pulumi-vault 5.21.0a1709368526__py3-none-any.whl → 6.5.0a1736836139__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +52 -0
- pulumi_vault/_inputs.py +560 -0
- pulumi_vault/_utilities.py +41 -5
- pulumi_vault/ad/get_access_credentials.py +26 -9
- pulumi_vault/ad/secret_backend.py +16 -142
- pulumi_vault/ad/secret_library.py +16 -9
- pulumi_vault/ad/secret_role.py +14 -9
- pulumi_vault/alicloud/auth_backend_role.py +76 -190
- pulumi_vault/approle/auth_backend_login.py +12 -7
- pulumi_vault/approle/auth_backend_role.py +77 -191
- pulumi_vault/approle/auth_backend_role_secret_id.py +106 -7
- pulumi_vault/approle/get_auth_backend_role_id.py +18 -5
- pulumi_vault/audit.py +30 -21
- pulumi_vault/audit_request_header.py +11 -2
- pulumi_vault/auth_backend.py +66 -14
- pulumi_vault/aws/auth_backend_cert.py +18 -9
- pulumi_vault/aws/auth_backend_client.py +267 -22
- pulumi_vault/aws/auth_backend_config_identity.py +14 -9
- pulumi_vault/aws/auth_backend_identity_whitelist.py +20 -15
- pulumi_vault/aws/auth_backend_login.py +19 -22
- pulumi_vault/aws/auth_backend_role.py +77 -191
- pulumi_vault/aws/auth_backend_role_tag.py +12 -7
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -13
- pulumi_vault/aws/auth_backend_sts_role.py +14 -9
- pulumi_vault/aws/get_access_credentials.py +38 -9
- pulumi_vault/aws/get_static_access_credentials.py +19 -5
- pulumi_vault/aws/secret_backend.py +77 -9
- pulumi_vault/aws/secret_backend_role.py +185 -9
- pulumi_vault/aws/secret_backend_static_role.py +20 -11
- pulumi_vault/azure/_inputs.py +24 -0
- pulumi_vault/azure/auth_backend_config.py +153 -15
- pulumi_vault/azure/auth_backend_role.py +77 -191
- pulumi_vault/azure/backend.py +227 -21
- pulumi_vault/azure/backend_role.py +42 -37
- pulumi_vault/azure/get_access_credentials.py +41 -7
- pulumi_vault/azure/outputs.py +5 -0
- pulumi_vault/cert_auth_backend_role.py +87 -267
- pulumi_vault/config/__init__.pyi +5 -0
- pulumi_vault/config/_inputs.py +73 -0
- pulumi_vault/config/outputs.py +35 -0
- pulumi_vault/config/ui_custom_message.py +529 -0
- pulumi_vault/config/vars.py +5 -0
- pulumi_vault/consul/secret_backend.py +28 -19
- pulumi_vault/consul/secret_backend_role.py +18 -78
- pulumi_vault/database/_inputs.py +2770 -881
- pulumi_vault/database/outputs.py +721 -838
- pulumi_vault/database/secret_backend_connection.py +119 -112
- pulumi_vault/database/secret_backend_role.py +31 -22
- pulumi_vault/database/secret_backend_static_role.py +87 -13
- pulumi_vault/database/secrets_mount.py +427 -136
- pulumi_vault/egp_policy.py +16 -11
- pulumi_vault/gcp/_inputs.py +111 -0
- pulumi_vault/gcp/auth_backend.py +250 -33
- pulumi_vault/gcp/auth_backend_role.py +77 -269
- pulumi_vault/gcp/get_auth_backend_role.py +43 -5
- pulumi_vault/gcp/outputs.py +5 -0
- pulumi_vault/gcp/secret_backend.py +287 -12
- pulumi_vault/gcp/secret_impersonated_account.py +76 -15
- pulumi_vault/gcp/secret_roleset.py +31 -24
- pulumi_vault/gcp/secret_static_account.py +39 -32
- pulumi_vault/generic/endpoint.py +24 -17
- pulumi_vault/generic/get_secret.py +64 -8
- pulumi_vault/generic/secret.py +21 -16
- pulumi_vault/get_auth_backend.py +24 -7
- pulumi_vault/get_auth_backends.py +51 -9
- pulumi_vault/get_namespace.py +226 -0
- pulumi_vault/get_namespaces.py +153 -0
- pulumi_vault/get_nomad_access_token.py +31 -11
- pulumi_vault/get_policy_document.py +34 -19
- pulumi_vault/get_raft_autopilot_state.py +29 -10
- pulumi_vault/github/_inputs.py +55 -0
- pulumi_vault/github/auth_backend.py +19 -14
- pulumi_vault/github/outputs.py +5 -0
- pulumi_vault/github/team.py +16 -11
- pulumi_vault/github/user.py +16 -11
- pulumi_vault/identity/entity.py +20 -13
- pulumi_vault/identity/entity_alias.py +20 -13
- pulumi_vault/identity/entity_policies.py +28 -11
- pulumi_vault/identity/get_entity.py +42 -10
- pulumi_vault/identity/get_group.py +47 -9
- pulumi_vault/identity/get_oidc_client_creds.py +21 -7
- pulumi_vault/identity/get_oidc_openid_config.py +39 -9
- pulumi_vault/identity/get_oidc_public_keys.py +29 -10
- pulumi_vault/identity/group.py +58 -39
- pulumi_vault/identity/group_alias.py +16 -9
- pulumi_vault/identity/group_member_entity_ids.py +28 -66
- pulumi_vault/identity/group_member_group_ids.py +40 -19
- pulumi_vault/identity/group_policies.py +20 -7
- pulumi_vault/identity/mfa_duo.py +11 -6
- pulumi_vault/identity/mfa_login_enforcement.py +15 -6
- pulumi_vault/identity/mfa_okta.py +11 -6
- pulumi_vault/identity/mfa_pingid.py +7 -2
- pulumi_vault/identity/mfa_totp.py +7 -2
- pulumi_vault/identity/oidc.py +12 -7
- pulumi_vault/identity/oidc_assignment.py +24 -11
- pulumi_vault/identity/oidc_client.py +36 -23
- pulumi_vault/identity/oidc_key.py +30 -17
- pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -15
- pulumi_vault/identity/oidc_provider.py +36 -21
- pulumi_vault/identity/oidc_role.py +42 -21
- pulumi_vault/identity/oidc_scope.py +20 -13
- pulumi_vault/identity/outputs.py +8 -3
- pulumi_vault/jwt/_inputs.py +55 -0
- pulumi_vault/jwt/auth_backend.py +45 -40
- pulumi_vault/jwt/auth_backend_role.py +133 -254
- pulumi_vault/jwt/outputs.py +5 -0
- pulumi_vault/kmip/secret_backend.py +24 -19
- pulumi_vault/kmip/secret_role.py +14 -9
- pulumi_vault/kmip/secret_scope.py +14 -9
- pulumi_vault/kubernetes/auth_backend_config.py +57 -5
- pulumi_vault/kubernetes/auth_backend_role.py +70 -177
- pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
- pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
- pulumi_vault/kubernetes/get_service_account_token.py +39 -11
- pulumi_vault/kubernetes/secret_backend.py +316 -27
- pulumi_vault/kubernetes/secret_backend_role.py +137 -46
- pulumi_vault/kv/_inputs.py +36 -4
- pulumi_vault/kv/get_secret.py +25 -8
- pulumi_vault/kv/get_secret_subkeys_v2.py +33 -10
- pulumi_vault/kv/get_secret_v2.py +85 -9
- pulumi_vault/kv/get_secrets_list.py +24 -11
- pulumi_vault/kv/get_secrets_list_v2.py +37 -15
- pulumi_vault/kv/outputs.py +8 -3
- pulumi_vault/kv/secret.py +23 -16
- pulumi_vault/kv/secret_backend_v2.py +20 -11
- pulumi_vault/kv/secret_v2.py +59 -50
- pulumi_vault/ldap/auth_backend.py +127 -166
- pulumi_vault/ldap/auth_backend_group.py +14 -9
- pulumi_vault/ldap/auth_backend_user.py +14 -9
- pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
- pulumi_vault/ldap/get_static_credentials.py +24 -5
- pulumi_vault/ldap/secret_backend.py +354 -82
- pulumi_vault/ldap/secret_backend_dynamic_role.py +18 -11
- pulumi_vault/ldap/secret_backend_library_set.py +16 -9
- pulumi_vault/ldap/secret_backend_static_role.py +73 -12
- pulumi_vault/managed/_inputs.py +289 -132
- pulumi_vault/managed/keys.py +29 -57
- pulumi_vault/managed/outputs.py +89 -132
- pulumi_vault/mfa_duo.py +18 -11
- pulumi_vault/mfa_okta.py +18 -11
- pulumi_vault/mfa_pingid.py +18 -11
- pulumi_vault/mfa_totp.py +24 -17
- pulumi_vault/mongodbatlas/secret_backend.py +20 -15
- pulumi_vault/mongodbatlas/secret_role.py +47 -38
- pulumi_vault/mount.py +391 -51
- pulumi_vault/namespace.py +68 -83
- pulumi_vault/nomad_secret_backend.py +18 -13
- pulumi_vault/nomad_secret_role.py +14 -9
- pulumi_vault/okta/_inputs.py +47 -8
- pulumi_vault/okta/auth_backend.py +485 -39
- pulumi_vault/okta/auth_backend_group.py +14 -9
- pulumi_vault/okta/auth_backend_user.py +14 -9
- pulumi_vault/okta/outputs.py +13 -8
- pulumi_vault/outputs.py +5 -0
- pulumi_vault/password_policy.py +20 -13
- pulumi_vault/pkisecret/__init__.py +3 -0
- pulumi_vault/pkisecret/_inputs.py +81 -0
- pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
- pulumi_vault/pkisecret/backend_config_est.py +619 -0
- pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
- pulumi_vault/pkisecret/get_backend_issuer.py +67 -9
- pulumi_vault/pkisecret/get_backend_issuers.py +21 -8
- pulumi_vault/pkisecret/get_backend_key.py +24 -9
- pulumi_vault/pkisecret/get_backend_keys.py +21 -8
- pulumi_vault/pkisecret/outputs.py +69 -0
- pulumi_vault/pkisecret/secret_backend_cert.py +18 -11
- pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -11
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +14 -9
- pulumi_vault/pkisecret/secret_backend_config_urls.py +67 -11
- pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -9
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -11
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -17
- pulumi_vault/pkisecret/secret_backend_issuer.py +14 -9
- pulumi_vault/pkisecret/secret_backend_key.py +14 -9
- pulumi_vault/pkisecret/secret_backend_role.py +21 -14
- pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -48
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -56
- pulumi_vault/pkisecret/secret_backend_sign.py +18 -54
- pulumi_vault/plugin.py +595 -0
- pulumi_vault/plugin_pinned_version.py +298 -0
- pulumi_vault/policy.py +14 -9
- pulumi_vault/provider.py +48 -53
- pulumi_vault/pulumi-plugin.json +2 -1
- pulumi_vault/quota_lease_count.py +60 -6
- pulumi_vault/quota_rate_limit.py +56 -2
- pulumi_vault/rabbitmq/_inputs.py +61 -0
- pulumi_vault/rabbitmq/outputs.py +5 -0
- pulumi_vault/rabbitmq/secret_backend.py +18 -13
- pulumi_vault/rabbitmq/secret_backend_role.py +54 -47
- pulumi_vault/raft_autopilot.py +14 -9
- pulumi_vault/raft_snapshot_agent_config.py +129 -224
- pulumi_vault/rgp_policy.py +14 -9
- pulumi_vault/saml/auth_backend.py +22 -17
- pulumi_vault/saml/auth_backend_role.py +92 -197
- pulumi_vault/secrets/__init__.py +3 -0
- pulumi_vault/secrets/_inputs.py +110 -0
- pulumi_vault/secrets/outputs.py +94 -0
- pulumi_vault/secrets/sync_association.py +56 -71
- pulumi_vault/secrets/sync_aws_destination.py +242 -27
- pulumi_vault/secrets/sync_azure_destination.py +92 -31
- pulumi_vault/secrets/sync_config.py +9 -4
- pulumi_vault/secrets/sync_gcp_destination.py +158 -25
- pulumi_vault/secrets/sync_gh_destination.py +189 -13
- pulumi_vault/secrets/sync_github_apps.py +375 -0
- pulumi_vault/secrets/sync_vercel_destination.py +74 -13
- pulumi_vault/ssh/_inputs.py +28 -28
- pulumi_vault/ssh/outputs.py +11 -28
- pulumi_vault/ssh/secret_backend_ca.py +108 -9
- pulumi_vault/ssh/secret_backend_role.py +85 -118
- pulumi_vault/terraformcloud/secret_backend.py +7 -54
- pulumi_vault/terraformcloud/secret_creds.py +14 -20
- pulumi_vault/terraformcloud/secret_role.py +16 -74
- pulumi_vault/token.py +28 -23
- pulumi_vault/tokenauth/auth_backend_role.py +78 -199
- pulumi_vault/transform/alphabet.py +16 -9
- pulumi_vault/transform/get_decode.py +45 -17
- pulumi_vault/transform/get_encode.py +45 -17
- pulumi_vault/transform/role.py +16 -9
- pulumi_vault/transform/template.py +30 -21
- pulumi_vault/transform/transformation.py +12 -7
- pulumi_vault/transit/get_decrypt.py +26 -21
- pulumi_vault/transit/get_encrypt.py +24 -19
- pulumi_vault/transit/secret_backend_key.py +27 -93
- pulumi_vault/transit/secret_cache_config.py +12 -7
- {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/METADATA +8 -7
- pulumi_vault-6.5.0a1736836139.dist-info/RECORD +256 -0
- {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/WHEEL +1 -1
- pulumi_vault-5.21.0a1709368526.dist-info/RECORD +0 -244
- {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/top_level.txt +0 -0
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
|
12
17
|
__all__ = ['SecretRoleArgs', 'SecretRole']
|
@@ -28,20 +33,20 @@ class SecretRoleArgs:
|
|
28
33
|
"""
|
29
34
|
The set of arguments for constructing a SecretRole resource.
|
30
35
|
:param pulumi.Input[str] mount: Path where the MongoDB Atlas Secrets Engine is mounted.
|
31
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] roles: List of roles that the API Key needs to have.
|
36
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] roles: List of roles that the API Key needs to have. Possible values are `ORG_OWNER`, `ORG_MEMBER`, `ORG_GROUP_CREATOR`, `ORG_BILLING_ADMIN` and `ORG_READ_ONLY`.
|
32
37
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] cidr_blocks: Whitelist entry in CIDR notation to be added for the API key.
|
33
38
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] ip_addresses: IP address to be added to the whitelist for the API key.
|
34
39
|
:param pulumi.Input[str] max_ttl: The maximum allowed lifetime of credentials issued using this role.
|
35
40
|
:param pulumi.Input[str] name: The name of the role.
|
36
41
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
37
42
|
The value should not contain leading or trailing forward slashes.
|
38
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
43
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
39
44
|
*Available only for Vault Enterprise*.
|
40
45
|
:param pulumi.Input[str] organization_id: Unique identifier for the organization to which the target API Key belongs.
|
41
46
|
Required if `project_id` is not set.
|
42
47
|
:param pulumi.Input[str] project_id: Unique identifier for the project to which the target API Key belongs.
|
43
|
-
Required if `organization_id is
|
44
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] project_roles: Roles assigned when an org API key is assigned to a project API key.
|
48
|
+
Required if `organization_id` is not set.
|
49
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] project_roles: Roles assigned when an org API key is assigned to a project API key. Possible values are `GROUP_CLUSTER_MANAGER`, `GROUP_DATA_ACCESS_ADMIN`, `GROUP_DATA_ACCESS_READ_ONLY`, `GROUP_DATA_ACCESS_READ_WRITE`, `GROUP_OWNER` and `GROUP_READ_ONLY`.
|
45
50
|
:param pulumi.Input[str] ttl: Duration in seconds after which the issued credential should expire.
|
46
51
|
"""
|
47
52
|
pulumi.set(__self__, "mount", mount)
|
@@ -81,7 +86,7 @@ class SecretRoleArgs:
|
|
81
86
|
@pulumi.getter
|
82
87
|
def roles(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]:
|
83
88
|
"""
|
84
|
-
List of roles that the API Key needs to have.
|
89
|
+
List of roles that the API Key needs to have. Possible values are `ORG_OWNER`, `ORG_MEMBER`, `ORG_GROUP_CREATOR`, `ORG_BILLING_ADMIN` and `ORG_READ_ONLY`.
|
85
90
|
"""
|
86
91
|
return pulumi.get(self, "roles")
|
87
92
|
|
@@ -143,7 +148,7 @@ class SecretRoleArgs:
|
|
143
148
|
"""
|
144
149
|
The namespace to provision the resource in.
|
145
150
|
The value should not contain leading or trailing forward slashes.
|
146
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
151
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
147
152
|
*Available only for Vault Enterprise*.
|
148
153
|
"""
|
149
154
|
return pulumi.get(self, "namespace")
|
@@ -170,7 +175,7 @@ class SecretRoleArgs:
|
|
170
175
|
def project_id(self) -> Optional[pulumi.Input[str]]:
|
171
176
|
"""
|
172
177
|
Unique identifier for the project to which the target API Key belongs.
|
173
|
-
Required if `organization_id is
|
178
|
+
Required if `organization_id` is not set.
|
174
179
|
"""
|
175
180
|
return pulumi.get(self, "project_id")
|
176
181
|
|
@@ -182,7 +187,7 @@ class SecretRoleArgs:
|
|
182
187
|
@pulumi.getter(name="projectRoles")
|
183
188
|
def project_roles(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
184
189
|
"""
|
185
|
-
Roles assigned when an org API key is assigned to a project API key.
|
190
|
+
Roles assigned when an org API key is assigned to a project API key. Possible values are `GROUP_CLUSTER_MANAGER`, `GROUP_DATA_ACCESS_ADMIN`, `GROUP_DATA_ACCESS_READ_ONLY`, `GROUP_DATA_ACCESS_READ_WRITE`, `GROUP_OWNER` and `GROUP_READ_ONLY`.
|
186
191
|
"""
|
187
192
|
return pulumi.get(self, "project_roles")
|
188
193
|
|
@@ -226,14 +231,14 @@ class _SecretRoleState:
|
|
226
231
|
:param pulumi.Input[str] name: The name of the role.
|
227
232
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
228
233
|
The value should not contain leading or trailing forward slashes.
|
229
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
234
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
230
235
|
*Available only for Vault Enterprise*.
|
231
236
|
:param pulumi.Input[str] organization_id: Unique identifier for the organization to which the target API Key belongs.
|
232
237
|
Required if `project_id` is not set.
|
233
238
|
:param pulumi.Input[str] project_id: Unique identifier for the project to which the target API Key belongs.
|
234
|
-
Required if `organization_id is
|
235
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] project_roles: Roles assigned when an org API key is assigned to a project API key.
|
236
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] roles: List of roles that the API Key needs to have.
|
239
|
+
Required if `organization_id` is not set.
|
240
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] project_roles: Roles assigned when an org API key is assigned to a project API key. Possible values are `GROUP_CLUSTER_MANAGER`, `GROUP_DATA_ACCESS_ADMIN`, `GROUP_DATA_ACCESS_READ_ONLY`, `GROUP_DATA_ACCESS_READ_WRITE`, `GROUP_OWNER` and `GROUP_READ_ONLY`.
|
241
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] roles: List of roles that the API Key needs to have. Possible values are `ORG_OWNER`, `ORG_MEMBER`, `ORG_GROUP_CREATOR`, `ORG_BILLING_ADMIN` and `ORG_READ_ONLY`.
|
237
242
|
:param pulumi.Input[str] ttl: Duration in seconds after which the issued credential should expire.
|
238
243
|
"""
|
239
244
|
if cidr_blocks is not None:
|
@@ -325,7 +330,7 @@ class _SecretRoleState:
|
|
325
330
|
"""
|
326
331
|
The namespace to provision the resource in.
|
327
332
|
The value should not contain leading or trailing forward slashes.
|
328
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
333
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
329
334
|
*Available only for Vault Enterprise*.
|
330
335
|
"""
|
331
336
|
return pulumi.get(self, "namespace")
|
@@ -352,7 +357,7 @@ class _SecretRoleState:
|
|
352
357
|
def project_id(self) -> Optional[pulumi.Input[str]]:
|
353
358
|
"""
|
354
359
|
Unique identifier for the project to which the target API Key belongs.
|
355
|
-
Required if `organization_id is
|
360
|
+
Required if `organization_id` is not set.
|
356
361
|
"""
|
357
362
|
return pulumi.get(self, "project_id")
|
358
363
|
|
@@ -364,7 +369,7 @@ class _SecretRoleState:
|
|
364
369
|
@pulumi.getter(name="projectRoles")
|
365
370
|
def project_roles(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
366
371
|
"""
|
367
|
-
Roles assigned when an org API key is assigned to a project API key.
|
372
|
+
Roles assigned when an org API key is assigned to a project API key. Possible values are `GROUP_CLUSTER_MANAGER`, `GROUP_DATA_ACCESS_ADMIN`, `GROUP_DATA_ACCESS_READ_ONLY`, `GROUP_DATA_ACCESS_READ_WRITE`, `GROUP_OWNER` and `GROUP_READ_ONLY`.
|
368
373
|
"""
|
369
374
|
return pulumi.get(self, "project_roles")
|
370
375
|
|
@@ -376,7 +381,7 @@ class _SecretRoleState:
|
|
376
381
|
@pulumi.getter
|
377
382
|
def roles(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
378
383
|
"""
|
379
|
-
List of roles that the API Key needs to have.
|
384
|
+
List of roles that the API Key needs to have. Possible values are `ORG_OWNER`, `ORG_MEMBER`, `ORG_GROUP_CREATOR`, `ORG_BILLING_ADMIN` and `ORG_READ_ONLY`.
|
380
385
|
"""
|
381
386
|
return pulumi.get(self, "roles")
|
382
387
|
|
@@ -426,27 +431,29 @@ class SecretRole(pulumi.CustomResource):
|
|
426
431
|
type="mongodbatlas",
|
427
432
|
description="MongoDB Atlas secret engine mount")
|
428
433
|
config = vault.mongodbatlas.SecretBackend("config",
|
429
|
-
mount=
|
434
|
+
mount=mongo.path,
|
430
435
|
private_key="privateKey",
|
431
436
|
public_key="publicKey")
|
432
437
|
role = vault.mongodbatlas.SecretRole("role",
|
433
438
|
mount=mongo.path,
|
439
|
+
name="tf-test-role",
|
434
440
|
organization_id="7cf5a45a9ccf6400e60981b7",
|
435
441
|
project_id="5cf5a45a9ccf6400e60981b6",
|
436
|
-
roles="ORG_READ_ONLY",
|
442
|
+
roles=["ORG_READ_ONLY"],
|
437
443
|
ip_addresses="192.168.1.5, 192.168.1.6",
|
438
444
|
cidr_blocks="192.168.1.3/35",
|
439
|
-
project_roles="GROUP_READ_ONLY",
|
445
|
+
project_roles=["GROUP_READ_ONLY"],
|
440
446
|
ttl="60",
|
441
447
|
max_ttl="120")
|
442
448
|
```
|
443
449
|
|
444
450
|
## Import
|
445
451
|
|
446
|
-
The MongoDB Atlas secret role can be imported using the full path to the role
|
452
|
+
The MongoDB Atlas secret role can be imported using the full path to the role
|
453
|
+
of the form: `<mount_path>/roles/<role_name>` e.g.
|
447
454
|
|
448
455
|
```sh
|
449
|
-
|
456
|
+
$ pulumi import vault:mongodbatlas/secretRole:SecretRole example mongodbatlas/roles/example-role
|
450
457
|
```
|
451
458
|
|
452
459
|
:param str resource_name: The name of the resource.
|
@@ -458,14 +465,14 @@ class SecretRole(pulumi.CustomResource):
|
|
458
465
|
:param pulumi.Input[str] name: The name of the role.
|
459
466
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
460
467
|
The value should not contain leading or trailing forward slashes.
|
461
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
468
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
462
469
|
*Available only for Vault Enterprise*.
|
463
470
|
:param pulumi.Input[str] organization_id: Unique identifier for the organization to which the target API Key belongs.
|
464
471
|
Required if `project_id` is not set.
|
465
472
|
:param pulumi.Input[str] project_id: Unique identifier for the project to which the target API Key belongs.
|
466
|
-
Required if `organization_id is
|
467
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] project_roles: Roles assigned when an org API key is assigned to a project API key.
|
468
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] roles: List of roles that the API Key needs to have.
|
473
|
+
Required if `organization_id` is not set.
|
474
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] project_roles: Roles assigned when an org API key is assigned to a project API key. Possible values are `GROUP_CLUSTER_MANAGER`, `GROUP_DATA_ACCESS_ADMIN`, `GROUP_DATA_ACCESS_READ_ONLY`, `GROUP_DATA_ACCESS_READ_WRITE`, `GROUP_OWNER` and `GROUP_READ_ONLY`.
|
475
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] roles: List of roles that the API Key needs to have. Possible values are `ORG_OWNER`, `ORG_MEMBER`, `ORG_GROUP_CREATOR`, `ORG_BILLING_ADMIN` and `ORG_READ_ONLY`.
|
469
476
|
:param pulumi.Input[str] ttl: Duration in seconds after which the issued credential should expire.
|
470
477
|
"""
|
471
478
|
...
|
@@ -486,27 +493,29 @@ class SecretRole(pulumi.CustomResource):
|
|
486
493
|
type="mongodbatlas",
|
487
494
|
description="MongoDB Atlas secret engine mount")
|
488
495
|
config = vault.mongodbatlas.SecretBackend("config",
|
489
|
-
mount=
|
496
|
+
mount=mongo.path,
|
490
497
|
private_key="privateKey",
|
491
498
|
public_key="publicKey")
|
492
499
|
role = vault.mongodbatlas.SecretRole("role",
|
493
500
|
mount=mongo.path,
|
501
|
+
name="tf-test-role",
|
494
502
|
organization_id="7cf5a45a9ccf6400e60981b7",
|
495
503
|
project_id="5cf5a45a9ccf6400e60981b6",
|
496
|
-
roles="ORG_READ_ONLY",
|
504
|
+
roles=["ORG_READ_ONLY"],
|
497
505
|
ip_addresses="192.168.1.5, 192.168.1.6",
|
498
506
|
cidr_blocks="192.168.1.3/35",
|
499
|
-
project_roles="GROUP_READ_ONLY",
|
507
|
+
project_roles=["GROUP_READ_ONLY"],
|
500
508
|
ttl="60",
|
501
509
|
max_ttl="120")
|
502
510
|
```
|
503
511
|
|
504
512
|
## Import
|
505
513
|
|
506
|
-
The MongoDB Atlas secret role can be imported using the full path to the role
|
514
|
+
The MongoDB Atlas secret role can be imported using the full path to the role
|
515
|
+
of the form: `<mount_path>/roles/<role_name>` e.g.
|
507
516
|
|
508
517
|
```sh
|
509
|
-
|
518
|
+
$ pulumi import vault:mongodbatlas/secretRole:SecretRole example mongodbatlas/roles/example-role
|
510
519
|
```
|
511
520
|
|
512
521
|
:param str resource_name: The name of the resource.
|
@@ -594,14 +603,14 @@ class SecretRole(pulumi.CustomResource):
|
|
594
603
|
:param pulumi.Input[str] name: The name of the role.
|
595
604
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
596
605
|
The value should not contain leading or trailing forward slashes.
|
597
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
606
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
598
607
|
*Available only for Vault Enterprise*.
|
599
608
|
:param pulumi.Input[str] organization_id: Unique identifier for the organization to which the target API Key belongs.
|
600
609
|
Required if `project_id` is not set.
|
601
610
|
:param pulumi.Input[str] project_id: Unique identifier for the project to which the target API Key belongs.
|
602
|
-
Required if `organization_id is
|
603
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] project_roles: Roles assigned when an org API key is assigned to a project API key.
|
604
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] roles: List of roles that the API Key needs to have.
|
611
|
+
Required if `organization_id` is not set.
|
612
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] project_roles: Roles assigned when an org API key is assigned to a project API key. Possible values are `GROUP_CLUSTER_MANAGER`, `GROUP_DATA_ACCESS_ADMIN`, `GROUP_DATA_ACCESS_READ_ONLY`, `GROUP_DATA_ACCESS_READ_WRITE`, `GROUP_OWNER` and `GROUP_READ_ONLY`.
|
613
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] roles: List of roles that the API Key needs to have. Possible values are `ORG_OWNER`, `ORG_MEMBER`, `ORG_GROUP_CREATOR`, `ORG_BILLING_ADMIN` and `ORG_READ_ONLY`.
|
605
614
|
:param pulumi.Input[str] ttl: Duration in seconds after which the issued credential should expire.
|
606
615
|
"""
|
607
616
|
opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
|
@@ -667,7 +676,7 @@ class SecretRole(pulumi.CustomResource):
|
|
667
676
|
"""
|
668
677
|
The namespace to provision the resource in.
|
669
678
|
The value should not contain leading or trailing forward slashes.
|
670
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
679
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
671
680
|
*Available only for Vault Enterprise*.
|
672
681
|
"""
|
673
682
|
return pulumi.get(self, "namespace")
|
@@ -686,7 +695,7 @@ class SecretRole(pulumi.CustomResource):
|
|
686
695
|
def project_id(self) -> pulumi.Output[Optional[str]]:
|
687
696
|
"""
|
688
697
|
Unique identifier for the project to which the target API Key belongs.
|
689
|
-
Required if `organization_id is
|
698
|
+
Required if `organization_id` is not set.
|
690
699
|
"""
|
691
700
|
return pulumi.get(self, "project_id")
|
692
701
|
|
@@ -694,7 +703,7 @@ class SecretRole(pulumi.CustomResource):
|
|
694
703
|
@pulumi.getter(name="projectRoles")
|
695
704
|
def project_roles(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
696
705
|
"""
|
697
|
-
Roles assigned when an org API key is assigned to a project API key.
|
706
|
+
Roles assigned when an org API key is assigned to a project API key. Possible values are `GROUP_CLUSTER_MANAGER`, `GROUP_DATA_ACCESS_ADMIN`, `GROUP_DATA_ACCESS_READ_ONLY`, `GROUP_DATA_ACCESS_READ_WRITE`, `GROUP_OWNER` and `GROUP_READ_ONLY`.
|
698
707
|
"""
|
699
708
|
return pulumi.get(self, "project_roles")
|
700
709
|
|
@@ -702,7 +711,7 @@ class SecretRole(pulumi.CustomResource):
|
|
702
711
|
@pulumi.getter
|
703
712
|
def roles(self) -> pulumi.Output[Sequence[str]]:
|
704
713
|
"""
|
705
|
-
List of roles that the API Key needs to have.
|
714
|
+
List of roles that the API Key needs to have. Possible values are `ORG_OWNER`, `ORG_MEMBER`, `ORG_GROUP_CREATOR`, `ORG_BILLING_ADMIN` and `ORG_READ_ONLY`.
|
706
715
|
"""
|
707
716
|
return pulumi.get(self, "roles")
|
708
717
|
|