pulumi-vault 5.21.0a1710160723__py3-none-any.whl → 6.5.0a1736850018__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +52 -0
- pulumi_vault/_inputs.py +560 -0
- pulumi_vault/_utilities.py +41 -5
- pulumi_vault/ad/get_access_credentials.py +22 -7
- pulumi_vault/ad/secret_backend.py +14 -144
- pulumi_vault/ad/secret_library.py +14 -11
- pulumi_vault/ad/secret_role.py +12 -11
- pulumi_vault/alicloud/auth_backend_role.py +74 -192
- pulumi_vault/approle/auth_backend_login.py +12 -11
- pulumi_vault/approle/auth_backend_role.py +75 -193
- pulumi_vault/approle/auth_backend_role_secret_id.py +106 -11
- pulumi_vault/approle/get_auth_backend_role_id.py +18 -9
- pulumi_vault/audit.py +24 -27
- pulumi_vault/audit_request_header.py +11 -6
- pulumi_vault/auth_backend.py +64 -12
- pulumi_vault/aws/auth_backend_cert.py +12 -7
- pulumi_vault/aws/auth_backend_client.py +265 -24
- pulumi_vault/aws/auth_backend_config_identity.py +12 -11
- pulumi_vault/aws/auth_backend_identity_whitelist.py +18 -17
- pulumi_vault/aws/auth_backend_login.py +19 -22
- pulumi_vault/aws/auth_backend_role.py +75 -193
- pulumi_vault/aws/auth_backend_role_tag.py +12 -7
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -17
- pulumi_vault/aws/auth_backend_sts_role.py +12 -11
- pulumi_vault/aws/get_access_credentials.py +34 -7
- pulumi_vault/aws/get_static_access_credentials.py +19 -5
- pulumi_vault/aws/secret_backend.py +75 -7
- pulumi_vault/aws/secret_backend_role.py +183 -11
- pulumi_vault/aws/secret_backend_static_role.py +14 -11
- pulumi_vault/azure/_inputs.py +24 -0
- pulumi_vault/azure/auth_backend_config.py +151 -17
- pulumi_vault/azure/auth_backend_role.py +75 -193
- pulumi_vault/azure/backend.py +223 -29
- pulumi_vault/azure/backend_role.py +42 -41
- pulumi_vault/azure/get_access_credentials.py +39 -11
- pulumi_vault/azure/outputs.py +5 -0
- pulumi_vault/cert_auth_backend_role.py +87 -271
- pulumi_vault/config/__init__.pyi +5 -0
- pulumi_vault/config/_inputs.py +73 -0
- pulumi_vault/config/outputs.py +35 -0
- pulumi_vault/config/ui_custom_message.py +529 -0
- pulumi_vault/config/vars.py +5 -0
- pulumi_vault/consul/secret_backend.py +22 -25
- pulumi_vault/consul/secret_backend_role.py +14 -80
- pulumi_vault/database/_inputs.py +2770 -881
- pulumi_vault/database/outputs.py +721 -838
- pulumi_vault/database/secret_backend_connection.py +117 -114
- pulumi_vault/database/secret_backend_role.py +29 -24
- pulumi_vault/database/secret_backend_static_role.py +85 -15
- pulumi_vault/database/secrets_mount.py +425 -138
- pulumi_vault/egp_policy.py +16 -15
- pulumi_vault/gcp/_inputs.py +111 -0
- pulumi_vault/gcp/auth_backend.py +248 -35
- pulumi_vault/gcp/auth_backend_role.py +75 -271
- pulumi_vault/gcp/get_auth_backend_role.py +43 -9
- pulumi_vault/gcp/outputs.py +5 -0
- pulumi_vault/gcp/secret_backend.py +287 -16
- pulumi_vault/gcp/secret_impersonated_account.py +74 -17
- pulumi_vault/gcp/secret_roleset.py +29 -26
- pulumi_vault/gcp/secret_static_account.py +37 -34
- pulumi_vault/generic/endpoint.py +22 -21
- pulumi_vault/generic/get_secret.py +68 -12
- pulumi_vault/generic/secret.py +19 -14
- pulumi_vault/get_auth_backend.py +24 -11
- pulumi_vault/get_auth_backends.py +33 -11
- pulumi_vault/get_namespace.py +226 -0
- pulumi_vault/get_namespaces.py +153 -0
- pulumi_vault/get_nomad_access_token.py +31 -15
- pulumi_vault/get_policy_document.py +34 -23
- pulumi_vault/get_raft_autopilot_state.py +29 -14
- pulumi_vault/github/_inputs.py +55 -0
- pulumi_vault/github/auth_backend.py +17 -16
- pulumi_vault/github/outputs.py +5 -0
- pulumi_vault/github/team.py +14 -13
- pulumi_vault/github/user.py +14 -13
- pulumi_vault/identity/entity.py +18 -15
- pulumi_vault/identity/entity_alias.py +18 -15
- pulumi_vault/identity/entity_policies.py +24 -19
- pulumi_vault/identity/get_entity.py +40 -14
- pulumi_vault/identity/get_group.py +45 -13
- pulumi_vault/identity/get_oidc_client_creds.py +21 -11
- pulumi_vault/identity/get_oidc_openid_config.py +39 -13
- pulumi_vault/identity/get_oidc_public_keys.py +29 -14
- pulumi_vault/identity/group.py +50 -49
- pulumi_vault/identity/group_alias.py +14 -11
- pulumi_vault/identity/group_member_entity_ids.py +24 -74
- pulumi_vault/identity/group_member_group_ids.py +36 -27
- pulumi_vault/identity/group_policies.py +16 -15
- pulumi_vault/identity/mfa_duo.py +9 -8
- pulumi_vault/identity/mfa_login_enforcement.py +13 -8
- pulumi_vault/identity/mfa_okta.py +9 -8
- pulumi_vault/identity/mfa_pingid.py +5 -4
- pulumi_vault/identity/mfa_totp.py +5 -4
- pulumi_vault/identity/oidc.py +12 -11
- pulumi_vault/identity/oidc_assignment.py +22 -13
- pulumi_vault/identity/oidc_client.py +34 -25
- pulumi_vault/identity/oidc_key.py +28 -19
- pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -19
- pulumi_vault/identity/oidc_provider.py +34 -23
- pulumi_vault/identity/oidc_role.py +40 -27
- pulumi_vault/identity/oidc_scope.py +18 -15
- pulumi_vault/identity/outputs.py +8 -3
- pulumi_vault/jwt/_inputs.py +55 -0
- pulumi_vault/jwt/auth_backend.py +39 -46
- pulumi_vault/jwt/auth_backend_role.py +131 -260
- pulumi_vault/jwt/outputs.py +5 -0
- pulumi_vault/kmip/secret_backend.py +22 -21
- pulumi_vault/kmip/secret_role.py +12 -11
- pulumi_vault/kmip/secret_scope.py +12 -11
- pulumi_vault/kubernetes/auth_backend_config.py +55 -7
- pulumi_vault/kubernetes/auth_backend_role.py +68 -179
- pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
- pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
- pulumi_vault/kubernetes/get_service_account_token.py +39 -15
- pulumi_vault/kubernetes/secret_backend.py +314 -29
- pulumi_vault/kubernetes/secret_backend_role.py +135 -56
- pulumi_vault/kv/_inputs.py +36 -4
- pulumi_vault/kv/get_secret.py +23 -12
- pulumi_vault/kv/get_secret_subkeys_v2.py +31 -14
- pulumi_vault/kv/get_secret_v2.py +89 -9
- pulumi_vault/kv/get_secrets_list.py +22 -15
- pulumi_vault/kv/get_secrets_list_v2.py +35 -19
- pulumi_vault/kv/outputs.py +8 -3
- pulumi_vault/kv/secret.py +19 -18
- pulumi_vault/kv/secret_backend_v2.py +12 -11
- pulumi_vault/kv/secret_v2.py +55 -52
- pulumi_vault/ldap/auth_backend.py +125 -168
- pulumi_vault/ldap/auth_backend_group.py +12 -11
- pulumi_vault/ldap/auth_backend_user.py +12 -11
- pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
- pulumi_vault/ldap/get_static_credentials.py +24 -5
- pulumi_vault/ldap/secret_backend.py +352 -84
- pulumi_vault/ldap/secret_backend_dynamic_role.py +12 -11
- pulumi_vault/ldap/secret_backend_library_set.py +14 -11
- pulumi_vault/ldap/secret_backend_static_role.py +67 -12
- pulumi_vault/managed/_inputs.py +289 -132
- pulumi_vault/managed/keys.py +27 -43
- pulumi_vault/managed/outputs.py +89 -132
- pulumi_vault/mfa_duo.py +16 -13
- pulumi_vault/mfa_okta.py +16 -13
- pulumi_vault/mfa_pingid.py +16 -13
- pulumi_vault/mfa_totp.py +22 -19
- pulumi_vault/mongodbatlas/secret_backend.py +18 -17
- pulumi_vault/mongodbatlas/secret_role.py +41 -38
- pulumi_vault/mount.py +389 -65
- pulumi_vault/namespace.py +26 -21
- pulumi_vault/nomad_secret_backend.py +16 -15
- pulumi_vault/nomad_secret_role.py +12 -11
- pulumi_vault/okta/_inputs.py +47 -8
- pulumi_vault/okta/auth_backend.py +483 -41
- pulumi_vault/okta/auth_backend_group.py +12 -11
- pulumi_vault/okta/auth_backend_user.py +12 -11
- pulumi_vault/okta/outputs.py +13 -8
- pulumi_vault/outputs.py +5 -0
- pulumi_vault/password_policy.py +18 -15
- pulumi_vault/pkisecret/__init__.py +3 -0
- pulumi_vault/pkisecret/_inputs.py +81 -0
- pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
- pulumi_vault/pkisecret/backend_config_est.py +619 -0
- pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
- pulumi_vault/pkisecret/get_backend_issuer.py +63 -7
- pulumi_vault/pkisecret/get_backend_issuers.py +21 -12
- pulumi_vault/pkisecret/get_backend_key.py +24 -13
- pulumi_vault/pkisecret/get_backend_keys.py +21 -12
- pulumi_vault/pkisecret/outputs.py +69 -0
- pulumi_vault/pkisecret/secret_backend_cert.py +18 -15
- pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -15
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +12 -11
- pulumi_vault/pkisecret/secret_backend_config_urls.py +59 -11
- pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -13
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -15
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -21
- pulumi_vault/pkisecret/secret_backend_issuer.py +12 -11
- pulumi_vault/pkisecret/secret_backend_key.py +12 -7
- pulumi_vault/pkisecret/secret_backend_role.py +19 -16
- pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -52
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -62
- pulumi_vault/pkisecret/secret_backend_sign.py +18 -60
- pulumi_vault/plugin.py +595 -0
- pulumi_vault/plugin_pinned_version.py +298 -0
- pulumi_vault/policy.py +12 -7
- pulumi_vault/provider.py +48 -53
- pulumi_vault/pulumi-plugin.json +2 -1
- pulumi_vault/quota_lease_count.py +58 -8
- pulumi_vault/quota_rate_limit.py +54 -4
- pulumi_vault/rabbitmq/_inputs.py +61 -0
- pulumi_vault/rabbitmq/outputs.py +5 -0
- pulumi_vault/rabbitmq/secret_backend.py +16 -15
- pulumi_vault/rabbitmq/secret_backend_role.py +52 -49
- pulumi_vault/raft_autopilot.py +12 -11
- pulumi_vault/raft_snapshot_agent_config.py +121 -311
- pulumi_vault/rgp_policy.py +14 -13
- pulumi_vault/saml/auth_backend.py +20 -19
- pulumi_vault/saml/auth_backend_role.py +90 -199
- pulumi_vault/secrets/__init__.py +3 -0
- pulumi_vault/secrets/_inputs.py +110 -0
- pulumi_vault/secrets/outputs.py +94 -0
- pulumi_vault/secrets/sync_association.py +56 -75
- pulumi_vault/secrets/sync_aws_destination.py +240 -29
- pulumi_vault/secrets/sync_azure_destination.py +90 -33
- pulumi_vault/secrets/sync_config.py +7 -6
- pulumi_vault/secrets/sync_gcp_destination.py +156 -27
- pulumi_vault/secrets/sync_gh_destination.py +187 -15
- pulumi_vault/secrets/sync_github_apps.py +375 -0
- pulumi_vault/secrets/sync_vercel_destination.py +72 -15
- pulumi_vault/ssh/_inputs.py +28 -32
- pulumi_vault/ssh/outputs.py +11 -32
- pulumi_vault/ssh/secret_backend_ca.py +106 -11
- pulumi_vault/ssh/secret_backend_role.py +83 -120
- pulumi_vault/terraformcloud/secret_backend.py +5 -56
- pulumi_vault/terraformcloud/secret_creds.py +14 -24
- pulumi_vault/terraformcloud/secret_role.py +14 -76
- pulumi_vault/token.py +26 -25
- pulumi_vault/tokenauth/auth_backend_role.py +76 -201
- pulumi_vault/transform/alphabet.py +16 -13
- pulumi_vault/transform/get_decode.py +45 -21
- pulumi_vault/transform/get_encode.py +45 -21
- pulumi_vault/transform/role.py +16 -13
- pulumi_vault/transform/template.py +30 -25
- pulumi_vault/transform/transformation.py +12 -7
- pulumi_vault/transit/get_decrypt.py +26 -25
- pulumi_vault/transit/get_encrypt.py +24 -19
- pulumi_vault/transit/secret_backend_key.py +25 -97
- pulumi_vault/transit/secret_cache_config.py +12 -11
- {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736850018.dist-info}/METADATA +8 -7
- pulumi_vault-6.5.0a1736850018.dist-info/RECORD +256 -0
- {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736850018.dist-info}/WHEEL +1 -1
- pulumi_vault-5.21.0a1710160723.dist-info/RECORD +0 -244
- {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736850018.dist-info}/top_level.txt +0 -0
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
|
12
17
|
__all__ = ['OidcRoleArgs', 'OidcRole']
|
@@ -29,7 +34,7 @@ class OidcRoleArgs:
|
|
29
34
|
:param pulumi.Input[str] name: Name of the OIDC Role to create.
|
30
35
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
31
36
|
The value should not contain leading or trailing forward slashes.
|
32
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
37
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
33
38
|
*Available only for Vault Enterprise*.
|
34
39
|
:param pulumi.Input[str] template: The template string to use for generating tokens. This may be in
|
35
40
|
string-ified JSON or base64 format. See the
|
@@ -93,7 +98,7 @@ class OidcRoleArgs:
|
|
93
98
|
"""
|
94
99
|
The namespace to provision the resource in.
|
95
100
|
The value should not contain leading or trailing forward slashes.
|
96
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
101
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
97
102
|
*Available only for Vault Enterprise*.
|
98
103
|
"""
|
99
104
|
return pulumi.get(self, "namespace")
|
@@ -148,7 +153,7 @@ class _OidcRoleState:
|
|
148
153
|
:param pulumi.Input[str] name: Name of the OIDC Role to create.
|
149
154
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
150
155
|
The value should not contain leading or trailing forward slashes.
|
151
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
156
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
152
157
|
*Available only for Vault Enterprise*.
|
153
158
|
:param pulumi.Input[str] template: The template string to use for generating tokens. This may be in
|
154
159
|
string-ified JSON or base64 format. See the
|
@@ -213,7 +218,7 @@ class _OidcRoleState:
|
|
213
218
|
"""
|
214
219
|
The namespace to provision the resource in.
|
215
220
|
The value should not contain leading or trailing forward slashes.
|
216
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
221
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
217
222
|
*Available only for Vault Enterprise*.
|
218
223
|
"""
|
219
224
|
return pulumi.get(self, "namespace")
|
@@ -270,38 +275,42 @@ class OidcRole(pulumi.CustomResource):
|
|
270
275
|
exist before the role can be used to issue tokens. You must also configure the key with the
|
271
276
|
role's Client ID to allow the role to use the key.
|
272
277
|
|
273
|
-
<!--Start PulumiCodeChooser -->
|
274
278
|
```python
|
275
279
|
import pulumi
|
276
280
|
import pulumi_vault as vault
|
277
281
|
|
278
282
|
config = pulumi.Config()
|
283
|
+
# Name of the OIDC Key
|
279
284
|
key = config.get("key")
|
280
285
|
if key is None:
|
281
286
|
key = "key"
|
282
|
-
role = vault.identity.OidcRole("role",
|
283
|
-
|
287
|
+
role = vault.identity.OidcRole("role",
|
288
|
+
name="role",
|
289
|
+
key=key)
|
290
|
+
key_oidc_key = vault.identity.OidcKey("key",
|
291
|
+
name=key,
|
284
292
|
algorithm="RS256",
|
285
293
|
allowed_client_ids=[role.client_id])
|
286
294
|
```
|
287
|
-
<!--End PulumiCodeChooser -->
|
288
295
|
|
289
296
|
If you want to create the key first before creating the role, you can use a separate
|
290
297
|
resource to configure the allowed Client ID on
|
291
298
|
the key.
|
292
299
|
|
293
|
-
<!--Start PulumiCodeChooser -->
|
294
300
|
```python
|
295
301
|
import pulumi
|
296
302
|
import pulumi_vault as vault
|
297
303
|
|
298
|
-
key = vault.identity.OidcKey("key",
|
299
|
-
|
300
|
-
|
304
|
+
key = vault.identity.OidcKey("key",
|
305
|
+
name="key",
|
306
|
+
algorithm="RS256")
|
307
|
+
role = vault.identity.OidcRole("role",
|
308
|
+
name="role",
|
309
|
+
key=key.name)
|
310
|
+
role_oidc_key_allowed_client_id = vault.identity.OidcKeyAllowedClientID("role",
|
301
311
|
key_name=key.name,
|
302
|
-
allowed_client_id=
|
312
|
+
allowed_client_id=role.client_id)
|
303
313
|
```
|
304
|
-
<!--End PulumiCodeChooser -->
|
305
314
|
|
306
315
|
## Import
|
307
316
|
|
@@ -320,7 +329,7 @@ class OidcRole(pulumi.CustomResource):
|
|
320
329
|
:param pulumi.Input[str] name: Name of the OIDC Role to create.
|
321
330
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
322
331
|
The value should not contain leading or trailing forward slashes.
|
323
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
332
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
324
333
|
*Available only for Vault Enterprise*.
|
325
334
|
:param pulumi.Input[str] template: The template string to use for generating tokens. This may be in
|
326
335
|
string-ified JSON or base64 format. See the
|
@@ -342,38 +351,42 @@ class OidcRole(pulumi.CustomResource):
|
|
342
351
|
exist before the role can be used to issue tokens. You must also configure the key with the
|
343
352
|
role's Client ID to allow the role to use the key.
|
344
353
|
|
345
|
-
<!--Start PulumiCodeChooser -->
|
346
354
|
```python
|
347
355
|
import pulumi
|
348
356
|
import pulumi_vault as vault
|
349
357
|
|
350
358
|
config = pulumi.Config()
|
359
|
+
# Name of the OIDC Key
|
351
360
|
key = config.get("key")
|
352
361
|
if key is None:
|
353
362
|
key = "key"
|
354
|
-
role = vault.identity.OidcRole("role",
|
355
|
-
|
363
|
+
role = vault.identity.OidcRole("role",
|
364
|
+
name="role",
|
365
|
+
key=key)
|
366
|
+
key_oidc_key = vault.identity.OidcKey("key",
|
367
|
+
name=key,
|
356
368
|
algorithm="RS256",
|
357
369
|
allowed_client_ids=[role.client_id])
|
358
370
|
```
|
359
|
-
<!--End PulumiCodeChooser -->
|
360
371
|
|
361
372
|
If you want to create the key first before creating the role, you can use a separate
|
362
373
|
resource to configure the allowed Client ID on
|
363
374
|
the key.
|
364
375
|
|
365
|
-
<!--Start PulumiCodeChooser -->
|
366
376
|
```python
|
367
377
|
import pulumi
|
368
378
|
import pulumi_vault as vault
|
369
379
|
|
370
|
-
key = vault.identity.OidcKey("key",
|
371
|
-
|
372
|
-
|
380
|
+
key = vault.identity.OidcKey("key",
|
381
|
+
name="key",
|
382
|
+
algorithm="RS256")
|
383
|
+
role = vault.identity.OidcRole("role",
|
384
|
+
name="role",
|
385
|
+
key=key.name)
|
386
|
+
role_oidc_key_allowed_client_id = vault.identity.OidcKeyAllowedClientID("role",
|
373
387
|
key_name=key.name,
|
374
|
-
allowed_client_id=
|
388
|
+
allowed_client_id=role.client_id)
|
375
389
|
```
|
376
|
-
<!--End PulumiCodeChooser -->
|
377
390
|
|
378
391
|
## Import
|
379
392
|
|
@@ -451,7 +464,7 @@ class OidcRole(pulumi.CustomResource):
|
|
451
464
|
:param pulumi.Input[str] name: Name of the OIDC Role to create.
|
452
465
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
453
466
|
The value should not contain leading or trailing forward slashes.
|
454
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
467
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
455
468
|
*Available only for Vault Enterprise*.
|
456
469
|
:param pulumi.Input[str] template: The template string to use for generating tokens. This may be in
|
457
470
|
string-ified JSON or base64 format. See the
|
@@ -503,7 +516,7 @@ class OidcRole(pulumi.CustomResource):
|
|
503
516
|
"""
|
504
517
|
The namespace to provision the resource in.
|
505
518
|
The value should not contain leading or trailing forward slashes.
|
506
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
519
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
507
520
|
*Available only for Vault Enterprise*.
|
508
521
|
"""
|
509
522
|
return pulumi.get(self, "namespace")
|
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
|
12
17
|
__all__ = ['OidcScopeArgs', 'OidcScope']
|
@@ -24,7 +29,7 @@ class OidcScopeArgs:
|
|
24
29
|
:param pulumi.Input[str] name: The name of the scope. The `openid` scope name is reserved.
|
25
30
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
26
31
|
The value should not contain leading or trailing forward slashes.
|
27
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
32
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
28
33
|
*Available only for Vault Enterprise*.
|
29
34
|
:param pulumi.Input[str] template: The template string for the scope. This may be provided as escaped JSON or base64 encoded JSON.
|
30
35
|
"""
|
@@ -67,7 +72,7 @@ class OidcScopeArgs:
|
|
67
72
|
"""
|
68
73
|
The namespace to provision the resource in.
|
69
74
|
The value should not contain leading or trailing forward slashes.
|
70
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
75
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
71
76
|
*Available only for Vault Enterprise*.
|
72
77
|
"""
|
73
78
|
return pulumi.get(self, "namespace")
|
@@ -102,7 +107,7 @@ class _OidcScopeState:
|
|
102
107
|
:param pulumi.Input[str] name: The name of the scope. The `openid` scope name is reserved.
|
103
108
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
104
109
|
The value should not contain leading or trailing forward slashes.
|
105
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
110
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
106
111
|
*Available only for Vault Enterprise*.
|
107
112
|
:param pulumi.Input[str] template: The template string for the scope. This may be provided as escaped JSON or base64 encoded JSON.
|
108
113
|
"""
|
@@ -145,7 +150,7 @@ class _OidcScopeState:
|
|
145
150
|
"""
|
146
151
|
The namespace to provision the resource in.
|
147
152
|
The value should not contain leading or trailing forward slashes.
|
148
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
153
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
149
154
|
*Available only for Vault Enterprise*.
|
150
155
|
"""
|
151
156
|
return pulumi.get(self, "namespace")
|
@@ -183,16 +188,15 @@ class OidcScope(pulumi.CustomResource):
|
|
183
188
|
|
184
189
|
## Example Usage
|
185
190
|
|
186
|
-
<!--Start PulumiCodeChooser -->
|
187
191
|
```python
|
188
192
|
import pulumi
|
189
193
|
import pulumi_vault as vault
|
190
194
|
|
191
195
|
groups = vault.identity.OidcScope("groups",
|
192
|
-
|
193
|
-
template="{\\"groups\\":{{identity.entity.groups.names}}}"
|
196
|
+
name="groups",
|
197
|
+
template="{\\"groups\\":{{identity.entity.groups.names}}}",
|
198
|
+
description="Vault OIDC Groups Scope")
|
194
199
|
```
|
195
|
-
<!--End PulumiCodeChooser -->
|
196
200
|
|
197
201
|
## Import
|
198
202
|
|
@@ -208,7 +212,7 @@ class OidcScope(pulumi.CustomResource):
|
|
208
212
|
:param pulumi.Input[str] name: The name of the scope. The `openid` scope name is reserved.
|
209
213
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
210
214
|
The value should not contain leading or trailing forward slashes.
|
211
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
215
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
212
216
|
*Available only for Vault Enterprise*.
|
213
217
|
:param pulumi.Input[str] template: The template string for the scope. This may be provided as escaped JSON or base64 encoded JSON.
|
214
218
|
"""
|
@@ -224,16 +228,15 @@ class OidcScope(pulumi.CustomResource):
|
|
224
228
|
|
225
229
|
## Example Usage
|
226
230
|
|
227
|
-
<!--Start PulumiCodeChooser -->
|
228
231
|
```python
|
229
232
|
import pulumi
|
230
233
|
import pulumi_vault as vault
|
231
234
|
|
232
235
|
groups = vault.identity.OidcScope("groups",
|
233
|
-
|
234
|
-
template="{\\"groups\\":{{identity.entity.groups.names}}}"
|
236
|
+
name="groups",
|
237
|
+
template="{\\"groups\\":{{identity.entity.groups.names}}}",
|
238
|
+
description="Vault OIDC Groups Scope")
|
235
239
|
```
|
236
|
-
<!--End PulumiCodeChooser -->
|
237
240
|
|
238
241
|
## Import
|
239
242
|
|
@@ -300,7 +303,7 @@ class OidcScope(pulumi.CustomResource):
|
|
300
303
|
:param pulumi.Input[str] name: The name of the scope. The `openid` scope name is reserved.
|
301
304
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
302
305
|
The value should not contain leading or trailing forward slashes.
|
303
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
306
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
304
307
|
*Available only for Vault Enterprise*.
|
305
308
|
:param pulumi.Input[str] template: The template string for the scope. This may be provided as escaped JSON or base64 encoded JSON.
|
306
309
|
"""
|
@@ -336,7 +339,7 @@ class OidcScope(pulumi.CustomResource):
|
|
336
339
|
"""
|
337
340
|
The namespace to provision the resource in.
|
338
341
|
The value should not contain leading or trailing forward slashes.
|
339
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
342
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
340
343
|
*Available only for Vault Enterprise*.
|
341
344
|
"""
|
342
345
|
return pulumi.get(self, "namespace")
|
pulumi_vault/identity/outputs.py
CHANGED
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
|
12
17
|
__all__ = [
|
@@ -21,7 +26,7 @@ class GetEntityAliasResult(dict):
|
|
21
26
|
id: str,
|
22
27
|
last_update_time: str,
|
23
28
|
merged_from_canonical_ids: Sequence[str],
|
24
|
-
metadata: Mapping[str,
|
29
|
+
metadata: Mapping[str, str],
|
25
30
|
mount_accessor: str,
|
26
31
|
mount_path: str,
|
27
32
|
mount_type: str,
|
@@ -32,7 +37,7 @@ class GetEntityAliasResult(dict):
|
|
32
37
|
:param str id: ID of the alias
|
33
38
|
:param str last_update_time: Last update time of the alias
|
34
39
|
:param Sequence[str] merged_from_canonical_ids: List of canonical IDs merged with this alias
|
35
|
-
:param Mapping[str,
|
40
|
+
:param Mapping[str, str] metadata: Arbitrary metadata
|
36
41
|
:param str mount_accessor: Authentication mount acccessor which this alias belongs to
|
37
42
|
:param str mount_path: Authentication mount path which this alias belongs to
|
38
43
|
:param str mount_type: Authentication mount type which this alias belongs to
|
@@ -91,7 +96,7 @@ class GetEntityAliasResult(dict):
|
|
91
96
|
|
92
97
|
@property
|
93
98
|
@pulumi.getter
|
94
|
-
def metadata(self) -> Mapping[str,
|
99
|
+
def metadata(self) -> Mapping[str, str]:
|
95
100
|
"""
|
96
101
|
Arbitrary metadata
|
97
102
|
"""
|
pulumi_vault/jwt/_inputs.py
CHANGED
@@ -4,15 +4,70 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
|
12
17
|
__all__ = [
|
13
18
|
'AuthBackendTuneArgs',
|
19
|
+
'AuthBackendTuneArgsDict',
|
14
20
|
]
|
15
21
|
|
22
|
+
MYPY = False
|
23
|
+
|
24
|
+
if not MYPY:
|
25
|
+
class AuthBackendTuneArgsDict(TypedDict):
|
26
|
+
allowed_response_headers: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]]
|
27
|
+
"""
|
28
|
+
List of headers to whitelist and allowing
|
29
|
+
a plugin to include them in the response.
|
30
|
+
"""
|
31
|
+
audit_non_hmac_request_keys: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]]
|
32
|
+
"""
|
33
|
+
Specifies the list of keys that will
|
34
|
+
not be HMAC'd by audit devices in the request data object.
|
35
|
+
"""
|
36
|
+
audit_non_hmac_response_keys: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]]
|
37
|
+
"""
|
38
|
+
Specifies the list of keys that will
|
39
|
+
not be HMAC'd by audit devices in the response data object.
|
40
|
+
"""
|
41
|
+
default_lease_ttl: NotRequired[pulumi.Input[str]]
|
42
|
+
"""
|
43
|
+
Specifies the default time-to-live.
|
44
|
+
If set, this overrides the global default.
|
45
|
+
Must be a valid [duration string](https://golang.org/pkg/time/#ParseDuration)
|
46
|
+
"""
|
47
|
+
listing_visibility: NotRequired[pulumi.Input[str]]
|
48
|
+
"""
|
49
|
+
Specifies whether to show this mount in
|
50
|
+
the UI-specific listing endpoint. Valid values are "unauth" or "hidden".
|
51
|
+
"""
|
52
|
+
max_lease_ttl: NotRequired[pulumi.Input[str]]
|
53
|
+
"""
|
54
|
+
Specifies the maximum time-to-live.
|
55
|
+
If set, this overrides the global default.
|
56
|
+
Must be a valid [duration string](https://golang.org/pkg/time/#ParseDuration)
|
57
|
+
"""
|
58
|
+
passthrough_request_headers: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]]
|
59
|
+
"""
|
60
|
+
List of headers to whitelist and
|
61
|
+
pass from the request to the backend.
|
62
|
+
"""
|
63
|
+
token_type: NotRequired[pulumi.Input[str]]
|
64
|
+
"""
|
65
|
+
Specifies the type of tokens that should be returned by
|
66
|
+
the mount. Valid values are "default-service", "default-batch", "service", "batch".
|
67
|
+
"""
|
68
|
+
elif False:
|
69
|
+
AuthBackendTuneArgsDict: TypeAlias = Mapping[str, Any]
|
70
|
+
|
16
71
|
@pulumi.input_type
|
17
72
|
class AuthBackendTuneArgs:
|
18
73
|
def __init__(__self__, *,
|
pulumi_vault/jwt/auth_backend.py
CHANGED
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
from . import outputs
|
12
17
|
from ._inputs import *
|
@@ -51,7 +56,7 @@ class AuthBackendArgs:
|
|
51
56
|
:param pulumi.Input[bool] local: Specifies if the auth method is local only.
|
52
57
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
53
58
|
The value should not contain leading or trailing forward slashes.
|
54
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
59
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
55
60
|
*Available only for Vault Enterprise*.
|
56
61
|
:param pulumi.Input[bool] namespace_in_state: Pass namespace in the OIDC state parameter instead of as a separate query parameter. With this setting, the allowed redirect URL(s) in Vault and on the provider side should not contain a namespace query parameter. This means only one redirect URL entry needs to be maintained on the OIDC provider side for all vault namespaces that will be authenticating against it. Defaults to true for new configs
|
57
62
|
|
@@ -226,7 +231,7 @@ class AuthBackendArgs:
|
|
226
231
|
"""
|
227
232
|
The namespace to provision the resource in.
|
228
233
|
The value should not contain leading or trailing forward slashes.
|
229
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
234
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
230
235
|
*Available only for Vault Enterprise*.
|
231
236
|
"""
|
232
237
|
return pulumi.get(self, "namespace")
|
@@ -409,7 +414,7 @@ class _AuthBackendState:
|
|
409
414
|
:param pulumi.Input[bool] local: Specifies if the auth method is local only.
|
410
415
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
411
416
|
The value should not contain leading or trailing forward slashes.
|
412
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
417
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
413
418
|
*Available only for Vault Enterprise*.
|
414
419
|
:param pulumi.Input[bool] namespace_in_state: Pass namespace in the OIDC state parameter instead of as a separate query parameter. With this setting, the allowed redirect URL(s) in Vault and on the provider side should not contain a namespace query parameter. This means only one redirect URL entry needs to be maintained on the OIDC provider side for all vault namespaces that will be authenticating against it. Defaults to true for new configs
|
415
420
|
|
@@ -598,7 +603,7 @@ class _AuthBackendState:
|
|
598
603
|
"""
|
599
604
|
The namespace to provision the resource in.
|
600
605
|
The value should not contain leading or trailing forward slashes.
|
601
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
606
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
602
607
|
*Available only for Vault Enterprise*.
|
603
608
|
"""
|
604
609
|
return pulumi.get(self, "namespace")
|
@@ -765,7 +770,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
765
770
|
oidc_response_types: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
766
771
|
path: Optional[pulumi.Input[str]] = None,
|
767
772
|
provider_config: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
768
|
-
tune: Optional[pulumi.Input[
|
773
|
+
tune: Optional[pulumi.Input[Union['AuthBackendTuneArgs', 'AuthBackendTuneArgsDict']]] = None,
|
769
774
|
type: Optional[pulumi.Input[str]] = None,
|
770
775
|
__props__=None):
|
771
776
|
"""
|
@@ -776,43 +781,38 @@ class AuthBackend(pulumi.CustomResource):
|
|
776
781
|
|
777
782
|
Manage JWT auth backend:
|
778
783
|
|
779
|
-
<!--Start PulumiCodeChooser -->
|
780
784
|
```python
|
781
785
|
import pulumi
|
782
786
|
import pulumi_vault as vault
|
783
787
|
|
784
788
|
example = vault.jwt.AuthBackend("example",
|
785
|
-
bound_issuer="https://myco.auth0.com/",
|
786
789
|
description="Demonstration of the Terraform JWT auth backend",
|
790
|
+
path="jwt",
|
787
791
|
oidc_discovery_url="https://myco.auth0.com/",
|
788
|
-
|
792
|
+
bound_issuer="https://myco.auth0.com/")
|
789
793
|
```
|
790
|
-
<!--End PulumiCodeChooser -->
|
791
794
|
|
792
795
|
Manage OIDC auth backend:
|
793
796
|
|
794
|
-
<!--Start PulumiCodeChooser -->
|
795
797
|
```python
|
796
798
|
import pulumi
|
797
799
|
import pulumi_vault as vault
|
798
800
|
|
799
801
|
example = vault.jwt.AuthBackend("example",
|
800
|
-
bound_issuer="https://myco.auth0.com/",
|
801
802
|
description="Demonstration of the Terraform JWT auth backend",
|
803
|
+
path="oidc",
|
804
|
+
type="oidc",
|
805
|
+
oidc_discovery_url="https://myco.auth0.com/",
|
802
806
|
oidc_client_id="1234567890",
|
803
807
|
oidc_client_secret="secret123456",
|
804
|
-
|
805
|
-
|
806
|
-
|
807
|
-
|
808
|
-
),
|
809
|
-
type="oidc")
|
808
|
+
bound_issuer="https://myco.auth0.com/",
|
809
|
+
tune={
|
810
|
+
"listing_visibility": "unauth",
|
811
|
+
})
|
810
812
|
```
|
811
|
-
<!--End PulumiCodeChooser -->
|
812
813
|
|
813
814
|
Configuring the auth backend with a `provider_config:
|
814
815
|
|
815
|
-
<!--Start PulumiCodeChooser -->
|
816
816
|
```python
|
817
817
|
import pulumi
|
818
818
|
import pulumi_vault as vault
|
@@ -821,15 +821,14 @@ class AuthBackend(pulumi.CustomResource):
|
|
821
821
|
description="OIDC backend",
|
822
822
|
oidc_discovery_url="https://accounts.google.com",
|
823
823
|
path="oidc",
|
824
|
+
type="oidc",
|
824
825
|
provider_config={
|
826
|
+
"provider": "gsuite",
|
825
827
|
"fetch_groups": "true",
|
826
828
|
"fetch_user_info": "true",
|
827
829
|
"groups_recurse_max_depth": "1",
|
828
|
-
|
829
|
-
},
|
830
|
-
type="oidc")
|
830
|
+
})
|
831
831
|
```
|
832
|
-
<!--End PulumiCodeChooser -->
|
833
832
|
|
834
833
|
## Import
|
835
834
|
|
@@ -858,7 +857,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
858
857
|
:param pulumi.Input[bool] local: Specifies if the auth method is local only.
|
859
858
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
860
859
|
The value should not contain leading or trailing forward slashes.
|
861
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
860
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
862
861
|
*Available only for Vault Enterprise*.
|
863
862
|
:param pulumi.Input[bool] namespace_in_state: Pass namespace in the OIDC state parameter instead of as a separate query parameter. With this setting, the allowed redirect URL(s) in Vault and on the provider side should not contain a namespace query parameter. This means only one redirect URL entry needs to be maintained on the OIDC provider side for all vault namespaces that will be authenticating against it. Defaults to true for new configs
|
864
863
|
|
@@ -889,43 +888,38 @@ class AuthBackend(pulumi.CustomResource):
|
|
889
888
|
|
890
889
|
Manage JWT auth backend:
|
891
890
|
|
892
|
-
<!--Start PulumiCodeChooser -->
|
893
891
|
```python
|
894
892
|
import pulumi
|
895
893
|
import pulumi_vault as vault
|
896
894
|
|
897
895
|
example = vault.jwt.AuthBackend("example",
|
898
|
-
bound_issuer="https://myco.auth0.com/",
|
899
896
|
description="Demonstration of the Terraform JWT auth backend",
|
897
|
+
path="jwt",
|
900
898
|
oidc_discovery_url="https://myco.auth0.com/",
|
901
|
-
|
899
|
+
bound_issuer="https://myco.auth0.com/")
|
902
900
|
```
|
903
|
-
<!--End PulumiCodeChooser -->
|
904
901
|
|
905
902
|
Manage OIDC auth backend:
|
906
903
|
|
907
|
-
<!--Start PulumiCodeChooser -->
|
908
904
|
```python
|
909
905
|
import pulumi
|
910
906
|
import pulumi_vault as vault
|
911
907
|
|
912
908
|
example = vault.jwt.AuthBackend("example",
|
913
|
-
bound_issuer="https://myco.auth0.com/",
|
914
909
|
description="Demonstration of the Terraform JWT auth backend",
|
910
|
+
path="oidc",
|
911
|
+
type="oidc",
|
912
|
+
oidc_discovery_url="https://myco.auth0.com/",
|
915
913
|
oidc_client_id="1234567890",
|
916
914
|
oidc_client_secret="secret123456",
|
917
|
-
|
918
|
-
|
919
|
-
|
920
|
-
|
921
|
-
),
|
922
|
-
type="oidc")
|
915
|
+
bound_issuer="https://myco.auth0.com/",
|
916
|
+
tune={
|
917
|
+
"listing_visibility": "unauth",
|
918
|
+
})
|
923
919
|
```
|
924
|
-
<!--End PulumiCodeChooser -->
|
925
920
|
|
926
921
|
Configuring the auth backend with a `provider_config:
|
927
922
|
|
928
|
-
<!--Start PulumiCodeChooser -->
|
929
923
|
```python
|
930
924
|
import pulumi
|
931
925
|
import pulumi_vault as vault
|
@@ -934,15 +928,14 @@ class AuthBackend(pulumi.CustomResource):
|
|
934
928
|
description="OIDC backend",
|
935
929
|
oidc_discovery_url="https://accounts.google.com",
|
936
930
|
path="oidc",
|
931
|
+
type="oidc",
|
937
932
|
provider_config={
|
933
|
+
"provider": "gsuite",
|
938
934
|
"fetch_groups": "true",
|
939
935
|
"fetch_user_info": "true",
|
940
936
|
"groups_recurse_max_depth": "1",
|
941
|
-
|
942
|
-
},
|
943
|
-
type="oidc")
|
937
|
+
})
|
944
938
|
```
|
945
|
-
<!--End PulumiCodeChooser -->
|
946
939
|
|
947
940
|
## Import
|
948
941
|
|
@@ -991,7 +984,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
991
984
|
oidc_response_types: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
992
985
|
path: Optional[pulumi.Input[str]] = None,
|
993
986
|
provider_config: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
994
|
-
tune: Optional[pulumi.Input[
|
987
|
+
tune: Optional[pulumi.Input[Union['AuthBackendTuneArgs', 'AuthBackendTuneArgsDict']]] = None,
|
995
988
|
type: Optional[pulumi.Input[str]] = None,
|
996
989
|
__props__=None):
|
997
990
|
opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
|
@@ -1056,7 +1049,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1056
1049
|
oidc_response_types: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1057
1050
|
path: Optional[pulumi.Input[str]] = None,
|
1058
1051
|
provider_config: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
1059
|
-
tune: Optional[pulumi.Input[
|
1052
|
+
tune: Optional[pulumi.Input[Union['AuthBackendTuneArgs', 'AuthBackendTuneArgsDict']]] = None,
|
1060
1053
|
type: Optional[pulumi.Input[str]] = None) -> 'AuthBackend':
|
1061
1054
|
"""
|
1062
1055
|
Get an existing AuthBackend resource's state with the given name, id, and optional extra
|
@@ -1078,7 +1071,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1078
1071
|
:param pulumi.Input[bool] local: Specifies if the auth method is local only.
|
1079
1072
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
1080
1073
|
The value should not contain leading or trailing forward slashes.
|
1081
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
1074
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
1082
1075
|
*Available only for Vault Enterprise*.
|
1083
1076
|
:param pulumi.Input[bool] namespace_in_state: Pass namespace in the OIDC state parameter instead of as a separate query parameter. With this setting, the allowed redirect URL(s) in Vault and on the provider side should not contain a namespace query parameter. This means only one redirect URL entry needs to be maintained on the OIDC provider side for all vault namespaces that will be authenticating against it. Defaults to true for new configs
|
1084
1077
|
|
@@ -1210,7 +1203,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1210
1203
|
"""
|
1211
1204
|
The namespace to provision the resource in.
|
1212
1205
|
The value should not contain leading or trailing forward slashes.
|
1213
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
1206
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
1214
1207
|
*Available only for Vault Enterprise*.
|
1215
1208
|
"""
|
1216
1209
|
return pulumi.get(self, "namespace")
|