pulumi-vault 5.21.0a1710160723__py3-none-any.whl → 6.5.0a1736836139__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +52 -0
- pulumi_vault/_inputs.py +560 -0
- pulumi_vault/_utilities.py +41 -5
- pulumi_vault/ad/get_access_credentials.py +22 -7
- pulumi_vault/ad/secret_backend.py +14 -144
- pulumi_vault/ad/secret_library.py +14 -11
- pulumi_vault/ad/secret_role.py +12 -11
- pulumi_vault/alicloud/auth_backend_role.py +74 -192
- pulumi_vault/approle/auth_backend_login.py +12 -11
- pulumi_vault/approle/auth_backend_role.py +75 -193
- pulumi_vault/approle/auth_backend_role_secret_id.py +106 -11
- pulumi_vault/approle/get_auth_backend_role_id.py +18 -9
- pulumi_vault/audit.py +24 -27
- pulumi_vault/audit_request_header.py +11 -6
- pulumi_vault/auth_backend.py +64 -12
- pulumi_vault/aws/auth_backend_cert.py +12 -7
- pulumi_vault/aws/auth_backend_client.py +265 -24
- pulumi_vault/aws/auth_backend_config_identity.py +12 -11
- pulumi_vault/aws/auth_backend_identity_whitelist.py +18 -17
- pulumi_vault/aws/auth_backend_login.py +19 -22
- pulumi_vault/aws/auth_backend_role.py +75 -193
- pulumi_vault/aws/auth_backend_role_tag.py +12 -7
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -17
- pulumi_vault/aws/auth_backend_sts_role.py +12 -11
- pulumi_vault/aws/get_access_credentials.py +34 -7
- pulumi_vault/aws/get_static_access_credentials.py +19 -5
- pulumi_vault/aws/secret_backend.py +75 -7
- pulumi_vault/aws/secret_backend_role.py +183 -11
- pulumi_vault/aws/secret_backend_static_role.py +14 -11
- pulumi_vault/azure/_inputs.py +24 -0
- pulumi_vault/azure/auth_backend_config.py +151 -17
- pulumi_vault/azure/auth_backend_role.py +75 -193
- pulumi_vault/azure/backend.py +223 -29
- pulumi_vault/azure/backend_role.py +42 -41
- pulumi_vault/azure/get_access_credentials.py +39 -11
- pulumi_vault/azure/outputs.py +5 -0
- pulumi_vault/cert_auth_backend_role.py +87 -271
- pulumi_vault/config/__init__.pyi +5 -0
- pulumi_vault/config/_inputs.py +73 -0
- pulumi_vault/config/outputs.py +35 -0
- pulumi_vault/config/ui_custom_message.py +529 -0
- pulumi_vault/config/vars.py +5 -0
- pulumi_vault/consul/secret_backend.py +22 -25
- pulumi_vault/consul/secret_backend_role.py +14 -80
- pulumi_vault/database/_inputs.py +2770 -881
- pulumi_vault/database/outputs.py +721 -838
- pulumi_vault/database/secret_backend_connection.py +117 -114
- pulumi_vault/database/secret_backend_role.py +29 -24
- pulumi_vault/database/secret_backend_static_role.py +85 -15
- pulumi_vault/database/secrets_mount.py +425 -138
- pulumi_vault/egp_policy.py +16 -15
- pulumi_vault/gcp/_inputs.py +111 -0
- pulumi_vault/gcp/auth_backend.py +248 -35
- pulumi_vault/gcp/auth_backend_role.py +75 -271
- pulumi_vault/gcp/get_auth_backend_role.py +43 -9
- pulumi_vault/gcp/outputs.py +5 -0
- pulumi_vault/gcp/secret_backend.py +287 -16
- pulumi_vault/gcp/secret_impersonated_account.py +74 -17
- pulumi_vault/gcp/secret_roleset.py +29 -26
- pulumi_vault/gcp/secret_static_account.py +37 -34
- pulumi_vault/generic/endpoint.py +22 -21
- pulumi_vault/generic/get_secret.py +68 -12
- pulumi_vault/generic/secret.py +19 -14
- pulumi_vault/get_auth_backend.py +24 -11
- pulumi_vault/get_auth_backends.py +33 -11
- pulumi_vault/get_namespace.py +226 -0
- pulumi_vault/get_namespaces.py +153 -0
- pulumi_vault/get_nomad_access_token.py +31 -15
- pulumi_vault/get_policy_document.py +34 -23
- pulumi_vault/get_raft_autopilot_state.py +29 -14
- pulumi_vault/github/_inputs.py +55 -0
- pulumi_vault/github/auth_backend.py +17 -16
- pulumi_vault/github/outputs.py +5 -0
- pulumi_vault/github/team.py +14 -13
- pulumi_vault/github/user.py +14 -13
- pulumi_vault/identity/entity.py +18 -15
- pulumi_vault/identity/entity_alias.py +18 -15
- pulumi_vault/identity/entity_policies.py +24 -19
- pulumi_vault/identity/get_entity.py +40 -14
- pulumi_vault/identity/get_group.py +45 -13
- pulumi_vault/identity/get_oidc_client_creds.py +21 -11
- pulumi_vault/identity/get_oidc_openid_config.py +39 -13
- pulumi_vault/identity/get_oidc_public_keys.py +29 -14
- pulumi_vault/identity/group.py +50 -49
- pulumi_vault/identity/group_alias.py +14 -11
- pulumi_vault/identity/group_member_entity_ids.py +24 -74
- pulumi_vault/identity/group_member_group_ids.py +36 -27
- pulumi_vault/identity/group_policies.py +16 -15
- pulumi_vault/identity/mfa_duo.py +9 -8
- pulumi_vault/identity/mfa_login_enforcement.py +13 -8
- pulumi_vault/identity/mfa_okta.py +9 -8
- pulumi_vault/identity/mfa_pingid.py +5 -4
- pulumi_vault/identity/mfa_totp.py +5 -4
- pulumi_vault/identity/oidc.py +12 -11
- pulumi_vault/identity/oidc_assignment.py +22 -13
- pulumi_vault/identity/oidc_client.py +34 -25
- pulumi_vault/identity/oidc_key.py +28 -19
- pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -19
- pulumi_vault/identity/oidc_provider.py +34 -23
- pulumi_vault/identity/oidc_role.py +40 -27
- pulumi_vault/identity/oidc_scope.py +18 -15
- pulumi_vault/identity/outputs.py +8 -3
- pulumi_vault/jwt/_inputs.py +55 -0
- pulumi_vault/jwt/auth_backend.py +39 -46
- pulumi_vault/jwt/auth_backend_role.py +131 -260
- pulumi_vault/jwt/outputs.py +5 -0
- pulumi_vault/kmip/secret_backend.py +22 -21
- pulumi_vault/kmip/secret_role.py +12 -11
- pulumi_vault/kmip/secret_scope.py +12 -11
- pulumi_vault/kubernetes/auth_backend_config.py +55 -7
- pulumi_vault/kubernetes/auth_backend_role.py +68 -179
- pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
- pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
- pulumi_vault/kubernetes/get_service_account_token.py +39 -15
- pulumi_vault/kubernetes/secret_backend.py +314 -29
- pulumi_vault/kubernetes/secret_backend_role.py +135 -56
- pulumi_vault/kv/_inputs.py +36 -4
- pulumi_vault/kv/get_secret.py +23 -12
- pulumi_vault/kv/get_secret_subkeys_v2.py +31 -14
- pulumi_vault/kv/get_secret_v2.py +89 -9
- pulumi_vault/kv/get_secrets_list.py +22 -15
- pulumi_vault/kv/get_secrets_list_v2.py +35 -19
- pulumi_vault/kv/outputs.py +8 -3
- pulumi_vault/kv/secret.py +19 -18
- pulumi_vault/kv/secret_backend_v2.py +12 -11
- pulumi_vault/kv/secret_v2.py +55 -52
- pulumi_vault/ldap/auth_backend.py +125 -168
- pulumi_vault/ldap/auth_backend_group.py +12 -11
- pulumi_vault/ldap/auth_backend_user.py +12 -11
- pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
- pulumi_vault/ldap/get_static_credentials.py +24 -5
- pulumi_vault/ldap/secret_backend.py +352 -84
- pulumi_vault/ldap/secret_backend_dynamic_role.py +12 -11
- pulumi_vault/ldap/secret_backend_library_set.py +14 -11
- pulumi_vault/ldap/secret_backend_static_role.py +67 -12
- pulumi_vault/managed/_inputs.py +289 -132
- pulumi_vault/managed/keys.py +27 -43
- pulumi_vault/managed/outputs.py +89 -132
- pulumi_vault/mfa_duo.py +16 -13
- pulumi_vault/mfa_okta.py +16 -13
- pulumi_vault/mfa_pingid.py +16 -13
- pulumi_vault/mfa_totp.py +22 -19
- pulumi_vault/mongodbatlas/secret_backend.py +18 -17
- pulumi_vault/mongodbatlas/secret_role.py +41 -38
- pulumi_vault/mount.py +389 -65
- pulumi_vault/namespace.py +26 -21
- pulumi_vault/nomad_secret_backend.py +16 -15
- pulumi_vault/nomad_secret_role.py +12 -11
- pulumi_vault/okta/_inputs.py +47 -8
- pulumi_vault/okta/auth_backend.py +483 -41
- pulumi_vault/okta/auth_backend_group.py +12 -11
- pulumi_vault/okta/auth_backend_user.py +12 -11
- pulumi_vault/okta/outputs.py +13 -8
- pulumi_vault/outputs.py +5 -0
- pulumi_vault/password_policy.py +18 -15
- pulumi_vault/pkisecret/__init__.py +3 -0
- pulumi_vault/pkisecret/_inputs.py +81 -0
- pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
- pulumi_vault/pkisecret/backend_config_est.py +619 -0
- pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
- pulumi_vault/pkisecret/get_backend_issuer.py +63 -7
- pulumi_vault/pkisecret/get_backend_issuers.py +21 -12
- pulumi_vault/pkisecret/get_backend_key.py +24 -13
- pulumi_vault/pkisecret/get_backend_keys.py +21 -12
- pulumi_vault/pkisecret/outputs.py +69 -0
- pulumi_vault/pkisecret/secret_backend_cert.py +18 -15
- pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -15
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +12 -11
- pulumi_vault/pkisecret/secret_backend_config_urls.py +59 -11
- pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -13
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -15
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -21
- pulumi_vault/pkisecret/secret_backend_issuer.py +12 -11
- pulumi_vault/pkisecret/secret_backend_key.py +12 -7
- pulumi_vault/pkisecret/secret_backend_role.py +19 -16
- pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -52
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -62
- pulumi_vault/pkisecret/secret_backend_sign.py +18 -60
- pulumi_vault/plugin.py +595 -0
- pulumi_vault/plugin_pinned_version.py +298 -0
- pulumi_vault/policy.py +12 -7
- pulumi_vault/provider.py +48 -53
- pulumi_vault/pulumi-plugin.json +2 -1
- pulumi_vault/quota_lease_count.py +58 -8
- pulumi_vault/quota_rate_limit.py +54 -4
- pulumi_vault/rabbitmq/_inputs.py +61 -0
- pulumi_vault/rabbitmq/outputs.py +5 -0
- pulumi_vault/rabbitmq/secret_backend.py +16 -15
- pulumi_vault/rabbitmq/secret_backend_role.py +52 -49
- pulumi_vault/raft_autopilot.py +12 -11
- pulumi_vault/raft_snapshot_agent_config.py +121 -311
- pulumi_vault/rgp_policy.py +14 -13
- pulumi_vault/saml/auth_backend.py +20 -19
- pulumi_vault/saml/auth_backend_role.py +90 -199
- pulumi_vault/secrets/__init__.py +3 -0
- pulumi_vault/secrets/_inputs.py +110 -0
- pulumi_vault/secrets/outputs.py +94 -0
- pulumi_vault/secrets/sync_association.py +56 -75
- pulumi_vault/secrets/sync_aws_destination.py +240 -29
- pulumi_vault/secrets/sync_azure_destination.py +90 -33
- pulumi_vault/secrets/sync_config.py +7 -6
- pulumi_vault/secrets/sync_gcp_destination.py +156 -27
- pulumi_vault/secrets/sync_gh_destination.py +187 -15
- pulumi_vault/secrets/sync_github_apps.py +375 -0
- pulumi_vault/secrets/sync_vercel_destination.py +72 -15
- pulumi_vault/ssh/_inputs.py +28 -32
- pulumi_vault/ssh/outputs.py +11 -32
- pulumi_vault/ssh/secret_backend_ca.py +106 -11
- pulumi_vault/ssh/secret_backend_role.py +83 -120
- pulumi_vault/terraformcloud/secret_backend.py +5 -56
- pulumi_vault/terraformcloud/secret_creds.py +14 -24
- pulumi_vault/terraformcloud/secret_role.py +14 -76
- pulumi_vault/token.py +26 -25
- pulumi_vault/tokenauth/auth_backend_role.py +76 -201
- pulumi_vault/transform/alphabet.py +16 -13
- pulumi_vault/transform/get_decode.py +45 -21
- pulumi_vault/transform/get_encode.py +45 -21
- pulumi_vault/transform/role.py +16 -13
- pulumi_vault/transform/template.py +30 -25
- pulumi_vault/transform/transformation.py +12 -7
- pulumi_vault/transit/get_decrypt.py +26 -25
- pulumi_vault/transit/get_encrypt.py +24 -19
- pulumi_vault/transit/secret_backend_key.py +25 -97
- pulumi_vault/transit/secret_cache_config.py +12 -11
- {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/METADATA +8 -7
- pulumi_vault-6.5.0a1736836139.dist-info/RECORD +256 -0
- {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/WHEEL +1 -1
- pulumi_vault-5.21.0a1710160723.dist-info/RECORD +0 -244
- {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/top_level.txt +0 -0
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
from . import outputs
|
12
17
|
from ._inputs import *
|
@@ -18,16 +23,20 @@ class SecretsMountArgs:
|
|
18
23
|
def __init__(__self__, *,
|
19
24
|
path: pulumi.Input[str],
|
20
25
|
allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
26
|
+
allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
21
27
|
audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
22
28
|
audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
23
29
|
cassandras: Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountCassandraArgs']]]] = None,
|
24
30
|
couchbases: Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountCouchbaseArgs']]]] = None,
|
25
31
|
default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
32
|
+
delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
26
33
|
description: Optional[pulumi.Input[str]] = None,
|
27
34
|
elasticsearches: Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountElasticsearchArgs']]]] = None,
|
28
35
|
external_entropy_access: Optional[pulumi.Input[bool]] = None,
|
29
36
|
hanas: Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountHanaArgs']]]] = None,
|
37
|
+
identity_token_key: Optional[pulumi.Input[str]] = None,
|
30
38
|
influxdbs: Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountInfluxdbArgs']]]] = None,
|
39
|
+
listing_visibility: Optional[pulumi.Input[str]] = None,
|
31
40
|
local: Optional[pulumi.Input[bool]] = None,
|
32
41
|
max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
33
42
|
mongodbatlas: Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountMongodbatlaArgs']]]] = None,
|
@@ -38,8 +47,10 @@ class SecretsMountArgs:
|
|
38
47
|
mysql_rds: Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountMysqlRdArgs']]]] = None,
|
39
48
|
mysqls: Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountMysqlArgs']]]] = None,
|
40
49
|
namespace: Optional[pulumi.Input[str]] = None,
|
41
|
-
options: Optional[pulumi.Input[Mapping[str,
|
50
|
+
options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
42
51
|
oracles: Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountOracleArgs']]]] = None,
|
52
|
+
passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
53
|
+
plugin_version: Optional[pulumi.Input[str]] = None,
|
43
54
|
postgresqls: Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountPostgresqlArgs']]]] = None,
|
44
55
|
redis: Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountRediArgs']]]] = None,
|
45
56
|
redis_elasticaches: Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountRedisElasticachArgs']]]] = None,
|
@@ -52,6 +63,7 @@ class SecretsMountArgs:
|
|
52
63
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_managed_keys: Set of managed key registry entry names that the mount in question is allowed to access
|
53
64
|
|
54
65
|
The following arguments are common to all database engines:
|
66
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_response_headers: List of headers to allow and pass from the request to the plugin
|
55
67
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
|
56
68
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
|
57
69
|
:param pulumi.Input[Sequence[pulumi.Input['SecretsMountCassandraArgs']]] cassandras: A nested block containing configuration options for Cassandra connections.
|
@@ -59,14 +71,17 @@ class SecretsMountArgs:
|
|
59
71
|
:param pulumi.Input[Sequence[pulumi.Input['SecretsMountCouchbaseArgs']]] couchbases: A nested block containing configuration options for Couchbase connections.
|
60
72
|
*See Configuration Options for more info*
|
61
73
|
:param pulumi.Input[int] default_lease_ttl_seconds: Default lease duration for tokens and secrets in seconds
|
74
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] delegated_auth_accessors: List of headers to allow and pass from the request to the plugin
|
62
75
|
:param pulumi.Input[str] description: Human-friendly description of the mount
|
63
76
|
:param pulumi.Input[Sequence[pulumi.Input['SecretsMountElasticsearchArgs']]] elasticsearches: A nested block containing configuration options for Elasticsearch connections.
|
64
77
|
*See Configuration Options for more info*
|
65
78
|
:param pulumi.Input[bool] external_entropy_access: Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source
|
66
79
|
:param pulumi.Input[Sequence[pulumi.Input['SecretsMountHanaArgs']]] hanas: A nested block containing configuration options for SAP HanaDB connections.
|
67
80
|
*See Configuration Options for more info*
|
81
|
+
:param pulumi.Input[str] identity_token_key: The key to use for signing plugin workload identity tokens
|
68
82
|
:param pulumi.Input[Sequence[pulumi.Input['SecretsMountInfluxdbArgs']]] influxdbs: A nested block containing configuration options for InfluxDB connections.
|
69
83
|
*See Configuration Options for more info*
|
84
|
+
:param pulumi.Input[str] listing_visibility: Specifies whether to show this mount in the UI-specific listing endpoint
|
70
85
|
:param pulumi.Input[bool] local: Boolean flag that can be explicitly set to true to enforce local mount in HA environment
|
71
86
|
:param pulumi.Input[int] max_lease_ttl_seconds: Maximum possible lease duration for tokens and secrets in seconds
|
72
87
|
:param pulumi.Input[Sequence[pulumi.Input['SecretsMountMongodbatlaArgs']]] mongodbatlas: A nested block containing configuration options for MongoDB Atlas connections.
|
@@ -84,9 +99,11 @@ class SecretsMountArgs:
|
|
84
99
|
:param pulumi.Input[Sequence[pulumi.Input['SecretsMountMysqlArgs']]] mysqls: A nested block containing configuration options for MySQL connections.
|
85
100
|
*See Configuration Options for more info*
|
86
101
|
:param pulumi.Input[str] namespace: Target namespace. (requires Enterprise)
|
87
|
-
:param pulumi.Input[Mapping[str,
|
102
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] options: Specifies mount type specific options that are passed to the backend
|
88
103
|
:param pulumi.Input[Sequence[pulumi.Input['SecretsMountOracleArgs']]] oracles: A nested block containing configuration options for Oracle connections.
|
89
104
|
*See Configuration Options for more info*
|
105
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] passthrough_request_headers: List of headers to allow and pass from the request to the plugin
|
106
|
+
:param pulumi.Input[str] plugin_version: Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
|
90
107
|
:param pulumi.Input[Sequence[pulumi.Input['SecretsMountPostgresqlArgs']]] postgresqls: A nested block containing configuration options for PostgreSQL connections.
|
91
108
|
*See Configuration Options for more info*
|
92
109
|
:param pulumi.Input[Sequence[pulumi.Input['SecretsMountRediArgs']]] redis: A nested block containing configuration options for Redis connections.
|
@@ -102,6 +119,8 @@ class SecretsMountArgs:
|
|
102
119
|
pulumi.set(__self__, "path", path)
|
103
120
|
if allowed_managed_keys is not None:
|
104
121
|
pulumi.set(__self__, "allowed_managed_keys", allowed_managed_keys)
|
122
|
+
if allowed_response_headers is not None:
|
123
|
+
pulumi.set(__self__, "allowed_response_headers", allowed_response_headers)
|
105
124
|
if audit_non_hmac_request_keys is not None:
|
106
125
|
pulumi.set(__self__, "audit_non_hmac_request_keys", audit_non_hmac_request_keys)
|
107
126
|
if audit_non_hmac_response_keys is not None:
|
@@ -112,6 +131,8 @@ class SecretsMountArgs:
|
|
112
131
|
pulumi.set(__self__, "couchbases", couchbases)
|
113
132
|
if default_lease_ttl_seconds is not None:
|
114
133
|
pulumi.set(__self__, "default_lease_ttl_seconds", default_lease_ttl_seconds)
|
134
|
+
if delegated_auth_accessors is not None:
|
135
|
+
pulumi.set(__self__, "delegated_auth_accessors", delegated_auth_accessors)
|
115
136
|
if description is not None:
|
116
137
|
pulumi.set(__self__, "description", description)
|
117
138
|
if elasticsearches is not None:
|
@@ -120,8 +141,12 @@ class SecretsMountArgs:
|
|
120
141
|
pulumi.set(__self__, "external_entropy_access", external_entropy_access)
|
121
142
|
if hanas is not None:
|
122
143
|
pulumi.set(__self__, "hanas", hanas)
|
144
|
+
if identity_token_key is not None:
|
145
|
+
pulumi.set(__self__, "identity_token_key", identity_token_key)
|
123
146
|
if influxdbs is not None:
|
124
147
|
pulumi.set(__self__, "influxdbs", influxdbs)
|
148
|
+
if listing_visibility is not None:
|
149
|
+
pulumi.set(__self__, "listing_visibility", listing_visibility)
|
125
150
|
if local is not None:
|
126
151
|
pulumi.set(__self__, "local", local)
|
127
152
|
if max_lease_ttl_seconds is not None:
|
@@ -146,6 +171,10 @@ class SecretsMountArgs:
|
|
146
171
|
pulumi.set(__self__, "options", options)
|
147
172
|
if oracles is not None:
|
148
173
|
pulumi.set(__self__, "oracles", oracles)
|
174
|
+
if passthrough_request_headers is not None:
|
175
|
+
pulumi.set(__self__, "passthrough_request_headers", passthrough_request_headers)
|
176
|
+
if plugin_version is not None:
|
177
|
+
pulumi.set(__self__, "plugin_version", plugin_version)
|
149
178
|
if postgresqls is not None:
|
150
179
|
pulumi.set(__self__, "postgresqls", postgresqls)
|
151
180
|
if redis is not None:
|
@@ -185,6 +214,18 @@ class SecretsMountArgs:
|
|
185
214
|
def allowed_managed_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
186
215
|
pulumi.set(self, "allowed_managed_keys", value)
|
187
216
|
|
217
|
+
@property
|
218
|
+
@pulumi.getter(name="allowedResponseHeaders")
|
219
|
+
def allowed_response_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
220
|
+
"""
|
221
|
+
List of headers to allow and pass from the request to the plugin
|
222
|
+
"""
|
223
|
+
return pulumi.get(self, "allowed_response_headers")
|
224
|
+
|
225
|
+
@allowed_response_headers.setter
|
226
|
+
def allowed_response_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
227
|
+
pulumi.set(self, "allowed_response_headers", value)
|
228
|
+
|
188
229
|
@property
|
189
230
|
@pulumi.getter(name="auditNonHmacRequestKeys")
|
190
231
|
def audit_non_hmac_request_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
@@ -247,6 +288,18 @@ class SecretsMountArgs:
|
|
247
288
|
def default_lease_ttl_seconds(self, value: Optional[pulumi.Input[int]]):
|
248
289
|
pulumi.set(self, "default_lease_ttl_seconds", value)
|
249
290
|
|
291
|
+
@property
|
292
|
+
@pulumi.getter(name="delegatedAuthAccessors")
|
293
|
+
def delegated_auth_accessors(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
294
|
+
"""
|
295
|
+
List of headers to allow and pass from the request to the plugin
|
296
|
+
"""
|
297
|
+
return pulumi.get(self, "delegated_auth_accessors")
|
298
|
+
|
299
|
+
@delegated_auth_accessors.setter
|
300
|
+
def delegated_auth_accessors(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
301
|
+
pulumi.set(self, "delegated_auth_accessors", value)
|
302
|
+
|
250
303
|
@property
|
251
304
|
@pulumi.getter
|
252
305
|
def description(self) -> Optional[pulumi.Input[str]]:
|
@@ -297,6 +350,18 @@ class SecretsMountArgs:
|
|
297
350
|
def hanas(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountHanaArgs']]]]):
|
298
351
|
pulumi.set(self, "hanas", value)
|
299
352
|
|
353
|
+
@property
|
354
|
+
@pulumi.getter(name="identityTokenKey")
|
355
|
+
def identity_token_key(self) -> Optional[pulumi.Input[str]]:
|
356
|
+
"""
|
357
|
+
The key to use for signing plugin workload identity tokens
|
358
|
+
"""
|
359
|
+
return pulumi.get(self, "identity_token_key")
|
360
|
+
|
361
|
+
@identity_token_key.setter
|
362
|
+
def identity_token_key(self, value: Optional[pulumi.Input[str]]):
|
363
|
+
pulumi.set(self, "identity_token_key", value)
|
364
|
+
|
300
365
|
@property
|
301
366
|
@pulumi.getter
|
302
367
|
def influxdbs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountInfluxdbArgs']]]]:
|
@@ -310,6 +375,18 @@ class SecretsMountArgs:
|
|
310
375
|
def influxdbs(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountInfluxdbArgs']]]]):
|
311
376
|
pulumi.set(self, "influxdbs", value)
|
312
377
|
|
378
|
+
@property
|
379
|
+
@pulumi.getter(name="listingVisibility")
|
380
|
+
def listing_visibility(self) -> Optional[pulumi.Input[str]]:
|
381
|
+
"""
|
382
|
+
Specifies whether to show this mount in the UI-specific listing endpoint
|
383
|
+
"""
|
384
|
+
return pulumi.get(self, "listing_visibility")
|
385
|
+
|
386
|
+
@listing_visibility.setter
|
387
|
+
def listing_visibility(self, value: Optional[pulumi.Input[str]]):
|
388
|
+
pulumi.set(self, "listing_visibility", value)
|
389
|
+
|
313
390
|
@property
|
314
391
|
@pulumi.getter
|
315
392
|
def local(self) -> Optional[pulumi.Input[bool]]:
|
@@ -439,14 +516,14 @@ class SecretsMountArgs:
|
|
439
516
|
|
440
517
|
@property
|
441
518
|
@pulumi.getter
|
442
|
-
def options(self) -> Optional[pulumi.Input[Mapping[str,
|
519
|
+
def options(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
|
443
520
|
"""
|
444
521
|
Specifies mount type specific options that are passed to the backend
|
445
522
|
"""
|
446
523
|
return pulumi.get(self, "options")
|
447
524
|
|
448
525
|
@options.setter
|
449
|
-
def options(self, value: Optional[pulumi.Input[Mapping[str,
|
526
|
+
def options(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
|
450
527
|
pulumi.set(self, "options", value)
|
451
528
|
|
452
529
|
@property
|
@@ -462,6 +539,30 @@ class SecretsMountArgs:
|
|
462
539
|
def oracles(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountOracleArgs']]]]):
|
463
540
|
pulumi.set(self, "oracles", value)
|
464
541
|
|
542
|
+
@property
|
543
|
+
@pulumi.getter(name="passthroughRequestHeaders")
|
544
|
+
def passthrough_request_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
545
|
+
"""
|
546
|
+
List of headers to allow and pass from the request to the plugin
|
547
|
+
"""
|
548
|
+
return pulumi.get(self, "passthrough_request_headers")
|
549
|
+
|
550
|
+
@passthrough_request_headers.setter
|
551
|
+
def passthrough_request_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
552
|
+
pulumi.set(self, "passthrough_request_headers", value)
|
553
|
+
|
554
|
+
@property
|
555
|
+
@pulumi.getter(name="pluginVersion")
|
556
|
+
def plugin_version(self) -> Optional[pulumi.Input[str]]:
|
557
|
+
"""
|
558
|
+
Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
|
559
|
+
"""
|
560
|
+
return pulumi.get(self, "plugin_version")
|
561
|
+
|
562
|
+
@plugin_version.setter
|
563
|
+
def plugin_version(self, value: Optional[pulumi.Input[str]]):
|
564
|
+
pulumi.set(self, "plugin_version", value)
|
565
|
+
|
465
566
|
@property
|
466
567
|
@pulumi.getter
|
467
568
|
def postgresqls(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountPostgresqlArgs']]]]:
|
@@ -545,17 +646,21 @@ class _SecretsMountState:
|
|
545
646
|
def __init__(__self__, *,
|
546
647
|
accessor: Optional[pulumi.Input[str]] = None,
|
547
648
|
allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
649
|
+
allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
548
650
|
audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
549
651
|
audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
550
652
|
cassandras: Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountCassandraArgs']]]] = None,
|
551
653
|
couchbases: Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountCouchbaseArgs']]]] = None,
|
552
654
|
default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
655
|
+
delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
553
656
|
description: Optional[pulumi.Input[str]] = None,
|
554
657
|
elasticsearches: Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountElasticsearchArgs']]]] = None,
|
555
658
|
engine_count: Optional[pulumi.Input[int]] = None,
|
556
659
|
external_entropy_access: Optional[pulumi.Input[bool]] = None,
|
557
660
|
hanas: Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountHanaArgs']]]] = None,
|
661
|
+
identity_token_key: Optional[pulumi.Input[str]] = None,
|
558
662
|
influxdbs: Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountInfluxdbArgs']]]] = None,
|
663
|
+
listing_visibility: Optional[pulumi.Input[str]] = None,
|
559
664
|
local: Optional[pulumi.Input[bool]] = None,
|
560
665
|
max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
561
666
|
mongodbatlas: Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountMongodbatlaArgs']]]] = None,
|
@@ -566,9 +671,11 @@ class _SecretsMountState:
|
|
566
671
|
mysql_rds: Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountMysqlRdArgs']]]] = None,
|
567
672
|
mysqls: Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountMysqlArgs']]]] = None,
|
568
673
|
namespace: Optional[pulumi.Input[str]] = None,
|
569
|
-
options: Optional[pulumi.Input[Mapping[str,
|
674
|
+
options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
570
675
|
oracles: Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountOracleArgs']]]] = None,
|
676
|
+
passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
571
677
|
path: Optional[pulumi.Input[str]] = None,
|
678
|
+
plugin_version: Optional[pulumi.Input[str]] = None,
|
572
679
|
postgresqls: Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountPostgresqlArgs']]]] = None,
|
573
680
|
redis: Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountRediArgs']]]] = None,
|
574
681
|
redis_elasticaches: Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountRedisElasticachArgs']]]] = None,
|
@@ -581,6 +688,7 @@ class _SecretsMountState:
|
|
581
688
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_managed_keys: Set of managed key registry entry names that the mount in question is allowed to access
|
582
689
|
|
583
690
|
The following arguments are common to all database engines:
|
691
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_response_headers: List of headers to allow and pass from the request to the plugin
|
584
692
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
|
585
693
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
|
586
694
|
:param pulumi.Input[Sequence[pulumi.Input['SecretsMountCassandraArgs']]] cassandras: A nested block containing configuration options for Cassandra connections.
|
@@ -588,6 +696,7 @@ class _SecretsMountState:
|
|
588
696
|
:param pulumi.Input[Sequence[pulumi.Input['SecretsMountCouchbaseArgs']]] couchbases: A nested block containing configuration options for Couchbase connections.
|
589
697
|
*See Configuration Options for more info*
|
590
698
|
:param pulumi.Input[int] default_lease_ttl_seconds: Default lease duration for tokens and secrets in seconds
|
699
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] delegated_auth_accessors: List of headers to allow and pass from the request to the plugin
|
591
700
|
:param pulumi.Input[str] description: Human-friendly description of the mount
|
592
701
|
:param pulumi.Input[Sequence[pulumi.Input['SecretsMountElasticsearchArgs']]] elasticsearches: A nested block containing configuration options for Elasticsearch connections.
|
593
702
|
*See Configuration Options for more info*
|
@@ -595,8 +704,10 @@ class _SecretsMountState:
|
|
595
704
|
:param pulumi.Input[bool] external_entropy_access: Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source
|
596
705
|
:param pulumi.Input[Sequence[pulumi.Input['SecretsMountHanaArgs']]] hanas: A nested block containing configuration options for SAP HanaDB connections.
|
597
706
|
*See Configuration Options for more info*
|
707
|
+
:param pulumi.Input[str] identity_token_key: The key to use for signing plugin workload identity tokens
|
598
708
|
:param pulumi.Input[Sequence[pulumi.Input['SecretsMountInfluxdbArgs']]] influxdbs: A nested block containing configuration options for InfluxDB connections.
|
599
709
|
*See Configuration Options for more info*
|
710
|
+
:param pulumi.Input[str] listing_visibility: Specifies whether to show this mount in the UI-specific listing endpoint
|
600
711
|
:param pulumi.Input[bool] local: Boolean flag that can be explicitly set to true to enforce local mount in HA environment
|
601
712
|
:param pulumi.Input[int] max_lease_ttl_seconds: Maximum possible lease duration for tokens and secrets in seconds
|
602
713
|
:param pulumi.Input[Sequence[pulumi.Input['SecretsMountMongodbatlaArgs']]] mongodbatlas: A nested block containing configuration options for MongoDB Atlas connections.
|
@@ -614,10 +725,12 @@ class _SecretsMountState:
|
|
614
725
|
:param pulumi.Input[Sequence[pulumi.Input['SecretsMountMysqlArgs']]] mysqls: A nested block containing configuration options for MySQL connections.
|
615
726
|
*See Configuration Options for more info*
|
616
727
|
:param pulumi.Input[str] namespace: Target namespace. (requires Enterprise)
|
617
|
-
:param pulumi.Input[Mapping[str,
|
728
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] options: Specifies mount type specific options that are passed to the backend
|
618
729
|
:param pulumi.Input[Sequence[pulumi.Input['SecretsMountOracleArgs']]] oracles: A nested block containing configuration options for Oracle connections.
|
619
730
|
*See Configuration Options for more info*
|
731
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] passthrough_request_headers: List of headers to allow and pass from the request to the plugin
|
620
732
|
:param pulumi.Input[str] path: Where the secret backend will be mounted
|
733
|
+
:param pulumi.Input[str] plugin_version: Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
|
621
734
|
:param pulumi.Input[Sequence[pulumi.Input['SecretsMountPostgresqlArgs']]] postgresqls: A nested block containing configuration options for PostgreSQL connections.
|
622
735
|
*See Configuration Options for more info*
|
623
736
|
:param pulumi.Input[Sequence[pulumi.Input['SecretsMountRediArgs']]] redis: A nested block containing configuration options for Redis connections.
|
@@ -634,6 +747,8 @@ class _SecretsMountState:
|
|
634
747
|
pulumi.set(__self__, "accessor", accessor)
|
635
748
|
if allowed_managed_keys is not None:
|
636
749
|
pulumi.set(__self__, "allowed_managed_keys", allowed_managed_keys)
|
750
|
+
if allowed_response_headers is not None:
|
751
|
+
pulumi.set(__self__, "allowed_response_headers", allowed_response_headers)
|
637
752
|
if audit_non_hmac_request_keys is not None:
|
638
753
|
pulumi.set(__self__, "audit_non_hmac_request_keys", audit_non_hmac_request_keys)
|
639
754
|
if audit_non_hmac_response_keys is not None:
|
@@ -644,6 +759,8 @@ class _SecretsMountState:
|
|
644
759
|
pulumi.set(__self__, "couchbases", couchbases)
|
645
760
|
if default_lease_ttl_seconds is not None:
|
646
761
|
pulumi.set(__self__, "default_lease_ttl_seconds", default_lease_ttl_seconds)
|
762
|
+
if delegated_auth_accessors is not None:
|
763
|
+
pulumi.set(__self__, "delegated_auth_accessors", delegated_auth_accessors)
|
647
764
|
if description is not None:
|
648
765
|
pulumi.set(__self__, "description", description)
|
649
766
|
if elasticsearches is not None:
|
@@ -654,8 +771,12 @@ class _SecretsMountState:
|
|
654
771
|
pulumi.set(__self__, "external_entropy_access", external_entropy_access)
|
655
772
|
if hanas is not None:
|
656
773
|
pulumi.set(__self__, "hanas", hanas)
|
774
|
+
if identity_token_key is not None:
|
775
|
+
pulumi.set(__self__, "identity_token_key", identity_token_key)
|
657
776
|
if influxdbs is not None:
|
658
777
|
pulumi.set(__self__, "influxdbs", influxdbs)
|
778
|
+
if listing_visibility is not None:
|
779
|
+
pulumi.set(__self__, "listing_visibility", listing_visibility)
|
659
780
|
if local is not None:
|
660
781
|
pulumi.set(__self__, "local", local)
|
661
782
|
if max_lease_ttl_seconds is not None:
|
@@ -680,8 +801,12 @@ class _SecretsMountState:
|
|
680
801
|
pulumi.set(__self__, "options", options)
|
681
802
|
if oracles is not None:
|
682
803
|
pulumi.set(__self__, "oracles", oracles)
|
804
|
+
if passthrough_request_headers is not None:
|
805
|
+
pulumi.set(__self__, "passthrough_request_headers", passthrough_request_headers)
|
683
806
|
if path is not None:
|
684
807
|
pulumi.set(__self__, "path", path)
|
808
|
+
if plugin_version is not None:
|
809
|
+
pulumi.set(__self__, "plugin_version", plugin_version)
|
685
810
|
if postgresqls is not None:
|
686
811
|
pulumi.set(__self__, "postgresqls", postgresqls)
|
687
812
|
if redis is not None:
|
@@ -721,6 +846,18 @@ class _SecretsMountState:
|
|
721
846
|
def allowed_managed_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
722
847
|
pulumi.set(self, "allowed_managed_keys", value)
|
723
848
|
|
849
|
+
@property
|
850
|
+
@pulumi.getter(name="allowedResponseHeaders")
|
851
|
+
def allowed_response_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
852
|
+
"""
|
853
|
+
List of headers to allow and pass from the request to the plugin
|
854
|
+
"""
|
855
|
+
return pulumi.get(self, "allowed_response_headers")
|
856
|
+
|
857
|
+
@allowed_response_headers.setter
|
858
|
+
def allowed_response_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
859
|
+
pulumi.set(self, "allowed_response_headers", value)
|
860
|
+
|
724
861
|
@property
|
725
862
|
@pulumi.getter(name="auditNonHmacRequestKeys")
|
726
863
|
def audit_non_hmac_request_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
@@ -783,6 +920,18 @@ class _SecretsMountState:
|
|
783
920
|
def default_lease_ttl_seconds(self, value: Optional[pulumi.Input[int]]):
|
784
921
|
pulumi.set(self, "default_lease_ttl_seconds", value)
|
785
922
|
|
923
|
+
@property
|
924
|
+
@pulumi.getter(name="delegatedAuthAccessors")
|
925
|
+
def delegated_auth_accessors(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
926
|
+
"""
|
927
|
+
List of headers to allow and pass from the request to the plugin
|
928
|
+
"""
|
929
|
+
return pulumi.get(self, "delegated_auth_accessors")
|
930
|
+
|
931
|
+
@delegated_auth_accessors.setter
|
932
|
+
def delegated_auth_accessors(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
933
|
+
pulumi.set(self, "delegated_auth_accessors", value)
|
934
|
+
|
786
935
|
@property
|
787
936
|
@pulumi.getter
|
788
937
|
def description(self) -> Optional[pulumi.Input[str]]:
|
@@ -845,6 +994,18 @@ class _SecretsMountState:
|
|
845
994
|
def hanas(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountHanaArgs']]]]):
|
846
995
|
pulumi.set(self, "hanas", value)
|
847
996
|
|
997
|
+
@property
|
998
|
+
@pulumi.getter(name="identityTokenKey")
|
999
|
+
def identity_token_key(self) -> Optional[pulumi.Input[str]]:
|
1000
|
+
"""
|
1001
|
+
The key to use for signing plugin workload identity tokens
|
1002
|
+
"""
|
1003
|
+
return pulumi.get(self, "identity_token_key")
|
1004
|
+
|
1005
|
+
@identity_token_key.setter
|
1006
|
+
def identity_token_key(self, value: Optional[pulumi.Input[str]]):
|
1007
|
+
pulumi.set(self, "identity_token_key", value)
|
1008
|
+
|
848
1009
|
@property
|
849
1010
|
@pulumi.getter
|
850
1011
|
def influxdbs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountInfluxdbArgs']]]]:
|
@@ -858,6 +1019,18 @@ class _SecretsMountState:
|
|
858
1019
|
def influxdbs(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountInfluxdbArgs']]]]):
|
859
1020
|
pulumi.set(self, "influxdbs", value)
|
860
1021
|
|
1022
|
+
@property
|
1023
|
+
@pulumi.getter(name="listingVisibility")
|
1024
|
+
def listing_visibility(self) -> Optional[pulumi.Input[str]]:
|
1025
|
+
"""
|
1026
|
+
Specifies whether to show this mount in the UI-specific listing endpoint
|
1027
|
+
"""
|
1028
|
+
return pulumi.get(self, "listing_visibility")
|
1029
|
+
|
1030
|
+
@listing_visibility.setter
|
1031
|
+
def listing_visibility(self, value: Optional[pulumi.Input[str]]):
|
1032
|
+
pulumi.set(self, "listing_visibility", value)
|
1033
|
+
|
861
1034
|
@property
|
862
1035
|
@pulumi.getter
|
863
1036
|
def local(self) -> Optional[pulumi.Input[bool]]:
|
@@ -987,14 +1160,14 @@ class _SecretsMountState:
|
|
987
1160
|
|
988
1161
|
@property
|
989
1162
|
@pulumi.getter
|
990
|
-
def options(self) -> Optional[pulumi.Input[Mapping[str,
|
1163
|
+
def options(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
|
991
1164
|
"""
|
992
1165
|
Specifies mount type specific options that are passed to the backend
|
993
1166
|
"""
|
994
1167
|
return pulumi.get(self, "options")
|
995
1168
|
|
996
1169
|
@options.setter
|
997
|
-
def options(self, value: Optional[pulumi.Input[Mapping[str,
|
1170
|
+
def options(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
|
998
1171
|
pulumi.set(self, "options", value)
|
999
1172
|
|
1000
1173
|
@property
|
@@ -1010,6 +1183,18 @@ class _SecretsMountState:
|
|
1010
1183
|
def oracles(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountOracleArgs']]]]):
|
1011
1184
|
pulumi.set(self, "oracles", value)
|
1012
1185
|
|
1186
|
+
@property
|
1187
|
+
@pulumi.getter(name="passthroughRequestHeaders")
|
1188
|
+
def passthrough_request_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
1189
|
+
"""
|
1190
|
+
List of headers to allow and pass from the request to the plugin
|
1191
|
+
"""
|
1192
|
+
return pulumi.get(self, "passthrough_request_headers")
|
1193
|
+
|
1194
|
+
@passthrough_request_headers.setter
|
1195
|
+
def passthrough_request_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
1196
|
+
pulumi.set(self, "passthrough_request_headers", value)
|
1197
|
+
|
1013
1198
|
@property
|
1014
1199
|
@pulumi.getter
|
1015
1200
|
def path(self) -> Optional[pulumi.Input[str]]:
|
@@ -1022,6 +1207,18 @@ class _SecretsMountState:
|
|
1022
1207
|
def path(self, value: Optional[pulumi.Input[str]]):
|
1023
1208
|
pulumi.set(self, "path", value)
|
1024
1209
|
|
1210
|
+
@property
|
1211
|
+
@pulumi.getter(name="pluginVersion")
|
1212
|
+
def plugin_version(self) -> Optional[pulumi.Input[str]]:
|
1213
|
+
"""
|
1214
|
+
Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
|
1215
|
+
"""
|
1216
|
+
return pulumi.get(self, "plugin_version")
|
1217
|
+
|
1218
|
+
@plugin_version.setter
|
1219
|
+
def plugin_version(self, value: Optional[pulumi.Input[str]]):
|
1220
|
+
pulumi.set(self, "plugin_version", value)
|
1221
|
+
|
1025
1222
|
@property
|
1026
1223
|
@pulumi.getter
|
1027
1224
|
def postgresqls(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountPostgresqlArgs']]]]:
|
@@ -1106,62 +1303,68 @@ class SecretsMount(pulumi.CustomResource):
|
|
1106
1303
|
resource_name: str,
|
1107
1304
|
opts: Optional[pulumi.ResourceOptions] = None,
|
1108
1305
|
allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1306
|
+
allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1109
1307
|
audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1110
1308
|
audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1111
|
-
cassandras: Optional[pulumi.Input[Sequence[pulumi.Input[
|
1112
|
-
couchbases: Optional[pulumi.Input[Sequence[pulumi.Input[
|
1309
|
+
cassandras: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountCassandraArgs', 'SecretsMountCassandraArgsDict']]]]] = None,
|
1310
|
+
couchbases: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountCouchbaseArgs', 'SecretsMountCouchbaseArgsDict']]]]] = None,
|
1113
1311
|
default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
1312
|
+
delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1114
1313
|
description: Optional[pulumi.Input[str]] = None,
|
1115
|
-
elasticsearches: Optional[pulumi.Input[Sequence[pulumi.Input[
|
1314
|
+
elasticsearches: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountElasticsearchArgs', 'SecretsMountElasticsearchArgsDict']]]]] = None,
|
1116
1315
|
external_entropy_access: Optional[pulumi.Input[bool]] = None,
|
1117
|
-
hanas: Optional[pulumi.Input[Sequence[pulumi.Input[
|
1118
|
-
|
1316
|
+
hanas: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountHanaArgs', 'SecretsMountHanaArgsDict']]]]] = None,
|
1317
|
+
identity_token_key: Optional[pulumi.Input[str]] = None,
|
1318
|
+
influxdbs: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountInfluxdbArgs', 'SecretsMountInfluxdbArgsDict']]]]] = None,
|
1319
|
+
listing_visibility: Optional[pulumi.Input[str]] = None,
|
1119
1320
|
local: Optional[pulumi.Input[bool]] = None,
|
1120
1321
|
max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
1121
|
-
mongodbatlas: Optional[pulumi.Input[Sequence[pulumi.Input[
|
1122
|
-
mongodbs: Optional[pulumi.Input[Sequence[pulumi.Input[
|
1123
|
-
mssqls: Optional[pulumi.Input[Sequence[pulumi.Input[
|
1124
|
-
mysql_auroras: Optional[pulumi.Input[Sequence[pulumi.Input[
|
1125
|
-
mysql_legacies: Optional[pulumi.Input[Sequence[pulumi.Input[
|
1126
|
-
mysql_rds: Optional[pulumi.Input[Sequence[pulumi.Input[
|
1127
|
-
mysqls: Optional[pulumi.Input[Sequence[pulumi.Input[
|
1322
|
+
mongodbatlas: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMongodbatlaArgs', 'SecretsMountMongodbatlaArgsDict']]]]] = None,
|
1323
|
+
mongodbs: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMongodbArgs', 'SecretsMountMongodbArgsDict']]]]] = None,
|
1324
|
+
mssqls: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMssqlArgs', 'SecretsMountMssqlArgsDict']]]]] = None,
|
1325
|
+
mysql_auroras: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMysqlAuroraArgs', 'SecretsMountMysqlAuroraArgsDict']]]]] = None,
|
1326
|
+
mysql_legacies: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMysqlLegacyArgs', 'SecretsMountMysqlLegacyArgsDict']]]]] = None,
|
1327
|
+
mysql_rds: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMysqlRdArgs', 'SecretsMountMysqlRdArgsDict']]]]] = None,
|
1328
|
+
mysqls: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMysqlArgs', 'SecretsMountMysqlArgsDict']]]]] = None,
|
1128
1329
|
namespace: Optional[pulumi.Input[str]] = None,
|
1129
|
-
options: Optional[pulumi.Input[Mapping[str,
|
1130
|
-
oracles: Optional[pulumi.Input[Sequence[pulumi.Input[
|
1330
|
+
options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
1331
|
+
oracles: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountOracleArgs', 'SecretsMountOracleArgsDict']]]]] = None,
|
1332
|
+
passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1131
1333
|
path: Optional[pulumi.Input[str]] = None,
|
1132
|
-
|
1133
|
-
|
1134
|
-
|
1135
|
-
|
1334
|
+
plugin_version: Optional[pulumi.Input[str]] = None,
|
1335
|
+
postgresqls: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountPostgresqlArgs', 'SecretsMountPostgresqlArgsDict']]]]] = None,
|
1336
|
+
redis: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountRediArgs', 'SecretsMountRediArgsDict']]]]] = None,
|
1337
|
+
redis_elasticaches: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountRedisElasticachArgs', 'SecretsMountRedisElasticachArgsDict']]]]] = None,
|
1338
|
+
redshifts: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountRedshiftArgs', 'SecretsMountRedshiftArgsDict']]]]] = None,
|
1136
1339
|
seal_wrap: Optional[pulumi.Input[bool]] = None,
|
1137
|
-
snowflakes: Optional[pulumi.Input[Sequence[pulumi.Input[
|
1340
|
+
snowflakes: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountSnowflakeArgs', 'SecretsMountSnowflakeArgsDict']]]]] = None,
|
1138
1341
|
__props__=None):
|
1139
1342
|
"""
|
1140
1343
|
## Example Usage
|
1141
1344
|
|
1142
|
-
<!--Start PulumiCodeChooser -->
|
1143
1345
|
```python
|
1144
1346
|
import pulumi
|
1145
1347
|
import pulumi_vault as vault
|
1146
1348
|
|
1147
1349
|
db = vault.database.SecretsMount("db",
|
1148
1350
|
path="db",
|
1149
|
-
mssqls=[
|
1150
|
-
name
|
1151
|
-
username
|
1152
|
-
password
|
1153
|
-
connection_url
|
1154
|
-
allowed_roles
|
1155
|
-
|
1156
|
-
postgresqls=[
|
1157
|
-
name
|
1158
|
-
username
|
1159
|
-
password
|
1160
|
-
connection_url
|
1161
|
-
verify_connection
|
1162
|
-
allowed_roles
|
1163
|
-
|
1351
|
+
mssqls=[{
|
1352
|
+
"name": "db1",
|
1353
|
+
"username": "sa",
|
1354
|
+
"password": "super_secret_1",
|
1355
|
+
"connection_url": "sqlserver://{{username}}:{{password}}@127.0.0.1:1433",
|
1356
|
+
"allowed_roles": ["dev1"],
|
1357
|
+
}],
|
1358
|
+
postgresqls=[{
|
1359
|
+
"name": "db2",
|
1360
|
+
"username": "postgres",
|
1361
|
+
"password": "super_secret_2",
|
1362
|
+
"connection_url": "postgresql://{{username}}:{{password}}@127.0.0.1:5432/postgres",
|
1363
|
+
"verify_connection": True,
|
1364
|
+
"allowed_roles": ["dev2"],
|
1365
|
+
}])
|
1164
1366
|
dev1 = vault.database.SecretBackendRole("dev1",
|
1367
|
+
name="dev1",
|
1165
1368
|
backend=db.path,
|
1166
1369
|
db_name=db.mssqls[0].name,
|
1167
1370
|
creation_statements=[
|
@@ -1170,6 +1373,7 @@ class SecretsMount(pulumi.CustomResource):
|
|
1170
1373
|
"GRANT SELECT ON SCHEMA::dbo TO [{{name}}];",
|
1171
1374
|
])
|
1172
1375
|
dev2 = vault.database.SecretBackendRole("dev2",
|
1376
|
+
name="dev2",
|
1173
1377
|
backend=db.path,
|
1174
1378
|
db_name=db.postgresqls[0].name,
|
1175
1379
|
creation_statements=[
|
@@ -1177,7 +1381,6 @@ class SecretsMount(pulumi.CustomResource):
|
|
1177
1381
|
"GRANT SELECT ON ALL TABLES IN SCHEMA public TO \\"{{name}}\\";",
|
1178
1382
|
])
|
1179
1383
|
```
|
1180
|
-
<!--End PulumiCodeChooser -->
|
1181
1384
|
|
1182
1385
|
## Import
|
1183
1386
|
|
@@ -1192,52 +1395,58 @@ class SecretsMount(pulumi.CustomResource):
|
|
1192
1395
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_managed_keys: Set of managed key registry entry names that the mount in question is allowed to access
|
1193
1396
|
|
1194
1397
|
The following arguments are common to all database engines:
|
1398
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_response_headers: List of headers to allow and pass from the request to the plugin
|
1195
1399
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
|
1196
1400
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
|
1197
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
1401
|
+
:param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountCassandraArgs', 'SecretsMountCassandraArgsDict']]]] cassandras: A nested block containing configuration options for Cassandra connections.
|
1198
1402
|
*See Configuration Options for more info*
|
1199
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
1403
|
+
:param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountCouchbaseArgs', 'SecretsMountCouchbaseArgsDict']]]] couchbases: A nested block containing configuration options for Couchbase connections.
|
1200
1404
|
*See Configuration Options for more info*
|
1201
1405
|
:param pulumi.Input[int] default_lease_ttl_seconds: Default lease duration for tokens and secrets in seconds
|
1406
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] delegated_auth_accessors: List of headers to allow and pass from the request to the plugin
|
1202
1407
|
:param pulumi.Input[str] description: Human-friendly description of the mount
|
1203
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
1408
|
+
:param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountElasticsearchArgs', 'SecretsMountElasticsearchArgsDict']]]] elasticsearches: A nested block containing configuration options for Elasticsearch connections.
|
1204
1409
|
*See Configuration Options for more info*
|
1205
1410
|
:param pulumi.Input[bool] external_entropy_access: Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source
|
1206
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
1411
|
+
:param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountHanaArgs', 'SecretsMountHanaArgsDict']]]] hanas: A nested block containing configuration options for SAP HanaDB connections.
|
1207
1412
|
*See Configuration Options for more info*
|
1208
|
-
:param pulumi.Input[
|
1413
|
+
:param pulumi.Input[str] identity_token_key: The key to use for signing plugin workload identity tokens
|
1414
|
+
:param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountInfluxdbArgs', 'SecretsMountInfluxdbArgsDict']]]] influxdbs: A nested block containing configuration options for InfluxDB connections.
|
1209
1415
|
*See Configuration Options for more info*
|
1416
|
+
:param pulumi.Input[str] listing_visibility: Specifies whether to show this mount in the UI-specific listing endpoint
|
1210
1417
|
:param pulumi.Input[bool] local: Boolean flag that can be explicitly set to true to enforce local mount in HA environment
|
1211
1418
|
:param pulumi.Input[int] max_lease_ttl_seconds: Maximum possible lease duration for tokens and secrets in seconds
|
1212
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
1419
|
+
:param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMongodbatlaArgs', 'SecretsMountMongodbatlaArgsDict']]]] mongodbatlas: A nested block containing configuration options for MongoDB Atlas connections.
|
1213
1420
|
*See Configuration Options for more info*
|
1214
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
1421
|
+
:param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMongodbArgs', 'SecretsMountMongodbArgsDict']]]] mongodbs: A nested block containing configuration options for MongoDB connections.
|
1215
1422
|
*See Configuration Options for more info*
|
1216
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
1423
|
+
:param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMssqlArgs', 'SecretsMountMssqlArgsDict']]]] mssqls: A nested block containing configuration options for MSSQL connections.
|
1217
1424
|
*See Configuration Options for more info*
|
1218
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
1425
|
+
:param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMysqlAuroraArgs', 'SecretsMountMysqlAuroraArgsDict']]]] mysql_auroras: A nested block containing configuration options for Aurora MySQL connections.
|
1219
1426
|
*See Configuration Options for more info*
|
1220
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
1427
|
+
:param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMysqlLegacyArgs', 'SecretsMountMysqlLegacyArgsDict']]]] mysql_legacies: A nested block containing configuration options for legacy MySQL connections.
|
1221
1428
|
*See Configuration Options for more info*
|
1222
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
1429
|
+
:param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMysqlRdArgs', 'SecretsMountMysqlRdArgsDict']]]] mysql_rds: A nested block containing configuration options for RDS MySQL connections.
|
1223
1430
|
*See Configuration Options for more info*
|
1224
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
1431
|
+
:param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMysqlArgs', 'SecretsMountMysqlArgsDict']]]] mysqls: A nested block containing configuration options for MySQL connections.
|
1225
1432
|
*See Configuration Options for more info*
|
1226
1433
|
:param pulumi.Input[str] namespace: Target namespace. (requires Enterprise)
|
1227
|
-
:param pulumi.Input[Mapping[str,
|
1228
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
1434
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] options: Specifies mount type specific options that are passed to the backend
|
1435
|
+
:param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountOracleArgs', 'SecretsMountOracleArgsDict']]]] oracles: A nested block containing configuration options for Oracle connections.
|
1229
1436
|
*See Configuration Options for more info*
|
1437
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] passthrough_request_headers: List of headers to allow and pass from the request to the plugin
|
1230
1438
|
:param pulumi.Input[str] path: Where the secret backend will be mounted
|
1231
|
-
:param pulumi.Input[
|
1439
|
+
:param pulumi.Input[str] plugin_version: Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
|
1440
|
+
:param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountPostgresqlArgs', 'SecretsMountPostgresqlArgsDict']]]] postgresqls: A nested block containing configuration options for PostgreSQL connections.
|
1232
1441
|
*See Configuration Options for more info*
|
1233
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
1442
|
+
:param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountRediArgs', 'SecretsMountRediArgsDict']]]] redis: A nested block containing configuration options for Redis connections.
|
1234
1443
|
*See Configuration Options for more info*
|
1235
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
1444
|
+
:param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountRedisElasticachArgs', 'SecretsMountRedisElasticachArgsDict']]]] redis_elasticaches: A nested block containing configuration options for Redis ElastiCache connections.
|
1236
1445
|
*See Configuration Options for more info*
|
1237
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
1446
|
+
:param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountRedshiftArgs', 'SecretsMountRedshiftArgsDict']]]] redshifts: A nested block containing configuration options for AWS Redshift connections.
|
1238
1447
|
*See Configuration Options for more info*
|
1239
1448
|
:param pulumi.Input[bool] seal_wrap: Boolean flag that can be explicitly set to true to enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
|
1240
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
1449
|
+
:param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountSnowflakeArgs', 'SecretsMountSnowflakeArgsDict']]]] snowflakes: A nested block containing configuration options for Snowflake connections.
|
1241
1450
|
*See Configuration Options for more info*
|
1242
1451
|
"""
|
1243
1452
|
...
|
@@ -1249,29 +1458,29 @@ class SecretsMount(pulumi.CustomResource):
|
|
1249
1458
|
"""
|
1250
1459
|
## Example Usage
|
1251
1460
|
|
1252
|
-
<!--Start PulumiCodeChooser -->
|
1253
1461
|
```python
|
1254
1462
|
import pulumi
|
1255
1463
|
import pulumi_vault as vault
|
1256
1464
|
|
1257
1465
|
db = vault.database.SecretsMount("db",
|
1258
1466
|
path="db",
|
1259
|
-
mssqls=[
|
1260
|
-
name
|
1261
|
-
username
|
1262
|
-
password
|
1263
|
-
connection_url
|
1264
|
-
allowed_roles
|
1265
|
-
|
1266
|
-
postgresqls=[
|
1267
|
-
name
|
1268
|
-
username
|
1269
|
-
password
|
1270
|
-
connection_url
|
1271
|
-
verify_connection
|
1272
|
-
allowed_roles
|
1273
|
-
|
1467
|
+
mssqls=[{
|
1468
|
+
"name": "db1",
|
1469
|
+
"username": "sa",
|
1470
|
+
"password": "super_secret_1",
|
1471
|
+
"connection_url": "sqlserver://{{username}}:{{password}}@127.0.0.1:1433",
|
1472
|
+
"allowed_roles": ["dev1"],
|
1473
|
+
}],
|
1474
|
+
postgresqls=[{
|
1475
|
+
"name": "db2",
|
1476
|
+
"username": "postgres",
|
1477
|
+
"password": "super_secret_2",
|
1478
|
+
"connection_url": "postgresql://{{username}}:{{password}}@127.0.0.1:5432/postgres",
|
1479
|
+
"verify_connection": True,
|
1480
|
+
"allowed_roles": ["dev2"],
|
1481
|
+
}])
|
1274
1482
|
dev1 = vault.database.SecretBackendRole("dev1",
|
1483
|
+
name="dev1",
|
1275
1484
|
backend=db.path,
|
1276
1485
|
db_name=db.mssqls[0].name,
|
1277
1486
|
creation_statements=[
|
@@ -1280,6 +1489,7 @@ class SecretsMount(pulumi.CustomResource):
|
|
1280
1489
|
"GRANT SELECT ON SCHEMA::dbo TO [{{name}}];",
|
1281
1490
|
])
|
1282
1491
|
dev2 = vault.database.SecretBackendRole("dev2",
|
1492
|
+
name="dev2",
|
1283
1493
|
backend=db.path,
|
1284
1494
|
db_name=db.postgresqls[0].name,
|
1285
1495
|
creation_statements=[
|
@@ -1287,7 +1497,6 @@ class SecretsMount(pulumi.CustomResource):
|
|
1287
1497
|
"GRANT SELECT ON ALL TABLES IN SCHEMA public TO \\"{{name}}\\";",
|
1288
1498
|
])
|
1289
1499
|
```
|
1290
|
-
<!--End PulumiCodeChooser -->
|
1291
1500
|
|
1292
1501
|
## Import
|
1293
1502
|
|
@@ -1313,35 +1522,41 @@ class SecretsMount(pulumi.CustomResource):
|
|
1313
1522
|
resource_name: str,
|
1314
1523
|
opts: Optional[pulumi.ResourceOptions] = None,
|
1315
1524
|
allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1525
|
+
allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1316
1526
|
audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1317
1527
|
audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1318
|
-
cassandras: Optional[pulumi.Input[Sequence[pulumi.Input[
|
1319
|
-
couchbases: Optional[pulumi.Input[Sequence[pulumi.Input[
|
1528
|
+
cassandras: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountCassandraArgs', 'SecretsMountCassandraArgsDict']]]]] = None,
|
1529
|
+
couchbases: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountCouchbaseArgs', 'SecretsMountCouchbaseArgsDict']]]]] = None,
|
1320
1530
|
default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
1531
|
+
delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1321
1532
|
description: Optional[pulumi.Input[str]] = None,
|
1322
|
-
elasticsearches: Optional[pulumi.Input[Sequence[pulumi.Input[
|
1533
|
+
elasticsearches: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountElasticsearchArgs', 'SecretsMountElasticsearchArgsDict']]]]] = None,
|
1323
1534
|
external_entropy_access: Optional[pulumi.Input[bool]] = None,
|
1324
|
-
hanas: Optional[pulumi.Input[Sequence[pulumi.Input[
|
1325
|
-
|
1535
|
+
hanas: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountHanaArgs', 'SecretsMountHanaArgsDict']]]]] = None,
|
1536
|
+
identity_token_key: Optional[pulumi.Input[str]] = None,
|
1537
|
+
influxdbs: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountInfluxdbArgs', 'SecretsMountInfluxdbArgsDict']]]]] = None,
|
1538
|
+
listing_visibility: Optional[pulumi.Input[str]] = None,
|
1326
1539
|
local: Optional[pulumi.Input[bool]] = None,
|
1327
1540
|
max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
1328
|
-
mongodbatlas: Optional[pulumi.Input[Sequence[pulumi.Input[
|
1329
|
-
mongodbs: Optional[pulumi.Input[Sequence[pulumi.Input[
|
1330
|
-
mssqls: Optional[pulumi.Input[Sequence[pulumi.Input[
|
1331
|
-
mysql_auroras: Optional[pulumi.Input[Sequence[pulumi.Input[
|
1332
|
-
mysql_legacies: Optional[pulumi.Input[Sequence[pulumi.Input[
|
1333
|
-
mysql_rds: Optional[pulumi.Input[Sequence[pulumi.Input[
|
1334
|
-
mysqls: Optional[pulumi.Input[Sequence[pulumi.Input[
|
1541
|
+
mongodbatlas: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMongodbatlaArgs', 'SecretsMountMongodbatlaArgsDict']]]]] = None,
|
1542
|
+
mongodbs: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMongodbArgs', 'SecretsMountMongodbArgsDict']]]]] = None,
|
1543
|
+
mssqls: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMssqlArgs', 'SecretsMountMssqlArgsDict']]]]] = None,
|
1544
|
+
mysql_auroras: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMysqlAuroraArgs', 'SecretsMountMysqlAuroraArgsDict']]]]] = None,
|
1545
|
+
mysql_legacies: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMysqlLegacyArgs', 'SecretsMountMysqlLegacyArgsDict']]]]] = None,
|
1546
|
+
mysql_rds: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMysqlRdArgs', 'SecretsMountMysqlRdArgsDict']]]]] = None,
|
1547
|
+
mysqls: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMysqlArgs', 'SecretsMountMysqlArgsDict']]]]] = None,
|
1335
1548
|
namespace: Optional[pulumi.Input[str]] = None,
|
1336
|
-
options: Optional[pulumi.Input[Mapping[str,
|
1337
|
-
oracles: Optional[pulumi.Input[Sequence[pulumi.Input[
|
1549
|
+
options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
1550
|
+
oracles: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountOracleArgs', 'SecretsMountOracleArgsDict']]]]] = None,
|
1551
|
+
passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1338
1552
|
path: Optional[pulumi.Input[str]] = None,
|
1339
|
-
|
1340
|
-
|
1341
|
-
|
1342
|
-
|
1553
|
+
plugin_version: Optional[pulumi.Input[str]] = None,
|
1554
|
+
postgresqls: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountPostgresqlArgs', 'SecretsMountPostgresqlArgsDict']]]]] = None,
|
1555
|
+
redis: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountRediArgs', 'SecretsMountRediArgsDict']]]]] = None,
|
1556
|
+
redis_elasticaches: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountRedisElasticachArgs', 'SecretsMountRedisElasticachArgsDict']]]]] = None,
|
1557
|
+
redshifts: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountRedshiftArgs', 'SecretsMountRedshiftArgsDict']]]]] = None,
|
1343
1558
|
seal_wrap: Optional[pulumi.Input[bool]] = None,
|
1344
|
-
snowflakes: Optional[pulumi.Input[Sequence[pulumi.Input[
|
1559
|
+
snowflakes: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountSnowflakeArgs', 'SecretsMountSnowflakeArgsDict']]]]] = None,
|
1345
1560
|
__props__=None):
|
1346
1561
|
opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
|
1347
1562
|
if not isinstance(opts, pulumi.ResourceOptions):
|
@@ -1352,16 +1567,20 @@ class SecretsMount(pulumi.CustomResource):
|
|
1352
1567
|
__props__ = SecretsMountArgs.__new__(SecretsMountArgs)
|
1353
1568
|
|
1354
1569
|
__props__.__dict__["allowed_managed_keys"] = allowed_managed_keys
|
1570
|
+
__props__.__dict__["allowed_response_headers"] = allowed_response_headers
|
1355
1571
|
__props__.__dict__["audit_non_hmac_request_keys"] = audit_non_hmac_request_keys
|
1356
1572
|
__props__.__dict__["audit_non_hmac_response_keys"] = audit_non_hmac_response_keys
|
1357
1573
|
__props__.__dict__["cassandras"] = cassandras
|
1358
1574
|
__props__.__dict__["couchbases"] = couchbases
|
1359
1575
|
__props__.__dict__["default_lease_ttl_seconds"] = default_lease_ttl_seconds
|
1576
|
+
__props__.__dict__["delegated_auth_accessors"] = delegated_auth_accessors
|
1360
1577
|
__props__.__dict__["description"] = description
|
1361
1578
|
__props__.__dict__["elasticsearches"] = elasticsearches
|
1362
1579
|
__props__.__dict__["external_entropy_access"] = external_entropy_access
|
1363
1580
|
__props__.__dict__["hanas"] = hanas
|
1581
|
+
__props__.__dict__["identity_token_key"] = identity_token_key
|
1364
1582
|
__props__.__dict__["influxdbs"] = influxdbs
|
1583
|
+
__props__.__dict__["listing_visibility"] = listing_visibility
|
1365
1584
|
__props__.__dict__["local"] = local
|
1366
1585
|
__props__.__dict__["max_lease_ttl_seconds"] = max_lease_ttl_seconds
|
1367
1586
|
__props__.__dict__["mongodbatlas"] = mongodbatlas
|
@@ -1374,9 +1593,11 @@ class SecretsMount(pulumi.CustomResource):
|
|
1374
1593
|
__props__.__dict__["namespace"] = namespace
|
1375
1594
|
__props__.__dict__["options"] = options
|
1376
1595
|
__props__.__dict__["oracles"] = oracles
|
1596
|
+
__props__.__dict__["passthrough_request_headers"] = passthrough_request_headers
|
1377
1597
|
if path is None and not opts.urn:
|
1378
1598
|
raise TypeError("Missing required property 'path'")
|
1379
1599
|
__props__.__dict__["path"] = path
|
1600
|
+
__props__.__dict__["plugin_version"] = plugin_version
|
1380
1601
|
__props__.__dict__["postgresqls"] = postgresqls
|
1381
1602
|
__props__.__dict__["redis"] = redis
|
1382
1603
|
__props__.__dict__["redis_elasticaches"] = redis_elasticaches
|
@@ -1397,36 +1618,42 @@ class SecretsMount(pulumi.CustomResource):
|
|
1397
1618
|
opts: Optional[pulumi.ResourceOptions] = None,
|
1398
1619
|
accessor: Optional[pulumi.Input[str]] = None,
|
1399
1620
|
allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1621
|
+
allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1400
1622
|
audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1401
1623
|
audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1402
|
-
cassandras: Optional[pulumi.Input[Sequence[pulumi.Input[
|
1403
|
-
couchbases: Optional[pulumi.Input[Sequence[pulumi.Input[
|
1624
|
+
cassandras: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountCassandraArgs', 'SecretsMountCassandraArgsDict']]]]] = None,
|
1625
|
+
couchbases: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountCouchbaseArgs', 'SecretsMountCouchbaseArgsDict']]]]] = None,
|
1404
1626
|
default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
1627
|
+
delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1405
1628
|
description: Optional[pulumi.Input[str]] = None,
|
1406
|
-
elasticsearches: Optional[pulumi.Input[Sequence[pulumi.Input[
|
1629
|
+
elasticsearches: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountElasticsearchArgs', 'SecretsMountElasticsearchArgsDict']]]]] = None,
|
1407
1630
|
engine_count: Optional[pulumi.Input[int]] = None,
|
1408
1631
|
external_entropy_access: Optional[pulumi.Input[bool]] = None,
|
1409
|
-
hanas: Optional[pulumi.Input[Sequence[pulumi.Input[
|
1410
|
-
|
1632
|
+
hanas: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountHanaArgs', 'SecretsMountHanaArgsDict']]]]] = None,
|
1633
|
+
identity_token_key: Optional[pulumi.Input[str]] = None,
|
1634
|
+
influxdbs: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountInfluxdbArgs', 'SecretsMountInfluxdbArgsDict']]]]] = None,
|
1635
|
+
listing_visibility: Optional[pulumi.Input[str]] = None,
|
1411
1636
|
local: Optional[pulumi.Input[bool]] = None,
|
1412
1637
|
max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
1413
|
-
mongodbatlas: Optional[pulumi.Input[Sequence[pulumi.Input[
|
1414
|
-
mongodbs: Optional[pulumi.Input[Sequence[pulumi.Input[
|
1415
|
-
mssqls: Optional[pulumi.Input[Sequence[pulumi.Input[
|
1416
|
-
mysql_auroras: Optional[pulumi.Input[Sequence[pulumi.Input[
|
1417
|
-
mysql_legacies: Optional[pulumi.Input[Sequence[pulumi.Input[
|
1418
|
-
mysql_rds: Optional[pulumi.Input[Sequence[pulumi.Input[
|
1419
|
-
mysqls: Optional[pulumi.Input[Sequence[pulumi.Input[
|
1638
|
+
mongodbatlas: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMongodbatlaArgs', 'SecretsMountMongodbatlaArgsDict']]]]] = None,
|
1639
|
+
mongodbs: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMongodbArgs', 'SecretsMountMongodbArgsDict']]]]] = None,
|
1640
|
+
mssqls: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMssqlArgs', 'SecretsMountMssqlArgsDict']]]]] = None,
|
1641
|
+
mysql_auroras: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMysqlAuroraArgs', 'SecretsMountMysqlAuroraArgsDict']]]]] = None,
|
1642
|
+
mysql_legacies: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMysqlLegacyArgs', 'SecretsMountMysqlLegacyArgsDict']]]]] = None,
|
1643
|
+
mysql_rds: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMysqlRdArgs', 'SecretsMountMysqlRdArgsDict']]]]] = None,
|
1644
|
+
mysqls: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMysqlArgs', 'SecretsMountMysqlArgsDict']]]]] = None,
|
1420
1645
|
namespace: Optional[pulumi.Input[str]] = None,
|
1421
|
-
options: Optional[pulumi.Input[Mapping[str,
|
1422
|
-
oracles: Optional[pulumi.Input[Sequence[pulumi.Input[
|
1646
|
+
options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
1647
|
+
oracles: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountOracleArgs', 'SecretsMountOracleArgsDict']]]]] = None,
|
1648
|
+
passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1423
1649
|
path: Optional[pulumi.Input[str]] = None,
|
1424
|
-
|
1425
|
-
|
1426
|
-
|
1427
|
-
|
1650
|
+
plugin_version: Optional[pulumi.Input[str]] = None,
|
1651
|
+
postgresqls: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountPostgresqlArgs', 'SecretsMountPostgresqlArgsDict']]]]] = None,
|
1652
|
+
redis: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountRediArgs', 'SecretsMountRediArgsDict']]]]] = None,
|
1653
|
+
redis_elasticaches: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountRedisElasticachArgs', 'SecretsMountRedisElasticachArgsDict']]]]] = None,
|
1654
|
+
redshifts: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountRedshiftArgs', 'SecretsMountRedshiftArgsDict']]]]] = None,
|
1428
1655
|
seal_wrap: Optional[pulumi.Input[bool]] = None,
|
1429
|
-
snowflakes: Optional[pulumi.Input[Sequence[pulumi.Input[
|
1656
|
+
snowflakes: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountSnowflakeArgs', 'SecretsMountSnowflakeArgsDict']]]]] = None) -> 'SecretsMount':
|
1430
1657
|
"""
|
1431
1658
|
Get an existing SecretsMount resource's state with the given name, id, and optional extra
|
1432
1659
|
properties used to qualify the lookup.
|
@@ -1438,53 +1665,59 @@ class SecretsMount(pulumi.CustomResource):
|
|
1438
1665
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_managed_keys: Set of managed key registry entry names that the mount in question is allowed to access
|
1439
1666
|
|
1440
1667
|
The following arguments are common to all database engines:
|
1668
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_response_headers: List of headers to allow and pass from the request to the plugin
|
1441
1669
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
|
1442
1670
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
|
1443
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
1671
|
+
:param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountCassandraArgs', 'SecretsMountCassandraArgsDict']]]] cassandras: A nested block containing configuration options for Cassandra connections.
|
1444
1672
|
*See Configuration Options for more info*
|
1445
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
1673
|
+
:param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountCouchbaseArgs', 'SecretsMountCouchbaseArgsDict']]]] couchbases: A nested block containing configuration options for Couchbase connections.
|
1446
1674
|
*See Configuration Options for more info*
|
1447
1675
|
:param pulumi.Input[int] default_lease_ttl_seconds: Default lease duration for tokens and secrets in seconds
|
1676
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] delegated_auth_accessors: List of headers to allow and pass from the request to the plugin
|
1448
1677
|
:param pulumi.Input[str] description: Human-friendly description of the mount
|
1449
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
1678
|
+
:param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountElasticsearchArgs', 'SecretsMountElasticsearchArgsDict']]]] elasticsearches: A nested block containing configuration options for Elasticsearch connections.
|
1450
1679
|
*See Configuration Options for more info*
|
1451
1680
|
:param pulumi.Input[int] engine_count: The total number of database secrets engines configured.
|
1452
1681
|
:param pulumi.Input[bool] external_entropy_access: Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source
|
1453
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
1682
|
+
:param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountHanaArgs', 'SecretsMountHanaArgsDict']]]] hanas: A nested block containing configuration options for SAP HanaDB connections.
|
1454
1683
|
*See Configuration Options for more info*
|
1455
|
-
:param pulumi.Input[
|
1684
|
+
:param pulumi.Input[str] identity_token_key: The key to use for signing plugin workload identity tokens
|
1685
|
+
:param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountInfluxdbArgs', 'SecretsMountInfluxdbArgsDict']]]] influxdbs: A nested block containing configuration options for InfluxDB connections.
|
1456
1686
|
*See Configuration Options for more info*
|
1687
|
+
:param pulumi.Input[str] listing_visibility: Specifies whether to show this mount in the UI-specific listing endpoint
|
1457
1688
|
:param pulumi.Input[bool] local: Boolean flag that can be explicitly set to true to enforce local mount in HA environment
|
1458
1689
|
:param pulumi.Input[int] max_lease_ttl_seconds: Maximum possible lease duration for tokens and secrets in seconds
|
1459
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
1690
|
+
:param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMongodbatlaArgs', 'SecretsMountMongodbatlaArgsDict']]]] mongodbatlas: A nested block containing configuration options for MongoDB Atlas connections.
|
1460
1691
|
*See Configuration Options for more info*
|
1461
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
1692
|
+
:param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMongodbArgs', 'SecretsMountMongodbArgsDict']]]] mongodbs: A nested block containing configuration options for MongoDB connections.
|
1462
1693
|
*See Configuration Options for more info*
|
1463
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
1694
|
+
:param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMssqlArgs', 'SecretsMountMssqlArgsDict']]]] mssqls: A nested block containing configuration options for MSSQL connections.
|
1464
1695
|
*See Configuration Options for more info*
|
1465
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
1696
|
+
:param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMysqlAuroraArgs', 'SecretsMountMysqlAuroraArgsDict']]]] mysql_auroras: A nested block containing configuration options for Aurora MySQL connections.
|
1466
1697
|
*See Configuration Options for more info*
|
1467
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
1698
|
+
:param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMysqlLegacyArgs', 'SecretsMountMysqlLegacyArgsDict']]]] mysql_legacies: A nested block containing configuration options for legacy MySQL connections.
|
1468
1699
|
*See Configuration Options for more info*
|
1469
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
1700
|
+
:param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMysqlRdArgs', 'SecretsMountMysqlRdArgsDict']]]] mysql_rds: A nested block containing configuration options for RDS MySQL connections.
|
1470
1701
|
*See Configuration Options for more info*
|
1471
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
1702
|
+
:param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMysqlArgs', 'SecretsMountMysqlArgsDict']]]] mysqls: A nested block containing configuration options for MySQL connections.
|
1472
1703
|
*See Configuration Options for more info*
|
1473
1704
|
:param pulumi.Input[str] namespace: Target namespace. (requires Enterprise)
|
1474
|
-
:param pulumi.Input[Mapping[str,
|
1475
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
1705
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] options: Specifies mount type specific options that are passed to the backend
|
1706
|
+
:param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountOracleArgs', 'SecretsMountOracleArgsDict']]]] oracles: A nested block containing configuration options for Oracle connections.
|
1476
1707
|
*See Configuration Options for more info*
|
1708
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] passthrough_request_headers: List of headers to allow and pass from the request to the plugin
|
1477
1709
|
:param pulumi.Input[str] path: Where the secret backend will be mounted
|
1478
|
-
:param pulumi.Input[
|
1710
|
+
:param pulumi.Input[str] plugin_version: Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
|
1711
|
+
:param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountPostgresqlArgs', 'SecretsMountPostgresqlArgsDict']]]] postgresqls: A nested block containing configuration options for PostgreSQL connections.
|
1479
1712
|
*See Configuration Options for more info*
|
1480
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
1713
|
+
:param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountRediArgs', 'SecretsMountRediArgsDict']]]] redis: A nested block containing configuration options for Redis connections.
|
1481
1714
|
*See Configuration Options for more info*
|
1482
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
1715
|
+
:param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountRedisElasticachArgs', 'SecretsMountRedisElasticachArgsDict']]]] redis_elasticaches: A nested block containing configuration options for Redis ElastiCache connections.
|
1483
1716
|
*See Configuration Options for more info*
|
1484
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
1717
|
+
:param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountRedshiftArgs', 'SecretsMountRedshiftArgsDict']]]] redshifts: A nested block containing configuration options for AWS Redshift connections.
|
1485
1718
|
*See Configuration Options for more info*
|
1486
1719
|
:param pulumi.Input[bool] seal_wrap: Boolean flag that can be explicitly set to true to enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
|
1487
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
1720
|
+
:param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountSnowflakeArgs', 'SecretsMountSnowflakeArgsDict']]]] snowflakes: A nested block containing configuration options for Snowflake connections.
|
1488
1721
|
*See Configuration Options for more info*
|
1489
1722
|
"""
|
1490
1723
|
opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
|
@@ -1493,17 +1726,21 @@ class SecretsMount(pulumi.CustomResource):
|
|
1493
1726
|
|
1494
1727
|
__props__.__dict__["accessor"] = accessor
|
1495
1728
|
__props__.__dict__["allowed_managed_keys"] = allowed_managed_keys
|
1729
|
+
__props__.__dict__["allowed_response_headers"] = allowed_response_headers
|
1496
1730
|
__props__.__dict__["audit_non_hmac_request_keys"] = audit_non_hmac_request_keys
|
1497
1731
|
__props__.__dict__["audit_non_hmac_response_keys"] = audit_non_hmac_response_keys
|
1498
1732
|
__props__.__dict__["cassandras"] = cassandras
|
1499
1733
|
__props__.__dict__["couchbases"] = couchbases
|
1500
1734
|
__props__.__dict__["default_lease_ttl_seconds"] = default_lease_ttl_seconds
|
1735
|
+
__props__.__dict__["delegated_auth_accessors"] = delegated_auth_accessors
|
1501
1736
|
__props__.__dict__["description"] = description
|
1502
1737
|
__props__.__dict__["elasticsearches"] = elasticsearches
|
1503
1738
|
__props__.__dict__["engine_count"] = engine_count
|
1504
1739
|
__props__.__dict__["external_entropy_access"] = external_entropy_access
|
1505
1740
|
__props__.__dict__["hanas"] = hanas
|
1741
|
+
__props__.__dict__["identity_token_key"] = identity_token_key
|
1506
1742
|
__props__.__dict__["influxdbs"] = influxdbs
|
1743
|
+
__props__.__dict__["listing_visibility"] = listing_visibility
|
1507
1744
|
__props__.__dict__["local"] = local
|
1508
1745
|
__props__.__dict__["max_lease_ttl_seconds"] = max_lease_ttl_seconds
|
1509
1746
|
__props__.__dict__["mongodbatlas"] = mongodbatlas
|
@@ -1516,7 +1753,9 @@ class SecretsMount(pulumi.CustomResource):
|
|
1516
1753
|
__props__.__dict__["namespace"] = namespace
|
1517
1754
|
__props__.__dict__["options"] = options
|
1518
1755
|
__props__.__dict__["oracles"] = oracles
|
1756
|
+
__props__.__dict__["passthrough_request_headers"] = passthrough_request_headers
|
1519
1757
|
__props__.__dict__["path"] = path
|
1758
|
+
__props__.__dict__["plugin_version"] = plugin_version
|
1520
1759
|
__props__.__dict__["postgresqls"] = postgresqls
|
1521
1760
|
__props__.__dict__["redis"] = redis
|
1522
1761
|
__props__.__dict__["redis_elasticaches"] = redis_elasticaches
|
@@ -1543,6 +1782,14 @@ class SecretsMount(pulumi.CustomResource):
|
|
1543
1782
|
"""
|
1544
1783
|
return pulumi.get(self, "allowed_managed_keys")
|
1545
1784
|
|
1785
|
+
@property
|
1786
|
+
@pulumi.getter(name="allowedResponseHeaders")
|
1787
|
+
def allowed_response_headers(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
1788
|
+
"""
|
1789
|
+
List of headers to allow and pass from the request to the plugin
|
1790
|
+
"""
|
1791
|
+
return pulumi.get(self, "allowed_response_headers")
|
1792
|
+
|
1546
1793
|
@property
|
1547
1794
|
@pulumi.getter(name="auditNonHmacRequestKeys")
|
1548
1795
|
def audit_non_hmac_request_keys(self) -> pulumi.Output[Sequence[str]]:
|
@@ -1585,6 +1832,14 @@ class SecretsMount(pulumi.CustomResource):
|
|
1585
1832
|
"""
|
1586
1833
|
return pulumi.get(self, "default_lease_ttl_seconds")
|
1587
1834
|
|
1835
|
+
@property
|
1836
|
+
@pulumi.getter(name="delegatedAuthAccessors")
|
1837
|
+
def delegated_auth_accessors(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
1838
|
+
"""
|
1839
|
+
List of headers to allow and pass from the request to the plugin
|
1840
|
+
"""
|
1841
|
+
return pulumi.get(self, "delegated_auth_accessors")
|
1842
|
+
|
1588
1843
|
@property
|
1589
1844
|
@pulumi.getter
|
1590
1845
|
def description(self) -> pulumi.Output[Optional[str]]:
|
@@ -1627,6 +1882,14 @@ class SecretsMount(pulumi.CustomResource):
|
|
1627
1882
|
"""
|
1628
1883
|
return pulumi.get(self, "hanas")
|
1629
1884
|
|
1885
|
+
@property
|
1886
|
+
@pulumi.getter(name="identityTokenKey")
|
1887
|
+
def identity_token_key(self) -> pulumi.Output[Optional[str]]:
|
1888
|
+
"""
|
1889
|
+
The key to use for signing plugin workload identity tokens
|
1890
|
+
"""
|
1891
|
+
return pulumi.get(self, "identity_token_key")
|
1892
|
+
|
1630
1893
|
@property
|
1631
1894
|
@pulumi.getter
|
1632
1895
|
def influxdbs(self) -> pulumi.Output[Optional[Sequence['outputs.SecretsMountInfluxdb']]]:
|
@@ -1636,6 +1899,14 @@ class SecretsMount(pulumi.CustomResource):
|
|
1636
1899
|
"""
|
1637
1900
|
return pulumi.get(self, "influxdbs")
|
1638
1901
|
|
1902
|
+
@property
|
1903
|
+
@pulumi.getter(name="listingVisibility")
|
1904
|
+
def listing_visibility(self) -> pulumi.Output[Optional[str]]:
|
1905
|
+
"""
|
1906
|
+
Specifies whether to show this mount in the UI-specific listing endpoint
|
1907
|
+
"""
|
1908
|
+
return pulumi.get(self, "listing_visibility")
|
1909
|
+
|
1639
1910
|
@property
|
1640
1911
|
@pulumi.getter
|
1641
1912
|
def local(self) -> pulumi.Output[Optional[bool]]:
|
@@ -1725,7 +1996,7 @@ class SecretsMount(pulumi.CustomResource):
|
|
1725
1996
|
|
1726
1997
|
@property
|
1727
1998
|
@pulumi.getter
|
1728
|
-
def options(self) -> pulumi.Output[Optional[Mapping[str,
|
1999
|
+
def options(self) -> pulumi.Output[Optional[Mapping[str, str]]]:
|
1729
2000
|
"""
|
1730
2001
|
Specifies mount type specific options that are passed to the backend
|
1731
2002
|
"""
|
@@ -1740,6 +2011,14 @@ class SecretsMount(pulumi.CustomResource):
|
|
1740
2011
|
"""
|
1741
2012
|
return pulumi.get(self, "oracles")
|
1742
2013
|
|
2014
|
+
@property
|
2015
|
+
@pulumi.getter(name="passthroughRequestHeaders")
|
2016
|
+
def passthrough_request_headers(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
2017
|
+
"""
|
2018
|
+
List of headers to allow and pass from the request to the plugin
|
2019
|
+
"""
|
2020
|
+
return pulumi.get(self, "passthrough_request_headers")
|
2021
|
+
|
1743
2022
|
@property
|
1744
2023
|
@pulumi.getter
|
1745
2024
|
def path(self) -> pulumi.Output[str]:
|
@@ -1748,6 +2027,14 @@ class SecretsMount(pulumi.CustomResource):
|
|
1748
2027
|
"""
|
1749
2028
|
return pulumi.get(self, "path")
|
1750
2029
|
|
2030
|
+
@property
|
2031
|
+
@pulumi.getter(name="pluginVersion")
|
2032
|
+
def plugin_version(self) -> pulumi.Output[Optional[str]]:
|
2033
|
+
"""
|
2034
|
+
Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
|
2035
|
+
"""
|
2036
|
+
return pulumi.get(self, "plugin_version")
|
2037
|
+
|
1751
2038
|
@property
|
1752
2039
|
@pulumi.getter
|
1753
2040
|
def postgresqls(self) -> pulumi.Output[Optional[Sequence['outputs.SecretsMountPostgresql']]]:
|