pulumi-vault 5.21.0a1709368526__py3-none-any.whl → 6.5.0a1736836139__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +52 -0
- pulumi_vault/_inputs.py +560 -0
- pulumi_vault/_utilities.py +41 -5
- pulumi_vault/ad/get_access_credentials.py +26 -9
- pulumi_vault/ad/secret_backend.py +16 -142
- pulumi_vault/ad/secret_library.py +16 -9
- pulumi_vault/ad/secret_role.py +14 -9
- pulumi_vault/alicloud/auth_backend_role.py +76 -190
- pulumi_vault/approle/auth_backend_login.py +12 -7
- pulumi_vault/approle/auth_backend_role.py +77 -191
- pulumi_vault/approle/auth_backend_role_secret_id.py +106 -7
- pulumi_vault/approle/get_auth_backend_role_id.py +18 -5
- pulumi_vault/audit.py +30 -21
- pulumi_vault/audit_request_header.py +11 -2
- pulumi_vault/auth_backend.py +66 -14
- pulumi_vault/aws/auth_backend_cert.py +18 -9
- pulumi_vault/aws/auth_backend_client.py +267 -22
- pulumi_vault/aws/auth_backend_config_identity.py +14 -9
- pulumi_vault/aws/auth_backend_identity_whitelist.py +20 -15
- pulumi_vault/aws/auth_backend_login.py +19 -22
- pulumi_vault/aws/auth_backend_role.py +77 -191
- pulumi_vault/aws/auth_backend_role_tag.py +12 -7
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -13
- pulumi_vault/aws/auth_backend_sts_role.py +14 -9
- pulumi_vault/aws/get_access_credentials.py +38 -9
- pulumi_vault/aws/get_static_access_credentials.py +19 -5
- pulumi_vault/aws/secret_backend.py +77 -9
- pulumi_vault/aws/secret_backend_role.py +185 -9
- pulumi_vault/aws/secret_backend_static_role.py +20 -11
- pulumi_vault/azure/_inputs.py +24 -0
- pulumi_vault/azure/auth_backend_config.py +153 -15
- pulumi_vault/azure/auth_backend_role.py +77 -191
- pulumi_vault/azure/backend.py +227 -21
- pulumi_vault/azure/backend_role.py +42 -37
- pulumi_vault/azure/get_access_credentials.py +41 -7
- pulumi_vault/azure/outputs.py +5 -0
- pulumi_vault/cert_auth_backend_role.py +87 -267
- pulumi_vault/config/__init__.pyi +5 -0
- pulumi_vault/config/_inputs.py +73 -0
- pulumi_vault/config/outputs.py +35 -0
- pulumi_vault/config/ui_custom_message.py +529 -0
- pulumi_vault/config/vars.py +5 -0
- pulumi_vault/consul/secret_backend.py +28 -19
- pulumi_vault/consul/secret_backend_role.py +18 -78
- pulumi_vault/database/_inputs.py +2770 -881
- pulumi_vault/database/outputs.py +721 -838
- pulumi_vault/database/secret_backend_connection.py +119 -112
- pulumi_vault/database/secret_backend_role.py +31 -22
- pulumi_vault/database/secret_backend_static_role.py +87 -13
- pulumi_vault/database/secrets_mount.py +427 -136
- pulumi_vault/egp_policy.py +16 -11
- pulumi_vault/gcp/_inputs.py +111 -0
- pulumi_vault/gcp/auth_backend.py +250 -33
- pulumi_vault/gcp/auth_backend_role.py +77 -269
- pulumi_vault/gcp/get_auth_backend_role.py +43 -5
- pulumi_vault/gcp/outputs.py +5 -0
- pulumi_vault/gcp/secret_backend.py +287 -12
- pulumi_vault/gcp/secret_impersonated_account.py +76 -15
- pulumi_vault/gcp/secret_roleset.py +31 -24
- pulumi_vault/gcp/secret_static_account.py +39 -32
- pulumi_vault/generic/endpoint.py +24 -17
- pulumi_vault/generic/get_secret.py +64 -8
- pulumi_vault/generic/secret.py +21 -16
- pulumi_vault/get_auth_backend.py +24 -7
- pulumi_vault/get_auth_backends.py +51 -9
- pulumi_vault/get_namespace.py +226 -0
- pulumi_vault/get_namespaces.py +153 -0
- pulumi_vault/get_nomad_access_token.py +31 -11
- pulumi_vault/get_policy_document.py +34 -19
- pulumi_vault/get_raft_autopilot_state.py +29 -10
- pulumi_vault/github/_inputs.py +55 -0
- pulumi_vault/github/auth_backend.py +19 -14
- pulumi_vault/github/outputs.py +5 -0
- pulumi_vault/github/team.py +16 -11
- pulumi_vault/github/user.py +16 -11
- pulumi_vault/identity/entity.py +20 -13
- pulumi_vault/identity/entity_alias.py +20 -13
- pulumi_vault/identity/entity_policies.py +28 -11
- pulumi_vault/identity/get_entity.py +42 -10
- pulumi_vault/identity/get_group.py +47 -9
- pulumi_vault/identity/get_oidc_client_creds.py +21 -7
- pulumi_vault/identity/get_oidc_openid_config.py +39 -9
- pulumi_vault/identity/get_oidc_public_keys.py +29 -10
- pulumi_vault/identity/group.py +58 -39
- pulumi_vault/identity/group_alias.py +16 -9
- pulumi_vault/identity/group_member_entity_ids.py +28 -66
- pulumi_vault/identity/group_member_group_ids.py +40 -19
- pulumi_vault/identity/group_policies.py +20 -7
- pulumi_vault/identity/mfa_duo.py +11 -6
- pulumi_vault/identity/mfa_login_enforcement.py +15 -6
- pulumi_vault/identity/mfa_okta.py +11 -6
- pulumi_vault/identity/mfa_pingid.py +7 -2
- pulumi_vault/identity/mfa_totp.py +7 -2
- pulumi_vault/identity/oidc.py +12 -7
- pulumi_vault/identity/oidc_assignment.py +24 -11
- pulumi_vault/identity/oidc_client.py +36 -23
- pulumi_vault/identity/oidc_key.py +30 -17
- pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -15
- pulumi_vault/identity/oidc_provider.py +36 -21
- pulumi_vault/identity/oidc_role.py +42 -21
- pulumi_vault/identity/oidc_scope.py +20 -13
- pulumi_vault/identity/outputs.py +8 -3
- pulumi_vault/jwt/_inputs.py +55 -0
- pulumi_vault/jwt/auth_backend.py +45 -40
- pulumi_vault/jwt/auth_backend_role.py +133 -254
- pulumi_vault/jwt/outputs.py +5 -0
- pulumi_vault/kmip/secret_backend.py +24 -19
- pulumi_vault/kmip/secret_role.py +14 -9
- pulumi_vault/kmip/secret_scope.py +14 -9
- pulumi_vault/kubernetes/auth_backend_config.py +57 -5
- pulumi_vault/kubernetes/auth_backend_role.py +70 -177
- pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
- pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
- pulumi_vault/kubernetes/get_service_account_token.py +39 -11
- pulumi_vault/kubernetes/secret_backend.py +316 -27
- pulumi_vault/kubernetes/secret_backend_role.py +137 -46
- pulumi_vault/kv/_inputs.py +36 -4
- pulumi_vault/kv/get_secret.py +25 -8
- pulumi_vault/kv/get_secret_subkeys_v2.py +33 -10
- pulumi_vault/kv/get_secret_v2.py +85 -9
- pulumi_vault/kv/get_secrets_list.py +24 -11
- pulumi_vault/kv/get_secrets_list_v2.py +37 -15
- pulumi_vault/kv/outputs.py +8 -3
- pulumi_vault/kv/secret.py +23 -16
- pulumi_vault/kv/secret_backend_v2.py +20 -11
- pulumi_vault/kv/secret_v2.py +59 -50
- pulumi_vault/ldap/auth_backend.py +127 -166
- pulumi_vault/ldap/auth_backend_group.py +14 -9
- pulumi_vault/ldap/auth_backend_user.py +14 -9
- pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
- pulumi_vault/ldap/get_static_credentials.py +24 -5
- pulumi_vault/ldap/secret_backend.py +354 -82
- pulumi_vault/ldap/secret_backend_dynamic_role.py +18 -11
- pulumi_vault/ldap/secret_backend_library_set.py +16 -9
- pulumi_vault/ldap/secret_backend_static_role.py +73 -12
- pulumi_vault/managed/_inputs.py +289 -132
- pulumi_vault/managed/keys.py +29 -57
- pulumi_vault/managed/outputs.py +89 -132
- pulumi_vault/mfa_duo.py +18 -11
- pulumi_vault/mfa_okta.py +18 -11
- pulumi_vault/mfa_pingid.py +18 -11
- pulumi_vault/mfa_totp.py +24 -17
- pulumi_vault/mongodbatlas/secret_backend.py +20 -15
- pulumi_vault/mongodbatlas/secret_role.py +47 -38
- pulumi_vault/mount.py +391 -51
- pulumi_vault/namespace.py +68 -83
- pulumi_vault/nomad_secret_backend.py +18 -13
- pulumi_vault/nomad_secret_role.py +14 -9
- pulumi_vault/okta/_inputs.py +47 -8
- pulumi_vault/okta/auth_backend.py +485 -39
- pulumi_vault/okta/auth_backend_group.py +14 -9
- pulumi_vault/okta/auth_backend_user.py +14 -9
- pulumi_vault/okta/outputs.py +13 -8
- pulumi_vault/outputs.py +5 -0
- pulumi_vault/password_policy.py +20 -13
- pulumi_vault/pkisecret/__init__.py +3 -0
- pulumi_vault/pkisecret/_inputs.py +81 -0
- pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
- pulumi_vault/pkisecret/backend_config_est.py +619 -0
- pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
- pulumi_vault/pkisecret/get_backend_issuer.py +67 -9
- pulumi_vault/pkisecret/get_backend_issuers.py +21 -8
- pulumi_vault/pkisecret/get_backend_key.py +24 -9
- pulumi_vault/pkisecret/get_backend_keys.py +21 -8
- pulumi_vault/pkisecret/outputs.py +69 -0
- pulumi_vault/pkisecret/secret_backend_cert.py +18 -11
- pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -11
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +14 -9
- pulumi_vault/pkisecret/secret_backend_config_urls.py +67 -11
- pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -9
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -11
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -17
- pulumi_vault/pkisecret/secret_backend_issuer.py +14 -9
- pulumi_vault/pkisecret/secret_backend_key.py +14 -9
- pulumi_vault/pkisecret/secret_backend_role.py +21 -14
- pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -48
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -56
- pulumi_vault/pkisecret/secret_backend_sign.py +18 -54
- pulumi_vault/plugin.py +595 -0
- pulumi_vault/plugin_pinned_version.py +298 -0
- pulumi_vault/policy.py +14 -9
- pulumi_vault/provider.py +48 -53
- pulumi_vault/pulumi-plugin.json +2 -1
- pulumi_vault/quota_lease_count.py +60 -6
- pulumi_vault/quota_rate_limit.py +56 -2
- pulumi_vault/rabbitmq/_inputs.py +61 -0
- pulumi_vault/rabbitmq/outputs.py +5 -0
- pulumi_vault/rabbitmq/secret_backend.py +18 -13
- pulumi_vault/rabbitmq/secret_backend_role.py +54 -47
- pulumi_vault/raft_autopilot.py +14 -9
- pulumi_vault/raft_snapshot_agent_config.py +129 -224
- pulumi_vault/rgp_policy.py +14 -9
- pulumi_vault/saml/auth_backend.py +22 -17
- pulumi_vault/saml/auth_backend_role.py +92 -197
- pulumi_vault/secrets/__init__.py +3 -0
- pulumi_vault/secrets/_inputs.py +110 -0
- pulumi_vault/secrets/outputs.py +94 -0
- pulumi_vault/secrets/sync_association.py +56 -71
- pulumi_vault/secrets/sync_aws_destination.py +242 -27
- pulumi_vault/secrets/sync_azure_destination.py +92 -31
- pulumi_vault/secrets/sync_config.py +9 -4
- pulumi_vault/secrets/sync_gcp_destination.py +158 -25
- pulumi_vault/secrets/sync_gh_destination.py +189 -13
- pulumi_vault/secrets/sync_github_apps.py +375 -0
- pulumi_vault/secrets/sync_vercel_destination.py +74 -13
- pulumi_vault/ssh/_inputs.py +28 -28
- pulumi_vault/ssh/outputs.py +11 -28
- pulumi_vault/ssh/secret_backend_ca.py +108 -9
- pulumi_vault/ssh/secret_backend_role.py +85 -118
- pulumi_vault/terraformcloud/secret_backend.py +7 -54
- pulumi_vault/terraformcloud/secret_creds.py +14 -20
- pulumi_vault/terraformcloud/secret_role.py +16 -74
- pulumi_vault/token.py +28 -23
- pulumi_vault/tokenauth/auth_backend_role.py +78 -199
- pulumi_vault/transform/alphabet.py +16 -9
- pulumi_vault/transform/get_decode.py +45 -17
- pulumi_vault/transform/get_encode.py +45 -17
- pulumi_vault/transform/role.py +16 -9
- pulumi_vault/transform/template.py +30 -21
- pulumi_vault/transform/transformation.py +12 -7
- pulumi_vault/transit/get_decrypt.py +26 -21
- pulumi_vault/transit/get_encrypt.py +24 -19
- pulumi_vault/transit/secret_backend_key.py +27 -93
- pulumi_vault/transit/secret_cache_config.py +12 -7
- {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/METADATA +8 -7
- pulumi_vault-6.5.0a1736836139.dist-info/RECORD +256 -0
- {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/WHEEL +1 -1
- pulumi_vault-5.21.0a1709368526.dist-info/RECORD +0 -244
- {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/top_level.txt +0 -0
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
from . import outputs
|
12
17
|
from ._inputs import *
|
@@ -26,6 +31,15 @@ class AuthBackendArgs:
|
|
26
31
|
namespace: Optional[pulumi.Input[str]] = None,
|
27
32
|
path: Optional[pulumi.Input[str]] = None,
|
28
33
|
token: Optional[pulumi.Input[str]] = None,
|
34
|
+
token_bound_cidrs: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
35
|
+
token_explicit_max_ttl: Optional[pulumi.Input[int]] = None,
|
36
|
+
token_max_ttl: Optional[pulumi.Input[int]] = None,
|
37
|
+
token_no_default_policy: Optional[pulumi.Input[bool]] = None,
|
38
|
+
token_num_uses: Optional[pulumi.Input[int]] = None,
|
39
|
+
token_period: Optional[pulumi.Input[int]] = None,
|
40
|
+
token_policies: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
41
|
+
token_ttl: Optional[pulumi.Input[int]] = None,
|
42
|
+
token_type: Optional[pulumi.Input[str]] = None,
|
29
43
|
ttl: Optional[pulumi.Input[str]] = None,
|
30
44
|
users: Optional[pulumi.Input[Sequence[pulumi.Input['AuthBackendUserArgs']]]] = None):
|
31
45
|
"""
|
@@ -42,11 +56,20 @@ class AuthBackendArgs:
|
|
42
56
|
[See the documentation for info on valid duration formats](https://golang.org/pkg/time/#ParseDuration).
|
43
57
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
44
58
|
The value should not contain leading or trailing forward slashes.
|
45
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
59
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
46
60
|
*Available only for Vault Enterprise*.
|
47
61
|
:param pulumi.Input[str] path: Path to mount the Okta auth backend. Default to path `okta`.
|
48
62
|
:param pulumi.Input[str] token: The Okta API token. This is required to query Okta for user group membership.
|
49
63
|
If this is not supplied only locally configured groups will be enabled.
|
64
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
|
65
|
+
:param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
|
66
|
+
:param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
|
67
|
+
:param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
|
68
|
+
:param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
|
69
|
+
:param pulumi.Input[int] token_period: Generated Token's Period
|
70
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
|
71
|
+
:param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
|
72
|
+
:param pulumi.Input[str] token_type: The type of token to generate, service or batch
|
50
73
|
:param pulumi.Input[str] ttl: Duration after which authentication will be expired.
|
51
74
|
[See the documentation for info on valid duration formats](https://golang.org/pkg/time/#ParseDuration).
|
52
75
|
:param pulumi.Input[Sequence[pulumi.Input['AuthBackendUserArgs']]] users: Associate Okta users with groups or policies within Vault.
|
@@ -63,6 +86,9 @@ class AuthBackendArgs:
|
|
63
86
|
pulumi.set(__self__, "disable_remount", disable_remount)
|
64
87
|
if groups is not None:
|
65
88
|
pulumi.set(__self__, "groups", groups)
|
89
|
+
if max_ttl is not None:
|
90
|
+
warnings.warn("""Deprecated. Please use `token_max_ttl` instead.""", DeprecationWarning)
|
91
|
+
pulumi.log.warn("""max_ttl is deprecated: Deprecated. Please use `token_max_ttl` instead.""")
|
66
92
|
if max_ttl is not None:
|
67
93
|
pulumi.set(__self__, "max_ttl", max_ttl)
|
68
94
|
if namespace is not None:
|
@@ -71,6 +97,27 @@ class AuthBackendArgs:
|
|
71
97
|
pulumi.set(__self__, "path", path)
|
72
98
|
if token is not None:
|
73
99
|
pulumi.set(__self__, "token", token)
|
100
|
+
if token_bound_cidrs is not None:
|
101
|
+
pulumi.set(__self__, "token_bound_cidrs", token_bound_cidrs)
|
102
|
+
if token_explicit_max_ttl is not None:
|
103
|
+
pulumi.set(__self__, "token_explicit_max_ttl", token_explicit_max_ttl)
|
104
|
+
if token_max_ttl is not None:
|
105
|
+
pulumi.set(__self__, "token_max_ttl", token_max_ttl)
|
106
|
+
if token_no_default_policy is not None:
|
107
|
+
pulumi.set(__self__, "token_no_default_policy", token_no_default_policy)
|
108
|
+
if token_num_uses is not None:
|
109
|
+
pulumi.set(__self__, "token_num_uses", token_num_uses)
|
110
|
+
if token_period is not None:
|
111
|
+
pulumi.set(__self__, "token_period", token_period)
|
112
|
+
if token_policies is not None:
|
113
|
+
pulumi.set(__self__, "token_policies", token_policies)
|
114
|
+
if token_ttl is not None:
|
115
|
+
pulumi.set(__self__, "token_ttl", token_ttl)
|
116
|
+
if token_type is not None:
|
117
|
+
pulumi.set(__self__, "token_type", token_type)
|
118
|
+
if ttl is not None:
|
119
|
+
warnings.warn("""Deprecated. Please use `token_ttl` instead.""", DeprecationWarning)
|
120
|
+
pulumi.log.warn("""ttl is deprecated: Deprecated. Please use `token_ttl` instead.""")
|
74
121
|
if ttl is not None:
|
75
122
|
pulumi.set(__self__, "ttl", ttl)
|
76
123
|
if users is not None:
|
@@ -152,6 +199,7 @@ class AuthBackendArgs:
|
|
152
199
|
|
153
200
|
@property
|
154
201
|
@pulumi.getter(name="maxTtl")
|
202
|
+
@_utilities.deprecated("""Deprecated. Please use `token_max_ttl` instead.""")
|
155
203
|
def max_ttl(self) -> Optional[pulumi.Input[str]]:
|
156
204
|
"""
|
157
205
|
Maximum duration after which authentication will be expired
|
@@ -169,7 +217,7 @@ class AuthBackendArgs:
|
|
169
217
|
"""
|
170
218
|
The namespace to provision the resource in.
|
171
219
|
The value should not contain leading or trailing forward slashes.
|
172
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
220
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
173
221
|
*Available only for Vault Enterprise*.
|
174
222
|
"""
|
175
223
|
return pulumi.get(self, "namespace")
|
@@ -203,8 +251,117 @@ class AuthBackendArgs:
|
|
203
251
|
def token(self, value: Optional[pulumi.Input[str]]):
|
204
252
|
pulumi.set(self, "token", value)
|
205
253
|
|
254
|
+
@property
|
255
|
+
@pulumi.getter(name="tokenBoundCidrs")
|
256
|
+
def token_bound_cidrs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
257
|
+
"""
|
258
|
+
Specifies the blocks of IP addresses which are allowed to use the generated token
|
259
|
+
"""
|
260
|
+
return pulumi.get(self, "token_bound_cidrs")
|
261
|
+
|
262
|
+
@token_bound_cidrs.setter
|
263
|
+
def token_bound_cidrs(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
264
|
+
pulumi.set(self, "token_bound_cidrs", value)
|
265
|
+
|
266
|
+
@property
|
267
|
+
@pulumi.getter(name="tokenExplicitMaxTtl")
|
268
|
+
def token_explicit_max_ttl(self) -> Optional[pulumi.Input[int]]:
|
269
|
+
"""
|
270
|
+
Generated Token's Explicit Maximum TTL in seconds
|
271
|
+
"""
|
272
|
+
return pulumi.get(self, "token_explicit_max_ttl")
|
273
|
+
|
274
|
+
@token_explicit_max_ttl.setter
|
275
|
+
def token_explicit_max_ttl(self, value: Optional[pulumi.Input[int]]):
|
276
|
+
pulumi.set(self, "token_explicit_max_ttl", value)
|
277
|
+
|
278
|
+
@property
|
279
|
+
@pulumi.getter(name="tokenMaxTtl")
|
280
|
+
def token_max_ttl(self) -> Optional[pulumi.Input[int]]:
|
281
|
+
"""
|
282
|
+
The maximum lifetime of the generated token
|
283
|
+
"""
|
284
|
+
return pulumi.get(self, "token_max_ttl")
|
285
|
+
|
286
|
+
@token_max_ttl.setter
|
287
|
+
def token_max_ttl(self, value: Optional[pulumi.Input[int]]):
|
288
|
+
pulumi.set(self, "token_max_ttl", value)
|
289
|
+
|
290
|
+
@property
|
291
|
+
@pulumi.getter(name="tokenNoDefaultPolicy")
|
292
|
+
def token_no_default_policy(self) -> Optional[pulumi.Input[bool]]:
|
293
|
+
"""
|
294
|
+
If true, the 'default' policy will not automatically be added to generated tokens
|
295
|
+
"""
|
296
|
+
return pulumi.get(self, "token_no_default_policy")
|
297
|
+
|
298
|
+
@token_no_default_policy.setter
|
299
|
+
def token_no_default_policy(self, value: Optional[pulumi.Input[bool]]):
|
300
|
+
pulumi.set(self, "token_no_default_policy", value)
|
301
|
+
|
302
|
+
@property
|
303
|
+
@pulumi.getter(name="tokenNumUses")
|
304
|
+
def token_num_uses(self) -> Optional[pulumi.Input[int]]:
|
305
|
+
"""
|
306
|
+
The maximum number of times a token may be used, a value of zero means unlimited
|
307
|
+
"""
|
308
|
+
return pulumi.get(self, "token_num_uses")
|
309
|
+
|
310
|
+
@token_num_uses.setter
|
311
|
+
def token_num_uses(self, value: Optional[pulumi.Input[int]]):
|
312
|
+
pulumi.set(self, "token_num_uses", value)
|
313
|
+
|
314
|
+
@property
|
315
|
+
@pulumi.getter(name="tokenPeriod")
|
316
|
+
def token_period(self) -> Optional[pulumi.Input[int]]:
|
317
|
+
"""
|
318
|
+
Generated Token's Period
|
319
|
+
"""
|
320
|
+
return pulumi.get(self, "token_period")
|
321
|
+
|
322
|
+
@token_period.setter
|
323
|
+
def token_period(self, value: Optional[pulumi.Input[int]]):
|
324
|
+
pulumi.set(self, "token_period", value)
|
325
|
+
|
326
|
+
@property
|
327
|
+
@pulumi.getter(name="tokenPolicies")
|
328
|
+
def token_policies(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
329
|
+
"""
|
330
|
+
Generated Token's Policies
|
331
|
+
"""
|
332
|
+
return pulumi.get(self, "token_policies")
|
333
|
+
|
334
|
+
@token_policies.setter
|
335
|
+
def token_policies(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
336
|
+
pulumi.set(self, "token_policies", value)
|
337
|
+
|
338
|
+
@property
|
339
|
+
@pulumi.getter(name="tokenTtl")
|
340
|
+
def token_ttl(self) -> Optional[pulumi.Input[int]]:
|
341
|
+
"""
|
342
|
+
The initial ttl of the token to generate in seconds
|
343
|
+
"""
|
344
|
+
return pulumi.get(self, "token_ttl")
|
345
|
+
|
346
|
+
@token_ttl.setter
|
347
|
+
def token_ttl(self, value: Optional[pulumi.Input[int]]):
|
348
|
+
pulumi.set(self, "token_ttl", value)
|
349
|
+
|
350
|
+
@property
|
351
|
+
@pulumi.getter(name="tokenType")
|
352
|
+
def token_type(self) -> Optional[pulumi.Input[str]]:
|
353
|
+
"""
|
354
|
+
The type of token to generate, service or batch
|
355
|
+
"""
|
356
|
+
return pulumi.get(self, "token_type")
|
357
|
+
|
358
|
+
@token_type.setter
|
359
|
+
def token_type(self, value: Optional[pulumi.Input[str]]):
|
360
|
+
pulumi.set(self, "token_type", value)
|
361
|
+
|
206
362
|
@property
|
207
363
|
@pulumi.getter
|
364
|
+
@_utilities.deprecated("""Deprecated. Please use `token_ttl` instead.""")
|
208
365
|
def ttl(self) -> Optional[pulumi.Input[str]]:
|
209
366
|
"""
|
210
367
|
Duration after which authentication will be expired.
|
@@ -244,6 +401,15 @@ class _AuthBackendState:
|
|
244
401
|
organization: Optional[pulumi.Input[str]] = None,
|
245
402
|
path: Optional[pulumi.Input[str]] = None,
|
246
403
|
token: Optional[pulumi.Input[str]] = None,
|
404
|
+
token_bound_cidrs: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
405
|
+
token_explicit_max_ttl: Optional[pulumi.Input[int]] = None,
|
406
|
+
token_max_ttl: Optional[pulumi.Input[int]] = None,
|
407
|
+
token_no_default_policy: Optional[pulumi.Input[bool]] = None,
|
408
|
+
token_num_uses: Optional[pulumi.Input[int]] = None,
|
409
|
+
token_period: Optional[pulumi.Input[int]] = None,
|
410
|
+
token_policies: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
411
|
+
token_ttl: Optional[pulumi.Input[int]] = None,
|
412
|
+
token_type: Optional[pulumi.Input[str]] = None,
|
247
413
|
ttl: Optional[pulumi.Input[str]] = None,
|
248
414
|
users: Optional[pulumi.Input[Sequence[pulumi.Input['AuthBackendUserArgs']]]] = None):
|
249
415
|
"""
|
@@ -260,12 +426,21 @@ class _AuthBackendState:
|
|
260
426
|
[See the documentation for info on valid duration formats](https://golang.org/pkg/time/#ParseDuration).
|
261
427
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
262
428
|
The value should not contain leading or trailing forward slashes.
|
263
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
429
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
264
430
|
*Available only for Vault Enterprise*.
|
265
431
|
:param pulumi.Input[str] organization: The Okta organization. This will be the first part of the url `https://XXX.okta.com`
|
266
432
|
:param pulumi.Input[str] path: Path to mount the Okta auth backend. Default to path `okta`.
|
267
433
|
:param pulumi.Input[str] token: The Okta API token. This is required to query Okta for user group membership.
|
268
434
|
If this is not supplied only locally configured groups will be enabled.
|
435
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
|
436
|
+
:param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
|
437
|
+
:param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
|
438
|
+
:param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
|
439
|
+
:param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
|
440
|
+
:param pulumi.Input[int] token_period: Generated Token's Period
|
441
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
|
442
|
+
:param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
|
443
|
+
:param pulumi.Input[str] token_type: The type of token to generate, service or batch
|
269
444
|
:param pulumi.Input[str] ttl: Duration after which authentication will be expired.
|
270
445
|
[See the documentation for info on valid duration formats](https://golang.org/pkg/time/#ParseDuration).
|
271
446
|
:param pulumi.Input[Sequence[pulumi.Input['AuthBackendUserArgs']]] users: Associate Okta users with groups or policies within Vault.
|
@@ -283,6 +458,9 @@ class _AuthBackendState:
|
|
283
458
|
pulumi.set(__self__, "disable_remount", disable_remount)
|
284
459
|
if groups is not None:
|
285
460
|
pulumi.set(__self__, "groups", groups)
|
461
|
+
if max_ttl is not None:
|
462
|
+
warnings.warn("""Deprecated. Please use `token_max_ttl` instead.""", DeprecationWarning)
|
463
|
+
pulumi.log.warn("""max_ttl is deprecated: Deprecated. Please use `token_max_ttl` instead.""")
|
286
464
|
if max_ttl is not None:
|
287
465
|
pulumi.set(__self__, "max_ttl", max_ttl)
|
288
466
|
if namespace is not None:
|
@@ -293,6 +471,27 @@ class _AuthBackendState:
|
|
293
471
|
pulumi.set(__self__, "path", path)
|
294
472
|
if token is not None:
|
295
473
|
pulumi.set(__self__, "token", token)
|
474
|
+
if token_bound_cidrs is not None:
|
475
|
+
pulumi.set(__self__, "token_bound_cidrs", token_bound_cidrs)
|
476
|
+
if token_explicit_max_ttl is not None:
|
477
|
+
pulumi.set(__self__, "token_explicit_max_ttl", token_explicit_max_ttl)
|
478
|
+
if token_max_ttl is not None:
|
479
|
+
pulumi.set(__self__, "token_max_ttl", token_max_ttl)
|
480
|
+
if token_no_default_policy is not None:
|
481
|
+
pulumi.set(__self__, "token_no_default_policy", token_no_default_policy)
|
482
|
+
if token_num_uses is not None:
|
483
|
+
pulumi.set(__self__, "token_num_uses", token_num_uses)
|
484
|
+
if token_period is not None:
|
485
|
+
pulumi.set(__self__, "token_period", token_period)
|
486
|
+
if token_policies is not None:
|
487
|
+
pulumi.set(__self__, "token_policies", token_policies)
|
488
|
+
if token_ttl is not None:
|
489
|
+
pulumi.set(__self__, "token_ttl", token_ttl)
|
490
|
+
if token_type is not None:
|
491
|
+
pulumi.set(__self__, "token_type", token_type)
|
492
|
+
if ttl is not None:
|
493
|
+
warnings.warn("""Deprecated. Please use `token_ttl` instead.""", DeprecationWarning)
|
494
|
+
pulumi.log.warn("""ttl is deprecated: Deprecated. Please use `token_ttl` instead.""")
|
296
495
|
if ttl is not None:
|
297
496
|
pulumi.set(__self__, "ttl", ttl)
|
298
497
|
if users is not None:
|
@@ -374,6 +573,7 @@ class _AuthBackendState:
|
|
374
573
|
|
375
574
|
@property
|
376
575
|
@pulumi.getter(name="maxTtl")
|
576
|
+
@_utilities.deprecated("""Deprecated. Please use `token_max_ttl` instead.""")
|
377
577
|
def max_ttl(self) -> Optional[pulumi.Input[str]]:
|
378
578
|
"""
|
379
579
|
Maximum duration after which authentication will be expired
|
@@ -391,7 +591,7 @@ class _AuthBackendState:
|
|
391
591
|
"""
|
392
592
|
The namespace to provision the resource in.
|
393
593
|
The value should not contain leading or trailing forward slashes.
|
394
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
594
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
395
595
|
*Available only for Vault Enterprise*.
|
396
596
|
"""
|
397
597
|
return pulumi.get(self, "namespace")
|
@@ -437,8 +637,117 @@ class _AuthBackendState:
|
|
437
637
|
def token(self, value: Optional[pulumi.Input[str]]):
|
438
638
|
pulumi.set(self, "token", value)
|
439
639
|
|
640
|
+
@property
|
641
|
+
@pulumi.getter(name="tokenBoundCidrs")
|
642
|
+
def token_bound_cidrs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
643
|
+
"""
|
644
|
+
Specifies the blocks of IP addresses which are allowed to use the generated token
|
645
|
+
"""
|
646
|
+
return pulumi.get(self, "token_bound_cidrs")
|
647
|
+
|
648
|
+
@token_bound_cidrs.setter
|
649
|
+
def token_bound_cidrs(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
650
|
+
pulumi.set(self, "token_bound_cidrs", value)
|
651
|
+
|
652
|
+
@property
|
653
|
+
@pulumi.getter(name="tokenExplicitMaxTtl")
|
654
|
+
def token_explicit_max_ttl(self) -> Optional[pulumi.Input[int]]:
|
655
|
+
"""
|
656
|
+
Generated Token's Explicit Maximum TTL in seconds
|
657
|
+
"""
|
658
|
+
return pulumi.get(self, "token_explicit_max_ttl")
|
659
|
+
|
660
|
+
@token_explicit_max_ttl.setter
|
661
|
+
def token_explicit_max_ttl(self, value: Optional[pulumi.Input[int]]):
|
662
|
+
pulumi.set(self, "token_explicit_max_ttl", value)
|
663
|
+
|
664
|
+
@property
|
665
|
+
@pulumi.getter(name="tokenMaxTtl")
|
666
|
+
def token_max_ttl(self) -> Optional[pulumi.Input[int]]:
|
667
|
+
"""
|
668
|
+
The maximum lifetime of the generated token
|
669
|
+
"""
|
670
|
+
return pulumi.get(self, "token_max_ttl")
|
671
|
+
|
672
|
+
@token_max_ttl.setter
|
673
|
+
def token_max_ttl(self, value: Optional[pulumi.Input[int]]):
|
674
|
+
pulumi.set(self, "token_max_ttl", value)
|
675
|
+
|
676
|
+
@property
|
677
|
+
@pulumi.getter(name="tokenNoDefaultPolicy")
|
678
|
+
def token_no_default_policy(self) -> Optional[pulumi.Input[bool]]:
|
679
|
+
"""
|
680
|
+
If true, the 'default' policy will not automatically be added to generated tokens
|
681
|
+
"""
|
682
|
+
return pulumi.get(self, "token_no_default_policy")
|
683
|
+
|
684
|
+
@token_no_default_policy.setter
|
685
|
+
def token_no_default_policy(self, value: Optional[pulumi.Input[bool]]):
|
686
|
+
pulumi.set(self, "token_no_default_policy", value)
|
687
|
+
|
688
|
+
@property
|
689
|
+
@pulumi.getter(name="tokenNumUses")
|
690
|
+
def token_num_uses(self) -> Optional[pulumi.Input[int]]:
|
691
|
+
"""
|
692
|
+
The maximum number of times a token may be used, a value of zero means unlimited
|
693
|
+
"""
|
694
|
+
return pulumi.get(self, "token_num_uses")
|
695
|
+
|
696
|
+
@token_num_uses.setter
|
697
|
+
def token_num_uses(self, value: Optional[pulumi.Input[int]]):
|
698
|
+
pulumi.set(self, "token_num_uses", value)
|
699
|
+
|
700
|
+
@property
|
701
|
+
@pulumi.getter(name="tokenPeriod")
|
702
|
+
def token_period(self) -> Optional[pulumi.Input[int]]:
|
703
|
+
"""
|
704
|
+
Generated Token's Period
|
705
|
+
"""
|
706
|
+
return pulumi.get(self, "token_period")
|
707
|
+
|
708
|
+
@token_period.setter
|
709
|
+
def token_period(self, value: Optional[pulumi.Input[int]]):
|
710
|
+
pulumi.set(self, "token_period", value)
|
711
|
+
|
712
|
+
@property
|
713
|
+
@pulumi.getter(name="tokenPolicies")
|
714
|
+
def token_policies(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
715
|
+
"""
|
716
|
+
Generated Token's Policies
|
717
|
+
"""
|
718
|
+
return pulumi.get(self, "token_policies")
|
719
|
+
|
720
|
+
@token_policies.setter
|
721
|
+
def token_policies(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
722
|
+
pulumi.set(self, "token_policies", value)
|
723
|
+
|
724
|
+
@property
|
725
|
+
@pulumi.getter(name="tokenTtl")
|
726
|
+
def token_ttl(self) -> Optional[pulumi.Input[int]]:
|
727
|
+
"""
|
728
|
+
The initial ttl of the token to generate in seconds
|
729
|
+
"""
|
730
|
+
return pulumi.get(self, "token_ttl")
|
731
|
+
|
732
|
+
@token_ttl.setter
|
733
|
+
def token_ttl(self, value: Optional[pulumi.Input[int]]):
|
734
|
+
pulumi.set(self, "token_ttl", value)
|
735
|
+
|
736
|
+
@property
|
737
|
+
@pulumi.getter(name="tokenType")
|
738
|
+
def token_type(self) -> Optional[pulumi.Input[str]]:
|
739
|
+
"""
|
740
|
+
The type of token to generate, service or batch
|
741
|
+
"""
|
742
|
+
return pulumi.get(self, "token_type")
|
743
|
+
|
744
|
+
@token_type.setter
|
745
|
+
def token_type(self, value: Optional[pulumi.Input[str]]):
|
746
|
+
pulumi.set(self, "token_type", value)
|
747
|
+
|
440
748
|
@property
|
441
749
|
@pulumi.getter
|
750
|
+
@_utilities.deprecated("""Deprecated. Please use `token_ttl` instead.""")
|
442
751
|
def ttl(self) -> Optional[pulumi.Input[str]]:
|
443
752
|
"""
|
444
753
|
Duration after which authentication will be expired.
|
@@ -473,14 +782,23 @@ class AuthBackend(pulumi.CustomResource):
|
|
473
782
|
bypass_okta_mfa: Optional[pulumi.Input[bool]] = None,
|
474
783
|
description: Optional[pulumi.Input[str]] = None,
|
475
784
|
disable_remount: Optional[pulumi.Input[bool]] = None,
|
476
|
-
groups: Optional[pulumi.Input[Sequence[pulumi.Input[
|
785
|
+
groups: Optional[pulumi.Input[Sequence[pulumi.Input[Union['AuthBackendGroupArgs', 'AuthBackendGroupArgsDict']]]]] = None,
|
477
786
|
max_ttl: Optional[pulumi.Input[str]] = None,
|
478
787
|
namespace: Optional[pulumi.Input[str]] = None,
|
479
788
|
organization: Optional[pulumi.Input[str]] = None,
|
480
789
|
path: Optional[pulumi.Input[str]] = None,
|
481
790
|
token: Optional[pulumi.Input[str]] = None,
|
791
|
+
token_bound_cidrs: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
792
|
+
token_explicit_max_ttl: Optional[pulumi.Input[int]] = None,
|
793
|
+
token_max_ttl: Optional[pulumi.Input[int]] = None,
|
794
|
+
token_no_default_policy: Optional[pulumi.Input[bool]] = None,
|
795
|
+
token_num_uses: Optional[pulumi.Input[int]] = None,
|
796
|
+
token_period: Optional[pulumi.Input[int]] = None,
|
797
|
+
token_policies: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
798
|
+
token_ttl: Optional[pulumi.Input[int]] = None,
|
799
|
+
token_type: Optional[pulumi.Input[str]] = None,
|
482
800
|
ttl: Optional[pulumi.Input[str]] = None,
|
483
|
-
users: Optional[pulumi.Input[Sequence[pulumi.Input[
|
801
|
+
users: Optional[pulumi.Input[Sequence[pulumi.Input[Union['AuthBackendUserArgs', 'AuthBackendUserArgsDict']]]]] = None,
|
484
802
|
__props__=None):
|
485
803
|
"""
|
486
804
|
Provides a resource for managing an
|
@@ -494,19 +812,19 @@ class AuthBackend(pulumi.CustomResource):
|
|
494
812
|
|
495
813
|
example = vault.okta.AuthBackend("example",
|
496
814
|
description="Demonstration of the Terraform Okta auth backend",
|
497
|
-
|
498
|
-
|
499
|
-
|
815
|
+
organization="example",
|
816
|
+
token="something that should be kept secret",
|
817
|
+
groups=[{
|
818
|
+
"group_name": "foo",
|
819
|
+
"policies": [
|
500
820
|
"one",
|
501
821
|
"two",
|
502
822
|
],
|
503
|
-
|
504
|
-
|
505
|
-
|
506
|
-
|
507
|
-
|
508
|
-
username="bar",
|
509
|
-
)])
|
823
|
+
}],
|
824
|
+
users=[{
|
825
|
+
"username": "bar",
|
826
|
+
"groups": ["foo"],
|
827
|
+
}])
|
510
828
|
```
|
511
829
|
|
512
830
|
## Import
|
@@ -514,7 +832,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
514
832
|
Okta authentication backends can be imported using its `path`, e.g.
|
515
833
|
|
516
834
|
```sh
|
517
|
-
|
835
|
+
$ pulumi import vault:okta/authBackend:AuthBackend example okta
|
518
836
|
```
|
519
837
|
|
520
838
|
:param str resource_name: The name of the resource.
|
@@ -524,21 +842,30 @@ class AuthBackend(pulumi.CustomResource):
|
|
524
842
|
:param pulumi.Input[str] description: The description of the auth backend
|
525
843
|
:param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
|
526
844
|
See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
|
527
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
845
|
+
:param pulumi.Input[Sequence[pulumi.Input[Union['AuthBackendGroupArgs', 'AuthBackendGroupArgsDict']]]] groups: Associate Okta groups with policies within Vault.
|
528
846
|
See below for more details.
|
529
847
|
:param pulumi.Input[str] max_ttl: Maximum duration after which authentication will be expired
|
530
848
|
[See the documentation for info on valid duration formats](https://golang.org/pkg/time/#ParseDuration).
|
531
849
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
532
850
|
The value should not contain leading or trailing forward slashes.
|
533
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
851
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
534
852
|
*Available only for Vault Enterprise*.
|
535
853
|
:param pulumi.Input[str] organization: The Okta organization. This will be the first part of the url `https://XXX.okta.com`
|
536
854
|
:param pulumi.Input[str] path: Path to mount the Okta auth backend. Default to path `okta`.
|
537
855
|
:param pulumi.Input[str] token: The Okta API token. This is required to query Okta for user group membership.
|
538
856
|
If this is not supplied only locally configured groups will be enabled.
|
857
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
|
858
|
+
:param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
|
859
|
+
:param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
|
860
|
+
:param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
|
861
|
+
:param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
|
862
|
+
:param pulumi.Input[int] token_period: Generated Token's Period
|
863
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
|
864
|
+
:param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
|
865
|
+
:param pulumi.Input[str] token_type: The type of token to generate, service or batch
|
539
866
|
:param pulumi.Input[str] ttl: Duration after which authentication will be expired.
|
540
867
|
[See the documentation for info on valid duration formats](https://golang.org/pkg/time/#ParseDuration).
|
541
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
868
|
+
:param pulumi.Input[Sequence[pulumi.Input[Union['AuthBackendUserArgs', 'AuthBackendUserArgsDict']]]] users: Associate Okta users with groups or policies within Vault.
|
542
869
|
See below for more details.
|
543
870
|
"""
|
544
871
|
...
|
@@ -559,19 +886,19 @@ class AuthBackend(pulumi.CustomResource):
|
|
559
886
|
|
560
887
|
example = vault.okta.AuthBackend("example",
|
561
888
|
description="Demonstration of the Terraform Okta auth backend",
|
562
|
-
|
563
|
-
|
564
|
-
|
889
|
+
organization="example",
|
890
|
+
token="something that should be kept secret",
|
891
|
+
groups=[{
|
892
|
+
"group_name": "foo",
|
893
|
+
"policies": [
|
565
894
|
"one",
|
566
895
|
"two",
|
567
896
|
],
|
568
|
-
|
569
|
-
|
570
|
-
|
571
|
-
|
572
|
-
|
573
|
-
username="bar",
|
574
|
-
)])
|
897
|
+
}],
|
898
|
+
users=[{
|
899
|
+
"username": "bar",
|
900
|
+
"groups": ["foo"],
|
901
|
+
}])
|
575
902
|
```
|
576
903
|
|
577
904
|
## Import
|
@@ -579,7 +906,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
579
906
|
Okta authentication backends can be imported using its `path`, e.g.
|
580
907
|
|
581
908
|
```sh
|
582
|
-
|
909
|
+
$ pulumi import vault:okta/authBackend:AuthBackend example okta
|
583
910
|
```
|
584
911
|
|
585
912
|
:param str resource_name: The name of the resource.
|
@@ -601,14 +928,23 @@ class AuthBackend(pulumi.CustomResource):
|
|
601
928
|
bypass_okta_mfa: Optional[pulumi.Input[bool]] = None,
|
602
929
|
description: Optional[pulumi.Input[str]] = None,
|
603
930
|
disable_remount: Optional[pulumi.Input[bool]] = None,
|
604
|
-
groups: Optional[pulumi.Input[Sequence[pulumi.Input[
|
931
|
+
groups: Optional[pulumi.Input[Sequence[pulumi.Input[Union['AuthBackendGroupArgs', 'AuthBackendGroupArgsDict']]]]] = None,
|
605
932
|
max_ttl: Optional[pulumi.Input[str]] = None,
|
606
933
|
namespace: Optional[pulumi.Input[str]] = None,
|
607
934
|
organization: Optional[pulumi.Input[str]] = None,
|
608
935
|
path: Optional[pulumi.Input[str]] = None,
|
609
936
|
token: Optional[pulumi.Input[str]] = None,
|
937
|
+
token_bound_cidrs: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
938
|
+
token_explicit_max_ttl: Optional[pulumi.Input[int]] = None,
|
939
|
+
token_max_ttl: Optional[pulumi.Input[int]] = None,
|
940
|
+
token_no_default_policy: Optional[pulumi.Input[bool]] = None,
|
941
|
+
token_num_uses: Optional[pulumi.Input[int]] = None,
|
942
|
+
token_period: Optional[pulumi.Input[int]] = None,
|
943
|
+
token_policies: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
944
|
+
token_ttl: Optional[pulumi.Input[int]] = None,
|
945
|
+
token_type: Optional[pulumi.Input[str]] = None,
|
610
946
|
ttl: Optional[pulumi.Input[str]] = None,
|
611
|
-
users: Optional[pulumi.Input[Sequence[pulumi.Input[
|
947
|
+
users: Optional[pulumi.Input[Sequence[pulumi.Input[Union['AuthBackendUserArgs', 'AuthBackendUserArgsDict']]]]] = None,
|
612
948
|
__props__=None):
|
613
949
|
opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
|
614
950
|
if not isinstance(opts, pulumi.ResourceOptions):
|
@@ -630,6 +966,15 @@ class AuthBackend(pulumi.CustomResource):
|
|
630
966
|
__props__.__dict__["organization"] = organization
|
631
967
|
__props__.__dict__["path"] = path
|
632
968
|
__props__.__dict__["token"] = None if token is None else pulumi.Output.secret(token)
|
969
|
+
__props__.__dict__["token_bound_cidrs"] = token_bound_cidrs
|
970
|
+
__props__.__dict__["token_explicit_max_ttl"] = token_explicit_max_ttl
|
971
|
+
__props__.__dict__["token_max_ttl"] = token_max_ttl
|
972
|
+
__props__.__dict__["token_no_default_policy"] = token_no_default_policy
|
973
|
+
__props__.__dict__["token_num_uses"] = token_num_uses
|
974
|
+
__props__.__dict__["token_period"] = token_period
|
975
|
+
__props__.__dict__["token_policies"] = token_policies
|
976
|
+
__props__.__dict__["token_ttl"] = token_ttl
|
977
|
+
__props__.__dict__["token_type"] = token_type
|
633
978
|
__props__.__dict__["ttl"] = ttl
|
634
979
|
__props__.__dict__["users"] = users
|
635
980
|
__props__.__dict__["accessor"] = None
|
@@ -650,14 +995,23 @@ class AuthBackend(pulumi.CustomResource):
|
|
650
995
|
bypass_okta_mfa: Optional[pulumi.Input[bool]] = None,
|
651
996
|
description: Optional[pulumi.Input[str]] = None,
|
652
997
|
disable_remount: Optional[pulumi.Input[bool]] = None,
|
653
|
-
groups: Optional[pulumi.Input[Sequence[pulumi.Input[
|
998
|
+
groups: Optional[pulumi.Input[Sequence[pulumi.Input[Union['AuthBackendGroupArgs', 'AuthBackendGroupArgsDict']]]]] = None,
|
654
999
|
max_ttl: Optional[pulumi.Input[str]] = None,
|
655
1000
|
namespace: Optional[pulumi.Input[str]] = None,
|
656
1001
|
organization: Optional[pulumi.Input[str]] = None,
|
657
1002
|
path: Optional[pulumi.Input[str]] = None,
|
658
1003
|
token: Optional[pulumi.Input[str]] = None,
|
1004
|
+
token_bound_cidrs: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1005
|
+
token_explicit_max_ttl: Optional[pulumi.Input[int]] = None,
|
1006
|
+
token_max_ttl: Optional[pulumi.Input[int]] = None,
|
1007
|
+
token_no_default_policy: Optional[pulumi.Input[bool]] = None,
|
1008
|
+
token_num_uses: Optional[pulumi.Input[int]] = None,
|
1009
|
+
token_period: Optional[pulumi.Input[int]] = None,
|
1010
|
+
token_policies: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1011
|
+
token_ttl: Optional[pulumi.Input[int]] = None,
|
1012
|
+
token_type: Optional[pulumi.Input[str]] = None,
|
659
1013
|
ttl: Optional[pulumi.Input[str]] = None,
|
660
|
-
users: Optional[pulumi.Input[Sequence[pulumi.Input[
|
1014
|
+
users: Optional[pulumi.Input[Sequence[pulumi.Input[Union['AuthBackendUserArgs', 'AuthBackendUserArgsDict']]]]] = None) -> 'AuthBackend':
|
661
1015
|
"""
|
662
1016
|
Get an existing AuthBackend resource's state with the given name, id, and optional extra
|
663
1017
|
properties used to qualify the lookup.
|
@@ -671,21 +1025,30 @@ class AuthBackend(pulumi.CustomResource):
|
|
671
1025
|
:param pulumi.Input[str] description: The description of the auth backend
|
672
1026
|
:param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
|
673
1027
|
See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
|
674
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
1028
|
+
:param pulumi.Input[Sequence[pulumi.Input[Union['AuthBackendGroupArgs', 'AuthBackendGroupArgsDict']]]] groups: Associate Okta groups with policies within Vault.
|
675
1029
|
See below for more details.
|
676
1030
|
:param pulumi.Input[str] max_ttl: Maximum duration after which authentication will be expired
|
677
1031
|
[See the documentation for info on valid duration formats](https://golang.org/pkg/time/#ParseDuration).
|
678
1032
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
679
1033
|
The value should not contain leading or trailing forward slashes.
|
680
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
1034
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
681
1035
|
*Available only for Vault Enterprise*.
|
682
1036
|
:param pulumi.Input[str] organization: The Okta organization. This will be the first part of the url `https://XXX.okta.com`
|
683
1037
|
:param pulumi.Input[str] path: Path to mount the Okta auth backend. Default to path `okta`.
|
684
1038
|
:param pulumi.Input[str] token: The Okta API token. This is required to query Okta for user group membership.
|
685
1039
|
If this is not supplied only locally configured groups will be enabled.
|
1040
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
|
1041
|
+
:param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
|
1042
|
+
:param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
|
1043
|
+
:param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
|
1044
|
+
:param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
|
1045
|
+
:param pulumi.Input[int] token_period: Generated Token's Period
|
1046
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
|
1047
|
+
:param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
|
1048
|
+
:param pulumi.Input[str] token_type: The type of token to generate, service or batch
|
686
1049
|
:param pulumi.Input[str] ttl: Duration after which authentication will be expired.
|
687
1050
|
[See the documentation for info on valid duration formats](https://golang.org/pkg/time/#ParseDuration).
|
688
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
1051
|
+
:param pulumi.Input[Sequence[pulumi.Input[Union['AuthBackendUserArgs', 'AuthBackendUserArgsDict']]]] users: Associate Okta users with groups or policies within Vault.
|
689
1052
|
See below for more details.
|
690
1053
|
"""
|
691
1054
|
opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
|
@@ -703,6 +1066,15 @@ class AuthBackend(pulumi.CustomResource):
|
|
703
1066
|
__props__.__dict__["organization"] = organization
|
704
1067
|
__props__.__dict__["path"] = path
|
705
1068
|
__props__.__dict__["token"] = token
|
1069
|
+
__props__.__dict__["token_bound_cidrs"] = token_bound_cidrs
|
1070
|
+
__props__.__dict__["token_explicit_max_ttl"] = token_explicit_max_ttl
|
1071
|
+
__props__.__dict__["token_max_ttl"] = token_max_ttl
|
1072
|
+
__props__.__dict__["token_no_default_policy"] = token_no_default_policy
|
1073
|
+
__props__.__dict__["token_num_uses"] = token_num_uses
|
1074
|
+
__props__.__dict__["token_period"] = token_period
|
1075
|
+
__props__.__dict__["token_policies"] = token_policies
|
1076
|
+
__props__.__dict__["token_ttl"] = token_ttl
|
1077
|
+
__props__.__dict__["token_type"] = token_type
|
706
1078
|
__props__.__dict__["ttl"] = ttl
|
707
1079
|
__props__.__dict__["users"] = users
|
708
1080
|
return AuthBackend(resource_name, opts=opts, __props__=__props__)
|
@@ -759,6 +1131,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
759
1131
|
|
760
1132
|
@property
|
761
1133
|
@pulumi.getter(name="maxTtl")
|
1134
|
+
@_utilities.deprecated("""Deprecated. Please use `token_max_ttl` instead.""")
|
762
1135
|
def max_ttl(self) -> pulumi.Output[Optional[str]]:
|
763
1136
|
"""
|
764
1137
|
Maximum duration after which authentication will be expired
|
@@ -772,7 +1145,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
772
1145
|
"""
|
773
1146
|
The namespace to provision the resource in.
|
774
1147
|
The value should not contain leading or trailing forward slashes.
|
775
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
1148
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
776
1149
|
*Available only for Vault Enterprise*.
|
777
1150
|
"""
|
778
1151
|
return pulumi.get(self, "namespace")
|
@@ -802,8 +1175,81 @@ class AuthBackend(pulumi.CustomResource):
|
|
802
1175
|
"""
|
803
1176
|
return pulumi.get(self, "token")
|
804
1177
|
|
1178
|
+
@property
|
1179
|
+
@pulumi.getter(name="tokenBoundCidrs")
|
1180
|
+
def token_bound_cidrs(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
1181
|
+
"""
|
1182
|
+
Specifies the blocks of IP addresses which are allowed to use the generated token
|
1183
|
+
"""
|
1184
|
+
return pulumi.get(self, "token_bound_cidrs")
|
1185
|
+
|
1186
|
+
@property
|
1187
|
+
@pulumi.getter(name="tokenExplicitMaxTtl")
|
1188
|
+
def token_explicit_max_ttl(self) -> pulumi.Output[Optional[int]]:
|
1189
|
+
"""
|
1190
|
+
Generated Token's Explicit Maximum TTL in seconds
|
1191
|
+
"""
|
1192
|
+
return pulumi.get(self, "token_explicit_max_ttl")
|
1193
|
+
|
1194
|
+
@property
|
1195
|
+
@pulumi.getter(name="tokenMaxTtl")
|
1196
|
+
def token_max_ttl(self) -> pulumi.Output[Optional[int]]:
|
1197
|
+
"""
|
1198
|
+
The maximum lifetime of the generated token
|
1199
|
+
"""
|
1200
|
+
return pulumi.get(self, "token_max_ttl")
|
1201
|
+
|
1202
|
+
@property
|
1203
|
+
@pulumi.getter(name="tokenNoDefaultPolicy")
|
1204
|
+
def token_no_default_policy(self) -> pulumi.Output[Optional[bool]]:
|
1205
|
+
"""
|
1206
|
+
If true, the 'default' policy will not automatically be added to generated tokens
|
1207
|
+
"""
|
1208
|
+
return pulumi.get(self, "token_no_default_policy")
|
1209
|
+
|
1210
|
+
@property
|
1211
|
+
@pulumi.getter(name="tokenNumUses")
|
1212
|
+
def token_num_uses(self) -> pulumi.Output[Optional[int]]:
|
1213
|
+
"""
|
1214
|
+
The maximum number of times a token may be used, a value of zero means unlimited
|
1215
|
+
"""
|
1216
|
+
return pulumi.get(self, "token_num_uses")
|
1217
|
+
|
1218
|
+
@property
|
1219
|
+
@pulumi.getter(name="tokenPeriod")
|
1220
|
+
def token_period(self) -> pulumi.Output[Optional[int]]:
|
1221
|
+
"""
|
1222
|
+
Generated Token's Period
|
1223
|
+
"""
|
1224
|
+
return pulumi.get(self, "token_period")
|
1225
|
+
|
1226
|
+
@property
|
1227
|
+
@pulumi.getter(name="tokenPolicies")
|
1228
|
+
def token_policies(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
1229
|
+
"""
|
1230
|
+
Generated Token's Policies
|
1231
|
+
"""
|
1232
|
+
return pulumi.get(self, "token_policies")
|
1233
|
+
|
1234
|
+
@property
|
1235
|
+
@pulumi.getter(name="tokenTtl")
|
1236
|
+
def token_ttl(self) -> pulumi.Output[Optional[int]]:
|
1237
|
+
"""
|
1238
|
+
The initial ttl of the token to generate in seconds
|
1239
|
+
"""
|
1240
|
+
return pulumi.get(self, "token_ttl")
|
1241
|
+
|
1242
|
+
@property
|
1243
|
+
@pulumi.getter(name="tokenType")
|
1244
|
+
def token_type(self) -> pulumi.Output[Optional[str]]:
|
1245
|
+
"""
|
1246
|
+
The type of token to generate, service or batch
|
1247
|
+
"""
|
1248
|
+
return pulumi.get(self, "token_type")
|
1249
|
+
|
805
1250
|
@property
|
806
1251
|
@pulumi.getter
|
1252
|
+
@_utilities.deprecated("""Deprecated. Please use `token_ttl` instead.""")
|
807
1253
|
def ttl(self) -> pulumi.Output[Optional[str]]:
|
808
1254
|
"""
|
809
1255
|
Duration after which authentication will be expired.
|