pulumi-vault 5.21.0a1709368526__py3-none-any.whl → 6.5.0a1736836139__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +52 -0
- pulumi_vault/_inputs.py +560 -0
- pulumi_vault/_utilities.py +41 -5
- pulumi_vault/ad/get_access_credentials.py +26 -9
- pulumi_vault/ad/secret_backend.py +16 -142
- pulumi_vault/ad/secret_library.py +16 -9
- pulumi_vault/ad/secret_role.py +14 -9
- pulumi_vault/alicloud/auth_backend_role.py +76 -190
- pulumi_vault/approle/auth_backend_login.py +12 -7
- pulumi_vault/approle/auth_backend_role.py +77 -191
- pulumi_vault/approle/auth_backend_role_secret_id.py +106 -7
- pulumi_vault/approle/get_auth_backend_role_id.py +18 -5
- pulumi_vault/audit.py +30 -21
- pulumi_vault/audit_request_header.py +11 -2
- pulumi_vault/auth_backend.py +66 -14
- pulumi_vault/aws/auth_backend_cert.py +18 -9
- pulumi_vault/aws/auth_backend_client.py +267 -22
- pulumi_vault/aws/auth_backend_config_identity.py +14 -9
- pulumi_vault/aws/auth_backend_identity_whitelist.py +20 -15
- pulumi_vault/aws/auth_backend_login.py +19 -22
- pulumi_vault/aws/auth_backend_role.py +77 -191
- pulumi_vault/aws/auth_backend_role_tag.py +12 -7
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -13
- pulumi_vault/aws/auth_backend_sts_role.py +14 -9
- pulumi_vault/aws/get_access_credentials.py +38 -9
- pulumi_vault/aws/get_static_access_credentials.py +19 -5
- pulumi_vault/aws/secret_backend.py +77 -9
- pulumi_vault/aws/secret_backend_role.py +185 -9
- pulumi_vault/aws/secret_backend_static_role.py +20 -11
- pulumi_vault/azure/_inputs.py +24 -0
- pulumi_vault/azure/auth_backend_config.py +153 -15
- pulumi_vault/azure/auth_backend_role.py +77 -191
- pulumi_vault/azure/backend.py +227 -21
- pulumi_vault/azure/backend_role.py +42 -37
- pulumi_vault/azure/get_access_credentials.py +41 -7
- pulumi_vault/azure/outputs.py +5 -0
- pulumi_vault/cert_auth_backend_role.py +87 -267
- pulumi_vault/config/__init__.pyi +5 -0
- pulumi_vault/config/_inputs.py +73 -0
- pulumi_vault/config/outputs.py +35 -0
- pulumi_vault/config/ui_custom_message.py +529 -0
- pulumi_vault/config/vars.py +5 -0
- pulumi_vault/consul/secret_backend.py +28 -19
- pulumi_vault/consul/secret_backend_role.py +18 -78
- pulumi_vault/database/_inputs.py +2770 -881
- pulumi_vault/database/outputs.py +721 -838
- pulumi_vault/database/secret_backend_connection.py +119 -112
- pulumi_vault/database/secret_backend_role.py +31 -22
- pulumi_vault/database/secret_backend_static_role.py +87 -13
- pulumi_vault/database/secrets_mount.py +427 -136
- pulumi_vault/egp_policy.py +16 -11
- pulumi_vault/gcp/_inputs.py +111 -0
- pulumi_vault/gcp/auth_backend.py +250 -33
- pulumi_vault/gcp/auth_backend_role.py +77 -269
- pulumi_vault/gcp/get_auth_backend_role.py +43 -5
- pulumi_vault/gcp/outputs.py +5 -0
- pulumi_vault/gcp/secret_backend.py +287 -12
- pulumi_vault/gcp/secret_impersonated_account.py +76 -15
- pulumi_vault/gcp/secret_roleset.py +31 -24
- pulumi_vault/gcp/secret_static_account.py +39 -32
- pulumi_vault/generic/endpoint.py +24 -17
- pulumi_vault/generic/get_secret.py +64 -8
- pulumi_vault/generic/secret.py +21 -16
- pulumi_vault/get_auth_backend.py +24 -7
- pulumi_vault/get_auth_backends.py +51 -9
- pulumi_vault/get_namespace.py +226 -0
- pulumi_vault/get_namespaces.py +153 -0
- pulumi_vault/get_nomad_access_token.py +31 -11
- pulumi_vault/get_policy_document.py +34 -19
- pulumi_vault/get_raft_autopilot_state.py +29 -10
- pulumi_vault/github/_inputs.py +55 -0
- pulumi_vault/github/auth_backend.py +19 -14
- pulumi_vault/github/outputs.py +5 -0
- pulumi_vault/github/team.py +16 -11
- pulumi_vault/github/user.py +16 -11
- pulumi_vault/identity/entity.py +20 -13
- pulumi_vault/identity/entity_alias.py +20 -13
- pulumi_vault/identity/entity_policies.py +28 -11
- pulumi_vault/identity/get_entity.py +42 -10
- pulumi_vault/identity/get_group.py +47 -9
- pulumi_vault/identity/get_oidc_client_creds.py +21 -7
- pulumi_vault/identity/get_oidc_openid_config.py +39 -9
- pulumi_vault/identity/get_oidc_public_keys.py +29 -10
- pulumi_vault/identity/group.py +58 -39
- pulumi_vault/identity/group_alias.py +16 -9
- pulumi_vault/identity/group_member_entity_ids.py +28 -66
- pulumi_vault/identity/group_member_group_ids.py +40 -19
- pulumi_vault/identity/group_policies.py +20 -7
- pulumi_vault/identity/mfa_duo.py +11 -6
- pulumi_vault/identity/mfa_login_enforcement.py +15 -6
- pulumi_vault/identity/mfa_okta.py +11 -6
- pulumi_vault/identity/mfa_pingid.py +7 -2
- pulumi_vault/identity/mfa_totp.py +7 -2
- pulumi_vault/identity/oidc.py +12 -7
- pulumi_vault/identity/oidc_assignment.py +24 -11
- pulumi_vault/identity/oidc_client.py +36 -23
- pulumi_vault/identity/oidc_key.py +30 -17
- pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -15
- pulumi_vault/identity/oidc_provider.py +36 -21
- pulumi_vault/identity/oidc_role.py +42 -21
- pulumi_vault/identity/oidc_scope.py +20 -13
- pulumi_vault/identity/outputs.py +8 -3
- pulumi_vault/jwt/_inputs.py +55 -0
- pulumi_vault/jwt/auth_backend.py +45 -40
- pulumi_vault/jwt/auth_backend_role.py +133 -254
- pulumi_vault/jwt/outputs.py +5 -0
- pulumi_vault/kmip/secret_backend.py +24 -19
- pulumi_vault/kmip/secret_role.py +14 -9
- pulumi_vault/kmip/secret_scope.py +14 -9
- pulumi_vault/kubernetes/auth_backend_config.py +57 -5
- pulumi_vault/kubernetes/auth_backend_role.py +70 -177
- pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
- pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
- pulumi_vault/kubernetes/get_service_account_token.py +39 -11
- pulumi_vault/kubernetes/secret_backend.py +316 -27
- pulumi_vault/kubernetes/secret_backend_role.py +137 -46
- pulumi_vault/kv/_inputs.py +36 -4
- pulumi_vault/kv/get_secret.py +25 -8
- pulumi_vault/kv/get_secret_subkeys_v2.py +33 -10
- pulumi_vault/kv/get_secret_v2.py +85 -9
- pulumi_vault/kv/get_secrets_list.py +24 -11
- pulumi_vault/kv/get_secrets_list_v2.py +37 -15
- pulumi_vault/kv/outputs.py +8 -3
- pulumi_vault/kv/secret.py +23 -16
- pulumi_vault/kv/secret_backend_v2.py +20 -11
- pulumi_vault/kv/secret_v2.py +59 -50
- pulumi_vault/ldap/auth_backend.py +127 -166
- pulumi_vault/ldap/auth_backend_group.py +14 -9
- pulumi_vault/ldap/auth_backend_user.py +14 -9
- pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
- pulumi_vault/ldap/get_static_credentials.py +24 -5
- pulumi_vault/ldap/secret_backend.py +354 -82
- pulumi_vault/ldap/secret_backend_dynamic_role.py +18 -11
- pulumi_vault/ldap/secret_backend_library_set.py +16 -9
- pulumi_vault/ldap/secret_backend_static_role.py +73 -12
- pulumi_vault/managed/_inputs.py +289 -132
- pulumi_vault/managed/keys.py +29 -57
- pulumi_vault/managed/outputs.py +89 -132
- pulumi_vault/mfa_duo.py +18 -11
- pulumi_vault/mfa_okta.py +18 -11
- pulumi_vault/mfa_pingid.py +18 -11
- pulumi_vault/mfa_totp.py +24 -17
- pulumi_vault/mongodbatlas/secret_backend.py +20 -15
- pulumi_vault/mongodbatlas/secret_role.py +47 -38
- pulumi_vault/mount.py +391 -51
- pulumi_vault/namespace.py +68 -83
- pulumi_vault/nomad_secret_backend.py +18 -13
- pulumi_vault/nomad_secret_role.py +14 -9
- pulumi_vault/okta/_inputs.py +47 -8
- pulumi_vault/okta/auth_backend.py +485 -39
- pulumi_vault/okta/auth_backend_group.py +14 -9
- pulumi_vault/okta/auth_backend_user.py +14 -9
- pulumi_vault/okta/outputs.py +13 -8
- pulumi_vault/outputs.py +5 -0
- pulumi_vault/password_policy.py +20 -13
- pulumi_vault/pkisecret/__init__.py +3 -0
- pulumi_vault/pkisecret/_inputs.py +81 -0
- pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
- pulumi_vault/pkisecret/backend_config_est.py +619 -0
- pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
- pulumi_vault/pkisecret/get_backend_issuer.py +67 -9
- pulumi_vault/pkisecret/get_backend_issuers.py +21 -8
- pulumi_vault/pkisecret/get_backend_key.py +24 -9
- pulumi_vault/pkisecret/get_backend_keys.py +21 -8
- pulumi_vault/pkisecret/outputs.py +69 -0
- pulumi_vault/pkisecret/secret_backend_cert.py +18 -11
- pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -11
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +14 -9
- pulumi_vault/pkisecret/secret_backend_config_urls.py +67 -11
- pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -9
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -11
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -17
- pulumi_vault/pkisecret/secret_backend_issuer.py +14 -9
- pulumi_vault/pkisecret/secret_backend_key.py +14 -9
- pulumi_vault/pkisecret/secret_backend_role.py +21 -14
- pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -48
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -56
- pulumi_vault/pkisecret/secret_backend_sign.py +18 -54
- pulumi_vault/plugin.py +595 -0
- pulumi_vault/plugin_pinned_version.py +298 -0
- pulumi_vault/policy.py +14 -9
- pulumi_vault/provider.py +48 -53
- pulumi_vault/pulumi-plugin.json +2 -1
- pulumi_vault/quota_lease_count.py +60 -6
- pulumi_vault/quota_rate_limit.py +56 -2
- pulumi_vault/rabbitmq/_inputs.py +61 -0
- pulumi_vault/rabbitmq/outputs.py +5 -0
- pulumi_vault/rabbitmq/secret_backend.py +18 -13
- pulumi_vault/rabbitmq/secret_backend_role.py +54 -47
- pulumi_vault/raft_autopilot.py +14 -9
- pulumi_vault/raft_snapshot_agent_config.py +129 -224
- pulumi_vault/rgp_policy.py +14 -9
- pulumi_vault/saml/auth_backend.py +22 -17
- pulumi_vault/saml/auth_backend_role.py +92 -197
- pulumi_vault/secrets/__init__.py +3 -0
- pulumi_vault/secrets/_inputs.py +110 -0
- pulumi_vault/secrets/outputs.py +94 -0
- pulumi_vault/secrets/sync_association.py +56 -71
- pulumi_vault/secrets/sync_aws_destination.py +242 -27
- pulumi_vault/secrets/sync_azure_destination.py +92 -31
- pulumi_vault/secrets/sync_config.py +9 -4
- pulumi_vault/secrets/sync_gcp_destination.py +158 -25
- pulumi_vault/secrets/sync_gh_destination.py +189 -13
- pulumi_vault/secrets/sync_github_apps.py +375 -0
- pulumi_vault/secrets/sync_vercel_destination.py +74 -13
- pulumi_vault/ssh/_inputs.py +28 -28
- pulumi_vault/ssh/outputs.py +11 -28
- pulumi_vault/ssh/secret_backend_ca.py +108 -9
- pulumi_vault/ssh/secret_backend_role.py +85 -118
- pulumi_vault/terraformcloud/secret_backend.py +7 -54
- pulumi_vault/terraformcloud/secret_creds.py +14 -20
- pulumi_vault/terraformcloud/secret_role.py +16 -74
- pulumi_vault/token.py +28 -23
- pulumi_vault/tokenauth/auth_backend_role.py +78 -199
- pulumi_vault/transform/alphabet.py +16 -9
- pulumi_vault/transform/get_decode.py +45 -17
- pulumi_vault/transform/get_encode.py +45 -17
- pulumi_vault/transform/role.py +16 -9
- pulumi_vault/transform/template.py +30 -21
- pulumi_vault/transform/transformation.py +12 -7
- pulumi_vault/transit/get_decrypt.py +26 -21
- pulumi_vault/transit/get_encrypt.py +24 -19
- pulumi_vault/transit/secret_backend_key.py +27 -93
- pulumi_vault/transit/secret_cache_config.py +12 -7
- {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/METADATA +8 -7
- pulumi_vault-6.5.0a1736836139.dist-info/RECORD +256 -0
- {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/WHEEL +1 -1
- pulumi_vault-5.21.0a1709368526.dist-info/RECORD +0 -244
- {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/top_level.txt +0 -0
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
|
12
17
|
__all__ = ['OidcScopeArgs', 'OidcScope']
|
@@ -24,7 +29,7 @@ class OidcScopeArgs:
|
|
24
29
|
:param pulumi.Input[str] name: The name of the scope. The `openid` scope name is reserved.
|
25
30
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
26
31
|
The value should not contain leading or trailing forward slashes.
|
27
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
32
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
28
33
|
*Available only for Vault Enterprise*.
|
29
34
|
:param pulumi.Input[str] template: The template string for the scope. This may be provided as escaped JSON or base64 encoded JSON.
|
30
35
|
"""
|
@@ -67,7 +72,7 @@ class OidcScopeArgs:
|
|
67
72
|
"""
|
68
73
|
The namespace to provision the resource in.
|
69
74
|
The value should not contain leading or trailing forward slashes.
|
70
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
75
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
71
76
|
*Available only for Vault Enterprise*.
|
72
77
|
"""
|
73
78
|
return pulumi.get(self, "namespace")
|
@@ -102,7 +107,7 @@ class _OidcScopeState:
|
|
102
107
|
:param pulumi.Input[str] name: The name of the scope. The `openid` scope name is reserved.
|
103
108
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
104
109
|
The value should not contain leading or trailing forward slashes.
|
105
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
110
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
106
111
|
*Available only for Vault Enterprise*.
|
107
112
|
:param pulumi.Input[str] template: The template string for the scope. This may be provided as escaped JSON or base64 encoded JSON.
|
108
113
|
"""
|
@@ -145,7 +150,7 @@ class _OidcScopeState:
|
|
145
150
|
"""
|
146
151
|
The namespace to provision the resource in.
|
147
152
|
The value should not contain leading or trailing forward slashes.
|
148
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
153
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
149
154
|
*Available only for Vault Enterprise*.
|
150
155
|
"""
|
151
156
|
return pulumi.get(self, "namespace")
|
@@ -188,8 +193,9 @@ class OidcScope(pulumi.CustomResource):
|
|
188
193
|
import pulumi_vault as vault
|
189
194
|
|
190
195
|
groups = vault.identity.OidcScope("groups",
|
191
|
-
|
192
|
-
template="{\\"groups\\":{{identity.entity.groups.names}}}"
|
196
|
+
name="groups",
|
197
|
+
template="{\\"groups\\":{{identity.entity.groups.names}}}",
|
198
|
+
description="Vault OIDC Groups Scope")
|
193
199
|
```
|
194
200
|
|
195
201
|
## Import
|
@@ -197,7 +203,7 @@ class OidcScope(pulumi.CustomResource):
|
|
197
203
|
OIDC Scopes can be imported using the `name`, e.g.
|
198
204
|
|
199
205
|
```sh
|
200
|
-
|
206
|
+
$ pulumi import vault:identity/oidcScope:OidcScope groups groups
|
201
207
|
```
|
202
208
|
|
203
209
|
:param str resource_name: The name of the resource.
|
@@ -206,7 +212,7 @@ class OidcScope(pulumi.CustomResource):
|
|
206
212
|
:param pulumi.Input[str] name: The name of the scope. The `openid` scope name is reserved.
|
207
213
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
208
214
|
The value should not contain leading or trailing forward slashes.
|
209
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
215
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
210
216
|
*Available only for Vault Enterprise*.
|
211
217
|
:param pulumi.Input[str] template: The template string for the scope. This may be provided as escaped JSON or base64 encoded JSON.
|
212
218
|
"""
|
@@ -227,8 +233,9 @@ class OidcScope(pulumi.CustomResource):
|
|
227
233
|
import pulumi_vault as vault
|
228
234
|
|
229
235
|
groups = vault.identity.OidcScope("groups",
|
230
|
-
|
231
|
-
template="{\\"groups\\":{{identity.entity.groups.names}}}"
|
236
|
+
name="groups",
|
237
|
+
template="{\\"groups\\":{{identity.entity.groups.names}}}",
|
238
|
+
description="Vault OIDC Groups Scope")
|
232
239
|
```
|
233
240
|
|
234
241
|
## Import
|
@@ -236,7 +243,7 @@ class OidcScope(pulumi.CustomResource):
|
|
236
243
|
OIDC Scopes can be imported using the `name`, e.g.
|
237
244
|
|
238
245
|
```sh
|
239
|
-
|
246
|
+
$ pulumi import vault:identity/oidcScope:OidcScope groups groups
|
240
247
|
```
|
241
248
|
|
242
249
|
:param str resource_name: The name of the resource.
|
@@ -296,7 +303,7 @@ class OidcScope(pulumi.CustomResource):
|
|
296
303
|
:param pulumi.Input[str] name: The name of the scope. The `openid` scope name is reserved.
|
297
304
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
298
305
|
The value should not contain leading or trailing forward slashes.
|
299
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
306
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
300
307
|
*Available only for Vault Enterprise*.
|
301
308
|
:param pulumi.Input[str] template: The template string for the scope. This may be provided as escaped JSON or base64 encoded JSON.
|
302
309
|
"""
|
@@ -332,7 +339,7 @@ class OidcScope(pulumi.CustomResource):
|
|
332
339
|
"""
|
333
340
|
The namespace to provision the resource in.
|
334
341
|
The value should not contain leading or trailing forward slashes.
|
335
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
342
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
336
343
|
*Available only for Vault Enterprise*.
|
337
344
|
"""
|
338
345
|
return pulumi.get(self, "namespace")
|
pulumi_vault/identity/outputs.py
CHANGED
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
|
12
17
|
__all__ = [
|
@@ -21,7 +26,7 @@ class GetEntityAliasResult(dict):
|
|
21
26
|
id: str,
|
22
27
|
last_update_time: str,
|
23
28
|
merged_from_canonical_ids: Sequence[str],
|
24
|
-
metadata: Mapping[str,
|
29
|
+
metadata: Mapping[str, str],
|
25
30
|
mount_accessor: str,
|
26
31
|
mount_path: str,
|
27
32
|
mount_type: str,
|
@@ -32,7 +37,7 @@ class GetEntityAliasResult(dict):
|
|
32
37
|
:param str id: ID of the alias
|
33
38
|
:param str last_update_time: Last update time of the alias
|
34
39
|
:param Sequence[str] merged_from_canonical_ids: List of canonical IDs merged with this alias
|
35
|
-
:param Mapping[str,
|
40
|
+
:param Mapping[str, str] metadata: Arbitrary metadata
|
36
41
|
:param str mount_accessor: Authentication mount acccessor which this alias belongs to
|
37
42
|
:param str mount_path: Authentication mount path which this alias belongs to
|
38
43
|
:param str mount_type: Authentication mount type which this alias belongs to
|
@@ -91,7 +96,7 @@ class GetEntityAliasResult(dict):
|
|
91
96
|
|
92
97
|
@property
|
93
98
|
@pulumi.getter
|
94
|
-
def metadata(self) -> Mapping[str,
|
99
|
+
def metadata(self) -> Mapping[str, str]:
|
95
100
|
"""
|
96
101
|
Arbitrary metadata
|
97
102
|
"""
|
pulumi_vault/jwt/_inputs.py
CHANGED
@@ -4,15 +4,70 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
|
12
17
|
__all__ = [
|
13
18
|
'AuthBackendTuneArgs',
|
19
|
+
'AuthBackendTuneArgsDict',
|
14
20
|
]
|
15
21
|
|
22
|
+
MYPY = False
|
23
|
+
|
24
|
+
if not MYPY:
|
25
|
+
class AuthBackendTuneArgsDict(TypedDict):
|
26
|
+
allowed_response_headers: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]]
|
27
|
+
"""
|
28
|
+
List of headers to whitelist and allowing
|
29
|
+
a plugin to include them in the response.
|
30
|
+
"""
|
31
|
+
audit_non_hmac_request_keys: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]]
|
32
|
+
"""
|
33
|
+
Specifies the list of keys that will
|
34
|
+
not be HMAC'd by audit devices in the request data object.
|
35
|
+
"""
|
36
|
+
audit_non_hmac_response_keys: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]]
|
37
|
+
"""
|
38
|
+
Specifies the list of keys that will
|
39
|
+
not be HMAC'd by audit devices in the response data object.
|
40
|
+
"""
|
41
|
+
default_lease_ttl: NotRequired[pulumi.Input[str]]
|
42
|
+
"""
|
43
|
+
Specifies the default time-to-live.
|
44
|
+
If set, this overrides the global default.
|
45
|
+
Must be a valid [duration string](https://golang.org/pkg/time/#ParseDuration)
|
46
|
+
"""
|
47
|
+
listing_visibility: NotRequired[pulumi.Input[str]]
|
48
|
+
"""
|
49
|
+
Specifies whether to show this mount in
|
50
|
+
the UI-specific listing endpoint. Valid values are "unauth" or "hidden".
|
51
|
+
"""
|
52
|
+
max_lease_ttl: NotRequired[pulumi.Input[str]]
|
53
|
+
"""
|
54
|
+
Specifies the maximum time-to-live.
|
55
|
+
If set, this overrides the global default.
|
56
|
+
Must be a valid [duration string](https://golang.org/pkg/time/#ParseDuration)
|
57
|
+
"""
|
58
|
+
passthrough_request_headers: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]]
|
59
|
+
"""
|
60
|
+
List of headers to whitelist and
|
61
|
+
pass from the request to the backend.
|
62
|
+
"""
|
63
|
+
token_type: NotRequired[pulumi.Input[str]]
|
64
|
+
"""
|
65
|
+
Specifies the type of tokens that should be returned by
|
66
|
+
the mount. Valid values are "default-service", "default-batch", "service", "batch".
|
67
|
+
"""
|
68
|
+
elif False:
|
69
|
+
AuthBackendTuneArgsDict: TypeAlias = Mapping[str, Any]
|
70
|
+
|
16
71
|
@pulumi.input_type
|
17
72
|
class AuthBackendTuneArgs:
|
18
73
|
def __init__(__self__, *,
|
pulumi_vault/jwt/auth_backend.py
CHANGED
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
from . import outputs
|
12
17
|
from ._inputs import *
|
@@ -51,7 +56,7 @@ class AuthBackendArgs:
|
|
51
56
|
:param pulumi.Input[bool] local: Specifies if the auth method is local only.
|
52
57
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
53
58
|
The value should not contain leading or trailing forward slashes.
|
54
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
59
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
55
60
|
*Available only for Vault Enterprise*.
|
56
61
|
:param pulumi.Input[bool] namespace_in_state: Pass namespace in the OIDC state parameter instead of as a separate query parameter. With this setting, the allowed redirect URL(s) in Vault and on the provider side should not contain a namespace query parameter. This means only one redirect URL entry needs to be maintained on the OIDC provider side for all vault namespaces that will be authenticating against it. Defaults to true for new configs
|
57
62
|
|
@@ -226,7 +231,7 @@ class AuthBackendArgs:
|
|
226
231
|
"""
|
227
232
|
The namespace to provision the resource in.
|
228
233
|
The value should not contain leading or trailing forward slashes.
|
229
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
234
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
230
235
|
*Available only for Vault Enterprise*.
|
231
236
|
"""
|
232
237
|
return pulumi.get(self, "namespace")
|
@@ -409,7 +414,7 @@ class _AuthBackendState:
|
|
409
414
|
:param pulumi.Input[bool] local: Specifies if the auth method is local only.
|
410
415
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
411
416
|
The value should not contain leading or trailing forward slashes.
|
412
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
417
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
413
418
|
*Available only for Vault Enterprise*.
|
414
419
|
:param pulumi.Input[bool] namespace_in_state: Pass namespace in the OIDC state parameter instead of as a separate query parameter. With this setting, the allowed redirect URL(s) in Vault and on the provider side should not contain a namespace query parameter. This means only one redirect URL entry needs to be maintained on the OIDC provider side for all vault namespaces that will be authenticating against it. Defaults to true for new configs
|
415
420
|
|
@@ -598,7 +603,7 @@ class _AuthBackendState:
|
|
598
603
|
"""
|
599
604
|
The namespace to provision the resource in.
|
600
605
|
The value should not contain leading or trailing forward slashes.
|
601
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
606
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
602
607
|
*Available only for Vault Enterprise*.
|
603
608
|
"""
|
604
609
|
return pulumi.get(self, "namespace")
|
@@ -765,7 +770,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
765
770
|
oidc_response_types: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
766
771
|
path: Optional[pulumi.Input[str]] = None,
|
767
772
|
provider_config: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
768
|
-
tune: Optional[pulumi.Input[
|
773
|
+
tune: Optional[pulumi.Input[Union['AuthBackendTuneArgs', 'AuthBackendTuneArgsDict']]] = None,
|
769
774
|
type: Optional[pulumi.Input[str]] = None,
|
770
775
|
__props__=None):
|
771
776
|
"""
|
@@ -781,10 +786,10 @@ class AuthBackend(pulumi.CustomResource):
|
|
781
786
|
import pulumi_vault as vault
|
782
787
|
|
783
788
|
example = vault.jwt.AuthBackend("example",
|
784
|
-
bound_issuer="https://myco.auth0.com/",
|
785
789
|
description="Demonstration of the Terraform JWT auth backend",
|
790
|
+
path="jwt",
|
786
791
|
oidc_discovery_url="https://myco.auth0.com/",
|
787
|
-
|
792
|
+
bound_issuer="https://myco.auth0.com/")
|
788
793
|
```
|
789
794
|
|
790
795
|
Manage OIDC auth backend:
|
@@ -794,16 +799,16 @@ class AuthBackend(pulumi.CustomResource):
|
|
794
799
|
import pulumi_vault as vault
|
795
800
|
|
796
801
|
example = vault.jwt.AuthBackend("example",
|
797
|
-
bound_issuer="https://myco.auth0.com/",
|
798
802
|
description="Demonstration of the Terraform JWT auth backend",
|
803
|
+
path="oidc",
|
804
|
+
type="oidc",
|
805
|
+
oidc_discovery_url="https://myco.auth0.com/",
|
799
806
|
oidc_client_id="1234567890",
|
800
807
|
oidc_client_secret="secret123456",
|
801
|
-
|
802
|
-
|
803
|
-
|
804
|
-
|
805
|
-
),
|
806
|
-
type="oidc")
|
808
|
+
bound_issuer="https://myco.auth0.com/",
|
809
|
+
tune={
|
810
|
+
"listing_visibility": "unauth",
|
811
|
+
})
|
807
812
|
```
|
808
813
|
|
809
814
|
Configuring the auth backend with a `provider_config:
|
@@ -816,13 +821,13 @@ class AuthBackend(pulumi.CustomResource):
|
|
816
821
|
description="OIDC backend",
|
817
822
|
oidc_discovery_url="https://accounts.google.com",
|
818
823
|
path="oidc",
|
824
|
+
type="oidc",
|
819
825
|
provider_config={
|
826
|
+
"provider": "gsuite",
|
820
827
|
"fetch_groups": "true",
|
821
828
|
"fetch_user_info": "true",
|
822
829
|
"groups_recurse_max_depth": "1",
|
823
|
-
|
824
|
-
},
|
825
|
-
type="oidc")
|
830
|
+
})
|
826
831
|
```
|
827
832
|
|
828
833
|
## Import
|
@@ -830,12 +835,12 @@ class AuthBackend(pulumi.CustomResource):
|
|
830
835
|
JWT auth backend can be imported using the `path`, e.g.
|
831
836
|
|
832
837
|
```sh
|
833
|
-
|
838
|
+
$ pulumi import vault:jwt/authBackend:AuthBackend oidc oidc
|
834
839
|
```
|
835
|
-
|
840
|
+
or
|
836
841
|
|
837
842
|
```sh
|
838
|
-
|
843
|
+
$ pulumi import vault:jwt/authBackend:AuthBackend jwt jwt
|
839
844
|
```
|
840
845
|
|
841
846
|
:param str resource_name: The name of the resource.
|
@@ -852,7 +857,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
852
857
|
:param pulumi.Input[bool] local: Specifies if the auth method is local only.
|
853
858
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
854
859
|
The value should not contain leading or trailing forward slashes.
|
855
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
860
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
856
861
|
*Available only for Vault Enterprise*.
|
857
862
|
:param pulumi.Input[bool] namespace_in_state: Pass namespace in the OIDC state parameter instead of as a separate query parameter. With this setting, the allowed redirect URL(s) in Vault and on the provider side should not contain a namespace query parameter. This means only one redirect URL entry needs to be maintained on the OIDC provider side for all vault namespaces that will be authenticating against it. Defaults to true for new configs
|
858
863
|
|
@@ -888,10 +893,10 @@ class AuthBackend(pulumi.CustomResource):
|
|
888
893
|
import pulumi_vault as vault
|
889
894
|
|
890
895
|
example = vault.jwt.AuthBackend("example",
|
891
|
-
bound_issuer="https://myco.auth0.com/",
|
892
896
|
description="Demonstration of the Terraform JWT auth backend",
|
897
|
+
path="jwt",
|
893
898
|
oidc_discovery_url="https://myco.auth0.com/",
|
894
|
-
|
899
|
+
bound_issuer="https://myco.auth0.com/")
|
895
900
|
```
|
896
901
|
|
897
902
|
Manage OIDC auth backend:
|
@@ -901,16 +906,16 @@ class AuthBackend(pulumi.CustomResource):
|
|
901
906
|
import pulumi_vault as vault
|
902
907
|
|
903
908
|
example = vault.jwt.AuthBackend("example",
|
904
|
-
bound_issuer="https://myco.auth0.com/",
|
905
909
|
description="Demonstration of the Terraform JWT auth backend",
|
910
|
+
path="oidc",
|
911
|
+
type="oidc",
|
912
|
+
oidc_discovery_url="https://myco.auth0.com/",
|
906
913
|
oidc_client_id="1234567890",
|
907
914
|
oidc_client_secret="secret123456",
|
908
|
-
|
909
|
-
|
910
|
-
|
911
|
-
|
912
|
-
),
|
913
|
-
type="oidc")
|
915
|
+
bound_issuer="https://myco.auth0.com/",
|
916
|
+
tune={
|
917
|
+
"listing_visibility": "unauth",
|
918
|
+
})
|
914
919
|
```
|
915
920
|
|
916
921
|
Configuring the auth backend with a `provider_config:
|
@@ -923,13 +928,13 @@ class AuthBackend(pulumi.CustomResource):
|
|
923
928
|
description="OIDC backend",
|
924
929
|
oidc_discovery_url="https://accounts.google.com",
|
925
930
|
path="oidc",
|
931
|
+
type="oidc",
|
926
932
|
provider_config={
|
933
|
+
"provider": "gsuite",
|
927
934
|
"fetch_groups": "true",
|
928
935
|
"fetch_user_info": "true",
|
929
936
|
"groups_recurse_max_depth": "1",
|
930
|
-
|
931
|
-
},
|
932
|
-
type="oidc")
|
937
|
+
})
|
933
938
|
```
|
934
939
|
|
935
940
|
## Import
|
@@ -937,12 +942,12 @@ class AuthBackend(pulumi.CustomResource):
|
|
937
942
|
JWT auth backend can be imported using the `path`, e.g.
|
938
943
|
|
939
944
|
```sh
|
940
|
-
|
945
|
+
$ pulumi import vault:jwt/authBackend:AuthBackend oidc oidc
|
941
946
|
```
|
942
|
-
|
947
|
+
or
|
943
948
|
|
944
949
|
```sh
|
945
|
-
|
950
|
+
$ pulumi import vault:jwt/authBackend:AuthBackend jwt jwt
|
946
951
|
```
|
947
952
|
|
948
953
|
:param str resource_name: The name of the resource.
|
@@ -979,7 +984,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
979
984
|
oidc_response_types: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
980
985
|
path: Optional[pulumi.Input[str]] = None,
|
981
986
|
provider_config: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
982
|
-
tune: Optional[pulumi.Input[
|
987
|
+
tune: Optional[pulumi.Input[Union['AuthBackendTuneArgs', 'AuthBackendTuneArgsDict']]] = None,
|
983
988
|
type: Optional[pulumi.Input[str]] = None,
|
984
989
|
__props__=None):
|
985
990
|
opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
|
@@ -1044,7 +1049,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1044
1049
|
oidc_response_types: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1045
1050
|
path: Optional[pulumi.Input[str]] = None,
|
1046
1051
|
provider_config: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
1047
|
-
tune: Optional[pulumi.Input[
|
1052
|
+
tune: Optional[pulumi.Input[Union['AuthBackendTuneArgs', 'AuthBackendTuneArgsDict']]] = None,
|
1048
1053
|
type: Optional[pulumi.Input[str]] = None) -> 'AuthBackend':
|
1049
1054
|
"""
|
1050
1055
|
Get an existing AuthBackend resource's state with the given name, id, and optional extra
|
@@ -1066,7 +1071,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1066
1071
|
:param pulumi.Input[bool] local: Specifies if the auth method is local only.
|
1067
1072
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
1068
1073
|
The value should not contain leading or trailing forward slashes.
|
1069
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
1074
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
1070
1075
|
*Available only for Vault Enterprise*.
|
1071
1076
|
:param pulumi.Input[bool] namespace_in_state: Pass namespace in the OIDC state parameter instead of as a separate query parameter. With this setting, the allowed redirect URL(s) in Vault and on the provider side should not contain a namespace query parameter. This means only one redirect URL entry needs to be maintained on the OIDC provider side for all vault namespaces that will be authenticating against it. Defaults to true for new configs
|
1072
1077
|
|
@@ -1198,7 +1203,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1198
1203
|
"""
|
1199
1204
|
The namespace to provision the resource in.
|
1200
1205
|
The value should not contain leading or trailing forward slashes.
|
1201
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
1206
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
1202
1207
|
*Available only for Vault Enterprise*.
|
1203
1208
|
"""
|
1204
1209
|
return pulumi.get(self, "namespace")
|