pulumi-vault 5.21.0a1710160723__py3-none-any.whl → 6.5.0a1736850018__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +52 -0
- pulumi_vault/_inputs.py +560 -0
- pulumi_vault/_utilities.py +41 -5
- pulumi_vault/ad/get_access_credentials.py +22 -7
- pulumi_vault/ad/secret_backend.py +14 -144
- pulumi_vault/ad/secret_library.py +14 -11
- pulumi_vault/ad/secret_role.py +12 -11
- pulumi_vault/alicloud/auth_backend_role.py +74 -192
- pulumi_vault/approle/auth_backend_login.py +12 -11
- pulumi_vault/approle/auth_backend_role.py +75 -193
- pulumi_vault/approle/auth_backend_role_secret_id.py +106 -11
- pulumi_vault/approle/get_auth_backend_role_id.py +18 -9
- pulumi_vault/audit.py +24 -27
- pulumi_vault/audit_request_header.py +11 -6
- pulumi_vault/auth_backend.py +64 -12
- pulumi_vault/aws/auth_backend_cert.py +12 -7
- pulumi_vault/aws/auth_backend_client.py +265 -24
- pulumi_vault/aws/auth_backend_config_identity.py +12 -11
- pulumi_vault/aws/auth_backend_identity_whitelist.py +18 -17
- pulumi_vault/aws/auth_backend_login.py +19 -22
- pulumi_vault/aws/auth_backend_role.py +75 -193
- pulumi_vault/aws/auth_backend_role_tag.py +12 -7
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -17
- pulumi_vault/aws/auth_backend_sts_role.py +12 -11
- pulumi_vault/aws/get_access_credentials.py +34 -7
- pulumi_vault/aws/get_static_access_credentials.py +19 -5
- pulumi_vault/aws/secret_backend.py +75 -7
- pulumi_vault/aws/secret_backend_role.py +183 -11
- pulumi_vault/aws/secret_backend_static_role.py +14 -11
- pulumi_vault/azure/_inputs.py +24 -0
- pulumi_vault/azure/auth_backend_config.py +151 -17
- pulumi_vault/azure/auth_backend_role.py +75 -193
- pulumi_vault/azure/backend.py +223 -29
- pulumi_vault/azure/backend_role.py +42 -41
- pulumi_vault/azure/get_access_credentials.py +39 -11
- pulumi_vault/azure/outputs.py +5 -0
- pulumi_vault/cert_auth_backend_role.py +87 -271
- pulumi_vault/config/__init__.pyi +5 -0
- pulumi_vault/config/_inputs.py +73 -0
- pulumi_vault/config/outputs.py +35 -0
- pulumi_vault/config/ui_custom_message.py +529 -0
- pulumi_vault/config/vars.py +5 -0
- pulumi_vault/consul/secret_backend.py +22 -25
- pulumi_vault/consul/secret_backend_role.py +14 -80
- pulumi_vault/database/_inputs.py +2770 -881
- pulumi_vault/database/outputs.py +721 -838
- pulumi_vault/database/secret_backend_connection.py +117 -114
- pulumi_vault/database/secret_backend_role.py +29 -24
- pulumi_vault/database/secret_backend_static_role.py +85 -15
- pulumi_vault/database/secrets_mount.py +425 -138
- pulumi_vault/egp_policy.py +16 -15
- pulumi_vault/gcp/_inputs.py +111 -0
- pulumi_vault/gcp/auth_backend.py +248 -35
- pulumi_vault/gcp/auth_backend_role.py +75 -271
- pulumi_vault/gcp/get_auth_backend_role.py +43 -9
- pulumi_vault/gcp/outputs.py +5 -0
- pulumi_vault/gcp/secret_backend.py +287 -16
- pulumi_vault/gcp/secret_impersonated_account.py +74 -17
- pulumi_vault/gcp/secret_roleset.py +29 -26
- pulumi_vault/gcp/secret_static_account.py +37 -34
- pulumi_vault/generic/endpoint.py +22 -21
- pulumi_vault/generic/get_secret.py +68 -12
- pulumi_vault/generic/secret.py +19 -14
- pulumi_vault/get_auth_backend.py +24 -11
- pulumi_vault/get_auth_backends.py +33 -11
- pulumi_vault/get_namespace.py +226 -0
- pulumi_vault/get_namespaces.py +153 -0
- pulumi_vault/get_nomad_access_token.py +31 -15
- pulumi_vault/get_policy_document.py +34 -23
- pulumi_vault/get_raft_autopilot_state.py +29 -14
- pulumi_vault/github/_inputs.py +55 -0
- pulumi_vault/github/auth_backend.py +17 -16
- pulumi_vault/github/outputs.py +5 -0
- pulumi_vault/github/team.py +14 -13
- pulumi_vault/github/user.py +14 -13
- pulumi_vault/identity/entity.py +18 -15
- pulumi_vault/identity/entity_alias.py +18 -15
- pulumi_vault/identity/entity_policies.py +24 -19
- pulumi_vault/identity/get_entity.py +40 -14
- pulumi_vault/identity/get_group.py +45 -13
- pulumi_vault/identity/get_oidc_client_creds.py +21 -11
- pulumi_vault/identity/get_oidc_openid_config.py +39 -13
- pulumi_vault/identity/get_oidc_public_keys.py +29 -14
- pulumi_vault/identity/group.py +50 -49
- pulumi_vault/identity/group_alias.py +14 -11
- pulumi_vault/identity/group_member_entity_ids.py +24 -74
- pulumi_vault/identity/group_member_group_ids.py +36 -27
- pulumi_vault/identity/group_policies.py +16 -15
- pulumi_vault/identity/mfa_duo.py +9 -8
- pulumi_vault/identity/mfa_login_enforcement.py +13 -8
- pulumi_vault/identity/mfa_okta.py +9 -8
- pulumi_vault/identity/mfa_pingid.py +5 -4
- pulumi_vault/identity/mfa_totp.py +5 -4
- pulumi_vault/identity/oidc.py +12 -11
- pulumi_vault/identity/oidc_assignment.py +22 -13
- pulumi_vault/identity/oidc_client.py +34 -25
- pulumi_vault/identity/oidc_key.py +28 -19
- pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -19
- pulumi_vault/identity/oidc_provider.py +34 -23
- pulumi_vault/identity/oidc_role.py +40 -27
- pulumi_vault/identity/oidc_scope.py +18 -15
- pulumi_vault/identity/outputs.py +8 -3
- pulumi_vault/jwt/_inputs.py +55 -0
- pulumi_vault/jwt/auth_backend.py +39 -46
- pulumi_vault/jwt/auth_backend_role.py +131 -260
- pulumi_vault/jwt/outputs.py +5 -0
- pulumi_vault/kmip/secret_backend.py +22 -21
- pulumi_vault/kmip/secret_role.py +12 -11
- pulumi_vault/kmip/secret_scope.py +12 -11
- pulumi_vault/kubernetes/auth_backend_config.py +55 -7
- pulumi_vault/kubernetes/auth_backend_role.py +68 -179
- pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
- pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
- pulumi_vault/kubernetes/get_service_account_token.py +39 -15
- pulumi_vault/kubernetes/secret_backend.py +314 -29
- pulumi_vault/kubernetes/secret_backend_role.py +135 -56
- pulumi_vault/kv/_inputs.py +36 -4
- pulumi_vault/kv/get_secret.py +23 -12
- pulumi_vault/kv/get_secret_subkeys_v2.py +31 -14
- pulumi_vault/kv/get_secret_v2.py +89 -9
- pulumi_vault/kv/get_secrets_list.py +22 -15
- pulumi_vault/kv/get_secrets_list_v2.py +35 -19
- pulumi_vault/kv/outputs.py +8 -3
- pulumi_vault/kv/secret.py +19 -18
- pulumi_vault/kv/secret_backend_v2.py +12 -11
- pulumi_vault/kv/secret_v2.py +55 -52
- pulumi_vault/ldap/auth_backend.py +125 -168
- pulumi_vault/ldap/auth_backend_group.py +12 -11
- pulumi_vault/ldap/auth_backend_user.py +12 -11
- pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
- pulumi_vault/ldap/get_static_credentials.py +24 -5
- pulumi_vault/ldap/secret_backend.py +352 -84
- pulumi_vault/ldap/secret_backend_dynamic_role.py +12 -11
- pulumi_vault/ldap/secret_backend_library_set.py +14 -11
- pulumi_vault/ldap/secret_backend_static_role.py +67 -12
- pulumi_vault/managed/_inputs.py +289 -132
- pulumi_vault/managed/keys.py +27 -43
- pulumi_vault/managed/outputs.py +89 -132
- pulumi_vault/mfa_duo.py +16 -13
- pulumi_vault/mfa_okta.py +16 -13
- pulumi_vault/mfa_pingid.py +16 -13
- pulumi_vault/mfa_totp.py +22 -19
- pulumi_vault/mongodbatlas/secret_backend.py +18 -17
- pulumi_vault/mongodbatlas/secret_role.py +41 -38
- pulumi_vault/mount.py +389 -65
- pulumi_vault/namespace.py +26 -21
- pulumi_vault/nomad_secret_backend.py +16 -15
- pulumi_vault/nomad_secret_role.py +12 -11
- pulumi_vault/okta/_inputs.py +47 -8
- pulumi_vault/okta/auth_backend.py +483 -41
- pulumi_vault/okta/auth_backend_group.py +12 -11
- pulumi_vault/okta/auth_backend_user.py +12 -11
- pulumi_vault/okta/outputs.py +13 -8
- pulumi_vault/outputs.py +5 -0
- pulumi_vault/password_policy.py +18 -15
- pulumi_vault/pkisecret/__init__.py +3 -0
- pulumi_vault/pkisecret/_inputs.py +81 -0
- pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
- pulumi_vault/pkisecret/backend_config_est.py +619 -0
- pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
- pulumi_vault/pkisecret/get_backend_issuer.py +63 -7
- pulumi_vault/pkisecret/get_backend_issuers.py +21 -12
- pulumi_vault/pkisecret/get_backend_key.py +24 -13
- pulumi_vault/pkisecret/get_backend_keys.py +21 -12
- pulumi_vault/pkisecret/outputs.py +69 -0
- pulumi_vault/pkisecret/secret_backend_cert.py +18 -15
- pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -15
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +12 -11
- pulumi_vault/pkisecret/secret_backend_config_urls.py +59 -11
- pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -13
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -15
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -21
- pulumi_vault/pkisecret/secret_backend_issuer.py +12 -11
- pulumi_vault/pkisecret/secret_backend_key.py +12 -7
- pulumi_vault/pkisecret/secret_backend_role.py +19 -16
- pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -52
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -62
- pulumi_vault/pkisecret/secret_backend_sign.py +18 -60
- pulumi_vault/plugin.py +595 -0
- pulumi_vault/plugin_pinned_version.py +298 -0
- pulumi_vault/policy.py +12 -7
- pulumi_vault/provider.py +48 -53
- pulumi_vault/pulumi-plugin.json +2 -1
- pulumi_vault/quota_lease_count.py +58 -8
- pulumi_vault/quota_rate_limit.py +54 -4
- pulumi_vault/rabbitmq/_inputs.py +61 -0
- pulumi_vault/rabbitmq/outputs.py +5 -0
- pulumi_vault/rabbitmq/secret_backend.py +16 -15
- pulumi_vault/rabbitmq/secret_backend_role.py +52 -49
- pulumi_vault/raft_autopilot.py +12 -11
- pulumi_vault/raft_snapshot_agent_config.py +121 -311
- pulumi_vault/rgp_policy.py +14 -13
- pulumi_vault/saml/auth_backend.py +20 -19
- pulumi_vault/saml/auth_backend_role.py +90 -199
- pulumi_vault/secrets/__init__.py +3 -0
- pulumi_vault/secrets/_inputs.py +110 -0
- pulumi_vault/secrets/outputs.py +94 -0
- pulumi_vault/secrets/sync_association.py +56 -75
- pulumi_vault/secrets/sync_aws_destination.py +240 -29
- pulumi_vault/secrets/sync_azure_destination.py +90 -33
- pulumi_vault/secrets/sync_config.py +7 -6
- pulumi_vault/secrets/sync_gcp_destination.py +156 -27
- pulumi_vault/secrets/sync_gh_destination.py +187 -15
- pulumi_vault/secrets/sync_github_apps.py +375 -0
- pulumi_vault/secrets/sync_vercel_destination.py +72 -15
- pulumi_vault/ssh/_inputs.py +28 -32
- pulumi_vault/ssh/outputs.py +11 -32
- pulumi_vault/ssh/secret_backend_ca.py +106 -11
- pulumi_vault/ssh/secret_backend_role.py +83 -120
- pulumi_vault/terraformcloud/secret_backend.py +5 -56
- pulumi_vault/terraformcloud/secret_creds.py +14 -24
- pulumi_vault/terraformcloud/secret_role.py +14 -76
- pulumi_vault/token.py +26 -25
- pulumi_vault/tokenauth/auth_backend_role.py +76 -201
- pulumi_vault/transform/alphabet.py +16 -13
- pulumi_vault/transform/get_decode.py +45 -21
- pulumi_vault/transform/get_encode.py +45 -21
- pulumi_vault/transform/role.py +16 -13
- pulumi_vault/transform/template.py +30 -25
- pulumi_vault/transform/transformation.py +12 -7
- pulumi_vault/transit/get_decrypt.py +26 -25
- pulumi_vault/transit/get_encrypt.py +24 -19
- pulumi_vault/transit/secret_backend_key.py +25 -97
- pulumi_vault/transit/secret_cache_config.py +12 -11
- {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736850018.dist-info}/METADATA +8 -7
- pulumi_vault-6.5.0a1736850018.dist-info/RECORD +256 -0
- {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736850018.dist-info}/WHEEL +1 -1
- pulumi_vault-5.21.0a1710160723.dist-info/RECORD +0 -244
- {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736850018.dist-info}/top_level.txt +0 -0
pulumi_vault/mount.py
CHANGED
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from . import _utilities
|
11
16
|
|
12
17
|
__all__ = ['MountArgs', 'Mount']
|
@@ -17,49 +22,76 @@ class MountArgs:
|
|
17
22
|
path: pulumi.Input[str],
|
18
23
|
type: pulumi.Input[str],
|
19
24
|
allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
25
|
+
allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
20
26
|
audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
21
27
|
audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
22
28
|
default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
29
|
+
delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
23
30
|
description: Optional[pulumi.Input[str]] = None,
|
24
31
|
external_entropy_access: Optional[pulumi.Input[bool]] = None,
|
32
|
+
identity_token_key: Optional[pulumi.Input[str]] = None,
|
33
|
+
listing_visibility: Optional[pulumi.Input[str]] = None,
|
25
34
|
local: Optional[pulumi.Input[bool]] = None,
|
26
35
|
max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
27
36
|
namespace: Optional[pulumi.Input[str]] = None,
|
28
|
-
options: Optional[pulumi.Input[Mapping[str,
|
37
|
+
options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
38
|
+
passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
39
|
+
plugin_version: Optional[pulumi.Input[str]] = None,
|
29
40
|
seal_wrap: Optional[pulumi.Input[bool]] = None):
|
30
41
|
"""
|
31
42
|
The set of arguments for constructing a Mount resource.
|
32
43
|
:param pulumi.Input[str] path: Where the secret backend will be mounted
|
33
44
|
:param pulumi.Input[str] type: Type of the backend, such as "aws"
|
34
45
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_managed_keys: Set of managed key registry entry names that the mount in question is allowed to access
|
46
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_response_headers: List of headers to allow, allowing a plugin to include
|
47
|
+
them in the response.
|
35
48
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
|
36
49
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
|
37
50
|
:param pulumi.Input[int] default_lease_ttl_seconds: Default lease duration for tokens and secrets in seconds
|
51
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] delegated_auth_accessors: List of allowed authentication mount accessors the
|
52
|
+
backend can request delegated authentication for.
|
38
53
|
:param pulumi.Input[str] description: Human-friendly description of the mount
|
39
54
|
:param pulumi.Input[bool] external_entropy_access: Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source
|
55
|
+
:param pulumi.Input[str] identity_token_key: The key to use for signing plugin workload identity tokens. If
|
56
|
+
not provided, this will default to Vault's OIDC default key.
|
57
|
+
:param pulumi.Input[str] listing_visibility: Specifies whether to show this mount in the UI-specific
|
58
|
+
listing endpoint. Valid values are `unauth` or `hidden`. If not set, behaves like `hidden`.
|
40
59
|
:param pulumi.Input[bool] local: Boolean flag that can be explicitly set to true to enforce local mount in HA environment
|
41
60
|
:param pulumi.Input[int] max_lease_ttl_seconds: Maximum possible lease duration for tokens and secrets in seconds
|
42
61
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
43
62
|
The value should not contain leading or trailing forward slashes.
|
44
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
63
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
45
64
|
*Available only for Vault Enterprise*.
|
46
|
-
:param pulumi.Input[Mapping[str,
|
65
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] options: Specifies mount type specific options that are passed to the backend
|
66
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] passthrough_request_headers: List of headers to allow and pass from the request to
|
67
|
+
the plugin.
|
68
|
+
:param pulumi.Input[str] plugin_version: Specifies the semantic version of the plugin to use, e.g. "v1.0.0".
|
69
|
+
If unspecified, the server will select any matching unversioned plugin that may have been
|
70
|
+
registered, the latest versioned plugin registered, or a built-in plugin in that order of precedence.
|
47
71
|
:param pulumi.Input[bool] seal_wrap: Boolean flag that can be explicitly set to true to enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
|
48
72
|
"""
|
49
73
|
pulumi.set(__self__, "path", path)
|
50
74
|
pulumi.set(__self__, "type", type)
|
51
75
|
if allowed_managed_keys is not None:
|
52
76
|
pulumi.set(__self__, "allowed_managed_keys", allowed_managed_keys)
|
77
|
+
if allowed_response_headers is not None:
|
78
|
+
pulumi.set(__self__, "allowed_response_headers", allowed_response_headers)
|
53
79
|
if audit_non_hmac_request_keys is not None:
|
54
80
|
pulumi.set(__self__, "audit_non_hmac_request_keys", audit_non_hmac_request_keys)
|
55
81
|
if audit_non_hmac_response_keys is not None:
|
56
82
|
pulumi.set(__self__, "audit_non_hmac_response_keys", audit_non_hmac_response_keys)
|
57
83
|
if default_lease_ttl_seconds is not None:
|
58
84
|
pulumi.set(__self__, "default_lease_ttl_seconds", default_lease_ttl_seconds)
|
85
|
+
if delegated_auth_accessors is not None:
|
86
|
+
pulumi.set(__self__, "delegated_auth_accessors", delegated_auth_accessors)
|
59
87
|
if description is not None:
|
60
88
|
pulumi.set(__self__, "description", description)
|
61
89
|
if external_entropy_access is not None:
|
62
90
|
pulumi.set(__self__, "external_entropy_access", external_entropy_access)
|
91
|
+
if identity_token_key is not None:
|
92
|
+
pulumi.set(__self__, "identity_token_key", identity_token_key)
|
93
|
+
if listing_visibility is not None:
|
94
|
+
pulumi.set(__self__, "listing_visibility", listing_visibility)
|
63
95
|
if local is not None:
|
64
96
|
pulumi.set(__self__, "local", local)
|
65
97
|
if max_lease_ttl_seconds is not None:
|
@@ -68,6 +100,10 @@ class MountArgs:
|
|
68
100
|
pulumi.set(__self__, "namespace", namespace)
|
69
101
|
if options is not None:
|
70
102
|
pulumi.set(__self__, "options", options)
|
103
|
+
if passthrough_request_headers is not None:
|
104
|
+
pulumi.set(__self__, "passthrough_request_headers", passthrough_request_headers)
|
105
|
+
if plugin_version is not None:
|
106
|
+
pulumi.set(__self__, "plugin_version", plugin_version)
|
71
107
|
if seal_wrap is not None:
|
72
108
|
pulumi.set(__self__, "seal_wrap", seal_wrap)
|
73
109
|
|
@@ -107,6 +143,19 @@ class MountArgs:
|
|
107
143
|
def allowed_managed_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
108
144
|
pulumi.set(self, "allowed_managed_keys", value)
|
109
145
|
|
146
|
+
@property
|
147
|
+
@pulumi.getter(name="allowedResponseHeaders")
|
148
|
+
def allowed_response_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
149
|
+
"""
|
150
|
+
List of headers to allow, allowing a plugin to include
|
151
|
+
them in the response.
|
152
|
+
"""
|
153
|
+
return pulumi.get(self, "allowed_response_headers")
|
154
|
+
|
155
|
+
@allowed_response_headers.setter
|
156
|
+
def allowed_response_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
157
|
+
pulumi.set(self, "allowed_response_headers", value)
|
158
|
+
|
110
159
|
@property
|
111
160
|
@pulumi.getter(name="auditNonHmacRequestKeys")
|
112
161
|
def audit_non_hmac_request_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
@@ -143,6 +192,19 @@ class MountArgs:
|
|
143
192
|
def default_lease_ttl_seconds(self, value: Optional[pulumi.Input[int]]):
|
144
193
|
pulumi.set(self, "default_lease_ttl_seconds", value)
|
145
194
|
|
195
|
+
@property
|
196
|
+
@pulumi.getter(name="delegatedAuthAccessors")
|
197
|
+
def delegated_auth_accessors(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
198
|
+
"""
|
199
|
+
List of allowed authentication mount accessors the
|
200
|
+
backend can request delegated authentication for.
|
201
|
+
"""
|
202
|
+
return pulumi.get(self, "delegated_auth_accessors")
|
203
|
+
|
204
|
+
@delegated_auth_accessors.setter
|
205
|
+
def delegated_auth_accessors(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
206
|
+
pulumi.set(self, "delegated_auth_accessors", value)
|
207
|
+
|
146
208
|
@property
|
147
209
|
@pulumi.getter
|
148
210
|
def description(self) -> Optional[pulumi.Input[str]]:
|
@@ -167,6 +229,32 @@ class MountArgs:
|
|
167
229
|
def external_entropy_access(self, value: Optional[pulumi.Input[bool]]):
|
168
230
|
pulumi.set(self, "external_entropy_access", value)
|
169
231
|
|
232
|
+
@property
|
233
|
+
@pulumi.getter(name="identityTokenKey")
|
234
|
+
def identity_token_key(self) -> Optional[pulumi.Input[str]]:
|
235
|
+
"""
|
236
|
+
The key to use for signing plugin workload identity tokens. If
|
237
|
+
not provided, this will default to Vault's OIDC default key.
|
238
|
+
"""
|
239
|
+
return pulumi.get(self, "identity_token_key")
|
240
|
+
|
241
|
+
@identity_token_key.setter
|
242
|
+
def identity_token_key(self, value: Optional[pulumi.Input[str]]):
|
243
|
+
pulumi.set(self, "identity_token_key", value)
|
244
|
+
|
245
|
+
@property
|
246
|
+
@pulumi.getter(name="listingVisibility")
|
247
|
+
def listing_visibility(self) -> Optional[pulumi.Input[str]]:
|
248
|
+
"""
|
249
|
+
Specifies whether to show this mount in the UI-specific
|
250
|
+
listing endpoint. Valid values are `unauth` or `hidden`. If not set, behaves like `hidden`.
|
251
|
+
"""
|
252
|
+
return pulumi.get(self, "listing_visibility")
|
253
|
+
|
254
|
+
@listing_visibility.setter
|
255
|
+
def listing_visibility(self, value: Optional[pulumi.Input[str]]):
|
256
|
+
pulumi.set(self, "listing_visibility", value)
|
257
|
+
|
170
258
|
@property
|
171
259
|
@pulumi.getter
|
172
260
|
def local(self) -> Optional[pulumi.Input[bool]]:
|
@@ -197,7 +285,7 @@ class MountArgs:
|
|
197
285
|
"""
|
198
286
|
The namespace to provision the resource in.
|
199
287
|
The value should not contain leading or trailing forward slashes.
|
200
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
288
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
201
289
|
*Available only for Vault Enterprise*.
|
202
290
|
"""
|
203
291
|
return pulumi.get(self, "namespace")
|
@@ -208,16 +296,43 @@ class MountArgs:
|
|
208
296
|
|
209
297
|
@property
|
210
298
|
@pulumi.getter
|
211
|
-
def options(self) -> Optional[pulumi.Input[Mapping[str,
|
299
|
+
def options(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
|
212
300
|
"""
|
213
301
|
Specifies mount type specific options that are passed to the backend
|
214
302
|
"""
|
215
303
|
return pulumi.get(self, "options")
|
216
304
|
|
217
305
|
@options.setter
|
218
|
-
def options(self, value: Optional[pulumi.Input[Mapping[str,
|
306
|
+
def options(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
|
219
307
|
pulumi.set(self, "options", value)
|
220
308
|
|
309
|
+
@property
|
310
|
+
@pulumi.getter(name="passthroughRequestHeaders")
|
311
|
+
def passthrough_request_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
312
|
+
"""
|
313
|
+
List of headers to allow and pass from the request to
|
314
|
+
the plugin.
|
315
|
+
"""
|
316
|
+
return pulumi.get(self, "passthrough_request_headers")
|
317
|
+
|
318
|
+
@passthrough_request_headers.setter
|
319
|
+
def passthrough_request_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
320
|
+
pulumi.set(self, "passthrough_request_headers", value)
|
321
|
+
|
322
|
+
@property
|
323
|
+
@pulumi.getter(name="pluginVersion")
|
324
|
+
def plugin_version(self) -> Optional[pulumi.Input[str]]:
|
325
|
+
"""
|
326
|
+
Specifies the semantic version of the plugin to use, e.g. "v1.0.0".
|
327
|
+
If unspecified, the server will select any matching unversioned plugin that may have been
|
328
|
+
registered, the latest versioned plugin registered, or a built-in plugin in that order of precedence.
|
329
|
+
"""
|
330
|
+
return pulumi.get(self, "plugin_version")
|
331
|
+
|
332
|
+
@plugin_version.setter
|
333
|
+
def plugin_version(self, value: Optional[pulumi.Input[str]]):
|
334
|
+
pulumi.set(self, "plugin_version", value)
|
335
|
+
|
221
336
|
@property
|
222
337
|
@pulumi.getter(name="sealWrap")
|
223
338
|
def seal_wrap(self) -> Optional[pulumi.Input[bool]]:
|
@@ -236,35 +351,54 @@ class _MountState:
|
|
236
351
|
def __init__(__self__, *,
|
237
352
|
accessor: Optional[pulumi.Input[str]] = None,
|
238
353
|
allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
354
|
+
allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
239
355
|
audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
240
356
|
audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
241
357
|
default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
358
|
+
delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
242
359
|
description: Optional[pulumi.Input[str]] = None,
|
243
360
|
external_entropy_access: Optional[pulumi.Input[bool]] = None,
|
361
|
+
identity_token_key: Optional[pulumi.Input[str]] = None,
|
362
|
+
listing_visibility: Optional[pulumi.Input[str]] = None,
|
244
363
|
local: Optional[pulumi.Input[bool]] = None,
|
245
364
|
max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
246
365
|
namespace: Optional[pulumi.Input[str]] = None,
|
247
|
-
options: Optional[pulumi.Input[Mapping[str,
|
366
|
+
options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
367
|
+
passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
248
368
|
path: Optional[pulumi.Input[str]] = None,
|
369
|
+
plugin_version: Optional[pulumi.Input[str]] = None,
|
249
370
|
seal_wrap: Optional[pulumi.Input[bool]] = None,
|
250
371
|
type: Optional[pulumi.Input[str]] = None):
|
251
372
|
"""
|
252
373
|
Input properties used for looking up and filtering Mount resources.
|
253
374
|
:param pulumi.Input[str] accessor: The accessor for this mount.
|
254
375
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_managed_keys: Set of managed key registry entry names that the mount in question is allowed to access
|
376
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_response_headers: List of headers to allow, allowing a plugin to include
|
377
|
+
them in the response.
|
255
378
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
|
256
379
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
|
257
380
|
:param pulumi.Input[int] default_lease_ttl_seconds: Default lease duration for tokens and secrets in seconds
|
381
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] delegated_auth_accessors: List of allowed authentication mount accessors the
|
382
|
+
backend can request delegated authentication for.
|
258
383
|
:param pulumi.Input[str] description: Human-friendly description of the mount
|
259
384
|
:param pulumi.Input[bool] external_entropy_access: Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source
|
385
|
+
:param pulumi.Input[str] identity_token_key: The key to use for signing plugin workload identity tokens. If
|
386
|
+
not provided, this will default to Vault's OIDC default key.
|
387
|
+
:param pulumi.Input[str] listing_visibility: Specifies whether to show this mount in the UI-specific
|
388
|
+
listing endpoint. Valid values are `unauth` or `hidden`. If not set, behaves like `hidden`.
|
260
389
|
:param pulumi.Input[bool] local: Boolean flag that can be explicitly set to true to enforce local mount in HA environment
|
261
390
|
:param pulumi.Input[int] max_lease_ttl_seconds: Maximum possible lease duration for tokens and secrets in seconds
|
262
391
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
263
392
|
The value should not contain leading or trailing forward slashes.
|
264
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
393
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
265
394
|
*Available only for Vault Enterprise*.
|
266
|
-
:param pulumi.Input[Mapping[str,
|
395
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] options: Specifies mount type specific options that are passed to the backend
|
396
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] passthrough_request_headers: List of headers to allow and pass from the request to
|
397
|
+
the plugin.
|
267
398
|
:param pulumi.Input[str] path: Where the secret backend will be mounted
|
399
|
+
:param pulumi.Input[str] plugin_version: Specifies the semantic version of the plugin to use, e.g. "v1.0.0".
|
400
|
+
If unspecified, the server will select any matching unversioned plugin that may have been
|
401
|
+
registered, the latest versioned plugin registered, or a built-in plugin in that order of precedence.
|
268
402
|
:param pulumi.Input[bool] seal_wrap: Boolean flag that can be explicitly set to true to enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
|
269
403
|
:param pulumi.Input[str] type: Type of the backend, such as "aws"
|
270
404
|
"""
|
@@ -272,16 +406,24 @@ class _MountState:
|
|
272
406
|
pulumi.set(__self__, "accessor", accessor)
|
273
407
|
if allowed_managed_keys is not None:
|
274
408
|
pulumi.set(__self__, "allowed_managed_keys", allowed_managed_keys)
|
409
|
+
if allowed_response_headers is not None:
|
410
|
+
pulumi.set(__self__, "allowed_response_headers", allowed_response_headers)
|
275
411
|
if audit_non_hmac_request_keys is not None:
|
276
412
|
pulumi.set(__self__, "audit_non_hmac_request_keys", audit_non_hmac_request_keys)
|
277
413
|
if audit_non_hmac_response_keys is not None:
|
278
414
|
pulumi.set(__self__, "audit_non_hmac_response_keys", audit_non_hmac_response_keys)
|
279
415
|
if default_lease_ttl_seconds is not None:
|
280
416
|
pulumi.set(__self__, "default_lease_ttl_seconds", default_lease_ttl_seconds)
|
417
|
+
if delegated_auth_accessors is not None:
|
418
|
+
pulumi.set(__self__, "delegated_auth_accessors", delegated_auth_accessors)
|
281
419
|
if description is not None:
|
282
420
|
pulumi.set(__self__, "description", description)
|
283
421
|
if external_entropy_access is not None:
|
284
422
|
pulumi.set(__self__, "external_entropy_access", external_entropy_access)
|
423
|
+
if identity_token_key is not None:
|
424
|
+
pulumi.set(__self__, "identity_token_key", identity_token_key)
|
425
|
+
if listing_visibility is not None:
|
426
|
+
pulumi.set(__self__, "listing_visibility", listing_visibility)
|
285
427
|
if local is not None:
|
286
428
|
pulumi.set(__self__, "local", local)
|
287
429
|
if max_lease_ttl_seconds is not None:
|
@@ -290,8 +432,12 @@ class _MountState:
|
|
290
432
|
pulumi.set(__self__, "namespace", namespace)
|
291
433
|
if options is not None:
|
292
434
|
pulumi.set(__self__, "options", options)
|
435
|
+
if passthrough_request_headers is not None:
|
436
|
+
pulumi.set(__self__, "passthrough_request_headers", passthrough_request_headers)
|
293
437
|
if path is not None:
|
294
438
|
pulumi.set(__self__, "path", path)
|
439
|
+
if plugin_version is not None:
|
440
|
+
pulumi.set(__self__, "plugin_version", plugin_version)
|
295
441
|
if seal_wrap is not None:
|
296
442
|
pulumi.set(__self__, "seal_wrap", seal_wrap)
|
297
443
|
if type is not None:
|
@@ -321,6 +467,19 @@ class _MountState:
|
|
321
467
|
def allowed_managed_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
322
468
|
pulumi.set(self, "allowed_managed_keys", value)
|
323
469
|
|
470
|
+
@property
|
471
|
+
@pulumi.getter(name="allowedResponseHeaders")
|
472
|
+
def allowed_response_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
473
|
+
"""
|
474
|
+
List of headers to allow, allowing a plugin to include
|
475
|
+
them in the response.
|
476
|
+
"""
|
477
|
+
return pulumi.get(self, "allowed_response_headers")
|
478
|
+
|
479
|
+
@allowed_response_headers.setter
|
480
|
+
def allowed_response_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
481
|
+
pulumi.set(self, "allowed_response_headers", value)
|
482
|
+
|
324
483
|
@property
|
325
484
|
@pulumi.getter(name="auditNonHmacRequestKeys")
|
326
485
|
def audit_non_hmac_request_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
@@ -357,6 +516,19 @@ class _MountState:
|
|
357
516
|
def default_lease_ttl_seconds(self, value: Optional[pulumi.Input[int]]):
|
358
517
|
pulumi.set(self, "default_lease_ttl_seconds", value)
|
359
518
|
|
519
|
+
@property
|
520
|
+
@pulumi.getter(name="delegatedAuthAccessors")
|
521
|
+
def delegated_auth_accessors(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
522
|
+
"""
|
523
|
+
List of allowed authentication mount accessors the
|
524
|
+
backend can request delegated authentication for.
|
525
|
+
"""
|
526
|
+
return pulumi.get(self, "delegated_auth_accessors")
|
527
|
+
|
528
|
+
@delegated_auth_accessors.setter
|
529
|
+
def delegated_auth_accessors(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
530
|
+
pulumi.set(self, "delegated_auth_accessors", value)
|
531
|
+
|
360
532
|
@property
|
361
533
|
@pulumi.getter
|
362
534
|
def description(self) -> Optional[pulumi.Input[str]]:
|
@@ -381,6 +553,32 @@ class _MountState:
|
|
381
553
|
def external_entropy_access(self, value: Optional[pulumi.Input[bool]]):
|
382
554
|
pulumi.set(self, "external_entropy_access", value)
|
383
555
|
|
556
|
+
@property
|
557
|
+
@pulumi.getter(name="identityTokenKey")
|
558
|
+
def identity_token_key(self) -> Optional[pulumi.Input[str]]:
|
559
|
+
"""
|
560
|
+
The key to use for signing plugin workload identity tokens. If
|
561
|
+
not provided, this will default to Vault's OIDC default key.
|
562
|
+
"""
|
563
|
+
return pulumi.get(self, "identity_token_key")
|
564
|
+
|
565
|
+
@identity_token_key.setter
|
566
|
+
def identity_token_key(self, value: Optional[pulumi.Input[str]]):
|
567
|
+
pulumi.set(self, "identity_token_key", value)
|
568
|
+
|
569
|
+
@property
|
570
|
+
@pulumi.getter(name="listingVisibility")
|
571
|
+
def listing_visibility(self) -> Optional[pulumi.Input[str]]:
|
572
|
+
"""
|
573
|
+
Specifies whether to show this mount in the UI-specific
|
574
|
+
listing endpoint. Valid values are `unauth` or `hidden`. If not set, behaves like `hidden`.
|
575
|
+
"""
|
576
|
+
return pulumi.get(self, "listing_visibility")
|
577
|
+
|
578
|
+
@listing_visibility.setter
|
579
|
+
def listing_visibility(self, value: Optional[pulumi.Input[str]]):
|
580
|
+
pulumi.set(self, "listing_visibility", value)
|
581
|
+
|
384
582
|
@property
|
385
583
|
@pulumi.getter
|
386
584
|
def local(self) -> Optional[pulumi.Input[bool]]:
|
@@ -411,7 +609,7 @@ class _MountState:
|
|
411
609
|
"""
|
412
610
|
The namespace to provision the resource in.
|
413
611
|
The value should not contain leading or trailing forward slashes.
|
414
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
612
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
415
613
|
*Available only for Vault Enterprise*.
|
416
614
|
"""
|
417
615
|
return pulumi.get(self, "namespace")
|
@@ -422,16 +620,29 @@ class _MountState:
|
|
422
620
|
|
423
621
|
@property
|
424
622
|
@pulumi.getter
|
425
|
-
def options(self) -> Optional[pulumi.Input[Mapping[str,
|
623
|
+
def options(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
|
426
624
|
"""
|
427
625
|
Specifies mount type specific options that are passed to the backend
|
428
626
|
"""
|
429
627
|
return pulumi.get(self, "options")
|
430
628
|
|
431
629
|
@options.setter
|
432
|
-
def options(self, value: Optional[pulumi.Input[Mapping[str,
|
630
|
+
def options(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
|
433
631
|
pulumi.set(self, "options", value)
|
434
632
|
|
633
|
+
@property
|
634
|
+
@pulumi.getter(name="passthroughRequestHeaders")
|
635
|
+
def passthrough_request_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
636
|
+
"""
|
637
|
+
List of headers to allow and pass from the request to
|
638
|
+
the plugin.
|
639
|
+
"""
|
640
|
+
return pulumi.get(self, "passthrough_request_headers")
|
641
|
+
|
642
|
+
@passthrough_request_headers.setter
|
643
|
+
def passthrough_request_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
644
|
+
pulumi.set(self, "passthrough_request_headers", value)
|
645
|
+
|
435
646
|
@property
|
436
647
|
@pulumi.getter
|
437
648
|
def path(self) -> Optional[pulumi.Input[str]]:
|
@@ -444,6 +655,20 @@ class _MountState:
|
|
444
655
|
def path(self, value: Optional[pulumi.Input[str]]):
|
445
656
|
pulumi.set(self, "path", value)
|
446
657
|
|
658
|
+
@property
|
659
|
+
@pulumi.getter(name="pluginVersion")
|
660
|
+
def plugin_version(self) -> Optional[pulumi.Input[str]]:
|
661
|
+
"""
|
662
|
+
Specifies the semantic version of the plugin to use, e.g. "v1.0.0".
|
663
|
+
If unspecified, the server will select any matching unversioned plugin that may have been
|
664
|
+
registered, the latest versioned plugin registered, or a built-in plugin in that order of precedence.
|
665
|
+
"""
|
666
|
+
return pulumi.get(self, "plugin_version")
|
667
|
+
|
668
|
+
@plugin_version.setter
|
669
|
+
def plugin_version(self, value: Optional[pulumi.Input[str]]):
|
670
|
+
pulumi.set(self, "plugin_version", value)
|
671
|
+
|
447
672
|
@property
|
448
673
|
@pulumi.getter(name="sealWrap")
|
449
674
|
def seal_wrap(self) -> Optional[pulumi.Input[bool]]:
|
@@ -475,78 +700,78 @@ class Mount(pulumi.CustomResource):
|
|
475
700
|
resource_name: str,
|
476
701
|
opts: Optional[pulumi.ResourceOptions] = None,
|
477
702
|
allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
703
|
+
allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
478
704
|
audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
479
705
|
audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
480
706
|
default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
707
|
+
delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
481
708
|
description: Optional[pulumi.Input[str]] = None,
|
482
709
|
external_entropy_access: Optional[pulumi.Input[bool]] = None,
|
710
|
+
identity_token_key: Optional[pulumi.Input[str]] = None,
|
711
|
+
listing_visibility: Optional[pulumi.Input[str]] = None,
|
483
712
|
local: Optional[pulumi.Input[bool]] = None,
|
484
713
|
max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
485
714
|
namespace: Optional[pulumi.Input[str]] = None,
|
486
|
-
options: Optional[pulumi.Input[Mapping[str,
|
715
|
+
options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
716
|
+
passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
487
717
|
path: Optional[pulumi.Input[str]] = None,
|
718
|
+
plugin_version: Optional[pulumi.Input[str]] = None,
|
488
719
|
seal_wrap: Optional[pulumi.Input[bool]] = None,
|
489
720
|
type: Optional[pulumi.Input[str]] = None,
|
490
721
|
__props__=None):
|
491
722
|
"""
|
723
|
+
This resource enables a new secrets engine at the given path.
|
724
|
+
|
492
725
|
## Example Usage
|
493
726
|
|
494
|
-
<!--Start PulumiCodeChooser -->
|
495
727
|
```python
|
496
728
|
import pulumi
|
497
729
|
import pulumi_vault as vault
|
498
730
|
|
499
731
|
example = vault.Mount("example",
|
500
|
-
description="This is an example mount",
|
501
732
|
path="dummy",
|
502
|
-
type="generic"
|
733
|
+
type="generic",
|
734
|
+
description="This is an example mount")
|
503
735
|
```
|
504
|
-
<!--End PulumiCodeChooser -->
|
505
736
|
|
506
|
-
<!--Start PulumiCodeChooser -->
|
507
737
|
```python
|
508
738
|
import pulumi
|
509
739
|
import pulumi_vault as vault
|
510
740
|
|
511
741
|
kvv2_example = vault.Mount("kvv2-example",
|
512
|
-
|
742
|
+
path="version2-example",
|
743
|
+
type="kv-v2",
|
513
744
|
options={
|
514
|
-
"type": "kv-v2",
|
515
745
|
"version": "2",
|
746
|
+
"type": "kv-v2",
|
516
747
|
},
|
517
|
-
|
518
|
-
type="kv-v2")
|
748
|
+
description="This is an example KV Version 2 secret engine mount")
|
519
749
|
```
|
520
|
-
<!--End PulumiCodeChooser -->
|
521
750
|
|
522
|
-
<!--Start PulumiCodeChooser -->
|
523
751
|
```python
|
524
752
|
import pulumi
|
525
753
|
import pulumi_vault as vault
|
526
754
|
|
527
755
|
transit_example = vault.Mount("transit-example",
|
756
|
+
path="transit-example",
|
757
|
+
type="transit",
|
528
758
|
description="This is an example transit secret engine mount",
|
529
759
|
options={
|
530
|
-
"convergent_encryption":
|
531
|
-
}
|
532
|
-
path="transit-example",
|
533
|
-
type="transit")
|
760
|
+
"convergent_encryption": "false",
|
761
|
+
})
|
534
762
|
```
|
535
|
-
<!--End PulumiCodeChooser -->
|
536
763
|
|
537
|
-
<!--Start PulumiCodeChooser -->
|
538
764
|
```python
|
539
765
|
import pulumi
|
540
766
|
import pulumi_vault as vault
|
541
767
|
|
542
768
|
pki_example = vault.Mount("pki-example",
|
543
|
-
default_lease_ttl_seconds=3600,
|
544
|
-
description="This is an example PKI mount",
|
545
|
-
max_lease_ttl_seconds=86400,
|
546
769
|
path="pki-example",
|
547
|
-
type="pki"
|
770
|
+
type="pki",
|
771
|
+
description="This is an example PKI mount",
|
772
|
+
default_lease_ttl_seconds=3600,
|
773
|
+
max_lease_ttl_seconds=86400)
|
548
774
|
```
|
549
|
-
<!--End PulumiCodeChooser -->
|
550
775
|
|
551
776
|
## Import
|
552
777
|
|
@@ -559,19 +784,32 @@ class Mount(pulumi.CustomResource):
|
|
559
784
|
:param str resource_name: The name of the resource.
|
560
785
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
561
786
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_managed_keys: Set of managed key registry entry names that the mount in question is allowed to access
|
787
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_response_headers: List of headers to allow, allowing a plugin to include
|
788
|
+
them in the response.
|
562
789
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
|
563
790
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
|
564
791
|
:param pulumi.Input[int] default_lease_ttl_seconds: Default lease duration for tokens and secrets in seconds
|
792
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] delegated_auth_accessors: List of allowed authentication mount accessors the
|
793
|
+
backend can request delegated authentication for.
|
565
794
|
:param pulumi.Input[str] description: Human-friendly description of the mount
|
566
795
|
:param pulumi.Input[bool] external_entropy_access: Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source
|
796
|
+
:param pulumi.Input[str] identity_token_key: The key to use for signing plugin workload identity tokens. If
|
797
|
+
not provided, this will default to Vault's OIDC default key.
|
798
|
+
:param pulumi.Input[str] listing_visibility: Specifies whether to show this mount in the UI-specific
|
799
|
+
listing endpoint. Valid values are `unauth` or `hidden`. If not set, behaves like `hidden`.
|
567
800
|
:param pulumi.Input[bool] local: Boolean flag that can be explicitly set to true to enforce local mount in HA environment
|
568
801
|
:param pulumi.Input[int] max_lease_ttl_seconds: Maximum possible lease duration for tokens and secrets in seconds
|
569
802
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
570
803
|
The value should not contain leading or trailing forward slashes.
|
571
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
804
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
572
805
|
*Available only for Vault Enterprise*.
|
573
|
-
:param pulumi.Input[Mapping[str,
|
806
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] options: Specifies mount type specific options that are passed to the backend
|
807
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] passthrough_request_headers: List of headers to allow and pass from the request to
|
808
|
+
the plugin.
|
574
809
|
:param pulumi.Input[str] path: Where the secret backend will be mounted
|
810
|
+
:param pulumi.Input[str] plugin_version: Specifies the semantic version of the plugin to use, e.g. "v1.0.0".
|
811
|
+
If unspecified, the server will select any matching unversioned plugin that may have been
|
812
|
+
registered, the latest versioned plugin registered, or a built-in plugin in that order of precedence.
|
575
813
|
:param pulumi.Input[bool] seal_wrap: Boolean flag that can be explicitly set to true to enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
|
576
814
|
:param pulumi.Input[str] type: Type of the backend, such as "aws"
|
577
815
|
"""
|
@@ -582,64 +820,58 @@ class Mount(pulumi.CustomResource):
|
|
582
820
|
args: MountArgs,
|
583
821
|
opts: Optional[pulumi.ResourceOptions] = None):
|
584
822
|
"""
|
823
|
+
This resource enables a new secrets engine at the given path.
|
824
|
+
|
585
825
|
## Example Usage
|
586
826
|
|
587
|
-
<!--Start PulumiCodeChooser -->
|
588
827
|
```python
|
589
828
|
import pulumi
|
590
829
|
import pulumi_vault as vault
|
591
830
|
|
592
831
|
example = vault.Mount("example",
|
593
|
-
description="This is an example mount",
|
594
832
|
path="dummy",
|
595
|
-
type="generic"
|
833
|
+
type="generic",
|
834
|
+
description="This is an example mount")
|
596
835
|
```
|
597
|
-
<!--End PulumiCodeChooser -->
|
598
836
|
|
599
|
-
<!--Start PulumiCodeChooser -->
|
600
837
|
```python
|
601
838
|
import pulumi
|
602
839
|
import pulumi_vault as vault
|
603
840
|
|
604
841
|
kvv2_example = vault.Mount("kvv2-example",
|
605
|
-
|
842
|
+
path="version2-example",
|
843
|
+
type="kv-v2",
|
606
844
|
options={
|
607
|
-
"type": "kv-v2",
|
608
845
|
"version": "2",
|
846
|
+
"type": "kv-v2",
|
609
847
|
},
|
610
|
-
|
611
|
-
type="kv-v2")
|
848
|
+
description="This is an example KV Version 2 secret engine mount")
|
612
849
|
```
|
613
|
-
<!--End PulumiCodeChooser -->
|
614
850
|
|
615
|
-
<!--Start PulumiCodeChooser -->
|
616
851
|
```python
|
617
852
|
import pulumi
|
618
853
|
import pulumi_vault as vault
|
619
854
|
|
620
855
|
transit_example = vault.Mount("transit-example",
|
856
|
+
path="transit-example",
|
857
|
+
type="transit",
|
621
858
|
description="This is an example transit secret engine mount",
|
622
859
|
options={
|
623
|
-
"convergent_encryption":
|
624
|
-
}
|
625
|
-
path="transit-example",
|
626
|
-
type="transit")
|
860
|
+
"convergent_encryption": "false",
|
861
|
+
})
|
627
862
|
```
|
628
|
-
<!--End PulumiCodeChooser -->
|
629
863
|
|
630
|
-
<!--Start PulumiCodeChooser -->
|
631
864
|
```python
|
632
865
|
import pulumi
|
633
866
|
import pulumi_vault as vault
|
634
867
|
|
635
868
|
pki_example = vault.Mount("pki-example",
|
636
|
-
default_lease_ttl_seconds=3600,
|
637
|
-
description="This is an example PKI mount",
|
638
|
-
max_lease_ttl_seconds=86400,
|
639
869
|
path="pki-example",
|
640
|
-
type="pki"
|
870
|
+
type="pki",
|
871
|
+
description="This is an example PKI mount",
|
872
|
+
default_lease_ttl_seconds=3600,
|
873
|
+
max_lease_ttl_seconds=86400)
|
641
874
|
```
|
642
|
-
<!--End PulumiCodeChooser -->
|
643
875
|
|
644
876
|
## Import
|
645
877
|
|
@@ -665,16 +897,22 @@ class Mount(pulumi.CustomResource):
|
|
665
897
|
resource_name: str,
|
666
898
|
opts: Optional[pulumi.ResourceOptions] = None,
|
667
899
|
allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
900
|
+
allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
668
901
|
audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
669
902
|
audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
670
903
|
default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
904
|
+
delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
671
905
|
description: Optional[pulumi.Input[str]] = None,
|
672
906
|
external_entropy_access: Optional[pulumi.Input[bool]] = None,
|
907
|
+
identity_token_key: Optional[pulumi.Input[str]] = None,
|
908
|
+
listing_visibility: Optional[pulumi.Input[str]] = None,
|
673
909
|
local: Optional[pulumi.Input[bool]] = None,
|
674
910
|
max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
675
911
|
namespace: Optional[pulumi.Input[str]] = None,
|
676
|
-
options: Optional[pulumi.Input[Mapping[str,
|
912
|
+
options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
913
|
+
passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
677
914
|
path: Optional[pulumi.Input[str]] = None,
|
915
|
+
plugin_version: Optional[pulumi.Input[str]] = None,
|
678
916
|
seal_wrap: Optional[pulumi.Input[bool]] = None,
|
679
917
|
type: Optional[pulumi.Input[str]] = None,
|
680
918
|
__props__=None):
|
@@ -687,18 +925,24 @@ class Mount(pulumi.CustomResource):
|
|
687
925
|
__props__ = MountArgs.__new__(MountArgs)
|
688
926
|
|
689
927
|
__props__.__dict__["allowed_managed_keys"] = allowed_managed_keys
|
928
|
+
__props__.__dict__["allowed_response_headers"] = allowed_response_headers
|
690
929
|
__props__.__dict__["audit_non_hmac_request_keys"] = audit_non_hmac_request_keys
|
691
930
|
__props__.__dict__["audit_non_hmac_response_keys"] = audit_non_hmac_response_keys
|
692
931
|
__props__.__dict__["default_lease_ttl_seconds"] = default_lease_ttl_seconds
|
932
|
+
__props__.__dict__["delegated_auth_accessors"] = delegated_auth_accessors
|
693
933
|
__props__.__dict__["description"] = description
|
694
934
|
__props__.__dict__["external_entropy_access"] = external_entropy_access
|
935
|
+
__props__.__dict__["identity_token_key"] = identity_token_key
|
936
|
+
__props__.__dict__["listing_visibility"] = listing_visibility
|
695
937
|
__props__.__dict__["local"] = local
|
696
938
|
__props__.__dict__["max_lease_ttl_seconds"] = max_lease_ttl_seconds
|
697
939
|
__props__.__dict__["namespace"] = namespace
|
698
940
|
__props__.__dict__["options"] = options
|
941
|
+
__props__.__dict__["passthrough_request_headers"] = passthrough_request_headers
|
699
942
|
if path is None and not opts.urn:
|
700
943
|
raise TypeError("Missing required property 'path'")
|
701
944
|
__props__.__dict__["path"] = path
|
945
|
+
__props__.__dict__["plugin_version"] = plugin_version
|
702
946
|
__props__.__dict__["seal_wrap"] = seal_wrap
|
703
947
|
if type is None and not opts.urn:
|
704
948
|
raise TypeError("Missing required property 'type'")
|
@@ -716,16 +960,22 @@ class Mount(pulumi.CustomResource):
|
|
716
960
|
opts: Optional[pulumi.ResourceOptions] = None,
|
717
961
|
accessor: Optional[pulumi.Input[str]] = None,
|
718
962
|
allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
963
|
+
allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
719
964
|
audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
720
965
|
audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
721
966
|
default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
967
|
+
delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
722
968
|
description: Optional[pulumi.Input[str]] = None,
|
723
969
|
external_entropy_access: Optional[pulumi.Input[bool]] = None,
|
970
|
+
identity_token_key: Optional[pulumi.Input[str]] = None,
|
971
|
+
listing_visibility: Optional[pulumi.Input[str]] = None,
|
724
972
|
local: Optional[pulumi.Input[bool]] = None,
|
725
973
|
max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
726
974
|
namespace: Optional[pulumi.Input[str]] = None,
|
727
|
-
options: Optional[pulumi.Input[Mapping[str,
|
975
|
+
options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
976
|
+
passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
728
977
|
path: Optional[pulumi.Input[str]] = None,
|
978
|
+
plugin_version: Optional[pulumi.Input[str]] = None,
|
729
979
|
seal_wrap: Optional[pulumi.Input[bool]] = None,
|
730
980
|
type: Optional[pulumi.Input[str]] = None) -> 'Mount':
|
731
981
|
"""
|
@@ -737,19 +987,32 @@ class Mount(pulumi.CustomResource):
|
|
737
987
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
738
988
|
:param pulumi.Input[str] accessor: The accessor for this mount.
|
739
989
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_managed_keys: Set of managed key registry entry names that the mount in question is allowed to access
|
990
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_response_headers: List of headers to allow, allowing a plugin to include
|
991
|
+
them in the response.
|
740
992
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
|
741
993
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
|
742
994
|
:param pulumi.Input[int] default_lease_ttl_seconds: Default lease duration for tokens and secrets in seconds
|
995
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] delegated_auth_accessors: List of allowed authentication mount accessors the
|
996
|
+
backend can request delegated authentication for.
|
743
997
|
:param pulumi.Input[str] description: Human-friendly description of the mount
|
744
998
|
:param pulumi.Input[bool] external_entropy_access: Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source
|
999
|
+
:param pulumi.Input[str] identity_token_key: The key to use for signing plugin workload identity tokens. If
|
1000
|
+
not provided, this will default to Vault's OIDC default key.
|
1001
|
+
:param pulumi.Input[str] listing_visibility: Specifies whether to show this mount in the UI-specific
|
1002
|
+
listing endpoint. Valid values are `unauth` or `hidden`. If not set, behaves like `hidden`.
|
745
1003
|
:param pulumi.Input[bool] local: Boolean flag that can be explicitly set to true to enforce local mount in HA environment
|
746
1004
|
:param pulumi.Input[int] max_lease_ttl_seconds: Maximum possible lease duration for tokens and secrets in seconds
|
747
1005
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
748
1006
|
The value should not contain leading or trailing forward slashes.
|
749
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
1007
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
750
1008
|
*Available only for Vault Enterprise*.
|
751
|
-
:param pulumi.Input[Mapping[str,
|
1009
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] options: Specifies mount type specific options that are passed to the backend
|
1010
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] passthrough_request_headers: List of headers to allow and pass from the request to
|
1011
|
+
the plugin.
|
752
1012
|
:param pulumi.Input[str] path: Where the secret backend will be mounted
|
1013
|
+
:param pulumi.Input[str] plugin_version: Specifies the semantic version of the plugin to use, e.g. "v1.0.0".
|
1014
|
+
If unspecified, the server will select any matching unversioned plugin that may have been
|
1015
|
+
registered, the latest versioned plugin registered, or a built-in plugin in that order of precedence.
|
753
1016
|
:param pulumi.Input[bool] seal_wrap: Boolean flag that can be explicitly set to true to enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
|
754
1017
|
:param pulumi.Input[str] type: Type of the backend, such as "aws"
|
755
1018
|
"""
|
@@ -759,16 +1022,22 @@ class Mount(pulumi.CustomResource):
|
|
759
1022
|
|
760
1023
|
__props__.__dict__["accessor"] = accessor
|
761
1024
|
__props__.__dict__["allowed_managed_keys"] = allowed_managed_keys
|
1025
|
+
__props__.__dict__["allowed_response_headers"] = allowed_response_headers
|
762
1026
|
__props__.__dict__["audit_non_hmac_request_keys"] = audit_non_hmac_request_keys
|
763
1027
|
__props__.__dict__["audit_non_hmac_response_keys"] = audit_non_hmac_response_keys
|
764
1028
|
__props__.__dict__["default_lease_ttl_seconds"] = default_lease_ttl_seconds
|
1029
|
+
__props__.__dict__["delegated_auth_accessors"] = delegated_auth_accessors
|
765
1030
|
__props__.__dict__["description"] = description
|
766
1031
|
__props__.__dict__["external_entropy_access"] = external_entropy_access
|
1032
|
+
__props__.__dict__["identity_token_key"] = identity_token_key
|
1033
|
+
__props__.__dict__["listing_visibility"] = listing_visibility
|
767
1034
|
__props__.__dict__["local"] = local
|
768
1035
|
__props__.__dict__["max_lease_ttl_seconds"] = max_lease_ttl_seconds
|
769
1036
|
__props__.__dict__["namespace"] = namespace
|
770
1037
|
__props__.__dict__["options"] = options
|
1038
|
+
__props__.__dict__["passthrough_request_headers"] = passthrough_request_headers
|
771
1039
|
__props__.__dict__["path"] = path
|
1040
|
+
__props__.__dict__["plugin_version"] = plugin_version
|
772
1041
|
__props__.__dict__["seal_wrap"] = seal_wrap
|
773
1042
|
__props__.__dict__["type"] = type
|
774
1043
|
return Mount(resource_name, opts=opts, __props__=__props__)
|
@@ -789,6 +1058,15 @@ class Mount(pulumi.CustomResource):
|
|
789
1058
|
"""
|
790
1059
|
return pulumi.get(self, "allowed_managed_keys")
|
791
1060
|
|
1061
|
+
@property
|
1062
|
+
@pulumi.getter(name="allowedResponseHeaders")
|
1063
|
+
def allowed_response_headers(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
1064
|
+
"""
|
1065
|
+
List of headers to allow, allowing a plugin to include
|
1066
|
+
them in the response.
|
1067
|
+
"""
|
1068
|
+
return pulumi.get(self, "allowed_response_headers")
|
1069
|
+
|
792
1070
|
@property
|
793
1071
|
@pulumi.getter(name="auditNonHmacRequestKeys")
|
794
1072
|
def audit_non_hmac_request_keys(self) -> pulumi.Output[Sequence[str]]:
|
@@ -813,6 +1091,15 @@ class Mount(pulumi.CustomResource):
|
|
813
1091
|
"""
|
814
1092
|
return pulumi.get(self, "default_lease_ttl_seconds")
|
815
1093
|
|
1094
|
+
@property
|
1095
|
+
@pulumi.getter(name="delegatedAuthAccessors")
|
1096
|
+
def delegated_auth_accessors(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
1097
|
+
"""
|
1098
|
+
List of allowed authentication mount accessors the
|
1099
|
+
backend can request delegated authentication for.
|
1100
|
+
"""
|
1101
|
+
return pulumi.get(self, "delegated_auth_accessors")
|
1102
|
+
|
816
1103
|
@property
|
817
1104
|
@pulumi.getter
|
818
1105
|
def description(self) -> pulumi.Output[Optional[str]]:
|
@@ -829,6 +1116,24 @@ class Mount(pulumi.CustomResource):
|
|
829
1116
|
"""
|
830
1117
|
return pulumi.get(self, "external_entropy_access")
|
831
1118
|
|
1119
|
+
@property
|
1120
|
+
@pulumi.getter(name="identityTokenKey")
|
1121
|
+
def identity_token_key(self) -> pulumi.Output[Optional[str]]:
|
1122
|
+
"""
|
1123
|
+
The key to use for signing plugin workload identity tokens. If
|
1124
|
+
not provided, this will default to Vault's OIDC default key.
|
1125
|
+
"""
|
1126
|
+
return pulumi.get(self, "identity_token_key")
|
1127
|
+
|
1128
|
+
@property
|
1129
|
+
@pulumi.getter(name="listingVisibility")
|
1130
|
+
def listing_visibility(self) -> pulumi.Output[Optional[str]]:
|
1131
|
+
"""
|
1132
|
+
Specifies whether to show this mount in the UI-specific
|
1133
|
+
listing endpoint. Valid values are `unauth` or `hidden`. If not set, behaves like `hidden`.
|
1134
|
+
"""
|
1135
|
+
return pulumi.get(self, "listing_visibility")
|
1136
|
+
|
832
1137
|
@property
|
833
1138
|
@pulumi.getter
|
834
1139
|
def local(self) -> pulumi.Output[Optional[bool]]:
|
@@ -851,19 +1156,28 @@ class Mount(pulumi.CustomResource):
|
|
851
1156
|
"""
|
852
1157
|
The namespace to provision the resource in.
|
853
1158
|
The value should not contain leading or trailing forward slashes.
|
854
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
1159
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
855
1160
|
*Available only for Vault Enterprise*.
|
856
1161
|
"""
|
857
1162
|
return pulumi.get(self, "namespace")
|
858
1163
|
|
859
1164
|
@property
|
860
1165
|
@pulumi.getter
|
861
|
-
def options(self) -> pulumi.Output[Optional[Mapping[str,
|
1166
|
+
def options(self) -> pulumi.Output[Optional[Mapping[str, str]]]:
|
862
1167
|
"""
|
863
1168
|
Specifies mount type specific options that are passed to the backend
|
864
1169
|
"""
|
865
1170
|
return pulumi.get(self, "options")
|
866
1171
|
|
1172
|
+
@property
|
1173
|
+
@pulumi.getter(name="passthroughRequestHeaders")
|
1174
|
+
def passthrough_request_headers(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
1175
|
+
"""
|
1176
|
+
List of headers to allow and pass from the request to
|
1177
|
+
the plugin.
|
1178
|
+
"""
|
1179
|
+
return pulumi.get(self, "passthrough_request_headers")
|
1180
|
+
|
867
1181
|
@property
|
868
1182
|
@pulumi.getter
|
869
1183
|
def path(self) -> pulumi.Output[str]:
|
@@ -872,6 +1186,16 @@ class Mount(pulumi.CustomResource):
|
|
872
1186
|
"""
|
873
1187
|
return pulumi.get(self, "path")
|
874
1188
|
|
1189
|
+
@property
|
1190
|
+
@pulumi.getter(name="pluginVersion")
|
1191
|
+
def plugin_version(self) -> pulumi.Output[Optional[str]]:
|
1192
|
+
"""
|
1193
|
+
Specifies the semantic version of the plugin to use, e.g. "v1.0.0".
|
1194
|
+
If unspecified, the server will select any matching unversioned plugin that may have been
|
1195
|
+
registered, the latest versioned plugin registered, or a built-in plugin in that order of precedence.
|
1196
|
+
"""
|
1197
|
+
return pulumi.get(self, "plugin_version")
|
1198
|
+
|
875
1199
|
@property
|
876
1200
|
@pulumi.getter(name="sealWrap")
|
877
1201
|
def seal_wrap(self) -> pulumi.Output[bool]:
|