pulumi-vault 5.21.0a1710160723__py3-none-any.whl → 6.5.0a1736836139__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +52 -0
- pulumi_vault/_inputs.py +560 -0
- pulumi_vault/_utilities.py +41 -5
- pulumi_vault/ad/get_access_credentials.py +22 -7
- pulumi_vault/ad/secret_backend.py +14 -144
- pulumi_vault/ad/secret_library.py +14 -11
- pulumi_vault/ad/secret_role.py +12 -11
- pulumi_vault/alicloud/auth_backend_role.py +74 -192
- pulumi_vault/approle/auth_backend_login.py +12 -11
- pulumi_vault/approle/auth_backend_role.py +75 -193
- pulumi_vault/approle/auth_backend_role_secret_id.py +106 -11
- pulumi_vault/approle/get_auth_backend_role_id.py +18 -9
- pulumi_vault/audit.py +24 -27
- pulumi_vault/audit_request_header.py +11 -6
- pulumi_vault/auth_backend.py +64 -12
- pulumi_vault/aws/auth_backend_cert.py +12 -7
- pulumi_vault/aws/auth_backend_client.py +265 -24
- pulumi_vault/aws/auth_backend_config_identity.py +12 -11
- pulumi_vault/aws/auth_backend_identity_whitelist.py +18 -17
- pulumi_vault/aws/auth_backend_login.py +19 -22
- pulumi_vault/aws/auth_backend_role.py +75 -193
- pulumi_vault/aws/auth_backend_role_tag.py +12 -7
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -17
- pulumi_vault/aws/auth_backend_sts_role.py +12 -11
- pulumi_vault/aws/get_access_credentials.py +34 -7
- pulumi_vault/aws/get_static_access_credentials.py +19 -5
- pulumi_vault/aws/secret_backend.py +75 -7
- pulumi_vault/aws/secret_backend_role.py +183 -11
- pulumi_vault/aws/secret_backend_static_role.py +14 -11
- pulumi_vault/azure/_inputs.py +24 -0
- pulumi_vault/azure/auth_backend_config.py +151 -17
- pulumi_vault/azure/auth_backend_role.py +75 -193
- pulumi_vault/azure/backend.py +223 -29
- pulumi_vault/azure/backend_role.py +42 -41
- pulumi_vault/azure/get_access_credentials.py +39 -11
- pulumi_vault/azure/outputs.py +5 -0
- pulumi_vault/cert_auth_backend_role.py +87 -271
- pulumi_vault/config/__init__.pyi +5 -0
- pulumi_vault/config/_inputs.py +73 -0
- pulumi_vault/config/outputs.py +35 -0
- pulumi_vault/config/ui_custom_message.py +529 -0
- pulumi_vault/config/vars.py +5 -0
- pulumi_vault/consul/secret_backend.py +22 -25
- pulumi_vault/consul/secret_backend_role.py +14 -80
- pulumi_vault/database/_inputs.py +2770 -881
- pulumi_vault/database/outputs.py +721 -838
- pulumi_vault/database/secret_backend_connection.py +117 -114
- pulumi_vault/database/secret_backend_role.py +29 -24
- pulumi_vault/database/secret_backend_static_role.py +85 -15
- pulumi_vault/database/secrets_mount.py +425 -138
- pulumi_vault/egp_policy.py +16 -15
- pulumi_vault/gcp/_inputs.py +111 -0
- pulumi_vault/gcp/auth_backend.py +248 -35
- pulumi_vault/gcp/auth_backend_role.py +75 -271
- pulumi_vault/gcp/get_auth_backend_role.py +43 -9
- pulumi_vault/gcp/outputs.py +5 -0
- pulumi_vault/gcp/secret_backend.py +287 -16
- pulumi_vault/gcp/secret_impersonated_account.py +74 -17
- pulumi_vault/gcp/secret_roleset.py +29 -26
- pulumi_vault/gcp/secret_static_account.py +37 -34
- pulumi_vault/generic/endpoint.py +22 -21
- pulumi_vault/generic/get_secret.py +68 -12
- pulumi_vault/generic/secret.py +19 -14
- pulumi_vault/get_auth_backend.py +24 -11
- pulumi_vault/get_auth_backends.py +33 -11
- pulumi_vault/get_namespace.py +226 -0
- pulumi_vault/get_namespaces.py +153 -0
- pulumi_vault/get_nomad_access_token.py +31 -15
- pulumi_vault/get_policy_document.py +34 -23
- pulumi_vault/get_raft_autopilot_state.py +29 -14
- pulumi_vault/github/_inputs.py +55 -0
- pulumi_vault/github/auth_backend.py +17 -16
- pulumi_vault/github/outputs.py +5 -0
- pulumi_vault/github/team.py +14 -13
- pulumi_vault/github/user.py +14 -13
- pulumi_vault/identity/entity.py +18 -15
- pulumi_vault/identity/entity_alias.py +18 -15
- pulumi_vault/identity/entity_policies.py +24 -19
- pulumi_vault/identity/get_entity.py +40 -14
- pulumi_vault/identity/get_group.py +45 -13
- pulumi_vault/identity/get_oidc_client_creds.py +21 -11
- pulumi_vault/identity/get_oidc_openid_config.py +39 -13
- pulumi_vault/identity/get_oidc_public_keys.py +29 -14
- pulumi_vault/identity/group.py +50 -49
- pulumi_vault/identity/group_alias.py +14 -11
- pulumi_vault/identity/group_member_entity_ids.py +24 -74
- pulumi_vault/identity/group_member_group_ids.py +36 -27
- pulumi_vault/identity/group_policies.py +16 -15
- pulumi_vault/identity/mfa_duo.py +9 -8
- pulumi_vault/identity/mfa_login_enforcement.py +13 -8
- pulumi_vault/identity/mfa_okta.py +9 -8
- pulumi_vault/identity/mfa_pingid.py +5 -4
- pulumi_vault/identity/mfa_totp.py +5 -4
- pulumi_vault/identity/oidc.py +12 -11
- pulumi_vault/identity/oidc_assignment.py +22 -13
- pulumi_vault/identity/oidc_client.py +34 -25
- pulumi_vault/identity/oidc_key.py +28 -19
- pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -19
- pulumi_vault/identity/oidc_provider.py +34 -23
- pulumi_vault/identity/oidc_role.py +40 -27
- pulumi_vault/identity/oidc_scope.py +18 -15
- pulumi_vault/identity/outputs.py +8 -3
- pulumi_vault/jwt/_inputs.py +55 -0
- pulumi_vault/jwt/auth_backend.py +39 -46
- pulumi_vault/jwt/auth_backend_role.py +131 -260
- pulumi_vault/jwt/outputs.py +5 -0
- pulumi_vault/kmip/secret_backend.py +22 -21
- pulumi_vault/kmip/secret_role.py +12 -11
- pulumi_vault/kmip/secret_scope.py +12 -11
- pulumi_vault/kubernetes/auth_backend_config.py +55 -7
- pulumi_vault/kubernetes/auth_backend_role.py +68 -179
- pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
- pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
- pulumi_vault/kubernetes/get_service_account_token.py +39 -15
- pulumi_vault/kubernetes/secret_backend.py +314 -29
- pulumi_vault/kubernetes/secret_backend_role.py +135 -56
- pulumi_vault/kv/_inputs.py +36 -4
- pulumi_vault/kv/get_secret.py +23 -12
- pulumi_vault/kv/get_secret_subkeys_v2.py +31 -14
- pulumi_vault/kv/get_secret_v2.py +89 -9
- pulumi_vault/kv/get_secrets_list.py +22 -15
- pulumi_vault/kv/get_secrets_list_v2.py +35 -19
- pulumi_vault/kv/outputs.py +8 -3
- pulumi_vault/kv/secret.py +19 -18
- pulumi_vault/kv/secret_backend_v2.py +12 -11
- pulumi_vault/kv/secret_v2.py +55 -52
- pulumi_vault/ldap/auth_backend.py +125 -168
- pulumi_vault/ldap/auth_backend_group.py +12 -11
- pulumi_vault/ldap/auth_backend_user.py +12 -11
- pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
- pulumi_vault/ldap/get_static_credentials.py +24 -5
- pulumi_vault/ldap/secret_backend.py +352 -84
- pulumi_vault/ldap/secret_backend_dynamic_role.py +12 -11
- pulumi_vault/ldap/secret_backend_library_set.py +14 -11
- pulumi_vault/ldap/secret_backend_static_role.py +67 -12
- pulumi_vault/managed/_inputs.py +289 -132
- pulumi_vault/managed/keys.py +27 -43
- pulumi_vault/managed/outputs.py +89 -132
- pulumi_vault/mfa_duo.py +16 -13
- pulumi_vault/mfa_okta.py +16 -13
- pulumi_vault/mfa_pingid.py +16 -13
- pulumi_vault/mfa_totp.py +22 -19
- pulumi_vault/mongodbatlas/secret_backend.py +18 -17
- pulumi_vault/mongodbatlas/secret_role.py +41 -38
- pulumi_vault/mount.py +389 -65
- pulumi_vault/namespace.py +26 -21
- pulumi_vault/nomad_secret_backend.py +16 -15
- pulumi_vault/nomad_secret_role.py +12 -11
- pulumi_vault/okta/_inputs.py +47 -8
- pulumi_vault/okta/auth_backend.py +483 -41
- pulumi_vault/okta/auth_backend_group.py +12 -11
- pulumi_vault/okta/auth_backend_user.py +12 -11
- pulumi_vault/okta/outputs.py +13 -8
- pulumi_vault/outputs.py +5 -0
- pulumi_vault/password_policy.py +18 -15
- pulumi_vault/pkisecret/__init__.py +3 -0
- pulumi_vault/pkisecret/_inputs.py +81 -0
- pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
- pulumi_vault/pkisecret/backend_config_est.py +619 -0
- pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
- pulumi_vault/pkisecret/get_backend_issuer.py +63 -7
- pulumi_vault/pkisecret/get_backend_issuers.py +21 -12
- pulumi_vault/pkisecret/get_backend_key.py +24 -13
- pulumi_vault/pkisecret/get_backend_keys.py +21 -12
- pulumi_vault/pkisecret/outputs.py +69 -0
- pulumi_vault/pkisecret/secret_backend_cert.py +18 -15
- pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -15
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +12 -11
- pulumi_vault/pkisecret/secret_backend_config_urls.py +59 -11
- pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -13
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -15
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -21
- pulumi_vault/pkisecret/secret_backend_issuer.py +12 -11
- pulumi_vault/pkisecret/secret_backend_key.py +12 -7
- pulumi_vault/pkisecret/secret_backend_role.py +19 -16
- pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -52
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -62
- pulumi_vault/pkisecret/secret_backend_sign.py +18 -60
- pulumi_vault/plugin.py +595 -0
- pulumi_vault/plugin_pinned_version.py +298 -0
- pulumi_vault/policy.py +12 -7
- pulumi_vault/provider.py +48 -53
- pulumi_vault/pulumi-plugin.json +2 -1
- pulumi_vault/quota_lease_count.py +58 -8
- pulumi_vault/quota_rate_limit.py +54 -4
- pulumi_vault/rabbitmq/_inputs.py +61 -0
- pulumi_vault/rabbitmq/outputs.py +5 -0
- pulumi_vault/rabbitmq/secret_backend.py +16 -15
- pulumi_vault/rabbitmq/secret_backend_role.py +52 -49
- pulumi_vault/raft_autopilot.py +12 -11
- pulumi_vault/raft_snapshot_agent_config.py +121 -311
- pulumi_vault/rgp_policy.py +14 -13
- pulumi_vault/saml/auth_backend.py +20 -19
- pulumi_vault/saml/auth_backend_role.py +90 -199
- pulumi_vault/secrets/__init__.py +3 -0
- pulumi_vault/secrets/_inputs.py +110 -0
- pulumi_vault/secrets/outputs.py +94 -0
- pulumi_vault/secrets/sync_association.py +56 -75
- pulumi_vault/secrets/sync_aws_destination.py +240 -29
- pulumi_vault/secrets/sync_azure_destination.py +90 -33
- pulumi_vault/secrets/sync_config.py +7 -6
- pulumi_vault/secrets/sync_gcp_destination.py +156 -27
- pulumi_vault/secrets/sync_gh_destination.py +187 -15
- pulumi_vault/secrets/sync_github_apps.py +375 -0
- pulumi_vault/secrets/sync_vercel_destination.py +72 -15
- pulumi_vault/ssh/_inputs.py +28 -32
- pulumi_vault/ssh/outputs.py +11 -32
- pulumi_vault/ssh/secret_backend_ca.py +106 -11
- pulumi_vault/ssh/secret_backend_role.py +83 -120
- pulumi_vault/terraformcloud/secret_backend.py +5 -56
- pulumi_vault/terraformcloud/secret_creds.py +14 -24
- pulumi_vault/terraformcloud/secret_role.py +14 -76
- pulumi_vault/token.py +26 -25
- pulumi_vault/tokenauth/auth_backend_role.py +76 -201
- pulumi_vault/transform/alphabet.py +16 -13
- pulumi_vault/transform/get_decode.py +45 -21
- pulumi_vault/transform/get_encode.py +45 -21
- pulumi_vault/transform/role.py +16 -13
- pulumi_vault/transform/template.py +30 -25
- pulumi_vault/transform/transformation.py +12 -7
- pulumi_vault/transit/get_decrypt.py +26 -25
- pulumi_vault/transit/get_encrypt.py +24 -19
- pulumi_vault/transit/secret_backend_key.py +25 -97
- pulumi_vault/transit/secret_cache_config.py +12 -11
- {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/METADATA +8 -7
- pulumi_vault-6.5.0a1736836139.dist-info/RECORD +256 -0
- {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/WHEEL +1 -1
- pulumi_vault-5.21.0a1710160723.dist-info/RECORD +0 -244
- {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/top_level.txt +0 -0
pulumi_vault/azure/backend.py
CHANGED
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
|
12
17
|
__all__ = ['BackendArgs', 'Backend']
|
@@ -21,6 +26,9 @@ class BackendArgs:
|
|
21
26
|
description: Optional[pulumi.Input[str]] = None,
|
22
27
|
disable_remount: Optional[pulumi.Input[bool]] = None,
|
23
28
|
environment: Optional[pulumi.Input[str]] = None,
|
29
|
+
identity_token_audience: Optional[pulumi.Input[str]] = None,
|
30
|
+
identity_token_key: Optional[pulumi.Input[str]] = None,
|
31
|
+
identity_token_ttl: Optional[pulumi.Input[int]] = None,
|
24
32
|
namespace: Optional[pulumi.Input[str]] = None,
|
25
33
|
path: Optional[pulumi.Input[str]] = None,
|
26
34
|
use_microsoft_graph_api: Optional[pulumi.Input[bool]] = None):
|
@@ -34,9 +42,15 @@ class BackendArgs:
|
|
34
42
|
:param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
|
35
43
|
See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
|
36
44
|
:param pulumi.Input[str] environment: The Azure environment.
|
45
|
+
:param pulumi.Input[str] identity_token_audience: The audience claim value. Requires Vault 1.17+.
|
46
|
+
*Available only for Vault Enterprise*
|
47
|
+
:param pulumi.Input[str] identity_token_key: The key to use for signing identity tokens. Requires Vault 1.17+.
|
48
|
+
*Available only for Vault Enterprise*
|
49
|
+
:param pulumi.Input[int] identity_token_ttl: The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
|
50
|
+
*Available only for Vault Enterprise*
|
37
51
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
38
52
|
The value should not contain leading or trailing forward slashes.
|
39
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
53
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
40
54
|
*Available only for Vault Enterprise*.
|
41
55
|
:param pulumi.Input[str] path: The unique path this backend should be mounted at. Defaults to `azure`.
|
42
56
|
:param pulumi.Input[bool] use_microsoft_graph_api: Use the Microsoft Graph API. Should be set to true on vault-1.10+
|
@@ -53,10 +67,19 @@ class BackendArgs:
|
|
53
67
|
pulumi.set(__self__, "disable_remount", disable_remount)
|
54
68
|
if environment is not None:
|
55
69
|
pulumi.set(__self__, "environment", environment)
|
70
|
+
if identity_token_audience is not None:
|
71
|
+
pulumi.set(__self__, "identity_token_audience", identity_token_audience)
|
72
|
+
if identity_token_key is not None:
|
73
|
+
pulumi.set(__self__, "identity_token_key", identity_token_key)
|
74
|
+
if identity_token_ttl is not None:
|
75
|
+
pulumi.set(__self__, "identity_token_ttl", identity_token_ttl)
|
56
76
|
if namespace is not None:
|
57
77
|
pulumi.set(__self__, "namespace", namespace)
|
58
78
|
if path is not None:
|
59
79
|
pulumi.set(__self__, "path", path)
|
80
|
+
if use_microsoft_graph_api is not None:
|
81
|
+
warnings.warn("""This field is not supported in Vault-1.12+ and is the default behavior. This field will be removed in future version of the provider.""", DeprecationWarning)
|
82
|
+
pulumi.log.warn("""use_microsoft_graph_api is deprecated: This field is not supported in Vault-1.12+ and is the default behavior. This field will be removed in future version of the provider.""")
|
60
83
|
if use_microsoft_graph_api is not None:
|
61
84
|
pulumi.set(__self__, "use_microsoft_graph_api", use_microsoft_graph_api)
|
62
85
|
|
@@ -145,13 +168,52 @@ class BackendArgs:
|
|
145
168
|
def environment(self, value: Optional[pulumi.Input[str]]):
|
146
169
|
pulumi.set(self, "environment", value)
|
147
170
|
|
171
|
+
@property
|
172
|
+
@pulumi.getter(name="identityTokenAudience")
|
173
|
+
def identity_token_audience(self) -> Optional[pulumi.Input[str]]:
|
174
|
+
"""
|
175
|
+
The audience claim value. Requires Vault 1.17+.
|
176
|
+
*Available only for Vault Enterprise*
|
177
|
+
"""
|
178
|
+
return pulumi.get(self, "identity_token_audience")
|
179
|
+
|
180
|
+
@identity_token_audience.setter
|
181
|
+
def identity_token_audience(self, value: Optional[pulumi.Input[str]]):
|
182
|
+
pulumi.set(self, "identity_token_audience", value)
|
183
|
+
|
184
|
+
@property
|
185
|
+
@pulumi.getter(name="identityTokenKey")
|
186
|
+
def identity_token_key(self) -> Optional[pulumi.Input[str]]:
|
187
|
+
"""
|
188
|
+
The key to use for signing identity tokens. Requires Vault 1.17+.
|
189
|
+
*Available only for Vault Enterprise*
|
190
|
+
"""
|
191
|
+
return pulumi.get(self, "identity_token_key")
|
192
|
+
|
193
|
+
@identity_token_key.setter
|
194
|
+
def identity_token_key(self, value: Optional[pulumi.Input[str]]):
|
195
|
+
pulumi.set(self, "identity_token_key", value)
|
196
|
+
|
197
|
+
@property
|
198
|
+
@pulumi.getter(name="identityTokenTtl")
|
199
|
+
def identity_token_ttl(self) -> Optional[pulumi.Input[int]]:
|
200
|
+
"""
|
201
|
+
The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
|
202
|
+
*Available only for Vault Enterprise*
|
203
|
+
"""
|
204
|
+
return pulumi.get(self, "identity_token_ttl")
|
205
|
+
|
206
|
+
@identity_token_ttl.setter
|
207
|
+
def identity_token_ttl(self, value: Optional[pulumi.Input[int]]):
|
208
|
+
pulumi.set(self, "identity_token_ttl", value)
|
209
|
+
|
148
210
|
@property
|
149
211
|
@pulumi.getter
|
150
212
|
def namespace(self) -> Optional[pulumi.Input[str]]:
|
151
213
|
"""
|
152
214
|
The namespace to provision the resource in.
|
153
215
|
The value should not contain leading or trailing forward slashes.
|
154
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
216
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
155
217
|
*Available only for Vault Enterprise*.
|
156
218
|
"""
|
157
219
|
return pulumi.get(self, "namespace")
|
@@ -174,6 +236,7 @@ class BackendArgs:
|
|
174
236
|
|
175
237
|
@property
|
176
238
|
@pulumi.getter(name="useMicrosoftGraphApi")
|
239
|
+
@_utilities.deprecated("""This field is not supported in Vault-1.12+ and is the default behavior. This field will be removed in future version of the provider.""")
|
177
240
|
def use_microsoft_graph_api(self) -> Optional[pulumi.Input[bool]]:
|
178
241
|
"""
|
179
242
|
Use the Microsoft Graph API. Should be set to true on vault-1.10+
|
@@ -193,6 +256,9 @@ class _BackendState:
|
|
193
256
|
description: Optional[pulumi.Input[str]] = None,
|
194
257
|
disable_remount: Optional[pulumi.Input[bool]] = None,
|
195
258
|
environment: Optional[pulumi.Input[str]] = None,
|
259
|
+
identity_token_audience: Optional[pulumi.Input[str]] = None,
|
260
|
+
identity_token_key: Optional[pulumi.Input[str]] = None,
|
261
|
+
identity_token_ttl: Optional[pulumi.Input[int]] = None,
|
196
262
|
namespace: Optional[pulumi.Input[str]] = None,
|
197
263
|
path: Optional[pulumi.Input[str]] = None,
|
198
264
|
subscription_id: Optional[pulumi.Input[str]] = None,
|
@@ -206,9 +272,15 @@ class _BackendState:
|
|
206
272
|
:param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
|
207
273
|
See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
|
208
274
|
:param pulumi.Input[str] environment: The Azure environment.
|
275
|
+
:param pulumi.Input[str] identity_token_audience: The audience claim value. Requires Vault 1.17+.
|
276
|
+
*Available only for Vault Enterprise*
|
277
|
+
:param pulumi.Input[str] identity_token_key: The key to use for signing identity tokens. Requires Vault 1.17+.
|
278
|
+
*Available only for Vault Enterprise*
|
279
|
+
:param pulumi.Input[int] identity_token_ttl: The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
|
280
|
+
*Available only for Vault Enterprise*
|
209
281
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
210
282
|
The value should not contain leading or trailing forward slashes.
|
211
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
283
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
212
284
|
*Available only for Vault Enterprise*.
|
213
285
|
:param pulumi.Input[str] path: The unique path this backend should be mounted at. Defaults to `azure`.
|
214
286
|
:param pulumi.Input[str] subscription_id: The subscription id for the Azure Active Directory.
|
@@ -225,6 +297,12 @@ class _BackendState:
|
|
225
297
|
pulumi.set(__self__, "disable_remount", disable_remount)
|
226
298
|
if environment is not None:
|
227
299
|
pulumi.set(__self__, "environment", environment)
|
300
|
+
if identity_token_audience is not None:
|
301
|
+
pulumi.set(__self__, "identity_token_audience", identity_token_audience)
|
302
|
+
if identity_token_key is not None:
|
303
|
+
pulumi.set(__self__, "identity_token_key", identity_token_key)
|
304
|
+
if identity_token_ttl is not None:
|
305
|
+
pulumi.set(__self__, "identity_token_ttl", identity_token_ttl)
|
228
306
|
if namespace is not None:
|
229
307
|
pulumi.set(__self__, "namespace", namespace)
|
230
308
|
if path is not None:
|
@@ -233,6 +311,9 @@ class _BackendState:
|
|
233
311
|
pulumi.set(__self__, "subscription_id", subscription_id)
|
234
312
|
if tenant_id is not None:
|
235
313
|
pulumi.set(__self__, "tenant_id", tenant_id)
|
314
|
+
if use_microsoft_graph_api is not None:
|
315
|
+
warnings.warn("""This field is not supported in Vault-1.12+ and is the default behavior. This field will be removed in future version of the provider.""", DeprecationWarning)
|
316
|
+
pulumi.log.warn("""use_microsoft_graph_api is deprecated: This field is not supported in Vault-1.12+ and is the default behavior. This field will be removed in future version of the provider.""")
|
236
317
|
if use_microsoft_graph_api is not None:
|
237
318
|
pulumi.set(__self__, "use_microsoft_graph_api", use_microsoft_graph_api)
|
238
319
|
|
@@ -297,13 +378,52 @@ class _BackendState:
|
|
297
378
|
def environment(self, value: Optional[pulumi.Input[str]]):
|
298
379
|
pulumi.set(self, "environment", value)
|
299
380
|
|
381
|
+
@property
|
382
|
+
@pulumi.getter(name="identityTokenAudience")
|
383
|
+
def identity_token_audience(self) -> Optional[pulumi.Input[str]]:
|
384
|
+
"""
|
385
|
+
The audience claim value. Requires Vault 1.17+.
|
386
|
+
*Available only for Vault Enterprise*
|
387
|
+
"""
|
388
|
+
return pulumi.get(self, "identity_token_audience")
|
389
|
+
|
390
|
+
@identity_token_audience.setter
|
391
|
+
def identity_token_audience(self, value: Optional[pulumi.Input[str]]):
|
392
|
+
pulumi.set(self, "identity_token_audience", value)
|
393
|
+
|
394
|
+
@property
|
395
|
+
@pulumi.getter(name="identityTokenKey")
|
396
|
+
def identity_token_key(self) -> Optional[pulumi.Input[str]]:
|
397
|
+
"""
|
398
|
+
The key to use for signing identity tokens. Requires Vault 1.17+.
|
399
|
+
*Available only for Vault Enterprise*
|
400
|
+
"""
|
401
|
+
return pulumi.get(self, "identity_token_key")
|
402
|
+
|
403
|
+
@identity_token_key.setter
|
404
|
+
def identity_token_key(self, value: Optional[pulumi.Input[str]]):
|
405
|
+
pulumi.set(self, "identity_token_key", value)
|
406
|
+
|
407
|
+
@property
|
408
|
+
@pulumi.getter(name="identityTokenTtl")
|
409
|
+
def identity_token_ttl(self) -> Optional[pulumi.Input[int]]:
|
410
|
+
"""
|
411
|
+
The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
|
412
|
+
*Available only for Vault Enterprise*
|
413
|
+
"""
|
414
|
+
return pulumi.get(self, "identity_token_ttl")
|
415
|
+
|
416
|
+
@identity_token_ttl.setter
|
417
|
+
def identity_token_ttl(self, value: Optional[pulumi.Input[int]]):
|
418
|
+
pulumi.set(self, "identity_token_ttl", value)
|
419
|
+
|
300
420
|
@property
|
301
421
|
@pulumi.getter
|
302
422
|
def namespace(self) -> Optional[pulumi.Input[str]]:
|
303
423
|
"""
|
304
424
|
The namespace to provision the resource in.
|
305
425
|
The value should not contain leading or trailing forward slashes.
|
306
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
426
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
307
427
|
*Available only for Vault Enterprise*.
|
308
428
|
"""
|
309
429
|
return pulumi.get(self, "namespace")
|
@@ -350,6 +470,7 @@ class _BackendState:
|
|
350
470
|
|
351
471
|
@property
|
352
472
|
@pulumi.getter(name="useMicrosoftGraphApi")
|
473
|
+
@_utilities.deprecated("""This field is not supported in Vault-1.12+ and is the default behavior. This field will be removed in future version of the provider.""")
|
353
474
|
def use_microsoft_graph_api(self) -> Optional[pulumi.Input[bool]]:
|
354
475
|
"""
|
355
476
|
Use the Microsoft Graph API. Should be set to true on vault-1.10+
|
@@ -371,6 +492,9 @@ class Backend(pulumi.CustomResource):
|
|
371
492
|
description: Optional[pulumi.Input[str]] = None,
|
372
493
|
disable_remount: Optional[pulumi.Input[bool]] = None,
|
373
494
|
environment: Optional[pulumi.Input[str]] = None,
|
495
|
+
identity_token_audience: Optional[pulumi.Input[str]] = None,
|
496
|
+
identity_token_key: Optional[pulumi.Input[str]] = None,
|
497
|
+
identity_token_ttl: Optional[pulumi.Input[int]] = None,
|
374
498
|
namespace: Optional[pulumi.Input[str]] = None,
|
375
499
|
path: Optional[pulumi.Input[str]] = None,
|
376
500
|
subscription_id: Optional[pulumi.Input[str]] = None,
|
@@ -382,37 +506,46 @@ class Backend(pulumi.CustomResource):
|
|
382
506
|
|
383
507
|
### *Vault-1.9 And Above*
|
384
508
|
|
385
|
-
|
509
|
+
You can setup the Azure secrets engine with Workload Identity Federation (WIF) for a secret-less configuration:
|
386
510
|
```python
|
387
511
|
import pulumi
|
388
512
|
import pulumi_vault as vault
|
389
513
|
|
390
514
|
azure = vault.azure.Backend("azure",
|
515
|
+
subscription_id="11111111-2222-3333-4444-111111111111",
|
516
|
+
tenant_id="11111111-2222-3333-4444-222222222222",
|
391
517
|
client_id="11111111-2222-3333-4444-333333333333",
|
392
|
-
|
393
|
-
|
518
|
+
identity_token_audience="<TOKEN_AUDIENCE>",
|
519
|
+
identity_token_ttl="<TOKEN_TTL>")
|
520
|
+
```
|
521
|
+
|
522
|
+
```python
|
523
|
+
import pulumi
|
524
|
+
import pulumi_vault as vault
|
525
|
+
|
526
|
+
azure = vault.azure.Backend("azure",
|
527
|
+
use_microsoft_graph_api=True,
|
394
528
|
subscription_id="11111111-2222-3333-4444-111111111111",
|
395
529
|
tenant_id="11111111-2222-3333-4444-222222222222",
|
396
|
-
|
530
|
+
client_id="11111111-2222-3333-4444-333333333333",
|
531
|
+
client_secret="12345678901234567890",
|
532
|
+
environment="AzurePublicCloud")
|
397
533
|
```
|
398
|
-
<!--End PulumiCodeChooser -->
|
399
534
|
|
400
535
|
### *Vault-1.8 And Below*
|
401
536
|
|
402
|
-
<!--Start PulumiCodeChooser -->
|
403
537
|
```python
|
404
538
|
import pulumi
|
405
539
|
import pulumi_vault as vault
|
406
540
|
|
407
541
|
azure = vault.azure.Backend("azure",
|
408
|
-
|
409
|
-
client_secret="12345678901234567890",
|
410
|
-
environment="AzurePublicCloud",
|
542
|
+
use_microsoft_graph_api=False,
|
411
543
|
subscription_id="11111111-2222-3333-4444-111111111111",
|
412
544
|
tenant_id="11111111-2222-3333-4444-222222222222",
|
413
|
-
|
545
|
+
client_id="11111111-2222-3333-4444-333333333333",
|
546
|
+
client_secret="12345678901234567890",
|
547
|
+
environment="AzurePublicCloud")
|
414
548
|
```
|
415
|
-
<!--End PulumiCodeChooser -->
|
416
549
|
|
417
550
|
:param str resource_name: The name of the resource.
|
418
551
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
@@ -422,9 +555,15 @@ class Backend(pulumi.CustomResource):
|
|
422
555
|
:param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
|
423
556
|
See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
|
424
557
|
:param pulumi.Input[str] environment: The Azure environment.
|
558
|
+
:param pulumi.Input[str] identity_token_audience: The audience claim value. Requires Vault 1.17+.
|
559
|
+
*Available only for Vault Enterprise*
|
560
|
+
:param pulumi.Input[str] identity_token_key: The key to use for signing identity tokens. Requires Vault 1.17+.
|
561
|
+
*Available only for Vault Enterprise*
|
562
|
+
:param pulumi.Input[int] identity_token_ttl: The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
|
563
|
+
*Available only for Vault Enterprise*
|
425
564
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
426
565
|
The value should not contain leading or trailing forward slashes.
|
427
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
566
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
428
567
|
*Available only for Vault Enterprise*.
|
429
568
|
:param pulumi.Input[str] path: The unique path this backend should be mounted at. Defaults to `azure`.
|
430
569
|
:param pulumi.Input[str] subscription_id: The subscription id for the Azure Active Directory.
|
@@ -442,37 +581,46 @@ class Backend(pulumi.CustomResource):
|
|
442
581
|
|
443
582
|
### *Vault-1.9 And Above*
|
444
583
|
|
445
|
-
|
584
|
+
You can setup the Azure secrets engine with Workload Identity Federation (WIF) for a secret-less configuration:
|
446
585
|
```python
|
447
586
|
import pulumi
|
448
587
|
import pulumi_vault as vault
|
449
588
|
|
450
589
|
azure = vault.azure.Backend("azure",
|
590
|
+
subscription_id="11111111-2222-3333-4444-111111111111",
|
591
|
+
tenant_id="11111111-2222-3333-4444-222222222222",
|
451
592
|
client_id="11111111-2222-3333-4444-333333333333",
|
452
|
-
|
453
|
-
|
593
|
+
identity_token_audience="<TOKEN_AUDIENCE>",
|
594
|
+
identity_token_ttl="<TOKEN_TTL>")
|
595
|
+
```
|
596
|
+
|
597
|
+
```python
|
598
|
+
import pulumi
|
599
|
+
import pulumi_vault as vault
|
600
|
+
|
601
|
+
azure = vault.azure.Backend("azure",
|
602
|
+
use_microsoft_graph_api=True,
|
454
603
|
subscription_id="11111111-2222-3333-4444-111111111111",
|
455
604
|
tenant_id="11111111-2222-3333-4444-222222222222",
|
456
|
-
|
605
|
+
client_id="11111111-2222-3333-4444-333333333333",
|
606
|
+
client_secret="12345678901234567890",
|
607
|
+
environment="AzurePublicCloud")
|
457
608
|
```
|
458
|
-
<!--End PulumiCodeChooser -->
|
459
609
|
|
460
610
|
### *Vault-1.8 And Below*
|
461
611
|
|
462
|
-
<!--Start PulumiCodeChooser -->
|
463
612
|
```python
|
464
613
|
import pulumi
|
465
614
|
import pulumi_vault as vault
|
466
615
|
|
467
616
|
azure = vault.azure.Backend("azure",
|
468
|
-
|
469
|
-
client_secret="12345678901234567890",
|
470
|
-
environment="AzurePublicCloud",
|
617
|
+
use_microsoft_graph_api=False,
|
471
618
|
subscription_id="11111111-2222-3333-4444-111111111111",
|
472
619
|
tenant_id="11111111-2222-3333-4444-222222222222",
|
473
|
-
|
620
|
+
client_id="11111111-2222-3333-4444-333333333333",
|
621
|
+
client_secret="12345678901234567890",
|
622
|
+
environment="AzurePublicCloud")
|
474
623
|
```
|
475
|
-
<!--End PulumiCodeChooser -->
|
476
624
|
|
477
625
|
:param str resource_name: The name of the resource.
|
478
626
|
:param BackendArgs args: The arguments to use to populate this resource's properties.
|
@@ -494,6 +642,9 @@ class Backend(pulumi.CustomResource):
|
|
494
642
|
description: Optional[pulumi.Input[str]] = None,
|
495
643
|
disable_remount: Optional[pulumi.Input[bool]] = None,
|
496
644
|
environment: Optional[pulumi.Input[str]] = None,
|
645
|
+
identity_token_audience: Optional[pulumi.Input[str]] = None,
|
646
|
+
identity_token_key: Optional[pulumi.Input[str]] = None,
|
647
|
+
identity_token_ttl: Optional[pulumi.Input[int]] = None,
|
497
648
|
namespace: Optional[pulumi.Input[str]] = None,
|
498
649
|
path: Optional[pulumi.Input[str]] = None,
|
499
650
|
subscription_id: Optional[pulumi.Input[str]] = None,
|
@@ -513,6 +664,9 @@ class Backend(pulumi.CustomResource):
|
|
513
664
|
__props__.__dict__["description"] = description
|
514
665
|
__props__.__dict__["disable_remount"] = disable_remount
|
515
666
|
__props__.__dict__["environment"] = environment
|
667
|
+
__props__.__dict__["identity_token_audience"] = identity_token_audience
|
668
|
+
__props__.__dict__["identity_token_key"] = identity_token_key
|
669
|
+
__props__.__dict__["identity_token_ttl"] = identity_token_ttl
|
516
670
|
__props__.__dict__["namespace"] = namespace
|
517
671
|
__props__.__dict__["path"] = path
|
518
672
|
if subscription_id is None and not opts.urn:
|
@@ -539,6 +693,9 @@ class Backend(pulumi.CustomResource):
|
|
539
693
|
description: Optional[pulumi.Input[str]] = None,
|
540
694
|
disable_remount: Optional[pulumi.Input[bool]] = None,
|
541
695
|
environment: Optional[pulumi.Input[str]] = None,
|
696
|
+
identity_token_audience: Optional[pulumi.Input[str]] = None,
|
697
|
+
identity_token_key: Optional[pulumi.Input[str]] = None,
|
698
|
+
identity_token_ttl: Optional[pulumi.Input[int]] = None,
|
542
699
|
namespace: Optional[pulumi.Input[str]] = None,
|
543
700
|
path: Optional[pulumi.Input[str]] = None,
|
544
701
|
subscription_id: Optional[pulumi.Input[str]] = None,
|
@@ -557,9 +714,15 @@ class Backend(pulumi.CustomResource):
|
|
557
714
|
:param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
|
558
715
|
See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
|
559
716
|
:param pulumi.Input[str] environment: The Azure environment.
|
717
|
+
:param pulumi.Input[str] identity_token_audience: The audience claim value. Requires Vault 1.17+.
|
718
|
+
*Available only for Vault Enterprise*
|
719
|
+
:param pulumi.Input[str] identity_token_key: The key to use for signing identity tokens. Requires Vault 1.17+.
|
720
|
+
*Available only for Vault Enterprise*
|
721
|
+
:param pulumi.Input[int] identity_token_ttl: The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
|
722
|
+
*Available only for Vault Enterprise*
|
560
723
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
561
724
|
The value should not contain leading or trailing forward slashes.
|
562
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
725
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
563
726
|
*Available only for Vault Enterprise*.
|
564
727
|
:param pulumi.Input[str] path: The unique path this backend should be mounted at. Defaults to `azure`.
|
565
728
|
:param pulumi.Input[str] subscription_id: The subscription id for the Azure Active Directory.
|
@@ -575,6 +738,9 @@ class Backend(pulumi.CustomResource):
|
|
575
738
|
__props__.__dict__["description"] = description
|
576
739
|
__props__.__dict__["disable_remount"] = disable_remount
|
577
740
|
__props__.__dict__["environment"] = environment
|
741
|
+
__props__.__dict__["identity_token_audience"] = identity_token_audience
|
742
|
+
__props__.__dict__["identity_token_key"] = identity_token_key
|
743
|
+
__props__.__dict__["identity_token_ttl"] = identity_token_ttl
|
578
744
|
__props__.__dict__["namespace"] = namespace
|
579
745
|
__props__.__dict__["path"] = path
|
580
746
|
__props__.__dict__["subscription_id"] = subscription_id
|
@@ -623,13 +789,40 @@ class Backend(pulumi.CustomResource):
|
|
623
789
|
"""
|
624
790
|
return pulumi.get(self, "environment")
|
625
791
|
|
792
|
+
@property
|
793
|
+
@pulumi.getter(name="identityTokenAudience")
|
794
|
+
def identity_token_audience(self) -> pulumi.Output[Optional[str]]:
|
795
|
+
"""
|
796
|
+
The audience claim value. Requires Vault 1.17+.
|
797
|
+
*Available only for Vault Enterprise*
|
798
|
+
"""
|
799
|
+
return pulumi.get(self, "identity_token_audience")
|
800
|
+
|
801
|
+
@property
|
802
|
+
@pulumi.getter(name="identityTokenKey")
|
803
|
+
def identity_token_key(self) -> pulumi.Output[Optional[str]]:
|
804
|
+
"""
|
805
|
+
The key to use for signing identity tokens. Requires Vault 1.17+.
|
806
|
+
*Available only for Vault Enterprise*
|
807
|
+
"""
|
808
|
+
return pulumi.get(self, "identity_token_key")
|
809
|
+
|
810
|
+
@property
|
811
|
+
@pulumi.getter(name="identityTokenTtl")
|
812
|
+
def identity_token_ttl(self) -> pulumi.Output[int]:
|
813
|
+
"""
|
814
|
+
The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
|
815
|
+
*Available only for Vault Enterprise*
|
816
|
+
"""
|
817
|
+
return pulumi.get(self, "identity_token_ttl")
|
818
|
+
|
626
819
|
@property
|
627
820
|
@pulumi.getter
|
628
821
|
def namespace(self) -> pulumi.Output[Optional[str]]:
|
629
822
|
"""
|
630
823
|
The namespace to provision the resource in.
|
631
824
|
The value should not contain leading or trailing forward slashes.
|
632
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
825
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
633
826
|
*Available only for Vault Enterprise*.
|
634
827
|
"""
|
635
828
|
return pulumi.get(self, "namespace")
|
@@ -660,6 +853,7 @@ class Backend(pulumi.CustomResource):
|
|
660
853
|
|
661
854
|
@property
|
662
855
|
@pulumi.getter(name="useMicrosoftGraphApi")
|
856
|
+
@_utilities.deprecated("""This field is not supported in Vault-1.12+ and is the default behavior. This field will be removed in future version of the provider.""")
|
663
857
|
def use_microsoft_graph_api(self) -> pulumi.Output[bool]:
|
664
858
|
"""
|
665
859
|
Use the Microsoft Graph API. Should be set to true on vault-1.10+
|