sdk/go/vault/kubernetes/authBackendRole.go

// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
// *** Do not edit by hand unless you're certain you know what you are doing! ***

package kubernetes

import (
	"context"
	"reflect"

	"github.com/pkg/errors"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

// Manages an Kubernetes auth backend role in a Vault server. See the [Vault
// documentation](https://www.vaultproject.io/docs/auth/kubernetes.html) for more
// information.
//
// ## Example Usage
//
// ```go
// package main
//
// import (
// 	"github.com/pulumi/pulumi-vault/sdk/v4/go/vault"
// 	"github.com/pulumi/pulumi-vault/sdk/v4/go/vault/kubernetes"
// 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
// )
//
// func main() {
// 	pulumi.Run(func(ctx *pulumi.Context) error {
// 		kubernetes, err := vault.NewAuthBackend(ctx, "kubernetes", &vault.AuthBackendArgs{
// 			Type: pulumi.String("kubernetes"),
// 		})
// 		if err != nil {
// 			return err
// 		}
// 		_, err = kubernetes.NewAuthBackendRole(ctx, "example", &kubernetes.AuthBackendRoleArgs{
// 			Backend:  kubernetes.Path,
// 			RoleName: pulumi.String("example-role"),
// 			BoundServiceAccountNames: pulumi.StringArray{
// 				pulumi.String("example"),
// 			},
// 			BoundServiceAccountNamespaces: pulumi.StringArray{
// 				pulumi.String("example"),
// 			},
// 			TokenTtl: pulumi.Int(3600),
// 			TokenPolicies: pulumi.StringArray{
// 				pulumi.String("default"),
// 				pulumi.String("dev"),
// 				pulumi.String("prod"),
// 			},
// 			Audience: pulumi.String("vault"),
// 		})
// 		if err != nil {
// 			return err
// 		}
// 		return nil
// 	})
// }
// ```
//
// ## Import
//
// Kubernetes auth backend role can be imported using the `path`, e.g.
//
// ```sh
//  $ pulumi import vault:kubernetes/authBackendRole:AuthBackendRole foo auth/kubernetes/role/foo
// ```
type AuthBackendRole struct {
	pulumi.CustomResourceState

	// Audience claim to verify in the JWT.
	Audience pulumi.StringPtrOutput `pulumi:"audience"`
	// Unique name of the kubernetes backend to configure.
	Backend pulumi.StringPtrOutput `pulumi:"backend"`
	// If set, a list of
	// CIDRs valid as the source address for login requests. This value is also encoded into any resulting token.
	//
	// Deprecated: use `token_bound_cidrs` instead if you are running Vault >= 1.2
	BoundCidrs pulumi.StringArrayOutput `pulumi:"boundCidrs"`
	// List of service account names able to access this role. If set to `["*"]` all names are allowed, both this and boundServiceAccountNamespaces can not be "*".
	BoundServiceAccountNames pulumi.StringArrayOutput `pulumi:"boundServiceAccountNames"`
	// List of namespaces allowed to access this role. If set to `["*"]` all namespaces are allowed, both this and boundServiceAccountNames can not be set to "*".
	BoundServiceAccountNamespaces pulumi.StringArrayOutput `pulumi:"boundServiceAccountNamespaces"`
	// The maximum allowed lifetime of tokens
	// issued using this role, provided as a number of seconds.
	//
	// Deprecated: use `token_max_ttl` instead if you are running Vault >= 1.2
	MaxTtl pulumi.IntPtrOutput `pulumi:"maxTtl"`
	// If set, puts a use-count
	// limitation on the issued token.
	//
	// Deprecated: use `token_num_uses` instead if you are running Vault >= 1.2
	NumUses pulumi.IntPtrOutput `pulumi:"numUses"`
	// If set, indicates that the
	// token generated using this role should never expire. The token should be renewed within the
	// duration specified by this value. At each renewal, the token's TTL will be set to the
	// value of this field. Specified in seconds.
	//
	// Deprecated: use `token_period` instead if you are running Vault >= 1.2
	Period pulumi.IntPtrOutput `pulumi:"period"`
	// An array of strings
	// specifying the policies to be set on tokens issued using this role.
	//
	// Deprecated: use `token_policies` instead if you are running Vault >= 1.2
	Policies pulumi.StringArrayOutput `pulumi:"policies"`
	// Name of the role.
	RoleName pulumi.StringOutput `pulumi:"roleName"`
	// List of CIDR blocks; if set, specifies blocks of IP
	// addresses which can authenticate successfully, and ties the resulting token to these blocks
	// as well.
	TokenBoundCidrs pulumi.StringArrayOutput `pulumi:"tokenBoundCidrs"`
	// If set, will encode an
	// [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
	// onto the token in number of seconds. This is a hard cap even if `tokenTtl` and
	// `tokenMaxTtl` would otherwise allow a renewal.
	TokenExplicitMaxTtl pulumi.IntPtrOutput `pulumi:"tokenExplicitMaxTtl"`
	// The maximum lifetime for generated tokens in number of seconds.
	// Its current value will be referenced at renewal time.
	TokenMaxTtl pulumi.IntPtrOutput `pulumi:"tokenMaxTtl"`
	// If set, the default policy will not be set on
	// generated tokens; otherwise it will be added to the policies set in token_policies.
	TokenNoDefaultPolicy pulumi.BoolPtrOutput `pulumi:"tokenNoDefaultPolicy"`
	// The
	// [period](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls),
	// if any, in number of seconds to set on the token.
	TokenNumUses pulumi.IntPtrOutput `pulumi:"tokenNumUses"`
	// If set, indicates that the
	// token generated using this role should never expire. The token should be renewed within the
	// duration specified by this value. At each renewal, the token's TTL will be set to the
	// value of this field. Specified in seconds.
	TokenPeriod pulumi.IntPtrOutput `pulumi:"tokenPeriod"`
	// List of policies to encode onto generated tokens. Depending
	// on the auth method, this list may be supplemented by user/group/other values.
	TokenPolicies pulumi.StringArrayOutput `pulumi:"tokenPolicies"`
	// The incremental lifetime for generated tokens in number of seconds.
	// Its current value will be referenced at renewal time.
	TokenTtl pulumi.IntPtrOutput `pulumi:"tokenTtl"`
	// The type of token that should be generated. Can be `service`,
	// `batch`, or `default` to use the mount's tuned default (which unless changed will be
	// `service` tokens). For token store roles, there are two additional possibilities:
	// `default-service` and `default-batch` which specify the type to return unless the client
	// requests a different type at generation time.
	TokenType pulumi.StringPtrOutput `pulumi:"tokenType"`
	// The TTL period of tokens issued
	// using this role, provided as a number of seconds.
	//
	// Deprecated: use `token_ttl` instead if you are running Vault >= 1.2
	Ttl pulumi.IntPtrOutput `pulumi:"ttl"`
}

// NewAuthBackendRole registers a new resource with the given unique name, arguments, and options.
func NewAuthBackendRole(ctx *pulumi.Context,
	name string, args *AuthBackendRoleArgs, opts ...pulumi.ResourceOption) (*AuthBackendRole, error) {
	if args == nil {
		return nil, errors.New("missing one or more required arguments")
	}

	if args.BoundServiceAccountNames == nil {
		return nil, errors.New("invalid value for required argument 'BoundServiceAccountNames'")
	}
	if args.BoundServiceAccountNamespaces == nil {
		return nil, errors.New("invalid value for required argument 'BoundServiceAccountNamespaces'")
	}
	if args.RoleName == nil {
		return nil, errors.New("invalid value for required argument 'RoleName'")
	}
	var resource AuthBackendRole
	err := ctx.RegisterResource("vault:kubernetes/authBackendRole:AuthBackendRole", name, args, &resource, opts...)
	if err != nil {
		return nil, err
	}
	return &resource, nil
}

// GetAuthBackendRole gets an existing AuthBackendRole resource's state with the given name, ID, and optional
// state properties that are used to uniquely qualify the lookup (nil if not required).
func GetAuthBackendRole(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AuthBackendRoleState, opts ...pulumi.ResourceOption) (*AuthBackendRole, error) {
	var resource AuthBackendRole
	err := ctx.ReadResource("vault:kubernetes/authBackendRole:AuthBackendRole", name, id, state, &resource, opts...)
	if err != nil {
		return nil, err
	}
	return &resource, nil
}

// Input properties used for looking up and filtering AuthBackendRole resources.
type authBackendRoleState struct {
	// Audience claim to verify in the JWT.
	Audience *string `pulumi:"audience"`
	// Unique name of the kubernetes backend to configure.
	Backend *string `pulumi:"backend"`
	// If set, a list of
	// CIDRs valid as the source address for login requests. This value is also encoded into any resulting token.
	//
	// Deprecated: use `token_bound_cidrs` instead if you are running Vault >= 1.2
	BoundCidrs []string `pulumi:"boundCidrs"`
	// List of service account names able to access this role. If set to `["*"]` all names are allowed, both this and boundServiceAccountNamespaces can not be "*".
	BoundServiceAccountNames []string `pulumi:"boundServiceAccountNames"`
	// List of namespaces allowed to access this role. If set to `["*"]` all namespaces are allowed, both this and boundServiceAccountNames can not be set to "*".
	BoundServiceAccountNamespaces []string `pulumi:"boundServiceAccountNamespaces"`
	// The maximum allowed lifetime of tokens
	// issued using this role, provided as a number of seconds.
	//
	// Deprecated: use `token_max_ttl` instead if you are running Vault >= 1.2
	MaxTtl *int `pulumi:"maxTtl"`
	// If set, puts a use-count
	// limitation on the issued token.
	//
	// Deprecated: use `token_num_uses` instead if you are running Vault >= 1.2
	NumUses *int `pulumi:"numUses"`
	// If set, indicates that the
	// token generated using this role should never expire. The token should be renewed within the
	// duration specified by this value. At each renewal, the token's TTL will be set to the
	// value of this field. Specified in seconds.
	//
	// Deprecated: use `token_period` instead if you are running Vault >= 1.2
	Period *int `pulumi:"period"`
	// An array of strings
	// specifying the policies to be set on tokens issued using this role.
	//
	// Deprecated: use `token_policies` instead if you are running Vault >= 1.2
	Policies []string `pulumi:"policies"`
	// Name of the role.
	RoleName *string `pulumi:"roleName"`
	// List of CIDR blocks; if set, specifies blocks of IP
	// addresses which can authenticate successfully, and ties the resulting token to these blocks
	// as well.
	TokenBoundCidrs []string `pulumi:"tokenBoundCidrs"`
	// If set, will encode an
	// [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
	// onto the token in number of seconds. This is a hard cap even if `tokenTtl` and
	// `tokenMaxTtl` would otherwise allow a renewal.
	TokenExplicitMaxTtl *int `pulumi:"tokenExplicitMaxTtl"`
	// The maximum lifetime for generated tokens in number of seconds.
	// Its current value will be referenced at renewal time.
	TokenMaxTtl *int `pulumi:"tokenMaxTtl"`
	// If set, the default policy will not be set on
	// generated tokens; otherwise it will be added to the policies set in token_policies.
	TokenNoDefaultPolicy *bool `pulumi:"tokenNoDefaultPolicy"`
	// The
	// [period](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls),
	// if any, in number of seconds to set on the token.
	TokenNumUses *int `pulumi:"tokenNumUses"`
	// If set, indicates that the
	// token generated using this role should never expire. The token should be renewed within the
	// duration specified by this value. At each renewal, the token's TTL will be set to the
	// value of this field. Specified in seconds.
	TokenPeriod *int `pulumi:"tokenPeriod"`
	// List of policies to encode onto generated tokens. Depending
	// on the auth method, this list may be supplemented by user/group/other values.
	TokenPolicies []string `pulumi:"tokenPolicies"`
	// The incremental lifetime for generated tokens in number of seconds.
	// Its current value will be referenced at renewal time.
	TokenTtl *int `pulumi:"tokenTtl"`
	// The type of token that should be generated. Can be `service`,
	// `batch`, or `default` to use the mount's tuned default (which unless changed will be
	// `service` tokens). For token store roles, there are two additional possibilities:
	// `default-service` and `default-batch` which specify the type to return unless the client
	// requests a different type at generation time.
	TokenType *string `pulumi:"tokenType"`
	// The TTL period of tokens issued
	// using this role, provided as a number of seconds.
	//
	// Deprecated: use `token_ttl` instead if you are running Vault >= 1.2
	Ttl *int `pulumi:"ttl"`
}

type AuthBackendRoleState struct {
	// Audience claim to verify in the JWT.
	Audience pulumi.StringPtrInput
	// Unique name of the kubernetes backend to configure.
	Backend pulumi.StringPtrInput
	// If set, a list of
	// CIDRs valid as the source address for login requests. This value is also encoded into any resulting token.
	//
	// Deprecated: use `token_bound_cidrs` instead if you are running Vault >= 1.2
	BoundCidrs pulumi.StringArrayInput
	// List of service account names able to access this role. If set to `["*"]` all names are allowed, both this and boundServiceAccountNamespaces can not be "*".
	BoundServiceAccountNames pulumi.StringArrayInput
	// List of namespaces allowed to access this role. If set to `["*"]` all namespaces are allowed, both this and boundServiceAccountNames can not be set to "*".
	BoundServiceAccountNamespaces pulumi.StringArrayInput
	// The maximum allowed lifetime of tokens
	// issued using this role, provided as a number of seconds.
	//
	// Deprecated: use `token_max_ttl` instead if you are running Vault >= 1.2
	MaxTtl pulumi.IntPtrInput
	// If set, puts a use-count
	// limitation on the issued token.
	//
	// Deprecated: use `token_num_uses` instead if you are running Vault >= 1.2
	NumUses pulumi.IntPtrInput
	// If set, indicates that the
	// token generated using this role should never expire. The token should be renewed within the
	// duration specified by this value. At each renewal, the token's TTL will be set to the
	// value of this field. Specified in seconds.
	//
	// Deprecated: use `token_period` instead if you are running Vault >= 1.2
	Period pulumi.IntPtrInput
	// An array of strings
	// specifying the policies to be set on tokens issued using this role.
	//
	// Deprecated: use `token_policies` instead if you are running Vault >= 1.2
	Policies pulumi.StringArrayInput
	// Name of the role.
	RoleName pulumi.StringPtrInput
	// List of CIDR blocks; if set, specifies blocks of IP
	// addresses which can authenticate successfully, and ties the resulting token to these blocks
	// as well.
	TokenBoundCidrs pulumi.StringArrayInput
	// If set, will encode an
	// [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
	// onto the token in number of seconds. This is a hard cap even if `tokenTtl` and
	// `tokenMaxTtl` would otherwise allow a renewal.
	TokenExplicitMaxTtl pulumi.IntPtrInput
	// The maximum lifetime for generated tokens in number of seconds.
	// Its current value will be referenced at renewal time.
	TokenMaxTtl pulumi.IntPtrInput
	// If set, the default policy will not be set on
	// generated tokens; otherwise it will be added to the policies set in token_policies.
	TokenNoDefaultPolicy pulumi.BoolPtrInput
	// The
	// [period](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls),
	// if any, in number of seconds to set on the token.
	TokenNumUses pulumi.IntPtrInput
	// If set, indicates that the
	// token generated using this role should never expire. The token should be renewed within the
	// duration specified by this value. At each renewal, the token's TTL will be set to the
	// value of this field. Specified in seconds.
	TokenPeriod pulumi.IntPtrInput
	// List of policies to encode onto generated tokens. Depending
	// on the auth method, this list may be supplemented by user/group/other values.
	TokenPolicies pulumi.StringArrayInput
	// The incremental lifetime for generated tokens in number of seconds.
	// Its current value will be referenced at renewal time.
	TokenTtl pulumi.IntPtrInput
	// The type of token that should be generated. Can be `service`,
	// `batch`, or `default` to use the mount's tuned default (which unless changed will be
	// `service` tokens). For token store roles, there are two additional possibilities:
	// `default-service` and `default-batch` which specify the type to return unless the client
	// requests a different type at generation time.
	TokenType pulumi.StringPtrInput
	// The TTL period of tokens issued
	// using this role, provided as a number of seconds.
	//
	// Deprecated: use `token_ttl` instead if you are running Vault >= 1.2
	Ttl pulumi.IntPtrInput
}

func (AuthBackendRoleState) ElementType() reflect.Type {
	return reflect.TypeOf((*authBackendRoleState)(nil)).Elem()
}

type authBackendRoleArgs struct {
	// Audience claim to verify in the JWT.
	Audience *string `pulumi:"audience"`
	// Unique name of the kubernetes backend to configure.
	Backend *string `pulumi:"backend"`
	// If set, a list of
	// CIDRs valid as the source address for login requests. This value is also encoded into any resulting token.
	//
	// Deprecated: use `token_bound_cidrs` instead if you are running Vault >= 1.2
	BoundCidrs []string `pulumi:"boundCidrs"`
	// List of service account names able to access this role. If set to `["*"]` all names are allowed, both this and boundServiceAccountNamespaces can not be "*".
	BoundServiceAccountNames []string `pulumi:"boundServiceAccountNames"`
	// List of namespaces allowed to access this role. If set to `["*"]` all namespaces are allowed, both this and boundServiceAccountNames can not be set to "*".
	BoundServiceAccountNamespaces []string `pulumi:"boundServiceAccountNamespaces"`
	// The maximum allowed lifetime of tokens
	// issued using this role, provided as a number of seconds.
	//
	// Deprecated: use `token_max_ttl` instead if you are running Vault >= 1.2
	MaxTtl *int `pulumi:"maxTtl"`
	// If set, puts a use-count
	// limitation on the issued token.
	//
	// Deprecated: use `token_num_uses` instead if you are running Vault >= 1.2
	NumUses *int `pulumi:"numUses"`
	// If set, indicates that the
	// token generated using this role should never expire. The token should be renewed within the
	// duration specified by this value. At each renewal, the token's TTL will be set to the
	// value of this field. Specified in seconds.
	//
	// Deprecated: use `token_period` instead if you are running Vault >= 1.2
	Period *int `pulumi:"period"`
	// An array of strings
	// specifying the policies to be set on tokens issued using this role.
	//
	// Deprecated: use `token_policies` instead if you are running Vault >= 1.2
	Policies []string `pulumi:"policies"`
	// Name of the role.
	RoleName string `pulumi:"roleName"`
	// List of CIDR blocks; if set, specifies blocks of IP
	// addresses which can authenticate successfully, and ties the resulting token to these blocks
	// as well.
	TokenBoundCidrs []string `pulumi:"tokenBoundCidrs"`
	// If set, will encode an
	// [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
	// onto the token in number of seconds. This is a hard cap even if `tokenTtl` and
	// `tokenMaxTtl` would otherwise allow a renewal.
	TokenExplicitMaxTtl *int `pulumi:"tokenExplicitMaxTtl"`
	// The maximum lifetime for generated tokens in number of seconds.
	// Its current value will be referenced at renewal time.
	TokenMaxTtl *int `pulumi:"tokenMaxTtl"`
	// If set, the default policy will not be set on
	// generated tokens; otherwise it will be added to the policies set in token_policies.
	TokenNoDefaultPolicy *bool `pulumi:"tokenNoDefaultPolicy"`
	// The
	// [period](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls),
	// if any, in number of seconds to set on the token.
	TokenNumUses *int `pulumi:"tokenNumUses"`
	// If set, indicates that the
	// token generated using this role should never expire. The token should be renewed within the
	// duration specified by this value. At each renewal, the token's TTL will be set to the
	// value of this field. Specified in seconds.
	TokenPeriod *int `pulumi:"tokenPeriod"`
	// List of policies to encode onto generated tokens. Depending
	// on the auth method, this list may be supplemented by user/group/other values.
	TokenPolicies []string `pulumi:"tokenPolicies"`
	// The incremental lifetime for generated tokens in number of seconds.
	// Its current value will be referenced at renewal time.
	TokenTtl *int `pulumi:"tokenTtl"`
	// The type of token that should be generated. Can be `service`,
	// `batch`, or `default` to use the mount's tuned default (which unless changed will be
	// `service` tokens). For token store roles, there are two additional possibilities:
	// `default-service` and `default-batch` which specify the type to return unless the client
	// requests a different type at generation time.
	TokenType *string `pulumi:"tokenType"`
	// The TTL period of tokens issued
	// using this role, provided as a number of seconds.
	//
	// Deprecated: use `token_ttl` instead if you are running Vault >= 1.2
	Ttl *int `pulumi:"ttl"`
}

// The set of arguments for constructing a AuthBackendRole resource.
type AuthBackendRoleArgs struct {
	// Audience claim to verify in the JWT.
	Audience pulumi.StringPtrInput
	// Unique name of the kubernetes backend to configure.
	Backend pulumi.StringPtrInput
	// If set, a list of
	// CIDRs valid as the source address for login requests. This value is also encoded into any resulting token.
	//
	// Deprecated: use `token_bound_cidrs` instead if you are running Vault >= 1.2
	BoundCidrs pulumi.StringArrayInput
	// List of service account names able to access this role. If set to `["*"]` all names are allowed, both this and boundServiceAccountNamespaces can not be "*".
	BoundServiceAccountNames pulumi.StringArrayInput
	// List of namespaces allowed to access this role. If set to `["*"]` all namespaces are allowed, both this and boundServiceAccountNames can not be set to "*".
	BoundServiceAccountNamespaces pulumi.StringArrayInput
	// The maximum allowed lifetime of tokens
	// issued using this role, provided as a number of seconds.
	//
	// Deprecated: use `token_max_ttl` instead if you are running Vault >= 1.2
	MaxTtl pulumi.IntPtrInput
	// If set, puts a use-count
	// limitation on the issued token.
	//
	// Deprecated: use `token_num_uses` instead if you are running Vault >= 1.2
	NumUses pulumi.IntPtrInput
	// If set, indicates that the
	// token generated using this role should never expire. The token should be renewed within the
	// duration specified by this value. At each renewal, the token's TTL will be set to the
	// value of this field. Specified in seconds.
	//
	// Deprecated: use `token_period` instead if you are running Vault >= 1.2
	Period pulumi.IntPtrInput
	// An array of strings
	// specifying the policies to be set on tokens issued using this role.
	//
	// Deprecated: use `token_policies` instead if you are running Vault >= 1.2
	Policies pulumi.StringArrayInput
	// Name of the role.
	RoleName pulumi.StringInput
	// List of CIDR blocks; if set, specifies blocks of IP
	// addresses which can authenticate successfully, and ties the resulting token to these blocks
	// as well.
	TokenBoundCidrs pulumi.StringArrayInput
	// If set, will encode an
	// [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
	// onto the token in number of seconds. This is a hard cap even if `tokenTtl` and
	// `tokenMaxTtl` would otherwise allow a renewal.
	TokenExplicitMaxTtl pulumi.IntPtrInput
	// The maximum lifetime for generated tokens in number of seconds.
	// Its current value will be referenced at renewal time.
	TokenMaxTtl pulumi.IntPtrInput
	// If set, the default policy will not be set on
	// generated tokens; otherwise it will be added to the policies set in token_policies.
	TokenNoDefaultPolicy pulumi.BoolPtrInput
	// The
	// [period](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls),
	// if any, in number of seconds to set on the token.
	TokenNumUses pulumi.IntPtrInput
	// If set, indicates that the
	// token generated using this role should never expire. The token should be renewed within the
	// duration specified by this value. At each renewal, the token's TTL will be set to the
	// value of this field. Specified in seconds.
	TokenPeriod pulumi.IntPtrInput
	// List of policies to encode onto generated tokens. Depending
	// on the auth method, this list may be supplemented by user/group/other values.
	TokenPolicies pulumi.StringArrayInput
	// The incremental lifetime for generated tokens in number of seconds.
	// Its current value will be referenced at renewal time.
	TokenTtl pulumi.IntPtrInput
	// The type of token that should be generated. Can be `service`,
	// `batch`, or `default` to use the mount's tuned default (which unless changed will be
	// `service` tokens). For token store roles, there are two additional possibilities:
	// `default-service` and `default-batch` which specify the type to return unless the client
	// requests a different type at generation time.
	TokenType pulumi.StringPtrInput
	// The TTL period of tokens issued
	// using this role, provided as a number of seconds.
	//
	// Deprecated: use `token_ttl` instead if you are running Vault >= 1.2
	Ttl pulumi.IntPtrInput
}

func (AuthBackendRoleArgs) ElementType() reflect.Type {
	return reflect.TypeOf((*authBackendRoleArgs)(nil)).Elem()
}

type AuthBackendRoleInput interface {
	pulumi.Input

	ToAuthBackendRoleOutput() AuthBackendRoleOutput
	ToAuthBackendRoleOutputWithContext(ctx context.Context) AuthBackendRoleOutput
}

func (*AuthBackendRole) ElementType() reflect.Type {
	return reflect.TypeOf((*AuthBackendRole)(nil))
}

func (i *AuthBackendRole) ToAuthBackendRoleOutput() AuthBackendRoleOutput {
	return i.ToAuthBackendRoleOutputWithContext(context.Background())
}

func (i *AuthBackendRole) ToAuthBackendRoleOutputWithContext(ctx context.Context) AuthBackendRoleOutput {
	return pulumi.ToOutputWithContext(ctx, i).(AuthBackendRoleOutput)
}

func (i *AuthBackendRole) ToAuthBackendRolePtrOutput() AuthBackendRolePtrOutput {
	return i.ToAuthBackendRolePtrOutputWithContext(context.Background())
}

func (i *AuthBackendRole) ToAuthBackendRolePtrOutputWithContext(ctx context.Context) AuthBackendRolePtrOutput {
	return pulumi.ToOutputWithContext(ctx, i).(AuthBackendRolePtrOutput)
}

type AuthBackendRolePtrInput interface {
	pulumi.Input

	ToAuthBackendRolePtrOutput() AuthBackendRolePtrOutput
	ToAuthBackendRolePtrOutputWithContext(ctx context.Context) AuthBackendRolePtrOutput
}

type authBackendRolePtrType AuthBackendRoleArgs

func (*authBackendRolePtrType) ElementType() reflect.Type {
	return reflect.TypeOf((**AuthBackendRole)(nil))
}

func (i *authBackendRolePtrType) ToAuthBackendRolePtrOutput() AuthBackendRolePtrOutput {
	return i.ToAuthBackendRolePtrOutputWithContext(context.Background())
}

func (i *authBackendRolePtrType) ToAuthBackendRolePtrOutputWithContext(ctx context.Context) AuthBackendRolePtrOutput {
	return pulumi.ToOutputWithContext(ctx, i).(AuthBackendRolePtrOutput)
}

// AuthBackendRoleArrayInput is an input type that accepts AuthBackendRoleArray and AuthBackendRoleArrayOutput values.
// You can construct a concrete instance of `AuthBackendRoleArrayInput` via:
//
//          AuthBackendRoleArray{ AuthBackendRoleArgs{...} }
type AuthBackendRoleArrayInput interface {
	pulumi.Input

	ToAuthBackendRoleArrayOutput() AuthBackendRoleArrayOutput
	ToAuthBackendRoleArrayOutputWithContext(context.Context) AuthBackendRoleArrayOutput
}

type AuthBackendRoleArray []AuthBackendRoleInput

func (AuthBackendRoleArray) ElementType() reflect.Type {
	return reflect.TypeOf((*[]*AuthBackendRole)(nil)).Elem()
}

func (i AuthBackendRoleArray) ToAuthBackendRoleArrayOutput() AuthBackendRoleArrayOutput {
	return i.ToAuthBackendRoleArrayOutputWithContext(context.Background())
}

func (i AuthBackendRoleArray) ToAuthBackendRoleArrayOutputWithContext(ctx context.Context) AuthBackendRoleArrayOutput {
	return pulumi.ToOutputWithContext(ctx, i).(AuthBackendRoleArrayOutput)
}

// AuthBackendRoleMapInput is an input type that accepts AuthBackendRoleMap and AuthBackendRoleMapOutput values.
// You can construct a concrete instance of `AuthBackendRoleMapInput` via:
//
//          AuthBackendRoleMap{ "key": AuthBackendRoleArgs{...} }
type AuthBackendRoleMapInput interface {
	pulumi.Input

	ToAuthBackendRoleMapOutput() AuthBackendRoleMapOutput
	ToAuthBackendRoleMapOutputWithContext(context.Context) AuthBackendRoleMapOutput
}

type AuthBackendRoleMap map[string]AuthBackendRoleInput

func (AuthBackendRoleMap) ElementType() reflect.Type {
	return reflect.TypeOf((*map[string]*AuthBackendRole)(nil)).Elem()
}

func (i AuthBackendRoleMap) ToAuthBackendRoleMapOutput() AuthBackendRoleMapOutput {
	return i.ToAuthBackendRoleMapOutputWithContext(context.Background())
}

func (i AuthBackendRoleMap) ToAuthBackendRoleMapOutputWithContext(ctx context.Context) AuthBackendRoleMapOutput {
	return pulumi.ToOutputWithContext(ctx, i).(AuthBackendRoleMapOutput)
}

type AuthBackendRoleOutput struct{ *pulumi.OutputState }

func (AuthBackendRoleOutput) ElementType() reflect.Type {
	return reflect.TypeOf((*AuthBackendRole)(nil))
}

func (o AuthBackendRoleOutput) ToAuthBackendRoleOutput() AuthBackendRoleOutput {
	return o
}

func (o AuthBackendRoleOutput) ToAuthBackendRoleOutputWithContext(ctx context.Context) AuthBackendRoleOutput {
	return o
}

func (o AuthBackendRoleOutput) ToAuthBackendRolePtrOutput() AuthBackendRolePtrOutput {
	return o.ToAuthBackendRolePtrOutputWithContext(context.Background())
}

func (o AuthBackendRoleOutput) ToAuthBackendRolePtrOutputWithContext(ctx context.Context) AuthBackendRolePtrOutput {
	return o.ApplyTWithContext(ctx, func(_ context.Context, v AuthBackendRole) *AuthBackendRole {
		return &v
	}).(AuthBackendRolePtrOutput)
}

type AuthBackendRolePtrOutput struct{ *pulumi.OutputState }

func (AuthBackendRolePtrOutput) ElementType() reflect.Type {
	return reflect.TypeOf((**AuthBackendRole)(nil))
}

func (o AuthBackendRolePtrOutput) ToAuthBackendRolePtrOutput() AuthBackendRolePtrOutput {
	return o
}

func (o AuthBackendRolePtrOutput) ToAuthBackendRolePtrOutputWithContext(ctx context.Context) AuthBackendRolePtrOutput {
	return o
}

func (o AuthBackendRolePtrOutput) Elem() AuthBackendRoleOutput {
	return o.ApplyT(func(v *AuthBackendRole) AuthBackendRole {
		if v != nil {
			return *v
		}
		var ret AuthBackendRole
		return ret
	}).(AuthBackendRoleOutput)
}

type AuthBackendRoleArrayOutput struct{ *pulumi.OutputState }

func (AuthBackendRoleArrayOutput) ElementType() reflect.Type {
	return reflect.TypeOf((*[]AuthBackendRole)(nil))
}

func (o AuthBackendRoleArrayOutput) ToAuthBackendRoleArrayOutput() AuthBackendRoleArrayOutput {
	return o
}

func (o AuthBackendRoleArrayOutput) ToAuthBackendRoleArrayOutputWithContext(ctx context.Context) AuthBackendRoleArrayOutput {
	return o
}

func (o AuthBackendRoleArrayOutput) Index(i pulumi.IntInput) AuthBackendRoleOutput {
	return pulumi.All(o, i).ApplyT(func(vs []interface{}) AuthBackendRole {
		return vs[0].([]AuthBackendRole)[vs[1].(int)]
	}).(AuthBackendRoleOutput)
}

type AuthBackendRoleMapOutput struct{ *pulumi.OutputState }

func (AuthBackendRoleMapOutput) ElementType() reflect.Type {
	return reflect.TypeOf((*map[string]AuthBackendRole)(nil))
}

func (o AuthBackendRoleMapOutput) ToAuthBackendRoleMapOutput() AuthBackendRoleMapOutput {
	return o
}

func (o AuthBackendRoleMapOutput) ToAuthBackendRoleMapOutputWithContext(ctx context.Context) AuthBackendRoleMapOutput {
	return o
}

func (o AuthBackendRoleMapOutput) MapIndex(k pulumi.StringInput) AuthBackendRoleOutput {
	return pulumi.All(o, k).ApplyT(func(vs []interface{}) AuthBackendRole {
		return vs[0].(map[string]AuthBackendRole)[vs[1].(string)]
	}).(AuthBackendRoleOutput)
}

func init() {
	pulumi.RegisterInputType(reflect.TypeOf((*AuthBackendRoleInput)(nil)).Elem(), &AuthBackendRole{})
	pulumi.RegisterInputType(reflect.TypeOf((*AuthBackendRolePtrInput)(nil)).Elem(), &AuthBackendRole{})
	pulumi.RegisterInputType(reflect.TypeOf((*AuthBackendRoleArrayInput)(nil)).Elem(), AuthBackendRoleArray{})
	pulumi.RegisterInputType(reflect.TypeOf((*AuthBackendRoleMapInput)(nil)).Elem(), AuthBackendRoleMap{})
	pulumi.RegisterOutputType(AuthBackendRoleOutput{})
	pulumi.RegisterOutputType(AuthBackendRolePtrOutput{})
	pulumi.RegisterOutputType(AuthBackendRoleArrayOutput{})
	pulumi.RegisterOutputType(AuthBackendRoleMapOutput{})
}