1. Packages
  2. Pulumi Vault Provider
  3. API Docs
  4. mongodbatlas
  5. SecretRole
HashiCorp Vault v6.4.0 published on Wednesday, Nov 20, 2024 by Pulumi

vault.mongodbatlas.SecretRole

Explore with Pulumi AI

vault logo
HashiCorp Vault v6.4.0 published on Wednesday, Nov 20, 2024 by Pulumi

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as vault from "@pulumi/vault";
    
    const mongo = new vault.Mount("mongo", {
        path: "%s",
        type: "mongodbatlas",
        description: "MongoDB Atlas secret engine mount",
    });
    const config = new vault.mongodbatlas.SecretBackend("config", {
        mount: mongo.path,
        privateKey: "privateKey",
        publicKey: "publicKey",
    });
    const role = new vault.mongodbatlas.SecretRole("role", {
        mount: mongo.path,
        name: "tf-test-role",
        organizationId: "7cf5a45a9ccf6400e60981b7",
        projectId: "5cf5a45a9ccf6400e60981b6",
        roles: ["ORG_READ_ONLY"],
        ipAddresses: "192.168.1.5, 192.168.1.6",
        cidrBlocks: "192.168.1.3/35",
        projectRoles: ["GROUP_READ_ONLY"],
        ttl: "60",
        maxTtl: "120",
    });
    
    import pulumi
    import pulumi_vault as vault
    
    mongo = vault.Mount("mongo",
        path="%s",
        type="mongodbatlas",
        description="MongoDB Atlas secret engine mount")
    config = vault.mongodbatlas.SecretBackend("config",
        mount=mongo.path,
        private_key="privateKey",
        public_key="publicKey")
    role = vault.mongodbatlas.SecretRole("role",
        mount=mongo.path,
        name="tf-test-role",
        organization_id="7cf5a45a9ccf6400e60981b7",
        project_id="5cf5a45a9ccf6400e60981b6",
        roles=["ORG_READ_ONLY"],
        ip_addresses="192.168.1.5, 192.168.1.6",
        cidr_blocks="192.168.1.3/35",
        project_roles=["GROUP_READ_ONLY"],
        ttl="60",
        max_ttl="120")
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-vault/sdk/v6/go/vault"
    	"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/mongodbatlas"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		mongo, err := vault.NewMount(ctx, "mongo", &vault.MountArgs{
    			Path:        pulumi.String("%s"),
    			Type:        pulumi.String("mongodbatlas"),
    			Description: pulumi.String("MongoDB Atlas secret engine mount"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = mongodbatlas.NewSecretBackend(ctx, "config", &mongodbatlas.SecretBackendArgs{
    			Mount:      mongo.Path,
    			PrivateKey: pulumi.String("privateKey"),
    			PublicKey:  pulumi.String("publicKey"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = mongodbatlas.NewSecretRole(ctx, "role", &mongodbatlas.SecretRoleArgs{
    			Mount:          mongo.Path,
    			Name:           pulumi.String("tf-test-role"),
    			OrganizationId: pulumi.String("7cf5a45a9ccf6400e60981b7"),
    			ProjectId:      pulumi.String("5cf5a45a9ccf6400e60981b6"),
    			Roles: pulumi.StringArray{
    				pulumi.String("ORG_READ_ONLY"),
    			},
    			IpAddresses: pulumi.StringArray("192.168.1.5, 192.168.1.6"),
    			CidrBlocks:  pulumi.StringArray("192.168.1.3/35"),
    			ProjectRoles: pulumi.StringArray{
    				pulumi.String("GROUP_READ_ONLY"),
    			},
    			Ttl:    pulumi.String("60"),
    			MaxTtl: pulumi.String("120"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Vault = Pulumi.Vault;
    
    return await Deployment.RunAsync(() => 
    {
        var mongo = new Vault.Mount("mongo", new()
        {
            Path = "%s",
            Type = "mongodbatlas",
            Description = "MongoDB Atlas secret engine mount",
        });
    
        var config = new Vault.MongoDBAtlas.SecretBackend("config", new()
        {
            Mount = mongo.Path,
            PrivateKey = "privateKey",
            PublicKey = "publicKey",
        });
    
        var role = new Vault.MongoDBAtlas.SecretRole("role", new()
        {
            Mount = mongo.Path,
            Name = "tf-test-role",
            OrganizationId = "7cf5a45a9ccf6400e60981b7",
            ProjectId = "5cf5a45a9ccf6400e60981b6",
            Roles = new[]
            {
                "ORG_READ_ONLY",
            },
            IpAddresses = "192.168.1.5, 192.168.1.6",
            CidrBlocks = "192.168.1.3/35",
            ProjectRoles = new[]
            {
                "GROUP_READ_ONLY",
            },
            Ttl = "60",
            MaxTtl = "120",
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.vault.Mount;
    import com.pulumi.vault.MountArgs;
    import com.pulumi.vault.mongodbatlas.SecretBackend;
    import com.pulumi.vault.mongodbatlas.SecretBackendArgs;
    import com.pulumi.vault.mongodbatlas.SecretRole;
    import com.pulumi.vault.mongodbatlas.SecretRoleArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var mongo = new Mount("mongo", MountArgs.builder()
                .path("%s")
                .type("mongodbatlas")
                .description("MongoDB Atlas secret engine mount")
                .build());
    
            var config = new SecretBackend("config", SecretBackendArgs.builder()
                .mount(mongo.path())
                .privateKey("privateKey")
                .publicKey("publicKey")
                .build());
    
            var role = new SecretRole("role", SecretRoleArgs.builder()
                .mount(mongo.path())
                .name("tf-test-role")
                .organizationId("7cf5a45a9ccf6400e60981b7")
                .projectId("5cf5a45a9ccf6400e60981b6")
                .roles("ORG_READ_ONLY")
                .ipAddresses("192.168.1.5, 192.168.1.6")
                .cidrBlocks("192.168.1.3/35")
                .projectRoles("GROUP_READ_ONLY")
                .ttl("60")
                .maxTtl("120")
                .build());
    
        }
    }
    
    resources:
      mongo:
        type: vault:Mount
        properties:
          path: '%s'
          type: mongodbatlas
          description: MongoDB Atlas secret engine mount
      config:
        type: vault:mongodbatlas:SecretBackend
        properties:
          mount: ${mongo.path}
          privateKey: privateKey
          publicKey: publicKey
      role:
        type: vault:mongodbatlas:SecretRole
        properties:
          mount: ${mongo.path}
          name: tf-test-role
          organizationId: 7cf5a45a9ccf6400e60981b7
          projectId: 5cf5a45a9ccf6400e60981b6
          roles:
            - ORG_READ_ONLY
          ipAddresses: 192.168.1.5, 192.168.1.6
          cidrBlocks: 192.168.1.3/35
          projectRoles:
            - GROUP_READ_ONLY
          ttl: '60'
          maxTtl: '120'
    

    Create SecretRole Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new SecretRole(name: string, args: SecretRoleArgs, opts?: CustomResourceOptions);
    @overload
    def SecretRole(resource_name: str,
                   args: SecretRoleArgs,
                   opts: Optional[ResourceOptions] = None)
    
    @overload
    def SecretRole(resource_name: str,
                   opts: Optional[ResourceOptions] = None,
                   mount: Optional[str] = None,
                   roles: Optional[Sequence[str]] = None,
                   cidr_blocks: Optional[Sequence[str]] = None,
                   ip_addresses: Optional[Sequence[str]] = None,
                   max_ttl: Optional[str] = None,
                   name: Optional[str] = None,
                   namespace: Optional[str] = None,
                   organization_id: Optional[str] = None,
                   project_id: Optional[str] = None,
                   project_roles: Optional[Sequence[str]] = None,
                   ttl: Optional[str] = None)
    func NewSecretRole(ctx *Context, name string, args SecretRoleArgs, opts ...ResourceOption) (*SecretRole, error)
    public SecretRole(string name, SecretRoleArgs args, CustomResourceOptions? opts = null)
    public SecretRole(String name, SecretRoleArgs args)
    public SecretRole(String name, SecretRoleArgs args, CustomResourceOptions options)
    
    type: vault:mongodbatlas:SecretRole
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args SecretRoleArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args SecretRoleArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args SecretRoleArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args SecretRoleArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args SecretRoleArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var examplesecretRoleResourceResourceFromMongodbatlassecretRole = new Vault.MongoDBAtlas.SecretRole("examplesecretRoleResourceResourceFromMongodbatlassecretRole", new()
    {
        Mount = "string",
        Roles = new[]
        {
            "string",
        },
        CidrBlocks = new[]
        {
            "string",
        },
        IpAddresses = new[]
        {
            "string",
        },
        MaxTtl = "string",
        Name = "string",
        Namespace = "string",
        OrganizationId = "string",
        ProjectId = "string",
        ProjectRoles = new[]
        {
            "string",
        },
        Ttl = "string",
    });
    
    example, err := mongodbatlas.NewSecretRole(ctx, "examplesecretRoleResourceResourceFromMongodbatlassecretRole", &mongodbatlas.SecretRoleArgs{
    	Mount: pulumi.String("string"),
    	Roles: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	CidrBlocks: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	IpAddresses: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	MaxTtl:         pulumi.String("string"),
    	Name:           pulumi.String("string"),
    	Namespace:      pulumi.String("string"),
    	OrganizationId: pulumi.String("string"),
    	ProjectId:      pulumi.String("string"),
    	ProjectRoles: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	Ttl: pulumi.String("string"),
    })
    
    var examplesecretRoleResourceResourceFromMongodbatlassecretRole = new SecretRole("examplesecretRoleResourceResourceFromMongodbatlassecretRole", SecretRoleArgs.builder()
        .mount("string")
        .roles("string")
        .cidrBlocks("string")
        .ipAddresses("string")
        .maxTtl("string")
        .name("string")
        .namespace("string")
        .organizationId("string")
        .projectId("string")
        .projectRoles("string")
        .ttl("string")
        .build());
    
    examplesecret_role_resource_resource_from_mongodbatlassecret_role = vault.mongodbatlas.SecretRole("examplesecretRoleResourceResourceFromMongodbatlassecretRole",
        mount="string",
        roles=["string"],
        cidr_blocks=["string"],
        ip_addresses=["string"],
        max_ttl="string",
        name="string",
        namespace="string",
        organization_id="string",
        project_id="string",
        project_roles=["string"],
        ttl="string")
    
    const examplesecretRoleResourceResourceFromMongodbatlassecretRole = new vault.mongodbatlas.SecretRole("examplesecretRoleResourceResourceFromMongodbatlassecretRole", {
        mount: "string",
        roles: ["string"],
        cidrBlocks: ["string"],
        ipAddresses: ["string"],
        maxTtl: "string",
        name: "string",
        namespace: "string",
        organizationId: "string",
        projectId: "string",
        projectRoles: ["string"],
        ttl: "string",
    });
    
    type: vault:mongodbatlas:SecretRole
    properties:
        cidrBlocks:
            - string
        ipAddresses:
            - string
        maxTtl: string
        mount: string
        name: string
        namespace: string
        organizationId: string
        projectId: string
        projectRoles:
            - string
        roles:
            - string
        ttl: string
    

    SecretRole Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The SecretRole resource accepts the following input properties:

    Mount string
    Path where the MongoDB Atlas Secrets Engine is mounted.
    Roles List<string>
    List of roles that the API Key needs to have. Possible values are ORG_OWNER, ORG_MEMBER, ORG_GROUP_CREATOR, ORG_BILLING_ADMIN and ORG_READ_ONLY.
    CidrBlocks List<string>
    Whitelist entry in CIDR notation to be added for the API key.
    IpAddresses List<string>
    IP address to be added to the whitelist for the API key.
    MaxTtl string
    The maximum allowed lifetime of credentials issued using this role.
    Name string
    The name of the role.
    Namespace string
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    OrganizationId string
    Unique identifier for the organization to which the target API Key belongs. Required if project_id is not set.
    ProjectId string
    Unique identifier for the project to which the target API Key belongs. Required if organization_id is not set.
    ProjectRoles List<string>
    Roles assigned when an org API key is assigned to a project API key. Possible values are GROUP_CLUSTER_MANAGER, GROUP_DATA_ACCESS_ADMIN, GROUP_DATA_ACCESS_READ_ONLY, GROUP_DATA_ACCESS_READ_WRITE, GROUP_OWNER and GROUP_READ_ONLY.
    Ttl string
    Duration in seconds after which the issued credential should expire.
    Mount string
    Path where the MongoDB Atlas Secrets Engine is mounted.
    Roles []string
    List of roles that the API Key needs to have. Possible values are ORG_OWNER, ORG_MEMBER, ORG_GROUP_CREATOR, ORG_BILLING_ADMIN and ORG_READ_ONLY.
    CidrBlocks []string
    Whitelist entry in CIDR notation to be added for the API key.
    IpAddresses []string
    IP address to be added to the whitelist for the API key.
    MaxTtl string
    The maximum allowed lifetime of credentials issued using this role.
    Name string
    The name of the role.
    Namespace string
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    OrganizationId string
    Unique identifier for the organization to which the target API Key belongs. Required if project_id is not set.
    ProjectId string
    Unique identifier for the project to which the target API Key belongs. Required if organization_id is not set.
    ProjectRoles []string
    Roles assigned when an org API key is assigned to a project API key. Possible values are GROUP_CLUSTER_MANAGER, GROUP_DATA_ACCESS_ADMIN, GROUP_DATA_ACCESS_READ_ONLY, GROUP_DATA_ACCESS_READ_WRITE, GROUP_OWNER and GROUP_READ_ONLY.
    Ttl string
    Duration in seconds after which the issued credential should expire.
    mount String
    Path where the MongoDB Atlas Secrets Engine is mounted.
    roles List<String>
    List of roles that the API Key needs to have. Possible values are ORG_OWNER, ORG_MEMBER, ORG_GROUP_CREATOR, ORG_BILLING_ADMIN and ORG_READ_ONLY.
    cidrBlocks List<String>
    Whitelist entry in CIDR notation to be added for the API key.
    ipAddresses List<String>
    IP address to be added to the whitelist for the API key.
    maxTtl String
    The maximum allowed lifetime of credentials issued using this role.
    name String
    The name of the role.
    namespace String
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    organizationId String
    Unique identifier for the organization to which the target API Key belongs. Required if project_id is not set.
    projectId String
    Unique identifier for the project to which the target API Key belongs. Required if organization_id is not set.
    projectRoles List<String>
    Roles assigned when an org API key is assigned to a project API key. Possible values are GROUP_CLUSTER_MANAGER, GROUP_DATA_ACCESS_ADMIN, GROUP_DATA_ACCESS_READ_ONLY, GROUP_DATA_ACCESS_READ_WRITE, GROUP_OWNER and GROUP_READ_ONLY.
    ttl String
    Duration in seconds after which the issued credential should expire.
    mount string
    Path where the MongoDB Atlas Secrets Engine is mounted.
    roles string[]
    List of roles that the API Key needs to have. Possible values are ORG_OWNER, ORG_MEMBER, ORG_GROUP_CREATOR, ORG_BILLING_ADMIN and ORG_READ_ONLY.
    cidrBlocks string[]
    Whitelist entry in CIDR notation to be added for the API key.
    ipAddresses string[]
    IP address to be added to the whitelist for the API key.
    maxTtl string
    The maximum allowed lifetime of credentials issued using this role.
    name string
    The name of the role.
    namespace string
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    organizationId string
    Unique identifier for the organization to which the target API Key belongs. Required if project_id is not set.
    projectId string
    Unique identifier for the project to which the target API Key belongs. Required if organization_id is not set.
    projectRoles string[]
    Roles assigned when an org API key is assigned to a project API key. Possible values are GROUP_CLUSTER_MANAGER, GROUP_DATA_ACCESS_ADMIN, GROUP_DATA_ACCESS_READ_ONLY, GROUP_DATA_ACCESS_READ_WRITE, GROUP_OWNER and GROUP_READ_ONLY.
    ttl string
    Duration in seconds after which the issued credential should expire.
    mount str
    Path where the MongoDB Atlas Secrets Engine is mounted.
    roles Sequence[str]
    List of roles that the API Key needs to have. Possible values are ORG_OWNER, ORG_MEMBER, ORG_GROUP_CREATOR, ORG_BILLING_ADMIN and ORG_READ_ONLY.
    cidr_blocks Sequence[str]
    Whitelist entry in CIDR notation to be added for the API key.
    ip_addresses Sequence[str]
    IP address to be added to the whitelist for the API key.
    max_ttl str
    The maximum allowed lifetime of credentials issued using this role.
    name str
    The name of the role.
    namespace str
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    organization_id str
    Unique identifier for the organization to which the target API Key belongs. Required if project_id is not set.
    project_id str
    Unique identifier for the project to which the target API Key belongs. Required if organization_id is not set.
    project_roles Sequence[str]
    Roles assigned when an org API key is assigned to a project API key. Possible values are GROUP_CLUSTER_MANAGER, GROUP_DATA_ACCESS_ADMIN, GROUP_DATA_ACCESS_READ_ONLY, GROUP_DATA_ACCESS_READ_WRITE, GROUP_OWNER and GROUP_READ_ONLY.
    ttl str
    Duration in seconds after which the issued credential should expire.
    mount String
    Path where the MongoDB Atlas Secrets Engine is mounted.
    roles List<String>
    List of roles that the API Key needs to have. Possible values are ORG_OWNER, ORG_MEMBER, ORG_GROUP_CREATOR, ORG_BILLING_ADMIN and ORG_READ_ONLY.
    cidrBlocks List<String>
    Whitelist entry in CIDR notation to be added for the API key.
    ipAddresses List<String>
    IP address to be added to the whitelist for the API key.
    maxTtl String
    The maximum allowed lifetime of credentials issued using this role.
    name String
    The name of the role.
    namespace String
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    organizationId String
    Unique identifier for the organization to which the target API Key belongs. Required if project_id is not set.
    projectId String
    Unique identifier for the project to which the target API Key belongs. Required if organization_id is not set.
    projectRoles List<String>
    Roles assigned when an org API key is assigned to a project API key. Possible values are GROUP_CLUSTER_MANAGER, GROUP_DATA_ACCESS_ADMIN, GROUP_DATA_ACCESS_READ_ONLY, GROUP_DATA_ACCESS_READ_WRITE, GROUP_OWNER and GROUP_READ_ONLY.
    ttl String
    Duration in seconds after which the issued credential should expire.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the SecretRole resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing SecretRole Resource

    Get an existing SecretRole resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: SecretRoleState, opts?: CustomResourceOptions): SecretRole
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            cidr_blocks: Optional[Sequence[str]] = None,
            ip_addresses: Optional[Sequence[str]] = None,
            max_ttl: Optional[str] = None,
            mount: Optional[str] = None,
            name: Optional[str] = None,
            namespace: Optional[str] = None,
            organization_id: Optional[str] = None,
            project_id: Optional[str] = None,
            project_roles: Optional[Sequence[str]] = None,
            roles: Optional[Sequence[str]] = None,
            ttl: Optional[str] = None) -> SecretRole
    func GetSecretRole(ctx *Context, name string, id IDInput, state *SecretRoleState, opts ...ResourceOption) (*SecretRole, error)
    public static SecretRole Get(string name, Input<string> id, SecretRoleState? state, CustomResourceOptions? opts = null)
    public static SecretRole get(String name, Output<String> id, SecretRoleState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    CidrBlocks List<string>
    Whitelist entry in CIDR notation to be added for the API key.
    IpAddresses List<string>
    IP address to be added to the whitelist for the API key.
    MaxTtl string
    The maximum allowed lifetime of credentials issued using this role.
    Mount string
    Path where the MongoDB Atlas Secrets Engine is mounted.
    Name string
    The name of the role.
    Namespace string
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    OrganizationId string
    Unique identifier for the organization to which the target API Key belongs. Required if project_id is not set.
    ProjectId string
    Unique identifier for the project to which the target API Key belongs. Required if organization_id is not set.
    ProjectRoles List<string>
    Roles assigned when an org API key is assigned to a project API key. Possible values are GROUP_CLUSTER_MANAGER, GROUP_DATA_ACCESS_ADMIN, GROUP_DATA_ACCESS_READ_ONLY, GROUP_DATA_ACCESS_READ_WRITE, GROUP_OWNER and GROUP_READ_ONLY.
    Roles List<string>
    List of roles that the API Key needs to have. Possible values are ORG_OWNER, ORG_MEMBER, ORG_GROUP_CREATOR, ORG_BILLING_ADMIN and ORG_READ_ONLY.
    Ttl string
    Duration in seconds after which the issued credential should expire.
    CidrBlocks []string
    Whitelist entry in CIDR notation to be added for the API key.
    IpAddresses []string
    IP address to be added to the whitelist for the API key.
    MaxTtl string
    The maximum allowed lifetime of credentials issued using this role.
    Mount string
    Path where the MongoDB Atlas Secrets Engine is mounted.
    Name string
    The name of the role.
    Namespace string
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    OrganizationId string
    Unique identifier for the organization to which the target API Key belongs. Required if project_id is not set.
    ProjectId string
    Unique identifier for the project to which the target API Key belongs. Required if organization_id is not set.
    ProjectRoles []string
    Roles assigned when an org API key is assigned to a project API key. Possible values are GROUP_CLUSTER_MANAGER, GROUP_DATA_ACCESS_ADMIN, GROUP_DATA_ACCESS_READ_ONLY, GROUP_DATA_ACCESS_READ_WRITE, GROUP_OWNER and GROUP_READ_ONLY.
    Roles []string
    List of roles that the API Key needs to have. Possible values are ORG_OWNER, ORG_MEMBER, ORG_GROUP_CREATOR, ORG_BILLING_ADMIN and ORG_READ_ONLY.
    Ttl string
    Duration in seconds after which the issued credential should expire.
    cidrBlocks List<String>
    Whitelist entry in CIDR notation to be added for the API key.
    ipAddresses List<String>
    IP address to be added to the whitelist for the API key.
    maxTtl String
    The maximum allowed lifetime of credentials issued using this role.
    mount String
    Path where the MongoDB Atlas Secrets Engine is mounted.
    name String
    The name of the role.
    namespace String
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    organizationId String
    Unique identifier for the organization to which the target API Key belongs. Required if project_id is not set.
    projectId String
    Unique identifier for the project to which the target API Key belongs. Required if organization_id is not set.
    projectRoles List<String>
    Roles assigned when an org API key is assigned to a project API key. Possible values are GROUP_CLUSTER_MANAGER, GROUP_DATA_ACCESS_ADMIN, GROUP_DATA_ACCESS_READ_ONLY, GROUP_DATA_ACCESS_READ_WRITE, GROUP_OWNER and GROUP_READ_ONLY.
    roles List<String>
    List of roles that the API Key needs to have. Possible values are ORG_OWNER, ORG_MEMBER, ORG_GROUP_CREATOR, ORG_BILLING_ADMIN and ORG_READ_ONLY.
    ttl String
    Duration in seconds after which the issued credential should expire.
    cidrBlocks string[]
    Whitelist entry in CIDR notation to be added for the API key.
    ipAddresses string[]
    IP address to be added to the whitelist for the API key.
    maxTtl string
    The maximum allowed lifetime of credentials issued using this role.
    mount string
    Path where the MongoDB Atlas Secrets Engine is mounted.
    name string
    The name of the role.
    namespace string
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    organizationId string
    Unique identifier for the organization to which the target API Key belongs. Required if project_id is not set.
    projectId string
    Unique identifier for the project to which the target API Key belongs. Required if organization_id is not set.
    projectRoles string[]
    Roles assigned when an org API key is assigned to a project API key. Possible values are GROUP_CLUSTER_MANAGER, GROUP_DATA_ACCESS_ADMIN, GROUP_DATA_ACCESS_READ_ONLY, GROUP_DATA_ACCESS_READ_WRITE, GROUP_OWNER and GROUP_READ_ONLY.
    roles string[]
    List of roles that the API Key needs to have. Possible values are ORG_OWNER, ORG_MEMBER, ORG_GROUP_CREATOR, ORG_BILLING_ADMIN and ORG_READ_ONLY.
    ttl string
    Duration in seconds after which the issued credential should expire.
    cidr_blocks Sequence[str]
    Whitelist entry in CIDR notation to be added for the API key.
    ip_addresses Sequence[str]
    IP address to be added to the whitelist for the API key.
    max_ttl str
    The maximum allowed lifetime of credentials issued using this role.
    mount str
    Path where the MongoDB Atlas Secrets Engine is mounted.
    name str
    The name of the role.
    namespace str
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    organization_id str
    Unique identifier for the organization to which the target API Key belongs. Required if project_id is not set.
    project_id str
    Unique identifier for the project to which the target API Key belongs. Required if organization_id is not set.
    project_roles Sequence[str]
    Roles assigned when an org API key is assigned to a project API key. Possible values are GROUP_CLUSTER_MANAGER, GROUP_DATA_ACCESS_ADMIN, GROUP_DATA_ACCESS_READ_ONLY, GROUP_DATA_ACCESS_READ_WRITE, GROUP_OWNER and GROUP_READ_ONLY.
    roles Sequence[str]
    List of roles that the API Key needs to have. Possible values are ORG_OWNER, ORG_MEMBER, ORG_GROUP_CREATOR, ORG_BILLING_ADMIN and ORG_READ_ONLY.
    ttl str
    Duration in seconds after which the issued credential should expire.
    cidrBlocks List<String>
    Whitelist entry in CIDR notation to be added for the API key.
    ipAddresses List<String>
    IP address to be added to the whitelist for the API key.
    maxTtl String
    The maximum allowed lifetime of credentials issued using this role.
    mount String
    Path where the MongoDB Atlas Secrets Engine is mounted.
    name String
    The name of the role.
    namespace String
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    organizationId String
    Unique identifier for the organization to which the target API Key belongs. Required if project_id is not set.
    projectId String
    Unique identifier for the project to which the target API Key belongs. Required if organization_id is not set.
    projectRoles List<String>
    Roles assigned when an org API key is assigned to a project API key. Possible values are GROUP_CLUSTER_MANAGER, GROUP_DATA_ACCESS_ADMIN, GROUP_DATA_ACCESS_READ_ONLY, GROUP_DATA_ACCESS_READ_WRITE, GROUP_OWNER and GROUP_READ_ONLY.
    roles List<String>
    List of roles that the API Key needs to have. Possible values are ORG_OWNER, ORG_MEMBER, ORG_GROUP_CREATOR, ORG_BILLING_ADMIN and ORG_READ_ONLY.
    ttl String
    Duration in seconds after which the issued credential should expire.

    Import

    The MongoDB Atlas secret role can be imported using the full path to the role of the form: <mount_path>/roles/<role_name> e.g.

    $ pulumi import vault:mongodbatlas/secretRole:SecretRole example mongodbatlas/roles/example-role
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    Vault pulumi/pulumi-vault
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the vault Terraform Provider.
    vault logo
    HashiCorp Vault v6.4.0 published on Wednesday, Nov 20, 2024 by Pulumi