pulumi-vault 5.21.0a1710160723__py3-none-any.whl → 6.5.0a1736836139__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +52 -0
- pulumi_vault/_inputs.py +560 -0
- pulumi_vault/_utilities.py +41 -5
- pulumi_vault/ad/get_access_credentials.py +22 -7
- pulumi_vault/ad/secret_backend.py +14 -144
- pulumi_vault/ad/secret_library.py +14 -11
- pulumi_vault/ad/secret_role.py +12 -11
- pulumi_vault/alicloud/auth_backend_role.py +74 -192
- pulumi_vault/approle/auth_backend_login.py +12 -11
- pulumi_vault/approle/auth_backend_role.py +75 -193
- pulumi_vault/approle/auth_backend_role_secret_id.py +106 -11
- pulumi_vault/approle/get_auth_backend_role_id.py +18 -9
- pulumi_vault/audit.py +24 -27
- pulumi_vault/audit_request_header.py +11 -6
- pulumi_vault/auth_backend.py +64 -12
- pulumi_vault/aws/auth_backend_cert.py +12 -7
- pulumi_vault/aws/auth_backend_client.py +265 -24
- pulumi_vault/aws/auth_backend_config_identity.py +12 -11
- pulumi_vault/aws/auth_backend_identity_whitelist.py +18 -17
- pulumi_vault/aws/auth_backend_login.py +19 -22
- pulumi_vault/aws/auth_backend_role.py +75 -193
- pulumi_vault/aws/auth_backend_role_tag.py +12 -7
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -17
- pulumi_vault/aws/auth_backend_sts_role.py +12 -11
- pulumi_vault/aws/get_access_credentials.py +34 -7
- pulumi_vault/aws/get_static_access_credentials.py +19 -5
- pulumi_vault/aws/secret_backend.py +75 -7
- pulumi_vault/aws/secret_backend_role.py +183 -11
- pulumi_vault/aws/secret_backend_static_role.py +14 -11
- pulumi_vault/azure/_inputs.py +24 -0
- pulumi_vault/azure/auth_backend_config.py +151 -17
- pulumi_vault/azure/auth_backend_role.py +75 -193
- pulumi_vault/azure/backend.py +223 -29
- pulumi_vault/azure/backend_role.py +42 -41
- pulumi_vault/azure/get_access_credentials.py +39 -11
- pulumi_vault/azure/outputs.py +5 -0
- pulumi_vault/cert_auth_backend_role.py +87 -271
- pulumi_vault/config/__init__.pyi +5 -0
- pulumi_vault/config/_inputs.py +73 -0
- pulumi_vault/config/outputs.py +35 -0
- pulumi_vault/config/ui_custom_message.py +529 -0
- pulumi_vault/config/vars.py +5 -0
- pulumi_vault/consul/secret_backend.py +22 -25
- pulumi_vault/consul/secret_backend_role.py +14 -80
- pulumi_vault/database/_inputs.py +2770 -881
- pulumi_vault/database/outputs.py +721 -838
- pulumi_vault/database/secret_backend_connection.py +117 -114
- pulumi_vault/database/secret_backend_role.py +29 -24
- pulumi_vault/database/secret_backend_static_role.py +85 -15
- pulumi_vault/database/secrets_mount.py +425 -138
- pulumi_vault/egp_policy.py +16 -15
- pulumi_vault/gcp/_inputs.py +111 -0
- pulumi_vault/gcp/auth_backend.py +248 -35
- pulumi_vault/gcp/auth_backend_role.py +75 -271
- pulumi_vault/gcp/get_auth_backend_role.py +43 -9
- pulumi_vault/gcp/outputs.py +5 -0
- pulumi_vault/gcp/secret_backend.py +287 -16
- pulumi_vault/gcp/secret_impersonated_account.py +74 -17
- pulumi_vault/gcp/secret_roleset.py +29 -26
- pulumi_vault/gcp/secret_static_account.py +37 -34
- pulumi_vault/generic/endpoint.py +22 -21
- pulumi_vault/generic/get_secret.py +68 -12
- pulumi_vault/generic/secret.py +19 -14
- pulumi_vault/get_auth_backend.py +24 -11
- pulumi_vault/get_auth_backends.py +33 -11
- pulumi_vault/get_namespace.py +226 -0
- pulumi_vault/get_namespaces.py +153 -0
- pulumi_vault/get_nomad_access_token.py +31 -15
- pulumi_vault/get_policy_document.py +34 -23
- pulumi_vault/get_raft_autopilot_state.py +29 -14
- pulumi_vault/github/_inputs.py +55 -0
- pulumi_vault/github/auth_backend.py +17 -16
- pulumi_vault/github/outputs.py +5 -0
- pulumi_vault/github/team.py +14 -13
- pulumi_vault/github/user.py +14 -13
- pulumi_vault/identity/entity.py +18 -15
- pulumi_vault/identity/entity_alias.py +18 -15
- pulumi_vault/identity/entity_policies.py +24 -19
- pulumi_vault/identity/get_entity.py +40 -14
- pulumi_vault/identity/get_group.py +45 -13
- pulumi_vault/identity/get_oidc_client_creds.py +21 -11
- pulumi_vault/identity/get_oidc_openid_config.py +39 -13
- pulumi_vault/identity/get_oidc_public_keys.py +29 -14
- pulumi_vault/identity/group.py +50 -49
- pulumi_vault/identity/group_alias.py +14 -11
- pulumi_vault/identity/group_member_entity_ids.py +24 -74
- pulumi_vault/identity/group_member_group_ids.py +36 -27
- pulumi_vault/identity/group_policies.py +16 -15
- pulumi_vault/identity/mfa_duo.py +9 -8
- pulumi_vault/identity/mfa_login_enforcement.py +13 -8
- pulumi_vault/identity/mfa_okta.py +9 -8
- pulumi_vault/identity/mfa_pingid.py +5 -4
- pulumi_vault/identity/mfa_totp.py +5 -4
- pulumi_vault/identity/oidc.py +12 -11
- pulumi_vault/identity/oidc_assignment.py +22 -13
- pulumi_vault/identity/oidc_client.py +34 -25
- pulumi_vault/identity/oidc_key.py +28 -19
- pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -19
- pulumi_vault/identity/oidc_provider.py +34 -23
- pulumi_vault/identity/oidc_role.py +40 -27
- pulumi_vault/identity/oidc_scope.py +18 -15
- pulumi_vault/identity/outputs.py +8 -3
- pulumi_vault/jwt/_inputs.py +55 -0
- pulumi_vault/jwt/auth_backend.py +39 -46
- pulumi_vault/jwt/auth_backend_role.py +131 -260
- pulumi_vault/jwt/outputs.py +5 -0
- pulumi_vault/kmip/secret_backend.py +22 -21
- pulumi_vault/kmip/secret_role.py +12 -11
- pulumi_vault/kmip/secret_scope.py +12 -11
- pulumi_vault/kubernetes/auth_backend_config.py +55 -7
- pulumi_vault/kubernetes/auth_backend_role.py +68 -179
- pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
- pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
- pulumi_vault/kubernetes/get_service_account_token.py +39 -15
- pulumi_vault/kubernetes/secret_backend.py +314 -29
- pulumi_vault/kubernetes/secret_backend_role.py +135 -56
- pulumi_vault/kv/_inputs.py +36 -4
- pulumi_vault/kv/get_secret.py +23 -12
- pulumi_vault/kv/get_secret_subkeys_v2.py +31 -14
- pulumi_vault/kv/get_secret_v2.py +89 -9
- pulumi_vault/kv/get_secrets_list.py +22 -15
- pulumi_vault/kv/get_secrets_list_v2.py +35 -19
- pulumi_vault/kv/outputs.py +8 -3
- pulumi_vault/kv/secret.py +19 -18
- pulumi_vault/kv/secret_backend_v2.py +12 -11
- pulumi_vault/kv/secret_v2.py +55 -52
- pulumi_vault/ldap/auth_backend.py +125 -168
- pulumi_vault/ldap/auth_backend_group.py +12 -11
- pulumi_vault/ldap/auth_backend_user.py +12 -11
- pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
- pulumi_vault/ldap/get_static_credentials.py +24 -5
- pulumi_vault/ldap/secret_backend.py +352 -84
- pulumi_vault/ldap/secret_backend_dynamic_role.py +12 -11
- pulumi_vault/ldap/secret_backend_library_set.py +14 -11
- pulumi_vault/ldap/secret_backend_static_role.py +67 -12
- pulumi_vault/managed/_inputs.py +289 -132
- pulumi_vault/managed/keys.py +27 -43
- pulumi_vault/managed/outputs.py +89 -132
- pulumi_vault/mfa_duo.py +16 -13
- pulumi_vault/mfa_okta.py +16 -13
- pulumi_vault/mfa_pingid.py +16 -13
- pulumi_vault/mfa_totp.py +22 -19
- pulumi_vault/mongodbatlas/secret_backend.py +18 -17
- pulumi_vault/mongodbatlas/secret_role.py +41 -38
- pulumi_vault/mount.py +389 -65
- pulumi_vault/namespace.py +26 -21
- pulumi_vault/nomad_secret_backend.py +16 -15
- pulumi_vault/nomad_secret_role.py +12 -11
- pulumi_vault/okta/_inputs.py +47 -8
- pulumi_vault/okta/auth_backend.py +483 -41
- pulumi_vault/okta/auth_backend_group.py +12 -11
- pulumi_vault/okta/auth_backend_user.py +12 -11
- pulumi_vault/okta/outputs.py +13 -8
- pulumi_vault/outputs.py +5 -0
- pulumi_vault/password_policy.py +18 -15
- pulumi_vault/pkisecret/__init__.py +3 -0
- pulumi_vault/pkisecret/_inputs.py +81 -0
- pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
- pulumi_vault/pkisecret/backend_config_est.py +619 -0
- pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
- pulumi_vault/pkisecret/get_backend_issuer.py +63 -7
- pulumi_vault/pkisecret/get_backend_issuers.py +21 -12
- pulumi_vault/pkisecret/get_backend_key.py +24 -13
- pulumi_vault/pkisecret/get_backend_keys.py +21 -12
- pulumi_vault/pkisecret/outputs.py +69 -0
- pulumi_vault/pkisecret/secret_backend_cert.py +18 -15
- pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -15
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +12 -11
- pulumi_vault/pkisecret/secret_backend_config_urls.py +59 -11
- pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -13
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -15
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -21
- pulumi_vault/pkisecret/secret_backend_issuer.py +12 -11
- pulumi_vault/pkisecret/secret_backend_key.py +12 -7
- pulumi_vault/pkisecret/secret_backend_role.py +19 -16
- pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -52
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -62
- pulumi_vault/pkisecret/secret_backend_sign.py +18 -60
- pulumi_vault/plugin.py +595 -0
- pulumi_vault/plugin_pinned_version.py +298 -0
- pulumi_vault/policy.py +12 -7
- pulumi_vault/provider.py +48 -53
- pulumi_vault/pulumi-plugin.json +2 -1
- pulumi_vault/quota_lease_count.py +58 -8
- pulumi_vault/quota_rate_limit.py +54 -4
- pulumi_vault/rabbitmq/_inputs.py +61 -0
- pulumi_vault/rabbitmq/outputs.py +5 -0
- pulumi_vault/rabbitmq/secret_backend.py +16 -15
- pulumi_vault/rabbitmq/secret_backend_role.py +52 -49
- pulumi_vault/raft_autopilot.py +12 -11
- pulumi_vault/raft_snapshot_agent_config.py +121 -311
- pulumi_vault/rgp_policy.py +14 -13
- pulumi_vault/saml/auth_backend.py +20 -19
- pulumi_vault/saml/auth_backend_role.py +90 -199
- pulumi_vault/secrets/__init__.py +3 -0
- pulumi_vault/secrets/_inputs.py +110 -0
- pulumi_vault/secrets/outputs.py +94 -0
- pulumi_vault/secrets/sync_association.py +56 -75
- pulumi_vault/secrets/sync_aws_destination.py +240 -29
- pulumi_vault/secrets/sync_azure_destination.py +90 -33
- pulumi_vault/secrets/sync_config.py +7 -6
- pulumi_vault/secrets/sync_gcp_destination.py +156 -27
- pulumi_vault/secrets/sync_gh_destination.py +187 -15
- pulumi_vault/secrets/sync_github_apps.py +375 -0
- pulumi_vault/secrets/sync_vercel_destination.py +72 -15
- pulumi_vault/ssh/_inputs.py +28 -32
- pulumi_vault/ssh/outputs.py +11 -32
- pulumi_vault/ssh/secret_backend_ca.py +106 -11
- pulumi_vault/ssh/secret_backend_role.py +83 -120
- pulumi_vault/terraformcloud/secret_backend.py +5 -56
- pulumi_vault/terraformcloud/secret_creds.py +14 -24
- pulumi_vault/terraformcloud/secret_role.py +14 -76
- pulumi_vault/token.py +26 -25
- pulumi_vault/tokenauth/auth_backend_role.py +76 -201
- pulumi_vault/transform/alphabet.py +16 -13
- pulumi_vault/transform/get_decode.py +45 -21
- pulumi_vault/transform/get_encode.py +45 -21
- pulumi_vault/transform/role.py +16 -13
- pulumi_vault/transform/template.py +30 -25
- pulumi_vault/transform/transformation.py +12 -7
- pulumi_vault/transit/get_decrypt.py +26 -25
- pulumi_vault/transit/get_encrypt.py +24 -19
- pulumi_vault/transit/secret_backend_key.py +25 -97
- pulumi_vault/transit/secret_cache_config.py +12 -11
- {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/METADATA +8 -7
- pulumi_vault-6.5.0a1736836139.dist-info/RECORD +256 -0
- {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/WHEEL +1 -1
- pulumi_vault-5.21.0a1710160723.dist-info/RECORD +0 -244
- {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/top_level.txt +0 -0
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
|
12
17
|
__all__ = ['SyncGcpDestinationArgs', 'SyncGcpDestination']
|
@@ -15,20 +20,28 @@ __all__ = ['SyncGcpDestinationArgs', 'SyncGcpDestination']
|
|
15
20
|
class SyncGcpDestinationArgs:
|
16
21
|
def __init__(__self__, *,
|
17
22
|
credentials: Optional[pulumi.Input[str]] = None,
|
18
|
-
custom_tags: Optional[pulumi.Input[Mapping[str,
|
23
|
+
custom_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
24
|
+
granularity: Optional[pulumi.Input[str]] = None,
|
19
25
|
name: Optional[pulumi.Input[str]] = None,
|
20
26
|
namespace: Optional[pulumi.Input[str]] = None,
|
27
|
+
project_id: Optional[pulumi.Input[str]] = None,
|
21
28
|
secret_name_template: Optional[pulumi.Input[str]] = None):
|
22
29
|
"""
|
23
30
|
The set of arguments for constructing a SyncGcpDestination resource.
|
24
31
|
:param pulumi.Input[str] credentials: JSON-encoded credentials to use to connect to GCP.
|
25
32
|
Can be omitted and directly provided to Vault using the `GOOGLE_APPLICATION_CREDENTIALS` environment
|
26
33
|
variable.
|
27
|
-
:param pulumi.Input[Mapping[str,
|
34
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] custom_tags: Custom tags to set on the secret managed at the destination.
|
35
|
+
:param pulumi.Input[str] granularity: Determines what level of information is synced as a distinct resource
|
36
|
+
at the destination. Supports `secret-path` and `secret-key`.
|
28
37
|
:param pulumi.Input[str] name: Unique name of the GCP destination.
|
29
38
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
30
39
|
The value should not contain leading or trailing forward slashes.
|
31
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
40
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
41
|
+
:param pulumi.Input[str] project_id: The target project to manage secrets in. If set,
|
42
|
+
overrides the project ID derived from the service account JSON credentials or application
|
43
|
+
default credentials. The service account must be [authorized](https://cloud.google.com/iam/docs/service-account-overview#locations)
|
44
|
+
to perform Secret Manager actions in the target project.
|
32
45
|
:param pulumi.Input[str] secret_name_template: Template describing how to generate external secret names.
|
33
46
|
Supports a subset of the Go Template syntax.
|
34
47
|
"""
|
@@ -36,10 +49,14 @@ class SyncGcpDestinationArgs:
|
|
36
49
|
pulumi.set(__self__, "credentials", credentials)
|
37
50
|
if custom_tags is not None:
|
38
51
|
pulumi.set(__self__, "custom_tags", custom_tags)
|
52
|
+
if granularity is not None:
|
53
|
+
pulumi.set(__self__, "granularity", granularity)
|
39
54
|
if name is not None:
|
40
55
|
pulumi.set(__self__, "name", name)
|
41
56
|
if namespace is not None:
|
42
57
|
pulumi.set(__self__, "namespace", namespace)
|
58
|
+
if project_id is not None:
|
59
|
+
pulumi.set(__self__, "project_id", project_id)
|
43
60
|
if secret_name_template is not None:
|
44
61
|
pulumi.set(__self__, "secret_name_template", secret_name_template)
|
45
62
|
|
@@ -59,16 +76,29 @@ class SyncGcpDestinationArgs:
|
|
59
76
|
|
60
77
|
@property
|
61
78
|
@pulumi.getter(name="customTags")
|
62
|
-
def custom_tags(self) -> Optional[pulumi.Input[Mapping[str,
|
79
|
+
def custom_tags(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
|
63
80
|
"""
|
64
81
|
Custom tags to set on the secret managed at the destination.
|
65
82
|
"""
|
66
83
|
return pulumi.get(self, "custom_tags")
|
67
84
|
|
68
85
|
@custom_tags.setter
|
69
|
-
def custom_tags(self, value: Optional[pulumi.Input[Mapping[str,
|
86
|
+
def custom_tags(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
|
70
87
|
pulumi.set(self, "custom_tags", value)
|
71
88
|
|
89
|
+
@property
|
90
|
+
@pulumi.getter
|
91
|
+
def granularity(self) -> Optional[pulumi.Input[str]]:
|
92
|
+
"""
|
93
|
+
Determines what level of information is synced as a distinct resource
|
94
|
+
at the destination. Supports `secret-path` and `secret-key`.
|
95
|
+
"""
|
96
|
+
return pulumi.get(self, "granularity")
|
97
|
+
|
98
|
+
@granularity.setter
|
99
|
+
def granularity(self, value: Optional[pulumi.Input[str]]):
|
100
|
+
pulumi.set(self, "granularity", value)
|
101
|
+
|
72
102
|
@property
|
73
103
|
@pulumi.getter
|
74
104
|
def name(self) -> Optional[pulumi.Input[str]]:
|
@@ -87,7 +117,7 @@ class SyncGcpDestinationArgs:
|
|
87
117
|
"""
|
88
118
|
The namespace to provision the resource in.
|
89
119
|
The value should not contain leading or trailing forward slashes.
|
90
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
120
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
91
121
|
"""
|
92
122
|
return pulumi.get(self, "namespace")
|
93
123
|
|
@@ -95,6 +125,21 @@ class SyncGcpDestinationArgs:
|
|
95
125
|
def namespace(self, value: Optional[pulumi.Input[str]]):
|
96
126
|
pulumi.set(self, "namespace", value)
|
97
127
|
|
128
|
+
@property
|
129
|
+
@pulumi.getter(name="projectId")
|
130
|
+
def project_id(self) -> Optional[pulumi.Input[str]]:
|
131
|
+
"""
|
132
|
+
The target project to manage secrets in. If set,
|
133
|
+
overrides the project ID derived from the service account JSON credentials or application
|
134
|
+
default credentials. The service account must be [authorized](https://cloud.google.com/iam/docs/service-account-overview#locations)
|
135
|
+
to perform Secret Manager actions in the target project.
|
136
|
+
"""
|
137
|
+
return pulumi.get(self, "project_id")
|
138
|
+
|
139
|
+
@project_id.setter
|
140
|
+
def project_id(self, value: Optional[pulumi.Input[str]]):
|
141
|
+
pulumi.set(self, "project_id", value)
|
142
|
+
|
98
143
|
@property
|
99
144
|
@pulumi.getter(name="secretNameTemplate")
|
100
145
|
def secret_name_template(self) -> Optional[pulumi.Input[str]]:
|
@@ -113,9 +158,11 @@ class SyncGcpDestinationArgs:
|
|
113
158
|
class _SyncGcpDestinationState:
|
114
159
|
def __init__(__self__, *,
|
115
160
|
credentials: Optional[pulumi.Input[str]] = None,
|
116
|
-
custom_tags: Optional[pulumi.Input[Mapping[str,
|
161
|
+
custom_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
162
|
+
granularity: Optional[pulumi.Input[str]] = None,
|
117
163
|
name: Optional[pulumi.Input[str]] = None,
|
118
164
|
namespace: Optional[pulumi.Input[str]] = None,
|
165
|
+
project_id: Optional[pulumi.Input[str]] = None,
|
119
166
|
secret_name_template: Optional[pulumi.Input[str]] = None,
|
120
167
|
type: Optional[pulumi.Input[str]] = None):
|
121
168
|
"""
|
@@ -123,11 +170,17 @@ class _SyncGcpDestinationState:
|
|
123
170
|
:param pulumi.Input[str] credentials: JSON-encoded credentials to use to connect to GCP.
|
124
171
|
Can be omitted and directly provided to Vault using the `GOOGLE_APPLICATION_CREDENTIALS` environment
|
125
172
|
variable.
|
126
|
-
:param pulumi.Input[Mapping[str,
|
173
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] custom_tags: Custom tags to set on the secret managed at the destination.
|
174
|
+
:param pulumi.Input[str] granularity: Determines what level of information is synced as a distinct resource
|
175
|
+
at the destination. Supports `secret-path` and `secret-key`.
|
127
176
|
:param pulumi.Input[str] name: Unique name of the GCP destination.
|
128
177
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
129
178
|
The value should not contain leading or trailing forward slashes.
|
130
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
179
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
180
|
+
:param pulumi.Input[str] project_id: The target project to manage secrets in. If set,
|
181
|
+
overrides the project ID derived from the service account JSON credentials or application
|
182
|
+
default credentials. The service account must be [authorized](https://cloud.google.com/iam/docs/service-account-overview#locations)
|
183
|
+
to perform Secret Manager actions in the target project.
|
131
184
|
:param pulumi.Input[str] secret_name_template: Template describing how to generate external secret names.
|
132
185
|
Supports a subset of the Go Template syntax.
|
133
186
|
:param pulumi.Input[str] type: The type of the secrets destination (`gcp-sm`).
|
@@ -136,10 +189,14 @@ class _SyncGcpDestinationState:
|
|
136
189
|
pulumi.set(__self__, "credentials", credentials)
|
137
190
|
if custom_tags is not None:
|
138
191
|
pulumi.set(__self__, "custom_tags", custom_tags)
|
192
|
+
if granularity is not None:
|
193
|
+
pulumi.set(__self__, "granularity", granularity)
|
139
194
|
if name is not None:
|
140
195
|
pulumi.set(__self__, "name", name)
|
141
196
|
if namespace is not None:
|
142
197
|
pulumi.set(__self__, "namespace", namespace)
|
198
|
+
if project_id is not None:
|
199
|
+
pulumi.set(__self__, "project_id", project_id)
|
143
200
|
if secret_name_template is not None:
|
144
201
|
pulumi.set(__self__, "secret_name_template", secret_name_template)
|
145
202
|
if type is not None:
|
@@ -161,16 +218,29 @@ class _SyncGcpDestinationState:
|
|
161
218
|
|
162
219
|
@property
|
163
220
|
@pulumi.getter(name="customTags")
|
164
|
-
def custom_tags(self) -> Optional[pulumi.Input[Mapping[str,
|
221
|
+
def custom_tags(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
|
165
222
|
"""
|
166
223
|
Custom tags to set on the secret managed at the destination.
|
167
224
|
"""
|
168
225
|
return pulumi.get(self, "custom_tags")
|
169
226
|
|
170
227
|
@custom_tags.setter
|
171
|
-
def custom_tags(self, value: Optional[pulumi.Input[Mapping[str,
|
228
|
+
def custom_tags(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
|
172
229
|
pulumi.set(self, "custom_tags", value)
|
173
230
|
|
231
|
+
@property
|
232
|
+
@pulumi.getter
|
233
|
+
def granularity(self) -> Optional[pulumi.Input[str]]:
|
234
|
+
"""
|
235
|
+
Determines what level of information is synced as a distinct resource
|
236
|
+
at the destination. Supports `secret-path` and `secret-key`.
|
237
|
+
"""
|
238
|
+
return pulumi.get(self, "granularity")
|
239
|
+
|
240
|
+
@granularity.setter
|
241
|
+
def granularity(self, value: Optional[pulumi.Input[str]]):
|
242
|
+
pulumi.set(self, "granularity", value)
|
243
|
+
|
174
244
|
@property
|
175
245
|
@pulumi.getter
|
176
246
|
def name(self) -> Optional[pulumi.Input[str]]:
|
@@ -189,7 +259,7 @@ class _SyncGcpDestinationState:
|
|
189
259
|
"""
|
190
260
|
The namespace to provision the resource in.
|
191
261
|
The value should not contain leading or trailing forward slashes.
|
192
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
262
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
193
263
|
"""
|
194
264
|
return pulumi.get(self, "namespace")
|
195
265
|
|
@@ -197,6 +267,21 @@ class _SyncGcpDestinationState:
|
|
197
267
|
def namespace(self, value: Optional[pulumi.Input[str]]):
|
198
268
|
pulumi.set(self, "namespace", value)
|
199
269
|
|
270
|
+
@property
|
271
|
+
@pulumi.getter(name="projectId")
|
272
|
+
def project_id(self) -> Optional[pulumi.Input[str]]:
|
273
|
+
"""
|
274
|
+
The target project to manage secrets in. If set,
|
275
|
+
overrides the project ID derived from the service account JSON credentials or application
|
276
|
+
default credentials. The service account must be [authorized](https://cloud.google.com/iam/docs/service-account-overview#locations)
|
277
|
+
to perform Secret Manager actions in the target project.
|
278
|
+
"""
|
279
|
+
return pulumi.get(self, "project_id")
|
280
|
+
|
281
|
+
@project_id.setter
|
282
|
+
def project_id(self, value: Optional[pulumi.Input[str]]):
|
283
|
+
pulumi.set(self, "project_id", value)
|
284
|
+
|
200
285
|
@property
|
201
286
|
@pulumi.getter(name="secretNameTemplate")
|
202
287
|
def secret_name_template(self) -> Optional[pulumi.Input[str]]:
|
@@ -229,27 +314,30 @@ class SyncGcpDestination(pulumi.CustomResource):
|
|
229
314
|
resource_name: str,
|
230
315
|
opts: Optional[pulumi.ResourceOptions] = None,
|
231
316
|
credentials: Optional[pulumi.Input[str]] = None,
|
232
|
-
custom_tags: Optional[pulumi.Input[Mapping[str,
|
317
|
+
custom_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
318
|
+
granularity: Optional[pulumi.Input[str]] = None,
|
233
319
|
name: Optional[pulumi.Input[str]] = None,
|
234
320
|
namespace: Optional[pulumi.Input[str]] = None,
|
321
|
+
project_id: Optional[pulumi.Input[str]] = None,
|
235
322
|
secret_name_template: Optional[pulumi.Input[str]] = None,
|
236
323
|
__props__=None):
|
237
324
|
"""
|
238
325
|
## Example Usage
|
239
326
|
|
240
|
-
<!--Start PulumiCodeChooser -->
|
241
327
|
```python
|
242
328
|
import pulumi
|
329
|
+
import pulumi_std as std
|
243
330
|
import pulumi_vault as vault
|
244
331
|
|
245
332
|
gcp = vault.secrets.SyncGcpDestination("gcp",
|
246
|
-
|
333
|
+
name="gcp-dest",
|
334
|
+
project_id="gcp-project-id",
|
335
|
+
credentials=std.file(input=credentials_file).result,
|
247
336
|
secret_name_template="vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}",
|
248
337
|
custom_tags={
|
249
338
|
"foo": "bar",
|
250
339
|
})
|
251
340
|
```
|
252
|
-
<!--End PulumiCodeChooser -->
|
253
341
|
|
254
342
|
## Import
|
255
343
|
|
@@ -264,11 +352,17 @@ class SyncGcpDestination(pulumi.CustomResource):
|
|
264
352
|
:param pulumi.Input[str] credentials: JSON-encoded credentials to use to connect to GCP.
|
265
353
|
Can be omitted and directly provided to Vault using the `GOOGLE_APPLICATION_CREDENTIALS` environment
|
266
354
|
variable.
|
267
|
-
:param pulumi.Input[Mapping[str,
|
355
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] custom_tags: Custom tags to set on the secret managed at the destination.
|
356
|
+
:param pulumi.Input[str] granularity: Determines what level of information is synced as a distinct resource
|
357
|
+
at the destination. Supports `secret-path` and `secret-key`.
|
268
358
|
:param pulumi.Input[str] name: Unique name of the GCP destination.
|
269
359
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
270
360
|
The value should not contain leading or trailing forward slashes.
|
271
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
361
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
362
|
+
:param pulumi.Input[str] project_id: The target project to manage secrets in. If set,
|
363
|
+
overrides the project ID derived from the service account JSON credentials or application
|
364
|
+
default credentials. The service account must be [authorized](https://cloud.google.com/iam/docs/service-account-overview#locations)
|
365
|
+
to perform Secret Manager actions in the target project.
|
272
366
|
:param pulumi.Input[str] secret_name_template: Template describing how to generate external secret names.
|
273
367
|
Supports a subset of the Go Template syntax.
|
274
368
|
"""
|
@@ -281,19 +375,20 @@ class SyncGcpDestination(pulumi.CustomResource):
|
|
281
375
|
"""
|
282
376
|
## Example Usage
|
283
377
|
|
284
|
-
<!--Start PulumiCodeChooser -->
|
285
378
|
```python
|
286
379
|
import pulumi
|
380
|
+
import pulumi_std as std
|
287
381
|
import pulumi_vault as vault
|
288
382
|
|
289
383
|
gcp = vault.secrets.SyncGcpDestination("gcp",
|
290
|
-
|
384
|
+
name="gcp-dest",
|
385
|
+
project_id="gcp-project-id",
|
386
|
+
credentials=std.file(input=credentials_file).result,
|
291
387
|
secret_name_template="vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}",
|
292
388
|
custom_tags={
|
293
389
|
"foo": "bar",
|
294
390
|
})
|
295
391
|
```
|
296
|
-
<!--End PulumiCodeChooser -->
|
297
392
|
|
298
393
|
## Import
|
299
394
|
|
@@ -319,9 +414,11 @@ class SyncGcpDestination(pulumi.CustomResource):
|
|
319
414
|
resource_name: str,
|
320
415
|
opts: Optional[pulumi.ResourceOptions] = None,
|
321
416
|
credentials: Optional[pulumi.Input[str]] = None,
|
322
|
-
custom_tags: Optional[pulumi.Input[Mapping[str,
|
417
|
+
custom_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
418
|
+
granularity: Optional[pulumi.Input[str]] = None,
|
323
419
|
name: Optional[pulumi.Input[str]] = None,
|
324
420
|
namespace: Optional[pulumi.Input[str]] = None,
|
421
|
+
project_id: Optional[pulumi.Input[str]] = None,
|
325
422
|
secret_name_template: Optional[pulumi.Input[str]] = None,
|
326
423
|
__props__=None):
|
327
424
|
opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
|
@@ -334,8 +431,10 @@ class SyncGcpDestination(pulumi.CustomResource):
|
|
334
431
|
|
335
432
|
__props__.__dict__["credentials"] = None if credentials is None else pulumi.Output.secret(credentials)
|
336
433
|
__props__.__dict__["custom_tags"] = custom_tags
|
434
|
+
__props__.__dict__["granularity"] = granularity
|
337
435
|
__props__.__dict__["name"] = name
|
338
436
|
__props__.__dict__["namespace"] = namespace
|
437
|
+
__props__.__dict__["project_id"] = project_id
|
339
438
|
__props__.__dict__["secret_name_template"] = secret_name_template
|
340
439
|
__props__.__dict__["type"] = None
|
341
440
|
secret_opts = pulumi.ResourceOptions(additional_secret_outputs=["credentials"])
|
@@ -351,9 +450,11 @@ class SyncGcpDestination(pulumi.CustomResource):
|
|
351
450
|
id: pulumi.Input[str],
|
352
451
|
opts: Optional[pulumi.ResourceOptions] = None,
|
353
452
|
credentials: Optional[pulumi.Input[str]] = None,
|
354
|
-
custom_tags: Optional[pulumi.Input[Mapping[str,
|
453
|
+
custom_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
454
|
+
granularity: Optional[pulumi.Input[str]] = None,
|
355
455
|
name: Optional[pulumi.Input[str]] = None,
|
356
456
|
namespace: Optional[pulumi.Input[str]] = None,
|
457
|
+
project_id: Optional[pulumi.Input[str]] = None,
|
357
458
|
secret_name_template: Optional[pulumi.Input[str]] = None,
|
358
459
|
type: Optional[pulumi.Input[str]] = None) -> 'SyncGcpDestination':
|
359
460
|
"""
|
@@ -366,11 +467,17 @@ class SyncGcpDestination(pulumi.CustomResource):
|
|
366
467
|
:param pulumi.Input[str] credentials: JSON-encoded credentials to use to connect to GCP.
|
367
468
|
Can be omitted and directly provided to Vault using the `GOOGLE_APPLICATION_CREDENTIALS` environment
|
368
469
|
variable.
|
369
|
-
:param pulumi.Input[Mapping[str,
|
470
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] custom_tags: Custom tags to set on the secret managed at the destination.
|
471
|
+
:param pulumi.Input[str] granularity: Determines what level of information is synced as a distinct resource
|
472
|
+
at the destination. Supports `secret-path` and `secret-key`.
|
370
473
|
:param pulumi.Input[str] name: Unique name of the GCP destination.
|
371
474
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
372
475
|
The value should not contain leading or trailing forward slashes.
|
373
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
476
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
477
|
+
:param pulumi.Input[str] project_id: The target project to manage secrets in. If set,
|
478
|
+
overrides the project ID derived from the service account JSON credentials or application
|
479
|
+
default credentials. The service account must be [authorized](https://cloud.google.com/iam/docs/service-account-overview#locations)
|
480
|
+
to perform Secret Manager actions in the target project.
|
374
481
|
:param pulumi.Input[str] secret_name_template: Template describing how to generate external secret names.
|
375
482
|
Supports a subset of the Go Template syntax.
|
376
483
|
:param pulumi.Input[str] type: The type of the secrets destination (`gcp-sm`).
|
@@ -381,8 +488,10 @@ class SyncGcpDestination(pulumi.CustomResource):
|
|
381
488
|
|
382
489
|
__props__.__dict__["credentials"] = credentials
|
383
490
|
__props__.__dict__["custom_tags"] = custom_tags
|
491
|
+
__props__.__dict__["granularity"] = granularity
|
384
492
|
__props__.__dict__["name"] = name
|
385
493
|
__props__.__dict__["namespace"] = namespace
|
494
|
+
__props__.__dict__["project_id"] = project_id
|
386
495
|
__props__.__dict__["secret_name_template"] = secret_name_template
|
387
496
|
__props__.__dict__["type"] = type
|
388
497
|
return SyncGcpDestination(resource_name, opts=opts, __props__=__props__)
|
@@ -399,12 +508,21 @@ class SyncGcpDestination(pulumi.CustomResource):
|
|
399
508
|
|
400
509
|
@property
|
401
510
|
@pulumi.getter(name="customTags")
|
402
|
-
def custom_tags(self) -> pulumi.Output[Optional[Mapping[str,
|
511
|
+
def custom_tags(self) -> pulumi.Output[Optional[Mapping[str, str]]]:
|
403
512
|
"""
|
404
513
|
Custom tags to set on the secret managed at the destination.
|
405
514
|
"""
|
406
515
|
return pulumi.get(self, "custom_tags")
|
407
516
|
|
517
|
+
@property
|
518
|
+
@pulumi.getter
|
519
|
+
def granularity(self) -> pulumi.Output[Optional[str]]:
|
520
|
+
"""
|
521
|
+
Determines what level of information is synced as a distinct resource
|
522
|
+
at the destination. Supports `secret-path` and `secret-key`.
|
523
|
+
"""
|
524
|
+
return pulumi.get(self, "granularity")
|
525
|
+
|
408
526
|
@property
|
409
527
|
@pulumi.getter
|
410
528
|
def name(self) -> pulumi.Output[str]:
|
@@ -419,10 +537,21 @@ class SyncGcpDestination(pulumi.CustomResource):
|
|
419
537
|
"""
|
420
538
|
The namespace to provision the resource in.
|
421
539
|
The value should not contain leading or trailing forward slashes.
|
422
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
540
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
423
541
|
"""
|
424
542
|
return pulumi.get(self, "namespace")
|
425
543
|
|
544
|
+
@property
|
545
|
+
@pulumi.getter(name="projectId")
|
546
|
+
def project_id(self) -> pulumi.Output[Optional[str]]:
|
547
|
+
"""
|
548
|
+
The target project to manage secrets in. If set,
|
549
|
+
overrides the project ID derived from the service account JSON credentials or application
|
550
|
+
default credentials. The service account must be [authorized](https://cloud.google.com/iam/docs/service-account-overview#locations)
|
551
|
+
to perform Secret Manager actions in the target project.
|
552
|
+
"""
|
553
|
+
return pulumi.get(self, "project_id")
|
554
|
+
|
426
555
|
@property
|
427
556
|
@pulumi.getter(name="secretNameTemplate")
|
428
557
|
def secret_name_template(self) -> pulumi.Output[str]:
|