pulumi-vault 5.21.0a1710160723__py3-none-any.whl → 6.5.0a1736836139__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +52 -0
- pulumi_vault/_inputs.py +560 -0
- pulumi_vault/_utilities.py +41 -5
- pulumi_vault/ad/get_access_credentials.py +22 -7
- pulumi_vault/ad/secret_backend.py +14 -144
- pulumi_vault/ad/secret_library.py +14 -11
- pulumi_vault/ad/secret_role.py +12 -11
- pulumi_vault/alicloud/auth_backend_role.py +74 -192
- pulumi_vault/approle/auth_backend_login.py +12 -11
- pulumi_vault/approle/auth_backend_role.py +75 -193
- pulumi_vault/approle/auth_backend_role_secret_id.py +106 -11
- pulumi_vault/approle/get_auth_backend_role_id.py +18 -9
- pulumi_vault/audit.py +24 -27
- pulumi_vault/audit_request_header.py +11 -6
- pulumi_vault/auth_backend.py +64 -12
- pulumi_vault/aws/auth_backend_cert.py +12 -7
- pulumi_vault/aws/auth_backend_client.py +265 -24
- pulumi_vault/aws/auth_backend_config_identity.py +12 -11
- pulumi_vault/aws/auth_backend_identity_whitelist.py +18 -17
- pulumi_vault/aws/auth_backend_login.py +19 -22
- pulumi_vault/aws/auth_backend_role.py +75 -193
- pulumi_vault/aws/auth_backend_role_tag.py +12 -7
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -17
- pulumi_vault/aws/auth_backend_sts_role.py +12 -11
- pulumi_vault/aws/get_access_credentials.py +34 -7
- pulumi_vault/aws/get_static_access_credentials.py +19 -5
- pulumi_vault/aws/secret_backend.py +75 -7
- pulumi_vault/aws/secret_backend_role.py +183 -11
- pulumi_vault/aws/secret_backend_static_role.py +14 -11
- pulumi_vault/azure/_inputs.py +24 -0
- pulumi_vault/azure/auth_backend_config.py +151 -17
- pulumi_vault/azure/auth_backend_role.py +75 -193
- pulumi_vault/azure/backend.py +223 -29
- pulumi_vault/azure/backend_role.py +42 -41
- pulumi_vault/azure/get_access_credentials.py +39 -11
- pulumi_vault/azure/outputs.py +5 -0
- pulumi_vault/cert_auth_backend_role.py +87 -271
- pulumi_vault/config/__init__.pyi +5 -0
- pulumi_vault/config/_inputs.py +73 -0
- pulumi_vault/config/outputs.py +35 -0
- pulumi_vault/config/ui_custom_message.py +529 -0
- pulumi_vault/config/vars.py +5 -0
- pulumi_vault/consul/secret_backend.py +22 -25
- pulumi_vault/consul/secret_backend_role.py +14 -80
- pulumi_vault/database/_inputs.py +2770 -881
- pulumi_vault/database/outputs.py +721 -838
- pulumi_vault/database/secret_backend_connection.py +117 -114
- pulumi_vault/database/secret_backend_role.py +29 -24
- pulumi_vault/database/secret_backend_static_role.py +85 -15
- pulumi_vault/database/secrets_mount.py +425 -138
- pulumi_vault/egp_policy.py +16 -15
- pulumi_vault/gcp/_inputs.py +111 -0
- pulumi_vault/gcp/auth_backend.py +248 -35
- pulumi_vault/gcp/auth_backend_role.py +75 -271
- pulumi_vault/gcp/get_auth_backend_role.py +43 -9
- pulumi_vault/gcp/outputs.py +5 -0
- pulumi_vault/gcp/secret_backend.py +287 -16
- pulumi_vault/gcp/secret_impersonated_account.py +74 -17
- pulumi_vault/gcp/secret_roleset.py +29 -26
- pulumi_vault/gcp/secret_static_account.py +37 -34
- pulumi_vault/generic/endpoint.py +22 -21
- pulumi_vault/generic/get_secret.py +68 -12
- pulumi_vault/generic/secret.py +19 -14
- pulumi_vault/get_auth_backend.py +24 -11
- pulumi_vault/get_auth_backends.py +33 -11
- pulumi_vault/get_namespace.py +226 -0
- pulumi_vault/get_namespaces.py +153 -0
- pulumi_vault/get_nomad_access_token.py +31 -15
- pulumi_vault/get_policy_document.py +34 -23
- pulumi_vault/get_raft_autopilot_state.py +29 -14
- pulumi_vault/github/_inputs.py +55 -0
- pulumi_vault/github/auth_backend.py +17 -16
- pulumi_vault/github/outputs.py +5 -0
- pulumi_vault/github/team.py +14 -13
- pulumi_vault/github/user.py +14 -13
- pulumi_vault/identity/entity.py +18 -15
- pulumi_vault/identity/entity_alias.py +18 -15
- pulumi_vault/identity/entity_policies.py +24 -19
- pulumi_vault/identity/get_entity.py +40 -14
- pulumi_vault/identity/get_group.py +45 -13
- pulumi_vault/identity/get_oidc_client_creds.py +21 -11
- pulumi_vault/identity/get_oidc_openid_config.py +39 -13
- pulumi_vault/identity/get_oidc_public_keys.py +29 -14
- pulumi_vault/identity/group.py +50 -49
- pulumi_vault/identity/group_alias.py +14 -11
- pulumi_vault/identity/group_member_entity_ids.py +24 -74
- pulumi_vault/identity/group_member_group_ids.py +36 -27
- pulumi_vault/identity/group_policies.py +16 -15
- pulumi_vault/identity/mfa_duo.py +9 -8
- pulumi_vault/identity/mfa_login_enforcement.py +13 -8
- pulumi_vault/identity/mfa_okta.py +9 -8
- pulumi_vault/identity/mfa_pingid.py +5 -4
- pulumi_vault/identity/mfa_totp.py +5 -4
- pulumi_vault/identity/oidc.py +12 -11
- pulumi_vault/identity/oidc_assignment.py +22 -13
- pulumi_vault/identity/oidc_client.py +34 -25
- pulumi_vault/identity/oidc_key.py +28 -19
- pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -19
- pulumi_vault/identity/oidc_provider.py +34 -23
- pulumi_vault/identity/oidc_role.py +40 -27
- pulumi_vault/identity/oidc_scope.py +18 -15
- pulumi_vault/identity/outputs.py +8 -3
- pulumi_vault/jwt/_inputs.py +55 -0
- pulumi_vault/jwt/auth_backend.py +39 -46
- pulumi_vault/jwt/auth_backend_role.py +131 -260
- pulumi_vault/jwt/outputs.py +5 -0
- pulumi_vault/kmip/secret_backend.py +22 -21
- pulumi_vault/kmip/secret_role.py +12 -11
- pulumi_vault/kmip/secret_scope.py +12 -11
- pulumi_vault/kubernetes/auth_backend_config.py +55 -7
- pulumi_vault/kubernetes/auth_backend_role.py +68 -179
- pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
- pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
- pulumi_vault/kubernetes/get_service_account_token.py +39 -15
- pulumi_vault/kubernetes/secret_backend.py +314 -29
- pulumi_vault/kubernetes/secret_backend_role.py +135 -56
- pulumi_vault/kv/_inputs.py +36 -4
- pulumi_vault/kv/get_secret.py +23 -12
- pulumi_vault/kv/get_secret_subkeys_v2.py +31 -14
- pulumi_vault/kv/get_secret_v2.py +89 -9
- pulumi_vault/kv/get_secrets_list.py +22 -15
- pulumi_vault/kv/get_secrets_list_v2.py +35 -19
- pulumi_vault/kv/outputs.py +8 -3
- pulumi_vault/kv/secret.py +19 -18
- pulumi_vault/kv/secret_backend_v2.py +12 -11
- pulumi_vault/kv/secret_v2.py +55 -52
- pulumi_vault/ldap/auth_backend.py +125 -168
- pulumi_vault/ldap/auth_backend_group.py +12 -11
- pulumi_vault/ldap/auth_backend_user.py +12 -11
- pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
- pulumi_vault/ldap/get_static_credentials.py +24 -5
- pulumi_vault/ldap/secret_backend.py +352 -84
- pulumi_vault/ldap/secret_backend_dynamic_role.py +12 -11
- pulumi_vault/ldap/secret_backend_library_set.py +14 -11
- pulumi_vault/ldap/secret_backend_static_role.py +67 -12
- pulumi_vault/managed/_inputs.py +289 -132
- pulumi_vault/managed/keys.py +27 -43
- pulumi_vault/managed/outputs.py +89 -132
- pulumi_vault/mfa_duo.py +16 -13
- pulumi_vault/mfa_okta.py +16 -13
- pulumi_vault/mfa_pingid.py +16 -13
- pulumi_vault/mfa_totp.py +22 -19
- pulumi_vault/mongodbatlas/secret_backend.py +18 -17
- pulumi_vault/mongodbatlas/secret_role.py +41 -38
- pulumi_vault/mount.py +389 -65
- pulumi_vault/namespace.py +26 -21
- pulumi_vault/nomad_secret_backend.py +16 -15
- pulumi_vault/nomad_secret_role.py +12 -11
- pulumi_vault/okta/_inputs.py +47 -8
- pulumi_vault/okta/auth_backend.py +483 -41
- pulumi_vault/okta/auth_backend_group.py +12 -11
- pulumi_vault/okta/auth_backend_user.py +12 -11
- pulumi_vault/okta/outputs.py +13 -8
- pulumi_vault/outputs.py +5 -0
- pulumi_vault/password_policy.py +18 -15
- pulumi_vault/pkisecret/__init__.py +3 -0
- pulumi_vault/pkisecret/_inputs.py +81 -0
- pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
- pulumi_vault/pkisecret/backend_config_est.py +619 -0
- pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
- pulumi_vault/pkisecret/get_backend_issuer.py +63 -7
- pulumi_vault/pkisecret/get_backend_issuers.py +21 -12
- pulumi_vault/pkisecret/get_backend_key.py +24 -13
- pulumi_vault/pkisecret/get_backend_keys.py +21 -12
- pulumi_vault/pkisecret/outputs.py +69 -0
- pulumi_vault/pkisecret/secret_backend_cert.py +18 -15
- pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -15
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +12 -11
- pulumi_vault/pkisecret/secret_backend_config_urls.py +59 -11
- pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -13
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -15
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -21
- pulumi_vault/pkisecret/secret_backend_issuer.py +12 -11
- pulumi_vault/pkisecret/secret_backend_key.py +12 -7
- pulumi_vault/pkisecret/secret_backend_role.py +19 -16
- pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -52
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -62
- pulumi_vault/pkisecret/secret_backend_sign.py +18 -60
- pulumi_vault/plugin.py +595 -0
- pulumi_vault/plugin_pinned_version.py +298 -0
- pulumi_vault/policy.py +12 -7
- pulumi_vault/provider.py +48 -53
- pulumi_vault/pulumi-plugin.json +2 -1
- pulumi_vault/quota_lease_count.py +58 -8
- pulumi_vault/quota_rate_limit.py +54 -4
- pulumi_vault/rabbitmq/_inputs.py +61 -0
- pulumi_vault/rabbitmq/outputs.py +5 -0
- pulumi_vault/rabbitmq/secret_backend.py +16 -15
- pulumi_vault/rabbitmq/secret_backend_role.py +52 -49
- pulumi_vault/raft_autopilot.py +12 -11
- pulumi_vault/raft_snapshot_agent_config.py +121 -311
- pulumi_vault/rgp_policy.py +14 -13
- pulumi_vault/saml/auth_backend.py +20 -19
- pulumi_vault/saml/auth_backend_role.py +90 -199
- pulumi_vault/secrets/__init__.py +3 -0
- pulumi_vault/secrets/_inputs.py +110 -0
- pulumi_vault/secrets/outputs.py +94 -0
- pulumi_vault/secrets/sync_association.py +56 -75
- pulumi_vault/secrets/sync_aws_destination.py +240 -29
- pulumi_vault/secrets/sync_azure_destination.py +90 -33
- pulumi_vault/secrets/sync_config.py +7 -6
- pulumi_vault/secrets/sync_gcp_destination.py +156 -27
- pulumi_vault/secrets/sync_gh_destination.py +187 -15
- pulumi_vault/secrets/sync_github_apps.py +375 -0
- pulumi_vault/secrets/sync_vercel_destination.py +72 -15
- pulumi_vault/ssh/_inputs.py +28 -32
- pulumi_vault/ssh/outputs.py +11 -32
- pulumi_vault/ssh/secret_backend_ca.py +106 -11
- pulumi_vault/ssh/secret_backend_role.py +83 -120
- pulumi_vault/terraformcloud/secret_backend.py +5 -56
- pulumi_vault/terraformcloud/secret_creds.py +14 -24
- pulumi_vault/terraformcloud/secret_role.py +14 -76
- pulumi_vault/token.py +26 -25
- pulumi_vault/tokenauth/auth_backend_role.py +76 -201
- pulumi_vault/transform/alphabet.py +16 -13
- pulumi_vault/transform/get_decode.py +45 -21
- pulumi_vault/transform/get_encode.py +45 -21
- pulumi_vault/transform/role.py +16 -13
- pulumi_vault/transform/template.py +30 -25
- pulumi_vault/transform/transformation.py +12 -7
- pulumi_vault/transit/get_decrypt.py +26 -25
- pulumi_vault/transit/get_encrypt.py +24 -19
- pulumi_vault/transit/secret_backend_key.py +25 -97
- pulumi_vault/transit/secret_cache_config.py +12 -11
- {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/METADATA +8 -7
- pulumi_vault-6.5.0a1736836139.dist-info/RECORD +256 -0
- {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/WHEEL +1 -1
- pulumi_vault-5.21.0a1710160723.dist-info/RECORD +0 -244
- {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/top_level.txt +0 -0
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
|
12
17
|
__all__ = ['SecretBackendArgs', 'SecretBackend']
|
@@ -16,31 +21,40 @@ class SecretBackendArgs:
|
|
16
21
|
def __init__(__self__, *,
|
17
22
|
path: pulumi.Input[str],
|
18
23
|
allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
24
|
+
allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
19
25
|
audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
20
26
|
audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
21
27
|
default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
28
|
+
delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
22
29
|
description: Optional[pulumi.Input[str]] = None,
|
23
30
|
disable_local_ca_jwt: Optional[pulumi.Input[bool]] = None,
|
24
31
|
external_entropy_access: Optional[pulumi.Input[bool]] = None,
|
32
|
+
identity_token_key: Optional[pulumi.Input[str]] = None,
|
25
33
|
kubernetes_ca_cert: Optional[pulumi.Input[str]] = None,
|
26
34
|
kubernetes_host: Optional[pulumi.Input[str]] = None,
|
35
|
+
listing_visibility: Optional[pulumi.Input[str]] = None,
|
27
36
|
local: Optional[pulumi.Input[bool]] = None,
|
28
37
|
max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
29
38
|
namespace: Optional[pulumi.Input[str]] = None,
|
30
|
-
options: Optional[pulumi.Input[Mapping[str,
|
39
|
+
options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
40
|
+
passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
41
|
+
plugin_version: Optional[pulumi.Input[str]] = None,
|
31
42
|
seal_wrap: Optional[pulumi.Input[bool]] = None,
|
32
43
|
service_account_jwt: Optional[pulumi.Input[str]] = None):
|
33
44
|
"""
|
34
45
|
The set of arguments for constructing a SecretBackend resource.
|
35
46
|
:param pulumi.Input[str] path: Where the secret backend will be mounted
|
36
47
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_managed_keys: List of managed key registry entry names that the mount in question is allowed to access
|
48
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_response_headers: List of headers to allow and pass from the request to the plugin
|
37
49
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
|
38
50
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
|
39
51
|
:param pulumi.Input[int] default_lease_ttl_seconds: Default lease duration for tokens and secrets in seconds
|
52
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] delegated_auth_accessors: List of headers to allow and pass from the request to the plugin
|
40
53
|
:param pulumi.Input[str] description: Human-friendly description of the mount
|
41
54
|
:param pulumi.Input[bool] disable_local_ca_jwt: Disable defaulting to the local CA certificate and
|
42
55
|
service account JWT when Vault is running in a Kubernetes pod.
|
43
56
|
:param pulumi.Input[bool] external_entropy_access: Enable the secrets engine to access Vault's external entropy source
|
57
|
+
:param pulumi.Input[str] identity_token_key: The key to use for signing plugin workload identity tokens
|
44
58
|
:param pulumi.Input[str] kubernetes_ca_cert: A PEM-encoded CA certificate used by the
|
45
59
|
secrets engine to verify the Kubernetes API server certificate. Defaults to the local
|
46
60
|
pod’s CA if Vault is running in Kubernetes. Otherwise, defaults to the root CA set where
|
@@ -48,13 +62,16 @@ class SecretBackendArgs:
|
|
48
62
|
:param pulumi.Input[str] kubernetes_host: The Kubernetes API URL to connect to. Required if the
|
49
63
|
standard pod environment variables `KUBERNETES_SERVICE_HOST` or `KUBERNETES_SERVICE_PORT`
|
50
64
|
are not set on the host that Vault is running on.
|
65
|
+
:param pulumi.Input[str] listing_visibility: Specifies whether to show this mount in the UI-specific listing endpoint
|
51
66
|
:param pulumi.Input[bool] local: Local mount flag that can be explicitly set to true to enforce local mount in HA environment
|
52
67
|
:param pulumi.Input[int] max_lease_ttl_seconds: Maximum possible lease duration for tokens and secrets in seconds
|
53
68
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
54
69
|
The value should not contain leading or trailing forward slashes.
|
55
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
70
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
56
71
|
*Available only for Vault Enterprise*.
|
57
|
-
:param pulumi.Input[Mapping[str,
|
72
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] options: Specifies mount type specific options that are passed to the backend
|
73
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] passthrough_request_headers: List of headers to allow and pass from the request to the plugin
|
74
|
+
:param pulumi.Input[str] plugin_version: Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
|
58
75
|
:param pulumi.Input[bool] seal_wrap: Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
|
59
76
|
:param pulumi.Input[str] service_account_jwt: The JSON web token of the service account used by the
|
60
77
|
secrets engine to manage Kubernetes credentials. Defaults to the local pod’s JWT if Vault
|
@@ -63,22 +80,30 @@ class SecretBackendArgs:
|
|
63
80
|
pulumi.set(__self__, "path", path)
|
64
81
|
if allowed_managed_keys is not None:
|
65
82
|
pulumi.set(__self__, "allowed_managed_keys", allowed_managed_keys)
|
83
|
+
if allowed_response_headers is not None:
|
84
|
+
pulumi.set(__self__, "allowed_response_headers", allowed_response_headers)
|
66
85
|
if audit_non_hmac_request_keys is not None:
|
67
86
|
pulumi.set(__self__, "audit_non_hmac_request_keys", audit_non_hmac_request_keys)
|
68
87
|
if audit_non_hmac_response_keys is not None:
|
69
88
|
pulumi.set(__self__, "audit_non_hmac_response_keys", audit_non_hmac_response_keys)
|
70
89
|
if default_lease_ttl_seconds is not None:
|
71
90
|
pulumi.set(__self__, "default_lease_ttl_seconds", default_lease_ttl_seconds)
|
91
|
+
if delegated_auth_accessors is not None:
|
92
|
+
pulumi.set(__self__, "delegated_auth_accessors", delegated_auth_accessors)
|
72
93
|
if description is not None:
|
73
94
|
pulumi.set(__self__, "description", description)
|
74
95
|
if disable_local_ca_jwt is not None:
|
75
96
|
pulumi.set(__self__, "disable_local_ca_jwt", disable_local_ca_jwt)
|
76
97
|
if external_entropy_access is not None:
|
77
98
|
pulumi.set(__self__, "external_entropy_access", external_entropy_access)
|
99
|
+
if identity_token_key is not None:
|
100
|
+
pulumi.set(__self__, "identity_token_key", identity_token_key)
|
78
101
|
if kubernetes_ca_cert is not None:
|
79
102
|
pulumi.set(__self__, "kubernetes_ca_cert", kubernetes_ca_cert)
|
80
103
|
if kubernetes_host is not None:
|
81
104
|
pulumi.set(__self__, "kubernetes_host", kubernetes_host)
|
105
|
+
if listing_visibility is not None:
|
106
|
+
pulumi.set(__self__, "listing_visibility", listing_visibility)
|
82
107
|
if local is not None:
|
83
108
|
pulumi.set(__self__, "local", local)
|
84
109
|
if max_lease_ttl_seconds is not None:
|
@@ -87,6 +112,10 @@ class SecretBackendArgs:
|
|
87
112
|
pulumi.set(__self__, "namespace", namespace)
|
88
113
|
if options is not None:
|
89
114
|
pulumi.set(__self__, "options", options)
|
115
|
+
if passthrough_request_headers is not None:
|
116
|
+
pulumi.set(__self__, "passthrough_request_headers", passthrough_request_headers)
|
117
|
+
if plugin_version is not None:
|
118
|
+
pulumi.set(__self__, "plugin_version", plugin_version)
|
90
119
|
if seal_wrap is not None:
|
91
120
|
pulumi.set(__self__, "seal_wrap", seal_wrap)
|
92
121
|
if service_account_jwt is not None:
|
@@ -116,6 +145,18 @@ class SecretBackendArgs:
|
|
116
145
|
def allowed_managed_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
117
146
|
pulumi.set(self, "allowed_managed_keys", value)
|
118
147
|
|
148
|
+
@property
|
149
|
+
@pulumi.getter(name="allowedResponseHeaders")
|
150
|
+
def allowed_response_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
151
|
+
"""
|
152
|
+
List of headers to allow and pass from the request to the plugin
|
153
|
+
"""
|
154
|
+
return pulumi.get(self, "allowed_response_headers")
|
155
|
+
|
156
|
+
@allowed_response_headers.setter
|
157
|
+
def allowed_response_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
158
|
+
pulumi.set(self, "allowed_response_headers", value)
|
159
|
+
|
119
160
|
@property
|
120
161
|
@pulumi.getter(name="auditNonHmacRequestKeys")
|
121
162
|
def audit_non_hmac_request_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
@@ -152,6 +193,18 @@ class SecretBackendArgs:
|
|
152
193
|
def default_lease_ttl_seconds(self, value: Optional[pulumi.Input[int]]):
|
153
194
|
pulumi.set(self, "default_lease_ttl_seconds", value)
|
154
195
|
|
196
|
+
@property
|
197
|
+
@pulumi.getter(name="delegatedAuthAccessors")
|
198
|
+
def delegated_auth_accessors(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
199
|
+
"""
|
200
|
+
List of headers to allow and pass from the request to the plugin
|
201
|
+
"""
|
202
|
+
return pulumi.get(self, "delegated_auth_accessors")
|
203
|
+
|
204
|
+
@delegated_auth_accessors.setter
|
205
|
+
def delegated_auth_accessors(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
206
|
+
pulumi.set(self, "delegated_auth_accessors", value)
|
207
|
+
|
155
208
|
@property
|
156
209
|
@pulumi.getter
|
157
210
|
def description(self) -> Optional[pulumi.Input[str]]:
|
@@ -189,6 +242,18 @@ class SecretBackendArgs:
|
|
189
242
|
def external_entropy_access(self, value: Optional[pulumi.Input[bool]]):
|
190
243
|
pulumi.set(self, "external_entropy_access", value)
|
191
244
|
|
245
|
+
@property
|
246
|
+
@pulumi.getter(name="identityTokenKey")
|
247
|
+
def identity_token_key(self) -> Optional[pulumi.Input[str]]:
|
248
|
+
"""
|
249
|
+
The key to use for signing plugin workload identity tokens
|
250
|
+
"""
|
251
|
+
return pulumi.get(self, "identity_token_key")
|
252
|
+
|
253
|
+
@identity_token_key.setter
|
254
|
+
def identity_token_key(self, value: Optional[pulumi.Input[str]]):
|
255
|
+
pulumi.set(self, "identity_token_key", value)
|
256
|
+
|
192
257
|
@property
|
193
258
|
@pulumi.getter(name="kubernetesCaCert")
|
194
259
|
def kubernetes_ca_cert(self) -> Optional[pulumi.Input[str]]:
|
@@ -218,6 +283,18 @@ class SecretBackendArgs:
|
|
218
283
|
def kubernetes_host(self, value: Optional[pulumi.Input[str]]):
|
219
284
|
pulumi.set(self, "kubernetes_host", value)
|
220
285
|
|
286
|
+
@property
|
287
|
+
@pulumi.getter(name="listingVisibility")
|
288
|
+
def listing_visibility(self) -> Optional[pulumi.Input[str]]:
|
289
|
+
"""
|
290
|
+
Specifies whether to show this mount in the UI-specific listing endpoint
|
291
|
+
"""
|
292
|
+
return pulumi.get(self, "listing_visibility")
|
293
|
+
|
294
|
+
@listing_visibility.setter
|
295
|
+
def listing_visibility(self, value: Optional[pulumi.Input[str]]):
|
296
|
+
pulumi.set(self, "listing_visibility", value)
|
297
|
+
|
221
298
|
@property
|
222
299
|
@pulumi.getter
|
223
300
|
def local(self) -> Optional[pulumi.Input[bool]]:
|
@@ -248,7 +325,7 @@ class SecretBackendArgs:
|
|
248
325
|
"""
|
249
326
|
The namespace to provision the resource in.
|
250
327
|
The value should not contain leading or trailing forward slashes.
|
251
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
328
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
252
329
|
*Available only for Vault Enterprise*.
|
253
330
|
"""
|
254
331
|
return pulumi.get(self, "namespace")
|
@@ -259,16 +336,40 @@ class SecretBackendArgs:
|
|
259
336
|
|
260
337
|
@property
|
261
338
|
@pulumi.getter
|
262
|
-
def options(self) -> Optional[pulumi.Input[Mapping[str,
|
339
|
+
def options(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
|
263
340
|
"""
|
264
341
|
Specifies mount type specific options that are passed to the backend
|
265
342
|
"""
|
266
343
|
return pulumi.get(self, "options")
|
267
344
|
|
268
345
|
@options.setter
|
269
|
-
def options(self, value: Optional[pulumi.Input[Mapping[str,
|
346
|
+
def options(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
|
270
347
|
pulumi.set(self, "options", value)
|
271
348
|
|
349
|
+
@property
|
350
|
+
@pulumi.getter(name="passthroughRequestHeaders")
|
351
|
+
def passthrough_request_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
352
|
+
"""
|
353
|
+
List of headers to allow and pass from the request to the plugin
|
354
|
+
"""
|
355
|
+
return pulumi.get(self, "passthrough_request_headers")
|
356
|
+
|
357
|
+
@passthrough_request_headers.setter
|
358
|
+
def passthrough_request_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
359
|
+
pulumi.set(self, "passthrough_request_headers", value)
|
360
|
+
|
361
|
+
@property
|
362
|
+
@pulumi.getter(name="pluginVersion")
|
363
|
+
def plugin_version(self) -> Optional[pulumi.Input[str]]:
|
364
|
+
"""
|
365
|
+
Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
|
366
|
+
"""
|
367
|
+
return pulumi.get(self, "plugin_version")
|
368
|
+
|
369
|
+
@plugin_version.setter
|
370
|
+
def plugin_version(self, value: Optional[pulumi.Input[str]]):
|
371
|
+
pulumi.set(self, "plugin_version", value)
|
372
|
+
|
272
373
|
@property
|
273
374
|
@pulumi.getter(name="sealWrap")
|
274
375
|
def seal_wrap(self) -> Optional[pulumi.Input[bool]]:
|
@@ -301,32 +402,41 @@ class _SecretBackendState:
|
|
301
402
|
def __init__(__self__, *,
|
302
403
|
accessor: Optional[pulumi.Input[str]] = None,
|
303
404
|
allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
405
|
+
allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
304
406
|
audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
305
407
|
audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
306
408
|
default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
409
|
+
delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
307
410
|
description: Optional[pulumi.Input[str]] = None,
|
308
411
|
disable_local_ca_jwt: Optional[pulumi.Input[bool]] = None,
|
309
412
|
external_entropy_access: Optional[pulumi.Input[bool]] = None,
|
413
|
+
identity_token_key: Optional[pulumi.Input[str]] = None,
|
310
414
|
kubernetes_ca_cert: Optional[pulumi.Input[str]] = None,
|
311
415
|
kubernetes_host: Optional[pulumi.Input[str]] = None,
|
416
|
+
listing_visibility: Optional[pulumi.Input[str]] = None,
|
312
417
|
local: Optional[pulumi.Input[bool]] = None,
|
313
418
|
max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
314
419
|
namespace: Optional[pulumi.Input[str]] = None,
|
315
|
-
options: Optional[pulumi.Input[Mapping[str,
|
420
|
+
options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
421
|
+
passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
316
422
|
path: Optional[pulumi.Input[str]] = None,
|
423
|
+
plugin_version: Optional[pulumi.Input[str]] = None,
|
317
424
|
seal_wrap: Optional[pulumi.Input[bool]] = None,
|
318
425
|
service_account_jwt: Optional[pulumi.Input[str]] = None):
|
319
426
|
"""
|
320
427
|
Input properties used for looking up and filtering SecretBackend resources.
|
321
428
|
:param pulumi.Input[str] accessor: Accessor of the mount
|
322
429
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_managed_keys: List of managed key registry entry names that the mount in question is allowed to access
|
430
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_response_headers: List of headers to allow and pass from the request to the plugin
|
323
431
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
|
324
432
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
|
325
433
|
:param pulumi.Input[int] default_lease_ttl_seconds: Default lease duration for tokens and secrets in seconds
|
434
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] delegated_auth_accessors: List of headers to allow and pass from the request to the plugin
|
326
435
|
:param pulumi.Input[str] description: Human-friendly description of the mount
|
327
436
|
:param pulumi.Input[bool] disable_local_ca_jwt: Disable defaulting to the local CA certificate and
|
328
437
|
service account JWT when Vault is running in a Kubernetes pod.
|
329
438
|
:param pulumi.Input[bool] external_entropy_access: Enable the secrets engine to access Vault's external entropy source
|
439
|
+
:param pulumi.Input[str] identity_token_key: The key to use for signing plugin workload identity tokens
|
330
440
|
:param pulumi.Input[str] kubernetes_ca_cert: A PEM-encoded CA certificate used by the
|
331
441
|
secrets engine to verify the Kubernetes API server certificate. Defaults to the local
|
332
442
|
pod’s CA if Vault is running in Kubernetes. Otherwise, defaults to the root CA set where
|
@@ -334,14 +444,17 @@ class _SecretBackendState:
|
|
334
444
|
:param pulumi.Input[str] kubernetes_host: The Kubernetes API URL to connect to. Required if the
|
335
445
|
standard pod environment variables `KUBERNETES_SERVICE_HOST` or `KUBERNETES_SERVICE_PORT`
|
336
446
|
are not set on the host that Vault is running on.
|
447
|
+
:param pulumi.Input[str] listing_visibility: Specifies whether to show this mount in the UI-specific listing endpoint
|
337
448
|
:param pulumi.Input[bool] local: Local mount flag that can be explicitly set to true to enforce local mount in HA environment
|
338
449
|
:param pulumi.Input[int] max_lease_ttl_seconds: Maximum possible lease duration for tokens and secrets in seconds
|
339
450
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
340
451
|
The value should not contain leading or trailing forward slashes.
|
341
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
452
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
342
453
|
*Available only for Vault Enterprise*.
|
343
|
-
:param pulumi.Input[Mapping[str,
|
454
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] options: Specifies mount type specific options that are passed to the backend
|
455
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] passthrough_request_headers: List of headers to allow and pass from the request to the plugin
|
344
456
|
:param pulumi.Input[str] path: Where the secret backend will be mounted
|
457
|
+
:param pulumi.Input[str] plugin_version: Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
|
345
458
|
:param pulumi.Input[bool] seal_wrap: Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
|
346
459
|
:param pulumi.Input[str] service_account_jwt: The JSON web token of the service account used by the
|
347
460
|
secrets engine to manage Kubernetes credentials. Defaults to the local pod’s JWT if Vault
|
@@ -351,22 +464,30 @@ class _SecretBackendState:
|
|
351
464
|
pulumi.set(__self__, "accessor", accessor)
|
352
465
|
if allowed_managed_keys is not None:
|
353
466
|
pulumi.set(__self__, "allowed_managed_keys", allowed_managed_keys)
|
467
|
+
if allowed_response_headers is not None:
|
468
|
+
pulumi.set(__self__, "allowed_response_headers", allowed_response_headers)
|
354
469
|
if audit_non_hmac_request_keys is not None:
|
355
470
|
pulumi.set(__self__, "audit_non_hmac_request_keys", audit_non_hmac_request_keys)
|
356
471
|
if audit_non_hmac_response_keys is not None:
|
357
472
|
pulumi.set(__self__, "audit_non_hmac_response_keys", audit_non_hmac_response_keys)
|
358
473
|
if default_lease_ttl_seconds is not None:
|
359
474
|
pulumi.set(__self__, "default_lease_ttl_seconds", default_lease_ttl_seconds)
|
475
|
+
if delegated_auth_accessors is not None:
|
476
|
+
pulumi.set(__self__, "delegated_auth_accessors", delegated_auth_accessors)
|
360
477
|
if description is not None:
|
361
478
|
pulumi.set(__self__, "description", description)
|
362
479
|
if disable_local_ca_jwt is not None:
|
363
480
|
pulumi.set(__self__, "disable_local_ca_jwt", disable_local_ca_jwt)
|
364
481
|
if external_entropy_access is not None:
|
365
482
|
pulumi.set(__self__, "external_entropy_access", external_entropy_access)
|
483
|
+
if identity_token_key is not None:
|
484
|
+
pulumi.set(__self__, "identity_token_key", identity_token_key)
|
366
485
|
if kubernetes_ca_cert is not None:
|
367
486
|
pulumi.set(__self__, "kubernetes_ca_cert", kubernetes_ca_cert)
|
368
487
|
if kubernetes_host is not None:
|
369
488
|
pulumi.set(__self__, "kubernetes_host", kubernetes_host)
|
489
|
+
if listing_visibility is not None:
|
490
|
+
pulumi.set(__self__, "listing_visibility", listing_visibility)
|
370
491
|
if local is not None:
|
371
492
|
pulumi.set(__self__, "local", local)
|
372
493
|
if max_lease_ttl_seconds is not None:
|
@@ -375,8 +496,12 @@ class _SecretBackendState:
|
|
375
496
|
pulumi.set(__self__, "namespace", namespace)
|
376
497
|
if options is not None:
|
377
498
|
pulumi.set(__self__, "options", options)
|
499
|
+
if passthrough_request_headers is not None:
|
500
|
+
pulumi.set(__self__, "passthrough_request_headers", passthrough_request_headers)
|
378
501
|
if path is not None:
|
379
502
|
pulumi.set(__self__, "path", path)
|
503
|
+
if plugin_version is not None:
|
504
|
+
pulumi.set(__self__, "plugin_version", plugin_version)
|
380
505
|
if seal_wrap is not None:
|
381
506
|
pulumi.set(__self__, "seal_wrap", seal_wrap)
|
382
507
|
if service_account_jwt is not None:
|
@@ -406,6 +531,18 @@ class _SecretBackendState:
|
|
406
531
|
def allowed_managed_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
407
532
|
pulumi.set(self, "allowed_managed_keys", value)
|
408
533
|
|
534
|
+
@property
|
535
|
+
@pulumi.getter(name="allowedResponseHeaders")
|
536
|
+
def allowed_response_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
537
|
+
"""
|
538
|
+
List of headers to allow and pass from the request to the plugin
|
539
|
+
"""
|
540
|
+
return pulumi.get(self, "allowed_response_headers")
|
541
|
+
|
542
|
+
@allowed_response_headers.setter
|
543
|
+
def allowed_response_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
544
|
+
pulumi.set(self, "allowed_response_headers", value)
|
545
|
+
|
409
546
|
@property
|
410
547
|
@pulumi.getter(name="auditNonHmacRequestKeys")
|
411
548
|
def audit_non_hmac_request_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
@@ -442,6 +579,18 @@ class _SecretBackendState:
|
|
442
579
|
def default_lease_ttl_seconds(self, value: Optional[pulumi.Input[int]]):
|
443
580
|
pulumi.set(self, "default_lease_ttl_seconds", value)
|
444
581
|
|
582
|
+
@property
|
583
|
+
@pulumi.getter(name="delegatedAuthAccessors")
|
584
|
+
def delegated_auth_accessors(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
585
|
+
"""
|
586
|
+
List of headers to allow and pass from the request to the plugin
|
587
|
+
"""
|
588
|
+
return pulumi.get(self, "delegated_auth_accessors")
|
589
|
+
|
590
|
+
@delegated_auth_accessors.setter
|
591
|
+
def delegated_auth_accessors(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
592
|
+
pulumi.set(self, "delegated_auth_accessors", value)
|
593
|
+
|
445
594
|
@property
|
446
595
|
@pulumi.getter
|
447
596
|
def description(self) -> Optional[pulumi.Input[str]]:
|
@@ -479,6 +628,18 @@ class _SecretBackendState:
|
|
479
628
|
def external_entropy_access(self, value: Optional[pulumi.Input[bool]]):
|
480
629
|
pulumi.set(self, "external_entropy_access", value)
|
481
630
|
|
631
|
+
@property
|
632
|
+
@pulumi.getter(name="identityTokenKey")
|
633
|
+
def identity_token_key(self) -> Optional[pulumi.Input[str]]:
|
634
|
+
"""
|
635
|
+
The key to use for signing plugin workload identity tokens
|
636
|
+
"""
|
637
|
+
return pulumi.get(self, "identity_token_key")
|
638
|
+
|
639
|
+
@identity_token_key.setter
|
640
|
+
def identity_token_key(self, value: Optional[pulumi.Input[str]]):
|
641
|
+
pulumi.set(self, "identity_token_key", value)
|
642
|
+
|
482
643
|
@property
|
483
644
|
@pulumi.getter(name="kubernetesCaCert")
|
484
645
|
def kubernetes_ca_cert(self) -> Optional[pulumi.Input[str]]:
|
@@ -508,6 +669,18 @@ class _SecretBackendState:
|
|
508
669
|
def kubernetes_host(self, value: Optional[pulumi.Input[str]]):
|
509
670
|
pulumi.set(self, "kubernetes_host", value)
|
510
671
|
|
672
|
+
@property
|
673
|
+
@pulumi.getter(name="listingVisibility")
|
674
|
+
def listing_visibility(self) -> Optional[pulumi.Input[str]]:
|
675
|
+
"""
|
676
|
+
Specifies whether to show this mount in the UI-specific listing endpoint
|
677
|
+
"""
|
678
|
+
return pulumi.get(self, "listing_visibility")
|
679
|
+
|
680
|
+
@listing_visibility.setter
|
681
|
+
def listing_visibility(self, value: Optional[pulumi.Input[str]]):
|
682
|
+
pulumi.set(self, "listing_visibility", value)
|
683
|
+
|
511
684
|
@property
|
512
685
|
@pulumi.getter
|
513
686
|
def local(self) -> Optional[pulumi.Input[bool]]:
|
@@ -538,7 +711,7 @@ class _SecretBackendState:
|
|
538
711
|
"""
|
539
712
|
The namespace to provision the resource in.
|
540
713
|
The value should not contain leading or trailing forward slashes.
|
541
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
714
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
542
715
|
*Available only for Vault Enterprise*.
|
543
716
|
"""
|
544
717
|
return pulumi.get(self, "namespace")
|
@@ -549,16 +722,28 @@ class _SecretBackendState:
|
|
549
722
|
|
550
723
|
@property
|
551
724
|
@pulumi.getter
|
552
|
-
def options(self) -> Optional[pulumi.Input[Mapping[str,
|
725
|
+
def options(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
|
553
726
|
"""
|
554
727
|
Specifies mount type specific options that are passed to the backend
|
555
728
|
"""
|
556
729
|
return pulumi.get(self, "options")
|
557
730
|
|
558
731
|
@options.setter
|
559
|
-
def options(self, value: Optional[pulumi.Input[Mapping[str,
|
732
|
+
def options(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
|
560
733
|
pulumi.set(self, "options", value)
|
561
734
|
|
735
|
+
@property
|
736
|
+
@pulumi.getter(name="passthroughRequestHeaders")
|
737
|
+
def passthrough_request_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
738
|
+
"""
|
739
|
+
List of headers to allow and pass from the request to the plugin
|
740
|
+
"""
|
741
|
+
return pulumi.get(self, "passthrough_request_headers")
|
742
|
+
|
743
|
+
@passthrough_request_headers.setter
|
744
|
+
def passthrough_request_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
745
|
+
pulumi.set(self, "passthrough_request_headers", value)
|
746
|
+
|
562
747
|
@property
|
563
748
|
@pulumi.getter
|
564
749
|
def path(self) -> Optional[pulumi.Input[str]]:
|
@@ -571,6 +756,18 @@ class _SecretBackendState:
|
|
571
756
|
def path(self, value: Optional[pulumi.Input[str]]):
|
572
757
|
pulumi.set(self, "path", value)
|
573
758
|
|
759
|
+
@property
|
760
|
+
@pulumi.getter(name="pluginVersion")
|
761
|
+
def plugin_version(self) -> Optional[pulumi.Input[str]]:
|
762
|
+
"""
|
763
|
+
Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
|
764
|
+
"""
|
765
|
+
return pulumi.get(self, "plugin_version")
|
766
|
+
|
767
|
+
@plugin_version.setter
|
768
|
+
def plugin_version(self, value: Optional[pulumi.Input[str]]):
|
769
|
+
pulumi.set(self, "plugin_version", value)
|
770
|
+
|
574
771
|
@property
|
575
772
|
@pulumi.getter(name="sealWrap")
|
576
773
|
def seal_wrap(self) -> Optional[pulumi.Input[bool]]:
|
@@ -604,28 +801,34 @@ class SecretBackend(pulumi.CustomResource):
|
|
604
801
|
resource_name: str,
|
605
802
|
opts: Optional[pulumi.ResourceOptions] = None,
|
606
803
|
allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
804
|
+
allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
607
805
|
audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
608
806
|
audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
609
807
|
default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
808
|
+
delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
610
809
|
description: Optional[pulumi.Input[str]] = None,
|
611
810
|
disable_local_ca_jwt: Optional[pulumi.Input[bool]] = None,
|
612
811
|
external_entropy_access: Optional[pulumi.Input[bool]] = None,
|
812
|
+
identity_token_key: Optional[pulumi.Input[str]] = None,
|
613
813
|
kubernetes_ca_cert: Optional[pulumi.Input[str]] = None,
|
614
814
|
kubernetes_host: Optional[pulumi.Input[str]] = None,
|
815
|
+
listing_visibility: Optional[pulumi.Input[str]] = None,
|
615
816
|
local: Optional[pulumi.Input[bool]] = None,
|
616
817
|
max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
617
818
|
namespace: Optional[pulumi.Input[str]] = None,
|
618
|
-
options: Optional[pulumi.Input[Mapping[str,
|
819
|
+
options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
820
|
+
passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
619
821
|
path: Optional[pulumi.Input[str]] = None,
|
822
|
+
plugin_version: Optional[pulumi.Input[str]] = None,
|
620
823
|
seal_wrap: Optional[pulumi.Input[bool]] = None,
|
621
824
|
service_account_jwt: Optional[pulumi.Input[str]] = None,
|
622
825
|
__props__=None):
|
623
826
|
"""
|
624
827
|
## Example Usage
|
625
828
|
|
626
|
-
<!--Start PulumiCodeChooser -->
|
627
829
|
```python
|
628
830
|
import pulumi
|
831
|
+
import pulumi_std as std
|
629
832
|
import pulumi_vault as vault
|
630
833
|
|
631
834
|
config = vault.kubernetes.SecretBackend("config",
|
@@ -634,11 +837,10 @@ class SecretBackend(pulumi.CustomResource):
|
|
634
837
|
default_lease_ttl_seconds=43200,
|
635
838
|
max_lease_ttl_seconds=86400,
|
636
839
|
kubernetes_host="https://127.0.0.1:61233",
|
637
|
-
kubernetes_ca_cert=
|
638
|
-
service_account_jwt=
|
840
|
+
kubernetes_ca_cert=std.file(input="/path/to/cert").result,
|
841
|
+
service_account_jwt=std.file(input="/path/to/token").result,
|
639
842
|
disable_local_ca_jwt=False)
|
640
843
|
```
|
641
|
-
<!--End PulumiCodeChooser -->
|
642
844
|
|
643
845
|
## Import
|
644
846
|
|
@@ -651,13 +853,16 @@ class SecretBackend(pulumi.CustomResource):
|
|
651
853
|
:param str resource_name: The name of the resource.
|
652
854
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
653
855
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_managed_keys: List of managed key registry entry names that the mount in question is allowed to access
|
856
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_response_headers: List of headers to allow and pass from the request to the plugin
|
654
857
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
|
655
858
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
|
656
859
|
:param pulumi.Input[int] default_lease_ttl_seconds: Default lease duration for tokens and secrets in seconds
|
860
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] delegated_auth_accessors: List of headers to allow and pass from the request to the plugin
|
657
861
|
:param pulumi.Input[str] description: Human-friendly description of the mount
|
658
862
|
:param pulumi.Input[bool] disable_local_ca_jwt: Disable defaulting to the local CA certificate and
|
659
863
|
service account JWT when Vault is running in a Kubernetes pod.
|
660
864
|
:param pulumi.Input[bool] external_entropy_access: Enable the secrets engine to access Vault's external entropy source
|
865
|
+
:param pulumi.Input[str] identity_token_key: The key to use for signing plugin workload identity tokens
|
661
866
|
:param pulumi.Input[str] kubernetes_ca_cert: A PEM-encoded CA certificate used by the
|
662
867
|
secrets engine to verify the Kubernetes API server certificate. Defaults to the local
|
663
868
|
pod’s CA if Vault is running in Kubernetes. Otherwise, defaults to the root CA set where
|
@@ -665,14 +870,17 @@ class SecretBackend(pulumi.CustomResource):
|
|
665
870
|
:param pulumi.Input[str] kubernetes_host: The Kubernetes API URL to connect to. Required if the
|
666
871
|
standard pod environment variables `KUBERNETES_SERVICE_HOST` or `KUBERNETES_SERVICE_PORT`
|
667
872
|
are not set on the host that Vault is running on.
|
873
|
+
:param pulumi.Input[str] listing_visibility: Specifies whether to show this mount in the UI-specific listing endpoint
|
668
874
|
:param pulumi.Input[bool] local: Local mount flag that can be explicitly set to true to enforce local mount in HA environment
|
669
875
|
:param pulumi.Input[int] max_lease_ttl_seconds: Maximum possible lease duration for tokens and secrets in seconds
|
670
876
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
671
877
|
The value should not contain leading or trailing forward slashes.
|
672
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
878
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
673
879
|
*Available only for Vault Enterprise*.
|
674
|
-
:param pulumi.Input[Mapping[str,
|
880
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] options: Specifies mount type specific options that are passed to the backend
|
881
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] passthrough_request_headers: List of headers to allow and pass from the request to the plugin
|
675
882
|
:param pulumi.Input[str] path: Where the secret backend will be mounted
|
883
|
+
:param pulumi.Input[str] plugin_version: Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
|
676
884
|
:param pulumi.Input[bool] seal_wrap: Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
|
677
885
|
:param pulumi.Input[str] service_account_jwt: The JSON web token of the service account used by the
|
678
886
|
secrets engine to manage Kubernetes credentials. Defaults to the local pod’s JWT if Vault
|
@@ -687,9 +895,9 @@ class SecretBackend(pulumi.CustomResource):
|
|
687
895
|
"""
|
688
896
|
## Example Usage
|
689
897
|
|
690
|
-
<!--Start PulumiCodeChooser -->
|
691
898
|
```python
|
692
899
|
import pulumi
|
900
|
+
import pulumi_std as std
|
693
901
|
import pulumi_vault as vault
|
694
902
|
|
695
903
|
config = vault.kubernetes.SecretBackend("config",
|
@@ -698,11 +906,10 @@ class SecretBackend(pulumi.CustomResource):
|
|
698
906
|
default_lease_ttl_seconds=43200,
|
699
907
|
max_lease_ttl_seconds=86400,
|
700
908
|
kubernetes_host="https://127.0.0.1:61233",
|
701
|
-
kubernetes_ca_cert=
|
702
|
-
service_account_jwt=
|
909
|
+
kubernetes_ca_cert=std.file(input="/path/to/cert").result,
|
910
|
+
service_account_jwt=std.file(input="/path/to/token").result,
|
703
911
|
disable_local_ca_jwt=False)
|
704
912
|
```
|
705
|
-
<!--End PulumiCodeChooser -->
|
706
913
|
|
707
914
|
## Import
|
708
915
|
|
@@ -728,19 +935,25 @@ class SecretBackend(pulumi.CustomResource):
|
|
728
935
|
resource_name: str,
|
729
936
|
opts: Optional[pulumi.ResourceOptions] = None,
|
730
937
|
allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
938
|
+
allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
731
939
|
audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
732
940
|
audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
733
941
|
default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
942
|
+
delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
734
943
|
description: Optional[pulumi.Input[str]] = None,
|
735
944
|
disable_local_ca_jwt: Optional[pulumi.Input[bool]] = None,
|
736
945
|
external_entropy_access: Optional[pulumi.Input[bool]] = None,
|
946
|
+
identity_token_key: Optional[pulumi.Input[str]] = None,
|
737
947
|
kubernetes_ca_cert: Optional[pulumi.Input[str]] = None,
|
738
948
|
kubernetes_host: Optional[pulumi.Input[str]] = None,
|
949
|
+
listing_visibility: Optional[pulumi.Input[str]] = None,
|
739
950
|
local: Optional[pulumi.Input[bool]] = None,
|
740
951
|
max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
741
952
|
namespace: Optional[pulumi.Input[str]] = None,
|
742
|
-
options: Optional[pulumi.Input[Mapping[str,
|
953
|
+
options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
954
|
+
passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
743
955
|
path: Optional[pulumi.Input[str]] = None,
|
956
|
+
plugin_version: Optional[pulumi.Input[str]] = None,
|
744
957
|
seal_wrap: Optional[pulumi.Input[bool]] = None,
|
745
958
|
service_account_jwt: Optional[pulumi.Input[str]] = None,
|
746
959
|
__props__=None):
|
@@ -753,21 +966,27 @@ class SecretBackend(pulumi.CustomResource):
|
|
753
966
|
__props__ = SecretBackendArgs.__new__(SecretBackendArgs)
|
754
967
|
|
755
968
|
__props__.__dict__["allowed_managed_keys"] = allowed_managed_keys
|
969
|
+
__props__.__dict__["allowed_response_headers"] = allowed_response_headers
|
756
970
|
__props__.__dict__["audit_non_hmac_request_keys"] = audit_non_hmac_request_keys
|
757
971
|
__props__.__dict__["audit_non_hmac_response_keys"] = audit_non_hmac_response_keys
|
758
972
|
__props__.__dict__["default_lease_ttl_seconds"] = default_lease_ttl_seconds
|
973
|
+
__props__.__dict__["delegated_auth_accessors"] = delegated_auth_accessors
|
759
974
|
__props__.__dict__["description"] = description
|
760
975
|
__props__.__dict__["disable_local_ca_jwt"] = disable_local_ca_jwt
|
761
976
|
__props__.__dict__["external_entropy_access"] = external_entropy_access
|
977
|
+
__props__.__dict__["identity_token_key"] = identity_token_key
|
762
978
|
__props__.__dict__["kubernetes_ca_cert"] = kubernetes_ca_cert
|
763
979
|
__props__.__dict__["kubernetes_host"] = kubernetes_host
|
980
|
+
__props__.__dict__["listing_visibility"] = listing_visibility
|
764
981
|
__props__.__dict__["local"] = local
|
765
982
|
__props__.__dict__["max_lease_ttl_seconds"] = max_lease_ttl_seconds
|
766
983
|
__props__.__dict__["namespace"] = namespace
|
767
984
|
__props__.__dict__["options"] = options
|
985
|
+
__props__.__dict__["passthrough_request_headers"] = passthrough_request_headers
|
768
986
|
if path is None and not opts.urn:
|
769
987
|
raise TypeError("Missing required property 'path'")
|
770
988
|
__props__.__dict__["path"] = path
|
989
|
+
__props__.__dict__["plugin_version"] = plugin_version
|
771
990
|
__props__.__dict__["seal_wrap"] = seal_wrap
|
772
991
|
__props__.__dict__["service_account_jwt"] = None if service_account_jwt is None else pulumi.Output.secret(service_account_jwt)
|
773
992
|
__props__.__dict__["accessor"] = None
|
@@ -785,19 +1004,25 @@ class SecretBackend(pulumi.CustomResource):
|
|
785
1004
|
opts: Optional[pulumi.ResourceOptions] = None,
|
786
1005
|
accessor: Optional[pulumi.Input[str]] = None,
|
787
1006
|
allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1007
|
+
allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
788
1008
|
audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
789
1009
|
audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
790
1010
|
default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
1011
|
+
delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
791
1012
|
description: Optional[pulumi.Input[str]] = None,
|
792
1013
|
disable_local_ca_jwt: Optional[pulumi.Input[bool]] = None,
|
793
1014
|
external_entropy_access: Optional[pulumi.Input[bool]] = None,
|
1015
|
+
identity_token_key: Optional[pulumi.Input[str]] = None,
|
794
1016
|
kubernetes_ca_cert: Optional[pulumi.Input[str]] = None,
|
795
1017
|
kubernetes_host: Optional[pulumi.Input[str]] = None,
|
1018
|
+
listing_visibility: Optional[pulumi.Input[str]] = None,
|
796
1019
|
local: Optional[pulumi.Input[bool]] = None,
|
797
1020
|
max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
798
1021
|
namespace: Optional[pulumi.Input[str]] = None,
|
799
|
-
options: Optional[pulumi.Input[Mapping[str,
|
1022
|
+
options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
1023
|
+
passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
800
1024
|
path: Optional[pulumi.Input[str]] = None,
|
1025
|
+
plugin_version: Optional[pulumi.Input[str]] = None,
|
801
1026
|
seal_wrap: Optional[pulumi.Input[bool]] = None,
|
802
1027
|
service_account_jwt: Optional[pulumi.Input[str]] = None) -> 'SecretBackend':
|
803
1028
|
"""
|
@@ -809,13 +1034,16 @@ class SecretBackend(pulumi.CustomResource):
|
|
809
1034
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
810
1035
|
:param pulumi.Input[str] accessor: Accessor of the mount
|
811
1036
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_managed_keys: List of managed key registry entry names that the mount in question is allowed to access
|
1037
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_response_headers: List of headers to allow and pass from the request to the plugin
|
812
1038
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
|
813
1039
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
|
814
1040
|
:param pulumi.Input[int] default_lease_ttl_seconds: Default lease duration for tokens and secrets in seconds
|
1041
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] delegated_auth_accessors: List of headers to allow and pass from the request to the plugin
|
815
1042
|
:param pulumi.Input[str] description: Human-friendly description of the mount
|
816
1043
|
:param pulumi.Input[bool] disable_local_ca_jwt: Disable defaulting to the local CA certificate and
|
817
1044
|
service account JWT when Vault is running in a Kubernetes pod.
|
818
1045
|
:param pulumi.Input[bool] external_entropy_access: Enable the secrets engine to access Vault's external entropy source
|
1046
|
+
:param pulumi.Input[str] identity_token_key: The key to use for signing plugin workload identity tokens
|
819
1047
|
:param pulumi.Input[str] kubernetes_ca_cert: A PEM-encoded CA certificate used by the
|
820
1048
|
secrets engine to verify the Kubernetes API server certificate. Defaults to the local
|
821
1049
|
pod’s CA if Vault is running in Kubernetes. Otherwise, defaults to the root CA set where
|
@@ -823,14 +1051,17 @@ class SecretBackend(pulumi.CustomResource):
|
|
823
1051
|
:param pulumi.Input[str] kubernetes_host: The Kubernetes API URL to connect to. Required if the
|
824
1052
|
standard pod environment variables `KUBERNETES_SERVICE_HOST` or `KUBERNETES_SERVICE_PORT`
|
825
1053
|
are not set on the host that Vault is running on.
|
1054
|
+
:param pulumi.Input[str] listing_visibility: Specifies whether to show this mount in the UI-specific listing endpoint
|
826
1055
|
:param pulumi.Input[bool] local: Local mount flag that can be explicitly set to true to enforce local mount in HA environment
|
827
1056
|
:param pulumi.Input[int] max_lease_ttl_seconds: Maximum possible lease duration for tokens and secrets in seconds
|
828
1057
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
829
1058
|
The value should not contain leading or trailing forward slashes.
|
830
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
1059
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
831
1060
|
*Available only for Vault Enterprise*.
|
832
|
-
:param pulumi.Input[Mapping[str,
|
1061
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] options: Specifies mount type specific options that are passed to the backend
|
1062
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] passthrough_request_headers: List of headers to allow and pass from the request to the plugin
|
833
1063
|
:param pulumi.Input[str] path: Where the secret backend will be mounted
|
1064
|
+
:param pulumi.Input[str] plugin_version: Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
|
834
1065
|
:param pulumi.Input[bool] seal_wrap: Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
|
835
1066
|
:param pulumi.Input[str] service_account_jwt: The JSON web token of the service account used by the
|
836
1067
|
secrets engine to manage Kubernetes credentials. Defaults to the local pod’s JWT if Vault
|
@@ -842,19 +1073,25 @@ class SecretBackend(pulumi.CustomResource):
|
|
842
1073
|
|
843
1074
|
__props__.__dict__["accessor"] = accessor
|
844
1075
|
__props__.__dict__["allowed_managed_keys"] = allowed_managed_keys
|
1076
|
+
__props__.__dict__["allowed_response_headers"] = allowed_response_headers
|
845
1077
|
__props__.__dict__["audit_non_hmac_request_keys"] = audit_non_hmac_request_keys
|
846
1078
|
__props__.__dict__["audit_non_hmac_response_keys"] = audit_non_hmac_response_keys
|
847
1079
|
__props__.__dict__["default_lease_ttl_seconds"] = default_lease_ttl_seconds
|
1080
|
+
__props__.__dict__["delegated_auth_accessors"] = delegated_auth_accessors
|
848
1081
|
__props__.__dict__["description"] = description
|
849
1082
|
__props__.__dict__["disable_local_ca_jwt"] = disable_local_ca_jwt
|
850
1083
|
__props__.__dict__["external_entropy_access"] = external_entropy_access
|
1084
|
+
__props__.__dict__["identity_token_key"] = identity_token_key
|
851
1085
|
__props__.__dict__["kubernetes_ca_cert"] = kubernetes_ca_cert
|
852
1086
|
__props__.__dict__["kubernetes_host"] = kubernetes_host
|
1087
|
+
__props__.__dict__["listing_visibility"] = listing_visibility
|
853
1088
|
__props__.__dict__["local"] = local
|
854
1089
|
__props__.__dict__["max_lease_ttl_seconds"] = max_lease_ttl_seconds
|
855
1090
|
__props__.__dict__["namespace"] = namespace
|
856
1091
|
__props__.__dict__["options"] = options
|
1092
|
+
__props__.__dict__["passthrough_request_headers"] = passthrough_request_headers
|
857
1093
|
__props__.__dict__["path"] = path
|
1094
|
+
__props__.__dict__["plugin_version"] = plugin_version
|
858
1095
|
__props__.__dict__["seal_wrap"] = seal_wrap
|
859
1096
|
__props__.__dict__["service_account_jwt"] = service_account_jwt
|
860
1097
|
return SecretBackend(resource_name, opts=opts, __props__=__props__)
|
@@ -875,6 +1112,14 @@ class SecretBackend(pulumi.CustomResource):
|
|
875
1112
|
"""
|
876
1113
|
return pulumi.get(self, "allowed_managed_keys")
|
877
1114
|
|
1115
|
+
@property
|
1116
|
+
@pulumi.getter(name="allowedResponseHeaders")
|
1117
|
+
def allowed_response_headers(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
1118
|
+
"""
|
1119
|
+
List of headers to allow and pass from the request to the plugin
|
1120
|
+
"""
|
1121
|
+
return pulumi.get(self, "allowed_response_headers")
|
1122
|
+
|
878
1123
|
@property
|
879
1124
|
@pulumi.getter(name="auditNonHmacRequestKeys")
|
880
1125
|
def audit_non_hmac_request_keys(self) -> pulumi.Output[Sequence[str]]:
|
@@ -899,6 +1144,14 @@ class SecretBackend(pulumi.CustomResource):
|
|
899
1144
|
"""
|
900
1145
|
return pulumi.get(self, "default_lease_ttl_seconds")
|
901
1146
|
|
1147
|
+
@property
|
1148
|
+
@pulumi.getter(name="delegatedAuthAccessors")
|
1149
|
+
def delegated_auth_accessors(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
1150
|
+
"""
|
1151
|
+
List of headers to allow and pass from the request to the plugin
|
1152
|
+
"""
|
1153
|
+
return pulumi.get(self, "delegated_auth_accessors")
|
1154
|
+
|
902
1155
|
@property
|
903
1156
|
@pulumi.getter
|
904
1157
|
def description(self) -> pulumi.Output[Optional[str]]:
|
@@ -924,6 +1177,14 @@ class SecretBackend(pulumi.CustomResource):
|
|
924
1177
|
"""
|
925
1178
|
return pulumi.get(self, "external_entropy_access")
|
926
1179
|
|
1180
|
+
@property
|
1181
|
+
@pulumi.getter(name="identityTokenKey")
|
1182
|
+
def identity_token_key(self) -> pulumi.Output[Optional[str]]:
|
1183
|
+
"""
|
1184
|
+
The key to use for signing plugin workload identity tokens
|
1185
|
+
"""
|
1186
|
+
return pulumi.get(self, "identity_token_key")
|
1187
|
+
|
927
1188
|
@property
|
928
1189
|
@pulumi.getter(name="kubernetesCaCert")
|
929
1190
|
def kubernetes_ca_cert(self) -> pulumi.Output[Optional[str]]:
|
@@ -945,6 +1206,14 @@ class SecretBackend(pulumi.CustomResource):
|
|
945
1206
|
"""
|
946
1207
|
return pulumi.get(self, "kubernetes_host")
|
947
1208
|
|
1209
|
+
@property
|
1210
|
+
@pulumi.getter(name="listingVisibility")
|
1211
|
+
def listing_visibility(self) -> pulumi.Output[Optional[str]]:
|
1212
|
+
"""
|
1213
|
+
Specifies whether to show this mount in the UI-specific listing endpoint
|
1214
|
+
"""
|
1215
|
+
return pulumi.get(self, "listing_visibility")
|
1216
|
+
|
948
1217
|
@property
|
949
1218
|
@pulumi.getter
|
950
1219
|
def local(self) -> pulumi.Output[Optional[bool]]:
|
@@ -967,19 +1236,27 @@ class SecretBackend(pulumi.CustomResource):
|
|
967
1236
|
"""
|
968
1237
|
The namespace to provision the resource in.
|
969
1238
|
The value should not contain leading or trailing forward slashes.
|
970
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
1239
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
971
1240
|
*Available only for Vault Enterprise*.
|
972
1241
|
"""
|
973
1242
|
return pulumi.get(self, "namespace")
|
974
1243
|
|
975
1244
|
@property
|
976
1245
|
@pulumi.getter
|
977
|
-
def options(self) -> pulumi.Output[Optional[Mapping[str,
|
1246
|
+
def options(self) -> pulumi.Output[Optional[Mapping[str, str]]]:
|
978
1247
|
"""
|
979
1248
|
Specifies mount type specific options that are passed to the backend
|
980
1249
|
"""
|
981
1250
|
return pulumi.get(self, "options")
|
982
1251
|
|
1252
|
+
@property
|
1253
|
+
@pulumi.getter(name="passthroughRequestHeaders")
|
1254
|
+
def passthrough_request_headers(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
1255
|
+
"""
|
1256
|
+
List of headers to allow and pass from the request to the plugin
|
1257
|
+
"""
|
1258
|
+
return pulumi.get(self, "passthrough_request_headers")
|
1259
|
+
|
983
1260
|
@property
|
984
1261
|
@pulumi.getter
|
985
1262
|
def path(self) -> pulumi.Output[str]:
|
@@ -988,6 +1265,14 @@ class SecretBackend(pulumi.CustomResource):
|
|
988
1265
|
"""
|
989
1266
|
return pulumi.get(self, "path")
|
990
1267
|
|
1268
|
+
@property
|
1269
|
+
@pulumi.getter(name="pluginVersion")
|
1270
|
+
def plugin_version(self) -> pulumi.Output[Optional[str]]:
|
1271
|
+
"""
|
1272
|
+
Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
|
1273
|
+
"""
|
1274
|
+
return pulumi.get(self, "plugin_version")
|
1275
|
+
|
991
1276
|
@property
|
992
1277
|
@pulumi.getter(name="sealWrap")
|
993
1278
|
def seal_wrap(self) -> pulumi.Output[bool]:
|