pulumi-vault 5.21.0a1709368526__py3-none-any.whl → 6.5.0a1736836139__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +52 -0
- pulumi_vault/_inputs.py +560 -0
- pulumi_vault/_utilities.py +41 -5
- pulumi_vault/ad/get_access_credentials.py +26 -9
- pulumi_vault/ad/secret_backend.py +16 -142
- pulumi_vault/ad/secret_library.py +16 -9
- pulumi_vault/ad/secret_role.py +14 -9
- pulumi_vault/alicloud/auth_backend_role.py +76 -190
- pulumi_vault/approle/auth_backend_login.py +12 -7
- pulumi_vault/approle/auth_backend_role.py +77 -191
- pulumi_vault/approle/auth_backend_role_secret_id.py +106 -7
- pulumi_vault/approle/get_auth_backend_role_id.py +18 -5
- pulumi_vault/audit.py +30 -21
- pulumi_vault/audit_request_header.py +11 -2
- pulumi_vault/auth_backend.py +66 -14
- pulumi_vault/aws/auth_backend_cert.py +18 -9
- pulumi_vault/aws/auth_backend_client.py +267 -22
- pulumi_vault/aws/auth_backend_config_identity.py +14 -9
- pulumi_vault/aws/auth_backend_identity_whitelist.py +20 -15
- pulumi_vault/aws/auth_backend_login.py +19 -22
- pulumi_vault/aws/auth_backend_role.py +77 -191
- pulumi_vault/aws/auth_backend_role_tag.py +12 -7
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -13
- pulumi_vault/aws/auth_backend_sts_role.py +14 -9
- pulumi_vault/aws/get_access_credentials.py +38 -9
- pulumi_vault/aws/get_static_access_credentials.py +19 -5
- pulumi_vault/aws/secret_backend.py +77 -9
- pulumi_vault/aws/secret_backend_role.py +185 -9
- pulumi_vault/aws/secret_backend_static_role.py +20 -11
- pulumi_vault/azure/_inputs.py +24 -0
- pulumi_vault/azure/auth_backend_config.py +153 -15
- pulumi_vault/azure/auth_backend_role.py +77 -191
- pulumi_vault/azure/backend.py +227 -21
- pulumi_vault/azure/backend_role.py +42 -37
- pulumi_vault/azure/get_access_credentials.py +41 -7
- pulumi_vault/azure/outputs.py +5 -0
- pulumi_vault/cert_auth_backend_role.py +87 -267
- pulumi_vault/config/__init__.pyi +5 -0
- pulumi_vault/config/_inputs.py +73 -0
- pulumi_vault/config/outputs.py +35 -0
- pulumi_vault/config/ui_custom_message.py +529 -0
- pulumi_vault/config/vars.py +5 -0
- pulumi_vault/consul/secret_backend.py +28 -19
- pulumi_vault/consul/secret_backend_role.py +18 -78
- pulumi_vault/database/_inputs.py +2770 -881
- pulumi_vault/database/outputs.py +721 -838
- pulumi_vault/database/secret_backend_connection.py +119 -112
- pulumi_vault/database/secret_backend_role.py +31 -22
- pulumi_vault/database/secret_backend_static_role.py +87 -13
- pulumi_vault/database/secrets_mount.py +427 -136
- pulumi_vault/egp_policy.py +16 -11
- pulumi_vault/gcp/_inputs.py +111 -0
- pulumi_vault/gcp/auth_backend.py +250 -33
- pulumi_vault/gcp/auth_backend_role.py +77 -269
- pulumi_vault/gcp/get_auth_backend_role.py +43 -5
- pulumi_vault/gcp/outputs.py +5 -0
- pulumi_vault/gcp/secret_backend.py +287 -12
- pulumi_vault/gcp/secret_impersonated_account.py +76 -15
- pulumi_vault/gcp/secret_roleset.py +31 -24
- pulumi_vault/gcp/secret_static_account.py +39 -32
- pulumi_vault/generic/endpoint.py +24 -17
- pulumi_vault/generic/get_secret.py +64 -8
- pulumi_vault/generic/secret.py +21 -16
- pulumi_vault/get_auth_backend.py +24 -7
- pulumi_vault/get_auth_backends.py +51 -9
- pulumi_vault/get_namespace.py +226 -0
- pulumi_vault/get_namespaces.py +153 -0
- pulumi_vault/get_nomad_access_token.py +31 -11
- pulumi_vault/get_policy_document.py +34 -19
- pulumi_vault/get_raft_autopilot_state.py +29 -10
- pulumi_vault/github/_inputs.py +55 -0
- pulumi_vault/github/auth_backend.py +19 -14
- pulumi_vault/github/outputs.py +5 -0
- pulumi_vault/github/team.py +16 -11
- pulumi_vault/github/user.py +16 -11
- pulumi_vault/identity/entity.py +20 -13
- pulumi_vault/identity/entity_alias.py +20 -13
- pulumi_vault/identity/entity_policies.py +28 -11
- pulumi_vault/identity/get_entity.py +42 -10
- pulumi_vault/identity/get_group.py +47 -9
- pulumi_vault/identity/get_oidc_client_creds.py +21 -7
- pulumi_vault/identity/get_oidc_openid_config.py +39 -9
- pulumi_vault/identity/get_oidc_public_keys.py +29 -10
- pulumi_vault/identity/group.py +58 -39
- pulumi_vault/identity/group_alias.py +16 -9
- pulumi_vault/identity/group_member_entity_ids.py +28 -66
- pulumi_vault/identity/group_member_group_ids.py +40 -19
- pulumi_vault/identity/group_policies.py +20 -7
- pulumi_vault/identity/mfa_duo.py +11 -6
- pulumi_vault/identity/mfa_login_enforcement.py +15 -6
- pulumi_vault/identity/mfa_okta.py +11 -6
- pulumi_vault/identity/mfa_pingid.py +7 -2
- pulumi_vault/identity/mfa_totp.py +7 -2
- pulumi_vault/identity/oidc.py +12 -7
- pulumi_vault/identity/oidc_assignment.py +24 -11
- pulumi_vault/identity/oidc_client.py +36 -23
- pulumi_vault/identity/oidc_key.py +30 -17
- pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -15
- pulumi_vault/identity/oidc_provider.py +36 -21
- pulumi_vault/identity/oidc_role.py +42 -21
- pulumi_vault/identity/oidc_scope.py +20 -13
- pulumi_vault/identity/outputs.py +8 -3
- pulumi_vault/jwt/_inputs.py +55 -0
- pulumi_vault/jwt/auth_backend.py +45 -40
- pulumi_vault/jwt/auth_backend_role.py +133 -254
- pulumi_vault/jwt/outputs.py +5 -0
- pulumi_vault/kmip/secret_backend.py +24 -19
- pulumi_vault/kmip/secret_role.py +14 -9
- pulumi_vault/kmip/secret_scope.py +14 -9
- pulumi_vault/kubernetes/auth_backend_config.py +57 -5
- pulumi_vault/kubernetes/auth_backend_role.py +70 -177
- pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
- pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
- pulumi_vault/kubernetes/get_service_account_token.py +39 -11
- pulumi_vault/kubernetes/secret_backend.py +316 -27
- pulumi_vault/kubernetes/secret_backend_role.py +137 -46
- pulumi_vault/kv/_inputs.py +36 -4
- pulumi_vault/kv/get_secret.py +25 -8
- pulumi_vault/kv/get_secret_subkeys_v2.py +33 -10
- pulumi_vault/kv/get_secret_v2.py +85 -9
- pulumi_vault/kv/get_secrets_list.py +24 -11
- pulumi_vault/kv/get_secrets_list_v2.py +37 -15
- pulumi_vault/kv/outputs.py +8 -3
- pulumi_vault/kv/secret.py +23 -16
- pulumi_vault/kv/secret_backend_v2.py +20 -11
- pulumi_vault/kv/secret_v2.py +59 -50
- pulumi_vault/ldap/auth_backend.py +127 -166
- pulumi_vault/ldap/auth_backend_group.py +14 -9
- pulumi_vault/ldap/auth_backend_user.py +14 -9
- pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
- pulumi_vault/ldap/get_static_credentials.py +24 -5
- pulumi_vault/ldap/secret_backend.py +354 -82
- pulumi_vault/ldap/secret_backend_dynamic_role.py +18 -11
- pulumi_vault/ldap/secret_backend_library_set.py +16 -9
- pulumi_vault/ldap/secret_backend_static_role.py +73 -12
- pulumi_vault/managed/_inputs.py +289 -132
- pulumi_vault/managed/keys.py +29 -57
- pulumi_vault/managed/outputs.py +89 -132
- pulumi_vault/mfa_duo.py +18 -11
- pulumi_vault/mfa_okta.py +18 -11
- pulumi_vault/mfa_pingid.py +18 -11
- pulumi_vault/mfa_totp.py +24 -17
- pulumi_vault/mongodbatlas/secret_backend.py +20 -15
- pulumi_vault/mongodbatlas/secret_role.py +47 -38
- pulumi_vault/mount.py +391 -51
- pulumi_vault/namespace.py +68 -83
- pulumi_vault/nomad_secret_backend.py +18 -13
- pulumi_vault/nomad_secret_role.py +14 -9
- pulumi_vault/okta/_inputs.py +47 -8
- pulumi_vault/okta/auth_backend.py +485 -39
- pulumi_vault/okta/auth_backend_group.py +14 -9
- pulumi_vault/okta/auth_backend_user.py +14 -9
- pulumi_vault/okta/outputs.py +13 -8
- pulumi_vault/outputs.py +5 -0
- pulumi_vault/password_policy.py +20 -13
- pulumi_vault/pkisecret/__init__.py +3 -0
- pulumi_vault/pkisecret/_inputs.py +81 -0
- pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
- pulumi_vault/pkisecret/backend_config_est.py +619 -0
- pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
- pulumi_vault/pkisecret/get_backend_issuer.py +67 -9
- pulumi_vault/pkisecret/get_backend_issuers.py +21 -8
- pulumi_vault/pkisecret/get_backend_key.py +24 -9
- pulumi_vault/pkisecret/get_backend_keys.py +21 -8
- pulumi_vault/pkisecret/outputs.py +69 -0
- pulumi_vault/pkisecret/secret_backend_cert.py +18 -11
- pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -11
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +14 -9
- pulumi_vault/pkisecret/secret_backend_config_urls.py +67 -11
- pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -9
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -11
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -17
- pulumi_vault/pkisecret/secret_backend_issuer.py +14 -9
- pulumi_vault/pkisecret/secret_backend_key.py +14 -9
- pulumi_vault/pkisecret/secret_backend_role.py +21 -14
- pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -48
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -56
- pulumi_vault/pkisecret/secret_backend_sign.py +18 -54
- pulumi_vault/plugin.py +595 -0
- pulumi_vault/plugin_pinned_version.py +298 -0
- pulumi_vault/policy.py +14 -9
- pulumi_vault/provider.py +48 -53
- pulumi_vault/pulumi-plugin.json +2 -1
- pulumi_vault/quota_lease_count.py +60 -6
- pulumi_vault/quota_rate_limit.py +56 -2
- pulumi_vault/rabbitmq/_inputs.py +61 -0
- pulumi_vault/rabbitmq/outputs.py +5 -0
- pulumi_vault/rabbitmq/secret_backend.py +18 -13
- pulumi_vault/rabbitmq/secret_backend_role.py +54 -47
- pulumi_vault/raft_autopilot.py +14 -9
- pulumi_vault/raft_snapshot_agent_config.py +129 -224
- pulumi_vault/rgp_policy.py +14 -9
- pulumi_vault/saml/auth_backend.py +22 -17
- pulumi_vault/saml/auth_backend_role.py +92 -197
- pulumi_vault/secrets/__init__.py +3 -0
- pulumi_vault/secrets/_inputs.py +110 -0
- pulumi_vault/secrets/outputs.py +94 -0
- pulumi_vault/secrets/sync_association.py +56 -71
- pulumi_vault/secrets/sync_aws_destination.py +242 -27
- pulumi_vault/secrets/sync_azure_destination.py +92 -31
- pulumi_vault/secrets/sync_config.py +9 -4
- pulumi_vault/secrets/sync_gcp_destination.py +158 -25
- pulumi_vault/secrets/sync_gh_destination.py +189 -13
- pulumi_vault/secrets/sync_github_apps.py +375 -0
- pulumi_vault/secrets/sync_vercel_destination.py +74 -13
- pulumi_vault/ssh/_inputs.py +28 -28
- pulumi_vault/ssh/outputs.py +11 -28
- pulumi_vault/ssh/secret_backend_ca.py +108 -9
- pulumi_vault/ssh/secret_backend_role.py +85 -118
- pulumi_vault/terraformcloud/secret_backend.py +7 -54
- pulumi_vault/terraformcloud/secret_creds.py +14 -20
- pulumi_vault/terraformcloud/secret_role.py +16 -74
- pulumi_vault/token.py +28 -23
- pulumi_vault/tokenauth/auth_backend_role.py +78 -199
- pulumi_vault/transform/alphabet.py +16 -9
- pulumi_vault/transform/get_decode.py +45 -17
- pulumi_vault/transform/get_encode.py +45 -17
- pulumi_vault/transform/role.py +16 -9
- pulumi_vault/transform/template.py +30 -21
- pulumi_vault/transform/transformation.py +12 -7
- pulumi_vault/transit/get_decrypt.py +26 -21
- pulumi_vault/transit/get_encrypt.py +24 -19
- pulumi_vault/transit/secret_backend_key.py +27 -93
- pulumi_vault/transit/secret_cache_config.py +12 -7
- {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/METADATA +8 -7
- pulumi_vault-6.5.0a1736836139.dist-info/RECORD +256 -0
- {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/WHEEL +1 -1
- pulumi_vault-5.21.0a1709368526.dist-info/RECORD +0 -244
- {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/top_level.txt +0 -0
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
from . import outputs
|
12
17
|
from ._inputs import *
|
@@ -20,6 +25,7 @@ class SecretBackendRoleArgs:
|
|
20
25
|
key_type: pulumi.Input[str],
|
21
26
|
algorithm_signer: Optional[pulumi.Input[str]] = None,
|
22
27
|
allow_bare_domains: Optional[pulumi.Input[bool]] = None,
|
28
|
+
allow_empty_principals: Optional[pulumi.Input[bool]] = None,
|
23
29
|
allow_host_certificates: Optional[pulumi.Input[bool]] = None,
|
24
30
|
allow_subdomains: Optional[pulumi.Input[bool]] = None,
|
25
31
|
allow_user_certificates: Optional[pulumi.Input[bool]] = None,
|
@@ -29,12 +35,11 @@ class SecretBackendRoleArgs:
|
|
29
35
|
allowed_domains_template: Optional[pulumi.Input[bool]] = None,
|
30
36
|
allowed_extensions: Optional[pulumi.Input[str]] = None,
|
31
37
|
allowed_user_key_configs: Optional[pulumi.Input[Sequence[pulumi.Input['SecretBackendRoleAllowedUserKeyConfigArgs']]]] = None,
|
32
|
-
allowed_user_key_lengths: Optional[pulumi.Input[Mapping[str, pulumi.Input[int]]]] = None,
|
33
38
|
allowed_users: Optional[pulumi.Input[str]] = None,
|
34
39
|
allowed_users_template: Optional[pulumi.Input[bool]] = None,
|
35
40
|
cidr_list: Optional[pulumi.Input[str]] = None,
|
36
|
-
default_critical_options: Optional[pulumi.Input[Mapping[str,
|
37
|
-
default_extensions: Optional[pulumi.Input[Mapping[str,
|
41
|
+
default_critical_options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
42
|
+
default_extensions: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
38
43
|
default_user: Optional[pulumi.Input[str]] = None,
|
39
44
|
default_user_template: Optional[pulumi.Input[bool]] = None,
|
40
45
|
key_id_format: Optional[pulumi.Input[str]] = None,
|
@@ -61,14 +66,11 @@ class SecretBackendRoleArgs:
|
|
61
66
|
:param pulumi.Input[Sequence[pulumi.Input['SecretBackendRoleAllowedUserKeyConfigArgs']]] allowed_user_key_configs: Set of configuration blocks to define allowed
|
62
67
|
user key configuration, like key type and their lengths. Can be specified multiple times.
|
63
68
|
*See Configuration-Options for more info*
|
64
|
-
:param pulumi.Input[Mapping[str, pulumi.Input[int]]] allowed_user_key_lengths: Specifies a map of ssh key types and their expected sizes which
|
65
|
-
are allowed to be signed by the CA type.
|
66
|
-
*Deprecated: use* allowed_user_key_config *instead*
|
67
69
|
:param pulumi.Input[str] allowed_users: Specifies a comma-separated list of usernames that are to be allowed, only if certain usernames are to be allowed.
|
68
70
|
:param pulumi.Input[bool] allowed_users_template: Specifies if `allowed_users` can be declared using identity template policies. Non-templated users are also permitted.
|
69
71
|
:param pulumi.Input[str] cidr_list: The comma-separated string of CIDR blocks for which this role is applicable.
|
70
|
-
:param pulumi.Input[Mapping[str,
|
71
|
-
:param pulumi.Input[Mapping[str,
|
72
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] default_critical_options: Specifies a map of critical options that certificates have when signed.
|
73
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] default_extensions: Specifies a map of extensions that certificates have when signed.
|
72
74
|
:param pulumi.Input[str] default_user: Specifies the default username for which a credential will be generated.
|
73
75
|
:param pulumi.Input[bool] default_user_template: If set, `default_users` can be specified using identity template values. A non-templated user is also permitted.
|
74
76
|
:param pulumi.Input[str] key_id_format: Specifies a custom format for the key id of a signed certificate.
|
@@ -76,7 +78,7 @@ class SecretBackendRoleArgs:
|
|
76
78
|
:param pulumi.Input[str] name: Specifies the name of the role to create.
|
77
79
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
78
80
|
The value should not contain leading or trailing forward slashes.
|
79
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
81
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
80
82
|
*Available only for Vault Enterprise*.
|
81
83
|
:param pulumi.Input[str] not_before_duration: Specifies the duration by which to backdate the ValidAfter property. Uses duration format strings.
|
82
84
|
:param pulumi.Input[str] ttl: Specifies the Time To Live value.
|
@@ -87,6 +89,8 @@ class SecretBackendRoleArgs:
|
|
87
89
|
pulumi.set(__self__, "algorithm_signer", algorithm_signer)
|
88
90
|
if allow_bare_domains is not None:
|
89
91
|
pulumi.set(__self__, "allow_bare_domains", allow_bare_domains)
|
92
|
+
if allow_empty_principals is not None:
|
93
|
+
pulumi.set(__self__, "allow_empty_principals", allow_empty_principals)
|
90
94
|
if allow_host_certificates is not None:
|
91
95
|
pulumi.set(__self__, "allow_host_certificates", allow_host_certificates)
|
92
96
|
if allow_subdomains is not None:
|
@@ -105,11 +109,6 @@ class SecretBackendRoleArgs:
|
|
105
109
|
pulumi.set(__self__, "allowed_extensions", allowed_extensions)
|
106
110
|
if allowed_user_key_configs is not None:
|
107
111
|
pulumi.set(__self__, "allowed_user_key_configs", allowed_user_key_configs)
|
108
|
-
if allowed_user_key_lengths is not None:
|
109
|
-
warnings.warn("""Set in allowed_user_key_config""", DeprecationWarning)
|
110
|
-
pulumi.log.warn("""allowed_user_key_lengths is deprecated: Set in allowed_user_key_config""")
|
111
|
-
if allowed_user_key_lengths is not None:
|
112
|
-
pulumi.set(__self__, "allowed_user_key_lengths", allowed_user_key_lengths)
|
113
112
|
if allowed_users is not None:
|
114
113
|
pulumi.set(__self__, "allowed_users", allowed_users)
|
115
114
|
if allowed_users_template is not None:
|
@@ -185,6 +184,15 @@ class SecretBackendRoleArgs:
|
|
185
184
|
def allow_bare_domains(self, value: Optional[pulumi.Input[bool]]):
|
186
185
|
pulumi.set(self, "allow_bare_domains", value)
|
187
186
|
|
187
|
+
@property
|
188
|
+
@pulumi.getter(name="allowEmptyPrincipals")
|
189
|
+
def allow_empty_principals(self) -> Optional[pulumi.Input[bool]]:
|
190
|
+
return pulumi.get(self, "allow_empty_principals")
|
191
|
+
|
192
|
+
@allow_empty_principals.setter
|
193
|
+
def allow_empty_principals(self, value: Optional[pulumi.Input[bool]]):
|
194
|
+
pulumi.set(self, "allow_empty_principals", value)
|
195
|
+
|
188
196
|
@property
|
189
197
|
@pulumi.getter(name="allowHostCertificates")
|
190
198
|
def allow_host_certificates(self) -> Optional[pulumi.Input[bool]]:
|
@@ -296,23 +304,6 @@ class SecretBackendRoleArgs:
|
|
296
304
|
def allowed_user_key_configs(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['SecretBackendRoleAllowedUserKeyConfigArgs']]]]):
|
297
305
|
pulumi.set(self, "allowed_user_key_configs", value)
|
298
306
|
|
299
|
-
@property
|
300
|
-
@pulumi.getter(name="allowedUserKeyLengths")
|
301
|
-
def allowed_user_key_lengths(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[int]]]]:
|
302
|
-
"""
|
303
|
-
Specifies a map of ssh key types and their expected sizes which
|
304
|
-
are allowed to be signed by the CA type.
|
305
|
-
*Deprecated: use* allowed_user_key_config *instead*
|
306
|
-
"""
|
307
|
-
warnings.warn("""Set in allowed_user_key_config""", DeprecationWarning)
|
308
|
-
pulumi.log.warn("""allowed_user_key_lengths is deprecated: Set in allowed_user_key_config""")
|
309
|
-
|
310
|
-
return pulumi.get(self, "allowed_user_key_lengths")
|
311
|
-
|
312
|
-
@allowed_user_key_lengths.setter
|
313
|
-
def allowed_user_key_lengths(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[int]]]]):
|
314
|
-
pulumi.set(self, "allowed_user_key_lengths", value)
|
315
|
-
|
316
307
|
@property
|
317
308
|
@pulumi.getter(name="allowedUsers")
|
318
309
|
def allowed_users(self) -> Optional[pulumi.Input[str]]:
|
@@ -351,26 +342,26 @@ class SecretBackendRoleArgs:
|
|
351
342
|
|
352
343
|
@property
|
353
344
|
@pulumi.getter(name="defaultCriticalOptions")
|
354
|
-
def default_critical_options(self) -> Optional[pulumi.Input[Mapping[str,
|
345
|
+
def default_critical_options(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
|
355
346
|
"""
|
356
347
|
Specifies a map of critical options that certificates have when signed.
|
357
348
|
"""
|
358
349
|
return pulumi.get(self, "default_critical_options")
|
359
350
|
|
360
351
|
@default_critical_options.setter
|
361
|
-
def default_critical_options(self, value: Optional[pulumi.Input[Mapping[str,
|
352
|
+
def default_critical_options(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
|
362
353
|
pulumi.set(self, "default_critical_options", value)
|
363
354
|
|
364
355
|
@property
|
365
356
|
@pulumi.getter(name="defaultExtensions")
|
366
|
-
def default_extensions(self) -> Optional[pulumi.Input[Mapping[str,
|
357
|
+
def default_extensions(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
|
367
358
|
"""
|
368
359
|
Specifies a map of extensions that certificates have when signed.
|
369
360
|
"""
|
370
361
|
return pulumi.get(self, "default_extensions")
|
371
362
|
|
372
363
|
@default_extensions.setter
|
373
|
-
def default_extensions(self, value: Optional[pulumi.Input[Mapping[str,
|
364
|
+
def default_extensions(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
|
374
365
|
pulumi.set(self, "default_extensions", value)
|
375
366
|
|
376
367
|
@property
|
@@ -439,7 +430,7 @@ class SecretBackendRoleArgs:
|
|
439
430
|
"""
|
440
431
|
The namespace to provision the resource in.
|
441
432
|
The value should not contain leading or trailing forward slashes.
|
442
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
433
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
443
434
|
*Available only for Vault Enterprise*.
|
444
435
|
"""
|
445
436
|
return pulumi.get(self, "namespace")
|
@@ -478,6 +469,7 @@ class _SecretBackendRoleState:
|
|
478
469
|
def __init__(__self__, *,
|
479
470
|
algorithm_signer: Optional[pulumi.Input[str]] = None,
|
480
471
|
allow_bare_domains: Optional[pulumi.Input[bool]] = None,
|
472
|
+
allow_empty_principals: Optional[pulumi.Input[bool]] = None,
|
481
473
|
allow_host_certificates: Optional[pulumi.Input[bool]] = None,
|
482
474
|
allow_subdomains: Optional[pulumi.Input[bool]] = None,
|
483
475
|
allow_user_certificates: Optional[pulumi.Input[bool]] = None,
|
@@ -487,13 +479,12 @@ class _SecretBackendRoleState:
|
|
487
479
|
allowed_domains_template: Optional[pulumi.Input[bool]] = None,
|
488
480
|
allowed_extensions: Optional[pulumi.Input[str]] = None,
|
489
481
|
allowed_user_key_configs: Optional[pulumi.Input[Sequence[pulumi.Input['SecretBackendRoleAllowedUserKeyConfigArgs']]]] = None,
|
490
|
-
allowed_user_key_lengths: Optional[pulumi.Input[Mapping[str, pulumi.Input[int]]]] = None,
|
491
482
|
allowed_users: Optional[pulumi.Input[str]] = None,
|
492
483
|
allowed_users_template: Optional[pulumi.Input[bool]] = None,
|
493
484
|
backend: Optional[pulumi.Input[str]] = None,
|
494
485
|
cidr_list: Optional[pulumi.Input[str]] = None,
|
495
|
-
default_critical_options: Optional[pulumi.Input[Mapping[str,
|
496
|
-
default_extensions: Optional[pulumi.Input[Mapping[str,
|
486
|
+
default_critical_options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
487
|
+
default_extensions: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
497
488
|
default_user: Optional[pulumi.Input[str]] = None,
|
498
489
|
default_user_template: Optional[pulumi.Input[bool]] = None,
|
499
490
|
key_id_format: Optional[pulumi.Input[str]] = None,
|
@@ -519,15 +510,12 @@ class _SecretBackendRoleState:
|
|
519
510
|
:param pulumi.Input[Sequence[pulumi.Input['SecretBackendRoleAllowedUserKeyConfigArgs']]] allowed_user_key_configs: Set of configuration blocks to define allowed
|
520
511
|
user key configuration, like key type and their lengths. Can be specified multiple times.
|
521
512
|
*See Configuration-Options for more info*
|
522
|
-
:param pulumi.Input[Mapping[str, pulumi.Input[int]]] allowed_user_key_lengths: Specifies a map of ssh key types and their expected sizes which
|
523
|
-
are allowed to be signed by the CA type.
|
524
|
-
*Deprecated: use* allowed_user_key_config *instead*
|
525
513
|
:param pulumi.Input[str] allowed_users: Specifies a comma-separated list of usernames that are to be allowed, only if certain usernames are to be allowed.
|
526
514
|
:param pulumi.Input[bool] allowed_users_template: Specifies if `allowed_users` can be declared using identity template policies. Non-templated users are also permitted.
|
527
515
|
:param pulumi.Input[str] backend: The path where the SSH secret backend is mounted.
|
528
516
|
:param pulumi.Input[str] cidr_list: The comma-separated string of CIDR blocks for which this role is applicable.
|
529
|
-
:param pulumi.Input[Mapping[str,
|
530
|
-
:param pulumi.Input[Mapping[str,
|
517
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] default_critical_options: Specifies a map of critical options that certificates have when signed.
|
518
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] default_extensions: Specifies a map of extensions that certificates have when signed.
|
531
519
|
:param pulumi.Input[str] default_user: Specifies the default username for which a credential will be generated.
|
532
520
|
:param pulumi.Input[bool] default_user_template: If set, `default_users` can be specified using identity template values. A non-templated user is also permitted.
|
533
521
|
:param pulumi.Input[str] key_id_format: Specifies a custom format for the key id of a signed certificate.
|
@@ -536,7 +524,7 @@ class _SecretBackendRoleState:
|
|
536
524
|
:param pulumi.Input[str] name: Specifies the name of the role to create.
|
537
525
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
538
526
|
The value should not contain leading or trailing forward slashes.
|
539
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
527
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
540
528
|
*Available only for Vault Enterprise*.
|
541
529
|
:param pulumi.Input[str] not_before_duration: Specifies the duration by which to backdate the ValidAfter property. Uses duration format strings.
|
542
530
|
:param pulumi.Input[str] ttl: Specifies the Time To Live value.
|
@@ -545,6 +533,8 @@ class _SecretBackendRoleState:
|
|
545
533
|
pulumi.set(__self__, "algorithm_signer", algorithm_signer)
|
546
534
|
if allow_bare_domains is not None:
|
547
535
|
pulumi.set(__self__, "allow_bare_domains", allow_bare_domains)
|
536
|
+
if allow_empty_principals is not None:
|
537
|
+
pulumi.set(__self__, "allow_empty_principals", allow_empty_principals)
|
548
538
|
if allow_host_certificates is not None:
|
549
539
|
pulumi.set(__self__, "allow_host_certificates", allow_host_certificates)
|
550
540
|
if allow_subdomains is not None:
|
@@ -563,11 +553,6 @@ class _SecretBackendRoleState:
|
|
563
553
|
pulumi.set(__self__, "allowed_extensions", allowed_extensions)
|
564
554
|
if allowed_user_key_configs is not None:
|
565
555
|
pulumi.set(__self__, "allowed_user_key_configs", allowed_user_key_configs)
|
566
|
-
if allowed_user_key_lengths is not None:
|
567
|
-
warnings.warn("""Set in allowed_user_key_config""", DeprecationWarning)
|
568
|
-
pulumi.log.warn("""allowed_user_key_lengths is deprecated: Set in allowed_user_key_config""")
|
569
|
-
if allowed_user_key_lengths is not None:
|
570
|
-
pulumi.set(__self__, "allowed_user_key_lengths", allowed_user_key_lengths)
|
571
556
|
if allowed_users is not None:
|
572
557
|
pulumi.set(__self__, "allowed_users", allowed_users)
|
573
558
|
if allowed_users_template is not None:
|
@@ -623,6 +608,15 @@ class _SecretBackendRoleState:
|
|
623
608
|
def allow_bare_domains(self, value: Optional[pulumi.Input[bool]]):
|
624
609
|
pulumi.set(self, "allow_bare_domains", value)
|
625
610
|
|
611
|
+
@property
|
612
|
+
@pulumi.getter(name="allowEmptyPrincipals")
|
613
|
+
def allow_empty_principals(self) -> Optional[pulumi.Input[bool]]:
|
614
|
+
return pulumi.get(self, "allow_empty_principals")
|
615
|
+
|
616
|
+
@allow_empty_principals.setter
|
617
|
+
def allow_empty_principals(self, value: Optional[pulumi.Input[bool]]):
|
618
|
+
pulumi.set(self, "allow_empty_principals", value)
|
619
|
+
|
626
620
|
@property
|
627
621
|
@pulumi.getter(name="allowHostCertificates")
|
628
622
|
def allow_host_certificates(self) -> Optional[pulumi.Input[bool]]:
|
@@ -734,23 +728,6 @@ class _SecretBackendRoleState:
|
|
734
728
|
def allowed_user_key_configs(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['SecretBackendRoleAllowedUserKeyConfigArgs']]]]):
|
735
729
|
pulumi.set(self, "allowed_user_key_configs", value)
|
736
730
|
|
737
|
-
@property
|
738
|
-
@pulumi.getter(name="allowedUserKeyLengths")
|
739
|
-
def allowed_user_key_lengths(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[int]]]]:
|
740
|
-
"""
|
741
|
-
Specifies a map of ssh key types and their expected sizes which
|
742
|
-
are allowed to be signed by the CA type.
|
743
|
-
*Deprecated: use* allowed_user_key_config *instead*
|
744
|
-
"""
|
745
|
-
warnings.warn("""Set in allowed_user_key_config""", DeprecationWarning)
|
746
|
-
pulumi.log.warn("""allowed_user_key_lengths is deprecated: Set in allowed_user_key_config""")
|
747
|
-
|
748
|
-
return pulumi.get(self, "allowed_user_key_lengths")
|
749
|
-
|
750
|
-
@allowed_user_key_lengths.setter
|
751
|
-
def allowed_user_key_lengths(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[int]]]]):
|
752
|
-
pulumi.set(self, "allowed_user_key_lengths", value)
|
753
|
-
|
754
731
|
@property
|
755
732
|
@pulumi.getter(name="allowedUsers")
|
756
733
|
def allowed_users(self) -> Optional[pulumi.Input[str]]:
|
@@ -801,26 +778,26 @@ class _SecretBackendRoleState:
|
|
801
778
|
|
802
779
|
@property
|
803
780
|
@pulumi.getter(name="defaultCriticalOptions")
|
804
|
-
def default_critical_options(self) -> Optional[pulumi.Input[Mapping[str,
|
781
|
+
def default_critical_options(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
|
805
782
|
"""
|
806
783
|
Specifies a map of critical options that certificates have when signed.
|
807
784
|
"""
|
808
785
|
return pulumi.get(self, "default_critical_options")
|
809
786
|
|
810
787
|
@default_critical_options.setter
|
811
|
-
def default_critical_options(self, value: Optional[pulumi.Input[Mapping[str,
|
788
|
+
def default_critical_options(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
|
812
789
|
pulumi.set(self, "default_critical_options", value)
|
813
790
|
|
814
791
|
@property
|
815
792
|
@pulumi.getter(name="defaultExtensions")
|
816
|
-
def default_extensions(self) -> Optional[pulumi.Input[Mapping[str,
|
793
|
+
def default_extensions(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
|
817
794
|
"""
|
818
795
|
Specifies a map of extensions that certificates have when signed.
|
819
796
|
"""
|
820
797
|
return pulumi.get(self, "default_extensions")
|
821
798
|
|
822
799
|
@default_extensions.setter
|
823
|
-
def default_extensions(self, value: Optional[pulumi.Input[Mapping[str,
|
800
|
+
def default_extensions(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
|
824
801
|
pulumi.set(self, "default_extensions", value)
|
825
802
|
|
826
803
|
@property
|
@@ -901,7 +878,7 @@ class _SecretBackendRoleState:
|
|
901
878
|
"""
|
902
879
|
The namespace to provision the resource in.
|
903
880
|
The value should not contain leading or trailing forward slashes.
|
904
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
881
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
905
882
|
*Available only for Vault Enterprise*.
|
906
883
|
"""
|
907
884
|
return pulumi.get(self, "namespace")
|
@@ -942,6 +919,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
942
919
|
opts: Optional[pulumi.ResourceOptions] = None,
|
943
920
|
algorithm_signer: Optional[pulumi.Input[str]] = None,
|
944
921
|
allow_bare_domains: Optional[pulumi.Input[bool]] = None,
|
922
|
+
allow_empty_principals: Optional[pulumi.Input[bool]] = None,
|
945
923
|
allow_host_certificates: Optional[pulumi.Input[bool]] = None,
|
946
924
|
allow_subdomains: Optional[pulumi.Input[bool]] = None,
|
947
925
|
allow_user_certificates: Optional[pulumi.Input[bool]] = None,
|
@@ -950,14 +928,13 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
950
928
|
allowed_domains: Optional[pulumi.Input[str]] = None,
|
951
929
|
allowed_domains_template: Optional[pulumi.Input[bool]] = None,
|
952
930
|
allowed_extensions: Optional[pulumi.Input[str]] = None,
|
953
|
-
allowed_user_key_configs: Optional[pulumi.Input[Sequence[pulumi.Input[
|
954
|
-
allowed_user_key_lengths: Optional[pulumi.Input[Mapping[str, pulumi.Input[int]]]] = None,
|
931
|
+
allowed_user_key_configs: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretBackendRoleAllowedUserKeyConfigArgs', 'SecretBackendRoleAllowedUserKeyConfigArgsDict']]]]] = None,
|
955
932
|
allowed_users: Optional[pulumi.Input[str]] = None,
|
956
933
|
allowed_users_template: Optional[pulumi.Input[bool]] = None,
|
957
934
|
backend: Optional[pulumi.Input[str]] = None,
|
958
935
|
cidr_list: Optional[pulumi.Input[str]] = None,
|
959
|
-
default_critical_options: Optional[pulumi.Input[Mapping[str,
|
960
|
-
default_extensions: Optional[pulumi.Input[Mapping[str,
|
936
|
+
default_critical_options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
937
|
+
default_extensions: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
961
938
|
default_user: Optional[pulumi.Input[str]] = None,
|
962
939
|
default_user_template: Optional[pulumi.Input[bool]] = None,
|
963
940
|
key_id_format: Optional[pulumi.Input[str]] = None,
|
@@ -980,10 +957,12 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
980
957
|
|
981
958
|
example = vault.Mount("example", type="ssh")
|
982
959
|
foo = vault.ssh.SecretBackendRole("foo",
|
960
|
+
name="my-role",
|
983
961
|
backend=example.path,
|
984
962
|
key_type="ca",
|
985
963
|
allow_user_certificates=True)
|
986
964
|
bar = vault.ssh.SecretBackendRole("bar",
|
965
|
+
name="otp-role",
|
987
966
|
backend=example.path,
|
988
967
|
key_type="otp",
|
989
968
|
default_user="default",
|
@@ -996,7 +975,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
996
975
|
SSH secret backend roles can be imported using the `path`, e.g.
|
997
976
|
|
998
977
|
```sh
|
999
|
-
|
978
|
+
$ pulumi import vault:ssh/secretBackendRole:SecretBackendRole foo ssh/roles/my-role
|
1000
979
|
```
|
1001
980
|
|
1002
981
|
:param str resource_name: The name of the resource.
|
@@ -1012,18 +991,15 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1012
991
|
:param pulumi.Input[bool] allowed_domains_template: Specifies if `allowed_domains` can be declared using
|
1013
992
|
identity template policies. Non-templated domains are also permitted.
|
1014
993
|
:param pulumi.Input[str] allowed_extensions: Specifies a comma-separated list of extensions that certificates can have when signed.
|
1015
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
994
|
+
:param pulumi.Input[Sequence[pulumi.Input[Union['SecretBackendRoleAllowedUserKeyConfigArgs', 'SecretBackendRoleAllowedUserKeyConfigArgsDict']]]] allowed_user_key_configs: Set of configuration blocks to define allowed
|
1016
995
|
user key configuration, like key type and their lengths. Can be specified multiple times.
|
1017
996
|
*See Configuration-Options for more info*
|
1018
|
-
:param pulumi.Input[Mapping[str, pulumi.Input[int]]] allowed_user_key_lengths: Specifies a map of ssh key types and their expected sizes which
|
1019
|
-
are allowed to be signed by the CA type.
|
1020
|
-
*Deprecated: use* allowed_user_key_config *instead*
|
1021
997
|
:param pulumi.Input[str] allowed_users: Specifies a comma-separated list of usernames that are to be allowed, only if certain usernames are to be allowed.
|
1022
998
|
:param pulumi.Input[bool] allowed_users_template: Specifies if `allowed_users` can be declared using identity template policies. Non-templated users are also permitted.
|
1023
999
|
:param pulumi.Input[str] backend: The path where the SSH secret backend is mounted.
|
1024
1000
|
:param pulumi.Input[str] cidr_list: The comma-separated string of CIDR blocks for which this role is applicable.
|
1025
|
-
:param pulumi.Input[Mapping[str,
|
1026
|
-
:param pulumi.Input[Mapping[str,
|
1001
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] default_critical_options: Specifies a map of critical options that certificates have when signed.
|
1002
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] default_extensions: Specifies a map of extensions that certificates have when signed.
|
1027
1003
|
:param pulumi.Input[str] default_user: Specifies the default username for which a credential will be generated.
|
1028
1004
|
:param pulumi.Input[bool] default_user_template: If set, `default_users` can be specified using identity template values. A non-templated user is also permitted.
|
1029
1005
|
:param pulumi.Input[str] key_id_format: Specifies a custom format for the key id of a signed certificate.
|
@@ -1032,7 +1008,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1032
1008
|
:param pulumi.Input[str] name: Specifies the name of the role to create.
|
1033
1009
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
1034
1010
|
The value should not contain leading or trailing forward slashes.
|
1035
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
1011
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
1036
1012
|
*Available only for Vault Enterprise*.
|
1037
1013
|
:param pulumi.Input[str] not_before_duration: Specifies the duration by which to backdate the ValidAfter property. Uses duration format strings.
|
1038
1014
|
:param pulumi.Input[str] ttl: Specifies the Time To Live value.
|
@@ -1055,10 +1031,12 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1055
1031
|
|
1056
1032
|
example = vault.Mount("example", type="ssh")
|
1057
1033
|
foo = vault.ssh.SecretBackendRole("foo",
|
1034
|
+
name="my-role",
|
1058
1035
|
backend=example.path,
|
1059
1036
|
key_type="ca",
|
1060
1037
|
allow_user_certificates=True)
|
1061
1038
|
bar = vault.ssh.SecretBackendRole("bar",
|
1039
|
+
name="otp-role",
|
1062
1040
|
backend=example.path,
|
1063
1041
|
key_type="otp",
|
1064
1042
|
default_user="default",
|
@@ -1071,7 +1049,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1071
1049
|
SSH secret backend roles can be imported using the `path`, e.g.
|
1072
1050
|
|
1073
1051
|
```sh
|
1074
|
-
|
1052
|
+
$ pulumi import vault:ssh/secretBackendRole:SecretBackendRole foo ssh/roles/my-role
|
1075
1053
|
```
|
1076
1054
|
|
1077
1055
|
:param str resource_name: The name of the resource.
|
@@ -1091,6 +1069,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1091
1069
|
opts: Optional[pulumi.ResourceOptions] = None,
|
1092
1070
|
algorithm_signer: Optional[pulumi.Input[str]] = None,
|
1093
1071
|
allow_bare_domains: Optional[pulumi.Input[bool]] = None,
|
1072
|
+
allow_empty_principals: Optional[pulumi.Input[bool]] = None,
|
1094
1073
|
allow_host_certificates: Optional[pulumi.Input[bool]] = None,
|
1095
1074
|
allow_subdomains: Optional[pulumi.Input[bool]] = None,
|
1096
1075
|
allow_user_certificates: Optional[pulumi.Input[bool]] = None,
|
@@ -1099,14 +1078,13 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1099
1078
|
allowed_domains: Optional[pulumi.Input[str]] = None,
|
1100
1079
|
allowed_domains_template: Optional[pulumi.Input[bool]] = None,
|
1101
1080
|
allowed_extensions: Optional[pulumi.Input[str]] = None,
|
1102
|
-
allowed_user_key_configs: Optional[pulumi.Input[Sequence[pulumi.Input[
|
1103
|
-
allowed_user_key_lengths: Optional[pulumi.Input[Mapping[str, pulumi.Input[int]]]] = None,
|
1081
|
+
allowed_user_key_configs: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretBackendRoleAllowedUserKeyConfigArgs', 'SecretBackendRoleAllowedUserKeyConfigArgsDict']]]]] = None,
|
1104
1082
|
allowed_users: Optional[pulumi.Input[str]] = None,
|
1105
1083
|
allowed_users_template: Optional[pulumi.Input[bool]] = None,
|
1106
1084
|
backend: Optional[pulumi.Input[str]] = None,
|
1107
1085
|
cidr_list: Optional[pulumi.Input[str]] = None,
|
1108
|
-
default_critical_options: Optional[pulumi.Input[Mapping[str,
|
1109
|
-
default_extensions: Optional[pulumi.Input[Mapping[str,
|
1086
|
+
default_critical_options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
1087
|
+
default_extensions: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
1110
1088
|
default_user: Optional[pulumi.Input[str]] = None,
|
1111
1089
|
default_user_template: Optional[pulumi.Input[bool]] = None,
|
1112
1090
|
key_id_format: Optional[pulumi.Input[str]] = None,
|
@@ -1127,6 +1105,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1127
1105
|
|
1128
1106
|
__props__.__dict__["algorithm_signer"] = algorithm_signer
|
1129
1107
|
__props__.__dict__["allow_bare_domains"] = allow_bare_domains
|
1108
|
+
__props__.__dict__["allow_empty_principals"] = allow_empty_principals
|
1130
1109
|
__props__.__dict__["allow_host_certificates"] = allow_host_certificates
|
1131
1110
|
__props__.__dict__["allow_subdomains"] = allow_subdomains
|
1132
1111
|
__props__.__dict__["allow_user_certificates"] = allow_user_certificates
|
@@ -1136,7 +1115,6 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1136
1115
|
__props__.__dict__["allowed_domains_template"] = allowed_domains_template
|
1137
1116
|
__props__.__dict__["allowed_extensions"] = allowed_extensions
|
1138
1117
|
__props__.__dict__["allowed_user_key_configs"] = allowed_user_key_configs
|
1139
|
-
__props__.__dict__["allowed_user_key_lengths"] = allowed_user_key_lengths
|
1140
1118
|
__props__.__dict__["allowed_users"] = allowed_users
|
1141
1119
|
__props__.__dict__["allowed_users_template"] = allowed_users_template
|
1142
1120
|
if backend is None and not opts.urn:
|
@@ -1168,6 +1146,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1168
1146
|
opts: Optional[pulumi.ResourceOptions] = None,
|
1169
1147
|
algorithm_signer: Optional[pulumi.Input[str]] = None,
|
1170
1148
|
allow_bare_domains: Optional[pulumi.Input[bool]] = None,
|
1149
|
+
allow_empty_principals: Optional[pulumi.Input[bool]] = None,
|
1171
1150
|
allow_host_certificates: Optional[pulumi.Input[bool]] = None,
|
1172
1151
|
allow_subdomains: Optional[pulumi.Input[bool]] = None,
|
1173
1152
|
allow_user_certificates: Optional[pulumi.Input[bool]] = None,
|
@@ -1176,14 +1155,13 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1176
1155
|
allowed_domains: Optional[pulumi.Input[str]] = None,
|
1177
1156
|
allowed_domains_template: Optional[pulumi.Input[bool]] = None,
|
1178
1157
|
allowed_extensions: Optional[pulumi.Input[str]] = None,
|
1179
|
-
allowed_user_key_configs: Optional[pulumi.Input[Sequence[pulumi.Input[
|
1180
|
-
allowed_user_key_lengths: Optional[pulumi.Input[Mapping[str, pulumi.Input[int]]]] = None,
|
1158
|
+
allowed_user_key_configs: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretBackendRoleAllowedUserKeyConfigArgs', 'SecretBackendRoleAllowedUserKeyConfigArgsDict']]]]] = None,
|
1181
1159
|
allowed_users: Optional[pulumi.Input[str]] = None,
|
1182
1160
|
allowed_users_template: Optional[pulumi.Input[bool]] = None,
|
1183
1161
|
backend: Optional[pulumi.Input[str]] = None,
|
1184
1162
|
cidr_list: Optional[pulumi.Input[str]] = None,
|
1185
|
-
default_critical_options: Optional[pulumi.Input[Mapping[str,
|
1186
|
-
default_extensions: Optional[pulumi.Input[Mapping[str,
|
1163
|
+
default_critical_options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
1164
|
+
default_extensions: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
1187
1165
|
default_user: Optional[pulumi.Input[str]] = None,
|
1188
1166
|
default_user_template: Optional[pulumi.Input[bool]] = None,
|
1189
1167
|
key_id_format: Optional[pulumi.Input[str]] = None,
|
@@ -1211,18 +1189,15 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1211
1189
|
:param pulumi.Input[bool] allowed_domains_template: Specifies if `allowed_domains` can be declared using
|
1212
1190
|
identity template policies. Non-templated domains are also permitted.
|
1213
1191
|
:param pulumi.Input[str] allowed_extensions: Specifies a comma-separated list of extensions that certificates can have when signed.
|
1214
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
1192
|
+
:param pulumi.Input[Sequence[pulumi.Input[Union['SecretBackendRoleAllowedUserKeyConfigArgs', 'SecretBackendRoleAllowedUserKeyConfigArgsDict']]]] allowed_user_key_configs: Set of configuration blocks to define allowed
|
1215
1193
|
user key configuration, like key type and their lengths. Can be specified multiple times.
|
1216
1194
|
*See Configuration-Options for more info*
|
1217
|
-
:param pulumi.Input[Mapping[str, pulumi.Input[int]]] allowed_user_key_lengths: Specifies a map of ssh key types and their expected sizes which
|
1218
|
-
are allowed to be signed by the CA type.
|
1219
|
-
*Deprecated: use* allowed_user_key_config *instead*
|
1220
1195
|
:param pulumi.Input[str] allowed_users: Specifies a comma-separated list of usernames that are to be allowed, only if certain usernames are to be allowed.
|
1221
1196
|
:param pulumi.Input[bool] allowed_users_template: Specifies if `allowed_users` can be declared using identity template policies. Non-templated users are also permitted.
|
1222
1197
|
:param pulumi.Input[str] backend: The path where the SSH secret backend is mounted.
|
1223
1198
|
:param pulumi.Input[str] cidr_list: The comma-separated string of CIDR blocks for which this role is applicable.
|
1224
|
-
:param pulumi.Input[Mapping[str,
|
1225
|
-
:param pulumi.Input[Mapping[str,
|
1199
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] default_critical_options: Specifies a map of critical options that certificates have when signed.
|
1200
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] default_extensions: Specifies a map of extensions that certificates have when signed.
|
1226
1201
|
:param pulumi.Input[str] default_user: Specifies the default username for which a credential will be generated.
|
1227
1202
|
:param pulumi.Input[bool] default_user_template: If set, `default_users` can be specified using identity template values. A non-templated user is also permitted.
|
1228
1203
|
:param pulumi.Input[str] key_id_format: Specifies a custom format for the key id of a signed certificate.
|
@@ -1231,7 +1206,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1231
1206
|
:param pulumi.Input[str] name: Specifies the name of the role to create.
|
1232
1207
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
1233
1208
|
The value should not contain leading or trailing forward slashes.
|
1234
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
1209
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
1235
1210
|
*Available only for Vault Enterprise*.
|
1236
1211
|
:param pulumi.Input[str] not_before_duration: Specifies the duration by which to backdate the ValidAfter property. Uses duration format strings.
|
1237
1212
|
:param pulumi.Input[str] ttl: Specifies the Time To Live value.
|
@@ -1242,6 +1217,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1242
1217
|
|
1243
1218
|
__props__.__dict__["algorithm_signer"] = algorithm_signer
|
1244
1219
|
__props__.__dict__["allow_bare_domains"] = allow_bare_domains
|
1220
|
+
__props__.__dict__["allow_empty_principals"] = allow_empty_principals
|
1245
1221
|
__props__.__dict__["allow_host_certificates"] = allow_host_certificates
|
1246
1222
|
__props__.__dict__["allow_subdomains"] = allow_subdomains
|
1247
1223
|
__props__.__dict__["allow_user_certificates"] = allow_user_certificates
|
@@ -1251,7 +1227,6 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1251
1227
|
__props__.__dict__["allowed_domains_template"] = allowed_domains_template
|
1252
1228
|
__props__.__dict__["allowed_extensions"] = allowed_extensions
|
1253
1229
|
__props__.__dict__["allowed_user_key_configs"] = allowed_user_key_configs
|
1254
|
-
__props__.__dict__["allowed_user_key_lengths"] = allowed_user_key_lengths
|
1255
1230
|
__props__.__dict__["allowed_users"] = allowed_users
|
1256
1231
|
__props__.__dict__["allowed_users_template"] = allowed_users_template
|
1257
1232
|
__props__.__dict__["backend"] = backend
|
@@ -1285,6 +1260,11 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1285
1260
|
"""
|
1286
1261
|
return pulumi.get(self, "allow_bare_domains")
|
1287
1262
|
|
1263
|
+
@property
|
1264
|
+
@pulumi.getter(name="allowEmptyPrincipals")
|
1265
|
+
def allow_empty_principals(self) -> pulumi.Output[Optional[bool]]:
|
1266
|
+
return pulumi.get(self, "allow_empty_principals")
|
1267
|
+
|
1288
1268
|
@property
|
1289
1269
|
@pulumi.getter(name="allowHostCertificates")
|
1290
1270
|
def allow_host_certificates(self) -> pulumi.Output[Optional[bool]]:
|
@@ -1360,19 +1340,6 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1360
1340
|
"""
|
1361
1341
|
return pulumi.get(self, "allowed_user_key_configs")
|
1362
1342
|
|
1363
|
-
@property
|
1364
|
-
@pulumi.getter(name="allowedUserKeyLengths")
|
1365
|
-
def allowed_user_key_lengths(self) -> pulumi.Output[Optional[Mapping[str, int]]]:
|
1366
|
-
"""
|
1367
|
-
Specifies a map of ssh key types and their expected sizes which
|
1368
|
-
are allowed to be signed by the CA type.
|
1369
|
-
*Deprecated: use* allowed_user_key_config *instead*
|
1370
|
-
"""
|
1371
|
-
warnings.warn("""Set in allowed_user_key_config""", DeprecationWarning)
|
1372
|
-
pulumi.log.warn("""allowed_user_key_lengths is deprecated: Set in allowed_user_key_config""")
|
1373
|
-
|
1374
|
-
return pulumi.get(self, "allowed_user_key_lengths")
|
1375
|
-
|
1376
1343
|
@property
|
1377
1344
|
@pulumi.getter(name="allowedUsers")
|
1378
1345
|
def allowed_users(self) -> pulumi.Output[Optional[str]]:
|
@@ -1407,7 +1374,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1407
1374
|
|
1408
1375
|
@property
|
1409
1376
|
@pulumi.getter(name="defaultCriticalOptions")
|
1410
|
-
def default_critical_options(self) -> pulumi.Output[Optional[Mapping[str,
|
1377
|
+
def default_critical_options(self) -> pulumi.Output[Optional[Mapping[str, str]]]:
|
1411
1378
|
"""
|
1412
1379
|
Specifies a map of critical options that certificates have when signed.
|
1413
1380
|
"""
|
@@ -1415,7 +1382,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1415
1382
|
|
1416
1383
|
@property
|
1417
1384
|
@pulumi.getter(name="defaultExtensions")
|
1418
|
-
def default_extensions(self) -> pulumi.Output[Optional[Mapping[str,
|
1385
|
+
def default_extensions(self) -> pulumi.Output[Optional[Mapping[str, str]]]:
|
1419
1386
|
"""
|
1420
1387
|
Specifies a map of extensions that certificates have when signed.
|
1421
1388
|
"""
|
@@ -1475,7 +1442,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1475
1442
|
"""
|
1476
1443
|
The namespace to provision the resource in.
|
1477
1444
|
The value should not contain leading or trailing forward slashes.
|
1478
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
1445
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
1479
1446
|
*Available only for Vault Enterprise*.
|
1480
1447
|
"""
|
1481
1448
|
return pulumi.get(self, "namespace")
|