pulumi-vault 5.21.0a1709368526__py3-none-any.whl → 6.5.0a1736836139__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (229) hide show
  1. pulumi_vault/__init__.py +52 -0
  2. pulumi_vault/_inputs.py +560 -0
  3. pulumi_vault/_utilities.py +41 -5
  4. pulumi_vault/ad/get_access_credentials.py +26 -9
  5. pulumi_vault/ad/secret_backend.py +16 -142
  6. pulumi_vault/ad/secret_library.py +16 -9
  7. pulumi_vault/ad/secret_role.py +14 -9
  8. pulumi_vault/alicloud/auth_backend_role.py +76 -190
  9. pulumi_vault/approle/auth_backend_login.py +12 -7
  10. pulumi_vault/approle/auth_backend_role.py +77 -191
  11. pulumi_vault/approle/auth_backend_role_secret_id.py +106 -7
  12. pulumi_vault/approle/get_auth_backend_role_id.py +18 -5
  13. pulumi_vault/audit.py +30 -21
  14. pulumi_vault/audit_request_header.py +11 -2
  15. pulumi_vault/auth_backend.py +66 -14
  16. pulumi_vault/aws/auth_backend_cert.py +18 -9
  17. pulumi_vault/aws/auth_backend_client.py +267 -22
  18. pulumi_vault/aws/auth_backend_config_identity.py +14 -9
  19. pulumi_vault/aws/auth_backend_identity_whitelist.py +20 -15
  20. pulumi_vault/aws/auth_backend_login.py +19 -22
  21. pulumi_vault/aws/auth_backend_role.py +77 -191
  22. pulumi_vault/aws/auth_backend_role_tag.py +12 -7
  23. pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -13
  24. pulumi_vault/aws/auth_backend_sts_role.py +14 -9
  25. pulumi_vault/aws/get_access_credentials.py +38 -9
  26. pulumi_vault/aws/get_static_access_credentials.py +19 -5
  27. pulumi_vault/aws/secret_backend.py +77 -9
  28. pulumi_vault/aws/secret_backend_role.py +185 -9
  29. pulumi_vault/aws/secret_backend_static_role.py +20 -11
  30. pulumi_vault/azure/_inputs.py +24 -0
  31. pulumi_vault/azure/auth_backend_config.py +153 -15
  32. pulumi_vault/azure/auth_backend_role.py +77 -191
  33. pulumi_vault/azure/backend.py +227 -21
  34. pulumi_vault/azure/backend_role.py +42 -37
  35. pulumi_vault/azure/get_access_credentials.py +41 -7
  36. pulumi_vault/azure/outputs.py +5 -0
  37. pulumi_vault/cert_auth_backend_role.py +87 -267
  38. pulumi_vault/config/__init__.pyi +5 -0
  39. pulumi_vault/config/_inputs.py +73 -0
  40. pulumi_vault/config/outputs.py +35 -0
  41. pulumi_vault/config/ui_custom_message.py +529 -0
  42. pulumi_vault/config/vars.py +5 -0
  43. pulumi_vault/consul/secret_backend.py +28 -19
  44. pulumi_vault/consul/secret_backend_role.py +18 -78
  45. pulumi_vault/database/_inputs.py +2770 -881
  46. pulumi_vault/database/outputs.py +721 -838
  47. pulumi_vault/database/secret_backend_connection.py +119 -112
  48. pulumi_vault/database/secret_backend_role.py +31 -22
  49. pulumi_vault/database/secret_backend_static_role.py +87 -13
  50. pulumi_vault/database/secrets_mount.py +427 -136
  51. pulumi_vault/egp_policy.py +16 -11
  52. pulumi_vault/gcp/_inputs.py +111 -0
  53. pulumi_vault/gcp/auth_backend.py +250 -33
  54. pulumi_vault/gcp/auth_backend_role.py +77 -269
  55. pulumi_vault/gcp/get_auth_backend_role.py +43 -5
  56. pulumi_vault/gcp/outputs.py +5 -0
  57. pulumi_vault/gcp/secret_backend.py +287 -12
  58. pulumi_vault/gcp/secret_impersonated_account.py +76 -15
  59. pulumi_vault/gcp/secret_roleset.py +31 -24
  60. pulumi_vault/gcp/secret_static_account.py +39 -32
  61. pulumi_vault/generic/endpoint.py +24 -17
  62. pulumi_vault/generic/get_secret.py +64 -8
  63. pulumi_vault/generic/secret.py +21 -16
  64. pulumi_vault/get_auth_backend.py +24 -7
  65. pulumi_vault/get_auth_backends.py +51 -9
  66. pulumi_vault/get_namespace.py +226 -0
  67. pulumi_vault/get_namespaces.py +153 -0
  68. pulumi_vault/get_nomad_access_token.py +31 -11
  69. pulumi_vault/get_policy_document.py +34 -19
  70. pulumi_vault/get_raft_autopilot_state.py +29 -10
  71. pulumi_vault/github/_inputs.py +55 -0
  72. pulumi_vault/github/auth_backend.py +19 -14
  73. pulumi_vault/github/outputs.py +5 -0
  74. pulumi_vault/github/team.py +16 -11
  75. pulumi_vault/github/user.py +16 -11
  76. pulumi_vault/identity/entity.py +20 -13
  77. pulumi_vault/identity/entity_alias.py +20 -13
  78. pulumi_vault/identity/entity_policies.py +28 -11
  79. pulumi_vault/identity/get_entity.py +42 -10
  80. pulumi_vault/identity/get_group.py +47 -9
  81. pulumi_vault/identity/get_oidc_client_creds.py +21 -7
  82. pulumi_vault/identity/get_oidc_openid_config.py +39 -9
  83. pulumi_vault/identity/get_oidc_public_keys.py +29 -10
  84. pulumi_vault/identity/group.py +58 -39
  85. pulumi_vault/identity/group_alias.py +16 -9
  86. pulumi_vault/identity/group_member_entity_ids.py +28 -66
  87. pulumi_vault/identity/group_member_group_ids.py +40 -19
  88. pulumi_vault/identity/group_policies.py +20 -7
  89. pulumi_vault/identity/mfa_duo.py +11 -6
  90. pulumi_vault/identity/mfa_login_enforcement.py +15 -6
  91. pulumi_vault/identity/mfa_okta.py +11 -6
  92. pulumi_vault/identity/mfa_pingid.py +7 -2
  93. pulumi_vault/identity/mfa_totp.py +7 -2
  94. pulumi_vault/identity/oidc.py +12 -7
  95. pulumi_vault/identity/oidc_assignment.py +24 -11
  96. pulumi_vault/identity/oidc_client.py +36 -23
  97. pulumi_vault/identity/oidc_key.py +30 -17
  98. pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -15
  99. pulumi_vault/identity/oidc_provider.py +36 -21
  100. pulumi_vault/identity/oidc_role.py +42 -21
  101. pulumi_vault/identity/oidc_scope.py +20 -13
  102. pulumi_vault/identity/outputs.py +8 -3
  103. pulumi_vault/jwt/_inputs.py +55 -0
  104. pulumi_vault/jwt/auth_backend.py +45 -40
  105. pulumi_vault/jwt/auth_backend_role.py +133 -254
  106. pulumi_vault/jwt/outputs.py +5 -0
  107. pulumi_vault/kmip/secret_backend.py +24 -19
  108. pulumi_vault/kmip/secret_role.py +14 -9
  109. pulumi_vault/kmip/secret_scope.py +14 -9
  110. pulumi_vault/kubernetes/auth_backend_config.py +57 -5
  111. pulumi_vault/kubernetes/auth_backend_role.py +70 -177
  112. pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
  113. pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
  114. pulumi_vault/kubernetes/get_service_account_token.py +39 -11
  115. pulumi_vault/kubernetes/secret_backend.py +316 -27
  116. pulumi_vault/kubernetes/secret_backend_role.py +137 -46
  117. pulumi_vault/kv/_inputs.py +36 -4
  118. pulumi_vault/kv/get_secret.py +25 -8
  119. pulumi_vault/kv/get_secret_subkeys_v2.py +33 -10
  120. pulumi_vault/kv/get_secret_v2.py +85 -9
  121. pulumi_vault/kv/get_secrets_list.py +24 -11
  122. pulumi_vault/kv/get_secrets_list_v2.py +37 -15
  123. pulumi_vault/kv/outputs.py +8 -3
  124. pulumi_vault/kv/secret.py +23 -16
  125. pulumi_vault/kv/secret_backend_v2.py +20 -11
  126. pulumi_vault/kv/secret_v2.py +59 -50
  127. pulumi_vault/ldap/auth_backend.py +127 -166
  128. pulumi_vault/ldap/auth_backend_group.py +14 -9
  129. pulumi_vault/ldap/auth_backend_user.py +14 -9
  130. pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
  131. pulumi_vault/ldap/get_static_credentials.py +24 -5
  132. pulumi_vault/ldap/secret_backend.py +354 -82
  133. pulumi_vault/ldap/secret_backend_dynamic_role.py +18 -11
  134. pulumi_vault/ldap/secret_backend_library_set.py +16 -9
  135. pulumi_vault/ldap/secret_backend_static_role.py +73 -12
  136. pulumi_vault/managed/_inputs.py +289 -132
  137. pulumi_vault/managed/keys.py +29 -57
  138. pulumi_vault/managed/outputs.py +89 -132
  139. pulumi_vault/mfa_duo.py +18 -11
  140. pulumi_vault/mfa_okta.py +18 -11
  141. pulumi_vault/mfa_pingid.py +18 -11
  142. pulumi_vault/mfa_totp.py +24 -17
  143. pulumi_vault/mongodbatlas/secret_backend.py +20 -15
  144. pulumi_vault/mongodbatlas/secret_role.py +47 -38
  145. pulumi_vault/mount.py +391 -51
  146. pulumi_vault/namespace.py +68 -83
  147. pulumi_vault/nomad_secret_backend.py +18 -13
  148. pulumi_vault/nomad_secret_role.py +14 -9
  149. pulumi_vault/okta/_inputs.py +47 -8
  150. pulumi_vault/okta/auth_backend.py +485 -39
  151. pulumi_vault/okta/auth_backend_group.py +14 -9
  152. pulumi_vault/okta/auth_backend_user.py +14 -9
  153. pulumi_vault/okta/outputs.py +13 -8
  154. pulumi_vault/outputs.py +5 -0
  155. pulumi_vault/password_policy.py +20 -13
  156. pulumi_vault/pkisecret/__init__.py +3 -0
  157. pulumi_vault/pkisecret/_inputs.py +81 -0
  158. pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
  159. pulumi_vault/pkisecret/backend_config_est.py +619 -0
  160. pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
  161. pulumi_vault/pkisecret/get_backend_issuer.py +67 -9
  162. pulumi_vault/pkisecret/get_backend_issuers.py +21 -8
  163. pulumi_vault/pkisecret/get_backend_key.py +24 -9
  164. pulumi_vault/pkisecret/get_backend_keys.py +21 -8
  165. pulumi_vault/pkisecret/outputs.py +69 -0
  166. pulumi_vault/pkisecret/secret_backend_cert.py +18 -11
  167. pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -11
  168. pulumi_vault/pkisecret/secret_backend_config_issuers.py +14 -9
  169. pulumi_vault/pkisecret/secret_backend_config_urls.py +67 -11
  170. pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -9
  171. pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -11
  172. pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -17
  173. pulumi_vault/pkisecret/secret_backend_issuer.py +14 -9
  174. pulumi_vault/pkisecret/secret_backend_key.py +14 -9
  175. pulumi_vault/pkisecret/secret_backend_role.py +21 -14
  176. pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -48
  177. pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -56
  178. pulumi_vault/pkisecret/secret_backend_sign.py +18 -54
  179. pulumi_vault/plugin.py +595 -0
  180. pulumi_vault/plugin_pinned_version.py +298 -0
  181. pulumi_vault/policy.py +14 -9
  182. pulumi_vault/provider.py +48 -53
  183. pulumi_vault/pulumi-plugin.json +2 -1
  184. pulumi_vault/quota_lease_count.py +60 -6
  185. pulumi_vault/quota_rate_limit.py +56 -2
  186. pulumi_vault/rabbitmq/_inputs.py +61 -0
  187. pulumi_vault/rabbitmq/outputs.py +5 -0
  188. pulumi_vault/rabbitmq/secret_backend.py +18 -13
  189. pulumi_vault/rabbitmq/secret_backend_role.py +54 -47
  190. pulumi_vault/raft_autopilot.py +14 -9
  191. pulumi_vault/raft_snapshot_agent_config.py +129 -224
  192. pulumi_vault/rgp_policy.py +14 -9
  193. pulumi_vault/saml/auth_backend.py +22 -17
  194. pulumi_vault/saml/auth_backend_role.py +92 -197
  195. pulumi_vault/secrets/__init__.py +3 -0
  196. pulumi_vault/secrets/_inputs.py +110 -0
  197. pulumi_vault/secrets/outputs.py +94 -0
  198. pulumi_vault/secrets/sync_association.py +56 -71
  199. pulumi_vault/secrets/sync_aws_destination.py +242 -27
  200. pulumi_vault/secrets/sync_azure_destination.py +92 -31
  201. pulumi_vault/secrets/sync_config.py +9 -4
  202. pulumi_vault/secrets/sync_gcp_destination.py +158 -25
  203. pulumi_vault/secrets/sync_gh_destination.py +189 -13
  204. pulumi_vault/secrets/sync_github_apps.py +375 -0
  205. pulumi_vault/secrets/sync_vercel_destination.py +74 -13
  206. pulumi_vault/ssh/_inputs.py +28 -28
  207. pulumi_vault/ssh/outputs.py +11 -28
  208. pulumi_vault/ssh/secret_backend_ca.py +108 -9
  209. pulumi_vault/ssh/secret_backend_role.py +85 -118
  210. pulumi_vault/terraformcloud/secret_backend.py +7 -54
  211. pulumi_vault/terraformcloud/secret_creds.py +14 -20
  212. pulumi_vault/terraformcloud/secret_role.py +16 -74
  213. pulumi_vault/token.py +28 -23
  214. pulumi_vault/tokenauth/auth_backend_role.py +78 -199
  215. pulumi_vault/transform/alphabet.py +16 -9
  216. pulumi_vault/transform/get_decode.py +45 -17
  217. pulumi_vault/transform/get_encode.py +45 -17
  218. pulumi_vault/transform/role.py +16 -9
  219. pulumi_vault/transform/template.py +30 -21
  220. pulumi_vault/transform/transformation.py +12 -7
  221. pulumi_vault/transit/get_decrypt.py +26 -21
  222. pulumi_vault/transit/get_encrypt.py +24 -19
  223. pulumi_vault/transit/secret_backend_key.py +27 -93
  224. pulumi_vault/transit/secret_cache_config.py +12 -7
  225. {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/METADATA +8 -7
  226. pulumi_vault-6.5.0a1736836139.dist-info/RECORD +256 -0
  227. {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/WHEEL +1 -1
  228. pulumi_vault-5.21.0a1709368526.dist-info/RECORD +0 -244
  229. {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/top_level.txt +0 -0
@@ -0,0 +1,619 @@
1
+ # coding=utf-8
2
+ # *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
3
+ # *** Do not edit by hand unless you're certain you know what you are doing! ***
4
+
5
+ import copy
6
+ import warnings
7
+ import sys
8
+ import pulumi
9
+ import pulumi.runtime
10
+ from typing import Any, Mapping, Optional, Sequence, Union, overload
11
+ if sys.version_info >= (3, 11):
12
+ from typing import NotRequired, TypedDict, TypeAlias
13
+ else:
14
+ from typing_extensions import NotRequired, TypedDict, TypeAlias
15
+ from .. import _utilities
16
+ from . import outputs
17
+ from ._inputs import *
18
+
19
+ __all__ = ['BackendConfigEstArgs', 'BackendConfigEst']
20
+
21
+ @pulumi.input_type
22
+ class BackendConfigEstArgs:
23
+ def __init__(__self__, *,
24
+ backend: pulumi.Input[str],
25
+ audit_fields: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
26
+ authenticators: Optional[pulumi.Input['BackendConfigEstAuthenticatorsArgs']] = None,
27
+ default_mount: Optional[pulumi.Input[bool]] = None,
28
+ default_path_policy: Optional[pulumi.Input[str]] = None,
29
+ enable_sentinel_parsing: Optional[pulumi.Input[bool]] = None,
30
+ enabled: Optional[pulumi.Input[bool]] = None,
31
+ label_to_path_policy: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
32
+ namespace: Optional[pulumi.Input[str]] = None):
33
+ """
34
+ The set of arguments for constructing a BackendConfigEst resource.
35
+ :param pulumi.Input[str] backend: The path to the PKI secret backend to
36
+ read the EST configuration from, with no leading or trailing `/`s.
37
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] audit_fields: Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.
38
+
39
+ <a id="nestedatt--authenticators"></a>
40
+ :param pulumi.Input['BackendConfigEstAuthenticatorsArgs'] authenticators: Lists the mount accessors EST should delegate authentication requests towards (see below for nested schema).
41
+ :param pulumi.Input[bool] default_mount: If set, this mount will register the default `.well-known/est` URL path. Only a single mount can enable this across a Vault cluster.
42
+ :param pulumi.Input[str] default_path_policy: Required to be set if default_mount is enabled. Specifies the behavior for requests using the default EST label. Can be sign-verbatim or a role given by role:<role_name>.
43
+ :param pulumi.Input[bool] enable_sentinel_parsing: If set, parse out fields from the provided CSR making them available for Sentinel policies.
44
+ :param pulumi.Input[bool] enabled: Specifies whether EST is enabled.
45
+ :param pulumi.Input[Mapping[str, pulumi.Input[str]]] label_to_path_policy: Configures a pairing of an EST label with the redirected behavior for requests hitting that role. The path policy can be sign-verbatim or a role given by role:<role_name>. Labels must be unique across Vault cluster, and will register .well-known/est/<label> URL paths.
46
+ :param pulumi.Input[str] namespace: The namespace of the target resource.
47
+ The value should not contain leading or trailing forward slashes.
48
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
49
+ *Available only for Vault Enterprise*.
50
+ """
51
+ pulumi.set(__self__, "backend", backend)
52
+ if audit_fields is not None:
53
+ pulumi.set(__self__, "audit_fields", audit_fields)
54
+ if authenticators is not None:
55
+ pulumi.set(__self__, "authenticators", authenticators)
56
+ if default_mount is not None:
57
+ pulumi.set(__self__, "default_mount", default_mount)
58
+ if default_path_policy is not None:
59
+ pulumi.set(__self__, "default_path_policy", default_path_policy)
60
+ if enable_sentinel_parsing is not None:
61
+ pulumi.set(__self__, "enable_sentinel_parsing", enable_sentinel_parsing)
62
+ if enabled is not None:
63
+ pulumi.set(__self__, "enabled", enabled)
64
+ if label_to_path_policy is not None:
65
+ pulumi.set(__self__, "label_to_path_policy", label_to_path_policy)
66
+ if namespace is not None:
67
+ pulumi.set(__self__, "namespace", namespace)
68
+
69
+ @property
70
+ @pulumi.getter
71
+ def backend(self) -> pulumi.Input[str]:
72
+ """
73
+ The path to the PKI secret backend to
74
+ read the EST configuration from, with no leading or trailing `/`s.
75
+ """
76
+ return pulumi.get(self, "backend")
77
+
78
+ @backend.setter
79
+ def backend(self, value: pulumi.Input[str]):
80
+ pulumi.set(self, "backend", value)
81
+
82
+ @property
83
+ @pulumi.getter(name="auditFields")
84
+ def audit_fields(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
85
+ """
86
+ Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.
87
+
88
+ <a id="nestedatt--authenticators"></a>
89
+ """
90
+ return pulumi.get(self, "audit_fields")
91
+
92
+ @audit_fields.setter
93
+ def audit_fields(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
94
+ pulumi.set(self, "audit_fields", value)
95
+
96
+ @property
97
+ @pulumi.getter
98
+ def authenticators(self) -> Optional[pulumi.Input['BackendConfigEstAuthenticatorsArgs']]:
99
+ """
100
+ Lists the mount accessors EST should delegate authentication requests towards (see below for nested schema).
101
+ """
102
+ return pulumi.get(self, "authenticators")
103
+
104
+ @authenticators.setter
105
+ def authenticators(self, value: Optional[pulumi.Input['BackendConfigEstAuthenticatorsArgs']]):
106
+ pulumi.set(self, "authenticators", value)
107
+
108
+ @property
109
+ @pulumi.getter(name="defaultMount")
110
+ def default_mount(self) -> Optional[pulumi.Input[bool]]:
111
+ """
112
+ If set, this mount will register the default `.well-known/est` URL path. Only a single mount can enable this across a Vault cluster.
113
+ """
114
+ return pulumi.get(self, "default_mount")
115
+
116
+ @default_mount.setter
117
+ def default_mount(self, value: Optional[pulumi.Input[bool]]):
118
+ pulumi.set(self, "default_mount", value)
119
+
120
+ @property
121
+ @pulumi.getter(name="defaultPathPolicy")
122
+ def default_path_policy(self) -> Optional[pulumi.Input[str]]:
123
+ """
124
+ Required to be set if default_mount is enabled. Specifies the behavior for requests using the default EST label. Can be sign-verbatim or a role given by role:<role_name>.
125
+ """
126
+ return pulumi.get(self, "default_path_policy")
127
+
128
+ @default_path_policy.setter
129
+ def default_path_policy(self, value: Optional[pulumi.Input[str]]):
130
+ pulumi.set(self, "default_path_policy", value)
131
+
132
+ @property
133
+ @pulumi.getter(name="enableSentinelParsing")
134
+ def enable_sentinel_parsing(self) -> Optional[pulumi.Input[bool]]:
135
+ """
136
+ If set, parse out fields from the provided CSR making them available for Sentinel policies.
137
+ """
138
+ return pulumi.get(self, "enable_sentinel_parsing")
139
+
140
+ @enable_sentinel_parsing.setter
141
+ def enable_sentinel_parsing(self, value: Optional[pulumi.Input[bool]]):
142
+ pulumi.set(self, "enable_sentinel_parsing", value)
143
+
144
+ @property
145
+ @pulumi.getter
146
+ def enabled(self) -> Optional[pulumi.Input[bool]]:
147
+ """
148
+ Specifies whether EST is enabled.
149
+ """
150
+ return pulumi.get(self, "enabled")
151
+
152
+ @enabled.setter
153
+ def enabled(self, value: Optional[pulumi.Input[bool]]):
154
+ pulumi.set(self, "enabled", value)
155
+
156
+ @property
157
+ @pulumi.getter(name="labelToPathPolicy")
158
+ def label_to_path_policy(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
159
+ """
160
+ Configures a pairing of an EST label with the redirected behavior for requests hitting that role. The path policy can be sign-verbatim or a role given by role:<role_name>. Labels must be unique across Vault cluster, and will register .well-known/est/<label> URL paths.
161
+ """
162
+ return pulumi.get(self, "label_to_path_policy")
163
+
164
+ @label_to_path_policy.setter
165
+ def label_to_path_policy(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
166
+ pulumi.set(self, "label_to_path_policy", value)
167
+
168
+ @property
169
+ @pulumi.getter
170
+ def namespace(self) -> Optional[pulumi.Input[str]]:
171
+ """
172
+ The namespace of the target resource.
173
+ The value should not contain leading or trailing forward slashes.
174
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
175
+ *Available only for Vault Enterprise*.
176
+ """
177
+ return pulumi.get(self, "namespace")
178
+
179
+ @namespace.setter
180
+ def namespace(self, value: Optional[pulumi.Input[str]]):
181
+ pulumi.set(self, "namespace", value)
182
+
183
+
184
+ @pulumi.input_type
185
+ class _BackendConfigEstState:
186
+ def __init__(__self__, *,
187
+ audit_fields: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
188
+ authenticators: Optional[pulumi.Input['BackendConfigEstAuthenticatorsArgs']] = None,
189
+ backend: Optional[pulumi.Input[str]] = None,
190
+ default_mount: Optional[pulumi.Input[bool]] = None,
191
+ default_path_policy: Optional[pulumi.Input[str]] = None,
192
+ enable_sentinel_parsing: Optional[pulumi.Input[bool]] = None,
193
+ enabled: Optional[pulumi.Input[bool]] = None,
194
+ label_to_path_policy: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
195
+ last_updated: Optional[pulumi.Input[str]] = None,
196
+ namespace: Optional[pulumi.Input[str]] = None):
197
+ """
198
+ Input properties used for looking up and filtering BackendConfigEst resources.
199
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] audit_fields: Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.
200
+
201
+ <a id="nestedatt--authenticators"></a>
202
+ :param pulumi.Input['BackendConfigEstAuthenticatorsArgs'] authenticators: Lists the mount accessors EST should delegate authentication requests towards (see below for nested schema).
203
+ :param pulumi.Input[str] backend: The path to the PKI secret backend to
204
+ read the EST configuration from, with no leading or trailing `/`s.
205
+ :param pulumi.Input[bool] default_mount: If set, this mount will register the default `.well-known/est` URL path. Only a single mount can enable this across a Vault cluster.
206
+ :param pulumi.Input[str] default_path_policy: Required to be set if default_mount is enabled. Specifies the behavior for requests using the default EST label. Can be sign-verbatim or a role given by role:<role_name>.
207
+ :param pulumi.Input[bool] enable_sentinel_parsing: If set, parse out fields from the provided CSR making them available for Sentinel policies.
208
+ :param pulumi.Input[bool] enabled: Specifies whether EST is enabled.
209
+ :param pulumi.Input[Mapping[str, pulumi.Input[str]]] label_to_path_policy: Configures a pairing of an EST label with the redirected behavior for requests hitting that role. The path policy can be sign-verbatim or a role given by role:<role_name>. Labels must be unique across Vault cluster, and will register .well-known/est/<label> URL paths.
210
+ :param pulumi.Input[str] last_updated: A read-only timestamp representing the last time the configuration was updated.
211
+ :param pulumi.Input[str] namespace: The namespace of the target resource.
212
+ The value should not contain leading or trailing forward slashes.
213
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
214
+ *Available only for Vault Enterprise*.
215
+ """
216
+ if audit_fields is not None:
217
+ pulumi.set(__self__, "audit_fields", audit_fields)
218
+ if authenticators is not None:
219
+ pulumi.set(__self__, "authenticators", authenticators)
220
+ if backend is not None:
221
+ pulumi.set(__self__, "backend", backend)
222
+ if default_mount is not None:
223
+ pulumi.set(__self__, "default_mount", default_mount)
224
+ if default_path_policy is not None:
225
+ pulumi.set(__self__, "default_path_policy", default_path_policy)
226
+ if enable_sentinel_parsing is not None:
227
+ pulumi.set(__self__, "enable_sentinel_parsing", enable_sentinel_parsing)
228
+ if enabled is not None:
229
+ pulumi.set(__self__, "enabled", enabled)
230
+ if label_to_path_policy is not None:
231
+ pulumi.set(__self__, "label_to_path_policy", label_to_path_policy)
232
+ if last_updated is not None:
233
+ pulumi.set(__self__, "last_updated", last_updated)
234
+ if namespace is not None:
235
+ pulumi.set(__self__, "namespace", namespace)
236
+
237
+ @property
238
+ @pulumi.getter(name="auditFields")
239
+ def audit_fields(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
240
+ """
241
+ Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.
242
+
243
+ <a id="nestedatt--authenticators"></a>
244
+ """
245
+ return pulumi.get(self, "audit_fields")
246
+
247
+ @audit_fields.setter
248
+ def audit_fields(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
249
+ pulumi.set(self, "audit_fields", value)
250
+
251
+ @property
252
+ @pulumi.getter
253
+ def authenticators(self) -> Optional[pulumi.Input['BackendConfigEstAuthenticatorsArgs']]:
254
+ """
255
+ Lists the mount accessors EST should delegate authentication requests towards (see below for nested schema).
256
+ """
257
+ return pulumi.get(self, "authenticators")
258
+
259
+ @authenticators.setter
260
+ def authenticators(self, value: Optional[pulumi.Input['BackendConfigEstAuthenticatorsArgs']]):
261
+ pulumi.set(self, "authenticators", value)
262
+
263
+ @property
264
+ @pulumi.getter
265
+ def backend(self) -> Optional[pulumi.Input[str]]:
266
+ """
267
+ The path to the PKI secret backend to
268
+ read the EST configuration from, with no leading or trailing `/`s.
269
+ """
270
+ return pulumi.get(self, "backend")
271
+
272
+ @backend.setter
273
+ def backend(self, value: Optional[pulumi.Input[str]]):
274
+ pulumi.set(self, "backend", value)
275
+
276
+ @property
277
+ @pulumi.getter(name="defaultMount")
278
+ def default_mount(self) -> Optional[pulumi.Input[bool]]:
279
+ """
280
+ If set, this mount will register the default `.well-known/est` URL path. Only a single mount can enable this across a Vault cluster.
281
+ """
282
+ return pulumi.get(self, "default_mount")
283
+
284
+ @default_mount.setter
285
+ def default_mount(self, value: Optional[pulumi.Input[bool]]):
286
+ pulumi.set(self, "default_mount", value)
287
+
288
+ @property
289
+ @pulumi.getter(name="defaultPathPolicy")
290
+ def default_path_policy(self) -> Optional[pulumi.Input[str]]:
291
+ """
292
+ Required to be set if default_mount is enabled. Specifies the behavior for requests using the default EST label. Can be sign-verbatim or a role given by role:<role_name>.
293
+ """
294
+ return pulumi.get(self, "default_path_policy")
295
+
296
+ @default_path_policy.setter
297
+ def default_path_policy(self, value: Optional[pulumi.Input[str]]):
298
+ pulumi.set(self, "default_path_policy", value)
299
+
300
+ @property
301
+ @pulumi.getter(name="enableSentinelParsing")
302
+ def enable_sentinel_parsing(self) -> Optional[pulumi.Input[bool]]:
303
+ """
304
+ If set, parse out fields from the provided CSR making them available for Sentinel policies.
305
+ """
306
+ return pulumi.get(self, "enable_sentinel_parsing")
307
+
308
+ @enable_sentinel_parsing.setter
309
+ def enable_sentinel_parsing(self, value: Optional[pulumi.Input[bool]]):
310
+ pulumi.set(self, "enable_sentinel_parsing", value)
311
+
312
+ @property
313
+ @pulumi.getter
314
+ def enabled(self) -> Optional[pulumi.Input[bool]]:
315
+ """
316
+ Specifies whether EST is enabled.
317
+ """
318
+ return pulumi.get(self, "enabled")
319
+
320
+ @enabled.setter
321
+ def enabled(self, value: Optional[pulumi.Input[bool]]):
322
+ pulumi.set(self, "enabled", value)
323
+
324
+ @property
325
+ @pulumi.getter(name="labelToPathPolicy")
326
+ def label_to_path_policy(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
327
+ """
328
+ Configures a pairing of an EST label with the redirected behavior for requests hitting that role. The path policy can be sign-verbatim or a role given by role:<role_name>. Labels must be unique across Vault cluster, and will register .well-known/est/<label> URL paths.
329
+ """
330
+ return pulumi.get(self, "label_to_path_policy")
331
+
332
+ @label_to_path_policy.setter
333
+ def label_to_path_policy(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
334
+ pulumi.set(self, "label_to_path_policy", value)
335
+
336
+ @property
337
+ @pulumi.getter(name="lastUpdated")
338
+ def last_updated(self) -> Optional[pulumi.Input[str]]:
339
+ """
340
+ A read-only timestamp representing the last time the configuration was updated.
341
+ """
342
+ return pulumi.get(self, "last_updated")
343
+
344
+ @last_updated.setter
345
+ def last_updated(self, value: Optional[pulumi.Input[str]]):
346
+ pulumi.set(self, "last_updated", value)
347
+
348
+ @property
349
+ @pulumi.getter
350
+ def namespace(self) -> Optional[pulumi.Input[str]]:
351
+ """
352
+ The namespace of the target resource.
353
+ The value should not contain leading or trailing forward slashes.
354
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
355
+ *Available only for Vault Enterprise*.
356
+ """
357
+ return pulumi.get(self, "namespace")
358
+
359
+ @namespace.setter
360
+ def namespace(self, value: Optional[pulumi.Input[str]]):
361
+ pulumi.set(self, "namespace", value)
362
+
363
+
364
+ class BackendConfigEst(pulumi.CustomResource):
365
+ @overload
366
+ def __init__(__self__,
367
+ resource_name: str,
368
+ opts: Optional[pulumi.ResourceOptions] = None,
369
+ audit_fields: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
370
+ authenticators: Optional[pulumi.Input[Union['BackendConfigEstAuthenticatorsArgs', 'BackendConfigEstAuthenticatorsArgsDict']]] = None,
371
+ backend: Optional[pulumi.Input[str]] = None,
372
+ default_mount: Optional[pulumi.Input[bool]] = None,
373
+ default_path_policy: Optional[pulumi.Input[str]] = None,
374
+ enable_sentinel_parsing: Optional[pulumi.Input[bool]] = None,
375
+ enabled: Optional[pulumi.Input[bool]] = None,
376
+ label_to_path_policy: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
377
+ namespace: Optional[pulumi.Input[str]] = None,
378
+ __props__=None):
379
+ """
380
+ Allows setting the EST configuration on a PKI Secret Backend
381
+
382
+ ## Import
383
+
384
+ The PKI config cluster can be imported using the resource's `id`.
385
+ In the case of the example above the `id` would be `pki-root/config/est`,
386
+ where the `pki-root` component is the resource's `backend`, e.g.
387
+
388
+ ```sh
389
+ $ pulumi import vault:pkiSecret/backendConfigEst:BackendConfigEst example pki-root/config/est
390
+ ```
391
+
392
+ :param str resource_name: The name of the resource.
393
+ :param pulumi.ResourceOptions opts: Options for the resource.
394
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] audit_fields: Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.
395
+
396
+ <a id="nestedatt--authenticators"></a>
397
+ :param pulumi.Input[Union['BackendConfigEstAuthenticatorsArgs', 'BackendConfigEstAuthenticatorsArgsDict']] authenticators: Lists the mount accessors EST should delegate authentication requests towards (see below for nested schema).
398
+ :param pulumi.Input[str] backend: The path to the PKI secret backend to
399
+ read the EST configuration from, with no leading or trailing `/`s.
400
+ :param pulumi.Input[bool] default_mount: If set, this mount will register the default `.well-known/est` URL path. Only a single mount can enable this across a Vault cluster.
401
+ :param pulumi.Input[str] default_path_policy: Required to be set if default_mount is enabled. Specifies the behavior for requests using the default EST label. Can be sign-verbatim or a role given by role:<role_name>.
402
+ :param pulumi.Input[bool] enable_sentinel_parsing: If set, parse out fields from the provided CSR making them available for Sentinel policies.
403
+ :param pulumi.Input[bool] enabled: Specifies whether EST is enabled.
404
+ :param pulumi.Input[Mapping[str, pulumi.Input[str]]] label_to_path_policy: Configures a pairing of an EST label with the redirected behavior for requests hitting that role. The path policy can be sign-verbatim or a role given by role:<role_name>. Labels must be unique across Vault cluster, and will register .well-known/est/<label> URL paths.
405
+ :param pulumi.Input[str] namespace: The namespace of the target resource.
406
+ The value should not contain leading or trailing forward slashes.
407
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
408
+ *Available only for Vault Enterprise*.
409
+ """
410
+ ...
411
+ @overload
412
+ def __init__(__self__,
413
+ resource_name: str,
414
+ args: BackendConfigEstArgs,
415
+ opts: Optional[pulumi.ResourceOptions] = None):
416
+ """
417
+ Allows setting the EST configuration on a PKI Secret Backend
418
+
419
+ ## Import
420
+
421
+ The PKI config cluster can be imported using the resource's `id`.
422
+ In the case of the example above the `id` would be `pki-root/config/est`,
423
+ where the `pki-root` component is the resource's `backend`, e.g.
424
+
425
+ ```sh
426
+ $ pulumi import vault:pkiSecret/backendConfigEst:BackendConfigEst example pki-root/config/est
427
+ ```
428
+
429
+ :param str resource_name: The name of the resource.
430
+ :param BackendConfigEstArgs args: The arguments to use to populate this resource's properties.
431
+ :param pulumi.ResourceOptions opts: Options for the resource.
432
+ """
433
+ ...
434
+ def __init__(__self__, resource_name: str, *args, **kwargs):
435
+ resource_args, opts = _utilities.get_resource_args_opts(BackendConfigEstArgs, pulumi.ResourceOptions, *args, **kwargs)
436
+ if resource_args is not None:
437
+ __self__._internal_init(resource_name, opts, **resource_args.__dict__)
438
+ else:
439
+ __self__._internal_init(resource_name, *args, **kwargs)
440
+
441
+ def _internal_init(__self__,
442
+ resource_name: str,
443
+ opts: Optional[pulumi.ResourceOptions] = None,
444
+ audit_fields: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
445
+ authenticators: Optional[pulumi.Input[Union['BackendConfigEstAuthenticatorsArgs', 'BackendConfigEstAuthenticatorsArgsDict']]] = None,
446
+ backend: Optional[pulumi.Input[str]] = None,
447
+ default_mount: Optional[pulumi.Input[bool]] = None,
448
+ default_path_policy: Optional[pulumi.Input[str]] = None,
449
+ enable_sentinel_parsing: Optional[pulumi.Input[bool]] = None,
450
+ enabled: Optional[pulumi.Input[bool]] = None,
451
+ label_to_path_policy: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
452
+ namespace: Optional[pulumi.Input[str]] = None,
453
+ __props__=None):
454
+ opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
455
+ if not isinstance(opts, pulumi.ResourceOptions):
456
+ raise TypeError('Expected resource options to be a ResourceOptions instance')
457
+ if opts.id is None:
458
+ if __props__ is not None:
459
+ raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource')
460
+ __props__ = BackendConfigEstArgs.__new__(BackendConfigEstArgs)
461
+
462
+ __props__.__dict__["audit_fields"] = audit_fields
463
+ __props__.__dict__["authenticators"] = authenticators
464
+ if backend is None and not opts.urn:
465
+ raise TypeError("Missing required property 'backend'")
466
+ __props__.__dict__["backend"] = backend
467
+ __props__.__dict__["default_mount"] = default_mount
468
+ __props__.__dict__["default_path_policy"] = default_path_policy
469
+ __props__.__dict__["enable_sentinel_parsing"] = enable_sentinel_parsing
470
+ __props__.__dict__["enabled"] = enabled
471
+ __props__.__dict__["label_to_path_policy"] = label_to_path_policy
472
+ __props__.__dict__["namespace"] = namespace
473
+ __props__.__dict__["last_updated"] = None
474
+ super(BackendConfigEst, __self__).__init__(
475
+ 'vault:pkiSecret/backendConfigEst:BackendConfigEst',
476
+ resource_name,
477
+ __props__,
478
+ opts)
479
+
480
+ @staticmethod
481
+ def get(resource_name: str,
482
+ id: pulumi.Input[str],
483
+ opts: Optional[pulumi.ResourceOptions] = None,
484
+ audit_fields: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
485
+ authenticators: Optional[pulumi.Input[Union['BackendConfigEstAuthenticatorsArgs', 'BackendConfigEstAuthenticatorsArgsDict']]] = None,
486
+ backend: Optional[pulumi.Input[str]] = None,
487
+ default_mount: Optional[pulumi.Input[bool]] = None,
488
+ default_path_policy: Optional[pulumi.Input[str]] = None,
489
+ enable_sentinel_parsing: Optional[pulumi.Input[bool]] = None,
490
+ enabled: Optional[pulumi.Input[bool]] = None,
491
+ label_to_path_policy: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
492
+ last_updated: Optional[pulumi.Input[str]] = None,
493
+ namespace: Optional[pulumi.Input[str]] = None) -> 'BackendConfigEst':
494
+ """
495
+ Get an existing BackendConfigEst resource's state with the given name, id, and optional extra
496
+ properties used to qualify the lookup.
497
+
498
+ :param str resource_name: The unique name of the resulting resource.
499
+ :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
500
+ :param pulumi.ResourceOptions opts: Options for the resource.
501
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] audit_fields: Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.
502
+
503
+ <a id="nestedatt--authenticators"></a>
504
+ :param pulumi.Input[Union['BackendConfigEstAuthenticatorsArgs', 'BackendConfigEstAuthenticatorsArgsDict']] authenticators: Lists the mount accessors EST should delegate authentication requests towards (see below for nested schema).
505
+ :param pulumi.Input[str] backend: The path to the PKI secret backend to
506
+ read the EST configuration from, with no leading or trailing `/`s.
507
+ :param pulumi.Input[bool] default_mount: If set, this mount will register the default `.well-known/est` URL path. Only a single mount can enable this across a Vault cluster.
508
+ :param pulumi.Input[str] default_path_policy: Required to be set if default_mount is enabled. Specifies the behavior for requests using the default EST label. Can be sign-verbatim or a role given by role:<role_name>.
509
+ :param pulumi.Input[bool] enable_sentinel_parsing: If set, parse out fields from the provided CSR making them available for Sentinel policies.
510
+ :param pulumi.Input[bool] enabled: Specifies whether EST is enabled.
511
+ :param pulumi.Input[Mapping[str, pulumi.Input[str]]] label_to_path_policy: Configures a pairing of an EST label with the redirected behavior for requests hitting that role. The path policy can be sign-verbatim or a role given by role:<role_name>. Labels must be unique across Vault cluster, and will register .well-known/est/<label> URL paths.
512
+ :param pulumi.Input[str] last_updated: A read-only timestamp representing the last time the configuration was updated.
513
+ :param pulumi.Input[str] namespace: The namespace of the target resource.
514
+ The value should not contain leading or trailing forward slashes.
515
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
516
+ *Available only for Vault Enterprise*.
517
+ """
518
+ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
519
+
520
+ __props__ = _BackendConfigEstState.__new__(_BackendConfigEstState)
521
+
522
+ __props__.__dict__["audit_fields"] = audit_fields
523
+ __props__.__dict__["authenticators"] = authenticators
524
+ __props__.__dict__["backend"] = backend
525
+ __props__.__dict__["default_mount"] = default_mount
526
+ __props__.__dict__["default_path_policy"] = default_path_policy
527
+ __props__.__dict__["enable_sentinel_parsing"] = enable_sentinel_parsing
528
+ __props__.__dict__["enabled"] = enabled
529
+ __props__.__dict__["label_to_path_policy"] = label_to_path_policy
530
+ __props__.__dict__["last_updated"] = last_updated
531
+ __props__.__dict__["namespace"] = namespace
532
+ return BackendConfigEst(resource_name, opts=opts, __props__=__props__)
533
+
534
+ @property
535
+ @pulumi.getter(name="auditFields")
536
+ def audit_fields(self) -> pulumi.Output[Sequence[str]]:
537
+ """
538
+ Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.
539
+
540
+ <a id="nestedatt--authenticators"></a>
541
+ """
542
+ return pulumi.get(self, "audit_fields")
543
+
544
+ @property
545
+ @pulumi.getter
546
+ def authenticators(self) -> pulumi.Output['outputs.BackendConfigEstAuthenticators']:
547
+ """
548
+ Lists the mount accessors EST should delegate authentication requests towards (see below for nested schema).
549
+ """
550
+ return pulumi.get(self, "authenticators")
551
+
552
+ @property
553
+ @pulumi.getter
554
+ def backend(self) -> pulumi.Output[str]:
555
+ """
556
+ The path to the PKI secret backend to
557
+ read the EST configuration from, with no leading or trailing `/`s.
558
+ """
559
+ return pulumi.get(self, "backend")
560
+
561
+ @property
562
+ @pulumi.getter(name="defaultMount")
563
+ def default_mount(self) -> pulumi.Output[Optional[bool]]:
564
+ """
565
+ If set, this mount will register the default `.well-known/est` URL path. Only a single mount can enable this across a Vault cluster.
566
+ """
567
+ return pulumi.get(self, "default_mount")
568
+
569
+ @property
570
+ @pulumi.getter(name="defaultPathPolicy")
571
+ def default_path_policy(self) -> pulumi.Output[Optional[str]]:
572
+ """
573
+ Required to be set if default_mount is enabled. Specifies the behavior for requests using the default EST label. Can be sign-verbatim or a role given by role:<role_name>.
574
+ """
575
+ return pulumi.get(self, "default_path_policy")
576
+
577
+ @property
578
+ @pulumi.getter(name="enableSentinelParsing")
579
+ def enable_sentinel_parsing(self) -> pulumi.Output[Optional[bool]]:
580
+ """
581
+ If set, parse out fields from the provided CSR making them available for Sentinel policies.
582
+ """
583
+ return pulumi.get(self, "enable_sentinel_parsing")
584
+
585
+ @property
586
+ @pulumi.getter
587
+ def enabled(self) -> pulumi.Output[Optional[bool]]:
588
+ """
589
+ Specifies whether EST is enabled.
590
+ """
591
+ return pulumi.get(self, "enabled")
592
+
593
+ @property
594
+ @pulumi.getter(name="labelToPathPolicy")
595
+ def label_to_path_policy(self) -> pulumi.Output[Optional[Mapping[str, str]]]:
596
+ """
597
+ Configures a pairing of an EST label with the redirected behavior for requests hitting that role. The path policy can be sign-verbatim or a role given by role:<role_name>. Labels must be unique across Vault cluster, and will register .well-known/est/<label> URL paths.
598
+ """
599
+ return pulumi.get(self, "label_to_path_policy")
600
+
601
+ @property
602
+ @pulumi.getter(name="lastUpdated")
603
+ def last_updated(self) -> pulumi.Output[str]:
604
+ """
605
+ A read-only timestamp representing the last time the configuration was updated.
606
+ """
607
+ return pulumi.get(self, "last_updated")
608
+
609
+ @property
610
+ @pulumi.getter
611
+ def namespace(self) -> pulumi.Output[Optional[str]]:
612
+ """
613
+ The namespace of the target resource.
614
+ The value should not contain leading or trailing forward slashes.
615
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
616
+ *Available only for Vault Enterprise*.
617
+ """
618
+ return pulumi.get(self, "namespace")
619
+