pulumi-vault 5.21.0a1709368526__py3-none-any.whl → 6.5.0a1736836139__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +52 -0
- pulumi_vault/_inputs.py +560 -0
- pulumi_vault/_utilities.py +41 -5
- pulumi_vault/ad/get_access_credentials.py +26 -9
- pulumi_vault/ad/secret_backend.py +16 -142
- pulumi_vault/ad/secret_library.py +16 -9
- pulumi_vault/ad/secret_role.py +14 -9
- pulumi_vault/alicloud/auth_backend_role.py +76 -190
- pulumi_vault/approle/auth_backend_login.py +12 -7
- pulumi_vault/approle/auth_backend_role.py +77 -191
- pulumi_vault/approle/auth_backend_role_secret_id.py +106 -7
- pulumi_vault/approle/get_auth_backend_role_id.py +18 -5
- pulumi_vault/audit.py +30 -21
- pulumi_vault/audit_request_header.py +11 -2
- pulumi_vault/auth_backend.py +66 -14
- pulumi_vault/aws/auth_backend_cert.py +18 -9
- pulumi_vault/aws/auth_backend_client.py +267 -22
- pulumi_vault/aws/auth_backend_config_identity.py +14 -9
- pulumi_vault/aws/auth_backend_identity_whitelist.py +20 -15
- pulumi_vault/aws/auth_backend_login.py +19 -22
- pulumi_vault/aws/auth_backend_role.py +77 -191
- pulumi_vault/aws/auth_backend_role_tag.py +12 -7
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -13
- pulumi_vault/aws/auth_backend_sts_role.py +14 -9
- pulumi_vault/aws/get_access_credentials.py +38 -9
- pulumi_vault/aws/get_static_access_credentials.py +19 -5
- pulumi_vault/aws/secret_backend.py +77 -9
- pulumi_vault/aws/secret_backend_role.py +185 -9
- pulumi_vault/aws/secret_backend_static_role.py +20 -11
- pulumi_vault/azure/_inputs.py +24 -0
- pulumi_vault/azure/auth_backend_config.py +153 -15
- pulumi_vault/azure/auth_backend_role.py +77 -191
- pulumi_vault/azure/backend.py +227 -21
- pulumi_vault/azure/backend_role.py +42 -37
- pulumi_vault/azure/get_access_credentials.py +41 -7
- pulumi_vault/azure/outputs.py +5 -0
- pulumi_vault/cert_auth_backend_role.py +87 -267
- pulumi_vault/config/__init__.pyi +5 -0
- pulumi_vault/config/_inputs.py +73 -0
- pulumi_vault/config/outputs.py +35 -0
- pulumi_vault/config/ui_custom_message.py +529 -0
- pulumi_vault/config/vars.py +5 -0
- pulumi_vault/consul/secret_backend.py +28 -19
- pulumi_vault/consul/secret_backend_role.py +18 -78
- pulumi_vault/database/_inputs.py +2770 -881
- pulumi_vault/database/outputs.py +721 -838
- pulumi_vault/database/secret_backend_connection.py +119 -112
- pulumi_vault/database/secret_backend_role.py +31 -22
- pulumi_vault/database/secret_backend_static_role.py +87 -13
- pulumi_vault/database/secrets_mount.py +427 -136
- pulumi_vault/egp_policy.py +16 -11
- pulumi_vault/gcp/_inputs.py +111 -0
- pulumi_vault/gcp/auth_backend.py +250 -33
- pulumi_vault/gcp/auth_backend_role.py +77 -269
- pulumi_vault/gcp/get_auth_backend_role.py +43 -5
- pulumi_vault/gcp/outputs.py +5 -0
- pulumi_vault/gcp/secret_backend.py +287 -12
- pulumi_vault/gcp/secret_impersonated_account.py +76 -15
- pulumi_vault/gcp/secret_roleset.py +31 -24
- pulumi_vault/gcp/secret_static_account.py +39 -32
- pulumi_vault/generic/endpoint.py +24 -17
- pulumi_vault/generic/get_secret.py +64 -8
- pulumi_vault/generic/secret.py +21 -16
- pulumi_vault/get_auth_backend.py +24 -7
- pulumi_vault/get_auth_backends.py +51 -9
- pulumi_vault/get_namespace.py +226 -0
- pulumi_vault/get_namespaces.py +153 -0
- pulumi_vault/get_nomad_access_token.py +31 -11
- pulumi_vault/get_policy_document.py +34 -19
- pulumi_vault/get_raft_autopilot_state.py +29 -10
- pulumi_vault/github/_inputs.py +55 -0
- pulumi_vault/github/auth_backend.py +19 -14
- pulumi_vault/github/outputs.py +5 -0
- pulumi_vault/github/team.py +16 -11
- pulumi_vault/github/user.py +16 -11
- pulumi_vault/identity/entity.py +20 -13
- pulumi_vault/identity/entity_alias.py +20 -13
- pulumi_vault/identity/entity_policies.py +28 -11
- pulumi_vault/identity/get_entity.py +42 -10
- pulumi_vault/identity/get_group.py +47 -9
- pulumi_vault/identity/get_oidc_client_creds.py +21 -7
- pulumi_vault/identity/get_oidc_openid_config.py +39 -9
- pulumi_vault/identity/get_oidc_public_keys.py +29 -10
- pulumi_vault/identity/group.py +58 -39
- pulumi_vault/identity/group_alias.py +16 -9
- pulumi_vault/identity/group_member_entity_ids.py +28 -66
- pulumi_vault/identity/group_member_group_ids.py +40 -19
- pulumi_vault/identity/group_policies.py +20 -7
- pulumi_vault/identity/mfa_duo.py +11 -6
- pulumi_vault/identity/mfa_login_enforcement.py +15 -6
- pulumi_vault/identity/mfa_okta.py +11 -6
- pulumi_vault/identity/mfa_pingid.py +7 -2
- pulumi_vault/identity/mfa_totp.py +7 -2
- pulumi_vault/identity/oidc.py +12 -7
- pulumi_vault/identity/oidc_assignment.py +24 -11
- pulumi_vault/identity/oidc_client.py +36 -23
- pulumi_vault/identity/oidc_key.py +30 -17
- pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -15
- pulumi_vault/identity/oidc_provider.py +36 -21
- pulumi_vault/identity/oidc_role.py +42 -21
- pulumi_vault/identity/oidc_scope.py +20 -13
- pulumi_vault/identity/outputs.py +8 -3
- pulumi_vault/jwt/_inputs.py +55 -0
- pulumi_vault/jwt/auth_backend.py +45 -40
- pulumi_vault/jwt/auth_backend_role.py +133 -254
- pulumi_vault/jwt/outputs.py +5 -0
- pulumi_vault/kmip/secret_backend.py +24 -19
- pulumi_vault/kmip/secret_role.py +14 -9
- pulumi_vault/kmip/secret_scope.py +14 -9
- pulumi_vault/kubernetes/auth_backend_config.py +57 -5
- pulumi_vault/kubernetes/auth_backend_role.py +70 -177
- pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
- pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
- pulumi_vault/kubernetes/get_service_account_token.py +39 -11
- pulumi_vault/kubernetes/secret_backend.py +316 -27
- pulumi_vault/kubernetes/secret_backend_role.py +137 -46
- pulumi_vault/kv/_inputs.py +36 -4
- pulumi_vault/kv/get_secret.py +25 -8
- pulumi_vault/kv/get_secret_subkeys_v2.py +33 -10
- pulumi_vault/kv/get_secret_v2.py +85 -9
- pulumi_vault/kv/get_secrets_list.py +24 -11
- pulumi_vault/kv/get_secrets_list_v2.py +37 -15
- pulumi_vault/kv/outputs.py +8 -3
- pulumi_vault/kv/secret.py +23 -16
- pulumi_vault/kv/secret_backend_v2.py +20 -11
- pulumi_vault/kv/secret_v2.py +59 -50
- pulumi_vault/ldap/auth_backend.py +127 -166
- pulumi_vault/ldap/auth_backend_group.py +14 -9
- pulumi_vault/ldap/auth_backend_user.py +14 -9
- pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
- pulumi_vault/ldap/get_static_credentials.py +24 -5
- pulumi_vault/ldap/secret_backend.py +354 -82
- pulumi_vault/ldap/secret_backend_dynamic_role.py +18 -11
- pulumi_vault/ldap/secret_backend_library_set.py +16 -9
- pulumi_vault/ldap/secret_backend_static_role.py +73 -12
- pulumi_vault/managed/_inputs.py +289 -132
- pulumi_vault/managed/keys.py +29 -57
- pulumi_vault/managed/outputs.py +89 -132
- pulumi_vault/mfa_duo.py +18 -11
- pulumi_vault/mfa_okta.py +18 -11
- pulumi_vault/mfa_pingid.py +18 -11
- pulumi_vault/mfa_totp.py +24 -17
- pulumi_vault/mongodbatlas/secret_backend.py +20 -15
- pulumi_vault/mongodbatlas/secret_role.py +47 -38
- pulumi_vault/mount.py +391 -51
- pulumi_vault/namespace.py +68 -83
- pulumi_vault/nomad_secret_backend.py +18 -13
- pulumi_vault/nomad_secret_role.py +14 -9
- pulumi_vault/okta/_inputs.py +47 -8
- pulumi_vault/okta/auth_backend.py +485 -39
- pulumi_vault/okta/auth_backend_group.py +14 -9
- pulumi_vault/okta/auth_backend_user.py +14 -9
- pulumi_vault/okta/outputs.py +13 -8
- pulumi_vault/outputs.py +5 -0
- pulumi_vault/password_policy.py +20 -13
- pulumi_vault/pkisecret/__init__.py +3 -0
- pulumi_vault/pkisecret/_inputs.py +81 -0
- pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
- pulumi_vault/pkisecret/backend_config_est.py +619 -0
- pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
- pulumi_vault/pkisecret/get_backend_issuer.py +67 -9
- pulumi_vault/pkisecret/get_backend_issuers.py +21 -8
- pulumi_vault/pkisecret/get_backend_key.py +24 -9
- pulumi_vault/pkisecret/get_backend_keys.py +21 -8
- pulumi_vault/pkisecret/outputs.py +69 -0
- pulumi_vault/pkisecret/secret_backend_cert.py +18 -11
- pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -11
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +14 -9
- pulumi_vault/pkisecret/secret_backend_config_urls.py +67 -11
- pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -9
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -11
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -17
- pulumi_vault/pkisecret/secret_backend_issuer.py +14 -9
- pulumi_vault/pkisecret/secret_backend_key.py +14 -9
- pulumi_vault/pkisecret/secret_backend_role.py +21 -14
- pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -48
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -56
- pulumi_vault/pkisecret/secret_backend_sign.py +18 -54
- pulumi_vault/plugin.py +595 -0
- pulumi_vault/plugin_pinned_version.py +298 -0
- pulumi_vault/policy.py +14 -9
- pulumi_vault/provider.py +48 -53
- pulumi_vault/pulumi-plugin.json +2 -1
- pulumi_vault/quota_lease_count.py +60 -6
- pulumi_vault/quota_rate_limit.py +56 -2
- pulumi_vault/rabbitmq/_inputs.py +61 -0
- pulumi_vault/rabbitmq/outputs.py +5 -0
- pulumi_vault/rabbitmq/secret_backend.py +18 -13
- pulumi_vault/rabbitmq/secret_backend_role.py +54 -47
- pulumi_vault/raft_autopilot.py +14 -9
- pulumi_vault/raft_snapshot_agent_config.py +129 -224
- pulumi_vault/rgp_policy.py +14 -9
- pulumi_vault/saml/auth_backend.py +22 -17
- pulumi_vault/saml/auth_backend_role.py +92 -197
- pulumi_vault/secrets/__init__.py +3 -0
- pulumi_vault/secrets/_inputs.py +110 -0
- pulumi_vault/secrets/outputs.py +94 -0
- pulumi_vault/secrets/sync_association.py +56 -71
- pulumi_vault/secrets/sync_aws_destination.py +242 -27
- pulumi_vault/secrets/sync_azure_destination.py +92 -31
- pulumi_vault/secrets/sync_config.py +9 -4
- pulumi_vault/secrets/sync_gcp_destination.py +158 -25
- pulumi_vault/secrets/sync_gh_destination.py +189 -13
- pulumi_vault/secrets/sync_github_apps.py +375 -0
- pulumi_vault/secrets/sync_vercel_destination.py +74 -13
- pulumi_vault/ssh/_inputs.py +28 -28
- pulumi_vault/ssh/outputs.py +11 -28
- pulumi_vault/ssh/secret_backend_ca.py +108 -9
- pulumi_vault/ssh/secret_backend_role.py +85 -118
- pulumi_vault/terraformcloud/secret_backend.py +7 -54
- pulumi_vault/terraformcloud/secret_creds.py +14 -20
- pulumi_vault/terraformcloud/secret_role.py +16 -74
- pulumi_vault/token.py +28 -23
- pulumi_vault/tokenauth/auth_backend_role.py +78 -199
- pulumi_vault/transform/alphabet.py +16 -9
- pulumi_vault/transform/get_decode.py +45 -17
- pulumi_vault/transform/get_encode.py +45 -17
- pulumi_vault/transform/role.py +16 -9
- pulumi_vault/transform/template.py +30 -21
- pulumi_vault/transform/transformation.py +12 -7
- pulumi_vault/transit/get_decrypt.py +26 -21
- pulumi_vault/transit/get_encrypt.py +24 -19
- pulumi_vault/transit/secret_backend_key.py +27 -93
- pulumi_vault/transit/secret_cache_config.py +12 -7
- {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/METADATA +8 -7
- pulumi_vault-6.5.0a1736836139.dist-info/RECORD +256 -0
- {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/WHEEL +1 -1
- pulumi_vault-5.21.0a1709368526.dist-info/RECORD +0 -244
- {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/top_level.txt +0 -0
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
|
12
17
|
__all__ = ['SyncGcpDestinationArgs', 'SyncGcpDestination']
|
@@ -15,20 +20,28 @@ __all__ = ['SyncGcpDestinationArgs', 'SyncGcpDestination']
|
|
15
20
|
class SyncGcpDestinationArgs:
|
16
21
|
def __init__(__self__, *,
|
17
22
|
credentials: Optional[pulumi.Input[str]] = None,
|
18
|
-
custom_tags: Optional[pulumi.Input[Mapping[str,
|
23
|
+
custom_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
24
|
+
granularity: Optional[pulumi.Input[str]] = None,
|
19
25
|
name: Optional[pulumi.Input[str]] = None,
|
20
26
|
namespace: Optional[pulumi.Input[str]] = None,
|
27
|
+
project_id: Optional[pulumi.Input[str]] = None,
|
21
28
|
secret_name_template: Optional[pulumi.Input[str]] = None):
|
22
29
|
"""
|
23
30
|
The set of arguments for constructing a SyncGcpDestination resource.
|
24
31
|
:param pulumi.Input[str] credentials: JSON-encoded credentials to use to connect to GCP.
|
25
32
|
Can be omitted and directly provided to Vault using the `GOOGLE_APPLICATION_CREDENTIALS` environment
|
26
33
|
variable.
|
27
|
-
:param pulumi.Input[Mapping[str,
|
34
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] custom_tags: Custom tags to set on the secret managed at the destination.
|
35
|
+
:param pulumi.Input[str] granularity: Determines what level of information is synced as a distinct resource
|
36
|
+
at the destination. Supports `secret-path` and `secret-key`.
|
28
37
|
:param pulumi.Input[str] name: Unique name of the GCP destination.
|
29
38
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
30
39
|
The value should not contain leading or trailing forward slashes.
|
31
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
40
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
41
|
+
:param pulumi.Input[str] project_id: The target project to manage secrets in. If set,
|
42
|
+
overrides the project ID derived from the service account JSON credentials or application
|
43
|
+
default credentials. The service account must be [authorized](https://cloud.google.com/iam/docs/service-account-overview#locations)
|
44
|
+
to perform Secret Manager actions in the target project.
|
32
45
|
:param pulumi.Input[str] secret_name_template: Template describing how to generate external secret names.
|
33
46
|
Supports a subset of the Go Template syntax.
|
34
47
|
"""
|
@@ -36,10 +49,14 @@ class SyncGcpDestinationArgs:
|
|
36
49
|
pulumi.set(__self__, "credentials", credentials)
|
37
50
|
if custom_tags is not None:
|
38
51
|
pulumi.set(__self__, "custom_tags", custom_tags)
|
52
|
+
if granularity is not None:
|
53
|
+
pulumi.set(__self__, "granularity", granularity)
|
39
54
|
if name is not None:
|
40
55
|
pulumi.set(__self__, "name", name)
|
41
56
|
if namespace is not None:
|
42
57
|
pulumi.set(__self__, "namespace", namespace)
|
58
|
+
if project_id is not None:
|
59
|
+
pulumi.set(__self__, "project_id", project_id)
|
43
60
|
if secret_name_template is not None:
|
44
61
|
pulumi.set(__self__, "secret_name_template", secret_name_template)
|
45
62
|
|
@@ -59,16 +76,29 @@ class SyncGcpDestinationArgs:
|
|
59
76
|
|
60
77
|
@property
|
61
78
|
@pulumi.getter(name="customTags")
|
62
|
-
def custom_tags(self) -> Optional[pulumi.Input[Mapping[str,
|
79
|
+
def custom_tags(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
|
63
80
|
"""
|
64
81
|
Custom tags to set on the secret managed at the destination.
|
65
82
|
"""
|
66
83
|
return pulumi.get(self, "custom_tags")
|
67
84
|
|
68
85
|
@custom_tags.setter
|
69
|
-
def custom_tags(self, value: Optional[pulumi.Input[Mapping[str,
|
86
|
+
def custom_tags(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
|
70
87
|
pulumi.set(self, "custom_tags", value)
|
71
88
|
|
89
|
+
@property
|
90
|
+
@pulumi.getter
|
91
|
+
def granularity(self) -> Optional[pulumi.Input[str]]:
|
92
|
+
"""
|
93
|
+
Determines what level of information is synced as a distinct resource
|
94
|
+
at the destination. Supports `secret-path` and `secret-key`.
|
95
|
+
"""
|
96
|
+
return pulumi.get(self, "granularity")
|
97
|
+
|
98
|
+
@granularity.setter
|
99
|
+
def granularity(self, value: Optional[pulumi.Input[str]]):
|
100
|
+
pulumi.set(self, "granularity", value)
|
101
|
+
|
72
102
|
@property
|
73
103
|
@pulumi.getter
|
74
104
|
def name(self) -> Optional[pulumi.Input[str]]:
|
@@ -87,7 +117,7 @@ class SyncGcpDestinationArgs:
|
|
87
117
|
"""
|
88
118
|
The namespace to provision the resource in.
|
89
119
|
The value should not contain leading or trailing forward slashes.
|
90
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
120
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
91
121
|
"""
|
92
122
|
return pulumi.get(self, "namespace")
|
93
123
|
|
@@ -95,6 +125,21 @@ class SyncGcpDestinationArgs:
|
|
95
125
|
def namespace(self, value: Optional[pulumi.Input[str]]):
|
96
126
|
pulumi.set(self, "namespace", value)
|
97
127
|
|
128
|
+
@property
|
129
|
+
@pulumi.getter(name="projectId")
|
130
|
+
def project_id(self) -> Optional[pulumi.Input[str]]:
|
131
|
+
"""
|
132
|
+
The target project to manage secrets in. If set,
|
133
|
+
overrides the project ID derived from the service account JSON credentials or application
|
134
|
+
default credentials. The service account must be [authorized](https://cloud.google.com/iam/docs/service-account-overview#locations)
|
135
|
+
to perform Secret Manager actions in the target project.
|
136
|
+
"""
|
137
|
+
return pulumi.get(self, "project_id")
|
138
|
+
|
139
|
+
@project_id.setter
|
140
|
+
def project_id(self, value: Optional[pulumi.Input[str]]):
|
141
|
+
pulumi.set(self, "project_id", value)
|
142
|
+
|
98
143
|
@property
|
99
144
|
@pulumi.getter(name="secretNameTemplate")
|
100
145
|
def secret_name_template(self) -> Optional[pulumi.Input[str]]:
|
@@ -113,9 +158,11 @@ class SyncGcpDestinationArgs:
|
|
113
158
|
class _SyncGcpDestinationState:
|
114
159
|
def __init__(__self__, *,
|
115
160
|
credentials: Optional[pulumi.Input[str]] = None,
|
116
|
-
custom_tags: Optional[pulumi.Input[Mapping[str,
|
161
|
+
custom_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
162
|
+
granularity: Optional[pulumi.Input[str]] = None,
|
117
163
|
name: Optional[pulumi.Input[str]] = None,
|
118
164
|
namespace: Optional[pulumi.Input[str]] = None,
|
165
|
+
project_id: Optional[pulumi.Input[str]] = None,
|
119
166
|
secret_name_template: Optional[pulumi.Input[str]] = None,
|
120
167
|
type: Optional[pulumi.Input[str]] = None):
|
121
168
|
"""
|
@@ -123,11 +170,17 @@ class _SyncGcpDestinationState:
|
|
123
170
|
:param pulumi.Input[str] credentials: JSON-encoded credentials to use to connect to GCP.
|
124
171
|
Can be omitted and directly provided to Vault using the `GOOGLE_APPLICATION_CREDENTIALS` environment
|
125
172
|
variable.
|
126
|
-
:param pulumi.Input[Mapping[str,
|
173
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] custom_tags: Custom tags to set on the secret managed at the destination.
|
174
|
+
:param pulumi.Input[str] granularity: Determines what level of information is synced as a distinct resource
|
175
|
+
at the destination. Supports `secret-path` and `secret-key`.
|
127
176
|
:param pulumi.Input[str] name: Unique name of the GCP destination.
|
128
177
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
129
178
|
The value should not contain leading or trailing forward slashes.
|
130
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
179
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
180
|
+
:param pulumi.Input[str] project_id: The target project to manage secrets in. If set,
|
181
|
+
overrides the project ID derived from the service account JSON credentials or application
|
182
|
+
default credentials. The service account must be [authorized](https://cloud.google.com/iam/docs/service-account-overview#locations)
|
183
|
+
to perform Secret Manager actions in the target project.
|
131
184
|
:param pulumi.Input[str] secret_name_template: Template describing how to generate external secret names.
|
132
185
|
Supports a subset of the Go Template syntax.
|
133
186
|
:param pulumi.Input[str] type: The type of the secrets destination (`gcp-sm`).
|
@@ -136,10 +189,14 @@ class _SyncGcpDestinationState:
|
|
136
189
|
pulumi.set(__self__, "credentials", credentials)
|
137
190
|
if custom_tags is not None:
|
138
191
|
pulumi.set(__self__, "custom_tags", custom_tags)
|
192
|
+
if granularity is not None:
|
193
|
+
pulumi.set(__self__, "granularity", granularity)
|
139
194
|
if name is not None:
|
140
195
|
pulumi.set(__self__, "name", name)
|
141
196
|
if namespace is not None:
|
142
197
|
pulumi.set(__self__, "namespace", namespace)
|
198
|
+
if project_id is not None:
|
199
|
+
pulumi.set(__self__, "project_id", project_id)
|
143
200
|
if secret_name_template is not None:
|
144
201
|
pulumi.set(__self__, "secret_name_template", secret_name_template)
|
145
202
|
if type is not None:
|
@@ -161,16 +218,29 @@ class _SyncGcpDestinationState:
|
|
161
218
|
|
162
219
|
@property
|
163
220
|
@pulumi.getter(name="customTags")
|
164
|
-
def custom_tags(self) -> Optional[pulumi.Input[Mapping[str,
|
221
|
+
def custom_tags(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
|
165
222
|
"""
|
166
223
|
Custom tags to set on the secret managed at the destination.
|
167
224
|
"""
|
168
225
|
return pulumi.get(self, "custom_tags")
|
169
226
|
|
170
227
|
@custom_tags.setter
|
171
|
-
def custom_tags(self, value: Optional[pulumi.Input[Mapping[str,
|
228
|
+
def custom_tags(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
|
172
229
|
pulumi.set(self, "custom_tags", value)
|
173
230
|
|
231
|
+
@property
|
232
|
+
@pulumi.getter
|
233
|
+
def granularity(self) -> Optional[pulumi.Input[str]]:
|
234
|
+
"""
|
235
|
+
Determines what level of information is synced as a distinct resource
|
236
|
+
at the destination. Supports `secret-path` and `secret-key`.
|
237
|
+
"""
|
238
|
+
return pulumi.get(self, "granularity")
|
239
|
+
|
240
|
+
@granularity.setter
|
241
|
+
def granularity(self, value: Optional[pulumi.Input[str]]):
|
242
|
+
pulumi.set(self, "granularity", value)
|
243
|
+
|
174
244
|
@property
|
175
245
|
@pulumi.getter
|
176
246
|
def name(self) -> Optional[pulumi.Input[str]]:
|
@@ -189,7 +259,7 @@ class _SyncGcpDestinationState:
|
|
189
259
|
"""
|
190
260
|
The namespace to provision the resource in.
|
191
261
|
The value should not contain leading or trailing forward slashes.
|
192
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
262
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
193
263
|
"""
|
194
264
|
return pulumi.get(self, "namespace")
|
195
265
|
|
@@ -197,6 +267,21 @@ class _SyncGcpDestinationState:
|
|
197
267
|
def namespace(self, value: Optional[pulumi.Input[str]]):
|
198
268
|
pulumi.set(self, "namespace", value)
|
199
269
|
|
270
|
+
@property
|
271
|
+
@pulumi.getter(name="projectId")
|
272
|
+
def project_id(self) -> Optional[pulumi.Input[str]]:
|
273
|
+
"""
|
274
|
+
The target project to manage secrets in. If set,
|
275
|
+
overrides the project ID derived from the service account JSON credentials or application
|
276
|
+
default credentials. The service account must be [authorized](https://cloud.google.com/iam/docs/service-account-overview#locations)
|
277
|
+
to perform Secret Manager actions in the target project.
|
278
|
+
"""
|
279
|
+
return pulumi.get(self, "project_id")
|
280
|
+
|
281
|
+
@project_id.setter
|
282
|
+
def project_id(self, value: Optional[pulumi.Input[str]]):
|
283
|
+
pulumi.set(self, "project_id", value)
|
284
|
+
|
200
285
|
@property
|
201
286
|
@pulumi.getter(name="secretNameTemplate")
|
202
287
|
def secret_name_template(self) -> Optional[pulumi.Input[str]]:
|
@@ -229,9 +314,11 @@ class SyncGcpDestination(pulumi.CustomResource):
|
|
229
314
|
resource_name: str,
|
230
315
|
opts: Optional[pulumi.ResourceOptions] = None,
|
231
316
|
credentials: Optional[pulumi.Input[str]] = None,
|
232
|
-
custom_tags: Optional[pulumi.Input[Mapping[str,
|
317
|
+
custom_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
318
|
+
granularity: Optional[pulumi.Input[str]] = None,
|
233
319
|
name: Optional[pulumi.Input[str]] = None,
|
234
320
|
namespace: Optional[pulumi.Input[str]] = None,
|
321
|
+
project_id: Optional[pulumi.Input[str]] = None,
|
235
322
|
secret_name_template: Optional[pulumi.Input[str]] = None,
|
236
323
|
__props__=None):
|
237
324
|
"""
|
@@ -239,10 +326,13 @@ class SyncGcpDestination(pulumi.CustomResource):
|
|
239
326
|
|
240
327
|
```python
|
241
328
|
import pulumi
|
329
|
+
import pulumi_std as std
|
242
330
|
import pulumi_vault as vault
|
243
331
|
|
244
332
|
gcp = vault.secrets.SyncGcpDestination("gcp",
|
245
|
-
|
333
|
+
name="gcp-dest",
|
334
|
+
project_id="gcp-project-id",
|
335
|
+
credentials=std.file(input=credentials_file).result,
|
246
336
|
secret_name_template="vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}",
|
247
337
|
custom_tags={
|
248
338
|
"foo": "bar",
|
@@ -254,7 +344,7 @@ class SyncGcpDestination(pulumi.CustomResource):
|
|
254
344
|
GCP Secrets sync destinations can be imported using the `name`, e.g.
|
255
345
|
|
256
346
|
```sh
|
257
|
-
|
347
|
+
$ pulumi import vault:secrets/syncGcpDestination:SyncGcpDestination gcp gcp-dest
|
258
348
|
```
|
259
349
|
|
260
350
|
:param str resource_name: The name of the resource.
|
@@ -262,11 +352,17 @@ class SyncGcpDestination(pulumi.CustomResource):
|
|
262
352
|
:param pulumi.Input[str] credentials: JSON-encoded credentials to use to connect to GCP.
|
263
353
|
Can be omitted and directly provided to Vault using the `GOOGLE_APPLICATION_CREDENTIALS` environment
|
264
354
|
variable.
|
265
|
-
:param pulumi.Input[Mapping[str,
|
355
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] custom_tags: Custom tags to set on the secret managed at the destination.
|
356
|
+
:param pulumi.Input[str] granularity: Determines what level of information is synced as a distinct resource
|
357
|
+
at the destination. Supports `secret-path` and `secret-key`.
|
266
358
|
:param pulumi.Input[str] name: Unique name of the GCP destination.
|
267
359
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
268
360
|
The value should not contain leading or trailing forward slashes.
|
269
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
361
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
362
|
+
:param pulumi.Input[str] project_id: The target project to manage secrets in. If set,
|
363
|
+
overrides the project ID derived from the service account JSON credentials or application
|
364
|
+
default credentials. The service account must be [authorized](https://cloud.google.com/iam/docs/service-account-overview#locations)
|
365
|
+
to perform Secret Manager actions in the target project.
|
270
366
|
:param pulumi.Input[str] secret_name_template: Template describing how to generate external secret names.
|
271
367
|
Supports a subset of the Go Template syntax.
|
272
368
|
"""
|
@@ -281,10 +377,13 @@ class SyncGcpDestination(pulumi.CustomResource):
|
|
281
377
|
|
282
378
|
```python
|
283
379
|
import pulumi
|
380
|
+
import pulumi_std as std
|
284
381
|
import pulumi_vault as vault
|
285
382
|
|
286
383
|
gcp = vault.secrets.SyncGcpDestination("gcp",
|
287
|
-
|
384
|
+
name="gcp-dest",
|
385
|
+
project_id="gcp-project-id",
|
386
|
+
credentials=std.file(input=credentials_file).result,
|
288
387
|
secret_name_template="vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}",
|
289
388
|
custom_tags={
|
290
389
|
"foo": "bar",
|
@@ -296,7 +395,7 @@ class SyncGcpDestination(pulumi.CustomResource):
|
|
296
395
|
GCP Secrets sync destinations can be imported using the `name`, e.g.
|
297
396
|
|
298
397
|
```sh
|
299
|
-
|
398
|
+
$ pulumi import vault:secrets/syncGcpDestination:SyncGcpDestination gcp gcp-dest
|
300
399
|
```
|
301
400
|
|
302
401
|
:param str resource_name: The name of the resource.
|
@@ -315,9 +414,11 @@ class SyncGcpDestination(pulumi.CustomResource):
|
|
315
414
|
resource_name: str,
|
316
415
|
opts: Optional[pulumi.ResourceOptions] = None,
|
317
416
|
credentials: Optional[pulumi.Input[str]] = None,
|
318
|
-
custom_tags: Optional[pulumi.Input[Mapping[str,
|
417
|
+
custom_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
418
|
+
granularity: Optional[pulumi.Input[str]] = None,
|
319
419
|
name: Optional[pulumi.Input[str]] = None,
|
320
420
|
namespace: Optional[pulumi.Input[str]] = None,
|
421
|
+
project_id: Optional[pulumi.Input[str]] = None,
|
321
422
|
secret_name_template: Optional[pulumi.Input[str]] = None,
|
322
423
|
__props__=None):
|
323
424
|
opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
|
@@ -330,8 +431,10 @@ class SyncGcpDestination(pulumi.CustomResource):
|
|
330
431
|
|
331
432
|
__props__.__dict__["credentials"] = None if credentials is None else pulumi.Output.secret(credentials)
|
332
433
|
__props__.__dict__["custom_tags"] = custom_tags
|
434
|
+
__props__.__dict__["granularity"] = granularity
|
333
435
|
__props__.__dict__["name"] = name
|
334
436
|
__props__.__dict__["namespace"] = namespace
|
437
|
+
__props__.__dict__["project_id"] = project_id
|
335
438
|
__props__.__dict__["secret_name_template"] = secret_name_template
|
336
439
|
__props__.__dict__["type"] = None
|
337
440
|
secret_opts = pulumi.ResourceOptions(additional_secret_outputs=["credentials"])
|
@@ -347,9 +450,11 @@ class SyncGcpDestination(pulumi.CustomResource):
|
|
347
450
|
id: pulumi.Input[str],
|
348
451
|
opts: Optional[pulumi.ResourceOptions] = None,
|
349
452
|
credentials: Optional[pulumi.Input[str]] = None,
|
350
|
-
custom_tags: Optional[pulumi.Input[Mapping[str,
|
453
|
+
custom_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
454
|
+
granularity: Optional[pulumi.Input[str]] = None,
|
351
455
|
name: Optional[pulumi.Input[str]] = None,
|
352
456
|
namespace: Optional[pulumi.Input[str]] = None,
|
457
|
+
project_id: Optional[pulumi.Input[str]] = None,
|
353
458
|
secret_name_template: Optional[pulumi.Input[str]] = None,
|
354
459
|
type: Optional[pulumi.Input[str]] = None) -> 'SyncGcpDestination':
|
355
460
|
"""
|
@@ -362,11 +467,17 @@ class SyncGcpDestination(pulumi.CustomResource):
|
|
362
467
|
:param pulumi.Input[str] credentials: JSON-encoded credentials to use to connect to GCP.
|
363
468
|
Can be omitted and directly provided to Vault using the `GOOGLE_APPLICATION_CREDENTIALS` environment
|
364
469
|
variable.
|
365
|
-
:param pulumi.Input[Mapping[str,
|
470
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] custom_tags: Custom tags to set on the secret managed at the destination.
|
471
|
+
:param pulumi.Input[str] granularity: Determines what level of information is synced as a distinct resource
|
472
|
+
at the destination. Supports `secret-path` and `secret-key`.
|
366
473
|
:param pulumi.Input[str] name: Unique name of the GCP destination.
|
367
474
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
368
475
|
The value should not contain leading or trailing forward slashes.
|
369
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
476
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
477
|
+
:param pulumi.Input[str] project_id: The target project to manage secrets in. If set,
|
478
|
+
overrides the project ID derived from the service account JSON credentials or application
|
479
|
+
default credentials. The service account must be [authorized](https://cloud.google.com/iam/docs/service-account-overview#locations)
|
480
|
+
to perform Secret Manager actions in the target project.
|
370
481
|
:param pulumi.Input[str] secret_name_template: Template describing how to generate external secret names.
|
371
482
|
Supports a subset of the Go Template syntax.
|
372
483
|
:param pulumi.Input[str] type: The type of the secrets destination (`gcp-sm`).
|
@@ -377,8 +488,10 @@ class SyncGcpDestination(pulumi.CustomResource):
|
|
377
488
|
|
378
489
|
__props__.__dict__["credentials"] = credentials
|
379
490
|
__props__.__dict__["custom_tags"] = custom_tags
|
491
|
+
__props__.__dict__["granularity"] = granularity
|
380
492
|
__props__.__dict__["name"] = name
|
381
493
|
__props__.__dict__["namespace"] = namespace
|
494
|
+
__props__.__dict__["project_id"] = project_id
|
382
495
|
__props__.__dict__["secret_name_template"] = secret_name_template
|
383
496
|
__props__.__dict__["type"] = type
|
384
497
|
return SyncGcpDestination(resource_name, opts=opts, __props__=__props__)
|
@@ -395,12 +508,21 @@ class SyncGcpDestination(pulumi.CustomResource):
|
|
395
508
|
|
396
509
|
@property
|
397
510
|
@pulumi.getter(name="customTags")
|
398
|
-
def custom_tags(self) -> pulumi.Output[Optional[Mapping[str,
|
511
|
+
def custom_tags(self) -> pulumi.Output[Optional[Mapping[str, str]]]:
|
399
512
|
"""
|
400
513
|
Custom tags to set on the secret managed at the destination.
|
401
514
|
"""
|
402
515
|
return pulumi.get(self, "custom_tags")
|
403
516
|
|
517
|
+
@property
|
518
|
+
@pulumi.getter
|
519
|
+
def granularity(self) -> pulumi.Output[Optional[str]]:
|
520
|
+
"""
|
521
|
+
Determines what level of information is synced as a distinct resource
|
522
|
+
at the destination. Supports `secret-path` and `secret-key`.
|
523
|
+
"""
|
524
|
+
return pulumi.get(self, "granularity")
|
525
|
+
|
404
526
|
@property
|
405
527
|
@pulumi.getter
|
406
528
|
def name(self) -> pulumi.Output[str]:
|
@@ -415,10 +537,21 @@ class SyncGcpDestination(pulumi.CustomResource):
|
|
415
537
|
"""
|
416
538
|
The namespace to provision the resource in.
|
417
539
|
The value should not contain leading or trailing forward slashes.
|
418
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
540
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
419
541
|
"""
|
420
542
|
return pulumi.get(self, "namespace")
|
421
543
|
|
544
|
+
@property
|
545
|
+
@pulumi.getter(name="projectId")
|
546
|
+
def project_id(self) -> pulumi.Output[Optional[str]]:
|
547
|
+
"""
|
548
|
+
The target project to manage secrets in. If set,
|
549
|
+
overrides the project ID derived from the service account JSON credentials or application
|
550
|
+
default credentials. The service account must be [authorized](https://cloud.google.com/iam/docs/service-account-overview#locations)
|
551
|
+
to perform Secret Manager actions in the target project.
|
552
|
+
"""
|
553
|
+
return pulumi.get(self, "project_id")
|
554
|
+
|
422
555
|
@property
|
423
556
|
@pulumi.getter(name="secretNameTemplate")
|
424
557
|
def secret_name_template(self) -> pulumi.Output[str]:
|