Docs Home
akeyless 1.9.0 published on Monday, Apr 14, 2025 by akeyless-community
akeyless.AuthMethodGcp
Explore with Pulumi AI
akeyless 1.9.0 published on Monday, Apr 14, 2025 by akeyless-community
GCE Auth Method Resource
Create AuthMethodGcp Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new AuthMethodGcp(name: string, args: AuthMethodGcpArgs, opts?: CustomResourceOptions);@overload
def AuthMethodGcp(resource_name: str,
args: AuthMethodGcpInitArgs,
opts: Optional[ResourceOptions] = None)
@overload
def AuthMethodGcp(resource_name: str,
opts: Optional[ResourceOptions] = None,
type: Optional[str] = None,
bound_service_accounts: Optional[Sequence[str]] = None,
force_sub_claims: Optional[bool] = None,
auth_method_gcp_id: Optional[str] = None,
bound_ips: Optional[Sequence[str]] = None,
bound_labels: Optional[Sequence[str]] = None,
bound_projects: Optional[Sequence[str]] = None,
audit_logs_claims: Optional[Sequence[str]] = None,
bound_zones: Optional[Sequence[str]] = None,
bound_regions: Optional[Sequence[str]] = None,
delete_protection: Optional[str] = None,
access_expires: Optional[float] = None,
jwt_ttl: Optional[float] = None,
name: Optional[str] = None,
service_account_creds_data: Optional[str] = None,
audience: Optional[str] = None)func NewAuthMethodGcp(ctx *Context, name string, args AuthMethodGcpArgs, opts ...ResourceOption) (*AuthMethodGcp, error)public AuthMethodGcp(string name, AuthMethodGcpArgs args, CustomResourceOptions? opts = null)public AuthMethodGcp(String name, AuthMethodGcpArgs args)
public AuthMethodGcp(String name, AuthMethodGcpArgs args, CustomResourceOptions options)
type: akeyless:AuthMethodGcp
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name
This property is required. string - The unique name of the resource.
- args
This property is required. AuthMethodGcpArgs - The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name
This property is required. str - The unique name of the resource.
- args
This property is required. AuthMethodGcpInitArgs - The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name
This property is required. string - The unique name of the resource.
- args
This property is required. AuthMethodGcpArgs - The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name
This property is required. string - The unique name of the resource.
- args
This property is required. AuthMethodGcpArgs - The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name
This property is required. String - The unique name of the resource.
- args
This property is required. AuthMethodGcpArgs - The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var authMethodGcpResource = new Akeyless.AuthMethodGcp("authMethodGcpResource", new()
{
Type = "string",
BoundServiceAccounts = new[]
{
"string",
},
ForceSubClaims = false,
AuthMethodGcpId = "string",
BoundIps = new[]
{
"string",
},
BoundLabels = new[]
{
"string",
},
BoundProjects = new[]
{
"string",
},
AuditLogsClaims = new[]
{
"string",
},
BoundZones = new[]
{
"string",
},
BoundRegions = new[]
{
"string",
},
DeleteProtection = "string",
AccessExpires = 0,
JwtTtl = 0,
Name = "string",
ServiceAccountCredsData = "string",
Audience = "string",
});
example, err := akeyless.NewAuthMethodGcp(ctx, "authMethodGcpResource", &akeyless.AuthMethodGcpArgs{
Type: pulumi.String("string"),
BoundServiceAccounts: pulumi.StringArray{
pulumi.String("string"),
},
ForceSubClaims: pulumi.Bool(false),
AuthMethodGcpId: pulumi.String("string"),
BoundIps: pulumi.StringArray{
pulumi.String("string"),
},
BoundLabels: pulumi.StringArray{
pulumi.String("string"),
},
BoundProjects: pulumi.StringArray{
pulumi.String("string"),
},
AuditLogsClaims: pulumi.StringArray{
pulumi.String("string"),
},
BoundZones: pulumi.StringArray{
pulumi.String("string"),
},
BoundRegions: pulumi.StringArray{
pulumi.String("string"),
},
DeleteProtection: pulumi.String("string"),
AccessExpires: pulumi.Float64(0),
JwtTtl: pulumi.Float64(0),
Name: pulumi.String("string"),
ServiceAccountCredsData: pulumi.String("string"),
Audience: pulumi.String("string"),
})
var authMethodGcpResource = new AuthMethodGcp("authMethodGcpResource", AuthMethodGcpArgs.builder()
.type("string")
.boundServiceAccounts("string")
.forceSubClaims(false)
.authMethodGcpId("string")
.boundIps("string")
.boundLabels("string")
.boundProjects("string")
.auditLogsClaims("string")
.boundZones("string")
.boundRegions("string")
.deleteProtection("string")
.accessExpires(0)
.jwtTtl(0)
.name("string")
.serviceAccountCredsData("string")
.audience("string")
.build());
auth_method_gcp_resource = akeyless.AuthMethodGcp("authMethodGcpResource",
type="string",
bound_service_accounts=["string"],
force_sub_claims=False,
auth_method_gcp_id="string",
bound_ips=["string"],
bound_labels=["string"],
bound_projects=["string"],
audit_logs_claims=["string"],
bound_zones=["string"],
bound_regions=["string"],
delete_protection="string",
access_expires=0,
jwt_ttl=0,
name="string",
service_account_creds_data="string",
audience="string")
const authMethodGcpResource = new akeyless.AuthMethodGcp("authMethodGcpResource", {
type: "string",
boundServiceAccounts: ["string"],
forceSubClaims: false,
authMethodGcpId: "string",
boundIps: ["string"],
boundLabels: ["string"],
boundProjects: ["string"],
auditLogsClaims: ["string"],
boundZones: ["string"],
boundRegions: ["string"],
deleteProtection: "string",
accessExpires: 0,
jwtTtl: 0,
name: "string",
serviceAccountCredsData: "string",
audience: "string",
});
type: akeyless:AuthMethodGcp
properties:
accessExpires: 0
audience: string
auditLogsClaims:
- string
authMethodGcpId: string
boundIps:
- string
boundLabels:
- string
boundProjects:
- string
boundRegions:
- string
boundServiceAccounts:
- string
boundZones:
- string
deleteProtection: string
forceSubClaims: false
jwtTtl: 0
name: string
serviceAccountCredsData: string
type: string
AuthMethodGcp Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The AuthMethodGcp resource accepts the following input properties:
- Type
This property is required. string - The type of the GCP Auth Method (iam/gce)
- Access
Expires double - Access expiration date in Unix timestamp (select 0 for access without expiry date)
- Audience string
- The audience to verify in the JWT received by the client
- Audit
Logs List<string>Claims - Subclaims to include in audit logs
- Auth
Method stringGcp Id - The ID of this resource.
- Bound
Ips List<string> - A CIDR whitelist with the IPs that the access is restricted to
- Bound
Labels List<string> - GCE only. A list of GCP labels formatted as key:value pairs that must be set on instances in order to authenticate. For multiple values repeat this flag.
- Bound
Projects List<string> - A list of GCP project IDs. Clients must belong to any of the provided projects in order to authenticate. For multiple values repeat this flag.
- Bound
Regions List<string> - GCE only. A list of regions. GCE instances must belong to any of the provided regions in order to authenticate. For multiple values repeat this flag.
- Bound
Service List<string>Accounts - A list of Service Accounts. Clients must belong to any of the provided service accounts in order to authenticate. For multiple values repeat this flag.
- Bound
Zones List<string> - GCE only. A list of zones. GCE instances must belong to any of the provided zones in order to authenticate. For multiple values repeat this flag.
- Delete
Protection string - Protection from accidental deletion of this auth method, [true/false]
- Force
Sub boolClaims - enforce role-association must include sub claims
- Jwt
Ttl double - Creds expiration time in minutes
- Name string
- Auth Method name
- Service
Account stringCreds Data - Service Account creds data, base64 encoded
- Type
This property is required. string - The type of the GCP Auth Method (iam/gce)
- Access
Expires float64 - Access expiration date in Unix timestamp (select 0 for access without expiry date)
- Audience string
- The audience to verify in the JWT received by the client
- Audit
Logs []stringClaims - Subclaims to include in audit logs
- Auth
Method stringGcp Id - The ID of this resource.
- Bound
Ips []string - A CIDR whitelist with the IPs that the access is restricted to
- Bound
Labels []string - GCE only. A list of GCP labels formatted as key:value pairs that must be set on instances in order to authenticate. For multiple values repeat this flag.
- Bound
Projects []string - A list of GCP project IDs. Clients must belong to any of the provided projects in order to authenticate. For multiple values repeat this flag.
- Bound
Regions []string - GCE only. A list of regions. GCE instances must belong to any of the provided regions in order to authenticate. For multiple values repeat this flag.
- Bound
Service []stringAccounts - A list of Service Accounts. Clients must belong to any of the provided service accounts in order to authenticate. For multiple values repeat this flag.
- Bound
Zones []string - GCE only. A list of zones. GCE instances must belong to any of the provided zones in order to authenticate. For multiple values repeat this flag.
- Delete
Protection string - Protection from accidental deletion of this auth method, [true/false]
- Force
Sub boolClaims - enforce role-association must include sub claims
- Jwt
Ttl float64 - Creds expiration time in minutes
- Name string
- Auth Method name
- Service
Account stringCreds Data - Service Account creds data, base64 encoded
- type
This property is required. String - The type of the GCP Auth Method (iam/gce)
- access
Expires Double - Access expiration date in Unix timestamp (select 0 for access without expiry date)
- audience String
- The audience to verify in the JWT received by the client
- audit
Logs List<String>Claims - Subclaims to include in audit logs
- auth
Method StringGcp Id - The ID of this resource.
- bound
Ips List<String> - A CIDR whitelist with the IPs that the access is restricted to
- bound
Labels List<String> - GCE only. A list of GCP labels formatted as key:value pairs that must be set on instances in order to authenticate. For multiple values repeat this flag.
- bound
Projects List<String> - A list of GCP project IDs. Clients must belong to any of the provided projects in order to authenticate. For multiple values repeat this flag.
- bound
Regions List<String> - GCE only. A list of regions. GCE instances must belong to any of the provided regions in order to authenticate. For multiple values repeat this flag.
- bound
Service List<String>Accounts - A list of Service Accounts. Clients must belong to any of the provided service accounts in order to authenticate. For multiple values repeat this flag.
- bound
Zones List<String> - GCE only. A list of zones. GCE instances must belong to any of the provided zones in order to authenticate. For multiple values repeat this flag.
- delete
Protection String - Protection from accidental deletion of this auth method, [true/false]
- force
Sub BooleanClaims - enforce role-association must include sub claims
- jwt
Ttl Double - Creds expiration time in minutes
- name String
- Auth Method name
- service
Account StringCreds Data - Service Account creds data, base64 encoded
- type
This property is required. string - The type of the GCP Auth Method (iam/gce)
- access
Expires number - Access expiration date in Unix timestamp (select 0 for access without expiry date)
- audience string
- The audience to verify in the JWT received by the client
- audit
Logs string[]Claims - Subclaims to include in audit logs
- auth
Method stringGcp Id - The ID of this resource.
- bound
Ips string[] - A CIDR whitelist with the IPs that the access is restricted to
- bound
Labels string[] - GCE only. A list of GCP labels formatted as key:value pairs that must be set on instances in order to authenticate. For multiple values repeat this flag.
- bound
Projects string[] - A list of GCP project IDs. Clients must belong to any of the provided projects in order to authenticate. For multiple values repeat this flag.
- bound
Regions string[] - GCE only. A list of regions. GCE instances must belong to any of the provided regions in order to authenticate. For multiple values repeat this flag.
- bound
Service string[]Accounts - A list of Service Accounts. Clients must belong to any of the provided service accounts in order to authenticate. For multiple values repeat this flag.
- bound
Zones string[] - GCE only. A list of zones. GCE instances must belong to any of the provided zones in order to authenticate. For multiple values repeat this flag.
- delete
Protection string - Protection from accidental deletion of this auth method, [true/false]
- force
Sub booleanClaims - enforce role-association must include sub claims
- jwt
Ttl number - Creds expiration time in minutes
- name string
- Auth Method name
- service
Account stringCreds Data - Service Account creds data, base64 encoded
- type
This property is required. str - The type of the GCP Auth Method (iam/gce)
- access_
expires float - Access expiration date in Unix timestamp (select 0 for access without expiry date)
- audience str
- The audience to verify in the JWT received by the client
- audit_
logs_ Sequence[str]claims - Subclaims to include in audit logs
- auth_
method_ strgcp_ id - The ID of this resource.
- bound_
ips Sequence[str] - A CIDR whitelist with the IPs that the access is restricted to
- bound_
labels Sequence[str] - GCE only. A list of GCP labels formatted as key:value pairs that must be set on instances in order to authenticate. For multiple values repeat this flag.
- bound_
projects Sequence[str] - A list of GCP project IDs. Clients must belong to any of the provided projects in order to authenticate. For multiple values repeat this flag.
- bound_
regions Sequence[str] - GCE only. A list of regions. GCE instances must belong to any of the provided regions in order to authenticate. For multiple values repeat this flag.
- bound_
service_ Sequence[str]accounts - A list of Service Accounts. Clients must belong to any of the provided service accounts in order to authenticate. For multiple values repeat this flag.
- bound_
zones Sequence[str] - GCE only. A list of zones. GCE instances must belong to any of the provided zones in order to authenticate. For multiple values repeat this flag.
- delete_
protection str - Protection from accidental deletion of this auth method, [true/false]
- force_
sub_ boolclaims - enforce role-association must include sub claims
- jwt_
ttl float - Creds expiration time in minutes
- name str
- Auth Method name
- service_
account_ strcreds_ data - Service Account creds data, base64 encoded
- type
This property is required. String - The type of the GCP Auth Method (iam/gce)
- access
Expires Number - Access expiration date in Unix timestamp (select 0 for access without expiry date)
- audience String
- The audience to verify in the JWT received by the client
- audit
Logs List<String>Claims - Subclaims to include in audit logs
- auth
Method StringGcp Id - The ID of this resource.
- bound
Ips List<String> - A CIDR whitelist with the IPs that the access is restricted to
- bound
Labels List<String> - GCE only. A list of GCP labels formatted as key:value pairs that must be set on instances in order to authenticate. For multiple values repeat this flag.
- bound
Projects List<String> - A list of GCP project IDs. Clients must belong to any of the provided projects in order to authenticate. For multiple values repeat this flag.
- bound
Regions List<String> - GCE only. A list of regions. GCE instances must belong to any of the provided regions in order to authenticate. For multiple values repeat this flag.
- bound
Service List<String>Accounts - A list of Service Accounts. Clients must belong to any of the provided service accounts in order to authenticate. For multiple values repeat this flag.
- bound
Zones List<String> - GCE only. A list of zones. GCE instances must belong to any of the provided zones in order to authenticate. For multiple values repeat this flag.
- delete
Protection String - Protection from accidental deletion of this auth method, [true/false]
- force
Sub BooleanClaims - enforce role-association must include sub claims
- jwt
Ttl Number - Creds expiration time in minutes
- name String
- Auth Method name
- service
Account StringCreds Data - Service Account creds data, base64 encoded
Outputs
All input properties are implicitly available as output properties. Additionally, the AuthMethodGcp resource produces the following output properties:
Look up Existing AuthMethodGcp Resource
Get an existing AuthMethodGcp resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: AuthMethodGcpState, opts?: CustomResourceOptions): AuthMethodGcp@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
access_expires: Optional[float] = None,
access_id: Optional[str] = None,
audience: Optional[str] = None,
audit_logs_claims: Optional[Sequence[str]] = None,
auth_method_gcp_id: Optional[str] = None,
bound_ips: Optional[Sequence[str]] = None,
bound_labels: Optional[Sequence[str]] = None,
bound_projects: Optional[Sequence[str]] = None,
bound_regions: Optional[Sequence[str]] = None,
bound_service_accounts: Optional[Sequence[str]] = None,
bound_zones: Optional[Sequence[str]] = None,
delete_protection: Optional[str] = None,
force_sub_claims: Optional[bool] = None,
jwt_ttl: Optional[float] = None,
name: Optional[str] = None,
service_account_creds_data: Optional[str] = None,
type: Optional[str] = None) -> AuthMethodGcpfunc GetAuthMethodGcp(ctx *Context, name string, id IDInput, state *AuthMethodGcpState, opts ...ResourceOption) (*AuthMethodGcp, error)public static AuthMethodGcp Get(string name, Input<string> id, AuthMethodGcpState? state, CustomResourceOptions? opts = null)public static AuthMethodGcp get(String name, Output<String> id, AuthMethodGcpState state, CustomResourceOptions options)resources: _: type: akeyless:AuthMethodGcp get: id: ${id}- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
The following state arguments are supported:
- Access
Expires double - Access expiration date in Unix timestamp (select 0 for access without expiry date)
- Access
Id string - Auth Method access ID
- Audience string
- The audience to verify in the JWT received by the client
- Audit
Logs List<string>Claims - Subclaims to include in audit logs
- Auth
Method stringGcp Id - The ID of this resource.
- Bound
Ips List<string> - A CIDR whitelist with the IPs that the access is restricted to
- Bound
Labels List<string> - GCE only. A list of GCP labels formatted as key:value pairs that must be set on instances in order to authenticate. For multiple values repeat this flag.
- Bound
Projects List<string> - A list of GCP project IDs. Clients must belong to any of the provided projects in order to authenticate. For multiple values repeat this flag.
- Bound
Regions List<string> - GCE only. A list of regions. GCE instances must belong to any of the provided regions in order to authenticate. For multiple values repeat this flag.
- Bound
Service List<string>Accounts - A list of Service Accounts. Clients must belong to any of the provided service accounts in order to authenticate. For multiple values repeat this flag.
- Bound
Zones List<string> - GCE only. A list of zones. GCE instances must belong to any of the provided zones in order to authenticate. For multiple values repeat this flag.
- Delete
Protection string - Protection from accidental deletion of this auth method, [true/false]
- Force
Sub boolClaims - enforce role-association must include sub claims
- Jwt
Ttl double - Creds expiration time in minutes
- Name string
- Auth Method name
- Service
Account stringCreds Data - Service Account creds data, base64 encoded
- Type string
- The type of the GCP Auth Method (iam/gce)
- Access
Expires float64 - Access expiration date in Unix timestamp (select 0 for access without expiry date)
- Access
Id string - Auth Method access ID
- Audience string
- The audience to verify in the JWT received by the client
- Audit
Logs []stringClaims - Subclaims to include in audit logs
- Auth
Method stringGcp Id - The ID of this resource.
- Bound
Ips []string - A CIDR whitelist with the IPs that the access is restricted to
- Bound
Labels []string - GCE only. A list of GCP labels formatted as key:value pairs that must be set on instances in order to authenticate. For multiple values repeat this flag.
- Bound
Projects []string - A list of GCP project IDs. Clients must belong to any of the provided projects in order to authenticate. For multiple values repeat this flag.
- Bound
Regions []string - GCE only. A list of regions. GCE instances must belong to any of the provided regions in order to authenticate. For multiple values repeat this flag.
- Bound
Service []stringAccounts - A list of Service Accounts. Clients must belong to any of the provided service accounts in order to authenticate. For multiple values repeat this flag.
- Bound
Zones []string - GCE only. A list of zones. GCE instances must belong to any of the provided zones in order to authenticate. For multiple values repeat this flag.
- Delete
Protection string - Protection from accidental deletion of this auth method, [true/false]
- Force
Sub boolClaims - enforce role-association must include sub claims
- Jwt
Ttl float64 - Creds expiration time in minutes
- Name string
- Auth Method name
- Service
Account stringCreds Data - Service Account creds data, base64 encoded
- Type string
- The type of the GCP Auth Method (iam/gce)
- access
Expires Double - Access expiration date in Unix timestamp (select 0 for access without expiry date)
- access
Id String - Auth Method access ID
- audience String
- The audience to verify in the JWT received by the client
- audit
Logs List<String>Claims - Subclaims to include in audit logs
- auth
Method StringGcp Id - The ID of this resource.
- bound
Ips List<String> - A CIDR whitelist with the IPs that the access is restricted to
- bound
Labels List<String> - GCE only. A list of GCP labels formatted as key:value pairs that must be set on instances in order to authenticate. For multiple values repeat this flag.
- bound
Projects List<String> - A list of GCP project IDs. Clients must belong to any of the provided projects in order to authenticate. For multiple values repeat this flag.
- bound
Regions List<String> - GCE only. A list of regions. GCE instances must belong to any of the provided regions in order to authenticate. For multiple values repeat this flag.
- bound
Service List<String>Accounts - A list of Service Accounts. Clients must belong to any of the provided service accounts in order to authenticate. For multiple values repeat this flag.
- bound
Zones List<String> - GCE only. A list of zones. GCE instances must belong to any of the provided zones in order to authenticate. For multiple values repeat this flag.
- delete
Protection String - Protection from accidental deletion of this auth method, [true/false]
- force
Sub BooleanClaims - enforce role-association must include sub claims
- jwt
Ttl Double - Creds expiration time in minutes
- name String
- Auth Method name
- service
Account StringCreds Data - Service Account creds data, base64 encoded
- type String
- The type of the GCP Auth Method (iam/gce)
- access
Expires number - Access expiration date in Unix timestamp (select 0 for access without expiry date)
- access
Id string - Auth Method access ID
- audience string
- The audience to verify in the JWT received by the client
- audit
Logs string[]Claims - Subclaims to include in audit logs
- auth
Method stringGcp Id - The ID of this resource.
- bound
Ips string[] - A CIDR whitelist with the IPs that the access is restricted to
- bound
Labels string[] - GCE only. A list of GCP labels formatted as key:value pairs that must be set on instances in order to authenticate. For multiple values repeat this flag.
- bound
Projects string[] - A list of GCP project IDs. Clients must belong to any of the provided projects in order to authenticate. For multiple values repeat this flag.
- bound
Regions string[] - GCE only. A list of regions. GCE instances must belong to any of the provided regions in order to authenticate. For multiple values repeat this flag.
- bound
Service string[]Accounts - A list of Service Accounts. Clients must belong to any of the provided service accounts in order to authenticate. For multiple values repeat this flag.
- bound
Zones string[] - GCE only. A list of zones. GCE instances must belong to any of the provided zones in order to authenticate. For multiple values repeat this flag.
- delete
Protection string - Protection from accidental deletion of this auth method, [true/false]
- force
Sub booleanClaims - enforce role-association must include sub claims
- jwt
Ttl number - Creds expiration time in minutes
- name string
- Auth Method name
- service
Account stringCreds Data - Service Account creds data, base64 encoded
- type string
- The type of the GCP Auth Method (iam/gce)
- access_
expires float - Access expiration date in Unix timestamp (select 0 for access without expiry date)
- access_
id str - Auth Method access ID
- audience str
- The audience to verify in the JWT received by the client
- audit_
logs_ Sequence[str]claims - Subclaims to include in audit logs
- auth_
method_ strgcp_ id - The ID of this resource.
- bound_
ips Sequence[str] - A CIDR whitelist with the IPs that the access is restricted to
- bound_
labels Sequence[str] - GCE only. A list of GCP labels formatted as key:value pairs that must be set on instances in order to authenticate. For multiple values repeat this flag.
- bound_
projects Sequence[str] - A list of GCP project IDs. Clients must belong to any of the provided projects in order to authenticate. For multiple values repeat this flag.
- bound_
regions Sequence[str] - GCE only. A list of regions. GCE instances must belong to any of the provided regions in order to authenticate. For multiple values repeat this flag.
- bound_
service_ Sequence[str]accounts - A list of Service Accounts. Clients must belong to any of the provided service accounts in order to authenticate. For multiple values repeat this flag.
- bound_
zones Sequence[str] - GCE only. A list of zones. GCE instances must belong to any of the provided zones in order to authenticate. For multiple values repeat this flag.
- delete_
protection str - Protection from accidental deletion of this auth method, [true/false]
- force_
sub_ boolclaims - enforce role-association must include sub claims
- jwt_
ttl float - Creds expiration time in minutes
- name str
- Auth Method name
- service_
account_ strcreds_ data - Service Account creds data, base64 encoded
- type str
- The type of the GCP Auth Method (iam/gce)
- access
Expires Number - Access expiration date in Unix timestamp (select 0 for access without expiry date)
- access
Id String - Auth Method access ID
- audience String
- The audience to verify in the JWT received by the client
- audit
Logs List<String>Claims - Subclaims to include in audit logs
- auth
Method StringGcp Id - The ID of this resource.
- bound
Ips List<String> - A CIDR whitelist with the IPs that the access is restricted to
- bound
Labels List<String> - GCE only. A list of GCP labels formatted as key:value pairs that must be set on instances in order to authenticate. For multiple values repeat this flag.
- bound
Projects List<String> - A list of GCP project IDs. Clients must belong to any of the provided projects in order to authenticate. For multiple values repeat this flag.
- bound
Regions List<String> - GCE only. A list of regions. GCE instances must belong to any of the provided regions in order to authenticate. For multiple values repeat this flag.
- bound
Service List<String>Accounts - A list of Service Accounts. Clients must belong to any of the provided service accounts in order to authenticate. For multiple values repeat this flag.
- bound
Zones List<String> - GCE only. A list of zones. GCE instances must belong to any of the provided zones in order to authenticate. For multiple values repeat this flag.
- delete
Protection String - Protection from accidental deletion of this auth method, [true/false]
- force
Sub BooleanClaims - enforce role-association must include sub claims
- jwt
Ttl Number - Creds expiration time in minutes
- name String
- Auth Method name
- service
Account StringCreds Data - Service Account creds data, base64 encoded
- type String
- The type of the GCP Auth Method (iam/gce)
Package Details
- Repository
- akeyless akeyless-community/terraform-provider-akeyless
- License
- Notes
- This Pulumi package is based on the
akeylessTerraform Provider.
akeyless 1.9.0 published on Monday, Apr 14, 2025 by akeyless-community