| accessExpires |
Number |
Access expiration date in Unix timestamp (select 0 for access without expiry date) |
[optional] [default to 0] |
| audience |
String |
The audience to verify in the JWT received by the client |
[default to 'akeyless.io'] |
| auditLogsClaims |
[String] |
Subclaims to include in audit logs, e.g "--audit-logs-claims email --audit-logs-claims username" |
[optional] |
| boundIps |
[String] |
A CIDR whitelist with the IPs that the access is restricted to |
[optional] |
| boundLabels |
[String] |
A comma-separated list of GCP labels formatted as "key:value" strings that must be set on authorized GCE instances. TODO: Because GCP labels are not currently ACL'd .... |
[optional] |
| boundProjects |
[String] |
=== Human and Machine authentication section === Array of GCP project IDs. Only entities belonging to any of the provided projects can authenticate. |
[optional] |
| boundRegions |
[String] |
List of regions that a GCE instance must belong to in order to be authenticated. TODO: If bound_instance_groups is provided, it is assumed to be a regional group and the group must belong to this region. If bound_zones are provided, this attribute is ignored. |
[optional] |
| boundServiceAccounts |
[String] |
List of service accounts the service account must be part of in order to be authenticated. |
[optional] |
| boundZones |
[String] |
=== Machine authentication section === List of zones that a GCE instance must belong to in order to be authenticated. TODO: If bound_instance_groups is provided, it is assumed to be a zonal group and the group must belong to this zone. |
[optional] |
| deleteProtection |
String |
Protection from accidental deletion of this object [true/false] |
[optional] |
| description |
String |
Auth Method description |
[optional] |
| forceSubClaims |
Boolean |
if true: enforce role-association must include sub claims |
[optional] |
| gwBoundIps |
[String] |
A CIDR whitelist with the GW IPs that the access is restricted to |
[optional] |
| json |
Boolean |
Set output format to JSON |
[optional] [default to false] |
| jwtTtl |
Number |
Jwt TTL |
[optional] [default to 0] |
| name |
String |
Auth Method name |
|
| newName |
String |
Auth Method new name |
[optional] |
| productType |
[String] |
Choose the relevant product type for the auth method [sm, sra, pm, dp, ca] |
[optional] |
| serviceAccountCredsData |
String |
ServiceAccount credentials data instead of giving a file path, base64 encoded |
[optional] |
| token |
String |
Authentication token (see `/auth` and `/configure`) |
[optional] |
| type |
String |
Type of the GCP Access Rules |
|
| uidToken |
String |
The universal identity token, Required only for universal_identity authentication |
[optional] |
| uniqueIdentifier |
String |
A unique identifier (ID) value which is a "sub claim" name that contains details uniquely identifying that resource. This "sub claim" is used to distinguish between different identities. |
[optional] |