Skip to content

Latest commit

 

History

History
32 lines (28 loc) · 3.53 KB

AuthMethodCreateGcp.md

File metadata and controls

32 lines (28 loc) · 3.53 KB

AuthMethodCreateGcp

authMethodCreateGcp is a command that creates a new auth method that will be able to authenticate using GCP IAM Service Account credentials or GCE instance credentials.

Properties

Name Type Description Notes
access_expires int Access expiration date in Unix timestamp (select 0 for access without expiry date) [optional] [default to 0]
audience str The audience to verify in the JWT received by the client [default to 'akeyless.io']
audit_logs_claims list[str] Subclaims to include in audit logs, e.g "--audit-logs-claims email --audit-logs-claims username" [optional]
bound_ips list[str] A CIDR whitelist with the IPs that the access is restricted to [optional]
bound_labels list[str] A comma-separated list of GCP labels formatted as "key:value" strings that must be set on authorized GCE instances. TODO: Because GCP labels are not currently ACL'd .... [optional]
bound_projects list[str] === Human and Machine authentication section === Array of GCP project IDs. Only entities belonging to any of the provided projects can authenticate. [optional]
bound_regions list[str] List of regions that a GCE instance must belong to in order to be authenticated. TODO: If bound_instance_groups is provided, it is assumed to be a regional group and the group must belong to this region. If bound_zones are provided, this attribute is ignored. [optional]
bound_service_accounts list[str] List of service accounts the service account must be part of in order to be authenticated. [optional]
bound_zones list[str] === Machine authentication section === List of zones that a GCE instance must belong to in order to be authenticated. TODO: If bound_instance_groups is provided, it is assumed to be a zonal group and the group must belong to this zone. [optional]
delete_protection str Protection from accidental deletion of this object [true/false] [optional]
description str Auth Method description [optional]
force_sub_claims bool if true: enforce role-association must include sub claims [optional]
gw_bound_ips list[str] A CIDR whitelist with the GW IPs that the access is restricted to [optional]
json bool Set output format to JSON [optional] [default to False]
jwt_ttl int Jwt TTL [optional] [default to 0]
name str Auth Method name
product_type list[str] Choose the relevant product type for the auth method [sm, sra, pm, dp, ca] [optional]
service_account_creds_data str ServiceAccount credentials data instead of giving a file path, base64 encoded [optional]
token str Authentication token (see `/auth` and `/configure`) [optional]
type str Type of the GCP Access Rules
uid_token str The universal identity token, Required only for universal_identity authentication [optional]
unique_identifier str A unique identifier (ID) value which is a "sub claim" name that contains details uniquely identifying that resource. This "sub claim" is used to distinguish between different identities. [optional]

[Back to Model list] [Back to API list] [Back to README]