pulumi-vault 5.21.0a1709368526__py3-none-any.whl → 6.5.0a1736836139__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +52 -0
- pulumi_vault/_inputs.py +560 -0
- pulumi_vault/_utilities.py +41 -5
- pulumi_vault/ad/get_access_credentials.py +26 -9
- pulumi_vault/ad/secret_backend.py +16 -142
- pulumi_vault/ad/secret_library.py +16 -9
- pulumi_vault/ad/secret_role.py +14 -9
- pulumi_vault/alicloud/auth_backend_role.py +76 -190
- pulumi_vault/approle/auth_backend_login.py +12 -7
- pulumi_vault/approle/auth_backend_role.py +77 -191
- pulumi_vault/approle/auth_backend_role_secret_id.py +106 -7
- pulumi_vault/approle/get_auth_backend_role_id.py +18 -5
- pulumi_vault/audit.py +30 -21
- pulumi_vault/audit_request_header.py +11 -2
- pulumi_vault/auth_backend.py +66 -14
- pulumi_vault/aws/auth_backend_cert.py +18 -9
- pulumi_vault/aws/auth_backend_client.py +267 -22
- pulumi_vault/aws/auth_backend_config_identity.py +14 -9
- pulumi_vault/aws/auth_backend_identity_whitelist.py +20 -15
- pulumi_vault/aws/auth_backend_login.py +19 -22
- pulumi_vault/aws/auth_backend_role.py +77 -191
- pulumi_vault/aws/auth_backend_role_tag.py +12 -7
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -13
- pulumi_vault/aws/auth_backend_sts_role.py +14 -9
- pulumi_vault/aws/get_access_credentials.py +38 -9
- pulumi_vault/aws/get_static_access_credentials.py +19 -5
- pulumi_vault/aws/secret_backend.py +77 -9
- pulumi_vault/aws/secret_backend_role.py +185 -9
- pulumi_vault/aws/secret_backend_static_role.py +20 -11
- pulumi_vault/azure/_inputs.py +24 -0
- pulumi_vault/azure/auth_backend_config.py +153 -15
- pulumi_vault/azure/auth_backend_role.py +77 -191
- pulumi_vault/azure/backend.py +227 -21
- pulumi_vault/azure/backend_role.py +42 -37
- pulumi_vault/azure/get_access_credentials.py +41 -7
- pulumi_vault/azure/outputs.py +5 -0
- pulumi_vault/cert_auth_backend_role.py +87 -267
- pulumi_vault/config/__init__.pyi +5 -0
- pulumi_vault/config/_inputs.py +73 -0
- pulumi_vault/config/outputs.py +35 -0
- pulumi_vault/config/ui_custom_message.py +529 -0
- pulumi_vault/config/vars.py +5 -0
- pulumi_vault/consul/secret_backend.py +28 -19
- pulumi_vault/consul/secret_backend_role.py +18 -78
- pulumi_vault/database/_inputs.py +2770 -881
- pulumi_vault/database/outputs.py +721 -838
- pulumi_vault/database/secret_backend_connection.py +119 -112
- pulumi_vault/database/secret_backend_role.py +31 -22
- pulumi_vault/database/secret_backend_static_role.py +87 -13
- pulumi_vault/database/secrets_mount.py +427 -136
- pulumi_vault/egp_policy.py +16 -11
- pulumi_vault/gcp/_inputs.py +111 -0
- pulumi_vault/gcp/auth_backend.py +250 -33
- pulumi_vault/gcp/auth_backend_role.py +77 -269
- pulumi_vault/gcp/get_auth_backend_role.py +43 -5
- pulumi_vault/gcp/outputs.py +5 -0
- pulumi_vault/gcp/secret_backend.py +287 -12
- pulumi_vault/gcp/secret_impersonated_account.py +76 -15
- pulumi_vault/gcp/secret_roleset.py +31 -24
- pulumi_vault/gcp/secret_static_account.py +39 -32
- pulumi_vault/generic/endpoint.py +24 -17
- pulumi_vault/generic/get_secret.py +64 -8
- pulumi_vault/generic/secret.py +21 -16
- pulumi_vault/get_auth_backend.py +24 -7
- pulumi_vault/get_auth_backends.py +51 -9
- pulumi_vault/get_namespace.py +226 -0
- pulumi_vault/get_namespaces.py +153 -0
- pulumi_vault/get_nomad_access_token.py +31 -11
- pulumi_vault/get_policy_document.py +34 -19
- pulumi_vault/get_raft_autopilot_state.py +29 -10
- pulumi_vault/github/_inputs.py +55 -0
- pulumi_vault/github/auth_backend.py +19 -14
- pulumi_vault/github/outputs.py +5 -0
- pulumi_vault/github/team.py +16 -11
- pulumi_vault/github/user.py +16 -11
- pulumi_vault/identity/entity.py +20 -13
- pulumi_vault/identity/entity_alias.py +20 -13
- pulumi_vault/identity/entity_policies.py +28 -11
- pulumi_vault/identity/get_entity.py +42 -10
- pulumi_vault/identity/get_group.py +47 -9
- pulumi_vault/identity/get_oidc_client_creds.py +21 -7
- pulumi_vault/identity/get_oidc_openid_config.py +39 -9
- pulumi_vault/identity/get_oidc_public_keys.py +29 -10
- pulumi_vault/identity/group.py +58 -39
- pulumi_vault/identity/group_alias.py +16 -9
- pulumi_vault/identity/group_member_entity_ids.py +28 -66
- pulumi_vault/identity/group_member_group_ids.py +40 -19
- pulumi_vault/identity/group_policies.py +20 -7
- pulumi_vault/identity/mfa_duo.py +11 -6
- pulumi_vault/identity/mfa_login_enforcement.py +15 -6
- pulumi_vault/identity/mfa_okta.py +11 -6
- pulumi_vault/identity/mfa_pingid.py +7 -2
- pulumi_vault/identity/mfa_totp.py +7 -2
- pulumi_vault/identity/oidc.py +12 -7
- pulumi_vault/identity/oidc_assignment.py +24 -11
- pulumi_vault/identity/oidc_client.py +36 -23
- pulumi_vault/identity/oidc_key.py +30 -17
- pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -15
- pulumi_vault/identity/oidc_provider.py +36 -21
- pulumi_vault/identity/oidc_role.py +42 -21
- pulumi_vault/identity/oidc_scope.py +20 -13
- pulumi_vault/identity/outputs.py +8 -3
- pulumi_vault/jwt/_inputs.py +55 -0
- pulumi_vault/jwt/auth_backend.py +45 -40
- pulumi_vault/jwt/auth_backend_role.py +133 -254
- pulumi_vault/jwt/outputs.py +5 -0
- pulumi_vault/kmip/secret_backend.py +24 -19
- pulumi_vault/kmip/secret_role.py +14 -9
- pulumi_vault/kmip/secret_scope.py +14 -9
- pulumi_vault/kubernetes/auth_backend_config.py +57 -5
- pulumi_vault/kubernetes/auth_backend_role.py +70 -177
- pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
- pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
- pulumi_vault/kubernetes/get_service_account_token.py +39 -11
- pulumi_vault/kubernetes/secret_backend.py +316 -27
- pulumi_vault/kubernetes/secret_backend_role.py +137 -46
- pulumi_vault/kv/_inputs.py +36 -4
- pulumi_vault/kv/get_secret.py +25 -8
- pulumi_vault/kv/get_secret_subkeys_v2.py +33 -10
- pulumi_vault/kv/get_secret_v2.py +85 -9
- pulumi_vault/kv/get_secrets_list.py +24 -11
- pulumi_vault/kv/get_secrets_list_v2.py +37 -15
- pulumi_vault/kv/outputs.py +8 -3
- pulumi_vault/kv/secret.py +23 -16
- pulumi_vault/kv/secret_backend_v2.py +20 -11
- pulumi_vault/kv/secret_v2.py +59 -50
- pulumi_vault/ldap/auth_backend.py +127 -166
- pulumi_vault/ldap/auth_backend_group.py +14 -9
- pulumi_vault/ldap/auth_backend_user.py +14 -9
- pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
- pulumi_vault/ldap/get_static_credentials.py +24 -5
- pulumi_vault/ldap/secret_backend.py +354 -82
- pulumi_vault/ldap/secret_backend_dynamic_role.py +18 -11
- pulumi_vault/ldap/secret_backend_library_set.py +16 -9
- pulumi_vault/ldap/secret_backend_static_role.py +73 -12
- pulumi_vault/managed/_inputs.py +289 -132
- pulumi_vault/managed/keys.py +29 -57
- pulumi_vault/managed/outputs.py +89 -132
- pulumi_vault/mfa_duo.py +18 -11
- pulumi_vault/mfa_okta.py +18 -11
- pulumi_vault/mfa_pingid.py +18 -11
- pulumi_vault/mfa_totp.py +24 -17
- pulumi_vault/mongodbatlas/secret_backend.py +20 -15
- pulumi_vault/mongodbatlas/secret_role.py +47 -38
- pulumi_vault/mount.py +391 -51
- pulumi_vault/namespace.py +68 -83
- pulumi_vault/nomad_secret_backend.py +18 -13
- pulumi_vault/nomad_secret_role.py +14 -9
- pulumi_vault/okta/_inputs.py +47 -8
- pulumi_vault/okta/auth_backend.py +485 -39
- pulumi_vault/okta/auth_backend_group.py +14 -9
- pulumi_vault/okta/auth_backend_user.py +14 -9
- pulumi_vault/okta/outputs.py +13 -8
- pulumi_vault/outputs.py +5 -0
- pulumi_vault/password_policy.py +20 -13
- pulumi_vault/pkisecret/__init__.py +3 -0
- pulumi_vault/pkisecret/_inputs.py +81 -0
- pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
- pulumi_vault/pkisecret/backend_config_est.py +619 -0
- pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
- pulumi_vault/pkisecret/get_backend_issuer.py +67 -9
- pulumi_vault/pkisecret/get_backend_issuers.py +21 -8
- pulumi_vault/pkisecret/get_backend_key.py +24 -9
- pulumi_vault/pkisecret/get_backend_keys.py +21 -8
- pulumi_vault/pkisecret/outputs.py +69 -0
- pulumi_vault/pkisecret/secret_backend_cert.py +18 -11
- pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -11
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +14 -9
- pulumi_vault/pkisecret/secret_backend_config_urls.py +67 -11
- pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -9
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -11
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -17
- pulumi_vault/pkisecret/secret_backend_issuer.py +14 -9
- pulumi_vault/pkisecret/secret_backend_key.py +14 -9
- pulumi_vault/pkisecret/secret_backend_role.py +21 -14
- pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -48
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -56
- pulumi_vault/pkisecret/secret_backend_sign.py +18 -54
- pulumi_vault/plugin.py +595 -0
- pulumi_vault/plugin_pinned_version.py +298 -0
- pulumi_vault/policy.py +14 -9
- pulumi_vault/provider.py +48 -53
- pulumi_vault/pulumi-plugin.json +2 -1
- pulumi_vault/quota_lease_count.py +60 -6
- pulumi_vault/quota_rate_limit.py +56 -2
- pulumi_vault/rabbitmq/_inputs.py +61 -0
- pulumi_vault/rabbitmq/outputs.py +5 -0
- pulumi_vault/rabbitmq/secret_backend.py +18 -13
- pulumi_vault/rabbitmq/secret_backend_role.py +54 -47
- pulumi_vault/raft_autopilot.py +14 -9
- pulumi_vault/raft_snapshot_agent_config.py +129 -224
- pulumi_vault/rgp_policy.py +14 -9
- pulumi_vault/saml/auth_backend.py +22 -17
- pulumi_vault/saml/auth_backend_role.py +92 -197
- pulumi_vault/secrets/__init__.py +3 -0
- pulumi_vault/secrets/_inputs.py +110 -0
- pulumi_vault/secrets/outputs.py +94 -0
- pulumi_vault/secrets/sync_association.py +56 -71
- pulumi_vault/secrets/sync_aws_destination.py +242 -27
- pulumi_vault/secrets/sync_azure_destination.py +92 -31
- pulumi_vault/secrets/sync_config.py +9 -4
- pulumi_vault/secrets/sync_gcp_destination.py +158 -25
- pulumi_vault/secrets/sync_gh_destination.py +189 -13
- pulumi_vault/secrets/sync_github_apps.py +375 -0
- pulumi_vault/secrets/sync_vercel_destination.py +74 -13
- pulumi_vault/ssh/_inputs.py +28 -28
- pulumi_vault/ssh/outputs.py +11 -28
- pulumi_vault/ssh/secret_backend_ca.py +108 -9
- pulumi_vault/ssh/secret_backend_role.py +85 -118
- pulumi_vault/terraformcloud/secret_backend.py +7 -54
- pulumi_vault/terraformcloud/secret_creds.py +14 -20
- pulumi_vault/terraformcloud/secret_role.py +16 -74
- pulumi_vault/token.py +28 -23
- pulumi_vault/tokenauth/auth_backend_role.py +78 -199
- pulumi_vault/transform/alphabet.py +16 -9
- pulumi_vault/transform/get_decode.py +45 -17
- pulumi_vault/transform/get_encode.py +45 -17
- pulumi_vault/transform/role.py +16 -9
- pulumi_vault/transform/template.py +30 -21
- pulumi_vault/transform/transformation.py +12 -7
- pulumi_vault/transit/get_decrypt.py +26 -21
- pulumi_vault/transit/get_encrypt.py +24 -19
- pulumi_vault/transit/secret_backend_key.py +27 -93
- pulumi_vault/transit/secret_cache_config.py +12 -7
- {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/METADATA +8 -7
- pulumi_vault-6.5.0a1736836139.dist-info/RECORD +256 -0
- {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/WHEEL +1 -1
- pulumi_vault-5.21.0a1709368526.dist-info/RECORD +0 -244
- {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/top_level.txt +0 -0
pulumi_vault/jwt/outputs.py
CHANGED
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
|
12
17
|
__all__ = [
|
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
|
12
17
|
__all__ = ['SecretBackendArgs', 'SecretBackend']
|
@@ -40,7 +45,7 @@ class SecretBackendArgs:
|
|
40
45
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] listen_addrs: Addresses the KMIP server should listen on (`host:port`).
|
41
46
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
42
47
|
The value should not contain leading or trailing forward slashes.
|
43
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
48
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
44
49
|
*Available only for Vault Enterprise*.
|
45
50
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] server_hostnames: Hostnames to include in the server's TLS certificate as SAN DNS names. The first will be used as the common name (CN).
|
46
51
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] server_ips: IPs to include in the server's TLS certificate as SAN IP addresses.
|
@@ -166,7 +171,7 @@ class SecretBackendArgs:
|
|
166
171
|
"""
|
167
172
|
The namespace to provision the resource in.
|
168
173
|
The value should not contain leading or trailing forward slashes.
|
169
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
174
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
170
175
|
*Available only for Vault Enterprise*.
|
171
176
|
"""
|
172
177
|
return pulumi.get(self, "namespace")
|
@@ -263,7 +268,7 @@ class _SecretBackendState:
|
|
263
268
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] listen_addrs: Addresses the KMIP server should listen on (`host:port`).
|
264
269
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
265
270
|
The value should not contain leading or trailing forward slashes.
|
266
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
271
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
267
272
|
*Available only for Vault Enterprise*.
|
268
273
|
:param pulumi.Input[str] path: The unique path this backend should be mounted at. Must
|
269
274
|
not begin or end with a `/`. Defaults to `kmip`.
|
@@ -379,7 +384,7 @@ class _SecretBackendState:
|
|
379
384
|
"""
|
380
385
|
The namespace to provision the resource in.
|
381
386
|
The value should not contain leading or trailing forward slashes.
|
382
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
387
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
383
388
|
*Available only for Vault Enterprise*.
|
384
389
|
"""
|
385
390
|
return pulumi.get(self, "namespace")
|
@@ -493,17 +498,17 @@ class SecretBackend(pulumi.CustomResource):
|
|
493
498
|
import pulumi_vault as vault
|
494
499
|
|
495
500
|
default = vault.kmip.SecretBackend("default",
|
496
|
-
|
497
|
-
default_tls_client_key_type="rsa",
|
498
|
-
default_tls_client_ttl=86400,
|
501
|
+
path="kmip",
|
499
502
|
description="Vault KMIP backend",
|
500
503
|
listen_addrs=[
|
501
504
|
"127.0.0.1:5696",
|
502
505
|
"127.0.0.1:8080",
|
503
506
|
],
|
504
|
-
|
507
|
+
tls_ca_key_type="rsa",
|
505
508
|
tls_ca_key_bits=4096,
|
506
|
-
|
509
|
+
default_tls_client_key_type="rsa",
|
510
|
+
default_tls_client_key_bits=4096,
|
511
|
+
default_tls_client_ttl=86400)
|
507
512
|
```
|
508
513
|
|
509
514
|
## Import
|
@@ -511,7 +516,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
511
516
|
KMIP Secret backend can be imported using the `path`, e.g.
|
512
517
|
|
513
518
|
```sh
|
514
|
-
|
519
|
+
$ pulumi import vault:kmip/secretBackend:SecretBackend default kmip
|
515
520
|
```
|
516
521
|
|
517
522
|
:param str resource_name: The name of the resource.
|
@@ -525,7 +530,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
525
530
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] listen_addrs: Addresses the KMIP server should listen on (`host:port`).
|
526
531
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
527
532
|
The value should not contain leading or trailing forward slashes.
|
528
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
533
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
529
534
|
*Available only for Vault Enterprise*.
|
530
535
|
:param pulumi.Input[str] path: The unique path this backend should be mounted at. Must
|
531
536
|
not begin or end with a `/`. Defaults to `kmip`.
|
@@ -553,17 +558,17 @@ class SecretBackend(pulumi.CustomResource):
|
|
553
558
|
import pulumi_vault as vault
|
554
559
|
|
555
560
|
default = vault.kmip.SecretBackend("default",
|
556
|
-
|
557
|
-
default_tls_client_key_type="rsa",
|
558
|
-
default_tls_client_ttl=86400,
|
561
|
+
path="kmip",
|
559
562
|
description="Vault KMIP backend",
|
560
563
|
listen_addrs=[
|
561
564
|
"127.0.0.1:5696",
|
562
565
|
"127.0.0.1:8080",
|
563
566
|
],
|
564
|
-
|
567
|
+
tls_ca_key_type="rsa",
|
565
568
|
tls_ca_key_bits=4096,
|
566
|
-
|
569
|
+
default_tls_client_key_type="rsa",
|
570
|
+
default_tls_client_key_bits=4096,
|
571
|
+
default_tls_client_ttl=86400)
|
567
572
|
```
|
568
573
|
|
569
574
|
## Import
|
@@ -571,7 +576,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
571
576
|
KMIP Secret backend can be imported using the `path`, e.g.
|
572
577
|
|
573
578
|
```sh
|
574
|
-
|
579
|
+
$ pulumi import vault:kmip/secretBackend:SecretBackend default kmip
|
575
580
|
```
|
576
581
|
|
577
582
|
:param str resource_name: The name of the resource.
|
@@ -665,7 +670,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
665
670
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] listen_addrs: Addresses the KMIP server should listen on (`host:port`).
|
666
671
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
667
672
|
The value should not contain leading or trailing forward slashes.
|
668
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
673
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
669
674
|
*Available only for Vault Enterprise*.
|
670
675
|
:param pulumi.Input[str] path: The unique path this backend should be mounted at. Must
|
671
676
|
not begin or end with a `/`. Defaults to `kmip`.
|
@@ -749,7 +754,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
749
754
|
"""
|
750
755
|
The namespace to provision the resource in.
|
751
756
|
The value should not contain leading or trailing forward slashes.
|
752
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
757
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
753
758
|
*Available only for Vault Enterprise*.
|
754
759
|
"""
|
755
760
|
return pulumi.get(self, "namespace")
|
pulumi_vault/kmip/secret_role.py
CHANGED
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
|
12
17
|
__all__ = ['SecretRoleArgs', 'SecretRole']
|
@@ -43,7 +48,7 @@ class SecretRoleArgs:
|
|
43
48
|
:param pulumi.Input[str] scope: Name of the scope.
|
44
49
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
45
50
|
The value should not contain leading or trailing forward slashes.
|
46
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
51
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
47
52
|
*Available only for Vault Enterprise*.
|
48
53
|
:param pulumi.Input[bool] operation_activate: Grant permission to use the KMIP Activate operation.
|
49
54
|
:param pulumi.Input[bool] operation_add_attribute: Grant permission to use the KMIP Add Attribute operation.
|
@@ -146,7 +151,7 @@ class SecretRoleArgs:
|
|
146
151
|
"""
|
147
152
|
The namespace to provision the resource in.
|
148
153
|
The value should not contain leading or trailing forward slashes.
|
149
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
154
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
150
155
|
*Available only for Vault Enterprise*.
|
151
156
|
"""
|
152
157
|
return pulumi.get(self, "namespace")
|
@@ -388,7 +393,7 @@ class _SecretRoleState:
|
|
388
393
|
Input properties used for looking up and filtering SecretRole resources.
|
389
394
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
390
395
|
The value should not contain leading or trailing forward slashes.
|
391
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
396
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
392
397
|
*Available only for Vault Enterprise*.
|
393
398
|
:param pulumi.Input[bool] operation_activate: Grant permission to use the KMIP Activate operation.
|
394
399
|
:param pulumi.Input[bool] operation_add_attribute: Grant permission to use the KMIP Add Attribute operation.
|
@@ -461,7 +466,7 @@ class _SecretRoleState:
|
|
461
466
|
"""
|
462
467
|
The namespace to provision the resource in.
|
463
468
|
The value should not contain leading or trailing forward slashes.
|
464
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
469
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
465
470
|
*Available only for Vault Enterprise*.
|
466
471
|
"""
|
467
472
|
return pulumi.get(self, "namespace")
|
@@ -775,14 +780,14 @@ class SecretRole(pulumi.CustomResource):
|
|
775
780
|
KMIP Secret role can be imported using the `path`, e.g.
|
776
781
|
|
777
782
|
```sh
|
778
|
-
|
783
|
+
$ pulumi import vault:kmip/secretRole:SecretRole admin kmip
|
779
784
|
```
|
780
785
|
|
781
786
|
:param str resource_name: The name of the resource.
|
782
787
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
783
788
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
784
789
|
The value should not contain leading or trailing forward slashes.
|
785
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
790
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
786
791
|
*Available only for Vault Enterprise*.
|
787
792
|
:param pulumi.Input[bool] operation_activate: Grant permission to use the KMIP Activate operation.
|
788
793
|
:param pulumi.Input[bool] operation_add_attribute: Grant permission to use the KMIP Add Attribute operation.
|
@@ -848,7 +853,7 @@ class SecretRole(pulumi.CustomResource):
|
|
848
853
|
KMIP Secret role can be imported using the `path`, e.g.
|
849
854
|
|
850
855
|
```sh
|
851
|
-
|
856
|
+
$ pulumi import vault:kmip/secretRole:SecretRole admin kmip
|
852
857
|
```
|
853
858
|
|
854
859
|
:param str resource_name: The name of the resource.
|
@@ -963,7 +968,7 @@ class SecretRole(pulumi.CustomResource):
|
|
963
968
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
964
969
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
965
970
|
The value should not contain leading or trailing forward slashes.
|
966
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
971
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
967
972
|
*Available only for Vault Enterprise*.
|
968
973
|
:param pulumi.Input[bool] operation_activate: Grant permission to use the KMIP Activate operation.
|
969
974
|
:param pulumi.Input[bool] operation_add_attribute: Grant permission to use the KMIP Add Attribute operation.
|
@@ -1020,7 +1025,7 @@ class SecretRole(pulumi.CustomResource):
|
|
1020
1025
|
"""
|
1021
1026
|
The namespace to provision the resource in.
|
1022
1027
|
The value should not contain leading or trailing forward slashes.
|
1023
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
1028
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
1024
1029
|
*Available only for Vault Enterprise*.
|
1025
1030
|
"""
|
1026
1031
|
return pulumi.get(self, "namespace")
|
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
|
12
17
|
__all__ = ['SecretScopeArgs', 'SecretScope']
|
@@ -26,7 +31,7 @@ class SecretScopeArgs:
|
|
26
31
|
:param pulumi.Input[bool] force: Boolean field to force deletion even if there are managed objects in the scope.
|
27
32
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
28
33
|
The value should not contain leading or trailing forward slashes.
|
29
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
34
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
30
35
|
*Available only for Vault Enterprise*.
|
31
36
|
"""
|
32
37
|
pulumi.set(__self__, "path", path)
|
@@ -79,7 +84,7 @@ class SecretScopeArgs:
|
|
79
84
|
"""
|
80
85
|
The namespace to provision the resource in.
|
81
86
|
The value should not contain leading or trailing forward slashes.
|
82
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
87
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
83
88
|
*Available only for Vault Enterprise*.
|
84
89
|
"""
|
85
90
|
return pulumi.get(self, "namespace")
|
@@ -101,7 +106,7 @@ class _SecretScopeState:
|
|
101
106
|
:param pulumi.Input[bool] force: Boolean field to force deletion even if there are managed objects in the scope.
|
102
107
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
103
108
|
The value should not contain leading or trailing forward slashes.
|
104
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
109
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
105
110
|
*Available only for Vault Enterprise*.
|
106
111
|
:param pulumi.Input[str] path: The unique path this backend should be mounted at. Must
|
107
112
|
not begin or end with a `/`. Defaults to `kmip`.
|
@@ -134,7 +139,7 @@ class _SecretScopeState:
|
|
134
139
|
"""
|
135
140
|
The namespace to provision the resource in.
|
136
141
|
The value should not contain leading or trailing forward slashes.
|
137
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
142
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
138
143
|
*Available only for Vault Enterprise*.
|
139
144
|
"""
|
140
145
|
return pulumi.get(self, "namespace")
|
@@ -204,7 +209,7 @@ class SecretScope(pulumi.CustomResource):
|
|
204
209
|
KMIP Secret scope can be imported using the `path`, e.g.
|
205
210
|
|
206
211
|
```sh
|
207
|
-
|
212
|
+
$ pulumi import vault:kmip/secretScope:SecretScope dev kmip
|
208
213
|
```
|
209
214
|
|
210
215
|
:param str resource_name: The name of the resource.
|
@@ -212,7 +217,7 @@ class SecretScope(pulumi.CustomResource):
|
|
212
217
|
:param pulumi.Input[bool] force: Boolean field to force deletion even if there are managed objects in the scope.
|
213
218
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
214
219
|
The value should not contain leading or trailing forward slashes.
|
215
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
220
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
216
221
|
*Available only for Vault Enterprise*.
|
217
222
|
:param pulumi.Input[str] path: The unique path this backend should be mounted at. Must
|
218
223
|
not begin or end with a `/`. Defaults to `kmip`.
|
@@ -249,7 +254,7 @@ class SecretScope(pulumi.CustomResource):
|
|
249
254
|
KMIP Secret scope can be imported using the `path`, e.g.
|
250
255
|
|
251
256
|
```sh
|
252
|
-
|
257
|
+
$ pulumi import vault:kmip/secretScope:SecretScope dev kmip
|
253
258
|
```
|
254
259
|
|
255
260
|
:param str resource_name: The name of the resource.
|
@@ -312,7 +317,7 @@ class SecretScope(pulumi.CustomResource):
|
|
312
317
|
:param pulumi.Input[bool] force: Boolean field to force deletion even if there are managed objects in the scope.
|
313
318
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
314
319
|
The value should not contain leading or trailing forward slashes.
|
315
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
320
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
316
321
|
*Available only for Vault Enterprise*.
|
317
322
|
:param pulumi.Input[str] path: The unique path this backend should be mounted at. Must
|
318
323
|
not begin or end with a `/`. Defaults to `kmip`.
|
@@ -342,7 +347,7 @@ class SecretScope(pulumi.CustomResource):
|
|
342
347
|
"""
|
343
348
|
The namespace to provision the resource in.
|
344
349
|
The value should not contain leading or trailing forward slashes.
|
345
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
350
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
346
351
|
*Available only for Vault Enterprise*.
|
347
352
|
"""
|
348
353
|
return pulumi.get(self, "namespace")
|
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
|
12
17
|
__all__ = ['AuthBackendConfigArgs', 'AuthBackendConfig']
|
@@ -22,7 +27,8 @@ class AuthBackendConfigArgs:
|
|
22
27
|
kubernetes_ca_cert: Optional[pulumi.Input[str]] = None,
|
23
28
|
namespace: Optional[pulumi.Input[str]] = None,
|
24
29
|
pem_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
25
|
-
token_reviewer_jwt: Optional[pulumi.Input[str]] = None
|
30
|
+
token_reviewer_jwt: Optional[pulumi.Input[str]] = None,
|
31
|
+
use_annotations_as_alias_metadata: Optional[pulumi.Input[bool]] = None):
|
26
32
|
"""
|
27
33
|
The set of arguments for constructing a AuthBackendConfig resource.
|
28
34
|
:param pulumi.Input[str] kubernetes_host: Host must be a host string, a host:port pair, or a URL to the base of the Kubernetes API server.
|
@@ -37,6 +43,7 @@ class AuthBackendConfigArgs:
|
|
37
43
|
*Available only for Vault Enterprise*.
|
38
44
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] pem_keys: List of PEM-formatted public keys or certificates used to verify the signatures of Kubernetes service account JWTs. If a certificate is given, its public key will be extracted. Not every installation of Kubernetes exposes these keys.
|
39
45
|
:param pulumi.Input[str] token_reviewer_jwt: A service account JWT (or other token) used as a bearer token to access the TokenReview API to validate other JWTs during login. If not set the JWT used for login will be used to access the API.
|
46
|
+
:param pulumi.Input[bool] use_annotations_as_alias_metadata: Use annotations from the client token's associated service account as alias metadata for the Vault entity. Requires Vault `v1.16+` or Vault auth kubernetes plugin `v0.18.0+`
|
40
47
|
"""
|
41
48
|
pulumi.set(__self__, "kubernetes_host", kubernetes_host)
|
42
49
|
if backend is not None:
|
@@ -55,6 +62,8 @@ class AuthBackendConfigArgs:
|
|
55
62
|
pulumi.set(__self__, "pem_keys", pem_keys)
|
56
63
|
if token_reviewer_jwt is not None:
|
57
64
|
pulumi.set(__self__, "token_reviewer_jwt", token_reviewer_jwt)
|
65
|
+
if use_annotations_as_alias_metadata is not None:
|
66
|
+
pulumi.set(__self__, "use_annotations_as_alias_metadata", use_annotations_as_alias_metadata)
|
58
67
|
|
59
68
|
@property
|
60
69
|
@pulumi.getter(name="kubernetesHost")
|
@@ -167,6 +176,18 @@ class AuthBackendConfigArgs:
|
|
167
176
|
def token_reviewer_jwt(self, value: Optional[pulumi.Input[str]]):
|
168
177
|
pulumi.set(self, "token_reviewer_jwt", value)
|
169
178
|
|
179
|
+
@property
|
180
|
+
@pulumi.getter(name="useAnnotationsAsAliasMetadata")
|
181
|
+
def use_annotations_as_alias_metadata(self) -> Optional[pulumi.Input[bool]]:
|
182
|
+
"""
|
183
|
+
Use annotations from the client token's associated service account as alias metadata for the Vault entity. Requires Vault `v1.16+` or Vault auth kubernetes plugin `v0.18.0+`
|
184
|
+
"""
|
185
|
+
return pulumi.get(self, "use_annotations_as_alias_metadata")
|
186
|
+
|
187
|
+
@use_annotations_as_alias_metadata.setter
|
188
|
+
def use_annotations_as_alias_metadata(self, value: Optional[pulumi.Input[bool]]):
|
189
|
+
pulumi.set(self, "use_annotations_as_alias_metadata", value)
|
190
|
+
|
170
191
|
|
171
192
|
@pulumi.input_type
|
172
193
|
class _AuthBackendConfigState:
|
@@ -179,7 +200,8 @@ class _AuthBackendConfigState:
|
|
179
200
|
kubernetes_host: Optional[pulumi.Input[str]] = None,
|
180
201
|
namespace: Optional[pulumi.Input[str]] = None,
|
181
202
|
pem_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
182
|
-
token_reviewer_jwt: Optional[pulumi.Input[str]] = None
|
203
|
+
token_reviewer_jwt: Optional[pulumi.Input[str]] = None,
|
204
|
+
use_annotations_as_alias_metadata: Optional[pulumi.Input[bool]] = None):
|
183
205
|
"""
|
184
206
|
Input properties used for looking up and filtering AuthBackendConfig resources.
|
185
207
|
:param pulumi.Input[str] backend: Unique name of the kubernetes backend to configure.
|
@@ -194,6 +216,7 @@ class _AuthBackendConfigState:
|
|
194
216
|
*Available only for Vault Enterprise*.
|
195
217
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] pem_keys: List of PEM-formatted public keys or certificates used to verify the signatures of Kubernetes service account JWTs. If a certificate is given, its public key will be extracted. Not every installation of Kubernetes exposes these keys.
|
196
218
|
:param pulumi.Input[str] token_reviewer_jwt: A service account JWT (or other token) used as a bearer token to access the TokenReview API to validate other JWTs during login. If not set the JWT used for login will be used to access the API.
|
219
|
+
:param pulumi.Input[bool] use_annotations_as_alias_metadata: Use annotations from the client token's associated service account as alias metadata for the Vault entity. Requires Vault `v1.16+` or Vault auth kubernetes plugin `v0.18.0+`
|
197
220
|
"""
|
198
221
|
if backend is not None:
|
199
222
|
pulumi.set(__self__, "backend", backend)
|
@@ -213,6 +236,8 @@ class _AuthBackendConfigState:
|
|
213
236
|
pulumi.set(__self__, "pem_keys", pem_keys)
|
214
237
|
if token_reviewer_jwt is not None:
|
215
238
|
pulumi.set(__self__, "token_reviewer_jwt", token_reviewer_jwt)
|
239
|
+
if use_annotations_as_alias_metadata is not None:
|
240
|
+
pulumi.set(__self__, "use_annotations_as_alias_metadata", use_annotations_as_alias_metadata)
|
216
241
|
|
217
242
|
@property
|
218
243
|
@pulumi.getter
|
@@ -325,6 +350,18 @@ class _AuthBackendConfigState:
|
|
325
350
|
def token_reviewer_jwt(self, value: Optional[pulumi.Input[str]]):
|
326
351
|
pulumi.set(self, "token_reviewer_jwt", value)
|
327
352
|
|
353
|
+
@property
|
354
|
+
@pulumi.getter(name="useAnnotationsAsAliasMetadata")
|
355
|
+
def use_annotations_as_alias_metadata(self) -> Optional[pulumi.Input[bool]]:
|
356
|
+
"""
|
357
|
+
Use annotations from the client token's associated service account as alias metadata for the Vault entity. Requires Vault `v1.16+` or Vault auth kubernetes plugin `v0.18.0+`
|
358
|
+
"""
|
359
|
+
return pulumi.get(self, "use_annotations_as_alias_metadata")
|
360
|
+
|
361
|
+
@use_annotations_as_alias_metadata.setter
|
362
|
+
def use_annotations_as_alias_metadata(self, value: Optional[pulumi.Input[bool]]):
|
363
|
+
pulumi.set(self, "use_annotations_as_alias_metadata", value)
|
364
|
+
|
328
365
|
|
329
366
|
class AuthBackendConfig(pulumi.CustomResource):
|
330
367
|
@overload
|
@@ -340,6 +377,7 @@ class AuthBackendConfig(pulumi.CustomResource):
|
|
340
377
|
namespace: Optional[pulumi.Input[str]] = None,
|
341
378
|
pem_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
342
379
|
token_reviewer_jwt: Optional[pulumi.Input[str]] = None,
|
380
|
+
use_annotations_as_alias_metadata: Optional[pulumi.Input[bool]] = None,
|
343
381
|
__props__=None):
|
344
382
|
"""
|
345
383
|
Manages an Kubernetes auth backend config in a Vault server. See the [Vault
|
@@ -369,7 +407,7 @@ class AuthBackendConfig(pulumi.CustomResource):
|
|
369
407
|
Kubernetes authentication backend can be imported using the `path`, e.g.
|
370
408
|
|
371
409
|
```sh
|
372
|
-
|
410
|
+
$ pulumi import vault:kubernetes/authBackendConfig:AuthBackendConfig config auth/kubernetes/config
|
373
411
|
```
|
374
412
|
|
375
413
|
:param str resource_name: The name of the resource.
|
@@ -386,6 +424,7 @@ class AuthBackendConfig(pulumi.CustomResource):
|
|
386
424
|
*Available only for Vault Enterprise*.
|
387
425
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] pem_keys: List of PEM-formatted public keys or certificates used to verify the signatures of Kubernetes service account JWTs. If a certificate is given, its public key will be extracted. Not every installation of Kubernetes exposes these keys.
|
388
426
|
:param pulumi.Input[str] token_reviewer_jwt: A service account JWT (or other token) used as a bearer token to access the TokenReview API to validate other JWTs during login. If not set the JWT used for login will be used to access the API.
|
427
|
+
:param pulumi.Input[bool] use_annotations_as_alias_metadata: Use annotations from the client token's associated service account as alias metadata for the Vault entity. Requires Vault `v1.16+` or Vault auth kubernetes plugin `v0.18.0+`
|
389
428
|
"""
|
390
429
|
...
|
391
430
|
@overload
|
@@ -421,7 +460,7 @@ class AuthBackendConfig(pulumi.CustomResource):
|
|
421
460
|
Kubernetes authentication backend can be imported using the `path`, e.g.
|
422
461
|
|
423
462
|
```sh
|
424
|
-
|
463
|
+
$ pulumi import vault:kubernetes/authBackendConfig:AuthBackendConfig config auth/kubernetes/config
|
425
464
|
```
|
426
465
|
|
427
466
|
:param str resource_name: The name of the resource.
|
@@ -448,6 +487,7 @@ class AuthBackendConfig(pulumi.CustomResource):
|
|
448
487
|
namespace: Optional[pulumi.Input[str]] = None,
|
449
488
|
pem_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
450
489
|
token_reviewer_jwt: Optional[pulumi.Input[str]] = None,
|
490
|
+
use_annotations_as_alias_metadata: Optional[pulumi.Input[bool]] = None,
|
451
491
|
__props__=None):
|
452
492
|
opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
|
453
493
|
if not isinstance(opts, pulumi.ResourceOptions):
|
@@ -468,6 +508,7 @@ class AuthBackendConfig(pulumi.CustomResource):
|
|
468
508
|
__props__.__dict__["namespace"] = namespace
|
469
509
|
__props__.__dict__["pem_keys"] = pem_keys
|
470
510
|
__props__.__dict__["token_reviewer_jwt"] = None if token_reviewer_jwt is None else pulumi.Output.secret(token_reviewer_jwt)
|
511
|
+
__props__.__dict__["use_annotations_as_alias_metadata"] = use_annotations_as_alias_metadata
|
471
512
|
secret_opts = pulumi.ResourceOptions(additional_secret_outputs=["tokenReviewerJwt"])
|
472
513
|
opts = pulumi.ResourceOptions.merge(opts, secret_opts)
|
473
514
|
super(AuthBackendConfig, __self__).__init__(
|
@@ -488,7 +529,8 @@ class AuthBackendConfig(pulumi.CustomResource):
|
|
488
529
|
kubernetes_host: Optional[pulumi.Input[str]] = None,
|
489
530
|
namespace: Optional[pulumi.Input[str]] = None,
|
490
531
|
pem_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
491
|
-
token_reviewer_jwt: Optional[pulumi.Input[str]] = None
|
532
|
+
token_reviewer_jwt: Optional[pulumi.Input[str]] = None,
|
533
|
+
use_annotations_as_alias_metadata: Optional[pulumi.Input[bool]] = None) -> 'AuthBackendConfig':
|
492
534
|
"""
|
493
535
|
Get an existing AuthBackendConfig resource's state with the given name, id, and optional extra
|
494
536
|
properties used to qualify the lookup.
|
@@ -508,6 +550,7 @@ class AuthBackendConfig(pulumi.CustomResource):
|
|
508
550
|
*Available only for Vault Enterprise*.
|
509
551
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] pem_keys: List of PEM-formatted public keys or certificates used to verify the signatures of Kubernetes service account JWTs. If a certificate is given, its public key will be extracted. Not every installation of Kubernetes exposes these keys.
|
510
552
|
:param pulumi.Input[str] token_reviewer_jwt: A service account JWT (or other token) used as a bearer token to access the TokenReview API to validate other JWTs during login. If not set the JWT used for login will be used to access the API.
|
553
|
+
:param pulumi.Input[bool] use_annotations_as_alias_metadata: Use annotations from the client token's associated service account as alias metadata for the Vault entity. Requires Vault `v1.16+` or Vault auth kubernetes plugin `v0.18.0+`
|
511
554
|
"""
|
512
555
|
opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
|
513
556
|
|
@@ -522,6 +565,7 @@ class AuthBackendConfig(pulumi.CustomResource):
|
|
522
565
|
__props__.__dict__["namespace"] = namespace
|
523
566
|
__props__.__dict__["pem_keys"] = pem_keys
|
524
567
|
__props__.__dict__["token_reviewer_jwt"] = token_reviewer_jwt
|
568
|
+
__props__.__dict__["use_annotations_as_alias_metadata"] = use_annotations_as_alias_metadata
|
525
569
|
return AuthBackendConfig(resource_name, opts=opts, __props__=__props__)
|
526
570
|
|
527
571
|
@property
|
@@ -599,3 +643,11 @@ class AuthBackendConfig(pulumi.CustomResource):
|
|
599
643
|
"""
|
600
644
|
return pulumi.get(self, "token_reviewer_jwt")
|
601
645
|
|
646
|
+
@property
|
647
|
+
@pulumi.getter(name="useAnnotationsAsAliasMetadata")
|
648
|
+
def use_annotations_as_alias_metadata(self) -> pulumi.Output[bool]:
|
649
|
+
"""
|
650
|
+
Use annotations from the client token's associated service account as alias metadata for the Vault entity. Requires Vault `v1.16+` or Vault auth kubernetes plugin `v0.18.0+`
|
651
|
+
"""
|
652
|
+
return pulumi.get(self, "use_annotations_as_alias_metadata")
|
653
|
+
|