SecretBackendRole

Manages a Consul secrets role for a Consul secrets engine in Vault. Consul secret backends can then issue Consul tokens.

Example Usage

using Pulumi;
using Vault = Pulumi.Vault;

class MyStack : Stack
{
    public MyStack()
    {
        var test = new Vault.Consul.SecretBackend("test", new Vault.Consul.SecretBackendArgs
        {
            Path = "consul",
            Description = "Manages the Consul backend",
            Address = "127.0.0.1:8500",
            Token = "4240861b-ce3d-8530-115a-521ff070dd29",
        });
        var example = new Vault.Consul.SecretBackendRole("example", new Vault.Consul.SecretBackendRoleArgs
        {
            Backend = test.Path,
            Policies = 
            {
                "example-policy",
            },
        });
    }

}
package main

import (
	"github.com/pulumi/pulumi-vault/sdk/v4/go/vault/consul"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		test, err := consul.NewSecretBackend(ctx, "test", &consul.SecretBackendArgs{
			Path:        pulumi.String("consul"),
			Description: pulumi.String("Manages the Consul backend"),
			Address:     pulumi.String("127.0.0.1:8500"),
			Token:       pulumi.String("4240861b-ce3d-8530-115a-521ff070dd29"),
		})
		if err != nil {
			return err
		}
		_, err = consul.NewSecretBackendRole(ctx, "example", &consul.SecretBackendRoleArgs{
			Backend: test.Path,
			Policies: pulumi.StringArray{
				pulumi.String("example-policy"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
import pulumi
import pulumi_vault as vault

test = vault.consul.SecretBackend("test",
    path="consul",
    description="Manages the Consul backend",
    address="127.0.0.1:8500",
    token="4240861b-ce3d-8530-115a-521ff070dd29")
example = vault.consul.SecretBackendRole("example",
    backend=test.path,
    policies=["example-policy"])
import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";

const test = new vault.consul.SecretBackend("test", {
    path: "consul",
    description: "Manages the Consul backend",
    address: "127.0.0.1:8500",
    token: "4240861b-ce3d-8530-115a-521ff070dd29",
});
const example = new vault.consul.SecretBackendRole("example", {
    backend: test.path,
    policies: ["example-policy"],
});

Create a SecretBackendRole Resource

new SecretBackendRole(name: string, args: SecretBackendRoleArgs, opts?: CustomResourceOptions);
@overload
def SecretBackendRole(resource_name: str,
                      opts: Optional[ResourceOptions] = None,
                      backend: Optional[str] = None,
                      local: Optional[bool] = None,
                      max_ttl: Optional[int] = None,
                      name: Optional[str] = None,
                      path: Optional[str] = None,
                      policies: Optional[Sequence[str]] = None,
                      token_type: Optional[str] = None,
                      ttl: Optional[int] = None)
@overload
def SecretBackendRole(resource_name: str,
                      args: SecretBackendRoleArgs,
                      opts: Optional[ResourceOptions] = None)
func NewSecretBackendRole(ctx *Context, name string, args SecretBackendRoleArgs, opts ...ResourceOption) (*SecretBackendRole, error)
public SecretBackendRole(string name, SecretBackendRoleArgs args, CustomResourceOptions? opts = null)
name string
The unique name of the resource.
args SecretBackendRoleArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args SecretBackendRoleArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args SecretBackendRoleArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args SecretBackendRoleArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.

SecretBackendRole Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The SecretBackendRole resource accepts the following input properties:

Policies List<string>
The list of Consul ACL policies to associate with these roles.
Backend string
The unique name of an existing Consul secrets backend mount. Must not begin or end with a /. One of path or backend is required.
Local bool
Indicates that the token should not be replicated globally and instead be local to the current datacenter.
MaxTtl int
Maximum TTL for leases associated with this role, in seconds.
Name string
The name of the Consul secrets engine role to create.
Path string
The unique name of an existing Consul secrets backend mount. Must not begin or end with a /. Deprecated

Deprecated: use backend instead

TokenType string
Specifies the type of token to create when using this role. Valid values are “client” or “management”.
Ttl int
Specifies the TTL for this role.
Policies []string
The list of Consul ACL policies to associate with these roles.
Backend string
The unique name of an existing Consul secrets backend mount. Must not begin or end with a /. One of path or backend is required.
Local bool
Indicates that the token should not be replicated globally and instead be local to the current datacenter.
MaxTtl int
Maximum TTL for leases associated with this role, in seconds.
Name string
The name of the Consul secrets engine role to create.
Path string
The unique name of an existing Consul secrets backend mount. Must not begin or end with a /. Deprecated

Deprecated: use backend instead

TokenType string
Specifies the type of token to create when using this role. Valid values are “client” or “management”.
Ttl int
Specifies the TTL for this role.
policies string[]
The list of Consul ACL policies to associate with these roles.
backend string
The unique name of an existing Consul secrets backend mount. Must not begin or end with a /. One of path or backend is required.
local boolean
Indicates that the token should not be replicated globally and instead be local to the current datacenter.
maxTtl number
Maximum TTL for leases associated with this role, in seconds.
name string
The name of the Consul secrets engine role to create.
path string
The unique name of an existing Consul secrets backend mount. Must not begin or end with a /. Deprecated

Deprecated: use backend instead

tokenType string
Specifies the type of token to create when using this role. Valid values are “client” or “management”.
ttl number
Specifies the TTL for this role.
policies Sequence[str]
The list of Consul ACL policies to associate with these roles.
backend str
The unique name of an existing Consul secrets backend mount. Must not begin or end with a /. One of path or backend is required.
local bool
Indicates that the token should not be replicated globally and instead be local to the current datacenter.
max_ttl int
Maximum TTL for leases associated with this role, in seconds.
name str
The name of the Consul secrets engine role to create.
path str
The unique name of an existing Consul secrets backend mount. Must not begin or end with a /. Deprecated

Deprecated: use backend instead

token_type str
Specifies the type of token to create when using this role. Valid values are “client” or “management”.
ttl int
Specifies the TTL for this role.

Outputs

All input properties are implicitly available as output properties. Additionally, the SecretBackendRole resource produces the following output properties:

Id string
The provider-assigned unique ID for this managed resource.
Id string
The provider-assigned unique ID for this managed resource.
id string
The provider-assigned unique ID for this managed resource.
id str
The provider-assigned unique ID for this managed resource.

Look up an Existing SecretBackendRole Resource

Get an existing SecretBackendRole resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: SecretBackendRoleState, opts?: CustomResourceOptions): SecretBackendRole
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        backend: Optional[str] = None,
        local: Optional[bool] = None,
        max_ttl: Optional[int] = None,
        name: Optional[str] = None,
        path: Optional[str] = None,
        policies: Optional[Sequence[str]] = None,
        token_type: Optional[str] = None,
        ttl: Optional[int] = None) -> SecretBackendRole
func GetSecretBackendRole(ctx *Context, name string, id IDInput, state *SecretBackendRoleState, opts ...ResourceOption) (*SecretBackendRole, error)
public static SecretBackendRole Get(string name, Input<string> id, SecretBackendRoleState? state, CustomResourceOptions? opts = null)
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.

The following state arguments are supported:

Backend string
The unique name of an existing Consul secrets backend mount. Must not begin or end with a /. One of path or backend is required.
Local bool
Indicates that the token should not be replicated globally and instead be local to the current datacenter.
MaxTtl int
Maximum TTL for leases associated with this role, in seconds.
Name string
The name of the Consul secrets engine role to create.
Path string
The unique name of an existing Consul secrets backend mount. Must not begin or end with a /. Deprecated

Deprecated: use backend instead

Policies List<string>
The list of Consul ACL policies to associate with these roles.
TokenType string
Specifies the type of token to create when using this role. Valid values are “client” or “management”.
Ttl int
Specifies the TTL for this role.
Backend string
The unique name of an existing Consul secrets backend mount. Must not begin or end with a /. One of path or backend is required.
Local bool
Indicates that the token should not be replicated globally and instead be local to the current datacenter.
MaxTtl int
Maximum TTL for leases associated with this role, in seconds.
Name string
The name of the Consul secrets engine role to create.
Path string
The unique name of an existing Consul secrets backend mount. Must not begin or end with a /. Deprecated

Deprecated: use backend instead

Policies []string
The list of Consul ACL policies to associate with these roles.
TokenType string
Specifies the type of token to create when using this role. Valid values are “client” or “management”.
Ttl int
Specifies the TTL for this role.
backend string
The unique name of an existing Consul secrets backend mount. Must not begin or end with a /. One of path or backend is required.
local boolean
Indicates that the token should not be replicated globally and instead be local to the current datacenter.
maxTtl number
Maximum TTL for leases associated with this role, in seconds.
name string
The name of the Consul secrets engine role to create.
path string
The unique name of an existing Consul secrets backend mount. Must not begin or end with a /. Deprecated

Deprecated: use backend instead

policies string[]
The list of Consul ACL policies to associate with these roles.
tokenType string
Specifies the type of token to create when using this role. Valid values are “client” or “management”.
ttl number
Specifies the TTL for this role.
backend str
The unique name of an existing Consul secrets backend mount. Must not begin or end with a /. One of path or backend is required.
local bool
Indicates that the token should not be replicated globally and instead be local to the current datacenter.
max_ttl int
Maximum TTL for leases associated with this role, in seconds.
name str
The name of the Consul secrets engine role to create.
path str
The unique name of an existing Consul secrets backend mount. Must not begin or end with a /. Deprecated

Deprecated: use backend instead

policies Sequence[str]
The list of Consul ACL policies to associate with these roles.
token_type str
Specifies the type of token to create when using this role. Valid values are “client” or “management”.
ttl int
Specifies the TTL for this role.

Import

Consul secret backend roles can be imported using the backend, /roles/, and the name e.g.

 $ pulumi import vault:consul/secretBackendRole:SecretBackendRole example consul/roles/my-role

Package Details

Repository
https://github.com/pulumi/pulumi-vault
License
Apache-2.0
Notes
This Pulumi package is based on the vault Terraform Provider.