pulumi-vault 5.21.0a1709368526__py3-none-any.whl → 6.5.0a1736836139__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +52 -0
- pulumi_vault/_inputs.py +560 -0
- pulumi_vault/_utilities.py +41 -5
- pulumi_vault/ad/get_access_credentials.py +26 -9
- pulumi_vault/ad/secret_backend.py +16 -142
- pulumi_vault/ad/secret_library.py +16 -9
- pulumi_vault/ad/secret_role.py +14 -9
- pulumi_vault/alicloud/auth_backend_role.py +76 -190
- pulumi_vault/approle/auth_backend_login.py +12 -7
- pulumi_vault/approle/auth_backend_role.py +77 -191
- pulumi_vault/approle/auth_backend_role_secret_id.py +106 -7
- pulumi_vault/approle/get_auth_backend_role_id.py +18 -5
- pulumi_vault/audit.py +30 -21
- pulumi_vault/audit_request_header.py +11 -2
- pulumi_vault/auth_backend.py +66 -14
- pulumi_vault/aws/auth_backend_cert.py +18 -9
- pulumi_vault/aws/auth_backend_client.py +267 -22
- pulumi_vault/aws/auth_backend_config_identity.py +14 -9
- pulumi_vault/aws/auth_backend_identity_whitelist.py +20 -15
- pulumi_vault/aws/auth_backend_login.py +19 -22
- pulumi_vault/aws/auth_backend_role.py +77 -191
- pulumi_vault/aws/auth_backend_role_tag.py +12 -7
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -13
- pulumi_vault/aws/auth_backend_sts_role.py +14 -9
- pulumi_vault/aws/get_access_credentials.py +38 -9
- pulumi_vault/aws/get_static_access_credentials.py +19 -5
- pulumi_vault/aws/secret_backend.py +77 -9
- pulumi_vault/aws/secret_backend_role.py +185 -9
- pulumi_vault/aws/secret_backend_static_role.py +20 -11
- pulumi_vault/azure/_inputs.py +24 -0
- pulumi_vault/azure/auth_backend_config.py +153 -15
- pulumi_vault/azure/auth_backend_role.py +77 -191
- pulumi_vault/azure/backend.py +227 -21
- pulumi_vault/azure/backend_role.py +42 -37
- pulumi_vault/azure/get_access_credentials.py +41 -7
- pulumi_vault/azure/outputs.py +5 -0
- pulumi_vault/cert_auth_backend_role.py +87 -267
- pulumi_vault/config/__init__.pyi +5 -0
- pulumi_vault/config/_inputs.py +73 -0
- pulumi_vault/config/outputs.py +35 -0
- pulumi_vault/config/ui_custom_message.py +529 -0
- pulumi_vault/config/vars.py +5 -0
- pulumi_vault/consul/secret_backend.py +28 -19
- pulumi_vault/consul/secret_backend_role.py +18 -78
- pulumi_vault/database/_inputs.py +2770 -881
- pulumi_vault/database/outputs.py +721 -838
- pulumi_vault/database/secret_backend_connection.py +119 -112
- pulumi_vault/database/secret_backend_role.py +31 -22
- pulumi_vault/database/secret_backend_static_role.py +87 -13
- pulumi_vault/database/secrets_mount.py +427 -136
- pulumi_vault/egp_policy.py +16 -11
- pulumi_vault/gcp/_inputs.py +111 -0
- pulumi_vault/gcp/auth_backend.py +250 -33
- pulumi_vault/gcp/auth_backend_role.py +77 -269
- pulumi_vault/gcp/get_auth_backend_role.py +43 -5
- pulumi_vault/gcp/outputs.py +5 -0
- pulumi_vault/gcp/secret_backend.py +287 -12
- pulumi_vault/gcp/secret_impersonated_account.py +76 -15
- pulumi_vault/gcp/secret_roleset.py +31 -24
- pulumi_vault/gcp/secret_static_account.py +39 -32
- pulumi_vault/generic/endpoint.py +24 -17
- pulumi_vault/generic/get_secret.py +64 -8
- pulumi_vault/generic/secret.py +21 -16
- pulumi_vault/get_auth_backend.py +24 -7
- pulumi_vault/get_auth_backends.py +51 -9
- pulumi_vault/get_namespace.py +226 -0
- pulumi_vault/get_namespaces.py +153 -0
- pulumi_vault/get_nomad_access_token.py +31 -11
- pulumi_vault/get_policy_document.py +34 -19
- pulumi_vault/get_raft_autopilot_state.py +29 -10
- pulumi_vault/github/_inputs.py +55 -0
- pulumi_vault/github/auth_backend.py +19 -14
- pulumi_vault/github/outputs.py +5 -0
- pulumi_vault/github/team.py +16 -11
- pulumi_vault/github/user.py +16 -11
- pulumi_vault/identity/entity.py +20 -13
- pulumi_vault/identity/entity_alias.py +20 -13
- pulumi_vault/identity/entity_policies.py +28 -11
- pulumi_vault/identity/get_entity.py +42 -10
- pulumi_vault/identity/get_group.py +47 -9
- pulumi_vault/identity/get_oidc_client_creds.py +21 -7
- pulumi_vault/identity/get_oidc_openid_config.py +39 -9
- pulumi_vault/identity/get_oidc_public_keys.py +29 -10
- pulumi_vault/identity/group.py +58 -39
- pulumi_vault/identity/group_alias.py +16 -9
- pulumi_vault/identity/group_member_entity_ids.py +28 -66
- pulumi_vault/identity/group_member_group_ids.py +40 -19
- pulumi_vault/identity/group_policies.py +20 -7
- pulumi_vault/identity/mfa_duo.py +11 -6
- pulumi_vault/identity/mfa_login_enforcement.py +15 -6
- pulumi_vault/identity/mfa_okta.py +11 -6
- pulumi_vault/identity/mfa_pingid.py +7 -2
- pulumi_vault/identity/mfa_totp.py +7 -2
- pulumi_vault/identity/oidc.py +12 -7
- pulumi_vault/identity/oidc_assignment.py +24 -11
- pulumi_vault/identity/oidc_client.py +36 -23
- pulumi_vault/identity/oidc_key.py +30 -17
- pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -15
- pulumi_vault/identity/oidc_provider.py +36 -21
- pulumi_vault/identity/oidc_role.py +42 -21
- pulumi_vault/identity/oidc_scope.py +20 -13
- pulumi_vault/identity/outputs.py +8 -3
- pulumi_vault/jwt/_inputs.py +55 -0
- pulumi_vault/jwt/auth_backend.py +45 -40
- pulumi_vault/jwt/auth_backend_role.py +133 -254
- pulumi_vault/jwt/outputs.py +5 -0
- pulumi_vault/kmip/secret_backend.py +24 -19
- pulumi_vault/kmip/secret_role.py +14 -9
- pulumi_vault/kmip/secret_scope.py +14 -9
- pulumi_vault/kubernetes/auth_backend_config.py +57 -5
- pulumi_vault/kubernetes/auth_backend_role.py +70 -177
- pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
- pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
- pulumi_vault/kubernetes/get_service_account_token.py +39 -11
- pulumi_vault/kubernetes/secret_backend.py +316 -27
- pulumi_vault/kubernetes/secret_backend_role.py +137 -46
- pulumi_vault/kv/_inputs.py +36 -4
- pulumi_vault/kv/get_secret.py +25 -8
- pulumi_vault/kv/get_secret_subkeys_v2.py +33 -10
- pulumi_vault/kv/get_secret_v2.py +85 -9
- pulumi_vault/kv/get_secrets_list.py +24 -11
- pulumi_vault/kv/get_secrets_list_v2.py +37 -15
- pulumi_vault/kv/outputs.py +8 -3
- pulumi_vault/kv/secret.py +23 -16
- pulumi_vault/kv/secret_backend_v2.py +20 -11
- pulumi_vault/kv/secret_v2.py +59 -50
- pulumi_vault/ldap/auth_backend.py +127 -166
- pulumi_vault/ldap/auth_backend_group.py +14 -9
- pulumi_vault/ldap/auth_backend_user.py +14 -9
- pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
- pulumi_vault/ldap/get_static_credentials.py +24 -5
- pulumi_vault/ldap/secret_backend.py +354 -82
- pulumi_vault/ldap/secret_backend_dynamic_role.py +18 -11
- pulumi_vault/ldap/secret_backend_library_set.py +16 -9
- pulumi_vault/ldap/secret_backend_static_role.py +73 -12
- pulumi_vault/managed/_inputs.py +289 -132
- pulumi_vault/managed/keys.py +29 -57
- pulumi_vault/managed/outputs.py +89 -132
- pulumi_vault/mfa_duo.py +18 -11
- pulumi_vault/mfa_okta.py +18 -11
- pulumi_vault/mfa_pingid.py +18 -11
- pulumi_vault/mfa_totp.py +24 -17
- pulumi_vault/mongodbatlas/secret_backend.py +20 -15
- pulumi_vault/mongodbatlas/secret_role.py +47 -38
- pulumi_vault/mount.py +391 -51
- pulumi_vault/namespace.py +68 -83
- pulumi_vault/nomad_secret_backend.py +18 -13
- pulumi_vault/nomad_secret_role.py +14 -9
- pulumi_vault/okta/_inputs.py +47 -8
- pulumi_vault/okta/auth_backend.py +485 -39
- pulumi_vault/okta/auth_backend_group.py +14 -9
- pulumi_vault/okta/auth_backend_user.py +14 -9
- pulumi_vault/okta/outputs.py +13 -8
- pulumi_vault/outputs.py +5 -0
- pulumi_vault/password_policy.py +20 -13
- pulumi_vault/pkisecret/__init__.py +3 -0
- pulumi_vault/pkisecret/_inputs.py +81 -0
- pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
- pulumi_vault/pkisecret/backend_config_est.py +619 -0
- pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
- pulumi_vault/pkisecret/get_backend_issuer.py +67 -9
- pulumi_vault/pkisecret/get_backend_issuers.py +21 -8
- pulumi_vault/pkisecret/get_backend_key.py +24 -9
- pulumi_vault/pkisecret/get_backend_keys.py +21 -8
- pulumi_vault/pkisecret/outputs.py +69 -0
- pulumi_vault/pkisecret/secret_backend_cert.py +18 -11
- pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -11
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +14 -9
- pulumi_vault/pkisecret/secret_backend_config_urls.py +67 -11
- pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -9
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -11
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -17
- pulumi_vault/pkisecret/secret_backend_issuer.py +14 -9
- pulumi_vault/pkisecret/secret_backend_key.py +14 -9
- pulumi_vault/pkisecret/secret_backend_role.py +21 -14
- pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -48
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -56
- pulumi_vault/pkisecret/secret_backend_sign.py +18 -54
- pulumi_vault/plugin.py +595 -0
- pulumi_vault/plugin_pinned_version.py +298 -0
- pulumi_vault/policy.py +14 -9
- pulumi_vault/provider.py +48 -53
- pulumi_vault/pulumi-plugin.json +2 -1
- pulumi_vault/quota_lease_count.py +60 -6
- pulumi_vault/quota_rate_limit.py +56 -2
- pulumi_vault/rabbitmq/_inputs.py +61 -0
- pulumi_vault/rabbitmq/outputs.py +5 -0
- pulumi_vault/rabbitmq/secret_backend.py +18 -13
- pulumi_vault/rabbitmq/secret_backend_role.py +54 -47
- pulumi_vault/raft_autopilot.py +14 -9
- pulumi_vault/raft_snapshot_agent_config.py +129 -224
- pulumi_vault/rgp_policy.py +14 -9
- pulumi_vault/saml/auth_backend.py +22 -17
- pulumi_vault/saml/auth_backend_role.py +92 -197
- pulumi_vault/secrets/__init__.py +3 -0
- pulumi_vault/secrets/_inputs.py +110 -0
- pulumi_vault/secrets/outputs.py +94 -0
- pulumi_vault/secrets/sync_association.py +56 -71
- pulumi_vault/secrets/sync_aws_destination.py +242 -27
- pulumi_vault/secrets/sync_azure_destination.py +92 -31
- pulumi_vault/secrets/sync_config.py +9 -4
- pulumi_vault/secrets/sync_gcp_destination.py +158 -25
- pulumi_vault/secrets/sync_gh_destination.py +189 -13
- pulumi_vault/secrets/sync_github_apps.py +375 -0
- pulumi_vault/secrets/sync_vercel_destination.py +74 -13
- pulumi_vault/ssh/_inputs.py +28 -28
- pulumi_vault/ssh/outputs.py +11 -28
- pulumi_vault/ssh/secret_backend_ca.py +108 -9
- pulumi_vault/ssh/secret_backend_role.py +85 -118
- pulumi_vault/terraformcloud/secret_backend.py +7 -54
- pulumi_vault/terraformcloud/secret_creds.py +14 -20
- pulumi_vault/terraformcloud/secret_role.py +16 -74
- pulumi_vault/token.py +28 -23
- pulumi_vault/tokenauth/auth_backend_role.py +78 -199
- pulumi_vault/transform/alphabet.py +16 -9
- pulumi_vault/transform/get_decode.py +45 -17
- pulumi_vault/transform/get_encode.py +45 -17
- pulumi_vault/transform/role.py +16 -9
- pulumi_vault/transform/template.py +30 -21
- pulumi_vault/transform/transformation.py +12 -7
- pulumi_vault/transit/get_decrypt.py +26 -21
- pulumi_vault/transit/get_encrypt.py +24 -19
- pulumi_vault/transit/secret_backend_key.py +27 -93
- pulumi_vault/transit/secret_cache_config.py +12 -7
- {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/METADATA +8 -7
- pulumi_vault-6.5.0a1736836139.dist-info/RECORD +256 -0
- {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/WHEEL +1 -1
- pulumi_vault-5.21.0a1709368526.dist-info/RECORD +0 -244
- {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/top_level.txt +0 -0
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
|
12
17
|
__all__ = ['AuthBackendClientArgs', 'AuthBackendClient']
|
@@ -19,7 +24,11 @@ class AuthBackendClientArgs:
|
|
19
24
|
ec2_endpoint: Optional[pulumi.Input[str]] = None,
|
20
25
|
iam_endpoint: Optional[pulumi.Input[str]] = None,
|
21
26
|
iam_server_id_header_value: Optional[pulumi.Input[str]] = None,
|
27
|
+
identity_token_audience: Optional[pulumi.Input[str]] = None,
|
28
|
+
identity_token_ttl: Optional[pulumi.Input[int]] = None,
|
29
|
+
max_retries: Optional[pulumi.Input[int]] = None,
|
22
30
|
namespace: Optional[pulumi.Input[str]] = None,
|
31
|
+
role_arn: Optional[pulumi.Input[str]] = None,
|
23
32
|
secret_key: Optional[pulumi.Input[str]] = None,
|
24
33
|
sts_endpoint: Optional[pulumi.Input[str]] = None,
|
25
34
|
sts_region: Optional[pulumi.Input[str]] = None,
|
@@ -27,7 +36,7 @@ class AuthBackendClientArgs:
|
|
27
36
|
"""
|
28
37
|
The set of arguments for constructing a AuthBackendClient resource.
|
29
38
|
:param pulumi.Input[str] access_key: The AWS access key that Vault should use for the
|
30
|
-
auth backend.
|
39
|
+
auth backend. Mutually exclusive with `identity_token_audience`.
|
31
40
|
:param pulumi.Input[str] backend: The path the AWS auth backend being configured was
|
32
41
|
mounted at. Defaults to `aws`.
|
33
42
|
:param pulumi.Input[str] ec2_endpoint: Override the URL Vault uses when making EC2 API
|
@@ -37,10 +46,18 @@ class AuthBackendClientArgs:
|
|
37
46
|
:param pulumi.Input[str] iam_server_id_header_value: The value to require in the
|
38
47
|
`X-Vault-AWS-IAM-Server-ID` header as part of `GetCallerIdentity` requests
|
39
48
|
that are used in the IAM auth method.
|
49
|
+
:param pulumi.Input[str] identity_token_audience: The audience claim value. Mutually exclusive with `access_key`.
|
50
|
+
Requires Vault 1.17+. *Available only for Vault Enterprise*
|
51
|
+
:param pulumi.Input[int] identity_token_ttl: The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
|
52
|
+
*Available only for Vault Enterprise*
|
53
|
+
:param pulumi.Input[int] max_retries: Number of max retries the client should use for recoverable errors.
|
54
|
+
The default `-1` falls back to the AWS SDK's default behavior.
|
40
55
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
41
56
|
The value should not contain leading or trailing forward slashes.
|
42
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
57
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
43
58
|
*Available only for Vault Enterprise*.
|
59
|
+
:param pulumi.Input[str] role_arn: Role ARN to assume for plugin identity token federation. Requires Vault 1.17+.
|
60
|
+
*Available only for Vault Enterprise*
|
44
61
|
:param pulumi.Input[str] secret_key: The AWS secret key that Vault should use for the
|
45
62
|
auth backend.
|
46
63
|
:param pulumi.Input[str] sts_endpoint: Override the URL Vault uses when making STS API
|
@@ -63,8 +80,16 @@ class AuthBackendClientArgs:
|
|
63
80
|
pulumi.set(__self__, "iam_endpoint", iam_endpoint)
|
64
81
|
if iam_server_id_header_value is not None:
|
65
82
|
pulumi.set(__self__, "iam_server_id_header_value", iam_server_id_header_value)
|
83
|
+
if identity_token_audience is not None:
|
84
|
+
pulumi.set(__self__, "identity_token_audience", identity_token_audience)
|
85
|
+
if identity_token_ttl is not None:
|
86
|
+
pulumi.set(__self__, "identity_token_ttl", identity_token_ttl)
|
87
|
+
if max_retries is not None:
|
88
|
+
pulumi.set(__self__, "max_retries", max_retries)
|
66
89
|
if namespace is not None:
|
67
90
|
pulumi.set(__self__, "namespace", namespace)
|
91
|
+
if role_arn is not None:
|
92
|
+
pulumi.set(__self__, "role_arn", role_arn)
|
68
93
|
if secret_key is not None:
|
69
94
|
pulumi.set(__self__, "secret_key", secret_key)
|
70
95
|
if sts_endpoint is not None:
|
@@ -79,7 +104,7 @@ class AuthBackendClientArgs:
|
|
79
104
|
def access_key(self) -> Optional[pulumi.Input[str]]:
|
80
105
|
"""
|
81
106
|
The AWS access key that Vault should use for the
|
82
|
-
auth backend.
|
107
|
+
auth backend. Mutually exclusive with `identity_token_audience`.
|
83
108
|
"""
|
84
109
|
return pulumi.get(self, "access_key")
|
85
110
|
|
@@ -140,13 +165,52 @@ class AuthBackendClientArgs:
|
|
140
165
|
def iam_server_id_header_value(self, value: Optional[pulumi.Input[str]]):
|
141
166
|
pulumi.set(self, "iam_server_id_header_value", value)
|
142
167
|
|
168
|
+
@property
|
169
|
+
@pulumi.getter(name="identityTokenAudience")
|
170
|
+
def identity_token_audience(self) -> Optional[pulumi.Input[str]]:
|
171
|
+
"""
|
172
|
+
The audience claim value. Mutually exclusive with `access_key`.
|
173
|
+
Requires Vault 1.17+. *Available only for Vault Enterprise*
|
174
|
+
"""
|
175
|
+
return pulumi.get(self, "identity_token_audience")
|
176
|
+
|
177
|
+
@identity_token_audience.setter
|
178
|
+
def identity_token_audience(self, value: Optional[pulumi.Input[str]]):
|
179
|
+
pulumi.set(self, "identity_token_audience", value)
|
180
|
+
|
181
|
+
@property
|
182
|
+
@pulumi.getter(name="identityTokenTtl")
|
183
|
+
def identity_token_ttl(self) -> Optional[pulumi.Input[int]]:
|
184
|
+
"""
|
185
|
+
The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
|
186
|
+
*Available only for Vault Enterprise*
|
187
|
+
"""
|
188
|
+
return pulumi.get(self, "identity_token_ttl")
|
189
|
+
|
190
|
+
@identity_token_ttl.setter
|
191
|
+
def identity_token_ttl(self, value: Optional[pulumi.Input[int]]):
|
192
|
+
pulumi.set(self, "identity_token_ttl", value)
|
193
|
+
|
194
|
+
@property
|
195
|
+
@pulumi.getter(name="maxRetries")
|
196
|
+
def max_retries(self) -> Optional[pulumi.Input[int]]:
|
197
|
+
"""
|
198
|
+
Number of max retries the client should use for recoverable errors.
|
199
|
+
The default `-1` falls back to the AWS SDK's default behavior.
|
200
|
+
"""
|
201
|
+
return pulumi.get(self, "max_retries")
|
202
|
+
|
203
|
+
@max_retries.setter
|
204
|
+
def max_retries(self, value: Optional[pulumi.Input[int]]):
|
205
|
+
pulumi.set(self, "max_retries", value)
|
206
|
+
|
143
207
|
@property
|
144
208
|
@pulumi.getter
|
145
209
|
def namespace(self) -> Optional[pulumi.Input[str]]:
|
146
210
|
"""
|
147
211
|
The namespace to provision the resource in.
|
148
212
|
The value should not contain leading or trailing forward slashes.
|
149
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
213
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
150
214
|
*Available only for Vault Enterprise*.
|
151
215
|
"""
|
152
216
|
return pulumi.get(self, "namespace")
|
@@ -155,6 +219,19 @@ class AuthBackendClientArgs:
|
|
155
219
|
def namespace(self, value: Optional[pulumi.Input[str]]):
|
156
220
|
pulumi.set(self, "namespace", value)
|
157
221
|
|
222
|
+
@property
|
223
|
+
@pulumi.getter(name="roleArn")
|
224
|
+
def role_arn(self) -> Optional[pulumi.Input[str]]:
|
225
|
+
"""
|
226
|
+
Role ARN to assume for plugin identity token federation. Requires Vault 1.17+.
|
227
|
+
*Available only for Vault Enterprise*
|
228
|
+
"""
|
229
|
+
return pulumi.get(self, "role_arn")
|
230
|
+
|
231
|
+
@role_arn.setter
|
232
|
+
def role_arn(self, value: Optional[pulumi.Input[str]]):
|
233
|
+
pulumi.set(self, "role_arn", value)
|
234
|
+
|
158
235
|
@property
|
159
236
|
@pulumi.getter(name="secretKey")
|
160
237
|
def secret_key(self) -> Optional[pulumi.Input[str]]:
|
@@ -219,7 +296,11 @@ class _AuthBackendClientState:
|
|
219
296
|
ec2_endpoint: Optional[pulumi.Input[str]] = None,
|
220
297
|
iam_endpoint: Optional[pulumi.Input[str]] = None,
|
221
298
|
iam_server_id_header_value: Optional[pulumi.Input[str]] = None,
|
299
|
+
identity_token_audience: Optional[pulumi.Input[str]] = None,
|
300
|
+
identity_token_ttl: Optional[pulumi.Input[int]] = None,
|
301
|
+
max_retries: Optional[pulumi.Input[int]] = None,
|
222
302
|
namespace: Optional[pulumi.Input[str]] = None,
|
303
|
+
role_arn: Optional[pulumi.Input[str]] = None,
|
223
304
|
secret_key: Optional[pulumi.Input[str]] = None,
|
224
305
|
sts_endpoint: Optional[pulumi.Input[str]] = None,
|
225
306
|
sts_region: Optional[pulumi.Input[str]] = None,
|
@@ -227,7 +308,7 @@ class _AuthBackendClientState:
|
|
227
308
|
"""
|
228
309
|
Input properties used for looking up and filtering AuthBackendClient resources.
|
229
310
|
:param pulumi.Input[str] access_key: The AWS access key that Vault should use for the
|
230
|
-
auth backend.
|
311
|
+
auth backend. Mutually exclusive with `identity_token_audience`.
|
231
312
|
:param pulumi.Input[str] backend: The path the AWS auth backend being configured was
|
232
313
|
mounted at. Defaults to `aws`.
|
233
314
|
:param pulumi.Input[str] ec2_endpoint: Override the URL Vault uses when making EC2 API
|
@@ -237,10 +318,18 @@ class _AuthBackendClientState:
|
|
237
318
|
:param pulumi.Input[str] iam_server_id_header_value: The value to require in the
|
238
319
|
`X-Vault-AWS-IAM-Server-ID` header as part of `GetCallerIdentity` requests
|
239
320
|
that are used in the IAM auth method.
|
321
|
+
:param pulumi.Input[str] identity_token_audience: The audience claim value. Mutually exclusive with `access_key`.
|
322
|
+
Requires Vault 1.17+. *Available only for Vault Enterprise*
|
323
|
+
:param pulumi.Input[int] identity_token_ttl: The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
|
324
|
+
*Available only for Vault Enterprise*
|
325
|
+
:param pulumi.Input[int] max_retries: Number of max retries the client should use for recoverable errors.
|
326
|
+
The default `-1` falls back to the AWS SDK's default behavior.
|
240
327
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
241
328
|
The value should not contain leading or trailing forward slashes.
|
242
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
329
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
243
330
|
*Available only for Vault Enterprise*.
|
331
|
+
:param pulumi.Input[str] role_arn: Role ARN to assume for plugin identity token federation. Requires Vault 1.17+.
|
332
|
+
*Available only for Vault Enterprise*
|
244
333
|
:param pulumi.Input[str] secret_key: The AWS secret key that Vault should use for the
|
245
334
|
auth backend.
|
246
335
|
:param pulumi.Input[str] sts_endpoint: Override the URL Vault uses when making STS API
|
@@ -263,8 +352,16 @@ class _AuthBackendClientState:
|
|
263
352
|
pulumi.set(__self__, "iam_endpoint", iam_endpoint)
|
264
353
|
if iam_server_id_header_value is not None:
|
265
354
|
pulumi.set(__self__, "iam_server_id_header_value", iam_server_id_header_value)
|
355
|
+
if identity_token_audience is not None:
|
356
|
+
pulumi.set(__self__, "identity_token_audience", identity_token_audience)
|
357
|
+
if identity_token_ttl is not None:
|
358
|
+
pulumi.set(__self__, "identity_token_ttl", identity_token_ttl)
|
359
|
+
if max_retries is not None:
|
360
|
+
pulumi.set(__self__, "max_retries", max_retries)
|
266
361
|
if namespace is not None:
|
267
362
|
pulumi.set(__self__, "namespace", namespace)
|
363
|
+
if role_arn is not None:
|
364
|
+
pulumi.set(__self__, "role_arn", role_arn)
|
268
365
|
if secret_key is not None:
|
269
366
|
pulumi.set(__self__, "secret_key", secret_key)
|
270
367
|
if sts_endpoint is not None:
|
@@ -279,7 +376,7 @@ class _AuthBackendClientState:
|
|
279
376
|
def access_key(self) -> Optional[pulumi.Input[str]]:
|
280
377
|
"""
|
281
378
|
The AWS access key that Vault should use for the
|
282
|
-
auth backend.
|
379
|
+
auth backend. Mutually exclusive with `identity_token_audience`.
|
283
380
|
"""
|
284
381
|
return pulumi.get(self, "access_key")
|
285
382
|
|
@@ -340,13 +437,52 @@ class _AuthBackendClientState:
|
|
340
437
|
def iam_server_id_header_value(self, value: Optional[pulumi.Input[str]]):
|
341
438
|
pulumi.set(self, "iam_server_id_header_value", value)
|
342
439
|
|
440
|
+
@property
|
441
|
+
@pulumi.getter(name="identityTokenAudience")
|
442
|
+
def identity_token_audience(self) -> Optional[pulumi.Input[str]]:
|
443
|
+
"""
|
444
|
+
The audience claim value. Mutually exclusive with `access_key`.
|
445
|
+
Requires Vault 1.17+. *Available only for Vault Enterprise*
|
446
|
+
"""
|
447
|
+
return pulumi.get(self, "identity_token_audience")
|
448
|
+
|
449
|
+
@identity_token_audience.setter
|
450
|
+
def identity_token_audience(self, value: Optional[pulumi.Input[str]]):
|
451
|
+
pulumi.set(self, "identity_token_audience", value)
|
452
|
+
|
453
|
+
@property
|
454
|
+
@pulumi.getter(name="identityTokenTtl")
|
455
|
+
def identity_token_ttl(self) -> Optional[pulumi.Input[int]]:
|
456
|
+
"""
|
457
|
+
The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
|
458
|
+
*Available only for Vault Enterprise*
|
459
|
+
"""
|
460
|
+
return pulumi.get(self, "identity_token_ttl")
|
461
|
+
|
462
|
+
@identity_token_ttl.setter
|
463
|
+
def identity_token_ttl(self, value: Optional[pulumi.Input[int]]):
|
464
|
+
pulumi.set(self, "identity_token_ttl", value)
|
465
|
+
|
466
|
+
@property
|
467
|
+
@pulumi.getter(name="maxRetries")
|
468
|
+
def max_retries(self) -> Optional[pulumi.Input[int]]:
|
469
|
+
"""
|
470
|
+
Number of max retries the client should use for recoverable errors.
|
471
|
+
The default `-1` falls back to the AWS SDK's default behavior.
|
472
|
+
"""
|
473
|
+
return pulumi.get(self, "max_retries")
|
474
|
+
|
475
|
+
@max_retries.setter
|
476
|
+
def max_retries(self, value: Optional[pulumi.Input[int]]):
|
477
|
+
pulumi.set(self, "max_retries", value)
|
478
|
+
|
343
479
|
@property
|
344
480
|
@pulumi.getter
|
345
481
|
def namespace(self) -> Optional[pulumi.Input[str]]:
|
346
482
|
"""
|
347
483
|
The namespace to provision the resource in.
|
348
484
|
The value should not contain leading or trailing forward slashes.
|
349
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
485
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
350
486
|
*Available only for Vault Enterprise*.
|
351
487
|
"""
|
352
488
|
return pulumi.get(self, "namespace")
|
@@ -355,6 +491,19 @@ class _AuthBackendClientState:
|
|
355
491
|
def namespace(self, value: Optional[pulumi.Input[str]]):
|
356
492
|
pulumi.set(self, "namespace", value)
|
357
493
|
|
494
|
+
@property
|
495
|
+
@pulumi.getter(name="roleArn")
|
496
|
+
def role_arn(self) -> Optional[pulumi.Input[str]]:
|
497
|
+
"""
|
498
|
+
Role ARN to assume for plugin identity token federation. Requires Vault 1.17+.
|
499
|
+
*Available only for Vault Enterprise*
|
500
|
+
"""
|
501
|
+
return pulumi.get(self, "role_arn")
|
502
|
+
|
503
|
+
@role_arn.setter
|
504
|
+
def role_arn(self, value: Optional[pulumi.Input[str]]):
|
505
|
+
pulumi.set(self, "role_arn", value)
|
506
|
+
|
358
507
|
@property
|
359
508
|
@pulumi.getter(name="secretKey")
|
360
509
|
def secret_key(self) -> Optional[pulumi.Input[str]]:
|
@@ -421,7 +570,11 @@ class AuthBackendClient(pulumi.CustomResource):
|
|
421
570
|
ec2_endpoint: Optional[pulumi.Input[str]] = None,
|
422
571
|
iam_endpoint: Optional[pulumi.Input[str]] = None,
|
423
572
|
iam_server_id_header_value: Optional[pulumi.Input[str]] = None,
|
573
|
+
identity_token_audience: Optional[pulumi.Input[str]] = None,
|
574
|
+
identity_token_ttl: Optional[pulumi.Input[int]] = None,
|
575
|
+
max_retries: Optional[pulumi.Input[int]] = None,
|
424
576
|
namespace: Optional[pulumi.Input[str]] = None,
|
577
|
+
role_arn: Optional[pulumi.Input[str]] = None,
|
425
578
|
secret_key: Optional[pulumi.Input[str]] = None,
|
426
579
|
sts_endpoint: Optional[pulumi.Input[str]] = None,
|
427
580
|
sts_region: Optional[pulumi.Input[str]] = None,
|
@@ -430,13 +583,25 @@ class AuthBackendClient(pulumi.CustomResource):
|
|
430
583
|
"""
|
431
584
|
## Example Usage
|
432
585
|
|
586
|
+
You can setup the AWS auth engine with Workload Identity Federation (WIF) for a secret-less configuration:
|
433
587
|
```python
|
434
588
|
import pulumi
|
435
589
|
import pulumi_vault as vault
|
436
590
|
|
437
|
-
|
438
|
-
example_auth_backend_client = vault.aws.AuthBackendClient("
|
439
|
-
|
591
|
+
example = vault.AuthBackend("example", type="aws")
|
592
|
+
example_auth_backend_client = vault.aws.AuthBackendClient("example",
|
593
|
+
identity_token_audience="<TOKEN_AUDIENCE>",
|
594
|
+
identity_token_ttl="<TOKEN_TTL>",
|
595
|
+
role_arn="<AWS_ROLE_ARN>")
|
596
|
+
```
|
597
|
+
|
598
|
+
```python
|
599
|
+
import pulumi
|
600
|
+
import pulumi_vault as vault
|
601
|
+
|
602
|
+
example = vault.AuthBackend("example", type="aws")
|
603
|
+
example_auth_backend_client = vault.aws.AuthBackendClient("example",
|
604
|
+
backend=example.path,
|
440
605
|
access_key="INSERT_AWS_ACCESS_KEY",
|
441
606
|
secret_key="INSERT_AWS_SECRET_KEY")
|
442
607
|
```
|
@@ -446,13 +611,13 @@ class AuthBackendClient(pulumi.CustomResource):
|
|
446
611
|
AWS auth backend clients can be imported using `auth/`, the `backend` path, and `/config/client` e.g.
|
447
612
|
|
448
613
|
```sh
|
449
|
-
|
614
|
+
$ pulumi import vault:aws/authBackendClient:AuthBackendClient example auth/aws/config/client
|
450
615
|
```
|
451
616
|
|
452
617
|
:param str resource_name: The name of the resource.
|
453
618
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
454
619
|
:param pulumi.Input[str] access_key: The AWS access key that Vault should use for the
|
455
|
-
auth backend.
|
620
|
+
auth backend. Mutually exclusive with `identity_token_audience`.
|
456
621
|
:param pulumi.Input[str] backend: The path the AWS auth backend being configured was
|
457
622
|
mounted at. Defaults to `aws`.
|
458
623
|
:param pulumi.Input[str] ec2_endpoint: Override the URL Vault uses when making EC2 API
|
@@ -462,10 +627,18 @@ class AuthBackendClient(pulumi.CustomResource):
|
|
462
627
|
:param pulumi.Input[str] iam_server_id_header_value: The value to require in the
|
463
628
|
`X-Vault-AWS-IAM-Server-ID` header as part of `GetCallerIdentity` requests
|
464
629
|
that are used in the IAM auth method.
|
630
|
+
:param pulumi.Input[str] identity_token_audience: The audience claim value. Mutually exclusive with `access_key`.
|
631
|
+
Requires Vault 1.17+. *Available only for Vault Enterprise*
|
632
|
+
:param pulumi.Input[int] identity_token_ttl: The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
|
633
|
+
*Available only for Vault Enterprise*
|
634
|
+
:param pulumi.Input[int] max_retries: Number of max retries the client should use for recoverable errors.
|
635
|
+
The default `-1` falls back to the AWS SDK's default behavior.
|
465
636
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
466
637
|
The value should not contain leading or trailing forward slashes.
|
467
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
638
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
468
639
|
*Available only for Vault Enterprise*.
|
640
|
+
:param pulumi.Input[str] role_arn: Role ARN to assume for plugin identity token federation. Requires Vault 1.17+.
|
641
|
+
*Available only for Vault Enterprise*
|
469
642
|
:param pulumi.Input[str] secret_key: The AWS secret key that Vault should use for the
|
470
643
|
auth backend.
|
471
644
|
:param pulumi.Input[str] sts_endpoint: Override the URL Vault uses when making STS API
|
@@ -487,13 +660,25 @@ class AuthBackendClient(pulumi.CustomResource):
|
|
487
660
|
"""
|
488
661
|
## Example Usage
|
489
662
|
|
663
|
+
You can setup the AWS auth engine with Workload Identity Federation (WIF) for a secret-less configuration:
|
664
|
+
```python
|
665
|
+
import pulumi
|
666
|
+
import pulumi_vault as vault
|
667
|
+
|
668
|
+
example = vault.AuthBackend("example", type="aws")
|
669
|
+
example_auth_backend_client = vault.aws.AuthBackendClient("example",
|
670
|
+
identity_token_audience="<TOKEN_AUDIENCE>",
|
671
|
+
identity_token_ttl="<TOKEN_TTL>",
|
672
|
+
role_arn="<AWS_ROLE_ARN>")
|
673
|
+
```
|
674
|
+
|
490
675
|
```python
|
491
676
|
import pulumi
|
492
677
|
import pulumi_vault as vault
|
493
678
|
|
494
|
-
|
495
|
-
example_auth_backend_client = vault.aws.AuthBackendClient("
|
496
|
-
backend=
|
679
|
+
example = vault.AuthBackend("example", type="aws")
|
680
|
+
example_auth_backend_client = vault.aws.AuthBackendClient("example",
|
681
|
+
backend=example.path,
|
497
682
|
access_key="INSERT_AWS_ACCESS_KEY",
|
498
683
|
secret_key="INSERT_AWS_SECRET_KEY")
|
499
684
|
```
|
@@ -503,7 +688,7 @@ class AuthBackendClient(pulumi.CustomResource):
|
|
503
688
|
AWS auth backend clients can be imported using `auth/`, the `backend` path, and `/config/client` e.g.
|
504
689
|
|
505
690
|
```sh
|
506
|
-
|
691
|
+
$ pulumi import vault:aws/authBackendClient:AuthBackendClient example auth/aws/config/client
|
507
692
|
```
|
508
693
|
|
509
694
|
:param str resource_name: The name of the resource.
|
@@ -526,7 +711,11 @@ class AuthBackendClient(pulumi.CustomResource):
|
|
526
711
|
ec2_endpoint: Optional[pulumi.Input[str]] = None,
|
527
712
|
iam_endpoint: Optional[pulumi.Input[str]] = None,
|
528
713
|
iam_server_id_header_value: Optional[pulumi.Input[str]] = None,
|
714
|
+
identity_token_audience: Optional[pulumi.Input[str]] = None,
|
715
|
+
identity_token_ttl: Optional[pulumi.Input[int]] = None,
|
716
|
+
max_retries: Optional[pulumi.Input[int]] = None,
|
529
717
|
namespace: Optional[pulumi.Input[str]] = None,
|
718
|
+
role_arn: Optional[pulumi.Input[str]] = None,
|
530
719
|
secret_key: Optional[pulumi.Input[str]] = None,
|
531
720
|
sts_endpoint: Optional[pulumi.Input[str]] = None,
|
532
721
|
sts_region: Optional[pulumi.Input[str]] = None,
|
@@ -545,7 +734,11 @@ class AuthBackendClient(pulumi.CustomResource):
|
|
545
734
|
__props__.__dict__["ec2_endpoint"] = ec2_endpoint
|
546
735
|
__props__.__dict__["iam_endpoint"] = iam_endpoint
|
547
736
|
__props__.__dict__["iam_server_id_header_value"] = iam_server_id_header_value
|
737
|
+
__props__.__dict__["identity_token_audience"] = identity_token_audience
|
738
|
+
__props__.__dict__["identity_token_ttl"] = identity_token_ttl
|
739
|
+
__props__.__dict__["max_retries"] = max_retries
|
548
740
|
__props__.__dict__["namespace"] = namespace
|
741
|
+
__props__.__dict__["role_arn"] = role_arn
|
549
742
|
__props__.__dict__["secret_key"] = None if secret_key is None else pulumi.Output.secret(secret_key)
|
550
743
|
__props__.__dict__["sts_endpoint"] = sts_endpoint
|
551
744
|
__props__.__dict__["sts_region"] = sts_region
|
@@ -567,7 +760,11 @@ class AuthBackendClient(pulumi.CustomResource):
|
|
567
760
|
ec2_endpoint: Optional[pulumi.Input[str]] = None,
|
568
761
|
iam_endpoint: Optional[pulumi.Input[str]] = None,
|
569
762
|
iam_server_id_header_value: Optional[pulumi.Input[str]] = None,
|
763
|
+
identity_token_audience: Optional[pulumi.Input[str]] = None,
|
764
|
+
identity_token_ttl: Optional[pulumi.Input[int]] = None,
|
765
|
+
max_retries: Optional[pulumi.Input[int]] = None,
|
570
766
|
namespace: Optional[pulumi.Input[str]] = None,
|
767
|
+
role_arn: Optional[pulumi.Input[str]] = None,
|
571
768
|
secret_key: Optional[pulumi.Input[str]] = None,
|
572
769
|
sts_endpoint: Optional[pulumi.Input[str]] = None,
|
573
770
|
sts_region: Optional[pulumi.Input[str]] = None,
|
@@ -580,7 +777,7 @@ class AuthBackendClient(pulumi.CustomResource):
|
|
580
777
|
:param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
|
581
778
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
582
779
|
:param pulumi.Input[str] access_key: The AWS access key that Vault should use for the
|
583
|
-
auth backend.
|
780
|
+
auth backend. Mutually exclusive with `identity_token_audience`.
|
584
781
|
:param pulumi.Input[str] backend: The path the AWS auth backend being configured was
|
585
782
|
mounted at. Defaults to `aws`.
|
586
783
|
:param pulumi.Input[str] ec2_endpoint: Override the URL Vault uses when making EC2 API
|
@@ -590,10 +787,18 @@ class AuthBackendClient(pulumi.CustomResource):
|
|
590
787
|
:param pulumi.Input[str] iam_server_id_header_value: The value to require in the
|
591
788
|
`X-Vault-AWS-IAM-Server-ID` header as part of `GetCallerIdentity` requests
|
592
789
|
that are used in the IAM auth method.
|
790
|
+
:param pulumi.Input[str] identity_token_audience: The audience claim value. Mutually exclusive with `access_key`.
|
791
|
+
Requires Vault 1.17+. *Available only for Vault Enterprise*
|
792
|
+
:param pulumi.Input[int] identity_token_ttl: The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
|
793
|
+
*Available only for Vault Enterprise*
|
794
|
+
:param pulumi.Input[int] max_retries: Number of max retries the client should use for recoverable errors.
|
795
|
+
The default `-1` falls back to the AWS SDK's default behavior.
|
593
796
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
594
797
|
The value should not contain leading or trailing forward slashes.
|
595
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
798
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
596
799
|
*Available only for Vault Enterprise*.
|
800
|
+
:param pulumi.Input[str] role_arn: Role ARN to assume for plugin identity token federation. Requires Vault 1.17+.
|
801
|
+
*Available only for Vault Enterprise*
|
597
802
|
:param pulumi.Input[str] secret_key: The AWS secret key that Vault should use for the
|
598
803
|
auth backend.
|
599
804
|
:param pulumi.Input[str] sts_endpoint: Override the URL Vault uses when making STS API
|
@@ -615,7 +820,11 @@ class AuthBackendClient(pulumi.CustomResource):
|
|
615
820
|
__props__.__dict__["ec2_endpoint"] = ec2_endpoint
|
616
821
|
__props__.__dict__["iam_endpoint"] = iam_endpoint
|
617
822
|
__props__.__dict__["iam_server_id_header_value"] = iam_server_id_header_value
|
823
|
+
__props__.__dict__["identity_token_audience"] = identity_token_audience
|
824
|
+
__props__.__dict__["identity_token_ttl"] = identity_token_ttl
|
825
|
+
__props__.__dict__["max_retries"] = max_retries
|
618
826
|
__props__.__dict__["namespace"] = namespace
|
827
|
+
__props__.__dict__["role_arn"] = role_arn
|
619
828
|
__props__.__dict__["secret_key"] = secret_key
|
620
829
|
__props__.__dict__["sts_endpoint"] = sts_endpoint
|
621
830
|
__props__.__dict__["sts_region"] = sts_region
|
@@ -627,7 +836,7 @@ class AuthBackendClient(pulumi.CustomResource):
|
|
627
836
|
def access_key(self) -> pulumi.Output[Optional[str]]:
|
628
837
|
"""
|
629
838
|
The AWS access key that Vault should use for the
|
630
|
-
auth backend.
|
839
|
+
auth backend. Mutually exclusive with `identity_token_audience`.
|
631
840
|
"""
|
632
841
|
return pulumi.get(self, "access_key")
|
633
842
|
|
@@ -668,17 +877,53 @@ class AuthBackendClient(pulumi.CustomResource):
|
|
668
877
|
"""
|
669
878
|
return pulumi.get(self, "iam_server_id_header_value")
|
670
879
|
|
880
|
+
@property
|
881
|
+
@pulumi.getter(name="identityTokenAudience")
|
882
|
+
def identity_token_audience(self) -> pulumi.Output[Optional[str]]:
|
883
|
+
"""
|
884
|
+
The audience claim value. Mutually exclusive with `access_key`.
|
885
|
+
Requires Vault 1.17+. *Available only for Vault Enterprise*
|
886
|
+
"""
|
887
|
+
return pulumi.get(self, "identity_token_audience")
|
888
|
+
|
889
|
+
@property
|
890
|
+
@pulumi.getter(name="identityTokenTtl")
|
891
|
+
def identity_token_ttl(self) -> pulumi.Output[int]:
|
892
|
+
"""
|
893
|
+
The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
|
894
|
+
*Available only for Vault Enterprise*
|
895
|
+
"""
|
896
|
+
return pulumi.get(self, "identity_token_ttl")
|
897
|
+
|
898
|
+
@property
|
899
|
+
@pulumi.getter(name="maxRetries")
|
900
|
+
def max_retries(self) -> pulumi.Output[Optional[int]]:
|
901
|
+
"""
|
902
|
+
Number of max retries the client should use for recoverable errors.
|
903
|
+
The default `-1` falls back to the AWS SDK's default behavior.
|
904
|
+
"""
|
905
|
+
return pulumi.get(self, "max_retries")
|
906
|
+
|
671
907
|
@property
|
672
908
|
@pulumi.getter
|
673
909
|
def namespace(self) -> pulumi.Output[Optional[str]]:
|
674
910
|
"""
|
675
911
|
The namespace to provision the resource in.
|
676
912
|
The value should not contain leading or trailing forward slashes.
|
677
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
913
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
678
914
|
*Available only for Vault Enterprise*.
|
679
915
|
"""
|
680
916
|
return pulumi.get(self, "namespace")
|
681
917
|
|
918
|
+
@property
|
919
|
+
@pulumi.getter(name="roleArn")
|
920
|
+
def role_arn(self) -> pulumi.Output[Optional[str]]:
|
921
|
+
"""
|
922
|
+
Role ARN to assume for plugin identity token federation. Requires Vault 1.17+.
|
923
|
+
*Available only for Vault Enterprise*
|
924
|
+
"""
|
925
|
+
return pulumi.get(self, "role_arn")
|
926
|
+
|
682
927
|
@property
|
683
928
|
@pulumi.getter(name="secretKey")
|
684
929
|
def secret_key(self) -> pulumi.Output[Optional[str]]:
|
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
|
12
17
|
__all__ = ['AuthBackendConfigIdentityArgs', 'AuthBackendConfigIdentity']
|
@@ -33,7 +38,7 @@ class AuthBackendConfigIdentityArgs:
|
|
33
38
|
added to both audit logs, and on the `iam_alias`
|
34
39
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
35
40
|
The value should not contain leading or trailing forward slashes.
|
36
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
41
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
37
42
|
*Available only for Vault Enterprise*.
|
38
43
|
"""
|
39
44
|
if backend is not None:
|
@@ -119,7 +124,7 @@ class AuthBackendConfigIdentityArgs:
|
|
119
124
|
"""
|
120
125
|
The namespace to provision the resource in.
|
121
126
|
The value should not contain leading or trailing forward slashes.
|
122
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
127
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
123
128
|
*Available only for Vault Enterprise*.
|
124
129
|
"""
|
125
130
|
return pulumi.get(self, "namespace")
|
@@ -151,7 +156,7 @@ class _AuthBackendConfigIdentityState:
|
|
151
156
|
added to both audit logs, and on the `iam_alias`
|
152
157
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
153
158
|
The value should not contain leading or trailing forward slashes.
|
154
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
159
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
155
160
|
*Available only for Vault Enterprise*.
|
156
161
|
"""
|
157
162
|
if backend is not None:
|
@@ -237,7 +242,7 @@ class _AuthBackendConfigIdentityState:
|
|
237
242
|
"""
|
238
243
|
The namespace to provision the resource in.
|
239
244
|
The value should not contain leading or trailing forward slashes.
|
240
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
245
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
241
246
|
*Available only for Vault Enterprise*.
|
242
247
|
"""
|
243
248
|
return pulumi.get(self, "namespace")
|
@@ -285,7 +290,7 @@ class AuthBackendConfigIdentity(pulumi.CustomResource):
|
|
285
290
|
AWS auth backend identity config can be imported using `auth/`, the `backend` path, and `/config/identity` e.g.
|
286
291
|
|
287
292
|
```sh
|
288
|
-
|
293
|
+
$ pulumi import vault:aws/authBackendConfigIdentity:AuthBackendConfigIdentity example auth/aws/config/identity
|
289
294
|
```
|
290
295
|
|
291
296
|
:param str resource_name: The name of the resource.
|
@@ -301,7 +306,7 @@ class AuthBackendConfigIdentity(pulumi.CustomResource):
|
|
301
306
|
added to both audit logs, and on the `iam_alias`
|
302
307
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
303
308
|
The value should not contain leading or trailing forward slashes.
|
304
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
309
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
305
310
|
*Available only for Vault Enterprise*.
|
306
311
|
"""
|
307
312
|
...
|
@@ -336,7 +341,7 @@ class AuthBackendConfigIdentity(pulumi.CustomResource):
|
|
336
341
|
AWS auth backend identity config can be imported using `auth/`, the `backend` path, and `/config/identity` e.g.
|
337
342
|
|
338
343
|
```sh
|
339
|
-
|
344
|
+
$ pulumi import vault:aws/authBackendConfigIdentity:AuthBackendConfigIdentity example auth/aws/config/identity
|
340
345
|
```
|
341
346
|
|
342
347
|
:param str resource_name: The name of the resource.
|
@@ -409,7 +414,7 @@ class AuthBackendConfigIdentity(pulumi.CustomResource):
|
|
409
414
|
added to both audit logs, and on the `iam_alias`
|
410
415
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
411
416
|
The value should not contain leading or trailing forward slashes.
|
412
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
417
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
413
418
|
*Available only for Vault Enterprise*.
|
414
419
|
"""
|
415
420
|
opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
|
@@ -474,7 +479,7 @@ class AuthBackendConfigIdentity(pulumi.CustomResource):
|
|
474
479
|
"""
|
475
480
|
The namespace to provision the resource in.
|
476
481
|
The value should not contain leading or trailing forward slashes.
|
477
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
482
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
478
483
|
*Available only for Vault Enterprise*.
|
479
484
|
"""
|
480
485
|
return pulumi.get(self, "namespace")
|