pulumi-vault 5.21.0a1710160723__py3-none-any.whl → 6.5.0a1736850018__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +52 -0
- pulumi_vault/_inputs.py +560 -0
- pulumi_vault/_utilities.py +41 -5
- pulumi_vault/ad/get_access_credentials.py +22 -7
- pulumi_vault/ad/secret_backend.py +14 -144
- pulumi_vault/ad/secret_library.py +14 -11
- pulumi_vault/ad/secret_role.py +12 -11
- pulumi_vault/alicloud/auth_backend_role.py +74 -192
- pulumi_vault/approle/auth_backend_login.py +12 -11
- pulumi_vault/approle/auth_backend_role.py +75 -193
- pulumi_vault/approle/auth_backend_role_secret_id.py +106 -11
- pulumi_vault/approle/get_auth_backend_role_id.py +18 -9
- pulumi_vault/audit.py +24 -27
- pulumi_vault/audit_request_header.py +11 -6
- pulumi_vault/auth_backend.py +64 -12
- pulumi_vault/aws/auth_backend_cert.py +12 -7
- pulumi_vault/aws/auth_backend_client.py +265 -24
- pulumi_vault/aws/auth_backend_config_identity.py +12 -11
- pulumi_vault/aws/auth_backend_identity_whitelist.py +18 -17
- pulumi_vault/aws/auth_backend_login.py +19 -22
- pulumi_vault/aws/auth_backend_role.py +75 -193
- pulumi_vault/aws/auth_backend_role_tag.py +12 -7
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -17
- pulumi_vault/aws/auth_backend_sts_role.py +12 -11
- pulumi_vault/aws/get_access_credentials.py +34 -7
- pulumi_vault/aws/get_static_access_credentials.py +19 -5
- pulumi_vault/aws/secret_backend.py +75 -7
- pulumi_vault/aws/secret_backend_role.py +183 -11
- pulumi_vault/aws/secret_backend_static_role.py +14 -11
- pulumi_vault/azure/_inputs.py +24 -0
- pulumi_vault/azure/auth_backend_config.py +151 -17
- pulumi_vault/azure/auth_backend_role.py +75 -193
- pulumi_vault/azure/backend.py +223 -29
- pulumi_vault/azure/backend_role.py +42 -41
- pulumi_vault/azure/get_access_credentials.py +39 -11
- pulumi_vault/azure/outputs.py +5 -0
- pulumi_vault/cert_auth_backend_role.py +87 -271
- pulumi_vault/config/__init__.pyi +5 -0
- pulumi_vault/config/_inputs.py +73 -0
- pulumi_vault/config/outputs.py +35 -0
- pulumi_vault/config/ui_custom_message.py +529 -0
- pulumi_vault/config/vars.py +5 -0
- pulumi_vault/consul/secret_backend.py +22 -25
- pulumi_vault/consul/secret_backend_role.py +14 -80
- pulumi_vault/database/_inputs.py +2770 -881
- pulumi_vault/database/outputs.py +721 -838
- pulumi_vault/database/secret_backend_connection.py +117 -114
- pulumi_vault/database/secret_backend_role.py +29 -24
- pulumi_vault/database/secret_backend_static_role.py +85 -15
- pulumi_vault/database/secrets_mount.py +425 -138
- pulumi_vault/egp_policy.py +16 -15
- pulumi_vault/gcp/_inputs.py +111 -0
- pulumi_vault/gcp/auth_backend.py +248 -35
- pulumi_vault/gcp/auth_backend_role.py +75 -271
- pulumi_vault/gcp/get_auth_backend_role.py +43 -9
- pulumi_vault/gcp/outputs.py +5 -0
- pulumi_vault/gcp/secret_backend.py +287 -16
- pulumi_vault/gcp/secret_impersonated_account.py +74 -17
- pulumi_vault/gcp/secret_roleset.py +29 -26
- pulumi_vault/gcp/secret_static_account.py +37 -34
- pulumi_vault/generic/endpoint.py +22 -21
- pulumi_vault/generic/get_secret.py +68 -12
- pulumi_vault/generic/secret.py +19 -14
- pulumi_vault/get_auth_backend.py +24 -11
- pulumi_vault/get_auth_backends.py +33 -11
- pulumi_vault/get_namespace.py +226 -0
- pulumi_vault/get_namespaces.py +153 -0
- pulumi_vault/get_nomad_access_token.py +31 -15
- pulumi_vault/get_policy_document.py +34 -23
- pulumi_vault/get_raft_autopilot_state.py +29 -14
- pulumi_vault/github/_inputs.py +55 -0
- pulumi_vault/github/auth_backend.py +17 -16
- pulumi_vault/github/outputs.py +5 -0
- pulumi_vault/github/team.py +14 -13
- pulumi_vault/github/user.py +14 -13
- pulumi_vault/identity/entity.py +18 -15
- pulumi_vault/identity/entity_alias.py +18 -15
- pulumi_vault/identity/entity_policies.py +24 -19
- pulumi_vault/identity/get_entity.py +40 -14
- pulumi_vault/identity/get_group.py +45 -13
- pulumi_vault/identity/get_oidc_client_creds.py +21 -11
- pulumi_vault/identity/get_oidc_openid_config.py +39 -13
- pulumi_vault/identity/get_oidc_public_keys.py +29 -14
- pulumi_vault/identity/group.py +50 -49
- pulumi_vault/identity/group_alias.py +14 -11
- pulumi_vault/identity/group_member_entity_ids.py +24 -74
- pulumi_vault/identity/group_member_group_ids.py +36 -27
- pulumi_vault/identity/group_policies.py +16 -15
- pulumi_vault/identity/mfa_duo.py +9 -8
- pulumi_vault/identity/mfa_login_enforcement.py +13 -8
- pulumi_vault/identity/mfa_okta.py +9 -8
- pulumi_vault/identity/mfa_pingid.py +5 -4
- pulumi_vault/identity/mfa_totp.py +5 -4
- pulumi_vault/identity/oidc.py +12 -11
- pulumi_vault/identity/oidc_assignment.py +22 -13
- pulumi_vault/identity/oidc_client.py +34 -25
- pulumi_vault/identity/oidc_key.py +28 -19
- pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -19
- pulumi_vault/identity/oidc_provider.py +34 -23
- pulumi_vault/identity/oidc_role.py +40 -27
- pulumi_vault/identity/oidc_scope.py +18 -15
- pulumi_vault/identity/outputs.py +8 -3
- pulumi_vault/jwt/_inputs.py +55 -0
- pulumi_vault/jwt/auth_backend.py +39 -46
- pulumi_vault/jwt/auth_backend_role.py +131 -260
- pulumi_vault/jwt/outputs.py +5 -0
- pulumi_vault/kmip/secret_backend.py +22 -21
- pulumi_vault/kmip/secret_role.py +12 -11
- pulumi_vault/kmip/secret_scope.py +12 -11
- pulumi_vault/kubernetes/auth_backend_config.py +55 -7
- pulumi_vault/kubernetes/auth_backend_role.py +68 -179
- pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
- pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
- pulumi_vault/kubernetes/get_service_account_token.py +39 -15
- pulumi_vault/kubernetes/secret_backend.py +314 -29
- pulumi_vault/kubernetes/secret_backend_role.py +135 -56
- pulumi_vault/kv/_inputs.py +36 -4
- pulumi_vault/kv/get_secret.py +23 -12
- pulumi_vault/kv/get_secret_subkeys_v2.py +31 -14
- pulumi_vault/kv/get_secret_v2.py +89 -9
- pulumi_vault/kv/get_secrets_list.py +22 -15
- pulumi_vault/kv/get_secrets_list_v2.py +35 -19
- pulumi_vault/kv/outputs.py +8 -3
- pulumi_vault/kv/secret.py +19 -18
- pulumi_vault/kv/secret_backend_v2.py +12 -11
- pulumi_vault/kv/secret_v2.py +55 -52
- pulumi_vault/ldap/auth_backend.py +125 -168
- pulumi_vault/ldap/auth_backend_group.py +12 -11
- pulumi_vault/ldap/auth_backend_user.py +12 -11
- pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
- pulumi_vault/ldap/get_static_credentials.py +24 -5
- pulumi_vault/ldap/secret_backend.py +352 -84
- pulumi_vault/ldap/secret_backend_dynamic_role.py +12 -11
- pulumi_vault/ldap/secret_backend_library_set.py +14 -11
- pulumi_vault/ldap/secret_backend_static_role.py +67 -12
- pulumi_vault/managed/_inputs.py +289 -132
- pulumi_vault/managed/keys.py +27 -43
- pulumi_vault/managed/outputs.py +89 -132
- pulumi_vault/mfa_duo.py +16 -13
- pulumi_vault/mfa_okta.py +16 -13
- pulumi_vault/mfa_pingid.py +16 -13
- pulumi_vault/mfa_totp.py +22 -19
- pulumi_vault/mongodbatlas/secret_backend.py +18 -17
- pulumi_vault/mongodbatlas/secret_role.py +41 -38
- pulumi_vault/mount.py +389 -65
- pulumi_vault/namespace.py +26 -21
- pulumi_vault/nomad_secret_backend.py +16 -15
- pulumi_vault/nomad_secret_role.py +12 -11
- pulumi_vault/okta/_inputs.py +47 -8
- pulumi_vault/okta/auth_backend.py +483 -41
- pulumi_vault/okta/auth_backend_group.py +12 -11
- pulumi_vault/okta/auth_backend_user.py +12 -11
- pulumi_vault/okta/outputs.py +13 -8
- pulumi_vault/outputs.py +5 -0
- pulumi_vault/password_policy.py +18 -15
- pulumi_vault/pkisecret/__init__.py +3 -0
- pulumi_vault/pkisecret/_inputs.py +81 -0
- pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
- pulumi_vault/pkisecret/backend_config_est.py +619 -0
- pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
- pulumi_vault/pkisecret/get_backend_issuer.py +63 -7
- pulumi_vault/pkisecret/get_backend_issuers.py +21 -12
- pulumi_vault/pkisecret/get_backend_key.py +24 -13
- pulumi_vault/pkisecret/get_backend_keys.py +21 -12
- pulumi_vault/pkisecret/outputs.py +69 -0
- pulumi_vault/pkisecret/secret_backend_cert.py +18 -15
- pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -15
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +12 -11
- pulumi_vault/pkisecret/secret_backend_config_urls.py +59 -11
- pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -13
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -15
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -21
- pulumi_vault/pkisecret/secret_backend_issuer.py +12 -11
- pulumi_vault/pkisecret/secret_backend_key.py +12 -7
- pulumi_vault/pkisecret/secret_backend_role.py +19 -16
- pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -52
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -62
- pulumi_vault/pkisecret/secret_backend_sign.py +18 -60
- pulumi_vault/plugin.py +595 -0
- pulumi_vault/plugin_pinned_version.py +298 -0
- pulumi_vault/policy.py +12 -7
- pulumi_vault/provider.py +48 -53
- pulumi_vault/pulumi-plugin.json +2 -1
- pulumi_vault/quota_lease_count.py +58 -8
- pulumi_vault/quota_rate_limit.py +54 -4
- pulumi_vault/rabbitmq/_inputs.py +61 -0
- pulumi_vault/rabbitmq/outputs.py +5 -0
- pulumi_vault/rabbitmq/secret_backend.py +16 -15
- pulumi_vault/rabbitmq/secret_backend_role.py +52 -49
- pulumi_vault/raft_autopilot.py +12 -11
- pulumi_vault/raft_snapshot_agent_config.py +121 -311
- pulumi_vault/rgp_policy.py +14 -13
- pulumi_vault/saml/auth_backend.py +20 -19
- pulumi_vault/saml/auth_backend_role.py +90 -199
- pulumi_vault/secrets/__init__.py +3 -0
- pulumi_vault/secrets/_inputs.py +110 -0
- pulumi_vault/secrets/outputs.py +94 -0
- pulumi_vault/secrets/sync_association.py +56 -75
- pulumi_vault/secrets/sync_aws_destination.py +240 -29
- pulumi_vault/secrets/sync_azure_destination.py +90 -33
- pulumi_vault/secrets/sync_config.py +7 -6
- pulumi_vault/secrets/sync_gcp_destination.py +156 -27
- pulumi_vault/secrets/sync_gh_destination.py +187 -15
- pulumi_vault/secrets/sync_github_apps.py +375 -0
- pulumi_vault/secrets/sync_vercel_destination.py +72 -15
- pulumi_vault/ssh/_inputs.py +28 -32
- pulumi_vault/ssh/outputs.py +11 -32
- pulumi_vault/ssh/secret_backend_ca.py +106 -11
- pulumi_vault/ssh/secret_backend_role.py +83 -120
- pulumi_vault/terraformcloud/secret_backend.py +5 -56
- pulumi_vault/terraformcloud/secret_creds.py +14 -24
- pulumi_vault/terraformcloud/secret_role.py +14 -76
- pulumi_vault/token.py +26 -25
- pulumi_vault/tokenauth/auth_backend_role.py +76 -201
- pulumi_vault/transform/alphabet.py +16 -13
- pulumi_vault/transform/get_decode.py +45 -21
- pulumi_vault/transform/get_encode.py +45 -21
- pulumi_vault/transform/role.py +16 -13
- pulumi_vault/transform/template.py +30 -25
- pulumi_vault/transform/transformation.py +12 -7
- pulumi_vault/transit/get_decrypt.py +26 -25
- pulumi_vault/transit/get_encrypt.py +24 -19
- pulumi_vault/transit/secret_backend_key.py +25 -97
- pulumi_vault/transit/secret_cache_config.py +12 -11
- {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736850018.dist-info}/METADATA +8 -7
- pulumi_vault-6.5.0a1736850018.dist-info/RECORD +256 -0
- {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736850018.dist-info}/WHEEL +1 -1
- pulumi_vault-5.21.0a1710160723.dist-info/RECORD +0 -244
- {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736850018.dist-info}/top_level.txt +0 -0
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
|
12
17
|
__all__ = [
|
@@ -93,12 +98,12 @@ def get_oidc_client_creds(name: Optional[str] = None,
|
|
93
98
|
"""
|
94
99
|
## Example Usage
|
95
100
|
|
96
|
-
<!--Start PulumiCodeChooser -->
|
97
101
|
```python
|
98
102
|
import pulumi
|
99
103
|
import pulumi_vault as vault
|
100
104
|
|
101
105
|
app = vault.identity.OidcClient("app",
|
106
|
+
name="application",
|
102
107
|
redirect_uris=[
|
103
108
|
"http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback",
|
104
109
|
"http://127.0.0.1:8251/callback",
|
@@ -108,13 +113,12 @@ def get_oidc_client_creds(name: Optional[str] = None,
|
|
108
113
|
access_token_ttl=7200)
|
109
114
|
creds = vault.identity.get_oidc_client_creds_output(name=app.name)
|
110
115
|
```
|
111
|
-
<!--End PulumiCodeChooser -->
|
112
116
|
|
113
117
|
|
114
118
|
:param str name: The name of the OIDC Client in Vault.
|
115
119
|
:param str namespace: The namespace of the target resource.
|
116
120
|
The value should not contain leading or trailing forward slashes.
|
117
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
121
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
118
122
|
*Available only for Vault Enterprise*.
|
119
123
|
"""
|
120
124
|
__args__ = dict()
|
@@ -129,21 +133,18 @@ def get_oidc_client_creds(name: Optional[str] = None,
|
|
129
133
|
id=pulumi.get(__ret__, 'id'),
|
130
134
|
name=pulumi.get(__ret__, 'name'),
|
131
135
|
namespace=pulumi.get(__ret__, 'namespace'))
|
132
|
-
|
133
|
-
|
134
|
-
@_utilities.lift_output_func(get_oidc_client_creds)
|
135
136
|
def get_oidc_client_creds_output(name: Optional[pulumi.Input[str]] = None,
|
136
137
|
namespace: Optional[pulumi.Input[Optional[str]]] = None,
|
137
|
-
opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetOidcClientCredsResult]:
|
138
|
+
opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetOidcClientCredsResult]:
|
138
139
|
"""
|
139
140
|
## Example Usage
|
140
141
|
|
141
|
-
<!--Start PulumiCodeChooser -->
|
142
142
|
```python
|
143
143
|
import pulumi
|
144
144
|
import pulumi_vault as vault
|
145
145
|
|
146
146
|
app = vault.identity.OidcClient("app",
|
147
|
+
name="application",
|
147
148
|
redirect_uris=[
|
148
149
|
"http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback",
|
149
150
|
"http://127.0.0.1:8251/callback",
|
@@ -153,13 +154,22 @@ def get_oidc_client_creds_output(name: Optional[pulumi.Input[str]] = None,
|
|
153
154
|
access_token_ttl=7200)
|
154
155
|
creds = vault.identity.get_oidc_client_creds_output(name=app.name)
|
155
156
|
```
|
156
|
-
<!--End PulumiCodeChooser -->
|
157
157
|
|
158
158
|
|
159
159
|
:param str name: The name of the OIDC Client in Vault.
|
160
160
|
:param str namespace: The namespace of the target resource.
|
161
161
|
The value should not contain leading or trailing forward slashes.
|
162
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
162
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
163
163
|
*Available only for Vault Enterprise*.
|
164
164
|
"""
|
165
|
-
|
165
|
+
__args__ = dict()
|
166
|
+
__args__['name'] = name
|
167
|
+
__args__['namespace'] = namespace
|
168
|
+
opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts)
|
169
|
+
__ret__ = pulumi.runtime.invoke_output('vault:identity/getOidcClientCreds:getOidcClientCreds', __args__, opts=opts, typ=GetOidcClientCredsResult)
|
170
|
+
return __ret__.apply(lambda __response__: GetOidcClientCredsResult(
|
171
|
+
client_id=pulumi.get(__response__, 'client_id'),
|
172
|
+
client_secret=pulumi.get(__response__, 'client_secret'),
|
173
|
+
id=pulumi.get(__response__, 'id'),
|
174
|
+
name=pulumi.get(__response__, 'name'),
|
175
|
+
namespace=pulumi.get(__response__, 'namespace')))
|
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
|
12
17
|
__all__ = [
|
@@ -214,16 +219,17 @@ def get_oidc_openid_config(name: Optional[str] = None,
|
|
214
219
|
"""
|
215
220
|
## Example Usage
|
216
221
|
|
217
|
-
<!--Start PulumiCodeChooser -->
|
218
222
|
```python
|
219
223
|
import pulumi
|
220
224
|
import pulumi_vault as vault
|
221
225
|
|
222
226
|
key = vault.identity.OidcKey("key",
|
227
|
+
name="key",
|
223
228
|
allowed_client_ids=["*"],
|
224
229
|
rotation_period=3600,
|
225
230
|
verification_ttl=3600)
|
226
231
|
app = vault.identity.OidcClient("app",
|
232
|
+
name="application",
|
227
233
|
key=key.name,
|
228
234
|
redirect_uris=[
|
229
235
|
"http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback",
|
@@ -232,16 +238,17 @@ def get_oidc_openid_config(name: Optional[str] = None,
|
|
232
238
|
],
|
233
239
|
id_token_ttl=2400,
|
234
240
|
access_token_ttl=7200)
|
235
|
-
provider = vault.identity.OidcProvider("provider",
|
241
|
+
provider = vault.identity.OidcProvider("provider",
|
242
|
+
name="provider",
|
243
|
+
allowed_client_ids=[test["clientId"]])
|
236
244
|
config = vault.identity.get_oidc_openid_config_output(name=provider.name)
|
237
245
|
```
|
238
|
-
<!--End PulumiCodeChooser -->
|
239
246
|
|
240
247
|
|
241
248
|
:param str name: The name of the OIDC Provider in Vault.
|
242
249
|
:param str namespace: The namespace of the target resource.
|
243
250
|
The value should not contain leading or trailing forward slashes.
|
244
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
251
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
245
252
|
*Available only for Vault Enterprise*.
|
246
253
|
"""
|
247
254
|
__args__ = dict()
|
@@ -266,25 +273,23 @@ def get_oidc_openid_config(name: Optional[str] = None,
|
|
266
273
|
token_endpoint=pulumi.get(__ret__, 'token_endpoint'),
|
267
274
|
token_endpoint_auth_methods_supporteds=pulumi.get(__ret__, 'token_endpoint_auth_methods_supporteds'),
|
268
275
|
userinfo_endpoint=pulumi.get(__ret__, 'userinfo_endpoint'))
|
269
|
-
|
270
|
-
|
271
|
-
@_utilities.lift_output_func(get_oidc_openid_config)
|
272
276
|
def get_oidc_openid_config_output(name: Optional[pulumi.Input[str]] = None,
|
273
277
|
namespace: Optional[pulumi.Input[Optional[str]]] = None,
|
274
|
-
opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetOidcOpenidConfigResult]:
|
278
|
+
opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetOidcOpenidConfigResult]:
|
275
279
|
"""
|
276
280
|
## Example Usage
|
277
281
|
|
278
|
-
<!--Start PulumiCodeChooser -->
|
279
282
|
```python
|
280
283
|
import pulumi
|
281
284
|
import pulumi_vault as vault
|
282
285
|
|
283
286
|
key = vault.identity.OidcKey("key",
|
287
|
+
name="key",
|
284
288
|
allowed_client_ids=["*"],
|
285
289
|
rotation_period=3600,
|
286
290
|
verification_ttl=3600)
|
287
291
|
app = vault.identity.OidcClient("app",
|
292
|
+
name="application",
|
288
293
|
key=key.name,
|
289
294
|
redirect_uris=[
|
290
295
|
"http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback",
|
@@ -293,16 +298,37 @@ def get_oidc_openid_config_output(name: Optional[pulumi.Input[str]] = None,
|
|
293
298
|
],
|
294
299
|
id_token_ttl=2400,
|
295
300
|
access_token_ttl=7200)
|
296
|
-
provider = vault.identity.OidcProvider("provider",
|
301
|
+
provider = vault.identity.OidcProvider("provider",
|
302
|
+
name="provider",
|
303
|
+
allowed_client_ids=[test["clientId"]])
|
297
304
|
config = vault.identity.get_oidc_openid_config_output(name=provider.name)
|
298
305
|
```
|
299
|
-
<!--End PulumiCodeChooser -->
|
300
306
|
|
301
307
|
|
302
308
|
:param str name: The name of the OIDC Provider in Vault.
|
303
309
|
:param str namespace: The namespace of the target resource.
|
304
310
|
The value should not contain leading or trailing forward slashes.
|
305
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
311
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
306
312
|
*Available only for Vault Enterprise*.
|
307
313
|
"""
|
308
|
-
|
314
|
+
__args__ = dict()
|
315
|
+
__args__['name'] = name
|
316
|
+
__args__['namespace'] = namespace
|
317
|
+
opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts)
|
318
|
+
__ret__ = pulumi.runtime.invoke_output('vault:identity/getOidcOpenidConfig:getOidcOpenidConfig', __args__, opts=opts, typ=GetOidcOpenidConfigResult)
|
319
|
+
return __ret__.apply(lambda __response__: GetOidcOpenidConfigResult(
|
320
|
+
authorization_endpoint=pulumi.get(__response__, 'authorization_endpoint'),
|
321
|
+
grant_types_supporteds=pulumi.get(__response__, 'grant_types_supporteds'),
|
322
|
+
id=pulumi.get(__response__, 'id'),
|
323
|
+
id_token_signing_alg_values_supporteds=pulumi.get(__response__, 'id_token_signing_alg_values_supporteds'),
|
324
|
+
issuer=pulumi.get(__response__, 'issuer'),
|
325
|
+
jwks_uri=pulumi.get(__response__, 'jwks_uri'),
|
326
|
+
name=pulumi.get(__response__, 'name'),
|
327
|
+
namespace=pulumi.get(__response__, 'namespace'),
|
328
|
+
request_uri_parameter_supported=pulumi.get(__response__, 'request_uri_parameter_supported'),
|
329
|
+
response_types_supporteds=pulumi.get(__response__, 'response_types_supporteds'),
|
330
|
+
scopes_supporteds=pulumi.get(__response__, 'scopes_supporteds'),
|
331
|
+
subject_types_supporteds=pulumi.get(__response__, 'subject_types_supporteds'),
|
332
|
+
token_endpoint=pulumi.get(__response__, 'token_endpoint'),
|
333
|
+
token_endpoint_auth_methods_supporteds=pulumi.get(__response__, 'token_endpoint_auth_methods_supporteds'),
|
334
|
+
userinfo_endpoint=pulumi.get(__response__, 'userinfo_endpoint')))
|
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
|
12
17
|
__all__ = [
|
@@ -45,7 +50,7 @@ class GetOidcPublicKeysResult:
|
|
45
50
|
|
46
51
|
@property
|
47
52
|
@pulumi.getter
|
48
|
-
def keys(self) -> Sequence[Mapping[str,
|
53
|
+
def keys(self) -> Sequence[Mapping[str, str]]:
|
49
54
|
"""
|
50
55
|
The public portion of keys for an OIDC provider.
|
51
56
|
Clients can use them to validate the authenticity of an identity token.
|
@@ -81,16 +86,17 @@ def get_oidc_public_keys(name: Optional[str] = None,
|
|
81
86
|
"""
|
82
87
|
## Example Usage
|
83
88
|
|
84
|
-
<!--Start PulumiCodeChooser -->
|
85
89
|
```python
|
86
90
|
import pulumi
|
87
91
|
import pulumi_vault as vault
|
88
92
|
|
89
93
|
key = vault.identity.OidcKey("key",
|
94
|
+
name="key",
|
90
95
|
allowed_client_ids=["*"],
|
91
96
|
rotation_period=3600,
|
92
97
|
verification_ttl=3600)
|
93
98
|
app = vault.identity.OidcClient("app",
|
99
|
+
name="application",
|
94
100
|
key=key.name,
|
95
101
|
redirect_uris=[
|
96
102
|
"http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback",
|
@@ -99,16 +105,17 @@ def get_oidc_public_keys(name: Optional[str] = None,
|
|
99
105
|
],
|
100
106
|
id_token_ttl=2400,
|
101
107
|
access_token_ttl=7200)
|
102
|
-
provider = vault.identity.OidcProvider("provider",
|
108
|
+
provider = vault.identity.OidcProvider("provider",
|
109
|
+
name="provider",
|
110
|
+
allowed_client_ids=[test["clientId"]])
|
103
111
|
public_keys = vault.identity.get_oidc_public_keys_output(name=provider.name)
|
104
112
|
```
|
105
|
-
<!--End PulumiCodeChooser -->
|
106
113
|
|
107
114
|
|
108
115
|
:param str name: The name of the OIDC Provider in Vault.
|
109
116
|
:param str namespace: The namespace of the target resource.
|
110
117
|
The value should not contain leading or trailing forward slashes.
|
111
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
118
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
112
119
|
*Available only for Vault Enterprise*.
|
113
120
|
"""
|
114
121
|
__args__ = dict()
|
@@ -122,25 +129,23 @@ def get_oidc_public_keys(name: Optional[str] = None,
|
|
122
129
|
keys=pulumi.get(__ret__, 'keys'),
|
123
130
|
name=pulumi.get(__ret__, 'name'),
|
124
131
|
namespace=pulumi.get(__ret__, 'namespace'))
|
125
|
-
|
126
|
-
|
127
|
-
@_utilities.lift_output_func(get_oidc_public_keys)
|
128
132
|
def get_oidc_public_keys_output(name: Optional[pulumi.Input[str]] = None,
|
129
133
|
namespace: Optional[pulumi.Input[Optional[str]]] = None,
|
130
|
-
opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetOidcPublicKeysResult]:
|
134
|
+
opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetOidcPublicKeysResult]:
|
131
135
|
"""
|
132
136
|
## Example Usage
|
133
137
|
|
134
|
-
<!--Start PulumiCodeChooser -->
|
135
138
|
```python
|
136
139
|
import pulumi
|
137
140
|
import pulumi_vault as vault
|
138
141
|
|
139
142
|
key = vault.identity.OidcKey("key",
|
143
|
+
name="key",
|
140
144
|
allowed_client_ids=["*"],
|
141
145
|
rotation_period=3600,
|
142
146
|
verification_ttl=3600)
|
143
147
|
app = vault.identity.OidcClient("app",
|
148
|
+
name="application",
|
144
149
|
key=key.name,
|
145
150
|
redirect_uris=[
|
146
151
|
"http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback",
|
@@ -149,16 +154,26 @@ def get_oidc_public_keys_output(name: Optional[pulumi.Input[str]] = None,
|
|
149
154
|
],
|
150
155
|
id_token_ttl=2400,
|
151
156
|
access_token_ttl=7200)
|
152
|
-
provider = vault.identity.OidcProvider("provider",
|
157
|
+
provider = vault.identity.OidcProvider("provider",
|
158
|
+
name="provider",
|
159
|
+
allowed_client_ids=[test["clientId"]])
|
153
160
|
public_keys = vault.identity.get_oidc_public_keys_output(name=provider.name)
|
154
161
|
```
|
155
|
-
<!--End PulumiCodeChooser -->
|
156
162
|
|
157
163
|
|
158
164
|
:param str name: The name of the OIDC Provider in Vault.
|
159
165
|
:param str namespace: The namespace of the target resource.
|
160
166
|
The value should not contain leading or trailing forward slashes.
|
161
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
167
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
162
168
|
*Available only for Vault Enterprise*.
|
163
169
|
"""
|
164
|
-
|
170
|
+
__args__ = dict()
|
171
|
+
__args__['name'] = name
|
172
|
+
__args__['namespace'] = namespace
|
173
|
+
opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts)
|
174
|
+
__ret__ = pulumi.runtime.invoke_output('vault:identity/getOidcPublicKeys:getOidcPublicKeys', __args__, opts=opts, typ=GetOidcPublicKeysResult)
|
175
|
+
return __ret__.apply(lambda __response__: GetOidcPublicKeysResult(
|
176
|
+
id=pulumi.get(__response__, 'id'),
|
177
|
+
keys=pulumi.get(__response__, 'keys'),
|
178
|
+
name=pulumi.get(__response__, 'name'),
|
179
|
+
namespace=pulumi.get(__response__, 'namespace')))
|
pulumi_vault/identity/group.py
CHANGED
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
|
12
17
|
__all__ = ['GroupArgs', 'Group']
|
@@ -43,7 +48,7 @@ class GroupArgs:
|
|
43
48
|
:param pulumi.Input[str] name: Name of the identity group to create.
|
44
49
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
45
50
|
The value should not contain leading or trailing forward slashes.
|
46
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
51
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
47
52
|
*Available only for Vault Enterprise*.
|
48
53
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] policies: A list of policies to apply to the group.
|
49
54
|
:param pulumi.Input[str] type: Type of the group, internal or external. Defaults to `internal`.
|
@@ -167,7 +172,7 @@ class GroupArgs:
|
|
167
172
|
"""
|
168
173
|
The namespace to provision the resource in.
|
169
174
|
The value should not contain leading or trailing forward slashes.
|
170
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
175
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
171
176
|
*Available only for Vault Enterprise*.
|
172
177
|
"""
|
173
178
|
return pulumi.get(self, "namespace")
|
@@ -233,7 +238,7 @@ class _GroupState:
|
|
233
238
|
:param pulumi.Input[str] name: Name of the identity group to create.
|
234
239
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
235
240
|
The value should not contain leading or trailing forward slashes.
|
236
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
241
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
237
242
|
*Available only for Vault Enterprise*.
|
238
243
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] policies: A list of policies to apply to the group.
|
239
244
|
:param pulumi.Input[str] type: Type of the group, internal or external. Defaults to `internal`.
|
@@ -357,7 +362,7 @@ class _GroupState:
|
|
357
362
|
"""
|
358
363
|
The namespace to provision the resource in.
|
359
364
|
The value should not contain leading or trailing forward slashes.
|
360
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
365
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
361
366
|
*Available only for Vault Enterprise*.
|
362
367
|
"""
|
363
368
|
return pulumi.get(self, "namespace")
|
@@ -416,38 +421,36 @@ class Group(pulumi.CustomResource):
|
|
416
421
|
|
417
422
|
### Internal Group
|
418
423
|
|
419
|
-
<!--Start PulumiCodeChooser -->
|
420
424
|
```python
|
421
425
|
import pulumi
|
422
426
|
import pulumi_vault as vault
|
423
427
|
|
424
428
|
internal = vault.identity.Group("internal",
|
425
|
-
|
426
|
-
|
427
|
-
},
|
429
|
+
name="internal",
|
430
|
+
type="internal",
|
428
431
|
policies=[
|
429
432
|
"dev",
|
430
433
|
"test",
|
431
434
|
],
|
432
|
-
|
435
|
+
metadata={
|
436
|
+
"version": "2",
|
437
|
+
})
|
433
438
|
```
|
434
|
-
<!--End PulumiCodeChooser -->
|
435
439
|
|
436
440
|
### External Group
|
437
441
|
|
438
|
-
<!--Start PulumiCodeChooser -->
|
439
442
|
```python
|
440
443
|
import pulumi
|
441
444
|
import pulumi_vault as vault
|
442
445
|
|
443
446
|
group = vault.identity.Group("group",
|
447
|
+
name="external",
|
448
|
+
type="external",
|
449
|
+
policies=["test"],
|
444
450
|
metadata={
|
445
451
|
"version": "1",
|
446
|
-
}
|
447
|
-
policies=["test"],
|
448
|
-
type="external")
|
452
|
+
})
|
449
453
|
```
|
450
|
-
<!--End PulumiCodeChooser -->
|
451
454
|
|
452
455
|
## Caveats
|
453
456
|
|
@@ -455,31 +458,31 @@ class Group(pulumi.CustomResource):
|
|
455
458
|
Applying this configuration would result in the provider failing to create one of the identity groups, since the resources share the same `name`.
|
456
459
|
|
457
460
|
This sort of pattern should be avoided:
|
458
|
-
<!--Start PulumiCodeChooser -->
|
459
461
|
```python
|
460
462
|
import pulumi
|
461
463
|
import pulumi_vault as vault
|
462
464
|
|
463
|
-
|
464
|
-
|
465
|
-
|
466
|
-
},
|
465
|
+
internal = vault.identity.Group("internal",
|
466
|
+
name="internal",
|
467
|
+
type="internal",
|
467
468
|
policies=[
|
468
469
|
"dev",
|
469
470
|
"test",
|
470
471
|
],
|
471
|
-
type="internal")
|
472
|
-
internal_group = vault.identity.Group("internalGroup",
|
473
472
|
metadata={
|
474
473
|
"version": "2",
|
475
|
-
}
|
474
|
+
})
|
475
|
+
internal_group = vault.identity.Group("Internal",
|
476
|
+
name="Internal",
|
477
|
+
type="internal",
|
476
478
|
policies=[
|
477
479
|
"dev",
|
478
480
|
"test",
|
479
481
|
],
|
480
|
-
|
482
|
+
metadata={
|
483
|
+
"version": "2",
|
484
|
+
})
|
481
485
|
```
|
482
|
-
<!--End PulumiCodeChooser -->
|
483
486
|
|
484
487
|
## Import
|
485
488
|
|
@@ -508,7 +511,7 @@ class Group(pulumi.CustomResource):
|
|
508
511
|
:param pulumi.Input[str] name: Name of the identity group to create.
|
509
512
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
510
513
|
The value should not contain leading or trailing forward slashes.
|
511
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
514
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
512
515
|
*Available only for Vault Enterprise*.
|
513
516
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] policies: A list of policies to apply to the group.
|
514
517
|
:param pulumi.Input[str] type: Type of the group, internal or external. Defaults to `internal`.
|
@@ -528,38 +531,36 @@ class Group(pulumi.CustomResource):
|
|
528
531
|
|
529
532
|
### Internal Group
|
530
533
|
|
531
|
-
<!--Start PulumiCodeChooser -->
|
532
534
|
```python
|
533
535
|
import pulumi
|
534
536
|
import pulumi_vault as vault
|
535
537
|
|
536
538
|
internal = vault.identity.Group("internal",
|
537
|
-
|
538
|
-
|
539
|
-
},
|
539
|
+
name="internal",
|
540
|
+
type="internal",
|
540
541
|
policies=[
|
541
542
|
"dev",
|
542
543
|
"test",
|
543
544
|
],
|
544
|
-
|
545
|
+
metadata={
|
546
|
+
"version": "2",
|
547
|
+
})
|
545
548
|
```
|
546
|
-
<!--End PulumiCodeChooser -->
|
547
549
|
|
548
550
|
### External Group
|
549
551
|
|
550
|
-
<!--Start PulumiCodeChooser -->
|
551
552
|
```python
|
552
553
|
import pulumi
|
553
554
|
import pulumi_vault as vault
|
554
555
|
|
555
556
|
group = vault.identity.Group("group",
|
557
|
+
name="external",
|
558
|
+
type="external",
|
559
|
+
policies=["test"],
|
556
560
|
metadata={
|
557
561
|
"version": "1",
|
558
|
-
}
|
559
|
-
policies=["test"],
|
560
|
-
type="external")
|
562
|
+
})
|
561
563
|
```
|
562
|
-
<!--End PulumiCodeChooser -->
|
563
564
|
|
564
565
|
## Caveats
|
565
566
|
|
@@ -567,31 +568,31 @@ class Group(pulumi.CustomResource):
|
|
567
568
|
Applying this configuration would result in the provider failing to create one of the identity groups, since the resources share the same `name`.
|
568
569
|
|
569
570
|
This sort of pattern should be avoided:
|
570
|
-
<!--Start PulumiCodeChooser -->
|
571
571
|
```python
|
572
572
|
import pulumi
|
573
573
|
import pulumi_vault as vault
|
574
574
|
|
575
|
-
|
576
|
-
|
577
|
-
|
578
|
-
},
|
575
|
+
internal = vault.identity.Group("internal",
|
576
|
+
name="internal",
|
577
|
+
type="internal",
|
579
578
|
policies=[
|
580
579
|
"dev",
|
581
580
|
"test",
|
582
581
|
],
|
583
|
-
type="internal")
|
584
|
-
internal_group = vault.identity.Group("internalGroup",
|
585
582
|
metadata={
|
586
583
|
"version": "2",
|
587
|
-
}
|
584
|
+
})
|
585
|
+
internal_group = vault.identity.Group("Internal",
|
586
|
+
name="Internal",
|
587
|
+
type="internal",
|
588
588
|
policies=[
|
589
589
|
"dev",
|
590
590
|
"test",
|
591
591
|
],
|
592
|
-
|
592
|
+
metadata={
|
593
|
+
"version": "2",
|
594
|
+
})
|
593
595
|
```
|
594
|
-
<!--End PulumiCodeChooser -->
|
595
596
|
|
596
597
|
## Import
|
597
598
|
|
@@ -689,7 +690,7 @@ class Group(pulumi.CustomResource):
|
|
689
690
|
:param pulumi.Input[str] name: Name of the identity group to create.
|
690
691
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
691
692
|
The value should not contain leading or trailing forward slashes.
|
692
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
693
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
693
694
|
*Available only for Vault Enterprise*.
|
694
695
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] policies: A list of policies to apply to the group.
|
695
696
|
:param pulumi.Input[str] type: Type of the group, internal or external. Defaults to `internal`.
|
@@ -780,7 +781,7 @@ class Group(pulumi.CustomResource):
|
|
780
781
|
"""
|
781
782
|
The namespace to provision the resource in.
|
782
783
|
The value should not contain leading or trailing forward slashes.
|
783
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
784
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
784
785
|
*Available only for Vault Enterprise*.
|
785
786
|
"""
|
786
787
|
return pulumi.get(self, "namespace")
|