pulumi-vault 5.21.0a1709368526__py3-none-any.whl → 6.5.0a1736836139__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +52 -0
- pulumi_vault/_inputs.py +560 -0
- pulumi_vault/_utilities.py +41 -5
- pulumi_vault/ad/get_access_credentials.py +26 -9
- pulumi_vault/ad/secret_backend.py +16 -142
- pulumi_vault/ad/secret_library.py +16 -9
- pulumi_vault/ad/secret_role.py +14 -9
- pulumi_vault/alicloud/auth_backend_role.py +76 -190
- pulumi_vault/approle/auth_backend_login.py +12 -7
- pulumi_vault/approle/auth_backend_role.py +77 -191
- pulumi_vault/approle/auth_backend_role_secret_id.py +106 -7
- pulumi_vault/approle/get_auth_backend_role_id.py +18 -5
- pulumi_vault/audit.py +30 -21
- pulumi_vault/audit_request_header.py +11 -2
- pulumi_vault/auth_backend.py +66 -14
- pulumi_vault/aws/auth_backend_cert.py +18 -9
- pulumi_vault/aws/auth_backend_client.py +267 -22
- pulumi_vault/aws/auth_backend_config_identity.py +14 -9
- pulumi_vault/aws/auth_backend_identity_whitelist.py +20 -15
- pulumi_vault/aws/auth_backend_login.py +19 -22
- pulumi_vault/aws/auth_backend_role.py +77 -191
- pulumi_vault/aws/auth_backend_role_tag.py +12 -7
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -13
- pulumi_vault/aws/auth_backend_sts_role.py +14 -9
- pulumi_vault/aws/get_access_credentials.py +38 -9
- pulumi_vault/aws/get_static_access_credentials.py +19 -5
- pulumi_vault/aws/secret_backend.py +77 -9
- pulumi_vault/aws/secret_backend_role.py +185 -9
- pulumi_vault/aws/secret_backend_static_role.py +20 -11
- pulumi_vault/azure/_inputs.py +24 -0
- pulumi_vault/azure/auth_backend_config.py +153 -15
- pulumi_vault/azure/auth_backend_role.py +77 -191
- pulumi_vault/azure/backend.py +227 -21
- pulumi_vault/azure/backend_role.py +42 -37
- pulumi_vault/azure/get_access_credentials.py +41 -7
- pulumi_vault/azure/outputs.py +5 -0
- pulumi_vault/cert_auth_backend_role.py +87 -267
- pulumi_vault/config/__init__.pyi +5 -0
- pulumi_vault/config/_inputs.py +73 -0
- pulumi_vault/config/outputs.py +35 -0
- pulumi_vault/config/ui_custom_message.py +529 -0
- pulumi_vault/config/vars.py +5 -0
- pulumi_vault/consul/secret_backend.py +28 -19
- pulumi_vault/consul/secret_backend_role.py +18 -78
- pulumi_vault/database/_inputs.py +2770 -881
- pulumi_vault/database/outputs.py +721 -838
- pulumi_vault/database/secret_backend_connection.py +119 -112
- pulumi_vault/database/secret_backend_role.py +31 -22
- pulumi_vault/database/secret_backend_static_role.py +87 -13
- pulumi_vault/database/secrets_mount.py +427 -136
- pulumi_vault/egp_policy.py +16 -11
- pulumi_vault/gcp/_inputs.py +111 -0
- pulumi_vault/gcp/auth_backend.py +250 -33
- pulumi_vault/gcp/auth_backend_role.py +77 -269
- pulumi_vault/gcp/get_auth_backend_role.py +43 -5
- pulumi_vault/gcp/outputs.py +5 -0
- pulumi_vault/gcp/secret_backend.py +287 -12
- pulumi_vault/gcp/secret_impersonated_account.py +76 -15
- pulumi_vault/gcp/secret_roleset.py +31 -24
- pulumi_vault/gcp/secret_static_account.py +39 -32
- pulumi_vault/generic/endpoint.py +24 -17
- pulumi_vault/generic/get_secret.py +64 -8
- pulumi_vault/generic/secret.py +21 -16
- pulumi_vault/get_auth_backend.py +24 -7
- pulumi_vault/get_auth_backends.py +51 -9
- pulumi_vault/get_namespace.py +226 -0
- pulumi_vault/get_namespaces.py +153 -0
- pulumi_vault/get_nomad_access_token.py +31 -11
- pulumi_vault/get_policy_document.py +34 -19
- pulumi_vault/get_raft_autopilot_state.py +29 -10
- pulumi_vault/github/_inputs.py +55 -0
- pulumi_vault/github/auth_backend.py +19 -14
- pulumi_vault/github/outputs.py +5 -0
- pulumi_vault/github/team.py +16 -11
- pulumi_vault/github/user.py +16 -11
- pulumi_vault/identity/entity.py +20 -13
- pulumi_vault/identity/entity_alias.py +20 -13
- pulumi_vault/identity/entity_policies.py +28 -11
- pulumi_vault/identity/get_entity.py +42 -10
- pulumi_vault/identity/get_group.py +47 -9
- pulumi_vault/identity/get_oidc_client_creds.py +21 -7
- pulumi_vault/identity/get_oidc_openid_config.py +39 -9
- pulumi_vault/identity/get_oidc_public_keys.py +29 -10
- pulumi_vault/identity/group.py +58 -39
- pulumi_vault/identity/group_alias.py +16 -9
- pulumi_vault/identity/group_member_entity_ids.py +28 -66
- pulumi_vault/identity/group_member_group_ids.py +40 -19
- pulumi_vault/identity/group_policies.py +20 -7
- pulumi_vault/identity/mfa_duo.py +11 -6
- pulumi_vault/identity/mfa_login_enforcement.py +15 -6
- pulumi_vault/identity/mfa_okta.py +11 -6
- pulumi_vault/identity/mfa_pingid.py +7 -2
- pulumi_vault/identity/mfa_totp.py +7 -2
- pulumi_vault/identity/oidc.py +12 -7
- pulumi_vault/identity/oidc_assignment.py +24 -11
- pulumi_vault/identity/oidc_client.py +36 -23
- pulumi_vault/identity/oidc_key.py +30 -17
- pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -15
- pulumi_vault/identity/oidc_provider.py +36 -21
- pulumi_vault/identity/oidc_role.py +42 -21
- pulumi_vault/identity/oidc_scope.py +20 -13
- pulumi_vault/identity/outputs.py +8 -3
- pulumi_vault/jwt/_inputs.py +55 -0
- pulumi_vault/jwt/auth_backend.py +45 -40
- pulumi_vault/jwt/auth_backend_role.py +133 -254
- pulumi_vault/jwt/outputs.py +5 -0
- pulumi_vault/kmip/secret_backend.py +24 -19
- pulumi_vault/kmip/secret_role.py +14 -9
- pulumi_vault/kmip/secret_scope.py +14 -9
- pulumi_vault/kubernetes/auth_backend_config.py +57 -5
- pulumi_vault/kubernetes/auth_backend_role.py +70 -177
- pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
- pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
- pulumi_vault/kubernetes/get_service_account_token.py +39 -11
- pulumi_vault/kubernetes/secret_backend.py +316 -27
- pulumi_vault/kubernetes/secret_backend_role.py +137 -46
- pulumi_vault/kv/_inputs.py +36 -4
- pulumi_vault/kv/get_secret.py +25 -8
- pulumi_vault/kv/get_secret_subkeys_v2.py +33 -10
- pulumi_vault/kv/get_secret_v2.py +85 -9
- pulumi_vault/kv/get_secrets_list.py +24 -11
- pulumi_vault/kv/get_secrets_list_v2.py +37 -15
- pulumi_vault/kv/outputs.py +8 -3
- pulumi_vault/kv/secret.py +23 -16
- pulumi_vault/kv/secret_backend_v2.py +20 -11
- pulumi_vault/kv/secret_v2.py +59 -50
- pulumi_vault/ldap/auth_backend.py +127 -166
- pulumi_vault/ldap/auth_backend_group.py +14 -9
- pulumi_vault/ldap/auth_backend_user.py +14 -9
- pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
- pulumi_vault/ldap/get_static_credentials.py +24 -5
- pulumi_vault/ldap/secret_backend.py +354 -82
- pulumi_vault/ldap/secret_backend_dynamic_role.py +18 -11
- pulumi_vault/ldap/secret_backend_library_set.py +16 -9
- pulumi_vault/ldap/secret_backend_static_role.py +73 -12
- pulumi_vault/managed/_inputs.py +289 -132
- pulumi_vault/managed/keys.py +29 -57
- pulumi_vault/managed/outputs.py +89 -132
- pulumi_vault/mfa_duo.py +18 -11
- pulumi_vault/mfa_okta.py +18 -11
- pulumi_vault/mfa_pingid.py +18 -11
- pulumi_vault/mfa_totp.py +24 -17
- pulumi_vault/mongodbatlas/secret_backend.py +20 -15
- pulumi_vault/mongodbatlas/secret_role.py +47 -38
- pulumi_vault/mount.py +391 -51
- pulumi_vault/namespace.py +68 -83
- pulumi_vault/nomad_secret_backend.py +18 -13
- pulumi_vault/nomad_secret_role.py +14 -9
- pulumi_vault/okta/_inputs.py +47 -8
- pulumi_vault/okta/auth_backend.py +485 -39
- pulumi_vault/okta/auth_backend_group.py +14 -9
- pulumi_vault/okta/auth_backend_user.py +14 -9
- pulumi_vault/okta/outputs.py +13 -8
- pulumi_vault/outputs.py +5 -0
- pulumi_vault/password_policy.py +20 -13
- pulumi_vault/pkisecret/__init__.py +3 -0
- pulumi_vault/pkisecret/_inputs.py +81 -0
- pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
- pulumi_vault/pkisecret/backend_config_est.py +619 -0
- pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
- pulumi_vault/pkisecret/get_backend_issuer.py +67 -9
- pulumi_vault/pkisecret/get_backend_issuers.py +21 -8
- pulumi_vault/pkisecret/get_backend_key.py +24 -9
- pulumi_vault/pkisecret/get_backend_keys.py +21 -8
- pulumi_vault/pkisecret/outputs.py +69 -0
- pulumi_vault/pkisecret/secret_backend_cert.py +18 -11
- pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -11
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +14 -9
- pulumi_vault/pkisecret/secret_backend_config_urls.py +67 -11
- pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -9
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -11
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -17
- pulumi_vault/pkisecret/secret_backend_issuer.py +14 -9
- pulumi_vault/pkisecret/secret_backend_key.py +14 -9
- pulumi_vault/pkisecret/secret_backend_role.py +21 -14
- pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -48
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -56
- pulumi_vault/pkisecret/secret_backend_sign.py +18 -54
- pulumi_vault/plugin.py +595 -0
- pulumi_vault/plugin_pinned_version.py +298 -0
- pulumi_vault/policy.py +14 -9
- pulumi_vault/provider.py +48 -53
- pulumi_vault/pulumi-plugin.json +2 -1
- pulumi_vault/quota_lease_count.py +60 -6
- pulumi_vault/quota_rate_limit.py +56 -2
- pulumi_vault/rabbitmq/_inputs.py +61 -0
- pulumi_vault/rabbitmq/outputs.py +5 -0
- pulumi_vault/rabbitmq/secret_backend.py +18 -13
- pulumi_vault/rabbitmq/secret_backend_role.py +54 -47
- pulumi_vault/raft_autopilot.py +14 -9
- pulumi_vault/raft_snapshot_agent_config.py +129 -224
- pulumi_vault/rgp_policy.py +14 -9
- pulumi_vault/saml/auth_backend.py +22 -17
- pulumi_vault/saml/auth_backend_role.py +92 -197
- pulumi_vault/secrets/__init__.py +3 -0
- pulumi_vault/secrets/_inputs.py +110 -0
- pulumi_vault/secrets/outputs.py +94 -0
- pulumi_vault/secrets/sync_association.py +56 -71
- pulumi_vault/secrets/sync_aws_destination.py +242 -27
- pulumi_vault/secrets/sync_azure_destination.py +92 -31
- pulumi_vault/secrets/sync_config.py +9 -4
- pulumi_vault/secrets/sync_gcp_destination.py +158 -25
- pulumi_vault/secrets/sync_gh_destination.py +189 -13
- pulumi_vault/secrets/sync_github_apps.py +375 -0
- pulumi_vault/secrets/sync_vercel_destination.py +74 -13
- pulumi_vault/ssh/_inputs.py +28 -28
- pulumi_vault/ssh/outputs.py +11 -28
- pulumi_vault/ssh/secret_backend_ca.py +108 -9
- pulumi_vault/ssh/secret_backend_role.py +85 -118
- pulumi_vault/terraformcloud/secret_backend.py +7 -54
- pulumi_vault/terraformcloud/secret_creds.py +14 -20
- pulumi_vault/terraformcloud/secret_role.py +16 -74
- pulumi_vault/token.py +28 -23
- pulumi_vault/tokenauth/auth_backend_role.py +78 -199
- pulumi_vault/transform/alphabet.py +16 -9
- pulumi_vault/transform/get_decode.py +45 -17
- pulumi_vault/transform/get_encode.py +45 -17
- pulumi_vault/transform/role.py +16 -9
- pulumi_vault/transform/template.py +30 -21
- pulumi_vault/transform/transformation.py +12 -7
- pulumi_vault/transit/get_decrypt.py +26 -21
- pulumi_vault/transit/get_encrypt.py +24 -19
- pulumi_vault/transit/secret_backend_key.py +27 -93
- pulumi_vault/transit/secret_cache_config.py +12 -7
- {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/METADATA +8 -7
- pulumi_vault-6.5.0a1736836139.dist-info/RECORD +256 -0
- {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/WHEEL +1 -1
- pulumi_vault-5.21.0a1709368526.dist-info/RECORD +0 -244
- {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/top_level.txt +0 -0
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
|
12
17
|
__all__ = ['AuthBackendRoletagBlacklistArgs', 'AuthBackendRoletagBlacklist']
|
@@ -26,7 +31,7 @@ class AuthBackendRoletagBlacklistArgs:
|
|
26
31
|
tidying of the roletag blacklist entries. Defaults to false.
|
27
32
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
28
33
|
The value should not contain leading or trailing forward slashes.
|
29
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
34
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
30
35
|
*Available only for Vault Enterprise*.
|
31
36
|
:param pulumi.Input[int] safety_buffer: The amount of extra time that must have passed
|
32
37
|
beyond the roletag expiration, before it is removed from the backend storage.
|
@@ -72,7 +77,7 @@ class AuthBackendRoletagBlacklistArgs:
|
|
72
77
|
"""
|
73
78
|
The namespace to provision the resource in.
|
74
79
|
The value should not contain leading or trailing forward slashes.
|
75
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
80
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
76
81
|
*Available only for Vault Enterprise*.
|
77
82
|
"""
|
78
83
|
return pulumi.get(self, "namespace")
|
@@ -111,7 +116,7 @@ class _AuthBackendRoletagBlacklistState:
|
|
111
116
|
tidying of the roletag blacklist entries. Defaults to false.
|
112
117
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
113
118
|
The value should not contain leading or trailing forward slashes.
|
114
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
119
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
115
120
|
*Available only for Vault Enterprise*.
|
116
121
|
:param pulumi.Input[int] safety_buffer: The amount of extra time that must have passed
|
117
122
|
beyond the roletag expiration, before it is removed from the backend storage.
|
@@ -158,7 +163,7 @@ class _AuthBackendRoletagBlacklistState:
|
|
158
163
|
"""
|
159
164
|
The namespace to provision the resource in.
|
160
165
|
The value should not contain leading or trailing forward slashes.
|
161
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
166
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
162
167
|
*Available only for Vault Enterprise*.
|
163
168
|
"""
|
164
169
|
return pulumi.get(self, "namespace")
|
@@ -201,9 +206,9 @@ class AuthBackendRoletagBlacklist(pulumi.CustomResource):
|
|
201
206
|
import pulumi
|
202
207
|
import pulumi_vault as vault
|
203
208
|
|
204
|
-
|
205
|
-
example_auth_backend_roletag_blacklist = vault.aws.AuthBackendRoletagBlacklist("
|
206
|
-
backend=
|
209
|
+
example = vault.AuthBackend("example", type="aws")
|
210
|
+
example_auth_backend_roletag_blacklist = vault.aws.AuthBackendRoletagBlacklist("example",
|
211
|
+
backend=example.path,
|
207
212
|
safety_buffer=360)
|
208
213
|
```
|
209
214
|
|
@@ -215,7 +220,7 @@ class AuthBackendRoletagBlacklist(pulumi.CustomResource):
|
|
215
220
|
tidying of the roletag blacklist entries. Defaults to false.
|
216
221
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
217
222
|
The value should not contain leading or trailing forward slashes.
|
218
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
223
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
219
224
|
*Available only for Vault Enterprise*.
|
220
225
|
:param pulumi.Input[int] safety_buffer: The amount of extra time that must have passed
|
221
226
|
beyond the roletag expiration, before it is removed from the backend storage.
|
@@ -236,9 +241,9 @@ class AuthBackendRoletagBlacklist(pulumi.CustomResource):
|
|
236
241
|
import pulumi
|
237
242
|
import pulumi_vault as vault
|
238
243
|
|
239
|
-
|
240
|
-
example_auth_backend_roletag_blacklist = vault.aws.AuthBackendRoletagBlacklist("
|
241
|
-
backend=
|
244
|
+
example = vault.AuthBackend("example", type="aws")
|
245
|
+
example_auth_backend_roletag_blacklist = vault.aws.AuthBackendRoletagBlacklist("example",
|
246
|
+
backend=example.path,
|
242
247
|
safety_buffer=360)
|
243
248
|
```
|
244
249
|
|
@@ -303,7 +308,7 @@ class AuthBackendRoletagBlacklist(pulumi.CustomResource):
|
|
303
308
|
tidying of the roletag blacklist entries. Defaults to false.
|
304
309
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
305
310
|
The value should not contain leading or trailing forward slashes.
|
306
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
311
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
307
312
|
*Available only for Vault Enterprise*.
|
308
313
|
:param pulumi.Input[int] safety_buffer: The amount of extra time that must have passed
|
309
314
|
beyond the roletag expiration, before it is removed from the backend storage.
|
@@ -343,7 +348,7 @@ class AuthBackendRoletagBlacklist(pulumi.CustomResource):
|
|
343
348
|
"""
|
344
349
|
The namespace to provision the resource in.
|
345
350
|
The value should not contain leading or trailing forward slashes.
|
346
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
351
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
347
352
|
*Available only for Vault Enterprise*.
|
348
353
|
"""
|
349
354
|
return pulumi.get(self, "namespace")
|
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
|
12
17
|
__all__ = ['AuthBackendStsRoleArgs', 'AuthBackendStsRole']
|
@@ -27,7 +32,7 @@ class AuthBackendStsRoleArgs:
|
|
27
32
|
mounted at. Defaults to `aws`.
|
28
33
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
29
34
|
The value should not contain leading or trailing forward slashes.
|
30
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
35
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
31
36
|
*Available only for Vault Enterprise*.
|
32
37
|
"""
|
33
38
|
pulumi.set(__self__, "account_id", account_id)
|
@@ -81,7 +86,7 @@ class AuthBackendStsRoleArgs:
|
|
81
86
|
"""
|
82
87
|
The namespace to provision the resource in.
|
83
88
|
The value should not contain leading or trailing forward slashes.
|
84
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
89
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
85
90
|
*Available only for Vault Enterprise*.
|
86
91
|
"""
|
87
92
|
return pulumi.get(self, "namespace")
|
@@ -105,7 +110,7 @@ class _AuthBackendStsRoleState:
|
|
105
110
|
mounted at. Defaults to `aws`.
|
106
111
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
107
112
|
The value should not contain leading or trailing forward slashes.
|
108
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
113
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
109
114
|
*Available only for Vault Enterprise*.
|
110
115
|
:param pulumi.Input[str] sts_role: The STS role to assume when verifying requests made
|
111
116
|
by EC2 instances in the account specified by `account_id`.
|
@@ -150,7 +155,7 @@ class _AuthBackendStsRoleState:
|
|
150
155
|
"""
|
151
156
|
The namespace to provision the resource in.
|
152
157
|
The value should not contain leading or trailing forward slashes.
|
153
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
158
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
154
159
|
*Available only for Vault Enterprise*.
|
155
160
|
"""
|
156
161
|
return pulumi.get(self, "namespace")
|
@@ -202,7 +207,7 @@ class AuthBackendStsRole(pulumi.CustomResource):
|
|
202
207
|
AWS auth backend STS roles can be imported using `auth/`, the `backend` path, `/config/sts/`, and the `account_id` e.g.
|
203
208
|
|
204
209
|
```sh
|
205
|
-
|
210
|
+
$ pulumi import vault:aws/authBackendStsRole:AuthBackendStsRole example auth/aws/config/sts/1234567890
|
206
211
|
```
|
207
212
|
|
208
213
|
:param str resource_name: The name of the resource.
|
@@ -212,7 +217,7 @@ class AuthBackendStsRole(pulumi.CustomResource):
|
|
212
217
|
mounted at. Defaults to `aws`.
|
213
218
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
214
219
|
The value should not contain leading or trailing forward slashes.
|
215
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
220
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
216
221
|
*Available only for Vault Enterprise*.
|
217
222
|
:param pulumi.Input[str] sts_role: The STS role to assume when verifying requests made
|
218
223
|
by EC2 instances in the account specified by `account_id`.
|
@@ -242,7 +247,7 @@ class AuthBackendStsRole(pulumi.CustomResource):
|
|
242
247
|
AWS auth backend STS roles can be imported using `auth/`, the `backend` path, `/config/sts/`, and the `account_id` e.g.
|
243
248
|
|
244
249
|
```sh
|
245
|
-
|
250
|
+
$ pulumi import vault:aws/authBackendStsRole:AuthBackendStsRole example auth/aws/config/sts/1234567890
|
246
251
|
```
|
247
252
|
|
248
253
|
:param str resource_name: The name of the resource.
|
@@ -307,7 +312,7 @@ class AuthBackendStsRole(pulumi.CustomResource):
|
|
307
312
|
mounted at. Defaults to `aws`.
|
308
313
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
309
314
|
The value should not contain leading or trailing forward slashes.
|
310
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
315
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
311
316
|
*Available only for Vault Enterprise*.
|
312
317
|
:param pulumi.Input[str] sts_role: The STS role to assume when verifying requests made
|
313
318
|
by EC2 instances in the account specified by `account_id`.
|
@@ -345,7 +350,7 @@ class AuthBackendStsRole(pulumi.CustomResource):
|
|
345
350
|
"""
|
346
351
|
The namespace to provision the resource in.
|
347
352
|
The value should not contain leading or trailing forward slashes.
|
348
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
353
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
349
354
|
*Available only for Vault Enterprise*.
|
350
355
|
"""
|
351
356
|
return pulumi.get(self, "namespace")
|
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
|
12
17
|
__all__ = [
|
@@ -196,13 +201,14 @@ def get_access_credentials(backend: Optional[str] = None,
|
|
196
201
|
type: Optional[str] = None,
|
197
202
|
opts: Optional[pulumi.InvokeOptions] = None) -> AwaitableGetAccessCredentialsResult:
|
198
203
|
"""
|
199
|
-
|
204
|
+
## Example Usage
|
205
|
+
|
200
206
|
|
201
207
|
:param str backend: The path to the AWS secret backend to
|
202
208
|
read credentials from, with no leading or trailing `/`s.
|
203
209
|
:param str namespace: The namespace of the target resource.
|
204
210
|
The value should not contain leading or trailing forward slashes.
|
205
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
211
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
206
212
|
*Available only for Vault Enterprise*.
|
207
213
|
:param str region: The region the read credentials belong to.
|
208
214
|
:param str role: The name of the AWS secret backend role to read
|
@@ -245,9 +251,6 @@ def get_access_credentials(backend: Optional[str] = None,
|
|
245
251
|
security_token=pulumi.get(__ret__, 'security_token'),
|
246
252
|
ttl=pulumi.get(__ret__, 'ttl'),
|
247
253
|
type=pulumi.get(__ret__, 'type'))
|
248
|
-
|
249
|
-
|
250
|
-
@_utilities.lift_output_func(get_access_credentials)
|
251
254
|
def get_access_credentials_output(backend: Optional[pulumi.Input[str]] = None,
|
252
255
|
namespace: Optional[pulumi.Input[Optional[str]]] = None,
|
253
256
|
region: Optional[pulumi.Input[Optional[str]]] = None,
|
@@ -255,15 +258,16 @@ def get_access_credentials_output(backend: Optional[pulumi.Input[str]] = None,
|
|
255
258
|
role_arn: Optional[pulumi.Input[Optional[str]]] = None,
|
256
259
|
ttl: Optional[pulumi.Input[Optional[str]]] = None,
|
257
260
|
type: Optional[pulumi.Input[Optional[str]]] = None,
|
258
|
-
opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetAccessCredentialsResult]:
|
261
|
+
opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetAccessCredentialsResult]:
|
259
262
|
"""
|
260
|
-
|
263
|
+
## Example Usage
|
264
|
+
|
261
265
|
|
262
266
|
:param str backend: The path to the AWS secret backend to
|
263
267
|
read credentials from, with no leading or trailing `/`s.
|
264
268
|
:param str namespace: The namespace of the target resource.
|
265
269
|
The value should not contain leading or trailing forward slashes.
|
266
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
270
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
267
271
|
*Available only for Vault Enterprise*.
|
268
272
|
:param str region: The region the read credentials belong to.
|
269
273
|
:param str role: The name of the AWS secret backend role to read
|
@@ -279,4 +283,29 @@ def get_access_credentials_output(backend: Optional[pulumi.Input[str]] = None,
|
|
279
283
|
Key. Can also be set to `"sts"`, which will return a security token
|
280
284
|
in addition to the keys.
|
281
285
|
"""
|
282
|
-
|
286
|
+
__args__ = dict()
|
287
|
+
__args__['backend'] = backend
|
288
|
+
__args__['namespace'] = namespace
|
289
|
+
__args__['region'] = region
|
290
|
+
__args__['role'] = role
|
291
|
+
__args__['roleArn'] = role_arn
|
292
|
+
__args__['ttl'] = ttl
|
293
|
+
__args__['type'] = type
|
294
|
+
opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts)
|
295
|
+
__ret__ = pulumi.runtime.invoke_output('vault:aws/getAccessCredentials:getAccessCredentials', __args__, opts=opts, typ=GetAccessCredentialsResult)
|
296
|
+
return __ret__.apply(lambda __response__: GetAccessCredentialsResult(
|
297
|
+
access_key=pulumi.get(__response__, 'access_key'),
|
298
|
+
backend=pulumi.get(__response__, 'backend'),
|
299
|
+
id=pulumi.get(__response__, 'id'),
|
300
|
+
lease_duration=pulumi.get(__response__, 'lease_duration'),
|
301
|
+
lease_id=pulumi.get(__response__, 'lease_id'),
|
302
|
+
lease_renewable=pulumi.get(__response__, 'lease_renewable'),
|
303
|
+
lease_start_time=pulumi.get(__response__, 'lease_start_time'),
|
304
|
+
namespace=pulumi.get(__response__, 'namespace'),
|
305
|
+
region=pulumi.get(__response__, 'region'),
|
306
|
+
role=pulumi.get(__response__, 'role'),
|
307
|
+
role_arn=pulumi.get(__response__, 'role_arn'),
|
308
|
+
secret_key=pulumi.get(__response__, 'secret_key'),
|
309
|
+
security_token=pulumi.get(__response__, 'security_token'),
|
310
|
+
ttl=pulumi.get(__response__, 'ttl'),
|
311
|
+
type=pulumi.get(__response__, 'type')))
|
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
|
12
17
|
__all__ = [
|
@@ -110,14 +115,23 @@ def get_static_access_credentials(backend: Optional[str] = None,
|
|
110
115
|
name=pulumi.get(__ret__, 'name'),
|
111
116
|
namespace=pulumi.get(__ret__, 'namespace'),
|
112
117
|
secret_key=pulumi.get(__ret__, 'secret_key'))
|
113
|
-
|
114
|
-
|
115
|
-
@_utilities.lift_output_func(get_static_access_credentials)
|
116
118
|
def get_static_access_credentials_output(backend: Optional[pulumi.Input[str]] = None,
|
117
119
|
name: Optional[pulumi.Input[str]] = None,
|
118
120
|
namespace: Optional[pulumi.Input[Optional[str]]] = None,
|
119
|
-
opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetStaticAccessCredentialsResult]:
|
121
|
+
opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetStaticAccessCredentialsResult]:
|
120
122
|
"""
|
121
123
|
Use this data source to access information about an existing resource.
|
122
124
|
"""
|
123
|
-
|
125
|
+
__args__ = dict()
|
126
|
+
__args__['backend'] = backend
|
127
|
+
__args__['name'] = name
|
128
|
+
__args__['namespace'] = namespace
|
129
|
+
opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts)
|
130
|
+
__ret__ = pulumi.runtime.invoke_output('vault:aws/getStaticAccessCredentials:getStaticAccessCredentials', __args__, opts=opts, typ=GetStaticAccessCredentialsResult)
|
131
|
+
return __ret__.apply(lambda __response__: GetStaticAccessCredentialsResult(
|
132
|
+
access_key=pulumi.get(__response__, 'access_key'),
|
133
|
+
backend=pulumi.get(__response__, 'backend'),
|
134
|
+
id=pulumi.get(__response__, 'id'),
|
135
|
+
name=pulumi.get(__response__, 'name'),
|
136
|
+
namespace=pulumi.get(__response__, 'namespace'),
|
137
|
+
secret_key=pulumi.get(__response__, 'secret_key')))
|
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
|
12
17
|
__all__ = ['SecretBackendArgs', 'SecretBackend']
|
@@ -49,12 +54,21 @@ class SecretBackendArgs:
|
|
49
54
|
for credentials issued by this backend.
|
50
55
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
51
56
|
The value should not contain leading or trailing forward slashes.
|
52
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
57
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
53
58
|
*Available only for Vault Enterprise*.
|
54
59
|
:param pulumi.Input[str] path: The unique path this backend should be mounted at. Must
|
55
60
|
not begin or end with a `/`. Defaults to `aws`.
|
56
61
|
:param pulumi.Input[str] region: The AWS region to make API calls against. Defaults to us-east-1.
|
57
62
|
:param pulumi.Input[str] role_arn: Role ARN to assume for plugin identity token federation. Requires Vault 1.16+.
|
63
|
+
|
64
|
+
```
|
65
|
+
{{ if (eq .Type "STS") }}
|
66
|
+
{{ printf "vault-%s-%s" (unix_time) (random 20) | truncate 32 }}
|
67
|
+
{{ else }}
|
68
|
+
{{ printf "vault-%s-%s-%s" (printf "%s-%s" (.DisplayName) (.PolicyName) | truncate 42) (unix_time) (random 20) | truncate 64 }}
|
69
|
+
{{ end }}
|
70
|
+
|
71
|
+
```
|
58
72
|
:param pulumi.Input[str] secret_key: The AWS Secret Access Key to use when generating new credentials.
|
59
73
|
:param pulumi.Input[str] sts_endpoint: Specifies a custom HTTP STS endpoint to use.
|
60
74
|
:param pulumi.Input[str] username_template: Template describing how dynamic usernames are generated. The username template is used to generate both IAM usernames (capped at 64 characters) and STS usernames (capped at 32 characters). If no template is provided the field defaults to the template:
|
@@ -224,7 +238,7 @@ class SecretBackendArgs:
|
|
224
238
|
"""
|
225
239
|
The namespace to provision the resource in.
|
226
240
|
The value should not contain leading or trailing forward slashes.
|
227
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
241
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
228
242
|
*Available only for Vault Enterprise*.
|
229
243
|
"""
|
230
244
|
return pulumi.get(self, "namespace")
|
@@ -263,6 +277,15 @@ class SecretBackendArgs:
|
|
263
277
|
def role_arn(self) -> Optional[pulumi.Input[str]]:
|
264
278
|
"""
|
265
279
|
Role ARN to assume for plugin identity token federation. Requires Vault 1.16+.
|
280
|
+
|
281
|
+
```
|
282
|
+
{{ if (eq .Type "STS") }}
|
283
|
+
{{ printf "vault-%s-%s" (unix_time) (random 20) | truncate 32 }}
|
284
|
+
{{ else }}
|
285
|
+
{{ printf "vault-%s-%s-%s" (printf "%s-%s" (.DisplayName) (.PolicyName) | truncate 42) (unix_time) (random 20) | truncate 64 }}
|
286
|
+
{{ end }}
|
287
|
+
|
288
|
+
```
|
266
289
|
"""
|
267
290
|
return pulumi.get(self, "role_arn")
|
268
291
|
|
@@ -345,12 +368,21 @@ class _SecretBackendState:
|
|
345
368
|
for credentials issued by this backend.
|
346
369
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
347
370
|
The value should not contain leading or trailing forward slashes.
|
348
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
371
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
349
372
|
*Available only for Vault Enterprise*.
|
350
373
|
:param pulumi.Input[str] path: The unique path this backend should be mounted at. Must
|
351
374
|
not begin or end with a `/`. Defaults to `aws`.
|
352
375
|
:param pulumi.Input[str] region: The AWS region to make API calls against. Defaults to us-east-1.
|
353
376
|
:param pulumi.Input[str] role_arn: Role ARN to assume for plugin identity token federation. Requires Vault 1.16+.
|
377
|
+
|
378
|
+
```
|
379
|
+
{{ if (eq .Type "STS") }}
|
380
|
+
{{ printf "vault-%s-%s" (unix_time) (random 20) | truncate 32 }}
|
381
|
+
{{ else }}
|
382
|
+
{{ printf "vault-%s-%s-%s" (printf "%s-%s" (.DisplayName) (.PolicyName) | truncate 42) (unix_time) (random 20) | truncate 64 }}
|
383
|
+
{{ end }}
|
384
|
+
|
385
|
+
```
|
354
386
|
:param pulumi.Input[str] secret_key: The AWS Secret Access Key to use when generating new credentials.
|
355
387
|
:param pulumi.Input[str] sts_endpoint: Specifies a custom HTTP STS endpoint to use.
|
356
388
|
:param pulumi.Input[str] username_template: Template describing how dynamic usernames are generated. The username template is used to generate both IAM usernames (capped at 64 characters) and STS usernames (capped at 32 characters). If no template is provided the field defaults to the template:
|
@@ -520,7 +552,7 @@ class _SecretBackendState:
|
|
520
552
|
"""
|
521
553
|
The namespace to provision the resource in.
|
522
554
|
The value should not contain leading or trailing forward slashes.
|
523
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
555
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
524
556
|
*Available only for Vault Enterprise*.
|
525
557
|
"""
|
526
558
|
return pulumi.get(self, "namespace")
|
@@ -559,6 +591,15 @@ class _SecretBackendState:
|
|
559
591
|
def role_arn(self) -> Optional[pulumi.Input[str]]:
|
560
592
|
"""
|
561
593
|
Role ARN to assume for plugin identity token federation. Requires Vault 1.16+.
|
594
|
+
|
595
|
+
```
|
596
|
+
{{ if (eq .Type "STS") }}
|
597
|
+
{{ printf "vault-%s-%s" (unix_time) (random 20) | truncate 32 }}
|
598
|
+
{{ else }}
|
599
|
+
{{ printf "vault-%s-%s-%s" (printf "%s-%s" (.DisplayName) (.PolicyName) | truncate 42) (unix_time) (random 20) | truncate 64 }}
|
600
|
+
{{ end }}
|
601
|
+
|
602
|
+
```
|
562
603
|
"""
|
563
604
|
return pulumi.get(self, "role_arn")
|
564
605
|
|
@@ -632,7 +673,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
632
673
|
AWS secret backends can be imported using the `path`, e.g.
|
633
674
|
|
634
675
|
```sh
|
635
|
-
|
676
|
+
$ pulumi import vault:aws/secretBackend:SecretBackend aws aws
|
636
677
|
```
|
637
678
|
|
638
679
|
:param str resource_name: The name of the resource.
|
@@ -653,12 +694,21 @@ class SecretBackend(pulumi.CustomResource):
|
|
653
694
|
for credentials issued by this backend.
|
654
695
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
655
696
|
The value should not contain leading or trailing forward slashes.
|
656
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
697
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
657
698
|
*Available only for Vault Enterprise*.
|
658
699
|
:param pulumi.Input[str] path: The unique path this backend should be mounted at. Must
|
659
700
|
not begin or end with a `/`. Defaults to `aws`.
|
660
701
|
:param pulumi.Input[str] region: The AWS region to make API calls against. Defaults to us-east-1.
|
661
702
|
:param pulumi.Input[str] role_arn: Role ARN to assume for plugin identity token federation. Requires Vault 1.16+.
|
703
|
+
|
704
|
+
```
|
705
|
+
{{ if (eq .Type "STS") }}
|
706
|
+
{{ printf "vault-%s-%s" (unix_time) (random 20) | truncate 32 }}
|
707
|
+
{{ else }}
|
708
|
+
{{ printf "vault-%s-%s-%s" (printf "%s-%s" (.DisplayName) (.PolicyName) | truncate 42) (unix_time) (random 20) | truncate 64 }}
|
709
|
+
{{ end }}
|
710
|
+
|
711
|
+
```
|
662
712
|
:param pulumi.Input[str] secret_key: The AWS Secret Access Key to use when generating new credentials.
|
663
713
|
:param pulumi.Input[str] sts_endpoint: Specifies a custom HTTP STS endpoint to use.
|
664
714
|
:param pulumi.Input[str] username_template: Template describing how dynamic usernames are generated. The username template is used to generate both IAM usernames (capped at 64 characters) and STS usernames (capped at 32 characters). If no template is provided the field defaults to the template:
|
@@ -675,7 +725,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
675
725
|
AWS secret backends can be imported using the `path`, e.g.
|
676
726
|
|
677
727
|
```sh
|
678
|
-
|
728
|
+
$ pulumi import vault:aws/secretBackend:SecretBackend aws aws
|
679
729
|
```
|
680
730
|
|
681
731
|
:param str resource_name: The name of the resource.
|
@@ -788,12 +838,21 @@ class SecretBackend(pulumi.CustomResource):
|
|
788
838
|
for credentials issued by this backend.
|
789
839
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
790
840
|
The value should not contain leading or trailing forward slashes.
|
791
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
841
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
792
842
|
*Available only for Vault Enterprise*.
|
793
843
|
:param pulumi.Input[str] path: The unique path this backend should be mounted at. Must
|
794
844
|
not begin or end with a `/`. Defaults to `aws`.
|
795
845
|
:param pulumi.Input[str] region: The AWS region to make API calls against. Defaults to us-east-1.
|
796
846
|
:param pulumi.Input[str] role_arn: Role ARN to assume for plugin identity token federation. Requires Vault 1.16+.
|
847
|
+
|
848
|
+
```
|
849
|
+
{{ if (eq .Type "STS") }}
|
850
|
+
{{ printf "vault-%s-%s" (unix_time) (random 20) | truncate 32 }}
|
851
|
+
{{ else }}
|
852
|
+
{{ printf "vault-%s-%s-%s" (printf "%s-%s" (.DisplayName) (.PolicyName) | truncate 42) (unix_time) (random 20) | truncate 64 }}
|
853
|
+
{{ end }}
|
854
|
+
|
855
|
+
```
|
797
856
|
:param pulumi.Input[str] secret_key: The AWS Secret Access Key to use when generating new credentials.
|
798
857
|
:param pulumi.Input[str] sts_endpoint: Specifies a custom HTTP STS endpoint to use.
|
799
858
|
:param pulumi.Input[str] username_template: Template describing how dynamic usernames are generated. The username template is used to generate both IAM usernames (capped at 64 characters) and STS usernames (capped at 32 characters). If no template is provided the field defaults to the template:
|
@@ -911,7 +970,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
911
970
|
"""
|
912
971
|
The namespace to provision the resource in.
|
913
972
|
The value should not contain leading or trailing forward slashes.
|
914
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
973
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
915
974
|
*Available only for Vault Enterprise*.
|
916
975
|
"""
|
917
976
|
return pulumi.get(self, "namespace")
|
@@ -938,6 +997,15 @@ class SecretBackend(pulumi.CustomResource):
|
|
938
997
|
def role_arn(self) -> pulumi.Output[Optional[str]]:
|
939
998
|
"""
|
940
999
|
Role ARN to assume for plugin identity token federation. Requires Vault 1.16+.
|
1000
|
+
|
1001
|
+
```
|
1002
|
+
{{ if (eq .Type "STS") }}
|
1003
|
+
{{ printf "vault-%s-%s" (unix_time) (random 20) | truncate 32 }}
|
1004
|
+
{{ else }}
|
1005
|
+
{{ printf "vault-%s-%s-%s" (printf "%s-%s" (.DisplayName) (.PolicyName) | truncate 42) (unix_time) (random 20) | truncate 64 }}
|
1006
|
+
{{ end }}
|
1007
|
+
|
1008
|
+
```
|
941
1009
|
"""
|
942
1010
|
return pulumi.get(self, "role_arn")
|
943
1011
|
|