Module azure

This provider is a derived work of the Terraform Provider distributed under MPL 2.0. If you encounter a bug or missing feature, first check the pulumi/pulumi-vault repo; however, if that doesn’t turn up anything, please consult the source terraform-providers/terraform-provider-vault repo.

Resources

Resource AuthBackendConfig

class AuthBackendConfig extends CustomResource

constructor

new AuthBackendConfig(name: string, args: AuthBackendConfigArgs, opts?: pulumi.CustomResourceOptions)

Create a AuthBackendConfig resource with the given unique name, arguments, and options.

name The unique name of the resource.
args The arguments to use to populate this resource's properties.
opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: AuthBackendConfigState, opts?: pulumi.CustomResourceOptions): AuthBackendConfig

Get an existing AuthBackendConfig resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is AuthBackendConfig

Returns true if the given object is an instance of AuthBackendConfig. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property backend

public backend: pulumi.Output<string | undefined>;

The path the Azure auth backend being configured was mounted at. Defaults to azure.

property clientId

public clientId: pulumi.Output<string | undefined>;

The client id for credentials to query the Azure APIs. Currently read permissions to query compute resources are required.

property clientSecret

public clientSecret: pulumi.Output<string | undefined>;

The client secret for credentials to query the Azure APIs.

property environment

public environment: pulumi.Output<string | undefined>;

The Azure cloud environment. Valid values: AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud, AzureGermanCloud. Defaults to AzurePublicCloud.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property resource

public resource: pulumi.Output<string>;

The configured URL for the application registered in Azure Active Directory.

property tenantId

public tenantId: pulumi.Output<string>;

The tenant id for the Azure Active Directory organization.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource AuthBackendRole

class AuthBackendRole extends CustomResource

Manages an Azure auth backend role in a Vault server. Roles constrain the instances or principals that can perform the login operation against the backend. See the Vault documentation for more information.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";

const azure = new vault.AuthBackend("azure", {
    type: "azure",
});
const example = new vault.azure.AuthBackendRole("example", {
    backend: azure.path,
    boundResourceGroups: ["123456789012"],
    boundSubscriptionIds: ["11111111-2222-3333-4444-555555555555"],
    role: "test-role",
    tokenMaxTtl: 120,
    tokenPolicies: [
        "default",
        "dev",
        "prod",
    ],
    tokenTtl: 60,
});

constructor

new AuthBackendRole(name: string, args: AuthBackendRoleArgs, opts?: pulumi.CustomResourceOptions)

Create a AuthBackendRole resource with the given unique name, arguments, and options.

name The unique name of the resource.
args The arguments to use to populate this resource's properties.
opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: AuthBackendRoleState, opts?: pulumi.CustomResourceOptions): AuthBackendRole

Get an existing AuthBackendRole resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is AuthBackendRole

Returns true if the given object is an instance of AuthBackendRole. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property backend

public backend: pulumi.Output<string | undefined>;

Unique name of the auth backend to configure.

property boundGroupIds

public boundGroupIds: pulumi.Output<string[] | undefined>;

If set, defines a constraint on the groups that can perform the login operation that they should be using the group ID specified by this field.

property boundLocations

public boundLocations: pulumi.Output<string[] | undefined>;

If set, defines a constraint on the virtual machines that can perform the login operation that the location in their identity document must match the one specified by this field.

property boundResourceGroups

public boundResourceGroups: pulumi.Output<string[] | undefined>;

If set, defines a constraint on the virtual machiness that can perform the login operation that they be associated with the resource group that matches the value specified by this field.

property boundScaleSets

public boundScaleSets: pulumi.Output<string[] | undefined>;

If set, defines a constraint on the virtual machines that can perform the login operation that they must match the scale set specified by this field.

property boundServicePrincipalIds

public boundServicePrincipalIds: pulumi.Output<string[] | undefined>;

If set, defines a constraint on the service principals that can perform the login operation that they should be possess the ids specified by this field.

property boundSubscriptionIds

public boundSubscriptionIds: pulumi.Output<string[] | undefined>;

If set, defines a constraint on the subscriptions that can perform the login operation to ones which matches the value specified by this field.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property maxTtl

public maxTtl: pulumi.Output<number | undefined>;

The maximum allowed lifetime of tokens issued using this role, provided as a number of seconds.

property period

public period: pulumi.Output<number | undefined>;

If set, indicates that the token generated using this role should never expire. The token should be renewed within the duration specified by this value. At each renewal, the token’s TTL will be set to the value of this field. Specified in seconds.

property policies

public policies: pulumi.Output<string[] | undefined>;

An array of strings specifying the policies to be set on tokens issued using this role.

property role

public role: pulumi.Output<string>;

The name of the role.

property tokenBoundCidrs

public tokenBoundCidrs: pulumi.Output<string[] | undefined>;

List of CIDR blocks; if set, specifies blocks of IP addresses which can authenticate successfully, and ties the resulting token to these blocks as well.

property tokenExplicitMaxTtl

public tokenExplicitMaxTtl: pulumi.Output<number | undefined>;

If set, will encode an explicit max TTL onto the token in number of seconds. This is a hard cap even if tokenTtl and tokenMaxTtl would otherwise allow a renewal.

property tokenMaxTtl

public tokenMaxTtl: pulumi.Output<number | undefined>;

The maximum lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.

property tokenNoDefaultPolicy

public tokenNoDefaultPolicy: pulumi.Output<boolean | undefined>;

If set, the default policy will not be set on generated tokens; otherwise it will be added to the policies set in token_policies.

property tokenNumUses

public tokenNumUses: pulumi.Output<number | undefined>;

The period, if any, in number of seconds to set on the token.

property tokenPeriod

public tokenPeriod: pulumi.Output<number | undefined>;

property tokenPolicies

public tokenPolicies: pulumi.Output<string[] | undefined>;

List of policies to encode onto generated tokens. Depending on the auth method, this list may be supplemented by user/group/other values.

property tokenTtl

public tokenTtl: pulumi.Output<number | undefined>;

The incremental lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.

property tokenType

public tokenType: pulumi.Output<string | undefined>;

The type of token that should be generated. Can be service, batch, or default to use the mount’s tuned default (which unless changed will be service tokens). For token store roles, there are two additional possibilities: default-service and default-batch which specify the type to return unless the client requests a different type at generation time.

property ttl

public ttl: pulumi.Output<number | undefined>;

The TTL period of tokens issued using this role, provided as a number of seconds.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource Backend

class Backend extends CustomResource

constructor

new Backend(name: string, args: BackendArgs, opts?: pulumi.CustomResourceOptions)

Create a Backend resource with the given unique name, arguments, and options.

name The unique name of the resource.
args The arguments to use to populate this resource's properties.
opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: BackendState, opts?: pulumi.CustomResourceOptions): Backend

Get an existing Backend resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is Backend

Returns true if the given object is an instance of Backend. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property clientId

public clientId: pulumi.Output<string | undefined>;

The client id for credentials to query the Azure APIs. Currently read permissions to query compute resources are required.

property clientSecret

public clientSecret: pulumi.Output<string | undefined>;

The client secret for credentials to query the Azure APIs

property description

public description: pulumi.Output<string | undefined>;

Human-friendly description of the mount for the backend.

property environment

public environment: pulumi.Output<string | undefined>;

The Azure cloud environment. Valid values: AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud, AzureGermanCloud.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property path

public path: pulumi.Output<string | undefined>;

Path to mount the backend at.

property subscriptionId

public subscriptionId: pulumi.Output<string>;

The subscription id for the Azure Active Directory.

property tenantId

public tenantId: pulumi.Output<string>;

The tenant id for the Azure Active Directory organization.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource BackendRole

class BackendRole extends CustomResource

constructor

new BackendRole(name: string, args: BackendRoleArgs, opts?: pulumi.CustomResourceOptions)

Create a BackendRole resource with the given unique name, arguments, and options.

name The unique name of the resource.
args The arguments to use to populate this resource's properties.
opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: BackendRoleState, opts?: pulumi.CustomResourceOptions): BackendRole

Get an existing BackendRole resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is BackendRole

Returns true if the given object is an instance of BackendRole. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property applicationObjectId

public applicationObjectId: pulumi.Output<string | undefined>;

Application Object ID for an existing service principal that will be used instead of creating dynamic service principals. If present, azureRoles will be ignored.

property azureRoles

public azureRoles: pulumi.Output<BackendRoleAzureRole[] | undefined>;

List of Azure roles to be assigned to the generated service principal.

property backend

public backend: pulumi.Output<string | undefined>;

Path to the mounted Azure auth backend

property description

public description: pulumi.Output<string | undefined>;

Human-friendly description of the mount for the backend.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property maxTtl

public maxTtl: pulumi.Output<string | undefined>;

Specifies the maximum TTL for service principals generated using this role. Accepts time suffixed strings (“1h”) or an integer number of seconds. Defaults to the system/engine max TTL time.

property role

public role: pulumi.Output<string>;

Name of the Azure role

property ttl

public ttl: pulumi.Output<string | undefined>;

Specifies the default TTL for service principals generated using this role. Accepts time suffixed strings (“1h”) or an integer number of seconds. Defaults to the system/engine default TTL time.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Functions

Function getAccessCredentials

getAccessCredentials(args: GetAccessCredentialsArgs, opts?: pulumi.InvokeOptions): Promise<GetAccessCredentialsResult>

Others

interface AuthBackendConfigArgs

interface AuthBackendConfigArgs

The set of arguments for constructing a AuthBackendConfig resource.

property backend

backend?: pulumi.Input<string>;

The path the Azure auth backend being configured was mounted at. Defaults to azure.

property clientId

clientId?: pulumi.Input<string>;

The client id for credentials to query the Azure APIs. Currently read permissions to query compute resources are required.

property clientSecret

clientSecret?: pulumi.Input<string>;

The client secret for credentials to query the Azure APIs.

property environment

environment?: pulumi.Input<string>;

The Azure cloud environment. Valid values: AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud, AzureGermanCloud. Defaults to AzurePublicCloud.

property resource

resource: pulumi.Input<string>;

The configured URL for the application registered in Azure Active Directory.

property tenantId

tenantId: pulumi.Input<string>;

The tenant id for the Azure Active Directory organization.

interface AuthBackendConfigState

interface AuthBackendConfigState

Input properties used for looking up and filtering AuthBackendConfig resources.

property backend

backend?: pulumi.Input<string>;

The path the Azure auth backend being configured was mounted at. Defaults to azure.

property clientId

clientId?: pulumi.Input<string>;

The client id for credentials to query the Azure APIs. Currently read permissions to query compute resources are required.

property clientSecret

clientSecret?: pulumi.Input<string>;

The client secret for credentials to query the Azure APIs.

property environment

environment?: pulumi.Input<string>;

The Azure cloud environment. Valid values: AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud, AzureGermanCloud. Defaults to AzurePublicCloud.

property resource

resource?: pulumi.Input<string>;

The configured URL for the application registered in Azure Active Directory.

property tenantId

tenantId?: pulumi.Input<string>;

The tenant id for the Azure Active Directory organization.

interface AuthBackendRoleArgs

interface AuthBackendRoleArgs

The set of arguments for constructing a AuthBackendRole resource.

property backend

backend?: pulumi.Input<string>;

Unique name of the auth backend to configure.

property boundGroupIds

boundGroupIds?: pulumi.Input<pulumi.Input<string>[]>;

If set, defines a constraint on the groups that can perform the login operation that they should be using the group ID specified by this field.

property boundLocations

boundLocations?: pulumi.Input<pulumi.Input<string>[]>;

If set, defines a constraint on the virtual machines that can perform the login operation that the location in their identity document must match the one specified by this field.

property boundResourceGroups

boundResourceGroups?: pulumi.Input<pulumi.Input<string>[]>;

If set, defines a constraint on the virtual machiness that can perform the login operation that they be associated with the resource group that matches the value specified by this field.

property boundScaleSets

boundScaleSets?: pulumi.Input<pulumi.Input<string>[]>;

If set, defines a constraint on the virtual machines that can perform the login operation that they must match the scale set specified by this field.

property boundServicePrincipalIds

boundServicePrincipalIds?: pulumi.Input<pulumi.Input<string>[]>;

If set, defines a constraint on the service principals that can perform the login operation that they should be possess the ids specified by this field.

property boundSubscriptionIds

boundSubscriptionIds?: pulumi.Input<pulumi.Input<string>[]>;

If set, defines a constraint on the subscriptions that can perform the login operation to ones which matches the value specified by this field.

property maxTtl

DEPRECATED use token_max_ttl instead if you are running Vault >= 1.2

maxTtl?: pulumi.Input<number>;

The maximum allowed lifetime of tokens issued using this role, provided as a number of seconds.

property period

DEPRECATED use token_period instead if you are running Vault >= 1.2

period?: pulumi.Input<number>;

property policies

DEPRECATED use token_policies instead if you are running Vault >= 1.2

policies?: pulumi.Input<pulumi.Input<string>[]>;

An array of strings specifying the policies to be set on tokens issued using this role.

property role

role: pulumi.Input<string>;

The name of the role.

property tokenBoundCidrs

tokenBoundCidrs?: pulumi.Input<pulumi.Input<string>[]>;

List of CIDR blocks; if set, specifies blocks of IP addresses which can authenticate successfully, and ties the resulting token to these blocks as well.

property tokenExplicitMaxTtl

tokenExplicitMaxTtl?: pulumi.Input<number>;

If set, will encode an explicit max TTL onto the token in number of seconds. This is a hard cap even if tokenTtl and tokenMaxTtl would otherwise allow a renewal.

property tokenMaxTtl

tokenMaxTtl?: pulumi.Input<number>;

The maximum lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.

property tokenNoDefaultPolicy

tokenNoDefaultPolicy?: pulumi.Input<boolean>;

If set, the default policy will not be set on generated tokens; otherwise it will be added to the policies set in token_policies.

property tokenNumUses

tokenNumUses?: pulumi.Input<number>;

The period, if any, in number of seconds to set on the token.

property tokenPeriod

tokenPeriod?: pulumi.Input<number>;

property tokenPolicies

tokenPolicies?: pulumi.Input<pulumi.Input<string>[]>;

List of policies to encode onto generated tokens. Depending on the auth method, this list may be supplemented by user/group/other values.

property tokenTtl

tokenTtl?: pulumi.Input<number>;

The incremental lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.

property tokenType

tokenType?: pulumi.Input<string>;

property ttl

DEPRECATED use token_ttl instead if you are running Vault >= 1.2

ttl?: pulumi.Input<number>;

The TTL period of tokens issued using this role, provided as a number of seconds.

interface AuthBackendRoleState

interface AuthBackendRoleState

Input properties used for looking up and filtering AuthBackendRole resources.

property backend

backend?: pulumi.Input<string>;

Unique name of the auth backend to configure.

property boundGroupIds

boundGroupIds?: pulumi.Input<pulumi.Input<string>[]>;

If set, defines a constraint on the groups that can perform the login operation that they should be using the group ID specified by this field.

property boundLocations

boundLocations?: pulumi.Input<pulumi.Input<string>[]>;

If set, defines a constraint on the virtual machines that can perform the login operation that the location in their identity document must match the one specified by this field.

property boundResourceGroups

boundResourceGroups?: pulumi.Input<pulumi.Input<string>[]>;

If set, defines a constraint on the virtual machiness that can perform the login operation that they be associated with the resource group that matches the value specified by this field.

property boundScaleSets

boundScaleSets?: pulumi.Input<pulumi.Input<string>[]>;

If set, defines a constraint on the virtual machines that can perform the login operation that they must match the scale set specified by this field.

property boundServicePrincipalIds

boundServicePrincipalIds?: pulumi.Input<pulumi.Input<string>[]>;

If set, defines a constraint on the service principals that can perform the login operation that they should be possess the ids specified by this field.

property boundSubscriptionIds

boundSubscriptionIds?: pulumi.Input<pulumi.Input<string>[]>;

If set, defines a constraint on the subscriptions that can perform the login operation to ones which matches the value specified by this field.

property maxTtl

DEPRECATED use token_max_ttl instead if you are running Vault >= 1.2

maxTtl?: pulumi.Input<number>;

The maximum allowed lifetime of tokens issued using this role, provided as a number of seconds.

property period

DEPRECATED use token_period instead if you are running Vault >= 1.2

period?: pulumi.Input<number>;

property policies

DEPRECATED use token_policies instead if you are running Vault >= 1.2

policies?: pulumi.Input<pulumi.Input<string>[]>;

An array of strings specifying the policies to be set on tokens issued using this role.

property role

role?: pulumi.Input<string>;

The name of the role.

property tokenBoundCidrs

tokenBoundCidrs?: pulumi.Input<pulumi.Input<string>[]>;

List of CIDR blocks; if set, specifies blocks of IP addresses which can authenticate successfully, and ties the resulting token to these blocks as well.

property tokenExplicitMaxTtl

tokenExplicitMaxTtl?: pulumi.Input<number>;

If set, will encode an explicit max TTL onto the token in number of seconds. This is a hard cap even if tokenTtl and tokenMaxTtl would otherwise allow a renewal.

property tokenMaxTtl

tokenMaxTtl?: pulumi.Input<number>;

The maximum lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.

property tokenNoDefaultPolicy

tokenNoDefaultPolicy?: pulumi.Input<boolean>;

If set, the default policy will not be set on generated tokens; otherwise it will be added to the policies set in token_policies.

property tokenNumUses

tokenNumUses?: pulumi.Input<number>;

The period, if any, in number of seconds to set on the token.

property tokenPeriod

tokenPeriod?: pulumi.Input<number>;

property tokenPolicies

tokenPolicies?: pulumi.Input<pulumi.Input<string>[]>;

List of policies to encode onto generated tokens. Depending on the auth method, this list may be supplemented by user/group/other values.

property tokenTtl

tokenTtl?: pulumi.Input<number>;

The incremental lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.

property tokenType

tokenType?: pulumi.Input<string>;

property ttl

DEPRECATED use token_ttl instead if you are running Vault >= 1.2

ttl?: pulumi.Input<number>;

The TTL period of tokens issued using this role, provided as a number of seconds.

interface BackendArgs

interface BackendArgs

The set of arguments for constructing a Backend resource.

property clientId

clientId?: pulumi.Input<string>;

The client id for credentials to query the Azure APIs. Currently read permissions to query compute resources are required.

property clientSecret

clientSecret?: pulumi.Input<string>;

The client secret for credentials to query the Azure APIs

property description

description?: pulumi.Input<string>;

Human-friendly description of the mount for the backend.

property environment

environment?: pulumi.Input<string>;

The Azure cloud environment. Valid values: AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud, AzureGermanCloud.

property path

path?: pulumi.Input<string>;

Path to mount the backend at.

property subscriptionId

subscriptionId: pulumi.Input<string>;

The subscription id for the Azure Active Directory.

property tenantId

tenantId: pulumi.Input<string>;

The tenant id for the Azure Active Directory organization.

interface BackendRoleArgs

interface BackendRoleArgs

The set of arguments for constructing a BackendRole resource.

property applicationObjectId

applicationObjectId?: pulumi.Input<string>;

Application Object ID for an existing service principal that will be used instead of creating dynamic service principals. If present, azureRoles will be ignored.

property azureRoles

azureRoles?: pulumi.Input<pulumi.Input<BackendRoleAzureRole>[]>;

List of Azure roles to be assigned to the generated service principal.

property backend

backend?: pulumi.Input<string>;

Path to the mounted Azure auth backend

property description

description?: pulumi.Input<string>;

Human-friendly description of the mount for the backend.

property maxTtl

maxTtl?: pulumi.Input<string>;

Specifies the maximum TTL for service principals generated using this role. Accepts time suffixed strings (“1h”) or an integer number of seconds. Defaults to the system/engine max TTL time.

property role

role: pulumi.Input<string>;

Name of the Azure role

property ttl

ttl?: pulumi.Input<string>;

Specifies the default TTL for service principals generated using this role. Accepts time suffixed strings (“1h”) or an integer number of seconds. Defaults to the system/engine default TTL time.

interface BackendRoleState

interface BackendRoleState

Input properties used for looking up and filtering BackendRole resources.

property applicationObjectId

applicationObjectId?: pulumi.Input<string>;

Application Object ID for an existing service principal that will be used instead of creating dynamic service principals. If present, azureRoles will be ignored.

property azureRoles

azureRoles?: pulumi.Input<pulumi.Input<BackendRoleAzureRole>[]>;

List of Azure roles to be assigned to the generated service principal.

property backend

backend?: pulumi.Input<string>;

Path to the mounted Azure auth backend

property description

description?: pulumi.Input<string>;

Human-friendly description of the mount for the backend.

property maxTtl

maxTtl?: pulumi.Input<string>;

Specifies the maximum TTL for service principals generated using this role. Accepts time suffixed strings (“1h”) or an integer number of seconds. Defaults to the system/engine max TTL time.

property role

role?: pulumi.Input<string>;

Name of the Azure role

property ttl

ttl?: pulumi.Input<string>;

Specifies the default TTL for service principals generated using this role. Accepts time suffixed strings (“1h”) or an integer number of seconds. Defaults to the system/engine default TTL time.

interface BackendState

interface BackendState

Input properties used for looking up and filtering Backend resources.

property clientId

clientId?: pulumi.Input<string>;

The client id for credentials to query the Azure APIs. Currently read permissions to query compute resources are required.

property clientSecret

clientSecret?: pulumi.Input<string>;

The client secret for credentials to query the Azure APIs

property description

description?: pulumi.Input<string>;

Human-friendly description of the mount for the backend.

property environment

environment?: pulumi.Input<string>;

The Azure cloud environment. Valid values: AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud, AzureGermanCloud.

property path

path?: pulumi.Input<string>;

Path to mount the backend at.

property subscriptionId

subscriptionId?: pulumi.Input<string>;

The subscription id for the Azure Active Directory.

property tenantId

tenantId?: pulumi.Input<string>;

The tenant id for the Azure Active Directory organization.

interface GetAccessCredentialsArgs

interface GetAccessCredentialsArgs

A collection of arguments for invoking getAccessCredentials.

property backend

backend: string;

The path to the Azure secret backend to read credentials from, with no leading or trailing /s.

property maxCredValidationSeconds

maxCredValidationSeconds?: undefined | number;

If ‘validate_creds’ is true, the number of seconds after which to give up validating credentials. Defaults to 1,200 (20 minutes).

property numSecondsBetweenTests

numSecondsBetweenTests?: undefined | number;

If ‘validate_creds’ is true, the number of seconds to wait between each test of generated credentials. Defaults to 7.

property numSequentialSuccesses

numSequentialSuccesses?: undefined | number;

If ‘validate_creds’ is true, the number of sequential successes required to validate generated credentials. Defaults to 8.

property role

role: string;

The name of the Azure secret backend role to read credentials from, with no leading or trailing /s.

property validateCreds

validateCreds?: undefined | false | true;

Whether generated credentials should be validated before being returned. Defaults to false, which returns credentials without checking whether they have fully propagated throughout Azure Active Directory. Designating true activates testing.

interface GetAccessCredentialsResult

interface GetAccessCredentialsResult

A collection of values returned by getAccessCredentials.

property backend

backend: string;

property clientId

clientId: string;

The client id for credentials to query the Azure APIs.

property clientSecret

clientSecret: string;

The client secret for credentials to query the Azure APIs.

property id

id: string;

The provider-assigned unique ID for this managed resource.

property leaseDuration

leaseDuration: number;

The duration of the secret lease, in seconds relative to the time the data was requested. Once this time has passed any plan generated with this data may fail to apply.

property leaseId

leaseId: string;

The lease identifier assigned by Vault.

property leaseRenewable

leaseRenewable: boolean;

property leaseStartTime

leaseStartTime: string;

property maxCredValidationSeconds

maxCredValidationSeconds?: undefined | number;

property numSecondsBetweenTests

numSecondsBetweenTests?: undefined | number;

property numSequentialSuccesses

numSequentialSuccesses?: undefined | number;

property role

role: string;

property validateCreds

validateCreds?: undefined | false | true;

The Pulumi Platform

Get Started

Migrate to Pulumi

Solutions for All Teams and Engineers

Any Code

Any Cloud

Module azure

Resources

Functions

Others

Resources

Example Usage

Functions

Others