Caravan Vault Authentication¶

Requirements¶

No requirements.

Providers¶

Name	Version
null	n/a
vault	n/a

Modules¶

No modules.

Resources¶

Name	Type
null_resource.oci_auth_config	resource
vault_approle_auth_backend_role.role	resource
vault_audit.syslog	resource
vault_auth_backend.approle	resource
vault_auth_backend.aws	resource
vault_auth_backend.azure	resource
vault_auth_backend.gcp	resource
vault_auth_backend.oci	resource
vault_aws_auth_backend_client.config	resource
vault_aws_auth_backend_role.aws_cluster_node	resource
vault_aws_auth_backend_role.aws_worker_node	resource
vault_azure_auth_backend_config.config	resource
vault_azure_auth_backend_role.control_plane	resource
vault_azure_auth_backend_role.worker_plane	resource
vault_gcp_auth_backend_role.gcp_cluster_node	resource
vault_gcp_auth_backend_role.gcp_worker_node	resource
vault_jwt_auth_backend.gsuite	resource
vault_jwt_auth_backend_role.gsuite_default_role	resource
vault_policy.oci_reader	resource

Inputs¶

Name	Description	Type	Default	Required
approle_role_name	(optional) When using APPROLE auth provider, the role name	`string`	`null`	no
approle_token_policies	(optional) When using APPROLE auth provider, the token policies associated with the role	`list(string)`	`null`	no
auth_providers	Allowed auth providers: aws, gcp, gsuite, oci, approle	`list(string)`	`[]`	no
aws_cluster_node_iam_role_arns	(optional) The list of AWS IAM Role ARNs that can authenticate as cluster nodes	`list(string)`	`[]`	no
aws_region	(optional) The AWS Region whose instances can authenticate	`string`	`null`	no
aws_vpc_id	(optional) The AWS VPC ID whose instances can authenticate	`string`	`null`	no
aws_worker_node_iam_role_arns	(optional) The list of AWS IAM Role ARNs that can authenticate as worker nodes	`list(string)`	`[]`	no
azure_client_id	(Optional) The client id for credentials to query the Azure APIs. Currently read permissions to query compute resources are required.	`string`	`null`	no
azure_client_secret	(Optional) The client secret for credentials to query the Azure APIs.	`string`	`null`	no
azure_control_plane_service_principal_ids	(optional) Defines a constraint on the service principals that can perform the login operation that they should be possess the ids specified by this field.	`list(string)`	`[]`	no
azure_resource	(optional) The configured URL for the application registered in Azure Active Directory.	`string`	`"https://management.azure.com/"`	no
azure_resource_groups	(optional) Defines a constraint on the virtual machiness that can perform the login operation that they be associated with the resource group that matches the value specified by this field.	`list(string)`	`[]`	no
azure_subscription_ids	(optional) Defines a constraint on the subscriptions that can perform the login operation to ones which matches the value specified by this field.	`list(string)`	`[]`	no
azure_tenant_id	(optional) The tenant id for the Azure Active Directory organization.	`string`	`null`	no
azure_worker_plane_service_principal_ids	(optional) Defines a constraint on the service principals that can perform the login operation that they should be possess the ids specified by this field.	`list(string)`	`[]`	no
control_plane_role_name	The control plane role name	`string`	`"control-plane"`	no
control_plane_token_policies_name	The policies associated with control plane roles	`list(string)`	[ “consul-agent-role”, “nomad-server” ]	no
gcp_control_plane_service_accounts	(optional) When using GCP auth provider, the list of control plane service accounts	`list(string)`	`[]`	no
gcp_project_id	(optional) When using GCP auth provider, the Project ID	`string`	`null`	no
gcp_worker_plane_service_accounts	(optional) When using GCP auth provider, the list of worker plane service accounts	`list(string)`	`[]`	no
gsuite_allowed_redirect_uris	(optional) When using GSUITE auth provider, the allowed redirect uris	`list(string)`	`[]`	no
gsuite_client_id	(optional) When using GSUITE auth provider, the client id	`string`	`null`	no
gsuite_client_secret	(optional) When using GSUITE auth provider, the client secret	`string`	`null`	no
gsuite_default_role	(optional) When using GSUITE auth provider, the name of the default role	`string`	`null`	no
gsuite_default_role_policies	(optional) When using GSUITE auth provider, the list of policies associated with the default role	`list(string)`	`[]`	no
gsuite_domain	(optional) When using GSUITE auth provider, the domain name	`string`	`null`	no
oci_dynamic_group_ocid	(optional) When using OCI auth provider, the dynamic group ocid	`string`	`null`	no
oci_home_tenancy_id	(optional) When using OCI auth provider, the Tenant Id	`string`	`null`	no
oci_role_name	(optional) When using OCI auth provider, the role name to create	`string`	`null`	no
vault_endpoint	Fully qualified vault address as used in VAULT_ADDR	`string`	`null`	no
worker_plane_role_name	The worker plane role name	`string`	`"worker-plane"`	no
worker_plane_token_policies_name	The policies associated with worker plane roles	`list(string)`	[ “consul-agent-role”, “nomad-app-devs-volumes” ]	no

Outputs¶

No outputs.