certAuthBackendRole.typescript.md

certAuthBackendRole Submodule

Constructs

CertAuthBackendRole

Represents a {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/cert_auth_backend_role vault_cert_auth_backend_role}.

Initializers

import { certAuthBackendRole } from '@cdktf/provider-vault'

new certAuthBackendRole.CertAuthBackendRole(scope: Construct, id: string, config: CertAuthBackendRoleConfig)

Name	Type	Description
scope	constructs.Construct	The scope in which to define this construct.
id	string	The scoped construct ID.
config	CertAuthBackendRoleConfig	No description.

---

scope^Required

• Type: constructs.Construct

The scope in which to define this construct.

---

id^Required

• Type: string

The scoped construct ID.

Must be unique amongst siblings in the same scope

---

config^Required

• Type: CertAuthBackendRoleConfig

---

Methods

Name	Description
toString	Returns a string representation of this construct.
addOverride	No description.
overrideLogicalId	Overrides the auto-generated logical ID with a specific ID.
resetOverrideLogicalId	Resets a previously passed logical Id to use the auto-generated logical id again.
toHclTerraform	No description.
toMetadata	No description.
toTerraform	Adds this resource to the terraform JSON output.
addMoveTarget	Adds a user defined moveTarget string to this resource to be later used in .moveTo(moveTarget) to resolve the location of the move.
getAnyMapAttribute	No description.
getBooleanAttribute	No description.
getBooleanMapAttribute	No description.
getListAttribute	No description.
getNumberAttribute	No description.
getNumberListAttribute	No description.
getNumberMapAttribute	No description.
getStringAttribute	No description.
getStringMapAttribute	No description.
hasResourceMove	No description.
importFrom	No description.
interpolationForAttribute	No description.
moveFromId	Move the resource corresponding to "id" to this resource.
moveTo	Moves this resource to the target resource given by moveTarget.
moveToId	Moves this resource to the resource corresponding to "id".
resetAllowedCommonNames	No description.
resetAllowedDnsSans	No description.
resetAllowedEmailSans	No description.
resetAllowedNames	No description.
resetAllowedOrganizationalUnits	No description.
resetAllowedUriSans	No description.
resetBackend	No description.
resetDisplayName	No description.
resetId	No description.
resetNamespace	No description.
resetOcspCaCertificates	No description.
resetOcspEnabled	No description.
resetOcspFailOpen	No description.
resetOcspQueryAllServers	No description.
resetOcspServersOverride	No description.
resetRequiredExtensions	No description.
resetTokenBoundCidrs	No description.
resetTokenExplicitMaxTtl	No description.
resetTokenMaxTtl	No description.
resetTokenNoDefaultPolicy	No description.
resetTokenNumUses	No description.
resetTokenPeriod	No description.
resetTokenPolicies	No description.
resetTokenTtl	No description.
resetTokenType	No description.

---

toString

public toString(): string

Returns a string representation of this construct.

addOverride

public addOverride(path: string, value: any): void

path^Required

• Type: string

---

value^Required

• Type: any

---

overrideLogicalId

public overrideLogicalId(newLogicalId: string): void

Overrides the auto-generated logical ID with a specific ID.

newLogicalId^Required

• Type: string

The new logical ID to use for this stack element.

---

resetOverrideLogicalId

public resetOverrideLogicalId(): void

Resets a previously passed logical Id to use the auto-generated logical id again.

toHclTerraform

public toHclTerraform(): any

toMetadata

public toMetadata(): any

toTerraform

public toTerraform(): any

Adds this resource to the terraform JSON output.

addMoveTarget

public addMoveTarget(moveTarget: string): void

Adds a user defined moveTarget string to this resource to be later used in .moveTo(moveTarget) to resolve the location of the move.

moveTarget^Required

• Type: string

The string move target that will correspond to this resource.

---

getAnyMapAttribute

public getAnyMapAttribute(terraformAttribute: string): {[ key: string ]: any}

terraformAttribute^Required

• Type: string

---

getBooleanAttribute

public getBooleanAttribute(terraformAttribute: string): IResolvable

terraformAttribute^Required

• Type: string

---

getBooleanMapAttribute

public getBooleanMapAttribute(terraformAttribute: string): {[ key: string ]: boolean}

terraformAttribute^Required

• Type: string

---

getListAttribute

public getListAttribute(terraformAttribute: string): string[]

terraformAttribute^Required

• Type: string

---

getNumberAttribute

public getNumberAttribute(terraformAttribute: string): number

terraformAttribute^Required

• Type: string

---

getNumberListAttribute

public getNumberListAttribute(terraformAttribute: string): number[]

terraformAttribute^Required

• Type: string

---

getNumberMapAttribute

public getNumberMapAttribute(terraformAttribute: string): {[ key: string ]: number}

terraformAttribute^Required

• Type: string

---

getStringAttribute

public getStringAttribute(terraformAttribute: string): string

terraformAttribute^Required

• Type: string

---

getStringMapAttribute

public getStringMapAttribute(terraformAttribute: string): {[ key: string ]: string}

terraformAttribute^Required

• Type: string

---

hasResourceMove

public hasResourceMove(): TerraformResourceMoveByTarget | TerraformResourceMoveById

importFrom

public importFrom(id: string, provider?: TerraformProvider): void

id^Required

• Type: string

---

provider^Optional

• Type: cdktf.TerraformProvider

---

interpolationForAttribute

public interpolationForAttribute(terraformAttribute: string): IResolvable

terraformAttribute^Required

• Type: string

---

moveFromId

public moveFromId(id: string): void

Move the resource corresponding to "id" to this resource.

Note that the resource being moved from must be marked as moved using it's instance function.

id^Required

• Type: string

Full id of resource being moved from, e.g. "aws_s3_bucket.example".

---

moveTo

public moveTo(moveTarget: string, index?: string | number): void

Moves this resource to the target resource given by moveTarget.

moveTarget^Required

• Type: string

The previously set user defined string set by .addMoveTarget() corresponding to the resource to move to.

---

index^Optional

• Type: string | number

Optional The index corresponding to the key the resource is to appear in the foreach of a resource to move to.

---

moveToId

public moveToId(id: string): void

Moves this resource to the resource corresponding to "id".

id^Required

• Type: string

Full id of resource to move to, e.g. "aws_s3_bucket.example".

---

resetAllowedCommonNames

public resetAllowedCommonNames(): void

resetAllowedDnsSans

public resetAllowedDnsSans(): void

resetAllowedEmailSans

public resetAllowedEmailSans(): void

resetAllowedNames

public resetAllowedNames(): void

resetAllowedOrganizationalUnits

public resetAllowedOrganizationalUnits(): void

resetAllowedUriSans

public resetAllowedUriSans(): void

resetBackend

public resetBackend(): void

resetDisplayName

public resetDisplayName(): void

resetId

public resetId(): void

resetNamespace

public resetNamespace(): void

resetOcspCaCertificates

public resetOcspCaCertificates(): void

resetOcspEnabled

public resetOcspEnabled(): void

resetOcspFailOpen

public resetOcspFailOpen(): void

resetOcspQueryAllServers

public resetOcspQueryAllServers(): void

resetOcspServersOverride

public resetOcspServersOverride(): void

resetRequiredExtensions

public resetRequiredExtensions(): void

resetTokenBoundCidrs

public resetTokenBoundCidrs(): void

resetTokenExplicitMaxTtl

public resetTokenExplicitMaxTtl(): void

resetTokenMaxTtl

public resetTokenMaxTtl(): void

resetTokenNoDefaultPolicy

public resetTokenNoDefaultPolicy(): void

resetTokenNumUses

public resetTokenNumUses(): void

resetTokenPeriod

public resetTokenPeriod(): void

resetTokenPolicies

public resetTokenPolicies(): void

resetTokenTtl

public resetTokenTtl(): void

resetTokenType

public resetTokenType(): void

Static Functions

Name	Description
isConstruct	Checks if x is a construct.
isTerraformElement	No description.
isTerraformResource	No description.
generateConfigForImport	Generates CDKTF code for importing a CertAuthBackendRole resource upon running "cdktf plan ".

---

isConstruct

import { certAuthBackendRole } from '@cdktf/provider-vault'

certAuthBackendRole.CertAuthBackendRole.isConstruct(x: any)

Checks if x is a construct.

Use this method instead of instanceof to properly detect Construct instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the constructs library on disk are seen as independent, completely different libraries. As a consequence, the class Construct in each copy of the constructs library is seen as a different class, and an instance of one class will not test as instanceof the other class. npm install will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the constructs library can be accidentally installed, and instanceof will behave unpredictably. It is safest to avoid using instanceof, and using this type-testing method instead.

x^Required

• Type: any

Any object.

---

isTerraformElement

import { certAuthBackendRole } from '@cdktf/provider-vault'

certAuthBackendRole.CertAuthBackendRole.isTerraformElement(x: any)

x^Required

• Type: any

---

isTerraformResource

import { certAuthBackendRole } from '@cdktf/provider-vault'

certAuthBackendRole.CertAuthBackendRole.isTerraformResource(x: any)

x^Required

• Type: any

---

generateConfigForImport

import { certAuthBackendRole } from '@cdktf/provider-vault'

certAuthBackendRole.CertAuthBackendRole.generateConfigForImport(scope: Construct, importToId: string, importFromId: string, provider?: TerraformProvider)

Generates CDKTF code for importing a CertAuthBackendRole resource upon running "cdktf plan ".

scope^Required

• Type: constructs.Construct

The scope in which to define this construct.

---

importToId^Required

• Type: string

The construct id used in the generated config for the CertAuthBackendRole to import.

---

importFromId^Required

• Type: string

The id of the existing CertAuthBackendRole that should be imported.

Refer to the {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/cert_auth_backend_role#import import section} in the documentation of this resource for the id to use

---

provider^Optional

• Type: cdktf.TerraformProvider

? Optional instance of the provider where the CertAuthBackendRole to import is found.

---

Properties

Name	Type	Description
node	constructs.Node	The tree node.
cdktfStack	cdktf.TerraformStack	No description.
fqn	string	No description.
friendlyUniqueId	string	No description.
terraformMetaArguments	{[ key: string ]: any}	No description.
terraformResourceType	string	No description.
terraformGeneratorMetadata	cdktf.TerraformProviderGeneratorMetadata	No description.
connection	cdktf.SSHProvisionerConnection | cdktf.WinrmProvisionerConnection	No description.
count	number | cdktf.TerraformCount	No description.
dependsOn	string[]	No description.
forEach	cdktf.ITerraformIterator	No description.
lifecycle	cdktf.TerraformResourceLifecycle	No description.
provider	cdktf.TerraformProvider	No description.
provisioners	cdktf.FileProvisioner | cdktf.LocalExecProvisioner | cdktf.RemoteExecProvisioner[]	No description.
allowedCommonNamesInput	string[]	No description.
allowedDnsSansInput	string[]	No description.
allowedEmailSansInput	string[]	No description.
allowedNamesInput	string[]	No description.
allowedOrganizationalUnitsInput	string[]	No description.
allowedUriSansInput	string[]	No description.
backendInput	string	No description.
certificateInput	string	No description.
displayNameInput	string	No description.
idInput	string	No description.
nameInput	string	No description.
namespaceInput	string	No description.
ocspCaCertificatesInput	string	No description.
ocspEnabledInput	boolean | cdktf.IResolvable	No description.
ocspFailOpenInput	boolean | cdktf.IResolvable	No description.
ocspQueryAllServersInput	boolean | cdktf.IResolvable	No description.
ocspServersOverrideInput	string[]	No description.
requiredExtensionsInput	string[]	No description.
tokenBoundCidrsInput	string[]	No description.
tokenExplicitMaxTtlInput	number	No description.
tokenMaxTtlInput	number	No description.
tokenNoDefaultPolicyInput	boolean | cdktf.IResolvable	No description.
tokenNumUsesInput	number	No description.
tokenPeriodInput	number	No description.
tokenPoliciesInput	string[]	No description.
tokenTtlInput	number	No description.
tokenTypeInput	string	No description.
allowedCommonNames	string[]	No description.
allowedDnsSans	string[]	No description.
allowedEmailSans	string[]	No description.
allowedNames	string[]	No description.
allowedOrganizationalUnits	string[]	No description.
allowedUriSans	string[]	No description.
backend	string	No description.
certificate	string	No description.
displayName	string	No description.
id	string	No description.
name	string	No description.
namespace	string	No description.
ocspCaCertificates	string	No description.
ocspEnabled	boolean | cdktf.IResolvable	No description.
ocspFailOpen	boolean | cdktf.IResolvable	No description.
ocspQueryAllServers	boolean | cdktf.IResolvable	No description.
ocspServersOverride	string[]	No description.
requiredExtensions	string[]	No description.
tokenBoundCidrs	string[]	No description.
tokenExplicitMaxTtl	number	No description.
tokenMaxTtl	number	No description.
tokenNoDefaultPolicy	boolean | cdktf.IResolvable	No description.
tokenNumUses	number	No description.
tokenPeriod	number	No description.
tokenPolicies	string[]	No description.
tokenTtl	number	No description.
tokenType	string	No description.

---

node^Required

public readonly node: Node;

• Type: constructs.Node

The tree node.

---

cdktfStack^Required

public readonly cdktfStack: TerraformStack;

• Type: cdktf.TerraformStack

---

fqn^Required

public readonly fqn: string;

• Type: string

---

friendlyUniqueId^Required

public readonly friendlyUniqueId: string;

• Type: string

---

terraformMetaArguments^Required

public readonly terraformMetaArguments: {[ key: string ]: any};

• Type: {[ key: string ]: any}

---

terraformResourceType^Required

public readonly terraformResourceType: string;

• Type: string

---

terraformGeneratorMetadata^Optional

public readonly terraformGeneratorMetadata: TerraformProviderGeneratorMetadata;

• Type: cdktf.TerraformProviderGeneratorMetadata

---

connection^Optional

public readonly connection: SSHProvisionerConnection | WinrmProvisionerConnection;

• Type: cdktf.SSHProvisionerConnection | cdktf.WinrmProvisionerConnection

---

count^Optional

public readonly count: number | TerraformCount;

• Type: number | cdktf.TerraformCount

---

dependsOn^Optional

public readonly dependsOn: string[];

• Type: string[]

---

forEach^Optional

public readonly forEach: ITerraformIterator;

• Type: cdktf.ITerraformIterator

---

lifecycle^Optional

public readonly lifecycle: TerraformResourceLifecycle;

• Type: cdktf.TerraformResourceLifecycle

---

provider^Optional

public readonly provider: TerraformProvider;

• Type: cdktf.TerraformProvider

---

provisioners^Optional

public readonly provisioners: FileProvisioner | LocalExecProvisioner | RemoteExecProvisioner[];

• Type: cdktf.FileProvisioner | cdktf.LocalExecProvisioner | cdktf.RemoteExecProvisioner[]

---

allowedCommonNamesInput^Optional

public readonly allowedCommonNamesInput: string[];

• Type: string[]

---

allowedDnsSansInput^Optional

public readonly allowedDnsSansInput: string[];

• Type: string[]

---

allowedEmailSansInput^Optional

public readonly allowedEmailSansInput: string[];

• Type: string[]

---

allowedNamesInput^Optional

public readonly allowedNamesInput: string[];

• Type: string[]

---

allowedOrganizationalUnitsInput^Optional

public readonly allowedOrganizationalUnitsInput: string[];

• Type: string[]

---

allowedUriSansInput^Optional

public readonly allowedUriSansInput: string[];

• Type: string[]

---

backendInput^Optional

public readonly backendInput: string;

• Type: string

---

certificateInput^Optional

public readonly certificateInput: string;

• Type: string

---

displayNameInput^Optional

public readonly displayNameInput: string;

• Type: string

---

idInput^Optional

public readonly idInput: string;

• Type: string

---

nameInput^Optional

public readonly nameInput: string;

• Type: string

---

namespaceInput^Optional

public readonly namespaceInput: string;

• Type: string

---

ocspCaCertificatesInput^Optional

public readonly ocspCaCertificatesInput: string;

• Type: string

---

ocspEnabledInput^Optional

public readonly ocspEnabledInput: boolean | IResolvable;

• Type: boolean | cdktf.IResolvable

---

ocspFailOpenInput^Optional

public readonly ocspFailOpenInput: boolean | IResolvable;

• Type: boolean | cdktf.IResolvable

---

ocspQueryAllServersInput^Optional

public readonly ocspQueryAllServersInput: boolean | IResolvable;

• Type: boolean | cdktf.IResolvable

---

ocspServersOverrideInput^Optional

public readonly ocspServersOverrideInput: string[];

• Type: string[]

---

requiredExtensionsInput^Optional

public readonly requiredExtensionsInput: string[];

• Type: string[]

---

tokenBoundCidrsInput^Optional

public readonly tokenBoundCidrsInput: string[];

• Type: string[]

---

tokenExplicitMaxTtlInput^Optional

public readonly tokenExplicitMaxTtlInput: number;

• Type: number

---

tokenMaxTtlInput^Optional

public readonly tokenMaxTtlInput: number;

• Type: number

---

tokenNoDefaultPolicyInput^Optional

public readonly tokenNoDefaultPolicyInput: boolean | IResolvable;

• Type: boolean | cdktf.IResolvable

---

tokenNumUsesInput^Optional

public readonly tokenNumUsesInput: number;

• Type: number

---

tokenPeriodInput^Optional

public readonly tokenPeriodInput: number;

• Type: number

---

tokenPoliciesInput^Optional

public readonly tokenPoliciesInput: string[];

• Type: string[]

---

tokenTtlInput^Optional

public readonly tokenTtlInput: number;

• Type: number

---

tokenTypeInput^Optional

public readonly tokenTypeInput: string;

• Type: string

---

allowedCommonNames^Required

public readonly allowedCommonNames: string[];

• Type: string[]

---

allowedDnsSans^Required

public readonly allowedDnsSans: string[];

• Type: string[]

---

allowedEmailSans^Required

public readonly allowedEmailSans: string[];

• Type: string[]

---

allowedNames^Required

public readonly allowedNames: string[];

• Type: string[]

---

allowedOrganizationalUnits^Required

public readonly allowedOrganizationalUnits: string[];

• Type: string[]

---

allowedUriSans^Required

public readonly allowedUriSans: string[];

• Type: string[]

---

backend^Required

public readonly backend: string;

• Type: string

---

certificate^Required

public readonly certificate: string;

• Type: string

---

displayName^Required

public readonly displayName: string;

• Type: string

---

id^Required

public readonly id: string;

• Type: string

---

name^Required

public readonly name: string;

• Type: string

---

namespace^Required

public readonly namespace: string;

• Type: string

---

ocspCaCertificates^Required

public readonly ocspCaCertificates: string;

• Type: string

---

ocspEnabled^Required

public readonly ocspEnabled: boolean | IResolvable;

• Type: boolean | cdktf.IResolvable

---

ocspFailOpen^Required

public readonly ocspFailOpen: boolean | IResolvable;

• Type: boolean | cdktf.IResolvable

---

ocspQueryAllServers^Required

public readonly ocspQueryAllServers: boolean | IResolvable;

• Type: boolean | cdktf.IResolvable

---

ocspServersOverride^Required

public readonly ocspServersOverride: string[];

• Type: string[]

---

requiredExtensions^Required

public readonly requiredExtensions: string[];

• Type: string[]

---

tokenBoundCidrs^Required

public readonly tokenBoundCidrs: string[];

• Type: string[]

---

tokenExplicitMaxTtl^Required

public readonly tokenExplicitMaxTtl: number;

• Type: number

---

tokenMaxTtl^Required

public readonly tokenMaxTtl: number;

• Type: number

---

tokenNoDefaultPolicy^Required

public readonly tokenNoDefaultPolicy: boolean | IResolvable;

• Type: boolean | cdktf.IResolvable

---

tokenNumUses^Required

public readonly tokenNumUses: number;

• Type: number

---

tokenPeriod^Required

public readonly tokenPeriod: number;

• Type: number

---

tokenPolicies^Required

public readonly tokenPolicies: string[];

• Type: string[]

---

tokenTtl^Required

public readonly tokenTtl: number;

• Type: number

---

tokenType^Required

public readonly tokenType: string;

• Type: string

---

Constants

Name	Type	Description
tfResourceType	string	No description.

---

tfResourceType^Required

public readonly tfResourceType: string;

• Type: string

---

Structs

CertAuthBackendRoleConfig

Initializer

import { certAuthBackendRole } from '@cdktf/provider-vault'

const certAuthBackendRoleConfig: certAuthBackendRole.CertAuthBackendRoleConfig = { ... }

Properties

Name	Type	Description
connection	cdktf.SSHProvisionerConnection | cdktf.WinrmProvisionerConnection	No description.
count	number | cdktf.TerraformCount	No description.
dependsOn	cdktf.ITerraformDependable[]	No description.
forEach	cdktf.ITerraformIterator	No description.
lifecycle	cdktf.TerraformResourceLifecycle	No description.
provider	cdktf.TerraformProvider	No description.
provisioners	cdktf.FileProvisioner | cdktf.LocalExecProvisioner | cdktf.RemoteExecProvisioner[]	No description.
certificate	string	Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/cert_auth_backend_role#certificate CertAuthBackendRole#certificate}.
name	string	Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/cert_auth_backend_role#name CertAuthBackendRole#name}.
allowedCommonNames	string[]	Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/cert_auth_backend_role#allowed_common_names CertAuthBackendRole#allowed_common_names}.
allowedDnsSans	string[]	Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/cert_auth_backend_role#allowed_dns_sans CertAuthBackendRole#allowed_dns_sans}.
allowedEmailSans	string[]	Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/cert_auth_backend_role#allowed_email_sans CertAuthBackendRole#allowed_email_sans}.
allowedNames	string[]	Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/cert_auth_backend_role#allowed_names CertAuthBackendRole#allowed_names}.
allowedOrganizationalUnits	string[]	Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/cert_auth_backend_role#allowed_organizational_units CertAuthBackendRole#allowed_organizational_units}.
allowedUriSans	string[]	Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/cert_auth_backend_role#allowed_uri_sans CertAuthBackendRole#allowed_uri_sans}.
backend	string	Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/cert_auth_backend_role#backend CertAuthBackendRole#backend}.
displayName	string	Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/cert_auth_backend_role#display_name CertAuthBackendRole#display_name}.
id	string	Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/cert_auth_backend_role#id CertAuthBackendRole#id}.
namespace	string	Target namespace. (requires Enterprise).
ocspCaCertificates	string	Any additional CA certificates needed to verify OCSP responses. Provided as base64 encoded PEM data.
ocspEnabled	boolean | cdktf.IResolvable	If enabled, validate certificates' revocation status using OCSP.
ocspFailOpen	boolean | cdktf.IResolvable	If true and an OCSP response cannot be fetched or is of an unknown status, the login will proceed as if the certificate has not been revoked.
ocspQueryAllServers	boolean | cdktf.IResolvable	If set to true, rather than accepting the first successful OCSP response, query all servers and consider the certificate valid only if all servers agree.
ocspServersOverride	string[]	A comma-separated list of OCSP server addresses.
requiredExtensions	string[]	Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/cert_auth_backend_role#required_extensions CertAuthBackendRole#required_extensions}.
tokenBoundCidrs	string[]	Specifies the blocks of IP addresses which are allowed to use the generated token.
tokenExplicitMaxTtl	number	Generated Token's Explicit Maximum TTL in seconds.
tokenMaxTtl	number	The maximum lifetime of the generated token.
tokenNoDefaultPolicy	boolean | cdktf.IResolvable	If true, the 'default' policy will not automatically be added to generated tokens.
tokenNumUses	number	The maximum number of times a token may be used, a value of zero means unlimited.
tokenPeriod	number	Generated Token's Period.
tokenPolicies	string[]	Generated Token's Policies.
tokenTtl	number	The initial ttl of the token to generate in seconds.
tokenType	string	The type of token to generate, service or batch.

---

connection^Optional

public readonly connection: SSHProvisionerConnection | WinrmProvisionerConnection;

• Type: cdktf.SSHProvisionerConnection | cdktf.WinrmProvisionerConnection

---

count^Optional

public readonly count: number | TerraformCount;

• Type: number | cdktf.TerraformCount

---

dependsOn^Optional

public readonly dependsOn: ITerraformDependable[];

• Type: cdktf.ITerraformDependable[]

---

forEach^Optional

public readonly forEach: ITerraformIterator;

• Type: cdktf.ITerraformIterator

---

lifecycle^Optional

public readonly lifecycle: TerraformResourceLifecycle;

• Type: cdktf.TerraformResourceLifecycle

---

provider^Optional

public readonly provider: TerraformProvider;

• Type: cdktf.TerraformProvider

---

provisioners^Optional

public readonly provisioners: FileProvisioner | LocalExecProvisioner | RemoteExecProvisioner[];

• Type: cdktf.FileProvisioner | cdktf.LocalExecProvisioner | cdktf.RemoteExecProvisioner[]

---

certificate^Required

public readonly certificate: string;

• Type: string

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/cert_auth_backend_role#certificate CertAuthBackendRole#certificate}.

---

name^Required

public readonly name: string;

• Type: string

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/cert_auth_backend_role#name CertAuthBackendRole#name}.

---

allowedCommonNames^Optional

public readonly allowedCommonNames: string[];

• Type: string[]

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/cert_auth_backend_role#allowed_common_names CertAuthBackendRole#allowed_common_names}.

---

allowedDnsSans^Optional

public readonly allowedDnsSans: string[];

• Type: string[]

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/cert_auth_backend_role#allowed_dns_sans CertAuthBackendRole#allowed_dns_sans}.

---

allowedEmailSans^Optional

public readonly allowedEmailSans: string[];

• Type: string[]

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/cert_auth_backend_role#allowed_email_sans CertAuthBackendRole#allowed_email_sans}.

---

allowedNames^Optional

public readonly allowedNames: string[];

• Type: string[]

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/cert_auth_backend_role#allowed_names CertAuthBackendRole#allowed_names}.

---

allowedOrganizationalUnits^Optional

public readonly allowedOrganizationalUnits: string[];

• Type: string[]

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/cert_auth_backend_role#allowed_organizational_units CertAuthBackendRole#allowed_organizational_units}.

---

allowedUriSans^Optional

public readonly allowedUriSans: string[];

• Type: string[]

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/cert_auth_backend_role#allowed_uri_sans CertAuthBackendRole#allowed_uri_sans}.

---

backend^Optional

public readonly backend: string;

• Type: string

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/cert_auth_backend_role#backend CertAuthBackendRole#backend}.

---

displayName^Optional

public readonly displayName: string;

• Type: string

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/cert_auth_backend_role#display_name CertAuthBackendRole#display_name}.

---

id^Optional

public readonly id: string;

• Type: string

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/cert_auth_backend_role#id CertAuthBackendRole#id}.

Please be aware that the id field is automatically added to all resources in Terraform providers using a Terraform provider SDK version below 2. If you experience problems setting this value it might not be settable. Please take a look at the provider documentation to ensure it should be settable.

---

namespace^Optional

public readonly namespace: string;

• Type: string

Target namespace. (requires Enterprise).

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/cert_auth_backend_role#namespace CertAuthBackendRole#namespace}

---

ocspCaCertificates^Optional

public readonly ocspCaCertificates: string;

• Type: string

Any additional CA certificates needed to verify OCSP responses. Provided as base64 encoded PEM data.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/cert_auth_backend_role#ocsp_ca_certificates CertAuthBackendRole#ocsp_ca_certificates}

---

ocspEnabled^Optional

public readonly ocspEnabled: boolean | IResolvable;

• Type: boolean | cdktf.IResolvable

If enabled, validate certificates' revocation status using OCSP.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/cert_auth_backend_role#ocsp_enabled CertAuthBackendRole#ocsp_enabled}

---

ocspFailOpen^Optional

public readonly ocspFailOpen: boolean | IResolvable;

• Type: boolean | cdktf.IResolvable

If true and an OCSP response cannot be fetched or is of an unknown status, the login will proceed as if the certificate has not been revoked.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/cert_auth_backend_role#ocsp_fail_open CertAuthBackendRole#ocsp_fail_open}

---

ocspQueryAllServers^Optional

public readonly ocspQueryAllServers: boolean | IResolvable;

• Type: boolean | cdktf.IResolvable

If set to true, rather than accepting the first successful OCSP response, query all servers and consider the certificate valid only if all servers agree.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/cert_auth_backend_role#ocsp_query_all_servers CertAuthBackendRole#ocsp_query_all_servers}

---

ocspServersOverride^Optional

public readonly ocspServersOverride: string[];

• Type: string[]

A comma-separated list of OCSP server addresses.

If unset, the OCSP server is determined from the AuthorityInformationAccess extension on the certificate being inspected.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/cert_auth_backend_role#ocsp_servers_override CertAuthBackendRole#ocsp_servers_override}

---

requiredExtensions^Optional

public readonly requiredExtensions: string[];

• Type: string[]

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/cert_auth_backend_role#required_extensions CertAuthBackendRole#required_extensions}.

---

tokenBoundCidrs^Optional

public readonly tokenBoundCidrs: string[];

• Type: string[]

Specifies the blocks of IP addresses which are allowed to use the generated token.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/cert_auth_backend_role#token_bound_cidrs CertAuthBackendRole#token_bound_cidrs}

---

tokenExplicitMaxTtl^Optional

public readonly tokenExplicitMaxTtl: number;

• Type: number

Generated Token's Explicit Maximum TTL in seconds.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/cert_auth_backend_role#token_explicit_max_ttl CertAuthBackendRole#token_explicit_max_ttl}

---

tokenMaxTtl^Optional

public readonly tokenMaxTtl: number;

• Type: number

The maximum lifetime of the generated token.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/cert_auth_backend_role#token_max_ttl CertAuthBackendRole#token_max_ttl}

---

tokenNoDefaultPolicy^Optional

public readonly tokenNoDefaultPolicy: boolean | IResolvable;

• Type: boolean | cdktf.IResolvable

If true, the 'default' policy will not automatically be added to generated tokens.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/cert_auth_backend_role#token_no_default_policy CertAuthBackendRole#token_no_default_policy}

---

tokenNumUses^Optional

public readonly tokenNumUses: number;

• Type: number

The maximum number of times a token may be used, a value of zero means unlimited.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/cert_auth_backend_role#token_num_uses CertAuthBackendRole#token_num_uses}

---

tokenPeriod^Optional

public readonly tokenPeriod: number;

• Type: number

Generated Token's Period.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/cert_auth_backend_role#token_period CertAuthBackendRole#token_period}

---

tokenPolicies^Optional

public readonly tokenPolicies: string[];

• Type: string[]

Generated Token's Policies.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/cert_auth_backend_role#token_policies CertAuthBackendRole#token_policies}

---

tokenTtl^Optional

public readonly tokenTtl: number;

• Type: number

The initial ttl of the token to generate in seconds.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/cert_auth_backend_role#token_ttl CertAuthBackendRole#token_ttl}

---

tokenType^Optional

public readonly tokenType: string;

• Type: string

The type of token to generate, service or batch.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/cert_auth_backend_role#token_type CertAuthBackendRole#token_type}

---