pulumi-vault 5.21.0a1709368526__py3-none-any.whl → 6.5.0a1736836139__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +52 -0
- pulumi_vault/_inputs.py +560 -0
- pulumi_vault/_utilities.py +41 -5
- pulumi_vault/ad/get_access_credentials.py +26 -9
- pulumi_vault/ad/secret_backend.py +16 -142
- pulumi_vault/ad/secret_library.py +16 -9
- pulumi_vault/ad/secret_role.py +14 -9
- pulumi_vault/alicloud/auth_backend_role.py +76 -190
- pulumi_vault/approle/auth_backend_login.py +12 -7
- pulumi_vault/approle/auth_backend_role.py +77 -191
- pulumi_vault/approle/auth_backend_role_secret_id.py +106 -7
- pulumi_vault/approle/get_auth_backend_role_id.py +18 -5
- pulumi_vault/audit.py +30 -21
- pulumi_vault/audit_request_header.py +11 -2
- pulumi_vault/auth_backend.py +66 -14
- pulumi_vault/aws/auth_backend_cert.py +18 -9
- pulumi_vault/aws/auth_backend_client.py +267 -22
- pulumi_vault/aws/auth_backend_config_identity.py +14 -9
- pulumi_vault/aws/auth_backend_identity_whitelist.py +20 -15
- pulumi_vault/aws/auth_backend_login.py +19 -22
- pulumi_vault/aws/auth_backend_role.py +77 -191
- pulumi_vault/aws/auth_backend_role_tag.py +12 -7
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -13
- pulumi_vault/aws/auth_backend_sts_role.py +14 -9
- pulumi_vault/aws/get_access_credentials.py +38 -9
- pulumi_vault/aws/get_static_access_credentials.py +19 -5
- pulumi_vault/aws/secret_backend.py +77 -9
- pulumi_vault/aws/secret_backend_role.py +185 -9
- pulumi_vault/aws/secret_backend_static_role.py +20 -11
- pulumi_vault/azure/_inputs.py +24 -0
- pulumi_vault/azure/auth_backend_config.py +153 -15
- pulumi_vault/azure/auth_backend_role.py +77 -191
- pulumi_vault/azure/backend.py +227 -21
- pulumi_vault/azure/backend_role.py +42 -37
- pulumi_vault/azure/get_access_credentials.py +41 -7
- pulumi_vault/azure/outputs.py +5 -0
- pulumi_vault/cert_auth_backend_role.py +87 -267
- pulumi_vault/config/__init__.pyi +5 -0
- pulumi_vault/config/_inputs.py +73 -0
- pulumi_vault/config/outputs.py +35 -0
- pulumi_vault/config/ui_custom_message.py +529 -0
- pulumi_vault/config/vars.py +5 -0
- pulumi_vault/consul/secret_backend.py +28 -19
- pulumi_vault/consul/secret_backend_role.py +18 -78
- pulumi_vault/database/_inputs.py +2770 -881
- pulumi_vault/database/outputs.py +721 -838
- pulumi_vault/database/secret_backend_connection.py +119 -112
- pulumi_vault/database/secret_backend_role.py +31 -22
- pulumi_vault/database/secret_backend_static_role.py +87 -13
- pulumi_vault/database/secrets_mount.py +427 -136
- pulumi_vault/egp_policy.py +16 -11
- pulumi_vault/gcp/_inputs.py +111 -0
- pulumi_vault/gcp/auth_backend.py +250 -33
- pulumi_vault/gcp/auth_backend_role.py +77 -269
- pulumi_vault/gcp/get_auth_backend_role.py +43 -5
- pulumi_vault/gcp/outputs.py +5 -0
- pulumi_vault/gcp/secret_backend.py +287 -12
- pulumi_vault/gcp/secret_impersonated_account.py +76 -15
- pulumi_vault/gcp/secret_roleset.py +31 -24
- pulumi_vault/gcp/secret_static_account.py +39 -32
- pulumi_vault/generic/endpoint.py +24 -17
- pulumi_vault/generic/get_secret.py +64 -8
- pulumi_vault/generic/secret.py +21 -16
- pulumi_vault/get_auth_backend.py +24 -7
- pulumi_vault/get_auth_backends.py +51 -9
- pulumi_vault/get_namespace.py +226 -0
- pulumi_vault/get_namespaces.py +153 -0
- pulumi_vault/get_nomad_access_token.py +31 -11
- pulumi_vault/get_policy_document.py +34 -19
- pulumi_vault/get_raft_autopilot_state.py +29 -10
- pulumi_vault/github/_inputs.py +55 -0
- pulumi_vault/github/auth_backend.py +19 -14
- pulumi_vault/github/outputs.py +5 -0
- pulumi_vault/github/team.py +16 -11
- pulumi_vault/github/user.py +16 -11
- pulumi_vault/identity/entity.py +20 -13
- pulumi_vault/identity/entity_alias.py +20 -13
- pulumi_vault/identity/entity_policies.py +28 -11
- pulumi_vault/identity/get_entity.py +42 -10
- pulumi_vault/identity/get_group.py +47 -9
- pulumi_vault/identity/get_oidc_client_creds.py +21 -7
- pulumi_vault/identity/get_oidc_openid_config.py +39 -9
- pulumi_vault/identity/get_oidc_public_keys.py +29 -10
- pulumi_vault/identity/group.py +58 -39
- pulumi_vault/identity/group_alias.py +16 -9
- pulumi_vault/identity/group_member_entity_ids.py +28 -66
- pulumi_vault/identity/group_member_group_ids.py +40 -19
- pulumi_vault/identity/group_policies.py +20 -7
- pulumi_vault/identity/mfa_duo.py +11 -6
- pulumi_vault/identity/mfa_login_enforcement.py +15 -6
- pulumi_vault/identity/mfa_okta.py +11 -6
- pulumi_vault/identity/mfa_pingid.py +7 -2
- pulumi_vault/identity/mfa_totp.py +7 -2
- pulumi_vault/identity/oidc.py +12 -7
- pulumi_vault/identity/oidc_assignment.py +24 -11
- pulumi_vault/identity/oidc_client.py +36 -23
- pulumi_vault/identity/oidc_key.py +30 -17
- pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -15
- pulumi_vault/identity/oidc_provider.py +36 -21
- pulumi_vault/identity/oidc_role.py +42 -21
- pulumi_vault/identity/oidc_scope.py +20 -13
- pulumi_vault/identity/outputs.py +8 -3
- pulumi_vault/jwt/_inputs.py +55 -0
- pulumi_vault/jwt/auth_backend.py +45 -40
- pulumi_vault/jwt/auth_backend_role.py +133 -254
- pulumi_vault/jwt/outputs.py +5 -0
- pulumi_vault/kmip/secret_backend.py +24 -19
- pulumi_vault/kmip/secret_role.py +14 -9
- pulumi_vault/kmip/secret_scope.py +14 -9
- pulumi_vault/kubernetes/auth_backend_config.py +57 -5
- pulumi_vault/kubernetes/auth_backend_role.py +70 -177
- pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
- pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
- pulumi_vault/kubernetes/get_service_account_token.py +39 -11
- pulumi_vault/kubernetes/secret_backend.py +316 -27
- pulumi_vault/kubernetes/secret_backend_role.py +137 -46
- pulumi_vault/kv/_inputs.py +36 -4
- pulumi_vault/kv/get_secret.py +25 -8
- pulumi_vault/kv/get_secret_subkeys_v2.py +33 -10
- pulumi_vault/kv/get_secret_v2.py +85 -9
- pulumi_vault/kv/get_secrets_list.py +24 -11
- pulumi_vault/kv/get_secrets_list_v2.py +37 -15
- pulumi_vault/kv/outputs.py +8 -3
- pulumi_vault/kv/secret.py +23 -16
- pulumi_vault/kv/secret_backend_v2.py +20 -11
- pulumi_vault/kv/secret_v2.py +59 -50
- pulumi_vault/ldap/auth_backend.py +127 -166
- pulumi_vault/ldap/auth_backend_group.py +14 -9
- pulumi_vault/ldap/auth_backend_user.py +14 -9
- pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
- pulumi_vault/ldap/get_static_credentials.py +24 -5
- pulumi_vault/ldap/secret_backend.py +354 -82
- pulumi_vault/ldap/secret_backend_dynamic_role.py +18 -11
- pulumi_vault/ldap/secret_backend_library_set.py +16 -9
- pulumi_vault/ldap/secret_backend_static_role.py +73 -12
- pulumi_vault/managed/_inputs.py +289 -132
- pulumi_vault/managed/keys.py +29 -57
- pulumi_vault/managed/outputs.py +89 -132
- pulumi_vault/mfa_duo.py +18 -11
- pulumi_vault/mfa_okta.py +18 -11
- pulumi_vault/mfa_pingid.py +18 -11
- pulumi_vault/mfa_totp.py +24 -17
- pulumi_vault/mongodbatlas/secret_backend.py +20 -15
- pulumi_vault/mongodbatlas/secret_role.py +47 -38
- pulumi_vault/mount.py +391 -51
- pulumi_vault/namespace.py +68 -83
- pulumi_vault/nomad_secret_backend.py +18 -13
- pulumi_vault/nomad_secret_role.py +14 -9
- pulumi_vault/okta/_inputs.py +47 -8
- pulumi_vault/okta/auth_backend.py +485 -39
- pulumi_vault/okta/auth_backend_group.py +14 -9
- pulumi_vault/okta/auth_backend_user.py +14 -9
- pulumi_vault/okta/outputs.py +13 -8
- pulumi_vault/outputs.py +5 -0
- pulumi_vault/password_policy.py +20 -13
- pulumi_vault/pkisecret/__init__.py +3 -0
- pulumi_vault/pkisecret/_inputs.py +81 -0
- pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
- pulumi_vault/pkisecret/backend_config_est.py +619 -0
- pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
- pulumi_vault/pkisecret/get_backend_issuer.py +67 -9
- pulumi_vault/pkisecret/get_backend_issuers.py +21 -8
- pulumi_vault/pkisecret/get_backend_key.py +24 -9
- pulumi_vault/pkisecret/get_backend_keys.py +21 -8
- pulumi_vault/pkisecret/outputs.py +69 -0
- pulumi_vault/pkisecret/secret_backend_cert.py +18 -11
- pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -11
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +14 -9
- pulumi_vault/pkisecret/secret_backend_config_urls.py +67 -11
- pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -9
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -11
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -17
- pulumi_vault/pkisecret/secret_backend_issuer.py +14 -9
- pulumi_vault/pkisecret/secret_backend_key.py +14 -9
- pulumi_vault/pkisecret/secret_backend_role.py +21 -14
- pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -48
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -56
- pulumi_vault/pkisecret/secret_backend_sign.py +18 -54
- pulumi_vault/plugin.py +595 -0
- pulumi_vault/plugin_pinned_version.py +298 -0
- pulumi_vault/policy.py +14 -9
- pulumi_vault/provider.py +48 -53
- pulumi_vault/pulumi-plugin.json +2 -1
- pulumi_vault/quota_lease_count.py +60 -6
- pulumi_vault/quota_rate_limit.py +56 -2
- pulumi_vault/rabbitmq/_inputs.py +61 -0
- pulumi_vault/rabbitmq/outputs.py +5 -0
- pulumi_vault/rabbitmq/secret_backend.py +18 -13
- pulumi_vault/rabbitmq/secret_backend_role.py +54 -47
- pulumi_vault/raft_autopilot.py +14 -9
- pulumi_vault/raft_snapshot_agent_config.py +129 -224
- pulumi_vault/rgp_policy.py +14 -9
- pulumi_vault/saml/auth_backend.py +22 -17
- pulumi_vault/saml/auth_backend_role.py +92 -197
- pulumi_vault/secrets/__init__.py +3 -0
- pulumi_vault/secrets/_inputs.py +110 -0
- pulumi_vault/secrets/outputs.py +94 -0
- pulumi_vault/secrets/sync_association.py +56 -71
- pulumi_vault/secrets/sync_aws_destination.py +242 -27
- pulumi_vault/secrets/sync_azure_destination.py +92 -31
- pulumi_vault/secrets/sync_config.py +9 -4
- pulumi_vault/secrets/sync_gcp_destination.py +158 -25
- pulumi_vault/secrets/sync_gh_destination.py +189 -13
- pulumi_vault/secrets/sync_github_apps.py +375 -0
- pulumi_vault/secrets/sync_vercel_destination.py +74 -13
- pulumi_vault/ssh/_inputs.py +28 -28
- pulumi_vault/ssh/outputs.py +11 -28
- pulumi_vault/ssh/secret_backend_ca.py +108 -9
- pulumi_vault/ssh/secret_backend_role.py +85 -118
- pulumi_vault/terraformcloud/secret_backend.py +7 -54
- pulumi_vault/terraformcloud/secret_creds.py +14 -20
- pulumi_vault/terraformcloud/secret_role.py +16 -74
- pulumi_vault/token.py +28 -23
- pulumi_vault/tokenauth/auth_backend_role.py +78 -199
- pulumi_vault/transform/alphabet.py +16 -9
- pulumi_vault/transform/get_decode.py +45 -17
- pulumi_vault/transform/get_encode.py +45 -17
- pulumi_vault/transform/role.py +16 -9
- pulumi_vault/transform/template.py +30 -21
- pulumi_vault/transform/transformation.py +12 -7
- pulumi_vault/transit/get_decrypt.py +26 -21
- pulumi_vault/transit/get_encrypt.py +24 -19
- pulumi_vault/transit/secret_backend_key.py +27 -93
- pulumi_vault/transit/secret_cache_config.py +12 -7
- {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/METADATA +8 -7
- pulumi_vault-6.5.0a1736836139.dist-info/RECORD +256 -0
- {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/WHEEL +1 -1
- pulumi_vault-5.21.0a1709368526.dist-info/RECORD +0 -244
- {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/top_level.txt +0 -0
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
|
12
17
|
__all__ = ['SecretBackendRoleArgs', 'SecretBackendRole']
|
@@ -17,7 +22,9 @@ class SecretBackendRoleArgs:
|
|
17
22
|
backend: pulumi.Input[str],
|
18
23
|
credential_type: pulumi.Input[str],
|
19
24
|
default_sts_ttl: Optional[pulumi.Input[int]] = None,
|
25
|
+
external_id: Optional[pulumi.Input[str]] = None,
|
20
26
|
iam_groups: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
27
|
+
iam_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
21
28
|
max_sts_ttl: Optional[pulumi.Input[int]] = None,
|
22
29
|
name: Optional[pulumi.Input[str]] = None,
|
23
30
|
namespace: Optional[pulumi.Input[str]] = None,
|
@@ -25,6 +32,7 @@ class SecretBackendRoleArgs:
|
|
25
32
|
policy_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
26
33
|
policy_document: Optional[pulumi.Input[str]] = None,
|
27
34
|
role_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
35
|
+
session_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
28
36
|
user_path: Optional[pulumi.Input[str]] = None):
|
29
37
|
"""
|
30
38
|
The set of arguments for constructing a SecretBackendRole resource.
|
@@ -38,12 +46,16 @@ class SecretBackendRoleArgs:
|
|
38
46
|
and a default TTL is specified on the role,
|
39
47
|
then this default TTL will be used. Valid only when `credential_type` is one of
|
40
48
|
`assumed_role` or `federation_token`.
|
49
|
+
:param pulumi.Input[str] external_id: External ID to set for assume role creds.
|
50
|
+
Valid only when `credential_type` is set to `assumed_role`.
|
41
51
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] iam_groups: A list of IAM group names. IAM users generated
|
42
52
|
against this vault role will be added to these IAM Groups. For a credential
|
43
53
|
type of `assumed_role` or `federation_token`, the policies sent to the
|
44
54
|
corresponding AWS call (sts:AssumeRole or sts:GetFederation) will be the
|
45
55
|
policies from each group in `iam_groups` combined with the `policy_document`
|
46
56
|
and `policy_arns` parameters.
|
57
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] iam_tags: A map of strings representing key/value pairs
|
58
|
+
to be used as tags for any IAM user that is created by this role.
|
47
59
|
:param pulumi.Input[int] max_sts_ttl: The max allowed TTL in seconds for STS credentials
|
48
60
|
(credentials TTL are capped to `max_sts_ttl`). Valid only when `credential_type` is
|
49
61
|
one of `assumed_role` or `federation_token`.
|
@@ -51,7 +63,7 @@ class SecretBackendRoleArgs:
|
|
51
63
|
Must be unique within the backend.
|
52
64
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
53
65
|
The value should not contain leading or trailing forward slashes.
|
54
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
66
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
55
67
|
*Available only for Vault Enterprise*.
|
56
68
|
:param pulumi.Input[str] permissions_boundary_arn: The ARN of the AWS Permissions
|
57
69
|
Boundary to attach to IAM users created in the role. Valid only when
|
@@ -72,6 +84,9 @@ class SecretBackendRoleArgs:
|
|
72
84
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] role_arns: Specifies the ARNs of the AWS roles this Vault role
|
73
85
|
is allowed to assume. Required when `credential_type` is `assumed_role` and
|
74
86
|
prohibited otherwise.
|
87
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] session_tags: A map of strings representing key/value pairs to be set
|
88
|
+
during assume role creds creation. Valid only when `credential_type` is set to
|
89
|
+
`assumed_role`.
|
75
90
|
:param pulumi.Input[str] user_path: The path for the user name. Valid only when
|
76
91
|
`credential_type` is `iam_user`. Default is `/`.
|
77
92
|
"""
|
@@ -79,8 +94,12 @@ class SecretBackendRoleArgs:
|
|
79
94
|
pulumi.set(__self__, "credential_type", credential_type)
|
80
95
|
if default_sts_ttl is not None:
|
81
96
|
pulumi.set(__self__, "default_sts_ttl", default_sts_ttl)
|
97
|
+
if external_id is not None:
|
98
|
+
pulumi.set(__self__, "external_id", external_id)
|
82
99
|
if iam_groups is not None:
|
83
100
|
pulumi.set(__self__, "iam_groups", iam_groups)
|
101
|
+
if iam_tags is not None:
|
102
|
+
pulumi.set(__self__, "iam_tags", iam_tags)
|
84
103
|
if max_sts_ttl is not None:
|
85
104
|
pulumi.set(__self__, "max_sts_ttl", max_sts_ttl)
|
86
105
|
if name is not None:
|
@@ -95,6 +114,8 @@ class SecretBackendRoleArgs:
|
|
95
114
|
pulumi.set(__self__, "policy_document", policy_document)
|
96
115
|
if role_arns is not None:
|
97
116
|
pulumi.set(__self__, "role_arns", role_arns)
|
117
|
+
if session_tags is not None:
|
118
|
+
pulumi.set(__self__, "session_tags", session_tags)
|
98
119
|
if user_path is not None:
|
99
120
|
pulumi.set(__self__, "user_path", user_path)
|
100
121
|
|
@@ -141,6 +162,19 @@ class SecretBackendRoleArgs:
|
|
141
162
|
def default_sts_ttl(self, value: Optional[pulumi.Input[int]]):
|
142
163
|
pulumi.set(self, "default_sts_ttl", value)
|
143
164
|
|
165
|
+
@property
|
166
|
+
@pulumi.getter(name="externalId")
|
167
|
+
def external_id(self) -> Optional[pulumi.Input[str]]:
|
168
|
+
"""
|
169
|
+
External ID to set for assume role creds.
|
170
|
+
Valid only when `credential_type` is set to `assumed_role`.
|
171
|
+
"""
|
172
|
+
return pulumi.get(self, "external_id")
|
173
|
+
|
174
|
+
@external_id.setter
|
175
|
+
def external_id(self, value: Optional[pulumi.Input[str]]):
|
176
|
+
pulumi.set(self, "external_id", value)
|
177
|
+
|
144
178
|
@property
|
145
179
|
@pulumi.getter(name="iamGroups")
|
146
180
|
def iam_groups(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
@@ -158,6 +192,19 @@ class SecretBackendRoleArgs:
|
|
158
192
|
def iam_groups(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
159
193
|
pulumi.set(self, "iam_groups", value)
|
160
194
|
|
195
|
+
@property
|
196
|
+
@pulumi.getter(name="iamTags")
|
197
|
+
def iam_tags(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
|
198
|
+
"""
|
199
|
+
A map of strings representing key/value pairs
|
200
|
+
to be used as tags for any IAM user that is created by this role.
|
201
|
+
"""
|
202
|
+
return pulumi.get(self, "iam_tags")
|
203
|
+
|
204
|
+
@iam_tags.setter
|
205
|
+
def iam_tags(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
|
206
|
+
pulumi.set(self, "iam_tags", value)
|
207
|
+
|
161
208
|
@property
|
162
209
|
@pulumi.getter(name="maxStsTtl")
|
163
210
|
def max_sts_ttl(self) -> Optional[pulumi.Input[int]]:
|
@@ -191,7 +238,7 @@ class SecretBackendRoleArgs:
|
|
191
238
|
"""
|
192
239
|
The namespace to provision the resource in.
|
193
240
|
The value should not contain leading or trailing forward slashes.
|
194
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
241
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
195
242
|
*Available only for Vault Enterprise*.
|
196
243
|
"""
|
197
244
|
return pulumi.get(self, "namespace")
|
@@ -263,6 +310,20 @@ class SecretBackendRoleArgs:
|
|
263
310
|
def role_arns(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
264
311
|
pulumi.set(self, "role_arns", value)
|
265
312
|
|
313
|
+
@property
|
314
|
+
@pulumi.getter(name="sessionTags")
|
315
|
+
def session_tags(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
|
316
|
+
"""
|
317
|
+
A map of strings representing key/value pairs to be set
|
318
|
+
during assume role creds creation. Valid only when `credential_type` is set to
|
319
|
+
`assumed_role`.
|
320
|
+
"""
|
321
|
+
return pulumi.get(self, "session_tags")
|
322
|
+
|
323
|
+
@session_tags.setter
|
324
|
+
def session_tags(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
|
325
|
+
pulumi.set(self, "session_tags", value)
|
326
|
+
|
266
327
|
@property
|
267
328
|
@pulumi.getter(name="userPath")
|
268
329
|
def user_path(self) -> Optional[pulumi.Input[str]]:
|
@@ -283,7 +344,9 @@ class _SecretBackendRoleState:
|
|
283
344
|
backend: Optional[pulumi.Input[str]] = None,
|
284
345
|
credential_type: Optional[pulumi.Input[str]] = None,
|
285
346
|
default_sts_ttl: Optional[pulumi.Input[int]] = None,
|
347
|
+
external_id: Optional[pulumi.Input[str]] = None,
|
286
348
|
iam_groups: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
349
|
+
iam_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
287
350
|
max_sts_ttl: Optional[pulumi.Input[int]] = None,
|
288
351
|
name: Optional[pulumi.Input[str]] = None,
|
289
352
|
namespace: Optional[pulumi.Input[str]] = None,
|
@@ -291,6 +354,7 @@ class _SecretBackendRoleState:
|
|
291
354
|
policy_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
292
355
|
policy_document: Optional[pulumi.Input[str]] = None,
|
293
356
|
role_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
357
|
+
session_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
294
358
|
user_path: Optional[pulumi.Input[str]] = None):
|
295
359
|
"""
|
296
360
|
Input properties used for looking up and filtering SecretBackendRole resources.
|
@@ -304,12 +368,16 @@ class _SecretBackendRoleState:
|
|
304
368
|
and a default TTL is specified on the role,
|
305
369
|
then this default TTL will be used. Valid only when `credential_type` is one of
|
306
370
|
`assumed_role` or `federation_token`.
|
371
|
+
:param pulumi.Input[str] external_id: External ID to set for assume role creds.
|
372
|
+
Valid only when `credential_type` is set to `assumed_role`.
|
307
373
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] iam_groups: A list of IAM group names. IAM users generated
|
308
374
|
against this vault role will be added to these IAM Groups. For a credential
|
309
375
|
type of `assumed_role` or `federation_token`, the policies sent to the
|
310
376
|
corresponding AWS call (sts:AssumeRole or sts:GetFederation) will be the
|
311
377
|
policies from each group in `iam_groups` combined with the `policy_document`
|
312
378
|
and `policy_arns` parameters.
|
379
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] iam_tags: A map of strings representing key/value pairs
|
380
|
+
to be used as tags for any IAM user that is created by this role.
|
313
381
|
:param pulumi.Input[int] max_sts_ttl: The max allowed TTL in seconds for STS credentials
|
314
382
|
(credentials TTL are capped to `max_sts_ttl`). Valid only when `credential_type` is
|
315
383
|
one of `assumed_role` or `federation_token`.
|
@@ -317,7 +385,7 @@ class _SecretBackendRoleState:
|
|
317
385
|
Must be unique within the backend.
|
318
386
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
319
387
|
The value should not contain leading or trailing forward slashes.
|
320
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
388
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
321
389
|
*Available only for Vault Enterprise*.
|
322
390
|
:param pulumi.Input[str] permissions_boundary_arn: The ARN of the AWS Permissions
|
323
391
|
Boundary to attach to IAM users created in the role. Valid only when
|
@@ -338,6 +406,9 @@ class _SecretBackendRoleState:
|
|
338
406
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] role_arns: Specifies the ARNs of the AWS roles this Vault role
|
339
407
|
is allowed to assume. Required when `credential_type` is `assumed_role` and
|
340
408
|
prohibited otherwise.
|
409
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] session_tags: A map of strings representing key/value pairs to be set
|
410
|
+
during assume role creds creation. Valid only when `credential_type` is set to
|
411
|
+
`assumed_role`.
|
341
412
|
:param pulumi.Input[str] user_path: The path for the user name. Valid only when
|
342
413
|
`credential_type` is `iam_user`. Default is `/`.
|
343
414
|
"""
|
@@ -347,8 +418,12 @@ class _SecretBackendRoleState:
|
|
347
418
|
pulumi.set(__self__, "credential_type", credential_type)
|
348
419
|
if default_sts_ttl is not None:
|
349
420
|
pulumi.set(__self__, "default_sts_ttl", default_sts_ttl)
|
421
|
+
if external_id is not None:
|
422
|
+
pulumi.set(__self__, "external_id", external_id)
|
350
423
|
if iam_groups is not None:
|
351
424
|
pulumi.set(__self__, "iam_groups", iam_groups)
|
425
|
+
if iam_tags is not None:
|
426
|
+
pulumi.set(__self__, "iam_tags", iam_tags)
|
352
427
|
if max_sts_ttl is not None:
|
353
428
|
pulumi.set(__self__, "max_sts_ttl", max_sts_ttl)
|
354
429
|
if name is not None:
|
@@ -363,6 +438,8 @@ class _SecretBackendRoleState:
|
|
363
438
|
pulumi.set(__self__, "policy_document", policy_document)
|
364
439
|
if role_arns is not None:
|
365
440
|
pulumi.set(__self__, "role_arns", role_arns)
|
441
|
+
if session_tags is not None:
|
442
|
+
pulumi.set(__self__, "session_tags", session_tags)
|
366
443
|
if user_path is not None:
|
367
444
|
pulumi.set(__self__, "user_path", user_path)
|
368
445
|
|
@@ -409,6 +486,19 @@ class _SecretBackendRoleState:
|
|
409
486
|
def default_sts_ttl(self, value: Optional[pulumi.Input[int]]):
|
410
487
|
pulumi.set(self, "default_sts_ttl", value)
|
411
488
|
|
489
|
+
@property
|
490
|
+
@pulumi.getter(name="externalId")
|
491
|
+
def external_id(self) -> Optional[pulumi.Input[str]]:
|
492
|
+
"""
|
493
|
+
External ID to set for assume role creds.
|
494
|
+
Valid only when `credential_type` is set to `assumed_role`.
|
495
|
+
"""
|
496
|
+
return pulumi.get(self, "external_id")
|
497
|
+
|
498
|
+
@external_id.setter
|
499
|
+
def external_id(self, value: Optional[pulumi.Input[str]]):
|
500
|
+
pulumi.set(self, "external_id", value)
|
501
|
+
|
412
502
|
@property
|
413
503
|
@pulumi.getter(name="iamGroups")
|
414
504
|
def iam_groups(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
@@ -426,6 +516,19 @@ class _SecretBackendRoleState:
|
|
426
516
|
def iam_groups(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
427
517
|
pulumi.set(self, "iam_groups", value)
|
428
518
|
|
519
|
+
@property
|
520
|
+
@pulumi.getter(name="iamTags")
|
521
|
+
def iam_tags(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
|
522
|
+
"""
|
523
|
+
A map of strings representing key/value pairs
|
524
|
+
to be used as tags for any IAM user that is created by this role.
|
525
|
+
"""
|
526
|
+
return pulumi.get(self, "iam_tags")
|
527
|
+
|
528
|
+
@iam_tags.setter
|
529
|
+
def iam_tags(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
|
530
|
+
pulumi.set(self, "iam_tags", value)
|
531
|
+
|
429
532
|
@property
|
430
533
|
@pulumi.getter(name="maxStsTtl")
|
431
534
|
def max_sts_ttl(self) -> Optional[pulumi.Input[int]]:
|
@@ -459,7 +562,7 @@ class _SecretBackendRoleState:
|
|
459
562
|
"""
|
460
563
|
The namespace to provision the resource in.
|
461
564
|
The value should not contain leading or trailing forward slashes.
|
462
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
565
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
463
566
|
*Available only for Vault Enterprise*.
|
464
567
|
"""
|
465
568
|
return pulumi.get(self, "namespace")
|
@@ -531,6 +634,20 @@ class _SecretBackendRoleState:
|
|
531
634
|
def role_arns(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
532
635
|
pulumi.set(self, "role_arns", value)
|
533
636
|
|
637
|
+
@property
|
638
|
+
@pulumi.getter(name="sessionTags")
|
639
|
+
def session_tags(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
|
640
|
+
"""
|
641
|
+
A map of strings representing key/value pairs to be set
|
642
|
+
during assume role creds creation. Valid only when `credential_type` is set to
|
643
|
+
`assumed_role`.
|
644
|
+
"""
|
645
|
+
return pulumi.get(self, "session_tags")
|
646
|
+
|
647
|
+
@session_tags.setter
|
648
|
+
def session_tags(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
|
649
|
+
pulumi.set(self, "session_tags", value)
|
650
|
+
|
534
651
|
@property
|
535
652
|
@pulumi.getter(name="userPath")
|
536
653
|
def user_path(self) -> Optional[pulumi.Input[str]]:
|
@@ -553,7 +670,9 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
553
670
|
backend: Optional[pulumi.Input[str]] = None,
|
554
671
|
credential_type: Optional[pulumi.Input[str]] = None,
|
555
672
|
default_sts_ttl: Optional[pulumi.Input[int]] = None,
|
673
|
+
external_id: Optional[pulumi.Input[str]] = None,
|
556
674
|
iam_groups: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
675
|
+
iam_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
557
676
|
max_sts_ttl: Optional[pulumi.Input[int]] = None,
|
558
677
|
name: Optional[pulumi.Input[str]] = None,
|
559
678
|
namespace: Optional[pulumi.Input[str]] = None,
|
@@ -561,6 +680,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
561
680
|
policy_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
562
681
|
policy_document: Optional[pulumi.Input[str]] = None,
|
563
682
|
role_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
683
|
+
session_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
564
684
|
user_path: Optional[pulumi.Input[str]] = None,
|
565
685
|
__props__=None):
|
566
686
|
"""
|
@@ -575,6 +695,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
575
695
|
secret_key="AWS secret key")
|
576
696
|
role = vault.aws.SecretBackendRole("role",
|
577
697
|
backend=aws.path,
|
698
|
+
name="deploy",
|
578
699
|
credential_type="iam_user",
|
579
700
|
policy_document=\"\"\"{
|
580
701
|
"Version": "2012-10-17",
|
@@ -594,7 +715,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
594
715
|
AWS secret backend roles can be imported using the `path`, e.g.
|
595
716
|
|
596
717
|
```sh
|
597
|
-
|
718
|
+
$ pulumi import vault:aws/secretBackendRole:SecretBackendRole role aws/roles/deploy
|
598
719
|
```
|
599
720
|
|
600
721
|
:param str resource_name: The name of the resource.
|
@@ -609,12 +730,16 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
609
730
|
and a default TTL is specified on the role,
|
610
731
|
then this default TTL will be used. Valid only when `credential_type` is one of
|
611
732
|
`assumed_role` or `federation_token`.
|
733
|
+
:param pulumi.Input[str] external_id: External ID to set for assume role creds.
|
734
|
+
Valid only when `credential_type` is set to `assumed_role`.
|
612
735
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] iam_groups: A list of IAM group names. IAM users generated
|
613
736
|
against this vault role will be added to these IAM Groups. For a credential
|
614
737
|
type of `assumed_role` or `federation_token`, the policies sent to the
|
615
738
|
corresponding AWS call (sts:AssumeRole or sts:GetFederation) will be the
|
616
739
|
policies from each group in `iam_groups` combined with the `policy_document`
|
617
740
|
and `policy_arns` parameters.
|
741
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] iam_tags: A map of strings representing key/value pairs
|
742
|
+
to be used as tags for any IAM user that is created by this role.
|
618
743
|
:param pulumi.Input[int] max_sts_ttl: The max allowed TTL in seconds for STS credentials
|
619
744
|
(credentials TTL are capped to `max_sts_ttl`). Valid only when `credential_type` is
|
620
745
|
one of `assumed_role` or `federation_token`.
|
@@ -622,7 +747,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
622
747
|
Must be unique within the backend.
|
623
748
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
624
749
|
The value should not contain leading or trailing forward slashes.
|
625
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
750
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
626
751
|
*Available only for Vault Enterprise*.
|
627
752
|
:param pulumi.Input[str] permissions_boundary_arn: The ARN of the AWS Permissions
|
628
753
|
Boundary to attach to IAM users created in the role. Valid only when
|
@@ -643,6 +768,9 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
643
768
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] role_arns: Specifies the ARNs of the AWS roles this Vault role
|
644
769
|
is allowed to assume. Required when `credential_type` is `assumed_role` and
|
645
770
|
prohibited otherwise.
|
771
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] session_tags: A map of strings representing key/value pairs to be set
|
772
|
+
during assume role creds creation. Valid only when `credential_type` is set to
|
773
|
+
`assumed_role`.
|
646
774
|
:param pulumi.Input[str] user_path: The path for the user name. Valid only when
|
647
775
|
`credential_type` is `iam_user`. Default is `/`.
|
648
776
|
"""
|
@@ -664,6 +792,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
664
792
|
secret_key="AWS secret key")
|
665
793
|
role = vault.aws.SecretBackendRole("role",
|
666
794
|
backend=aws.path,
|
795
|
+
name="deploy",
|
667
796
|
credential_type="iam_user",
|
668
797
|
policy_document=\"\"\"{
|
669
798
|
"Version": "2012-10-17",
|
@@ -683,7 +812,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
683
812
|
AWS secret backend roles can be imported using the `path`, e.g.
|
684
813
|
|
685
814
|
```sh
|
686
|
-
|
815
|
+
$ pulumi import vault:aws/secretBackendRole:SecretBackendRole role aws/roles/deploy
|
687
816
|
```
|
688
817
|
|
689
818
|
:param str resource_name: The name of the resource.
|
@@ -704,7 +833,9 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
704
833
|
backend: Optional[pulumi.Input[str]] = None,
|
705
834
|
credential_type: Optional[pulumi.Input[str]] = None,
|
706
835
|
default_sts_ttl: Optional[pulumi.Input[int]] = None,
|
836
|
+
external_id: Optional[pulumi.Input[str]] = None,
|
707
837
|
iam_groups: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
838
|
+
iam_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
708
839
|
max_sts_ttl: Optional[pulumi.Input[int]] = None,
|
709
840
|
name: Optional[pulumi.Input[str]] = None,
|
710
841
|
namespace: Optional[pulumi.Input[str]] = None,
|
@@ -712,6 +843,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
712
843
|
policy_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
713
844
|
policy_document: Optional[pulumi.Input[str]] = None,
|
714
845
|
role_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
846
|
+
session_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
715
847
|
user_path: Optional[pulumi.Input[str]] = None,
|
716
848
|
__props__=None):
|
717
849
|
opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
|
@@ -729,7 +861,9 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
729
861
|
raise TypeError("Missing required property 'credential_type'")
|
730
862
|
__props__.__dict__["credential_type"] = credential_type
|
731
863
|
__props__.__dict__["default_sts_ttl"] = default_sts_ttl
|
864
|
+
__props__.__dict__["external_id"] = external_id
|
732
865
|
__props__.__dict__["iam_groups"] = iam_groups
|
866
|
+
__props__.__dict__["iam_tags"] = iam_tags
|
733
867
|
__props__.__dict__["max_sts_ttl"] = max_sts_ttl
|
734
868
|
__props__.__dict__["name"] = name
|
735
869
|
__props__.__dict__["namespace"] = namespace
|
@@ -737,6 +871,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
737
871
|
__props__.__dict__["policy_arns"] = policy_arns
|
738
872
|
__props__.__dict__["policy_document"] = policy_document
|
739
873
|
__props__.__dict__["role_arns"] = role_arns
|
874
|
+
__props__.__dict__["session_tags"] = session_tags
|
740
875
|
__props__.__dict__["user_path"] = user_path
|
741
876
|
super(SecretBackendRole, __self__).__init__(
|
742
877
|
'vault:aws/secretBackendRole:SecretBackendRole',
|
@@ -751,7 +886,9 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
751
886
|
backend: Optional[pulumi.Input[str]] = None,
|
752
887
|
credential_type: Optional[pulumi.Input[str]] = None,
|
753
888
|
default_sts_ttl: Optional[pulumi.Input[int]] = None,
|
889
|
+
external_id: Optional[pulumi.Input[str]] = None,
|
754
890
|
iam_groups: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
891
|
+
iam_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
755
892
|
max_sts_ttl: Optional[pulumi.Input[int]] = None,
|
756
893
|
name: Optional[pulumi.Input[str]] = None,
|
757
894
|
namespace: Optional[pulumi.Input[str]] = None,
|
@@ -759,6 +896,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
759
896
|
policy_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
760
897
|
policy_document: Optional[pulumi.Input[str]] = None,
|
761
898
|
role_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
899
|
+
session_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
762
900
|
user_path: Optional[pulumi.Input[str]] = None) -> 'SecretBackendRole':
|
763
901
|
"""
|
764
902
|
Get an existing SecretBackendRole resource's state with the given name, id, and optional extra
|
@@ -777,12 +915,16 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
777
915
|
and a default TTL is specified on the role,
|
778
916
|
then this default TTL will be used. Valid only when `credential_type` is one of
|
779
917
|
`assumed_role` or `federation_token`.
|
918
|
+
:param pulumi.Input[str] external_id: External ID to set for assume role creds.
|
919
|
+
Valid only when `credential_type` is set to `assumed_role`.
|
780
920
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] iam_groups: A list of IAM group names. IAM users generated
|
781
921
|
against this vault role will be added to these IAM Groups. For a credential
|
782
922
|
type of `assumed_role` or `federation_token`, the policies sent to the
|
783
923
|
corresponding AWS call (sts:AssumeRole or sts:GetFederation) will be the
|
784
924
|
policies from each group in `iam_groups` combined with the `policy_document`
|
785
925
|
and `policy_arns` parameters.
|
926
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] iam_tags: A map of strings representing key/value pairs
|
927
|
+
to be used as tags for any IAM user that is created by this role.
|
786
928
|
:param pulumi.Input[int] max_sts_ttl: The max allowed TTL in seconds for STS credentials
|
787
929
|
(credentials TTL are capped to `max_sts_ttl`). Valid only when `credential_type` is
|
788
930
|
one of `assumed_role` or `federation_token`.
|
@@ -790,7 +932,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
790
932
|
Must be unique within the backend.
|
791
933
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
792
934
|
The value should not contain leading or trailing forward slashes.
|
793
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
935
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
794
936
|
*Available only for Vault Enterprise*.
|
795
937
|
:param pulumi.Input[str] permissions_boundary_arn: The ARN of the AWS Permissions
|
796
938
|
Boundary to attach to IAM users created in the role. Valid only when
|
@@ -811,6 +953,9 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
811
953
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] role_arns: Specifies the ARNs of the AWS roles this Vault role
|
812
954
|
is allowed to assume. Required when `credential_type` is `assumed_role` and
|
813
955
|
prohibited otherwise.
|
956
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] session_tags: A map of strings representing key/value pairs to be set
|
957
|
+
during assume role creds creation. Valid only when `credential_type` is set to
|
958
|
+
`assumed_role`.
|
814
959
|
:param pulumi.Input[str] user_path: The path for the user name. Valid only when
|
815
960
|
`credential_type` is `iam_user`. Default is `/`.
|
816
961
|
"""
|
@@ -821,7 +966,9 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
821
966
|
__props__.__dict__["backend"] = backend
|
822
967
|
__props__.__dict__["credential_type"] = credential_type
|
823
968
|
__props__.__dict__["default_sts_ttl"] = default_sts_ttl
|
969
|
+
__props__.__dict__["external_id"] = external_id
|
824
970
|
__props__.__dict__["iam_groups"] = iam_groups
|
971
|
+
__props__.__dict__["iam_tags"] = iam_tags
|
825
972
|
__props__.__dict__["max_sts_ttl"] = max_sts_ttl
|
826
973
|
__props__.__dict__["name"] = name
|
827
974
|
__props__.__dict__["namespace"] = namespace
|
@@ -829,6 +976,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
829
976
|
__props__.__dict__["policy_arns"] = policy_arns
|
830
977
|
__props__.__dict__["policy_document"] = policy_document
|
831
978
|
__props__.__dict__["role_arns"] = role_arns
|
979
|
+
__props__.__dict__["session_tags"] = session_tags
|
832
980
|
__props__.__dict__["user_path"] = user_path
|
833
981
|
return SecretBackendRole(resource_name, opts=opts, __props__=__props__)
|
834
982
|
|
@@ -863,6 +1011,15 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
863
1011
|
"""
|
864
1012
|
return pulumi.get(self, "default_sts_ttl")
|
865
1013
|
|
1014
|
+
@property
|
1015
|
+
@pulumi.getter(name="externalId")
|
1016
|
+
def external_id(self) -> pulumi.Output[Optional[str]]:
|
1017
|
+
"""
|
1018
|
+
External ID to set for assume role creds.
|
1019
|
+
Valid only when `credential_type` is set to `assumed_role`.
|
1020
|
+
"""
|
1021
|
+
return pulumi.get(self, "external_id")
|
1022
|
+
|
866
1023
|
@property
|
867
1024
|
@pulumi.getter(name="iamGroups")
|
868
1025
|
def iam_groups(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
@@ -876,6 +1033,15 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
876
1033
|
"""
|
877
1034
|
return pulumi.get(self, "iam_groups")
|
878
1035
|
|
1036
|
+
@property
|
1037
|
+
@pulumi.getter(name="iamTags")
|
1038
|
+
def iam_tags(self) -> pulumi.Output[Optional[Mapping[str, str]]]:
|
1039
|
+
"""
|
1040
|
+
A map of strings representing key/value pairs
|
1041
|
+
to be used as tags for any IAM user that is created by this role.
|
1042
|
+
"""
|
1043
|
+
return pulumi.get(self, "iam_tags")
|
1044
|
+
|
879
1045
|
@property
|
880
1046
|
@pulumi.getter(name="maxStsTtl")
|
881
1047
|
def max_sts_ttl(self) -> pulumi.Output[int]:
|
@@ -901,7 +1067,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
901
1067
|
"""
|
902
1068
|
The namespace to provision the resource in.
|
903
1069
|
The value should not contain leading or trailing forward slashes.
|
904
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
1070
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
905
1071
|
*Available only for Vault Enterprise*.
|
906
1072
|
"""
|
907
1073
|
return pulumi.get(self, "namespace")
|
@@ -953,6 +1119,16 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
953
1119
|
"""
|
954
1120
|
return pulumi.get(self, "role_arns")
|
955
1121
|
|
1122
|
+
@property
|
1123
|
+
@pulumi.getter(name="sessionTags")
|
1124
|
+
def session_tags(self) -> pulumi.Output[Optional[Mapping[str, str]]]:
|
1125
|
+
"""
|
1126
|
+
A map of strings representing key/value pairs to be set
|
1127
|
+
during assume role creds creation. Valid only when `credential_type` is set to
|
1128
|
+
`assumed_role`.
|
1129
|
+
"""
|
1130
|
+
return pulumi.get(self, "session_tags")
|
1131
|
+
|
956
1132
|
@property
|
957
1133
|
@pulumi.getter(name="userPath")
|
958
1134
|
def user_path(self) -> pulumi.Output[Optional[str]]:
|
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
|
12
17
|
__all__ = ['SecretBackendStaticRoleArgs', 'SecretBackendStaticRole']
|
@@ -29,7 +34,7 @@ class SecretBackendStaticRoleArgs:
|
|
29
34
|
Must be unique within the backend.
|
30
35
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
31
36
|
The value should not contain leading or trailing forward slashes.
|
32
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
37
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
33
38
|
*Available only for Vault Enterprise*.
|
34
39
|
"""
|
35
40
|
pulumi.set(__self__, "rotation_period", rotation_period)
|
@@ -97,7 +102,7 @@ class SecretBackendStaticRoleArgs:
|
|
97
102
|
"""
|
98
103
|
The namespace to provision the resource in.
|
99
104
|
The value should not contain leading or trailing forward slashes.
|
100
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
105
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
101
106
|
*Available only for Vault Enterprise*.
|
102
107
|
"""
|
103
108
|
return pulumi.get(self, "namespace")
|
@@ -123,7 +128,7 @@ class _SecretBackendStaticRoleState:
|
|
123
128
|
Must be unique within the backend.
|
124
129
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
125
130
|
The value should not contain leading or trailing forward slashes.
|
126
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
131
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
127
132
|
*Available only for Vault Enterprise*.
|
128
133
|
:param pulumi.Input[int] rotation_period: How often Vault should rotate the password of the user entry.
|
129
134
|
:param pulumi.Input[str] username: The username of the existing AWS IAM to manage password rotation for.
|
@@ -171,7 +176,7 @@ class _SecretBackendStaticRoleState:
|
|
171
176
|
"""
|
172
177
|
The namespace to provision the resource in.
|
173
178
|
The value should not contain leading or trailing forward slashes.
|
174
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
179
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
175
180
|
*Available only for Vault Enterprise*.
|
176
181
|
"""
|
177
182
|
return pulumi.get(self, "namespace")
|
@@ -228,16 +233,18 @@ class SecretBackendStaticRole(pulumi.CustomResource):
|
|
228
233
|
description="Obtain AWS credentials.")
|
229
234
|
role = vault.aws.SecretBackendStaticRole("role",
|
230
235
|
backend=aws.path,
|
236
|
+
name="test",
|
231
237
|
username="my-test-user",
|
232
238
|
rotation_period=3600)
|
233
239
|
```
|
234
240
|
|
235
241
|
## Import
|
236
242
|
|
237
|
-
AWS secret backend static role can be imported using the full path to the role
|
243
|
+
AWS secret backend static role can be imported using the full path to the role
|
244
|
+
of the form: `<mount_path>/static-roles/<role_name>` e.g.
|
238
245
|
|
239
246
|
```sh
|
240
|
-
|
247
|
+
$ pulumi import vault:aws/secretBackendStaticRole:SecretBackendStaticRole role aws/static-roles/example-role
|
241
248
|
```
|
242
249
|
|
243
250
|
:param str resource_name: The name of the resource.
|
@@ -248,7 +255,7 @@ class SecretBackendStaticRole(pulumi.CustomResource):
|
|
248
255
|
Must be unique within the backend.
|
249
256
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
250
257
|
The value should not contain leading or trailing forward slashes.
|
251
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
258
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
252
259
|
*Available only for Vault Enterprise*.
|
253
260
|
:param pulumi.Input[int] rotation_period: How often Vault should rotate the password of the user entry.
|
254
261
|
:param pulumi.Input[str] username: The username of the existing AWS IAM to manage password rotation for.
|
@@ -271,16 +278,18 @@ class SecretBackendStaticRole(pulumi.CustomResource):
|
|
271
278
|
description="Obtain AWS credentials.")
|
272
279
|
role = vault.aws.SecretBackendStaticRole("role",
|
273
280
|
backend=aws.path,
|
281
|
+
name="test",
|
274
282
|
username="my-test-user",
|
275
283
|
rotation_period=3600)
|
276
284
|
```
|
277
285
|
|
278
286
|
## Import
|
279
287
|
|
280
|
-
AWS secret backend static role can be imported using the full path to the role
|
288
|
+
AWS secret backend static role can be imported using the full path to the role
|
289
|
+
of the form: `<mount_path>/static-roles/<role_name>` e.g.
|
281
290
|
|
282
291
|
```sh
|
283
|
-
|
292
|
+
$ pulumi import vault:aws/secretBackendStaticRole:SecretBackendStaticRole role aws/static-roles/example-role
|
284
293
|
```
|
285
294
|
|
286
295
|
:param str resource_name: The name of the resource.
|
@@ -349,7 +358,7 @@ class SecretBackendStaticRole(pulumi.CustomResource):
|
|
349
358
|
Must be unique within the backend.
|
350
359
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
351
360
|
The value should not contain leading or trailing forward slashes.
|
352
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
361
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
353
362
|
*Available only for Vault Enterprise*.
|
354
363
|
:param pulumi.Input[int] rotation_period: How often Vault should rotate the password of the user entry.
|
355
364
|
:param pulumi.Input[str] username: The username of the existing AWS IAM to manage password rotation for.
|
@@ -389,7 +398,7 @@ class SecretBackendStaticRole(pulumi.CustomResource):
|
|
389
398
|
"""
|
390
399
|
The namespace to provision the resource in.
|
391
400
|
The value should not contain leading or trailing forward slashes.
|
392
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
401
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
393
402
|
*Available only for Vault Enterprise*.
|
394
403
|
"""
|
395
404
|
return pulumi.get(self, "namespace")
|