pulumi-vault 5.21.0a1709368526__py3-none-any.whl → 6.5.0a1736836139__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +52 -0
- pulumi_vault/_inputs.py +560 -0
- pulumi_vault/_utilities.py +41 -5
- pulumi_vault/ad/get_access_credentials.py +26 -9
- pulumi_vault/ad/secret_backend.py +16 -142
- pulumi_vault/ad/secret_library.py +16 -9
- pulumi_vault/ad/secret_role.py +14 -9
- pulumi_vault/alicloud/auth_backend_role.py +76 -190
- pulumi_vault/approle/auth_backend_login.py +12 -7
- pulumi_vault/approle/auth_backend_role.py +77 -191
- pulumi_vault/approle/auth_backend_role_secret_id.py +106 -7
- pulumi_vault/approle/get_auth_backend_role_id.py +18 -5
- pulumi_vault/audit.py +30 -21
- pulumi_vault/audit_request_header.py +11 -2
- pulumi_vault/auth_backend.py +66 -14
- pulumi_vault/aws/auth_backend_cert.py +18 -9
- pulumi_vault/aws/auth_backend_client.py +267 -22
- pulumi_vault/aws/auth_backend_config_identity.py +14 -9
- pulumi_vault/aws/auth_backend_identity_whitelist.py +20 -15
- pulumi_vault/aws/auth_backend_login.py +19 -22
- pulumi_vault/aws/auth_backend_role.py +77 -191
- pulumi_vault/aws/auth_backend_role_tag.py +12 -7
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -13
- pulumi_vault/aws/auth_backend_sts_role.py +14 -9
- pulumi_vault/aws/get_access_credentials.py +38 -9
- pulumi_vault/aws/get_static_access_credentials.py +19 -5
- pulumi_vault/aws/secret_backend.py +77 -9
- pulumi_vault/aws/secret_backend_role.py +185 -9
- pulumi_vault/aws/secret_backend_static_role.py +20 -11
- pulumi_vault/azure/_inputs.py +24 -0
- pulumi_vault/azure/auth_backend_config.py +153 -15
- pulumi_vault/azure/auth_backend_role.py +77 -191
- pulumi_vault/azure/backend.py +227 -21
- pulumi_vault/azure/backend_role.py +42 -37
- pulumi_vault/azure/get_access_credentials.py +41 -7
- pulumi_vault/azure/outputs.py +5 -0
- pulumi_vault/cert_auth_backend_role.py +87 -267
- pulumi_vault/config/__init__.pyi +5 -0
- pulumi_vault/config/_inputs.py +73 -0
- pulumi_vault/config/outputs.py +35 -0
- pulumi_vault/config/ui_custom_message.py +529 -0
- pulumi_vault/config/vars.py +5 -0
- pulumi_vault/consul/secret_backend.py +28 -19
- pulumi_vault/consul/secret_backend_role.py +18 -78
- pulumi_vault/database/_inputs.py +2770 -881
- pulumi_vault/database/outputs.py +721 -838
- pulumi_vault/database/secret_backend_connection.py +119 -112
- pulumi_vault/database/secret_backend_role.py +31 -22
- pulumi_vault/database/secret_backend_static_role.py +87 -13
- pulumi_vault/database/secrets_mount.py +427 -136
- pulumi_vault/egp_policy.py +16 -11
- pulumi_vault/gcp/_inputs.py +111 -0
- pulumi_vault/gcp/auth_backend.py +250 -33
- pulumi_vault/gcp/auth_backend_role.py +77 -269
- pulumi_vault/gcp/get_auth_backend_role.py +43 -5
- pulumi_vault/gcp/outputs.py +5 -0
- pulumi_vault/gcp/secret_backend.py +287 -12
- pulumi_vault/gcp/secret_impersonated_account.py +76 -15
- pulumi_vault/gcp/secret_roleset.py +31 -24
- pulumi_vault/gcp/secret_static_account.py +39 -32
- pulumi_vault/generic/endpoint.py +24 -17
- pulumi_vault/generic/get_secret.py +64 -8
- pulumi_vault/generic/secret.py +21 -16
- pulumi_vault/get_auth_backend.py +24 -7
- pulumi_vault/get_auth_backends.py +51 -9
- pulumi_vault/get_namespace.py +226 -0
- pulumi_vault/get_namespaces.py +153 -0
- pulumi_vault/get_nomad_access_token.py +31 -11
- pulumi_vault/get_policy_document.py +34 -19
- pulumi_vault/get_raft_autopilot_state.py +29 -10
- pulumi_vault/github/_inputs.py +55 -0
- pulumi_vault/github/auth_backend.py +19 -14
- pulumi_vault/github/outputs.py +5 -0
- pulumi_vault/github/team.py +16 -11
- pulumi_vault/github/user.py +16 -11
- pulumi_vault/identity/entity.py +20 -13
- pulumi_vault/identity/entity_alias.py +20 -13
- pulumi_vault/identity/entity_policies.py +28 -11
- pulumi_vault/identity/get_entity.py +42 -10
- pulumi_vault/identity/get_group.py +47 -9
- pulumi_vault/identity/get_oidc_client_creds.py +21 -7
- pulumi_vault/identity/get_oidc_openid_config.py +39 -9
- pulumi_vault/identity/get_oidc_public_keys.py +29 -10
- pulumi_vault/identity/group.py +58 -39
- pulumi_vault/identity/group_alias.py +16 -9
- pulumi_vault/identity/group_member_entity_ids.py +28 -66
- pulumi_vault/identity/group_member_group_ids.py +40 -19
- pulumi_vault/identity/group_policies.py +20 -7
- pulumi_vault/identity/mfa_duo.py +11 -6
- pulumi_vault/identity/mfa_login_enforcement.py +15 -6
- pulumi_vault/identity/mfa_okta.py +11 -6
- pulumi_vault/identity/mfa_pingid.py +7 -2
- pulumi_vault/identity/mfa_totp.py +7 -2
- pulumi_vault/identity/oidc.py +12 -7
- pulumi_vault/identity/oidc_assignment.py +24 -11
- pulumi_vault/identity/oidc_client.py +36 -23
- pulumi_vault/identity/oidc_key.py +30 -17
- pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -15
- pulumi_vault/identity/oidc_provider.py +36 -21
- pulumi_vault/identity/oidc_role.py +42 -21
- pulumi_vault/identity/oidc_scope.py +20 -13
- pulumi_vault/identity/outputs.py +8 -3
- pulumi_vault/jwt/_inputs.py +55 -0
- pulumi_vault/jwt/auth_backend.py +45 -40
- pulumi_vault/jwt/auth_backend_role.py +133 -254
- pulumi_vault/jwt/outputs.py +5 -0
- pulumi_vault/kmip/secret_backend.py +24 -19
- pulumi_vault/kmip/secret_role.py +14 -9
- pulumi_vault/kmip/secret_scope.py +14 -9
- pulumi_vault/kubernetes/auth_backend_config.py +57 -5
- pulumi_vault/kubernetes/auth_backend_role.py +70 -177
- pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
- pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
- pulumi_vault/kubernetes/get_service_account_token.py +39 -11
- pulumi_vault/kubernetes/secret_backend.py +316 -27
- pulumi_vault/kubernetes/secret_backend_role.py +137 -46
- pulumi_vault/kv/_inputs.py +36 -4
- pulumi_vault/kv/get_secret.py +25 -8
- pulumi_vault/kv/get_secret_subkeys_v2.py +33 -10
- pulumi_vault/kv/get_secret_v2.py +85 -9
- pulumi_vault/kv/get_secrets_list.py +24 -11
- pulumi_vault/kv/get_secrets_list_v2.py +37 -15
- pulumi_vault/kv/outputs.py +8 -3
- pulumi_vault/kv/secret.py +23 -16
- pulumi_vault/kv/secret_backend_v2.py +20 -11
- pulumi_vault/kv/secret_v2.py +59 -50
- pulumi_vault/ldap/auth_backend.py +127 -166
- pulumi_vault/ldap/auth_backend_group.py +14 -9
- pulumi_vault/ldap/auth_backend_user.py +14 -9
- pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
- pulumi_vault/ldap/get_static_credentials.py +24 -5
- pulumi_vault/ldap/secret_backend.py +354 -82
- pulumi_vault/ldap/secret_backend_dynamic_role.py +18 -11
- pulumi_vault/ldap/secret_backend_library_set.py +16 -9
- pulumi_vault/ldap/secret_backend_static_role.py +73 -12
- pulumi_vault/managed/_inputs.py +289 -132
- pulumi_vault/managed/keys.py +29 -57
- pulumi_vault/managed/outputs.py +89 -132
- pulumi_vault/mfa_duo.py +18 -11
- pulumi_vault/mfa_okta.py +18 -11
- pulumi_vault/mfa_pingid.py +18 -11
- pulumi_vault/mfa_totp.py +24 -17
- pulumi_vault/mongodbatlas/secret_backend.py +20 -15
- pulumi_vault/mongodbatlas/secret_role.py +47 -38
- pulumi_vault/mount.py +391 -51
- pulumi_vault/namespace.py +68 -83
- pulumi_vault/nomad_secret_backend.py +18 -13
- pulumi_vault/nomad_secret_role.py +14 -9
- pulumi_vault/okta/_inputs.py +47 -8
- pulumi_vault/okta/auth_backend.py +485 -39
- pulumi_vault/okta/auth_backend_group.py +14 -9
- pulumi_vault/okta/auth_backend_user.py +14 -9
- pulumi_vault/okta/outputs.py +13 -8
- pulumi_vault/outputs.py +5 -0
- pulumi_vault/password_policy.py +20 -13
- pulumi_vault/pkisecret/__init__.py +3 -0
- pulumi_vault/pkisecret/_inputs.py +81 -0
- pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
- pulumi_vault/pkisecret/backend_config_est.py +619 -0
- pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
- pulumi_vault/pkisecret/get_backend_issuer.py +67 -9
- pulumi_vault/pkisecret/get_backend_issuers.py +21 -8
- pulumi_vault/pkisecret/get_backend_key.py +24 -9
- pulumi_vault/pkisecret/get_backend_keys.py +21 -8
- pulumi_vault/pkisecret/outputs.py +69 -0
- pulumi_vault/pkisecret/secret_backend_cert.py +18 -11
- pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -11
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +14 -9
- pulumi_vault/pkisecret/secret_backend_config_urls.py +67 -11
- pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -9
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -11
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -17
- pulumi_vault/pkisecret/secret_backend_issuer.py +14 -9
- pulumi_vault/pkisecret/secret_backend_key.py +14 -9
- pulumi_vault/pkisecret/secret_backend_role.py +21 -14
- pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -48
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -56
- pulumi_vault/pkisecret/secret_backend_sign.py +18 -54
- pulumi_vault/plugin.py +595 -0
- pulumi_vault/plugin_pinned_version.py +298 -0
- pulumi_vault/policy.py +14 -9
- pulumi_vault/provider.py +48 -53
- pulumi_vault/pulumi-plugin.json +2 -1
- pulumi_vault/quota_lease_count.py +60 -6
- pulumi_vault/quota_rate_limit.py +56 -2
- pulumi_vault/rabbitmq/_inputs.py +61 -0
- pulumi_vault/rabbitmq/outputs.py +5 -0
- pulumi_vault/rabbitmq/secret_backend.py +18 -13
- pulumi_vault/rabbitmq/secret_backend_role.py +54 -47
- pulumi_vault/raft_autopilot.py +14 -9
- pulumi_vault/raft_snapshot_agent_config.py +129 -224
- pulumi_vault/rgp_policy.py +14 -9
- pulumi_vault/saml/auth_backend.py +22 -17
- pulumi_vault/saml/auth_backend_role.py +92 -197
- pulumi_vault/secrets/__init__.py +3 -0
- pulumi_vault/secrets/_inputs.py +110 -0
- pulumi_vault/secrets/outputs.py +94 -0
- pulumi_vault/secrets/sync_association.py +56 -71
- pulumi_vault/secrets/sync_aws_destination.py +242 -27
- pulumi_vault/secrets/sync_azure_destination.py +92 -31
- pulumi_vault/secrets/sync_config.py +9 -4
- pulumi_vault/secrets/sync_gcp_destination.py +158 -25
- pulumi_vault/secrets/sync_gh_destination.py +189 -13
- pulumi_vault/secrets/sync_github_apps.py +375 -0
- pulumi_vault/secrets/sync_vercel_destination.py +74 -13
- pulumi_vault/ssh/_inputs.py +28 -28
- pulumi_vault/ssh/outputs.py +11 -28
- pulumi_vault/ssh/secret_backend_ca.py +108 -9
- pulumi_vault/ssh/secret_backend_role.py +85 -118
- pulumi_vault/terraformcloud/secret_backend.py +7 -54
- pulumi_vault/terraformcloud/secret_creds.py +14 -20
- pulumi_vault/terraformcloud/secret_role.py +16 -74
- pulumi_vault/token.py +28 -23
- pulumi_vault/tokenauth/auth_backend_role.py +78 -199
- pulumi_vault/transform/alphabet.py +16 -9
- pulumi_vault/transform/get_decode.py +45 -17
- pulumi_vault/transform/get_encode.py +45 -17
- pulumi_vault/transform/role.py +16 -9
- pulumi_vault/transform/template.py +30 -21
- pulumi_vault/transform/transformation.py +12 -7
- pulumi_vault/transit/get_decrypt.py +26 -21
- pulumi_vault/transit/get_encrypt.py +24 -19
- pulumi_vault/transit/secret_backend_key.py +27 -93
- pulumi_vault/transit/secret_cache_config.py +12 -7
- {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/METADATA +8 -7
- pulumi_vault-6.5.0a1736836139.dist-info/RECORD +256 -0
- {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/WHEEL +1 -1
- pulumi_vault-5.21.0a1709368526.dist-info/RECORD +0 -244
- {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/top_level.txt +0 -0
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from . import _utilities
|
11
16
|
|
12
17
|
__all__ = ['RaftSnapshotAgentConfigArgs', 'RaftSnapshotAgentConfig']
|
@@ -53,49 +58,33 @@ class RaftSnapshotAgentConfigArgs:
|
|
53
58
|
or "google-gcs". The remaining parameters described below are all specific to
|
54
59
|
the selected `storage_type` and prefixed accordingly.
|
55
60
|
:param pulumi.Input[str] aws_access_key_id: AWS access key ID.
|
56
|
-
:param pulumi.Input[str] aws_s3_bucket:
|
57
|
-
:param pulumi.Input[bool] aws_s3_disable_tls: Disable TLS for the S3 endpoint. This
|
58
|
-
should only be used for testing purposes, typically in conjunction with
|
59
|
-
`aws_s3_endpoint`.
|
61
|
+
:param pulumi.Input[str] aws_s3_bucket: S3 bucket to write snapshots to.
|
62
|
+
:param pulumi.Input[bool] aws_s3_disable_tls: Disable TLS for the S3 endpoint. This should only be used for testing purposes.
|
60
63
|
:param pulumi.Input[bool] aws_s3_enable_kms: Use KMS to encrypt bucket contents.
|
61
|
-
:param pulumi.Input[str] aws_s3_endpoint: AWS endpoint. This is typically only set when
|
62
|
-
|
63
|
-
:param pulumi.Input[
|
64
|
-
|
65
|
-
:param pulumi.Input[str] aws_s3_kms_key: Use named KMS key, when `aws_s3_enable_kms = true`
|
66
|
-
:param pulumi.Input[str] aws_s3_region: `<required>` - AWS region bucket is in.
|
64
|
+
:param pulumi.Input[str] aws_s3_endpoint: AWS endpoint. This is typically only set when using a non-AWS S3 implementation like Minio.
|
65
|
+
:param pulumi.Input[bool] aws_s3_force_path_style: Use the endpoint/bucket URL style instead of bucket.endpoint.
|
66
|
+
:param pulumi.Input[str] aws_s3_kms_key: Use named KMS key, when aws_s3_enable_kms=true
|
67
|
+
:param pulumi.Input[str] aws_s3_region: AWS region bucket is in.
|
67
68
|
:param pulumi.Input[bool] aws_s3_server_side_encryption: Use AES256 to encrypt bucket contents.
|
68
69
|
:param pulumi.Input[str] aws_secret_access_key: AWS secret access key.
|
69
70
|
:param pulumi.Input[str] aws_session_token: AWS session token.
|
70
71
|
:param pulumi.Input[str] azure_account_key: Azure account key.
|
71
72
|
:param pulumi.Input[str] azure_account_name: Azure account name.
|
72
73
|
:param pulumi.Input[str] azure_blob_environment: Azure blob environment.
|
73
|
-
:param pulumi.Input[str] azure_container_name:
|
74
|
-
|
75
|
-
:param pulumi.Input[str] azure_endpoint: Azure blob storage endpoint. This is typically
|
76
|
-
only set when using a non-Azure implementation like Azurite.
|
74
|
+
:param pulumi.Input[str] azure_container_name: Azure container name to write snapshots to.
|
75
|
+
:param pulumi.Input[str] azure_endpoint: Azure blob storage endpoint. This is typically only set when using a non-Azure implementation like Azurite.
|
77
76
|
:param pulumi.Input[str] file_prefix: Within the directory or bucket
|
78
77
|
prefix given by `path_prefix`, the file or object name of snapshot files
|
79
78
|
will start with this string.
|
80
|
-
:param pulumi.Input[bool] google_disable_tls: Disable TLS for the GCS endpoint.
|
81
|
-
|
82
|
-
|
83
|
-
:param pulumi.Input[str]
|
84
|
-
|
85
|
-
:param pulumi.Input[str] google_gcs_bucket: `<required>` - GCS bucket to write snapshots to.
|
86
|
-
:param pulumi.Input[str] google_service_account_key: Google service account key in JSON format.
|
87
|
-
The raw value looks like this:
|
88
|
-
|
89
|
-
```python
|
90
|
-
import pulumi
|
91
|
-
```
|
92
|
-
:param pulumi.Input[int] local_max_space: For `storage_type = local`, the maximum
|
93
|
-
space, in bytes, to use for snapshots. Snapshot attempts will fail if there is not enough
|
94
|
-
space left in this allowance.
|
79
|
+
:param pulumi.Input[bool] google_disable_tls: Disable TLS for the GCS endpoint.
|
80
|
+
:param pulumi.Input[str] google_endpoint: GCS endpoint. This is typically only set when using a non-Google GCS implementation like fake-gcs-server.
|
81
|
+
:param pulumi.Input[str] google_gcs_bucket: GCS bucket to write snapshots to.
|
82
|
+
:param pulumi.Input[str] google_service_account_key: Google service account key in JSON format.
|
83
|
+
:param pulumi.Input[int] local_max_space: The maximum space, in bytes, to use for snapshots.
|
95
84
|
:param pulumi.Input[str] name: `<required>` – Name of the configuration to modify.
|
96
85
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
97
86
|
The value should not contain leading or trailing forward slashes.
|
98
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
87
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
99
88
|
*Available only for Vault Enterprise*.
|
100
89
|
:param pulumi.Input[int] retain: How many snapshots are to be kept; when writing a
|
101
90
|
snapshot, if there are more snapshots already stored than this number, the
|
@@ -212,7 +201,7 @@ class RaftSnapshotAgentConfigArgs:
|
|
212
201
|
@pulumi.getter(name="awsS3Bucket")
|
213
202
|
def aws_s3_bucket(self) -> Optional[pulumi.Input[str]]:
|
214
203
|
"""
|
215
|
-
|
204
|
+
S3 bucket to write snapshots to.
|
216
205
|
"""
|
217
206
|
return pulumi.get(self, "aws_s3_bucket")
|
218
207
|
|
@@ -224,9 +213,7 @@ class RaftSnapshotAgentConfigArgs:
|
|
224
213
|
@pulumi.getter(name="awsS3DisableTls")
|
225
214
|
def aws_s3_disable_tls(self) -> Optional[pulumi.Input[bool]]:
|
226
215
|
"""
|
227
|
-
Disable TLS for the S3 endpoint. This
|
228
|
-
should only be used for testing purposes, typically in conjunction with
|
229
|
-
`aws_s3_endpoint`.
|
216
|
+
Disable TLS for the S3 endpoint. This should only be used for testing purposes.
|
230
217
|
"""
|
231
218
|
return pulumi.get(self, "aws_s3_disable_tls")
|
232
219
|
|
@@ -250,8 +237,7 @@ class RaftSnapshotAgentConfigArgs:
|
|
250
237
|
@pulumi.getter(name="awsS3Endpoint")
|
251
238
|
def aws_s3_endpoint(self) -> Optional[pulumi.Input[str]]:
|
252
239
|
"""
|
253
|
-
AWS endpoint. This is typically only set when
|
254
|
-
using a non-AWS S3 implementation like Minio.
|
240
|
+
AWS endpoint. This is typically only set when using a non-AWS S3 implementation like Minio.
|
255
241
|
"""
|
256
242
|
return pulumi.get(self, "aws_s3_endpoint")
|
257
243
|
|
@@ -263,8 +249,7 @@ class RaftSnapshotAgentConfigArgs:
|
|
263
249
|
@pulumi.getter(name="awsS3ForcePathStyle")
|
264
250
|
def aws_s3_force_path_style(self) -> Optional[pulumi.Input[bool]]:
|
265
251
|
"""
|
266
|
-
Use the endpoint/bucket URL style
|
267
|
-
instead of bucket.endpoint. May be needed when setting `aws_s3_endpoint`.
|
252
|
+
Use the endpoint/bucket URL style instead of bucket.endpoint.
|
268
253
|
"""
|
269
254
|
return pulumi.get(self, "aws_s3_force_path_style")
|
270
255
|
|
@@ -276,7 +261,7 @@ class RaftSnapshotAgentConfigArgs:
|
|
276
261
|
@pulumi.getter(name="awsS3KmsKey")
|
277
262
|
def aws_s3_kms_key(self) -> Optional[pulumi.Input[str]]:
|
278
263
|
"""
|
279
|
-
Use named KMS key, when
|
264
|
+
Use named KMS key, when aws_s3_enable_kms=true
|
280
265
|
"""
|
281
266
|
return pulumi.get(self, "aws_s3_kms_key")
|
282
267
|
|
@@ -288,7 +273,7 @@ class RaftSnapshotAgentConfigArgs:
|
|
288
273
|
@pulumi.getter(name="awsS3Region")
|
289
274
|
def aws_s3_region(self) -> Optional[pulumi.Input[str]]:
|
290
275
|
"""
|
291
|
-
|
276
|
+
AWS region bucket is in.
|
292
277
|
"""
|
293
278
|
return pulumi.get(self, "aws_s3_region")
|
294
279
|
|
@@ -372,8 +357,7 @@ class RaftSnapshotAgentConfigArgs:
|
|
372
357
|
@pulumi.getter(name="azureContainerName")
|
373
358
|
def azure_container_name(self) -> Optional[pulumi.Input[str]]:
|
374
359
|
"""
|
375
|
-
|
376
|
-
snapshots to.
|
360
|
+
Azure container name to write snapshots to.
|
377
361
|
"""
|
378
362
|
return pulumi.get(self, "azure_container_name")
|
379
363
|
|
@@ -385,8 +369,7 @@ class RaftSnapshotAgentConfigArgs:
|
|
385
369
|
@pulumi.getter(name="azureEndpoint")
|
386
370
|
def azure_endpoint(self) -> Optional[pulumi.Input[str]]:
|
387
371
|
"""
|
388
|
-
Azure blob storage endpoint. This is typically
|
389
|
-
only set when using a non-Azure implementation like Azurite.
|
372
|
+
Azure blob storage endpoint. This is typically only set when using a non-Azure implementation like Azurite.
|
390
373
|
"""
|
391
374
|
return pulumi.get(self, "azure_endpoint")
|
392
375
|
|
@@ -412,9 +395,7 @@ class RaftSnapshotAgentConfigArgs:
|
|
412
395
|
@pulumi.getter(name="googleDisableTls")
|
413
396
|
def google_disable_tls(self) -> Optional[pulumi.Input[bool]]:
|
414
397
|
"""
|
415
|
-
Disable TLS for the GCS endpoint.
|
416
|
-
should only be used for testing purposes, typically in conjunction with
|
417
|
-
`google_endpoint`.
|
398
|
+
Disable TLS for the GCS endpoint.
|
418
399
|
"""
|
419
400
|
return pulumi.get(self, "google_disable_tls")
|
420
401
|
|
@@ -426,8 +407,7 @@ class RaftSnapshotAgentConfigArgs:
|
|
426
407
|
@pulumi.getter(name="googleEndpoint")
|
427
408
|
def google_endpoint(self) -> Optional[pulumi.Input[str]]:
|
428
409
|
"""
|
429
|
-
GCS endpoint. This is typically only set when
|
430
|
-
using a non-Google GCS implementation like fake-gcs-server.
|
410
|
+
GCS endpoint. This is typically only set when using a non-Google GCS implementation like fake-gcs-server.
|
431
411
|
"""
|
432
412
|
return pulumi.get(self, "google_endpoint")
|
433
413
|
|
@@ -439,7 +419,7 @@ class RaftSnapshotAgentConfigArgs:
|
|
439
419
|
@pulumi.getter(name="googleGcsBucket")
|
440
420
|
def google_gcs_bucket(self) -> Optional[pulumi.Input[str]]:
|
441
421
|
"""
|
442
|
-
|
422
|
+
GCS bucket to write snapshots to.
|
443
423
|
"""
|
444
424
|
return pulumi.get(self, "google_gcs_bucket")
|
445
425
|
|
@@ -451,12 +431,7 @@ class RaftSnapshotAgentConfigArgs:
|
|
451
431
|
@pulumi.getter(name="googleServiceAccountKey")
|
452
432
|
def google_service_account_key(self) -> Optional[pulumi.Input[str]]:
|
453
433
|
"""
|
454
|
-
Google service account key in JSON format.
|
455
|
-
The raw value looks like this:
|
456
|
-
|
457
|
-
```python
|
458
|
-
import pulumi
|
459
|
-
```
|
434
|
+
Google service account key in JSON format.
|
460
435
|
"""
|
461
436
|
return pulumi.get(self, "google_service_account_key")
|
462
437
|
|
@@ -468,9 +443,7 @@ class RaftSnapshotAgentConfigArgs:
|
|
468
443
|
@pulumi.getter(name="localMaxSpace")
|
469
444
|
def local_max_space(self) -> Optional[pulumi.Input[int]]:
|
470
445
|
"""
|
471
|
-
|
472
|
-
space, in bytes, to use for snapshots. Snapshot attempts will fail if there is not enough
|
473
|
-
space left in this allowance.
|
446
|
+
The maximum space, in bytes, to use for snapshots.
|
474
447
|
"""
|
475
448
|
return pulumi.get(self, "local_max_space")
|
476
449
|
|
@@ -496,7 +469,7 @@ class RaftSnapshotAgentConfigArgs:
|
|
496
469
|
"""
|
497
470
|
The namespace to provision the resource in.
|
498
471
|
The value should not contain leading or trailing forward slashes.
|
499
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
472
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
500
473
|
*Available only for Vault Enterprise*.
|
501
474
|
"""
|
502
475
|
return pulumi.get(self, "namespace")
|
@@ -554,50 +527,34 @@ class _RaftSnapshotAgentConfigState:
|
|
554
527
|
"""
|
555
528
|
Input properties used for looking up and filtering RaftSnapshotAgentConfig resources.
|
556
529
|
:param pulumi.Input[str] aws_access_key_id: AWS access key ID.
|
557
|
-
:param pulumi.Input[str] aws_s3_bucket:
|
558
|
-
:param pulumi.Input[bool] aws_s3_disable_tls: Disable TLS for the S3 endpoint. This
|
559
|
-
should only be used for testing purposes, typically in conjunction with
|
560
|
-
`aws_s3_endpoint`.
|
530
|
+
:param pulumi.Input[str] aws_s3_bucket: S3 bucket to write snapshots to.
|
531
|
+
:param pulumi.Input[bool] aws_s3_disable_tls: Disable TLS for the S3 endpoint. This should only be used for testing purposes.
|
561
532
|
:param pulumi.Input[bool] aws_s3_enable_kms: Use KMS to encrypt bucket contents.
|
562
|
-
:param pulumi.Input[str] aws_s3_endpoint: AWS endpoint. This is typically only set when
|
563
|
-
|
564
|
-
:param pulumi.Input[
|
565
|
-
|
566
|
-
:param pulumi.Input[str] aws_s3_kms_key: Use named KMS key, when `aws_s3_enable_kms = true`
|
567
|
-
:param pulumi.Input[str] aws_s3_region: `<required>` - AWS region bucket is in.
|
533
|
+
:param pulumi.Input[str] aws_s3_endpoint: AWS endpoint. This is typically only set when using a non-AWS S3 implementation like Minio.
|
534
|
+
:param pulumi.Input[bool] aws_s3_force_path_style: Use the endpoint/bucket URL style instead of bucket.endpoint.
|
535
|
+
:param pulumi.Input[str] aws_s3_kms_key: Use named KMS key, when aws_s3_enable_kms=true
|
536
|
+
:param pulumi.Input[str] aws_s3_region: AWS region bucket is in.
|
568
537
|
:param pulumi.Input[bool] aws_s3_server_side_encryption: Use AES256 to encrypt bucket contents.
|
569
538
|
:param pulumi.Input[str] aws_secret_access_key: AWS secret access key.
|
570
539
|
:param pulumi.Input[str] aws_session_token: AWS session token.
|
571
540
|
:param pulumi.Input[str] azure_account_key: Azure account key.
|
572
541
|
:param pulumi.Input[str] azure_account_name: Azure account name.
|
573
542
|
:param pulumi.Input[str] azure_blob_environment: Azure blob environment.
|
574
|
-
:param pulumi.Input[str] azure_container_name:
|
575
|
-
|
576
|
-
:param pulumi.Input[str] azure_endpoint: Azure blob storage endpoint. This is typically
|
577
|
-
only set when using a non-Azure implementation like Azurite.
|
543
|
+
:param pulumi.Input[str] azure_container_name: Azure container name to write snapshots to.
|
544
|
+
:param pulumi.Input[str] azure_endpoint: Azure blob storage endpoint. This is typically only set when using a non-Azure implementation like Azurite.
|
578
545
|
:param pulumi.Input[str] file_prefix: Within the directory or bucket
|
579
546
|
prefix given by `path_prefix`, the file or object name of snapshot files
|
580
547
|
will start with this string.
|
581
|
-
:param pulumi.Input[bool] google_disable_tls: Disable TLS for the GCS endpoint.
|
582
|
-
|
583
|
-
|
584
|
-
:param pulumi.Input[str]
|
585
|
-
using a non-Google GCS implementation like fake-gcs-server.
|
586
|
-
:param pulumi.Input[str] google_gcs_bucket: `<required>` - GCS bucket to write snapshots to.
|
587
|
-
:param pulumi.Input[str] google_service_account_key: Google service account key in JSON format.
|
588
|
-
The raw value looks like this:
|
589
|
-
|
590
|
-
```python
|
591
|
-
import pulumi
|
592
|
-
```
|
548
|
+
:param pulumi.Input[bool] google_disable_tls: Disable TLS for the GCS endpoint.
|
549
|
+
:param pulumi.Input[str] google_endpoint: GCS endpoint. This is typically only set when using a non-Google GCS implementation like fake-gcs-server.
|
550
|
+
:param pulumi.Input[str] google_gcs_bucket: GCS bucket to write snapshots to.
|
551
|
+
:param pulumi.Input[str] google_service_account_key: Google service account key in JSON format.
|
593
552
|
:param pulumi.Input[int] interval_seconds: `<required>` - Time (in seconds) between snapshots.
|
594
|
-
:param pulumi.Input[int] local_max_space:
|
595
|
-
space, in bytes, to use for snapshots. Snapshot attempts will fail if there is not enough
|
596
|
-
space left in this allowance.
|
553
|
+
:param pulumi.Input[int] local_max_space: The maximum space, in bytes, to use for snapshots.
|
597
554
|
:param pulumi.Input[str] name: `<required>` – Name of the configuration to modify.
|
598
555
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
599
556
|
The value should not contain leading or trailing forward slashes.
|
600
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
557
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
601
558
|
*Available only for Vault Enterprise*.
|
602
559
|
:param pulumi.Input[str] path_prefix: `<required>` - For `storage_type = "local"`, the directory to
|
603
560
|
write the snapshots in. For cloud storage types, the bucket prefix to use.
|
@@ -683,7 +640,7 @@ class _RaftSnapshotAgentConfigState:
|
|
683
640
|
@pulumi.getter(name="awsS3Bucket")
|
684
641
|
def aws_s3_bucket(self) -> Optional[pulumi.Input[str]]:
|
685
642
|
"""
|
686
|
-
|
643
|
+
S3 bucket to write snapshots to.
|
687
644
|
"""
|
688
645
|
return pulumi.get(self, "aws_s3_bucket")
|
689
646
|
|
@@ -695,9 +652,7 @@ class _RaftSnapshotAgentConfigState:
|
|
695
652
|
@pulumi.getter(name="awsS3DisableTls")
|
696
653
|
def aws_s3_disable_tls(self) -> Optional[pulumi.Input[bool]]:
|
697
654
|
"""
|
698
|
-
Disable TLS for the S3 endpoint. This
|
699
|
-
should only be used for testing purposes, typically in conjunction with
|
700
|
-
`aws_s3_endpoint`.
|
655
|
+
Disable TLS for the S3 endpoint. This should only be used for testing purposes.
|
701
656
|
"""
|
702
657
|
return pulumi.get(self, "aws_s3_disable_tls")
|
703
658
|
|
@@ -721,8 +676,7 @@ class _RaftSnapshotAgentConfigState:
|
|
721
676
|
@pulumi.getter(name="awsS3Endpoint")
|
722
677
|
def aws_s3_endpoint(self) -> Optional[pulumi.Input[str]]:
|
723
678
|
"""
|
724
|
-
AWS endpoint. This is typically only set when
|
725
|
-
using a non-AWS S3 implementation like Minio.
|
679
|
+
AWS endpoint. This is typically only set when using a non-AWS S3 implementation like Minio.
|
726
680
|
"""
|
727
681
|
return pulumi.get(self, "aws_s3_endpoint")
|
728
682
|
|
@@ -734,8 +688,7 @@ class _RaftSnapshotAgentConfigState:
|
|
734
688
|
@pulumi.getter(name="awsS3ForcePathStyle")
|
735
689
|
def aws_s3_force_path_style(self) -> Optional[pulumi.Input[bool]]:
|
736
690
|
"""
|
737
|
-
Use the endpoint/bucket URL style
|
738
|
-
instead of bucket.endpoint. May be needed when setting `aws_s3_endpoint`.
|
691
|
+
Use the endpoint/bucket URL style instead of bucket.endpoint.
|
739
692
|
"""
|
740
693
|
return pulumi.get(self, "aws_s3_force_path_style")
|
741
694
|
|
@@ -747,7 +700,7 @@ class _RaftSnapshotAgentConfigState:
|
|
747
700
|
@pulumi.getter(name="awsS3KmsKey")
|
748
701
|
def aws_s3_kms_key(self) -> Optional[pulumi.Input[str]]:
|
749
702
|
"""
|
750
|
-
Use named KMS key, when
|
703
|
+
Use named KMS key, when aws_s3_enable_kms=true
|
751
704
|
"""
|
752
705
|
return pulumi.get(self, "aws_s3_kms_key")
|
753
706
|
|
@@ -759,7 +712,7 @@ class _RaftSnapshotAgentConfigState:
|
|
759
712
|
@pulumi.getter(name="awsS3Region")
|
760
713
|
def aws_s3_region(self) -> Optional[pulumi.Input[str]]:
|
761
714
|
"""
|
762
|
-
|
715
|
+
AWS region bucket is in.
|
763
716
|
"""
|
764
717
|
return pulumi.get(self, "aws_s3_region")
|
765
718
|
|
@@ -843,8 +796,7 @@ class _RaftSnapshotAgentConfigState:
|
|
843
796
|
@pulumi.getter(name="azureContainerName")
|
844
797
|
def azure_container_name(self) -> Optional[pulumi.Input[str]]:
|
845
798
|
"""
|
846
|
-
|
847
|
-
snapshots to.
|
799
|
+
Azure container name to write snapshots to.
|
848
800
|
"""
|
849
801
|
return pulumi.get(self, "azure_container_name")
|
850
802
|
|
@@ -856,8 +808,7 @@ class _RaftSnapshotAgentConfigState:
|
|
856
808
|
@pulumi.getter(name="azureEndpoint")
|
857
809
|
def azure_endpoint(self) -> Optional[pulumi.Input[str]]:
|
858
810
|
"""
|
859
|
-
Azure blob storage endpoint. This is typically
|
860
|
-
only set when using a non-Azure implementation like Azurite.
|
811
|
+
Azure blob storage endpoint. This is typically only set when using a non-Azure implementation like Azurite.
|
861
812
|
"""
|
862
813
|
return pulumi.get(self, "azure_endpoint")
|
863
814
|
|
@@ -883,9 +834,7 @@ class _RaftSnapshotAgentConfigState:
|
|
883
834
|
@pulumi.getter(name="googleDisableTls")
|
884
835
|
def google_disable_tls(self) -> Optional[pulumi.Input[bool]]:
|
885
836
|
"""
|
886
|
-
Disable TLS for the GCS endpoint.
|
887
|
-
should only be used for testing purposes, typically in conjunction with
|
888
|
-
`google_endpoint`.
|
837
|
+
Disable TLS for the GCS endpoint.
|
889
838
|
"""
|
890
839
|
return pulumi.get(self, "google_disable_tls")
|
891
840
|
|
@@ -897,8 +846,7 @@ class _RaftSnapshotAgentConfigState:
|
|
897
846
|
@pulumi.getter(name="googleEndpoint")
|
898
847
|
def google_endpoint(self) -> Optional[pulumi.Input[str]]:
|
899
848
|
"""
|
900
|
-
GCS endpoint. This is typically only set when
|
901
|
-
using a non-Google GCS implementation like fake-gcs-server.
|
849
|
+
GCS endpoint. This is typically only set when using a non-Google GCS implementation like fake-gcs-server.
|
902
850
|
"""
|
903
851
|
return pulumi.get(self, "google_endpoint")
|
904
852
|
|
@@ -910,7 +858,7 @@ class _RaftSnapshotAgentConfigState:
|
|
910
858
|
@pulumi.getter(name="googleGcsBucket")
|
911
859
|
def google_gcs_bucket(self) -> Optional[pulumi.Input[str]]:
|
912
860
|
"""
|
913
|
-
|
861
|
+
GCS bucket to write snapshots to.
|
914
862
|
"""
|
915
863
|
return pulumi.get(self, "google_gcs_bucket")
|
916
864
|
|
@@ -922,12 +870,7 @@ class _RaftSnapshotAgentConfigState:
|
|
922
870
|
@pulumi.getter(name="googleServiceAccountKey")
|
923
871
|
def google_service_account_key(self) -> Optional[pulumi.Input[str]]:
|
924
872
|
"""
|
925
|
-
Google service account key in JSON format.
|
926
|
-
The raw value looks like this:
|
927
|
-
|
928
|
-
```python
|
929
|
-
import pulumi
|
930
|
-
```
|
873
|
+
Google service account key in JSON format.
|
931
874
|
"""
|
932
875
|
return pulumi.get(self, "google_service_account_key")
|
933
876
|
|
@@ -951,9 +894,7 @@ class _RaftSnapshotAgentConfigState:
|
|
951
894
|
@pulumi.getter(name="localMaxSpace")
|
952
895
|
def local_max_space(self) -> Optional[pulumi.Input[int]]:
|
953
896
|
"""
|
954
|
-
|
955
|
-
space, in bytes, to use for snapshots. Snapshot attempts will fail if there is not enough
|
956
|
-
space left in this allowance.
|
897
|
+
The maximum space, in bytes, to use for snapshots.
|
957
898
|
"""
|
958
899
|
return pulumi.get(self, "local_max_space")
|
959
900
|
|
@@ -979,7 +920,7 @@ class _RaftSnapshotAgentConfigState:
|
|
979
920
|
"""
|
980
921
|
The namespace to provision the resource in.
|
981
922
|
The value should not contain leading or trailing forward slashes.
|
982
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
923
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
983
924
|
*Available only for Vault Enterprise*.
|
984
925
|
"""
|
985
926
|
return pulumi.get(self, "namespace")
|
@@ -1068,18 +1009,21 @@ class RaftSnapshotAgentConfig(pulumi.CustomResource):
|
|
1068
1009
|
__props__=None):
|
1069
1010
|
"""
|
1070
1011
|
## Example Usage
|
1012
|
+
|
1071
1013
|
### Local Storage
|
1072
1014
|
```python
|
1073
1015
|
import pulumi
|
1074
1016
|
import pulumi_vault as vault
|
1075
1017
|
|
1076
|
-
local_backups = vault.RaftSnapshotAgentConfig("
|
1018
|
+
local_backups = vault.RaftSnapshotAgentConfig("local_backups",
|
1019
|
+
name="local",
|
1077
1020
|
interval_seconds=86400,
|
1078
|
-
local_max_space=10000000,
|
1079
|
-
path_prefix="/opt/vault/snapshots/",
|
1080
1021
|
retain=7,
|
1081
|
-
|
1022
|
+
path_prefix="/opt/vault/snapshots/",
|
1023
|
+
storage_type="local",
|
1024
|
+
local_max_space=10000000)
|
1082
1025
|
```
|
1026
|
+
|
1083
1027
|
### AWS S3
|
1084
1028
|
```python
|
1085
1029
|
import pulumi
|
@@ -1090,7 +1034,8 @@ class RaftSnapshotAgentConfig(pulumi.CustomResource):
|
|
1090
1034
|
aws_access_key_id = config.require_object("awsAccessKeyId")
|
1091
1035
|
aws_secret_access_key = config.require_object("awsSecretAccessKey")
|
1092
1036
|
current = aws.get_region()
|
1093
|
-
s3_backups = vault.RaftSnapshotAgentConfig("
|
1037
|
+
s3_backups = vault.RaftSnapshotAgentConfig("s3_backups",
|
1038
|
+
name="s3",
|
1094
1039
|
interval_seconds=86400,
|
1095
1040
|
retain=7,
|
1096
1041
|
path_prefix="/path/in/bucket",
|
@@ -1101,6 +1046,7 @@ class RaftSnapshotAgentConfig(pulumi.CustomResource):
|
|
1101
1046
|
aws_secret_access_key=aws_secret_access_key,
|
1102
1047
|
aws_s3_enable_kms=True)
|
1103
1048
|
```
|
1049
|
+
|
1104
1050
|
### Azure BLOB
|
1105
1051
|
|
1106
1052
|
```python
|
@@ -1110,7 +1056,8 @@ class RaftSnapshotAgentConfig(pulumi.CustomResource):
|
|
1110
1056
|
config = pulumi.Config()
|
1111
1057
|
azure_account_name = config.require_object("azureAccountName")
|
1112
1058
|
azure_account_key = config.require_object("azureAccountKey")
|
1113
|
-
azure_backups = vault.RaftSnapshotAgentConfig("
|
1059
|
+
azure_backups = vault.RaftSnapshotAgentConfig("azure_backups",
|
1060
|
+
name="azure_backup",
|
1114
1061
|
interval_seconds=86400,
|
1115
1062
|
retain=7,
|
1116
1063
|
path_prefix="/",
|
@@ -1125,56 +1072,40 @@ class RaftSnapshotAgentConfig(pulumi.CustomResource):
|
|
1125
1072
|
Raft Snapshot Agent Configurations can be imported using the `name`, e.g.
|
1126
1073
|
|
1127
1074
|
```sh
|
1128
|
-
|
1075
|
+
$ pulumi import vault:index/raftSnapshotAgentConfig:RaftSnapshotAgentConfig local local
|
1129
1076
|
```
|
1130
1077
|
|
1131
1078
|
:param str resource_name: The name of the resource.
|
1132
1079
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
1133
1080
|
:param pulumi.Input[str] aws_access_key_id: AWS access key ID.
|
1134
|
-
:param pulumi.Input[str] aws_s3_bucket:
|
1135
|
-
:param pulumi.Input[bool] aws_s3_disable_tls: Disable TLS for the S3 endpoint. This
|
1136
|
-
should only be used for testing purposes, typically in conjunction with
|
1137
|
-
`aws_s3_endpoint`.
|
1081
|
+
:param pulumi.Input[str] aws_s3_bucket: S3 bucket to write snapshots to.
|
1082
|
+
:param pulumi.Input[bool] aws_s3_disable_tls: Disable TLS for the S3 endpoint. This should only be used for testing purposes.
|
1138
1083
|
:param pulumi.Input[bool] aws_s3_enable_kms: Use KMS to encrypt bucket contents.
|
1139
|
-
:param pulumi.Input[str] aws_s3_endpoint: AWS endpoint. This is typically only set when
|
1140
|
-
|
1141
|
-
:param pulumi.Input[
|
1142
|
-
|
1143
|
-
:param pulumi.Input[str] aws_s3_kms_key: Use named KMS key, when `aws_s3_enable_kms = true`
|
1144
|
-
:param pulumi.Input[str] aws_s3_region: `<required>` - AWS region bucket is in.
|
1084
|
+
:param pulumi.Input[str] aws_s3_endpoint: AWS endpoint. This is typically only set when using a non-AWS S3 implementation like Minio.
|
1085
|
+
:param pulumi.Input[bool] aws_s3_force_path_style: Use the endpoint/bucket URL style instead of bucket.endpoint.
|
1086
|
+
:param pulumi.Input[str] aws_s3_kms_key: Use named KMS key, when aws_s3_enable_kms=true
|
1087
|
+
:param pulumi.Input[str] aws_s3_region: AWS region bucket is in.
|
1145
1088
|
:param pulumi.Input[bool] aws_s3_server_side_encryption: Use AES256 to encrypt bucket contents.
|
1146
1089
|
:param pulumi.Input[str] aws_secret_access_key: AWS secret access key.
|
1147
1090
|
:param pulumi.Input[str] aws_session_token: AWS session token.
|
1148
1091
|
:param pulumi.Input[str] azure_account_key: Azure account key.
|
1149
1092
|
:param pulumi.Input[str] azure_account_name: Azure account name.
|
1150
1093
|
:param pulumi.Input[str] azure_blob_environment: Azure blob environment.
|
1151
|
-
:param pulumi.Input[str] azure_container_name:
|
1152
|
-
|
1153
|
-
:param pulumi.Input[str] azure_endpoint: Azure blob storage endpoint. This is typically
|
1154
|
-
only set when using a non-Azure implementation like Azurite.
|
1094
|
+
:param pulumi.Input[str] azure_container_name: Azure container name to write snapshots to.
|
1095
|
+
:param pulumi.Input[str] azure_endpoint: Azure blob storage endpoint. This is typically only set when using a non-Azure implementation like Azurite.
|
1155
1096
|
:param pulumi.Input[str] file_prefix: Within the directory or bucket
|
1156
1097
|
prefix given by `path_prefix`, the file or object name of snapshot files
|
1157
1098
|
will start with this string.
|
1158
|
-
:param pulumi.Input[bool] google_disable_tls: Disable TLS for the GCS endpoint.
|
1159
|
-
|
1160
|
-
|
1161
|
-
:param pulumi.Input[str]
|
1162
|
-
using a non-Google GCS implementation like fake-gcs-server.
|
1163
|
-
:param pulumi.Input[str] google_gcs_bucket: `<required>` - GCS bucket to write snapshots to.
|
1164
|
-
:param pulumi.Input[str] google_service_account_key: Google service account key in JSON format.
|
1165
|
-
The raw value looks like this:
|
1166
|
-
|
1167
|
-
```python
|
1168
|
-
import pulumi
|
1169
|
-
```
|
1099
|
+
:param pulumi.Input[bool] google_disable_tls: Disable TLS for the GCS endpoint.
|
1100
|
+
:param pulumi.Input[str] google_endpoint: GCS endpoint. This is typically only set when using a non-Google GCS implementation like fake-gcs-server.
|
1101
|
+
:param pulumi.Input[str] google_gcs_bucket: GCS bucket to write snapshots to.
|
1102
|
+
:param pulumi.Input[str] google_service_account_key: Google service account key in JSON format.
|
1170
1103
|
:param pulumi.Input[int] interval_seconds: `<required>` - Time (in seconds) between snapshots.
|
1171
|
-
:param pulumi.Input[int] local_max_space:
|
1172
|
-
space, in bytes, to use for snapshots. Snapshot attempts will fail if there is not enough
|
1173
|
-
space left in this allowance.
|
1104
|
+
:param pulumi.Input[int] local_max_space: The maximum space, in bytes, to use for snapshots.
|
1174
1105
|
:param pulumi.Input[str] name: `<required>` – Name of the configuration to modify.
|
1175
1106
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
1176
1107
|
The value should not contain leading or trailing forward slashes.
|
1177
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
1108
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
1178
1109
|
*Available only for Vault Enterprise*.
|
1179
1110
|
:param pulumi.Input[str] path_prefix: `<required>` - For `storage_type = "local"`, the directory to
|
1180
1111
|
write the snapshots in. For cloud storage types, the bucket prefix to use.
|
@@ -1195,18 +1126,21 @@ class RaftSnapshotAgentConfig(pulumi.CustomResource):
|
|
1195
1126
|
opts: Optional[pulumi.ResourceOptions] = None):
|
1196
1127
|
"""
|
1197
1128
|
## Example Usage
|
1129
|
+
|
1198
1130
|
### Local Storage
|
1199
1131
|
```python
|
1200
1132
|
import pulumi
|
1201
1133
|
import pulumi_vault as vault
|
1202
1134
|
|
1203
|
-
local_backups = vault.RaftSnapshotAgentConfig("
|
1135
|
+
local_backups = vault.RaftSnapshotAgentConfig("local_backups",
|
1136
|
+
name="local",
|
1204
1137
|
interval_seconds=86400,
|
1205
|
-
local_max_space=10000000,
|
1206
|
-
path_prefix="/opt/vault/snapshots/",
|
1207
1138
|
retain=7,
|
1208
|
-
|
1139
|
+
path_prefix="/opt/vault/snapshots/",
|
1140
|
+
storage_type="local",
|
1141
|
+
local_max_space=10000000)
|
1209
1142
|
```
|
1143
|
+
|
1210
1144
|
### AWS S3
|
1211
1145
|
```python
|
1212
1146
|
import pulumi
|
@@ -1217,7 +1151,8 @@ class RaftSnapshotAgentConfig(pulumi.CustomResource):
|
|
1217
1151
|
aws_access_key_id = config.require_object("awsAccessKeyId")
|
1218
1152
|
aws_secret_access_key = config.require_object("awsSecretAccessKey")
|
1219
1153
|
current = aws.get_region()
|
1220
|
-
s3_backups = vault.RaftSnapshotAgentConfig("
|
1154
|
+
s3_backups = vault.RaftSnapshotAgentConfig("s3_backups",
|
1155
|
+
name="s3",
|
1221
1156
|
interval_seconds=86400,
|
1222
1157
|
retain=7,
|
1223
1158
|
path_prefix="/path/in/bucket",
|
@@ -1228,6 +1163,7 @@ class RaftSnapshotAgentConfig(pulumi.CustomResource):
|
|
1228
1163
|
aws_secret_access_key=aws_secret_access_key,
|
1229
1164
|
aws_s3_enable_kms=True)
|
1230
1165
|
```
|
1166
|
+
|
1231
1167
|
### Azure BLOB
|
1232
1168
|
|
1233
1169
|
```python
|
@@ -1237,7 +1173,8 @@ class RaftSnapshotAgentConfig(pulumi.CustomResource):
|
|
1237
1173
|
config = pulumi.Config()
|
1238
1174
|
azure_account_name = config.require_object("azureAccountName")
|
1239
1175
|
azure_account_key = config.require_object("azureAccountKey")
|
1240
|
-
azure_backups = vault.RaftSnapshotAgentConfig("
|
1176
|
+
azure_backups = vault.RaftSnapshotAgentConfig("azure_backups",
|
1177
|
+
name="azure_backup",
|
1241
1178
|
interval_seconds=86400,
|
1242
1179
|
retain=7,
|
1243
1180
|
path_prefix="/",
|
@@ -1252,7 +1189,7 @@ class RaftSnapshotAgentConfig(pulumi.CustomResource):
|
|
1252
1189
|
Raft Snapshot Agent Configurations can be imported using the `name`, e.g.
|
1253
1190
|
|
1254
1191
|
```sh
|
1255
|
-
|
1192
|
+
$ pulumi import vault:index/raftSnapshotAgentConfig:RaftSnapshotAgentConfig local local
|
1256
1193
|
```
|
1257
1194
|
|
1258
1195
|
:param str resource_name: The name of the resource.
|
@@ -1387,50 +1324,34 @@ class RaftSnapshotAgentConfig(pulumi.CustomResource):
|
|
1387
1324
|
:param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
|
1388
1325
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
1389
1326
|
:param pulumi.Input[str] aws_access_key_id: AWS access key ID.
|
1390
|
-
:param pulumi.Input[str] aws_s3_bucket:
|
1391
|
-
:param pulumi.Input[bool] aws_s3_disable_tls: Disable TLS for the S3 endpoint. This
|
1392
|
-
should only be used for testing purposes, typically in conjunction with
|
1393
|
-
`aws_s3_endpoint`.
|
1327
|
+
:param pulumi.Input[str] aws_s3_bucket: S3 bucket to write snapshots to.
|
1328
|
+
:param pulumi.Input[bool] aws_s3_disable_tls: Disable TLS for the S3 endpoint. This should only be used for testing purposes.
|
1394
1329
|
:param pulumi.Input[bool] aws_s3_enable_kms: Use KMS to encrypt bucket contents.
|
1395
|
-
:param pulumi.Input[str] aws_s3_endpoint: AWS endpoint. This is typically only set when
|
1396
|
-
|
1397
|
-
:param pulumi.Input[
|
1398
|
-
|
1399
|
-
:param pulumi.Input[str] aws_s3_kms_key: Use named KMS key, when `aws_s3_enable_kms = true`
|
1400
|
-
:param pulumi.Input[str] aws_s3_region: `<required>` - AWS region bucket is in.
|
1330
|
+
:param pulumi.Input[str] aws_s3_endpoint: AWS endpoint. This is typically only set when using a non-AWS S3 implementation like Minio.
|
1331
|
+
:param pulumi.Input[bool] aws_s3_force_path_style: Use the endpoint/bucket URL style instead of bucket.endpoint.
|
1332
|
+
:param pulumi.Input[str] aws_s3_kms_key: Use named KMS key, when aws_s3_enable_kms=true
|
1333
|
+
:param pulumi.Input[str] aws_s3_region: AWS region bucket is in.
|
1401
1334
|
:param pulumi.Input[bool] aws_s3_server_side_encryption: Use AES256 to encrypt bucket contents.
|
1402
1335
|
:param pulumi.Input[str] aws_secret_access_key: AWS secret access key.
|
1403
1336
|
:param pulumi.Input[str] aws_session_token: AWS session token.
|
1404
1337
|
:param pulumi.Input[str] azure_account_key: Azure account key.
|
1405
1338
|
:param pulumi.Input[str] azure_account_name: Azure account name.
|
1406
1339
|
:param pulumi.Input[str] azure_blob_environment: Azure blob environment.
|
1407
|
-
:param pulumi.Input[str] azure_container_name:
|
1408
|
-
|
1409
|
-
:param pulumi.Input[str] azure_endpoint: Azure blob storage endpoint. This is typically
|
1410
|
-
only set when using a non-Azure implementation like Azurite.
|
1340
|
+
:param pulumi.Input[str] azure_container_name: Azure container name to write snapshots to.
|
1341
|
+
:param pulumi.Input[str] azure_endpoint: Azure blob storage endpoint. This is typically only set when using a non-Azure implementation like Azurite.
|
1411
1342
|
:param pulumi.Input[str] file_prefix: Within the directory or bucket
|
1412
1343
|
prefix given by `path_prefix`, the file or object name of snapshot files
|
1413
1344
|
will start with this string.
|
1414
|
-
:param pulumi.Input[bool] google_disable_tls: Disable TLS for the GCS endpoint.
|
1415
|
-
|
1416
|
-
|
1417
|
-
:param pulumi.Input[str]
|
1418
|
-
using a non-Google GCS implementation like fake-gcs-server.
|
1419
|
-
:param pulumi.Input[str] google_gcs_bucket: `<required>` - GCS bucket to write snapshots to.
|
1420
|
-
:param pulumi.Input[str] google_service_account_key: Google service account key in JSON format.
|
1421
|
-
The raw value looks like this:
|
1422
|
-
|
1423
|
-
```python
|
1424
|
-
import pulumi
|
1425
|
-
```
|
1345
|
+
:param pulumi.Input[bool] google_disable_tls: Disable TLS for the GCS endpoint.
|
1346
|
+
:param pulumi.Input[str] google_endpoint: GCS endpoint. This is typically only set when using a non-Google GCS implementation like fake-gcs-server.
|
1347
|
+
:param pulumi.Input[str] google_gcs_bucket: GCS bucket to write snapshots to.
|
1348
|
+
:param pulumi.Input[str] google_service_account_key: Google service account key in JSON format.
|
1426
1349
|
:param pulumi.Input[int] interval_seconds: `<required>` - Time (in seconds) between snapshots.
|
1427
|
-
:param pulumi.Input[int] local_max_space:
|
1428
|
-
space, in bytes, to use for snapshots. Snapshot attempts will fail if there is not enough
|
1429
|
-
space left in this allowance.
|
1350
|
+
:param pulumi.Input[int] local_max_space: The maximum space, in bytes, to use for snapshots.
|
1430
1351
|
:param pulumi.Input[str] name: `<required>` – Name of the configuration to modify.
|
1431
1352
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
1432
1353
|
The value should not contain leading or trailing forward slashes.
|
1433
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
1354
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
1434
1355
|
*Available only for Vault Enterprise*.
|
1435
1356
|
:param pulumi.Input[str] path_prefix: `<required>` - For `storage_type = "local"`, the directory to
|
1436
1357
|
write the snapshots in. For cloud storage types, the bucket prefix to use.
|
@@ -1489,7 +1410,7 @@ class RaftSnapshotAgentConfig(pulumi.CustomResource):
|
|
1489
1410
|
@pulumi.getter(name="awsS3Bucket")
|
1490
1411
|
def aws_s3_bucket(self) -> pulumi.Output[Optional[str]]:
|
1491
1412
|
"""
|
1492
|
-
|
1413
|
+
S3 bucket to write snapshots to.
|
1493
1414
|
"""
|
1494
1415
|
return pulumi.get(self, "aws_s3_bucket")
|
1495
1416
|
|
@@ -1497,9 +1418,7 @@ class RaftSnapshotAgentConfig(pulumi.CustomResource):
|
|
1497
1418
|
@pulumi.getter(name="awsS3DisableTls")
|
1498
1419
|
def aws_s3_disable_tls(self) -> pulumi.Output[Optional[bool]]:
|
1499
1420
|
"""
|
1500
|
-
Disable TLS for the S3 endpoint. This
|
1501
|
-
should only be used for testing purposes, typically in conjunction with
|
1502
|
-
`aws_s3_endpoint`.
|
1421
|
+
Disable TLS for the S3 endpoint. This should only be used for testing purposes.
|
1503
1422
|
"""
|
1504
1423
|
return pulumi.get(self, "aws_s3_disable_tls")
|
1505
1424
|
|
@@ -1515,8 +1434,7 @@ class RaftSnapshotAgentConfig(pulumi.CustomResource):
|
|
1515
1434
|
@pulumi.getter(name="awsS3Endpoint")
|
1516
1435
|
def aws_s3_endpoint(self) -> pulumi.Output[Optional[str]]:
|
1517
1436
|
"""
|
1518
|
-
AWS endpoint. This is typically only set when
|
1519
|
-
using a non-AWS S3 implementation like Minio.
|
1437
|
+
AWS endpoint. This is typically only set when using a non-AWS S3 implementation like Minio.
|
1520
1438
|
"""
|
1521
1439
|
return pulumi.get(self, "aws_s3_endpoint")
|
1522
1440
|
|
@@ -1524,8 +1442,7 @@ class RaftSnapshotAgentConfig(pulumi.CustomResource):
|
|
1524
1442
|
@pulumi.getter(name="awsS3ForcePathStyle")
|
1525
1443
|
def aws_s3_force_path_style(self) -> pulumi.Output[Optional[bool]]:
|
1526
1444
|
"""
|
1527
|
-
Use the endpoint/bucket URL style
|
1528
|
-
instead of bucket.endpoint. May be needed when setting `aws_s3_endpoint`.
|
1445
|
+
Use the endpoint/bucket URL style instead of bucket.endpoint.
|
1529
1446
|
"""
|
1530
1447
|
return pulumi.get(self, "aws_s3_force_path_style")
|
1531
1448
|
|
@@ -1533,7 +1450,7 @@ class RaftSnapshotAgentConfig(pulumi.CustomResource):
|
|
1533
1450
|
@pulumi.getter(name="awsS3KmsKey")
|
1534
1451
|
def aws_s3_kms_key(self) -> pulumi.Output[Optional[str]]:
|
1535
1452
|
"""
|
1536
|
-
Use named KMS key, when
|
1453
|
+
Use named KMS key, when aws_s3_enable_kms=true
|
1537
1454
|
"""
|
1538
1455
|
return pulumi.get(self, "aws_s3_kms_key")
|
1539
1456
|
|
@@ -1541,7 +1458,7 @@ class RaftSnapshotAgentConfig(pulumi.CustomResource):
|
|
1541
1458
|
@pulumi.getter(name="awsS3Region")
|
1542
1459
|
def aws_s3_region(self) -> pulumi.Output[Optional[str]]:
|
1543
1460
|
"""
|
1544
|
-
|
1461
|
+
AWS region bucket is in.
|
1545
1462
|
"""
|
1546
1463
|
return pulumi.get(self, "aws_s3_region")
|
1547
1464
|
|
@@ -1597,8 +1514,7 @@ class RaftSnapshotAgentConfig(pulumi.CustomResource):
|
|
1597
1514
|
@pulumi.getter(name="azureContainerName")
|
1598
1515
|
def azure_container_name(self) -> pulumi.Output[Optional[str]]:
|
1599
1516
|
"""
|
1600
|
-
|
1601
|
-
snapshots to.
|
1517
|
+
Azure container name to write snapshots to.
|
1602
1518
|
"""
|
1603
1519
|
return pulumi.get(self, "azure_container_name")
|
1604
1520
|
|
@@ -1606,8 +1522,7 @@ class RaftSnapshotAgentConfig(pulumi.CustomResource):
|
|
1606
1522
|
@pulumi.getter(name="azureEndpoint")
|
1607
1523
|
def azure_endpoint(self) -> pulumi.Output[Optional[str]]:
|
1608
1524
|
"""
|
1609
|
-
Azure blob storage endpoint. This is typically
|
1610
|
-
only set when using a non-Azure implementation like Azurite.
|
1525
|
+
Azure blob storage endpoint. This is typically only set when using a non-Azure implementation like Azurite.
|
1611
1526
|
"""
|
1612
1527
|
return pulumi.get(self, "azure_endpoint")
|
1613
1528
|
|
@@ -1625,9 +1540,7 @@ class RaftSnapshotAgentConfig(pulumi.CustomResource):
|
|
1625
1540
|
@pulumi.getter(name="googleDisableTls")
|
1626
1541
|
def google_disable_tls(self) -> pulumi.Output[Optional[bool]]:
|
1627
1542
|
"""
|
1628
|
-
Disable TLS for the GCS endpoint.
|
1629
|
-
should only be used for testing purposes, typically in conjunction with
|
1630
|
-
`google_endpoint`.
|
1543
|
+
Disable TLS for the GCS endpoint.
|
1631
1544
|
"""
|
1632
1545
|
return pulumi.get(self, "google_disable_tls")
|
1633
1546
|
|
@@ -1635,8 +1548,7 @@ class RaftSnapshotAgentConfig(pulumi.CustomResource):
|
|
1635
1548
|
@pulumi.getter(name="googleEndpoint")
|
1636
1549
|
def google_endpoint(self) -> pulumi.Output[Optional[str]]:
|
1637
1550
|
"""
|
1638
|
-
GCS endpoint. This is typically only set when
|
1639
|
-
using a non-Google GCS implementation like fake-gcs-server.
|
1551
|
+
GCS endpoint. This is typically only set when using a non-Google GCS implementation like fake-gcs-server.
|
1640
1552
|
"""
|
1641
1553
|
return pulumi.get(self, "google_endpoint")
|
1642
1554
|
|
@@ -1644,7 +1556,7 @@ class RaftSnapshotAgentConfig(pulumi.CustomResource):
|
|
1644
1556
|
@pulumi.getter(name="googleGcsBucket")
|
1645
1557
|
def google_gcs_bucket(self) -> pulumi.Output[Optional[str]]:
|
1646
1558
|
"""
|
1647
|
-
|
1559
|
+
GCS bucket to write snapshots to.
|
1648
1560
|
"""
|
1649
1561
|
return pulumi.get(self, "google_gcs_bucket")
|
1650
1562
|
|
@@ -1652,12 +1564,7 @@ class RaftSnapshotAgentConfig(pulumi.CustomResource):
|
|
1652
1564
|
@pulumi.getter(name="googleServiceAccountKey")
|
1653
1565
|
def google_service_account_key(self) -> pulumi.Output[Optional[str]]:
|
1654
1566
|
"""
|
1655
|
-
Google service account key in JSON format.
|
1656
|
-
The raw value looks like this:
|
1657
|
-
|
1658
|
-
```python
|
1659
|
-
import pulumi
|
1660
|
-
```
|
1567
|
+
Google service account key in JSON format.
|
1661
1568
|
"""
|
1662
1569
|
return pulumi.get(self, "google_service_account_key")
|
1663
1570
|
|
@@ -1673,9 +1580,7 @@ class RaftSnapshotAgentConfig(pulumi.CustomResource):
|
|
1673
1580
|
@pulumi.getter(name="localMaxSpace")
|
1674
1581
|
def local_max_space(self) -> pulumi.Output[Optional[int]]:
|
1675
1582
|
"""
|
1676
|
-
|
1677
|
-
space, in bytes, to use for snapshots. Snapshot attempts will fail if there is not enough
|
1678
|
-
space left in this allowance.
|
1583
|
+
The maximum space, in bytes, to use for snapshots.
|
1679
1584
|
"""
|
1680
1585
|
return pulumi.get(self, "local_max_space")
|
1681
1586
|
|
@@ -1693,7 +1598,7 @@ class RaftSnapshotAgentConfig(pulumi.CustomResource):
|
|
1693
1598
|
"""
|
1694
1599
|
The namespace to provision the resource in.
|
1695
1600
|
The value should not contain leading or trailing forward slashes.
|
1696
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
1601
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
1697
1602
|
*Available only for Vault Enterprise*.
|
1698
1603
|
"""
|
1699
1604
|
return pulumi.get(self, "namespace")
|