pulumi-vault 5.21.0a1709368526__py3-none-any.whl → 6.5.0a1736836139__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +52 -0
- pulumi_vault/_inputs.py +560 -0
- pulumi_vault/_utilities.py +41 -5
- pulumi_vault/ad/get_access_credentials.py +26 -9
- pulumi_vault/ad/secret_backend.py +16 -142
- pulumi_vault/ad/secret_library.py +16 -9
- pulumi_vault/ad/secret_role.py +14 -9
- pulumi_vault/alicloud/auth_backend_role.py +76 -190
- pulumi_vault/approle/auth_backend_login.py +12 -7
- pulumi_vault/approle/auth_backend_role.py +77 -191
- pulumi_vault/approle/auth_backend_role_secret_id.py +106 -7
- pulumi_vault/approle/get_auth_backend_role_id.py +18 -5
- pulumi_vault/audit.py +30 -21
- pulumi_vault/audit_request_header.py +11 -2
- pulumi_vault/auth_backend.py +66 -14
- pulumi_vault/aws/auth_backend_cert.py +18 -9
- pulumi_vault/aws/auth_backend_client.py +267 -22
- pulumi_vault/aws/auth_backend_config_identity.py +14 -9
- pulumi_vault/aws/auth_backend_identity_whitelist.py +20 -15
- pulumi_vault/aws/auth_backend_login.py +19 -22
- pulumi_vault/aws/auth_backend_role.py +77 -191
- pulumi_vault/aws/auth_backend_role_tag.py +12 -7
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -13
- pulumi_vault/aws/auth_backend_sts_role.py +14 -9
- pulumi_vault/aws/get_access_credentials.py +38 -9
- pulumi_vault/aws/get_static_access_credentials.py +19 -5
- pulumi_vault/aws/secret_backend.py +77 -9
- pulumi_vault/aws/secret_backend_role.py +185 -9
- pulumi_vault/aws/secret_backend_static_role.py +20 -11
- pulumi_vault/azure/_inputs.py +24 -0
- pulumi_vault/azure/auth_backend_config.py +153 -15
- pulumi_vault/azure/auth_backend_role.py +77 -191
- pulumi_vault/azure/backend.py +227 -21
- pulumi_vault/azure/backend_role.py +42 -37
- pulumi_vault/azure/get_access_credentials.py +41 -7
- pulumi_vault/azure/outputs.py +5 -0
- pulumi_vault/cert_auth_backend_role.py +87 -267
- pulumi_vault/config/__init__.pyi +5 -0
- pulumi_vault/config/_inputs.py +73 -0
- pulumi_vault/config/outputs.py +35 -0
- pulumi_vault/config/ui_custom_message.py +529 -0
- pulumi_vault/config/vars.py +5 -0
- pulumi_vault/consul/secret_backend.py +28 -19
- pulumi_vault/consul/secret_backend_role.py +18 -78
- pulumi_vault/database/_inputs.py +2770 -881
- pulumi_vault/database/outputs.py +721 -838
- pulumi_vault/database/secret_backend_connection.py +119 -112
- pulumi_vault/database/secret_backend_role.py +31 -22
- pulumi_vault/database/secret_backend_static_role.py +87 -13
- pulumi_vault/database/secrets_mount.py +427 -136
- pulumi_vault/egp_policy.py +16 -11
- pulumi_vault/gcp/_inputs.py +111 -0
- pulumi_vault/gcp/auth_backend.py +250 -33
- pulumi_vault/gcp/auth_backend_role.py +77 -269
- pulumi_vault/gcp/get_auth_backend_role.py +43 -5
- pulumi_vault/gcp/outputs.py +5 -0
- pulumi_vault/gcp/secret_backend.py +287 -12
- pulumi_vault/gcp/secret_impersonated_account.py +76 -15
- pulumi_vault/gcp/secret_roleset.py +31 -24
- pulumi_vault/gcp/secret_static_account.py +39 -32
- pulumi_vault/generic/endpoint.py +24 -17
- pulumi_vault/generic/get_secret.py +64 -8
- pulumi_vault/generic/secret.py +21 -16
- pulumi_vault/get_auth_backend.py +24 -7
- pulumi_vault/get_auth_backends.py +51 -9
- pulumi_vault/get_namespace.py +226 -0
- pulumi_vault/get_namespaces.py +153 -0
- pulumi_vault/get_nomad_access_token.py +31 -11
- pulumi_vault/get_policy_document.py +34 -19
- pulumi_vault/get_raft_autopilot_state.py +29 -10
- pulumi_vault/github/_inputs.py +55 -0
- pulumi_vault/github/auth_backend.py +19 -14
- pulumi_vault/github/outputs.py +5 -0
- pulumi_vault/github/team.py +16 -11
- pulumi_vault/github/user.py +16 -11
- pulumi_vault/identity/entity.py +20 -13
- pulumi_vault/identity/entity_alias.py +20 -13
- pulumi_vault/identity/entity_policies.py +28 -11
- pulumi_vault/identity/get_entity.py +42 -10
- pulumi_vault/identity/get_group.py +47 -9
- pulumi_vault/identity/get_oidc_client_creds.py +21 -7
- pulumi_vault/identity/get_oidc_openid_config.py +39 -9
- pulumi_vault/identity/get_oidc_public_keys.py +29 -10
- pulumi_vault/identity/group.py +58 -39
- pulumi_vault/identity/group_alias.py +16 -9
- pulumi_vault/identity/group_member_entity_ids.py +28 -66
- pulumi_vault/identity/group_member_group_ids.py +40 -19
- pulumi_vault/identity/group_policies.py +20 -7
- pulumi_vault/identity/mfa_duo.py +11 -6
- pulumi_vault/identity/mfa_login_enforcement.py +15 -6
- pulumi_vault/identity/mfa_okta.py +11 -6
- pulumi_vault/identity/mfa_pingid.py +7 -2
- pulumi_vault/identity/mfa_totp.py +7 -2
- pulumi_vault/identity/oidc.py +12 -7
- pulumi_vault/identity/oidc_assignment.py +24 -11
- pulumi_vault/identity/oidc_client.py +36 -23
- pulumi_vault/identity/oidc_key.py +30 -17
- pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -15
- pulumi_vault/identity/oidc_provider.py +36 -21
- pulumi_vault/identity/oidc_role.py +42 -21
- pulumi_vault/identity/oidc_scope.py +20 -13
- pulumi_vault/identity/outputs.py +8 -3
- pulumi_vault/jwt/_inputs.py +55 -0
- pulumi_vault/jwt/auth_backend.py +45 -40
- pulumi_vault/jwt/auth_backend_role.py +133 -254
- pulumi_vault/jwt/outputs.py +5 -0
- pulumi_vault/kmip/secret_backend.py +24 -19
- pulumi_vault/kmip/secret_role.py +14 -9
- pulumi_vault/kmip/secret_scope.py +14 -9
- pulumi_vault/kubernetes/auth_backend_config.py +57 -5
- pulumi_vault/kubernetes/auth_backend_role.py +70 -177
- pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
- pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
- pulumi_vault/kubernetes/get_service_account_token.py +39 -11
- pulumi_vault/kubernetes/secret_backend.py +316 -27
- pulumi_vault/kubernetes/secret_backend_role.py +137 -46
- pulumi_vault/kv/_inputs.py +36 -4
- pulumi_vault/kv/get_secret.py +25 -8
- pulumi_vault/kv/get_secret_subkeys_v2.py +33 -10
- pulumi_vault/kv/get_secret_v2.py +85 -9
- pulumi_vault/kv/get_secrets_list.py +24 -11
- pulumi_vault/kv/get_secrets_list_v2.py +37 -15
- pulumi_vault/kv/outputs.py +8 -3
- pulumi_vault/kv/secret.py +23 -16
- pulumi_vault/kv/secret_backend_v2.py +20 -11
- pulumi_vault/kv/secret_v2.py +59 -50
- pulumi_vault/ldap/auth_backend.py +127 -166
- pulumi_vault/ldap/auth_backend_group.py +14 -9
- pulumi_vault/ldap/auth_backend_user.py +14 -9
- pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
- pulumi_vault/ldap/get_static_credentials.py +24 -5
- pulumi_vault/ldap/secret_backend.py +354 -82
- pulumi_vault/ldap/secret_backend_dynamic_role.py +18 -11
- pulumi_vault/ldap/secret_backend_library_set.py +16 -9
- pulumi_vault/ldap/secret_backend_static_role.py +73 -12
- pulumi_vault/managed/_inputs.py +289 -132
- pulumi_vault/managed/keys.py +29 -57
- pulumi_vault/managed/outputs.py +89 -132
- pulumi_vault/mfa_duo.py +18 -11
- pulumi_vault/mfa_okta.py +18 -11
- pulumi_vault/mfa_pingid.py +18 -11
- pulumi_vault/mfa_totp.py +24 -17
- pulumi_vault/mongodbatlas/secret_backend.py +20 -15
- pulumi_vault/mongodbatlas/secret_role.py +47 -38
- pulumi_vault/mount.py +391 -51
- pulumi_vault/namespace.py +68 -83
- pulumi_vault/nomad_secret_backend.py +18 -13
- pulumi_vault/nomad_secret_role.py +14 -9
- pulumi_vault/okta/_inputs.py +47 -8
- pulumi_vault/okta/auth_backend.py +485 -39
- pulumi_vault/okta/auth_backend_group.py +14 -9
- pulumi_vault/okta/auth_backend_user.py +14 -9
- pulumi_vault/okta/outputs.py +13 -8
- pulumi_vault/outputs.py +5 -0
- pulumi_vault/password_policy.py +20 -13
- pulumi_vault/pkisecret/__init__.py +3 -0
- pulumi_vault/pkisecret/_inputs.py +81 -0
- pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
- pulumi_vault/pkisecret/backend_config_est.py +619 -0
- pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
- pulumi_vault/pkisecret/get_backend_issuer.py +67 -9
- pulumi_vault/pkisecret/get_backend_issuers.py +21 -8
- pulumi_vault/pkisecret/get_backend_key.py +24 -9
- pulumi_vault/pkisecret/get_backend_keys.py +21 -8
- pulumi_vault/pkisecret/outputs.py +69 -0
- pulumi_vault/pkisecret/secret_backend_cert.py +18 -11
- pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -11
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +14 -9
- pulumi_vault/pkisecret/secret_backend_config_urls.py +67 -11
- pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -9
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -11
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -17
- pulumi_vault/pkisecret/secret_backend_issuer.py +14 -9
- pulumi_vault/pkisecret/secret_backend_key.py +14 -9
- pulumi_vault/pkisecret/secret_backend_role.py +21 -14
- pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -48
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -56
- pulumi_vault/pkisecret/secret_backend_sign.py +18 -54
- pulumi_vault/plugin.py +595 -0
- pulumi_vault/plugin_pinned_version.py +298 -0
- pulumi_vault/policy.py +14 -9
- pulumi_vault/provider.py +48 -53
- pulumi_vault/pulumi-plugin.json +2 -1
- pulumi_vault/quota_lease_count.py +60 -6
- pulumi_vault/quota_rate_limit.py +56 -2
- pulumi_vault/rabbitmq/_inputs.py +61 -0
- pulumi_vault/rabbitmq/outputs.py +5 -0
- pulumi_vault/rabbitmq/secret_backend.py +18 -13
- pulumi_vault/rabbitmq/secret_backend_role.py +54 -47
- pulumi_vault/raft_autopilot.py +14 -9
- pulumi_vault/raft_snapshot_agent_config.py +129 -224
- pulumi_vault/rgp_policy.py +14 -9
- pulumi_vault/saml/auth_backend.py +22 -17
- pulumi_vault/saml/auth_backend_role.py +92 -197
- pulumi_vault/secrets/__init__.py +3 -0
- pulumi_vault/secrets/_inputs.py +110 -0
- pulumi_vault/secrets/outputs.py +94 -0
- pulumi_vault/secrets/sync_association.py +56 -71
- pulumi_vault/secrets/sync_aws_destination.py +242 -27
- pulumi_vault/secrets/sync_azure_destination.py +92 -31
- pulumi_vault/secrets/sync_config.py +9 -4
- pulumi_vault/secrets/sync_gcp_destination.py +158 -25
- pulumi_vault/secrets/sync_gh_destination.py +189 -13
- pulumi_vault/secrets/sync_github_apps.py +375 -0
- pulumi_vault/secrets/sync_vercel_destination.py +74 -13
- pulumi_vault/ssh/_inputs.py +28 -28
- pulumi_vault/ssh/outputs.py +11 -28
- pulumi_vault/ssh/secret_backend_ca.py +108 -9
- pulumi_vault/ssh/secret_backend_role.py +85 -118
- pulumi_vault/terraformcloud/secret_backend.py +7 -54
- pulumi_vault/terraformcloud/secret_creds.py +14 -20
- pulumi_vault/terraformcloud/secret_role.py +16 -74
- pulumi_vault/token.py +28 -23
- pulumi_vault/tokenauth/auth_backend_role.py +78 -199
- pulumi_vault/transform/alphabet.py +16 -9
- pulumi_vault/transform/get_decode.py +45 -17
- pulumi_vault/transform/get_encode.py +45 -17
- pulumi_vault/transform/role.py +16 -9
- pulumi_vault/transform/template.py +30 -21
- pulumi_vault/transform/transformation.py +12 -7
- pulumi_vault/transit/get_decrypt.py +26 -21
- pulumi_vault/transit/get_encrypt.py +24 -19
- pulumi_vault/transit/secret_backend_key.py +27 -93
- pulumi_vault/transit/secret_cache_config.py +12 -7
- {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/METADATA +8 -7
- pulumi_vault-6.5.0a1736836139.dist-info/RECORD +256 -0
- {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/WHEEL +1 -1
- pulumi_vault-5.21.0a1709368526.dist-info/RECORD +0 -244
- {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/top_level.txt +0 -0
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
|
12
17
|
__all__ = ['AuthBackendArgs', 'AuthBackend']
|
@@ -21,6 +26,7 @@ class AuthBackendArgs:
|
|
21
26
|
certificate: Optional[pulumi.Input[str]] = None,
|
22
27
|
client_tls_cert: Optional[pulumi.Input[str]] = None,
|
23
28
|
client_tls_key: Optional[pulumi.Input[str]] = None,
|
29
|
+
connection_timeout: Optional[pulumi.Input[int]] = None,
|
24
30
|
deny_null_bind: Optional[pulumi.Input[bool]] = None,
|
25
31
|
description: Optional[pulumi.Input[str]] = None,
|
26
32
|
disable_remount: Optional[pulumi.Input[bool]] = None,
|
@@ -58,6 +64,7 @@ class AuthBackendArgs:
|
|
58
64
|
:param pulumi.Input[str] bindpass: Password to use with `binddn` when performing user search
|
59
65
|
:param pulumi.Input[bool] case_sensitive_names: Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
|
60
66
|
:param pulumi.Input[str] certificate: Trusted CA to validate TLS certificate
|
67
|
+
:param pulumi.Input[int] connection_timeout: Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in `url` (integer: 30)
|
61
68
|
:param pulumi.Input[bool] deny_null_bind: Prevents users from bypassing authentication when providing an empty password.
|
62
69
|
:param pulumi.Input[str] description: Description for the LDAP auth backend mount
|
63
70
|
:param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
|
@@ -72,33 +79,20 @@ class AuthBackendArgs:
|
|
72
79
|
*Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+*.
|
73
80
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
74
81
|
The value should not contain leading or trailing forward slashes.
|
75
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
82
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
76
83
|
*Available only for Vault Enterprise*.
|
77
84
|
:param pulumi.Input[str] path: Path to mount the LDAP auth backend under
|
78
85
|
:param pulumi.Input[bool] starttls: Control use of TLS when conecting to LDAP
|
79
86
|
:param pulumi.Input[str] tls_max_version: Maximum acceptable version of TLS
|
80
87
|
:param pulumi.Input[str] tls_min_version: Minimum acceptable version of TLS
|
81
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs:
|
82
|
-
|
83
|
-
|
84
|
-
:param pulumi.Input[
|
85
|
-
|
86
|
-
|
87
|
-
|
88
|
-
:param pulumi.Input[int]
|
89
|
-
Its current value will be referenced at renewal time.
|
90
|
-
:param pulumi.Input[bool] token_no_default_policy: If set, the default policy will not be set on
|
91
|
-
generated tokens; otherwise it will be added to the policies set in token_policies.
|
92
|
-
:param pulumi.Input[int] token_num_uses: The [maximum number](https://www.vaultproject.io/api-docs/ldap#token_num_uses)
|
93
|
-
of times a generated token may be used (within its lifetime); 0 means unlimited.
|
94
|
-
:param pulumi.Input[int] token_period: If set, indicates that the
|
95
|
-
token generated using this role should never expire. The token should be renewed within the
|
96
|
-
duration specified by this value. At each renewal, the token's TTL will be set to the
|
97
|
-
value of this field. Specified in seconds.
|
98
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: List of policies to encode onto generated tokens. Depending
|
99
|
-
on the auth method, this list may be supplemented by user/group/other values.
|
100
|
-
:param pulumi.Input[int] token_ttl: The incremental lifetime for generated tokens in number of seconds.
|
101
|
-
Its current value will be referenced at renewal time.
|
88
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
|
89
|
+
:param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
|
90
|
+
:param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
|
91
|
+
:param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
|
92
|
+
:param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
|
93
|
+
:param pulumi.Input[int] token_period: Generated Token's Period
|
94
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
|
95
|
+
:param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
|
102
96
|
:param pulumi.Input[str] token_type: The type of token to generate, service or batch
|
103
97
|
:param pulumi.Input[str] upndomain: The `userPrincipalDomain` used to construct the UPN string for the authenticating user.
|
104
98
|
:param pulumi.Input[bool] use_token_groups: Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
|
@@ -120,6 +114,8 @@ class AuthBackendArgs:
|
|
120
114
|
pulumi.set(__self__, "client_tls_cert", client_tls_cert)
|
121
115
|
if client_tls_key is not None:
|
122
116
|
pulumi.set(__self__, "client_tls_key", client_tls_key)
|
117
|
+
if connection_timeout is not None:
|
118
|
+
pulumi.set(__self__, "connection_timeout", connection_timeout)
|
123
119
|
if deny_null_bind is not None:
|
124
120
|
pulumi.set(__self__, "deny_null_bind", deny_null_bind)
|
125
121
|
if description is not None:
|
@@ -259,6 +255,18 @@ class AuthBackendArgs:
|
|
259
255
|
def client_tls_key(self, value: Optional[pulumi.Input[str]]):
|
260
256
|
pulumi.set(self, "client_tls_key", value)
|
261
257
|
|
258
|
+
@property
|
259
|
+
@pulumi.getter(name="connectionTimeout")
|
260
|
+
def connection_timeout(self) -> Optional[pulumi.Input[int]]:
|
261
|
+
"""
|
262
|
+
Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in `url` (integer: 30)
|
263
|
+
"""
|
264
|
+
return pulumi.get(self, "connection_timeout")
|
265
|
+
|
266
|
+
@connection_timeout.setter
|
267
|
+
def connection_timeout(self, value: Optional[pulumi.Input[int]]):
|
268
|
+
pulumi.set(self, "connection_timeout", value)
|
269
|
+
|
262
270
|
@property
|
263
271
|
@pulumi.getter(name="denyNullBind")
|
264
272
|
def deny_null_bind(self) -> Optional[pulumi.Input[bool]]:
|
@@ -387,7 +395,7 @@ class AuthBackendArgs:
|
|
387
395
|
"""
|
388
396
|
The namespace to provision the resource in.
|
389
397
|
The value should not contain leading or trailing forward slashes.
|
390
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
398
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
391
399
|
*Available only for Vault Enterprise*.
|
392
400
|
"""
|
393
401
|
return pulumi.get(self, "namespace")
|
@@ -448,9 +456,7 @@ class AuthBackendArgs:
|
|
448
456
|
@pulumi.getter(name="tokenBoundCidrs")
|
449
457
|
def token_bound_cidrs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
450
458
|
"""
|
451
|
-
|
452
|
-
addresses which can authenticate successfully, and ties the resulting token to these blocks
|
453
|
-
as well.
|
459
|
+
Specifies the blocks of IP addresses which are allowed to use the generated token
|
454
460
|
"""
|
455
461
|
return pulumi.get(self, "token_bound_cidrs")
|
456
462
|
|
@@ -462,10 +468,7 @@ class AuthBackendArgs:
|
|
462
468
|
@pulumi.getter(name="tokenExplicitMaxTtl")
|
463
469
|
def token_explicit_max_ttl(self) -> Optional[pulumi.Input[int]]:
|
464
470
|
"""
|
465
|
-
|
466
|
-
[explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
|
467
|
-
onto the token in number of seconds. This is a hard cap even if `token_ttl` and
|
468
|
-
`token_max_ttl` would otherwise allow a renewal.
|
471
|
+
Generated Token's Explicit Maximum TTL in seconds
|
469
472
|
"""
|
470
473
|
return pulumi.get(self, "token_explicit_max_ttl")
|
471
474
|
|
@@ -477,8 +480,7 @@ class AuthBackendArgs:
|
|
477
480
|
@pulumi.getter(name="tokenMaxTtl")
|
478
481
|
def token_max_ttl(self) -> Optional[pulumi.Input[int]]:
|
479
482
|
"""
|
480
|
-
The maximum lifetime
|
481
|
-
Its current value will be referenced at renewal time.
|
483
|
+
The maximum lifetime of the generated token
|
482
484
|
"""
|
483
485
|
return pulumi.get(self, "token_max_ttl")
|
484
486
|
|
@@ -490,8 +492,7 @@ class AuthBackendArgs:
|
|
490
492
|
@pulumi.getter(name="tokenNoDefaultPolicy")
|
491
493
|
def token_no_default_policy(self) -> Optional[pulumi.Input[bool]]:
|
492
494
|
"""
|
493
|
-
If
|
494
|
-
generated tokens; otherwise it will be added to the policies set in token_policies.
|
495
|
+
If true, the 'default' policy will not automatically be added to generated tokens
|
495
496
|
"""
|
496
497
|
return pulumi.get(self, "token_no_default_policy")
|
497
498
|
|
@@ -503,8 +504,7 @@ class AuthBackendArgs:
|
|
503
504
|
@pulumi.getter(name="tokenNumUses")
|
504
505
|
def token_num_uses(self) -> Optional[pulumi.Input[int]]:
|
505
506
|
"""
|
506
|
-
The
|
507
|
-
of times a generated token may be used (within its lifetime); 0 means unlimited.
|
507
|
+
The maximum number of times a token may be used, a value of zero means unlimited
|
508
508
|
"""
|
509
509
|
return pulumi.get(self, "token_num_uses")
|
510
510
|
|
@@ -516,10 +516,7 @@ class AuthBackendArgs:
|
|
516
516
|
@pulumi.getter(name="tokenPeriod")
|
517
517
|
def token_period(self) -> Optional[pulumi.Input[int]]:
|
518
518
|
"""
|
519
|
-
|
520
|
-
token generated using this role should never expire. The token should be renewed within the
|
521
|
-
duration specified by this value. At each renewal, the token's TTL will be set to the
|
522
|
-
value of this field. Specified in seconds.
|
519
|
+
Generated Token's Period
|
523
520
|
"""
|
524
521
|
return pulumi.get(self, "token_period")
|
525
522
|
|
@@ -531,8 +528,7 @@ class AuthBackendArgs:
|
|
531
528
|
@pulumi.getter(name="tokenPolicies")
|
532
529
|
def token_policies(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
533
530
|
"""
|
534
|
-
|
535
|
-
on the auth method, this list may be supplemented by user/group/other values.
|
531
|
+
Generated Token's Policies
|
536
532
|
"""
|
537
533
|
return pulumi.get(self, "token_policies")
|
538
534
|
|
@@ -544,8 +540,7 @@ class AuthBackendArgs:
|
|
544
540
|
@pulumi.getter(name="tokenTtl")
|
545
541
|
def token_ttl(self) -> Optional[pulumi.Input[int]]:
|
546
542
|
"""
|
547
|
-
The
|
548
|
-
Its current value will be referenced at renewal time.
|
543
|
+
The initial ttl of the token to generate in seconds
|
549
544
|
"""
|
550
545
|
return pulumi.get(self, "token_ttl")
|
551
546
|
|
@@ -648,6 +643,7 @@ class _AuthBackendState:
|
|
648
643
|
certificate: Optional[pulumi.Input[str]] = None,
|
649
644
|
client_tls_cert: Optional[pulumi.Input[str]] = None,
|
650
645
|
client_tls_key: Optional[pulumi.Input[str]] = None,
|
646
|
+
connection_timeout: Optional[pulumi.Input[int]] = None,
|
651
647
|
deny_null_bind: Optional[pulumi.Input[bool]] = None,
|
652
648
|
description: Optional[pulumi.Input[str]] = None,
|
653
649
|
disable_remount: Optional[pulumi.Input[bool]] = None,
|
@@ -686,6 +682,7 @@ class _AuthBackendState:
|
|
686
682
|
:param pulumi.Input[str] bindpass: Password to use with `binddn` when performing user search
|
687
683
|
:param pulumi.Input[bool] case_sensitive_names: Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
|
688
684
|
:param pulumi.Input[str] certificate: Trusted CA to validate TLS certificate
|
685
|
+
:param pulumi.Input[int] connection_timeout: Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in `url` (integer: 30)
|
689
686
|
:param pulumi.Input[bool] deny_null_bind: Prevents users from bypassing authentication when providing an empty password.
|
690
687
|
:param pulumi.Input[str] description: Description for the LDAP auth backend mount
|
691
688
|
:param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
|
@@ -700,33 +697,20 @@ class _AuthBackendState:
|
|
700
697
|
*Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+*.
|
701
698
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
702
699
|
The value should not contain leading or trailing forward slashes.
|
703
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
700
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
704
701
|
*Available only for Vault Enterprise*.
|
705
702
|
:param pulumi.Input[str] path: Path to mount the LDAP auth backend under
|
706
703
|
:param pulumi.Input[bool] starttls: Control use of TLS when conecting to LDAP
|
707
704
|
:param pulumi.Input[str] tls_max_version: Maximum acceptable version of TLS
|
708
705
|
:param pulumi.Input[str] tls_min_version: Minimum acceptable version of TLS
|
709
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs:
|
710
|
-
|
711
|
-
|
712
|
-
:param pulumi.Input[
|
713
|
-
|
714
|
-
|
715
|
-
|
716
|
-
:param pulumi.Input[int]
|
717
|
-
Its current value will be referenced at renewal time.
|
718
|
-
:param pulumi.Input[bool] token_no_default_policy: If set, the default policy will not be set on
|
719
|
-
generated tokens; otherwise it will be added to the policies set in token_policies.
|
720
|
-
:param pulumi.Input[int] token_num_uses: The [maximum number](https://www.vaultproject.io/api-docs/ldap#token_num_uses)
|
721
|
-
of times a generated token may be used (within its lifetime); 0 means unlimited.
|
722
|
-
:param pulumi.Input[int] token_period: If set, indicates that the
|
723
|
-
token generated using this role should never expire. The token should be renewed within the
|
724
|
-
duration specified by this value. At each renewal, the token's TTL will be set to the
|
725
|
-
value of this field. Specified in seconds.
|
726
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: List of policies to encode onto generated tokens. Depending
|
727
|
-
on the auth method, this list may be supplemented by user/group/other values.
|
728
|
-
:param pulumi.Input[int] token_ttl: The incremental lifetime for generated tokens in number of seconds.
|
729
|
-
Its current value will be referenced at renewal time.
|
706
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
|
707
|
+
:param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
|
708
|
+
:param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
|
709
|
+
:param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
|
710
|
+
:param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
|
711
|
+
:param pulumi.Input[int] token_period: Generated Token's Period
|
712
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
|
713
|
+
:param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
|
730
714
|
:param pulumi.Input[str] token_type: The type of token to generate, service or batch
|
731
715
|
:param pulumi.Input[str] upndomain: The `userPrincipalDomain` used to construct the UPN string for the authenticating user.
|
732
716
|
:param pulumi.Input[str] url: The URL of the LDAP server
|
@@ -750,6 +734,8 @@ class _AuthBackendState:
|
|
750
734
|
pulumi.set(__self__, "client_tls_cert", client_tls_cert)
|
751
735
|
if client_tls_key is not None:
|
752
736
|
pulumi.set(__self__, "client_tls_key", client_tls_key)
|
737
|
+
if connection_timeout is not None:
|
738
|
+
pulumi.set(__self__, "connection_timeout", connection_timeout)
|
753
739
|
if deny_null_bind is not None:
|
754
740
|
pulumi.set(__self__, "deny_null_bind", deny_null_bind)
|
755
741
|
if description is not None:
|
@@ -891,6 +877,18 @@ class _AuthBackendState:
|
|
891
877
|
def client_tls_key(self, value: Optional[pulumi.Input[str]]):
|
892
878
|
pulumi.set(self, "client_tls_key", value)
|
893
879
|
|
880
|
+
@property
|
881
|
+
@pulumi.getter(name="connectionTimeout")
|
882
|
+
def connection_timeout(self) -> Optional[pulumi.Input[int]]:
|
883
|
+
"""
|
884
|
+
Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in `url` (integer: 30)
|
885
|
+
"""
|
886
|
+
return pulumi.get(self, "connection_timeout")
|
887
|
+
|
888
|
+
@connection_timeout.setter
|
889
|
+
def connection_timeout(self, value: Optional[pulumi.Input[int]]):
|
890
|
+
pulumi.set(self, "connection_timeout", value)
|
891
|
+
|
894
892
|
@property
|
895
893
|
@pulumi.getter(name="denyNullBind")
|
896
894
|
def deny_null_bind(self) -> Optional[pulumi.Input[bool]]:
|
@@ -1019,7 +1017,7 @@ class _AuthBackendState:
|
|
1019
1017
|
"""
|
1020
1018
|
The namespace to provision the resource in.
|
1021
1019
|
The value should not contain leading or trailing forward slashes.
|
1022
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
1020
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
1023
1021
|
*Available only for Vault Enterprise*.
|
1024
1022
|
"""
|
1025
1023
|
return pulumi.get(self, "namespace")
|
@@ -1080,9 +1078,7 @@ class _AuthBackendState:
|
|
1080
1078
|
@pulumi.getter(name="tokenBoundCidrs")
|
1081
1079
|
def token_bound_cidrs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
1082
1080
|
"""
|
1083
|
-
|
1084
|
-
addresses which can authenticate successfully, and ties the resulting token to these blocks
|
1085
|
-
as well.
|
1081
|
+
Specifies the blocks of IP addresses which are allowed to use the generated token
|
1086
1082
|
"""
|
1087
1083
|
return pulumi.get(self, "token_bound_cidrs")
|
1088
1084
|
|
@@ -1094,10 +1090,7 @@ class _AuthBackendState:
|
|
1094
1090
|
@pulumi.getter(name="tokenExplicitMaxTtl")
|
1095
1091
|
def token_explicit_max_ttl(self) -> Optional[pulumi.Input[int]]:
|
1096
1092
|
"""
|
1097
|
-
|
1098
|
-
[explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
|
1099
|
-
onto the token in number of seconds. This is a hard cap even if `token_ttl` and
|
1100
|
-
`token_max_ttl` would otherwise allow a renewal.
|
1093
|
+
Generated Token's Explicit Maximum TTL in seconds
|
1101
1094
|
"""
|
1102
1095
|
return pulumi.get(self, "token_explicit_max_ttl")
|
1103
1096
|
|
@@ -1109,8 +1102,7 @@ class _AuthBackendState:
|
|
1109
1102
|
@pulumi.getter(name="tokenMaxTtl")
|
1110
1103
|
def token_max_ttl(self) -> Optional[pulumi.Input[int]]:
|
1111
1104
|
"""
|
1112
|
-
The maximum lifetime
|
1113
|
-
Its current value will be referenced at renewal time.
|
1105
|
+
The maximum lifetime of the generated token
|
1114
1106
|
"""
|
1115
1107
|
return pulumi.get(self, "token_max_ttl")
|
1116
1108
|
|
@@ -1122,8 +1114,7 @@ class _AuthBackendState:
|
|
1122
1114
|
@pulumi.getter(name="tokenNoDefaultPolicy")
|
1123
1115
|
def token_no_default_policy(self) -> Optional[pulumi.Input[bool]]:
|
1124
1116
|
"""
|
1125
|
-
If
|
1126
|
-
generated tokens; otherwise it will be added to the policies set in token_policies.
|
1117
|
+
If true, the 'default' policy will not automatically be added to generated tokens
|
1127
1118
|
"""
|
1128
1119
|
return pulumi.get(self, "token_no_default_policy")
|
1129
1120
|
|
@@ -1135,8 +1126,7 @@ class _AuthBackendState:
|
|
1135
1126
|
@pulumi.getter(name="tokenNumUses")
|
1136
1127
|
def token_num_uses(self) -> Optional[pulumi.Input[int]]:
|
1137
1128
|
"""
|
1138
|
-
The
|
1139
|
-
of times a generated token may be used (within its lifetime); 0 means unlimited.
|
1129
|
+
The maximum number of times a token may be used, a value of zero means unlimited
|
1140
1130
|
"""
|
1141
1131
|
return pulumi.get(self, "token_num_uses")
|
1142
1132
|
|
@@ -1148,10 +1138,7 @@ class _AuthBackendState:
|
|
1148
1138
|
@pulumi.getter(name="tokenPeriod")
|
1149
1139
|
def token_period(self) -> Optional[pulumi.Input[int]]:
|
1150
1140
|
"""
|
1151
|
-
|
1152
|
-
token generated using this role should never expire. The token should be renewed within the
|
1153
|
-
duration specified by this value. At each renewal, the token's TTL will be set to the
|
1154
|
-
value of this field. Specified in seconds.
|
1141
|
+
Generated Token's Period
|
1155
1142
|
"""
|
1156
1143
|
return pulumi.get(self, "token_period")
|
1157
1144
|
|
@@ -1163,8 +1150,7 @@ class _AuthBackendState:
|
|
1163
1150
|
@pulumi.getter(name="tokenPolicies")
|
1164
1151
|
def token_policies(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
1165
1152
|
"""
|
1166
|
-
|
1167
|
-
on the auth method, this list may be supplemented by user/group/other values.
|
1153
|
+
Generated Token's Policies
|
1168
1154
|
"""
|
1169
1155
|
return pulumi.get(self, "token_policies")
|
1170
1156
|
|
@@ -1176,8 +1162,7 @@ class _AuthBackendState:
|
|
1176
1162
|
@pulumi.getter(name="tokenTtl")
|
1177
1163
|
def token_ttl(self) -> Optional[pulumi.Input[int]]:
|
1178
1164
|
"""
|
1179
|
-
The
|
1180
|
-
Its current value will be referenced at renewal time.
|
1165
|
+
The initial ttl of the token to generate in seconds
|
1181
1166
|
"""
|
1182
1167
|
return pulumi.get(self, "token_ttl")
|
1183
1168
|
|
@@ -1293,6 +1278,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1293
1278
|
certificate: Optional[pulumi.Input[str]] = None,
|
1294
1279
|
client_tls_cert: Optional[pulumi.Input[str]] = None,
|
1295
1280
|
client_tls_key: Optional[pulumi.Input[str]] = None,
|
1281
|
+
connection_timeout: Optional[pulumi.Input[int]] = None,
|
1296
1282
|
deny_null_bind: Optional[pulumi.Input[bool]] = None,
|
1297
1283
|
description: Optional[pulumi.Input[str]] = None,
|
1298
1284
|
disable_remount: Optional[pulumi.Input[bool]] = None,
|
@@ -1335,14 +1321,14 @@ class AuthBackend(pulumi.CustomResource):
|
|
1335
1321
|
import pulumi_vault as vault
|
1336
1322
|
|
1337
1323
|
ldap = vault.ldap.AuthBackend("ldap",
|
1338
|
-
discoverdn=False,
|
1339
|
-
groupdn="OU=Groups,DC=example,DC=org",
|
1340
|
-
groupfilter="(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))",
|
1341
1324
|
path="ldap",
|
1342
|
-
upndomain="EXAMPLE.ORG",
|
1343
1325
|
url="ldaps://dc-01.example.org",
|
1326
|
+
userdn="OU=Users,OU=Accounts,DC=example,DC=org",
|
1344
1327
|
userattr="sAMAccountName",
|
1345
|
-
|
1328
|
+
upndomain="EXAMPLE.ORG",
|
1329
|
+
discoverdn=False,
|
1330
|
+
groupdn="OU=Groups,DC=example,DC=org",
|
1331
|
+
groupfilter="(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))")
|
1346
1332
|
```
|
1347
1333
|
|
1348
1334
|
## Import
|
@@ -1350,7 +1336,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1350
1336
|
LDAP authentication backends can be imported using the `path`, e.g.
|
1351
1337
|
|
1352
1338
|
```sh
|
1353
|
-
|
1339
|
+
$ pulumi import vault:ldap/authBackend:AuthBackend ldap ldap
|
1354
1340
|
```
|
1355
1341
|
|
1356
1342
|
:param str resource_name: The name of the resource.
|
@@ -1359,6 +1345,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1359
1345
|
:param pulumi.Input[str] bindpass: Password to use with `binddn` when performing user search
|
1360
1346
|
:param pulumi.Input[bool] case_sensitive_names: Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
|
1361
1347
|
:param pulumi.Input[str] certificate: Trusted CA to validate TLS certificate
|
1348
|
+
:param pulumi.Input[int] connection_timeout: Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in `url` (integer: 30)
|
1362
1349
|
:param pulumi.Input[bool] deny_null_bind: Prevents users from bypassing authentication when providing an empty password.
|
1363
1350
|
:param pulumi.Input[str] description: Description for the LDAP auth backend mount
|
1364
1351
|
:param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
|
@@ -1373,33 +1360,20 @@ class AuthBackend(pulumi.CustomResource):
|
|
1373
1360
|
*Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+*.
|
1374
1361
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
1375
1362
|
The value should not contain leading or trailing forward slashes.
|
1376
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
1363
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
1377
1364
|
*Available only for Vault Enterprise*.
|
1378
1365
|
:param pulumi.Input[str] path: Path to mount the LDAP auth backend under
|
1379
1366
|
:param pulumi.Input[bool] starttls: Control use of TLS when conecting to LDAP
|
1380
1367
|
:param pulumi.Input[str] tls_max_version: Maximum acceptable version of TLS
|
1381
1368
|
:param pulumi.Input[str] tls_min_version: Minimum acceptable version of TLS
|
1382
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs:
|
1383
|
-
|
1384
|
-
|
1385
|
-
:param pulumi.Input[
|
1386
|
-
|
1387
|
-
|
1388
|
-
|
1389
|
-
:param pulumi.Input[int]
|
1390
|
-
Its current value will be referenced at renewal time.
|
1391
|
-
:param pulumi.Input[bool] token_no_default_policy: If set, the default policy will not be set on
|
1392
|
-
generated tokens; otherwise it will be added to the policies set in token_policies.
|
1393
|
-
:param pulumi.Input[int] token_num_uses: The [maximum number](https://www.vaultproject.io/api-docs/ldap#token_num_uses)
|
1394
|
-
of times a generated token may be used (within its lifetime); 0 means unlimited.
|
1395
|
-
:param pulumi.Input[int] token_period: If set, indicates that the
|
1396
|
-
token generated using this role should never expire. The token should be renewed within the
|
1397
|
-
duration specified by this value. At each renewal, the token's TTL will be set to the
|
1398
|
-
value of this field. Specified in seconds.
|
1399
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: List of policies to encode onto generated tokens. Depending
|
1400
|
-
on the auth method, this list may be supplemented by user/group/other values.
|
1401
|
-
:param pulumi.Input[int] token_ttl: The incremental lifetime for generated tokens in number of seconds.
|
1402
|
-
Its current value will be referenced at renewal time.
|
1369
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
|
1370
|
+
:param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
|
1371
|
+
:param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
|
1372
|
+
:param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
|
1373
|
+
:param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
|
1374
|
+
:param pulumi.Input[int] token_period: Generated Token's Period
|
1375
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
|
1376
|
+
:param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
|
1403
1377
|
:param pulumi.Input[str] token_type: The type of token to generate, service or batch
|
1404
1378
|
:param pulumi.Input[str] upndomain: The `userPrincipalDomain` used to construct the UPN string for the authenticating user.
|
1405
1379
|
:param pulumi.Input[str] url: The URL of the LDAP server
|
@@ -1425,14 +1399,14 @@ class AuthBackend(pulumi.CustomResource):
|
|
1425
1399
|
import pulumi_vault as vault
|
1426
1400
|
|
1427
1401
|
ldap = vault.ldap.AuthBackend("ldap",
|
1428
|
-
discoverdn=False,
|
1429
|
-
groupdn="OU=Groups,DC=example,DC=org",
|
1430
|
-
groupfilter="(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))",
|
1431
1402
|
path="ldap",
|
1432
|
-
upndomain="EXAMPLE.ORG",
|
1433
1403
|
url="ldaps://dc-01.example.org",
|
1404
|
+
userdn="OU=Users,OU=Accounts,DC=example,DC=org",
|
1434
1405
|
userattr="sAMAccountName",
|
1435
|
-
|
1406
|
+
upndomain="EXAMPLE.ORG",
|
1407
|
+
discoverdn=False,
|
1408
|
+
groupdn="OU=Groups,DC=example,DC=org",
|
1409
|
+
groupfilter="(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))")
|
1436
1410
|
```
|
1437
1411
|
|
1438
1412
|
## Import
|
@@ -1440,7 +1414,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1440
1414
|
LDAP authentication backends can be imported using the `path`, e.g.
|
1441
1415
|
|
1442
1416
|
```sh
|
1443
|
-
|
1417
|
+
$ pulumi import vault:ldap/authBackend:AuthBackend ldap ldap
|
1444
1418
|
```
|
1445
1419
|
|
1446
1420
|
:param str resource_name: The name of the resource.
|
@@ -1464,6 +1438,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1464
1438
|
certificate: Optional[pulumi.Input[str]] = None,
|
1465
1439
|
client_tls_cert: Optional[pulumi.Input[str]] = None,
|
1466
1440
|
client_tls_key: Optional[pulumi.Input[str]] = None,
|
1441
|
+
connection_timeout: Optional[pulumi.Input[int]] = None,
|
1467
1442
|
deny_null_bind: Optional[pulumi.Input[bool]] = None,
|
1468
1443
|
description: Optional[pulumi.Input[str]] = None,
|
1469
1444
|
disable_remount: Optional[pulumi.Input[bool]] = None,
|
@@ -1510,6 +1485,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1510
1485
|
__props__.__dict__["certificate"] = certificate
|
1511
1486
|
__props__.__dict__["client_tls_cert"] = client_tls_cert
|
1512
1487
|
__props__.__dict__["client_tls_key"] = None if client_tls_key is None else pulumi.Output.secret(client_tls_key)
|
1488
|
+
__props__.__dict__["connection_timeout"] = connection_timeout
|
1513
1489
|
__props__.__dict__["deny_null_bind"] = deny_null_bind
|
1514
1490
|
__props__.__dict__["description"] = description
|
1515
1491
|
__props__.__dict__["disable_remount"] = disable_remount
|
@@ -1563,6 +1539,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1563
1539
|
certificate: Optional[pulumi.Input[str]] = None,
|
1564
1540
|
client_tls_cert: Optional[pulumi.Input[str]] = None,
|
1565
1541
|
client_tls_key: Optional[pulumi.Input[str]] = None,
|
1542
|
+
connection_timeout: Optional[pulumi.Input[int]] = None,
|
1566
1543
|
deny_null_bind: Optional[pulumi.Input[bool]] = None,
|
1567
1544
|
description: Optional[pulumi.Input[str]] = None,
|
1568
1545
|
disable_remount: Optional[pulumi.Input[bool]] = None,
|
@@ -1606,6 +1583,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1606
1583
|
:param pulumi.Input[str] bindpass: Password to use with `binddn` when performing user search
|
1607
1584
|
:param pulumi.Input[bool] case_sensitive_names: Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
|
1608
1585
|
:param pulumi.Input[str] certificate: Trusted CA to validate TLS certificate
|
1586
|
+
:param pulumi.Input[int] connection_timeout: Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in `url` (integer: 30)
|
1609
1587
|
:param pulumi.Input[bool] deny_null_bind: Prevents users from bypassing authentication when providing an empty password.
|
1610
1588
|
:param pulumi.Input[str] description: Description for the LDAP auth backend mount
|
1611
1589
|
:param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
|
@@ -1620,33 +1598,20 @@ class AuthBackend(pulumi.CustomResource):
|
|
1620
1598
|
*Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+*.
|
1621
1599
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
1622
1600
|
The value should not contain leading or trailing forward slashes.
|
1623
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
1601
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
1624
1602
|
*Available only for Vault Enterprise*.
|
1625
1603
|
:param pulumi.Input[str] path: Path to mount the LDAP auth backend under
|
1626
1604
|
:param pulumi.Input[bool] starttls: Control use of TLS when conecting to LDAP
|
1627
1605
|
:param pulumi.Input[str] tls_max_version: Maximum acceptable version of TLS
|
1628
1606
|
:param pulumi.Input[str] tls_min_version: Minimum acceptable version of TLS
|
1629
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs:
|
1630
|
-
|
1631
|
-
|
1632
|
-
:param pulumi.Input[
|
1633
|
-
|
1634
|
-
|
1635
|
-
|
1636
|
-
:param pulumi.Input[int]
|
1637
|
-
Its current value will be referenced at renewal time.
|
1638
|
-
:param pulumi.Input[bool] token_no_default_policy: If set, the default policy will not be set on
|
1639
|
-
generated tokens; otherwise it will be added to the policies set in token_policies.
|
1640
|
-
:param pulumi.Input[int] token_num_uses: The [maximum number](https://www.vaultproject.io/api-docs/ldap#token_num_uses)
|
1641
|
-
of times a generated token may be used (within its lifetime); 0 means unlimited.
|
1642
|
-
:param pulumi.Input[int] token_period: If set, indicates that the
|
1643
|
-
token generated using this role should never expire. The token should be renewed within the
|
1644
|
-
duration specified by this value. At each renewal, the token's TTL will be set to the
|
1645
|
-
value of this field. Specified in seconds.
|
1646
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: List of policies to encode onto generated tokens. Depending
|
1647
|
-
on the auth method, this list may be supplemented by user/group/other values.
|
1648
|
-
:param pulumi.Input[int] token_ttl: The incremental lifetime for generated tokens in number of seconds.
|
1649
|
-
Its current value will be referenced at renewal time.
|
1607
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
|
1608
|
+
:param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
|
1609
|
+
:param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
|
1610
|
+
:param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
|
1611
|
+
:param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
|
1612
|
+
:param pulumi.Input[int] token_period: Generated Token's Period
|
1613
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
|
1614
|
+
:param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
|
1650
1615
|
:param pulumi.Input[str] token_type: The type of token to generate, service or batch
|
1651
1616
|
:param pulumi.Input[str] upndomain: The `userPrincipalDomain` used to construct the UPN string for the authenticating user.
|
1652
1617
|
:param pulumi.Input[str] url: The URL of the LDAP server
|
@@ -1667,6 +1632,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1667
1632
|
__props__.__dict__["certificate"] = certificate
|
1668
1633
|
__props__.__dict__["client_tls_cert"] = client_tls_cert
|
1669
1634
|
__props__.__dict__["client_tls_key"] = client_tls_key
|
1635
|
+
__props__.__dict__["connection_timeout"] = connection_timeout
|
1670
1636
|
__props__.__dict__["deny_null_bind"] = deny_null_bind
|
1671
1637
|
__props__.__dict__["description"] = description
|
1672
1638
|
__props__.__dict__["disable_remount"] = disable_remount
|
@@ -1750,6 +1716,14 @@ class AuthBackend(pulumi.CustomResource):
|
|
1750
1716
|
def client_tls_key(self) -> pulumi.Output[str]:
|
1751
1717
|
return pulumi.get(self, "client_tls_key")
|
1752
1718
|
|
1719
|
+
@property
|
1720
|
+
@pulumi.getter(name="connectionTimeout")
|
1721
|
+
def connection_timeout(self) -> pulumi.Output[int]:
|
1722
|
+
"""
|
1723
|
+
Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in `url` (integer: 30)
|
1724
|
+
"""
|
1725
|
+
return pulumi.get(self, "connection_timeout")
|
1726
|
+
|
1753
1727
|
@property
|
1754
1728
|
@pulumi.getter(name="denyNullBind")
|
1755
1729
|
def deny_null_bind(self) -> pulumi.Output[bool]:
|
@@ -1838,7 +1812,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1838
1812
|
"""
|
1839
1813
|
The namespace to provision the resource in.
|
1840
1814
|
The value should not contain leading or trailing forward slashes.
|
1841
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
1815
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
1842
1816
|
*Available only for Vault Enterprise*.
|
1843
1817
|
"""
|
1844
1818
|
return pulumi.get(self, "namespace")
|
@@ -1879,9 +1853,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1879
1853
|
@pulumi.getter(name="tokenBoundCidrs")
|
1880
1854
|
def token_bound_cidrs(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
1881
1855
|
"""
|
1882
|
-
|
1883
|
-
addresses which can authenticate successfully, and ties the resulting token to these blocks
|
1884
|
-
as well.
|
1856
|
+
Specifies the blocks of IP addresses which are allowed to use the generated token
|
1885
1857
|
"""
|
1886
1858
|
return pulumi.get(self, "token_bound_cidrs")
|
1887
1859
|
|
@@ -1889,10 +1861,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1889
1861
|
@pulumi.getter(name="tokenExplicitMaxTtl")
|
1890
1862
|
def token_explicit_max_ttl(self) -> pulumi.Output[Optional[int]]:
|
1891
1863
|
"""
|
1892
|
-
|
1893
|
-
[explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
|
1894
|
-
onto the token in number of seconds. This is a hard cap even if `token_ttl` and
|
1895
|
-
`token_max_ttl` would otherwise allow a renewal.
|
1864
|
+
Generated Token's Explicit Maximum TTL in seconds
|
1896
1865
|
"""
|
1897
1866
|
return pulumi.get(self, "token_explicit_max_ttl")
|
1898
1867
|
|
@@ -1900,8 +1869,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1900
1869
|
@pulumi.getter(name="tokenMaxTtl")
|
1901
1870
|
def token_max_ttl(self) -> pulumi.Output[Optional[int]]:
|
1902
1871
|
"""
|
1903
|
-
The maximum lifetime
|
1904
|
-
Its current value will be referenced at renewal time.
|
1872
|
+
The maximum lifetime of the generated token
|
1905
1873
|
"""
|
1906
1874
|
return pulumi.get(self, "token_max_ttl")
|
1907
1875
|
|
@@ -1909,8 +1877,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1909
1877
|
@pulumi.getter(name="tokenNoDefaultPolicy")
|
1910
1878
|
def token_no_default_policy(self) -> pulumi.Output[Optional[bool]]:
|
1911
1879
|
"""
|
1912
|
-
If
|
1913
|
-
generated tokens; otherwise it will be added to the policies set in token_policies.
|
1880
|
+
If true, the 'default' policy will not automatically be added to generated tokens
|
1914
1881
|
"""
|
1915
1882
|
return pulumi.get(self, "token_no_default_policy")
|
1916
1883
|
|
@@ -1918,8 +1885,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1918
1885
|
@pulumi.getter(name="tokenNumUses")
|
1919
1886
|
def token_num_uses(self) -> pulumi.Output[Optional[int]]:
|
1920
1887
|
"""
|
1921
|
-
The
|
1922
|
-
of times a generated token may be used (within its lifetime); 0 means unlimited.
|
1888
|
+
The maximum number of times a token may be used, a value of zero means unlimited
|
1923
1889
|
"""
|
1924
1890
|
return pulumi.get(self, "token_num_uses")
|
1925
1891
|
|
@@ -1927,10 +1893,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1927
1893
|
@pulumi.getter(name="tokenPeriod")
|
1928
1894
|
def token_period(self) -> pulumi.Output[Optional[int]]:
|
1929
1895
|
"""
|
1930
|
-
|
1931
|
-
token generated using this role should never expire. The token should be renewed within the
|
1932
|
-
duration specified by this value. At each renewal, the token's TTL will be set to the
|
1933
|
-
value of this field. Specified in seconds.
|
1896
|
+
Generated Token's Period
|
1934
1897
|
"""
|
1935
1898
|
return pulumi.get(self, "token_period")
|
1936
1899
|
|
@@ -1938,8 +1901,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1938
1901
|
@pulumi.getter(name="tokenPolicies")
|
1939
1902
|
def token_policies(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
1940
1903
|
"""
|
1941
|
-
|
1942
|
-
on the auth method, this list may be supplemented by user/group/other values.
|
1904
|
+
Generated Token's Policies
|
1943
1905
|
"""
|
1944
1906
|
return pulumi.get(self, "token_policies")
|
1945
1907
|
|
@@ -1947,8 +1909,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1947
1909
|
@pulumi.getter(name="tokenTtl")
|
1948
1910
|
def token_ttl(self) -> pulumi.Output[Optional[int]]:
|
1949
1911
|
"""
|
1950
|
-
The
|
1951
|
-
Its current value will be referenced at renewal time.
|
1912
|
+
The initial ttl of the token to generate in seconds
|
1952
1913
|
"""
|
1953
1914
|
return pulumi.get(self, "token_ttl")
|
1954
1915
|
|