AuthBackend
Provides a resource to configure the GCP auth backend within Vault.
Example Usage
using System.Collections.Generic;
using System.IO;
using Pulumi;
using Vault = Pulumi.Vault;
return await Deployment.RunAsync(() =>
{
var gcp = new Vault.Gcp.AuthBackend("gcp", new()
{
Credentials = File.ReadAllText("vault-gcp-credentials.json"),
CustomEndpoint = new Vault.Gcp.Inputs.AuthBackendCustomEndpointArgs
{
Api = "www.googleapis.com",
Iam = "iam.googleapis.com",
Crm = "cloudresourcemanager.googleapis.com",
Compute = "compute.googleapis.com",
},
});
});
package main
import (
"io/ioutil"
"github.com/pulumi/pulumi-vault/sdk/v5/go/vault/gcp"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func readFileOrPanic(path string) pulumi.StringPtrInput {
data, err := ioutil.ReadFile(path)
if err != nil {
panic(err.Error())
}
return pulumi.String(string(data))
}
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := gcp.NewAuthBackend(ctx, "gcp", &gcp.AuthBackendArgs{
Credentials: readFileOrPanic("vault-gcp-credentials.json"),
CustomEndpoint: &gcp.AuthBackendCustomEndpointArgs{
Api: pulumi.String("www.googleapis.com"),
Iam: pulumi.String("iam.googleapis.com"),
Crm: pulumi.String("cloudresourcemanager.googleapis.com"),
Compute: pulumi.String("compute.googleapis.com"),
},
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vault.gcp.AuthBackend;
import com.pulumi.vault.gcp.AuthBackendArgs;
import com.pulumi.vault.gcp.inputs.AuthBackendCustomEndpointArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var gcp = new AuthBackend("gcp", AuthBackendArgs.builder()
.credentials(Files.readString(Paths.get("vault-gcp-credentials.json")))
.customEndpoint(AuthBackendCustomEndpointArgs.builder()
.api("www.googleapis.com")
.iam("iam.googleapis.com")
.crm("cloudresourcemanager.googleapis.com")
.compute("compute.googleapis.com")
.build())
.build());
}
}
import pulumi
import pulumi_vault as vault
gcp = vault.gcp.AuthBackend("gcp",
credentials=(lambda path: open(path).read())("vault-gcp-credentials.json"),
custom_endpoint=vault.gcp.AuthBackendCustomEndpointArgs(
api="www.googleapis.com",
iam="iam.googleapis.com",
crm="cloudresourcemanager.googleapis.com",
compute="compute.googleapis.com",
))
import * as pulumi from "@pulumi/pulumi";
import * as fs from "fs";
import * as vault from "@pulumi/vault";
const gcp = new vault.gcp.AuthBackend("gcp", {
credentials: fs.readFileSync("vault-gcp-credentials.json"),
customEndpoint: {
api: "www.googleapis.com",
iam: "iam.googleapis.com",
crm: "cloudresourcemanager.googleapis.com",
compute: "compute.googleapis.com",
},
});
Coming soon!
Create AuthBackend Resource
new AuthBackend(name: string, args?: AuthBackendArgs, opts?: CustomResourceOptions);@overload
def AuthBackend(resource_name: str,
opts: Optional[ResourceOptions] = None,
client_email: Optional[str] = None,
client_id: Optional[str] = None,
credentials: Optional[str] = None,
custom_endpoint: Optional[AuthBackendCustomEndpointArgs] = None,
description: Optional[str] = None,
disable_remount: Optional[bool] = None,
local: Optional[bool] = None,
namespace: Optional[str] = None,
path: Optional[str] = None,
private_key_id: Optional[str] = None,
project_id: Optional[str] = None)
@overload
def AuthBackend(resource_name: str,
args: Optional[AuthBackendArgs] = None,
opts: Optional[ResourceOptions] = None)func NewAuthBackend(ctx *Context, name string, args *AuthBackendArgs, opts ...ResourceOption) (*AuthBackend, error)public AuthBackend(string name, AuthBackendArgs? args = null, CustomResourceOptions? opts = null)
public AuthBackend(String name, AuthBackendArgs args)
public AuthBackend(String name, AuthBackendArgs args, CustomResourceOptions options)
type: vault:gcp:AuthBackend
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AuthBackendArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args AuthBackendArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args AuthBackendArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AuthBackendArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args AuthBackendArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
AuthBackend Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The AuthBackend resource accepts the following input properties:
- Client
Email string The clients email associated with the credentials
- Client
Id string The Client ID of the credentials
- Credentials string
A JSON string containing the contents of a GCP credentials file. If this value is empty, Vault will try to use Application Default Credentials from the machine on which the Vault server is running.
- Custom
Endpoint AuthBackend Custom Endpoint Args Specifies overrides to service endpoints used when making API requests. This allows specific requests made during authentication to target alternative service endpoints for use in Private Google Access environments. Requires Vault 1.11+.
- Description string
A description of the auth method.
- Disable
Remount bool If set, opts out of mount migration on path updates. See here for more info on Mount Migration
- Local bool
Specifies if the auth method is local only.
- Namespace string
The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise.- Path string
The path to mount the auth method — this defaults to 'gcp'.
- Private
Key stringId The ID of the private key from the credentials
- Project
Id string The GCP Project ID
- Client
Email string The clients email associated with the credentials
- Client
Id string The Client ID of the credentials
- Credentials string
A JSON string containing the contents of a GCP credentials file. If this value is empty, Vault will try to use Application Default Credentials from the machine on which the Vault server is running.
- Custom
Endpoint AuthBackend Custom Endpoint Args Specifies overrides to service endpoints used when making API requests. This allows specific requests made during authentication to target alternative service endpoints for use in Private Google Access environments. Requires Vault 1.11+.
- Description string
A description of the auth method.
- Disable
Remount bool If set, opts out of mount migration on path updates. See here for more info on Mount Migration
- Local bool
Specifies if the auth method is local only.
- Namespace string
The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise.- Path string
The path to mount the auth method — this defaults to 'gcp'.
- Private
Key stringId The ID of the private key from the credentials
- Project
Id string The GCP Project ID
- client
Email String The clients email associated with the credentials
- client
Id String The Client ID of the credentials
- credentials String
A JSON string containing the contents of a GCP credentials file. If this value is empty, Vault will try to use Application Default Credentials from the machine on which the Vault server is running.
- custom
Endpoint AuthBackend Custom Endpoint Args Specifies overrides to service endpoints used when making API requests. This allows specific requests made during authentication to target alternative service endpoints for use in Private Google Access environments. Requires Vault 1.11+.
- description String
A description of the auth method.
- disable
Remount Boolean If set, opts out of mount migration on path updates. See here for more info on Mount Migration
- local Boolean
Specifies if the auth method is local only.
- namespace String
The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise.- path String
The path to mount the auth method — this defaults to 'gcp'.
- private
Key StringId The ID of the private key from the credentials
- project
Id String The GCP Project ID
- client
Email string The clients email associated with the credentials
- client
Id string The Client ID of the credentials
- credentials string
A JSON string containing the contents of a GCP credentials file. If this value is empty, Vault will try to use Application Default Credentials from the machine on which the Vault server is running.
- custom
Endpoint AuthBackend Custom Endpoint Args Specifies overrides to service endpoints used when making API requests. This allows specific requests made during authentication to target alternative service endpoints for use in Private Google Access environments. Requires Vault 1.11+.
- description string
A description of the auth method.
- disable
Remount boolean If set, opts out of mount migration on path updates. See here for more info on Mount Migration
- local boolean
Specifies if the auth method is local only.
- namespace string
The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise.- path string
The path to mount the auth method — this defaults to 'gcp'.
- private
Key stringId The ID of the private key from the credentials
- project
Id string The GCP Project ID
- client_
email str The clients email associated with the credentials
- client_
id str The Client ID of the credentials
- credentials str
A JSON string containing the contents of a GCP credentials file. If this value is empty, Vault will try to use Application Default Credentials from the machine on which the Vault server is running.
- custom_
endpoint AuthBackend Custom Endpoint Args Specifies overrides to service endpoints used when making API requests. This allows specific requests made during authentication to target alternative service endpoints for use in Private Google Access environments. Requires Vault 1.11+.
- description str
A description of the auth method.
- disable_
remount bool If set, opts out of mount migration on path updates. See here for more info on Mount Migration
- local bool
Specifies if the auth method is local only.
- namespace str
The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise.- path str
The path to mount the auth method — this defaults to 'gcp'.
- private_
key_ strid The ID of the private key from the credentials
- project_
id str The GCP Project ID
- client
Email String The clients email associated with the credentials
- client
Id String The Client ID of the credentials
- credentials String
A JSON string containing the contents of a GCP credentials file. If this value is empty, Vault will try to use Application Default Credentials from the machine on which the Vault server is running.
- custom
Endpoint Property Map Specifies overrides to service endpoints used when making API requests. This allows specific requests made during authentication to target alternative service endpoints for use in Private Google Access environments. Requires Vault 1.11+.
- description String
A description of the auth method.
- disable
Remount Boolean If set, opts out of mount migration on path updates. See here for more info on Mount Migration
- local Boolean
Specifies if the auth method is local only.
- namespace String
The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise.- path String
The path to mount the auth method — this defaults to 'gcp'.
- private
Key StringId The ID of the private key from the credentials
- project
Id String The GCP Project ID
Outputs
All input properties are implicitly available as output properties. Additionally, the AuthBackend resource produces the following output properties:
- Id string
The provider-assigned unique ID for this managed resource.
- Id string
The provider-assigned unique ID for this managed resource.
- id String
The provider-assigned unique ID for this managed resource.
- id string
The provider-assigned unique ID for this managed resource.
- id str
The provider-assigned unique ID for this managed resource.
- id String
The provider-assigned unique ID for this managed resource.
Look up Existing AuthBackend Resource
Get an existing AuthBackend resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: AuthBackendState, opts?: CustomResourceOptions): AuthBackend@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
client_email: Optional[str] = None,
client_id: Optional[str] = None,
credentials: Optional[str] = None,
custom_endpoint: Optional[AuthBackendCustomEndpointArgs] = None,
description: Optional[str] = None,
disable_remount: Optional[bool] = None,
local: Optional[bool] = None,
namespace: Optional[str] = None,
path: Optional[str] = None,
private_key_id: Optional[str] = None,
project_id: Optional[str] = None) -> AuthBackendfunc GetAuthBackend(ctx *Context, name string, id IDInput, state *AuthBackendState, opts ...ResourceOption) (*AuthBackend, error)public static AuthBackend Get(string name, Input<string> id, AuthBackendState? state, CustomResourceOptions? opts = null)public static AuthBackend get(String name, Output<String> id, AuthBackendState state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Client
Email string The clients email associated with the credentials
- Client
Id string The Client ID of the credentials
- Credentials string
A JSON string containing the contents of a GCP credentials file. If this value is empty, Vault will try to use Application Default Credentials from the machine on which the Vault server is running.
- Custom
Endpoint AuthBackend Custom Endpoint Args Specifies overrides to service endpoints used when making API requests. This allows specific requests made during authentication to target alternative service endpoints for use in Private Google Access environments. Requires Vault 1.11+.
- Description string
A description of the auth method.
- Disable
Remount bool If set, opts out of mount migration on path updates. See here for more info on Mount Migration
- Local bool
Specifies if the auth method is local only.
- Namespace string
The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise.- Path string
The path to mount the auth method — this defaults to 'gcp'.
- Private
Key stringId The ID of the private key from the credentials
- Project
Id string The GCP Project ID
- Client
Email string The clients email associated with the credentials
- Client
Id string The Client ID of the credentials
- Credentials string
A JSON string containing the contents of a GCP credentials file. If this value is empty, Vault will try to use Application Default Credentials from the machine on which the Vault server is running.
- Custom
Endpoint AuthBackend Custom Endpoint Args Specifies overrides to service endpoints used when making API requests. This allows specific requests made during authentication to target alternative service endpoints for use in Private Google Access environments. Requires Vault 1.11+.
- Description string
A description of the auth method.
- Disable
Remount bool If set, opts out of mount migration on path updates. See here for more info on Mount Migration
- Local bool
Specifies if the auth method is local only.
- Namespace string
The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise.- Path string
The path to mount the auth method — this defaults to 'gcp'.
- Private
Key stringId The ID of the private key from the credentials
- Project
Id string The GCP Project ID
- client
Email String The clients email associated with the credentials
- client
Id String The Client ID of the credentials
- credentials String
A JSON string containing the contents of a GCP credentials file. If this value is empty, Vault will try to use Application Default Credentials from the machine on which the Vault server is running.
- custom
Endpoint AuthBackend Custom Endpoint Args Specifies overrides to service endpoints used when making API requests. This allows specific requests made during authentication to target alternative service endpoints for use in Private Google Access environments. Requires Vault 1.11+.
- description String
A description of the auth method.
- disable
Remount Boolean If set, opts out of mount migration on path updates. See here for more info on Mount Migration
- local Boolean
Specifies if the auth method is local only.
- namespace String
The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise.- path String
The path to mount the auth method — this defaults to 'gcp'.
- private
Key StringId The ID of the private key from the credentials
- project
Id String The GCP Project ID
- client
Email string The clients email associated with the credentials
- client
Id string The Client ID of the credentials
- credentials string
A JSON string containing the contents of a GCP credentials file. If this value is empty, Vault will try to use Application Default Credentials from the machine on which the Vault server is running.
- custom
Endpoint AuthBackend Custom Endpoint Args Specifies overrides to service endpoints used when making API requests. This allows specific requests made during authentication to target alternative service endpoints for use in Private Google Access environments. Requires Vault 1.11+.
- description string
A description of the auth method.
- disable
Remount boolean If set, opts out of mount migration on path updates. See here for more info on Mount Migration
- local boolean
Specifies if the auth method is local only.
- namespace string
The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise.- path string
The path to mount the auth method — this defaults to 'gcp'.
- private
Key stringId The ID of the private key from the credentials
- project
Id string The GCP Project ID
- client_
email str The clients email associated with the credentials
- client_
id str The Client ID of the credentials
- credentials str
A JSON string containing the contents of a GCP credentials file. If this value is empty, Vault will try to use Application Default Credentials from the machine on which the Vault server is running.
- custom_
endpoint AuthBackend Custom Endpoint Args Specifies overrides to service endpoints used when making API requests. This allows specific requests made during authentication to target alternative service endpoints for use in Private Google Access environments. Requires Vault 1.11+.
- description str
A description of the auth method.
- disable_
remount bool If set, opts out of mount migration on path updates. See here for more info on Mount Migration
- local bool
Specifies if the auth method is local only.
- namespace str
The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise.- path str
The path to mount the auth method — this defaults to 'gcp'.
- private_
key_ strid The ID of the private key from the credentials
- project_
id str The GCP Project ID
- client
Email String The clients email associated with the credentials
- client
Id String The Client ID of the credentials
- credentials String
A JSON string containing the contents of a GCP credentials file. If this value is empty, Vault will try to use Application Default Credentials from the machine on which the Vault server is running.
- custom
Endpoint Property Map Specifies overrides to service endpoints used when making API requests. This allows specific requests made during authentication to target alternative service endpoints for use in Private Google Access environments. Requires Vault 1.11+.
- description String
A description of the auth method.
- disable
Remount Boolean If set, opts out of mount migration on path updates. See here for more info on Mount Migration
- local Boolean
Specifies if the auth method is local only.
- namespace String
The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise.- path String
The path to mount the auth method — this defaults to 'gcp'.
- private
Key StringId The ID of the private key from the credentials
- project
Id String The GCP Project ID
Supporting Types
AuthBackendCustomEndpoint
- Api string
Replaces the service endpoint used in API requests to
https://www.googleapis.com.- Compute string
Replaces the service endpoint used in API requests to
https://compute.googleapis.com.- Crm string
Replaces the service endpoint used in API requests to
https://cloudresourcemanager.googleapis.com.- Iam string
Replaces the service endpoint used in API requests to
https://iam.googleapis.com.
- Api string
Replaces the service endpoint used in API requests to
https://www.googleapis.com.- Compute string
Replaces the service endpoint used in API requests to
https://compute.googleapis.com.- Crm string
Replaces the service endpoint used in API requests to
https://cloudresourcemanager.googleapis.com.- Iam string
Replaces the service endpoint used in API requests to
https://iam.googleapis.com.
- api String
Replaces the service endpoint used in API requests to
https://www.googleapis.com.- compute String
Replaces the service endpoint used in API requests to
https://compute.googleapis.com.- crm String
Replaces the service endpoint used in API requests to
https://cloudresourcemanager.googleapis.com.- iam String
Replaces the service endpoint used in API requests to
https://iam.googleapis.com.
- api string
Replaces the service endpoint used in API requests to
https://www.googleapis.com.- compute string
Replaces the service endpoint used in API requests to
https://compute.googleapis.com.- crm string
Replaces the service endpoint used in API requests to
https://cloudresourcemanager.googleapis.com.- iam string
Replaces the service endpoint used in API requests to
https://iam.googleapis.com.
- api str
Replaces the service endpoint used in API requests to
https://www.googleapis.com.- compute str
Replaces the service endpoint used in API requests to
https://compute.googleapis.com.- crm str
Replaces the service endpoint used in API requests to
https://cloudresourcemanager.googleapis.com.- iam str
Replaces the service endpoint used in API requests to
https://iam.googleapis.com.
- api String
Replaces the service endpoint used in API requests to
https://www.googleapis.com.- compute String
Replaces the service endpoint used in API requests to
https://compute.googleapis.com.- crm String
Replaces the service endpoint used in API requests to
https://cloudresourcemanager.googleapis.com.- iam String
Replaces the service endpoint used in API requests to
https://iam.googleapis.com.
Import
GCP authentication backends can be imported using the backend name, e.g.
$ pulumi import vault:gcp/authBackend:AuthBackend gcp gcp
Package Details
- Repository
- https://github.com/pulumi/pulumi-vault
- License
- Apache-2.0
- Notes
This Pulumi package is based on the
vaultTerraform Provider.