Represents a {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role vault_jwt_auth_backend_role}.
from cdktf_cdktf_provider_vault import jwt_auth_backend_role
jwtAuthBackendRole.JwtAuthBackendRole(
scope: Construct,
id: str,
connection: typing.Union[SSHProvisionerConnection, WinrmProvisionerConnection] = None,
count: typing.Union[typing.Union[int, float], TerraformCount] = None,
depends_on: typing.List[ITerraformDependable] = None,
for_each: ITerraformIterator = None,
lifecycle: TerraformResourceLifecycle = None,
provider: TerraformProvider = None,
provisioners: typing.List[typing.Union[FileProvisioner, LocalExecProvisioner, RemoteExecProvisioner]] = None,
role_name: str,
user_claim: str,
allowed_redirect_uris: typing.List[str] = None,
backend: str = None,
bound_audiences: typing.List[str] = None,
bound_claims: typing.Mapping[str] = None,
bound_claims_type: str = None,
bound_subject: str = None,
claim_mappings: typing.Mapping[str] = None,
clock_skew_leeway: typing.Union[int, float] = None,
disable_bound_claims_parsing: typing.Union[bool, IResolvable] = None,
expiration_leeway: typing.Union[int, float] = None,
groups_claim: str = None,
id: str = None,
max_age: typing.Union[int, float] = None,
namespace: str = None,
not_before_leeway: typing.Union[int, float] = None,
oidc_scopes: typing.List[str] = None,
role_type: str = None,
token_bound_cidrs: typing.List[str] = None,
token_explicit_max_ttl: typing.Union[int, float] = None,
token_max_ttl: typing.Union[int, float] = None,
token_no_default_policy: typing.Union[bool, IResolvable] = None,
token_num_uses: typing.Union[int, float] = None,
token_period: typing.Union[int, float] = None,
token_policies: typing.List[str] = None,
token_ttl: typing.Union[int, float] = None,
token_type: str = None,
user_claim_json_pointer: typing.Union[bool, IResolvable] = None,
verbose_oidc_logging: typing.Union[bool, IResolvable] = None
)
Name | Type | Description |
---|---|---|
scope |
constructs.Construct |
The scope in which to define this construct. |
id |
str |
The scoped construct ID. |
connection |
typing.Union[cdktf.SSHProvisionerConnection, cdktf.WinrmProvisionerConnection] |
No description. |
count |
typing.Union[typing.Union[int, float], cdktf.TerraformCount] |
No description. |
depends_on |
typing.List[cdktf.ITerraformDependable] |
No description. |
for_each |
cdktf.ITerraformIterator |
No description. |
lifecycle |
cdktf.TerraformResourceLifecycle |
No description. |
provider |
cdktf.TerraformProvider |
No description. |
provisioners |
typing.List[typing.Union[cdktf.FileProvisioner, cdktf.LocalExecProvisioner, cdktf.RemoteExecProvisioner]] |
No description. |
role_name |
str |
Name of the role. |
user_claim |
str |
The claim to use to uniquely identify the user; |
allowed_redirect_uris |
typing.List[str] |
The list of allowed values for redirect_uri during OIDC logins. |
backend |
str |
Unique name of the auth backend to configure. |
bound_audiences |
typing.List[str] |
List of aud claims to match against. Any match is sufficient. |
bound_claims |
typing.Mapping[str] |
Map of claims/values to match against. The expected value may be a single string or a comma-separated string list. |
bound_claims_type |
str |
How to interpret values in the claims/values map: can be either "string" (exact match) or "glob" (wildcard match). |
bound_subject |
str |
If set, requires that the sub claim matches this value. |
claim_mappings |
typing.Mapping[str] |
Map of claims (keys) to be copied to specified metadata fields (values). |
clock_skew_leeway |
typing.Union[int, float] |
The amount of leeway to add to all claims to account for clock skew, in seconds. |
disable_bound_claims_parsing |
typing.Union[bool, cdktf.IResolvable] |
Disable bound claim value parsing. Useful when values contain commas. |
expiration_leeway |
typing.Union[int, float] |
The amount of leeway to add to expiration (exp) claims to account for clock skew, in seconds. |
groups_claim |
str |
The claim to use to uniquely identify the set of groups to which the user belongs; |
id |
str |
Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#id JwtAuthBackendRole#id}. |
max_age |
typing.Union[int, float] |
Specifies the allowable elapsed time in seconds since the last time the user was actively authenticated. |
namespace |
str |
Target namespace. (requires Enterprise). |
not_before_leeway |
typing.Union[int, float] |
The amount of leeway to add to not before (nbf) claims to account for clock skew, in seconds. |
oidc_scopes |
typing.List[str] |
List of OIDC scopes to be used with an OIDC role. |
role_type |
str |
Type of role, either "oidc" (default) or "jwt". |
token_bound_cidrs |
typing.List[str] |
Specifies the blocks of IP addresses which are allowed to use the generated token. |
token_explicit_max_ttl |
typing.Union[int, float] |
Generated Token's Explicit Maximum TTL in seconds. |
token_max_ttl |
typing.Union[int, float] |
The maximum lifetime of the generated token. |
token_no_default_policy |
typing.Union[bool, cdktf.IResolvable] |
If true, the 'default' policy will not automatically be added to generated tokens. |
token_num_uses |
typing.Union[int, float] |
The maximum number of times a token may be used, a value of zero means unlimited. |
token_period |
typing.Union[int, float] |
Generated Token's Period. |
token_policies |
typing.List[str] |
Generated Token's Policies. |
token_ttl |
typing.Union[int, float] |
The initial ttl of the token to generate in seconds. |
token_type |
str |
The type of token to generate, service or batch. |
user_claim_json_pointer |
typing.Union[bool, cdktf.IResolvable] |
Specifies if the user_claim value uses JSON pointer syntax for referencing claims. |
verbose_oidc_logging |
typing.Union[bool, cdktf.IResolvable] |
Log received OIDC tokens and claims when debug-level logging is active. |
- Type: constructs.Construct
The scope in which to define this construct.
- Type: str
The scoped construct ID.
Must be unique amongst siblings in the same scope
- Type: typing.Union[cdktf.SSHProvisionerConnection, cdktf.WinrmProvisionerConnection]
- Type: typing.Union[typing.Union[int, float], cdktf.TerraformCount]
- Type: typing.List[cdktf.ITerraformDependable]
- Type: cdktf.ITerraformIterator
- Type: cdktf.TerraformResourceLifecycle
- Type: cdktf.TerraformProvider
- Type: typing.List[typing.Union[cdktf.FileProvisioner, cdktf.LocalExecProvisioner, cdktf.RemoteExecProvisioner]]
- Type: str
Name of the role.
Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#role_name JwtAuthBackendRole#role_name}
- Type: str
The claim to use to uniquely identify the user;
this will be used as the name for the Identity entity alias created due to a successful login.
Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#user_claim JwtAuthBackendRole#user_claim}
- Type: typing.List[str]
The list of allowed values for redirect_uri during OIDC logins.
Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#allowed_redirect_uris JwtAuthBackendRole#allowed_redirect_uris}
- Type: str
Unique name of the auth backend to configure.
Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#backend JwtAuthBackendRole#backend}
- Type: typing.List[str]
List of aud claims to match against. Any match is sufficient.
Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#bound_audiences JwtAuthBackendRole#bound_audiences}
- Type: typing.Mapping[str]
Map of claims/values to match against. The expected value may be a single string or a comma-separated string list.
Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#bound_claims JwtAuthBackendRole#bound_claims}
- Type: str
How to interpret values in the claims/values map: can be either "string" (exact match) or "glob" (wildcard match).
Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#bound_claims_type JwtAuthBackendRole#bound_claims_type}
- Type: str
If set, requires that the sub claim matches this value.
Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#bound_subject JwtAuthBackendRole#bound_subject}
- Type: typing.Mapping[str]
Map of claims (keys) to be copied to specified metadata fields (values).
Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#claim_mappings JwtAuthBackendRole#claim_mappings}
- Type: typing.Union[int, float]
The amount of leeway to add to all claims to account for clock skew, in seconds.
Defaults to 60 seconds if set to 0 and can be disabled if set to -1. Only applicable with 'jwt' roles.
Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#clock_skew_leeway JwtAuthBackendRole#clock_skew_leeway}
- Type: typing.Union[bool, cdktf.IResolvable]
Disable bound claim value parsing. Useful when values contain commas.
Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#disable_bound_claims_parsing JwtAuthBackendRole#disable_bound_claims_parsing}
- Type: typing.Union[int, float]
The amount of leeway to add to expiration (exp) claims to account for clock skew, in seconds.
Defaults to 60 seconds if set to 0 and can be disabled if set to -1. Only applicable with 'jwt' roles.
Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#expiration_leeway JwtAuthBackendRole#expiration_leeway}
- Type: str
The claim to use to uniquely identify the set of groups to which the user belongs;
this will be used as the names for the Identity group aliases created due to a successful login. The claim value must be a list of strings.
Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#groups_claim JwtAuthBackendRole#groups_claim}
- Type: str
Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#id JwtAuthBackendRole#id}.
Please be aware that the id field is automatically added to all resources in Terraform providers using a Terraform provider SDK version below 2. If you experience problems setting this value it might not be settable. Please take a look at the provider documentation to ensure it should be settable.
- Type: typing.Union[int, float]
Specifies the allowable elapsed time in seconds since the last time the user was actively authenticated.
Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#max_age JwtAuthBackendRole#max_age}
- Type: str
Target namespace. (requires Enterprise).
Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#namespace JwtAuthBackendRole#namespace}
- Type: typing.Union[int, float]
The amount of leeway to add to not before (nbf) claims to account for clock skew, in seconds.
Defaults to 150 seconds if set to 0 and can be disabled if set to -1. Only applicable with 'jwt' roles.
Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#not_before_leeway JwtAuthBackendRole#not_before_leeway}
- Type: typing.List[str]
List of OIDC scopes to be used with an OIDC role.
The standard scope "openid" is automatically included and need not be specified.
Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#oidc_scopes JwtAuthBackendRole#oidc_scopes}
- Type: str
Type of role, either "oidc" (default) or "jwt".
Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#role_type JwtAuthBackendRole#role_type}
- Type: typing.List[str]
Specifies the blocks of IP addresses which are allowed to use the generated token.
Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#token_bound_cidrs JwtAuthBackendRole#token_bound_cidrs}
- Type: typing.Union[int, float]
Generated Token's Explicit Maximum TTL in seconds.
Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#token_explicit_max_ttl JwtAuthBackendRole#token_explicit_max_ttl}
- Type: typing.Union[int, float]
The maximum lifetime of the generated token.
Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#token_max_ttl JwtAuthBackendRole#token_max_ttl}
- Type: typing.Union[bool, cdktf.IResolvable]
If true, the 'default' policy will not automatically be added to generated tokens.
Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#token_no_default_policy JwtAuthBackendRole#token_no_default_policy}
- Type: typing.Union[int, float]
The maximum number of times a token may be used, a value of zero means unlimited.
Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#token_num_uses JwtAuthBackendRole#token_num_uses}
- Type: typing.Union[int, float]
Generated Token's Period.
Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#token_period JwtAuthBackendRole#token_period}
- Type: typing.List[str]
Generated Token's Policies.
Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#token_policies JwtAuthBackendRole#token_policies}
- Type: typing.Union[int, float]
The initial ttl of the token to generate in seconds.
Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#token_ttl JwtAuthBackendRole#token_ttl}
- Type: str
The type of token to generate, service or batch.
Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#token_type JwtAuthBackendRole#token_type}
- Type: typing.Union[bool, cdktf.IResolvable]
Specifies if the user_claim value uses JSON pointer syntax for referencing claims.
By default, the user_claim value will not use JSON pointer.
Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#user_claim_json_pointer JwtAuthBackendRole#user_claim_json_pointer}
- Type: typing.Union[bool, cdktf.IResolvable]
Log received OIDC tokens and claims when debug-level logging is active.
Not recommended in production since sensitive information may be present in OIDC responses.
Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#verbose_oidc_logging JwtAuthBackendRole#verbose_oidc_logging}
Name | Description |
---|---|
to_string |
Returns a string representation of this construct. |
add_override |
No description. |
override_logical_id |
Overrides the auto-generated logical ID with a specific ID. |
reset_override_logical_id |
Resets a previously passed logical Id to use the auto-generated logical id again. |
to_hcl_terraform |
No description. |
to_metadata |
No description. |
to_terraform |
Adds this resource to the terraform JSON output. |
add_move_target |
Adds a user defined moveTarget string to this resource to be later used in .moveTo(moveTarget) to resolve the location of the move. |
get_any_map_attribute |
No description. |
get_boolean_attribute |
No description. |
get_boolean_map_attribute |
No description. |
get_list_attribute |
No description. |
get_number_attribute |
No description. |
get_number_list_attribute |
No description. |
get_number_map_attribute |
No description. |
get_string_attribute |
No description. |
get_string_map_attribute |
No description. |
has_resource_move |
No description. |
import_from |
No description. |
interpolation_for_attribute |
No description. |
move_from_id |
Move the resource corresponding to "id" to this resource. |
move_to |
Moves this resource to the target resource given by moveTarget. |
move_to_id |
Moves this resource to the resource corresponding to "id". |
reset_allowed_redirect_uris |
No description. |
reset_backend |
No description. |
reset_bound_audiences |
No description. |
reset_bound_claims |
No description. |
reset_bound_claims_type |
No description. |
reset_bound_subject |
No description. |
reset_claim_mappings |
No description. |
reset_clock_skew_leeway |
No description. |
reset_disable_bound_claims_parsing |
No description. |
reset_expiration_leeway |
No description. |
reset_groups_claim |
No description. |
reset_id |
No description. |
reset_max_age |
No description. |
reset_namespace |
No description. |
reset_not_before_leeway |
No description. |
reset_oidc_scopes |
No description. |
reset_role_type |
No description. |
reset_token_bound_cidrs |
No description. |
reset_token_explicit_max_ttl |
No description. |
reset_token_max_ttl |
No description. |
reset_token_no_default_policy |
No description. |
reset_token_num_uses |
No description. |
reset_token_period |
No description. |
reset_token_policies |
No description. |
reset_token_ttl |
No description. |
reset_token_type |
No description. |
reset_user_claim_json_pointer |
No description. |
reset_verbose_oidc_logging |
No description. |
def to_string() -> str
Returns a string representation of this construct.
def add_override(
path: str,
value: typing.Any
) -> None
- Type: str
- Type: typing.Any
def override_logical_id(
new_logical_id: str
) -> None
Overrides the auto-generated logical ID with a specific ID.
- Type: str
The new logical ID to use for this stack element.
def reset_override_logical_id() -> None
Resets a previously passed logical Id to use the auto-generated logical id again.
def to_hcl_terraform() -> typing.Any
def to_metadata() -> typing.Any
def to_terraform() -> typing.Any
Adds this resource to the terraform JSON output.
def add_move_target(
move_target: str
) -> None
Adds a user defined moveTarget string to this resource to be later used in .moveTo(moveTarget) to resolve the location of the move.
- Type: str
The string move target that will correspond to this resource.
def get_any_map_attribute(
terraform_attribute: str
) -> typing.Mapping[typing.Any]
- Type: str
def get_boolean_attribute(
terraform_attribute: str
) -> IResolvable
- Type: str
def get_boolean_map_attribute(
terraform_attribute: str
) -> typing.Mapping[bool]
- Type: str
def get_list_attribute(
terraform_attribute: str
) -> typing.List[str]
- Type: str
def get_number_attribute(
terraform_attribute: str
) -> typing.Union[int, float]
- Type: str
def get_number_list_attribute(
terraform_attribute: str
) -> typing.List[typing.Union[int, float]]
- Type: str
def get_number_map_attribute(
terraform_attribute: str
) -> typing.Mapping[typing.Union[int, float]]
- Type: str
def get_string_attribute(
terraform_attribute: str
) -> str
- Type: str
def get_string_map_attribute(
terraform_attribute: str
) -> typing.Mapping[str]
- Type: str
def has_resource_move() -> typing.Union[TerraformResourceMoveByTarget, TerraformResourceMoveById]
def import_from(
id: str,
provider: TerraformProvider = None
) -> None
- Type: str
- Type: cdktf.TerraformProvider
def interpolation_for_attribute(
terraform_attribute: str
) -> IResolvable
- Type: str
def move_from_id(
id: str
) -> None
Move the resource corresponding to "id" to this resource.
Note that the resource being moved from must be marked as moved using it's instance function.
- Type: str
Full id of resource being moved from, e.g. "aws_s3_bucket.example".
def move_to(
move_target: str,
index: typing.Union[str, typing.Union[int, float]] = None
) -> None
Moves this resource to the target resource given by moveTarget.
- Type: str
The previously set user defined string set by .addMoveTarget() corresponding to the resource to move to.
- Type: typing.Union[str, typing.Union[int, float]]
Optional The index corresponding to the key the resource is to appear in the foreach of a resource to move to.
def move_to_id(
id: str
) -> None
Moves this resource to the resource corresponding to "id".
- Type: str
Full id of resource to move to, e.g. "aws_s3_bucket.example".
def reset_allowed_redirect_uris() -> None
def reset_backend() -> None
def reset_bound_audiences() -> None
def reset_bound_claims() -> None
def reset_bound_claims_type() -> None
def reset_bound_subject() -> None
def reset_claim_mappings() -> None
def reset_clock_skew_leeway() -> None
def reset_disable_bound_claims_parsing() -> None
def reset_expiration_leeway() -> None
def reset_groups_claim() -> None
def reset_id() -> None
def reset_max_age() -> None
def reset_namespace() -> None
def reset_not_before_leeway() -> None
def reset_oidc_scopes() -> None
def reset_role_type() -> None
def reset_token_bound_cidrs() -> None
def reset_token_explicit_max_ttl() -> None
def reset_token_max_ttl() -> None
def reset_token_no_default_policy() -> None
def reset_token_num_uses() -> None
def reset_token_period() -> None
def reset_token_policies() -> None
def reset_token_ttl() -> None
def reset_token_type() -> None
def reset_user_claim_json_pointer() -> None
def reset_verbose_oidc_logging() -> None
Name | Description |
---|---|
is_construct |
Checks if x is a construct. |
is_terraform_element |
No description. |
is_terraform_resource |
No description. |
generate_config_for_import |
Generates CDKTF code for importing a JwtAuthBackendRole resource upon running "cdktf plan ". |
from cdktf_cdktf_provider_vault import jwt_auth_backend_role
jwtAuthBackendRole.JwtAuthBackendRole.is_construct(
x: typing.Any
)
Checks if x
is a construct.
Use this method instead of instanceof
to properly detect Construct
instances, even when the construct library is symlinked.
Explanation: in JavaScript, multiple copies of the constructs
library on
disk are seen as independent, completely different libraries. As a
consequence, the class Construct
in each copy of the constructs
library
is seen as a different class, and an instance of one class will not test as
instanceof
the other class. npm install
will not create installations
like this, but users may manually symlink construct libraries together or
use a monorepo tool: in those cases, multiple copies of the constructs
library can be accidentally installed, and instanceof
will behave
unpredictably. It is safest to avoid using instanceof
, and using
this type-testing method instead.
- Type: typing.Any
Any object.
from cdktf_cdktf_provider_vault import jwt_auth_backend_role
jwtAuthBackendRole.JwtAuthBackendRole.is_terraform_element(
x: typing.Any
)
- Type: typing.Any
from cdktf_cdktf_provider_vault import jwt_auth_backend_role
jwtAuthBackendRole.JwtAuthBackendRole.is_terraform_resource(
x: typing.Any
)
- Type: typing.Any
from cdktf_cdktf_provider_vault import jwt_auth_backend_role
jwtAuthBackendRole.JwtAuthBackendRole.generate_config_for_import(
scope: Construct,
import_to_id: str,
import_from_id: str,
provider: TerraformProvider = None
)
Generates CDKTF code for importing a JwtAuthBackendRole resource upon running "cdktf plan ".
- Type: constructs.Construct
The scope in which to define this construct.
- Type: str
The construct id used in the generated config for the JwtAuthBackendRole to import.
- Type: str
The id of the existing JwtAuthBackendRole that should be imported.
Refer to the {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#import import section} in the documentation of this resource for the id to use
- Type: cdktf.TerraformProvider
? Optional instance of the provider where the JwtAuthBackendRole to import is found.
Name | Type | Description |
---|---|---|
node |
constructs.Node |
The tree node. |
cdktf_stack |
cdktf.TerraformStack |
No description. |
fqn |
str |
No description. |
friendly_unique_id |
str |
No description. |
terraform_meta_arguments |
typing.Mapping[typing.Any] |
No description. |
terraform_resource_type |
str |
No description. |
terraform_generator_metadata |
cdktf.TerraformProviderGeneratorMetadata |
No description. |
connection |
typing.Union[cdktf.SSHProvisionerConnection, cdktf.WinrmProvisionerConnection] |
No description. |
count |
typing.Union[typing.Union[int, float], cdktf.TerraformCount] |
No description. |
depends_on |
typing.List[str] |
No description. |
for_each |
cdktf.ITerraformIterator |
No description. |
lifecycle |
cdktf.TerraformResourceLifecycle |
No description. |
provider |
cdktf.TerraformProvider |
No description. |
provisioners |
typing.List[typing.Union[cdktf.FileProvisioner, cdktf.LocalExecProvisioner, cdktf.RemoteExecProvisioner]] |
No description. |
allowed_redirect_uris_input |
typing.List[str] |
No description. |
backend_input |
str |
No description. |
bound_audiences_input |
typing.List[str] |
No description. |
bound_claims_input |
typing.Mapping[str] |
No description. |
bound_claims_type_input |
str |
No description. |
bound_subject_input |
str |
No description. |
claim_mappings_input |
typing.Mapping[str] |
No description. |
clock_skew_leeway_input |
typing.Union[int, float] |
No description. |
disable_bound_claims_parsing_input |
typing.Union[bool, cdktf.IResolvable] |
No description. |
expiration_leeway_input |
typing.Union[int, float] |
No description. |
groups_claim_input |
str |
No description. |
id_input |
str |
No description. |
max_age_input |
typing.Union[int, float] |
No description. |
namespace_input |
str |
No description. |
not_before_leeway_input |
typing.Union[int, float] |
No description. |
oidc_scopes_input |
typing.List[str] |
No description. |
role_name_input |
str |
No description. |
role_type_input |
str |
No description. |
token_bound_cidrs_input |
typing.List[str] |
No description. |
token_explicit_max_ttl_input |
typing.Union[int, float] |
No description. |
token_max_ttl_input |
typing.Union[int, float] |
No description. |
token_no_default_policy_input |
typing.Union[bool, cdktf.IResolvable] |
No description. |
token_num_uses_input |
typing.Union[int, float] |
No description. |
token_period_input |
typing.Union[int, float] |
No description. |
token_policies_input |
typing.List[str] |
No description. |
token_ttl_input |
typing.Union[int, float] |
No description. |
token_type_input |
str |
No description. |
user_claim_input |
str |
No description. |
user_claim_json_pointer_input |
typing.Union[bool, cdktf.IResolvable] |
No description. |
verbose_oidc_logging_input |
typing.Union[bool, cdktf.IResolvable] |
No description. |
allowed_redirect_uris |
typing.List[str] |
No description. |
backend |
str |
No description. |
bound_audiences |
typing.List[str] |
No description. |
bound_claims |
typing.Mapping[str] |
No description. |
bound_claims_type |
str |
No description. |
bound_subject |
str |
No description. |
claim_mappings |
typing.Mapping[str] |
No description. |
clock_skew_leeway |
typing.Union[int, float] |
No description. |
disable_bound_claims_parsing |
typing.Union[bool, cdktf.IResolvable] |
No description. |
expiration_leeway |
typing.Union[int, float] |
No description. |
groups_claim |
str |
No description. |
id |
str |
No description. |
max_age |
typing.Union[int, float] |
No description. |
namespace |
str |
No description. |
not_before_leeway |
typing.Union[int, float] |
No description. |
oidc_scopes |
typing.List[str] |
No description. |
role_name |
str |
No description. |
role_type |
str |
No description. |
token_bound_cidrs |
typing.List[str] |
No description. |
token_explicit_max_ttl |
typing.Union[int, float] |
No description. |
token_max_ttl |
typing.Union[int, float] |
No description. |
token_no_default_policy |
typing.Union[bool, cdktf.IResolvable] |
No description. |
token_num_uses |
typing.Union[int, float] |
No description. |
token_period |
typing.Union[int, float] |
No description. |
token_policies |
typing.List[str] |
No description. |
token_ttl |
typing.Union[int, float] |
No description. |
token_type |
str |
No description. |
user_claim |
str |
No description. |
user_claim_json_pointer |
typing.Union[bool, cdktf.IResolvable] |
No description. |
verbose_oidc_logging |
typing.Union[bool, cdktf.IResolvable] |
No description. |
node: Node
- Type: constructs.Node
The tree node.
cdktf_stack: TerraformStack
- Type: cdktf.TerraformStack
fqn: str
- Type: str
friendly_unique_id: str
- Type: str
terraform_meta_arguments: typing.Mapping[typing.Any]
- Type: typing.Mapping[typing.Any]
terraform_resource_type: str
- Type: str
terraform_generator_metadata: TerraformProviderGeneratorMetadata
- Type: cdktf.TerraformProviderGeneratorMetadata
connection: typing.Union[SSHProvisionerConnection, WinrmProvisionerConnection]
- Type: typing.Union[cdktf.SSHProvisionerConnection, cdktf.WinrmProvisionerConnection]
count: typing.Union[typing.Union[int, float], TerraformCount]
- Type: typing.Union[typing.Union[int, float], cdktf.TerraformCount]
depends_on: typing.List[str]
- Type: typing.List[str]
for_each: ITerraformIterator
- Type: cdktf.ITerraformIterator
lifecycle: TerraformResourceLifecycle
- Type: cdktf.TerraformResourceLifecycle
provider: TerraformProvider
- Type: cdktf.TerraformProvider
provisioners: typing.List[typing.Union[FileProvisioner, LocalExecProvisioner, RemoteExecProvisioner]]
- Type: typing.List[typing.Union[cdktf.FileProvisioner, cdktf.LocalExecProvisioner, cdktf.RemoteExecProvisioner]]
allowed_redirect_uris_input: typing.List[str]
- Type: typing.List[str]
backend_input: str
- Type: str
bound_audiences_input: typing.List[str]
- Type: typing.List[str]
bound_claims_input: typing.Mapping[str]
- Type: typing.Mapping[str]
bound_claims_type_input: str
- Type: str
bound_subject_input: str
- Type: str
claim_mappings_input: typing.Mapping[str]
- Type: typing.Mapping[str]
clock_skew_leeway_input: typing.Union[int, float]
- Type: typing.Union[int, float]
disable_bound_claims_parsing_input: typing.Union[bool, IResolvable]
- Type: typing.Union[bool, cdktf.IResolvable]
expiration_leeway_input: typing.Union[int, float]
- Type: typing.Union[int, float]
groups_claim_input: str
- Type: str
id_input: str
- Type: str
max_age_input: typing.Union[int, float]
- Type: typing.Union[int, float]
namespace_input: str
- Type: str
not_before_leeway_input: typing.Union[int, float]
- Type: typing.Union[int, float]
oidc_scopes_input: typing.List[str]
- Type: typing.List[str]
role_name_input: str
- Type: str
role_type_input: str
- Type: str
token_bound_cidrs_input: typing.List[str]
- Type: typing.List[str]
token_explicit_max_ttl_input: typing.Union[int, float]
- Type: typing.Union[int, float]
token_max_ttl_input: typing.Union[int, float]
- Type: typing.Union[int, float]
token_no_default_policy_input: typing.Union[bool, IResolvable]
- Type: typing.Union[bool, cdktf.IResolvable]
token_num_uses_input: typing.Union[int, float]
- Type: typing.Union[int, float]
token_period_input: typing.Union[int, float]
- Type: typing.Union[int, float]
token_policies_input: typing.List[str]
- Type: typing.List[str]
token_ttl_input: typing.Union[int, float]
- Type: typing.Union[int, float]
token_type_input: str
- Type: str
user_claim_input: str
- Type: str
user_claim_json_pointer_input: typing.Union[bool, IResolvable]
- Type: typing.Union[bool, cdktf.IResolvable]
verbose_oidc_logging_input: typing.Union[bool, IResolvable]
- Type: typing.Union[bool, cdktf.IResolvable]
allowed_redirect_uris: typing.List[str]
- Type: typing.List[str]
backend: str
- Type: str
bound_audiences: typing.List[str]
- Type: typing.List[str]
bound_claims: typing.Mapping[str]
- Type: typing.Mapping[str]
bound_claims_type: str
- Type: str
bound_subject: str
- Type: str
claim_mappings: typing.Mapping[str]
- Type: typing.Mapping[str]
clock_skew_leeway: typing.Union[int, float]
- Type: typing.Union[int, float]
disable_bound_claims_parsing: typing.Union[bool, IResolvable]
- Type: typing.Union[bool, cdktf.IResolvable]
expiration_leeway: typing.Union[int, float]
- Type: typing.Union[int, float]
groups_claim: str
- Type: str
id: str
- Type: str
max_age: typing.Union[int, float]
- Type: typing.Union[int, float]
namespace: str
- Type: str
not_before_leeway: typing.Union[int, float]
- Type: typing.Union[int, float]
oidc_scopes: typing.List[str]
- Type: typing.List[str]
role_name: str
- Type: str
role_type: str
- Type: str
token_bound_cidrs: typing.List[str]
- Type: typing.List[str]
token_explicit_max_ttl: typing.Union[int, float]
- Type: typing.Union[int, float]
token_max_ttl: typing.Union[int, float]
- Type: typing.Union[int, float]
token_no_default_policy: typing.Union[bool, IResolvable]
- Type: typing.Union[bool, cdktf.IResolvable]
token_num_uses: typing.Union[int, float]
- Type: typing.Union[int, float]
token_period: typing.Union[int, float]
- Type: typing.Union[int, float]
token_policies: typing.List[str]
- Type: typing.List[str]
token_ttl: typing.Union[int, float]
- Type: typing.Union[int, float]
token_type: str
- Type: str
user_claim: str
- Type: str
user_claim_json_pointer: typing.Union[bool, IResolvable]
- Type: typing.Union[bool, cdktf.IResolvable]
verbose_oidc_logging: typing.Union[bool, IResolvable]
- Type: typing.Union[bool, cdktf.IResolvable]
Name | Type | Description |
---|---|---|
tfResourceType |
str |
No description. |
tfResourceType: str
- Type: str
from cdktf_cdktf_provider_vault import jwt_auth_backend_role
jwtAuthBackendRole.JwtAuthBackendRoleConfig(
connection: typing.Union[SSHProvisionerConnection, WinrmProvisionerConnection] = None,
count: typing.Union[typing.Union[int, float], TerraformCount] = None,
depends_on: typing.List[ITerraformDependable] = None,
for_each: ITerraformIterator = None,
lifecycle: TerraformResourceLifecycle = None,
provider: TerraformProvider = None,
provisioners: typing.List[typing.Union[FileProvisioner, LocalExecProvisioner, RemoteExecProvisioner]] = None,
role_name: str,
user_claim: str,
allowed_redirect_uris: typing.List[str] = None,
backend: str = None,
bound_audiences: typing.List[str] = None,
bound_claims: typing.Mapping[str] = None,
bound_claims_type: str = None,
bound_subject: str = None,
claim_mappings: typing.Mapping[str] = None,
clock_skew_leeway: typing.Union[int, float] = None,
disable_bound_claims_parsing: typing.Union[bool, IResolvable] = None,
expiration_leeway: typing.Union[int, float] = None,
groups_claim: str = None,
id: str = None,
max_age: typing.Union[int, float] = None,
namespace: str = None,
not_before_leeway: typing.Union[int, float] = None,
oidc_scopes: typing.List[str] = None,
role_type: str = None,
token_bound_cidrs: typing.List[str] = None,
token_explicit_max_ttl: typing.Union[int, float] = None,
token_max_ttl: typing.Union[int, float] = None,
token_no_default_policy: typing.Union[bool, IResolvable] = None,
token_num_uses: typing.Union[int, float] = None,
token_period: typing.Union[int, float] = None,
token_policies: typing.List[str] = None,
token_ttl: typing.Union[int, float] = None,
token_type: str = None,
user_claim_json_pointer: typing.Union[bool, IResolvable] = None,
verbose_oidc_logging: typing.Union[bool, IResolvable] = None
)
Name | Type | Description |
---|---|---|
connection |
typing.Union[cdktf.SSHProvisionerConnection, cdktf.WinrmProvisionerConnection] |
No description. |
count |
typing.Union[typing.Union[int, float], cdktf.TerraformCount] |
No description. |
depends_on |
typing.List[cdktf.ITerraformDependable] |
No description. |
for_each |
cdktf.ITerraformIterator |
No description. |
lifecycle |
cdktf.TerraformResourceLifecycle |
No description. |
provider |
cdktf.TerraformProvider |
No description. |
provisioners |
typing.List[typing.Union[cdktf.FileProvisioner, cdktf.LocalExecProvisioner, cdktf.RemoteExecProvisioner]] |
No description. |
role_name |
str |
Name of the role. |
user_claim |
str |
The claim to use to uniquely identify the user; |
allowed_redirect_uris |
typing.List[str] |
The list of allowed values for redirect_uri during OIDC logins. |
backend |
str |
Unique name of the auth backend to configure. |
bound_audiences |
typing.List[str] |
List of aud claims to match against. Any match is sufficient. |
bound_claims |
typing.Mapping[str] |
Map of claims/values to match against. The expected value may be a single string or a comma-separated string list. |
bound_claims_type |
str |
How to interpret values in the claims/values map: can be either "string" (exact match) or "glob" (wildcard match). |
bound_subject |
str |
If set, requires that the sub claim matches this value. |
claim_mappings |
typing.Mapping[str] |
Map of claims (keys) to be copied to specified metadata fields (values). |
clock_skew_leeway |
typing.Union[int, float] |
The amount of leeway to add to all claims to account for clock skew, in seconds. |
disable_bound_claims_parsing |
typing.Union[bool, cdktf.IResolvable] |
Disable bound claim value parsing. Useful when values contain commas. |
expiration_leeway |
typing.Union[int, float] |
The amount of leeway to add to expiration (exp) claims to account for clock skew, in seconds. |
groups_claim |
str |
The claim to use to uniquely identify the set of groups to which the user belongs; |
id |
str |
Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#id JwtAuthBackendRole#id}. |
max_age |
typing.Union[int, float] |
Specifies the allowable elapsed time in seconds since the last time the user was actively authenticated. |
namespace |
str |
Target namespace. (requires Enterprise). |
not_before_leeway |
typing.Union[int, float] |
The amount of leeway to add to not before (nbf) claims to account for clock skew, in seconds. |
oidc_scopes |
typing.List[str] |
List of OIDC scopes to be used with an OIDC role. |
role_type |
str |
Type of role, either "oidc" (default) or "jwt". |
token_bound_cidrs |
typing.List[str] |
Specifies the blocks of IP addresses which are allowed to use the generated token. |
token_explicit_max_ttl |
typing.Union[int, float] |
Generated Token's Explicit Maximum TTL in seconds. |
token_max_ttl |
typing.Union[int, float] |
The maximum lifetime of the generated token. |
token_no_default_policy |
typing.Union[bool, cdktf.IResolvable] |
If true, the 'default' policy will not automatically be added to generated tokens. |
token_num_uses |
typing.Union[int, float] |
The maximum number of times a token may be used, a value of zero means unlimited. |
token_period |
typing.Union[int, float] |
Generated Token's Period. |
token_policies |
typing.List[str] |
Generated Token's Policies. |
token_ttl |
typing.Union[int, float] |
The initial ttl of the token to generate in seconds. |
token_type |
str |
The type of token to generate, service or batch. |
user_claim_json_pointer |
typing.Union[bool, cdktf.IResolvable] |
Specifies if the user_claim value uses JSON pointer syntax for referencing claims. |
verbose_oidc_logging |
typing.Union[bool, cdktf.IResolvable] |
Log received OIDC tokens and claims when debug-level logging is active. |
connection: typing.Union[SSHProvisionerConnection, WinrmProvisionerConnection]
- Type: typing.Union[cdktf.SSHProvisionerConnection, cdktf.WinrmProvisionerConnection]
count: typing.Union[typing.Union[int, float], TerraformCount]
- Type: typing.Union[typing.Union[int, float], cdktf.TerraformCount]
depends_on: typing.List[ITerraformDependable]
- Type: typing.List[cdktf.ITerraformDependable]
for_each: ITerraformIterator
- Type: cdktf.ITerraformIterator
lifecycle: TerraformResourceLifecycle
- Type: cdktf.TerraformResourceLifecycle
provider: TerraformProvider
- Type: cdktf.TerraformProvider
provisioners: typing.List[typing.Union[FileProvisioner, LocalExecProvisioner, RemoteExecProvisioner]]
- Type: typing.List[typing.Union[cdktf.FileProvisioner, cdktf.LocalExecProvisioner, cdktf.RemoteExecProvisioner]]
role_name: str
- Type: str
Name of the role.
Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#role_name JwtAuthBackendRole#role_name}
user_claim: str
- Type: str
The claim to use to uniquely identify the user;
this will be used as the name for the Identity entity alias created due to a successful login.
Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#user_claim JwtAuthBackendRole#user_claim}
allowed_redirect_uris: typing.List[str]
- Type: typing.List[str]
The list of allowed values for redirect_uri during OIDC logins.
Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#allowed_redirect_uris JwtAuthBackendRole#allowed_redirect_uris}
backend: str
- Type: str
Unique name of the auth backend to configure.
Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#backend JwtAuthBackendRole#backend}
bound_audiences: typing.List[str]
- Type: typing.List[str]
List of aud claims to match against. Any match is sufficient.
Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#bound_audiences JwtAuthBackendRole#bound_audiences}
bound_claims: typing.Mapping[str]
- Type: typing.Mapping[str]
Map of claims/values to match against. The expected value may be a single string or a comma-separated string list.
Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#bound_claims JwtAuthBackendRole#bound_claims}
bound_claims_type: str
- Type: str
How to interpret values in the claims/values map: can be either "string" (exact match) or "glob" (wildcard match).
Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#bound_claims_type JwtAuthBackendRole#bound_claims_type}
bound_subject: str
- Type: str
If set, requires that the sub claim matches this value.
Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#bound_subject JwtAuthBackendRole#bound_subject}
claim_mappings: typing.Mapping[str]
- Type: typing.Mapping[str]
Map of claims (keys) to be copied to specified metadata fields (values).
Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#claim_mappings JwtAuthBackendRole#claim_mappings}
clock_skew_leeway: typing.Union[int, float]
- Type: typing.Union[int, float]
The amount of leeway to add to all claims to account for clock skew, in seconds.
Defaults to 60 seconds if set to 0 and can be disabled if set to -1. Only applicable with 'jwt' roles.
Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#clock_skew_leeway JwtAuthBackendRole#clock_skew_leeway}
disable_bound_claims_parsing: typing.Union[bool, IResolvable]
- Type: typing.Union[bool, cdktf.IResolvable]
Disable bound claim value parsing. Useful when values contain commas.
Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#disable_bound_claims_parsing JwtAuthBackendRole#disable_bound_claims_parsing}
expiration_leeway: typing.Union[int, float]
- Type: typing.Union[int, float]
The amount of leeway to add to expiration (exp) claims to account for clock skew, in seconds.
Defaults to 60 seconds if set to 0 and can be disabled if set to -1. Only applicable with 'jwt' roles.
Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#expiration_leeway JwtAuthBackendRole#expiration_leeway}
groups_claim: str
- Type: str
The claim to use to uniquely identify the set of groups to which the user belongs;
this will be used as the names for the Identity group aliases created due to a successful login. The claim value must be a list of strings.
Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#groups_claim JwtAuthBackendRole#groups_claim}
id: str
- Type: str
Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#id JwtAuthBackendRole#id}.
Please be aware that the id field is automatically added to all resources in Terraform providers using a Terraform provider SDK version below 2. If you experience problems setting this value it might not be settable. Please take a look at the provider documentation to ensure it should be settable.
max_age: typing.Union[int, float]
- Type: typing.Union[int, float]
Specifies the allowable elapsed time in seconds since the last time the user was actively authenticated.
Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#max_age JwtAuthBackendRole#max_age}
namespace: str
- Type: str
Target namespace. (requires Enterprise).
Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#namespace JwtAuthBackendRole#namespace}
not_before_leeway: typing.Union[int, float]
- Type: typing.Union[int, float]
The amount of leeway to add to not before (nbf) claims to account for clock skew, in seconds.
Defaults to 150 seconds if set to 0 and can be disabled if set to -1. Only applicable with 'jwt' roles.
Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#not_before_leeway JwtAuthBackendRole#not_before_leeway}
oidc_scopes: typing.List[str]
- Type: typing.List[str]
List of OIDC scopes to be used with an OIDC role.
The standard scope "openid" is automatically included and need not be specified.
Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#oidc_scopes JwtAuthBackendRole#oidc_scopes}
role_type: str
- Type: str
Type of role, either "oidc" (default) or "jwt".
Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#role_type JwtAuthBackendRole#role_type}
token_bound_cidrs: typing.List[str]
- Type: typing.List[str]
Specifies the blocks of IP addresses which are allowed to use the generated token.
Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#token_bound_cidrs JwtAuthBackendRole#token_bound_cidrs}
token_explicit_max_ttl: typing.Union[int, float]
- Type: typing.Union[int, float]
Generated Token's Explicit Maximum TTL in seconds.
Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#token_explicit_max_ttl JwtAuthBackendRole#token_explicit_max_ttl}
token_max_ttl: typing.Union[int, float]
- Type: typing.Union[int, float]
The maximum lifetime of the generated token.
Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#token_max_ttl JwtAuthBackendRole#token_max_ttl}
token_no_default_policy: typing.Union[bool, IResolvable]
- Type: typing.Union[bool, cdktf.IResolvable]
If true, the 'default' policy will not automatically be added to generated tokens.
Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#token_no_default_policy JwtAuthBackendRole#token_no_default_policy}
token_num_uses: typing.Union[int, float]
- Type: typing.Union[int, float]
The maximum number of times a token may be used, a value of zero means unlimited.
Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#token_num_uses JwtAuthBackendRole#token_num_uses}
token_period: typing.Union[int, float]
- Type: typing.Union[int, float]
Generated Token's Period.
Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#token_period JwtAuthBackendRole#token_period}
token_policies: typing.List[str]
- Type: typing.List[str]
Generated Token's Policies.
Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#token_policies JwtAuthBackendRole#token_policies}
token_ttl: typing.Union[int, float]
- Type: typing.Union[int, float]
The initial ttl of the token to generate in seconds.
Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#token_ttl JwtAuthBackendRole#token_ttl}
token_type: str
- Type: str
The type of token to generate, service or batch.
Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#token_type JwtAuthBackendRole#token_type}
user_claim_json_pointer: typing.Union[bool, IResolvable]
- Type: typing.Union[bool, cdktf.IResolvable]
Specifies if the user_claim value uses JSON pointer syntax for referencing claims.
By default, the user_claim value will not use JSON pointer.
Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#user_claim_json_pointer JwtAuthBackendRole#user_claim_json_pointer}
verbose_oidc_logging: typing.Union[bool, IResolvable]
- Type: typing.Union[bool, cdktf.IResolvable]
Log received OIDC tokens and claims when debug-level logging is active.
Not recommended in production since sensitive information may be present in OIDC responses.
Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/jwt_auth_backend_role#verbose_oidc_logging JwtAuthBackendRole#verbose_oidc_logging}