pulumi-vault 5.21.0a1709368526__py3-none-any.whl → 6.5.0a1736836139__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +52 -0
- pulumi_vault/_inputs.py +560 -0
- pulumi_vault/_utilities.py +41 -5
- pulumi_vault/ad/get_access_credentials.py +26 -9
- pulumi_vault/ad/secret_backend.py +16 -142
- pulumi_vault/ad/secret_library.py +16 -9
- pulumi_vault/ad/secret_role.py +14 -9
- pulumi_vault/alicloud/auth_backend_role.py +76 -190
- pulumi_vault/approle/auth_backend_login.py +12 -7
- pulumi_vault/approle/auth_backend_role.py +77 -191
- pulumi_vault/approle/auth_backend_role_secret_id.py +106 -7
- pulumi_vault/approle/get_auth_backend_role_id.py +18 -5
- pulumi_vault/audit.py +30 -21
- pulumi_vault/audit_request_header.py +11 -2
- pulumi_vault/auth_backend.py +66 -14
- pulumi_vault/aws/auth_backend_cert.py +18 -9
- pulumi_vault/aws/auth_backend_client.py +267 -22
- pulumi_vault/aws/auth_backend_config_identity.py +14 -9
- pulumi_vault/aws/auth_backend_identity_whitelist.py +20 -15
- pulumi_vault/aws/auth_backend_login.py +19 -22
- pulumi_vault/aws/auth_backend_role.py +77 -191
- pulumi_vault/aws/auth_backend_role_tag.py +12 -7
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -13
- pulumi_vault/aws/auth_backend_sts_role.py +14 -9
- pulumi_vault/aws/get_access_credentials.py +38 -9
- pulumi_vault/aws/get_static_access_credentials.py +19 -5
- pulumi_vault/aws/secret_backend.py +77 -9
- pulumi_vault/aws/secret_backend_role.py +185 -9
- pulumi_vault/aws/secret_backend_static_role.py +20 -11
- pulumi_vault/azure/_inputs.py +24 -0
- pulumi_vault/azure/auth_backend_config.py +153 -15
- pulumi_vault/azure/auth_backend_role.py +77 -191
- pulumi_vault/azure/backend.py +227 -21
- pulumi_vault/azure/backend_role.py +42 -37
- pulumi_vault/azure/get_access_credentials.py +41 -7
- pulumi_vault/azure/outputs.py +5 -0
- pulumi_vault/cert_auth_backend_role.py +87 -267
- pulumi_vault/config/__init__.pyi +5 -0
- pulumi_vault/config/_inputs.py +73 -0
- pulumi_vault/config/outputs.py +35 -0
- pulumi_vault/config/ui_custom_message.py +529 -0
- pulumi_vault/config/vars.py +5 -0
- pulumi_vault/consul/secret_backend.py +28 -19
- pulumi_vault/consul/secret_backend_role.py +18 -78
- pulumi_vault/database/_inputs.py +2770 -881
- pulumi_vault/database/outputs.py +721 -838
- pulumi_vault/database/secret_backend_connection.py +119 -112
- pulumi_vault/database/secret_backend_role.py +31 -22
- pulumi_vault/database/secret_backend_static_role.py +87 -13
- pulumi_vault/database/secrets_mount.py +427 -136
- pulumi_vault/egp_policy.py +16 -11
- pulumi_vault/gcp/_inputs.py +111 -0
- pulumi_vault/gcp/auth_backend.py +250 -33
- pulumi_vault/gcp/auth_backend_role.py +77 -269
- pulumi_vault/gcp/get_auth_backend_role.py +43 -5
- pulumi_vault/gcp/outputs.py +5 -0
- pulumi_vault/gcp/secret_backend.py +287 -12
- pulumi_vault/gcp/secret_impersonated_account.py +76 -15
- pulumi_vault/gcp/secret_roleset.py +31 -24
- pulumi_vault/gcp/secret_static_account.py +39 -32
- pulumi_vault/generic/endpoint.py +24 -17
- pulumi_vault/generic/get_secret.py +64 -8
- pulumi_vault/generic/secret.py +21 -16
- pulumi_vault/get_auth_backend.py +24 -7
- pulumi_vault/get_auth_backends.py +51 -9
- pulumi_vault/get_namespace.py +226 -0
- pulumi_vault/get_namespaces.py +153 -0
- pulumi_vault/get_nomad_access_token.py +31 -11
- pulumi_vault/get_policy_document.py +34 -19
- pulumi_vault/get_raft_autopilot_state.py +29 -10
- pulumi_vault/github/_inputs.py +55 -0
- pulumi_vault/github/auth_backend.py +19 -14
- pulumi_vault/github/outputs.py +5 -0
- pulumi_vault/github/team.py +16 -11
- pulumi_vault/github/user.py +16 -11
- pulumi_vault/identity/entity.py +20 -13
- pulumi_vault/identity/entity_alias.py +20 -13
- pulumi_vault/identity/entity_policies.py +28 -11
- pulumi_vault/identity/get_entity.py +42 -10
- pulumi_vault/identity/get_group.py +47 -9
- pulumi_vault/identity/get_oidc_client_creds.py +21 -7
- pulumi_vault/identity/get_oidc_openid_config.py +39 -9
- pulumi_vault/identity/get_oidc_public_keys.py +29 -10
- pulumi_vault/identity/group.py +58 -39
- pulumi_vault/identity/group_alias.py +16 -9
- pulumi_vault/identity/group_member_entity_ids.py +28 -66
- pulumi_vault/identity/group_member_group_ids.py +40 -19
- pulumi_vault/identity/group_policies.py +20 -7
- pulumi_vault/identity/mfa_duo.py +11 -6
- pulumi_vault/identity/mfa_login_enforcement.py +15 -6
- pulumi_vault/identity/mfa_okta.py +11 -6
- pulumi_vault/identity/mfa_pingid.py +7 -2
- pulumi_vault/identity/mfa_totp.py +7 -2
- pulumi_vault/identity/oidc.py +12 -7
- pulumi_vault/identity/oidc_assignment.py +24 -11
- pulumi_vault/identity/oidc_client.py +36 -23
- pulumi_vault/identity/oidc_key.py +30 -17
- pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -15
- pulumi_vault/identity/oidc_provider.py +36 -21
- pulumi_vault/identity/oidc_role.py +42 -21
- pulumi_vault/identity/oidc_scope.py +20 -13
- pulumi_vault/identity/outputs.py +8 -3
- pulumi_vault/jwt/_inputs.py +55 -0
- pulumi_vault/jwt/auth_backend.py +45 -40
- pulumi_vault/jwt/auth_backend_role.py +133 -254
- pulumi_vault/jwt/outputs.py +5 -0
- pulumi_vault/kmip/secret_backend.py +24 -19
- pulumi_vault/kmip/secret_role.py +14 -9
- pulumi_vault/kmip/secret_scope.py +14 -9
- pulumi_vault/kubernetes/auth_backend_config.py +57 -5
- pulumi_vault/kubernetes/auth_backend_role.py +70 -177
- pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
- pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
- pulumi_vault/kubernetes/get_service_account_token.py +39 -11
- pulumi_vault/kubernetes/secret_backend.py +316 -27
- pulumi_vault/kubernetes/secret_backend_role.py +137 -46
- pulumi_vault/kv/_inputs.py +36 -4
- pulumi_vault/kv/get_secret.py +25 -8
- pulumi_vault/kv/get_secret_subkeys_v2.py +33 -10
- pulumi_vault/kv/get_secret_v2.py +85 -9
- pulumi_vault/kv/get_secrets_list.py +24 -11
- pulumi_vault/kv/get_secrets_list_v2.py +37 -15
- pulumi_vault/kv/outputs.py +8 -3
- pulumi_vault/kv/secret.py +23 -16
- pulumi_vault/kv/secret_backend_v2.py +20 -11
- pulumi_vault/kv/secret_v2.py +59 -50
- pulumi_vault/ldap/auth_backend.py +127 -166
- pulumi_vault/ldap/auth_backend_group.py +14 -9
- pulumi_vault/ldap/auth_backend_user.py +14 -9
- pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
- pulumi_vault/ldap/get_static_credentials.py +24 -5
- pulumi_vault/ldap/secret_backend.py +354 -82
- pulumi_vault/ldap/secret_backend_dynamic_role.py +18 -11
- pulumi_vault/ldap/secret_backend_library_set.py +16 -9
- pulumi_vault/ldap/secret_backend_static_role.py +73 -12
- pulumi_vault/managed/_inputs.py +289 -132
- pulumi_vault/managed/keys.py +29 -57
- pulumi_vault/managed/outputs.py +89 -132
- pulumi_vault/mfa_duo.py +18 -11
- pulumi_vault/mfa_okta.py +18 -11
- pulumi_vault/mfa_pingid.py +18 -11
- pulumi_vault/mfa_totp.py +24 -17
- pulumi_vault/mongodbatlas/secret_backend.py +20 -15
- pulumi_vault/mongodbatlas/secret_role.py +47 -38
- pulumi_vault/mount.py +391 -51
- pulumi_vault/namespace.py +68 -83
- pulumi_vault/nomad_secret_backend.py +18 -13
- pulumi_vault/nomad_secret_role.py +14 -9
- pulumi_vault/okta/_inputs.py +47 -8
- pulumi_vault/okta/auth_backend.py +485 -39
- pulumi_vault/okta/auth_backend_group.py +14 -9
- pulumi_vault/okta/auth_backend_user.py +14 -9
- pulumi_vault/okta/outputs.py +13 -8
- pulumi_vault/outputs.py +5 -0
- pulumi_vault/password_policy.py +20 -13
- pulumi_vault/pkisecret/__init__.py +3 -0
- pulumi_vault/pkisecret/_inputs.py +81 -0
- pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
- pulumi_vault/pkisecret/backend_config_est.py +619 -0
- pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
- pulumi_vault/pkisecret/get_backend_issuer.py +67 -9
- pulumi_vault/pkisecret/get_backend_issuers.py +21 -8
- pulumi_vault/pkisecret/get_backend_key.py +24 -9
- pulumi_vault/pkisecret/get_backend_keys.py +21 -8
- pulumi_vault/pkisecret/outputs.py +69 -0
- pulumi_vault/pkisecret/secret_backend_cert.py +18 -11
- pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -11
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +14 -9
- pulumi_vault/pkisecret/secret_backend_config_urls.py +67 -11
- pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -9
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -11
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -17
- pulumi_vault/pkisecret/secret_backend_issuer.py +14 -9
- pulumi_vault/pkisecret/secret_backend_key.py +14 -9
- pulumi_vault/pkisecret/secret_backend_role.py +21 -14
- pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -48
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -56
- pulumi_vault/pkisecret/secret_backend_sign.py +18 -54
- pulumi_vault/plugin.py +595 -0
- pulumi_vault/plugin_pinned_version.py +298 -0
- pulumi_vault/policy.py +14 -9
- pulumi_vault/provider.py +48 -53
- pulumi_vault/pulumi-plugin.json +2 -1
- pulumi_vault/quota_lease_count.py +60 -6
- pulumi_vault/quota_rate_limit.py +56 -2
- pulumi_vault/rabbitmq/_inputs.py +61 -0
- pulumi_vault/rabbitmq/outputs.py +5 -0
- pulumi_vault/rabbitmq/secret_backend.py +18 -13
- pulumi_vault/rabbitmq/secret_backend_role.py +54 -47
- pulumi_vault/raft_autopilot.py +14 -9
- pulumi_vault/raft_snapshot_agent_config.py +129 -224
- pulumi_vault/rgp_policy.py +14 -9
- pulumi_vault/saml/auth_backend.py +22 -17
- pulumi_vault/saml/auth_backend_role.py +92 -197
- pulumi_vault/secrets/__init__.py +3 -0
- pulumi_vault/secrets/_inputs.py +110 -0
- pulumi_vault/secrets/outputs.py +94 -0
- pulumi_vault/secrets/sync_association.py +56 -71
- pulumi_vault/secrets/sync_aws_destination.py +242 -27
- pulumi_vault/secrets/sync_azure_destination.py +92 -31
- pulumi_vault/secrets/sync_config.py +9 -4
- pulumi_vault/secrets/sync_gcp_destination.py +158 -25
- pulumi_vault/secrets/sync_gh_destination.py +189 -13
- pulumi_vault/secrets/sync_github_apps.py +375 -0
- pulumi_vault/secrets/sync_vercel_destination.py +74 -13
- pulumi_vault/ssh/_inputs.py +28 -28
- pulumi_vault/ssh/outputs.py +11 -28
- pulumi_vault/ssh/secret_backend_ca.py +108 -9
- pulumi_vault/ssh/secret_backend_role.py +85 -118
- pulumi_vault/terraformcloud/secret_backend.py +7 -54
- pulumi_vault/terraformcloud/secret_creds.py +14 -20
- pulumi_vault/terraformcloud/secret_role.py +16 -74
- pulumi_vault/token.py +28 -23
- pulumi_vault/tokenauth/auth_backend_role.py +78 -199
- pulumi_vault/transform/alphabet.py +16 -9
- pulumi_vault/transform/get_decode.py +45 -17
- pulumi_vault/transform/get_encode.py +45 -17
- pulumi_vault/transform/role.py +16 -9
- pulumi_vault/transform/template.py +30 -21
- pulumi_vault/transform/transformation.py +12 -7
- pulumi_vault/transit/get_decrypt.py +26 -21
- pulumi_vault/transit/get_encrypt.py +24 -19
- pulumi_vault/transit/secret_backend_key.py +27 -93
- pulumi_vault/transit/secret_cache_config.py +12 -7
- {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/METADATA +8 -7
- pulumi_vault-6.5.0a1736836139.dist-info/RECORD +256 -0
- {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/WHEEL +1 -1
- pulumi_vault-5.21.0a1709368526.dist-info/RECORD +0 -244
- {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/top_level.txt +0 -0
pulumi_vault/secrets/__init__.py
CHANGED
@@ -11,4 +11,7 @@ from .sync_azure_destination import *
|
|
11
11
|
from .sync_config import *
|
12
12
|
from .sync_gcp_destination import *
|
13
13
|
from .sync_gh_destination import *
|
14
|
+
from .sync_github_apps import *
|
14
15
|
from .sync_vercel_destination import *
|
16
|
+
from ._inputs import *
|
17
|
+
from . import outputs
|
@@ -0,0 +1,110 @@
|
|
1
|
+
# coding=utf-8
|
2
|
+
# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
|
3
|
+
# *** Do not edit by hand unless you're certain you know what you are doing! ***
|
4
|
+
|
5
|
+
import copy
|
6
|
+
import warnings
|
7
|
+
import sys
|
8
|
+
import pulumi
|
9
|
+
import pulumi.runtime
|
10
|
+
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
15
|
+
from .. import _utilities
|
16
|
+
|
17
|
+
__all__ = [
|
18
|
+
'SyncAssociationMetadataArgs',
|
19
|
+
'SyncAssociationMetadataArgsDict',
|
20
|
+
]
|
21
|
+
|
22
|
+
MYPY = False
|
23
|
+
|
24
|
+
if not MYPY:
|
25
|
+
class SyncAssociationMetadataArgsDict(TypedDict):
|
26
|
+
sub_key: NotRequired[pulumi.Input[str]]
|
27
|
+
"""
|
28
|
+
Subkey of the associated secret.
|
29
|
+
"""
|
30
|
+
sync_status: NotRequired[pulumi.Input[str]]
|
31
|
+
"""
|
32
|
+
A map of sync statuses for each subkey of the associated secret
|
33
|
+
(for ex. `{kv_624bea/aws-token/dev: "SYNCED", kv_624bea/aws-token/prod: "SYNCED"}`).
|
34
|
+
"""
|
35
|
+
updated_at: NotRequired[pulumi.Input[str]]
|
36
|
+
"""
|
37
|
+
A map of duration strings specifying when each subkey of the associated
|
38
|
+
secret was last updated.
|
39
|
+
(for ex.
|
40
|
+
`{kv_624bea/aws-token/dev: "2024-03-21T12:42:02.558533-07:00",
|
41
|
+
kv_624bea/aws-token/prod: "2024-03-21T12:42:02.558533-07:00"}`).
|
42
|
+
"""
|
43
|
+
elif False:
|
44
|
+
SyncAssociationMetadataArgsDict: TypeAlias = Mapping[str, Any]
|
45
|
+
|
46
|
+
@pulumi.input_type
|
47
|
+
class SyncAssociationMetadataArgs:
|
48
|
+
def __init__(__self__, *,
|
49
|
+
sub_key: Optional[pulumi.Input[str]] = None,
|
50
|
+
sync_status: Optional[pulumi.Input[str]] = None,
|
51
|
+
updated_at: Optional[pulumi.Input[str]] = None):
|
52
|
+
"""
|
53
|
+
:param pulumi.Input[str] sub_key: Subkey of the associated secret.
|
54
|
+
:param pulumi.Input[str] sync_status: A map of sync statuses for each subkey of the associated secret
|
55
|
+
(for ex. `{kv_624bea/aws-token/dev: "SYNCED", kv_624bea/aws-token/prod: "SYNCED"}`).
|
56
|
+
:param pulumi.Input[str] updated_at: A map of duration strings specifying when each subkey of the associated
|
57
|
+
secret was last updated.
|
58
|
+
(for ex.
|
59
|
+
`{kv_624bea/aws-token/dev: "2024-03-21T12:42:02.558533-07:00",
|
60
|
+
kv_624bea/aws-token/prod: "2024-03-21T12:42:02.558533-07:00"}`).
|
61
|
+
"""
|
62
|
+
if sub_key is not None:
|
63
|
+
pulumi.set(__self__, "sub_key", sub_key)
|
64
|
+
if sync_status is not None:
|
65
|
+
pulumi.set(__self__, "sync_status", sync_status)
|
66
|
+
if updated_at is not None:
|
67
|
+
pulumi.set(__self__, "updated_at", updated_at)
|
68
|
+
|
69
|
+
@property
|
70
|
+
@pulumi.getter(name="subKey")
|
71
|
+
def sub_key(self) -> Optional[pulumi.Input[str]]:
|
72
|
+
"""
|
73
|
+
Subkey of the associated secret.
|
74
|
+
"""
|
75
|
+
return pulumi.get(self, "sub_key")
|
76
|
+
|
77
|
+
@sub_key.setter
|
78
|
+
def sub_key(self, value: Optional[pulumi.Input[str]]):
|
79
|
+
pulumi.set(self, "sub_key", value)
|
80
|
+
|
81
|
+
@property
|
82
|
+
@pulumi.getter(name="syncStatus")
|
83
|
+
def sync_status(self) -> Optional[pulumi.Input[str]]:
|
84
|
+
"""
|
85
|
+
A map of sync statuses for each subkey of the associated secret
|
86
|
+
(for ex. `{kv_624bea/aws-token/dev: "SYNCED", kv_624bea/aws-token/prod: "SYNCED"}`).
|
87
|
+
"""
|
88
|
+
return pulumi.get(self, "sync_status")
|
89
|
+
|
90
|
+
@sync_status.setter
|
91
|
+
def sync_status(self, value: Optional[pulumi.Input[str]]):
|
92
|
+
pulumi.set(self, "sync_status", value)
|
93
|
+
|
94
|
+
@property
|
95
|
+
@pulumi.getter(name="updatedAt")
|
96
|
+
def updated_at(self) -> Optional[pulumi.Input[str]]:
|
97
|
+
"""
|
98
|
+
A map of duration strings specifying when each subkey of the associated
|
99
|
+
secret was last updated.
|
100
|
+
(for ex.
|
101
|
+
`{kv_624bea/aws-token/dev: "2024-03-21T12:42:02.558533-07:00",
|
102
|
+
kv_624bea/aws-token/prod: "2024-03-21T12:42:02.558533-07:00"}`).
|
103
|
+
"""
|
104
|
+
return pulumi.get(self, "updated_at")
|
105
|
+
|
106
|
+
@updated_at.setter
|
107
|
+
def updated_at(self, value: Optional[pulumi.Input[str]]):
|
108
|
+
pulumi.set(self, "updated_at", value)
|
109
|
+
|
110
|
+
|
@@ -0,0 +1,94 @@
|
|
1
|
+
# coding=utf-8
|
2
|
+
# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
|
3
|
+
# *** Do not edit by hand unless you're certain you know what you are doing! ***
|
4
|
+
|
5
|
+
import copy
|
6
|
+
import warnings
|
7
|
+
import sys
|
8
|
+
import pulumi
|
9
|
+
import pulumi.runtime
|
10
|
+
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
15
|
+
from .. import _utilities
|
16
|
+
|
17
|
+
__all__ = [
|
18
|
+
'SyncAssociationMetadata',
|
19
|
+
]
|
20
|
+
|
21
|
+
@pulumi.output_type
|
22
|
+
class SyncAssociationMetadata(dict):
|
23
|
+
@staticmethod
|
24
|
+
def __key_warning(key: str):
|
25
|
+
suggest = None
|
26
|
+
if key == "subKey":
|
27
|
+
suggest = "sub_key"
|
28
|
+
elif key == "syncStatus":
|
29
|
+
suggest = "sync_status"
|
30
|
+
elif key == "updatedAt":
|
31
|
+
suggest = "updated_at"
|
32
|
+
|
33
|
+
if suggest:
|
34
|
+
pulumi.log.warn(f"Key '{key}' not found in SyncAssociationMetadata. Access the value via the '{suggest}' property getter instead.")
|
35
|
+
|
36
|
+
def __getitem__(self, key: str) -> Any:
|
37
|
+
SyncAssociationMetadata.__key_warning(key)
|
38
|
+
return super().__getitem__(key)
|
39
|
+
|
40
|
+
def get(self, key: str, default = None) -> Any:
|
41
|
+
SyncAssociationMetadata.__key_warning(key)
|
42
|
+
return super().get(key, default)
|
43
|
+
|
44
|
+
def __init__(__self__, *,
|
45
|
+
sub_key: Optional[str] = None,
|
46
|
+
sync_status: Optional[str] = None,
|
47
|
+
updated_at: Optional[str] = None):
|
48
|
+
"""
|
49
|
+
:param str sub_key: Subkey of the associated secret.
|
50
|
+
:param str sync_status: A map of sync statuses for each subkey of the associated secret
|
51
|
+
(for ex. `{kv_624bea/aws-token/dev: "SYNCED", kv_624bea/aws-token/prod: "SYNCED"}`).
|
52
|
+
:param str updated_at: A map of duration strings specifying when each subkey of the associated
|
53
|
+
secret was last updated.
|
54
|
+
(for ex.
|
55
|
+
`{kv_624bea/aws-token/dev: "2024-03-21T12:42:02.558533-07:00",
|
56
|
+
kv_624bea/aws-token/prod: "2024-03-21T12:42:02.558533-07:00"}`).
|
57
|
+
"""
|
58
|
+
if sub_key is not None:
|
59
|
+
pulumi.set(__self__, "sub_key", sub_key)
|
60
|
+
if sync_status is not None:
|
61
|
+
pulumi.set(__self__, "sync_status", sync_status)
|
62
|
+
if updated_at is not None:
|
63
|
+
pulumi.set(__self__, "updated_at", updated_at)
|
64
|
+
|
65
|
+
@property
|
66
|
+
@pulumi.getter(name="subKey")
|
67
|
+
def sub_key(self) -> Optional[str]:
|
68
|
+
"""
|
69
|
+
Subkey of the associated secret.
|
70
|
+
"""
|
71
|
+
return pulumi.get(self, "sub_key")
|
72
|
+
|
73
|
+
@property
|
74
|
+
@pulumi.getter(name="syncStatus")
|
75
|
+
def sync_status(self) -> Optional[str]:
|
76
|
+
"""
|
77
|
+
A map of sync statuses for each subkey of the associated secret
|
78
|
+
(for ex. `{kv_624bea/aws-token/dev: "SYNCED", kv_624bea/aws-token/prod: "SYNCED"}`).
|
79
|
+
"""
|
80
|
+
return pulumi.get(self, "sync_status")
|
81
|
+
|
82
|
+
@property
|
83
|
+
@pulumi.getter(name="updatedAt")
|
84
|
+
def updated_at(self) -> Optional[str]:
|
85
|
+
"""
|
86
|
+
A map of duration strings specifying when each subkey of the associated
|
87
|
+
secret was last updated.
|
88
|
+
(for ex.
|
89
|
+
`{kv_624bea/aws-token/dev: "2024-03-21T12:42:02.558533-07:00",
|
90
|
+
kv_624bea/aws-token/prod: "2024-03-21T12:42:02.558533-07:00"}`).
|
91
|
+
"""
|
92
|
+
return pulumi.get(self, "updated_at")
|
93
|
+
|
94
|
+
|
@@ -4,10 +4,17 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
16
|
+
from . import outputs
|
17
|
+
from ._inputs import *
|
11
18
|
|
12
19
|
__all__ = ['SyncAssociationArgs', 'SyncAssociation']
|
13
20
|
|
@@ -27,7 +34,7 @@ class SyncAssociationArgs:
|
|
27
34
|
:param pulumi.Input[str] name: Specifies the name of the destination.
|
28
35
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
29
36
|
The value should not contain leading or trailing forward slashes.
|
30
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
37
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
31
38
|
"""
|
32
39
|
pulumi.set(__self__, "mount", mount)
|
33
40
|
pulumi.set(__self__, "secret_name", secret_name)
|
@@ -91,7 +98,7 @@ class SyncAssociationArgs:
|
|
91
98
|
"""
|
92
99
|
The namespace to provision the resource in.
|
93
100
|
The value should not contain leading or trailing forward slashes.
|
94
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
101
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
95
102
|
"""
|
96
103
|
return pulumi.get(self, "namespace")
|
97
104
|
|
@@ -103,25 +110,25 @@ class SyncAssociationArgs:
|
|
103
110
|
@pulumi.input_type
|
104
111
|
class _SyncAssociationState:
|
105
112
|
def __init__(__self__, *,
|
113
|
+
metadatas: Optional[pulumi.Input[Sequence[pulumi.Input['SyncAssociationMetadataArgs']]]] = None,
|
106
114
|
mount: Optional[pulumi.Input[str]] = None,
|
107
115
|
name: Optional[pulumi.Input[str]] = None,
|
108
116
|
namespace: Optional[pulumi.Input[str]] = None,
|
109
117
|
secret_name: Optional[pulumi.Input[str]] = None,
|
110
|
-
|
111
|
-
type: Optional[pulumi.Input[str]] = None,
|
112
|
-
updated_at: Optional[pulumi.Input[str]] = None):
|
118
|
+
type: Optional[pulumi.Input[str]] = None):
|
113
119
|
"""
|
114
120
|
Input properties used for looking up and filtering SyncAssociation resources.
|
121
|
+
:param pulumi.Input[Sequence[pulumi.Input['SyncAssociationMetadataArgs']]] metadatas: Metadata for each subkey of the associated secret.
|
115
122
|
:param pulumi.Input[str] mount: Specifies the mount where the secret is located.
|
116
123
|
:param pulumi.Input[str] name: Specifies the name of the destination.
|
117
124
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
118
125
|
The value should not contain leading or trailing forward slashes.
|
119
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
126
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
120
127
|
:param pulumi.Input[str] secret_name: Specifies the name of the secret to synchronize.
|
121
|
-
:param pulumi.Input[str] sync_status: Specifies the status of the association (for eg. `SYNCED`).
|
122
128
|
:param pulumi.Input[str] type: Specifies the destination type.
|
123
|
-
:param pulumi.Input[str] updated_at: Duration string specifying when the secret was last updated.
|
124
129
|
"""
|
130
|
+
if metadatas is not None:
|
131
|
+
pulumi.set(__self__, "metadatas", metadatas)
|
125
132
|
if mount is not None:
|
126
133
|
pulumi.set(__self__, "mount", mount)
|
127
134
|
if name is not None:
|
@@ -130,12 +137,20 @@ class _SyncAssociationState:
|
|
130
137
|
pulumi.set(__self__, "namespace", namespace)
|
131
138
|
if secret_name is not None:
|
132
139
|
pulumi.set(__self__, "secret_name", secret_name)
|
133
|
-
if sync_status is not None:
|
134
|
-
pulumi.set(__self__, "sync_status", sync_status)
|
135
140
|
if type is not None:
|
136
141
|
pulumi.set(__self__, "type", type)
|
137
|
-
|
138
|
-
|
142
|
+
|
143
|
+
@property
|
144
|
+
@pulumi.getter
|
145
|
+
def metadatas(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['SyncAssociationMetadataArgs']]]]:
|
146
|
+
"""
|
147
|
+
Metadata for each subkey of the associated secret.
|
148
|
+
"""
|
149
|
+
return pulumi.get(self, "metadatas")
|
150
|
+
|
151
|
+
@metadatas.setter
|
152
|
+
def metadatas(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['SyncAssociationMetadataArgs']]]]):
|
153
|
+
pulumi.set(self, "metadatas", value)
|
139
154
|
|
140
155
|
@property
|
141
156
|
@pulumi.getter
|
@@ -167,7 +182,7 @@ class _SyncAssociationState:
|
|
167
182
|
"""
|
168
183
|
The namespace to provision the resource in.
|
169
184
|
The value should not contain leading or trailing forward slashes.
|
170
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
185
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
171
186
|
"""
|
172
187
|
return pulumi.get(self, "namespace")
|
173
188
|
|
@@ -187,18 +202,6 @@ class _SyncAssociationState:
|
|
187
202
|
def secret_name(self, value: Optional[pulumi.Input[str]]):
|
188
203
|
pulumi.set(self, "secret_name", value)
|
189
204
|
|
190
|
-
@property
|
191
|
-
@pulumi.getter(name="syncStatus")
|
192
|
-
def sync_status(self) -> Optional[pulumi.Input[str]]:
|
193
|
-
"""
|
194
|
-
Specifies the status of the association (for eg. `SYNCED`).
|
195
|
-
"""
|
196
|
-
return pulumi.get(self, "sync_status")
|
197
|
-
|
198
|
-
@sync_status.setter
|
199
|
-
def sync_status(self, value: Optional[pulumi.Input[str]]):
|
200
|
-
pulumi.set(self, "sync_status", value)
|
201
|
-
|
202
205
|
@property
|
203
206
|
@pulumi.getter
|
204
207
|
def type(self) -> Optional[pulumi.Input[str]]:
|
@@ -211,18 +214,6 @@ class _SyncAssociationState:
|
|
211
214
|
def type(self, value: Optional[pulumi.Input[str]]):
|
212
215
|
pulumi.set(self, "type", value)
|
213
216
|
|
214
|
-
@property
|
215
|
-
@pulumi.getter(name="updatedAt")
|
216
|
-
def updated_at(self) -> Optional[pulumi.Input[str]]:
|
217
|
-
"""
|
218
|
-
Duration string specifying when the secret was last updated.
|
219
|
-
"""
|
220
|
-
return pulumi.get(self, "updated_at")
|
221
|
-
|
222
|
-
@updated_at.setter
|
223
|
-
def updated_at(self, value: Optional[pulumi.Input[str]]):
|
224
|
-
pulumi.set(self, "updated_at", value)
|
225
|
-
|
226
217
|
|
227
218
|
class SyncAssociation(pulumi.CustomResource):
|
228
219
|
@overload
|
@@ -252,16 +243,19 @@ class SyncAssociation(pulumi.CustomResource):
|
|
252
243
|
description="KV Version 2 secret engine mount")
|
253
244
|
token = vault.kv.SecretV2("token",
|
254
245
|
mount=kvv2.path,
|
246
|
+
name="token",
|
255
247
|
data_json=json.dumps({
|
256
248
|
"dev": "B!gS3cr3t",
|
257
249
|
"prod": "S3cureP4$$",
|
258
250
|
}))
|
259
251
|
gh = vault.secrets.SyncGhDestination("gh",
|
260
|
-
|
261
|
-
|
252
|
+
name="gh-dest",
|
253
|
+
access_token=access_token,
|
254
|
+
repository_owner=repo_owner,
|
262
255
|
repository_name="repo-name-example",
|
263
256
|
secret_name_template="vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}")
|
264
|
-
gh_token = vault.secrets.SyncAssociation("
|
257
|
+
gh_token = vault.secrets.SyncAssociation("gh_token",
|
258
|
+
name=gh.name,
|
265
259
|
type=gh.type,
|
266
260
|
mount=kvv2.path,
|
267
261
|
secret_name=token.name)
|
@@ -273,7 +267,7 @@ class SyncAssociation(pulumi.CustomResource):
|
|
273
267
|
:param pulumi.Input[str] name: Specifies the name of the destination.
|
274
268
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
275
269
|
The value should not contain leading or trailing forward slashes.
|
276
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
270
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
277
271
|
:param pulumi.Input[str] secret_name: Specifies the name of the secret to synchronize.
|
278
272
|
:param pulumi.Input[str] type: Specifies the destination type.
|
279
273
|
"""
|
@@ -300,16 +294,19 @@ class SyncAssociation(pulumi.CustomResource):
|
|
300
294
|
description="KV Version 2 secret engine mount")
|
301
295
|
token = vault.kv.SecretV2("token",
|
302
296
|
mount=kvv2.path,
|
297
|
+
name="token",
|
303
298
|
data_json=json.dumps({
|
304
299
|
"dev": "B!gS3cr3t",
|
305
300
|
"prod": "S3cureP4$$",
|
306
301
|
}))
|
307
302
|
gh = vault.secrets.SyncGhDestination("gh",
|
308
|
-
|
309
|
-
|
303
|
+
name="gh-dest",
|
304
|
+
access_token=access_token,
|
305
|
+
repository_owner=repo_owner,
|
310
306
|
repository_name="repo-name-example",
|
311
307
|
secret_name_template="vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}")
|
312
|
-
gh_token = vault.secrets.SyncAssociation("
|
308
|
+
gh_token = vault.secrets.SyncAssociation("gh_token",
|
309
|
+
name=gh.name,
|
313
310
|
type=gh.type,
|
314
311
|
mount=kvv2.path,
|
315
312
|
secret_name=token.name)
|
@@ -355,8 +352,7 @@ class SyncAssociation(pulumi.CustomResource):
|
|
355
352
|
if type is None and not opts.urn:
|
356
353
|
raise TypeError("Missing required property 'type'")
|
357
354
|
__props__.__dict__["type"] = type
|
358
|
-
__props__.__dict__["
|
359
|
-
__props__.__dict__["updated_at"] = None
|
355
|
+
__props__.__dict__["metadatas"] = None
|
360
356
|
super(SyncAssociation, __self__).__init__(
|
361
357
|
'vault:secrets/syncAssociation:SyncAssociation',
|
362
358
|
resource_name,
|
@@ -367,13 +363,12 @@ class SyncAssociation(pulumi.CustomResource):
|
|
367
363
|
def get(resource_name: str,
|
368
364
|
id: pulumi.Input[str],
|
369
365
|
opts: Optional[pulumi.ResourceOptions] = None,
|
366
|
+
metadatas: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SyncAssociationMetadataArgs', 'SyncAssociationMetadataArgsDict']]]]] = None,
|
370
367
|
mount: Optional[pulumi.Input[str]] = None,
|
371
368
|
name: Optional[pulumi.Input[str]] = None,
|
372
369
|
namespace: Optional[pulumi.Input[str]] = None,
|
373
370
|
secret_name: Optional[pulumi.Input[str]] = None,
|
374
|
-
|
375
|
-
type: Optional[pulumi.Input[str]] = None,
|
376
|
-
updated_at: Optional[pulumi.Input[str]] = None) -> 'SyncAssociation':
|
371
|
+
type: Optional[pulumi.Input[str]] = None) -> 'SyncAssociation':
|
377
372
|
"""
|
378
373
|
Get an existing SyncAssociation resource's state with the given name, id, and optional extra
|
379
374
|
properties used to qualify the lookup.
|
@@ -381,29 +376,35 @@ class SyncAssociation(pulumi.CustomResource):
|
|
381
376
|
:param str resource_name: The unique name of the resulting resource.
|
382
377
|
:param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
|
383
378
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
379
|
+
:param pulumi.Input[Sequence[pulumi.Input[Union['SyncAssociationMetadataArgs', 'SyncAssociationMetadataArgsDict']]]] metadatas: Metadata for each subkey of the associated secret.
|
384
380
|
:param pulumi.Input[str] mount: Specifies the mount where the secret is located.
|
385
381
|
:param pulumi.Input[str] name: Specifies the name of the destination.
|
386
382
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
387
383
|
The value should not contain leading or trailing forward slashes.
|
388
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
384
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
389
385
|
:param pulumi.Input[str] secret_name: Specifies the name of the secret to synchronize.
|
390
|
-
:param pulumi.Input[str] sync_status: Specifies the status of the association (for eg. `SYNCED`).
|
391
386
|
:param pulumi.Input[str] type: Specifies the destination type.
|
392
|
-
:param pulumi.Input[str] updated_at: Duration string specifying when the secret was last updated.
|
393
387
|
"""
|
394
388
|
opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
|
395
389
|
|
396
390
|
__props__ = _SyncAssociationState.__new__(_SyncAssociationState)
|
397
391
|
|
392
|
+
__props__.__dict__["metadatas"] = metadatas
|
398
393
|
__props__.__dict__["mount"] = mount
|
399
394
|
__props__.__dict__["name"] = name
|
400
395
|
__props__.__dict__["namespace"] = namespace
|
401
396
|
__props__.__dict__["secret_name"] = secret_name
|
402
|
-
__props__.__dict__["sync_status"] = sync_status
|
403
397
|
__props__.__dict__["type"] = type
|
404
|
-
__props__.__dict__["updated_at"] = updated_at
|
405
398
|
return SyncAssociation(resource_name, opts=opts, __props__=__props__)
|
406
399
|
|
400
|
+
@property
|
401
|
+
@pulumi.getter
|
402
|
+
def metadatas(self) -> pulumi.Output[Sequence['outputs.SyncAssociationMetadata']]:
|
403
|
+
"""
|
404
|
+
Metadata for each subkey of the associated secret.
|
405
|
+
"""
|
406
|
+
return pulumi.get(self, "metadatas")
|
407
|
+
|
407
408
|
@property
|
408
409
|
@pulumi.getter
|
409
410
|
def mount(self) -> pulumi.Output[str]:
|
@@ -426,7 +427,7 @@ class SyncAssociation(pulumi.CustomResource):
|
|
426
427
|
"""
|
427
428
|
The namespace to provision the resource in.
|
428
429
|
The value should not contain leading or trailing forward slashes.
|
429
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
430
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
430
431
|
"""
|
431
432
|
return pulumi.get(self, "namespace")
|
432
433
|
|
@@ -438,14 +439,6 @@ class SyncAssociation(pulumi.CustomResource):
|
|
438
439
|
"""
|
439
440
|
return pulumi.get(self, "secret_name")
|
440
441
|
|
441
|
-
@property
|
442
|
-
@pulumi.getter(name="syncStatus")
|
443
|
-
def sync_status(self) -> pulumi.Output[str]:
|
444
|
-
"""
|
445
|
-
Specifies the status of the association (for eg. `SYNCED`).
|
446
|
-
"""
|
447
|
-
return pulumi.get(self, "sync_status")
|
448
|
-
|
449
442
|
@property
|
450
443
|
@pulumi.getter
|
451
444
|
def type(self) -> pulumi.Output[str]:
|
@@ -454,11 +447,3 @@ class SyncAssociation(pulumi.CustomResource):
|
|
454
447
|
"""
|
455
448
|
return pulumi.get(self, "type")
|
456
449
|
|
457
|
-
@property
|
458
|
-
@pulumi.getter(name="updatedAt")
|
459
|
-
def updated_at(self) -> pulumi.Output[str]:
|
460
|
-
"""
|
461
|
-
Duration string specifying when the secret was last updated.
|
462
|
-
"""
|
463
|
-
return pulumi.get(self, "updated_at")
|
464
|
-
|