pulumi-vault 5.21.0a1710160723__py3-none-any.whl → 6.5.0a1736836139__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +52 -0
- pulumi_vault/_inputs.py +560 -0
- pulumi_vault/_utilities.py +41 -5
- pulumi_vault/ad/get_access_credentials.py +22 -7
- pulumi_vault/ad/secret_backend.py +14 -144
- pulumi_vault/ad/secret_library.py +14 -11
- pulumi_vault/ad/secret_role.py +12 -11
- pulumi_vault/alicloud/auth_backend_role.py +74 -192
- pulumi_vault/approle/auth_backend_login.py +12 -11
- pulumi_vault/approle/auth_backend_role.py +75 -193
- pulumi_vault/approle/auth_backend_role_secret_id.py +106 -11
- pulumi_vault/approle/get_auth_backend_role_id.py +18 -9
- pulumi_vault/audit.py +24 -27
- pulumi_vault/audit_request_header.py +11 -6
- pulumi_vault/auth_backend.py +64 -12
- pulumi_vault/aws/auth_backend_cert.py +12 -7
- pulumi_vault/aws/auth_backend_client.py +265 -24
- pulumi_vault/aws/auth_backend_config_identity.py +12 -11
- pulumi_vault/aws/auth_backend_identity_whitelist.py +18 -17
- pulumi_vault/aws/auth_backend_login.py +19 -22
- pulumi_vault/aws/auth_backend_role.py +75 -193
- pulumi_vault/aws/auth_backend_role_tag.py +12 -7
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -17
- pulumi_vault/aws/auth_backend_sts_role.py +12 -11
- pulumi_vault/aws/get_access_credentials.py +34 -7
- pulumi_vault/aws/get_static_access_credentials.py +19 -5
- pulumi_vault/aws/secret_backend.py +75 -7
- pulumi_vault/aws/secret_backend_role.py +183 -11
- pulumi_vault/aws/secret_backend_static_role.py +14 -11
- pulumi_vault/azure/_inputs.py +24 -0
- pulumi_vault/azure/auth_backend_config.py +151 -17
- pulumi_vault/azure/auth_backend_role.py +75 -193
- pulumi_vault/azure/backend.py +223 -29
- pulumi_vault/azure/backend_role.py +42 -41
- pulumi_vault/azure/get_access_credentials.py +39 -11
- pulumi_vault/azure/outputs.py +5 -0
- pulumi_vault/cert_auth_backend_role.py +87 -271
- pulumi_vault/config/__init__.pyi +5 -0
- pulumi_vault/config/_inputs.py +73 -0
- pulumi_vault/config/outputs.py +35 -0
- pulumi_vault/config/ui_custom_message.py +529 -0
- pulumi_vault/config/vars.py +5 -0
- pulumi_vault/consul/secret_backend.py +22 -25
- pulumi_vault/consul/secret_backend_role.py +14 -80
- pulumi_vault/database/_inputs.py +2770 -881
- pulumi_vault/database/outputs.py +721 -838
- pulumi_vault/database/secret_backend_connection.py +117 -114
- pulumi_vault/database/secret_backend_role.py +29 -24
- pulumi_vault/database/secret_backend_static_role.py +85 -15
- pulumi_vault/database/secrets_mount.py +425 -138
- pulumi_vault/egp_policy.py +16 -15
- pulumi_vault/gcp/_inputs.py +111 -0
- pulumi_vault/gcp/auth_backend.py +248 -35
- pulumi_vault/gcp/auth_backend_role.py +75 -271
- pulumi_vault/gcp/get_auth_backend_role.py +43 -9
- pulumi_vault/gcp/outputs.py +5 -0
- pulumi_vault/gcp/secret_backend.py +287 -16
- pulumi_vault/gcp/secret_impersonated_account.py +74 -17
- pulumi_vault/gcp/secret_roleset.py +29 -26
- pulumi_vault/gcp/secret_static_account.py +37 -34
- pulumi_vault/generic/endpoint.py +22 -21
- pulumi_vault/generic/get_secret.py +68 -12
- pulumi_vault/generic/secret.py +19 -14
- pulumi_vault/get_auth_backend.py +24 -11
- pulumi_vault/get_auth_backends.py +33 -11
- pulumi_vault/get_namespace.py +226 -0
- pulumi_vault/get_namespaces.py +153 -0
- pulumi_vault/get_nomad_access_token.py +31 -15
- pulumi_vault/get_policy_document.py +34 -23
- pulumi_vault/get_raft_autopilot_state.py +29 -14
- pulumi_vault/github/_inputs.py +55 -0
- pulumi_vault/github/auth_backend.py +17 -16
- pulumi_vault/github/outputs.py +5 -0
- pulumi_vault/github/team.py +14 -13
- pulumi_vault/github/user.py +14 -13
- pulumi_vault/identity/entity.py +18 -15
- pulumi_vault/identity/entity_alias.py +18 -15
- pulumi_vault/identity/entity_policies.py +24 -19
- pulumi_vault/identity/get_entity.py +40 -14
- pulumi_vault/identity/get_group.py +45 -13
- pulumi_vault/identity/get_oidc_client_creds.py +21 -11
- pulumi_vault/identity/get_oidc_openid_config.py +39 -13
- pulumi_vault/identity/get_oidc_public_keys.py +29 -14
- pulumi_vault/identity/group.py +50 -49
- pulumi_vault/identity/group_alias.py +14 -11
- pulumi_vault/identity/group_member_entity_ids.py +24 -74
- pulumi_vault/identity/group_member_group_ids.py +36 -27
- pulumi_vault/identity/group_policies.py +16 -15
- pulumi_vault/identity/mfa_duo.py +9 -8
- pulumi_vault/identity/mfa_login_enforcement.py +13 -8
- pulumi_vault/identity/mfa_okta.py +9 -8
- pulumi_vault/identity/mfa_pingid.py +5 -4
- pulumi_vault/identity/mfa_totp.py +5 -4
- pulumi_vault/identity/oidc.py +12 -11
- pulumi_vault/identity/oidc_assignment.py +22 -13
- pulumi_vault/identity/oidc_client.py +34 -25
- pulumi_vault/identity/oidc_key.py +28 -19
- pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -19
- pulumi_vault/identity/oidc_provider.py +34 -23
- pulumi_vault/identity/oidc_role.py +40 -27
- pulumi_vault/identity/oidc_scope.py +18 -15
- pulumi_vault/identity/outputs.py +8 -3
- pulumi_vault/jwt/_inputs.py +55 -0
- pulumi_vault/jwt/auth_backend.py +39 -46
- pulumi_vault/jwt/auth_backend_role.py +131 -260
- pulumi_vault/jwt/outputs.py +5 -0
- pulumi_vault/kmip/secret_backend.py +22 -21
- pulumi_vault/kmip/secret_role.py +12 -11
- pulumi_vault/kmip/secret_scope.py +12 -11
- pulumi_vault/kubernetes/auth_backend_config.py +55 -7
- pulumi_vault/kubernetes/auth_backend_role.py +68 -179
- pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
- pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
- pulumi_vault/kubernetes/get_service_account_token.py +39 -15
- pulumi_vault/kubernetes/secret_backend.py +314 -29
- pulumi_vault/kubernetes/secret_backend_role.py +135 -56
- pulumi_vault/kv/_inputs.py +36 -4
- pulumi_vault/kv/get_secret.py +23 -12
- pulumi_vault/kv/get_secret_subkeys_v2.py +31 -14
- pulumi_vault/kv/get_secret_v2.py +89 -9
- pulumi_vault/kv/get_secrets_list.py +22 -15
- pulumi_vault/kv/get_secrets_list_v2.py +35 -19
- pulumi_vault/kv/outputs.py +8 -3
- pulumi_vault/kv/secret.py +19 -18
- pulumi_vault/kv/secret_backend_v2.py +12 -11
- pulumi_vault/kv/secret_v2.py +55 -52
- pulumi_vault/ldap/auth_backend.py +125 -168
- pulumi_vault/ldap/auth_backend_group.py +12 -11
- pulumi_vault/ldap/auth_backend_user.py +12 -11
- pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
- pulumi_vault/ldap/get_static_credentials.py +24 -5
- pulumi_vault/ldap/secret_backend.py +352 -84
- pulumi_vault/ldap/secret_backend_dynamic_role.py +12 -11
- pulumi_vault/ldap/secret_backend_library_set.py +14 -11
- pulumi_vault/ldap/secret_backend_static_role.py +67 -12
- pulumi_vault/managed/_inputs.py +289 -132
- pulumi_vault/managed/keys.py +27 -43
- pulumi_vault/managed/outputs.py +89 -132
- pulumi_vault/mfa_duo.py +16 -13
- pulumi_vault/mfa_okta.py +16 -13
- pulumi_vault/mfa_pingid.py +16 -13
- pulumi_vault/mfa_totp.py +22 -19
- pulumi_vault/mongodbatlas/secret_backend.py +18 -17
- pulumi_vault/mongodbatlas/secret_role.py +41 -38
- pulumi_vault/mount.py +389 -65
- pulumi_vault/namespace.py +26 -21
- pulumi_vault/nomad_secret_backend.py +16 -15
- pulumi_vault/nomad_secret_role.py +12 -11
- pulumi_vault/okta/_inputs.py +47 -8
- pulumi_vault/okta/auth_backend.py +483 -41
- pulumi_vault/okta/auth_backend_group.py +12 -11
- pulumi_vault/okta/auth_backend_user.py +12 -11
- pulumi_vault/okta/outputs.py +13 -8
- pulumi_vault/outputs.py +5 -0
- pulumi_vault/password_policy.py +18 -15
- pulumi_vault/pkisecret/__init__.py +3 -0
- pulumi_vault/pkisecret/_inputs.py +81 -0
- pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
- pulumi_vault/pkisecret/backend_config_est.py +619 -0
- pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
- pulumi_vault/pkisecret/get_backend_issuer.py +63 -7
- pulumi_vault/pkisecret/get_backend_issuers.py +21 -12
- pulumi_vault/pkisecret/get_backend_key.py +24 -13
- pulumi_vault/pkisecret/get_backend_keys.py +21 -12
- pulumi_vault/pkisecret/outputs.py +69 -0
- pulumi_vault/pkisecret/secret_backend_cert.py +18 -15
- pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -15
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +12 -11
- pulumi_vault/pkisecret/secret_backend_config_urls.py +59 -11
- pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -13
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -15
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -21
- pulumi_vault/pkisecret/secret_backend_issuer.py +12 -11
- pulumi_vault/pkisecret/secret_backend_key.py +12 -7
- pulumi_vault/pkisecret/secret_backend_role.py +19 -16
- pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -52
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -62
- pulumi_vault/pkisecret/secret_backend_sign.py +18 -60
- pulumi_vault/plugin.py +595 -0
- pulumi_vault/plugin_pinned_version.py +298 -0
- pulumi_vault/policy.py +12 -7
- pulumi_vault/provider.py +48 -53
- pulumi_vault/pulumi-plugin.json +2 -1
- pulumi_vault/quota_lease_count.py +58 -8
- pulumi_vault/quota_rate_limit.py +54 -4
- pulumi_vault/rabbitmq/_inputs.py +61 -0
- pulumi_vault/rabbitmq/outputs.py +5 -0
- pulumi_vault/rabbitmq/secret_backend.py +16 -15
- pulumi_vault/rabbitmq/secret_backend_role.py +52 -49
- pulumi_vault/raft_autopilot.py +12 -11
- pulumi_vault/raft_snapshot_agent_config.py +121 -311
- pulumi_vault/rgp_policy.py +14 -13
- pulumi_vault/saml/auth_backend.py +20 -19
- pulumi_vault/saml/auth_backend_role.py +90 -199
- pulumi_vault/secrets/__init__.py +3 -0
- pulumi_vault/secrets/_inputs.py +110 -0
- pulumi_vault/secrets/outputs.py +94 -0
- pulumi_vault/secrets/sync_association.py +56 -75
- pulumi_vault/secrets/sync_aws_destination.py +240 -29
- pulumi_vault/secrets/sync_azure_destination.py +90 -33
- pulumi_vault/secrets/sync_config.py +7 -6
- pulumi_vault/secrets/sync_gcp_destination.py +156 -27
- pulumi_vault/secrets/sync_gh_destination.py +187 -15
- pulumi_vault/secrets/sync_github_apps.py +375 -0
- pulumi_vault/secrets/sync_vercel_destination.py +72 -15
- pulumi_vault/ssh/_inputs.py +28 -32
- pulumi_vault/ssh/outputs.py +11 -32
- pulumi_vault/ssh/secret_backend_ca.py +106 -11
- pulumi_vault/ssh/secret_backend_role.py +83 -120
- pulumi_vault/terraformcloud/secret_backend.py +5 -56
- pulumi_vault/terraformcloud/secret_creds.py +14 -24
- pulumi_vault/terraformcloud/secret_role.py +14 -76
- pulumi_vault/token.py +26 -25
- pulumi_vault/tokenauth/auth_backend_role.py +76 -201
- pulumi_vault/transform/alphabet.py +16 -13
- pulumi_vault/transform/get_decode.py +45 -21
- pulumi_vault/transform/get_encode.py +45 -21
- pulumi_vault/transform/role.py +16 -13
- pulumi_vault/transform/template.py +30 -25
- pulumi_vault/transform/transformation.py +12 -7
- pulumi_vault/transit/get_decrypt.py +26 -25
- pulumi_vault/transit/get_encrypt.py +24 -19
- pulumi_vault/transit/secret_backend_key.py +25 -97
- pulumi_vault/transit/secret_cache_config.py +12 -11
- {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/METADATA +8 -7
- pulumi_vault-6.5.0a1736836139.dist-info/RECORD +256 -0
- {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/WHEEL +1 -1
- pulumi_vault-5.21.0a1710160723.dist-info/RECORD +0 -244
- {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/top_level.txt +0 -0
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
|
12
17
|
__all__ = ['AuthBackendRoleArgs', 'AuthBackendRole']
|
@@ -40,7 +45,7 @@ class AuthBackendRoleArgs:
|
|
40
45
|
presented when logging in using this AppRole. Defaults to `true`.
|
41
46
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
42
47
|
The value should not contain leading or trailing forward slashes.
|
43
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
48
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
44
49
|
*Available only for Vault Enterprise*.
|
45
50
|
:param pulumi.Input[str] role_id: The RoleID of this role. If not specified, one will be
|
46
51
|
auto-generated.
|
@@ -51,32 +56,15 @@ class AuthBackendRoleArgs:
|
|
51
56
|
expire. A value of zero will allow unlimited uses.
|
52
57
|
:param pulumi.Input[int] secret_id_ttl: The number of seconds after which any SecretID
|
53
58
|
expires.
|
54
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs:
|
55
|
-
|
56
|
-
|
57
|
-
:param pulumi.Input[
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
:param pulumi.Input[int]
|
62
|
-
|
63
|
-
:param pulumi.Input[bool] token_no_default_policy: If set, the default policy will not be set on
|
64
|
-
generated tokens; otherwise it will be added to the policies set in token_policies.
|
65
|
-
:param pulumi.Input[int] token_num_uses: The [maximum number](https://www.vaultproject.io/api-docs/auth/approle#token_num_uses)
|
66
|
-
of times a generated token may be used (within its lifetime); 0 means unlimited.
|
67
|
-
:param pulumi.Input[int] token_period: If set, indicates that the
|
68
|
-
token generated using this role should never expire. The token should be renewed within the
|
69
|
-
duration specified by this value. At each renewal, the token's TTL will be set to the
|
70
|
-
value of this field. Specified in seconds.
|
71
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: List of policies to encode onto generated tokens. Depending
|
72
|
-
on the auth method, this list may be supplemented by user/group/other values.
|
73
|
-
:param pulumi.Input[int] token_ttl: The incremental lifetime for generated tokens in number of seconds.
|
74
|
-
Its current value will be referenced at renewal time.
|
75
|
-
:param pulumi.Input[str] token_type: The type of token that should be generated. Can be `service`,
|
76
|
-
`batch`, or `default` to use the mount's tuned default (which unless changed will be
|
77
|
-
`service` tokens). For token store roles, there are two additional possibilities:
|
78
|
-
`default-service` and `default-batch` which specify the type to return unless the client
|
79
|
-
requests a different type at generation time.
|
59
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
|
60
|
+
:param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
|
61
|
+
:param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
|
62
|
+
:param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
|
63
|
+
:param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
|
64
|
+
:param pulumi.Input[int] token_period: Generated Token's Period
|
65
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
|
66
|
+
:param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
|
67
|
+
:param pulumi.Input[str] token_type: The type of token to generate, service or batch
|
80
68
|
"""
|
81
69
|
pulumi.set(__self__, "role_name", role_name)
|
82
70
|
if backend is not None:
|
@@ -156,7 +144,7 @@ class AuthBackendRoleArgs:
|
|
156
144
|
"""
|
157
145
|
The namespace to provision the resource in.
|
158
146
|
The value should not contain leading or trailing forward slashes.
|
159
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
147
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
160
148
|
*Available only for Vault Enterprise*.
|
161
149
|
"""
|
162
150
|
return pulumi.get(self, "namespace")
|
@@ -222,9 +210,7 @@ class AuthBackendRoleArgs:
|
|
222
210
|
@pulumi.getter(name="tokenBoundCidrs")
|
223
211
|
def token_bound_cidrs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
224
212
|
"""
|
225
|
-
|
226
|
-
addresses which can authenticate successfully, and ties the resulting token to these blocks
|
227
|
-
as well.
|
213
|
+
Specifies the blocks of IP addresses which are allowed to use the generated token
|
228
214
|
"""
|
229
215
|
return pulumi.get(self, "token_bound_cidrs")
|
230
216
|
|
@@ -236,10 +222,7 @@ class AuthBackendRoleArgs:
|
|
236
222
|
@pulumi.getter(name="tokenExplicitMaxTtl")
|
237
223
|
def token_explicit_max_ttl(self) -> Optional[pulumi.Input[int]]:
|
238
224
|
"""
|
239
|
-
|
240
|
-
[explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
|
241
|
-
onto the token in number of seconds. This is a hard cap even if `token_ttl` and
|
242
|
-
`token_max_ttl` would otherwise allow a renewal.
|
225
|
+
Generated Token's Explicit Maximum TTL in seconds
|
243
226
|
"""
|
244
227
|
return pulumi.get(self, "token_explicit_max_ttl")
|
245
228
|
|
@@ -251,8 +234,7 @@ class AuthBackendRoleArgs:
|
|
251
234
|
@pulumi.getter(name="tokenMaxTtl")
|
252
235
|
def token_max_ttl(self) -> Optional[pulumi.Input[int]]:
|
253
236
|
"""
|
254
|
-
The maximum lifetime
|
255
|
-
Its current value will be referenced at renewal time.
|
237
|
+
The maximum lifetime of the generated token
|
256
238
|
"""
|
257
239
|
return pulumi.get(self, "token_max_ttl")
|
258
240
|
|
@@ -264,8 +246,7 @@ class AuthBackendRoleArgs:
|
|
264
246
|
@pulumi.getter(name="tokenNoDefaultPolicy")
|
265
247
|
def token_no_default_policy(self) -> Optional[pulumi.Input[bool]]:
|
266
248
|
"""
|
267
|
-
If
|
268
|
-
generated tokens; otherwise it will be added to the policies set in token_policies.
|
249
|
+
If true, the 'default' policy will not automatically be added to generated tokens
|
269
250
|
"""
|
270
251
|
return pulumi.get(self, "token_no_default_policy")
|
271
252
|
|
@@ -277,8 +258,7 @@ class AuthBackendRoleArgs:
|
|
277
258
|
@pulumi.getter(name="tokenNumUses")
|
278
259
|
def token_num_uses(self) -> Optional[pulumi.Input[int]]:
|
279
260
|
"""
|
280
|
-
The
|
281
|
-
of times a generated token may be used (within its lifetime); 0 means unlimited.
|
261
|
+
The maximum number of times a token may be used, a value of zero means unlimited
|
282
262
|
"""
|
283
263
|
return pulumi.get(self, "token_num_uses")
|
284
264
|
|
@@ -290,10 +270,7 @@ class AuthBackendRoleArgs:
|
|
290
270
|
@pulumi.getter(name="tokenPeriod")
|
291
271
|
def token_period(self) -> Optional[pulumi.Input[int]]:
|
292
272
|
"""
|
293
|
-
|
294
|
-
token generated using this role should never expire. The token should be renewed within the
|
295
|
-
duration specified by this value. At each renewal, the token's TTL will be set to the
|
296
|
-
value of this field. Specified in seconds.
|
273
|
+
Generated Token's Period
|
297
274
|
"""
|
298
275
|
return pulumi.get(self, "token_period")
|
299
276
|
|
@@ -305,8 +282,7 @@ class AuthBackendRoleArgs:
|
|
305
282
|
@pulumi.getter(name="tokenPolicies")
|
306
283
|
def token_policies(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
307
284
|
"""
|
308
|
-
|
309
|
-
on the auth method, this list may be supplemented by user/group/other values.
|
285
|
+
Generated Token's Policies
|
310
286
|
"""
|
311
287
|
return pulumi.get(self, "token_policies")
|
312
288
|
|
@@ -318,8 +294,7 @@ class AuthBackendRoleArgs:
|
|
318
294
|
@pulumi.getter(name="tokenTtl")
|
319
295
|
def token_ttl(self) -> Optional[pulumi.Input[int]]:
|
320
296
|
"""
|
321
|
-
The
|
322
|
-
Its current value will be referenced at renewal time.
|
297
|
+
The initial ttl of the token to generate in seconds
|
323
298
|
"""
|
324
299
|
return pulumi.get(self, "token_ttl")
|
325
300
|
|
@@ -331,11 +306,7 @@ class AuthBackendRoleArgs:
|
|
331
306
|
@pulumi.getter(name="tokenType")
|
332
307
|
def token_type(self) -> Optional[pulumi.Input[str]]:
|
333
308
|
"""
|
334
|
-
The type of token
|
335
|
-
`batch`, or `default` to use the mount's tuned default (which unless changed will be
|
336
|
-
`service` tokens). For token store roles, there are two additional possibilities:
|
337
|
-
`default-service` and `default-batch` which specify the type to return unless the client
|
338
|
-
requests a different type at generation time.
|
309
|
+
The type of token to generate, service or batch
|
339
310
|
"""
|
340
311
|
return pulumi.get(self, "token_type")
|
341
312
|
|
@@ -372,7 +343,7 @@ class _AuthBackendRoleState:
|
|
372
343
|
presented when logging in using this AppRole. Defaults to `true`.
|
373
344
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
374
345
|
The value should not contain leading or trailing forward slashes.
|
375
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
346
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
376
347
|
*Available only for Vault Enterprise*.
|
377
348
|
:param pulumi.Input[str] role_id: The RoleID of this role. If not specified, one will be
|
378
349
|
auto-generated.
|
@@ -384,32 +355,15 @@ class _AuthBackendRoleState:
|
|
384
355
|
expire. A value of zero will allow unlimited uses.
|
385
356
|
:param pulumi.Input[int] secret_id_ttl: The number of seconds after which any SecretID
|
386
357
|
expires.
|
387
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs:
|
388
|
-
|
389
|
-
|
390
|
-
:param pulumi.Input[
|
391
|
-
|
392
|
-
|
393
|
-
|
394
|
-
:param pulumi.Input[int]
|
395
|
-
|
396
|
-
:param pulumi.Input[bool] token_no_default_policy: If set, the default policy will not be set on
|
397
|
-
generated tokens; otherwise it will be added to the policies set in token_policies.
|
398
|
-
:param pulumi.Input[int] token_num_uses: The [maximum number](https://www.vaultproject.io/api-docs/auth/approle#token_num_uses)
|
399
|
-
of times a generated token may be used (within its lifetime); 0 means unlimited.
|
400
|
-
:param pulumi.Input[int] token_period: If set, indicates that the
|
401
|
-
token generated using this role should never expire. The token should be renewed within the
|
402
|
-
duration specified by this value. At each renewal, the token's TTL will be set to the
|
403
|
-
value of this field. Specified in seconds.
|
404
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: List of policies to encode onto generated tokens. Depending
|
405
|
-
on the auth method, this list may be supplemented by user/group/other values.
|
406
|
-
:param pulumi.Input[int] token_ttl: The incremental lifetime for generated tokens in number of seconds.
|
407
|
-
Its current value will be referenced at renewal time.
|
408
|
-
:param pulumi.Input[str] token_type: The type of token that should be generated. Can be `service`,
|
409
|
-
`batch`, or `default` to use the mount's tuned default (which unless changed will be
|
410
|
-
`service` tokens). For token store roles, there are two additional possibilities:
|
411
|
-
`default-service` and `default-batch` which specify the type to return unless the client
|
412
|
-
requests a different type at generation time.
|
358
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
|
359
|
+
:param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
|
360
|
+
:param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
|
361
|
+
:param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
|
362
|
+
:param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
|
363
|
+
:param pulumi.Input[int] token_period: Generated Token's Period
|
364
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
|
365
|
+
:param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
|
366
|
+
:param pulumi.Input[str] token_type: The type of token to generate, service or batch
|
413
367
|
"""
|
414
368
|
if backend is not None:
|
415
369
|
pulumi.set(__self__, "backend", backend)
|
@@ -478,7 +432,7 @@ class _AuthBackendRoleState:
|
|
478
432
|
"""
|
479
433
|
The namespace to provision the resource in.
|
480
434
|
The value should not contain leading or trailing forward slashes.
|
481
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
435
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
482
436
|
*Available only for Vault Enterprise*.
|
483
437
|
"""
|
484
438
|
return pulumi.get(self, "namespace")
|
@@ -556,9 +510,7 @@ class _AuthBackendRoleState:
|
|
556
510
|
@pulumi.getter(name="tokenBoundCidrs")
|
557
511
|
def token_bound_cidrs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
558
512
|
"""
|
559
|
-
|
560
|
-
addresses which can authenticate successfully, and ties the resulting token to these blocks
|
561
|
-
as well.
|
513
|
+
Specifies the blocks of IP addresses which are allowed to use the generated token
|
562
514
|
"""
|
563
515
|
return pulumi.get(self, "token_bound_cidrs")
|
564
516
|
|
@@ -570,10 +522,7 @@ class _AuthBackendRoleState:
|
|
570
522
|
@pulumi.getter(name="tokenExplicitMaxTtl")
|
571
523
|
def token_explicit_max_ttl(self) -> Optional[pulumi.Input[int]]:
|
572
524
|
"""
|
573
|
-
|
574
|
-
[explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
|
575
|
-
onto the token in number of seconds. This is a hard cap even if `token_ttl` and
|
576
|
-
`token_max_ttl` would otherwise allow a renewal.
|
525
|
+
Generated Token's Explicit Maximum TTL in seconds
|
577
526
|
"""
|
578
527
|
return pulumi.get(self, "token_explicit_max_ttl")
|
579
528
|
|
@@ -585,8 +534,7 @@ class _AuthBackendRoleState:
|
|
585
534
|
@pulumi.getter(name="tokenMaxTtl")
|
586
535
|
def token_max_ttl(self) -> Optional[pulumi.Input[int]]:
|
587
536
|
"""
|
588
|
-
The maximum lifetime
|
589
|
-
Its current value will be referenced at renewal time.
|
537
|
+
The maximum lifetime of the generated token
|
590
538
|
"""
|
591
539
|
return pulumi.get(self, "token_max_ttl")
|
592
540
|
|
@@ -598,8 +546,7 @@ class _AuthBackendRoleState:
|
|
598
546
|
@pulumi.getter(name="tokenNoDefaultPolicy")
|
599
547
|
def token_no_default_policy(self) -> Optional[pulumi.Input[bool]]:
|
600
548
|
"""
|
601
|
-
If
|
602
|
-
generated tokens; otherwise it will be added to the policies set in token_policies.
|
549
|
+
If true, the 'default' policy will not automatically be added to generated tokens
|
603
550
|
"""
|
604
551
|
return pulumi.get(self, "token_no_default_policy")
|
605
552
|
|
@@ -611,8 +558,7 @@ class _AuthBackendRoleState:
|
|
611
558
|
@pulumi.getter(name="tokenNumUses")
|
612
559
|
def token_num_uses(self) -> Optional[pulumi.Input[int]]:
|
613
560
|
"""
|
614
|
-
The
|
615
|
-
of times a generated token may be used (within its lifetime); 0 means unlimited.
|
561
|
+
The maximum number of times a token may be used, a value of zero means unlimited
|
616
562
|
"""
|
617
563
|
return pulumi.get(self, "token_num_uses")
|
618
564
|
|
@@ -624,10 +570,7 @@ class _AuthBackendRoleState:
|
|
624
570
|
@pulumi.getter(name="tokenPeriod")
|
625
571
|
def token_period(self) -> Optional[pulumi.Input[int]]:
|
626
572
|
"""
|
627
|
-
|
628
|
-
token generated using this role should never expire. The token should be renewed within the
|
629
|
-
duration specified by this value. At each renewal, the token's TTL will be set to the
|
630
|
-
value of this field. Specified in seconds.
|
573
|
+
Generated Token's Period
|
631
574
|
"""
|
632
575
|
return pulumi.get(self, "token_period")
|
633
576
|
|
@@ -639,8 +582,7 @@ class _AuthBackendRoleState:
|
|
639
582
|
@pulumi.getter(name="tokenPolicies")
|
640
583
|
def token_policies(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
641
584
|
"""
|
642
|
-
|
643
|
-
on the auth method, this list may be supplemented by user/group/other values.
|
585
|
+
Generated Token's Policies
|
644
586
|
"""
|
645
587
|
return pulumi.get(self, "token_policies")
|
646
588
|
|
@@ -652,8 +594,7 @@ class _AuthBackendRoleState:
|
|
652
594
|
@pulumi.getter(name="tokenTtl")
|
653
595
|
def token_ttl(self) -> Optional[pulumi.Input[int]]:
|
654
596
|
"""
|
655
|
-
The
|
656
|
-
Its current value will be referenced at renewal time.
|
597
|
+
The initial ttl of the token to generate in seconds
|
657
598
|
"""
|
658
599
|
return pulumi.get(self, "token_ttl")
|
659
600
|
|
@@ -665,11 +606,7 @@ class _AuthBackendRoleState:
|
|
665
606
|
@pulumi.getter(name="tokenType")
|
666
607
|
def token_type(self) -> Optional[pulumi.Input[str]]:
|
667
608
|
"""
|
668
|
-
The type of token
|
669
|
-
`batch`, or `default` to use the mount's tuned default (which unless changed will be
|
670
|
-
`service` tokens). For token store roles, there are two additional possibilities:
|
671
|
-
`default-service` and `default-batch` which specify the type to return unless the client
|
672
|
-
requests a different type at generation time.
|
609
|
+
The type of token to generate, service or batch
|
673
610
|
"""
|
674
611
|
return pulumi.get(self, "token_type")
|
675
612
|
|
@@ -708,7 +645,6 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
708
645
|
|
709
646
|
## Example Usage
|
710
647
|
|
711
|
-
<!--Start PulumiCodeChooser -->
|
712
648
|
```python
|
713
649
|
import pulumi
|
714
650
|
import pulumi_vault as vault
|
@@ -723,7 +659,6 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
723
659
|
"prod",
|
724
660
|
])
|
725
661
|
```
|
726
|
-
<!--End PulumiCodeChooser -->
|
727
662
|
|
728
663
|
## Import
|
729
664
|
|
@@ -741,7 +676,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
741
676
|
presented when logging in using this AppRole. Defaults to `true`.
|
742
677
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
743
678
|
The value should not contain leading or trailing forward slashes.
|
744
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
679
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
745
680
|
*Available only for Vault Enterprise*.
|
746
681
|
:param pulumi.Input[str] role_id: The RoleID of this role. If not specified, one will be
|
747
682
|
auto-generated.
|
@@ -753,32 +688,15 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
753
688
|
expire. A value of zero will allow unlimited uses.
|
754
689
|
:param pulumi.Input[int] secret_id_ttl: The number of seconds after which any SecretID
|
755
690
|
expires.
|
756
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs:
|
757
|
-
|
758
|
-
|
759
|
-
:param pulumi.Input[
|
760
|
-
|
761
|
-
|
762
|
-
|
763
|
-
:param pulumi.Input[int]
|
764
|
-
|
765
|
-
:param pulumi.Input[bool] token_no_default_policy: If set, the default policy will not be set on
|
766
|
-
generated tokens; otherwise it will be added to the policies set in token_policies.
|
767
|
-
:param pulumi.Input[int] token_num_uses: The [maximum number](https://www.vaultproject.io/api-docs/auth/approle#token_num_uses)
|
768
|
-
of times a generated token may be used (within its lifetime); 0 means unlimited.
|
769
|
-
:param pulumi.Input[int] token_period: If set, indicates that the
|
770
|
-
token generated using this role should never expire. The token should be renewed within the
|
771
|
-
duration specified by this value. At each renewal, the token's TTL will be set to the
|
772
|
-
value of this field. Specified in seconds.
|
773
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: List of policies to encode onto generated tokens. Depending
|
774
|
-
on the auth method, this list may be supplemented by user/group/other values.
|
775
|
-
:param pulumi.Input[int] token_ttl: The incremental lifetime for generated tokens in number of seconds.
|
776
|
-
Its current value will be referenced at renewal time.
|
777
|
-
:param pulumi.Input[str] token_type: The type of token that should be generated. Can be `service`,
|
778
|
-
`batch`, or `default` to use the mount's tuned default (which unless changed will be
|
779
|
-
`service` tokens). For token store roles, there are two additional possibilities:
|
780
|
-
`default-service` and `default-batch` which specify the type to return unless the client
|
781
|
-
requests a different type at generation time.
|
691
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
|
692
|
+
:param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
|
693
|
+
:param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
|
694
|
+
:param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
|
695
|
+
:param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
|
696
|
+
:param pulumi.Input[int] token_period: Generated Token's Period
|
697
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
|
698
|
+
:param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
|
699
|
+
:param pulumi.Input[str] token_type: The type of token to generate, service or batch
|
782
700
|
"""
|
783
701
|
...
|
784
702
|
@overload
|
@@ -793,7 +711,6 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
793
711
|
|
794
712
|
## Example Usage
|
795
713
|
|
796
|
-
<!--Start PulumiCodeChooser -->
|
797
714
|
```python
|
798
715
|
import pulumi
|
799
716
|
import pulumi_vault as vault
|
@@ -808,7 +725,6 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
808
725
|
"prod",
|
809
726
|
])
|
810
727
|
```
|
811
|
-
<!--End PulumiCodeChooser -->
|
812
728
|
|
813
729
|
## Import
|
814
730
|
|
@@ -918,7 +834,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
918
834
|
presented when logging in using this AppRole. Defaults to `true`.
|
919
835
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
920
836
|
The value should not contain leading or trailing forward slashes.
|
921
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
837
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
922
838
|
*Available only for Vault Enterprise*.
|
923
839
|
:param pulumi.Input[str] role_id: The RoleID of this role. If not specified, one will be
|
924
840
|
auto-generated.
|
@@ -930,32 +846,15 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
930
846
|
expire. A value of zero will allow unlimited uses.
|
931
847
|
:param pulumi.Input[int] secret_id_ttl: The number of seconds after which any SecretID
|
932
848
|
expires.
|
933
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs:
|
934
|
-
|
935
|
-
|
936
|
-
:param pulumi.Input[
|
937
|
-
|
938
|
-
|
939
|
-
|
940
|
-
:param pulumi.Input[int]
|
941
|
-
|
942
|
-
:param pulumi.Input[bool] token_no_default_policy: If set, the default policy will not be set on
|
943
|
-
generated tokens; otherwise it will be added to the policies set in token_policies.
|
944
|
-
:param pulumi.Input[int] token_num_uses: The [maximum number](https://www.vaultproject.io/api-docs/auth/approle#token_num_uses)
|
945
|
-
of times a generated token may be used (within its lifetime); 0 means unlimited.
|
946
|
-
:param pulumi.Input[int] token_period: If set, indicates that the
|
947
|
-
token generated using this role should never expire. The token should be renewed within the
|
948
|
-
duration specified by this value. At each renewal, the token's TTL will be set to the
|
949
|
-
value of this field. Specified in seconds.
|
950
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: List of policies to encode onto generated tokens. Depending
|
951
|
-
on the auth method, this list may be supplemented by user/group/other values.
|
952
|
-
:param pulumi.Input[int] token_ttl: The incremental lifetime for generated tokens in number of seconds.
|
953
|
-
Its current value will be referenced at renewal time.
|
954
|
-
:param pulumi.Input[str] token_type: The type of token that should be generated. Can be `service`,
|
955
|
-
`batch`, or `default` to use the mount's tuned default (which unless changed will be
|
956
|
-
`service` tokens). For token store roles, there are two additional possibilities:
|
957
|
-
`default-service` and `default-batch` which specify the type to return unless the client
|
958
|
-
requests a different type at generation time.
|
849
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
|
850
|
+
:param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
|
851
|
+
:param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
|
852
|
+
:param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
|
853
|
+
:param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
|
854
|
+
:param pulumi.Input[int] token_period: Generated Token's Period
|
855
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
|
856
|
+
:param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
|
857
|
+
:param pulumi.Input[str] token_type: The type of token to generate, service or batch
|
959
858
|
"""
|
960
859
|
opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
|
961
860
|
|
@@ -1004,7 +903,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1004
903
|
"""
|
1005
904
|
The namespace to provision the resource in.
|
1006
905
|
The value should not contain leading or trailing forward slashes.
|
1007
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
906
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
1008
907
|
*Available only for Vault Enterprise*.
|
1009
908
|
"""
|
1010
909
|
return pulumi.get(self, "namespace")
|
@@ -1058,9 +957,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1058
957
|
@pulumi.getter(name="tokenBoundCidrs")
|
1059
958
|
def token_bound_cidrs(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
1060
959
|
"""
|
1061
|
-
|
1062
|
-
addresses which can authenticate successfully, and ties the resulting token to these blocks
|
1063
|
-
as well.
|
960
|
+
Specifies the blocks of IP addresses which are allowed to use the generated token
|
1064
961
|
"""
|
1065
962
|
return pulumi.get(self, "token_bound_cidrs")
|
1066
963
|
|
@@ -1068,10 +965,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1068
965
|
@pulumi.getter(name="tokenExplicitMaxTtl")
|
1069
966
|
def token_explicit_max_ttl(self) -> pulumi.Output[Optional[int]]:
|
1070
967
|
"""
|
1071
|
-
|
1072
|
-
[explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
|
1073
|
-
onto the token in number of seconds. This is a hard cap even if `token_ttl` and
|
1074
|
-
`token_max_ttl` would otherwise allow a renewal.
|
968
|
+
Generated Token's Explicit Maximum TTL in seconds
|
1075
969
|
"""
|
1076
970
|
return pulumi.get(self, "token_explicit_max_ttl")
|
1077
971
|
|
@@ -1079,8 +973,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1079
973
|
@pulumi.getter(name="tokenMaxTtl")
|
1080
974
|
def token_max_ttl(self) -> pulumi.Output[Optional[int]]:
|
1081
975
|
"""
|
1082
|
-
The maximum lifetime
|
1083
|
-
Its current value will be referenced at renewal time.
|
976
|
+
The maximum lifetime of the generated token
|
1084
977
|
"""
|
1085
978
|
return pulumi.get(self, "token_max_ttl")
|
1086
979
|
|
@@ -1088,8 +981,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1088
981
|
@pulumi.getter(name="tokenNoDefaultPolicy")
|
1089
982
|
def token_no_default_policy(self) -> pulumi.Output[Optional[bool]]:
|
1090
983
|
"""
|
1091
|
-
If
|
1092
|
-
generated tokens; otherwise it will be added to the policies set in token_policies.
|
984
|
+
If true, the 'default' policy will not automatically be added to generated tokens
|
1093
985
|
"""
|
1094
986
|
return pulumi.get(self, "token_no_default_policy")
|
1095
987
|
|
@@ -1097,8 +989,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1097
989
|
@pulumi.getter(name="tokenNumUses")
|
1098
990
|
def token_num_uses(self) -> pulumi.Output[Optional[int]]:
|
1099
991
|
"""
|
1100
|
-
The
|
1101
|
-
of times a generated token may be used (within its lifetime); 0 means unlimited.
|
992
|
+
The maximum number of times a token may be used, a value of zero means unlimited
|
1102
993
|
"""
|
1103
994
|
return pulumi.get(self, "token_num_uses")
|
1104
995
|
|
@@ -1106,10 +997,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1106
997
|
@pulumi.getter(name="tokenPeriod")
|
1107
998
|
def token_period(self) -> pulumi.Output[Optional[int]]:
|
1108
999
|
"""
|
1109
|
-
|
1110
|
-
token generated using this role should never expire. The token should be renewed within the
|
1111
|
-
duration specified by this value. At each renewal, the token's TTL will be set to the
|
1112
|
-
value of this field. Specified in seconds.
|
1000
|
+
Generated Token's Period
|
1113
1001
|
"""
|
1114
1002
|
return pulumi.get(self, "token_period")
|
1115
1003
|
|
@@ -1117,8 +1005,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1117
1005
|
@pulumi.getter(name="tokenPolicies")
|
1118
1006
|
def token_policies(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
1119
1007
|
"""
|
1120
|
-
|
1121
|
-
on the auth method, this list may be supplemented by user/group/other values.
|
1008
|
+
Generated Token's Policies
|
1122
1009
|
"""
|
1123
1010
|
return pulumi.get(self, "token_policies")
|
1124
1011
|
|
@@ -1126,8 +1013,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1126
1013
|
@pulumi.getter(name="tokenTtl")
|
1127
1014
|
def token_ttl(self) -> pulumi.Output[Optional[int]]:
|
1128
1015
|
"""
|
1129
|
-
The
|
1130
|
-
Its current value will be referenced at renewal time.
|
1016
|
+
The initial ttl of the token to generate in seconds
|
1131
1017
|
"""
|
1132
1018
|
return pulumi.get(self, "token_ttl")
|
1133
1019
|
|
@@ -1135,11 +1021,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1135
1021
|
@pulumi.getter(name="tokenType")
|
1136
1022
|
def token_type(self) -> pulumi.Output[Optional[str]]:
|
1137
1023
|
"""
|
1138
|
-
The type of token
|
1139
|
-
`batch`, or `default` to use the mount's tuned default (which unless changed will be
|
1140
|
-
`service` tokens). For token store roles, there are two additional possibilities:
|
1141
|
-
`default-service` and `default-batch` which specify the type to return unless the client
|
1142
|
-
requests a different type at generation time.
|
1024
|
+
The type of token to generate, service or batch
|
1143
1025
|
"""
|
1144
1026
|
return pulumi.get(self, "token_type")
|
1145
1027
|
|