pulumi-vault 5.21.0a1709368526__py3-none-any.whl → 6.5.0a1736836139__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +52 -0
- pulumi_vault/_inputs.py +560 -0
- pulumi_vault/_utilities.py +41 -5
- pulumi_vault/ad/get_access_credentials.py +26 -9
- pulumi_vault/ad/secret_backend.py +16 -142
- pulumi_vault/ad/secret_library.py +16 -9
- pulumi_vault/ad/secret_role.py +14 -9
- pulumi_vault/alicloud/auth_backend_role.py +76 -190
- pulumi_vault/approle/auth_backend_login.py +12 -7
- pulumi_vault/approle/auth_backend_role.py +77 -191
- pulumi_vault/approle/auth_backend_role_secret_id.py +106 -7
- pulumi_vault/approle/get_auth_backend_role_id.py +18 -5
- pulumi_vault/audit.py +30 -21
- pulumi_vault/audit_request_header.py +11 -2
- pulumi_vault/auth_backend.py +66 -14
- pulumi_vault/aws/auth_backend_cert.py +18 -9
- pulumi_vault/aws/auth_backend_client.py +267 -22
- pulumi_vault/aws/auth_backend_config_identity.py +14 -9
- pulumi_vault/aws/auth_backend_identity_whitelist.py +20 -15
- pulumi_vault/aws/auth_backend_login.py +19 -22
- pulumi_vault/aws/auth_backend_role.py +77 -191
- pulumi_vault/aws/auth_backend_role_tag.py +12 -7
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -13
- pulumi_vault/aws/auth_backend_sts_role.py +14 -9
- pulumi_vault/aws/get_access_credentials.py +38 -9
- pulumi_vault/aws/get_static_access_credentials.py +19 -5
- pulumi_vault/aws/secret_backend.py +77 -9
- pulumi_vault/aws/secret_backend_role.py +185 -9
- pulumi_vault/aws/secret_backend_static_role.py +20 -11
- pulumi_vault/azure/_inputs.py +24 -0
- pulumi_vault/azure/auth_backend_config.py +153 -15
- pulumi_vault/azure/auth_backend_role.py +77 -191
- pulumi_vault/azure/backend.py +227 -21
- pulumi_vault/azure/backend_role.py +42 -37
- pulumi_vault/azure/get_access_credentials.py +41 -7
- pulumi_vault/azure/outputs.py +5 -0
- pulumi_vault/cert_auth_backend_role.py +87 -267
- pulumi_vault/config/__init__.pyi +5 -0
- pulumi_vault/config/_inputs.py +73 -0
- pulumi_vault/config/outputs.py +35 -0
- pulumi_vault/config/ui_custom_message.py +529 -0
- pulumi_vault/config/vars.py +5 -0
- pulumi_vault/consul/secret_backend.py +28 -19
- pulumi_vault/consul/secret_backend_role.py +18 -78
- pulumi_vault/database/_inputs.py +2770 -881
- pulumi_vault/database/outputs.py +721 -838
- pulumi_vault/database/secret_backend_connection.py +119 -112
- pulumi_vault/database/secret_backend_role.py +31 -22
- pulumi_vault/database/secret_backend_static_role.py +87 -13
- pulumi_vault/database/secrets_mount.py +427 -136
- pulumi_vault/egp_policy.py +16 -11
- pulumi_vault/gcp/_inputs.py +111 -0
- pulumi_vault/gcp/auth_backend.py +250 -33
- pulumi_vault/gcp/auth_backend_role.py +77 -269
- pulumi_vault/gcp/get_auth_backend_role.py +43 -5
- pulumi_vault/gcp/outputs.py +5 -0
- pulumi_vault/gcp/secret_backend.py +287 -12
- pulumi_vault/gcp/secret_impersonated_account.py +76 -15
- pulumi_vault/gcp/secret_roleset.py +31 -24
- pulumi_vault/gcp/secret_static_account.py +39 -32
- pulumi_vault/generic/endpoint.py +24 -17
- pulumi_vault/generic/get_secret.py +64 -8
- pulumi_vault/generic/secret.py +21 -16
- pulumi_vault/get_auth_backend.py +24 -7
- pulumi_vault/get_auth_backends.py +51 -9
- pulumi_vault/get_namespace.py +226 -0
- pulumi_vault/get_namespaces.py +153 -0
- pulumi_vault/get_nomad_access_token.py +31 -11
- pulumi_vault/get_policy_document.py +34 -19
- pulumi_vault/get_raft_autopilot_state.py +29 -10
- pulumi_vault/github/_inputs.py +55 -0
- pulumi_vault/github/auth_backend.py +19 -14
- pulumi_vault/github/outputs.py +5 -0
- pulumi_vault/github/team.py +16 -11
- pulumi_vault/github/user.py +16 -11
- pulumi_vault/identity/entity.py +20 -13
- pulumi_vault/identity/entity_alias.py +20 -13
- pulumi_vault/identity/entity_policies.py +28 -11
- pulumi_vault/identity/get_entity.py +42 -10
- pulumi_vault/identity/get_group.py +47 -9
- pulumi_vault/identity/get_oidc_client_creds.py +21 -7
- pulumi_vault/identity/get_oidc_openid_config.py +39 -9
- pulumi_vault/identity/get_oidc_public_keys.py +29 -10
- pulumi_vault/identity/group.py +58 -39
- pulumi_vault/identity/group_alias.py +16 -9
- pulumi_vault/identity/group_member_entity_ids.py +28 -66
- pulumi_vault/identity/group_member_group_ids.py +40 -19
- pulumi_vault/identity/group_policies.py +20 -7
- pulumi_vault/identity/mfa_duo.py +11 -6
- pulumi_vault/identity/mfa_login_enforcement.py +15 -6
- pulumi_vault/identity/mfa_okta.py +11 -6
- pulumi_vault/identity/mfa_pingid.py +7 -2
- pulumi_vault/identity/mfa_totp.py +7 -2
- pulumi_vault/identity/oidc.py +12 -7
- pulumi_vault/identity/oidc_assignment.py +24 -11
- pulumi_vault/identity/oidc_client.py +36 -23
- pulumi_vault/identity/oidc_key.py +30 -17
- pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -15
- pulumi_vault/identity/oidc_provider.py +36 -21
- pulumi_vault/identity/oidc_role.py +42 -21
- pulumi_vault/identity/oidc_scope.py +20 -13
- pulumi_vault/identity/outputs.py +8 -3
- pulumi_vault/jwt/_inputs.py +55 -0
- pulumi_vault/jwt/auth_backend.py +45 -40
- pulumi_vault/jwt/auth_backend_role.py +133 -254
- pulumi_vault/jwt/outputs.py +5 -0
- pulumi_vault/kmip/secret_backend.py +24 -19
- pulumi_vault/kmip/secret_role.py +14 -9
- pulumi_vault/kmip/secret_scope.py +14 -9
- pulumi_vault/kubernetes/auth_backend_config.py +57 -5
- pulumi_vault/kubernetes/auth_backend_role.py +70 -177
- pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
- pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
- pulumi_vault/kubernetes/get_service_account_token.py +39 -11
- pulumi_vault/kubernetes/secret_backend.py +316 -27
- pulumi_vault/kubernetes/secret_backend_role.py +137 -46
- pulumi_vault/kv/_inputs.py +36 -4
- pulumi_vault/kv/get_secret.py +25 -8
- pulumi_vault/kv/get_secret_subkeys_v2.py +33 -10
- pulumi_vault/kv/get_secret_v2.py +85 -9
- pulumi_vault/kv/get_secrets_list.py +24 -11
- pulumi_vault/kv/get_secrets_list_v2.py +37 -15
- pulumi_vault/kv/outputs.py +8 -3
- pulumi_vault/kv/secret.py +23 -16
- pulumi_vault/kv/secret_backend_v2.py +20 -11
- pulumi_vault/kv/secret_v2.py +59 -50
- pulumi_vault/ldap/auth_backend.py +127 -166
- pulumi_vault/ldap/auth_backend_group.py +14 -9
- pulumi_vault/ldap/auth_backend_user.py +14 -9
- pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
- pulumi_vault/ldap/get_static_credentials.py +24 -5
- pulumi_vault/ldap/secret_backend.py +354 -82
- pulumi_vault/ldap/secret_backend_dynamic_role.py +18 -11
- pulumi_vault/ldap/secret_backend_library_set.py +16 -9
- pulumi_vault/ldap/secret_backend_static_role.py +73 -12
- pulumi_vault/managed/_inputs.py +289 -132
- pulumi_vault/managed/keys.py +29 -57
- pulumi_vault/managed/outputs.py +89 -132
- pulumi_vault/mfa_duo.py +18 -11
- pulumi_vault/mfa_okta.py +18 -11
- pulumi_vault/mfa_pingid.py +18 -11
- pulumi_vault/mfa_totp.py +24 -17
- pulumi_vault/mongodbatlas/secret_backend.py +20 -15
- pulumi_vault/mongodbatlas/secret_role.py +47 -38
- pulumi_vault/mount.py +391 -51
- pulumi_vault/namespace.py +68 -83
- pulumi_vault/nomad_secret_backend.py +18 -13
- pulumi_vault/nomad_secret_role.py +14 -9
- pulumi_vault/okta/_inputs.py +47 -8
- pulumi_vault/okta/auth_backend.py +485 -39
- pulumi_vault/okta/auth_backend_group.py +14 -9
- pulumi_vault/okta/auth_backend_user.py +14 -9
- pulumi_vault/okta/outputs.py +13 -8
- pulumi_vault/outputs.py +5 -0
- pulumi_vault/password_policy.py +20 -13
- pulumi_vault/pkisecret/__init__.py +3 -0
- pulumi_vault/pkisecret/_inputs.py +81 -0
- pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
- pulumi_vault/pkisecret/backend_config_est.py +619 -0
- pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
- pulumi_vault/pkisecret/get_backend_issuer.py +67 -9
- pulumi_vault/pkisecret/get_backend_issuers.py +21 -8
- pulumi_vault/pkisecret/get_backend_key.py +24 -9
- pulumi_vault/pkisecret/get_backend_keys.py +21 -8
- pulumi_vault/pkisecret/outputs.py +69 -0
- pulumi_vault/pkisecret/secret_backend_cert.py +18 -11
- pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -11
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +14 -9
- pulumi_vault/pkisecret/secret_backend_config_urls.py +67 -11
- pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -9
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -11
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -17
- pulumi_vault/pkisecret/secret_backend_issuer.py +14 -9
- pulumi_vault/pkisecret/secret_backend_key.py +14 -9
- pulumi_vault/pkisecret/secret_backend_role.py +21 -14
- pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -48
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -56
- pulumi_vault/pkisecret/secret_backend_sign.py +18 -54
- pulumi_vault/plugin.py +595 -0
- pulumi_vault/plugin_pinned_version.py +298 -0
- pulumi_vault/policy.py +14 -9
- pulumi_vault/provider.py +48 -53
- pulumi_vault/pulumi-plugin.json +2 -1
- pulumi_vault/quota_lease_count.py +60 -6
- pulumi_vault/quota_rate_limit.py +56 -2
- pulumi_vault/rabbitmq/_inputs.py +61 -0
- pulumi_vault/rabbitmq/outputs.py +5 -0
- pulumi_vault/rabbitmq/secret_backend.py +18 -13
- pulumi_vault/rabbitmq/secret_backend_role.py +54 -47
- pulumi_vault/raft_autopilot.py +14 -9
- pulumi_vault/raft_snapshot_agent_config.py +129 -224
- pulumi_vault/rgp_policy.py +14 -9
- pulumi_vault/saml/auth_backend.py +22 -17
- pulumi_vault/saml/auth_backend_role.py +92 -197
- pulumi_vault/secrets/__init__.py +3 -0
- pulumi_vault/secrets/_inputs.py +110 -0
- pulumi_vault/secrets/outputs.py +94 -0
- pulumi_vault/secrets/sync_association.py +56 -71
- pulumi_vault/secrets/sync_aws_destination.py +242 -27
- pulumi_vault/secrets/sync_azure_destination.py +92 -31
- pulumi_vault/secrets/sync_config.py +9 -4
- pulumi_vault/secrets/sync_gcp_destination.py +158 -25
- pulumi_vault/secrets/sync_gh_destination.py +189 -13
- pulumi_vault/secrets/sync_github_apps.py +375 -0
- pulumi_vault/secrets/sync_vercel_destination.py +74 -13
- pulumi_vault/ssh/_inputs.py +28 -28
- pulumi_vault/ssh/outputs.py +11 -28
- pulumi_vault/ssh/secret_backend_ca.py +108 -9
- pulumi_vault/ssh/secret_backend_role.py +85 -118
- pulumi_vault/terraformcloud/secret_backend.py +7 -54
- pulumi_vault/terraformcloud/secret_creds.py +14 -20
- pulumi_vault/terraformcloud/secret_role.py +16 -74
- pulumi_vault/token.py +28 -23
- pulumi_vault/tokenauth/auth_backend_role.py +78 -199
- pulumi_vault/transform/alphabet.py +16 -9
- pulumi_vault/transform/get_decode.py +45 -17
- pulumi_vault/transform/get_encode.py +45 -17
- pulumi_vault/transform/role.py +16 -9
- pulumi_vault/transform/template.py +30 -21
- pulumi_vault/transform/transformation.py +12 -7
- pulumi_vault/transit/get_decrypt.py +26 -21
- pulumi_vault/transit/get_encrypt.py +24 -19
- pulumi_vault/transit/secret_backend_key.py +27 -93
- pulumi_vault/transit/secret_cache_config.py +12 -7
- {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/METADATA +8 -7
- pulumi_vault-6.5.0a1736836139.dist-info/RECORD +256 -0
- {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/WHEEL +1 -1
- pulumi_vault-5.21.0a1709368526.dist-info/RECORD +0 -244
- {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/top_level.txt +0 -0
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
|
12
17
|
__all__ = ['SecretBackendRoleArgs', 'SecretBackendRole']
|
@@ -14,8 +19,9 @@ __all__ = ['SecretBackendRoleArgs', 'SecretBackendRole']
|
|
14
19
|
@pulumi.input_type
|
15
20
|
class SecretBackendRoleArgs:
|
16
21
|
def __init__(__self__, *,
|
17
|
-
allowed_kubernetes_namespaces: pulumi.Input[Sequence[pulumi.Input[str]]],
|
18
22
|
backend: pulumi.Input[str],
|
23
|
+
allowed_kubernetes_namespace_selector: Optional[pulumi.Input[str]] = None,
|
24
|
+
allowed_kubernetes_namespaces: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
19
25
|
extra_annotations: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
20
26
|
extra_labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
21
27
|
generated_role_rules: Optional[pulumi.Input[str]] = None,
|
@@ -29,10 +35,15 @@ class SecretBackendRoleArgs:
|
|
29
35
|
token_max_ttl: Optional[pulumi.Input[int]] = None):
|
30
36
|
"""
|
31
37
|
The set of arguments for constructing a SecretBackendRole resource.
|
32
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_kubernetes_namespaces: The list of Kubernetes namespaces this role
|
33
|
-
can generate credentials for. If set to `*` all namespaces are allowed.
|
34
38
|
:param pulumi.Input[str] backend: The path of the Kubernetes Secrets Engine backend mount to create
|
35
39
|
the role in.
|
40
|
+
:param pulumi.Input[str] allowed_kubernetes_namespace_selector: A label selector for Kubernetes namespaces
|
41
|
+
in which credentials can be generated. Accepts either a JSON or YAML object. The value should be
|
42
|
+
of type [LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#labelselector-v1-meta).
|
43
|
+
If set with `allowed_kubernetes_namespace`, the conditions are `OR`ed.
|
44
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_kubernetes_namespaces: The list of Kubernetes namespaces this role
|
45
|
+
can generate credentials for. If set to `*` all namespaces are allowed. If set with
|
46
|
+
`allowed_kubernetes_namespace_selector`, the conditions are `OR`ed.
|
36
47
|
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] extra_annotations: Additional annotations to apply to all generated
|
37
48
|
Kubernetes objects.
|
38
49
|
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] extra_labels: Additional labels to apply to all generated Kubernetes
|
@@ -54,7 +65,7 @@ class SecretBackendRoleArgs:
|
|
54
65
|
roles and role bindings. If unset, a default template is used.
|
55
66
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
56
67
|
The value should not contain leading or trailing forward slashes.
|
57
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
68
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
58
69
|
*Available only for Vault Enterprise*.
|
59
70
|
:param pulumi.Input[str] service_account_name: The pre-existing service account to generate tokens for.
|
60
71
|
Mutually exclusive with `kubernetes_role_name` and `generated_role_rules`. If set, only a
|
@@ -62,8 +73,11 @@ class SecretBackendRoleArgs:
|
|
62
73
|
:param pulumi.Input[int] token_default_ttl: The default TTL for generated Kubernetes tokens in seconds.
|
63
74
|
:param pulumi.Input[int] token_max_ttl: The maximum TTL for generated Kubernetes tokens in seconds.
|
64
75
|
"""
|
65
|
-
pulumi.set(__self__, "allowed_kubernetes_namespaces", allowed_kubernetes_namespaces)
|
66
76
|
pulumi.set(__self__, "backend", backend)
|
77
|
+
if allowed_kubernetes_namespace_selector is not None:
|
78
|
+
pulumi.set(__self__, "allowed_kubernetes_namespace_selector", allowed_kubernetes_namespace_selector)
|
79
|
+
if allowed_kubernetes_namespaces is not None:
|
80
|
+
pulumi.set(__self__, "allowed_kubernetes_namespaces", allowed_kubernetes_namespaces)
|
67
81
|
if extra_annotations is not None:
|
68
82
|
pulumi.set(__self__, "extra_annotations", extra_annotations)
|
69
83
|
if extra_labels is not None:
|
@@ -87,19 +101,6 @@ class SecretBackendRoleArgs:
|
|
87
101
|
if token_max_ttl is not None:
|
88
102
|
pulumi.set(__self__, "token_max_ttl", token_max_ttl)
|
89
103
|
|
90
|
-
@property
|
91
|
-
@pulumi.getter(name="allowedKubernetesNamespaces")
|
92
|
-
def allowed_kubernetes_namespaces(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]:
|
93
|
-
"""
|
94
|
-
The list of Kubernetes namespaces this role
|
95
|
-
can generate credentials for. If set to `*` all namespaces are allowed.
|
96
|
-
"""
|
97
|
-
return pulumi.get(self, "allowed_kubernetes_namespaces")
|
98
|
-
|
99
|
-
@allowed_kubernetes_namespaces.setter
|
100
|
-
def allowed_kubernetes_namespaces(self, value: pulumi.Input[Sequence[pulumi.Input[str]]]):
|
101
|
-
pulumi.set(self, "allowed_kubernetes_namespaces", value)
|
102
|
-
|
103
104
|
@property
|
104
105
|
@pulumi.getter
|
105
106
|
def backend(self) -> pulumi.Input[str]:
|
@@ -113,6 +114,35 @@ class SecretBackendRoleArgs:
|
|
113
114
|
def backend(self, value: pulumi.Input[str]):
|
114
115
|
pulumi.set(self, "backend", value)
|
115
116
|
|
117
|
+
@property
|
118
|
+
@pulumi.getter(name="allowedKubernetesNamespaceSelector")
|
119
|
+
def allowed_kubernetes_namespace_selector(self) -> Optional[pulumi.Input[str]]:
|
120
|
+
"""
|
121
|
+
A label selector for Kubernetes namespaces
|
122
|
+
in which credentials can be generated. Accepts either a JSON or YAML object. The value should be
|
123
|
+
of type [LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#labelselector-v1-meta).
|
124
|
+
If set with `allowed_kubernetes_namespace`, the conditions are `OR`ed.
|
125
|
+
"""
|
126
|
+
return pulumi.get(self, "allowed_kubernetes_namespace_selector")
|
127
|
+
|
128
|
+
@allowed_kubernetes_namespace_selector.setter
|
129
|
+
def allowed_kubernetes_namespace_selector(self, value: Optional[pulumi.Input[str]]):
|
130
|
+
pulumi.set(self, "allowed_kubernetes_namespace_selector", value)
|
131
|
+
|
132
|
+
@property
|
133
|
+
@pulumi.getter(name="allowedKubernetesNamespaces")
|
134
|
+
def allowed_kubernetes_namespaces(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
135
|
+
"""
|
136
|
+
The list of Kubernetes namespaces this role
|
137
|
+
can generate credentials for. If set to `*` all namespaces are allowed. If set with
|
138
|
+
`allowed_kubernetes_namespace_selector`, the conditions are `OR`ed.
|
139
|
+
"""
|
140
|
+
return pulumi.get(self, "allowed_kubernetes_namespaces")
|
141
|
+
|
142
|
+
@allowed_kubernetes_namespaces.setter
|
143
|
+
def allowed_kubernetes_namespaces(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
144
|
+
pulumi.set(self, "allowed_kubernetes_namespaces", value)
|
145
|
+
|
116
146
|
@property
|
117
147
|
@pulumi.getter(name="extraAnnotations")
|
118
148
|
def extra_annotations(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
|
@@ -215,7 +245,7 @@ class SecretBackendRoleArgs:
|
|
215
245
|
"""
|
216
246
|
The namespace to provision the resource in.
|
217
247
|
The value should not contain leading or trailing forward slashes.
|
218
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
248
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
219
249
|
*Available only for Vault Enterprise*.
|
220
250
|
"""
|
221
251
|
return pulumi.get(self, "namespace")
|
@@ -266,6 +296,7 @@ class SecretBackendRoleArgs:
|
|
266
296
|
@pulumi.input_type
|
267
297
|
class _SecretBackendRoleState:
|
268
298
|
def __init__(__self__, *,
|
299
|
+
allowed_kubernetes_namespace_selector: Optional[pulumi.Input[str]] = None,
|
269
300
|
allowed_kubernetes_namespaces: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
270
301
|
backend: Optional[pulumi.Input[str]] = None,
|
271
302
|
extra_annotations: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
@@ -281,8 +312,13 @@ class _SecretBackendRoleState:
|
|
281
312
|
token_max_ttl: Optional[pulumi.Input[int]] = None):
|
282
313
|
"""
|
283
314
|
Input properties used for looking up and filtering SecretBackendRole resources.
|
315
|
+
:param pulumi.Input[str] allowed_kubernetes_namespace_selector: A label selector for Kubernetes namespaces
|
316
|
+
in which credentials can be generated. Accepts either a JSON or YAML object. The value should be
|
317
|
+
of type [LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#labelselector-v1-meta).
|
318
|
+
If set with `allowed_kubernetes_namespace`, the conditions are `OR`ed.
|
284
319
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_kubernetes_namespaces: The list of Kubernetes namespaces this role
|
285
|
-
can generate credentials for. If set to `*` all namespaces are allowed.
|
320
|
+
can generate credentials for. If set to `*` all namespaces are allowed. If set with
|
321
|
+
`allowed_kubernetes_namespace_selector`, the conditions are `OR`ed.
|
286
322
|
:param pulumi.Input[str] backend: The path of the Kubernetes Secrets Engine backend mount to create
|
287
323
|
the role in.
|
288
324
|
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] extra_annotations: Additional annotations to apply to all generated
|
@@ -306,7 +342,7 @@ class _SecretBackendRoleState:
|
|
306
342
|
roles and role bindings. If unset, a default template is used.
|
307
343
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
308
344
|
The value should not contain leading or trailing forward slashes.
|
309
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
345
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
310
346
|
*Available only for Vault Enterprise*.
|
311
347
|
:param pulumi.Input[str] service_account_name: The pre-existing service account to generate tokens for.
|
312
348
|
Mutually exclusive with `kubernetes_role_name` and `generated_role_rules`. If set, only a
|
@@ -314,6 +350,8 @@ class _SecretBackendRoleState:
|
|
314
350
|
:param pulumi.Input[int] token_default_ttl: The default TTL for generated Kubernetes tokens in seconds.
|
315
351
|
:param pulumi.Input[int] token_max_ttl: The maximum TTL for generated Kubernetes tokens in seconds.
|
316
352
|
"""
|
353
|
+
if allowed_kubernetes_namespace_selector is not None:
|
354
|
+
pulumi.set(__self__, "allowed_kubernetes_namespace_selector", allowed_kubernetes_namespace_selector)
|
317
355
|
if allowed_kubernetes_namespaces is not None:
|
318
356
|
pulumi.set(__self__, "allowed_kubernetes_namespaces", allowed_kubernetes_namespaces)
|
319
357
|
if backend is not None:
|
@@ -341,12 +379,28 @@ class _SecretBackendRoleState:
|
|
341
379
|
if token_max_ttl is not None:
|
342
380
|
pulumi.set(__self__, "token_max_ttl", token_max_ttl)
|
343
381
|
|
382
|
+
@property
|
383
|
+
@pulumi.getter(name="allowedKubernetesNamespaceSelector")
|
384
|
+
def allowed_kubernetes_namespace_selector(self) -> Optional[pulumi.Input[str]]:
|
385
|
+
"""
|
386
|
+
A label selector for Kubernetes namespaces
|
387
|
+
in which credentials can be generated. Accepts either a JSON or YAML object. The value should be
|
388
|
+
of type [LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#labelselector-v1-meta).
|
389
|
+
If set with `allowed_kubernetes_namespace`, the conditions are `OR`ed.
|
390
|
+
"""
|
391
|
+
return pulumi.get(self, "allowed_kubernetes_namespace_selector")
|
392
|
+
|
393
|
+
@allowed_kubernetes_namespace_selector.setter
|
394
|
+
def allowed_kubernetes_namespace_selector(self, value: Optional[pulumi.Input[str]]):
|
395
|
+
pulumi.set(self, "allowed_kubernetes_namespace_selector", value)
|
396
|
+
|
344
397
|
@property
|
345
398
|
@pulumi.getter(name="allowedKubernetesNamespaces")
|
346
399
|
def allowed_kubernetes_namespaces(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
347
400
|
"""
|
348
401
|
The list of Kubernetes namespaces this role
|
349
|
-
can generate credentials for. If set to `*` all namespaces are allowed.
|
402
|
+
can generate credentials for. If set to `*` all namespaces are allowed. If set with
|
403
|
+
`allowed_kubernetes_namespace_selector`, the conditions are `OR`ed.
|
350
404
|
"""
|
351
405
|
return pulumi.get(self, "allowed_kubernetes_namespaces")
|
352
406
|
|
@@ -469,7 +523,7 @@ class _SecretBackendRoleState:
|
|
469
523
|
"""
|
470
524
|
The namespace to provision the resource in.
|
471
525
|
The value should not contain leading or trailing forward slashes.
|
472
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
526
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
473
527
|
*Available only for Vault Enterprise*.
|
474
528
|
"""
|
475
529
|
return pulumi.get(self, "namespace")
|
@@ -522,6 +576,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
522
576
|
def __init__(__self__,
|
523
577
|
resource_name: str,
|
524
578
|
opts: Optional[pulumi.ResourceOptions] = None,
|
579
|
+
allowed_kubernetes_namespace_selector: Optional[pulumi.Input[str]] = None,
|
525
580
|
allowed_kubernetes_namespaces: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
526
581
|
backend: Optional[pulumi.Input[str]] = None,
|
527
582
|
extra_annotations: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
@@ -543,17 +598,19 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
543
598
|
|
544
599
|
```python
|
545
600
|
import pulumi
|
601
|
+
import pulumi_std as std
|
546
602
|
import pulumi_vault as vault
|
547
603
|
|
548
604
|
config = vault.kubernetes.SecretBackend("config",
|
549
605
|
path="kubernetes",
|
550
606
|
description="kubernetes secrets engine description",
|
551
607
|
kubernetes_host="https://127.0.0.1:61233",
|
552
|
-
kubernetes_ca_cert=
|
553
|
-
service_account_jwt=
|
608
|
+
kubernetes_ca_cert=std.file(input="/path/to/cert").result,
|
609
|
+
service_account_jwt=std.file(input="/path/to/token").result,
|
554
610
|
disable_local_ca_jwt=False)
|
555
611
|
sa_example = vault.kubernetes.SecretBackendRole("sa-example",
|
556
612
|
backend=config.path,
|
613
|
+
name="service-account-name-role",
|
557
614
|
allowed_kubernetes_namespaces=["*"],
|
558
615
|
token_max_ttl=43200,
|
559
616
|
token_default_ttl=21600,
|
@@ -572,17 +629,19 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
572
629
|
|
573
630
|
```python
|
574
631
|
import pulumi
|
632
|
+
import pulumi_std as std
|
575
633
|
import pulumi_vault as vault
|
576
634
|
|
577
635
|
config = vault.kubernetes.SecretBackend("config",
|
578
636
|
path="kubernetes",
|
579
637
|
description="kubernetes secrets engine description",
|
580
638
|
kubernetes_host="https://127.0.0.1:61233",
|
581
|
-
kubernetes_ca_cert=
|
582
|
-
service_account_jwt=
|
639
|
+
kubernetes_ca_cert=std.file(input="/path/to/cert").result,
|
640
|
+
service_account_jwt=std.file(input="/path/to/token").result,
|
583
641
|
disable_local_ca_jwt=False)
|
584
642
|
name_example = vault.kubernetes.SecretBackendRole("name-example",
|
585
643
|
backend=config.path,
|
644
|
+
name="service-account-name-role",
|
586
645
|
allowed_kubernetes_namespaces=["*"],
|
587
646
|
token_max_ttl=43200,
|
588
647
|
token_default_ttl=21600,
|
@@ -601,17 +660,19 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
601
660
|
|
602
661
|
```python
|
603
662
|
import pulumi
|
663
|
+
import pulumi_std as std
|
604
664
|
import pulumi_vault as vault
|
605
665
|
|
606
666
|
config = vault.kubernetes.SecretBackend("config",
|
607
667
|
path="kubernetes",
|
608
668
|
description="kubernetes secrets engine description",
|
609
669
|
kubernetes_host="https://127.0.0.1:61233",
|
610
|
-
kubernetes_ca_cert=
|
611
|
-
service_account_jwt=
|
670
|
+
kubernetes_ca_cert=std.file(input="/path/to/cert").result,
|
671
|
+
service_account_jwt=std.file(input="/path/to/token").result,
|
612
672
|
disable_local_ca_jwt=False)
|
613
673
|
rules_example = vault.kubernetes.SecretBackendRole("rules-example",
|
614
674
|
backend=config.path,
|
675
|
+
name="service-account-name-role",
|
615
676
|
allowed_kubernetes_namespaces=["*"],
|
616
677
|
token_max_ttl=43200,
|
617
678
|
token_default_ttl=21600,
|
@@ -635,7 +696,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
635
696
|
|
636
697
|
The Kubernetes secret backend role can be imported using the full path to the role
|
637
698
|
|
638
|
-
|
699
|
+
of the form: `<backend_path>/roles/<role_name>` e.g.
|
639
700
|
|
640
701
|
```sh
|
641
702
|
$ pulumi import vault:kubernetes/secretBackendRole:SecretBackendRole example kubernetes kubernetes/roles/example-role
|
@@ -643,8 +704,13 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
643
704
|
|
644
705
|
:param str resource_name: The name of the resource.
|
645
706
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
707
|
+
:param pulumi.Input[str] allowed_kubernetes_namespace_selector: A label selector for Kubernetes namespaces
|
708
|
+
in which credentials can be generated. Accepts either a JSON or YAML object. The value should be
|
709
|
+
of type [LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#labelselector-v1-meta).
|
710
|
+
If set with `allowed_kubernetes_namespace`, the conditions are `OR`ed.
|
646
711
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_kubernetes_namespaces: The list of Kubernetes namespaces this role
|
647
|
-
can generate credentials for. If set to `*` all namespaces are allowed.
|
712
|
+
can generate credentials for. If set to `*` all namespaces are allowed. If set with
|
713
|
+
`allowed_kubernetes_namespace_selector`, the conditions are `OR`ed.
|
648
714
|
:param pulumi.Input[str] backend: The path of the Kubernetes Secrets Engine backend mount to create
|
649
715
|
the role in.
|
650
716
|
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] extra_annotations: Additional annotations to apply to all generated
|
@@ -668,7 +734,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
668
734
|
roles and role bindings. If unset, a default template is used.
|
669
735
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
670
736
|
The value should not contain leading or trailing forward slashes.
|
671
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
737
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
672
738
|
*Available only for Vault Enterprise*.
|
673
739
|
:param pulumi.Input[str] service_account_name: The pre-existing service account to generate tokens for.
|
674
740
|
Mutually exclusive with `kubernetes_role_name` and `generated_role_rules`. If set, only a
|
@@ -689,17 +755,19 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
689
755
|
|
690
756
|
```python
|
691
757
|
import pulumi
|
758
|
+
import pulumi_std as std
|
692
759
|
import pulumi_vault as vault
|
693
760
|
|
694
761
|
config = vault.kubernetes.SecretBackend("config",
|
695
762
|
path="kubernetes",
|
696
763
|
description="kubernetes secrets engine description",
|
697
764
|
kubernetes_host="https://127.0.0.1:61233",
|
698
|
-
kubernetes_ca_cert=
|
699
|
-
service_account_jwt=
|
765
|
+
kubernetes_ca_cert=std.file(input="/path/to/cert").result,
|
766
|
+
service_account_jwt=std.file(input="/path/to/token").result,
|
700
767
|
disable_local_ca_jwt=False)
|
701
768
|
sa_example = vault.kubernetes.SecretBackendRole("sa-example",
|
702
769
|
backend=config.path,
|
770
|
+
name="service-account-name-role",
|
703
771
|
allowed_kubernetes_namespaces=["*"],
|
704
772
|
token_max_ttl=43200,
|
705
773
|
token_default_ttl=21600,
|
@@ -718,17 +786,19 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
718
786
|
|
719
787
|
```python
|
720
788
|
import pulumi
|
789
|
+
import pulumi_std as std
|
721
790
|
import pulumi_vault as vault
|
722
791
|
|
723
792
|
config = vault.kubernetes.SecretBackend("config",
|
724
793
|
path="kubernetes",
|
725
794
|
description="kubernetes secrets engine description",
|
726
795
|
kubernetes_host="https://127.0.0.1:61233",
|
727
|
-
kubernetes_ca_cert=
|
728
|
-
service_account_jwt=
|
796
|
+
kubernetes_ca_cert=std.file(input="/path/to/cert").result,
|
797
|
+
service_account_jwt=std.file(input="/path/to/token").result,
|
729
798
|
disable_local_ca_jwt=False)
|
730
799
|
name_example = vault.kubernetes.SecretBackendRole("name-example",
|
731
800
|
backend=config.path,
|
801
|
+
name="service-account-name-role",
|
732
802
|
allowed_kubernetes_namespaces=["*"],
|
733
803
|
token_max_ttl=43200,
|
734
804
|
token_default_ttl=21600,
|
@@ -747,17 +817,19 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
747
817
|
|
748
818
|
```python
|
749
819
|
import pulumi
|
820
|
+
import pulumi_std as std
|
750
821
|
import pulumi_vault as vault
|
751
822
|
|
752
823
|
config = vault.kubernetes.SecretBackend("config",
|
753
824
|
path="kubernetes",
|
754
825
|
description="kubernetes secrets engine description",
|
755
826
|
kubernetes_host="https://127.0.0.1:61233",
|
756
|
-
kubernetes_ca_cert=
|
757
|
-
service_account_jwt=
|
827
|
+
kubernetes_ca_cert=std.file(input="/path/to/cert").result,
|
828
|
+
service_account_jwt=std.file(input="/path/to/token").result,
|
758
829
|
disable_local_ca_jwt=False)
|
759
830
|
rules_example = vault.kubernetes.SecretBackendRole("rules-example",
|
760
831
|
backend=config.path,
|
832
|
+
name="service-account-name-role",
|
761
833
|
allowed_kubernetes_namespaces=["*"],
|
762
834
|
token_max_ttl=43200,
|
763
835
|
token_default_ttl=21600,
|
@@ -781,7 +853,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
781
853
|
|
782
854
|
The Kubernetes secret backend role can be imported using the full path to the role
|
783
855
|
|
784
|
-
|
856
|
+
of the form: `<backend_path>/roles/<role_name>` e.g.
|
785
857
|
|
786
858
|
```sh
|
787
859
|
$ pulumi import vault:kubernetes/secretBackendRole:SecretBackendRole example kubernetes kubernetes/roles/example-role
|
@@ -802,6 +874,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
802
874
|
def _internal_init(__self__,
|
803
875
|
resource_name: str,
|
804
876
|
opts: Optional[pulumi.ResourceOptions] = None,
|
877
|
+
allowed_kubernetes_namespace_selector: Optional[pulumi.Input[str]] = None,
|
805
878
|
allowed_kubernetes_namespaces: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
806
879
|
backend: Optional[pulumi.Input[str]] = None,
|
807
880
|
extra_annotations: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
@@ -824,8 +897,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
824
897
|
raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource')
|
825
898
|
__props__ = SecretBackendRoleArgs.__new__(SecretBackendRoleArgs)
|
826
899
|
|
827
|
-
|
828
|
-
raise TypeError("Missing required property 'allowed_kubernetes_namespaces'")
|
900
|
+
__props__.__dict__["allowed_kubernetes_namespace_selector"] = allowed_kubernetes_namespace_selector
|
829
901
|
__props__.__dict__["allowed_kubernetes_namespaces"] = allowed_kubernetes_namespaces
|
830
902
|
if backend is None and not opts.urn:
|
831
903
|
raise TypeError("Missing required property 'backend'")
|
@@ -851,6 +923,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
851
923
|
def get(resource_name: str,
|
852
924
|
id: pulumi.Input[str],
|
853
925
|
opts: Optional[pulumi.ResourceOptions] = None,
|
926
|
+
allowed_kubernetes_namespace_selector: Optional[pulumi.Input[str]] = None,
|
854
927
|
allowed_kubernetes_namespaces: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
855
928
|
backend: Optional[pulumi.Input[str]] = None,
|
856
929
|
extra_annotations: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
@@ -871,8 +944,13 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
871
944
|
:param str resource_name: The unique name of the resulting resource.
|
872
945
|
:param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
|
873
946
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
947
|
+
:param pulumi.Input[str] allowed_kubernetes_namespace_selector: A label selector for Kubernetes namespaces
|
948
|
+
in which credentials can be generated. Accepts either a JSON or YAML object. The value should be
|
949
|
+
of type [LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#labelselector-v1-meta).
|
950
|
+
If set with `allowed_kubernetes_namespace`, the conditions are `OR`ed.
|
874
951
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_kubernetes_namespaces: The list of Kubernetes namespaces this role
|
875
|
-
can generate credentials for. If set to `*` all namespaces are allowed.
|
952
|
+
can generate credentials for. If set to `*` all namespaces are allowed. If set with
|
953
|
+
`allowed_kubernetes_namespace_selector`, the conditions are `OR`ed.
|
876
954
|
:param pulumi.Input[str] backend: The path of the Kubernetes Secrets Engine backend mount to create
|
877
955
|
the role in.
|
878
956
|
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] extra_annotations: Additional annotations to apply to all generated
|
@@ -896,7 +974,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
896
974
|
roles and role bindings. If unset, a default template is used.
|
897
975
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
898
976
|
The value should not contain leading or trailing forward slashes.
|
899
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
977
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
900
978
|
*Available only for Vault Enterprise*.
|
901
979
|
:param pulumi.Input[str] service_account_name: The pre-existing service account to generate tokens for.
|
902
980
|
Mutually exclusive with `kubernetes_role_name` and `generated_role_rules`. If set, only a
|
@@ -908,6 +986,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
908
986
|
|
909
987
|
__props__ = _SecretBackendRoleState.__new__(_SecretBackendRoleState)
|
910
988
|
|
989
|
+
__props__.__dict__["allowed_kubernetes_namespace_selector"] = allowed_kubernetes_namespace_selector
|
911
990
|
__props__.__dict__["allowed_kubernetes_namespaces"] = allowed_kubernetes_namespaces
|
912
991
|
__props__.__dict__["backend"] = backend
|
913
992
|
__props__.__dict__["extra_annotations"] = extra_annotations
|
@@ -923,12 +1002,24 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
923
1002
|
__props__.__dict__["token_max_ttl"] = token_max_ttl
|
924
1003
|
return SecretBackendRole(resource_name, opts=opts, __props__=__props__)
|
925
1004
|
|
1005
|
+
@property
|
1006
|
+
@pulumi.getter(name="allowedKubernetesNamespaceSelector")
|
1007
|
+
def allowed_kubernetes_namespace_selector(self) -> pulumi.Output[Optional[str]]:
|
1008
|
+
"""
|
1009
|
+
A label selector for Kubernetes namespaces
|
1010
|
+
in which credentials can be generated. Accepts either a JSON or YAML object. The value should be
|
1011
|
+
of type [LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#labelselector-v1-meta).
|
1012
|
+
If set with `allowed_kubernetes_namespace`, the conditions are `OR`ed.
|
1013
|
+
"""
|
1014
|
+
return pulumi.get(self, "allowed_kubernetes_namespace_selector")
|
1015
|
+
|
926
1016
|
@property
|
927
1017
|
@pulumi.getter(name="allowedKubernetesNamespaces")
|
928
|
-
def allowed_kubernetes_namespaces(self) -> pulumi.Output[Sequence[str]]:
|
1018
|
+
def allowed_kubernetes_namespaces(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
929
1019
|
"""
|
930
1020
|
The list of Kubernetes namespaces this role
|
931
|
-
can generate credentials for. If set to `*` all namespaces are allowed.
|
1021
|
+
can generate credentials for. If set to `*` all namespaces are allowed. If set with
|
1022
|
+
`allowed_kubernetes_namespace_selector`, the conditions are `OR`ed.
|
932
1023
|
"""
|
933
1024
|
return pulumi.get(self, "allowed_kubernetes_namespaces")
|
934
1025
|
|
@@ -1015,7 +1106,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1015
1106
|
"""
|
1016
1107
|
The namespace to provision the resource in.
|
1017
1108
|
The value should not contain leading or trailing forward slashes.
|
1018
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
1109
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
1019
1110
|
*Available only for Vault Enterprise*.
|
1020
1111
|
"""
|
1021
1112
|
return pulumi.get(self, "namespace")
|
pulumi_vault/kv/_inputs.py
CHANGED
@@ -4,25 +4,57 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
|
12
17
|
__all__ = [
|
13
18
|
'SecretV2CustomMetadataArgs',
|
19
|
+
'SecretV2CustomMetadataArgsDict',
|
14
20
|
]
|
15
21
|
|
22
|
+
MYPY = False
|
23
|
+
|
24
|
+
if not MYPY:
|
25
|
+
class SecretV2CustomMetadataArgsDict(TypedDict):
|
26
|
+
cas_required: NotRequired[pulumi.Input[bool]]
|
27
|
+
"""
|
28
|
+
If true, all keys will require the cas parameter to be set on all write requests.
|
29
|
+
"""
|
30
|
+
data: NotRequired[pulumi.Input[Mapping[str, pulumi.Input[str]]]]
|
31
|
+
"""
|
32
|
+
A mapping whose keys are the top-level data keys returned from
|
33
|
+
Vault and whose values are the corresponding values. This map can only
|
34
|
+
represent string data, so any non-string values returned from Vault are
|
35
|
+
serialized as JSON.
|
36
|
+
"""
|
37
|
+
delete_version_after: NotRequired[pulumi.Input[int]]
|
38
|
+
"""
|
39
|
+
If set, specifies the length of time before a version is deleted.
|
40
|
+
"""
|
41
|
+
max_versions: NotRequired[pulumi.Input[int]]
|
42
|
+
"""
|
43
|
+
The number of versions to keep per key.
|
44
|
+
"""
|
45
|
+
elif False:
|
46
|
+
SecretV2CustomMetadataArgsDict: TypeAlias = Mapping[str, Any]
|
47
|
+
|
16
48
|
@pulumi.input_type
|
17
49
|
class SecretV2CustomMetadataArgs:
|
18
50
|
def __init__(__self__, *,
|
19
51
|
cas_required: Optional[pulumi.Input[bool]] = None,
|
20
|
-
data: Optional[pulumi.Input[Mapping[str,
|
52
|
+
data: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
21
53
|
delete_version_after: Optional[pulumi.Input[int]] = None,
|
22
54
|
max_versions: Optional[pulumi.Input[int]] = None):
|
23
55
|
"""
|
24
56
|
:param pulumi.Input[bool] cas_required: If true, all keys will require the cas parameter to be set on all write requests.
|
25
|
-
:param pulumi.Input[Mapping[str,
|
57
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] data: A mapping whose keys are the top-level data keys returned from
|
26
58
|
Vault and whose values are the corresponding values. This map can only
|
27
59
|
represent string data, so any non-string values returned from Vault are
|
28
60
|
serialized as JSON.
|
@@ -52,7 +84,7 @@ class SecretV2CustomMetadataArgs:
|
|
52
84
|
|
53
85
|
@property
|
54
86
|
@pulumi.getter
|
55
|
-
def data(self) -> Optional[pulumi.Input[Mapping[str,
|
87
|
+
def data(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
|
56
88
|
"""
|
57
89
|
A mapping whose keys are the top-level data keys returned from
|
58
90
|
Vault and whose values are the corresponding values. This map can only
|
@@ -62,7 +94,7 @@ class SecretV2CustomMetadataArgs:
|
|
62
94
|
return pulumi.get(self, "data")
|
63
95
|
|
64
96
|
@data.setter
|
65
|
-
def data(self, value: Optional[pulumi.Input[Mapping[str,
|
97
|
+
def data(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
|
66
98
|
pulumi.set(self, "data", value)
|
67
99
|
|
68
100
|
@property
|
pulumi_vault/kv/get_secret.py
CHANGED
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
|
12
17
|
__all__ = [
|
@@ -49,7 +54,7 @@ class GetSecretResult:
|
|
49
54
|
|
50
55
|
@property
|
51
56
|
@pulumi.getter
|
52
|
-
def data(self) -> Mapping[str,
|
57
|
+
def data(self) -> Mapping[str, str]:
|
53
58
|
"""
|
54
59
|
A mapping whose keys are the top-level data keys returned from
|
55
60
|
Vault and whose values are the corresponding values. This map can only
|
@@ -154,6 +159,7 @@ def get_secret(namespace: Optional[str] = None,
|
|
154
159
|
}))
|
155
160
|
secret_data = vault.kv.get_secret_output(path=secret.path)
|
156
161
|
```
|
162
|
+
|
157
163
|
## Required Vault Capabilities
|
158
164
|
|
159
165
|
Use of this resource requires the `read` capability on the given path.
|
@@ -161,7 +167,7 @@ def get_secret(namespace: Optional[str] = None,
|
|
161
167
|
|
162
168
|
:param str namespace: The namespace of the target resource.
|
163
169
|
The value should not contain leading or trailing forward slashes.
|
164
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
170
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
165
171
|
*Available only for Vault Enterprise*.
|
166
172
|
:param str path: Full path of the KV-V1 secret.
|
167
173
|
"""
|
@@ -180,12 +186,9 @@ def get_secret(namespace: Optional[str] = None,
|
|
180
186
|
lease_renewable=pulumi.get(__ret__, 'lease_renewable'),
|
181
187
|
namespace=pulumi.get(__ret__, 'namespace'),
|
182
188
|
path=pulumi.get(__ret__, 'path'))
|
183
|
-
|
184
|
-
|
185
|
-
@_utilities.lift_output_func(get_secret)
|
186
189
|
def get_secret_output(namespace: Optional[pulumi.Input[Optional[str]]] = None,
|
187
190
|
path: Optional[pulumi.Input[str]] = None,
|
188
|
-
opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetSecretResult]:
|
191
|
+
opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetSecretResult]:
|
189
192
|
"""
|
190
193
|
## Example Usage
|
191
194
|
|
@@ -209,6 +212,7 @@ def get_secret_output(namespace: Optional[pulumi.Input[Optional[str]]] = None,
|
|
209
212
|
}))
|
210
213
|
secret_data = vault.kv.get_secret_output(path=secret.path)
|
211
214
|
```
|
215
|
+
|
212
216
|
## Required Vault Capabilities
|
213
217
|
|
214
218
|
Use of this resource requires the `read` capability on the given path.
|
@@ -216,8 +220,21 @@ def get_secret_output(namespace: Optional[pulumi.Input[Optional[str]]] = None,
|
|
216
220
|
|
217
221
|
:param str namespace: The namespace of the target resource.
|
218
222
|
The value should not contain leading or trailing forward slashes.
|
219
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
223
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
220
224
|
*Available only for Vault Enterprise*.
|
221
225
|
:param str path: Full path of the KV-V1 secret.
|
222
226
|
"""
|
223
|
-
|
227
|
+
__args__ = dict()
|
228
|
+
__args__['namespace'] = namespace
|
229
|
+
__args__['path'] = path
|
230
|
+
opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts)
|
231
|
+
__ret__ = pulumi.runtime.invoke_output('vault:kv/getSecret:getSecret', __args__, opts=opts, typ=GetSecretResult)
|
232
|
+
return __ret__.apply(lambda __response__: GetSecretResult(
|
233
|
+
data=pulumi.get(__response__, 'data'),
|
234
|
+
data_json=pulumi.get(__response__, 'data_json'),
|
235
|
+
id=pulumi.get(__response__, 'id'),
|
236
|
+
lease_duration=pulumi.get(__response__, 'lease_duration'),
|
237
|
+
lease_id=pulumi.get(__response__, 'lease_id'),
|
238
|
+
lease_renewable=pulumi.get(__response__, 'lease_renewable'),
|
239
|
+
namespace=pulumi.get(__response__, 'namespace'),
|
240
|
+
path=pulumi.get(__response__, 'path')))
|