pulumi-vault 5.21.0a1709368526__py3-none-any.whl → 6.5.0a1736836139__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +52 -0
- pulumi_vault/_inputs.py +560 -0
- pulumi_vault/_utilities.py +41 -5
- pulumi_vault/ad/get_access_credentials.py +26 -9
- pulumi_vault/ad/secret_backend.py +16 -142
- pulumi_vault/ad/secret_library.py +16 -9
- pulumi_vault/ad/secret_role.py +14 -9
- pulumi_vault/alicloud/auth_backend_role.py +76 -190
- pulumi_vault/approle/auth_backend_login.py +12 -7
- pulumi_vault/approle/auth_backend_role.py +77 -191
- pulumi_vault/approle/auth_backend_role_secret_id.py +106 -7
- pulumi_vault/approle/get_auth_backend_role_id.py +18 -5
- pulumi_vault/audit.py +30 -21
- pulumi_vault/audit_request_header.py +11 -2
- pulumi_vault/auth_backend.py +66 -14
- pulumi_vault/aws/auth_backend_cert.py +18 -9
- pulumi_vault/aws/auth_backend_client.py +267 -22
- pulumi_vault/aws/auth_backend_config_identity.py +14 -9
- pulumi_vault/aws/auth_backend_identity_whitelist.py +20 -15
- pulumi_vault/aws/auth_backend_login.py +19 -22
- pulumi_vault/aws/auth_backend_role.py +77 -191
- pulumi_vault/aws/auth_backend_role_tag.py +12 -7
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -13
- pulumi_vault/aws/auth_backend_sts_role.py +14 -9
- pulumi_vault/aws/get_access_credentials.py +38 -9
- pulumi_vault/aws/get_static_access_credentials.py +19 -5
- pulumi_vault/aws/secret_backend.py +77 -9
- pulumi_vault/aws/secret_backend_role.py +185 -9
- pulumi_vault/aws/secret_backend_static_role.py +20 -11
- pulumi_vault/azure/_inputs.py +24 -0
- pulumi_vault/azure/auth_backend_config.py +153 -15
- pulumi_vault/azure/auth_backend_role.py +77 -191
- pulumi_vault/azure/backend.py +227 -21
- pulumi_vault/azure/backend_role.py +42 -37
- pulumi_vault/azure/get_access_credentials.py +41 -7
- pulumi_vault/azure/outputs.py +5 -0
- pulumi_vault/cert_auth_backend_role.py +87 -267
- pulumi_vault/config/__init__.pyi +5 -0
- pulumi_vault/config/_inputs.py +73 -0
- pulumi_vault/config/outputs.py +35 -0
- pulumi_vault/config/ui_custom_message.py +529 -0
- pulumi_vault/config/vars.py +5 -0
- pulumi_vault/consul/secret_backend.py +28 -19
- pulumi_vault/consul/secret_backend_role.py +18 -78
- pulumi_vault/database/_inputs.py +2770 -881
- pulumi_vault/database/outputs.py +721 -838
- pulumi_vault/database/secret_backend_connection.py +119 -112
- pulumi_vault/database/secret_backend_role.py +31 -22
- pulumi_vault/database/secret_backend_static_role.py +87 -13
- pulumi_vault/database/secrets_mount.py +427 -136
- pulumi_vault/egp_policy.py +16 -11
- pulumi_vault/gcp/_inputs.py +111 -0
- pulumi_vault/gcp/auth_backend.py +250 -33
- pulumi_vault/gcp/auth_backend_role.py +77 -269
- pulumi_vault/gcp/get_auth_backend_role.py +43 -5
- pulumi_vault/gcp/outputs.py +5 -0
- pulumi_vault/gcp/secret_backend.py +287 -12
- pulumi_vault/gcp/secret_impersonated_account.py +76 -15
- pulumi_vault/gcp/secret_roleset.py +31 -24
- pulumi_vault/gcp/secret_static_account.py +39 -32
- pulumi_vault/generic/endpoint.py +24 -17
- pulumi_vault/generic/get_secret.py +64 -8
- pulumi_vault/generic/secret.py +21 -16
- pulumi_vault/get_auth_backend.py +24 -7
- pulumi_vault/get_auth_backends.py +51 -9
- pulumi_vault/get_namespace.py +226 -0
- pulumi_vault/get_namespaces.py +153 -0
- pulumi_vault/get_nomad_access_token.py +31 -11
- pulumi_vault/get_policy_document.py +34 -19
- pulumi_vault/get_raft_autopilot_state.py +29 -10
- pulumi_vault/github/_inputs.py +55 -0
- pulumi_vault/github/auth_backend.py +19 -14
- pulumi_vault/github/outputs.py +5 -0
- pulumi_vault/github/team.py +16 -11
- pulumi_vault/github/user.py +16 -11
- pulumi_vault/identity/entity.py +20 -13
- pulumi_vault/identity/entity_alias.py +20 -13
- pulumi_vault/identity/entity_policies.py +28 -11
- pulumi_vault/identity/get_entity.py +42 -10
- pulumi_vault/identity/get_group.py +47 -9
- pulumi_vault/identity/get_oidc_client_creds.py +21 -7
- pulumi_vault/identity/get_oidc_openid_config.py +39 -9
- pulumi_vault/identity/get_oidc_public_keys.py +29 -10
- pulumi_vault/identity/group.py +58 -39
- pulumi_vault/identity/group_alias.py +16 -9
- pulumi_vault/identity/group_member_entity_ids.py +28 -66
- pulumi_vault/identity/group_member_group_ids.py +40 -19
- pulumi_vault/identity/group_policies.py +20 -7
- pulumi_vault/identity/mfa_duo.py +11 -6
- pulumi_vault/identity/mfa_login_enforcement.py +15 -6
- pulumi_vault/identity/mfa_okta.py +11 -6
- pulumi_vault/identity/mfa_pingid.py +7 -2
- pulumi_vault/identity/mfa_totp.py +7 -2
- pulumi_vault/identity/oidc.py +12 -7
- pulumi_vault/identity/oidc_assignment.py +24 -11
- pulumi_vault/identity/oidc_client.py +36 -23
- pulumi_vault/identity/oidc_key.py +30 -17
- pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -15
- pulumi_vault/identity/oidc_provider.py +36 -21
- pulumi_vault/identity/oidc_role.py +42 -21
- pulumi_vault/identity/oidc_scope.py +20 -13
- pulumi_vault/identity/outputs.py +8 -3
- pulumi_vault/jwt/_inputs.py +55 -0
- pulumi_vault/jwt/auth_backend.py +45 -40
- pulumi_vault/jwt/auth_backend_role.py +133 -254
- pulumi_vault/jwt/outputs.py +5 -0
- pulumi_vault/kmip/secret_backend.py +24 -19
- pulumi_vault/kmip/secret_role.py +14 -9
- pulumi_vault/kmip/secret_scope.py +14 -9
- pulumi_vault/kubernetes/auth_backend_config.py +57 -5
- pulumi_vault/kubernetes/auth_backend_role.py +70 -177
- pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
- pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
- pulumi_vault/kubernetes/get_service_account_token.py +39 -11
- pulumi_vault/kubernetes/secret_backend.py +316 -27
- pulumi_vault/kubernetes/secret_backend_role.py +137 -46
- pulumi_vault/kv/_inputs.py +36 -4
- pulumi_vault/kv/get_secret.py +25 -8
- pulumi_vault/kv/get_secret_subkeys_v2.py +33 -10
- pulumi_vault/kv/get_secret_v2.py +85 -9
- pulumi_vault/kv/get_secrets_list.py +24 -11
- pulumi_vault/kv/get_secrets_list_v2.py +37 -15
- pulumi_vault/kv/outputs.py +8 -3
- pulumi_vault/kv/secret.py +23 -16
- pulumi_vault/kv/secret_backend_v2.py +20 -11
- pulumi_vault/kv/secret_v2.py +59 -50
- pulumi_vault/ldap/auth_backend.py +127 -166
- pulumi_vault/ldap/auth_backend_group.py +14 -9
- pulumi_vault/ldap/auth_backend_user.py +14 -9
- pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
- pulumi_vault/ldap/get_static_credentials.py +24 -5
- pulumi_vault/ldap/secret_backend.py +354 -82
- pulumi_vault/ldap/secret_backend_dynamic_role.py +18 -11
- pulumi_vault/ldap/secret_backend_library_set.py +16 -9
- pulumi_vault/ldap/secret_backend_static_role.py +73 -12
- pulumi_vault/managed/_inputs.py +289 -132
- pulumi_vault/managed/keys.py +29 -57
- pulumi_vault/managed/outputs.py +89 -132
- pulumi_vault/mfa_duo.py +18 -11
- pulumi_vault/mfa_okta.py +18 -11
- pulumi_vault/mfa_pingid.py +18 -11
- pulumi_vault/mfa_totp.py +24 -17
- pulumi_vault/mongodbatlas/secret_backend.py +20 -15
- pulumi_vault/mongodbatlas/secret_role.py +47 -38
- pulumi_vault/mount.py +391 -51
- pulumi_vault/namespace.py +68 -83
- pulumi_vault/nomad_secret_backend.py +18 -13
- pulumi_vault/nomad_secret_role.py +14 -9
- pulumi_vault/okta/_inputs.py +47 -8
- pulumi_vault/okta/auth_backend.py +485 -39
- pulumi_vault/okta/auth_backend_group.py +14 -9
- pulumi_vault/okta/auth_backend_user.py +14 -9
- pulumi_vault/okta/outputs.py +13 -8
- pulumi_vault/outputs.py +5 -0
- pulumi_vault/password_policy.py +20 -13
- pulumi_vault/pkisecret/__init__.py +3 -0
- pulumi_vault/pkisecret/_inputs.py +81 -0
- pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
- pulumi_vault/pkisecret/backend_config_est.py +619 -0
- pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
- pulumi_vault/pkisecret/get_backend_issuer.py +67 -9
- pulumi_vault/pkisecret/get_backend_issuers.py +21 -8
- pulumi_vault/pkisecret/get_backend_key.py +24 -9
- pulumi_vault/pkisecret/get_backend_keys.py +21 -8
- pulumi_vault/pkisecret/outputs.py +69 -0
- pulumi_vault/pkisecret/secret_backend_cert.py +18 -11
- pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -11
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +14 -9
- pulumi_vault/pkisecret/secret_backend_config_urls.py +67 -11
- pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -9
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -11
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -17
- pulumi_vault/pkisecret/secret_backend_issuer.py +14 -9
- pulumi_vault/pkisecret/secret_backend_key.py +14 -9
- pulumi_vault/pkisecret/secret_backend_role.py +21 -14
- pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -48
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -56
- pulumi_vault/pkisecret/secret_backend_sign.py +18 -54
- pulumi_vault/plugin.py +595 -0
- pulumi_vault/plugin_pinned_version.py +298 -0
- pulumi_vault/policy.py +14 -9
- pulumi_vault/provider.py +48 -53
- pulumi_vault/pulumi-plugin.json +2 -1
- pulumi_vault/quota_lease_count.py +60 -6
- pulumi_vault/quota_rate_limit.py +56 -2
- pulumi_vault/rabbitmq/_inputs.py +61 -0
- pulumi_vault/rabbitmq/outputs.py +5 -0
- pulumi_vault/rabbitmq/secret_backend.py +18 -13
- pulumi_vault/rabbitmq/secret_backend_role.py +54 -47
- pulumi_vault/raft_autopilot.py +14 -9
- pulumi_vault/raft_snapshot_agent_config.py +129 -224
- pulumi_vault/rgp_policy.py +14 -9
- pulumi_vault/saml/auth_backend.py +22 -17
- pulumi_vault/saml/auth_backend_role.py +92 -197
- pulumi_vault/secrets/__init__.py +3 -0
- pulumi_vault/secrets/_inputs.py +110 -0
- pulumi_vault/secrets/outputs.py +94 -0
- pulumi_vault/secrets/sync_association.py +56 -71
- pulumi_vault/secrets/sync_aws_destination.py +242 -27
- pulumi_vault/secrets/sync_azure_destination.py +92 -31
- pulumi_vault/secrets/sync_config.py +9 -4
- pulumi_vault/secrets/sync_gcp_destination.py +158 -25
- pulumi_vault/secrets/sync_gh_destination.py +189 -13
- pulumi_vault/secrets/sync_github_apps.py +375 -0
- pulumi_vault/secrets/sync_vercel_destination.py +74 -13
- pulumi_vault/ssh/_inputs.py +28 -28
- pulumi_vault/ssh/outputs.py +11 -28
- pulumi_vault/ssh/secret_backend_ca.py +108 -9
- pulumi_vault/ssh/secret_backend_role.py +85 -118
- pulumi_vault/terraformcloud/secret_backend.py +7 -54
- pulumi_vault/terraformcloud/secret_creds.py +14 -20
- pulumi_vault/terraformcloud/secret_role.py +16 -74
- pulumi_vault/token.py +28 -23
- pulumi_vault/tokenauth/auth_backend_role.py +78 -199
- pulumi_vault/transform/alphabet.py +16 -9
- pulumi_vault/transform/get_decode.py +45 -17
- pulumi_vault/transform/get_encode.py +45 -17
- pulumi_vault/transform/role.py +16 -9
- pulumi_vault/transform/template.py +30 -21
- pulumi_vault/transform/transformation.py +12 -7
- pulumi_vault/transit/get_decrypt.py +26 -21
- pulumi_vault/transit/get_encrypt.py +24 -19
- pulumi_vault/transit/secret_backend_key.py +27 -93
- pulumi_vault/transit/secret_cache_config.py +12 -7
- {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/METADATA +8 -7
- pulumi_vault-6.5.0a1736836139.dist-info/RECORD +256 -0
- {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/WHEEL +1 -1
- pulumi_vault-5.21.0a1709368526.dist-info/RECORD +0 -244
- {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/top_level.txt +0 -0
pulumi_vault/azure/backend.py
CHANGED
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
|
12
17
|
__all__ = ['BackendArgs', 'Backend']
|
@@ -21,6 +26,9 @@ class BackendArgs:
|
|
21
26
|
description: Optional[pulumi.Input[str]] = None,
|
22
27
|
disable_remount: Optional[pulumi.Input[bool]] = None,
|
23
28
|
environment: Optional[pulumi.Input[str]] = None,
|
29
|
+
identity_token_audience: Optional[pulumi.Input[str]] = None,
|
30
|
+
identity_token_key: Optional[pulumi.Input[str]] = None,
|
31
|
+
identity_token_ttl: Optional[pulumi.Input[int]] = None,
|
24
32
|
namespace: Optional[pulumi.Input[str]] = None,
|
25
33
|
path: Optional[pulumi.Input[str]] = None,
|
26
34
|
use_microsoft_graph_api: Optional[pulumi.Input[bool]] = None):
|
@@ -34,9 +42,15 @@ class BackendArgs:
|
|
34
42
|
:param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
|
35
43
|
See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
|
36
44
|
:param pulumi.Input[str] environment: The Azure environment.
|
45
|
+
:param pulumi.Input[str] identity_token_audience: The audience claim value. Requires Vault 1.17+.
|
46
|
+
*Available only for Vault Enterprise*
|
47
|
+
:param pulumi.Input[str] identity_token_key: The key to use for signing identity tokens. Requires Vault 1.17+.
|
48
|
+
*Available only for Vault Enterprise*
|
49
|
+
:param pulumi.Input[int] identity_token_ttl: The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
|
50
|
+
*Available only for Vault Enterprise*
|
37
51
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
38
52
|
The value should not contain leading or trailing forward slashes.
|
39
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
53
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
40
54
|
*Available only for Vault Enterprise*.
|
41
55
|
:param pulumi.Input[str] path: The unique path this backend should be mounted at. Defaults to `azure`.
|
42
56
|
:param pulumi.Input[bool] use_microsoft_graph_api: Use the Microsoft Graph API. Should be set to true on vault-1.10+
|
@@ -53,10 +67,19 @@ class BackendArgs:
|
|
53
67
|
pulumi.set(__self__, "disable_remount", disable_remount)
|
54
68
|
if environment is not None:
|
55
69
|
pulumi.set(__self__, "environment", environment)
|
70
|
+
if identity_token_audience is not None:
|
71
|
+
pulumi.set(__self__, "identity_token_audience", identity_token_audience)
|
72
|
+
if identity_token_key is not None:
|
73
|
+
pulumi.set(__self__, "identity_token_key", identity_token_key)
|
74
|
+
if identity_token_ttl is not None:
|
75
|
+
pulumi.set(__self__, "identity_token_ttl", identity_token_ttl)
|
56
76
|
if namespace is not None:
|
57
77
|
pulumi.set(__self__, "namespace", namespace)
|
58
78
|
if path is not None:
|
59
79
|
pulumi.set(__self__, "path", path)
|
80
|
+
if use_microsoft_graph_api is not None:
|
81
|
+
warnings.warn("""This field is not supported in Vault-1.12+ and is the default behavior. This field will be removed in future version of the provider.""", DeprecationWarning)
|
82
|
+
pulumi.log.warn("""use_microsoft_graph_api is deprecated: This field is not supported in Vault-1.12+ and is the default behavior. This field will be removed in future version of the provider.""")
|
60
83
|
if use_microsoft_graph_api is not None:
|
61
84
|
pulumi.set(__self__, "use_microsoft_graph_api", use_microsoft_graph_api)
|
62
85
|
|
@@ -145,13 +168,52 @@ class BackendArgs:
|
|
145
168
|
def environment(self, value: Optional[pulumi.Input[str]]):
|
146
169
|
pulumi.set(self, "environment", value)
|
147
170
|
|
171
|
+
@property
|
172
|
+
@pulumi.getter(name="identityTokenAudience")
|
173
|
+
def identity_token_audience(self) -> Optional[pulumi.Input[str]]:
|
174
|
+
"""
|
175
|
+
The audience claim value. Requires Vault 1.17+.
|
176
|
+
*Available only for Vault Enterprise*
|
177
|
+
"""
|
178
|
+
return pulumi.get(self, "identity_token_audience")
|
179
|
+
|
180
|
+
@identity_token_audience.setter
|
181
|
+
def identity_token_audience(self, value: Optional[pulumi.Input[str]]):
|
182
|
+
pulumi.set(self, "identity_token_audience", value)
|
183
|
+
|
184
|
+
@property
|
185
|
+
@pulumi.getter(name="identityTokenKey")
|
186
|
+
def identity_token_key(self) -> Optional[pulumi.Input[str]]:
|
187
|
+
"""
|
188
|
+
The key to use for signing identity tokens. Requires Vault 1.17+.
|
189
|
+
*Available only for Vault Enterprise*
|
190
|
+
"""
|
191
|
+
return pulumi.get(self, "identity_token_key")
|
192
|
+
|
193
|
+
@identity_token_key.setter
|
194
|
+
def identity_token_key(self, value: Optional[pulumi.Input[str]]):
|
195
|
+
pulumi.set(self, "identity_token_key", value)
|
196
|
+
|
197
|
+
@property
|
198
|
+
@pulumi.getter(name="identityTokenTtl")
|
199
|
+
def identity_token_ttl(self) -> Optional[pulumi.Input[int]]:
|
200
|
+
"""
|
201
|
+
The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
|
202
|
+
*Available only for Vault Enterprise*
|
203
|
+
"""
|
204
|
+
return pulumi.get(self, "identity_token_ttl")
|
205
|
+
|
206
|
+
@identity_token_ttl.setter
|
207
|
+
def identity_token_ttl(self, value: Optional[pulumi.Input[int]]):
|
208
|
+
pulumi.set(self, "identity_token_ttl", value)
|
209
|
+
|
148
210
|
@property
|
149
211
|
@pulumi.getter
|
150
212
|
def namespace(self) -> Optional[pulumi.Input[str]]:
|
151
213
|
"""
|
152
214
|
The namespace to provision the resource in.
|
153
215
|
The value should not contain leading or trailing forward slashes.
|
154
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
216
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
155
217
|
*Available only for Vault Enterprise*.
|
156
218
|
"""
|
157
219
|
return pulumi.get(self, "namespace")
|
@@ -174,6 +236,7 @@ class BackendArgs:
|
|
174
236
|
|
175
237
|
@property
|
176
238
|
@pulumi.getter(name="useMicrosoftGraphApi")
|
239
|
+
@_utilities.deprecated("""This field is not supported in Vault-1.12+ and is the default behavior. This field will be removed in future version of the provider.""")
|
177
240
|
def use_microsoft_graph_api(self) -> Optional[pulumi.Input[bool]]:
|
178
241
|
"""
|
179
242
|
Use the Microsoft Graph API. Should be set to true on vault-1.10+
|
@@ -193,6 +256,9 @@ class _BackendState:
|
|
193
256
|
description: Optional[pulumi.Input[str]] = None,
|
194
257
|
disable_remount: Optional[pulumi.Input[bool]] = None,
|
195
258
|
environment: Optional[pulumi.Input[str]] = None,
|
259
|
+
identity_token_audience: Optional[pulumi.Input[str]] = None,
|
260
|
+
identity_token_key: Optional[pulumi.Input[str]] = None,
|
261
|
+
identity_token_ttl: Optional[pulumi.Input[int]] = None,
|
196
262
|
namespace: Optional[pulumi.Input[str]] = None,
|
197
263
|
path: Optional[pulumi.Input[str]] = None,
|
198
264
|
subscription_id: Optional[pulumi.Input[str]] = None,
|
@@ -206,9 +272,15 @@ class _BackendState:
|
|
206
272
|
:param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
|
207
273
|
See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
|
208
274
|
:param pulumi.Input[str] environment: The Azure environment.
|
275
|
+
:param pulumi.Input[str] identity_token_audience: The audience claim value. Requires Vault 1.17+.
|
276
|
+
*Available only for Vault Enterprise*
|
277
|
+
:param pulumi.Input[str] identity_token_key: The key to use for signing identity tokens. Requires Vault 1.17+.
|
278
|
+
*Available only for Vault Enterprise*
|
279
|
+
:param pulumi.Input[int] identity_token_ttl: The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
|
280
|
+
*Available only for Vault Enterprise*
|
209
281
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
210
282
|
The value should not contain leading or trailing forward slashes.
|
211
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
283
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
212
284
|
*Available only for Vault Enterprise*.
|
213
285
|
:param pulumi.Input[str] path: The unique path this backend should be mounted at. Defaults to `azure`.
|
214
286
|
:param pulumi.Input[str] subscription_id: The subscription id for the Azure Active Directory.
|
@@ -225,6 +297,12 @@ class _BackendState:
|
|
225
297
|
pulumi.set(__self__, "disable_remount", disable_remount)
|
226
298
|
if environment is not None:
|
227
299
|
pulumi.set(__self__, "environment", environment)
|
300
|
+
if identity_token_audience is not None:
|
301
|
+
pulumi.set(__self__, "identity_token_audience", identity_token_audience)
|
302
|
+
if identity_token_key is not None:
|
303
|
+
pulumi.set(__self__, "identity_token_key", identity_token_key)
|
304
|
+
if identity_token_ttl is not None:
|
305
|
+
pulumi.set(__self__, "identity_token_ttl", identity_token_ttl)
|
228
306
|
if namespace is not None:
|
229
307
|
pulumi.set(__self__, "namespace", namespace)
|
230
308
|
if path is not None:
|
@@ -233,6 +311,9 @@ class _BackendState:
|
|
233
311
|
pulumi.set(__self__, "subscription_id", subscription_id)
|
234
312
|
if tenant_id is not None:
|
235
313
|
pulumi.set(__self__, "tenant_id", tenant_id)
|
314
|
+
if use_microsoft_graph_api is not None:
|
315
|
+
warnings.warn("""This field is not supported in Vault-1.12+ and is the default behavior. This field will be removed in future version of the provider.""", DeprecationWarning)
|
316
|
+
pulumi.log.warn("""use_microsoft_graph_api is deprecated: This field is not supported in Vault-1.12+ and is the default behavior. This field will be removed in future version of the provider.""")
|
236
317
|
if use_microsoft_graph_api is not None:
|
237
318
|
pulumi.set(__self__, "use_microsoft_graph_api", use_microsoft_graph_api)
|
238
319
|
|
@@ -297,13 +378,52 @@ class _BackendState:
|
|
297
378
|
def environment(self, value: Optional[pulumi.Input[str]]):
|
298
379
|
pulumi.set(self, "environment", value)
|
299
380
|
|
381
|
+
@property
|
382
|
+
@pulumi.getter(name="identityTokenAudience")
|
383
|
+
def identity_token_audience(self) -> Optional[pulumi.Input[str]]:
|
384
|
+
"""
|
385
|
+
The audience claim value. Requires Vault 1.17+.
|
386
|
+
*Available only for Vault Enterprise*
|
387
|
+
"""
|
388
|
+
return pulumi.get(self, "identity_token_audience")
|
389
|
+
|
390
|
+
@identity_token_audience.setter
|
391
|
+
def identity_token_audience(self, value: Optional[pulumi.Input[str]]):
|
392
|
+
pulumi.set(self, "identity_token_audience", value)
|
393
|
+
|
394
|
+
@property
|
395
|
+
@pulumi.getter(name="identityTokenKey")
|
396
|
+
def identity_token_key(self) -> Optional[pulumi.Input[str]]:
|
397
|
+
"""
|
398
|
+
The key to use for signing identity tokens. Requires Vault 1.17+.
|
399
|
+
*Available only for Vault Enterprise*
|
400
|
+
"""
|
401
|
+
return pulumi.get(self, "identity_token_key")
|
402
|
+
|
403
|
+
@identity_token_key.setter
|
404
|
+
def identity_token_key(self, value: Optional[pulumi.Input[str]]):
|
405
|
+
pulumi.set(self, "identity_token_key", value)
|
406
|
+
|
407
|
+
@property
|
408
|
+
@pulumi.getter(name="identityTokenTtl")
|
409
|
+
def identity_token_ttl(self) -> Optional[pulumi.Input[int]]:
|
410
|
+
"""
|
411
|
+
The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
|
412
|
+
*Available only for Vault Enterprise*
|
413
|
+
"""
|
414
|
+
return pulumi.get(self, "identity_token_ttl")
|
415
|
+
|
416
|
+
@identity_token_ttl.setter
|
417
|
+
def identity_token_ttl(self, value: Optional[pulumi.Input[int]]):
|
418
|
+
pulumi.set(self, "identity_token_ttl", value)
|
419
|
+
|
300
420
|
@property
|
301
421
|
@pulumi.getter
|
302
422
|
def namespace(self) -> Optional[pulumi.Input[str]]:
|
303
423
|
"""
|
304
424
|
The namespace to provision the resource in.
|
305
425
|
The value should not contain leading or trailing forward slashes.
|
306
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
426
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
307
427
|
*Available only for Vault Enterprise*.
|
308
428
|
"""
|
309
429
|
return pulumi.get(self, "namespace")
|
@@ -350,6 +470,7 @@ class _BackendState:
|
|
350
470
|
|
351
471
|
@property
|
352
472
|
@pulumi.getter(name="useMicrosoftGraphApi")
|
473
|
+
@_utilities.deprecated("""This field is not supported in Vault-1.12+ and is the default behavior. This field will be removed in future version of the provider.""")
|
353
474
|
def use_microsoft_graph_api(self) -> Optional[pulumi.Input[bool]]:
|
354
475
|
"""
|
355
476
|
Use the Microsoft Graph API. Should be set to true on vault-1.10+
|
@@ -371,6 +492,9 @@ class Backend(pulumi.CustomResource):
|
|
371
492
|
description: Optional[pulumi.Input[str]] = None,
|
372
493
|
disable_remount: Optional[pulumi.Input[bool]] = None,
|
373
494
|
environment: Optional[pulumi.Input[str]] = None,
|
495
|
+
identity_token_audience: Optional[pulumi.Input[str]] = None,
|
496
|
+
identity_token_key: Optional[pulumi.Input[str]] = None,
|
497
|
+
identity_token_ttl: Optional[pulumi.Input[int]] = None,
|
374
498
|
namespace: Optional[pulumi.Input[str]] = None,
|
375
499
|
path: Optional[pulumi.Input[str]] = None,
|
376
500
|
subscription_id: Optional[pulumi.Input[str]] = None,
|
@@ -379,33 +503,48 @@ class Backend(pulumi.CustomResource):
|
|
379
503
|
__props__=None):
|
380
504
|
"""
|
381
505
|
## Example Usage
|
506
|
+
|
382
507
|
### *Vault-1.9 And Above*
|
383
508
|
|
509
|
+
You can setup the Azure secrets engine with Workload Identity Federation (WIF) for a secret-less configuration:
|
384
510
|
```python
|
385
511
|
import pulumi
|
386
512
|
import pulumi_vault as vault
|
387
513
|
|
388
514
|
azure = vault.azure.Backend("azure",
|
389
|
-
client_id="11111111-2222-3333-4444-333333333333",
|
390
|
-
client_secret="12345678901234567890",
|
391
|
-
environment="AzurePublicCloud",
|
392
515
|
subscription_id="11111111-2222-3333-4444-111111111111",
|
393
516
|
tenant_id="11111111-2222-3333-4444-222222222222",
|
394
|
-
|
517
|
+
client_id="11111111-2222-3333-4444-333333333333",
|
518
|
+
identity_token_audience="<TOKEN_AUDIENCE>",
|
519
|
+
identity_token_ttl="<TOKEN_TTL>")
|
395
520
|
```
|
396
|
-
### *Vault-1.8 And Below*
|
397
521
|
|
398
522
|
```python
|
399
523
|
import pulumi
|
400
524
|
import pulumi_vault as vault
|
401
525
|
|
402
526
|
azure = vault.azure.Backend("azure",
|
527
|
+
use_microsoft_graph_api=True,
|
528
|
+
subscription_id="11111111-2222-3333-4444-111111111111",
|
529
|
+
tenant_id="11111111-2222-3333-4444-222222222222",
|
403
530
|
client_id="11111111-2222-3333-4444-333333333333",
|
404
531
|
client_secret="12345678901234567890",
|
405
|
-
environment="AzurePublicCloud"
|
532
|
+
environment="AzurePublicCloud")
|
533
|
+
```
|
534
|
+
|
535
|
+
### *Vault-1.8 And Below*
|
536
|
+
|
537
|
+
```python
|
538
|
+
import pulumi
|
539
|
+
import pulumi_vault as vault
|
540
|
+
|
541
|
+
azure = vault.azure.Backend("azure",
|
542
|
+
use_microsoft_graph_api=False,
|
406
543
|
subscription_id="11111111-2222-3333-4444-111111111111",
|
407
544
|
tenant_id="11111111-2222-3333-4444-222222222222",
|
408
|
-
|
545
|
+
client_id="11111111-2222-3333-4444-333333333333",
|
546
|
+
client_secret="12345678901234567890",
|
547
|
+
environment="AzurePublicCloud")
|
409
548
|
```
|
410
549
|
|
411
550
|
:param str resource_name: The name of the resource.
|
@@ -416,9 +555,15 @@ class Backend(pulumi.CustomResource):
|
|
416
555
|
:param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
|
417
556
|
See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
|
418
557
|
:param pulumi.Input[str] environment: The Azure environment.
|
558
|
+
:param pulumi.Input[str] identity_token_audience: The audience claim value. Requires Vault 1.17+.
|
559
|
+
*Available only for Vault Enterprise*
|
560
|
+
:param pulumi.Input[str] identity_token_key: The key to use for signing identity tokens. Requires Vault 1.17+.
|
561
|
+
*Available only for Vault Enterprise*
|
562
|
+
:param pulumi.Input[int] identity_token_ttl: The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
|
563
|
+
*Available only for Vault Enterprise*
|
419
564
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
420
565
|
The value should not contain leading or trailing forward slashes.
|
421
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
566
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
422
567
|
*Available only for Vault Enterprise*.
|
423
568
|
:param pulumi.Input[str] path: The unique path this backend should be mounted at. Defaults to `azure`.
|
424
569
|
:param pulumi.Input[str] subscription_id: The subscription id for the Azure Active Directory.
|
@@ -433,33 +578,48 @@ class Backend(pulumi.CustomResource):
|
|
433
578
|
opts: Optional[pulumi.ResourceOptions] = None):
|
434
579
|
"""
|
435
580
|
## Example Usage
|
581
|
+
|
436
582
|
### *Vault-1.9 And Above*
|
437
583
|
|
584
|
+
You can setup the Azure secrets engine with Workload Identity Federation (WIF) for a secret-less configuration:
|
438
585
|
```python
|
439
586
|
import pulumi
|
440
587
|
import pulumi_vault as vault
|
441
588
|
|
442
589
|
azure = vault.azure.Backend("azure",
|
443
|
-
client_id="11111111-2222-3333-4444-333333333333",
|
444
|
-
client_secret="12345678901234567890",
|
445
|
-
environment="AzurePublicCloud",
|
446
590
|
subscription_id="11111111-2222-3333-4444-111111111111",
|
447
591
|
tenant_id="11111111-2222-3333-4444-222222222222",
|
448
|
-
|
592
|
+
client_id="11111111-2222-3333-4444-333333333333",
|
593
|
+
identity_token_audience="<TOKEN_AUDIENCE>",
|
594
|
+
identity_token_ttl="<TOKEN_TTL>")
|
449
595
|
```
|
450
|
-
### *Vault-1.8 And Below*
|
451
596
|
|
452
597
|
```python
|
453
598
|
import pulumi
|
454
599
|
import pulumi_vault as vault
|
455
600
|
|
456
601
|
azure = vault.azure.Backend("azure",
|
602
|
+
use_microsoft_graph_api=True,
|
603
|
+
subscription_id="11111111-2222-3333-4444-111111111111",
|
604
|
+
tenant_id="11111111-2222-3333-4444-222222222222",
|
457
605
|
client_id="11111111-2222-3333-4444-333333333333",
|
458
606
|
client_secret="12345678901234567890",
|
459
|
-
environment="AzurePublicCloud"
|
607
|
+
environment="AzurePublicCloud")
|
608
|
+
```
|
609
|
+
|
610
|
+
### *Vault-1.8 And Below*
|
611
|
+
|
612
|
+
```python
|
613
|
+
import pulumi
|
614
|
+
import pulumi_vault as vault
|
615
|
+
|
616
|
+
azure = vault.azure.Backend("azure",
|
617
|
+
use_microsoft_graph_api=False,
|
460
618
|
subscription_id="11111111-2222-3333-4444-111111111111",
|
461
619
|
tenant_id="11111111-2222-3333-4444-222222222222",
|
462
|
-
|
620
|
+
client_id="11111111-2222-3333-4444-333333333333",
|
621
|
+
client_secret="12345678901234567890",
|
622
|
+
environment="AzurePublicCloud")
|
463
623
|
```
|
464
624
|
|
465
625
|
:param str resource_name: The name of the resource.
|
@@ -482,6 +642,9 @@ class Backend(pulumi.CustomResource):
|
|
482
642
|
description: Optional[pulumi.Input[str]] = None,
|
483
643
|
disable_remount: Optional[pulumi.Input[bool]] = None,
|
484
644
|
environment: Optional[pulumi.Input[str]] = None,
|
645
|
+
identity_token_audience: Optional[pulumi.Input[str]] = None,
|
646
|
+
identity_token_key: Optional[pulumi.Input[str]] = None,
|
647
|
+
identity_token_ttl: Optional[pulumi.Input[int]] = None,
|
485
648
|
namespace: Optional[pulumi.Input[str]] = None,
|
486
649
|
path: Optional[pulumi.Input[str]] = None,
|
487
650
|
subscription_id: Optional[pulumi.Input[str]] = None,
|
@@ -501,6 +664,9 @@ class Backend(pulumi.CustomResource):
|
|
501
664
|
__props__.__dict__["description"] = description
|
502
665
|
__props__.__dict__["disable_remount"] = disable_remount
|
503
666
|
__props__.__dict__["environment"] = environment
|
667
|
+
__props__.__dict__["identity_token_audience"] = identity_token_audience
|
668
|
+
__props__.__dict__["identity_token_key"] = identity_token_key
|
669
|
+
__props__.__dict__["identity_token_ttl"] = identity_token_ttl
|
504
670
|
__props__.__dict__["namespace"] = namespace
|
505
671
|
__props__.__dict__["path"] = path
|
506
672
|
if subscription_id is None and not opts.urn:
|
@@ -527,6 +693,9 @@ class Backend(pulumi.CustomResource):
|
|
527
693
|
description: Optional[pulumi.Input[str]] = None,
|
528
694
|
disable_remount: Optional[pulumi.Input[bool]] = None,
|
529
695
|
environment: Optional[pulumi.Input[str]] = None,
|
696
|
+
identity_token_audience: Optional[pulumi.Input[str]] = None,
|
697
|
+
identity_token_key: Optional[pulumi.Input[str]] = None,
|
698
|
+
identity_token_ttl: Optional[pulumi.Input[int]] = None,
|
530
699
|
namespace: Optional[pulumi.Input[str]] = None,
|
531
700
|
path: Optional[pulumi.Input[str]] = None,
|
532
701
|
subscription_id: Optional[pulumi.Input[str]] = None,
|
@@ -545,9 +714,15 @@ class Backend(pulumi.CustomResource):
|
|
545
714
|
:param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
|
546
715
|
See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
|
547
716
|
:param pulumi.Input[str] environment: The Azure environment.
|
717
|
+
:param pulumi.Input[str] identity_token_audience: The audience claim value. Requires Vault 1.17+.
|
718
|
+
*Available only for Vault Enterprise*
|
719
|
+
:param pulumi.Input[str] identity_token_key: The key to use for signing identity tokens. Requires Vault 1.17+.
|
720
|
+
*Available only for Vault Enterprise*
|
721
|
+
:param pulumi.Input[int] identity_token_ttl: The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
|
722
|
+
*Available only for Vault Enterprise*
|
548
723
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
549
724
|
The value should not contain leading or trailing forward slashes.
|
550
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
725
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
551
726
|
*Available only for Vault Enterprise*.
|
552
727
|
:param pulumi.Input[str] path: The unique path this backend should be mounted at. Defaults to `azure`.
|
553
728
|
:param pulumi.Input[str] subscription_id: The subscription id for the Azure Active Directory.
|
@@ -563,6 +738,9 @@ class Backend(pulumi.CustomResource):
|
|
563
738
|
__props__.__dict__["description"] = description
|
564
739
|
__props__.__dict__["disable_remount"] = disable_remount
|
565
740
|
__props__.__dict__["environment"] = environment
|
741
|
+
__props__.__dict__["identity_token_audience"] = identity_token_audience
|
742
|
+
__props__.__dict__["identity_token_key"] = identity_token_key
|
743
|
+
__props__.__dict__["identity_token_ttl"] = identity_token_ttl
|
566
744
|
__props__.__dict__["namespace"] = namespace
|
567
745
|
__props__.__dict__["path"] = path
|
568
746
|
__props__.__dict__["subscription_id"] = subscription_id
|
@@ -611,13 +789,40 @@ class Backend(pulumi.CustomResource):
|
|
611
789
|
"""
|
612
790
|
return pulumi.get(self, "environment")
|
613
791
|
|
792
|
+
@property
|
793
|
+
@pulumi.getter(name="identityTokenAudience")
|
794
|
+
def identity_token_audience(self) -> pulumi.Output[Optional[str]]:
|
795
|
+
"""
|
796
|
+
The audience claim value. Requires Vault 1.17+.
|
797
|
+
*Available only for Vault Enterprise*
|
798
|
+
"""
|
799
|
+
return pulumi.get(self, "identity_token_audience")
|
800
|
+
|
801
|
+
@property
|
802
|
+
@pulumi.getter(name="identityTokenKey")
|
803
|
+
def identity_token_key(self) -> pulumi.Output[Optional[str]]:
|
804
|
+
"""
|
805
|
+
The key to use for signing identity tokens. Requires Vault 1.17+.
|
806
|
+
*Available only for Vault Enterprise*
|
807
|
+
"""
|
808
|
+
return pulumi.get(self, "identity_token_key")
|
809
|
+
|
810
|
+
@property
|
811
|
+
@pulumi.getter(name="identityTokenTtl")
|
812
|
+
def identity_token_ttl(self) -> pulumi.Output[int]:
|
813
|
+
"""
|
814
|
+
The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
|
815
|
+
*Available only for Vault Enterprise*
|
816
|
+
"""
|
817
|
+
return pulumi.get(self, "identity_token_ttl")
|
818
|
+
|
614
819
|
@property
|
615
820
|
@pulumi.getter
|
616
821
|
def namespace(self) -> pulumi.Output[Optional[str]]:
|
617
822
|
"""
|
618
823
|
The namespace to provision the resource in.
|
619
824
|
The value should not contain leading or trailing forward slashes.
|
620
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
825
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
621
826
|
*Available only for Vault Enterprise*.
|
622
827
|
"""
|
623
828
|
return pulumi.get(self, "namespace")
|
@@ -648,6 +853,7 @@ class Backend(pulumi.CustomResource):
|
|
648
853
|
|
649
854
|
@property
|
650
855
|
@pulumi.getter(name="useMicrosoftGraphApi")
|
856
|
+
@_utilities.deprecated("""This field is not supported in Vault-1.12+ and is the default behavior. This field will be removed in future version of the provider.""")
|
651
857
|
def use_microsoft_graph_api(self) -> pulumi.Output[bool]:
|
652
858
|
"""
|
653
859
|
Use the Microsoft Graph API. Should be set to true on vault-1.10+
|