pulumi-vault 5.21.0a1710160723__py3-none-any.whl → 6.5.0a1736836139__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +52 -0
- pulumi_vault/_inputs.py +560 -0
- pulumi_vault/_utilities.py +41 -5
- pulumi_vault/ad/get_access_credentials.py +22 -7
- pulumi_vault/ad/secret_backend.py +14 -144
- pulumi_vault/ad/secret_library.py +14 -11
- pulumi_vault/ad/secret_role.py +12 -11
- pulumi_vault/alicloud/auth_backend_role.py +74 -192
- pulumi_vault/approle/auth_backend_login.py +12 -11
- pulumi_vault/approle/auth_backend_role.py +75 -193
- pulumi_vault/approle/auth_backend_role_secret_id.py +106 -11
- pulumi_vault/approle/get_auth_backend_role_id.py +18 -9
- pulumi_vault/audit.py +24 -27
- pulumi_vault/audit_request_header.py +11 -6
- pulumi_vault/auth_backend.py +64 -12
- pulumi_vault/aws/auth_backend_cert.py +12 -7
- pulumi_vault/aws/auth_backend_client.py +265 -24
- pulumi_vault/aws/auth_backend_config_identity.py +12 -11
- pulumi_vault/aws/auth_backend_identity_whitelist.py +18 -17
- pulumi_vault/aws/auth_backend_login.py +19 -22
- pulumi_vault/aws/auth_backend_role.py +75 -193
- pulumi_vault/aws/auth_backend_role_tag.py +12 -7
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -17
- pulumi_vault/aws/auth_backend_sts_role.py +12 -11
- pulumi_vault/aws/get_access_credentials.py +34 -7
- pulumi_vault/aws/get_static_access_credentials.py +19 -5
- pulumi_vault/aws/secret_backend.py +75 -7
- pulumi_vault/aws/secret_backend_role.py +183 -11
- pulumi_vault/aws/secret_backend_static_role.py +14 -11
- pulumi_vault/azure/_inputs.py +24 -0
- pulumi_vault/azure/auth_backend_config.py +151 -17
- pulumi_vault/azure/auth_backend_role.py +75 -193
- pulumi_vault/azure/backend.py +223 -29
- pulumi_vault/azure/backend_role.py +42 -41
- pulumi_vault/azure/get_access_credentials.py +39 -11
- pulumi_vault/azure/outputs.py +5 -0
- pulumi_vault/cert_auth_backend_role.py +87 -271
- pulumi_vault/config/__init__.pyi +5 -0
- pulumi_vault/config/_inputs.py +73 -0
- pulumi_vault/config/outputs.py +35 -0
- pulumi_vault/config/ui_custom_message.py +529 -0
- pulumi_vault/config/vars.py +5 -0
- pulumi_vault/consul/secret_backend.py +22 -25
- pulumi_vault/consul/secret_backend_role.py +14 -80
- pulumi_vault/database/_inputs.py +2770 -881
- pulumi_vault/database/outputs.py +721 -838
- pulumi_vault/database/secret_backend_connection.py +117 -114
- pulumi_vault/database/secret_backend_role.py +29 -24
- pulumi_vault/database/secret_backend_static_role.py +85 -15
- pulumi_vault/database/secrets_mount.py +425 -138
- pulumi_vault/egp_policy.py +16 -15
- pulumi_vault/gcp/_inputs.py +111 -0
- pulumi_vault/gcp/auth_backend.py +248 -35
- pulumi_vault/gcp/auth_backend_role.py +75 -271
- pulumi_vault/gcp/get_auth_backend_role.py +43 -9
- pulumi_vault/gcp/outputs.py +5 -0
- pulumi_vault/gcp/secret_backend.py +287 -16
- pulumi_vault/gcp/secret_impersonated_account.py +74 -17
- pulumi_vault/gcp/secret_roleset.py +29 -26
- pulumi_vault/gcp/secret_static_account.py +37 -34
- pulumi_vault/generic/endpoint.py +22 -21
- pulumi_vault/generic/get_secret.py +68 -12
- pulumi_vault/generic/secret.py +19 -14
- pulumi_vault/get_auth_backend.py +24 -11
- pulumi_vault/get_auth_backends.py +33 -11
- pulumi_vault/get_namespace.py +226 -0
- pulumi_vault/get_namespaces.py +153 -0
- pulumi_vault/get_nomad_access_token.py +31 -15
- pulumi_vault/get_policy_document.py +34 -23
- pulumi_vault/get_raft_autopilot_state.py +29 -14
- pulumi_vault/github/_inputs.py +55 -0
- pulumi_vault/github/auth_backend.py +17 -16
- pulumi_vault/github/outputs.py +5 -0
- pulumi_vault/github/team.py +14 -13
- pulumi_vault/github/user.py +14 -13
- pulumi_vault/identity/entity.py +18 -15
- pulumi_vault/identity/entity_alias.py +18 -15
- pulumi_vault/identity/entity_policies.py +24 -19
- pulumi_vault/identity/get_entity.py +40 -14
- pulumi_vault/identity/get_group.py +45 -13
- pulumi_vault/identity/get_oidc_client_creds.py +21 -11
- pulumi_vault/identity/get_oidc_openid_config.py +39 -13
- pulumi_vault/identity/get_oidc_public_keys.py +29 -14
- pulumi_vault/identity/group.py +50 -49
- pulumi_vault/identity/group_alias.py +14 -11
- pulumi_vault/identity/group_member_entity_ids.py +24 -74
- pulumi_vault/identity/group_member_group_ids.py +36 -27
- pulumi_vault/identity/group_policies.py +16 -15
- pulumi_vault/identity/mfa_duo.py +9 -8
- pulumi_vault/identity/mfa_login_enforcement.py +13 -8
- pulumi_vault/identity/mfa_okta.py +9 -8
- pulumi_vault/identity/mfa_pingid.py +5 -4
- pulumi_vault/identity/mfa_totp.py +5 -4
- pulumi_vault/identity/oidc.py +12 -11
- pulumi_vault/identity/oidc_assignment.py +22 -13
- pulumi_vault/identity/oidc_client.py +34 -25
- pulumi_vault/identity/oidc_key.py +28 -19
- pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -19
- pulumi_vault/identity/oidc_provider.py +34 -23
- pulumi_vault/identity/oidc_role.py +40 -27
- pulumi_vault/identity/oidc_scope.py +18 -15
- pulumi_vault/identity/outputs.py +8 -3
- pulumi_vault/jwt/_inputs.py +55 -0
- pulumi_vault/jwt/auth_backend.py +39 -46
- pulumi_vault/jwt/auth_backend_role.py +131 -260
- pulumi_vault/jwt/outputs.py +5 -0
- pulumi_vault/kmip/secret_backend.py +22 -21
- pulumi_vault/kmip/secret_role.py +12 -11
- pulumi_vault/kmip/secret_scope.py +12 -11
- pulumi_vault/kubernetes/auth_backend_config.py +55 -7
- pulumi_vault/kubernetes/auth_backend_role.py +68 -179
- pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
- pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
- pulumi_vault/kubernetes/get_service_account_token.py +39 -15
- pulumi_vault/kubernetes/secret_backend.py +314 -29
- pulumi_vault/kubernetes/secret_backend_role.py +135 -56
- pulumi_vault/kv/_inputs.py +36 -4
- pulumi_vault/kv/get_secret.py +23 -12
- pulumi_vault/kv/get_secret_subkeys_v2.py +31 -14
- pulumi_vault/kv/get_secret_v2.py +89 -9
- pulumi_vault/kv/get_secrets_list.py +22 -15
- pulumi_vault/kv/get_secrets_list_v2.py +35 -19
- pulumi_vault/kv/outputs.py +8 -3
- pulumi_vault/kv/secret.py +19 -18
- pulumi_vault/kv/secret_backend_v2.py +12 -11
- pulumi_vault/kv/secret_v2.py +55 -52
- pulumi_vault/ldap/auth_backend.py +125 -168
- pulumi_vault/ldap/auth_backend_group.py +12 -11
- pulumi_vault/ldap/auth_backend_user.py +12 -11
- pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
- pulumi_vault/ldap/get_static_credentials.py +24 -5
- pulumi_vault/ldap/secret_backend.py +352 -84
- pulumi_vault/ldap/secret_backend_dynamic_role.py +12 -11
- pulumi_vault/ldap/secret_backend_library_set.py +14 -11
- pulumi_vault/ldap/secret_backend_static_role.py +67 -12
- pulumi_vault/managed/_inputs.py +289 -132
- pulumi_vault/managed/keys.py +27 -43
- pulumi_vault/managed/outputs.py +89 -132
- pulumi_vault/mfa_duo.py +16 -13
- pulumi_vault/mfa_okta.py +16 -13
- pulumi_vault/mfa_pingid.py +16 -13
- pulumi_vault/mfa_totp.py +22 -19
- pulumi_vault/mongodbatlas/secret_backend.py +18 -17
- pulumi_vault/mongodbatlas/secret_role.py +41 -38
- pulumi_vault/mount.py +389 -65
- pulumi_vault/namespace.py +26 -21
- pulumi_vault/nomad_secret_backend.py +16 -15
- pulumi_vault/nomad_secret_role.py +12 -11
- pulumi_vault/okta/_inputs.py +47 -8
- pulumi_vault/okta/auth_backend.py +483 -41
- pulumi_vault/okta/auth_backend_group.py +12 -11
- pulumi_vault/okta/auth_backend_user.py +12 -11
- pulumi_vault/okta/outputs.py +13 -8
- pulumi_vault/outputs.py +5 -0
- pulumi_vault/password_policy.py +18 -15
- pulumi_vault/pkisecret/__init__.py +3 -0
- pulumi_vault/pkisecret/_inputs.py +81 -0
- pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
- pulumi_vault/pkisecret/backend_config_est.py +619 -0
- pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
- pulumi_vault/pkisecret/get_backend_issuer.py +63 -7
- pulumi_vault/pkisecret/get_backend_issuers.py +21 -12
- pulumi_vault/pkisecret/get_backend_key.py +24 -13
- pulumi_vault/pkisecret/get_backend_keys.py +21 -12
- pulumi_vault/pkisecret/outputs.py +69 -0
- pulumi_vault/pkisecret/secret_backend_cert.py +18 -15
- pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -15
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +12 -11
- pulumi_vault/pkisecret/secret_backend_config_urls.py +59 -11
- pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -13
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -15
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -21
- pulumi_vault/pkisecret/secret_backend_issuer.py +12 -11
- pulumi_vault/pkisecret/secret_backend_key.py +12 -7
- pulumi_vault/pkisecret/secret_backend_role.py +19 -16
- pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -52
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -62
- pulumi_vault/pkisecret/secret_backend_sign.py +18 -60
- pulumi_vault/plugin.py +595 -0
- pulumi_vault/plugin_pinned_version.py +298 -0
- pulumi_vault/policy.py +12 -7
- pulumi_vault/provider.py +48 -53
- pulumi_vault/pulumi-plugin.json +2 -1
- pulumi_vault/quota_lease_count.py +58 -8
- pulumi_vault/quota_rate_limit.py +54 -4
- pulumi_vault/rabbitmq/_inputs.py +61 -0
- pulumi_vault/rabbitmq/outputs.py +5 -0
- pulumi_vault/rabbitmq/secret_backend.py +16 -15
- pulumi_vault/rabbitmq/secret_backend_role.py +52 -49
- pulumi_vault/raft_autopilot.py +12 -11
- pulumi_vault/raft_snapshot_agent_config.py +121 -311
- pulumi_vault/rgp_policy.py +14 -13
- pulumi_vault/saml/auth_backend.py +20 -19
- pulumi_vault/saml/auth_backend_role.py +90 -199
- pulumi_vault/secrets/__init__.py +3 -0
- pulumi_vault/secrets/_inputs.py +110 -0
- pulumi_vault/secrets/outputs.py +94 -0
- pulumi_vault/secrets/sync_association.py +56 -75
- pulumi_vault/secrets/sync_aws_destination.py +240 -29
- pulumi_vault/secrets/sync_azure_destination.py +90 -33
- pulumi_vault/secrets/sync_config.py +7 -6
- pulumi_vault/secrets/sync_gcp_destination.py +156 -27
- pulumi_vault/secrets/sync_gh_destination.py +187 -15
- pulumi_vault/secrets/sync_github_apps.py +375 -0
- pulumi_vault/secrets/sync_vercel_destination.py +72 -15
- pulumi_vault/ssh/_inputs.py +28 -32
- pulumi_vault/ssh/outputs.py +11 -32
- pulumi_vault/ssh/secret_backend_ca.py +106 -11
- pulumi_vault/ssh/secret_backend_role.py +83 -120
- pulumi_vault/terraformcloud/secret_backend.py +5 -56
- pulumi_vault/terraformcloud/secret_creds.py +14 -24
- pulumi_vault/terraformcloud/secret_role.py +14 -76
- pulumi_vault/token.py +26 -25
- pulumi_vault/tokenauth/auth_backend_role.py +76 -201
- pulumi_vault/transform/alphabet.py +16 -13
- pulumi_vault/transform/get_decode.py +45 -21
- pulumi_vault/transform/get_encode.py +45 -21
- pulumi_vault/transform/role.py +16 -13
- pulumi_vault/transform/template.py +30 -25
- pulumi_vault/transform/transformation.py +12 -7
- pulumi_vault/transit/get_decrypt.py +26 -25
- pulumi_vault/transit/get_encrypt.py +24 -19
- pulumi_vault/transit/secret_backend_key.py +25 -97
- pulumi_vault/transit/secret_cache_config.py +12 -11
- {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/METADATA +8 -7
- pulumi_vault-6.5.0a1736836139.dist-info/RECORD +256 -0
- {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/WHEEL +1 -1
- pulumi_vault-5.21.0a1710160723.dist-info/RECORD +0 -244
- {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/top_level.txt +0 -0
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
|
12
17
|
__all__ = ['SecretRoleArgs', 'SecretRole']
|
@@ -28,20 +33,20 @@ class SecretRoleArgs:
|
|
28
33
|
"""
|
29
34
|
The set of arguments for constructing a SecretRole resource.
|
30
35
|
:param pulumi.Input[str] mount: Path where the MongoDB Atlas Secrets Engine is mounted.
|
31
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] roles: List of roles that the API Key needs to have.
|
36
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] roles: List of roles that the API Key needs to have. Possible values are `ORG_OWNER`, `ORG_MEMBER`, `ORG_GROUP_CREATOR`, `ORG_BILLING_ADMIN` and `ORG_READ_ONLY`.
|
32
37
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] cidr_blocks: Whitelist entry in CIDR notation to be added for the API key.
|
33
38
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] ip_addresses: IP address to be added to the whitelist for the API key.
|
34
39
|
:param pulumi.Input[str] max_ttl: The maximum allowed lifetime of credentials issued using this role.
|
35
40
|
:param pulumi.Input[str] name: The name of the role.
|
36
41
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
37
42
|
The value should not contain leading or trailing forward slashes.
|
38
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
43
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
39
44
|
*Available only for Vault Enterprise*.
|
40
45
|
:param pulumi.Input[str] organization_id: Unique identifier for the organization to which the target API Key belongs.
|
41
46
|
Required if `project_id` is not set.
|
42
47
|
:param pulumi.Input[str] project_id: Unique identifier for the project to which the target API Key belongs.
|
43
|
-
Required if `organization_id is
|
44
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] project_roles: Roles assigned when an org API key is assigned to a project API key.
|
48
|
+
Required if `organization_id` is not set.
|
49
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] project_roles: Roles assigned when an org API key is assigned to a project API key. Possible values are `GROUP_CLUSTER_MANAGER`, `GROUP_DATA_ACCESS_ADMIN`, `GROUP_DATA_ACCESS_READ_ONLY`, `GROUP_DATA_ACCESS_READ_WRITE`, `GROUP_OWNER` and `GROUP_READ_ONLY`.
|
45
50
|
:param pulumi.Input[str] ttl: Duration in seconds after which the issued credential should expire.
|
46
51
|
"""
|
47
52
|
pulumi.set(__self__, "mount", mount)
|
@@ -81,7 +86,7 @@ class SecretRoleArgs:
|
|
81
86
|
@pulumi.getter
|
82
87
|
def roles(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]:
|
83
88
|
"""
|
84
|
-
List of roles that the API Key needs to have.
|
89
|
+
List of roles that the API Key needs to have. Possible values are `ORG_OWNER`, `ORG_MEMBER`, `ORG_GROUP_CREATOR`, `ORG_BILLING_ADMIN` and `ORG_READ_ONLY`.
|
85
90
|
"""
|
86
91
|
return pulumi.get(self, "roles")
|
87
92
|
|
@@ -143,7 +148,7 @@ class SecretRoleArgs:
|
|
143
148
|
"""
|
144
149
|
The namespace to provision the resource in.
|
145
150
|
The value should not contain leading or trailing forward slashes.
|
146
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
151
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
147
152
|
*Available only for Vault Enterprise*.
|
148
153
|
"""
|
149
154
|
return pulumi.get(self, "namespace")
|
@@ -170,7 +175,7 @@ class SecretRoleArgs:
|
|
170
175
|
def project_id(self) -> Optional[pulumi.Input[str]]:
|
171
176
|
"""
|
172
177
|
Unique identifier for the project to which the target API Key belongs.
|
173
|
-
Required if `organization_id is
|
178
|
+
Required if `organization_id` is not set.
|
174
179
|
"""
|
175
180
|
return pulumi.get(self, "project_id")
|
176
181
|
|
@@ -182,7 +187,7 @@ class SecretRoleArgs:
|
|
182
187
|
@pulumi.getter(name="projectRoles")
|
183
188
|
def project_roles(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
184
189
|
"""
|
185
|
-
Roles assigned when an org API key is assigned to a project API key.
|
190
|
+
Roles assigned when an org API key is assigned to a project API key. Possible values are `GROUP_CLUSTER_MANAGER`, `GROUP_DATA_ACCESS_ADMIN`, `GROUP_DATA_ACCESS_READ_ONLY`, `GROUP_DATA_ACCESS_READ_WRITE`, `GROUP_OWNER` and `GROUP_READ_ONLY`.
|
186
191
|
"""
|
187
192
|
return pulumi.get(self, "project_roles")
|
188
193
|
|
@@ -226,14 +231,14 @@ class _SecretRoleState:
|
|
226
231
|
:param pulumi.Input[str] name: The name of the role.
|
227
232
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
228
233
|
The value should not contain leading or trailing forward slashes.
|
229
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
234
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
230
235
|
*Available only for Vault Enterprise*.
|
231
236
|
:param pulumi.Input[str] organization_id: Unique identifier for the organization to which the target API Key belongs.
|
232
237
|
Required if `project_id` is not set.
|
233
238
|
:param pulumi.Input[str] project_id: Unique identifier for the project to which the target API Key belongs.
|
234
|
-
Required if `organization_id is
|
235
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] project_roles: Roles assigned when an org API key is assigned to a project API key.
|
236
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] roles: List of roles that the API Key needs to have.
|
239
|
+
Required if `organization_id` is not set.
|
240
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] project_roles: Roles assigned when an org API key is assigned to a project API key. Possible values are `GROUP_CLUSTER_MANAGER`, `GROUP_DATA_ACCESS_ADMIN`, `GROUP_DATA_ACCESS_READ_ONLY`, `GROUP_DATA_ACCESS_READ_WRITE`, `GROUP_OWNER` and `GROUP_READ_ONLY`.
|
241
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] roles: List of roles that the API Key needs to have. Possible values are `ORG_OWNER`, `ORG_MEMBER`, `ORG_GROUP_CREATOR`, `ORG_BILLING_ADMIN` and `ORG_READ_ONLY`.
|
237
242
|
:param pulumi.Input[str] ttl: Duration in seconds after which the issued credential should expire.
|
238
243
|
"""
|
239
244
|
if cidr_blocks is not None:
|
@@ -325,7 +330,7 @@ class _SecretRoleState:
|
|
325
330
|
"""
|
326
331
|
The namespace to provision the resource in.
|
327
332
|
The value should not contain leading or trailing forward slashes.
|
328
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
333
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
329
334
|
*Available only for Vault Enterprise*.
|
330
335
|
"""
|
331
336
|
return pulumi.get(self, "namespace")
|
@@ -352,7 +357,7 @@ class _SecretRoleState:
|
|
352
357
|
def project_id(self) -> Optional[pulumi.Input[str]]:
|
353
358
|
"""
|
354
359
|
Unique identifier for the project to which the target API Key belongs.
|
355
|
-
Required if `organization_id is
|
360
|
+
Required if `organization_id` is not set.
|
356
361
|
"""
|
357
362
|
return pulumi.get(self, "project_id")
|
358
363
|
|
@@ -364,7 +369,7 @@ class _SecretRoleState:
|
|
364
369
|
@pulumi.getter(name="projectRoles")
|
365
370
|
def project_roles(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
366
371
|
"""
|
367
|
-
Roles assigned when an org API key is assigned to a project API key.
|
372
|
+
Roles assigned when an org API key is assigned to a project API key. Possible values are `GROUP_CLUSTER_MANAGER`, `GROUP_DATA_ACCESS_ADMIN`, `GROUP_DATA_ACCESS_READ_ONLY`, `GROUP_DATA_ACCESS_READ_WRITE`, `GROUP_OWNER` and `GROUP_READ_ONLY`.
|
368
373
|
"""
|
369
374
|
return pulumi.get(self, "project_roles")
|
370
375
|
|
@@ -376,7 +381,7 @@ class _SecretRoleState:
|
|
376
381
|
@pulumi.getter
|
377
382
|
def roles(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
378
383
|
"""
|
379
|
-
List of roles that the API Key needs to have.
|
384
|
+
List of roles that the API Key needs to have. Possible values are `ORG_OWNER`, `ORG_MEMBER`, `ORG_GROUP_CREATOR`, `ORG_BILLING_ADMIN` and `ORG_READ_ONLY`.
|
380
385
|
"""
|
381
386
|
return pulumi.get(self, "roles")
|
382
387
|
|
@@ -417,7 +422,6 @@ class SecretRole(pulumi.CustomResource):
|
|
417
422
|
"""
|
418
423
|
## Example Usage
|
419
424
|
|
420
|
-
<!--Start PulumiCodeChooser -->
|
421
425
|
```python
|
422
426
|
import pulumi
|
423
427
|
import pulumi_vault as vault
|
@@ -427,21 +431,21 @@ class SecretRole(pulumi.CustomResource):
|
|
427
431
|
type="mongodbatlas",
|
428
432
|
description="MongoDB Atlas secret engine mount")
|
429
433
|
config = vault.mongodbatlas.SecretBackend("config",
|
430
|
-
mount=
|
434
|
+
mount=mongo.path,
|
431
435
|
private_key="privateKey",
|
432
436
|
public_key="publicKey")
|
433
437
|
role = vault.mongodbatlas.SecretRole("role",
|
434
438
|
mount=mongo.path,
|
439
|
+
name="tf-test-role",
|
435
440
|
organization_id="7cf5a45a9ccf6400e60981b7",
|
436
441
|
project_id="5cf5a45a9ccf6400e60981b6",
|
437
|
-
roles="ORG_READ_ONLY",
|
442
|
+
roles=["ORG_READ_ONLY"],
|
438
443
|
ip_addresses="192.168.1.5, 192.168.1.6",
|
439
444
|
cidr_blocks="192.168.1.3/35",
|
440
|
-
project_roles="GROUP_READ_ONLY",
|
445
|
+
project_roles=["GROUP_READ_ONLY"],
|
441
446
|
ttl="60",
|
442
447
|
max_ttl="120")
|
443
448
|
```
|
444
|
-
<!--End PulumiCodeChooser -->
|
445
449
|
|
446
450
|
## Import
|
447
451
|
|
@@ -461,14 +465,14 @@ class SecretRole(pulumi.CustomResource):
|
|
461
465
|
:param pulumi.Input[str] name: The name of the role.
|
462
466
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
463
467
|
The value should not contain leading or trailing forward slashes.
|
464
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
468
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
465
469
|
*Available only for Vault Enterprise*.
|
466
470
|
:param pulumi.Input[str] organization_id: Unique identifier for the organization to which the target API Key belongs.
|
467
471
|
Required if `project_id` is not set.
|
468
472
|
:param pulumi.Input[str] project_id: Unique identifier for the project to which the target API Key belongs.
|
469
|
-
Required if `organization_id is
|
470
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] project_roles: Roles assigned when an org API key is assigned to a project API key.
|
471
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] roles: List of roles that the API Key needs to have.
|
473
|
+
Required if `organization_id` is not set.
|
474
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] project_roles: Roles assigned when an org API key is assigned to a project API key. Possible values are `GROUP_CLUSTER_MANAGER`, `GROUP_DATA_ACCESS_ADMIN`, `GROUP_DATA_ACCESS_READ_ONLY`, `GROUP_DATA_ACCESS_READ_WRITE`, `GROUP_OWNER` and `GROUP_READ_ONLY`.
|
475
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] roles: List of roles that the API Key needs to have. Possible values are `ORG_OWNER`, `ORG_MEMBER`, `ORG_GROUP_CREATOR`, `ORG_BILLING_ADMIN` and `ORG_READ_ONLY`.
|
472
476
|
:param pulumi.Input[str] ttl: Duration in seconds after which the issued credential should expire.
|
473
477
|
"""
|
474
478
|
...
|
@@ -480,7 +484,6 @@ class SecretRole(pulumi.CustomResource):
|
|
480
484
|
"""
|
481
485
|
## Example Usage
|
482
486
|
|
483
|
-
<!--Start PulumiCodeChooser -->
|
484
487
|
```python
|
485
488
|
import pulumi
|
486
489
|
import pulumi_vault as vault
|
@@ -490,21 +493,21 @@ class SecretRole(pulumi.CustomResource):
|
|
490
493
|
type="mongodbatlas",
|
491
494
|
description="MongoDB Atlas secret engine mount")
|
492
495
|
config = vault.mongodbatlas.SecretBackend("config",
|
493
|
-
mount=
|
496
|
+
mount=mongo.path,
|
494
497
|
private_key="privateKey",
|
495
498
|
public_key="publicKey")
|
496
499
|
role = vault.mongodbatlas.SecretRole("role",
|
497
500
|
mount=mongo.path,
|
501
|
+
name="tf-test-role",
|
498
502
|
organization_id="7cf5a45a9ccf6400e60981b7",
|
499
503
|
project_id="5cf5a45a9ccf6400e60981b6",
|
500
|
-
roles="ORG_READ_ONLY",
|
504
|
+
roles=["ORG_READ_ONLY"],
|
501
505
|
ip_addresses="192.168.1.5, 192.168.1.6",
|
502
506
|
cidr_blocks="192.168.1.3/35",
|
503
|
-
project_roles="GROUP_READ_ONLY",
|
507
|
+
project_roles=["GROUP_READ_ONLY"],
|
504
508
|
ttl="60",
|
505
509
|
max_ttl="120")
|
506
510
|
```
|
507
|
-
<!--End PulumiCodeChooser -->
|
508
511
|
|
509
512
|
## Import
|
510
513
|
|
@@ -600,14 +603,14 @@ class SecretRole(pulumi.CustomResource):
|
|
600
603
|
:param pulumi.Input[str] name: The name of the role.
|
601
604
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
602
605
|
The value should not contain leading or trailing forward slashes.
|
603
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
606
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
604
607
|
*Available only for Vault Enterprise*.
|
605
608
|
:param pulumi.Input[str] organization_id: Unique identifier for the organization to which the target API Key belongs.
|
606
609
|
Required if `project_id` is not set.
|
607
610
|
:param pulumi.Input[str] project_id: Unique identifier for the project to which the target API Key belongs.
|
608
|
-
Required if `organization_id is
|
609
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] project_roles: Roles assigned when an org API key is assigned to a project API key.
|
610
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] roles: List of roles that the API Key needs to have.
|
611
|
+
Required if `organization_id` is not set.
|
612
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] project_roles: Roles assigned when an org API key is assigned to a project API key. Possible values are `GROUP_CLUSTER_MANAGER`, `GROUP_DATA_ACCESS_ADMIN`, `GROUP_DATA_ACCESS_READ_ONLY`, `GROUP_DATA_ACCESS_READ_WRITE`, `GROUP_OWNER` and `GROUP_READ_ONLY`.
|
613
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] roles: List of roles that the API Key needs to have. Possible values are `ORG_OWNER`, `ORG_MEMBER`, `ORG_GROUP_CREATOR`, `ORG_BILLING_ADMIN` and `ORG_READ_ONLY`.
|
611
614
|
:param pulumi.Input[str] ttl: Duration in seconds after which the issued credential should expire.
|
612
615
|
"""
|
613
616
|
opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
|
@@ -673,7 +676,7 @@ class SecretRole(pulumi.CustomResource):
|
|
673
676
|
"""
|
674
677
|
The namespace to provision the resource in.
|
675
678
|
The value should not contain leading or trailing forward slashes.
|
676
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
679
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
677
680
|
*Available only for Vault Enterprise*.
|
678
681
|
"""
|
679
682
|
return pulumi.get(self, "namespace")
|
@@ -692,7 +695,7 @@ class SecretRole(pulumi.CustomResource):
|
|
692
695
|
def project_id(self) -> pulumi.Output[Optional[str]]:
|
693
696
|
"""
|
694
697
|
Unique identifier for the project to which the target API Key belongs.
|
695
|
-
Required if `organization_id is
|
698
|
+
Required if `organization_id` is not set.
|
696
699
|
"""
|
697
700
|
return pulumi.get(self, "project_id")
|
698
701
|
|
@@ -700,7 +703,7 @@ class SecretRole(pulumi.CustomResource):
|
|
700
703
|
@pulumi.getter(name="projectRoles")
|
701
704
|
def project_roles(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
702
705
|
"""
|
703
|
-
Roles assigned when an org API key is assigned to a project API key.
|
706
|
+
Roles assigned when an org API key is assigned to a project API key. Possible values are `GROUP_CLUSTER_MANAGER`, `GROUP_DATA_ACCESS_ADMIN`, `GROUP_DATA_ACCESS_READ_ONLY`, `GROUP_DATA_ACCESS_READ_WRITE`, `GROUP_OWNER` and `GROUP_READ_ONLY`.
|
704
707
|
"""
|
705
708
|
return pulumi.get(self, "project_roles")
|
706
709
|
|
@@ -708,7 +711,7 @@ class SecretRole(pulumi.CustomResource):
|
|
708
711
|
@pulumi.getter
|
709
712
|
def roles(self) -> pulumi.Output[Sequence[str]]:
|
710
713
|
"""
|
711
|
-
List of roles that the API Key needs to have.
|
714
|
+
List of roles that the API Key needs to have. Possible values are `ORG_OWNER`, `ORG_MEMBER`, `ORG_GROUP_CREATOR`, `ORG_BILLING_ADMIN` and `ORG_READ_ONLY`.
|
712
715
|
"""
|
713
716
|
return pulumi.get(self, "roles")
|
714
717
|
|