pulumi-vault 5.21.0a1709368526__py3-none-any.whl → 6.5.0a1736836139__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +52 -0
- pulumi_vault/_inputs.py +560 -0
- pulumi_vault/_utilities.py +41 -5
- pulumi_vault/ad/get_access_credentials.py +26 -9
- pulumi_vault/ad/secret_backend.py +16 -142
- pulumi_vault/ad/secret_library.py +16 -9
- pulumi_vault/ad/secret_role.py +14 -9
- pulumi_vault/alicloud/auth_backend_role.py +76 -190
- pulumi_vault/approle/auth_backend_login.py +12 -7
- pulumi_vault/approle/auth_backend_role.py +77 -191
- pulumi_vault/approle/auth_backend_role_secret_id.py +106 -7
- pulumi_vault/approle/get_auth_backend_role_id.py +18 -5
- pulumi_vault/audit.py +30 -21
- pulumi_vault/audit_request_header.py +11 -2
- pulumi_vault/auth_backend.py +66 -14
- pulumi_vault/aws/auth_backend_cert.py +18 -9
- pulumi_vault/aws/auth_backend_client.py +267 -22
- pulumi_vault/aws/auth_backend_config_identity.py +14 -9
- pulumi_vault/aws/auth_backend_identity_whitelist.py +20 -15
- pulumi_vault/aws/auth_backend_login.py +19 -22
- pulumi_vault/aws/auth_backend_role.py +77 -191
- pulumi_vault/aws/auth_backend_role_tag.py +12 -7
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -13
- pulumi_vault/aws/auth_backend_sts_role.py +14 -9
- pulumi_vault/aws/get_access_credentials.py +38 -9
- pulumi_vault/aws/get_static_access_credentials.py +19 -5
- pulumi_vault/aws/secret_backend.py +77 -9
- pulumi_vault/aws/secret_backend_role.py +185 -9
- pulumi_vault/aws/secret_backend_static_role.py +20 -11
- pulumi_vault/azure/_inputs.py +24 -0
- pulumi_vault/azure/auth_backend_config.py +153 -15
- pulumi_vault/azure/auth_backend_role.py +77 -191
- pulumi_vault/azure/backend.py +227 -21
- pulumi_vault/azure/backend_role.py +42 -37
- pulumi_vault/azure/get_access_credentials.py +41 -7
- pulumi_vault/azure/outputs.py +5 -0
- pulumi_vault/cert_auth_backend_role.py +87 -267
- pulumi_vault/config/__init__.pyi +5 -0
- pulumi_vault/config/_inputs.py +73 -0
- pulumi_vault/config/outputs.py +35 -0
- pulumi_vault/config/ui_custom_message.py +529 -0
- pulumi_vault/config/vars.py +5 -0
- pulumi_vault/consul/secret_backend.py +28 -19
- pulumi_vault/consul/secret_backend_role.py +18 -78
- pulumi_vault/database/_inputs.py +2770 -881
- pulumi_vault/database/outputs.py +721 -838
- pulumi_vault/database/secret_backend_connection.py +119 -112
- pulumi_vault/database/secret_backend_role.py +31 -22
- pulumi_vault/database/secret_backend_static_role.py +87 -13
- pulumi_vault/database/secrets_mount.py +427 -136
- pulumi_vault/egp_policy.py +16 -11
- pulumi_vault/gcp/_inputs.py +111 -0
- pulumi_vault/gcp/auth_backend.py +250 -33
- pulumi_vault/gcp/auth_backend_role.py +77 -269
- pulumi_vault/gcp/get_auth_backend_role.py +43 -5
- pulumi_vault/gcp/outputs.py +5 -0
- pulumi_vault/gcp/secret_backend.py +287 -12
- pulumi_vault/gcp/secret_impersonated_account.py +76 -15
- pulumi_vault/gcp/secret_roleset.py +31 -24
- pulumi_vault/gcp/secret_static_account.py +39 -32
- pulumi_vault/generic/endpoint.py +24 -17
- pulumi_vault/generic/get_secret.py +64 -8
- pulumi_vault/generic/secret.py +21 -16
- pulumi_vault/get_auth_backend.py +24 -7
- pulumi_vault/get_auth_backends.py +51 -9
- pulumi_vault/get_namespace.py +226 -0
- pulumi_vault/get_namespaces.py +153 -0
- pulumi_vault/get_nomad_access_token.py +31 -11
- pulumi_vault/get_policy_document.py +34 -19
- pulumi_vault/get_raft_autopilot_state.py +29 -10
- pulumi_vault/github/_inputs.py +55 -0
- pulumi_vault/github/auth_backend.py +19 -14
- pulumi_vault/github/outputs.py +5 -0
- pulumi_vault/github/team.py +16 -11
- pulumi_vault/github/user.py +16 -11
- pulumi_vault/identity/entity.py +20 -13
- pulumi_vault/identity/entity_alias.py +20 -13
- pulumi_vault/identity/entity_policies.py +28 -11
- pulumi_vault/identity/get_entity.py +42 -10
- pulumi_vault/identity/get_group.py +47 -9
- pulumi_vault/identity/get_oidc_client_creds.py +21 -7
- pulumi_vault/identity/get_oidc_openid_config.py +39 -9
- pulumi_vault/identity/get_oidc_public_keys.py +29 -10
- pulumi_vault/identity/group.py +58 -39
- pulumi_vault/identity/group_alias.py +16 -9
- pulumi_vault/identity/group_member_entity_ids.py +28 -66
- pulumi_vault/identity/group_member_group_ids.py +40 -19
- pulumi_vault/identity/group_policies.py +20 -7
- pulumi_vault/identity/mfa_duo.py +11 -6
- pulumi_vault/identity/mfa_login_enforcement.py +15 -6
- pulumi_vault/identity/mfa_okta.py +11 -6
- pulumi_vault/identity/mfa_pingid.py +7 -2
- pulumi_vault/identity/mfa_totp.py +7 -2
- pulumi_vault/identity/oidc.py +12 -7
- pulumi_vault/identity/oidc_assignment.py +24 -11
- pulumi_vault/identity/oidc_client.py +36 -23
- pulumi_vault/identity/oidc_key.py +30 -17
- pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -15
- pulumi_vault/identity/oidc_provider.py +36 -21
- pulumi_vault/identity/oidc_role.py +42 -21
- pulumi_vault/identity/oidc_scope.py +20 -13
- pulumi_vault/identity/outputs.py +8 -3
- pulumi_vault/jwt/_inputs.py +55 -0
- pulumi_vault/jwt/auth_backend.py +45 -40
- pulumi_vault/jwt/auth_backend_role.py +133 -254
- pulumi_vault/jwt/outputs.py +5 -0
- pulumi_vault/kmip/secret_backend.py +24 -19
- pulumi_vault/kmip/secret_role.py +14 -9
- pulumi_vault/kmip/secret_scope.py +14 -9
- pulumi_vault/kubernetes/auth_backend_config.py +57 -5
- pulumi_vault/kubernetes/auth_backend_role.py +70 -177
- pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
- pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
- pulumi_vault/kubernetes/get_service_account_token.py +39 -11
- pulumi_vault/kubernetes/secret_backend.py +316 -27
- pulumi_vault/kubernetes/secret_backend_role.py +137 -46
- pulumi_vault/kv/_inputs.py +36 -4
- pulumi_vault/kv/get_secret.py +25 -8
- pulumi_vault/kv/get_secret_subkeys_v2.py +33 -10
- pulumi_vault/kv/get_secret_v2.py +85 -9
- pulumi_vault/kv/get_secrets_list.py +24 -11
- pulumi_vault/kv/get_secrets_list_v2.py +37 -15
- pulumi_vault/kv/outputs.py +8 -3
- pulumi_vault/kv/secret.py +23 -16
- pulumi_vault/kv/secret_backend_v2.py +20 -11
- pulumi_vault/kv/secret_v2.py +59 -50
- pulumi_vault/ldap/auth_backend.py +127 -166
- pulumi_vault/ldap/auth_backend_group.py +14 -9
- pulumi_vault/ldap/auth_backend_user.py +14 -9
- pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
- pulumi_vault/ldap/get_static_credentials.py +24 -5
- pulumi_vault/ldap/secret_backend.py +354 -82
- pulumi_vault/ldap/secret_backend_dynamic_role.py +18 -11
- pulumi_vault/ldap/secret_backend_library_set.py +16 -9
- pulumi_vault/ldap/secret_backend_static_role.py +73 -12
- pulumi_vault/managed/_inputs.py +289 -132
- pulumi_vault/managed/keys.py +29 -57
- pulumi_vault/managed/outputs.py +89 -132
- pulumi_vault/mfa_duo.py +18 -11
- pulumi_vault/mfa_okta.py +18 -11
- pulumi_vault/mfa_pingid.py +18 -11
- pulumi_vault/mfa_totp.py +24 -17
- pulumi_vault/mongodbatlas/secret_backend.py +20 -15
- pulumi_vault/mongodbatlas/secret_role.py +47 -38
- pulumi_vault/mount.py +391 -51
- pulumi_vault/namespace.py +68 -83
- pulumi_vault/nomad_secret_backend.py +18 -13
- pulumi_vault/nomad_secret_role.py +14 -9
- pulumi_vault/okta/_inputs.py +47 -8
- pulumi_vault/okta/auth_backend.py +485 -39
- pulumi_vault/okta/auth_backend_group.py +14 -9
- pulumi_vault/okta/auth_backend_user.py +14 -9
- pulumi_vault/okta/outputs.py +13 -8
- pulumi_vault/outputs.py +5 -0
- pulumi_vault/password_policy.py +20 -13
- pulumi_vault/pkisecret/__init__.py +3 -0
- pulumi_vault/pkisecret/_inputs.py +81 -0
- pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
- pulumi_vault/pkisecret/backend_config_est.py +619 -0
- pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
- pulumi_vault/pkisecret/get_backend_issuer.py +67 -9
- pulumi_vault/pkisecret/get_backend_issuers.py +21 -8
- pulumi_vault/pkisecret/get_backend_key.py +24 -9
- pulumi_vault/pkisecret/get_backend_keys.py +21 -8
- pulumi_vault/pkisecret/outputs.py +69 -0
- pulumi_vault/pkisecret/secret_backend_cert.py +18 -11
- pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -11
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +14 -9
- pulumi_vault/pkisecret/secret_backend_config_urls.py +67 -11
- pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -9
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -11
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -17
- pulumi_vault/pkisecret/secret_backend_issuer.py +14 -9
- pulumi_vault/pkisecret/secret_backend_key.py +14 -9
- pulumi_vault/pkisecret/secret_backend_role.py +21 -14
- pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -48
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -56
- pulumi_vault/pkisecret/secret_backend_sign.py +18 -54
- pulumi_vault/plugin.py +595 -0
- pulumi_vault/plugin_pinned_version.py +298 -0
- pulumi_vault/policy.py +14 -9
- pulumi_vault/provider.py +48 -53
- pulumi_vault/pulumi-plugin.json +2 -1
- pulumi_vault/quota_lease_count.py +60 -6
- pulumi_vault/quota_rate_limit.py +56 -2
- pulumi_vault/rabbitmq/_inputs.py +61 -0
- pulumi_vault/rabbitmq/outputs.py +5 -0
- pulumi_vault/rabbitmq/secret_backend.py +18 -13
- pulumi_vault/rabbitmq/secret_backend_role.py +54 -47
- pulumi_vault/raft_autopilot.py +14 -9
- pulumi_vault/raft_snapshot_agent_config.py +129 -224
- pulumi_vault/rgp_policy.py +14 -9
- pulumi_vault/saml/auth_backend.py +22 -17
- pulumi_vault/saml/auth_backend_role.py +92 -197
- pulumi_vault/secrets/__init__.py +3 -0
- pulumi_vault/secrets/_inputs.py +110 -0
- pulumi_vault/secrets/outputs.py +94 -0
- pulumi_vault/secrets/sync_association.py +56 -71
- pulumi_vault/secrets/sync_aws_destination.py +242 -27
- pulumi_vault/secrets/sync_azure_destination.py +92 -31
- pulumi_vault/secrets/sync_config.py +9 -4
- pulumi_vault/secrets/sync_gcp_destination.py +158 -25
- pulumi_vault/secrets/sync_gh_destination.py +189 -13
- pulumi_vault/secrets/sync_github_apps.py +375 -0
- pulumi_vault/secrets/sync_vercel_destination.py +74 -13
- pulumi_vault/ssh/_inputs.py +28 -28
- pulumi_vault/ssh/outputs.py +11 -28
- pulumi_vault/ssh/secret_backend_ca.py +108 -9
- pulumi_vault/ssh/secret_backend_role.py +85 -118
- pulumi_vault/terraformcloud/secret_backend.py +7 -54
- pulumi_vault/terraformcloud/secret_creds.py +14 -20
- pulumi_vault/terraformcloud/secret_role.py +16 -74
- pulumi_vault/token.py +28 -23
- pulumi_vault/tokenauth/auth_backend_role.py +78 -199
- pulumi_vault/transform/alphabet.py +16 -9
- pulumi_vault/transform/get_decode.py +45 -17
- pulumi_vault/transform/get_encode.py +45 -17
- pulumi_vault/transform/role.py +16 -9
- pulumi_vault/transform/template.py +30 -21
- pulumi_vault/transform/transformation.py +12 -7
- pulumi_vault/transit/get_decrypt.py +26 -21
- pulumi_vault/transit/get_encrypt.py +24 -19
- pulumi_vault/transit/secret_backend_key.py +27 -93
- pulumi_vault/transit/secret_cache_config.py +12 -7
- {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/METADATA +8 -7
- pulumi_vault-6.5.0a1736836139.dist-info/RECORD +256 -0
- {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/WHEEL +1 -1
- pulumi_vault-5.21.0a1709368526.dist-info/RECORD +0 -244
- {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/top_level.txt +0 -0
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
|
12
17
|
__all__ = ['SecretBackendArgs', 'SecretBackend']
|
@@ -16,31 +21,40 @@ class SecretBackendArgs:
|
|
16
21
|
def __init__(__self__, *,
|
17
22
|
path: pulumi.Input[str],
|
18
23
|
allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
24
|
+
allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
19
25
|
audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
20
26
|
audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
21
27
|
default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
28
|
+
delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
22
29
|
description: Optional[pulumi.Input[str]] = None,
|
23
30
|
disable_local_ca_jwt: Optional[pulumi.Input[bool]] = None,
|
24
31
|
external_entropy_access: Optional[pulumi.Input[bool]] = None,
|
32
|
+
identity_token_key: Optional[pulumi.Input[str]] = None,
|
25
33
|
kubernetes_ca_cert: Optional[pulumi.Input[str]] = None,
|
26
34
|
kubernetes_host: Optional[pulumi.Input[str]] = None,
|
35
|
+
listing_visibility: Optional[pulumi.Input[str]] = None,
|
27
36
|
local: Optional[pulumi.Input[bool]] = None,
|
28
37
|
max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
29
38
|
namespace: Optional[pulumi.Input[str]] = None,
|
30
|
-
options: Optional[pulumi.Input[Mapping[str,
|
39
|
+
options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
40
|
+
passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
41
|
+
plugin_version: Optional[pulumi.Input[str]] = None,
|
31
42
|
seal_wrap: Optional[pulumi.Input[bool]] = None,
|
32
43
|
service_account_jwt: Optional[pulumi.Input[str]] = None):
|
33
44
|
"""
|
34
45
|
The set of arguments for constructing a SecretBackend resource.
|
35
46
|
:param pulumi.Input[str] path: Where the secret backend will be mounted
|
36
47
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_managed_keys: List of managed key registry entry names that the mount in question is allowed to access
|
48
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_response_headers: List of headers to allow and pass from the request to the plugin
|
37
49
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
|
38
50
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
|
39
51
|
:param pulumi.Input[int] default_lease_ttl_seconds: Default lease duration for tokens and secrets in seconds
|
52
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] delegated_auth_accessors: List of headers to allow and pass from the request to the plugin
|
40
53
|
:param pulumi.Input[str] description: Human-friendly description of the mount
|
41
54
|
:param pulumi.Input[bool] disable_local_ca_jwt: Disable defaulting to the local CA certificate and
|
42
55
|
service account JWT when Vault is running in a Kubernetes pod.
|
43
56
|
:param pulumi.Input[bool] external_entropy_access: Enable the secrets engine to access Vault's external entropy source
|
57
|
+
:param pulumi.Input[str] identity_token_key: The key to use for signing plugin workload identity tokens
|
44
58
|
:param pulumi.Input[str] kubernetes_ca_cert: A PEM-encoded CA certificate used by the
|
45
59
|
secrets engine to verify the Kubernetes API server certificate. Defaults to the local
|
46
60
|
pod’s CA if Vault is running in Kubernetes. Otherwise, defaults to the root CA set where
|
@@ -48,13 +62,16 @@ class SecretBackendArgs:
|
|
48
62
|
:param pulumi.Input[str] kubernetes_host: The Kubernetes API URL to connect to. Required if the
|
49
63
|
standard pod environment variables `KUBERNETES_SERVICE_HOST` or `KUBERNETES_SERVICE_PORT`
|
50
64
|
are not set on the host that Vault is running on.
|
65
|
+
:param pulumi.Input[str] listing_visibility: Specifies whether to show this mount in the UI-specific listing endpoint
|
51
66
|
:param pulumi.Input[bool] local: Local mount flag that can be explicitly set to true to enforce local mount in HA environment
|
52
67
|
:param pulumi.Input[int] max_lease_ttl_seconds: Maximum possible lease duration for tokens and secrets in seconds
|
53
68
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
54
69
|
The value should not contain leading or trailing forward slashes.
|
55
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
70
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
56
71
|
*Available only for Vault Enterprise*.
|
57
|
-
:param pulumi.Input[Mapping[str,
|
72
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] options: Specifies mount type specific options that are passed to the backend
|
73
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] passthrough_request_headers: List of headers to allow and pass from the request to the plugin
|
74
|
+
:param pulumi.Input[str] plugin_version: Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
|
58
75
|
:param pulumi.Input[bool] seal_wrap: Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
|
59
76
|
:param pulumi.Input[str] service_account_jwt: The JSON web token of the service account used by the
|
60
77
|
secrets engine to manage Kubernetes credentials. Defaults to the local pod’s JWT if Vault
|
@@ -63,22 +80,30 @@ class SecretBackendArgs:
|
|
63
80
|
pulumi.set(__self__, "path", path)
|
64
81
|
if allowed_managed_keys is not None:
|
65
82
|
pulumi.set(__self__, "allowed_managed_keys", allowed_managed_keys)
|
83
|
+
if allowed_response_headers is not None:
|
84
|
+
pulumi.set(__self__, "allowed_response_headers", allowed_response_headers)
|
66
85
|
if audit_non_hmac_request_keys is not None:
|
67
86
|
pulumi.set(__self__, "audit_non_hmac_request_keys", audit_non_hmac_request_keys)
|
68
87
|
if audit_non_hmac_response_keys is not None:
|
69
88
|
pulumi.set(__self__, "audit_non_hmac_response_keys", audit_non_hmac_response_keys)
|
70
89
|
if default_lease_ttl_seconds is not None:
|
71
90
|
pulumi.set(__self__, "default_lease_ttl_seconds", default_lease_ttl_seconds)
|
91
|
+
if delegated_auth_accessors is not None:
|
92
|
+
pulumi.set(__self__, "delegated_auth_accessors", delegated_auth_accessors)
|
72
93
|
if description is not None:
|
73
94
|
pulumi.set(__self__, "description", description)
|
74
95
|
if disable_local_ca_jwt is not None:
|
75
96
|
pulumi.set(__self__, "disable_local_ca_jwt", disable_local_ca_jwt)
|
76
97
|
if external_entropy_access is not None:
|
77
98
|
pulumi.set(__self__, "external_entropy_access", external_entropy_access)
|
99
|
+
if identity_token_key is not None:
|
100
|
+
pulumi.set(__self__, "identity_token_key", identity_token_key)
|
78
101
|
if kubernetes_ca_cert is not None:
|
79
102
|
pulumi.set(__self__, "kubernetes_ca_cert", kubernetes_ca_cert)
|
80
103
|
if kubernetes_host is not None:
|
81
104
|
pulumi.set(__self__, "kubernetes_host", kubernetes_host)
|
105
|
+
if listing_visibility is not None:
|
106
|
+
pulumi.set(__self__, "listing_visibility", listing_visibility)
|
82
107
|
if local is not None:
|
83
108
|
pulumi.set(__self__, "local", local)
|
84
109
|
if max_lease_ttl_seconds is not None:
|
@@ -87,6 +112,10 @@ class SecretBackendArgs:
|
|
87
112
|
pulumi.set(__self__, "namespace", namespace)
|
88
113
|
if options is not None:
|
89
114
|
pulumi.set(__self__, "options", options)
|
115
|
+
if passthrough_request_headers is not None:
|
116
|
+
pulumi.set(__self__, "passthrough_request_headers", passthrough_request_headers)
|
117
|
+
if plugin_version is not None:
|
118
|
+
pulumi.set(__self__, "plugin_version", plugin_version)
|
90
119
|
if seal_wrap is not None:
|
91
120
|
pulumi.set(__self__, "seal_wrap", seal_wrap)
|
92
121
|
if service_account_jwt is not None:
|
@@ -116,6 +145,18 @@ class SecretBackendArgs:
|
|
116
145
|
def allowed_managed_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
117
146
|
pulumi.set(self, "allowed_managed_keys", value)
|
118
147
|
|
148
|
+
@property
|
149
|
+
@pulumi.getter(name="allowedResponseHeaders")
|
150
|
+
def allowed_response_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
151
|
+
"""
|
152
|
+
List of headers to allow and pass from the request to the plugin
|
153
|
+
"""
|
154
|
+
return pulumi.get(self, "allowed_response_headers")
|
155
|
+
|
156
|
+
@allowed_response_headers.setter
|
157
|
+
def allowed_response_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
158
|
+
pulumi.set(self, "allowed_response_headers", value)
|
159
|
+
|
119
160
|
@property
|
120
161
|
@pulumi.getter(name="auditNonHmacRequestKeys")
|
121
162
|
def audit_non_hmac_request_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
@@ -152,6 +193,18 @@ class SecretBackendArgs:
|
|
152
193
|
def default_lease_ttl_seconds(self, value: Optional[pulumi.Input[int]]):
|
153
194
|
pulumi.set(self, "default_lease_ttl_seconds", value)
|
154
195
|
|
196
|
+
@property
|
197
|
+
@pulumi.getter(name="delegatedAuthAccessors")
|
198
|
+
def delegated_auth_accessors(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
199
|
+
"""
|
200
|
+
List of headers to allow and pass from the request to the plugin
|
201
|
+
"""
|
202
|
+
return pulumi.get(self, "delegated_auth_accessors")
|
203
|
+
|
204
|
+
@delegated_auth_accessors.setter
|
205
|
+
def delegated_auth_accessors(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
206
|
+
pulumi.set(self, "delegated_auth_accessors", value)
|
207
|
+
|
155
208
|
@property
|
156
209
|
@pulumi.getter
|
157
210
|
def description(self) -> Optional[pulumi.Input[str]]:
|
@@ -189,6 +242,18 @@ class SecretBackendArgs:
|
|
189
242
|
def external_entropy_access(self, value: Optional[pulumi.Input[bool]]):
|
190
243
|
pulumi.set(self, "external_entropy_access", value)
|
191
244
|
|
245
|
+
@property
|
246
|
+
@pulumi.getter(name="identityTokenKey")
|
247
|
+
def identity_token_key(self) -> Optional[pulumi.Input[str]]:
|
248
|
+
"""
|
249
|
+
The key to use for signing plugin workload identity tokens
|
250
|
+
"""
|
251
|
+
return pulumi.get(self, "identity_token_key")
|
252
|
+
|
253
|
+
@identity_token_key.setter
|
254
|
+
def identity_token_key(self, value: Optional[pulumi.Input[str]]):
|
255
|
+
pulumi.set(self, "identity_token_key", value)
|
256
|
+
|
192
257
|
@property
|
193
258
|
@pulumi.getter(name="kubernetesCaCert")
|
194
259
|
def kubernetes_ca_cert(self) -> Optional[pulumi.Input[str]]:
|
@@ -218,6 +283,18 @@ class SecretBackendArgs:
|
|
218
283
|
def kubernetes_host(self, value: Optional[pulumi.Input[str]]):
|
219
284
|
pulumi.set(self, "kubernetes_host", value)
|
220
285
|
|
286
|
+
@property
|
287
|
+
@pulumi.getter(name="listingVisibility")
|
288
|
+
def listing_visibility(self) -> Optional[pulumi.Input[str]]:
|
289
|
+
"""
|
290
|
+
Specifies whether to show this mount in the UI-specific listing endpoint
|
291
|
+
"""
|
292
|
+
return pulumi.get(self, "listing_visibility")
|
293
|
+
|
294
|
+
@listing_visibility.setter
|
295
|
+
def listing_visibility(self, value: Optional[pulumi.Input[str]]):
|
296
|
+
pulumi.set(self, "listing_visibility", value)
|
297
|
+
|
221
298
|
@property
|
222
299
|
@pulumi.getter
|
223
300
|
def local(self) -> Optional[pulumi.Input[bool]]:
|
@@ -248,7 +325,7 @@ class SecretBackendArgs:
|
|
248
325
|
"""
|
249
326
|
The namespace to provision the resource in.
|
250
327
|
The value should not contain leading or trailing forward slashes.
|
251
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
328
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
252
329
|
*Available only for Vault Enterprise*.
|
253
330
|
"""
|
254
331
|
return pulumi.get(self, "namespace")
|
@@ -259,16 +336,40 @@ class SecretBackendArgs:
|
|
259
336
|
|
260
337
|
@property
|
261
338
|
@pulumi.getter
|
262
|
-
def options(self) -> Optional[pulumi.Input[Mapping[str,
|
339
|
+
def options(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
|
263
340
|
"""
|
264
341
|
Specifies mount type specific options that are passed to the backend
|
265
342
|
"""
|
266
343
|
return pulumi.get(self, "options")
|
267
344
|
|
268
345
|
@options.setter
|
269
|
-
def options(self, value: Optional[pulumi.Input[Mapping[str,
|
346
|
+
def options(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
|
270
347
|
pulumi.set(self, "options", value)
|
271
348
|
|
349
|
+
@property
|
350
|
+
@pulumi.getter(name="passthroughRequestHeaders")
|
351
|
+
def passthrough_request_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
352
|
+
"""
|
353
|
+
List of headers to allow and pass from the request to the plugin
|
354
|
+
"""
|
355
|
+
return pulumi.get(self, "passthrough_request_headers")
|
356
|
+
|
357
|
+
@passthrough_request_headers.setter
|
358
|
+
def passthrough_request_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
359
|
+
pulumi.set(self, "passthrough_request_headers", value)
|
360
|
+
|
361
|
+
@property
|
362
|
+
@pulumi.getter(name="pluginVersion")
|
363
|
+
def plugin_version(self) -> Optional[pulumi.Input[str]]:
|
364
|
+
"""
|
365
|
+
Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
|
366
|
+
"""
|
367
|
+
return pulumi.get(self, "plugin_version")
|
368
|
+
|
369
|
+
@plugin_version.setter
|
370
|
+
def plugin_version(self, value: Optional[pulumi.Input[str]]):
|
371
|
+
pulumi.set(self, "plugin_version", value)
|
372
|
+
|
272
373
|
@property
|
273
374
|
@pulumi.getter(name="sealWrap")
|
274
375
|
def seal_wrap(self) -> Optional[pulumi.Input[bool]]:
|
@@ -301,32 +402,41 @@ class _SecretBackendState:
|
|
301
402
|
def __init__(__self__, *,
|
302
403
|
accessor: Optional[pulumi.Input[str]] = None,
|
303
404
|
allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
405
|
+
allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
304
406
|
audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
305
407
|
audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
306
408
|
default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
409
|
+
delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
307
410
|
description: Optional[pulumi.Input[str]] = None,
|
308
411
|
disable_local_ca_jwt: Optional[pulumi.Input[bool]] = None,
|
309
412
|
external_entropy_access: Optional[pulumi.Input[bool]] = None,
|
413
|
+
identity_token_key: Optional[pulumi.Input[str]] = None,
|
310
414
|
kubernetes_ca_cert: Optional[pulumi.Input[str]] = None,
|
311
415
|
kubernetes_host: Optional[pulumi.Input[str]] = None,
|
416
|
+
listing_visibility: Optional[pulumi.Input[str]] = None,
|
312
417
|
local: Optional[pulumi.Input[bool]] = None,
|
313
418
|
max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
314
419
|
namespace: Optional[pulumi.Input[str]] = None,
|
315
|
-
options: Optional[pulumi.Input[Mapping[str,
|
420
|
+
options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
421
|
+
passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
316
422
|
path: Optional[pulumi.Input[str]] = None,
|
423
|
+
plugin_version: Optional[pulumi.Input[str]] = None,
|
317
424
|
seal_wrap: Optional[pulumi.Input[bool]] = None,
|
318
425
|
service_account_jwt: Optional[pulumi.Input[str]] = None):
|
319
426
|
"""
|
320
427
|
Input properties used for looking up and filtering SecretBackend resources.
|
321
428
|
:param pulumi.Input[str] accessor: Accessor of the mount
|
322
429
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_managed_keys: List of managed key registry entry names that the mount in question is allowed to access
|
430
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_response_headers: List of headers to allow and pass from the request to the plugin
|
323
431
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
|
324
432
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
|
325
433
|
:param pulumi.Input[int] default_lease_ttl_seconds: Default lease duration for tokens and secrets in seconds
|
434
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] delegated_auth_accessors: List of headers to allow and pass from the request to the plugin
|
326
435
|
:param pulumi.Input[str] description: Human-friendly description of the mount
|
327
436
|
:param pulumi.Input[bool] disable_local_ca_jwt: Disable defaulting to the local CA certificate and
|
328
437
|
service account JWT when Vault is running in a Kubernetes pod.
|
329
438
|
:param pulumi.Input[bool] external_entropy_access: Enable the secrets engine to access Vault's external entropy source
|
439
|
+
:param pulumi.Input[str] identity_token_key: The key to use for signing plugin workload identity tokens
|
330
440
|
:param pulumi.Input[str] kubernetes_ca_cert: A PEM-encoded CA certificate used by the
|
331
441
|
secrets engine to verify the Kubernetes API server certificate. Defaults to the local
|
332
442
|
pod’s CA if Vault is running in Kubernetes. Otherwise, defaults to the root CA set where
|
@@ -334,14 +444,17 @@ class _SecretBackendState:
|
|
334
444
|
:param pulumi.Input[str] kubernetes_host: The Kubernetes API URL to connect to. Required if the
|
335
445
|
standard pod environment variables `KUBERNETES_SERVICE_HOST` or `KUBERNETES_SERVICE_PORT`
|
336
446
|
are not set on the host that Vault is running on.
|
447
|
+
:param pulumi.Input[str] listing_visibility: Specifies whether to show this mount in the UI-specific listing endpoint
|
337
448
|
:param pulumi.Input[bool] local: Local mount flag that can be explicitly set to true to enforce local mount in HA environment
|
338
449
|
:param pulumi.Input[int] max_lease_ttl_seconds: Maximum possible lease duration for tokens and secrets in seconds
|
339
450
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
340
451
|
The value should not contain leading or trailing forward slashes.
|
341
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
452
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
342
453
|
*Available only for Vault Enterprise*.
|
343
|
-
:param pulumi.Input[Mapping[str,
|
454
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] options: Specifies mount type specific options that are passed to the backend
|
455
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] passthrough_request_headers: List of headers to allow and pass from the request to the plugin
|
344
456
|
:param pulumi.Input[str] path: Where the secret backend will be mounted
|
457
|
+
:param pulumi.Input[str] plugin_version: Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
|
345
458
|
:param pulumi.Input[bool] seal_wrap: Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
|
346
459
|
:param pulumi.Input[str] service_account_jwt: The JSON web token of the service account used by the
|
347
460
|
secrets engine to manage Kubernetes credentials. Defaults to the local pod’s JWT if Vault
|
@@ -351,22 +464,30 @@ class _SecretBackendState:
|
|
351
464
|
pulumi.set(__self__, "accessor", accessor)
|
352
465
|
if allowed_managed_keys is not None:
|
353
466
|
pulumi.set(__self__, "allowed_managed_keys", allowed_managed_keys)
|
467
|
+
if allowed_response_headers is not None:
|
468
|
+
pulumi.set(__self__, "allowed_response_headers", allowed_response_headers)
|
354
469
|
if audit_non_hmac_request_keys is not None:
|
355
470
|
pulumi.set(__self__, "audit_non_hmac_request_keys", audit_non_hmac_request_keys)
|
356
471
|
if audit_non_hmac_response_keys is not None:
|
357
472
|
pulumi.set(__self__, "audit_non_hmac_response_keys", audit_non_hmac_response_keys)
|
358
473
|
if default_lease_ttl_seconds is not None:
|
359
474
|
pulumi.set(__self__, "default_lease_ttl_seconds", default_lease_ttl_seconds)
|
475
|
+
if delegated_auth_accessors is not None:
|
476
|
+
pulumi.set(__self__, "delegated_auth_accessors", delegated_auth_accessors)
|
360
477
|
if description is not None:
|
361
478
|
pulumi.set(__self__, "description", description)
|
362
479
|
if disable_local_ca_jwt is not None:
|
363
480
|
pulumi.set(__self__, "disable_local_ca_jwt", disable_local_ca_jwt)
|
364
481
|
if external_entropy_access is not None:
|
365
482
|
pulumi.set(__self__, "external_entropy_access", external_entropy_access)
|
483
|
+
if identity_token_key is not None:
|
484
|
+
pulumi.set(__self__, "identity_token_key", identity_token_key)
|
366
485
|
if kubernetes_ca_cert is not None:
|
367
486
|
pulumi.set(__self__, "kubernetes_ca_cert", kubernetes_ca_cert)
|
368
487
|
if kubernetes_host is not None:
|
369
488
|
pulumi.set(__self__, "kubernetes_host", kubernetes_host)
|
489
|
+
if listing_visibility is not None:
|
490
|
+
pulumi.set(__self__, "listing_visibility", listing_visibility)
|
370
491
|
if local is not None:
|
371
492
|
pulumi.set(__self__, "local", local)
|
372
493
|
if max_lease_ttl_seconds is not None:
|
@@ -375,8 +496,12 @@ class _SecretBackendState:
|
|
375
496
|
pulumi.set(__self__, "namespace", namespace)
|
376
497
|
if options is not None:
|
377
498
|
pulumi.set(__self__, "options", options)
|
499
|
+
if passthrough_request_headers is not None:
|
500
|
+
pulumi.set(__self__, "passthrough_request_headers", passthrough_request_headers)
|
378
501
|
if path is not None:
|
379
502
|
pulumi.set(__self__, "path", path)
|
503
|
+
if plugin_version is not None:
|
504
|
+
pulumi.set(__self__, "plugin_version", plugin_version)
|
380
505
|
if seal_wrap is not None:
|
381
506
|
pulumi.set(__self__, "seal_wrap", seal_wrap)
|
382
507
|
if service_account_jwt is not None:
|
@@ -406,6 +531,18 @@ class _SecretBackendState:
|
|
406
531
|
def allowed_managed_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
407
532
|
pulumi.set(self, "allowed_managed_keys", value)
|
408
533
|
|
534
|
+
@property
|
535
|
+
@pulumi.getter(name="allowedResponseHeaders")
|
536
|
+
def allowed_response_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
537
|
+
"""
|
538
|
+
List of headers to allow and pass from the request to the plugin
|
539
|
+
"""
|
540
|
+
return pulumi.get(self, "allowed_response_headers")
|
541
|
+
|
542
|
+
@allowed_response_headers.setter
|
543
|
+
def allowed_response_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
544
|
+
pulumi.set(self, "allowed_response_headers", value)
|
545
|
+
|
409
546
|
@property
|
410
547
|
@pulumi.getter(name="auditNonHmacRequestKeys")
|
411
548
|
def audit_non_hmac_request_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
@@ -442,6 +579,18 @@ class _SecretBackendState:
|
|
442
579
|
def default_lease_ttl_seconds(self, value: Optional[pulumi.Input[int]]):
|
443
580
|
pulumi.set(self, "default_lease_ttl_seconds", value)
|
444
581
|
|
582
|
+
@property
|
583
|
+
@pulumi.getter(name="delegatedAuthAccessors")
|
584
|
+
def delegated_auth_accessors(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
585
|
+
"""
|
586
|
+
List of headers to allow and pass from the request to the plugin
|
587
|
+
"""
|
588
|
+
return pulumi.get(self, "delegated_auth_accessors")
|
589
|
+
|
590
|
+
@delegated_auth_accessors.setter
|
591
|
+
def delegated_auth_accessors(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
592
|
+
pulumi.set(self, "delegated_auth_accessors", value)
|
593
|
+
|
445
594
|
@property
|
446
595
|
@pulumi.getter
|
447
596
|
def description(self) -> Optional[pulumi.Input[str]]:
|
@@ -479,6 +628,18 @@ class _SecretBackendState:
|
|
479
628
|
def external_entropy_access(self, value: Optional[pulumi.Input[bool]]):
|
480
629
|
pulumi.set(self, "external_entropy_access", value)
|
481
630
|
|
631
|
+
@property
|
632
|
+
@pulumi.getter(name="identityTokenKey")
|
633
|
+
def identity_token_key(self) -> Optional[pulumi.Input[str]]:
|
634
|
+
"""
|
635
|
+
The key to use for signing plugin workload identity tokens
|
636
|
+
"""
|
637
|
+
return pulumi.get(self, "identity_token_key")
|
638
|
+
|
639
|
+
@identity_token_key.setter
|
640
|
+
def identity_token_key(self, value: Optional[pulumi.Input[str]]):
|
641
|
+
pulumi.set(self, "identity_token_key", value)
|
642
|
+
|
482
643
|
@property
|
483
644
|
@pulumi.getter(name="kubernetesCaCert")
|
484
645
|
def kubernetes_ca_cert(self) -> Optional[pulumi.Input[str]]:
|
@@ -508,6 +669,18 @@ class _SecretBackendState:
|
|
508
669
|
def kubernetes_host(self, value: Optional[pulumi.Input[str]]):
|
509
670
|
pulumi.set(self, "kubernetes_host", value)
|
510
671
|
|
672
|
+
@property
|
673
|
+
@pulumi.getter(name="listingVisibility")
|
674
|
+
def listing_visibility(self) -> Optional[pulumi.Input[str]]:
|
675
|
+
"""
|
676
|
+
Specifies whether to show this mount in the UI-specific listing endpoint
|
677
|
+
"""
|
678
|
+
return pulumi.get(self, "listing_visibility")
|
679
|
+
|
680
|
+
@listing_visibility.setter
|
681
|
+
def listing_visibility(self, value: Optional[pulumi.Input[str]]):
|
682
|
+
pulumi.set(self, "listing_visibility", value)
|
683
|
+
|
511
684
|
@property
|
512
685
|
@pulumi.getter
|
513
686
|
def local(self) -> Optional[pulumi.Input[bool]]:
|
@@ -538,7 +711,7 @@ class _SecretBackendState:
|
|
538
711
|
"""
|
539
712
|
The namespace to provision the resource in.
|
540
713
|
The value should not contain leading or trailing forward slashes.
|
541
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
714
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
542
715
|
*Available only for Vault Enterprise*.
|
543
716
|
"""
|
544
717
|
return pulumi.get(self, "namespace")
|
@@ -549,16 +722,28 @@ class _SecretBackendState:
|
|
549
722
|
|
550
723
|
@property
|
551
724
|
@pulumi.getter
|
552
|
-
def options(self) -> Optional[pulumi.Input[Mapping[str,
|
725
|
+
def options(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
|
553
726
|
"""
|
554
727
|
Specifies mount type specific options that are passed to the backend
|
555
728
|
"""
|
556
729
|
return pulumi.get(self, "options")
|
557
730
|
|
558
731
|
@options.setter
|
559
|
-
def options(self, value: Optional[pulumi.Input[Mapping[str,
|
732
|
+
def options(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
|
560
733
|
pulumi.set(self, "options", value)
|
561
734
|
|
735
|
+
@property
|
736
|
+
@pulumi.getter(name="passthroughRequestHeaders")
|
737
|
+
def passthrough_request_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
738
|
+
"""
|
739
|
+
List of headers to allow and pass from the request to the plugin
|
740
|
+
"""
|
741
|
+
return pulumi.get(self, "passthrough_request_headers")
|
742
|
+
|
743
|
+
@passthrough_request_headers.setter
|
744
|
+
def passthrough_request_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
745
|
+
pulumi.set(self, "passthrough_request_headers", value)
|
746
|
+
|
562
747
|
@property
|
563
748
|
@pulumi.getter
|
564
749
|
def path(self) -> Optional[pulumi.Input[str]]:
|
@@ -571,6 +756,18 @@ class _SecretBackendState:
|
|
571
756
|
def path(self, value: Optional[pulumi.Input[str]]):
|
572
757
|
pulumi.set(self, "path", value)
|
573
758
|
|
759
|
+
@property
|
760
|
+
@pulumi.getter(name="pluginVersion")
|
761
|
+
def plugin_version(self) -> Optional[pulumi.Input[str]]:
|
762
|
+
"""
|
763
|
+
Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
|
764
|
+
"""
|
765
|
+
return pulumi.get(self, "plugin_version")
|
766
|
+
|
767
|
+
@plugin_version.setter
|
768
|
+
def plugin_version(self, value: Optional[pulumi.Input[str]]):
|
769
|
+
pulumi.set(self, "plugin_version", value)
|
770
|
+
|
574
771
|
@property
|
575
772
|
@pulumi.getter(name="sealWrap")
|
576
773
|
def seal_wrap(self) -> Optional[pulumi.Input[bool]]:
|
@@ -604,19 +801,25 @@ class SecretBackend(pulumi.CustomResource):
|
|
604
801
|
resource_name: str,
|
605
802
|
opts: Optional[pulumi.ResourceOptions] = None,
|
606
803
|
allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
804
|
+
allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
607
805
|
audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
608
806
|
audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
609
807
|
default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
808
|
+
delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
610
809
|
description: Optional[pulumi.Input[str]] = None,
|
611
810
|
disable_local_ca_jwt: Optional[pulumi.Input[bool]] = None,
|
612
811
|
external_entropy_access: Optional[pulumi.Input[bool]] = None,
|
812
|
+
identity_token_key: Optional[pulumi.Input[str]] = None,
|
613
813
|
kubernetes_ca_cert: Optional[pulumi.Input[str]] = None,
|
614
814
|
kubernetes_host: Optional[pulumi.Input[str]] = None,
|
815
|
+
listing_visibility: Optional[pulumi.Input[str]] = None,
|
615
816
|
local: Optional[pulumi.Input[bool]] = None,
|
616
817
|
max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
617
818
|
namespace: Optional[pulumi.Input[str]] = None,
|
618
|
-
options: Optional[pulumi.Input[Mapping[str,
|
819
|
+
options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
820
|
+
passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
619
821
|
path: Optional[pulumi.Input[str]] = None,
|
822
|
+
plugin_version: Optional[pulumi.Input[str]] = None,
|
620
823
|
seal_wrap: Optional[pulumi.Input[bool]] = None,
|
621
824
|
service_account_jwt: Optional[pulumi.Input[str]] = None,
|
622
825
|
__props__=None):
|
@@ -625,6 +828,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
625
828
|
|
626
829
|
```python
|
627
830
|
import pulumi
|
831
|
+
import pulumi_std as std
|
628
832
|
import pulumi_vault as vault
|
629
833
|
|
630
834
|
config = vault.kubernetes.SecretBackend("config",
|
@@ -633,8 +837,8 @@ class SecretBackend(pulumi.CustomResource):
|
|
633
837
|
default_lease_ttl_seconds=43200,
|
634
838
|
max_lease_ttl_seconds=86400,
|
635
839
|
kubernetes_host="https://127.0.0.1:61233",
|
636
|
-
kubernetes_ca_cert=
|
637
|
-
service_account_jwt=
|
840
|
+
kubernetes_ca_cert=std.file(input="/path/to/cert").result,
|
841
|
+
service_account_jwt=std.file(input="/path/to/token").result,
|
638
842
|
disable_local_ca_jwt=False)
|
639
843
|
```
|
640
844
|
|
@@ -643,19 +847,22 @@ class SecretBackend(pulumi.CustomResource):
|
|
643
847
|
The Kubernetes secret backend can be imported using its `path` e.g.
|
644
848
|
|
645
849
|
```sh
|
646
|
-
|
850
|
+
$ pulumi import vault:kubernetes/secretBackend:SecretBackend config kubernetes
|
647
851
|
```
|
648
852
|
|
649
853
|
:param str resource_name: The name of the resource.
|
650
854
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
651
855
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_managed_keys: List of managed key registry entry names that the mount in question is allowed to access
|
856
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_response_headers: List of headers to allow and pass from the request to the plugin
|
652
857
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
|
653
858
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
|
654
859
|
:param pulumi.Input[int] default_lease_ttl_seconds: Default lease duration for tokens and secrets in seconds
|
860
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] delegated_auth_accessors: List of headers to allow and pass from the request to the plugin
|
655
861
|
:param pulumi.Input[str] description: Human-friendly description of the mount
|
656
862
|
:param pulumi.Input[bool] disable_local_ca_jwt: Disable defaulting to the local CA certificate and
|
657
863
|
service account JWT when Vault is running in a Kubernetes pod.
|
658
864
|
:param pulumi.Input[bool] external_entropy_access: Enable the secrets engine to access Vault's external entropy source
|
865
|
+
:param pulumi.Input[str] identity_token_key: The key to use for signing plugin workload identity tokens
|
659
866
|
:param pulumi.Input[str] kubernetes_ca_cert: A PEM-encoded CA certificate used by the
|
660
867
|
secrets engine to verify the Kubernetes API server certificate. Defaults to the local
|
661
868
|
pod’s CA if Vault is running in Kubernetes. Otherwise, defaults to the root CA set where
|
@@ -663,14 +870,17 @@ class SecretBackend(pulumi.CustomResource):
|
|
663
870
|
:param pulumi.Input[str] kubernetes_host: The Kubernetes API URL to connect to. Required if the
|
664
871
|
standard pod environment variables `KUBERNETES_SERVICE_HOST` or `KUBERNETES_SERVICE_PORT`
|
665
872
|
are not set on the host that Vault is running on.
|
873
|
+
:param pulumi.Input[str] listing_visibility: Specifies whether to show this mount in the UI-specific listing endpoint
|
666
874
|
:param pulumi.Input[bool] local: Local mount flag that can be explicitly set to true to enforce local mount in HA environment
|
667
875
|
:param pulumi.Input[int] max_lease_ttl_seconds: Maximum possible lease duration for tokens and secrets in seconds
|
668
876
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
669
877
|
The value should not contain leading or trailing forward slashes.
|
670
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
878
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
671
879
|
*Available only for Vault Enterprise*.
|
672
|
-
:param pulumi.Input[Mapping[str,
|
880
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] options: Specifies mount type specific options that are passed to the backend
|
881
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] passthrough_request_headers: List of headers to allow and pass from the request to the plugin
|
673
882
|
:param pulumi.Input[str] path: Where the secret backend will be mounted
|
883
|
+
:param pulumi.Input[str] plugin_version: Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
|
674
884
|
:param pulumi.Input[bool] seal_wrap: Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
|
675
885
|
:param pulumi.Input[str] service_account_jwt: The JSON web token of the service account used by the
|
676
886
|
secrets engine to manage Kubernetes credentials. Defaults to the local pod’s JWT if Vault
|
@@ -687,6 +897,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
687
897
|
|
688
898
|
```python
|
689
899
|
import pulumi
|
900
|
+
import pulumi_std as std
|
690
901
|
import pulumi_vault as vault
|
691
902
|
|
692
903
|
config = vault.kubernetes.SecretBackend("config",
|
@@ -695,8 +906,8 @@ class SecretBackend(pulumi.CustomResource):
|
|
695
906
|
default_lease_ttl_seconds=43200,
|
696
907
|
max_lease_ttl_seconds=86400,
|
697
908
|
kubernetes_host="https://127.0.0.1:61233",
|
698
|
-
kubernetes_ca_cert=
|
699
|
-
service_account_jwt=
|
909
|
+
kubernetes_ca_cert=std.file(input="/path/to/cert").result,
|
910
|
+
service_account_jwt=std.file(input="/path/to/token").result,
|
700
911
|
disable_local_ca_jwt=False)
|
701
912
|
```
|
702
913
|
|
@@ -705,7 +916,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
705
916
|
The Kubernetes secret backend can be imported using its `path` e.g.
|
706
917
|
|
707
918
|
```sh
|
708
|
-
|
919
|
+
$ pulumi import vault:kubernetes/secretBackend:SecretBackend config kubernetes
|
709
920
|
```
|
710
921
|
|
711
922
|
:param str resource_name: The name of the resource.
|
@@ -724,19 +935,25 @@ class SecretBackend(pulumi.CustomResource):
|
|
724
935
|
resource_name: str,
|
725
936
|
opts: Optional[pulumi.ResourceOptions] = None,
|
726
937
|
allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
938
|
+
allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
727
939
|
audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
728
940
|
audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
729
941
|
default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
942
|
+
delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
730
943
|
description: Optional[pulumi.Input[str]] = None,
|
731
944
|
disable_local_ca_jwt: Optional[pulumi.Input[bool]] = None,
|
732
945
|
external_entropy_access: Optional[pulumi.Input[bool]] = None,
|
946
|
+
identity_token_key: Optional[pulumi.Input[str]] = None,
|
733
947
|
kubernetes_ca_cert: Optional[pulumi.Input[str]] = None,
|
734
948
|
kubernetes_host: Optional[pulumi.Input[str]] = None,
|
949
|
+
listing_visibility: Optional[pulumi.Input[str]] = None,
|
735
950
|
local: Optional[pulumi.Input[bool]] = None,
|
736
951
|
max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
737
952
|
namespace: Optional[pulumi.Input[str]] = None,
|
738
|
-
options: Optional[pulumi.Input[Mapping[str,
|
953
|
+
options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
954
|
+
passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
739
955
|
path: Optional[pulumi.Input[str]] = None,
|
956
|
+
plugin_version: Optional[pulumi.Input[str]] = None,
|
740
957
|
seal_wrap: Optional[pulumi.Input[bool]] = None,
|
741
958
|
service_account_jwt: Optional[pulumi.Input[str]] = None,
|
742
959
|
__props__=None):
|
@@ -749,21 +966,27 @@ class SecretBackend(pulumi.CustomResource):
|
|
749
966
|
__props__ = SecretBackendArgs.__new__(SecretBackendArgs)
|
750
967
|
|
751
968
|
__props__.__dict__["allowed_managed_keys"] = allowed_managed_keys
|
969
|
+
__props__.__dict__["allowed_response_headers"] = allowed_response_headers
|
752
970
|
__props__.__dict__["audit_non_hmac_request_keys"] = audit_non_hmac_request_keys
|
753
971
|
__props__.__dict__["audit_non_hmac_response_keys"] = audit_non_hmac_response_keys
|
754
972
|
__props__.__dict__["default_lease_ttl_seconds"] = default_lease_ttl_seconds
|
973
|
+
__props__.__dict__["delegated_auth_accessors"] = delegated_auth_accessors
|
755
974
|
__props__.__dict__["description"] = description
|
756
975
|
__props__.__dict__["disable_local_ca_jwt"] = disable_local_ca_jwt
|
757
976
|
__props__.__dict__["external_entropy_access"] = external_entropy_access
|
977
|
+
__props__.__dict__["identity_token_key"] = identity_token_key
|
758
978
|
__props__.__dict__["kubernetes_ca_cert"] = kubernetes_ca_cert
|
759
979
|
__props__.__dict__["kubernetes_host"] = kubernetes_host
|
980
|
+
__props__.__dict__["listing_visibility"] = listing_visibility
|
760
981
|
__props__.__dict__["local"] = local
|
761
982
|
__props__.__dict__["max_lease_ttl_seconds"] = max_lease_ttl_seconds
|
762
983
|
__props__.__dict__["namespace"] = namespace
|
763
984
|
__props__.__dict__["options"] = options
|
985
|
+
__props__.__dict__["passthrough_request_headers"] = passthrough_request_headers
|
764
986
|
if path is None and not opts.urn:
|
765
987
|
raise TypeError("Missing required property 'path'")
|
766
988
|
__props__.__dict__["path"] = path
|
989
|
+
__props__.__dict__["plugin_version"] = plugin_version
|
767
990
|
__props__.__dict__["seal_wrap"] = seal_wrap
|
768
991
|
__props__.__dict__["service_account_jwt"] = None if service_account_jwt is None else pulumi.Output.secret(service_account_jwt)
|
769
992
|
__props__.__dict__["accessor"] = None
|
@@ -781,19 +1004,25 @@ class SecretBackend(pulumi.CustomResource):
|
|
781
1004
|
opts: Optional[pulumi.ResourceOptions] = None,
|
782
1005
|
accessor: Optional[pulumi.Input[str]] = None,
|
783
1006
|
allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1007
|
+
allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
784
1008
|
audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
785
1009
|
audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
786
1010
|
default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
1011
|
+
delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
787
1012
|
description: Optional[pulumi.Input[str]] = None,
|
788
1013
|
disable_local_ca_jwt: Optional[pulumi.Input[bool]] = None,
|
789
1014
|
external_entropy_access: Optional[pulumi.Input[bool]] = None,
|
1015
|
+
identity_token_key: Optional[pulumi.Input[str]] = None,
|
790
1016
|
kubernetes_ca_cert: Optional[pulumi.Input[str]] = None,
|
791
1017
|
kubernetes_host: Optional[pulumi.Input[str]] = None,
|
1018
|
+
listing_visibility: Optional[pulumi.Input[str]] = None,
|
792
1019
|
local: Optional[pulumi.Input[bool]] = None,
|
793
1020
|
max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
794
1021
|
namespace: Optional[pulumi.Input[str]] = None,
|
795
|
-
options: Optional[pulumi.Input[Mapping[str,
|
1022
|
+
options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
1023
|
+
passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
796
1024
|
path: Optional[pulumi.Input[str]] = None,
|
1025
|
+
plugin_version: Optional[pulumi.Input[str]] = None,
|
797
1026
|
seal_wrap: Optional[pulumi.Input[bool]] = None,
|
798
1027
|
service_account_jwt: Optional[pulumi.Input[str]] = None) -> 'SecretBackend':
|
799
1028
|
"""
|
@@ -805,13 +1034,16 @@ class SecretBackend(pulumi.CustomResource):
|
|
805
1034
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
806
1035
|
:param pulumi.Input[str] accessor: Accessor of the mount
|
807
1036
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_managed_keys: List of managed key registry entry names that the mount in question is allowed to access
|
1037
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_response_headers: List of headers to allow and pass from the request to the plugin
|
808
1038
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
|
809
1039
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
|
810
1040
|
:param pulumi.Input[int] default_lease_ttl_seconds: Default lease duration for tokens and secrets in seconds
|
1041
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] delegated_auth_accessors: List of headers to allow and pass from the request to the plugin
|
811
1042
|
:param pulumi.Input[str] description: Human-friendly description of the mount
|
812
1043
|
:param pulumi.Input[bool] disable_local_ca_jwt: Disable defaulting to the local CA certificate and
|
813
1044
|
service account JWT when Vault is running in a Kubernetes pod.
|
814
1045
|
:param pulumi.Input[bool] external_entropy_access: Enable the secrets engine to access Vault's external entropy source
|
1046
|
+
:param pulumi.Input[str] identity_token_key: The key to use for signing plugin workload identity tokens
|
815
1047
|
:param pulumi.Input[str] kubernetes_ca_cert: A PEM-encoded CA certificate used by the
|
816
1048
|
secrets engine to verify the Kubernetes API server certificate. Defaults to the local
|
817
1049
|
pod’s CA if Vault is running in Kubernetes. Otherwise, defaults to the root CA set where
|
@@ -819,14 +1051,17 @@ class SecretBackend(pulumi.CustomResource):
|
|
819
1051
|
:param pulumi.Input[str] kubernetes_host: The Kubernetes API URL to connect to. Required if the
|
820
1052
|
standard pod environment variables `KUBERNETES_SERVICE_HOST` or `KUBERNETES_SERVICE_PORT`
|
821
1053
|
are not set on the host that Vault is running on.
|
1054
|
+
:param pulumi.Input[str] listing_visibility: Specifies whether to show this mount in the UI-specific listing endpoint
|
822
1055
|
:param pulumi.Input[bool] local: Local mount flag that can be explicitly set to true to enforce local mount in HA environment
|
823
1056
|
:param pulumi.Input[int] max_lease_ttl_seconds: Maximum possible lease duration for tokens and secrets in seconds
|
824
1057
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
825
1058
|
The value should not contain leading or trailing forward slashes.
|
826
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
1059
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
827
1060
|
*Available only for Vault Enterprise*.
|
828
|
-
:param pulumi.Input[Mapping[str,
|
1061
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] options: Specifies mount type specific options that are passed to the backend
|
1062
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] passthrough_request_headers: List of headers to allow and pass from the request to the plugin
|
829
1063
|
:param pulumi.Input[str] path: Where the secret backend will be mounted
|
1064
|
+
:param pulumi.Input[str] plugin_version: Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
|
830
1065
|
:param pulumi.Input[bool] seal_wrap: Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
|
831
1066
|
:param pulumi.Input[str] service_account_jwt: The JSON web token of the service account used by the
|
832
1067
|
secrets engine to manage Kubernetes credentials. Defaults to the local pod’s JWT if Vault
|
@@ -838,19 +1073,25 @@ class SecretBackend(pulumi.CustomResource):
|
|
838
1073
|
|
839
1074
|
__props__.__dict__["accessor"] = accessor
|
840
1075
|
__props__.__dict__["allowed_managed_keys"] = allowed_managed_keys
|
1076
|
+
__props__.__dict__["allowed_response_headers"] = allowed_response_headers
|
841
1077
|
__props__.__dict__["audit_non_hmac_request_keys"] = audit_non_hmac_request_keys
|
842
1078
|
__props__.__dict__["audit_non_hmac_response_keys"] = audit_non_hmac_response_keys
|
843
1079
|
__props__.__dict__["default_lease_ttl_seconds"] = default_lease_ttl_seconds
|
1080
|
+
__props__.__dict__["delegated_auth_accessors"] = delegated_auth_accessors
|
844
1081
|
__props__.__dict__["description"] = description
|
845
1082
|
__props__.__dict__["disable_local_ca_jwt"] = disable_local_ca_jwt
|
846
1083
|
__props__.__dict__["external_entropy_access"] = external_entropy_access
|
1084
|
+
__props__.__dict__["identity_token_key"] = identity_token_key
|
847
1085
|
__props__.__dict__["kubernetes_ca_cert"] = kubernetes_ca_cert
|
848
1086
|
__props__.__dict__["kubernetes_host"] = kubernetes_host
|
1087
|
+
__props__.__dict__["listing_visibility"] = listing_visibility
|
849
1088
|
__props__.__dict__["local"] = local
|
850
1089
|
__props__.__dict__["max_lease_ttl_seconds"] = max_lease_ttl_seconds
|
851
1090
|
__props__.__dict__["namespace"] = namespace
|
852
1091
|
__props__.__dict__["options"] = options
|
1092
|
+
__props__.__dict__["passthrough_request_headers"] = passthrough_request_headers
|
853
1093
|
__props__.__dict__["path"] = path
|
1094
|
+
__props__.__dict__["plugin_version"] = plugin_version
|
854
1095
|
__props__.__dict__["seal_wrap"] = seal_wrap
|
855
1096
|
__props__.__dict__["service_account_jwt"] = service_account_jwt
|
856
1097
|
return SecretBackend(resource_name, opts=opts, __props__=__props__)
|
@@ -871,6 +1112,14 @@ class SecretBackend(pulumi.CustomResource):
|
|
871
1112
|
"""
|
872
1113
|
return pulumi.get(self, "allowed_managed_keys")
|
873
1114
|
|
1115
|
+
@property
|
1116
|
+
@pulumi.getter(name="allowedResponseHeaders")
|
1117
|
+
def allowed_response_headers(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
1118
|
+
"""
|
1119
|
+
List of headers to allow and pass from the request to the plugin
|
1120
|
+
"""
|
1121
|
+
return pulumi.get(self, "allowed_response_headers")
|
1122
|
+
|
874
1123
|
@property
|
875
1124
|
@pulumi.getter(name="auditNonHmacRequestKeys")
|
876
1125
|
def audit_non_hmac_request_keys(self) -> pulumi.Output[Sequence[str]]:
|
@@ -895,6 +1144,14 @@ class SecretBackend(pulumi.CustomResource):
|
|
895
1144
|
"""
|
896
1145
|
return pulumi.get(self, "default_lease_ttl_seconds")
|
897
1146
|
|
1147
|
+
@property
|
1148
|
+
@pulumi.getter(name="delegatedAuthAccessors")
|
1149
|
+
def delegated_auth_accessors(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
1150
|
+
"""
|
1151
|
+
List of headers to allow and pass from the request to the plugin
|
1152
|
+
"""
|
1153
|
+
return pulumi.get(self, "delegated_auth_accessors")
|
1154
|
+
|
898
1155
|
@property
|
899
1156
|
@pulumi.getter
|
900
1157
|
def description(self) -> pulumi.Output[Optional[str]]:
|
@@ -920,6 +1177,14 @@ class SecretBackend(pulumi.CustomResource):
|
|
920
1177
|
"""
|
921
1178
|
return pulumi.get(self, "external_entropy_access")
|
922
1179
|
|
1180
|
+
@property
|
1181
|
+
@pulumi.getter(name="identityTokenKey")
|
1182
|
+
def identity_token_key(self) -> pulumi.Output[Optional[str]]:
|
1183
|
+
"""
|
1184
|
+
The key to use for signing plugin workload identity tokens
|
1185
|
+
"""
|
1186
|
+
return pulumi.get(self, "identity_token_key")
|
1187
|
+
|
923
1188
|
@property
|
924
1189
|
@pulumi.getter(name="kubernetesCaCert")
|
925
1190
|
def kubernetes_ca_cert(self) -> pulumi.Output[Optional[str]]:
|
@@ -941,6 +1206,14 @@ class SecretBackend(pulumi.CustomResource):
|
|
941
1206
|
"""
|
942
1207
|
return pulumi.get(self, "kubernetes_host")
|
943
1208
|
|
1209
|
+
@property
|
1210
|
+
@pulumi.getter(name="listingVisibility")
|
1211
|
+
def listing_visibility(self) -> pulumi.Output[Optional[str]]:
|
1212
|
+
"""
|
1213
|
+
Specifies whether to show this mount in the UI-specific listing endpoint
|
1214
|
+
"""
|
1215
|
+
return pulumi.get(self, "listing_visibility")
|
1216
|
+
|
944
1217
|
@property
|
945
1218
|
@pulumi.getter
|
946
1219
|
def local(self) -> pulumi.Output[Optional[bool]]:
|
@@ -963,19 +1236,27 @@ class SecretBackend(pulumi.CustomResource):
|
|
963
1236
|
"""
|
964
1237
|
The namespace to provision the resource in.
|
965
1238
|
The value should not contain leading or trailing forward slashes.
|
966
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
1239
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
967
1240
|
*Available only for Vault Enterprise*.
|
968
1241
|
"""
|
969
1242
|
return pulumi.get(self, "namespace")
|
970
1243
|
|
971
1244
|
@property
|
972
1245
|
@pulumi.getter
|
973
|
-
def options(self) -> pulumi.Output[Optional[Mapping[str,
|
1246
|
+
def options(self) -> pulumi.Output[Optional[Mapping[str, str]]]:
|
974
1247
|
"""
|
975
1248
|
Specifies mount type specific options that are passed to the backend
|
976
1249
|
"""
|
977
1250
|
return pulumi.get(self, "options")
|
978
1251
|
|
1252
|
+
@property
|
1253
|
+
@pulumi.getter(name="passthroughRequestHeaders")
|
1254
|
+
def passthrough_request_headers(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
1255
|
+
"""
|
1256
|
+
List of headers to allow and pass from the request to the plugin
|
1257
|
+
"""
|
1258
|
+
return pulumi.get(self, "passthrough_request_headers")
|
1259
|
+
|
979
1260
|
@property
|
980
1261
|
@pulumi.getter
|
981
1262
|
def path(self) -> pulumi.Output[str]:
|
@@ -984,6 +1265,14 @@ class SecretBackend(pulumi.CustomResource):
|
|
984
1265
|
"""
|
985
1266
|
return pulumi.get(self, "path")
|
986
1267
|
|
1268
|
+
@property
|
1269
|
+
@pulumi.getter(name="pluginVersion")
|
1270
|
+
def plugin_version(self) -> pulumi.Output[Optional[str]]:
|
1271
|
+
"""
|
1272
|
+
Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
|
1273
|
+
"""
|
1274
|
+
return pulumi.get(self, "plugin_version")
|
1275
|
+
|
987
1276
|
@property
|
988
1277
|
@pulumi.getter(name="sealWrap")
|
989
1278
|
def seal_wrap(self) -> pulumi.Output[bool]:
|