Identity.GroupArgs
{
Type = "internal",
ExternalPolicies = true,
Metadata =
{
{ "version", "2" },
},
});
var @default = new Vault.Identity.GroupPolicies("default", new Vault.Identity.GroupPoliciesArgs
{
Policies =
{
"default",
"test",
},
Exclusive = false,
GroupId = @internal.Id,
});
var others = new Vault.Identity.GroupPolicies("others", new Vault.Identity.GroupPoliciesArgs
{
Policies =
{
"others",
},
Exclusive = false,
GroupId = @internal.Id,
});
}
}
GroupPoliciesArgs
GroupPoliciesState
GroupState
Oidc
Configure the Identity Tokens Backend.
The Identity secrets engine is the identity management solution for Vault. It internally maintains the clients who are recognized by Vault.
NOTE: Each Vault server may only have one Identity Tokens Backend configuration. Multiple configurations of the resource against the same Vault server will cause a perpetual difference.
Example Usage
using Pulumi;
using Vault = Pulumi.Vault;
class MyStack : Stack
{
public MyStack()
{
var server = new Vault.Identity.Oidc("server", new Vault.Identity.OidcArgs
{
Issuer = "https://www.acme.com",
});
}
}