pulumi-vault 5.21.0a1710160723__py3-none-any.whl → 6.5.0a1736836139__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +52 -0
- pulumi_vault/_inputs.py +560 -0
- pulumi_vault/_utilities.py +41 -5
- pulumi_vault/ad/get_access_credentials.py +22 -7
- pulumi_vault/ad/secret_backend.py +14 -144
- pulumi_vault/ad/secret_library.py +14 -11
- pulumi_vault/ad/secret_role.py +12 -11
- pulumi_vault/alicloud/auth_backend_role.py +74 -192
- pulumi_vault/approle/auth_backend_login.py +12 -11
- pulumi_vault/approle/auth_backend_role.py +75 -193
- pulumi_vault/approle/auth_backend_role_secret_id.py +106 -11
- pulumi_vault/approle/get_auth_backend_role_id.py +18 -9
- pulumi_vault/audit.py +24 -27
- pulumi_vault/audit_request_header.py +11 -6
- pulumi_vault/auth_backend.py +64 -12
- pulumi_vault/aws/auth_backend_cert.py +12 -7
- pulumi_vault/aws/auth_backend_client.py +265 -24
- pulumi_vault/aws/auth_backend_config_identity.py +12 -11
- pulumi_vault/aws/auth_backend_identity_whitelist.py +18 -17
- pulumi_vault/aws/auth_backend_login.py +19 -22
- pulumi_vault/aws/auth_backend_role.py +75 -193
- pulumi_vault/aws/auth_backend_role_tag.py +12 -7
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -17
- pulumi_vault/aws/auth_backend_sts_role.py +12 -11
- pulumi_vault/aws/get_access_credentials.py +34 -7
- pulumi_vault/aws/get_static_access_credentials.py +19 -5
- pulumi_vault/aws/secret_backend.py +75 -7
- pulumi_vault/aws/secret_backend_role.py +183 -11
- pulumi_vault/aws/secret_backend_static_role.py +14 -11
- pulumi_vault/azure/_inputs.py +24 -0
- pulumi_vault/azure/auth_backend_config.py +151 -17
- pulumi_vault/azure/auth_backend_role.py +75 -193
- pulumi_vault/azure/backend.py +223 -29
- pulumi_vault/azure/backend_role.py +42 -41
- pulumi_vault/azure/get_access_credentials.py +39 -11
- pulumi_vault/azure/outputs.py +5 -0
- pulumi_vault/cert_auth_backend_role.py +87 -271
- pulumi_vault/config/__init__.pyi +5 -0
- pulumi_vault/config/_inputs.py +73 -0
- pulumi_vault/config/outputs.py +35 -0
- pulumi_vault/config/ui_custom_message.py +529 -0
- pulumi_vault/config/vars.py +5 -0
- pulumi_vault/consul/secret_backend.py +22 -25
- pulumi_vault/consul/secret_backend_role.py +14 -80
- pulumi_vault/database/_inputs.py +2770 -881
- pulumi_vault/database/outputs.py +721 -838
- pulumi_vault/database/secret_backend_connection.py +117 -114
- pulumi_vault/database/secret_backend_role.py +29 -24
- pulumi_vault/database/secret_backend_static_role.py +85 -15
- pulumi_vault/database/secrets_mount.py +425 -138
- pulumi_vault/egp_policy.py +16 -15
- pulumi_vault/gcp/_inputs.py +111 -0
- pulumi_vault/gcp/auth_backend.py +248 -35
- pulumi_vault/gcp/auth_backend_role.py +75 -271
- pulumi_vault/gcp/get_auth_backend_role.py +43 -9
- pulumi_vault/gcp/outputs.py +5 -0
- pulumi_vault/gcp/secret_backend.py +287 -16
- pulumi_vault/gcp/secret_impersonated_account.py +74 -17
- pulumi_vault/gcp/secret_roleset.py +29 -26
- pulumi_vault/gcp/secret_static_account.py +37 -34
- pulumi_vault/generic/endpoint.py +22 -21
- pulumi_vault/generic/get_secret.py +68 -12
- pulumi_vault/generic/secret.py +19 -14
- pulumi_vault/get_auth_backend.py +24 -11
- pulumi_vault/get_auth_backends.py +33 -11
- pulumi_vault/get_namespace.py +226 -0
- pulumi_vault/get_namespaces.py +153 -0
- pulumi_vault/get_nomad_access_token.py +31 -15
- pulumi_vault/get_policy_document.py +34 -23
- pulumi_vault/get_raft_autopilot_state.py +29 -14
- pulumi_vault/github/_inputs.py +55 -0
- pulumi_vault/github/auth_backend.py +17 -16
- pulumi_vault/github/outputs.py +5 -0
- pulumi_vault/github/team.py +14 -13
- pulumi_vault/github/user.py +14 -13
- pulumi_vault/identity/entity.py +18 -15
- pulumi_vault/identity/entity_alias.py +18 -15
- pulumi_vault/identity/entity_policies.py +24 -19
- pulumi_vault/identity/get_entity.py +40 -14
- pulumi_vault/identity/get_group.py +45 -13
- pulumi_vault/identity/get_oidc_client_creds.py +21 -11
- pulumi_vault/identity/get_oidc_openid_config.py +39 -13
- pulumi_vault/identity/get_oidc_public_keys.py +29 -14
- pulumi_vault/identity/group.py +50 -49
- pulumi_vault/identity/group_alias.py +14 -11
- pulumi_vault/identity/group_member_entity_ids.py +24 -74
- pulumi_vault/identity/group_member_group_ids.py +36 -27
- pulumi_vault/identity/group_policies.py +16 -15
- pulumi_vault/identity/mfa_duo.py +9 -8
- pulumi_vault/identity/mfa_login_enforcement.py +13 -8
- pulumi_vault/identity/mfa_okta.py +9 -8
- pulumi_vault/identity/mfa_pingid.py +5 -4
- pulumi_vault/identity/mfa_totp.py +5 -4
- pulumi_vault/identity/oidc.py +12 -11
- pulumi_vault/identity/oidc_assignment.py +22 -13
- pulumi_vault/identity/oidc_client.py +34 -25
- pulumi_vault/identity/oidc_key.py +28 -19
- pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -19
- pulumi_vault/identity/oidc_provider.py +34 -23
- pulumi_vault/identity/oidc_role.py +40 -27
- pulumi_vault/identity/oidc_scope.py +18 -15
- pulumi_vault/identity/outputs.py +8 -3
- pulumi_vault/jwt/_inputs.py +55 -0
- pulumi_vault/jwt/auth_backend.py +39 -46
- pulumi_vault/jwt/auth_backend_role.py +131 -260
- pulumi_vault/jwt/outputs.py +5 -0
- pulumi_vault/kmip/secret_backend.py +22 -21
- pulumi_vault/kmip/secret_role.py +12 -11
- pulumi_vault/kmip/secret_scope.py +12 -11
- pulumi_vault/kubernetes/auth_backend_config.py +55 -7
- pulumi_vault/kubernetes/auth_backend_role.py +68 -179
- pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
- pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
- pulumi_vault/kubernetes/get_service_account_token.py +39 -15
- pulumi_vault/kubernetes/secret_backend.py +314 -29
- pulumi_vault/kubernetes/secret_backend_role.py +135 -56
- pulumi_vault/kv/_inputs.py +36 -4
- pulumi_vault/kv/get_secret.py +23 -12
- pulumi_vault/kv/get_secret_subkeys_v2.py +31 -14
- pulumi_vault/kv/get_secret_v2.py +89 -9
- pulumi_vault/kv/get_secrets_list.py +22 -15
- pulumi_vault/kv/get_secrets_list_v2.py +35 -19
- pulumi_vault/kv/outputs.py +8 -3
- pulumi_vault/kv/secret.py +19 -18
- pulumi_vault/kv/secret_backend_v2.py +12 -11
- pulumi_vault/kv/secret_v2.py +55 -52
- pulumi_vault/ldap/auth_backend.py +125 -168
- pulumi_vault/ldap/auth_backend_group.py +12 -11
- pulumi_vault/ldap/auth_backend_user.py +12 -11
- pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
- pulumi_vault/ldap/get_static_credentials.py +24 -5
- pulumi_vault/ldap/secret_backend.py +352 -84
- pulumi_vault/ldap/secret_backend_dynamic_role.py +12 -11
- pulumi_vault/ldap/secret_backend_library_set.py +14 -11
- pulumi_vault/ldap/secret_backend_static_role.py +67 -12
- pulumi_vault/managed/_inputs.py +289 -132
- pulumi_vault/managed/keys.py +27 -43
- pulumi_vault/managed/outputs.py +89 -132
- pulumi_vault/mfa_duo.py +16 -13
- pulumi_vault/mfa_okta.py +16 -13
- pulumi_vault/mfa_pingid.py +16 -13
- pulumi_vault/mfa_totp.py +22 -19
- pulumi_vault/mongodbatlas/secret_backend.py +18 -17
- pulumi_vault/mongodbatlas/secret_role.py +41 -38
- pulumi_vault/mount.py +389 -65
- pulumi_vault/namespace.py +26 -21
- pulumi_vault/nomad_secret_backend.py +16 -15
- pulumi_vault/nomad_secret_role.py +12 -11
- pulumi_vault/okta/_inputs.py +47 -8
- pulumi_vault/okta/auth_backend.py +483 -41
- pulumi_vault/okta/auth_backend_group.py +12 -11
- pulumi_vault/okta/auth_backend_user.py +12 -11
- pulumi_vault/okta/outputs.py +13 -8
- pulumi_vault/outputs.py +5 -0
- pulumi_vault/password_policy.py +18 -15
- pulumi_vault/pkisecret/__init__.py +3 -0
- pulumi_vault/pkisecret/_inputs.py +81 -0
- pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
- pulumi_vault/pkisecret/backend_config_est.py +619 -0
- pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
- pulumi_vault/pkisecret/get_backend_issuer.py +63 -7
- pulumi_vault/pkisecret/get_backend_issuers.py +21 -12
- pulumi_vault/pkisecret/get_backend_key.py +24 -13
- pulumi_vault/pkisecret/get_backend_keys.py +21 -12
- pulumi_vault/pkisecret/outputs.py +69 -0
- pulumi_vault/pkisecret/secret_backend_cert.py +18 -15
- pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -15
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +12 -11
- pulumi_vault/pkisecret/secret_backend_config_urls.py +59 -11
- pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -13
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -15
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -21
- pulumi_vault/pkisecret/secret_backend_issuer.py +12 -11
- pulumi_vault/pkisecret/secret_backend_key.py +12 -7
- pulumi_vault/pkisecret/secret_backend_role.py +19 -16
- pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -52
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -62
- pulumi_vault/pkisecret/secret_backend_sign.py +18 -60
- pulumi_vault/plugin.py +595 -0
- pulumi_vault/plugin_pinned_version.py +298 -0
- pulumi_vault/policy.py +12 -7
- pulumi_vault/provider.py +48 -53
- pulumi_vault/pulumi-plugin.json +2 -1
- pulumi_vault/quota_lease_count.py +58 -8
- pulumi_vault/quota_rate_limit.py +54 -4
- pulumi_vault/rabbitmq/_inputs.py +61 -0
- pulumi_vault/rabbitmq/outputs.py +5 -0
- pulumi_vault/rabbitmq/secret_backend.py +16 -15
- pulumi_vault/rabbitmq/secret_backend_role.py +52 -49
- pulumi_vault/raft_autopilot.py +12 -11
- pulumi_vault/raft_snapshot_agent_config.py +121 -311
- pulumi_vault/rgp_policy.py +14 -13
- pulumi_vault/saml/auth_backend.py +20 -19
- pulumi_vault/saml/auth_backend_role.py +90 -199
- pulumi_vault/secrets/__init__.py +3 -0
- pulumi_vault/secrets/_inputs.py +110 -0
- pulumi_vault/secrets/outputs.py +94 -0
- pulumi_vault/secrets/sync_association.py +56 -75
- pulumi_vault/secrets/sync_aws_destination.py +240 -29
- pulumi_vault/secrets/sync_azure_destination.py +90 -33
- pulumi_vault/secrets/sync_config.py +7 -6
- pulumi_vault/secrets/sync_gcp_destination.py +156 -27
- pulumi_vault/secrets/sync_gh_destination.py +187 -15
- pulumi_vault/secrets/sync_github_apps.py +375 -0
- pulumi_vault/secrets/sync_vercel_destination.py +72 -15
- pulumi_vault/ssh/_inputs.py +28 -32
- pulumi_vault/ssh/outputs.py +11 -32
- pulumi_vault/ssh/secret_backend_ca.py +106 -11
- pulumi_vault/ssh/secret_backend_role.py +83 -120
- pulumi_vault/terraformcloud/secret_backend.py +5 -56
- pulumi_vault/terraformcloud/secret_creds.py +14 -24
- pulumi_vault/terraformcloud/secret_role.py +14 -76
- pulumi_vault/token.py +26 -25
- pulumi_vault/tokenauth/auth_backend_role.py +76 -201
- pulumi_vault/transform/alphabet.py +16 -13
- pulumi_vault/transform/get_decode.py +45 -21
- pulumi_vault/transform/get_encode.py +45 -21
- pulumi_vault/transform/role.py +16 -13
- pulumi_vault/transform/template.py +30 -25
- pulumi_vault/transform/transformation.py +12 -7
- pulumi_vault/transit/get_decrypt.py +26 -25
- pulumi_vault/transit/get_encrypt.py +24 -19
- pulumi_vault/transit/secret_backend_key.py +25 -97
- pulumi_vault/transit/secret_cache_config.py +12 -11
- {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/METADATA +8 -7
- pulumi_vault-6.5.0a1736836139.dist-info/RECORD +256 -0
- {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/WHEEL +1 -1
- pulumi_vault-5.21.0a1710160723.dist-info/RECORD +0 -244
- {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/top_level.txt +0 -0
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
|
12
17
|
__all__ = ['AuthBackendRoleArgs', 'AuthBackendRole']
|
@@ -100,7 +105,7 @@ class AuthBackendRoleArgs:
|
|
100
105
|
This only applies when `auth_type` is set to `iam`.
|
101
106
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
102
107
|
The value should not contain leading or trailing forward slashes.
|
103
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
108
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
104
109
|
*Available only for Vault Enterprise*.
|
105
110
|
:param pulumi.Input[bool] resolve_aws_unique_ids: Only valid when
|
106
111
|
`auth_type` is `iam`. If set to `true`, the `bound_iam_principal_arns` are
|
@@ -117,32 +122,15 @@ class AuthBackendRoleArgs:
|
|
117
122
|
for this field should be the key of the tag on the EC2 instance. `auth_type`
|
118
123
|
must be set to `ec2` or `inferred_entity_type` must be set to `ec2_instance`
|
119
124
|
to use this constraint.
|
120
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs:
|
121
|
-
|
122
|
-
|
123
|
-
:param pulumi.Input[
|
124
|
-
|
125
|
-
|
126
|
-
|
127
|
-
:param pulumi.Input[int]
|
128
|
-
|
129
|
-
:param pulumi.Input[bool] token_no_default_policy: If set, the default policy will not be set on
|
130
|
-
generated tokens; otherwise it will be added to the policies set in token_policies.
|
131
|
-
:param pulumi.Input[int] token_num_uses: The [maximum number](https://www.vaultproject.io/api-docs/auth/aws#token_num_uses)
|
132
|
-
of times a generated token may be used (within its lifetime); 0 means unlimited.
|
133
|
-
:param pulumi.Input[int] token_period: If set, indicates that the
|
134
|
-
token generated using this role should never expire. The token should be renewed within the
|
135
|
-
duration specified by this value. At each renewal, the token's TTL will be set to the
|
136
|
-
value of this field. Specified in seconds.
|
137
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: List of policies to encode onto generated tokens. Depending
|
138
|
-
on the auth method, this list may be supplemented by user/group/other values.
|
139
|
-
:param pulumi.Input[int] token_ttl: The incremental lifetime for generated tokens in number of seconds.
|
140
|
-
Its current value will be referenced at renewal time.
|
141
|
-
:param pulumi.Input[str] token_type: The type of token that should be generated. Can be `service`,
|
142
|
-
`batch`, or `default` to use the mount's tuned default (which unless changed will be
|
143
|
-
`service` tokens). For token store roles, there are two additional possibilities:
|
144
|
-
`default-service` and `default-batch` which specify the type to return unless the client
|
145
|
-
requests a different type at generation time.
|
125
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
|
126
|
+
:param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
|
127
|
+
:param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
|
128
|
+
:param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
|
129
|
+
:param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
|
130
|
+
:param pulumi.Input[int] token_period: Generated Token's Period
|
131
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
|
132
|
+
:param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
|
133
|
+
:param pulumi.Input[str] token_type: The type of token to generate, service or batch
|
146
134
|
"""
|
147
135
|
pulumi.set(__self__, "role", role)
|
148
136
|
if allow_instance_migration is not None:
|
@@ -436,7 +424,7 @@ class AuthBackendRoleArgs:
|
|
436
424
|
"""
|
437
425
|
The namespace to provision the resource in.
|
438
426
|
The value should not contain leading or trailing forward slashes.
|
439
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
427
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
440
428
|
*Available only for Vault Enterprise*.
|
441
429
|
"""
|
442
430
|
return pulumi.get(self, "namespace")
|
@@ -486,9 +474,7 @@ class AuthBackendRoleArgs:
|
|
486
474
|
@pulumi.getter(name="tokenBoundCidrs")
|
487
475
|
def token_bound_cidrs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
488
476
|
"""
|
489
|
-
|
490
|
-
addresses which can authenticate successfully, and ties the resulting token to these blocks
|
491
|
-
as well.
|
477
|
+
Specifies the blocks of IP addresses which are allowed to use the generated token
|
492
478
|
"""
|
493
479
|
return pulumi.get(self, "token_bound_cidrs")
|
494
480
|
|
@@ -500,10 +486,7 @@ class AuthBackendRoleArgs:
|
|
500
486
|
@pulumi.getter(name="tokenExplicitMaxTtl")
|
501
487
|
def token_explicit_max_ttl(self) -> Optional[pulumi.Input[int]]:
|
502
488
|
"""
|
503
|
-
|
504
|
-
[explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
|
505
|
-
onto the token in number of seconds. This is a hard cap even if `token_ttl` and
|
506
|
-
`token_max_ttl` would otherwise allow a renewal.
|
489
|
+
Generated Token's Explicit Maximum TTL in seconds
|
507
490
|
"""
|
508
491
|
return pulumi.get(self, "token_explicit_max_ttl")
|
509
492
|
|
@@ -515,8 +498,7 @@ class AuthBackendRoleArgs:
|
|
515
498
|
@pulumi.getter(name="tokenMaxTtl")
|
516
499
|
def token_max_ttl(self) -> Optional[pulumi.Input[int]]:
|
517
500
|
"""
|
518
|
-
The maximum lifetime
|
519
|
-
Its current value will be referenced at renewal time.
|
501
|
+
The maximum lifetime of the generated token
|
520
502
|
"""
|
521
503
|
return pulumi.get(self, "token_max_ttl")
|
522
504
|
|
@@ -528,8 +510,7 @@ class AuthBackendRoleArgs:
|
|
528
510
|
@pulumi.getter(name="tokenNoDefaultPolicy")
|
529
511
|
def token_no_default_policy(self) -> Optional[pulumi.Input[bool]]:
|
530
512
|
"""
|
531
|
-
If
|
532
|
-
generated tokens; otherwise it will be added to the policies set in token_policies.
|
513
|
+
If true, the 'default' policy will not automatically be added to generated tokens
|
533
514
|
"""
|
534
515
|
return pulumi.get(self, "token_no_default_policy")
|
535
516
|
|
@@ -541,8 +522,7 @@ class AuthBackendRoleArgs:
|
|
541
522
|
@pulumi.getter(name="tokenNumUses")
|
542
523
|
def token_num_uses(self) -> Optional[pulumi.Input[int]]:
|
543
524
|
"""
|
544
|
-
The
|
545
|
-
of times a generated token may be used (within its lifetime); 0 means unlimited.
|
525
|
+
The maximum number of times a token may be used, a value of zero means unlimited
|
546
526
|
"""
|
547
527
|
return pulumi.get(self, "token_num_uses")
|
548
528
|
|
@@ -554,10 +534,7 @@ class AuthBackendRoleArgs:
|
|
554
534
|
@pulumi.getter(name="tokenPeriod")
|
555
535
|
def token_period(self) -> Optional[pulumi.Input[int]]:
|
556
536
|
"""
|
557
|
-
|
558
|
-
token generated using this role should never expire. The token should be renewed within the
|
559
|
-
duration specified by this value. At each renewal, the token's TTL will be set to the
|
560
|
-
value of this field. Specified in seconds.
|
537
|
+
Generated Token's Period
|
561
538
|
"""
|
562
539
|
return pulumi.get(self, "token_period")
|
563
540
|
|
@@ -569,8 +546,7 @@ class AuthBackendRoleArgs:
|
|
569
546
|
@pulumi.getter(name="tokenPolicies")
|
570
547
|
def token_policies(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
571
548
|
"""
|
572
|
-
|
573
|
-
on the auth method, this list may be supplemented by user/group/other values.
|
549
|
+
Generated Token's Policies
|
574
550
|
"""
|
575
551
|
return pulumi.get(self, "token_policies")
|
576
552
|
|
@@ -582,8 +558,7 @@ class AuthBackendRoleArgs:
|
|
582
558
|
@pulumi.getter(name="tokenTtl")
|
583
559
|
def token_ttl(self) -> Optional[pulumi.Input[int]]:
|
584
560
|
"""
|
585
|
-
The
|
586
|
-
Its current value will be referenced at renewal time.
|
561
|
+
The initial ttl of the token to generate in seconds
|
587
562
|
"""
|
588
563
|
return pulumi.get(self, "token_ttl")
|
589
564
|
|
@@ -595,11 +570,7 @@ class AuthBackendRoleArgs:
|
|
595
570
|
@pulumi.getter(name="tokenType")
|
596
571
|
def token_type(self) -> Optional[pulumi.Input[str]]:
|
597
572
|
"""
|
598
|
-
The type of token
|
599
|
-
`batch`, or `default` to use the mount's tuned default (which unless changed will be
|
600
|
-
`service` tokens). For token store roles, there are two additional possibilities:
|
601
|
-
`default-service` and `default-batch` which specify the type to return unless the client
|
602
|
-
requests a different type at generation time.
|
573
|
+
The type of token to generate, service or batch
|
603
574
|
"""
|
604
575
|
return pulumi.get(self, "token_type")
|
605
576
|
|
@@ -697,7 +668,7 @@ class _AuthBackendRoleState:
|
|
697
668
|
This only applies when `auth_type` is set to `iam`.
|
698
669
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
699
670
|
The value should not contain leading or trailing forward slashes.
|
700
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
671
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
701
672
|
*Available only for Vault Enterprise*.
|
702
673
|
:param pulumi.Input[bool] resolve_aws_unique_ids: Only valid when
|
703
674
|
`auth_type` is `iam`. If set to `true`, the `bound_iam_principal_arns` are
|
@@ -716,32 +687,15 @@ class _AuthBackendRoleState:
|
|
716
687
|
for this field should be the key of the tag on the EC2 instance. `auth_type`
|
717
688
|
must be set to `ec2` or `inferred_entity_type` must be set to `ec2_instance`
|
718
689
|
to use this constraint.
|
719
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs:
|
720
|
-
|
721
|
-
|
722
|
-
:param pulumi.Input[
|
723
|
-
|
724
|
-
|
725
|
-
|
726
|
-
:param pulumi.Input[int]
|
727
|
-
|
728
|
-
:param pulumi.Input[bool] token_no_default_policy: If set, the default policy will not be set on
|
729
|
-
generated tokens; otherwise it will be added to the policies set in token_policies.
|
730
|
-
:param pulumi.Input[int] token_num_uses: The [maximum number](https://www.vaultproject.io/api-docs/auth/aws#token_num_uses)
|
731
|
-
of times a generated token may be used (within its lifetime); 0 means unlimited.
|
732
|
-
:param pulumi.Input[int] token_period: If set, indicates that the
|
733
|
-
token generated using this role should never expire. The token should be renewed within the
|
734
|
-
duration specified by this value. At each renewal, the token's TTL will be set to the
|
735
|
-
value of this field. Specified in seconds.
|
736
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: List of policies to encode onto generated tokens. Depending
|
737
|
-
on the auth method, this list may be supplemented by user/group/other values.
|
738
|
-
:param pulumi.Input[int] token_ttl: The incremental lifetime for generated tokens in number of seconds.
|
739
|
-
Its current value will be referenced at renewal time.
|
740
|
-
:param pulumi.Input[str] token_type: The type of token that should be generated. Can be `service`,
|
741
|
-
`batch`, or `default` to use the mount's tuned default (which unless changed will be
|
742
|
-
`service` tokens). For token store roles, there are two additional possibilities:
|
743
|
-
`default-service` and `default-batch` which specify the type to return unless the client
|
744
|
-
requests a different type at generation time.
|
690
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
|
691
|
+
:param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
|
692
|
+
:param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
|
693
|
+
:param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
|
694
|
+
:param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
|
695
|
+
:param pulumi.Input[int] token_period: Generated Token's Period
|
696
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
|
697
|
+
:param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
|
698
|
+
:param pulumi.Input[str] token_type: The type of token to generate, service or batch
|
745
699
|
"""
|
746
700
|
if allow_instance_migration is not None:
|
747
701
|
pulumi.set(__self__, "allow_instance_migration", allow_instance_migration)
|
@@ -1026,7 +980,7 @@ class _AuthBackendRoleState:
|
|
1026
980
|
"""
|
1027
981
|
The namespace to provision the resource in.
|
1028
982
|
The value should not contain leading or trailing forward slashes.
|
1029
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
983
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
1030
984
|
*Available only for Vault Enterprise*.
|
1031
985
|
"""
|
1032
986
|
return pulumi.get(self, "namespace")
|
@@ -1100,9 +1054,7 @@ class _AuthBackendRoleState:
|
|
1100
1054
|
@pulumi.getter(name="tokenBoundCidrs")
|
1101
1055
|
def token_bound_cidrs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
1102
1056
|
"""
|
1103
|
-
|
1104
|
-
addresses which can authenticate successfully, and ties the resulting token to these blocks
|
1105
|
-
as well.
|
1057
|
+
Specifies the blocks of IP addresses which are allowed to use the generated token
|
1106
1058
|
"""
|
1107
1059
|
return pulumi.get(self, "token_bound_cidrs")
|
1108
1060
|
|
@@ -1114,10 +1066,7 @@ class _AuthBackendRoleState:
|
|
1114
1066
|
@pulumi.getter(name="tokenExplicitMaxTtl")
|
1115
1067
|
def token_explicit_max_ttl(self) -> Optional[pulumi.Input[int]]:
|
1116
1068
|
"""
|
1117
|
-
|
1118
|
-
[explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
|
1119
|
-
onto the token in number of seconds. This is a hard cap even if `token_ttl` and
|
1120
|
-
`token_max_ttl` would otherwise allow a renewal.
|
1069
|
+
Generated Token's Explicit Maximum TTL in seconds
|
1121
1070
|
"""
|
1122
1071
|
return pulumi.get(self, "token_explicit_max_ttl")
|
1123
1072
|
|
@@ -1129,8 +1078,7 @@ class _AuthBackendRoleState:
|
|
1129
1078
|
@pulumi.getter(name="tokenMaxTtl")
|
1130
1079
|
def token_max_ttl(self) -> Optional[pulumi.Input[int]]:
|
1131
1080
|
"""
|
1132
|
-
The maximum lifetime
|
1133
|
-
Its current value will be referenced at renewal time.
|
1081
|
+
The maximum lifetime of the generated token
|
1134
1082
|
"""
|
1135
1083
|
return pulumi.get(self, "token_max_ttl")
|
1136
1084
|
|
@@ -1142,8 +1090,7 @@ class _AuthBackendRoleState:
|
|
1142
1090
|
@pulumi.getter(name="tokenNoDefaultPolicy")
|
1143
1091
|
def token_no_default_policy(self) -> Optional[pulumi.Input[bool]]:
|
1144
1092
|
"""
|
1145
|
-
If
|
1146
|
-
generated tokens; otherwise it will be added to the policies set in token_policies.
|
1093
|
+
If true, the 'default' policy will not automatically be added to generated tokens
|
1147
1094
|
"""
|
1148
1095
|
return pulumi.get(self, "token_no_default_policy")
|
1149
1096
|
|
@@ -1155,8 +1102,7 @@ class _AuthBackendRoleState:
|
|
1155
1102
|
@pulumi.getter(name="tokenNumUses")
|
1156
1103
|
def token_num_uses(self) -> Optional[pulumi.Input[int]]:
|
1157
1104
|
"""
|
1158
|
-
The
|
1159
|
-
of times a generated token may be used (within its lifetime); 0 means unlimited.
|
1105
|
+
The maximum number of times a token may be used, a value of zero means unlimited
|
1160
1106
|
"""
|
1161
1107
|
return pulumi.get(self, "token_num_uses")
|
1162
1108
|
|
@@ -1168,10 +1114,7 @@ class _AuthBackendRoleState:
|
|
1168
1114
|
@pulumi.getter(name="tokenPeriod")
|
1169
1115
|
def token_period(self) -> Optional[pulumi.Input[int]]:
|
1170
1116
|
"""
|
1171
|
-
|
1172
|
-
token generated using this role should never expire. The token should be renewed within the
|
1173
|
-
duration specified by this value. At each renewal, the token's TTL will be set to the
|
1174
|
-
value of this field. Specified in seconds.
|
1117
|
+
Generated Token's Period
|
1175
1118
|
"""
|
1176
1119
|
return pulumi.get(self, "token_period")
|
1177
1120
|
|
@@ -1183,8 +1126,7 @@ class _AuthBackendRoleState:
|
|
1183
1126
|
@pulumi.getter(name="tokenPolicies")
|
1184
1127
|
def token_policies(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
1185
1128
|
"""
|
1186
|
-
|
1187
|
-
on the auth method, this list may be supplemented by user/group/other values.
|
1129
|
+
Generated Token's Policies
|
1188
1130
|
"""
|
1189
1131
|
return pulumi.get(self, "token_policies")
|
1190
1132
|
|
@@ -1196,8 +1138,7 @@ class _AuthBackendRoleState:
|
|
1196
1138
|
@pulumi.getter(name="tokenTtl")
|
1197
1139
|
def token_ttl(self) -> Optional[pulumi.Input[int]]:
|
1198
1140
|
"""
|
1199
|
-
The
|
1200
|
-
Its current value will be referenced at renewal time.
|
1141
|
+
The initial ttl of the token to generate in seconds
|
1201
1142
|
"""
|
1202
1143
|
return pulumi.get(self, "token_ttl")
|
1203
1144
|
|
@@ -1209,11 +1150,7 @@ class _AuthBackendRoleState:
|
|
1209
1150
|
@pulumi.getter(name="tokenType")
|
1210
1151
|
def token_type(self) -> Optional[pulumi.Input[str]]:
|
1211
1152
|
"""
|
1212
|
-
The type of token
|
1213
|
-
`batch`, or `default` to use the mount's tuned default (which unless changed will be
|
1214
|
-
`service` tokens). For token store roles, there are two additional possibilities:
|
1215
|
-
`default-service` and `default-batch` which specify the type to return unless the client
|
1216
|
-
requests a different type at generation time.
|
1153
|
+
The type of token to generate, service or batch
|
1217
1154
|
"""
|
1218
1155
|
return pulumi.get(self, "token_type")
|
1219
1156
|
|
@@ -1265,7 +1202,6 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1265
1202
|
|
1266
1203
|
## Example Usage
|
1267
1204
|
|
1268
|
-
<!--Start PulumiCodeChooser -->
|
1269
1205
|
```python
|
1270
1206
|
import pulumi
|
1271
1207
|
import pulumi_vault as vault
|
@@ -1291,7 +1227,6 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1291
1227
|
"prod",
|
1292
1228
|
])
|
1293
1229
|
```
|
1294
|
-
<!--End PulumiCodeChooser -->
|
1295
1230
|
|
1296
1231
|
## Import
|
1297
1232
|
|
@@ -1358,7 +1293,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1358
1293
|
This only applies when `auth_type` is set to `iam`.
|
1359
1294
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
1360
1295
|
The value should not contain leading or trailing forward slashes.
|
1361
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
1296
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
1362
1297
|
*Available only for Vault Enterprise*.
|
1363
1298
|
:param pulumi.Input[bool] resolve_aws_unique_ids: Only valid when
|
1364
1299
|
`auth_type` is `iam`. If set to `true`, the `bound_iam_principal_arns` are
|
@@ -1376,32 +1311,15 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1376
1311
|
for this field should be the key of the tag on the EC2 instance. `auth_type`
|
1377
1312
|
must be set to `ec2` or `inferred_entity_type` must be set to `ec2_instance`
|
1378
1313
|
to use this constraint.
|
1379
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs:
|
1380
|
-
|
1381
|
-
|
1382
|
-
:param pulumi.Input[
|
1383
|
-
|
1384
|
-
|
1385
|
-
|
1386
|
-
:param pulumi.Input[int]
|
1387
|
-
|
1388
|
-
:param pulumi.Input[bool] token_no_default_policy: If set, the default policy will not be set on
|
1389
|
-
generated tokens; otherwise it will be added to the policies set in token_policies.
|
1390
|
-
:param pulumi.Input[int] token_num_uses: The [maximum number](https://www.vaultproject.io/api-docs/auth/aws#token_num_uses)
|
1391
|
-
of times a generated token may be used (within its lifetime); 0 means unlimited.
|
1392
|
-
:param pulumi.Input[int] token_period: If set, indicates that the
|
1393
|
-
token generated using this role should never expire. The token should be renewed within the
|
1394
|
-
duration specified by this value. At each renewal, the token's TTL will be set to the
|
1395
|
-
value of this field. Specified in seconds.
|
1396
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: List of policies to encode onto generated tokens. Depending
|
1397
|
-
on the auth method, this list may be supplemented by user/group/other values.
|
1398
|
-
:param pulumi.Input[int] token_ttl: The incremental lifetime for generated tokens in number of seconds.
|
1399
|
-
Its current value will be referenced at renewal time.
|
1400
|
-
:param pulumi.Input[str] token_type: The type of token that should be generated. Can be `service`,
|
1401
|
-
`batch`, or `default` to use the mount's tuned default (which unless changed will be
|
1402
|
-
`service` tokens). For token store roles, there are two additional possibilities:
|
1403
|
-
`default-service` and `default-batch` which specify the type to return unless the client
|
1404
|
-
requests a different type at generation time.
|
1314
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
|
1315
|
+
:param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
|
1316
|
+
:param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
|
1317
|
+
:param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
|
1318
|
+
:param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
|
1319
|
+
:param pulumi.Input[int] token_period: Generated Token's Period
|
1320
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
|
1321
|
+
:param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
|
1322
|
+
:param pulumi.Input[str] token_type: The type of token to generate, service or batch
|
1405
1323
|
"""
|
1406
1324
|
...
|
1407
1325
|
@overload
|
@@ -1418,7 +1336,6 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1418
1336
|
|
1419
1337
|
## Example Usage
|
1420
1338
|
|
1421
|
-
<!--Start PulumiCodeChooser -->
|
1422
1339
|
```python
|
1423
1340
|
import pulumi
|
1424
1341
|
import pulumi_vault as vault
|
@@ -1444,7 +1361,6 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1444
1361
|
"prod",
|
1445
1362
|
])
|
1446
1363
|
```
|
1447
|
-
<!--End PulumiCodeChooser -->
|
1448
1364
|
|
1449
1365
|
## Import
|
1450
1366
|
|
@@ -1638,7 +1554,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1638
1554
|
This only applies when `auth_type` is set to `iam`.
|
1639
1555
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
1640
1556
|
The value should not contain leading or trailing forward slashes.
|
1641
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
1557
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
1642
1558
|
*Available only for Vault Enterprise*.
|
1643
1559
|
:param pulumi.Input[bool] resolve_aws_unique_ids: Only valid when
|
1644
1560
|
`auth_type` is `iam`. If set to `true`, the `bound_iam_principal_arns` are
|
@@ -1657,32 +1573,15 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1657
1573
|
for this field should be the key of the tag on the EC2 instance. `auth_type`
|
1658
1574
|
must be set to `ec2` or `inferred_entity_type` must be set to `ec2_instance`
|
1659
1575
|
to use this constraint.
|
1660
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs:
|
1661
|
-
|
1662
|
-
|
1663
|
-
:param pulumi.Input[
|
1664
|
-
|
1665
|
-
|
1666
|
-
|
1667
|
-
:param pulumi.Input[int]
|
1668
|
-
|
1669
|
-
:param pulumi.Input[bool] token_no_default_policy: If set, the default policy will not be set on
|
1670
|
-
generated tokens; otherwise it will be added to the policies set in token_policies.
|
1671
|
-
:param pulumi.Input[int] token_num_uses: The [maximum number](https://www.vaultproject.io/api-docs/auth/aws#token_num_uses)
|
1672
|
-
of times a generated token may be used (within its lifetime); 0 means unlimited.
|
1673
|
-
:param pulumi.Input[int] token_period: If set, indicates that the
|
1674
|
-
token generated using this role should never expire. The token should be renewed within the
|
1675
|
-
duration specified by this value. At each renewal, the token's TTL will be set to the
|
1676
|
-
value of this field. Specified in seconds.
|
1677
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: List of policies to encode onto generated tokens. Depending
|
1678
|
-
on the auth method, this list may be supplemented by user/group/other values.
|
1679
|
-
:param pulumi.Input[int] token_ttl: The incremental lifetime for generated tokens in number of seconds.
|
1680
|
-
Its current value will be referenced at renewal time.
|
1681
|
-
:param pulumi.Input[str] token_type: The type of token that should be generated. Can be `service`,
|
1682
|
-
`batch`, or `default` to use the mount's tuned default (which unless changed will be
|
1683
|
-
`service` tokens). For token store roles, there are two additional possibilities:
|
1684
|
-
`default-service` and `default-batch` which specify the type to return unless the client
|
1685
|
-
requests a different type at generation time.
|
1576
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
|
1577
|
+
:param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
|
1578
|
+
:param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
|
1579
|
+
:param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
|
1580
|
+
:param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
|
1581
|
+
:param pulumi.Input[int] token_period: Generated Token's Period
|
1582
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
|
1583
|
+
:param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
|
1584
|
+
:param pulumi.Input[str] token_type: The type of token to generate, service or batch
|
1686
1585
|
"""
|
1687
1586
|
opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
|
1688
1587
|
|
@@ -1883,7 +1782,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1883
1782
|
"""
|
1884
1783
|
The namespace to provision the resource in.
|
1885
1784
|
The value should not contain leading or trailing forward slashes.
|
1886
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
1785
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
1887
1786
|
*Available only for Vault Enterprise*.
|
1888
1787
|
"""
|
1889
1788
|
return pulumi.get(self, "namespace")
|
@@ -1937,9 +1836,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1937
1836
|
@pulumi.getter(name="tokenBoundCidrs")
|
1938
1837
|
def token_bound_cidrs(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
1939
1838
|
"""
|
1940
|
-
|
1941
|
-
addresses which can authenticate successfully, and ties the resulting token to these blocks
|
1942
|
-
as well.
|
1839
|
+
Specifies the blocks of IP addresses which are allowed to use the generated token
|
1943
1840
|
"""
|
1944
1841
|
return pulumi.get(self, "token_bound_cidrs")
|
1945
1842
|
|
@@ -1947,10 +1844,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1947
1844
|
@pulumi.getter(name="tokenExplicitMaxTtl")
|
1948
1845
|
def token_explicit_max_ttl(self) -> pulumi.Output[Optional[int]]:
|
1949
1846
|
"""
|
1950
|
-
|
1951
|
-
[explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
|
1952
|
-
onto the token in number of seconds. This is a hard cap even if `token_ttl` and
|
1953
|
-
`token_max_ttl` would otherwise allow a renewal.
|
1847
|
+
Generated Token's Explicit Maximum TTL in seconds
|
1954
1848
|
"""
|
1955
1849
|
return pulumi.get(self, "token_explicit_max_ttl")
|
1956
1850
|
|
@@ -1958,8 +1852,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1958
1852
|
@pulumi.getter(name="tokenMaxTtl")
|
1959
1853
|
def token_max_ttl(self) -> pulumi.Output[Optional[int]]:
|
1960
1854
|
"""
|
1961
|
-
The maximum lifetime
|
1962
|
-
Its current value will be referenced at renewal time.
|
1855
|
+
The maximum lifetime of the generated token
|
1963
1856
|
"""
|
1964
1857
|
return pulumi.get(self, "token_max_ttl")
|
1965
1858
|
|
@@ -1967,8 +1860,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1967
1860
|
@pulumi.getter(name="tokenNoDefaultPolicy")
|
1968
1861
|
def token_no_default_policy(self) -> pulumi.Output[Optional[bool]]:
|
1969
1862
|
"""
|
1970
|
-
If
|
1971
|
-
generated tokens; otherwise it will be added to the policies set in token_policies.
|
1863
|
+
If true, the 'default' policy will not automatically be added to generated tokens
|
1972
1864
|
"""
|
1973
1865
|
return pulumi.get(self, "token_no_default_policy")
|
1974
1866
|
|
@@ -1976,8 +1868,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1976
1868
|
@pulumi.getter(name="tokenNumUses")
|
1977
1869
|
def token_num_uses(self) -> pulumi.Output[Optional[int]]:
|
1978
1870
|
"""
|
1979
|
-
The
|
1980
|
-
of times a generated token may be used (within its lifetime); 0 means unlimited.
|
1871
|
+
The maximum number of times a token may be used, a value of zero means unlimited
|
1981
1872
|
"""
|
1982
1873
|
return pulumi.get(self, "token_num_uses")
|
1983
1874
|
|
@@ -1985,10 +1876,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1985
1876
|
@pulumi.getter(name="tokenPeriod")
|
1986
1877
|
def token_period(self) -> pulumi.Output[Optional[int]]:
|
1987
1878
|
"""
|
1988
|
-
|
1989
|
-
token generated using this role should never expire. The token should be renewed within the
|
1990
|
-
duration specified by this value. At each renewal, the token's TTL will be set to the
|
1991
|
-
value of this field. Specified in seconds.
|
1879
|
+
Generated Token's Period
|
1992
1880
|
"""
|
1993
1881
|
return pulumi.get(self, "token_period")
|
1994
1882
|
|
@@ -1996,8 +1884,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1996
1884
|
@pulumi.getter(name="tokenPolicies")
|
1997
1885
|
def token_policies(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
1998
1886
|
"""
|
1999
|
-
|
2000
|
-
on the auth method, this list may be supplemented by user/group/other values.
|
1887
|
+
Generated Token's Policies
|
2001
1888
|
"""
|
2002
1889
|
return pulumi.get(self, "token_policies")
|
2003
1890
|
|
@@ -2005,8 +1892,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
2005
1892
|
@pulumi.getter(name="tokenTtl")
|
2006
1893
|
def token_ttl(self) -> pulumi.Output[Optional[int]]:
|
2007
1894
|
"""
|
2008
|
-
The
|
2009
|
-
Its current value will be referenced at renewal time.
|
1895
|
+
The initial ttl of the token to generate in seconds
|
2010
1896
|
"""
|
2011
1897
|
return pulumi.get(self, "token_ttl")
|
2012
1898
|
|
@@ -2014,11 +1900,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
2014
1900
|
@pulumi.getter(name="tokenType")
|
2015
1901
|
def token_type(self) -> pulumi.Output[Optional[str]]:
|
2016
1902
|
"""
|
2017
|
-
The type of token
|
2018
|
-
`batch`, or `default` to use the mount's tuned default (which unless changed will be
|
2019
|
-
`service` tokens). For token store roles, there are two additional possibilities:
|
2020
|
-
`default-service` and `default-batch` which specify the type to return unless the client
|
2021
|
-
requests a different type at generation time.
|
1903
|
+
The type of token to generate, service or batch
|
2022
1904
|
"""
|
2023
1905
|
return pulumi.get(self, "token_type")
|
2024
1906
|
|