pulumi-azuredevops 3.5.0a1735017670__py3-none-any.whl → 3.6.0__py3-none-any.whl

pulumi_azuredevops/service_endpoint_aws.py

@@ -19,31 +19,33 @@ __all__ = ['ServiceEndpointAwsArgs', 'ServiceEndpointAws']
 @pulumi.input_type
 class ServiceEndpointAwsArgs:
     def __init__(__self__, *,
-                 access_key_id: pulumi.Input[str],
                  project_id: pulumi.Input[str],
-                 secret_access_key: pulumi.Input[str],
                  service_endpoint_name: pulumi.Input[str],
+                 access_key_id: Optional[pulumi.Input[str]] = None,
                  authorization: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
                  description: Optional[pulumi.Input[str]] = None,
                  external_id: Optional[pulumi.Input[str]] = None,
                  role_session_name: Optional[pulumi.Input[str]] = None,
                  role_to_assume: Optional[pulumi.Input[str]] = None,
-                 session_token: Optional[pulumi.Input[str]] = None):
+                 secret_access_key: Optional[pulumi.Input[str]] = None,
+                 session_token: Optional[pulumi.Input[str]] = None,
+                 use_oidc: Optional[pulumi.Input[bool]] = None):
         """
         The set of arguments for constructing a ServiceEndpointAws resource.
-        :param pulumi.Input[str] access_key_id: The AWS access key ID for signing programmatic requests.
         :param pulumi.Input[str] project_id: The ID of the project.
-        :param pulumi.Input[str] secret_access_key: The AWS secret access key for signing programmatic requests.
         :param pulumi.Input[str] service_endpoint_name: The Service Endpoint name.
+        :param pulumi.Input[str] access_key_id: The AWS access key ID for signing programmatic requests.
         :param pulumi.Input[str] external_id: A unique identifier that is used by third parties when assuming roles in their customers' accounts, aka cross-account role access.
         :param pulumi.Input[str] role_session_name: Optional identifier for the assumed role session.
         :param pulumi.Input[str] role_to_assume: The Amazon Resource Name (ARN) of the role to assume.
+        :param pulumi.Input[str] secret_access_key: The AWS secret access key for signing programmatic requests.
         :param pulumi.Input[str] session_token: The AWS session token for signing programmatic requests.
+        :param pulumi.Input[bool] use_oidc: Enable this to attempt getting credentials with OIDC token from Azure Devops.
         """
-        pulumi.set(__self__, "access_key_id", access_key_id)
         pulumi.set(__self__, "project_id", project_id)
-        pulumi.set(__self__, "secret_access_key", secret_access_key)
         pulumi.set(__self__, "service_endpoint_name", service_endpoint_name)
+        if access_key_id is not None:
+            pulumi.set(__self__, "access_key_id", access_key_id)
         if authorization is not None:
             pulumi.set(__self__, "authorization", authorization)
         if description is not None:
@@ -54,20 +56,12 @@ class ServiceEndpointAwsArgs:
             pulumi.set(__self__, "role_session_name", role_session_name)
         if role_to_assume is not None:
             pulumi.set(__self__, "role_to_assume", role_to_assume)
+        if secret_access_key is not None:
+            pulumi.set(__self__, "secret_access_key", secret_access_key)
         if session_token is not None:
             pulumi.set(__self__, "session_token", session_token)
-
-    @property
-    @pulumi.getter(name="accessKeyId")
-    def access_key_id(self) -> pulumi.Input[str]:
-        """
-        The AWS access key ID for signing programmatic requests.
-        """
-        return pulumi.get(self, "access_key_id")
-
-    @access_key_id.setter
-    def access_key_id(self, value: pulumi.Input[str]):
-        pulumi.set(self, "access_key_id", value)
+        if use_oidc is not None:
+            pulumi.set(__self__, "use_oidc", use_oidc)
 
     @property
     @pulumi.getter(name="projectId")
@@ -81,18 +75,6 @@ class ServiceEndpointAwsArgs:
     def project_id(self, value: pulumi.Input[str]):
         pulumi.set(self, "project_id", value)
 
-    @property
-    @pulumi.getter(name="secretAccessKey")
-    def secret_access_key(self) -> pulumi.Input[str]:
-        """
-        The AWS secret access key for signing programmatic requests.
-        """
-        return pulumi.get(self, "secret_access_key")
-
-    @secret_access_key.setter
-    def secret_access_key(self, value: pulumi.Input[str]):
-        pulumi.set(self, "secret_access_key", value)
-
     @property
     @pulumi.getter(name="serviceEndpointName")
     def service_endpoint_name(self) -> pulumi.Input[str]:
@@ -105,6 +87,18 @@ class ServiceEndpointAwsArgs:
     def service_endpoint_name(self, value: pulumi.Input[str]):
         pulumi.set(self, "service_endpoint_name", value)
 
+    @property
+    @pulumi.getter(name="accessKeyId")
+    def access_key_id(self) -> Optional[pulumi.Input[str]]:
+        """
+        The AWS access key ID for signing programmatic requests.
+        """
+        return pulumi.get(self, "access_key_id")
+
+    @access_key_id.setter
+    def access_key_id(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "access_key_id", value)
+
     @property
     @pulumi.getter
     def authorization(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
@@ -159,6 +153,18 @@ class ServiceEndpointAwsArgs:
     def role_to_assume(self, value: Optional[pulumi.Input[str]]):
         pulumi.set(self, "role_to_assume", value)
 
+    @property
+    @pulumi.getter(name="secretAccessKey")
+    def secret_access_key(self) -> Optional[pulumi.Input[str]]:
+        """
+        The AWS secret access key for signing programmatic requests.
+        """
+        return pulumi.get(self, "secret_access_key")
+
+    @secret_access_key.setter
+    def secret_access_key(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "secret_access_key", value)
+
     @property
     @pulumi.getter(name="sessionToken")
     def session_token(self) -> Optional[pulumi.Input[str]]:
@@ -171,6 +177,18 @@ class ServiceEndpointAwsArgs:
     def session_token(self, value: Optional[pulumi.Input[str]]):
         pulumi.set(self, "session_token", value)
 
+    @property
+    @pulumi.getter(name="useOidc")
+    def use_oidc(self) -> Optional[pulumi.Input[bool]]:
+        """
+        Enable this to attempt getting credentials with OIDC token from Azure Devops.
+        """
+        return pulumi.get(self, "use_oidc")
+
+    @use_oidc.setter
+    def use_oidc(self, value: Optional[pulumi.Input[bool]]):
+        pulumi.set(self, "use_oidc", value)
+
 
 @pulumi.input_type
 class _ServiceEndpointAwsState:
@@ -184,7 +202,8 @@ class _ServiceEndpointAwsState:
                  role_to_assume: Optional[pulumi.Input[str]] = None,
                  secret_access_key: Optional[pulumi.Input[str]] = None,
                  service_endpoint_name: Optional[pulumi.Input[str]] = None,
-                 session_token: Optional[pulumi.Input[str]] = None):
+                 session_token: Optional[pulumi.Input[str]] = None,
+                 use_oidc: Optional[pulumi.Input[bool]] = None):
         """
         Input properties used for looking up and filtering ServiceEndpointAws resources.
         :param pulumi.Input[str] access_key_id: The AWS access key ID for signing programmatic requests.
@@ -195,6 +214,7 @@ class _ServiceEndpointAwsState:
         :param pulumi.Input[str] secret_access_key: The AWS secret access key for signing programmatic requests.
         :param pulumi.Input[str] service_endpoint_name: The Service Endpoint name.
         :param pulumi.Input[str] session_token: The AWS session token for signing programmatic requests.
+        :param pulumi.Input[bool] use_oidc: Enable this to attempt getting credentials with OIDC token from Azure Devops.
         """
         if access_key_id is not None:
             pulumi.set(__self__, "access_key_id", access_key_id)
@@ -216,6 +236,8 @@ class _ServiceEndpointAwsState:
             pulumi.set(__self__, "service_endpoint_name", service_endpoint_name)
         if session_token is not None:
             pulumi.set(__self__, "session_token", session_token)
+        if use_oidc is not None:
+            pulumi.set(__self__, "use_oidc", use_oidc)
 
     @property
     @pulumi.getter(name="accessKeyId")
@@ -331,6 +353,18 @@ class _ServiceEndpointAwsState:
     def session_token(self, value: Optional[pulumi.Input[str]]):
         pulumi.set(self, "session_token", value)
 
+    @property
+    @pulumi.getter(name="useOidc")
+    def use_oidc(self) -> Optional[pulumi.Input[bool]]:
+        """
+        Enable this to attempt getting credentials with OIDC token from Azure Devops.
+        """
+        return pulumi.get(self, "use_oidc")
+
+    @use_oidc.setter
+    def use_oidc(self, value: Optional[pulumi.Input[bool]]):
+        pulumi.set(self, "use_oidc", value)
+
 
 class ServiceEndpointAws(pulumi.CustomResource):
     @overload
@@ -347,6 +381,7 @@ class ServiceEndpointAws(pulumi.CustomResource):
                  secret_access_key: Optional[pulumi.Input[str]] = None,
                  service_endpoint_name: Optional[pulumi.Input[str]] = None,
                  session_token: Optional[pulumi.Input[str]] = None,
+                 use_oidc: Optional[pulumi.Input[bool]] = None,
                  __props__=None):
         """
         Manages a AWS service endpoint within Azure DevOps. Using this service endpoint requires you to first install [AWS Toolkit for Azure DevOps](https://marketplace.visualstudio.com/items?itemName=AmazonWebServices.aws-vsts-tools).
@@ -378,7 +413,7 @@ class ServiceEndpointAws(pulumi.CustomResource):
 
         ## Import
 
-        Azure DevOps Service Endpoint AWS can be imported using **projectID/serviceEndpointID** or **projectName/serviceEndpointID**
+        Azure DevOps AWS Service Endpoint can be imported using **projectID/serviceEndpointID** or **projectName/serviceEndpointID**
 
         ```sh
         $ pulumi import azuredevops:index/serviceEndpointAws:ServiceEndpointAws azuredevops_serviceendpoint_aws.example 00000000-0000-0000-0000-000000000000/00000000-0000-0000-0000-000000000000
@@ -394,6 +429,7 @@ class ServiceEndpointAws(pulumi.CustomResource):
         :param pulumi.Input[str] secret_access_key: The AWS secret access key for signing programmatic requests.
         :param pulumi.Input[str] service_endpoint_name: The Service Endpoint name.
         :param pulumi.Input[str] session_token: The AWS session token for signing programmatic requests.
+        :param pulumi.Input[bool] use_oidc: Enable this to attempt getting credentials with OIDC token from Azure Devops.
         """
         ...
     @overload
@@ -431,7 +467,7 @@ class ServiceEndpointAws(pulumi.CustomResource):
 
         ## Import
 
-        Azure DevOps Service Endpoint AWS can be imported using **projectID/serviceEndpointID** or **projectName/serviceEndpointID**
+        Azure DevOps AWS Service Endpoint can be imported using **projectID/serviceEndpointID** or **projectName/serviceEndpointID**
 
         ```sh
         $ pulumi import azuredevops:index/serviceEndpointAws:ServiceEndpointAws azuredevops_serviceendpoint_aws.example 00000000-0000-0000-0000-000000000000/00000000-0000-0000-0000-000000000000
@@ -462,6 +498,7 @@ class ServiceEndpointAws(pulumi.CustomResource):
                  secret_access_key: Optional[pulumi.Input[str]] = None,
                  service_endpoint_name: Optional[pulumi.Input[str]] = None,
                  session_token: Optional[pulumi.Input[str]] = None,
+                 use_oidc: Optional[pulumi.Input[bool]] = None,
                  __props__=None):
         opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
         if not isinstance(opts, pulumi.ResourceOptions):
@@ -471,8 +508,6 @@ class ServiceEndpointAws(pulumi.CustomResource):
                 raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource')
             __props__ = ServiceEndpointAwsArgs.__new__(ServiceEndpointAwsArgs)
 
-            if access_key_id is None and not opts.urn:
-                raise TypeError("Missing required property 'access_key_id'")
             __props__.__dict__["access_key_id"] = access_key_id
             __props__.__dict__["authorization"] = authorization
             __props__.__dict__["description"] = description
@@ -482,13 +517,12 @@ class ServiceEndpointAws(pulumi.CustomResource):
             __props__.__dict__["project_id"] = project_id
             __props__.__dict__["role_session_name"] = role_session_name
             __props__.__dict__["role_to_assume"] = role_to_assume
-            if secret_access_key is None and not opts.urn:
-                raise TypeError("Missing required property 'secret_access_key'")
             __props__.__dict__["secret_access_key"] = None if secret_access_key is None else pulumi.Output.secret(secret_access_key)
             if service_endpoint_name is None and not opts.urn:
                 raise TypeError("Missing required property 'service_endpoint_name'")
             __props__.__dict__["service_endpoint_name"] = service_endpoint_name
             __props__.__dict__["session_token"] = None if session_token is None else pulumi.Output.secret(session_token)
+            __props__.__dict__["use_oidc"] = use_oidc
         secret_opts = pulumi.ResourceOptions(additional_secret_outputs=["secretAccessKey", "sessionToken"])
         opts = pulumi.ResourceOptions.merge(opts, secret_opts)
         super(ServiceEndpointAws, __self__).__init__(
@@ -510,7 +544,8 @@ class ServiceEndpointAws(pulumi.CustomResource):
             role_to_assume: Optional[pulumi.Input[str]] = None,
             secret_access_key: Optional[pulumi.Input[str]] = None,
             service_endpoint_name: Optional[pulumi.Input[str]] = None,
-            session_token: Optional[pulumi.Input[str]] = None) -> 'ServiceEndpointAws':
+            session_token: Optional[pulumi.Input[str]] = None,
+            use_oidc: Optional[pulumi.Input[bool]] = None) -> 'ServiceEndpointAws':
         """
         Get an existing ServiceEndpointAws resource's state with the given name, id, and optional extra
         properties used to qualify the lookup.
@@ -526,6 +561,7 @@ class ServiceEndpointAws(pulumi.CustomResource):
         :param pulumi.Input[str] secret_access_key: The AWS secret access key for signing programmatic requests.
         :param pulumi.Input[str] service_endpoint_name: The Service Endpoint name.
         :param pulumi.Input[str] session_token: The AWS session token for signing programmatic requests.
+        :param pulumi.Input[bool] use_oidc: Enable this to attempt getting credentials with OIDC token from Azure Devops.
         """
         opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
 
@@ -541,11 +577,12 @@ class ServiceEndpointAws(pulumi.CustomResource):
         __props__.__dict__["secret_access_key"] = secret_access_key
         __props__.__dict__["service_endpoint_name"] = service_endpoint_name
         __props__.__dict__["session_token"] = session_token
+        __props__.__dict__["use_oidc"] = use_oidc
         return ServiceEndpointAws(resource_name, opts=opts, __props__=__props__)
 
     @property
     @pulumi.getter(name="accessKeyId")
-    def access_key_id(self) -> pulumi.Output[str]:
+    def access_key_id(self) -> pulumi.Output[Optional[str]]:
         """
         The AWS access key ID for signing programmatic requests.
         """
@@ -595,7 +632,7 @@ class ServiceEndpointAws(pulumi.CustomResource):
 
     @property
     @pulumi.getter(name="secretAccessKey")
-    def secret_access_key(self) -> pulumi.Output[str]:
+    def secret_access_key(self) -> pulumi.Output[Optional[str]]:
         """
         The AWS secret access key for signing programmatic requests.
         """
@@ -617,3 +654,11 @@ class ServiceEndpointAws(pulumi.CustomResource):
         """
         return pulumi.get(self, "session_token")
 
+    @property
+    @pulumi.getter(name="useOidc")
+    def use_oidc(self) -> pulumi.Output[Optional[bool]]:
+        """
+        Enable this to attempt getting credentials with OIDC token from Azure Devops.
+        """
+        return pulumi.get(self, "use_oidc")
+

pulumi_azuredevops/service_endpoint_azure_ecr.py

@@ -40,7 +40,7 @@ class ServiceEndpointAzureEcrArgs:
         :param pulumi.Input[str] azurecr_subscription_name: The subscription name of the Azure targets.
         :param pulumi.Input[str] project_id: The ID of the project.
         :param pulumi.Input[str] service_endpoint_name: The name you will use to refer to this service connection in task inputs.
-        :param pulumi.Input['ServiceEndpointAzureEcrCredentialsArgs'] credentials: A `credentials` block.
+        :param pulumi.Input['ServiceEndpointAzureEcrCredentialsArgs'] credentials: A `credentials` block as defined below.
         :param pulumi.Input[str] resource_group: The resource group to which the container registry belongs.
         :param pulumi.Input[str] service_endpoint_authentication_scheme: Specifies the type of azurerm endpoint, either `WorkloadIdentityFederation`, `ManagedServiceIdentity` or `ServicePrincipal`. Defaults to `ServicePrincipal` for backwards compatibility. `ManagedServiceIdentity` has not yet been implemented for this resource.
         """
@@ -146,7 +146,7 @@ class ServiceEndpointAzureEcrArgs:
     @pulumi.getter
     def credentials(self) -> Optional[pulumi.Input['ServiceEndpointAzureEcrCredentialsArgs']]:
         """
-        A `credentials` block.
+        A `credentials` block as defined below.
         """
         return pulumi.get(self, "credentials")
 
@@ -215,7 +215,7 @@ class _ServiceEndpointAzureEcrState:
         :param pulumi.Input[str] azurecr_spn_tenantid: The tenant id of the service principal.
         :param pulumi.Input[str] azurecr_subscription_id: The subscription id of the Azure targets.
         :param pulumi.Input[str] azurecr_subscription_name: The subscription name of the Azure targets.
-        :param pulumi.Input['ServiceEndpointAzureEcrCredentialsArgs'] credentials: A `credentials` block.
+        :param pulumi.Input['ServiceEndpointAzureEcrCredentialsArgs'] credentials: A `credentials` block as defined below.
         :param pulumi.Input[str] project_id: The ID of the project.
         :param pulumi.Input[str] resource_group: The resource group to which the container registry belongs.
         :param pulumi.Input[str] service_endpoint_authentication_scheme: Specifies the type of azurerm endpoint, either `WorkloadIdentityFederation`, `ManagedServiceIdentity` or `ServicePrincipal`. Defaults to `ServicePrincipal` for backwards compatibility. `ManagedServiceIdentity` has not yet been implemented for this resource.
@@ -349,7 +349,7 @@ class _ServiceEndpointAzureEcrState:
     @pulumi.getter
     def credentials(self) -> Optional[pulumi.Input['ServiceEndpointAzureEcrCredentialsArgs']]:
         """
-        A `credentials` block.
+        A `credentials` block as defined below.
         """
         return pulumi.get(self, "credentials")
 
@@ -482,8 +482,7 @@ class ServiceEndpointAzureEcr(pulumi.CustomResource):
 
         ## Example Usage
 
-        ### Service Principal
-
+        ### Authorize with Service Principal
         ```python
         import pulumi
         import pulumi_azuredevops as azuredevops
@@ -505,7 +504,7 @@ class ServiceEndpointAzureEcr(pulumi.CustomResource):
             azurecr_subscription_name="subscription name")
         ```
 
-        ### WorkloadIdentityFederation
+        ### Authorize with WorkloadIdentityFederation
 
         ```python
         import pulumi
@@ -554,7 +553,7 @@ class ServiceEndpointAzureEcr(pulumi.CustomResource):
 
         ## Import
 
-        Azure DevOps Service Endpoint Azure Container Registry can be imported using **projectID/serviceEndpointID** or **projectName/serviceEndpointID**
+        Azure DevOps Azure Container Registry Service Endpoint can be imported using **projectID/serviceEndpointID** or **projectName/serviceEndpointID**
 
         ```sh
         $ pulumi import azuredevops:index/serviceEndpointAzureEcr:ServiceEndpointAzureEcr example 00000000-0000-0000-0000-000000000000/00000000-0000-0000-0000-000000000000
@@ -566,7 +565,7 @@ class ServiceEndpointAzureEcr(pulumi.CustomResource):
         :param pulumi.Input[str] azurecr_spn_tenantid: The tenant id of the service principal.
         :param pulumi.Input[str] azurecr_subscription_id: The subscription id of the Azure targets.
         :param pulumi.Input[str] azurecr_subscription_name: The subscription name of the Azure targets.
-        :param pulumi.Input[Union['ServiceEndpointAzureEcrCredentialsArgs', 'ServiceEndpointAzureEcrCredentialsArgsDict']] credentials: A `credentials` block.
+        :param pulumi.Input[Union['ServiceEndpointAzureEcrCredentialsArgs', 'ServiceEndpointAzureEcrCredentialsArgsDict']] credentials: A `credentials` block as defined below.
         :param pulumi.Input[str] project_id: The ID of the project.
         :param pulumi.Input[str] resource_group: The resource group to which the container registry belongs.
         :param pulumi.Input[str] service_endpoint_authentication_scheme: Specifies the type of azurerm endpoint, either `WorkloadIdentityFederation`, `ManagedServiceIdentity` or `ServicePrincipal`. Defaults to `ServicePrincipal` for backwards compatibility. `ManagedServiceIdentity` has not yet been implemented for this resource.
@@ -583,8 +582,7 @@ class ServiceEndpointAzureEcr(pulumi.CustomResource):
 
         ## Example Usage
 
-        ### Service Principal
-
+        ### Authorize with Service Principal
         ```python
         import pulumi
         import pulumi_azuredevops as azuredevops
@@ -606,7 +604,7 @@ class ServiceEndpointAzureEcr(pulumi.CustomResource):
             azurecr_subscription_name="subscription name")
         ```
 
-        ### WorkloadIdentityFederation
+        ### Authorize with WorkloadIdentityFederation
 
         ```python
         import pulumi
@@ -655,7 +653,7 @@ class ServiceEndpointAzureEcr(pulumi.CustomResource):
 
         ## Import
 
-        Azure DevOps Service Endpoint Azure Container Registry can be imported using **projectID/serviceEndpointID** or **projectName/serviceEndpointID**
+        Azure DevOps Azure Container Registry Service Endpoint can be imported using **projectID/serviceEndpointID** or **projectName/serviceEndpointID**
 
         ```sh
         $ pulumi import azuredevops:index/serviceEndpointAzureEcr:ServiceEndpointAzureEcr example 00000000-0000-0000-0000-000000000000/00000000-0000-0000-0000-000000000000
@@ -765,7 +763,7 @@ class ServiceEndpointAzureEcr(pulumi.CustomResource):
         :param pulumi.Input[str] azurecr_spn_tenantid: The tenant id of the service principal.
         :param pulumi.Input[str] azurecr_subscription_id: The subscription id of the Azure targets.
         :param pulumi.Input[str] azurecr_subscription_name: The subscription name of the Azure targets.
-        :param pulumi.Input[Union['ServiceEndpointAzureEcrCredentialsArgs', 'ServiceEndpointAzureEcrCredentialsArgsDict']] credentials: A `credentials` block.
+        :param pulumi.Input[Union['ServiceEndpointAzureEcrCredentialsArgs', 'ServiceEndpointAzureEcrCredentialsArgsDict']] credentials: A `credentials` block as defined below.
         :param pulumi.Input[str] project_id: The ID of the project.
         :param pulumi.Input[str] resource_group: The resource group to which the container registry belongs.
         :param pulumi.Input[str] service_endpoint_authentication_scheme: Specifies the type of azurerm endpoint, either `WorkloadIdentityFederation`, `ManagedServiceIdentity` or `ServicePrincipal`. Defaults to `ServicePrincipal` for backwards compatibility. `ManagedServiceIdentity` has not yet been implemented for this resource.
@@ -854,7 +852,7 @@ class ServiceEndpointAzureEcr(pulumi.CustomResource):
     @pulumi.getter
     def credentials(self) -> pulumi.Output[Optional['outputs.ServiceEndpointAzureEcrCredentials']]:
         """
-        A `credentials` block.
+        A `credentials` block as defined below.
         """
         return pulumi.get(self, "credentials")