pulumi-vault 5.21.0a1709368526__py3-none-any.whl → 6.5.0a1736836139__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +52 -0
- pulumi_vault/_inputs.py +560 -0
- pulumi_vault/_utilities.py +41 -5
- pulumi_vault/ad/get_access_credentials.py +26 -9
- pulumi_vault/ad/secret_backend.py +16 -142
- pulumi_vault/ad/secret_library.py +16 -9
- pulumi_vault/ad/secret_role.py +14 -9
- pulumi_vault/alicloud/auth_backend_role.py +76 -190
- pulumi_vault/approle/auth_backend_login.py +12 -7
- pulumi_vault/approle/auth_backend_role.py +77 -191
- pulumi_vault/approle/auth_backend_role_secret_id.py +106 -7
- pulumi_vault/approle/get_auth_backend_role_id.py +18 -5
- pulumi_vault/audit.py +30 -21
- pulumi_vault/audit_request_header.py +11 -2
- pulumi_vault/auth_backend.py +66 -14
- pulumi_vault/aws/auth_backend_cert.py +18 -9
- pulumi_vault/aws/auth_backend_client.py +267 -22
- pulumi_vault/aws/auth_backend_config_identity.py +14 -9
- pulumi_vault/aws/auth_backend_identity_whitelist.py +20 -15
- pulumi_vault/aws/auth_backend_login.py +19 -22
- pulumi_vault/aws/auth_backend_role.py +77 -191
- pulumi_vault/aws/auth_backend_role_tag.py +12 -7
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -13
- pulumi_vault/aws/auth_backend_sts_role.py +14 -9
- pulumi_vault/aws/get_access_credentials.py +38 -9
- pulumi_vault/aws/get_static_access_credentials.py +19 -5
- pulumi_vault/aws/secret_backend.py +77 -9
- pulumi_vault/aws/secret_backend_role.py +185 -9
- pulumi_vault/aws/secret_backend_static_role.py +20 -11
- pulumi_vault/azure/_inputs.py +24 -0
- pulumi_vault/azure/auth_backend_config.py +153 -15
- pulumi_vault/azure/auth_backend_role.py +77 -191
- pulumi_vault/azure/backend.py +227 -21
- pulumi_vault/azure/backend_role.py +42 -37
- pulumi_vault/azure/get_access_credentials.py +41 -7
- pulumi_vault/azure/outputs.py +5 -0
- pulumi_vault/cert_auth_backend_role.py +87 -267
- pulumi_vault/config/__init__.pyi +5 -0
- pulumi_vault/config/_inputs.py +73 -0
- pulumi_vault/config/outputs.py +35 -0
- pulumi_vault/config/ui_custom_message.py +529 -0
- pulumi_vault/config/vars.py +5 -0
- pulumi_vault/consul/secret_backend.py +28 -19
- pulumi_vault/consul/secret_backend_role.py +18 -78
- pulumi_vault/database/_inputs.py +2770 -881
- pulumi_vault/database/outputs.py +721 -838
- pulumi_vault/database/secret_backend_connection.py +119 -112
- pulumi_vault/database/secret_backend_role.py +31 -22
- pulumi_vault/database/secret_backend_static_role.py +87 -13
- pulumi_vault/database/secrets_mount.py +427 -136
- pulumi_vault/egp_policy.py +16 -11
- pulumi_vault/gcp/_inputs.py +111 -0
- pulumi_vault/gcp/auth_backend.py +250 -33
- pulumi_vault/gcp/auth_backend_role.py +77 -269
- pulumi_vault/gcp/get_auth_backend_role.py +43 -5
- pulumi_vault/gcp/outputs.py +5 -0
- pulumi_vault/gcp/secret_backend.py +287 -12
- pulumi_vault/gcp/secret_impersonated_account.py +76 -15
- pulumi_vault/gcp/secret_roleset.py +31 -24
- pulumi_vault/gcp/secret_static_account.py +39 -32
- pulumi_vault/generic/endpoint.py +24 -17
- pulumi_vault/generic/get_secret.py +64 -8
- pulumi_vault/generic/secret.py +21 -16
- pulumi_vault/get_auth_backend.py +24 -7
- pulumi_vault/get_auth_backends.py +51 -9
- pulumi_vault/get_namespace.py +226 -0
- pulumi_vault/get_namespaces.py +153 -0
- pulumi_vault/get_nomad_access_token.py +31 -11
- pulumi_vault/get_policy_document.py +34 -19
- pulumi_vault/get_raft_autopilot_state.py +29 -10
- pulumi_vault/github/_inputs.py +55 -0
- pulumi_vault/github/auth_backend.py +19 -14
- pulumi_vault/github/outputs.py +5 -0
- pulumi_vault/github/team.py +16 -11
- pulumi_vault/github/user.py +16 -11
- pulumi_vault/identity/entity.py +20 -13
- pulumi_vault/identity/entity_alias.py +20 -13
- pulumi_vault/identity/entity_policies.py +28 -11
- pulumi_vault/identity/get_entity.py +42 -10
- pulumi_vault/identity/get_group.py +47 -9
- pulumi_vault/identity/get_oidc_client_creds.py +21 -7
- pulumi_vault/identity/get_oidc_openid_config.py +39 -9
- pulumi_vault/identity/get_oidc_public_keys.py +29 -10
- pulumi_vault/identity/group.py +58 -39
- pulumi_vault/identity/group_alias.py +16 -9
- pulumi_vault/identity/group_member_entity_ids.py +28 -66
- pulumi_vault/identity/group_member_group_ids.py +40 -19
- pulumi_vault/identity/group_policies.py +20 -7
- pulumi_vault/identity/mfa_duo.py +11 -6
- pulumi_vault/identity/mfa_login_enforcement.py +15 -6
- pulumi_vault/identity/mfa_okta.py +11 -6
- pulumi_vault/identity/mfa_pingid.py +7 -2
- pulumi_vault/identity/mfa_totp.py +7 -2
- pulumi_vault/identity/oidc.py +12 -7
- pulumi_vault/identity/oidc_assignment.py +24 -11
- pulumi_vault/identity/oidc_client.py +36 -23
- pulumi_vault/identity/oidc_key.py +30 -17
- pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -15
- pulumi_vault/identity/oidc_provider.py +36 -21
- pulumi_vault/identity/oidc_role.py +42 -21
- pulumi_vault/identity/oidc_scope.py +20 -13
- pulumi_vault/identity/outputs.py +8 -3
- pulumi_vault/jwt/_inputs.py +55 -0
- pulumi_vault/jwt/auth_backend.py +45 -40
- pulumi_vault/jwt/auth_backend_role.py +133 -254
- pulumi_vault/jwt/outputs.py +5 -0
- pulumi_vault/kmip/secret_backend.py +24 -19
- pulumi_vault/kmip/secret_role.py +14 -9
- pulumi_vault/kmip/secret_scope.py +14 -9
- pulumi_vault/kubernetes/auth_backend_config.py +57 -5
- pulumi_vault/kubernetes/auth_backend_role.py +70 -177
- pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
- pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
- pulumi_vault/kubernetes/get_service_account_token.py +39 -11
- pulumi_vault/kubernetes/secret_backend.py +316 -27
- pulumi_vault/kubernetes/secret_backend_role.py +137 -46
- pulumi_vault/kv/_inputs.py +36 -4
- pulumi_vault/kv/get_secret.py +25 -8
- pulumi_vault/kv/get_secret_subkeys_v2.py +33 -10
- pulumi_vault/kv/get_secret_v2.py +85 -9
- pulumi_vault/kv/get_secrets_list.py +24 -11
- pulumi_vault/kv/get_secrets_list_v2.py +37 -15
- pulumi_vault/kv/outputs.py +8 -3
- pulumi_vault/kv/secret.py +23 -16
- pulumi_vault/kv/secret_backend_v2.py +20 -11
- pulumi_vault/kv/secret_v2.py +59 -50
- pulumi_vault/ldap/auth_backend.py +127 -166
- pulumi_vault/ldap/auth_backend_group.py +14 -9
- pulumi_vault/ldap/auth_backend_user.py +14 -9
- pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
- pulumi_vault/ldap/get_static_credentials.py +24 -5
- pulumi_vault/ldap/secret_backend.py +354 -82
- pulumi_vault/ldap/secret_backend_dynamic_role.py +18 -11
- pulumi_vault/ldap/secret_backend_library_set.py +16 -9
- pulumi_vault/ldap/secret_backend_static_role.py +73 -12
- pulumi_vault/managed/_inputs.py +289 -132
- pulumi_vault/managed/keys.py +29 -57
- pulumi_vault/managed/outputs.py +89 -132
- pulumi_vault/mfa_duo.py +18 -11
- pulumi_vault/mfa_okta.py +18 -11
- pulumi_vault/mfa_pingid.py +18 -11
- pulumi_vault/mfa_totp.py +24 -17
- pulumi_vault/mongodbatlas/secret_backend.py +20 -15
- pulumi_vault/mongodbatlas/secret_role.py +47 -38
- pulumi_vault/mount.py +391 -51
- pulumi_vault/namespace.py +68 -83
- pulumi_vault/nomad_secret_backend.py +18 -13
- pulumi_vault/nomad_secret_role.py +14 -9
- pulumi_vault/okta/_inputs.py +47 -8
- pulumi_vault/okta/auth_backend.py +485 -39
- pulumi_vault/okta/auth_backend_group.py +14 -9
- pulumi_vault/okta/auth_backend_user.py +14 -9
- pulumi_vault/okta/outputs.py +13 -8
- pulumi_vault/outputs.py +5 -0
- pulumi_vault/password_policy.py +20 -13
- pulumi_vault/pkisecret/__init__.py +3 -0
- pulumi_vault/pkisecret/_inputs.py +81 -0
- pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
- pulumi_vault/pkisecret/backend_config_est.py +619 -0
- pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
- pulumi_vault/pkisecret/get_backend_issuer.py +67 -9
- pulumi_vault/pkisecret/get_backend_issuers.py +21 -8
- pulumi_vault/pkisecret/get_backend_key.py +24 -9
- pulumi_vault/pkisecret/get_backend_keys.py +21 -8
- pulumi_vault/pkisecret/outputs.py +69 -0
- pulumi_vault/pkisecret/secret_backend_cert.py +18 -11
- pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -11
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +14 -9
- pulumi_vault/pkisecret/secret_backend_config_urls.py +67 -11
- pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -9
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -11
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -17
- pulumi_vault/pkisecret/secret_backend_issuer.py +14 -9
- pulumi_vault/pkisecret/secret_backend_key.py +14 -9
- pulumi_vault/pkisecret/secret_backend_role.py +21 -14
- pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -48
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -56
- pulumi_vault/pkisecret/secret_backend_sign.py +18 -54
- pulumi_vault/plugin.py +595 -0
- pulumi_vault/plugin_pinned_version.py +298 -0
- pulumi_vault/policy.py +14 -9
- pulumi_vault/provider.py +48 -53
- pulumi_vault/pulumi-plugin.json +2 -1
- pulumi_vault/quota_lease_count.py +60 -6
- pulumi_vault/quota_rate_limit.py +56 -2
- pulumi_vault/rabbitmq/_inputs.py +61 -0
- pulumi_vault/rabbitmq/outputs.py +5 -0
- pulumi_vault/rabbitmq/secret_backend.py +18 -13
- pulumi_vault/rabbitmq/secret_backend_role.py +54 -47
- pulumi_vault/raft_autopilot.py +14 -9
- pulumi_vault/raft_snapshot_agent_config.py +129 -224
- pulumi_vault/rgp_policy.py +14 -9
- pulumi_vault/saml/auth_backend.py +22 -17
- pulumi_vault/saml/auth_backend_role.py +92 -197
- pulumi_vault/secrets/__init__.py +3 -0
- pulumi_vault/secrets/_inputs.py +110 -0
- pulumi_vault/secrets/outputs.py +94 -0
- pulumi_vault/secrets/sync_association.py +56 -71
- pulumi_vault/secrets/sync_aws_destination.py +242 -27
- pulumi_vault/secrets/sync_azure_destination.py +92 -31
- pulumi_vault/secrets/sync_config.py +9 -4
- pulumi_vault/secrets/sync_gcp_destination.py +158 -25
- pulumi_vault/secrets/sync_gh_destination.py +189 -13
- pulumi_vault/secrets/sync_github_apps.py +375 -0
- pulumi_vault/secrets/sync_vercel_destination.py +74 -13
- pulumi_vault/ssh/_inputs.py +28 -28
- pulumi_vault/ssh/outputs.py +11 -28
- pulumi_vault/ssh/secret_backend_ca.py +108 -9
- pulumi_vault/ssh/secret_backend_role.py +85 -118
- pulumi_vault/terraformcloud/secret_backend.py +7 -54
- pulumi_vault/terraformcloud/secret_creds.py +14 -20
- pulumi_vault/terraformcloud/secret_role.py +16 -74
- pulumi_vault/token.py +28 -23
- pulumi_vault/tokenauth/auth_backend_role.py +78 -199
- pulumi_vault/transform/alphabet.py +16 -9
- pulumi_vault/transform/get_decode.py +45 -17
- pulumi_vault/transform/get_encode.py +45 -17
- pulumi_vault/transform/role.py +16 -9
- pulumi_vault/transform/template.py +30 -21
- pulumi_vault/transform/transformation.py +12 -7
- pulumi_vault/transit/get_decrypt.py +26 -21
- pulumi_vault/transit/get_encrypt.py +24 -19
- pulumi_vault/transit/secret_backend_key.py +27 -93
- pulumi_vault/transit/secret_cache_config.py +12 -7
- {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/METADATA +8 -7
- pulumi_vault-6.5.0a1736836139.dist-info/RECORD +256 -0
- {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/WHEEL +1 -1
- pulumi_vault-5.21.0a1709368526.dist-info/RECORD +0 -244
- {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/top_level.txt +0 -0
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
|
12
17
|
__all__ = ['OidcKeyArgs', 'OidcKey']
|
@@ -29,7 +34,7 @@ class OidcKeyArgs:
|
|
29
34
|
:param pulumi.Input[str] name: Name of the OIDC Key to create.
|
30
35
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
31
36
|
The value should not contain leading or trailing forward slashes.
|
32
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
37
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
33
38
|
*Available only for Vault Enterprise*.
|
34
39
|
:param pulumi.Input[int] rotation_period: How often to generate a new signing key in number of seconds
|
35
40
|
:param pulumi.Input[int] verification_ttl: "Controls how long the public portion of a signing key will be
|
@@ -92,7 +97,7 @@ class OidcKeyArgs:
|
|
92
97
|
"""
|
93
98
|
The namespace to provision the resource in.
|
94
99
|
The value should not contain leading or trailing forward slashes.
|
95
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
100
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
96
101
|
*Available only for Vault Enterprise*.
|
97
102
|
"""
|
98
103
|
return pulumi.get(self, "namespace")
|
@@ -145,7 +150,7 @@ class _OidcKeyState:
|
|
145
150
|
:param pulumi.Input[str] name: Name of the OIDC Key to create.
|
146
151
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
147
152
|
The value should not contain leading or trailing forward slashes.
|
148
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
153
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
149
154
|
*Available only for Vault Enterprise*.
|
150
155
|
:param pulumi.Input[int] rotation_period: How often to generate a new signing key in number of seconds
|
151
156
|
:param pulumi.Input[int] verification_ttl: "Controls how long the public portion of a signing key will be
|
@@ -208,7 +213,7 @@ class _OidcKeyState:
|
|
208
213
|
"""
|
209
214
|
The namespace to provision the resource in.
|
210
215
|
The value should not contain leading or trailing forward slashes.
|
211
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
216
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
212
217
|
*Available only for Vault Enterprise*.
|
213
218
|
"""
|
214
219
|
return pulumi.get(self, "namespace")
|
@@ -262,11 +267,15 @@ class OidcKey(pulumi.CustomResource):
|
|
262
267
|
import pulumi
|
263
268
|
import pulumi_vault as vault
|
264
269
|
|
265
|
-
key = vault.identity.OidcKey("key",
|
266
|
-
|
267
|
-
|
270
|
+
key = vault.identity.OidcKey("key",
|
271
|
+
name="key",
|
272
|
+
algorithm="RS256")
|
273
|
+
role = vault.identity.OidcRole("role",
|
274
|
+
name="role",
|
275
|
+
key=key.name)
|
276
|
+
role_oidc_key_allowed_client_id = vault.identity.OidcKeyAllowedClientID("role",
|
268
277
|
key_name=key.name,
|
269
|
-
allowed_client_id=
|
278
|
+
allowed_client_id=role.client_id)
|
270
279
|
```
|
271
280
|
|
272
281
|
## Import
|
@@ -274,7 +283,7 @@ class OidcKey(pulumi.CustomResource):
|
|
274
283
|
The key can be imported with the key name, for example:
|
275
284
|
|
276
285
|
```sh
|
277
|
-
|
286
|
+
$ pulumi import vault:identity/oidcKey:OidcKey key key
|
278
287
|
```
|
279
288
|
|
280
289
|
:param str resource_name: The name of the resource.
|
@@ -286,7 +295,7 @@ class OidcKey(pulumi.CustomResource):
|
|
286
295
|
:param pulumi.Input[str] name: Name of the OIDC Key to create.
|
287
296
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
288
297
|
The value should not contain leading or trailing forward slashes.
|
289
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
298
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
290
299
|
*Available only for Vault Enterprise*.
|
291
300
|
:param pulumi.Input[int] rotation_period: How often to generate a new signing key in number of seconds
|
292
301
|
:param pulumi.Input[int] verification_ttl: "Controls how long the public portion of a signing key will be
|
@@ -305,11 +314,15 @@ class OidcKey(pulumi.CustomResource):
|
|
305
314
|
import pulumi
|
306
315
|
import pulumi_vault as vault
|
307
316
|
|
308
|
-
key = vault.identity.OidcKey("key",
|
309
|
-
|
310
|
-
|
317
|
+
key = vault.identity.OidcKey("key",
|
318
|
+
name="key",
|
319
|
+
algorithm="RS256")
|
320
|
+
role = vault.identity.OidcRole("role",
|
321
|
+
name="role",
|
322
|
+
key=key.name)
|
323
|
+
role_oidc_key_allowed_client_id = vault.identity.OidcKeyAllowedClientID("role",
|
311
324
|
key_name=key.name,
|
312
|
-
allowed_client_id=
|
325
|
+
allowed_client_id=role.client_id)
|
313
326
|
```
|
314
327
|
|
315
328
|
## Import
|
@@ -317,7 +330,7 @@ class OidcKey(pulumi.CustomResource):
|
|
317
330
|
The key can be imported with the key name, for example:
|
318
331
|
|
319
332
|
```sh
|
320
|
-
|
333
|
+
$ pulumi import vault:identity/oidcKey:OidcKey key key
|
321
334
|
```
|
322
335
|
|
323
336
|
:param str resource_name: The name of the resource.
|
@@ -386,7 +399,7 @@ class OidcKey(pulumi.CustomResource):
|
|
386
399
|
:param pulumi.Input[str] name: Name of the OIDC Key to create.
|
387
400
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
388
401
|
The value should not contain leading or trailing forward slashes.
|
389
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
402
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
390
403
|
*Available only for Vault Enterprise*.
|
391
404
|
:param pulumi.Input[int] rotation_period: How often to generate a new signing key in number of seconds
|
392
405
|
:param pulumi.Input[int] verification_ttl: "Controls how long the public portion of a signing key will be
|
@@ -436,7 +449,7 @@ class OidcKey(pulumi.CustomResource):
|
|
436
449
|
"""
|
437
450
|
The namespace to provision the resource in.
|
438
451
|
The value should not contain leading or trailing forward slashes.
|
439
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
452
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
440
453
|
*Available only for Vault Enterprise*.
|
441
454
|
"""
|
442
455
|
return pulumi.get(self, "namespace")
|
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
|
12
17
|
__all__ = ['OidcKeyAllowedClientIDArgs', 'OidcKeyAllowedClientID']
|
@@ -23,7 +28,7 @@ class OidcKeyAllowedClientIDArgs:
|
|
23
28
|
:param pulumi.Input[str] key_name: Name of the OIDC Key allow the Client ID.
|
24
29
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
25
30
|
The value should not contain leading or trailing forward slashes.
|
26
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
31
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
27
32
|
*Available only for Vault Enterprise*.
|
28
33
|
"""
|
29
34
|
pulumi.set(__self__, "allowed_client_id", allowed_client_id)
|
@@ -61,7 +66,7 @@ class OidcKeyAllowedClientIDArgs:
|
|
61
66
|
"""
|
62
67
|
The namespace to provision the resource in.
|
63
68
|
The value should not contain leading or trailing forward slashes.
|
64
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
69
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
65
70
|
*Available only for Vault Enterprise*.
|
66
71
|
"""
|
67
72
|
return pulumi.get(self, "namespace")
|
@@ -83,7 +88,7 @@ class _OidcKeyAllowedClientIDState:
|
|
83
88
|
:param pulumi.Input[str] key_name: Name of the OIDC Key allow the Client ID.
|
84
89
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
85
90
|
The value should not contain leading or trailing forward slashes.
|
86
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
91
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
87
92
|
*Available only for Vault Enterprise*.
|
88
93
|
"""
|
89
94
|
if allowed_client_id is not None:
|
@@ -123,7 +128,7 @@ class _OidcKeyAllowedClientIDState:
|
|
123
128
|
"""
|
124
129
|
The namespace to provision the resource in.
|
125
130
|
The value should not contain leading or trailing forward slashes.
|
126
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
131
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
127
132
|
*Available only for Vault Enterprise*.
|
128
133
|
"""
|
129
134
|
return pulumi.get(self, "namespace")
|
@@ -149,11 +154,15 @@ class OidcKeyAllowedClientID(pulumi.CustomResource):
|
|
149
154
|
import pulumi
|
150
155
|
import pulumi_vault as vault
|
151
156
|
|
152
|
-
key = vault.identity.OidcKey("key",
|
153
|
-
|
154
|
-
|
157
|
+
key = vault.identity.OidcKey("key",
|
158
|
+
name="key",
|
159
|
+
algorithm="RS256")
|
160
|
+
role = vault.identity.OidcRole("role",
|
161
|
+
name="role",
|
162
|
+
key=key.name)
|
163
|
+
role_oidc_key_allowed_client_id = vault.identity.OidcKeyAllowedClientID("role",
|
155
164
|
key_name=key.name,
|
156
|
-
allowed_client_id=
|
165
|
+
allowed_client_id=role.client_id)
|
157
166
|
```
|
158
167
|
|
159
168
|
:param str resource_name: The name of the resource.
|
@@ -162,7 +171,7 @@ class OidcKeyAllowedClientID(pulumi.CustomResource):
|
|
162
171
|
:param pulumi.Input[str] key_name: Name of the OIDC Key allow the Client ID.
|
163
172
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
164
173
|
The value should not contain leading or trailing forward slashes.
|
165
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
174
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
166
175
|
*Available only for Vault Enterprise*.
|
167
176
|
"""
|
168
177
|
...
|
@@ -178,11 +187,15 @@ class OidcKeyAllowedClientID(pulumi.CustomResource):
|
|
178
187
|
import pulumi
|
179
188
|
import pulumi_vault as vault
|
180
189
|
|
181
|
-
key = vault.identity.OidcKey("key",
|
182
|
-
|
183
|
-
|
190
|
+
key = vault.identity.OidcKey("key",
|
191
|
+
name="key",
|
192
|
+
algorithm="RS256")
|
193
|
+
role = vault.identity.OidcRole("role",
|
194
|
+
name="role",
|
195
|
+
key=key.name)
|
196
|
+
role_oidc_key_allowed_client_id = vault.identity.OidcKeyAllowedClientID("role",
|
184
197
|
key_name=key.name,
|
185
|
-
allowed_client_id=
|
198
|
+
allowed_client_id=role.client_id)
|
186
199
|
```
|
187
200
|
|
188
201
|
:param str resource_name: The name of the resource.
|
@@ -243,7 +256,7 @@ class OidcKeyAllowedClientID(pulumi.CustomResource):
|
|
243
256
|
:param pulumi.Input[str] key_name: Name of the OIDC Key allow the Client ID.
|
244
257
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
245
258
|
The value should not contain leading or trailing forward slashes.
|
246
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
259
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
247
260
|
*Available only for Vault Enterprise*.
|
248
261
|
"""
|
249
262
|
opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
|
@@ -277,7 +290,7 @@ class OidcKeyAllowedClientID(pulumi.CustomResource):
|
|
277
290
|
"""
|
278
291
|
The namespace to provision the resource in.
|
279
292
|
The value should not contain leading or trailing forward slashes.
|
280
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
293
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
281
294
|
*Available only for Vault Enterprise*.
|
282
295
|
"""
|
283
296
|
return pulumi.get(self, "namespace")
|
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
|
12
17
|
__all__ = ['OidcProviderArgs', 'OidcProvider']
|
@@ -29,7 +34,7 @@ class OidcProviderArgs:
|
|
29
34
|
:param pulumi.Input[str] name: The name of the provider.
|
30
35
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
31
36
|
The value should not contain leading or trailing forward slashes.
|
32
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
37
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
33
38
|
*Available only for Vault Enterprise*.
|
34
39
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] scopes_supporteds: The scopes available for requesting on the provider.
|
35
40
|
"""
|
@@ -101,7 +106,7 @@ class OidcProviderArgs:
|
|
101
106
|
"""
|
102
107
|
The namespace to provision the resource in.
|
103
108
|
The value should not contain leading or trailing forward slashes.
|
104
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
109
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
105
110
|
*Available only for Vault Enterprise*.
|
106
111
|
"""
|
107
112
|
return pulumi.get(self, "namespace")
|
@@ -145,7 +150,7 @@ class _OidcProviderState:
|
|
145
150
|
:param pulumi.Input[str] name: The name of the provider.
|
146
151
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
147
152
|
The value should not contain leading or trailing forward slashes.
|
148
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
153
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
149
154
|
*Available only for Vault Enterprise*.
|
150
155
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] scopes_supporteds: The scopes available for requesting on the provider.
|
151
156
|
"""
|
@@ -233,7 +238,7 @@ class _OidcProviderState:
|
|
233
238
|
"""
|
234
239
|
The namespace to provision the resource in.
|
235
240
|
The value should not contain leading or trailing forward slashes.
|
236
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
241
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
237
242
|
*Available only for Vault Enterprise*.
|
238
243
|
"""
|
239
244
|
return pulumi.get(self, "namespace")
|
@@ -278,15 +283,18 @@ class OidcProvider(pulumi.CustomResource):
|
|
278
283
|
import json
|
279
284
|
import pulumi_vault as vault
|
280
285
|
|
281
|
-
|
286
|
+
test = vault.identity.OidcKey("test",
|
287
|
+
name="my-key",
|
282
288
|
allowed_client_ids=["*"],
|
283
289
|
rotation_period=3600,
|
284
290
|
verification_ttl=3600)
|
285
|
-
test_oidc_assignment = vault.identity.OidcAssignment("
|
291
|
+
test_oidc_assignment = vault.identity.OidcAssignment("test",
|
292
|
+
name="my-assignment",
|
286
293
|
entity_ids=["fake-ascbascas-2231a-sdfaa"],
|
287
294
|
group_ids=["fake-sajkdsad-32414-sfsada"])
|
288
|
-
test_oidc_client = vault.identity.OidcClient("
|
289
|
-
|
295
|
+
test_oidc_client = vault.identity.OidcClient("test",
|
296
|
+
name="application",
|
297
|
+
key=test.name,
|
290
298
|
redirect_uris=[
|
291
299
|
"http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback",
|
292
300
|
"http://127.0.0.1:8251/callback",
|
@@ -295,12 +303,14 @@ class OidcProvider(pulumi.CustomResource):
|
|
295
303
|
assignments=[test_oidc_assignment.name],
|
296
304
|
id_token_ttl=2400,
|
297
305
|
access_token_ttl=7200)
|
298
|
-
test_oidc_scope = vault.identity.OidcScope("
|
306
|
+
test_oidc_scope = vault.identity.OidcScope("test",
|
307
|
+
name="groups",
|
299
308
|
template=json.dumps({
|
300
309
|
"groups": "{{identity.entity.groups.names}}",
|
301
310
|
}),
|
302
311
|
description="Groups scope.")
|
303
|
-
test_oidc_provider = vault.identity.OidcProvider("
|
312
|
+
test_oidc_provider = vault.identity.OidcProvider("test",
|
313
|
+
name="my-provider",
|
304
314
|
https_enabled=False,
|
305
315
|
issuer_host="127.0.0.1:8200",
|
306
316
|
allowed_client_ids=[test_oidc_client.client_id],
|
@@ -312,7 +322,7 @@ class OidcProvider(pulumi.CustomResource):
|
|
312
322
|
OIDC Providers can be imported using the `name`, e.g.
|
313
323
|
|
314
324
|
```sh
|
315
|
-
|
325
|
+
$ pulumi import vault:identity/oidcProvider:OidcProvider test my-provider
|
316
326
|
```
|
317
327
|
|
318
328
|
:param str resource_name: The name of the resource.
|
@@ -324,7 +334,7 @@ class OidcProvider(pulumi.CustomResource):
|
|
324
334
|
:param pulumi.Input[str] name: The name of the provider.
|
325
335
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
326
336
|
The value should not contain leading or trailing forward slashes.
|
327
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
337
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
328
338
|
*Available only for Vault Enterprise*.
|
329
339
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] scopes_supporteds: The scopes available for requesting on the provider.
|
330
340
|
"""
|
@@ -345,15 +355,18 @@ class OidcProvider(pulumi.CustomResource):
|
|
345
355
|
import json
|
346
356
|
import pulumi_vault as vault
|
347
357
|
|
348
|
-
|
358
|
+
test = vault.identity.OidcKey("test",
|
359
|
+
name="my-key",
|
349
360
|
allowed_client_ids=["*"],
|
350
361
|
rotation_period=3600,
|
351
362
|
verification_ttl=3600)
|
352
|
-
test_oidc_assignment = vault.identity.OidcAssignment("
|
363
|
+
test_oidc_assignment = vault.identity.OidcAssignment("test",
|
364
|
+
name="my-assignment",
|
353
365
|
entity_ids=["fake-ascbascas-2231a-sdfaa"],
|
354
366
|
group_ids=["fake-sajkdsad-32414-sfsada"])
|
355
|
-
test_oidc_client = vault.identity.OidcClient("
|
356
|
-
|
367
|
+
test_oidc_client = vault.identity.OidcClient("test",
|
368
|
+
name="application",
|
369
|
+
key=test.name,
|
357
370
|
redirect_uris=[
|
358
371
|
"http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback",
|
359
372
|
"http://127.0.0.1:8251/callback",
|
@@ -362,12 +375,14 @@ class OidcProvider(pulumi.CustomResource):
|
|
362
375
|
assignments=[test_oidc_assignment.name],
|
363
376
|
id_token_ttl=2400,
|
364
377
|
access_token_ttl=7200)
|
365
|
-
test_oidc_scope = vault.identity.OidcScope("
|
378
|
+
test_oidc_scope = vault.identity.OidcScope("test",
|
379
|
+
name="groups",
|
366
380
|
template=json.dumps({
|
367
381
|
"groups": "{{identity.entity.groups.names}}",
|
368
382
|
}),
|
369
383
|
description="Groups scope.")
|
370
|
-
test_oidc_provider = vault.identity.OidcProvider("
|
384
|
+
test_oidc_provider = vault.identity.OidcProvider("test",
|
385
|
+
name="my-provider",
|
371
386
|
https_enabled=False,
|
372
387
|
issuer_host="127.0.0.1:8200",
|
373
388
|
allowed_client_ids=[test_oidc_client.client_id],
|
@@ -379,7 +394,7 @@ class OidcProvider(pulumi.CustomResource):
|
|
379
394
|
OIDC Providers can be imported using the `name`, e.g.
|
380
395
|
|
381
396
|
```sh
|
382
|
-
|
397
|
+
$ pulumi import vault:identity/oidcProvider:OidcProvider test my-provider
|
383
398
|
```
|
384
399
|
|
385
400
|
:param str resource_name: The name of the resource.
|
@@ -453,7 +468,7 @@ class OidcProvider(pulumi.CustomResource):
|
|
453
468
|
:param pulumi.Input[str] name: The name of the provider.
|
454
469
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
455
470
|
The value should not contain leading or trailing forward slashes.
|
456
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
471
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
457
472
|
*Available only for Vault Enterprise*.
|
458
473
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] scopes_supporteds: The scopes available for requesting on the provider.
|
459
474
|
"""
|
@@ -519,7 +534,7 @@ class OidcProvider(pulumi.CustomResource):
|
|
519
534
|
"""
|
520
535
|
The namespace to provision the resource in.
|
521
536
|
The value should not contain leading or trailing forward slashes.
|
522
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
537
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
523
538
|
*Available only for Vault Enterprise*.
|
524
539
|
"""
|
525
540
|
return pulumi.get(self, "namespace")
|
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
|
12
17
|
__all__ = ['OidcRoleArgs', 'OidcRole']
|
@@ -29,7 +34,7 @@ class OidcRoleArgs:
|
|
29
34
|
:param pulumi.Input[str] name: Name of the OIDC Role to create.
|
30
35
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
31
36
|
The value should not contain leading or trailing forward slashes.
|
32
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
37
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
33
38
|
*Available only for Vault Enterprise*.
|
34
39
|
:param pulumi.Input[str] template: The template string to use for generating tokens. This may be in
|
35
40
|
string-ified JSON or base64 format. See the
|
@@ -93,7 +98,7 @@ class OidcRoleArgs:
|
|
93
98
|
"""
|
94
99
|
The namespace to provision the resource in.
|
95
100
|
The value should not contain leading or trailing forward slashes.
|
96
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
101
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
97
102
|
*Available only for Vault Enterprise*.
|
98
103
|
"""
|
99
104
|
return pulumi.get(self, "namespace")
|
@@ -148,7 +153,7 @@ class _OidcRoleState:
|
|
148
153
|
:param pulumi.Input[str] name: Name of the OIDC Role to create.
|
149
154
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
150
155
|
The value should not contain leading or trailing forward slashes.
|
151
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
156
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
152
157
|
*Available only for Vault Enterprise*.
|
153
158
|
:param pulumi.Input[str] template: The template string to use for generating tokens. This may be in
|
154
159
|
string-ified JSON or base64 format. See the
|
@@ -213,7 +218,7 @@ class _OidcRoleState:
|
|
213
218
|
"""
|
214
219
|
The namespace to provision the resource in.
|
215
220
|
The value should not contain leading or trailing forward slashes.
|
216
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
221
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
217
222
|
*Available only for Vault Enterprise*.
|
218
223
|
"""
|
219
224
|
return pulumi.get(self, "namespace")
|
@@ -275,11 +280,15 @@ class OidcRole(pulumi.CustomResource):
|
|
275
280
|
import pulumi_vault as vault
|
276
281
|
|
277
282
|
config = pulumi.Config()
|
283
|
+
# Name of the OIDC Key
|
278
284
|
key = config.get("key")
|
279
285
|
if key is None:
|
280
286
|
key = "key"
|
281
|
-
role = vault.identity.OidcRole("role",
|
282
|
-
|
287
|
+
role = vault.identity.OidcRole("role",
|
288
|
+
name="role",
|
289
|
+
key=key)
|
290
|
+
key_oidc_key = vault.identity.OidcKey("key",
|
291
|
+
name=key,
|
283
292
|
algorithm="RS256",
|
284
293
|
allowed_client_ids=[role.client_id])
|
285
294
|
```
|
@@ -292,11 +301,15 @@ class OidcRole(pulumi.CustomResource):
|
|
292
301
|
import pulumi
|
293
302
|
import pulumi_vault as vault
|
294
303
|
|
295
|
-
key = vault.identity.OidcKey("key",
|
296
|
-
|
297
|
-
|
304
|
+
key = vault.identity.OidcKey("key",
|
305
|
+
name="key",
|
306
|
+
algorithm="RS256")
|
307
|
+
role = vault.identity.OidcRole("role",
|
308
|
+
name="role",
|
309
|
+
key=key.name)
|
310
|
+
role_oidc_key_allowed_client_id = vault.identity.OidcKeyAllowedClientID("role",
|
298
311
|
key_name=key.name,
|
299
|
-
allowed_client_id=
|
312
|
+
allowed_client_id=role.client_id)
|
300
313
|
```
|
301
314
|
|
302
315
|
## Import
|
@@ -304,7 +317,7 @@ class OidcRole(pulumi.CustomResource):
|
|
304
317
|
The key can be imported with the role name, for example:
|
305
318
|
|
306
319
|
```sh
|
307
|
-
|
320
|
+
$ pulumi import vault:identity/oidcRole:OidcRole role role
|
308
321
|
```
|
309
322
|
|
310
323
|
:param str resource_name: The name of the resource.
|
@@ -316,7 +329,7 @@ class OidcRole(pulumi.CustomResource):
|
|
316
329
|
:param pulumi.Input[str] name: Name of the OIDC Role to create.
|
317
330
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
318
331
|
The value should not contain leading or trailing forward slashes.
|
319
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
332
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
320
333
|
*Available only for Vault Enterprise*.
|
321
334
|
:param pulumi.Input[str] template: The template string to use for generating tokens. This may be in
|
322
335
|
string-ified JSON or base64 format. See the
|
@@ -343,11 +356,15 @@ class OidcRole(pulumi.CustomResource):
|
|
343
356
|
import pulumi_vault as vault
|
344
357
|
|
345
358
|
config = pulumi.Config()
|
359
|
+
# Name of the OIDC Key
|
346
360
|
key = config.get("key")
|
347
361
|
if key is None:
|
348
362
|
key = "key"
|
349
|
-
role = vault.identity.OidcRole("role",
|
350
|
-
|
363
|
+
role = vault.identity.OidcRole("role",
|
364
|
+
name="role",
|
365
|
+
key=key)
|
366
|
+
key_oidc_key = vault.identity.OidcKey("key",
|
367
|
+
name=key,
|
351
368
|
algorithm="RS256",
|
352
369
|
allowed_client_ids=[role.client_id])
|
353
370
|
```
|
@@ -360,11 +377,15 @@ class OidcRole(pulumi.CustomResource):
|
|
360
377
|
import pulumi
|
361
378
|
import pulumi_vault as vault
|
362
379
|
|
363
|
-
key = vault.identity.OidcKey("key",
|
364
|
-
|
365
|
-
|
380
|
+
key = vault.identity.OidcKey("key",
|
381
|
+
name="key",
|
382
|
+
algorithm="RS256")
|
383
|
+
role = vault.identity.OidcRole("role",
|
384
|
+
name="role",
|
385
|
+
key=key.name)
|
386
|
+
role_oidc_key_allowed_client_id = vault.identity.OidcKeyAllowedClientID("role",
|
366
387
|
key_name=key.name,
|
367
|
-
allowed_client_id=
|
388
|
+
allowed_client_id=role.client_id)
|
368
389
|
```
|
369
390
|
|
370
391
|
## Import
|
@@ -372,7 +393,7 @@ class OidcRole(pulumi.CustomResource):
|
|
372
393
|
The key can be imported with the role name, for example:
|
373
394
|
|
374
395
|
```sh
|
375
|
-
|
396
|
+
$ pulumi import vault:identity/oidcRole:OidcRole role role
|
376
397
|
```
|
377
398
|
|
378
399
|
:param str resource_name: The name of the resource.
|
@@ -443,7 +464,7 @@ class OidcRole(pulumi.CustomResource):
|
|
443
464
|
:param pulumi.Input[str] name: Name of the OIDC Role to create.
|
444
465
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
445
466
|
The value should not contain leading or trailing forward slashes.
|
446
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
467
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
447
468
|
*Available only for Vault Enterprise*.
|
448
469
|
:param pulumi.Input[str] template: The template string to use for generating tokens. This may be in
|
449
470
|
string-ified JSON or base64 format. See the
|
@@ -495,7 +516,7 @@ class OidcRole(pulumi.CustomResource):
|
|
495
516
|
"""
|
496
517
|
The namespace to provision the resource in.
|
497
518
|
The value should not contain leading or trailing forward slashes.
|
498
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
519
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
499
520
|
*Available only for Vault Enterprise*.
|
500
521
|
"""
|
501
522
|
return pulumi.get(self, "namespace")
|