pulumi-vault 5.21.0a1710160723__py3-none-any.whl → 6.5.0a1736850018__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +52 -0
- pulumi_vault/_inputs.py +560 -0
- pulumi_vault/_utilities.py +41 -5
- pulumi_vault/ad/get_access_credentials.py +22 -7
- pulumi_vault/ad/secret_backend.py +14 -144
- pulumi_vault/ad/secret_library.py +14 -11
- pulumi_vault/ad/secret_role.py +12 -11
- pulumi_vault/alicloud/auth_backend_role.py +74 -192
- pulumi_vault/approle/auth_backend_login.py +12 -11
- pulumi_vault/approle/auth_backend_role.py +75 -193
- pulumi_vault/approle/auth_backend_role_secret_id.py +106 -11
- pulumi_vault/approle/get_auth_backend_role_id.py +18 -9
- pulumi_vault/audit.py +24 -27
- pulumi_vault/audit_request_header.py +11 -6
- pulumi_vault/auth_backend.py +64 -12
- pulumi_vault/aws/auth_backend_cert.py +12 -7
- pulumi_vault/aws/auth_backend_client.py +265 -24
- pulumi_vault/aws/auth_backend_config_identity.py +12 -11
- pulumi_vault/aws/auth_backend_identity_whitelist.py +18 -17
- pulumi_vault/aws/auth_backend_login.py +19 -22
- pulumi_vault/aws/auth_backend_role.py +75 -193
- pulumi_vault/aws/auth_backend_role_tag.py +12 -7
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -17
- pulumi_vault/aws/auth_backend_sts_role.py +12 -11
- pulumi_vault/aws/get_access_credentials.py +34 -7
- pulumi_vault/aws/get_static_access_credentials.py +19 -5
- pulumi_vault/aws/secret_backend.py +75 -7
- pulumi_vault/aws/secret_backend_role.py +183 -11
- pulumi_vault/aws/secret_backend_static_role.py +14 -11
- pulumi_vault/azure/_inputs.py +24 -0
- pulumi_vault/azure/auth_backend_config.py +151 -17
- pulumi_vault/azure/auth_backend_role.py +75 -193
- pulumi_vault/azure/backend.py +223 -29
- pulumi_vault/azure/backend_role.py +42 -41
- pulumi_vault/azure/get_access_credentials.py +39 -11
- pulumi_vault/azure/outputs.py +5 -0
- pulumi_vault/cert_auth_backend_role.py +87 -271
- pulumi_vault/config/__init__.pyi +5 -0
- pulumi_vault/config/_inputs.py +73 -0
- pulumi_vault/config/outputs.py +35 -0
- pulumi_vault/config/ui_custom_message.py +529 -0
- pulumi_vault/config/vars.py +5 -0
- pulumi_vault/consul/secret_backend.py +22 -25
- pulumi_vault/consul/secret_backend_role.py +14 -80
- pulumi_vault/database/_inputs.py +2770 -881
- pulumi_vault/database/outputs.py +721 -838
- pulumi_vault/database/secret_backend_connection.py +117 -114
- pulumi_vault/database/secret_backend_role.py +29 -24
- pulumi_vault/database/secret_backend_static_role.py +85 -15
- pulumi_vault/database/secrets_mount.py +425 -138
- pulumi_vault/egp_policy.py +16 -15
- pulumi_vault/gcp/_inputs.py +111 -0
- pulumi_vault/gcp/auth_backend.py +248 -35
- pulumi_vault/gcp/auth_backend_role.py +75 -271
- pulumi_vault/gcp/get_auth_backend_role.py +43 -9
- pulumi_vault/gcp/outputs.py +5 -0
- pulumi_vault/gcp/secret_backend.py +287 -16
- pulumi_vault/gcp/secret_impersonated_account.py +74 -17
- pulumi_vault/gcp/secret_roleset.py +29 -26
- pulumi_vault/gcp/secret_static_account.py +37 -34
- pulumi_vault/generic/endpoint.py +22 -21
- pulumi_vault/generic/get_secret.py +68 -12
- pulumi_vault/generic/secret.py +19 -14
- pulumi_vault/get_auth_backend.py +24 -11
- pulumi_vault/get_auth_backends.py +33 -11
- pulumi_vault/get_namespace.py +226 -0
- pulumi_vault/get_namespaces.py +153 -0
- pulumi_vault/get_nomad_access_token.py +31 -15
- pulumi_vault/get_policy_document.py +34 -23
- pulumi_vault/get_raft_autopilot_state.py +29 -14
- pulumi_vault/github/_inputs.py +55 -0
- pulumi_vault/github/auth_backend.py +17 -16
- pulumi_vault/github/outputs.py +5 -0
- pulumi_vault/github/team.py +14 -13
- pulumi_vault/github/user.py +14 -13
- pulumi_vault/identity/entity.py +18 -15
- pulumi_vault/identity/entity_alias.py +18 -15
- pulumi_vault/identity/entity_policies.py +24 -19
- pulumi_vault/identity/get_entity.py +40 -14
- pulumi_vault/identity/get_group.py +45 -13
- pulumi_vault/identity/get_oidc_client_creds.py +21 -11
- pulumi_vault/identity/get_oidc_openid_config.py +39 -13
- pulumi_vault/identity/get_oidc_public_keys.py +29 -14
- pulumi_vault/identity/group.py +50 -49
- pulumi_vault/identity/group_alias.py +14 -11
- pulumi_vault/identity/group_member_entity_ids.py +24 -74
- pulumi_vault/identity/group_member_group_ids.py +36 -27
- pulumi_vault/identity/group_policies.py +16 -15
- pulumi_vault/identity/mfa_duo.py +9 -8
- pulumi_vault/identity/mfa_login_enforcement.py +13 -8
- pulumi_vault/identity/mfa_okta.py +9 -8
- pulumi_vault/identity/mfa_pingid.py +5 -4
- pulumi_vault/identity/mfa_totp.py +5 -4
- pulumi_vault/identity/oidc.py +12 -11
- pulumi_vault/identity/oidc_assignment.py +22 -13
- pulumi_vault/identity/oidc_client.py +34 -25
- pulumi_vault/identity/oidc_key.py +28 -19
- pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -19
- pulumi_vault/identity/oidc_provider.py +34 -23
- pulumi_vault/identity/oidc_role.py +40 -27
- pulumi_vault/identity/oidc_scope.py +18 -15
- pulumi_vault/identity/outputs.py +8 -3
- pulumi_vault/jwt/_inputs.py +55 -0
- pulumi_vault/jwt/auth_backend.py +39 -46
- pulumi_vault/jwt/auth_backend_role.py +131 -260
- pulumi_vault/jwt/outputs.py +5 -0
- pulumi_vault/kmip/secret_backend.py +22 -21
- pulumi_vault/kmip/secret_role.py +12 -11
- pulumi_vault/kmip/secret_scope.py +12 -11
- pulumi_vault/kubernetes/auth_backend_config.py +55 -7
- pulumi_vault/kubernetes/auth_backend_role.py +68 -179
- pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
- pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
- pulumi_vault/kubernetes/get_service_account_token.py +39 -15
- pulumi_vault/kubernetes/secret_backend.py +314 -29
- pulumi_vault/kubernetes/secret_backend_role.py +135 -56
- pulumi_vault/kv/_inputs.py +36 -4
- pulumi_vault/kv/get_secret.py +23 -12
- pulumi_vault/kv/get_secret_subkeys_v2.py +31 -14
- pulumi_vault/kv/get_secret_v2.py +89 -9
- pulumi_vault/kv/get_secrets_list.py +22 -15
- pulumi_vault/kv/get_secrets_list_v2.py +35 -19
- pulumi_vault/kv/outputs.py +8 -3
- pulumi_vault/kv/secret.py +19 -18
- pulumi_vault/kv/secret_backend_v2.py +12 -11
- pulumi_vault/kv/secret_v2.py +55 -52
- pulumi_vault/ldap/auth_backend.py +125 -168
- pulumi_vault/ldap/auth_backend_group.py +12 -11
- pulumi_vault/ldap/auth_backend_user.py +12 -11
- pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
- pulumi_vault/ldap/get_static_credentials.py +24 -5
- pulumi_vault/ldap/secret_backend.py +352 -84
- pulumi_vault/ldap/secret_backend_dynamic_role.py +12 -11
- pulumi_vault/ldap/secret_backend_library_set.py +14 -11
- pulumi_vault/ldap/secret_backend_static_role.py +67 -12
- pulumi_vault/managed/_inputs.py +289 -132
- pulumi_vault/managed/keys.py +27 -43
- pulumi_vault/managed/outputs.py +89 -132
- pulumi_vault/mfa_duo.py +16 -13
- pulumi_vault/mfa_okta.py +16 -13
- pulumi_vault/mfa_pingid.py +16 -13
- pulumi_vault/mfa_totp.py +22 -19
- pulumi_vault/mongodbatlas/secret_backend.py +18 -17
- pulumi_vault/mongodbatlas/secret_role.py +41 -38
- pulumi_vault/mount.py +389 -65
- pulumi_vault/namespace.py +26 -21
- pulumi_vault/nomad_secret_backend.py +16 -15
- pulumi_vault/nomad_secret_role.py +12 -11
- pulumi_vault/okta/_inputs.py +47 -8
- pulumi_vault/okta/auth_backend.py +483 -41
- pulumi_vault/okta/auth_backend_group.py +12 -11
- pulumi_vault/okta/auth_backend_user.py +12 -11
- pulumi_vault/okta/outputs.py +13 -8
- pulumi_vault/outputs.py +5 -0
- pulumi_vault/password_policy.py +18 -15
- pulumi_vault/pkisecret/__init__.py +3 -0
- pulumi_vault/pkisecret/_inputs.py +81 -0
- pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
- pulumi_vault/pkisecret/backend_config_est.py +619 -0
- pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
- pulumi_vault/pkisecret/get_backend_issuer.py +63 -7
- pulumi_vault/pkisecret/get_backend_issuers.py +21 -12
- pulumi_vault/pkisecret/get_backend_key.py +24 -13
- pulumi_vault/pkisecret/get_backend_keys.py +21 -12
- pulumi_vault/pkisecret/outputs.py +69 -0
- pulumi_vault/pkisecret/secret_backend_cert.py +18 -15
- pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -15
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +12 -11
- pulumi_vault/pkisecret/secret_backend_config_urls.py +59 -11
- pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -13
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -15
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -21
- pulumi_vault/pkisecret/secret_backend_issuer.py +12 -11
- pulumi_vault/pkisecret/secret_backend_key.py +12 -7
- pulumi_vault/pkisecret/secret_backend_role.py +19 -16
- pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -52
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -62
- pulumi_vault/pkisecret/secret_backend_sign.py +18 -60
- pulumi_vault/plugin.py +595 -0
- pulumi_vault/plugin_pinned_version.py +298 -0
- pulumi_vault/policy.py +12 -7
- pulumi_vault/provider.py +48 -53
- pulumi_vault/pulumi-plugin.json +2 -1
- pulumi_vault/quota_lease_count.py +58 -8
- pulumi_vault/quota_rate_limit.py +54 -4
- pulumi_vault/rabbitmq/_inputs.py +61 -0
- pulumi_vault/rabbitmq/outputs.py +5 -0
- pulumi_vault/rabbitmq/secret_backend.py +16 -15
- pulumi_vault/rabbitmq/secret_backend_role.py +52 -49
- pulumi_vault/raft_autopilot.py +12 -11
- pulumi_vault/raft_snapshot_agent_config.py +121 -311
- pulumi_vault/rgp_policy.py +14 -13
- pulumi_vault/saml/auth_backend.py +20 -19
- pulumi_vault/saml/auth_backend_role.py +90 -199
- pulumi_vault/secrets/__init__.py +3 -0
- pulumi_vault/secrets/_inputs.py +110 -0
- pulumi_vault/secrets/outputs.py +94 -0
- pulumi_vault/secrets/sync_association.py +56 -75
- pulumi_vault/secrets/sync_aws_destination.py +240 -29
- pulumi_vault/secrets/sync_azure_destination.py +90 -33
- pulumi_vault/secrets/sync_config.py +7 -6
- pulumi_vault/secrets/sync_gcp_destination.py +156 -27
- pulumi_vault/secrets/sync_gh_destination.py +187 -15
- pulumi_vault/secrets/sync_github_apps.py +375 -0
- pulumi_vault/secrets/sync_vercel_destination.py +72 -15
- pulumi_vault/ssh/_inputs.py +28 -32
- pulumi_vault/ssh/outputs.py +11 -32
- pulumi_vault/ssh/secret_backend_ca.py +106 -11
- pulumi_vault/ssh/secret_backend_role.py +83 -120
- pulumi_vault/terraformcloud/secret_backend.py +5 -56
- pulumi_vault/terraformcloud/secret_creds.py +14 -24
- pulumi_vault/terraformcloud/secret_role.py +14 -76
- pulumi_vault/token.py +26 -25
- pulumi_vault/tokenauth/auth_backend_role.py +76 -201
- pulumi_vault/transform/alphabet.py +16 -13
- pulumi_vault/transform/get_decode.py +45 -21
- pulumi_vault/transform/get_encode.py +45 -21
- pulumi_vault/transform/role.py +16 -13
- pulumi_vault/transform/template.py +30 -25
- pulumi_vault/transform/transformation.py +12 -7
- pulumi_vault/transit/get_decrypt.py +26 -25
- pulumi_vault/transit/get_encrypt.py +24 -19
- pulumi_vault/transit/secret_backend_key.py +25 -97
- pulumi_vault/transit/secret_cache_config.py +12 -11
- {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736850018.dist-info}/METADATA +8 -7
- pulumi_vault-6.5.0a1736850018.dist-info/RECORD +256 -0
- {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736850018.dist-info}/WHEEL +1 -1
- pulumi_vault-5.21.0a1710160723.dist-info/RECORD +0 -244
- {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736850018.dist-info}/top_level.txt +0 -0
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
|
12
17
|
__all__ = ['SecretBackendRoleArgs', 'SecretBackendRole']
|
@@ -17,7 +22,7 @@ class SecretBackendRoleArgs:
|
|
17
22
|
backend: pulumi.Input[str],
|
18
23
|
creation_statements: pulumi.Input[Sequence[pulumi.Input[str]]],
|
19
24
|
db_name: pulumi.Input[str],
|
20
|
-
credential_config: Optional[pulumi.Input[Mapping[str,
|
25
|
+
credential_config: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
21
26
|
credential_type: Optional[pulumi.Input[str]] = None,
|
22
27
|
default_ttl: Optional[pulumi.Input[int]] = None,
|
23
28
|
max_ttl: Optional[pulumi.Input[int]] = None,
|
@@ -33,7 +38,7 @@ class SecretBackendRoleArgs:
|
|
33
38
|
creating a user.
|
34
39
|
:param pulumi.Input[str] db_name: The unique name of the database connection to use for
|
35
40
|
the role.
|
36
|
-
:param pulumi.Input[Mapping[str,
|
41
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] credential_config: Specifies the configuration
|
37
42
|
for the given `credential_type`.
|
38
43
|
|
39
44
|
The following options are available for each `credential_type` value:
|
@@ -118,7 +123,7 @@ class SecretBackendRoleArgs:
|
|
118
123
|
|
119
124
|
@property
|
120
125
|
@pulumi.getter(name="credentialConfig")
|
121
|
-
def credential_config(self) -> Optional[pulumi.Input[Mapping[str,
|
126
|
+
def credential_config(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
|
122
127
|
"""
|
123
128
|
Specifies the configuration
|
124
129
|
for the given `credential_type`.
|
@@ -128,7 +133,7 @@ class SecretBackendRoleArgs:
|
|
128
133
|
return pulumi.get(self, "credential_config")
|
129
134
|
|
130
135
|
@credential_config.setter
|
131
|
-
def credential_config(self, value: Optional[pulumi.Input[Mapping[str,
|
136
|
+
def credential_config(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
|
132
137
|
pulumi.set(self, "credential_config", value)
|
133
138
|
|
134
139
|
@property
|
@@ -243,7 +248,7 @@ class _SecretBackendRoleState:
|
|
243
248
|
def __init__(__self__, *,
|
244
249
|
backend: Optional[pulumi.Input[str]] = None,
|
245
250
|
creation_statements: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
246
|
-
credential_config: Optional[pulumi.Input[Mapping[str,
|
251
|
+
credential_config: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
247
252
|
credential_type: Optional[pulumi.Input[str]] = None,
|
248
253
|
db_name: Optional[pulumi.Input[str]] = None,
|
249
254
|
default_ttl: Optional[pulumi.Input[int]] = None,
|
@@ -258,7 +263,7 @@ class _SecretBackendRoleState:
|
|
258
263
|
:param pulumi.Input[str] backend: The unique name of the Vault mount to configure.
|
259
264
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] creation_statements: The database statements to execute when
|
260
265
|
creating a user.
|
261
|
-
:param pulumi.Input[Mapping[str,
|
266
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] credential_config: Specifies the configuration
|
262
267
|
for the given `credential_type`.
|
263
268
|
|
264
269
|
The following options are available for each `credential_type` value:
|
@@ -335,7 +340,7 @@ class _SecretBackendRoleState:
|
|
335
340
|
|
336
341
|
@property
|
337
342
|
@pulumi.getter(name="credentialConfig")
|
338
|
-
def credential_config(self) -> Optional[pulumi.Input[Mapping[str,
|
343
|
+
def credential_config(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
|
339
344
|
"""
|
340
345
|
Specifies the configuration
|
341
346
|
for the given `credential_type`.
|
@@ -345,7 +350,7 @@ class _SecretBackendRoleState:
|
|
345
350
|
return pulumi.get(self, "credential_config")
|
346
351
|
|
347
352
|
@credential_config.setter
|
348
|
-
def credential_config(self, value: Optional[pulumi.Input[Mapping[str,
|
353
|
+
def credential_config(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
|
349
354
|
pulumi.set(self, "credential_config", value)
|
350
355
|
|
351
356
|
@property
|
@@ -475,7 +480,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
475
480
|
opts: Optional[pulumi.ResourceOptions] = None,
|
476
481
|
backend: Optional[pulumi.Input[str]] = None,
|
477
482
|
creation_statements: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
478
|
-
credential_config: Optional[pulumi.Input[Mapping[str,
|
483
|
+
credential_config: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
479
484
|
credential_type: Optional[pulumi.Input[str]] = None,
|
480
485
|
db_name: Optional[pulumi.Input[str]] = None,
|
481
486
|
default_ttl: Optional[pulumi.Input[int]] = None,
|
@@ -489,7 +494,6 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
489
494
|
"""
|
490
495
|
## Example Usage
|
491
496
|
|
492
|
-
<!--Start PulumiCodeChooser -->
|
493
497
|
```python
|
494
498
|
import pulumi
|
495
499
|
import pulumi_vault as vault
|
@@ -499,19 +503,20 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
499
503
|
type="database")
|
500
504
|
postgres = vault.database.SecretBackendConnection("postgres",
|
501
505
|
backend=db.path,
|
506
|
+
name="postgres",
|
502
507
|
allowed_roles=[
|
503
508
|
"dev",
|
504
509
|
"prod",
|
505
510
|
],
|
506
|
-
postgresql=
|
507
|
-
connection_url
|
508
|
-
)
|
511
|
+
postgresql={
|
512
|
+
"connection_url": "postgres://username:password@host:port/database",
|
513
|
+
})
|
509
514
|
role = vault.database.SecretBackendRole("role",
|
510
515
|
backend=db.path,
|
516
|
+
name="dev",
|
511
517
|
db_name=postgres.name,
|
512
518
|
creation_statements=["CREATE ROLE \\"{{name}}\\" WITH LOGIN PASSWORD '{{password}}' VALID UNTIL '{{expiration}}';"])
|
513
519
|
```
|
514
|
-
<!--End PulumiCodeChooser -->
|
515
520
|
|
516
521
|
## Import
|
517
522
|
|
@@ -526,7 +531,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
526
531
|
:param pulumi.Input[str] backend: The unique name of the Vault mount to configure.
|
527
532
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] creation_statements: The database statements to execute when
|
528
533
|
creating a user.
|
529
|
-
:param pulumi.Input[Mapping[str,
|
534
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] credential_config: Specifies the configuration
|
530
535
|
for the given `credential_type`.
|
531
536
|
|
532
537
|
The following options are available for each `credential_type` value:
|
@@ -560,7 +565,6 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
560
565
|
"""
|
561
566
|
## Example Usage
|
562
567
|
|
563
|
-
<!--Start PulumiCodeChooser -->
|
564
568
|
```python
|
565
569
|
import pulumi
|
566
570
|
import pulumi_vault as vault
|
@@ -570,19 +574,20 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
570
574
|
type="database")
|
571
575
|
postgres = vault.database.SecretBackendConnection("postgres",
|
572
576
|
backend=db.path,
|
577
|
+
name="postgres",
|
573
578
|
allowed_roles=[
|
574
579
|
"dev",
|
575
580
|
"prod",
|
576
581
|
],
|
577
|
-
postgresql=
|
578
|
-
connection_url
|
579
|
-
)
|
582
|
+
postgresql={
|
583
|
+
"connection_url": "postgres://username:password@host:port/database",
|
584
|
+
})
|
580
585
|
role = vault.database.SecretBackendRole("role",
|
581
586
|
backend=db.path,
|
587
|
+
name="dev",
|
582
588
|
db_name=postgres.name,
|
583
589
|
creation_statements=["CREATE ROLE \\"{{name}}\\" WITH LOGIN PASSWORD '{{password}}' VALID UNTIL '{{expiration}}';"])
|
584
590
|
```
|
585
|
-
<!--End PulumiCodeChooser -->
|
586
591
|
|
587
592
|
## Import
|
588
593
|
|
@@ -609,7 +614,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
609
614
|
opts: Optional[pulumi.ResourceOptions] = None,
|
610
615
|
backend: Optional[pulumi.Input[str]] = None,
|
611
616
|
creation_statements: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
612
|
-
credential_config: Optional[pulumi.Input[Mapping[str,
|
617
|
+
credential_config: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
613
618
|
credential_type: Optional[pulumi.Input[str]] = None,
|
614
619
|
db_name: Optional[pulumi.Input[str]] = None,
|
615
620
|
default_ttl: Optional[pulumi.Input[int]] = None,
|
@@ -658,7 +663,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
658
663
|
opts: Optional[pulumi.ResourceOptions] = None,
|
659
664
|
backend: Optional[pulumi.Input[str]] = None,
|
660
665
|
creation_statements: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
661
|
-
credential_config: Optional[pulumi.Input[Mapping[str,
|
666
|
+
credential_config: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
662
667
|
credential_type: Optional[pulumi.Input[str]] = None,
|
663
668
|
db_name: Optional[pulumi.Input[str]] = None,
|
664
669
|
default_ttl: Optional[pulumi.Input[int]] = None,
|
@@ -678,7 +683,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
678
683
|
:param pulumi.Input[str] backend: The unique name of the Vault mount to configure.
|
679
684
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] creation_statements: The database statements to execute when
|
680
685
|
creating a user.
|
681
|
-
:param pulumi.Input[Mapping[str,
|
686
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] credential_config: Specifies the configuration
|
682
687
|
for the given `credential_type`.
|
683
688
|
|
684
689
|
The following options are available for each `credential_type` value:
|
@@ -740,7 +745,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
740
745
|
|
741
746
|
@property
|
742
747
|
@pulumi.getter(name="credentialConfig")
|
743
|
-
def credential_config(self) -> pulumi.Output[Optional[Mapping[str,
|
748
|
+
def credential_config(self) -> pulumi.Output[Optional[Mapping[str, str]]]:
|
744
749
|
"""
|
745
750
|
Specifies the configuration
|
746
751
|
for the given `credential_type`.
|
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
|
12
17
|
__all__ = ['SecretBackendStaticRoleArgs', 'SecretBackendStaticRole']
|
@@ -22,7 +27,8 @@ class SecretBackendStaticRoleArgs:
|
|
22
27
|
rotation_period: Optional[pulumi.Input[int]] = None,
|
23
28
|
rotation_schedule: Optional[pulumi.Input[str]] = None,
|
24
29
|
rotation_statements: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
25
|
-
rotation_window: Optional[pulumi.Input[int]] = None
|
30
|
+
rotation_window: Optional[pulumi.Input[int]] = None,
|
31
|
+
self_managed_password: Optional[pulumi.Input[str]] = None):
|
26
32
|
"""
|
27
33
|
The set of arguments for constructing a SecretBackendStaticRole resource.
|
28
34
|
:param pulumi.Input[str] backend: The unique name of the Vault mount to configure.
|
@@ -43,6 +49,9 @@ class SecretBackendStaticRoleArgs:
|
|
43
49
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] rotation_statements: Database statements to execute to rotate the password for the configured database user.
|
44
50
|
:param pulumi.Input[int] rotation_window: The amount of time, in seconds, in which rotations are allowed to occur starting
|
45
51
|
from a given `rotation_schedule`.
|
52
|
+
:param pulumi.Input[str] self_managed_password: The password corresponding to the username in the database.
|
53
|
+
Required when using the Rootless Password Rotation workflow for static roles. Only enabled for
|
54
|
+
select DB engines (Postgres). Requires Vault 1.18+ Enterprise.
|
46
55
|
"""
|
47
56
|
pulumi.set(__self__, "backend", backend)
|
48
57
|
pulumi.set(__self__, "db_name", db_name)
|
@@ -59,6 +68,8 @@ class SecretBackendStaticRoleArgs:
|
|
59
68
|
pulumi.set(__self__, "rotation_statements", rotation_statements)
|
60
69
|
if rotation_window is not None:
|
61
70
|
pulumi.set(__self__, "rotation_window", rotation_window)
|
71
|
+
if self_managed_password is not None:
|
72
|
+
pulumi.set(__self__, "self_managed_password", self_managed_password)
|
62
73
|
|
63
74
|
@property
|
64
75
|
@pulumi.getter
|
@@ -177,6 +188,20 @@ class SecretBackendStaticRoleArgs:
|
|
177
188
|
def rotation_window(self, value: Optional[pulumi.Input[int]]):
|
178
189
|
pulumi.set(self, "rotation_window", value)
|
179
190
|
|
191
|
+
@property
|
192
|
+
@pulumi.getter(name="selfManagedPassword")
|
193
|
+
def self_managed_password(self) -> Optional[pulumi.Input[str]]:
|
194
|
+
"""
|
195
|
+
The password corresponding to the username in the database.
|
196
|
+
Required when using the Rootless Password Rotation workflow for static roles. Only enabled for
|
197
|
+
select DB engines (Postgres). Requires Vault 1.18+ Enterprise.
|
198
|
+
"""
|
199
|
+
return pulumi.get(self, "self_managed_password")
|
200
|
+
|
201
|
+
@self_managed_password.setter
|
202
|
+
def self_managed_password(self, value: Optional[pulumi.Input[str]]):
|
203
|
+
pulumi.set(self, "self_managed_password", value)
|
204
|
+
|
180
205
|
|
181
206
|
@pulumi.input_type
|
182
207
|
class _SecretBackendStaticRoleState:
|
@@ -189,6 +214,7 @@ class _SecretBackendStaticRoleState:
|
|
189
214
|
rotation_schedule: Optional[pulumi.Input[str]] = None,
|
190
215
|
rotation_statements: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
191
216
|
rotation_window: Optional[pulumi.Input[int]] = None,
|
217
|
+
self_managed_password: Optional[pulumi.Input[str]] = None,
|
192
218
|
username: Optional[pulumi.Input[str]] = None):
|
193
219
|
"""
|
194
220
|
Input properties used for looking up and filtering SecretBackendStaticRole resources.
|
@@ -209,6 +235,9 @@ class _SecretBackendStaticRoleState:
|
|
209
235
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] rotation_statements: Database statements to execute to rotate the password for the configured database user.
|
210
236
|
:param pulumi.Input[int] rotation_window: The amount of time, in seconds, in which rotations are allowed to occur starting
|
211
237
|
from a given `rotation_schedule`.
|
238
|
+
:param pulumi.Input[str] self_managed_password: The password corresponding to the username in the database.
|
239
|
+
Required when using the Rootless Password Rotation workflow for static roles. Only enabled for
|
240
|
+
select DB engines (Postgres). Requires Vault 1.18+ Enterprise.
|
212
241
|
:param pulumi.Input[str] username: The database username that this static role corresponds to.
|
213
242
|
"""
|
214
243
|
if backend is not None:
|
@@ -227,6 +256,8 @@ class _SecretBackendStaticRoleState:
|
|
227
256
|
pulumi.set(__self__, "rotation_statements", rotation_statements)
|
228
257
|
if rotation_window is not None:
|
229
258
|
pulumi.set(__self__, "rotation_window", rotation_window)
|
259
|
+
if self_managed_password is not None:
|
260
|
+
pulumi.set(__self__, "self_managed_password", self_managed_password)
|
230
261
|
if username is not None:
|
231
262
|
pulumi.set(__self__, "username", username)
|
232
263
|
|
@@ -335,6 +366,20 @@ class _SecretBackendStaticRoleState:
|
|
335
366
|
def rotation_window(self, value: Optional[pulumi.Input[int]]):
|
336
367
|
pulumi.set(self, "rotation_window", value)
|
337
368
|
|
369
|
+
@property
|
370
|
+
@pulumi.getter(name="selfManagedPassword")
|
371
|
+
def self_managed_password(self) -> Optional[pulumi.Input[str]]:
|
372
|
+
"""
|
373
|
+
The password corresponding to the username in the database.
|
374
|
+
Required when using the Rootless Password Rotation workflow for static roles. Only enabled for
|
375
|
+
select DB engines (Postgres). Requires Vault 1.18+ Enterprise.
|
376
|
+
"""
|
377
|
+
return pulumi.get(self, "self_managed_password")
|
378
|
+
|
379
|
+
@self_managed_password.setter
|
380
|
+
def self_managed_password(self, value: Optional[pulumi.Input[str]]):
|
381
|
+
pulumi.set(self, "self_managed_password", value)
|
382
|
+
|
338
383
|
@property
|
339
384
|
@pulumi.getter
|
340
385
|
def username(self) -> Optional[pulumi.Input[str]]:
|
@@ -361,6 +406,7 @@ class SecretBackendStaticRole(pulumi.CustomResource):
|
|
361
406
|
rotation_schedule: Optional[pulumi.Input[str]] = None,
|
362
407
|
rotation_statements: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
363
408
|
rotation_window: Optional[pulumi.Input[int]] = None,
|
409
|
+
self_managed_password: Optional[pulumi.Input[str]] = None,
|
364
410
|
username: Optional[pulumi.Input[str]] = None,
|
365
411
|
__props__=None):
|
366
412
|
"""
|
@@ -370,7 +416,6 @@ class SecretBackendStaticRole(pulumi.CustomResource):
|
|
370
416
|
|
371
417
|
## Example Usage
|
372
418
|
|
373
|
-
<!--Start PulumiCodeChooser -->
|
374
419
|
```python
|
375
420
|
import pulumi
|
376
421
|
import pulumi_vault as vault
|
@@ -380,27 +425,29 @@ class SecretBackendStaticRole(pulumi.CustomResource):
|
|
380
425
|
type="database")
|
381
426
|
postgres = vault.database.SecretBackendConnection("postgres",
|
382
427
|
backend=db.path,
|
428
|
+
name="postgres",
|
383
429
|
allowed_roles=["*"],
|
384
|
-
postgresql=
|
385
|
-
connection_url
|
386
|
-
)
|
430
|
+
postgresql={
|
431
|
+
"connection_url": "postgres://username:password@host:port/database",
|
432
|
+
})
|
387
433
|
# configure a static role with period-based rotations
|
388
|
-
period_role = vault.database.SecretBackendStaticRole("
|
434
|
+
period_role = vault.database.SecretBackendStaticRole("period_role",
|
389
435
|
backend=db.path,
|
436
|
+
name="my-period-role",
|
390
437
|
db_name=postgres.name,
|
391
438
|
username="example",
|
392
439
|
rotation_period=3600,
|
393
440
|
rotation_statements=["ALTER USER \\"{{name}}\\" WITH PASSWORD '{{password}}';"])
|
394
441
|
# configure a static role with schedule-based rotations
|
395
|
-
schedule_role = vault.database.SecretBackendStaticRole("
|
442
|
+
schedule_role = vault.database.SecretBackendStaticRole("schedule_role",
|
396
443
|
backend=db.path,
|
444
|
+
name="my-schedule-role",
|
397
445
|
db_name=postgres.name,
|
398
446
|
username="example",
|
399
447
|
rotation_schedule="0 0 * * SAT",
|
400
448
|
rotation_window=172800,
|
401
449
|
rotation_statements=["ALTER USER \\"{{name}}\\" WITH PASSWORD '{{password}}';"])
|
402
450
|
```
|
403
|
-
<!--End PulumiCodeChooser -->
|
404
451
|
|
405
452
|
## Import
|
406
453
|
|
@@ -429,6 +476,9 @@ class SecretBackendStaticRole(pulumi.CustomResource):
|
|
429
476
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] rotation_statements: Database statements to execute to rotate the password for the configured database user.
|
430
477
|
:param pulumi.Input[int] rotation_window: The amount of time, in seconds, in which rotations are allowed to occur starting
|
431
478
|
from a given `rotation_schedule`.
|
479
|
+
:param pulumi.Input[str] self_managed_password: The password corresponding to the username in the database.
|
480
|
+
Required when using the Rootless Password Rotation workflow for static roles. Only enabled for
|
481
|
+
select DB engines (Postgres). Requires Vault 1.18+ Enterprise.
|
432
482
|
:param pulumi.Input[str] username: The database username that this static role corresponds to.
|
433
483
|
"""
|
434
484
|
...
|
@@ -444,7 +494,6 @@ class SecretBackendStaticRole(pulumi.CustomResource):
|
|
444
494
|
|
445
495
|
## Example Usage
|
446
496
|
|
447
|
-
<!--Start PulumiCodeChooser -->
|
448
497
|
```python
|
449
498
|
import pulumi
|
450
499
|
import pulumi_vault as vault
|
@@ -454,27 +503,29 @@ class SecretBackendStaticRole(pulumi.CustomResource):
|
|
454
503
|
type="database")
|
455
504
|
postgres = vault.database.SecretBackendConnection("postgres",
|
456
505
|
backend=db.path,
|
506
|
+
name="postgres",
|
457
507
|
allowed_roles=["*"],
|
458
|
-
postgresql=
|
459
|
-
connection_url
|
460
|
-
)
|
508
|
+
postgresql={
|
509
|
+
"connection_url": "postgres://username:password@host:port/database",
|
510
|
+
})
|
461
511
|
# configure a static role with period-based rotations
|
462
|
-
period_role = vault.database.SecretBackendStaticRole("
|
512
|
+
period_role = vault.database.SecretBackendStaticRole("period_role",
|
463
513
|
backend=db.path,
|
514
|
+
name="my-period-role",
|
464
515
|
db_name=postgres.name,
|
465
516
|
username="example",
|
466
517
|
rotation_period=3600,
|
467
518
|
rotation_statements=["ALTER USER \\"{{name}}\\" WITH PASSWORD '{{password}}';"])
|
468
519
|
# configure a static role with schedule-based rotations
|
469
|
-
schedule_role = vault.database.SecretBackendStaticRole("
|
520
|
+
schedule_role = vault.database.SecretBackendStaticRole("schedule_role",
|
470
521
|
backend=db.path,
|
522
|
+
name="my-schedule-role",
|
471
523
|
db_name=postgres.name,
|
472
524
|
username="example",
|
473
525
|
rotation_schedule="0 0 * * SAT",
|
474
526
|
rotation_window=172800,
|
475
527
|
rotation_statements=["ALTER USER \\"{{name}}\\" WITH PASSWORD '{{password}}';"])
|
476
528
|
```
|
477
|
-
<!--End PulumiCodeChooser -->
|
478
529
|
|
479
530
|
## Import
|
480
531
|
|
@@ -507,6 +558,7 @@ class SecretBackendStaticRole(pulumi.CustomResource):
|
|
507
558
|
rotation_schedule: Optional[pulumi.Input[str]] = None,
|
508
559
|
rotation_statements: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
509
560
|
rotation_window: Optional[pulumi.Input[int]] = None,
|
561
|
+
self_managed_password: Optional[pulumi.Input[str]] = None,
|
510
562
|
username: Optional[pulumi.Input[str]] = None,
|
511
563
|
__props__=None):
|
512
564
|
opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
|
@@ -529,9 +581,12 @@ class SecretBackendStaticRole(pulumi.CustomResource):
|
|
529
581
|
__props__.__dict__["rotation_schedule"] = rotation_schedule
|
530
582
|
__props__.__dict__["rotation_statements"] = rotation_statements
|
531
583
|
__props__.__dict__["rotation_window"] = rotation_window
|
584
|
+
__props__.__dict__["self_managed_password"] = None if self_managed_password is None else pulumi.Output.secret(self_managed_password)
|
532
585
|
if username is None and not opts.urn:
|
533
586
|
raise TypeError("Missing required property 'username'")
|
534
587
|
__props__.__dict__["username"] = username
|
588
|
+
secret_opts = pulumi.ResourceOptions(additional_secret_outputs=["selfManagedPassword"])
|
589
|
+
opts = pulumi.ResourceOptions.merge(opts, secret_opts)
|
535
590
|
super(SecretBackendStaticRole, __self__).__init__(
|
536
591
|
'vault:database/secretBackendStaticRole:SecretBackendStaticRole',
|
537
592
|
resource_name,
|
@@ -550,6 +605,7 @@ class SecretBackendStaticRole(pulumi.CustomResource):
|
|
550
605
|
rotation_schedule: Optional[pulumi.Input[str]] = None,
|
551
606
|
rotation_statements: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
552
607
|
rotation_window: Optional[pulumi.Input[int]] = None,
|
608
|
+
self_managed_password: Optional[pulumi.Input[str]] = None,
|
553
609
|
username: Optional[pulumi.Input[str]] = None) -> 'SecretBackendStaticRole':
|
554
610
|
"""
|
555
611
|
Get an existing SecretBackendStaticRole resource's state with the given name, id, and optional extra
|
@@ -575,6 +631,9 @@ class SecretBackendStaticRole(pulumi.CustomResource):
|
|
575
631
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] rotation_statements: Database statements to execute to rotate the password for the configured database user.
|
576
632
|
:param pulumi.Input[int] rotation_window: The amount of time, in seconds, in which rotations are allowed to occur starting
|
577
633
|
from a given `rotation_schedule`.
|
634
|
+
:param pulumi.Input[str] self_managed_password: The password corresponding to the username in the database.
|
635
|
+
Required when using the Rootless Password Rotation workflow for static roles. Only enabled for
|
636
|
+
select DB engines (Postgres). Requires Vault 1.18+ Enterprise.
|
578
637
|
:param pulumi.Input[str] username: The database username that this static role corresponds to.
|
579
638
|
"""
|
580
639
|
opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
|
@@ -589,6 +648,7 @@ class SecretBackendStaticRole(pulumi.CustomResource):
|
|
589
648
|
__props__.__dict__["rotation_schedule"] = rotation_schedule
|
590
649
|
__props__.__dict__["rotation_statements"] = rotation_statements
|
591
650
|
__props__.__dict__["rotation_window"] = rotation_window
|
651
|
+
__props__.__dict__["self_managed_password"] = self_managed_password
|
592
652
|
__props__.__dict__["username"] = username
|
593
653
|
return SecretBackendStaticRole(resource_name, opts=opts, __props__=__props__)
|
594
654
|
|
@@ -665,6 +725,16 @@ class SecretBackendStaticRole(pulumi.CustomResource):
|
|
665
725
|
"""
|
666
726
|
return pulumi.get(self, "rotation_window")
|
667
727
|
|
728
|
+
@property
|
729
|
+
@pulumi.getter(name="selfManagedPassword")
|
730
|
+
def self_managed_password(self) -> pulumi.Output[Optional[str]]:
|
731
|
+
"""
|
732
|
+
The password corresponding to the username in the database.
|
733
|
+
Required when using the Rootless Password Rotation workflow for static roles. Only enabled for
|
734
|
+
select DB engines (Postgres). Requires Vault 1.18+ Enterprise.
|
735
|
+
"""
|
736
|
+
return pulumi.get(self, "self_managed_password")
|
737
|
+
|
668
738
|
@property
|
669
739
|
@pulumi.getter
|
670
740
|
def username(self) -> pulumi.Output[str]:
|