pulumi-vault 5.21.0a1709368526__py3-none-any.whl → 6.5.0a1736836139__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +52 -0
- pulumi_vault/_inputs.py +560 -0
- pulumi_vault/_utilities.py +41 -5
- pulumi_vault/ad/get_access_credentials.py +26 -9
- pulumi_vault/ad/secret_backend.py +16 -142
- pulumi_vault/ad/secret_library.py +16 -9
- pulumi_vault/ad/secret_role.py +14 -9
- pulumi_vault/alicloud/auth_backend_role.py +76 -190
- pulumi_vault/approle/auth_backend_login.py +12 -7
- pulumi_vault/approle/auth_backend_role.py +77 -191
- pulumi_vault/approle/auth_backend_role_secret_id.py +106 -7
- pulumi_vault/approle/get_auth_backend_role_id.py +18 -5
- pulumi_vault/audit.py +30 -21
- pulumi_vault/audit_request_header.py +11 -2
- pulumi_vault/auth_backend.py +66 -14
- pulumi_vault/aws/auth_backend_cert.py +18 -9
- pulumi_vault/aws/auth_backend_client.py +267 -22
- pulumi_vault/aws/auth_backend_config_identity.py +14 -9
- pulumi_vault/aws/auth_backend_identity_whitelist.py +20 -15
- pulumi_vault/aws/auth_backend_login.py +19 -22
- pulumi_vault/aws/auth_backend_role.py +77 -191
- pulumi_vault/aws/auth_backend_role_tag.py +12 -7
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -13
- pulumi_vault/aws/auth_backend_sts_role.py +14 -9
- pulumi_vault/aws/get_access_credentials.py +38 -9
- pulumi_vault/aws/get_static_access_credentials.py +19 -5
- pulumi_vault/aws/secret_backend.py +77 -9
- pulumi_vault/aws/secret_backend_role.py +185 -9
- pulumi_vault/aws/secret_backend_static_role.py +20 -11
- pulumi_vault/azure/_inputs.py +24 -0
- pulumi_vault/azure/auth_backend_config.py +153 -15
- pulumi_vault/azure/auth_backend_role.py +77 -191
- pulumi_vault/azure/backend.py +227 -21
- pulumi_vault/azure/backend_role.py +42 -37
- pulumi_vault/azure/get_access_credentials.py +41 -7
- pulumi_vault/azure/outputs.py +5 -0
- pulumi_vault/cert_auth_backend_role.py +87 -267
- pulumi_vault/config/__init__.pyi +5 -0
- pulumi_vault/config/_inputs.py +73 -0
- pulumi_vault/config/outputs.py +35 -0
- pulumi_vault/config/ui_custom_message.py +529 -0
- pulumi_vault/config/vars.py +5 -0
- pulumi_vault/consul/secret_backend.py +28 -19
- pulumi_vault/consul/secret_backend_role.py +18 -78
- pulumi_vault/database/_inputs.py +2770 -881
- pulumi_vault/database/outputs.py +721 -838
- pulumi_vault/database/secret_backend_connection.py +119 -112
- pulumi_vault/database/secret_backend_role.py +31 -22
- pulumi_vault/database/secret_backend_static_role.py +87 -13
- pulumi_vault/database/secrets_mount.py +427 -136
- pulumi_vault/egp_policy.py +16 -11
- pulumi_vault/gcp/_inputs.py +111 -0
- pulumi_vault/gcp/auth_backend.py +250 -33
- pulumi_vault/gcp/auth_backend_role.py +77 -269
- pulumi_vault/gcp/get_auth_backend_role.py +43 -5
- pulumi_vault/gcp/outputs.py +5 -0
- pulumi_vault/gcp/secret_backend.py +287 -12
- pulumi_vault/gcp/secret_impersonated_account.py +76 -15
- pulumi_vault/gcp/secret_roleset.py +31 -24
- pulumi_vault/gcp/secret_static_account.py +39 -32
- pulumi_vault/generic/endpoint.py +24 -17
- pulumi_vault/generic/get_secret.py +64 -8
- pulumi_vault/generic/secret.py +21 -16
- pulumi_vault/get_auth_backend.py +24 -7
- pulumi_vault/get_auth_backends.py +51 -9
- pulumi_vault/get_namespace.py +226 -0
- pulumi_vault/get_namespaces.py +153 -0
- pulumi_vault/get_nomad_access_token.py +31 -11
- pulumi_vault/get_policy_document.py +34 -19
- pulumi_vault/get_raft_autopilot_state.py +29 -10
- pulumi_vault/github/_inputs.py +55 -0
- pulumi_vault/github/auth_backend.py +19 -14
- pulumi_vault/github/outputs.py +5 -0
- pulumi_vault/github/team.py +16 -11
- pulumi_vault/github/user.py +16 -11
- pulumi_vault/identity/entity.py +20 -13
- pulumi_vault/identity/entity_alias.py +20 -13
- pulumi_vault/identity/entity_policies.py +28 -11
- pulumi_vault/identity/get_entity.py +42 -10
- pulumi_vault/identity/get_group.py +47 -9
- pulumi_vault/identity/get_oidc_client_creds.py +21 -7
- pulumi_vault/identity/get_oidc_openid_config.py +39 -9
- pulumi_vault/identity/get_oidc_public_keys.py +29 -10
- pulumi_vault/identity/group.py +58 -39
- pulumi_vault/identity/group_alias.py +16 -9
- pulumi_vault/identity/group_member_entity_ids.py +28 -66
- pulumi_vault/identity/group_member_group_ids.py +40 -19
- pulumi_vault/identity/group_policies.py +20 -7
- pulumi_vault/identity/mfa_duo.py +11 -6
- pulumi_vault/identity/mfa_login_enforcement.py +15 -6
- pulumi_vault/identity/mfa_okta.py +11 -6
- pulumi_vault/identity/mfa_pingid.py +7 -2
- pulumi_vault/identity/mfa_totp.py +7 -2
- pulumi_vault/identity/oidc.py +12 -7
- pulumi_vault/identity/oidc_assignment.py +24 -11
- pulumi_vault/identity/oidc_client.py +36 -23
- pulumi_vault/identity/oidc_key.py +30 -17
- pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -15
- pulumi_vault/identity/oidc_provider.py +36 -21
- pulumi_vault/identity/oidc_role.py +42 -21
- pulumi_vault/identity/oidc_scope.py +20 -13
- pulumi_vault/identity/outputs.py +8 -3
- pulumi_vault/jwt/_inputs.py +55 -0
- pulumi_vault/jwt/auth_backend.py +45 -40
- pulumi_vault/jwt/auth_backend_role.py +133 -254
- pulumi_vault/jwt/outputs.py +5 -0
- pulumi_vault/kmip/secret_backend.py +24 -19
- pulumi_vault/kmip/secret_role.py +14 -9
- pulumi_vault/kmip/secret_scope.py +14 -9
- pulumi_vault/kubernetes/auth_backend_config.py +57 -5
- pulumi_vault/kubernetes/auth_backend_role.py +70 -177
- pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
- pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
- pulumi_vault/kubernetes/get_service_account_token.py +39 -11
- pulumi_vault/kubernetes/secret_backend.py +316 -27
- pulumi_vault/kubernetes/secret_backend_role.py +137 -46
- pulumi_vault/kv/_inputs.py +36 -4
- pulumi_vault/kv/get_secret.py +25 -8
- pulumi_vault/kv/get_secret_subkeys_v2.py +33 -10
- pulumi_vault/kv/get_secret_v2.py +85 -9
- pulumi_vault/kv/get_secrets_list.py +24 -11
- pulumi_vault/kv/get_secrets_list_v2.py +37 -15
- pulumi_vault/kv/outputs.py +8 -3
- pulumi_vault/kv/secret.py +23 -16
- pulumi_vault/kv/secret_backend_v2.py +20 -11
- pulumi_vault/kv/secret_v2.py +59 -50
- pulumi_vault/ldap/auth_backend.py +127 -166
- pulumi_vault/ldap/auth_backend_group.py +14 -9
- pulumi_vault/ldap/auth_backend_user.py +14 -9
- pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
- pulumi_vault/ldap/get_static_credentials.py +24 -5
- pulumi_vault/ldap/secret_backend.py +354 -82
- pulumi_vault/ldap/secret_backend_dynamic_role.py +18 -11
- pulumi_vault/ldap/secret_backend_library_set.py +16 -9
- pulumi_vault/ldap/secret_backend_static_role.py +73 -12
- pulumi_vault/managed/_inputs.py +289 -132
- pulumi_vault/managed/keys.py +29 -57
- pulumi_vault/managed/outputs.py +89 -132
- pulumi_vault/mfa_duo.py +18 -11
- pulumi_vault/mfa_okta.py +18 -11
- pulumi_vault/mfa_pingid.py +18 -11
- pulumi_vault/mfa_totp.py +24 -17
- pulumi_vault/mongodbatlas/secret_backend.py +20 -15
- pulumi_vault/mongodbatlas/secret_role.py +47 -38
- pulumi_vault/mount.py +391 -51
- pulumi_vault/namespace.py +68 -83
- pulumi_vault/nomad_secret_backend.py +18 -13
- pulumi_vault/nomad_secret_role.py +14 -9
- pulumi_vault/okta/_inputs.py +47 -8
- pulumi_vault/okta/auth_backend.py +485 -39
- pulumi_vault/okta/auth_backend_group.py +14 -9
- pulumi_vault/okta/auth_backend_user.py +14 -9
- pulumi_vault/okta/outputs.py +13 -8
- pulumi_vault/outputs.py +5 -0
- pulumi_vault/password_policy.py +20 -13
- pulumi_vault/pkisecret/__init__.py +3 -0
- pulumi_vault/pkisecret/_inputs.py +81 -0
- pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
- pulumi_vault/pkisecret/backend_config_est.py +619 -0
- pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
- pulumi_vault/pkisecret/get_backend_issuer.py +67 -9
- pulumi_vault/pkisecret/get_backend_issuers.py +21 -8
- pulumi_vault/pkisecret/get_backend_key.py +24 -9
- pulumi_vault/pkisecret/get_backend_keys.py +21 -8
- pulumi_vault/pkisecret/outputs.py +69 -0
- pulumi_vault/pkisecret/secret_backend_cert.py +18 -11
- pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -11
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +14 -9
- pulumi_vault/pkisecret/secret_backend_config_urls.py +67 -11
- pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -9
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -11
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -17
- pulumi_vault/pkisecret/secret_backend_issuer.py +14 -9
- pulumi_vault/pkisecret/secret_backend_key.py +14 -9
- pulumi_vault/pkisecret/secret_backend_role.py +21 -14
- pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -48
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -56
- pulumi_vault/pkisecret/secret_backend_sign.py +18 -54
- pulumi_vault/plugin.py +595 -0
- pulumi_vault/plugin_pinned_version.py +298 -0
- pulumi_vault/policy.py +14 -9
- pulumi_vault/provider.py +48 -53
- pulumi_vault/pulumi-plugin.json +2 -1
- pulumi_vault/quota_lease_count.py +60 -6
- pulumi_vault/quota_rate_limit.py +56 -2
- pulumi_vault/rabbitmq/_inputs.py +61 -0
- pulumi_vault/rabbitmq/outputs.py +5 -0
- pulumi_vault/rabbitmq/secret_backend.py +18 -13
- pulumi_vault/rabbitmq/secret_backend_role.py +54 -47
- pulumi_vault/raft_autopilot.py +14 -9
- pulumi_vault/raft_snapshot_agent_config.py +129 -224
- pulumi_vault/rgp_policy.py +14 -9
- pulumi_vault/saml/auth_backend.py +22 -17
- pulumi_vault/saml/auth_backend_role.py +92 -197
- pulumi_vault/secrets/__init__.py +3 -0
- pulumi_vault/secrets/_inputs.py +110 -0
- pulumi_vault/secrets/outputs.py +94 -0
- pulumi_vault/secrets/sync_association.py +56 -71
- pulumi_vault/secrets/sync_aws_destination.py +242 -27
- pulumi_vault/secrets/sync_azure_destination.py +92 -31
- pulumi_vault/secrets/sync_config.py +9 -4
- pulumi_vault/secrets/sync_gcp_destination.py +158 -25
- pulumi_vault/secrets/sync_gh_destination.py +189 -13
- pulumi_vault/secrets/sync_github_apps.py +375 -0
- pulumi_vault/secrets/sync_vercel_destination.py +74 -13
- pulumi_vault/ssh/_inputs.py +28 -28
- pulumi_vault/ssh/outputs.py +11 -28
- pulumi_vault/ssh/secret_backend_ca.py +108 -9
- pulumi_vault/ssh/secret_backend_role.py +85 -118
- pulumi_vault/terraformcloud/secret_backend.py +7 -54
- pulumi_vault/terraformcloud/secret_creds.py +14 -20
- pulumi_vault/terraformcloud/secret_role.py +16 -74
- pulumi_vault/token.py +28 -23
- pulumi_vault/tokenauth/auth_backend_role.py +78 -199
- pulumi_vault/transform/alphabet.py +16 -9
- pulumi_vault/transform/get_decode.py +45 -17
- pulumi_vault/transform/get_encode.py +45 -17
- pulumi_vault/transform/role.py +16 -9
- pulumi_vault/transform/template.py +30 -21
- pulumi_vault/transform/transformation.py +12 -7
- pulumi_vault/transit/get_decrypt.py +26 -21
- pulumi_vault/transit/get_encrypt.py +24 -19
- pulumi_vault/transit/secret_backend_key.py +27 -93
- pulumi_vault/transit/secret_cache_config.py +12 -7
- {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/METADATA +8 -7
- pulumi_vault-6.5.0a1736836139.dist-info/RECORD +256 -0
- {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/WHEEL +1 -1
- pulumi_vault-5.21.0a1709368526.dist-info/RECORD +0 -244
- {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/top_level.txt +0 -0
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
|
12
17
|
__all__ = ['SyncAzureDestinationArgs', 'SyncAzureDestination']
|
@@ -17,7 +22,8 @@ class SyncAzureDestinationArgs:
|
|
17
22
|
client_id: Optional[pulumi.Input[str]] = None,
|
18
23
|
client_secret: Optional[pulumi.Input[str]] = None,
|
19
24
|
cloud: Optional[pulumi.Input[str]] = None,
|
20
|
-
custom_tags: Optional[pulumi.Input[Mapping[str,
|
25
|
+
custom_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
26
|
+
granularity: Optional[pulumi.Input[str]] = None,
|
21
27
|
key_vault_uri: Optional[pulumi.Input[str]] = None,
|
22
28
|
name: Optional[pulumi.Input[str]] = None,
|
23
29
|
namespace: Optional[pulumi.Input[str]] = None,
|
@@ -32,14 +38,16 @@ class SyncAzureDestinationArgs:
|
|
32
38
|
Can be omitted and directly provided to Vault using the `AZURE_CLIENT_SECRET` environment
|
33
39
|
variable.
|
34
40
|
:param pulumi.Input[str] cloud: Specifies a cloud for the client. The default is Azure Public Cloud.
|
35
|
-
:param pulumi.Input[Mapping[str,
|
41
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] custom_tags: Custom tags to set on the secret managed at the destination.
|
42
|
+
:param pulumi.Input[str] granularity: Determines what level of information is synced as a distinct resource
|
43
|
+
at the destination. Supports `secret-path` and `secret-key`.
|
36
44
|
:param pulumi.Input[str] key_vault_uri: URI of an existing Azure Key Vault instance.
|
37
45
|
Can be omitted and directly provided to Vault using the `KEY_VAULT_URI` environment
|
38
46
|
variable.
|
39
47
|
:param pulumi.Input[str] name: Unique name of the Azure destination.
|
40
48
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
41
49
|
The value should not contain leading or trailing forward slashes.
|
42
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
50
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
43
51
|
:param pulumi.Input[str] secret_name_template: Template describing how to generate external secret names.
|
44
52
|
Supports a subset of the Go Template syntax.
|
45
53
|
:param pulumi.Input[str] tenant_id: ID of the target Azure tenant.
|
@@ -54,6 +62,8 @@ class SyncAzureDestinationArgs:
|
|
54
62
|
pulumi.set(__self__, "cloud", cloud)
|
55
63
|
if custom_tags is not None:
|
56
64
|
pulumi.set(__self__, "custom_tags", custom_tags)
|
65
|
+
if granularity is not None:
|
66
|
+
pulumi.set(__self__, "granularity", granularity)
|
57
67
|
if key_vault_uri is not None:
|
58
68
|
pulumi.set(__self__, "key_vault_uri", key_vault_uri)
|
59
69
|
if name is not None:
|
@@ -107,16 +117,29 @@ class SyncAzureDestinationArgs:
|
|
107
117
|
|
108
118
|
@property
|
109
119
|
@pulumi.getter(name="customTags")
|
110
|
-
def custom_tags(self) -> Optional[pulumi.Input[Mapping[str,
|
120
|
+
def custom_tags(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
|
111
121
|
"""
|
112
122
|
Custom tags to set on the secret managed at the destination.
|
113
123
|
"""
|
114
124
|
return pulumi.get(self, "custom_tags")
|
115
125
|
|
116
126
|
@custom_tags.setter
|
117
|
-
def custom_tags(self, value: Optional[pulumi.Input[Mapping[str,
|
127
|
+
def custom_tags(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
|
118
128
|
pulumi.set(self, "custom_tags", value)
|
119
129
|
|
130
|
+
@property
|
131
|
+
@pulumi.getter
|
132
|
+
def granularity(self) -> Optional[pulumi.Input[str]]:
|
133
|
+
"""
|
134
|
+
Determines what level of information is synced as a distinct resource
|
135
|
+
at the destination. Supports `secret-path` and `secret-key`.
|
136
|
+
"""
|
137
|
+
return pulumi.get(self, "granularity")
|
138
|
+
|
139
|
+
@granularity.setter
|
140
|
+
def granularity(self, value: Optional[pulumi.Input[str]]):
|
141
|
+
pulumi.set(self, "granularity", value)
|
142
|
+
|
120
143
|
@property
|
121
144
|
@pulumi.getter(name="keyVaultUri")
|
122
145
|
def key_vault_uri(self) -> Optional[pulumi.Input[str]]:
|
@@ -149,7 +172,7 @@ class SyncAzureDestinationArgs:
|
|
149
172
|
"""
|
150
173
|
The namespace to provision the resource in.
|
151
174
|
The value should not contain leading or trailing forward slashes.
|
152
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
175
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
153
176
|
"""
|
154
177
|
return pulumi.get(self, "namespace")
|
155
178
|
|
@@ -191,7 +214,8 @@ class _SyncAzureDestinationState:
|
|
191
214
|
client_id: Optional[pulumi.Input[str]] = None,
|
192
215
|
client_secret: Optional[pulumi.Input[str]] = None,
|
193
216
|
cloud: Optional[pulumi.Input[str]] = None,
|
194
|
-
custom_tags: Optional[pulumi.Input[Mapping[str,
|
217
|
+
custom_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
218
|
+
granularity: Optional[pulumi.Input[str]] = None,
|
195
219
|
key_vault_uri: Optional[pulumi.Input[str]] = None,
|
196
220
|
name: Optional[pulumi.Input[str]] = None,
|
197
221
|
namespace: Optional[pulumi.Input[str]] = None,
|
@@ -207,14 +231,16 @@ class _SyncAzureDestinationState:
|
|
207
231
|
Can be omitted and directly provided to Vault using the `AZURE_CLIENT_SECRET` environment
|
208
232
|
variable.
|
209
233
|
:param pulumi.Input[str] cloud: Specifies a cloud for the client. The default is Azure Public Cloud.
|
210
|
-
:param pulumi.Input[Mapping[str,
|
234
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] custom_tags: Custom tags to set on the secret managed at the destination.
|
235
|
+
:param pulumi.Input[str] granularity: Determines what level of information is synced as a distinct resource
|
236
|
+
at the destination. Supports `secret-path` and `secret-key`.
|
211
237
|
:param pulumi.Input[str] key_vault_uri: URI of an existing Azure Key Vault instance.
|
212
238
|
Can be omitted and directly provided to Vault using the `KEY_VAULT_URI` environment
|
213
239
|
variable.
|
214
240
|
:param pulumi.Input[str] name: Unique name of the Azure destination.
|
215
241
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
216
242
|
The value should not contain leading or trailing forward slashes.
|
217
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
243
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
218
244
|
:param pulumi.Input[str] secret_name_template: Template describing how to generate external secret names.
|
219
245
|
Supports a subset of the Go Template syntax.
|
220
246
|
:param pulumi.Input[str] tenant_id: ID of the target Azure tenant.
|
@@ -230,6 +256,8 @@ class _SyncAzureDestinationState:
|
|
230
256
|
pulumi.set(__self__, "cloud", cloud)
|
231
257
|
if custom_tags is not None:
|
232
258
|
pulumi.set(__self__, "custom_tags", custom_tags)
|
259
|
+
if granularity is not None:
|
260
|
+
pulumi.set(__self__, "granularity", granularity)
|
233
261
|
if key_vault_uri is not None:
|
234
262
|
pulumi.set(__self__, "key_vault_uri", key_vault_uri)
|
235
263
|
if name is not None:
|
@@ -285,16 +313,29 @@ class _SyncAzureDestinationState:
|
|
285
313
|
|
286
314
|
@property
|
287
315
|
@pulumi.getter(name="customTags")
|
288
|
-
def custom_tags(self) -> Optional[pulumi.Input[Mapping[str,
|
316
|
+
def custom_tags(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
|
289
317
|
"""
|
290
318
|
Custom tags to set on the secret managed at the destination.
|
291
319
|
"""
|
292
320
|
return pulumi.get(self, "custom_tags")
|
293
321
|
|
294
322
|
@custom_tags.setter
|
295
|
-
def custom_tags(self, value: Optional[pulumi.Input[Mapping[str,
|
323
|
+
def custom_tags(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
|
296
324
|
pulumi.set(self, "custom_tags", value)
|
297
325
|
|
326
|
+
@property
|
327
|
+
@pulumi.getter
|
328
|
+
def granularity(self) -> Optional[pulumi.Input[str]]:
|
329
|
+
"""
|
330
|
+
Determines what level of information is synced as a distinct resource
|
331
|
+
at the destination. Supports `secret-path` and `secret-key`.
|
332
|
+
"""
|
333
|
+
return pulumi.get(self, "granularity")
|
334
|
+
|
335
|
+
@granularity.setter
|
336
|
+
def granularity(self, value: Optional[pulumi.Input[str]]):
|
337
|
+
pulumi.set(self, "granularity", value)
|
338
|
+
|
298
339
|
@property
|
299
340
|
@pulumi.getter(name="keyVaultUri")
|
300
341
|
def key_vault_uri(self) -> Optional[pulumi.Input[str]]:
|
@@ -327,7 +368,7 @@ class _SyncAzureDestinationState:
|
|
327
368
|
"""
|
328
369
|
The namespace to provision the resource in.
|
329
370
|
The value should not contain leading or trailing forward slashes.
|
330
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
371
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
331
372
|
"""
|
332
373
|
return pulumi.get(self, "namespace")
|
333
374
|
|
@@ -383,7 +424,8 @@ class SyncAzureDestination(pulumi.CustomResource):
|
|
383
424
|
client_id: Optional[pulumi.Input[str]] = None,
|
384
425
|
client_secret: Optional[pulumi.Input[str]] = None,
|
385
426
|
cloud: Optional[pulumi.Input[str]] = None,
|
386
|
-
custom_tags: Optional[pulumi.Input[Mapping[str,
|
427
|
+
custom_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
428
|
+
granularity: Optional[pulumi.Input[str]] = None,
|
387
429
|
key_vault_uri: Optional[pulumi.Input[str]] = None,
|
388
430
|
name: Optional[pulumi.Input[str]] = None,
|
389
431
|
namespace: Optional[pulumi.Input[str]] = None,
|
@@ -398,10 +440,11 @@ class SyncAzureDestination(pulumi.CustomResource):
|
|
398
440
|
import pulumi_vault as vault
|
399
441
|
|
400
442
|
az = vault.secrets.SyncAzureDestination("az",
|
401
|
-
|
402
|
-
|
403
|
-
|
404
|
-
|
443
|
+
name="az-dest",
|
444
|
+
key_vault_uri=key_vault_uri,
|
445
|
+
client_id=client_id,
|
446
|
+
client_secret=client_secret,
|
447
|
+
tenant_id=tenant_id,
|
405
448
|
secret_name_template="vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}",
|
406
449
|
custom_tags={
|
407
450
|
"foo": "bar",
|
@@ -413,7 +456,7 @@ class SyncAzureDestination(pulumi.CustomResource):
|
|
413
456
|
Azure Secrets sync destinations can be imported using the `name`, e.g.
|
414
457
|
|
415
458
|
```sh
|
416
|
-
|
459
|
+
$ pulumi import vault:secrets/syncAzureDestination:SyncAzureDestination az az-dest
|
417
460
|
```
|
418
461
|
|
419
462
|
:param str resource_name: The name of the resource.
|
@@ -425,14 +468,16 @@ class SyncAzureDestination(pulumi.CustomResource):
|
|
425
468
|
Can be omitted and directly provided to Vault using the `AZURE_CLIENT_SECRET` environment
|
426
469
|
variable.
|
427
470
|
:param pulumi.Input[str] cloud: Specifies a cloud for the client. The default is Azure Public Cloud.
|
428
|
-
:param pulumi.Input[Mapping[str,
|
471
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] custom_tags: Custom tags to set on the secret managed at the destination.
|
472
|
+
:param pulumi.Input[str] granularity: Determines what level of information is synced as a distinct resource
|
473
|
+
at the destination. Supports `secret-path` and `secret-key`.
|
429
474
|
:param pulumi.Input[str] key_vault_uri: URI of an existing Azure Key Vault instance.
|
430
475
|
Can be omitted and directly provided to Vault using the `KEY_VAULT_URI` environment
|
431
476
|
variable.
|
432
477
|
:param pulumi.Input[str] name: Unique name of the Azure destination.
|
433
478
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
434
479
|
The value should not contain leading or trailing forward slashes.
|
435
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
480
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
436
481
|
:param pulumi.Input[str] secret_name_template: Template describing how to generate external secret names.
|
437
482
|
Supports a subset of the Go Template syntax.
|
438
483
|
:param pulumi.Input[str] tenant_id: ID of the target Azure tenant.
|
@@ -453,10 +498,11 @@ class SyncAzureDestination(pulumi.CustomResource):
|
|
453
498
|
import pulumi_vault as vault
|
454
499
|
|
455
500
|
az = vault.secrets.SyncAzureDestination("az",
|
456
|
-
|
457
|
-
|
458
|
-
|
459
|
-
|
501
|
+
name="az-dest",
|
502
|
+
key_vault_uri=key_vault_uri,
|
503
|
+
client_id=client_id,
|
504
|
+
client_secret=client_secret,
|
505
|
+
tenant_id=tenant_id,
|
460
506
|
secret_name_template="vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}",
|
461
507
|
custom_tags={
|
462
508
|
"foo": "bar",
|
@@ -468,7 +514,7 @@ class SyncAzureDestination(pulumi.CustomResource):
|
|
468
514
|
Azure Secrets sync destinations can be imported using the `name`, e.g.
|
469
515
|
|
470
516
|
```sh
|
471
|
-
|
517
|
+
$ pulumi import vault:secrets/syncAzureDestination:SyncAzureDestination az az-dest
|
472
518
|
```
|
473
519
|
|
474
520
|
:param str resource_name: The name of the resource.
|
@@ -489,7 +535,8 @@ class SyncAzureDestination(pulumi.CustomResource):
|
|
489
535
|
client_id: Optional[pulumi.Input[str]] = None,
|
490
536
|
client_secret: Optional[pulumi.Input[str]] = None,
|
491
537
|
cloud: Optional[pulumi.Input[str]] = None,
|
492
|
-
custom_tags: Optional[pulumi.Input[Mapping[str,
|
538
|
+
custom_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
539
|
+
granularity: Optional[pulumi.Input[str]] = None,
|
493
540
|
key_vault_uri: Optional[pulumi.Input[str]] = None,
|
494
541
|
name: Optional[pulumi.Input[str]] = None,
|
495
542
|
namespace: Optional[pulumi.Input[str]] = None,
|
@@ -508,6 +555,7 @@ class SyncAzureDestination(pulumi.CustomResource):
|
|
508
555
|
__props__.__dict__["client_secret"] = None if client_secret is None else pulumi.Output.secret(client_secret)
|
509
556
|
__props__.__dict__["cloud"] = cloud
|
510
557
|
__props__.__dict__["custom_tags"] = custom_tags
|
558
|
+
__props__.__dict__["granularity"] = granularity
|
511
559
|
__props__.__dict__["key_vault_uri"] = key_vault_uri
|
512
560
|
__props__.__dict__["name"] = name
|
513
561
|
__props__.__dict__["namespace"] = namespace
|
@@ -529,7 +577,8 @@ class SyncAzureDestination(pulumi.CustomResource):
|
|
529
577
|
client_id: Optional[pulumi.Input[str]] = None,
|
530
578
|
client_secret: Optional[pulumi.Input[str]] = None,
|
531
579
|
cloud: Optional[pulumi.Input[str]] = None,
|
532
|
-
custom_tags: Optional[pulumi.Input[Mapping[str,
|
580
|
+
custom_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
581
|
+
granularity: Optional[pulumi.Input[str]] = None,
|
533
582
|
key_vault_uri: Optional[pulumi.Input[str]] = None,
|
534
583
|
name: Optional[pulumi.Input[str]] = None,
|
535
584
|
namespace: Optional[pulumi.Input[str]] = None,
|
@@ -550,14 +599,16 @@ class SyncAzureDestination(pulumi.CustomResource):
|
|
550
599
|
Can be omitted and directly provided to Vault using the `AZURE_CLIENT_SECRET` environment
|
551
600
|
variable.
|
552
601
|
:param pulumi.Input[str] cloud: Specifies a cloud for the client. The default is Azure Public Cloud.
|
553
|
-
:param pulumi.Input[Mapping[str,
|
602
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] custom_tags: Custom tags to set on the secret managed at the destination.
|
603
|
+
:param pulumi.Input[str] granularity: Determines what level of information is synced as a distinct resource
|
604
|
+
at the destination. Supports `secret-path` and `secret-key`.
|
554
605
|
:param pulumi.Input[str] key_vault_uri: URI of an existing Azure Key Vault instance.
|
555
606
|
Can be omitted and directly provided to Vault using the `KEY_VAULT_URI` environment
|
556
607
|
variable.
|
557
608
|
:param pulumi.Input[str] name: Unique name of the Azure destination.
|
558
609
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
559
610
|
The value should not contain leading or trailing forward slashes.
|
560
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
611
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
561
612
|
:param pulumi.Input[str] secret_name_template: Template describing how to generate external secret names.
|
562
613
|
Supports a subset of the Go Template syntax.
|
563
614
|
:param pulumi.Input[str] tenant_id: ID of the target Azure tenant.
|
@@ -573,6 +624,7 @@ class SyncAzureDestination(pulumi.CustomResource):
|
|
573
624
|
__props__.__dict__["client_secret"] = client_secret
|
574
625
|
__props__.__dict__["cloud"] = cloud
|
575
626
|
__props__.__dict__["custom_tags"] = custom_tags
|
627
|
+
__props__.__dict__["granularity"] = granularity
|
576
628
|
__props__.__dict__["key_vault_uri"] = key_vault_uri
|
577
629
|
__props__.__dict__["name"] = name
|
578
630
|
__props__.__dict__["namespace"] = namespace
|
@@ -611,12 +663,21 @@ class SyncAzureDestination(pulumi.CustomResource):
|
|
611
663
|
|
612
664
|
@property
|
613
665
|
@pulumi.getter(name="customTags")
|
614
|
-
def custom_tags(self) -> pulumi.Output[Optional[Mapping[str,
|
666
|
+
def custom_tags(self) -> pulumi.Output[Optional[Mapping[str, str]]]:
|
615
667
|
"""
|
616
668
|
Custom tags to set on the secret managed at the destination.
|
617
669
|
"""
|
618
670
|
return pulumi.get(self, "custom_tags")
|
619
671
|
|
672
|
+
@property
|
673
|
+
@pulumi.getter
|
674
|
+
def granularity(self) -> pulumi.Output[Optional[str]]:
|
675
|
+
"""
|
676
|
+
Determines what level of information is synced as a distinct resource
|
677
|
+
at the destination. Supports `secret-path` and `secret-key`.
|
678
|
+
"""
|
679
|
+
return pulumi.get(self, "granularity")
|
680
|
+
|
620
681
|
@property
|
621
682
|
@pulumi.getter(name="keyVaultUri")
|
622
683
|
def key_vault_uri(self) -> pulumi.Output[Optional[str]]:
|
@@ -641,7 +702,7 @@ class SyncAzureDestination(pulumi.CustomResource):
|
|
641
702
|
"""
|
642
703
|
The namespace to provision the resource in.
|
643
704
|
The value should not contain leading or trailing forward slashes.
|
644
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
705
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
645
706
|
"""
|
646
707
|
return pulumi.get(self, "namespace")
|
647
708
|
|
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
|
12
17
|
__all__ = ['SyncConfigArgs', 'SyncConfig']
|
@@ -154,7 +159,7 @@ class SyncConfig(pulumi.CustomResource):
|
|
154
159
|
import pulumi
|
155
160
|
import pulumi_vault as vault
|
156
161
|
|
157
|
-
global_config = vault.secrets.SyncConfig("
|
162
|
+
global_config = vault.secrets.SyncConfig("global_config",
|
158
163
|
disabled=True,
|
159
164
|
queue_capacity=500000)
|
160
165
|
```
|
@@ -162,7 +167,7 @@ class SyncConfig(pulumi.CustomResource):
|
|
162
167
|
## Import
|
163
168
|
|
164
169
|
```sh
|
165
|
-
|
170
|
+
$ pulumi import vault:secrets/syncConfig:SyncConfig config global_config
|
166
171
|
```
|
167
172
|
|
168
173
|
:param str resource_name: The name of the resource.
|
@@ -193,7 +198,7 @@ class SyncConfig(pulumi.CustomResource):
|
|
193
198
|
import pulumi
|
194
199
|
import pulumi_vault as vault
|
195
200
|
|
196
|
-
global_config = vault.secrets.SyncConfig("
|
201
|
+
global_config = vault.secrets.SyncConfig("global_config",
|
197
202
|
disabled=True,
|
198
203
|
queue_capacity=500000)
|
199
204
|
```
|
@@ -201,7 +206,7 @@ class SyncConfig(pulumi.CustomResource):
|
|
201
206
|
## Import
|
202
207
|
|
203
208
|
```sh
|
204
|
-
|
209
|
+
$ pulumi import vault:secrets/syncConfig:SyncConfig config global_config
|
205
210
|
```
|
206
211
|
|
207
212
|
:param str resource_name: The name of the resource.
|