pulumi-vault 5.21.0a1710160723__py3-none-any.whl → 6.5.0a1736850018__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +52 -0
- pulumi_vault/_inputs.py +560 -0
- pulumi_vault/_utilities.py +41 -5
- pulumi_vault/ad/get_access_credentials.py +22 -7
- pulumi_vault/ad/secret_backend.py +14 -144
- pulumi_vault/ad/secret_library.py +14 -11
- pulumi_vault/ad/secret_role.py +12 -11
- pulumi_vault/alicloud/auth_backend_role.py +74 -192
- pulumi_vault/approle/auth_backend_login.py +12 -11
- pulumi_vault/approle/auth_backend_role.py +75 -193
- pulumi_vault/approle/auth_backend_role_secret_id.py +106 -11
- pulumi_vault/approle/get_auth_backend_role_id.py +18 -9
- pulumi_vault/audit.py +24 -27
- pulumi_vault/audit_request_header.py +11 -6
- pulumi_vault/auth_backend.py +64 -12
- pulumi_vault/aws/auth_backend_cert.py +12 -7
- pulumi_vault/aws/auth_backend_client.py +265 -24
- pulumi_vault/aws/auth_backend_config_identity.py +12 -11
- pulumi_vault/aws/auth_backend_identity_whitelist.py +18 -17
- pulumi_vault/aws/auth_backend_login.py +19 -22
- pulumi_vault/aws/auth_backend_role.py +75 -193
- pulumi_vault/aws/auth_backend_role_tag.py +12 -7
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -17
- pulumi_vault/aws/auth_backend_sts_role.py +12 -11
- pulumi_vault/aws/get_access_credentials.py +34 -7
- pulumi_vault/aws/get_static_access_credentials.py +19 -5
- pulumi_vault/aws/secret_backend.py +75 -7
- pulumi_vault/aws/secret_backend_role.py +183 -11
- pulumi_vault/aws/secret_backend_static_role.py +14 -11
- pulumi_vault/azure/_inputs.py +24 -0
- pulumi_vault/azure/auth_backend_config.py +151 -17
- pulumi_vault/azure/auth_backend_role.py +75 -193
- pulumi_vault/azure/backend.py +223 -29
- pulumi_vault/azure/backend_role.py +42 -41
- pulumi_vault/azure/get_access_credentials.py +39 -11
- pulumi_vault/azure/outputs.py +5 -0
- pulumi_vault/cert_auth_backend_role.py +87 -271
- pulumi_vault/config/__init__.pyi +5 -0
- pulumi_vault/config/_inputs.py +73 -0
- pulumi_vault/config/outputs.py +35 -0
- pulumi_vault/config/ui_custom_message.py +529 -0
- pulumi_vault/config/vars.py +5 -0
- pulumi_vault/consul/secret_backend.py +22 -25
- pulumi_vault/consul/secret_backend_role.py +14 -80
- pulumi_vault/database/_inputs.py +2770 -881
- pulumi_vault/database/outputs.py +721 -838
- pulumi_vault/database/secret_backend_connection.py +117 -114
- pulumi_vault/database/secret_backend_role.py +29 -24
- pulumi_vault/database/secret_backend_static_role.py +85 -15
- pulumi_vault/database/secrets_mount.py +425 -138
- pulumi_vault/egp_policy.py +16 -15
- pulumi_vault/gcp/_inputs.py +111 -0
- pulumi_vault/gcp/auth_backend.py +248 -35
- pulumi_vault/gcp/auth_backend_role.py +75 -271
- pulumi_vault/gcp/get_auth_backend_role.py +43 -9
- pulumi_vault/gcp/outputs.py +5 -0
- pulumi_vault/gcp/secret_backend.py +287 -16
- pulumi_vault/gcp/secret_impersonated_account.py +74 -17
- pulumi_vault/gcp/secret_roleset.py +29 -26
- pulumi_vault/gcp/secret_static_account.py +37 -34
- pulumi_vault/generic/endpoint.py +22 -21
- pulumi_vault/generic/get_secret.py +68 -12
- pulumi_vault/generic/secret.py +19 -14
- pulumi_vault/get_auth_backend.py +24 -11
- pulumi_vault/get_auth_backends.py +33 -11
- pulumi_vault/get_namespace.py +226 -0
- pulumi_vault/get_namespaces.py +153 -0
- pulumi_vault/get_nomad_access_token.py +31 -15
- pulumi_vault/get_policy_document.py +34 -23
- pulumi_vault/get_raft_autopilot_state.py +29 -14
- pulumi_vault/github/_inputs.py +55 -0
- pulumi_vault/github/auth_backend.py +17 -16
- pulumi_vault/github/outputs.py +5 -0
- pulumi_vault/github/team.py +14 -13
- pulumi_vault/github/user.py +14 -13
- pulumi_vault/identity/entity.py +18 -15
- pulumi_vault/identity/entity_alias.py +18 -15
- pulumi_vault/identity/entity_policies.py +24 -19
- pulumi_vault/identity/get_entity.py +40 -14
- pulumi_vault/identity/get_group.py +45 -13
- pulumi_vault/identity/get_oidc_client_creds.py +21 -11
- pulumi_vault/identity/get_oidc_openid_config.py +39 -13
- pulumi_vault/identity/get_oidc_public_keys.py +29 -14
- pulumi_vault/identity/group.py +50 -49
- pulumi_vault/identity/group_alias.py +14 -11
- pulumi_vault/identity/group_member_entity_ids.py +24 -74
- pulumi_vault/identity/group_member_group_ids.py +36 -27
- pulumi_vault/identity/group_policies.py +16 -15
- pulumi_vault/identity/mfa_duo.py +9 -8
- pulumi_vault/identity/mfa_login_enforcement.py +13 -8
- pulumi_vault/identity/mfa_okta.py +9 -8
- pulumi_vault/identity/mfa_pingid.py +5 -4
- pulumi_vault/identity/mfa_totp.py +5 -4
- pulumi_vault/identity/oidc.py +12 -11
- pulumi_vault/identity/oidc_assignment.py +22 -13
- pulumi_vault/identity/oidc_client.py +34 -25
- pulumi_vault/identity/oidc_key.py +28 -19
- pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -19
- pulumi_vault/identity/oidc_provider.py +34 -23
- pulumi_vault/identity/oidc_role.py +40 -27
- pulumi_vault/identity/oidc_scope.py +18 -15
- pulumi_vault/identity/outputs.py +8 -3
- pulumi_vault/jwt/_inputs.py +55 -0
- pulumi_vault/jwt/auth_backend.py +39 -46
- pulumi_vault/jwt/auth_backend_role.py +131 -260
- pulumi_vault/jwt/outputs.py +5 -0
- pulumi_vault/kmip/secret_backend.py +22 -21
- pulumi_vault/kmip/secret_role.py +12 -11
- pulumi_vault/kmip/secret_scope.py +12 -11
- pulumi_vault/kubernetes/auth_backend_config.py +55 -7
- pulumi_vault/kubernetes/auth_backend_role.py +68 -179
- pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
- pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
- pulumi_vault/kubernetes/get_service_account_token.py +39 -15
- pulumi_vault/kubernetes/secret_backend.py +314 -29
- pulumi_vault/kubernetes/secret_backend_role.py +135 -56
- pulumi_vault/kv/_inputs.py +36 -4
- pulumi_vault/kv/get_secret.py +23 -12
- pulumi_vault/kv/get_secret_subkeys_v2.py +31 -14
- pulumi_vault/kv/get_secret_v2.py +89 -9
- pulumi_vault/kv/get_secrets_list.py +22 -15
- pulumi_vault/kv/get_secrets_list_v2.py +35 -19
- pulumi_vault/kv/outputs.py +8 -3
- pulumi_vault/kv/secret.py +19 -18
- pulumi_vault/kv/secret_backend_v2.py +12 -11
- pulumi_vault/kv/secret_v2.py +55 -52
- pulumi_vault/ldap/auth_backend.py +125 -168
- pulumi_vault/ldap/auth_backend_group.py +12 -11
- pulumi_vault/ldap/auth_backend_user.py +12 -11
- pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
- pulumi_vault/ldap/get_static_credentials.py +24 -5
- pulumi_vault/ldap/secret_backend.py +352 -84
- pulumi_vault/ldap/secret_backend_dynamic_role.py +12 -11
- pulumi_vault/ldap/secret_backend_library_set.py +14 -11
- pulumi_vault/ldap/secret_backend_static_role.py +67 -12
- pulumi_vault/managed/_inputs.py +289 -132
- pulumi_vault/managed/keys.py +27 -43
- pulumi_vault/managed/outputs.py +89 -132
- pulumi_vault/mfa_duo.py +16 -13
- pulumi_vault/mfa_okta.py +16 -13
- pulumi_vault/mfa_pingid.py +16 -13
- pulumi_vault/mfa_totp.py +22 -19
- pulumi_vault/mongodbatlas/secret_backend.py +18 -17
- pulumi_vault/mongodbatlas/secret_role.py +41 -38
- pulumi_vault/mount.py +389 -65
- pulumi_vault/namespace.py +26 -21
- pulumi_vault/nomad_secret_backend.py +16 -15
- pulumi_vault/nomad_secret_role.py +12 -11
- pulumi_vault/okta/_inputs.py +47 -8
- pulumi_vault/okta/auth_backend.py +483 -41
- pulumi_vault/okta/auth_backend_group.py +12 -11
- pulumi_vault/okta/auth_backend_user.py +12 -11
- pulumi_vault/okta/outputs.py +13 -8
- pulumi_vault/outputs.py +5 -0
- pulumi_vault/password_policy.py +18 -15
- pulumi_vault/pkisecret/__init__.py +3 -0
- pulumi_vault/pkisecret/_inputs.py +81 -0
- pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
- pulumi_vault/pkisecret/backend_config_est.py +619 -0
- pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
- pulumi_vault/pkisecret/get_backend_issuer.py +63 -7
- pulumi_vault/pkisecret/get_backend_issuers.py +21 -12
- pulumi_vault/pkisecret/get_backend_key.py +24 -13
- pulumi_vault/pkisecret/get_backend_keys.py +21 -12
- pulumi_vault/pkisecret/outputs.py +69 -0
- pulumi_vault/pkisecret/secret_backend_cert.py +18 -15
- pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -15
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +12 -11
- pulumi_vault/pkisecret/secret_backend_config_urls.py +59 -11
- pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -13
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -15
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -21
- pulumi_vault/pkisecret/secret_backend_issuer.py +12 -11
- pulumi_vault/pkisecret/secret_backend_key.py +12 -7
- pulumi_vault/pkisecret/secret_backend_role.py +19 -16
- pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -52
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -62
- pulumi_vault/pkisecret/secret_backend_sign.py +18 -60
- pulumi_vault/plugin.py +595 -0
- pulumi_vault/plugin_pinned_version.py +298 -0
- pulumi_vault/policy.py +12 -7
- pulumi_vault/provider.py +48 -53
- pulumi_vault/pulumi-plugin.json +2 -1
- pulumi_vault/quota_lease_count.py +58 -8
- pulumi_vault/quota_rate_limit.py +54 -4
- pulumi_vault/rabbitmq/_inputs.py +61 -0
- pulumi_vault/rabbitmq/outputs.py +5 -0
- pulumi_vault/rabbitmq/secret_backend.py +16 -15
- pulumi_vault/rabbitmq/secret_backend_role.py +52 -49
- pulumi_vault/raft_autopilot.py +12 -11
- pulumi_vault/raft_snapshot_agent_config.py +121 -311
- pulumi_vault/rgp_policy.py +14 -13
- pulumi_vault/saml/auth_backend.py +20 -19
- pulumi_vault/saml/auth_backend_role.py +90 -199
- pulumi_vault/secrets/__init__.py +3 -0
- pulumi_vault/secrets/_inputs.py +110 -0
- pulumi_vault/secrets/outputs.py +94 -0
- pulumi_vault/secrets/sync_association.py +56 -75
- pulumi_vault/secrets/sync_aws_destination.py +240 -29
- pulumi_vault/secrets/sync_azure_destination.py +90 -33
- pulumi_vault/secrets/sync_config.py +7 -6
- pulumi_vault/secrets/sync_gcp_destination.py +156 -27
- pulumi_vault/secrets/sync_gh_destination.py +187 -15
- pulumi_vault/secrets/sync_github_apps.py +375 -0
- pulumi_vault/secrets/sync_vercel_destination.py +72 -15
- pulumi_vault/ssh/_inputs.py +28 -32
- pulumi_vault/ssh/outputs.py +11 -32
- pulumi_vault/ssh/secret_backend_ca.py +106 -11
- pulumi_vault/ssh/secret_backend_role.py +83 -120
- pulumi_vault/terraformcloud/secret_backend.py +5 -56
- pulumi_vault/terraformcloud/secret_creds.py +14 -24
- pulumi_vault/terraformcloud/secret_role.py +14 -76
- pulumi_vault/token.py +26 -25
- pulumi_vault/tokenauth/auth_backend_role.py +76 -201
- pulumi_vault/transform/alphabet.py +16 -13
- pulumi_vault/transform/get_decode.py +45 -21
- pulumi_vault/transform/get_encode.py +45 -21
- pulumi_vault/transform/role.py +16 -13
- pulumi_vault/transform/template.py +30 -25
- pulumi_vault/transform/transformation.py +12 -7
- pulumi_vault/transit/get_decrypt.py +26 -25
- pulumi_vault/transit/get_encrypt.py +24 -19
- pulumi_vault/transit/secret_backend_key.py +25 -97
- pulumi_vault/transit/secret_cache_config.py +12 -11
- {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736850018.dist-info}/METADATA +8 -7
- pulumi_vault-6.5.0a1736850018.dist-info/RECORD +256 -0
- {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736850018.dist-info}/WHEEL +1 -1
- pulumi_vault-5.21.0a1710160723.dist-info/RECORD +0 -244
- {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736850018.dist-info}/top_level.txt +0 -0
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
|
12
17
|
__all__ = ['AuthBackendRoleTagArgs', 'AuthBackendRoleTag']
|
@@ -34,7 +39,7 @@ class AuthBackendRoleTagArgs:
|
|
34
39
|
:param pulumi.Input[str] max_ttl: The maximum TTL of the tokens issued using this role.
|
35
40
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
36
41
|
The value should not contain leading or trailing forward slashes.
|
37
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
42
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
38
43
|
*Available only for Vault Enterprise*.
|
39
44
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] policies: The policies to be associated with the tag. Must be a subset of the policies associated with the role.
|
40
45
|
"""
|
@@ -134,7 +139,7 @@ class AuthBackendRoleTagArgs:
|
|
134
139
|
"""
|
135
140
|
The namespace to provision the resource in.
|
136
141
|
The value should not contain leading or trailing forward slashes.
|
137
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
142
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
138
143
|
*Available only for Vault Enterprise*.
|
139
144
|
"""
|
140
145
|
return pulumi.get(self, "namespace")
|
@@ -179,7 +184,7 @@ class _AuthBackendRoleTagState:
|
|
179
184
|
:param pulumi.Input[str] max_ttl: The maximum TTL of the tokens issued using this role.
|
180
185
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
181
186
|
The value should not contain leading or trailing forward slashes.
|
182
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
187
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
183
188
|
*Available only for Vault Enterprise*.
|
184
189
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] policies: The policies to be associated with the tag. Must be a subset of the policies associated with the role.
|
185
190
|
:param pulumi.Input[str] role: The name of the AWS auth backend role to read
|
@@ -275,7 +280,7 @@ class _AuthBackendRoleTagState:
|
|
275
280
|
"""
|
276
281
|
The namespace to provision the resource in.
|
277
282
|
The value should not contain leading or trailing forward slashes.
|
278
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
283
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
279
284
|
*Available only for Vault Enterprise*.
|
280
285
|
"""
|
281
286
|
return pulumi.get(self, "namespace")
|
@@ -361,7 +366,7 @@ class AuthBackendRoleTag(pulumi.CustomResource):
|
|
361
366
|
:param pulumi.Input[str] max_ttl: The maximum TTL of the tokens issued using this role.
|
362
367
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
363
368
|
The value should not contain leading or trailing forward slashes.
|
364
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
369
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
365
370
|
*Available only for Vault Enterprise*.
|
366
371
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] policies: The policies to be associated with the tag. Must be a subset of the policies associated with the role.
|
367
372
|
:param pulumi.Input[str] role: The name of the AWS auth backend role to read
|
@@ -455,7 +460,7 @@ class AuthBackendRoleTag(pulumi.CustomResource):
|
|
455
460
|
:param pulumi.Input[str] max_ttl: The maximum TTL of the tokens issued using this role.
|
456
461
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
457
462
|
The value should not contain leading or trailing forward slashes.
|
458
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
463
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
459
464
|
*Available only for Vault Enterprise*.
|
460
465
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] policies: The policies to be associated with the tag. Must be a subset of the policies associated with the role.
|
461
466
|
:param pulumi.Input[str] role: The name of the AWS auth backend role to read
|
@@ -526,7 +531,7 @@ class AuthBackendRoleTag(pulumi.CustomResource):
|
|
526
531
|
"""
|
527
532
|
The namespace to provision the resource in.
|
528
533
|
The value should not contain leading or trailing forward slashes.
|
529
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
534
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
530
535
|
*Available only for Vault Enterprise*.
|
531
536
|
"""
|
532
537
|
return pulumi.get(self, "namespace")
|
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
|
12
17
|
__all__ = ['AuthBackendRoletagBlacklistArgs', 'AuthBackendRoletagBlacklist']
|
@@ -26,7 +31,7 @@ class AuthBackendRoletagBlacklistArgs:
|
|
26
31
|
tidying of the roletag blacklist entries. Defaults to false.
|
27
32
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
28
33
|
The value should not contain leading or trailing forward slashes.
|
29
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
34
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
30
35
|
*Available only for Vault Enterprise*.
|
31
36
|
:param pulumi.Input[int] safety_buffer: The amount of extra time that must have passed
|
32
37
|
beyond the roletag expiration, before it is removed from the backend storage.
|
@@ -72,7 +77,7 @@ class AuthBackendRoletagBlacklistArgs:
|
|
72
77
|
"""
|
73
78
|
The namespace to provision the resource in.
|
74
79
|
The value should not contain leading or trailing forward slashes.
|
75
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
80
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
76
81
|
*Available only for Vault Enterprise*.
|
77
82
|
"""
|
78
83
|
return pulumi.get(self, "namespace")
|
@@ -111,7 +116,7 @@ class _AuthBackendRoletagBlacklistState:
|
|
111
116
|
tidying of the roletag blacklist entries. Defaults to false.
|
112
117
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
113
118
|
The value should not contain leading or trailing forward slashes.
|
114
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
119
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
115
120
|
*Available only for Vault Enterprise*.
|
116
121
|
:param pulumi.Input[int] safety_buffer: The amount of extra time that must have passed
|
117
122
|
beyond the roletag expiration, before it is removed from the backend storage.
|
@@ -158,7 +163,7 @@ class _AuthBackendRoletagBlacklistState:
|
|
158
163
|
"""
|
159
164
|
The namespace to provision the resource in.
|
160
165
|
The value should not contain leading or trailing forward slashes.
|
161
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
166
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
162
167
|
*Available only for Vault Enterprise*.
|
163
168
|
"""
|
164
169
|
return pulumi.get(self, "namespace")
|
@@ -197,17 +202,15 @@ class AuthBackendRoletagBlacklist(pulumi.CustomResource):
|
|
197
202
|
|
198
203
|
## Example Usage
|
199
204
|
|
200
|
-
<!--Start PulumiCodeChooser -->
|
201
205
|
```python
|
202
206
|
import pulumi
|
203
207
|
import pulumi_vault as vault
|
204
208
|
|
205
|
-
|
206
|
-
example_auth_backend_roletag_blacklist = vault.aws.AuthBackendRoletagBlacklist("
|
207
|
-
backend=
|
209
|
+
example = vault.AuthBackend("example", type="aws")
|
210
|
+
example_auth_backend_roletag_blacklist = vault.aws.AuthBackendRoletagBlacklist("example",
|
211
|
+
backend=example.path,
|
208
212
|
safety_buffer=360)
|
209
213
|
```
|
210
|
-
<!--End PulumiCodeChooser -->
|
211
214
|
|
212
215
|
:param str resource_name: The name of the resource.
|
213
216
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
@@ -217,7 +220,7 @@ class AuthBackendRoletagBlacklist(pulumi.CustomResource):
|
|
217
220
|
tidying of the roletag blacklist entries. Defaults to false.
|
218
221
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
219
222
|
The value should not contain leading or trailing forward slashes.
|
220
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
223
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
221
224
|
*Available only for Vault Enterprise*.
|
222
225
|
:param pulumi.Input[int] safety_buffer: The amount of extra time that must have passed
|
223
226
|
beyond the roletag expiration, before it is removed from the backend storage.
|
@@ -234,17 +237,15 @@ class AuthBackendRoletagBlacklist(pulumi.CustomResource):
|
|
234
237
|
|
235
238
|
## Example Usage
|
236
239
|
|
237
|
-
<!--Start PulumiCodeChooser -->
|
238
240
|
```python
|
239
241
|
import pulumi
|
240
242
|
import pulumi_vault as vault
|
241
243
|
|
242
|
-
|
243
|
-
example_auth_backend_roletag_blacklist = vault.aws.AuthBackendRoletagBlacklist("
|
244
|
-
backend=
|
244
|
+
example = vault.AuthBackend("example", type="aws")
|
245
|
+
example_auth_backend_roletag_blacklist = vault.aws.AuthBackendRoletagBlacklist("example",
|
246
|
+
backend=example.path,
|
245
247
|
safety_buffer=360)
|
246
248
|
```
|
247
|
-
<!--End PulumiCodeChooser -->
|
248
249
|
|
249
250
|
:param str resource_name: The name of the resource.
|
250
251
|
:param AuthBackendRoletagBlacklistArgs args: The arguments to use to populate this resource's properties.
|
@@ -307,7 +308,7 @@ class AuthBackendRoletagBlacklist(pulumi.CustomResource):
|
|
307
308
|
tidying of the roletag blacklist entries. Defaults to false.
|
308
309
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
309
310
|
The value should not contain leading or trailing forward slashes.
|
310
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
311
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
311
312
|
*Available only for Vault Enterprise*.
|
312
313
|
:param pulumi.Input[int] safety_buffer: The amount of extra time that must have passed
|
313
314
|
beyond the roletag expiration, before it is removed from the backend storage.
|
@@ -347,7 +348,7 @@ class AuthBackendRoletagBlacklist(pulumi.CustomResource):
|
|
347
348
|
"""
|
348
349
|
The namespace to provision the resource in.
|
349
350
|
The value should not contain leading or trailing forward slashes.
|
350
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
351
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
351
352
|
*Available only for Vault Enterprise*.
|
352
353
|
"""
|
353
354
|
return pulumi.get(self, "namespace")
|
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
|
12
17
|
__all__ = ['AuthBackendStsRoleArgs', 'AuthBackendStsRole']
|
@@ -27,7 +32,7 @@ class AuthBackendStsRoleArgs:
|
|
27
32
|
mounted at. Defaults to `aws`.
|
28
33
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
29
34
|
The value should not contain leading or trailing forward slashes.
|
30
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
35
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
31
36
|
*Available only for Vault Enterprise*.
|
32
37
|
"""
|
33
38
|
pulumi.set(__self__, "account_id", account_id)
|
@@ -81,7 +86,7 @@ class AuthBackendStsRoleArgs:
|
|
81
86
|
"""
|
82
87
|
The namespace to provision the resource in.
|
83
88
|
The value should not contain leading or trailing forward slashes.
|
84
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
89
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
85
90
|
*Available only for Vault Enterprise*.
|
86
91
|
"""
|
87
92
|
return pulumi.get(self, "namespace")
|
@@ -105,7 +110,7 @@ class _AuthBackendStsRoleState:
|
|
105
110
|
mounted at. Defaults to `aws`.
|
106
111
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
107
112
|
The value should not contain leading or trailing forward slashes.
|
108
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
113
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
109
114
|
*Available only for Vault Enterprise*.
|
110
115
|
:param pulumi.Input[str] sts_role: The STS role to assume when verifying requests made
|
111
116
|
by EC2 instances in the account specified by `account_id`.
|
@@ -150,7 +155,7 @@ class _AuthBackendStsRoleState:
|
|
150
155
|
"""
|
151
156
|
The namespace to provision the resource in.
|
152
157
|
The value should not contain leading or trailing forward slashes.
|
153
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
158
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
154
159
|
*Available only for Vault Enterprise*.
|
155
160
|
"""
|
156
161
|
return pulumi.get(self, "namespace")
|
@@ -186,7 +191,6 @@ class AuthBackendStsRole(pulumi.CustomResource):
|
|
186
191
|
"""
|
187
192
|
## Example Usage
|
188
193
|
|
189
|
-
<!--Start PulumiCodeChooser -->
|
190
194
|
```python
|
191
195
|
import pulumi
|
192
196
|
import pulumi_vault as vault
|
@@ -197,7 +201,6 @@ class AuthBackendStsRole(pulumi.CustomResource):
|
|
197
201
|
account_id="1234567890",
|
198
202
|
sts_role="arn:aws:iam::1234567890:role/my-role")
|
199
203
|
```
|
200
|
-
<!--End PulumiCodeChooser -->
|
201
204
|
|
202
205
|
## Import
|
203
206
|
|
@@ -214,7 +217,7 @@ class AuthBackendStsRole(pulumi.CustomResource):
|
|
214
217
|
mounted at. Defaults to `aws`.
|
215
218
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
216
219
|
The value should not contain leading or trailing forward slashes.
|
217
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
220
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
218
221
|
*Available only for Vault Enterprise*.
|
219
222
|
:param pulumi.Input[str] sts_role: The STS role to assume when verifying requests made
|
220
223
|
by EC2 instances in the account specified by `account_id`.
|
@@ -228,7 +231,6 @@ class AuthBackendStsRole(pulumi.CustomResource):
|
|
228
231
|
"""
|
229
232
|
## Example Usage
|
230
233
|
|
231
|
-
<!--Start PulumiCodeChooser -->
|
232
234
|
```python
|
233
235
|
import pulumi
|
234
236
|
import pulumi_vault as vault
|
@@ -239,7 +241,6 @@ class AuthBackendStsRole(pulumi.CustomResource):
|
|
239
241
|
account_id="1234567890",
|
240
242
|
sts_role="arn:aws:iam::1234567890:role/my-role")
|
241
243
|
```
|
242
|
-
<!--End PulumiCodeChooser -->
|
243
244
|
|
244
245
|
## Import
|
245
246
|
|
@@ -311,7 +312,7 @@ class AuthBackendStsRole(pulumi.CustomResource):
|
|
311
312
|
mounted at. Defaults to `aws`.
|
312
313
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
313
314
|
The value should not contain leading or trailing forward slashes.
|
314
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
315
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
315
316
|
*Available only for Vault Enterprise*.
|
316
317
|
:param pulumi.Input[str] sts_role: The STS role to assume when verifying requests made
|
317
318
|
by EC2 instances in the account specified by `account_id`.
|
@@ -349,7 +350,7 @@ class AuthBackendStsRole(pulumi.CustomResource):
|
|
349
350
|
"""
|
350
351
|
The namespace to provision the resource in.
|
351
352
|
The value should not contain leading or trailing forward slashes.
|
352
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
353
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
353
354
|
*Available only for Vault Enterprise*.
|
354
355
|
"""
|
355
356
|
return pulumi.get(self, "namespace")
|
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
|
12
17
|
__all__ = [
|
@@ -203,7 +208,7 @@ def get_access_credentials(backend: Optional[str] = None,
|
|
203
208
|
read credentials from, with no leading or trailing `/`s.
|
204
209
|
:param str namespace: The namespace of the target resource.
|
205
210
|
The value should not contain leading or trailing forward slashes.
|
206
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
211
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
207
212
|
*Available only for Vault Enterprise*.
|
208
213
|
:param str region: The region the read credentials belong to.
|
209
214
|
:param str role: The name of the AWS secret backend role to read
|
@@ -246,9 +251,6 @@ def get_access_credentials(backend: Optional[str] = None,
|
|
246
251
|
security_token=pulumi.get(__ret__, 'security_token'),
|
247
252
|
ttl=pulumi.get(__ret__, 'ttl'),
|
248
253
|
type=pulumi.get(__ret__, 'type'))
|
249
|
-
|
250
|
-
|
251
|
-
@_utilities.lift_output_func(get_access_credentials)
|
252
254
|
def get_access_credentials_output(backend: Optional[pulumi.Input[str]] = None,
|
253
255
|
namespace: Optional[pulumi.Input[Optional[str]]] = None,
|
254
256
|
region: Optional[pulumi.Input[Optional[str]]] = None,
|
@@ -256,7 +258,7 @@ def get_access_credentials_output(backend: Optional[pulumi.Input[str]] = None,
|
|
256
258
|
role_arn: Optional[pulumi.Input[Optional[str]]] = None,
|
257
259
|
ttl: Optional[pulumi.Input[Optional[str]]] = None,
|
258
260
|
type: Optional[pulumi.Input[Optional[str]]] = None,
|
259
|
-
opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetAccessCredentialsResult]:
|
261
|
+
opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetAccessCredentialsResult]:
|
260
262
|
"""
|
261
263
|
## Example Usage
|
262
264
|
|
@@ -265,7 +267,7 @@ def get_access_credentials_output(backend: Optional[pulumi.Input[str]] = None,
|
|
265
267
|
read credentials from, with no leading or trailing `/`s.
|
266
268
|
:param str namespace: The namespace of the target resource.
|
267
269
|
The value should not contain leading or trailing forward slashes.
|
268
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
270
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
269
271
|
*Available only for Vault Enterprise*.
|
270
272
|
:param str region: The region the read credentials belong to.
|
271
273
|
:param str role: The name of the AWS secret backend role to read
|
@@ -281,4 +283,29 @@ def get_access_credentials_output(backend: Optional[pulumi.Input[str]] = None,
|
|
281
283
|
Key. Can also be set to `"sts"`, which will return a security token
|
282
284
|
in addition to the keys.
|
283
285
|
"""
|
284
|
-
|
286
|
+
__args__ = dict()
|
287
|
+
__args__['backend'] = backend
|
288
|
+
__args__['namespace'] = namespace
|
289
|
+
__args__['region'] = region
|
290
|
+
__args__['role'] = role
|
291
|
+
__args__['roleArn'] = role_arn
|
292
|
+
__args__['ttl'] = ttl
|
293
|
+
__args__['type'] = type
|
294
|
+
opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts)
|
295
|
+
__ret__ = pulumi.runtime.invoke_output('vault:aws/getAccessCredentials:getAccessCredentials', __args__, opts=opts, typ=GetAccessCredentialsResult)
|
296
|
+
return __ret__.apply(lambda __response__: GetAccessCredentialsResult(
|
297
|
+
access_key=pulumi.get(__response__, 'access_key'),
|
298
|
+
backend=pulumi.get(__response__, 'backend'),
|
299
|
+
id=pulumi.get(__response__, 'id'),
|
300
|
+
lease_duration=pulumi.get(__response__, 'lease_duration'),
|
301
|
+
lease_id=pulumi.get(__response__, 'lease_id'),
|
302
|
+
lease_renewable=pulumi.get(__response__, 'lease_renewable'),
|
303
|
+
lease_start_time=pulumi.get(__response__, 'lease_start_time'),
|
304
|
+
namespace=pulumi.get(__response__, 'namespace'),
|
305
|
+
region=pulumi.get(__response__, 'region'),
|
306
|
+
role=pulumi.get(__response__, 'role'),
|
307
|
+
role_arn=pulumi.get(__response__, 'role_arn'),
|
308
|
+
secret_key=pulumi.get(__response__, 'secret_key'),
|
309
|
+
security_token=pulumi.get(__response__, 'security_token'),
|
310
|
+
ttl=pulumi.get(__response__, 'ttl'),
|
311
|
+
type=pulumi.get(__response__, 'type')))
|
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
|
12
17
|
__all__ = [
|
@@ -110,14 +115,23 @@ def get_static_access_credentials(backend: Optional[str] = None,
|
|
110
115
|
name=pulumi.get(__ret__, 'name'),
|
111
116
|
namespace=pulumi.get(__ret__, 'namespace'),
|
112
117
|
secret_key=pulumi.get(__ret__, 'secret_key'))
|
113
|
-
|
114
|
-
|
115
|
-
@_utilities.lift_output_func(get_static_access_credentials)
|
116
118
|
def get_static_access_credentials_output(backend: Optional[pulumi.Input[str]] = None,
|
117
119
|
name: Optional[pulumi.Input[str]] = None,
|
118
120
|
namespace: Optional[pulumi.Input[Optional[str]]] = None,
|
119
|
-
opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetStaticAccessCredentialsResult]:
|
121
|
+
opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetStaticAccessCredentialsResult]:
|
120
122
|
"""
|
121
123
|
Use this data source to access information about an existing resource.
|
122
124
|
"""
|
123
|
-
|
125
|
+
__args__ = dict()
|
126
|
+
__args__['backend'] = backend
|
127
|
+
__args__['name'] = name
|
128
|
+
__args__['namespace'] = namespace
|
129
|
+
opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts)
|
130
|
+
__ret__ = pulumi.runtime.invoke_output('vault:aws/getStaticAccessCredentials:getStaticAccessCredentials', __args__, opts=opts, typ=GetStaticAccessCredentialsResult)
|
131
|
+
return __ret__.apply(lambda __response__: GetStaticAccessCredentialsResult(
|
132
|
+
access_key=pulumi.get(__response__, 'access_key'),
|
133
|
+
backend=pulumi.get(__response__, 'backend'),
|
134
|
+
id=pulumi.get(__response__, 'id'),
|
135
|
+
name=pulumi.get(__response__, 'name'),
|
136
|
+
namespace=pulumi.get(__response__, 'namespace'),
|
137
|
+
secret_key=pulumi.get(__response__, 'secret_key')))
|
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
|
12
17
|
__all__ = ['SecretBackendArgs', 'SecretBackend']
|
@@ -49,12 +54,21 @@ class SecretBackendArgs:
|
|
49
54
|
for credentials issued by this backend.
|
50
55
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
51
56
|
The value should not contain leading or trailing forward slashes.
|
52
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
57
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
53
58
|
*Available only for Vault Enterprise*.
|
54
59
|
:param pulumi.Input[str] path: The unique path this backend should be mounted at. Must
|
55
60
|
not begin or end with a `/`. Defaults to `aws`.
|
56
61
|
:param pulumi.Input[str] region: The AWS region to make API calls against. Defaults to us-east-1.
|
57
62
|
:param pulumi.Input[str] role_arn: Role ARN to assume for plugin identity token federation. Requires Vault 1.16+.
|
63
|
+
|
64
|
+
```
|
65
|
+
{{ if (eq .Type "STS") }}
|
66
|
+
{{ printf "vault-%s-%s" (unix_time) (random 20) | truncate 32 }}
|
67
|
+
{{ else }}
|
68
|
+
{{ printf "vault-%s-%s-%s" (printf "%s-%s" (.DisplayName) (.PolicyName) | truncate 42) (unix_time) (random 20) | truncate 64 }}
|
69
|
+
{{ end }}
|
70
|
+
|
71
|
+
```
|
58
72
|
:param pulumi.Input[str] secret_key: The AWS Secret Access Key to use when generating new credentials.
|
59
73
|
:param pulumi.Input[str] sts_endpoint: Specifies a custom HTTP STS endpoint to use.
|
60
74
|
:param pulumi.Input[str] username_template: Template describing how dynamic usernames are generated. The username template is used to generate both IAM usernames (capped at 64 characters) and STS usernames (capped at 32 characters). If no template is provided the field defaults to the template:
|
@@ -224,7 +238,7 @@ class SecretBackendArgs:
|
|
224
238
|
"""
|
225
239
|
The namespace to provision the resource in.
|
226
240
|
The value should not contain leading or trailing forward slashes.
|
227
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
241
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
228
242
|
*Available only for Vault Enterprise*.
|
229
243
|
"""
|
230
244
|
return pulumi.get(self, "namespace")
|
@@ -263,6 +277,15 @@ class SecretBackendArgs:
|
|
263
277
|
def role_arn(self) -> Optional[pulumi.Input[str]]:
|
264
278
|
"""
|
265
279
|
Role ARN to assume for plugin identity token federation. Requires Vault 1.16+.
|
280
|
+
|
281
|
+
```
|
282
|
+
{{ if (eq .Type "STS") }}
|
283
|
+
{{ printf "vault-%s-%s" (unix_time) (random 20) | truncate 32 }}
|
284
|
+
{{ else }}
|
285
|
+
{{ printf "vault-%s-%s-%s" (printf "%s-%s" (.DisplayName) (.PolicyName) | truncate 42) (unix_time) (random 20) | truncate 64 }}
|
286
|
+
{{ end }}
|
287
|
+
|
288
|
+
```
|
266
289
|
"""
|
267
290
|
return pulumi.get(self, "role_arn")
|
268
291
|
|
@@ -345,12 +368,21 @@ class _SecretBackendState:
|
|
345
368
|
for credentials issued by this backend.
|
346
369
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
347
370
|
The value should not contain leading or trailing forward slashes.
|
348
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
371
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
349
372
|
*Available only for Vault Enterprise*.
|
350
373
|
:param pulumi.Input[str] path: The unique path this backend should be mounted at. Must
|
351
374
|
not begin or end with a `/`. Defaults to `aws`.
|
352
375
|
:param pulumi.Input[str] region: The AWS region to make API calls against. Defaults to us-east-1.
|
353
376
|
:param pulumi.Input[str] role_arn: Role ARN to assume for plugin identity token federation. Requires Vault 1.16+.
|
377
|
+
|
378
|
+
```
|
379
|
+
{{ if (eq .Type "STS") }}
|
380
|
+
{{ printf "vault-%s-%s" (unix_time) (random 20) | truncate 32 }}
|
381
|
+
{{ else }}
|
382
|
+
{{ printf "vault-%s-%s-%s" (printf "%s-%s" (.DisplayName) (.PolicyName) | truncate 42) (unix_time) (random 20) | truncate 64 }}
|
383
|
+
{{ end }}
|
384
|
+
|
385
|
+
```
|
354
386
|
:param pulumi.Input[str] secret_key: The AWS Secret Access Key to use when generating new credentials.
|
355
387
|
:param pulumi.Input[str] sts_endpoint: Specifies a custom HTTP STS endpoint to use.
|
356
388
|
:param pulumi.Input[str] username_template: Template describing how dynamic usernames are generated. The username template is used to generate both IAM usernames (capped at 64 characters) and STS usernames (capped at 32 characters). If no template is provided the field defaults to the template:
|
@@ -520,7 +552,7 @@ class _SecretBackendState:
|
|
520
552
|
"""
|
521
553
|
The namespace to provision the resource in.
|
522
554
|
The value should not contain leading or trailing forward slashes.
|
523
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
555
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
524
556
|
*Available only for Vault Enterprise*.
|
525
557
|
"""
|
526
558
|
return pulumi.get(self, "namespace")
|
@@ -559,6 +591,15 @@ class _SecretBackendState:
|
|
559
591
|
def role_arn(self) -> Optional[pulumi.Input[str]]:
|
560
592
|
"""
|
561
593
|
Role ARN to assume for plugin identity token federation. Requires Vault 1.16+.
|
594
|
+
|
595
|
+
```
|
596
|
+
{{ if (eq .Type "STS") }}
|
597
|
+
{{ printf "vault-%s-%s" (unix_time) (random 20) | truncate 32 }}
|
598
|
+
{{ else }}
|
599
|
+
{{ printf "vault-%s-%s-%s" (printf "%s-%s" (.DisplayName) (.PolicyName) | truncate 42) (unix_time) (random 20) | truncate 64 }}
|
600
|
+
{{ end }}
|
601
|
+
|
602
|
+
```
|
562
603
|
"""
|
563
604
|
return pulumi.get(self, "role_arn")
|
564
605
|
|
@@ -653,12 +694,21 @@ class SecretBackend(pulumi.CustomResource):
|
|
653
694
|
for credentials issued by this backend.
|
654
695
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
655
696
|
The value should not contain leading or trailing forward slashes.
|
656
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
697
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
657
698
|
*Available only for Vault Enterprise*.
|
658
699
|
:param pulumi.Input[str] path: The unique path this backend should be mounted at. Must
|
659
700
|
not begin or end with a `/`. Defaults to `aws`.
|
660
701
|
:param pulumi.Input[str] region: The AWS region to make API calls against. Defaults to us-east-1.
|
661
702
|
:param pulumi.Input[str] role_arn: Role ARN to assume for plugin identity token federation. Requires Vault 1.16+.
|
703
|
+
|
704
|
+
```
|
705
|
+
{{ if (eq .Type "STS") }}
|
706
|
+
{{ printf "vault-%s-%s" (unix_time) (random 20) | truncate 32 }}
|
707
|
+
{{ else }}
|
708
|
+
{{ printf "vault-%s-%s-%s" (printf "%s-%s" (.DisplayName) (.PolicyName) | truncate 42) (unix_time) (random 20) | truncate 64 }}
|
709
|
+
{{ end }}
|
710
|
+
|
711
|
+
```
|
662
712
|
:param pulumi.Input[str] secret_key: The AWS Secret Access Key to use when generating new credentials.
|
663
713
|
:param pulumi.Input[str] sts_endpoint: Specifies a custom HTTP STS endpoint to use.
|
664
714
|
:param pulumi.Input[str] username_template: Template describing how dynamic usernames are generated. The username template is used to generate both IAM usernames (capped at 64 characters) and STS usernames (capped at 32 characters). If no template is provided the field defaults to the template:
|
@@ -788,12 +838,21 @@ class SecretBackend(pulumi.CustomResource):
|
|
788
838
|
for credentials issued by this backend.
|
789
839
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
790
840
|
The value should not contain leading or trailing forward slashes.
|
791
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
841
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
792
842
|
*Available only for Vault Enterprise*.
|
793
843
|
:param pulumi.Input[str] path: The unique path this backend should be mounted at. Must
|
794
844
|
not begin or end with a `/`. Defaults to `aws`.
|
795
845
|
:param pulumi.Input[str] region: The AWS region to make API calls against. Defaults to us-east-1.
|
796
846
|
:param pulumi.Input[str] role_arn: Role ARN to assume for plugin identity token federation. Requires Vault 1.16+.
|
847
|
+
|
848
|
+
```
|
849
|
+
{{ if (eq .Type "STS") }}
|
850
|
+
{{ printf "vault-%s-%s" (unix_time) (random 20) | truncate 32 }}
|
851
|
+
{{ else }}
|
852
|
+
{{ printf "vault-%s-%s-%s" (printf "%s-%s" (.DisplayName) (.PolicyName) | truncate 42) (unix_time) (random 20) | truncate 64 }}
|
853
|
+
{{ end }}
|
854
|
+
|
855
|
+
```
|
797
856
|
:param pulumi.Input[str] secret_key: The AWS Secret Access Key to use when generating new credentials.
|
798
857
|
:param pulumi.Input[str] sts_endpoint: Specifies a custom HTTP STS endpoint to use.
|
799
858
|
:param pulumi.Input[str] username_template: Template describing how dynamic usernames are generated. The username template is used to generate both IAM usernames (capped at 64 characters) and STS usernames (capped at 32 characters). If no template is provided the field defaults to the template:
|
@@ -911,7 +970,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
911
970
|
"""
|
912
971
|
The namespace to provision the resource in.
|
913
972
|
The value should not contain leading or trailing forward slashes.
|
914
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
973
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
915
974
|
*Available only for Vault Enterprise*.
|
916
975
|
"""
|
917
976
|
return pulumi.get(self, "namespace")
|
@@ -938,6 +997,15 @@ class SecretBackend(pulumi.CustomResource):
|
|
938
997
|
def role_arn(self) -> pulumi.Output[Optional[str]]:
|
939
998
|
"""
|
940
999
|
Role ARN to assume for plugin identity token federation. Requires Vault 1.16+.
|
1000
|
+
|
1001
|
+
```
|
1002
|
+
{{ if (eq .Type "STS") }}
|
1003
|
+
{{ printf "vault-%s-%s" (unix_time) (random 20) | truncate 32 }}
|
1004
|
+
{{ else }}
|
1005
|
+
{{ printf "vault-%s-%s-%s" (printf "%s-%s" (.DisplayName) (.PolicyName) | truncate 42) (unix_time) (random 20) | truncate 64 }}
|
1006
|
+
{{ end }}
|
1007
|
+
|
1008
|
+
```
|
941
1009
|
"""
|
942
1010
|
return pulumi.get(self, "role_arn")
|
943
1011
|
|