pulumi-vault 5.21.0a1710160723__py3-none-any.whl → 6.5.0a1736850018__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +52 -0
- pulumi_vault/_inputs.py +560 -0
- pulumi_vault/_utilities.py +41 -5
- pulumi_vault/ad/get_access_credentials.py +22 -7
- pulumi_vault/ad/secret_backend.py +14 -144
- pulumi_vault/ad/secret_library.py +14 -11
- pulumi_vault/ad/secret_role.py +12 -11
- pulumi_vault/alicloud/auth_backend_role.py +74 -192
- pulumi_vault/approle/auth_backend_login.py +12 -11
- pulumi_vault/approle/auth_backend_role.py +75 -193
- pulumi_vault/approle/auth_backend_role_secret_id.py +106 -11
- pulumi_vault/approle/get_auth_backend_role_id.py +18 -9
- pulumi_vault/audit.py +24 -27
- pulumi_vault/audit_request_header.py +11 -6
- pulumi_vault/auth_backend.py +64 -12
- pulumi_vault/aws/auth_backend_cert.py +12 -7
- pulumi_vault/aws/auth_backend_client.py +265 -24
- pulumi_vault/aws/auth_backend_config_identity.py +12 -11
- pulumi_vault/aws/auth_backend_identity_whitelist.py +18 -17
- pulumi_vault/aws/auth_backend_login.py +19 -22
- pulumi_vault/aws/auth_backend_role.py +75 -193
- pulumi_vault/aws/auth_backend_role_tag.py +12 -7
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -17
- pulumi_vault/aws/auth_backend_sts_role.py +12 -11
- pulumi_vault/aws/get_access_credentials.py +34 -7
- pulumi_vault/aws/get_static_access_credentials.py +19 -5
- pulumi_vault/aws/secret_backend.py +75 -7
- pulumi_vault/aws/secret_backend_role.py +183 -11
- pulumi_vault/aws/secret_backend_static_role.py +14 -11
- pulumi_vault/azure/_inputs.py +24 -0
- pulumi_vault/azure/auth_backend_config.py +151 -17
- pulumi_vault/azure/auth_backend_role.py +75 -193
- pulumi_vault/azure/backend.py +223 -29
- pulumi_vault/azure/backend_role.py +42 -41
- pulumi_vault/azure/get_access_credentials.py +39 -11
- pulumi_vault/azure/outputs.py +5 -0
- pulumi_vault/cert_auth_backend_role.py +87 -271
- pulumi_vault/config/__init__.pyi +5 -0
- pulumi_vault/config/_inputs.py +73 -0
- pulumi_vault/config/outputs.py +35 -0
- pulumi_vault/config/ui_custom_message.py +529 -0
- pulumi_vault/config/vars.py +5 -0
- pulumi_vault/consul/secret_backend.py +22 -25
- pulumi_vault/consul/secret_backend_role.py +14 -80
- pulumi_vault/database/_inputs.py +2770 -881
- pulumi_vault/database/outputs.py +721 -838
- pulumi_vault/database/secret_backend_connection.py +117 -114
- pulumi_vault/database/secret_backend_role.py +29 -24
- pulumi_vault/database/secret_backend_static_role.py +85 -15
- pulumi_vault/database/secrets_mount.py +425 -138
- pulumi_vault/egp_policy.py +16 -15
- pulumi_vault/gcp/_inputs.py +111 -0
- pulumi_vault/gcp/auth_backend.py +248 -35
- pulumi_vault/gcp/auth_backend_role.py +75 -271
- pulumi_vault/gcp/get_auth_backend_role.py +43 -9
- pulumi_vault/gcp/outputs.py +5 -0
- pulumi_vault/gcp/secret_backend.py +287 -16
- pulumi_vault/gcp/secret_impersonated_account.py +74 -17
- pulumi_vault/gcp/secret_roleset.py +29 -26
- pulumi_vault/gcp/secret_static_account.py +37 -34
- pulumi_vault/generic/endpoint.py +22 -21
- pulumi_vault/generic/get_secret.py +68 -12
- pulumi_vault/generic/secret.py +19 -14
- pulumi_vault/get_auth_backend.py +24 -11
- pulumi_vault/get_auth_backends.py +33 -11
- pulumi_vault/get_namespace.py +226 -0
- pulumi_vault/get_namespaces.py +153 -0
- pulumi_vault/get_nomad_access_token.py +31 -15
- pulumi_vault/get_policy_document.py +34 -23
- pulumi_vault/get_raft_autopilot_state.py +29 -14
- pulumi_vault/github/_inputs.py +55 -0
- pulumi_vault/github/auth_backend.py +17 -16
- pulumi_vault/github/outputs.py +5 -0
- pulumi_vault/github/team.py +14 -13
- pulumi_vault/github/user.py +14 -13
- pulumi_vault/identity/entity.py +18 -15
- pulumi_vault/identity/entity_alias.py +18 -15
- pulumi_vault/identity/entity_policies.py +24 -19
- pulumi_vault/identity/get_entity.py +40 -14
- pulumi_vault/identity/get_group.py +45 -13
- pulumi_vault/identity/get_oidc_client_creds.py +21 -11
- pulumi_vault/identity/get_oidc_openid_config.py +39 -13
- pulumi_vault/identity/get_oidc_public_keys.py +29 -14
- pulumi_vault/identity/group.py +50 -49
- pulumi_vault/identity/group_alias.py +14 -11
- pulumi_vault/identity/group_member_entity_ids.py +24 -74
- pulumi_vault/identity/group_member_group_ids.py +36 -27
- pulumi_vault/identity/group_policies.py +16 -15
- pulumi_vault/identity/mfa_duo.py +9 -8
- pulumi_vault/identity/mfa_login_enforcement.py +13 -8
- pulumi_vault/identity/mfa_okta.py +9 -8
- pulumi_vault/identity/mfa_pingid.py +5 -4
- pulumi_vault/identity/mfa_totp.py +5 -4
- pulumi_vault/identity/oidc.py +12 -11
- pulumi_vault/identity/oidc_assignment.py +22 -13
- pulumi_vault/identity/oidc_client.py +34 -25
- pulumi_vault/identity/oidc_key.py +28 -19
- pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -19
- pulumi_vault/identity/oidc_provider.py +34 -23
- pulumi_vault/identity/oidc_role.py +40 -27
- pulumi_vault/identity/oidc_scope.py +18 -15
- pulumi_vault/identity/outputs.py +8 -3
- pulumi_vault/jwt/_inputs.py +55 -0
- pulumi_vault/jwt/auth_backend.py +39 -46
- pulumi_vault/jwt/auth_backend_role.py +131 -260
- pulumi_vault/jwt/outputs.py +5 -0
- pulumi_vault/kmip/secret_backend.py +22 -21
- pulumi_vault/kmip/secret_role.py +12 -11
- pulumi_vault/kmip/secret_scope.py +12 -11
- pulumi_vault/kubernetes/auth_backend_config.py +55 -7
- pulumi_vault/kubernetes/auth_backend_role.py +68 -179
- pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
- pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
- pulumi_vault/kubernetes/get_service_account_token.py +39 -15
- pulumi_vault/kubernetes/secret_backend.py +314 -29
- pulumi_vault/kubernetes/secret_backend_role.py +135 -56
- pulumi_vault/kv/_inputs.py +36 -4
- pulumi_vault/kv/get_secret.py +23 -12
- pulumi_vault/kv/get_secret_subkeys_v2.py +31 -14
- pulumi_vault/kv/get_secret_v2.py +89 -9
- pulumi_vault/kv/get_secrets_list.py +22 -15
- pulumi_vault/kv/get_secrets_list_v2.py +35 -19
- pulumi_vault/kv/outputs.py +8 -3
- pulumi_vault/kv/secret.py +19 -18
- pulumi_vault/kv/secret_backend_v2.py +12 -11
- pulumi_vault/kv/secret_v2.py +55 -52
- pulumi_vault/ldap/auth_backend.py +125 -168
- pulumi_vault/ldap/auth_backend_group.py +12 -11
- pulumi_vault/ldap/auth_backend_user.py +12 -11
- pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
- pulumi_vault/ldap/get_static_credentials.py +24 -5
- pulumi_vault/ldap/secret_backend.py +352 -84
- pulumi_vault/ldap/secret_backend_dynamic_role.py +12 -11
- pulumi_vault/ldap/secret_backend_library_set.py +14 -11
- pulumi_vault/ldap/secret_backend_static_role.py +67 -12
- pulumi_vault/managed/_inputs.py +289 -132
- pulumi_vault/managed/keys.py +27 -43
- pulumi_vault/managed/outputs.py +89 -132
- pulumi_vault/mfa_duo.py +16 -13
- pulumi_vault/mfa_okta.py +16 -13
- pulumi_vault/mfa_pingid.py +16 -13
- pulumi_vault/mfa_totp.py +22 -19
- pulumi_vault/mongodbatlas/secret_backend.py +18 -17
- pulumi_vault/mongodbatlas/secret_role.py +41 -38
- pulumi_vault/mount.py +389 -65
- pulumi_vault/namespace.py +26 -21
- pulumi_vault/nomad_secret_backend.py +16 -15
- pulumi_vault/nomad_secret_role.py +12 -11
- pulumi_vault/okta/_inputs.py +47 -8
- pulumi_vault/okta/auth_backend.py +483 -41
- pulumi_vault/okta/auth_backend_group.py +12 -11
- pulumi_vault/okta/auth_backend_user.py +12 -11
- pulumi_vault/okta/outputs.py +13 -8
- pulumi_vault/outputs.py +5 -0
- pulumi_vault/password_policy.py +18 -15
- pulumi_vault/pkisecret/__init__.py +3 -0
- pulumi_vault/pkisecret/_inputs.py +81 -0
- pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
- pulumi_vault/pkisecret/backend_config_est.py +619 -0
- pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
- pulumi_vault/pkisecret/get_backend_issuer.py +63 -7
- pulumi_vault/pkisecret/get_backend_issuers.py +21 -12
- pulumi_vault/pkisecret/get_backend_key.py +24 -13
- pulumi_vault/pkisecret/get_backend_keys.py +21 -12
- pulumi_vault/pkisecret/outputs.py +69 -0
- pulumi_vault/pkisecret/secret_backend_cert.py +18 -15
- pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -15
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +12 -11
- pulumi_vault/pkisecret/secret_backend_config_urls.py +59 -11
- pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -13
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -15
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -21
- pulumi_vault/pkisecret/secret_backend_issuer.py +12 -11
- pulumi_vault/pkisecret/secret_backend_key.py +12 -7
- pulumi_vault/pkisecret/secret_backend_role.py +19 -16
- pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -52
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -62
- pulumi_vault/pkisecret/secret_backend_sign.py +18 -60
- pulumi_vault/plugin.py +595 -0
- pulumi_vault/plugin_pinned_version.py +298 -0
- pulumi_vault/policy.py +12 -7
- pulumi_vault/provider.py +48 -53
- pulumi_vault/pulumi-plugin.json +2 -1
- pulumi_vault/quota_lease_count.py +58 -8
- pulumi_vault/quota_rate_limit.py +54 -4
- pulumi_vault/rabbitmq/_inputs.py +61 -0
- pulumi_vault/rabbitmq/outputs.py +5 -0
- pulumi_vault/rabbitmq/secret_backend.py +16 -15
- pulumi_vault/rabbitmq/secret_backend_role.py +52 -49
- pulumi_vault/raft_autopilot.py +12 -11
- pulumi_vault/raft_snapshot_agent_config.py +121 -311
- pulumi_vault/rgp_policy.py +14 -13
- pulumi_vault/saml/auth_backend.py +20 -19
- pulumi_vault/saml/auth_backend_role.py +90 -199
- pulumi_vault/secrets/__init__.py +3 -0
- pulumi_vault/secrets/_inputs.py +110 -0
- pulumi_vault/secrets/outputs.py +94 -0
- pulumi_vault/secrets/sync_association.py +56 -75
- pulumi_vault/secrets/sync_aws_destination.py +240 -29
- pulumi_vault/secrets/sync_azure_destination.py +90 -33
- pulumi_vault/secrets/sync_config.py +7 -6
- pulumi_vault/secrets/sync_gcp_destination.py +156 -27
- pulumi_vault/secrets/sync_gh_destination.py +187 -15
- pulumi_vault/secrets/sync_github_apps.py +375 -0
- pulumi_vault/secrets/sync_vercel_destination.py +72 -15
- pulumi_vault/ssh/_inputs.py +28 -32
- pulumi_vault/ssh/outputs.py +11 -32
- pulumi_vault/ssh/secret_backend_ca.py +106 -11
- pulumi_vault/ssh/secret_backend_role.py +83 -120
- pulumi_vault/terraformcloud/secret_backend.py +5 -56
- pulumi_vault/terraformcloud/secret_creds.py +14 -24
- pulumi_vault/terraformcloud/secret_role.py +14 -76
- pulumi_vault/token.py +26 -25
- pulumi_vault/tokenauth/auth_backend_role.py +76 -201
- pulumi_vault/transform/alphabet.py +16 -13
- pulumi_vault/transform/get_decode.py +45 -21
- pulumi_vault/transform/get_encode.py +45 -21
- pulumi_vault/transform/role.py +16 -13
- pulumi_vault/transform/template.py +30 -25
- pulumi_vault/transform/transformation.py +12 -7
- pulumi_vault/transit/get_decrypt.py +26 -25
- pulumi_vault/transit/get_encrypt.py +24 -19
- pulumi_vault/transit/secret_backend_key.py +25 -97
- pulumi_vault/transit/secret_cache_config.py +12 -11
- {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736850018.dist-info}/METADATA +8 -7
- pulumi_vault-6.5.0a1736850018.dist-info/RECORD +256 -0
- {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736850018.dist-info}/WHEEL +1 -1
- pulumi_vault-5.21.0a1710160723.dist-info/RECORD +0 -244
- {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736850018.dist-info}/top_level.txt +0 -0
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
|
12
17
|
__all__ = ['SecretBackendArgs', 'SecretBackend']
|
@@ -17,6 +22,7 @@ class SecretBackendArgs:
|
|
17
22
|
binddn: pulumi.Input[str],
|
18
23
|
bindpass: pulumi.Input[str],
|
19
24
|
allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
25
|
+
allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
20
26
|
audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
21
27
|
audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
22
28
|
certificate: Optional[pulumi.Input[str]] = None,
|
@@ -24,20 +30,25 @@ class SecretBackendArgs:
|
|
24
30
|
client_tls_key: Optional[pulumi.Input[str]] = None,
|
25
31
|
connection_timeout: Optional[pulumi.Input[int]] = None,
|
26
32
|
default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
33
|
+
delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
27
34
|
description: Optional[pulumi.Input[str]] = None,
|
28
35
|
disable_remount: Optional[pulumi.Input[bool]] = None,
|
29
36
|
external_entropy_access: Optional[pulumi.Input[bool]] = None,
|
37
|
+
identity_token_key: Optional[pulumi.Input[str]] = None,
|
30
38
|
insecure_tls: Optional[pulumi.Input[bool]] = None,
|
31
|
-
|
39
|
+
listing_visibility: Optional[pulumi.Input[str]] = None,
|
32
40
|
local: Optional[pulumi.Input[bool]] = None,
|
33
41
|
max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
34
42
|
namespace: Optional[pulumi.Input[str]] = None,
|
35
|
-
options: Optional[pulumi.Input[Mapping[str,
|
43
|
+
options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
44
|
+
passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
36
45
|
password_policy: Optional[pulumi.Input[str]] = None,
|
37
46
|
path: Optional[pulumi.Input[str]] = None,
|
47
|
+
plugin_version: Optional[pulumi.Input[str]] = None,
|
38
48
|
request_timeout: Optional[pulumi.Input[int]] = None,
|
39
49
|
schema: Optional[pulumi.Input[str]] = None,
|
40
50
|
seal_wrap: Optional[pulumi.Input[bool]] = None,
|
51
|
+
skip_static_role_import_rotation: Optional[pulumi.Input[bool]] = None,
|
41
52
|
starttls: Optional[pulumi.Input[bool]] = None,
|
42
53
|
upndomain: Optional[pulumi.Input[str]] = None,
|
43
54
|
url: Optional[pulumi.Input[str]] = None,
|
@@ -48,6 +59,7 @@ class SecretBackendArgs:
|
|
48
59
|
:param pulumi.Input[str] binddn: Distinguished name of object to bind when performing user and group search.
|
49
60
|
:param pulumi.Input[str] bindpass: Password to use along with binddn when performing user search.
|
50
61
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_managed_keys: List of managed key registry entry names that the mount in question is allowed to access
|
62
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_response_headers: List of headers to allow and pass from the request to the plugin
|
51
63
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
|
52
64
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
|
53
65
|
:param pulumi.Input[str] certificate: CA certificate to use when verifying LDAP server certificate, must be
|
@@ -57,28 +69,33 @@ class SecretBackendArgs:
|
|
57
69
|
:param pulumi.Input[int] connection_timeout: Timeout, in seconds, when attempting to connect to the LDAP server before trying
|
58
70
|
the next URL in the configuration.
|
59
71
|
:param pulumi.Input[int] default_lease_ttl_seconds: Default lease duration for secrets in seconds.
|
72
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] delegated_auth_accessors: List of headers to allow and pass from the request to the plugin
|
60
73
|
:param pulumi.Input[str] description: Human-friendly description of the mount for the Active Directory backend.
|
61
74
|
:param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
|
62
75
|
:param pulumi.Input[bool] external_entropy_access: Enable the secrets engine to access Vault's external entropy source
|
76
|
+
:param pulumi.Input[str] identity_token_key: The key to use for signing plugin workload identity tokens
|
63
77
|
:param pulumi.Input[bool] insecure_tls: Skip LDAP server SSL Certificate verification. This is not recommended for production.
|
64
78
|
Defaults to `false`.
|
65
|
-
:param pulumi.Input[
|
66
|
-
*Mutually exclusive with `password_policy` on vault-1.11+*
|
79
|
+
:param pulumi.Input[str] listing_visibility: Specifies whether to show this mount in the UI-specific listing endpoint
|
67
80
|
:param pulumi.Input[bool] local: Mark the secrets engine as local-only. Local engines are not replicated or removed by
|
68
81
|
replication.Tolerance duration to use when checking the last rotation time.
|
69
82
|
:param pulumi.Input[int] max_lease_ttl_seconds: Maximum possible lease duration for secrets in seconds.
|
70
83
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
71
84
|
The value should not contain leading or trailing forward slashes.
|
72
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
85
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
73
86
|
*Available only for Vault Enterprise*.
|
74
|
-
:param pulumi.Input[Mapping[str,
|
87
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] options: Specifies mount type specific options that are passed to the backend
|
88
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] passthrough_request_headers: List of headers to allow and pass from the request to the plugin
|
75
89
|
:param pulumi.Input[str] password_policy: Name of the password policy to use to generate passwords.
|
76
90
|
:param pulumi.Input[str] path: The unique path this backend should be mounted at. Must
|
77
91
|
not begin or end with a `/`. Defaults to `ldap`.
|
92
|
+
:param pulumi.Input[str] plugin_version: Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
|
78
93
|
:param pulumi.Input[int] request_timeout: Timeout, in seconds, for the connection when making requests against the server
|
79
94
|
before returning back an error.
|
80
95
|
:param pulumi.Input[str] schema: The LDAP schema to use when storing entry passwords. Valid schemas include `openldap`, `ad`, and `racf`. Default is `openldap`.
|
81
96
|
:param pulumi.Input[bool] seal_wrap: Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
|
97
|
+
:param pulumi.Input[bool] skip_static_role_import_rotation: If set to true, static roles will not be rotated during import.
|
98
|
+
Defaults to false. Requires Vault 1.16 or above.
|
82
99
|
:param pulumi.Input[bool] starttls: Issue a StartTLS command after establishing unencrypted connection.
|
83
100
|
:param pulumi.Input[str] upndomain: Enables userPrincipalDomain login with [username]@UPNDomain.
|
84
101
|
:param pulumi.Input[str] url: LDAP URL to connect to. Multiple URLs can be specified by concatenating
|
@@ -90,6 +107,8 @@ class SecretBackendArgs:
|
|
90
107
|
pulumi.set(__self__, "bindpass", bindpass)
|
91
108
|
if allowed_managed_keys is not None:
|
92
109
|
pulumi.set(__self__, "allowed_managed_keys", allowed_managed_keys)
|
110
|
+
if allowed_response_headers is not None:
|
111
|
+
pulumi.set(__self__, "allowed_response_headers", allowed_response_headers)
|
93
112
|
if audit_non_hmac_request_keys is not None:
|
94
113
|
pulumi.set(__self__, "audit_non_hmac_request_keys", audit_non_hmac_request_keys)
|
95
114
|
if audit_non_hmac_response_keys is not None:
|
@@ -104,19 +123,20 @@ class SecretBackendArgs:
|
|
104
123
|
pulumi.set(__self__, "connection_timeout", connection_timeout)
|
105
124
|
if default_lease_ttl_seconds is not None:
|
106
125
|
pulumi.set(__self__, "default_lease_ttl_seconds", default_lease_ttl_seconds)
|
126
|
+
if delegated_auth_accessors is not None:
|
127
|
+
pulumi.set(__self__, "delegated_auth_accessors", delegated_auth_accessors)
|
107
128
|
if description is not None:
|
108
129
|
pulumi.set(__self__, "description", description)
|
109
130
|
if disable_remount is not None:
|
110
131
|
pulumi.set(__self__, "disable_remount", disable_remount)
|
111
132
|
if external_entropy_access is not None:
|
112
133
|
pulumi.set(__self__, "external_entropy_access", external_entropy_access)
|
134
|
+
if identity_token_key is not None:
|
135
|
+
pulumi.set(__self__, "identity_token_key", identity_token_key)
|
113
136
|
if insecure_tls is not None:
|
114
137
|
pulumi.set(__self__, "insecure_tls", insecure_tls)
|
115
|
-
if
|
116
|
-
|
117
|
-
pulumi.log.warn("""length is deprecated: Length is deprecated and password_policy should be used with Vault >= 1.5.""")
|
118
|
-
if length is not None:
|
119
|
-
pulumi.set(__self__, "length", length)
|
138
|
+
if listing_visibility is not None:
|
139
|
+
pulumi.set(__self__, "listing_visibility", listing_visibility)
|
120
140
|
if local is not None:
|
121
141
|
pulumi.set(__self__, "local", local)
|
122
142
|
if max_lease_ttl_seconds is not None:
|
@@ -125,16 +145,22 @@ class SecretBackendArgs:
|
|
125
145
|
pulumi.set(__self__, "namespace", namespace)
|
126
146
|
if options is not None:
|
127
147
|
pulumi.set(__self__, "options", options)
|
148
|
+
if passthrough_request_headers is not None:
|
149
|
+
pulumi.set(__self__, "passthrough_request_headers", passthrough_request_headers)
|
128
150
|
if password_policy is not None:
|
129
151
|
pulumi.set(__self__, "password_policy", password_policy)
|
130
152
|
if path is not None:
|
131
153
|
pulumi.set(__self__, "path", path)
|
154
|
+
if plugin_version is not None:
|
155
|
+
pulumi.set(__self__, "plugin_version", plugin_version)
|
132
156
|
if request_timeout is not None:
|
133
157
|
pulumi.set(__self__, "request_timeout", request_timeout)
|
134
158
|
if schema is not None:
|
135
159
|
pulumi.set(__self__, "schema", schema)
|
136
160
|
if seal_wrap is not None:
|
137
161
|
pulumi.set(__self__, "seal_wrap", seal_wrap)
|
162
|
+
if skip_static_role_import_rotation is not None:
|
163
|
+
pulumi.set(__self__, "skip_static_role_import_rotation", skip_static_role_import_rotation)
|
138
164
|
if starttls is not None:
|
139
165
|
pulumi.set(__self__, "starttls", starttls)
|
140
166
|
if upndomain is not None:
|
@@ -182,6 +208,18 @@ class SecretBackendArgs:
|
|
182
208
|
def allowed_managed_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
183
209
|
pulumi.set(self, "allowed_managed_keys", value)
|
184
210
|
|
211
|
+
@property
|
212
|
+
@pulumi.getter(name="allowedResponseHeaders")
|
213
|
+
def allowed_response_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
214
|
+
"""
|
215
|
+
List of headers to allow and pass from the request to the plugin
|
216
|
+
"""
|
217
|
+
return pulumi.get(self, "allowed_response_headers")
|
218
|
+
|
219
|
+
@allowed_response_headers.setter
|
220
|
+
def allowed_response_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
221
|
+
pulumi.set(self, "allowed_response_headers", value)
|
222
|
+
|
185
223
|
@property
|
186
224
|
@pulumi.getter(name="auditNonHmacRequestKeys")
|
187
225
|
def audit_non_hmac_request_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
@@ -268,6 +306,18 @@ class SecretBackendArgs:
|
|
268
306
|
def default_lease_ttl_seconds(self, value: Optional[pulumi.Input[int]]):
|
269
307
|
pulumi.set(self, "default_lease_ttl_seconds", value)
|
270
308
|
|
309
|
+
@property
|
310
|
+
@pulumi.getter(name="delegatedAuthAccessors")
|
311
|
+
def delegated_auth_accessors(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
312
|
+
"""
|
313
|
+
List of headers to allow and pass from the request to the plugin
|
314
|
+
"""
|
315
|
+
return pulumi.get(self, "delegated_auth_accessors")
|
316
|
+
|
317
|
+
@delegated_auth_accessors.setter
|
318
|
+
def delegated_auth_accessors(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
319
|
+
pulumi.set(self, "delegated_auth_accessors", value)
|
320
|
+
|
271
321
|
@property
|
272
322
|
@pulumi.getter
|
273
323
|
def description(self) -> Optional[pulumi.Input[str]]:
|
@@ -304,6 +354,18 @@ class SecretBackendArgs:
|
|
304
354
|
def external_entropy_access(self, value: Optional[pulumi.Input[bool]]):
|
305
355
|
pulumi.set(self, "external_entropy_access", value)
|
306
356
|
|
357
|
+
@property
|
358
|
+
@pulumi.getter(name="identityTokenKey")
|
359
|
+
def identity_token_key(self) -> Optional[pulumi.Input[str]]:
|
360
|
+
"""
|
361
|
+
The key to use for signing plugin workload identity tokens
|
362
|
+
"""
|
363
|
+
return pulumi.get(self, "identity_token_key")
|
364
|
+
|
365
|
+
@identity_token_key.setter
|
366
|
+
def identity_token_key(self, value: Optional[pulumi.Input[str]]):
|
367
|
+
pulumi.set(self, "identity_token_key", value)
|
368
|
+
|
307
369
|
@property
|
308
370
|
@pulumi.getter(name="insecureTls")
|
309
371
|
def insecure_tls(self) -> Optional[pulumi.Input[bool]]:
|
@@ -318,20 +380,16 @@ class SecretBackendArgs:
|
|
318
380
|
pulumi.set(self, "insecure_tls", value)
|
319
381
|
|
320
382
|
@property
|
321
|
-
@pulumi.getter
|
322
|
-
def
|
383
|
+
@pulumi.getter(name="listingVisibility")
|
384
|
+
def listing_visibility(self) -> Optional[pulumi.Input[str]]:
|
323
385
|
"""
|
324
|
-
|
325
|
-
*Mutually exclusive with `password_policy` on vault-1.11+*
|
386
|
+
Specifies whether to show this mount in the UI-specific listing endpoint
|
326
387
|
"""
|
327
|
-
|
328
|
-
pulumi.log.warn("""length is deprecated: Length is deprecated and password_policy should be used with Vault >= 1.5.""")
|
388
|
+
return pulumi.get(self, "listing_visibility")
|
329
389
|
|
330
|
-
|
331
|
-
|
332
|
-
|
333
|
-
def length(self, value: Optional[pulumi.Input[int]]):
|
334
|
-
pulumi.set(self, "length", value)
|
390
|
+
@listing_visibility.setter
|
391
|
+
def listing_visibility(self, value: Optional[pulumi.Input[str]]):
|
392
|
+
pulumi.set(self, "listing_visibility", value)
|
335
393
|
|
336
394
|
@property
|
337
395
|
@pulumi.getter
|
@@ -364,7 +422,7 @@ class SecretBackendArgs:
|
|
364
422
|
"""
|
365
423
|
The namespace to provision the resource in.
|
366
424
|
The value should not contain leading or trailing forward slashes.
|
367
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
425
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
368
426
|
*Available only for Vault Enterprise*.
|
369
427
|
"""
|
370
428
|
return pulumi.get(self, "namespace")
|
@@ -375,16 +433,28 @@ class SecretBackendArgs:
|
|
375
433
|
|
376
434
|
@property
|
377
435
|
@pulumi.getter
|
378
|
-
def options(self) -> Optional[pulumi.Input[Mapping[str,
|
436
|
+
def options(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
|
379
437
|
"""
|
380
438
|
Specifies mount type specific options that are passed to the backend
|
381
439
|
"""
|
382
440
|
return pulumi.get(self, "options")
|
383
441
|
|
384
442
|
@options.setter
|
385
|
-
def options(self, value: Optional[pulumi.Input[Mapping[str,
|
443
|
+
def options(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
|
386
444
|
pulumi.set(self, "options", value)
|
387
445
|
|
446
|
+
@property
|
447
|
+
@pulumi.getter(name="passthroughRequestHeaders")
|
448
|
+
def passthrough_request_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
449
|
+
"""
|
450
|
+
List of headers to allow and pass from the request to the plugin
|
451
|
+
"""
|
452
|
+
return pulumi.get(self, "passthrough_request_headers")
|
453
|
+
|
454
|
+
@passthrough_request_headers.setter
|
455
|
+
def passthrough_request_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
456
|
+
pulumi.set(self, "passthrough_request_headers", value)
|
457
|
+
|
388
458
|
@property
|
389
459
|
@pulumi.getter(name="passwordPolicy")
|
390
460
|
def password_policy(self) -> Optional[pulumi.Input[str]]:
|
@@ -410,6 +480,18 @@ class SecretBackendArgs:
|
|
410
480
|
def path(self, value: Optional[pulumi.Input[str]]):
|
411
481
|
pulumi.set(self, "path", value)
|
412
482
|
|
483
|
+
@property
|
484
|
+
@pulumi.getter(name="pluginVersion")
|
485
|
+
def plugin_version(self) -> Optional[pulumi.Input[str]]:
|
486
|
+
"""
|
487
|
+
Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
|
488
|
+
"""
|
489
|
+
return pulumi.get(self, "plugin_version")
|
490
|
+
|
491
|
+
@plugin_version.setter
|
492
|
+
def plugin_version(self, value: Optional[pulumi.Input[str]]):
|
493
|
+
pulumi.set(self, "plugin_version", value)
|
494
|
+
|
413
495
|
@property
|
414
496
|
@pulumi.getter(name="requestTimeout")
|
415
497
|
def request_timeout(self) -> Optional[pulumi.Input[int]]:
|
@@ -447,6 +529,19 @@ class SecretBackendArgs:
|
|
447
529
|
def seal_wrap(self, value: Optional[pulumi.Input[bool]]):
|
448
530
|
pulumi.set(self, "seal_wrap", value)
|
449
531
|
|
532
|
+
@property
|
533
|
+
@pulumi.getter(name="skipStaticRoleImportRotation")
|
534
|
+
def skip_static_role_import_rotation(self) -> Optional[pulumi.Input[bool]]:
|
535
|
+
"""
|
536
|
+
If set to true, static roles will not be rotated during import.
|
537
|
+
Defaults to false. Requires Vault 1.16 or above.
|
538
|
+
"""
|
539
|
+
return pulumi.get(self, "skip_static_role_import_rotation")
|
540
|
+
|
541
|
+
@skip_static_role_import_rotation.setter
|
542
|
+
def skip_static_role_import_rotation(self, value: Optional[pulumi.Input[bool]]):
|
543
|
+
pulumi.set(self, "skip_static_role_import_rotation", value)
|
544
|
+
|
450
545
|
@property
|
451
546
|
@pulumi.getter
|
452
547
|
def starttls(self) -> Optional[pulumi.Input[bool]]:
|
@@ -514,6 +609,7 @@ class _SecretBackendState:
|
|
514
609
|
def __init__(__self__, *,
|
515
610
|
accessor: Optional[pulumi.Input[str]] = None,
|
516
611
|
allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
612
|
+
allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
517
613
|
audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
518
614
|
audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
519
615
|
binddn: Optional[pulumi.Input[str]] = None,
|
@@ -523,20 +619,25 @@ class _SecretBackendState:
|
|
523
619
|
client_tls_key: Optional[pulumi.Input[str]] = None,
|
524
620
|
connection_timeout: Optional[pulumi.Input[int]] = None,
|
525
621
|
default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
622
|
+
delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
526
623
|
description: Optional[pulumi.Input[str]] = None,
|
527
624
|
disable_remount: Optional[pulumi.Input[bool]] = None,
|
528
625
|
external_entropy_access: Optional[pulumi.Input[bool]] = None,
|
626
|
+
identity_token_key: Optional[pulumi.Input[str]] = None,
|
529
627
|
insecure_tls: Optional[pulumi.Input[bool]] = None,
|
530
|
-
|
628
|
+
listing_visibility: Optional[pulumi.Input[str]] = None,
|
531
629
|
local: Optional[pulumi.Input[bool]] = None,
|
532
630
|
max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
533
631
|
namespace: Optional[pulumi.Input[str]] = None,
|
534
|
-
options: Optional[pulumi.Input[Mapping[str,
|
632
|
+
options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
633
|
+
passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
535
634
|
password_policy: Optional[pulumi.Input[str]] = None,
|
536
635
|
path: Optional[pulumi.Input[str]] = None,
|
636
|
+
plugin_version: Optional[pulumi.Input[str]] = None,
|
537
637
|
request_timeout: Optional[pulumi.Input[int]] = None,
|
538
638
|
schema: Optional[pulumi.Input[str]] = None,
|
539
639
|
seal_wrap: Optional[pulumi.Input[bool]] = None,
|
640
|
+
skip_static_role_import_rotation: Optional[pulumi.Input[bool]] = None,
|
540
641
|
starttls: Optional[pulumi.Input[bool]] = None,
|
541
642
|
upndomain: Optional[pulumi.Input[str]] = None,
|
542
643
|
url: Optional[pulumi.Input[str]] = None,
|
@@ -546,6 +647,7 @@ class _SecretBackendState:
|
|
546
647
|
Input properties used for looking up and filtering SecretBackend resources.
|
547
648
|
:param pulumi.Input[str] accessor: Accessor of the mount
|
548
649
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_managed_keys: List of managed key registry entry names that the mount in question is allowed to access
|
650
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_response_headers: List of headers to allow and pass from the request to the plugin
|
549
651
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
|
550
652
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
|
551
653
|
:param pulumi.Input[str] binddn: Distinguished name of object to bind when performing user and group search.
|
@@ -557,28 +659,33 @@ class _SecretBackendState:
|
|
557
659
|
:param pulumi.Input[int] connection_timeout: Timeout, in seconds, when attempting to connect to the LDAP server before trying
|
558
660
|
the next URL in the configuration.
|
559
661
|
:param pulumi.Input[int] default_lease_ttl_seconds: Default lease duration for secrets in seconds.
|
662
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] delegated_auth_accessors: List of headers to allow and pass from the request to the plugin
|
560
663
|
:param pulumi.Input[str] description: Human-friendly description of the mount for the Active Directory backend.
|
561
664
|
:param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
|
562
665
|
:param pulumi.Input[bool] external_entropy_access: Enable the secrets engine to access Vault's external entropy source
|
666
|
+
:param pulumi.Input[str] identity_token_key: The key to use for signing plugin workload identity tokens
|
563
667
|
:param pulumi.Input[bool] insecure_tls: Skip LDAP server SSL Certificate verification. This is not recommended for production.
|
564
668
|
Defaults to `false`.
|
565
|
-
:param pulumi.Input[
|
566
|
-
*Mutually exclusive with `password_policy` on vault-1.11+*
|
669
|
+
:param pulumi.Input[str] listing_visibility: Specifies whether to show this mount in the UI-specific listing endpoint
|
567
670
|
:param pulumi.Input[bool] local: Mark the secrets engine as local-only. Local engines are not replicated or removed by
|
568
671
|
replication.Tolerance duration to use when checking the last rotation time.
|
569
672
|
:param pulumi.Input[int] max_lease_ttl_seconds: Maximum possible lease duration for secrets in seconds.
|
570
673
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
571
674
|
The value should not contain leading or trailing forward slashes.
|
572
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
675
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
573
676
|
*Available only for Vault Enterprise*.
|
574
|
-
:param pulumi.Input[Mapping[str,
|
677
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] options: Specifies mount type specific options that are passed to the backend
|
678
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] passthrough_request_headers: List of headers to allow and pass from the request to the plugin
|
575
679
|
:param pulumi.Input[str] password_policy: Name of the password policy to use to generate passwords.
|
576
680
|
:param pulumi.Input[str] path: The unique path this backend should be mounted at. Must
|
577
681
|
not begin or end with a `/`. Defaults to `ldap`.
|
682
|
+
:param pulumi.Input[str] plugin_version: Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
|
578
683
|
:param pulumi.Input[int] request_timeout: Timeout, in seconds, for the connection when making requests against the server
|
579
684
|
before returning back an error.
|
580
685
|
:param pulumi.Input[str] schema: The LDAP schema to use when storing entry passwords. Valid schemas include `openldap`, `ad`, and `racf`. Default is `openldap`.
|
581
686
|
:param pulumi.Input[bool] seal_wrap: Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
|
687
|
+
:param pulumi.Input[bool] skip_static_role_import_rotation: If set to true, static roles will not be rotated during import.
|
688
|
+
Defaults to false. Requires Vault 1.16 or above.
|
582
689
|
:param pulumi.Input[bool] starttls: Issue a StartTLS command after establishing unencrypted connection.
|
583
690
|
:param pulumi.Input[str] upndomain: Enables userPrincipalDomain login with [username]@UPNDomain.
|
584
691
|
:param pulumi.Input[str] url: LDAP URL to connect to. Multiple URLs can be specified by concatenating
|
@@ -590,6 +697,8 @@ class _SecretBackendState:
|
|
590
697
|
pulumi.set(__self__, "accessor", accessor)
|
591
698
|
if allowed_managed_keys is not None:
|
592
699
|
pulumi.set(__self__, "allowed_managed_keys", allowed_managed_keys)
|
700
|
+
if allowed_response_headers is not None:
|
701
|
+
pulumi.set(__self__, "allowed_response_headers", allowed_response_headers)
|
593
702
|
if audit_non_hmac_request_keys is not None:
|
594
703
|
pulumi.set(__self__, "audit_non_hmac_request_keys", audit_non_hmac_request_keys)
|
595
704
|
if audit_non_hmac_response_keys is not None:
|
@@ -608,19 +717,20 @@ class _SecretBackendState:
|
|
608
717
|
pulumi.set(__self__, "connection_timeout", connection_timeout)
|
609
718
|
if default_lease_ttl_seconds is not None:
|
610
719
|
pulumi.set(__self__, "default_lease_ttl_seconds", default_lease_ttl_seconds)
|
720
|
+
if delegated_auth_accessors is not None:
|
721
|
+
pulumi.set(__self__, "delegated_auth_accessors", delegated_auth_accessors)
|
611
722
|
if description is not None:
|
612
723
|
pulumi.set(__self__, "description", description)
|
613
724
|
if disable_remount is not None:
|
614
725
|
pulumi.set(__self__, "disable_remount", disable_remount)
|
615
726
|
if external_entropy_access is not None:
|
616
727
|
pulumi.set(__self__, "external_entropy_access", external_entropy_access)
|
728
|
+
if identity_token_key is not None:
|
729
|
+
pulumi.set(__self__, "identity_token_key", identity_token_key)
|
617
730
|
if insecure_tls is not None:
|
618
731
|
pulumi.set(__self__, "insecure_tls", insecure_tls)
|
619
|
-
if
|
620
|
-
|
621
|
-
pulumi.log.warn("""length is deprecated: Length is deprecated and password_policy should be used with Vault >= 1.5.""")
|
622
|
-
if length is not None:
|
623
|
-
pulumi.set(__self__, "length", length)
|
732
|
+
if listing_visibility is not None:
|
733
|
+
pulumi.set(__self__, "listing_visibility", listing_visibility)
|
624
734
|
if local is not None:
|
625
735
|
pulumi.set(__self__, "local", local)
|
626
736
|
if max_lease_ttl_seconds is not None:
|
@@ -629,16 +739,22 @@ class _SecretBackendState:
|
|
629
739
|
pulumi.set(__self__, "namespace", namespace)
|
630
740
|
if options is not None:
|
631
741
|
pulumi.set(__self__, "options", options)
|
742
|
+
if passthrough_request_headers is not None:
|
743
|
+
pulumi.set(__self__, "passthrough_request_headers", passthrough_request_headers)
|
632
744
|
if password_policy is not None:
|
633
745
|
pulumi.set(__self__, "password_policy", password_policy)
|
634
746
|
if path is not None:
|
635
747
|
pulumi.set(__self__, "path", path)
|
748
|
+
if plugin_version is not None:
|
749
|
+
pulumi.set(__self__, "plugin_version", plugin_version)
|
636
750
|
if request_timeout is not None:
|
637
751
|
pulumi.set(__self__, "request_timeout", request_timeout)
|
638
752
|
if schema is not None:
|
639
753
|
pulumi.set(__self__, "schema", schema)
|
640
754
|
if seal_wrap is not None:
|
641
755
|
pulumi.set(__self__, "seal_wrap", seal_wrap)
|
756
|
+
if skip_static_role_import_rotation is not None:
|
757
|
+
pulumi.set(__self__, "skip_static_role_import_rotation", skip_static_role_import_rotation)
|
642
758
|
if starttls is not None:
|
643
759
|
pulumi.set(__self__, "starttls", starttls)
|
644
760
|
if upndomain is not None:
|
@@ -674,6 +790,18 @@ class _SecretBackendState:
|
|
674
790
|
def allowed_managed_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
675
791
|
pulumi.set(self, "allowed_managed_keys", value)
|
676
792
|
|
793
|
+
@property
|
794
|
+
@pulumi.getter(name="allowedResponseHeaders")
|
795
|
+
def allowed_response_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
796
|
+
"""
|
797
|
+
List of headers to allow and pass from the request to the plugin
|
798
|
+
"""
|
799
|
+
return pulumi.get(self, "allowed_response_headers")
|
800
|
+
|
801
|
+
@allowed_response_headers.setter
|
802
|
+
def allowed_response_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
803
|
+
pulumi.set(self, "allowed_response_headers", value)
|
804
|
+
|
677
805
|
@property
|
678
806
|
@pulumi.getter(name="auditNonHmacRequestKeys")
|
679
807
|
def audit_non_hmac_request_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
@@ -784,6 +912,18 @@ class _SecretBackendState:
|
|
784
912
|
def default_lease_ttl_seconds(self, value: Optional[pulumi.Input[int]]):
|
785
913
|
pulumi.set(self, "default_lease_ttl_seconds", value)
|
786
914
|
|
915
|
+
@property
|
916
|
+
@pulumi.getter(name="delegatedAuthAccessors")
|
917
|
+
def delegated_auth_accessors(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
918
|
+
"""
|
919
|
+
List of headers to allow and pass from the request to the plugin
|
920
|
+
"""
|
921
|
+
return pulumi.get(self, "delegated_auth_accessors")
|
922
|
+
|
923
|
+
@delegated_auth_accessors.setter
|
924
|
+
def delegated_auth_accessors(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
925
|
+
pulumi.set(self, "delegated_auth_accessors", value)
|
926
|
+
|
787
927
|
@property
|
788
928
|
@pulumi.getter
|
789
929
|
def description(self) -> Optional[pulumi.Input[str]]:
|
@@ -820,6 +960,18 @@ class _SecretBackendState:
|
|
820
960
|
def external_entropy_access(self, value: Optional[pulumi.Input[bool]]):
|
821
961
|
pulumi.set(self, "external_entropy_access", value)
|
822
962
|
|
963
|
+
@property
|
964
|
+
@pulumi.getter(name="identityTokenKey")
|
965
|
+
def identity_token_key(self) -> Optional[pulumi.Input[str]]:
|
966
|
+
"""
|
967
|
+
The key to use for signing plugin workload identity tokens
|
968
|
+
"""
|
969
|
+
return pulumi.get(self, "identity_token_key")
|
970
|
+
|
971
|
+
@identity_token_key.setter
|
972
|
+
def identity_token_key(self, value: Optional[pulumi.Input[str]]):
|
973
|
+
pulumi.set(self, "identity_token_key", value)
|
974
|
+
|
823
975
|
@property
|
824
976
|
@pulumi.getter(name="insecureTls")
|
825
977
|
def insecure_tls(self) -> Optional[pulumi.Input[bool]]:
|
@@ -834,20 +986,16 @@ class _SecretBackendState:
|
|
834
986
|
pulumi.set(self, "insecure_tls", value)
|
835
987
|
|
836
988
|
@property
|
837
|
-
@pulumi.getter
|
838
|
-
def
|
989
|
+
@pulumi.getter(name="listingVisibility")
|
990
|
+
def listing_visibility(self) -> Optional[pulumi.Input[str]]:
|
839
991
|
"""
|
840
|
-
|
841
|
-
*Mutually exclusive with `password_policy` on vault-1.11+*
|
992
|
+
Specifies whether to show this mount in the UI-specific listing endpoint
|
842
993
|
"""
|
843
|
-
|
844
|
-
pulumi.log.warn("""length is deprecated: Length is deprecated and password_policy should be used with Vault >= 1.5.""")
|
845
|
-
|
846
|
-
return pulumi.get(self, "length")
|
994
|
+
return pulumi.get(self, "listing_visibility")
|
847
995
|
|
848
|
-
@
|
849
|
-
def
|
850
|
-
pulumi.set(self, "
|
996
|
+
@listing_visibility.setter
|
997
|
+
def listing_visibility(self, value: Optional[pulumi.Input[str]]):
|
998
|
+
pulumi.set(self, "listing_visibility", value)
|
851
999
|
|
852
1000
|
@property
|
853
1001
|
@pulumi.getter
|
@@ -880,7 +1028,7 @@ class _SecretBackendState:
|
|
880
1028
|
"""
|
881
1029
|
The namespace to provision the resource in.
|
882
1030
|
The value should not contain leading or trailing forward slashes.
|
883
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
1031
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
884
1032
|
*Available only for Vault Enterprise*.
|
885
1033
|
"""
|
886
1034
|
return pulumi.get(self, "namespace")
|
@@ -891,16 +1039,28 @@ class _SecretBackendState:
|
|
891
1039
|
|
892
1040
|
@property
|
893
1041
|
@pulumi.getter
|
894
|
-
def options(self) -> Optional[pulumi.Input[Mapping[str,
|
1042
|
+
def options(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
|
895
1043
|
"""
|
896
1044
|
Specifies mount type specific options that are passed to the backend
|
897
1045
|
"""
|
898
1046
|
return pulumi.get(self, "options")
|
899
1047
|
|
900
1048
|
@options.setter
|
901
|
-
def options(self, value: Optional[pulumi.Input[Mapping[str,
|
1049
|
+
def options(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
|
902
1050
|
pulumi.set(self, "options", value)
|
903
1051
|
|
1052
|
+
@property
|
1053
|
+
@pulumi.getter(name="passthroughRequestHeaders")
|
1054
|
+
def passthrough_request_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
1055
|
+
"""
|
1056
|
+
List of headers to allow and pass from the request to the plugin
|
1057
|
+
"""
|
1058
|
+
return pulumi.get(self, "passthrough_request_headers")
|
1059
|
+
|
1060
|
+
@passthrough_request_headers.setter
|
1061
|
+
def passthrough_request_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
1062
|
+
pulumi.set(self, "passthrough_request_headers", value)
|
1063
|
+
|
904
1064
|
@property
|
905
1065
|
@pulumi.getter(name="passwordPolicy")
|
906
1066
|
def password_policy(self) -> Optional[pulumi.Input[str]]:
|
@@ -926,6 +1086,18 @@ class _SecretBackendState:
|
|
926
1086
|
def path(self, value: Optional[pulumi.Input[str]]):
|
927
1087
|
pulumi.set(self, "path", value)
|
928
1088
|
|
1089
|
+
@property
|
1090
|
+
@pulumi.getter(name="pluginVersion")
|
1091
|
+
def plugin_version(self) -> Optional[pulumi.Input[str]]:
|
1092
|
+
"""
|
1093
|
+
Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
|
1094
|
+
"""
|
1095
|
+
return pulumi.get(self, "plugin_version")
|
1096
|
+
|
1097
|
+
@plugin_version.setter
|
1098
|
+
def plugin_version(self, value: Optional[pulumi.Input[str]]):
|
1099
|
+
pulumi.set(self, "plugin_version", value)
|
1100
|
+
|
929
1101
|
@property
|
930
1102
|
@pulumi.getter(name="requestTimeout")
|
931
1103
|
def request_timeout(self) -> Optional[pulumi.Input[int]]:
|
@@ -963,6 +1135,19 @@ class _SecretBackendState:
|
|
963
1135
|
def seal_wrap(self, value: Optional[pulumi.Input[bool]]):
|
964
1136
|
pulumi.set(self, "seal_wrap", value)
|
965
1137
|
|
1138
|
+
@property
|
1139
|
+
@pulumi.getter(name="skipStaticRoleImportRotation")
|
1140
|
+
def skip_static_role_import_rotation(self) -> Optional[pulumi.Input[bool]]:
|
1141
|
+
"""
|
1142
|
+
If set to true, static roles will not be rotated during import.
|
1143
|
+
Defaults to false. Requires Vault 1.16 or above.
|
1144
|
+
"""
|
1145
|
+
return pulumi.get(self, "skip_static_role_import_rotation")
|
1146
|
+
|
1147
|
+
@skip_static_role_import_rotation.setter
|
1148
|
+
def skip_static_role_import_rotation(self, value: Optional[pulumi.Input[bool]]):
|
1149
|
+
pulumi.set(self, "skip_static_role_import_rotation", value)
|
1150
|
+
|
966
1151
|
@property
|
967
1152
|
@pulumi.getter
|
968
1153
|
def starttls(self) -> Optional[pulumi.Input[bool]]:
|
@@ -1031,6 +1216,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1031
1216
|
resource_name: str,
|
1032
1217
|
opts: Optional[pulumi.ResourceOptions] = None,
|
1033
1218
|
allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1219
|
+
allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1034
1220
|
audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1035
1221
|
audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1036
1222
|
binddn: Optional[pulumi.Input[str]] = None,
|
@@ -1040,20 +1226,25 @@ class SecretBackend(pulumi.CustomResource):
|
|
1040
1226
|
client_tls_key: Optional[pulumi.Input[str]] = None,
|
1041
1227
|
connection_timeout: Optional[pulumi.Input[int]] = None,
|
1042
1228
|
default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
1229
|
+
delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1043
1230
|
description: Optional[pulumi.Input[str]] = None,
|
1044
1231
|
disable_remount: Optional[pulumi.Input[bool]] = None,
|
1045
1232
|
external_entropy_access: Optional[pulumi.Input[bool]] = None,
|
1233
|
+
identity_token_key: Optional[pulumi.Input[str]] = None,
|
1046
1234
|
insecure_tls: Optional[pulumi.Input[bool]] = None,
|
1047
|
-
|
1235
|
+
listing_visibility: Optional[pulumi.Input[str]] = None,
|
1048
1236
|
local: Optional[pulumi.Input[bool]] = None,
|
1049
1237
|
max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
1050
1238
|
namespace: Optional[pulumi.Input[str]] = None,
|
1051
|
-
options: Optional[pulumi.Input[Mapping[str,
|
1239
|
+
options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
1240
|
+
passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1052
1241
|
password_policy: Optional[pulumi.Input[str]] = None,
|
1053
1242
|
path: Optional[pulumi.Input[str]] = None,
|
1243
|
+
plugin_version: Optional[pulumi.Input[str]] = None,
|
1054
1244
|
request_timeout: Optional[pulumi.Input[int]] = None,
|
1055
1245
|
schema: Optional[pulumi.Input[str]] = None,
|
1056
1246
|
seal_wrap: Optional[pulumi.Input[bool]] = None,
|
1247
|
+
skip_static_role_import_rotation: Optional[pulumi.Input[bool]] = None,
|
1057
1248
|
starttls: Optional[pulumi.Input[bool]] = None,
|
1058
1249
|
upndomain: Optional[pulumi.Input[str]] = None,
|
1059
1250
|
url: Optional[pulumi.Input[str]] = None,
|
@@ -1063,20 +1254,18 @@ class SecretBackend(pulumi.CustomResource):
|
|
1063
1254
|
"""
|
1064
1255
|
## Example Usage
|
1065
1256
|
|
1066
|
-
<!--Start PulumiCodeChooser -->
|
1067
1257
|
```python
|
1068
1258
|
import pulumi
|
1069
1259
|
import pulumi_vault as vault
|
1070
1260
|
|
1071
1261
|
config = vault.ldap.SecretBackend("config",
|
1262
|
+
path="my-custom-ldap",
|
1072
1263
|
binddn="CN=Administrator,CN=Users,DC=corp,DC=example,DC=net",
|
1073
1264
|
bindpass="SuperSecretPassw0rd",
|
1074
|
-
insecure_tls=True,
|
1075
|
-
path="my-custom-ldap",
|
1076
1265
|
url="ldaps://localhost",
|
1266
|
+
insecure_tls=True,
|
1077
1267
|
userdn="CN=Users,DC=corp,DC=example,DC=net")
|
1078
1268
|
```
|
1079
|
-
<!--End PulumiCodeChooser -->
|
1080
1269
|
|
1081
1270
|
## Import
|
1082
1271
|
|
@@ -1089,6 +1278,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1089
1278
|
:param str resource_name: The name of the resource.
|
1090
1279
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
1091
1280
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_managed_keys: List of managed key registry entry names that the mount in question is allowed to access
|
1281
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_response_headers: List of headers to allow and pass from the request to the plugin
|
1092
1282
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
|
1093
1283
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
|
1094
1284
|
:param pulumi.Input[str] binddn: Distinguished name of object to bind when performing user and group search.
|
@@ -1100,28 +1290,33 @@ class SecretBackend(pulumi.CustomResource):
|
|
1100
1290
|
:param pulumi.Input[int] connection_timeout: Timeout, in seconds, when attempting to connect to the LDAP server before trying
|
1101
1291
|
the next URL in the configuration.
|
1102
1292
|
:param pulumi.Input[int] default_lease_ttl_seconds: Default lease duration for secrets in seconds.
|
1293
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] delegated_auth_accessors: List of headers to allow and pass from the request to the plugin
|
1103
1294
|
:param pulumi.Input[str] description: Human-friendly description of the mount for the Active Directory backend.
|
1104
1295
|
:param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
|
1105
1296
|
:param pulumi.Input[bool] external_entropy_access: Enable the secrets engine to access Vault's external entropy source
|
1297
|
+
:param pulumi.Input[str] identity_token_key: The key to use for signing plugin workload identity tokens
|
1106
1298
|
:param pulumi.Input[bool] insecure_tls: Skip LDAP server SSL Certificate verification. This is not recommended for production.
|
1107
1299
|
Defaults to `false`.
|
1108
|
-
:param pulumi.Input[
|
1109
|
-
*Mutually exclusive with `password_policy` on vault-1.11+*
|
1300
|
+
:param pulumi.Input[str] listing_visibility: Specifies whether to show this mount in the UI-specific listing endpoint
|
1110
1301
|
:param pulumi.Input[bool] local: Mark the secrets engine as local-only. Local engines are not replicated or removed by
|
1111
1302
|
replication.Tolerance duration to use when checking the last rotation time.
|
1112
1303
|
:param pulumi.Input[int] max_lease_ttl_seconds: Maximum possible lease duration for secrets in seconds.
|
1113
1304
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
1114
1305
|
The value should not contain leading or trailing forward slashes.
|
1115
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
1306
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
1116
1307
|
*Available only for Vault Enterprise*.
|
1117
|
-
:param pulumi.Input[Mapping[str,
|
1308
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] options: Specifies mount type specific options that are passed to the backend
|
1309
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] passthrough_request_headers: List of headers to allow and pass from the request to the plugin
|
1118
1310
|
:param pulumi.Input[str] password_policy: Name of the password policy to use to generate passwords.
|
1119
1311
|
:param pulumi.Input[str] path: The unique path this backend should be mounted at. Must
|
1120
1312
|
not begin or end with a `/`. Defaults to `ldap`.
|
1313
|
+
:param pulumi.Input[str] plugin_version: Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
|
1121
1314
|
:param pulumi.Input[int] request_timeout: Timeout, in seconds, for the connection when making requests against the server
|
1122
1315
|
before returning back an error.
|
1123
1316
|
:param pulumi.Input[str] schema: The LDAP schema to use when storing entry passwords. Valid schemas include `openldap`, `ad`, and `racf`. Default is `openldap`.
|
1124
1317
|
:param pulumi.Input[bool] seal_wrap: Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
|
1318
|
+
:param pulumi.Input[bool] skip_static_role_import_rotation: If set to true, static roles will not be rotated during import.
|
1319
|
+
Defaults to false. Requires Vault 1.16 or above.
|
1125
1320
|
:param pulumi.Input[bool] starttls: Issue a StartTLS command after establishing unencrypted connection.
|
1126
1321
|
:param pulumi.Input[str] upndomain: Enables userPrincipalDomain login with [username]@UPNDomain.
|
1127
1322
|
:param pulumi.Input[str] url: LDAP URL to connect to. Multiple URLs can be specified by concatenating
|
@@ -1138,20 +1333,18 @@ class SecretBackend(pulumi.CustomResource):
|
|
1138
1333
|
"""
|
1139
1334
|
## Example Usage
|
1140
1335
|
|
1141
|
-
<!--Start PulumiCodeChooser -->
|
1142
1336
|
```python
|
1143
1337
|
import pulumi
|
1144
1338
|
import pulumi_vault as vault
|
1145
1339
|
|
1146
1340
|
config = vault.ldap.SecretBackend("config",
|
1341
|
+
path="my-custom-ldap",
|
1147
1342
|
binddn="CN=Administrator,CN=Users,DC=corp,DC=example,DC=net",
|
1148
1343
|
bindpass="SuperSecretPassw0rd",
|
1149
|
-
insecure_tls=True,
|
1150
|
-
path="my-custom-ldap",
|
1151
1344
|
url="ldaps://localhost",
|
1345
|
+
insecure_tls=True,
|
1152
1346
|
userdn="CN=Users,DC=corp,DC=example,DC=net")
|
1153
1347
|
```
|
1154
|
-
<!--End PulumiCodeChooser -->
|
1155
1348
|
|
1156
1349
|
## Import
|
1157
1350
|
|
@@ -1177,6 +1370,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1177
1370
|
resource_name: str,
|
1178
1371
|
opts: Optional[pulumi.ResourceOptions] = None,
|
1179
1372
|
allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1373
|
+
allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1180
1374
|
audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1181
1375
|
audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1182
1376
|
binddn: Optional[pulumi.Input[str]] = None,
|
@@ -1186,20 +1380,25 @@ class SecretBackend(pulumi.CustomResource):
|
|
1186
1380
|
client_tls_key: Optional[pulumi.Input[str]] = None,
|
1187
1381
|
connection_timeout: Optional[pulumi.Input[int]] = None,
|
1188
1382
|
default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
1383
|
+
delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1189
1384
|
description: Optional[pulumi.Input[str]] = None,
|
1190
1385
|
disable_remount: Optional[pulumi.Input[bool]] = None,
|
1191
1386
|
external_entropy_access: Optional[pulumi.Input[bool]] = None,
|
1387
|
+
identity_token_key: Optional[pulumi.Input[str]] = None,
|
1192
1388
|
insecure_tls: Optional[pulumi.Input[bool]] = None,
|
1193
|
-
|
1389
|
+
listing_visibility: Optional[pulumi.Input[str]] = None,
|
1194
1390
|
local: Optional[pulumi.Input[bool]] = None,
|
1195
1391
|
max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
1196
1392
|
namespace: Optional[pulumi.Input[str]] = None,
|
1197
|
-
options: Optional[pulumi.Input[Mapping[str,
|
1393
|
+
options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
1394
|
+
passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1198
1395
|
password_policy: Optional[pulumi.Input[str]] = None,
|
1199
1396
|
path: Optional[pulumi.Input[str]] = None,
|
1397
|
+
plugin_version: Optional[pulumi.Input[str]] = None,
|
1200
1398
|
request_timeout: Optional[pulumi.Input[int]] = None,
|
1201
1399
|
schema: Optional[pulumi.Input[str]] = None,
|
1202
1400
|
seal_wrap: Optional[pulumi.Input[bool]] = None,
|
1401
|
+
skip_static_role_import_rotation: Optional[pulumi.Input[bool]] = None,
|
1203
1402
|
starttls: Optional[pulumi.Input[bool]] = None,
|
1204
1403
|
upndomain: Optional[pulumi.Input[str]] = None,
|
1205
1404
|
url: Optional[pulumi.Input[str]] = None,
|
@@ -1215,6 +1414,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1215
1414
|
__props__ = SecretBackendArgs.__new__(SecretBackendArgs)
|
1216
1415
|
|
1217
1416
|
__props__.__dict__["allowed_managed_keys"] = allowed_managed_keys
|
1417
|
+
__props__.__dict__["allowed_response_headers"] = allowed_response_headers
|
1218
1418
|
__props__.__dict__["audit_non_hmac_request_keys"] = audit_non_hmac_request_keys
|
1219
1419
|
__props__.__dict__["audit_non_hmac_response_keys"] = audit_non_hmac_response_keys
|
1220
1420
|
if binddn is None and not opts.urn:
|
@@ -1228,20 +1428,25 @@ class SecretBackend(pulumi.CustomResource):
|
|
1228
1428
|
__props__.__dict__["client_tls_key"] = None if client_tls_key is None else pulumi.Output.secret(client_tls_key)
|
1229
1429
|
__props__.__dict__["connection_timeout"] = connection_timeout
|
1230
1430
|
__props__.__dict__["default_lease_ttl_seconds"] = default_lease_ttl_seconds
|
1431
|
+
__props__.__dict__["delegated_auth_accessors"] = delegated_auth_accessors
|
1231
1432
|
__props__.__dict__["description"] = description
|
1232
1433
|
__props__.__dict__["disable_remount"] = disable_remount
|
1233
1434
|
__props__.__dict__["external_entropy_access"] = external_entropy_access
|
1435
|
+
__props__.__dict__["identity_token_key"] = identity_token_key
|
1234
1436
|
__props__.__dict__["insecure_tls"] = insecure_tls
|
1235
|
-
__props__.__dict__["
|
1437
|
+
__props__.__dict__["listing_visibility"] = listing_visibility
|
1236
1438
|
__props__.__dict__["local"] = local
|
1237
1439
|
__props__.__dict__["max_lease_ttl_seconds"] = max_lease_ttl_seconds
|
1238
1440
|
__props__.__dict__["namespace"] = namespace
|
1239
1441
|
__props__.__dict__["options"] = options
|
1442
|
+
__props__.__dict__["passthrough_request_headers"] = passthrough_request_headers
|
1240
1443
|
__props__.__dict__["password_policy"] = password_policy
|
1241
1444
|
__props__.__dict__["path"] = path
|
1445
|
+
__props__.__dict__["plugin_version"] = plugin_version
|
1242
1446
|
__props__.__dict__["request_timeout"] = request_timeout
|
1243
1447
|
__props__.__dict__["schema"] = schema
|
1244
1448
|
__props__.__dict__["seal_wrap"] = seal_wrap
|
1449
|
+
__props__.__dict__["skip_static_role_import_rotation"] = skip_static_role_import_rotation
|
1245
1450
|
__props__.__dict__["starttls"] = starttls
|
1246
1451
|
__props__.__dict__["upndomain"] = upndomain
|
1247
1452
|
__props__.__dict__["url"] = url
|
@@ -1262,6 +1467,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1262
1467
|
opts: Optional[pulumi.ResourceOptions] = None,
|
1263
1468
|
accessor: Optional[pulumi.Input[str]] = None,
|
1264
1469
|
allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1470
|
+
allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1265
1471
|
audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1266
1472
|
audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1267
1473
|
binddn: Optional[pulumi.Input[str]] = None,
|
@@ -1271,20 +1477,25 @@ class SecretBackend(pulumi.CustomResource):
|
|
1271
1477
|
client_tls_key: Optional[pulumi.Input[str]] = None,
|
1272
1478
|
connection_timeout: Optional[pulumi.Input[int]] = None,
|
1273
1479
|
default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
1480
|
+
delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1274
1481
|
description: Optional[pulumi.Input[str]] = None,
|
1275
1482
|
disable_remount: Optional[pulumi.Input[bool]] = None,
|
1276
1483
|
external_entropy_access: Optional[pulumi.Input[bool]] = None,
|
1484
|
+
identity_token_key: Optional[pulumi.Input[str]] = None,
|
1277
1485
|
insecure_tls: Optional[pulumi.Input[bool]] = None,
|
1278
|
-
|
1486
|
+
listing_visibility: Optional[pulumi.Input[str]] = None,
|
1279
1487
|
local: Optional[pulumi.Input[bool]] = None,
|
1280
1488
|
max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
1281
1489
|
namespace: Optional[pulumi.Input[str]] = None,
|
1282
|
-
options: Optional[pulumi.Input[Mapping[str,
|
1490
|
+
options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
1491
|
+
passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1283
1492
|
password_policy: Optional[pulumi.Input[str]] = None,
|
1284
1493
|
path: Optional[pulumi.Input[str]] = None,
|
1494
|
+
plugin_version: Optional[pulumi.Input[str]] = None,
|
1285
1495
|
request_timeout: Optional[pulumi.Input[int]] = None,
|
1286
1496
|
schema: Optional[pulumi.Input[str]] = None,
|
1287
1497
|
seal_wrap: Optional[pulumi.Input[bool]] = None,
|
1498
|
+
skip_static_role_import_rotation: Optional[pulumi.Input[bool]] = None,
|
1288
1499
|
starttls: Optional[pulumi.Input[bool]] = None,
|
1289
1500
|
upndomain: Optional[pulumi.Input[str]] = None,
|
1290
1501
|
url: Optional[pulumi.Input[str]] = None,
|
@@ -1299,6 +1510,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1299
1510
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
1300
1511
|
:param pulumi.Input[str] accessor: Accessor of the mount
|
1301
1512
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_managed_keys: List of managed key registry entry names that the mount in question is allowed to access
|
1513
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_response_headers: List of headers to allow and pass from the request to the plugin
|
1302
1514
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
|
1303
1515
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
|
1304
1516
|
:param pulumi.Input[str] binddn: Distinguished name of object to bind when performing user and group search.
|
@@ -1310,28 +1522,33 @@ class SecretBackend(pulumi.CustomResource):
|
|
1310
1522
|
:param pulumi.Input[int] connection_timeout: Timeout, in seconds, when attempting to connect to the LDAP server before trying
|
1311
1523
|
the next URL in the configuration.
|
1312
1524
|
:param pulumi.Input[int] default_lease_ttl_seconds: Default lease duration for secrets in seconds.
|
1525
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] delegated_auth_accessors: List of headers to allow and pass from the request to the plugin
|
1313
1526
|
:param pulumi.Input[str] description: Human-friendly description of the mount for the Active Directory backend.
|
1314
1527
|
:param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
|
1315
1528
|
:param pulumi.Input[bool] external_entropy_access: Enable the secrets engine to access Vault's external entropy source
|
1529
|
+
:param pulumi.Input[str] identity_token_key: The key to use for signing plugin workload identity tokens
|
1316
1530
|
:param pulumi.Input[bool] insecure_tls: Skip LDAP server SSL Certificate verification. This is not recommended for production.
|
1317
1531
|
Defaults to `false`.
|
1318
|
-
:param pulumi.Input[
|
1319
|
-
*Mutually exclusive with `password_policy` on vault-1.11+*
|
1532
|
+
:param pulumi.Input[str] listing_visibility: Specifies whether to show this mount in the UI-specific listing endpoint
|
1320
1533
|
:param pulumi.Input[bool] local: Mark the secrets engine as local-only. Local engines are not replicated or removed by
|
1321
1534
|
replication.Tolerance duration to use when checking the last rotation time.
|
1322
1535
|
:param pulumi.Input[int] max_lease_ttl_seconds: Maximum possible lease duration for secrets in seconds.
|
1323
1536
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
1324
1537
|
The value should not contain leading or trailing forward slashes.
|
1325
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
1538
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
1326
1539
|
*Available only for Vault Enterprise*.
|
1327
|
-
:param pulumi.Input[Mapping[str,
|
1540
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] options: Specifies mount type specific options that are passed to the backend
|
1541
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] passthrough_request_headers: List of headers to allow and pass from the request to the plugin
|
1328
1542
|
:param pulumi.Input[str] password_policy: Name of the password policy to use to generate passwords.
|
1329
1543
|
:param pulumi.Input[str] path: The unique path this backend should be mounted at. Must
|
1330
1544
|
not begin or end with a `/`. Defaults to `ldap`.
|
1545
|
+
:param pulumi.Input[str] plugin_version: Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
|
1331
1546
|
:param pulumi.Input[int] request_timeout: Timeout, in seconds, for the connection when making requests against the server
|
1332
1547
|
before returning back an error.
|
1333
1548
|
:param pulumi.Input[str] schema: The LDAP schema to use when storing entry passwords. Valid schemas include `openldap`, `ad`, and `racf`. Default is `openldap`.
|
1334
1549
|
:param pulumi.Input[bool] seal_wrap: Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
|
1550
|
+
:param pulumi.Input[bool] skip_static_role_import_rotation: If set to true, static roles will not be rotated during import.
|
1551
|
+
Defaults to false. Requires Vault 1.16 or above.
|
1335
1552
|
:param pulumi.Input[bool] starttls: Issue a StartTLS command after establishing unencrypted connection.
|
1336
1553
|
:param pulumi.Input[str] upndomain: Enables userPrincipalDomain login with [username]@UPNDomain.
|
1337
1554
|
:param pulumi.Input[str] url: LDAP URL to connect to. Multiple URLs can be specified by concatenating
|
@@ -1345,6 +1562,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1345
1562
|
|
1346
1563
|
__props__.__dict__["accessor"] = accessor
|
1347
1564
|
__props__.__dict__["allowed_managed_keys"] = allowed_managed_keys
|
1565
|
+
__props__.__dict__["allowed_response_headers"] = allowed_response_headers
|
1348
1566
|
__props__.__dict__["audit_non_hmac_request_keys"] = audit_non_hmac_request_keys
|
1349
1567
|
__props__.__dict__["audit_non_hmac_response_keys"] = audit_non_hmac_response_keys
|
1350
1568
|
__props__.__dict__["binddn"] = binddn
|
@@ -1354,20 +1572,25 @@ class SecretBackend(pulumi.CustomResource):
|
|
1354
1572
|
__props__.__dict__["client_tls_key"] = client_tls_key
|
1355
1573
|
__props__.__dict__["connection_timeout"] = connection_timeout
|
1356
1574
|
__props__.__dict__["default_lease_ttl_seconds"] = default_lease_ttl_seconds
|
1575
|
+
__props__.__dict__["delegated_auth_accessors"] = delegated_auth_accessors
|
1357
1576
|
__props__.__dict__["description"] = description
|
1358
1577
|
__props__.__dict__["disable_remount"] = disable_remount
|
1359
1578
|
__props__.__dict__["external_entropy_access"] = external_entropy_access
|
1579
|
+
__props__.__dict__["identity_token_key"] = identity_token_key
|
1360
1580
|
__props__.__dict__["insecure_tls"] = insecure_tls
|
1361
|
-
__props__.__dict__["
|
1581
|
+
__props__.__dict__["listing_visibility"] = listing_visibility
|
1362
1582
|
__props__.__dict__["local"] = local
|
1363
1583
|
__props__.__dict__["max_lease_ttl_seconds"] = max_lease_ttl_seconds
|
1364
1584
|
__props__.__dict__["namespace"] = namespace
|
1365
1585
|
__props__.__dict__["options"] = options
|
1586
|
+
__props__.__dict__["passthrough_request_headers"] = passthrough_request_headers
|
1366
1587
|
__props__.__dict__["password_policy"] = password_policy
|
1367
1588
|
__props__.__dict__["path"] = path
|
1589
|
+
__props__.__dict__["plugin_version"] = plugin_version
|
1368
1590
|
__props__.__dict__["request_timeout"] = request_timeout
|
1369
1591
|
__props__.__dict__["schema"] = schema
|
1370
1592
|
__props__.__dict__["seal_wrap"] = seal_wrap
|
1593
|
+
__props__.__dict__["skip_static_role_import_rotation"] = skip_static_role_import_rotation
|
1371
1594
|
__props__.__dict__["starttls"] = starttls
|
1372
1595
|
__props__.__dict__["upndomain"] = upndomain
|
1373
1596
|
__props__.__dict__["url"] = url
|
@@ -1391,6 +1614,14 @@ class SecretBackend(pulumi.CustomResource):
|
|
1391
1614
|
"""
|
1392
1615
|
return pulumi.get(self, "allowed_managed_keys")
|
1393
1616
|
|
1617
|
+
@property
|
1618
|
+
@pulumi.getter(name="allowedResponseHeaders")
|
1619
|
+
def allowed_response_headers(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
1620
|
+
"""
|
1621
|
+
List of headers to allow and pass from the request to the plugin
|
1622
|
+
"""
|
1623
|
+
return pulumi.get(self, "allowed_response_headers")
|
1624
|
+
|
1394
1625
|
@property
|
1395
1626
|
@pulumi.getter(name="auditNonHmacRequestKeys")
|
1396
1627
|
def audit_non_hmac_request_keys(self) -> pulumi.Output[Sequence[str]]:
|
@@ -1465,6 +1696,14 @@ class SecretBackend(pulumi.CustomResource):
|
|
1465
1696
|
"""
|
1466
1697
|
return pulumi.get(self, "default_lease_ttl_seconds")
|
1467
1698
|
|
1699
|
+
@property
|
1700
|
+
@pulumi.getter(name="delegatedAuthAccessors")
|
1701
|
+
def delegated_auth_accessors(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
1702
|
+
"""
|
1703
|
+
List of headers to allow and pass from the request to the plugin
|
1704
|
+
"""
|
1705
|
+
return pulumi.get(self, "delegated_auth_accessors")
|
1706
|
+
|
1468
1707
|
@property
|
1469
1708
|
@pulumi.getter
|
1470
1709
|
def description(self) -> pulumi.Output[Optional[str]]:
|
@@ -1489,6 +1728,14 @@ class SecretBackend(pulumi.CustomResource):
|
|
1489
1728
|
"""
|
1490
1729
|
return pulumi.get(self, "external_entropy_access")
|
1491
1730
|
|
1731
|
+
@property
|
1732
|
+
@pulumi.getter(name="identityTokenKey")
|
1733
|
+
def identity_token_key(self) -> pulumi.Output[Optional[str]]:
|
1734
|
+
"""
|
1735
|
+
The key to use for signing plugin workload identity tokens
|
1736
|
+
"""
|
1737
|
+
return pulumi.get(self, "identity_token_key")
|
1738
|
+
|
1492
1739
|
@property
|
1493
1740
|
@pulumi.getter(name="insecureTls")
|
1494
1741
|
def insecure_tls(self) -> pulumi.Output[Optional[bool]]:
|
@@ -1499,16 +1746,12 @@ class SecretBackend(pulumi.CustomResource):
|
|
1499
1746
|
return pulumi.get(self, "insecure_tls")
|
1500
1747
|
|
1501
1748
|
@property
|
1502
|
-
@pulumi.getter
|
1503
|
-
def
|
1749
|
+
@pulumi.getter(name="listingVisibility")
|
1750
|
+
def listing_visibility(self) -> pulumi.Output[Optional[str]]:
|
1504
1751
|
"""
|
1505
|
-
|
1506
|
-
*Mutually exclusive with `password_policy` on vault-1.11+*
|
1752
|
+
Specifies whether to show this mount in the UI-specific listing endpoint
|
1507
1753
|
"""
|
1508
|
-
|
1509
|
-
pulumi.log.warn("""length is deprecated: Length is deprecated and password_policy should be used with Vault >= 1.5.""")
|
1510
|
-
|
1511
|
-
return pulumi.get(self, "length")
|
1754
|
+
return pulumi.get(self, "listing_visibility")
|
1512
1755
|
|
1513
1756
|
@property
|
1514
1757
|
@pulumi.getter
|
@@ -1533,19 +1776,27 @@ class SecretBackend(pulumi.CustomResource):
|
|
1533
1776
|
"""
|
1534
1777
|
The namespace to provision the resource in.
|
1535
1778
|
The value should not contain leading or trailing forward slashes.
|
1536
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
1779
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
1537
1780
|
*Available only for Vault Enterprise*.
|
1538
1781
|
"""
|
1539
1782
|
return pulumi.get(self, "namespace")
|
1540
1783
|
|
1541
1784
|
@property
|
1542
1785
|
@pulumi.getter
|
1543
|
-
def options(self) -> pulumi.Output[Optional[Mapping[str,
|
1786
|
+
def options(self) -> pulumi.Output[Optional[Mapping[str, str]]]:
|
1544
1787
|
"""
|
1545
1788
|
Specifies mount type specific options that are passed to the backend
|
1546
1789
|
"""
|
1547
1790
|
return pulumi.get(self, "options")
|
1548
1791
|
|
1792
|
+
@property
|
1793
|
+
@pulumi.getter(name="passthroughRequestHeaders")
|
1794
|
+
def passthrough_request_headers(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
1795
|
+
"""
|
1796
|
+
List of headers to allow and pass from the request to the plugin
|
1797
|
+
"""
|
1798
|
+
return pulumi.get(self, "passthrough_request_headers")
|
1799
|
+
|
1549
1800
|
@property
|
1550
1801
|
@pulumi.getter(name="passwordPolicy")
|
1551
1802
|
def password_policy(self) -> pulumi.Output[Optional[str]]:
|
@@ -1563,6 +1814,14 @@ class SecretBackend(pulumi.CustomResource):
|
|
1563
1814
|
"""
|
1564
1815
|
return pulumi.get(self, "path")
|
1565
1816
|
|
1817
|
+
@property
|
1818
|
+
@pulumi.getter(name="pluginVersion")
|
1819
|
+
def plugin_version(self) -> pulumi.Output[Optional[str]]:
|
1820
|
+
"""
|
1821
|
+
Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
|
1822
|
+
"""
|
1823
|
+
return pulumi.get(self, "plugin_version")
|
1824
|
+
|
1566
1825
|
@property
|
1567
1826
|
@pulumi.getter(name="requestTimeout")
|
1568
1827
|
def request_timeout(self) -> pulumi.Output[int]:
|
@@ -1588,6 +1847,15 @@ class SecretBackend(pulumi.CustomResource):
|
|
1588
1847
|
"""
|
1589
1848
|
return pulumi.get(self, "seal_wrap")
|
1590
1849
|
|
1850
|
+
@property
|
1851
|
+
@pulumi.getter(name="skipStaticRoleImportRotation")
|
1852
|
+
def skip_static_role_import_rotation(self) -> pulumi.Output[Optional[bool]]:
|
1853
|
+
"""
|
1854
|
+
If set to true, static roles will not be rotated during import.
|
1855
|
+
Defaults to false. Requires Vault 1.16 or above.
|
1856
|
+
"""
|
1857
|
+
return pulumi.get(self, "skip_static_role_import_rotation")
|
1858
|
+
|
1591
1859
|
@property
|
1592
1860
|
@pulumi.getter
|
1593
1861
|
def starttls(self) -> pulumi.Output[bool]:
|