pulumi-vault 5.21.0a1709368526__py3-none-any.whl → 6.5.0a1736836139__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +52 -0
- pulumi_vault/_inputs.py +560 -0
- pulumi_vault/_utilities.py +41 -5
- pulumi_vault/ad/get_access_credentials.py +26 -9
- pulumi_vault/ad/secret_backend.py +16 -142
- pulumi_vault/ad/secret_library.py +16 -9
- pulumi_vault/ad/secret_role.py +14 -9
- pulumi_vault/alicloud/auth_backend_role.py +76 -190
- pulumi_vault/approle/auth_backend_login.py +12 -7
- pulumi_vault/approle/auth_backend_role.py +77 -191
- pulumi_vault/approle/auth_backend_role_secret_id.py +106 -7
- pulumi_vault/approle/get_auth_backend_role_id.py +18 -5
- pulumi_vault/audit.py +30 -21
- pulumi_vault/audit_request_header.py +11 -2
- pulumi_vault/auth_backend.py +66 -14
- pulumi_vault/aws/auth_backend_cert.py +18 -9
- pulumi_vault/aws/auth_backend_client.py +267 -22
- pulumi_vault/aws/auth_backend_config_identity.py +14 -9
- pulumi_vault/aws/auth_backend_identity_whitelist.py +20 -15
- pulumi_vault/aws/auth_backend_login.py +19 -22
- pulumi_vault/aws/auth_backend_role.py +77 -191
- pulumi_vault/aws/auth_backend_role_tag.py +12 -7
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -13
- pulumi_vault/aws/auth_backend_sts_role.py +14 -9
- pulumi_vault/aws/get_access_credentials.py +38 -9
- pulumi_vault/aws/get_static_access_credentials.py +19 -5
- pulumi_vault/aws/secret_backend.py +77 -9
- pulumi_vault/aws/secret_backend_role.py +185 -9
- pulumi_vault/aws/secret_backend_static_role.py +20 -11
- pulumi_vault/azure/_inputs.py +24 -0
- pulumi_vault/azure/auth_backend_config.py +153 -15
- pulumi_vault/azure/auth_backend_role.py +77 -191
- pulumi_vault/azure/backend.py +227 -21
- pulumi_vault/azure/backend_role.py +42 -37
- pulumi_vault/azure/get_access_credentials.py +41 -7
- pulumi_vault/azure/outputs.py +5 -0
- pulumi_vault/cert_auth_backend_role.py +87 -267
- pulumi_vault/config/__init__.pyi +5 -0
- pulumi_vault/config/_inputs.py +73 -0
- pulumi_vault/config/outputs.py +35 -0
- pulumi_vault/config/ui_custom_message.py +529 -0
- pulumi_vault/config/vars.py +5 -0
- pulumi_vault/consul/secret_backend.py +28 -19
- pulumi_vault/consul/secret_backend_role.py +18 -78
- pulumi_vault/database/_inputs.py +2770 -881
- pulumi_vault/database/outputs.py +721 -838
- pulumi_vault/database/secret_backend_connection.py +119 -112
- pulumi_vault/database/secret_backend_role.py +31 -22
- pulumi_vault/database/secret_backend_static_role.py +87 -13
- pulumi_vault/database/secrets_mount.py +427 -136
- pulumi_vault/egp_policy.py +16 -11
- pulumi_vault/gcp/_inputs.py +111 -0
- pulumi_vault/gcp/auth_backend.py +250 -33
- pulumi_vault/gcp/auth_backend_role.py +77 -269
- pulumi_vault/gcp/get_auth_backend_role.py +43 -5
- pulumi_vault/gcp/outputs.py +5 -0
- pulumi_vault/gcp/secret_backend.py +287 -12
- pulumi_vault/gcp/secret_impersonated_account.py +76 -15
- pulumi_vault/gcp/secret_roleset.py +31 -24
- pulumi_vault/gcp/secret_static_account.py +39 -32
- pulumi_vault/generic/endpoint.py +24 -17
- pulumi_vault/generic/get_secret.py +64 -8
- pulumi_vault/generic/secret.py +21 -16
- pulumi_vault/get_auth_backend.py +24 -7
- pulumi_vault/get_auth_backends.py +51 -9
- pulumi_vault/get_namespace.py +226 -0
- pulumi_vault/get_namespaces.py +153 -0
- pulumi_vault/get_nomad_access_token.py +31 -11
- pulumi_vault/get_policy_document.py +34 -19
- pulumi_vault/get_raft_autopilot_state.py +29 -10
- pulumi_vault/github/_inputs.py +55 -0
- pulumi_vault/github/auth_backend.py +19 -14
- pulumi_vault/github/outputs.py +5 -0
- pulumi_vault/github/team.py +16 -11
- pulumi_vault/github/user.py +16 -11
- pulumi_vault/identity/entity.py +20 -13
- pulumi_vault/identity/entity_alias.py +20 -13
- pulumi_vault/identity/entity_policies.py +28 -11
- pulumi_vault/identity/get_entity.py +42 -10
- pulumi_vault/identity/get_group.py +47 -9
- pulumi_vault/identity/get_oidc_client_creds.py +21 -7
- pulumi_vault/identity/get_oidc_openid_config.py +39 -9
- pulumi_vault/identity/get_oidc_public_keys.py +29 -10
- pulumi_vault/identity/group.py +58 -39
- pulumi_vault/identity/group_alias.py +16 -9
- pulumi_vault/identity/group_member_entity_ids.py +28 -66
- pulumi_vault/identity/group_member_group_ids.py +40 -19
- pulumi_vault/identity/group_policies.py +20 -7
- pulumi_vault/identity/mfa_duo.py +11 -6
- pulumi_vault/identity/mfa_login_enforcement.py +15 -6
- pulumi_vault/identity/mfa_okta.py +11 -6
- pulumi_vault/identity/mfa_pingid.py +7 -2
- pulumi_vault/identity/mfa_totp.py +7 -2
- pulumi_vault/identity/oidc.py +12 -7
- pulumi_vault/identity/oidc_assignment.py +24 -11
- pulumi_vault/identity/oidc_client.py +36 -23
- pulumi_vault/identity/oidc_key.py +30 -17
- pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -15
- pulumi_vault/identity/oidc_provider.py +36 -21
- pulumi_vault/identity/oidc_role.py +42 -21
- pulumi_vault/identity/oidc_scope.py +20 -13
- pulumi_vault/identity/outputs.py +8 -3
- pulumi_vault/jwt/_inputs.py +55 -0
- pulumi_vault/jwt/auth_backend.py +45 -40
- pulumi_vault/jwt/auth_backend_role.py +133 -254
- pulumi_vault/jwt/outputs.py +5 -0
- pulumi_vault/kmip/secret_backend.py +24 -19
- pulumi_vault/kmip/secret_role.py +14 -9
- pulumi_vault/kmip/secret_scope.py +14 -9
- pulumi_vault/kubernetes/auth_backend_config.py +57 -5
- pulumi_vault/kubernetes/auth_backend_role.py +70 -177
- pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
- pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
- pulumi_vault/kubernetes/get_service_account_token.py +39 -11
- pulumi_vault/kubernetes/secret_backend.py +316 -27
- pulumi_vault/kubernetes/secret_backend_role.py +137 -46
- pulumi_vault/kv/_inputs.py +36 -4
- pulumi_vault/kv/get_secret.py +25 -8
- pulumi_vault/kv/get_secret_subkeys_v2.py +33 -10
- pulumi_vault/kv/get_secret_v2.py +85 -9
- pulumi_vault/kv/get_secrets_list.py +24 -11
- pulumi_vault/kv/get_secrets_list_v2.py +37 -15
- pulumi_vault/kv/outputs.py +8 -3
- pulumi_vault/kv/secret.py +23 -16
- pulumi_vault/kv/secret_backend_v2.py +20 -11
- pulumi_vault/kv/secret_v2.py +59 -50
- pulumi_vault/ldap/auth_backend.py +127 -166
- pulumi_vault/ldap/auth_backend_group.py +14 -9
- pulumi_vault/ldap/auth_backend_user.py +14 -9
- pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
- pulumi_vault/ldap/get_static_credentials.py +24 -5
- pulumi_vault/ldap/secret_backend.py +354 -82
- pulumi_vault/ldap/secret_backend_dynamic_role.py +18 -11
- pulumi_vault/ldap/secret_backend_library_set.py +16 -9
- pulumi_vault/ldap/secret_backend_static_role.py +73 -12
- pulumi_vault/managed/_inputs.py +289 -132
- pulumi_vault/managed/keys.py +29 -57
- pulumi_vault/managed/outputs.py +89 -132
- pulumi_vault/mfa_duo.py +18 -11
- pulumi_vault/mfa_okta.py +18 -11
- pulumi_vault/mfa_pingid.py +18 -11
- pulumi_vault/mfa_totp.py +24 -17
- pulumi_vault/mongodbatlas/secret_backend.py +20 -15
- pulumi_vault/mongodbatlas/secret_role.py +47 -38
- pulumi_vault/mount.py +391 -51
- pulumi_vault/namespace.py +68 -83
- pulumi_vault/nomad_secret_backend.py +18 -13
- pulumi_vault/nomad_secret_role.py +14 -9
- pulumi_vault/okta/_inputs.py +47 -8
- pulumi_vault/okta/auth_backend.py +485 -39
- pulumi_vault/okta/auth_backend_group.py +14 -9
- pulumi_vault/okta/auth_backend_user.py +14 -9
- pulumi_vault/okta/outputs.py +13 -8
- pulumi_vault/outputs.py +5 -0
- pulumi_vault/password_policy.py +20 -13
- pulumi_vault/pkisecret/__init__.py +3 -0
- pulumi_vault/pkisecret/_inputs.py +81 -0
- pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
- pulumi_vault/pkisecret/backend_config_est.py +619 -0
- pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
- pulumi_vault/pkisecret/get_backend_issuer.py +67 -9
- pulumi_vault/pkisecret/get_backend_issuers.py +21 -8
- pulumi_vault/pkisecret/get_backend_key.py +24 -9
- pulumi_vault/pkisecret/get_backend_keys.py +21 -8
- pulumi_vault/pkisecret/outputs.py +69 -0
- pulumi_vault/pkisecret/secret_backend_cert.py +18 -11
- pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -11
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +14 -9
- pulumi_vault/pkisecret/secret_backend_config_urls.py +67 -11
- pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -9
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -11
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -17
- pulumi_vault/pkisecret/secret_backend_issuer.py +14 -9
- pulumi_vault/pkisecret/secret_backend_key.py +14 -9
- pulumi_vault/pkisecret/secret_backend_role.py +21 -14
- pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -48
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -56
- pulumi_vault/pkisecret/secret_backend_sign.py +18 -54
- pulumi_vault/plugin.py +595 -0
- pulumi_vault/plugin_pinned_version.py +298 -0
- pulumi_vault/policy.py +14 -9
- pulumi_vault/provider.py +48 -53
- pulumi_vault/pulumi-plugin.json +2 -1
- pulumi_vault/quota_lease_count.py +60 -6
- pulumi_vault/quota_rate_limit.py +56 -2
- pulumi_vault/rabbitmq/_inputs.py +61 -0
- pulumi_vault/rabbitmq/outputs.py +5 -0
- pulumi_vault/rabbitmq/secret_backend.py +18 -13
- pulumi_vault/rabbitmq/secret_backend_role.py +54 -47
- pulumi_vault/raft_autopilot.py +14 -9
- pulumi_vault/raft_snapshot_agent_config.py +129 -224
- pulumi_vault/rgp_policy.py +14 -9
- pulumi_vault/saml/auth_backend.py +22 -17
- pulumi_vault/saml/auth_backend_role.py +92 -197
- pulumi_vault/secrets/__init__.py +3 -0
- pulumi_vault/secrets/_inputs.py +110 -0
- pulumi_vault/secrets/outputs.py +94 -0
- pulumi_vault/secrets/sync_association.py +56 -71
- pulumi_vault/secrets/sync_aws_destination.py +242 -27
- pulumi_vault/secrets/sync_azure_destination.py +92 -31
- pulumi_vault/secrets/sync_config.py +9 -4
- pulumi_vault/secrets/sync_gcp_destination.py +158 -25
- pulumi_vault/secrets/sync_gh_destination.py +189 -13
- pulumi_vault/secrets/sync_github_apps.py +375 -0
- pulumi_vault/secrets/sync_vercel_destination.py +74 -13
- pulumi_vault/ssh/_inputs.py +28 -28
- pulumi_vault/ssh/outputs.py +11 -28
- pulumi_vault/ssh/secret_backend_ca.py +108 -9
- pulumi_vault/ssh/secret_backend_role.py +85 -118
- pulumi_vault/terraformcloud/secret_backend.py +7 -54
- pulumi_vault/terraformcloud/secret_creds.py +14 -20
- pulumi_vault/terraformcloud/secret_role.py +16 -74
- pulumi_vault/token.py +28 -23
- pulumi_vault/tokenauth/auth_backend_role.py +78 -199
- pulumi_vault/transform/alphabet.py +16 -9
- pulumi_vault/transform/get_decode.py +45 -17
- pulumi_vault/transform/get_encode.py +45 -17
- pulumi_vault/transform/role.py +16 -9
- pulumi_vault/transform/template.py +30 -21
- pulumi_vault/transform/transformation.py +12 -7
- pulumi_vault/transit/get_decrypt.py +26 -21
- pulumi_vault/transit/get_encrypt.py +24 -19
- pulumi_vault/transit/secret_backend_key.py +27 -93
- pulumi_vault/transit/secret_cache_config.py +12 -7
- {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/METADATA +8 -7
- pulumi_vault-6.5.0a1736836139.dist-info/RECORD +256 -0
- {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/WHEEL +1 -1
- pulumi_vault-5.21.0a1709368526.dist-info/RECORD +0 -244
- {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/top_level.txt +0 -0
pulumi_vault/auth_backend.py
CHANGED
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from . import _utilities
|
11
16
|
from . import outputs
|
12
17
|
from ._inputs import *
|
@@ -19,6 +24,7 @@ class AuthBackendArgs:
|
|
19
24
|
type: pulumi.Input[str],
|
20
25
|
description: Optional[pulumi.Input[str]] = None,
|
21
26
|
disable_remount: Optional[pulumi.Input[bool]] = None,
|
27
|
+
identity_token_key: Optional[pulumi.Input[str]] = None,
|
22
28
|
local: Optional[pulumi.Input[bool]] = None,
|
23
29
|
namespace: Optional[pulumi.Input[str]] = None,
|
24
30
|
path: Optional[pulumi.Input[str]] = None,
|
@@ -29,10 +35,11 @@ class AuthBackendArgs:
|
|
29
35
|
:param pulumi.Input[str] description: A description of the auth method.
|
30
36
|
:param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
|
31
37
|
See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
|
38
|
+
:param pulumi.Input[str] identity_token_key: The key to use for signing identity tokens.
|
32
39
|
:param pulumi.Input[bool] local: Specifies if the auth method is local only.
|
33
40
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
34
41
|
The value should not contain leading or trailing forward slashes.
|
35
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
42
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
36
43
|
*Available only for Vault Enterprise*.
|
37
44
|
:param pulumi.Input[str] path: The path to mount the auth method — this defaults to the name of the type.
|
38
45
|
:param pulumi.Input['AuthBackendTuneArgs'] tune: Extra configuration block. Structure is documented below.
|
@@ -44,6 +51,8 @@ class AuthBackendArgs:
|
|
44
51
|
pulumi.set(__self__, "description", description)
|
45
52
|
if disable_remount is not None:
|
46
53
|
pulumi.set(__self__, "disable_remount", disable_remount)
|
54
|
+
if identity_token_key is not None:
|
55
|
+
pulumi.set(__self__, "identity_token_key", identity_token_key)
|
47
56
|
if local is not None:
|
48
57
|
pulumi.set(__self__, "local", local)
|
49
58
|
if namespace is not None:
|
@@ -90,6 +99,18 @@ class AuthBackendArgs:
|
|
90
99
|
def disable_remount(self, value: Optional[pulumi.Input[bool]]):
|
91
100
|
pulumi.set(self, "disable_remount", value)
|
92
101
|
|
102
|
+
@property
|
103
|
+
@pulumi.getter(name="identityTokenKey")
|
104
|
+
def identity_token_key(self) -> Optional[pulumi.Input[str]]:
|
105
|
+
"""
|
106
|
+
The key to use for signing identity tokens.
|
107
|
+
"""
|
108
|
+
return pulumi.get(self, "identity_token_key")
|
109
|
+
|
110
|
+
@identity_token_key.setter
|
111
|
+
def identity_token_key(self, value: Optional[pulumi.Input[str]]):
|
112
|
+
pulumi.set(self, "identity_token_key", value)
|
113
|
+
|
93
114
|
@property
|
94
115
|
@pulumi.getter
|
95
116
|
def local(self) -> Optional[pulumi.Input[bool]]:
|
@@ -108,7 +129,7 @@ class AuthBackendArgs:
|
|
108
129
|
"""
|
109
130
|
The namespace to provision the resource in.
|
110
131
|
The value should not contain leading or trailing forward slashes.
|
111
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
132
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
112
133
|
*Available only for Vault Enterprise*.
|
113
134
|
"""
|
114
135
|
return pulumi.get(self, "namespace")
|
@@ -150,6 +171,7 @@ class _AuthBackendState:
|
|
150
171
|
accessor: Optional[pulumi.Input[str]] = None,
|
151
172
|
description: Optional[pulumi.Input[str]] = None,
|
152
173
|
disable_remount: Optional[pulumi.Input[bool]] = None,
|
174
|
+
identity_token_key: Optional[pulumi.Input[str]] = None,
|
153
175
|
local: Optional[pulumi.Input[bool]] = None,
|
154
176
|
namespace: Optional[pulumi.Input[str]] = None,
|
155
177
|
path: Optional[pulumi.Input[str]] = None,
|
@@ -161,10 +183,11 @@ class _AuthBackendState:
|
|
161
183
|
:param pulumi.Input[str] description: A description of the auth method.
|
162
184
|
:param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
|
163
185
|
See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
|
186
|
+
:param pulumi.Input[str] identity_token_key: The key to use for signing identity tokens.
|
164
187
|
:param pulumi.Input[bool] local: Specifies if the auth method is local only.
|
165
188
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
166
189
|
The value should not contain leading or trailing forward slashes.
|
167
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
190
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
168
191
|
*Available only for Vault Enterprise*.
|
169
192
|
:param pulumi.Input[str] path: The path to mount the auth method — this defaults to the name of the type.
|
170
193
|
:param pulumi.Input['AuthBackendTuneArgs'] tune: Extra configuration block. Structure is documented below.
|
@@ -178,6 +201,8 @@ class _AuthBackendState:
|
|
178
201
|
pulumi.set(__self__, "description", description)
|
179
202
|
if disable_remount is not None:
|
180
203
|
pulumi.set(__self__, "disable_remount", disable_remount)
|
204
|
+
if identity_token_key is not None:
|
205
|
+
pulumi.set(__self__, "identity_token_key", identity_token_key)
|
181
206
|
if local is not None:
|
182
207
|
pulumi.set(__self__, "local", local)
|
183
208
|
if namespace is not None:
|
@@ -226,6 +251,18 @@ class _AuthBackendState:
|
|
226
251
|
def disable_remount(self, value: Optional[pulumi.Input[bool]]):
|
227
252
|
pulumi.set(self, "disable_remount", value)
|
228
253
|
|
254
|
+
@property
|
255
|
+
@pulumi.getter(name="identityTokenKey")
|
256
|
+
def identity_token_key(self) -> Optional[pulumi.Input[str]]:
|
257
|
+
"""
|
258
|
+
The key to use for signing identity tokens.
|
259
|
+
"""
|
260
|
+
return pulumi.get(self, "identity_token_key")
|
261
|
+
|
262
|
+
@identity_token_key.setter
|
263
|
+
def identity_token_key(self, value: Optional[pulumi.Input[str]]):
|
264
|
+
pulumi.set(self, "identity_token_key", value)
|
265
|
+
|
229
266
|
@property
|
230
267
|
@pulumi.getter
|
231
268
|
def local(self) -> Optional[pulumi.Input[bool]]:
|
@@ -244,7 +281,7 @@ class _AuthBackendState:
|
|
244
281
|
"""
|
245
282
|
The namespace to provision the resource in.
|
246
283
|
The value should not contain leading or trailing forward slashes.
|
247
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
284
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
248
285
|
*Available only for Vault Enterprise*.
|
249
286
|
"""
|
250
287
|
return pulumi.get(self, "namespace")
|
@@ -299,10 +336,11 @@ class AuthBackend(pulumi.CustomResource):
|
|
299
336
|
opts: Optional[pulumi.ResourceOptions] = None,
|
300
337
|
description: Optional[pulumi.Input[str]] = None,
|
301
338
|
disable_remount: Optional[pulumi.Input[bool]] = None,
|
339
|
+
identity_token_key: Optional[pulumi.Input[str]] = None,
|
302
340
|
local: Optional[pulumi.Input[bool]] = None,
|
303
341
|
namespace: Optional[pulumi.Input[str]] = None,
|
304
342
|
path: Optional[pulumi.Input[str]] = None,
|
305
|
-
tune: Optional[pulumi.Input[
|
343
|
+
tune: Optional[pulumi.Input[Union['AuthBackendTuneArgs', 'AuthBackendTuneArgsDict']]] = None,
|
306
344
|
type: Optional[pulumi.Input[str]] = None,
|
307
345
|
__props__=None):
|
308
346
|
"""
|
@@ -311,7 +349,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
311
349
|
Auth methods can be imported using the `path`, e.g.
|
312
350
|
|
313
351
|
```sh
|
314
|
-
|
352
|
+
$ pulumi import vault:index/authBackend:AuthBackend example github
|
315
353
|
```
|
316
354
|
|
317
355
|
:param str resource_name: The name of the resource.
|
@@ -319,13 +357,14 @@ class AuthBackend(pulumi.CustomResource):
|
|
319
357
|
:param pulumi.Input[str] description: A description of the auth method.
|
320
358
|
:param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
|
321
359
|
See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
|
360
|
+
:param pulumi.Input[str] identity_token_key: The key to use for signing identity tokens.
|
322
361
|
:param pulumi.Input[bool] local: Specifies if the auth method is local only.
|
323
362
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
324
363
|
The value should not contain leading or trailing forward slashes.
|
325
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
364
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
326
365
|
*Available only for Vault Enterprise*.
|
327
366
|
:param pulumi.Input[str] path: The path to mount the auth method — this defaults to the name of the type.
|
328
|
-
:param pulumi.Input[
|
367
|
+
:param pulumi.Input[Union['AuthBackendTuneArgs', 'AuthBackendTuneArgsDict']] tune: Extra configuration block. Structure is documented below.
|
329
368
|
|
330
369
|
The `tune` block is used to tune the auth backend:
|
331
370
|
:param pulumi.Input[str] type: The name of the auth method type.
|
@@ -342,7 +381,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
342
381
|
Auth methods can be imported using the `path`, e.g.
|
343
382
|
|
344
383
|
```sh
|
345
|
-
|
384
|
+
$ pulumi import vault:index/authBackend:AuthBackend example github
|
346
385
|
```
|
347
386
|
|
348
387
|
:param str resource_name: The name of the resource.
|
@@ -362,10 +401,11 @@ class AuthBackend(pulumi.CustomResource):
|
|
362
401
|
opts: Optional[pulumi.ResourceOptions] = None,
|
363
402
|
description: Optional[pulumi.Input[str]] = None,
|
364
403
|
disable_remount: Optional[pulumi.Input[bool]] = None,
|
404
|
+
identity_token_key: Optional[pulumi.Input[str]] = None,
|
365
405
|
local: Optional[pulumi.Input[bool]] = None,
|
366
406
|
namespace: Optional[pulumi.Input[str]] = None,
|
367
407
|
path: Optional[pulumi.Input[str]] = None,
|
368
|
-
tune: Optional[pulumi.Input[
|
408
|
+
tune: Optional[pulumi.Input[Union['AuthBackendTuneArgs', 'AuthBackendTuneArgsDict']]] = None,
|
369
409
|
type: Optional[pulumi.Input[str]] = None,
|
370
410
|
__props__=None):
|
371
411
|
opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
|
@@ -378,6 +418,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
378
418
|
|
379
419
|
__props__.__dict__["description"] = description
|
380
420
|
__props__.__dict__["disable_remount"] = disable_remount
|
421
|
+
__props__.__dict__["identity_token_key"] = identity_token_key
|
381
422
|
__props__.__dict__["local"] = local
|
382
423
|
__props__.__dict__["namespace"] = namespace
|
383
424
|
__props__.__dict__["path"] = path
|
@@ -399,10 +440,11 @@ class AuthBackend(pulumi.CustomResource):
|
|
399
440
|
accessor: Optional[pulumi.Input[str]] = None,
|
400
441
|
description: Optional[pulumi.Input[str]] = None,
|
401
442
|
disable_remount: Optional[pulumi.Input[bool]] = None,
|
443
|
+
identity_token_key: Optional[pulumi.Input[str]] = None,
|
402
444
|
local: Optional[pulumi.Input[bool]] = None,
|
403
445
|
namespace: Optional[pulumi.Input[str]] = None,
|
404
446
|
path: Optional[pulumi.Input[str]] = None,
|
405
|
-
tune: Optional[pulumi.Input[
|
447
|
+
tune: Optional[pulumi.Input[Union['AuthBackendTuneArgs', 'AuthBackendTuneArgsDict']]] = None,
|
406
448
|
type: Optional[pulumi.Input[str]] = None) -> 'AuthBackend':
|
407
449
|
"""
|
408
450
|
Get an existing AuthBackend resource's state with the given name, id, and optional extra
|
@@ -415,13 +457,14 @@ class AuthBackend(pulumi.CustomResource):
|
|
415
457
|
:param pulumi.Input[str] description: A description of the auth method.
|
416
458
|
:param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
|
417
459
|
See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
|
460
|
+
:param pulumi.Input[str] identity_token_key: The key to use for signing identity tokens.
|
418
461
|
:param pulumi.Input[bool] local: Specifies if the auth method is local only.
|
419
462
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
420
463
|
The value should not contain leading or trailing forward slashes.
|
421
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
464
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
422
465
|
*Available only for Vault Enterprise*.
|
423
466
|
:param pulumi.Input[str] path: The path to mount the auth method — this defaults to the name of the type.
|
424
|
-
:param pulumi.Input[
|
467
|
+
:param pulumi.Input[Union['AuthBackendTuneArgs', 'AuthBackendTuneArgsDict']] tune: Extra configuration block. Structure is documented below.
|
425
468
|
|
426
469
|
The `tune` block is used to tune the auth backend:
|
427
470
|
:param pulumi.Input[str] type: The name of the auth method type.
|
@@ -433,6 +476,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
433
476
|
__props__.__dict__["accessor"] = accessor
|
434
477
|
__props__.__dict__["description"] = description
|
435
478
|
__props__.__dict__["disable_remount"] = disable_remount
|
479
|
+
__props__.__dict__["identity_token_key"] = identity_token_key
|
436
480
|
__props__.__dict__["local"] = local
|
437
481
|
__props__.__dict__["namespace"] = namespace
|
438
482
|
__props__.__dict__["path"] = path
|
@@ -465,6 +509,14 @@ class AuthBackend(pulumi.CustomResource):
|
|
465
509
|
"""
|
466
510
|
return pulumi.get(self, "disable_remount")
|
467
511
|
|
512
|
+
@property
|
513
|
+
@pulumi.getter(name="identityTokenKey")
|
514
|
+
def identity_token_key(self) -> pulumi.Output[Optional[str]]:
|
515
|
+
"""
|
516
|
+
The key to use for signing identity tokens.
|
517
|
+
"""
|
518
|
+
return pulumi.get(self, "identity_token_key")
|
519
|
+
|
468
520
|
@property
|
469
521
|
@pulumi.getter
|
470
522
|
def local(self) -> pulumi.Output[Optional[bool]]:
|
@@ -479,7 +531,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
479
531
|
"""
|
480
532
|
The namespace to provision the resource in.
|
481
533
|
The value should not contain leading or trailing forward slashes.
|
482
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
534
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
483
535
|
*Available only for Vault Enterprise*.
|
484
536
|
"""
|
485
537
|
return pulumi.get(self, "namespace")
|
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
|
12
17
|
__all__ = ['AuthBackendCertArgs', 'AuthBackendCert']
|
@@ -30,7 +35,7 @@ class AuthBackendCertArgs:
|
|
30
35
|
mounted at. Defaults to `aws`.
|
31
36
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
32
37
|
The value should not contain leading or trailing forward slashes.
|
33
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
38
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
34
39
|
*Available only for Vault Enterprise*.
|
35
40
|
:param pulumi.Input[str] type: Either "pkcs7" or "identity", indicating the type of
|
36
41
|
document which can be verified using the given certificate. Defaults to
|
@@ -91,7 +96,7 @@ class AuthBackendCertArgs:
|
|
91
96
|
"""
|
92
97
|
The namespace to provision the resource in.
|
93
98
|
The value should not contain leading or trailing forward slashes.
|
94
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
99
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
95
100
|
*Available only for Vault Enterprise*.
|
96
101
|
"""
|
97
102
|
return pulumi.get(self, "namespace")
|
@@ -134,7 +139,7 @@ class _AuthBackendCertState:
|
|
134
139
|
:param pulumi.Input[str] cert_name: The name of the certificate.
|
135
140
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
136
141
|
The value should not contain leading or trailing forward slashes.
|
137
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
142
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
138
143
|
*Available only for Vault Enterprise*.
|
139
144
|
:param pulumi.Input[str] type: Either "pkcs7" or "identity", indicating the type of
|
140
145
|
document which can be verified using the given certificate. Defaults to
|
@@ -197,7 +202,7 @@ class _AuthBackendCertState:
|
|
197
202
|
"""
|
198
203
|
The namespace to provision the resource in.
|
199
204
|
The value should not contain leading or trailing forward slashes.
|
200
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
205
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
201
206
|
*Available only for Vault Enterprise*.
|
202
207
|
"""
|
203
208
|
return pulumi.get(self, "namespace")
|
@@ -233,12 +238,14 @@ class AuthBackendCert(pulumi.CustomResource):
|
|
233
238
|
type: Optional[pulumi.Input[str]] = None,
|
234
239
|
__props__=None):
|
235
240
|
"""
|
241
|
+
## Example Usage
|
242
|
+
|
236
243
|
## Import
|
237
244
|
|
238
245
|
AWS auth backend certificates can be imported using `auth/`, the `backend` path, `/config/certificate/`, and the `cert_name` e.g.
|
239
246
|
|
240
247
|
```sh
|
241
|
-
|
248
|
+
$ pulumi import vault:aws/authBackendCert:AuthBackendCert example auth/aws/config/certificate/my-cert
|
242
249
|
```
|
243
250
|
|
244
251
|
:param str resource_name: The name of the resource.
|
@@ -252,7 +259,7 @@ class AuthBackendCert(pulumi.CustomResource):
|
|
252
259
|
:param pulumi.Input[str] cert_name: The name of the certificate.
|
253
260
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
254
261
|
The value should not contain leading or trailing forward slashes.
|
255
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
262
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
256
263
|
*Available only for Vault Enterprise*.
|
257
264
|
:param pulumi.Input[str] type: Either "pkcs7" or "identity", indicating the type of
|
258
265
|
document which can be verified using the given certificate. Defaults to
|
@@ -265,12 +272,14 @@ class AuthBackendCert(pulumi.CustomResource):
|
|
265
272
|
args: AuthBackendCertArgs,
|
266
273
|
opts: Optional[pulumi.ResourceOptions] = None):
|
267
274
|
"""
|
275
|
+
## Example Usage
|
276
|
+
|
268
277
|
## Import
|
269
278
|
|
270
279
|
AWS auth backend certificates can be imported using `auth/`, the `backend` path, `/config/certificate/`, and the `cert_name` e.g.
|
271
280
|
|
272
281
|
```sh
|
273
|
-
|
282
|
+
$ pulumi import vault:aws/authBackendCert:AuthBackendCert example auth/aws/config/certificate/my-cert
|
274
283
|
```
|
275
284
|
|
276
285
|
:param str resource_name: The name of the resource.
|
@@ -342,7 +351,7 @@ class AuthBackendCert(pulumi.CustomResource):
|
|
342
351
|
:param pulumi.Input[str] cert_name: The name of the certificate.
|
343
352
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
344
353
|
The value should not contain leading or trailing forward slashes.
|
345
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
354
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
346
355
|
*Available only for Vault Enterprise*.
|
347
356
|
:param pulumi.Input[str] type: Either "pkcs7" or "identity", indicating the type of
|
348
357
|
document which can be verified using the given certificate. Defaults to
|
@@ -393,7 +402,7 @@ class AuthBackendCert(pulumi.CustomResource):
|
|
393
402
|
"""
|
394
403
|
The namespace to provision the resource in.
|
395
404
|
The value should not contain leading or trailing forward slashes.
|
396
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
405
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
397
406
|
*Available only for Vault Enterprise*.
|
398
407
|
"""
|
399
408
|
return pulumi.get(self, "namespace")
|