mirror of
https://github.com/hashicorp/vault.git
synced 2025-08-25 00:21:07 +02:00
5905f43e1f
* removes dist from api-client gitignore * ignores api-client/dist directory for eslint and prettier * builds api client
199 lines
7.7 KiB
TypeScript
199 lines
7.7 KiB
TypeScript
/**
|
|
* HashiCorp Vault API
|
|
* HTTP API that gives you full access to Vault. All API routes are prefixed with `/v1/`.
|
|
*
|
|
* The version of the OpenAPI document: 1.20.0
|
|
*
|
|
*
|
|
* NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).
|
|
* https://openapi-generator.tech
|
|
* Do not edit the class manually.
|
|
*/
|
|
/**
|
|
*
|
|
* @export
|
|
* @interface GoogleCloudWriteRoleRequest
|
|
*/
|
|
export interface GoogleCloudWriteRoleRequest {
|
|
/**
|
|
* If true, will add group aliases to auth tokens generated under this role. This will add the full list of ancestors (projects, folders, organizations) for the given entity's project. Requires IAM permission `resourcemanager.projects.get` on this project.
|
|
* @type {boolean}
|
|
* @memberof GoogleCloudWriteRoleRequest
|
|
*/
|
|
addGroupAliases?: boolean;
|
|
/**
|
|
* 'iam' roles only. If false, Vault will not not allow GCE instances to login in against this role
|
|
* @type {boolean}
|
|
* @memberof GoogleCloudWriteRoleRequest
|
|
*/
|
|
allowGceInference?: boolean;
|
|
/**
|
|
* Deprecated: use "bound_instance_groups" instead.
|
|
* @type {string}
|
|
* @memberof GoogleCloudWriteRoleRequest
|
|
*/
|
|
boundInstanceGroup?: string;
|
|
/**
|
|
* Comma-separated list of permitted instance groups to which the GCE instance must belong. This option only applies to "gce" roles.
|
|
* @type {Array<string>}
|
|
* @memberof GoogleCloudWriteRoleRequest
|
|
*/
|
|
boundInstanceGroups?: Array<string>;
|
|
/**
|
|
* Comma-separated list of GCP labels formatted as"key:value" strings that must be present on the GCE instance in order to authenticate. This option only applies to "gce" roles.
|
|
* @type {Array<string>}
|
|
* @memberof GoogleCloudWriteRoleRequest
|
|
*/
|
|
boundLabels?: Array<string>;
|
|
/**
|
|
* GCP Projects that authenticating entities must belong to.
|
|
* @type {Array<string>}
|
|
* @memberof GoogleCloudWriteRoleRequest
|
|
*/
|
|
boundProjects?: Array<string>;
|
|
/**
|
|
* Deprecated: use "bound_regions" instead.
|
|
* @type {string}
|
|
* @memberof GoogleCloudWriteRoleRequest
|
|
*/
|
|
boundRegion?: string;
|
|
/**
|
|
* Comma-separated list of permitted regions to which the GCE instance must belong. If a group is provided, it is assumed to be a regional group. If "zone" is provided, this option is ignored. This can be a self-link or region name. This option only applies to "gce" roles.
|
|
* @type {Array<string>}
|
|
* @memberof GoogleCloudWriteRoleRequest
|
|
*/
|
|
boundRegions?: Array<string>;
|
|
/**
|
|
* Can be set for both 'iam' and 'gce' roles (required for 'iam'). A comma-seperated list of authorized service accounts. If the single value "*" is given, this is assumed to be all service accounts under the role's project. If this is set on a GCE role, the inferred service account from the instance metadata token will be used.
|
|
* @type {Array<string>}
|
|
* @memberof GoogleCloudWriteRoleRequest
|
|
*/
|
|
boundServiceAccounts?: Array<string>;
|
|
/**
|
|
* Deprecated: use "bound_zones" instead.
|
|
* @type {string}
|
|
* @memberof GoogleCloudWriteRoleRequest
|
|
*/
|
|
boundZone?: string;
|
|
/**
|
|
* Comma-separated list of permitted zones to which the GCE instance must belong. If a group is provided, it is assumed to be a zonal group. This can be a self-link or zone name. This option only applies to "gce" roles.
|
|
* @type {Array<string>}
|
|
* @memberof GoogleCloudWriteRoleRequest
|
|
*/
|
|
boundZones?: Array<string>;
|
|
/**
|
|
* Currently enabled for 'iam' only. Duration in seconds from time of validation that a JWT must expire within.
|
|
* @type {string}
|
|
* @memberof GoogleCloudWriteRoleRequest
|
|
*/
|
|
maxJwtExp?: string;
|
|
/**
|
|
* Use "token_max_ttl" instead. If this and "token_max_ttl" are both specified, only "token_max_ttl" will be used.
|
|
* @type {string}
|
|
* @memberof GoogleCloudWriteRoleRequest
|
|
* @deprecated
|
|
*/
|
|
maxTtl?: string;
|
|
/**
|
|
* Use "token_period" instead. If this and "token_period" are both specified, only "token_period" will be used.
|
|
* @type {string}
|
|
* @memberof GoogleCloudWriteRoleRequest
|
|
* @deprecated
|
|
*/
|
|
period?: string;
|
|
/**
|
|
* Use "token_policies" instead. If this and "token_policies" are both specified, only "token_policies" will be used.
|
|
* @type {Array<string>}
|
|
* @memberof GoogleCloudWriteRoleRequest
|
|
* @deprecated
|
|
*/
|
|
policies?: Array<string>;
|
|
/**
|
|
* Deprecated: use "bound_projects" instead
|
|
* @type {string}
|
|
* @memberof GoogleCloudWriteRoleRequest
|
|
*/
|
|
projectId?: string;
|
|
/**
|
|
* Deprecated: use "bound_service_accounts" instead.
|
|
* @type {Array<string>}
|
|
* @memberof GoogleCloudWriteRoleRequest
|
|
*/
|
|
serviceAccounts?: Array<string>;
|
|
/**
|
|
* Comma separated string or JSON list of CIDR blocks. If set, specifies the blocks of IP addresses which are allowed to use the generated token.
|
|
* @type {Array<string>}
|
|
* @memberof GoogleCloudWriteRoleRequest
|
|
*/
|
|
tokenBoundCidrs?: Array<string>;
|
|
/**
|
|
* If set, tokens created via this role carry an explicit maximum TTL. During renewal, the current maximum TTL values of the role and the mount are not checked for changes, and any updates to these values will have no effect on the token being renewed.
|
|
* @type {string}
|
|
* @memberof GoogleCloudWriteRoleRequest
|
|
*/
|
|
tokenExplicitMaxTtl?: string;
|
|
/**
|
|
* The maximum lifetime of the generated token
|
|
* @type {string}
|
|
* @memberof GoogleCloudWriteRoleRequest
|
|
*/
|
|
tokenMaxTtl?: string;
|
|
/**
|
|
* If true, the 'default' policy will not automatically be added to generated tokens
|
|
* @type {boolean}
|
|
* @memberof GoogleCloudWriteRoleRequest
|
|
*/
|
|
tokenNoDefaultPolicy?: boolean;
|
|
/**
|
|
* The maximum number of times a token may be used, a value of zero means unlimited
|
|
* @type {number}
|
|
* @memberof GoogleCloudWriteRoleRequest
|
|
*/
|
|
tokenNumUses?: number;
|
|
/**
|
|
* If set, tokens created via this role will have no max lifetime; instead, their renewal period will be fixed to this value. This takes an integer number of seconds, or a string duration (e.g. "24h").
|
|
* @type {string}
|
|
* @memberof GoogleCloudWriteRoleRequest
|
|
*/
|
|
tokenPeriod?: string;
|
|
/**
|
|
* Comma-separated list of policies
|
|
* @type {Array<string>}
|
|
* @memberof GoogleCloudWriteRoleRequest
|
|
*/
|
|
tokenPolicies?: Array<string>;
|
|
/**
|
|
* The initial ttl of the token to generate
|
|
* @type {string}
|
|
* @memberof GoogleCloudWriteRoleRequest
|
|
*/
|
|
tokenTtl?: string;
|
|
/**
|
|
* The type of token to generate, service or batch
|
|
* @type {string}
|
|
* @memberof GoogleCloudWriteRoleRequest
|
|
*/
|
|
tokenType?: string;
|
|
/**
|
|
* Use "token_ttl" instead. If this and "token_ttl" are both specified, only "token_ttl" will be used.
|
|
* @type {string}
|
|
* @memberof GoogleCloudWriteRoleRequest
|
|
* @deprecated
|
|
*/
|
|
ttl?: string;
|
|
/**
|
|
* Type of the role. Currently supported: iam, gce
|
|
* @type {string}
|
|
* @memberof GoogleCloudWriteRoleRequest
|
|
*/
|
|
type?: string;
|
|
}
|
|
/**
|
|
* Check if a given object implements the GoogleCloudWriteRoleRequest interface.
|
|
*/
|
|
export declare function instanceOfGoogleCloudWriteRoleRequest(value: object): value is GoogleCloudWriteRoleRequest;
|
|
export declare function GoogleCloudWriteRoleRequestFromJSON(json: any): GoogleCloudWriteRoleRequest;
|
|
export declare function GoogleCloudWriteRoleRequestFromJSONTyped(json: any, ignoreDiscriminator: boolean): GoogleCloudWriteRoleRequest;
|
|
export declare function GoogleCloudWriteRoleRequestToJSON(json: any): GoogleCloudWriteRoleRequest;
|
|
export declare function GoogleCloudWriteRoleRequestToJSONTyped(value?: GoogleCloudWriteRoleRequest | null, ignoreDiscriminator?: boolean): any;
|