pulumi-vault 5.21.0a1710160723__py3-none-any.whl → 6.5.0a1736836139__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +52 -0
- pulumi_vault/_inputs.py +560 -0
- pulumi_vault/_utilities.py +41 -5
- pulumi_vault/ad/get_access_credentials.py +22 -7
- pulumi_vault/ad/secret_backend.py +14 -144
- pulumi_vault/ad/secret_library.py +14 -11
- pulumi_vault/ad/secret_role.py +12 -11
- pulumi_vault/alicloud/auth_backend_role.py +74 -192
- pulumi_vault/approle/auth_backend_login.py +12 -11
- pulumi_vault/approle/auth_backend_role.py +75 -193
- pulumi_vault/approle/auth_backend_role_secret_id.py +106 -11
- pulumi_vault/approle/get_auth_backend_role_id.py +18 -9
- pulumi_vault/audit.py +24 -27
- pulumi_vault/audit_request_header.py +11 -6
- pulumi_vault/auth_backend.py +64 -12
- pulumi_vault/aws/auth_backend_cert.py +12 -7
- pulumi_vault/aws/auth_backend_client.py +265 -24
- pulumi_vault/aws/auth_backend_config_identity.py +12 -11
- pulumi_vault/aws/auth_backend_identity_whitelist.py +18 -17
- pulumi_vault/aws/auth_backend_login.py +19 -22
- pulumi_vault/aws/auth_backend_role.py +75 -193
- pulumi_vault/aws/auth_backend_role_tag.py +12 -7
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -17
- pulumi_vault/aws/auth_backend_sts_role.py +12 -11
- pulumi_vault/aws/get_access_credentials.py +34 -7
- pulumi_vault/aws/get_static_access_credentials.py +19 -5
- pulumi_vault/aws/secret_backend.py +75 -7
- pulumi_vault/aws/secret_backend_role.py +183 -11
- pulumi_vault/aws/secret_backend_static_role.py +14 -11
- pulumi_vault/azure/_inputs.py +24 -0
- pulumi_vault/azure/auth_backend_config.py +151 -17
- pulumi_vault/azure/auth_backend_role.py +75 -193
- pulumi_vault/azure/backend.py +223 -29
- pulumi_vault/azure/backend_role.py +42 -41
- pulumi_vault/azure/get_access_credentials.py +39 -11
- pulumi_vault/azure/outputs.py +5 -0
- pulumi_vault/cert_auth_backend_role.py +87 -271
- pulumi_vault/config/__init__.pyi +5 -0
- pulumi_vault/config/_inputs.py +73 -0
- pulumi_vault/config/outputs.py +35 -0
- pulumi_vault/config/ui_custom_message.py +529 -0
- pulumi_vault/config/vars.py +5 -0
- pulumi_vault/consul/secret_backend.py +22 -25
- pulumi_vault/consul/secret_backend_role.py +14 -80
- pulumi_vault/database/_inputs.py +2770 -881
- pulumi_vault/database/outputs.py +721 -838
- pulumi_vault/database/secret_backend_connection.py +117 -114
- pulumi_vault/database/secret_backend_role.py +29 -24
- pulumi_vault/database/secret_backend_static_role.py +85 -15
- pulumi_vault/database/secrets_mount.py +425 -138
- pulumi_vault/egp_policy.py +16 -15
- pulumi_vault/gcp/_inputs.py +111 -0
- pulumi_vault/gcp/auth_backend.py +248 -35
- pulumi_vault/gcp/auth_backend_role.py +75 -271
- pulumi_vault/gcp/get_auth_backend_role.py +43 -9
- pulumi_vault/gcp/outputs.py +5 -0
- pulumi_vault/gcp/secret_backend.py +287 -16
- pulumi_vault/gcp/secret_impersonated_account.py +74 -17
- pulumi_vault/gcp/secret_roleset.py +29 -26
- pulumi_vault/gcp/secret_static_account.py +37 -34
- pulumi_vault/generic/endpoint.py +22 -21
- pulumi_vault/generic/get_secret.py +68 -12
- pulumi_vault/generic/secret.py +19 -14
- pulumi_vault/get_auth_backend.py +24 -11
- pulumi_vault/get_auth_backends.py +33 -11
- pulumi_vault/get_namespace.py +226 -0
- pulumi_vault/get_namespaces.py +153 -0
- pulumi_vault/get_nomad_access_token.py +31 -15
- pulumi_vault/get_policy_document.py +34 -23
- pulumi_vault/get_raft_autopilot_state.py +29 -14
- pulumi_vault/github/_inputs.py +55 -0
- pulumi_vault/github/auth_backend.py +17 -16
- pulumi_vault/github/outputs.py +5 -0
- pulumi_vault/github/team.py +14 -13
- pulumi_vault/github/user.py +14 -13
- pulumi_vault/identity/entity.py +18 -15
- pulumi_vault/identity/entity_alias.py +18 -15
- pulumi_vault/identity/entity_policies.py +24 -19
- pulumi_vault/identity/get_entity.py +40 -14
- pulumi_vault/identity/get_group.py +45 -13
- pulumi_vault/identity/get_oidc_client_creds.py +21 -11
- pulumi_vault/identity/get_oidc_openid_config.py +39 -13
- pulumi_vault/identity/get_oidc_public_keys.py +29 -14
- pulumi_vault/identity/group.py +50 -49
- pulumi_vault/identity/group_alias.py +14 -11
- pulumi_vault/identity/group_member_entity_ids.py +24 -74
- pulumi_vault/identity/group_member_group_ids.py +36 -27
- pulumi_vault/identity/group_policies.py +16 -15
- pulumi_vault/identity/mfa_duo.py +9 -8
- pulumi_vault/identity/mfa_login_enforcement.py +13 -8
- pulumi_vault/identity/mfa_okta.py +9 -8
- pulumi_vault/identity/mfa_pingid.py +5 -4
- pulumi_vault/identity/mfa_totp.py +5 -4
- pulumi_vault/identity/oidc.py +12 -11
- pulumi_vault/identity/oidc_assignment.py +22 -13
- pulumi_vault/identity/oidc_client.py +34 -25
- pulumi_vault/identity/oidc_key.py +28 -19
- pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -19
- pulumi_vault/identity/oidc_provider.py +34 -23
- pulumi_vault/identity/oidc_role.py +40 -27
- pulumi_vault/identity/oidc_scope.py +18 -15
- pulumi_vault/identity/outputs.py +8 -3
- pulumi_vault/jwt/_inputs.py +55 -0
- pulumi_vault/jwt/auth_backend.py +39 -46
- pulumi_vault/jwt/auth_backend_role.py +131 -260
- pulumi_vault/jwt/outputs.py +5 -0
- pulumi_vault/kmip/secret_backend.py +22 -21
- pulumi_vault/kmip/secret_role.py +12 -11
- pulumi_vault/kmip/secret_scope.py +12 -11
- pulumi_vault/kubernetes/auth_backend_config.py +55 -7
- pulumi_vault/kubernetes/auth_backend_role.py +68 -179
- pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
- pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
- pulumi_vault/kubernetes/get_service_account_token.py +39 -15
- pulumi_vault/kubernetes/secret_backend.py +314 -29
- pulumi_vault/kubernetes/secret_backend_role.py +135 -56
- pulumi_vault/kv/_inputs.py +36 -4
- pulumi_vault/kv/get_secret.py +23 -12
- pulumi_vault/kv/get_secret_subkeys_v2.py +31 -14
- pulumi_vault/kv/get_secret_v2.py +89 -9
- pulumi_vault/kv/get_secrets_list.py +22 -15
- pulumi_vault/kv/get_secrets_list_v2.py +35 -19
- pulumi_vault/kv/outputs.py +8 -3
- pulumi_vault/kv/secret.py +19 -18
- pulumi_vault/kv/secret_backend_v2.py +12 -11
- pulumi_vault/kv/secret_v2.py +55 -52
- pulumi_vault/ldap/auth_backend.py +125 -168
- pulumi_vault/ldap/auth_backend_group.py +12 -11
- pulumi_vault/ldap/auth_backend_user.py +12 -11
- pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
- pulumi_vault/ldap/get_static_credentials.py +24 -5
- pulumi_vault/ldap/secret_backend.py +352 -84
- pulumi_vault/ldap/secret_backend_dynamic_role.py +12 -11
- pulumi_vault/ldap/secret_backend_library_set.py +14 -11
- pulumi_vault/ldap/secret_backend_static_role.py +67 -12
- pulumi_vault/managed/_inputs.py +289 -132
- pulumi_vault/managed/keys.py +27 -43
- pulumi_vault/managed/outputs.py +89 -132
- pulumi_vault/mfa_duo.py +16 -13
- pulumi_vault/mfa_okta.py +16 -13
- pulumi_vault/mfa_pingid.py +16 -13
- pulumi_vault/mfa_totp.py +22 -19
- pulumi_vault/mongodbatlas/secret_backend.py +18 -17
- pulumi_vault/mongodbatlas/secret_role.py +41 -38
- pulumi_vault/mount.py +389 -65
- pulumi_vault/namespace.py +26 -21
- pulumi_vault/nomad_secret_backend.py +16 -15
- pulumi_vault/nomad_secret_role.py +12 -11
- pulumi_vault/okta/_inputs.py +47 -8
- pulumi_vault/okta/auth_backend.py +483 -41
- pulumi_vault/okta/auth_backend_group.py +12 -11
- pulumi_vault/okta/auth_backend_user.py +12 -11
- pulumi_vault/okta/outputs.py +13 -8
- pulumi_vault/outputs.py +5 -0
- pulumi_vault/password_policy.py +18 -15
- pulumi_vault/pkisecret/__init__.py +3 -0
- pulumi_vault/pkisecret/_inputs.py +81 -0
- pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
- pulumi_vault/pkisecret/backend_config_est.py +619 -0
- pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
- pulumi_vault/pkisecret/get_backend_issuer.py +63 -7
- pulumi_vault/pkisecret/get_backend_issuers.py +21 -12
- pulumi_vault/pkisecret/get_backend_key.py +24 -13
- pulumi_vault/pkisecret/get_backend_keys.py +21 -12
- pulumi_vault/pkisecret/outputs.py +69 -0
- pulumi_vault/pkisecret/secret_backend_cert.py +18 -15
- pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -15
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +12 -11
- pulumi_vault/pkisecret/secret_backend_config_urls.py +59 -11
- pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -13
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -15
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -21
- pulumi_vault/pkisecret/secret_backend_issuer.py +12 -11
- pulumi_vault/pkisecret/secret_backend_key.py +12 -7
- pulumi_vault/pkisecret/secret_backend_role.py +19 -16
- pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -52
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -62
- pulumi_vault/pkisecret/secret_backend_sign.py +18 -60
- pulumi_vault/plugin.py +595 -0
- pulumi_vault/plugin_pinned_version.py +298 -0
- pulumi_vault/policy.py +12 -7
- pulumi_vault/provider.py +48 -53
- pulumi_vault/pulumi-plugin.json +2 -1
- pulumi_vault/quota_lease_count.py +58 -8
- pulumi_vault/quota_rate_limit.py +54 -4
- pulumi_vault/rabbitmq/_inputs.py +61 -0
- pulumi_vault/rabbitmq/outputs.py +5 -0
- pulumi_vault/rabbitmq/secret_backend.py +16 -15
- pulumi_vault/rabbitmq/secret_backend_role.py +52 -49
- pulumi_vault/raft_autopilot.py +12 -11
- pulumi_vault/raft_snapshot_agent_config.py +121 -311
- pulumi_vault/rgp_policy.py +14 -13
- pulumi_vault/saml/auth_backend.py +20 -19
- pulumi_vault/saml/auth_backend_role.py +90 -199
- pulumi_vault/secrets/__init__.py +3 -0
- pulumi_vault/secrets/_inputs.py +110 -0
- pulumi_vault/secrets/outputs.py +94 -0
- pulumi_vault/secrets/sync_association.py +56 -75
- pulumi_vault/secrets/sync_aws_destination.py +240 -29
- pulumi_vault/secrets/sync_azure_destination.py +90 -33
- pulumi_vault/secrets/sync_config.py +7 -6
- pulumi_vault/secrets/sync_gcp_destination.py +156 -27
- pulumi_vault/secrets/sync_gh_destination.py +187 -15
- pulumi_vault/secrets/sync_github_apps.py +375 -0
- pulumi_vault/secrets/sync_vercel_destination.py +72 -15
- pulumi_vault/ssh/_inputs.py +28 -32
- pulumi_vault/ssh/outputs.py +11 -32
- pulumi_vault/ssh/secret_backend_ca.py +106 -11
- pulumi_vault/ssh/secret_backend_role.py +83 -120
- pulumi_vault/terraformcloud/secret_backend.py +5 -56
- pulumi_vault/terraformcloud/secret_creds.py +14 -24
- pulumi_vault/terraformcloud/secret_role.py +14 -76
- pulumi_vault/token.py +26 -25
- pulumi_vault/tokenauth/auth_backend_role.py +76 -201
- pulumi_vault/transform/alphabet.py +16 -13
- pulumi_vault/transform/get_decode.py +45 -21
- pulumi_vault/transform/get_encode.py +45 -21
- pulumi_vault/transform/role.py +16 -13
- pulumi_vault/transform/template.py +30 -25
- pulumi_vault/transform/transformation.py +12 -7
- pulumi_vault/transit/get_decrypt.py +26 -25
- pulumi_vault/transit/get_encrypt.py +24 -19
- pulumi_vault/transit/secret_backend_key.py +25 -97
- pulumi_vault/transit/secret_cache_config.py +12 -11
- {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/METADATA +8 -7
- pulumi_vault-6.5.0a1736836139.dist-info/RECORD +256 -0
- {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/WHEEL +1 -1
- pulumi_vault-5.21.0a1710160723.dist-info/RECORD +0 -244
- {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/top_level.txt +0 -0
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
|
12
17
|
__all__ = ['SecretBackendRoleArgs', 'SecretBackendRole']
|
@@ -17,7 +22,9 @@ class SecretBackendRoleArgs:
|
|
17
22
|
backend: pulumi.Input[str],
|
18
23
|
credential_type: pulumi.Input[str],
|
19
24
|
default_sts_ttl: Optional[pulumi.Input[int]] = None,
|
25
|
+
external_id: Optional[pulumi.Input[str]] = None,
|
20
26
|
iam_groups: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
27
|
+
iam_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
21
28
|
max_sts_ttl: Optional[pulumi.Input[int]] = None,
|
22
29
|
name: Optional[pulumi.Input[str]] = None,
|
23
30
|
namespace: Optional[pulumi.Input[str]] = None,
|
@@ -25,6 +32,7 @@ class SecretBackendRoleArgs:
|
|
25
32
|
policy_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
26
33
|
policy_document: Optional[pulumi.Input[str]] = None,
|
27
34
|
role_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
35
|
+
session_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
28
36
|
user_path: Optional[pulumi.Input[str]] = None):
|
29
37
|
"""
|
30
38
|
The set of arguments for constructing a SecretBackendRole resource.
|
@@ -38,12 +46,16 @@ class SecretBackendRoleArgs:
|
|
38
46
|
and a default TTL is specified on the role,
|
39
47
|
then this default TTL will be used. Valid only when `credential_type` is one of
|
40
48
|
`assumed_role` or `federation_token`.
|
49
|
+
:param pulumi.Input[str] external_id: External ID to set for assume role creds.
|
50
|
+
Valid only when `credential_type` is set to `assumed_role`.
|
41
51
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] iam_groups: A list of IAM group names. IAM users generated
|
42
52
|
against this vault role will be added to these IAM Groups. For a credential
|
43
53
|
type of `assumed_role` or `federation_token`, the policies sent to the
|
44
54
|
corresponding AWS call (sts:AssumeRole or sts:GetFederation) will be the
|
45
55
|
policies from each group in `iam_groups` combined with the `policy_document`
|
46
56
|
and `policy_arns` parameters.
|
57
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] iam_tags: A map of strings representing key/value pairs
|
58
|
+
to be used as tags for any IAM user that is created by this role.
|
47
59
|
:param pulumi.Input[int] max_sts_ttl: The max allowed TTL in seconds for STS credentials
|
48
60
|
(credentials TTL are capped to `max_sts_ttl`). Valid only when `credential_type` is
|
49
61
|
one of `assumed_role` or `federation_token`.
|
@@ -51,7 +63,7 @@ class SecretBackendRoleArgs:
|
|
51
63
|
Must be unique within the backend.
|
52
64
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
53
65
|
The value should not contain leading or trailing forward slashes.
|
54
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
66
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
55
67
|
*Available only for Vault Enterprise*.
|
56
68
|
:param pulumi.Input[str] permissions_boundary_arn: The ARN of the AWS Permissions
|
57
69
|
Boundary to attach to IAM users created in the role. Valid only when
|
@@ -72,6 +84,9 @@ class SecretBackendRoleArgs:
|
|
72
84
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] role_arns: Specifies the ARNs of the AWS roles this Vault role
|
73
85
|
is allowed to assume. Required when `credential_type` is `assumed_role` and
|
74
86
|
prohibited otherwise.
|
87
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] session_tags: A map of strings representing key/value pairs to be set
|
88
|
+
during assume role creds creation. Valid only when `credential_type` is set to
|
89
|
+
`assumed_role`.
|
75
90
|
:param pulumi.Input[str] user_path: The path for the user name. Valid only when
|
76
91
|
`credential_type` is `iam_user`. Default is `/`.
|
77
92
|
"""
|
@@ -79,8 +94,12 @@ class SecretBackendRoleArgs:
|
|
79
94
|
pulumi.set(__self__, "credential_type", credential_type)
|
80
95
|
if default_sts_ttl is not None:
|
81
96
|
pulumi.set(__self__, "default_sts_ttl", default_sts_ttl)
|
97
|
+
if external_id is not None:
|
98
|
+
pulumi.set(__self__, "external_id", external_id)
|
82
99
|
if iam_groups is not None:
|
83
100
|
pulumi.set(__self__, "iam_groups", iam_groups)
|
101
|
+
if iam_tags is not None:
|
102
|
+
pulumi.set(__self__, "iam_tags", iam_tags)
|
84
103
|
if max_sts_ttl is not None:
|
85
104
|
pulumi.set(__self__, "max_sts_ttl", max_sts_ttl)
|
86
105
|
if name is not None:
|
@@ -95,6 +114,8 @@ class SecretBackendRoleArgs:
|
|
95
114
|
pulumi.set(__self__, "policy_document", policy_document)
|
96
115
|
if role_arns is not None:
|
97
116
|
pulumi.set(__self__, "role_arns", role_arns)
|
117
|
+
if session_tags is not None:
|
118
|
+
pulumi.set(__self__, "session_tags", session_tags)
|
98
119
|
if user_path is not None:
|
99
120
|
pulumi.set(__self__, "user_path", user_path)
|
100
121
|
|
@@ -141,6 +162,19 @@ class SecretBackendRoleArgs:
|
|
141
162
|
def default_sts_ttl(self, value: Optional[pulumi.Input[int]]):
|
142
163
|
pulumi.set(self, "default_sts_ttl", value)
|
143
164
|
|
165
|
+
@property
|
166
|
+
@pulumi.getter(name="externalId")
|
167
|
+
def external_id(self) -> Optional[pulumi.Input[str]]:
|
168
|
+
"""
|
169
|
+
External ID to set for assume role creds.
|
170
|
+
Valid only when `credential_type` is set to `assumed_role`.
|
171
|
+
"""
|
172
|
+
return pulumi.get(self, "external_id")
|
173
|
+
|
174
|
+
@external_id.setter
|
175
|
+
def external_id(self, value: Optional[pulumi.Input[str]]):
|
176
|
+
pulumi.set(self, "external_id", value)
|
177
|
+
|
144
178
|
@property
|
145
179
|
@pulumi.getter(name="iamGroups")
|
146
180
|
def iam_groups(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
@@ -158,6 +192,19 @@ class SecretBackendRoleArgs:
|
|
158
192
|
def iam_groups(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
159
193
|
pulumi.set(self, "iam_groups", value)
|
160
194
|
|
195
|
+
@property
|
196
|
+
@pulumi.getter(name="iamTags")
|
197
|
+
def iam_tags(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
|
198
|
+
"""
|
199
|
+
A map of strings representing key/value pairs
|
200
|
+
to be used as tags for any IAM user that is created by this role.
|
201
|
+
"""
|
202
|
+
return pulumi.get(self, "iam_tags")
|
203
|
+
|
204
|
+
@iam_tags.setter
|
205
|
+
def iam_tags(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
|
206
|
+
pulumi.set(self, "iam_tags", value)
|
207
|
+
|
161
208
|
@property
|
162
209
|
@pulumi.getter(name="maxStsTtl")
|
163
210
|
def max_sts_ttl(self) -> Optional[pulumi.Input[int]]:
|
@@ -191,7 +238,7 @@ class SecretBackendRoleArgs:
|
|
191
238
|
"""
|
192
239
|
The namespace to provision the resource in.
|
193
240
|
The value should not contain leading or trailing forward slashes.
|
194
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
241
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
195
242
|
*Available only for Vault Enterprise*.
|
196
243
|
"""
|
197
244
|
return pulumi.get(self, "namespace")
|
@@ -263,6 +310,20 @@ class SecretBackendRoleArgs:
|
|
263
310
|
def role_arns(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
264
311
|
pulumi.set(self, "role_arns", value)
|
265
312
|
|
313
|
+
@property
|
314
|
+
@pulumi.getter(name="sessionTags")
|
315
|
+
def session_tags(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
|
316
|
+
"""
|
317
|
+
A map of strings representing key/value pairs to be set
|
318
|
+
during assume role creds creation. Valid only when `credential_type` is set to
|
319
|
+
`assumed_role`.
|
320
|
+
"""
|
321
|
+
return pulumi.get(self, "session_tags")
|
322
|
+
|
323
|
+
@session_tags.setter
|
324
|
+
def session_tags(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
|
325
|
+
pulumi.set(self, "session_tags", value)
|
326
|
+
|
266
327
|
@property
|
267
328
|
@pulumi.getter(name="userPath")
|
268
329
|
def user_path(self) -> Optional[pulumi.Input[str]]:
|
@@ -283,7 +344,9 @@ class _SecretBackendRoleState:
|
|
283
344
|
backend: Optional[pulumi.Input[str]] = None,
|
284
345
|
credential_type: Optional[pulumi.Input[str]] = None,
|
285
346
|
default_sts_ttl: Optional[pulumi.Input[int]] = None,
|
347
|
+
external_id: Optional[pulumi.Input[str]] = None,
|
286
348
|
iam_groups: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
349
|
+
iam_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
287
350
|
max_sts_ttl: Optional[pulumi.Input[int]] = None,
|
288
351
|
name: Optional[pulumi.Input[str]] = None,
|
289
352
|
namespace: Optional[pulumi.Input[str]] = None,
|
@@ -291,6 +354,7 @@ class _SecretBackendRoleState:
|
|
291
354
|
policy_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
292
355
|
policy_document: Optional[pulumi.Input[str]] = None,
|
293
356
|
role_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
357
|
+
session_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
294
358
|
user_path: Optional[pulumi.Input[str]] = None):
|
295
359
|
"""
|
296
360
|
Input properties used for looking up and filtering SecretBackendRole resources.
|
@@ -304,12 +368,16 @@ class _SecretBackendRoleState:
|
|
304
368
|
and a default TTL is specified on the role,
|
305
369
|
then this default TTL will be used. Valid only when `credential_type` is one of
|
306
370
|
`assumed_role` or `federation_token`.
|
371
|
+
:param pulumi.Input[str] external_id: External ID to set for assume role creds.
|
372
|
+
Valid only when `credential_type` is set to `assumed_role`.
|
307
373
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] iam_groups: A list of IAM group names. IAM users generated
|
308
374
|
against this vault role will be added to these IAM Groups. For a credential
|
309
375
|
type of `assumed_role` or `federation_token`, the policies sent to the
|
310
376
|
corresponding AWS call (sts:AssumeRole or sts:GetFederation) will be the
|
311
377
|
policies from each group in `iam_groups` combined with the `policy_document`
|
312
378
|
and `policy_arns` parameters.
|
379
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] iam_tags: A map of strings representing key/value pairs
|
380
|
+
to be used as tags for any IAM user that is created by this role.
|
313
381
|
:param pulumi.Input[int] max_sts_ttl: The max allowed TTL in seconds for STS credentials
|
314
382
|
(credentials TTL are capped to `max_sts_ttl`). Valid only when `credential_type` is
|
315
383
|
one of `assumed_role` or `federation_token`.
|
@@ -317,7 +385,7 @@ class _SecretBackendRoleState:
|
|
317
385
|
Must be unique within the backend.
|
318
386
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
319
387
|
The value should not contain leading or trailing forward slashes.
|
320
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
388
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
321
389
|
*Available only for Vault Enterprise*.
|
322
390
|
:param pulumi.Input[str] permissions_boundary_arn: The ARN of the AWS Permissions
|
323
391
|
Boundary to attach to IAM users created in the role. Valid only when
|
@@ -338,6 +406,9 @@ class _SecretBackendRoleState:
|
|
338
406
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] role_arns: Specifies the ARNs of the AWS roles this Vault role
|
339
407
|
is allowed to assume. Required when `credential_type` is `assumed_role` and
|
340
408
|
prohibited otherwise.
|
409
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] session_tags: A map of strings representing key/value pairs to be set
|
410
|
+
during assume role creds creation. Valid only when `credential_type` is set to
|
411
|
+
`assumed_role`.
|
341
412
|
:param pulumi.Input[str] user_path: The path for the user name. Valid only when
|
342
413
|
`credential_type` is `iam_user`. Default is `/`.
|
343
414
|
"""
|
@@ -347,8 +418,12 @@ class _SecretBackendRoleState:
|
|
347
418
|
pulumi.set(__self__, "credential_type", credential_type)
|
348
419
|
if default_sts_ttl is not None:
|
349
420
|
pulumi.set(__self__, "default_sts_ttl", default_sts_ttl)
|
421
|
+
if external_id is not None:
|
422
|
+
pulumi.set(__self__, "external_id", external_id)
|
350
423
|
if iam_groups is not None:
|
351
424
|
pulumi.set(__self__, "iam_groups", iam_groups)
|
425
|
+
if iam_tags is not None:
|
426
|
+
pulumi.set(__self__, "iam_tags", iam_tags)
|
352
427
|
if max_sts_ttl is not None:
|
353
428
|
pulumi.set(__self__, "max_sts_ttl", max_sts_ttl)
|
354
429
|
if name is not None:
|
@@ -363,6 +438,8 @@ class _SecretBackendRoleState:
|
|
363
438
|
pulumi.set(__self__, "policy_document", policy_document)
|
364
439
|
if role_arns is not None:
|
365
440
|
pulumi.set(__self__, "role_arns", role_arns)
|
441
|
+
if session_tags is not None:
|
442
|
+
pulumi.set(__self__, "session_tags", session_tags)
|
366
443
|
if user_path is not None:
|
367
444
|
pulumi.set(__self__, "user_path", user_path)
|
368
445
|
|
@@ -409,6 +486,19 @@ class _SecretBackendRoleState:
|
|
409
486
|
def default_sts_ttl(self, value: Optional[pulumi.Input[int]]):
|
410
487
|
pulumi.set(self, "default_sts_ttl", value)
|
411
488
|
|
489
|
+
@property
|
490
|
+
@pulumi.getter(name="externalId")
|
491
|
+
def external_id(self) -> Optional[pulumi.Input[str]]:
|
492
|
+
"""
|
493
|
+
External ID to set for assume role creds.
|
494
|
+
Valid only when `credential_type` is set to `assumed_role`.
|
495
|
+
"""
|
496
|
+
return pulumi.get(self, "external_id")
|
497
|
+
|
498
|
+
@external_id.setter
|
499
|
+
def external_id(self, value: Optional[pulumi.Input[str]]):
|
500
|
+
pulumi.set(self, "external_id", value)
|
501
|
+
|
412
502
|
@property
|
413
503
|
@pulumi.getter(name="iamGroups")
|
414
504
|
def iam_groups(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
@@ -426,6 +516,19 @@ class _SecretBackendRoleState:
|
|
426
516
|
def iam_groups(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
427
517
|
pulumi.set(self, "iam_groups", value)
|
428
518
|
|
519
|
+
@property
|
520
|
+
@pulumi.getter(name="iamTags")
|
521
|
+
def iam_tags(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
|
522
|
+
"""
|
523
|
+
A map of strings representing key/value pairs
|
524
|
+
to be used as tags for any IAM user that is created by this role.
|
525
|
+
"""
|
526
|
+
return pulumi.get(self, "iam_tags")
|
527
|
+
|
528
|
+
@iam_tags.setter
|
529
|
+
def iam_tags(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
|
530
|
+
pulumi.set(self, "iam_tags", value)
|
531
|
+
|
429
532
|
@property
|
430
533
|
@pulumi.getter(name="maxStsTtl")
|
431
534
|
def max_sts_ttl(self) -> Optional[pulumi.Input[int]]:
|
@@ -459,7 +562,7 @@ class _SecretBackendRoleState:
|
|
459
562
|
"""
|
460
563
|
The namespace to provision the resource in.
|
461
564
|
The value should not contain leading or trailing forward slashes.
|
462
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
565
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
463
566
|
*Available only for Vault Enterprise*.
|
464
567
|
"""
|
465
568
|
return pulumi.get(self, "namespace")
|
@@ -531,6 +634,20 @@ class _SecretBackendRoleState:
|
|
531
634
|
def role_arns(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
532
635
|
pulumi.set(self, "role_arns", value)
|
533
636
|
|
637
|
+
@property
|
638
|
+
@pulumi.getter(name="sessionTags")
|
639
|
+
def session_tags(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
|
640
|
+
"""
|
641
|
+
A map of strings representing key/value pairs to be set
|
642
|
+
during assume role creds creation. Valid only when `credential_type` is set to
|
643
|
+
`assumed_role`.
|
644
|
+
"""
|
645
|
+
return pulumi.get(self, "session_tags")
|
646
|
+
|
647
|
+
@session_tags.setter
|
648
|
+
def session_tags(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
|
649
|
+
pulumi.set(self, "session_tags", value)
|
650
|
+
|
534
651
|
@property
|
535
652
|
@pulumi.getter(name="userPath")
|
536
653
|
def user_path(self) -> Optional[pulumi.Input[str]]:
|
@@ -553,7 +670,9 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
553
670
|
backend: Optional[pulumi.Input[str]] = None,
|
554
671
|
credential_type: Optional[pulumi.Input[str]] = None,
|
555
672
|
default_sts_ttl: Optional[pulumi.Input[int]] = None,
|
673
|
+
external_id: Optional[pulumi.Input[str]] = None,
|
556
674
|
iam_groups: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
675
|
+
iam_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
557
676
|
max_sts_ttl: Optional[pulumi.Input[int]] = None,
|
558
677
|
name: Optional[pulumi.Input[str]] = None,
|
559
678
|
namespace: Optional[pulumi.Input[str]] = None,
|
@@ -561,12 +680,12 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
561
680
|
policy_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
562
681
|
policy_document: Optional[pulumi.Input[str]] = None,
|
563
682
|
role_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
683
|
+
session_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
564
684
|
user_path: Optional[pulumi.Input[str]] = None,
|
565
685
|
__props__=None):
|
566
686
|
"""
|
567
687
|
## Example Usage
|
568
688
|
|
569
|
-
<!--Start PulumiCodeChooser -->
|
570
689
|
```python
|
571
690
|
import pulumi
|
572
691
|
import pulumi_vault as vault
|
@@ -576,6 +695,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
576
695
|
secret_key="AWS secret key")
|
577
696
|
role = vault.aws.SecretBackendRole("role",
|
578
697
|
backend=aws.path,
|
698
|
+
name="deploy",
|
579
699
|
credential_type="iam_user",
|
580
700
|
policy_document=\"\"\"{
|
581
701
|
"Version": "2012-10-17",
|
@@ -589,7 +709,6 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
589
709
|
}
|
590
710
|
\"\"\")
|
591
711
|
```
|
592
|
-
<!--End PulumiCodeChooser -->
|
593
712
|
|
594
713
|
## Import
|
595
714
|
|
@@ -611,12 +730,16 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
611
730
|
and a default TTL is specified on the role,
|
612
731
|
then this default TTL will be used. Valid only when `credential_type` is one of
|
613
732
|
`assumed_role` or `federation_token`.
|
733
|
+
:param pulumi.Input[str] external_id: External ID to set for assume role creds.
|
734
|
+
Valid only when `credential_type` is set to `assumed_role`.
|
614
735
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] iam_groups: A list of IAM group names. IAM users generated
|
615
736
|
against this vault role will be added to these IAM Groups. For a credential
|
616
737
|
type of `assumed_role` or `federation_token`, the policies sent to the
|
617
738
|
corresponding AWS call (sts:AssumeRole or sts:GetFederation) will be the
|
618
739
|
policies from each group in `iam_groups` combined with the `policy_document`
|
619
740
|
and `policy_arns` parameters.
|
741
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] iam_tags: A map of strings representing key/value pairs
|
742
|
+
to be used as tags for any IAM user that is created by this role.
|
620
743
|
:param pulumi.Input[int] max_sts_ttl: The max allowed TTL in seconds for STS credentials
|
621
744
|
(credentials TTL are capped to `max_sts_ttl`). Valid only when `credential_type` is
|
622
745
|
one of `assumed_role` or `federation_token`.
|
@@ -624,7 +747,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
624
747
|
Must be unique within the backend.
|
625
748
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
626
749
|
The value should not contain leading or trailing forward slashes.
|
627
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
750
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
628
751
|
*Available only for Vault Enterprise*.
|
629
752
|
:param pulumi.Input[str] permissions_boundary_arn: The ARN of the AWS Permissions
|
630
753
|
Boundary to attach to IAM users created in the role. Valid only when
|
@@ -645,6 +768,9 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
645
768
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] role_arns: Specifies the ARNs of the AWS roles this Vault role
|
646
769
|
is allowed to assume. Required when `credential_type` is `assumed_role` and
|
647
770
|
prohibited otherwise.
|
771
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] session_tags: A map of strings representing key/value pairs to be set
|
772
|
+
during assume role creds creation. Valid only when `credential_type` is set to
|
773
|
+
`assumed_role`.
|
648
774
|
:param pulumi.Input[str] user_path: The path for the user name. Valid only when
|
649
775
|
`credential_type` is `iam_user`. Default is `/`.
|
650
776
|
"""
|
@@ -657,7 +783,6 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
657
783
|
"""
|
658
784
|
## Example Usage
|
659
785
|
|
660
|
-
<!--Start PulumiCodeChooser -->
|
661
786
|
```python
|
662
787
|
import pulumi
|
663
788
|
import pulumi_vault as vault
|
@@ -667,6 +792,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
667
792
|
secret_key="AWS secret key")
|
668
793
|
role = vault.aws.SecretBackendRole("role",
|
669
794
|
backend=aws.path,
|
795
|
+
name="deploy",
|
670
796
|
credential_type="iam_user",
|
671
797
|
policy_document=\"\"\"{
|
672
798
|
"Version": "2012-10-17",
|
@@ -680,7 +806,6 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
680
806
|
}
|
681
807
|
\"\"\")
|
682
808
|
```
|
683
|
-
<!--End PulumiCodeChooser -->
|
684
809
|
|
685
810
|
## Import
|
686
811
|
|
@@ -708,7 +833,9 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
708
833
|
backend: Optional[pulumi.Input[str]] = None,
|
709
834
|
credential_type: Optional[pulumi.Input[str]] = None,
|
710
835
|
default_sts_ttl: Optional[pulumi.Input[int]] = None,
|
836
|
+
external_id: Optional[pulumi.Input[str]] = None,
|
711
837
|
iam_groups: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
838
|
+
iam_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
712
839
|
max_sts_ttl: Optional[pulumi.Input[int]] = None,
|
713
840
|
name: Optional[pulumi.Input[str]] = None,
|
714
841
|
namespace: Optional[pulumi.Input[str]] = None,
|
@@ -716,6 +843,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
716
843
|
policy_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
717
844
|
policy_document: Optional[pulumi.Input[str]] = None,
|
718
845
|
role_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
846
|
+
session_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
719
847
|
user_path: Optional[pulumi.Input[str]] = None,
|
720
848
|
__props__=None):
|
721
849
|
opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
|
@@ -733,7 +861,9 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
733
861
|
raise TypeError("Missing required property 'credential_type'")
|
734
862
|
__props__.__dict__["credential_type"] = credential_type
|
735
863
|
__props__.__dict__["default_sts_ttl"] = default_sts_ttl
|
864
|
+
__props__.__dict__["external_id"] = external_id
|
736
865
|
__props__.__dict__["iam_groups"] = iam_groups
|
866
|
+
__props__.__dict__["iam_tags"] = iam_tags
|
737
867
|
__props__.__dict__["max_sts_ttl"] = max_sts_ttl
|
738
868
|
__props__.__dict__["name"] = name
|
739
869
|
__props__.__dict__["namespace"] = namespace
|
@@ -741,6 +871,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
741
871
|
__props__.__dict__["policy_arns"] = policy_arns
|
742
872
|
__props__.__dict__["policy_document"] = policy_document
|
743
873
|
__props__.__dict__["role_arns"] = role_arns
|
874
|
+
__props__.__dict__["session_tags"] = session_tags
|
744
875
|
__props__.__dict__["user_path"] = user_path
|
745
876
|
super(SecretBackendRole, __self__).__init__(
|
746
877
|
'vault:aws/secretBackendRole:SecretBackendRole',
|
@@ -755,7 +886,9 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
755
886
|
backend: Optional[pulumi.Input[str]] = None,
|
756
887
|
credential_type: Optional[pulumi.Input[str]] = None,
|
757
888
|
default_sts_ttl: Optional[pulumi.Input[int]] = None,
|
889
|
+
external_id: Optional[pulumi.Input[str]] = None,
|
758
890
|
iam_groups: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
891
|
+
iam_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
759
892
|
max_sts_ttl: Optional[pulumi.Input[int]] = None,
|
760
893
|
name: Optional[pulumi.Input[str]] = None,
|
761
894
|
namespace: Optional[pulumi.Input[str]] = None,
|
@@ -763,6 +896,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
763
896
|
policy_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
764
897
|
policy_document: Optional[pulumi.Input[str]] = None,
|
765
898
|
role_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
899
|
+
session_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
766
900
|
user_path: Optional[pulumi.Input[str]] = None) -> 'SecretBackendRole':
|
767
901
|
"""
|
768
902
|
Get an existing SecretBackendRole resource's state with the given name, id, and optional extra
|
@@ -781,12 +915,16 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
781
915
|
and a default TTL is specified on the role,
|
782
916
|
then this default TTL will be used. Valid only when `credential_type` is one of
|
783
917
|
`assumed_role` or `federation_token`.
|
918
|
+
:param pulumi.Input[str] external_id: External ID to set for assume role creds.
|
919
|
+
Valid only when `credential_type` is set to `assumed_role`.
|
784
920
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] iam_groups: A list of IAM group names. IAM users generated
|
785
921
|
against this vault role will be added to these IAM Groups. For a credential
|
786
922
|
type of `assumed_role` or `federation_token`, the policies sent to the
|
787
923
|
corresponding AWS call (sts:AssumeRole or sts:GetFederation) will be the
|
788
924
|
policies from each group in `iam_groups` combined with the `policy_document`
|
789
925
|
and `policy_arns` parameters.
|
926
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] iam_tags: A map of strings representing key/value pairs
|
927
|
+
to be used as tags for any IAM user that is created by this role.
|
790
928
|
:param pulumi.Input[int] max_sts_ttl: The max allowed TTL in seconds for STS credentials
|
791
929
|
(credentials TTL are capped to `max_sts_ttl`). Valid only when `credential_type` is
|
792
930
|
one of `assumed_role` or `federation_token`.
|
@@ -794,7 +932,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
794
932
|
Must be unique within the backend.
|
795
933
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
796
934
|
The value should not contain leading or trailing forward slashes.
|
797
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
935
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
798
936
|
*Available only for Vault Enterprise*.
|
799
937
|
:param pulumi.Input[str] permissions_boundary_arn: The ARN of the AWS Permissions
|
800
938
|
Boundary to attach to IAM users created in the role. Valid only when
|
@@ -815,6 +953,9 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
815
953
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] role_arns: Specifies the ARNs of the AWS roles this Vault role
|
816
954
|
is allowed to assume. Required when `credential_type` is `assumed_role` and
|
817
955
|
prohibited otherwise.
|
956
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] session_tags: A map of strings representing key/value pairs to be set
|
957
|
+
during assume role creds creation. Valid only when `credential_type` is set to
|
958
|
+
`assumed_role`.
|
818
959
|
:param pulumi.Input[str] user_path: The path for the user name. Valid only when
|
819
960
|
`credential_type` is `iam_user`. Default is `/`.
|
820
961
|
"""
|
@@ -825,7 +966,9 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
825
966
|
__props__.__dict__["backend"] = backend
|
826
967
|
__props__.__dict__["credential_type"] = credential_type
|
827
968
|
__props__.__dict__["default_sts_ttl"] = default_sts_ttl
|
969
|
+
__props__.__dict__["external_id"] = external_id
|
828
970
|
__props__.__dict__["iam_groups"] = iam_groups
|
971
|
+
__props__.__dict__["iam_tags"] = iam_tags
|
829
972
|
__props__.__dict__["max_sts_ttl"] = max_sts_ttl
|
830
973
|
__props__.__dict__["name"] = name
|
831
974
|
__props__.__dict__["namespace"] = namespace
|
@@ -833,6 +976,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
833
976
|
__props__.__dict__["policy_arns"] = policy_arns
|
834
977
|
__props__.__dict__["policy_document"] = policy_document
|
835
978
|
__props__.__dict__["role_arns"] = role_arns
|
979
|
+
__props__.__dict__["session_tags"] = session_tags
|
836
980
|
__props__.__dict__["user_path"] = user_path
|
837
981
|
return SecretBackendRole(resource_name, opts=opts, __props__=__props__)
|
838
982
|
|
@@ -867,6 +1011,15 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
867
1011
|
"""
|
868
1012
|
return pulumi.get(self, "default_sts_ttl")
|
869
1013
|
|
1014
|
+
@property
|
1015
|
+
@pulumi.getter(name="externalId")
|
1016
|
+
def external_id(self) -> pulumi.Output[Optional[str]]:
|
1017
|
+
"""
|
1018
|
+
External ID to set for assume role creds.
|
1019
|
+
Valid only when `credential_type` is set to `assumed_role`.
|
1020
|
+
"""
|
1021
|
+
return pulumi.get(self, "external_id")
|
1022
|
+
|
870
1023
|
@property
|
871
1024
|
@pulumi.getter(name="iamGroups")
|
872
1025
|
def iam_groups(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
@@ -880,6 +1033,15 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
880
1033
|
"""
|
881
1034
|
return pulumi.get(self, "iam_groups")
|
882
1035
|
|
1036
|
+
@property
|
1037
|
+
@pulumi.getter(name="iamTags")
|
1038
|
+
def iam_tags(self) -> pulumi.Output[Optional[Mapping[str, str]]]:
|
1039
|
+
"""
|
1040
|
+
A map of strings representing key/value pairs
|
1041
|
+
to be used as tags for any IAM user that is created by this role.
|
1042
|
+
"""
|
1043
|
+
return pulumi.get(self, "iam_tags")
|
1044
|
+
|
883
1045
|
@property
|
884
1046
|
@pulumi.getter(name="maxStsTtl")
|
885
1047
|
def max_sts_ttl(self) -> pulumi.Output[int]:
|
@@ -905,7 +1067,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
905
1067
|
"""
|
906
1068
|
The namespace to provision the resource in.
|
907
1069
|
The value should not contain leading or trailing forward slashes.
|
908
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
1070
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
909
1071
|
*Available only for Vault Enterprise*.
|
910
1072
|
"""
|
911
1073
|
return pulumi.get(self, "namespace")
|
@@ -957,6 +1119,16 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
957
1119
|
"""
|
958
1120
|
return pulumi.get(self, "role_arns")
|
959
1121
|
|
1122
|
+
@property
|
1123
|
+
@pulumi.getter(name="sessionTags")
|
1124
|
+
def session_tags(self) -> pulumi.Output[Optional[Mapping[str, str]]]:
|
1125
|
+
"""
|
1126
|
+
A map of strings representing key/value pairs to be set
|
1127
|
+
during assume role creds creation. Valid only when `credential_type` is set to
|
1128
|
+
`assumed_role`.
|
1129
|
+
"""
|
1130
|
+
return pulumi.get(self, "session_tags")
|
1131
|
+
|
960
1132
|
@property
|
961
1133
|
@pulumi.getter(name="userPath")
|
962
1134
|
def user_path(self) -> pulumi.Output[Optional[str]]:
|