@pulumi/vault 6.2.0-alpha.1718953130 → 6.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (68) hide show
  1. package/authBackend.d.ts +12 -0
  2. package/authBackend.js +2 -0
  3. package/authBackend.js.map +1 -1
  4. package/aws/authBackendClient.d.ts +76 -3
  5. package/aws/authBackendClient.js +21 -0
  6. package/aws/authBackendClient.js.map +1 -1
  7. package/aws/secretBackendRole.d.ts +21 -0
  8. package/aws/secretBackendRole.js +2 -0
  9. package/aws/secretBackendRole.js.map +1 -1
  10. package/azure/authBackendConfig.d.ts +45 -0
  11. package/azure/authBackendConfig.js +22 -0
  12. package/azure/authBackendConfig.js.map +1 -1
  13. package/azure/backend.d.ts +65 -0
  14. package/azure/backend.js +20 -0
  15. package/azure/backend.js.map +1 -1
  16. package/database/secretsMount.d.ts +72 -0
  17. package/database/secretsMount.js +12 -0
  18. package/database/secretsMount.js.map +1 -1
  19. package/gcp/authBackend.d.ts +75 -0
  20. package/gcp/authBackend.js +23 -0
  21. package/gcp/authBackend.js.map +1 -1
  22. package/gcp/secretBackend.d.ts +81 -0
  23. package/gcp/secretBackend.js +23 -0
  24. package/gcp/secretBackend.js.map +1 -1
  25. package/index.d.ts +6 -0
  26. package/index.js +12 -2
  27. package/index.js.map +1 -1
  28. package/jwt/authBackendRole.d.ts +12 -15
  29. package/jwt/authBackendRole.js.map +1 -1
  30. package/kubernetes/secretBackend.d.ts +72 -0
  31. package/kubernetes/secretBackend.js +12 -0
  32. package/kubernetes/secretBackend.js.map +1 -1
  33. package/ldap/secretBackend.d.ts +72 -0
  34. package/ldap/secretBackend.js +12 -0
  35. package/ldap/secretBackend.js.map +1 -1
  36. package/mount.d.ts +90 -0
  37. package/mount.js +12 -0
  38. package/mount.js.map +1 -1
  39. package/okta/authBackend.d.ts +120 -0
  40. package/okta/authBackend.js +18 -0
  41. package/okta/authBackend.js.map +1 -1
  42. package/package.json +2 -2
  43. package/pkisecret/backendConfigEst.d.ts +191 -0
  44. package/pkisecret/backendConfigEst.js +83 -0
  45. package/pkisecret/backendConfigEst.js.map +1 -0
  46. package/pkisecret/getBackendConfigEst.d.ts +117 -0
  47. package/pkisecret/getBackendConfigEst.js +54 -0
  48. package/pkisecret/getBackendConfigEst.js.map +1 -0
  49. package/pkisecret/index.d.ts +6 -0
  50. package/pkisecret/index.js +9 -1
  51. package/pkisecret/index.js.map +1 -1
  52. package/plugin.d.ts +179 -0
  53. package/plugin.js +105 -0
  54. package/plugin.js.map +1 -0
  55. package/pluginPinnedVersion.d.ts +103 -0
  56. package/pluginPinnedVersion.js +90 -0
  57. package/pluginPinnedVersion.js.map +1 -0
  58. package/quotaLeaseCount.d.ts +12 -0
  59. package/quotaLeaseCount.js +2 -0
  60. package/quotaLeaseCount.js.map +1 -1
  61. package/quotaRateLimit.d.ts +12 -0
  62. package/quotaRateLimit.js +2 -0
  63. package/quotaRateLimit.js.map +1 -1
  64. package/ssh/secretBackendCa.d.ts +24 -0
  65. package/ssh/secretBackendCa.js +4 -0
  66. package/ssh/secretBackendCa.js.map +1 -1
  67. package/types/input.d.ts +8 -0
  68. package/types/output.d.ts +22 -0
@@ -82,6 +82,8 @@ export declare class AuthBackend extends pulumi.CustomResource {
82
82
  /**
83
83
  * Maximum duration after which authentication will be expired
84
84
  * [See the documentation for info on valid duration formats](https://golang.org/pkg/time/#ParseDuration).
85
+ *
86
+ * @deprecated Deprecated. Please use `tokenMaxTtl` instead.
85
87
  */
86
88
  readonly maxTtl: pulumi.Output<string | undefined>;
87
89
  /**
@@ -104,9 +106,47 @@ export declare class AuthBackend extends pulumi.CustomResource {
104
106
  * If this is not supplied only locally configured groups will be enabled.
105
107
  */
106
108
  readonly token: pulumi.Output<string | undefined>;
109
+ /**
110
+ * Specifies the blocks of IP addresses which are allowed to use the generated token
111
+ */
112
+ readonly tokenBoundCidrs: pulumi.Output<string[] | undefined>;
113
+ /**
114
+ * Generated Token's Explicit Maximum TTL in seconds
115
+ */
116
+ readonly tokenExplicitMaxTtl: pulumi.Output<number | undefined>;
117
+ /**
118
+ * The maximum lifetime of the generated token
119
+ */
120
+ readonly tokenMaxTtl: pulumi.Output<number | undefined>;
121
+ /**
122
+ * If true, the 'default' policy will not automatically be added to generated tokens
123
+ */
124
+ readonly tokenNoDefaultPolicy: pulumi.Output<boolean | undefined>;
125
+ /**
126
+ * The maximum number of times a token may be used, a value of zero means unlimited
127
+ */
128
+ readonly tokenNumUses: pulumi.Output<number | undefined>;
129
+ /**
130
+ * Generated Token's Period
131
+ */
132
+ readonly tokenPeriod: pulumi.Output<number | undefined>;
133
+ /**
134
+ * Generated Token's Policies
135
+ */
136
+ readonly tokenPolicies: pulumi.Output<string[] | undefined>;
137
+ /**
138
+ * The initial ttl of the token to generate in seconds
139
+ */
140
+ readonly tokenTtl: pulumi.Output<number | undefined>;
141
+ /**
142
+ * The type of token to generate, service or batch
143
+ */
144
+ readonly tokenType: pulumi.Output<string | undefined>;
107
145
  /**
108
146
  * Duration after which authentication will be expired.
109
147
  * [See the documentation for info on valid duration formats](https://golang.org/pkg/time/#ParseDuration).
148
+ *
149
+ * @deprecated Deprecated. Please use `tokenTtl` instead.
110
150
  */
111
151
  readonly ttl: pulumi.Output<string | undefined>;
112
152
  /**
@@ -156,6 +196,8 @@ export interface AuthBackendState {
156
196
  /**
157
197
  * Maximum duration after which authentication will be expired
158
198
  * [See the documentation for info on valid duration formats](https://golang.org/pkg/time/#ParseDuration).
199
+ *
200
+ * @deprecated Deprecated. Please use `tokenMaxTtl` instead.
159
201
  */
160
202
  maxTtl?: pulumi.Input<string>;
161
203
  /**
@@ -178,9 +220,47 @@ export interface AuthBackendState {
178
220
  * If this is not supplied only locally configured groups will be enabled.
179
221
  */
180
222
  token?: pulumi.Input<string>;
223
+ /**
224
+ * Specifies the blocks of IP addresses which are allowed to use the generated token
225
+ */
226
+ tokenBoundCidrs?: pulumi.Input<pulumi.Input<string>[]>;
227
+ /**
228
+ * Generated Token's Explicit Maximum TTL in seconds
229
+ */
230
+ tokenExplicitMaxTtl?: pulumi.Input<number>;
231
+ /**
232
+ * The maximum lifetime of the generated token
233
+ */
234
+ tokenMaxTtl?: pulumi.Input<number>;
235
+ /**
236
+ * If true, the 'default' policy will not automatically be added to generated tokens
237
+ */
238
+ tokenNoDefaultPolicy?: pulumi.Input<boolean>;
239
+ /**
240
+ * The maximum number of times a token may be used, a value of zero means unlimited
241
+ */
242
+ tokenNumUses?: pulumi.Input<number>;
243
+ /**
244
+ * Generated Token's Period
245
+ */
246
+ tokenPeriod?: pulumi.Input<number>;
247
+ /**
248
+ * Generated Token's Policies
249
+ */
250
+ tokenPolicies?: pulumi.Input<pulumi.Input<string>[]>;
251
+ /**
252
+ * The initial ttl of the token to generate in seconds
253
+ */
254
+ tokenTtl?: pulumi.Input<number>;
255
+ /**
256
+ * The type of token to generate, service or batch
257
+ */
258
+ tokenType?: pulumi.Input<string>;
181
259
  /**
182
260
  * Duration after which authentication will be expired.
183
261
  * [See the documentation for info on valid duration formats](https://golang.org/pkg/time/#ParseDuration).
262
+ *
263
+ * @deprecated Deprecated. Please use `tokenTtl` instead.
184
264
  */
185
265
  ttl?: pulumi.Input<string>;
186
266
  /**
@@ -218,6 +298,8 @@ export interface AuthBackendArgs {
218
298
  /**
219
299
  * Maximum duration after which authentication will be expired
220
300
  * [See the documentation for info on valid duration formats](https://golang.org/pkg/time/#ParseDuration).
301
+ *
302
+ * @deprecated Deprecated. Please use `tokenMaxTtl` instead.
221
303
  */
222
304
  maxTtl?: pulumi.Input<string>;
223
305
  /**
@@ -240,9 +322,47 @@ export interface AuthBackendArgs {
240
322
  * If this is not supplied only locally configured groups will be enabled.
241
323
  */
242
324
  token?: pulumi.Input<string>;
325
+ /**
326
+ * Specifies the blocks of IP addresses which are allowed to use the generated token
327
+ */
328
+ tokenBoundCidrs?: pulumi.Input<pulumi.Input<string>[]>;
329
+ /**
330
+ * Generated Token's Explicit Maximum TTL in seconds
331
+ */
332
+ tokenExplicitMaxTtl?: pulumi.Input<number>;
333
+ /**
334
+ * The maximum lifetime of the generated token
335
+ */
336
+ tokenMaxTtl?: pulumi.Input<number>;
337
+ /**
338
+ * If true, the 'default' policy will not automatically be added to generated tokens
339
+ */
340
+ tokenNoDefaultPolicy?: pulumi.Input<boolean>;
341
+ /**
342
+ * The maximum number of times a token may be used, a value of zero means unlimited
343
+ */
344
+ tokenNumUses?: pulumi.Input<number>;
345
+ /**
346
+ * Generated Token's Period
347
+ */
348
+ tokenPeriod?: pulumi.Input<number>;
349
+ /**
350
+ * Generated Token's Policies
351
+ */
352
+ tokenPolicies?: pulumi.Input<pulumi.Input<string>[]>;
353
+ /**
354
+ * The initial ttl of the token to generate in seconds
355
+ */
356
+ tokenTtl?: pulumi.Input<number>;
357
+ /**
358
+ * The type of token to generate, service or batch
359
+ */
360
+ tokenType?: pulumi.Input<string>;
243
361
  /**
244
362
  * Duration after which authentication will be expired.
245
363
  * [See the documentation for info on valid duration formats](https://golang.org/pkg/time/#ParseDuration).
364
+ *
365
+ * @deprecated Deprecated. Please use `tokenTtl` instead.
246
366
  */
247
367
  ttl?: pulumi.Input<string>;
248
368
  /**
@@ -80,6 +80,15 @@ class AuthBackend extends pulumi.CustomResource {
80
80
  resourceInputs["organization"] = state ? state.organization : undefined;
81
81
  resourceInputs["path"] = state ? state.path : undefined;
82
82
  resourceInputs["token"] = state ? state.token : undefined;
83
+ resourceInputs["tokenBoundCidrs"] = state ? state.tokenBoundCidrs : undefined;
84
+ resourceInputs["tokenExplicitMaxTtl"] = state ? state.tokenExplicitMaxTtl : undefined;
85
+ resourceInputs["tokenMaxTtl"] = state ? state.tokenMaxTtl : undefined;
86
+ resourceInputs["tokenNoDefaultPolicy"] = state ? state.tokenNoDefaultPolicy : undefined;
87
+ resourceInputs["tokenNumUses"] = state ? state.tokenNumUses : undefined;
88
+ resourceInputs["tokenPeriod"] = state ? state.tokenPeriod : undefined;
89
+ resourceInputs["tokenPolicies"] = state ? state.tokenPolicies : undefined;
90
+ resourceInputs["tokenTtl"] = state ? state.tokenTtl : undefined;
91
+ resourceInputs["tokenType"] = state ? state.tokenType : undefined;
83
92
  resourceInputs["ttl"] = state ? state.ttl : undefined;
84
93
  resourceInputs["users"] = state ? state.users : undefined;
85
94
  }
@@ -98,6 +107,15 @@ class AuthBackend extends pulumi.CustomResource {
98
107
  resourceInputs["organization"] = args ? args.organization : undefined;
99
108
  resourceInputs["path"] = args ? args.path : undefined;
100
109
  resourceInputs["token"] = (args === null || args === void 0 ? void 0 : args.token) ? pulumi.secret(args.token) : undefined;
110
+ resourceInputs["tokenBoundCidrs"] = args ? args.tokenBoundCidrs : undefined;
111
+ resourceInputs["tokenExplicitMaxTtl"] = args ? args.tokenExplicitMaxTtl : undefined;
112
+ resourceInputs["tokenMaxTtl"] = args ? args.tokenMaxTtl : undefined;
113
+ resourceInputs["tokenNoDefaultPolicy"] = args ? args.tokenNoDefaultPolicy : undefined;
114
+ resourceInputs["tokenNumUses"] = args ? args.tokenNumUses : undefined;
115
+ resourceInputs["tokenPeriod"] = args ? args.tokenPeriod : undefined;
116
+ resourceInputs["tokenPolicies"] = args ? args.tokenPolicies : undefined;
117
+ resourceInputs["tokenTtl"] = args ? args.tokenTtl : undefined;
118
+ resourceInputs["tokenType"] = args ? args.tokenType : undefined;
101
119
  resourceInputs["ttl"] = args ? args.ttl : undefined;
102
120
  resourceInputs["users"] = args ? args.users : undefined;
103
121
  resourceInputs["accessor"] = undefined /*out*/;
@@ -1 +1 @@
1
- {"version":3,"file":"authBackend.js","sourceRoot":"","sources":["../../okta/authBackend.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAEjF,yCAAyC;AAGzC,0CAA0C;AAE1C;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAmCG;AACH,MAAa,WAAY,SAAQ,MAAM,CAAC,cAAc;IAClD;;;;;;;;OAQG;IACI,MAAM,CAAC,GAAG,CAAC,IAAY,EAAE,EAA2B,EAAE,KAAwB,EAAE,IAAmC;QACtH,OAAO,IAAI,WAAW,CAAC,IAAI,EAAO,KAAK,kCAAO,IAAI,KAAE,EAAE,EAAE,EAAE,IAAG,CAAC;IAClE,CAAC;IAKD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,WAAW,CAAC,YAAY,CAAC;IAC5D,CAAC;IAwED,YAAY,IAAY,EAAE,WAAgD,EAAE,IAAmC;QAC3G,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,EAAE,EAAE;YACT,MAAM,KAAK,GAAG,WAA2C,CAAC;YAC1D,cAAc,CAAC,UAAU,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,SAAS,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9D,cAAc,CAAC,eAAe,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1E,cAAc,CAAC,aAAa,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACtE,cAAc,CAAC,gBAAgB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5E,cAAc,CAAC,QAAQ,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5D,cAAc,CAAC,QAAQ,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5D,cAAc,CAAC,WAAW,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAClE,cAAc,CAAC,cAAc,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS,CAAC;YACxE,cAAc,CAAC,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACxD,cAAc,CAAC,OAAO,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1D,cAAc,CAAC,KAAK,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC;YACtD,cAAc,CAAC,OAAO,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;SAC7D;aAAM;YACH,MAAM,IAAI,GAAG,WAA0C,CAAC;YACxD,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,YAAY,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACzD,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC;aAC/D;YACD,cAAc,CAAC,SAAS,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5D,cAAc,CAAC,eAAe,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS,CAAC;YACxE,cAAc,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACpE,cAAc,CAAC,gBAAgB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1E,cAAc,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1D,cAAc,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1D,cAAc,CAAC,WAAW,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,cAAc,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS,CAAC;YACtE,cAAc,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACtD,cAAc,CAAC,OAAO,CAAC,GAAG,CAAA,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,KAAK,EAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9E,cAAc,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC;YACpD,cAAc,CAAC,OAAO,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;YACxD,cAAc,CAAC,UAAU,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;SAClD;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,MAAM,UAAU,GAAG,EAAE,uBAAuB,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC;QAC1D,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;QAC7C,KAAK,CAAC,WAAW,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,CAAC,CAAC;IAChE,CAAC;;AA3IL,kCA4IC;AA9HG,gBAAgB;AACO,wBAAY,GAAG,oCAAoC,CAAC"}
1
+ {"version":3,"file":"authBackend.js","sourceRoot":"","sources":["../../okta/authBackend.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAEjF,yCAAyC;AAGzC,0CAA0C;AAE1C;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAmCG;AACH,MAAa,WAAY,SAAQ,MAAM,CAAC,cAAc;IAClD;;;;;;;;OAQG;IACI,MAAM,CAAC,GAAG,CAAC,IAAY,EAAE,EAA2B,EAAE,KAAwB,EAAE,IAAmC;QACtH,OAAO,IAAI,WAAW,CAAC,IAAI,EAAO,KAAK,kCAAO,IAAI,KAAE,EAAE,EAAE,EAAE,IAAG,CAAC;IAClE,CAAC;IAKD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,WAAW,CAAC,YAAY,CAAC;IAC5D,CAAC;IAgHD,YAAY,IAAY,EAAE,WAAgD,EAAE,IAAmC;QAC3G,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,EAAE,EAAE;YACT,MAAM,KAAK,GAAG,WAA2C,CAAC;YAC1D,cAAc,CAAC,UAAU,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,SAAS,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9D,cAAc,CAAC,eAAe,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1E,cAAc,CAAC,aAAa,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACtE,cAAc,CAAC,gBAAgB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5E,cAAc,CAAC,QAAQ,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5D,cAAc,CAAC,QAAQ,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5D,cAAc,CAAC,WAAW,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAClE,cAAc,CAAC,cAAc,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS,CAAC;YACxE,cAAc,CAAC,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACxD,cAAc,CAAC,OAAO,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1D,cAAc,CAAC,iBAAiB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9E,cAAc,CAAC,qBAAqB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAC,CAAC,SAAS,CAAC;YACtF,cAAc,CAAC,aAAa,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACtE,cAAc,CAAC,sBAAsB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC,CAAC,SAAS,CAAC;YACxF,cAAc,CAAC,cAAc,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS,CAAC;YACxE,cAAc,CAAC,aAAa,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACtE,cAAc,CAAC,eAAe,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1E,cAAc,CAAC,UAAU,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,WAAW,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAClE,cAAc,CAAC,KAAK,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC;YACtD,cAAc,CAAC,OAAO,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;SAC7D;aAAM;YACH,MAAM,IAAI,GAAG,WAA0C,CAAC;YACxD,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,YAAY,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACzD,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC;aAC/D;YACD,cAAc,CAAC,SAAS,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5D,cAAc,CAAC,eAAe,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS,CAAC;YACxE,cAAc,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACpE,cAAc,CAAC,gBAAgB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1E,cAAc,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1D,cAAc,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1D,cAAc,CAAC,WAAW,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,cAAc,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS,CAAC;YACtE,cAAc,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACtD,cAAc,CAAC,OAAO,CAAC,GAAG,CAAA,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,KAAK,EAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9E,cAAc,CAAC,iBAAiB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5E,cAAc,CAAC,qBAAqB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC,CAAC,SAAS,CAAC;YACpF,cAAc,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACpE,cAAc,CAAC,sBAAsB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC,CAAC,SAAS,CAAC;YACtF,cAAc,CAAC,cAAc,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS,CAAC;YACtE,cAAc,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACpE,cAAc,CAAC,eAAe,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS,CAAC;YACxE,cAAc,CAAC,UAAU,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9D,cAAc,CAAC,WAAW,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC;YACpD,cAAc,CAAC,OAAO,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;YACxD,cAAc,CAAC,UAAU,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;SAClD;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,MAAM,UAAU,GAAG,EAAE,uBAAuB,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC;QAC1D,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;QAC7C,KAAK,CAAC,WAAW,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,CAAC,CAAC;IAChE,CAAC;;AArML,kCAsMC;AAxLG,gBAAgB;AACO,wBAAY,GAAG,oCAAoC,CAAC"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@pulumi/vault",
3
- "version": "6.2.0-alpha.1718953130",
3
+ "version": "6.2.0",
4
4
  "description": "A Pulumi package for creating and managing HashiCorp Vault cloud resources.",
5
5
  "keywords": [
6
6
  "pulumi",
@@ -23,6 +23,6 @@
23
23
  "pulumi": {
24
24
  "resource": true,
25
25
  "name": "vault",
26
- "version": "6.2.0-alpha.1718953130"
26
+ "version": "6.2.0"
27
27
  }
28
28
  }
@@ -0,0 +1,191 @@
1
+ import * as pulumi from "@pulumi/pulumi";
2
+ import * as inputs from "../types/input";
3
+ import * as outputs from "../types/output";
4
+ /**
5
+ * Allows setting the EST configuration on a PKI Secret Backend
6
+ *
7
+ * ## Import
8
+ *
9
+ * The PKI config cluster can be imported using the resource's `id`.
10
+ * In the case of the example above the `id` would be `pki-root/config/est`,
11
+ * where the `pki-root` component is the resource's `backend`, e.g.
12
+ *
13
+ * ```sh
14
+ * $ pulumi import vault:pkiSecret/backendConfigEst:BackendConfigEst example pki-root/config/est
15
+ * ```
16
+ */
17
+ export declare class BackendConfigEst extends pulumi.CustomResource {
18
+ /**
19
+ * Get an existing BackendConfigEst resource's state with the given name, ID, and optional extra
20
+ * properties used to qualify the lookup.
21
+ *
22
+ * @param name The _unique_ name of the resulting resource.
23
+ * @param id The _unique_ provider ID of the resource to lookup.
24
+ * @param state Any extra arguments used during the lookup.
25
+ * @param opts Optional settings to control the behavior of the CustomResource.
26
+ */
27
+ static get(name: string, id: pulumi.Input<pulumi.ID>, state?: BackendConfigEstState, opts?: pulumi.CustomResourceOptions): BackendConfigEst;
28
+ /**
29
+ * Returns true if the given object is an instance of BackendConfigEst. This is designed to work even
30
+ * when multiple copies of the Pulumi SDK have been loaded into the same process.
31
+ */
32
+ static isInstance(obj: any): obj is BackendConfigEst;
33
+ /**
34
+ * Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.
35
+ *
36
+ * <a id="nestedatt--authenticators"></a>
37
+ */
38
+ readonly auditFields: pulumi.Output<string[]>;
39
+ /**
40
+ * Lists the mount accessors EST should delegate authentication requests towards (see below for nested schema).
41
+ */
42
+ readonly authenticators: pulumi.Output<outputs.pkiSecret.BackendConfigEstAuthenticators>;
43
+ /**
44
+ * The path to the PKI secret backend to
45
+ * read the EST configuration from, with no leading or trailing `/`s.
46
+ */
47
+ readonly backend: pulumi.Output<string>;
48
+ /**
49
+ * If set, this mount will register the default `.well-known/est` URL path. Only a single mount can enable this across a Vault cluster.
50
+ */
51
+ readonly defaultMount: pulumi.Output<boolean | undefined>;
52
+ /**
53
+ * Required to be set if defaultMount is enabled. Specifies the behavior for requests using the default EST label. Can be sign-verbatim or a role given by role:<role_name>.
54
+ */
55
+ readonly defaultPathPolicy: pulumi.Output<string | undefined>;
56
+ /**
57
+ * If set, parse out fields from the provided CSR making them available for Sentinel policies.
58
+ */
59
+ readonly enableSentinelParsing: pulumi.Output<boolean | undefined>;
60
+ /**
61
+ * Specifies whether EST is enabled.
62
+ */
63
+ readonly enabled: pulumi.Output<boolean | undefined>;
64
+ /**
65
+ * Configures a pairing of an EST label with the redirected behavior for requests hitting that role. The path policy can be sign-verbatim or a role given by role:<role_name>. Labels must be unique across Vault cluster, and will register .well-known/est/<label> URL paths.
66
+ */
67
+ readonly labelToPathPolicy: pulumi.Output<{
68
+ [key: string]: any;
69
+ } | undefined>;
70
+ /**
71
+ * A read-only timestamp representing the last time the configuration was updated.
72
+ */
73
+ readonly lastUpdated: pulumi.Output<string>;
74
+ /**
75
+ * The namespace of the target resource.
76
+ * The value should not contain leading or trailing forward slashes.
77
+ * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
78
+ * *Available only for Vault Enterprise*.
79
+ */
80
+ readonly namespace: pulumi.Output<string | undefined>;
81
+ /**
82
+ * Create a BackendConfigEst resource with the given unique name, arguments, and options.
83
+ *
84
+ * @param name The _unique_ name of the resource.
85
+ * @param args The arguments to use to populate this resource's properties.
86
+ * @param opts A bag of options that control this resource's behavior.
87
+ */
88
+ constructor(name: string, args: BackendConfigEstArgs, opts?: pulumi.CustomResourceOptions);
89
+ }
90
+ /**
91
+ * Input properties used for looking up and filtering BackendConfigEst resources.
92
+ */
93
+ export interface BackendConfigEstState {
94
+ /**
95
+ * Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.
96
+ *
97
+ * <a id="nestedatt--authenticators"></a>
98
+ */
99
+ auditFields?: pulumi.Input<pulumi.Input<string>[]>;
100
+ /**
101
+ * Lists the mount accessors EST should delegate authentication requests towards (see below for nested schema).
102
+ */
103
+ authenticators?: pulumi.Input<inputs.pkiSecret.BackendConfigEstAuthenticators>;
104
+ /**
105
+ * The path to the PKI secret backend to
106
+ * read the EST configuration from, with no leading or trailing `/`s.
107
+ */
108
+ backend?: pulumi.Input<string>;
109
+ /**
110
+ * If set, this mount will register the default `.well-known/est` URL path. Only a single mount can enable this across a Vault cluster.
111
+ */
112
+ defaultMount?: pulumi.Input<boolean>;
113
+ /**
114
+ * Required to be set if defaultMount is enabled. Specifies the behavior for requests using the default EST label. Can be sign-verbatim or a role given by role:<role_name>.
115
+ */
116
+ defaultPathPolicy?: pulumi.Input<string>;
117
+ /**
118
+ * If set, parse out fields from the provided CSR making them available for Sentinel policies.
119
+ */
120
+ enableSentinelParsing?: pulumi.Input<boolean>;
121
+ /**
122
+ * Specifies whether EST is enabled.
123
+ */
124
+ enabled?: pulumi.Input<boolean>;
125
+ /**
126
+ * Configures a pairing of an EST label with the redirected behavior for requests hitting that role. The path policy can be sign-verbatim or a role given by role:<role_name>. Labels must be unique across Vault cluster, and will register .well-known/est/<label> URL paths.
127
+ */
128
+ labelToPathPolicy?: pulumi.Input<{
129
+ [key: string]: any;
130
+ }>;
131
+ /**
132
+ * A read-only timestamp representing the last time the configuration was updated.
133
+ */
134
+ lastUpdated?: pulumi.Input<string>;
135
+ /**
136
+ * The namespace of the target resource.
137
+ * The value should not contain leading or trailing forward slashes.
138
+ * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
139
+ * *Available only for Vault Enterprise*.
140
+ */
141
+ namespace?: pulumi.Input<string>;
142
+ }
143
+ /**
144
+ * The set of arguments for constructing a BackendConfigEst resource.
145
+ */
146
+ export interface BackendConfigEstArgs {
147
+ /**
148
+ * Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.
149
+ *
150
+ * <a id="nestedatt--authenticators"></a>
151
+ */
152
+ auditFields?: pulumi.Input<pulumi.Input<string>[]>;
153
+ /**
154
+ * Lists the mount accessors EST should delegate authentication requests towards (see below for nested schema).
155
+ */
156
+ authenticators?: pulumi.Input<inputs.pkiSecret.BackendConfigEstAuthenticators>;
157
+ /**
158
+ * The path to the PKI secret backend to
159
+ * read the EST configuration from, with no leading or trailing `/`s.
160
+ */
161
+ backend: pulumi.Input<string>;
162
+ /**
163
+ * If set, this mount will register the default `.well-known/est` URL path. Only a single mount can enable this across a Vault cluster.
164
+ */
165
+ defaultMount?: pulumi.Input<boolean>;
166
+ /**
167
+ * Required to be set if defaultMount is enabled. Specifies the behavior for requests using the default EST label. Can be sign-verbatim or a role given by role:<role_name>.
168
+ */
169
+ defaultPathPolicy?: pulumi.Input<string>;
170
+ /**
171
+ * If set, parse out fields from the provided CSR making them available for Sentinel policies.
172
+ */
173
+ enableSentinelParsing?: pulumi.Input<boolean>;
174
+ /**
175
+ * Specifies whether EST is enabled.
176
+ */
177
+ enabled?: pulumi.Input<boolean>;
178
+ /**
179
+ * Configures a pairing of an EST label with the redirected behavior for requests hitting that role. The path policy can be sign-verbatim or a role given by role:<role_name>. Labels must be unique across Vault cluster, and will register .well-known/est/<label> URL paths.
180
+ */
181
+ labelToPathPolicy?: pulumi.Input<{
182
+ [key: string]: any;
183
+ }>;
184
+ /**
185
+ * The namespace of the target resource.
186
+ * The value should not contain leading or trailing forward slashes.
187
+ * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
188
+ * *Available only for Vault Enterprise*.
189
+ */
190
+ namespace?: pulumi.Input<string>;
191
+ }
@@ -0,0 +1,83 @@
1
+ "use strict";
2
+ // *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
3
+ // *** Do not edit by hand unless you're certain you know what you are doing! ***
4
+ Object.defineProperty(exports, "__esModule", { value: true });
5
+ exports.BackendConfigEst = void 0;
6
+ const pulumi = require("@pulumi/pulumi");
7
+ const utilities = require("../utilities");
8
+ /**
9
+ * Allows setting the EST configuration on a PKI Secret Backend
10
+ *
11
+ * ## Import
12
+ *
13
+ * The PKI config cluster can be imported using the resource's `id`.
14
+ * In the case of the example above the `id` would be `pki-root/config/est`,
15
+ * where the `pki-root` component is the resource's `backend`, e.g.
16
+ *
17
+ * ```sh
18
+ * $ pulumi import vault:pkiSecret/backendConfigEst:BackendConfigEst example pki-root/config/est
19
+ * ```
20
+ */
21
+ class BackendConfigEst extends pulumi.CustomResource {
22
+ /**
23
+ * Get an existing BackendConfigEst resource's state with the given name, ID, and optional extra
24
+ * properties used to qualify the lookup.
25
+ *
26
+ * @param name The _unique_ name of the resulting resource.
27
+ * @param id The _unique_ provider ID of the resource to lookup.
28
+ * @param state Any extra arguments used during the lookup.
29
+ * @param opts Optional settings to control the behavior of the CustomResource.
30
+ */
31
+ static get(name, id, state, opts) {
32
+ return new BackendConfigEst(name, state, Object.assign(Object.assign({}, opts), { id: id }));
33
+ }
34
+ /**
35
+ * Returns true if the given object is an instance of BackendConfigEst. This is designed to work even
36
+ * when multiple copies of the Pulumi SDK have been loaded into the same process.
37
+ */
38
+ static isInstance(obj) {
39
+ if (obj === undefined || obj === null) {
40
+ return false;
41
+ }
42
+ return obj['__pulumiType'] === BackendConfigEst.__pulumiType;
43
+ }
44
+ constructor(name, argsOrState, opts) {
45
+ let resourceInputs = {};
46
+ opts = opts || {};
47
+ if (opts.id) {
48
+ const state = argsOrState;
49
+ resourceInputs["auditFields"] = state ? state.auditFields : undefined;
50
+ resourceInputs["authenticators"] = state ? state.authenticators : undefined;
51
+ resourceInputs["backend"] = state ? state.backend : undefined;
52
+ resourceInputs["defaultMount"] = state ? state.defaultMount : undefined;
53
+ resourceInputs["defaultPathPolicy"] = state ? state.defaultPathPolicy : undefined;
54
+ resourceInputs["enableSentinelParsing"] = state ? state.enableSentinelParsing : undefined;
55
+ resourceInputs["enabled"] = state ? state.enabled : undefined;
56
+ resourceInputs["labelToPathPolicy"] = state ? state.labelToPathPolicy : undefined;
57
+ resourceInputs["lastUpdated"] = state ? state.lastUpdated : undefined;
58
+ resourceInputs["namespace"] = state ? state.namespace : undefined;
59
+ }
60
+ else {
61
+ const args = argsOrState;
62
+ if ((!args || args.backend === undefined) && !opts.urn) {
63
+ throw new Error("Missing required property 'backend'");
64
+ }
65
+ resourceInputs["auditFields"] = args ? args.auditFields : undefined;
66
+ resourceInputs["authenticators"] = args ? args.authenticators : undefined;
67
+ resourceInputs["backend"] = args ? args.backend : undefined;
68
+ resourceInputs["defaultMount"] = args ? args.defaultMount : undefined;
69
+ resourceInputs["defaultPathPolicy"] = args ? args.defaultPathPolicy : undefined;
70
+ resourceInputs["enableSentinelParsing"] = args ? args.enableSentinelParsing : undefined;
71
+ resourceInputs["enabled"] = args ? args.enabled : undefined;
72
+ resourceInputs["labelToPathPolicy"] = args ? args.labelToPathPolicy : undefined;
73
+ resourceInputs["namespace"] = args ? args.namespace : undefined;
74
+ resourceInputs["lastUpdated"] = undefined /*out*/;
75
+ }
76
+ opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts);
77
+ super(BackendConfigEst.__pulumiType, name, resourceInputs, opts);
78
+ }
79
+ }
80
+ exports.BackendConfigEst = BackendConfigEst;
81
+ /** @internal */
82
+ BackendConfigEst.__pulumiType = 'vault:pkiSecret/backendConfigEst:BackendConfigEst';
83
+ //# sourceMappingURL=backendConfigEst.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"backendConfigEst.js","sourceRoot":"","sources":["../../pkisecret/backendConfigEst.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAEjF,yCAAyC;AAGzC,0CAA0C;AAE1C;;;;;;;;;;;;GAYG;AACH,MAAa,gBAAiB,SAAQ,MAAM,CAAC,cAAc;IACvD;;;;;;;;OAQG;IACI,MAAM,CAAC,GAAG,CAAC,IAAY,EAAE,EAA2B,EAAE,KAA6B,EAAE,IAAmC;QAC3H,OAAO,IAAI,gBAAgB,CAAC,IAAI,EAAO,KAAK,kCAAO,IAAI,KAAE,EAAE,EAAE,EAAE,IAAG,CAAC;IACvE,CAAC;IAKD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,gBAAgB,CAAC,YAAY,CAAC;IACjE,CAAC;IAyDD,YAAY,IAAY,EAAE,WAA0D,EAAE,IAAmC;QACrH,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,EAAE,EAAE;YACT,MAAM,KAAK,GAAG,WAAgD,CAAC;YAC/D,cAAc,CAAC,aAAa,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACtE,cAAc,CAAC,gBAAgB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5E,cAAc,CAAC,SAAS,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9D,cAAc,CAAC,cAAc,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS,CAAC;YACxE,cAAc,CAAC,mBAAmB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC,CAAC,SAAS,CAAC;YAClF,cAAc,CAAC,uBAAuB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1F,cAAc,CAAC,SAAS,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9D,cAAc,CAAC,mBAAmB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC,CAAC,SAAS,CAAC;YAClF,cAAc,CAAC,aAAa,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACtE,cAAc,CAAC,WAAW,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;SACrE;aAAM;YACH,MAAM,IAAI,GAAG,WAA+C,CAAC;YAC7D,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,OAAO,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACpD,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;aAC1D;YACD,cAAc,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACpE,cAAc,CAAC,gBAAgB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1E,cAAc,CAAC,SAAS,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5D,cAAc,CAAC,cAAc,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS,CAAC;YACtE,cAAc,CAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,CAAC,SAAS,CAAC;YAChF,cAAc,CAAC,uBAAuB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC,CAAC,SAAS,CAAC;YACxF,cAAc,CAAC,SAAS,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5D,cAAc,CAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,CAAC,SAAS,CAAC;YAChF,cAAc,CAAC,WAAW,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,aAAa,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;SACrD;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,KAAK,CAAC,gBAAgB,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,CAAC,CAAC;IACrE,CAAC;;AApHL,4CAqHC;AAvGG,gBAAgB;AACO,6BAAY,GAAG,mDAAmD,CAAC"}
@@ -0,0 +1,117 @@
1
+ import * as pulumi from "@pulumi/pulumi";
2
+ import * as outputs from "../types/output";
3
+ /**
4
+ * ## Example Usage
5
+ *
6
+ * ```typescript
7
+ * import * as pulumi from "@pulumi/pulumi";
8
+ * import * as vault from "@pulumi/vault";
9
+ *
10
+ * const pki = new vault.Mount("pki", {
11
+ * path: "pki",
12
+ * type: "pki",
13
+ * description: "PKI secret engine mount",
14
+ * });
15
+ * const estConfig = vault.pkiSecret.getBackendConfigEstOutput({
16
+ * backend: pki.path,
17
+ * });
18
+ * ```
19
+ */
20
+ export declare function getBackendConfigEst(args: GetBackendConfigEstArgs, opts?: pulumi.InvokeOptions): Promise<GetBackendConfigEstResult>;
21
+ /**
22
+ * A collection of arguments for invoking getBackendConfigEst.
23
+ */
24
+ export interface GetBackendConfigEstArgs {
25
+ /**
26
+ * The path to the PKI secret backend to
27
+ * read the EST configuration from, with no leading or trailing `/`s.
28
+ */
29
+ backend: string;
30
+ /**
31
+ * The namespace of the target resource.
32
+ * The value should not contain leading or trailing forward slashes.
33
+ * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
34
+ * *Available only for Vault Enterprise*.
35
+ */
36
+ namespace?: string;
37
+ }
38
+ /**
39
+ * A collection of values returned by getBackendConfigEst.
40
+ */
41
+ export interface GetBackendConfigEstResult {
42
+ /**
43
+ * Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.
44
+ */
45
+ readonly auditFields: string[];
46
+ /**
47
+ * Lists the mount accessors EST should delegate authentication requests towards (see below for nested schema).
48
+ */
49
+ readonly authenticators: outputs.pkiSecret.GetBackendConfigEstAuthenticator[];
50
+ readonly backend: string;
51
+ /**
52
+ * If set, this mount is registered as the default `.well-known/est` URL path. Only a single mount can enable this across a Vault cluster.
53
+ */
54
+ readonly defaultMount: boolean;
55
+ /**
56
+ * Required to be set if defaultMount is enabled. Specifies the behavior for requests using the default EST label. Can be sign-verbatim or a role given by role:<role_name>.
57
+ */
58
+ readonly defaultPathPolicy: string;
59
+ /**
60
+ * If set, parse out fields from the provided CSR making them available for Sentinel policies.
61
+ */
62
+ readonly enableSentinelParsing: boolean;
63
+ /**
64
+ * Specifies whether EST is enabled.
65
+ */
66
+ readonly enabled: boolean;
67
+ /**
68
+ * The provider-assigned unique ID for this managed resource.
69
+ */
70
+ readonly id: string;
71
+ /**
72
+ * A pairing of an EST label with the redirected behavior for requests hitting that role. The path policy can be sign-verbatim or a role given by role:<role_name>. Labels must be unique across Vault cluster, and will register .well-known/est/<label> URL paths.
73
+ */
74
+ readonly labelToPathPolicy: {
75
+ [key: string]: any;
76
+ };
77
+ /**
78
+ * A read-only timestamp representing the last time the configuration was updated.
79
+ */
80
+ readonly lastUpdated: string;
81
+ readonly namespace?: string;
82
+ }
83
+ /**
84
+ * ## Example Usage
85
+ *
86
+ * ```typescript
87
+ * import * as pulumi from "@pulumi/pulumi";
88
+ * import * as vault from "@pulumi/vault";
89
+ *
90
+ * const pki = new vault.Mount("pki", {
91
+ * path: "pki",
92
+ * type: "pki",
93
+ * description: "PKI secret engine mount",
94
+ * });
95
+ * const estConfig = vault.pkiSecret.getBackendConfigEstOutput({
96
+ * backend: pki.path,
97
+ * });
98
+ * ```
99
+ */
100
+ export declare function getBackendConfigEstOutput(args: GetBackendConfigEstOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output<GetBackendConfigEstResult>;
101
+ /**
102
+ * A collection of arguments for invoking getBackendConfigEst.
103
+ */
104
+ export interface GetBackendConfigEstOutputArgs {
105
+ /**
106
+ * The path to the PKI secret backend to
107
+ * read the EST configuration from, with no leading or trailing `/`s.
108
+ */
109
+ backend: pulumi.Input<string>;
110
+ /**
111
+ * The namespace of the target resource.
112
+ * The value should not contain leading or trailing forward slashes.
113
+ * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
114
+ * *Available only for Vault Enterprise*.
115
+ */
116
+ namespace?: pulumi.Input<string>;
117
+ }