pulumi-vault 5.21.0a1710160723__py3-none-any.whl → 6.5.0a1736836139__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +52 -0
- pulumi_vault/_inputs.py +560 -0
- pulumi_vault/_utilities.py +41 -5
- pulumi_vault/ad/get_access_credentials.py +22 -7
- pulumi_vault/ad/secret_backend.py +14 -144
- pulumi_vault/ad/secret_library.py +14 -11
- pulumi_vault/ad/secret_role.py +12 -11
- pulumi_vault/alicloud/auth_backend_role.py +74 -192
- pulumi_vault/approle/auth_backend_login.py +12 -11
- pulumi_vault/approle/auth_backend_role.py +75 -193
- pulumi_vault/approle/auth_backend_role_secret_id.py +106 -11
- pulumi_vault/approle/get_auth_backend_role_id.py +18 -9
- pulumi_vault/audit.py +24 -27
- pulumi_vault/audit_request_header.py +11 -6
- pulumi_vault/auth_backend.py +64 -12
- pulumi_vault/aws/auth_backend_cert.py +12 -7
- pulumi_vault/aws/auth_backend_client.py +265 -24
- pulumi_vault/aws/auth_backend_config_identity.py +12 -11
- pulumi_vault/aws/auth_backend_identity_whitelist.py +18 -17
- pulumi_vault/aws/auth_backend_login.py +19 -22
- pulumi_vault/aws/auth_backend_role.py +75 -193
- pulumi_vault/aws/auth_backend_role_tag.py +12 -7
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -17
- pulumi_vault/aws/auth_backend_sts_role.py +12 -11
- pulumi_vault/aws/get_access_credentials.py +34 -7
- pulumi_vault/aws/get_static_access_credentials.py +19 -5
- pulumi_vault/aws/secret_backend.py +75 -7
- pulumi_vault/aws/secret_backend_role.py +183 -11
- pulumi_vault/aws/secret_backend_static_role.py +14 -11
- pulumi_vault/azure/_inputs.py +24 -0
- pulumi_vault/azure/auth_backend_config.py +151 -17
- pulumi_vault/azure/auth_backend_role.py +75 -193
- pulumi_vault/azure/backend.py +223 -29
- pulumi_vault/azure/backend_role.py +42 -41
- pulumi_vault/azure/get_access_credentials.py +39 -11
- pulumi_vault/azure/outputs.py +5 -0
- pulumi_vault/cert_auth_backend_role.py +87 -271
- pulumi_vault/config/__init__.pyi +5 -0
- pulumi_vault/config/_inputs.py +73 -0
- pulumi_vault/config/outputs.py +35 -0
- pulumi_vault/config/ui_custom_message.py +529 -0
- pulumi_vault/config/vars.py +5 -0
- pulumi_vault/consul/secret_backend.py +22 -25
- pulumi_vault/consul/secret_backend_role.py +14 -80
- pulumi_vault/database/_inputs.py +2770 -881
- pulumi_vault/database/outputs.py +721 -838
- pulumi_vault/database/secret_backend_connection.py +117 -114
- pulumi_vault/database/secret_backend_role.py +29 -24
- pulumi_vault/database/secret_backend_static_role.py +85 -15
- pulumi_vault/database/secrets_mount.py +425 -138
- pulumi_vault/egp_policy.py +16 -15
- pulumi_vault/gcp/_inputs.py +111 -0
- pulumi_vault/gcp/auth_backend.py +248 -35
- pulumi_vault/gcp/auth_backend_role.py +75 -271
- pulumi_vault/gcp/get_auth_backend_role.py +43 -9
- pulumi_vault/gcp/outputs.py +5 -0
- pulumi_vault/gcp/secret_backend.py +287 -16
- pulumi_vault/gcp/secret_impersonated_account.py +74 -17
- pulumi_vault/gcp/secret_roleset.py +29 -26
- pulumi_vault/gcp/secret_static_account.py +37 -34
- pulumi_vault/generic/endpoint.py +22 -21
- pulumi_vault/generic/get_secret.py +68 -12
- pulumi_vault/generic/secret.py +19 -14
- pulumi_vault/get_auth_backend.py +24 -11
- pulumi_vault/get_auth_backends.py +33 -11
- pulumi_vault/get_namespace.py +226 -0
- pulumi_vault/get_namespaces.py +153 -0
- pulumi_vault/get_nomad_access_token.py +31 -15
- pulumi_vault/get_policy_document.py +34 -23
- pulumi_vault/get_raft_autopilot_state.py +29 -14
- pulumi_vault/github/_inputs.py +55 -0
- pulumi_vault/github/auth_backend.py +17 -16
- pulumi_vault/github/outputs.py +5 -0
- pulumi_vault/github/team.py +14 -13
- pulumi_vault/github/user.py +14 -13
- pulumi_vault/identity/entity.py +18 -15
- pulumi_vault/identity/entity_alias.py +18 -15
- pulumi_vault/identity/entity_policies.py +24 -19
- pulumi_vault/identity/get_entity.py +40 -14
- pulumi_vault/identity/get_group.py +45 -13
- pulumi_vault/identity/get_oidc_client_creds.py +21 -11
- pulumi_vault/identity/get_oidc_openid_config.py +39 -13
- pulumi_vault/identity/get_oidc_public_keys.py +29 -14
- pulumi_vault/identity/group.py +50 -49
- pulumi_vault/identity/group_alias.py +14 -11
- pulumi_vault/identity/group_member_entity_ids.py +24 -74
- pulumi_vault/identity/group_member_group_ids.py +36 -27
- pulumi_vault/identity/group_policies.py +16 -15
- pulumi_vault/identity/mfa_duo.py +9 -8
- pulumi_vault/identity/mfa_login_enforcement.py +13 -8
- pulumi_vault/identity/mfa_okta.py +9 -8
- pulumi_vault/identity/mfa_pingid.py +5 -4
- pulumi_vault/identity/mfa_totp.py +5 -4
- pulumi_vault/identity/oidc.py +12 -11
- pulumi_vault/identity/oidc_assignment.py +22 -13
- pulumi_vault/identity/oidc_client.py +34 -25
- pulumi_vault/identity/oidc_key.py +28 -19
- pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -19
- pulumi_vault/identity/oidc_provider.py +34 -23
- pulumi_vault/identity/oidc_role.py +40 -27
- pulumi_vault/identity/oidc_scope.py +18 -15
- pulumi_vault/identity/outputs.py +8 -3
- pulumi_vault/jwt/_inputs.py +55 -0
- pulumi_vault/jwt/auth_backend.py +39 -46
- pulumi_vault/jwt/auth_backend_role.py +131 -260
- pulumi_vault/jwt/outputs.py +5 -0
- pulumi_vault/kmip/secret_backend.py +22 -21
- pulumi_vault/kmip/secret_role.py +12 -11
- pulumi_vault/kmip/secret_scope.py +12 -11
- pulumi_vault/kubernetes/auth_backend_config.py +55 -7
- pulumi_vault/kubernetes/auth_backend_role.py +68 -179
- pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
- pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
- pulumi_vault/kubernetes/get_service_account_token.py +39 -15
- pulumi_vault/kubernetes/secret_backend.py +314 -29
- pulumi_vault/kubernetes/secret_backend_role.py +135 -56
- pulumi_vault/kv/_inputs.py +36 -4
- pulumi_vault/kv/get_secret.py +23 -12
- pulumi_vault/kv/get_secret_subkeys_v2.py +31 -14
- pulumi_vault/kv/get_secret_v2.py +89 -9
- pulumi_vault/kv/get_secrets_list.py +22 -15
- pulumi_vault/kv/get_secrets_list_v2.py +35 -19
- pulumi_vault/kv/outputs.py +8 -3
- pulumi_vault/kv/secret.py +19 -18
- pulumi_vault/kv/secret_backend_v2.py +12 -11
- pulumi_vault/kv/secret_v2.py +55 -52
- pulumi_vault/ldap/auth_backend.py +125 -168
- pulumi_vault/ldap/auth_backend_group.py +12 -11
- pulumi_vault/ldap/auth_backend_user.py +12 -11
- pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
- pulumi_vault/ldap/get_static_credentials.py +24 -5
- pulumi_vault/ldap/secret_backend.py +352 -84
- pulumi_vault/ldap/secret_backend_dynamic_role.py +12 -11
- pulumi_vault/ldap/secret_backend_library_set.py +14 -11
- pulumi_vault/ldap/secret_backend_static_role.py +67 -12
- pulumi_vault/managed/_inputs.py +289 -132
- pulumi_vault/managed/keys.py +27 -43
- pulumi_vault/managed/outputs.py +89 -132
- pulumi_vault/mfa_duo.py +16 -13
- pulumi_vault/mfa_okta.py +16 -13
- pulumi_vault/mfa_pingid.py +16 -13
- pulumi_vault/mfa_totp.py +22 -19
- pulumi_vault/mongodbatlas/secret_backend.py +18 -17
- pulumi_vault/mongodbatlas/secret_role.py +41 -38
- pulumi_vault/mount.py +389 -65
- pulumi_vault/namespace.py +26 -21
- pulumi_vault/nomad_secret_backend.py +16 -15
- pulumi_vault/nomad_secret_role.py +12 -11
- pulumi_vault/okta/_inputs.py +47 -8
- pulumi_vault/okta/auth_backend.py +483 -41
- pulumi_vault/okta/auth_backend_group.py +12 -11
- pulumi_vault/okta/auth_backend_user.py +12 -11
- pulumi_vault/okta/outputs.py +13 -8
- pulumi_vault/outputs.py +5 -0
- pulumi_vault/password_policy.py +18 -15
- pulumi_vault/pkisecret/__init__.py +3 -0
- pulumi_vault/pkisecret/_inputs.py +81 -0
- pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
- pulumi_vault/pkisecret/backend_config_est.py +619 -0
- pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
- pulumi_vault/pkisecret/get_backend_issuer.py +63 -7
- pulumi_vault/pkisecret/get_backend_issuers.py +21 -12
- pulumi_vault/pkisecret/get_backend_key.py +24 -13
- pulumi_vault/pkisecret/get_backend_keys.py +21 -12
- pulumi_vault/pkisecret/outputs.py +69 -0
- pulumi_vault/pkisecret/secret_backend_cert.py +18 -15
- pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -15
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +12 -11
- pulumi_vault/pkisecret/secret_backend_config_urls.py +59 -11
- pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -13
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -15
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -21
- pulumi_vault/pkisecret/secret_backend_issuer.py +12 -11
- pulumi_vault/pkisecret/secret_backend_key.py +12 -7
- pulumi_vault/pkisecret/secret_backend_role.py +19 -16
- pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -52
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -62
- pulumi_vault/pkisecret/secret_backend_sign.py +18 -60
- pulumi_vault/plugin.py +595 -0
- pulumi_vault/plugin_pinned_version.py +298 -0
- pulumi_vault/policy.py +12 -7
- pulumi_vault/provider.py +48 -53
- pulumi_vault/pulumi-plugin.json +2 -1
- pulumi_vault/quota_lease_count.py +58 -8
- pulumi_vault/quota_rate_limit.py +54 -4
- pulumi_vault/rabbitmq/_inputs.py +61 -0
- pulumi_vault/rabbitmq/outputs.py +5 -0
- pulumi_vault/rabbitmq/secret_backend.py +16 -15
- pulumi_vault/rabbitmq/secret_backend_role.py +52 -49
- pulumi_vault/raft_autopilot.py +12 -11
- pulumi_vault/raft_snapshot_agent_config.py +121 -311
- pulumi_vault/rgp_policy.py +14 -13
- pulumi_vault/saml/auth_backend.py +20 -19
- pulumi_vault/saml/auth_backend_role.py +90 -199
- pulumi_vault/secrets/__init__.py +3 -0
- pulumi_vault/secrets/_inputs.py +110 -0
- pulumi_vault/secrets/outputs.py +94 -0
- pulumi_vault/secrets/sync_association.py +56 -75
- pulumi_vault/secrets/sync_aws_destination.py +240 -29
- pulumi_vault/secrets/sync_azure_destination.py +90 -33
- pulumi_vault/secrets/sync_config.py +7 -6
- pulumi_vault/secrets/sync_gcp_destination.py +156 -27
- pulumi_vault/secrets/sync_gh_destination.py +187 -15
- pulumi_vault/secrets/sync_github_apps.py +375 -0
- pulumi_vault/secrets/sync_vercel_destination.py +72 -15
- pulumi_vault/ssh/_inputs.py +28 -32
- pulumi_vault/ssh/outputs.py +11 -32
- pulumi_vault/ssh/secret_backend_ca.py +106 -11
- pulumi_vault/ssh/secret_backend_role.py +83 -120
- pulumi_vault/terraformcloud/secret_backend.py +5 -56
- pulumi_vault/terraformcloud/secret_creds.py +14 -24
- pulumi_vault/terraformcloud/secret_role.py +14 -76
- pulumi_vault/token.py +26 -25
- pulumi_vault/tokenauth/auth_backend_role.py +76 -201
- pulumi_vault/transform/alphabet.py +16 -13
- pulumi_vault/transform/get_decode.py +45 -21
- pulumi_vault/transform/get_encode.py +45 -21
- pulumi_vault/transform/role.py +16 -13
- pulumi_vault/transform/template.py +30 -25
- pulumi_vault/transform/transformation.py +12 -7
- pulumi_vault/transit/get_decrypt.py +26 -25
- pulumi_vault/transit/get_encrypt.py +24 -19
- pulumi_vault/transit/secret_backend_key.py +25 -97
- pulumi_vault/transit/secret_cache_config.py +12 -11
- {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/METADATA +8 -7
- pulumi_vault-6.5.0a1736836139.dist-info/RECORD +256 -0
- {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/WHEEL +1 -1
- pulumi_vault-5.21.0a1710160723.dist-info/RECORD +0 -244
- {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/top_level.txt +0 -0
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
|
12
17
|
__all__ = ['SecretBackendRoleArgs', 'SecretBackendRole']
|
@@ -14,8 +19,9 @@ __all__ = ['SecretBackendRoleArgs', 'SecretBackendRole']
|
|
14
19
|
@pulumi.input_type
|
15
20
|
class SecretBackendRoleArgs:
|
16
21
|
def __init__(__self__, *,
|
17
|
-
allowed_kubernetes_namespaces: pulumi.Input[Sequence[pulumi.Input[str]]],
|
18
22
|
backend: pulumi.Input[str],
|
23
|
+
allowed_kubernetes_namespace_selector: Optional[pulumi.Input[str]] = None,
|
24
|
+
allowed_kubernetes_namespaces: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
19
25
|
extra_annotations: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
20
26
|
extra_labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
21
27
|
generated_role_rules: Optional[pulumi.Input[str]] = None,
|
@@ -29,10 +35,15 @@ class SecretBackendRoleArgs:
|
|
29
35
|
token_max_ttl: Optional[pulumi.Input[int]] = None):
|
30
36
|
"""
|
31
37
|
The set of arguments for constructing a SecretBackendRole resource.
|
32
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_kubernetes_namespaces: The list of Kubernetes namespaces this role
|
33
|
-
can generate credentials for. If set to `*` all namespaces are allowed.
|
34
38
|
:param pulumi.Input[str] backend: The path of the Kubernetes Secrets Engine backend mount to create
|
35
39
|
the role in.
|
40
|
+
:param pulumi.Input[str] allowed_kubernetes_namespace_selector: A label selector for Kubernetes namespaces
|
41
|
+
in which credentials can be generated. Accepts either a JSON or YAML object. The value should be
|
42
|
+
of type [LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#labelselector-v1-meta).
|
43
|
+
If set with `allowed_kubernetes_namespace`, the conditions are `OR`ed.
|
44
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_kubernetes_namespaces: The list of Kubernetes namespaces this role
|
45
|
+
can generate credentials for. If set to `*` all namespaces are allowed. If set with
|
46
|
+
`allowed_kubernetes_namespace_selector`, the conditions are `OR`ed.
|
36
47
|
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] extra_annotations: Additional annotations to apply to all generated
|
37
48
|
Kubernetes objects.
|
38
49
|
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] extra_labels: Additional labels to apply to all generated Kubernetes
|
@@ -54,7 +65,7 @@ class SecretBackendRoleArgs:
|
|
54
65
|
roles and role bindings. If unset, a default template is used.
|
55
66
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
56
67
|
The value should not contain leading or trailing forward slashes.
|
57
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
68
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
58
69
|
*Available only for Vault Enterprise*.
|
59
70
|
:param pulumi.Input[str] service_account_name: The pre-existing service account to generate tokens for.
|
60
71
|
Mutually exclusive with `kubernetes_role_name` and `generated_role_rules`. If set, only a
|
@@ -62,8 +73,11 @@ class SecretBackendRoleArgs:
|
|
62
73
|
:param pulumi.Input[int] token_default_ttl: The default TTL for generated Kubernetes tokens in seconds.
|
63
74
|
:param pulumi.Input[int] token_max_ttl: The maximum TTL for generated Kubernetes tokens in seconds.
|
64
75
|
"""
|
65
|
-
pulumi.set(__self__, "allowed_kubernetes_namespaces", allowed_kubernetes_namespaces)
|
66
76
|
pulumi.set(__self__, "backend", backend)
|
77
|
+
if allowed_kubernetes_namespace_selector is not None:
|
78
|
+
pulumi.set(__self__, "allowed_kubernetes_namespace_selector", allowed_kubernetes_namespace_selector)
|
79
|
+
if allowed_kubernetes_namespaces is not None:
|
80
|
+
pulumi.set(__self__, "allowed_kubernetes_namespaces", allowed_kubernetes_namespaces)
|
67
81
|
if extra_annotations is not None:
|
68
82
|
pulumi.set(__self__, "extra_annotations", extra_annotations)
|
69
83
|
if extra_labels is not None:
|
@@ -87,19 +101,6 @@ class SecretBackendRoleArgs:
|
|
87
101
|
if token_max_ttl is not None:
|
88
102
|
pulumi.set(__self__, "token_max_ttl", token_max_ttl)
|
89
103
|
|
90
|
-
@property
|
91
|
-
@pulumi.getter(name="allowedKubernetesNamespaces")
|
92
|
-
def allowed_kubernetes_namespaces(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]:
|
93
|
-
"""
|
94
|
-
The list of Kubernetes namespaces this role
|
95
|
-
can generate credentials for. If set to `*` all namespaces are allowed.
|
96
|
-
"""
|
97
|
-
return pulumi.get(self, "allowed_kubernetes_namespaces")
|
98
|
-
|
99
|
-
@allowed_kubernetes_namespaces.setter
|
100
|
-
def allowed_kubernetes_namespaces(self, value: pulumi.Input[Sequence[pulumi.Input[str]]]):
|
101
|
-
pulumi.set(self, "allowed_kubernetes_namespaces", value)
|
102
|
-
|
103
104
|
@property
|
104
105
|
@pulumi.getter
|
105
106
|
def backend(self) -> pulumi.Input[str]:
|
@@ -113,6 +114,35 @@ class SecretBackendRoleArgs:
|
|
113
114
|
def backend(self, value: pulumi.Input[str]):
|
114
115
|
pulumi.set(self, "backend", value)
|
115
116
|
|
117
|
+
@property
|
118
|
+
@pulumi.getter(name="allowedKubernetesNamespaceSelector")
|
119
|
+
def allowed_kubernetes_namespace_selector(self) -> Optional[pulumi.Input[str]]:
|
120
|
+
"""
|
121
|
+
A label selector for Kubernetes namespaces
|
122
|
+
in which credentials can be generated. Accepts either a JSON or YAML object. The value should be
|
123
|
+
of type [LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#labelselector-v1-meta).
|
124
|
+
If set with `allowed_kubernetes_namespace`, the conditions are `OR`ed.
|
125
|
+
"""
|
126
|
+
return pulumi.get(self, "allowed_kubernetes_namespace_selector")
|
127
|
+
|
128
|
+
@allowed_kubernetes_namespace_selector.setter
|
129
|
+
def allowed_kubernetes_namespace_selector(self, value: Optional[pulumi.Input[str]]):
|
130
|
+
pulumi.set(self, "allowed_kubernetes_namespace_selector", value)
|
131
|
+
|
132
|
+
@property
|
133
|
+
@pulumi.getter(name="allowedKubernetesNamespaces")
|
134
|
+
def allowed_kubernetes_namespaces(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
135
|
+
"""
|
136
|
+
The list of Kubernetes namespaces this role
|
137
|
+
can generate credentials for. If set to `*` all namespaces are allowed. If set with
|
138
|
+
`allowed_kubernetes_namespace_selector`, the conditions are `OR`ed.
|
139
|
+
"""
|
140
|
+
return pulumi.get(self, "allowed_kubernetes_namespaces")
|
141
|
+
|
142
|
+
@allowed_kubernetes_namespaces.setter
|
143
|
+
def allowed_kubernetes_namespaces(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
144
|
+
pulumi.set(self, "allowed_kubernetes_namespaces", value)
|
145
|
+
|
116
146
|
@property
|
117
147
|
@pulumi.getter(name="extraAnnotations")
|
118
148
|
def extra_annotations(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
|
@@ -215,7 +245,7 @@ class SecretBackendRoleArgs:
|
|
215
245
|
"""
|
216
246
|
The namespace to provision the resource in.
|
217
247
|
The value should not contain leading or trailing forward slashes.
|
218
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
248
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
219
249
|
*Available only for Vault Enterprise*.
|
220
250
|
"""
|
221
251
|
return pulumi.get(self, "namespace")
|
@@ -266,6 +296,7 @@ class SecretBackendRoleArgs:
|
|
266
296
|
@pulumi.input_type
|
267
297
|
class _SecretBackendRoleState:
|
268
298
|
def __init__(__self__, *,
|
299
|
+
allowed_kubernetes_namespace_selector: Optional[pulumi.Input[str]] = None,
|
269
300
|
allowed_kubernetes_namespaces: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
270
301
|
backend: Optional[pulumi.Input[str]] = None,
|
271
302
|
extra_annotations: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
@@ -281,8 +312,13 @@ class _SecretBackendRoleState:
|
|
281
312
|
token_max_ttl: Optional[pulumi.Input[int]] = None):
|
282
313
|
"""
|
283
314
|
Input properties used for looking up and filtering SecretBackendRole resources.
|
315
|
+
:param pulumi.Input[str] allowed_kubernetes_namespace_selector: A label selector for Kubernetes namespaces
|
316
|
+
in which credentials can be generated. Accepts either a JSON or YAML object. The value should be
|
317
|
+
of type [LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#labelselector-v1-meta).
|
318
|
+
If set with `allowed_kubernetes_namespace`, the conditions are `OR`ed.
|
284
319
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_kubernetes_namespaces: The list of Kubernetes namespaces this role
|
285
|
-
can generate credentials for. If set to `*` all namespaces are allowed.
|
320
|
+
can generate credentials for. If set to `*` all namespaces are allowed. If set with
|
321
|
+
`allowed_kubernetes_namespace_selector`, the conditions are `OR`ed.
|
286
322
|
:param pulumi.Input[str] backend: The path of the Kubernetes Secrets Engine backend mount to create
|
287
323
|
the role in.
|
288
324
|
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] extra_annotations: Additional annotations to apply to all generated
|
@@ -306,7 +342,7 @@ class _SecretBackendRoleState:
|
|
306
342
|
roles and role bindings. If unset, a default template is used.
|
307
343
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
308
344
|
The value should not contain leading or trailing forward slashes.
|
309
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
345
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
310
346
|
*Available only for Vault Enterprise*.
|
311
347
|
:param pulumi.Input[str] service_account_name: The pre-existing service account to generate tokens for.
|
312
348
|
Mutually exclusive with `kubernetes_role_name` and `generated_role_rules`. If set, only a
|
@@ -314,6 +350,8 @@ class _SecretBackendRoleState:
|
|
314
350
|
:param pulumi.Input[int] token_default_ttl: The default TTL for generated Kubernetes tokens in seconds.
|
315
351
|
:param pulumi.Input[int] token_max_ttl: The maximum TTL for generated Kubernetes tokens in seconds.
|
316
352
|
"""
|
353
|
+
if allowed_kubernetes_namespace_selector is not None:
|
354
|
+
pulumi.set(__self__, "allowed_kubernetes_namespace_selector", allowed_kubernetes_namespace_selector)
|
317
355
|
if allowed_kubernetes_namespaces is not None:
|
318
356
|
pulumi.set(__self__, "allowed_kubernetes_namespaces", allowed_kubernetes_namespaces)
|
319
357
|
if backend is not None:
|
@@ -341,12 +379,28 @@ class _SecretBackendRoleState:
|
|
341
379
|
if token_max_ttl is not None:
|
342
380
|
pulumi.set(__self__, "token_max_ttl", token_max_ttl)
|
343
381
|
|
382
|
+
@property
|
383
|
+
@pulumi.getter(name="allowedKubernetesNamespaceSelector")
|
384
|
+
def allowed_kubernetes_namespace_selector(self) -> Optional[pulumi.Input[str]]:
|
385
|
+
"""
|
386
|
+
A label selector for Kubernetes namespaces
|
387
|
+
in which credentials can be generated. Accepts either a JSON or YAML object. The value should be
|
388
|
+
of type [LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#labelselector-v1-meta).
|
389
|
+
If set with `allowed_kubernetes_namespace`, the conditions are `OR`ed.
|
390
|
+
"""
|
391
|
+
return pulumi.get(self, "allowed_kubernetes_namespace_selector")
|
392
|
+
|
393
|
+
@allowed_kubernetes_namespace_selector.setter
|
394
|
+
def allowed_kubernetes_namespace_selector(self, value: Optional[pulumi.Input[str]]):
|
395
|
+
pulumi.set(self, "allowed_kubernetes_namespace_selector", value)
|
396
|
+
|
344
397
|
@property
|
345
398
|
@pulumi.getter(name="allowedKubernetesNamespaces")
|
346
399
|
def allowed_kubernetes_namespaces(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
347
400
|
"""
|
348
401
|
The list of Kubernetes namespaces this role
|
349
|
-
can generate credentials for. If set to `*` all namespaces are allowed.
|
402
|
+
can generate credentials for. If set to `*` all namespaces are allowed. If set with
|
403
|
+
`allowed_kubernetes_namespace_selector`, the conditions are `OR`ed.
|
350
404
|
"""
|
351
405
|
return pulumi.get(self, "allowed_kubernetes_namespaces")
|
352
406
|
|
@@ -469,7 +523,7 @@ class _SecretBackendRoleState:
|
|
469
523
|
"""
|
470
524
|
The namespace to provision the resource in.
|
471
525
|
The value should not contain leading or trailing forward slashes.
|
472
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
526
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
473
527
|
*Available only for Vault Enterprise*.
|
474
528
|
"""
|
475
529
|
return pulumi.get(self, "namespace")
|
@@ -522,6 +576,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
522
576
|
def __init__(__self__,
|
523
577
|
resource_name: str,
|
524
578
|
opts: Optional[pulumi.ResourceOptions] = None,
|
579
|
+
allowed_kubernetes_namespace_selector: Optional[pulumi.Input[str]] = None,
|
525
580
|
allowed_kubernetes_namespaces: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
526
581
|
backend: Optional[pulumi.Input[str]] = None,
|
527
582
|
extra_annotations: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
@@ -541,20 +596,21 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
541
596
|
|
542
597
|
Example using `service_account_name` mode:
|
543
598
|
|
544
|
-
<!--Start PulumiCodeChooser -->
|
545
599
|
```python
|
546
600
|
import pulumi
|
601
|
+
import pulumi_std as std
|
547
602
|
import pulumi_vault as vault
|
548
603
|
|
549
604
|
config = vault.kubernetes.SecretBackend("config",
|
550
605
|
path="kubernetes",
|
551
606
|
description="kubernetes secrets engine description",
|
552
607
|
kubernetes_host="https://127.0.0.1:61233",
|
553
|
-
kubernetes_ca_cert=
|
554
|
-
service_account_jwt=
|
608
|
+
kubernetes_ca_cert=std.file(input="/path/to/cert").result,
|
609
|
+
service_account_jwt=std.file(input="/path/to/token").result,
|
555
610
|
disable_local_ca_jwt=False)
|
556
611
|
sa_example = vault.kubernetes.SecretBackendRole("sa-example",
|
557
612
|
backend=config.path,
|
613
|
+
name="service-account-name-role",
|
558
614
|
allowed_kubernetes_namespaces=["*"],
|
559
615
|
token_max_ttl=43200,
|
560
616
|
token_default_ttl=21600,
|
@@ -568,24 +624,24 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
568
624
|
"location": "earth",
|
569
625
|
})
|
570
626
|
```
|
571
|
-
<!--End PulumiCodeChooser -->
|
572
627
|
|
573
628
|
Example using `kubernetes_role_name` mode:
|
574
629
|
|
575
|
-
<!--Start PulumiCodeChooser -->
|
576
630
|
```python
|
577
631
|
import pulumi
|
632
|
+
import pulumi_std as std
|
578
633
|
import pulumi_vault as vault
|
579
634
|
|
580
635
|
config = vault.kubernetes.SecretBackend("config",
|
581
636
|
path="kubernetes",
|
582
637
|
description="kubernetes secrets engine description",
|
583
638
|
kubernetes_host="https://127.0.0.1:61233",
|
584
|
-
kubernetes_ca_cert=
|
585
|
-
service_account_jwt=
|
639
|
+
kubernetes_ca_cert=std.file(input="/path/to/cert").result,
|
640
|
+
service_account_jwt=std.file(input="/path/to/token").result,
|
586
641
|
disable_local_ca_jwt=False)
|
587
642
|
name_example = vault.kubernetes.SecretBackendRole("name-example",
|
588
643
|
backend=config.path,
|
644
|
+
name="service-account-name-role",
|
589
645
|
allowed_kubernetes_namespaces=["*"],
|
590
646
|
token_max_ttl=43200,
|
591
647
|
token_default_ttl=21600,
|
@@ -599,24 +655,24 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
599
655
|
"location": "earth",
|
600
656
|
})
|
601
657
|
```
|
602
|
-
<!--End PulumiCodeChooser -->
|
603
658
|
|
604
659
|
Example using `generated_role_rules` mode:
|
605
660
|
|
606
|
-
<!--Start PulumiCodeChooser -->
|
607
661
|
```python
|
608
662
|
import pulumi
|
663
|
+
import pulumi_std as std
|
609
664
|
import pulumi_vault as vault
|
610
665
|
|
611
666
|
config = vault.kubernetes.SecretBackend("config",
|
612
667
|
path="kubernetes",
|
613
668
|
description="kubernetes secrets engine description",
|
614
669
|
kubernetes_host="https://127.0.0.1:61233",
|
615
|
-
kubernetes_ca_cert=
|
616
|
-
service_account_jwt=
|
670
|
+
kubernetes_ca_cert=std.file(input="/path/to/cert").result,
|
671
|
+
service_account_jwt=std.file(input="/path/to/token").result,
|
617
672
|
disable_local_ca_jwt=False)
|
618
673
|
rules_example = vault.kubernetes.SecretBackendRole("rules-example",
|
619
674
|
backend=config.path,
|
675
|
+
name="service-account-name-role",
|
620
676
|
allowed_kubernetes_namespaces=["*"],
|
621
677
|
token_max_ttl=43200,
|
622
678
|
token_default_ttl=21600,
|
@@ -635,7 +691,6 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
635
691
|
"location": "earth",
|
636
692
|
})
|
637
693
|
```
|
638
|
-
<!--End PulumiCodeChooser -->
|
639
694
|
|
640
695
|
## Import
|
641
696
|
|
@@ -649,8 +704,13 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
649
704
|
|
650
705
|
:param str resource_name: The name of the resource.
|
651
706
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
707
|
+
:param pulumi.Input[str] allowed_kubernetes_namespace_selector: A label selector for Kubernetes namespaces
|
708
|
+
in which credentials can be generated. Accepts either a JSON or YAML object. The value should be
|
709
|
+
of type [LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#labelselector-v1-meta).
|
710
|
+
If set with `allowed_kubernetes_namespace`, the conditions are `OR`ed.
|
652
711
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_kubernetes_namespaces: The list of Kubernetes namespaces this role
|
653
|
-
can generate credentials for. If set to `*` all namespaces are allowed.
|
712
|
+
can generate credentials for. If set to `*` all namespaces are allowed. If set with
|
713
|
+
`allowed_kubernetes_namespace_selector`, the conditions are `OR`ed.
|
654
714
|
:param pulumi.Input[str] backend: The path of the Kubernetes Secrets Engine backend mount to create
|
655
715
|
the role in.
|
656
716
|
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] extra_annotations: Additional annotations to apply to all generated
|
@@ -674,7 +734,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
674
734
|
roles and role bindings. If unset, a default template is used.
|
675
735
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
676
736
|
The value should not contain leading or trailing forward slashes.
|
677
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
737
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
678
738
|
*Available only for Vault Enterprise*.
|
679
739
|
:param pulumi.Input[str] service_account_name: The pre-existing service account to generate tokens for.
|
680
740
|
Mutually exclusive with `kubernetes_role_name` and `generated_role_rules`. If set, only a
|
@@ -693,20 +753,21 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
693
753
|
|
694
754
|
Example using `service_account_name` mode:
|
695
755
|
|
696
|
-
<!--Start PulumiCodeChooser -->
|
697
756
|
```python
|
698
757
|
import pulumi
|
758
|
+
import pulumi_std as std
|
699
759
|
import pulumi_vault as vault
|
700
760
|
|
701
761
|
config = vault.kubernetes.SecretBackend("config",
|
702
762
|
path="kubernetes",
|
703
763
|
description="kubernetes secrets engine description",
|
704
764
|
kubernetes_host="https://127.0.0.1:61233",
|
705
|
-
kubernetes_ca_cert=
|
706
|
-
service_account_jwt=
|
765
|
+
kubernetes_ca_cert=std.file(input="/path/to/cert").result,
|
766
|
+
service_account_jwt=std.file(input="/path/to/token").result,
|
707
767
|
disable_local_ca_jwt=False)
|
708
768
|
sa_example = vault.kubernetes.SecretBackendRole("sa-example",
|
709
769
|
backend=config.path,
|
770
|
+
name="service-account-name-role",
|
710
771
|
allowed_kubernetes_namespaces=["*"],
|
711
772
|
token_max_ttl=43200,
|
712
773
|
token_default_ttl=21600,
|
@@ -720,24 +781,24 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
720
781
|
"location": "earth",
|
721
782
|
})
|
722
783
|
```
|
723
|
-
<!--End PulumiCodeChooser -->
|
724
784
|
|
725
785
|
Example using `kubernetes_role_name` mode:
|
726
786
|
|
727
|
-
<!--Start PulumiCodeChooser -->
|
728
787
|
```python
|
729
788
|
import pulumi
|
789
|
+
import pulumi_std as std
|
730
790
|
import pulumi_vault as vault
|
731
791
|
|
732
792
|
config = vault.kubernetes.SecretBackend("config",
|
733
793
|
path="kubernetes",
|
734
794
|
description="kubernetes secrets engine description",
|
735
795
|
kubernetes_host="https://127.0.0.1:61233",
|
736
|
-
kubernetes_ca_cert=
|
737
|
-
service_account_jwt=
|
796
|
+
kubernetes_ca_cert=std.file(input="/path/to/cert").result,
|
797
|
+
service_account_jwt=std.file(input="/path/to/token").result,
|
738
798
|
disable_local_ca_jwt=False)
|
739
799
|
name_example = vault.kubernetes.SecretBackendRole("name-example",
|
740
800
|
backend=config.path,
|
801
|
+
name="service-account-name-role",
|
741
802
|
allowed_kubernetes_namespaces=["*"],
|
742
803
|
token_max_ttl=43200,
|
743
804
|
token_default_ttl=21600,
|
@@ -751,24 +812,24 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
751
812
|
"location": "earth",
|
752
813
|
})
|
753
814
|
```
|
754
|
-
<!--End PulumiCodeChooser -->
|
755
815
|
|
756
816
|
Example using `generated_role_rules` mode:
|
757
817
|
|
758
|
-
<!--Start PulumiCodeChooser -->
|
759
818
|
```python
|
760
819
|
import pulumi
|
820
|
+
import pulumi_std as std
|
761
821
|
import pulumi_vault as vault
|
762
822
|
|
763
823
|
config = vault.kubernetes.SecretBackend("config",
|
764
824
|
path="kubernetes",
|
765
825
|
description="kubernetes secrets engine description",
|
766
826
|
kubernetes_host="https://127.0.0.1:61233",
|
767
|
-
kubernetes_ca_cert=
|
768
|
-
service_account_jwt=
|
827
|
+
kubernetes_ca_cert=std.file(input="/path/to/cert").result,
|
828
|
+
service_account_jwt=std.file(input="/path/to/token").result,
|
769
829
|
disable_local_ca_jwt=False)
|
770
830
|
rules_example = vault.kubernetes.SecretBackendRole("rules-example",
|
771
831
|
backend=config.path,
|
832
|
+
name="service-account-name-role",
|
772
833
|
allowed_kubernetes_namespaces=["*"],
|
773
834
|
token_max_ttl=43200,
|
774
835
|
token_default_ttl=21600,
|
@@ -787,7 +848,6 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
787
848
|
"location": "earth",
|
788
849
|
})
|
789
850
|
```
|
790
|
-
<!--End PulumiCodeChooser -->
|
791
851
|
|
792
852
|
## Import
|
793
853
|
|
@@ -814,6 +874,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
814
874
|
def _internal_init(__self__,
|
815
875
|
resource_name: str,
|
816
876
|
opts: Optional[pulumi.ResourceOptions] = None,
|
877
|
+
allowed_kubernetes_namespace_selector: Optional[pulumi.Input[str]] = None,
|
817
878
|
allowed_kubernetes_namespaces: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
818
879
|
backend: Optional[pulumi.Input[str]] = None,
|
819
880
|
extra_annotations: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
@@ -836,8 +897,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
836
897
|
raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource')
|
837
898
|
__props__ = SecretBackendRoleArgs.__new__(SecretBackendRoleArgs)
|
838
899
|
|
839
|
-
|
840
|
-
raise TypeError("Missing required property 'allowed_kubernetes_namespaces'")
|
900
|
+
__props__.__dict__["allowed_kubernetes_namespace_selector"] = allowed_kubernetes_namespace_selector
|
841
901
|
__props__.__dict__["allowed_kubernetes_namespaces"] = allowed_kubernetes_namespaces
|
842
902
|
if backend is None and not opts.urn:
|
843
903
|
raise TypeError("Missing required property 'backend'")
|
@@ -863,6 +923,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
863
923
|
def get(resource_name: str,
|
864
924
|
id: pulumi.Input[str],
|
865
925
|
opts: Optional[pulumi.ResourceOptions] = None,
|
926
|
+
allowed_kubernetes_namespace_selector: Optional[pulumi.Input[str]] = None,
|
866
927
|
allowed_kubernetes_namespaces: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
867
928
|
backend: Optional[pulumi.Input[str]] = None,
|
868
929
|
extra_annotations: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
@@ -883,8 +944,13 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
883
944
|
:param str resource_name: The unique name of the resulting resource.
|
884
945
|
:param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
|
885
946
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
947
|
+
:param pulumi.Input[str] allowed_kubernetes_namespace_selector: A label selector for Kubernetes namespaces
|
948
|
+
in which credentials can be generated. Accepts either a JSON or YAML object. The value should be
|
949
|
+
of type [LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#labelselector-v1-meta).
|
950
|
+
If set with `allowed_kubernetes_namespace`, the conditions are `OR`ed.
|
886
951
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_kubernetes_namespaces: The list of Kubernetes namespaces this role
|
887
|
-
can generate credentials for. If set to `*` all namespaces are allowed.
|
952
|
+
can generate credentials for. If set to `*` all namespaces are allowed. If set with
|
953
|
+
`allowed_kubernetes_namespace_selector`, the conditions are `OR`ed.
|
888
954
|
:param pulumi.Input[str] backend: The path of the Kubernetes Secrets Engine backend mount to create
|
889
955
|
the role in.
|
890
956
|
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] extra_annotations: Additional annotations to apply to all generated
|
@@ -908,7 +974,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
908
974
|
roles and role bindings. If unset, a default template is used.
|
909
975
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
910
976
|
The value should not contain leading or trailing forward slashes.
|
911
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
977
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
912
978
|
*Available only for Vault Enterprise*.
|
913
979
|
:param pulumi.Input[str] service_account_name: The pre-existing service account to generate tokens for.
|
914
980
|
Mutually exclusive with `kubernetes_role_name` and `generated_role_rules`. If set, only a
|
@@ -920,6 +986,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
920
986
|
|
921
987
|
__props__ = _SecretBackendRoleState.__new__(_SecretBackendRoleState)
|
922
988
|
|
989
|
+
__props__.__dict__["allowed_kubernetes_namespace_selector"] = allowed_kubernetes_namespace_selector
|
923
990
|
__props__.__dict__["allowed_kubernetes_namespaces"] = allowed_kubernetes_namespaces
|
924
991
|
__props__.__dict__["backend"] = backend
|
925
992
|
__props__.__dict__["extra_annotations"] = extra_annotations
|
@@ -935,12 +1002,24 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
935
1002
|
__props__.__dict__["token_max_ttl"] = token_max_ttl
|
936
1003
|
return SecretBackendRole(resource_name, opts=opts, __props__=__props__)
|
937
1004
|
|
1005
|
+
@property
|
1006
|
+
@pulumi.getter(name="allowedKubernetesNamespaceSelector")
|
1007
|
+
def allowed_kubernetes_namespace_selector(self) -> pulumi.Output[Optional[str]]:
|
1008
|
+
"""
|
1009
|
+
A label selector for Kubernetes namespaces
|
1010
|
+
in which credentials can be generated. Accepts either a JSON or YAML object. The value should be
|
1011
|
+
of type [LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#labelselector-v1-meta).
|
1012
|
+
If set with `allowed_kubernetes_namespace`, the conditions are `OR`ed.
|
1013
|
+
"""
|
1014
|
+
return pulumi.get(self, "allowed_kubernetes_namespace_selector")
|
1015
|
+
|
938
1016
|
@property
|
939
1017
|
@pulumi.getter(name="allowedKubernetesNamespaces")
|
940
|
-
def allowed_kubernetes_namespaces(self) -> pulumi.Output[Sequence[str]]:
|
1018
|
+
def allowed_kubernetes_namespaces(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
941
1019
|
"""
|
942
1020
|
The list of Kubernetes namespaces this role
|
943
|
-
can generate credentials for. If set to `*` all namespaces are allowed.
|
1021
|
+
can generate credentials for. If set to `*` all namespaces are allowed. If set with
|
1022
|
+
`allowed_kubernetes_namespace_selector`, the conditions are `OR`ed.
|
944
1023
|
"""
|
945
1024
|
return pulumi.get(self, "allowed_kubernetes_namespaces")
|
946
1025
|
|
@@ -1027,7 +1106,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1027
1106
|
"""
|
1028
1107
|
The namespace to provision the resource in.
|
1029
1108
|
The value should not contain leading or trailing forward slashes.
|
1030
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
1109
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
1031
1110
|
*Available only for Vault Enterprise*.
|
1032
1111
|
"""
|
1033
1112
|
return pulumi.get(self, "namespace")
|
pulumi_vault/kv/_inputs.py
CHANGED
@@ -4,25 +4,57 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
|
12
17
|
__all__ = [
|
13
18
|
'SecretV2CustomMetadataArgs',
|
19
|
+
'SecretV2CustomMetadataArgsDict',
|
14
20
|
]
|
15
21
|
|
22
|
+
MYPY = False
|
23
|
+
|
24
|
+
if not MYPY:
|
25
|
+
class SecretV2CustomMetadataArgsDict(TypedDict):
|
26
|
+
cas_required: NotRequired[pulumi.Input[bool]]
|
27
|
+
"""
|
28
|
+
If true, all keys will require the cas parameter to be set on all write requests.
|
29
|
+
"""
|
30
|
+
data: NotRequired[pulumi.Input[Mapping[str, pulumi.Input[str]]]]
|
31
|
+
"""
|
32
|
+
A mapping whose keys are the top-level data keys returned from
|
33
|
+
Vault and whose values are the corresponding values. This map can only
|
34
|
+
represent string data, so any non-string values returned from Vault are
|
35
|
+
serialized as JSON.
|
36
|
+
"""
|
37
|
+
delete_version_after: NotRequired[pulumi.Input[int]]
|
38
|
+
"""
|
39
|
+
If set, specifies the length of time before a version is deleted.
|
40
|
+
"""
|
41
|
+
max_versions: NotRequired[pulumi.Input[int]]
|
42
|
+
"""
|
43
|
+
The number of versions to keep per key.
|
44
|
+
"""
|
45
|
+
elif False:
|
46
|
+
SecretV2CustomMetadataArgsDict: TypeAlias = Mapping[str, Any]
|
47
|
+
|
16
48
|
@pulumi.input_type
|
17
49
|
class SecretV2CustomMetadataArgs:
|
18
50
|
def __init__(__self__, *,
|
19
51
|
cas_required: Optional[pulumi.Input[bool]] = None,
|
20
|
-
data: Optional[pulumi.Input[Mapping[str,
|
52
|
+
data: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
21
53
|
delete_version_after: Optional[pulumi.Input[int]] = None,
|
22
54
|
max_versions: Optional[pulumi.Input[int]] = None):
|
23
55
|
"""
|
24
56
|
:param pulumi.Input[bool] cas_required: If true, all keys will require the cas parameter to be set on all write requests.
|
25
|
-
:param pulumi.Input[Mapping[str,
|
57
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] data: A mapping whose keys are the top-level data keys returned from
|
26
58
|
Vault and whose values are the corresponding values. This map can only
|
27
59
|
represent string data, so any non-string values returned from Vault are
|
28
60
|
serialized as JSON.
|
@@ -52,7 +84,7 @@ class SecretV2CustomMetadataArgs:
|
|
52
84
|
|
53
85
|
@property
|
54
86
|
@pulumi.getter
|
55
|
-
def data(self) -> Optional[pulumi.Input[Mapping[str,
|
87
|
+
def data(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
|
56
88
|
"""
|
57
89
|
A mapping whose keys are the top-level data keys returned from
|
58
90
|
Vault and whose values are the corresponding values. This map can only
|
@@ -62,7 +94,7 @@ class SecretV2CustomMetadataArgs:
|
|
62
94
|
return pulumi.get(self, "data")
|
63
95
|
|
64
96
|
@data.setter
|
65
|
-
def data(self, value: Optional[pulumi.Input[Mapping[str,
|
97
|
+
def data(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
|
66
98
|
pulumi.set(self, "data", value)
|
67
99
|
|
68
100
|
@property
|