pulumi-vault 5.21.0a1709368526__py3-none-any.whl → 6.5.0a1736836139__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +52 -0
- pulumi_vault/_inputs.py +560 -0
- pulumi_vault/_utilities.py +41 -5
- pulumi_vault/ad/get_access_credentials.py +26 -9
- pulumi_vault/ad/secret_backend.py +16 -142
- pulumi_vault/ad/secret_library.py +16 -9
- pulumi_vault/ad/secret_role.py +14 -9
- pulumi_vault/alicloud/auth_backend_role.py +76 -190
- pulumi_vault/approle/auth_backend_login.py +12 -7
- pulumi_vault/approle/auth_backend_role.py +77 -191
- pulumi_vault/approle/auth_backend_role_secret_id.py +106 -7
- pulumi_vault/approle/get_auth_backend_role_id.py +18 -5
- pulumi_vault/audit.py +30 -21
- pulumi_vault/audit_request_header.py +11 -2
- pulumi_vault/auth_backend.py +66 -14
- pulumi_vault/aws/auth_backend_cert.py +18 -9
- pulumi_vault/aws/auth_backend_client.py +267 -22
- pulumi_vault/aws/auth_backend_config_identity.py +14 -9
- pulumi_vault/aws/auth_backend_identity_whitelist.py +20 -15
- pulumi_vault/aws/auth_backend_login.py +19 -22
- pulumi_vault/aws/auth_backend_role.py +77 -191
- pulumi_vault/aws/auth_backend_role_tag.py +12 -7
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -13
- pulumi_vault/aws/auth_backend_sts_role.py +14 -9
- pulumi_vault/aws/get_access_credentials.py +38 -9
- pulumi_vault/aws/get_static_access_credentials.py +19 -5
- pulumi_vault/aws/secret_backend.py +77 -9
- pulumi_vault/aws/secret_backend_role.py +185 -9
- pulumi_vault/aws/secret_backend_static_role.py +20 -11
- pulumi_vault/azure/_inputs.py +24 -0
- pulumi_vault/azure/auth_backend_config.py +153 -15
- pulumi_vault/azure/auth_backend_role.py +77 -191
- pulumi_vault/azure/backend.py +227 -21
- pulumi_vault/azure/backend_role.py +42 -37
- pulumi_vault/azure/get_access_credentials.py +41 -7
- pulumi_vault/azure/outputs.py +5 -0
- pulumi_vault/cert_auth_backend_role.py +87 -267
- pulumi_vault/config/__init__.pyi +5 -0
- pulumi_vault/config/_inputs.py +73 -0
- pulumi_vault/config/outputs.py +35 -0
- pulumi_vault/config/ui_custom_message.py +529 -0
- pulumi_vault/config/vars.py +5 -0
- pulumi_vault/consul/secret_backend.py +28 -19
- pulumi_vault/consul/secret_backend_role.py +18 -78
- pulumi_vault/database/_inputs.py +2770 -881
- pulumi_vault/database/outputs.py +721 -838
- pulumi_vault/database/secret_backend_connection.py +119 -112
- pulumi_vault/database/secret_backend_role.py +31 -22
- pulumi_vault/database/secret_backend_static_role.py +87 -13
- pulumi_vault/database/secrets_mount.py +427 -136
- pulumi_vault/egp_policy.py +16 -11
- pulumi_vault/gcp/_inputs.py +111 -0
- pulumi_vault/gcp/auth_backend.py +250 -33
- pulumi_vault/gcp/auth_backend_role.py +77 -269
- pulumi_vault/gcp/get_auth_backend_role.py +43 -5
- pulumi_vault/gcp/outputs.py +5 -0
- pulumi_vault/gcp/secret_backend.py +287 -12
- pulumi_vault/gcp/secret_impersonated_account.py +76 -15
- pulumi_vault/gcp/secret_roleset.py +31 -24
- pulumi_vault/gcp/secret_static_account.py +39 -32
- pulumi_vault/generic/endpoint.py +24 -17
- pulumi_vault/generic/get_secret.py +64 -8
- pulumi_vault/generic/secret.py +21 -16
- pulumi_vault/get_auth_backend.py +24 -7
- pulumi_vault/get_auth_backends.py +51 -9
- pulumi_vault/get_namespace.py +226 -0
- pulumi_vault/get_namespaces.py +153 -0
- pulumi_vault/get_nomad_access_token.py +31 -11
- pulumi_vault/get_policy_document.py +34 -19
- pulumi_vault/get_raft_autopilot_state.py +29 -10
- pulumi_vault/github/_inputs.py +55 -0
- pulumi_vault/github/auth_backend.py +19 -14
- pulumi_vault/github/outputs.py +5 -0
- pulumi_vault/github/team.py +16 -11
- pulumi_vault/github/user.py +16 -11
- pulumi_vault/identity/entity.py +20 -13
- pulumi_vault/identity/entity_alias.py +20 -13
- pulumi_vault/identity/entity_policies.py +28 -11
- pulumi_vault/identity/get_entity.py +42 -10
- pulumi_vault/identity/get_group.py +47 -9
- pulumi_vault/identity/get_oidc_client_creds.py +21 -7
- pulumi_vault/identity/get_oidc_openid_config.py +39 -9
- pulumi_vault/identity/get_oidc_public_keys.py +29 -10
- pulumi_vault/identity/group.py +58 -39
- pulumi_vault/identity/group_alias.py +16 -9
- pulumi_vault/identity/group_member_entity_ids.py +28 -66
- pulumi_vault/identity/group_member_group_ids.py +40 -19
- pulumi_vault/identity/group_policies.py +20 -7
- pulumi_vault/identity/mfa_duo.py +11 -6
- pulumi_vault/identity/mfa_login_enforcement.py +15 -6
- pulumi_vault/identity/mfa_okta.py +11 -6
- pulumi_vault/identity/mfa_pingid.py +7 -2
- pulumi_vault/identity/mfa_totp.py +7 -2
- pulumi_vault/identity/oidc.py +12 -7
- pulumi_vault/identity/oidc_assignment.py +24 -11
- pulumi_vault/identity/oidc_client.py +36 -23
- pulumi_vault/identity/oidc_key.py +30 -17
- pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -15
- pulumi_vault/identity/oidc_provider.py +36 -21
- pulumi_vault/identity/oidc_role.py +42 -21
- pulumi_vault/identity/oidc_scope.py +20 -13
- pulumi_vault/identity/outputs.py +8 -3
- pulumi_vault/jwt/_inputs.py +55 -0
- pulumi_vault/jwt/auth_backend.py +45 -40
- pulumi_vault/jwt/auth_backend_role.py +133 -254
- pulumi_vault/jwt/outputs.py +5 -0
- pulumi_vault/kmip/secret_backend.py +24 -19
- pulumi_vault/kmip/secret_role.py +14 -9
- pulumi_vault/kmip/secret_scope.py +14 -9
- pulumi_vault/kubernetes/auth_backend_config.py +57 -5
- pulumi_vault/kubernetes/auth_backend_role.py +70 -177
- pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
- pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
- pulumi_vault/kubernetes/get_service_account_token.py +39 -11
- pulumi_vault/kubernetes/secret_backend.py +316 -27
- pulumi_vault/kubernetes/secret_backend_role.py +137 -46
- pulumi_vault/kv/_inputs.py +36 -4
- pulumi_vault/kv/get_secret.py +25 -8
- pulumi_vault/kv/get_secret_subkeys_v2.py +33 -10
- pulumi_vault/kv/get_secret_v2.py +85 -9
- pulumi_vault/kv/get_secrets_list.py +24 -11
- pulumi_vault/kv/get_secrets_list_v2.py +37 -15
- pulumi_vault/kv/outputs.py +8 -3
- pulumi_vault/kv/secret.py +23 -16
- pulumi_vault/kv/secret_backend_v2.py +20 -11
- pulumi_vault/kv/secret_v2.py +59 -50
- pulumi_vault/ldap/auth_backend.py +127 -166
- pulumi_vault/ldap/auth_backend_group.py +14 -9
- pulumi_vault/ldap/auth_backend_user.py +14 -9
- pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
- pulumi_vault/ldap/get_static_credentials.py +24 -5
- pulumi_vault/ldap/secret_backend.py +354 -82
- pulumi_vault/ldap/secret_backend_dynamic_role.py +18 -11
- pulumi_vault/ldap/secret_backend_library_set.py +16 -9
- pulumi_vault/ldap/secret_backend_static_role.py +73 -12
- pulumi_vault/managed/_inputs.py +289 -132
- pulumi_vault/managed/keys.py +29 -57
- pulumi_vault/managed/outputs.py +89 -132
- pulumi_vault/mfa_duo.py +18 -11
- pulumi_vault/mfa_okta.py +18 -11
- pulumi_vault/mfa_pingid.py +18 -11
- pulumi_vault/mfa_totp.py +24 -17
- pulumi_vault/mongodbatlas/secret_backend.py +20 -15
- pulumi_vault/mongodbatlas/secret_role.py +47 -38
- pulumi_vault/mount.py +391 -51
- pulumi_vault/namespace.py +68 -83
- pulumi_vault/nomad_secret_backend.py +18 -13
- pulumi_vault/nomad_secret_role.py +14 -9
- pulumi_vault/okta/_inputs.py +47 -8
- pulumi_vault/okta/auth_backend.py +485 -39
- pulumi_vault/okta/auth_backend_group.py +14 -9
- pulumi_vault/okta/auth_backend_user.py +14 -9
- pulumi_vault/okta/outputs.py +13 -8
- pulumi_vault/outputs.py +5 -0
- pulumi_vault/password_policy.py +20 -13
- pulumi_vault/pkisecret/__init__.py +3 -0
- pulumi_vault/pkisecret/_inputs.py +81 -0
- pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
- pulumi_vault/pkisecret/backend_config_est.py +619 -0
- pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
- pulumi_vault/pkisecret/get_backend_issuer.py +67 -9
- pulumi_vault/pkisecret/get_backend_issuers.py +21 -8
- pulumi_vault/pkisecret/get_backend_key.py +24 -9
- pulumi_vault/pkisecret/get_backend_keys.py +21 -8
- pulumi_vault/pkisecret/outputs.py +69 -0
- pulumi_vault/pkisecret/secret_backend_cert.py +18 -11
- pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -11
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +14 -9
- pulumi_vault/pkisecret/secret_backend_config_urls.py +67 -11
- pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -9
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -11
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -17
- pulumi_vault/pkisecret/secret_backend_issuer.py +14 -9
- pulumi_vault/pkisecret/secret_backend_key.py +14 -9
- pulumi_vault/pkisecret/secret_backend_role.py +21 -14
- pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -48
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -56
- pulumi_vault/pkisecret/secret_backend_sign.py +18 -54
- pulumi_vault/plugin.py +595 -0
- pulumi_vault/plugin_pinned_version.py +298 -0
- pulumi_vault/policy.py +14 -9
- pulumi_vault/provider.py +48 -53
- pulumi_vault/pulumi-plugin.json +2 -1
- pulumi_vault/quota_lease_count.py +60 -6
- pulumi_vault/quota_rate_limit.py +56 -2
- pulumi_vault/rabbitmq/_inputs.py +61 -0
- pulumi_vault/rabbitmq/outputs.py +5 -0
- pulumi_vault/rabbitmq/secret_backend.py +18 -13
- pulumi_vault/rabbitmq/secret_backend_role.py +54 -47
- pulumi_vault/raft_autopilot.py +14 -9
- pulumi_vault/raft_snapshot_agent_config.py +129 -224
- pulumi_vault/rgp_policy.py +14 -9
- pulumi_vault/saml/auth_backend.py +22 -17
- pulumi_vault/saml/auth_backend_role.py +92 -197
- pulumi_vault/secrets/__init__.py +3 -0
- pulumi_vault/secrets/_inputs.py +110 -0
- pulumi_vault/secrets/outputs.py +94 -0
- pulumi_vault/secrets/sync_association.py +56 -71
- pulumi_vault/secrets/sync_aws_destination.py +242 -27
- pulumi_vault/secrets/sync_azure_destination.py +92 -31
- pulumi_vault/secrets/sync_config.py +9 -4
- pulumi_vault/secrets/sync_gcp_destination.py +158 -25
- pulumi_vault/secrets/sync_gh_destination.py +189 -13
- pulumi_vault/secrets/sync_github_apps.py +375 -0
- pulumi_vault/secrets/sync_vercel_destination.py +74 -13
- pulumi_vault/ssh/_inputs.py +28 -28
- pulumi_vault/ssh/outputs.py +11 -28
- pulumi_vault/ssh/secret_backend_ca.py +108 -9
- pulumi_vault/ssh/secret_backend_role.py +85 -118
- pulumi_vault/terraformcloud/secret_backend.py +7 -54
- pulumi_vault/terraformcloud/secret_creds.py +14 -20
- pulumi_vault/terraformcloud/secret_role.py +16 -74
- pulumi_vault/token.py +28 -23
- pulumi_vault/tokenauth/auth_backend_role.py +78 -199
- pulumi_vault/transform/alphabet.py +16 -9
- pulumi_vault/transform/get_decode.py +45 -17
- pulumi_vault/transform/get_encode.py +45 -17
- pulumi_vault/transform/role.py +16 -9
- pulumi_vault/transform/template.py +30 -21
- pulumi_vault/transform/transformation.py +12 -7
- pulumi_vault/transit/get_decrypt.py +26 -21
- pulumi_vault/transit/get_encrypt.py +24 -19
- pulumi_vault/transit/secret_backend_key.py +27 -93
- pulumi_vault/transit/secret_cache_config.py +12 -7
- {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/METADATA +8 -7
- pulumi_vault-6.5.0a1736836139.dist-info/RECORD +256 -0
- {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/WHEEL +1 -1
- pulumi_vault-5.21.0a1709368526.dist-info/RECORD +0 -244
- {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/top_level.txt +0 -0
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
|
12
17
|
__all__ = ['AuthBackendRoleArgs', 'AuthBackendRole']
|
@@ -40,7 +45,7 @@ class AuthBackendRoleArgs:
|
|
40
45
|
presented when logging in using this AppRole. Defaults to `true`.
|
41
46
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
42
47
|
The value should not contain leading or trailing forward slashes.
|
43
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
48
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
44
49
|
*Available only for Vault Enterprise*.
|
45
50
|
:param pulumi.Input[str] role_id: The RoleID of this role. If not specified, one will be
|
46
51
|
auto-generated.
|
@@ -51,32 +56,15 @@ class AuthBackendRoleArgs:
|
|
51
56
|
expire. A value of zero will allow unlimited uses.
|
52
57
|
:param pulumi.Input[int] secret_id_ttl: The number of seconds after which any SecretID
|
53
58
|
expires.
|
54
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs:
|
55
|
-
|
56
|
-
|
57
|
-
:param pulumi.Input[
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
:param pulumi.Input[int]
|
62
|
-
|
63
|
-
:param pulumi.Input[bool] token_no_default_policy: If set, the default policy will not be set on
|
64
|
-
generated tokens; otherwise it will be added to the policies set in token_policies.
|
65
|
-
:param pulumi.Input[int] token_num_uses: The [maximum number](https://www.vaultproject.io/api-docs/auth/approle#token_num_uses)
|
66
|
-
of times a generated token may be used (within its lifetime); 0 means unlimited.
|
67
|
-
:param pulumi.Input[int] token_period: If set, indicates that the
|
68
|
-
token generated using this role should never expire. The token should be renewed within the
|
69
|
-
duration specified by this value. At each renewal, the token's TTL will be set to the
|
70
|
-
value of this field. Specified in seconds.
|
71
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: List of policies to encode onto generated tokens. Depending
|
72
|
-
on the auth method, this list may be supplemented by user/group/other values.
|
73
|
-
:param pulumi.Input[int] token_ttl: The incremental lifetime for generated tokens in number of seconds.
|
74
|
-
Its current value will be referenced at renewal time.
|
75
|
-
:param pulumi.Input[str] token_type: The type of token that should be generated. Can be `service`,
|
76
|
-
`batch`, or `default` to use the mount's tuned default (which unless changed will be
|
77
|
-
`service` tokens). For token store roles, there are two additional possibilities:
|
78
|
-
`default-service` and `default-batch` which specify the type to return unless the client
|
79
|
-
requests a different type at generation time.
|
59
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
|
60
|
+
:param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
|
61
|
+
:param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
|
62
|
+
:param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
|
63
|
+
:param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
|
64
|
+
:param pulumi.Input[int] token_period: Generated Token's Period
|
65
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
|
66
|
+
:param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
|
67
|
+
:param pulumi.Input[str] token_type: The type of token to generate, service or batch
|
80
68
|
"""
|
81
69
|
pulumi.set(__self__, "role_name", role_name)
|
82
70
|
if backend is not None:
|
@@ -156,7 +144,7 @@ class AuthBackendRoleArgs:
|
|
156
144
|
"""
|
157
145
|
The namespace to provision the resource in.
|
158
146
|
The value should not contain leading or trailing forward slashes.
|
159
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
147
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
160
148
|
*Available only for Vault Enterprise*.
|
161
149
|
"""
|
162
150
|
return pulumi.get(self, "namespace")
|
@@ -222,9 +210,7 @@ class AuthBackendRoleArgs:
|
|
222
210
|
@pulumi.getter(name="tokenBoundCidrs")
|
223
211
|
def token_bound_cidrs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
224
212
|
"""
|
225
|
-
|
226
|
-
addresses which can authenticate successfully, and ties the resulting token to these blocks
|
227
|
-
as well.
|
213
|
+
Specifies the blocks of IP addresses which are allowed to use the generated token
|
228
214
|
"""
|
229
215
|
return pulumi.get(self, "token_bound_cidrs")
|
230
216
|
|
@@ -236,10 +222,7 @@ class AuthBackendRoleArgs:
|
|
236
222
|
@pulumi.getter(name="tokenExplicitMaxTtl")
|
237
223
|
def token_explicit_max_ttl(self) -> Optional[pulumi.Input[int]]:
|
238
224
|
"""
|
239
|
-
|
240
|
-
[explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
|
241
|
-
onto the token in number of seconds. This is a hard cap even if `token_ttl` and
|
242
|
-
`token_max_ttl` would otherwise allow a renewal.
|
225
|
+
Generated Token's Explicit Maximum TTL in seconds
|
243
226
|
"""
|
244
227
|
return pulumi.get(self, "token_explicit_max_ttl")
|
245
228
|
|
@@ -251,8 +234,7 @@ class AuthBackendRoleArgs:
|
|
251
234
|
@pulumi.getter(name="tokenMaxTtl")
|
252
235
|
def token_max_ttl(self) -> Optional[pulumi.Input[int]]:
|
253
236
|
"""
|
254
|
-
The maximum lifetime
|
255
|
-
Its current value will be referenced at renewal time.
|
237
|
+
The maximum lifetime of the generated token
|
256
238
|
"""
|
257
239
|
return pulumi.get(self, "token_max_ttl")
|
258
240
|
|
@@ -264,8 +246,7 @@ class AuthBackendRoleArgs:
|
|
264
246
|
@pulumi.getter(name="tokenNoDefaultPolicy")
|
265
247
|
def token_no_default_policy(self) -> Optional[pulumi.Input[bool]]:
|
266
248
|
"""
|
267
|
-
If
|
268
|
-
generated tokens; otherwise it will be added to the policies set in token_policies.
|
249
|
+
If true, the 'default' policy will not automatically be added to generated tokens
|
269
250
|
"""
|
270
251
|
return pulumi.get(self, "token_no_default_policy")
|
271
252
|
|
@@ -277,8 +258,7 @@ class AuthBackendRoleArgs:
|
|
277
258
|
@pulumi.getter(name="tokenNumUses")
|
278
259
|
def token_num_uses(self) -> Optional[pulumi.Input[int]]:
|
279
260
|
"""
|
280
|
-
The
|
281
|
-
of times a generated token may be used (within its lifetime); 0 means unlimited.
|
261
|
+
The maximum number of times a token may be used, a value of zero means unlimited
|
282
262
|
"""
|
283
263
|
return pulumi.get(self, "token_num_uses")
|
284
264
|
|
@@ -290,10 +270,7 @@ class AuthBackendRoleArgs:
|
|
290
270
|
@pulumi.getter(name="tokenPeriod")
|
291
271
|
def token_period(self) -> Optional[pulumi.Input[int]]:
|
292
272
|
"""
|
293
|
-
|
294
|
-
token generated using this role should never expire. The token should be renewed within the
|
295
|
-
duration specified by this value. At each renewal, the token's TTL will be set to the
|
296
|
-
value of this field. Specified in seconds.
|
273
|
+
Generated Token's Period
|
297
274
|
"""
|
298
275
|
return pulumi.get(self, "token_period")
|
299
276
|
|
@@ -305,8 +282,7 @@ class AuthBackendRoleArgs:
|
|
305
282
|
@pulumi.getter(name="tokenPolicies")
|
306
283
|
def token_policies(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
307
284
|
"""
|
308
|
-
|
309
|
-
on the auth method, this list may be supplemented by user/group/other values.
|
285
|
+
Generated Token's Policies
|
310
286
|
"""
|
311
287
|
return pulumi.get(self, "token_policies")
|
312
288
|
|
@@ -318,8 +294,7 @@ class AuthBackendRoleArgs:
|
|
318
294
|
@pulumi.getter(name="tokenTtl")
|
319
295
|
def token_ttl(self) -> Optional[pulumi.Input[int]]:
|
320
296
|
"""
|
321
|
-
The
|
322
|
-
Its current value will be referenced at renewal time.
|
297
|
+
The initial ttl of the token to generate in seconds
|
323
298
|
"""
|
324
299
|
return pulumi.get(self, "token_ttl")
|
325
300
|
|
@@ -331,11 +306,7 @@ class AuthBackendRoleArgs:
|
|
331
306
|
@pulumi.getter(name="tokenType")
|
332
307
|
def token_type(self) -> Optional[pulumi.Input[str]]:
|
333
308
|
"""
|
334
|
-
The type of token
|
335
|
-
`batch`, or `default` to use the mount's tuned default (which unless changed will be
|
336
|
-
`service` tokens). For token store roles, there are two additional possibilities:
|
337
|
-
`default-service` and `default-batch` which specify the type to return unless the client
|
338
|
-
requests a different type at generation time.
|
309
|
+
The type of token to generate, service or batch
|
339
310
|
"""
|
340
311
|
return pulumi.get(self, "token_type")
|
341
312
|
|
@@ -372,7 +343,7 @@ class _AuthBackendRoleState:
|
|
372
343
|
presented when logging in using this AppRole. Defaults to `true`.
|
373
344
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
374
345
|
The value should not contain leading or trailing forward slashes.
|
375
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
346
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
376
347
|
*Available only for Vault Enterprise*.
|
377
348
|
:param pulumi.Input[str] role_id: The RoleID of this role. If not specified, one will be
|
378
349
|
auto-generated.
|
@@ -384,32 +355,15 @@ class _AuthBackendRoleState:
|
|
384
355
|
expire. A value of zero will allow unlimited uses.
|
385
356
|
:param pulumi.Input[int] secret_id_ttl: The number of seconds after which any SecretID
|
386
357
|
expires.
|
387
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs:
|
388
|
-
|
389
|
-
|
390
|
-
:param pulumi.Input[
|
391
|
-
|
392
|
-
|
393
|
-
|
394
|
-
:param pulumi.Input[int]
|
395
|
-
|
396
|
-
:param pulumi.Input[bool] token_no_default_policy: If set, the default policy will not be set on
|
397
|
-
generated tokens; otherwise it will be added to the policies set in token_policies.
|
398
|
-
:param pulumi.Input[int] token_num_uses: The [maximum number](https://www.vaultproject.io/api-docs/auth/approle#token_num_uses)
|
399
|
-
of times a generated token may be used (within its lifetime); 0 means unlimited.
|
400
|
-
:param pulumi.Input[int] token_period: If set, indicates that the
|
401
|
-
token generated using this role should never expire. The token should be renewed within the
|
402
|
-
duration specified by this value. At each renewal, the token's TTL will be set to the
|
403
|
-
value of this field. Specified in seconds.
|
404
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: List of policies to encode onto generated tokens. Depending
|
405
|
-
on the auth method, this list may be supplemented by user/group/other values.
|
406
|
-
:param pulumi.Input[int] token_ttl: The incremental lifetime for generated tokens in number of seconds.
|
407
|
-
Its current value will be referenced at renewal time.
|
408
|
-
:param pulumi.Input[str] token_type: The type of token that should be generated. Can be `service`,
|
409
|
-
`batch`, or `default` to use the mount's tuned default (which unless changed will be
|
410
|
-
`service` tokens). For token store roles, there are two additional possibilities:
|
411
|
-
`default-service` and `default-batch` which specify the type to return unless the client
|
412
|
-
requests a different type at generation time.
|
358
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
|
359
|
+
:param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
|
360
|
+
:param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
|
361
|
+
:param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
|
362
|
+
:param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
|
363
|
+
:param pulumi.Input[int] token_period: Generated Token's Period
|
364
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
|
365
|
+
:param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
|
366
|
+
:param pulumi.Input[str] token_type: The type of token to generate, service or batch
|
413
367
|
"""
|
414
368
|
if backend is not None:
|
415
369
|
pulumi.set(__self__, "backend", backend)
|
@@ -478,7 +432,7 @@ class _AuthBackendRoleState:
|
|
478
432
|
"""
|
479
433
|
The namespace to provision the resource in.
|
480
434
|
The value should not contain leading or trailing forward slashes.
|
481
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
435
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
482
436
|
*Available only for Vault Enterprise*.
|
483
437
|
"""
|
484
438
|
return pulumi.get(self, "namespace")
|
@@ -556,9 +510,7 @@ class _AuthBackendRoleState:
|
|
556
510
|
@pulumi.getter(name="tokenBoundCidrs")
|
557
511
|
def token_bound_cidrs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
558
512
|
"""
|
559
|
-
|
560
|
-
addresses which can authenticate successfully, and ties the resulting token to these blocks
|
561
|
-
as well.
|
513
|
+
Specifies the blocks of IP addresses which are allowed to use the generated token
|
562
514
|
"""
|
563
515
|
return pulumi.get(self, "token_bound_cidrs")
|
564
516
|
|
@@ -570,10 +522,7 @@ class _AuthBackendRoleState:
|
|
570
522
|
@pulumi.getter(name="tokenExplicitMaxTtl")
|
571
523
|
def token_explicit_max_ttl(self) -> Optional[pulumi.Input[int]]:
|
572
524
|
"""
|
573
|
-
|
574
|
-
[explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
|
575
|
-
onto the token in number of seconds. This is a hard cap even if `token_ttl` and
|
576
|
-
`token_max_ttl` would otherwise allow a renewal.
|
525
|
+
Generated Token's Explicit Maximum TTL in seconds
|
577
526
|
"""
|
578
527
|
return pulumi.get(self, "token_explicit_max_ttl")
|
579
528
|
|
@@ -585,8 +534,7 @@ class _AuthBackendRoleState:
|
|
585
534
|
@pulumi.getter(name="tokenMaxTtl")
|
586
535
|
def token_max_ttl(self) -> Optional[pulumi.Input[int]]:
|
587
536
|
"""
|
588
|
-
The maximum lifetime
|
589
|
-
Its current value will be referenced at renewal time.
|
537
|
+
The maximum lifetime of the generated token
|
590
538
|
"""
|
591
539
|
return pulumi.get(self, "token_max_ttl")
|
592
540
|
|
@@ -598,8 +546,7 @@ class _AuthBackendRoleState:
|
|
598
546
|
@pulumi.getter(name="tokenNoDefaultPolicy")
|
599
547
|
def token_no_default_policy(self) -> Optional[pulumi.Input[bool]]:
|
600
548
|
"""
|
601
|
-
If
|
602
|
-
generated tokens; otherwise it will be added to the policies set in token_policies.
|
549
|
+
If true, the 'default' policy will not automatically be added to generated tokens
|
603
550
|
"""
|
604
551
|
return pulumi.get(self, "token_no_default_policy")
|
605
552
|
|
@@ -611,8 +558,7 @@ class _AuthBackendRoleState:
|
|
611
558
|
@pulumi.getter(name="tokenNumUses")
|
612
559
|
def token_num_uses(self) -> Optional[pulumi.Input[int]]:
|
613
560
|
"""
|
614
|
-
The
|
615
|
-
of times a generated token may be used (within its lifetime); 0 means unlimited.
|
561
|
+
The maximum number of times a token may be used, a value of zero means unlimited
|
616
562
|
"""
|
617
563
|
return pulumi.get(self, "token_num_uses")
|
618
564
|
|
@@ -624,10 +570,7 @@ class _AuthBackendRoleState:
|
|
624
570
|
@pulumi.getter(name="tokenPeriod")
|
625
571
|
def token_period(self) -> Optional[pulumi.Input[int]]:
|
626
572
|
"""
|
627
|
-
|
628
|
-
token generated using this role should never expire. The token should be renewed within the
|
629
|
-
duration specified by this value. At each renewal, the token's TTL will be set to the
|
630
|
-
value of this field. Specified in seconds.
|
573
|
+
Generated Token's Period
|
631
574
|
"""
|
632
575
|
return pulumi.get(self, "token_period")
|
633
576
|
|
@@ -639,8 +582,7 @@ class _AuthBackendRoleState:
|
|
639
582
|
@pulumi.getter(name="tokenPolicies")
|
640
583
|
def token_policies(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
641
584
|
"""
|
642
|
-
|
643
|
-
on the auth method, this list may be supplemented by user/group/other values.
|
585
|
+
Generated Token's Policies
|
644
586
|
"""
|
645
587
|
return pulumi.get(self, "token_policies")
|
646
588
|
|
@@ -652,8 +594,7 @@ class _AuthBackendRoleState:
|
|
652
594
|
@pulumi.getter(name="tokenTtl")
|
653
595
|
def token_ttl(self) -> Optional[pulumi.Input[int]]:
|
654
596
|
"""
|
655
|
-
The
|
656
|
-
Its current value will be referenced at renewal time.
|
597
|
+
The initial ttl of the token to generate in seconds
|
657
598
|
"""
|
658
599
|
return pulumi.get(self, "token_ttl")
|
659
600
|
|
@@ -665,11 +606,7 @@ class _AuthBackendRoleState:
|
|
665
606
|
@pulumi.getter(name="tokenType")
|
666
607
|
def token_type(self) -> Optional[pulumi.Input[str]]:
|
667
608
|
"""
|
668
|
-
The type of token
|
669
|
-
`batch`, or `default` to use the mount's tuned default (which unless changed will be
|
670
|
-
`service` tokens). For token store roles, there are two additional possibilities:
|
671
|
-
`default-service` and `default-batch` which specify the type to return unless the client
|
672
|
-
requests a different type at generation time.
|
609
|
+
The type of token to generate, service or batch
|
673
610
|
"""
|
674
611
|
return pulumi.get(self, "token_type")
|
675
612
|
|
@@ -728,7 +665,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
728
665
|
AppRole authentication backend roles can be imported using the `path`, e.g.
|
729
666
|
|
730
667
|
```sh
|
731
|
-
|
668
|
+
$ pulumi import vault:appRole/authBackendRole:AuthBackendRole example auth/approle/role/test-role
|
732
669
|
```
|
733
670
|
|
734
671
|
:param str resource_name: The name of the resource.
|
@@ -739,7 +676,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
739
676
|
presented when logging in using this AppRole. Defaults to `true`.
|
740
677
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
741
678
|
The value should not contain leading or trailing forward slashes.
|
742
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
679
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
743
680
|
*Available only for Vault Enterprise*.
|
744
681
|
:param pulumi.Input[str] role_id: The RoleID of this role. If not specified, one will be
|
745
682
|
auto-generated.
|
@@ -751,32 +688,15 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
751
688
|
expire. A value of zero will allow unlimited uses.
|
752
689
|
:param pulumi.Input[int] secret_id_ttl: The number of seconds after which any SecretID
|
753
690
|
expires.
|
754
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs:
|
755
|
-
|
756
|
-
|
757
|
-
:param pulumi.Input[
|
758
|
-
|
759
|
-
|
760
|
-
|
761
|
-
:param pulumi.Input[int]
|
762
|
-
|
763
|
-
:param pulumi.Input[bool] token_no_default_policy: If set, the default policy will not be set on
|
764
|
-
generated tokens; otherwise it will be added to the policies set in token_policies.
|
765
|
-
:param pulumi.Input[int] token_num_uses: The [maximum number](https://www.vaultproject.io/api-docs/auth/approle#token_num_uses)
|
766
|
-
of times a generated token may be used (within its lifetime); 0 means unlimited.
|
767
|
-
:param pulumi.Input[int] token_period: If set, indicates that the
|
768
|
-
token generated using this role should never expire. The token should be renewed within the
|
769
|
-
duration specified by this value. At each renewal, the token's TTL will be set to the
|
770
|
-
value of this field. Specified in seconds.
|
771
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: List of policies to encode onto generated tokens. Depending
|
772
|
-
on the auth method, this list may be supplemented by user/group/other values.
|
773
|
-
:param pulumi.Input[int] token_ttl: The incremental lifetime for generated tokens in number of seconds.
|
774
|
-
Its current value will be referenced at renewal time.
|
775
|
-
:param pulumi.Input[str] token_type: The type of token that should be generated. Can be `service`,
|
776
|
-
`batch`, or `default` to use the mount's tuned default (which unless changed will be
|
777
|
-
`service` tokens). For token store roles, there are two additional possibilities:
|
778
|
-
`default-service` and `default-batch` which specify the type to return unless the client
|
779
|
-
requests a different type at generation time.
|
691
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
|
692
|
+
:param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
|
693
|
+
:param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
|
694
|
+
:param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
|
695
|
+
:param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
|
696
|
+
:param pulumi.Input[int] token_period: Generated Token's Period
|
697
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
|
698
|
+
:param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
|
699
|
+
:param pulumi.Input[str] token_type: The type of token to generate, service or batch
|
780
700
|
"""
|
781
701
|
...
|
782
702
|
@overload
|
@@ -811,7 +731,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
811
731
|
AppRole authentication backend roles can be imported using the `path`, e.g.
|
812
732
|
|
813
733
|
```sh
|
814
|
-
|
734
|
+
$ pulumi import vault:appRole/authBackendRole:AuthBackendRole example auth/approle/role/test-role
|
815
735
|
```
|
816
736
|
|
817
737
|
:param str resource_name: The name of the resource.
|
@@ -914,7 +834,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
914
834
|
presented when logging in using this AppRole. Defaults to `true`.
|
915
835
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
916
836
|
The value should not contain leading or trailing forward slashes.
|
917
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
837
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
918
838
|
*Available only for Vault Enterprise*.
|
919
839
|
:param pulumi.Input[str] role_id: The RoleID of this role. If not specified, one will be
|
920
840
|
auto-generated.
|
@@ -926,32 +846,15 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
926
846
|
expire. A value of zero will allow unlimited uses.
|
927
847
|
:param pulumi.Input[int] secret_id_ttl: The number of seconds after which any SecretID
|
928
848
|
expires.
|
929
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs:
|
930
|
-
|
931
|
-
|
932
|
-
:param pulumi.Input[
|
933
|
-
|
934
|
-
|
935
|
-
|
936
|
-
:param pulumi.Input[int]
|
937
|
-
|
938
|
-
:param pulumi.Input[bool] token_no_default_policy: If set, the default policy will not be set on
|
939
|
-
generated tokens; otherwise it will be added to the policies set in token_policies.
|
940
|
-
:param pulumi.Input[int] token_num_uses: The [maximum number](https://www.vaultproject.io/api-docs/auth/approle#token_num_uses)
|
941
|
-
of times a generated token may be used (within its lifetime); 0 means unlimited.
|
942
|
-
:param pulumi.Input[int] token_period: If set, indicates that the
|
943
|
-
token generated using this role should never expire. The token should be renewed within the
|
944
|
-
duration specified by this value. At each renewal, the token's TTL will be set to the
|
945
|
-
value of this field. Specified in seconds.
|
946
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: List of policies to encode onto generated tokens. Depending
|
947
|
-
on the auth method, this list may be supplemented by user/group/other values.
|
948
|
-
:param pulumi.Input[int] token_ttl: The incremental lifetime for generated tokens in number of seconds.
|
949
|
-
Its current value will be referenced at renewal time.
|
950
|
-
:param pulumi.Input[str] token_type: The type of token that should be generated. Can be `service`,
|
951
|
-
`batch`, or `default` to use the mount's tuned default (which unless changed will be
|
952
|
-
`service` tokens). For token store roles, there are two additional possibilities:
|
953
|
-
`default-service` and `default-batch` which specify the type to return unless the client
|
954
|
-
requests a different type at generation time.
|
849
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
|
850
|
+
:param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
|
851
|
+
:param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
|
852
|
+
:param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
|
853
|
+
:param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
|
854
|
+
:param pulumi.Input[int] token_period: Generated Token's Period
|
855
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
|
856
|
+
:param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
|
857
|
+
:param pulumi.Input[str] token_type: The type of token to generate, service or batch
|
955
858
|
"""
|
956
859
|
opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
|
957
860
|
|
@@ -1000,7 +903,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1000
903
|
"""
|
1001
904
|
The namespace to provision the resource in.
|
1002
905
|
The value should not contain leading or trailing forward slashes.
|
1003
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
906
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
1004
907
|
*Available only for Vault Enterprise*.
|
1005
908
|
"""
|
1006
909
|
return pulumi.get(self, "namespace")
|
@@ -1054,9 +957,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1054
957
|
@pulumi.getter(name="tokenBoundCidrs")
|
1055
958
|
def token_bound_cidrs(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
1056
959
|
"""
|
1057
|
-
|
1058
|
-
addresses which can authenticate successfully, and ties the resulting token to these blocks
|
1059
|
-
as well.
|
960
|
+
Specifies the blocks of IP addresses which are allowed to use the generated token
|
1060
961
|
"""
|
1061
962
|
return pulumi.get(self, "token_bound_cidrs")
|
1062
963
|
|
@@ -1064,10 +965,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1064
965
|
@pulumi.getter(name="tokenExplicitMaxTtl")
|
1065
966
|
def token_explicit_max_ttl(self) -> pulumi.Output[Optional[int]]:
|
1066
967
|
"""
|
1067
|
-
|
1068
|
-
[explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
|
1069
|
-
onto the token in number of seconds. This is a hard cap even if `token_ttl` and
|
1070
|
-
`token_max_ttl` would otherwise allow a renewal.
|
968
|
+
Generated Token's Explicit Maximum TTL in seconds
|
1071
969
|
"""
|
1072
970
|
return pulumi.get(self, "token_explicit_max_ttl")
|
1073
971
|
|
@@ -1075,8 +973,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1075
973
|
@pulumi.getter(name="tokenMaxTtl")
|
1076
974
|
def token_max_ttl(self) -> pulumi.Output[Optional[int]]:
|
1077
975
|
"""
|
1078
|
-
The maximum lifetime
|
1079
|
-
Its current value will be referenced at renewal time.
|
976
|
+
The maximum lifetime of the generated token
|
1080
977
|
"""
|
1081
978
|
return pulumi.get(self, "token_max_ttl")
|
1082
979
|
|
@@ -1084,8 +981,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1084
981
|
@pulumi.getter(name="tokenNoDefaultPolicy")
|
1085
982
|
def token_no_default_policy(self) -> pulumi.Output[Optional[bool]]:
|
1086
983
|
"""
|
1087
|
-
If
|
1088
|
-
generated tokens; otherwise it will be added to the policies set in token_policies.
|
984
|
+
If true, the 'default' policy will not automatically be added to generated tokens
|
1089
985
|
"""
|
1090
986
|
return pulumi.get(self, "token_no_default_policy")
|
1091
987
|
|
@@ -1093,8 +989,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1093
989
|
@pulumi.getter(name="tokenNumUses")
|
1094
990
|
def token_num_uses(self) -> pulumi.Output[Optional[int]]:
|
1095
991
|
"""
|
1096
|
-
The
|
1097
|
-
of times a generated token may be used (within its lifetime); 0 means unlimited.
|
992
|
+
The maximum number of times a token may be used, a value of zero means unlimited
|
1098
993
|
"""
|
1099
994
|
return pulumi.get(self, "token_num_uses")
|
1100
995
|
|
@@ -1102,10 +997,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1102
997
|
@pulumi.getter(name="tokenPeriod")
|
1103
998
|
def token_period(self) -> pulumi.Output[Optional[int]]:
|
1104
999
|
"""
|
1105
|
-
|
1106
|
-
token generated using this role should never expire. The token should be renewed within the
|
1107
|
-
duration specified by this value. At each renewal, the token's TTL will be set to the
|
1108
|
-
value of this field. Specified in seconds.
|
1000
|
+
Generated Token's Period
|
1109
1001
|
"""
|
1110
1002
|
return pulumi.get(self, "token_period")
|
1111
1003
|
|
@@ -1113,8 +1005,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1113
1005
|
@pulumi.getter(name="tokenPolicies")
|
1114
1006
|
def token_policies(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
1115
1007
|
"""
|
1116
|
-
|
1117
|
-
on the auth method, this list may be supplemented by user/group/other values.
|
1008
|
+
Generated Token's Policies
|
1118
1009
|
"""
|
1119
1010
|
return pulumi.get(self, "token_policies")
|
1120
1011
|
|
@@ -1122,8 +1013,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1122
1013
|
@pulumi.getter(name="tokenTtl")
|
1123
1014
|
def token_ttl(self) -> pulumi.Output[Optional[int]]:
|
1124
1015
|
"""
|
1125
|
-
The
|
1126
|
-
Its current value will be referenced at renewal time.
|
1016
|
+
The initial ttl of the token to generate in seconds
|
1127
1017
|
"""
|
1128
1018
|
return pulumi.get(self, "token_ttl")
|
1129
1019
|
|
@@ -1131,11 +1021,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1131
1021
|
@pulumi.getter(name="tokenType")
|
1132
1022
|
def token_type(self) -> pulumi.Output[Optional[str]]:
|
1133
1023
|
"""
|
1134
|
-
The type of token
|
1135
|
-
`batch`, or `default` to use the mount's tuned default (which unless changed will be
|
1136
|
-
`service` tokens). For token store roles, there are two additional possibilities:
|
1137
|
-
`default-service` and `default-batch` which specify the type to return unless the client
|
1138
|
-
requests a different type at generation time.
|
1024
|
+
The type of token to generate, service or batch
|
1139
1025
|
"""
|
1140
1026
|
return pulumi.get(self, "token_type")
|
1141
1027
|
|