`jwtAuthBackendRole` Submodule

Constructs

JwtAuthBackendRole

Represents a {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role vault_jwt_auth_backend_role}.

Initializers

from cdktf_cdktf_provider_vault import jwt_auth_backend_role

jwtAuthBackendRole.JwtAuthBackendRole(
  scope: Construct,
  id: str,
  connection: typing.Union[SSHProvisionerConnection, WinrmProvisionerConnection] = None,
  count: typing.Union[typing.Union[int, float], TerraformCount] = None,
  depends_on: typing.List[ITerraformDependable] = None,
  for_each: ITerraformIterator = None,
  lifecycle: TerraformResourceLifecycle = None,
  provider: TerraformProvider = None,
  provisioners: typing.List[typing.Union[FileProvisioner, LocalExecProvisioner, RemoteExecProvisioner]] = None,
  role_name: str,
  user_claim: str,
  allowed_redirect_uris: typing.List[str] = None,
  backend: str = None,
  bound_audiences: typing.List[str] = None,
  bound_claims: typing.Mapping[str] = None,
  bound_claims_type: str = None,
  bound_subject: str = None,
  claim_mappings: typing.Mapping[str] = None,
  clock_skew_leeway: typing.Union[int, float] = None,
  disable_bound_claims_parsing: typing.Union[bool, IResolvable] = None,
  expiration_leeway: typing.Union[int, float] = None,
  groups_claim: str = None,
  id: str = None,
  max_age: typing.Union[int, float] = None,
  namespace: str = None,
  not_before_leeway: typing.Union[int, float] = None,
  oidc_scopes: typing.List[str] = None,
  role_type: str = None,
  token_bound_cidrs: typing.List[str] = None,
  token_explicit_max_ttl: typing.Union[int, float] = None,
  token_max_ttl: typing.Union[int, float] = None,
  token_no_default_policy: typing.Union[bool, IResolvable] = None,
  token_num_uses: typing.Union[int, float] = None,
  token_period: typing.Union[int, float] = None,
  token_policies: typing.List[str] = None,
  token_ttl: typing.Union[int, float] = None,
  token_type: str = None,
  user_claim_json_pointer: typing.Union[bool, IResolvable] = None,
  verbose_oidc_logging: typing.Union[bool, IResolvable] = None
)

Name	Type	Description
`scope`	`constructs.Construct`	The scope in which to define this construct.
`id`	`str`	The scoped construct ID.
`connection`	`typing.Union[cdktf.SSHProvisionerConnection, cdktf.WinrmProvisionerConnection]`	No description.
`count`	`typing.Union[typing.Union[int, float], cdktf.TerraformCount]`	No description.
`depends_on`	`typing.List[cdktf.ITerraformDependable]`	No description.
`for_each`	`cdktf.ITerraformIterator`	No description.
`lifecycle`	`cdktf.TerraformResourceLifecycle`	No description.
`provider`	`cdktf.TerraformProvider`	No description.
`provisioners`	`typing.List[typing.Union[cdktf.FileProvisioner, cdktf.LocalExecProvisioner, cdktf.RemoteExecProvisioner]]`	No description.
`role_name`	`str`	Name of the role.
`user_claim`	`str`	The claim to use to uniquely identify the user;
`allowed_redirect_uris`	`typing.List[str]`	The list of allowed values for redirect_uri during OIDC logins.
`backend`	`str`	Unique name of the auth backend to configure.
`bound_audiences`	`typing.List[str]`	List of aud claims to match against. Any match is sufficient.
`bound_claims`	`typing.Mapping[str]`	Map of claims/values to match against. The expected value may be a single string or a comma-separated string list.
`bound_claims_type`	`str`	How to interpret values in the claims/values map: can be either "string" (exact match) or "glob" (wildcard match).
`bound_subject`	`str`	If set, requires that the sub claim matches this value.
`claim_mappings`	`typing.Mapping[str]`	Map of claims (keys) to be copied to specified metadata fields (values).
`clock_skew_leeway`	`typing.Union[int, float]`	The amount of leeway to add to all claims to account for clock skew, in seconds.
`disable_bound_claims_parsing`	`typing.Union[bool, cdktf.IResolvable]`	Disable bound claim value parsing. Useful when values contain commas.
`expiration_leeway`	`typing.Union[int, float]`	The amount of leeway to add to expiration (exp) claims to account for clock skew, in seconds.
`groups_claim`	`str`	The claim to use to uniquely identify the set of groups to which the user belongs;
`id`	`str`	Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#id JwtAuthBackendRole#id}.
`max_age`	`typing.Union[int, float]`	Specifies the allowable elapsed time in seconds since the last time the user was actively authenticated.
`namespace`	`str`	Target namespace. (requires Enterprise).
`not_before_leeway`	`typing.Union[int, float]`	The amount of leeway to add to not before (nbf) claims to account for clock skew, in seconds.
`oidc_scopes`	`typing.List[str]`	List of OIDC scopes to be used with an OIDC role.
`role_type`	`str`	Type of role, either "oidc" (default) or "jwt".
`token_bound_cidrs`	`typing.List[str]`	Specifies the blocks of IP addresses which are allowed to use the generated token.
`token_explicit_max_ttl`	`typing.Union[int, float]`	Generated Token's Explicit Maximum TTL in seconds.
`token_max_ttl`	`typing.Union[int, float]`	The maximum lifetime of the generated token.
`token_no_default_policy`	`typing.Union[bool, cdktf.IResolvable]`	If true, the 'default' policy will not automatically be added to generated tokens.
`token_num_uses`	`typing.Union[int, float]`	The maximum number of times a token may be used, a value of zero means unlimited.
`token_period`	`typing.Union[int, float]`	Generated Token's Period.
`token_policies`	`typing.List[str]`	Generated Token's Policies.
`token_ttl`	`typing.Union[int, float]`	The initial ttl of the token to generate in seconds.
`token_type`	`str`	The type of token to generate, service or batch.
`user_claim_json_pointer`	`typing.Union[bool, cdktf.IResolvable]`	Specifies if the user_claim value uses JSON pointer syntax for referencing claims.
`verbose_oidc_logging`	`typing.Union[bool, cdktf.IResolvable]`	Log received OIDC tokens and claims when debug-level logging is active.

`scope`^Required

Type: constructs.Construct

The scope in which to define this construct.

`id`^Required

Type: str

The scoped construct ID.

Must be unique amongst siblings in the same scope

`connection`^Optional

Type: typing.Union[cdktf.SSHProvisionerConnection, cdktf.WinrmProvisionerConnection]

`count`^Optional

Type: typing.Union[typing.Union[int, float], cdktf.TerraformCount]

`depends_on`^Optional

Type: typing.List[cdktf.ITerraformDependable]

`for_each`^Optional

Type: cdktf.ITerraformIterator

`lifecycle`^Optional

Type: cdktf.TerraformResourceLifecycle

`provider`^Optional

Type: cdktf.TerraformProvider

`provisioners`^Optional

Type: typing.List[typing.Union[cdktf.FileProvisioner, cdktf.LocalExecProvisioner, cdktf.RemoteExecProvisioner]]

`role_name`^Required

Type: str

Name of the role.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#role_name JwtAuthBackendRole#role_name}

`user_claim`^Required

Type: str

The claim to use to uniquely identify the user;

this will be used as the name for the Identity entity alias created due to a successful login.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#user_claim JwtAuthBackendRole#user_claim}

`allowed_redirect_uris`^Optional

Type: typing.List[str]

The list of allowed values for redirect_uri during OIDC logins.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#allowed_redirect_uris JwtAuthBackendRole#allowed_redirect_uris}

`backend`^Optional

Type: str

Unique name of the auth backend to configure.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#backend JwtAuthBackendRole#backend}

`bound_audiences`^Optional

Type: typing.List[str]

List of aud claims to match against. Any match is sufficient.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#bound_audiences JwtAuthBackendRole#bound_audiences}

`bound_claims`^Optional

Type: typing.Mapping[str]

Map of claims/values to match against. The expected value may be a single string or a comma-separated string list.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#bound_claims JwtAuthBackendRole#bound_claims}

`bound_claims_type`^Optional

Type: str

How to interpret values in the claims/values map: can be either "string" (exact match) or "glob" (wildcard match).

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#bound_claims_type JwtAuthBackendRole#bound_claims_type}

`bound_subject`^Optional

Type: str

If set, requires that the sub claim matches this value.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#bound_subject JwtAuthBackendRole#bound_subject}

`claim_mappings`^Optional

Type: typing.Mapping[str]

Map of claims (keys) to be copied to specified metadata fields (values).

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#claim_mappings JwtAuthBackendRole#claim_mappings}

`clock_skew_leeway`^Optional

Type: typing.Union[int, float]

The amount of leeway to add to all claims to account for clock skew, in seconds.

Defaults to 60 seconds if set to 0 and can be disabled if set to -1. Only applicable with 'jwt' roles.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#clock_skew_leeway JwtAuthBackendRole#clock_skew_leeway}

`disable_bound_claims_parsing`^Optional

Type: typing.Union[bool, cdktf.IResolvable]

Disable bound claim value parsing. Useful when values contain commas.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#disable_bound_claims_parsing JwtAuthBackendRole#disable_bound_claims_parsing}

`expiration_leeway`^Optional

Type: typing.Union[int, float]

The amount of leeway to add to expiration (exp) claims to account for clock skew, in seconds.

Defaults to 60 seconds if set to 0 and can be disabled if set to -1. Only applicable with 'jwt' roles.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#expiration_leeway JwtAuthBackendRole#expiration_leeway}

`groups_claim`^Optional

Type: str

The claim to use to uniquely identify the set of groups to which the user belongs;

this will be used as the names for the Identity group aliases created due to a successful login. The claim value must be a list of strings.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#groups_claim JwtAuthBackendRole#groups_claim}

`id`^Optional

Type: str

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#id JwtAuthBackendRole#id}.

Please be aware that the id field is automatically added to all resources in Terraform providers using a Terraform provider SDK version below 2. If you experience problems setting this value it might not be settable. Please take a look at the provider documentation to ensure it should be settable.

`max_age`^Optional

Type: typing.Union[int, float]

Specifies the allowable elapsed time in seconds since the last time the user was actively authenticated.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#max_age JwtAuthBackendRole#max_age}

`namespace`^Optional

Type: str

Target namespace. (requires Enterprise).

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#namespace JwtAuthBackendRole#namespace}

`not_before_leeway`^Optional

Type: typing.Union[int, float]

The amount of leeway to add to not before (nbf) claims to account for clock skew, in seconds.

Defaults to 150 seconds if set to 0 and can be disabled if set to -1. Only applicable with 'jwt' roles.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#not_before_leeway JwtAuthBackendRole#not_before_leeway}

`oidc_scopes`^Optional

Type: typing.List[str]

List of OIDC scopes to be used with an OIDC role.

The standard scope "openid" is automatically included and need not be specified.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#oidc_scopes JwtAuthBackendRole#oidc_scopes}

`role_type`^Optional

Type: str

Type of role, either "oidc" (default) or "jwt".

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#role_type JwtAuthBackendRole#role_type}

`token_bound_cidrs`^Optional

Type: typing.List[str]

Specifies the blocks of IP addresses which are allowed to use the generated token.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#token_bound_cidrs JwtAuthBackendRole#token_bound_cidrs}

`token_explicit_max_ttl`^Optional

Type: typing.Union[int, float]

Generated Token's Explicit Maximum TTL in seconds.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#token_explicit_max_ttl JwtAuthBackendRole#token_explicit_max_ttl}

`token_max_ttl`^Optional

Type: typing.Union[int, float]

The maximum lifetime of the generated token.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#token_max_ttl JwtAuthBackendRole#token_max_ttl}

`token_no_default_policy`^Optional

Type: typing.Union[bool, cdktf.IResolvable]

If true, the 'default' policy will not automatically be added to generated tokens.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#token_no_default_policy JwtAuthBackendRole#token_no_default_policy}

`token_num_uses`^Optional

Type: typing.Union[int, float]

The maximum number of times a token may be used, a value of zero means unlimited.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#token_num_uses JwtAuthBackendRole#token_num_uses}

`token_period`^Optional

Type: typing.Union[int, float]

Generated Token's Period.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#token_period JwtAuthBackendRole#token_period}

`token_policies`^Optional

Type: typing.List[str]

Generated Token's Policies.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#token_policies JwtAuthBackendRole#token_policies}

`token_ttl`^Optional

Type: typing.Union[int, float]

The initial ttl of the token to generate in seconds.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#token_ttl JwtAuthBackendRole#token_ttl}

`token_type`^Optional

Type: str

The type of token to generate, service or batch.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#token_type JwtAuthBackendRole#token_type}

`user_claim_json_pointer`^Optional

Type: typing.Union[bool, cdktf.IResolvable]

Specifies if the user_claim value uses JSON pointer syntax for referencing claims.

By default, the user_claim value will not use JSON pointer.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#user_claim_json_pointer JwtAuthBackendRole#user_claim_json_pointer}

`verbose_oidc_logging`^Optional

Type: typing.Union[bool, cdktf.IResolvable]

Log received OIDC tokens and claims when debug-level logging is active.

Not recommended in production since sensitive information may be present in OIDC responses.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#verbose_oidc_logging JwtAuthBackendRole#verbose_oidc_logging}

Methods

Name	Description
`to_string`	Returns a string representation of this construct.
`add_override`	No description.
`override_logical_id`	Overrides the auto-generated logical ID with a specific ID.
`reset_override_logical_id`	Resets a previously passed logical Id to use the auto-generated logical id again.
`to_hcl_terraform`	No description.
`to_metadata`	No description.
`to_terraform`	Adds this resource to the terraform JSON output.
`add_move_target`	Adds a user defined moveTarget string to this resource to be later used in .moveTo(moveTarget) to resolve the location of the move.
`get_any_map_attribute`	No description.
`get_boolean_attribute`	No description.
`get_boolean_map_attribute`	No description.
`get_list_attribute`	No description.
`get_number_attribute`	No description.
`get_number_list_attribute`	No description.
`get_number_map_attribute`	No description.
`get_string_attribute`	No description.
`get_string_map_attribute`	No description.
`has_resource_move`	No description.
`import_from`	No description.
`interpolation_for_attribute`	No description.
`move_from_id`	Move the resource corresponding to "id" to this resource.
`move_to`	Moves this resource to the target resource given by moveTarget.
`move_to_id`	Moves this resource to the resource corresponding to "id".
`reset_allowed_redirect_uris`	No description.
`reset_backend`	No description.
`reset_bound_audiences`	No description.
`reset_bound_claims`	No description.
`reset_bound_claims_type`	No description.
`reset_bound_subject`	No description.
`reset_claim_mappings`	No description.
`reset_clock_skew_leeway`	No description.
`reset_disable_bound_claims_parsing`	No description.
`reset_expiration_leeway`	No description.
`reset_groups_claim`	No description.
`reset_id`	No description.
`reset_max_age`	No description.
`reset_namespace`	No description.
`reset_not_before_leeway`	No description.
`reset_oidc_scopes`	No description.
`reset_role_type`	No description.
`reset_token_bound_cidrs`	No description.
`reset_token_explicit_max_ttl`	No description.
`reset_token_max_ttl`	No description.
`reset_token_no_default_policy`	No description.
`reset_token_num_uses`	No description.
`reset_token_period`	No description.
`reset_token_policies`	No description.
`reset_token_ttl`	No description.
`reset_token_type`	No description.
`reset_user_claim_json_pointer`	No description.
`reset_verbose_oidc_logging`	No description.

`to_string`

def to_string() -> str

Returns a string representation of this construct.

`add_override`

def add_override(
  path: str,
  value: typing.Any
) -> None

`path`^Required

Type: str

`value`^Required

Type: typing.Any

`override_logical_id`

def override_logical_id(
  new_logical_id: str
) -> None

Overrides the auto-generated logical ID with a specific ID.

`new_logical_id`^Required

Type: str

The new logical ID to use for this stack element.

`reset_override_logical_id`

def reset_override_logical_id() -> None

Resets a previously passed logical Id to use the auto-generated logical id again.

`to_hcl_terraform`

def to_hcl_terraform() -> typing.Any

`to_metadata`

def to_metadata() -> typing.Any

`to_terraform`

def to_terraform() -> typing.Any

Adds this resource to the terraform JSON output.

`add_move_target`

def add_move_target(
  move_target: str
) -> None

Adds a user defined moveTarget string to this resource to be later used in .moveTo(moveTarget) to resolve the location of the move.

`move_target`^Required

Type: str

The string move target that will correspond to this resource.

`get_any_map_attribute`

def get_any_map_attribute(
  terraform_attribute: str
) -> typing.Mapping[typing.Any]

`terraform_attribute`^Required

Type: str

`get_boolean_attribute`

def get_boolean_attribute(
  terraform_attribute: str
) -> IResolvable

`terraform_attribute`^Required

Type: str

`get_boolean_map_attribute`

def get_boolean_map_attribute(
  terraform_attribute: str
) -> typing.Mapping[bool]

`terraform_attribute`^Required

Type: str

`get_list_attribute`

def get_list_attribute(
  terraform_attribute: str
) -> typing.List[str]

`terraform_attribute`^Required

Type: str

`get_number_attribute`

def get_number_attribute(
  terraform_attribute: str
) -> typing.Union[int, float]

`terraform_attribute`^Required

Type: str

`get_number_list_attribute`

def get_number_list_attribute(
  terraform_attribute: str
) -> typing.List[typing.Union[int, float]]

`terraform_attribute`^Required

Type: str

`get_number_map_attribute`

def get_number_map_attribute(
  terraform_attribute: str
) -> typing.Mapping[typing.Union[int, float]]

`terraform_attribute`^Required

Type: str

`get_string_attribute`

def get_string_attribute(
  terraform_attribute: str
) -> str

`terraform_attribute`^Required

Type: str

`get_string_map_attribute`

def get_string_map_attribute(
  terraform_attribute: str
) -> typing.Mapping[str]

`terraform_attribute`^Required

Type: str

`has_resource_move`

def has_resource_move() -> typing.Union[TerraformResourceMoveByTarget, TerraformResourceMoveById]

`import_from`

def import_from(
  id: str,
  provider: TerraformProvider = None
) -> None

`id`^Required

Type: str

`provider`^Optional

Type: cdktf.TerraformProvider

`interpolation_for_attribute`

def interpolation_for_attribute(
  terraform_attribute: str
) -> IResolvable

`terraform_attribute`^Required

Type: str

`move_from_id`

def move_from_id(
  id: str
) -> None

Move the resource corresponding to "id" to this resource.

Note that the resource being moved from must be marked as moved using it's instance function.

`id`^Required

Type: str

Full id of resource being moved from, e.g. "aws_s3_bucket.example".

`move_to`

def move_to(
  move_target: str,
  index: typing.Union[str, typing.Union[int, float]] = None
) -> None

Moves this resource to the target resource given by moveTarget.

`move_target`^Required

Type: str

The previously set user defined string set by .addMoveTarget() corresponding to the resource to move to.

`index`^Optional

Type: typing.Union[str, typing.Union[int, float]]

Optional The index corresponding to the key the resource is to appear in the foreach of a resource to move to.

`move_to_id`

def move_to_id(
  id: str
) -> None

Moves this resource to the resource corresponding to "id".

`id`^Required

Type: str

Full id of resource to move to, e.g. "aws_s3_bucket.example".

`reset_allowed_redirect_uris`

def reset_allowed_redirect_uris() -> None

`reset_backend`

def reset_backend() -> None

`reset_bound_audiences`

def reset_bound_audiences() -> None

`reset_bound_claims`

def reset_bound_claims() -> None

`reset_bound_claims_type`

def reset_bound_claims_type() -> None

`reset_bound_subject`

def reset_bound_subject() -> None

`reset_claim_mappings`

def reset_claim_mappings() -> None

`reset_clock_skew_leeway`

def reset_clock_skew_leeway() -> None

`reset_disable_bound_claims_parsing`

def reset_disable_bound_claims_parsing() -> None

`reset_expiration_leeway`

def reset_expiration_leeway() -> None

`reset_groups_claim`

def reset_groups_claim() -> None

`reset_id`

def reset_id() -> None

`reset_max_age`

def reset_max_age() -> None

`reset_namespace`

def reset_namespace() -> None

`reset_not_before_leeway`

def reset_not_before_leeway() -> None

`reset_oidc_scopes`

def reset_oidc_scopes() -> None

`reset_role_type`

def reset_role_type() -> None

`reset_token_bound_cidrs`

def reset_token_bound_cidrs() -> None

`reset_token_explicit_max_ttl`

def reset_token_explicit_max_ttl() -> None

`reset_token_max_ttl`

def reset_token_max_ttl() -> None

`reset_token_no_default_policy`

def reset_token_no_default_policy() -> None

`reset_token_num_uses`

def reset_token_num_uses() -> None

`reset_token_period`

def reset_token_period() -> None

`reset_token_policies`

def reset_token_policies() -> None

`reset_token_ttl`

def reset_token_ttl() -> None

`reset_token_type`

def reset_token_type() -> None

`reset_user_claim_json_pointer`

def reset_user_claim_json_pointer() -> None

`reset_verbose_oidc_logging`

def reset_verbose_oidc_logging() -> None

Static Functions

Name	Description
`is_construct`	Checks if `x` is a construct.
`is_terraform_element`	No description.
`is_terraform_resource`	No description.
`generate_config_for_import`	Generates CDKTF code for importing a JwtAuthBackendRole resource upon running "cdktf plan ".

`is_construct`

from cdktf_cdktf_provider_vault import jwt_auth_backend_role

jwtAuthBackendRole.JwtAuthBackendRole.is_construct(
  x: typing.Any
)

Checks if x is a construct.

Use this method instead of instanceof to properly detect Construct instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the constructs library on disk are seen as independent, completely different libraries. As a consequence, the class Construct in each copy of the constructs library is seen as a different class, and an instance of one class will not test as instanceof the other class. npm install will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the constructs library can be accidentally installed, and instanceof will behave unpredictably. It is safest to avoid using instanceof, and using this type-testing method instead.

`x`^Required

Type: typing.Any

Any object.

`is_terraform_element`

from cdktf_cdktf_provider_vault import jwt_auth_backend_role

jwtAuthBackendRole.JwtAuthBackendRole.is_terraform_element(
  x: typing.Any
)

`x`^Required

Type: typing.Any

`is_terraform_resource`

from cdktf_cdktf_provider_vault import jwt_auth_backend_role

jwtAuthBackendRole.JwtAuthBackendRole.is_terraform_resource(
  x: typing.Any
)

`x`^Required

Type: typing.Any

`generate_config_for_import`

from cdktf_cdktf_provider_vault import jwt_auth_backend_role

jwtAuthBackendRole.JwtAuthBackendRole.generate_config_for_import(
  scope: Construct,
  import_to_id: str,
  import_from_id: str,
  provider: TerraformProvider = None
)

Generates CDKTF code for importing a JwtAuthBackendRole resource upon running "cdktf plan ".

`scope`^Required

Type: constructs.Construct

The scope in which to define this construct.

`import_to_id`^Required

Type: str

The construct id used in the generated config for the JwtAuthBackendRole to import.

`import_from_id`^Required

Type: str

The id of the existing JwtAuthBackendRole that should be imported.

Refer to the {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#import import section} in the documentation of this resource for the id to use

`provider`^Optional

Type: cdktf.TerraformProvider

? Optional instance of the provider where the JwtAuthBackendRole to import is found.

Properties

Name	Type	Description
`node`	`constructs.Node`	The tree node.
`cdktf_stack`	`cdktf.TerraformStack`	No description.
`fqn`	`str`	No description.
`friendly_unique_id`	`str`	No description.
`terraform_meta_arguments`	`typing.Mapping[typing.Any]`	No description.
`terraform_resource_type`	`str`	No description.
`terraform_generator_metadata`	`cdktf.TerraformProviderGeneratorMetadata`	No description.
`connection`	`typing.Union[cdktf.SSHProvisionerConnection, cdktf.WinrmProvisionerConnection]`	No description.
`count`	`typing.Union[typing.Union[int, float], cdktf.TerraformCount]`	No description.
`depends_on`	`typing.List[str]`	No description.
`for_each`	`cdktf.ITerraformIterator`	No description.
`lifecycle`	`cdktf.TerraformResourceLifecycle`	No description.
`provider`	`cdktf.TerraformProvider`	No description.
`provisioners`	`typing.List[typing.Union[cdktf.FileProvisioner, cdktf.LocalExecProvisioner, cdktf.RemoteExecProvisioner]]`	No description.
`allowed_redirect_uris_input`	`typing.List[str]`	No description.
`backend_input`	`str`	No description.
`bound_audiences_input`	`typing.List[str]`	No description.
`bound_claims_input`	`typing.Mapping[str]`	No description.
`bound_claims_type_input`	`str`	No description.
`bound_subject_input`	`str`	No description.
`claim_mappings_input`	`typing.Mapping[str]`	No description.
`clock_skew_leeway_input`	`typing.Union[int, float]`	No description.
`disable_bound_claims_parsing_input`	`typing.Union[bool, cdktf.IResolvable]`	No description.
`expiration_leeway_input`	`typing.Union[int, float]`	No description.
`groups_claim_input`	`str`	No description.
`id_input`	`str`	No description.
`max_age_input`	`typing.Union[int, float]`	No description.
`namespace_input`	`str`	No description.
`not_before_leeway_input`	`typing.Union[int, float]`	No description.
`oidc_scopes_input`	`typing.List[str]`	No description.
`role_name_input`	`str`	No description.
`role_type_input`	`str`	No description.
`token_bound_cidrs_input`	`typing.List[str]`	No description.
`token_explicit_max_ttl_input`	`typing.Union[int, float]`	No description.
`token_max_ttl_input`	`typing.Union[int, float]`	No description.
`token_no_default_policy_input`	`typing.Union[bool, cdktf.IResolvable]`	No description.
`token_num_uses_input`	`typing.Union[int, float]`	No description.
`token_period_input`	`typing.Union[int, float]`	No description.
`token_policies_input`	`typing.List[str]`	No description.
`token_ttl_input`	`typing.Union[int, float]`	No description.
`token_type_input`	`str`	No description.
`user_claim_input`	`str`	No description.
`user_claim_json_pointer_input`	`typing.Union[bool, cdktf.IResolvable]`	No description.
`verbose_oidc_logging_input`	`typing.Union[bool, cdktf.IResolvable]`	No description.
`allowed_redirect_uris`	`typing.List[str]`	No description.
`backend`	`str`	No description.
`bound_audiences`	`typing.List[str]`	No description.
`bound_claims`	`typing.Mapping[str]`	No description.
`bound_claims_type`	`str`	No description.
`bound_subject`	`str`	No description.
`claim_mappings`	`typing.Mapping[str]`	No description.
`clock_skew_leeway`	`typing.Union[int, float]`	No description.
`disable_bound_claims_parsing`	`typing.Union[bool, cdktf.IResolvable]`	No description.
`expiration_leeway`	`typing.Union[int, float]`	No description.
`groups_claim`	`str`	No description.
`id`	`str`	No description.
`max_age`	`typing.Union[int, float]`	No description.
`namespace`	`str`	No description.
`not_before_leeway`	`typing.Union[int, float]`	No description.
`oidc_scopes`	`typing.List[str]`	No description.
`role_name`	`str`	No description.
`role_type`	`str`	No description.
`token_bound_cidrs`	`typing.List[str]`	No description.
`token_explicit_max_ttl`	`typing.Union[int, float]`	No description.
`token_max_ttl`	`typing.Union[int, float]`	No description.
`token_no_default_policy`	`typing.Union[bool, cdktf.IResolvable]`	No description.
`token_num_uses`	`typing.Union[int, float]`	No description.
`token_period`	`typing.Union[int, float]`	No description.
`token_policies`	`typing.List[str]`	No description.
`token_ttl`	`typing.Union[int, float]`	No description.
`token_type`	`str`	No description.
`user_claim`	`str`	No description.
`user_claim_json_pointer`	`typing.Union[bool, cdktf.IResolvable]`	No description.
`verbose_oidc_logging`	`typing.Union[bool, cdktf.IResolvable]`	No description.

`node`^Required

node: Node

Type: constructs.Node

The tree node.

`cdktf_stack`^Required

cdktf_stack: TerraformStack

Type: cdktf.TerraformStack

`fqn`^Required

fqn: str

Type: str

`friendly_unique_id`^Required

friendly_unique_id: str

Type: str

`terraform_meta_arguments`^Required

terraform_meta_arguments: typing.Mapping[typing.Any]

Type: typing.Mapping[typing.Any]

`terraform_resource_type`^Required

terraform_resource_type: str

Type: str

`terraform_generator_metadata`^Optional

terraform_generator_metadata: TerraformProviderGeneratorMetadata

Type: cdktf.TerraformProviderGeneratorMetadata

`connection`^Optional

connection: typing.Union[SSHProvisionerConnection, WinrmProvisionerConnection]

Type: typing.Union[cdktf.SSHProvisionerConnection, cdktf.WinrmProvisionerConnection]

`count`^Optional

count: typing.Union[typing.Union[int, float], TerraformCount]

Type: typing.Union[typing.Union[int, float], cdktf.TerraformCount]

`depends_on`^Optional

depends_on: typing.List[str]

Type: typing.List[str]

`for_each`^Optional

for_each: ITerraformIterator

Type: cdktf.ITerraformIterator

`lifecycle`^Optional

lifecycle: TerraformResourceLifecycle

Type: cdktf.TerraformResourceLifecycle

`provider`^Optional

provider: TerraformProvider

Type: cdktf.TerraformProvider

`provisioners`^Optional

provisioners: typing.List[typing.Union[FileProvisioner, LocalExecProvisioner, RemoteExecProvisioner]]

Type: typing.List[typing.Union[cdktf.FileProvisioner, cdktf.LocalExecProvisioner, cdktf.RemoteExecProvisioner]]

`allowed_redirect_uris_input`^Optional

allowed_redirect_uris_input: typing.List[str]

Type: typing.List[str]

`backend_input`^Optional

backend_input: str

Type: str

`bound_audiences_input`^Optional

bound_audiences_input: typing.List[str]

Type: typing.List[str]

`bound_claims_input`^Optional

bound_claims_input: typing.Mapping[str]

Type: typing.Mapping[str]

`bound_claims_type_input`^Optional

bound_claims_type_input: str

Type: str

`bound_subject_input`^Optional

bound_subject_input: str

Type: str

`claim_mappings_input`^Optional

claim_mappings_input: typing.Mapping[str]

Type: typing.Mapping[str]

`clock_skew_leeway_input`^Optional

clock_skew_leeway_input: typing.Union[int, float]

Type: typing.Union[int, float]

`disable_bound_claims_parsing_input`^Optional

disable_bound_claims_parsing_input: typing.Union[bool, IResolvable]

Type: typing.Union[bool, cdktf.IResolvable]

`expiration_leeway_input`^Optional

expiration_leeway_input: typing.Union[int, float]

Type: typing.Union[int, float]

`groups_claim_input`^Optional

groups_claim_input: str

Type: str

`id_input`^Optional

id_input: str

Type: str

`max_age_input`^Optional

max_age_input: typing.Union[int, float]

Type: typing.Union[int, float]

`namespace_input`^Optional

namespace_input: str

Type: str

`not_before_leeway_input`^Optional

not_before_leeway_input: typing.Union[int, float]

Type: typing.Union[int, float]

`oidc_scopes_input`^Optional

oidc_scopes_input: typing.List[str]

Type: typing.List[str]

`role_name_input`^Optional

role_name_input: str

Type: str

`role_type_input`^Optional

role_type_input: str

Type: str

`token_bound_cidrs_input`^Optional

token_bound_cidrs_input: typing.List[str]

Type: typing.List[str]

`token_explicit_max_ttl_input`^Optional

token_explicit_max_ttl_input: typing.Union[int, float]

Type: typing.Union[int, float]

`token_max_ttl_input`^Optional

token_max_ttl_input: typing.Union[int, float]

Type: typing.Union[int, float]

`token_no_default_policy_input`^Optional

token_no_default_policy_input: typing.Union[bool, IResolvable]

Type: typing.Union[bool, cdktf.IResolvable]

`token_num_uses_input`^Optional

token_num_uses_input: typing.Union[int, float]

Type: typing.Union[int, float]

`token_period_input`^Optional

token_period_input: typing.Union[int, float]

Type: typing.Union[int, float]

`token_policies_input`^Optional

token_policies_input: typing.List[str]

Type: typing.List[str]

`token_ttl_input`^Optional

token_ttl_input: typing.Union[int, float]

Type: typing.Union[int, float]

`token_type_input`^Optional

token_type_input: str

Type: str

`user_claim_input`^Optional

user_claim_input: str

Type: str

`user_claim_json_pointer_input`^Optional

user_claim_json_pointer_input: typing.Union[bool, IResolvable]

Type: typing.Union[bool, cdktf.IResolvable]

`verbose_oidc_logging_input`^Optional

verbose_oidc_logging_input: typing.Union[bool, IResolvable]

Type: typing.Union[bool, cdktf.IResolvable]

`allowed_redirect_uris`^Required

allowed_redirect_uris: typing.List[str]

Type: typing.List[str]

`backend`^Required

backend: str

Type: str

`bound_audiences`^Required

bound_audiences: typing.List[str]

Type: typing.List[str]

`bound_claims`^Required

bound_claims: typing.Mapping[str]

Type: typing.Mapping[str]

`bound_claims_type`^Required

bound_claims_type: str

Type: str

`bound_subject`^Required

bound_subject: str

Type: str

`claim_mappings`^Required

claim_mappings: typing.Mapping[str]

Type: typing.Mapping[str]

`clock_skew_leeway`^Required

clock_skew_leeway: typing.Union[int, float]

Type: typing.Union[int, float]

`disable_bound_claims_parsing`^Required

disable_bound_claims_parsing: typing.Union[bool, IResolvable]

Type: typing.Union[bool, cdktf.IResolvable]

`expiration_leeway`^Required

expiration_leeway: typing.Union[int, float]

Type: typing.Union[int, float]

`groups_claim`^Required

groups_claim: str

Type: str

`id`^Required

id: str

Type: str

`max_age`^Required

max_age: typing.Union[int, float]

Type: typing.Union[int, float]

`namespace`^Required

namespace: str

Type: str

`not_before_leeway`^Required

not_before_leeway: typing.Union[int, float]

Type: typing.Union[int, float]

`oidc_scopes`^Required

oidc_scopes: typing.List[str]

Type: typing.List[str]

`role_name`^Required

role_name: str

Type: str

`role_type`^Required

role_type: str

Type: str

`token_bound_cidrs`^Required

token_bound_cidrs: typing.List[str]

Type: typing.List[str]

`token_explicit_max_ttl`^Required

token_explicit_max_ttl: typing.Union[int, float]

Type: typing.Union[int, float]

`token_max_ttl`^Required

token_max_ttl: typing.Union[int, float]

Type: typing.Union[int, float]

`token_no_default_policy`^Required

token_no_default_policy: typing.Union[bool, IResolvable]

Type: typing.Union[bool, cdktf.IResolvable]

`token_num_uses`^Required

token_num_uses: typing.Union[int, float]

Type: typing.Union[int, float]

`token_period`^Required

token_period: typing.Union[int, float]

Type: typing.Union[int, float]

`token_policies`^Required

token_policies: typing.List[str]

Type: typing.List[str]

`token_ttl`^Required

token_ttl: typing.Union[int, float]

Type: typing.Union[int, float]

`token_type`^Required

token_type: str

Type: str

`user_claim`^Required

user_claim: str

Type: str

`user_claim_json_pointer`^Required

user_claim_json_pointer: typing.Union[bool, IResolvable]

Type: typing.Union[bool, cdktf.IResolvable]

`verbose_oidc_logging`^Required

verbose_oidc_logging: typing.Union[bool, IResolvable]

Type: typing.Union[bool, cdktf.IResolvable]

Constants

Name	Type	Description
`tfResourceType`	`str`	No description.

`tfResourceType`^Required

tfResourceType: str

Type: str

Structs

JwtAuthBackendRoleConfig

Initializer

from cdktf_cdktf_provider_vault import jwt_auth_backend_role

jwtAuthBackendRole.JwtAuthBackendRoleConfig(
  connection: typing.Union[SSHProvisionerConnection, WinrmProvisionerConnection] = None,
  count: typing.Union[typing.Union[int, float], TerraformCount] = None,
  depends_on: typing.List[ITerraformDependable] = None,
  for_each: ITerraformIterator = None,
  lifecycle: TerraformResourceLifecycle = None,
  provider: TerraformProvider = None,
  provisioners: typing.List[typing.Union[FileProvisioner, LocalExecProvisioner, RemoteExecProvisioner]] = None,
  role_name: str,
  user_claim: str,
  allowed_redirect_uris: typing.List[str] = None,
  backend: str = None,
  bound_audiences: typing.List[str] = None,
  bound_claims: typing.Mapping[str] = None,
  bound_claims_type: str = None,
  bound_subject: str = None,
  claim_mappings: typing.Mapping[str] = None,
  clock_skew_leeway: typing.Union[int, float] = None,
  disable_bound_claims_parsing: typing.Union[bool, IResolvable] = None,
  expiration_leeway: typing.Union[int, float] = None,
  groups_claim: str = None,
  id: str = None,
  max_age: typing.Union[int, float] = None,
  namespace: str = None,
  not_before_leeway: typing.Union[int, float] = None,
  oidc_scopes: typing.List[str] = None,
  role_type: str = None,
  token_bound_cidrs: typing.List[str] = None,
  token_explicit_max_ttl: typing.Union[int, float] = None,
  token_max_ttl: typing.Union[int, float] = None,
  token_no_default_policy: typing.Union[bool, IResolvable] = None,
  token_num_uses: typing.Union[int, float] = None,
  token_period: typing.Union[int, float] = None,
  token_policies: typing.List[str] = None,
  token_ttl: typing.Union[int, float] = None,
  token_type: str = None,
  user_claim_json_pointer: typing.Union[bool, IResolvable] = None,
  verbose_oidc_logging: typing.Union[bool, IResolvable] = None
)

Properties

Name	Type	Description
`connection`	`typing.Union[cdktf.SSHProvisionerConnection, cdktf.WinrmProvisionerConnection]`	No description.
`count`	`typing.Union[typing.Union[int, float], cdktf.TerraformCount]`	No description.
`depends_on`	`typing.List[cdktf.ITerraformDependable]`	No description.
`for_each`	`cdktf.ITerraformIterator`	No description.
`lifecycle`	`cdktf.TerraformResourceLifecycle`	No description.
`provider`	`cdktf.TerraformProvider`	No description.
`provisioners`	`typing.List[typing.Union[cdktf.FileProvisioner, cdktf.LocalExecProvisioner, cdktf.RemoteExecProvisioner]]`	No description.
`role_name`	`str`	Name of the role.
`user_claim`	`str`	The claim to use to uniquely identify the user;
`allowed_redirect_uris`	`typing.List[str]`	The list of allowed values for redirect_uri during OIDC logins.
`backend`	`str`	Unique name of the auth backend to configure.
`bound_audiences`	`typing.List[str]`	List of aud claims to match against. Any match is sufficient.
`bound_claims`	`typing.Mapping[str]`	Map of claims/values to match against. The expected value may be a single string or a comma-separated string list.
`bound_claims_type`	`str`	How to interpret values in the claims/values map: can be either "string" (exact match) or "glob" (wildcard match).
`bound_subject`	`str`	If set, requires that the sub claim matches this value.
`claim_mappings`	`typing.Mapping[str]`	Map of claims (keys) to be copied to specified metadata fields (values).
`clock_skew_leeway`	`typing.Union[int, float]`	The amount of leeway to add to all claims to account for clock skew, in seconds.
`disable_bound_claims_parsing`	`typing.Union[bool, cdktf.IResolvable]`	Disable bound claim value parsing. Useful when values contain commas.
`expiration_leeway`	`typing.Union[int, float]`	The amount of leeway to add to expiration (exp) claims to account for clock skew, in seconds.
`groups_claim`	`str`	The claim to use to uniquely identify the set of groups to which the user belongs;
`id`	`str`	Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#id JwtAuthBackendRole#id}.
`max_age`	`typing.Union[int, float]`	Specifies the allowable elapsed time in seconds since the last time the user was actively authenticated.
`namespace`	`str`	Target namespace. (requires Enterprise).
`not_before_leeway`	`typing.Union[int, float]`	The amount of leeway to add to not before (nbf) claims to account for clock skew, in seconds.
`oidc_scopes`	`typing.List[str]`	List of OIDC scopes to be used with an OIDC role.
`role_type`	`str`	Type of role, either "oidc" (default) or "jwt".
`token_bound_cidrs`	`typing.List[str]`	Specifies the blocks of IP addresses which are allowed to use the generated token.
`token_explicit_max_ttl`	`typing.Union[int, float]`	Generated Token's Explicit Maximum TTL in seconds.
`token_max_ttl`	`typing.Union[int, float]`	The maximum lifetime of the generated token.
`token_no_default_policy`	`typing.Union[bool, cdktf.IResolvable]`	If true, the 'default' policy will not automatically be added to generated tokens.
`token_num_uses`	`typing.Union[int, float]`	The maximum number of times a token may be used, a value of zero means unlimited.
`token_period`	`typing.Union[int, float]`	Generated Token's Period.
`token_policies`	`typing.List[str]`	Generated Token's Policies.
`token_ttl`	`typing.Union[int, float]`	The initial ttl of the token to generate in seconds.
`token_type`	`str`	The type of token to generate, service or batch.
`user_claim_json_pointer`	`typing.Union[bool, cdktf.IResolvable]`	Specifies if the user_claim value uses JSON pointer syntax for referencing claims.
`verbose_oidc_logging`	`typing.Union[bool, cdktf.IResolvable]`	Log received OIDC tokens and claims when debug-level logging is active.

`connection`^Optional

connection: typing.Union[SSHProvisionerConnection, WinrmProvisionerConnection]

Type: typing.Union[cdktf.SSHProvisionerConnection, cdktf.WinrmProvisionerConnection]

`count`^Optional

count: typing.Union[typing.Union[int, float], TerraformCount]

Type: typing.Union[typing.Union[int, float], cdktf.TerraformCount]

`depends_on`^Optional

depends_on: typing.List[ITerraformDependable]

Type: typing.List[cdktf.ITerraformDependable]

`for_each`^Optional

for_each: ITerraformIterator

Type: cdktf.ITerraformIterator

`lifecycle`^Optional

lifecycle: TerraformResourceLifecycle

Type: cdktf.TerraformResourceLifecycle

`provider`^Optional

provider: TerraformProvider

Type: cdktf.TerraformProvider

`provisioners`^Optional

provisioners: typing.List[typing.Union[FileProvisioner, LocalExecProvisioner, RemoteExecProvisioner]]

Type: typing.List[typing.Union[cdktf.FileProvisioner, cdktf.LocalExecProvisioner, cdktf.RemoteExecProvisioner]]

`role_name`^Required

role_name: str

Type: str

Name of the role.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#role_name JwtAuthBackendRole#role_name}

`user_claim`^Required

user_claim: str

Type: str

The claim to use to uniquely identify the user;

this will be used as the name for the Identity entity alias created due to a successful login.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#user_claim JwtAuthBackendRole#user_claim}

`allowed_redirect_uris`^Optional

allowed_redirect_uris: typing.List[str]

Type: typing.List[str]

The list of allowed values for redirect_uri during OIDC logins.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#allowed_redirect_uris JwtAuthBackendRole#allowed_redirect_uris}

`backend`^Optional

backend: str

Type: str

Unique name of the auth backend to configure.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#backend JwtAuthBackendRole#backend}

`bound_audiences`^Optional

bound_audiences: typing.List[str]

Type: typing.List[str]

List of aud claims to match against. Any match is sufficient.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#bound_audiences JwtAuthBackendRole#bound_audiences}

`bound_claims`^Optional

bound_claims: typing.Mapping[str]

Type: typing.Mapping[str]

Map of claims/values to match against. The expected value may be a single string or a comma-separated string list.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#bound_claims JwtAuthBackendRole#bound_claims}

`bound_claims_type`^Optional

bound_claims_type: str

Type: str

How to interpret values in the claims/values map: can be either "string" (exact match) or "glob" (wildcard match).

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#bound_claims_type JwtAuthBackendRole#bound_claims_type}

`bound_subject`^Optional

bound_subject: str

Type: str

If set, requires that the sub claim matches this value.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#bound_subject JwtAuthBackendRole#bound_subject}

`claim_mappings`^Optional

claim_mappings: typing.Mapping[str]

Type: typing.Mapping[str]

Map of claims (keys) to be copied to specified metadata fields (values).

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#claim_mappings JwtAuthBackendRole#claim_mappings}

`clock_skew_leeway`^Optional

clock_skew_leeway: typing.Union[int, float]

Type: typing.Union[int, float]

The amount of leeway to add to all claims to account for clock skew, in seconds.

Defaults to 60 seconds if set to 0 and can be disabled if set to -1. Only applicable with 'jwt' roles.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#clock_skew_leeway JwtAuthBackendRole#clock_skew_leeway}

`disable_bound_claims_parsing`^Optional

disable_bound_claims_parsing: typing.Union[bool, IResolvable]

Type: typing.Union[bool, cdktf.IResolvable]

Disable bound claim value parsing. Useful when values contain commas.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#disable_bound_claims_parsing JwtAuthBackendRole#disable_bound_claims_parsing}

`expiration_leeway`^Optional

expiration_leeway: typing.Union[int, float]

Type: typing.Union[int, float]

The amount of leeway to add to expiration (exp) claims to account for clock skew, in seconds.

Defaults to 60 seconds if set to 0 and can be disabled if set to -1. Only applicable with 'jwt' roles.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#expiration_leeway JwtAuthBackendRole#expiration_leeway}

`groups_claim`^Optional

groups_claim: str

Type: str

The claim to use to uniquely identify the set of groups to which the user belongs;

this will be used as the names for the Identity group aliases created due to a successful login. The claim value must be a list of strings.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#groups_claim JwtAuthBackendRole#groups_claim}

`id`^Optional

id: str

Type: str

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#id JwtAuthBackendRole#id}.

Please be aware that the id field is automatically added to all resources in Terraform providers using a Terraform provider SDK version below 2. If you experience problems setting this value it might not be settable. Please take a look at the provider documentation to ensure it should be settable.

`max_age`^Optional

max_age: typing.Union[int, float]

Type: typing.Union[int, float]

Specifies the allowable elapsed time in seconds since the last time the user was actively authenticated.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#max_age JwtAuthBackendRole#max_age}

`namespace`^Optional

namespace: str

Type: str

Target namespace. (requires Enterprise).

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#namespace JwtAuthBackendRole#namespace}

`not_before_leeway`^Optional

not_before_leeway: typing.Union[int, float]

Type: typing.Union[int, float]

The amount of leeway to add to not before (nbf) claims to account for clock skew, in seconds.

Defaults to 150 seconds if set to 0 and can be disabled if set to -1. Only applicable with 'jwt' roles.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#not_before_leeway JwtAuthBackendRole#not_before_leeway}

`oidc_scopes`^Optional

oidc_scopes: typing.List[str]

Type: typing.List[str]

List of OIDC scopes to be used with an OIDC role.

The standard scope "openid" is automatically included and need not be specified.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#oidc_scopes JwtAuthBackendRole#oidc_scopes}

`role_type`^Optional

role_type: str

Type: str

Type of role, either "oidc" (default) or "jwt".

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#role_type JwtAuthBackendRole#role_type}

`token_bound_cidrs`^Optional

token_bound_cidrs: typing.List[str]

Type: typing.List[str]

Specifies the blocks of IP addresses which are allowed to use the generated token.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#token_bound_cidrs JwtAuthBackendRole#token_bound_cidrs}

`token_explicit_max_ttl`^Optional

token_explicit_max_ttl: typing.Union[int, float]

Type: typing.Union[int, float]

Generated Token's Explicit Maximum TTL in seconds.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#token_explicit_max_ttl JwtAuthBackendRole#token_explicit_max_ttl}

`token_max_ttl`^Optional

token_max_ttl: typing.Union[int, float]

Type: typing.Union[int, float]

The maximum lifetime of the generated token.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#token_max_ttl JwtAuthBackendRole#token_max_ttl}

`token_no_default_policy`^Optional

token_no_default_policy: typing.Union[bool, IResolvable]

Type: typing.Union[bool, cdktf.IResolvable]

If true, the 'default' policy will not automatically be added to generated tokens.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#token_no_default_policy JwtAuthBackendRole#token_no_default_policy}

`token_num_uses`^Optional

token_num_uses: typing.Union[int, float]

Type: typing.Union[int, float]

The maximum number of times a token may be used, a value of zero means unlimited.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#token_num_uses JwtAuthBackendRole#token_num_uses}

`token_period`^Optional

token_period: typing.Union[int, float]

Type: typing.Union[int, float]

Generated Token's Period.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#token_period JwtAuthBackendRole#token_period}

`token_policies`^Optional

token_policies: typing.List[str]

Type: typing.List[str]

Generated Token's Policies.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#token_policies JwtAuthBackendRole#token_policies}

`token_ttl`^Optional

token_ttl: typing.Union[int, float]

Type: typing.Union[int, float]

The initial ttl of the token to generate in seconds.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#token_ttl JwtAuthBackendRole#token_ttl}

`token_type`^Optional

token_type: str

Type: str

The type of token to generate, service or batch.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#token_type JwtAuthBackendRole#token_type}

`user_claim_json_pointer`^Optional

user_claim_json_pointer: typing.Union[bool, IResolvable]

Type: typing.Union[bool, cdktf.IResolvable]

Specifies if the user_claim value uses JSON pointer syntax for referencing claims.

By default, the user_claim value will not use JSON pointer.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#user_claim_json_pointer JwtAuthBackendRole#user_claim_json_pointer}

`verbose_oidc_logging`^Optional

verbose_oidc_logging: typing.Union[bool, IResolvable]

Type: typing.Union[bool, cdktf.IResolvable]

Log received OIDC tokens and claims when debug-level logging is active.

Not recommended in production since sensitive information may be present in OIDC responses.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#verbose_oidc_logging JwtAuthBackendRole#verbose_oidc_logging}

Files

jwtAuthBackendRole.python.md

Latest commit

History

jwtAuthBackendRole.python.md

File metadata and controls

jwtAuthBackendRole Submodule

Constructs