From ada92496387ce8b9752357afd2172a1cc239c5ca Mon Sep 17 00:00:00 2001 From: Yong Wen Chua Date: Thu, 31 Oct 2019 04:41:14 +0800 Subject: [PATCH] Add information about Vault 1.2 for `token_*` fields (#565) --- ...ata_source_kubernetes_auth_backend_role.go | 12 +++++------ vault/resource_approle_auth_backend_role.go | 4 ++-- vault/resource_aws_auth_backend_role.go | 8 ++++---- vault/resource_azure_auth_backend_role.go | 8 ++++---- vault/resource_cert_auth_backend_role.go | 10 +++++----- vault/resource_gcp_auth_backend_role.go | 8 ++++---- vault/resource_github_auth_backend.go | 4 ++-- vault/resource_jwt_auth_backend_role.go | 12 +++++------ .../resource_kubernetes_auth_backend_role.go | 12 +++++------ vault/resource_token_auth_backend_role.go | 6 +++--- .../docs/d/kubernetes_auth_backend_role.md | 17 ++++++++++------ .../docs/r/approle_auth_backend_role.html.md | 12 +++++++---- website/docs/r/aws_auth_backend_role.html.md | 16 +++++++++------ .../docs/r/azure_auth_backend_role.html.md | 16 +++++++++------ website/docs/r/cert_auth_backend_role.html.md | 18 ++++++++++------- website/docs/r/gcp_auth_backend_role.html.md | 16 +++++++++------ website/docs/r/github_auth_backend.html.md | 9 +++++++-- website/docs/r/jwt_auth_backend_role.html.md | 20 +++++++++++-------- .../r/kubernetes_auth_backend_role.html.md | 20 +++++++++++-------- website/docs/r/ldap_auth_backend.html.md | 5 +++++ .../docs/r/token_auth_backend_role.html.md | 11 ++++++---- 21 files changed, 145 insertions(+), 99 deletions(-) diff --git a/vault/data_source_kubernetes_auth_backend_role.go b/vault/data_source_kubernetes_auth_backend_role.go index ad67b1a62..eefec7a7a 100644 --- a/vault/data_source_kubernetes_auth_backend_role.go +++ b/vault/data_source_kubernetes_auth_backend_role.go @@ -49,31 +49,31 @@ func kubernetesAuthBackendRoleDataSource() *schema.Resource { Type: schema.TypeString, }, Description: "Policies to be set on tokens issued using this role.", - Deprecated: "use `token_policies` instead", + Deprecated: "use `token_policies` instead if you are running Vault >= 1.2", }, "ttl": { Type: schema.TypeInt, Optional: true, Description: "Default number of seconds to set as the TTL for issued tokens and at renewal time.", - Deprecated: "use `token_ttl` instead", + Deprecated: "use `token_ttl` instead if you are running Vault >= 1.2", }, "max_ttl": { Type: schema.TypeInt, Optional: true, Description: "Number of seconds after which issued tokens can no longer be renewed.", - Deprecated: "use `token_max_ttl` instead", + Deprecated: "use `token_max_ttl` instead if you are running Vault >= 1.2", }, "period": { Type: schema.TypeInt, Optional: true, Description: "Number of seconds to set the TTL to for issued tokens upon renewal. Makes the token a periodic token, which will never expire as long as it is renewed before the TTL each period.", - Deprecated: "use `token_period` instead", + Deprecated: "use `token_period` instead if you are running Vault >= 1.2", }, "num_uses": { Type: schema.TypeInt, Optional: true, Description: "Number of times issued tokens can be used. Setting this to 0 or leaving it unset means unlimited uses.", - Deprecated: "use `token_num_uses` instead", + Deprecated: "use `token_num_uses` instead if you are running Vault >= 1.2", }, "bound_cidrs": { Type: schema.TypeSet, @@ -82,7 +82,7 @@ func kubernetesAuthBackendRoleDataSource() *schema.Resource { Elem: &schema.Schema{ Type: schema.TypeString, }, - Deprecated: "use `token_bound_cidrs` instead", + Deprecated: "use `token_bound_cidrs` instead if you are running Vault >= 1.2", }, } diff --git a/vault/resource_approle_auth_backend_role.go b/vault/resource_approle_auth_backend_role.go index 7e43c389f..78d56cfe5 100644 --- a/vault/resource_approle_auth_backend_role.go +++ b/vault/resource_approle_auth_backend_role.go @@ -85,14 +85,14 @@ func approleAuthBackendRoleResource() *schema.Resource { Type: schema.TypeString, }, Description: "Policies to be set on tokens issued using this AppRole.", - Deprecated: "use `token_policies` instead", + Deprecated: "use `token_policies` instead if you are running Vault >= 1.2", ConflictsWith: []string{"token_policies"}, }, "period": { Type: schema.TypeInt, Optional: true, Description: "Number of seconds to set the TTL to for issued tokens upon renewal. Makes the token a periodic token, which will never expire as long as it is renewed before the TTL each period.", - Deprecated: "use `token_period` instead", + Deprecated: "use `token_period` instead if you are running Vault >= 1.2", ConflictsWith: []string{"token_period"}, }, } diff --git a/vault/resource_aws_auth_backend_role.go b/vault/resource_aws_auth_backend_role.go index d2dc8f422..c9b6ef76b 100644 --- a/vault/resource_aws_auth_backend_role.go +++ b/vault/resource_aws_auth_backend_role.go @@ -210,21 +210,21 @@ func awsAuthBackendRoleResource() *schema.Resource { Type: schema.TypeInt, Optional: true, Description: "The TTL period of tokens issued using this role, provided as the number of seconds.", - Deprecated: "use `token_ttl` instead", + Deprecated: "use `token_ttl` instead if you are running Vault >= 1.2", ConflictsWith: []string{"token_ttl"}, }, "max_ttl": { Type: schema.TypeInt, Optional: true, Description: "The maximum allowed lifetime of tokens issued using this role, provided as the number of seconds.", - Deprecated: "use `token_max_ttl` instead", + Deprecated: "use `token_max_ttl` instead if you are running Vault >= 1.2", ConflictsWith: []string{"token_max_ttl"}, }, "period": { Type: schema.TypeInt, Optional: true, Description: "If set, indicates that the token generated using this role should never expire. The token should be renewed within the duration specified by this value. At each renewal, the token's TTL will be set to the value of this field. The maximum allowed lifetime of token issued using this role. Specified as a number of seconds.", - Deprecated: "use `token_period` instead", + Deprecated: "use `token_period` instead if you are running Vault >= 1.2", ConflictsWith: []string{"token_period"}, }, "policies": { @@ -234,7 +234,7 @@ func awsAuthBackendRoleResource() *schema.Resource { Type: schema.TypeString, }, Description: "Policies to be set on tokens issued using this role.", - Deprecated: "use `token_policies` instead", + Deprecated: "use `token_policies` instead if you are running Vault >= 1.2", ConflictsWith: []string{"token_policies"}, }, } diff --git a/vault/resource_azure_auth_backend_role.go b/vault/resource_azure_auth_backend_role.go index 029bc0f7a..5f8c7e786 100644 --- a/vault/resource_azure_auth_backend_role.go +++ b/vault/resource_azure_auth_backend_role.go @@ -88,21 +88,21 @@ func azureAuthBackendRoleResource() *schema.Resource { Type: schema.TypeInt, Optional: true, Description: "The TTL period of tokens issued using this role, provided as the number of seconds.", - Deprecated: "use `token_ttl` instead", + Deprecated: "use `token_ttl` instead if you are running Vault >= 1.2", ConflictsWith: []string{"token_ttl"}, }, "max_ttl": { Type: schema.TypeInt, Optional: true, Description: "The maximum allowed lifetime of tokens issued using this role, provided as the number of seconds.", - Deprecated: "use `token_max_ttl` instead", + Deprecated: "use `token_max_ttl` instead if you are running Vault >= 1.2", ConflictsWith: []string{"token_max_ttl"}, }, "period": { Type: schema.TypeInt, Optional: true, Description: "If set, indicates that the token generated using this role should never expire. The token should be renewed within the duration specified by this value. At each renewal, the token's TTL will be set to the value of this field. The maximum allowed lifetime of token issued using this role. Specified as a number of seconds.", - Deprecated: "use `token_period` instead", + Deprecated: "use `token_period` instead if you are running Vault >= 1.2", ConflictsWith: []string{"token_period"}, }, "policies": { @@ -112,7 +112,7 @@ func azureAuthBackendRoleResource() *schema.Resource { Type: schema.TypeString, }, Description: "Policies to be set on tokens issued using this role.", - Deprecated: "use `token_policies` instead", + Deprecated: "use `token_policies` instead if you are running Vault >= 1.2", ConflictsWith: []string{"token_policies"}, }, } diff --git a/vault/resource_cert_auth_backend_role.go b/vault/resource_cert_auth_backend_role.go index 4b2d017f7..95eb28d1e 100644 --- a/vault/resource_cert_auth_backend_role.go +++ b/vault/resource_cert_auth_backend_role.go @@ -101,28 +101,28 @@ func certAuthBackendRoleResource() *schema.Resource { }, Optional: true, Computed: true, - Deprecated: "use `token_bound_cidrs` instead", + Deprecated: "use `token_bound_cidrs` instead if you are running Vault >= 1.2", ConflictsWith: []string{"token_bound_cidrs"}, }, "ttl": { Type: schema.TypeString, Optional: true, Computed: true, - Deprecated: "use `token_ttl` instead", + Deprecated: "use `token_ttl` instead if you are running Vault >= 1.2", ConflictsWith: []string{"token_ttl"}, }, "max_ttl": { Type: schema.TypeString, Optional: true, Computed: true, - Deprecated: "use `token_max_ttl` instead", + Deprecated: "use `token_max_ttl` instead if you are running Vault >= 1.2", ConflictsWith: []string{"token_max_ttl"}, }, "period": { Type: schema.TypeString, Optional: true, Computed: true, - Deprecated: "use `token_period` instead", + Deprecated: "use `token_period` instead if you are running Vault >= 1.2", ConflictsWith: []string{"token_period"}, }, "policies": { @@ -132,7 +132,7 @@ func certAuthBackendRoleResource() *schema.Resource { }, Optional: true, Computed: true, - Deprecated: "use `token_policies` instead", + Deprecated: "use `token_policies` instead if you are running Vault >= 1.2", ConflictsWith: []string{"token_policies"}, }, } diff --git a/vault/resource_gcp_auth_backend_role.go b/vault/resource_gcp_auth_backend_role.go index ed46beaf1..7fc96e7ab 100644 --- a/vault/resource_gcp_auth_backend_role.go +++ b/vault/resource_gcp_auth_backend_role.go @@ -107,20 +107,20 @@ func gcpAuthBackendRoleResource() *schema.Resource { Optional: true, Computed: true, ConflictsWith: []string{"token_ttl"}, - Deprecated: "use `token_ttl` instead", + Deprecated: "use `token_ttl` instead if you are running Vault >= 1.2", }, "max_ttl": { Type: schema.TypeString, Optional: true, Computed: true, - Deprecated: "use `token_max_ttl` instead", + Deprecated: "use `token_max_ttl` instead if you are running Vault >= 1.2", ConflictsWith: []string{"token_max_ttl"}, }, "period": { Type: schema.TypeString, Optional: true, Computed: true, - Deprecated: "use `token_period` instead", + Deprecated: "use `token_period` instead if you are running Vault >= 1.2", ConflictsWith: []string{"token_period"}, }, "policies": { @@ -130,7 +130,7 @@ func gcpAuthBackendRoleResource() *schema.Resource { }, Optional: true, Computed: true, - Deprecated: "use `token_policies` instead", + Deprecated: "use `token_policies` instead if you are running Vault >= 1.2", ConflictsWith: []string{"token_policies"}, }, } diff --git a/vault/resource_github_auth_backend.go b/vault/resource_github_auth_backend.go index 93d10298f..6f7397db5 100644 --- a/vault/resource_github_auth_backend.go +++ b/vault/resource_github_auth_backend.go @@ -42,7 +42,7 @@ func githubAuthBackendResource() *schema.Resource { Optional: true, Description: "Duration after which authentication will be expired, in seconds.", ValidateFunc: validateDuration, - Deprecated: "use `token_ttl` instead", + Deprecated: "use `token_ttl` instead if you are running Vault >= 1.2", ConflictsWith: []string{"token_ttl"}, }, "max_ttl": { @@ -50,7 +50,7 @@ func githubAuthBackendResource() *schema.Resource { Optional: true, Description: "Maximum duration after which authentication will be expired, in seconds.", ValidateFunc: validateDuration, - Deprecated: "use `token_max_ttl` instead", + Deprecated: "use `token_max_ttl` instead if you are running Vault >= 1.2", ConflictsWith: []string{"token_max_ttl"}, }, "accessor": { diff --git a/vault/resource_jwt_auth_backend_role.go b/vault/resource_jwt_auth_backend_role.go index c457c448d..73b66ad6b 100644 --- a/vault/resource_jwt_auth_backend_role.go +++ b/vault/resource_jwt_auth_backend_role.go @@ -130,7 +130,7 @@ func jwtAuthBackendRoleResource() *schema.Resource { Type: schema.TypeString, }, Description: "Policies to be set on tokens issued using this role.", - Deprecated: "use `token_policies` instead", + Deprecated: "use `token_policies` instead if you are running Vault >= 1.2", ConflictsWith: []string{"token_policies"}, }, "ttl": { @@ -138,13 +138,13 @@ func jwtAuthBackendRoleResource() *schema.Resource { Optional: true, Description: "Default number of seconds to set as the TTL for issued tokens and at renewal time.", ConflictsWith: []string{"period", "token_ttl", "token_period"}, - Deprecated: "use `token_ttl` instead", + Deprecated: "use `token_ttl` instead if you are running Vault >= 1.2", }, "max_ttl": { Type: schema.TypeInt, Optional: true, Description: "Number of seconds after which issued tokens can no longer be renewed.", - Deprecated: "use `token_max_ttl` instead", + Deprecated: "use `token_max_ttl` instead if you are running Vault >= 1.2", ConflictsWith: []string{"token_max_ttl"}, }, "period": { @@ -152,13 +152,13 @@ func jwtAuthBackendRoleResource() *schema.Resource { Optional: true, Description: "Number of seconds to set the TTL to for issued tokens upon renewal. Makes the token a periodic token, which will never expire as long as it is renewed before the TTL each period.", ConflictsWith: []string{"ttl", "token_period", "token_ttl"}, - Deprecated: "use `token_period` instead", + Deprecated: "use `token_period` instead if you are running Vault >= 1.2", }, "num_uses": { Type: schema.TypeInt, Optional: true, Description: "Number of times issued tokens can be used. Setting this to 0 or leaving it unset means unlimited uses.", - Deprecated: "use `token_num_uses` instead", + Deprecated: "use `token_num_uses` instead if you are running Vault >= 1.2", ConflictsWith: []string{"token_num_uses"}, }, "bound_cidrs": { @@ -168,7 +168,7 @@ func jwtAuthBackendRoleResource() *schema.Resource { Elem: &schema.Schema{ Type: schema.TypeString, }, - Deprecated: "use `token_bound_cidrs` instead", + Deprecated: "use `token_bound_cidrs` instead if you are running Vault >= 1.2", ConflictsWith: []string{"token_bound_cidrs"}, }, } diff --git a/vault/resource_kubernetes_auth_backend_role.go b/vault/resource_kubernetes_auth_backend_role.go index d342fcc1c..072d14268 100644 --- a/vault/resource_kubernetes_auth_backend_role.go +++ b/vault/resource_kubernetes_auth_backend_role.go @@ -56,7 +56,7 @@ func kubernetesAuthBackendRoleResource() *schema.Resource { Type: schema.TypeString, }, Description: "Policies to be set on tokens issued using this role.", - Deprecated: "use `token_policies` instead", + Deprecated: "use `token_policies` instead if you are running Vault >= 1.2", ConflictsWith: []string{"token_policies"}, }, "ttl": { @@ -64,13 +64,13 @@ func kubernetesAuthBackendRoleResource() *schema.Resource { Optional: true, Description: "Default number of seconds to set as the TTL for issued tokens and at renewal time.", ConflictsWith: []string{"token_ttl"}, - Deprecated: "use `token_ttl` instead", + Deprecated: "use `token_ttl` instead if you are running Vault >= 1.2", }, "max_ttl": { Type: schema.TypeInt, Optional: true, Description: "Number of seconds after which issued tokens can no longer be renewed.", - Deprecated: "use `token_max_ttl` instead", + Deprecated: "use `token_max_ttl` instead if you are running Vault >= 1.2", ConflictsWith: []string{"token_max_ttl"}, }, "period": { @@ -78,13 +78,13 @@ func kubernetesAuthBackendRoleResource() *schema.Resource { Optional: true, Description: "Number of seconds to set the TTL to for issued tokens upon renewal. Makes the token a periodic token, which will never expire as long as it is renewed before the TTL each period.", ConflictsWith: []string{"token_period"}, - Deprecated: "use `token_period` instead", + Deprecated: "use `token_period` instead if you are running Vault >= 1.2", }, "num_uses": { Type: schema.TypeInt, Optional: true, Description: "Number of times issued tokens can be used. Setting this to 0 or leaving it unset means unlimited uses.", - Deprecated: "use `token_num_uses` instead", + Deprecated: "use `token_num_uses` instead if you are running Vault >= 1.2", ConflictsWith: []string{"token_num_uses"}, }, "bound_cidrs": { @@ -94,7 +94,7 @@ func kubernetesAuthBackendRoleResource() *schema.Resource { Elem: &schema.Schema{ Type: schema.TypeString, }, - Deprecated: "use `token_bound_cidrs` instead", + Deprecated: "use `token_bound_cidrs` instead if you are running Vault >= 1.2", ConflictsWith: []string{"token_bound_cidrs"}, }, } diff --git a/vault/resource_token_auth_backend_role.go b/vault/resource_token_auth_backend_role.go index b0335e8ad..d4e2ae6e2 100644 --- a/vault/resource_token_auth_backend_role.go +++ b/vault/resource_token_auth_backend_role.go @@ -81,13 +81,13 @@ func tokenAuthBackendRoleResource() *schema.Resource { Optional: true, Description: "Number of seconds to set the TTL to for issued tokens upon renewal. Makes the token a periodic token, which will never expire as long as it is renewed before the TTL each period.", ConflictsWith: []string{"token_period", "token_ttl"}, - Deprecated: "use `token_period` instead", + Deprecated: "use `token_period` instead if you are running Vault >= 1.2", }, "explicit_max_ttl": { Type: schema.TypeString, Optional: true, Description: "Number of seconds after which issued tokens can no longer be renewed.", - Deprecated: "use `token_explicit_max_ttl` instead", + Deprecated: "use `token_explicit_max_ttl` instead if you are running Vault >= 1.2", ConflictsWith: []string{"token_explicit_max_ttl"}, }, "bound_cidrs": { @@ -97,7 +97,7 @@ func tokenAuthBackendRoleResource() *schema.Resource { Elem: &schema.Schema{ Type: schema.TypeString, }, - Deprecated: "use `token_bound_cidrs` instead", + Deprecated: "use `token_bound_cidrs` instead if you are running Vault >= 1.2", ConflictsWith: []string{"token_bound_cidrs"}, }, } diff --git a/website/docs/d/kubernetes_auth_backend_role.md b/website/docs/d/kubernetes_auth_backend_role.md index 8c4d83ab5..c858fe6db 100644 --- a/website/docs/d/kubernetes_auth_backend_role.md +++ b/website/docs/d/kubernetes_auth_backend_role.md @@ -38,28 +38,28 @@ The following arguments are supported: In addition to the above arguments, the following attributes are exported: -* `bound_cirs` (Deprecated; use `token_bound_cidrs` instead) - List of CIDR blocks. If set, +* `bound_cirs` (Deprecated; use `token_bound_cidrs` instead if you are running Vault >= 1.2) - List of CIDR blocks. If set, specifies the blocks of IP addresses which can perform the login operation. * `bound_service_account_names` - List of service account names able to access this role. If set to "*" all names are allowed, both this and bound_service_account_namespaces can not be "*". * `bound_service_account_namespaces` - List of namespaces allowed to access this role. If set to "*" all namespaces are allowed, both this and bound_service_account_names can not be set to "*". -* `ttl` (Deprecated; use `token_ttl` instead) - The TTL period of tokens issued using this +* `ttl` (Deprecated; use `token_ttl` instead if you are running Vault >= 1.2) - The TTL period of tokens issued using this role in seconds. -* `max_ttl` (Deprecated; use `token_max_ttl` instead) - The maximum allowed lifetime of +* `max_ttl` (Deprecated; use `token_max_ttl` instead if you are running Vault >= 1.2) - The maximum allowed lifetime of tokens issued in seconds using this role. -* `num_uses` (Deprecated' use `token_num_uses` instead) - Number of times issued tokens can +* `num_uses` (Deprecated; use `token_num_uses` instead if you are running Vault >= 1.2) - Number of times issued tokens can be used. Setting this to 0 or leaving it unset means unlimited uses. -* `period` (Deprecated; use `token_period` instead) - If set, indicates that the token +* `period` (Deprecated; use `token_period` instead if you are running Vault >= 1.2) - If set, indicates that the token generated using this role should never expire. The token should be renewed within the duration specified by this value. At each renewal, the token's TTL will be set to the value of this parameter. -* `policies` (Deprecated; use `token_policies` instead) - Policies to be set on tokens issued +* `policies` (Deprecated; use `token_policies` instead if you are running Vault >= 1.2) - Policies to be set on tokens issued using this role. ### Common Token Attributes @@ -72,6 +72,11 @@ These attributes are common across several Authentication Token resources since * `token_max_ttl` - The maximum lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time. +* `token_period` - (Optional) If set, indicates that the + token generated using this role should never expire. The token should be renewed within the + duration specified by this value. At each renewal, the token's TTL will be set to the + value of this field. Specified in seconds. + * `token_policies` - List of policies to encode onto generated tokens. Depending on the auth method, this list may be supplemented by user/group/other values. diff --git a/website/docs/r/approle_auth_backend_role.html.md b/website/docs/r/approle_auth_backend_role.html.md index f51fb1dba..f78239dae 100644 --- a/website/docs/r/approle_auth_backend_role.html.md +++ b/website/docs/r/approle_auth_backend_role.html.md @@ -61,6 +61,11 @@ These arguments are common across several Authentication Token resources since V * `token_max_ttl` - (Optional) The maximum lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time. +* `token_period` - (Optional) If set, indicates that the + token generated using this role should never expire. The token should be renewed within the + duration specified by this value. At each renewal, the token's TTL will be set to the + value of this field. Specified in seconds. + * `token_policies` - (Optional) List of policies to encode onto generated tokens. Depending on the auth method, this list may be supplemented by user/group/other values. @@ -94,14 +99,13 @@ These arguments are common across several Authentication Token resources since V These arguments are deprecated since Vault 1.2 in favour of the common token arguments documented above. -* `policies` - (Optional; Deprecated, use `token_policies` instead) An array of strings +* `policies` - (Optional; Deprecated, use `token_policies` instead if you are running Vault >= 1.2) An array of strings specifying the policies to be set on tokens issued using this role. -* `period` - (Optional; Deprecated, use `token_period` instead) If set, indicates that the +* `period` - (Optional; Deprecated, use `token_period` instead if you are running Vault >= 1.2) If set, indicates that the token generated using this role should never expire. The token should be renewed within the duration specified by this value. At each renewal, the token's TTL will be set to the - value of this field. The maximum allowed lifetime of token issued using this - role. Specified as a number of seconds. + value of this field. Specified in seconds. ## Attributes Reference diff --git a/website/docs/r/aws_auth_backend_role.html.md b/website/docs/r/aws_auth_backend_role.html.md index 8024ceb55..51b2d5d99 100644 --- a/website/docs/r/aws_auth_backend_role.html.md +++ b/website/docs/r/aws_auth_backend_role.html.md @@ -135,6 +135,11 @@ These arguments are common across several Authentication Token resources since V * `token_max_ttl` - (Optional) The maximum lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time. +* `token_period` - (Optional) If set, indicates that the + token generated using this role should never expire. The token should be renewed within the + duration specified by this value. At each renewal, the token's TTL will be set to the + value of this field. Specified in seconds. + * `token_policies` - (Optional) List of policies to encode onto generated tokens. Depending on the auth method, this list may be supplemented by user/group/other values. @@ -165,20 +170,19 @@ These arguments are common across several Authentication Token resources since V These arguments are deprecated since Vault 1.2 in favour of the common token arguments documented above. -* `ttl` - (Optional; Deprecated, use `token_ttl` isntead) The TTL period of tokens issued +* `ttl` - (Optional; Deprecated, use `token_ttl` instead if you are running Vault >= 1.2) The TTL period of tokens issued using this role, provided as a number of seconds. -* `max_ttl` - (Optional; Deprecated, use `token_max_ttl` instead) The maximum allowed lifetime of tokens +* `max_ttl` - (Optional; Deprecated, use `token_max_ttl` instead if you are running Vault >= 1.2) The maximum allowed lifetime of tokens issued using this role, provided as a number of seconds. -* `policies` - (Optional; Deprecated, use `token_policies` instead) An array of strings +* `policies` - (Optional; Deprecated, use `token_policies` instead if you are running Vault >= 1.2) An array of strings specifying the policies to be set on tokens issued using this role. -* `period` - (Optional; Deprecated, use `token_period` instead) If set, indicates that the +* `period` - (Optional; Deprecated, use `token_period` instead if you are running Vault >= 1.2) If set, indicates that the token generated using this role should never expire. The token should be renewed within the duration specified by this value. At each renewal, the token's TTL will be set to the - value of this field. The maximum allowed lifetime of token issued using this - role. Specified as a number of seconds. + value of this field. Specified in seconds. ## Attributes Reference diff --git a/website/docs/r/azure_auth_backend_role.html.md b/website/docs/r/azure_auth_backend_role.html.md index fe857bbc5..4abb3c795 100644 --- a/website/docs/r/azure_auth_backend_role.html.md +++ b/website/docs/r/azure_auth_backend_role.html.md @@ -72,6 +72,11 @@ These arguments are common across several Authentication Token resources since V * `token_max_ttl` - (Optional) The maximum lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time. +* `token_period` - (Optional) If set, indicates that the + token generated using this role should never expire. The token should be renewed within the + duration specified by this value. At each renewal, the token's TTL will be set to the + value of this field. Specified in seconds. + * `token_policies` - (Optional) List of policies to encode onto generated tokens. Depending on the auth method, this list may be supplemented by user/group/other values. @@ -102,20 +107,19 @@ These arguments are common across several Authentication Token resources since V These arguments are deprecated since Vault 1.2 in favour of the common token arguments documented above. -* `ttl` - (Optional; Deprecated, use `token_ttl` isntead) The TTL period of tokens issued +* `ttl` - (Optional; Deprecated, use `token_ttl` instead if you are running Vault >= 1.2) The TTL period of tokens issued using this role, provided as a number of seconds. -* `max_ttl` - (Optional; Deprecated, use `token_max_ttl` instead) The maximum allowed lifetime of tokens +* `max_ttl` - (Optional; Deprecated, use `token_max_ttl` instead if you are running Vault >= 1.2) The maximum allowed lifetime of tokens issued using this role, provided as a number of seconds. -* `policies` - (Optional; Deprecated, use `token_policies` instead) An array of strings +* `policies` - (Optional; Deprecated, use `token_policies` instead if you are running Vault >= 1.2) An array of strings specifying the policies to be set on tokens issued using this role. -* `period` - (Optional; Deprecated, use `token_period` instead) If set, indicates that the +* `period` - (Optional; Deprecated, use `token_period` instead if you are running Vault >= 1.2) If set, indicates that the token generated using this role should never expire. The token should be renewed within the duration specified by this value. At each renewal, the token's TTL will be set to the - value of this field. The maximum allowed lifetime of token issued using this - role. Specified as a number of seconds. + value of this field. Specified in seconds. ## Attributes Reference diff --git a/website/docs/r/cert_auth_backend_role.html.md b/website/docs/r/cert_auth_backend_role.html.md index 2855f394b..c4381176b 100644 --- a/website/docs/r/cert_auth_backend_role.html.md +++ b/website/docs/r/cert_auth_backend_role.html.md @@ -65,6 +65,11 @@ These arguments are common across several Authentication Token resources since V * `token_max_ttl` - (Optional) The maximum lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time. +* `token_period` - (Optional) If set, indicates that the + token generated using this role should never expire. The token should be renewed within the + duration specified by this value. At each renewal, the token's TTL will be set to the + value of this field. Specified in seconds. + * `token_policies` - (Optional) List of policies to encode onto generated tokens. Depending on the auth method, this list may be supplemented by user/group/other values. @@ -98,23 +103,22 @@ These arguments are common across several Authentication Token resources since V These arguments are deprecated since Vault 1.2 in favour of the common token arguments documented above. -* `bound_cidrs` - (Optional; Deprecated, use `token_bound_cidrs` instead) Restriction usage of the +* `bound_cidrs` - (Optional; Deprecated, use `token_bound_cidrs` instead if you are running Vault >= 1.2) Restriction usage of the certificates to client IPs falling within the range of the specified CIDRs -* `ttl` - (Optional; Deprecated, use `token_ttl` isntead) The TTL period of tokens issued +* `ttl` - (Optional; Deprecated, use `token_ttl` instead if you are running Vault >= 1.2) The TTL period of tokens issued using this role, provided as a number of seconds. -* `max_ttl` - (Optional; Deprecated, use `token_max_ttl` instead) The maximum allowed lifetime of tokens +* `max_ttl` - (Optional; Deprecated, use `token_max_ttl` instead if you are running Vault >= 1.2) The maximum allowed lifetime of tokens issued using this role, provided as a number of seconds. -* `policies` - (Optional; Deprecated, use `token_policies` instead) An array of strings +* `policies` - (Optional; Deprecated, use `token_policies` instead if you are running Vault >= 1.2) An array of strings specifying the policies to be set on tokens issued using this role. -* `period` - (Optional; Deprecated, use `token_period` instead) If set, indicates that the +* `period` - (Optional; Deprecated, use `token_period` instead if you are running Vault >= 1.2) If set, indicates that the token generated using this role should never expire. The token should be renewed within the duration specified by this value. At each renewal, the token's TTL will be set to the - value of this field. The maximum allowed lifetime of token issued using this - role. Specified as a number of seconds. + value of this field. Specified in seconds. For more details on the usage of each argument consult the [Vault Cert API documentation](https://www.vaultproject.io/api/auth/cert/index.html). diff --git a/website/docs/r/gcp_auth_backend_role.html.md b/website/docs/r/gcp_auth_backend_role.html.md index 108d100eb..f4bb7b16d 100644 --- a/website/docs/r/gcp_auth_backend_role.html.md +++ b/website/docs/r/gcp_auth_backend_role.html.md @@ -75,6 +75,11 @@ These arguments are common across several Authentication Token resources since V * `token_max_ttl` - (Optional) The maximum lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time. +* `token_period` - (Optional) If set, indicates that the + token generated using this role should never expire. The token should be renewed within the + duration specified by this value. At each renewal, the token's TTL will be set to the + value of this field. Specified in seconds. + * `token_policies` - (Optional) List of policies to encode onto generated tokens. Depending on the auth method, this list may be supplemented by user/group/other values. @@ -105,20 +110,19 @@ These arguments are common across several Authentication Token resources since V These arguments are deprecated since Vault 1.2 in favour of the common token arguments documented above. -* `ttl` - (Optional; Deprecated, use `token_ttl` isntead) The TTL period of tokens issued +* `ttl` - (Optional; Deprecated, use `token_ttl` instead if you are running Vault >= 1.2) The TTL period of tokens issued using this role, provided as a number of seconds. -* `max_ttl` - (Optional; Deprecated, use `token_max_ttl` instead) The maximum allowed lifetime of tokens +* `max_ttl` - (Optional; Deprecated, use `token_max_ttl` instead if you are running Vault >= 1.2) The maximum allowed lifetime of tokens issued using this role, provided as a number of seconds. -* `policies` - (Optional; Deprecated, use `token_policies` instead) An array of strings +* `policies` - (Optional; Deprecated, use `token_policies` instead if you are running Vault >= 1.2) An array of strings specifying the policies to be set on tokens issued using this role. -* `period` - (Optional; Deprecated, use `token_period` instead) If set, indicates that the +* `period` - (Optional; Deprecated, use `token_period` instead if you are running Vault >= 1.2) If set, indicates that the token generated using this role should never expire. The token should be renewed within the duration specified by this value. At each renewal, the token's TTL will be set to the - value of this field. The maximum allowed lifetime of token issued using this - role. Specified as a number of seconds. + value of this field. Specified in seconds. ## Attribute Reference diff --git a/website/docs/r/github_auth_backend.html.md b/website/docs/r/github_auth_backend.html.md index e0ec14452..45aa5d0d3 100644 --- a/website/docs/r/github_auth_backend.html.md +++ b/website/docs/r/github_auth_backend.html.md @@ -79,6 +79,11 @@ These arguments are common across several Authentication Token resources since V * `token_max_ttl` - (Optional) The maximum lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time. +* `token_period` - (Optional) If set, indicates that the + token generated using this role should never expire. The token should be renewed within the + duration specified by this value. At each renewal, the token's TTL will be set to the + value of this field. Specified in seconds. + * `token_policies` - (Optional) List of policies to encode onto generated tokens. Depending on the auth method, this list may be supplemented by user/group/other values. @@ -112,10 +117,10 @@ These arguments are common across several Authentication Token resources since V These arguments are deprecated since Vault 1.2 in favour of the common token arguments documented above. -* `ttl` - (Optional; Deprecated, use `token_ttl` isntead) The TTL period of tokens issued +* `ttl` - (Optional; Deprecated, use `token_ttl` instead if you are running Vault >= 1.2) The TTL period of tokens issued using this role. This must be a valid [duration string](https://golang.org/pkg/time/#ParseDuration). -* `max_ttl` - (Optional; Deprecated, use `token_max_ttl` instead) The maximum allowed lifetime of tokens +* `max_ttl` - (Optional; Deprecated, use `token_max_ttl` instead if you are running Vault >= 1.2) The maximum allowed lifetime of tokens issued using this role. This must be a valid [duration string](https://golang.org/pkg/time/#ParseDuration). ## Import diff --git a/website/docs/r/jwt_auth_backend_role.html.md b/website/docs/r/jwt_auth_backend_role.html.md index 1fd25fa1a..e07328528 100644 --- a/website/docs/r/jwt_auth_backend_role.html.md +++ b/website/docs/r/jwt_auth_backend_role.html.md @@ -126,6 +126,11 @@ These arguments are common across several Authentication Token resources since V * `token_max_ttl` - (Optional) The maximum lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time. +* `token_period` - (Optional) If set, indicates that the + token generated using this role should never expire. The token should be renewed within the + duration specified by this value. At each renewal, the token's TTL will be set to the + value of this field. Specified in seconds. + * `token_policies` - (Optional) List of policies to encode onto generated tokens. Depending on the auth method, this list may be supplemented by user/group/other values. @@ -156,25 +161,24 @@ These arguments are common across several Authentication Token resources since V These arguments are deprecated since Vault 1.2 in favour of the common token arguments documented above. -* `num_uses` - (Optional; Deprecated, use `token_num_uses` instead) If set, puts a use-count +* `num_uses` - (Optional; Deprecated, use `token_num_uses` instead if you are running Vault >= 1.2) If set, puts a use-count limitation on the issued token. -* `ttl` - (Optional; Deprecated, use `token_ttl` isntead) The TTL period of tokens issued +* `ttl` - (Optional; Deprecated, use `token_ttl` instead if you are running Vault >= 1.2) The TTL period of tokens issued using this role, provided as a number of seconds. -* `max_ttl` - (Optional; Deprecated, use `token_max_ttl` instead) The maximum allowed lifetime of tokens +* `max_ttl` - (Optional; Deprecated, use `token_max_ttl` instead if you are running Vault >= 1.2) The maximum allowed lifetime of tokens issued using this role, provided as a number of seconds. -* `policies` - (Optional; Deprecated, use `token_policies` instead) An array of strings +* `policies` - (Optional; Deprecated, use `token_policies` instead if you are running Vault >= 1.2) An array of strings specifying the policies to be set on tokens issued using this role. -* `period` - (Optional; Deprecated, use `token_period` instead) If set, indicates that the +* `period` - (Optional; Deprecated, use `token_period` instead if you are running Vault >= 1.2) If set, indicates that the token generated using this role should never expire. The token should be renewed within the duration specified by this value. At each renewal, the token's TTL will be set to the - value of this field. The maximum allowed lifetime of token issued using this - role. Specified as a number of seconds. + value of this field. Specified in seconds. -* `bound_cidrs` - (Optional; Deprecated, use `token_bound_cidrs` instead) If set, a list of +* `bound_cidrs` - (Optional; Deprecated, use `token_bound_cidrs` instead if you are running Vault >= 1.2) If set, a list of CIDRs valid as the source address for login requests. This value is also encoded into any resulting token. ## Attributes Reference diff --git a/website/docs/r/kubernetes_auth_backend_role.html.md b/website/docs/r/kubernetes_auth_backend_role.html.md index 8f8bfaa0b..70f34a83f 100644 --- a/website/docs/r/kubernetes_auth_backend_role.html.md +++ b/website/docs/r/kubernetes_auth_backend_role.html.md @@ -51,6 +51,11 @@ These arguments are common across several Authentication Token resources since V * `token_max_ttl` - (Optional) The maximum lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time. +* `token_period` - (Optional) If set, indicates that the + token generated using this role should never expire. The token should be renewed within the + duration specified by this value. At each renewal, the token's TTL will be set to the + value of this field. Specified in seconds. + * `token_policies` - (Optional) List of policies to encode onto generated tokens. Depending on the auth method, this list may be supplemented by user/group/other values. @@ -81,25 +86,24 @@ These arguments are common across several Authentication Token resources since V These arguments are deprecated since Vault 1.2 in favour of the common token arguments documented above. -* `num_uses` - (Optional; Deprecated, use `token_num_uses` instead) If set, puts a use-count +* `num_uses` - (Optional; Deprecated, use `token_num_uses` instead if you are running Vault >= 1.2) If set, puts a use-count limitation on the issued token. -* `ttl` - (Optional; Deprecated, use `token_ttl` isntead) The TTL period of tokens issued +* `ttl` - (Optional; Deprecated, use `token_ttl` instead if you are running Vault >= 1.2) The TTL period of tokens issued using this role, provided as a number of seconds. -* `max_ttl` - (Optional; Deprecated, use `token_max_ttl` instead) The maximum allowed lifetime of tokens +* `max_ttl` - (Optional; Deprecated, use `token_max_ttl` instead if you are running Vault >= 1.2) The maximum allowed lifetime of tokens issued using this role, provided as a number of seconds. -* `policies` - (Optional; Deprecated, use `token_policies` instead) An array of strings +* `policies` - (Optional; Deprecated, use `token_policies` instead if you are running Vault >= 1.2) An array of strings specifying the policies to be set on tokens issued using this role. -* `period` - (Optional; Deprecated, use `token_period` instead) If set, indicates that the +* `period` - (Optional; Deprecated, use `token_period` instead if you are running Vault >= 1.2) If set, indicates that the token generated using this role should never expire. The token should be renewed within the duration specified by this value. At each renewal, the token's TTL will be set to the - value of this field. The maximum allowed lifetime of token issued using this - role. Specified as a number of seconds. + value of this field. Specified in seconds. -* `bound_cidrs` - (Optional; Deprecated, use `token_bound_cidrs` instead) If set, a list of +* `bound_cidrs` - (Optional; Deprecated, use `token_bound_cidrs` instead if you are running Vault >= 1.2) If set, a list of CIDRs valid as the source address for login requests. This value is also encoded into any resulting token. ## Attributes Reference diff --git a/website/docs/r/ldap_auth_backend.html.md b/website/docs/r/ldap_auth_backend.html.md index b2c776055..b3f9214bb 100644 --- a/website/docs/r/ldap_auth_backend.html.md +++ b/website/docs/r/ldap_auth_backend.html.md @@ -79,6 +79,11 @@ These arguments are common across several Authentication Token resources since V * `token_max_ttl` - (Optional) The maximum lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time. +* `token_period` - (Optional) If set, indicates that the + token generated using this role should never expire. The token should be renewed within the + duration specified by this value. At each renewal, the token's TTL will be set to the + value of this field. Specified in seconds. + * `token_policies` - (Optional) List of policies to encode onto generated tokens. Depending on the auth method, this list may be supplemented by user/group/other values. diff --git a/website/docs/r/token_auth_backend_role.html.md b/website/docs/r/token_auth_backend_role.html.md index 2b33c77f5..b893cf1e2 100644 --- a/website/docs/r/token_auth_backend_role.html.md +++ b/website/docs/r/token_auth_backend_role.html.md @@ -55,6 +55,10 @@ These arguments are common across several Authentication Token resources since V * `token_max_ttl` - (Optional) The maximum lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time. +* `token_period` - (Optional) If set, indicates that the + token generated using this role should never expire. The token should be renewed within the + duration specified by this value. At each renewal, the token's TTL will be set to the + value of this field. Specified in seconds. * `token_bound_cidrs` - (Optional) List of CIDR blocks; if set, specifies blocks of IP addresses which can authenticate successfully, and ties the resulting token to these blocks @@ -86,13 +90,12 @@ documented above. * `explicit_max_ttl` (Optional; Deprecated, use `token_explicit_max_ttl` instead) If set, the token will have an explicit max TTL set upon it. -* `period` - (Optional; Deprecated, use `token_period` instead) If set, indicates that the +* `period` - (Optional; Deprecated, use `token_period` instead if you are running Vault >= 1.2) If set, indicates that the token generated using this role should never expire. The token should be renewed within the duration specified by this value. At each renewal, the token's TTL will be set to the - value of this field. The maximum allowed lifetime of token issued using this - role. Specified as a number of seconds. + value of this field. Specified in seconds. -* `bound_cidrs` - (Optional; Deprecated, use `token_bound_cidrs` instead) If set, a list of +* `bound_cidrs` - (Optional; Deprecated, use `token_bound_cidrs` instead if you are running Vault >= 1.2) If set, a list of CIDRs valid as the source address for login requests. This value is also encoded into any resulting token. ## Attributes Reference