1. Docs
  2. Reference
  3. API
  4. @pulumi/vault
  5. tokenauth

Module tokenauth

This provider is a derived work of the Terraform Provider distributed under MPL 2.0. If you encounter a bug or missing feature, first check the pulumi/pulumi-vault repo; however, if that doesn’t turn up anything, please consult the source terraform-providers/terraform-provider-vault repo.

Resources

Others

Resources

Resource AuthBackendRole

class AuthBackendRole extends CustomResource

Manages Token auth backend role in a Vault server. See the Vault documentation for more information.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";

const example = new vault.tokenauth.AuthBackendRole("example", {
    allowedPolicies: [
        "dev",
        "test",
    ],
    disallowedPolicies: ["default"],
    explicitMaxTtl: "115200",
    orphan: true,
    pathSuffix: "path-suffix",
    period: "86400",
    renewable: true,
    roleName: "my-role",
});

constructor

new AuthBackendRole(name: string, args: AuthBackendRoleArgs, opts?: pulumi.CustomResourceOptions)

Create a AuthBackendRole resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: AuthBackendRoleState, opts?: pulumi.CustomResourceOptions): AuthBackendRole

Get an existing AuthBackendRole resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is AuthBackendRole

Returns true if the given object is an instance of AuthBackendRole. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property allowedPolicies

public allowedPolicies: pulumi.Output<string[] | undefined>;

List of allowed policies for given role.

property boundCidrs

public boundCidrs: pulumi.Output<string[] | undefined>;

If set, a list of CIDRs valid as the source address for login requests. This value is also encoded into any resulting token.

property disallowedPolicies

public disallowedPolicies: pulumi.Output<string[] | undefined>;

List of disallowed policies for given role.

property explicitMaxTtl

public explicitMaxTtl: pulumi.Output<string | undefined>;

If set, the token will have an explicit max TTL set upon it.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property orphan

public orphan: pulumi.Output<boolean | undefined>;

If true, tokens created against this policy will be orphan tokens.

property pathSuffix

public pathSuffix: pulumi.Output<string | undefined>;

Tokens created against this role will have the given suffix as part of their path in addition to the role name.

property period

public period: pulumi.Output<string | undefined>;

If set, indicates that the token generated using this role should never expire. The token should be renewed within the duration specified by this value. At each renewal, the token’s TTL will be set to the value of this field. Specified in seconds.

property renewable

public renewable: pulumi.Output<boolean | undefined>;

Wether to disable the ability of the token to be renewed past its initial TTL.

property roleName

public roleName: pulumi.Output<string>;

The name of the role.

property tokenBoundCidrs

public tokenBoundCidrs: pulumi.Output<string[] | undefined>;

List of CIDR blocks; if set, specifies blocks of IP addresses which can authenticate successfully, and ties the resulting token to these blocks as well.

property tokenExplicitMaxTtl

public tokenExplicitMaxTtl: pulumi.Output<number | undefined>;

If set, will encode an explicit max TTL onto the token in number of seconds. This is a hard cap even if tokenTtl and tokenMaxTtl would otherwise allow a renewal.

property tokenMaxTtl

public tokenMaxTtl: pulumi.Output<number | undefined>;

The maximum lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.

property tokenNoDefaultPolicy

public tokenNoDefaultPolicy: pulumi.Output<boolean | undefined>;

If set, the default policy will not be set on generated tokens; otherwise it will be added to the policies set in token_policies.

property tokenNumUses

public tokenNumUses: pulumi.Output<number | undefined>;

The period, if any, in number of seconds to set on the token.

property tokenPeriod

public tokenPeriod: pulumi.Output<number | undefined>;

If set, indicates that the token generated using this role should never expire. The token should be renewed within the duration specified by this value. At each renewal, the token’s TTL will be set to the value of this field. Specified in seconds.

property tokenPolicies

public tokenPolicies: pulumi.Output<string[] | undefined>;

Generated Token’s Policies

property tokenTtl

public tokenTtl: pulumi.Output<number | undefined>;

The incremental lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.

property tokenType

public tokenType: pulumi.Output<string | undefined>;

The type of token that should be generated. Can be service, batch, or default to use the mount’s tuned default (which unless changed will be service tokens). For token store roles, there are two additional possibilities: default-service and default-batch which specify the type to return unless the client requests a different type at generation time.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Others

interface AuthBackendRoleArgs

interface AuthBackendRoleArgs

The set of arguments for constructing a AuthBackendRole resource.

property allowedPolicies

allowedPolicies?: pulumi.Input<pulumi.Input<string>[]>;

List of allowed policies for given role.

property boundCidrs

DEPRECATED use token_bound_cidrs instead if you are running Vault >= 1.2
boundCidrs?: pulumi.Input<pulumi.Input<string>[]>;

If set, a list of CIDRs valid as the source address for login requests. This value is also encoded into any resulting token.

property disallowedPolicies

disallowedPolicies?: pulumi.Input<pulumi.Input<string>[]>;

List of disallowed policies for given role.

property explicitMaxTtl

DEPRECATED use token_explicit_max_ttl instead if you are running Vault >= 1.2
explicitMaxTtl?: pulumi.Input<string>;

If set, the token will have an explicit max TTL set upon it.

property orphan

orphan?: pulumi.Input<boolean>;

If true, tokens created against this policy will be orphan tokens.

property pathSuffix

pathSuffix?: pulumi.Input<string>;

Tokens created against this role will have the given suffix as part of their path in addition to the role name.

property period

DEPRECATED use token_period instead if you are running Vault >= 1.2
period?: pulumi.Input<string>;

If set, indicates that the token generated using this role should never expire. The token should be renewed within the duration specified by this value. At each renewal, the token’s TTL will be set to the value of this field. Specified in seconds.

property renewable

renewable?: pulumi.Input<boolean>;

Wether to disable the ability of the token to be renewed past its initial TTL.

property roleName

roleName: pulumi.Input<string>;

The name of the role.

property tokenBoundCidrs

tokenBoundCidrs?: pulumi.Input<pulumi.Input<string>[]>;

List of CIDR blocks; if set, specifies blocks of IP addresses which can authenticate successfully, and ties the resulting token to these blocks as well.

property tokenExplicitMaxTtl

tokenExplicitMaxTtl?: pulumi.Input<number>;

If set, will encode an explicit max TTL onto the token in number of seconds. This is a hard cap even if tokenTtl and tokenMaxTtl would otherwise allow a renewal.

property tokenMaxTtl

tokenMaxTtl?: pulumi.Input<number>;

The maximum lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.

property tokenNoDefaultPolicy

tokenNoDefaultPolicy?: pulumi.Input<boolean>;

If set, the default policy will not be set on generated tokens; otherwise it will be added to the policies set in token_policies.

property tokenNumUses

tokenNumUses?: pulumi.Input<number>;

The period, if any, in number of seconds to set on the token.

property tokenPeriod

tokenPeriod?: pulumi.Input<number>;

If set, indicates that the token generated using this role should never expire. The token should be renewed within the duration specified by this value. At each renewal, the token’s TTL will be set to the value of this field. Specified in seconds.

property tokenPolicies

tokenPolicies?: pulumi.Input<pulumi.Input<string>[]>;

Generated Token’s Policies

property tokenTtl

tokenTtl?: pulumi.Input<number>;

The incremental lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.

property tokenType

tokenType?: pulumi.Input<string>;

The type of token that should be generated. Can be service, batch, or default to use the mount’s tuned default (which unless changed will be service tokens). For token store roles, there are two additional possibilities: default-service and default-batch which specify the type to return unless the client requests a different type at generation time.

interface AuthBackendRoleState

interface AuthBackendRoleState

Input properties used for looking up and filtering AuthBackendRole resources.

property allowedPolicies

allowedPolicies?: pulumi.Input<pulumi.Input<string>[]>;

List of allowed policies for given role.

property boundCidrs

DEPRECATED use token_bound_cidrs instead if you are running Vault >= 1.2
boundCidrs?: pulumi.Input<pulumi.Input<string>[]>;

If set, a list of CIDRs valid as the source address for login requests. This value is also encoded into any resulting token.

property disallowedPolicies

disallowedPolicies?: pulumi.Input<pulumi.Input<string>[]>;

List of disallowed policies for given role.

property explicitMaxTtl

DEPRECATED use token_explicit_max_ttl instead if you are running Vault >= 1.2
explicitMaxTtl?: pulumi.Input<string>;

If set, the token will have an explicit max TTL set upon it.

property orphan

orphan?: pulumi.Input<boolean>;

If true, tokens created against this policy will be orphan tokens.

property pathSuffix

pathSuffix?: pulumi.Input<string>;

Tokens created against this role will have the given suffix as part of their path in addition to the role name.

property period

DEPRECATED use token_period instead if you are running Vault >= 1.2
period?: pulumi.Input<string>;

If set, indicates that the token generated using this role should never expire. The token should be renewed within the duration specified by this value. At each renewal, the token’s TTL will be set to the value of this field. Specified in seconds.

property renewable

renewable?: pulumi.Input<boolean>;

Wether to disable the ability of the token to be renewed past its initial TTL.

property roleName

roleName?: pulumi.Input<string>;

The name of the role.

property tokenBoundCidrs

tokenBoundCidrs?: pulumi.Input<pulumi.Input<string>[]>;

List of CIDR blocks; if set, specifies blocks of IP addresses which can authenticate successfully, and ties the resulting token to these blocks as well.

property tokenExplicitMaxTtl

tokenExplicitMaxTtl?: pulumi.Input<number>;

If set, will encode an explicit max TTL onto the token in number of seconds. This is a hard cap even if tokenTtl and tokenMaxTtl would otherwise allow a renewal.

property tokenMaxTtl

tokenMaxTtl?: pulumi.Input<number>;

The maximum lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.

property tokenNoDefaultPolicy

tokenNoDefaultPolicy?: pulumi.Input<boolean>;

If set, the default policy will not be set on generated tokens; otherwise it will be added to the policies set in token_policies.

property tokenNumUses

tokenNumUses?: pulumi.Input<number>;

The period, if any, in number of seconds to set on the token.

property tokenPeriod

tokenPeriod?: pulumi.Input<number>;

If set, indicates that the token generated using this role should never expire. The token should be renewed within the duration specified by this value. At each renewal, the token’s TTL will be set to the value of this field. Specified in seconds.

property tokenPolicies

tokenPolicies?: pulumi.Input<pulumi.Input<string>[]>;

Generated Token’s Policies

property tokenTtl

tokenTtl?: pulumi.Input<number>;

The incremental lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.

property tokenType

tokenType?: pulumi.Input<string>;

The type of token that should be generated. Can be service, batch, or default to use the mount’s tuned default (which unless changed will be service tokens). For token store roles, there are two additional possibilities: default-service and default-batch which specify the type to return unless the client requests a different type at generation time.