pulumi-vault 5.21.0a1710160723__py3-none-any.whl → 6.5.0a1736836139__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +52 -0
- pulumi_vault/_inputs.py +560 -0
- pulumi_vault/_utilities.py +41 -5
- pulumi_vault/ad/get_access_credentials.py +22 -7
- pulumi_vault/ad/secret_backend.py +14 -144
- pulumi_vault/ad/secret_library.py +14 -11
- pulumi_vault/ad/secret_role.py +12 -11
- pulumi_vault/alicloud/auth_backend_role.py +74 -192
- pulumi_vault/approle/auth_backend_login.py +12 -11
- pulumi_vault/approle/auth_backend_role.py +75 -193
- pulumi_vault/approle/auth_backend_role_secret_id.py +106 -11
- pulumi_vault/approle/get_auth_backend_role_id.py +18 -9
- pulumi_vault/audit.py +24 -27
- pulumi_vault/audit_request_header.py +11 -6
- pulumi_vault/auth_backend.py +64 -12
- pulumi_vault/aws/auth_backend_cert.py +12 -7
- pulumi_vault/aws/auth_backend_client.py +265 -24
- pulumi_vault/aws/auth_backend_config_identity.py +12 -11
- pulumi_vault/aws/auth_backend_identity_whitelist.py +18 -17
- pulumi_vault/aws/auth_backend_login.py +19 -22
- pulumi_vault/aws/auth_backend_role.py +75 -193
- pulumi_vault/aws/auth_backend_role_tag.py +12 -7
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -17
- pulumi_vault/aws/auth_backend_sts_role.py +12 -11
- pulumi_vault/aws/get_access_credentials.py +34 -7
- pulumi_vault/aws/get_static_access_credentials.py +19 -5
- pulumi_vault/aws/secret_backend.py +75 -7
- pulumi_vault/aws/secret_backend_role.py +183 -11
- pulumi_vault/aws/secret_backend_static_role.py +14 -11
- pulumi_vault/azure/_inputs.py +24 -0
- pulumi_vault/azure/auth_backend_config.py +151 -17
- pulumi_vault/azure/auth_backend_role.py +75 -193
- pulumi_vault/azure/backend.py +223 -29
- pulumi_vault/azure/backend_role.py +42 -41
- pulumi_vault/azure/get_access_credentials.py +39 -11
- pulumi_vault/azure/outputs.py +5 -0
- pulumi_vault/cert_auth_backend_role.py +87 -271
- pulumi_vault/config/__init__.pyi +5 -0
- pulumi_vault/config/_inputs.py +73 -0
- pulumi_vault/config/outputs.py +35 -0
- pulumi_vault/config/ui_custom_message.py +529 -0
- pulumi_vault/config/vars.py +5 -0
- pulumi_vault/consul/secret_backend.py +22 -25
- pulumi_vault/consul/secret_backend_role.py +14 -80
- pulumi_vault/database/_inputs.py +2770 -881
- pulumi_vault/database/outputs.py +721 -838
- pulumi_vault/database/secret_backend_connection.py +117 -114
- pulumi_vault/database/secret_backend_role.py +29 -24
- pulumi_vault/database/secret_backend_static_role.py +85 -15
- pulumi_vault/database/secrets_mount.py +425 -138
- pulumi_vault/egp_policy.py +16 -15
- pulumi_vault/gcp/_inputs.py +111 -0
- pulumi_vault/gcp/auth_backend.py +248 -35
- pulumi_vault/gcp/auth_backend_role.py +75 -271
- pulumi_vault/gcp/get_auth_backend_role.py +43 -9
- pulumi_vault/gcp/outputs.py +5 -0
- pulumi_vault/gcp/secret_backend.py +287 -16
- pulumi_vault/gcp/secret_impersonated_account.py +74 -17
- pulumi_vault/gcp/secret_roleset.py +29 -26
- pulumi_vault/gcp/secret_static_account.py +37 -34
- pulumi_vault/generic/endpoint.py +22 -21
- pulumi_vault/generic/get_secret.py +68 -12
- pulumi_vault/generic/secret.py +19 -14
- pulumi_vault/get_auth_backend.py +24 -11
- pulumi_vault/get_auth_backends.py +33 -11
- pulumi_vault/get_namespace.py +226 -0
- pulumi_vault/get_namespaces.py +153 -0
- pulumi_vault/get_nomad_access_token.py +31 -15
- pulumi_vault/get_policy_document.py +34 -23
- pulumi_vault/get_raft_autopilot_state.py +29 -14
- pulumi_vault/github/_inputs.py +55 -0
- pulumi_vault/github/auth_backend.py +17 -16
- pulumi_vault/github/outputs.py +5 -0
- pulumi_vault/github/team.py +14 -13
- pulumi_vault/github/user.py +14 -13
- pulumi_vault/identity/entity.py +18 -15
- pulumi_vault/identity/entity_alias.py +18 -15
- pulumi_vault/identity/entity_policies.py +24 -19
- pulumi_vault/identity/get_entity.py +40 -14
- pulumi_vault/identity/get_group.py +45 -13
- pulumi_vault/identity/get_oidc_client_creds.py +21 -11
- pulumi_vault/identity/get_oidc_openid_config.py +39 -13
- pulumi_vault/identity/get_oidc_public_keys.py +29 -14
- pulumi_vault/identity/group.py +50 -49
- pulumi_vault/identity/group_alias.py +14 -11
- pulumi_vault/identity/group_member_entity_ids.py +24 -74
- pulumi_vault/identity/group_member_group_ids.py +36 -27
- pulumi_vault/identity/group_policies.py +16 -15
- pulumi_vault/identity/mfa_duo.py +9 -8
- pulumi_vault/identity/mfa_login_enforcement.py +13 -8
- pulumi_vault/identity/mfa_okta.py +9 -8
- pulumi_vault/identity/mfa_pingid.py +5 -4
- pulumi_vault/identity/mfa_totp.py +5 -4
- pulumi_vault/identity/oidc.py +12 -11
- pulumi_vault/identity/oidc_assignment.py +22 -13
- pulumi_vault/identity/oidc_client.py +34 -25
- pulumi_vault/identity/oidc_key.py +28 -19
- pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -19
- pulumi_vault/identity/oidc_provider.py +34 -23
- pulumi_vault/identity/oidc_role.py +40 -27
- pulumi_vault/identity/oidc_scope.py +18 -15
- pulumi_vault/identity/outputs.py +8 -3
- pulumi_vault/jwt/_inputs.py +55 -0
- pulumi_vault/jwt/auth_backend.py +39 -46
- pulumi_vault/jwt/auth_backend_role.py +131 -260
- pulumi_vault/jwt/outputs.py +5 -0
- pulumi_vault/kmip/secret_backend.py +22 -21
- pulumi_vault/kmip/secret_role.py +12 -11
- pulumi_vault/kmip/secret_scope.py +12 -11
- pulumi_vault/kubernetes/auth_backend_config.py +55 -7
- pulumi_vault/kubernetes/auth_backend_role.py +68 -179
- pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
- pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
- pulumi_vault/kubernetes/get_service_account_token.py +39 -15
- pulumi_vault/kubernetes/secret_backend.py +314 -29
- pulumi_vault/kubernetes/secret_backend_role.py +135 -56
- pulumi_vault/kv/_inputs.py +36 -4
- pulumi_vault/kv/get_secret.py +23 -12
- pulumi_vault/kv/get_secret_subkeys_v2.py +31 -14
- pulumi_vault/kv/get_secret_v2.py +89 -9
- pulumi_vault/kv/get_secrets_list.py +22 -15
- pulumi_vault/kv/get_secrets_list_v2.py +35 -19
- pulumi_vault/kv/outputs.py +8 -3
- pulumi_vault/kv/secret.py +19 -18
- pulumi_vault/kv/secret_backend_v2.py +12 -11
- pulumi_vault/kv/secret_v2.py +55 -52
- pulumi_vault/ldap/auth_backend.py +125 -168
- pulumi_vault/ldap/auth_backend_group.py +12 -11
- pulumi_vault/ldap/auth_backend_user.py +12 -11
- pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
- pulumi_vault/ldap/get_static_credentials.py +24 -5
- pulumi_vault/ldap/secret_backend.py +352 -84
- pulumi_vault/ldap/secret_backend_dynamic_role.py +12 -11
- pulumi_vault/ldap/secret_backend_library_set.py +14 -11
- pulumi_vault/ldap/secret_backend_static_role.py +67 -12
- pulumi_vault/managed/_inputs.py +289 -132
- pulumi_vault/managed/keys.py +27 -43
- pulumi_vault/managed/outputs.py +89 -132
- pulumi_vault/mfa_duo.py +16 -13
- pulumi_vault/mfa_okta.py +16 -13
- pulumi_vault/mfa_pingid.py +16 -13
- pulumi_vault/mfa_totp.py +22 -19
- pulumi_vault/mongodbatlas/secret_backend.py +18 -17
- pulumi_vault/mongodbatlas/secret_role.py +41 -38
- pulumi_vault/mount.py +389 -65
- pulumi_vault/namespace.py +26 -21
- pulumi_vault/nomad_secret_backend.py +16 -15
- pulumi_vault/nomad_secret_role.py +12 -11
- pulumi_vault/okta/_inputs.py +47 -8
- pulumi_vault/okta/auth_backend.py +483 -41
- pulumi_vault/okta/auth_backend_group.py +12 -11
- pulumi_vault/okta/auth_backend_user.py +12 -11
- pulumi_vault/okta/outputs.py +13 -8
- pulumi_vault/outputs.py +5 -0
- pulumi_vault/password_policy.py +18 -15
- pulumi_vault/pkisecret/__init__.py +3 -0
- pulumi_vault/pkisecret/_inputs.py +81 -0
- pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
- pulumi_vault/pkisecret/backend_config_est.py +619 -0
- pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
- pulumi_vault/pkisecret/get_backend_issuer.py +63 -7
- pulumi_vault/pkisecret/get_backend_issuers.py +21 -12
- pulumi_vault/pkisecret/get_backend_key.py +24 -13
- pulumi_vault/pkisecret/get_backend_keys.py +21 -12
- pulumi_vault/pkisecret/outputs.py +69 -0
- pulumi_vault/pkisecret/secret_backend_cert.py +18 -15
- pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -15
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +12 -11
- pulumi_vault/pkisecret/secret_backend_config_urls.py +59 -11
- pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -13
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -15
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -21
- pulumi_vault/pkisecret/secret_backend_issuer.py +12 -11
- pulumi_vault/pkisecret/secret_backend_key.py +12 -7
- pulumi_vault/pkisecret/secret_backend_role.py +19 -16
- pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -52
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -62
- pulumi_vault/pkisecret/secret_backend_sign.py +18 -60
- pulumi_vault/plugin.py +595 -0
- pulumi_vault/plugin_pinned_version.py +298 -0
- pulumi_vault/policy.py +12 -7
- pulumi_vault/provider.py +48 -53
- pulumi_vault/pulumi-plugin.json +2 -1
- pulumi_vault/quota_lease_count.py +58 -8
- pulumi_vault/quota_rate_limit.py +54 -4
- pulumi_vault/rabbitmq/_inputs.py +61 -0
- pulumi_vault/rabbitmq/outputs.py +5 -0
- pulumi_vault/rabbitmq/secret_backend.py +16 -15
- pulumi_vault/rabbitmq/secret_backend_role.py +52 -49
- pulumi_vault/raft_autopilot.py +12 -11
- pulumi_vault/raft_snapshot_agent_config.py +121 -311
- pulumi_vault/rgp_policy.py +14 -13
- pulumi_vault/saml/auth_backend.py +20 -19
- pulumi_vault/saml/auth_backend_role.py +90 -199
- pulumi_vault/secrets/__init__.py +3 -0
- pulumi_vault/secrets/_inputs.py +110 -0
- pulumi_vault/secrets/outputs.py +94 -0
- pulumi_vault/secrets/sync_association.py +56 -75
- pulumi_vault/secrets/sync_aws_destination.py +240 -29
- pulumi_vault/secrets/sync_azure_destination.py +90 -33
- pulumi_vault/secrets/sync_config.py +7 -6
- pulumi_vault/secrets/sync_gcp_destination.py +156 -27
- pulumi_vault/secrets/sync_gh_destination.py +187 -15
- pulumi_vault/secrets/sync_github_apps.py +375 -0
- pulumi_vault/secrets/sync_vercel_destination.py +72 -15
- pulumi_vault/ssh/_inputs.py +28 -32
- pulumi_vault/ssh/outputs.py +11 -32
- pulumi_vault/ssh/secret_backend_ca.py +106 -11
- pulumi_vault/ssh/secret_backend_role.py +83 -120
- pulumi_vault/terraformcloud/secret_backend.py +5 -56
- pulumi_vault/terraformcloud/secret_creds.py +14 -24
- pulumi_vault/terraformcloud/secret_role.py +14 -76
- pulumi_vault/token.py +26 -25
- pulumi_vault/tokenauth/auth_backend_role.py +76 -201
- pulumi_vault/transform/alphabet.py +16 -13
- pulumi_vault/transform/get_decode.py +45 -21
- pulumi_vault/transform/get_encode.py +45 -21
- pulumi_vault/transform/role.py +16 -13
- pulumi_vault/transform/template.py +30 -25
- pulumi_vault/transform/transformation.py +12 -7
- pulumi_vault/transit/get_decrypt.py +26 -25
- pulumi_vault/transit/get_encrypt.py +24 -19
- pulumi_vault/transit/secret_backend_key.py +25 -97
- pulumi_vault/transit/secret_cache_config.py +12 -11
- {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/METADATA +8 -7
- pulumi_vault-6.5.0a1736836139.dist-info/RECORD +256 -0
- {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/WHEEL +1 -1
- pulumi_vault-5.21.0a1710160723.dist-info/RECORD +0 -244
- {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/top_level.txt +0 -0
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
|
12
17
|
__all__ = ['SecretBackendStaticRoleArgs', 'SecretBackendStaticRole']
|
@@ -29,7 +34,7 @@ class SecretBackendStaticRoleArgs:
|
|
29
34
|
Must be unique within the backend.
|
30
35
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
31
36
|
The value should not contain leading or trailing forward slashes.
|
32
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
37
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
33
38
|
*Available only for Vault Enterprise*.
|
34
39
|
"""
|
35
40
|
pulumi.set(__self__, "rotation_period", rotation_period)
|
@@ -97,7 +102,7 @@ class SecretBackendStaticRoleArgs:
|
|
97
102
|
"""
|
98
103
|
The namespace to provision the resource in.
|
99
104
|
The value should not contain leading or trailing forward slashes.
|
100
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
105
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
101
106
|
*Available only for Vault Enterprise*.
|
102
107
|
"""
|
103
108
|
return pulumi.get(self, "namespace")
|
@@ -123,7 +128,7 @@ class _SecretBackendStaticRoleState:
|
|
123
128
|
Must be unique within the backend.
|
124
129
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
125
130
|
The value should not contain leading or trailing forward slashes.
|
126
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
131
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
127
132
|
*Available only for Vault Enterprise*.
|
128
133
|
:param pulumi.Input[int] rotation_period: How often Vault should rotate the password of the user entry.
|
129
134
|
:param pulumi.Input[str] username: The username of the existing AWS IAM to manage password rotation for.
|
@@ -171,7 +176,7 @@ class _SecretBackendStaticRoleState:
|
|
171
176
|
"""
|
172
177
|
The namespace to provision the resource in.
|
173
178
|
The value should not contain leading or trailing forward slashes.
|
174
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
179
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
175
180
|
*Available only for Vault Enterprise*.
|
176
181
|
"""
|
177
182
|
return pulumi.get(self, "namespace")
|
@@ -219,7 +224,6 @@ class SecretBackendStaticRole(pulumi.CustomResource):
|
|
219
224
|
"""
|
220
225
|
## Example Usage
|
221
226
|
|
222
|
-
<!--Start PulumiCodeChooser -->
|
223
227
|
```python
|
224
228
|
import pulumi
|
225
229
|
import pulumi_vault as vault
|
@@ -229,10 +233,10 @@ class SecretBackendStaticRole(pulumi.CustomResource):
|
|
229
233
|
description="Obtain AWS credentials.")
|
230
234
|
role = vault.aws.SecretBackendStaticRole("role",
|
231
235
|
backend=aws.path,
|
236
|
+
name="test",
|
232
237
|
username="my-test-user",
|
233
238
|
rotation_period=3600)
|
234
239
|
```
|
235
|
-
<!--End PulumiCodeChooser -->
|
236
240
|
|
237
241
|
## Import
|
238
242
|
|
@@ -251,7 +255,7 @@ class SecretBackendStaticRole(pulumi.CustomResource):
|
|
251
255
|
Must be unique within the backend.
|
252
256
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
253
257
|
The value should not contain leading or trailing forward slashes.
|
254
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
258
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
255
259
|
*Available only for Vault Enterprise*.
|
256
260
|
:param pulumi.Input[int] rotation_period: How often Vault should rotate the password of the user entry.
|
257
261
|
:param pulumi.Input[str] username: The username of the existing AWS IAM to manage password rotation for.
|
@@ -265,7 +269,6 @@ class SecretBackendStaticRole(pulumi.CustomResource):
|
|
265
269
|
"""
|
266
270
|
## Example Usage
|
267
271
|
|
268
|
-
<!--Start PulumiCodeChooser -->
|
269
272
|
```python
|
270
273
|
import pulumi
|
271
274
|
import pulumi_vault as vault
|
@@ -275,10 +278,10 @@ class SecretBackendStaticRole(pulumi.CustomResource):
|
|
275
278
|
description="Obtain AWS credentials.")
|
276
279
|
role = vault.aws.SecretBackendStaticRole("role",
|
277
280
|
backend=aws.path,
|
281
|
+
name="test",
|
278
282
|
username="my-test-user",
|
279
283
|
rotation_period=3600)
|
280
284
|
```
|
281
|
-
<!--End PulumiCodeChooser -->
|
282
285
|
|
283
286
|
## Import
|
284
287
|
|
@@ -355,7 +358,7 @@ class SecretBackendStaticRole(pulumi.CustomResource):
|
|
355
358
|
Must be unique within the backend.
|
356
359
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
357
360
|
The value should not contain leading or trailing forward slashes.
|
358
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
361
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
359
362
|
*Available only for Vault Enterprise*.
|
360
363
|
:param pulumi.Input[int] rotation_period: How often Vault should rotate the password of the user entry.
|
361
364
|
:param pulumi.Input[str] username: The username of the existing AWS IAM to manage password rotation for.
|
@@ -395,7 +398,7 @@ class SecretBackendStaticRole(pulumi.CustomResource):
|
|
395
398
|
"""
|
396
399
|
The namespace to provision the resource in.
|
397
400
|
The value should not contain leading or trailing forward slashes.
|
398
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
401
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
399
402
|
*Available only for Vault Enterprise*.
|
400
403
|
"""
|
401
404
|
return pulumi.get(self, "namespace")
|
pulumi_vault/azure/_inputs.py
CHANGED
@@ -4,16 +4,32 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
|
12
17
|
__all__ = [
|
13
18
|
'BackendRoleAzureGroupArgs',
|
19
|
+
'BackendRoleAzureGroupArgsDict',
|
14
20
|
'BackendRoleAzureRoleArgs',
|
21
|
+
'BackendRoleAzureRoleArgsDict',
|
15
22
|
]
|
16
23
|
|
24
|
+
MYPY = False
|
25
|
+
|
26
|
+
if not MYPY:
|
27
|
+
class BackendRoleAzureGroupArgsDict(TypedDict):
|
28
|
+
group_name: pulumi.Input[str]
|
29
|
+
object_id: NotRequired[pulumi.Input[str]]
|
30
|
+
elif False:
|
31
|
+
BackendRoleAzureGroupArgsDict: TypeAlias = Mapping[str, Any]
|
32
|
+
|
17
33
|
@pulumi.input_type
|
18
34
|
class BackendRoleAzureGroupArgs:
|
19
35
|
def __init__(__self__, *,
|
@@ -42,6 +58,14 @@ class BackendRoleAzureGroupArgs:
|
|
42
58
|
pulumi.set(self, "object_id", value)
|
43
59
|
|
44
60
|
|
61
|
+
if not MYPY:
|
62
|
+
class BackendRoleAzureRoleArgsDict(TypedDict):
|
63
|
+
scope: pulumi.Input[str]
|
64
|
+
role_id: NotRequired[pulumi.Input[str]]
|
65
|
+
role_name: NotRequired[pulumi.Input[str]]
|
66
|
+
elif False:
|
67
|
+
BackendRoleAzureRoleArgsDict: TypeAlias = Mapping[str, Any]
|
68
|
+
|
45
69
|
@pulumi.input_type
|
46
70
|
class BackendRoleAzureRoleArgs:
|
47
71
|
def __init__(__self__, *,
|
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
|
12
17
|
__all__ = ['AuthBackendConfigArgs', 'AuthBackendConfig']
|
@@ -20,6 +25,8 @@ class AuthBackendConfigArgs:
|
|
20
25
|
client_id: Optional[pulumi.Input[str]] = None,
|
21
26
|
client_secret: Optional[pulumi.Input[str]] = None,
|
22
27
|
environment: Optional[pulumi.Input[str]] = None,
|
28
|
+
identity_token_audience: Optional[pulumi.Input[str]] = None,
|
29
|
+
identity_token_ttl: Optional[pulumi.Input[int]] = None,
|
23
30
|
namespace: Optional[pulumi.Input[str]] = None):
|
24
31
|
"""
|
25
32
|
The set of arguments for constructing a AuthBackendConfig resource.
|
@@ -36,9 +43,12 @@ class AuthBackendConfigArgs:
|
|
36
43
|
:param pulumi.Input[str] environment: The Azure cloud environment. Valid values:
|
37
44
|
AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud,
|
38
45
|
AzureGermanCloud. Defaults to `AzurePublicCloud`.
|
46
|
+
:param pulumi.Input[str] identity_token_audience: The audience claim value for plugin identity tokens. Requires Vault 1.17+.
|
47
|
+
*Available only for Vault Enterprise*
|
48
|
+
:param pulumi.Input[int] identity_token_ttl: The TTL of generated identity tokens in seconds.
|
39
49
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
40
50
|
The value should not contain leading or trailing forward slashes.
|
41
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
51
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
42
52
|
*Available only for Vault Enterprise*.
|
43
53
|
"""
|
44
54
|
pulumi.set(__self__, "resource", resource)
|
@@ -51,6 +61,10 @@ class AuthBackendConfigArgs:
|
|
51
61
|
pulumi.set(__self__, "client_secret", client_secret)
|
52
62
|
if environment is not None:
|
53
63
|
pulumi.set(__self__, "environment", environment)
|
64
|
+
if identity_token_audience is not None:
|
65
|
+
pulumi.set(__self__, "identity_token_audience", identity_token_audience)
|
66
|
+
if identity_token_ttl is not None:
|
67
|
+
pulumi.set(__self__, "identity_token_ttl", identity_token_ttl)
|
54
68
|
if namespace is not None:
|
55
69
|
pulumi.set(__self__, "namespace", namespace)
|
56
70
|
|
@@ -133,13 +147,38 @@ class AuthBackendConfigArgs:
|
|
133
147
|
def environment(self, value: Optional[pulumi.Input[str]]):
|
134
148
|
pulumi.set(self, "environment", value)
|
135
149
|
|
150
|
+
@property
|
151
|
+
@pulumi.getter(name="identityTokenAudience")
|
152
|
+
def identity_token_audience(self) -> Optional[pulumi.Input[str]]:
|
153
|
+
"""
|
154
|
+
The audience claim value for plugin identity tokens. Requires Vault 1.17+.
|
155
|
+
*Available only for Vault Enterprise*
|
156
|
+
"""
|
157
|
+
return pulumi.get(self, "identity_token_audience")
|
158
|
+
|
159
|
+
@identity_token_audience.setter
|
160
|
+
def identity_token_audience(self, value: Optional[pulumi.Input[str]]):
|
161
|
+
pulumi.set(self, "identity_token_audience", value)
|
162
|
+
|
163
|
+
@property
|
164
|
+
@pulumi.getter(name="identityTokenTtl")
|
165
|
+
def identity_token_ttl(self) -> Optional[pulumi.Input[int]]:
|
166
|
+
"""
|
167
|
+
The TTL of generated identity tokens in seconds.
|
168
|
+
"""
|
169
|
+
return pulumi.get(self, "identity_token_ttl")
|
170
|
+
|
171
|
+
@identity_token_ttl.setter
|
172
|
+
def identity_token_ttl(self, value: Optional[pulumi.Input[int]]):
|
173
|
+
pulumi.set(self, "identity_token_ttl", value)
|
174
|
+
|
136
175
|
@property
|
137
176
|
@pulumi.getter
|
138
177
|
def namespace(self) -> Optional[pulumi.Input[str]]:
|
139
178
|
"""
|
140
179
|
The namespace to provision the resource in.
|
141
180
|
The value should not contain leading or trailing forward slashes.
|
142
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
181
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
143
182
|
*Available only for Vault Enterprise*.
|
144
183
|
"""
|
145
184
|
return pulumi.get(self, "namespace")
|
@@ -156,6 +195,8 @@ class _AuthBackendConfigState:
|
|
156
195
|
client_id: Optional[pulumi.Input[str]] = None,
|
157
196
|
client_secret: Optional[pulumi.Input[str]] = None,
|
158
197
|
environment: Optional[pulumi.Input[str]] = None,
|
198
|
+
identity_token_audience: Optional[pulumi.Input[str]] = None,
|
199
|
+
identity_token_ttl: Optional[pulumi.Input[int]] = None,
|
159
200
|
namespace: Optional[pulumi.Input[str]] = None,
|
160
201
|
resource: Optional[pulumi.Input[str]] = None,
|
161
202
|
tenant_id: Optional[pulumi.Input[str]] = None):
|
@@ -170,9 +211,12 @@ class _AuthBackendConfigState:
|
|
170
211
|
:param pulumi.Input[str] environment: The Azure cloud environment. Valid values:
|
171
212
|
AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud,
|
172
213
|
AzureGermanCloud. Defaults to `AzurePublicCloud`.
|
214
|
+
:param pulumi.Input[str] identity_token_audience: The audience claim value for plugin identity tokens. Requires Vault 1.17+.
|
215
|
+
*Available only for Vault Enterprise*
|
216
|
+
:param pulumi.Input[int] identity_token_ttl: The TTL of generated identity tokens in seconds.
|
173
217
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
174
218
|
The value should not contain leading or trailing forward slashes.
|
175
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
219
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
176
220
|
*Available only for Vault Enterprise*.
|
177
221
|
:param pulumi.Input[str] resource: The configured URL for the application registered in
|
178
222
|
Azure Active Directory.
|
@@ -187,6 +231,10 @@ class _AuthBackendConfigState:
|
|
187
231
|
pulumi.set(__self__, "client_secret", client_secret)
|
188
232
|
if environment is not None:
|
189
233
|
pulumi.set(__self__, "environment", environment)
|
234
|
+
if identity_token_audience is not None:
|
235
|
+
pulumi.set(__self__, "identity_token_audience", identity_token_audience)
|
236
|
+
if identity_token_ttl is not None:
|
237
|
+
pulumi.set(__self__, "identity_token_ttl", identity_token_ttl)
|
190
238
|
if namespace is not None:
|
191
239
|
pulumi.set(__self__, "namespace", namespace)
|
192
240
|
if resource is not None:
|
@@ -247,13 +295,38 @@ class _AuthBackendConfigState:
|
|
247
295
|
def environment(self, value: Optional[pulumi.Input[str]]):
|
248
296
|
pulumi.set(self, "environment", value)
|
249
297
|
|
298
|
+
@property
|
299
|
+
@pulumi.getter(name="identityTokenAudience")
|
300
|
+
def identity_token_audience(self) -> Optional[pulumi.Input[str]]:
|
301
|
+
"""
|
302
|
+
The audience claim value for plugin identity tokens. Requires Vault 1.17+.
|
303
|
+
*Available only for Vault Enterprise*
|
304
|
+
"""
|
305
|
+
return pulumi.get(self, "identity_token_audience")
|
306
|
+
|
307
|
+
@identity_token_audience.setter
|
308
|
+
def identity_token_audience(self, value: Optional[pulumi.Input[str]]):
|
309
|
+
pulumi.set(self, "identity_token_audience", value)
|
310
|
+
|
311
|
+
@property
|
312
|
+
@pulumi.getter(name="identityTokenTtl")
|
313
|
+
def identity_token_ttl(self) -> Optional[pulumi.Input[int]]:
|
314
|
+
"""
|
315
|
+
The TTL of generated identity tokens in seconds.
|
316
|
+
"""
|
317
|
+
return pulumi.get(self, "identity_token_ttl")
|
318
|
+
|
319
|
+
@identity_token_ttl.setter
|
320
|
+
def identity_token_ttl(self, value: Optional[pulumi.Input[int]]):
|
321
|
+
pulumi.set(self, "identity_token_ttl", value)
|
322
|
+
|
250
323
|
@property
|
251
324
|
@pulumi.getter
|
252
325
|
def namespace(self) -> Optional[pulumi.Input[str]]:
|
253
326
|
"""
|
254
327
|
The namespace to provision the resource in.
|
255
328
|
The value should not contain leading or trailing forward slashes.
|
256
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
329
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
257
330
|
*Available only for Vault Enterprise*.
|
258
331
|
"""
|
259
332
|
return pulumi.get(self, "namespace")
|
@@ -298,6 +371,8 @@ class AuthBackendConfig(pulumi.CustomResource):
|
|
298
371
|
client_id: Optional[pulumi.Input[str]] = None,
|
299
372
|
client_secret: Optional[pulumi.Input[str]] = None,
|
300
373
|
environment: Optional[pulumi.Input[str]] = None,
|
374
|
+
identity_token_audience: Optional[pulumi.Input[str]] = None,
|
375
|
+
identity_token_ttl: Optional[pulumi.Input[int]] = None,
|
301
376
|
namespace: Optional[pulumi.Input[str]] = None,
|
302
377
|
resource: Optional[pulumi.Input[str]] = None,
|
303
378
|
tenant_id: Optional[pulumi.Input[str]] = None,
|
@@ -305,20 +380,34 @@ class AuthBackendConfig(pulumi.CustomResource):
|
|
305
380
|
"""
|
306
381
|
## Example Usage
|
307
382
|
|
308
|
-
|
383
|
+
You can setup the Azure auth engine with Workload Identity Federation (WIF) for a secret-less configuration:
|
384
|
+
```python
|
385
|
+
import pulumi
|
386
|
+
import pulumi_vault as vault
|
387
|
+
|
388
|
+
example = vault.AuthBackend("example",
|
389
|
+
type="azure",
|
390
|
+
identity_token_key="example-key")
|
391
|
+
example_auth_backend_config = vault.azure.AuthBackendConfig("example",
|
392
|
+
backend=example.path,
|
393
|
+
tenant_id="11111111-2222-3333-4444-555555555555",
|
394
|
+
client_id="11111111-2222-3333-4444-555555555555",
|
395
|
+
identity_token_audience="<TOKEN_AUDIENCE>",
|
396
|
+
identity_token_ttl="<TOKEN_TTL>")
|
397
|
+
```
|
398
|
+
|
309
399
|
```python
|
310
400
|
import pulumi
|
311
401
|
import pulumi_vault as vault
|
312
402
|
|
313
|
-
|
314
|
-
example_auth_backend_config = vault.azure.AuthBackendConfig("
|
315
|
-
backend=
|
403
|
+
example = vault.AuthBackend("example", type="azure")
|
404
|
+
example_auth_backend_config = vault.azure.AuthBackendConfig("example",
|
405
|
+
backend=example.path,
|
316
406
|
tenant_id="11111111-2222-3333-4444-555555555555",
|
317
407
|
client_id="11111111-2222-3333-4444-555555555555",
|
318
408
|
client_secret="01234567890123456789",
|
319
409
|
resource="https://vault.hashicorp.com")
|
320
410
|
```
|
321
|
-
<!--End PulumiCodeChooser -->
|
322
411
|
|
323
412
|
## Import
|
324
413
|
|
@@ -339,9 +428,12 @@ class AuthBackendConfig(pulumi.CustomResource):
|
|
339
428
|
:param pulumi.Input[str] environment: The Azure cloud environment. Valid values:
|
340
429
|
AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud,
|
341
430
|
AzureGermanCloud. Defaults to `AzurePublicCloud`.
|
431
|
+
:param pulumi.Input[str] identity_token_audience: The audience claim value for plugin identity tokens. Requires Vault 1.17+.
|
432
|
+
*Available only for Vault Enterprise*
|
433
|
+
:param pulumi.Input[int] identity_token_ttl: The TTL of generated identity tokens in seconds.
|
342
434
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
343
435
|
The value should not contain leading or trailing forward slashes.
|
344
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
436
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
345
437
|
*Available only for Vault Enterprise*.
|
346
438
|
:param pulumi.Input[str] resource: The configured URL for the application registered in
|
347
439
|
Azure Active Directory.
|
@@ -357,20 +449,34 @@ class AuthBackendConfig(pulumi.CustomResource):
|
|
357
449
|
"""
|
358
450
|
## Example Usage
|
359
451
|
|
360
|
-
|
452
|
+
You can setup the Azure auth engine with Workload Identity Federation (WIF) for a secret-less configuration:
|
453
|
+
```python
|
454
|
+
import pulumi
|
455
|
+
import pulumi_vault as vault
|
456
|
+
|
457
|
+
example = vault.AuthBackend("example",
|
458
|
+
type="azure",
|
459
|
+
identity_token_key="example-key")
|
460
|
+
example_auth_backend_config = vault.azure.AuthBackendConfig("example",
|
461
|
+
backend=example.path,
|
462
|
+
tenant_id="11111111-2222-3333-4444-555555555555",
|
463
|
+
client_id="11111111-2222-3333-4444-555555555555",
|
464
|
+
identity_token_audience="<TOKEN_AUDIENCE>",
|
465
|
+
identity_token_ttl="<TOKEN_TTL>")
|
466
|
+
```
|
467
|
+
|
361
468
|
```python
|
362
469
|
import pulumi
|
363
470
|
import pulumi_vault as vault
|
364
471
|
|
365
|
-
|
366
|
-
example_auth_backend_config = vault.azure.AuthBackendConfig("
|
367
|
-
backend=
|
472
|
+
example = vault.AuthBackend("example", type="azure")
|
473
|
+
example_auth_backend_config = vault.azure.AuthBackendConfig("example",
|
474
|
+
backend=example.path,
|
368
475
|
tenant_id="11111111-2222-3333-4444-555555555555",
|
369
476
|
client_id="11111111-2222-3333-4444-555555555555",
|
370
477
|
client_secret="01234567890123456789",
|
371
478
|
resource="https://vault.hashicorp.com")
|
372
479
|
```
|
373
|
-
<!--End PulumiCodeChooser -->
|
374
480
|
|
375
481
|
## Import
|
376
482
|
|
@@ -399,6 +505,8 @@ class AuthBackendConfig(pulumi.CustomResource):
|
|
399
505
|
client_id: Optional[pulumi.Input[str]] = None,
|
400
506
|
client_secret: Optional[pulumi.Input[str]] = None,
|
401
507
|
environment: Optional[pulumi.Input[str]] = None,
|
508
|
+
identity_token_audience: Optional[pulumi.Input[str]] = None,
|
509
|
+
identity_token_ttl: Optional[pulumi.Input[int]] = None,
|
402
510
|
namespace: Optional[pulumi.Input[str]] = None,
|
403
511
|
resource: Optional[pulumi.Input[str]] = None,
|
404
512
|
tenant_id: Optional[pulumi.Input[str]] = None,
|
@@ -415,6 +523,8 @@ class AuthBackendConfig(pulumi.CustomResource):
|
|
415
523
|
__props__.__dict__["client_id"] = None if client_id is None else pulumi.Output.secret(client_id)
|
416
524
|
__props__.__dict__["client_secret"] = None if client_secret is None else pulumi.Output.secret(client_secret)
|
417
525
|
__props__.__dict__["environment"] = environment
|
526
|
+
__props__.__dict__["identity_token_audience"] = identity_token_audience
|
527
|
+
__props__.__dict__["identity_token_ttl"] = identity_token_ttl
|
418
528
|
__props__.__dict__["namespace"] = namespace
|
419
529
|
if resource is None and not opts.urn:
|
420
530
|
raise TypeError("Missing required property 'resource'")
|
@@ -438,6 +548,8 @@ class AuthBackendConfig(pulumi.CustomResource):
|
|
438
548
|
client_id: Optional[pulumi.Input[str]] = None,
|
439
549
|
client_secret: Optional[pulumi.Input[str]] = None,
|
440
550
|
environment: Optional[pulumi.Input[str]] = None,
|
551
|
+
identity_token_audience: Optional[pulumi.Input[str]] = None,
|
552
|
+
identity_token_ttl: Optional[pulumi.Input[int]] = None,
|
441
553
|
namespace: Optional[pulumi.Input[str]] = None,
|
442
554
|
resource: Optional[pulumi.Input[str]] = None,
|
443
555
|
tenant_id: Optional[pulumi.Input[str]] = None) -> 'AuthBackendConfig':
|
@@ -457,9 +569,12 @@ class AuthBackendConfig(pulumi.CustomResource):
|
|
457
569
|
:param pulumi.Input[str] environment: The Azure cloud environment. Valid values:
|
458
570
|
AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud,
|
459
571
|
AzureGermanCloud. Defaults to `AzurePublicCloud`.
|
572
|
+
:param pulumi.Input[str] identity_token_audience: The audience claim value for plugin identity tokens. Requires Vault 1.17+.
|
573
|
+
*Available only for Vault Enterprise*
|
574
|
+
:param pulumi.Input[int] identity_token_ttl: The TTL of generated identity tokens in seconds.
|
460
575
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
461
576
|
The value should not contain leading or trailing forward slashes.
|
462
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
577
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
463
578
|
*Available only for Vault Enterprise*.
|
464
579
|
:param pulumi.Input[str] resource: The configured URL for the application registered in
|
465
580
|
Azure Active Directory.
|
@@ -474,6 +589,8 @@ class AuthBackendConfig(pulumi.CustomResource):
|
|
474
589
|
__props__.__dict__["client_id"] = client_id
|
475
590
|
__props__.__dict__["client_secret"] = client_secret
|
476
591
|
__props__.__dict__["environment"] = environment
|
592
|
+
__props__.__dict__["identity_token_audience"] = identity_token_audience
|
593
|
+
__props__.__dict__["identity_token_ttl"] = identity_token_ttl
|
477
594
|
__props__.__dict__["namespace"] = namespace
|
478
595
|
__props__.__dict__["resource"] = resource
|
479
596
|
__props__.__dict__["tenant_id"] = tenant_id
|
@@ -516,13 +633,30 @@ class AuthBackendConfig(pulumi.CustomResource):
|
|
516
633
|
"""
|
517
634
|
return pulumi.get(self, "environment")
|
518
635
|
|
636
|
+
@property
|
637
|
+
@pulumi.getter(name="identityTokenAudience")
|
638
|
+
def identity_token_audience(self) -> pulumi.Output[Optional[str]]:
|
639
|
+
"""
|
640
|
+
The audience claim value for plugin identity tokens. Requires Vault 1.17+.
|
641
|
+
*Available only for Vault Enterprise*
|
642
|
+
"""
|
643
|
+
return pulumi.get(self, "identity_token_audience")
|
644
|
+
|
645
|
+
@property
|
646
|
+
@pulumi.getter(name="identityTokenTtl")
|
647
|
+
def identity_token_ttl(self) -> pulumi.Output[int]:
|
648
|
+
"""
|
649
|
+
The TTL of generated identity tokens in seconds.
|
650
|
+
"""
|
651
|
+
return pulumi.get(self, "identity_token_ttl")
|
652
|
+
|
519
653
|
@property
|
520
654
|
@pulumi.getter
|
521
655
|
def namespace(self) -> pulumi.Output[Optional[str]]:
|
522
656
|
"""
|
523
657
|
The namespace to provision the resource in.
|
524
658
|
The value should not contain leading or trailing forward slashes.
|
525
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
659
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
526
660
|
*Available only for Vault Enterprise*.
|
527
661
|
"""
|
528
662
|
return pulumi.get(self, "namespace")
|