pulumi-vault 5.21.0a1709368526__py3-none-any.whl → 6.5.0a1736836139__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +52 -0
- pulumi_vault/_inputs.py +560 -0
- pulumi_vault/_utilities.py +41 -5
- pulumi_vault/ad/get_access_credentials.py +26 -9
- pulumi_vault/ad/secret_backend.py +16 -142
- pulumi_vault/ad/secret_library.py +16 -9
- pulumi_vault/ad/secret_role.py +14 -9
- pulumi_vault/alicloud/auth_backend_role.py +76 -190
- pulumi_vault/approle/auth_backend_login.py +12 -7
- pulumi_vault/approle/auth_backend_role.py +77 -191
- pulumi_vault/approle/auth_backend_role_secret_id.py +106 -7
- pulumi_vault/approle/get_auth_backend_role_id.py +18 -5
- pulumi_vault/audit.py +30 -21
- pulumi_vault/audit_request_header.py +11 -2
- pulumi_vault/auth_backend.py +66 -14
- pulumi_vault/aws/auth_backend_cert.py +18 -9
- pulumi_vault/aws/auth_backend_client.py +267 -22
- pulumi_vault/aws/auth_backend_config_identity.py +14 -9
- pulumi_vault/aws/auth_backend_identity_whitelist.py +20 -15
- pulumi_vault/aws/auth_backend_login.py +19 -22
- pulumi_vault/aws/auth_backend_role.py +77 -191
- pulumi_vault/aws/auth_backend_role_tag.py +12 -7
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -13
- pulumi_vault/aws/auth_backend_sts_role.py +14 -9
- pulumi_vault/aws/get_access_credentials.py +38 -9
- pulumi_vault/aws/get_static_access_credentials.py +19 -5
- pulumi_vault/aws/secret_backend.py +77 -9
- pulumi_vault/aws/secret_backend_role.py +185 -9
- pulumi_vault/aws/secret_backend_static_role.py +20 -11
- pulumi_vault/azure/_inputs.py +24 -0
- pulumi_vault/azure/auth_backend_config.py +153 -15
- pulumi_vault/azure/auth_backend_role.py +77 -191
- pulumi_vault/azure/backend.py +227 -21
- pulumi_vault/azure/backend_role.py +42 -37
- pulumi_vault/azure/get_access_credentials.py +41 -7
- pulumi_vault/azure/outputs.py +5 -0
- pulumi_vault/cert_auth_backend_role.py +87 -267
- pulumi_vault/config/__init__.pyi +5 -0
- pulumi_vault/config/_inputs.py +73 -0
- pulumi_vault/config/outputs.py +35 -0
- pulumi_vault/config/ui_custom_message.py +529 -0
- pulumi_vault/config/vars.py +5 -0
- pulumi_vault/consul/secret_backend.py +28 -19
- pulumi_vault/consul/secret_backend_role.py +18 -78
- pulumi_vault/database/_inputs.py +2770 -881
- pulumi_vault/database/outputs.py +721 -838
- pulumi_vault/database/secret_backend_connection.py +119 -112
- pulumi_vault/database/secret_backend_role.py +31 -22
- pulumi_vault/database/secret_backend_static_role.py +87 -13
- pulumi_vault/database/secrets_mount.py +427 -136
- pulumi_vault/egp_policy.py +16 -11
- pulumi_vault/gcp/_inputs.py +111 -0
- pulumi_vault/gcp/auth_backend.py +250 -33
- pulumi_vault/gcp/auth_backend_role.py +77 -269
- pulumi_vault/gcp/get_auth_backend_role.py +43 -5
- pulumi_vault/gcp/outputs.py +5 -0
- pulumi_vault/gcp/secret_backend.py +287 -12
- pulumi_vault/gcp/secret_impersonated_account.py +76 -15
- pulumi_vault/gcp/secret_roleset.py +31 -24
- pulumi_vault/gcp/secret_static_account.py +39 -32
- pulumi_vault/generic/endpoint.py +24 -17
- pulumi_vault/generic/get_secret.py +64 -8
- pulumi_vault/generic/secret.py +21 -16
- pulumi_vault/get_auth_backend.py +24 -7
- pulumi_vault/get_auth_backends.py +51 -9
- pulumi_vault/get_namespace.py +226 -0
- pulumi_vault/get_namespaces.py +153 -0
- pulumi_vault/get_nomad_access_token.py +31 -11
- pulumi_vault/get_policy_document.py +34 -19
- pulumi_vault/get_raft_autopilot_state.py +29 -10
- pulumi_vault/github/_inputs.py +55 -0
- pulumi_vault/github/auth_backend.py +19 -14
- pulumi_vault/github/outputs.py +5 -0
- pulumi_vault/github/team.py +16 -11
- pulumi_vault/github/user.py +16 -11
- pulumi_vault/identity/entity.py +20 -13
- pulumi_vault/identity/entity_alias.py +20 -13
- pulumi_vault/identity/entity_policies.py +28 -11
- pulumi_vault/identity/get_entity.py +42 -10
- pulumi_vault/identity/get_group.py +47 -9
- pulumi_vault/identity/get_oidc_client_creds.py +21 -7
- pulumi_vault/identity/get_oidc_openid_config.py +39 -9
- pulumi_vault/identity/get_oidc_public_keys.py +29 -10
- pulumi_vault/identity/group.py +58 -39
- pulumi_vault/identity/group_alias.py +16 -9
- pulumi_vault/identity/group_member_entity_ids.py +28 -66
- pulumi_vault/identity/group_member_group_ids.py +40 -19
- pulumi_vault/identity/group_policies.py +20 -7
- pulumi_vault/identity/mfa_duo.py +11 -6
- pulumi_vault/identity/mfa_login_enforcement.py +15 -6
- pulumi_vault/identity/mfa_okta.py +11 -6
- pulumi_vault/identity/mfa_pingid.py +7 -2
- pulumi_vault/identity/mfa_totp.py +7 -2
- pulumi_vault/identity/oidc.py +12 -7
- pulumi_vault/identity/oidc_assignment.py +24 -11
- pulumi_vault/identity/oidc_client.py +36 -23
- pulumi_vault/identity/oidc_key.py +30 -17
- pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -15
- pulumi_vault/identity/oidc_provider.py +36 -21
- pulumi_vault/identity/oidc_role.py +42 -21
- pulumi_vault/identity/oidc_scope.py +20 -13
- pulumi_vault/identity/outputs.py +8 -3
- pulumi_vault/jwt/_inputs.py +55 -0
- pulumi_vault/jwt/auth_backend.py +45 -40
- pulumi_vault/jwt/auth_backend_role.py +133 -254
- pulumi_vault/jwt/outputs.py +5 -0
- pulumi_vault/kmip/secret_backend.py +24 -19
- pulumi_vault/kmip/secret_role.py +14 -9
- pulumi_vault/kmip/secret_scope.py +14 -9
- pulumi_vault/kubernetes/auth_backend_config.py +57 -5
- pulumi_vault/kubernetes/auth_backend_role.py +70 -177
- pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
- pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
- pulumi_vault/kubernetes/get_service_account_token.py +39 -11
- pulumi_vault/kubernetes/secret_backend.py +316 -27
- pulumi_vault/kubernetes/secret_backend_role.py +137 -46
- pulumi_vault/kv/_inputs.py +36 -4
- pulumi_vault/kv/get_secret.py +25 -8
- pulumi_vault/kv/get_secret_subkeys_v2.py +33 -10
- pulumi_vault/kv/get_secret_v2.py +85 -9
- pulumi_vault/kv/get_secrets_list.py +24 -11
- pulumi_vault/kv/get_secrets_list_v2.py +37 -15
- pulumi_vault/kv/outputs.py +8 -3
- pulumi_vault/kv/secret.py +23 -16
- pulumi_vault/kv/secret_backend_v2.py +20 -11
- pulumi_vault/kv/secret_v2.py +59 -50
- pulumi_vault/ldap/auth_backend.py +127 -166
- pulumi_vault/ldap/auth_backend_group.py +14 -9
- pulumi_vault/ldap/auth_backend_user.py +14 -9
- pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
- pulumi_vault/ldap/get_static_credentials.py +24 -5
- pulumi_vault/ldap/secret_backend.py +354 -82
- pulumi_vault/ldap/secret_backend_dynamic_role.py +18 -11
- pulumi_vault/ldap/secret_backend_library_set.py +16 -9
- pulumi_vault/ldap/secret_backend_static_role.py +73 -12
- pulumi_vault/managed/_inputs.py +289 -132
- pulumi_vault/managed/keys.py +29 -57
- pulumi_vault/managed/outputs.py +89 -132
- pulumi_vault/mfa_duo.py +18 -11
- pulumi_vault/mfa_okta.py +18 -11
- pulumi_vault/mfa_pingid.py +18 -11
- pulumi_vault/mfa_totp.py +24 -17
- pulumi_vault/mongodbatlas/secret_backend.py +20 -15
- pulumi_vault/mongodbatlas/secret_role.py +47 -38
- pulumi_vault/mount.py +391 -51
- pulumi_vault/namespace.py +68 -83
- pulumi_vault/nomad_secret_backend.py +18 -13
- pulumi_vault/nomad_secret_role.py +14 -9
- pulumi_vault/okta/_inputs.py +47 -8
- pulumi_vault/okta/auth_backend.py +485 -39
- pulumi_vault/okta/auth_backend_group.py +14 -9
- pulumi_vault/okta/auth_backend_user.py +14 -9
- pulumi_vault/okta/outputs.py +13 -8
- pulumi_vault/outputs.py +5 -0
- pulumi_vault/password_policy.py +20 -13
- pulumi_vault/pkisecret/__init__.py +3 -0
- pulumi_vault/pkisecret/_inputs.py +81 -0
- pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
- pulumi_vault/pkisecret/backend_config_est.py +619 -0
- pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
- pulumi_vault/pkisecret/get_backend_issuer.py +67 -9
- pulumi_vault/pkisecret/get_backend_issuers.py +21 -8
- pulumi_vault/pkisecret/get_backend_key.py +24 -9
- pulumi_vault/pkisecret/get_backend_keys.py +21 -8
- pulumi_vault/pkisecret/outputs.py +69 -0
- pulumi_vault/pkisecret/secret_backend_cert.py +18 -11
- pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -11
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +14 -9
- pulumi_vault/pkisecret/secret_backend_config_urls.py +67 -11
- pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -9
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -11
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -17
- pulumi_vault/pkisecret/secret_backend_issuer.py +14 -9
- pulumi_vault/pkisecret/secret_backend_key.py +14 -9
- pulumi_vault/pkisecret/secret_backend_role.py +21 -14
- pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -48
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -56
- pulumi_vault/pkisecret/secret_backend_sign.py +18 -54
- pulumi_vault/plugin.py +595 -0
- pulumi_vault/plugin_pinned_version.py +298 -0
- pulumi_vault/policy.py +14 -9
- pulumi_vault/provider.py +48 -53
- pulumi_vault/pulumi-plugin.json +2 -1
- pulumi_vault/quota_lease_count.py +60 -6
- pulumi_vault/quota_rate_limit.py +56 -2
- pulumi_vault/rabbitmq/_inputs.py +61 -0
- pulumi_vault/rabbitmq/outputs.py +5 -0
- pulumi_vault/rabbitmq/secret_backend.py +18 -13
- pulumi_vault/rabbitmq/secret_backend_role.py +54 -47
- pulumi_vault/raft_autopilot.py +14 -9
- pulumi_vault/raft_snapshot_agent_config.py +129 -224
- pulumi_vault/rgp_policy.py +14 -9
- pulumi_vault/saml/auth_backend.py +22 -17
- pulumi_vault/saml/auth_backend_role.py +92 -197
- pulumi_vault/secrets/__init__.py +3 -0
- pulumi_vault/secrets/_inputs.py +110 -0
- pulumi_vault/secrets/outputs.py +94 -0
- pulumi_vault/secrets/sync_association.py +56 -71
- pulumi_vault/secrets/sync_aws_destination.py +242 -27
- pulumi_vault/secrets/sync_azure_destination.py +92 -31
- pulumi_vault/secrets/sync_config.py +9 -4
- pulumi_vault/secrets/sync_gcp_destination.py +158 -25
- pulumi_vault/secrets/sync_gh_destination.py +189 -13
- pulumi_vault/secrets/sync_github_apps.py +375 -0
- pulumi_vault/secrets/sync_vercel_destination.py +74 -13
- pulumi_vault/ssh/_inputs.py +28 -28
- pulumi_vault/ssh/outputs.py +11 -28
- pulumi_vault/ssh/secret_backend_ca.py +108 -9
- pulumi_vault/ssh/secret_backend_role.py +85 -118
- pulumi_vault/terraformcloud/secret_backend.py +7 -54
- pulumi_vault/terraformcloud/secret_creds.py +14 -20
- pulumi_vault/terraformcloud/secret_role.py +16 -74
- pulumi_vault/token.py +28 -23
- pulumi_vault/tokenauth/auth_backend_role.py +78 -199
- pulumi_vault/transform/alphabet.py +16 -9
- pulumi_vault/transform/get_decode.py +45 -17
- pulumi_vault/transform/get_encode.py +45 -17
- pulumi_vault/transform/role.py +16 -9
- pulumi_vault/transform/template.py +30 -21
- pulumi_vault/transform/transformation.py +12 -7
- pulumi_vault/transit/get_decrypt.py +26 -21
- pulumi_vault/transit/get_encrypt.py +24 -19
- pulumi_vault/transit/secret_backend_key.py +27 -93
- pulumi_vault/transit/secret_cache_config.py +12 -7
- {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/METADATA +8 -7
- pulumi_vault-6.5.0a1736836139.dist-info/RECORD +256 -0
- {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/WHEEL +1 -1
- pulumi_vault-5.21.0a1709368526.dist-info/RECORD +0 -244
- {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/top_level.txt +0 -0
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
|
12
17
|
__all__ = ['AuthBackendRoleArgs', 'AuthBackendRole']
|
@@ -15,7 +20,7 @@ __all__ = ['AuthBackendRoleArgs', 'AuthBackendRole']
|
|
15
20
|
class AuthBackendRoleArgs:
|
16
21
|
def __init__(__self__, *,
|
17
22
|
path: pulumi.Input[str],
|
18
|
-
bound_attributes: Optional[pulumi.Input[Mapping[str,
|
23
|
+
bound_attributes: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
19
24
|
bound_attributes_type: Optional[pulumi.Input[str]] = None,
|
20
25
|
bound_subjects: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
21
26
|
bound_subjects_type: Optional[pulumi.Input[str]] = None,
|
@@ -34,7 +39,7 @@ class AuthBackendRoleArgs:
|
|
34
39
|
"""
|
35
40
|
The set of arguments for constructing a AuthBackendRole resource.
|
36
41
|
:param pulumi.Input[str] path: Path where the auth backend is mounted.
|
37
|
-
:param pulumi.Input[Mapping[str,
|
42
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] bound_attributes: Mapping of attribute names to values that are expected to
|
38
43
|
exist in the SAML assertion.
|
39
44
|
:param pulumi.Input[str] bound_attributes_type: The type of matching assertion to perform on
|
40
45
|
`bound_attributes_type`.
|
@@ -45,33 +50,17 @@ class AuthBackendRoleArgs:
|
|
45
50
|
:param pulumi.Input[str] name: Unique name of the role.
|
46
51
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
47
52
|
The value should not contain leading or trailing forward slashes.
|
48
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
53
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
49
54
|
*Available only for Vault Enterprise*.
|
50
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs:
|
51
|
-
|
52
|
-
|
53
|
-
:param pulumi.Input[
|
54
|
-
[explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
|
55
|
-
onto the token in number of seconds. This is a hard cap even if `token_ttl` and
|
56
|
-
`token_max_ttl` would otherwise allow a renewal.
|
57
|
-
:param pulumi.Input[int] token_max_ttl: The maximum lifetime for generated tokens in number of seconds.
|
58
|
-
Its current value will be referenced at renewal time.
|
59
|
-
:param pulumi.Input[bool] token_no_default_policy: If set, the default policy will not be set on
|
60
|
-
generated tokens; otherwise it will be added to the policies set in token_policies.
|
55
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
|
56
|
+
:param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
|
57
|
+
:param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
|
58
|
+
:param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
|
61
59
|
:param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
|
62
|
-
:param pulumi.Input[int] token_period:
|
63
|
-
|
64
|
-
|
65
|
-
|
66
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: List of policies to encode onto generated tokens. Depending
|
67
|
-
on the auth method, this list may be supplemented by user/group/other values.
|
68
|
-
:param pulumi.Input[int] token_ttl: The incremental lifetime for generated tokens in number of seconds.
|
69
|
-
Its current value will be referenced at renewal time.
|
70
|
-
:param pulumi.Input[str] token_type: The type of token that should be generated. Can be `service`,
|
71
|
-
`batch`, or `default` to use the mount's tuned default (which unless changed will be
|
72
|
-
`service` tokens). For token store roles, there are two additional possibilities:
|
73
|
-
`default-service` and `default-batch` which specify the type to return unless the client
|
74
|
-
requests a different type at generation time.
|
60
|
+
:param pulumi.Input[int] token_period: Generated Token's Period
|
61
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
|
62
|
+
:param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
|
63
|
+
:param pulumi.Input[str] token_type: The type of token to generate, service or batch
|
75
64
|
"""
|
76
65
|
pulumi.set(__self__, "path", path)
|
77
66
|
if bound_attributes is not None:
|
@@ -121,7 +110,7 @@ class AuthBackendRoleArgs:
|
|
121
110
|
|
122
111
|
@property
|
123
112
|
@pulumi.getter(name="boundAttributes")
|
124
|
-
def bound_attributes(self) -> Optional[pulumi.Input[Mapping[str,
|
113
|
+
def bound_attributes(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
|
125
114
|
"""
|
126
115
|
Mapping of attribute names to values that are expected to
|
127
116
|
exist in the SAML assertion.
|
@@ -129,7 +118,7 @@ class AuthBackendRoleArgs:
|
|
129
118
|
return pulumi.get(self, "bound_attributes")
|
130
119
|
|
131
120
|
@bound_attributes.setter
|
132
|
-
def bound_attributes(self, value: Optional[pulumi.Input[Mapping[str,
|
121
|
+
def bound_attributes(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
|
133
122
|
pulumi.set(self, "bound_attributes", value)
|
134
123
|
|
135
124
|
@property
|
@@ -200,7 +189,7 @@ class AuthBackendRoleArgs:
|
|
200
189
|
"""
|
201
190
|
The namespace to provision the resource in.
|
202
191
|
The value should not contain leading or trailing forward slashes.
|
203
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
192
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
204
193
|
*Available only for Vault Enterprise*.
|
205
194
|
"""
|
206
195
|
return pulumi.get(self, "namespace")
|
@@ -213,9 +202,7 @@ class AuthBackendRoleArgs:
|
|
213
202
|
@pulumi.getter(name="tokenBoundCidrs")
|
214
203
|
def token_bound_cidrs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
215
204
|
"""
|
216
|
-
|
217
|
-
addresses which can authenticate successfully, and ties the resulting token to these blocks
|
218
|
-
as well.
|
205
|
+
Specifies the blocks of IP addresses which are allowed to use the generated token
|
219
206
|
"""
|
220
207
|
return pulumi.get(self, "token_bound_cidrs")
|
221
208
|
|
@@ -227,10 +214,7 @@ class AuthBackendRoleArgs:
|
|
227
214
|
@pulumi.getter(name="tokenExplicitMaxTtl")
|
228
215
|
def token_explicit_max_ttl(self) -> Optional[pulumi.Input[int]]:
|
229
216
|
"""
|
230
|
-
|
231
|
-
[explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
|
232
|
-
onto the token in number of seconds. This is a hard cap even if `token_ttl` and
|
233
|
-
`token_max_ttl` would otherwise allow a renewal.
|
217
|
+
Generated Token's Explicit Maximum TTL in seconds
|
234
218
|
"""
|
235
219
|
return pulumi.get(self, "token_explicit_max_ttl")
|
236
220
|
|
@@ -242,8 +226,7 @@ class AuthBackendRoleArgs:
|
|
242
226
|
@pulumi.getter(name="tokenMaxTtl")
|
243
227
|
def token_max_ttl(self) -> Optional[pulumi.Input[int]]:
|
244
228
|
"""
|
245
|
-
The maximum lifetime
|
246
|
-
Its current value will be referenced at renewal time.
|
229
|
+
The maximum lifetime of the generated token
|
247
230
|
"""
|
248
231
|
return pulumi.get(self, "token_max_ttl")
|
249
232
|
|
@@ -255,8 +238,7 @@ class AuthBackendRoleArgs:
|
|
255
238
|
@pulumi.getter(name="tokenNoDefaultPolicy")
|
256
239
|
def token_no_default_policy(self) -> Optional[pulumi.Input[bool]]:
|
257
240
|
"""
|
258
|
-
If
|
259
|
-
generated tokens; otherwise it will be added to the policies set in token_policies.
|
241
|
+
If true, the 'default' policy will not automatically be added to generated tokens
|
260
242
|
"""
|
261
243
|
return pulumi.get(self, "token_no_default_policy")
|
262
244
|
|
@@ -280,10 +262,7 @@ class AuthBackendRoleArgs:
|
|
280
262
|
@pulumi.getter(name="tokenPeriod")
|
281
263
|
def token_period(self) -> Optional[pulumi.Input[int]]:
|
282
264
|
"""
|
283
|
-
|
284
|
-
token generated using this role should never expire. The token should be renewed within the
|
285
|
-
duration specified by this value. At each renewal, the token's TTL will be set to the
|
286
|
-
value of this field. Specified in seconds.
|
265
|
+
Generated Token's Period
|
287
266
|
"""
|
288
267
|
return pulumi.get(self, "token_period")
|
289
268
|
|
@@ -295,8 +274,7 @@ class AuthBackendRoleArgs:
|
|
295
274
|
@pulumi.getter(name="tokenPolicies")
|
296
275
|
def token_policies(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
297
276
|
"""
|
298
|
-
|
299
|
-
on the auth method, this list may be supplemented by user/group/other values.
|
277
|
+
Generated Token's Policies
|
300
278
|
"""
|
301
279
|
return pulumi.get(self, "token_policies")
|
302
280
|
|
@@ -308,8 +286,7 @@ class AuthBackendRoleArgs:
|
|
308
286
|
@pulumi.getter(name="tokenTtl")
|
309
287
|
def token_ttl(self) -> Optional[pulumi.Input[int]]:
|
310
288
|
"""
|
311
|
-
The
|
312
|
-
Its current value will be referenced at renewal time.
|
289
|
+
The initial ttl of the token to generate in seconds
|
313
290
|
"""
|
314
291
|
return pulumi.get(self, "token_ttl")
|
315
292
|
|
@@ -321,11 +298,7 @@ class AuthBackendRoleArgs:
|
|
321
298
|
@pulumi.getter(name="tokenType")
|
322
299
|
def token_type(self) -> Optional[pulumi.Input[str]]:
|
323
300
|
"""
|
324
|
-
The type of token
|
325
|
-
`batch`, or `default` to use the mount's tuned default (which unless changed will be
|
326
|
-
`service` tokens). For token store roles, there are two additional possibilities:
|
327
|
-
`default-service` and `default-batch` which specify the type to return unless the client
|
328
|
-
requests a different type at generation time.
|
301
|
+
The type of token to generate, service or batch
|
329
302
|
"""
|
330
303
|
return pulumi.get(self, "token_type")
|
331
304
|
|
@@ -337,7 +310,7 @@ class AuthBackendRoleArgs:
|
|
337
310
|
@pulumi.input_type
|
338
311
|
class _AuthBackendRoleState:
|
339
312
|
def __init__(__self__, *,
|
340
|
-
bound_attributes: Optional[pulumi.Input[Mapping[str,
|
313
|
+
bound_attributes: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
341
314
|
bound_attributes_type: Optional[pulumi.Input[str]] = None,
|
342
315
|
bound_subjects: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
343
316
|
bound_subjects_type: Optional[pulumi.Input[str]] = None,
|
@@ -356,7 +329,7 @@ class _AuthBackendRoleState:
|
|
356
329
|
token_type: Optional[pulumi.Input[str]] = None):
|
357
330
|
"""
|
358
331
|
Input properties used for looking up and filtering AuthBackendRole resources.
|
359
|
-
:param pulumi.Input[Mapping[str,
|
332
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] bound_attributes: Mapping of attribute names to values that are expected to
|
360
333
|
exist in the SAML assertion.
|
361
334
|
:param pulumi.Input[str] bound_attributes_type: The type of matching assertion to perform on
|
362
335
|
`bound_attributes_type`.
|
@@ -367,34 +340,18 @@ class _AuthBackendRoleState:
|
|
367
340
|
:param pulumi.Input[str] name: Unique name of the role.
|
368
341
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
369
342
|
The value should not contain leading or trailing forward slashes.
|
370
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
343
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
371
344
|
*Available only for Vault Enterprise*.
|
372
345
|
:param pulumi.Input[str] path: Path where the auth backend is mounted.
|
373
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs:
|
374
|
-
|
375
|
-
|
376
|
-
:param pulumi.Input[
|
377
|
-
[explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
|
378
|
-
onto the token in number of seconds. This is a hard cap even if `token_ttl` and
|
379
|
-
`token_max_ttl` would otherwise allow a renewal.
|
380
|
-
:param pulumi.Input[int] token_max_ttl: The maximum lifetime for generated tokens in number of seconds.
|
381
|
-
Its current value will be referenced at renewal time.
|
382
|
-
:param pulumi.Input[bool] token_no_default_policy: If set, the default policy will not be set on
|
383
|
-
generated tokens; otherwise it will be added to the policies set in token_policies.
|
346
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
|
347
|
+
:param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
|
348
|
+
:param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
|
349
|
+
:param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
|
384
350
|
:param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
|
385
|
-
:param pulumi.Input[int] token_period:
|
386
|
-
|
387
|
-
|
388
|
-
|
389
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: List of policies to encode onto generated tokens. Depending
|
390
|
-
on the auth method, this list may be supplemented by user/group/other values.
|
391
|
-
:param pulumi.Input[int] token_ttl: The incremental lifetime for generated tokens in number of seconds.
|
392
|
-
Its current value will be referenced at renewal time.
|
393
|
-
:param pulumi.Input[str] token_type: The type of token that should be generated. Can be `service`,
|
394
|
-
`batch`, or `default` to use the mount's tuned default (which unless changed will be
|
395
|
-
`service` tokens). For token store roles, there are two additional possibilities:
|
396
|
-
`default-service` and `default-batch` which specify the type to return unless the client
|
397
|
-
requests a different type at generation time.
|
351
|
+
:param pulumi.Input[int] token_period: Generated Token's Period
|
352
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
|
353
|
+
:param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
|
354
|
+
:param pulumi.Input[str] token_type: The type of token to generate, service or batch
|
398
355
|
"""
|
399
356
|
if bound_attributes is not None:
|
400
357
|
pulumi.set(__self__, "bound_attributes", bound_attributes)
|
@@ -433,7 +390,7 @@ class _AuthBackendRoleState:
|
|
433
390
|
|
434
391
|
@property
|
435
392
|
@pulumi.getter(name="boundAttributes")
|
436
|
-
def bound_attributes(self) -> Optional[pulumi.Input[Mapping[str,
|
393
|
+
def bound_attributes(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
|
437
394
|
"""
|
438
395
|
Mapping of attribute names to values that are expected to
|
439
396
|
exist in the SAML assertion.
|
@@ -441,7 +398,7 @@ class _AuthBackendRoleState:
|
|
441
398
|
return pulumi.get(self, "bound_attributes")
|
442
399
|
|
443
400
|
@bound_attributes.setter
|
444
|
-
def bound_attributes(self, value: Optional[pulumi.Input[Mapping[str,
|
401
|
+
def bound_attributes(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
|
445
402
|
pulumi.set(self, "bound_attributes", value)
|
446
403
|
|
447
404
|
@property
|
@@ -512,7 +469,7 @@ class _AuthBackendRoleState:
|
|
512
469
|
"""
|
513
470
|
The namespace to provision the resource in.
|
514
471
|
The value should not contain leading or trailing forward slashes.
|
515
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
472
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
516
473
|
*Available only for Vault Enterprise*.
|
517
474
|
"""
|
518
475
|
return pulumi.get(self, "namespace")
|
@@ -537,9 +494,7 @@ class _AuthBackendRoleState:
|
|
537
494
|
@pulumi.getter(name="tokenBoundCidrs")
|
538
495
|
def token_bound_cidrs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
539
496
|
"""
|
540
|
-
|
541
|
-
addresses which can authenticate successfully, and ties the resulting token to these blocks
|
542
|
-
as well.
|
497
|
+
Specifies the blocks of IP addresses which are allowed to use the generated token
|
543
498
|
"""
|
544
499
|
return pulumi.get(self, "token_bound_cidrs")
|
545
500
|
|
@@ -551,10 +506,7 @@ class _AuthBackendRoleState:
|
|
551
506
|
@pulumi.getter(name="tokenExplicitMaxTtl")
|
552
507
|
def token_explicit_max_ttl(self) -> Optional[pulumi.Input[int]]:
|
553
508
|
"""
|
554
|
-
|
555
|
-
[explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
|
556
|
-
onto the token in number of seconds. This is a hard cap even if `token_ttl` and
|
557
|
-
`token_max_ttl` would otherwise allow a renewal.
|
509
|
+
Generated Token's Explicit Maximum TTL in seconds
|
558
510
|
"""
|
559
511
|
return pulumi.get(self, "token_explicit_max_ttl")
|
560
512
|
|
@@ -566,8 +518,7 @@ class _AuthBackendRoleState:
|
|
566
518
|
@pulumi.getter(name="tokenMaxTtl")
|
567
519
|
def token_max_ttl(self) -> Optional[pulumi.Input[int]]:
|
568
520
|
"""
|
569
|
-
The maximum lifetime
|
570
|
-
Its current value will be referenced at renewal time.
|
521
|
+
The maximum lifetime of the generated token
|
571
522
|
"""
|
572
523
|
return pulumi.get(self, "token_max_ttl")
|
573
524
|
|
@@ -579,8 +530,7 @@ class _AuthBackendRoleState:
|
|
579
530
|
@pulumi.getter(name="tokenNoDefaultPolicy")
|
580
531
|
def token_no_default_policy(self) -> Optional[pulumi.Input[bool]]:
|
581
532
|
"""
|
582
|
-
If
|
583
|
-
generated tokens; otherwise it will be added to the policies set in token_policies.
|
533
|
+
If true, the 'default' policy will not automatically be added to generated tokens
|
584
534
|
"""
|
585
535
|
return pulumi.get(self, "token_no_default_policy")
|
586
536
|
|
@@ -604,10 +554,7 @@ class _AuthBackendRoleState:
|
|
604
554
|
@pulumi.getter(name="tokenPeriod")
|
605
555
|
def token_period(self) -> Optional[pulumi.Input[int]]:
|
606
556
|
"""
|
607
|
-
|
608
|
-
token generated using this role should never expire. The token should be renewed within the
|
609
|
-
duration specified by this value. At each renewal, the token's TTL will be set to the
|
610
|
-
value of this field. Specified in seconds.
|
557
|
+
Generated Token's Period
|
611
558
|
"""
|
612
559
|
return pulumi.get(self, "token_period")
|
613
560
|
|
@@ -619,8 +566,7 @@ class _AuthBackendRoleState:
|
|
619
566
|
@pulumi.getter(name="tokenPolicies")
|
620
567
|
def token_policies(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
621
568
|
"""
|
622
|
-
|
623
|
-
on the auth method, this list may be supplemented by user/group/other values.
|
569
|
+
Generated Token's Policies
|
624
570
|
"""
|
625
571
|
return pulumi.get(self, "token_policies")
|
626
572
|
|
@@ -632,8 +578,7 @@ class _AuthBackendRoleState:
|
|
632
578
|
@pulumi.getter(name="tokenTtl")
|
633
579
|
def token_ttl(self) -> Optional[pulumi.Input[int]]:
|
634
580
|
"""
|
635
|
-
The
|
636
|
-
Its current value will be referenced at renewal time.
|
581
|
+
The initial ttl of the token to generate in seconds
|
637
582
|
"""
|
638
583
|
return pulumi.get(self, "token_ttl")
|
639
584
|
|
@@ -645,11 +590,7 @@ class _AuthBackendRoleState:
|
|
645
590
|
@pulumi.getter(name="tokenType")
|
646
591
|
def token_type(self) -> Optional[pulumi.Input[str]]:
|
647
592
|
"""
|
648
|
-
The type of token
|
649
|
-
`batch`, or `default` to use the mount's tuned default (which unless changed will be
|
650
|
-
`service` tokens). For token store roles, there are two additional possibilities:
|
651
|
-
`default-service` and `default-batch` which specify the type to return unless the client
|
652
|
-
requests a different type at generation time.
|
593
|
+
The type of token to generate, service or batch
|
653
594
|
"""
|
654
595
|
return pulumi.get(self, "token_type")
|
655
596
|
|
@@ -663,7 +604,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
663
604
|
def __init__(__self__,
|
664
605
|
resource_name: str,
|
665
606
|
opts: Optional[pulumi.ResourceOptions] = None,
|
666
|
-
bound_attributes: Optional[pulumi.Input[Mapping[str,
|
607
|
+
bound_attributes: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
667
608
|
bound_attributes_type: Optional[pulumi.Input[str]] = None,
|
668
609
|
bound_subjects: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
669
610
|
bound_subjects_type: Optional[pulumi.Input[str]] = None,
|
@@ -692,14 +633,15 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
692
633
|
import pulumi
|
693
634
|
import pulumi_vault as vault
|
694
635
|
|
695
|
-
|
636
|
+
example = vault.saml.AuthBackend("example",
|
696
637
|
path="saml",
|
697
638
|
idp_metadata_url="https://company.okta.com/app/abc123eb9xnIfzlaf697/sso/saml/metadata",
|
698
639
|
entity_id="https://my.vault/v1/auth/saml",
|
699
640
|
acs_urls=["https://my.vault.primary/v1/auth/saml/callback"],
|
700
641
|
default_role="default-role")
|
701
|
-
example_auth_backend_role = vault.saml.AuthBackendRole("
|
702
|
-
path=
|
642
|
+
example_auth_backend_role = vault.saml.AuthBackendRole("example",
|
643
|
+
path=example.path,
|
644
|
+
name="my-role",
|
703
645
|
groups_attribute="groups",
|
704
646
|
bound_attributes={
|
705
647
|
"group": "admin",
|
@@ -714,12 +656,12 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
714
656
|
SAML authentication backend roles can be imported using the `path`, e.g.
|
715
657
|
|
716
658
|
```sh
|
717
|
-
|
659
|
+
$ pulumi import vault:saml/authBackendRole:AuthBackendRole example auth/saml/role/my-role
|
718
660
|
```
|
719
661
|
|
720
662
|
:param str resource_name: The name of the resource.
|
721
663
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
722
|
-
:param pulumi.Input[Mapping[str,
|
664
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] bound_attributes: Mapping of attribute names to values that are expected to
|
723
665
|
exist in the SAML assertion.
|
724
666
|
:param pulumi.Input[str] bound_attributes_type: The type of matching assertion to perform on
|
725
667
|
`bound_attributes_type`.
|
@@ -730,34 +672,18 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
730
672
|
:param pulumi.Input[str] name: Unique name of the role.
|
731
673
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
732
674
|
The value should not contain leading or trailing forward slashes.
|
733
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
675
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
734
676
|
*Available only for Vault Enterprise*.
|
735
677
|
:param pulumi.Input[str] path: Path where the auth backend is mounted.
|
736
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs:
|
737
|
-
|
738
|
-
|
739
|
-
:param pulumi.Input[
|
740
|
-
[explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
|
741
|
-
onto the token in number of seconds. This is a hard cap even if `token_ttl` and
|
742
|
-
`token_max_ttl` would otherwise allow a renewal.
|
743
|
-
:param pulumi.Input[int] token_max_ttl: The maximum lifetime for generated tokens in number of seconds.
|
744
|
-
Its current value will be referenced at renewal time.
|
745
|
-
:param pulumi.Input[bool] token_no_default_policy: If set, the default policy will not be set on
|
746
|
-
generated tokens; otherwise it will be added to the policies set in token_policies.
|
678
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
|
679
|
+
:param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
|
680
|
+
:param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
|
681
|
+
:param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
|
747
682
|
:param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
|
748
|
-
:param pulumi.Input[int] token_period:
|
749
|
-
|
750
|
-
|
751
|
-
|
752
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: List of policies to encode onto generated tokens. Depending
|
753
|
-
on the auth method, this list may be supplemented by user/group/other values.
|
754
|
-
:param pulumi.Input[int] token_ttl: The incremental lifetime for generated tokens in number of seconds.
|
755
|
-
Its current value will be referenced at renewal time.
|
756
|
-
:param pulumi.Input[str] token_type: The type of token that should be generated. Can be `service`,
|
757
|
-
`batch`, or `default` to use the mount's tuned default (which unless changed will be
|
758
|
-
`service` tokens). For token store roles, there are two additional possibilities:
|
759
|
-
`default-service` and `default-batch` which specify the type to return unless the client
|
760
|
-
requests a different type at generation time.
|
683
|
+
:param pulumi.Input[int] token_period: Generated Token's Period
|
684
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
|
685
|
+
:param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
|
686
|
+
:param pulumi.Input[str] token_type: The type of token to generate, service or batch
|
761
687
|
"""
|
762
688
|
...
|
763
689
|
@overload
|
@@ -776,14 +702,15 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
776
702
|
import pulumi
|
777
703
|
import pulumi_vault as vault
|
778
704
|
|
779
|
-
|
705
|
+
example = vault.saml.AuthBackend("example",
|
780
706
|
path="saml",
|
781
707
|
idp_metadata_url="https://company.okta.com/app/abc123eb9xnIfzlaf697/sso/saml/metadata",
|
782
708
|
entity_id="https://my.vault/v1/auth/saml",
|
783
709
|
acs_urls=["https://my.vault.primary/v1/auth/saml/callback"],
|
784
710
|
default_role="default-role")
|
785
|
-
example_auth_backend_role = vault.saml.AuthBackendRole("
|
786
|
-
path=
|
711
|
+
example_auth_backend_role = vault.saml.AuthBackendRole("example",
|
712
|
+
path=example.path,
|
713
|
+
name="my-role",
|
787
714
|
groups_attribute="groups",
|
788
715
|
bound_attributes={
|
789
716
|
"group": "admin",
|
@@ -798,7 +725,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
798
725
|
SAML authentication backend roles can be imported using the `path`, e.g.
|
799
726
|
|
800
727
|
```sh
|
801
|
-
|
728
|
+
$ pulumi import vault:saml/authBackendRole:AuthBackendRole example auth/saml/role/my-role
|
802
729
|
```
|
803
730
|
|
804
731
|
:param str resource_name: The name of the resource.
|
@@ -816,7 +743,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
816
743
|
def _internal_init(__self__,
|
817
744
|
resource_name: str,
|
818
745
|
opts: Optional[pulumi.ResourceOptions] = None,
|
819
|
-
bound_attributes: Optional[pulumi.Input[Mapping[str,
|
746
|
+
bound_attributes: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
820
747
|
bound_attributes_type: Optional[pulumi.Input[str]] = None,
|
821
748
|
bound_subjects: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
822
749
|
bound_subjects_type: Optional[pulumi.Input[str]] = None,
|
@@ -871,7 +798,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
871
798
|
def get(resource_name: str,
|
872
799
|
id: pulumi.Input[str],
|
873
800
|
opts: Optional[pulumi.ResourceOptions] = None,
|
874
|
-
bound_attributes: Optional[pulumi.Input[Mapping[str,
|
801
|
+
bound_attributes: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
875
802
|
bound_attributes_type: Optional[pulumi.Input[str]] = None,
|
876
803
|
bound_subjects: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
877
804
|
bound_subjects_type: Optional[pulumi.Input[str]] = None,
|
@@ -895,7 +822,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
895
822
|
:param str resource_name: The unique name of the resulting resource.
|
896
823
|
:param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
|
897
824
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
898
|
-
:param pulumi.Input[Mapping[str,
|
825
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] bound_attributes: Mapping of attribute names to values that are expected to
|
899
826
|
exist in the SAML assertion.
|
900
827
|
:param pulumi.Input[str] bound_attributes_type: The type of matching assertion to perform on
|
901
828
|
`bound_attributes_type`.
|
@@ -906,34 +833,18 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
906
833
|
:param pulumi.Input[str] name: Unique name of the role.
|
907
834
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
908
835
|
The value should not contain leading or trailing forward slashes.
|
909
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
836
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
910
837
|
*Available only for Vault Enterprise*.
|
911
838
|
:param pulumi.Input[str] path: Path where the auth backend is mounted.
|
912
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs:
|
913
|
-
|
914
|
-
|
915
|
-
:param pulumi.Input[
|
916
|
-
[explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
|
917
|
-
onto the token in number of seconds. This is a hard cap even if `token_ttl` and
|
918
|
-
`token_max_ttl` would otherwise allow a renewal.
|
919
|
-
:param pulumi.Input[int] token_max_ttl: The maximum lifetime for generated tokens in number of seconds.
|
920
|
-
Its current value will be referenced at renewal time.
|
921
|
-
:param pulumi.Input[bool] token_no_default_policy: If set, the default policy will not be set on
|
922
|
-
generated tokens; otherwise it will be added to the policies set in token_policies.
|
839
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
|
840
|
+
:param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
|
841
|
+
:param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
|
842
|
+
:param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
|
923
843
|
:param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
|
924
|
-
:param pulumi.Input[int] token_period:
|
925
|
-
|
926
|
-
|
927
|
-
|
928
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: List of policies to encode onto generated tokens. Depending
|
929
|
-
on the auth method, this list may be supplemented by user/group/other values.
|
930
|
-
:param pulumi.Input[int] token_ttl: The incremental lifetime for generated tokens in number of seconds.
|
931
|
-
Its current value will be referenced at renewal time.
|
932
|
-
:param pulumi.Input[str] token_type: The type of token that should be generated. Can be `service`,
|
933
|
-
`batch`, or `default` to use the mount's tuned default (which unless changed will be
|
934
|
-
`service` tokens). For token store roles, there are two additional possibilities:
|
935
|
-
`default-service` and `default-batch` which specify the type to return unless the client
|
936
|
-
requests a different type at generation time.
|
844
|
+
:param pulumi.Input[int] token_period: Generated Token's Period
|
845
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
|
846
|
+
:param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
|
847
|
+
:param pulumi.Input[str] token_type: The type of token to generate, service or batch
|
937
848
|
"""
|
938
849
|
opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
|
939
850
|
|
@@ -960,7 +871,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
960
871
|
|
961
872
|
@property
|
962
873
|
@pulumi.getter(name="boundAttributes")
|
963
|
-
def bound_attributes(self) -> pulumi.Output[Optional[Mapping[str,
|
874
|
+
def bound_attributes(self) -> pulumi.Output[Optional[Mapping[str, str]]]:
|
964
875
|
"""
|
965
876
|
Mapping of attribute names to values that are expected to
|
966
877
|
exist in the SAML assertion.
|
@@ -1015,7 +926,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1015
926
|
"""
|
1016
927
|
The namespace to provision the resource in.
|
1017
928
|
The value should not contain leading or trailing forward slashes.
|
1018
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
929
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
1019
930
|
*Available only for Vault Enterprise*.
|
1020
931
|
"""
|
1021
932
|
return pulumi.get(self, "namespace")
|
@@ -1032,9 +943,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1032
943
|
@pulumi.getter(name="tokenBoundCidrs")
|
1033
944
|
def token_bound_cidrs(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
1034
945
|
"""
|
1035
|
-
|
1036
|
-
addresses which can authenticate successfully, and ties the resulting token to these blocks
|
1037
|
-
as well.
|
946
|
+
Specifies the blocks of IP addresses which are allowed to use the generated token
|
1038
947
|
"""
|
1039
948
|
return pulumi.get(self, "token_bound_cidrs")
|
1040
949
|
|
@@ -1042,10 +951,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1042
951
|
@pulumi.getter(name="tokenExplicitMaxTtl")
|
1043
952
|
def token_explicit_max_ttl(self) -> pulumi.Output[Optional[int]]:
|
1044
953
|
"""
|
1045
|
-
|
1046
|
-
[explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
|
1047
|
-
onto the token in number of seconds. This is a hard cap even if `token_ttl` and
|
1048
|
-
`token_max_ttl` would otherwise allow a renewal.
|
954
|
+
Generated Token's Explicit Maximum TTL in seconds
|
1049
955
|
"""
|
1050
956
|
return pulumi.get(self, "token_explicit_max_ttl")
|
1051
957
|
|
@@ -1053,8 +959,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1053
959
|
@pulumi.getter(name="tokenMaxTtl")
|
1054
960
|
def token_max_ttl(self) -> pulumi.Output[Optional[int]]:
|
1055
961
|
"""
|
1056
|
-
The maximum lifetime
|
1057
|
-
Its current value will be referenced at renewal time.
|
962
|
+
The maximum lifetime of the generated token
|
1058
963
|
"""
|
1059
964
|
return pulumi.get(self, "token_max_ttl")
|
1060
965
|
|
@@ -1062,8 +967,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1062
967
|
@pulumi.getter(name="tokenNoDefaultPolicy")
|
1063
968
|
def token_no_default_policy(self) -> pulumi.Output[Optional[bool]]:
|
1064
969
|
"""
|
1065
|
-
If
|
1066
|
-
generated tokens; otherwise it will be added to the policies set in token_policies.
|
970
|
+
If true, the 'default' policy will not automatically be added to generated tokens
|
1067
971
|
"""
|
1068
972
|
return pulumi.get(self, "token_no_default_policy")
|
1069
973
|
|
@@ -1079,10 +983,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1079
983
|
@pulumi.getter(name="tokenPeriod")
|
1080
984
|
def token_period(self) -> pulumi.Output[Optional[int]]:
|
1081
985
|
"""
|
1082
|
-
|
1083
|
-
token generated using this role should never expire. The token should be renewed within the
|
1084
|
-
duration specified by this value. At each renewal, the token's TTL will be set to the
|
1085
|
-
value of this field. Specified in seconds.
|
986
|
+
Generated Token's Period
|
1086
987
|
"""
|
1087
988
|
return pulumi.get(self, "token_period")
|
1088
989
|
|
@@ -1090,8 +991,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1090
991
|
@pulumi.getter(name="tokenPolicies")
|
1091
992
|
def token_policies(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
1092
993
|
"""
|
1093
|
-
|
1094
|
-
on the auth method, this list may be supplemented by user/group/other values.
|
994
|
+
Generated Token's Policies
|
1095
995
|
"""
|
1096
996
|
return pulumi.get(self, "token_policies")
|
1097
997
|
|
@@ -1099,8 +999,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1099
999
|
@pulumi.getter(name="tokenTtl")
|
1100
1000
|
def token_ttl(self) -> pulumi.Output[Optional[int]]:
|
1101
1001
|
"""
|
1102
|
-
The
|
1103
|
-
Its current value will be referenced at renewal time.
|
1002
|
+
The initial ttl of the token to generate in seconds
|
1104
1003
|
"""
|
1105
1004
|
return pulumi.get(self, "token_ttl")
|
1106
1005
|
|
@@ -1108,11 +1007,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1108
1007
|
@pulumi.getter(name="tokenType")
|
1109
1008
|
def token_type(self) -> pulumi.Output[Optional[str]]:
|
1110
1009
|
"""
|
1111
|
-
The type of token
|
1112
|
-
`batch`, or `default` to use the mount's tuned default (which unless changed will be
|
1113
|
-
`service` tokens). For token store roles, there are two additional possibilities:
|
1114
|
-
`default-service` and `default-batch` which specify the type to return unless the client
|
1115
|
-
requests a different type at generation time.
|
1010
|
+
The type of token to generate, service or batch
|
1116
1011
|
"""
|
1117
1012
|
return pulumi.get(self, "token_type")
|
1118
1013
|
|