pulumi-vault 5.21.0a1710160723__py3-none-any.whl → 6.5.0a1736836139__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +52 -0
- pulumi_vault/_inputs.py +560 -0
- pulumi_vault/_utilities.py +41 -5
- pulumi_vault/ad/get_access_credentials.py +22 -7
- pulumi_vault/ad/secret_backend.py +14 -144
- pulumi_vault/ad/secret_library.py +14 -11
- pulumi_vault/ad/secret_role.py +12 -11
- pulumi_vault/alicloud/auth_backend_role.py +74 -192
- pulumi_vault/approle/auth_backend_login.py +12 -11
- pulumi_vault/approle/auth_backend_role.py +75 -193
- pulumi_vault/approle/auth_backend_role_secret_id.py +106 -11
- pulumi_vault/approle/get_auth_backend_role_id.py +18 -9
- pulumi_vault/audit.py +24 -27
- pulumi_vault/audit_request_header.py +11 -6
- pulumi_vault/auth_backend.py +64 -12
- pulumi_vault/aws/auth_backend_cert.py +12 -7
- pulumi_vault/aws/auth_backend_client.py +265 -24
- pulumi_vault/aws/auth_backend_config_identity.py +12 -11
- pulumi_vault/aws/auth_backend_identity_whitelist.py +18 -17
- pulumi_vault/aws/auth_backend_login.py +19 -22
- pulumi_vault/aws/auth_backend_role.py +75 -193
- pulumi_vault/aws/auth_backend_role_tag.py +12 -7
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -17
- pulumi_vault/aws/auth_backend_sts_role.py +12 -11
- pulumi_vault/aws/get_access_credentials.py +34 -7
- pulumi_vault/aws/get_static_access_credentials.py +19 -5
- pulumi_vault/aws/secret_backend.py +75 -7
- pulumi_vault/aws/secret_backend_role.py +183 -11
- pulumi_vault/aws/secret_backend_static_role.py +14 -11
- pulumi_vault/azure/_inputs.py +24 -0
- pulumi_vault/azure/auth_backend_config.py +151 -17
- pulumi_vault/azure/auth_backend_role.py +75 -193
- pulumi_vault/azure/backend.py +223 -29
- pulumi_vault/azure/backend_role.py +42 -41
- pulumi_vault/azure/get_access_credentials.py +39 -11
- pulumi_vault/azure/outputs.py +5 -0
- pulumi_vault/cert_auth_backend_role.py +87 -271
- pulumi_vault/config/__init__.pyi +5 -0
- pulumi_vault/config/_inputs.py +73 -0
- pulumi_vault/config/outputs.py +35 -0
- pulumi_vault/config/ui_custom_message.py +529 -0
- pulumi_vault/config/vars.py +5 -0
- pulumi_vault/consul/secret_backend.py +22 -25
- pulumi_vault/consul/secret_backend_role.py +14 -80
- pulumi_vault/database/_inputs.py +2770 -881
- pulumi_vault/database/outputs.py +721 -838
- pulumi_vault/database/secret_backend_connection.py +117 -114
- pulumi_vault/database/secret_backend_role.py +29 -24
- pulumi_vault/database/secret_backend_static_role.py +85 -15
- pulumi_vault/database/secrets_mount.py +425 -138
- pulumi_vault/egp_policy.py +16 -15
- pulumi_vault/gcp/_inputs.py +111 -0
- pulumi_vault/gcp/auth_backend.py +248 -35
- pulumi_vault/gcp/auth_backend_role.py +75 -271
- pulumi_vault/gcp/get_auth_backend_role.py +43 -9
- pulumi_vault/gcp/outputs.py +5 -0
- pulumi_vault/gcp/secret_backend.py +287 -16
- pulumi_vault/gcp/secret_impersonated_account.py +74 -17
- pulumi_vault/gcp/secret_roleset.py +29 -26
- pulumi_vault/gcp/secret_static_account.py +37 -34
- pulumi_vault/generic/endpoint.py +22 -21
- pulumi_vault/generic/get_secret.py +68 -12
- pulumi_vault/generic/secret.py +19 -14
- pulumi_vault/get_auth_backend.py +24 -11
- pulumi_vault/get_auth_backends.py +33 -11
- pulumi_vault/get_namespace.py +226 -0
- pulumi_vault/get_namespaces.py +153 -0
- pulumi_vault/get_nomad_access_token.py +31 -15
- pulumi_vault/get_policy_document.py +34 -23
- pulumi_vault/get_raft_autopilot_state.py +29 -14
- pulumi_vault/github/_inputs.py +55 -0
- pulumi_vault/github/auth_backend.py +17 -16
- pulumi_vault/github/outputs.py +5 -0
- pulumi_vault/github/team.py +14 -13
- pulumi_vault/github/user.py +14 -13
- pulumi_vault/identity/entity.py +18 -15
- pulumi_vault/identity/entity_alias.py +18 -15
- pulumi_vault/identity/entity_policies.py +24 -19
- pulumi_vault/identity/get_entity.py +40 -14
- pulumi_vault/identity/get_group.py +45 -13
- pulumi_vault/identity/get_oidc_client_creds.py +21 -11
- pulumi_vault/identity/get_oidc_openid_config.py +39 -13
- pulumi_vault/identity/get_oidc_public_keys.py +29 -14
- pulumi_vault/identity/group.py +50 -49
- pulumi_vault/identity/group_alias.py +14 -11
- pulumi_vault/identity/group_member_entity_ids.py +24 -74
- pulumi_vault/identity/group_member_group_ids.py +36 -27
- pulumi_vault/identity/group_policies.py +16 -15
- pulumi_vault/identity/mfa_duo.py +9 -8
- pulumi_vault/identity/mfa_login_enforcement.py +13 -8
- pulumi_vault/identity/mfa_okta.py +9 -8
- pulumi_vault/identity/mfa_pingid.py +5 -4
- pulumi_vault/identity/mfa_totp.py +5 -4
- pulumi_vault/identity/oidc.py +12 -11
- pulumi_vault/identity/oidc_assignment.py +22 -13
- pulumi_vault/identity/oidc_client.py +34 -25
- pulumi_vault/identity/oidc_key.py +28 -19
- pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -19
- pulumi_vault/identity/oidc_provider.py +34 -23
- pulumi_vault/identity/oidc_role.py +40 -27
- pulumi_vault/identity/oidc_scope.py +18 -15
- pulumi_vault/identity/outputs.py +8 -3
- pulumi_vault/jwt/_inputs.py +55 -0
- pulumi_vault/jwt/auth_backend.py +39 -46
- pulumi_vault/jwt/auth_backend_role.py +131 -260
- pulumi_vault/jwt/outputs.py +5 -0
- pulumi_vault/kmip/secret_backend.py +22 -21
- pulumi_vault/kmip/secret_role.py +12 -11
- pulumi_vault/kmip/secret_scope.py +12 -11
- pulumi_vault/kubernetes/auth_backend_config.py +55 -7
- pulumi_vault/kubernetes/auth_backend_role.py +68 -179
- pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
- pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
- pulumi_vault/kubernetes/get_service_account_token.py +39 -15
- pulumi_vault/kubernetes/secret_backend.py +314 -29
- pulumi_vault/kubernetes/secret_backend_role.py +135 -56
- pulumi_vault/kv/_inputs.py +36 -4
- pulumi_vault/kv/get_secret.py +23 -12
- pulumi_vault/kv/get_secret_subkeys_v2.py +31 -14
- pulumi_vault/kv/get_secret_v2.py +89 -9
- pulumi_vault/kv/get_secrets_list.py +22 -15
- pulumi_vault/kv/get_secrets_list_v2.py +35 -19
- pulumi_vault/kv/outputs.py +8 -3
- pulumi_vault/kv/secret.py +19 -18
- pulumi_vault/kv/secret_backend_v2.py +12 -11
- pulumi_vault/kv/secret_v2.py +55 -52
- pulumi_vault/ldap/auth_backend.py +125 -168
- pulumi_vault/ldap/auth_backend_group.py +12 -11
- pulumi_vault/ldap/auth_backend_user.py +12 -11
- pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
- pulumi_vault/ldap/get_static_credentials.py +24 -5
- pulumi_vault/ldap/secret_backend.py +352 -84
- pulumi_vault/ldap/secret_backend_dynamic_role.py +12 -11
- pulumi_vault/ldap/secret_backend_library_set.py +14 -11
- pulumi_vault/ldap/secret_backend_static_role.py +67 -12
- pulumi_vault/managed/_inputs.py +289 -132
- pulumi_vault/managed/keys.py +27 -43
- pulumi_vault/managed/outputs.py +89 -132
- pulumi_vault/mfa_duo.py +16 -13
- pulumi_vault/mfa_okta.py +16 -13
- pulumi_vault/mfa_pingid.py +16 -13
- pulumi_vault/mfa_totp.py +22 -19
- pulumi_vault/mongodbatlas/secret_backend.py +18 -17
- pulumi_vault/mongodbatlas/secret_role.py +41 -38
- pulumi_vault/mount.py +389 -65
- pulumi_vault/namespace.py +26 -21
- pulumi_vault/nomad_secret_backend.py +16 -15
- pulumi_vault/nomad_secret_role.py +12 -11
- pulumi_vault/okta/_inputs.py +47 -8
- pulumi_vault/okta/auth_backend.py +483 -41
- pulumi_vault/okta/auth_backend_group.py +12 -11
- pulumi_vault/okta/auth_backend_user.py +12 -11
- pulumi_vault/okta/outputs.py +13 -8
- pulumi_vault/outputs.py +5 -0
- pulumi_vault/password_policy.py +18 -15
- pulumi_vault/pkisecret/__init__.py +3 -0
- pulumi_vault/pkisecret/_inputs.py +81 -0
- pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
- pulumi_vault/pkisecret/backend_config_est.py +619 -0
- pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
- pulumi_vault/pkisecret/get_backend_issuer.py +63 -7
- pulumi_vault/pkisecret/get_backend_issuers.py +21 -12
- pulumi_vault/pkisecret/get_backend_key.py +24 -13
- pulumi_vault/pkisecret/get_backend_keys.py +21 -12
- pulumi_vault/pkisecret/outputs.py +69 -0
- pulumi_vault/pkisecret/secret_backend_cert.py +18 -15
- pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -15
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +12 -11
- pulumi_vault/pkisecret/secret_backend_config_urls.py +59 -11
- pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -13
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -15
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -21
- pulumi_vault/pkisecret/secret_backend_issuer.py +12 -11
- pulumi_vault/pkisecret/secret_backend_key.py +12 -7
- pulumi_vault/pkisecret/secret_backend_role.py +19 -16
- pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -52
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -62
- pulumi_vault/pkisecret/secret_backend_sign.py +18 -60
- pulumi_vault/plugin.py +595 -0
- pulumi_vault/plugin_pinned_version.py +298 -0
- pulumi_vault/policy.py +12 -7
- pulumi_vault/provider.py +48 -53
- pulumi_vault/pulumi-plugin.json +2 -1
- pulumi_vault/quota_lease_count.py +58 -8
- pulumi_vault/quota_rate_limit.py +54 -4
- pulumi_vault/rabbitmq/_inputs.py +61 -0
- pulumi_vault/rabbitmq/outputs.py +5 -0
- pulumi_vault/rabbitmq/secret_backend.py +16 -15
- pulumi_vault/rabbitmq/secret_backend_role.py +52 -49
- pulumi_vault/raft_autopilot.py +12 -11
- pulumi_vault/raft_snapshot_agent_config.py +121 -311
- pulumi_vault/rgp_policy.py +14 -13
- pulumi_vault/saml/auth_backend.py +20 -19
- pulumi_vault/saml/auth_backend_role.py +90 -199
- pulumi_vault/secrets/__init__.py +3 -0
- pulumi_vault/secrets/_inputs.py +110 -0
- pulumi_vault/secrets/outputs.py +94 -0
- pulumi_vault/secrets/sync_association.py +56 -75
- pulumi_vault/secrets/sync_aws_destination.py +240 -29
- pulumi_vault/secrets/sync_azure_destination.py +90 -33
- pulumi_vault/secrets/sync_config.py +7 -6
- pulumi_vault/secrets/sync_gcp_destination.py +156 -27
- pulumi_vault/secrets/sync_gh_destination.py +187 -15
- pulumi_vault/secrets/sync_github_apps.py +375 -0
- pulumi_vault/secrets/sync_vercel_destination.py +72 -15
- pulumi_vault/ssh/_inputs.py +28 -32
- pulumi_vault/ssh/outputs.py +11 -32
- pulumi_vault/ssh/secret_backend_ca.py +106 -11
- pulumi_vault/ssh/secret_backend_role.py +83 -120
- pulumi_vault/terraformcloud/secret_backend.py +5 -56
- pulumi_vault/terraformcloud/secret_creds.py +14 -24
- pulumi_vault/terraformcloud/secret_role.py +14 -76
- pulumi_vault/token.py +26 -25
- pulumi_vault/tokenauth/auth_backend_role.py +76 -201
- pulumi_vault/transform/alphabet.py +16 -13
- pulumi_vault/transform/get_decode.py +45 -21
- pulumi_vault/transform/get_encode.py +45 -21
- pulumi_vault/transform/role.py +16 -13
- pulumi_vault/transform/template.py +30 -25
- pulumi_vault/transform/transformation.py +12 -7
- pulumi_vault/transit/get_decrypt.py +26 -25
- pulumi_vault/transit/get_encrypt.py +24 -19
- pulumi_vault/transit/secret_backend_key.py +25 -97
- pulumi_vault/transit/secret_cache_config.py +12 -11
- {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/METADATA +8 -7
- pulumi_vault-6.5.0a1736836139.dist-info/RECORD +256 -0
- {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/WHEEL +1 -1
- pulumi_vault-5.21.0a1710160723.dist-info/RECORD +0 -244
- {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/top_level.txt +0 -0
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
|
12
17
|
__all__ = ['AuthBackendArgs', 'AuthBackend']
|
@@ -21,6 +26,7 @@ class AuthBackendArgs:
|
|
21
26
|
certificate: Optional[pulumi.Input[str]] = None,
|
22
27
|
client_tls_cert: Optional[pulumi.Input[str]] = None,
|
23
28
|
client_tls_key: Optional[pulumi.Input[str]] = None,
|
29
|
+
connection_timeout: Optional[pulumi.Input[int]] = None,
|
24
30
|
deny_null_bind: Optional[pulumi.Input[bool]] = None,
|
25
31
|
description: Optional[pulumi.Input[str]] = None,
|
26
32
|
disable_remount: Optional[pulumi.Input[bool]] = None,
|
@@ -58,6 +64,7 @@ class AuthBackendArgs:
|
|
58
64
|
:param pulumi.Input[str] bindpass: Password to use with `binddn` when performing user search
|
59
65
|
:param pulumi.Input[bool] case_sensitive_names: Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
|
60
66
|
:param pulumi.Input[str] certificate: Trusted CA to validate TLS certificate
|
67
|
+
:param pulumi.Input[int] connection_timeout: Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in `url` (integer: 30)
|
61
68
|
:param pulumi.Input[bool] deny_null_bind: Prevents users from bypassing authentication when providing an empty password.
|
62
69
|
:param pulumi.Input[str] description: Description for the LDAP auth backend mount
|
63
70
|
:param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
|
@@ -72,33 +79,20 @@ class AuthBackendArgs:
|
|
72
79
|
*Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+*.
|
73
80
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
74
81
|
The value should not contain leading or trailing forward slashes.
|
75
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
82
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
76
83
|
*Available only for Vault Enterprise*.
|
77
84
|
:param pulumi.Input[str] path: Path to mount the LDAP auth backend under
|
78
85
|
:param pulumi.Input[bool] starttls: Control use of TLS when conecting to LDAP
|
79
86
|
:param pulumi.Input[str] tls_max_version: Maximum acceptable version of TLS
|
80
87
|
:param pulumi.Input[str] tls_min_version: Minimum acceptable version of TLS
|
81
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs:
|
82
|
-
|
83
|
-
|
84
|
-
:param pulumi.Input[
|
85
|
-
|
86
|
-
|
87
|
-
|
88
|
-
:param pulumi.Input[int]
|
89
|
-
Its current value will be referenced at renewal time.
|
90
|
-
:param pulumi.Input[bool] token_no_default_policy: If set, the default policy will not be set on
|
91
|
-
generated tokens; otherwise it will be added to the policies set in token_policies.
|
92
|
-
:param pulumi.Input[int] token_num_uses: The [maximum number](https://www.vaultproject.io/api-docs/ldap#token_num_uses)
|
93
|
-
of times a generated token may be used (within its lifetime); 0 means unlimited.
|
94
|
-
:param pulumi.Input[int] token_period: If set, indicates that the
|
95
|
-
token generated using this role should never expire. The token should be renewed within the
|
96
|
-
duration specified by this value. At each renewal, the token's TTL will be set to the
|
97
|
-
value of this field. Specified in seconds.
|
98
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: List of policies to encode onto generated tokens. Depending
|
99
|
-
on the auth method, this list may be supplemented by user/group/other values.
|
100
|
-
:param pulumi.Input[int] token_ttl: The incremental lifetime for generated tokens in number of seconds.
|
101
|
-
Its current value will be referenced at renewal time.
|
88
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
|
89
|
+
:param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
|
90
|
+
:param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
|
91
|
+
:param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
|
92
|
+
:param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
|
93
|
+
:param pulumi.Input[int] token_period: Generated Token's Period
|
94
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
|
95
|
+
:param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
|
102
96
|
:param pulumi.Input[str] token_type: The type of token to generate, service or batch
|
103
97
|
:param pulumi.Input[str] upndomain: The `userPrincipalDomain` used to construct the UPN string for the authenticating user.
|
104
98
|
:param pulumi.Input[bool] use_token_groups: Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
|
@@ -120,6 +114,8 @@ class AuthBackendArgs:
|
|
120
114
|
pulumi.set(__self__, "client_tls_cert", client_tls_cert)
|
121
115
|
if client_tls_key is not None:
|
122
116
|
pulumi.set(__self__, "client_tls_key", client_tls_key)
|
117
|
+
if connection_timeout is not None:
|
118
|
+
pulumi.set(__self__, "connection_timeout", connection_timeout)
|
123
119
|
if deny_null_bind is not None:
|
124
120
|
pulumi.set(__self__, "deny_null_bind", deny_null_bind)
|
125
121
|
if description is not None:
|
@@ -259,6 +255,18 @@ class AuthBackendArgs:
|
|
259
255
|
def client_tls_key(self, value: Optional[pulumi.Input[str]]):
|
260
256
|
pulumi.set(self, "client_tls_key", value)
|
261
257
|
|
258
|
+
@property
|
259
|
+
@pulumi.getter(name="connectionTimeout")
|
260
|
+
def connection_timeout(self) -> Optional[pulumi.Input[int]]:
|
261
|
+
"""
|
262
|
+
Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in `url` (integer: 30)
|
263
|
+
"""
|
264
|
+
return pulumi.get(self, "connection_timeout")
|
265
|
+
|
266
|
+
@connection_timeout.setter
|
267
|
+
def connection_timeout(self, value: Optional[pulumi.Input[int]]):
|
268
|
+
pulumi.set(self, "connection_timeout", value)
|
269
|
+
|
262
270
|
@property
|
263
271
|
@pulumi.getter(name="denyNullBind")
|
264
272
|
def deny_null_bind(self) -> Optional[pulumi.Input[bool]]:
|
@@ -387,7 +395,7 @@ class AuthBackendArgs:
|
|
387
395
|
"""
|
388
396
|
The namespace to provision the resource in.
|
389
397
|
The value should not contain leading or trailing forward slashes.
|
390
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
398
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
391
399
|
*Available only for Vault Enterprise*.
|
392
400
|
"""
|
393
401
|
return pulumi.get(self, "namespace")
|
@@ -448,9 +456,7 @@ class AuthBackendArgs:
|
|
448
456
|
@pulumi.getter(name="tokenBoundCidrs")
|
449
457
|
def token_bound_cidrs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
450
458
|
"""
|
451
|
-
|
452
|
-
addresses which can authenticate successfully, and ties the resulting token to these blocks
|
453
|
-
as well.
|
459
|
+
Specifies the blocks of IP addresses which are allowed to use the generated token
|
454
460
|
"""
|
455
461
|
return pulumi.get(self, "token_bound_cidrs")
|
456
462
|
|
@@ -462,10 +468,7 @@ class AuthBackendArgs:
|
|
462
468
|
@pulumi.getter(name="tokenExplicitMaxTtl")
|
463
469
|
def token_explicit_max_ttl(self) -> Optional[pulumi.Input[int]]:
|
464
470
|
"""
|
465
|
-
|
466
|
-
[explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
|
467
|
-
onto the token in number of seconds. This is a hard cap even if `token_ttl` and
|
468
|
-
`token_max_ttl` would otherwise allow a renewal.
|
471
|
+
Generated Token's Explicit Maximum TTL in seconds
|
469
472
|
"""
|
470
473
|
return pulumi.get(self, "token_explicit_max_ttl")
|
471
474
|
|
@@ -477,8 +480,7 @@ class AuthBackendArgs:
|
|
477
480
|
@pulumi.getter(name="tokenMaxTtl")
|
478
481
|
def token_max_ttl(self) -> Optional[pulumi.Input[int]]:
|
479
482
|
"""
|
480
|
-
The maximum lifetime
|
481
|
-
Its current value will be referenced at renewal time.
|
483
|
+
The maximum lifetime of the generated token
|
482
484
|
"""
|
483
485
|
return pulumi.get(self, "token_max_ttl")
|
484
486
|
|
@@ -490,8 +492,7 @@ class AuthBackendArgs:
|
|
490
492
|
@pulumi.getter(name="tokenNoDefaultPolicy")
|
491
493
|
def token_no_default_policy(self) -> Optional[pulumi.Input[bool]]:
|
492
494
|
"""
|
493
|
-
If
|
494
|
-
generated tokens; otherwise it will be added to the policies set in token_policies.
|
495
|
+
If true, the 'default' policy will not automatically be added to generated tokens
|
495
496
|
"""
|
496
497
|
return pulumi.get(self, "token_no_default_policy")
|
497
498
|
|
@@ -503,8 +504,7 @@ class AuthBackendArgs:
|
|
503
504
|
@pulumi.getter(name="tokenNumUses")
|
504
505
|
def token_num_uses(self) -> Optional[pulumi.Input[int]]:
|
505
506
|
"""
|
506
|
-
The
|
507
|
-
of times a generated token may be used (within its lifetime); 0 means unlimited.
|
507
|
+
The maximum number of times a token may be used, a value of zero means unlimited
|
508
508
|
"""
|
509
509
|
return pulumi.get(self, "token_num_uses")
|
510
510
|
|
@@ -516,10 +516,7 @@ class AuthBackendArgs:
|
|
516
516
|
@pulumi.getter(name="tokenPeriod")
|
517
517
|
def token_period(self) -> Optional[pulumi.Input[int]]:
|
518
518
|
"""
|
519
|
-
|
520
|
-
token generated using this role should never expire. The token should be renewed within the
|
521
|
-
duration specified by this value. At each renewal, the token's TTL will be set to the
|
522
|
-
value of this field. Specified in seconds.
|
519
|
+
Generated Token's Period
|
523
520
|
"""
|
524
521
|
return pulumi.get(self, "token_period")
|
525
522
|
|
@@ -531,8 +528,7 @@ class AuthBackendArgs:
|
|
531
528
|
@pulumi.getter(name="tokenPolicies")
|
532
529
|
def token_policies(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
533
530
|
"""
|
534
|
-
|
535
|
-
on the auth method, this list may be supplemented by user/group/other values.
|
531
|
+
Generated Token's Policies
|
536
532
|
"""
|
537
533
|
return pulumi.get(self, "token_policies")
|
538
534
|
|
@@ -544,8 +540,7 @@ class AuthBackendArgs:
|
|
544
540
|
@pulumi.getter(name="tokenTtl")
|
545
541
|
def token_ttl(self) -> Optional[pulumi.Input[int]]:
|
546
542
|
"""
|
547
|
-
The
|
548
|
-
Its current value will be referenced at renewal time.
|
543
|
+
The initial ttl of the token to generate in seconds
|
549
544
|
"""
|
550
545
|
return pulumi.get(self, "token_ttl")
|
551
546
|
|
@@ -648,6 +643,7 @@ class _AuthBackendState:
|
|
648
643
|
certificate: Optional[pulumi.Input[str]] = None,
|
649
644
|
client_tls_cert: Optional[pulumi.Input[str]] = None,
|
650
645
|
client_tls_key: Optional[pulumi.Input[str]] = None,
|
646
|
+
connection_timeout: Optional[pulumi.Input[int]] = None,
|
651
647
|
deny_null_bind: Optional[pulumi.Input[bool]] = None,
|
652
648
|
description: Optional[pulumi.Input[str]] = None,
|
653
649
|
disable_remount: Optional[pulumi.Input[bool]] = None,
|
@@ -686,6 +682,7 @@ class _AuthBackendState:
|
|
686
682
|
:param pulumi.Input[str] bindpass: Password to use with `binddn` when performing user search
|
687
683
|
:param pulumi.Input[bool] case_sensitive_names: Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
|
688
684
|
:param pulumi.Input[str] certificate: Trusted CA to validate TLS certificate
|
685
|
+
:param pulumi.Input[int] connection_timeout: Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in `url` (integer: 30)
|
689
686
|
:param pulumi.Input[bool] deny_null_bind: Prevents users from bypassing authentication when providing an empty password.
|
690
687
|
:param pulumi.Input[str] description: Description for the LDAP auth backend mount
|
691
688
|
:param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
|
@@ -700,33 +697,20 @@ class _AuthBackendState:
|
|
700
697
|
*Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+*.
|
701
698
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
702
699
|
The value should not contain leading or trailing forward slashes.
|
703
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
700
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
704
701
|
*Available only for Vault Enterprise*.
|
705
702
|
:param pulumi.Input[str] path: Path to mount the LDAP auth backend under
|
706
703
|
:param pulumi.Input[bool] starttls: Control use of TLS when conecting to LDAP
|
707
704
|
:param pulumi.Input[str] tls_max_version: Maximum acceptable version of TLS
|
708
705
|
:param pulumi.Input[str] tls_min_version: Minimum acceptable version of TLS
|
709
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs:
|
710
|
-
|
711
|
-
|
712
|
-
:param pulumi.Input[
|
713
|
-
|
714
|
-
|
715
|
-
|
716
|
-
:param pulumi.Input[int]
|
717
|
-
Its current value will be referenced at renewal time.
|
718
|
-
:param pulumi.Input[bool] token_no_default_policy: If set, the default policy will not be set on
|
719
|
-
generated tokens; otherwise it will be added to the policies set in token_policies.
|
720
|
-
:param pulumi.Input[int] token_num_uses: The [maximum number](https://www.vaultproject.io/api-docs/ldap#token_num_uses)
|
721
|
-
of times a generated token may be used (within its lifetime); 0 means unlimited.
|
722
|
-
:param pulumi.Input[int] token_period: If set, indicates that the
|
723
|
-
token generated using this role should never expire. The token should be renewed within the
|
724
|
-
duration specified by this value. At each renewal, the token's TTL will be set to the
|
725
|
-
value of this field. Specified in seconds.
|
726
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: List of policies to encode onto generated tokens. Depending
|
727
|
-
on the auth method, this list may be supplemented by user/group/other values.
|
728
|
-
:param pulumi.Input[int] token_ttl: The incremental lifetime for generated tokens in number of seconds.
|
729
|
-
Its current value will be referenced at renewal time.
|
706
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
|
707
|
+
:param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
|
708
|
+
:param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
|
709
|
+
:param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
|
710
|
+
:param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
|
711
|
+
:param pulumi.Input[int] token_period: Generated Token's Period
|
712
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
|
713
|
+
:param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
|
730
714
|
:param pulumi.Input[str] token_type: The type of token to generate, service or batch
|
731
715
|
:param pulumi.Input[str] upndomain: The `userPrincipalDomain` used to construct the UPN string for the authenticating user.
|
732
716
|
:param pulumi.Input[str] url: The URL of the LDAP server
|
@@ -750,6 +734,8 @@ class _AuthBackendState:
|
|
750
734
|
pulumi.set(__self__, "client_tls_cert", client_tls_cert)
|
751
735
|
if client_tls_key is not None:
|
752
736
|
pulumi.set(__self__, "client_tls_key", client_tls_key)
|
737
|
+
if connection_timeout is not None:
|
738
|
+
pulumi.set(__self__, "connection_timeout", connection_timeout)
|
753
739
|
if deny_null_bind is not None:
|
754
740
|
pulumi.set(__self__, "deny_null_bind", deny_null_bind)
|
755
741
|
if description is not None:
|
@@ -891,6 +877,18 @@ class _AuthBackendState:
|
|
891
877
|
def client_tls_key(self, value: Optional[pulumi.Input[str]]):
|
892
878
|
pulumi.set(self, "client_tls_key", value)
|
893
879
|
|
880
|
+
@property
|
881
|
+
@pulumi.getter(name="connectionTimeout")
|
882
|
+
def connection_timeout(self) -> Optional[pulumi.Input[int]]:
|
883
|
+
"""
|
884
|
+
Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in `url` (integer: 30)
|
885
|
+
"""
|
886
|
+
return pulumi.get(self, "connection_timeout")
|
887
|
+
|
888
|
+
@connection_timeout.setter
|
889
|
+
def connection_timeout(self, value: Optional[pulumi.Input[int]]):
|
890
|
+
pulumi.set(self, "connection_timeout", value)
|
891
|
+
|
894
892
|
@property
|
895
893
|
@pulumi.getter(name="denyNullBind")
|
896
894
|
def deny_null_bind(self) -> Optional[pulumi.Input[bool]]:
|
@@ -1019,7 +1017,7 @@ class _AuthBackendState:
|
|
1019
1017
|
"""
|
1020
1018
|
The namespace to provision the resource in.
|
1021
1019
|
The value should not contain leading or trailing forward slashes.
|
1022
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
1020
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
1023
1021
|
*Available only for Vault Enterprise*.
|
1024
1022
|
"""
|
1025
1023
|
return pulumi.get(self, "namespace")
|
@@ -1080,9 +1078,7 @@ class _AuthBackendState:
|
|
1080
1078
|
@pulumi.getter(name="tokenBoundCidrs")
|
1081
1079
|
def token_bound_cidrs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
1082
1080
|
"""
|
1083
|
-
|
1084
|
-
addresses which can authenticate successfully, and ties the resulting token to these blocks
|
1085
|
-
as well.
|
1081
|
+
Specifies the blocks of IP addresses which are allowed to use the generated token
|
1086
1082
|
"""
|
1087
1083
|
return pulumi.get(self, "token_bound_cidrs")
|
1088
1084
|
|
@@ -1094,10 +1090,7 @@ class _AuthBackendState:
|
|
1094
1090
|
@pulumi.getter(name="tokenExplicitMaxTtl")
|
1095
1091
|
def token_explicit_max_ttl(self) -> Optional[pulumi.Input[int]]:
|
1096
1092
|
"""
|
1097
|
-
|
1098
|
-
[explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
|
1099
|
-
onto the token in number of seconds. This is a hard cap even if `token_ttl` and
|
1100
|
-
`token_max_ttl` would otherwise allow a renewal.
|
1093
|
+
Generated Token's Explicit Maximum TTL in seconds
|
1101
1094
|
"""
|
1102
1095
|
return pulumi.get(self, "token_explicit_max_ttl")
|
1103
1096
|
|
@@ -1109,8 +1102,7 @@ class _AuthBackendState:
|
|
1109
1102
|
@pulumi.getter(name="tokenMaxTtl")
|
1110
1103
|
def token_max_ttl(self) -> Optional[pulumi.Input[int]]:
|
1111
1104
|
"""
|
1112
|
-
The maximum lifetime
|
1113
|
-
Its current value will be referenced at renewal time.
|
1105
|
+
The maximum lifetime of the generated token
|
1114
1106
|
"""
|
1115
1107
|
return pulumi.get(self, "token_max_ttl")
|
1116
1108
|
|
@@ -1122,8 +1114,7 @@ class _AuthBackendState:
|
|
1122
1114
|
@pulumi.getter(name="tokenNoDefaultPolicy")
|
1123
1115
|
def token_no_default_policy(self) -> Optional[pulumi.Input[bool]]:
|
1124
1116
|
"""
|
1125
|
-
If
|
1126
|
-
generated tokens; otherwise it will be added to the policies set in token_policies.
|
1117
|
+
If true, the 'default' policy will not automatically be added to generated tokens
|
1127
1118
|
"""
|
1128
1119
|
return pulumi.get(self, "token_no_default_policy")
|
1129
1120
|
|
@@ -1135,8 +1126,7 @@ class _AuthBackendState:
|
|
1135
1126
|
@pulumi.getter(name="tokenNumUses")
|
1136
1127
|
def token_num_uses(self) -> Optional[pulumi.Input[int]]:
|
1137
1128
|
"""
|
1138
|
-
The
|
1139
|
-
of times a generated token may be used (within its lifetime); 0 means unlimited.
|
1129
|
+
The maximum number of times a token may be used, a value of zero means unlimited
|
1140
1130
|
"""
|
1141
1131
|
return pulumi.get(self, "token_num_uses")
|
1142
1132
|
|
@@ -1148,10 +1138,7 @@ class _AuthBackendState:
|
|
1148
1138
|
@pulumi.getter(name="tokenPeriod")
|
1149
1139
|
def token_period(self) -> Optional[pulumi.Input[int]]:
|
1150
1140
|
"""
|
1151
|
-
|
1152
|
-
token generated using this role should never expire. The token should be renewed within the
|
1153
|
-
duration specified by this value. At each renewal, the token's TTL will be set to the
|
1154
|
-
value of this field. Specified in seconds.
|
1141
|
+
Generated Token's Period
|
1155
1142
|
"""
|
1156
1143
|
return pulumi.get(self, "token_period")
|
1157
1144
|
|
@@ -1163,8 +1150,7 @@ class _AuthBackendState:
|
|
1163
1150
|
@pulumi.getter(name="tokenPolicies")
|
1164
1151
|
def token_policies(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
1165
1152
|
"""
|
1166
|
-
|
1167
|
-
on the auth method, this list may be supplemented by user/group/other values.
|
1153
|
+
Generated Token's Policies
|
1168
1154
|
"""
|
1169
1155
|
return pulumi.get(self, "token_policies")
|
1170
1156
|
|
@@ -1176,8 +1162,7 @@ class _AuthBackendState:
|
|
1176
1162
|
@pulumi.getter(name="tokenTtl")
|
1177
1163
|
def token_ttl(self) -> Optional[pulumi.Input[int]]:
|
1178
1164
|
"""
|
1179
|
-
The
|
1180
|
-
Its current value will be referenced at renewal time.
|
1165
|
+
The initial ttl of the token to generate in seconds
|
1181
1166
|
"""
|
1182
1167
|
return pulumi.get(self, "token_ttl")
|
1183
1168
|
|
@@ -1293,6 +1278,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1293
1278
|
certificate: Optional[pulumi.Input[str]] = None,
|
1294
1279
|
client_tls_cert: Optional[pulumi.Input[str]] = None,
|
1295
1280
|
client_tls_key: Optional[pulumi.Input[str]] = None,
|
1281
|
+
connection_timeout: Optional[pulumi.Input[int]] = None,
|
1296
1282
|
deny_null_bind: Optional[pulumi.Input[bool]] = None,
|
1297
1283
|
description: Optional[pulumi.Input[str]] = None,
|
1298
1284
|
disable_remount: Optional[pulumi.Input[bool]] = None,
|
@@ -1330,22 +1316,20 @@ class AuthBackend(pulumi.CustomResource):
|
|
1330
1316
|
|
1331
1317
|
## Example Usage
|
1332
1318
|
|
1333
|
-
<!--Start PulumiCodeChooser -->
|
1334
1319
|
```python
|
1335
1320
|
import pulumi
|
1336
1321
|
import pulumi_vault as vault
|
1337
1322
|
|
1338
1323
|
ldap = vault.ldap.AuthBackend("ldap",
|
1339
|
-
discoverdn=False,
|
1340
|
-
groupdn="OU=Groups,DC=example,DC=org",
|
1341
|
-
groupfilter="(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))",
|
1342
1324
|
path="ldap",
|
1343
|
-
upndomain="EXAMPLE.ORG",
|
1344
1325
|
url="ldaps://dc-01.example.org",
|
1326
|
+
userdn="OU=Users,OU=Accounts,DC=example,DC=org",
|
1345
1327
|
userattr="sAMAccountName",
|
1346
|
-
|
1328
|
+
upndomain="EXAMPLE.ORG",
|
1329
|
+
discoverdn=False,
|
1330
|
+
groupdn="OU=Groups,DC=example,DC=org",
|
1331
|
+
groupfilter="(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))")
|
1347
1332
|
```
|
1348
|
-
<!--End PulumiCodeChooser -->
|
1349
1333
|
|
1350
1334
|
## Import
|
1351
1335
|
|
@@ -1361,6 +1345,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1361
1345
|
:param pulumi.Input[str] bindpass: Password to use with `binddn` when performing user search
|
1362
1346
|
:param pulumi.Input[bool] case_sensitive_names: Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
|
1363
1347
|
:param pulumi.Input[str] certificate: Trusted CA to validate TLS certificate
|
1348
|
+
:param pulumi.Input[int] connection_timeout: Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in `url` (integer: 30)
|
1364
1349
|
:param pulumi.Input[bool] deny_null_bind: Prevents users from bypassing authentication when providing an empty password.
|
1365
1350
|
:param pulumi.Input[str] description: Description for the LDAP auth backend mount
|
1366
1351
|
:param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
|
@@ -1375,33 +1360,20 @@ class AuthBackend(pulumi.CustomResource):
|
|
1375
1360
|
*Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+*.
|
1376
1361
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
1377
1362
|
The value should not contain leading or trailing forward slashes.
|
1378
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
1363
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
1379
1364
|
*Available only for Vault Enterprise*.
|
1380
1365
|
:param pulumi.Input[str] path: Path to mount the LDAP auth backend under
|
1381
1366
|
:param pulumi.Input[bool] starttls: Control use of TLS when conecting to LDAP
|
1382
1367
|
:param pulumi.Input[str] tls_max_version: Maximum acceptable version of TLS
|
1383
1368
|
:param pulumi.Input[str] tls_min_version: Minimum acceptable version of TLS
|
1384
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs:
|
1385
|
-
|
1386
|
-
|
1387
|
-
:param pulumi.Input[
|
1388
|
-
|
1389
|
-
|
1390
|
-
|
1391
|
-
:param pulumi.Input[int]
|
1392
|
-
Its current value will be referenced at renewal time.
|
1393
|
-
:param pulumi.Input[bool] token_no_default_policy: If set, the default policy will not be set on
|
1394
|
-
generated tokens; otherwise it will be added to the policies set in token_policies.
|
1395
|
-
:param pulumi.Input[int] token_num_uses: The [maximum number](https://www.vaultproject.io/api-docs/ldap#token_num_uses)
|
1396
|
-
of times a generated token may be used (within its lifetime); 0 means unlimited.
|
1397
|
-
:param pulumi.Input[int] token_period: If set, indicates that the
|
1398
|
-
token generated using this role should never expire. The token should be renewed within the
|
1399
|
-
duration specified by this value. At each renewal, the token's TTL will be set to the
|
1400
|
-
value of this field. Specified in seconds.
|
1401
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: List of policies to encode onto generated tokens. Depending
|
1402
|
-
on the auth method, this list may be supplemented by user/group/other values.
|
1403
|
-
:param pulumi.Input[int] token_ttl: The incremental lifetime for generated tokens in number of seconds.
|
1404
|
-
Its current value will be referenced at renewal time.
|
1369
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
|
1370
|
+
:param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
|
1371
|
+
:param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
|
1372
|
+
:param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
|
1373
|
+
:param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
|
1374
|
+
:param pulumi.Input[int] token_period: Generated Token's Period
|
1375
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
|
1376
|
+
:param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
|
1405
1377
|
:param pulumi.Input[str] token_type: The type of token to generate, service or batch
|
1406
1378
|
:param pulumi.Input[str] upndomain: The `userPrincipalDomain` used to construct the UPN string for the authenticating user.
|
1407
1379
|
:param pulumi.Input[str] url: The URL of the LDAP server
|
@@ -1422,22 +1394,20 @@ class AuthBackend(pulumi.CustomResource):
|
|
1422
1394
|
|
1423
1395
|
## Example Usage
|
1424
1396
|
|
1425
|
-
<!--Start PulumiCodeChooser -->
|
1426
1397
|
```python
|
1427
1398
|
import pulumi
|
1428
1399
|
import pulumi_vault as vault
|
1429
1400
|
|
1430
1401
|
ldap = vault.ldap.AuthBackend("ldap",
|
1431
|
-
discoverdn=False,
|
1432
|
-
groupdn="OU=Groups,DC=example,DC=org",
|
1433
|
-
groupfilter="(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))",
|
1434
1402
|
path="ldap",
|
1435
|
-
upndomain="EXAMPLE.ORG",
|
1436
1403
|
url="ldaps://dc-01.example.org",
|
1404
|
+
userdn="OU=Users,OU=Accounts,DC=example,DC=org",
|
1437
1405
|
userattr="sAMAccountName",
|
1438
|
-
|
1406
|
+
upndomain="EXAMPLE.ORG",
|
1407
|
+
discoverdn=False,
|
1408
|
+
groupdn="OU=Groups,DC=example,DC=org",
|
1409
|
+
groupfilter="(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))")
|
1439
1410
|
```
|
1440
|
-
<!--End PulumiCodeChooser -->
|
1441
1411
|
|
1442
1412
|
## Import
|
1443
1413
|
|
@@ -1468,6 +1438,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1468
1438
|
certificate: Optional[pulumi.Input[str]] = None,
|
1469
1439
|
client_tls_cert: Optional[pulumi.Input[str]] = None,
|
1470
1440
|
client_tls_key: Optional[pulumi.Input[str]] = None,
|
1441
|
+
connection_timeout: Optional[pulumi.Input[int]] = None,
|
1471
1442
|
deny_null_bind: Optional[pulumi.Input[bool]] = None,
|
1472
1443
|
description: Optional[pulumi.Input[str]] = None,
|
1473
1444
|
disable_remount: Optional[pulumi.Input[bool]] = None,
|
@@ -1514,6 +1485,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1514
1485
|
__props__.__dict__["certificate"] = certificate
|
1515
1486
|
__props__.__dict__["client_tls_cert"] = client_tls_cert
|
1516
1487
|
__props__.__dict__["client_tls_key"] = None if client_tls_key is None else pulumi.Output.secret(client_tls_key)
|
1488
|
+
__props__.__dict__["connection_timeout"] = connection_timeout
|
1517
1489
|
__props__.__dict__["deny_null_bind"] = deny_null_bind
|
1518
1490
|
__props__.__dict__["description"] = description
|
1519
1491
|
__props__.__dict__["disable_remount"] = disable_remount
|
@@ -1567,6 +1539,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1567
1539
|
certificate: Optional[pulumi.Input[str]] = None,
|
1568
1540
|
client_tls_cert: Optional[pulumi.Input[str]] = None,
|
1569
1541
|
client_tls_key: Optional[pulumi.Input[str]] = None,
|
1542
|
+
connection_timeout: Optional[pulumi.Input[int]] = None,
|
1570
1543
|
deny_null_bind: Optional[pulumi.Input[bool]] = None,
|
1571
1544
|
description: Optional[pulumi.Input[str]] = None,
|
1572
1545
|
disable_remount: Optional[pulumi.Input[bool]] = None,
|
@@ -1610,6 +1583,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1610
1583
|
:param pulumi.Input[str] bindpass: Password to use with `binddn` when performing user search
|
1611
1584
|
:param pulumi.Input[bool] case_sensitive_names: Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
|
1612
1585
|
:param pulumi.Input[str] certificate: Trusted CA to validate TLS certificate
|
1586
|
+
:param pulumi.Input[int] connection_timeout: Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in `url` (integer: 30)
|
1613
1587
|
:param pulumi.Input[bool] deny_null_bind: Prevents users from bypassing authentication when providing an empty password.
|
1614
1588
|
:param pulumi.Input[str] description: Description for the LDAP auth backend mount
|
1615
1589
|
:param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
|
@@ -1624,33 +1598,20 @@ class AuthBackend(pulumi.CustomResource):
|
|
1624
1598
|
*Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+*.
|
1625
1599
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
1626
1600
|
The value should not contain leading or trailing forward slashes.
|
1627
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
1601
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
1628
1602
|
*Available only for Vault Enterprise*.
|
1629
1603
|
:param pulumi.Input[str] path: Path to mount the LDAP auth backend under
|
1630
1604
|
:param pulumi.Input[bool] starttls: Control use of TLS when conecting to LDAP
|
1631
1605
|
:param pulumi.Input[str] tls_max_version: Maximum acceptable version of TLS
|
1632
1606
|
:param pulumi.Input[str] tls_min_version: Minimum acceptable version of TLS
|
1633
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs:
|
1634
|
-
|
1635
|
-
|
1636
|
-
:param pulumi.Input[
|
1637
|
-
|
1638
|
-
|
1639
|
-
|
1640
|
-
:param pulumi.Input[int]
|
1641
|
-
Its current value will be referenced at renewal time.
|
1642
|
-
:param pulumi.Input[bool] token_no_default_policy: If set, the default policy will not be set on
|
1643
|
-
generated tokens; otherwise it will be added to the policies set in token_policies.
|
1644
|
-
:param pulumi.Input[int] token_num_uses: The [maximum number](https://www.vaultproject.io/api-docs/ldap#token_num_uses)
|
1645
|
-
of times a generated token may be used (within its lifetime); 0 means unlimited.
|
1646
|
-
:param pulumi.Input[int] token_period: If set, indicates that the
|
1647
|
-
token generated using this role should never expire. The token should be renewed within the
|
1648
|
-
duration specified by this value. At each renewal, the token's TTL will be set to the
|
1649
|
-
value of this field. Specified in seconds.
|
1650
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: List of policies to encode onto generated tokens. Depending
|
1651
|
-
on the auth method, this list may be supplemented by user/group/other values.
|
1652
|
-
:param pulumi.Input[int] token_ttl: The incremental lifetime for generated tokens in number of seconds.
|
1653
|
-
Its current value will be referenced at renewal time.
|
1607
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
|
1608
|
+
:param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
|
1609
|
+
:param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
|
1610
|
+
:param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
|
1611
|
+
:param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
|
1612
|
+
:param pulumi.Input[int] token_period: Generated Token's Period
|
1613
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
|
1614
|
+
:param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
|
1654
1615
|
:param pulumi.Input[str] token_type: The type of token to generate, service or batch
|
1655
1616
|
:param pulumi.Input[str] upndomain: The `userPrincipalDomain` used to construct the UPN string for the authenticating user.
|
1656
1617
|
:param pulumi.Input[str] url: The URL of the LDAP server
|
@@ -1671,6 +1632,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1671
1632
|
__props__.__dict__["certificate"] = certificate
|
1672
1633
|
__props__.__dict__["client_tls_cert"] = client_tls_cert
|
1673
1634
|
__props__.__dict__["client_tls_key"] = client_tls_key
|
1635
|
+
__props__.__dict__["connection_timeout"] = connection_timeout
|
1674
1636
|
__props__.__dict__["deny_null_bind"] = deny_null_bind
|
1675
1637
|
__props__.__dict__["description"] = description
|
1676
1638
|
__props__.__dict__["disable_remount"] = disable_remount
|
@@ -1754,6 +1716,14 @@ class AuthBackend(pulumi.CustomResource):
|
|
1754
1716
|
def client_tls_key(self) -> pulumi.Output[str]:
|
1755
1717
|
return pulumi.get(self, "client_tls_key")
|
1756
1718
|
|
1719
|
+
@property
|
1720
|
+
@pulumi.getter(name="connectionTimeout")
|
1721
|
+
def connection_timeout(self) -> pulumi.Output[int]:
|
1722
|
+
"""
|
1723
|
+
Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in `url` (integer: 30)
|
1724
|
+
"""
|
1725
|
+
return pulumi.get(self, "connection_timeout")
|
1726
|
+
|
1757
1727
|
@property
|
1758
1728
|
@pulumi.getter(name="denyNullBind")
|
1759
1729
|
def deny_null_bind(self) -> pulumi.Output[bool]:
|
@@ -1842,7 +1812,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1842
1812
|
"""
|
1843
1813
|
The namespace to provision the resource in.
|
1844
1814
|
The value should not contain leading or trailing forward slashes.
|
1845
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
1815
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
1846
1816
|
*Available only for Vault Enterprise*.
|
1847
1817
|
"""
|
1848
1818
|
return pulumi.get(self, "namespace")
|
@@ -1883,9 +1853,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1883
1853
|
@pulumi.getter(name="tokenBoundCidrs")
|
1884
1854
|
def token_bound_cidrs(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
1885
1855
|
"""
|
1886
|
-
|
1887
|
-
addresses which can authenticate successfully, and ties the resulting token to these blocks
|
1888
|
-
as well.
|
1856
|
+
Specifies the blocks of IP addresses which are allowed to use the generated token
|
1889
1857
|
"""
|
1890
1858
|
return pulumi.get(self, "token_bound_cidrs")
|
1891
1859
|
|
@@ -1893,10 +1861,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1893
1861
|
@pulumi.getter(name="tokenExplicitMaxTtl")
|
1894
1862
|
def token_explicit_max_ttl(self) -> pulumi.Output[Optional[int]]:
|
1895
1863
|
"""
|
1896
|
-
|
1897
|
-
[explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
|
1898
|
-
onto the token in number of seconds. This is a hard cap even if `token_ttl` and
|
1899
|
-
`token_max_ttl` would otherwise allow a renewal.
|
1864
|
+
Generated Token's Explicit Maximum TTL in seconds
|
1900
1865
|
"""
|
1901
1866
|
return pulumi.get(self, "token_explicit_max_ttl")
|
1902
1867
|
|
@@ -1904,8 +1869,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1904
1869
|
@pulumi.getter(name="tokenMaxTtl")
|
1905
1870
|
def token_max_ttl(self) -> pulumi.Output[Optional[int]]:
|
1906
1871
|
"""
|
1907
|
-
The maximum lifetime
|
1908
|
-
Its current value will be referenced at renewal time.
|
1872
|
+
The maximum lifetime of the generated token
|
1909
1873
|
"""
|
1910
1874
|
return pulumi.get(self, "token_max_ttl")
|
1911
1875
|
|
@@ -1913,8 +1877,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1913
1877
|
@pulumi.getter(name="tokenNoDefaultPolicy")
|
1914
1878
|
def token_no_default_policy(self) -> pulumi.Output[Optional[bool]]:
|
1915
1879
|
"""
|
1916
|
-
If
|
1917
|
-
generated tokens; otherwise it will be added to the policies set in token_policies.
|
1880
|
+
If true, the 'default' policy will not automatically be added to generated tokens
|
1918
1881
|
"""
|
1919
1882
|
return pulumi.get(self, "token_no_default_policy")
|
1920
1883
|
|
@@ -1922,8 +1885,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1922
1885
|
@pulumi.getter(name="tokenNumUses")
|
1923
1886
|
def token_num_uses(self) -> pulumi.Output[Optional[int]]:
|
1924
1887
|
"""
|
1925
|
-
The
|
1926
|
-
of times a generated token may be used (within its lifetime); 0 means unlimited.
|
1888
|
+
The maximum number of times a token may be used, a value of zero means unlimited
|
1927
1889
|
"""
|
1928
1890
|
return pulumi.get(self, "token_num_uses")
|
1929
1891
|
|
@@ -1931,10 +1893,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1931
1893
|
@pulumi.getter(name="tokenPeriod")
|
1932
1894
|
def token_period(self) -> pulumi.Output[Optional[int]]:
|
1933
1895
|
"""
|
1934
|
-
|
1935
|
-
token generated using this role should never expire. The token should be renewed within the
|
1936
|
-
duration specified by this value. At each renewal, the token's TTL will be set to the
|
1937
|
-
value of this field. Specified in seconds.
|
1896
|
+
Generated Token's Period
|
1938
1897
|
"""
|
1939
1898
|
return pulumi.get(self, "token_period")
|
1940
1899
|
|
@@ -1942,8 +1901,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1942
1901
|
@pulumi.getter(name="tokenPolicies")
|
1943
1902
|
def token_policies(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
1944
1903
|
"""
|
1945
|
-
|
1946
|
-
on the auth method, this list may be supplemented by user/group/other values.
|
1904
|
+
Generated Token's Policies
|
1947
1905
|
"""
|
1948
1906
|
return pulumi.get(self, "token_policies")
|
1949
1907
|
|
@@ -1951,8 +1909,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1951
1909
|
@pulumi.getter(name="tokenTtl")
|
1952
1910
|
def token_ttl(self) -> pulumi.Output[Optional[int]]:
|
1953
1911
|
"""
|
1954
|
-
The
|
1955
|
-
Its current value will be referenced at renewal time.
|
1912
|
+
The initial ttl of the token to generate in seconds
|
1956
1913
|
"""
|
1957
1914
|
return pulumi.get(self, "token_ttl")
|
1958
1915
|
|