pulumi-vault 5.21.0a1710160723__py3-none-any.whl → 6.5.0a1736850018__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +52 -0
- pulumi_vault/_inputs.py +560 -0
- pulumi_vault/_utilities.py +41 -5
- pulumi_vault/ad/get_access_credentials.py +22 -7
- pulumi_vault/ad/secret_backend.py +14 -144
- pulumi_vault/ad/secret_library.py +14 -11
- pulumi_vault/ad/secret_role.py +12 -11
- pulumi_vault/alicloud/auth_backend_role.py +74 -192
- pulumi_vault/approle/auth_backend_login.py +12 -11
- pulumi_vault/approle/auth_backend_role.py +75 -193
- pulumi_vault/approle/auth_backend_role_secret_id.py +106 -11
- pulumi_vault/approle/get_auth_backend_role_id.py +18 -9
- pulumi_vault/audit.py +24 -27
- pulumi_vault/audit_request_header.py +11 -6
- pulumi_vault/auth_backend.py +64 -12
- pulumi_vault/aws/auth_backend_cert.py +12 -7
- pulumi_vault/aws/auth_backend_client.py +265 -24
- pulumi_vault/aws/auth_backend_config_identity.py +12 -11
- pulumi_vault/aws/auth_backend_identity_whitelist.py +18 -17
- pulumi_vault/aws/auth_backend_login.py +19 -22
- pulumi_vault/aws/auth_backend_role.py +75 -193
- pulumi_vault/aws/auth_backend_role_tag.py +12 -7
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -17
- pulumi_vault/aws/auth_backend_sts_role.py +12 -11
- pulumi_vault/aws/get_access_credentials.py +34 -7
- pulumi_vault/aws/get_static_access_credentials.py +19 -5
- pulumi_vault/aws/secret_backend.py +75 -7
- pulumi_vault/aws/secret_backend_role.py +183 -11
- pulumi_vault/aws/secret_backend_static_role.py +14 -11
- pulumi_vault/azure/_inputs.py +24 -0
- pulumi_vault/azure/auth_backend_config.py +151 -17
- pulumi_vault/azure/auth_backend_role.py +75 -193
- pulumi_vault/azure/backend.py +223 -29
- pulumi_vault/azure/backend_role.py +42 -41
- pulumi_vault/azure/get_access_credentials.py +39 -11
- pulumi_vault/azure/outputs.py +5 -0
- pulumi_vault/cert_auth_backend_role.py +87 -271
- pulumi_vault/config/__init__.pyi +5 -0
- pulumi_vault/config/_inputs.py +73 -0
- pulumi_vault/config/outputs.py +35 -0
- pulumi_vault/config/ui_custom_message.py +529 -0
- pulumi_vault/config/vars.py +5 -0
- pulumi_vault/consul/secret_backend.py +22 -25
- pulumi_vault/consul/secret_backend_role.py +14 -80
- pulumi_vault/database/_inputs.py +2770 -881
- pulumi_vault/database/outputs.py +721 -838
- pulumi_vault/database/secret_backend_connection.py +117 -114
- pulumi_vault/database/secret_backend_role.py +29 -24
- pulumi_vault/database/secret_backend_static_role.py +85 -15
- pulumi_vault/database/secrets_mount.py +425 -138
- pulumi_vault/egp_policy.py +16 -15
- pulumi_vault/gcp/_inputs.py +111 -0
- pulumi_vault/gcp/auth_backend.py +248 -35
- pulumi_vault/gcp/auth_backend_role.py +75 -271
- pulumi_vault/gcp/get_auth_backend_role.py +43 -9
- pulumi_vault/gcp/outputs.py +5 -0
- pulumi_vault/gcp/secret_backend.py +287 -16
- pulumi_vault/gcp/secret_impersonated_account.py +74 -17
- pulumi_vault/gcp/secret_roleset.py +29 -26
- pulumi_vault/gcp/secret_static_account.py +37 -34
- pulumi_vault/generic/endpoint.py +22 -21
- pulumi_vault/generic/get_secret.py +68 -12
- pulumi_vault/generic/secret.py +19 -14
- pulumi_vault/get_auth_backend.py +24 -11
- pulumi_vault/get_auth_backends.py +33 -11
- pulumi_vault/get_namespace.py +226 -0
- pulumi_vault/get_namespaces.py +153 -0
- pulumi_vault/get_nomad_access_token.py +31 -15
- pulumi_vault/get_policy_document.py +34 -23
- pulumi_vault/get_raft_autopilot_state.py +29 -14
- pulumi_vault/github/_inputs.py +55 -0
- pulumi_vault/github/auth_backend.py +17 -16
- pulumi_vault/github/outputs.py +5 -0
- pulumi_vault/github/team.py +14 -13
- pulumi_vault/github/user.py +14 -13
- pulumi_vault/identity/entity.py +18 -15
- pulumi_vault/identity/entity_alias.py +18 -15
- pulumi_vault/identity/entity_policies.py +24 -19
- pulumi_vault/identity/get_entity.py +40 -14
- pulumi_vault/identity/get_group.py +45 -13
- pulumi_vault/identity/get_oidc_client_creds.py +21 -11
- pulumi_vault/identity/get_oidc_openid_config.py +39 -13
- pulumi_vault/identity/get_oidc_public_keys.py +29 -14
- pulumi_vault/identity/group.py +50 -49
- pulumi_vault/identity/group_alias.py +14 -11
- pulumi_vault/identity/group_member_entity_ids.py +24 -74
- pulumi_vault/identity/group_member_group_ids.py +36 -27
- pulumi_vault/identity/group_policies.py +16 -15
- pulumi_vault/identity/mfa_duo.py +9 -8
- pulumi_vault/identity/mfa_login_enforcement.py +13 -8
- pulumi_vault/identity/mfa_okta.py +9 -8
- pulumi_vault/identity/mfa_pingid.py +5 -4
- pulumi_vault/identity/mfa_totp.py +5 -4
- pulumi_vault/identity/oidc.py +12 -11
- pulumi_vault/identity/oidc_assignment.py +22 -13
- pulumi_vault/identity/oidc_client.py +34 -25
- pulumi_vault/identity/oidc_key.py +28 -19
- pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -19
- pulumi_vault/identity/oidc_provider.py +34 -23
- pulumi_vault/identity/oidc_role.py +40 -27
- pulumi_vault/identity/oidc_scope.py +18 -15
- pulumi_vault/identity/outputs.py +8 -3
- pulumi_vault/jwt/_inputs.py +55 -0
- pulumi_vault/jwt/auth_backend.py +39 -46
- pulumi_vault/jwt/auth_backend_role.py +131 -260
- pulumi_vault/jwt/outputs.py +5 -0
- pulumi_vault/kmip/secret_backend.py +22 -21
- pulumi_vault/kmip/secret_role.py +12 -11
- pulumi_vault/kmip/secret_scope.py +12 -11
- pulumi_vault/kubernetes/auth_backend_config.py +55 -7
- pulumi_vault/kubernetes/auth_backend_role.py +68 -179
- pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
- pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
- pulumi_vault/kubernetes/get_service_account_token.py +39 -15
- pulumi_vault/kubernetes/secret_backend.py +314 -29
- pulumi_vault/kubernetes/secret_backend_role.py +135 -56
- pulumi_vault/kv/_inputs.py +36 -4
- pulumi_vault/kv/get_secret.py +23 -12
- pulumi_vault/kv/get_secret_subkeys_v2.py +31 -14
- pulumi_vault/kv/get_secret_v2.py +89 -9
- pulumi_vault/kv/get_secrets_list.py +22 -15
- pulumi_vault/kv/get_secrets_list_v2.py +35 -19
- pulumi_vault/kv/outputs.py +8 -3
- pulumi_vault/kv/secret.py +19 -18
- pulumi_vault/kv/secret_backend_v2.py +12 -11
- pulumi_vault/kv/secret_v2.py +55 -52
- pulumi_vault/ldap/auth_backend.py +125 -168
- pulumi_vault/ldap/auth_backend_group.py +12 -11
- pulumi_vault/ldap/auth_backend_user.py +12 -11
- pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
- pulumi_vault/ldap/get_static_credentials.py +24 -5
- pulumi_vault/ldap/secret_backend.py +352 -84
- pulumi_vault/ldap/secret_backend_dynamic_role.py +12 -11
- pulumi_vault/ldap/secret_backend_library_set.py +14 -11
- pulumi_vault/ldap/secret_backend_static_role.py +67 -12
- pulumi_vault/managed/_inputs.py +289 -132
- pulumi_vault/managed/keys.py +27 -43
- pulumi_vault/managed/outputs.py +89 -132
- pulumi_vault/mfa_duo.py +16 -13
- pulumi_vault/mfa_okta.py +16 -13
- pulumi_vault/mfa_pingid.py +16 -13
- pulumi_vault/mfa_totp.py +22 -19
- pulumi_vault/mongodbatlas/secret_backend.py +18 -17
- pulumi_vault/mongodbatlas/secret_role.py +41 -38
- pulumi_vault/mount.py +389 -65
- pulumi_vault/namespace.py +26 -21
- pulumi_vault/nomad_secret_backend.py +16 -15
- pulumi_vault/nomad_secret_role.py +12 -11
- pulumi_vault/okta/_inputs.py +47 -8
- pulumi_vault/okta/auth_backend.py +483 -41
- pulumi_vault/okta/auth_backend_group.py +12 -11
- pulumi_vault/okta/auth_backend_user.py +12 -11
- pulumi_vault/okta/outputs.py +13 -8
- pulumi_vault/outputs.py +5 -0
- pulumi_vault/password_policy.py +18 -15
- pulumi_vault/pkisecret/__init__.py +3 -0
- pulumi_vault/pkisecret/_inputs.py +81 -0
- pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
- pulumi_vault/pkisecret/backend_config_est.py +619 -0
- pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
- pulumi_vault/pkisecret/get_backend_issuer.py +63 -7
- pulumi_vault/pkisecret/get_backend_issuers.py +21 -12
- pulumi_vault/pkisecret/get_backend_key.py +24 -13
- pulumi_vault/pkisecret/get_backend_keys.py +21 -12
- pulumi_vault/pkisecret/outputs.py +69 -0
- pulumi_vault/pkisecret/secret_backend_cert.py +18 -15
- pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -15
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +12 -11
- pulumi_vault/pkisecret/secret_backend_config_urls.py +59 -11
- pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -13
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -15
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -21
- pulumi_vault/pkisecret/secret_backend_issuer.py +12 -11
- pulumi_vault/pkisecret/secret_backend_key.py +12 -7
- pulumi_vault/pkisecret/secret_backend_role.py +19 -16
- pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -52
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -62
- pulumi_vault/pkisecret/secret_backend_sign.py +18 -60
- pulumi_vault/plugin.py +595 -0
- pulumi_vault/plugin_pinned_version.py +298 -0
- pulumi_vault/policy.py +12 -7
- pulumi_vault/provider.py +48 -53
- pulumi_vault/pulumi-plugin.json +2 -1
- pulumi_vault/quota_lease_count.py +58 -8
- pulumi_vault/quota_rate_limit.py +54 -4
- pulumi_vault/rabbitmq/_inputs.py +61 -0
- pulumi_vault/rabbitmq/outputs.py +5 -0
- pulumi_vault/rabbitmq/secret_backend.py +16 -15
- pulumi_vault/rabbitmq/secret_backend_role.py +52 -49
- pulumi_vault/raft_autopilot.py +12 -11
- pulumi_vault/raft_snapshot_agent_config.py +121 -311
- pulumi_vault/rgp_policy.py +14 -13
- pulumi_vault/saml/auth_backend.py +20 -19
- pulumi_vault/saml/auth_backend_role.py +90 -199
- pulumi_vault/secrets/__init__.py +3 -0
- pulumi_vault/secrets/_inputs.py +110 -0
- pulumi_vault/secrets/outputs.py +94 -0
- pulumi_vault/secrets/sync_association.py +56 -75
- pulumi_vault/secrets/sync_aws_destination.py +240 -29
- pulumi_vault/secrets/sync_azure_destination.py +90 -33
- pulumi_vault/secrets/sync_config.py +7 -6
- pulumi_vault/secrets/sync_gcp_destination.py +156 -27
- pulumi_vault/secrets/sync_gh_destination.py +187 -15
- pulumi_vault/secrets/sync_github_apps.py +375 -0
- pulumi_vault/secrets/sync_vercel_destination.py +72 -15
- pulumi_vault/ssh/_inputs.py +28 -32
- pulumi_vault/ssh/outputs.py +11 -32
- pulumi_vault/ssh/secret_backend_ca.py +106 -11
- pulumi_vault/ssh/secret_backend_role.py +83 -120
- pulumi_vault/terraformcloud/secret_backend.py +5 -56
- pulumi_vault/terraformcloud/secret_creds.py +14 -24
- pulumi_vault/terraformcloud/secret_role.py +14 -76
- pulumi_vault/token.py +26 -25
- pulumi_vault/tokenauth/auth_backend_role.py +76 -201
- pulumi_vault/transform/alphabet.py +16 -13
- pulumi_vault/transform/get_decode.py +45 -21
- pulumi_vault/transform/get_encode.py +45 -21
- pulumi_vault/transform/role.py +16 -13
- pulumi_vault/transform/template.py +30 -25
- pulumi_vault/transform/transformation.py +12 -7
- pulumi_vault/transit/get_decrypt.py +26 -25
- pulumi_vault/transit/get_encrypt.py +24 -19
- pulumi_vault/transit/secret_backend_key.py +25 -97
- pulumi_vault/transit/secret_cache_config.py +12 -11
- {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736850018.dist-info}/METADATA +8 -7
- pulumi_vault-6.5.0a1736850018.dist-info/RECORD +256 -0
- {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736850018.dist-info}/WHEEL +1 -1
- pulumi_vault-5.21.0a1710160723.dist-info/RECORD +0 -244
- {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736850018.dist-info}/top_level.txt +0 -0
pulumi_vault/jwt/outputs.py
CHANGED
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
|
12
17
|
__all__ = [
|
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
|
12
17
|
__all__ = ['SecretBackendArgs', 'SecretBackend']
|
@@ -40,7 +45,7 @@ class SecretBackendArgs:
|
|
40
45
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] listen_addrs: Addresses the KMIP server should listen on (`host:port`).
|
41
46
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
42
47
|
The value should not contain leading or trailing forward slashes.
|
43
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
48
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
44
49
|
*Available only for Vault Enterprise*.
|
45
50
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] server_hostnames: Hostnames to include in the server's TLS certificate as SAN DNS names. The first will be used as the common name (CN).
|
46
51
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] server_ips: IPs to include in the server's TLS certificate as SAN IP addresses.
|
@@ -166,7 +171,7 @@ class SecretBackendArgs:
|
|
166
171
|
"""
|
167
172
|
The namespace to provision the resource in.
|
168
173
|
The value should not contain leading or trailing forward slashes.
|
169
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
174
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
170
175
|
*Available only for Vault Enterprise*.
|
171
176
|
"""
|
172
177
|
return pulumi.get(self, "namespace")
|
@@ -263,7 +268,7 @@ class _SecretBackendState:
|
|
263
268
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] listen_addrs: Addresses the KMIP server should listen on (`host:port`).
|
264
269
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
265
270
|
The value should not contain leading or trailing forward slashes.
|
266
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
271
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
267
272
|
*Available only for Vault Enterprise*.
|
268
273
|
:param pulumi.Input[str] path: The unique path this backend should be mounted at. Must
|
269
274
|
not begin or end with a `/`. Defaults to `kmip`.
|
@@ -379,7 +384,7 @@ class _SecretBackendState:
|
|
379
384
|
"""
|
380
385
|
The namespace to provision the resource in.
|
381
386
|
The value should not contain leading or trailing forward slashes.
|
382
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
387
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
383
388
|
*Available only for Vault Enterprise*.
|
384
389
|
"""
|
385
390
|
return pulumi.get(self, "namespace")
|
@@ -488,25 +493,23 @@ class SecretBackend(pulumi.CustomResource):
|
|
488
493
|
|
489
494
|
## Example Usage
|
490
495
|
|
491
|
-
<!--Start PulumiCodeChooser -->
|
492
496
|
```python
|
493
497
|
import pulumi
|
494
498
|
import pulumi_vault as vault
|
495
499
|
|
496
500
|
default = vault.kmip.SecretBackend("default",
|
497
|
-
|
498
|
-
default_tls_client_key_type="rsa",
|
499
|
-
default_tls_client_ttl=86400,
|
501
|
+
path="kmip",
|
500
502
|
description="Vault KMIP backend",
|
501
503
|
listen_addrs=[
|
502
504
|
"127.0.0.1:5696",
|
503
505
|
"127.0.0.1:8080",
|
504
506
|
],
|
505
|
-
|
507
|
+
tls_ca_key_type="rsa",
|
506
508
|
tls_ca_key_bits=4096,
|
507
|
-
|
509
|
+
default_tls_client_key_type="rsa",
|
510
|
+
default_tls_client_key_bits=4096,
|
511
|
+
default_tls_client_ttl=86400)
|
508
512
|
```
|
509
|
-
<!--End PulumiCodeChooser -->
|
510
513
|
|
511
514
|
## Import
|
512
515
|
|
@@ -527,7 +530,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
527
530
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] listen_addrs: Addresses the KMIP server should listen on (`host:port`).
|
528
531
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
529
532
|
The value should not contain leading or trailing forward slashes.
|
530
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
533
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
531
534
|
*Available only for Vault Enterprise*.
|
532
535
|
:param pulumi.Input[str] path: The unique path this backend should be mounted at. Must
|
533
536
|
not begin or end with a `/`. Defaults to `kmip`.
|
@@ -550,25 +553,23 @@ class SecretBackend(pulumi.CustomResource):
|
|
550
553
|
|
551
554
|
## Example Usage
|
552
555
|
|
553
|
-
<!--Start PulumiCodeChooser -->
|
554
556
|
```python
|
555
557
|
import pulumi
|
556
558
|
import pulumi_vault as vault
|
557
559
|
|
558
560
|
default = vault.kmip.SecretBackend("default",
|
559
|
-
|
560
|
-
default_tls_client_key_type="rsa",
|
561
|
-
default_tls_client_ttl=86400,
|
561
|
+
path="kmip",
|
562
562
|
description="Vault KMIP backend",
|
563
563
|
listen_addrs=[
|
564
564
|
"127.0.0.1:5696",
|
565
565
|
"127.0.0.1:8080",
|
566
566
|
],
|
567
|
-
|
567
|
+
tls_ca_key_type="rsa",
|
568
568
|
tls_ca_key_bits=4096,
|
569
|
-
|
569
|
+
default_tls_client_key_type="rsa",
|
570
|
+
default_tls_client_key_bits=4096,
|
571
|
+
default_tls_client_ttl=86400)
|
570
572
|
```
|
571
|
-
<!--End PulumiCodeChooser -->
|
572
573
|
|
573
574
|
## Import
|
574
575
|
|
@@ -669,7 +670,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
669
670
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] listen_addrs: Addresses the KMIP server should listen on (`host:port`).
|
670
671
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
671
672
|
The value should not contain leading or trailing forward slashes.
|
672
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
673
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
673
674
|
*Available only for Vault Enterprise*.
|
674
675
|
:param pulumi.Input[str] path: The unique path this backend should be mounted at. Must
|
675
676
|
not begin or end with a `/`. Defaults to `kmip`.
|
@@ -753,7 +754,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
753
754
|
"""
|
754
755
|
The namespace to provision the resource in.
|
755
756
|
The value should not contain leading or trailing forward slashes.
|
756
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
757
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
757
758
|
*Available only for Vault Enterprise*.
|
758
759
|
"""
|
759
760
|
return pulumi.get(self, "namespace")
|
pulumi_vault/kmip/secret_role.py
CHANGED
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
|
12
17
|
__all__ = ['SecretRoleArgs', 'SecretRole']
|
@@ -43,7 +48,7 @@ class SecretRoleArgs:
|
|
43
48
|
:param pulumi.Input[str] scope: Name of the scope.
|
44
49
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
45
50
|
The value should not contain leading or trailing forward slashes.
|
46
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
51
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
47
52
|
*Available only for Vault Enterprise*.
|
48
53
|
:param pulumi.Input[bool] operation_activate: Grant permission to use the KMIP Activate operation.
|
49
54
|
:param pulumi.Input[bool] operation_add_attribute: Grant permission to use the KMIP Add Attribute operation.
|
@@ -146,7 +151,7 @@ class SecretRoleArgs:
|
|
146
151
|
"""
|
147
152
|
The namespace to provision the resource in.
|
148
153
|
The value should not contain leading or trailing forward slashes.
|
149
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
154
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
150
155
|
*Available only for Vault Enterprise*.
|
151
156
|
"""
|
152
157
|
return pulumi.get(self, "namespace")
|
@@ -388,7 +393,7 @@ class _SecretRoleState:
|
|
388
393
|
Input properties used for looking up and filtering SecretRole resources.
|
389
394
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
390
395
|
The value should not contain leading or trailing forward slashes.
|
391
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
396
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
392
397
|
*Available only for Vault Enterprise*.
|
393
398
|
:param pulumi.Input[bool] operation_activate: Grant permission to use the KMIP Activate operation.
|
394
399
|
:param pulumi.Input[bool] operation_add_attribute: Grant permission to use the KMIP Add Attribute operation.
|
@@ -461,7 +466,7 @@ class _SecretRoleState:
|
|
461
466
|
"""
|
462
467
|
The namespace to provision the resource in.
|
463
468
|
The value should not contain leading or trailing forward slashes.
|
464
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
469
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
465
470
|
*Available only for Vault Enterprise*.
|
466
471
|
"""
|
467
472
|
return pulumi.get(self, "namespace")
|
@@ -746,7 +751,6 @@ class SecretRole(pulumi.CustomResource):
|
|
746
751
|
|
747
752
|
## Example Usage
|
748
753
|
|
749
|
-
<!--Start PulumiCodeChooser -->
|
750
754
|
```python
|
751
755
|
import pulumi
|
752
756
|
import pulumi_vault as vault
|
@@ -770,7 +774,6 @@ class SecretRole(pulumi.CustomResource):
|
|
770
774
|
operation_create=True,
|
771
775
|
operation_destroy=True)
|
772
776
|
```
|
773
|
-
<!--End PulumiCodeChooser -->
|
774
777
|
|
775
778
|
## Import
|
776
779
|
|
@@ -784,7 +787,7 @@ class SecretRole(pulumi.CustomResource):
|
|
784
787
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
785
788
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
786
789
|
The value should not contain leading or trailing forward slashes.
|
787
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
790
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
788
791
|
*Available only for Vault Enterprise*.
|
789
792
|
:param pulumi.Input[bool] operation_activate: Grant permission to use the KMIP Activate operation.
|
790
793
|
:param pulumi.Input[bool] operation_add_attribute: Grant permission to use the KMIP Add Attribute operation.
|
@@ -821,7 +824,6 @@ class SecretRole(pulumi.CustomResource):
|
|
821
824
|
|
822
825
|
## Example Usage
|
823
826
|
|
824
|
-
<!--Start PulumiCodeChooser -->
|
825
827
|
```python
|
826
828
|
import pulumi
|
827
829
|
import pulumi_vault as vault
|
@@ -845,7 +847,6 @@ class SecretRole(pulumi.CustomResource):
|
|
845
847
|
operation_create=True,
|
846
848
|
operation_destroy=True)
|
847
849
|
```
|
848
|
-
<!--End PulumiCodeChooser -->
|
849
850
|
|
850
851
|
## Import
|
851
852
|
|
@@ -967,7 +968,7 @@ class SecretRole(pulumi.CustomResource):
|
|
967
968
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
968
969
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
969
970
|
The value should not contain leading or trailing forward slashes.
|
970
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
971
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
971
972
|
*Available only for Vault Enterprise*.
|
972
973
|
:param pulumi.Input[bool] operation_activate: Grant permission to use the KMIP Activate operation.
|
973
974
|
:param pulumi.Input[bool] operation_add_attribute: Grant permission to use the KMIP Add Attribute operation.
|
@@ -1024,7 +1025,7 @@ class SecretRole(pulumi.CustomResource):
|
|
1024
1025
|
"""
|
1025
1026
|
The namespace to provision the resource in.
|
1026
1027
|
The value should not contain leading or trailing forward slashes.
|
1027
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
1028
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
1028
1029
|
*Available only for Vault Enterprise*.
|
1029
1030
|
"""
|
1030
1031
|
return pulumi.get(self, "namespace")
|
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
|
12
17
|
__all__ = ['SecretScopeArgs', 'SecretScope']
|
@@ -26,7 +31,7 @@ class SecretScopeArgs:
|
|
26
31
|
:param pulumi.Input[bool] force: Boolean field to force deletion even if there are managed objects in the scope.
|
27
32
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
28
33
|
The value should not contain leading or trailing forward slashes.
|
29
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
34
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
30
35
|
*Available only for Vault Enterprise*.
|
31
36
|
"""
|
32
37
|
pulumi.set(__self__, "path", path)
|
@@ -79,7 +84,7 @@ class SecretScopeArgs:
|
|
79
84
|
"""
|
80
85
|
The namespace to provision the resource in.
|
81
86
|
The value should not contain leading or trailing forward slashes.
|
82
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
87
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
83
88
|
*Available only for Vault Enterprise*.
|
84
89
|
"""
|
85
90
|
return pulumi.get(self, "namespace")
|
@@ -101,7 +106,7 @@ class _SecretScopeState:
|
|
101
106
|
:param pulumi.Input[bool] force: Boolean field to force deletion even if there are managed objects in the scope.
|
102
107
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
103
108
|
The value should not contain leading or trailing forward slashes.
|
104
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
109
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
105
110
|
*Available only for Vault Enterprise*.
|
106
111
|
:param pulumi.Input[str] path: The unique path this backend should be mounted at. Must
|
107
112
|
not begin or end with a `/`. Defaults to `kmip`.
|
@@ -134,7 +139,7 @@ class _SecretScopeState:
|
|
134
139
|
"""
|
135
140
|
The namespace to provision the resource in.
|
136
141
|
The value should not contain leading or trailing forward slashes.
|
137
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
142
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
138
143
|
*Available only for Vault Enterprise*.
|
139
144
|
"""
|
140
145
|
return pulumi.get(self, "namespace")
|
@@ -186,7 +191,6 @@ class SecretScope(pulumi.CustomResource):
|
|
186
191
|
|
187
192
|
## Example Usage
|
188
193
|
|
189
|
-
<!--Start PulumiCodeChooser -->
|
190
194
|
```python
|
191
195
|
import pulumi
|
192
196
|
import pulumi_vault as vault
|
@@ -199,7 +203,6 @@ class SecretScope(pulumi.CustomResource):
|
|
199
203
|
scope="dev",
|
200
204
|
force=True)
|
201
205
|
```
|
202
|
-
<!--End PulumiCodeChooser -->
|
203
206
|
|
204
207
|
## Import
|
205
208
|
|
@@ -214,7 +217,7 @@ class SecretScope(pulumi.CustomResource):
|
|
214
217
|
:param pulumi.Input[bool] force: Boolean field to force deletion even if there are managed objects in the scope.
|
215
218
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
216
219
|
The value should not contain leading or trailing forward slashes.
|
217
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
220
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
218
221
|
*Available only for Vault Enterprise*.
|
219
222
|
:param pulumi.Input[str] path: The unique path this backend should be mounted at. Must
|
220
223
|
not begin or end with a `/`. Defaults to `kmip`.
|
@@ -233,7 +236,6 @@ class SecretScope(pulumi.CustomResource):
|
|
233
236
|
|
234
237
|
## Example Usage
|
235
238
|
|
236
|
-
<!--Start PulumiCodeChooser -->
|
237
239
|
```python
|
238
240
|
import pulumi
|
239
241
|
import pulumi_vault as vault
|
@@ -246,7 +248,6 @@ class SecretScope(pulumi.CustomResource):
|
|
246
248
|
scope="dev",
|
247
249
|
force=True)
|
248
250
|
```
|
249
|
-
<!--End PulumiCodeChooser -->
|
250
251
|
|
251
252
|
## Import
|
252
253
|
|
@@ -316,7 +317,7 @@ class SecretScope(pulumi.CustomResource):
|
|
316
317
|
:param pulumi.Input[bool] force: Boolean field to force deletion even if there are managed objects in the scope.
|
317
318
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
318
319
|
The value should not contain leading or trailing forward slashes.
|
319
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
320
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
320
321
|
*Available only for Vault Enterprise*.
|
321
322
|
:param pulumi.Input[str] path: The unique path this backend should be mounted at. Must
|
322
323
|
not begin or end with a `/`. Defaults to `kmip`.
|
@@ -346,7 +347,7 @@ class SecretScope(pulumi.CustomResource):
|
|
346
347
|
"""
|
347
348
|
The namespace to provision the resource in.
|
348
349
|
The value should not contain leading or trailing forward slashes.
|
349
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
350
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
350
351
|
*Available only for Vault Enterprise*.
|
351
352
|
"""
|
352
353
|
return pulumi.get(self, "namespace")
|
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
|
12
17
|
__all__ = ['AuthBackendConfigArgs', 'AuthBackendConfig']
|
@@ -22,7 +27,8 @@ class AuthBackendConfigArgs:
|
|
22
27
|
kubernetes_ca_cert: Optional[pulumi.Input[str]] = None,
|
23
28
|
namespace: Optional[pulumi.Input[str]] = None,
|
24
29
|
pem_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
25
|
-
token_reviewer_jwt: Optional[pulumi.Input[str]] = None
|
30
|
+
token_reviewer_jwt: Optional[pulumi.Input[str]] = None,
|
31
|
+
use_annotations_as_alias_metadata: Optional[pulumi.Input[bool]] = None):
|
26
32
|
"""
|
27
33
|
The set of arguments for constructing a AuthBackendConfig resource.
|
28
34
|
:param pulumi.Input[str] kubernetes_host: Host must be a host string, a host:port pair, or a URL to the base of the Kubernetes API server.
|
@@ -37,6 +43,7 @@ class AuthBackendConfigArgs:
|
|
37
43
|
*Available only for Vault Enterprise*.
|
38
44
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] pem_keys: List of PEM-formatted public keys or certificates used to verify the signatures of Kubernetes service account JWTs. If a certificate is given, its public key will be extracted. Not every installation of Kubernetes exposes these keys.
|
39
45
|
:param pulumi.Input[str] token_reviewer_jwt: A service account JWT (or other token) used as a bearer token to access the TokenReview API to validate other JWTs during login. If not set the JWT used for login will be used to access the API.
|
46
|
+
:param pulumi.Input[bool] use_annotations_as_alias_metadata: Use annotations from the client token's associated service account as alias metadata for the Vault entity. Requires Vault `v1.16+` or Vault auth kubernetes plugin `v0.18.0+`
|
40
47
|
"""
|
41
48
|
pulumi.set(__self__, "kubernetes_host", kubernetes_host)
|
42
49
|
if backend is not None:
|
@@ -55,6 +62,8 @@ class AuthBackendConfigArgs:
|
|
55
62
|
pulumi.set(__self__, "pem_keys", pem_keys)
|
56
63
|
if token_reviewer_jwt is not None:
|
57
64
|
pulumi.set(__self__, "token_reviewer_jwt", token_reviewer_jwt)
|
65
|
+
if use_annotations_as_alias_metadata is not None:
|
66
|
+
pulumi.set(__self__, "use_annotations_as_alias_metadata", use_annotations_as_alias_metadata)
|
58
67
|
|
59
68
|
@property
|
60
69
|
@pulumi.getter(name="kubernetesHost")
|
@@ -167,6 +176,18 @@ class AuthBackendConfigArgs:
|
|
167
176
|
def token_reviewer_jwt(self, value: Optional[pulumi.Input[str]]):
|
168
177
|
pulumi.set(self, "token_reviewer_jwt", value)
|
169
178
|
|
179
|
+
@property
|
180
|
+
@pulumi.getter(name="useAnnotationsAsAliasMetadata")
|
181
|
+
def use_annotations_as_alias_metadata(self) -> Optional[pulumi.Input[bool]]:
|
182
|
+
"""
|
183
|
+
Use annotations from the client token's associated service account as alias metadata for the Vault entity. Requires Vault `v1.16+` or Vault auth kubernetes plugin `v0.18.0+`
|
184
|
+
"""
|
185
|
+
return pulumi.get(self, "use_annotations_as_alias_metadata")
|
186
|
+
|
187
|
+
@use_annotations_as_alias_metadata.setter
|
188
|
+
def use_annotations_as_alias_metadata(self, value: Optional[pulumi.Input[bool]]):
|
189
|
+
pulumi.set(self, "use_annotations_as_alias_metadata", value)
|
190
|
+
|
170
191
|
|
171
192
|
@pulumi.input_type
|
172
193
|
class _AuthBackendConfigState:
|
@@ -179,7 +200,8 @@ class _AuthBackendConfigState:
|
|
179
200
|
kubernetes_host: Optional[pulumi.Input[str]] = None,
|
180
201
|
namespace: Optional[pulumi.Input[str]] = None,
|
181
202
|
pem_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
182
|
-
token_reviewer_jwt: Optional[pulumi.Input[str]] = None
|
203
|
+
token_reviewer_jwt: Optional[pulumi.Input[str]] = None,
|
204
|
+
use_annotations_as_alias_metadata: Optional[pulumi.Input[bool]] = None):
|
183
205
|
"""
|
184
206
|
Input properties used for looking up and filtering AuthBackendConfig resources.
|
185
207
|
:param pulumi.Input[str] backend: Unique name of the kubernetes backend to configure.
|
@@ -194,6 +216,7 @@ class _AuthBackendConfigState:
|
|
194
216
|
*Available only for Vault Enterprise*.
|
195
217
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] pem_keys: List of PEM-formatted public keys or certificates used to verify the signatures of Kubernetes service account JWTs. If a certificate is given, its public key will be extracted. Not every installation of Kubernetes exposes these keys.
|
196
218
|
:param pulumi.Input[str] token_reviewer_jwt: A service account JWT (or other token) used as a bearer token to access the TokenReview API to validate other JWTs during login. If not set the JWT used for login will be used to access the API.
|
219
|
+
:param pulumi.Input[bool] use_annotations_as_alias_metadata: Use annotations from the client token's associated service account as alias metadata for the Vault entity. Requires Vault `v1.16+` or Vault auth kubernetes plugin `v0.18.0+`
|
197
220
|
"""
|
198
221
|
if backend is not None:
|
199
222
|
pulumi.set(__self__, "backend", backend)
|
@@ -213,6 +236,8 @@ class _AuthBackendConfigState:
|
|
213
236
|
pulumi.set(__self__, "pem_keys", pem_keys)
|
214
237
|
if token_reviewer_jwt is not None:
|
215
238
|
pulumi.set(__self__, "token_reviewer_jwt", token_reviewer_jwt)
|
239
|
+
if use_annotations_as_alias_metadata is not None:
|
240
|
+
pulumi.set(__self__, "use_annotations_as_alias_metadata", use_annotations_as_alias_metadata)
|
216
241
|
|
217
242
|
@property
|
218
243
|
@pulumi.getter
|
@@ -325,6 +350,18 @@ class _AuthBackendConfigState:
|
|
325
350
|
def token_reviewer_jwt(self, value: Optional[pulumi.Input[str]]):
|
326
351
|
pulumi.set(self, "token_reviewer_jwt", value)
|
327
352
|
|
353
|
+
@property
|
354
|
+
@pulumi.getter(name="useAnnotationsAsAliasMetadata")
|
355
|
+
def use_annotations_as_alias_metadata(self) -> Optional[pulumi.Input[bool]]:
|
356
|
+
"""
|
357
|
+
Use annotations from the client token's associated service account as alias metadata for the Vault entity. Requires Vault `v1.16+` or Vault auth kubernetes plugin `v0.18.0+`
|
358
|
+
"""
|
359
|
+
return pulumi.get(self, "use_annotations_as_alias_metadata")
|
360
|
+
|
361
|
+
@use_annotations_as_alias_metadata.setter
|
362
|
+
def use_annotations_as_alias_metadata(self, value: Optional[pulumi.Input[bool]]):
|
363
|
+
pulumi.set(self, "use_annotations_as_alias_metadata", value)
|
364
|
+
|
328
365
|
|
329
366
|
class AuthBackendConfig(pulumi.CustomResource):
|
330
367
|
@overload
|
@@ -340,6 +377,7 @@ class AuthBackendConfig(pulumi.CustomResource):
|
|
340
377
|
namespace: Optional[pulumi.Input[str]] = None,
|
341
378
|
pem_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
342
379
|
token_reviewer_jwt: Optional[pulumi.Input[str]] = None,
|
380
|
+
use_annotations_as_alias_metadata: Optional[pulumi.Input[bool]] = None,
|
343
381
|
__props__=None):
|
344
382
|
"""
|
345
383
|
Manages an Kubernetes auth backend config in a Vault server. See the [Vault
|
@@ -348,7 +386,6 @@ class AuthBackendConfig(pulumi.CustomResource):
|
|
348
386
|
|
349
387
|
## Example Usage
|
350
388
|
|
351
|
-
<!--Start PulumiCodeChooser -->
|
352
389
|
```python
|
353
390
|
import pulumi
|
354
391
|
import pulumi_vault as vault
|
@@ -364,7 +401,6 @@ class AuthBackendConfig(pulumi.CustomResource):
|
|
364
401
|
issuer="api",
|
365
402
|
disable_iss_validation=True)
|
366
403
|
```
|
367
|
-
<!--End PulumiCodeChooser -->
|
368
404
|
|
369
405
|
## Import
|
370
406
|
|
@@ -388,6 +424,7 @@ class AuthBackendConfig(pulumi.CustomResource):
|
|
388
424
|
*Available only for Vault Enterprise*.
|
389
425
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] pem_keys: List of PEM-formatted public keys or certificates used to verify the signatures of Kubernetes service account JWTs. If a certificate is given, its public key will be extracted. Not every installation of Kubernetes exposes these keys.
|
390
426
|
:param pulumi.Input[str] token_reviewer_jwt: A service account JWT (or other token) used as a bearer token to access the TokenReview API to validate other JWTs during login. If not set the JWT used for login will be used to access the API.
|
427
|
+
:param pulumi.Input[bool] use_annotations_as_alias_metadata: Use annotations from the client token's associated service account as alias metadata for the Vault entity. Requires Vault `v1.16+` or Vault auth kubernetes plugin `v0.18.0+`
|
391
428
|
"""
|
392
429
|
...
|
393
430
|
@overload
|
@@ -402,7 +439,6 @@ class AuthBackendConfig(pulumi.CustomResource):
|
|
402
439
|
|
403
440
|
## Example Usage
|
404
441
|
|
405
|
-
<!--Start PulumiCodeChooser -->
|
406
442
|
```python
|
407
443
|
import pulumi
|
408
444
|
import pulumi_vault as vault
|
@@ -418,7 +454,6 @@ class AuthBackendConfig(pulumi.CustomResource):
|
|
418
454
|
issuer="api",
|
419
455
|
disable_iss_validation=True)
|
420
456
|
```
|
421
|
-
<!--End PulumiCodeChooser -->
|
422
457
|
|
423
458
|
## Import
|
424
459
|
|
@@ -452,6 +487,7 @@ class AuthBackendConfig(pulumi.CustomResource):
|
|
452
487
|
namespace: Optional[pulumi.Input[str]] = None,
|
453
488
|
pem_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
454
489
|
token_reviewer_jwt: Optional[pulumi.Input[str]] = None,
|
490
|
+
use_annotations_as_alias_metadata: Optional[pulumi.Input[bool]] = None,
|
455
491
|
__props__=None):
|
456
492
|
opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
|
457
493
|
if not isinstance(opts, pulumi.ResourceOptions):
|
@@ -472,6 +508,7 @@ class AuthBackendConfig(pulumi.CustomResource):
|
|
472
508
|
__props__.__dict__["namespace"] = namespace
|
473
509
|
__props__.__dict__["pem_keys"] = pem_keys
|
474
510
|
__props__.__dict__["token_reviewer_jwt"] = None if token_reviewer_jwt is None else pulumi.Output.secret(token_reviewer_jwt)
|
511
|
+
__props__.__dict__["use_annotations_as_alias_metadata"] = use_annotations_as_alias_metadata
|
475
512
|
secret_opts = pulumi.ResourceOptions(additional_secret_outputs=["tokenReviewerJwt"])
|
476
513
|
opts = pulumi.ResourceOptions.merge(opts, secret_opts)
|
477
514
|
super(AuthBackendConfig, __self__).__init__(
|
@@ -492,7 +529,8 @@ class AuthBackendConfig(pulumi.CustomResource):
|
|
492
529
|
kubernetes_host: Optional[pulumi.Input[str]] = None,
|
493
530
|
namespace: Optional[pulumi.Input[str]] = None,
|
494
531
|
pem_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
495
|
-
token_reviewer_jwt: Optional[pulumi.Input[str]] = None
|
532
|
+
token_reviewer_jwt: Optional[pulumi.Input[str]] = None,
|
533
|
+
use_annotations_as_alias_metadata: Optional[pulumi.Input[bool]] = None) -> 'AuthBackendConfig':
|
496
534
|
"""
|
497
535
|
Get an existing AuthBackendConfig resource's state with the given name, id, and optional extra
|
498
536
|
properties used to qualify the lookup.
|
@@ -512,6 +550,7 @@ class AuthBackendConfig(pulumi.CustomResource):
|
|
512
550
|
*Available only for Vault Enterprise*.
|
513
551
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] pem_keys: List of PEM-formatted public keys or certificates used to verify the signatures of Kubernetes service account JWTs. If a certificate is given, its public key will be extracted. Not every installation of Kubernetes exposes these keys.
|
514
552
|
:param pulumi.Input[str] token_reviewer_jwt: A service account JWT (or other token) used as a bearer token to access the TokenReview API to validate other JWTs during login. If not set the JWT used for login will be used to access the API.
|
553
|
+
:param pulumi.Input[bool] use_annotations_as_alias_metadata: Use annotations from the client token's associated service account as alias metadata for the Vault entity. Requires Vault `v1.16+` or Vault auth kubernetes plugin `v0.18.0+`
|
515
554
|
"""
|
516
555
|
opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
|
517
556
|
|
@@ -526,6 +565,7 @@ class AuthBackendConfig(pulumi.CustomResource):
|
|
526
565
|
__props__.__dict__["namespace"] = namespace
|
527
566
|
__props__.__dict__["pem_keys"] = pem_keys
|
528
567
|
__props__.__dict__["token_reviewer_jwt"] = token_reviewer_jwt
|
568
|
+
__props__.__dict__["use_annotations_as_alias_metadata"] = use_annotations_as_alias_metadata
|
529
569
|
return AuthBackendConfig(resource_name, opts=opts, __props__=__props__)
|
530
570
|
|
531
571
|
@property
|
@@ -603,3 +643,11 @@ class AuthBackendConfig(pulumi.CustomResource):
|
|
603
643
|
"""
|
604
644
|
return pulumi.get(self, "token_reviewer_jwt")
|
605
645
|
|
646
|
+
@property
|
647
|
+
@pulumi.getter(name="useAnnotationsAsAliasMetadata")
|
648
|
+
def use_annotations_as_alias_metadata(self) -> pulumi.Output[bool]:
|
649
|
+
"""
|
650
|
+
Use annotations from the client token's associated service account as alias metadata for the Vault entity. Requires Vault `v1.16+` or Vault auth kubernetes plugin `v0.18.0+`
|
651
|
+
"""
|
652
|
+
return pulumi.get(self, "use_annotations_as_alias_metadata")
|
653
|
+
|