pulumi-vault 5.21.0a1710160723__py3-none-any.whl → 6.5.0a1736836139__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (229) hide show
  1. pulumi_vault/__init__.py +52 -0
  2. pulumi_vault/_inputs.py +560 -0
  3. pulumi_vault/_utilities.py +41 -5
  4. pulumi_vault/ad/get_access_credentials.py +22 -7
  5. pulumi_vault/ad/secret_backend.py +14 -144
  6. pulumi_vault/ad/secret_library.py +14 -11
  7. pulumi_vault/ad/secret_role.py +12 -11
  8. pulumi_vault/alicloud/auth_backend_role.py +74 -192
  9. pulumi_vault/approle/auth_backend_login.py +12 -11
  10. pulumi_vault/approle/auth_backend_role.py +75 -193
  11. pulumi_vault/approle/auth_backend_role_secret_id.py +106 -11
  12. pulumi_vault/approle/get_auth_backend_role_id.py +18 -9
  13. pulumi_vault/audit.py +24 -27
  14. pulumi_vault/audit_request_header.py +11 -6
  15. pulumi_vault/auth_backend.py +64 -12
  16. pulumi_vault/aws/auth_backend_cert.py +12 -7
  17. pulumi_vault/aws/auth_backend_client.py +265 -24
  18. pulumi_vault/aws/auth_backend_config_identity.py +12 -11
  19. pulumi_vault/aws/auth_backend_identity_whitelist.py +18 -17
  20. pulumi_vault/aws/auth_backend_login.py +19 -22
  21. pulumi_vault/aws/auth_backend_role.py +75 -193
  22. pulumi_vault/aws/auth_backend_role_tag.py +12 -7
  23. pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -17
  24. pulumi_vault/aws/auth_backend_sts_role.py +12 -11
  25. pulumi_vault/aws/get_access_credentials.py +34 -7
  26. pulumi_vault/aws/get_static_access_credentials.py +19 -5
  27. pulumi_vault/aws/secret_backend.py +75 -7
  28. pulumi_vault/aws/secret_backend_role.py +183 -11
  29. pulumi_vault/aws/secret_backend_static_role.py +14 -11
  30. pulumi_vault/azure/_inputs.py +24 -0
  31. pulumi_vault/azure/auth_backend_config.py +151 -17
  32. pulumi_vault/azure/auth_backend_role.py +75 -193
  33. pulumi_vault/azure/backend.py +223 -29
  34. pulumi_vault/azure/backend_role.py +42 -41
  35. pulumi_vault/azure/get_access_credentials.py +39 -11
  36. pulumi_vault/azure/outputs.py +5 -0
  37. pulumi_vault/cert_auth_backend_role.py +87 -271
  38. pulumi_vault/config/__init__.pyi +5 -0
  39. pulumi_vault/config/_inputs.py +73 -0
  40. pulumi_vault/config/outputs.py +35 -0
  41. pulumi_vault/config/ui_custom_message.py +529 -0
  42. pulumi_vault/config/vars.py +5 -0
  43. pulumi_vault/consul/secret_backend.py +22 -25
  44. pulumi_vault/consul/secret_backend_role.py +14 -80
  45. pulumi_vault/database/_inputs.py +2770 -881
  46. pulumi_vault/database/outputs.py +721 -838
  47. pulumi_vault/database/secret_backend_connection.py +117 -114
  48. pulumi_vault/database/secret_backend_role.py +29 -24
  49. pulumi_vault/database/secret_backend_static_role.py +85 -15
  50. pulumi_vault/database/secrets_mount.py +425 -138
  51. pulumi_vault/egp_policy.py +16 -15
  52. pulumi_vault/gcp/_inputs.py +111 -0
  53. pulumi_vault/gcp/auth_backend.py +248 -35
  54. pulumi_vault/gcp/auth_backend_role.py +75 -271
  55. pulumi_vault/gcp/get_auth_backend_role.py +43 -9
  56. pulumi_vault/gcp/outputs.py +5 -0
  57. pulumi_vault/gcp/secret_backend.py +287 -16
  58. pulumi_vault/gcp/secret_impersonated_account.py +74 -17
  59. pulumi_vault/gcp/secret_roleset.py +29 -26
  60. pulumi_vault/gcp/secret_static_account.py +37 -34
  61. pulumi_vault/generic/endpoint.py +22 -21
  62. pulumi_vault/generic/get_secret.py +68 -12
  63. pulumi_vault/generic/secret.py +19 -14
  64. pulumi_vault/get_auth_backend.py +24 -11
  65. pulumi_vault/get_auth_backends.py +33 -11
  66. pulumi_vault/get_namespace.py +226 -0
  67. pulumi_vault/get_namespaces.py +153 -0
  68. pulumi_vault/get_nomad_access_token.py +31 -15
  69. pulumi_vault/get_policy_document.py +34 -23
  70. pulumi_vault/get_raft_autopilot_state.py +29 -14
  71. pulumi_vault/github/_inputs.py +55 -0
  72. pulumi_vault/github/auth_backend.py +17 -16
  73. pulumi_vault/github/outputs.py +5 -0
  74. pulumi_vault/github/team.py +14 -13
  75. pulumi_vault/github/user.py +14 -13
  76. pulumi_vault/identity/entity.py +18 -15
  77. pulumi_vault/identity/entity_alias.py +18 -15
  78. pulumi_vault/identity/entity_policies.py +24 -19
  79. pulumi_vault/identity/get_entity.py +40 -14
  80. pulumi_vault/identity/get_group.py +45 -13
  81. pulumi_vault/identity/get_oidc_client_creds.py +21 -11
  82. pulumi_vault/identity/get_oidc_openid_config.py +39 -13
  83. pulumi_vault/identity/get_oidc_public_keys.py +29 -14
  84. pulumi_vault/identity/group.py +50 -49
  85. pulumi_vault/identity/group_alias.py +14 -11
  86. pulumi_vault/identity/group_member_entity_ids.py +24 -74
  87. pulumi_vault/identity/group_member_group_ids.py +36 -27
  88. pulumi_vault/identity/group_policies.py +16 -15
  89. pulumi_vault/identity/mfa_duo.py +9 -8
  90. pulumi_vault/identity/mfa_login_enforcement.py +13 -8
  91. pulumi_vault/identity/mfa_okta.py +9 -8
  92. pulumi_vault/identity/mfa_pingid.py +5 -4
  93. pulumi_vault/identity/mfa_totp.py +5 -4
  94. pulumi_vault/identity/oidc.py +12 -11
  95. pulumi_vault/identity/oidc_assignment.py +22 -13
  96. pulumi_vault/identity/oidc_client.py +34 -25
  97. pulumi_vault/identity/oidc_key.py +28 -19
  98. pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -19
  99. pulumi_vault/identity/oidc_provider.py +34 -23
  100. pulumi_vault/identity/oidc_role.py +40 -27
  101. pulumi_vault/identity/oidc_scope.py +18 -15
  102. pulumi_vault/identity/outputs.py +8 -3
  103. pulumi_vault/jwt/_inputs.py +55 -0
  104. pulumi_vault/jwt/auth_backend.py +39 -46
  105. pulumi_vault/jwt/auth_backend_role.py +131 -260
  106. pulumi_vault/jwt/outputs.py +5 -0
  107. pulumi_vault/kmip/secret_backend.py +22 -21
  108. pulumi_vault/kmip/secret_role.py +12 -11
  109. pulumi_vault/kmip/secret_scope.py +12 -11
  110. pulumi_vault/kubernetes/auth_backend_config.py +55 -7
  111. pulumi_vault/kubernetes/auth_backend_role.py +68 -179
  112. pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
  113. pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
  114. pulumi_vault/kubernetes/get_service_account_token.py +39 -15
  115. pulumi_vault/kubernetes/secret_backend.py +314 -29
  116. pulumi_vault/kubernetes/secret_backend_role.py +135 -56
  117. pulumi_vault/kv/_inputs.py +36 -4
  118. pulumi_vault/kv/get_secret.py +23 -12
  119. pulumi_vault/kv/get_secret_subkeys_v2.py +31 -14
  120. pulumi_vault/kv/get_secret_v2.py +89 -9
  121. pulumi_vault/kv/get_secrets_list.py +22 -15
  122. pulumi_vault/kv/get_secrets_list_v2.py +35 -19
  123. pulumi_vault/kv/outputs.py +8 -3
  124. pulumi_vault/kv/secret.py +19 -18
  125. pulumi_vault/kv/secret_backend_v2.py +12 -11
  126. pulumi_vault/kv/secret_v2.py +55 -52
  127. pulumi_vault/ldap/auth_backend.py +125 -168
  128. pulumi_vault/ldap/auth_backend_group.py +12 -11
  129. pulumi_vault/ldap/auth_backend_user.py +12 -11
  130. pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
  131. pulumi_vault/ldap/get_static_credentials.py +24 -5
  132. pulumi_vault/ldap/secret_backend.py +352 -84
  133. pulumi_vault/ldap/secret_backend_dynamic_role.py +12 -11
  134. pulumi_vault/ldap/secret_backend_library_set.py +14 -11
  135. pulumi_vault/ldap/secret_backend_static_role.py +67 -12
  136. pulumi_vault/managed/_inputs.py +289 -132
  137. pulumi_vault/managed/keys.py +27 -43
  138. pulumi_vault/managed/outputs.py +89 -132
  139. pulumi_vault/mfa_duo.py +16 -13
  140. pulumi_vault/mfa_okta.py +16 -13
  141. pulumi_vault/mfa_pingid.py +16 -13
  142. pulumi_vault/mfa_totp.py +22 -19
  143. pulumi_vault/mongodbatlas/secret_backend.py +18 -17
  144. pulumi_vault/mongodbatlas/secret_role.py +41 -38
  145. pulumi_vault/mount.py +389 -65
  146. pulumi_vault/namespace.py +26 -21
  147. pulumi_vault/nomad_secret_backend.py +16 -15
  148. pulumi_vault/nomad_secret_role.py +12 -11
  149. pulumi_vault/okta/_inputs.py +47 -8
  150. pulumi_vault/okta/auth_backend.py +483 -41
  151. pulumi_vault/okta/auth_backend_group.py +12 -11
  152. pulumi_vault/okta/auth_backend_user.py +12 -11
  153. pulumi_vault/okta/outputs.py +13 -8
  154. pulumi_vault/outputs.py +5 -0
  155. pulumi_vault/password_policy.py +18 -15
  156. pulumi_vault/pkisecret/__init__.py +3 -0
  157. pulumi_vault/pkisecret/_inputs.py +81 -0
  158. pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
  159. pulumi_vault/pkisecret/backend_config_est.py +619 -0
  160. pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
  161. pulumi_vault/pkisecret/get_backend_issuer.py +63 -7
  162. pulumi_vault/pkisecret/get_backend_issuers.py +21 -12
  163. pulumi_vault/pkisecret/get_backend_key.py +24 -13
  164. pulumi_vault/pkisecret/get_backend_keys.py +21 -12
  165. pulumi_vault/pkisecret/outputs.py +69 -0
  166. pulumi_vault/pkisecret/secret_backend_cert.py +18 -15
  167. pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -15
  168. pulumi_vault/pkisecret/secret_backend_config_issuers.py +12 -11
  169. pulumi_vault/pkisecret/secret_backend_config_urls.py +59 -11
  170. pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -13
  171. pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -15
  172. pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -21
  173. pulumi_vault/pkisecret/secret_backend_issuer.py +12 -11
  174. pulumi_vault/pkisecret/secret_backend_key.py +12 -7
  175. pulumi_vault/pkisecret/secret_backend_role.py +19 -16
  176. pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -52
  177. pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -62
  178. pulumi_vault/pkisecret/secret_backend_sign.py +18 -60
  179. pulumi_vault/plugin.py +595 -0
  180. pulumi_vault/plugin_pinned_version.py +298 -0
  181. pulumi_vault/policy.py +12 -7
  182. pulumi_vault/provider.py +48 -53
  183. pulumi_vault/pulumi-plugin.json +2 -1
  184. pulumi_vault/quota_lease_count.py +58 -8
  185. pulumi_vault/quota_rate_limit.py +54 -4
  186. pulumi_vault/rabbitmq/_inputs.py +61 -0
  187. pulumi_vault/rabbitmq/outputs.py +5 -0
  188. pulumi_vault/rabbitmq/secret_backend.py +16 -15
  189. pulumi_vault/rabbitmq/secret_backend_role.py +52 -49
  190. pulumi_vault/raft_autopilot.py +12 -11
  191. pulumi_vault/raft_snapshot_agent_config.py +121 -311
  192. pulumi_vault/rgp_policy.py +14 -13
  193. pulumi_vault/saml/auth_backend.py +20 -19
  194. pulumi_vault/saml/auth_backend_role.py +90 -199
  195. pulumi_vault/secrets/__init__.py +3 -0
  196. pulumi_vault/secrets/_inputs.py +110 -0
  197. pulumi_vault/secrets/outputs.py +94 -0
  198. pulumi_vault/secrets/sync_association.py +56 -75
  199. pulumi_vault/secrets/sync_aws_destination.py +240 -29
  200. pulumi_vault/secrets/sync_azure_destination.py +90 -33
  201. pulumi_vault/secrets/sync_config.py +7 -6
  202. pulumi_vault/secrets/sync_gcp_destination.py +156 -27
  203. pulumi_vault/secrets/sync_gh_destination.py +187 -15
  204. pulumi_vault/secrets/sync_github_apps.py +375 -0
  205. pulumi_vault/secrets/sync_vercel_destination.py +72 -15
  206. pulumi_vault/ssh/_inputs.py +28 -32
  207. pulumi_vault/ssh/outputs.py +11 -32
  208. pulumi_vault/ssh/secret_backend_ca.py +106 -11
  209. pulumi_vault/ssh/secret_backend_role.py +83 -120
  210. pulumi_vault/terraformcloud/secret_backend.py +5 -56
  211. pulumi_vault/terraformcloud/secret_creds.py +14 -24
  212. pulumi_vault/terraformcloud/secret_role.py +14 -76
  213. pulumi_vault/token.py +26 -25
  214. pulumi_vault/tokenauth/auth_backend_role.py +76 -201
  215. pulumi_vault/transform/alphabet.py +16 -13
  216. pulumi_vault/transform/get_decode.py +45 -21
  217. pulumi_vault/transform/get_encode.py +45 -21
  218. pulumi_vault/transform/role.py +16 -13
  219. pulumi_vault/transform/template.py +30 -25
  220. pulumi_vault/transform/transformation.py +12 -7
  221. pulumi_vault/transit/get_decrypt.py +26 -25
  222. pulumi_vault/transit/get_encrypt.py +24 -19
  223. pulumi_vault/transit/secret_backend_key.py +25 -97
  224. pulumi_vault/transit/secret_cache_config.py +12 -11
  225. {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/METADATA +8 -7
  226. pulumi_vault-6.5.0a1736836139.dist-info/RECORD +256 -0
  227. {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/WHEEL +1 -1
  228. pulumi_vault-5.21.0a1710160723.dist-info/RECORD +0 -244
  229. {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/top_level.txt +0 -0
@@ -4,9 +4,14 @@
4
4
 
5
5
  import copy
6
6
  import warnings
7
+ import sys
7
8
  import pulumi
8
9
  import pulumi.runtime
9
10
  from typing import Any, Mapping, Optional, Sequence, Union, overload
11
+ if sys.version_info >= (3, 11):
12
+ from typing import NotRequired, TypedDict, TypeAlias
13
+ else:
14
+ from typing_extensions import NotRequired, TypedDict, TypeAlias
10
15
  from .. import _utilities
11
16
 
12
17
  __all__ = [
@@ -21,7 +26,7 @@ class GetAuthBackendConfigResult:
21
26
  """
22
27
  A collection of values returned by getAuthBackendConfig.
23
28
  """
24
- def __init__(__self__, backend=None, disable_iss_validation=None, disable_local_ca_jwt=None, id=None, issuer=None, kubernetes_ca_cert=None, kubernetes_host=None, namespace=None, pem_keys=None):
29
+ def __init__(__self__, backend=None, disable_iss_validation=None, disable_local_ca_jwt=None, id=None, issuer=None, kubernetes_ca_cert=None, kubernetes_host=None, namespace=None, pem_keys=None, use_annotations_as_alias_metadata=None):
25
30
  if backend and not isinstance(backend, str):
26
31
  raise TypeError("Expected argument 'backend' to be a str")
27
32
  pulumi.set(__self__, "backend", backend)
@@ -49,6 +54,9 @@ class GetAuthBackendConfigResult:
49
54
  if pem_keys and not isinstance(pem_keys, list):
50
55
  raise TypeError("Expected argument 'pem_keys' to be a list")
51
56
  pulumi.set(__self__, "pem_keys", pem_keys)
57
+ if use_annotations_as_alias_metadata and not isinstance(use_annotations_as_alias_metadata, bool):
58
+ raise TypeError("Expected argument 'use_annotations_as_alias_metadata' to be a bool")
59
+ pulumi.set(__self__, "use_annotations_as_alias_metadata", use_annotations_as_alias_metadata)
52
60
 
53
61
  @property
54
62
  @pulumi.getter
@@ -58,11 +66,17 @@ class GetAuthBackendConfigResult:
58
66
  @property
59
67
  @pulumi.getter(name="disableIssValidation")
60
68
  def disable_iss_validation(self) -> bool:
69
+ """
70
+ (Optional) Disable JWT issuer validation. Allows to skip ISS validation. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
71
+ """
61
72
  return pulumi.get(self, "disable_iss_validation")
62
73
 
63
74
  @property
64
75
  @pulumi.getter(name="disableLocalCaJwt")
65
76
  def disable_local_ca_jwt(self) -> bool:
77
+ """
78
+ (Optional) Disable defaulting to the local CA cert and service account JWT when running in a Kubernetes pod. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
79
+ """
66
80
  return pulumi.get(self, "disable_local_ca_jwt")
67
81
 
68
82
  @property
@@ -110,6 +124,14 @@ class GetAuthBackendConfigResult:
110
124
  """
111
125
  return pulumi.get(self, "pem_keys")
112
126
 
127
+ @property
128
+ @pulumi.getter(name="useAnnotationsAsAliasMetadata")
129
+ def use_annotations_as_alias_metadata(self) -> bool:
130
+ """
131
+ (Optional) Use annotations from the client token's associated service account as alias metadata for the Vault entity. Requires Vault `v1.16+` or Vault auth kubernetes plugin `v0.18.0+`
132
+ """
133
+ return pulumi.get(self, "use_annotations_as_alias_metadata")
134
+
113
135
 
114
136
  class AwaitableGetAuthBackendConfigResult(GetAuthBackendConfigResult):
115
137
  # pylint: disable=using-constant-test
@@ -125,7 +147,8 @@ class AwaitableGetAuthBackendConfigResult(GetAuthBackendConfigResult):
125
147
  kubernetes_ca_cert=self.kubernetes_ca_cert,
126
148
  kubernetes_host=self.kubernetes_host,
127
149
  namespace=self.namespace,
128
- pem_keys=self.pem_keys)
150
+ pem_keys=self.pem_keys,
151
+ use_annotations_as_alias_metadata=self.use_annotations_as_alias_metadata)
129
152
 
130
153
 
131
154
  def get_auth_backend_config(backend: Optional[str] = None,
@@ -136,6 +159,7 @@ def get_auth_backend_config(backend: Optional[str] = None,
136
159
  kubernetes_host: Optional[str] = None,
137
160
  namespace: Optional[str] = None,
138
161
  pem_keys: Optional[Sequence[str]] = None,
162
+ use_annotations_as_alias_metadata: Optional[bool] = None,
139
163
  opts: Optional[pulumi.InvokeOptions] = None) -> AwaitableGetAuthBackendConfigResult:
140
164
  """
141
165
  Reads the Role of an Kubernetes from a Vault server. See the [Vault
@@ -145,6 +169,8 @@ def get_auth_backend_config(backend: Optional[str] = None,
145
169
 
146
170
  :param str backend: The unique name for the Kubernetes backend the config to
147
171
  retrieve Role attributes for resides in. Defaults to "kubernetes".
172
+ :param bool disable_iss_validation: (Optional) Disable JWT issuer validation. Allows to skip ISS validation. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
173
+ :param bool disable_local_ca_jwt: (Optional) Disable defaulting to the local CA cert and service account JWT when running in a Kubernetes pod. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
148
174
  :param str issuer: Optional JWT issuer. If no issuer is specified, `kubernetes.io/serviceaccount` will be used as the default issuer.
149
175
  :param str kubernetes_ca_cert: PEM encoded CA cert for use by the TLS client used to talk with the Kubernetes API.
150
176
  :param str kubernetes_host: Host must be a host string, a host:port pair, or a URL to the base of the Kubernetes API server.
@@ -153,6 +179,7 @@ def get_auth_backend_config(backend: Optional[str] = None,
153
179
  The `namespace` is always relative to the provider's configured namespace.
154
180
  *Available only for Vault Enterprise*.
155
181
  :param Sequence[str] pem_keys: Optional list of PEM-formatted public keys or certificates used to verify the signatures of Kubernetes service account JWTs. If a certificate is given, its public key will be extracted. Not every installation of Kubernetes exposes these keys.
182
+ :param bool use_annotations_as_alias_metadata: (Optional) Use annotations from the client token's associated service account as alias metadata for the Vault entity. Requires Vault `v1.16+` or Vault auth kubernetes plugin `v0.18.0+`
156
183
  """
157
184
  __args__ = dict()
158
185
  __args__['backend'] = backend
@@ -163,6 +190,7 @@ def get_auth_backend_config(backend: Optional[str] = None,
163
190
  __args__['kubernetesHost'] = kubernetes_host
164
191
  __args__['namespace'] = namespace
165
192
  __args__['pemKeys'] = pem_keys
193
+ __args__['useAnnotationsAsAliasMetadata'] = use_annotations_as_alias_metadata
166
194
  opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts)
167
195
  __ret__ = pulumi.runtime.invoke('vault:kubernetes/getAuthBackendConfig:getAuthBackendConfig', __args__, opts=opts, typ=GetAuthBackendConfigResult).value
168
196
 
@@ -175,10 +203,8 @@ def get_auth_backend_config(backend: Optional[str] = None,
175
203
  kubernetes_ca_cert=pulumi.get(__ret__, 'kubernetes_ca_cert'),
176
204
  kubernetes_host=pulumi.get(__ret__, 'kubernetes_host'),
177
205
  namespace=pulumi.get(__ret__, 'namespace'),
178
- pem_keys=pulumi.get(__ret__, 'pem_keys'))
179
-
180
-
181
- @_utilities.lift_output_func(get_auth_backend_config)
206
+ pem_keys=pulumi.get(__ret__, 'pem_keys'),
207
+ use_annotations_as_alias_metadata=pulumi.get(__ret__, 'use_annotations_as_alias_metadata'))
182
208
  def get_auth_backend_config_output(backend: Optional[pulumi.Input[Optional[str]]] = None,
183
209
  disable_iss_validation: Optional[pulumi.Input[Optional[bool]]] = None,
184
210
  disable_local_ca_jwt: Optional[pulumi.Input[Optional[bool]]] = None,
@@ -187,7 +213,8 @@ def get_auth_backend_config_output(backend: Optional[pulumi.Input[Optional[str]]
187
213
  kubernetes_host: Optional[pulumi.Input[Optional[str]]] = None,
188
214
  namespace: Optional[pulumi.Input[Optional[str]]] = None,
189
215
  pem_keys: Optional[pulumi.Input[Optional[Sequence[str]]]] = None,
190
- opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetAuthBackendConfigResult]:
216
+ use_annotations_as_alias_metadata: Optional[pulumi.Input[Optional[bool]]] = None,
217
+ opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetAuthBackendConfigResult]:
191
218
  """
192
219
  Reads the Role of an Kubernetes from a Vault server. See the [Vault
193
220
  documentation](https://www.vaultproject.io/api-docs/auth/kubernetes#read-config) for more
@@ -196,6 +223,8 @@ def get_auth_backend_config_output(backend: Optional[pulumi.Input[Optional[str]]
196
223
 
197
224
  :param str backend: The unique name for the Kubernetes backend the config to
198
225
  retrieve Role attributes for resides in. Defaults to "kubernetes".
226
+ :param bool disable_iss_validation: (Optional) Disable JWT issuer validation. Allows to skip ISS validation. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
227
+ :param bool disable_local_ca_jwt: (Optional) Disable defaulting to the local CA cert and service account JWT when running in a Kubernetes pod. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
199
228
  :param str issuer: Optional JWT issuer. If no issuer is specified, `kubernetes.io/serviceaccount` will be used as the default issuer.
200
229
  :param str kubernetes_ca_cert: PEM encoded CA cert for use by the TLS client used to talk with the Kubernetes API.
201
230
  :param str kubernetes_host: Host must be a host string, a host:port pair, or a URL to the base of the Kubernetes API server.
@@ -204,5 +233,28 @@ def get_auth_backend_config_output(backend: Optional[pulumi.Input[Optional[str]]
204
233
  The `namespace` is always relative to the provider's configured namespace.
205
234
  *Available only for Vault Enterprise*.
206
235
  :param Sequence[str] pem_keys: Optional list of PEM-formatted public keys or certificates used to verify the signatures of Kubernetes service account JWTs. If a certificate is given, its public key will be extracted. Not every installation of Kubernetes exposes these keys.
236
+ :param bool use_annotations_as_alias_metadata: (Optional) Use annotations from the client token's associated service account as alias metadata for the Vault entity. Requires Vault `v1.16+` or Vault auth kubernetes plugin `v0.18.0+`
207
237
  """
208
- ...
238
+ __args__ = dict()
239
+ __args__['backend'] = backend
240
+ __args__['disableIssValidation'] = disable_iss_validation
241
+ __args__['disableLocalCaJwt'] = disable_local_ca_jwt
242
+ __args__['issuer'] = issuer
243
+ __args__['kubernetesCaCert'] = kubernetes_ca_cert
244
+ __args__['kubernetesHost'] = kubernetes_host
245
+ __args__['namespace'] = namespace
246
+ __args__['pemKeys'] = pem_keys
247
+ __args__['useAnnotationsAsAliasMetadata'] = use_annotations_as_alias_metadata
248
+ opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts)
249
+ __ret__ = pulumi.runtime.invoke_output('vault:kubernetes/getAuthBackendConfig:getAuthBackendConfig', __args__, opts=opts, typ=GetAuthBackendConfigResult)
250
+ return __ret__.apply(lambda __response__: GetAuthBackendConfigResult(
251
+ backend=pulumi.get(__response__, 'backend'),
252
+ disable_iss_validation=pulumi.get(__response__, 'disable_iss_validation'),
253
+ disable_local_ca_jwt=pulumi.get(__response__, 'disable_local_ca_jwt'),
254
+ id=pulumi.get(__response__, 'id'),
255
+ issuer=pulumi.get(__response__, 'issuer'),
256
+ kubernetes_ca_cert=pulumi.get(__response__, 'kubernetes_ca_cert'),
257
+ kubernetes_host=pulumi.get(__response__, 'kubernetes_host'),
258
+ namespace=pulumi.get(__response__, 'namespace'),
259
+ pem_keys=pulumi.get(__response__, 'pem_keys'),
260
+ use_annotations_as_alias_metadata=pulumi.get(__response__, 'use_annotations_as_alias_metadata')))
@@ -4,9 +4,14 @@
4
4
 
5
5
  import copy
6
6
  import warnings
7
+ import sys
7
8
  import pulumi
8
9
  import pulumi.runtime
9
10
  from typing import Any, Mapping, Optional, Sequence, Union, overload
11
+ if sys.version_info >= (3, 11):
12
+ from typing import NotRequired, TypedDict, TypeAlias
13
+ else:
14
+ from typing_extensions import NotRequired, TypedDict, TypeAlias
10
15
  from .. import _utilities
11
16
 
12
17
  __all__ = [
@@ -336,9 +341,6 @@ def get_auth_backend_role(audience: Optional[str] = None,
336
341
  token_policies=pulumi.get(__ret__, 'token_policies'),
337
342
  token_ttl=pulumi.get(__ret__, 'token_ttl'),
338
343
  token_type=pulumi.get(__ret__, 'token_type'))
339
-
340
-
341
- @_utilities.lift_output_func(get_auth_backend_role)
342
344
  def get_auth_backend_role_output(audience: Optional[pulumi.Input[Optional[str]]] = None,
343
345
  backend: Optional[pulumi.Input[Optional[str]]] = None,
344
346
  namespace: Optional[pulumi.Input[Optional[str]]] = None,
@@ -352,7 +354,7 @@ def get_auth_backend_role_output(audience: Optional[pulumi.Input[Optional[str]]]
352
354
  token_policies: Optional[pulumi.Input[Optional[Sequence[str]]]] = None,
353
355
  token_ttl: Optional[pulumi.Input[Optional[int]]] = None,
354
356
  token_type: Optional[pulumi.Input[Optional[str]]] = None,
355
- opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetAuthBackendRoleResult]:
357
+ opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetAuthBackendRoleResult]:
356
358
  """
357
359
  Reads the Role of an Kubernetes from a Vault server. See the [Vault
358
360
  documentation](https://www.vaultproject.io/api-docs/auth/kubernetes#read-role) for more
@@ -395,4 +397,37 @@ def get_auth_backend_role_output(audience: Optional[pulumi.Input[Optional[str]]]
395
397
  `default-service` and `default-batch` which specify the type to return unless the client
396
398
  requests a different type at generation time.
397
399
  """
398
- ...
400
+ __args__ = dict()
401
+ __args__['audience'] = audience
402
+ __args__['backend'] = backend
403
+ __args__['namespace'] = namespace
404
+ __args__['roleName'] = role_name
405
+ __args__['tokenBoundCidrs'] = token_bound_cidrs
406
+ __args__['tokenExplicitMaxTtl'] = token_explicit_max_ttl
407
+ __args__['tokenMaxTtl'] = token_max_ttl
408
+ __args__['tokenNoDefaultPolicy'] = token_no_default_policy
409
+ __args__['tokenNumUses'] = token_num_uses
410
+ __args__['tokenPeriod'] = token_period
411
+ __args__['tokenPolicies'] = token_policies
412
+ __args__['tokenTtl'] = token_ttl
413
+ __args__['tokenType'] = token_type
414
+ opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts)
415
+ __ret__ = pulumi.runtime.invoke_output('vault:kubernetes/getAuthBackendRole:getAuthBackendRole', __args__, opts=opts, typ=GetAuthBackendRoleResult)
416
+ return __ret__.apply(lambda __response__: GetAuthBackendRoleResult(
417
+ alias_name_source=pulumi.get(__response__, 'alias_name_source'),
418
+ audience=pulumi.get(__response__, 'audience'),
419
+ backend=pulumi.get(__response__, 'backend'),
420
+ bound_service_account_names=pulumi.get(__response__, 'bound_service_account_names'),
421
+ bound_service_account_namespaces=pulumi.get(__response__, 'bound_service_account_namespaces'),
422
+ id=pulumi.get(__response__, 'id'),
423
+ namespace=pulumi.get(__response__, 'namespace'),
424
+ role_name=pulumi.get(__response__, 'role_name'),
425
+ token_bound_cidrs=pulumi.get(__response__, 'token_bound_cidrs'),
426
+ token_explicit_max_ttl=pulumi.get(__response__, 'token_explicit_max_ttl'),
427
+ token_max_ttl=pulumi.get(__response__, 'token_max_ttl'),
428
+ token_no_default_policy=pulumi.get(__response__, 'token_no_default_policy'),
429
+ token_num_uses=pulumi.get(__response__, 'token_num_uses'),
430
+ token_period=pulumi.get(__response__, 'token_period'),
431
+ token_policies=pulumi.get(__response__, 'token_policies'),
432
+ token_ttl=pulumi.get(__response__, 'token_ttl'),
433
+ token_type=pulumi.get(__response__, 'token_type')))
@@ -4,9 +4,14 @@
4
4
 
5
5
  import copy
6
6
  import warnings
7
+ import sys
7
8
  import pulumi
8
9
  import pulumi.runtime
9
10
  from typing import Any, Mapping, Optional, Sequence, Union, overload
11
+ if sys.version_info >= (3, 11):
12
+ from typing import NotRequired, TypedDict, TypeAlias
13
+ else:
14
+ from typing_extensions import NotRequired, TypedDict, TypeAlias
10
15
  from .. import _utilities
11
16
 
12
17
  __all__ = [
@@ -180,20 +185,21 @@ def get_service_account_token(backend: Optional[str] = None,
180
185
  """
181
186
  ## Example Usage
182
187
 
183
- <!--Start PulumiCodeChooser -->
184
188
  ```python
185
189
  import pulumi
190
+ import pulumi_std as std
186
191
  import pulumi_vault as vault
187
192
 
188
193
  config = vault.kubernetes.SecretBackend("config",
189
194
  path="kubernetes",
190
195
  description="kubernetes secrets engine description",
191
196
  kubernetes_host="https://127.0.0.1:61233",
192
- kubernetes_ca_cert=(lambda path: open(path).read())("/path/to/cert"),
193
- service_account_jwt=(lambda path: open(path).read())("/path/to/token"),
197
+ kubernetes_ca_cert=std.file(input="/path/to/cert").result,
198
+ service_account_jwt=std.file(input="/path/to/token").result,
194
199
  disable_local_ca_jwt=False)
195
200
  role = vault.kubernetes.SecretBackendRole("role",
196
201
  backend=config.path,
202
+ name="service-account-name-role",
197
203
  allowed_kubernetes_namespaces=["*"],
198
204
  token_max_ttl=43200,
199
205
  token_default_ttl=21600,
@@ -212,7 +218,6 @@ def get_service_account_token(backend: Optional[str] = None,
212
218
  cluster_role_binding=False,
213
219
  ttl="1h")
214
220
  ```
215
- <!--End PulumiCodeChooser -->
216
221
 
217
222
 
218
223
  :param str backend: The Kubernetes secret backend to generate service account
@@ -223,7 +228,7 @@ def get_service_account_token(backend: Optional[str] = None,
223
228
  generate the credentials.
224
229
  :param str namespace: The namespace of the target resource.
225
230
  The value should not contain leading or trailing forward slashes.
226
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
231
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
227
232
  *Available only for Vault Enterprise*.
228
233
  :param str role: The name of the Kubernetes secret backend role to generate service
229
234
  account tokens from.
@@ -254,33 +259,31 @@ def get_service_account_token(backend: Optional[str] = None,
254
259
  service_account_namespace=pulumi.get(__ret__, 'service_account_namespace'),
255
260
  service_account_token=pulumi.get(__ret__, 'service_account_token'),
256
261
  ttl=pulumi.get(__ret__, 'ttl'))
257
-
258
-
259
- @_utilities.lift_output_func(get_service_account_token)
260
262
  def get_service_account_token_output(backend: Optional[pulumi.Input[str]] = None,
261
263
  cluster_role_binding: Optional[pulumi.Input[Optional[bool]]] = None,
262
264
  kubernetes_namespace: Optional[pulumi.Input[str]] = None,
263
265
  namespace: Optional[pulumi.Input[Optional[str]]] = None,
264
266
  role: Optional[pulumi.Input[str]] = None,
265
267
  ttl: Optional[pulumi.Input[Optional[str]]] = None,
266
- opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetServiceAccountTokenResult]:
268
+ opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetServiceAccountTokenResult]:
267
269
  """
268
270
  ## Example Usage
269
271
 
270
- <!--Start PulumiCodeChooser -->
271
272
  ```python
272
273
  import pulumi
274
+ import pulumi_std as std
273
275
  import pulumi_vault as vault
274
276
 
275
277
  config = vault.kubernetes.SecretBackend("config",
276
278
  path="kubernetes",
277
279
  description="kubernetes secrets engine description",
278
280
  kubernetes_host="https://127.0.0.1:61233",
279
- kubernetes_ca_cert=(lambda path: open(path).read())("/path/to/cert"),
280
- service_account_jwt=(lambda path: open(path).read())("/path/to/token"),
281
+ kubernetes_ca_cert=std.file(input="/path/to/cert").result,
282
+ service_account_jwt=std.file(input="/path/to/token").result,
281
283
  disable_local_ca_jwt=False)
282
284
  role = vault.kubernetes.SecretBackendRole("role",
283
285
  backend=config.path,
286
+ name="service-account-name-role",
284
287
  allowed_kubernetes_namespaces=["*"],
285
288
  token_max_ttl=43200,
286
289
  token_default_ttl=21600,
@@ -299,7 +302,6 @@ def get_service_account_token_output(backend: Optional[pulumi.Input[str]] = None
299
302
  cluster_role_binding=False,
300
303
  ttl="1h")
301
304
  ```
302
- <!--End PulumiCodeChooser -->
303
305
 
304
306
 
305
307
  :param str backend: The Kubernetes secret backend to generate service account
@@ -310,11 +312,33 @@ def get_service_account_token_output(backend: Optional[pulumi.Input[str]] = None
310
312
  generate the credentials.
311
313
  :param str namespace: The namespace of the target resource.
312
314
  The value should not contain leading or trailing forward slashes.
313
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
315
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
314
316
  *Available only for Vault Enterprise*.
315
317
  :param str role: The name of the Kubernetes secret backend role to generate service
316
318
  account tokens from.
317
319
  :param str ttl: The TTL of the generated Kubernetes service account token, specified in
318
320
  seconds or as a Go duration format string.
319
321
  """
320
- ...
322
+ __args__ = dict()
323
+ __args__['backend'] = backend
324
+ __args__['clusterRoleBinding'] = cluster_role_binding
325
+ __args__['kubernetesNamespace'] = kubernetes_namespace
326
+ __args__['namespace'] = namespace
327
+ __args__['role'] = role
328
+ __args__['ttl'] = ttl
329
+ opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts)
330
+ __ret__ = pulumi.runtime.invoke_output('vault:kubernetes/getServiceAccountToken:getServiceAccountToken', __args__, opts=opts, typ=GetServiceAccountTokenResult)
331
+ return __ret__.apply(lambda __response__: GetServiceAccountTokenResult(
332
+ backend=pulumi.get(__response__, 'backend'),
333
+ cluster_role_binding=pulumi.get(__response__, 'cluster_role_binding'),
334
+ id=pulumi.get(__response__, 'id'),
335
+ kubernetes_namespace=pulumi.get(__response__, 'kubernetes_namespace'),
336
+ lease_duration=pulumi.get(__response__, 'lease_duration'),
337
+ lease_id=pulumi.get(__response__, 'lease_id'),
338
+ lease_renewable=pulumi.get(__response__, 'lease_renewable'),
339
+ namespace=pulumi.get(__response__, 'namespace'),
340
+ role=pulumi.get(__response__, 'role'),
341
+ service_account_name=pulumi.get(__response__, 'service_account_name'),
342
+ service_account_namespace=pulumi.get(__response__, 'service_account_namespace'),
343
+ service_account_token=pulumi.get(__response__, 'service_account_token'),
344
+ ttl=pulumi.get(__response__, 'ttl')))