pulumi-vault 5.21.0a1710160723__py3-none-any.whl → 6.5.0a1736836139__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +52 -0
- pulumi_vault/_inputs.py +560 -0
- pulumi_vault/_utilities.py +41 -5
- pulumi_vault/ad/get_access_credentials.py +22 -7
- pulumi_vault/ad/secret_backend.py +14 -144
- pulumi_vault/ad/secret_library.py +14 -11
- pulumi_vault/ad/secret_role.py +12 -11
- pulumi_vault/alicloud/auth_backend_role.py +74 -192
- pulumi_vault/approle/auth_backend_login.py +12 -11
- pulumi_vault/approle/auth_backend_role.py +75 -193
- pulumi_vault/approle/auth_backend_role_secret_id.py +106 -11
- pulumi_vault/approle/get_auth_backend_role_id.py +18 -9
- pulumi_vault/audit.py +24 -27
- pulumi_vault/audit_request_header.py +11 -6
- pulumi_vault/auth_backend.py +64 -12
- pulumi_vault/aws/auth_backend_cert.py +12 -7
- pulumi_vault/aws/auth_backend_client.py +265 -24
- pulumi_vault/aws/auth_backend_config_identity.py +12 -11
- pulumi_vault/aws/auth_backend_identity_whitelist.py +18 -17
- pulumi_vault/aws/auth_backend_login.py +19 -22
- pulumi_vault/aws/auth_backend_role.py +75 -193
- pulumi_vault/aws/auth_backend_role_tag.py +12 -7
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -17
- pulumi_vault/aws/auth_backend_sts_role.py +12 -11
- pulumi_vault/aws/get_access_credentials.py +34 -7
- pulumi_vault/aws/get_static_access_credentials.py +19 -5
- pulumi_vault/aws/secret_backend.py +75 -7
- pulumi_vault/aws/secret_backend_role.py +183 -11
- pulumi_vault/aws/secret_backend_static_role.py +14 -11
- pulumi_vault/azure/_inputs.py +24 -0
- pulumi_vault/azure/auth_backend_config.py +151 -17
- pulumi_vault/azure/auth_backend_role.py +75 -193
- pulumi_vault/azure/backend.py +223 -29
- pulumi_vault/azure/backend_role.py +42 -41
- pulumi_vault/azure/get_access_credentials.py +39 -11
- pulumi_vault/azure/outputs.py +5 -0
- pulumi_vault/cert_auth_backend_role.py +87 -271
- pulumi_vault/config/__init__.pyi +5 -0
- pulumi_vault/config/_inputs.py +73 -0
- pulumi_vault/config/outputs.py +35 -0
- pulumi_vault/config/ui_custom_message.py +529 -0
- pulumi_vault/config/vars.py +5 -0
- pulumi_vault/consul/secret_backend.py +22 -25
- pulumi_vault/consul/secret_backend_role.py +14 -80
- pulumi_vault/database/_inputs.py +2770 -881
- pulumi_vault/database/outputs.py +721 -838
- pulumi_vault/database/secret_backend_connection.py +117 -114
- pulumi_vault/database/secret_backend_role.py +29 -24
- pulumi_vault/database/secret_backend_static_role.py +85 -15
- pulumi_vault/database/secrets_mount.py +425 -138
- pulumi_vault/egp_policy.py +16 -15
- pulumi_vault/gcp/_inputs.py +111 -0
- pulumi_vault/gcp/auth_backend.py +248 -35
- pulumi_vault/gcp/auth_backend_role.py +75 -271
- pulumi_vault/gcp/get_auth_backend_role.py +43 -9
- pulumi_vault/gcp/outputs.py +5 -0
- pulumi_vault/gcp/secret_backend.py +287 -16
- pulumi_vault/gcp/secret_impersonated_account.py +74 -17
- pulumi_vault/gcp/secret_roleset.py +29 -26
- pulumi_vault/gcp/secret_static_account.py +37 -34
- pulumi_vault/generic/endpoint.py +22 -21
- pulumi_vault/generic/get_secret.py +68 -12
- pulumi_vault/generic/secret.py +19 -14
- pulumi_vault/get_auth_backend.py +24 -11
- pulumi_vault/get_auth_backends.py +33 -11
- pulumi_vault/get_namespace.py +226 -0
- pulumi_vault/get_namespaces.py +153 -0
- pulumi_vault/get_nomad_access_token.py +31 -15
- pulumi_vault/get_policy_document.py +34 -23
- pulumi_vault/get_raft_autopilot_state.py +29 -14
- pulumi_vault/github/_inputs.py +55 -0
- pulumi_vault/github/auth_backend.py +17 -16
- pulumi_vault/github/outputs.py +5 -0
- pulumi_vault/github/team.py +14 -13
- pulumi_vault/github/user.py +14 -13
- pulumi_vault/identity/entity.py +18 -15
- pulumi_vault/identity/entity_alias.py +18 -15
- pulumi_vault/identity/entity_policies.py +24 -19
- pulumi_vault/identity/get_entity.py +40 -14
- pulumi_vault/identity/get_group.py +45 -13
- pulumi_vault/identity/get_oidc_client_creds.py +21 -11
- pulumi_vault/identity/get_oidc_openid_config.py +39 -13
- pulumi_vault/identity/get_oidc_public_keys.py +29 -14
- pulumi_vault/identity/group.py +50 -49
- pulumi_vault/identity/group_alias.py +14 -11
- pulumi_vault/identity/group_member_entity_ids.py +24 -74
- pulumi_vault/identity/group_member_group_ids.py +36 -27
- pulumi_vault/identity/group_policies.py +16 -15
- pulumi_vault/identity/mfa_duo.py +9 -8
- pulumi_vault/identity/mfa_login_enforcement.py +13 -8
- pulumi_vault/identity/mfa_okta.py +9 -8
- pulumi_vault/identity/mfa_pingid.py +5 -4
- pulumi_vault/identity/mfa_totp.py +5 -4
- pulumi_vault/identity/oidc.py +12 -11
- pulumi_vault/identity/oidc_assignment.py +22 -13
- pulumi_vault/identity/oidc_client.py +34 -25
- pulumi_vault/identity/oidc_key.py +28 -19
- pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -19
- pulumi_vault/identity/oidc_provider.py +34 -23
- pulumi_vault/identity/oidc_role.py +40 -27
- pulumi_vault/identity/oidc_scope.py +18 -15
- pulumi_vault/identity/outputs.py +8 -3
- pulumi_vault/jwt/_inputs.py +55 -0
- pulumi_vault/jwt/auth_backend.py +39 -46
- pulumi_vault/jwt/auth_backend_role.py +131 -260
- pulumi_vault/jwt/outputs.py +5 -0
- pulumi_vault/kmip/secret_backend.py +22 -21
- pulumi_vault/kmip/secret_role.py +12 -11
- pulumi_vault/kmip/secret_scope.py +12 -11
- pulumi_vault/kubernetes/auth_backend_config.py +55 -7
- pulumi_vault/kubernetes/auth_backend_role.py +68 -179
- pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
- pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
- pulumi_vault/kubernetes/get_service_account_token.py +39 -15
- pulumi_vault/kubernetes/secret_backend.py +314 -29
- pulumi_vault/kubernetes/secret_backend_role.py +135 -56
- pulumi_vault/kv/_inputs.py +36 -4
- pulumi_vault/kv/get_secret.py +23 -12
- pulumi_vault/kv/get_secret_subkeys_v2.py +31 -14
- pulumi_vault/kv/get_secret_v2.py +89 -9
- pulumi_vault/kv/get_secrets_list.py +22 -15
- pulumi_vault/kv/get_secrets_list_v2.py +35 -19
- pulumi_vault/kv/outputs.py +8 -3
- pulumi_vault/kv/secret.py +19 -18
- pulumi_vault/kv/secret_backend_v2.py +12 -11
- pulumi_vault/kv/secret_v2.py +55 -52
- pulumi_vault/ldap/auth_backend.py +125 -168
- pulumi_vault/ldap/auth_backend_group.py +12 -11
- pulumi_vault/ldap/auth_backend_user.py +12 -11
- pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
- pulumi_vault/ldap/get_static_credentials.py +24 -5
- pulumi_vault/ldap/secret_backend.py +352 -84
- pulumi_vault/ldap/secret_backend_dynamic_role.py +12 -11
- pulumi_vault/ldap/secret_backend_library_set.py +14 -11
- pulumi_vault/ldap/secret_backend_static_role.py +67 -12
- pulumi_vault/managed/_inputs.py +289 -132
- pulumi_vault/managed/keys.py +27 -43
- pulumi_vault/managed/outputs.py +89 -132
- pulumi_vault/mfa_duo.py +16 -13
- pulumi_vault/mfa_okta.py +16 -13
- pulumi_vault/mfa_pingid.py +16 -13
- pulumi_vault/mfa_totp.py +22 -19
- pulumi_vault/mongodbatlas/secret_backend.py +18 -17
- pulumi_vault/mongodbatlas/secret_role.py +41 -38
- pulumi_vault/mount.py +389 -65
- pulumi_vault/namespace.py +26 -21
- pulumi_vault/nomad_secret_backend.py +16 -15
- pulumi_vault/nomad_secret_role.py +12 -11
- pulumi_vault/okta/_inputs.py +47 -8
- pulumi_vault/okta/auth_backend.py +483 -41
- pulumi_vault/okta/auth_backend_group.py +12 -11
- pulumi_vault/okta/auth_backend_user.py +12 -11
- pulumi_vault/okta/outputs.py +13 -8
- pulumi_vault/outputs.py +5 -0
- pulumi_vault/password_policy.py +18 -15
- pulumi_vault/pkisecret/__init__.py +3 -0
- pulumi_vault/pkisecret/_inputs.py +81 -0
- pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
- pulumi_vault/pkisecret/backend_config_est.py +619 -0
- pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
- pulumi_vault/pkisecret/get_backend_issuer.py +63 -7
- pulumi_vault/pkisecret/get_backend_issuers.py +21 -12
- pulumi_vault/pkisecret/get_backend_key.py +24 -13
- pulumi_vault/pkisecret/get_backend_keys.py +21 -12
- pulumi_vault/pkisecret/outputs.py +69 -0
- pulumi_vault/pkisecret/secret_backend_cert.py +18 -15
- pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -15
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +12 -11
- pulumi_vault/pkisecret/secret_backend_config_urls.py +59 -11
- pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -13
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -15
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -21
- pulumi_vault/pkisecret/secret_backend_issuer.py +12 -11
- pulumi_vault/pkisecret/secret_backend_key.py +12 -7
- pulumi_vault/pkisecret/secret_backend_role.py +19 -16
- pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -52
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -62
- pulumi_vault/pkisecret/secret_backend_sign.py +18 -60
- pulumi_vault/plugin.py +595 -0
- pulumi_vault/plugin_pinned_version.py +298 -0
- pulumi_vault/policy.py +12 -7
- pulumi_vault/provider.py +48 -53
- pulumi_vault/pulumi-plugin.json +2 -1
- pulumi_vault/quota_lease_count.py +58 -8
- pulumi_vault/quota_rate_limit.py +54 -4
- pulumi_vault/rabbitmq/_inputs.py +61 -0
- pulumi_vault/rabbitmq/outputs.py +5 -0
- pulumi_vault/rabbitmq/secret_backend.py +16 -15
- pulumi_vault/rabbitmq/secret_backend_role.py +52 -49
- pulumi_vault/raft_autopilot.py +12 -11
- pulumi_vault/raft_snapshot_agent_config.py +121 -311
- pulumi_vault/rgp_policy.py +14 -13
- pulumi_vault/saml/auth_backend.py +20 -19
- pulumi_vault/saml/auth_backend_role.py +90 -199
- pulumi_vault/secrets/__init__.py +3 -0
- pulumi_vault/secrets/_inputs.py +110 -0
- pulumi_vault/secrets/outputs.py +94 -0
- pulumi_vault/secrets/sync_association.py +56 -75
- pulumi_vault/secrets/sync_aws_destination.py +240 -29
- pulumi_vault/secrets/sync_azure_destination.py +90 -33
- pulumi_vault/secrets/sync_config.py +7 -6
- pulumi_vault/secrets/sync_gcp_destination.py +156 -27
- pulumi_vault/secrets/sync_gh_destination.py +187 -15
- pulumi_vault/secrets/sync_github_apps.py +375 -0
- pulumi_vault/secrets/sync_vercel_destination.py +72 -15
- pulumi_vault/ssh/_inputs.py +28 -32
- pulumi_vault/ssh/outputs.py +11 -32
- pulumi_vault/ssh/secret_backend_ca.py +106 -11
- pulumi_vault/ssh/secret_backend_role.py +83 -120
- pulumi_vault/terraformcloud/secret_backend.py +5 -56
- pulumi_vault/terraformcloud/secret_creds.py +14 -24
- pulumi_vault/terraformcloud/secret_role.py +14 -76
- pulumi_vault/token.py +26 -25
- pulumi_vault/tokenauth/auth_backend_role.py +76 -201
- pulumi_vault/transform/alphabet.py +16 -13
- pulumi_vault/transform/get_decode.py +45 -21
- pulumi_vault/transform/get_encode.py +45 -21
- pulumi_vault/transform/role.py +16 -13
- pulumi_vault/transform/template.py +30 -25
- pulumi_vault/transform/transformation.py +12 -7
- pulumi_vault/transit/get_decrypt.py +26 -25
- pulumi_vault/transit/get_encrypt.py +24 -19
- pulumi_vault/transit/secret_backend_key.py +25 -97
- pulumi_vault/transit/secret_cache_config.py +12 -11
- {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/METADATA +8 -7
- pulumi_vault-6.5.0a1736836139.dist-info/RECORD +256 -0
- {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/WHEEL +1 -1
- pulumi_vault-5.21.0a1710160723.dist-info/RECORD +0 -244
- {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/top_level.txt +0 -0
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
|
12
17
|
__all__ = ['AuthBackendRoleArgs', 'AuthBackendRole']
|
@@ -15,7 +20,7 @@ __all__ = ['AuthBackendRoleArgs', 'AuthBackendRole']
|
|
15
20
|
class AuthBackendRoleArgs:
|
16
21
|
def __init__(__self__, *,
|
17
22
|
path: pulumi.Input[str],
|
18
|
-
bound_attributes: Optional[pulumi.Input[Mapping[str,
|
23
|
+
bound_attributes: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
19
24
|
bound_attributes_type: Optional[pulumi.Input[str]] = None,
|
20
25
|
bound_subjects: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
21
26
|
bound_subjects_type: Optional[pulumi.Input[str]] = None,
|
@@ -34,7 +39,7 @@ class AuthBackendRoleArgs:
|
|
34
39
|
"""
|
35
40
|
The set of arguments for constructing a AuthBackendRole resource.
|
36
41
|
:param pulumi.Input[str] path: Path where the auth backend is mounted.
|
37
|
-
:param pulumi.Input[Mapping[str,
|
42
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] bound_attributes: Mapping of attribute names to values that are expected to
|
38
43
|
exist in the SAML assertion.
|
39
44
|
:param pulumi.Input[str] bound_attributes_type: The type of matching assertion to perform on
|
40
45
|
`bound_attributes_type`.
|
@@ -45,33 +50,17 @@ class AuthBackendRoleArgs:
|
|
45
50
|
:param pulumi.Input[str] name: Unique name of the role.
|
46
51
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
47
52
|
The value should not contain leading or trailing forward slashes.
|
48
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
53
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
49
54
|
*Available only for Vault Enterprise*.
|
50
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs:
|
51
|
-
|
52
|
-
|
53
|
-
:param pulumi.Input[
|
54
|
-
[explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
|
55
|
-
onto the token in number of seconds. This is a hard cap even if `token_ttl` and
|
56
|
-
`token_max_ttl` would otherwise allow a renewal.
|
57
|
-
:param pulumi.Input[int] token_max_ttl: The maximum lifetime for generated tokens in number of seconds.
|
58
|
-
Its current value will be referenced at renewal time.
|
59
|
-
:param pulumi.Input[bool] token_no_default_policy: If set, the default policy will not be set on
|
60
|
-
generated tokens; otherwise it will be added to the policies set in token_policies.
|
55
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
|
56
|
+
:param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
|
57
|
+
:param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
|
58
|
+
:param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
|
61
59
|
:param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
|
62
|
-
:param pulumi.Input[int] token_period:
|
63
|
-
|
64
|
-
|
65
|
-
|
66
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: List of policies to encode onto generated tokens. Depending
|
67
|
-
on the auth method, this list may be supplemented by user/group/other values.
|
68
|
-
:param pulumi.Input[int] token_ttl: The incremental lifetime for generated tokens in number of seconds.
|
69
|
-
Its current value will be referenced at renewal time.
|
70
|
-
:param pulumi.Input[str] token_type: The type of token that should be generated. Can be `service`,
|
71
|
-
`batch`, or `default` to use the mount's tuned default (which unless changed will be
|
72
|
-
`service` tokens). For token store roles, there are two additional possibilities:
|
73
|
-
`default-service` and `default-batch` which specify the type to return unless the client
|
74
|
-
requests a different type at generation time.
|
60
|
+
:param pulumi.Input[int] token_period: Generated Token's Period
|
61
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
|
62
|
+
:param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
|
63
|
+
:param pulumi.Input[str] token_type: The type of token to generate, service or batch
|
75
64
|
"""
|
76
65
|
pulumi.set(__self__, "path", path)
|
77
66
|
if bound_attributes is not None:
|
@@ -121,7 +110,7 @@ class AuthBackendRoleArgs:
|
|
121
110
|
|
122
111
|
@property
|
123
112
|
@pulumi.getter(name="boundAttributes")
|
124
|
-
def bound_attributes(self) -> Optional[pulumi.Input[Mapping[str,
|
113
|
+
def bound_attributes(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
|
125
114
|
"""
|
126
115
|
Mapping of attribute names to values that are expected to
|
127
116
|
exist in the SAML assertion.
|
@@ -129,7 +118,7 @@ class AuthBackendRoleArgs:
|
|
129
118
|
return pulumi.get(self, "bound_attributes")
|
130
119
|
|
131
120
|
@bound_attributes.setter
|
132
|
-
def bound_attributes(self, value: Optional[pulumi.Input[Mapping[str,
|
121
|
+
def bound_attributes(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
|
133
122
|
pulumi.set(self, "bound_attributes", value)
|
134
123
|
|
135
124
|
@property
|
@@ -200,7 +189,7 @@ class AuthBackendRoleArgs:
|
|
200
189
|
"""
|
201
190
|
The namespace to provision the resource in.
|
202
191
|
The value should not contain leading or trailing forward slashes.
|
203
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
192
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
204
193
|
*Available only for Vault Enterprise*.
|
205
194
|
"""
|
206
195
|
return pulumi.get(self, "namespace")
|
@@ -213,9 +202,7 @@ class AuthBackendRoleArgs:
|
|
213
202
|
@pulumi.getter(name="tokenBoundCidrs")
|
214
203
|
def token_bound_cidrs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
215
204
|
"""
|
216
|
-
|
217
|
-
addresses which can authenticate successfully, and ties the resulting token to these blocks
|
218
|
-
as well.
|
205
|
+
Specifies the blocks of IP addresses which are allowed to use the generated token
|
219
206
|
"""
|
220
207
|
return pulumi.get(self, "token_bound_cidrs")
|
221
208
|
|
@@ -227,10 +214,7 @@ class AuthBackendRoleArgs:
|
|
227
214
|
@pulumi.getter(name="tokenExplicitMaxTtl")
|
228
215
|
def token_explicit_max_ttl(self) -> Optional[pulumi.Input[int]]:
|
229
216
|
"""
|
230
|
-
|
231
|
-
[explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
|
232
|
-
onto the token in number of seconds. This is a hard cap even if `token_ttl` and
|
233
|
-
`token_max_ttl` would otherwise allow a renewal.
|
217
|
+
Generated Token's Explicit Maximum TTL in seconds
|
234
218
|
"""
|
235
219
|
return pulumi.get(self, "token_explicit_max_ttl")
|
236
220
|
|
@@ -242,8 +226,7 @@ class AuthBackendRoleArgs:
|
|
242
226
|
@pulumi.getter(name="tokenMaxTtl")
|
243
227
|
def token_max_ttl(self) -> Optional[pulumi.Input[int]]:
|
244
228
|
"""
|
245
|
-
The maximum lifetime
|
246
|
-
Its current value will be referenced at renewal time.
|
229
|
+
The maximum lifetime of the generated token
|
247
230
|
"""
|
248
231
|
return pulumi.get(self, "token_max_ttl")
|
249
232
|
|
@@ -255,8 +238,7 @@ class AuthBackendRoleArgs:
|
|
255
238
|
@pulumi.getter(name="tokenNoDefaultPolicy")
|
256
239
|
def token_no_default_policy(self) -> Optional[pulumi.Input[bool]]:
|
257
240
|
"""
|
258
|
-
If
|
259
|
-
generated tokens; otherwise it will be added to the policies set in token_policies.
|
241
|
+
If true, the 'default' policy will not automatically be added to generated tokens
|
260
242
|
"""
|
261
243
|
return pulumi.get(self, "token_no_default_policy")
|
262
244
|
|
@@ -280,10 +262,7 @@ class AuthBackendRoleArgs:
|
|
280
262
|
@pulumi.getter(name="tokenPeriod")
|
281
263
|
def token_period(self) -> Optional[pulumi.Input[int]]:
|
282
264
|
"""
|
283
|
-
|
284
|
-
token generated using this role should never expire. The token should be renewed within the
|
285
|
-
duration specified by this value. At each renewal, the token's TTL will be set to the
|
286
|
-
value of this field. Specified in seconds.
|
265
|
+
Generated Token's Period
|
287
266
|
"""
|
288
267
|
return pulumi.get(self, "token_period")
|
289
268
|
|
@@ -295,8 +274,7 @@ class AuthBackendRoleArgs:
|
|
295
274
|
@pulumi.getter(name="tokenPolicies")
|
296
275
|
def token_policies(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
297
276
|
"""
|
298
|
-
|
299
|
-
on the auth method, this list may be supplemented by user/group/other values.
|
277
|
+
Generated Token's Policies
|
300
278
|
"""
|
301
279
|
return pulumi.get(self, "token_policies")
|
302
280
|
|
@@ -308,8 +286,7 @@ class AuthBackendRoleArgs:
|
|
308
286
|
@pulumi.getter(name="tokenTtl")
|
309
287
|
def token_ttl(self) -> Optional[pulumi.Input[int]]:
|
310
288
|
"""
|
311
|
-
The
|
312
|
-
Its current value will be referenced at renewal time.
|
289
|
+
The initial ttl of the token to generate in seconds
|
313
290
|
"""
|
314
291
|
return pulumi.get(self, "token_ttl")
|
315
292
|
|
@@ -321,11 +298,7 @@ class AuthBackendRoleArgs:
|
|
321
298
|
@pulumi.getter(name="tokenType")
|
322
299
|
def token_type(self) -> Optional[pulumi.Input[str]]:
|
323
300
|
"""
|
324
|
-
The type of token
|
325
|
-
`batch`, or `default` to use the mount's tuned default (which unless changed will be
|
326
|
-
`service` tokens). For token store roles, there are two additional possibilities:
|
327
|
-
`default-service` and `default-batch` which specify the type to return unless the client
|
328
|
-
requests a different type at generation time.
|
301
|
+
The type of token to generate, service or batch
|
329
302
|
"""
|
330
303
|
return pulumi.get(self, "token_type")
|
331
304
|
|
@@ -337,7 +310,7 @@ class AuthBackendRoleArgs:
|
|
337
310
|
@pulumi.input_type
|
338
311
|
class _AuthBackendRoleState:
|
339
312
|
def __init__(__self__, *,
|
340
|
-
bound_attributes: Optional[pulumi.Input[Mapping[str,
|
313
|
+
bound_attributes: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
341
314
|
bound_attributes_type: Optional[pulumi.Input[str]] = None,
|
342
315
|
bound_subjects: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
343
316
|
bound_subjects_type: Optional[pulumi.Input[str]] = None,
|
@@ -356,7 +329,7 @@ class _AuthBackendRoleState:
|
|
356
329
|
token_type: Optional[pulumi.Input[str]] = None):
|
357
330
|
"""
|
358
331
|
Input properties used for looking up and filtering AuthBackendRole resources.
|
359
|
-
:param pulumi.Input[Mapping[str,
|
332
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] bound_attributes: Mapping of attribute names to values that are expected to
|
360
333
|
exist in the SAML assertion.
|
361
334
|
:param pulumi.Input[str] bound_attributes_type: The type of matching assertion to perform on
|
362
335
|
`bound_attributes_type`.
|
@@ -367,34 +340,18 @@ class _AuthBackendRoleState:
|
|
367
340
|
:param pulumi.Input[str] name: Unique name of the role.
|
368
341
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
369
342
|
The value should not contain leading or trailing forward slashes.
|
370
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
343
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
371
344
|
*Available only for Vault Enterprise*.
|
372
345
|
:param pulumi.Input[str] path: Path where the auth backend is mounted.
|
373
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs:
|
374
|
-
|
375
|
-
|
376
|
-
:param pulumi.Input[
|
377
|
-
[explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
|
378
|
-
onto the token in number of seconds. This is a hard cap even if `token_ttl` and
|
379
|
-
`token_max_ttl` would otherwise allow a renewal.
|
380
|
-
:param pulumi.Input[int] token_max_ttl: The maximum lifetime for generated tokens in number of seconds.
|
381
|
-
Its current value will be referenced at renewal time.
|
382
|
-
:param pulumi.Input[bool] token_no_default_policy: If set, the default policy will not be set on
|
383
|
-
generated tokens; otherwise it will be added to the policies set in token_policies.
|
346
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
|
347
|
+
:param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
|
348
|
+
:param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
|
349
|
+
:param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
|
384
350
|
:param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
|
385
|
-
:param pulumi.Input[int] token_period:
|
386
|
-
|
387
|
-
|
388
|
-
|
389
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: List of policies to encode onto generated tokens. Depending
|
390
|
-
on the auth method, this list may be supplemented by user/group/other values.
|
391
|
-
:param pulumi.Input[int] token_ttl: The incremental lifetime for generated tokens in number of seconds.
|
392
|
-
Its current value will be referenced at renewal time.
|
393
|
-
:param pulumi.Input[str] token_type: The type of token that should be generated. Can be `service`,
|
394
|
-
`batch`, or `default` to use the mount's tuned default (which unless changed will be
|
395
|
-
`service` tokens). For token store roles, there are two additional possibilities:
|
396
|
-
`default-service` and `default-batch` which specify the type to return unless the client
|
397
|
-
requests a different type at generation time.
|
351
|
+
:param pulumi.Input[int] token_period: Generated Token's Period
|
352
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
|
353
|
+
:param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
|
354
|
+
:param pulumi.Input[str] token_type: The type of token to generate, service or batch
|
398
355
|
"""
|
399
356
|
if bound_attributes is not None:
|
400
357
|
pulumi.set(__self__, "bound_attributes", bound_attributes)
|
@@ -433,7 +390,7 @@ class _AuthBackendRoleState:
|
|
433
390
|
|
434
391
|
@property
|
435
392
|
@pulumi.getter(name="boundAttributes")
|
436
|
-
def bound_attributes(self) -> Optional[pulumi.Input[Mapping[str,
|
393
|
+
def bound_attributes(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
|
437
394
|
"""
|
438
395
|
Mapping of attribute names to values that are expected to
|
439
396
|
exist in the SAML assertion.
|
@@ -441,7 +398,7 @@ class _AuthBackendRoleState:
|
|
441
398
|
return pulumi.get(self, "bound_attributes")
|
442
399
|
|
443
400
|
@bound_attributes.setter
|
444
|
-
def bound_attributes(self, value: Optional[pulumi.Input[Mapping[str,
|
401
|
+
def bound_attributes(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
|
445
402
|
pulumi.set(self, "bound_attributes", value)
|
446
403
|
|
447
404
|
@property
|
@@ -512,7 +469,7 @@ class _AuthBackendRoleState:
|
|
512
469
|
"""
|
513
470
|
The namespace to provision the resource in.
|
514
471
|
The value should not contain leading or trailing forward slashes.
|
515
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
472
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
516
473
|
*Available only for Vault Enterprise*.
|
517
474
|
"""
|
518
475
|
return pulumi.get(self, "namespace")
|
@@ -537,9 +494,7 @@ class _AuthBackendRoleState:
|
|
537
494
|
@pulumi.getter(name="tokenBoundCidrs")
|
538
495
|
def token_bound_cidrs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
539
496
|
"""
|
540
|
-
|
541
|
-
addresses which can authenticate successfully, and ties the resulting token to these blocks
|
542
|
-
as well.
|
497
|
+
Specifies the blocks of IP addresses which are allowed to use the generated token
|
543
498
|
"""
|
544
499
|
return pulumi.get(self, "token_bound_cidrs")
|
545
500
|
|
@@ -551,10 +506,7 @@ class _AuthBackendRoleState:
|
|
551
506
|
@pulumi.getter(name="tokenExplicitMaxTtl")
|
552
507
|
def token_explicit_max_ttl(self) -> Optional[pulumi.Input[int]]:
|
553
508
|
"""
|
554
|
-
|
555
|
-
[explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
|
556
|
-
onto the token in number of seconds. This is a hard cap even if `token_ttl` and
|
557
|
-
`token_max_ttl` would otherwise allow a renewal.
|
509
|
+
Generated Token's Explicit Maximum TTL in seconds
|
558
510
|
"""
|
559
511
|
return pulumi.get(self, "token_explicit_max_ttl")
|
560
512
|
|
@@ -566,8 +518,7 @@ class _AuthBackendRoleState:
|
|
566
518
|
@pulumi.getter(name="tokenMaxTtl")
|
567
519
|
def token_max_ttl(self) -> Optional[pulumi.Input[int]]:
|
568
520
|
"""
|
569
|
-
The maximum lifetime
|
570
|
-
Its current value will be referenced at renewal time.
|
521
|
+
The maximum lifetime of the generated token
|
571
522
|
"""
|
572
523
|
return pulumi.get(self, "token_max_ttl")
|
573
524
|
|
@@ -579,8 +530,7 @@ class _AuthBackendRoleState:
|
|
579
530
|
@pulumi.getter(name="tokenNoDefaultPolicy")
|
580
531
|
def token_no_default_policy(self) -> Optional[pulumi.Input[bool]]:
|
581
532
|
"""
|
582
|
-
If
|
583
|
-
generated tokens; otherwise it will be added to the policies set in token_policies.
|
533
|
+
If true, the 'default' policy will not automatically be added to generated tokens
|
584
534
|
"""
|
585
535
|
return pulumi.get(self, "token_no_default_policy")
|
586
536
|
|
@@ -604,10 +554,7 @@ class _AuthBackendRoleState:
|
|
604
554
|
@pulumi.getter(name="tokenPeriod")
|
605
555
|
def token_period(self) -> Optional[pulumi.Input[int]]:
|
606
556
|
"""
|
607
|
-
|
608
|
-
token generated using this role should never expire. The token should be renewed within the
|
609
|
-
duration specified by this value. At each renewal, the token's TTL will be set to the
|
610
|
-
value of this field. Specified in seconds.
|
557
|
+
Generated Token's Period
|
611
558
|
"""
|
612
559
|
return pulumi.get(self, "token_period")
|
613
560
|
|
@@ -619,8 +566,7 @@ class _AuthBackendRoleState:
|
|
619
566
|
@pulumi.getter(name="tokenPolicies")
|
620
567
|
def token_policies(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
621
568
|
"""
|
622
|
-
|
623
|
-
on the auth method, this list may be supplemented by user/group/other values.
|
569
|
+
Generated Token's Policies
|
624
570
|
"""
|
625
571
|
return pulumi.get(self, "token_policies")
|
626
572
|
|
@@ -632,8 +578,7 @@ class _AuthBackendRoleState:
|
|
632
578
|
@pulumi.getter(name="tokenTtl")
|
633
579
|
def token_ttl(self) -> Optional[pulumi.Input[int]]:
|
634
580
|
"""
|
635
|
-
The
|
636
|
-
Its current value will be referenced at renewal time.
|
581
|
+
The initial ttl of the token to generate in seconds
|
637
582
|
"""
|
638
583
|
return pulumi.get(self, "token_ttl")
|
639
584
|
|
@@ -645,11 +590,7 @@ class _AuthBackendRoleState:
|
|
645
590
|
@pulumi.getter(name="tokenType")
|
646
591
|
def token_type(self) -> Optional[pulumi.Input[str]]:
|
647
592
|
"""
|
648
|
-
The type of token
|
649
|
-
`batch`, or `default` to use the mount's tuned default (which unless changed will be
|
650
|
-
`service` tokens). For token store roles, there are two additional possibilities:
|
651
|
-
`default-service` and `default-batch` which specify the type to return unless the client
|
652
|
-
requests a different type at generation time.
|
593
|
+
The type of token to generate, service or batch
|
653
594
|
"""
|
654
595
|
return pulumi.get(self, "token_type")
|
655
596
|
|
@@ -663,7 +604,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
663
604
|
def __init__(__self__,
|
664
605
|
resource_name: str,
|
665
606
|
opts: Optional[pulumi.ResourceOptions] = None,
|
666
|
-
bound_attributes: Optional[pulumi.Input[Mapping[str,
|
607
|
+
bound_attributes: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
667
608
|
bound_attributes_type: Optional[pulumi.Input[str]] = None,
|
668
609
|
bound_subjects: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
669
610
|
bound_subjects_type: Optional[pulumi.Input[str]] = None,
|
@@ -688,19 +629,19 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
688
629
|
|
689
630
|
## Example Usage
|
690
631
|
|
691
|
-
<!--Start PulumiCodeChooser -->
|
692
632
|
```python
|
693
633
|
import pulumi
|
694
634
|
import pulumi_vault as vault
|
695
635
|
|
696
|
-
|
636
|
+
example = vault.saml.AuthBackend("example",
|
697
637
|
path="saml",
|
698
638
|
idp_metadata_url="https://company.okta.com/app/abc123eb9xnIfzlaf697/sso/saml/metadata",
|
699
639
|
entity_id="https://my.vault/v1/auth/saml",
|
700
640
|
acs_urls=["https://my.vault.primary/v1/auth/saml/callback"],
|
701
641
|
default_role="default-role")
|
702
|
-
example_auth_backend_role = vault.saml.AuthBackendRole("
|
703
|
-
path=
|
642
|
+
example_auth_backend_role = vault.saml.AuthBackendRole("example",
|
643
|
+
path=example.path,
|
644
|
+
name="my-role",
|
704
645
|
groups_attribute="groups",
|
705
646
|
bound_attributes={
|
706
647
|
"group": "admin",
|
@@ -709,7 +650,6 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
709
650
|
token_policies=["writer"],
|
710
651
|
token_ttl=86400)
|
711
652
|
```
|
712
|
-
<!--End PulumiCodeChooser -->
|
713
653
|
|
714
654
|
## Import
|
715
655
|
|
@@ -721,7 +661,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
721
661
|
|
722
662
|
:param str resource_name: The name of the resource.
|
723
663
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
724
|
-
:param pulumi.Input[Mapping[str,
|
664
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] bound_attributes: Mapping of attribute names to values that are expected to
|
725
665
|
exist in the SAML assertion.
|
726
666
|
:param pulumi.Input[str] bound_attributes_type: The type of matching assertion to perform on
|
727
667
|
`bound_attributes_type`.
|
@@ -732,34 +672,18 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
732
672
|
:param pulumi.Input[str] name: Unique name of the role.
|
733
673
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
734
674
|
The value should not contain leading or trailing forward slashes.
|
735
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
675
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
736
676
|
*Available only for Vault Enterprise*.
|
737
677
|
:param pulumi.Input[str] path: Path where the auth backend is mounted.
|
738
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs:
|
739
|
-
|
740
|
-
|
741
|
-
:param pulumi.Input[
|
742
|
-
[explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
|
743
|
-
onto the token in number of seconds. This is a hard cap even if `token_ttl` and
|
744
|
-
`token_max_ttl` would otherwise allow a renewal.
|
745
|
-
:param pulumi.Input[int] token_max_ttl: The maximum lifetime for generated tokens in number of seconds.
|
746
|
-
Its current value will be referenced at renewal time.
|
747
|
-
:param pulumi.Input[bool] token_no_default_policy: If set, the default policy will not be set on
|
748
|
-
generated tokens; otherwise it will be added to the policies set in token_policies.
|
678
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
|
679
|
+
:param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
|
680
|
+
:param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
|
681
|
+
:param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
|
749
682
|
:param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
|
750
|
-
:param pulumi.Input[int] token_period:
|
751
|
-
|
752
|
-
|
753
|
-
|
754
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: List of policies to encode onto generated tokens. Depending
|
755
|
-
on the auth method, this list may be supplemented by user/group/other values.
|
756
|
-
:param pulumi.Input[int] token_ttl: The incremental lifetime for generated tokens in number of seconds.
|
757
|
-
Its current value will be referenced at renewal time.
|
758
|
-
:param pulumi.Input[str] token_type: The type of token that should be generated. Can be `service`,
|
759
|
-
`batch`, or `default` to use the mount's tuned default (which unless changed will be
|
760
|
-
`service` tokens). For token store roles, there are two additional possibilities:
|
761
|
-
`default-service` and `default-batch` which specify the type to return unless the client
|
762
|
-
requests a different type at generation time.
|
683
|
+
:param pulumi.Input[int] token_period: Generated Token's Period
|
684
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
|
685
|
+
:param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
|
686
|
+
:param pulumi.Input[str] token_type: The type of token to generate, service or batch
|
763
687
|
"""
|
764
688
|
...
|
765
689
|
@overload
|
@@ -774,19 +698,19 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
774
698
|
|
775
699
|
## Example Usage
|
776
700
|
|
777
|
-
<!--Start PulumiCodeChooser -->
|
778
701
|
```python
|
779
702
|
import pulumi
|
780
703
|
import pulumi_vault as vault
|
781
704
|
|
782
|
-
|
705
|
+
example = vault.saml.AuthBackend("example",
|
783
706
|
path="saml",
|
784
707
|
idp_metadata_url="https://company.okta.com/app/abc123eb9xnIfzlaf697/sso/saml/metadata",
|
785
708
|
entity_id="https://my.vault/v1/auth/saml",
|
786
709
|
acs_urls=["https://my.vault.primary/v1/auth/saml/callback"],
|
787
710
|
default_role="default-role")
|
788
|
-
example_auth_backend_role = vault.saml.AuthBackendRole("
|
789
|
-
path=
|
711
|
+
example_auth_backend_role = vault.saml.AuthBackendRole("example",
|
712
|
+
path=example.path,
|
713
|
+
name="my-role",
|
790
714
|
groups_attribute="groups",
|
791
715
|
bound_attributes={
|
792
716
|
"group": "admin",
|
@@ -795,7 +719,6 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
795
719
|
token_policies=["writer"],
|
796
720
|
token_ttl=86400)
|
797
721
|
```
|
798
|
-
<!--End PulumiCodeChooser -->
|
799
722
|
|
800
723
|
## Import
|
801
724
|
|
@@ -820,7 +743,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
820
743
|
def _internal_init(__self__,
|
821
744
|
resource_name: str,
|
822
745
|
opts: Optional[pulumi.ResourceOptions] = None,
|
823
|
-
bound_attributes: Optional[pulumi.Input[Mapping[str,
|
746
|
+
bound_attributes: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
824
747
|
bound_attributes_type: Optional[pulumi.Input[str]] = None,
|
825
748
|
bound_subjects: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
826
749
|
bound_subjects_type: Optional[pulumi.Input[str]] = None,
|
@@ -875,7 +798,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
875
798
|
def get(resource_name: str,
|
876
799
|
id: pulumi.Input[str],
|
877
800
|
opts: Optional[pulumi.ResourceOptions] = None,
|
878
|
-
bound_attributes: Optional[pulumi.Input[Mapping[str,
|
801
|
+
bound_attributes: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
879
802
|
bound_attributes_type: Optional[pulumi.Input[str]] = None,
|
880
803
|
bound_subjects: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
881
804
|
bound_subjects_type: Optional[pulumi.Input[str]] = None,
|
@@ -899,7 +822,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
899
822
|
:param str resource_name: The unique name of the resulting resource.
|
900
823
|
:param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
|
901
824
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
902
|
-
:param pulumi.Input[Mapping[str,
|
825
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] bound_attributes: Mapping of attribute names to values that are expected to
|
903
826
|
exist in the SAML assertion.
|
904
827
|
:param pulumi.Input[str] bound_attributes_type: The type of matching assertion to perform on
|
905
828
|
`bound_attributes_type`.
|
@@ -910,34 +833,18 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
910
833
|
:param pulumi.Input[str] name: Unique name of the role.
|
911
834
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
912
835
|
The value should not contain leading or trailing forward slashes.
|
913
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
836
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
914
837
|
*Available only for Vault Enterprise*.
|
915
838
|
:param pulumi.Input[str] path: Path where the auth backend is mounted.
|
916
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs:
|
917
|
-
|
918
|
-
|
919
|
-
:param pulumi.Input[
|
920
|
-
[explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
|
921
|
-
onto the token in number of seconds. This is a hard cap even if `token_ttl` and
|
922
|
-
`token_max_ttl` would otherwise allow a renewal.
|
923
|
-
:param pulumi.Input[int] token_max_ttl: The maximum lifetime for generated tokens in number of seconds.
|
924
|
-
Its current value will be referenced at renewal time.
|
925
|
-
:param pulumi.Input[bool] token_no_default_policy: If set, the default policy will not be set on
|
926
|
-
generated tokens; otherwise it will be added to the policies set in token_policies.
|
839
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
|
840
|
+
:param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
|
841
|
+
:param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
|
842
|
+
:param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
|
927
843
|
:param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
|
928
|
-
:param pulumi.Input[int] token_period:
|
929
|
-
|
930
|
-
|
931
|
-
|
932
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: List of policies to encode onto generated tokens. Depending
|
933
|
-
on the auth method, this list may be supplemented by user/group/other values.
|
934
|
-
:param pulumi.Input[int] token_ttl: The incremental lifetime for generated tokens in number of seconds.
|
935
|
-
Its current value will be referenced at renewal time.
|
936
|
-
:param pulumi.Input[str] token_type: The type of token that should be generated. Can be `service`,
|
937
|
-
`batch`, or `default` to use the mount's tuned default (which unless changed will be
|
938
|
-
`service` tokens). For token store roles, there are two additional possibilities:
|
939
|
-
`default-service` and `default-batch` which specify the type to return unless the client
|
940
|
-
requests a different type at generation time.
|
844
|
+
:param pulumi.Input[int] token_period: Generated Token's Period
|
845
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
|
846
|
+
:param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
|
847
|
+
:param pulumi.Input[str] token_type: The type of token to generate, service or batch
|
941
848
|
"""
|
942
849
|
opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
|
943
850
|
|
@@ -964,7 +871,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
964
871
|
|
965
872
|
@property
|
966
873
|
@pulumi.getter(name="boundAttributes")
|
967
|
-
def bound_attributes(self) -> pulumi.Output[Optional[Mapping[str,
|
874
|
+
def bound_attributes(self) -> pulumi.Output[Optional[Mapping[str, str]]]:
|
968
875
|
"""
|
969
876
|
Mapping of attribute names to values that are expected to
|
970
877
|
exist in the SAML assertion.
|
@@ -1019,7 +926,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1019
926
|
"""
|
1020
927
|
The namespace to provision the resource in.
|
1021
928
|
The value should not contain leading or trailing forward slashes.
|
1022
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
929
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
1023
930
|
*Available only for Vault Enterprise*.
|
1024
931
|
"""
|
1025
932
|
return pulumi.get(self, "namespace")
|
@@ -1036,9 +943,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1036
943
|
@pulumi.getter(name="tokenBoundCidrs")
|
1037
944
|
def token_bound_cidrs(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
1038
945
|
"""
|
1039
|
-
|
1040
|
-
addresses which can authenticate successfully, and ties the resulting token to these blocks
|
1041
|
-
as well.
|
946
|
+
Specifies the blocks of IP addresses which are allowed to use the generated token
|
1042
947
|
"""
|
1043
948
|
return pulumi.get(self, "token_bound_cidrs")
|
1044
949
|
|
@@ -1046,10 +951,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1046
951
|
@pulumi.getter(name="tokenExplicitMaxTtl")
|
1047
952
|
def token_explicit_max_ttl(self) -> pulumi.Output[Optional[int]]:
|
1048
953
|
"""
|
1049
|
-
|
1050
|
-
[explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
|
1051
|
-
onto the token in number of seconds. This is a hard cap even if `token_ttl` and
|
1052
|
-
`token_max_ttl` would otherwise allow a renewal.
|
954
|
+
Generated Token's Explicit Maximum TTL in seconds
|
1053
955
|
"""
|
1054
956
|
return pulumi.get(self, "token_explicit_max_ttl")
|
1055
957
|
|
@@ -1057,8 +959,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1057
959
|
@pulumi.getter(name="tokenMaxTtl")
|
1058
960
|
def token_max_ttl(self) -> pulumi.Output[Optional[int]]:
|
1059
961
|
"""
|
1060
|
-
The maximum lifetime
|
1061
|
-
Its current value will be referenced at renewal time.
|
962
|
+
The maximum lifetime of the generated token
|
1062
963
|
"""
|
1063
964
|
return pulumi.get(self, "token_max_ttl")
|
1064
965
|
|
@@ -1066,8 +967,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1066
967
|
@pulumi.getter(name="tokenNoDefaultPolicy")
|
1067
968
|
def token_no_default_policy(self) -> pulumi.Output[Optional[bool]]:
|
1068
969
|
"""
|
1069
|
-
If
|
1070
|
-
generated tokens; otherwise it will be added to the policies set in token_policies.
|
970
|
+
If true, the 'default' policy will not automatically be added to generated tokens
|
1071
971
|
"""
|
1072
972
|
return pulumi.get(self, "token_no_default_policy")
|
1073
973
|
|
@@ -1083,10 +983,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1083
983
|
@pulumi.getter(name="tokenPeriod")
|
1084
984
|
def token_period(self) -> pulumi.Output[Optional[int]]:
|
1085
985
|
"""
|
1086
|
-
|
1087
|
-
token generated using this role should never expire. The token should be renewed within the
|
1088
|
-
duration specified by this value. At each renewal, the token's TTL will be set to the
|
1089
|
-
value of this field. Specified in seconds.
|
986
|
+
Generated Token's Period
|
1090
987
|
"""
|
1091
988
|
return pulumi.get(self, "token_period")
|
1092
989
|
|
@@ -1094,8 +991,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1094
991
|
@pulumi.getter(name="tokenPolicies")
|
1095
992
|
def token_policies(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
1096
993
|
"""
|
1097
|
-
|
1098
|
-
on the auth method, this list may be supplemented by user/group/other values.
|
994
|
+
Generated Token's Policies
|
1099
995
|
"""
|
1100
996
|
return pulumi.get(self, "token_policies")
|
1101
997
|
|
@@ -1103,8 +999,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1103
999
|
@pulumi.getter(name="tokenTtl")
|
1104
1000
|
def token_ttl(self) -> pulumi.Output[Optional[int]]:
|
1105
1001
|
"""
|
1106
|
-
The
|
1107
|
-
Its current value will be referenced at renewal time.
|
1002
|
+
The initial ttl of the token to generate in seconds
|
1108
1003
|
"""
|
1109
1004
|
return pulumi.get(self, "token_ttl")
|
1110
1005
|
|
@@ -1112,11 +1007,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1112
1007
|
@pulumi.getter(name="tokenType")
|
1113
1008
|
def token_type(self) -> pulumi.Output[Optional[str]]:
|
1114
1009
|
"""
|
1115
|
-
The type of token
|
1116
|
-
`batch`, or `default` to use the mount's tuned default (which unless changed will be
|
1117
|
-
`service` tokens). For token store roles, there are two additional possibilities:
|
1118
|
-
`default-service` and `default-batch` which specify the type to return unless the client
|
1119
|
-
requests a different type at generation time.
|
1010
|
+
The type of token to generate, service or batch
|
1120
1011
|
"""
|
1121
1012
|
return pulumi.get(self, "token_type")
|
1122
1013
|
|