pulumi-vault 5.21.0a1709368526__py3-none-any.whl → 6.5.0a1736836139__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +52 -0
- pulumi_vault/_inputs.py +560 -0
- pulumi_vault/_utilities.py +41 -5
- pulumi_vault/ad/get_access_credentials.py +26 -9
- pulumi_vault/ad/secret_backend.py +16 -142
- pulumi_vault/ad/secret_library.py +16 -9
- pulumi_vault/ad/secret_role.py +14 -9
- pulumi_vault/alicloud/auth_backend_role.py +76 -190
- pulumi_vault/approle/auth_backend_login.py +12 -7
- pulumi_vault/approle/auth_backend_role.py +77 -191
- pulumi_vault/approle/auth_backend_role_secret_id.py +106 -7
- pulumi_vault/approle/get_auth_backend_role_id.py +18 -5
- pulumi_vault/audit.py +30 -21
- pulumi_vault/audit_request_header.py +11 -2
- pulumi_vault/auth_backend.py +66 -14
- pulumi_vault/aws/auth_backend_cert.py +18 -9
- pulumi_vault/aws/auth_backend_client.py +267 -22
- pulumi_vault/aws/auth_backend_config_identity.py +14 -9
- pulumi_vault/aws/auth_backend_identity_whitelist.py +20 -15
- pulumi_vault/aws/auth_backend_login.py +19 -22
- pulumi_vault/aws/auth_backend_role.py +77 -191
- pulumi_vault/aws/auth_backend_role_tag.py +12 -7
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -13
- pulumi_vault/aws/auth_backend_sts_role.py +14 -9
- pulumi_vault/aws/get_access_credentials.py +38 -9
- pulumi_vault/aws/get_static_access_credentials.py +19 -5
- pulumi_vault/aws/secret_backend.py +77 -9
- pulumi_vault/aws/secret_backend_role.py +185 -9
- pulumi_vault/aws/secret_backend_static_role.py +20 -11
- pulumi_vault/azure/_inputs.py +24 -0
- pulumi_vault/azure/auth_backend_config.py +153 -15
- pulumi_vault/azure/auth_backend_role.py +77 -191
- pulumi_vault/azure/backend.py +227 -21
- pulumi_vault/azure/backend_role.py +42 -37
- pulumi_vault/azure/get_access_credentials.py +41 -7
- pulumi_vault/azure/outputs.py +5 -0
- pulumi_vault/cert_auth_backend_role.py +87 -267
- pulumi_vault/config/__init__.pyi +5 -0
- pulumi_vault/config/_inputs.py +73 -0
- pulumi_vault/config/outputs.py +35 -0
- pulumi_vault/config/ui_custom_message.py +529 -0
- pulumi_vault/config/vars.py +5 -0
- pulumi_vault/consul/secret_backend.py +28 -19
- pulumi_vault/consul/secret_backend_role.py +18 -78
- pulumi_vault/database/_inputs.py +2770 -881
- pulumi_vault/database/outputs.py +721 -838
- pulumi_vault/database/secret_backend_connection.py +119 -112
- pulumi_vault/database/secret_backend_role.py +31 -22
- pulumi_vault/database/secret_backend_static_role.py +87 -13
- pulumi_vault/database/secrets_mount.py +427 -136
- pulumi_vault/egp_policy.py +16 -11
- pulumi_vault/gcp/_inputs.py +111 -0
- pulumi_vault/gcp/auth_backend.py +250 -33
- pulumi_vault/gcp/auth_backend_role.py +77 -269
- pulumi_vault/gcp/get_auth_backend_role.py +43 -5
- pulumi_vault/gcp/outputs.py +5 -0
- pulumi_vault/gcp/secret_backend.py +287 -12
- pulumi_vault/gcp/secret_impersonated_account.py +76 -15
- pulumi_vault/gcp/secret_roleset.py +31 -24
- pulumi_vault/gcp/secret_static_account.py +39 -32
- pulumi_vault/generic/endpoint.py +24 -17
- pulumi_vault/generic/get_secret.py +64 -8
- pulumi_vault/generic/secret.py +21 -16
- pulumi_vault/get_auth_backend.py +24 -7
- pulumi_vault/get_auth_backends.py +51 -9
- pulumi_vault/get_namespace.py +226 -0
- pulumi_vault/get_namespaces.py +153 -0
- pulumi_vault/get_nomad_access_token.py +31 -11
- pulumi_vault/get_policy_document.py +34 -19
- pulumi_vault/get_raft_autopilot_state.py +29 -10
- pulumi_vault/github/_inputs.py +55 -0
- pulumi_vault/github/auth_backend.py +19 -14
- pulumi_vault/github/outputs.py +5 -0
- pulumi_vault/github/team.py +16 -11
- pulumi_vault/github/user.py +16 -11
- pulumi_vault/identity/entity.py +20 -13
- pulumi_vault/identity/entity_alias.py +20 -13
- pulumi_vault/identity/entity_policies.py +28 -11
- pulumi_vault/identity/get_entity.py +42 -10
- pulumi_vault/identity/get_group.py +47 -9
- pulumi_vault/identity/get_oidc_client_creds.py +21 -7
- pulumi_vault/identity/get_oidc_openid_config.py +39 -9
- pulumi_vault/identity/get_oidc_public_keys.py +29 -10
- pulumi_vault/identity/group.py +58 -39
- pulumi_vault/identity/group_alias.py +16 -9
- pulumi_vault/identity/group_member_entity_ids.py +28 -66
- pulumi_vault/identity/group_member_group_ids.py +40 -19
- pulumi_vault/identity/group_policies.py +20 -7
- pulumi_vault/identity/mfa_duo.py +11 -6
- pulumi_vault/identity/mfa_login_enforcement.py +15 -6
- pulumi_vault/identity/mfa_okta.py +11 -6
- pulumi_vault/identity/mfa_pingid.py +7 -2
- pulumi_vault/identity/mfa_totp.py +7 -2
- pulumi_vault/identity/oidc.py +12 -7
- pulumi_vault/identity/oidc_assignment.py +24 -11
- pulumi_vault/identity/oidc_client.py +36 -23
- pulumi_vault/identity/oidc_key.py +30 -17
- pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -15
- pulumi_vault/identity/oidc_provider.py +36 -21
- pulumi_vault/identity/oidc_role.py +42 -21
- pulumi_vault/identity/oidc_scope.py +20 -13
- pulumi_vault/identity/outputs.py +8 -3
- pulumi_vault/jwt/_inputs.py +55 -0
- pulumi_vault/jwt/auth_backend.py +45 -40
- pulumi_vault/jwt/auth_backend_role.py +133 -254
- pulumi_vault/jwt/outputs.py +5 -0
- pulumi_vault/kmip/secret_backend.py +24 -19
- pulumi_vault/kmip/secret_role.py +14 -9
- pulumi_vault/kmip/secret_scope.py +14 -9
- pulumi_vault/kubernetes/auth_backend_config.py +57 -5
- pulumi_vault/kubernetes/auth_backend_role.py +70 -177
- pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
- pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
- pulumi_vault/kubernetes/get_service_account_token.py +39 -11
- pulumi_vault/kubernetes/secret_backend.py +316 -27
- pulumi_vault/kubernetes/secret_backend_role.py +137 -46
- pulumi_vault/kv/_inputs.py +36 -4
- pulumi_vault/kv/get_secret.py +25 -8
- pulumi_vault/kv/get_secret_subkeys_v2.py +33 -10
- pulumi_vault/kv/get_secret_v2.py +85 -9
- pulumi_vault/kv/get_secrets_list.py +24 -11
- pulumi_vault/kv/get_secrets_list_v2.py +37 -15
- pulumi_vault/kv/outputs.py +8 -3
- pulumi_vault/kv/secret.py +23 -16
- pulumi_vault/kv/secret_backend_v2.py +20 -11
- pulumi_vault/kv/secret_v2.py +59 -50
- pulumi_vault/ldap/auth_backend.py +127 -166
- pulumi_vault/ldap/auth_backend_group.py +14 -9
- pulumi_vault/ldap/auth_backend_user.py +14 -9
- pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
- pulumi_vault/ldap/get_static_credentials.py +24 -5
- pulumi_vault/ldap/secret_backend.py +354 -82
- pulumi_vault/ldap/secret_backend_dynamic_role.py +18 -11
- pulumi_vault/ldap/secret_backend_library_set.py +16 -9
- pulumi_vault/ldap/secret_backend_static_role.py +73 -12
- pulumi_vault/managed/_inputs.py +289 -132
- pulumi_vault/managed/keys.py +29 -57
- pulumi_vault/managed/outputs.py +89 -132
- pulumi_vault/mfa_duo.py +18 -11
- pulumi_vault/mfa_okta.py +18 -11
- pulumi_vault/mfa_pingid.py +18 -11
- pulumi_vault/mfa_totp.py +24 -17
- pulumi_vault/mongodbatlas/secret_backend.py +20 -15
- pulumi_vault/mongodbatlas/secret_role.py +47 -38
- pulumi_vault/mount.py +391 -51
- pulumi_vault/namespace.py +68 -83
- pulumi_vault/nomad_secret_backend.py +18 -13
- pulumi_vault/nomad_secret_role.py +14 -9
- pulumi_vault/okta/_inputs.py +47 -8
- pulumi_vault/okta/auth_backend.py +485 -39
- pulumi_vault/okta/auth_backend_group.py +14 -9
- pulumi_vault/okta/auth_backend_user.py +14 -9
- pulumi_vault/okta/outputs.py +13 -8
- pulumi_vault/outputs.py +5 -0
- pulumi_vault/password_policy.py +20 -13
- pulumi_vault/pkisecret/__init__.py +3 -0
- pulumi_vault/pkisecret/_inputs.py +81 -0
- pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
- pulumi_vault/pkisecret/backend_config_est.py +619 -0
- pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
- pulumi_vault/pkisecret/get_backend_issuer.py +67 -9
- pulumi_vault/pkisecret/get_backend_issuers.py +21 -8
- pulumi_vault/pkisecret/get_backend_key.py +24 -9
- pulumi_vault/pkisecret/get_backend_keys.py +21 -8
- pulumi_vault/pkisecret/outputs.py +69 -0
- pulumi_vault/pkisecret/secret_backend_cert.py +18 -11
- pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -11
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +14 -9
- pulumi_vault/pkisecret/secret_backend_config_urls.py +67 -11
- pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -9
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -11
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -17
- pulumi_vault/pkisecret/secret_backend_issuer.py +14 -9
- pulumi_vault/pkisecret/secret_backend_key.py +14 -9
- pulumi_vault/pkisecret/secret_backend_role.py +21 -14
- pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -48
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -56
- pulumi_vault/pkisecret/secret_backend_sign.py +18 -54
- pulumi_vault/plugin.py +595 -0
- pulumi_vault/plugin_pinned_version.py +298 -0
- pulumi_vault/policy.py +14 -9
- pulumi_vault/provider.py +48 -53
- pulumi_vault/pulumi-plugin.json +2 -1
- pulumi_vault/quota_lease_count.py +60 -6
- pulumi_vault/quota_rate_limit.py +56 -2
- pulumi_vault/rabbitmq/_inputs.py +61 -0
- pulumi_vault/rabbitmq/outputs.py +5 -0
- pulumi_vault/rabbitmq/secret_backend.py +18 -13
- pulumi_vault/rabbitmq/secret_backend_role.py +54 -47
- pulumi_vault/raft_autopilot.py +14 -9
- pulumi_vault/raft_snapshot_agent_config.py +129 -224
- pulumi_vault/rgp_policy.py +14 -9
- pulumi_vault/saml/auth_backend.py +22 -17
- pulumi_vault/saml/auth_backend_role.py +92 -197
- pulumi_vault/secrets/__init__.py +3 -0
- pulumi_vault/secrets/_inputs.py +110 -0
- pulumi_vault/secrets/outputs.py +94 -0
- pulumi_vault/secrets/sync_association.py +56 -71
- pulumi_vault/secrets/sync_aws_destination.py +242 -27
- pulumi_vault/secrets/sync_azure_destination.py +92 -31
- pulumi_vault/secrets/sync_config.py +9 -4
- pulumi_vault/secrets/sync_gcp_destination.py +158 -25
- pulumi_vault/secrets/sync_gh_destination.py +189 -13
- pulumi_vault/secrets/sync_github_apps.py +375 -0
- pulumi_vault/secrets/sync_vercel_destination.py +74 -13
- pulumi_vault/ssh/_inputs.py +28 -28
- pulumi_vault/ssh/outputs.py +11 -28
- pulumi_vault/ssh/secret_backend_ca.py +108 -9
- pulumi_vault/ssh/secret_backend_role.py +85 -118
- pulumi_vault/terraformcloud/secret_backend.py +7 -54
- pulumi_vault/terraformcloud/secret_creds.py +14 -20
- pulumi_vault/terraformcloud/secret_role.py +16 -74
- pulumi_vault/token.py +28 -23
- pulumi_vault/tokenauth/auth_backend_role.py +78 -199
- pulumi_vault/transform/alphabet.py +16 -9
- pulumi_vault/transform/get_decode.py +45 -17
- pulumi_vault/transform/get_encode.py +45 -17
- pulumi_vault/transform/role.py +16 -9
- pulumi_vault/transform/template.py +30 -21
- pulumi_vault/transform/transformation.py +12 -7
- pulumi_vault/transit/get_decrypt.py +26 -21
- pulumi_vault/transit/get_encrypt.py +24 -19
- pulumi_vault/transit/secret_backend_key.py +27 -93
- pulumi_vault/transit/secret_cache_config.py +12 -7
- {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/METADATA +8 -7
- pulumi_vault-6.5.0a1736836139.dist-info/RECORD +256 -0
- {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/WHEEL +1 -1
- pulumi_vault-5.21.0a1709368526.dist-info/RECORD +0 -244
- {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/top_level.txt +0 -0
pulumi_vault/azure/_inputs.py
CHANGED
@@ -4,16 +4,32 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
|
12
17
|
__all__ = [
|
13
18
|
'BackendRoleAzureGroupArgs',
|
19
|
+
'BackendRoleAzureGroupArgsDict',
|
14
20
|
'BackendRoleAzureRoleArgs',
|
21
|
+
'BackendRoleAzureRoleArgsDict',
|
15
22
|
]
|
16
23
|
|
24
|
+
MYPY = False
|
25
|
+
|
26
|
+
if not MYPY:
|
27
|
+
class BackendRoleAzureGroupArgsDict(TypedDict):
|
28
|
+
group_name: pulumi.Input[str]
|
29
|
+
object_id: NotRequired[pulumi.Input[str]]
|
30
|
+
elif False:
|
31
|
+
BackendRoleAzureGroupArgsDict: TypeAlias = Mapping[str, Any]
|
32
|
+
|
17
33
|
@pulumi.input_type
|
18
34
|
class BackendRoleAzureGroupArgs:
|
19
35
|
def __init__(__self__, *,
|
@@ -42,6 +58,14 @@ class BackendRoleAzureGroupArgs:
|
|
42
58
|
pulumi.set(self, "object_id", value)
|
43
59
|
|
44
60
|
|
61
|
+
if not MYPY:
|
62
|
+
class BackendRoleAzureRoleArgsDict(TypedDict):
|
63
|
+
scope: pulumi.Input[str]
|
64
|
+
role_id: NotRequired[pulumi.Input[str]]
|
65
|
+
role_name: NotRequired[pulumi.Input[str]]
|
66
|
+
elif False:
|
67
|
+
BackendRoleAzureRoleArgsDict: TypeAlias = Mapping[str, Any]
|
68
|
+
|
45
69
|
@pulumi.input_type
|
46
70
|
class BackendRoleAzureRoleArgs:
|
47
71
|
def __init__(__self__, *,
|
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
|
12
17
|
__all__ = ['AuthBackendConfigArgs', 'AuthBackendConfig']
|
@@ -20,6 +25,8 @@ class AuthBackendConfigArgs:
|
|
20
25
|
client_id: Optional[pulumi.Input[str]] = None,
|
21
26
|
client_secret: Optional[pulumi.Input[str]] = None,
|
22
27
|
environment: Optional[pulumi.Input[str]] = None,
|
28
|
+
identity_token_audience: Optional[pulumi.Input[str]] = None,
|
29
|
+
identity_token_ttl: Optional[pulumi.Input[int]] = None,
|
23
30
|
namespace: Optional[pulumi.Input[str]] = None):
|
24
31
|
"""
|
25
32
|
The set of arguments for constructing a AuthBackendConfig resource.
|
@@ -36,9 +43,12 @@ class AuthBackendConfigArgs:
|
|
36
43
|
:param pulumi.Input[str] environment: The Azure cloud environment. Valid values:
|
37
44
|
AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud,
|
38
45
|
AzureGermanCloud. Defaults to `AzurePublicCloud`.
|
46
|
+
:param pulumi.Input[str] identity_token_audience: The audience claim value for plugin identity tokens. Requires Vault 1.17+.
|
47
|
+
*Available only for Vault Enterprise*
|
48
|
+
:param pulumi.Input[int] identity_token_ttl: The TTL of generated identity tokens in seconds.
|
39
49
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
40
50
|
The value should not contain leading or trailing forward slashes.
|
41
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
51
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
42
52
|
*Available only for Vault Enterprise*.
|
43
53
|
"""
|
44
54
|
pulumi.set(__self__, "resource", resource)
|
@@ -51,6 +61,10 @@ class AuthBackendConfigArgs:
|
|
51
61
|
pulumi.set(__self__, "client_secret", client_secret)
|
52
62
|
if environment is not None:
|
53
63
|
pulumi.set(__self__, "environment", environment)
|
64
|
+
if identity_token_audience is not None:
|
65
|
+
pulumi.set(__self__, "identity_token_audience", identity_token_audience)
|
66
|
+
if identity_token_ttl is not None:
|
67
|
+
pulumi.set(__self__, "identity_token_ttl", identity_token_ttl)
|
54
68
|
if namespace is not None:
|
55
69
|
pulumi.set(__self__, "namespace", namespace)
|
56
70
|
|
@@ -133,13 +147,38 @@ class AuthBackendConfigArgs:
|
|
133
147
|
def environment(self, value: Optional[pulumi.Input[str]]):
|
134
148
|
pulumi.set(self, "environment", value)
|
135
149
|
|
150
|
+
@property
|
151
|
+
@pulumi.getter(name="identityTokenAudience")
|
152
|
+
def identity_token_audience(self) -> Optional[pulumi.Input[str]]:
|
153
|
+
"""
|
154
|
+
The audience claim value for plugin identity tokens. Requires Vault 1.17+.
|
155
|
+
*Available only for Vault Enterprise*
|
156
|
+
"""
|
157
|
+
return pulumi.get(self, "identity_token_audience")
|
158
|
+
|
159
|
+
@identity_token_audience.setter
|
160
|
+
def identity_token_audience(self, value: Optional[pulumi.Input[str]]):
|
161
|
+
pulumi.set(self, "identity_token_audience", value)
|
162
|
+
|
163
|
+
@property
|
164
|
+
@pulumi.getter(name="identityTokenTtl")
|
165
|
+
def identity_token_ttl(self) -> Optional[pulumi.Input[int]]:
|
166
|
+
"""
|
167
|
+
The TTL of generated identity tokens in seconds.
|
168
|
+
"""
|
169
|
+
return pulumi.get(self, "identity_token_ttl")
|
170
|
+
|
171
|
+
@identity_token_ttl.setter
|
172
|
+
def identity_token_ttl(self, value: Optional[pulumi.Input[int]]):
|
173
|
+
pulumi.set(self, "identity_token_ttl", value)
|
174
|
+
|
136
175
|
@property
|
137
176
|
@pulumi.getter
|
138
177
|
def namespace(self) -> Optional[pulumi.Input[str]]:
|
139
178
|
"""
|
140
179
|
The namespace to provision the resource in.
|
141
180
|
The value should not contain leading or trailing forward slashes.
|
142
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
181
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
143
182
|
*Available only for Vault Enterprise*.
|
144
183
|
"""
|
145
184
|
return pulumi.get(self, "namespace")
|
@@ -156,6 +195,8 @@ class _AuthBackendConfigState:
|
|
156
195
|
client_id: Optional[pulumi.Input[str]] = None,
|
157
196
|
client_secret: Optional[pulumi.Input[str]] = None,
|
158
197
|
environment: Optional[pulumi.Input[str]] = None,
|
198
|
+
identity_token_audience: Optional[pulumi.Input[str]] = None,
|
199
|
+
identity_token_ttl: Optional[pulumi.Input[int]] = None,
|
159
200
|
namespace: Optional[pulumi.Input[str]] = None,
|
160
201
|
resource: Optional[pulumi.Input[str]] = None,
|
161
202
|
tenant_id: Optional[pulumi.Input[str]] = None):
|
@@ -170,9 +211,12 @@ class _AuthBackendConfigState:
|
|
170
211
|
:param pulumi.Input[str] environment: The Azure cloud environment. Valid values:
|
171
212
|
AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud,
|
172
213
|
AzureGermanCloud. Defaults to `AzurePublicCloud`.
|
214
|
+
:param pulumi.Input[str] identity_token_audience: The audience claim value for plugin identity tokens. Requires Vault 1.17+.
|
215
|
+
*Available only for Vault Enterprise*
|
216
|
+
:param pulumi.Input[int] identity_token_ttl: The TTL of generated identity tokens in seconds.
|
173
217
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
174
218
|
The value should not contain leading or trailing forward slashes.
|
175
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
219
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
176
220
|
*Available only for Vault Enterprise*.
|
177
221
|
:param pulumi.Input[str] resource: The configured URL for the application registered in
|
178
222
|
Azure Active Directory.
|
@@ -187,6 +231,10 @@ class _AuthBackendConfigState:
|
|
187
231
|
pulumi.set(__self__, "client_secret", client_secret)
|
188
232
|
if environment is not None:
|
189
233
|
pulumi.set(__self__, "environment", environment)
|
234
|
+
if identity_token_audience is not None:
|
235
|
+
pulumi.set(__self__, "identity_token_audience", identity_token_audience)
|
236
|
+
if identity_token_ttl is not None:
|
237
|
+
pulumi.set(__self__, "identity_token_ttl", identity_token_ttl)
|
190
238
|
if namespace is not None:
|
191
239
|
pulumi.set(__self__, "namespace", namespace)
|
192
240
|
if resource is not None:
|
@@ -247,13 +295,38 @@ class _AuthBackendConfigState:
|
|
247
295
|
def environment(self, value: Optional[pulumi.Input[str]]):
|
248
296
|
pulumi.set(self, "environment", value)
|
249
297
|
|
298
|
+
@property
|
299
|
+
@pulumi.getter(name="identityTokenAudience")
|
300
|
+
def identity_token_audience(self) -> Optional[pulumi.Input[str]]:
|
301
|
+
"""
|
302
|
+
The audience claim value for plugin identity tokens. Requires Vault 1.17+.
|
303
|
+
*Available only for Vault Enterprise*
|
304
|
+
"""
|
305
|
+
return pulumi.get(self, "identity_token_audience")
|
306
|
+
|
307
|
+
@identity_token_audience.setter
|
308
|
+
def identity_token_audience(self, value: Optional[pulumi.Input[str]]):
|
309
|
+
pulumi.set(self, "identity_token_audience", value)
|
310
|
+
|
311
|
+
@property
|
312
|
+
@pulumi.getter(name="identityTokenTtl")
|
313
|
+
def identity_token_ttl(self) -> Optional[pulumi.Input[int]]:
|
314
|
+
"""
|
315
|
+
The TTL of generated identity tokens in seconds.
|
316
|
+
"""
|
317
|
+
return pulumi.get(self, "identity_token_ttl")
|
318
|
+
|
319
|
+
@identity_token_ttl.setter
|
320
|
+
def identity_token_ttl(self, value: Optional[pulumi.Input[int]]):
|
321
|
+
pulumi.set(self, "identity_token_ttl", value)
|
322
|
+
|
250
323
|
@property
|
251
324
|
@pulumi.getter
|
252
325
|
def namespace(self) -> Optional[pulumi.Input[str]]:
|
253
326
|
"""
|
254
327
|
The namespace to provision the resource in.
|
255
328
|
The value should not contain leading or trailing forward slashes.
|
256
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
329
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
257
330
|
*Available only for Vault Enterprise*.
|
258
331
|
"""
|
259
332
|
return pulumi.get(self, "namespace")
|
@@ -298,6 +371,8 @@ class AuthBackendConfig(pulumi.CustomResource):
|
|
298
371
|
client_id: Optional[pulumi.Input[str]] = None,
|
299
372
|
client_secret: Optional[pulumi.Input[str]] = None,
|
300
373
|
environment: Optional[pulumi.Input[str]] = None,
|
374
|
+
identity_token_audience: Optional[pulumi.Input[str]] = None,
|
375
|
+
identity_token_ttl: Optional[pulumi.Input[int]] = None,
|
301
376
|
namespace: Optional[pulumi.Input[str]] = None,
|
302
377
|
resource: Optional[pulumi.Input[str]] = None,
|
303
378
|
tenant_id: Optional[pulumi.Input[str]] = None,
|
@@ -305,13 +380,29 @@ class AuthBackendConfig(pulumi.CustomResource):
|
|
305
380
|
"""
|
306
381
|
## Example Usage
|
307
382
|
|
383
|
+
You can setup the Azure auth engine with Workload Identity Federation (WIF) for a secret-less configuration:
|
384
|
+
```python
|
385
|
+
import pulumi
|
386
|
+
import pulumi_vault as vault
|
387
|
+
|
388
|
+
example = vault.AuthBackend("example",
|
389
|
+
type="azure",
|
390
|
+
identity_token_key="example-key")
|
391
|
+
example_auth_backend_config = vault.azure.AuthBackendConfig("example",
|
392
|
+
backend=example.path,
|
393
|
+
tenant_id="11111111-2222-3333-4444-555555555555",
|
394
|
+
client_id="11111111-2222-3333-4444-555555555555",
|
395
|
+
identity_token_audience="<TOKEN_AUDIENCE>",
|
396
|
+
identity_token_ttl="<TOKEN_TTL>")
|
397
|
+
```
|
398
|
+
|
308
399
|
```python
|
309
400
|
import pulumi
|
310
401
|
import pulumi_vault as vault
|
311
402
|
|
312
|
-
|
313
|
-
example_auth_backend_config = vault.azure.AuthBackendConfig("
|
314
|
-
backend=
|
403
|
+
example = vault.AuthBackend("example", type="azure")
|
404
|
+
example_auth_backend_config = vault.azure.AuthBackendConfig("example",
|
405
|
+
backend=example.path,
|
315
406
|
tenant_id="11111111-2222-3333-4444-555555555555",
|
316
407
|
client_id="11111111-2222-3333-4444-555555555555",
|
317
408
|
client_secret="01234567890123456789",
|
@@ -323,7 +414,7 @@ class AuthBackendConfig(pulumi.CustomResource):
|
|
323
414
|
Azure auth backends can be imported using `auth/`, the `backend` path, and `/config` e.g.
|
324
415
|
|
325
416
|
```sh
|
326
|
-
|
417
|
+
$ pulumi import vault:azure/authBackendConfig:AuthBackendConfig example auth/azure/config
|
327
418
|
```
|
328
419
|
|
329
420
|
:param str resource_name: The name of the resource.
|
@@ -337,9 +428,12 @@ class AuthBackendConfig(pulumi.CustomResource):
|
|
337
428
|
:param pulumi.Input[str] environment: The Azure cloud environment. Valid values:
|
338
429
|
AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud,
|
339
430
|
AzureGermanCloud. Defaults to `AzurePublicCloud`.
|
431
|
+
:param pulumi.Input[str] identity_token_audience: The audience claim value for plugin identity tokens. Requires Vault 1.17+.
|
432
|
+
*Available only for Vault Enterprise*
|
433
|
+
:param pulumi.Input[int] identity_token_ttl: The TTL of generated identity tokens in seconds.
|
340
434
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
341
435
|
The value should not contain leading or trailing forward slashes.
|
342
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
436
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
343
437
|
*Available only for Vault Enterprise*.
|
344
438
|
:param pulumi.Input[str] resource: The configured URL for the application registered in
|
345
439
|
Azure Active Directory.
|
@@ -355,13 +449,29 @@ class AuthBackendConfig(pulumi.CustomResource):
|
|
355
449
|
"""
|
356
450
|
## Example Usage
|
357
451
|
|
452
|
+
You can setup the Azure auth engine with Workload Identity Federation (WIF) for a secret-less configuration:
|
453
|
+
```python
|
454
|
+
import pulumi
|
455
|
+
import pulumi_vault as vault
|
456
|
+
|
457
|
+
example = vault.AuthBackend("example",
|
458
|
+
type="azure",
|
459
|
+
identity_token_key="example-key")
|
460
|
+
example_auth_backend_config = vault.azure.AuthBackendConfig("example",
|
461
|
+
backend=example.path,
|
462
|
+
tenant_id="11111111-2222-3333-4444-555555555555",
|
463
|
+
client_id="11111111-2222-3333-4444-555555555555",
|
464
|
+
identity_token_audience="<TOKEN_AUDIENCE>",
|
465
|
+
identity_token_ttl="<TOKEN_TTL>")
|
466
|
+
```
|
467
|
+
|
358
468
|
```python
|
359
469
|
import pulumi
|
360
470
|
import pulumi_vault as vault
|
361
471
|
|
362
|
-
|
363
|
-
example_auth_backend_config = vault.azure.AuthBackendConfig("
|
364
|
-
backend=
|
472
|
+
example = vault.AuthBackend("example", type="azure")
|
473
|
+
example_auth_backend_config = vault.azure.AuthBackendConfig("example",
|
474
|
+
backend=example.path,
|
365
475
|
tenant_id="11111111-2222-3333-4444-555555555555",
|
366
476
|
client_id="11111111-2222-3333-4444-555555555555",
|
367
477
|
client_secret="01234567890123456789",
|
@@ -373,7 +483,7 @@ class AuthBackendConfig(pulumi.CustomResource):
|
|
373
483
|
Azure auth backends can be imported using `auth/`, the `backend` path, and `/config` e.g.
|
374
484
|
|
375
485
|
```sh
|
376
|
-
|
486
|
+
$ pulumi import vault:azure/authBackendConfig:AuthBackendConfig example auth/azure/config
|
377
487
|
```
|
378
488
|
|
379
489
|
:param str resource_name: The name of the resource.
|
@@ -395,6 +505,8 @@ class AuthBackendConfig(pulumi.CustomResource):
|
|
395
505
|
client_id: Optional[pulumi.Input[str]] = None,
|
396
506
|
client_secret: Optional[pulumi.Input[str]] = None,
|
397
507
|
environment: Optional[pulumi.Input[str]] = None,
|
508
|
+
identity_token_audience: Optional[pulumi.Input[str]] = None,
|
509
|
+
identity_token_ttl: Optional[pulumi.Input[int]] = None,
|
398
510
|
namespace: Optional[pulumi.Input[str]] = None,
|
399
511
|
resource: Optional[pulumi.Input[str]] = None,
|
400
512
|
tenant_id: Optional[pulumi.Input[str]] = None,
|
@@ -411,6 +523,8 @@ class AuthBackendConfig(pulumi.CustomResource):
|
|
411
523
|
__props__.__dict__["client_id"] = None if client_id is None else pulumi.Output.secret(client_id)
|
412
524
|
__props__.__dict__["client_secret"] = None if client_secret is None else pulumi.Output.secret(client_secret)
|
413
525
|
__props__.__dict__["environment"] = environment
|
526
|
+
__props__.__dict__["identity_token_audience"] = identity_token_audience
|
527
|
+
__props__.__dict__["identity_token_ttl"] = identity_token_ttl
|
414
528
|
__props__.__dict__["namespace"] = namespace
|
415
529
|
if resource is None and not opts.urn:
|
416
530
|
raise TypeError("Missing required property 'resource'")
|
@@ -434,6 +548,8 @@ class AuthBackendConfig(pulumi.CustomResource):
|
|
434
548
|
client_id: Optional[pulumi.Input[str]] = None,
|
435
549
|
client_secret: Optional[pulumi.Input[str]] = None,
|
436
550
|
environment: Optional[pulumi.Input[str]] = None,
|
551
|
+
identity_token_audience: Optional[pulumi.Input[str]] = None,
|
552
|
+
identity_token_ttl: Optional[pulumi.Input[int]] = None,
|
437
553
|
namespace: Optional[pulumi.Input[str]] = None,
|
438
554
|
resource: Optional[pulumi.Input[str]] = None,
|
439
555
|
tenant_id: Optional[pulumi.Input[str]] = None) -> 'AuthBackendConfig':
|
@@ -453,9 +569,12 @@ class AuthBackendConfig(pulumi.CustomResource):
|
|
453
569
|
:param pulumi.Input[str] environment: The Azure cloud environment. Valid values:
|
454
570
|
AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud,
|
455
571
|
AzureGermanCloud. Defaults to `AzurePublicCloud`.
|
572
|
+
:param pulumi.Input[str] identity_token_audience: The audience claim value for plugin identity tokens. Requires Vault 1.17+.
|
573
|
+
*Available only for Vault Enterprise*
|
574
|
+
:param pulumi.Input[int] identity_token_ttl: The TTL of generated identity tokens in seconds.
|
456
575
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
457
576
|
The value should not contain leading or trailing forward slashes.
|
458
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
577
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
459
578
|
*Available only for Vault Enterprise*.
|
460
579
|
:param pulumi.Input[str] resource: The configured URL for the application registered in
|
461
580
|
Azure Active Directory.
|
@@ -470,6 +589,8 @@ class AuthBackendConfig(pulumi.CustomResource):
|
|
470
589
|
__props__.__dict__["client_id"] = client_id
|
471
590
|
__props__.__dict__["client_secret"] = client_secret
|
472
591
|
__props__.__dict__["environment"] = environment
|
592
|
+
__props__.__dict__["identity_token_audience"] = identity_token_audience
|
593
|
+
__props__.__dict__["identity_token_ttl"] = identity_token_ttl
|
473
594
|
__props__.__dict__["namespace"] = namespace
|
474
595
|
__props__.__dict__["resource"] = resource
|
475
596
|
__props__.__dict__["tenant_id"] = tenant_id
|
@@ -512,13 +633,30 @@ class AuthBackendConfig(pulumi.CustomResource):
|
|
512
633
|
"""
|
513
634
|
return pulumi.get(self, "environment")
|
514
635
|
|
636
|
+
@property
|
637
|
+
@pulumi.getter(name="identityTokenAudience")
|
638
|
+
def identity_token_audience(self) -> pulumi.Output[Optional[str]]:
|
639
|
+
"""
|
640
|
+
The audience claim value for plugin identity tokens. Requires Vault 1.17+.
|
641
|
+
*Available only for Vault Enterprise*
|
642
|
+
"""
|
643
|
+
return pulumi.get(self, "identity_token_audience")
|
644
|
+
|
645
|
+
@property
|
646
|
+
@pulumi.getter(name="identityTokenTtl")
|
647
|
+
def identity_token_ttl(self) -> pulumi.Output[int]:
|
648
|
+
"""
|
649
|
+
The TTL of generated identity tokens in seconds.
|
650
|
+
"""
|
651
|
+
return pulumi.get(self, "identity_token_ttl")
|
652
|
+
|
515
653
|
@property
|
516
654
|
@pulumi.getter
|
517
655
|
def namespace(self) -> pulumi.Output[Optional[str]]:
|
518
656
|
"""
|
519
657
|
The namespace to provision the resource in.
|
520
658
|
The value should not contain leading or trailing forward slashes.
|
521
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
659
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
522
660
|
*Available only for Vault Enterprise*.
|
523
661
|
"""
|
524
662
|
return pulumi.get(self, "namespace")
|