pulumi-vault 5.21.0a1709368526__py3-none-any.whl → 6.5.0a1736836139__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +52 -0
- pulumi_vault/_inputs.py +560 -0
- pulumi_vault/_utilities.py +41 -5
- pulumi_vault/ad/get_access_credentials.py +26 -9
- pulumi_vault/ad/secret_backend.py +16 -142
- pulumi_vault/ad/secret_library.py +16 -9
- pulumi_vault/ad/secret_role.py +14 -9
- pulumi_vault/alicloud/auth_backend_role.py +76 -190
- pulumi_vault/approle/auth_backend_login.py +12 -7
- pulumi_vault/approle/auth_backend_role.py +77 -191
- pulumi_vault/approle/auth_backend_role_secret_id.py +106 -7
- pulumi_vault/approle/get_auth_backend_role_id.py +18 -5
- pulumi_vault/audit.py +30 -21
- pulumi_vault/audit_request_header.py +11 -2
- pulumi_vault/auth_backend.py +66 -14
- pulumi_vault/aws/auth_backend_cert.py +18 -9
- pulumi_vault/aws/auth_backend_client.py +267 -22
- pulumi_vault/aws/auth_backend_config_identity.py +14 -9
- pulumi_vault/aws/auth_backend_identity_whitelist.py +20 -15
- pulumi_vault/aws/auth_backend_login.py +19 -22
- pulumi_vault/aws/auth_backend_role.py +77 -191
- pulumi_vault/aws/auth_backend_role_tag.py +12 -7
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -13
- pulumi_vault/aws/auth_backend_sts_role.py +14 -9
- pulumi_vault/aws/get_access_credentials.py +38 -9
- pulumi_vault/aws/get_static_access_credentials.py +19 -5
- pulumi_vault/aws/secret_backend.py +77 -9
- pulumi_vault/aws/secret_backend_role.py +185 -9
- pulumi_vault/aws/secret_backend_static_role.py +20 -11
- pulumi_vault/azure/_inputs.py +24 -0
- pulumi_vault/azure/auth_backend_config.py +153 -15
- pulumi_vault/azure/auth_backend_role.py +77 -191
- pulumi_vault/azure/backend.py +227 -21
- pulumi_vault/azure/backend_role.py +42 -37
- pulumi_vault/azure/get_access_credentials.py +41 -7
- pulumi_vault/azure/outputs.py +5 -0
- pulumi_vault/cert_auth_backend_role.py +87 -267
- pulumi_vault/config/__init__.pyi +5 -0
- pulumi_vault/config/_inputs.py +73 -0
- pulumi_vault/config/outputs.py +35 -0
- pulumi_vault/config/ui_custom_message.py +529 -0
- pulumi_vault/config/vars.py +5 -0
- pulumi_vault/consul/secret_backend.py +28 -19
- pulumi_vault/consul/secret_backend_role.py +18 -78
- pulumi_vault/database/_inputs.py +2770 -881
- pulumi_vault/database/outputs.py +721 -838
- pulumi_vault/database/secret_backend_connection.py +119 -112
- pulumi_vault/database/secret_backend_role.py +31 -22
- pulumi_vault/database/secret_backend_static_role.py +87 -13
- pulumi_vault/database/secrets_mount.py +427 -136
- pulumi_vault/egp_policy.py +16 -11
- pulumi_vault/gcp/_inputs.py +111 -0
- pulumi_vault/gcp/auth_backend.py +250 -33
- pulumi_vault/gcp/auth_backend_role.py +77 -269
- pulumi_vault/gcp/get_auth_backend_role.py +43 -5
- pulumi_vault/gcp/outputs.py +5 -0
- pulumi_vault/gcp/secret_backend.py +287 -12
- pulumi_vault/gcp/secret_impersonated_account.py +76 -15
- pulumi_vault/gcp/secret_roleset.py +31 -24
- pulumi_vault/gcp/secret_static_account.py +39 -32
- pulumi_vault/generic/endpoint.py +24 -17
- pulumi_vault/generic/get_secret.py +64 -8
- pulumi_vault/generic/secret.py +21 -16
- pulumi_vault/get_auth_backend.py +24 -7
- pulumi_vault/get_auth_backends.py +51 -9
- pulumi_vault/get_namespace.py +226 -0
- pulumi_vault/get_namespaces.py +153 -0
- pulumi_vault/get_nomad_access_token.py +31 -11
- pulumi_vault/get_policy_document.py +34 -19
- pulumi_vault/get_raft_autopilot_state.py +29 -10
- pulumi_vault/github/_inputs.py +55 -0
- pulumi_vault/github/auth_backend.py +19 -14
- pulumi_vault/github/outputs.py +5 -0
- pulumi_vault/github/team.py +16 -11
- pulumi_vault/github/user.py +16 -11
- pulumi_vault/identity/entity.py +20 -13
- pulumi_vault/identity/entity_alias.py +20 -13
- pulumi_vault/identity/entity_policies.py +28 -11
- pulumi_vault/identity/get_entity.py +42 -10
- pulumi_vault/identity/get_group.py +47 -9
- pulumi_vault/identity/get_oidc_client_creds.py +21 -7
- pulumi_vault/identity/get_oidc_openid_config.py +39 -9
- pulumi_vault/identity/get_oidc_public_keys.py +29 -10
- pulumi_vault/identity/group.py +58 -39
- pulumi_vault/identity/group_alias.py +16 -9
- pulumi_vault/identity/group_member_entity_ids.py +28 -66
- pulumi_vault/identity/group_member_group_ids.py +40 -19
- pulumi_vault/identity/group_policies.py +20 -7
- pulumi_vault/identity/mfa_duo.py +11 -6
- pulumi_vault/identity/mfa_login_enforcement.py +15 -6
- pulumi_vault/identity/mfa_okta.py +11 -6
- pulumi_vault/identity/mfa_pingid.py +7 -2
- pulumi_vault/identity/mfa_totp.py +7 -2
- pulumi_vault/identity/oidc.py +12 -7
- pulumi_vault/identity/oidc_assignment.py +24 -11
- pulumi_vault/identity/oidc_client.py +36 -23
- pulumi_vault/identity/oidc_key.py +30 -17
- pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -15
- pulumi_vault/identity/oidc_provider.py +36 -21
- pulumi_vault/identity/oidc_role.py +42 -21
- pulumi_vault/identity/oidc_scope.py +20 -13
- pulumi_vault/identity/outputs.py +8 -3
- pulumi_vault/jwt/_inputs.py +55 -0
- pulumi_vault/jwt/auth_backend.py +45 -40
- pulumi_vault/jwt/auth_backend_role.py +133 -254
- pulumi_vault/jwt/outputs.py +5 -0
- pulumi_vault/kmip/secret_backend.py +24 -19
- pulumi_vault/kmip/secret_role.py +14 -9
- pulumi_vault/kmip/secret_scope.py +14 -9
- pulumi_vault/kubernetes/auth_backend_config.py +57 -5
- pulumi_vault/kubernetes/auth_backend_role.py +70 -177
- pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
- pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
- pulumi_vault/kubernetes/get_service_account_token.py +39 -11
- pulumi_vault/kubernetes/secret_backend.py +316 -27
- pulumi_vault/kubernetes/secret_backend_role.py +137 -46
- pulumi_vault/kv/_inputs.py +36 -4
- pulumi_vault/kv/get_secret.py +25 -8
- pulumi_vault/kv/get_secret_subkeys_v2.py +33 -10
- pulumi_vault/kv/get_secret_v2.py +85 -9
- pulumi_vault/kv/get_secrets_list.py +24 -11
- pulumi_vault/kv/get_secrets_list_v2.py +37 -15
- pulumi_vault/kv/outputs.py +8 -3
- pulumi_vault/kv/secret.py +23 -16
- pulumi_vault/kv/secret_backend_v2.py +20 -11
- pulumi_vault/kv/secret_v2.py +59 -50
- pulumi_vault/ldap/auth_backend.py +127 -166
- pulumi_vault/ldap/auth_backend_group.py +14 -9
- pulumi_vault/ldap/auth_backend_user.py +14 -9
- pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
- pulumi_vault/ldap/get_static_credentials.py +24 -5
- pulumi_vault/ldap/secret_backend.py +354 -82
- pulumi_vault/ldap/secret_backend_dynamic_role.py +18 -11
- pulumi_vault/ldap/secret_backend_library_set.py +16 -9
- pulumi_vault/ldap/secret_backend_static_role.py +73 -12
- pulumi_vault/managed/_inputs.py +289 -132
- pulumi_vault/managed/keys.py +29 -57
- pulumi_vault/managed/outputs.py +89 -132
- pulumi_vault/mfa_duo.py +18 -11
- pulumi_vault/mfa_okta.py +18 -11
- pulumi_vault/mfa_pingid.py +18 -11
- pulumi_vault/mfa_totp.py +24 -17
- pulumi_vault/mongodbatlas/secret_backend.py +20 -15
- pulumi_vault/mongodbatlas/secret_role.py +47 -38
- pulumi_vault/mount.py +391 -51
- pulumi_vault/namespace.py +68 -83
- pulumi_vault/nomad_secret_backend.py +18 -13
- pulumi_vault/nomad_secret_role.py +14 -9
- pulumi_vault/okta/_inputs.py +47 -8
- pulumi_vault/okta/auth_backend.py +485 -39
- pulumi_vault/okta/auth_backend_group.py +14 -9
- pulumi_vault/okta/auth_backend_user.py +14 -9
- pulumi_vault/okta/outputs.py +13 -8
- pulumi_vault/outputs.py +5 -0
- pulumi_vault/password_policy.py +20 -13
- pulumi_vault/pkisecret/__init__.py +3 -0
- pulumi_vault/pkisecret/_inputs.py +81 -0
- pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
- pulumi_vault/pkisecret/backend_config_est.py +619 -0
- pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
- pulumi_vault/pkisecret/get_backend_issuer.py +67 -9
- pulumi_vault/pkisecret/get_backend_issuers.py +21 -8
- pulumi_vault/pkisecret/get_backend_key.py +24 -9
- pulumi_vault/pkisecret/get_backend_keys.py +21 -8
- pulumi_vault/pkisecret/outputs.py +69 -0
- pulumi_vault/pkisecret/secret_backend_cert.py +18 -11
- pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -11
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +14 -9
- pulumi_vault/pkisecret/secret_backend_config_urls.py +67 -11
- pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -9
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -11
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -17
- pulumi_vault/pkisecret/secret_backend_issuer.py +14 -9
- pulumi_vault/pkisecret/secret_backend_key.py +14 -9
- pulumi_vault/pkisecret/secret_backend_role.py +21 -14
- pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -48
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -56
- pulumi_vault/pkisecret/secret_backend_sign.py +18 -54
- pulumi_vault/plugin.py +595 -0
- pulumi_vault/plugin_pinned_version.py +298 -0
- pulumi_vault/policy.py +14 -9
- pulumi_vault/provider.py +48 -53
- pulumi_vault/pulumi-plugin.json +2 -1
- pulumi_vault/quota_lease_count.py +60 -6
- pulumi_vault/quota_rate_limit.py +56 -2
- pulumi_vault/rabbitmq/_inputs.py +61 -0
- pulumi_vault/rabbitmq/outputs.py +5 -0
- pulumi_vault/rabbitmq/secret_backend.py +18 -13
- pulumi_vault/rabbitmq/secret_backend_role.py +54 -47
- pulumi_vault/raft_autopilot.py +14 -9
- pulumi_vault/raft_snapshot_agent_config.py +129 -224
- pulumi_vault/rgp_policy.py +14 -9
- pulumi_vault/saml/auth_backend.py +22 -17
- pulumi_vault/saml/auth_backend_role.py +92 -197
- pulumi_vault/secrets/__init__.py +3 -0
- pulumi_vault/secrets/_inputs.py +110 -0
- pulumi_vault/secrets/outputs.py +94 -0
- pulumi_vault/secrets/sync_association.py +56 -71
- pulumi_vault/secrets/sync_aws_destination.py +242 -27
- pulumi_vault/secrets/sync_azure_destination.py +92 -31
- pulumi_vault/secrets/sync_config.py +9 -4
- pulumi_vault/secrets/sync_gcp_destination.py +158 -25
- pulumi_vault/secrets/sync_gh_destination.py +189 -13
- pulumi_vault/secrets/sync_github_apps.py +375 -0
- pulumi_vault/secrets/sync_vercel_destination.py +74 -13
- pulumi_vault/ssh/_inputs.py +28 -28
- pulumi_vault/ssh/outputs.py +11 -28
- pulumi_vault/ssh/secret_backend_ca.py +108 -9
- pulumi_vault/ssh/secret_backend_role.py +85 -118
- pulumi_vault/terraformcloud/secret_backend.py +7 -54
- pulumi_vault/terraformcloud/secret_creds.py +14 -20
- pulumi_vault/terraformcloud/secret_role.py +16 -74
- pulumi_vault/token.py +28 -23
- pulumi_vault/tokenauth/auth_backend_role.py +78 -199
- pulumi_vault/transform/alphabet.py +16 -9
- pulumi_vault/transform/get_decode.py +45 -17
- pulumi_vault/transform/get_encode.py +45 -17
- pulumi_vault/transform/role.py +16 -9
- pulumi_vault/transform/template.py +30 -21
- pulumi_vault/transform/transformation.py +12 -7
- pulumi_vault/transit/get_decrypt.py +26 -21
- pulumi_vault/transit/get_encrypt.py +24 -19
- pulumi_vault/transit/secret_backend_key.py +27 -93
- pulumi_vault/transit/secret_cache_config.py +12 -7
- {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/METADATA +8 -7
- pulumi_vault-6.5.0a1736836139.dist-info/RECORD +256 -0
- {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/WHEEL +1 -1
- pulumi_vault-5.21.0a1709368526.dist-info/RECORD +0 -244
- {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/top_level.txt +0 -0
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
|
12
17
|
__all__ = [
|
@@ -52,7 +57,7 @@ class GetSecretSubkeysV2Result:
|
|
52
57
|
|
53
58
|
@property
|
54
59
|
@pulumi.getter
|
55
|
-
def data(self) -> Mapping[str,
|
60
|
+
def data(self) -> Mapping[str, str]:
|
56
61
|
"""
|
57
62
|
Subkeys for the KV-V2 secret stored as a serialized map of strings.
|
58
63
|
"""
|
@@ -146,8 +151,9 @@ def get_secret_subkeys_v2(depth: Optional[int] = None,
|
|
146
151
|
"version": "2",
|
147
152
|
},
|
148
153
|
description="KV Version 2 secret engine mount")
|
149
|
-
aws_secret = vault.kv.SecretV2("
|
154
|
+
aws_secret = vault.kv.SecretV2("aws_secret",
|
150
155
|
mount=kvv2.path,
|
156
|
+
name="aws_secret",
|
151
157
|
data_json=json.dumps({
|
152
158
|
"zip": "zap",
|
153
159
|
"foo": "bar",
|
@@ -155,6 +161,7 @@ def get_secret_subkeys_v2(depth: Optional[int] = None,
|
|
155
161
|
test = vault.kv.get_secret_subkeys_v2_output(mount=kvv2.path,
|
156
162
|
name=aws_secret.name)
|
157
163
|
```
|
164
|
+
|
158
165
|
## Required Vault Capabilities
|
159
166
|
|
160
167
|
Use of this resource requires the `read` capability on the given path.
|
@@ -171,7 +178,7 @@ def get_secret_subkeys_v2(depth: Optional[int] = None,
|
|
171
178
|
the name is `foo/bar/baz`.
|
172
179
|
:param str namespace: The namespace of the target resource.
|
173
180
|
The value should not contain leading or trailing forward slashes.
|
174
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
181
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
175
182
|
*Available only for Vault Enterprise*.
|
176
183
|
:param int version: Specifies the version to return. If not
|
177
184
|
set the latest version is returned.
|
@@ -195,15 +202,12 @@ def get_secret_subkeys_v2(depth: Optional[int] = None,
|
|
195
202
|
namespace=pulumi.get(__ret__, 'namespace'),
|
196
203
|
path=pulumi.get(__ret__, 'path'),
|
197
204
|
version=pulumi.get(__ret__, 'version'))
|
198
|
-
|
199
|
-
|
200
|
-
@_utilities.lift_output_func(get_secret_subkeys_v2)
|
201
205
|
def get_secret_subkeys_v2_output(depth: Optional[pulumi.Input[Optional[int]]] = None,
|
202
206
|
mount: Optional[pulumi.Input[str]] = None,
|
203
207
|
name: Optional[pulumi.Input[str]] = None,
|
204
208
|
namespace: Optional[pulumi.Input[Optional[str]]] = None,
|
205
209
|
version: Optional[pulumi.Input[Optional[int]]] = None,
|
206
|
-
opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetSecretSubkeysV2Result]:
|
210
|
+
opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetSecretSubkeysV2Result]:
|
207
211
|
"""
|
208
212
|
## Example Usage
|
209
213
|
|
@@ -219,8 +223,9 @@ def get_secret_subkeys_v2_output(depth: Optional[pulumi.Input[Optional[int]]] =
|
|
219
223
|
"version": "2",
|
220
224
|
},
|
221
225
|
description="KV Version 2 secret engine mount")
|
222
|
-
aws_secret = vault.kv.SecretV2("
|
226
|
+
aws_secret = vault.kv.SecretV2("aws_secret",
|
223
227
|
mount=kvv2.path,
|
228
|
+
name="aws_secret",
|
224
229
|
data_json=json.dumps({
|
225
230
|
"zip": "zap",
|
226
231
|
"foo": "bar",
|
@@ -228,6 +233,7 @@ def get_secret_subkeys_v2_output(depth: Optional[pulumi.Input[Optional[int]]] =
|
|
228
233
|
test = vault.kv.get_secret_subkeys_v2_output(mount=kvv2.path,
|
229
234
|
name=aws_secret.name)
|
230
235
|
```
|
236
|
+
|
231
237
|
## Required Vault Capabilities
|
232
238
|
|
233
239
|
Use of this resource requires the `read` capability on the given path.
|
@@ -244,9 +250,26 @@ def get_secret_subkeys_v2_output(depth: Optional[pulumi.Input[Optional[int]]] =
|
|
244
250
|
the name is `foo/bar/baz`.
|
245
251
|
:param str namespace: The namespace of the target resource.
|
246
252
|
The value should not contain leading or trailing forward slashes.
|
247
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
253
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
248
254
|
*Available only for Vault Enterprise*.
|
249
255
|
:param int version: Specifies the version to return. If not
|
250
256
|
set the latest version is returned.
|
251
257
|
"""
|
252
|
-
|
258
|
+
__args__ = dict()
|
259
|
+
__args__['depth'] = depth
|
260
|
+
__args__['mount'] = mount
|
261
|
+
__args__['name'] = name
|
262
|
+
__args__['namespace'] = namespace
|
263
|
+
__args__['version'] = version
|
264
|
+
opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts)
|
265
|
+
__ret__ = pulumi.runtime.invoke_output('vault:kv/getSecretSubkeysV2:getSecretSubkeysV2', __args__, opts=opts, typ=GetSecretSubkeysV2Result)
|
266
|
+
return __ret__.apply(lambda __response__: GetSecretSubkeysV2Result(
|
267
|
+
data=pulumi.get(__response__, 'data'),
|
268
|
+
data_json=pulumi.get(__response__, 'data_json'),
|
269
|
+
depth=pulumi.get(__response__, 'depth'),
|
270
|
+
id=pulumi.get(__response__, 'id'),
|
271
|
+
mount=pulumi.get(__response__, 'mount'),
|
272
|
+
name=pulumi.get(__response__, 'name'),
|
273
|
+
namespace=pulumi.get(__response__, 'namespace'),
|
274
|
+
path=pulumi.get(__response__, 'path'),
|
275
|
+
version=pulumi.get(__response__, 'version')))
|
pulumi_vault/kv/get_secret_v2.py
CHANGED
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
|
12
17
|
__all__ = [
|
@@ -69,7 +74,7 @@ class GetSecretV2Result:
|
|
69
74
|
|
70
75
|
@property
|
71
76
|
@pulumi.getter(name="customMetadata")
|
72
|
-
def custom_metadata(self) -> Mapping[str,
|
77
|
+
def custom_metadata(self) -> Mapping[str, str]:
|
73
78
|
"""
|
74
79
|
Custom metadata for the secret.
|
75
80
|
"""
|
@@ -77,7 +82,7 @@ class GetSecretV2Result:
|
|
77
82
|
|
78
83
|
@property
|
79
84
|
@pulumi.getter
|
80
|
-
def data(self) -> Mapping[str,
|
85
|
+
def data(self) -> Mapping[str, str]:
|
81
86
|
"""
|
82
87
|
A mapping whose keys are the top-level data keys returned from
|
83
88
|
Vault and whose values are the corresponding values. This map can only
|
@@ -145,6 +150,9 @@ class GetSecretV2Result:
|
|
145
150
|
@property
|
146
151
|
@pulumi.getter
|
147
152
|
def version(self) -> Optional[int]:
|
153
|
+
"""
|
154
|
+
Version of the secret.
|
155
|
+
"""
|
148
156
|
return pulumi.get(self, "version")
|
149
157
|
|
150
158
|
|
@@ -174,6 +182,32 @@ def get_secret_v2(mount: Optional[str] = None,
|
|
174
182
|
version: Optional[int] = None,
|
175
183
|
opts: Optional[pulumi.InvokeOptions] = None) -> AwaitableGetSecretV2Result:
|
176
184
|
"""
|
185
|
+
## Example Usage
|
186
|
+
|
187
|
+
```python
|
188
|
+
import pulumi
|
189
|
+
import json
|
190
|
+
import pulumi_vault as vault
|
191
|
+
|
192
|
+
kvv2 = vault.Mount("kvv2",
|
193
|
+
path="kvv2",
|
194
|
+
type="kv",
|
195
|
+
options={
|
196
|
+
"version": "2",
|
197
|
+
},
|
198
|
+
description="KV Version 2 secret engine mount")
|
199
|
+
example_secret_v2 = vault.kv.SecretV2("example",
|
200
|
+
mount=kvv2.path,
|
201
|
+
name="secret",
|
202
|
+
delete_all_versions=True,
|
203
|
+
data_json=json.dumps({
|
204
|
+
"zip": "zap",
|
205
|
+
"foo": "bar",
|
206
|
+
}))
|
207
|
+
example = vault.kv.get_secret_v2_output(mount=kvv2.path,
|
208
|
+
name=example_secret_v2.name)
|
209
|
+
```
|
210
|
+
|
177
211
|
## Required Vault Capabilities
|
178
212
|
|
179
213
|
Use of this resource requires the `read` capability on the given path.
|
@@ -186,7 +220,7 @@ def get_secret_v2(mount: Optional[str] = None,
|
|
186
220
|
the name is `foo/bar/baz`.
|
187
221
|
:param str namespace: The namespace of the target resource.
|
188
222
|
The value should not contain leading or trailing forward slashes.
|
189
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
223
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
190
224
|
*Available only for Vault Enterprise*.
|
191
225
|
:param int version: Version of the secret to retrieve.
|
192
226
|
"""
|
@@ -211,15 +245,38 @@ def get_secret_v2(mount: Optional[str] = None,
|
|
211
245
|
namespace=pulumi.get(__ret__, 'namespace'),
|
212
246
|
path=pulumi.get(__ret__, 'path'),
|
213
247
|
version=pulumi.get(__ret__, 'version'))
|
214
|
-
|
215
|
-
|
216
|
-
@_utilities.lift_output_func(get_secret_v2)
|
217
248
|
def get_secret_v2_output(mount: Optional[pulumi.Input[str]] = None,
|
218
249
|
name: Optional[pulumi.Input[str]] = None,
|
219
250
|
namespace: Optional[pulumi.Input[Optional[str]]] = None,
|
220
251
|
version: Optional[pulumi.Input[Optional[int]]] = None,
|
221
|
-
opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetSecretV2Result]:
|
252
|
+
opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetSecretV2Result]:
|
222
253
|
"""
|
254
|
+
## Example Usage
|
255
|
+
|
256
|
+
```python
|
257
|
+
import pulumi
|
258
|
+
import json
|
259
|
+
import pulumi_vault as vault
|
260
|
+
|
261
|
+
kvv2 = vault.Mount("kvv2",
|
262
|
+
path="kvv2",
|
263
|
+
type="kv",
|
264
|
+
options={
|
265
|
+
"version": "2",
|
266
|
+
},
|
267
|
+
description="KV Version 2 secret engine mount")
|
268
|
+
example_secret_v2 = vault.kv.SecretV2("example",
|
269
|
+
mount=kvv2.path,
|
270
|
+
name="secret",
|
271
|
+
delete_all_versions=True,
|
272
|
+
data_json=json.dumps({
|
273
|
+
"zip": "zap",
|
274
|
+
"foo": "bar",
|
275
|
+
}))
|
276
|
+
example = vault.kv.get_secret_v2_output(mount=kvv2.path,
|
277
|
+
name=example_secret_v2.name)
|
278
|
+
```
|
279
|
+
|
223
280
|
## Required Vault Capabilities
|
224
281
|
|
225
282
|
Use of this resource requires the `read` capability on the given path.
|
@@ -232,8 +289,27 @@ def get_secret_v2_output(mount: Optional[pulumi.Input[str]] = None,
|
|
232
289
|
the name is `foo/bar/baz`.
|
233
290
|
:param str namespace: The namespace of the target resource.
|
234
291
|
The value should not contain leading or trailing forward slashes.
|
235
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
292
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
236
293
|
*Available only for Vault Enterprise*.
|
237
294
|
:param int version: Version of the secret to retrieve.
|
238
295
|
"""
|
239
|
-
|
296
|
+
__args__ = dict()
|
297
|
+
__args__['mount'] = mount
|
298
|
+
__args__['name'] = name
|
299
|
+
__args__['namespace'] = namespace
|
300
|
+
__args__['version'] = version
|
301
|
+
opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts)
|
302
|
+
__ret__ = pulumi.runtime.invoke_output('vault:kv/getSecretV2:getSecretV2', __args__, opts=opts, typ=GetSecretV2Result)
|
303
|
+
return __ret__.apply(lambda __response__: GetSecretV2Result(
|
304
|
+
created_time=pulumi.get(__response__, 'created_time'),
|
305
|
+
custom_metadata=pulumi.get(__response__, 'custom_metadata'),
|
306
|
+
data=pulumi.get(__response__, 'data'),
|
307
|
+
data_json=pulumi.get(__response__, 'data_json'),
|
308
|
+
deletion_time=pulumi.get(__response__, 'deletion_time'),
|
309
|
+
destroyed=pulumi.get(__response__, 'destroyed'),
|
310
|
+
id=pulumi.get(__response__, 'id'),
|
311
|
+
mount=pulumi.get(__response__, 'mount'),
|
312
|
+
name=pulumi.get(__response__, 'name'),
|
313
|
+
namespace=pulumi.get(__response__, 'namespace'),
|
314
|
+
path=pulumi.get(__response__, 'path'),
|
315
|
+
version=pulumi.get(__response__, 'version')))
|
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
|
12
17
|
__all__ = [
|
@@ -92,18 +97,19 @@ def get_secrets_list(namespace: Optional[str] = None,
|
|
92
97
|
"version": "1",
|
93
98
|
},
|
94
99
|
description="KV Version 1 secret engine mount")
|
95
|
-
aws_secret = vault.kv.Secret("
|
100
|
+
aws_secret = vault.kv.Secret("aws_secret",
|
96
101
|
path=kvv1.path.apply(lambda path: f"{path}/aws-secret"),
|
97
102
|
data_json=json.dumps({
|
98
103
|
"zip": "zap",
|
99
104
|
}))
|
100
|
-
azure_secret = vault.kv.Secret("
|
105
|
+
azure_secret = vault.kv.Secret("azure_secret",
|
101
106
|
path=kvv1.path.apply(lambda path: f"{path}/azure-secret"),
|
102
107
|
data_json=json.dumps({
|
103
108
|
"foo": "bar",
|
104
109
|
}))
|
105
110
|
secrets = vault.kv.get_secrets_list_output(path=kvv1.path)
|
106
111
|
```
|
112
|
+
|
107
113
|
## Required Vault Capabilities
|
108
114
|
|
109
115
|
Use of this resource requires the `read` capability on the given path.
|
@@ -111,7 +117,7 @@ def get_secrets_list(namespace: Optional[str] = None,
|
|
111
117
|
|
112
118
|
:param str namespace: The namespace of the target resource.
|
113
119
|
The value should not contain leading or trailing forward slashes.
|
114
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
120
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
115
121
|
*Available only for Vault Enterprise*.
|
116
122
|
:param str path: Full KV-V1 path where secrets will be listed.
|
117
123
|
"""
|
@@ -126,12 +132,9 @@ def get_secrets_list(namespace: Optional[str] = None,
|
|
126
132
|
names=pulumi.get(__ret__, 'names'),
|
127
133
|
namespace=pulumi.get(__ret__, 'namespace'),
|
128
134
|
path=pulumi.get(__ret__, 'path'))
|
129
|
-
|
130
|
-
|
131
|
-
@_utilities.lift_output_func(get_secrets_list)
|
132
135
|
def get_secrets_list_output(namespace: Optional[pulumi.Input[Optional[str]]] = None,
|
133
136
|
path: Optional[pulumi.Input[str]] = None,
|
134
|
-
opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetSecretsListResult]:
|
137
|
+
opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetSecretsListResult]:
|
135
138
|
"""
|
136
139
|
## Example Usage
|
137
140
|
|
@@ -147,18 +150,19 @@ def get_secrets_list_output(namespace: Optional[pulumi.Input[Optional[str]]] = N
|
|
147
150
|
"version": "1",
|
148
151
|
},
|
149
152
|
description="KV Version 1 secret engine mount")
|
150
|
-
aws_secret = vault.kv.Secret("
|
153
|
+
aws_secret = vault.kv.Secret("aws_secret",
|
151
154
|
path=kvv1.path.apply(lambda path: f"{path}/aws-secret"),
|
152
155
|
data_json=json.dumps({
|
153
156
|
"zip": "zap",
|
154
157
|
}))
|
155
|
-
azure_secret = vault.kv.Secret("
|
158
|
+
azure_secret = vault.kv.Secret("azure_secret",
|
156
159
|
path=kvv1.path.apply(lambda path: f"{path}/azure-secret"),
|
157
160
|
data_json=json.dumps({
|
158
161
|
"foo": "bar",
|
159
162
|
}))
|
160
163
|
secrets = vault.kv.get_secrets_list_output(path=kvv1.path)
|
161
164
|
```
|
165
|
+
|
162
166
|
## Required Vault Capabilities
|
163
167
|
|
164
168
|
Use of this resource requires the `read` capability on the given path.
|
@@ -166,8 +170,17 @@ def get_secrets_list_output(namespace: Optional[pulumi.Input[Optional[str]]] = N
|
|
166
170
|
|
167
171
|
:param str namespace: The namespace of the target resource.
|
168
172
|
The value should not contain leading or trailing forward slashes.
|
169
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
173
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
170
174
|
*Available only for Vault Enterprise*.
|
171
175
|
:param str path: Full KV-V1 path where secrets will be listed.
|
172
176
|
"""
|
173
|
-
|
177
|
+
__args__ = dict()
|
178
|
+
__args__['namespace'] = namespace
|
179
|
+
__args__['path'] = path
|
180
|
+
opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts)
|
181
|
+
__ret__ = pulumi.runtime.invoke_output('vault:kv/getSecretsList:getSecretsList', __args__, opts=opts, typ=GetSecretsListResult)
|
182
|
+
return __ret__.apply(lambda __response__: GetSecretsListResult(
|
183
|
+
id=pulumi.get(__response__, 'id'),
|
184
|
+
names=pulumi.get(__response__, 'names'),
|
185
|
+
namespace=pulumi.get(__response__, 'namespace'),
|
186
|
+
path=pulumi.get(__response__, 'path')))
|
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
|
12
17
|
__all__ = [
|
@@ -114,25 +119,29 @@ def get_secrets_list_v2(mount: Optional[str] = None,
|
|
114
119
|
"version": "2",
|
115
120
|
},
|
116
121
|
description="KV Version 2 secret engine mount")
|
117
|
-
aws_secret = vault.kv.SecretV2("
|
122
|
+
aws_secret = vault.kv.SecretV2("aws_secret",
|
118
123
|
mount=kvv2.path,
|
124
|
+
name="aws_secret",
|
119
125
|
data_json=json.dumps({
|
120
126
|
"zip": "zap",
|
121
127
|
}))
|
122
|
-
azure_secret = vault.kv.SecretV2("
|
128
|
+
azure_secret = vault.kv.SecretV2("azure_secret",
|
123
129
|
mount=kvv2.path,
|
130
|
+
name="azure_secret",
|
124
131
|
data_json=json.dumps({
|
125
132
|
"foo": "bar",
|
126
133
|
}))
|
127
|
-
nested_secret = vault.kv.SecretV2("
|
134
|
+
nested_secret = vault.kv.SecretV2("nested_secret",
|
128
135
|
mount=kvv2.path,
|
136
|
+
name=azure_secret.name.apply(lambda name: f"{name}/dev"),
|
129
137
|
data_json=json.dumps({
|
130
138
|
"password": "test",
|
131
139
|
}))
|
132
140
|
secrets = vault.kv.get_secrets_list_v2_output(mount=kvv2.path)
|
133
141
|
nested_secrets = kvv2.path.apply(lambda path: vault.kv.get_secrets_list_v2_output(mount=path,
|
134
|
-
name=
|
142
|
+
name=test2["name"]))
|
135
143
|
```
|
144
|
+
|
136
145
|
## Required Vault Capabilities
|
137
146
|
|
138
147
|
Use of this resource requires the `read` capability on the given path.
|
@@ -145,7 +154,7 @@ def get_secrets_list_v2(mount: Optional[str] = None,
|
|
145
154
|
the name is `foo/bar/baz`.
|
146
155
|
:param str namespace: The namespace of the target resource.
|
147
156
|
The value should not contain leading or trailing forward slashes.
|
148
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
157
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
149
158
|
*Available only for Vault Enterprise*.
|
150
159
|
"""
|
151
160
|
__args__ = dict()
|
@@ -162,13 +171,10 @@ def get_secrets_list_v2(mount: Optional[str] = None,
|
|
162
171
|
names=pulumi.get(__ret__, 'names'),
|
163
172
|
namespace=pulumi.get(__ret__, 'namespace'),
|
164
173
|
path=pulumi.get(__ret__, 'path'))
|
165
|
-
|
166
|
-
|
167
|
-
@_utilities.lift_output_func(get_secrets_list_v2)
|
168
174
|
def get_secrets_list_v2_output(mount: Optional[pulumi.Input[str]] = None,
|
169
175
|
name: Optional[pulumi.Input[Optional[str]]] = None,
|
170
176
|
namespace: Optional[pulumi.Input[Optional[str]]] = None,
|
171
|
-
opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetSecretsListV2Result]:
|
177
|
+
opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetSecretsListV2Result]:
|
172
178
|
"""
|
173
179
|
## Example Usage
|
174
180
|
|
@@ -184,25 +190,29 @@ def get_secrets_list_v2_output(mount: Optional[pulumi.Input[str]] = None,
|
|
184
190
|
"version": "2",
|
185
191
|
},
|
186
192
|
description="KV Version 2 secret engine mount")
|
187
|
-
aws_secret = vault.kv.SecretV2("
|
193
|
+
aws_secret = vault.kv.SecretV2("aws_secret",
|
188
194
|
mount=kvv2.path,
|
195
|
+
name="aws_secret",
|
189
196
|
data_json=json.dumps({
|
190
197
|
"zip": "zap",
|
191
198
|
}))
|
192
|
-
azure_secret = vault.kv.SecretV2("
|
199
|
+
azure_secret = vault.kv.SecretV2("azure_secret",
|
193
200
|
mount=kvv2.path,
|
201
|
+
name="azure_secret",
|
194
202
|
data_json=json.dumps({
|
195
203
|
"foo": "bar",
|
196
204
|
}))
|
197
|
-
nested_secret = vault.kv.SecretV2("
|
205
|
+
nested_secret = vault.kv.SecretV2("nested_secret",
|
198
206
|
mount=kvv2.path,
|
207
|
+
name=azure_secret.name.apply(lambda name: f"{name}/dev"),
|
199
208
|
data_json=json.dumps({
|
200
209
|
"password": "test",
|
201
210
|
}))
|
202
211
|
secrets = vault.kv.get_secrets_list_v2_output(mount=kvv2.path)
|
203
212
|
nested_secrets = kvv2.path.apply(lambda path: vault.kv.get_secrets_list_v2_output(mount=path,
|
204
|
-
name=
|
213
|
+
name=test2["name"]))
|
205
214
|
```
|
215
|
+
|
206
216
|
## Required Vault Capabilities
|
207
217
|
|
208
218
|
Use of this resource requires the `read` capability on the given path.
|
@@ -215,7 +225,19 @@ def get_secrets_list_v2_output(mount: Optional[pulumi.Input[str]] = None,
|
|
215
225
|
the name is `foo/bar/baz`.
|
216
226
|
:param str namespace: The namespace of the target resource.
|
217
227
|
The value should not contain leading or trailing forward slashes.
|
218
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
228
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
219
229
|
*Available only for Vault Enterprise*.
|
220
230
|
"""
|
221
|
-
|
231
|
+
__args__ = dict()
|
232
|
+
__args__['mount'] = mount
|
233
|
+
__args__['name'] = name
|
234
|
+
__args__['namespace'] = namespace
|
235
|
+
opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts)
|
236
|
+
__ret__ = pulumi.runtime.invoke_output('vault:kv/getSecretsListV2:getSecretsListV2', __args__, opts=opts, typ=GetSecretsListV2Result)
|
237
|
+
return __ret__.apply(lambda __response__: GetSecretsListV2Result(
|
238
|
+
id=pulumi.get(__response__, 'id'),
|
239
|
+
mount=pulumi.get(__response__, 'mount'),
|
240
|
+
name=pulumi.get(__response__, 'name'),
|
241
|
+
names=pulumi.get(__response__, 'names'),
|
242
|
+
namespace=pulumi.get(__response__, 'namespace'),
|
243
|
+
path=pulumi.get(__response__, 'path')))
|
pulumi_vault/kv/outputs.py
CHANGED
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
|
12
17
|
__all__ = [
|
@@ -38,12 +43,12 @@ class SecretV2CustomMetadata(dict):
|
|
38
43
|
|
39
44
|
def __init__(__self__, *,
|
40
45
|
cas_required: Optional[bool] = None,
|
41
|
-
data: Optional[Mapping[str,
|
46
|
+
data: Optional[Mapping[str, str]] = None,
|
42
47
|
delete_version_after: Optional[int] = None,
|
43
48
|
max_versions: Optional[int] = None):
|
44
49
|
"""
|
45
50
|
:param bool cas_required: If true, all keys will require the cas parameter to be set on all write requests.
|
46
|
-
:param Mapping[str,
|
51
|
+
:param Mapping[str, str] data: A mapping whose keys are the top-level data keys returned from
|
47
52
|
Vault and whose values are the corresponding values. This map can only
|
48
53
|
represent string data, so any non-string values returned from Vault are
|
49
54
|
serialized as JSON.
|
@@ -69,7 +74,7 @@ class SecretV2CustomMetadata(dict):
|
|
69
74
|
|
70
75
|
@property
|
71
76
|
@pulumi.getter
|
72
|
-
def data(self) -> Optional[Mapping[str,
|
77
|
+
def data(self) -> Optional[Mapping[str, str]]:
|
73
78
|
"""
|
74
79
|
A mapping whose keys are the top-level data keys returned from
|
75
80
|
Vault and whose values are the corresponding values. This map can only
|