1. Docs
  2. Reference
  3. API
  4. pulumi_vault
  5. github

github

This provider is a derived work of the Terraform Provider distributed under MPL 2.0. If you encounter a bug or missing feature, first check the pulumi/pulumi-vault repo; however, if that doesn’t turn up anything, please consult the source terraform-providers/terraform-provider-vault repo.

class pulumi_vault.github.AuthBackend(resource_name, opts=None, base_url=None, description=None, max_ttl=None, organization=None, path=None, token_bound_cidrs=None, token_explicit_max_ttl=None, token_max_ttl=None, token_no_default_policy=None, token_num_uses=None, token_period=None, token_policies=None, token_ttl=None, token_type=None, ttl=None, tune=None, __props__=None, __name__=None, __opts__=None)

Manages a Github Auth mount in a Vault server. See the Vault documentation for more information.

import pulumi
import pulumi_vault as vault

example = vault.github.AuthBackend("example", organization="myorg")
Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • base_url (pulumi.Input[str]) – The API endpoint to use. Useful if you are running GitHub Enterprise or an API-compatible authentication server.

  • description (pulumi.Input[str]) – Specifies the description of the mount. This overrides the current stored value, if any.

  • max_ttl (pulumi.Input[str]) – (Optional; Deprecated, use token_max_ttl instead if you are running Vault >= 1.2) The maximum allowed lifetime of tokens issued using this role. This must be a valid duration string.

  • organization (pulumi.Input[str]) – The organization configured users must be part of.

  • path (pulumi.Input[str]) – Path where the auth backend is mounted. Defaults to auth/github if not specified.

  • token_bound_cidrs (pulumi.Input[list]) – (Optional) List of CIDR blocks; if set, specifies blocks of IP addresses which can authenticate successfully, and ties the resulting token to these blocks as well.

  • token_explicit_max_ttl (pulumi.Input[float]) – (Optional) If set, will encode an explicit max TTL onto the token in number of seconds. This is a hard cap even if token_ttl and token_max_ttl would otherwise allow a renewal.

  • token_max_ttl (pulumi.Input[float]) – (Optional) The maximum lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.

  • token_no_default_policy (pulumi.Input[bool]) – (Optional) If set, the default policy will not be set on generated tokens; otherwise it will be added to the policies set in token_policies.

  • token_num_uses (pulumi.Input[float]) – (Optional) The period, if any, in number of seconds to set on the token.

  • token_period (pulumi.Input[float]) – (Optional) If set, indicates that the token generated using this role should never expire. The token should be renewed within the duration specified by this value. At each renewal, the token’s TTL will be set to the value of this field. Specified in seconds.

  • token_policies (pulumi.Input[list]) – (Optional) List of policies to encode onto generated tokens. Depending on the auth method, this list may be supplemented by user/group/other values.

  • token_ttl (pulumi.Input[float]) – (Optional) The incremental lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.

  • token_type (pulumi.Input[str]) – Specifies the type of tokens that should be returned by the mount. Valid values are “default-service”, “default-batch”, “service”, “batch”.

  • ttl (pulumi.Input[str]) –

    (Optional; Deprecated, use token_ttl instead if you are running Vault >= 1.2) The TTL period of tokens issued using this role. This must be a valid duration string.

The tune object supports the following:

  • allowedResponseHeaders (pulumi.Input[list]) - List of headers to whitelist and allowing a plugin to include them in the response.

  • auditNonHmacRequestKeys (pulumi.Input[list]) - Specifies the list of keys that will not be HMAC’d by audit devices in the request data object.

  • auditNonHmacResponseKeys (pulumi.Input[list]) - Specifies the list of keys that will not be HMAC’d by audit devices in the response data object.

  • defaultLeaseTtl (pulumi.Input[str]) - Specifies the default time-to-live. If set, this overrides the global default. Must be a valid duration string

  • listing_visibility (pulumi.Input[str]) - Specifies whether to show this mount in the UI-specific listing endpoint. Valid values are “unauth” or “hidden”.

  • maxLeaseTtl (pulumi.Input[str]) - Specifies the maximum time-to-live. If set, this overrides the global default. Must be a valid duration string

  • passthroughRequestHeaders (pulumi.Input[list]) - List of headers to whitelist and pass from the request to the backend.

  • token_type (pulumi.Input[str]) - Specifies the type of tokens that should be returned by the mount. Valid values are “default-service”, “default-batch”, “service”, “batch”.

accessor: pulumi.Output[str] = None

The mount accessor related to the auth mount. It is useful for integration with Identity Secrets Engine.

base_url: pulumi.Output[str] = None

The API endpoint to use. Useful if you are running GitHub Enterprise or an API-compatible authentication server.

description: pulumi.Output[str] = None

Specifies the description of the mount. This overrides the current stored value, if any.

max_ttl: pulumi.Output[str] = None

(Optional; Deprecated, use token_max_ttl instead if you are running Vault >= 1.2) The maximum allowed lifetime of tokens issued using this role. This must be a valid duration string.

organization: pulumi.Output[str] = None

The organization configured users must be part of.

path: pulumi.Output[str] = None

Path where the auth backend is mounted. Defaults to auth/github if not specified.

token_bound_cidrs: pulumi.Output[list] = None

(Optional) List of CIDR blocks; if set, specifies blocks of IP addresses which can authenticate successfully, and ties the resulting token to these blocks as well.

token_explicit_max_ttl: pulumi.Output[float] = None

(Optional) If set, will encode an explicit max TTL onto the token in number of seconds. This is a hard cap even if token_ttl and token_max_ttl would otherwise allow a renewal.

token_max_ttl: pulumi.Output[float] = None

(Optional) The maximum lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.

token_no_default_policy: pulumi.Output[bool] = None

(Optional) If set, the default policy will not be set on generated tokens; otherwise it will be added to the policies set in token_policies.

token_num_uses: pulumi.Output[float] = None

(Optional) The period, if any, in number of seconds to set on the token.

token_period: pulumi.Output[float] = None

(Optional) If set, indicates that the token generated using this role should never expire. The token should be renewed within the duration specified by this value. At each renewal, the token’s TTL will be set to the value of this field. Specified in seconds.

token_policies: pulumi.Output[list] = None

(Optional) List of policies to encode onto generated tokens. Depending on the auth method, this list may be supplemented by user/group/other values.

token_ttl: pulumi.Output[float] = None

(Optional) The incremental lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.

token_type: pulumi.Output[str] = None

Specifies the type of tokens that should be returned by the mount. Valid values are “default-service”, “default-batch”, “service”, “batch”.

ttl: pulumi.Output[str] = None

(Optional; Deprecated, use token_ttl instead if you are running Vault >= 1.2) The TTL period of tokens issued using this role. This must be a valid duration string.

static get(resource_name, id, opts=None, accessor=None, base_url=None, description=None, max_ttl=None, organization=None, path=None, token_bound_cidrs=None, token_explicit_max_ttl=None, token_max_ttl=None, token_no_default_policy=None, token_num_uses=None, token_period=None, token_policies=None, token_ttl=None, token_type=None, ttl=None, tune=None)

Get an existing AuthBackend resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • accessor (pulumi.Input[str]) –

    The mount accessor related to the auth mount. It is useful for integration with Identity Secrets Engine.

  • base_url (pulumi.Input[str]) – The API endpoint to use. Useful if you are running GitHub Enterprise or an API-compatible authentication server.

  • description (pulumi.Input[str]) – Specifies the description of the mount. This overrides the current stored value, if any.

  • max_ttl (pulumi.Input[str]) –

    (Optional; Deprecated, use token_max_ttl instead if you are running Vault >= 1.2) The maximum allowed lifetime of tokens issued using this role. This must be a valid duration string.

  • organization (pulumi.Input[str]) – The organization configured users must be part of.

  • path (pulumi.Input[str]) – Path where the auth backend is mounted. Defaults to auth/github if not specified.

  • token_bound_cidrs (pulumi.Input[list]) – (Optional) List of CIDR blocks; if set, specifies blocks of IP addresses which can authenticate successfully, and ties the resulting token to these blocks as well.

  • token_explicit_max_ttl (pulumi.Input[float]) –

    (Optional) If set, will encode an explicit max TTL onto the token in number of seconds. This is a hard cap even if token_ttl and token_max_ttl would otherwise allow a renewal.

  • token_max_ttl (pulumi.Input[float]) – (Optional) The maximum lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.

  • token_no_default_policy (pulumi.Input[bool]) – (Optional) If set, the default policy will not be set on generated tokens; otherwise it will be added to the policies set in token_policies.

  • token_num_uses (pulumi.Input[float]) –

    (Optional) The period, if any, in number of seconds to set on the token.

  • token_period (pulumi.Input[float]) – (Optional) If set, indicates that the token generated using this role should never expire. The token should be renewed within the duration specified by this value. At each renewal, the token’s TTL will be set to the value of this field. Specified in seconds.

  • token_policies (pulumi.Input[list]) – (Optional) List of policies to encode onto generated tokens. Depending on the auth method, this list may be supplemented by user/group/other values.

  • token_ttl (pulumi.Input[float]) – (Optional) The incremental lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.

  • token_type (pulumi.Input[str]) – Specifies the type of tokens that should be returned by the mount. Valid values are “default-service”, “default-batch”, “service”, “batch”.

  • ttl (pulumi.Input[str]) –

    (Optional; Deprecated, use token_ttl instead if you are running Vault >= 1.2) The TTL period of tokens issued using this role. This must be a valid duration string.

The tune object supports the following:

  • allowedResponseHeaders (pulumi.Input[list]) - List of headers to whitelist and allowing a plugin to include them in the response.

  • auditNonHmacRequestKeys (pulumi.Input[list]) - Specifies the list of keys that will not be HMAC’d by audit devices in the request data object.

  • auditNonHmacResponseKeys (pulumi.Input[list]) - Specifies the list of keys that will not be HMAC’d by audit devices in the response data object.

  • defaultLeaseTtl (pulumi.Input[str]) - Specifies the default time-to-live. If set, this overrides the global default. Must be a valid duration string

  • listing_visibility (pulumi.Input[str]) - Specifies whether to show this mount in the UI-specific listing endpoint. Valid values are “unauth” or “hidden”.

  • maxLeaseTtl (pulumi.Input[str]) - Specifies the maximum time-to-live. If set, this overrides the global default. Must be a valid duration string

  • passthroughRequestHeaders (pulumi.Input[list]) - List of headers to whitelist and pass from the request to the backend.

  • token_type (pulumi.Input[str]) - Specifies the type of tokens that should be returned by the mount. Valid values are “default-service”, “default-batch”, “service”, “batch”.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_vault.github.Team(resource_name, opts=None, backend=None, policies=None, team=None, token_bound_cidrs=None, token_explicit_max_ttl=None, token_max_ttl=None, token_no_default_policy=None, token_num_uses=None, token_period=None, token_policies=None, token_ttl=None, token_type=None, __props__=None, __name__=None, __opts__=None)

Create a Team resource with the given unique name, props, and options. :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] backend: Path where the github auth backend is mounted. Defaults to github

if not specified.

Parameters

  • policies (pulumi.Input[list]) – An array of strings specifying the policies to be set on tokens issued using this role.

  • team (pulumi.Input[str]) – GitHub team name in “slugified” format.

  • token_bound_cidrs (pulumi.Input[list]) – Specifies the blocks of IP addresses which are allowed to use the generated token

  • token_explicit_max_ttl (pulumi.Input[float]) – Generated Token’s Explicit Maximum TTL in seconds

  • token_max_ttl (pulumi.Input[float]) – The maximum lifetime of the generated token

  • token_no_default_policy (pulumi.Input[bool]) – If true, the ‘default’ policy will not automatically be added to generated tokens

  • token_num_uses (pulumi.Input[float]) – The maximum number of times a token may be used, a value of zero means unlimited

  • token_period (pulumi.Input[float]) – Generated Token’s Period

  • token_policies (pulumi.Input[list]) – Generated Token’s Policies

  • token_ttl (pulumi.Input[float]) – The initial ttl of the token to generate in seconds

  • token_type (pulumi.Input[str]) – The type of token to generate, service or batch

backend: pulumi.Output[str] = None

Path where the github auth backend is mounted. Defaults to github if not specified.

policies: pulumi.Output[list] = None

An array of strings specifying the policies to be set on tokens issued using this role.

team: pulumi.Output[str] = None

GitHub team name in “slugified” format.

token_bound_cidrs: pulumi.Output[list] = None

Specifies the blocks of IP addresses which are allowed to use the generated token

token_explicit_max_ttl: pulumi.Output[float] = None

Generated Token’s Explicit Maximum TTL in seconds

token_max_ttl: pulumi.Output[float] = None

The maximum lifetime of the generated token

token_no_default_policy: pulumi.Output[bool] = None

If true, the ‘default’ policy will not automatically be added to generated tokens

token_num_uses: pulumi.Output[float] = None

The maximum number of times a token may be used, a value of zero means unlimited

token_period: pulumi.Output[float] = None

Generated Token’s Period

token_policies: pulumi.Output[list] = None

Generated Token’s Policies

token_ttl: pulumi.Output[float] = None

The initial ttl of the token to generate in seconds

token_type: pulumi.Output[str] = None

The type of token to generate, service or batch

static get(resource_name, id, opts=None, backend=None, policies=None, team=None, token_bound_cidrs=None, token_explicit_max_ttl=None, token_max_ttl=None, token_no_default_policy=None, token_num_uses=None, token_period=None, token_policies=None, token_ttl=None, token_type=None)

Get an existing Team resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • backend (pulumi.Input[str]) – Path where the github auth backend is mounted. Defaults to github if not specified.

  • policies (pulumi.Input[list]) – An array of strings specifying the policies to be set on tokens issued using this role.

  • team (pulumi.Input[str]) – GitHub team name in “slugified” format.

  • token_bound_cidrs (pulumi.Input[list]) – Specifies the blocks of IP addresses which are allowed to use the generated token

  • token_explicit_max_ttl (pulumi.Input[float]) – Generated Token’s Explicit Maximum TTL in seconds

  • token_max_ttl (pulumi.Input[float]) – The maximum lifetime of the generated token

  • token_no_default_policy (pulumi.Input[bool]) – If true, the ‘default’ policy will not automatically be added to generated tokens

  • token_num_uses (pulumi.Input[float]) – The maximum number of times a token may be used, a value of zero means unlimited

  • token_period (pulumi.Input[float]) – Generated Token’s Period

  • token_policies (pulumi.Input[list]) – Generated Token’s Policies

  • token_ttl (pulumi.Input[float]) – The initial ttl of the token to generate in seconds

  • token_type (pulumi.Input[str]) – The type of token to generate, service or batch

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_vault.github.User(resource_name, opts=None, backend=None, policies=None, token_bound_cidrs=None, token_explicit_max_ttl=None, token_max_ttl=None, token_no_default_policy=None, token_num_uses=None, token_period=None, token_policies=None, token_ttl=None, token_type=None, user=None, __props__=None, __name__=None, __opts__=None)

Manages policy mappings for Github Users authenticated via Github. See the Vault documentation for more information.

import pulumi
import pulumi_vault as vault

example = vault.github.AuthBackend("example", organization="myorg")
tf_user = vault.github.User("tfUser",
    backend=example.id,
    user="john.doe",
    token_policies=[
        "developer",
        "read-only",
    ])
Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • backend (pulumi.Input[str]) – Path where the github auth backend is mounted. Defaults to github if not specified.

  • policies (pulumi.Input[list]) – An array of strings specifying the policies to be set on tokens issued using this role.

  • token_bound_cidrs (pulumi.Input[list]) – Specifies the blocks of IP addresses which are allowed to use the generated token

  • token_explicit_max_ttl (pulumi.Input[float]) – Generated Token’s Explicit Maximum TTL in seconds

  • token_max_ttl (pulumi.Input[float]) – The maximum lifetime of the generated token

  • token_no_default_policy (pulumi.Input[bool]) – If true, the ‘default’ policy will not automatically be added to generated tokens

  • token_num_uses (pulumi.Input[float]) – The maximum number of times a token may be used, a value of zero means unlimited

  • token_period (pulumi.Input[float]) – Generated Token’s Period

  • token_policies (pulumi.Input[list]) – Generated Token’s Policies

  • token_ttl (pulumi.Input[float]) – The initial ttl of the token to generate in seconds

  • token_type (pulumi.Input[str]) – The type of token to generate, service or batch

  • user (pulumi.Input[str]) – GitHub user name.

backend: pulumi.Output[str] = None

Path where the github auth backend is mounted. Defaults to github if not specified.

policies: pulumi.Output[list] = None

An array of strings specifying the policies to be set on tokens issued using this role.

token_bound_cidrs: pulumi.Output[list] = None

Specifies the blocks of IP addresses which are allowed to use the generated token

token_explicit_max_ttl: pulumi.Output[float] = None

Generated Token’s Explicit Maximum TTL in seconds

token_max_ttl: pulumi.Output[float] = None

The maximum lifetime of the generated token

token_no_default_policy: pulumi.Output[bool] = None

If true, the ‘default’ policy will not automatically be added to generated tokens

token_num_uses: pulumi.Output[float] = None

The maximum number of times a token may be used, a value of zero means unlimited

token_period: pulumi.Output[float] = None

Generated Token’s Period

token_policies: pulumi.Output[list] = None

Generated Token’s Policies

token_ttl: pulumi.Output[float] = None

The initial ttl of the token to generate in seconds

token_type: pulumi.Output[str] = None

The type of token to generate, service or batch

user: pulumi.Output[str] = None

GitHub user name.

static get(resource_name, id, opts=None, backend=None, policies=None, token_bound_cidrs=None, token_explicit_max_ttl=None, token_max_ttl=None, token_no_default_policy=None, token_num_uses=None, token_period=None, token_policies=None, token_ttl=None, token_type=None, user=None)

Get an existing User resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • backend (pulumi.Input[str]) – Path where the github auth backend is mounted. Defaults to github if not specified.

  • policies (pulumi.Input[list]) – An array of strings specifying the policies to be set on tokens issued using this role.

  • token_bound_cidrs (pulumi.Input[list]) – Specifies the blocks of IP addresses which are allowed to use the generated token

  • token_explicit_max_ttl (pulumi.Input[float]) – Generated Token’s Explicit Maximum TTL in seconds

  • token_max_ttl (pulumi.Input[float]) – The maximum lifetime of the generated token

  • token_no_default_policy (pulumi.Input[bool]) – If true, the ‘default’ policy will not automatically be added to generated tokens

  • token_num_uses (pulumi.Input[float]) – The maximum number of times a token may be used, a value of zero means unlimited

  • token_period (pulumi.Input[float]) – Generated Token’s Period

  • token_policies (pulumi.Input[list]) – Generated Token’s Policies

  • token_ttl (pulumi.Input[float]) – The initial ttl of the token to generate in seconds

  • token_type (pulumi.Input[str]) – The type of token to generate, service or batch

  • user (pulumi.Input[str]) – GitHub user name.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str