pulumi-vault 5.21.0a1710160723__py3-none-any.whl → 6.5.0a1736836139__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +52 -0
- pulumi_vault/_inputs.py +560 -0
- pulumi_vault/_utilities.py +41 -5
- pulumi_vault/ad/get_access_credentials.py +22 -7
- pulumi_vault/ad/secret_backend.py +14 -144
- pulumi_vault/ad/secret_library.py +14 -11
- pulumi_vault/ad/secret_role.py +12 -11
- pulumi_vault/alicloud/auth_backend_role.py +74 -192
- pulumi_vault/approle/auth_backend_login.py +12 -11
- pulumi_vault/approle/auth_backend_role.py +75 -193
- pulumi_vault/approle/auth_backend_role_secret_id.py +106 -11
- pulumi_vault/approle/get_auth_backend_role_id.py +18 -9
- pulumi_vault/audit.py +24 -27
- pulumi_vault/audit_request_header.py +11 -6
- pulumi_vault/auth_backend.py +64 -12
- pulumi_vault/aws/auth_backend_cert.py +12 -7
- pulumi_vault/aws/auth_backend_client.py +265 -24
- pulumi_vault/aws/auth_backend_config_identity.py +12 -11
- pulumi_vault/aws/auth_backend_identity_whitelist.py +18 -17
- pulumi_vault/aws/auth_backend_login.py +19 -22
- pulumi_vault/aws/auth_backend_role.py +75 -193
- pulumi_vault/aws/auth_backend_role_tag.py +12 -7
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -17
- pulumi_vault/aws/auth_backend_sts_role.py +12 -11
- pulumi_vault/aws/get_access_credentials.py +34 -7
- pulumi_vault/aws/get_static_access_credentials.py +19 -5
- pulumi_vault/aws/secret_backend.py +75 -7
- pulumi_vault/aws/secret_backend_role.py +183 -11
- pulumi_vault/aws/secret_backend_static_role.py +14 -11
- pulumi_vault/azure/_inputs.py +24 -0
- pulumi_vault/azure/auth_backend_config.py +151 -17
- pulumi_vault/azure/auth_backend_role.py +75 -193
- pulumi_vault/azure/backend.py +223 -29
- pulumi_vault/azure/backend_role.py +42 -41
- pulumi_vault/azure/get_access_credentials.py +39 -11
- pulumi_vault/azure/outputs.py +5 -0
- pulumi_vault/cert_auth_backend_role.py +87 -271
- pulumi_vault/config/__init__.pyi +5 -0
- pulumi_vault/config/_inputs.py +73 -0
- pulumi_vault/config/outputs.py +35 -0
- pulumi_vault/config/ui_custom_message.py +529 -0
- pulumi_vault/config/vars.py +5 -0
- pulumi_vault/consul/secret_backend.py +22 -25
- pulumi_vault/consul/secret_backend_role.py +14 -80
- pulumi_vault/database/_inputs.py +2770 -881
- pulumi_vault/database/outputs.py +721 -838
- pulumi_vault/database/secret_backend_connection.py +117 -114
- pulumi_vault/database/secret_backend_role.py +29 -24
- pulumi_vault/database/secret_backend_static_role.py +85 -15
- pulumi_vault/database/secrets_mount.py +425 -138
- pulumi_vault/egp_policy.py +16 -15
- pulumi_vault/gcp/_inputs.py +111 -0
- pulumi_vault/gcp/auth_backend.py +248 -35
- pulumi_vault/gcp/auth_backend_role.py +75 -271
- pulumi_vault/gcp/get_auth_backend_role.py +43 -9
- pulumi_vault/gcp/outputs.py +5 -0
- pulumi_vault/gcp/secret_backend.py +287 -16
- pulumi_vault/gcp/secret_impersonated_account.py +74 -17
- pulumi_vault/gcp/secret_roleset.py +29 -26
- pulumi_vault/gcp/secret_static_account.py +37 -34
- pulumi_vault/generic/endpoint.py +22 -21
- pulumi_vault/generic/get_secret.py +68 -12
- pulumi_vault/generic/secret.py +19 -14
- pulumi_vault/get_auth_backend.py +24 -11
- pulumi_vault/get_auth_backends.py +33 -11
- pulumi_vault/get_namespace.py +226 -0
- pulumi_vault/get_namespaces.py +153 -0
- pulumi_vault/get_nomad_access_token.py +31 -15
- pulumi_vault/get_policy_document.py +34 -23
- pulumi_vault/get_raft_autopilot_state.py +29 -14
- pulumi_vault/github/_inputs.py +55 -0
- pulumi_vault/github/auth_backend.py +17 -16
- pulumi_vault/github/outputs.py +5 -0
- pulumi_vault/github/team.py +14 -13
- pulumi_vault/github/user.py +14 -13
- pulumi_vault/identity/entity.py +18 -15
- pulumi_vault/identity/entity_alias.py +18 -15
- pulumi_vault/identity/entity_policies.py +24 -19
- pulumi_vault/identity/get_entity.py +40 -14
- pulumi_vault/identity/get_group.py +45 -13
- pulumi_vault/identity/get_oidc_client_creds.py +21 -11
- pulumi_vault/identity/get_oidc_openid_config.py +39 -13
- pulumi_vault/identity/get_oidc_public_keys.py +29 -14
- pulumi_vault/identity/group.py +50 -49
- pulumi_vault/identity/group_alias.py +14 -11
- pulumi_vault/identity/group_member_entity_ids.py +24 -74
- pulumi_vault/identity/group_member_group_ids.py +36 -27
- pulumi_vault/identity/group_policies.py +16 -15
- pulumi_vault/identity/mfa_duo.py +9 -8
- pulumi_vault/identity/mfa_login_enforcement.py +13 -8
- pulumi_vault/identity/mfa_okta.py +9 -8
- pulumi_vault/identity/mfa_pingid.py +5 -4
- pulumi_vault/identity/mfa_totp.py +5 -4
- pulumi_vault/identity/oidc.py +12 -11
- pulumi_vault/identity/oidc_assignment.py +22 -13
- pulumi_vault/identity/oidc_client.py +34 -25
- pulumi_vault/identity/oidc_key.py +28 -19
- pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -19
- pulumi_vault/identity/oidc_provider.py +34 -23
- pulumi_vault/identity/oidc_role.py +40 -27
- pulumi_vault/identity/oidc_scope.py +18 -15
- pulumi_vault/identity/outputs.py +8 -3
- pulumi_vault/jwt/_inputs.py +55 -0
- pulumi_vault/jwt/auth_backend.py +39 -46
- pulumi_vault/jwt/auth_backend_role.py +131 -260
- pulumi_vault/jwt/outputs.py +5 -0
- pulumi_vault/kmip/secret_backend.py +22 -21
- pulumi_vault/kmip/secret_role.py +12 -11
- pulumi_vault/kmip/secret_scope.py +12 -11
- pulumi_vault/kubernetes/auth_backend_config.py +55 -7
- pulumi_vault/kubernetes/auth_backend_role.py +68 -179
- pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
- pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
- pulumi_vault/kubernetes/get_service_account_token.py +39 -15
- pulumi_vault/kubernetes/secret_backend.py +314 -29
- pulumi_vault/kubernetes/secret_backend_role.py +135 -56
- pulumi_vault/kv/_inputs.py +36 -4
- pulumi_vault/kv/get_secret.py +23 -12
- pulumi_vault/kv/get_secret_subkeys_v2.py +31 -14
- pulumi_vault/kv/get_secret_v2.py +89 -9
- pulumi_vault/kv/get_secrets_list.py +22 -15
- pulumi_vault/kv/get_secrets_list_v2.py +35 -19
- pulumi_vault/kv/outputs.py +8 -3
- pulumi_vault/kv/secret.py +19 -18
- pulumi_vault/kv/secret_backend_v2.py +12 -11
- pulumi_vault/kv/secret_v2.py +55 -52
- pulumi_vault/ldap/auth_backend.py +125 -168
- pulumi_vault/ldap/auth_backend_group.py +12 -11
- pulumi_vault/ldap/auth_backend_user.py +12 -11
- pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
- pulumi_vault/ldap/get_static_credentials.py +24 -5
- pulumi_vault/ldap/secret_backend.py +352 -84
- pulumi_vault/ldap/secret_backend_dynamic_role.py +12 -11
- pulumi_vault/ldap/secret_backend_library_set.py +14 -11
- pulumi_vault/ldap/secret_backend_static_role.py +67 -12
- pulumi_vault/managed/_inputs.py +289 -132
- pulumi_vault/managed/keys.py +27 -43
- pulumi_vault/managed/outputs.py +89 -132
- pulumi_vault/mfa_duo.py +16 -13
- pulumi_vault/mfa_okta.py +16 -13
- pulumi_vault/mfa_pingid.py +16 -13
- pulumi_vault/mfa_totp.py +22 -19
- pulumi_vault/mongodbatlas/secret_backend.py +18 -17
- pulumi_vault/mongodbatlas/secret_role.py +41 -38
- pulumi_vault/mount.py +389 -65
- pulumi_vault/namespace.py +26 -21
- pulumi_vault/nomad_secret_backend.py +16 -15
- pulumi_vault/nomad_secret_role.py +12 -11
- pulumi_vault/okta/_inputs.py +47 -8
- pulumi_vault/okta/auth_backend.py +483 -41
- pulumi_vault/okta/auth_backend_group.py +12 -11
- pulumi_vault/okta/auth_backend_user.py +12 -11
- pulumi_vault/okta/outputs.py +13 -8
- pulumi_vault/outputs.py +5 -0
- pulumi_vault/password_policy.py +18 -15
- pulumi_vault/pkisecret/__init__.py +3 -0
- pulumi_vault/pkisecret/_inputs.py +81 -0
- pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
- pulumi_vault/pkisecret/backend_config_est.py +619 -0
- pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
- pulumi_vault/pkisecret/get_backend_issuer.py +63 -7
- pulumi_vault/pkisecret/get_backend_issuers.py +21 -12
- pulumi_vault/pkisecret/get_backend_key.py +24 -13
- pulumi_vault/pkisecret/get_backend_keys.py +21 -12
- pulumi_vault/pkisecret/outputs.py +69 -0
- pulumi_vault/pkisecret/secret_backend_cert.py +18 -15
- pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -15
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +12 -11
- pulumi_vault/pkisecret/secret_backend_config_urls.py +59 -11
- pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -13
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -15
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -21
- pulumi_vault/pkisecret/secret_backend_issuer.py +12 -11
- pulumi_vault/pkisecret/secret_backend_key.py +12 -7
- pulumi_vault/pkisecret/secret_backend_role.py +19 -16
- pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -52
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -62
- pulumi_vault/pkisecret/secret_backend_sign.py +18 -60
- pulumi_vault/plugin.py +595 -0
- pulumi_vault/plugin_pinned_version.py +298 -0
- pulumi_vault/policy.py +12 -7
- pulumi_vault/provider.py +48 -53
- pulumi_vault/pulumi-plugin.json +2 -1
- pulumi_vault/quota_lease_count.py +58 -8
- pulumi_vault/quota_rate_limit.py +54 -4
- pulumi_vault/rabbitmq/_inputs.py +61 -0
- pulumi_vault/rabbitmq/outputs.py +5 -0
- pulumi_vault/rabbitmq/secret_backend.py +16 -15
- pulumi_vault/rabbitmq/secret_backend_role.py +52 -49
- pulumi_vault/raft_autopilot.py +12 -11
- pulumi_vault/raft_snapshot_agent_config.py +121 -311
- pulumi_vault/rgp_policy.py +14 -13
- pulumi_vault/saml/auth_backend.py +20 -19
- pulumi_vault/saml/auth_backend_role.py +90 -199
- pulumi_vault/secrets/__init__.py +3 -0
- pulumi_vault/secrets/_inputs.py +110 -0
- pulumi_vault/secrets/outputs.py +94 -0
- pulumi_vault/secrets/sync_association.py +56 -75
- pulumi_vault/secrets/sync_aws_destination.py +240 -29
- pulumi_vault/secrets/sync_azure_destination.py +90 -33
- pulumi_vault/secrets/sync_config.py +7 -6
- pulumi_vault/secrets/sync_gcp_destination.py +156 -27
- pulumi_vault/secrets/sync_gh_destination.py +187 -15
- pulumi_vault/secrets/sync_github_apps.py +375 -0
- pulumi_vault/secrets/sync_vercel_destination.py +72 -15
- pulumi_vault/ssh/_inputs.py +28 -32
- pulumi_vault/ssh/outputs.py +11 -32
- pulumi_vault/ssh/secret_backend_ca.py +106 -11
- pulumi_vault/ssh/secret_backend_role.py +83 -120
- pulumi_vault/terraformcloud/secret_backend.py +5 -56
- pulumi_vault/terraformcloud/secret_creds.py +14 -24
- pulumi_vault/terraformcloud/secret_role.py +14 -76
- pulumi_vault/token.py +26 -25
- pulumi_vault/tokenauth/auth_backend_role.py +76 -201
- pulumi_vault/transform/alphabet.py +16 -13
- pulumi_vault/transform/get_decode.py +45 -21
- pulumi_vault/transform/get_encode.py +45 -21
- pulumi_vault/transform/role.py +16 -13
- pulumi_vault/transform/template.py +30 -25
- pulumi_vault/transform/transformation.py +12 -7
- pulumi_vault/transit/get_decrypt.py +26 -25
- pulumi_vault/transit/get_encrypt.py +24 -19
- pulumi_vault/transit/secret_backend_key.py +25 -97
- pulumi_vault/transit/secret_cache_config.py +12 -11
- {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/METADATA +8 -7
- pulumi_vault-6.5.0a1736836139.dist-info/RECORD +256 -0
- {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/WHEEL +1 -1
- pulumi_vault-5.21.0a1710160723.dist-info/RECORD +0 -244
- {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/top_level.txt +0 -0
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
|
12
17
|
__all__ = ['OidcClientArgs', 'OidcClient']
|
@@ -36,7 +41,7 @@ class OidcClientArgs:
|
|
36
41
|
:param pulumi.Input[str] name: The name of the client.
|
37
42
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
38
43
|
The value should not contain leading or trailing forward slashes.
|
39
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
44
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
40
45
|
*Available only for Vault Enterprise*.
|
41
46
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] redirect_uris: Redirection URI values used by the client.
|
42
47
|
One of these values must exactly match the `redirect_uri` parameter value
|
@@ -141,7 +146,7 @@ class OidcClientArgs:
|
|
141
146
|
"""
|
142
147
|
The namespace to provision the resource in.
|
143
148
|
The value should not contain leading or trailing forward slashes.
|
144
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
149
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
145
150
|
*Available only for Vault Enterprise*.
|
146
151
|
"""
|
147
152
|
return pulumi.get(self, "namespace")
|
@@ -182,8 +187,9 @@ class _OidcClientState:
|
|
182
187
|
Input properties used for looking up and filtering OidcClient resources.
|
183
188
|
:param pulumi.Input[int] access_token_ttl: The time-to-live for access tokens obtained by the client.
|
184
189
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] assignments: A list of assignment resources associated with the client.
|
185
|
-
:param pulumi.Input[str] client_id: The Client ID
|
186
|
-
:param pulumi.Input[str] client_secret: The Client Secret
|
190
|
+
:param pulumi.Input[str] client_id: The Client ID returned by Vault.
|
191
|
+
:param pulumi.Input[str] client_secret: The Client Secret Key returned by Vault.
|
192
|
+
For public OpenID Clients `client_secret` is set to an empty string `""`
|
187
193
|
:param pulumi.Input[str] client_type: The client type based on its ability to maintain confidentiality of credentials.
|
188
194
|
The following client types are supported: `confidential`, `public`. Defaults to `confidential`.
|
189
195
|
:param pulumi.Input[int] id_token_ttl: The time-to-live for ID tokens obtained by the client.
|
@@ -194,7 +200,7 @@ class _OidcClientState:
|
|
194
200
|
:param pulumi.Input[str] name: The name of the client.
|
195
201
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
196
202
|
The value should not contain leading or trailing forward slashes.
|
197
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
203
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
198
204
|
*Available only for Vault Enterprise*.
|
199
205
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] redirect_uris: Redirection URI values used by the client.
|
200
206
|
One of these values must exactly match the `redirect_uri` parameter value
|
@@ -249,7 +255,7 @@ class _OidcClientState:
|
|
249
255
|
@pulumi.getter(name="clientId")
|
250
256
|
def client_id(self) -> Optional[pulumi.Input[str]]:
|
251
257
|
"""
|
252
|
-
The Client ID
|
258
|
+
The Client ID returned by Vault.
|
253
259
|
"""
|
254
260
|
return pulumi.get(self, "client_id")
|
255
261
|
|
@@ -261,7 +267,8 @@ class _OidcClientState:
|
|
261
267
|
@pulumi.getter(name="clientSecret")
|
262
268
|
def client_secret(self) -> Optional[pulumi.Input[str]]:
|
263
269
|
"""
|
264
|
-
The Client Secret
|
270
|
+
The Client Secret Key returned by Vault.
|
271
|
+
For public OpenID Clients `client_secret` is set to an empty string `""`
|
265
272
|
"""
|
266
273
|
return pulumi.get(self, "client_secret")
|
267
274
|
|
@@ -327,7 +334,7 @@ class _OidcClientState:
|
|
327
334
|
"""
|
328
335
|
The namespace to provision the resource in.
|
329
336
|
The value should not contain leading or trailing forward slashes.
|
330
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
337
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
331
338
|
*Available only for Vault Enterprise*.
|
332
339
|
"""
|
333
340
|
return pulumi.get(self, "namespace")
|
@@ -371,25 +378,25 @@ class OidcClient(pulumi.CustomResource):
|
|
371
378
|
|
372
379
|
## Example Usage
|
373
380
|
|
374
|
-
<!--Start PulumiCodeChooser -->
|
375
381
|
```python
|
376
382
|
import pulumi
|
377
383
|
import pulumi_vault as vault
|
378
384
|
|
379
|
-
|
385
|
+
test = vault.identity.OidcAssignment("test",
|
386
|
+
name="my-assignment",
|
380
387
|
entity_ids=["ascbascas-2231a-sdfaa"],
|
381
388
|
group_ids=["sajkdsad-32414-sfsada"])
|
382
|
-
test_oidc_client = vault.identity.OidcClient("
|
389
|
+
test_oidc_client = vault.identity.OidcClient("test",
|
390
|
+
name="my-app",
|
383
391
|
redirect_uris=[
|
384
392
|
"http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback",
|
385
393
|
"http://127.0.0.1:8251/callback",
|
386
394
|
"http://127.0.0.1:8080/callback",
|
387
395
|
],
|
388
|
-
assignments=[
|
396
|
+
assignments=[test.name],
|
389
397
|
id_token_ttl=2400,
|
390
398
|
access_token_ttl=7200)
|
391
399
|
```
|
392
|
-
<!--End PulumiCodeChooser -->
|
393
400
|
|
394
401
|
## Import
|
395
402
|
|
@@ -413,7 +420,7 @@ class OidcClient(pulumi.CustomResource):
|
|
413
420
|
:param pulumi.Input[str] name: The name of the client.
|
414
421
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
415
422
|
The value should not contain leading or trailing forward slashes.
|
416
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
423
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
417
424
|
*Available only for Vault Enterprise*.
|
418
425
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] redirect_uris: Redirection URI values used by the client.
|
419
426
|
One of these values must exactly match the `redirect_uri` parameter value
|
@@ -431,25 +438,25 @@ class OidcClient(pulumi.CustomResource):
|
|
431
438
|
|
432
439
|
## Example Usage
|
433
440
|
|
434
|
-
<!--Start PulumiCodeChooser -->
|
435
441
|
```python
|
436
442
|
import pulumi
|
437
443
|
import pulumi_vault as vault
|
438
444
|
|
439
|
-
|
445
|
+
test = vault.identity.OidcAssignment("test",
|
446
|
+
name="my-assignment",
|
440
447
|
entity_ids=["ascbascas-2231a-sdfaa"],
|
441
448
|
group_ids=["sajkdsad-32414-sfsada"])
|
442
|
-
test_oidc_client = vault.identity.OidcClient("
|
449
|
+
test_oidc_client = vault.identity.OidcClient("test",
|
450
|
+
name="my-app",
|
443
451
|
redirect_uris=[
|
444
452
|
"http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback",
|
445
453
|
"http://127.0.0.1:8251/callback",
|
446
454
|
"http://127.0.0.1:8080/callback",
|
447
455
|
],
|
448
|
-
assignments=[
|
456
|
+
assignments=[test.name],
|
449
457
|
id_token_ttl=2400,
|
450
458
|
access_token_ttl=7200)
|
451
459
|
```
|
452
|
-
<!--End PulumiCodeChooser -->
|
453
460
|
|
454
461
|
## Import
|
455
462
|
|
@@ -532,8 +539,9 @@ class OidcClient(pulumi.CustomResource):
|
|
532
539
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
533
540
|
:param pulumi.Input[int] access_token_ttl: The time-to-live for access tokens obtained by the client.
|
534
541
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] assignments: A list of assignment resources associated with the client.
|
535
|
-
:param pulumi.Input[str] client_id: The Client ID
|
536
|
-
:param pulumi.Input[str] client_secret: The Client Secret
|
542
|
+
:param pulumi.Input[str] client_id: The Client ID returned by Vault.
|
543
|
+
:param pulumi.Input[str] client_secret: The Client Secret Key returned by Vault.
|
544
|
+
For public OpenID Clients `client_secret` is set to an empty string `""`
|
537
545
|
:param pulumi.Input[str] client_type: The client type based on its ability to maintain confidentiality of credentials.
|
538
546
|
The following client types are supported: `confidential`, `public`. Defaults to `confidential`.
|
539
547
|
:param pulumi.Input[int] id_token_ttl: The time-to-live for ID tokens obtained by the client.
|
@@ -544,7 +552,7 @@ class OidcClient(pulumi.CustomResource):
|
|
544
552
|
:param pulumi.Input[str] name: The name of the client.
|
545
553
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
546
554
|
The value should not contain leading or trailing forward slashes.
|
547
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
555
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
548
556
|
*Available only for Vault Enterprise*.
|
549
557
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] redirect_uris: Redirection URI values used by the client.
|
550
558
|
One of these values must exactly match the `redirect_uri` parameter value
|
@@ -586,7 +594,7 @@ class OidcClient(pulumi.CustomResource):
|
|
586
594
|
@pulumi.getter(name="clientId")
|
587
595
|
def client_id(self) -> pulumi.Output[str]:
|
588
596
|
"""
|
589
|
-
The Client ID
|
597
|
+
The Client ID returned by Vault.
|
590
598
|
"""
|
591
599
|
return pulumi.get(self, "client_id")
|
592
600
|
|
@@ -594,7 +602,8 @@ class OidcClient(pulumi.CustomResource):
|
|
594
602
|
@pulumi.getter(name="clientSecret")
|
595
603
|
def client_secret(self) -> pulumi.Output[str]:
|
596
604
|
"""
|
597
|
-
The Client Secret
|
605
|
+
The Client Secret Key returned by Vault.
|
606
|
+
For public OpenID Clients `client_secret` is set to an empty string `""`
|
598
607
|
"""
|
599
608
|
return pulumi.get(self, "client_secret")
|
600
609
|
|
@@ -640,7 +649,7 @@ class OidcClient(pulumi.CustomResource):
|
|
640
649
|
"""
|
641
650
|
The namespace to provision the resource in.
|
642
651
|
The value should not contain leading or trailing forward slashes.
|
643
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
652
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
644
653
|
*Available only for Vault Enterprise*.
|
645
654
|
"""
|
646
655
|
return pulumi.get(self, "namespace")
|
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
|
12
17
|
__all__ = ['OidcKeyArgs', 'OidcKey']
|
@@ -29,7 +34,7 @@ class OidcKeyArgs:
|
|
29
34
|
:param pulumi.Input[str] name: Name of the OIDC Key to create.
|
30
35
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
31
36
|
The value should not contain leading or trailing forward slashes.
|
32
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
37
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
33
38
|
*Available only for Vault Enterprise*.
|
34
39
|
:param pulumi.Input[int] rotation_period: How often to generate a new signing key in number of seconds
|
35
40
|
:param pulumi.Input[int] verification_ttl: "Controls how long the public portion of a signing key will be
|
@@ -92,7 +97,7 @@ class OidcKeyArgs:
|
|
92
97
|
"""
|
93
98
|
The namespace to provision the resource in.
|
94
99
|
The value should not contain leading or trailing forward slashes.
|
95
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
100
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
96
101
|
*Available only for Vault Enterprise*.
|
97
102
|
"""
|
98
103
|
return pulumi.get(self, "namespace")
|
@@ -145,7 +150,7 @@ class _OidcKeyState:
|
|
145
150
|
:param pulumi.Input[str] name: Name of the OIDC Key to create.
|
146
151
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
147
152
|
The value should not contain leading or trailing forward slashes.
|
148
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
153
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
149
154
|
*Available only for Vault Enterprise*.
|
150
155
|
:param pulumi.Input[int] rotation_period: How often to generate a new signing key in number of seconds
|
151
156
|
:param pulumi.Input[int] verification_ttl: "Controls how long the public portion of a signing key will be
|
@@ -208,7 +213,7 @@ class _OidcKeyState:
|
|
208
213
|
"""
|
209
214
|
The namespace to provision the resource in.
|
210
215
|
The value should not contain leading or trailing forward slashes.
|
211
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
216
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
212
217
|
*Available only for Vault Enterprise*.
|
213
218
|
"""
|
214
219
|
return pulumi.get(self, "namespace")
|
@@ -258,18 +263,20 @@ class OidcKey(pulumi.CustomResource):
|
|
258
263
|
"""
|
259
264
|
## Example Usage
|
260
265
|
|
261
|
-
<!--Start PulumiCodeChooser -->
|
262
266
|
```python
|
263
267
|
import pulumi
|
264
268
|
import pulumi_vault as vault
|
265
269
|
|
266
|
-
key = vault.identity.OidcKey("key",
|
267
|
-
|
268
|
-
|
270
|
+
key = vault.identity.OidcKey("key",
|
271
|
+
name="key",
|
272
|
+
algorithm="RS256")
|
273
|
+
role = vault.identity.OidcRole("role",
|
274
|
+
name="role",
|
275
|
+
key=key.name)
|
276
|
+
role_oidc_key_allowed_client_id = vault.identity.OidcKeyAllowedClientID("role",
|
269
277
|
key_name=key.name,
|
270
|
-
allowed_client_id=
|
278
|
+
allowed_client_id=role.client_id)
|
271
279
|
```
|
272
|
-
<!--End PulumiCodeChooser -->
|
273
280
|
|
274
281
|
## Import
|
275
282
|
|
@@ -288,7 +295,7 @@ class OidcKey(pulumi.CustomResource):
|
|
288
295
|
:param pulumi.Input[str] name: Name of the OIDC Key to create.
|
289
296
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
290
297
|
The value should not contain leading or trailing forward slashes.
|
291
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
298
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
292
299
|
*Available only for Vault Enterprise*.
|
293
300
|
:param pulumi.Input[int] rotation_period: How often to generate a new signing key in number of seconds
|
294
301
|
:param pulumi.Input[int] verification_ttl: "Controls how long the public portion of a signing key will be
|
@@ -303,18 +310,20 @@ class OidcKey(pulumi.CustomResource):
|
|
303
310
|
"""
|
304
311
|
## Example Usage
|
305
312
|
|
306
|
-
<!--Start PulumiCodeChooser -->
|
307
313
|
```python
|
308
314
|
import pulumi
|
309
315
|
import pulumi_vault as vault
|
310
316
|
|
311
|
-
key = vault.identity.OidcKey("key",
|
312
|
-
|
313
|
-
|
317
|
+
key = vault.identity.OidcKey("key",
|
318
|
+
name="key",
|
319
|
+
algorithm="RS256")
|
320
|
+
role = vault.identity.OidcRole("role",
|
321
|
+
name="role",
|
322
|
+
key=key.name)
|
323
|
+
role_oidc_key_allowed_client_id = vault.identity.OidcKeyAllowedClientID("role",
|
314
324
|
key_name=key.name,
|
315
|
-
allowed_client_id=
|
325
|
+
allowed_client_id=role.client_id)
|
316
326
|
```
|
317
|
-
<!--End PulumiCodeChooser -->
|
318
327
|
|
319
328
|
## Import
|
320
329
|
|
@@ -390,7 +399,7 @@ class OidcKey(pulumi.CustomResource):
|
|
390
399
|
:param pulumi.Input[str] name: Name of the OIDC Key to create.
|
391
400
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
392
401
|
The value should not contain leading or trailing forward slashes.
|
393
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
402
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
394
403
|
*Available only for Vault Enterprise*.
|
395
404
|
:param pulumi.Input[int] rotation_period: How often to generate a new signing key in number of seconds
|
396
405
|
:param pulumi.Input[int] verification_ttl: "Controls how long the public portion of a signing key will be
|
@@ -440,7 +449,7 @@ class OidcKey(pulumi.CustomResource):
|
|
440
449
|
"""
|
441
450
|
The namespace to provision the resource in.
|
442
451
|
The value should not contain leading or trailing forward slashes.
|
443
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
452
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
444
453
|
*Available only for Vault Enterprise*.
|
445
454
|
"""
|
446
455
|
return pulumi.get(self, "namespace")
|
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
|
12
17
|
__all__ = ['OidcKeyAllowedClientIDArgs', 'OidcKeyAllowedClientID']
|
@@ -23,7 +28,7 @@ class OidcKeyAllowedClientIDArgs:
|
|
23
28
|
:param pulumi.Input[str] key_name: Name of the OIDC Key allow the Client ID.
|
24
29
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
25
30
|
The value should not contain leading or trailing forward slashes.
|
26
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
31
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
27
32
|
*Available only for Vault Enterprise*.
|
28
33
|
"""
|
29
34
|
pulumi.set(__self__, "allowed_client_id", allowed_client_id)
|
@@ -61,7 +66,7 @@ class OidcKeyAllowedClientIDArgs:
|
|
61
66
|
"""
|
62
67
|
The namespace to provision the resource in.
|
63
68
|
The value should not contain leading or trailing forward slashes.
|
64
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
69
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
65
70
|
*Available only for Vault Enterprise*.
|
66
71
|
"""
|
67
72
|
return pulumi.get(self, "namespace")
|
@@ -83,7 +88,7 @@ class _OidcKeyAllowedClientIDState:
|
|
83
88
|
:param pulumi.Input[str] key_name: Name of the OIDC Key allow the Client ID.
|
84
89
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
85
90
|
The value should not contain leading or trailing forward slashes.
|
86
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
91
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
87
92
|
*Available only for Vault Enterprise*.
|
88
93
|
"""
|
89
94
|
if allowed_client_id is not None:
|
@@ -123,7 +128,7 @@ class _OidcKeyAllowedClientIDState:
|
|
123
128
|
"""
|
124
129
|
The namespace to provision the resource in.
|
125
130
|
The value should not contain leading or trailing forward slashes.
|
126
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
131
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
127
132
|
*Available only for Vault Enterprise*.
|
128
133
|
"""
|
129
134
|
return pulumi.get(self, "namespace")
|
@@ -145,18 +150,20 @@ class OidcKeyAllowedClientID(pulumi.CustomResource):
|
|
145
150
|
"""
|
146
151
|
## Example Usage
|
147
152
|
|
148
|
-
<!--Start PulumiCodeChooser -->
|
149
153
|
```python
|
150
154
|
import pulumi
|
151
155
|
import pulumi_vault as vault
|
152
156
|
|
153
|
-
key = vault.identity.OidcKey("key",
|
154
|
-
|
155
|
-
|
157
|
+
key = vault.identity.OidcKey("key",
|
158
|
+
name="key",
|
159
|
+
algorithm="RS256")
|
160
|
+
role = vault.identity.OidcRole("role",
|
161
|
+
name="role",
|
162
|
+
key=key.name)
|
163
|
+
role_oidc_key_allowed_client_id = vault.identity.OidcKeyAllowedClientID("role",
|
156
164
|
key_name=key.name,
|
157
|
-
allowed_client_id=
|
165
|
+
allowed_client_id=role.client_id)
|
158
166
|
```
|
159
|
-
<!--End PulumiCodeChooser -->
|
160
167
|
|
161
168
|
:param str resource_name: The name of the resource.
|
162
169
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
@@ -164,7 +171,7 @@ class OidcKeyAllowedClientID(pulumi.CustomResource):
|
|
164
171
|
:param pulumi.Input[str] key_name: Name of the OIDC Key allow the Client ID.
|
165
172
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
166
173
|
The value should not contain leading or trailing forward slashes.
|
167
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
174
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
168
175
|
*Available only for Vault Enterprise*.
|
169
176
|
"""
|
170
177
|
...
|
@@ -176,18 +183,20 @@ class OidcKeyAllowedClientID(pulumi.CustomResource):
|
|
176
183
|
"""
|
177
184
|
## Example Usage
|
178
185
|
|
179
|
-
<!--Start PulumiCodeChooser -->
|
180
186
|
```python
|
181
187
|
import pulumi
|
182
188
|
import pulumi_vault as vault
|
183
189
|
|
184
|
-
key = vault.identity.OidcKey("key",
|
185
|
-
|
186
|
-
|
190
|
+
key = vault.identity.OidcKey("key",
|
191
|
+
name="key",
|
192
|
+
algorithm="RS256")
|
193
|
+
role = vault.identity.OidcRole("role",
|
194
|
+
name="role",
|
195
|
+
key=key.name)
|
196
|
+
role_oidc_key_allowed_client_id = vault.identity.OidcKeyAllowedClientID("role",
|
187
197
|
key_name=key.name,
|
188
|
-
allowed_client_id=
|
198
|
+
allowed_client_id=role.client_id)
|
189
199
|
```
|
190
|
-
<!--End PulumiCodeChooser -->
|
191
200
|
|
192
201
|
:param str resource_name: The name of the resource.
|
193
202
|
:param OidcKeyAllowedClientIDArgs args: The arguments to use to populate this resource's properties.
|
@@ -247,7 +256,7 @@ class OidcKeyAllowedClientID(pulumi.CustomResource):
|
|
247
256
|
:param pulumi.Input[str] key_name: Name of the OIDC Key allow the Client ID.
|
248
257
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
249
258
|
The value should not contain leading or trailing forward slashes.
|
250
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
259
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
251
260
|
*Available only for Vault Enterprise*.
|
252
261
|
"""
|
253
262
|
opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
|
@@ -281,7 +290,7 @@ class OidcKeyAllowedClientID(pulumi.CustomResource):
|
|
281
290
|
"""
|
282
291
|
The namespace to provision the resource in.
|
283
292
|
The value should not contain leading or trailing forward slashes.
|
284
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
293
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
285
294
|
*Available only for Vault Enterprise*.
|
286
295
|
"""
|
287
296
|
return pulumi.get(self, "namespace")
|
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
|
12
17
|
__all__ = ['OidcProviderArgs', 'OidcProvider']
|
@@ -29,7 +34,7 @@ class OidcProviderArgs:
|
|
29
34
|
:param pulumi.Input[str] name: The name of the provider.
|
30
35
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
31
36
|
The value should not contain leading or trailing forward slashes.
|
32
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
37
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
33
38
|
*Available only for Vault Enterprise*.
|
34
39
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] scopes_supporteds: The scopes available for requesting on the provider.
|
35
40
|
"""
|
@@ -101,7 +106,7 @@ class OidcProviderArgs:
|
|
101
106
|
"""
|
102
107
|
The namespace to provision the resource in.
|
103
108
|
The value should not contain leading or trailing forward slashes.
|
104
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
109
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
105
110
|
*Available only for Vault Enterprise*.
|
106
111
|
"""
|
107
112
|
return pulumi.get(self, "namespace")
|
@@ -145,7 +150,7 @@ class _OidcProviderState:
|
|
145
150
|
:param pulumi.Input[str] name: The name of the provider.
|
146
151
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
147
152
|
The value should not contain leading or trailing forward slashes.
|
148
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
153
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
149
154
|
*Available only for Vault Enterprise*.
|
150
155
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] scopes_supporteds: The scopes available for requesting on the provider.
|
151
156
|
"""
|
@@ -233,7 +238,7 @@ class _OidcProviderState:
|
|
233
238
|
"""
|
234
239
|
The namespace to provision the resource in.
|
235
240
|
The value should not contain leading or trailing forward slashes.
|
236
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
241
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
237
242
|
*Available only for Vault Enterprise*.
|
238
243
|
"""
|
239
244
|
return pulumi.get(self, "namespace")
|
@@ -273,21 +278,23 @@ class OidcProvider(pulumi.CustomResource):
|
|
273
278
|
|
274
279
|
## Example Usage
|
275
280
|
|
276
|
-
<!--Start PulumiCodeChooser -->
|
277
281
|
```python
|
278
282
|
import pulumi
|
279
283
|
import json
|
280
284
|
import pulumi_vault as vault
|
281
285
|
|
282
|
-
|
286
|
+
test = vault.identity.OidcKey("test",
|
287
|
+
name="my-key",
|
283
288
|
allowed_client_ids=["*"],
|
284
289
|
rotation_period=3600,
|
285
290
|
verification_ttl=3600)
|
286
|
-
test_oidc_assignment = vault.identity.OidcAssignment("
|
291
|
+
test_oidc_assignment = vault.identity.OidcAssignment("test",
|
292
|
+
name="my-assignment",
|
287
293
|
entity_ids=["fake-ascbascas-2231a-sdfaa"],
|
288
294
|
group_ids=["fake-sajkdsad-32414-sfsada"])
|
289
|
-
test_oidc_client = vault.identity.OidcClient("
|
290
|
-
|
295
|
+
test_oidc_client = vault.identity.OidcClient("test",
|
296
|
+
name="application",
|
297
|
+
key=test.name,
|
291
298
|
redirect_uris=[
|
292
299
|
"http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback",
|
293
300
|
"http://127.0.0.1:8251/callback",
|
@@ -296,18 +303,19 @@ class OidcProvider(pulumi.CustomResource):
|
|
296
303
|
assignments=[test_oidc_assignment.name],
|
297
304
|
id_token_ttl=2400,
|
298
305
|
access_token_ttl=7200)
|
299
|
-
test_oidc_scope = vault.identity.OidcScope("
|
306
|
+
test_oidc_scope = vault.identity.OidcScope("test",
|
307
|
+
name="groups",
|
300
308
|
template=json.dumps({
|
301
309
|
"groups": "{{identity.entity.groups.names}}",
|
302
310
|
}),
|
303
311
|
description="Groups scope.")
|
304
|
-
test_oidc_provider = vault.identity.OidcProvider("
|
312
|
+
test_oidc_provider = vault.identity.OidcProvider("test",
|
313
|
+
name="my-provider",
|
305
314
|
https_enabled=False,
|
306
315
|
issuer_host="127.0.0.1:8200",
|
307
316
|
allowed_client_ids=[test_oidc_client.client_id],
|
308
317
|
scopes_supporteds=[test_oidc_scope.name])
|
309
318
|
```
|
310
|
-
<!--End PulumiCodeChooser -->
|
311
319
|
|
312
320
|
## Import
|
313
321
|
|
@@ -326,7 +334,7 @@ class OidcProvider(pulumi.CustomResource):
|
|
326
334
|
:param pulumi.Input[str] name: The name of the provider.
|
327
335
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
328
336
|
The value should not contain leading or trailing forward slashes.
|
329
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
337
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
330
338
|
*Available only for Vault Enterprise*.
|
331
339
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] scopes_supporteds: The scopes available for requesting on the provider.
|
332
340
|
"""
|
@@ -342,21 +350,23 @@ class OidcProvider(pulumi.CustomResource):
|
|
342
350
|
|
343
351
|
## Example Usage
|
344
352
|
|
345
|
-
<!--Start PulumiCodeChooser -->
|
346
353
|
```python
|
347
354
|
import pulumi
|
348
355
|
import json
|
349
356
|
import pulumi_vault as vault
|
350
357
|
|
351
|
-
|
358
|
+
test = vault.identity.OidcKey("test",
|
359
|
+
name="my-key",
|
352
360
|
allowed_client_ids=["*"],
|
353
361
|
rotation_period=3600,
|
354
362
|
verification_ttl=3600)
|
355
|
-
test_oidc_assignment = vault.identity.OidcAssignment("
|
363
|
+
test_oidc_assignment = vault.identity.OidcAssignment("test",
|
364
|
+
name="my-assignment",
|
356
365
|
entity_ids=["fake-ascbascas-2231a-sdfaa"],
|
357
366
|
group_ids=["fake-sajkdsad-32414-sfsada"])
|
358
|
-
test_oidc_client = vault.identity.OidcClient("
|
359
|
-
|
367
|
+
test_oidc_client = vault.identity.OidcClient("test",
|
368
|
+
name="application",
|
369
|
+
key=test.name,
|
360
370
|
redirect_uris=[
|
361
371
|
"http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback",
|
362
372
|
"http://127.0.0.1:8251/callback",
|
@@ -365,18 +375,19 @@ class OidcProvider(pulumi.CustomResource):
|
|
365
375
|
assignments=[test_oidc_assignment.name],
|
366
376
|
id_token_ttl=2400,
|
367
377
|
access_token_ttl=7200)
|
368
|
-
test_oidc_scope = vault.identity.OidcScope("
|
378
|
+
test_oidc_scope = vault.identity.OidcScope("test",
|
379
|
+
name="groups",
|
369
380
|
template=json.dumps({
|
370
381
|
"groups": "{{identity.entity.groups.names}}",
|
371
382
|
}),
|
372
383
|
description="Groups scope.")
|
373
|
-
test_oidc_provider = vault.identity.OidcProvider("
|
384
|
+
test_oidc_provider = vault.identity.OidcProvider("test",
|
385
|
+
name="my-provider",
|
374
386
|
https_enabled=False,
|
375
387
|
issuer_host="127.0.0.1:8200",
|
376
388
|
allowed_client_ids=[test_oidc_client.client_id],
|
377
389
|
scopes_supporteds=[test_oidc_scope.name])
|
378
390
|
```
|
379
|
-
<!--End PulumiCodeChooser -->
|
380
391
|
|
381
392
|
## Import
|
382
393
|
|
@@ -457,7 +468,7 @@ class OidcProvider(pulumi.CustomResource):
|
|
457
468
|
:param pulumi.Input[str] name: The name of the provider.
|
458
469
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
459
470
|
The value should not contain leading or trailing forward slashes.
|
460
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
471
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
461
472
|
*Available only for Vault Enterprise*.
|
462
473
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] scopes_supporteds: The scopes available for requesting on the provider.
|
463
474
|
"""
|
@@ -523,7 +534,7 @@ class OidcProvider(pulumi.CustomResource):
|
|
523
534
|
"""
|
524
535
|
The namespace to provision the resource in.
|
525
536
|
The value should not contain leading or trailing forward slashes.
|
526
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
537
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
527
538
|
*Available only for Vault Enterprise*.
|
528
539
|
"""
|
529
540
|
return pulumi.get(self, "namespace")
|