pulumi-vault 5.21.0a1709368526__py3-none-any.whl → 6.5.0a1736836139__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +52 -0
- pulumi_vault/_inputs.py +560 -0
- pulumi_vault/_utilities.py +41 -5
- pulumi_vault/ad/get_access_credentials.py +26 -9
- pulumi_vault/ad/secret_backend.py +16 -142
- pulumi_vault/ad/secret_library.py +16 -9
- pulumi_vault/ad/secret_role.py +14 -9
- pulumi_vault/alicloud/auth_backend_role.py +76 -190
- pulumi_vault/approle/auth_backend_login.py +12 -7
- pulumi_vault/approle/auth_backend_role.py +77 -191
- pulumi_vault/approle/auth_backend_role_secret_id.py +106 -7
- pulumi_vault/approle/get_auth_backend_role_id.py +18 -5
- pulumi_vault/audit.py +30 -21
- pulumi_vault/audit_request_header.py +11 -2
- pulumi_vault/auth_backend.py +66 -14
- pulumi_vault/aws/auth_backend_cert.py +18 -9
- pulumi_vault/aws/auth_backend_client.py +267 -22
- pulumi_vault/aws/auth_backend_config_identity.py +14 -9
- pulumi_vault/aws/auth_backend_identity_whitelist.py +20 -15
- pulumi_vault/aws/auth_backend_login.py +19 -22
- pulumi_vault/aws/auth_backend_role.py +77 -191
- pulumi_vault/aws/auth_backend_role_tag.py +12 -7
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -13
- pulumi_vault/aws/auth_backend_sts_role.py +14 -9
- pulumi_vault/aws/get_access_credentials.py +38 -9
- pulumi_vault/aws/get_static_access_credentials.py +19 -5
- pulumi_vault/aws/secret_backend.py +77 -9
- pulumi_vault/aws/secret_backend_role.py +185 -9
- pulumi_vault/aws/secret_backend_static_role.py +20 -11
- pulumi_vault/azure/_inputs.py +24 -0
- pulumi_vault/azure/auth_backend_config.py +153 -15
- pulumi_vault/azure/auth_backend_role.py +77 -191
- pulumi_vault/azure/backend.py +227 -21
- pulumi_vault/azure/backend_role.py +42 -37
- pulumi_vault/azure/get_access_credentials.py +41 -7
- pulumi_vault/azure/outputs.py +5 -0
- pulumi_vault/cert_auth_backend_role.py +87 -267
- pulumi_vault/config/__init__.pyi +5 -0
- pulumi_vault/config/_inputs.py +73 -0
- pulumi_vault/config/outputs.py +35 -0
- pulumi_vault/config/ui_custom_message.py +529 -0
- pulumi_vault/config/vars.py +5 -0
- pulumi_vault/consul/secret_backend.py +28 -19
- pulumi_vault/consul/secret_backend_role.py +18 -78
- pulumi_vault/database/_inputs.py +2770 -881
- pulumi_vault/database/outputs.py +721 -838
- pulumi_vault/database/secret_backend_connection.py +119 -112
- pulumi_vault/database/secret_backend_role.py +31 -22
- pulumi_vault/database/secret_backend_static_role.py +87 -13
- pulumi_vault/database/secrets_mount.py +427 -136
- pulumi_vault/egp_policy.py +16 -11
- pulumi_vault/gcp/_inputs.py +111 -0
- pulumi_vault/gcp/auth_backend.py +250 -33
- pulumi_vault/gcp/auth_backend_role.py +77 -269
- pulumi_vault/gcp/get_auth_backend_role.py +43 -5
- pulumi_vault/gcp/outputs.py +5 -0
- pulumi_vault/gcp/secret_backend.py +287 -12
- pulumi_vault/gcp/secret_impersonated_account.py +76 -15
- pulumi_vault/gcp/secret_roleset.py +31 -24
- pulumi_vault/gcp/secret_static_account.py +39 -32
- pulumi_vault/generic/endpoint.py +24 -17
- pulumi_vault/generic/get_secret.py +64 -8
- pulumi_vault/generic/secret.py +21 -16
- pulumi_vault/get_auth_backend.py +24 -7
- pulumi_vault/get_auth_backends.py +51 -9
- pulumi_vault/get_namespace.py +226 -0
- pulumi_vault/get_namespaces.py +153 -0
- pulumi_vault/get_nomad_access_token.py +31 -11
- pulumi_vault/get_policy_document.py +34 -19
- pulumi_vault/get_raft_autopilot_state.py +29 -10
- pulumi_vault/github/_inputs.py +55 -0
- pulumi_vault/github/auth_backend.py +19 -14
- pulumi_vault/github/outputs.py +5 -0
- pulumi_vault/github/team.py +16 -11
- pulumi_vault/github/user.py +16 -11
- pulumi_vault/identity/entity.py +20 -13
- pulumi_vault/identity/entity_alias.py +20 -13
- pulumi_vault/identity/entity_policies.py +28 -11
- pulumi_vault/identity/get_entity.py +42 -10
- pulumi_vault/identity/get_group.py +47 -9
- pulumi_vault/identity/get_oidc_client_creds.py +21 -7
- pulumi_vault/identity/get_oidc_openid_config.py +39 -9
- pulumi_vault/identity/get_oidc_public_keys.py +29 -10
- pulumi_vault/identity/group.py +58 -39
- pulumi_vault/identity/group_alias.py +16 -9
- pulumi_vault/identity/group_member_entity_ids.py +28 -66
- pulumi_vault/identity/group_member_group_ids.py +40 -19
- pulumi_vault/identity/group_policies.py +20 -7
- pulumi_vault/identity/mfa_duo.py +11 -6
- pulumi_vault/identity/mfa_login_enforcement.py +15 -6
- pulumi_vault/identity/mfa_okta.py +11 -6
- pulumi_vault/identity/mfa_pingid.py +7 -2
- pulumi_vault/identity/mfa_totp.py +7 -2
- pulumi_vault/identity/oidc.py +12 -7
- pulumi_vault/identity/oidc_assignment.py +24 -11
- pulumi_vault/identity/oidc_client.py +36 -23
- pulumi_vault/identity/oidc_key.py +30 -17
- pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -15
- pulumi_vault/identity/oidc_provider.py +36 -21
- pulumi_vault/identity/oidc_role.py +42 -21
- pulumi_vault/identity/oidc_scope.py +20 -13
- pulumi_vault/identity/outputs.py +8 -3
- pulumi_vault/jwt/_inputs.py +55 -0
- pulumi_vault/jwt/auth_backend.py +45 -40
- pulumi_vault/jwt/auth_backend_role.py +133 -254
- pulumi_vault/jwt/outputs.py +5 -0
- pulumi_vault/kmip/secret_backend.py +24 -19
- pulumi_vault/kmip/secret_role.py +14 -9
- pulumi_vault/kmip/secret_scope.py +14 -9
- pulumi_vault/kubernetes/auth_backend_config.py +57 -5
- pulumi_vault/kubernetes/auth_backend_role.py +70 -177
- pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
- pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
- pulumi_vault/kubernetes/get_service_account_token.py +39 -11
- pulumi_vault/kubernetes/secret_backend.py +316 -27
- pulumi_vault/kubernetes/secret_backend_role.py +137 -46
- pulumi_vault/kv/_inputs.py +36 -4
- pulumi_vault/kv/get_secret.py +25 -8
- pulumi_vault/kv/get_secret_subkeys_v2.py +33 -10
- pulumi_vault/kv/get_secret_v2.py +85 -9
- pulumi_vault/kv/get_secrets_list.py +24 -11
- pulumi_vault/kv/get_secrets_list_v2.py +37 -15
- pulumi_vault/kv/outputs.py +8 -3
- pulumi_vault/kv/secret.py +23 -16
- pulumi_vault/kv/secret_backend_v2.py +20 -11
- pulumi_vault/kv/secret_v2.py +59 -50
- pulumi_vault/ldap/auth_backend.py +127 -166
- pulumi_vault/ldap/auth_backend_group.py +14 -9
- pulumi_vault/ldap/auth_backend_user.py +14 -9
- pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
- pulumi_vault/ldap/get_static_credentials.py +24 -5
- pulumi_vault/ldap/secret_backend.py +354 -82
- pulumi_vault/ldap/secret_backend_dynamic_role.py +18 -11
- pulumi_vault/ldap/secret_backend_library_set.py +16 -9
- pulumi_vault/ldap/secret_backend_static_role.py +73 -12
- pulumi_vault/managed/_inputs.py +289 -132
- pulumi_vault/managed/keys.py +29 -57
- pulumi_vault/managed/outputs.py +89 -132
- pulumi_vault/mfa_duo.py +18 -11
- pulumi_vault/mfa_okta.py +18 -11
- pulumi_vault/mfa_pingid.py +18 -11
- pulumi_vault/mfa_totp.py +24 -17
- pulumi_vault/mongodbatlas/secret_backend.py +20 -15
- pulumi_vault/mongodbatlas/secret_role.py +47 -38
- pulumi_vault/mount.py +391 -51
- pulumi_vault/namespace.py +68 -83
- pulumi_vault/nomad_secret_backend.py +18 -13
- pulumi_vault/nomad_secret_role.py +14 -9
- pulumi_vault/okta/_inputs.py +47 -8
- pulumi_vault/okta/auth_backend.py +485 -39
- pulumi_vault/okta/auth_backend_group.py +14 -9
- pulumi_vault/okta/auth_backend_user.py +14 -9
- pulumi_vault/okta/outputs.py +13 -8
- pulumi_vault/outputs.py +5 -0
- pulumi_vault/password_policy.py +20 -13
- pulumi_vault/pkisecret/__init__.py +3 -0
- pulumi_vault/pkisecret/_inputs.py +81 -0
- pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
- pulumi_vault/pkisecret/backend_config_est.py +619 -0
- pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
- pulumi_vault/pkisecret/get_backend_issuer.py +67 -9
- pulumi_vault/pkisecret/get_backend_issuers.py +21 -8
- pulumi_vault/pkisecret/get_backend_key.py +24 -9
- pulumi_vault/pkisecret/get_backend_keys.py +21 -8
- pulumi_vault/pkisecret/outputs.py +69 -0
- pulumi_vault/pkisecret/secret_backend_cert.py +18 -11
- pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -11
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +14 -9
- pulumi_vault/pkisecret/secret_backend_config_urls.py +67 -11
- pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -9
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -11
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -17
- pulumi_vault/pkisecret/secret_backend_issuer.py +14 -9
- pulumi_vault/pkisecret/secret_backend_key.py +14 -9
- pulumi_vault/pkisecret/secret_backend_role.py +21 -14
- pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -48
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -56
- pulumi_vault/pkisecret/secret_backend_sign.py +18 -54
- pulumi_vault/plugin.py +595 -0
- pulumi_vault/plugin_pinned_version.py +298 -0
- pulumi_vault/policy.py +14 -9
- pulumi_vault/provider.py +48 -53
- pulumi_vault/pulumi-plugin.json +2 -1
- pulumi_vault/quota_lease_count.py +60 -6
- pulumi_vault/quota_rate_limit.py +56 -2
- pulumi_vault/rabbitmq/_inputs.py +61 -0
- pulumi_vault/rabbitmq/outputs.py +5 -0
- pulumi_vault/rabbitmq/secret_backend.py +18 -13
- pulumi_vault/rabbitmq/secret_backend_role.py +54 -47
- pulumi_vault/raft_autopilot.py +14 -9
- pulumi_vault/raft_snapshot_agent_config.py +129 -224
- pulumi_vault/rgp_policy.py +14 -9
- pulumi_vault/saml/auth_backend.py +22 -17
- pulumi_vault/saml/auth_backend_role.py +92 -197
- pulumi_vault/secrets/__init__.py +3 -0
- pulumi_vault/secrets/_inputs.py +110 -0
- pulumi_vault/secrets/outputs.py +94 -0
- pulumi_vault/secrets/sync_association.py +56 -71
- pulumi_vault/secrets/sync_aws_destination.py +242 -27
- pulumi_vault/secrets/sync_azure_destination.py +92 -31
- pulumi_vault/secrets/sync_config.py +9 -4
- pulumi_vault/secrets/sync_gcp_destination.py +158 -25
- pulumi_vault/secrets/sync_gh_destination.py +189 -13
- pulumi_vault/secrets/sync_github_apps.py +375 -0
- pulumi_vault/secrets/sync_vercel_destination.py +74 -13
- pulumi_vault/ssh/_inputs.py +28 -28
- pulumi_vault/ssh/outputs.py +11 -28
- pulumi_vault/ssh/secret_backend_ca.py +108 -9
- pulumi_vault/ssh/secret_backend_role.py +85 -118
- pulumi_vault/terraformcloud/secret_backend.py +7 -54
- pulumi_vault/terraformcloud/secret_creds.py +14 -20
- pulumi_vault/terraformcloud/secret_role.py +16 -74
- pulumi_vault/token.py +28 -23
- pulumi_vault/tokenauth/auth_backend_role.py +78 -199
- pulumi_vault/transform/alphabet.py +16 -9
- pulumi_vault/transform/get_decode.py +45 -17
- pulumi_vault/transform/get_encode.py +45 -17
- pulumi_vault/transform/role.py +16 -9
- pulumi_vault/transform/template.py +30 -21
- pulumi_vault/transform/transformation.py +12 -7
- pulumi_vault/transit/get_decrypt.py +26 -21
- pulumi_vault/transit/get_encrypt.py +24 -19
- pulumi_vault/transit/secret_backend_key.py +27 -93
- pulumi_vault/transit/secret_cache_config.py +12 -7
- {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/METADATA +8 -7
- pulumi_vault-6.5.0a1736836139.dist-info/RECORD +256 -0
- {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/WHEEL +1 -1
- pulumi_vault-5.21.0a1709368526.dist-info/RECORD +0 -244
- {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/top_level.txt +0 -0
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
from . import outputs
|
12
17
|
from ._inputs import *
|
@@ -41,7 +46,7 @@ class BackendRoleArgs:
|
|
41
46
|
suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine max TTL time.
|
42
47
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
43
48
|
The value should not contain leading or trailing forward slashes.
|
44
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
49
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
45
50
|
*Available only for Vault Enterprise*.
|
46
51
|
:param pulumi.Input[bool] permanently_delete: Indicates whether the applications and service principals created by Vault will be permanently
|
47
52
|
deleted when the corresponding leases expire. Defaults to `false`. For Vault v1.12+.
|
@@ -167,7 +172,7 @@ class BackendRoleArgs:
|
|
167
172
|
"""
|
168
173
|
The namespace to provision the resource in.
|
169
174
|
The value should not contain leading or trailing forward slashes.
|
170
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
175
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
171
176
|
*Available only for Vault Enterprise*.
|
172
177
|
"""
|
173
178
|
return pulumi.get(self, "namespace")
|
@@ -255,7 +260,7 @@ class _BackendRoleState:
|
|
255
260
|
suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine max TTL time.
|
256
261
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
257
262
|
The value should not contain leading or trailing forward slashes.
|
258
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
263
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
259
264
|
*Available only for Vault Enterprise*.
|
260
265
|
:param pulumi.Input[bool] permanently_delete: Indicates whether the applications and service principals created by Vault will be permanently
|
261
266
|
deleted when the corresponding leases expire. Defaults to `false`. For Vault v1.12+.
|
@@ -371,7 +376,7 @@ class _BackendRoleState:
|
|
371
376
|
"""
|
372
377
|
The namespace to provision the resource in.
|
373
378
|
The value should not contain leading or trailing forward slashes.
|
374
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
379
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
375
380
|
*Available only for Vault Enterprise*.
|
376
381
|
"""
|
377
382
|
return pulumi.get(self, "namespace")
|
@@ -450,8 +455,8 @@ class BackendRole(pulumi.CustomResource):
|
|
450
455
|
resource_name: str,
|
451
456
|
opts: Optional[pulumi.ResourceOptions] = None,
|
452
457
|
application_object_id: Optional[pulumi.Input[str]] = None,
|
453
|
-
azure_groups: Optional[pulumi.Input[Sequence[pulumi.Input[
|
454
|
-
azure_roles: Optional[pulumi.Input[Sequence[pulumi.Input[
|
458
|
+
azure_groups: Optional[pulumi.Input[Sequence[pulumi.Input[Union['BackendRoleAzureGroupArgs', 'BackendRoleAzureGroupArgsDict']]]]] = None,
|
459
|
+
azure_roles: Optional[pulumi.Input[Sequence[pulumi.Input[Union['BackendRoleAzureRoleArgs', 'BackendRoleAzureRoleArgsDict']]]]] = None,
|
455
460
|
backend: Optional[pulumi.Input[str]] = None,
|
456
461
|
description: Optional[pulumi.Input[str]] = None,
|
457
462
|
max_ttl: Optional[pulumi.Input[str]] = None,
|
@@ -470,11 +475,11 @@ class BackendRole(pulumi.CustomResource):
|
|
470
475
|
import pulumi_vault as vault
|
471
476
|
|
472
477
|
azure = vault.azure.Backend("azure",
|
473
|
-
subscription_id=
|
474
|
-
tenant_id=
|
475
|
-
client_secret=
|
476
|
-
client_id=
|
477
|
-
generated_role = vault.azure.BackendRole("
|
478
|
+
subscription_id=subscription_id,
|
479
|
+
tenant_id=tenant_id,
|
480
|
+
client_secret=client_secret,
|
481
|
+
client_id=client_id)
|
482
|
+
generated_role = vault.azure.BackendRole("generated_role",
|
478
483
|
backend=azure.path,
|
479
484
|
role="generated_role",
|
480
485
|
sign_in_audience="AzureADMyOrg",
|
@@ -484,11 +489,11 @@ class BackendRole(pulumi.CustomResource):
|
|
484
489
|
],
|
485
490
|
ttl="300",
|
486
491
|
max_ttl="600",
|
487
|
-
azure_roles=[
|
488
|
-
role_name
|
489
|
-
scope
|
490
|
-
|
491
|
-
existing_object_id = vault.azure.BackendRole("
|
492
|
+
azure_roles=[{
|
493
|
+
"role_name": "Reader",
|
494
|
+
"scope": f"/subscriptions/{subscription_id}/resourceGroups/azure-vault-group",
|
495
|
+
}])
|
496
|
+
existing_object_id = vault.azure.BackendRole("existing_object_id",
|
492
497
|
backend=azure.path,
|
493
498
|
role="existing_object_id",
|
494
499
|
application_object_id="11111111-2222-3333-4444-44444444444",
|
@@ -500,15 +505,15 @@ class BackendRole(pulumi.CustomResource):
|
|
500
505
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
501
506
|
:param pulumi.Input[str] application_object_id: Application Object ID for an existing service principal that will
|
502
507
|
be used instead of creating dynamic service principals. If present, `azure_roles` and `permanently_delete` will be ignored.
|
503
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
504
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
508
|
+
:param pulumi.Input[Sequence[pulumi.Input[Union['BackendRoleAzureGroupArgs', 'BackendRoleAzureGroupArgsDict']]]] azure_groups: List of Azure groups to be assigned to the generated service principal.
|
509
|
+
:param pulumi.Input[Sequence[pulumi.Input[Union['BackendRoleAzureRoleArgs', 'BackendRoleAzureRoleArgsDict']]]] azure_roles: List of Azure roles to be assigned to the generated service principal.
|
505
510
|
:param pulumi.Input[str] backend: Path to the mounted Azure auth backend
|
506
511
|
:param pulumi.Input[str] description: Human-friendly description of the mount for the backend.
|
507
512
|
:param pulumi.Input[str] max_ttl: Specifies the maximum TTL for service principals generated using this role. Accepts time
|
508
513
|
suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine max TTL time.
|
509
514
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
510
515
|
The value should not contain leading or trailing forward slashes.
|
511
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
516
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
512
517
|
*Available only for Vault Enterprise*.
|
513
518
|
:param pulumi.Input[bool] permanently_delete: Indicates whether the applications and service principals created by Vault will be permanently
|
514
519
|
deleted when the corresponding leases expire. Defaults to `false`. For Vault v1.12+.
|
@@ -533,11 +538,11 @@ class BackendRole(pulumi.CustomResource):
|
|
533
538
|
import pulumi_vault as vault
|
534
539
|
|
535
540
|
azure = vault.azure.Backend("azure",
|
536
|
-
subscription_id=
|
537
|
-
tenant_id=
|
538
|
-
client_secret=
|
539
|
-
client_id=
|
540
|
-
generated_role = vault.azure.BackendRole("
|
541
|
+
subscription_id=subscription_id,
|
542
|
+
tenant_id=tenant_id,
|
543
|
+
client_secret=client_secret,
|
544
|
+
client_id=client_id)
|
545
|
+
generated_role = vault.azure.BackendRole("generated_role",
|
541
546
|
backend=azure.path,
|
542
547
|
role="generated_role",
|
543
548
|
sign_in_audience="AzureADMyOrg",
|
@@ -547,11 +552,11 @@ class BackendRole(pulumi.CustomResource):
|
|
547
552
|
],
|
548
553
|
ttl="300",
|
549
554
|
max_ttl="600",
|
550
|
-
azure_roles=[
|
551
|
-
role_name
|
552
|
-
scope
|
553
|
-
|
554
|
-
existing_object_id = vault.azure.BackendRole("
|
555
|
+
azure_roles=[{
|
556
|
+
"role_name": "Reader",
|
557
|
+
"scope": f"/subscriptions/{subscription_id}/resourceGroups/azure-vault-group",
|
558
|
+
}])
|
559
|
+
existing_object_id = vault.azure.BackendRole("existing_object_id",
|
555
560
|
backend=azure.path,
|
556
561
|
role="existing_object_id",
|
557
562
|
application_object_id="11111111-2222-3333-4444-44444444444",
|
@@ -575,8 +580,8 @@ class BackendRole(pulumi.CustomResource):
|
|
575
580
|
resource_name: str,
|
576
581
|
opts: Optional[pulumi.ResourceOptions] = None,
|
577
582
|
application_object_id: Optional[pulumi.Input[str]] = None,
|
578
|
-
azure_groups: Optional[pulumi.Input[Sequence[pulumi.Input[
|
579
|
-
azure_roles: Optional[pulumi.Input[Sequence[pulumi.Input[
|
583
|
+
azure_groups: Optional[pulumi.Input[Sequence[pulumi.Input[Union['BackendRoleAzureGroupArgs', 'BackendRoleAzureGroupArgsDict']]]]] = None,
|
584
|
+
azure_roles: Optional[pulumi.Input[Sequence[pulumi.Input[Union['BackendRoleAzureRoleArgs', 'BackendRoleAzureRoleArgsDict']]]]] = None,
|
580
585
|
backend: Optional[pulumi.Input[str]] = None,
|
581
586
|
description: Optional[pulumi.Input[str]] = None,
|
582
587
|
max_ttl: Optional[pulumi.Input[str]] = None,
|
@@ -620,8 +625,8 @@ class BackendRole(pulumi.CustomResource):
|
|
620
625
|
id: pulumi.Input[str],
|
621
626
|
opts: Optional[pulumi.ResourceOptions] = None,
|
622
627
|
application_object_id: Optional[pulumi.Input[str]] = None,
|
623
|
-
azure_groups: Optional[pulumi.Input[Sequence[pulumi.Input[
|
624
|
-
azure_roles: Optional[pulumi.Input[Sequence[pulumi.Input[
|
628
|
+
azure_groups: Optional[pulumi.Input[Sequence[pulumi.Input[Union['BackendRoleAzureGroupArgs', 'BackendRoleAzureGroupArgsDict']]]]] = None,
|
629
|
+
azure_roles: Optional[pulumi.Input[Sequence[pulumi.Input[Union['BackendRoleAzureRoleArgs', 'BackendRoleAzureRoleArgsDict']]]]] = None,
|
625
630
|
backend: Optional[pulumi.Input[str]] = None,
|
626
631
|
description: Optional[pulumi.Input[str]] = None,
|
627
632
|
max_ttl: Optional[pulumi.Input[str]] = None,
|
@@ -640,15 +645,15 @@ class BackendRole(pulumi.CustomResource):
|
|
640
645
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
641
646
|
:param pulumi.Input[str] application_object_id: Application Object ID for an existing service principal that will
|
642
647
|
be used instead of creating dynamic service principals. If present, `azure_roles` and `permanently_delete` will be ignored.
|
643
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
644
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
648
|
+
:param pulumi.Input[Sequence[pulumi.Input[Union['BackendRoleAzureGroupArgs', 'BackendRoleAzureGroupArgsDict']]]] azure_groups: List of Azure groups to be assigned to the generated service principal.
|
649
|
+
:param pulumi.Input[Sequence[pulumi.Input[Union['BackendRoleAzureRoleArgs', 'BackendRoleAzureRoleArgsDict']]]] azure_roles: List of Azure roles to be assigned to the generated service principal.
|
645
650
|
:param pulumi.Input[str] backend: Path to the mounted Azure auth backend
|
646
651
|
:param pulumi.Input[str] description: Human-friendly description of the mount for the backend.
|
647
652
|
:param pulumi.Input[str] max_ttl: Specifies the maximum TTL for service principals generated using this role. Accepts time
|
648
653
|
suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine max TTL time.
|
649
654
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
650
655
|
The value should not contain leading or trailing forward slashes.
|
651
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
656
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
652
657
|
*Available only for Vault Enterprise*.
|
653
658
|
:param pulumi.Input[bool] permanently_delete: Indicates whether the applications and service principals created by Vault will be permanently
|
654
659
|
deleted when the corresponding leases expire. Defaults to `false`. For Vault v1.12+.
|
@@ -733,7 +738,7 @@ class BackendRole(pulumi.CustomResource):
|
|
733
738
|
"""
|
734
739
|
The namespace to provision the resource in.
|
735
740
|
The value should not contain leading or trailing forward slashes.
|
736
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
741
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
737
742
|
*Available only for Vault Enterprise*.
|
738
743
|
"""
|
739
744
|
return pulumi.get(self, "namespace")
|
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
|
12
17
|
__all__ = [
|
@@ -226,6 +231,7 @@ def get_access_credentials(backend: Optional[str] = None,
|
|
226
231
|
num_seconds_between_tests=1,
|
227
232
|
max_cred_validation_seconds=300)
|
228
233
|
```
|
234
|
+
|
229
235
|
## Caveats
|
230
236
|
|
231
237
|
The `validate_creds` option requires read-access to the `backend` config endpoint.
|
@@ -244,7 +250,7 @@ def get_access_credentials(backend: Optional[str] = None,
|
|
244
250
|
to 300.
|
245
251
|
:param str namespace: The namespace of the target resource.
|
246
252
|
The value should not contain leading or trailing forward slashes.
|
247
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
253
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
248
254
|
*Available only for Vault Enterprise*.
|
249
255
|
:param int num_seconds_between_tests: If 'validate_creds' is true,
|
250
256
|
the number of seconds to wait between each test of generated credentials.
|
@@ -297,9 +303,6 @@ def get_access_credentials(backend: Optional[str] = None,
|
|
297
303
|
subscription_id=pulumi.get(__ret__, 'subscription_id'),
|
298
304
|
tenant_id=pulumi.get(__ret__, 'tenant_id'),
|
299
305
|
validate_creds=pulumi.get(__ret__, 'validate_creds'))
|
300
|
-
|
301
|
-
|
302
|
-
@_utilities.lift_output_func(get_access_credentials)
|
303
306
|
def get_access_credentials_output(backend: Optional[pulumi.Input[str]] = None,
|
304
307
|
environment: Optional[pulumi.Input[Optional[str]]] = None,
|
305
308
|
max_cred_validation_seconds: Optional[pulumi.Input[Optional[int]]] = None,
|
@@ -310,7 +313,7 @@ def get_access_credentials_output(backend: Optional[pulumi.Input[str]] = None,
|
|
310
313
|
subscription_id: Optional[pulumi.Input[Optional[str]]] = None,
|
311
314
|
tenant_id: Optional[pulumi.Input[Optional[str]]] = None,
|
312
315
|
validate_creds: Optional[pulumi.Input[Optional[bool]]] = None,
|
313
|
-
opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetAccessCredentialsResult]:
|
316
|
+
opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetAccessCredentialsResult]:
|
314
317
|
"""
|
315
318
|
## Example Usage
|
316
319
|
|
@@ -324,6 +327,7 @@ def get_access_credentials_output(backend: Optional[pulumi.Input[str]] = None,
|
|
324
327
|
num_seconds_between_tests=1,
|
325
328
|
max_cred_validation_seconds=300)
|
326
329
|
```
|
330
|
+
|
327
331
|
## Caveats
|
328
332
|
|
329
333
|
The `validate_creds` option requires read-access to the `backend` config endpoint.
|
@@ -342,7 +346,7 @@ def get_access_credentials_output(backend: Optional[pulumi.Input[str]] = None,
|
|
342
346
|
to 300.
|
343
347
|
:param str namespace: The namespace of the target resource.
|
344
348
|
The value should not contain leading or trailing forward slashes.
|
345
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
349
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
346
350
|
*Available only for Vault Enterprise*.
|
347
351
|
:param int num_seconds_between_tests: If 'validate_creds' is true,
|
348
352
|
the number of seconds to wait between each test of generated credentials.
|
@@ -363,4 +367,34 @@ def get_access_credentials_output(backend: Optional[pulumi.Input[str]] = None,
|
|
363
367
|
credentials without checking whether they have fully propagated throughout
|
364
368
|
Azure Active Directory. Designating `true` activates testing.
|
365
369
|
"""
|
366
|
-
|
370
|
+
__args__ = dict()
|
371
|
+
__args__['backend'] = backend
|
372
|
+
__args__['environment'] = environment
|
373
|
+
__args__['maxCredValidationSeconds'] = max_cred_validation_seconds
|
374
|
+
__args__['namespace'] = namespace
|
375
|
+
__args__['numSecondsBetweenTests'] = num_seconds_between_tests
|
376
|
+
__args__['numSequentialSuccesses'] = num_sequential_successes
|
377
|
+
__args__['role'] = role
|
378
|
+
__args__['subscriptionId'] = subscription_id
|
379
|
+
__args__['tenantId'] = tenant_id
|
380
|
+
__args__['validateCreds'] = validate_creds
|
381
|
+
opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts)
|
382
|
+
__ret__ = pulumi.runtime.invoke_output('vault:azure/getAccessCredentials:getAccessCredentials', __args__, opts=opts, typ=GetAccessCredentialsResult)
|
383
|
+
return __ret__.apply(lambda __response__: GetAccessCredentialsResult(
|
384
|
+
backend=pulumi.get(__response__, 'backend'),
|
385
|
+
client_id=pulumi.get(__response__, 'client_id'),
|
386
|
+
client_secret=pulumi.get(__response__, 'client_secret'),
|
387
|
+
environment=pulumi.get(__response__, 'environment'),
|
388
|
+
id=pulumi.get(__response__, 'id'),
|
389
|
+
lease_duration=pulumi.get(__response__, 'lease_duration'),
|
390
|
+
lease_id=pulumi.get(__response__, 'lease_id'),
|
391
|
+
lease_renewable=pulumi.get(__response__, 'lease_renewable'),
|
392
|
+
lease_start_time=pulumi.get(__response__, 'lease_start_time'),
|
393
|
+
max_cred_validation_seconds=pulumi.get(__response__, 'max_cred_validation_seconds'),
|
394
|
+
namespace=pulumi.get(__response__, 'namespace'),
|
395
|
+
num_seconds_between_tests=pulumi.get(__response__, 'num_seconds_between_tests'),
|
396
|
+
num_sequential_successes=pulumi.get(__response__, 'num_sequential_successes'),
|
397
|
+
role=pulumi.get(__response__, 'role'),
|
398
|
+
subscription_id=pulumi.get(__response__, 'subscription_id'),
|
399
|
+
tenant_id=pulumi.get(__response__, 'tenant_id'),
|
400
|
+
validate_creds=pulumi.get(__response__, 'validate_creds')))
|
pulumi_vault/azure/outputs.py
CHANGED
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
|
12
17
|
__all__ = [
|