pulumi-vault 5.21.0a1709368526__py3-none-any.whl → 6.5.0a1736836139__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (229) hide show
  1. pulumi_vault/__init__.py +52 -0
  2. pulumi_vault/_inputs.py +560 -0
  3. pulumi_vault/_utilities.py +41 -5
  4. pulumi_vault/ad/get_access_credentials.py +26 -9
  5. pulumi_vault/ad/secret_backend.py +16 -142
  6. pulumi_vault/ad/secret_library.py +16 -9
  7. pulumi_vault/ad/secret_role.py +14 -9
  8. pulumi_vault/alicloud/auth_backend_role.py +76 -190
  9. pulumi_vault/approle/auth_backend_login.py +12 -7
  10. pulumi_vault/approle/auth_backend_role.py +77 -191
  11. pulumi_vault/approle/auth_backend_role_secret_id.py +106 -7
  12. pulumi_vault/approle/get_auth_backend_role_id.py +18 -5
  13. pulumi_vault/audit.py +30 -21
  14. pulumi_vault/audit_request_header.py +11 -2
  15. pulumi_vault/auth_backend.py +66 -14
  16. pulumi_vault/aws/auth_backend_cert.py +18 -9
  17. pulumi_vault/aws/auth_backend_client.py +267 -22
  18. pulumi_vault/aws/auth_backend_config_identity.py +14 -9
  19. pulumi_vault/aws/auth_backend_identity_whitelist.py +20 -15
  20. pulumi_vault/aws/auth_backend_login.py +19 -22
  21. pulumi_vault/aws/auth_backend_role.py +77 -191
  22. pulumi_vault/aws/auth_backend_role_tag.py +12 -7
  23. pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -13
  24. pulumi_vault/aws/auth_backend_sts_role.py +14 -9
  25. pulumi_vault/aws/get_access_credentials.py +38 -9
  26. pulumi_vault/aws/get_static_access_credentials.py +19 -5
  27. pulumi_vault/aws/secret_backend.py +77 -9
  28. pulumi_vault/aws/secret_backend_role.py +185 -9
  29. pulumi_vault/aws/secret_backend_static_role.py +20 -11
  30. pulumi_vault/azure/_inputs.py +24 -0
  31. pulumi_vault/azure/auth_backend_config.py +153 -15
  32. pulumi_vault/azure/auth_backend_role.py +77 -191
  33. pulumi_vault/azure/backend.py +227 -21
  34. pulumi_vault/azure/backend_role.py +42 -37
  35. pulumi_vault/azure/get_access_credentials.py +41 -7
  36. pulumi_vault/azure/outputs.py +5 -0
  37. pulumi_vault/cert_auth_backend_role.py +87 -267
  38. pulumi_vault/config/__init__.pyi +5 -0
  39. pulumi_vault/config/_inputs.py +73 -0
  40. pulumi_vault/config/outputs.py +35 -0
  41. pulumi_vault/config/ui_custom_message.py +529 -0
  42. pulumi_vault/config/vars.py +5 -0
  43. pulumi_vault/consul/secret_backend.py +28 -19
  44. pulumi_vault/consul/secret_backend_role.py +18 -78
  45. pulumi_vault/database/_inputs.py +2770 -881
  46. pulumi_vault/database/outputs.py +721 -838
  47. pulumi_vault/database/secret_backend_connection.py +119 -112
  48. pulumi_vault/database/secret_backend_role.py +31 -22
  49. pulumi_vault/database/secret_backend_static_role.py +87 -13
  50. pulumi_vault/database/secrets_mount.py +427 -136
  51. pulumi_vault/egp_policy.py +16 -11
  52. pulumi_vault/gcp/_inputs.py +111 -0
  53. pulumi_vault/gcp/auth_backend.py +250 -33
  54. pulumi_vault/gcp/auth_backend_role.py +77 -269
  55. pulumi_vault/gcp/get_auth_backend_role.py +43 -5
  56. pulumi_vault/gcp/outputs.py +5 -0
  57. pulumi_vault/gcp/secret_backend.py +287 -12
  58. pulumi_vault/gcp/secret_impersonated_account.py +76 -15
  59. pulumi_vault/gcp/secret_roleset.py +31 -24
  60. pulumi_vault/gcp/secret_static_account.py +39 -32
  61. pulumi_vault/generic/endpoint.py +24 -17
  62. pulumi_vault/generic/get_secret.py +64 -8
  63. pulumi_vault/generic/secret.py +21 -16
  64. pulumi_vault/get_auth_backend.py +24 -7
  65. pulumi_vault/get_auth_backends.py +51 -9
  66. pulumi_vault/get_namespace.py +226 -0
  67. pulumi_vault/get_namespaces.py +153 -0
  68. pulumi_vault/get_nomad_access_token.py +31 -11
  69. pulumi_vault/get_policy_document.py +34 -19
  70. pulumi_vault/get_raft_autopilot_state.py +29 -10
  71. pulumi_vault/github/_inputs.py +55 -0
  72. pulumi_vault/github/auth_backend.py +19 -14
  73. pulumi_vault/github/outputs.py +5 -0
  74. pulumi_vault/github/team.py +16 -11
  75. pulumi_vault/github/user.py +16 -11
  76. pulumi_vault/identity/entity.py +20 -13
  77. pulumi_vault/identity/entity_alias.py +20 -13
  78. pulumi_vault/identity/entity_policies.py +28 -11
  79. pulumi_vault/identity/get_entity.py +42 -10
  80. pulumi_vault/identity/get_group.py +47 -9
  81. pulumi_vault/identity/get_oidc_client_creds.py +21 -7
  82. pulumi_vault/identity/get_oidc_openid_config.py +39 -9
  83. pulumi_vault/identity/get_oidc_public_keys.py +29 -10
  84. pulumi_vault/identity/group.py +58 -39
  85. pulumi_vault/identity/group_alias.py +16 -9
  86. pulumi_vault/identity/group_member_entity_ids.py +28 -66
  87. pulumi_vault/identity/group_member_group_ids.py +40 -19
  88. pulumi_vault/identity/group_policies.py +20 -7
  89. pulumi_vault/identity/mfa_duo.py +11 -6
  90. pulumi_vault/identity/mfa_login_enforcement.py +15 -6
  91. pulumi_vault/identity/mfa_okta.py +11 -6
  92. pulumi_vault/identity/mfa_pingid.py +7 -2
  93. pulumi_vault/identity/mfa_totp.py +7 -2
  94. pulumi_vault/identity/oidc.py +12 -7
  95. pulumi_vault/identity/oidc_assignment.py +24 -11
  96. pulumi_vault/identity/oidc_client.py +36 -23
  97. pulumi_vault/identity/oidc_key.py +30 -17
  98. pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -15
  99. pulumi_vault/identity/oidc_provider.py +36 -21
  100. pulumi_vault/identity/oidc_role.py +42 -21
  101. pulumi_vault/identity/oidc_scope.py +20 -13
  102. pulumi_vault/identity/outputs.py +8 -3
  103. pulumi_vault/jwt/_inputs.py +55 -0
  104. pulumi_vault/jwt/auth_backend.py +45 -40
  105. pulumi_vault/jwt/auth_backend_role.py +133 -254
  106. pulumi_vault/jwt/outputs.py +5 -0
  107. pulumi_vault/kmip/secret_backend.py +24 -19
  108. pulumi_vault/kmip/secret_role.py +14 -9
  109. pulumi_vault/kmip/secret_scope.py +14 -9
  110. pulumi_vault/kubernetes/auth_backend_config.py +57 -5
  111. pulumi_vault/kubernetes/auth_backend_role.py +70 -177
  112. pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
  113. pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
  114. pulumi_vault/kubernetes/get_service_account_token.py +39 -11
  115. pulumi_vault/kubernetes/secret_backend.py +316 -27
  116. pulumi_vault/kubernetes/secret_backend_role.py +137 -46
  117. pulumi_vault/kv/_inputs.py +36 -4
  118. pulumi_vault/kv/get_secret.py +25 -8
  119. pulumi_vault/kv/get_secret_subkeys_v2.py +33 -10
  120. pulumi_vault/kv/get_secret_v2.py +85 -9
  121. pulumi_vault/kv/get_secrets_list.py +24 -11
  122. pulumi_vault/kv/get_secrets_list_v2.py +37 -15
  123. pulumi_vault/kv/outputs.py +8 -3
  124. pulumi_vault/kv/secret.py +23 -16
  125. pulumi_vault/kv/secret_backend_v2.py +20 -11
  126. pulumi_vault/kv/secret_v2.py +59 -50
  127. pulumi_vault/ldap/auth_backend.py +127 -166
  128. pulumi_vault/ldap/auth_backend_group.py +14 -9
  129. pulumi_vault/ldap/auth_backend_user.py +14 -9
  130. pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
  131. pulumi_vault/ldap/get_static_credentials.py +24 -5
  132. pulumi_vault/ldap/secret_backend.py +354 -82
  133. pulumi_vault/ldap/secret_backend_dynamic_role.py +18 -11
  134. pulumi_vault/ldap/secret_backend_library_set.py +16 -9
  135. pulumi_vault/ldap/secret_backend_static_role.py +73 -12
  136. pulumi_vault/managed/_inputs.py +289 -132
  137. pulumi_vault/managed/keys.py +29 -57
  138. pulumi_vault/managed/outputs.py +89 -132
  139. pulumi_vault/mfa_duo.py +18 -11
  140. pulumi_vault/mfa_okta.py +18 -11
  141. pulumi_vault/mfa_pingid.py +18 -11
  142. pulumi_vault/mfa_totp.py +24 -17
  143. pulumi_vault/mongodbatlas/secret_backend.py +20 -15
  144. pulumi_vault/mongodbatlas/secret_role.py +47 -38
  145. pulumi_vault/mount.py +391 -51
  146. pulumi_vault/namespace.py +68 -83
  147. pulumi_vault/nomad_secret_backend.py +18 -13
  148. pulumi_vault/nomad_secret_role.py +14 -9
  149. pulumi_vault/okta/_inputs.py +47 -8
  150. pulumi_vault/okta/auth_backend.py +485 -39
  151. pulumi_vault/okta/auth_backend_group.py +14 -9
  152. pulumi_vault/okta/auth_backend_user.py +14 -9
  153. pulumi_vault/okta/outputs.py +13 -8
  154. pulumi_vault/outputs.py +5 -0
  155. pulumi_vault/password_policy.py +20 -13
  156. pulumi_vault/pkisecret/__init__.py +3 -0
  157. pulumi_vault/pkisecret/_inputs.py +81 -0
  158. pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
  159. pulumi_vault/pkisecret/backend_config_est.py +619 -0
  160. pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
  161. pulumi_vault/pkisecret/get_backend_issuer.py +67 -9
  162. pulumi_vault/pkisecret/get_backend_issuers.py +21 -8
  163. pulumi_vault/pkisecret/get_backend_key.py +24 -9
  164. pulumi_vault/pkisecret/get_backend_keys.py +21 -8
  165. pulumi_vault/pkisecret/outputs.py +69 -0
  166. pulumi_vault/pkisecret/secret_backend_cert.py +18 -11
  167. pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -11
  168. pulumi_vault/pkisecret/secret_backend_config_issuers.py +14 -9
  169. pulumi_vault/pkisecret/secret_backend_config_urls.py +67 -11
  170. pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -9
  171. pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -11
  172. pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -17
  173. pulumi_vault/pkisecret/secret_backend_issuer.py +14 -9
  174. pulumi_vault/pkisecret/secret_backend_key.py +14 -9
  175. pulumi_vault/pkisecret/secret_backend_role.py +21 -14
  176. pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -48
  177. pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -56
  178. pulumi_vault/pkisecret/secret_backend_sign.py +18 -54
  179. pulumi_vault/plugin.py +595 -0
  180. pulumi_vault/plugin_pinned_version.py +298 -0
  181. pulumi_vault/policy.py +14 -9
  182. pulumi_vault/provider.py +48 -53
  183. pulumi_vault/pulumi-plugin.json +2 -1
  184. pulumi_vault/quota_lease_count.py +60 -6
  185. pulumi_vault/quota_rate_limit.py +56 -2
  186. pulumi_vault/rabbitmq/_inputs.py +61 -0
  187. pulumi_vault/rabbitmq/outputs.py +5 -0
  188. pulumi_vault/rabbitmq/secret_backend.py +18 -13
  189. pulumi_vault/rabbitmq/secret_backend_role.py +54 -47
  190. pulumi_vault/raft_autopilot.py +14 -9
  191. pulumi_vault/raft_snapshot_agent_config.py +129 -224
  192. pulumi_vault/rgp_policy.py +14 -9
  193. pulumi_vault/saml/auth_backend.py +22 -17
  194. pulumi_vault/saml/auth_backend_role.py +92 -197
  195. pulumi_vault/secrets/__init__.py +3 -0
  196. pulumi_vault/secrets/_inputs.py +110 -0
  197. pulumi_vault/secrets/outputs.py +94 -0
  198. pulumi_vault/secrets/sync_association.py +56 -71
  199. pulumi_vault/secrets/sync_aws_destination.py +242 -27
  200. pulumi_vault/secrets/sync_azure_destination.py +92 -31
  201. pulumi_vault/secrets/sync_config.py +9 -4
  202. pulumi_vault/secrets/sync_gcp_destination.py +158 -25
  203. pulumi_vault/secrets/sync_gh_destination.py +189 -13
  204. pulumi_vault/secrets/sync_github_apps.py +375 -0
  205. pulumi_vault/secrets/sync_vercel_destination.py +74 -13
  206. pulumi_vault/ssh/_inputs.py +28 -28
  207. pulumi_vault/ssh/outputs.py +11 -28
  208. pulumi_vault/ssh/secret_backend_ca.py +108 -9
  209. pulumi_vault/ssh/secret_backend_role.py +85 -118
  210. pulumi_vault/terraformcloud/secret_backend.py +7 -54
  211. pulumi_vault/terraformcloud/secret_creds.py +14 -20
  212. pulumi_vault/terraformcloud/secret_role.py +16 -74
  213. pulumi_vault/token.py +28 -23
  214. pulumi_vault/tokenauth/auth_backend_role.py +78 -199
  215. pulumi_vault/transform/alphabet.py +16 -9
  216. pulumi_vault/transform/get_decode.py +45 -17
  217. pulumi_vault/transform/get_encode.py +45 -17
  218. pulumi_vault/transform/role.py +16 -9
  219. pulumi_vault/transform/template.py +30 -21
  220. pulumi_vault/transform/transformation.py +12 -7
  221. pulumi_vault/transit/get_decrypt.py +26 -21
  222. pulumi_vault/transit/get_encrypt.py +24 -19
  223. pulumi_vault/transit/secret_backend_key.py +27 -93
  224. pulumi_vault/transit/secret_cache_config.py +12 -7
  225. {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/METADATA +8 -7
  226. pulumi_vault-6.5.0a1736836139.dist-info/RECORD +256 -0
  227. {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/WHEEL +1 -1
  228. pulumi_vault-5.21.0a1709368526.dist-info/RECORD +0 -244
  229. {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/top_level.txt +0 -0
pulumi_vault/mount.py CHANGED
@@ -4,9 +4,14 @@
4
4
 
5
5
  import copy
6
6
  import warnings
7
+ import sys
7
8
  import pulumi
8
9
  import pulumi.runtime
9
10
  from typing import Any, Mapping, Optional, Sequence, Union, overload
11
+ if sys.version_info >= (3, 11):
12
+ from typing import NotRequired, TypedDict, TypeAlias
13
+ else:
14
+ from typing_extensions import NotRequired, TypedDict, TypeAlias
10
15
  from . import _utilities
11
16
 
12
17
  __all__ = ['MountArgs', 'Mount']
@@ -17,49 +22,76 @@ class MountArgs:
17
22
  path: pulumi.Input[str],
18
23
  type: pulumi.Input[str],
19
24
  allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
25
+ allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
20
26
  audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
21
27
  audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
22
28
  default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
29
+ delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
23
30
  description: Optional[pulumi.Input[str]] = None,
24
31
  external_entropy_access: Optional[pulumi.Input[bool]] = None,
32
+ identity_token_key: Optional[pulumi.Input[str]] = None,
33
+ listing_visibility: Optional[pulumi.Input[str]] = None,
25
34
  local: Optional[pulumi.Input[bool]] = None,
26
35
  max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
27
36
  namespace: Optional[pulumi.Input[str]] = None,
28
- options: Optional[pulumi.Input[Mapping[str, Any]]] = None,
37
+ options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
38
+ passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
39
+ plugin_version: Optional[pulumi.Input[str]] = None,
29
40
  seal_wrap: Optional[pulumi.Input[bool]] = None):
30
41
  """
31
42
  The set of arguments for constructing a Mount resource.
32
43
  :param pulumi.Input[str] path: Where the secret backend will be mounted
33
44
  :param pulumi.Input[str] type: Type of the backend, such as "aws"
34
45
  :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_managed_keys: Set of managed key registry entry names that the mount in question is allowed to access
46
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_response_headers: List of headers to allow, allowing a plugin to include
47
+ them in the response.
35
48
  :param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
36
49
  :param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
37
50
  :param pulumi.Input[int] default_lease_ttl_seconds: Default lease duration for tokens and secrets in seconds
51
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] delegated_auth_accessors: List of allowed authentication mount accessors the
52
+ backend can request delegated authentication for.
38
53
  :param pulumi.Input[str] description: Human-friendly description of the mount
39
54
  :param pulumi.Input[bool] external_entropy_access: Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source
55
+ :param pulumi.Input[str] identity_token_key: The key to use for signing plugin workload identity tokens. If
56
+ not provided, this will default to Vault's OIDC default key.
57
+ :param pulumi.Input[str] listing_visibility: Specifies whether to show this mount in the UI-specific
58
+ listing endpoint. Valid values are `unauth` or `hidden`. If not set, behaves like `hidden`.
40
59
  :param pulumi.Input[bool] local: Boolean flag that can be explicitly set to true to enforce local mount in HA environment
41
60
  :param pulumi.Input[int] max_lease_ttl_seconds: Maximum possible lease duration for tokens and secrets in seconds
42
61
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
43
62
  The value should not contain leading or trailing forward slashes.
44
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
63
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
45
64
  *Available only for Vault Enterprise*.
46
- :param pulumi.Input[Mapping[str, Any]] options: Specifies mount type specific options that are passed to the backend
65
+ :param pulumi.Input[Mapping[str, pulumi.Input[str]]] options: Specifies mount type specific options that are passed to the backend
66
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] passthrough_request_headers: List of headers to allow and pass from the request to
67
+ the plugin.
68
+ :param pulumi.Input[str] plugin_version: Specifies the semantic version of the plugin to use, e.g. "v1.0.0".
69
+ If unspecified, the server will select any matching unversioned plugin that may have been
70
+ registered, the latest versioned plugin registered, or a built-in plugin in that order of precedence.
47
71
  :param pulumi.Input[bool] seal_wrap: Boolean flag that can be explicitly set to true to enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
48
72
  """
49
73
  pulumi.set(__self__, "path", path)
50
74
  pulumi.set(__self__, "type", type)
51
75
  if allowed_managed_keys is not None:
52
76
  pulumi.set(__self__, "allowed_managed_keys", allowed_managed_keys)
77
+ if allowed_response_headers is not None:
78
+ pulumi.set(__self__, "allowed_response_headers", allowed_response_headers)
53
79
  if audit_non_hmac_request_keys is not None:
54
80
  pulumi.set(__self__, "audit_non_hmac_request_keys", audit_non_hmac_request_keys)
55
81
  if audit_non_hmac_response_keys is not None:
56
82
  pulumi.set(__self__, "audit_non_hmac_response_keys", audit_non_hmac_response_keys)
57
83
  if default_lease_ttl_seconds is not None:
58
84
  pulumi.set(__self__, "default_lease_ttl_seconds", default_lease_ttl_seconds)
85
+ if delegated_auth_accessors is not None:
86
+ pulumi.set(__self__, "delegated_auth_accessors", delegated_auth_accessors)
59
87
  if description is not None:
60
88
  pulumi.set(__self__, "description", description)
61
89
  if external_entropy_access is not None:
62
90
  pulumi.set(__self__, "external_entropy_access", external_entropy_access)
91
+ if identity_token_key is not None:
92
+ pulumi.set(__self__, "identity_token_key", identity_token_key)
93
+ if listing_visibility is not None:
94
+ pulumi.set(__self__, "listing_visibility", listing_visibility)
63
95
  if local is not None:
64
96
  pulumi.set(__self__, "local", local)
65
97
  if max_lease_ttl_seconds is not None:
@@ -68,6 +100,10 @@ class MountArgs:
68
100
  pulumi.set(__self__, "namespace", namespace)
69
101
  if options is not None:
70
102
  pulumi.set(__self__, "options", options)
103
+ if passthrough_request_headers is not None:
104
+ pulumi.set(__self__, "passthrough_request_headers", passthrough_request_headers)
105
+ if plugin_version is not None:
106
+ pulumi.set(__self__, "plugin_version", plugin_version)
71
107
  if seal_wrap is not None:
72
108
  pulumi.set(__self__, "seal_wrap", seal_wrap)
73
109
 
@@ -107,6 +143,19 @@ class MountArgs:
107
143
  def allowed_managed_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
108
144
  pulumi.set(self, "allowed_managed_keys", value)
109
145
 
146
+ @property
147
+ @pulumi.getter(name="allowedResponseHeaders")
148
+ def allowed_response_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
149
+ """
150
+ List of headers to allow, allowing a plugin to include
151
+ them in the response.
152
+ """
153
+ return pulumi.get(self, "allowed_response_headers")
154
+
155
+ @allowed_response_headers.setter
156
+ def allowed_response_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
157
+ pulumi.set(self, "allowed_response_headers", value)
158
+
110
159
  @property
111
160
  @pulumi.getter(name="auditNonHmacRequestKeys")
112
161
  def audit_non_hmac_request_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
@@ -143,6 +192,19 @@ class MountArgs:
143
192
  def default_lease_ttl_seconds(self, value: Optional[pulumi.Input[int]]):
144
193
  pulumi.set(self, "default_lease_ttl_seconds", value)
145
194
 
195
+ @property
196
+ @pulumi.getter(name="delegatedAuthAccessors")
197
+ def delegated_auth_accessors(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
198
+ """
199
+ List of allowed authentication mount accessors the
200
+ backend can request delegated authentication for.
201
+ """
202
+ return pulumi.get(self, "delegated_auth_accessors")
203
+
204
+ @delegated_auth_accessors.setter
205
+ def delegated_auth_accessors(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
206
+ pulumi.set(self, "delegated_auth_accessors", value)
207
+
146
208
  @property
147
209
  @pulumi.getter
148
210
  def description(self) -> Optional[pulumi.Input[str]]:
@@ -167,6 +229,32 @@ class MountArgs:
167
229
  def external_entropy_access(self, value: Optional[pulumi.Input[bool]]):
168
230
  pulumi.set(self, "external_entropy_access", value)
169
231
 
232
+ @property
233
+ @pulumi.getter(name="identityTokenKey")
234
+ def identity_token_key(self) -> Optional[pulumi.Input[str]]:
235
+ """
236
+ The key to use for signing plugin workload identity tokens. If
237
+ not provided, this will default to Vault's OIDC default key.
238
+ """
239
+ return pulumi.get(self, "identity_token_key")
240
+
241
+ @identity_token_key.setter
242
+ def identity_token_key(self, value: Optional[pulumi.Input[str]]):
243
+ pulumi.set(self, "identity_token_key", value)
244
+
245
+ @property
246
+ @pulumi.getter(name="listingVisibility")
247
+ def listing_visibility(self) -> Optional[pulumi.Input[str]]:
248
+ """
249
+ Specifies whether to show this mount in the UI-specific
250
+ listing endpoint. Valid values are `unauth` or `hidden`. If not set, behaves like `hidden`.
251
+ """
252
+ return pulumi.get(self, "listing_visibility")
253
+
254
+ @listing_visibility.setter
255
+ def listing_visibility(self, value: Optional[pulumi.Input[str]]):
256
+ pulumi.set(self, "listing_visibility", value)
257
+
170
258
  @property
171
259
  @pulumi.getter
172
260
  def local(self) -> Optional[pulumi.Input[bool]]:
@@ -197,7 +285,7 @@ class MountArgs:
197
285
  """
198
286
  The namespace to provision the resource in.
199
287
  The value should not contain leading or trailing forward slashes.
200
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
288
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
201
289
  *Available only for Vault Enterprise*.
202
290
  """
203
291
  return pulumi.get(self, "namespace")
@@ -208,16 +296,43 @@ class MountArgs:
208
296
 
209
297
  @property
210
298
  @pulumi.getter
211
- def options(self) -> Optional[pulumi.Input[Mapping[str, Any]]]:
299
+ def options(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
212
300
  """
213
301
  Specifies mount type specific options that are passed to the backend
214
302
  """
215
303
  return pulumi.get(self, "options")
216
304
 
217
305
  @options.setter
218
- def options(self, value: Optional[pulumi.Input[Mapping[str, Any]]]):
306
+ def options(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
219
307
  pulumi.set(self, "options", value)
220
308
 
309
+ @property
310
+ @pulumi.getter(name="passthroughRequestHeaders")
311
+ def passthrough_request_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
312
+ """
313
+ List of headers to allow and pass from the request to
314
+ the plugin.
315
+ """
316
+ return pulumi.get(self, "passthrough_request_headers")
317
+
318
+ @passthrough_request_headers.setter
319
+ def passthrough_request_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
320
+ pulumi.set(self, "passthrough_request_headers", value)
321
+
322
+ @property
323
+ @pulumi.getter(name="pluginVersion")
324
+ def plugin_version(self) -> Optional[pulumi.Input[str]]:
325
+ """
326
+ Specifies the semantic version of the plugin to use, e.g. "v1.0.0".
327
+ If unspecified, the server will select any matching unversioned plugin that may have been
328
+ registered, the latest versioned plugin registered, or a built-in plugin in that order of precedence.
329
+ """
330
+ return pulumi.get(self, "plugin_version")
331
+
332
+ @plugin_version.setter
333
+ def plugin_version(self, value: Optional[pulumi.Input[str]]):
334
+ pulumi.set(self, "plugin_version", value)
335
+
221
336
  @property
222
337
  @pulumi.getter(name="sealWrap")
223
338
  def seal_wrap(self) -> Optional[pulumi.Input[bool]]:
@@ -236,35 +351,54 @@ class _MountState:
236
351
  def __init__(__self__, *,
237
352
  accessor: Optional[pulumi.Input[str]] = None,
238
353
  allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
354
+ allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
239
355
  audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
240
356
  audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
241
357
  default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
358
+ delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
242
359
  description: Optional[pulumi.Input[str]] = None,
243
360
  external_entropy_access: Optional[pulumi.Input[bool]] = None,
361
+ identity_token_key: Optional[pulumi.Input[str]] = None,
362
+ listing_visibility: Optional[pulumi.Input[str]] = None,
244
363
  local: Optional[pulumi.Input[bool]] = None,
245
364
  max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
246
365
  namespace: Optional[pulumi.Input[str]] = None,
247
- options: Optional[pulumi.Input[Mapping[str, Any]]] = None,
366
+ options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
367
+ passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
248
368
  path: Optional[pulumi.Input[str]] = None,
369
+ plugin_version: Optional[pulumi.Input[str]] = None,
249
370
  seal_wrap: Optional[pulumi.Input[bool]] = None,
250
371
  type: Optional[pulumi.Input[str]] = None):
251
372
  """
252
373
  Input properties used for looking up and filtering Mount resources.
253
374
  :param pulumi.Input[str] accessor: The accessor for this mount.
254
375
  :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_managed_keys: Set of managed key registry entry names that the mount in question is allowed to access
376
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_response_headers: List of headers to allow, allowing a plugin to include
377
+ them in the response.
255
378
  :param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
256
379
  :param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
257
380
  :param pulumi.Input[int] default_lease_ttl_seconds: Default lease duration for tokens and secrets in seconds
381
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] delegated_auth_accessors: List of allowed authentication mount accessors the
382
+ backend can request delegated authentication for.
258
383
  :param pulumi.Input[str] description: Human-friendly description of the mount
259
384
  :param pulumi.Input[bool] external_entropy_access: Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source
385
+ :param pulumi.Input[str] identity_token_key: The key to use for signing plugin workload identity tokens. If
386
+ not provided, this will default to Vault's OIDC default key.
387
+ :param pulumi.Input[str] listing_visibility: Specifies whether to show this mount in the UI-specific
388
+ listing endpoint. Valid values are `unauth` or `hidden`. If not set, behaves like `hidden`.
260
389
  :param pulumi.Input[bool] local: Boolean flag that can be explicitly set to true to enforce local mount in HA environment
261
390
  :param pulumi.Input[int] max_lease_ttl_seconds: Maximum possible lease duration for tokens and secrets in seconds
262
391
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
263
392
  The value should not contain leading or trailing forward slashes.
264
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
393
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
265
394
  *Available only for Vault Enterprise*.
266
- :param pulumi.Input[Mapping[str, Any]] options: Specifies mount type specific options that are passed to the backend
395
+ :param pulumi.Input[Mapping[str, pulumi.Input[str]]] options: Specifies mount type specific options that are passed to the backend
396
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] passthrough_request_headers: List of headers to allow and pass from the request to
397
+ the plugin.
267
398
  :param pulumi.Input[str] path: Where the secret backend will be mounted
399
+ :param pulumi.Input[str] plugin_version: Specifies the semantic version of the plugin to use, e.g. "v1.0.0".
400
+ If unspecified, the server will select any matching unversioned plugin that may have been
401
+ registered, the latest versioned plugin registered, or a built-in plugin in that order of precedence.
268
402
  :param pulumi.Input[bool] seal_wrap: Boolean flag that can be explicitly set to true to enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
269
403
  :param pulumi.Input[str] type: Type of the backend, such as "aws"
270
404
  """
@@ -272,16 +406,24 @@ class _MountState:
272
406
  pulumi.set(__self__, "accessor", accessor)
273
407
  if allowed_managed_keys is not None:
274
408
  pulumi.set(__self__, "allowed_managed_keys", allowed_managed_keys)
409
+ if allowed_response_headers is not None:
410
+ pulumi.set(__self__, "allowed_response_headers", allowed_response_headers)
275
411
  if audit_non_hmac_request_keys is not None:
276
412
  pulumi.set(__self__, "audit_non_hmac_request_keys", audit_non_hmac_request_keys)
277
413
  if audit_non_hmac_response_keys is not None:
278
414
  pulumi.set(__self__, "audit_non_hmac_response_keys", audit_non_hmac_response_keys)
279
415
  if default_lease_ttl_seconds is not None:
280
416
  pulumi.set(__self__, "default_lease_ttl_seconds", default_lease_ttl_seconds)
417
+ if delegated_auth_accessors is not None:
418
+ pulumi.set(__self__, "delegated_auth_accessors", delegated_auth_accessors)
281
419
  if description is not None:
282
420
  pulumi.set(__self__, "description", description)
283
421
  if external_entropy_access is not None:
284
422
  pulumi.set(__self__, "external_entropy_access", external_entropy_access)
423
+ if identity_token_key is not None:
424
+ pulumi.set(__self__, "identity_token_key", identity_token_key)
425
+ if listing_visibility is not None:
426
+ pulumi.set(__self__, "listing_visibility", listing_visibility)
285
427
  if local is not None:
286
428
  pulumi.set(__self__, "local", local)
287
429
  if max_lease_ttl_seconds is not None:
@@ -290,8 +432,12 @@ class _MountState:
290
432
  pulumi.set(__self__, "namespace", namespace)
291
433
  if options is not None:
292
434
  pulumi.set(__self__, "options", options)
435
+ if passthrough_request_headers is not None:
436
+ pulumi.set(__self__, "passthrough_request_headers", passthrough_request_headers)
293
437
  if path is not None:
294
438
  pulumi.set(__self__, "path", path)
439
+ if plugin_version is not None:
440
+ pulumi.set(__self__, "plugin_version", plugin_version)
295
441
  if seal_wrap is not None:
296
442
  pulumi.set(__self__, "seal_wrap", seal_wrap)
297
443
  if type is not None:
@@ -321,6 +467,19 @@ class _MountState:
321
467
  def allowed_managed_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
322
468
  pulumi.set(self, "allowed_managed_keys", value)
323
469
 
470
+ @property
471
+ @pulumi.getter(name="allowedResponseHeaders")
472
+ def allowed_response_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
473
+ """
474
+ List of headers to allow, allowing a plugin to include
475
+ them in the response.
476
+ """
477
+ return pulumi.get(self, "allowed_response_headers")
478
+
479
+ @allowed_response_headers.setter
480
+ def allowed_response_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
481
+ pulumi.set(self, "allowed_response_headers", value)
482
+
324
483
  @property
325
484
  @pulumi.getter(name="auditNonHmacRequestKeys")
326
485
  def audit_non_hmac_request_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
@@ -357,6 +516,19 @@ class _MountState:
357
516
  def default_lease_ttl_seconds(self, value: Optional[pulumi.Input[int]]):
358
517
  pulumi.set(self, "default_lease_ttl_seconds", value)
359
518
 
519
+ @property
520
+ @pulumi.getter(name="delegatedAuthAccessors")
521
+ def delegated_auth_accessors(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
522
+ """
523
+ List of allowed authentication mount accessors the
524
+ backend can request delegated authentication for.
525
+ """
526
+ return pulumi.get(self, "delegated_auth_accessors")
527
+
528
+ @delegated_auth_accessors.setter
529
+ def delegated_auth_accessors(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
530
+ pulumi.set(self, "delegated_auth_accessors", value)
531
+
360
532
  @property
361
533
  @pulumi.getter
362
534
  def description(self) -> Optional[pulumi.Input[str]]:
@@ -381,6 +553,32 @@ class _MountState:
381
553
  def external_entropy_access(self, value: Optional[pulumi.Input[bool]]):
382
554
  pulumi.set(self, "external_entropy_access", value)
383
555
 
556
+ @property
557
+ @pulumi.getter(name="identityTokenKey")
558
+ def identity_token_key(self) -> Optional[pulumi.Input[str]]:
559
+ """
560
+ The key to use for signing plugin workload identity tokens. If
561
+ not provided, this will default to Vault's OIDC default key.
562
+ """
563
+ return pulumi.get(self, "identity_token_key")
564
+
565
+ @identity_token_key.setter
566
+ def identity_token_key(self, value: Optional[pulumi.Input[str]]):
567
+ pulumi.set(self, "identity_token_key", value)
568
+
569
+ @property
570
+ @pulumi.getter(name="listingVisibility")
571
+ def listing_visibility(self) -> Optional[pulumi.Input[str]]:
572
+ """
573
+ Specifies whether to show this mount in the UI-specific
574
+ listing endpoint. Valid values are `unauth` or `hidden`. If not set, behaves like `hidden`.
575
+ """
576
+ return pulumi.get(self, "listing_visibility")
577
+
578
+ @listing_visibility.setter
579
+ def listing_visibility(self, value: Optional[pulumi.Input[str]]):
580
+ pulumi.set(self, "listing_visibility", value)
581
+
384
582
  @property
385
583
  @pulumi.getter
386
584
  def local(self) -> Optional[pulumi.Input[bool]]:
@@ -411,7 +609,7 @@ class _MountState:
411
609
  """
412
610
  The namespace to provision the resource in.
413
611
  The value should not contain leading or trailing forward slashes.
414
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
612
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
415
613
  *Available only for Vault Enterprise*.
416
614
  """
417
615
  return pulumi.get(self, "namespace")
@@ -422,16 +620,29 @@ class _MountState:
422
620
 
423
621
  @property
424
622
  @pulumi.getter
425
- def options(self) -> Optional[pulumi.Input[Mapping[str, Any]]]:
623
+ def options(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
426
624
  """
427
625
  Specifies mount type specific options that are passed to the backend
428
626
  """
429
627
  return pulumi.get(self, "options")
430
628
 
431
629
  @options.setter
432
- def options(self, value: Optional[pulumi.Input[Mapping[str, Any]]]):
630
+ def options(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
433
631
  pulumi.set(self, "options", value)
434
632
 
633
+ @property
634
+ @pulumi.getter(name="passthroughRequestHeaders")
635
+ def passthrough_request_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
636
+ """
637
+ List of headers to allow and pass from the request to
638
+ the plugin.
639
+ """
640
+ return pulumi.get(self, "passthrough_request_headers")
641
+
642
+ @passthrough_request_headers.setter
643
+ def passthrough_request_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
644
+ pulumi.set(self, "passthrough_request_headers", value)
645
+
435
646
  @property
436
647
  @pulumi.getter
437
648
  def path(self) -> Optional[pulumi.Input[str]]:
@@ -444,6 +655,20 @@ class _MountState:
444
655
  def path(self, value: Optional[pulumi.Input[str]]):
445
656
  pulumi.set(self, "path", value)
446
657
 
658
+ @property
659
+ @pulumi.getter(name="pluginVersion")
660
+ def plugin_version(self) -> Optional[pulumi.Input[str]]:
661
+ """
662
+ Specifies the semantic version of the plugin to use, e.g. "v1.0.0".
663
+ If unspecified, the server will select any matching unversioned plugin that may have been
664
+ registered, the latest versioned plugin registered, or a built-in plugin in that order of precedence.
665
+ """
666
+ return pulumi.get(self, "plugin_version")
667
+
668
+ @plugin_version.setter
669
+ def plugin_version(self, value: Optional[pulumi.Input[str]]):
670
+ pulumi.set(self, "plugin_version", value)
671
+
447
672
  @property
448
673
  @pulumi.getter(name="sealWrap")
449
674
  def seal_wrap(self) -> Optional[pulumi.Input[bool]]:
@@ -475,20 +700,28 @@ class Mount(pulumi.CustomResource):
475
700
  resource_name: str,
476
701
  opts: Optional[pulumi.ResourceOptions] = None,
477
702
  allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
703
+ allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
478
704
  audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
479
705
  audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
480
706
  default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
707
+ delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
481
708
  description: Optional[pulumi.Input[str]] = None,
482
709
  external_entropy_access: Optional[pulumi.Input[bool]] = None,
710
+ identity_token_key: Optional[pulumi.Input[str]] = None,
711
+ listing_visibility: Optional[pulumi.Input[str]] = None,
483
712
  local: Optional[pulumi.Input[bool]] = None,
484
713
  max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
485
714
  namespace: Optional[pulumi.Input[str]] = None,
486
- options: Optional[pulumi.Input[Mapping[str, Any]]] = None,
715
+ options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
716
+ passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
487
717
  path: Optional[pulumi.Input[str]] = None,
718
+ plugin_version: Optional[pulumi.Input[str]] = None,
488
719
  seal_wrap: Optional[pulumi.Input[bool]] = None,
489
720
  type: Optional[pulumi.Input[str]] = None,
490
721
  __props__=None):
491
722
  """
723
+ This resource enables a new secrets engine at the given path.
724
+
492
725
  ## Example Usage
493
726
 
494
727
  ```python
@@ -496,9 +729,9 @@ class Mount(pulumi.CustomResource):
496
729
  import pulumi_vault as vault
497
730
 
498
731
  example = vault.Mount("example",
499
- description="This is an example mount",
500
732
  path="dummy",
501
- type="generic")
733
+ type="generic",
734
+ description="This is an example mount")
502
735
  ```
503
736
 
504
737
  ```python
@@ -506,13 +739,13 @@ class Mount(pulumi.CustomResource):
506
739
  import pulumi_vault as vault
507
740
 
508
741
  kvv2_example = vault.Mount("kvv2-example",
509
- description="This is an example KV Version 2 secret engine mount",
742
+ path="version2-example",
743
+ type="kv-v2",
510
744
  options={
511
- "type": "kv-v2",
512
745
  "version": "2",
746
+ "type": "kv-v2",
513
747
  },
514
- path="version2-example",
515
- type="kv-v2")
748
+ description="This is an example KV Version 2 secret engine mount")
516
749
  ```
517
750
 
518
751
  ```python
@@ -520,12 +753,12 @@ class Mount(pulumi.CustomResource):
520
753
  import pulumi_vault as vault
521
754
 
522
755
  transit_example = vault.Mount("transit-example",
756
+ path="transit-example",
757
+ type="transit",
523
758
  description="This is an example transit secret engine mount",
524
759
  options={
525
- "convergent_encryption": False,
526
- },
527
- path="transit-example",
528
- type="transit")
760
+ "convergent_encryption": "false",
761
+ })
529
762
  ```
530
763
 
531
764
  ```python
@@ -533,11 +766,11 @@ class Mount(pulumi.CustomResource):
533
766
  import pulumi_vault as vault
534
767
 
535
768
  pki_example = vault.Mount("pki-example",
536
- default_lease_ttl_seconds=3600,
537
- description="This is an example PKI mount",
538
- max_lease_ttl_seconds=86400,
539
769
  path="pki-example",
540
- type="pki")
770
+ type="pki",
771
+ description="This is an example PKI mount",
772
+ default_lease_ttl_seconds=3600,
773
+ max_lease_ttl_seconds=86400)
541
774
  ```
542
775
 
543
776
  ## Import
@@ -545,25 +778,38 @@ class Mount(pulumi.CustomResource):
545
778
  Mounts can be imported using the `path`, e.g.
546
779
 
547
780
  ```sh
548
- $ pulumi import vault:index/mount:Mount example dummy
781
+ $ pulumi import vault:index/mount:Mount example dummy
549
782
  ```
550
783
 
551
784
  :param str resource_name: The name of the resource.
552
785
  :param pulumi.ResourceOptions opts: Options for the resource.
553
786
  :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_managed_keys: Set of managed key registry entry names that the mount in question is allowed to access
787
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_response_headers: List of headers to allow, allowing a plugin to include
788
+ them in the response.
554
789
  :param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
555
790
  :param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
556
791
  :param pulumi.Input[int] default_lease_ttl_seconds: Default lease duration for tokens and secrets in seconds
792
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] delegated_auth_accessors: List of allowed authentication mount accessors the
793
+ backend can request delegated authentication for.
557
794
  :param pulumi.Input[str] description: Human-friendly description of the mount
558
795
  :param pulumi.Input[bool] external_entropy_access: Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source
796
+ :param pulumi.Input[str] identity_token_key: The key to use for signing plugin workload identity tokens. If
797
+ not provided, this will default to Vault's OIDC default key.
798
+ :param pulumi.Input[str] listing_visibility: Specifies whether to show this mount in the UI-specific
799
+ listing endpoint. Valid values are `unauth` or `hidden`. If not set, behaves like `hidden`.
559
800
  :param pulumi.Input[bool] local: Boolean flag that can be explicitly set to true to enforce local mount in HA environment
560
801
  :param pulumi.Input[int] max_lease_ttl_seconds: Maximum possible lease duration for tokens and secrets in seconds
561
802
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
562
803
  The value should not contain leading or trailing forward slashes.
563
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
804
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
564
805
  *Available only for Vault Enterprise*.
565
- :param pulumi.Input[Mapping[str, Any]] options: Specifies mount type specific options that are passed to the backend
806
+ :param pulumi.Input[Mapping[str, pulumi.Input[str]]] options: Specifies mount type specific options that are passed to the backend
807
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] passthrough_request_headers: List of headers to allow and pass from the request to
808
+ the plugin.
566
809
  :param pulumi.Input[str] path: Where the secret backend will be mounted
810
+ :param pulumi.Input[str] plugin_version: Specifies the semantic version of the plugin to use, e.g. "v1.0.0".
811
+ If unspecified, the server will select any matching unversioned plugin that may have been
812
+ registered, the latest versioned plugin registered, or a built-in plugin in that order of precedence.
567
813
  :param pulumi.Input[bool] seal_wrap: Boolean flag that can be explicitly set to true to enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
568
814
  :param pulumi.Input[str] type: Type of the backend, such as "aws"
569
815
  """
@@ -574,6 +820,8 @@ class Mount(pulumi.CustomResource):
574
820
  args: MountArgs,
575
821
  opts: Optional[pulumi.ResourceOptions] = None):
576
822
  """
823
+ This resource enables a new secrets engine at the given path.
824
+
577
825
  ## Example Usage
578
826
 
579
827
  ```python
@@ -581,9 +829,9 @@ class Mount(pulumi.CustomResource):
581
829
  import pulumi_vault as vault
582
830
 
583
831
  example = vault.Mount("example",
584
- description="This is an example mount",
585
832
  path="dummy",
586
- type="generic")
833
+ type="generic",
834
+ description="This is an example mount")
587
835
  ```
588
836
 
589
837
  ```python
@@ -591,13 +839,13 @@ class Mount(pulumi.CustomResource):
591
839
  import pulumi_vault as vault
592
840
 
593
841
  kvv2_example = vault.Mount("kvv2-example",
594
- description="This is an example KV Version 2 secret engine mount",
842
+ path="version2-example",
843
+ type="kv-v2",
595
844
  options={
596
- "type": "kv-v2",
597
845
  "version": "2",
846
+ "type": "kv-v2",
598
847
  },
599
- path="version2-example",
600
- type="kv-v2")
848
+ description="This is an example KV Version 2 secret engine mount")
601
849
  ```
602
850
 
603
851
  ```python
@@ -605,12 +853,12 @@ class Mount(pulumi.CustomResource):
605
853
  import pulumi_vault as vault
606
854
 
607
855
  transit_example = vault.Mount("transit-example",
856
+ path="transit-example",
857
+ type="transit",
608
858
  description="This is an example transit secret engine mount",
609
859
  options={
610
- "convergent_encryption": False,
611
- },
612
- path="transit-example",
613
- type="transit")
860
+ "convergent_encryption": "false",
861
+ })
614
862
  ```
615
863
 
616
864
  ```python
@@ -618,11 +866,11 @@ class Mount(pulumi.CustomResource):
618
866
  import pulumi_vault as vault
619
867
 
620
868
  pki_example = vault.Mount("pki-example",
621
- default_lease_ttl_seconds=3600,
622
- description="This is an example PKI mount",
623
- max_lease_ttl_seconds=86400,
624
869
  path="pki-example",
625
- type="pki")
870
+ type="pki",
871
+ description="This is an example PKI mount",
872
+ default_lease_ttl_seconds=3600,
873
+ max_lease_ttl_seconds=86400)
626
874
  ```
627
875
 
628
876
  ## Import
@@ -630,7 +878,7 @@ class Mount(pulumi.CustomResource):
630
878
  Mounts can be imported using the `path`, e.g.
631
879
 
632
880
  ```sh
633
- $ pulumi import vault:index/mount:Mount example dummy
881
+ $ pulumi import vault:index/mount:Mount example dummy
634
882
  ```
635
883
 
636
884
  :param str resource_name: The name of the resource.
@@ -649,16 +897,22 @@ class Mount(pulumi.CustomResource):
649
897
  resource_name: str,
650
898
  opts: Optional[pulumi.ResourceOptions] = None,
651
899
  allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
900
+ allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
652
901
  audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
653
902
  audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
654
903
  default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
904
+ delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
655
905
  description: Optional[pulumi.Input[str]] = None,
656
906
  external_entropy_access: Optional[pulumi.Input[bool]] = None,
907
+ identity_token_key: Optional[pulumi.Input[str]] = None,
908
+ listing_visibility: Optional[pulumi.Input[str]] = None,
657
909
  local: Optional[pulumi.Input[bool]] = None,
658
910
  max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
659
911
  namespace: Optional[pulumi.Input[str]] = None,
660
- options: Optional[pulumi.Input[Mapping[str, Any]]] = None,
912
+ options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
913
+ passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
661
914
  path: Optional[pulumi.Input[str]] = None,
915
+ plugin_version: Optional[pulumi.Input[str]] = None,
662
916
  seal_wrap: Optional[pulumi.Input[bool]] = None,
663
917
  type: Optional[pulumi.Input[str]] = None,
664
918
  __props__=None):
@@ -671,18 +925,24 @@ class Mount(pulumi.CustomResource):
671
925
  __props__ = MountArgs.__new__(MountArgs)
672
926
 
673
927
  __props__.__dict__["allowed_managed_keys"] = allowed_managed_keys
928
+ __props__.__dict__["allowed_response_headers"] = allowed_response_headers
674
929
  __props__.__dict__["audit_non_hmac_request_keys"] = audit_non_hmac_request_keys
675
930
  __props__.__dict__["audit_non_hmac_response_keys"] = audit_non_hmac_response_keys
676
931
  __props__.__dict__["default_lease_ttl_seconds"] = default_lease_ttl_seconds
932
+ __props__.__dict__["delegated_auth_accessors"] = delegated_auth_accessors
677
933
  __props__.__dict__["description"] = description
678
934
  __props__.__dict__["external_entropy_access"] = external_entropy_access
935
+ __props__.__dict__["identity_token_key"] = identity_token_key
936
+ __props__.__dict__["listing_visibility"] = listing_visibility
679
937
  __props__.__dict__["local"] = local
680
938
  __props__.__dict__["max_lease_ttl_seconds"] = max_lease_ttl_seconds
681
939
  __props__.__dict__["namespace"] = namespace
682
940
  __props__.__dict__["options"] = options
941
+ __props__.__dict__["passthrough_request_headers"] = passthrough_request_headers
683
942
  if path is None and not opts.urn:
684
943
  raise TypeError("Missing required property 'path'")
685
944
  __props__.__dict__["path"] = path
945
+ __props__.__dict__["plugin_version"] = plugin_version
686
946
  __props__.__dict__["seal_wrap"] = seal_wrap
687
947
  if type is None and not opts.urn:
688
948
  raise TypeError("Missing required property 'type'")
@@ -700,16 +960,22 @@ class Mount(pulumi.CustomResource):
700
960
  opts: Optional[pulumi.ResourceOptions] = None,
701
961
  accessor: Optional[pulumi.Input[str]] = None,
702
962
  allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
963
+ allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
703
964
  audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
704
965
  audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
705
966
  default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
967
+ delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
706
968
  description: Optional[pulumi.Input[str]] = None,
707
969
  external_entropy_access: Optional[pulumi.Input[bool]] = None,
970
+ identity_token_key: Optional[pulumi.Input[str]] = None,
971
+ listing_visibility: Optional[pulumi.Input[str]] = None,
708
972
  local: Optional[pulumi.Input[bool]] = None,
709
973
  max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
710
974
  namespace: Optional[pulumi.Input[str]] = None,
711
- options: Optional[pulumi.Input[Mapping[str, Any]]] = None,
975
+ options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
976
+ passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
712
977
  path: Optional[pulumi.Input[str]] = None,
978
+ plugin_version: Optional[pulumi.Input[str]] = None,
713
979
  seal_wrap: Optional[pulumi.Input[bool]] = None,
714
980
  type: Optional[pulumi.Input[str]] = None) -> 'Mount':
715
981
  """
@@ -721,19 +987,32 @@ class Mount(pulumi.CustomResource):
721
987
  :param pulumi.ResourceOptions opts: Options for the resource.
722
988
  :param pulumi.Input[str] accessor: The accessor for this mount.
723
989
  :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_managed_keys: Set of managed key registry entry names that the mount in question is allowed to access
990
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_response_headers: List of headers to allow, allowing a plugin to include
991
+ them in the response.
724
992
  :param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
725
993
  :param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
726
994
  :param pulumi.Input[int] default_lease_ttl_seconds: Default lease duration for tokens and secrets in seconds
995
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] delegated_auth_accessors: List of allowed authentication mount accessors the
996
+ backend can request delegated authentication for.
727
997
  :param pulumi.Input[str] description: Human-friendly description of the mount
728
998
  :param pulumi.Input[bool] external_entropy_access: Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source
999
+ :param pulumi.Input[str] identity_token_key: The key to use for signing plugin workload identity tokens. If
1000
+ not provided, this will default to Vault's OIDC default key.
1001
+ :param pulumi.Input[str] listing_visibility: Specifies whether to show this mount in the UI-specific
1002
+ listing endpoint. Valid values are `unauth` or `hidden`. If not set, behaves like `hidden`.
729
1003
  :param pulumi.Input[bool] local: Boolean flag that can be explicitly set to true to enforce local mount in HA environment
730
1004
  :param pulumi.Input[int] max_lease_ttl_seconds: Maximum possible lease duration for tokens and secrets in seconds
731
1005
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
732
1006
  The value should not contain leading or trailing forward slashes.
733
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
1007
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
734
1008
  *Available only for Vault Enterprise*.
735
- :param pulumi.Input[Mapping[str, Any]] options: Specifies mount type specific options that are passed to the backend
1009
+ :param pulumi.Input[Mapping[str, pulumi.Input[str]]] options: Specifies mount type specific options that are passed to the backend
1010
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] passthrough_request_headers: List of headers to allow and pass from the request to
1011
+ the plugin.
736
1012
  :param pulumi.Input[str] path: Where the secret backend will be mounted
1013
+ :param pulumi.Input[str] plugin_version: Specifies the semantic version of the plugin to use, e.g. "v1.0.0".
1014
+ If unspecified, the server will select any matching unversioned plugin that may have been
1015
+ registered, the latest versioned plugin registered, or a built-in plugin in that order of precedence.
737
1016
  :param pulumi.Input[bool] seal_wrap: Boolean flag that can be explicitly set to true to enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
738
1017
  :param pulumi.Input[str] type: Type of the backend, such as "aws"
739
1018
  """
@@ -743,16 +1022,22 @@ class Mount(pulumi.CustomResource):
743
1022
 
744
1023
  __props__.__dict__["accessor"] = accessor
745
1024
  __props__.__dict__["allowed_managed_keys"] = allowed_managed_keys
1025
+ __props__.__dict__["allowed_response_headers"] = allowed_response_headers
746
1026
  __props__.__dict__["audit_non_hmac_request_keys"] = audit_non_hmac_request_keys
747
1027
  __props__.__dict__["audit_non_hmac_response_keys"] = audit_non_hmac_response_keys
748
1028
  __props__.__dict__["default_lease_ttl_seconds"] = default_lease_ttl_seconds
1029
+ __props__.__dict__["delegated_auth_accessors"] = delegated_auth_accessors
749
1030
  __props__.__dict__["description"] = description
750
1031
  __props__.__dict__["external_entropy_access"] = external_entropy_access
1032
+ __props__.__dict__["identity_token_key"] = identity_token_key
1033
+ __props__.__dict__["listing_visibility"] = listing_visibility
751
1034
  __props__.__dict__["local"] = local
752
1035
  __props__.__dict__["max_lease_ttl_seconds"] = max_lease_ttl_seconds
753
1036
  __props__.__dict__["namespace"] = namespace
754
1037
  __props__.__dict__["options"] = options
1038
+ __props__.__dict__["passthrough_request_headers"] = passthrough_request_headers
755
1039
  __props__.__dict__["path"] = path
1040
+ __props__.__dict__["plugin_version"] = plugin_version
756
1041
  __props__.__dict__["seal_wrap"] = seal_wrap
757
1042
  __props__.__dict__["type"] = type
758
1043
  return Mount(resource_name, opts=opts, __props__=__props__)
@@ -773,6 +1058,15 @@ class Mount(pulumi.CustomResource):
773
1058
  """
774
1059
  return pulumi.get(self, "allowed_managed_keys")
775
1060
 
1061
+ @property
1062
+ @pulumi.getter(name="allowedResponseHeaders")
1063
+ def allowed_response_headers(self) -> pulumi.Output[Optional[Sequence[str]]]:
1064
+ """
1065
+ List of headers to allow, allowing a plugin to include
1066
+ them in the response.
1067
+ """
1068
+ return pulumi.get(self, "allowed_response_headers")
1069
+
776
1070
  @property
777
1071
  @pulumi.getter(name="auditNonHmacRequestKeys")
778
1072
  def audit_non_hmac_request_keys(self) -> pulumi.Output[Sequence[str]]:
@@ -797,6 +1091,15 @@ class Mount(pulumi.CustomResource):
797
1091
  """
798
1092
  return pulumi.get(self, "default_lease_ttl_seconds")
799
1093
 
1094
+ @property
1095
+ @pulumi.getter(name="delegatedAuthAccessors")
1096
+ def delegated_auth_accessors(self) -> pulumi.Output[Optional[Sequence[str]]]:
1097
+ """
1098
+ List of allowed authentication mount accessors the
1099
+ backend can request delegated authentication for.
1100
+ """
1101
+ return pulumi.get(self, "delegated_auth_accessors")
1102
+
800
1103
  @property
801
1104
  @pulumi.getter
802
1105
  def description(self) -> pulumi.Output[Optional[str]]:
@@ -813,6 +1116,24 @@ class Mount(pulumi.CustomResource):
813
1116
  """
814
1117
  return pulumi.get(self, "external_entropy_access")
815
1118
 
1119
+ @property
1120
+ @pulumi.getter(name="identityTokenKey")
1121
+ def identity_token_key(self) -> pulumi.Output[Optional[str]]:
1122
+ """
1123
+ The key to use for signing plugin workload identity tokens. If
1124
+ not provided, this will default to Vault's OIDC default key.
1125
+ """
1126
+ return pulumi.get(self, "identity_token_key")
1127
+
1128
+ @property
1129
+ @pulumi.getter(name="listingVisibility")
1130
+ def listing_visibility(self) -> pulumi.Output[Optional[str]]:
1131
+ """
1132
+ Specifies whether to show this mount in the UI-specific
1133
+ listing endpoint. Valid values are `unauth` or `hidden`. If not set, behaves like `hidden`.
1134
+ """
1135
+ return pulumi.get(self, "listing_visibility")
1136
+
816
1137
  @property
817
1138
  @pulumi.getter
818
1139
  def local(self) -> pulumi.Output[Optional[bool]]:
@@ -835,19 +1156,28 @@ class Mount(pulumi.CustomResource):
835
1156
  """
836
1157
  The namespace to provision the resource in.
837
1158
  The value should not contain leading or trailing forward slashes.
838
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
1159
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
839
1160
  *Available only for Vault Enterprise*.
840
1161
  """
841
1162
  return pulumi.get(self, "namespace")
842
1163
 
843
1164
  @property
844
1165
  @pulumi.getter
845
- def options(self) -> pulumi.Output[Optional[Mapping[str, Any]]]:
1166
+ def options(self) -> pulumi.Output[Optional[Mapping[str, str]]]:
846
1167
  """
847
1168
  Specifies mount type specific options that are passed to the backend
848
1169
  """
849
1170
  return pulumi.get(self, "options")
850
1171
 
1172
+ @property
1173
+ @pulumi.getter(name="passthroughRequestHeaders")
1174
+ def passthrough_request_headers(self) -> pulumi.Output[Optional[Sequence[str]]]:
1175
+ """
1176
+ List of headers to allow and pass from the request to
1177
+ the plugin.
1178
+ """
1179
+ return pulumi.get(self, "passthrough_request_headers")
1180
+
851
1181
  @property
852
1182
  @pulumi.getter
853
1183
  def path(self) -> pulumi.Output[str]:
@@ -856,6 +1186,16 @@ class Mount(pulumi.CustomResource):
856
1186
  """
857
1187
  return pulumi.get(self, "path")
858
1188
 
1189
+ @property
1190
+ @pulumi.getter(name="pluginVersion")
1191
+ def plugin_version(self) -> pulumi.Output[Optional[str]]:
1192
+ """
1193
+ Specifies the semantic version of the plugin to use, e.g. "v1.0.0".
1194
+ If unspecified, the server will select any matching unversioned plugin that may have been
1195
+ registered, the latest versioned plugin registered, or a built-in plugin in that order of precedence.
1196
+ """
1197
+ return pulumi.get(self, "plugin_version")
1198
+
859
1199
  @property
860
1200
  @pulumi.getter(name="sealWrap")
861
1201
  def seal_wrap(self) -> pulumi.Output[bool]: