@pulumi/vault 6.1.0 → 6.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/ad/secretBackend.d.ts +1 -3
- package/ad/secretBackend.js +1 -3
- package/ad/secretBackend.js.map +1 -1
- package/ad/secretLibrary.d.ts +1 -2
- package/ad/secretLibrary.js +1 -2
- package/ad/secretLibrary.js.map +1 -1
- package/ad/secretRole.d.ts +0 -2
- package/ad/secretRole.js +0 -2
- package/ad/secretRole.js.map +1 -1
- package/alicloud/authBackendRole.d.ts +30 -83
- package/alicloud/authBackendRole.js +3 -5
- package/alicloud/authBackendRole.js.map +1 -1
- package/approle/authBackendLogin.d.ts +0 -2
- package/approle/authBackendLogin.js +0 -2
- package/approle/authBackendLogin.js.map +1 -1
- package/approle/authBackendRole.d.ts +27 -80
- package/approle/authBackendRole.js +0 -2
- package/approle/authBackendRole.js.map +1 -1
- package/approle/authBackendRoleSecretId.d.ts +0 -2
- package/approle/authBackendRoleSecretId.js +0 -2
- package/approle/authBackendRoleSecretId.js.map +1 -1
- package/approle/getAuthBackendRoleId.d.ts +0 -4
- package/approle/getAuthBackendRoleId.js +0 -4
- package/approle/getAuthBackendRoleId.js.map +1 -1
- package/audit.d.ts +4 -8
- package/audit.js +4 -8
- package/audit.js.map +1 -1
- package/auditRequestHeader.d.ts +4 -3
- package/auditRequestHeader.js +4 -3
- package/auditRequestHeader.js.map +1 -1
- package/aws/authBackendClient.d.ts +3 -5
- package/aws/authBackendClient.js +3 -5
- package/aws/authBackendClient.js.map +1 -1
- package/aws/authBackendConfigIdentity.d.ts +0 -2
- package/aws/authBackendConfigIdentity.js +0 -2
- package/aws/authBackendConfigIdentity.js.map +1 -1
- package/aws/authBackendIdentityWhitelist.d.ts +3 -5
- package/aws/authBackendIdentityWhitelist.js +3 -5
- package/aws/authBackendIdentityWhitelist.js.map +1 -1
- package/aws/authBackendLogin.d.ts +0 -6
- package/aws/authBackendLogin.js.map +1 -1
- package/aws/authBackendRole.d.ts +27 -80
- package/aws/authBackendRole.js +0 -2
- package/aws/authBackendRole.js.map +1 -1
- package/aws/authBackendRoletagBlacklist.d.ts +3 -5
- package/aws/authBackendRoletagBlacklist.js +3 -5
- package/aws/authBackendRoletagBlacklist.js.map +1 -1
- package/aws/authBackendStsRole.d.ts +0 -2
- package/aws/authBackendStsRole.js +0 -2
- package/aws/authBackendStsRole.js.map +1 -1
- package/aws/secretBackend.d.ts +27 -0
- package/aws/secretBackend.js.map +1 -1
- package/aws/secretBackendRole.d.ts +1 -2
- package/aws/secretBackendRole.js +1 -2
- package/aws/secretBackendRole.js.map +1 -1
- package/aws/secretBackendStaticRole.d.ts +1 -2
- package/aws/secretBackendStaticRole.js +1 -2
- package/aws/secretBackendStaticRole.js.map +1 -1
- package/azure/authBackendConfig.d.ts +3 -5
- package/azure/authBackendConfig.js +3 -5
- package/azure/authBackendConfig.js.map +1 -1
- package/azure/authBackendRole.d.ts +27 -80
- package/azure/authBackendRole.js +0 -2
- package/azure/authBackendRole.js.map +1 -1
- package/azure/backend.d.ts +6 -10
- package/azure/backend.js +6 -10
- package/azure/backend.js.map +1 -1
- package/azure/backendRole.d.ts +7 -9
- package/azure/backendRole.js +7 -9
- package/azure/backendRole.js.map +1 -1
- package/azure/getAccessCredentials.d.ts +0 -4
- package/azure/getAccessCredentials.js +0 -4
- package/azure/getAccessCredentials.js.map +1 -1
- package/certAuthBackendRole.d.ts +35 -91
- package/certAuthBackendRole.js +8 -7
- package/certAuthBackendRole.js.map +1 -1
- package/consul/secretBackend.d.ts +4 -8
- package/consul/secretBackend.js +4 -8
- package/consul/secretBackend.js.map +1 -1
- package/consul/secretBackendRole.d.ts +1 -2
- package/consul/secretBackendRole.js +1 -2
- package/consul/secretBackendRole.js.map +1 -1
- package/database/secretBackendConnection.d.ts +1 -2
- package/database/secretBackendConnection.js +1 -2
- package/database/secretBackendConnection.js.map +1 -1
- package/database/secretBackendRole.d.ts +2 -2
- package/database/secretBackendRole.js +2 -2
- package/database/secretBackendStaticRole.d.ts +5 -4
- package/database/secretBackendStaticRole.js +5 -4
- package/database/secretBackendStaticRole.js.map +1 -1
- package/database/secretsMount.d.ts +2 -2
- package/database/secretsMount.js +2 -2
- package/egpPolicy.d.ts +2 -4
- package/egpPolicy.js +2 -4
- package/egpPolicy.js.map +1 -1
- package/gcp/authBackend.d.ts +0 -20
- package/gcp/authBackend.js +0 -20
- package/gcp/authBackend.js.map +1 -1
- package/gcp/authBackendRole.d.ts +27 -134
- package/gcp/authBackendRole.js +0 -2
- package/gcp/authBackendRole.js.map +1 -1
- package/gcp/getAuthBackendRole.d.ts +0 -4
- package/gcp/getAuthBackendRole.js +0 -4
- package/gcp/getAuthBackendRole.js.map +1 -1
- package/gcp/secretBackend.d.ts +4 -4
- package/gcp/secretBackend.js +4 -4
- package/gcp/secretImpersonatedAccount.d.ts +7 -7
- package/gcp/secretImpersonatedAccount.js +7 -7
- package/gcp/secretRoleset.d.ts +4 -4
- package/gcp/secretRoleset.js +4 -4
- package/gcp/secretStaticAccount.d.ts +8 -8
- package/gcp/secretStaticAccount.js +8 -8
- package/generic/endpoint.d.ts +2 -4
- package/generic/endpoint.js +2 -4
- package/generic/endpoint.js.map +1 -1
- package/generic/getSecret.d.ts +44 -4
- package/generic/getSecret.js +44 -4
- package/generic/getSecret.js.map +1 -1
- package/getAuthBackend.d.ts +0 -4
- package/getAuthBackend.js +0 -4
- package/getAuthBackend.js.map +1 -1
- package/getAuthBackends.d.ts +0 -8
- package/getAuthBackends.js +0 -8
- package/getAuthBackends.js.map +1 -1
- package/getNamespace.d.ts +0 -12
- package/getNamespace.js +0 -12
- package/getNamespace.js.map +1 -1
- package/getNamespaces.d.ts +4 -12
- package/getNamespaces.js +4 -12
- package/getNamespaces.js.map +1 -1
- package/getNomadAccessToken.d.ts +0 -4
- package/getNomadAccessToken.js +0 -4
- package/getNomadAccessToken.js.map +1 -1
- package/getPolicyDocument.d.ts +10 -8
- package/getPolicyDocument.js +10 -8
- package/getPolicyDocument.js.map +1 -1
- package/getRaftAutopilotState.d.ts +0 -4
- package/getRaftAutopilotState.js +0 -4
- package/getRaftAutopilotState.js.map +1 -1
- package/github/authBackend.d.ts +0 -2
- package/github/authBackend.js +0 -2
- package/github/authBackend.js.map +1 -1
- package/github/team.d.ts +1 -3
- package/github/team.js +1 -3
- package/github/team.js.map +1 -1
- package/github/user.d.ts +1 -3
- package/github/user.js +1 -3
- package/github/user.js.map +1 -1
- package/identity/entity.d.ts +2 -3
- package/identity/entity.js +2 -3
- package/identity/entity.js.map +1 -1
- package/identity/entityAlias.d.ts +2 -3
- package/identity/entityAlias.js +2 -3
- package/identity/entityAlias.js.map +1 -1
- package/identity/entityPolicies.d.ts +8 -6
- package/identity/entityPolicies.js +8 -6
- package/identity/entityPolicies.js.map +1 -1
- package/identity/getEntity.d.ts +0 -4
- package/identity/getEntity.js +0 -4
- package/identity/getEntity.js.map +1 -1
- package/identity/getGroup.d.ts +0 -4
- package/identity/getGroup.js +0 -4
- package/identity/getGroup.js.map +1 -1
- package/identity/getOidcClientCreds.d.ts +2 -4
- package/identity/getOidcClientCreds.js +2 -4
- package/identity/getOidcClientCreds.js.map +1 -1
- package/identity/getOidcOpenidConfig.d.ts +12 -6
- package/identity/getOidcOpenidConfig.js +12 -6
- package/identity/getOidcOpenidConfig.js.map +1 -1
- package/identity/getOidcPublicKeys.d.ts +12 -6
- package/identity/getOidcPublicKeys.js +12 -6
- package/identity/getOidcPublicKeys.js.map +1 -1
- package/identity/group.d.ts +18 -20
- package/identity/group.js +18 -20
- package/identity/group.js.map +1 -1
- package/identity/groupAlias.d.ts +1 -2
- package/identity/groupAlias.js +1 -2
- package/identity/groupAlias.js.map +1 -1
- package/identity/groupMemberEntityIds.d.ts +6 -8
- package/identity/groupMemberEntityIds.js +6 -8
- package/identity/groupMemberEntityIds.js.map +1 -1
- package/identity/groupMemberGroupIds.d.ts +14 -10
- package/identity/groupMemberGroupIds.js +14 -10
- package/identity/groupMemberGroupIds.js.map +1 -1
- package/identity/groupPolicies.d.ts +2 -4
- package/identity/groupPolicies.js +2 -4
- package/identity/groupPolicies.js.map +1 -1
- package/identity/mfaDuo.d.ts +1 -3
- package/identity/mfaDuo.js +1 -3
- package/identity/mfaDuo.js.map +1 -1
- package/identity/mfaLoginEnforcement.d.ts +5 -4
- package/identity/mfaLoginEnforcement.js +5 -4
- package/identity/mfaLoginEnforcement.js.map +1 -1
- package/identity/mfaOkta.d.ts +1 -3
- package/identity/mfaOkta.js +1 -3
- package/identity/mfaOkta.js.map +1 -1
- package/identity/mfaPingid.d.ts +0 -2
- package/identity/mfaPingid.js +0 -2
- package/identity/mfaPingid.js.map +1 -1
- package/identity/mfaTotp.d.ts +0 -2
- package/identity/mfaTotp.js +0 -2
- package/identity/mfaTotp.js.map +1 -1
- package/identity/oidc.d.ts +0 -2
- package/identity/oidc.js +0 -2
- package/identity/oidc.js.map +1 -1
- package/identity/oidcAssignment.d.ts +6 -3
- package/identity/oidcAssignment.js +6 -3
- package/identity/oidcAssignment.js.map +1 -1
- package/identity/oidcClient.d.ts +5 -5
- package/identity/oidcClient.js +5 -5
- package/identity/oidcKey.d.ts +10 -6
- package/identity/oidcKey.js +10 -6
- package/identity/oidcKey.js.map +1 -1
- package/identity/oidcKeyAllowedClientID.d.ts +10 -6
- package/identity/oidcKeyAllowedClientID.js +10 -6
- package/identity/oidcKeyAllowedClientID.js.map +1 -1
- package/identity/oidcProvider.d.ts +11 -8
- package/identity/oidcProvider.js +11 -8
- package/identity/oidcProvider.js.map +1 -1
- package/identity/oidcRole.d.ts +17 -10
- package/identity/oidcRole.js +17 -10
- package/identity/oidcRole.js.map +1 -1
- package/identity/oidcScope.d.ts +2 -3
- package/identity/oidcScope.js +2 -3
- package/identity/oidcScope.js.map +1 -1
- package/jwt/authBackend.d.ts +8 -14
- package/jwt/authBackend.js +8 -14
- package/jwt/authBackend.js.map +1 -1
- package/jwt/authBackendRole.d.ts +27 -82
- package/jwt/authBackendRole.js +0 -4
- package/jwt/authBackendRole.js.map +1 -1
- package/kmip/secretBackend.d.ts +5 -7
- package/kmip/secretBackend.js +5 -7
- package/kmip/secretBackend.js.map +1 -1
- package/kmip/secretRole.d.ts +0 -2
- package/kmip/secretRole.js +0 -2
- package/kmip/secretRole.js.map +1 -1
- package/kmip/secretScope.d.ts +0 -2
- package/kmip/secretScope.js +0 -2
- package/kmip/secretScope.js.map +1 -1
- package/kubernetes/authBackendConfig.d.ts +0 -2
- package/kubernetes/authBackendConfig.js +0 -2
- package/kubernetes/authBackendConfig.js.map +1 -1
- package/kubernetes/authBackendRole.d.ts +24 -74
- package/kubernetes/authBackendRole.js +0 -2
- package/kubernetes/authBackendRole.js.map +1 -1
- package/kubernetes/getServiceAccountToken.d.ts +16 -10
- package/kubernetes/getServiceAccountToken.js +16 -10
- package/kubernetes/getServiceAccountToken.js.map +1 -1
- package/kubernetes/secretBackend.d.ts +7 -5
- package/kubernetes/secretBackend.js +7 -5
- package/kubernetes/secretBackend.js.map +1 -1
- package/kubernetes/secretBackendRole.d.ts +24 -15
- package/kubernetes/secretBackendRole.js +24 -15
- package/kubernetes/secretBackendRole.js.map +1 -1
- package/kv/getSecret.d.ts +0 -4
- package/kv/getSecret.js +0 -4
- package/kv/getSecret.js.map +1 -1
- package/kv/getSecretSubkeysV2.d.ts +4 -6
- package/kv/getSecretSubkeysV2.js +4 -6
- package/kv/getSecretSubkeysV2.js.map +1 -1
- package/kv/getSecretV2.d.ts +64 -0
- package/kv/getSecretV2.js +64 -0
- package/kv/getSecretV2.js.map +1 -1
- package/kv/getSecretsList.d.ts +4 -8
- package/kv/getSecretsList.js +4 -8
- package/kv/getSecretsList.js.map +1 -1
- package/kv/getSecretsListV2.d.ts +14 -12
- package/kv/getSecretsListV2.js +14 -12
- package/kv/getSecretsListV2.js.map +1 -1
- package/kv/secret.d.ts +0 -2
- package/kv/secret.js +0 -2
- package/kv/secret.js.map +1 -1
- package/kv/secretBackendV2.d.ts +0 -2
- package/kv/secretBackendV2.js +0 -2
- package/kv/secretBackendV2.js.map +1 -1
- package/kv/secretV2.d.ts +1 -2
- package/kv/secretV2.js +1 -2
- package/kv/secretV2.js.map +1 -1
- package/ldap/authBackend.d.ts +29 -70
- package/ldap/authBackend.js +5 -7
- package/ldap/authBackend.js.map +1 -1
- package/ldap/authBackendGroup.d.ts +0 -2
- package/ldap/authBackendGroup.js +0 -2
- package/ldap/authBackendGroup.js.map +1 -1
- package/ldap/authBackendUser.d.ts +0 -2
- package/ldap/authBackendUser.js +0 -2
- package/ldap/authBackendUser.js.map +1 -1
- package/ldap/secretBackend.d.ts +2 -4
- package/ldap/secretBackend.js +2 -4
- package/ldap/secretBackend.js.map +1 -1
- package/ldap/secretBackendDynamicRole.d.ts +0 -2
- package/ldap/secretBackendDynamicRole.js +0 -2
- package/ldap/secretBackendDynamicRole.js.map +1 -1
- package/ldap/secretBackendLibrarySet.d.ts +1 -2
- package/ldap/secretBackendLibrarySet.js +1 -2
- package/ldap/secretBackendLibrarySet.js.map +1 -1
- package/ldap/secretBackendStaticRole.d.ts +0 -2
- package/ldap/secretBackendStaticRole.js +0 -2
- package/ldap/secretBackendStaticRole.js.map +1 -1
- package/managed/keys.d.ts +3 -12
- package/managed/keys.js.map +1 -1
- package/mfaDuo.d.ts +2 -3
- package/mfaDuo.js +2 -3
- package/mfaDuo.js.map +1 -1
- package/mfaOkta.d.ts +2 -3
- package/mfaOkta.js +2 -3
- package/mfaOkta.js.map +1 -1
- package/mfaPingid.d.ts +2 -3
- package/mfaPingid.js +2 -3
- package/mfaPingid.js.map +1 -1
- package/mfaTotp.d.ts +4 -5
- package/mfaTotp.js +4 -5
- package/mfaTotp.js.map +1 -1
- package/mongodbatlas/secretBackend.d.ts +0 -2
- package/mongodbatlas/secretBackend.js +0 -2
- package/mongodbatlas/secretBackend.js.map +1 -1
- package/mongodbatlas/secretRole.d.ts +1 -2
- package/mongodbatlas/secretRole.js +1 -2
- package/mongodbatlas/secretRole.js.map +1 -1
- package/mount.d.ts +10 -18
- package/mount.js +10 -18
- package/mount.js.map +1 -1
- package/nomadSecretBackend.d.ts +2 -4
- package/nomadSecretBackend.js +2 -4
- package/nomadSecretBackend.js.map +1 -1
- package/nomadSecretRole.d.ts +0 -2
- package/nomadSecretRole.js +0 -2
- package/nomadSecretRole.js.map +1 -1
- package/okta/authBackend.d.ts +3 -5
- package/okta/authBackend.js +3 -5
- package/okta/authBackend.js.map +1 -1
- package/okta/authBackendGroup.d.ts +0 -2
- package/okta/authBackendGroup.js +0 -2
- package/okta/authBackendGroup.js.map +1 -1
- package/okta/authBackendUser.d.ts +0 -2
- package/okta/authBackendUser.js +0 -2
- package/okta/authBackendUser.js.map +1 -1
- package/package.json +3 -2
- package/passwordPolicy.d.ts +5 -5
- package/passwordPolicy.js +5 -5
- package/pkisecret/backendConfigCluster.d.ts +0 -2
- package/pkisecret/backendConfigCluster.js +0 -2
- package/pkisecret/backendConfigCluster.js.map +1 -1
- package/pkisecret/getBackendIssuer.d.ts +44 -0
- package/pkisecret/getBackendIssuer.js +44 -0
- package/pkisecret/getBackendIssuer.js.map +1 -1
- package/pkisecret/getBackendIssuers.d.ts +0 -4
- package/pkisecret/getBackendIssuers.js +0 -4
- package/pkisecret/getBackendIssuers.js.map +1 -1
- package/pkisecret/getBackendKey.d.ts +2 -6
- package/pkisecret/getBackendKey.js +2 -6
- package/pkisecret/getBackendKey.js.map +1 -1
- package/pkisecret/getBackendKeys.d.ts +0 -4
- package/pkisecret/getBackendKeys.js +0 -4
- package/pkisecret/getBackendKeys.js.map +1 -1
- package/pkisecret/secretBackendCert.d.ts +3 -4
- package/pkisecret/secretBackendCert.js +3 -4
- package/pkisecret/secretBackendCert.js.map +1 -1
- package/pkisecret/secretBackendConfigCa.d.ts +2 -4
- package/pkisecret/secretBackendConfigCa.js +2 -4
- package/pkisecret/secretBackendConfigCa.js.map +1 -1
- package/pkisecret/secretBackendConfigIssuers.d.ts +0 -2
- package/pkisecret/secretBackendConfigIssuers.js +0 -2
- package/pkisecret/secretBackendConfigIssuers.js.map +1 -1
- package/pkisecret/secretBackendConfigUrls.d.ts +0 -2
- package/pkisecret/secretBackendConfigUrls.js +0 -2
- package/pkisecret/secretBackendConfigUrls.js.map +1 -1
- package/pkisecret/secretBackendCrlConfig.d.ts +1 -3
- package/pkisecret/secretBackendCrlConfig.js +1 -3
- package/pkisecret/secretBackendCrlConfig.js.map +1 -1
- package/pkisecret/secretBackendIntermediateCertRequest.d.ts +2 -4
- package/pkisecret/secretBackendIntermediateCertRequest.js +2 -4
- package/pkisecret/secretBackendIntermediateCertRequest.js.map +1 -1
- package/pkisecret/secretBackendIntermediateSetSigned.d.ts +5 -7
- package/pkisecret/secretBackendIntermediateSetSigned.js +5 -7
- package/pkisecret/secretBackendIntermediateSetSigned.js.map +1 -1
- package/pkisecret/secretBackendIssuer.d.ts +0 -2
- package/pkisecret/secretBackendIssuer.js +0 -2
- package/pkisecret/secretBackendIssuer.js.map +1 -1
- package/pkisecret/secretBackendRole.d.ts +1 -2
- package/pkisecret/secretBackendRole.js +1 -2
- package/pkisecret/secretBackendRole.js.map +1 -1
- package/pkisecret/secretBackendRootCert.d.ts +2 -4
- package/pkisecret/secretBackendRootCert.js +2 -4
- package/pkisecret/secretBackendRootCert.js.map +1 -1
- package/pkisecret/secretBackendRootSignIntermediate.d.ts +3 -5
- package/pkisecret/secretBackendRootSignIntermediate.js +3 -5
- package/pkisecret/secretBackendRootSignIntermediate.js.map +1 -1
- package/pkisecret/secretBackendSign.d.ts +3 -4
- package/pkisecret/secretBackendSign.js +3 -4
- package/pkisecret/secretBackendSign.js.map +1 -1
- package/provider.d.ts +0 -6
- package/provider.js.map +1 -1
- package/quotaLeaseCount.d.ts +2 -3
- package/quotaLeaseCount.js +2 -3
- package/quotaLeaseCount.js.map +1 -1
- package/quotaRateLimit.d.ts +1 -2
- package/quotaRateLimit.js +1 -2
- package/quotaRateLimit.js.map +1 -1
- package/rabbitmq/secretBackend.d.ts +1 -3
- package/rabbitmq/secretBackend.js +1 -3
- package/rabbitmq/secretBackend.js.map +1 -1
- package/rabbitmq/secretBackendRole.d.ts +1 -2
- package/rabbitmq/secretBackendRole.js +1 -2
- package/rabbitmq/secretBackendRole.js.map +1 -1
- package/raftAutopilot.d.ts +0 -2
- package/raftAutopilot.js +0 -2
- package/raftAutopilot.js.map +1 -1
- package/raftSnapshotAgentConfig.d.ts +44 -128
- package/raftSnapshotAgentConfig.js +8 -11
- package/raftSnapshotAgentConfig.js.map +1 -1
- package/rgpPolicy.d.ts +1 -3
- package/rgpPolicy.js +1 -3
- package/rgpPolicy.js.map +1 -1
- package/saml/authBackend.d.ts +3 -5
- package/saml/authBackend.js +3 -5
- package/saml/authBackend.js.map +1 -1
- package/saml/authBackendRole.d.ts +28 -77
- package/saml/authBackendRole.js +4 -5
- package/saml/authBackendRole.js.map +1 -1
- package/secrets/syncAssociation.d.ts +6 -5
- package/secrets/syncAssociation.js +6 -5
- package/secrets/syncAssociation.js.map +1 -1
- package/secrets/syncAwsDestination.d.ts +3 -4
- package/secrets/syncAwsDestination.js +3 -4
- package/secrets/syncAwsDestination.js.map +1 -1
- package/secrets/syncAzureDestination.d.ts +5 -6
- package/secrets/syncAzureDestination.js +5 -6
- package/secrets/syncAzureDestination.js.map +1 -1
- package/secrets/syncConfig.d.ts +1 -3
- package/secrets/syncConfig.js +1 -3
- package/secrets/syncConfig.js.map +1 -1
- package/secrets/syncGcpDestination.d.ts +5 -4
- package/secrets/syncGcpDestination.js +5 -4
- package/secrets/syncGcpDestination.js.map +1 -1
- package/secrets/syncGhDestination.d.ts +3 -4
- package/secrets/syncGhDestination.js +3 -4
- package/secrets/syncGhDestination.js.map +1 -1
- package/secrets/syncGithubApps.d.ts +6 -5
- package/secrets/syncGithubApps.js +6 -5
- package/secrets/syncGithubApps.js.map +1 -1
- package/secrets/syncVercelDestination.d.ts +3 -4
- package/secrets/syncVercelDestination.js +3 -4
- package/secrets/syncVercelDestination.js.map +1 -1
- package/ssh/secretBackendCa.d.ts +3 -5
- package/ssh/secretBackendCa.js +0 -2
- package/ssh/secretBackendCa.js.map +1 -1
- package/ssh/secretBackendRole.d.ts +2 -2
- package/ssh/secretBackendRole.js +2 -2
- package/terraformcloud/secretBackend.d.ts +0 -38
- package/terraformcloud/secretBackend.js +0 -2
- package/terraformcloud/secretBackend.js.map +1 -1
- package/terraformcloud/secretCreds.d.ts +1 -11
- package/terraformcloud/secretCreds.js +1 -2
- package/terraformcloud/secretCreds.js.map +1 -1
- package/terraformcloud/secretRole.d.ts +1 -47
- package/terraformcloud/secretRole.js +1 -2
- package/terraformcloud/secretRole.js.map +1 -1
- package/token.d.ts +6 -8
- package/token.js +6 -8
- package/token.js.map +1 -1
- package/tokenauth/authBackendRole.d.ts +28 -78
- package/tokenauth/authBackendRole.js +4 -6
- package/tokenauth/authBackendRole.js.map +1 -1
- package/transform/alphabet.d.ts +2 -3
- package/transform/alphabet.js +2 -3
- package/transform/alphabet.js.map +1 -1
- package/transform/getDecode.d.ts +4 -4
- package/transform/getDecode.js +4 -4
- package/transform/getEncode.d.ts +4 -4
- package/transform/getEncode.js +4 -4
- package/transform/role.d.ts +2 -3
- package/transform/role.js +2 -3
- package/transform/role.js.map +1 -1
- package/transform/template.d.ts +2 -2
- package/transform/template.js +2 -2
- package/transit/getDecrypt.d.ts +2 -30
- package/transit/getDecrypt.js +2 -6
- package/transit/getDecrypt.js.map +1 -1
- package/transit/getEncrypt.d.ts +0 -30
- package/transit/getEncrypt.js.map +1 -1
- package/transit/secretBackendKey.d.ts +4 -3
- package/transit/secretBackendKey.js +4 -3
- package/transit/secretBackendKey.js.map +1 -1
- package/transit/secretCacheConfig.d.ts +0 -2
- package/transit/secretCacheConfig.js +0 -2
- package/transit/secretCacheConfig.js.map +1 -1
- package/types/input.d.ts +310 -502
- package/types/output.d.ts +310 -490
- package/package.json.bak +0 -27
|
@@ -6,7 +6,6 @@ import * as pulumi from "@pulumi/pulumi";
|
|
|
6
6
|
*
|
|
7
7
|
* ## Example Usage
|
|
8
8
|
*
|
|
9
|
-
* <!--Start PulumiCodeChooser -->
|
|
10
9
|
* ```typescript
|
|
11
10
|
* import * as pulumi from "@pulumi/pulumi";
|
|
12
11
|
* import * as vault from "@pulumi/vault";
|
|
@@ -17,22 +16,25 @@ import * as pulumi from "@pulumi/pulumi";
|
|
|
17
16
|
* });
|
|
18
17
|
* const postgres = new vault.database.SecretBackendConnection("postgres", {
|
|
19
18
|
* backend: db.path,
|
|
19
|
+
* name: "postgres",
|
|
20
20
|
* allowedRoles: ["*"],
|
|
21
21
|
* postgresql: {
|
|
22
22
|
* connectionUrl: "postgres://username:password@host:port/database",
|
|
23
23
|
* },
|
|
24
24
|
* });
|
|
25
25
|
* // configure a static role with period-based rotations
|
|
26
|
-
* const periodRole = new vault.database.SecretBackendStaticRole("
|
|
26
|
+
* const periodRole = new vault.database.SecretBackendStaticRole("period_role", {
|
|
27
27
|
* backend: db.path,
|
|
28
|
+
* name: "my-period-role",
|
|
28
29
|
* dbName: postgres.name,
|
|
29
30
|
* username: "example",
|
|
30
31
|
* rotationPeriod: 3600,
|
|
31
32
|
* rotationStatements: ["ALTER USER \"{{name}}\" WITH PASSWORD '{{password}}';"],
|
|
32
33
|
* });
|
|
33
34
|
* // configure a static role with schedule-based rotations
|
|
34
|
-
* const scheduleRole = new vault.database.SecretBackendStaticRole("
|
|
35
|
+
* const scheduleRole = new vault.database.SecretBackendStaticRole("schedule_role", {
|
|
35
36
|
* backend: db.path,
|
|
37
|
+
* name: "my-schedule-role",
|
|
36
38
|
* dbName: postgres.name,
|
|
37
39
|
* username: "example",
|
|
38
40
|
* rotationSchedule: "0 0 * * SAT",
|
|
@@ -40,7 +42,6 @@ import * as pulumi from "@pulumi/pulumi";
|
|
|
40
42
|
* rotationStatements: ["ALTER USER \"{{name}}\" WITH PASSWORD '{{password}}';"],
|
|
41
43
|
* });
|
|
42
44
|
* ```
|
|
43
|
-
* <!--End PulumiCodeChooser -->
|
|
44
45
|
*
|
|
45
46
|
* ## Import
|
|
46
47
|
*
|
|
@@ -12,7 +12,6 @@ const utilities = require("../utilities");
|
|
|
12
12
|
*
|
|
13
13
|
* ## Example Usage
|
|
14
14
|
*
|
|
15
|
-
* <!--Start PulumiCodeChooser -->
|
|
16
15
|
* ```typescript
|
|
17
16
|
* import * as pulumi from "@pulumi/pulumi";
|
|
18
17
|
* import * as vault from "@pulumi/vault";
|
|
@@ -23,22 +22,25 @@ const utilities = require("../utilities");
|
|
|
23
22
|
* });
|
|
24
23
|
* const postgres = new vault.database.SecretBackendConnection("postgres", {
|
|
25
24
|
* backend: db.path,
|
|
25
|
+
* name: "postgres",
|
|
26
26
|
* allowedRoles: ["*"],
|
|
27
27
|
* postgresql: {
|
|
28
28
|
* connectionUrl: "postgres://username:password@host:port/database",
|
|
29
29
|
* },
|
|
30
30
|
* });
|
|
31
31
|
* // configure a static role with period-based rotations
|
|
32
|
-
* const periodRole = new vault.database.SecretBackendStaticRole("
|
|
32
|
+
* const periodRole = new vault.database.SecretBackendStaticRole("period_role", {
|
|
33
33
|
* backend: db.path,
|
|
34
|
+
* name: "my-period-role",
|
|
34
35
|
* dbName: postgres.name,
|
|
35
36
|
* username: "example",
|
|
36
37
|
* rotationPeriod: 3600,
|
|
37
38
|
* rotationStatements: ["ALTER USER \"{{name}}\" WITH PASSWORD '{{password}}';"],
|
|
38
39
|
* });
|
|
39
40
|
* // configure a static role with schedule-based rotations
|
|
40
|
-
* const scheduleRole = new vault.database.SecretBackendStaticRole("
|
|
41
|
+
* const scheduleRole = new vault.database.SecretBackendStaticRole("schedule_role", {
|
|
41
42
|
* backend: db.path,
|
|
43
|
+
* name: "my-schedule-role",
|
|
42
44
|
* dbName: postgres.name,
|
|
43
45
|
* username: "example",
|
|
44
46
|
* rotationSchedule: "0 0 * * SAT",
|
|
@@ -46,7 +48,6 @@ const utilities = require("../utilities");
|
|
|
46
48
|
* rotationStatements: ["ALTER USER \"{{name}}\" WITH PASSWORD '{{password}}';"],
|
|
47
49
|
* });
|
|
48
50
|
* ```
|
|
49
|
-
* <!--End PulumiCodeChooser -->
|
|
50
51
|
*
|
|
51
52
|
* ## Import
|
|
52
53
|
*
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"secretBackendStaticRole.js","sourceRoot":"","sources":["../../database/secretBackendStaticRole.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAEjF,yCAAyC;AACzC,0CAA0C;AAE1C
|
|
1
|
+
{"version":3,"file":"secretBackendStaticRole.js","sourceRoot":"","sources":["../../database/secretBackendStaticRole.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAEjF,yCAAyC;AACzC,0CAA0C;AAE1C;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAmDG;AACH,MAAa,uBAAwB,SAAQ,MAAM,CAAC,cAAc;IAC9D;;;;;;;;OAQG;IACI,MAAM,CAAC,GAAG,CAAC,IAAY,EAAE,EAA2B,EAAE,KAAoC,EAAE,IAAmC;QAClI,OAAO,IAAI,uBAAuB,CAAC,IAAI,EAAO,KAAK,kCAAO,IAAI,KAAE,EAAE,EAAE,EAAE,IAAG,CAAC;IAC9E,CAAC;IAKD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,uBAAuB,CAAC,YAAY,CAAC;IACxE,CAAC;IAwDD,YAAY,IAAY,EAAE,WAAwE,EAAE,IAAmC;QACnI,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,EAAE,EAAE;YACT,MAAM,KAAK,GAAG,WAAuD,CAAC;YACtE,cAAc,CAAC,SAAS,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9D,cAAc,CAAC,QAAQ,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5D,cAAc,CAAC,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACxD,cAAc,CAAC,WAAW,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAClE,cAAc,CAAC,gBAAgB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5E,cAAc,CAAC,kBAAkB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC,CAAC,SAAS,CAAC;YAChF,cAAc,CAAC,oBAAoB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC,CAAC,SAAS,CAAC;YACpF,cAAc,CAAC,gBAAgB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5E,cAAc,CAAC,UAAU,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;SACnE;aAAM;YACH,MAAM,IAAI,GAAG,WAAsD,CAAC;YACpE,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,OAAO,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACpD,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;aAC1D;YACD,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,MAAM,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACnD,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;aACzD;YACD,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,QAAQ,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACrD,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;aAC3D;YACD,cAAc,CAAC,SAAS,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5D,cAAc,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1D,cAAc,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACtD,cAAc,CAAC,WAAW,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,gBAAgB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1E,cAAc,CAAC,kBAAkB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9E,cAAc,CAAC,oBAAoB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,CAAC,SAAS,CAAC;YAClF,cAAc,CAAC,gBAAgB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1E,cAAc,CAAC,UAAU,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;SACjE;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,KAAK,CAAC,uBAAuB,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,CAAC,CAAC;IAC5E,CAAC;;AAvHL,0DAwHC;AA1GG,gBAAgB;AACO,oCAAY,GAAG,gEAAgE,CAAC"}
|
|
@@ -4,7 +4,6 @@ import * as outputs from "../types/output";
|
|
|
4
4
|
/**
|
|
5
5
|
* ## Example Usage
|
|
6
6
|
*
|
|
7
|
-
* <!--Start PulumiCodeChooser -->
|
|
8
7
|
* ```typescript
|
|
9
8
|
* import * as pulumi from "@pulumi/pulumi";
|
|
10
9
|
* import * as vault from "@pulumi/vault";
|
|
@@ -28,6 +27,7 @@ import * as outputs from "../types/output";
|
|
|
28
27
|
* }],
|
|
29
28
|
* });
|
|
30
29
|
* const dev1 = new vault.database.SecretBackendRole("dev1", {
|
|
30
|
+
* name: "dev1",
|
|
31
31
|
* backend: db.path,
|
|
32
32
|
* dbName: db.mssqls.apply(mssqls => mssqls?.[0]?.name),
|
|
33
33
|
* creationStatements: [
|
|
@@ -37,6 +37,7 @@ import * as outputs from "../types/output";
|
|
|
37
37
|
* ],
|
|
38
38
|
* });
|
|
39
39
|
* const dev2 = new vault.database.SecretBackendRole("dev2", {
|
|
40
|
+
* name: "dev2",
|
|
40
41
|
* backend: db.path,
|
|
41
42
|
* dbName: db.postgresqls.apply(postgresqls => postgresqls?.[0]?.name),
|
|
42
43
|
* creationStatements: [
|
|
@@ -45,7 +46,6 @@ import * as outputs from "../types/output";
|
|
|
45
46
|
* ],
|
|
46
47
|
* });
|
|
47
48
|
* ```
|
|
48
|
-
* <!--End PulumiCodeChooser -->
|
|
49
49
|
*
|
|
50
50
|
* ## Import
|
|
51
51
|
*
|
package/database/secretsMount.js
CHANGED
|
@@ -8,7 +8,6 @@ const utilities = require("../utilities");
|
|
|
8
8
|
/**
|
|
9
9
|
* ## Example Usage
|
|
10
10
|
*
|
|
11
|
-
* <!--Start PulumiCodeChooser -->
|
|
12
11
|
* ```typescript
|
|
13
12
|
* import * as pulumi from "@pulumi/pulumi";
|
|
14
13
|
* import * as vault from "@pulumi/vault";
|
|
@@ -32,6 +31,7 @@ const utilities = require("../utilities");
|
|
|
32
31
|
* }],
|
|
33
32
|
* });
|
|
34
33
|
* const dev1 = new vault.database.SecretBackendRole("dev1", {
|
|
34
|
+
* name: "dev1",
|
|
35
35
|
* backend: db.path,
|
|
36
36
|
* dbName: db.mssqls.apply(mssqls => mssqls?.[0]?.name),
|
|
37
37
|
* creationStatements: [
|
|
@@ -41,6 +41,7 @@ const utilities = require("../utilities");
|
|
|
41
41
|
* ],
|
|
42
42
|
* });
|
|
43
43
|
* const dev2 = new vault.database.SecretBackendRole("dev2", {
|
|
44
|
+
* name: "dev2",
|
|
44
45
|
* backend: db.path,
|
|
45
46
|
* dbName: db.postgresqls.apply(postgresqls => postgresqls?.[0]?.name),
|
|
46
47
|
* creationStatements: [
|
|
@@ -49,7 +50,6 @@ const utilities = require("../utilities");
|
|
|
49
50
|
* ],
|
|
50
51
|
* });
|
|
51
52
|
* ```
|
|
52
|
-
* <!--End PulumiCodeChooser -->
|
|
53
53
|
*
|
|
54
54
|
* ## Import
|
|
55
55
|
*
|
package/egpPolicy.d.ts
CHANGED
|
@@ -6,22 +6,20 @@ import * as pulumi from "@pulumi/pulumi";
|
|
|
6
6
|
*
|
|
7
7
|
* ## Example Usage
|
|
8
8
|
*
|
|
9
|
-
* <!--Start PulumiCodeChooser -->
|
|
10
9
|
* ```typescript
|
|
11
10
|
* import * as pulumi from "@pulumi/pulumi";
|
|
12
11
|
* import * as vault from "@pulumi/vault";
|
|
13
12
|
*
|
|
14
13
|
* const allow_all = new vault.EgpPolicy("allow-all", {
|
|
15
|
-
*
|
|
14
|
+
* name: "allow-all",
|
|
16
15
|
* paths: ["*"],
|
|
16
|
+
* enforcementLevel: "soft-mandatory",
|
|
17
17
|
* policy: `main = rule {
|
|
18
18
|
* true
|
|
19
19
|
* }
|
|
20
|
-
*
|
|
21
20
|
* `,
|
|
22
21
|
* });
|
|
23
22
|
* ```
|
|
24
|
-
* <!--End PulumiCodeChooser -->
|
|
25
23
|
*/
|
|
26
24
|
export declare class EgpPolicy extends pulumi.CustomResource {
|
|
27
25
|
/**
|
package/egpPolicy.js
CHANGED
|
@@ -12,22 +12,20 @@ const utilities = require("./utilities");
|
|
|
12
12
|
*
|
|
13
13
|
* ## Example Usage
|
|
14
14
|
*
|
|
15
|
-
* <!--Start PulumiCodeChooser -->
|
|
16
15
|
* ```typescript
|
|
17
16
|
* import * as pulumi from "@pulumi/pulumi";
|
|
18
17
|
* import * as vault from "@pulumi/vault";
|
|
19
18
|
*
|
|
20
19
|
* const allow_all = new vault.EgpPolicy("allow-all", {
|
|
21
|
-
*
|
|
20
|
+
* name: "allow-all",
|
|
22
21
|
* paths: ["*"],
|
|
22
|
+
* enforcementLevel: "soft-mandatory",
|
|
23
23
|
* policy: `main = rule {
|
|
24
24
|
* true
|
|
25
25
|
* }
|
|
26
|
-
*
|
|
27
26
|
* `,
|
|
28
27
|
* });
|
|
29
28
|
* ```
|
|
30
|
-
* <!--End PulumiCodeChooser -->
|
|
31
29
|
*/
|
|
32
30
|
class EgpPolicy extends pulumi.CustomResource {
|
|
33
31
|
/**
|
package/egpPolicy.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"egpPolicy.js","sourceRoot":"","sources":["../egpPolicy.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAEjF,yCAAyC;AACzC,yCAAyC;AAEzC
|
|
1
|
+
{"version":3,"file":"egpPolicy.js","sourceRoot":"","sources":["../egpPolicy.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAEjF,yCAAyC;AACzC,yCAAyC;AAEzC;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,MAAa,SAAU,SAAQ,MAAM,CAAC,cAAc;IAChD;;;;;;;;OAQG;IACI,MAAM,CAAC,GAAG,CAAC,IAAY,EAAE,EAA2B,EAAE,KAAsB,EAAE,IAAmC;QACpH,OAAO,IAAI,SAAS,CAAC,IAAI,EAAO,KAAK,kCAAO,IAAI,KAAE,EAAE,EAAE,EAAE,IAAG,CAAC;IAChE,CAAC;IAKD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,SAAS,CAAC,YAAY,CAAC;IAC1D,CAAC;IAkCD,YAAY,IAAY,EAAE,WAA4C,EAAE,IAAmC;QACvG,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,EAAE,EAAE;YACT,MAAM,KAAK,GAAG,WAAyC,CAAC;YACxD,cAAc,CAAC,kBAAkB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC,CAAC,SAAS,CAAC;YAChF,cAAc,CAAC,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACxD,cAAc,CAAC,WAAW,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAClE,cAAc,CAAC,OAAO,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1D,cAAc,CAAC,QAAQ,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;SAC/D;aAAM;YACH,MAAM,IAAI,GAAG,WAAwC,CAAC;YACtD,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,gBAAgB,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBAC7D,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;aACnE;YACD,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,KAAK,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBAClD,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC;aACxD;YACD,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,MAAM,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACnD,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;aACzD;YACD,cAAc,CAAC,kBAAkB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9E,cAAc,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACtD,cAAc,CAAC,WAAW,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,OAAO,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;YACxD,cAAc,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;SAC7D;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,KAAK,CAAC,SAAS,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,CAAC,CAAC;IAC9D,CAAC;;AAzFL,8BA0FC;AA5EG,gBAAgB;AACO,sBAAY,GAAG,iCAAiC,CAAC"}
|
package/gcp/authBackend.d.ts
CHANGED
|
@@ -4,26 +4,6 @@ import * as outputs from "../types/output";
|
|
|
4
4
|
/**
|
|
5
5
|
* Provides a resource to configure the [GCP auth backend within Vault](https://www.vaultproject.io/docs/auth/gcp.html).
|
|
6
6
|
*
|
|
7
|
-
* ## Example Usage
|
|
8
|
-
*
|
|
9
|
-
* <!--Start PulumiCodeChooser -->
|
|
10
|
-
* ```typescript
|
|
11
|
-
* import * as pulumi from "@pulumi/pulumi";
|
|
12
|
-
* import * as fs from "fs";
|
|
13
|
-
* import * as vault from "@pulumi/vault";
|
|
14
|
-
*
|
|
15
|
-
* const gcp = new vault.gcp.AuthBackend("gcp", {
|
|
16
|
-
* credentials: fs.readFileSync("vault-gcp-credentials.json", "utf8"),
|
|
17
|
-
* customEndpoint: {
|
|
18
|
-
* api: "www.googleapis.com",
|
|
19
|
-
* iam: "iam.googleapis.com",
|
|
20
|
-
* crm: "cloudresourcemanager.googleapis.com",
|
|
21
|
-
* compute: "compute.googleapis.com",
|
|
22
|
-
* },
|
|
23
|
-
* });
|
|
24
|
-
* ```
|
|
25
|
-
* <!--End PulumiCodeChooser -->
|
|
26
|
-
*
|
|
27
7
|
* ## Import
|
|
28
8
|
*
|
|
29
9
|
* GCP authentication backends can be imported using the backend name, e.g.
|
package/gcp/authBackend.js
CHANGED
|
@@ -8,26 +8,6 @@ const utilities = require("../utilities");
|
|
|
8
8
|
/**
|
|
9
9
|
* Provides a resource to configure the [GCP auth backend within Vault](https://www.vaultproject.io/docs/auth/gcp.html).
|
|
10
10
|
*
|
|
11
|
-
* ## Example Usage
|
|
12
|
-
*
|
|
13
|
-
* <!--Start PulumiCodeChooser -->
|
|
14
|
-
* ```typescript
|
|
15
|
-
* import * as pulumi from "@pulumi/pulumi";
|
|
16
|
-
* import * as fs from "fs";
|
|
17
|
-
* import * as vault from "@pulumi/vault";
|
|
18
|
-
*
|
|
19
|
-
* const gcp = new vault.gcp.AuthBackend("gcp", {
|
|
20
|
-
* credentials: fs.readFileSync("vault-gcp-credentials.json", "utf8"),
|
|
21
|
-
* customEndpoint: {
|
|
22
|
-
* api: "www.googleapis.com",
|
|
23
|
-
* iam: "iam.googleapis.com",
|
|
24
|
-
* crm: "cloudresourcemanager.googleapis.com",
|
|
25
|
-
* compute: "compute.googleapis.com",
|
|
26
|
-
* },
|
|
27
|
-
* });
|
|
28
|
-
* ```
|
|
29
|
-
* <!--End PulumiCodeChooser -->
|
|
30
|
-
*
|
|
31
11
|
* ## Import
|
|
32
12
|
*
|
|
33
13
|
* GCP authentication backends can be imported using the backend name, e.g.
|
package/gcp/authBackend.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authBackend.js","sourceRoot":"","sources":["../../gcp/authBackend.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAEjF,yCAAyC;AAGzC,0CAA0C;AAE1C
|
|
1
|
+
{"version":3,"file":"authBackend.js","sourceRoot":"","sources":["../../gcp/authBackend.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAEjF,yCAAyC;AAGzC,0CAA0C;AAE1C;;;;;;;;;;GAUG;AACH,MAAa,WAAY,SAAQ,MAAM,CAAC,cAAc;IAClD;;;;;;;;OAQG;IACI,MAAM,CAAC,GAAG,CAAC,IAAY,EAAE,EAA2B,EAAE,KAAwB,EAAE,IAAmC;QACtH,OAAO,IAAI,WAAW,CAAC,IAAI,EAAO,KAAK,kCAAO,IAAI,KAAE,EAAE,EAAE,EAAE,IAAG,CAAC;IAClE,CAAC;IAKD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,WAAW,CAAC,YAAY,CAAC;IAC5D,CAAC;IA2ED,YAAY,IAAY,EAAE,WAAgD,EAAE,IAAmC;QAC3G,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,EAAE,EAAE;YACT,MAAM,KAAK,GAAG,WAA2C,CAAC;YAC1D,cAAc,CAAC,UAAU,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,aAAa,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACtE,cAAc,CAAC,UAAU,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,aAAa,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACtE,cAAc,CAAC,gBAAgB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5E,cAAc,CAAC,aAAa,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACtE,cAAc,CAAC,gBAAgB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5E,cAAc,CAAC,OAAO,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1D,cAAc,CAAC,WAAW,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAClE,cAAc,CAAC,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACxD,cAAc,CAAC,cAAc,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS,CAAC;YACxE,cAAc,CAAC,WAAW,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAClE,cAAc,CAAC,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;SAC3D;aAAM;YACH,MAAM,IAAI,GAAG,WAA0C,CAAC;YACxD,cAAc,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACpE,cAAc,CAAC,UAAU,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9D,cAAc,CAAC,aAAa,CAAC,GAAG,CAAA,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,WAAW,EAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;YAChG,cAAc,CAAC,gBAAgB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1E,cAAc,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACpE,cAAc,CAAC,gBAAgB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1E,cAAc,CAAC,OAAO,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;YACxD,cAAc,CAAC,WAAW,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACtD,cAAc,CAAC,cAAc,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS,CAAC;YACtE,cAAc,CAAC,WAAW,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACtD,cAAc,CAAC,UAAU,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;SAClD;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,MAAM,UAAU,GAAG,EAAE,uBAAuB,EAAE,CAAC,aAAa,CAAC,EAAE,CAAC;QAChE,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;QAC7C,KAAK,CAAC,WAAW,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,CAAC,CAAC;IAChE,CAAC;;AA3IL,kCA4IC;AA9HG,gBAAgB;AACO,wBAAY,GAAG,mCAAmC,CAAC"}
|
package/gcp/authBackendRole.d.ts
CHANGED
|
@@ -4,7 +4,6 @@ import * as pulumi from "@pulumi/pulumi";
|
|
|
4
4
|
*
|
|
5
5
|
* ## Example Usage
|
|
6
6
|
*
|
|
7
|
-
* <!--Start PulumiCodeChooser -->
|
|
8
7
|
* ```typescript
|
|
9
8
|
* import * as pulumi from "@pulumi/pulumi";
|
|
10
9
|
* import * as vault from "@pulumi/vault";
|
|
@@ -28,7 +27,6 @@ import * as pulumi from "@pulumi/pulumi";
|
|
|
28
27
|
* addGroupAliases: true,
|
|
29
28
|
* });
|
|
30
29
|
* ```
|
|
31
|
-
* <!--End PulumiCodeChooser -->
|
|
32
30
|
*
|
|
33
31
|
* ## Import
|
|
34
32
|
*
|
|
@@ -55,41 +53,23 @@ export declare class AuthBackendRole extends pulumi.CustomResource {
|
|
|
55
53
|
*/
|
|
56
54
|
static isInstance(obj: any): obj is AuthBackendRole;
|
|
57
55
|
readonly addGroupAliases: pulumi.Output<boolean>;
|
|
58
|
-
/**
|
|
59
|
-
* A flag to determine if this role should allow GCE instances to authenticate by inferring service accounts from the GCE identity metadata token.
|
|
60
|
-
*/
|
|
61
56
|
readonly allowGceInference: pulumi.Output<boolean>;
|
|
62
57
|
/**
|
|
63
58
|
* Path to the mounted GCP auth backend
|
|
64
59
|
*/
|
|
65
60
|
readonly backend: pulumi.Output<string | undefined>;
|
|
66
|
-
/**
|
|
67
|
-
* The instance groups that an authorized instance must belong to in order to be authenticated. If specified, either `boundZones` or `boundRegions` must be set too.
|
|
68
|
-
*/
|
|
69
61
|
readonly boundInstanceGroups: pulumi.Output<string[]>;
|
|
70
|
-
/**
|
|
71
|
-
* A comma-separated list of GCP labels formatted as `"key:value"` strings that must be set on authorized GCE instances. Because GCP labels are not currently ACL'd, we recommend that this be used in conjunction with other restrictions.
|
|
72
|
-
*/
|
|
73
62
|
readonly boundLabels: pulumi.Output<string[]>;
|
|
74
63
|
/**
|
|
75
64
|
* An array of GCP project IDs. Only entities belonging to this project can authenticate under the role.
|
|
76
65
|
*/
|
|
77
66
|
readonly boundProjects: pulumi.Output<string[] | undefined>;
|
|
78
|
-
/**
|
|
79
|
-
* The list of regions that a GCE instance must belong to in order to be authenticated. If boundInstanceGroups is provided, it is assumed to be a regional group and the group must belong to this region. If boundZones are provided, this attribute is ignored.
|
|
80
|
-
*/
|
|
81
67
|
readonly boundRegions: pulumi.Output<string[]>;
|
|
82
68
|
/**
|
|
83
69
|
* GCP Service Accounts allowed to issue tokens under this role. (Note: **Required** if role is `iam`)
|
|
84
70
|
*/
|
|
85
71
|
readonly boundServiceAccounts: pulumi.Output<string[]>;
|
|
86
|
-
/**
|
|
87
|
-
* The list of zones that a GCE instance must belong to in order to be authenticated. If boundInstanceGroups is provided, it is assumed to be a zonal group and the group must belong to this zone.
|
|
88
|
-
*/
|
|
89
72
|
readonly boundZones: pulumi.Output<string[]>;
|
|
90
|
-
/**
|
|
91
|
-
* The number of seconds past the time of authentication that the login param JWT must expire within. For example, if a user attempts to login with a token that expires within an hour and this is set to 15 minutes, Vault will return an error prompting the user to create a new signed JWT with a shorter `exp`. The GCE metadata tokens currently do not allow the `exp` claim to be customized.
|
|
92
|
-
*/
|
|
93
73
|
readonly maxJwtExp: pulumi.Output<string>;
|
|
94
74
|
/**
|
|
95
75
|
* The namespace to provision the resource in.
|
|
@@ -103,56 +83,39 @@ export declare class AuthBackendRole extends pulumi.CustomResource {
|
|
|
103
83
|
*/
|
|
104
84
|
readonly role: pulumi.Output<string>;
|
|
105
85
|
/**
|
|
106
|
-
*
|
|
107
|
-
* addresses which can authenticate successfully, and ties the resulting token to these blocks
|
|
108
|
-
* as well.
|
|
86
|
+
* Specifies the blocks of IP addresses which are allowed to use the generated token
|
|
109
87
|
*/
|
|
110
88
|
readonly tokenBoundCidrs: pulumi.Output<string[] | undefined>;
|
|
111
89
|
/**
|
|
112
|
-
*
|
|
113
|
-
* [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
|
|
114
|
-
* onto the token in number of seconds. This is a hard cap even if `tokenTtl` and
|
|
115
|
-
* `tokenMaxTtl` would otherwise allow a renewal.
|
|
90
|
+
* Generated Token's Explicit Maximum TTL in seconds
|
|
116
91
|
*/
|
|
117
92
|
readonly tokenExplicitMaxTtl: pulumi.Output<number | undefined>;
|
|
118
93
|
/**
|
|
119
|
-
* The maximum lifetime
|
|
120
|
-
* Its current value will be referenced at renewal time.
|
|
94
|
+
* The maximum lifetime of the generated token
|
|
121
95
|
*/
|
|
122
96
|
readonly tokenMaxTtl: pulumi.Output<number | undefined>;
|
|
123
97
|
/**
|
|
124
|
-
* If
|
|
125
|
-
* generated tokens; otherwise it will be added to the policies set in token_policies.
|
|
98
|
+
* If true, the 'default' policy will not automatically be added to generated tokens
|
|
126
99
|
*/
|
|
127
100
|
readonly tokenNoDefaultPolicy: pulumi.Output<boolean | undefined>;
|
|
128
101
|
/**
|
|
129
|
-
* The
|
|
130
|
-
* of times a generated token may be used (within its lifetime); 0 means unlimited.
|
|
102
|
+
* The maximum number of times a token may be used, a value of zero means unlimited
|
|
131
103
|
*/
|
|
132
104
|
readonly tokenNumUses: pulumi.Output<number | undefined>;
|
|
133
105
|
/**
|
|
134
|
-
*
|
|
135
|
-
* token generated using this role should never expire. The token should be renewed within the
|
|
136
|
-
* duration specified by this value. At each renewal, the token's TTL will be set to the
|
|
137
|
-
* value of this field. Specified in seconds.
|
|
106
|
+
* Generated Token's Period
|
|
138
107
|
*/
|
|
139
108
|
readonly tokenPeriod: pulumi.Output<number | undefined>;
|
|
140
109
|
/**
|
|
141
|
-
*
|
|
142
|
-
* on the auth method, this list may be supplemented by user/group/other values.
|
|
110
|
+
* Generated Token's Policies
|
|
143
111
|
*/
|
|
144
112
|
readonly tokenPolicies: pulumi.Output<string[] | undefined>;
|
|
145
113
|
/**
|
|
146
|
-
* The
|
|
147
|
-
* Its current value will be referenced at renewal time.
|
|
114
|
+
* The initial ttl of the token to generate in seconds
|
|
148
115
|
*/
|
|
149
116
|
readonly tokenTtl: pulumi.Output<number | undefined>;
|
|
150
117
|
/**
|
|
151
|
-
* The type of token
|
|
152
|
-
* `batch`, or `default` to use the mount's tuned default (which unless changed will be
|
|
153
|
-
* `service` tokens). For token store roles, there are two additional possibilities:
|
|
154
|
-
* `default-service` and `default-batch` which specify the type to return unless the client
|
|
155
|
-
* requests a different type at generation time.
|
|
118
|
+
* The type of token to generate, service or batch
|
|
156
119
|
*/
|
|
157
120
|
readonly tokenType: pulumi.Output<string | undefined>;
|
|
158
121
|
/**
|
|
@@ -173,41 +136,23 @@ export declare class AuthBackendRole extends pulumi.CustomResource {
|
|
|
173
136
|
*/
|
|
174
137
|
export interface AuthBackendRoleState {
|
|
175
138
|
addGroupAliases?: pulumi.Input<boolean>;
|
|
176
|
-
/**
|
|
177
|
-
* A flag to determine if this role should allow GCE instances to authenticate by inferring service accounts from the GCE identity metadata token.
|
|
178
|
-
*/
|
|
179
139
|
allowGceInference?: pulumi.Input<boolean>;
|
|
180
140
|
/**
|
|
181
141
|
* Path to the mounted GCP auth backend
|
|
182
142
|
*/
|
|
183
143
|
backend?: pulumi.Input<string>;
|
|
184
|
-
/**
|
|
185
|
-
* The instance groups that an authorized instance must belong to in order to be authenticated. If specified, either `boundZones` or `boundRegions` must be set too.
|
|
186
|
-
*/
|
|
187
144
|
boundInstanceGroups?: pulumi.Input<pulumi.Input<string>[]>;
|
|
188
|
-
/**
|
|
189
|
-
* A comma-separated list of GCP labels formatted as `"key:value"` strings that must be set on authorized GCE instances. Because GCP labels are not currently ACL'd, we recommend that this be used in conjunction with other restrictions.
|
|
190
|
-
*/
|
|
191
145
|
boundLabels?: pulumi.Input<pulumi.Input<string>[]>;
|
|
192
146
|
/**
|
|
193
147
|
* An array of GCP project IDs. Only entities belonging to this project can authenticate under the role.
|
|
194
148
|
*/
|
|
195
149
|
boundProjects?: pulumi.Input<pulumi.Input<string>[]>;
|
|
196
|
-
/**
|
|
197
|
-
* The list of regions that a GCE instance must belong to in order to be authenticated. If boundInstanceGroups is provided, it is assumed to be a regional group and the group must belong to this region. If boundZones are provided, this attribute is ignored.
|
|
198
|
-
*/
|
|
199
150
|
boundRegions?: pulumi.Input<pulumi.Input<string>[]>;
|
|
200
151
|
/**
|
|
201
152
|
* GCP Service Accounts allowed to issue tokens under this role. (Note: **Required** if role is `iam`)
|
|
202
153
|
*/
|
|
203
154
|
boundServiceAccounts?: pulumi.Input<pulumi.Input<string>[]>;
|
|
204
|
-
/**
|
|
205
|
-
* The list of zones that a GCE instance must belong to in order to be authenticated. If boundInstanceGroups is provided, it is assumed to be a zonal group and the group must belong to this zone.
|
|
206
|
-
*/
|
|
207
155
|
boundZones?: pulumi.Input<pulumi.Input<string>[]>;
|
|
208
|
-
/**
|
|
209
|
-
* The number of seconds past the time of authentication that the login param JWT must expire within. For example, if a user attempts to login with a token that expires within an hour and this is set to 15 minutes, Vault will return an error prompting the user to create a new signed JWT with a shorter `exp`. The GCE metadata tokens currently do not allow the `exp` claim to be customized.
|
|
210
|
-
*/
|
|
211
156
|
maxJwtExp?: pulumi.Input<string>;
|
|
212
157
|
/**
|
|
213
158
|
* The namespace to provision the resource in.
|
|
@@ -221,56 +166,39 @@ export interface AuthBackendRoleState {
|
|
|
221
166
|
*/
|
|
222
167
|
role?: pulumi.Input<string>;
|
|
223
168
|
/**
|
|
224
|
-
*
|
|
225
|
-
* addresses which can authenticate successfully, and ties the resulting token to these blocks
|
|
226
|
-
* as well.
|
|
169
|
+
* Specifies the blocks of IP addresses which are allowed to use the generated token
|
|
227
170
|
*/
|
|
228
171
|
tokenBoundCidrs?: pulumi.Input<pulumi.Input<string>[]>;
|
|
229
172
|
/**
|
|
230
|
-
*
|
|
231
|
-
* [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
|
|
232
|
-
* onto the token in number of seconds. This is a hard cap even if `tokenTtl` and
|
|
233
|
-
* `tokenMaxTtl` would otherwise allow a renewal.
|
|
173
|
+
* Generated Token's Explicit Maximum TTL in seconds
|
|
234
174
|
*/
|
|
235
175
|
tokenExplicitMaxTtl?: pulumi.Input<number>;
|
|
236
176
|
/**
|
|
237
|
-
* The maximum lifetime
|
|
238
|
-
* Its current value will be referenced at renewal time.
|
|
177
|
+
* The maximum lifetime of the generated token
|
|
239
178
|
*/
|
|
240
179
|
tokenMaxTtl?: pulumi.Input<number>;
|
|
241
180
|
/**
|
|
242
|
-
* If
|
|
243
|
-
* generated tokens; otherwise it will be added to the policies set in token_policies.
|
|
181
|
+
* If true, the 'default' policy will not automatically be added to generated tokens
|
|
244
182
|
*/
|
|
245
183
|
tokenNoDefaultPolicy?: pulumi.Input<boolean>;
|
|
246
184
|
/**
|
|
247
|
-
* The
|
|
248
|
-
* of times a generated token may be used (within its lifetime); 0 means unlimited.
|
|
185
|
+
* The maximum number of times a token may be used, a value of zero means unlimited
|
|
249
186
|
*/
|
|
250
187
|
tokenNumUses?: pulumi.Input<number>;
|
|
251
188
|
/**
|
|
252
|
-
*
|
|
253
|
-
* token generated using this role should never expire. The token should be renewed within the
|
|
254
|
-
* duration specified by this value. At each renewal, the token's TTL will be set to the
|
|
255
|
-
* value of this field. Specified in seconds.
|
|
189
|
+
* Generated Token's Period
|
|
256
190
|
*/
|
|
257
191
|
tokenPeriod?: pulumi.Input<number>;
|
|
258
192
|
/**
|
|
259
|
-
*
|
|
260
|
-
* on the auth method, this list may be supplemented by user/group/other values.
|
|
193
|
+
* Generated Token's Policies
|
|
261
194
|
*/
|
|
262
195
|
tokenPolicies?: pulumi.Input<pulumi.Input<string>[]>;
|
|
263
196
|
/**
|
|
264
|
-
* The
|
|
265
|
-
* Its current value will be referenced at renewal time.
|
|
197
|
+
* The initial ttl of the token to generate in seconds
|
|
266
198
|
*/
|
|
267
199
|
tokenTtl?: pulumi.Input<number>;
|
|
268
200
|
/**
|
|
269
|
-
* The type of token
|
|
270
|
-
* `batch`, or `default` to use the mount's tuned default (which unless changed will be
|
|
271
|
-
* `service` tokens). For token store roles, there are two additional possibilities:
|
|
272
|
-
* `default-service` and `default-batch` which specify the type to return unless the client
|
|
273
|
-
* requests a different type at generation time.
|
|
201
|
+
* The type of token to generate, service or batch
|
|
274
202
|
*/
|
|
275
203
|
tokenType?: pulumi.Input<string>;
|
|
276
204
|
/**
|
|
@@ -283,41 +211,23 @@ export interface AuthBackendRoleState {
|
|
|
283
211
|
*/
|
|
284
212
|
export interface AuthBackendRoleArgs {
|
|
285
213
|
addGroupAliases?: pulumi.Input<boolean>;
|
|
286
|
-
/**
|
|
287
|
-
* A flag to determine if this role should allow GCE instances to authenticate by inferring service accounts from the GCE identity metadata token.
|
|
288
|
-
*/
|
|
289
214
|
allowGceInference?: pulumi.Input<boolean>;
|
|
290
215
|
/**
|
|
291
216
|
* Path to the mounted GCP auth backend
|
|
292
217
|
*/
|
|
293
218
|
backend?: pulumi.Input<string>;
|
|
294
|
-
/**
|
|
295
|
-
* The instance groups that an authorized instance must belong to in order to be authenticated. If specified, either `boundZones` or `boundRegions` must be set too.
|
|
296
|
-
*/
|
|
297
219
|
boundInstanceGroups?: pulumi.Input<pulumi.Input<string>[]>;
|
|
298
|
-
/**
|
|
299
|
-
* A comma-separated list of GCP labels formatted as `"key:value"` strings that must be set on authorized GCE instances. Because GCP labels are not currently ACL'd, we recommend that this be used in conjunction with other restrictions.
|
|
300
|
-
*/
|
|
301
220
|
boundLabels?: pulumi.Input<pulumi.Input<string>[]>;
|
|
302
221
|
/**
|
|
303
222
|
* An array of GCP project IDs. Only entities belonging to this project can authenticate under the role.
|
|
304
223
|
*/
|
|
305
224
|
boundProjects?: pulumi.Input<pulumi.Input<string>[]>;
|
|
306
|
-
/**
|
|
307
|
-
* The list of regions that a GCE instance must belong to in order to be authenticated. If boundInstanceGroups is provided, it is assumed to be a regional group and the group must belong to this region. If boundZones are provided, this attribute is ignored.
|
|
308
|
-
*/
|
|
309
225
|
boundRegions?: pulumi.Input<pulumi.Input<string>[]>;
|
|
310
226
|
/**
|
|
311
227
|
* GCP Service Accounts allowed to issue tokens under this role. (Note: **Required** if role is `iam`)
|
|
312
228
|
*/
|
|
313
229
|
boundServiceAccounts?: pulumi.Input<pulumi.Input<string>[]>;
|
|
314
|
-
/**
|
|
315
|
-
* The list of zones that a GCE instance must belong to in order to be authenticated. If boundInstanceGroups is provided, it is assumed to be a zonal group and the group must belong to this zone.
|
|
316
|
-
*/
|
|
317
230
|
boundZones?: pulumi.Input<pulumi.Input<string>[]>;
|
|
318
|
-
/**
|
|
319
|
-
* The number of seconds past the time of authentication that the login param JWT must expire within. For example, if a user attempts to login with a token that expires within an hour and this is set to 15 minutes, Vault will return an error prompting the user to create a new signed JWT with a shorter `exp`. The GCE metadata tokens currently do not allow the `exp` claim to be customized.
|
|
320
|
-
*/
|
|
321
231
|
maxJwtExp?: pulumi.Input<string>;
|
|
322
232
|
/**
|
|
323
233
|
* The namespace to provision the resource in.
|
|
@@ -331,56 +241,39 @@ export interface AuthBackendRoleArgs {
|
|
|
331
241
|
*/
|
|
332
242
|
role: pulumi.Input<string>;
|
|
333
243
|
/**
|
|
334
|
-
*
|
|
335
|
-
* addresses which can authenticate successfully, and ties the resulting token to these blocks
|
|
336
|
-
* as well.
|
|
244
|
+
* Specifies the blocks of IP addresses which are allowed to use the generated token
|
|
337
245
|
*/
|
|
338
246
|
tokenBoundCidrs?: pulumi.Input<pulumi.Input<string>[]>;
|
|
339
247
|
/**
|
|
340
|
-
*
|
|
341
|
-
* [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
|
|
342
|
-
* onto the token in number of seconds. This is a hard cap even if `tokenTtl` and
|
|
343
|
-
* `tokenMaxTtl` would otherwise allow a renewal.
|
|
248
|
+
* Generated Token's Explicit Maximum TTL in seconds
|
|
344
249
|
*/
|
|
345
250
|
tokenExplicitMaxTtl?: pulumi.Input<number>;
|
|
346
251
|
/**
|
|
347
|
-
* The maximum lifetime
|
|
348
|
-
* Its current value will be referenced at renewal time.
|
|
252
|
+
* The maximum lifetime of the generated token
|
|
349
253
|
*/
|
|
350
254
|
tokenMaxTtl?: pulumi.Input<number>;
|
|
351
255
|
/**
|
|
352
|
-
* If
|
|
353
|
-
* generated tokens; otherwise it will be added to the policies set in token_policies.
|
|
256
|
+
* If true, the 'default' policy will not automatically be added to generated tokens
|
|
354
257
|
*/
|
|
355
258
|
tokenNoDefaultPolicy?: pulumi.Input<boolean>;
|
|
356
259
|
/**
|
|
357
|
-
* The
|
|
358
|
-
* of times a generated token may be used (within its lifetime); 0 means unlimited.
|
|
260
|
+
* The maximum number of times a token may be used, a value of zero means unlimited
|
|
359
261
|
*/
|
|
360
262
|
tokenNumUses?: pulumi.Input<number>;
|
|
361
263
|
/**
|
|
362
|
-
*
|
|
363
|
-
* token generated using this role should never expire. The token should be renewed within the
|
|
364
|
-
* duration specified by this value. At each renewal, the token's TTL will be set to the
|
|
365
|
-
* value of this field. Specified in seconds.
|
|
264
|
+
* Generated Token's Period
|
|
366
265
|
*/
|
|
367
266
|
tokenPeriod?: pulumi.Input<number>;
|
|
368
267
|
/**
|
|
369
|
-
*
|
|
370
|
-
* on the auth method, this list may be supplemented by user/group/other values.
|
|
268
|
+
* Generated Token's Policies
|
|
371
269
|
*/
|
|
372
270
|
tokenPolicies?: pulumi.Input<pulumi.Input<string>[]>;
|
|
373
271
|
/**
|
|
374
|
-
* The
|
|
375
|
-
* Its current value will be referenced at renewal time.
|
|
272
|
+
* The initial ttl of the token to generate in seconds
|
|
376
273
|
*/
|
|
377
274
|
tokenTtl?: pulumi.Input<number>;
|
|
378
275
|
/**
|
|
379
|
-
* The type of token
|
|
380
|
-
* `batch`, or `default` to use the mount's tuned default (which unless changed will be
|
|
381
|
-
* `service` tokens). For token store roles, there are two additional possibilities:
|
|
382
|
-
* `default-service` and `default-batch` which specify the type to return unless the client
|
|
383
|
-
* requests a different type at generation time.
|
|
276
|
+
* The type of token to generate, service or batch
|
|
384
277
|
*/
|
|
385
278
|
tokenType?: pulumi.Input<string>;
|
|
386
279
|
/**
|