pulumi-vault 5.21.0a1709368526__py3-none-any.whl → 6.5.0a1736836139__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +52 -0
- pulumi_vault/_inputs.py +560 -0
- pulumi_vault/_utilities.py +41 -5
- pulumi_vault/ad/get_access_credentials.py +26 -9
- pulumi_vault/ad/secret_backend.py +16 -142
- pulumi_vault/ad/secret_library.py +16 -9
- pulumi_vault/ad/secret_role.py +14 -9
- pulumi_vault/alicloud/auth_backend_role.py +76 -190
- pulumi_vault/approle/auth_backend_login.py +12 -7
- pulumi_vault/approle/auth_backend_role.py +77 -191
- pulumi_vault/approle/auth_backend_role_secret_id.py +106 -7
- pulumi_vault/approle/get_auth_backend_role_id.py +18 -5
- pulumi_vault/audit.py +30 -21
- pulumi_vault/audit_request_header.py +11 -2
- pulumi_vault/auth_backend.py +66 -14
- pulumi_vault/aws/auth_backend_cert.py +18 -9
- pulumi_vault/aws/auth_backend_client.py +267 -22
- pulumi_vault/aws/auth_backend_config_identity.py +14 -9
- pulumi_vault/aws/auth_backend_identity_whitelist.py +20 -15
- pulumi_vault/aws/auth_backend_login.py +19 -22
- pulumi_vault/aws/auth_backend_role.py +77 -191
- pulumi_vault/aws/auth_backend_role_tag.py +12 -7
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -13
- pulumi_vault/aws/auth_backend_sts_role.py +14 -9
- pulumi_vault/aws/get_access_credentials.py +38 -9
- pulumi_vault/aws/get_static_access_credentials.py +19 -5
- pulumi_vault/aws/secret_backend.py +77 -9
- pulumi_vault/aws/secret_backend_role.py +185 -9
- pulumi_vault/aws/secret_backend_static_role.py +20 -11
- pulumi_vault/azure/_inputs.py +24 -0
- pulumi_vault/azure/auth_backend_config.py +153 -15
- pulumi_vault/azure/auth_backend_role.py +77 -191
- pulumi_vault/azure/backend.py +227 -21
- pulumi_vault/azure/backend_role.py +42 -37
- pulumi_vault/azure/get_access_credentials.py +41 -7
- pulumi_vault/azure/outputs.py +5 -0
- pulumi_vault/cert_auth_backend_role.py +87 -267
- pulumi_vault/config/__init__.pyi +5 -0
- pulumi_vault/config/_inputs.py +73 -0
- pulumi_vault/config/outputs.py +35 -0
- pulumi_vault/config/ui_custom_message.py +529 -0
- pulumi_vault/config/vars.py +5 -0
- pulumi_vault/consul/secret_backend.py +28 -19
- pulumi_vault/consul/secret_backend_role.py +18 -78
- pulumi_vault/database/_inputs.py +2770 -881
- pulumi_vault/database/outputs.py +721 -838
- pulumi_vault/database/secret_backend_connection.py +119 -112
- pulumi_vault/database/secret_backend_role.py +31 -22
- pulumi_vault/database/secret_backend_static_role.py +87 -13
- pulumi_vault/database/secrets_mount.py +427 -136
- pulumi_vault/egp_policy.py +16 -11
- pulumi_vault/gcp/_inputs.py +111 -0
- pulumi_vault/gcp/auth_backend.py +250 -33
- pulumi_vault/gcp/auth_backend_role.py +77 -269
- pulumi_vault/gcp/get_auth_backend_role.py +43 -5
- pulumi_vault/gcp/outputs.py +5 -0
- pulumi_vault/gcp/secret_backend.py +287 -12
- pulumi_vault/gcp/secret_impersonated_account.py +76 -15
- pulumi_vault/gcp/secret_roleset.py +31 -24
- pulumi_vault/gcp/secret_static_account.py +39 -32
- pulumi_vault/generic/endpoint.py +24 -17
- pulumi_vault/generic/get_secret.py +64 -8
- pulumi_vault/generic/secret.py +21 -16
- pulumi_vault/get_auth_backend.py +24 -7
- pulumi_vault/get_auth_backends.py +51 -9
- pulumi_vault/get_namespace.py +226 -0
- pulumi_vault/get_namespaces.py +153 -0
- pulumi_vault/get_nomad_access_token.py +31 -11
- pulumi_vault/get_policy_document.py +34 -19
- pulumi_vault/get_raft_autopilot_state.py +29 -10
- pulumi_vault/github/_inputs.py +55 -0
- pulumi_vault/github/auth_backend.py +19 -14
- pulumi_vault/github/outputs.py +5 -0
- pulumi_vault/github/team.py +16 -11
- pulumi_vault/github/user.py +16 -11
- pulumi_vault/identity/entity.py +20 -13
- pulumi_vault/identity/entity_alias.py +20 -13
- pulumi_vault/identity/entity_policies.py +28 -11
- pulumi_vault/identity/get_entity.py +42 -10
- pulumi_vault/identity/get_group.py +47 -9
- pulumi_vault/identity/get_oidc_client_creds.py +21 -7
- pulumi_vault/identity/get_oidc_openid_config.py +39 -9
- pulumi_vault/identity/get_oidc_public_keys.py +29 -10
- pulumi_vault/identity/group.py +58 -39
- pulumi_vault/identity/group_alias.py +16 -9
- pulumi_vault/identity/group_member_entity_ids.py +28 -66
- pulumi_vault/identity/group_member_group_ids.py +40 -19
- pulumi_vault/identity/group_policies.py +20 -7
- pulumi_vault/identity/mfa_duo.py +11 -6
- pulumi_vault/identity/mfa_login_enforcement.py +15 -6
- pulumi_vault/identity/mfa_okta.py +11 -6
- pulumi_vault/identity/mfa_pingid.py +7 -2
- pulumi_vault/identity/mfa_totp.py +7 -2
- pulumi_vault/identity/oidc.py +12 -7
- pulumi_vault/identity/oidc_assignment.py +24 -11
- pulumi_vault/identity/oidc_client.py +36 -23
- pulumi_vault/identity/oidc_key.py +30 -17
- pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -15
- pulumi_vault/identity/oidc_provider.py +36 -21
- pulumi_vault/identity/oidc_role.py +42 -21
- pulumi_vault/identity/oidc_scope.py +20 -13
- pulumi_vault/identity/outputs.py +8 -3
- pulumi_vault/jwt/_inputs.py +55 -0
- pulumi_vault/jwt/auth_backend.py +45 -40
- pulumi_vault/jwt/auth_backend_role.py +133 -254
- pulumi_vault/jwt/outputs.py +5 -0
- pulumi_vault/kmip/secret_backend.py +24 -19
- pulumi_vault/kmip/secret_role.py +14 -9
- pulumi_vault/kmip/secret_scope.py +14 -9
- pulumi_vault/kubernetes/auth_backend_config.py +57 -5
- pulumi_vault/kubernetes/auth_backend_role.py +70 -177
- pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
- pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
- pulumi_vault/kubernetes/get_service_account_token.py +39 -11
- pulumi_vault/kubernetes/secret_backend.py +316 -27
- pulumi_vault/kubernetes/secret_backend_role.py +137 -46
- pulumi_vault/kv/_inputs.py +36 -4
- pulumi_vault/kv/get_secret.py +25 -8
- pulumi_vault/kv/get_secret_subkeys_v2.py +33 -10
- pulumi_vault/kv/get_secret_v2.py +85 -9
- pulumi_vault/kv/get_secrets_list.py +24 -11
- pulumi_vault/kv/get_secrets_list_v2.py +37 -15
- pulumi_vault/kv/outputs.py +8 -3
- pulumi_vault/kv/secret.py +23 -16
- pulumi_vault/kv/secret_backend_v2.py +20 -11
- pulumi_vault/kv/secret_v2.py +59 -50
- pulumi_vault/ldap/auth_backend.py +127 -166
- pulumi_vault/ldap/auth_backend_group.py +14 -9
- pulumi_vault/ldap/auth_backend_user.py +14 -9
- pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
- pulumi_vault/ldap/get_static_credentials.py +24 -5
- pulumi_vault/ldap/secret_backend.py +354 -82
- pulumi_vault/ldap/secret_backend_dynamic_role.py +18 -11
- pulumi_vault/ldap/secret_backend_library_set.py +16 -9
- pulumi_vault/ldap/secret_backend_static_role.py +73 -12
- pulumi_vault/managed/_inputs.py +289 -132
- pulumi_vault/managed/keys.py +29 -57
- pulumi_vault/managed/outputs.py +89 -132
- pulumi_vault/mfa_duo.py +18 -11
- pulumi_vault/mfa_okta.py +18 -11
- pulumi_vault/mfa_pingid.py +18 -11
- pulumi_vault/mfa_totp.py +24 -17
- pulumi_vault/mongodbatlas/secret_backend.py +20 -15
- pulumi_vault/mongodbatlas/secret_role.py +47 -38
- pulumi_vault/mount.py +391 -51
- pulumi_vault/namespace.py +68 -83
- pulumi_vault/nomad_secret_backend.py +18 -13
- pulumi_vault/nomad_secret_role.py +14 -9
- pulumi_vault/okta/_inputs.py +47 -8
- pulumi_vault/okta/auth_backend.py +485 -39
- pulumi_vault/okta/auth_backend_group.py +14 -9
- pulumi_vault/okta/auth_backend_user.py +14 -9
- pulumi_vault/okta/outputs.py +13 -8
- pulumi_vault/outputs.py +5 -0
- pulumi_vault/password_policy.py +20 -13
- pulumi_vault/pkisecret/__init__.py +3 -0
- pulumi_vault/pkisecret/_inputs.py +81 -0
- pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
- pulumi_vault/pkisecret/backend_config_est.py +619 -0
- pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
- pulumi_vault/pkisecret/get_backend_issuer.py +67 -9
- pulumi_vault/pkisecret/get_backend_issuers.py +21 -8
- pulumi_vault/pkisecret/get_backend_key.py +24 -9
- pulumi_vault/pkisecret/get_backend_keys.py +21 -8
- pulumi_vault/pkisecret/outputs.py +69 -0
- pulumi_vault/pkisecret/secret_backend_cert.py +18 -11
- pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -11
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +14 -9
- pulumi_vault/pkisecret/secret_backend_config_urls.py +67 -11
- pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -9
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -11
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -17
- pulumi_vault/pkisecret/secret_backend_issuer.py +14 -9
- pulumi_vault/pkisecret/secret_backend_key.py +14 -9
- pulumi_vault/pkisecret/secret_backend_role.py +21 -14
- pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -48
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -56
- pulumi_vault/pkisecret/secret_backend_sign.py +18 -54
- pulumi_vault/plugin.py +595 -0
- pulumi_vault/plugin_pinned_version.py +298 -0
- pulumi_vault/policy.py +14 -9
- pulumi_vault/provider.py +48 -53
- pulumi_vault/pulumi-plugin.json +2 -1
- pulumi_vault/quota_lease_count.py +60 -6
- pulumi_vault/quota_rate_limit.py +56 -2
- pulumi_vault/rabbitmq/_inputs.py +61 -0
- pulumi_vault/rabbitmq/outputs.py +5 -0
- pulumi_vault/rabbitmq/secret_backend.py +18 -13
- pulumi_vault/rabbitmq/secret_backend_role.py +54 -47
- pulumi_vault/raft_autopilot.py +14 -9
- pulumi_vault/raft_snapshot_agent_config.py +129 -224
- pulumi_vault/rgp_policy.py +14 -9
- pulumi_vault/saml/auth_backend.py +22 -17
- pulumi_vault/saml/auth_backend_role.py +92 -197
- pulumi_vault/secrets/__init__.py +3 -0
- pulumi_vault/secrets/_inputs.py +110 -0
- pulumi_vault/secrets/outputs.py +94 -0
- pulumi_vault/secrets/sync_association.py +56 -71
- pulumi_vault/secrets/sync_aws_destination.py +242 -27
- pulumi_vault/secrets/sync_azure_destination.py +92 -31
- pulumi_vault/secrets/sync_config.py +9 -4
- pulumi_vault/secrets/sync_gcp_destination.py +158 -25
- pulumi_vault/secrets/sync_gh_destination.py +189 -13
- pulumi_vault/secrets/sync_github_apps.py +375 -0
- pulumi_vault/secrets/sync_vercel_destination.py +74 -13
- pulumi_vault/ssh/_inputs.py +28 -28
- pulumi_vault/ssh/outputs.py +11 -28
- pulumi_vault/ssh/secret_backend_ca.py +108 -9
- pulumi_vault/ssh/secret_backend_role.py +85 -118
- pulumi_vault/terraformcloud/secret_backend.py +7 -54
- pulumi_vault/terraformcloud/secret_creds.py +14 -20
- pulumi_vault/terraformcloud/secret_role.py +16 -74
- pulumi_vault/token.py +28 -23
- pulumi_vault/tokenauth/auth_backend_role.py +78 -199
- pulumi_vault/transform/alphabet.py +16 -9
- pulumi_vault/transform/get_decode.py +45 -17
- pulumi_vault/transform/get_encode.py +45 -17
- pulumi_vault/transform/role.py +16 -9
- pulumi_vault/transform/template.py +30 -21
- pulumi_vault/transform/transformation.py +12 -7
- pulumi_vault/transit/get_decrypt.py +26 -21
- pulumi_vault/transit/get_encrypt.py +24 -19
- pulumi_vault/transit/secret_backend_key.py +27 -93
- pulumi_vault/transit/secret_cache_config.py +12 -7
- {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/METADATA +8 -7
- pulumi_vault-6.5.0a1736836139.dist-info/RECORD +256 -0
- {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/WHEEL +1 -1
- pulumi_vault-5.21.0a1709368526.dist-info/RECORD +0 -244
- {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/top_level.txt +0 -0
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
|
12
17
|
__all__ = ['SecretImpersonatedAccountArgs', 'SecretImpersonatedAccount']
|
@@ -18,7 +23,8 @@ class SecretImpersonatedAccountArgs:
|
|
18
23
|
impersonated_account: pulumi.Input[str],
|
19
24
|
service_account_email: pulumi.Input[str],
|
20
25
|
namespace: Optional[pulumi.Input[str]] = None,
|
21
|
-
token_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None
|
26
|
+
token_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
27
|
+
ttl: Optional[pulumi.Input[str]] = None):
|
22
28
|
"""
|
23
29
|
The set of arguments for constructing a SecretImpersonatedAccount resource.
|
24
30
|
:param pulumi.Input[str] backend: Path where the GCP Secrets Engine is mounted
|
@@ -26,6 +32,8 @@ class SecretImpersonatedAccountArgs:
|
|
26
32
|
:param pulumi.Input[str] service_account_email: Email of the GCP service account to impersonate.
|
27
33
|
:param pulumi.Input[str] namespace: Target namespace. (requires Enterprise)
|
28
34
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_scopes: List of OAuth scopes to assign to access tokens generated under this impersonated account.
|
35
|
+
:param pulumi.Input[str] ttl: Specifies the default TTL for service principals generated using this role.
|
36
|
+
Accepts time suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine default TTL time.
|
29
37
|
"""
|
30
38
|
pulumi.set(__self__, "backend", backend)
|
31
39
|
pulumi.set(__self__, "impersonated_account", impersonated_account)
|
@@ -34,6 +42,8 @@ class SecretImpersonatedAccountArgs:
|
|
34
42
|
pulumi.set(__self__, "namespace", namespace)
|
35
43
|
if token_scopes is not None:
|
36
44
|
pulumi.set(__self__, "token_scopes", token_scopes)
|
45
|
+
if ttl is not None:
|
46
|
+
pulumi.set(__self__, "ttl", ttl)
|
37
47
|
|
38
48
|
@property
|
39
49
|
@pulumi.getter
|
@@ -95,6 +105,19 @@ class SecretImpersonatedAccountArgs:
|
|
95
105
|
def token_scopes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
96
106
|
pulumi.set(self, "token_scopes", value)
|
97
107
|
|
108
|
+
@property
|
109
|
+
@pulumi.getter
|
110
|
+
def ttl(self) -> Optional[pulumi.Input[str]]:
|
111
|
+
"""
|
112
|
+
Specifies the default TTL for service principals generated using this role.
|
113
|
+
Accepts time suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine default TTL time.
|
114
|
+
"""
|
115
|
+
return pulumi.get(self, "ttl")
|
116
|
+
|
117
|
+
@ttl.setter
|
118
|
+
def ttl(self, value: Optional[pulumi.Input[str]]):
|
119
|
+
pulumi.set(self, "ttl", value)
|
120
|
+
|
98
121
|
|
99
122
|
@pulumi.input_type
|
100
123
|
class _SecretImpersonatedAccountState:
|
@@ -104,7 +127,8 @@ class _SecretImpersonatedAccountState:
|
|
104
127
|
namespace: Optional[pulumi.Input[str]] = None,
|
105
128
|
service_account_email: Optional[pulumi.Input[str]] = None,
|
106
129
|
service_account_project: Optional[pulumi.Input[str]] = None,
|
107
|
-
token_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None
|
130
|
+
token_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
131
|
+
ttl: Optional[pulumi.Input[str]] = None):
|
108
132
|
"""
|
109
133
|
Input properties used for looking up and filtering SecretImpersonatedAccount resources.
|
110
134
|
:param pulumi.Input[str] backend: Path where the GCP Secrets Engine is mounted
|
@@ -113,6 +137,8 @@ class _SecretImpersonatedAccountState:
|
|
113
137
|
:param pulumi.Input[str] service_account_email: Email of the GCP service account to impersonate.
|
114
138
|
:param pulumi.Input[str] service_account_project: Project the service account belongs to.
|
115
139
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_scopes: List of OAuth scopes to assign to access tokens generated under this impersonated account.
|
140
|
+
:param pulumi.Input[str] ttl: Specifies the default TTL for service principals generated using this role.
|
141
|
+
Accepts time suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine default TTL time.
|
116
142
|
"""
|
117
143
|
if backend is not None:
|
118
144
|
pulumi.set(__self__, "backend", backend)
|
@@ -126,6 +152,8 @@ class _SecretImpersonatedAccountState:
|
|
126
152
|
pulumi.set(__self__, "service_account_project", service_account_project)
|
127
153
|
if token_scopes is not None:
|
128
154
|
pulumi.set(__self__, "token_scopes", token_scopes)
|
155
|
+
if ttl is not None:
|
156
|
+
pulumi.set(__self__, "ttl", ttl)
|
129
157
|
|
130
158
|
@property
|
131
159
|
@pulumi.getter
|
@@ -199,6 +227,19 @@ class _SecretImpersonatedAccountState:
|
|
199
227
|
def token_scopes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
200
228
|
pulumi.set(self, "token_scopes", value)
|
201
229
|
|
230
|
+
@property
|
231
|
+
@pulumi.getter
|
232
|
+
def ttl(self) -> Optional[pulumi.Input[str]]:
|
233
|
+
"""
|
234
|
+
Specifies the default TTL for service principals generated using this role.
|
235
|
+
Accepts time suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine default TTL time.
|
236
|
+
"""
|
237
|
+
return pulumi.get(self, "ttl")
|
238
|
+
|
239
|
+
@ttl.setter
|
240
|
+
def ttl(self, value: Optional[pulumi.Input[str]]):
|
241
|
+
pulumi.set(self, "ttl", value)
|
242
|
+
|
202
243
|
|
203
244
|
class SecretImpersonatedAccount(pulumi.CustomResource):
|
204
245
|
@overload
|
@@ -210,6 +251,7 @@ class SecretImpersonatedAccount(pulumi.CustomResource):
|
|
210
251
|
namespace: Optional[pulumi.Input[str]] = None,
|
211
252
|
service_account_email: Optional[pulumi.Input[str]] = None,
|
212
253
|
token_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
254
|
+
ttl: Optional[pulumi.Input[str]] = None,
|
213
255
|
__props__=None):
|
214
256
|
"""
|
215
257
|
Creates a Impersonated Account in the [GCP Secrets Engine](https://www.vaultproject.io/docs/secrets/gcp/index.html) for Vault.
|
@@ -221,17 +263,18 @@ class SecretImpersonatedAccount(pulumi.CustomResource):
|
|
221
263
|
|
222
264
|
```python
|
223
265
|
import pulumi
|
224
|
-
import
|
266
|
+
import pulumi_google as google
|
267
|
+
import pulumi_std as std
|
225
268
|
import pulumi_vault as vault
|
226
269
|
|
227
|
-
this =
|
270
|
+
this = google.index.ServiceAccount("this", account_id=my-awesome-account)
|
228
271
|
gcp = vault.gcp.SecretBackend("gcp",
|
229
272
|
path="gcp",
|
230
|
-
credentials=
|
231
|
-
impersonated_account = vault.gcp.SecretImpersonatedAccount("
|
273
|
+
credentials=std.file(input="credentials.json").result)
|
274
|
+
impersonated_account = vault.gcp.SecretImpersonatedAccount("impersonated_account",
|
232
275
|
backend=gcp.path,
|
233
276
|
impersonated_account="this",
|
234
|
-
service_account_email=this
|
277
|
+
service_account_email=this["email"],
|
235
278
|
token_scopes=["https://www.googleapis.com/auth/cloud-platform"])
|
236
279
|
```
|
237
280
|
|
@@ -240,7 +283,7 @@ class SecretImpersonatedAccount(pulumi.CustomResource):
|
|
240
283
|
A impersonated account can be imported using its Vault Path. For example, referencing the example above,
|
241
284
|
|
242
285
|
```sh
|
243
|
-
|
286
|
+
$ pulumi import vault:gcp/secretImpersonatedAccount:SecretImpersonatedAccount impersonated_account gcp/impersonated-account/project_viewer
|
244
287
|
```
|
245
288
|
|
246
289
|
:param str resource_name: The name of the resource.
|
@@ -250,6 +293,8 @@ class SecretImpersonatedAccount(pulumi.CustomResource):
|
|
250
293
|
:param pulumi.Input[str] namespace: Target namespace. (requires Enterprise)
|
251
294
|
:param pulumi.Input[str] service_account_email: Email of the GCP service account to impersonate.
|
252
295
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_scopes: List of OAuth scopes to assign to access tokens generated under this impersonated account.
|
296
|
+
:param pulumi.Input[str] ttl: Specifies the default TTL for service principals generated using this role.
|
297
|
+
Accepts time suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine default TTL time.
|
253
298
|
"""
|
254
299
|
...
|
255
300
|
@overload
|
@@ -267,17 +312,18 @@ class SecretImpersonatedAccount(pulumi.CustomResource):
|
|
267
312
|
|
268
313
|
```python
|
269
314
|
import pulumi
|
270
|
-
import
|
315
|
+
import pulumi_google as google
|
316
|
+
import pulumi_std as std
|
271
317
|
import pulumi_vault as vault
|
272
318
|
|
273
|
-
this =
|
319
|
+
this = google.index.ServiceAccount("this", account_id=my-awesome-account)
|
274
320
|
gcp = vault.gcp.SecretBackend("gcp",
|
275
321
|
path="gcp",
|
276
|
-
credentials=
|
277
|
-
impersonated_account = vault.gcp.SecretImpersonatedAccount("
|
322
|
+
credentials=std.file(input="credentials.json").result)
|
323
|
+
impersonated_account = vault.gcp.SecretImpersonatedAccount("impersonated_account",
|
278
324
|
backend=gcp.path,
|
279
325
|
impersonated_account="this",
|
280
|
-
service_account_email=this
|
326
|
+
service_account_email=this["email"],
|
281
327
|
token_scopes=["https://www.googleapis.com/auth/cloud-platform"])
|
282
328
|
```
|
283
329
|
|
@@ -286,7 +332,7 @@ class SecretImpersonatedAccount(pulumi.CustomResource):
|
|
286
332
|
A impersonated account can be imported using its Vault Path. For example, referencing the example above,
|
287
333
|
|
288
334
|
```sh
|
289
|
-
|
335
|
+
$ pulumi import vault:gcp/secretImpersonatedAccount:SecretImpersonatedAccount impersonated_account gcp/impersonated-account/project_viewer
|
290
336
|
```
|
291
337
|
|
292
338
|
:param str resource_name: The name of the resource.
|
@@ -309,6 +355,7 @@ class SecretImpersonatedAccount(pulumi.CustomResource):
|
|
309
355
|
namespace: Optional[pulumi.Input[str]] = None,
|
310
356
|
service_account_email: Optional[pulumi.Input[str]] = None,
|
311
357
|
token_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
358
|
+
ttl: Optional[pulumi.Input[str]] = None,
|
312
359
|
__props__=None):
|
313
360
|
opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
|
314
361
|
if not isinstance(opts, pulumi.ResourceOptions):
|
@@ -329,6 +376,7 @@ class SecretImpersonatedAccount(pulumi.CustomResource):
|
|
329
376
|
raise TypeError("Missing required property 'service_account_email'")
|
330
377
|
__props__.__dict__["service_account_email"] = service_account_email
|
331
378
|
__props__.__dict__["token_scopes"] = token_scopes
|
379
|
+
__props__.__dict__["ttl"] = ttl
|
332
380
|
__props__.__dict__["service_account_project"] = None
|
333
381
|
super(SecretImpersonatedAccount, __self__).__init__(
|
334
382
|
'vault:gcp/secretImpersonatedAccount:SecretImpersonatedAccount',
|
@@ -345,7 +393,8 @@ class SecretImpersonatedAccount(pulumi.CustomResource):
|
|
345
393
|
namespace: Optional[pulumi.Input[str]] = None,
|
346
394
|
service_account_email: Optional[pulumi.Input[str]] = None,
|
347
395
|
service_account_project: Optional[pulumi.Input[str]] = None,
|
348
|
-
token_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None
|
396
|
+
token_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
397
|
+
ttl: Optional[pulumi.Input[str]] = None) -> 'SecretImpersonatedAccount':
|
349
398
|
"""
|
350
399
|
Get an existing SecretImpersonatedAccount resource's state with the given name, id, and optional extra
|
351
400
|
properties used to qualify the lookup.
|
@@ -359,6 +408,8 @@ class SecretImpersonatedAccount(pulumi.CustomResource):
|
|
359
408
|
:param pulumi.Input[str] service_account_email: Email of the GCP service account to impersonate.
|
360
409
|
:param pulumi.Input[str] service_account_project: Project the service account belongs to.
|
361
410
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_scopes: List of OAuth scopes to assign to access tokens generated under this impersonated account.
|
411
|
+
:param pulumi.Input[str] ttl: Specifies the default TTL for service principals generated using this role.
|
412
|
+
Accepts time suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine default TTL time.
|
362
413
|
"""
|
363
414
|
opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
|
364
415
|
|
@@ -370,6 +421,7 @@ class SecretImpersonatedAccount(pulumi.CustomResource):
|
|
370
421
|
__props__.__dict__["service_account_email"] = service_account_email
|
371
422
|
__props__.__dict__["service_account_project"] = service_account_project
|
372
423
|
__props__.__dict__["token_scopes"] = token_scopes
|
424
|
+
__props__.__dict__["ttl"] = ttl
|
373
425
|
return SecretImpersonatedAccount(resource_name, opts=opts, __props__=__props__)
|
374
426
|
|
375
427
|
@property
|
@@ -420,3 +472,12 @@ class SecretImpersonatedAccount(pulumi.CustomResource):
|
|
420
472
|
"""
|
421
473
|
return pulumi.get(self, "token_scopes")
|
422
474
|
|
475
|
+
@property
|
476
|
+
@pulumi.getter
|
477
|
+
def ttl(self) -> pulumi.Output[str]:
|
478
|
+
"""
|
479
|
+
Specifies the default TTL for service principals generated using this role.
|
480
|
+
Accepts time suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine default TTL time.
|
481
|
+
"""
|
482
|
+
return pulumi.get(self, "ttl")
|
483
|
+
|
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
from . import outputs
|
12
17
|
from ._inputs import *
|
@@ -31,7 +36,7 @@ class SecretRolesetArgs:
|
|
31
36
|
:param pulumi.Input[str] roleset: Name of the Roleset to create
|
32
37
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
33
38
|
The value should not contain leading or trailing forward slashes.
|
34
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
39
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
35
40
|
*Available only for Vault Enterprise*.
|
36
41
|
:param pulumi.Input[str] secret_type: Type of secret generated for this role set. Accepted values: `access_token`, `service_account_key`. Defaults to `access_token`.
|
37
42
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_scopes: List of OAuth scopes to assign to `access_token` secrets generated under this role set (`access_token` role sets only).
|
@@ -101,7 +106,7 @@ class SecretRolesetArgs:
|
|
101
106
|
"""
|
102
107
|
The namespace to provision the resource in.
|
103
108
|
The value should not contain leading or trailing forward slashes.
|
104
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
109
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
105
110
|
*Available only for Vault Enterprise*.
|
106
111
|
"""
|
107
112
|
return pulumi.get(self, "namespace")
|
@@ -152,7 +157,7 @@ class _SecretRolesetState:
|
|
152
157
|
:param pulumi.Input[Sequence[pulumi.Input['SecretRolesetBindingArgs']]] bindings: Bindings to create for this roleset. This can be specified multiple times for multiple bindings. Structure is documented below.
|
153
158
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
154
159
|
The value should not contain leading or trailing forward slashes.
|
155
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
160
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
156
161
|
*Available only for Vault Enterprise*.
|
157
162
|
:param pulumi.Input[str] project: Name of the GCP project that this roleset's service account will belong to.
|
158
163
|
:param pulumi.Input[str] roleset: Name of the Roleset to create
|
@@ -207,7 +212,7 @@ class _SecretRolesetState:
|
|
207
212
|
"""
|
208
213
|
The namespace to provision the resource in.
|
209
214
|
The value should not contain leading or trailing forward slashes.
|
210
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
215
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
211
216
|
*Available only for Vault Enterprise*.
|
212
217
|
"""
|
213
218
|
return pulumi.get(self, "namespace")
|
@@ -283,7 +288,7 @@ class SecretRoleset(pulumi.CustomResource):
|
|
283
288
|
resource_name: str,
|
284
289
|
opts: Optional[pulumi.ResourceOptions] = None,
|
285
290
|
backend: Optional[pulumi.Input[str]] = None,
|
286
|
-
bindings: Optional[pulumi.Input[Sequence[pulumi.Input[
|
291
|
+
bindings: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretRolesetBindingArgs', 'SecretRolesetBindingArgsDict']]]]] = None,
|
287
292
|
namespace: Optional[pulumi.Input[str]] = None,
|
288
293
|
project: Optional[pulumi.Input[str]] = None,
|
289
294
|
roleset: Optional[pulumi.Input[str]] = None,
|
@@ -299,22 +304,23 @@ class SecretRoleset(pulumi.CustomResource):
|
|
299
304
|
|
300
305
|
```python
|
301
306
|
import pulumi
|
307
|
+
import pulumi_std as std
|
302
308
|
import pulumi_vault as vault
|
303
309
|
|
304
310
|
project = "my-awesome-project"
|
305
311
|
gcp = vault.gcp.SecretBackend("gcp",
|
306
312
|
path="gcp",
|
307
|
-
credentials=
|
313
|
+
credentials=std.file(input="credentials.json").result)
|
308
314
|
roleset = vault.gcp.SecretRoleset("roleset",
|
309
315
|
backend=gcp.path,
|
310
316
|
roleset="project_viewer",
|
311
317
|
secret_type="access_token",
|
312
318
|
project=project,
|
313
319
|
token_scopes=["https://www.googleapis.com/auth/cloud-platform"],
|
314
|
-
bindings=[
|
315
|
-
resource
|
316
|
-
roles
|
317
|
-
|
320
|
+
bindings=[{
|
321
|
+
"resource": f"//cloudresourcemanager.googleapis.com/projects/{project}",
|
322
|
+
"roles": ["roles/viewer"],
|
323
|
+
}])
|
318
324
|
```
|
319
325
|
|
320
326
|
## Import
|
@@ -322,16 +328,16 @@ class SecretRoleset(pulumi.CustomResource):
|
|
322
328
|
A roleset can be imported using its Vault Path. For example, referencing the example above,
|
323
329
|
|
324
330
|
```sh
|
325
|
-
|
331
|
+
$ pulumi import vault:gcp/secretRoleset:SecretRoleset roleset gcp/roleset/project_viewer
|
326
332
|
```
|
327
333
|
|
328
334
|
:param str resource_name: The name of the resource.
|
329
335
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
330
336
|
:param pulumi.Input[str] backend: Path where the GCP Secrets Engine is mounted
|
331
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
337
|
+
:param pulumi.Input[Sequence[pulumi.Input[Union['SecretRolesetBindingArgs', 'SecretRolesetBindingArgsDict']]]] bindings: Bindings to create for this roleset. This can be specified multiple times for multiple bindings. Structure is documented below.
|
332
338
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
333
339
|
The value should not contain leading or trailing forward slashes.
|
334
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
340
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
335
341
|
*Available only for Vault Enterprise*.
|
336
342
|
:param pulumi.Input[str] project: Name of the GCP project that this roleset's service account will belong to.
|
337
343
|
:param pulumi.Input[str] roleset: Name of the Roleset to create
|
@@ -353,22 +359,23 @@ class SecretRoleset(pulumi.CustomResource):
|
|
353
359
|
|
354
360
|
```python
|
355
361
|
import pulumi
|
362
|
+
import pulumi_std as std
|
356
363
|
import pulumi_vault as vault
|
357
364
|
|
358
365
|
project = "my-awesome-project"
|
359
366
|
gcp = vault.gcp.SecretBackend("gcp",
|
360
367
|
path="gcp",
|
361
|
-
credentials=
|
368
|
+
credentials=std.file(input="credentials.json").result)
|
362
369
|
roleset = vault.gcp.SecretRoleset("roleset",
|
363
370
|
backend=gcp.path,
|
364
371
|
roleset="project_viewer",
|
365
372
|
secret_type="access_token",
|
366
373
|
project=project,
|
367
374
|
token_scopes=["https://www.googleapis.com/auth/cloud-platform"],
|
368
|
-
bindings=[
|
369
|
-
resource
|
370
|
-
roles
|
371
|
-
|
375
|
+
bindings=[{
|
376
|
+
"resource": f"//cloudresourcemanager.googleapis.com/projects/{project}",
|
377
|
+
"roles": ["roles/viewer"],
|
378
|
+
}])
|
372
379
|
```
|
373
380
|
|
374
381
|
## Import
|
@@ -376,7 +383,7 @@ class SecretRoleset(pulumi.CustomResource):
|
|
376
383
|
A roleset can be imported using its Vault Path. For example, referencing the example above,
|
377
384
|
|
378
385
|
```sh
|
379
|
-
|
386
|
+
$ pulumi import vault:gcp/secretRoleset:SecretRoleset roleset gcp/roleset/project_viewer
|
380
387
|
```
|
381
388
|
|
382
389
|
:param str resource_name: The name of the resource.
|
@@ -395,7 +402,7 @@ class SecretRoleset(pulumi.CustomResource):
|
|
395
402
|
resource_name: str,
|
396
403
|
opts: Optional[pulumi.ResourceOptions] = None,
|
397
404
|
backend: Optional[pulumi.Input[str]] = None,
|
398
|
-
bindings: Optional[pulumi.Input[Sequence[pulumi.Input[
|
405
|
+
bindings: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretRolesetBindingArgs', 'SecretRolesetBindingArgsDict']]]]] = None,
|
399
406
|
namespace: Optional[pulumi.Input[str]] = None,
|
400
407
|
project: Optional[pulumi.Input[str]] = None,
|
401
408
|
roleset: Optional[pulumi.Input[str]] = None,
|
@@ -437,7 +444,7 @@ class SecretRoleset(pulumi.CustomResource):
|
|
437
444
|
id: pulumi.Input[str],
|
438
445
|
opts: Optional[pulumi.ResourceOptions] = None,
|
439
446
|
backend: Optional[pulumi.Input[str]] = None,
|
440
|
-
bindings: Optional[pulumi.Input[Sequence[pulumi.Input[
|
447
|
+
bindings: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretRolesetBindingArgs', 'SecretRolesetBindingArgsDict']]]]] = None,
|
441
448
|
namespace: Optional[pulumi.Input[str]] = None,
|
442
449
|
project: Optional[pulumi.Input[str]] = None,
|
443
450
|
roleset: Optional[pulumi.Input[str]] = None,
|
@@ -452,10 +459,10 @@ class SecretRoleset(pulumi.CustomResource):
|
|
452
459
|
:param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
|
453
460
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
454
461
|
:param pulumi.Input[str] backend: Path where the GCP Secrets Engine is mounted
|
455
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
462
|
+
:param pulumi.Input[Sequence[pulumi.Input[Union['SecretRolesetBindingArgs', 'SecretRolesetBindingArgsDict']]]] bindings: Bindings to create for this roleset. This can be specified multiple times for multiple bindings. Structure is documented below.
|
456
463
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
457
464
|
The value should not contain leading or trailing forward slashes.
|
458
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
465
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
459
466
|
*Available only for Vault Enterprise*.
|
460
467
|
:param pulumi.Input[str] project: Name of the GCP project that this roleset's service account will belong to.
|
461
468
|
:param pulumi.Input[str] roleset: Name of the Roleset to create
|
@@ -499,7 +506,7 @@ class SecretRoleset(pulumi.CustomResource):
|
|
499
506
|
"""
|
500
507
|
The namespace to provision the resource in.
|
501
508
|
The value should not contain leading or trailing forward slashes.
|
502
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
509
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
503
510
|
*Available only for Vault Enterprise*.
|
504
511
|
"""
|
505
512
|
return pulumi.get(self, "namespace")
|
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
from . import outputs
|
12
17
|
from ._inputs import *
|
@@ -31,7 +36,7 @@ class SecretStaticAccountArgs:
|
|
31
36
|
:param pulumi.Input[Sequence[pulumi.Input['SecretStaticAccountBindingArgs']]] bindings: Bindings to create for this static account. This can be specified multiple times for multiple bindings. Structure is documented below.
|
32
37
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
33
38
|
The value should not contain leading or trailing forward slashes.
|
34
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
39
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
35
40
|
*Available only for Vault Enterprise*.
|
36
41
|
:param pulumi.Input[str] secret_type: Type of secret generated for this static account. Accepted values: `access_token`, `service_account_key`. Defaults to `access_token`.
|
37
42
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_scopes: List of OAuth scopes to assign to `access_token` secrets generated under this static account (`access_token` static accounts only).
|
@@ -102,7 +107,7 @@ class SecretStaticAccountArgs:
|
|
102
107
|
"""
|
103
108
|
The namespace to provision the resource in.
|
104
109
|
The value should not contain leading or trailing forward slashes.
|
105
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
110
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
106
111
|
*Available only for Vault Enterprise*.
|
107
112
|
"""
|
108
113
|
return pulumi.get(self, "namespace")
|
@@ -153,7 +158,7 @@ class _SecretStaticAccountState:
|
|
153
158
|
:param pulumi.Input[Sequence[pulumi.Input['SecretStaticAccountBindingArgs']]] bindings: Bindings to create for this static account. This can be specified multiple times for multiple bindings. Structure is documented below.
|
154
159
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
155
160
|
The value should not contain leading or trailing forward slashes.
|
156
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
161
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
157
162
|
*Available only for Vault Enterprise*.
|
158
163
|
:param pulumi.Input[str] secret_type: Type of secret generated for this static account. Accepted values: `access_token`, `service_account_key`. Defaults to `access_token`.
|
159
164
|
:param pulumi.Input[str] service_account_email: Email of the GCP service account to manage.
|
@@ -208,7 +213,7 @@ class _SecretStaticAccountState:
|
|
208
213
|
"""
|
209
214
|
The namespace to provision the resource in.
|
210
215
|
The value should not contain leading or trailing forward slashes.
|
211
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
216
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
212
217
|
*Available only for Vault Enterprise*.
|
213
218
|
"""
|
214
219
|
return pulumi.get(self, "namespace")
|
@@ -284,7 +289,7 @@ class SecretStaticAccount(pulumi.CustomResource):
|
|
284
289
|
resource_name: str,
|
285
290
|
opts: Optional[pulumi.ResourceOptions] = None,
|
286
291
|
backend: Optional[pulumi.Input[str]] = None,
|
287
|
-
bindings: Optional[pulumi.Input[Sequence[pulumi.Input[
|
292
|
+
bindings: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretStaticAccountBindingArgs', 'SecretStaticAccountBindingArgsDict']]]]] = None,
|
288
293
|
namespace: Optional[pulumi.Input[str]] = None,
|
289
294
|
secret_type: Optional[pulumi.Input[str]] = None,
|
290
295
|
service_account_email: Optional[pulumi.Input[str]] = None,
|
@@ -301,23 +306,24 @@ class SecretStaticAccount(pulumi.CustomResource):
|
|
301
306
|
|
302
307
|
```python
|
303
308
|
import pulumi
|
304
|
-
import
|
309
|
+
import pulumi_google as google
|
310
|
+
import pulumi_std as std
|
305
311
|
import pulumi_vault as vault
|
306
312
|
|
307
|
-
this =
|
313
|
+
this = google.index.ServiceAccount("this", account_id=my-awesome-account)
|
308
314
|
gcp = vault.gcp.SecretBackend("gcp",
|
309
315
|
path="gcp",
|
310
|
-
credentials=
|
311
|
-
static_account = vault.gcp.SecretStaticAccount("
|
316
|
+
credentials=std.file(input="credentials.json").result)
|
317
|
+
static_account = vault.gcp.SecretStaticAccount("static_account",
|
312
318
|
backend=gcp.path,
|
313
319
|
static_account="project_viewer",
|
314
320
|
secret_type="access_token",
|
315
321
|
token_scopes=["https://www.googleapis.com/auth/cloud-platform"],
|
316
|
-
service_account_email=this
|
317
|
-
bindings=[
|
318
|
-
resource
|
319
|
-
roles
|
320
|
-
|
322
|
+
service_account_email=this["email"],
|
323
|
+
bindings=[{
|
324
|
+
"resource": f"//cloudresourcemanager.googleapis.com/projects/{this['project']}",
|
325
|
+
"roles": ["roles/viewer"],
|
326
|
+
}])
|
321
327
|
```
|
322
328
|
|
323
329
|
## Import
|
@@ -325,16 +331,16 @@ class SecretStaticAccount(pulumi.CustomResource):
|
|
325
331
|
A static account can be imported using its Vault Path. For example, referencing the example above,
|
326
332
|
|
327
333
|
```sh
|
328
|
-
|
334
|
+
$ pulumi import vault:gcp/secretStaticAccount:SecretStaticAccount static_account gcp/static-account/project_viewer
|
329
335
|
```
|
330
336
|
|
331
337
|
:param str resource_name: The name of the resource.
|
332
338
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
333
339
|
:param pulumi.Input[str] backend: Path where the GCP Secrets Engine is mounted
|
334
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
340
|
+
:param pulumi.Input[Sequence[pulumi.Input[Union['SecretStaticAccountBindingArgs', 'SecretStaticAccountBindingArgsDict']]]] bindings: Bindings to create for this static account. This can be specified multiple times for multiple bindings. Structure is documented below.
|
335
341
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
336
342
|
The value should not contain leading or trailing forward slashes.
|
337
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
343
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
338
344
|
*Available only for Vault Enterprise*.
|
339
345
|
:param pulumi.Input[str] secret_type: Type of secret generated for this static account. Accepted values: `access_token`, `service_account_key`. Defaults to `access_token`.
|
340
346
|
:param pulumi.Input[str] service_account_email: Email of the GCP service account to manage.
|
@@ -357,23 +363,24 @@ class SecretStaticAccount(pulumi.CustomResource):
|
|
357
363
|
|
358
364
|
```python
|
359
365
|
import pulumi
|
360
|
-
import
|
366
|
+
import pulumi_google as google
|
367
|
+
import pulumi_std as std
|
361
368
|
import pulumi_vault as vault
|
362
369
|
|
363
|
-
this =
|
370
|
+
this = google.index.ServiceAccount("this", account_id=my-awesome-account)
|
364
371
|
gcp = vault.gcp.SecretBackend("gcp",
|
365
372
|
path="gcp",
|
366
|
-
credentials=
|
367
|
-
static_account = vault.gcp.SecretStaticAccount("
|
373
|
+
credentials=std.file(input="credentials.json").result)
|
374
|
+
static_account = vault.gcp.SecretStaticAccount("static_account",
|
368
375
|
backend=gcp.path,
|
369
376
|
static_account="project_viewer",
|
370
377
|
secret_type="access_token",
|
371
378
|
token_scopes=["https://www.googleapis.com/auth/cloud-platform"],
|
372
|
-
service_account_email=this
|
373
|
-
bindings=[
|
374
|
-
resource
|
375
|
-
roles
|
376
|
-
|
379
|
+
service_account_email=this["email"],
|
380
|
+
bindings=[{
|
381
|
+
"resource": f"//cloudresourcemanager.googleapis.com/projects/{this['project']}",
|
382
|
+
"roles": ["roles/viewer"],
|
383
|
+
}])
|
377
384
|
```
|
378
385
|
|
379
386
|
## Import
|
@@ -381,7 +388,7 @@ class SecretStaticAccount(pulumi.CustomResource):
|
|
381
388
|
A static account can be imported using its Vault Path. For example, referencing the example above,
|
382
389
|
|
383
390
|
```sh
|
384
|
-
|
391
|
+
$ pulumi import vault:gcp/secretStaticAccount:SecretStaticAccount static_account gcp/static-account/project_viewer
|
385
392
|
```
|
386
393
|
|
387
394
|
:param str resource_name: The name of the resource.
|
@@ -400,7 +407,7 @@ class SecretStaticAccount(pulumi.CustomResource):
|
|
400
407
|
resource_name: str,
|
401
408
|
opts: Optional[pulumi.ResourceOptions] = None,
|
402
409
|
backend: Optional[pulumi.Input[str]] = None,
|
403
|
-
bindings: Optional[pulumi.Input[Sequence[pulumi.Input[
|
410
|
+
bindings: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretStaticAccountBindingArgs', 'SecretStaticAccountBindingArgsDict']]]]] = None,
|
404
411
|
namespace: Optional[pulumi.Input[str]] = None,
|
405
412
|
secret_type: Optional[pulumi.Input[str]] = None,
|
406
413
|
service_account_email: Optional[pulumi.Input[str]] = None,
|
@@ -440,7 +447,7 @@ class SecretStaticAccount(pulumi.CustomResource):
|
|
440
447
|
id: pulumi.Input[str],
|
441
448
|
opts: Optional[pulumi.ResourceOptions] = None,
|
442
449
|
backend: Optional[pulumi.Input[str]] = None,
|
443
|
-
bindings: Optional[pulumi.Input[Sequence[pulumi.Input[
|
450
|
+
bindings: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretStaticAccountBindingArgs', 'SecretStaticAccountBindingArgsDict']]]]] = None,
|
444
451
|
namespace: Optional[pulumi.Input[str]] = None,
|
445
452
|
secret_type: Optional[pulumi.Input[str]] = None,
|
446
453
|
service_account_email: Optional[pulumi.Input[str]] = None,
|
@@ -455,10 +462,10 @@ class SecretStaticAccount(pulumi.CustomResource):
|
|
455
462
|
:param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
|
456
463
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
457
464
|
:param pulumi.Input[str] backend: Path where the GCP Secrets Engine is mounted
|
458
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
465
|
+
:param pulumi.Input[Sequence[pulumi.Input[Union['SecretStaticAccountBindingArgs', 'SecretStaticAccountBindingArgsDict']]]] bindings: Bindings to create for this static account. This can be specified multiple times for multiple bindings. Structure is documented below.
|
459
466
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
460
467
|
The value should not contain leading or trailing forward slashes.
|
461
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
468
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
462
469
|
*Available only for Vault Enterprise*.
|
463
470
|
:param pulumi.Input[str] secret_type: Type of secret generated for this static account. Accepted values: `access_token`, `service_account_key`. Defaults to `access_token`.
|
464
471
|
:param pulumi.Input[str] service_account_email: Email of the GCP service account to manage.
|
@@ -502,7 +509,7 @@ class SecretStaticAccount(pulumi.CustomResource):
|
|
502
509
|
"""
|
503
510
|
The namespace to provision the resource in.
|
504
511
|
The value should not contain leading or trailing forward slashes.
|
505
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
512
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
506
513
|
*Available only for Vault Enterprise*.
|
507
514
|
"""
|
508
515
|
return pulumi.get(self, "namespace")
|