PyPI - pulumi-vault - Versions diffs - 5.21.0a1709368526__py3-none-any.whl → 6.5.0a1736836139__py3-none-any.whl - Mend

pulumi-vault 5.21.0a1709368526py3-none-any.whl → 6.5.0a1736836139py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (229) hide show

pulumi_vault/__init__.py +52 -0
pulumi_vault/_inputs.py +560 -0
pulumi_vault/_utilities.py +41 -5
pulumi_vault/ad/get_access_credentials.py +26 -9
pulumi_vault/ad/secret_backend.py +16 -142
pulumi_vault/ad/secret_library.py +16 -9
pulumi_vault/ad/secret_role.py +14 -9
pulumi_vault/alicloud/auth_backend_role.py +76 -190
pulumi_vault/approle/auth_backend_login.py +12 -7
pulumi_vault/approle/auth_backend_role.py +77 -191
pulumi_vault/approle/auth_backend_role_secret_id.py +106 -7
pulumi_vault/approle/get_auth_backend_role_id.py +18 -5
pulumi_vault/audit.py +30 -21
pulumi_vault/audit_request_header.py +11 -2
pulumi_vault/auth_backend.py +66 -14
pulumi_vault/aws/auth_backend_cert.py +18 -9
pulumi_vault/aws/auth_backend_client.py +267 -22
pulumi_vault/aws/auth_backend_config_identity.py +14 -9
pulumi_vault/aws/auth_backend_identity_whitelist.py +20 -15
pulumi_vault/aws/auth_backend_login.py +19 -22
pulumi_vault/aws/auth_backend_role.py +77 -191
pulumi_vault/aws/auth_backend_role_tag.py +12 -7
pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -13
pulumi_vault/aws/auth_backend_sts_role.py +14 -9
pulumi_vault/aws/get_access_credentials.py +38 -9
pulumi_vault/aws/get_static_access_credentials.py +19 -5
pulumi_vault/aws/secret_backend.py +77 -9
pulumi_vault/aws/secret_backend_role.py +185 -9
pulumi_vault/aws/secret_backend_static_role.py +20 -11
pulumi_vault/azure/_inputs.py +24 -0
pulumi_vault/azure/auth_backend_config.py +153 -15
pulumi_vault/azure/auth_backend_role.py +77 -191
pulumi_vault/azure/backend.py +227 -21
pulumi_vault/azure/backend_role.py +42 -37
pulumi_vault/azure/get_access_credentials.py +41 -7
pulumi_vault/azure/outputs.py +5 -0
pulumi_vault/cert_auth_backend_role.py +87 -267
pulumi_vault/config/__init__.pyi +5 -0
pulumi_vault/config/_inputs.py +73 -0
pulumi_vault/config/outputs.py +35 -0
pulumi_vault/config/ui_custom_message.py +529 -0
pulumi_vault/config/vars.py +5 -0
pulumi_vault/consul/secret_backend.py +28 -19
pulumi_vault/consul/secret_backend_role.py +18 -78
pulumi_vault/database/_inputs.py +2770 -881
pulumi_vault/database/outputs.py +721 -838
pulumi_vault/database/secret_backend_connection.py +119 -112
pulumi_vault/database/secret_backend_role.py +31 -22
pulumi_vault/database/secret_backend_static_role.py +87 -13
pulumi_vault/database/secrets_mount.py +427 -136
pulumi_vault/egp_policy.py +16 -11
pulumi_vault/gcp/_inputs.py +111 -0
pulumi_vault/gcp/auth_backend.py +250 -33
pulumi_vault/gcp/auth_backend_role.py +77 -269
pulumi_vault/gcp/get_auth_backend_role.py +43 -5
pulumi_vault/gcp/outputs.py +5 -0
pulumi_vault/gcp/secret_backend.py +287 -12
pulumi_vault/gcp/secret_impersonated_account.py +76 -15
pulumi_vault/gcp/secret_roleset.py +31 -24
pulumi_vault/gcp/secret_static_account.py +39 -32
pulumi_vault/generic/endpoint.py +24 -17
pulumi_vault/generic/get_secret.py +64 -8
pulumi_vault/generic/secret.py +21 -16
pulumi_vault/get_auth_backend.py +24 -7
pulumi_vault/get_auth_backends.py +51 -9
pulumi_vault/get_namespace.py +226 -0
pulumi_vault/get_namespaces.py +153 -0
pulumi_vault/get_nomad_access_token.py +31 -11
pulumi_vault/get_policy_document.py +34 -19
pulumi_vault/get_raft_autopilot_state.py +29 -10
pulumi_vault/github/_inputs.py +55 -0
pulumi_vault/github/auth_backend.py +19 -14
pulumi_vault/github/outputs.py +5 -0
pulumi_vault/github/team.py +16 -11
pulumi_vault/github/user.py +16 -11
pulumi_vault/identity/entity.py +20 -13
pulumi_vault/identity/entity_alias.py +20 -13
pulumi_vault/identity/entity_policies.py +28 -11
pulumi_vault/identity/get_entity.py +42 -10
pulumi_vault/identity/get_group.py +47 -9
pulumi_vault/identity/get_oidc_client_creds.py +21 -7
pulumi_vault/identity/get_oidc_openid_config.py +39 -9
pulumi_vault/identity/get_oidc_public_keys.py +29 -10
pulumi_vault/identity/group.py +58 -39
pulumi_vault/identity/group_alias.py +16 -9
pulumi_vault/identity/group_member_entity_ids.py +28 -66
pulumi_vault/identity/group_member_group_ids.py +40 -19
pulumi_vault/identity/group_policies.py +20 -7
pulumi_vault/identity/mfa_duo.py +11 -6
pulumi_vault/identity/mfa_login_enforcement.py +15 -6
pulumi_vault/identity/mfa_okta.py +11 -6
pulumi_vault/identity/mfa_pingid.py +7 -2
pulumi_vault/identity/mfa_totp.py +7 -2
pulumi_vault/identity/oidc.py +12 -7
pulumi_vault/identity/oidc_assignment.py +24 -11
pulumi_vault/identity/oidc_client.py +36 -23
pulumi_vault/identity/oidc_key.py +30 -17
pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -15
pulumi_vault/identity/oidc_provider.py +36 -21
pulumi_vault/identity/oidc_role.py +42 -21
pulumi_vault/identity/oidc_scope.py +20 -13
pulumi_vault/identity/outputs.py +8 -3
pulumi_vault/jwt/_inputs.py +55 -0
pulumi_vault/jwt/auth_backend.py +45 -40
pulumi_vault/jwt/auth_backend_role.py +133 -254
pulumi_vault/jwt/outputs.py +5 -0
pulumi_vault/kmip/secret_backend.py +24 -19
pulumi_vault/kmip/secret_role.py +14 -9
pulumi_vault/kmip/secret_scope.py +14 -9
pulumi_vault/kubernetes/auth_backend_config.py +57 -5
pulumi_vault/kubernetes/auth_backend_role.py +70 -177
pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
pulumi_vault/kubernetes/get_service_account_token.py +39 -11
pulumi_vault/kubernetes/secret_backend.py +316 -27
pulumi_vault/kubernetes/secret_backend_role.py +137 -46
pulumi_vault/kv/_inputs.py +36 -4
pulumi_vault/kv/get_secret.py +25 -8
pulumi_vault/kv/get_secret_subkeys_v2.py +33 -10
pulumi_vault/kv/get_secret_v2.py +85 -9
pulumi_vault/kv/get_secrets_list.py +24 -11
pulumi_vault/kv/get_secrets_list_v2.py +37 -15
pulumi_vault/kv/outputs.py +8 -3
pulumi_vault/kv/secret.py +23 -16
pulumi_vault/kv/secret_backend_v2.py +20 -11
pulumi_vault/kv/secret_v2.py +59 -50
pulumi_vault/ldap/auth_backend.py +127 -166
pulumi_vault/ldap/auth_backend_group.py +14 -9
pulumi_vault/ldap/auth_backend_user.py +14 -9
pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
pulumi_vault/ldap/get_static_credentials.py +24 -5
pulumi_vault/ldap/secret_backend.py +354 -82
pulumi_vault/ldap/secret_backend_dynamic_role.py +18 -11
pulumi_vault/ldap/secret_backend_library_set.py +16 -9
pulumi_vault/ldap/secret_backend_static_role.py +73 -12
pulumi_vault/managed/_inputs.py +289 -132
pulumi_vault/managed/keys.py +29 -57
pulumi_vault/managed/outputs.py +89 -132
pulumi_vault/mfa_duo.py +18 -11
pulumi_vault/mfa_okta.py +18 -11
pulumi_vault/mfa_pingid.py +18 -11
pulumi_vault/mfa_totp.py +24 -17
pulumi_vault/mongodbatlas/secret_backend.py +20 -15
pulumi_vault/mongodbatlas/secret_role.py +47 -38
pulumi_vault/mount.py +391 -51
pulumi_vault/namespace.py +68 -83
pulumi_vault/nomad_secret_backend.py +18 -13
pulumi_vault/nomad_secret_role.py +14 -9
pulumi_vault/okta/_inputs.py +47 -8
pulumi_vault/okta/auth_backend.py +485 -39
pulumi_vault/okta/auth_backend_group.py +14 -9
pulumi_vault/okta/auth_backend_user.py +14 -9
pulumi_vault/okta/outputs.py +13 -8
pulumi_vault/outputs.py +5 -0
pulumi_vault/password_policy.py +20 -13
pulumi_vault/pkisecret/__init__.py +3 -0
pulumi_vault/pkisecret/_inputs.py +81 -0
pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
pulumi_vault/pkisecret/backend_config_est.py +619 -0
pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
pulumi_vault/pkisecret/get_backend_issuer.py +67 -9
pulumi_vault/pkisecret/get_backend_issuers.py +21 -8
pulumi_vault/pkisecret/get_backend_key.py +24 -9
pulumi_vault/pkisecret/get_backend_keys.py +21 -8
pulumi_vault/pkisecret/outputs.py +69 -0
pulumi_vault/pkisecret/secret_backend_cert.py +18 -11
pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -11
pulumi_vault/pkisecret/secret_backend_config_issuers.py +14 -9
pulumi_vault/pkisecret/secret_backend_config_urls.py +67 -11
pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -9
pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -11
pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -17
pulumi_vault/pkisecret/secret_backend_issuer.py +14 -9
pulumi_vault/pkisecret/secret_backend_key.py +14 -9
pulumi_vault/pkisecret/secret_backend_role.py +21 -14
pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -48
pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -56
pulumi_vault/pkisecret/secret_backend_sign.py +18 -54
pulumi_vault/plugin.py +595 -0
pulumi_vault/plugin_pinned_version.py +298 -0
pulumi_vault/policy.py +14 -9
pulumi_vault/provider.py +48 -53
pulumi_vault/pulumi-plugin.json +2 -1
pulumi_vault/quota_lease_count.py +60 -6
pulumi_vault/quota_rate_limit.py +56 -2
pulumi_vault/rabbitmq/_inputs.py +61 -0
pulumi_vault/rabbitmq/outputs.py +5 -0
pulumi_vault/rabbitmq/secret_backend.py +18 -13
pulumi_vault/rabbitmq/secret_backend_role.py +54 -47
pulumi_vault/raft_autopilot.py +14 -9
pulumi_vault/raft_snapshot_agent_config.py +129 -224
pulumi_vault/rgp_policy.py +14 -9
pulumi_vault/saml/auth_backend.py +22 -17
pulumi_vault/saml/auth_backend_role.py +92 -197
pulumi_vault/secrets/__init__.py +3 -0
pulumi_vault/secrets/_inputs.py +110 -0
pulumi_vault/secrets/outputs.py +94 -0
pulumi_vault/secrets/sync_association.py +56 -71
pulumi_vault/secrets/sync_aws_destination.py +242 -27
pulumi_vault/secrets/sync_azure_destination.py +92 -31
pulumi_vault/secrets/sync_config.py +9 -4
pulumi_vault/secrets/sync_gcp_destination.py +158 -25
pulumi_vault/secrets/sync_gh_destination.py +189 -13
pulumi_vault/secrets/sync_github_apps.py +375 -0
pulumi_vault/secrets/sync_vercel_destination.py +74 -13
pulumi_vault/ssh/_inputs.py +28 -28
pulumi_vault/ssh/outputs.py +11 -28
pulumi_vault/ssh/secret_backend_ca.py +108 -9
pulumi_vault/ssh/secret_backend_role.py +85 -118
pulumi_vault/terraformcloud/secret_backend.py +7 -54
pulumi_vault/terraformcloud/secret_creds.py +14 -20
pulumi_vault/terraformcloud/secret_role.py +16 -74
pulumi_vault/token.py +28 -23
pulumi_vault/tokenauth/auth_backend_role.py +78 -199
pulumi_vault/transform/alphabet.py +16 -9
pulumi_vault/transform/get_decode.py +45 -17
pulumi_vault/transform/get_encode.py +45 -17
pulumi_vault/transform/role.py +16 -9
pulumi_vault/transform/template.py +30 -21
pulumi_vault/transform/transformation.py +12 -7
pulumi_vault/transit/get_decrypt.py +26 -21
pulumi_vault/transit/get_encrypt.py +24 -19
pulumi_vault/transit/secret_backend_key.py +27 -93
pulumi_vault/transit/secret_cache_config.py +12 -7
{pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/METADATA +8 -7
pulumi_vault-6.5.0a1736836139.dist-info/RECORD +256 -0
{pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/WHEEL +1 -1
pulumi_vault-5.21.0a1709368526.dist-info/RECORD +0 -244
{pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/top_level.txt +0 -0

pulumi_vault/kubernetes/get_auth_backend_config.py CHANGED Viewed

@@ -4,9 +4,14 @@
 import copy
 import warnings
+import sys
 import pulumi
 import pulumi.runtime
 from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
 from .. import _utilities
 __all__ = [
@@ -21,7 +26,7 @@ class GetAuthBackendConfigResult:
     """
     A collection of values returned by getAuthBackendConfig.
     """
-    def __init__(__self__, backend=None, disable_iss_validation=None, disable_local_ca_jwt=None, id=None, issuer=None, kubernetes_ca_cert=None, kubernetes_host=None, namespace=None, pem_keys=None):
+    def __init__(__self__, backend=None, disable_iss_validation=None, disable_local_ca_jwt=None, id=None, issuer=None, kubernetes_ca_cert=None, kubernetes_host=None, namespace=None, pem_keys=None, use_annotations_as_alias_metadata=None):
         if backend and not isinstance(backend, str):
             raise TypeError("Expected argument 'backend' to be a str")
         pulumi.set(__self__, "backend", backend)
@@ -49,6 +54,9 @@ class GetAuthBackendConfigResult:
         if pem_keys and not isinstance(pem_keys, list):
             raise TypeError("Expected argument 'pem_keys' to be a list")
         pulumi.set(__self__, "pem_keys", pem_keys)
+        if use_annotations_as_alias_metadata and not isinstance(use_annotations_as_alias_metadata, bool):
+            raise TypeError("Expected argument 'use_annotations_as_alias_metadata' to be a bool")
+        pulumi.set(__self__, "use_annotations_as_alias_metadata", use_annotations_as_alias_metadata)
     @property
     @pulumi.getter
@@ -58,11 +66,17 @@ class GetAuthBackendConfigResult:
     @property
     @pulumi.getter(name="disableIssValidation")
     def disable_iss_validation(self) -> bool:
+        """
+        (Optional) Disable JWT issuer validation. Allows to skip ISS validation. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
+        """
         return pulumi.get(self, "disable_iss_validation")
     @property
     @pulumi.getter(name="disableLocalCaJwt")
     def disable_local_ca_jwt(self) -> bool:
+        """
+        (Optional) Disable defaulting to the local CA cert and service account JWT when running in a Kubernetes pod. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
+        """
         return pulumi.get(self, "disable_local_ca_jwt")
     @property
@@ -110,6 +124,14 @@ class GetAuthBackendConfigResult:
         """
         return pulumi.get(self, "pem_keys")
+    @property
+    @pulumi.getter(name="useAnnotationsAsAliasMetadata")
+    def use_annotations_as_alias_metadata(self) -> bool:
+        """
+        (Optional) Use annotations from the client token's associated service account as alias metadata for the Vault entity. Requires Vault `v1.16+` or Vault auth kubernetes plugin `v0.18.0+`
+        """
+        return pulumi.get(self, "use_annotations_as_alias_metadata")
 class AwaitableGetAuthBackendConfigResult(GetAuthBackendConfigResult):
     # pylint: disable=using-constant-test
@@ -125,7 +147,8 @@ class AwaitableGetAuthBackendConfigResult(GetAuthBackendConfigResult):
             kubernetes_ca_cert=self.kubernetes_ca_cert,
             kubernetes_host=self.kubernetes_host,
             namespace=self.namespace,
-            pem_keys=self.pem_keys)
+            pem_keys=self.pem_keys,
+            use_annotations_as_alias_metadata=self.use_annotations_as_alias_metadata)
 def get_auth_backend_config(backend: Optional[str] = None,
@@ -136,6 +159,7 @@ def get_auth_backend_config(backend: Optional[str] = None,
                             kubernetes_host: Optional[str] = None,
                             namespace: Optional[str] = None,
                             pem_keys: Optional[Sequence[str]] = None,
+                            use_annotations_as_alias_metadata: Optional[bool] = None,
                             opts: Optional[pulumi.InvokeOptions] = None) -> AwaitableGetAuthBackendConfigResult:
     """
     Reads the Role of an Kubernetes from a Vault server. See the [Vault
@@ -145,6 +169,8 @@ def get_auth_backend_config(backend: Optional[str] = None,
     :param str backend: The unique name for the Kubernetes backend the config to
            retrieve Role attributes for resides in. Defaults to "kubernetes".
+    :param bool disable_iss_validation: (Optional) Disable JWT issuer validation. Allows to skip ISS validation. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
+    :param bool disable_local_ca_jwt: (Optional) Disable defaulting to the local CA cert and service account JWT when running in a Kubernetes pod. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
     :param str issuer: Optional JWT issuer. If no issuer is specified, `kubernetes.io/serviceaccount` will be used as the default issuer.
     :param str kubernetes_ca_cert: PEM encoded CA cert for use by the TLS client used to talk with the Kubernetes API.
     :param str kubernetes_host: Host must be a host string, a host:port pair, or a URL to the base of the Kubernetes API server.
@@ -153,6 +179,7 @@ def get_auth_backend_config(backend: Optional[str] = None,
            The `namespace` is always relative to the provider's configured namespace.
            *Available only for Vault Enterprise*.
     :param Sequence[str] pem_keys: Optional list of PEM-formatted public keys or certificates used to verify the signatures of Kubernetes service account JWTs. If a certificate is given, its public key will be extracted. Not every installation of Kubernetes exposes these keys.
+    :param bool use_annotations_as_alias_metadata: (Optional) Use annotations from the client token's associated service account as alias metadata for the Vault entity. Requires Vault `v1.16+` or Vault auth kubernetes plugin `v0.18.0+`
     """
     __args__ = dict()
     __args__['backend'] = backend
@@ -163,6 +190,7 @@ def get_auth_backend_config(backend: Optional[str] = None,
     __args__['kubernetesHost'] = kubernetes_host
     __args__['namespace'] = namespace
     __args__['pemKeys'] = pem_keys
+    __args__['useAnnotationsAsAliasMetadata'] = use_annotations_as_alias_metadata
     opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts)
     __ret__ = pulumi.runtime.invoke('vault:kubernetes/getAuthBackendConfig:getAuthBackendConfig', __args__, opts=opts, typ=GetAuthBackendConfigResult).value
@@ -175,10 +203,8 @@ def get_auth_backend_config(backend: Optional[str] = None,
         kubernetes_ca_cert=pulumi.get(__ret__, 'kubernetes_ca_cert'),
         kubernetes_host=pulumi.get(__ret__, 'kubernetes_host'),
         namespace=pulumi.get(__ret__, 'namespace'),
-        pem_keys=pulumi.get(__ret__, 'pem_keys'))
-@_utilities.lift_output_func(get_auth_backend_config)
+        pem_keys=pulumi.get(__ret__, 'pem_keys'),
+        use_annotations_as_alias_metadata=pulumi.get(__ret__, 'use_annotations_as_alias_metadata'))
 def get_auth_backend_config_output(backend: Optional[pulumi.Input[Optional[str]]] = None,
                                    disable_iss_validation: Optional[pulumi.Input[Optional[bool]]] = None,
                                    disable_local_ca_jwt: Optional[pulumi.Input[Optional[bool]]] = None,
@@ -187,7 +213,8 @@ def get_auth_backend_config_output(backend: Optional[pulumi.Input[Optional[str]]
                                    kubernetes_host: Optional[pulumi.Input[Optional[str]]] = None,
                                    namespace: Optional[pulumi.Input[Optional[str]]] = None,
                                    pem_keys: Optional[pulumi.Input[Optional[Sequence[str]]]] = None,
-                                   opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetAuthBackendConfigResult]:
+                                   use_annotations_as_alias_metadata: Optional[pulumi.Input[Optional[bool]]] = None,
+                                   opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetAuthBackendConfigResult]:
     """
     Reads the Role of an Kubernetes from a Vault server. See the [Vault
     documentation](https://www.vaultproject.io/api-docs/auth/kubernetes#read-config) for more
@@ -196,6 +223,8 @@ def get_auth_backend_config_output(backend: Optional[pulumi.Input[Optional[str]]
     :param str backend: The unique name for the Kubernetes backend the config to
            retrieve Role attributes for resides in. Defaults to "kubernetes".
+    :param bool disable_iss_validation: (Optional) Disable JWT issuer validation. Allows to skip ISS validation. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
+    :param bool disable_local_ca_jwt: (Optional) Disable defaulting to the local CA cert and service account JWT when running in a Kubernetes pod. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
     :param str issuer: Optional JWT issuer. If no issuer is specified, `kubernetes.io/serviceaccount` will be used as the default issuer.
     :param str kubernetes_ca_cert: PEM encoded CA cert for use by the TLS client used to talk with the Kubernetes API.
     :param str kubernetes_host: Host must be a host string, a host:port pair, or a URL to the base of the Kubernetes API server.
@@ -204,5 +233,28 @@ def get_auth_backend_config_output(backend: Optional[pulumi.Input[Optional[str]]
            The `namespace` is always relative to the provider's configured namespace.
            *Available only for Vault Enterprise*.
     :param Sequence[str] pem_keys: Optional list of PEM-formatted public keys or certificates used to verify the signatures of Kubernetes service account JWTs. If a certificate is given, its public key will be extracted. Not every installation of Kubernetes exposes these keys.
+    :param bool use_annotations_as_alias_metadata: (Optional) Use annotations from the client token's associated service account as alias metadata for the Vault entity. Requires Vault `v1.16+` or Vault auth kubernetes plugin `v0.18.0+`
     """
-    ...
+    __args__ = dict()
+    __args__['backend'] = backend
+    __args__['disableIssValidation'] = disable_iss_validation
+    __args__['disableLocalCaJwt'] = disable_local_ca_jwt
+    __args__['issuer'] = issuer
+    __args__['kubernetesCaCert'] = kubernetes_ca_cert
+    __args__['kubernetesHost'] = kubernetes_host
+    __args__['namespace'] = namespace
+    __args__['pemKeys'] = pem_keys
+    __args__['useAnnotationsAsAliasMetadata'] = use_annotations_as_alias_metadata
+    opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts)
+    __ret__ = pulumi.runtime.invoke_output('vault:kubernetes/getAuthBackendConfig:getAuthBackendConfig', __args__, opts=opts, typ=GetAuthBackendConfigResult)
+    return __ret__.apply(lambda __response__: GetAuthBackendConfigResult(
+        backend=pulumi.get(__response__, 'backend'),
+        disable_iss_validation=pulumi.get(__response__, 'disable_iss_validation'),
+        disable_local_ca_jwt=pulumi.get(__response__, 'disable_local_ca_jwt'),
+        id=pulumi.get(__response__, 'id'),
+        issuer=pulumi.get(__response__, 'issuer'),
+        kubernetes_ca_cert=pulumi.get(__response__, 'kubernetes_ca_cert'),
+        kubernetes_host=pulumi.get(__response__, 'kubernetes_host'),
+        namespace=pulumi.get(__response__, 'namespace'),
+        pem_keys=pulumi.get(__response__, 'pem_keys'),
+        use_annotations_as_alias_metadata=pulumi.get(__response__, 'use_annotations_as_alias_metadata')))

pulumi_vault/kubernetes/get_auth_backend_role.py CHANGED Viewed

@@ -4,9 +4,14 @@
 import copy
 import warnings
+import sys
 import pulumi
 import pulumi.runtime
 from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
 from .. import _utilities
 __all__ = [
@@ -336,9 +341,6 @@ def get_auth_backend_role(audience: Optional[str] = None,
         token_policies=pulumi.get(__ret__, 'token_policies'),
         token_ttl=pulumi.get(__ret__, 'token_ttl'),
         token_type=pulumi.get(__ret__, 'token_type'))
-@_utilities.lift_output_func(get_auth_backend_role)
 def get_auth_backend_role_output(audience: Optional[pulumi.Input[Optional[str]]] = None,
                                  backend: Optional[pulumi.Input[Optional[str]]] = None,
                                  namespace: Optional[pulumi.Input[Optional[str]]] = None,
@@ -352,7 +354,7 @@ def get_auth_backend_role_output(audience: Optional[pulumi.Input[Optional[str]]]
                                  token_policies: Optional[pulumi.Input[Optional[Sequence[str]]]] = None,
                                  token_ttl: Optional[pulumi.Input[Optional[int]]] = None,
                                  token_type: Optional[pulumi.Input[Optional[str]]] = None,
-                                 opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetAuthBackendRoleResult]:
+                                 opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetAuthBackendRoleResult]:
     """
     Reads the Role of an Kubernetes from a Vault server. See the [Vault
     documentation](https://www.vaultproject.io/api-docs/auth/kubernetes#read-role) for more
@@ -395,4 +397,37 @@ def get_auth_backend_role_output(audience: Optional[pulumi.Input[Optional[str]]]
            `default-service` and `default-batch` which specify the type to return unless the client
            requests a different type at generation time.
     """
-    ...
+    __args__ = dict()
+    __args__['audience'] = audience
+    __args__['backend'] = backend
+    __args__['namespace'] = namespace
+    __args__['roleName'] = role_name
+    __args__['tokenBoundCidrs'] = token_bound_cidrs
+    __args__['tokenExplicitMaxTtl'] = token_explicit_max_ttl
+    __args__['tokenMaxTtl'] = token_max_ttl
+    __args__['tokenNoDefaultPolicy'] = token_no_default_policy
+    __args__['tokenNumUses'] = token_num_uses
+    __args__['tokenPeriod'] = token_period
+    __args__['tokenPolicies'] = token_policies
+    __args__['tokenTtl'] = token_ttl
+    __args__['tokenType'] = token_type
+    opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts)
+    __ret__ = pulumi.runtime.invoke_output('vault:kubernetes/getAuthBackendRole:getAuthBackendRole', __args__, opts=opts, typ=GetAuthBackendRoleResult)
+    return __ret__.apply(lambda __response__: GetAuthBackendRoleResult(
+        alias_name_source=pulumi.get(__response__, 'alias_name_source'),
+        audience=pulumi.get(__response__, 'audience'),
+        backend=pulumi.get(__response__, 'backend'),
+        bound_service_account_names=pulumi.get(__response__, 'bound_service_account_names'),
+        bound_service_account_namespaces=pulumi.get(__response__, 'bound_service_account_namespaces'),
+        id=pulumi.get(__response__, 'id'),
+        namespace=pulumi.get(__response__, 'namespace'),
+        role_name=pulumi.get(__response__, 'role_name'),
+        token_bound_cidrs=pulumi.get(__response__, 'token_bound_cidrs'),
+        token_explicit_max_ttl=pulumi.get(__response__, 'token_explicit_max_ttl'),
+        token_max_ttl=pulumi.get(__response__, 'token_max_ttl'),
+        token_no_default_policy=pulumi.get(__response__, 'token_no_default_policy'),
+        token_num_uses=pulumi.get(__response__, 'token_num_uses'),
+        token_period=pulumi.get(__response__, 'token_period'),
+        token_policies=pulumi.get(__response__, 'token_policies'),
+        token_ttl=pulumi.get(__response__, 'token_ttl'),
+        token_type=pulumi.get(__response__, 'token_type')))

pulumi_vault/kubernetes/get_service_account_token.py CHANGED Viewed

@@ -4,9 +4,14 @@
 import copy
 import warnings
+import sys
 import pulumi
 import pulumi.runtime
 from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
 from .. import _utilities
 __all__ = [
@@ -182,17 +187,19 @@ def get_service_account_token(backend: Optional[str] = None,
     ```python
     import pulumi
+    import pulumi_std as std
     import pulumi_vault as vault
     config = vault.kubernetes.SecretBackend("config",
         path="kubernetes",
         description="kubernetes secrets engine description",
         kubernetes_host="https://127.0.0.1:61233",
-        kubernetes_ca_cert=(lambda path: open(path).read())("/path/to/cert"),
-        service_account_jwt=(lambda path: open(path).read())("/path/to/token"),
+        kubernetes_ca_cert=std.file(input="/path/to/cert").result,
+        service_account_jwt=std.file(input="/path/to/token").result,
         disable_local_ca_jwt=False)
     role = vault.kubernetes.SecretBackendRole("role",
         backend=config.path,
+        name="service-account-name-role",
         allowed_kubernetes_namespaces=["*"],
         token_max_ttl=43200,
         token_default_ttl=21600,
@@ -221,7 +228,7 @@ def get_service_account_token(backend: Optional[str] = None,
            generate the credentials.
     :param str namespace: The namespace of the target resource.
            The value should not contain leading or trailing forward slashes.
-           The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+           The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
            *Available only for Vault Enterprise*.
     :param str role: The name of the Kubernetes secret backend role to generate service
            account tokens from.
@@ -252,32 +259,31 @@ def get_service_account_token(backend: Optional[str] = None,
         service_account_namespace=pulumi.get(__ret__, 'service_account_namespace'),
         service_account_token=pulumi.get(__ret__, 'service_account_token'),
         ttl=pulumi.get(__ret__, 'ttl'))
-@_utilities.lift_output_func(get_service_account_token)
 def get_service_account_token_output(backend: Optional[pulumi.Input[str]] = None,
                                      cluster_role_binding: Optional[pulumi.Input[Optional[bool]]] = None,
                                      kubernetes_namespace: Optional[pulumi.Input[str]] = None,
                                      namespace: Optional[pulumi.Input[Optional[str]]] = None,
                                      role: Optional[pulumi.Input[str]] = None,
                                      ttl: Optional[pulumi.Input[Optional[str]]] = None,
-                                     opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetServiceAccountTokenResult]:
+                                     opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetServiceAccountTokenResult]:
     """
     ## Example Usage
     ```python
     import pulumi
+    import pulumi_std as std
     import pulumi_vault as vault
     config = vault.kubernetes.SecretBackend("config",
         path="kubernetes",
         description="kubernetes secrets engine description",
         kubernetes_host="https://127.0.0.1:61233",
-        kubernetes_ca_cert=(lambda path: open(path).read())("/path/to/cert"),
-        service_account_jwt=(lambda path: open(path).read())("/path/to/token"),
+        kubernetes_ca_cert=std.file(input="/path/to/cert").result,
+        service_account_jwt=std.file(input="/path/to/token").result,
         disable_local_ca_jwt=False)
     role = vault.kubernetes.SecretBackendRole("role",
         backend=config.path,
+        name="service-account-name-role",
         allowed_kubernetes_namespaces=["*"],
         token_max_ttl=43200,
         token_default_ttl=21600,
@@ -306,11 +312,33 @@ def get_service_account_token_output(backend: Optional[pulumi.Input[str]] = None
            generate the credentials.
     :param str namespace: The namespace of the target resource.
            The value should not contain leading or trailing forward slashes.
-           The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+           The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
            *Available only for Vault Enterprise*.
     :param str role: The name of the Kubernetes secret backend role to generate service
            account tokens from.
     :param str ttl: The TTL of the generated Kubernetes service account token, specified in
            seconds or as a Go duration format string.
     """
-    ...
+    __args__ = dict()
+    __args__['backend'] = backend
+    __args__['clusterRoleBinding'] = cluster_role_binding
+    __args__['kubernetesNamespace'] = kubernetes_namespace
+    __args__['namespace'] = namespace
+    __args__['role'] = role
+    __args__['ttl'] = ttl
+    opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts)
+    __ret__ = pulumi.runtime.invoke_output('vault:kubernetes/getServiceAccountToken:getServiceAccountToken', __args__, opts=opts, typ=GetServiceAccountTokenResult)
+    return __ret__.apply(lambda __response__: GetServiceAccountTokenResult(
+        backend=pulumi.get(__response__, 'backend'),
+        cluster_role_binding=pulumi.get(__response__, 'cluster_role_binding'),
+        id=pulumi.get(__response__, 'id'),
+        kubernetes_namespace=pulumi.get(__response__, 'kubernetes_namespace'),
+        lease_duration=pulumi.get(__response__, 'lease_duration'),
+        lease_id=pulumi.get(__response__, 'lease_id'),
+        lease_renewable=pulumi.get(__response__, 'lease_renewable'),
+        namespace=pulumi.get(__response__, 'namespace'),
+        role=pulumi.get(__response__, 'role'),
+        service_account_name=pulumi.get(__response__, 'service_account_name'),
+        service_account_namespace=pulumi.get(__response__, 'service_account_namespace'),
+        service_account_token=pulumi.get(__response__, 'service_account_token'),
+        ttl=pulumi.get(__response__, 'ttl')))

pulumi-vault 5.21.0a1709368526__py3-none-any.whl → 6.5.0a1736836139__py3-none-any.whl

pulumi-vault 5.21.0a1709368526py3-none-any.whl → 6.5.0a1736836139py3-none-any.whl