pulumi-vault 5.21.0a1710160723__py3-none-any.whl → 6.5.0a1736850018__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +52 -0
- pulumi_vault/_inputs.py +560 -0
- pulumi_vault/_utilities.py +41 -5
- pulumi_vault/ad/get_access_credentials.py +22 -7
- pulumi_vault/ad/secret_backend.py +14 -144
- pulumi_vault/ad/secret_library.py +14 -11
- pulumi_vault/ad/secret_role.py +12 -11
- pulumi_vault/alicloud/auth_backend_role.py +74 -192
- pulumi_vault/approle/auth_backend_login.py +12 -11
- pulumi_vault/approle/auth_backend_role.py +75 -193
- pulumi_vault/approle/auth_backend_role_secret_id.py +106 -11
- pulumi_vault/approle/get_auth_backend_role_id.py +18 -9
- pulumi_vault/audit.py +24 -27
- pulumi_vault/audit_request_header.py +11 -6
- pulumi_vault/auth_backend.py +64 -12
- pulumi_vault/aws/auth_backend_cert.py +12 -7
- pulumi_vault/aws/auth_backend_client.py +265 -24
- pulumi_vault/aws/auth_backend_config_identity.py +12 -11
- pulumi_vault/aws/auth_backend_identity_whitelist.py +18 -17
- pulumi_vault/aws/auth_backend_login.py +19 -22
- pulumi_vault/aws/auth_backend_role.py +75 -193
- pulumi_vault/aws/auth_backend_role_tag.py +12 -7
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -17
- pulumi_vault/aws/auth_backend_sts_role.py +12 -11
- pulumi_vault/aws/get_access_credentials.py +34 -7
- pulumi_vault/aws/get_static_access_credentials.py +19 -5
- pulumi_vault/aws/secret_backend.py +75 -7
- pulumi_vault/aws/secret_backend_role.py +183 -11
- pulumi_vault/aws/secret_backend_static_role.py +14 -11
- pulumi_vault/azure/_inputs.py +24 -0
- pulumi_vault/azure/auth_backend_config.py +151 -17
- pulumi_vault/azure/auth_backend_role.py +75 -193
- pulumi_vault/azure/backend.py +223 -29
- pulumi_vault/azure/backend_role.py +42 -41
- pulumi_vault/azure/get_access_credentials.py +39 -11
- pulumi_vault/azure/outputs.py +5 -0
- pulumi_vault/cert_auth_backend_role.py +87 -271
- pulumi_vault/config/__init__.pyi +5 -0
- pulumi_vault/config/_inputs.py +73 -0
- pulumi_vault/config/outputs.py +35 -0
- pulumi_vault/config/ui_custom_message.py +529 -0
- pulumi_vault/config/vars.py +5 -0
- pulumi_vault/consul/secret_backend.py +22 -25
- pulumi_vault/consul/secret_backend_role.py +14 -80
- pulumi_vault/database/_inputs.py +2770 -881
- pulumi_vault/database/outputs.py +721 -838
- pulumi_vault/database/secret_backend_connection.py +117 -114
- pulumi_vault/database/secret_backend_role.py +29 -24
- pulumi_vault/database/secret_backend_static_role.py +85 -15
- pulumi_vault/database/secrets_mount.py +425 -138
- pulumi_vault/egp_policy.py +16 -15
- pulumi_vault/gcp/_inputs.py +111 -0
- pulumi_vault/gcp/auth_backend.py +248 -35
- pulumi_vault/gcp/auth_backend_role.py +75 -271
- pulumi_vault/gcp/get_auth_backend_role.py +43 -9
- pulumi_vault/gcp/outputs.py +5 -0
- pulumi_vault/gcp/secret_backend.py +287 -16
- pulumi_vault/gcp/secret_impersonated_account.py +74 -17
- pulumi_vault/gcp/secret_roleset.py +29 -26
- pulumi_vault/gcp/secret_static_account.py +37 -34
- pulumi_vault/generic/endpoint.py +22 -21
- pulumi_vault/generic/get_secret.py +68 -12
- pulumi_vault/generic/secret.py +19 -14
- pulumi_vault/get_auth_backend.py +24 -11
- pulumi_vault/get_auth_backends.py +33 -11
- pulumi_vault/get_namespace.py +226 -0
- pulumi_vault/get_namespaces.py +153 -0
- pulumi_vault/get_nomad_access_token.py +31 -15
- pulumi_vault/get_policy_document.py +34 -23
- pulumi_vault/get_raft_autopilot_state.py +29 -14
- pulumi_vault/github/_inputs.py +55 -0
- pulumi_vault/github/auth_backend.py +17 -16
- pulumi_vault/github/outputs.py +5 -0
- pulumi_vault/github/team.py +14 -13
- pulumi_vault/github/user.py +14 -13
- pulumi_vault/identity/entity.py +18 -15
- pulumi_vault/identity/entity_alias.py +18 -15
- pulumi_vault/identity/entity_policies.py +24 -19
- pulumi_vault/identity/get_entity.py +40 -14
- pulumi_vault/identity/get_group.py +45 -13
- pulumi_vault/identity/get_oidc_client_creds.py +21 -11
- pulumi_vault/identity/get_oidc_openid_config.py +39 -13
- pulumi_vault/identity/get_oidc_public_keys.py +29 -14
- pulumi_vault/identity/group.py +50 -49
- pulumi_vault/identity/group_alias.py +14 -11
- pulumi_vault/identity/group_member_entity_ids.py +24 -74
- pulumi_vault/identity/group_member_group_ids.py +36 -27
- pulumi_vault/identity/group_policies.py +16 -15
- pulumi_vault/identity/mfa_duo.py +9 -8
- pulumi_vault/identity/mfa_login_enforcement.py +13 -8
- pulumi_vault/identity/mfa_okta.py +9 -8
- pulumi_vault/identity/mfa_pingid.py +5 -4
- pulumi_vault/identity/mfa_totp.py +5 -4
- pulumi_vault/identity/oidc.py +12 -11
- pulumi_vault/identity/oidc_assignment.py +22 -13
- pulumi_vault/identity/oidc_client.py +34 -25
- pulumi_vault/identity/oidc_key.py +28 -19
- pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -19
- pulumi_vault/identity/oidc_provider.py +34 -23
- pulumi_vault/identity/oidc_role.py +40 -27
- pulumi_vault/identity/oidc_scope.py +18 -15
- pulumi_vault/identity/outputs.py +8 -3
- pulumi_vault/jwt/_inputs.py +55 -0
- pulumi_vault/jwt/auth_backend.py +39 -46
- pulumi_vault/jwt/auth_backend_role.py +131 -260
- pulumi_vault/jwt/outputs.py +5 -0
- pulumi_vault/kmip/secret_backend.py +22 -21
- pulumi_vault/kmip/secret_role.py +12 -11
- pulumi_vault/kmip/secret_scope.py +12 -11
- pulumi_vault/kubernetes/auth_backend_config.py +55 -7
- pulumi_vault/kubernetes/auth_backend_role.py +68 -179
- pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
- pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
- pulumi_vault/kubernetes/get_service_account_token.py +39 -15
- pulumi_vault/kubernetes/secret_backend.py +314 -29
- pulumi_vault/kubernetes/secret_backend_role.py +135 -56
- pulumi_vault/kv/_inputs.py +36 -4
- pulumi_vault/kv/get_secret.py +23 -12
- pulumi_vault/kv/get_secret_subkeys_v2.py +31 -14
- pulumi_vault/kv/get_secret_v2.py +89 -9
- pulumi_vault/kv/get_secrets_list.py +22 -15
- pulumi_vault/kv/get_secrets_list_v2.py +35 -19
- pulumi_vault/kv/outputs.py +8 -3
- pulumi_vault/kv/secret.py +19 -18
- pulumi_vault/kv/secret_backend_v2.py +12 -11
- pulumi_vault/kv/secret_v2.py +55 -52
- pulumi_vault/ldap/auth_backend.py +125 -168
- pulumi_vault/ldap/auth_backend_group.py +12 -11
- pulumi_vault/ldap/auth_backend_user.py +12 -11
- pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
- pulumi_vault/ldap/get_static_credentials.py +24 -5
- pulumi_vault/ldap/secret_backend.py +352 -84
- pulumi_vault/ldap/secret_backend_dynamic_role.py +12 -11
- pulumi_vault/ldap/secret_backend_library_set.py +14 -11
- pulumi_vault/ldap/secret_backend_static_role.py +67 -12
- pulumi_vault/managed/_inputs.py +289 -132
- pulumi_vault/managed/keys.py +27 -43
- pulumi_vault/managed/outputs.py +89 -132
- pulumi_vault/mfa_duo.py +16 -13
- pulumi_vault/mfa_okta.py +16 -13
- pulumi_vault/mfa_pingid.py +16 -13
- pulumi_vault/mfa_totp.py +22 -19
- pulumi_vault/mongodbatlas/secret_backend.py +18 -17
- pulumi_vault/mongodbatlas/secret_role.py +41 -38
- pulumi_vault/mount.py +389 -65
- pulumi_vault/namespace.py +26 -21
- pulumi_vault/nomad_secret_backend.py +16 -15
- pulumi_vault/nomad_secret_role.py +12 -11
- pulumi_vault/okta/_inputs.py +47 -8
- pulumi_vault/okta/auth_backend.py +483 -41
- pulumi_vault/okta/auth_backend_group.py +12 -11
- pulumi_vault/okta/auth_backend_user.py +12 -11
- pulumi_vault/okta/outputs.py +13 -8
- pulumi_vault/outputs.py +5 -0
- pulumi_vault/password_policy.py +18 -15
- pulumi_vault/pkisecret/__init__.py +3 -0
- pulumi_vault/pkisecret/_inputs.py +81 -0
- pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
- pulumi_vault/pkisecret/backend_config_est.py +619 -0
- pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
- pulumi_vault/pkisecret/get_backend_issuer.py +63 -7
- pulumi_vault/pkisecret/get_backend_issuers.py +21 -12
- pulumi_vault/pkisecret/get_backend_key.py +24 -13
- pulumi_vault/pkisecret/get_backend_keys.py +21 -12
- pulumi_vault/pkisecret/outputs.py +69 -0
- pulumi_vault/pkisecret/secret_backend_cert.py +18 -15
- pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -15
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +12 -11
- pulumi_vault/pkisecret/secret_backend_config_urls.py +59 -11
- pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -13
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -15
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -21
- pulumi_vault/pkisecret/secret_backend_issuer.py +12 -11
- pulumi_vault/pkisecret/secret_backend_key.py +12 -7
- pulumi_vault/pkisecret/secret_backend_role.py +19 -16
- pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -52
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -62
- pulumi_vault/pkisecret/secret_backend_sign.py +18 -60
- pulumi_vault/plugin.py +595 -0
- pulumi_vault/plugin_pinned_version.py +298 -0
- pulumi_vault/policy.py +12 -7
- pulumi_vault/provider.py +48 -53
- pulumi_vault/pulumi-plugin.json +2 -1
- pulumi_vault/quota_lease_count.py +58 -8
- pulumi_vault/quota_rate_limit.py +54 -4
- pulumi_vault/rabbitmq/_inputs.py +61 -0
- pulumi_vault/rabbitmq/outputs.py +5 -0
- pulumi_vault/rabbitmq/secret_backend.py +16 -15
- pulumi_vault/rabbitmq/secret_backend_role.py +52 -49
- pulumi_vault/raft_autopilot.py +12 -11
- pulumi_vault/raft_snapshot_agent_config.py +121 -311
- pulumi_vault/rgp_policy.py +14 -13
- pulumi_vault/saml/auth_backend.py +20 -19
- pulumi_vault/saml/auth_backend_role.py +90 -199
- pulumi_vault/secrets/__init__.py +3 -0
- pulumi_vault/secrets/_inputs.py +110 -0
- pulumi_vault/secrets/outputs.py +94 -0
- pulumi_vault/secrets/sync_association.py +56 -75
- pulumi_vault/secrets/sync_aws_destination.py +240 -29
- pulumi_vault/secrets/sync_azure_destination.py +90 -33
- pulumi_vault/secrets/sync_config.py +7 -6
- pulumi_vault/secrets/sync_gcp_destination.py +156 -27
- pulumi_vault/secrets/sync_gh_destination.py +187 -15
- pulumi_vault/secrets/sync_github_apps.py +375 -0
- pulumi_vault/secrets/sync_vercel_destination.py +72 -15
- pulumi_vault/ssh/_inputs.py +28 -32
- pulumi_vault/ssh/outputs.py +11 -32
- pulumi_vault/ssh/secret_backend_ca.py +106 -11
- pulumi_vault/ssh/secret_backend_role.py +83 -120
- pulumi_vault/terraformcloud/secret_backend.py +5 -56
- pulumi_vault/terraformcloud/secret_creds.py +14 -24
- pulumi_vault/terraformcloud/secret_role.py +14 -76
- pulumi_vault/token.py +26 -25
- pulumi_vault/tokenauth/auth_backend_role.py +76 -201
- pulumi_vault/transform/alphabet.py +16 -13
- pulumi_vault/transform/get_decode.py +45 -21
- pulumi_vault/transform/get_encode.py +45 -21
- pulumi_vault/transform/role.py +16 -13
- pulumi_vault/transform/template.py +30 -25
- pulumi_vault/transform/transformation.py +12 -7
- pulumi_vault/transit/get_decrypt.py +26 -25
- pulumi_vault/transit/get_encrypt.py +24 -19
- pulumi_vault/transit/secret_backend_key.py +25 -97
- pulumi_vault/transit/secret_cache_config.py +12 -11
- {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736850018.dist-info}/METADATA +8 -7
- pulumi_vault-6.5.0a1736850018.dist-info/RECORD +256 -0
- {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736850018.dist-info}/WHEEL +1 -1
- pulumi_vault-5.21.0a1710160723.dist-info/RECORD +0 -244
- {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736850018.dist-info}/top_level.txt +0 -0
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
|
12
17
|
__all__ = ['SecretImpersonatedAccountArgs', 'SecretImpersonatedAccount']
|
@@ -18,7 +23,8 @@ class SecretImpersonatedAccountArgs:
|
|
18
23
|
impersonated_account: pulumi.Input[str],
|
19
24
|
service_account_email: pulumi.Input[str],
|
20
25
|
namespace: Optional[pulumi.Input[str]] = None,
|
21
|
-
token_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None
|
26
|
+
token_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
27
|
+
ttl: Optional[pulumi.Input[str]] = None):
|
22
28
|
"""
|
23
29
|
The set of arguments for constructing a SecretImpersonatedAccount resource.
|
24
30
|
:param pulumi.Input[str] backend: Path where the GCP Secrets Engine is mounted
|
@@ -26,6 +32,8 @@ class SecretImpersonatedAccountArgs:
|
|
26
32
|
:param pulumi.Input[str] service_account_email: Email of the GCP service account to impersonate.
|
27
33
|
:param pulumi.Input[str] namespace: Target namespace. (requires Enterprise)
|
28
34
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_scopes: List of OAuth scopes to assign to access tokens generated under this impersonated account.
|
35
|
+
:param pulumi.Input[str] ttl: Specifies the default TTL for service principals generated using this role.
|
36
|
+
Accepts time suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine default TTL time.
|
29
37
|
"""
|
30
38
|
pulumi.set(__self__, "backend", backend)
|
31
39
|
pulumi.set(__self__, "impersonated_account", impersonated_account)
|
@@ -34,6 +42,8 @@ class SecretImpersonatedAccountArgs:
|
|
34
42
|
pulumi.set(__self__, "namespace", namespace)
|
35
43
|
if token_scopes is not None:
|
36
44
|
pulumi.set(__self__, "token_scopes", token_scopes)
|
45
|
+
if ttl is not None:
|
46
|
+
pulumi.set(__self__, "ttl", ttl)
|
37
47
|
|
38
48
|
@property
|
39
49
|
@pulumi.getter
|
@@ -95,6 +105,19 @@ class SecretImpersonatedAccountArgs:
|
|
95
105
|
def token_scopes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
96
106
|
pulumi.set(self, "token_scopes", value)
|
97
107
|
|
108
|
+
@property
|
109
|
+
@pulumi.getter
|
110
|
+
def ttl(self) -> Optional[pulumi.Input[str]]:
|
111
|
+
"""
|
112
|
+
Specifies the default TTL for service principals generated using this role.
|
113
|
+
Accepts time suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine default TTL time.
|
114
|
+
"""
|
115
|
+
return pulumi.get(self, "ttl")
|
116
|
+
|
117
|
+
@ttl.setter
|
118
|
+
def ttl(self, value: Optional[pulumi.Input[str]]):
|
119
|
+
pulumi.set(self, "ttl", value)
|
120
|
+
|
98
121
|
|
99
122
|
@pulumi.input_type
|
100
123
|
class _SecretImpersonatedAccountState:
|
@@ -104,7 +127,8 @@ class _SecretImpersonatedAccountState:
|
|
104
127
|
namespace: Optional[pulumi.Input[str]] = None,
|
105
128
|
service_account_email: Optional[pulumi.Input[str]] = None,
|
106
129
|
service_account_project: Optional[pulumi.Input[str]] = None,
|
107
|
-
token_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None
|
130
|
+
token_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
131
|
+
ttl: Optional[pulumi.Input[str]] = None):
|
108
132
|
"""
|
109
133
|
Input properties used for looking up and filtering SecretImpersonatedAccount resources.
|
110
134
|
:param pulumi.Input[str] backend: Path where the GCP Secrets Engine is mounted
|
@@ -113,6 +137,8 @@ class _SecretImpersonatedAccountState:
|
|
113
137
|
:param pulumi.Input[str] service_account_email: Email of the GCP service account to impersonate.
|
114
138
|
:param pulumi.Input[str] service_account_project: Project the service account belongs to.
|
115
139
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_scopes: List of OAuth scopes to assign to access tokens generated under this impersonated account.
|
140
|
+
:param pulumi.Input[str] ttl: Specifies the default TTL for service principals generated using this role.
|
141
|
+
Accepts time suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine default TTL time.
|
116
142
|
"""
|
117
143
|
if backend is not None:
|
118
144
|
pulumi.set(__self__, "backend", backend)
|
@@ -126,6 +152,8 @@ class _SecretImpersonatedAccountState:
|
|
126
152
|
pulumi.set(__self__, "service_account_project", service_account_project)
|
127
153
|
if token_scopes is not None:
|
128
154
|
pulumi.set(__self__, "token_scopes", token_scopes)
|
155
|
+
if ttl is not None:
|
156
|
+
pulumi.set(__self__, "ttl", ttl)
|
129
157
|
|
130
158
|
@property
|
131
159
|
@pulumi.getter
|
@@ -199,6 +227,19 @@ class _SecretImpersonatedAccountState:
|
|
199
227
|
def token_scopes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
200
228
|
pulumi.set(self, "token_scopes", value)
|
201
229
|
|
230
|
+
@property
|
231
|
+
@pulumi.getter
|
232
|
+
def ttl(self) -> Optional[pulumi.Input[str]]:
|
233
|
+
"""
|
234
|
+
Specifies the default TTL for service principals generated using this role.
|
235
|
+
Accepts time suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine default TTL time.
|
236
|
+
"""
|
237
|
+
return pulumi.get(self, "ttl")
|
238
|
+
|
239
|
+
@ttl.setter
|
240
|
+
def ttl(self, value: Optional[pulumi.Input[str]]):
|
241
|
+
pulumi.set(self, "ttl", value)
|
242
|
+
|
202
243
|
|
203
244
|
class SecretImpersonatedAccount(pulumi.CustomResource):
|
204
245
|
@overload
|
@@ -210,6 +251,7 @@ class SecretImpersonatedAccount(pulumi.CustomResource):
|
|
210
251
|
namespace: Optional[pulumi.Input[str]] = None,
|
211
252
|
service_account_email: Optional[pulumi.Input[str]] = None,
|
212
253
|
token_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
254
|
+
ttl: Optional[pulumi.Input[str]] = None,
|
213
255
|
__props__=None):
|
214
256
|
"""
|
215
257
|
Creates a Impersonated Account in the [GCP Secrets Engine](https://www.vaultproject.io/docs/secrets/gcp/index.html) for Vault.
|
@@ -219,23 +261,22 @@ class SecretImpersonatedAccount(pulumi.CustomResource):
|
|
219
261
|
|
220
262
|
## Example Usage
|
221
263
|
|
222
|
-
<!--Start PulumiCodeChooser -->
|
223
264
|
```python
|
224
265
|
import pulumi
|
225
|
-
import
|
266
|
+
import pulumi_google as google
|
267
|
+
import pulumi_std as std
|
226
268
|
import pulumi_vault as vault
|
227
269
|
|
228
|
-
this =
|
270
|
+
this = google.index.ServiceAccount("this", account_id=my-awesome-account)
|
229
271
|
gcp = vault.gcp.SecretBackend("gcp",
|
230
272
|
path="gcp",
|
231
|
-
credentials=
|
232
|
-
impersonated_account = vault.gcp.SecretImpersonatedAccount("
|
273
|
+
credentials=std.file(input="credentials.json").result)
|
274
|
+
impersonated_account = vault.gcp.SecretImpersonatedAccount("impersonated_account",
|
233
275
|
backend=gcp.path,
|
234
276
|
impersonated_account="this",
|
235
|
-
service_account_email=this
|
277
|
+
service_account_email=this["email"],
|
236
278
|
token_scopes=["https://www.googleapis.com/auth/cloud-platform"])
|
237
279
|
```
|
238
|
-
<!--End PulumiCodeChooser -->
|
239
280
|
|
240
281
|
## Import
|
241
282
|
|
@@ -252,6 +293,8 @@ class SecretImpersonatedAccount(pulumi.CustomResource):
|
|
252
293
|
:param pulumi.Input[str] namespace: Target namespace. (requires Enterprise)
|
253
294
|
:param pulumi.Input[str] service_account_email: Email of the GCP service account to impersonate.
|
254
295
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_scopes: List of OAuth scopes to assign to access tokens generated under this impersonated account.
|
296
|
+
:param pulumi.Input[str] ttl: Specifies the default TTL for service principals generated using this role.
|
297
|
+
Accepts time suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine default TTL time.
|
255
298
|
"""
|
256
299
|
...
|
257
300
|
@overload
|
@@ -267,23 +310,22 @@ class SecretImpersonatedAccount(pulumi.CustomResource):
|
|
267
310
|
|
268
311
|
## Example Usage
|
269
312
|
|
270
|
-
<!--Start PulumiCodeChooser -->
|
271
313
|
```python
|
272
314
|
import pulumi
|
273
|
-
import
|
315
|
+
import pulumi_google as google
|
316
|
+
import pulumi_std as std
|
274
317
|
import pulumi_vault as vault
|
275
318
|
|
276
|
-
this =
|
319
|
+
this = google.index.ServiceAccount("this", account_id=my-awesome-account)
|
277
320
|
gcp = vault.gcp.SecretBackend("gcp",
|
278
321
|
path="gcp",
|
279
|
-
credentials=
|
280
|
-
impersonated_account = vault.gcp.SecretImpersonatedAccount("
|
322
|
+
credentials=std.file(input="credentials.json").result)
|
323
|
+
impersonated_account = vault.gcp.SecretImpersonatedAccount("impersonated_account",
|
281
324
|
backend=gcp.path,
|
282
325
|
impersonated_account="this",
|
283
|
-
service_account_email=this
|
326
|
+
service_account_email=this["email"],
|
284
327
|
token_scopes=["https://www.googleapis.com/auth/cloud-platform"])
|
285
328
|
```
|
286
|
-
<!--End PulumiCodeChooser -->
|
287
329
|
|
288
330
|
## Import
|
289
331
|
|
@@ -313,6 +355,7 @@ class SecretImpersonatedAccount(pulumi.CustomResource):
|
|
313
355
|
namespace: Optional[pulumi.Input[str]] = None,
|
314
356
|
service_account_email: Optional[pulumi.Input[str]] = None,
|
315
357
|
token_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
358
|
+
ttl: Optional[pulumi.Input[str]] = None,
|
316
359
|
__props__=None):
|
317
360
|
opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
|
318
361
|
if not isinstance(opts, pulumi.ResourceOptions):
|
@@ -333,6 +376,7 @@ class SecretImpersonatedAccount(pulumi.CustomResource):
|
|
333
376
|
raise TypeError("Missing required property 'service_account_email'")
|
334
377
|
__props__.__dict__["service_account_email"] = service_account_email
|
335
378
|
__props__.__dict__["token_scopes"] = token_scopes
|
379
|
+
__props__.__dict__["ttl"] = ttl
|
336
380
|
__props__.__dict__["service_account_project"] = None
|
337
381
|
super(SecretImpersonatedAccount, __self__).__init__(
|
338
382
|
'vault:gcp/secretImpersonatedAccount:SecretImpersonatedAccount',
|
@@ -349,7 +393,8 @@ class SecretImpersonatedAccount(pulumi.CustomResource):
|
|
349
393
|
namespace: Optional[pulumi.Input[str]] = None,
|
350
394
|
service_account_email: Optional[pulumi.Input[str]] = None,
|
351
395
|
service_account_project: Optional[pulumi.Input[str]] = None,
|
352
|
-
token_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None
|
396
|
+
token_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
397
|
+
ttl: Optional[pulumi.Input[str]] = None) -> 'SecretImpersonatedAccount':
|
353
398
|
"""
|
354
399
|
Get an existing SecretImpersonatedAccount resource's state with the given name, id, and optional extra
|
355
400
|
properties used to qualify the lookup.
|
@@ -363,6 +408,8 @@ class SecretImpersonatedAccount(pulumi.CustomResource):
|
|
363
408
|
:param pulumi.Input[str] service_account_email: Email of the GCP service account to impersonate.
|
364
409
|
:param pulumi.Input[str] service_account_project: Project the service account belongs to.
|
365
410
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_scopes: List of OAuth scopes to assign to access tokens generated under this impersonated account.
|
411
|
+
:param pulumi.Input[str] ttl: Specifies the default TTL for service principals generated using this role.
|
412
|
+
Accepts time suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine default TTL time.
|
366
413
|
"""
|
367
414
|
opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
|
368
415
|
|
@@ -374,6 +421,7 @@ class SecretImpersonatedAccount(pulumi.CustomResource):
|
|
374
421
|
__props__.__dict__["service_account_email"] = service_account_email
|
375
422
|
__props__.__dict__["service_account_project"] = service_account_project
|
376
423
|
__props__.__dict__["token_scopes"] = token_scopes
|
424
|
+
__props__.__dict__["ttl"] = ttl
|
377
425
|
return SecretImpersonatedAccount(resource_name, opts=opts, __props__=__props__)
|
378
426
|
|
379
427
|
@property
|
@@ -424,3 +472,12 @@ class SecretImpersonatedAccount(pulumi.CustomResource):
|
|
424
472
|
"""
|
425
473
|
return pulumi.get(self, "token_scopes")
|
426
474
|
|
475
|
+
@property
|
476
|
+
@pulumi.getter
|
477
|
+
def ttl(self) -> pulumi.Output[str]:
|
478
|
+
"""
|
479
|
+
Specifies the default TTL for service principals generated using this role.
|
480
|
+
Accepts time suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine default TTL time.
|
481
|
+
"""
|
482
|
+
return pulumi.get(self, "ttl")
|
483
|
+
|
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
from . import outputs
|
12
17
|
from ._inputs import *
|
@@ -31,7 +36,7 @@ class SecretRolesetArgs:
|
|
31
36
|
:param pulumi.Input[str] roleset: Name of the Roleset to create
|
32
37
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
33
38
|
The value should not contain leading or trailing forward slashes.
|
34
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
39
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
35
40
|
*Available only for Vault Enterprise*.
|
36
41
|
:param pulumi.Input[str] secret_type: Type of secret generated for this role set. Accepted values: `access_token`, `service_account_key`. Defaults to `access_token`.
|
37
42
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_scopes: List of OAuth scopes to assign to `access_token` secrets generated under this role set (`access_token` role sets only).
|
@@ -101,7 +106,7 @@ class SecretRolesetArgs:
|
|
101
106
|
"""
|
102
107
|
The namespace to provision the resource in.
|
103
108
|
The value should not contain leading or trailing forward slashes.
|
104
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
109
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
105
110
|
*Available only for Vault Enterprise*.
|
106
111
|
"""
|
107
112
|
return pulumi.get(self, "namespace")
|
@@ -152,7 +157,7 @@ class _SecretRolesetState:
|
|
152
157
|
:param pulumi.Input[Sequence[pulumi.Input['SecretRolesetBindingArgs']]] bindings: Bindings to create for this roleset. This can be specified multiple times for multiple bindings. Structure is documented below.
|
153
158
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
154
159
|
The value should not contain leading or trailing forward slashes.
|
155
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
160
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
156
161
|
*Available only for Vault Enterprise*.
|
157
162
|
:param pulumi.Input[str] project: Name of the GCP project that this roleset's service account will belong to.
|
158
163
|
:param pulumi.Input[str] roleset: Name of the Roleset to create
|
@@ -207,7 +212,7 @@ class _SecretRolesetState:
|
|
207
212
|
"""
|
208
213
|
The namespace to provision the resource in.
|
209
214
|
The value should not contain leading or trailing forward slashes.
|
210
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
215
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
211
216
|
*Available only for Vault Enterprise*.
|
212
217
|
"""
|
213
218
|
return pulumi.get(self, "namespace")
|
@@ -283,7 +288,7 @@ class SecretRoleset(pulumi.CustomResource):
|
|
283
288
|
resource_name: str,
|
284
289
|
opts: Optional[pulumi.ResourceOptions] = None,
|
285
290
|
backend: Optional[pulumi.Input[str]] = None,
|
286
|
-
bindings: Optional[pulumi.Input[Sequence[pulumi.Input[
|
291
|
+
bindings: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretRolesetBindingArgs', 'SecretRolesetBindingArgsDict']]]]] = None,
|
287
292
|
namespace: Optional[pulumi.Input[str]] = None,
|
288
293
|
project: Optional[pulumi.Input[str]] = None,
|
289
294
|
roleset: Optional[pulumi.Input[str]] = None,
|
@@ -297,27 +302,26 @@ class SecretRoleset(pulumi.CustomResource):
|
|
297
302
|
|
298
303
|
## Example Usage
|
299
304
|
|
300
|
-
<!--Start PulumiCodeChooser -->
|
301
305
|
```python
|
302
306
|
import pulumi
|
307
|
+
import pulumi_std as std
|
303
308
|
import pulumi_vault as vault
|
304
309
|
|
305
310
|
project = "my-awesome-project"
|
306
311
|
gcp = vault.gcp.SecretBackend("gcp",
|
307
312
|
path="gcp",
|
308
|
-
credentials=
|
313
|
+
credentials=std.file(input="credentials.json").result)
|
309
314
|
roleset = vault.gcp.SecretRoleset("roleset",
|
310
315
|
backend=gcp.path,
|
311
316
|
roleset="project_viewer",
|
312
317
|
secret_type="access_token",
|
313
318
|
project=project,
|
314
319
|
token_scopes=["https://www.googleapis.com/auth/cloud-platform"],
|
315
|
-
bindings=[
|
316
|
-
resource
|
317
|
-
roles
|
318
|
-
|
320
|
+
bindings=[{
|
321
|
+
"resource": f"//cloudresourcemanager.googleapis.com/projects/{project}",
|
322
|
+
"roles": ["roles/viewer"],
|
323
|
+
}])
|
319
324
|
```
|
320
|
-
<!--End PulumiCodeChooser -->
|
321
325
|
|
322
326
|
## Import
|
323
327
|
|
@@ -330,10 +334,10 @@ class SecretRoleset(pulumi.CustomResource):
|
|
330
334
|
:param str resource_name: The name of the resource.
|
331
335
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
332
336
|
:param pulumi.Input[str] backend: Path where the GCP Secrets Engine is mounted
|
333
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
337
|
+
:param pulumi.Input[Sequence[pulumi.Input[Union['SecretRolesetBindingArgs', 'SecretRolesetBindingArgsDict']]]] bindings: Bindings to create for this roleset. This can be specified multiple times for multiple bindings. Structure is documented below.
|
334
338
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
335
339
|
The value should not contain leading or trailing forward slashes.
|
336
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
340
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
337
341
|
*Available only for Vault Enterprise*.
|
338
342
|
:param pulumi.Input[str] project: Name of the GCP project that this roleset's service account will belong to.
|
339
343
|
:param pulumi.Input[str] roleset: Name of the Roleset to create
|
@@ -353,27 +357,26 @@ class SecretRoleset(pulumi.CustomResource):
|
|
353
357
|
|
354
358
|
## Example Usage
|
355
359
|
|
356
|
-
<!--Start PulumiCodeChooser -->
|
357
360
|
```python
|
358
361
|
import pulumi
|
362
|
+
import pulumi_std as std
|
359
363
|
import pulumi_vault as vault
|
360
364
|
|
361
365
|
project = "my-awesome-project"
|
362
366
|
gcp = vault.gcp.SecretBackend("gcp",
|
363
367
|
path="gcp",
|
364
|
-
credentials=
|
368
|
+
credentials=std.file(input="credentials.json").result)
|
365
369
|
roleset = vault.gcp.SecretRoleset("roleset",
|
366
370
|
backend=gcp.path,
|
367
371
|
roleset="project_viewer",
|
368
372
|
secret_type="access_token",
|
369
373
|
project=project,
|
370
374
|
token_scopes=["https://www.googleapis.com/auth/cloud-platform"],
|
371
|
-
bindings=[
|
372
|
-
resource
|
373
|
-
roles
|
374
|
-
|
375
|
+
bindings=[{
|
376
|
+
"resource": f"//cloudresourcemanager.googleapis.com/projects/{project}",
|
377
|
+
"roles": ["roles/viewer"],
|
378
|
+
}])
|
375
379
|
```
|
376
|
-
<!--End PulumiCodeChooser -->
|
377
380
|
|
378
381
|
## Import
|
379
382
|
|
@@ -399,7 +402,7 @@ class SecretRoleset(pulumi.CustomResource):
|
|
399
402
|
resource_name: str,
|
400
403
|
opts: Optional[pulumi.ResourceOptions] = None,
|
401
404
|
backend: Optional[pulumi.Input[str]] = None,
|
402
|
-
bindings: Optional[pulumi.Input[Sequence[pulumi.Input[
|
405
|
+
bindings: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretRolesetBindingArgs', 'SecretRolesetBindingArgsDict']]]]] = None,
|
403
406
|
namespace: Optional[pulumi.Input[str]] = None,
|
404
407
|
project: Optional[pulumi.Input[str]] = None,
|
405
408
|
roleset: Optional[pulumi.Input[str]] = None,
|
@@ -441,7 +444,7 @@ class SecretRoleset(pulumi.CustomResource):
|
|
441
444
|
id: pulumi.Input[str],
|
442
445
|
opts: Optional[pulumi.ResourceOptions] = None,
|
443
446
|
backend: Optional[pulumi.Input[str]] = None,
|
444
|
-
bindings: Optional[pulumi.Input[Sequence[pulumi.Input[
|
447
|
+
bindings: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretRolesetBindingArgs', 'SecretRolesetBindingArgsDict']]]]] = None,
|
445
448
|
namespace: Optional[pulumi.Input[str]] = None,
|
446
449
|
project: Optional[pulumi.Input[str]] = None,
|
447
450
|
roleset: Optional[pulumi.Input[str]] = None,
|
@@ -456,10 +459,10 @@ class SecretRoleset(pulumi.CustomResource):
|
|
456
459
|
:param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
|
457
460
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
458
461
|
:param pulumi.Input[str] backend: Path where the GCP Secrets Engine is mounted
|
459
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
462
|
+
:param pulumi.Input[Sequence[pulumi.Input[Union['SecretRolesetBindingArgs', 'SecretRolesetBindingArgsDict']]]] bindings: Bindings to create for this roleset. This can be specified multiple times for multiple bindings. Structure is documented below.
|
460
463
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
461
464
|
The value should not contain leading or trailing forward slashes.
|
462
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
465
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
463
466
|
*Available only for Vault Enterprise*.
|
464
467
|
:param pulumi.Input[str] project: Name of the GCP project that this roleset's service account will belong to.
|
465
468
|
:param pulumi.Input[str] roleset: Name of the Roleset to create
|
@@ -503,7 +506,7 @@ class SecretRoleset(pulumi.CustomResource):
|
|
503
506
|
"""
|
504
507
|
The namespace to provision the resource in.
|
505
508
|
The value should not contain leading or trailing forward slashes.
|
506
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
509
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
507
510
|
*Available only for Vault Enterprise*.
|
508
511
|
"""
|
509
512
|
return pulumi.get(self, "namespace")
|
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
from . import outputs
|
12
17
|
from ._inputs import *
|
@@ -31,7 +36,7 @@ class SecretStaticAccountArgs:
|
|
31
36
|
:param pulumi.Input[Sequence[pulumi.Input['SecretStaticAccountBindingArgs']]] bindings: Bindings to create for this static account. This can be specified multiple times for multiple bindings. Structure is documented below.
|
32
37
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
33
38
|
The value should not contain leading or trailing forward slashes.
|
34
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
39
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
35
40
|
*Available only for Vault Enterprise*.
|
36
41
|
:param pulumi.Input[str] secret_type: Type of secret generated for this static account. Accepted values: `access_token`, `service_account_key`. Defaults to `access_token`.
|
37
42
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_scopes: List of OAuth scopes to assign to `access_token` secrets generated under this static account (`access_token` static accounts only).
|
@@ -102,7 +107,7 @@ class SecretStaticAccountArgs:
|
|
102
107
|
"""
|
103
108
|
The namespace to provision the resource in.
|
104
109
|
The value should not contain leading or trailing forward slashes.
|
105
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
110
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
106
111
|
*Available only for Vault Enterprise*.
|
107
112
|
"""
|
108
113
|
return pulumi.get(self, "namespace")
|
@@ -153,7 +158,7 @@ class _SecretStaticAccountState:
|
|
153
158
|
:param pulumi.Input[Sequence[pulumi.Input['SecretStaticAccountBindingArgs']]] bindings: Bindings to create for this static account. This can be specified multiple times for multiple bindings. Structure is documented below.
|
154
159
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
155
160
|
The value should not contain leading or trailing forward slashes.
|
156
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
161
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
157
162
|
*Available only for Vault Enterprise*.
|
158
163
|
:param pulumi.Input[str] secret_type: Type of secret generated for this static account. Accepted values: `access_token`, `service_account_key`. Defaults to `access_token`.
|
159
164
|
:param pulumi.Input[str] service_account_email: Email of the GCP service account to manage.
|
@@ -208,7 +213,7 @@ class _SecretStaticAccountState:
|
|
208
213
|
"""
|
209
214
|
The namespace to provision the resource in.
|
210
215
|
The value should not contain leading or trailing forward slashes.
|
211
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
216
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
212
217
|
*Available only for Vault Enterprise*.
|
213
218
|
"""
|
214
219
|
return pulumi.get(self, "namespace")
|
@@ -284,7 +289,7 @@ class SecretStaticAccount(pulumi.CustomResource):
|
|
284
289
|
resource_name: str,
|
285
290
|
opts: Optional[pulumi.ResourceOptions] = None,
|
286
291
|
backend: Optional[pulumi.Input[str]] = None,
|
287
|
-
bindings: Optional[pulumi.Input[Sequence[pulumi.Input[
|
292
|
+
bindings: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretStaticAccountBindingArgs', 'SecretStaticAccountBindingArgsDict']]]]] = None,
|
288
293
|
namespace: Optional[pulumi.Input[str]] = None,
|
289
294
|
secret_type: Optional[pulumi.Input[str]] = None,
|
290
295
|
service_account_email: Optional[pulumi.Input[str]] = None,
|
@@ -299,28 +304,27 @@ class SecretStaticAccount(pulumi.CustomResource):
|
|
299
304
|
|
300
305
|
## Example Usage
|
301
306
|
|
302
|
-
<!--Start PulumiCodeChooser -->
|
303
307
|
```python
|
304
308
|
import pulumi
|
305
|
-
import
|
309
|
+
import pulumi_google as google
|
310
|
+
import pulumi_std as std
|
306
311
|
import pulumi_vault as vault
|
307
312
|
|
308
|
-
this =
|
313
|
+
this = google.index.ServiceAccount("this", account_id=my-awesome-account)
|
309
314
|
gcp = vault.gcp.SecretBackend("gcp",
|
310
315
|
path="gcp",
|
311
|
-
credentials=
|
312
|
-
static_account = vault.gcp.SecretStaticAccount("
|
316
|
+
credentials=std.file(input="credentials.json").result)
|
317
|
+
static_account = vault.gcp.SecretStaticAccount("static_account",
|
313
318
|
backend=gcp.path,
|
314
319
|
static_account="project_viewer",
|
315
320
|
secret_type="access_token",
|
316
321
|
token_scopes=["https://www.googleapis.com/auth/cloud-platform"],
|
317
|
-
service_account_email=this
|
318
|
-
bindings=[
|
319
|
-
resource
|
320
|
-
roles
|
321
|
-
|
322
|
+
service_account_email=this["email"],
|
323
|
+
bindings=[{
|
324
|
+
"resource": f"//cloudresourcemanager.googleapis.com/projects/{this['project']}",
|
325
|
+
"roles": ["roles/viewer"],
|
326
|
+
}])
|
322
327
|
```
|
323
|
-
<!--End PulumiCodeChooser -->
|
324
328
|
|
325
329
|
## Import
|
326
330
|
|
@@ -333,10 +337,10 @@ class SecretStaticAccount(pulumi.CustomResource):
|
|
333
337
|
:param str resource_name: The name of the resource.
|
334
338
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
335
339
|
:param pulumi.Input[str] backend: Path where the GCP Secrets Engine is mounted
|
336
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
340
|
+
:param pulumi.Input[Sequence[pulumi.Input[Union['SecretStaticAccountBindingArgs', 'SecretStaticAccountBindingArgsDict']]]] bindings: Bindings to create for this static account. This can be specified multiple times for multiple bindings. Structure is documented below.
|
337
341
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
338
342
|
The value should not contain leading or trailing forward slashes.
|
339
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
343
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
340
344
|
*Available only for Vault Enterprise*.
|
341
345
|
:param pulumi.Input[str] secret_type: Type of secret generated for this static account. Accepted values: `access_token`, `service_account_key`. Defaults to `access_token`.
|
342
346
|
:param pulumi.Input[str] service_account_email: Email of the GCP service account to manage.
|
@@ -357,28 +361,27 @@ class SecretStaticAccount(pulumi.CustomResource):
|
|
357
361
|
|
358
362
|
## Example Usage
|
359
363
|
|
360
|
-
<!--Start PulumiCodeChooser -->
|
361
364
|
```python
|
362
365
|
import pulumi
|
363
|
-
import
|
366
|
+
import pulumi_google as google
|
367
|
+
import pulumi_std as std
|
364
368
|
import pulumi_vault as vault
|
365
369
|
|
366
|
-
this =
|
370
|
+
this = google.index.ServiceAccount("this", account_id=my-awesome-account)
|
367
371
|
gcp = vault.gcp.SecretBackend("gcp",
|
368
372
|
path="gcp",
|
369
|
-
credentials=
|
370
|
-
static_account = vault.gcp.SecretStaticAccount("
|
373
|
+
credentials=std.file(input="credentials.json").result)
|
374
|
+
static_account = vault.gcp.SecretStaticAccount("static_account",
|
371
375
|
backend=gcp.path,
|
372
376
|
static_account="project_viewer",
|
373
377
|
secret_type="access_token",
|
374
378
|
token_scopes=["https://www.googleapis.com/auth/cloud-platform"],
|
375
|
-
service_account_email=this
|
376
|
-
bindings=[
|
377
|
-
resource
|
378
|
-
roles
|
379
|
-
|
379
|
+
service_account_email=this["email"],
|
380
|
+
bindings=[{
|
381
|
+
"resource": f"//cloudresourcemanager.googleapis.com/projects/{this['project']}",
|
382
|
+
"roles": ["roles/viewer"],
|
383
|
+
}])
|
380
384
|
```
|
381
|
-
<!--End PulumiCodeChooser -->
|
382
385
|
|
383
386
|
## Import
|
384
387
|
|
@@ -404,7 +407,7 @@ class SecretStaticAccount(pulumi.CustomResource):
|
|
404
407
|
resource_name: str,
|
405
408
|
opts: Optional[pulumi.ResourceOptions] = None,
|
406
409
|
backend: Optional[pulumi.Input[str]] = None,
|
407
|
-
bindings: Optional[pulumi.Input[Sequence[pulumi.Input[
|
410
|
+
bindings: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretStaticAccountBindingArgs', 'SecretStaticAccountBindingArgsDict']]]]] = None,
|
408
411
|
namespace: Optional[pulumi.Input[str]] = None,
|
409
412
|
secret_type: Optional[pulumi.Input[str]] = None,
|
410
413
|
service_account_email: Optional[pulumi.Input[str]] = None,
|
@@ -444,7 +447,7 @@ class SecretStaticAccount(pulumi.CustomResource):
|
|
444
447
|
id: pulumi.Input[str],
|
445
448
|
opts: Optional[pulumi.ResourceOptions] = None,
|
446
449
|
backend: Optional[pulumi.Input[str]] = None,
|
447
|
-
bindings: Optional[pulumi.Input[Sequence[pulumi.Input[
|
450
|
+
bindings: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretStaticAccountBindingArgs', 'SecretStaticAccountBindingArgsDict']]]]] = None,
|
448
451
|
namespace: Optional[pulumi.Input[str]] = None,
|
449
452
|
secret_type: Optional[pulumi.Input[str]] = None,
|
450
453
|
service_account_email: Optional[pulumi.Input[str]] = None,
|
@@ -459,10 +462,10 @@ class SecretStaticAccount(pulumi.CustomResource):
|
|
459
462
|
:param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
|
460
463
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
461
464
|
:param pulumi.Input[str] backend: Path where the GCP Secrets Engine is mounted
|
462
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
465
|
+
:param pulumi.Input[Sequence[pulumi.Input[Union['SecretStaticAccountBindingArgs', 'SecretStaticAccountBindingArgsDict']]]] bindings: Bindings to create for this static account. This can be specified multiple times for multiple bindings. Structure is documented below.
|
463
466
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
464
467
|
The value should not contain leading or trailing forward slashes.
|
465
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
468
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
466
469
|
*Available only for Vault Enterprise*.
|
467
470
|
:param pulumi.Input[str] secret_type: Type of secret generated for this static account. Accepted values: `access_token`, `service_account_key`. Defaults to `access_token`.
|
468
471
|
:param pulumi.Input[str] service_account_email: Email of the GCP service account to manage.
|
@@ -506,7 +509,7 @@ class SecretStaticAccount(pulumi.CustomResource):
|
|
506
509
|
"""
|
507
510
|
The namespace to provision the resource in.
|
508
511
|
The value should not contain leading or trailing forward slashes.
|
509
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
512
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
510
513
|
*Available only for Vault Enterprise*.
|
511
514
|
"""
|
512
515
|
return pulumi.get(self, "namespace")
|