pulumi-vault 5.21.0a1709368526__py3-none-any.whl → 6.5.0a1736836139__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +52 -0
- pulumi_vault/_inputs.py +560 -0
- pulumi_vault/_utilities.py +41 -5
- pulumi_vault/ad/get_access_credentials.py +26 -9
- pulumi_vault/ad/secret_backend.py +16 -142
- pulumi_vault/ad/secret_library.py +16 -9
- pulumi_vault/ad/secret_role.py +14 -9
- pulumi_vault/alicloud/auth_backend_role.py +76 -190
- pulumi_vault/approle/auth_backend_login.py +12 -7
- pulumi_vault/approle/auth_backend_role.py +77 -191
- pulumi_vault/approle/auth_backend_role_secret_id.py +106 -7
- pulumi_vault/approle/get_auth_backend_role_id.py +18 -5
- pulumi_vault/audit.py +30 -21
- pulumi_vault/audit_request_header.py +11 -2
- pulumi_vault/auth_backend.py +66 -14
- pulumi_vault/aws/auth_backend_cert.py +18 -9
- pulumi_vault/aws/auth_backend_client.py +267 -22
- pulumi_vault/aws/auth_backend_config_identity.py +14 -9
- pulumi_vault/aws/auth_backend_identity_whitelist.py +20 -15
- pulumi_vault/aws/auth_backend_login.py +19 -22
- pulumi_vault/aws/auth_backend_role.py +77 -191
- pulumi_vault/aws/auth_backend_role_tag.py +12 -7
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -13
- pulumi_vault/aws/auth_backend_sts_role.py +14 -9
- pulumi_vault/aws/get_access_credentials.py +38 -9
- pulumi_vault/aws/get_static_access_credentials.py +19 -5
- pulumi_vault/aws/secret_backend.py +77 -9
- pulumi_vault/aws/secret_backend_role.py +185 -9
- pulumi_vault/aws/secret_backend_static_role.py +20 -11
- pulumi_vault/azure/_inputs.py +24 -0
- pulumi_vault/azure/auth_backend_config.py +153 -15
- pulumi_vault/azure/auth_backend_role.py +77 -191
- pulumi_vault/azure/backend.py +227 -21
- pulumi_vault/azure/backend_role.py +42 -37
- pulumi_vault/azure/get_access_credentials.py +41 -7
- pulumi_vault/azure/outputs.py +5 -0
- pulumi_vault/cert_auth_backend_role.py +87 -267
- pulumi_vault/config/__init__.pyi +5 -0
- pulumi_vault/config/_inputs.py +73 -0
- pulumi_vault/config/outputs.py +35 -0
- pulumi_vault/config/ui_custom_message.py +529 -0
- pulumi_vault/config/vars.py +5 -0
- pulumi_vault/consul/secret_backend.py +28 -19
- pulumi_vault/consul/secret_backend_role.py +18 -78
- pulumi_vault/database/_inputs.py +2770 -881
- pulumi_vault/database/outputs.py +721 -838
- pulumi_vault/database/secret_backend_connection.py +119 -112
- pulumi_vault/database/secret_backend_role.py +31 -22
- pulumi_vault/database/secret_backend_static_role.py +87 -13
- pulumi_vault/database/secrets_mount.py +427 -136
- pulumi_vault/egp_policy.py +16 -11
- pulumi_vault/gcp/_inputs.py +111 -0
- pulumi_vault/gcp/auth_backend.py +250 -33
- pulumi_vault/gcp/auth_backend_role.py +77 -269
- pulumi_vault/gcp/get_auth_backend_role.py +43 -5
- pulumi_vault/gcp/outputs.py +5 -0
- pulumi_vault/gcp/secret_backend.py +287 -12
- pulumi_vault/gcp/secret_impersonated_account.py +76 -15
- pulumi_vault/gcp/secret_roleset.py +31 -24
- pulumi_vault/gcp/secret_static_account.py +39 -32
- pulumi_vault/generic/endpoint.py +24 -17
- pulumi_vault/generic/get_secret.py +64 -8
- pulumi_vault/generic/secret.py +21 -16
- pulumi_vault/get_auth_backend.py +24 -7
- pulumi_vault/get_auth_backends.py +51 -9
- pulumi_vault/get_namespace.py +226 -0
- pulumi_vault/get_namespaces.py +153 -0
- pulumi_vault/get_nomad_access_token.py +31 -11
- pulumi_vault/get_policy_document.py +34 -19
- pulumi_vault/get_raft_autopilot_state.py +29 -10
- pulumi_vault/github/_inputs.py +55 -0
- pulumi_vault/github/auth_backend.py +19 -14
- pulumi_vault/github/outputs.py +5 -0
- pulumi_vault/github/team.py +16 -11
- pulumi_vault/github/user.py +16 -11
- pulumi_vault/identity/entity.py +20 -13
- pulumi_vault/identity/entity_alias.py +20 -13
- pulumi_vault/identity/entity_policies.py +28 -11
- pulumi_vault/identity/get_entity.py +42 -10
- pulumi_vault/identity/get_group.py +47 -9
- pulumi_vault/identity/get_oidc_client_creds.py +21 -7
- pulumi_vault/identity/get_oidc_openid_config.py +39 -9
- pulumi_vault/identity/get_oidc_public_keys.py +29 -10
- pulumi_vault/identity/group.py +58 -39
- pulumi_vault/identity/group_alias.py +16 -9
- pulumi_vault/identity/group_member_entity_ids.py +28 -66
- pulumi_vault/identity/group_member_group_ids.py +40 -19
- pulumi_vault/identity/group_policies.py +20 -7
- pulumi_vault/identity/mfa_duo.py +11 -6
- pulumi_vault/identity/mfa_login_enforcement.py +15 -6
- pulumi_vault/identity/mfa_okta.py +11 -6
- pulumi_vault/identity/mfa_pingid.py +7 -2
- pulumi_vault/identity/mfa_totp.py +7 -2
- pulumi_vault/identity/oidc.py +12 -7
- pulumi_vault/identity/oidc_assignment.py +24 -11
- pulumi_vault/identity/oidc_client.py +36 -23
- pulumi_vault/identity/oidc_key.py +30 -17
- pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -15
- pulumi_vault/identity/oidc_provider.py +36 -21
- pulumi_vault/identity/oidc_role.py +42 -21
- pulumi_vault/identity/oidc_scope.py +20 -13
- pulumi_vault/identity/outputs.py +8 -3
- pulumi_vault/jwt/_inputs.py +55 -0
- pulumi_vault/jwt/auth_backend.py +45 -40
- pulumi_vault/jwt/auth_backend_role.py +133 -254
- pulumi_vault/jwt/outputs.py +5 -0
- pulumi_vault/kmip/secret_backend.py +24 -19
- pulumi_vault/kmip/secret_role.py +14 -9
- pulumi_vault/kmip/secret_scope.py +14 -9
- pulumi_vault/kubernetes/auth_backend_config.py +57 -5
- pulumi_vault/kubernetes/auth_backend_role.py +70 -177
- pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
- pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
- pulumi_vault/kubernetes/get_service_account_token.py +39 -11
- pulumi_vault/kubernetes/secret_backend.py +316 -27
- pulumi_vault/kubernetes/secret_backend_role.py +137 -46
- pulumi_vault/kv/_inputs.py +36 -4
- pulumi_vault/kv/get_secret.py +25 -8
- pulumi_vault/kv/get_secret_subkeys_v2.py +33 -10
- pulumi_vault/kv/get_secret_v2.py +85 -9
- pulumi_vault/kv/get_secrets_list.py +24 -11
- pulumi_vault/kv/get_secrets_list_v2.py +37 -15
- pulumi_vault/kv/outputs.py +8 -3
- pulumi_vault/kv/secret.py +23 -16
- pulumi_vault/kv/secret_backend_v2.py +20 -11
- pulumi_vault/kv/secret_v2.py +59 -50
- pulumi_vault/ldap/auth_backend.py +127 -166
- pulumi_vault/ldap/auth_backend_group.py +14 -9
- pulumi_vault/ldap/auth_backend_user.py +14 -9
- pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
- pulumi_vault/ldap/get_static_credentials.py +24 -5
- pulumi_vault/ldap/secret_backend.py +354 -82
- pulumi_vault/ldap/secret_backend_dynamic_role.py +18 -11
- pulumi_vault/ldap/secret_backend_library_set.py +16 -9
- pulumi_vault/ldap/secret_backend_static_role.py +73 -12
- pulumi_vault/managed/_inputs.py +289 -132
- pulumi_vault/managed/keys.py +29 -57
- pulumi_vault/managed/outputs.py +89 -132
- pulumi_vault/mfa_duo.py +18 -11
- pulumi_vault/mfa_okta.py +18 -11
- pulumi_vault/mfa_pingid.py +18 -11
- pulumi_vault/mfa_totp.py +24 -17
- pulumi_vault/mongodbatlas/secret_backend.py +20 -15
- pulumi_vault/mongodbatlas/secret_role.py +47 -38
- pulumi_vault/mount.py +391 -51
- pulumi_vault/namespace.py +68 -83
- pulumi_vault/nomad_secret_backend.py +18 -13
- pulumi_vault/nomad_secret_role.py +14 -9
- pulumi_vault/okta/_inputs.py +47 -8
- pulumi_vault/okta/auth_backend.py +485 -39
- pulumi_vault/okta/auth_backend_group.py +14 -9
- pulumi_vault/okta/auth_backend_user.py +14 -9
- pulumi_vault/okta/outputs.py +13 -8
- pulumi_vault/outputs.py +5 -0
- pulumi_vault/password_policy.py +20 -13
- pulumi_vault/pkisecret/__init__.py +3 -0
- pulumi_vault/pkisecret/_inputs.py +81 -0
- pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
- pulumi_vault/pkisecret/backend_config_est.py +619 -0
- pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
- pulumi_vault/pkisecret/get_backend_issuer.py +67 -9
- pulumi_vault/pkisecret/get_backend_issuers.py +21 -8
- pulumi_vault/pkisecret/get_backend_key.py +24 -9
- pulumi_vault/pkisecret/get_backend_keys.py +21 -8
- pulumi_vault/pkisecret/outputs.py +69 -0
- pulumi_vault/pkisecret/secret_backend_cert.py +18 -11
- pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -11
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +14 -9
- pulumi_vault/pkisecret/secret_backend_config_urls.py +67 -11
- pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -9
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -11
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -17
- pulumi_vault/pkisecret/secret_backend_issuer.py +14 -9
- pulumi_vault/pkisecret/secret_backend_key.py +14 -9
- pulumi_vault/pkisecret/secret_backend_role.py +21 -14
- pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -48
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -56
- pulumi_vault/pkisecret/secret_backend_sign.py +18 -54
- pulumi_vault/plugin.py +595 -0
- pulumi_vault/plugin_pinned_version.py +298 -0
- pulumi_vault/policy.py +14 -9
- pulumi_vault/provider.py +48 -53
- pulumi_vault/pulumi-plugin.json +2 -1
- pulumi_vault/quota_lease_count.py +60 -6
- pulumi_vault/quota_rate_limit.py +56 -2
- pulumi_vault/rabbitmq/_inputs.py +61 -0
- pulumi_vault/rabbitmq/outputs.py +5 -0
- pulumi_vault/rabbitmq/secret_backend.py +18 -13
- pulumi_vault/rabbitmq/secret_backend_role.py +54 -47
- pulumi_vault/raft_autopilot.py +14 -9
- pulumi_vault/raft_snapshot_agent_config.py +129 -224
- pulumi_vault/rgp_policy.py +14 -9
- pulumi_vault/saml/auth_backend.py +22 -17
- pulumi_vault/saml/auth_backend_role.py +92 -197
- pulumi_vault/secrets/__init__.py +3 -0
- pulumi_vault/secrets/_inputs.py +110 -0
- pulumi_vault/secrets/outputs.py +94 -0
- pulumi_vault/secrets/sync_association.py +56 -71
- pulumi_vault/secrets/sync_aws_destination.py +242 -27
- pulumi_vault/secrets/sync_azure_destination.py +92 -31
- pulumi_vault/secrets/sync_config.py +9 -4
- pulumi_vault/secrets/sync_gcp_destination.py +158 -25
- pulumi_vault/secrets/sync_gh_destination.py +189 -13
- pulumi_vault/secrets/sync_github_apps.py +375 -0
- pulumi_vault/secrets/sync_vercel_destination.py +74 -13
- pulumi_vault/ssh/_inputs.py +28 -28
- pulumi_vault/ssh/outputs.py +11 -28
- pulumi_vault/ssh/secret_backend_ca.py +108 -9
- pulumi_vault/ssh/secret_backend_role.py +85 -118
- pulumi_vault/terraformcloud/secret_backend.py +7 -54
- pulumi_vault/terraformcloud/secret_creds.py +14 -20
- pulumi_vault/terraformcloud/secret_role.py +16 -74
- pulumi_vault/token.py +28 -23
- pulumi_vault/tokenauth/auth_backend_role.py +78 -199
- pulumi_vault/transform/alphabet.py +16 -9
- pulumi_vault/transform/get_decode.py +45 -17
- pulumi_vault/transform/get_encode.py +45 -17
- pulumi_vault/transform/role.py +16 -9
- pulumi_vault/transform/template.py +30 -21
- pulumi_vault/transform/transformation.py +12 -7
- pulumi_vault/transit/get_decrypt.py +26 -21
- pulumi_vault/transit/get_encrypt.py +24 -19
- pulumi_vault/transit/secret_backend_key.py +27 -93
- pulumi_vault/transit/secret_cache_config.py +12 -7
- {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/METADATA +8 -7
- pulumi_vault-6.5.0a1736836139.dist-info/RECORD +256 -0
- {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/WHEEL +1 -1
- pulumi_vault-5.21.0a1709368526.dist-info/RECORD +0 -244
- {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/top_level.txt +0 -0
pulumi_vault/mount.py
CHANGED
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from . import _utilities
|
11
16
|
|
12
17
|
__all__ = ['MountArgs', 'Mount']
|
@@ -17,49 +22,76 @@ class MountArgs:
|
|
17
22
|
path: pulumi.Input[str],
|
18
23
|
type: pulumi.Input[str],
|
19
24
|
allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
25
|
+
allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
20
26
|
audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
21
27
|
audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
22
28
|
default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
29
|
+
delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
23
30
|
description: Optional[pulumi.Input[str]] = None,
|
24
31
|
external_entropy_access: Optional[pulumi.Input[bool]] = None,
|
32
|
+
identity_token_key: Optional[pulumi.Input[str]] = None,
|
33
|
+
listing_visibility: Optional[pulumi.Input[str]] = None,
|
25
34
|
local: Optional[pulumi.Input[bool]] = None,
|
26
35
|
max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
27
36
|
namespace: Optional[pulumi.Input[str]] = None,
|
28
|
-
options: Optional[pulumi.Input[Mapping[str,
|
37
|
+
options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
38
|
+
passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
39
|
+
plugin_version: Optional[pulumi.Input[str]] = None,
|
29
40
|
seal_wrap: Optional[pulumi.Input[bool]] = None):
|
30
41
|
"""
|
31
42
|
The set of arguments for constructing a Mount resource.
|
32
43
|
:param pulumi.Input[str] path: Where the secret backend will be mounted
|
33
44
|
:param pulumi.Input[str] type: Type of the backend, such as "aws"
|
34
45
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_managed_keys: Set of managed key registry entry names that the mount in question is allowed to access
|
46
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_response_headers: List of headers to allow, allowing a plugin to include
|
47
|
+
them in the response.
|
35
48
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
|
36
49
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
|
37
50
|
:param pulumi.Input[int] default_lease_ttl_seconds: Default lease duration for tokens and secrets in seconds
|
51
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] delegated_auth_accessors: List of allowed authentication mount accessors the
|
52
|
+
backend can request delegated authentication for.
|
38
53
|
:param pulumi.Input[str] description: Human-friendly description of the mount
|
39
54
|
:param pulumi.Input[bool] external_entropy_access: Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source
|
55
|
+
:param pulumi.Input[str] identity_token_key: The key to use for signing plugin workload identity tokens. If
|
56
|
+
not provided, this will default to Vault's OIDC default key.
|
57
|
+
:param pulumi.Input[str] listing_visibility: Specifies whether to show this mount in the UI-specific
|
58
|
+
listing endpoint. Valid values are `unauth` or `hidden`. If not set, behaves like `hidden`.
|
40
59
|
:param pulumi.Input[bool] local: Boolean flag that can be explicitly set to true to enforce local mount in HA environment
|
41
60
|
:param pulumi.Input[int] max_lease_ttl_seconds: Maximum possible lease duration for tokens and secrets in seconds
|
42
61
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
43
62
|
The value should not contain leading or trailing forward slashes.
|
44
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
63
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
45
64
|
*Available only for Vault Enterprise*.
|
46
|
-
:param pulumi.Input[Mapping[str,
|
65
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] options: Specifies mount type specific options that are passed to the backend
|
66
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] passthrough_request_headers: List of headers to allow and pass from the request to
|
67
|
+
the plugin.
|
68
|
+
:param pulumi.Input[str] plugin_version: Specifies the semantic version of the plugin to use, e.g. "v1.0.0".
|
69
|
+
If unspecified, the server will select any matching unversioned plugin that may have been
|
70
|
+
registered, the latest versioned plugin registered, or a built-in plugin in that order of precedence.
|
47
71
|
:param pulumi.Input[bool] seal_wrap: Boolean flag that can be explicitly set to true to enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
|
48
72
|
"""
|
49
73
|
pulumi.set(__self__, "path", path)
|
50
74
|
pulumi.set(__self__, "type", type)
|
51
75
|
if allowed_managed_keys is not None:
|
52
76
|
pulumi.set(__self__, "allowed_managed_keys", allowed_managed_keys)
|
77
|
+
if allowed_response_headers is not None:
|
78
|
+
pulumi.set(__self__, "allowed_response_headers", allowed_response_headers)
|
53
79
|
if audit_non_hmac_request_keys is not None:
|
54
80
|
pulumi.set(__self__, "audit_non_hmac_request_keys", audit_non_hmac_request_keys)
|
55
81
|
if audit_non_hmac_response_keys is not None:
|
56
82
|
pulumi.set(__self__, "audit_non_hmac_response_keys", audit_non_hmac_response_keys)
|
57
83
|
if default_lease_ttl_seconds is not None:
|
58
84
|
pulumi.set(__self__, "default_lease_ttl_seconds", default_lease_ttl_seconds)
|
85
|
+
if delegated_auth_accessors is not None:
|
86
|
+
pulumi.set(__self__, "delegated_auth_accessors", delegated_auth_accessors)
|
59
87
|
if description is not None:
|
60
88
|
pulumi.set(__self__, "description", description)
|
61
89
|
if external_entropy_access is not None:
|
62
90
|
pulumi.set(__self__, "external_entropy_access", external_entropy_access)
|
91
|
+
if identity_token_key is not None:
|
92
|
+
pulumi.set(__self__, "identity_token_key", identity_token_key)
|
93
|
+
if listing_visibility is not None:
|
94
|
+
pulumi.set(__self__, "listing_visibility", listing_visibility)
|
63
95
|
if local is not None:
|
64
96
|
pulumi.set(__self__, "local", local)
|
65
97
|
if max_lease_ttl_seconds is not None:
|
@@ -68,6 +100,10 @@ class MountArgs:
|
|
68
100
|
pulumi.set(__self__, "namespace", namespace)
|
69
101
|
if options is not None:
|
70
102
|
pulumi.set(__self__, "options", options)
|
103
|
+
if passthrough_request_headers is not None:
|
104
|
+
pulumi.set(__self__, "passthrough_request_headers", passthrough_request_headers)
|
105
|
+
if plugin_version is not None:
|
106
|
+
pulumi.set(__self__, "plugin_version", plugin_version)
|
71
107
|
if seal_wrap is not None:
|
72
108
|
pulumi.set(__self__, "seal_wrap", seal_wrap)
|
73
109
|
|
@@ -107,6 +143,19 @@ class MountArgs:
|
|
107
143
|
def allowed_managed_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
108
144
|
pulumi.set(self, "allowed_managed_keys", value)
|
109
145
|
|
146
|
+
@property
|
147
|
+
@pulumi.getter(name="allowedResponseHeaders")
|
148
|
+
def allowed_response_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
149
|
+
"""
|
150
|
+
List of headers to allow, allowing a plugin to include
|
151
|
+
them in the response.
|
152
|
+
"""
|
153
|
+
return pulumi.get(self, "allowed_response_headers")
|
154
|
+
|
155
|
+
@allowed_response_headers.setter
|
156
|
+
def allowed_response_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
157
|
+
pulumi.set(self, "allowed_response_headers", value)
|
158
|
+
|
110
159
|
@property
|
111
160
|
@pulumi.getter(name="auditNonHmacRequestKeys")
|
112
161
|
def audit_non_hmac_request_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
@@ -143,6 +192,19 @@ class MountArgs:
|
|
143
192
|
def default_lease_ttl_seconds(self, value: Optional[pulumi.Input[int]]):
|
144
193
|
pulumi.set(self, "default_lease_ttl_seconds", value)
|
145
194
|
|
195
|
+
@property
|
196
|
+
@pulumi.getter(name="delegatedAuthAccessors")
|
197
|
+
def delegated_auth_accessors(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
198
|
+
"""
|
199
|
+
List of allowed authentication mount accessors the
|
200
|
+
backend can request delegated authentication for.
|
201
|
+
"""
|
202
|
+
return pulumi.get(self, "delegated_auth_accessors")
|
203
|
+
|
204
|
+
@delegated_auth_accessors.setter
|
205
|
+
def delegated_auth_accessors(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
206
|
+
pulumi.set(self, "delegated_auth_accessors", value)
|
207
|
+
|
146
208
|
@property
|
147
209
|
@pulumi.getter
|
148
210
|
def description(self) -> Optional[pulumi.Input[str]]:
|
@@ -167,6 +229,32 @@ class MountArgs:
|
|
167
229
|
def external_entropy_access(self, value: Optional[pulumi.Input[bool]]):
|
168
230
|
pulumi.set(self, "external_entropy_access", value)
|
169
231
|
|
232
|
+
@property
|
233
|
+
@pulumi.getter(name="identityTokenKey")
|
234
|
+
def identity_token_key(self) -> Optional[pulumi.Input[str]]:
|
235
|
+
"""
|
236
|
+
The key to use for signing plugin workload identity tokens. If
|
237
|
+
not provided, this will default to Vault's OIDC default key.
|
238
|
+
"""
|
239
|
+
return pulumi.get(self, "identity_token_key")
|
240
|
+
|
241
|
+
@identity_token_key.setter
|
242
|
+
def identity_token_key(self, value: Optional[pulumi.Input[str]]):
|
243
|
+
pulumi.set(self, "identity_token_key", value)
|
244
|
+
|
245
|
+
@property
|
246
|
+
@pulumi.getter(name="listingVisibility")
|
247
|
+
def listing_visibility(self) -> Optional[pulumi.Input[str]]:
|
248
|
+
"""
|
249
|
+
Specifies whether to show this mount in the UI-specific
|
250
|
+
listing endpoint. Valid values are `unauth` or `hidden`. If not set, behaves like `hidden`.
|
251
|
+
"""
|
252
|
+
return pulumi.get(self, "listing_visibility")
|
253
|
+
|
254
|
+
@listing_visibility.setter
|
255
|
+
def listing_visibility(self, value: Optional[pulumi.Input[str]]):
|
256
|
+
pulumi.set(self, "listing_visibility", value)
|
257
|
+
|
170
258
|
@property
|
171
259
|
@pulumi.getter
|
172
260
|
def local(self) -> Optional[pulumi.Input[bool]]:
|
@@ -197,7 +285,7 @@ class MountArgs:
|
|
197
285
|
"""
|
198
286
|
The namespace to provision the resource in.
|
199
287
|
The value should not contain leading or trailing forward slashes.
|
200
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
288
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
201
289
|
*Available only for Vault Enterprise*.
|
202
290
|
"""
|
203
291
|
return pulumi.get(self, "namespace")
|
@@ -208,16 +296,43 @@ class MountArgs:
|
|
208
296
|
|
209
297
|
@property
|
210
298
|
@pulumi.getter
|
211
|
-
def options(self) -> Optional[pulumi.Input[Mapping[str,
|
299
|
+
def options(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
|
212
300
|
"""
|
213
301
|
Specifies mount type specific options that are passed to the backend
|
214
302
|
"""
|
215
303
|
return pulumi.get(self, "options")
|
216
304
|
|
217
305
|
@options.setter
|
218
|
-
def options(self, value: Optional[pulumi.Input[Mapping[str,
|
306
|
+
def options(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
|
219
307
|
pulumi.set(self, "options", value)
|
220
308
|
|
309
|
+
@property
|
310
|
+
@pulumi.getter(name="passthroughRequestHeaders")
|
311
|
+
def passthrough_request_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
312
|
+
"""
|
313
|
+
List of headers to allow and pass from the request to
|
314
|
+
the plugin.
|
315
|
+
"""
|
316
|
+
return pulumi.get(self, "passthrough_request_headers")
|
317
|
+
|
318
|
+
@passthrough_request_headers.setter
|
319
|
+
def passthrough_request_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
320
|
+
pulumi.set(self, "passthrough_request_headers", value)
|
321
|
+
|
322
|
+
@property
|
323
|
+
@pulumi.getter(name="pluginVersion")
|
324
|
+
def plugin_version(self) -> Optional[pulumi.Input[str]]:
|
325
|
+
"""
|
326
|
+
Specifies the semantic version of the plugin to use, e.g. "v1.0.0".
|
327
|
+
If unspecified, the server will select any matching unversioned plugin that may have been
|
328
|
+
registered, the latest versioned plugin registered, or a built-in plugin in that order of precedence.
|
329
|
+
"""
|
330
|
+
return pulumi.get(self, "plugin_version")
|
331
|
+
|
332
|
+
@plugin_version.setter
|
333
|
+
def plugin_version(self, value: Optional[pulumi.Input[str]]):
|
334
|
+
pulumi.set(self, "plugin_version", value)
|
335
|
+
|
221
336
|
@property
|
222
337
|
@pulumi.getter(name="sealWrap")
|
223
338
|
def seal_wrap(self) -> Optional[pulumi.Input[bool]]:
|
@@ -236,35 +351,54 @@ class _MountState:
|
|
236
351
|
def __init__(__self__, *,
|
237
352
|
accessor: Optional[pulumi.Input[str]] = None,
|
238
353
|
allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
354
|
+
allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
239
355
|
audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
240
356
|
audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
241
357
|
default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
358
|
+
delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
242
359
|
description: Optional[pulumi.Input[str]] = None,
|
243
360
|
external_entropy_access: Optional[pulumi.Input[bool]] = None,
|
361
|
+
identity_token_key: Optional[pulumi.Input[str]] = None,
|
362
|
+
listing_visibility: Optional[pulumi.Input[str]] = None,
|
244
363
|
local: Optional[pulumi.Input[bool]] = None,
|
245
364
|
max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
246
365
|
namespace: Optional[pulumi.Input[str]] = None,
|
247
|
-
options: Optional[pulumi.Input[Mapping[str,
|
366
|
+
options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
367
|
+
passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
248
368
|
path: Optional[pulumi.Input[str]] = None,
|
369
|
+
plugin_version: Optional[pulumi.Input[str]] = None,
|
249
370
|
seal_wrap: Optional[pulumi.Input[bool]] = None,
|
250
371
|
type: Optional[pulumi.Input[str]] = None):
|
251
372
|
"""
|
252
373
|
Input properties used for looking up and filtering Mount resources.
|
253
374
|
:param pulumi.Input[str] accessor: The accessor for this mount.
|
254
375
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_managed_keys: Set of managed key registry entry names that the mount in question is allowed to access
|
376
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_response_headers: List of headers to allow, allowing a plugin to include
|
377
|
+
them in the response.
|
255
378
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
|
256
379
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
|
257
380
|
:param pulumi.Input[int] default_lease_ttl_seconds: Default lease duration for tokens and secrets in seconds
|
381
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] delegated_auth_accessors: List of allowed authentication mount accessors the
|
382
|
+
backend can request delegated authentication for.
|
258
383
|
:param pulumi.Input[str] description: Human-friendly description of the mount
|
259
384
|
:param pulumi.Input[bool] external_entropy_access: Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source
|
385
|
+
:param pulumi.Input[str] identity_token_key: The key to use for signing plugin workload identity tokens. If
|
386
|
+
not provided, this will default to Vault's OIDC default key.
|
387
|
+
:param pulumi.Input[str] listing_visibility: Specifies whether to show this mount in the UI-specific
|
388
|
+
listing endpoint. Valid values are `unauth` or `hidden`. If not set, behaves like `hidden`.
|
260
389
|
:param pulumi.Input[bool] local: Boolean flag that can be explicitly set to true to enforce local mount in HA environment
|
261
390
|
:param pulumi.Input[int] max_lease_ttl_seconds: Maximum possible lease duration for tokens and secrets in seconds
|
262
391
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
263
392
|
The value should not contain leading or trailing forward slashes.
|
264
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
393
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
265
394
|
*Available only for Vault Enterprise*.
|
266
|
-
:param pulumi.Input[Mapping[str,
|
395
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] options: Specifies mount type specific options that are passed to the backend
|
396
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] passthrough_request_headers: List of headers to allow and pass from the request to
|
397
|
+
the plugin.
|
267
398
|
:param pulumi.Input[str] path: Where the secret backend will be mounted
|
399
|
+
:param pulumi.Input[str] plugin_version: Specifies the semantic version of the plugin to use, e.g. "v1.0.0".
|
400
|
+
If unspecified, the server will select any matching unversioned plugin that may have been
|
401
|
+
registered, the latest versioned plugin registered, or a built-in plugin in that order of precedence.
|
268
402
|
:param pulumi.Input[bool] seal_wrap: Boolean flag that can be explicitly set to true to enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
|
269
403
|
:param pulumi.Input[str] type: Type of the backend, such as "aws"
|
270
404
|
"""
|
@@ -272,16 +406,24 @@ class _MountState:
|
|
272
406
|
pulumi.set(__self__, "accessor", accessor)
|
273
407
|
if allowed_managed_keys is not None:
|
274
408
|
pulumi.set(__self__, "allowed_managed_keys", allowed_managed_keys)
|
409
|
+
if allowed_response_headers is not None:
|
410
|
+
pulumi.set(__self__, "allowed_response_headers", allowed_response_headers)
|
275
411
|
if audit_non_hmac_request_keys is not None:
|
276
412
|
pulumi.set(__self__, "audit_non_hmac_request_keys", audit_non_hmac_request_keys)
|
277
413
|
if audit_non_hmac_response_keys is not None:
|
278
414
|
pulumi.set(__self__, "audit_non_hmac_response_keys", audit_non_hmac_response_keys)
|
279
415
|
if default_lease_ttl_seconds is not None:
|
280
416
|
pulumi.set(__self__, "default_lease_ttl_seconds", default_lease_ttl_seconds)
|
417
|
+
if delegated_auth_accessors is not None:
|
418
|
+
pulumi.set(__self__, "delegated_auth_accessors", delegated_auth_accessors)
|
281
419
|
if description is not None:
|
282
420
|
pulumi.set(__self__, "description", description)
|
283
421
|
if external_entropy_access is not None:
|
284
422
|
pulumi.set(__self__, "external_entropy_access", external_entropy_access)
|
423
|
+
if identity_token_key is not None:
|
424
|
+
pulumi.set(__self__, "identity_token_key", identity_token_key)
|
425
|
+
if listing_visibility is not None:
|
426
|
+
pulumi.set(__self__, "listing_visibility", listing_visibility)
|
285
427
|
if local is not None:
|
286
428
|
pulumi.set(__self__, "local", local)
|
287
429
|
if max_lease_ttl_seconds is not None:
|
@@ -290,8 +432,12 @@ class _MountState:
|
|
290
432
|
pulumi.set(__self__, "namespace", namespace)
|
291
433
|
if options is not None:
|
292
434
|
pulumi.set(__self__, "options", options)
|
435
|
+
if passthrough_request_headers is not None:
|
436
|
+
pulumi.set(__self__, "passthrough_request_headers", passthrough_request_headers)
|
293
437
|
if path is not None:
|
294
438
|
pulumi.set(__self__, "path", path)
|
439
|
+
if plugin_version is not None:
|
440
|
+
pulumi.set(__self__, "plugin_version", plugin_version)
|
295
441
|
if seal_wrap is not None:
|
296
442
|
pulumi.set(__self__, "seal_wrap", seal_wrap)
|
297
443
|
if type is not None:
|
@@ -321,6 +467,19 @@ class _MountState:
|
|
321
467
|
def allowed_managed_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
322
468
|
pulumi.set(self, "allowed_managed_keys", value)
|
323
469
|
|
470
|
+
@property
|
471
|
+
@pulumi.getter(name="allowedResponseHeaders")
|
472
|
+
def allowed_response_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
473
|
+
"""
|
474
|
+
List of headers to allow, allowing a plugin to include
|
475
|
+
them in the response.
|
476
|
+
"""
|
477
|
+
return pulumi.get(self, "allowed_response_headers")
|
478
|
+
|
479
|
+
@allowed_response_headers.setter
|
480
|
+
def allowed_response_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
481
|
+
pulumi.set(self, "allowed_response_headers", value)
|
482
|
+
|
324
483
|
@property
|
325
484
|
@pulumi.getter(name="auditNonHmacRequestKeys")
|
326
485
|
def audit_non_hmac_request_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
@@ -357,6 +516,19 @@ class _MountState:
|
|
357
516
|
def default_lease_ttl_seconds(self, value: Optional[pulumi.Input[int]]):
|
358
517
|
pulumi.set(self, "default_lease_ttl_seconds", value)
|
359
518
|
|
519
|
+
@property
|
520
|
+
@pulumi.getter(name="delegatedAuthAccessors")
|
521
|
+
def delegated_auth_accessors(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
522
|
+
"""
|
523
|
+
List of allowed authentication mount accessors the
|
524
|
+
backend can request delegated authentication for.
|
525
|
+
"""
|
526
|
+
return pulumi.get(self, "delegated_auth_accessors")
|
527
|
+
|
528
|
+
@delegated_auth_accessors.setter
|
529
|
+
def delegated_auth_accessors(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
530
|
+
pulumi.set(self, "delegated_auth_accessors", value)
|
531
|
+
|
360
532
|
@property
|
361
533
|
@pulumi.getter
|
362
534
|
def description(self) -> Optional[pulumi.Input[str]]:
|
@@ -381,6 +553,32 @@ class _MountState:
|
|
381
553
|
def external_entropy_access(self, value: Optional[pulumi.Input[bool]]):
|
382
554
|
pulumi.set(self, "external_entropy_access", value)
|
383
555
|
|
556
|
+
@property
|
557
|
+
@pulumi.getter(name="identityTokenKey")
|
558
|
+
def identity_token_key(self) -> Optional[pulumi.Input[str]]:
|
559
|
+
"""
|
560
|
+
The key to use for signing plugin workload identity tokens. If
|
561
|
+
not provided, this will default to Vault's OIDC default key.
|
562
|
+
"""
|
563
|
+
return pulumi.get(self, "identity_token_key")
|
564
|
+
|
565
|
+
@identity_token_key.setter
|
566
|
+
def identity_token_key(self, value: Optional[pulumi.Input[str]]):
|
567
|
+
pulumi.set(self, "identity_token_key", value)
|
568
|
+
|
569
|
+
@property
|
570
|
+
@pulumi.getter(name="listingVisibility")
|
571
|
+
def listing_visibility(self) -> Optional[pulumi.Input[str]]:
|
572
|
+
"""
|
573
|
+
Specifies whether to show this mount in the UI-specific
|
574
|
+
listing endpoint. Valid values are `unauth` or `hidden`. If not set, behaves like `hidden`.
|
575
|
+
"""
|
576
|
+
return pulumi.get(self, "listing_visibility")
|
577
|
+
|
578
|
+
@listing_visibility.setter
|
579
|
+
def listing_visibility(self, value: Optional[pulumi.Input[str]]):
|
580
|
+
pulumi.set(self, "listing_visibility", value)
|
581
|
+
|
384
582
|
@property
|
385
583
|
@pulumi.getter
|
386
584
|
def local(self) -> Optional[pulumi.Input[bool]]:
|
@@ -411,7 +609,7 @@ class _MountState:
|
|
411
609
|
"""
|
412
610
|
The namespace to provision the resource in.
|
413
611
|
The value should not contain leading or trailing forward slashes.
|
414
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
612
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
415
613
|
*Available only for Vault Enterprise*.
|
416
614
|
"""
|
417
615
|
return pulumi.get(self, "namespace")
|
@@ -422,16 +620,29 @@ class _MountState:
|
|
422
620
|
|
423
621
|
@property
|
424
622
|
@pulumi.getter
|
425
|
-
def options(self) -> Optional[pulumi.Input[Mapping[str,
|
623
|
+
def options(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
|
426
624
|
"""
|
427
625
|
Specifies mount type specific options that are passed to the backend
|
428
626
|
"""
|
429
627
|
return pulumi.get(self, "options")
|
430
628
|
|
431
629
|
@options.setter
|
432
|
-
def options(self, value: Optional[pulumi.Input[Mapping[str,
|
630
|
+
def options(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
|
433
631
|
pulumi.set(self, "options", value)
|
434
632
|
|
633
|
+
@property
|
634
|
+
@pulumi.getter(name="passthroughRequestHeaders")
|
635
|
+
def passthrough_request_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
636
|
+
"""
|
637
|
+
List of headers to allow and pass from the request to
|
638
|
+
the plugin.
|
639
|
+
"""
|
640
|
+
return pulumi.get(self, "passthrough_request_headers")
|
641
|
+
|
642
|
+
@passthrough_request_headers.setter
|
643
|
+
def passthrough_request_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
644
|
+
pulumi.set(self, "passthrough_request_headers", value)
|
645
|
+
|
435
646
|
@property
|
436
647
|
@pulumi.getter
|
437
648
|
def path(self) -> Optional[pulumi.Input[str]]:
|
@@ -444,6 +655,20 @@ class _MountState:
|
|
444
655
|
def path(self, value: Optional[pulumi.Input[str]]):
|
445
656
|
pulumi.set(self, "path", value)
|
446
657
|
|
658
|
+
@property
|
659
|
+
@pulumi.getter(name="pluginVersion")
|
660
|
+
def plugin_version(self) -> Optional[pulumi.Input[str]]:
|
661
|
+
"""
|
662
|
+
Specifies the semantic version of the plugin to use, e.g. "v1.0.0".
|
663
|
+
If unspecified, the server will select any matching unversioned plugin that may have been
|
664
|
+
registered, the latest versioned plugin registered, or a built-in plugin in that order of precedence.
|
665
|
+
"""
|
666
|
+
return pulumi.get(self, "plugin_version")
|
667
|
+
|
668
|
+
@plugin_version.setter
|
669
|
+
def plugin_version(self, value: Optional[pulumi.Input[str]]):
|
670
|
+
pulumi.set(self, "plugin_version", value)
|
671
|
+
|
447
672
|
@property
|
448
673
|
@pulumi.getter(name="sealWrap")
|
449
674
|
def seal_wrap(self) -> Optional[pulumi.Input[bool]]:
|
@@ -475,20 +700,28 @@ class Mount(pulumi.CustomResource):
|
|
475
700
|
resource_name: str,
|
476
701
|
opts: Optional[pulumi.ResourceOptions] = None,
|
477
702
|
allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
703
|
+
allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
478
704
|
audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
479
705
|
audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
480
706
|
default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
707
|
+
delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
481
708
|
description: Optional[pulumi.Input[str]] = None,
|
482
709
|
external_entropy_access: Optional[pulumi.Input[bool]] = None,
|
710
|
+
identity_token_key: Optional[pulumi.Input[str]] = None,
|
711
|
+
listing_visibility: Optional[pulumi.Input[str]] = None,
|
483
712
|
local: Optional[pulumi.Input[bool]] = None,
|
484
713
|
max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
485
714
|
namespace: Optional[pulumi.Input[str]] = None,
|
486
|
-
options: Optional[pulumi.Input[Mapping[str,
|
715
|
+
options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
716
|
+
passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
487
717
|
path: Optional[pulumi.Input[str]] = None,
|
718
|
+
plugin_version: Optional[pulumi.Input[str]] = None,
|
488
719
|
seal_wrap: Optional[pulumi.Input[bool]] = None,
|
489
720
|
type: Optional[pulumi.Input[str]] = None,
|
490
721
|
__props__=None):
|
491
722
|
"""
|
723
|
+
This resource enables a new secrets engine at the given path.
|
724
|
+
|
492
725
|
## Example Usage
|
493
726
|
|
494
727
|
```python
|
@@ -496,9 +729,9 @@ class Mount(pulumi.CustomResource):
|
|
496
729
|
import pulumi_vault as vault
|
497
730
|
|
498
731
|
example = vault.Mount("example",
|
499
|
-
description="This is an example mount",
|
500
732
|
path="dummy",
|
501
|
-
type="generic"
|
733
|
+
type="generic",
|
734
|
+
description="This is an example mount")
|
502
735
|
```
|
503
736
|
|
504
737
|
```python
|
@@ -506,13 +739,13 @@ class Mount(pulumi.CustomResource):
|
|
506
739
|
import pulumi_vault as vault
|
507
740
|
|
508
741
|
kvv2_example = vault.Mount("kvv2-example",
|
509
|
-
|
742
|
+
path="version2-example",
|
743
|
+
type="kv-v2",
|
510
744
|
options={
|
511
|
-
"type": "kv-v2",
|
512
745
|
"version": "2",
|
746
|
+
"type": "kv-v2",
|
513
747
|
},
|
514
|
-
|
515
|
-
type="kv-v2")
|
748
|
+
description="This is an example KV Version 2 secret engine mount")
|
516
749
|
```
|
517
750
|
|
518
751
|
```python
|
@@ -520,12 +753,12 @@ class Mount(pulumi.CustomResource):
|
|
520
753
|
import pulumi_vault as vault
|
521
754
|
|
522
755
|
transit_example = vault.Mount("transit-example",
|
756
|
+
path="transit-example",
|
757
|
+
type="transit",
|
523
758
|
description="This is an example transit secret engine mount",
|
524
759
|
options={
|
525
|
-
"convergent_encryption":
|
526
|
-
}
|
527
|
-
path="transit-example",
|
528
|
-
type="transit")
|
760
|
+
"convergent_encryption": "false",
|
761
|
+
})
|
529
762
|
```
|
530
763
|
|
531
764
|
```python
|
@@ -533,11 +766,11 @@ class Mount(pulumi.CustomResource):
|
|
533
766
|
import pulumi_vault as vault
|
534
767
|
|
535
768
|
pki_example = vault.Mount("pki-example",
|
536
|
-
default_lease_ttl_seconds=3600,
|
537
|
-
description="This is an example PKI mount",
|
538
|
-
max_lease_ttl_seconds=86400,
|
539
769
|
path="pki-example",
|
540
|
-
type="pki"
|
770
|
+
type="pki",
|
771
|
+
description="This is an example PKI mount",
|
772
|
+
default_lease_ttl_seconds=3600,
|
773
|
+
max_lease_ttl_seconds=86400)
|
541
774
|
```
|
542
775
|
|
543
776
|
## Import
|
@@ -545,25 +778,38 @@ class Mount(pulumi.CustomResource):
|
|
545
778
|
Mounts can be imported using the `path`, e.g.
|
546
779
|
|
547
780
|
```sh
|
548
|
-
|
781
|
+
$ pulumi import vault:index/mount:Mount example dummy
|
549
782
|
```
|
550
783
|
|
551
784
|
:param str resource_name: The name of the resource.
|
552
785
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
553
786
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_managed_keys: Set of managed key registry entry names that the mount in question is allowed to access
|
787
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_response_headers: List of headers to allow, allowing a plugin to include
|
788
|
+
them in the response.
|
554
789
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
|
555
790
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
|
556
791
|
:param pulumi.Input[int] default_lease_ttl_seconds: Default lease duration for tokens and secrets in seconds
|
792
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] delegated_auth_accessors: List of allowed authentication mount accessors the
|
793
|
+
backend can request delegated authentication for.
|
557
794
|
:param pulumi.Input[str] description: Human-friendly description of the mount
|
558
795
|
:param pulumi.Input[bool] external_entropy_access: Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source
|
796
|
+
:param pulumi.Input[str] identity_token_key: The key to use for signing plugin workload identity tokens. If
|
797
|
+
not provided, this will default to Vault's OIDC default key.
|
798
|
+
:param pulumi.Input[str] listing_visibility: Specifies whether to show this mount in the UI-specific
|
799
|
+
listing endpoint. Valid values are `unauth` or `hidden`. If not set, behaves like `hidden`.
|
559
800
|
:param pulumi.Input[bool] local: Boolean flag that can be explicitly set to true to enforce local mount in HA environment
|
560
801
|
:param pulumi.Input[int] max_lease_ttl_seconds: Maximum possible lease duration for tokens and secrets in seconds
|
561
802
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
562
803
|
The value should not contain leading or trailing forward slashes.
|
563
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
804
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
564
805
|
*Available only for Vault Enterprise*.
|
565
|
-
:param pulumi.Input[Mapping[str,
|
806
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] options: Specifies mount type specific options that are passed to the backend
|
807
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] passthrough_request_headers: List of headers to allow and pass from the request to
|
808
|
+
the plugin.
|
566
809
|
:param pulumi.Input[str] path: Where the secret backend will be mounted
|
810
|
+
:param pulumi.Input[str] plugin_version: Specifies the semantic version of the plugin to use, e.g. "v1.0.0".
|
811
|
+
If unspecified, the server will select any matching unversioned plugin that may have been
|
812
|
+
registered, the latest versioned plugin registered, or a built-in plugin in that order of precedence.
|
567
813
|
:param pulumi.Input[bool] seal_wrap: Boolean flag that can be explicitly set to true to enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
|
568
814
|
:param pulumi.Input[str] type: Type of the backend, such as "aws"
|
569
815
|
"""
|
@@ -574,6 +820,8 @@ class Mount(pulumi.CustomResource):
|
|
574
820
|
args: MountArgs,
|
575
821
|
opts: Optional[pulumi.ResourceOptions] = None):
|
576
822
|
"""
|
823
|
+
This resource enables a new secrets engine at the given path.
|
824
|
+
|
577
825
|
## Example Usage
|
578
826
|
|
579
827
|
```python
|
@@ -581,9 +829,9 @@ class Mount(pulumi.CustomResource):
|
|
581
829
|
import pulumi_vault as vault
|
582
830
|
|
583
831
|
example = vault.Mount("example",
|
584
|
-
description="This is an example mount",
|
585
832
|
path="dummy",
|
586
|
-
type="generic"
|
833
|
+
type="generic",
|
834
|
+
description="This is an example mount")
|
587
835
|
```
|
588
836
|
|
589
837
|
```python
|
@@ -591,13 +839,13 @@ class Mount(pulumi.CustomResource):
|
|
591
839
|
import pulumi_vault as vault
|
592
840
|
|
593
841
|
kvv2_example = vault.Mount("kvv2-example",
|
594
|
-
|
842
|
+
path="version2-example",
|
843
|
+
type="kv-v2",
|
595
844
|
options={
|
596
|
-
"type": "kv-v2",
|
597
845
|
"version": "2",
|
846
|
+
"type": "kv-v2",
|
598
847
|
},
|
599
|
-
|
600
|
-
type="kv-v2")
|
848
|
+
description="This is an example KV Version 2 secret engine mount")
|
601
849
|
```
|
602
850
|
|
603
851
|
```python
|
@@ -605,12 +853,12 @@ class Mount(pulumi.CustomResource):
|
|
605
853
|
import pulumi_vault as vault
|
606
854
|
|
607
855
|
transit_example = vault.Mount("transit-example",
|
856
|
+
path="transit-example",
|
857
|
+
type="transit",
|
608
858
|
description="This is an example transit secret engine mount",
|
609
859
|
options={
|
610
|
-
"convergent_encryption":
|
611
|
-
}
|
612
|
-
path="transit-example",
|
613
|
-
type="transit")
|
860
|
+
"convergent_encryption": "false",
|
861
|
+
})
|
614
862
|
```
|
615
863
|
|
616
864
|
```python
|
@@ -618,11 +866,11 @@ class Mount(pulumi.CustomResource):
|
|
618
866
|
import pulumi_vault as vault
|
619
867
|
|
620
868
|
pki_example = vault.Mount("pki-example",
|
621
|
-
default_lease_ttl_seconds=3600,
|
622
|
-
description="This is an example PKI mount",
|
623
|
-
max_lease_ttl_seconds=86400,
|
624
869
|
path="pki-example",
|
625
|
-
type="pki"
|
870
|
+
type="pki",
|
871
|
+
description="This is an example PKI mount",
|
872
|
+
default_lease_ttl_seconds=3600,
|
873
|
+
max_lease_ttl_seconds=86400)
|
626
874
|
```
|
627
875
|
|
628
876
|
## Import
|
@@ -630,7 +878,7 @@ class Mount(pulumi.CustomResource):
|
|
630
878
|
Mounts can be imported using the `path`, e.g.
|
631
879
|
|
632
880
|
```sh
|
633
|
-
|
881
|
+
$ pulumi import vault:index/mount:Mount example dummy
|
634
882
|
```
|
635
883
|
|
636
884
|
:param str resource_name: The name of the resource.
|
@@ -649,16 +897,22 @@ class Mount(pulumi.CustomResource):
|
|
649
897
|
resource_name: str,
|
650
898
|
opts: Optional[pulumi.ResourceOptions] = None,
|
651
899
|
allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
900
|
+
allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
652
901
|
audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
653
902
|
audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
654
903
|
default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
904
|
+
delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
655
905
|
description: Optional[pulumi.Input[str]] = None,
|
656
906
|
external_entropy_access: Optional[pulumi.Input[bool]] = None,
|
907
|
+
identity_token_key: Optional[pulumi.Input[str]] = None,
|
908
|
+
listing_visibility: Optional[pulumi.Input[str]] = None,
|
657
909
|
local: Optional[pulumi.Input[bool]] = None,
|
658
910
|
max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
659
911
|
namespace: Optional[pulumi.Input[str]] = None,
|
660
|
-
options: Optional[pulumi.Input[Mapping[str,
|
912
|
+
options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
913
|
+
passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
661
914
|
path: Optional[pulumi.Input[str]] = None,
|
915
|
+
plugin_version: Optional[pulumi.Input[str]] = None,
|
662
916
|
seal_wrap: Optional[pulumi.Input[bool]] = None,
|
663
917
|
type: Optional[pulumi.Input[str]] = None,
|
664
918
|
__props__=None):
|
@@ -671,18 +925,24 @@ class Mount(pulumi.CustomResource):
|
|
671
925
|
__props__ = MountArgs.__new__(MountArgs)
|
672
926
|
|
673
927
|
__props__.__dict__["allowed_managed_keys"] = allowed_managed_keys
|
928
|
+
__props__.__dict__["allowed_response_headers"] = allowed_response_headers
|
674
929
|
__props__.__dict__["audit_non_hmac_request_keys"] = audit_non_hmac_request_keys
|
675
930
|
__props__.__dict__["audit_non_hmac_response_keys"] = audit_non_hmac_response_keys
|
676
931
|
__props__.__dict__["default_lease_ttl_seconds"] = default_lease_ttl_seconds
|
932
|
+
__props__.__dict__["delegated_auth_accessors"] = delegated_auth_accessors
|
677
933
|
__props__.__dict__["description"] = description
|
678
934
|
__props__.__dict__["external_entropy_access"] = external_entropy_access
|
935
|
+
__props__.__dict__["identity_token_key"] = identity_token_key
|
936
|
+
__props__.__dict__["listing_visibility"] = listing_visibility
|
679
937
|
__props__.__dict__["local"] = local
|
680
938
|
__props__.__dict__["max_lease_ttl_seconds"] = max_lease_ttl_seconds
|
681
939
|
__props__.__dict__["namespace"] = namespace
|
682
940
|
__props__.__dict__["options"] = options
|
941
|
+
__props__.__dict__["passthrough_request_headers"] = passthrough_request_headers
|
683
942
|
if path is None and not opts.urn:
|
684
943
|
raise TypeError("Missing required property 'path'")
|
685
944
|
__props__.__dict__["path"] = path
|
945
|
+
__props__.__dict__["plugin_version"] = plugin_version
|
686
946
|
__props__.__dict__["seal_wrap"] = seal_wrap
|
687
947
|
if type is None and not opts.urn:
|
688
948
|
raise TypeError("Missing required property 'type'")
|
@@ -700,16 +960,22 @@ class Mount(pulumi.CustomResource):
|
|
700
960
|
opts: Optional[pulumi.ResourceOptions] = None,
|
701
961
|
accessor: Optional[pulumi.Input[str]] = None,
|
702
962
|
allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
963
|
+
allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
703
964
|
audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
704
965
|
audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
705
966
|
default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
967
|
+
delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
706
968
|
description: Optional[pulumi.Input[str]] = None,
|
707
969
|
external_entropy_access: Optional[pulumi.Input[bool]] = None,
|
970
|
+
identity_token_key: Optional[pulumi.Input[str]] = None,
|
971
|
+
listing_visibility: Optional[pulumi.Input[str]] = None,
|
708
972
|
local: Optional[pulumi.Input[bool]] = None,
|
709
973
|
max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
710
974
|
namespace: Optional[pulumi.Input[str]] = None,
|
711
|
-
options: Optional[pulumi.Input[Mapping[str,
|
975
|
+
options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
976
|
+
passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
712
977
|
path: Optional[pulumi.Input[str]] = None,
|
978
|
+
plugin_version: Optional[pulumi.Input[str]] = None,
|
713
979
|
seal_wrap: Optional[pulumi.Input[bool]] = None,
|
714
980
|
type: Optional[pulumi.Input[str]] = None) -> 'Mount':
|
715
981
|
"""
|
@@ -721,19 +987,32 @@ class Mount(pulumi.CustomResource):
|
|
721
987
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
722
988
|
:param pulumi.Input[str] accessor: The accessor for this mount.
|
723
989
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_managed_keys: Set of managed key registry entry names that the mount in question is allowed to access
|
990
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_response_headers: List of headers to allow, allowing a plugin to include
|
991
|
+
them in the response.
|
724
992
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
|
725
993
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
|
726
994
|
:param pulumi.Input[int] default_lease_ttl_seconds: Default lease duration for tokens and secrets in seconds
|
995
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] delegated_auth_accessors: List of allowed authentication mount accessors the
|
996
|
+
backend can request delegated authentication for.
|
727
997
|
:param pulumi.Input[str] description: Human-friendly description of the mount
|
728
998
|
:param pulumi.Input[bool] external_entropy_access: Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source
|
999
|
+
:param pulumi.Input[str] identity_token_key: The key to use for signing plugin workload identity tokens. If
|
1000
|
+
not provided, this will default to Vault's OIDC default key.
|
1001
|
+
:param pulumi.Input[str] listing_visibility: Specifies whether to show this mount in the UI-specific
|
1002
|
+
listing endpoint. Valid values are `unauth` or `hidden`. If not set, behaves like `hidden`.
|
729
1003
|
:param pulumi.Input[bool] local: Boolean flag that can be explicitly set to true to enforce local mount in HA environment
|
730
1004
|
:param pulumi.Input[int] max_lease_ttl_seconds: Maximum possible lease duration for tokens and secrets in seconds
|
731
1005
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
732
1006
|
The value should not contain leading or trailing forward slashes.
|
733
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
1007
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
734
1008
|
*Available only for Vault Enterprise*.
|
735
|
-
:param pulumi.Input[Mapping[str,
|
1009
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] options: Specifies mount type specific options that are passed to the backend
|
1010
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] passthrough_request_headers: List of headers to allow and pass from the request to
|
1011
|
+
the plugin.
|
736
1012
|
:param pulumi.Input[str] path: Where the secret backend will be mounted
|
1013
|
+
:param pulumi.Input[str] plugin_version: Specifies the semantic version of the plugin to use, e.g. "v1.0.0".
|
1014
|
+
If unspecified, the server will select any matching unversioned plugin that may have been
|
1015
|
+
registered, the latest versioned plugin registered, or a built-in plugin in that order of precedence.
|
737
1016
|
:param pulumi.Input[bool] seal_wrap: Boolean flag that can be explicitly set to true to enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
|
738
1017
|
:param pulumi.Input[str] type: Type of the backend, such as "aws"
|
739
1018
|
"""
|
@@ -743,16 +1022,22 @@ class Mount(pulumi.CustomResource):
|
|
743
1022
|
|
744
1023
|
__props__.__dict__["accessor"] = accessor
|
745
1024
|
__props__.__dict__["allowed_managed_keys"] = allowed_managed_keys
|
1025
|
+
__props__.__dict__["allowed_response_headers"] = allowed_response_headers
|
746
1026
|
__props__.__dict__["audit_non_hmac_request_keys"] = audit_non_hmac_request_keys
|
747
1027
|
__props__.__dict__["audit_non_hmac_response_keys"] = audit_non_hmac_response_keys
|
748
1028
|
__props__.__dict__["default_lease_ttl_seconds"] = default_lease_ttl_seconds
|
1029
|
+
__props__.__dict__["delegated_auth_accessors"] = delegated_auth_accessors
|
749
1030
|
__props__.__dict__["description"] = description
|
750
1031
|
__props__.__dict__["external_entropy_access"] = external_entropy_access
|
1032
|
+
__props__.__dict__["identity_token_key"] = identity_token_key
|
1033
|
+
__props__.__dict__["listing_visibility"] = listing_visibility
|
751
1034
|
__props__.__dict__["local"] = local
|
752
1035
|
__props__.__dict__["max_lease_ttl_seconds"] = max_lease_ttl_seconds
|
753
1036
|
__props__.__dict__["namespace"] = namespace
|
754
1037
|
__props__.__dict__["options"] = options
|
1038
|
+
__props__.__dict__["passthrough_request_headers"] = passthrough_request_headers
|
755
1039
|
__props__.__dict__["path"] = path
|
1040
|
+
__props__.__dict__["plugin_version"] = plugin_version
|
756
1041
|
__props__.__dict__["seal_wrap"] = seal_wrap
|
757
1042
|
__props__.__dict__["type"] = type
|
758
1043
|
return Mount(resource_name, opts=opts, __props__=__props__)
|
@@ -773,6 +1058,15 @@ class Mount(pulumi.CustomResource):
|
|
773
1058
|
"""
|
774
1059
|
return pulumi.get(self, "allowed_managed_keys")
|
775
1060
|
|
1061
|
+
@property
|
1062
|
+
@pulumi.getter(name="allowedResponseHeaders")
|
1063
|
+
def allowed_response_headers(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
1064
|
+
"""
|
1065
|
+
List of headers to allow, allowing a plugin to include
|
1066
|
+
them in the response.
|
1067
|
+
"""
|
1068
|
+
return pulumi.get(self, "allowed_response_headers")
|
1069
|
+
|
776
1070
|
@property
|
777
1071
|
@pulumi.getter(name="auditNonHmacRequestKeys")
|
778
1072
|
def audit_non_hmac_request_keys(self) -> pulumi.Output[Sequence[str]]:
|
@@ -797,6 +1091,15 @@ class Mount(pulumi.CustomResource):
|
|
797
1091
|
"""
|
798
1092
|
return pulumi.get(self, "default_lease_ttl_seconds")
|
799
1093
|
|
1094
|
+
@property
|
1095
|
+
@pulumi.getter(name="delegatedAuthAccessors")
|
1096
|
+
def delegated_auth_accessors(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
1097
|
+
"""
|
1098
|
+
List of allowed authentication mount accessors the
|
1099
|
+
backend can request delegated authentication for.
|
1100
|
+
"""
|
1101
|
+
return pulumi.get(self, "delegated_auth_accessors")
|
1102
|
+
|
800
1103
|
@property
|
801
1104
|
@pulumi.getter
|
802
1105
|
def description(self) -> pulumi.Output[Optional[str]]:
|
@@ -813,6 +1116,24 @@ class Mount(pulumi.CustomResource):
|
|
813
1116
|
"""
|
814
1117
|
return pulumi.get(self, "external_entropy_access")
|
815
1118
|
|
1119
|
+
@property
|
1120
|
+
@pulumi.getter(name="identityTokenKey")
|
1121
|
+
def identity_token_key(self) -> pulumi.Output[Optional[str]]:
|
1122
|
+
"""
|
1123
|
+
The key to use for signing plugin workload identity tokens. If
|
1124
|
+
not provided, this will default to Vault's OIDC default key.
|
1125
|
+
"""
|
1126
|
+
return pulumi.get(self, "identity_token_key")
|
1127
|
+
|
1128
|
+
@property
|
1129
|
+
@pulumi.getter(name="listingVisibility")
|
1130
|
+
def listing_visibility(self) -> pulumi.Output[Optional[str]]:
|
1131
|
+
"""
|
1132
|
+
Specifies whether to show this mount in the UI-specific
|
1133
|
+
listing endpoint. Valid values are `unauth` or `hidden`. If not set, behaves like `hidden`.
|
1134
|
+
"""
|
1135
|
+
return pulumi.get(self, "listing_visibility")
|
1136
|
+
|
816
1137
|
@property
|
817
1138
|
@pulumi.getter
|
818
1139
|
def local(self) -> pulumi.Output[Optional[bool]]:
|
@@ -835,19 +1156,28 @@ class Mount(pulumi.CustomResource):
|
|
835
1156
|
"""
|
836
1157
|
The namespace to provision the resource in.
|
837
1158
|
The value should not contain leading or trailing forward slashes.
|
838
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
1159
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
839
1160
|
*Available only for Vault Enterprise*.
|
840
1161
|
"""
|
841
1162
|
return pulumi.get(self, "namespace")
|
842
1163
|
|
843
1164
|
@property
|
844
1165
|
@pulumi.getter
|
845
|
-
def options(self) -> pulumi.Output[Optional[Mapping[str,
|
1166
|
+
def options(self) -> pulumi.Output[Optional[Mapping[str, str]]]:
|
846
1167
|
"""
|
847
1168
|
Specifies mount type specific options that are passed to the backend
|
848
1169
|
"""
|
849
1170
|
return pulumi.get(self, "options")
|
850
1171
|
|
1172
|
+
@property
|
1173
|
+
@pulumi.getter(name="passthroughRequestHeaders")
|
1174
|
+
def passthrough_request_headers(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
1175
|
+
"""
|
1176
|
+
List of headers to allow and pass from the request to
|
1177
|
+
the plugin.
|
1178
|
+
"""
|
1179
|
+
return pulumi.get(self, "passthrough_request_headers")
|
1180
|
+
|
851
1181
|
@property
|
852
1182
|
@pulumi.getter
|
853
1183
|
def path(self) -> pulumi.Output[str]:
|
@@ -856,6 +1186,16 @@ class Mount(pulumi.CustomResource):
|
|
856
1186
|
"""
|
857
1187
|
return pulumi.get(self, "path")
|
858
1188
|
|
1189
|
+
@property
|
1190
|
+
@pulumi.getter(name="pluginVersion")
|
1191
|
+
def plugin_version(self) -> pulumi.Output[Optional[str]]:
|
1192
|
+
"""
|
1193
|
+
Specifies the semantic version of the plugin to use, e.g. "v1.0.0".
|
1194
|
+
If unspecified, the server will select any matching unversioned plugin that may have been
|
1195
|
+
registered, the latest versioned plugin registered, or a built-in plugin in that order of precedence.
|
1196
|
+
"""
|
1197
|
+
return pulumi.get(self, "plugin_version")
|
1198
|
+
|
859
1199
|
@property
|
860
1200
|
@pulumi.getter(name="sealWrap")
|
861
1201
|
def seal_wrap(self) -> pulumi.Output[bool]:
|