pulumi-vault 5.21.0a1710160723__py3-none-any.whl → 6.5.0a1736836139__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +52 -0
- pulumi_vault/_inputs.py +560 -0
- pulumi_vault/_utilities.py +41 -5
- pulumi_vault/ad/get_access_credentials.py +22 -7
- pulumi_vault/ad/secret_backend.py +14 -144
- pulumi_vault/ad/secret_library.py +14 -11
- pulumi_vault/ad/secret_role.py +12 -11
- pulumi_vault/alicloud/auth_backend_role.py +74 -192
- pulumi_vault/approle/auth_backend_login.py +12 -11
- pulumi_vault/approle/auth_backend_role.py +75 -193
- pulumi_vault/approle/auth_backend_role_secret_id.py +106 -11
- pulumi_vault/approle/get_auth_backend_role_id.py +18 -9
- pulumi_vault/audit.py +24 -27
- pulumi_vault/audit_request_header.py +11 -6
- pulumi_vault/auth_backend.py +64 -12
- pulumi_vault/aws/auth_backend_cert.py +12 -7
- pulumi_vault/aws/auth_backend_client.py +265 -24
- pulumi_vault/aws/auth_backend_config_identity.py +12 -11
- pulumi_vault/aws/auth_backend_identity_whitelist.py +18 -17
- pulumi_vault/aws/auth_backend_login.py +19 -22
- pulumi_vault/aws/auth_backend_role.py +75 -193
- pulumi_vault/aws/auth_backend_role_tag.py +12 -7
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -17
- pulumi_vault/aws/auth_backend_sts_role.py +12 -11
- pulumi_vault/aws/get_access_credentials.py +34 -7
- pulumi_vault/aws/get_static_access_credentials.py +19 -5
- pulumi_vault/aws/secret_backend.py +75 -7
- pulumi_vault/aws/secret_backend_role.py +183 -11
- pulumi_vault/aws/secret_backend_static_role.py +14 -11
- pulumi_vault/azure/_inputs.py +24 -0
- pulumi_vault/azure/auth_backend_config.py +151 -17
- pulumi_vault/azure/auth_backend_role.py +75 -193
- pulumi_vault/azure/backend.py +223 -29
- pulumi_vault/azure/backend_role.py +42 -41
- pulumi_vault/azure/get_access_credentials.py +39 -11
- pulumi_vault/azure/outputs.py +5 -0
- pulumi_vault/cert_auth_backend_role.py +87 -271
- pulumi_vault/config/__init__.pyi +5 -0
- pulumi_vault/config/_inputs.py +73 -0
- pulumi_vault/config/outputs.py +35 -0
- pulumi_vault/config/ui_custom_message.py +529 -0
- pulumi_vault/config/vars.py +5 -0
- pulumi_vault/consul/secret_backend.py +22 -25
- pulumi_vault/consul/secret_backend_role.py +14 -80
- pulumi_vault/database/_inputs.py +2770 -881
- pulumi_vault/database/outputs.py +721 -838
- pulumi_vault/database/secret_backend_connection.py +117 -114
- pulumi_vault/database/secret_backend_role.py +29 -24
- pulumi_vault/database/secret_backend_static_role.py +85 -15
- pulumi_vault/database/secrets_mount.py +425 -138
- pulumi_vault/egp_policy.py +16 -15
- pulumi_vault/gcp/_inputs.py +111 -0
- pulumi_vault/gcp/auth_backend.py +248 -35
- pulumi_vault/gcp/auth_backend_role.py +75 -271
- pulumi_vault/gcp/get_auth_backend_role.py +43 -9
- pulumi_vault/gcp/outputs.py +5 -0
- pulumi_vault/gcp/secret_backend.py +287 -16
- pulumi_vault/gcp/secret_impersonated_account.py +74 -17
- pulumi_vault/gcp/secret_roleset.py +29 -26
- pulumi_vault/gcp/secret_static_account.py +37 -34
- pulumi_vault/generic/endpoint.py +22 -21
- pulumi_vault/generic/get_secret.py +68 -12
- pulumi_vault/generic/secret.py +19 -14
- pulumi_vault/get_auth_backend.py +24 -11
- pulumi_vault/get_auth_backends.py +33 -11
- pulumi_vault/get_namespace.py +226 -0
- pulumi_vault/get_namespaces.py +153 -0
- pulumi_vault/get_nomad_access_token.py +31 -15
- pulumi_vault/get_policy_document.py +34 -23
- pulumi_vault/get_raft_autopilot_state.py +29 -14
- pulumi_vault/github/_inputs.py +55 -0
- pulumi_vault/github/auth_backend.py +17 -16
- pulumi_vault/github/outputs.py +5 -0
- pulumi_vault/github/team.py +14 -13
- pulumi_vault/github/user.py +14 -13
- pulumi_vault/identity/entity.py +18 -15
- pulumi_vault/identity/entity_alias.py +18 -15
- pulumi_vault/identity/entity_policies.py +24 -19
- pulumi_vault/identity/get_entity.py +40 -14
- pulumi_vault/identity/get_group.py +45 -13
- pulumi_vault/identity/get_oidc_client_creds.py +21 -11
- pulumi_vault/identity/get_oidc_openid_config.py +39 -13
- pulumi_vault/identity/get_oidc_public_keys.py +29 -14
- pulumi_vault/identity/group.py +50 -49
- pulumi_vault/identity/group_alias.py +14 -11
- pulumi_vault/identity/group_member_entity_ids.py +24 -74
- pulumi_vault/identity/group_member_group_ids.py +36 -27
- pulumi_vault/identity/group_policies.py +16 -15
- pulumi_vault/identity/mfa_duo.py +9 -8
- pulumi_vault/identity/mfa_login_enforcement.py +13 -8
- pulumi_vault/identity/mfa_okta.py +9 -8
- pulumi_vault/identity/mfa_pingid.py +5 -4
- pulumi_vault/identity/mfa_totp.py +5 -4
- pulumi_vault/identity/oidc.py +12 -11
- pulumi_vault/identity/oidc_assignment.py +22 -13
- pulumi_vault/identity/oidc_client.py +34 -25
- pulumi_vault/identity/oidc_key.py +28 -19
- pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -19
- pulumi_vault/identity/oidc_provider.py +34 -23
- pulumi_vault/identity/oidc_role.py +40 -27
- pulumi_vault/identity/oidc_scope.py +18 -15
- pulumi_vault/identity/outputs.py +8 -3
- pulumi_vault/jwt/_inputs.py +55 -0
- pulumi_vault/jwt/auth_backend.py +39 -46
- pulumi_vault/jwt/auth_backend_role.py +131 -260
- pulumi_vault/jwt/outputs.py +5 -0
- pulumi_vault/kmip/secret_backend.py +22 -21
- pulumi_vault/kmip/secret_role.py +12 -11
- pulumi_vault/kmip/secret_scope.py +12 -11
- pulumi_vault/kubernetes/auth_backend_config.py +55 -7
- pulumi_vault/kubernetes/auth_backend_role.py +68 -179
- pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
- pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
- pulumi_vault/kubernetes/get_service_account_token.py +39 -15
- pulumi_vault/kubernetes/secret_backend.py +314 -29
- pulumi_vault/kubernetes/secret_backend_role.py +135 -56
- pulumi_vault/kv/_inputs.py +36 -4
- pulumi_vault/kv/get_secret.py +23 -12
- pulumi_vault/kv/get_secret_subkeys_v2.py +31 -14
- pulumi_vault/kv/get_secret_v2.py +89 -9
- pulumi_vault/kv/get_secrets_list.py +22 -15
- pulumi_vault/kv/get_secrets_list_v2.py +35 -19
- pulumi_vault/kv/outputs.py +8 -3
- pulumi_vault/kv/secret.py +19 -18
- pulumi_vault/kv/secret_backend_v2.py +12 -11
- pulumi_vault/kv/secret_v2.py +55 -52
- pulumi_vault/ldap/auth_backend.py +125 -168
- pulumi_vault/ldap/auth_backend_group.py +12 -11
- pulumi_vault/ldap/auth_backend_user.py +12 -11
- pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
- pulumi_vault/ldap/get_static_credentials.py +24 -5
- pulumi_vault/ldap/secret_backend.py +352 -84
- pulumi_vault/ldap/secret_backend_dynamic_role.py +12 -11
- pulumi_vault/ldap/secret_backend_library_set.py +14 -11
- pulumi_vault/ldap/secret_backend_static_role.py +67 -12
- pulumi_vault/managed/_inputs.py +289 -132
- pulumi_vault/managed/keys.py +27 -43
- pulumi_vault/managed/outputs.py +89 -132
- pulumi_vault/mfa_duo.py +16 -13
- pulumi_vault/mfa_okta.py +16 -13
- pulumi_vault/mfa_pingid.py +16 -13
- pulumi_vault/mfa_totp.py +22 -19
- pulumi_vault/mongodbatlas/secret_backend.py +18 -17
- pulumi_vault/mongodbatlas/secret_role.py +41 -38
- pulumi_vault/mount.py +389 -65
- pulumi_vault/namespace.py +26 -21
- pulumi_vault/nomad_secret_backend.py +16 -15
- pulumi_vault/nomad_secret_role.py +12 -11
- pulumi_vault/okta/_inputs.py +47 -8
- pulumi_vault/okta/auth_backend.py +483 -41
- pulumi_vault/okta/auth_backend_group.py +12 -11
- pulumi_vault/okta/auth_backend_user.py +12 -11
- pulumi_vault/okta/outputs.py +13 -8
- pulumi_vault/outputs.py +5 -0
- pulumi_vault/password_policy.py +18 -15
- pulumi_vault/pkisecret/__init__.py +3 -0
- pulumi_vault/pkisecret/_inputs.py +81 -0
- pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
- pulumi_vault/pkisecret/backend_config_est.py +619 -0
- pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
- pulumi_vault/pkisecret/get_backend_issuer.py +63 -7
- pulumi_vault/pkisecret/get_backend_issuers.py +21 -12
- pulumi_vault/pkisecret/get_backend_key.py +24 -13
- pulumi_vault/pkisecret/get_backend_keys.py +21 -12
- pulumi_vault/pkisecret/outputs.py +69 -0
- pulumi_vault/pkisecret/secret_backend_cert.py +18 -15
- pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -15
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +12 -11
- pulumi_vault/pkisecret/secret_backend_config_urls.py +59 -11
- pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -13
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -15
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -21
- pulumi_vault/pkisecret/secret_backend_issuer.py +12 -11
- pulumi_vault/pkisecret/secret_backend_key.py +12 -7
- pulumi_vault/pkisecret/secret_backend_role.py +19 -16
- pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -52
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -62
- pulumi_vault/pkisecret/secret_backend_sign.py +18 -60
- pulumi_vault/plugin.py +595 -0
- pulumi_vault/plugin_pinned_version.py +298 -0
- pulumi_vault/policy.py +12 -7
- pulumi_vault/provider.py +48 -53
- pulumi_vault/pulumi-plugin.json +2 -1
- pulumi_vault/quota_lease_count.py +58 -8
- pulumi_vault/quota_rate_limit.py +54 -4
- pulumi_vault/rabbitmq/_inputs.py +61 -0
- pulumi_vault/rabbitmq/outputs.py +5 -0
- pulumi_vault/rabbitmq/secret_backend.py +16 -15
- pulumi_vault/rabbitmq/secret_backend_role.py +52 -49
- pulumi_vault/raft_autopilot.py +12 -11
- pulumi_vault/raft_snapshot_agent_config.py +121 -311
- pulumi_vault/rgp_policy.py +14 -13
- pulumi_vault/saml/auth_backend.py +20 -19
- pulumi_vault/saml/auth_backend_role.py +90 -199
- pulumi_vault/secrets/__init__.py +3 -0
- pulumi_vault/secrets/_inputs.py +110 -0
- pulumi_vault/secrets/outputs.py +94 -0
- pulumi_vault/secrets/sync_association.py +56 -75
- pulumi_vault/secrets/sync_aws_destination.py +240 -29
- pulumi_vault/secrets/sync_azure_destination.py +90 -33
- pulumi_vault/secrets/sync_config.py +7 -6
- pulumi_vault/secrets/sync_gcp_destination.py +156 -27
- pulumi_vault/secrets/sync_gh_destination.py +187 -15
- pulumi_vault/secrets/sync_github_apps.py +375 -0
- pulumi_vault/secrets/sync_vercel_destination.py +72 -15
- pulumi_vault/ssh/_inputs.py +28 -32
- pulumi_vault/ssh/outputs.py +11 -32
- pulumi_vault/ssh/secret_backend_ca.py +106 -11
- pulumi_vault/ssh/secret_backend_role.py +83 -120
- pulumi_vault/terraformcloud/secret_backend.py +5 -56
- pulumi_vault/terraformcloud/secret_creds.py +14 -24
- pulumi_vault/terraformcloud/secret_role.py +14 -76
- pulumi_vault/token.py +26 -25
- pulumi_vault/tokenauth/auth_backend_role.py +76 -201
- pulumi_vault/transform/alphabet.py +16 -13
- pulumi_vault/transform/get_decode.py +45 -21
- pulumi_vault/transform/get_encode.py +45 -21
- pulumi_vault/transform/role.py +16 -13
- pulumi_vault/transform/template.py +30 -25
- pulumi_vault/transform/transformation.py +12 -7
- pulumi_vault/transit/get_decrypt.py +26 -25
- pulumi_vault/transit/get_encrypt.py +24 -19
- pulumi_vault/transit/secret_backend_key.py +25 -97
- pulumi_vault/transit/secret_cache_config.py +12 -11
- {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/METADATA +8 -7
- pulumi_vault-6.5.0a1736836139.dist-info/RECORD +256 -0
- {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/WHEEL +1 -1
- pulumi_vault-5.21.0a1710160723.dist-info/RECORD +0 -244
- {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/top_level.txt +0 -0
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
from . import outputs
|
12
17
|
from ._inputs import *
|
@@ -20,6 +25,7 @@ class SecretBackendRoleArgs:
|
|
20
25
|
key_type: pulumi.Input[str],
|
21
26
|
algorithm_signer: Optional[pulumi.Input[str]] = None,
|
22
27
|
allow_bare_domains: Optional[pulumi.Input[bool]] = None,
|
28
|
+
allow_empty_principals: Optional[pulumi.Input[bool]] = None,
|
23
29
|
allow_host_certificates: Optional[pulumi.Input[bool]] = None,
|
24
30
|
allow_subdomains: Optional[pulumi.Input[bool]] = None,
|
25
31
|
allow_user_certificates: Optional[pulumi.Input[bool]] = None,
|
@@ -29,12 +35,11 @@ class SecretBackendRoleArgs:
|
|
29
35
|
allowed_domains_template: Optional[pulumi.Input[bool]] = None,
|
30
36
|
allowed_extensions: Optional[pulumi.Input[str]] = None,
|
31
37
|
allowed_user_key_configs: Optional[pulumi.Input[Sequence[pulumi.Input['SecretBackendRoleAllowedUserKeyConfigArgs']]]] = None,
|
32
|
-
allowed_user_key_lengths: Optional[pulumi.Input[Mapping[str, pulumi.Input[int]]]] = None,
|
33
38
|
allowed_users: Optional[pulumi.Input[str]] = None,
|
34
39
|
allowed_users_template: Optional[pulumi.Input[bool]] = None,
|
35
40
|
cidr_list: Optional[pulumi.Input[str]] = None,
|
36
|
-
default_critical_options: Optional[pulumi.Input[Mapping[str,
|
37
|
-
default_extensions: Optional[pulumi.Input[Mapping[str,
|
41
|
+
default_critical_options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
42
|
+
default_extensions: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
38
43
|
default_user: Optional[pulumi.Input[str]] = None,
|
39
44
|
default_user_template: Optional[pulumi.Input[bool]] = None,
|
40
45
|
key_id_format: Optional[pulumi.Input[str]] = None,
|
@@ -61,14 +66,11 @@ class SecretBackendRoleArgs:
|
|
61
66
|
:param pulumi.Input[Sequence[pulumi.Input['SecretBackendRoleAllowedUserKeyConfigArgs']]] allowed_user_key_configs: Set of configuration blocks to define allowed
|
62
67
|
user key configuration, like key type and their lengths. Can be specified multiple times.
|
63
68
|
*See Configuration-Options for more info*
|
64
|
-
:param pulumi.Input[Mapping[str, pulumi.Input[int]]] allowed_user_key_lengths: Specifies a map of ssh key types and their expected sizes which
|
65
|
-
are allowed to be signed by the CA type.
|
66
|
-
*Deprecated: use* allowed_user_key_config *instead*
|
67
69
|
:param pulumi.Input[str] allowed_users: Specifies a comma-separated list of usernames that are to be allowed, only if certain usernames are to be allowed.
|
68
70
|
:param pulumi.Input[bool] allowed_users_template: Specifies if `allowed_users` can be declared using identity template policies. Non-templated users are also permitted.
|
69
71
|
:param pulumi.Input[str] cidr_list: The comma-separated string of CIDR blocks for which this role is applicable.
|
70
|
-
:param pulumi.Input[Mapping[str,
|
71
|
-
:param pulumi.Input[Mapping[str,
|
72
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] default_critical_options: Specifies a map of critical options that certificates have when signed.
|
73
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] default_extensions: Specifies a map of extensions that certificates have when signed.
|
72
74
|
:param pulumi.Input[str] default_user: Specifies the default username for which a credential will be generated.
|
73
75
|
:param pulumi.Input[bool] default_user_template: If set, `default_users` can be specified using identity template values. A non-templated user is also permitted.
|
74
76
|
:param pulumi.Input[str] key_id_format: Specifies a custom format for the key id of a signed certificate.
|
@@ -76,7 +78,7 @@ class SecretBackendRoleArgs:
|
|
76
78
|
:param pulumi.Input[str] name: Specifies the name of the role to create.
|
77
79
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
78
80
|
The value should not contain leading or trailing forward slashes.
|
79
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
81
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
80
82
|
*Available only for Vault Enterprise*.
|
81
83
|
:param pulumi.Input[str] not_before_duration: Specifies the duration by which to backdate the ValidAfter property. Uses duration format strings.
|
82
84
|
:param pulumi.Input[str] ttl: Specifies the Time To Live value.
|
@@ -87,6 +89,8 @@ class SecretBackendRoleArgs:
|
|
87
89
|
pulumi.set(__self__, "algorithm_signer", algorithm_signer)
|
88
90
|
if allow_bare_domains is not None:
|
89
91
|
pulumi.set(__self__, "allow_bare_domains", allow_bare_domains)
|
92
|
+
if allow_empty_principals is not None:
|
93
|
+
pulumi.set(__self__, "allow_empty_principals", allow_empty_principals)
|
90
94
|
if allow_host_certificates is not None:
|
91
95
|
pulumi.set(__self__, "allow_host_certificates", allow_host_certificates)
|
92
96
|
if allow_subdomains is not None:
|
@@ -105,11 +109,6 @@ class SecretBackendRoleArgs:
|
|
105
109
|
pulumi.set(__self__, "allowed_extensions", allowed_extensions)
|
106
110
|
if allowed_user_key_configs is not None:
|
107
111
|
pulumi.set(__self__, "allowed_user_key_configs", allowed_user_key_configs)
|
108
|
-
if allowed_user_key_lengths is not None:
|
109
|
-
warnings.warn("""Set in allowed_user_key_config""", DeprecationWarning)
|
110
|
-
pulumi.log.warn("""allowed_user_key_lengths is deprecated: Set in allowed_user_key_config""")
|
111
|
-
if allowed_user_key_lengths is not None:
|
112
|
-
pulumi.set(__self__, "allowed_user_key_lengths", allowed_user_key_lengths)
|
113
112
|
if allowed_users is not None:
|
114
113
|
pulumi.set(__self__, "allowed_users", allowed_users)
|
115
114
|
if allowed_users_template is not None:
|
@@ -185,6 +184,15 @@ class SecretBackendRoleArgs:
|
|
185
184
|
def allow_bare_domains(self, value: Optional[pulumi.Input[bool]]):
|
186
185
|
pulumi.set(self, "allow_bare_domains", value)
|
187
186
|
|
187
|
+
@property
|
188
|
+
@pulumi.getter(name="allowEmptyPrincipals")
|
189
|
+
def allow_empty_principals(self) -> Optional[pulumi.Input[bool]]:
|
190
|
+
return pulumi.get(self, "allow_empty_principals")
|
191
|
+
|
192
|
+
@allow_empty_principals.setter
|
193
|
+
def allow_empty_principals(self, value: Optional[pulumi.Input[bool]]):
|
194
|
+
pulumi.set(self, "allow_empty_principals", value)
|
195
|
+
|
188
196
|
@property
|
189
197
|
@pulumi.getter(name="allowHostCertificates")
|
190
198
|
def allow_host_certificates(self) -> Optional[pulumi.Input[bool]]:
|
@@ -296,23 +304,6 @@ class SecretBackendRoleArgs:
|
|
296
304
|
def allowed_user_key_configs(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['SecretBackendRoleAllowedUserKeyConfigArgs']]]]):
|
297
305
|
pulumi.set(self, "allowed_user_key_configs", value)
|
298
306
|
|
299
|
-
@property
|
300
|
-
@pulumi.getter(name="allowedUserKeyLengths")
|
301
|
-
def allowed_user_key_lengths(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[int]]]]:
|
302
|
-
"""
|
303
|
-
Specifies a map of ssh key types and their expected sizes which
|
304
|
-
are allowed to be signed by the CA type.
|
305
|
-
*Deprecated: use* allowed_user_key_config *instead*
|
306
|
-
"""
|
307
|
-
warnings.warn("""Set in allowed_user_key_config""", DeprecationWarning)
|
308
|
-
pulumi.log.warn("""allowed_user_key_lengths is deprecated: Set in allowed_user_key_config""")
|
309
|
-
|
310
|
-
return pulumi.get(self, "allowed_user_key_lengths")
|
311
|
-
|
312
|
-
@allowed_user_key_lengths.setter
|
313
|
-
def allowed_user_key_lengths(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[int]]]]):
|
314
|
-
pulumi.set(self, "allowed_user_key_lengths", value)
|
315
|
-
|
316
307
|
@property
|
317
308
|
@pulumi.getter(name="allowedUsers")
|
318
309
|
def allowed_users(self) -> Optional[pulumi.Input[str]]:
|
@@ -351,26 +342,26 @@ class SecretBackendRoleArgs:
|
|
351
342
|
|
352
343
|
@property
|
353
344
|
@pulumi.getter(name="defaultCriticalOptions")
|
354
|
-
def default_critical_options(self) -> Optional[pulumi.Input[Mapping[str,
|
345
|
+
def default_critical_options(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
|
355
346
|
"""
|
356
347
|
Specifies a map of critical options that certificates have when signed.
|
357
348
|
"""
|
358
349
|
return pulumi.get(self, "default_critical_options")
|
359
350
|
|
360
351
|
@default_critical_options.setter
|
361
|
-
def default_critical_options(self, value: Optional[pulumi.Input[Mapping[str,
|
352
|
+
def default_critical_options(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
|
362
353
|
pulumi.set(self, "default_critical_options", value)
|
363
354
|
|
364
355
|
@property
|
365
356
|
@pulumi.getter(name="defaultExtensions")
|
366
|
-
def default_extensions(self) -> Optional[pulumi.Input[Mapping[str,
|
357
|
+
def default_extensions(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
|
367
358
|
"""
|
368
359
|
Specifies a map of extensions that certificates have when signed.
|
369
360
|
"""
|
370
361
|
return pulumi.get(self, "default_extensions")
|
371
362
|
|
372
363
|
@default_extensions.setter
|
373
|
-
def default_extensions(self, value: Optional[pulumi.Input[Mapping[str,
|
364
|
+
def default_extensions(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
|
374
365
|
pulumi.set(self, "default_extensions", value)
|
375
366
|
|
376
367
|
@property
|
@@ -439,7 +430,7 @@ class SecretBackendRoleArgs:
|
|
439
430
|
"""
|
440
431
|
The namespace to provision the resource in.
|
441
432
|
The value should not contain leading or trailing forward slashes.
|
442
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
433
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
443
434
|
*Available only for Vault Enterprise*.
|
444
435
|
"""
|
445
436
|
return pulumi.get(self, "namespace")
|
@@ -478,6 +469,7 @@ class _SecretBackendRoleState:
|
|
478
469
|
def __init__(__self__, *,
|
479
470
|
algorithm_signer: Optional[pulumi.Input[str]] = None,
|
480
471
|
allow_bare_domains: Optional[pulumi.Input[bool]] = None,
|
472
|
+
allow_empty_principals: Optional[pulumi.Input[bool]] = None,
|
481
473
|
allow_host_certificates: Optional[pulumi.Input[bool]] = None,
|
482
474
|
allow_subdomains: Optional[pulumi.Input[bool]] = None,
|
483
475
|
allow_user_certificates: Optional[pulumi.Input[bool]] = None,
|
@@ -487,13 +479,12 @@ class _SecretBackendRoleState:
|
|
487
479
|
allowed_domains_template: Optional[pulumi.Input[bool]] = None,
|
488
480
|
allowed_extensions: Optional[pulumi.Input[str]] = None,
|
489
481
|
allowed_user_key_configs: Optional[pulumi.Input[Sequence[pulumi.Input['SecretBackendRoleAllowedUserKeyConfigArgs']]]] = None,
|
490
|
-
allowed_user_key_lengths: Optional[pulumi.Input[Mapping[str, pulumi.Input[int]]]] = None,
|
491
482
|
allowed_users: Optional[pulumi.Input[str]] = None,
|
492
483
|
allowed_users_template: Optional[pulumi.Input[bool]] = None,
|
493
484
|
backend: Optional[pulumi.Input[str]] = None,
|
494
485
|
cidr_list: Optional[pulumi.Input[str]] = None,
|
495
|
-
default_critical_options: Optional[pulumi.Input[Mapping[str,
|
496
|
-
default_extensions: Optional[pulumi.Input[Mapping[str,
|
486
|
+
default_critical_options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
487
|
+
default_extensions: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
497
488
|
default_user: Optional[pulumi.Input[str]] = None,
|
498
489
|
default_user_template: Optional[pulumi.Input[bool]] = None,
|
499
490
|
key_id_format: Optional[pulumi.Input[str]] = None,
|
@@ -519,15 +510,12 @@ class _SecretBackendRoleState:
|
|
519
510
|
:param pulumi.Input[Sequence[pulumi.Input['SecretBackendRoleAllowedUserKeyConfigArgs']]] allowed_user_key_configs: Set of configuration blocks to define allowed
|
520
511
|
user key configuration, like key type and their lengths. Can be specified multiple times.
|
521
512
|
*See Configuration-Options for more info*
|
522
|
-
:param pulumi.Input[Mapping[str, pulumi.Input[int]]] allowed_user_key_lengths: Specifies a map of ssh key types and their expected sizes which
|
523
|
-
are allowed to be signed by the CA type.
|
524
|
-
*Deprecated: use* allowed_user_key_config *instead*
|
525
513
|
:param pulumi.Input[str] allowed_users: Specifies a comma-separated list of usernames that are to be allowed, only if certain usernames are to be allowed.
|
526
514
|
:param pulumi.Input[bool] allowed_users_template: Specifies if `allowed_users` can be declared using identity template policies. Non-templated users are also permitted.
|
527
515
|
:param pulumi.Input[str] backend: The path where the SSH secret backend is mounted.
|
528
516
|
:param pulumi.Input[str] cidr_list: The comma-separated string of CIDR blocks for which this role is applicable.
|
529
|
-
:param pulumi.Input[Mapping[str,
|
530
|
-
:param pulumi.Input[Mapping[str,
|
517
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] default_critical_options: Specifies a map of critical options that certificates have when signed.
|
518
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] default_extensions: Specifies a map of extensions that certificates have when signed.
|
531
519
|
:param pulumi.Input[str] default_user: Specifies the default username for which a credential will be generated.
|
532
520
|
:param pulumi.Input[bool] default_user_template: If set, `default_users` can be specified using identity template values. A non-templated user is also permitted.
|
533
521
|
:param pulumi.Input[str] key_id_format: Specifies a custom format for the key id of a signed certificate.
|
@@ -536,7 +524,7 @@ class _SecretBackendRoleState:
|
|
536
524
|
:param pulumi.Input[str] name: Specifies the name of the role to create.
|
537
525
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
538
526
|
The value should not contain leading or trailing forward slashes.
|
539
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
527
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
540
528
|
*Available only for Vault Enterprise*.
|
541
529
|
:param pulumi.Input[str] not_before_duration: Specifies the duration by which to backdate the ValidAfter property. Uses duration format strings.
|
542
530
|
:param pulumi.Input[str] ttl: Specifies the Time To Live value.
|
@@ -545,6 +533,8 @@ class _SecretBackendRoleState:
|
|
545
533
|
pulumi.set(__self__, "algorithm_signer", algorithm_signer)
|
546
534
|
if allow_bare_domains is not None:
|
547
535
|
pulumi.set(__self__, "allow_bare_domains", allow_bare_domains)
|
536
|
+
if allow_empty_principals is not None:
|
537
|
+
pulumi.set(__self__, "allow_empty_principals", allow_empty_principals)
|
548
538
|
if allow_host_certificates is not None:
|
549
539
|
pulumi.set(__self__, "allow_host_certificates", allow_host_certificates)
|
550
540
|
if allow_subdomains is not None:
|
@@ -563,11 +553,6 @@ class _SecretBackendRoleState:
|
|
563
553
|
pulumi.set(__self__, "allowed_extensions", allowed_extensions)
|
564
554
|
if allowed_user_key_configs is not None:
|
565
555
|
pulumi.set(__self__, "allowed_user_key_configs", allowed_user_key_configs)
|
566
|
-
if allowed_user_key_lengths is not None:
|
567
|
-
warnings.warn("""Set in allowed_user_key_config""", DeprecationWarning)
|
568
|
-
pulumi.log.warn("""allowed_user_key_lengths is deprecated: Set in allowed_user_key_config""")
|
569
|
-
if allowed_user_key_lengths is not None:
|
570
|
-
pulumi.set(__self__, "allowed_user_key_lengths", allowed_user_key_lengths)
|
571
556
|
if allowed_users is not None:
|
572
557
|
pulumi.set(__self__, "allowed_users", allowed_users)
|
573
558
|
if allowed_users_template is not None:
|
@@ -623,6 +608,15 @@ class _SecretBackendRoleState:
|
|
623
608
|
def allow_bare_domains(self, value: Optional[pulumi.Input[bool]]):
|
624
609
|
pulumi.set(self, "allow_bare_domains", value)
|
625
610
|
|
611
|
+
@property
|
612
|
+
@pulumi.getter(name="allowEmptyPrincipals")
|
613
|
+
def allow_empty_principals(self) -> Optional[pulumi.Input[bool]]:
|
614
|
+
return pulumi.get(self, "allow_empty_principals")
|
615
|
+
|
616
|
+
@allow_empty_principals.setter
|
617
|
+
def allow_empty_principals(self, value: Optional[pulumi.Input[bool]]):
|
618
|
+
pulumi.set(self, "allow_empty_principals", value)
|
619
|
+
|
626
620
|
@property
|
627
621
|
@pulumi.getter(name="allowHostCertificates")
|
628
622
|
def allow_host_certificates(self) -> Optional[pulumi.Input[bool]]:
|
@@ -734,23 +728,6 @@ class _SecretBackendRoleState:
|
|
734
728
|
def allowed_user_key_configs(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['SecretBackendRoleAllowedUserKeyConfigArgs']]]]):
|
735
729
|
pulumi.set(self, "allowed_user_key_configs", value)
|
736
730
|
|
737
|
-
@property
|
738
|
-
@pulumi.getter(name="allowedUserKeyLengths")
|
739
|
-
def allowed_user_key_lengths(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[int]]]]:
|
740
|
-
"""
|
741
|
-
Specifies a map of ssh key types and their expected sizes which
|
742
|
-
are allowed to be signed by the CA type.
|
743
|
-
*Deprecated: use* allowed_user_key_config *instead*
|
744
|
-
"""
|
745
|
-
warnings.warn("""Set in allowed_user_key_config""", DeprecationWarning)
|
746
|
-
pulumi.log.warn("""allowed_user_key_lengths is deprecated: Set in allowed_user_key_config""")
|
747
|
-
|
748
|
-
return pulumi.get(self, "allowed_user_key_lengths")
|
749
|
-
|
750
|
-
@allowed_user_key_lengths.setter
|
751
|
-
def allowed_user_key_lengths(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[int]]]]):
|
752
|
-
pulumi.set(self, "allowed_user_key_lengths", value)
|
753
|
-
|
754
731
|
@property
|
755
732
|
@pulumi.getter(name="allowedUsers")
|
756
733
|
def allowed_users(self) -> Optional[pulumi.Input[str]]:
|
@@ -801,26 +778,26 @@ class _SecretBackendRoleState:
|
|
801
778
|
|
802
779
|
@property
|
803
780
|
@pulumi.getter(name="defaultCriticalOptions")
|
804
|
-
def default_critical_options(self) -> Optional[pulumi.Input[Mapping[str,
|
781
|
+
def default_critical_options(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
|
805
782
|
"""
|
806
783
|
Specifies a map of critical options that certificates have when signed.
|
807
784
|
"""
|
808
785
|
return pulumi.get(self, "default_critical_options")
|
809
786
|
|
810
787
|
@default_critical_options.setter
|
811
|
-
def default_critical_options(self, value: Optional[pulumi.Input[Mapping[str,
|
788
|
+
def default_critical_options(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
|
812
789
|
pulumi.set(self, "default_critical_options", value)
|
813
790
|
|
814
791
|
@property
|
815
792
|
@pulumi.getter(name="defaultExtensions")
|
816
|
-
def default_extensions(self) -> Optional[pulumi.Input[Mapping[str,
|
793
|
+
def default_extensions(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
|
817
794
|
"""
|
818
795
|
Specifies a map of extensions that certificates have when signed.
|
819
796
|
"""
|
820
797
|
return pulumi.get(self, "default_extensions")
|
821
798
|
|
822
799
|
@default_extensions.setter
|
823
|
-
def default_extensions(self, value: Optional[pulumi.Input[Mapping[str,
|
800
|
+
def default_extensions(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
|
824
801
|
pulumi.set(self, "default_extensions", value)
|
825
802
|
|
826
803
|
@property
|
@@ -901,7 +878,7 @@ class _SecretBackendRoleState:
|
|
901
878
|
"""
|
902
879
|
The namespace to provision the resource in.
|
903
880
|
The value should not contain leading or trailing forward slashes.
|
904
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
881
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
905
882
|
*Available only for Vault Enterprise*.
|
906
883
|
"""
|
907
884
|
return pulumi.get(self, "namespace")
|
@@ -942,6 +919,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
942
919
|
opts: Optional[pulumi.ResourceOptions] = None,
|
943
920
|
algorithm_signer: Optional[pulumi.Input[str]] = None,
|
944
921
|
allow_bare_domains: Optional[pulumi.Input[bool]] = None,
|
922
|
+
allow_empty_principals: Optional[pulumi.Input[bool]] = None,
|
945
923
|
allow_host_certificates: Optional[pulumi.Input[bool]] = None,
|
946
924
|
allow_subdomains: Optional[pulumi.Input[bool]] = None,
|
947
925
|
allow_user_certificates: Optional[pulumi.Input[bool]] = None,
|
@@ -950,14 +928,13 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
950
928
|
allowed_domains: Optional[pulumi.Input[str]] = None,
|
951
929
|
allowed_domains_template: Optional[pulumi.Input[bool]] = None,
|
952
930
|
allowed_extensions: Optional[pulumi.Input[str]] = None,
|
953
|
-
allowed_user_key_configs: Optional[pulumi.Input[Sequence[pulumi.Input[
|
954
|
-
allowed_user_key_lengths: Optional[pulumi.Input[Mapping[str, pulumi.Input[int]]]] = None,
|
931
|
+
allowed_user_key_configs: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretBackendRoleAllowedUserKeyConfigArgs', 'SecretBackendRoleAllowedUserKeyConfigArgsDict']]]]] = None,
|
955
932
|
allowed_users: Optional[pulumi.Input[str]] = None,
|
956
933
|
allowed_users_template: Optional[pulumi.Input[bool]] = None,
|
957
934
|
backend: Optional[pulumi.Input[str]] = None,
|
958
935
|
cidr_list: Optional[pulumi.Input[str]] = None,
|
959
|
-
default_critical_options: Optional[pulumi.Input[Mapping[str,
|
960
|
-
default_extensions: Optional[pulumi.Input[Mapping[str,
|
936
|
+
default_critical_options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
937
|
+
default_extensions: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
961
938
|
default_user: Optional[pulumi.Input[str]] = None,
|
962
939
|
default_user_template: Optional[pulumi.Input[bool]] = None,
|
963
940
|
key_id_format: Optional[pulumi.Input[str]] = None,
|
@@ -974,24 +951,24 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
974
951
|
|
975
952
|
## Example Usage
|
976
953
|
|
977
|
-
<!--Start PulumiCodeChooser -->
|
978
954
|
```python
|
979
955
|
import pulumi
|
980
956
|
import pulumi_vault as vault
|
981
957
|
|
982
958
|
example = vault.Mount("example", type="ssh")
|
983
959
|
foo = vault.ssh.SecretBackendRole("foo",
|
960
|
+
name="my-role",
|
984
961
|
backend=example.path,
|
985
962
|
key_type="ca",
|
986
963
|
allow_user_certificates=True)
|
987
964
|
bar = vault.ssh.SecretBackendRole("bar",
|
965
|
+
name="otp-role",
|
988
966
|
backend=example.path,
|
989
967
|
key_type="otp",
|
990
968
|
default_user="default",
|
991
969
|
allowed_users="default,baz",
|
992
970
|
cidr_list="0.0.0.0/0")
|
993
971
|
```
|
994
|
-
<!--End PulumiCodeChooser -->
|
995
972
|
|
996
973
|
## Import
|
997
974
|
|
@@ -1014,18 +991,15 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1014
991
|
:param pulumi.Input[bool] allowed_domains_template: Specifies if `allowed_domains` can be declared using
|
1015
992
|
identity template policies. Non-templated domains are also permitted.
|
1016
993
|
:param pulumi.Input[str] allowed_extensions: Specifies a comma-separated list of extensions that certificates can have when signed.
|
1017
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
994
|
+
:param pulumi.Input[Sequence[pulumi.Input[Union['SecretBackendRoleAllowedUserKeyConfigArgs', 'SecretBackendRoleAllowedUserKeyConfigArgsDict']]]] allowed_user_key_configs: Set of configuration blocks to define allowed
|
1018
995
|
user key configuration, like key type and their lengths. Can be specified multiple times.
|
1019
996
|
*See Configuration-Options for more info*
|
1020
|
-
:param pulumi.Input[Mapping[str, pulumi.Input[int]]] allowed_user_key_lengths: Specifies a map of ssh key types and their expected sizes which
|
1021
|
-
are allowed to be signed by the CA type.
|
1022
|
-
*Deprecated: use* allowed_user_key_config *instead*
|
1023
997
|
:param pulumi.Input[str] allowed_users: Specifies a comma-separated list of usernames that are to be allowed, only if certain usernames are to be allowed.
|
1024
998
|
:param pulumi.Input[bool] allowed_users_template: Specifies if `allowed_users` can be declared using identity template policies. Non-templated users are also permitted.
|
1025
999
|
:param pulumi.Input[str] backend: The path where the SSH secret backend is mounted.
|
1026
1000
|
:param pulumi.Input[str] cidr_list: The comma-separated string of CIDR blocks for which this role is applicable.
|
1027
|
-
:param pulumi.Input[Mapping[str,
|
1028
|
-
:param pulumi.Input[Mapping[str,
|
1001
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] default_critical_options: Specifies a map of critical options that certificates have when signed.
|
1002
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] default_extensions: Specifies a map of extensions that certificates have when signed.
|
1029
1003
|
:param pulumi.Input[str] default_user: Specifies the default username for which a credential will be generated.
|
1030
1004
|
:param pulumi.Input[bool] default_user_template: If set, `default_users` can be specified using identity template values. A non-templated user is also permitted.
|
1031
1005
|
:param pulumi.Input[str] key_id_format: Specifies a custom format for the key id of a signed certificate.
|
@@ -1034,7 +1008,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1034
1008
|
:param pulumi.Input[str] name: Specifies the name of the role to create.
|
1035
1009
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
1036
1010
|
The value should not contain leading or trailing forward slashes.
|
1037
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
1011
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
1038
1012
|
*Available only for Vault Enterprise*.
|
1039
1013
|
:param pulumi.Input[str] not_before_duration: Specifies the duration by which to backdate the ValidAfter property. Uses duration format strings.
|
1040
1014
|
:param pulumi.Input[str] ttl: Specifies the Time To Live value.
|
@@ -1051,24 +1025,24 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1051
1025
|
|
1052
1026
|
## Example Usage
|
1053
1027
|
|
1054
|
-
<!--Start PulumiCodeChooser -->
|
1055
1028
|
```python
|
1056
1029
|
import pulumi
|
1057
1030
|
import pulumi_vault as vault
|
1058
1031
|
|
1059
1032
|
example = vault.Mount("example", type="ssh")
|
1060
1033
|
foo = vault.ssh.SecretBackendRole("foo",
|
1034
|
+
name="my-role",
|
1061
1035
|
backend=example.path,
|
1062
1036
|
key_type="ca",
|
1063
1037
|
allow_user_certificates=True)
|
1064
1038
|
bar = vault.ssh.SecretBackendRole("bar",
|
1039
|
+
name="otp-role",
|
1065
1040
|
backend=example.path,
|
1066
1041
|
key_type="otp",
|
1067
1042
|
default_user="default",
|
1068
1043
|
allowed_users="default,baz",
|
1069
1044
|
cidr_list="0.0.0.0/0")
|
1070
1045
|
```
|
1071
|
-
<!--End PulumiCodeChooser -->
|
1072
1046
|
|
1073
1047
|
## Import
|
1074
1048
|
|
@@ -1095,6 +1069,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1095
1069
|
opts: Optional[pulumi.ResourceOptions] = None,
|
1096
1070
|
algorithm_signer: Optional[pulumi.Input[str]] = None,
|
1097
1071
|
allow_bare_domains: Optional[pulumi.Input[bool]] = None,
|
1072
|
+
allow_empty_principals: Optional[pulumi.Input[bool]] = None,
|
1098
1073
|
allow_host_certificates: Optional[pulumi.Input[bool]] = None,
|
1099
1074
|
allow_subdomains: Optional[pulumi.Input[bool]] = None,
|
1100
1075
|
allow_user_certificates: Optional[pulumi.Input[bool]] = None,
|
@@ -1103,14 +1078,13 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1103
1078
|
allowed_domains: Optional[pulumi.Input[str]] = None,
|
1104
1079
|
allowed_domains_template: Optional[pulumi.Input[bool]] = None,
|
1105
1080
|
allowed_extensions: Optional[pulumi.Input[str]] = None,
|
1106
|
-
allowed_user_key_configs: Optional[pulumi.Input[Sequence[pulumi.Input[
|
1107
|
-
allowed_user_key_lengths: Optional[pulumi.Input[Mapping[str, pulumi.Input[int]]]] = None,
|
1081
|
+
allowed_user_key_configs: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretBackendRoleAllowedUserKeyConfigArgs', 'SecretBackendRoleAllowedUserKeyConfigArgsDict']]]]] = None,
|
1108
1082
|
allowed_users: Optional[pulumi.Input[str]] = None,
|
1109
1083
|
allowed_users_template: Optional[pulumi.Input[bool]] = None,
|
1110
1084
|
backend: Optional[pulumi.Input[str]] = None,
|
1111
1085
|
cidr_list: Optional[pulumi.Input[str]] = None,
|
1112
|
-
default_critical_options: Optional[pulumi.Input[Mapping[str,
|
1113
|
-
default_extensions: Optional[pulumi.Input[Mapping[str,
|
1086
|
+
default_critical_options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
1087
|
+
default_extensions: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
1114
1088
|
default_user: Optional[pulumi.Input[str]] = None,
|
1115
1089
|
default_user_template: Optional[pulumi.Input[bool]] = None,
|
1116
1090
|
key_id_format: Optional[pulumi.Input[str]] = None,
|
@@ -1131,6 +1105,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1131
1105
|
|
1132
1106
|
__props__.__dict__["algorithm_signer"] = algorithm_signer
|
1133
1107
|
__props__.__dict__["allow_bare_domains"] = allow_bare_domains
|
1108
|
+
__props__.__dict__["allow_empty_principals"] = allow_empty_principals
|
1134
1109
|
__props__.__dict__["allow_host_certificates"] = allow_host_certificates
|
1135
1110
|
__props__.__dict__["allow_subdomains"] = allow_subdomains
|
1136
1111
|
__props__.__dict__["allow_user_certificates"] = allow_user_certificates
|
@@ -1140,7 +1115,6 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1140
1115
|
__props__.__dict__["allowed_domains_template"] = allowed_domains_template
|
1141
1116
|
__props__.__dict__["allowed_extensions"] = allowed_extensions
|
1142
1117
|
__props__.__dict__["allowed_user_key_configs"] = allowed_user_key_configs
|
1143
|
-
__props__.__dict__["allowed_user_key_lengths"] = allowed_user_key_lengths
|
1144
1118
|
__props__.__dict__["allowed_users"] = allowed_users
|
1145
1119
|
__props__.__dict__["allowed_users_template"] = allowed_users_template
|
1146
1120
|
if backend is None and not opts.urn:
|
@@ -1172,6 +1146,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1172
1146
|
opts: Optional[pulumi.ResourceOptions] = None,
|
1173
1147
|
algorithm_signer: Optional[pulumi.Input[str]] = None,
|
1174
1148
|
allow_bare_domains: Optional[pulumi.Input[bool]] = None,
|
1149
|
+
allow_empty_principals: Optional[pulumi.Input[bool]] = None,
|
1175
1150
|
allow_host_certificates: Optional[pulumi.Input[bool]] = None,
|
1176
1151
|
allow_subdomains: Optional[pulumi.Input[bool]] = None,
|
1177
1152
|
allow_user_certificates: Optional[pulumi.Input[bool]] = None,
|
@@ -1180,14 +1155,13 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1180
1155
|
allowed_domains: Optional[pulumi.Input[str]] = None,
|
1181
1156
|
allowed_domains_template: Optional[pulumi.Input[bool]] = None,
|
1182
1157
|
allowed_extensions: Optional[pulumi.Input[str]] = None,
|
1183
|
-
allowed_user_key_configs: Optional[pulumi.Input[Sequence[pulumi.Input[
|
1184
|
-
allowed_user_key_lengths: Optional[pulumi.Input[Mapping[str, pulumi.Input[int]]]] = None,
|
1158
|
+
allowed_user_key_configs: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretBackendRoleAllowedUserKeyConfigArgs', 'SecretBackendRoleAllowedUserKeyConfigArgsDict']]]]] = None,
|
1185
1159
|
allowed_users: Optional[pulumi.Input[str]] = None,
|
1186
1160
|
allowed_users_template: Optional[pulumi.Input[bool]] = None,
|
1187
1161
|
backend: Optional[pulumi.Input[str]] = None,
|
1188
1162
|
cidr_list: Optional[pulumi.Input[str]] = None,
|
1189
|
-
default_critical_options: Optional[pulumi.Input[Mapping[str,
|
1190
|
-
default_extensions: Optional[pulumi.Input[Mapping[str,
|
1163
|
+
default_critical_options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
1164
|
+
default_extensions: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
1191
1165
|
default_user: Optional[pulumi.Input[str]] = None,
|
1192
1166
|
default_user_template: Optional[pulumi.Input[bool]] = None,
|
1193
1167
|
key_id_format: Optional[pulumi.Input[str]] = None,
|
@@ -1215,18 +1189,15 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1215
1189
|
:param pulumi.Input[bool] allowed_domains_template: Specifies if `allowed_domains` can be declared using
|
1216
1190
|
identity template policies. Non-templated domains are also permitted.
|
1217
1191
|
:param pulumi.Input[str] allowed_extensions: Specifies a comma-separated list of extensions that certificates can have when signed.
|
1218
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
1192
|
+
:param pulumi.Input[Sequence[pulumi.Input[Union['SecretBackendRoleAllowedUserKeyConfigArgs', 'SecretBackendRoleAllowedUserKeyConfigArgsDict']]]] allowed_user_key_configs: Set of configuration blocks to define allowed
|
1219
1193
|
user key configuration, like key type and their lengths. Can be specified multiple times.
|
1220
1194
|
*See Configuration-Options for more info*
|
1221
|
-
:param pulumi.Input[Mapping[str, pulumi.Input[int]]] allowed_user_key_lengths: Specifies a map of ssh key types and their expected sizes which
|
1222
|
-
are allowed to be signed by the CA type.
|
1223
|
-
*Deprecated: use* allowed_user_key_config *instead*
|
1224
1195
|
:param pulumi.Input[str] allowed_users: Specifies a comma-separated list of usernames that are to be allowed, only if certain usernames are to be allowed.
|
1225
1196
|
:param pulumi.Input[bool] allowed_users_template: Specifies if `allowed_users` can be declared using identity template policies. Non-templated users are also permitted.
|
1226
1197
|
:param pulumi.Input[str] backend: The path where the SSH secret backend is mounted.
|
1227
1198
|
:param pulumi.Input[str] cidr_list: The comma-separated string of CIDR blocks for which this role is applicable.
|
1228
|
-
:param pulumi.Input[Mapping[str,
|
1229
|
-
:param pulumi.Input[Mapping[str,
|
1199
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] default_critical_options: Specifies a map of critical options that certificates have when signed.
|
1200
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] default_extensions: Specifies a map of extensions that certificates have when signed.
|
1230
1201
|
:param pulumi.Input[str] default_user: Specifies the default username for which a credential will be generated.
|
1231
1202
|
:param pulumi.Input[bool] default_user_template: If set, `default_users` can be specified using identity template values. A non-templated user is also permitted.
|
1232
1203
|
:param pulumi.Input[str] key_id_format: Specifies a custom format for the key id of a signed certificate.
|
@@ -1235,7 +1206,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1235
1206
|
:param pulumi.Input[str] name: Specifies the name of the role to create.
|
1236
1207
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
1237
1208
|
The value should not contain leading or trailing forward slashes.
|
1238
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
1209
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
1239
1210
|
*Available only for Vault Enterprise*.
|
1240
1211
|
:param pulumi.Input[str] not_before_duration: Specifies the duration by which to backdate the ValidAfter property. Uses duration format strings.
|
1241
1212
|
:param pulumi.Input[str] ttl: Specifies the Time To Live value.
|
@@ -1246,6 +1217,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1246
1217
|
|
1247
1218
|
__props__.__dict__["algorithm_signer"] = algorithm_signer
|
1248
1219
|
__props__.__dict__["allow_bare_domains"] = allow_bare_domains
|
1220
|
+
__props__.__dict__["allow_empty_principals"] = allow_empty_principals
|
1249
1221
|
__props__.__dict__["allow_host_certificates"] = allow_host_certificates
|
1250
1222
|
__props__.__dict__["allow_subdomains"] = allow_subdomains
|
1251
1223
|
__props__.__dict__["allow_user_certificates"] = allow_user_certificates
|
@@ -1255,7 +1227,6 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1255
1227
|
__props__.__dict__["allowed_domains_template"] = allowed_domains_template
|
1256
1228
|
__props__.__dict__["allowed_extensions"] = allowed_extensions
|
1257
1229
|
__props__.__dict__["allowed_user_key_configs"] = allowed_user_key_configs
|
1258
|
-
__props__.__dict__["allowed_user_key_lengths"] = allowed_user_key_lengths
|
1259
1230
|
__props__.__dict__["allowed_users"] = allowed_users
|
1260
1231
|
__props__.__dict__["allowed_users_template"] = allowed_users_template
|
1261
1232
|
__props__.__dict__["backend"] = backend
|
@@ -1289,6 +1260,11 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1289
1260
|
"""
|
1290
1261
|
return pulumi.get(self, "allow_bare_domains")
|
1291
1262
|
|
1263
|
+
@property
|
1264
|
+
@pulumi.getter(name="allowEmptyPrincipals")
|
1265
|
+
def allow_empty_principals(self) -> pulumi.Output[Optional[bool]]:
|
1266
|
+
return pulumi.get(self, "allow_empty_principals")
|
1267
|
+
|
1292
1268
|
@property
|
1293
1269
|
@pulumi.getter(name="allowHostCertificates")
|
1294
1270
|
def allow_host_certificates(self) -> pulumi.Output[Optional[bool]]:
|
@@ -1364,19 +1340,6 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1364
1340
|
"""
|
1365
1341
|
return pulumi.get(self, "allowed_user_key_configs")
|
1366
1342
|
|
1367
|
-
@property
|
1368
|
-
@pulumi.getter(name="allowedUserKeyLengths")
|
1369
|
-
def allowed_user_key_lengths(self) -> pulumi.Output[Optional[Mapping[str, int]]]:
|
1370
|
-
"""
|
1371
|
-
Specifies a map of ssh key types and their expected sizes which
|
1372
|
-
are allowed to be signed by the CA type.
|
1373
|
-
*Deprecated: use* allowed_user_key_config *instead*
|
1374
|
-
"""
|
1375
|
-
warnings.warn("""Set in allowed_user_key_config""", DeprecationWarning)
|
1376
|
-
pulumi.log.warn("""allowed_user_key_lengths is deprecated: Set in allowed_user_key_config""")
|
1377
|
-
|
1378
|
-
return pulumi.get(self, "allowed_user_key_lengths")
|
1379
|
-
|
1380
1343
|
@property
|
1381
1344
|
@pulumi.getter(name="allowedUsers")
|
1382
1345
|
def allowed_users(self) -> pulumi.Output[Optional[str]]:
|
@@ -1411,7 +1374,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1411
1374
|
|
1412
1375
|
@property
|
1413
1376
|
@pulumi.getter(name="defaultCriticalOptions")
|
1414
|
-
def default_critical_options(self) -> pulumi.Output[Optional[Mapping[str,
|
1377
|
+
def default_critical_options(self) -> pulumi.Output[Optional[Mapping[str, str]]]:
|
1415
1378
|
"""
|
1416
1379
|
Specifies a map of critical options that certificates have when signed.
|
1417
1380
|
"""
|
@@ -1419,7 +1382,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1419
1382
|
|
1420
1383
|
@property
|
1421
1384
|
@pulumi.getter(name="defaultExtensions")
|
1422
|
-
def default_extensions(self) -> pulumi.Output[Optional[Mapping[str,
|
1385
|
+
def default_extensions(self) -> pulumi.Output[Optional[Mapping[str, str]]]:
|
1423
1386
|
"""
|
1424
1387
|
Specifies a map of extensions that certificates have when signed.
|
1425
1388
|
"""
|
@@ -1479,7 +1442,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1479
1442
|
"""
|
1480
1443
|
The namespace to provision the resource in.
|
1481
1444
|
The value should not contain leading or trailing forward slashes.
|
1482
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
1445
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
1483
1446
|
*Available only for Vault Enterprise*.
|
1484
1447
|
"""
|
1485
1448
|
return pulumi.get(self, "namespace")
|