pulumi-vault 5.21.0a1709368526__py3-none-any.whl → 6.5.0a1736836139__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +52 -0
- pulumi_vault/_inputs.py +560 -0
- pulumi_vault/_utilities.py +41 -5
- pulumi_vault/ad/get_access_credentials.py +26 -9
- pulumi_vault/ad/secret_backend.py +16 -142
- pulumi_vault/ad/secret_library.py +16 -9
- pulumi_vault/ad/secret_role.py +14 -9
- pulumi_vault/alicloud/auth_backend_role.py +76 -190
- pulumi_vault/approle/auth_backend_login.py +12 -7
- pulumi_vault/approle/auth_backend_role.py +77 -191
- pulumi_vault/approle/auth_backend_role_secret_id.py +106 -7
- pulumi_vault/approle/get_auth_backend_role_id.py +18 -5
- pulumi_vault/audit.py +30 -21
- pulumi_vault/audit_request_header.py +11 -2
- pulumi_vault/auth_backend.py +66 -14
- pulumi_vault/aws/auth_backend_cert.py +18 -9
- pulumi_vault/aws/auth_backend_client.py +267 -22
- pulumi_vault/aws/auth_backend_config_identity.py +14 -9
- pulumi_vault/aws/auth_backend_identity_whitelist.py +20 -15
- pulumi_vault/aws/auth_backend_login.py +19 -22
- pulumi_vault/aws/auth_backend_role.py +77 -191
- pulumi_vault/aws/auth_backend_role_tag.py +12 -7
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -13
- pulumi_vault/aws/auth_backend_sts_role.py +14 -9
- pulumi_vault/aws/get_access_credentials.py +38 -9
- pulumi_vault/aws/get_static_access_credentials.py +19 -5
- pulumi_vault/aws/secret_backend.py +77 -9
- pulumi_vault/aws/secret_backend_role.py +185 -9
- pulumi_vault/aws/secret_backend_static_role.py +20 -11
- pulumi_vault/azure/_inputs.py +24 -0
- pulumi_vault/azure/auth_backend_config.py +153 -15
- pulumi_vault/azure/auth_backend_role.py +77 -191
- pulumi_vault/azure/backend.py +227 -21
- pulumi_vault/azure/backend_role.py +42 -37
- pulumi_vault/azure/get_access_credentials.py +41 -7
- pulumi_vault/azure/outputs.py +5 -0
- pulumi_vault/cert_auth_backend_role.py +87 -267
- pulumi_vault/config/__init__.pyi +5 -0
- pulumi_vault/config/_inputs.py +73 -0
- pulumi_vault/config/outputs.py +35 -0
- pulumi_vault/config/ui_custom_message.py +529 -0
- pulumi_vault/config/vars.py +5 -0
- pulumi_vault/consul/secret_backend.py +28 -19
- pulumi_vault/consul/secret_backend_role.py +18 -78
- pulumi_vault/database/_inputs.py +2770 -881
- pulumi_vault/database/outputs.py +721 -838
- pulumi_vault/database/secret_backend_connection.py +119 -112
- pulumi_vault/database/secret_backend_role.py +31 -22
- pulumi_vault/database/secret_backend_static_role.py +87 -13
- pulumi_vault/database/secrets_mount.py +427 -136
- pulumi_vault/egp_policy.py +16 -11
- pulumi_vault/gcp/_inputs.py +111 -0
- pulumi_vault/gcp/auth_backend.py +250 -33
- pulumi_vault/gcp/auth_backend_role.py +77 -269
- pulumi_vault/gcp/get_auth_backend_role.py +43 -5
- pulumi_vault/gcp/outputs.py +5 -0
- pulumi_vault/gcp/secret_backend.py +287 -12
- pulumi_vault/gcp/secret_impersonated_account.py +76 -15
- pulumi_vault/gcp/secret_roleset.py +31 -24
- pulumi_vault/gcp/secret_static_account.py +39 -32
- pulumi_vault/generic/endpoint.py +24 -17
- pulumi_vault/generic/get_secret.py +64 -8
- pulumi_vault/generic/secret.py +21 -16
- pulumi_vault/get_auth_backend.py +24 -7
- pulumi_vault/get_auth_backends.py +51 -9
- pulumi_vault/get_namespace.py +226 -0
- pulumi_vault/get_namespaces.py +153 -0
- pulumi_vault/get_nomad_access_token.py +31 -11
- pulumi_vault/get_policy_document.py +34 -19
- pulumi_vault/get_raft_autopilot_state.py +29 -10
- pulumi_vault/github/_inputs.py +55 -0
- pulumi_vault/github/auth_backend.py +19 -14
- pulumi_vault/github/outputs.py +5 -0
- pulumi_vault/github/team.py +16 -11
- pulumi_vault/github/user.py +16 -11
- pulumi_vault/identity/entity.py +20 -13
- pulumi_vault/identity/entity_alias.py +20 -13
- pulumi_vault/identity/entity_policies.py +28 -11
- pulumi_vault/identity/get_entity.py +42 -10
- pulumi_vault/identity/get_group.py +47 -9
- pulumi_vault/identity/get_oidc_client_creds.py +21 -7
- pulumi_vault/identity/get_oidc_openid_config.py +39 -9
- pulumi_vault/identity/get_oidc_public_keys.py +29 -10
- pulumi_vault/identity/group.py +58 -39
- pulumi_vault/identity/group_alias.py +16 -9
- pulumi_vault/identity/group_member_entity_ids.py +28 -66
- pulumi_vault/identity/group_member_group_ids.py +40 -19
- pulumi_vault/identity/group_policies.py +20 -7
- pulumi_vault/identity/mfa_duo.py +11 -6
- pulumi_vault/identity/mfa_login_enforcement.py +15 -6
- pulumi_vault/identity/mfa_okta.py +11 -6
- pulumi_vault/identity/mfa_pingid.py +7 -2
- pulumi_vault/identity/mfa_totp.py +7 -2
- pulumi_vault/identity/oidc.py +12 -7
- pulumi_vault/identity/oidc_assignment.py +24 -11
- pulumi_vault/identity/oidc_client.py +36 -23
- pulumi_vault/identity/oidc_key.py +30 -17
- pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -15
- pulumi_vault/identity/oidc_provider.py +36 -21
- pulumi_vault/identity/oidc_role.py +42 -21
- pulumi_vault/identity/oidc_scope.py +20 -13
- pulumi_vault/identity/outputs.py +8 -3
- pulumi_vault/jwt/_inputs.py +55 -0
- pulumi_vault/jwt/auth_backend.py +45 -40
- pulumi_vault/jwt/auth_backend_role.py +133 -254
- pulumi_vault/jwt/outputs.py +5 -0
- pulumi_vault/kmip/secret_backend.py +24 -19
- pulumi_vault/kmip/secret_role.py +14 -9
- pulumi_vault/kmip/secret_scope.py +14 -9
- pulumi_vault/kubernetes/auth_backend_config.py +57 -5
- pulumi_vault/kubernetes/auth_backend_role.py +70 -177
- pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
- pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
- pulumi_vault/kubernetes/get_service_account_token.py +39 -11
- pulumi_vault/kubernetes/secret_backend.py +316 -27
- pulumi_vault/kubernetes/secret_backend_role.py +137 -46
- pulumi_vault/kv/_inputs.py +36 -4
- pulumi_vault/kv/get_secret.py +25 -8
- pulumi_vault/kv/get_secret_subkeys_v2.py +33 -10
- pulumi_vault/kv/get_secret_v2.py +85 -9
- pulumi_vault/kv/get_secrets_list.py +24 -11
- pulumi_vault/kv/get_secrets_list_v2.py +37 -15
- pulumi_vault/kv/outputs.py +8 -3
- pulumi_vault/kv/secret.py +23 -16
- pulumi_vault/kv/secret_backend_v2.py +20 -11
- pulumi_vault/kv/secret_v2.py +59 -50
- pulumi_vault/ldap/auth_backend.py +127 -166
- pulumi_vault/ldap/auth_backend_group.py +14 -9
- pulumi_vault/ldap/auth_backend_user.py +14 -9
- pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
- pulumi_vault/ldap/get_static_credentials.py +24 -5
- pulumi_vault/ldap/secret_backend.py +354 -82
- pulumi_vault/ldap/secret_backend_dynamic_role.py +18 -11
- pulumi_vault/ldap/secret_backend_library_set.py +16 -9
- pulumi_vault/ldap/secret_backend_static_role.py +73 -12
- pulumi_vault/managed/_inputs.py +289 -132
- pulumi_vault/managed/keys.py +29 -57
- pulumi_vault/managed/outputs.py +89 -132
- pulumi_vault/mfa_duo.py +18 -11
- pulumi_vault/mfa_okta.py +18 -11
- pulumi_vault/mfa_pingid.py +18 -11
- pulumi_vault/mfa_totp.py +24 -17
- pulumi_vault/mongodbatlas/secret_backend.py +20 -15
- pulumi_vault/mongodbatlas/secret_role.py +47 -38
- pulumi_vault/mount.py +391 -51
- pulumi_vault/namespace.py +68 -83
- pulumi_vault/nomad_secret_backend.py +18 -13
- pulumi_vault/nomad_secret_role.py +14 -9
- pulumi_vault/okta/_inputs.py +47 -8
- pulumi_vault/okta/auth_backend.py +485 -39
- pulumi_vault/okta/auth_backend_group.py +14 -9
- pulumi_vault/okta/auth_backend_user.py +14 -9
- pulumi_vault/okta/outputs.py +13 -8
- pulumi_vault/outputs.py +5 -0
- pulumi_vault/password_policy.py +20 -13
- pulumi_vault/pkisecret/__init__.py +3 -0
- pulumi_vault/pkisecret/_inputs.py +81 -0
- pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
- pulumi_vault/pkisecret/backend_config_est.py +619 -0
- pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
- pulumi_vault/pkisecret/get_backend_issuer.py +67 -9
- pulumi_vault/pkisecret/get_backend_issuers.py +21 -8
- pulumi_vault/pkisecret/get_backend_key.py +24 -9
- pulumi_vault/pkisecret/get_backend_keys.py +21 -8
- pulumi_vault/pkisecret/outputs.py +69 -0
- pulumi_vault/pkisecret/secret_backend_cert.py +18 -11
- pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -11
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +14 -9
- pulumi_vault/pkisecret/secret_backend_config_urls.py +67 -11
- pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -9
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -11
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -17
- pulumi_vault/pkisecret/secret_backend_issuer.py +14 -9
- pulumi_vault/pkisecret/secret_backend_key.py +14 -9
- pulumi_vault/pkisecret/secret_backend_role.py +21 -14
- pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -48
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -56
- pulumi_vault/pkisecret/secret_backend_sign.py +18 -54
- pulumi_vault/plugin.py +595 -0
- pulumi_vault/plugin_pinned_version.py +298 -0
- pulumi_vault/policy.py +14 -9
- pulumi_vault/provider.py +48 -53
- pulumi_vault/pulumi-plugin.json +2 -1
- pulumi_vault/quota_lease_count.py +60 -6
- pulumi_vault/quota_rate_limit.py +56 -2
- pulumi_vault/rabbitmq/_inputs.py +61 -0
- pulumi_vault/rabbitmq/outputs.py +5 -0
- pulumi_vault/rabbitmq/secret_backend.py +18 -13
- pulumi_vault/rabbitmq/secret_backend_role.py +54 -47
- pulumi_vault/raft_autopilot.py +14 -9
- pulumi_vault/raft_snapshot_agent_config.py +129 -224
- pulumi_vault/rgp_policy.py +14 -9
- pulumi_vault/saml/auth_backend.py +22 -17
- pulumi_vault/saml/auth_backend_role.py +92 -197
- pulumi_vault/secrets/__init__.py +3 -0
- pulumi_vault/secrets/_inputs.py +110 -0
- pulumi_vault/secrets/outputs.py +94 -0
- pulumi_vault/secrets/sync_association.py +56 -71
- pulumi_vault/secrets/sync_aws_destination.py +242 -27
- pulumi_vault/secrets/sync_azure_destination.py +92 -31
- pulumi_vault/secrets/sync_config.py +9 -4
- pulumi_vault/secrets/sync_gcp_destination.py +158 -25
- pulumi_vault/secrets/sync_gh_destination.py +189 -13
- pulumi_vault/secrets/sync_github_apps.py +375 -0
- pulumi_vault/secrets/sync_vercel_destination.py +74 -13
- pulumi_vault/ssh/_inputs.py +28 -28
- pulumi_vault/ssh/outputs.py +11 -28
- pulumi_vault/ssh/secret_backend_ca.py +108 -9
- pulumi_vault/ssh/secret_backend_role.py +85 -118
- pulumi_vault/terraformcloud/secret_backend.py +7 -54
- pulumi_vault/terraformcloud/secret_creds.py +14 -20
- pulumi_vault/terraformcloud/secret_role.py +16 -74
- pulumi_vault/token.py +28 -23
- pulumi_vault/tokenauth/auth_backend_role.py +78 -199
- pulumi_vault/transform/alphabet.py +16 -9
- pulumi_vault/transform/get_decode.py +45 -17
- pulumi_vault/transform/get_encode.py +45 -17
- pulumi_vault/transform/role.py +16 -9
- pulumi_vault/transform/template.py +30 -21
- pulumi_vault/transform/transformation.py +12 -7
- pulumi_vault/transit/get_decrypt.py +26 -21
- pulumi_vault/transit/get_encrypt.py +24 -19
- pulumi_vault/transit/secret_backend_key.py +27 -93
- pulumi_vault/transit/secret_cache_config.py +12 -7
- {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/METADATA +8 -7
- pulumi_vault-6.5.0a1736836139.dist-info/RECORD +256 -0
- {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/WHEEL +1 -1
- pulumi_vault-5.21.0a1709368526.dist-info/RECORD +0 -244
- {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/top_level.txt +0 -0
@@ -0,0 +1,619 @@
|
|
1
|
+
# coding=utf-8
|
2
|
+
# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
|
3
|
+
# *** Do not edit by hand unless you're certain you know what you are doing! ***
|
4
|
+
|
5
|
+
import copy
|
6
|
+
import warnings
|
7
|
+
import sys
|
8
|
+
import pulumi
|
9
|
+
import pulumi.runtime
|
10
|
+
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
15
|
+
from .. import _utilities
|
16
|
+
from . import outputs
|
17
|
+
from ._inputs import *
|
18
|
+
|
19
|
+
__all__ = ['BackendConfigEstArgs', 'BackendConfigEst']
|
20
|
+
|
21
|
+
@pulumi.input_type
|
22
|
+
class BackendConfigEstArgs:
|
23
|
+
def __init__(__self__, *,
|
24
|
+
backend: pulumi.Input[str],
|
25
|
+
audit_fields: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
26
|
+
authenticators: Optional[pulumi.Input['BackendConfigEstAuthenticatorsArgs']] = None,
|
27
|
+
default_mount: Optional[pulumi.Input[bool]] = None,
|
28
|
+
default_path_policy: Optional[pulumi.Input[str]] = None,
|
29
|
+
enable_sentinel_parsing: Optional[pulumi.Input[bool]] = None,
|
30
|
+
enabled: Optional[pulumi.Input[bool]] = None,
|
31
|
+
label_to_path_policy: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
32
|
+
namespace: Optional[pulumi.Input[str]] = None):
|
33
|
+
"""
|
34
|
+
The set of arguments for constructing a BackendConfigEst resource.
|
35
|
+
:param pulumi.Input[str] backend: The path to the PKI secret backend to
|
36
|
+
read the EST configuration from, with no leading or trailing `/`s.
|
37
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] audit_fields: Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.
|
38
|
+
|
39
|
+
<a id="nestedatt--authenticators"></a>
|
40
|
+
:param pulumi.Input['BackendConfigEstAuthenticatorsArgs'] authenticators: Lists the mount accessors EST should delegate authentication requests towards (see below for nested schema).
|
41
|
+
:param pulumi.Input[bool] default_mount: If set, this mount will register the default `.well-known/est` URL path. Only a single mount can enable this across a Vault cluster.
|
42
|
+
:param pulumi.Input[str] default_path_policy: Required to be set if default_mount is enabled. Specifies the behavior for requests using the default EST label. Can be sign-verbatim or a role given by role:<role_name>.
|
43
|
+
:param pulumi.Input[bool] enable_sentinel_parsing: If set, parse out fields from the provided CSR making them available for Sentinel policies.
|
44
|
+
:param pulumi.Input[bool] enabled: Specifies whether EST is enabled.
|
45
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] label_to_path_policy: Configures a pairing of an EST label with the redirected behavior for requests hitting that role. The path policy can be sign-verbatim or a role given by role:<role_name>. Labels must be unique across Vault cluster, and will register .well-known/est/<label> URL paths.
|
46
|
+
:param pulumi.Input[str] namespace: The namespace of the target resource.
|
47
|
+
The value should not contain leading or trailing forward slashes.
|
48
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
49
|
+
*Available only for Vault Enterprise*.
|
50
|
+
"""
|
51
|
+
pulumi.set(__self__, "backend", backend)
|
52
|
+
if audit_fields is not None:
|
53
|
+
pulumi.set(__self__, "audit_fields", audit_fields)
|
54
|
+
if authenticators is not None:
|
55
|
+
pulumi.set(__self__, "authenticators", authenticators)
|
56
|
+
if default_mount is not None:
|
57
|
+
pulumi.set(__self__, "default_mount", default_mount)
|
58
|
+
if default_path_policy is not None:
|
59
|
+
pulumi.set(__self__, "default_path_policy", default_path_policy)
|
60
|
+
if enable_sentinel_parsing is not None:
|
61
|
+
pulumi.set(__self__, "enable_sentinel_parsing", enable_sentinel_parsing)
|
62
|
+
if enabled is not None:
|
63
|
+
pulumi.set(__self__, "enabled", enabled)
|
64
|
+
if label_to_path_policy is not None:
|
65
|
+
pulumi.set(__self__, "label_to_path_policy", label_to_path_policy)
|
66
|
+
if namespace is not None:
|
67
|
+
pulumi.set(__self__, "namespace", namespace)
|
68
|
+
|
69
|
+
@property
|
70
|
+
@pulumi.getter
|
71
|
+
def backend(self) -> pulumi.Input[str]:
|
72
|
+
"""
|
73
|
+
The path to the PKI secret backend to
|
74
|
+
read the EST configuration from, with no leading or trailing `/`s.
|
75
|
+
"""
|
76
|
+
return pulumi.get(self, "backend")
|
77
|
+
|
78
|
+
@backend.setter
|
79
|
+
def backend(self, value: pulumi.Input[str]):
|
80
|
+
pulumi.set(self, "backend", value)
|
81
|
+
|
82
|
+
@property
|
83
|
+
@pulumi.getter(name="auditFields")
|
84
|
+
def audit_fields(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
85
|
+
"""
|
86
|
+
Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.
|
87
|
+
|
88
|
+
<a id="nestedatt--authenticators"></a>
|
89
|
+
"""
|
90
|
+
return pulumi.get(self, "audit_fields")
|
91
|
+
|
92
|
+
@audit_fields.setter
|
93
|
+
def audit_fields(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
94
|
+
pulumi.set(self, "audit_fields", value)
|
95
|
+
|
96
|
+
@property
|
97
|
+
@pulumi.getter
|
98
|
+
def authenticators(self) -> Optional[pulumi.Input['BackendConfigEstAuthenticatorsArgs']]:
|
99
|
+
"""
|
100
|
+
Lists the mount accessors EST should delegate authentication requests towards (see below for nested schema).
|
101
|
+
"""
|
102
|
+
return pulumi.get(self, "authenticators")
|
103
|
+
|
104
|
+
@authenticators.setter
|
105
|
+
def authenticators(self, value: Optional[pulumi.Input['BackendConfigEstAuthenticatorsArgs']]):
|
106
|
+
pulumi.set(self, "authenticators", value)
|
107
|
+
|
108
|
+
@property
|
109
|
+
@pulumi.getter(name="defaultMount")
|
110
|
+
def default_mount(self) -> Optional[pulumi.Input[bool]]:
|
111
|
+
"""
|
112
|
+
If set, this mount will register the default `.well-known/est` URL path. Only a single mount can enable this across a Vault cluster.
|
113
|
+
"""
|
114
|
+
return pulumi.get(self, "default_mount")
|
115
|
+
|
116
|
+
@default_mount.setter
|
117
|
+
def default_mount(self, value: Optional[pulumi.Input[bool]]):
|
118
|
+
pulumi.set(self, "default_mount", value)
|
119
|
+
|
120
|
+
@property
|
121
|
+
@pulumi.getter(name="defaultPathPolicy")
|
122
|
+
def default_path_policy(self) -> Optional[pulumi.Input[str]]:
|
123
|
+
"""
|
124
|
+
Required to be set if default_mount is enabled. Specifies the behavior for requests using the default EST label. Can be sign-verbatim or a role given by role:<role_name>.
|
125
|
+
"""
|
126
|
+
return pulumi.get(self, "default_path_policy")
|
127
|
+
|
128
|
+
@default_path_policy.setter
|
129
|
+
def default_path_policy(self, value: Optional[pulumi.Input[str]]):
|
130
|
+
pulumi.set(self, "default_path_policy", value)
|
131
|
+
|
132
|
+
@property
|
133
|
+
@pulumi.getter(name="enableSentinelParsing")
|
134
|
+
def enable_sentinel_parsing(self) -> Optional[pulumi.Input[bool]]:
|
135
|
+
"""
|
136
|
+
If set, parse out fields from the provided CSR making them available for Sentinel policies.
|
137
|
+
"""
|
138
|
+
return pulumi.get(self, "enable_sentinel_parsing")
|
139
|
+
|
140
|
+
@enable_sentinel_parsing.setter
|
141
|
+
def enable_sentinel_parsing(self, value: Optional[pulumi.Input[bool]]):
|
142
|
+
pulumi.set(self, "enable_sentinel_parsing", value)
|
143
|
+
|
144
|
+
@property
|
145
|
+
@pulumi.getter
|
146
|
+
def enabled(self) -> Optional[pulumi.Input[bool]]:
|
147
|
+
"""
|
148
|
+
Specifies whether EST is enabled.
|
149
|
+
"""
|
150
|
+
return pulumi.get(self, "enabled")
|
151
|
+
|
152
|
+
@enabled.setter
|
153
|
+
def enabled(self, value: Optional[pulumi.Input[bool]]):
|
154
|
+
pulumi.set(self, "enabled", value)
|
155
|
+
|
156
|
+
@property
|
157
|
+
@pulumi.getter(name="labelToPathPolicy")
|
158
|
+
def label_to_path_policy(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
|
159
|
+
"""
|
160
|
+
Configures a pairing of an EST label with the redirected behavior for requests hitting that role. The path policy can be sign-verbatim or a role given by role:<role_name>. Labels must be unique across Vault cluster, and will register .well-known/est/<label> URL paths.
|
161
|
+
"""
|
162
|
+
return pulumi.get(self, "label_to_path_policy")
|
163
|
+
|
164
|
+
@label_to_path_policy.setter
|
165
|
+
def label_to_path_policy(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
|
166
|
+
pulumi.set(self, "label_to_path_policy", value)
|
167
|
+
|
168
|
+
@property
|
169
|
+
@pulumi.getter
|
170
|
+
def namespace(self) -> Optional[pulumi.Input[str]]:
|
171
|
+
"""
|
172
|
+
The namespace of the target resource.
|
173
|
+
The value should not contain leading or trailing forward slashes.
|
174
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
175
|
+
*Available only for Vault Enterprise*.
|
176
|
+
"""
|
177
|
+
return pulumi.get(self, "namespace")
|
178
|
+
|
179
|
+
@namespace.setter
|
180
|
+
def namespace(self, value: Optional[pulumi.Input[str]]):
|
181
|
+
pulumi.set(self, "namespace", value)
|
182
|
+
|
183
|
+
|
184
|
+
@pulumi.input_type
|
185
|
+
class _BackendConfigEstState:
|
186
|
+
def __init__(__self__, *,
|
187
|
+
audit_fields: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
188
|
+
authenticators: Optional[pulumi.Input['BackendConfigEstAuthenticatorsArgs']] = None,
|
189
|
+
backend: Optional[pulumi.Input[str]] = None,
|
190
|
+
default_mount: Optional[pulumi.Input[bool]] = None,
|
191
|
+
default_path_policy: Optional[pulumi.Input[str]] = None,
|
192
|
+
enable_sentinel_parsing: Optional[pulumi.Input[bool]] = None,
|
193
|
+
enabled: Optional[pulumi.Input[bool]] = None,
|
194
|
+
label_to_path_policy: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
195
|
+
last_updated: Optional[pulumi.Input[str]] = None,
|
196
|
+
namespace: Optional[pulumi.Input[str]] = None):
|
197
|
+
"""
|
198
|
+
Input properties used for looking up and filtering BackendConfigEst resources.
|
199
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] audit_fields: Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.
|
200
|
+
|
201
|
+
<a id="nestedatt--authenticators"></a>
|
202
|
+
:param pulumi.Input['BackendConfigEstAuthenticatorsArgs'] authenticators: Lists the mount accessors EST should delegate authentication requests towards (see below for nested schema).
|
203
|
+
:param pulumi.Input[str] backend: The path to the PKI secret backend to
|
204
|
+
read the EST configuration from, with no leading or trailing `/`s.
|
205
|
+
:param pulumi.Input[bool] default_mount: If set, this mount will register the default `.well-known/est` URL path. Only a single mount can enable this across a Vault cluster.
|
206
|
+
:param pulumi.Input[str] default_path_policy: Required to be set if default_mount is enabled. Specifies the behavior for requests using the default EST label. Can be sign-verbatim or a role given by role:<role_name>.
|
207
|
+
:param pulumi.Input[bool] enable_sentinel_parsing: If set, parse out fields from the provided CSR making them available for Sentinel policies.
|
208
|
+
:param pulumi.Input[bool] enabled: Specifies whether EST is enabled.
|
209
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] label_to_path_policy: Configures a pairing of an EST label with the redirected behavior for requests hitting that role. The path policy can be sign-verbatim or a role given by role:<role_name>. Labels must be unique across Vault cluster, and will register .well-known/est/<label> URL paths.
|
210
|
+
:param pulumi.Input[str] last_updated: A read-only timestamp representing the last time the configuration was updated.
|
211
|
+
:param pulumi.Input[str] namespace: The namespace of the target resource.
|
212
|
+
The value should not contain leading or trailing forward slashes.
|
213
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
214
|
+
*Available only for Vault Enterprise*.
|
215
|
+
"""
|
216
|
+
if audit_fields is not None:
|
217
|
+
pulumi.set(__self__, "audit_fields", audit_fields)
|
218
|
+
if authenticators is not None:
|
219
|
+
pulumi.set(__self__, "authenticators", authenticators)
|
220
|
+
if backend is not None:
|
221
|
+
pulumi.set(__self__, "backend", backend)
|
222
|
+
if default_mount is not None:
|
223
|
+
pulumi.set(__self__, "default_mount", default_mount)
|
224
|
+
if default_path_policy is not None:
|
225
|
+
pulumi.set(__self__, "default_path_policy", default_path_policy)
|
226
|
+
if enable_sentinel_parsing is not None:
|
227
|
+
pulumi.set(__self__, "enable_sentinel_parsing", enable_sentinel_parsing)
|
228
|
+
if enabled is not None:
|
229
|
+
pulumi.set(__self__, "enabled", enabled)
|
230
|
+
if label_to_path_policy is not None:
|
231
|
+
pulumi.set(__self__, "label_to_path_policy", label_to_path_policy)
|
232
|
+
if last_updated is not None:
|
233
|
+
pulumi.set(__self__, "last_updated", last_updated)
|
234
|
+
if namespace is not None:
|
235
|
+
pulumi.set(__self__, "namespace", namespace)
|
236
|
+
|
237
|
+
@property
|
238
|
+
@pulumi.getter(name="auditFields")
|
239
|
+
def audit_fields(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
240
|
+
"""
|
241
|
+
Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.
|
242
|
+
|
243
|
+
<a id="nestedatt--authenticators"></a>
|
244
|
+
"""
|
245
|
+
return pulumi.get(self, "audit_fields")
|
246
|
+
|
247
|
+
@audit_fields.setter
|
248
|
+
def audit_fields(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
249
|
+
pulumi.set(self, "audit_fields", value)
|
250
|
+
|
251
|
+
@property
|
252
|
+
@pulumi.getter
|
253
|
+
def authenticators(self) -> Optional[pulumi.Input['BackendConfigEstAuthenticatorsArgs']]:
|
254
|
+
"""
|
255
|
+
Lists the mount accessors EST should delegate authentication requests towards (see below for nested schema).
|
256
|
+
"""
|
257
|
+
return pulumi.get(self, "authenticators")
|
258
|
+
|
259
|
+
@authenticators.setter
|
260
|
+
def authenticators(self, value: Optional[pulumi.Input['BackendConfigEstAuthenticatorsArgs']]):
|
261
|
+
pulumi.set(self, "authenticators", value)
|
262
|
+
|
263
|
+
@property
|
264
|
+
@pulumi.getter
|
265
|
+
def backend(self) -> Optional[pulumi.Input[str]]:
|
266
|
+
"""
|
267
|
+
The path to the PKI secret backend to
|
268
|
+
read the EST configuration from, with no leading or trailing `/`s.
|
269
|
+
"""
|
270
|
+
return pulumi.get(self, "backend")
|
271
|
+
|
272
|
+
@backend.setter
|
273
|
+
def backend(self, value: Optional[pulumi.Input[str]]):
|
274
|
+
pulumi.set(self, "backend", value)
|
275
|
+
|
276
|
+
@property
|
277
|
+
@pulumi.getter(name="defaultMount")
|
278
|
+
def default_mount(self) -> Optional[pulumi.Input[bool]]:
|
279
|
+
"""
|
280
|
+
If set, this mount will register the default `.well-known/est` URL path. Only a single mount can enable this across a Vault cluster.
|
281
|
+
"""
|
282
|
+
return pulumi.get(self, "default_mount")
|
283
|
+
|
284
|
+
@default_mount.setter
|
285
|
+
def default_mount(self, value: Optional[pulumi.Input[bool]]):
|
286
|
+
pulumi.set(self, "default_mount", value)
|
287
|
+
|
288
|
+
@property
|
289
|
+
@pulumi.getter(name="defaultPathPolicy")
|
290
|
+
def default_path_policy(self) -> Optional[pulumi.Input[str]]:
|
291
|
+
"""
|
292
|
+
Required to be set if default_mount is enabled. Specifies the behavior for requests using the default EST label. Can be sign-verbatim or a role given by role:<role_name>.
|
293
|
+
"""
|
294
|
+
return pulumi.get(self, "default_path_policy")
|
295
|
+
|
296
|
+
@default_path_policy.setter
|
297
|
+
def default_path_policy(self, value: Optional[pulumi.Input[str]]):
|
298
|
+
pulumi.set(self, "default_path_policy", value)
|
299
|
+
|
300
|
+
@property
|
301
|
+
@pulumi.getter(name="enableSentinelParsing")
|
302
|
+
def enable_sentinel_parsing(self) -> Optional[pulumi.Input[bool]]:
|
303
|
+
"""
|
304
|
+
If set, parse out fields from the provided CSR making them available for Sentinel policies.
|
305
|
+
"""
|
306
|
+
return pulumi.get(self, "enable_sentinel_parsing")
|
307
|
+
|
308
|
+
@enable_sentinel_parsing.setter
|
309
|
+
def enable_sentinel_parsing(self, value: Optional[pulumi.Input[bool]]):
|
310
|
+
pulumi.set(self, "enable_sentinel_parsing", value)
|
311
|
+
|
312
|
+
@property
|
313
|
+
@pulumi.getter
|
314
|
+
def enabled(self) -> Optional[pulumi.Input[bool]]:
|
315
|
+
"""
|
316
|
+
Specifies whether EST is enabled.
|
317
|
+
"""
|
318
|
+
return pulumi.get(self, "enabled")
|
319
|
+
|
320
|
+
@enabled.setter
|
321
|
+
def enabled(self, value: Optional[pulumi.Input[bool]]):
|
322
|
+
pulumi.set(self, "enabled", value)
|
323
|
+
|
324
|
+
@property
|
325
|
+
@pulumi.getter(name="labelToPathPolicy")
|
326
|
+
def label_to_path_policy(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
|
327
|
+
"""
|
328
|
+
Configures a pairing of an EST label with the redirected behavior for requests hitting that role. The path policy can be sign-verbatim or a role given by role:<role_name>. Labels must be unique across Vault cluster, and will register .well-known/est/<label> URL paths.
|
329
|
+
"""
|
330
|
+
return pulumi.get(self, "label_to_path_policy")
|
331
|
+
|
332
|
+
@label_to_path_policy.setter
|
333
|
+
def label_to_path_policy(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
|
334
|
+
pulumi.set(self, "label_to_path_policy", value)
|
335
|
+
|
336
|
+
@property
|
337
|
+
@pulumi.getter(name="lastUpdated")
|
338
|
+
def last_updated(self) -> Optional[pulumi.Input[str]]:
|
339
|
+
"""
|
340
|
+
A read-only timestamp representing the last time the configuration was updated.
|
341
|
+
"""
|
342
|
+
return pulumi.get(self, "last_updated")
|
343
|
+
|
344
|
+
@last_updated.setter
|
345
|
+
def last_updated(self, value: Optional[pulumi.Input[str]]):
|
346
|
+
pulumi.set(self, "last_updated", value)
|
347
|
+
|
348
|
+
@property
|
349
|
+
@pulumi.getter
|
350
|
+
def namespace(self) -> Optional[pulumi.Input[str]]:
|
351
|
+
"""
|
352
|
+
The namespace of the target resource.
|
353
|
+
The value should not contain leading or trailing forward slashes.
|
354
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
355
|
+
*Available only for Vault Enterprise*.
|
356
|
+
"""
|
357
|
+
return pulumi.get(self, "namespace")
|
358
|
+
|
359
|
+
@namespace.setter
|
360
|
+
def namespace(self, value: Optional[pulumi.Input[str]]):
|
361
|
+
pulumi.set(self, "namespace", value)
|
362
|
+
|
363
|
+
|
364
|
+
class BackendConfigEst(pulumi.CustomResource):
|
365
|
+
@overload
|
366
|
+
def __init__(__self__,
|
367
|
+
resource_name: str,
|
368
|
+
opts: Optional[pulumi.ResourceOptions] = None,
|
369
|
+
audit_fields: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
370
|
+
authenticators: Optional[pulumi.Input[Union['BackendConfigEstAuthenticatorsArgs', 'BackendConfigEstAuthenticatorsArgsDict']]] = None,
|
371
|
+
backend: Optional[pulumi.Input[str]] = None,
|
372
|
+
default_mount: Optional[pulumi.Input[bool]] = None,
|
373
|
+
default_path_policy: Optional[pulumi.Input[str]] = None,
|
374
|
+
enable_sentinel_parsing: Optional[pulumi.Input[bool]] = None,
|
375
|
+
enabled: Optional[pulumi.Input[bool]] = None,
|
376
|
+
label_to_path_policy: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
377
|
+
namespace: Optional[pulumi.Input[str]] = None,
|
378
|
+
__props__=None):
|
379
|
+
"""
|
380
|
+
Allows setting the EST configuration on a PKI Secret Backend
|
381
|
+
|
382
|
+
## Import
|
383
|
+
|
384
|
+
The PKI config cluster can be imported using the resource's `id`.
|
385
|
+
In the case of the example above the `id` would be `pki-root/config/est`,
|
386
|
+
where the `pki-root` component is the resource's `backend`, e.g.
|
387
|
+
|
388
|
+
```sh
|
389
|
+
$ pulumi import vault:pkiSecret/backendConfigEst:BackendConfigEst example pki-root/config/est
|
390
|
+
```
|
391
|
+
|
392
|
+
:param str resource_name: The name of the resource.
|
393
|
+
:param pulumi.ResourceOptions opts: Options for the resource.
|
394
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] audit_fields: Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.
|
395
|
+
|
396
|
+
<a id="nestedatt--authenticators"></a>
|
397
|
+
:param pulumi.Input[Union['BackendConfigEstAuthenticatorsArgs', 'BackendConfigEstAuthenticatorsArgsDict']] authenticators: Lists the mount accessors EST should delegate authentication requests towards (see below for nested schema).
|
398
|
+
:param pulumi.Input[str] backend: The path to the PKI secret backend to
|
399
|
+
read the EST configuration from, with no leading or trailing `/`s.
|
400
|
+
:param pulumi.Input[bool] default_mount: If set, this mount will register the default `.well-known/est` URL path. Only a single mount can enable this across a Vault cluster.
|
401
|
+
:param pulumi.Input[str] default_path_policy: Required to be set if default_mount is enabled. Specifies the behavior for requests using the default EST label. Can be sign-verbatim or a role given by role:<role_name>.
|
402
|
+
:param pulumi.Input[bool] enable_sentinel_parsing: If set, parse out fields from the provided CSR making them available for Sentinel policies.
|
403
|
+
:param pulumi.Input[bool] enabled: Specifies whether EST is enabled.
|
404
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] label_to_path_policy: Configures a pairing of an EST label with the redirected behavior for requests hitting that role. The path policy can be sign-verbatim or a role given by role:<role_name>. Labels must be unique across Vault cluster, and will register .well-known/est/<label> URL paths.
|
405
|
+
:param pulumi.Input[str] namespace: The namespace of the target resource.
|
406
|
+
The value should not contain leading or trailing forward slashes.
|
407
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
408
|
+
*Available only for Vault Enterprise*.
|
409
|
+
"""
|
410
|
+
...
|
411
|
+
@overload
|
412
|
+
def __init__(__self__,
|
413
|
+
resource_name: str,
|
414
|
+
args: BackendConfigEstArgs,
|
415
|
+
opts: Optional[pulumi.ResourceOptions] = None):
|
416
|
+
"""
|
417
|
+
Allows setting the EST configuration on a PKI Secret Backend
|
418
|
+
|
419
|
+
## Import
|
420
|
+
|
421
|
+
The PKI config cluster can be imported using the resource's `id`.
|
422
|
+
In the case of the example above the `id` would be `pki-root/config/est`,
|
423
|
+
where the `pki-root` component is the resource's `backend`, e.g.
|
424
|
+
|
425
|
+
```sh
|
426
|
+
$ pulumi import vault:pkiSecret/backendConfigEst:BackendConfigEst example pki-root/config/est
|
427
|
+
```
|
428
|
+
|
429
|
+
:param str resource_name: The name of the resource.
|
430
|
+
:param BackendConfigEstArgs args: The arguments to use to populate this resource's properties.
|
431
|
+
:param pulumi.ResourceOptions opts: Options for the resource.
|
432
|
+
"""
|
433
|
+
...
|
434
|
+
def __init__(__self__, resource_name: str, *args, **kwargs):
|
435
|
+
resource_args, opts = _utilities.get_resource_args_opts(BackendConfigEstArgs, pulumi.ResourceOptions, *args, **kwargs)
|
436
|
+
if resource_args is not None:
|
437
|
+
__self__._internal_init(resource_name, opts, **resource_args.__dict__)
|
438
|
+
else:
|
439
|
+
__self__._internal_init(resource_name, *args, **kwargs)
|
440
|
+
|
441
|
+
def _internal_init(__self__,
|
442
|
+
resource_name: str,
|
443
|
+
opts: Optional[pulumi.ResourceOptions] = None,
|
444
|
+
audit_fields: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
445
|
+
authenticators: Optional[pulumi.Input[Union['BackendConfigEstAuthenticatorsArgs', 'BackendConfigEstAuthenticatorsArgsDict']]] = None,
|
446
|
+
backend: Optional[pulumi.Input[str]] = None,
|
447
|
+
default_mount: Optional[pulumi.Input[bool]] = None,
|
448
|
+
default_path_policy: Optional[pulumi.Input[str]] = None,
|
449
|
+
enable_sentinel_parsing: Optional[pulumi.Input[bool]] = None,
|
450
|
+
enabled: Optional[pulumi.Input[bool]] = None,
|
451
|
+
label_to_path_policy: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
452
|
+
namespace: Optional[pulumi.Input[str]] = None,
|
453
|
+
__props__=None):
|
454
|
+
opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
|
455
|
+
if not isinstance(opts, pulumi.ResourceOptions):
|
456
|
+
raise TypeError('Expected resource options to be a ResourceOptions instance')
|
457
|
+
if opts.id is None:
|
458
|
+
if __props__ is not None:
|
459
|
+
raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource')
|
460
|
+
__props__ = BackendConfigEstArgs.__new__(BackendConfigEstArgs)
|
461
|
+
|
462
|
+
__props__.__dict__["audit_fields"] = audit_fields
|
463
|
+
__props__.__dict__["authenticators"] = authenticators
|
464
|
+
if backend is None and not opts.urn:
|
465
|
+
raise TypeError("Missing required property 'backend'")
|
466
|
+
__props__.__dict__["backend"] = backend
|
467
|
+
__props__.__dict__["default_mount"] = default_mount
|
468
|
+
__props__.__dict__["default_path_policy"] = default_path_policy
|
469
|
+
__props__.__dict__["enable_sentinel_parsing"] = enable_sentinel_parsing
|
470
|
+
__props__.__dict__["enabled"] = enabled
|
471
|
+
__props__.__dict__["label_to_path_policy"] = label_to_path_policy
|
472
|
+
__props__.__dict__["namespace"] = namespace
|
473
|
+
__props__.__dict__["last_updated"] = None
|
474
|
+
super(BackendConfigEst, __self__).__init__(
|
475
|
+
'vault:pkiSecret/backendConfigEst:BackendConfigEst',
|
476
|
+
resource_name,
|
477
|
+
__props__,
|
478
|
+
opts)
|
479
|
+
|
480
|
+
@staticmethod
|
481
|
+
def get(resource_name: str,
|
482
|
+
id: pulumi.Input[str],
|
483
|
+
opts: Optional[pulumi.ResourceOptions] = None,
|
484
|
+
audit_fields: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
485
|
+
authenticators: Optional[pulumi.Input[Union['BackendConfigEstAuthenticatorsArgs', 'BackendConfigEstAuthenticatorsArgsDict']]] = None,
|
486
|
+
backend: Optional[pulumi.Input[str]] = None,
|
487
|
+
default_mount: Optional[pulumi.Input[bool]] = None,
|
488
|
+
default_path_policy: Optional[pulumi.Input[str]] = None,
|
489
|
+
enable_sentinel_parsing: Optional[pulumi.Input[bool]] = None,
|
490
|
+
enabled: Optional[pulumi.Input[bool]] = None,
|
491
|
+
label_to_path_policy: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
492
|
+
last_updated: Optional[pulumi.Input[str]] = None,
|
493
|
+
namespace: Optional[pulumi.Input[str]] = None) -> 'BackendConfigEst':
|
494
|
+
"""
|
495
|
+
Get an existing BackendConfigEst resource's state with the given name, id, and optional extra
|
496
|
+
properties used to qualify the lookup.
|
497
|
+
|
498
|
+
:param str resource_name: The unique name of the resulting resource.
|
499
|
+
:param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
|
500
|
+
:param pulumi.ResourceOptions opts: Options for the resource.
|
501
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] audit_fields: Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.
|
502
|
+
|
503
|
+
<a id="nestedatt--authenticators"></a>
|
504
|
+
:param pulumi.Input[Union['BackendConfigEstAuthenticatorsArgs', 'BackendConfigEstAuthenticatorsArgsDict']] authenticators: Lists the mount accessors EST should delegate authentication requests towards (see below for nested schema).
|
505
|
+
:param pulumi.Input[str] backend: The path to the PKI secret backend to
|
506
|
+
read the EST configuration from, with no leading or trailing `/`s.
|
507
|
+
:param pulumi.Input[bool] default_mount: If set, this mount will register the default `.well-known/est` URL path. Only a single mount can enable this across a Vault cluster.
|
508
|
+
:param pulumi.Input[str] default_path_policy: Required to be set if default_mount is enabled. Specifies the behavior for requests using the default EST label. Can be sign-verbatim or a role given by role:<role_name>.
|
509
|
+
:param pulumi.Input[bool] enable_sentinel_parsing: If set, parse out fields from the provided CSR making them available for Sentinel policies.
|
510
|
+
:param pulumi.Input[bool] enabled: Specifies whether EST is enabled.
|
511
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] label_to_path_policy: Configures a pairing of an EST label with the redirected behavior for requests hitting that role. The path policy can be sign-verbatim or a role given by role:<role_name>. Labels must be unique across Vault cluster, and will register .well-known/est/<label> URL paths.
|
512
|
+
:param pulumi.Input[str] last_updated: A read-only timestamp representing the last time the configuration was updated.
|
513
|
+
:param pulumi.Input[str] namespace: The namespace of the target resource.
|
514
|
+
The value should not contain leading or trailing forward slashes.
|
515
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
516
|
+
*Available only for Vault Enterprise*.
|
517
|
+
"""
|
518
|
+
opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
|
519
|
+
|
520
|
+
__props__ = _BackendConfigEstState.__new__(_BackendConfigEstState)
|
521
|
+
|
522
|
+
__props__.__dict__["audit_fields"] = audit_fields
|
523
|
+
__props__.__dict__["authenticators"] = authenticators
|
524
|
+
__props__.__dict__["backend"] = backend
|
525
|
+
__props__.__dict__["default_mount"] = default_mount
|
526
|
+
__props__.__dict__["default_path_policy"] = default_path_policy
|
527
|
+
__props__.__dict__["enable_sentinel_parsing"] = enable_sentinel_parsing
|
528
|
+
__props__.__dict__["enabled"] = enabled
|
529
|
+
__props__.__dict__["label_to_path_policy"] = label_to_path_policy
|
530
|
+
__props__.__dict__["last_updated"] = last_updated
|
531
|
+
__props__.__dict__["namespace"] = namespace
|
532
|
+
return BackendConfigEst(resource_name, opts=opts, __props__=__props__)
|
533
|
+
|
534
|
+
@property
|
535
|
+
@pulumi.getter(name="auditFields")
|
536
|
+
def audit_fields(self) -> pulumi.Output[Sequence[str]]:
|
537
|
+
"""
|
538
|
+
Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.
|
539
|
+
|
540
|
+
<a id="nestedatt--authenticators"></a>
|
541
|
+
"""
|
542
|
+
return pulumi.get(self, "audit_fields")
|
543
|
+
|
544
|
+
@property
|
545
|
+
@pulumi.getter
|
546
|
+
def authenticators(self) -> pulumi.Output['outputs.BackendConfigEstAuthenticators']:
|
547
|
+
"""
|
548
|
+
Lists the mount accessors EST should delegate authentication requests towards (see below for nested schema).
|
549
|
+
"""
|
550
|
+
return pulumi.get(self, "authenticators")
|
551
|
+
|
552
|
+
@property
|
553
|
+
@pulumi.getter
|
554
|
+
def backend(self) -> pulumi.Output[str]:
|
555
|
+
"""
|
556
|
+
The path to the PKI secret backend to
|
557
|
+
read the EST configuration from, with no leading or trailing `/`s.
|
558
|
+
"""
|
559
|
+
return pulumi.get(self, "backend")
|
560
|
+
|
561
|
+
@property
|
562
|
+
@pulumi.getter(name="defaultMount")
|
563
|
+
def default_mount(self) -> pulumi.Output[Optional[bool]]:
|
564
|
+
"""
|
565
|
+
If set, this mount will register the default `.well-known/est` URL path. Only a single mount can enable this across a Vault cluster.
|
566
|
+
"""
|
567
|
+
return pulumi.get(self, "default_mount")
|
568
|
+
|
569
|
+
@property
|
570
|
+
@pulumi.getter(name="defaultPathPolicy")
|
571
|
+
def default_path_policy(self) -> pulumi.Output[Optional[str]]:
|
572
|
+
"""
|
573
|
+
Required to be set if default_mount is enabled. Specifies the behavior for requests using the default EST label. Can be sign-verbatim or a role given by role:<role_name>.
|
574
|
+
"""
|
575
|
+
return pulumi.get(self, "default_path_policy")
|
576
|
+
|
577
|
+
@property
|
578
|
+
@pulumi.getter(name="enableSentinelParsing")
|
579
|
+
def enable_sentinel_parsing(self) -> pulumi.Output[Optional[bool]]:
|
580
|
+
"""
|
581
|
+
If set, parse out fields from the provided CSR making them available for Sentinel policies.
|
582
|
+
"""
|
583
|
+
return pulumi.get(self, "enable_sentinel_parsing")
|
584
|
+
|
585
|
+
@property
|
586
|
+
@pulumi.getter
|
587
|
+
def enabled(self) -> pulumi.Output[Optional[bool]]:
|
588
|
+
"""
|
589
|
+
Specifies whether EST is enabled.
|
590
|
+
"""
|
591
|
+
return pulumi.get(self, "enabled")
|
592
|
+
|
593
|
+
@property
|
594
|
+
@pulumi.getter(name="labelToPathPolicy")
|
595
|
+
def label_to_path_policy(self) -> pulumi.Output[Optional[Mapping[str, str]]]:
|
596
|
+
"""
|
597
|
+
Configures a pairing of an EST label with the redirected behavior for requests hitting that role. The path policy can be sign-verbatim or a role given by role:<role_name>. Labels must be unique across Vault cluster, and will register .well-known/est/<label> URL paths.
|
598
|
+
"""
|
599
|
+
return pulumi.get(self, "label_to_path_policy")
|
600
|
+
|
601
|
+
@property
|
602
|
+
@pulumi.getter(name="lastUpdated")
|
603
|
+
def last_updated(self) -> pulumi.Output[str]:
|
604
|
+
"""
|
605
|
+
A read-only timestamp representing the last time the configuration was updated.
|
606
|
+
"""
|
607
|
+
return pulumi.get(self, "last_updated")
|
608
|
+
|
609
|
+
@property
|
610
|
+
@pulumi.getter
|
611
|
+
def namespace(self) -> pulumi.Output[Optional[str]]:
|
612
|
+
"""
|
613
|
+
The namespace of the target resource.
|
614
|
+
The value should not contain leading or trailing forward slashes.
|
615
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
616
|
+
*Available only for Vault Enterprise*.
|
617
|
+
"""
|
618
|
+
return pulumi.get(self, "namespace")
|
619
|
+
|