pulumi-vault 5.21.0a1709368526__py3-none-any.whl → 6.5.0a1736836139__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +52 -0
- pulumi_vault/_inputs.py +560 -0
- pulumi_vault/_utilities.py +41 -5
- pulumi_vault/ad/get_access_credentials.py +26 -9
- pulumi_vault/ad/secret_backend.py +16 -142
- pulumi_vault/ad/secret_library.py +16 -9
- pulumi_vault/ad/secret_role.py +14 -9
- pulumi_vault/alicloud/auth_backend_role.py +76 -190
- pulumi_vault/approle/auth_backend_login.py +12 -7
- pulumi_vault/approle/auth_backend_role.py +77 -191
- pulumi_vault/approle/auth_backend_role_secret_id.py +106 -7
- pulumi_vault/approle/get_auth_backend_role_id.py +18 -5
- pulumi_vault/audit.py +30 -21
- pulumi_vault/audit_request_header.py +11 -2
- pulumi_vault/auth_backend.py +66 -14
- pulumi_vault/aws/auth_backend_cert.py +18 -9
- pulumi_vault/aws/auth_backend_client.py +267 -22
- pulumi_vault/aws/auth_backend_config_identity.py +14 -9
- pulumi_vault/aws/auth_backend_identity_whitelist.py +20 -15
- pulumi_vault/aws/auth_backend_login.py +19 -22
- pulumi_vault/aws/auth_backend_role.py +77 -191
- pulumi_vault/aws/auth_backend_role_tag.py +12 -7
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -13
- pulumi_vault/aws/auth_backend_sts_role.py +14 -9
- pulumi_vault/aws/get_access_credentials.py +38 -9
- pulumi_vault/aws/get_static_access_credentials.py +19 -5
- pulumi_vault/aws/secret_backend.py +77 -9
- pulumi_vault/aws/secret_backend_role.py +185 -9
- pulumi_vault/aws/secret_backend_static_role.py +20 -11
- pulumi_vault/azure/_inputs.py +24 -0
- pulumi_vault/azure/auth_backend_config.py +153 -15
- pulumi_vault/azure/auth_backend_role.py +77 -191
- pulumi_vault/azure/backend.py +227 -21
- pulumi_vault/azure/backend_role.py +42 -37
- pulumi_vault/azure/get_access_credentials.py +41 -7
- pulumi_vault/azure/outputs.py +5 -0
- pulumi_vault/cert_auth_backend_role.py +87 -267
- pulumi_vault/config/__init__.pyi +5 -0
- pulumi_vault/config/_inputs.py +73 -0
- pulumi_vault/config/outputs.py +35 -0
- pulumi_vault/config/ui_custom_message.py +529 -0
- pulumi_vault/config/vars.py +5 -0
- pulumi_vault/consul/secret_backend.py +28 -19
- pulumi_vault/consul/secret_backend_role.py +18 -78
- pulumi_vault/database/_inputs.py +2770 -881
- pulumi_vault/database/outputs.py +721 -838
- pulumi_vault/database/secret_backend_connection.py +119 -112
- pulumi_vault/database/secret_backend_role.py +31 -22
- pulumi_vault/database/secret_backend_static_role.py +87 -13
- pulumi_vault/database/secrets_mount.py +427 -136
- pulumi_vault/egp_policy.py +16 -11
- pulumi_vault/gcp/_inputs.py +111 -0
- pulumi_vault/gcp/auth_backend.py +250 -33
- pulumi_vault/gcp/auth_backend_role.py +77 -269
- pulumi_vault/gcp/get_auth_backend_role.py +43 -5
- pulumi_vault/gcp/outputs.py +5 -0
- pulumi_vault/gcp/secret_backend.py +287 -12
- pulumi_vault/gcp/secret_impersonated_account.py +76 -15
- pulumi_vault/gcp/secret_roleset.py +31 -24
- pulumi_vault/gcp/secret_static_account.py +39 -32
- pulumi_vault/generic/endpoint.py +24 -17
- pulumi_vault/generic/get_secret.py +64 -8
- pulumi_vault/generic/secret.py +21 -16
- pulumi_vault/get_auth_backend.py +24 -7
- pulumi_vault/get_auth_backends.py +51 -9
- pulumi_vault/get_namespace.py +226 -0
- pulumi_vault/get_namespaces.py +153 -0
- pulumi_vault/get_nomad_access_token.py +31 -11
- pulumi_vault/get_policy_document.py +34 -19
- pulumi_vault/get_raft_autopilot_state.py +29 -10
- pulumi_vault/github/_inputs.py +55 -0
- pulumi_vault/github/auth_backend.py +19 -14
- pulumi_vault/github/outputs.py +5 -0
- pulumi_vault/github/team.py +16 -11
- pulumi_vault/github/user.py +16 -11
- pulumi_vault/identity/entity.py +20 -13
- pulumi_vault/identity/entity_alias.py +20 -13
- pulumi_vault/identity/entity_policies.py +28 -11
- pulumi_vault/identity/get_entity.py +42 -10
- pulumi_vault/identity/get_group.py +47 -9
- pulumi_vault/identity/get_oidc_client_creds.py +21 -7
- pulumi_vault/identity/get_oidc_openid_config.py +39 -9
- pulumi_vault/identity/get_oidc_public_keys.py +29 -10
- pulumi_vault/identity/group.py +58 -39
- pulumi_vault/identity/group_alias.py +16 -9
- pulumi_vault/identity/group_member_entity_ids.py +28 -66
- pulumi_vault/identity/group_member_group_ids.py +40 -19
- pulumi_vault/identity/group_policies.py +20 -7
- pulumi_vault/identity/mfa_duo.py +11 -6
- pulumi_vault/identity/mfa_login_enforcement.py +15 -6
- pulumi_vault/identity/mfa_okta.py +11 -6
- pulumi_vault/identity/mfa_pingid.py +7 -2
- pulumi_vault/identity/mfa_totp.py +7 -2
- pulumi_vault/identity/oidc.py +12 -7
- pulumi_vault/identity/oidc_assignment.py +24 -11
- pulumi_vault/identity/oidc_client.py +36 -23
- pulumi_vault/identity/oidc_key.py +30 -17
- pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -15
- pulumi_vault/identity/oidc_provider.py +36 -21
- pulumi_vault/identity/oidc_role.py +42 -21
- pulumi_vault/identity/oidc_scope.py +20 -13
- pulumi_vault/identity/outputs.py +8 -3
- pulumi_vault/jwt/_inputs.py +55 -0
- pulumi_vault/jwt/auth_backend.py +45 -40
- pulumi_vault/jwt/auth_backend_role.py +133 -254
- pulumi_vault/jwt/outputs.py +5 -0
- pulumi_vault/kmip/secret_backend.py +24 -19
- pulumi_vault/kmip/secret_role.py +14 -9
- pulumi_vault/kmip/secret_scope.py +14 -9
- pulumi_vault/kubernetes/auth_backend_config.py +57 -5
- pulumi_vault/kubernetes/auth_backend_role.py +70 -177
- pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
- pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
- pulumi_vault/kubernetes/get_service_account_token.py +39 -11
- pulumi_vault/kubernetes/secret_backend.py +316 -27
- pulumi_vault/kubernetes/secret_backend_role.py +137 -46
- pulumi_vault/kv/_inputs.py +36 -4
- pulumi_vault/kv/get_secret.py +25 -8
- pulumi_vault/kv/get_secret_subkeys_v2.py +33 -10
- pulumi_vault/kv/get_secret_v2.py +85 -9
- pulumi_vault/kv/get_secrets_list.py +24 -11
- pulumi_vault/kv/get_secrets_list_v2.py +37 -15
- pulumi_vault/kv/outputs.py +8 -3
- pulumi_vault/kv/secret.py +23 -16
- pulumi_vault/kv/secret_backend_v2.py +20 -11
- pulumi_vault/kv/secret_v2.py +59 -50
- pulumi_vault/ldap/auth_backend.py +127 -166
- pulumi_vault/ldap/auth_backend_group.py +14 -9
- pulumi_vault/ldap/auth_backend_user.py +14 -9
- pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
- pulumi_vault/ldap/get_static_credentials.py +24 -5
- pulumi_vault/ldap/secret_backend.py +354 -82
- pulumi_vault/ldap/secret_backend_dynamic_role.py +18 -11
- pulumi_vault/ldap/secret_backend_library_set.py +16 -9
- pulumi_vault/ldap/secret_backend_static_role.py +73 -12
- pulumi_vault/managed/_inputs.py +289 -132
- pulumi_vault/managed/keys.py +29 -57
- pulumi_vault/managed/outputs.py +89 -132
- pulumi_vault/mfa_duo.py +18 -11
- pulumi_vault/mfa_okta.py +18 -11
- pulumi_vault/mfa_pingid.py +18 -11
- pulumi_vault/mfa_totp.py +24 -17
- pulumi_vault/mongodbatlas/secret_backend.py +20 -15
- pulumi_vault/mongodbatlas/secret_role.py +47 -38
- pulumi_vault/mount.py +391 -51
- pulumi_vault/namespace.py +68 -83
- pulumi_vault/nomad_secret_backend.py +18 -13
- pulumi_vault/nomad_secret_role.py +14 -9
- pulumi_vault/okta/_inputs.py +47 -8
- pulumi_vault/okta/auth_backend.py +485 -39
- pulumi_vault/okta/auth_backend_group.py +14 -9
- pulumi_vault/okta/auth_backend_user.py +14 -9
- pulumi_vault/okta/outputs.py +13 -8
- pulumi_vault/outputs.py +5 -0
- pulumi_vault/password_policy.py +20 -13
- pulumi_vault/pkisecret/__init__.py +3 -0
- pulumi_vault/pkisecret/_inputs.py +81 -0
- pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
- pulumi_vault/pkisecret/backend_config_est.py +619 -0
- pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
- pulumi_vault/pkisecret/get_backend_issuer.py +67 -9
- pulumi_vault/pkisecret/get_backend_issuers.py +21 -8
- pulumi_vault/pkisecret/get_backend_key.py +24 -9
- pulumi_vault/pkisecret/get_backend_keys.py +21 -8
- pulumi_vault/pkisecret/outputs.py +69 -0
- pulumi_vault/pkisecret/secret_backend_cert.py +18 -11
- pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -11
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +14 -9
- pulumi_vault/pkisecret/secret_backend_config_urls.py +67 -11
- pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -9
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -11
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -17
- pulumi_vault/pkisecret/secret_backend_issuer.py +14 -9
- pulumi_vault/pkisecret/secret_backend_key.py +14 -9
- pulumi_vault/pkisecret/secret_backend_role.py +21 -14
- pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -48
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -56
- pulumi_vault/pkisecret/secret_backend_sign.py +18 -54
- pulumi_vault/plugin.py +595 -0
- pulumi_vault/plugin_pinned_version.py +298 -0
- pulumi_vault/policy.py +14 -9
- pulumi_vault/provider.py +48 -53
- pulumi_vault/pulumi-plugin.json +2 -1
- pulumi_vault/quota_lease_count.py +60 -6
- pulumi_vault/quota_rate_limit.py +56 -2
- pulumi_vault/rabbitmq/_inputs.py +61 -0
- pulumi_vault/rabbitmq/outputs.py +5 -0
- pulumi_vault/rabbitmq/secret_backend.py +18 -13
- pulumi_vault/rabbitmq/secret_backend_role.py +54 -47
- pulumi_vault/raft_autopilot.py +14 -9
- pulumi_vault/raft_snapshot_agent_config.py +129 -224
- pulumi_vault/rgp_policy.py +14 -9
- pulumi_vault/saml/auth_backend.py +22 -17
- pulumi_vault/saml/auth_backend_role.py +92 -197
- pulumi_vault/secrets/__init__.py +3 -0
- pulumi_vault/secrets/_inputs.py +110 -0
- pulumi_vault/secrets/outputs.py +94 -0
- pulumi_vault/secrets/sync_association.py +56 -71
- pulumi_vault/secrets/sync_aws_destination.py +242 -27
- pulumi_vault/secrets/sync_azure_destination.py +92 -31
- pulumi_vault/secrets/sync_config.py +9 -4
- pulumi_vault/secrets/sync_gcp_destination.py +158 -25
- pulumi_vault/secrets/sync_gh_destination.py +189 -13
- pulumi_vault/secrets/sync_github_apps.py +375 -0
- pulumi_vault/secrets/sync_vercel_destination.py +74 -13
- pulumi_vault/ssh/_inputs.py +28 -28
- pulumi_vault/ssh/outputs.py +11 -28
- pulumi_vault/ssh/secret_backend_ca.py +108 -9
- pulumi_vault/ssh/secret_backend_role.py +85 -118
- pulumi_vault/terraformcloud/secret_backend.py +7 -54
- pulumi_vault/terraformcloud/secret_creds.py +14 -20
- pulumi_vault/terraformcloud/secret_role.py +16 -74
- pulumi_vault/token.py +28 -23
- pulumi_vault/tokenauth/auth_backend_role.py +78 -199
- pulumi_vault/transform/alphabet.py +16 -9
- pulumi_vault/transform/get_decode.py +45 -17
- pulumi_vault/transform/get_encode.py +45 -17
- pulumi_vault/transform/role.py +16 -9
- pulumi_vault/transform/template.py +30 -21
- pulumi_vault/transform/transformation.py +12 -7
- pulumi_vault/transit/get_decrypt.py +26 -21
- pulumi_vault/transit/get_encrypt.py +24 -19
- pulumi_vault/transit/secret_backend_key.py +27 -93
- pulumi_vault/transit/secret_cache_config.py +12 -7
- {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/METADATA +8 -7
- pulumi_vault-6.5.0a1736836139.dist-info/RECORD +256 -0
- {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/WHEEL +1 -1
- pulumi_vault-5.21.0a1709368526.dist-info/RECORD +0 -244
- {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/top_level.txt +0 -0
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
|
12
17
|
__all__ = ['AuthBackendRoleArgs', 'AuthBackendRole']
|
@@ -43,38 +48,20 @@ class AuthBackendRoleArgs:
|
|
43
48
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] disallowed_policies_globs: Set of disallowed policies with glob match for given role.
|
44
49
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
45
50
|
The value should not contain leading or trailing forward slashes.
|
46
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
51
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
47
52
|
*Available only for Vault Enterprise*.
|
48
53
|
:param pulumi.Input[bool] orphan: If true, tokens created against this policy will be orphan tokens.
|
49
54
|
:param pulumi.Input[str] path_suffix: Tokens created against this role will have the given suffix as part of their path in addition to the role name.
|
50
|
-
|
51
|
-
> Due to a bug the resource. This *will* cause all existing tokens issued by this role to be revoked.
|
52
55
|
:param pulumi.Input[bool] renewable: Whether to disable the ability of the token to be renewed past its initial TTL.
|
53
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs:
|
54
|
-
|
55
|
-
|
56
|
-
:param pulumi.Input[
|
57
|
-
|
58
|
-
|
59
|
-
`token_max_ttl` would otherwise allow a renewal.
|
60
|
-
:param pulumi.Input[int] token_max_ttl: The maximum lifetime for generated tokens in number of seconds.
|
61
|
-
Its current value will be referenced at renewal time.
|
62
|
-
:param pulumi.Input[bool] token_no_default_policy: If set, the default policy will not be set on
|
63
|
-
generated tokens; otherwise it will be added to the policies set in token_policies.
|
64
|
-
:param pulumi.Input[int] token_num_uses: The [maximum number](https://www.vaultproject.io/api-docs/token#token_num_uses)
|
65
|
-
of times a generated token may be used (within its lifetime); 0 means unlimited.
|
66
|
-
:param pulumi.Input[int] token_period: If set, indicates that the
|
67
|
-
token generated using this role should never expire. The token should be renewed within the
|
68
|
-
duration specified by this value. At each renewal, the token's TTL will be set to the
|
69
|
-
value of this field. Specified in seconds.
|
56
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
|
57
|
+
:param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
|
58
|
+
:param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
|
59
|
+
:param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
|
60
|
+
:param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
|
61
|
+
:param pulumi.Input[int] token_period: Generated Token's Period
|
70
62
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
|
71
|
-
:param pulumi.Input[int] token_ttl: The
|
72
|
-
|
73
|
-
:param pulumi.Input[str] token_type: The type of token that should be generated. Can be `service`,
|
74
|
-
`batch`, or `default` to use the mount's tuned default (which unless changed will be
|
75
|
-
`service` tokens). For token store roles, there are two additional possibilities:
|
76
|
-
`default-service` and `default-batch` which specify the type to return unless the client
|
77
|
-
requests a different type at generation time.
|
63
|
+
:param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
|
64
|
+
:param pulumi.Input[str] token_type: The type of token to generate, service or batch
|
78
65
|
"""
|
79
66
|
pulumi.set(__self__, "role_name", role_name)
|
80
67
|
if allowed_entity_aliases is not None:
|
@@ -192,7 +179,7 @@ class AuthBackendRoleArgs:
|
|
192
179
|
"""
|
193
180
|
The namespace to provision the resource in.
|
194
181
|
The value should not contain leading or trailing forward slashes.
|
195
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
182
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
196
183
|
*Available only for Vault Enterprise*.
|
197
184
|
"""
|
198
185
|
return pulumi.get(self, "namespace")
|
@@ -218,8 +205,6 @@ class AuthBackendRoleArgs:
|
|
218
205
|
def path_suffix(self) -> Optional[pulumi.Input[str]]:
|
219
206
|
"""
|
220
207
|
Tokens created against this role will have the given suffix as part of their path in addition to the role name.
|
221
|
-
|
222
|
-
> Due to a bug the resource. This *will* cause all existing tokens issued by this role to be revoked.
|
223
208
|
"""
|
224
209
|
return pulumi.get(self, "path_suffix")
|
225
210
|
|
@@ -243,9 +228,7 @@ class AuthBackendRoleArgs:
|
|
243
228
|
@pulumi.getter(name="tokenBoundCidrs")
|
244
229
|
def token_bound_cidrs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
245
230
|
"""
|
246
|
-
|
247
|
-
addresses which can authenticate successfully, and ties the resulting token to these blocks
|
248
|
-
as well.
|
231
|
+
Specifies the blocks of IP addresses which are allowed to use the generated token
|
249
232
|
"""
|
250
233
|
return pulumi.get(self, "token_bound_cidrs")
|
251
234
|
|
@@ -257,10 +240,7 @@ class AuthBackendRoleArgs:
|
|
257
240
|
@pulumi.getter(name="tokenExplicitMaxTtl")
|
258
241
|
def token_explicit_max_ttl(self) -> Optional[pulumi.Input[int]]:
|
259
242
|
"""
|
260
|
-
|
261
|
-
[explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
|
262
|
-
onto the token in number of seconds. This is a hard cap even if `token_ttl` and
|
263
|
-
`token_max_ttl` would otherwise allow a renewal.
|
243
|
+
Generated Token's Explicit Maximum TTL in seconds
|
264
244
|
"""
|
265
245
|
return pulumi.get(self, "token_explicit_max_ttl")
|
266
246
|
|
@@ -272,8 +252,7 @@ class AuthBackendRoleArgs:
|
|
272
252
|
@pulumi.getter(name="tokenMaxTtl")
|
273
253
|
def token_max_ttl(self) -> Optional[pulumi.Input[int]]:
|
274
254
|
"""
|
275
|
-
The maximum lifetime
|
276
|
-
Its current value will be referenced at renewal time.
|
255
|
+
The maximum lifetime of the generated token
|
277
256
|
"""
|
278
257
|
return pulumi.get(self, "token_max_ttl")
|
279
258
|
|
@@ -285,8 +264,7 @@ class AuthBackendRoleArgs:
|
|
285
264
|
@pulumi.getter(name="tokenNoDefaultPolicy")
|
286
265
|
def token_no_default_policy(self) -> Optional[pulumi.Input[bool]]:
|
287
266
|
"""
|
288
|
-
If
|
289
|
-
generated tokens; otherwise it will be added to the policies set in token_policies.
|
267
|
+
If true, the 'default' policy will not automatically be added to generated tokens
|
290
268
|
"""
|
291
269
|
return pulumi.get(self, "token_no_default_policy")
|
292
270
|
|
@@ -298,8 +276,7 @@ class AuthBackendRoleArgs:
|
|
298
276
|
@pulumi.getter(name="tokenNumUses")
|
299
277
|
def token_num_uses(self) -> Optional[pulumi.Input[int]]:
|
300
278
|
"""
|
301
|
-
The
|
302
|
-
of times a generated token may be used (within its lifetime); 0 means unlimited.
|
279
|
+
The maximum number of times a token may be used, a value of zero means unlimited
|
303
280
|
"""
|
304
281
|
return pulumi.get(self, "token_num_uses")
|
305
282
|
|
@@ -311,10 +288,7 @@ class AuthBackendRoleArgs:
|
|
311
288
|
@pulumi.getter(name="tokenPeriod")
|
312
289
|
def token_period(self) -> Optional[pulumi.Input[int]]:
|
313
290
|
"""
|
314
|
-
|
315
|
-
token generated using this role should never expire. The token should be renewed within the
|
316
|
-
duration specified by this value. At each renewal, the token's TTL will be set to the
|
317
|
-
value of this field. Specified in seconds.
|
291
|
+
Generated Token's Period
|
318
292
|
"""
|
319
293
|
return pulumi.get(self, "token_period")
|
320
294
|
|
@@ -338,8 +312,7 @@ class AuthBackendRoleArgs:
|
|
338
312
|
@pulumi.getter(name="tokenTtl")
|
339
313
|
def token_ttl(self) -> Optional[pulumi.Input[int]]:
|
340
314
|
"""
|
341
|
-
The
|
342
|
-
Its current value will be referenced at renewal time.
|
315
|
+
The initial ttl of the token to generate in seconds
|
343
316
|
"""
|
344
317
|
return pulumi.get(self, "token_ttl")
|
345
318
|
|
@@ -351,11 +324,7 @@ class AuthBackendRoleArgs:
|
|
351
324
|
@pulumi.getter(name="tokenType")
|
352
325
|
def token_type(self) -> Optional[pulumi.Input[str]]:
|
353
326
|
"""
|
354
|
-
The type of token
|
355
|
-
`batch`, or `default` to use the mount's tuned default (which unless changed will be
|
356
|
-
`service` tokens). For token store roles, there are two additional possibilities:
|
357
|
-
`default-service` and `default-batch` which specify the type to return unless the client
|
358
|
-
requests a different type at generation time.
|
327
|
+
The type of token to generate, service or batch
|
359
328
|
"""
|
360
329
|
return pulumi.get(self, "token_type")
|
361
330
|
|
@@ -395,39 +364,21 @@ class _AuthBackendRoleState:
|
|
395
364
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] disallowed_policies_globs: Set of disallowed policies with glob match for given role.
|
396
365
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
397
366
|
The value should not contain leading or trailing forward slashes.
|
398
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
367
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
399
368
|
*Available only for Vault Enterprise*.
|
400
369
|
:param pulumi.Input[bool] orphan: If true, tokens created against this policy will be orphan tokens.
|
401
370
|
:param pulumi.Input[str] path_suffix: Tokens created against this role will have the given suffix as part of their path in addition to the role name.
|
402
|
-
|
403
|
-
> Due to a bug the resource. This *will* cause all existing tokens issued by this role to be revoked.
|
404
371
|
:param pulumi.Input[bool] renewable: Whether to disable the ability of the token to be renewed past its initial TTL.
|
405
372
|
:param pulumi.Input[str] role_name: The name of the role.
|
406
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs:
|
407
|
-
|
408
|
-
|
409
|
-
:param pulumi.Input[
|
410
|
-
|
411
|
-
|
412
|
-
`token_max_ttl` would otherwise allow a renewal.
|
413
|
-
:param pulumi.Input[int] token_max_ttl: The maximum lifetime for generated tokens in number of seconds.
|
414
|
-
Its current value will be referenced at renewal time.
|
415
|
-
:param pulumi.Input[bool] token_no_default_policy: If set, the default policy will not be set on
|
416
|
-
generated tokens; otherwise it will be added to the policies set in token_policies.
|
417
|
-
:param pulumi.Input[int] token_num_uses: The [maximum number](https://www.vaultproject.io/api-docs/token#token_num_uses)
|
418
|
-
of times a generated token may be used (within its lifetime); 0 means unlimited.
|
419
|
-
:param pulumi.Input[int] token_period: If set, indicates that the
|
420
|
-
token generated using this role should never expire. The token should be renewed within the
|
421
|
-
duration specified by this value. At each renewal, the token's TTL will be set to the
|
422
|
-
value of this field. Specified in seconds.
|
373
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
|
374
|
+
:param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
|
375
|
+
:param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
|
376
|
+
:param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
|
377
|
+
:param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
|
378
|
+
:param pulumi.Input[int] token_period: Generated Token's Period
|
423
379
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
|
424
|
-
:param pulumi.Input[int] token_ttl: The
|
425
|
-
|
426
|
-
:param pulumi.Input[str] token_type: The type of token that should be generated. Can be `service`,
|
427
|
-
`batch`, or `default` to use the mount's tuned default (which unless changed will be
|
428
|
-
`service` tokens). For token store roles, there are two additional possibilities:
|
429
|
-
`default-service` and `default-batch` which specify the type to return unless the client
|
430
|
-
requests a different type at generation time.
|
380
|
+
:param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
|
381
|
+
:param pulumi.Input[str] token_type: The type of token to generate, service or batch
|
431
382
|
"""
|
432
383
|
if allowed_entity_aliases is not None:
|
433
384
|
pulumi.set(__self__, "allowed_entity_aliases", allowed_entity_aliases)
|
@@ -534,7 +485,7 @@ class _AuthBackendRoleState:
|
|
534
485
|
"""
|
535
486
|
The namespace to provision the resource in.
|
536
487
|
The value should not contain leading or trailing forward slashes.
|
537
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
488
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
538
489
|
*Available only for Vault Enterprise*.
|
539
490
|
"""
|
540
491
|
return pulumi.get(self, "namespace")
|
@@ -560,8 +511,6 @@ class _AuthBackendRoleState:
|
|
560
511
|
def path_suffix(self) -> Optional[pulumi.Input[str]]:
|
561
512
|
"""
|
562
513
|
Tokens created against this role will have the given suffix as part of their path in addition to the role name.
|
563
|
-
|
564
|
-
> Due to a bug the resource. This *will* cause all existing tokens issued by this role to be revoked.
|
565
514
|
"""
|
566
515
|
return pulumi.get(self, "path_suffix")
|
567
516
|
|
@@ -597,9 +546,7 @@ class _AuthBackendRoleState:
|
|
597
546
|
@pulumi.getter(name="tokenBoundCidrs")
|
598
547
|
def token_bound_cidrs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
599
548
|
"""
|
600
|
-
|
601
|
-
addresses which can authenticate successfully, and ties the resulting token to these blocks
|
602
|
-
as well.
|
549
|
+
Specifies the blocks of IP addresses which are allowed to use the generated token
|
603
550
|
"""
|
604
551
|
return pulumi.get(self, "token_bound_cidrs")
|
605
552
|
|
@@ -611,10 +558,7 @@ class _AuthBackendRoleState:
|
|
611
558
|
@pulumi.getter(name="tokenExplicitMaxTtl")
|
612
559
|
def token_explicit_max_ttl(self) -> Optional[pulumi.Input[int]]:
|
613
560
|
"""
|
614
|
-
|
615
|
-
[explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
|
616
|
-
onto the token in number of seconds. This is a hard cap even if `token_ttl` and
|
617
|
-
`token_max_ttl` would otherwise allow a renewal.
|
561
|
+
Generated Token's Explicit Maximum TTL in seconds
|
618
562
|
"""
|
619
563
|
return pulumi.get(self, "token_explicit_max_ttl")
|
620
564
|
|
@@ -626,8 +570,7 @@ class _AuthBackendRoleState:
|
|
626
570
|
@pulumi.getter(name="tokenMaxTtl")
|
627
571
|
def token_max_ttl(self) -> Optional[pulumi.Input[int]]:
|
628
572
|
"""
|
629
|
-
The maximum lifetime
|
630
|
-
Its current value will be referenced at renewal time.
|
573
|
+
The maximum lifetime of the generated token
|
631
574
|
"""
|
632
575
|
return pulumi.get(self, "token_max_ttl")
|
633
576
|
|
@@ -639,8 +582,7 @@ class _AuthBackendRoleState:
|
|
639
582
|
@pulumi.getter(name="tokenNoDefaultPolicy")
|
640
583
|
def token_no_default_policy(self) -> Optional[pulumi.Input[bool]]:
|
641
584
|
"""
|
642
|
-
If
|
643
|
-
generated tokens; otherwise it will be added to the policies set in token_policies.
|
585
|
+
If true, the 'default' policy will not automatically be added to generated tokens
|
644
586
|
"""
|
645
587
|
return pulumi.get(self, "token_no_default_policy")
|
646
588
|
|
@@ -652,8 +594,7 @@ class _AuthBackendRoleState:
|
|
652
594
|
@pulumi.getter(name="tokenNumUses")
|
653
595
|
def token_num_uses(self) -> Optional[pulumi.Input[int]]:
|
654
596
|
"""
|
655
|
-
The
|
656
|
-
of times a generated token may be used (within its lifetime); 0 means unlimited.
|
597
|
+
The maximum number of times a token may be used, a value of zero means unlimited
|
657
598
|
"""
|
658
599
|
return pulumi.get(self, "token_num_uses")
|
659
600
|
|
@@ -665,10 +606,7 @@ class _AuthBackendRoleState:
|
|
665
606
|
@pulumi.getter(name="tokenPeriod")
|
666
607
|
def token_period(self) -> Optional[pulumi.Input[int]]:
|
667
608
|
"""
|
668
|
-
|
669
|
-
token generated using this role should never expire. The token should be renewed within the
|
670
|
-
duration specified by this value. At each renewal, the token's TTL will be set to the
|
671
|
-
value of this field. Specified in seconds.
|
609
|
+
Generated Token's Period
|
672
610
|
"""
|
673
611
|
return pulumi.get(self, "token_period")
|
674
612
|
|
@@ -692,8 +630,7 @@ class _AuthBackendRoleState:
|
|
692
630
|
@pulumi.getter(name="tokenTtl")
|
693
631
|
def token_ttl(self) -> Optional[pulumi.Input[int]]:
|
694
632
|
"""
|
695
|
-
The
|
696
|
-
Its current value will be referenced at renewal time.
|
633
|
+
The initial ttl of the token to generate in seconds
|
697
634
|
"""
|
698
635
|
return pulumi.get(self, "token_ttl")
|
699
636
|
|
@@ -705,11 +642,7 @@ class _AuthBackendRoleState:
|
|
705
642
|
@pulumi.getter(name="tokenType")
|
706
643
|
def token_type(self) -> Optional[pulumi.Input[str]]:
|
707
644
|
"""
|
708
|
-
The type of token
|
709
|
-
`batch`, or `default` to use the mount's tuned default (which unless changed will be
|
710
|
-
`service` tokens). For token store roles, there are two additional possibilities:
|
711
|
-
`default-service` and `default-batch` which specify the type to return unless the client
|
712
|
-
requests a different type at generation time.
|
645
|
+
The type of token to generate, service or batch
|
713
646
|
"""
|
714
647
|
return pulumi.get(self, "token_type")
|
715
648
|
|
@@ -755,18 +688,18 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
755
688
|
import pulumi_vault as vault
|
756
689
|
|
757
690
|
example = vault.tokenauth.AuthBackendRole("example",
|
758
|
-
|
691
|
+
role_name="my-role",
|
759
692
|
allowed_policies=[
|
760
693
|
"dev",
|
761
694
|
"test",
|
762
695
|
],
|
763
696
|
disallowed_policies=["default"],
|
697
|
+
allowed_entity_aliases=["test_entity"],
|
764
698
|
orphan=True,
|
765
|
-
|
699
|
+
token_period=86400,
|
766
700
|
renewable=True,
|
767
|
-
role_name="my-role",
|
768
701
|
token_explicit_max_ttl=115200,
|
769
|
-
|
702
|
+
path_suffix="path-suffix")
|
770
703
|
```
|
771
704
|
|
772
705
|
## Import
|
@@ -774,7 +707,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
774
707
|
Token auth backend roles can be imported with `auth/token/roles/` followed by the `role_name`, e.g.
|
775
708
|
|
776
709
|
```sh
|
777
|
-
|
710
|
+
$ pulumi import vault:tokenauth/authBackendRole:AuthBackendRole example auth/token/roles/my-role
|
778
711
|
```
|
779
712
|
|
780
713
|
:param str resource_name: The name of the resource.
|
@@ -786,39 +719,21 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
786
719
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] disallowed_policies_globs: Set of disallowed policies with glob match for given role.
|
787
720
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
788
721
|
The value should not contain leading or trailing forward slashes.
|
789
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
722
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
790
723
|
*Available only for Vault Enterprise*.
|
791
724
|
:param pulumi.Input[bool] orphan: If true, tokens created against this policy will be orphan tokens.
|
792
725
|
:param pulumi.Input[str] path_suffix: Tokens created against this role will have the given suffix as part of their path in addition to the role name.
|
793
|
-
|
794
|
-
> Due to a bug the resource. This *will* cause all existing tokens issued by this role to be revoked.
|
795
726
|
:param pulumi.Input[bool] renewable: Whether to disable the ability of the token to be renewed past its initial TTL.
|
796
727
|
:param pulumi.Input[str] role_name: The name of the role.
|
797
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs:
|
798
|
-
|
799
|
-
|
800
|
-
:param pulumi.Input[
|
801
|
-
|
802
|
-
|
803
|
-
`token_max_ttl` would otherwise allow a renewal.
|
804
|
-
:param pulumi.Input[int] token_max_ttl: The maximum lifetime for generated tokens in number of seconds.
|
805
|
-
Its current value will be referenced at renewal time.
|
806
|
-
:param pulumi.Input[bool] token_no_default_policy: If set, the default policy will not be set on
|
807
|
-
generated tokens; otherwise it will be added to the policies set in token_policies.
|
808
|
-
:param pulumi.Input[int] token_num_uses: The [maximum number](https://www.vaultproject.io/api-docs/token#token_num_uses)
|
809
|
-
of times a generated token may be used (within its lifetime); 0 means unlimited.
|
810
|
-
:param pulumi.Input[int] token_period: If set, indicates that the
|
811
|
-
token generated using this role should never expire. The token should be renewed within the
|
812
|
-
duration specified by this value. At each renewal, the token's TTL will be set to the
|
813
|
-
value of this field. Specified in seconds.
|
728
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
|
729
|
+
:param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
|
730
|
+
:param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
|
731
|
+
:param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
|
732
|
+
:param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
|
733
|
+
:param pulumi.Input[int] token_period: Generated Token's Period
|
814
734
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
|
815
|
-
:param pulumi.Input[int] token_ttl: The
|
816
|
-
|
817
|
-
:param pulumi.Input[str] token_type: The type of token that should be generated. Can be `service`,
|
818
|
-
`batch`, or `default` to use the mount's tuned default (which unless changed will be
|
819
|
-
`service` tokens). For token store roles, there are two additional possibilities:
|
820
|
-
`default-service` and `default-batch` which specify the type to return unless the client
|
821
|
-
requests a different type at generation time.
|
735
|
+
:param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
|
736
|
+
:param pulumi.Input[str] token_type: The type of token to generate, service or batch
|
822
737
|
"""
|
823
738
|
...
|
824
739
|
@overload
|
@@ -838,18 +753,18 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
838
753
|
import pulumi_vault as vault
|
839
754
|
|
840
755
|
example = vault.tokenauth.AuthBackendRole("example",
|
841
|
-
|
756
|
+
role_name="my-role",
|
842
757
|
allowed_policies=[
|
843
758
|
"dev",
|
844
759
|
"test",
|
845
760
|
],
|
846
761
|
disallowed_policies=["default"],
|
762
|
+
allowed_entity_aliases=["test_entity"],
|
847
763
|
orphan=True,
|
848
|
-
|
764
|
+
token_period=86400,
|
849
765
|
renewable=True,
|
850
|
-
role_name="my-role",
|
851
766
|
token_explicit_max_ttl=115200,
|
852
|
-
|
767
|
+
path_suffix="path-suffix")
|
853
768
|
```
|
854
769
|
|
855
770
|
## Import
|
@@ -857,7 +772,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
857
772
|
Token auth backend roles can be imported with `auth/token/roles/` followed by the `role_name`, e.g.
|
858
773
|
|
859
774
|
```sh
|
860
|
-
|
775
|
+
$ pulumi import vault:tokenauth/authBackendRole:AuthBackendRole example auth/token/roles/my-role
|
861
776
|
```
|
862
777
|
|
863
778
|
:param str resource_name: The name of the resource.
|
@@ -967,39 +882,21 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
967
882
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] disallowed_policies_globs: Set of disallowed policies with glob match for given role.
|
968
883
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
969
884
|
The value should not contain leading or trailing forward slashes.
|
970
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
885
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
971
886
|
*Available only for Vault Enterprise*.
|
972
887
|
:param pulumi.Input[bool] orphan: If true, tokens created against this policy will be orphan tokens.
|
973
888
|
:param pulumi.Input[str] path_suffix: Tokens created against this role will have the given suffix as part of their path in addition to the role name.
|
974
|
-
|
975
|
-
> Due to a bug the resource. This *will* cause all existing tokens issued by this role to be revoked.
|
976
889
|
:param pulumi.Input[bool] renewable: Whether to disable the ability of the token to be renewed past its initial TTL.
|
977
890
|
:param pulumi.Input[str] role_name: The name of the role.
|
978
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs:
|
979
|
-
|
980
|
-
|
981
|
-
:param pulumi.Input[
|
982
|
-
|
983
|
-
|
984
|
-
`token_max_ttl` would otherwise allow a renewal.
|
985
|
-
:param pulumi.Input[int] token_max_ttl: The maximum lifetime for generated tokens in number of seconds.
|
986
|
-
Its current value will be referenced at renewal time.
|
987
|
-
:param pulumi.Input[bool] token_no_default_policy: If set, the default policy will not be set on
|
988
|
-
generated tokens; otherwise it will be added to the policies set in token_policies.
|
989
|
-
:param pulumi.Input[int] token_num_uses: The [maximum number](https://www.vaultproject.io/api-docs/token#token_num_uses)
|
990
|
-
of times a generated token may be used (within its lifetime); 0 means unlimited.
|
991
|
-
:param pulumi.Input[int] token_period: If set, indicates that the
|
992
|
-
token generated using this role should never expire. The token should be renewed within the
|
993
|
-
duration specified by this value. At each renewal, the token's TTL will be set to the
|
994
|
-
value of this field. Specified in seconds.
|
891
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
|
892
|
+
:param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
|
893
|
+
:param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
|
894
|
+
:param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
|
895
|
+
:param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
|
896
|
+
:param pulumi.Input[int] token_period: Generated Token's Period
|
995
897
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
|
996
|
-
:param pulumi.Input[int] token_ttl: The
|
997
|
-
|
998
|
-
:param pulumi.Input[str] token_type: The type of token that should be generated. Can be `service`,
|
999
|
-
`batch`, or `default` to use the mount's tuned default (which unless changed will be
|
1000
|
-
`service` tokens). For token store roles, there are two additional possibilities:
|
1001
|
-
`default-service` and `default-batch` which specify the type to return unless the client
|
1002
|
-
requests a different type at generation time.
|
898
|
+
:param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
|
899
|
+
:param pulumi.Input[str] token_type: The type of token to generate, service or batch
|
1003
900
|
"""
|
1004
901
|
opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
|
1005
902
|
|
@@ -1072,7 +969,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1072
969
|
"""
|
1073
970
|
The namespace to provision the resource in.
|
1074
971
|
The value should not contain leading or trailing forward slashes.
|
1075
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
972
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
1076
973
|
*Available only for Vault Enterprise*.
|
1077
974
|
"""
|
1078
975
|
return pulumi.get(self, "namespace")
|
@@ -1090,8 +987,6 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1090
987
|
def path_suffix(self) -> pulumi.Output[Optional[str]]:
|
1091
988
|
"""
|
1092
989
|
Tokens created against this role will have the given suffix as part of their path in addition to the role name.
|
1093
|
-
|
1094
|
-
> Due to a bug the resource. This *will* cause all existing tokens issued by this role to be revoked.
|
1095
990
|
"""
|
1096
991
|
return pulumi.get(self, "path_suffix")
|
1097
992
|
|
@@ -1115,9 +1010,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1115
1010
|
@pulumi.getter(name="tokenBoundCidrs")
|
1116
1011
|
def token_bound_cidrs(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
1117
1012
|
"""
|
1118
|
-
|
1119
|
-
addresses which can authenticate successfully, and ties the resulting token to these blocks
|
1120
|
-
as well.
|
1013
|
+
Specifies the blocks of IP addresses which are allowed to use the generated token
|
1121
1014
|
"""
|
1122
1015
|
return pulumi.get(self, "token_bound_cidrs")
|
1123
1016
|
|
@@ -1125,10 +1018,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1125
1018
|
@pulumi.getter(name="tokenExplicitMaxTtl")
|
1126
1019
|
def token_explicit_max_ttl(self) -> pulumi.Output[Optional[int]]:
|
1127
1020
|
"""
|
1128
|
-
|
1129
|
-
[explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
|
1130
|
-
onto the token in number of seconds. This is a hard cap even if `token_ttl` and
|
1131
|
-
`token_max_ttl` would otherwise allow a renewal.
|
1021
|
+
Generated Token's Explicit Maximum TTL in seconds
|
1132
1022
|
"""
|
1133
1023
|
return pulumi.get(self, "token_explicit_max_ttl")
|
1134
1024
|
|
@@ -1136,8 +1026,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1136
1026
|
@pulumi.getter(name="tokenMaxTtl")
|
1137
1027
|
def token_max_ttl(self) -> pulumi.Output[Optional[int]]:
|
1138
1028
|
"""
|
1139
|
-
The maximum lifetime
|
1140
|
-
Its current value will be referenced at renewal time.
|
1029
|
+
The maximum lifetime of the generated token
|
1141
1030
|
"""
|
1142
1031
|
return pulumi.get(self, "token_max_ttl")
|
1143
1032
|
|
@@ -1145,8 +1034,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1145
1034
|
@pulumi.getter(name="tokenNoDefaultPolicy")
|
1146
1035
|
def token_no_default_policy(self) -> pulumi.Output[Optional[bool]]:
|
1147
1036
|
"""
|
1148
|
-
If
|
1149
|
-
generated tokens; otherwise it will be added to the policies set in token_policies.
|
1037
|
+
If true, the 'default' policy will not automatically be added to generated tokens
|
1150
1038
|
"""
|
1151
1039
|
return pulumi.get(self, "token_no_default_policy")
|
1152
1040
|
|
@@ -1154,8 +1042,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1154
1042
|
@pulumi.getter(name="tokenNumUses")
|
1155
1043
|
def token_num_uses(self) -> pulumi.Output[Optional[int]]:
|
1156
1044
|
"""
|
1157
|
-
The
|
1158
|
-
of times a generated token may be used (within its lifetime); 0 means unlimited.
|
1045
|
+
The maximum number of times a token may be used, a value of zero means unlimited
|
1159
1046
|
"""
|
1160
1047
|
return pulumi.get(self, "token_num_uses")
|
1161
1048
|
|
@@ -1163,10 +1050,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1163
1050
|
@pulumi.getter(name="tokenPeriod")
|
1164
1051
|
def token_period(self) -> pulumi.Output[Optional[int]]:
|
1165
1052
|
"""
|
1166
|
-
|
1167
|
-
token generated using this role should never expire. The token should be renewed within the
|
1168
|
-
duration specified by this value. At each renewal, the token's TTL will be set to the
|
1169
|
-
value of this field. Specified in seconds.
|
1053
|
+
Generated Token's Period
|
1170
1054
|
"""
|
1171
1055
|
return pulumi.get(self, "token_period")
|
1172
1056
|
|
@@ -1182,8 +1066,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1182
1066
|
@pulumi.getter(name="tokenTtl")
|
1183
1067
|
def token_ttl(self) -> pulumi.Output[Optional[int]]:
|
1184
1068
|
"""
|
1185
|
-
The
|
1186
|
-
Its current value will be referenced at renewal time.
|
1069
|
+
The initial ttl of the token to generate in seconds
|
1187
1070
|
"""
|
1188
1071
|
return pulumi.get(self, "token_ttl")
|
1189
1072
|
|
@@ -1191,11 +1074,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1191
1074
|
@pulumi.getter(name="tokenType")
|
1192
1075
|
def token_type(self) -> pulumi.Output[Optional[str]]:
|
1193
1076
|
"""
|
1194
|
-
The type of token
|
1195
|
-
`batch`, or `default` to use the mount's tuned default (which unless changed will be
|
1196
|
-
`service` tokens). For token store roles, there are two additional possibilities:
|
1197
|
-
`default-service` and `default-batch` which specify the type to return unless the client
|
1198
|
-
requests a different type at generation time.
|
1077
|
+
The type of token to generate, service or batch
|
1199
1078
|
"""
|
1200
1079
|
return pulumi.get(self, "token_type")
|
1201
1080
|
|