pulumi-vault 5.21.0a1710160723__py3-none-any.whl → 6.5.0a1736850018__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +52 -0
- pulumi_vault/_inputs.py +560 -0
- pulumi_vault/_utilities.py +41 -5
- pulumi_vault/ad/get_access_credentials.py +22 -7
- pulumi_vault/ad/secret_backend.py +14 -144
- pulumi_vault/ad/secret_library.py +14 -11
- pulumi_vault/ad/secret_role.py +12 -11
- pulumi_vault/alicloud/auth_backend_role.py +74 -192
- pulumi_vault/approle/auth_backend_login.py +12 -11
- pulumi_vault/approle/auth_backend_role.py +75 -193
- pulumi_vault/approle/auth_backend_role_secret_id.py +106 -11
- pulumi_vault/approle/get_auth_backend_role_id.py +18 -9
- pulumi_vault/audit.py +24 -27
- pulumi_vault/audit_request_header.py +11 -6
- pulumi_vault/auth_backend.py +64 -12
- pulumi_vault/aws/auth_backend_cert.py +12 -7
- pulumi_vault/aws/auth_backend_client.py +265 -24
- pulumi_vault/aws/auth_backend_config_identity.py +12 -11
- pulumi_vault/aws/auth_backend_identity_whitelist.py +18 -17
- pulumi_vault/aws/auth_backend_login.py +19 -22
- pulumi_vault/aws/auth_backend_role.py +75 -193
- pulumi_vault/aws/auth_backend_role_tag.py +12 -7
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -17
- pulumi_vault/aws/auth_backend_sts_role.py +12 -11
- pulumi_vault/aws/get_access_credentials.py +34 -7
- pulumi_vault/aws/get_static_access_credentials.py +19 -5
- pulumi_vault/aws/secret_backend.py +75 -7
- pulumi_vault/aws/secret_backend_role.py +183 -11
- pulumi_vault/aws/secret_backend_static_role.py +14 -11
- pulumi_vault/azure/_inputs.py +24 -0
- pulumi_vault/azure/auth_backend_config.py +151 -17
- pulumi_vault/azure/auth_backend_role.py +75 -193
- pulumi_vault/azure/backend.py +223 -29
- pulumi_vault/azure/backend_role.py +42 -41
- pulumi_vault/azure/get_access_credentials.py +39 -11
- pulumi_vault/azure/outputs.py +5 -0
- pulumi_vault/cert_auth_backend_role.py +87 -271
- pulumi_vault/config/__init__.pyi +5 -0
- pulumi_vault/config/_inputs.py +73 -0
- pulumi_vault/config/outputs.py +35 -0
- pulumi_vault/config/ui_custom_message.py +529 -0
- pulumi_vault/config/vars.py +5 -0
- pulumi_vault/consul/secret_backend.py +22 -25
- pulumi_vault/consul/secret_backend_role.py +14 -80
- pulumi_vault/database/_inputs.py +2770 -881
- pulumi_vault/database/outputs.py +721 -838
- pulumi_vault/database/secret_backend_connection.py +117 -114
- pulumi_vault/database/secret_backend_role.py +29 -24
- pulumi_vault/database/secret_backend_static_role.py +85 -15
- pulumi_vault/database/secrets_mount.py +425 -138
- pulumi_vault/egp_policy.py +16 -15
- pulumi_vault/gcp/_inputs.py +111 -0
- pulumi_vault/gcp/auth_backend.py +248 -35
- pulumi_vault/gcp/auth_backend_role.py +75 -271
- pulumi_vault/gcp/get_auth_backend_role.py +43 -9
- pulumi_vault/gcp/outputs.py +5 -0
- pulumi_vault/gcp/secret_backend.py +287 -16
- pulumi_vault/gcp/secret_impersonated_account.py +74 -17
- pulumi_vault/gcp/secret_roleset.py +29 -26
- pulumi_vault/gcp/secret_static_account.py +37 -34
- pulumi_vault/generic/endpoint.py +22 -21
- pulumi_vault/generic/get_secret.py +68 -12
- pulumi_vault/generic/secret.py +19 -14
- pulumi_vault/get_auth_backend.py +24 -11
- pulumi_vault/get_auth_backends.py +33 -11
- pulumi_vault/get_namespace.py +226 -0
- pulumi_vault/get_namespaces.py +153 -0
- pulumi_vault/get_nomad_access_token.py +31 -15
- pulumi_vault/get_policy_document.py +34 -23
- pulumi_vault/get_raft_autopilot_state.py +29 -14
- pulumi_vault/github/_inputs.py +55 -0
- pulumi_vault/github/auth_backend.py +17 -16
- pulumi_vault/github/outputs.py +5 -0
- pulumi_vault/github/team.py +14 -13
- pulumi_vault/github/user.py +14 -13
- pulumi_vault/identity/entity.py +18 -15
- pulumi_vault/identity/entity_alias.py +18 -15
- pulumi_vault/identity/entity_policies.py +24 -19
- pulumi_vault/identity/get_entity.py +40 -14
- pulumi_vault/identity/get_group.py +45 -13
- pulumi_vault/identity/get_oidc_client_creds.py +21 -11
- pulumi_vault/identity/get_oidc_openid_config.py +39 -13
- pulumi_vault/identity/get_oidc_public_keys.py +29 -14
- pulumi_vault/identity/group.py +50 -49
- pulumi_vault/identity/group_alias.py +14 -11
- pulumi_vault/identity/group_member_entity_ids.py +24 -74
- pulumi_vault/identity/group_member_group_ids.py +36 -27
- pulumi_vault/identity/group_policies.py +16 -15
- pulumi_vault/identity/mfa_duo.py +9 -8
- pulumi_vault/identity/mfa_login_enforcement.py +13 -8
- pulumi_vault/identity/mfa_okta.py +9 -8
- pulumi_vault/identity/mfa_pingid.py +5 -4
- pulumi_vault/identity/mfa_totp.py +5 -4
- pulumi_vault/identity/oidc.py +12 -11
- pulumi_vault/identity/oidc_assignment.py +22 -13
- pulumi_vault/identity/oidc_client.py +34 -25
- pulumi_vault/identity/oidc_key.py +28 -19
- pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -19
- pulumi_vault/identity/oidc_provider.py +34 -23
- pulumi_vault/identity/oidc_role.py +40 -27
- pulumi_vault/identity/oidc_scope.py +18 -15
- pulumi_vault/identity/outputs.py +8 -3
- pulumi_vault/jwt/_inputs.py +55 -0
- pulumi_vault/jwt/auth_backend.py +39 -46
- pulumi_vault/jwt/auth_backend_role.py +131 -260
- pulumi_vault/jwt/outputs.py +5 -0
- pulumi_vault/kmip/secret_backend.py +22 -21
- pulumi_vault/kmip/secret_role.py +12 -11
- pulumi_vault/kmip/secret_scope.py +12 -11
- pulumi_vault/kubernetes/auth_backend_config.py +55 -7
- pulumi_vault/kubernetes/auth_backend_role.py +68 -179
- pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
- pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
- pulumi_vault/kubernetes/get_service_account_token.py +39 -15
- pulumi_vault/kubernetes/secret_backend.py +314 -29
- pulumi_vault/kubernetes/secret_backend_role.py +135 -56
- pulumi_vault/kv/_inputs.py +36 -4
- pulumi_vault/kv/get_secret.py +23 -12
- pulumi_vault/kv/get_secret_subkeys_v2.py +31 -14
- pulumi_vault/kv/get_secret_v2.py +89 -9
- pulumi_vault/kv/get_secrets_list.py +22 -15
- pulumi_vault/kv/get_secrets_list_v2.py +35 -19
- pulumi_vault/kv/outputs.py +8 -3
- pulumi_vault/kv/secret.py +19 -18
- pulumi_vault/kv/secret_backend_v2.py +12 -11
- pulumi_vault/kv/secret_v2.py +55 -52
- pulumi_vault/ldap/auth_backend.py +125 -168
- pulumi_vault/ldap/auth_backend_group.py +12 -11
- pulumi_vault/ldap/auth_backend_user.py +12 -11
- pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
- pulumi_vault/ldap/get_static_credentials.py +24 -5
- pulumi_vault/ldap/secret_backend.py +352 -84
- pulumi_vault/ldap/secret_backend_dynamic_role.py +12 -11
- pulumi_vault/ldap/secret_backend_library_set.py +14 -11
- pulumi_vault/ldap/secret_backend_static_role.py +67 -12
- pulumi_vault/managed/_inputs.py +289 -132
- pulumi_vault/managed/keys.py +27 -43
- pulumi_vault/managed/outputs.py +89 -132
- pulumi_vault/mfa_duo.py +16 -13
- pulumi_vault/mfa_okta.py +16 -13
- pulumi_vault/mfa_pingid.py +16 -13
- pulumi_vault/mfa_totp.py +22 -19
- pulumi_vault/mongodbatlas/secret_backend.py +18 -17
- pulumi_vault/mongodbatlas/secret_role.py +41 -38
- pulumi_vault/mount.py +389 -65
- pulumi_vault/namespace.py +26 -21
- pulumi_vault/nomad_secret_backend.py +16 -15
- pulumi_vault/nomad_secret_role.py +12 -11
- pulumi_vault/okta/_inputs.py +47 -8
- pulumi_vault/okta/auth_backend.py +483 -41
- pulumi_vault/okta/auth_backend_group.py +12 -11
- pulumi_vault/okta/auth_backend_user.py +12 -11
- pulumi_vault/okta/outputs.py +13 -8
- pulumi_vault/outputs.py +5 -0
- pulumi_vault/password_policy.py +18 -15
- pulumi_vault/pkisecret/__init__.py +3 -0
- pulumi_vault/pkisecret/_inputs.py +81 -0
- pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
- pulumi_vault/pkisecret/backend_config_est.py +619 -0
- pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
- pulumi_vault/pkisecret/get_backend_issuer.py +63 -7
- pulumi_vault/pkisecret/get_backend_issuers.py +21 -12
- pulumi_vault/pkisecret/get_backend_key.py +24 -13
- pulumi_vault/pkisecret/get_backend_keys.py +21 -12
- pulumi_vault/pkisecret/outputs.py +69 -0
- pulumi_vault/pkisecret/secret_backend_cert.py +18 -15
- pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -15
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +12 -11
- pulumi_vault/pkisecret/secret_backend_config_urls.py +59 -11
- pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -13
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -15
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -21
- pulumi_vault/pkisecret/secret_backend_issuer.py +12 -11
- pulumi_vault/pkisecret/secret_backend_key.py +12 -7
- pulumi_vault/pkisecret/secret_backend_role.py +19 -16
- pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -52
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -62
- pulumi_vault/pkisecret/secret_backend_sign.py +18 -60
- pulumi_vault/plugin.py +595 -0
- pulumi_vault/plugin_pinned_version.py +298 -0
- pulumi_vault/policy.py +12 -7
- pulumi_vault/provider.py +48 -53
- pulumi_vault/pulumi-plugin.json +2 -1
- pulumi_vault/quota_lease_count.py +58 -8
- pulumi_vault/quota_rate_limit.py +54 -4
- pulumi_vault/rabbitmq/_inputs.py +61 -0
- pulumi_vault/rabbitmq/outputs.py +5 -0
- pulumi_vault/rabbitmq/secret_backend.py +16 -15
- pulumi_vault/rabbitmq/secret_backend_role.py +52 -49
- pulumi_vault/raft_autopilot.py +12 -11
- pulumi_vault/raft_snapshot_agent_config.py +121 -311
- pulumi_vault/rgp_policy.py +14 -13
- pulumi_vault/saml/auth_backend.py +20 -19
- pulumi_vault/saml/auth_backend_role.py +90 -199
- pulumi_vault/secrets/__init__.py +3 -0
- pulumi_vault/secrets/_inputs.py +110 -0
- pulumi_vault/secrets/outputs.py +94 -0
- pulumi_vault/secrets/sync_association.py +56 -75
- pulumi_vault/secrets/sync_aws_destination.py +240 -29
- pulumi_vault/secrets/sync_azure_destination.py +90 -33
- pulumi_vault/secrets/sync_config.py +7 -6
- pulumi_vault/secrets/sync_gcp_destination.py +156 -27
- pulumi_vault/secrets/sync_gh_destination.py +187 -15
- pulumi_vault/secrets/sync_github_apps.py +375 -0
- pulumi_vault/secrets/sync_vercel_destination.py +72 -15
- pulumi_vault/ssh/_inputs.py +28 -32
- pulumi_vault/ssh/outputs.py +11 -32
- pulumi_vault/ssh/secret_backend_ca.py +106 -11
- pulumi_vault/ssh/secret_backend_role.py +83 -120
- pulumi_vault/terraformcloud/secret_backend.py +5 -56
- pulumi_vault/terraformcloud/secret_creds.py +14 -24
- pulumi_vault/terraformcloud/secret_role.py +14 -76
- pulumi_vault/token.py +26 -25
- pulumi_vault/tokenauth/auth_backend_role.py +76 -201
- pulumi_vault/transform/alphabet.py +16 -13
- pulumi_vault/transform/get_decode.py +45 -21
- pulumi_vault/transform/get_encode.py +45 -21
- pulumi_vault/transform/role.py +16 -13
- pulumi_vault/transform/template.py +30 -25
- pulumi_vault/transform/transformation.py +12 -7
- pulumi_vault/transit/get_decrypt.py +26 -25
- pulumi_vault/transit/get_encrypt.py +24 -19
- pulumi_vault/transit/secret_backend_key.py +25 -97
- pulumi_vault/transit/secret_cache_config.py +12 -11
- {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736850018.dist-info}/METADATA +8 -7
- pulumi_vault-6.5.0a1736850018.dist-info/RECORD +256 -0
- {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736850018.dist-info}/WHEEL +1 -1
- pulumi_vault-5.21.0a1710160723.dist-info/RECORD +0 -244
- {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736850018.dist-info}/top_level.txt +0 -0
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
from . import outputs
|
12
17
|
from ._inputs import *
|
@@ -26,6 +31,15 @@ class AuthBackendArgs:
|
|
26
31
|
namespace: Optional[pulumi.Input[str]] = None,
|
27
32
|
path: Optional[pulumi.Input[str]] = None,
|
28
33
|
token: Optional[pulumi.Input[str]] = None,
|
34
|
+
token_bound_cidrs: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
35
|
+
token_explicit_max_ttl: Optional[pulumi.Input[int]] = None,
|
36
|
+
token_max_ttl: Optional[pulumi.Input[int]] = None,
|
37
|
+
token_no_default_policy: Optional[pulumi.Input[bool]] = None,
|
38
|
+
token_num_uses: Optional[pulumi.Input[int]] = None,
|
39
|
+
token_period: Optional[pulumi.Input[int]] = None,
|
40
|
+
token_policies: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
41
|
+
token_ttl: Optional[pulumi.Input[int]] = None,
|
42
|
+
token_type: Optional[pulumi.Input[str]] = None,
|
29
43
|
ttl: Optional[pulumi.Input[str]] = None,
|
30
44
|
users: Optional[pulumi.Input[Sequence[pulumi.Input['AuthBackendUserArgs']]]] = None):
|
31
45
|
"""
|
@@ -42,11 +56,20 @@ class AuthBackendArgs:
|
|
42
56
|
[See the documentation for info on valid duration formats](https://golang.org/pkg/time/#ParseDuration).
|
43
57
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
44
58
|
The value should not contain leading or trailing forward slashes.
|
45
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
59
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
46
60
|
*Available only for Vault Enterprise*.
|
47
61
|
:param pulumi.Input[str] path: Path to mount the Okta auth backend. Default to path `okta`.
|
48
62
|
:param pulumi.Input[str] token: The Okta API token. This is required to query Okta for user group membership.
|
49
63
|
If this is not supplied only locally configured groups will be enabled.
|
64
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
|
65
|
+
:param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
|
66
|
+
:param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
|
67
|
+
:param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
|
68
|
+
:param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
|
69
|
+
:param pulumi.Input[int] token_period: Generated Token's Period
|
70
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
|
71
|
+
:param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
|
72
|
+
:param pulumi.Input[str] token_type: The type of token to generate, service or batch
|
50
73
|
:param pulumi.Input[str] ttl: Duration after which authentication will be expired.
|
51
74
|
[See the documentation for info on valid duration formats](https://golang.org/pkg/time/#ParseDuration).
|
52
75
|
:param pulumi.Input[Sequence[pulumi.Input['AuthBackendUserArgs']]] users: Associate Okta users with groups or policies within Vault.
|
@@ -63,6 +86,9 @@ class AuthBackendArgs:
|
|
63
86
|
pulumi.set(__self__, "disable_remount", disable_remount)
|
64
87
|
if groups is not None:
|
65
88
|
pulumi.set(__self__, "groups", groups)
|
89
|
+
if max_ttl is not None:
|
90
|
+
warnings.warn("""Deprecated. Please use `token_max_ttl` instead.""", DeprecationWarning)
|
91
|
+
pulumi.log.warn("""max_ttl is deprecated: Deprecated. Please use `token_max_ttl` instead.""")
|
66
92
|
if max_ttl is not None:
|
67
93
|
pulumi.set(__self__, "max_ttl", max_ttl)
|
68
94
|
if namespace is not None:
|
@@ -71,6 +97,27 @@ class AuthBackendArgs:
|
|
71
97
|
pulumi.set(__self__, "path", path)
|
72
98
|
if token is not None:
|
73
99
|
pulumi.set(__self__, "token", token)
|
100
|
+
if token_bound_cidrs is not None:
|
101
|
+
pulumi.set(__self__, "token_bound_cidrs", token_bound_cidrs)
|
102
|
+
if token_explicit_max_ttl is not None:
|
103
|
+
pulumi.set(__self__, "token_explicit_max_ttl", token_explicit_max_ttl)
|
104
|
+
if token_max_ttl is not None:
|
105
|
+
pulumi.set(__self__, "token_max_ttl", token_max_ttl)
|
106
|
+
if token_no_default_policy is not None:
|
107
|
+
pulumi.set(__self__, "token_no_default_policy", token_no_default_policy)
|
108
|
+
if token_num_uses is not None:
|
109
|
+
pulumi.set(__self__, "token_num_uses", token_num_uses)
|
110
|
+
if token_period is not None:
|
111
|
+
pulumi.set(__self__, "token_period", token_period)
|
112
|
+
if token_policies is not None:
|
113
|
+
pulumi.set(__self__, "token_policies", token_policies)
|
114
|
+
if token_ttl is not None:
|
115
|
+
pulumi.set(__self__, "token_ttl", token_ttl)
|
116
|
+
if token_type is not None:
|
117
|
+
pulumi.set(__self__, "token_type", token_type)
|
118
|
+
if ttl is not None:
|
119
|
+
warnings.warn("""Deprecated. Please use `token_ttl` instead.""", DeprecationWarning)
|
120
|
+
pulumi.log.warn("""ttl is deprecated: Deprecated. Please use `token_ttl` instead.""")
|
74
121
|
if ttl is not None:
|
75
122
|
pulumi.set(__self__, "ttl", ttl)
|
76
123
|
if users is not None:
|
@@ -152,6 +199,7 @@ class AuthBackendArgs:
|
|
152
199
|
|
153
200
|
@property
|
154
201
|
@pulumi.getter(name="maxTtl")
|
202
|
+
@_utilities.deprecated("""Deprecated. Please use `token_max_ttl` instead.""")
|
155
203
|
def max_ttl(self) -> Optional[pulumi.Input[str]]:
|
156
204
|
"""
|
157
205
|
Maximum duration after which authentication will be expired
|
@@ -169,7 +217,7 @@ class AuthBackendArgs:
|
|
169
217
|
"""
|
170
218
|
The namespace to provision the resource in.
|
171
219
|
The value should not contain leading or trailing forward slashes.
|
172
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
220
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
173
221
|
*Available only for Vault Enterprise*.
|
174
222
|
"""
|
175
223
|
return pulumi.get(self, "namespace")
|
@@ -203,8 +251,117 @@ class AuthBackendArgs:
|
|
203
251
|
def token(self, value: Optional[pulumi.Input[str]]):
|
204
252
|
pulumi.set(self, "token", value)
|
205
253
|
|
254
|
+
@property
|
255
|
+
@pulumi.getter(name="tokenBoundCidrs")
|
256
|
+
def token_bound_cidrs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
257
|
+
"""
|
258
|
+
Specifies the blocks of IP addresses which are allowed to use the generated token
|
259
|
+
"""
|
260
|
+
return pulumi.get(self, "token_bound_cidrs")
|
261
|
+
|
262
|
+
@token_bound_cidrs.setter
|
263
|
+
def token_bound_cidrs(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
264
|
+
pulumi.set(self, "token_bound_cidrs", value)
|
265
|
+
|
266
|
+
@property
|
267
|
+
@pulumi.getter(name="tokenExplicitMaxTtl")
|
268
|
+
def token_explicit_max_ttl(self) -> Optional[pulumi.Input[int]]:
|
269
|
+
"""
|
270
|
+
Generated Token's Explicit Maximum TTL in seconds
|
271
|
+
"""
|
272
|
+
return pulumi.get(self, "token_explicit_max_ttl")
|
273
|
+
|
274
|
+
@token_explicit_max_ttl.setter
|
275
|
+
def token_explicit_max_ttl(self, value: Optional[pulumi.Input[int]]):
|
276
|
+
pulumi.set(self, "token_explicit_max_ttl", value)
|
277
|
+
|
278
|
+
@property
|
279
|
+
@pulumi.getter(name="tokenMaxTtl")
|
280
|
+
def token_max_ttl(self) -> Optional[pulumi.Input[int]]:
|
281
|
+
"""
|
282
|
+
The maximum lifetime of the generated token
|
283
|
+
"""
|
284
|
+
return pulumi.get(self, "token_max_ttl")
|
285
|
+
|
286
|
+
@token_max_ttl.setter
|
287
|
+
def token_max_ttl(self, value: Optional[pulumi.Input[int]]):
|
288
|
+
pulumi.set(self, "token_max_ttl", value)
|
289
|
+
|
290
|
+
@property
|
291
|
+
@pulumi.getter(name="tokenNoDefaultPolicy")
|
292
|
+
def token_no_default_policy(self) -> Optional[pulumi.Input[bool]]:
|
293
|
+
"""
|
294
|
+
If true, the 'default' policy will not automatically be added to generated tokens
|
295
|
+
"""
|
296
|
+
return pulumi.get(self, "token_no_default_policy")
|
297
|
+
|
298
|
+
@token_no_default_policy.setter
|
299
|
+
def token_no_default_policy(self, value: Optional[pulumi.Input[bool]]):
|
300
|
+
pulumi.set(self, "token_no_default_policy", value)
|
301
|
+
|
302
|
+
@property
|
303
|
+
@pulumi.getter(name="tokenNumUses")
|
304
|
+
def token_num_uses(self) -> Optional[pulumi.Input[int]]:
|
305
|
+
"""
|
306
|
+
The maximum number of times a token may be used, a value of zero means unlimited
|
307
|
+
"""
|
308
|
+
return pulumi.get(self, "token_num_uses")
|
309
|
+
|
310
|
+
@token_num_uses.setter
|
311
|
+
def token_num_uses(self, value: Optional[pulumi.Input[int]]):
|
312
|
+
pulumi.set(self, "token_num_uses", value)
|
313
|
+
|
314
|
+
@property
|
315
|
+
@pulumi.getter(name="tokenPeriod")
|
316
|
+
def token_period(self) -> Optional[pulumi.Input[int]]:
|
317
|
+
"""
|
318
|
+
Generated Token's Period
|
319
|
+
"""
|
320
|
+
return pulumi.get(self, "token_period")
|
321
|
+
|
322
|
+
@token_period.setter
|
323
|
+
def token_period(self, value: Optional[pulumi.Input[int]]):
|
324
|
+
pulumi.set(self, "token_period", value)
|
325
|
+
|
326
|
+
@property
|
327
|
+
@pulumi.getter(name="tokenPolicies")
|
328
|
+
def token_policies(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
329
|
+
"""
|
330
|
+
Generated Token's Policies
|
331
|
+
"""
|
332
|
+
return pulumi.get(self, "token_policies")
|
333
|
+
|
334
|
+
@token_policies.setter
|
335
|
+
def token_policies(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
336
|
+
pulumi.set(self, "token_policies", value)
|
337
|
+
|
338
|
+
@property
|
339
|
+
@pulumi.getter(name="tokenTtl")
|
340
|
+
def token_ttl(self) -> Optional[pulumi.Input[int]]:
|
341
|
+
"""
|
342
|
+
The initial ttl of the token to generate in seconds
|
343
|
+
"""
|
344
|
+
return pulumi.get(self, "token_ttl")
|
345
|
+
|
346
|
+
@token_ttl.setter
|
347
|
+
def token_ttl(self, value: Optional[pulumi.Input[int]]):
|
348
|
+
pulumi.set(self, "token_ttl", value)
|
349
|
+
|
350
|
+
@property
|
351
|
+
@pulumi.getter(name="tokenType")
|
352
|
+
def token_type(self) -> Optional[pulumi.Input[str]]:
|
353
|
+
"""
|
354
|
+
The type of token to generate, service or batch
|
355
|
+
"""
|
356
|
+
return pulumi.get(self, "token_type")
|
357
|
+
|
358
|
+
@token_type.setter
|
359
|
+
def token_type(self, value: Optional[pulumi.Input[str]]):
|
360
|
+
pulumi.set(self, "token_type", value)
|
361
|
+
|
206
362
|
@property
|
207
363
|
@pulumi.getter
|
364
|
+
@_utilities.deprecated("""Deprecated. Please use `token_ttl` instead.""")
|
208
365
|
def ttl(self) -> Optional[pulumi.Input[str]]:
|
209
366
|
"""
|
210
367
|
Duration after which authentication will be expired.
|
@@ -244,6 +401,15 @@ class _AuthBackendState:
|
|
244
401
|
organization: Optional[pulumi.Input[str]] = None,
|
245
402
|
path: Optional[pulumi.Input[str]] = None,
|
246
403
|
token: Optional[pulumi.Input[str]] = None,
|
404
|
+
token_bound_cidrs: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
405
|
+
token_explicit_max_ttl: Optional[pulumi.Input[int]] = None,
|
406
|
+
token_max_ttl: Optional[pulumi.Input[int]] = None,
|
407
|
+
token_no_default_policy: Optional[pulumi.Input[bool]] = None,
|
408
|
+
token_num_uses: Optional[pulumi.Input[int]] = None,
|
409
|
+
token_period: Optional[pulumi.Input[int]] = None,
|
410
|
+
token_policies: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
411
|
+
token_ttl: Optional[pulumi.Input[int]] = None,
|
412
|
+
token_type: Optional[pulumi.Input[str]] = None,
|
247
413
|
ttl: Optional[pulumi.Input[str]] = None,
|
248
414
|
users: Optional[pulumi.Input[Sequence[pulumi.Input['AuthBackendUserArgs']]]] = None):
|
249
415
|
"""
|
@@ -260,12 +426,21 @@ class _AuthBackendState:
|
|
260
426
|
[See the documentation for info on valid duration formats](https://golang.org/pkg/time/#ParseDuration).
|
261
427
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
262
428
|
The value should not contain leading or trailing forward slashes.
|
263
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
429
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
264
430
|
*Available only for Vault Enterprise*.
|
265
431
|
:param pulumi.Input[str] organization: The Okta organization. This will be the first part of the url `https://XXX.okta.com`
|
266
432
|
:param pulumi.Input[str] path: Path to mount the Okta auth backend. Default to path `okta`.
|
267
433
|
:param pulumi.Input[str] token: The Okta API token. This is required to query Okta for user group membership.
|
268
434
|
If this is not supplied only locally configured groups will be enabled.
|
435
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
|
436
|
+
:param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
|
437
|
+
:param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
|
438
|
+
:param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
|
439
|
+
:param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
|
440
|
+
:param pulumi.Input[int] token_period: Generated Token's Period
|
441
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
|
442
|
+
:param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
|
443
|
+
:param pulumi.Input[str] token_type: The type of token to generate, service or batch
|
269
444
|
:param pulumi.Input[str] ttl: Duration after which authentication will be expired.
|
270
445
|
[See the documentation for info on valid duration formats](https://golang.org/pkg/time/#ParseDuration).
|
271
446
|
:param pulumi.Input[Sequence[pulumi.Input['AuthBackendUserArgs']]] users: Associate Okta users with groups or policies within Vault.
|
@@ -283,6 +458,9 @@ class _AuthBackendState:
|
|
283
458
|
pulumi.set(__self__, "disable_remount", disable_remount)
|
284
459
|
if groups is not None:
|
285
460
|
pulumi.set(__self__, "groups", groups)
|
461
|
+
if max_ttl is not None:
|
462
|
+
warnings.warn("""Deprecated. Please use `token_max_ttl` instead.""", DeprecationWarning)
|
463
|
+
pulumi.log.warn("""max_ttl is deprecated: Deprecated. Please use `token_max_ttl` instead.""")
|
286
464
|
if max_ttl is not None:
|
287
465
|
pulumi.set(__self__, "max_ttl", max_ttl)
|
288
466
|
if namespace is not None:
|
@@ -293,6 +471,27 @@ class _AuthBackendState:
|
|
293
471
|
pulumi.set(__self__, "path", path)
|
294
472
|
if token is not None:
|
295
473
|
pulumi.set(__self__, "token", token)
|
474
|
+
if token_bound_cidrs is not None:
|
475
|
+
pulumi.set(__self__, "token_bound_cidrs", token_bound_cidrs)
|
476
|
+
if token_explicit_max_ttl is not None:
|
477
|
+
pulumi.set(__self__, "token_explicit_max_ttl", token_explicit_max_ttl)
|
478
|
+
if token_max_ttl is not None:
|
479
|
+
pulumi.set(__self__, "token_max_ttl", token_max_ttl)
|
480
|
+
if token_no_default_policy is not None:
|
481
|
+
pulumi.set(__self__, "token_no_default_policy", token_no_default_policy)
|
482
|
+
if token_num_uses is not None:
|
483
|
+
pulumi.set(__self__, "token_num_uses", token_num_uses)
|
484
|
+
if token_period is not None:
|
485
|
+
pulumi.set(__self__, "token_period", token_period)
|
486
|
+
if token_policies is not None:
|
487
|
+
pulumi.set(__self__, "token_policies", token_policies)
|
488
|
+
if token_ttl is not None:
|
489
|
+
pulumi.set(__self__, "token_ttl", token_ttl)
|
490
|
+
if token_type is not None:
|
491
|
+
pulumi.set(__self__, "token_type", token_type)
|
492
|
+
if ttl is not None:
|
493
|
+
warnings.warn("""Deprecated. Please use `token_ttl` instead.""", DeprecationWarning)
|
494
|
+
pulumi.log.warn("""ttl is deprecated: Deprecated. Please use `token_ttl` instead.""")
|
296
495
|
if ttl is not None:
|
297
496
|
pulumi.set(__self__, "ttl", ttl)
|
298
497
|
if users is not None:
|
@@ -374,6 +573,7 @@ class _AuthBackendState:
|
|
374
573
|
|
375
574
|
@property
|
376
575
|
@pulumi.getter(name="maxTtl")
|
576
|
+
@_utilities.deprecated("""Deprecated. Please use `token_max_ttl` instead.""")
|
377
577
|
def max_ttl(self) -> Optional[pulumi.Input[str]]:
|
378
578
|
"""
|
379
579
|
Maximum duration after which authentication will be expired
|
@@ -391,7 +591,7 @@ class _AuthBackendState:
|
|
391
591
|
"""
|
392
592
|
The namespace to provision the resource in.
|
393
593
|
The value should not contain leading or trailing forward slashes.
|
394
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
594
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
395
595
|
*Available only for Vault Enterprise*.
|
396
596
|
"""
|
397
597
|
return pulumi.get(self, "namespace")
|
@@ -437,8 +637,117 @@ class _AuthBackendState:
|
|
437
637
|
def token(self, value: Optional[pulumi.Input[str]]):
|
438
638
|
pulumi.set(self, "token", value)
|
439
639
|
|
640
|
+
@property
|
641
|
+
@pulumi.getter(name="tokenBoundCidrs")
|
642
|
+
def token_bound_cidrs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
643
|
+
"""
|
644
|
+
Specifies the blocks of IP addresses which are allowed to use the generated token
|
645
|
+
"""
|
646
|
+
return pulumi.get(self, "token_bound_cidrs")
|
647
|
+
|
648
|
+
@token_bound_cidrs.setter
|
649
|
+
def token_bound_cidrs(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
650
|
+
pulumi.set(self, "token_bound_cidrs", value)
|
651
|
+
|
652
|
+
@property
|
653
|
+
@pulumi.getter(name="tokenExplicitMaxTtl")
|
654
|
+
def token_explicit_max_ttl(self) -> Optional[pulumi.Input[int]]:
|
655
|
+
"""
|
656
|
+
Generated Token's Explicit Maximum TTL in seconds
|
657
|
+
"""
|
658
|
+
return pulumi.get(self, "token_explicit_max_ttl")
|
659
|
+
|
660
|
+
@token_explicit_max_ttl.setter
|
661
|
+
def token_explicit_max_ttl(self, value: Optional[pulumi.Input[int]]):
|
662
|
+
pulumi.set(self, "token_explicit_max_ttl", value)
|
663
|
+
|
664
|
+
@property
|
665
|
+
@pulumi.getter(name="tokenMaxTtl")
|
666
|
+
def token_max_ttl(self) -> Optional[pulumi.Input[int]]:
|
667
|
+
"""
|
668
|
+
The maximum lifetime of the generated token
|
669
|
+
"""
|
670
|
+
return pulumi.get(self, "token_max_ttl")
|
671
|
+
|
672
|
+
@token_max_ttl.setter
|
673
|
+
def token_max_ttl(self, value: Optional[pulumi.Input[int]]):
|
674
|
+
pulumi.set(self, "token_max_ttl", value)
|
675
|
+
|
676
|
+
@property
|
677
|
+
@pulumi.getter(name="tokenNoDefaultPolicy")
|
678
|
+
def token_no_default_policy(self) -> Optional[pulumi.Input[bool]]:
|
679
|
+
"""
|
680
|
+
If true, the 'default' policy will not automatically be added to generated tokens
|
681
|
+
"""
|
682
|
+
return pulumi.get(self, "token_no_default_policy")
|
683
|
+
|
684
|
+
@token_no_default_policy.setter
|
685
|
+
def token_no_default_policy(self, value: Optional[pulumi.Input[bool]]):
|
686
|
+
pulumi.set(self, "token_no_default_policy", value)
|
687
|
+
|
688
|
+
@property
|
689
|
+
@pulumi.getter(name="tokenNumUses")
|
690
|
+
def token_num_uses(self) -> Optional[pulumi.Input[int]]:
|
691
|
+
"""
|
692
|
+
The maximum number of times a token may be used, a value of zero means unlimited
|
693
|
+
"""
|
694
|
+
return pulumi.get(self, "token_num_uses")
|
695
|
+
|
696
|
+
@token_num_uses.setter
|
697
|
+
def token_num_uses(self, value: Optional[pulumi.Input[int]]):
|
698
|
+
pulumi.set(self, "token_num_uses", value)
|
699
|
+
|
700
|
+
@property
|
701
|
+
@pulumi.getter(name="tokenPeriod")
|
702
|
+
def token_period(self) -> Optional[pulumi.Input[int]]:
|
703
|
+
"""
|
704
|
+
Generated Token's Period
|
705
|
+
"""
|
706
|
+
return pulumi.get(self, "token_period")
|
707
|
+
|
708
|
+
@token_period.setter
|
709
|
+
def token_period(self, value: Optional[pulumi.Input[int]]):
|
710
|
+
pulumi.set(self, "token_period", value)
|
711
|
+
|
712
|
+
@property
|
713
|
+
@pulumi.getter(name="tokenPolicies")
|
714
|
+
def token_policies(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
715
|
+
"""
|
716
|
+
Generated Token's Policies
|
717
|
+
"""
|
718
|
+
return pulumi.get(self, "token_policies")
|
719
|
+
|
720
|
+
@token_policies.setter
|
721
|
+
def token_policies(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
722
|
+
pulumi.set(self, "token_policies", value)
|
723
|
+
|
724
|
+
@property
|
725
|
+
@pulumi.getter(name="tokenTtl")
|
726
|
+
def token_ttl(self) -> Optional[pulumi.Input[int]]:
|
727
|
+
"""
|
728
|
+
The initial ttl of the token to generate in seconds
|
729
|
+
"""
|
730
|
+
return pulumi.get(self, "token_ttl")
|
731
|
+
|
732
|
+
@token_ttl.setter
|
733
|
+
def token_ttl(self, value: Optional[pulumi.Input[int]]):
|
734
|
+
pulumi.set(self, "token_ttl", value)
|
735
|
+
|
736
|
+
@property
|
737
|
+
@pulumi.getter(name="tokenType")
|
738
|
+
def token_type(self) -> Optional[pulumi.Input[str]]:
|
739
|
+
"""
|
740
|
+
The type of token to generate, service or batch
|
741
|
+
"""
|
742
|
+
return pulumi.get(self, "token_type")
|
743
|
+
|
744
|
+
@token_type.setter
|
745
|
+
def token_type(self, value: Optional[pulumi.Input[str]]):
|
746
|
+
pulumi.set(self, "token_type", value)
|
747
|
+
|
440
748
|
@property
|
441
749
|
@pulumi.getter
|
750
|
+
@_utilities.deprecated("""Deprecated. Please use `token_ttl` instead.""")
|
442
751
|
def ttl(self) -> Optional[pulumi.Input[str]]:
|
443
752
|
"""
|
444
753
|
Duration after which authentication will be expired.
|
@@ -473,14 +782,23 @@ class AuthBackend(pulumi.CustomResource):
|
|
473
782
|
bypass_okta_mfa: Optional[pulumi.Input[bool]] = None,
|
474
783
|
description: Optional[pulumi.Input[str]] = None,
|
475
784
|
disable_remount: Optional[pulumi.Input[bool]] = None,
|
476
|
-
groups: Optional[pulumi.Input[Sequence[pulumi.Input[
|
785
|
+
groups: Optional[pulumi.Input[Sequence[pulumi.Input[Union['AuthBackendGroupArgs', 'AuthBackendGroupArgsDict']]]]] = None,
|
477
786
|
max_ttl: Optional[pulumi.Input[str]] = None,
|
478
787
|
namespace: Optional[pulumi.Input[str]] = None,
|
479
788
|
organization: Optional[pulumi.Input[str]] = None,
|
480
789
|
path: Optional[pulumi.Input[str]] = None,
|
481
790
|
token: Optional[pulumi.Input[str]] = None,
|
791
|
+
token_bound_cidrs: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
792
|
+
token_explicit_max_ttl: Optional[pulumi.Input[int]] = None,
|
793
|
+
token_max_ttl: Optional[pulumi.Input[int]] = None,
|
794
|
+
token_no_default_policy: Optional[pulumi.Input[bool]] = None,
|
795
|
+
token_num_uses: Optional[pulumi.Input[int]] = None,
|
796
|
+
token_period: Optional[pulumi.Input[int]] = None,
|
797
|
+
token_policies: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
798
|
+
token_ttl: Optional[pulumi.Input[int]] = None,
|
799
|
+
token_type: Optional[pulumi.Input[str]] = None,
|
482
800
|
ttl: Optional[pulumi.Input[str]] = None,
|
483
|
-
users: Optional[pulumi.Input[Sequence[pulumi.Input[
|
801
|
+
users: Optional[pulumi.Input[Sequence[pulumi.Input[Union['AuthBackendUserArgs', 'AuthBackendUserArgsDict']]]]] = None,
|
484
802
|
__props__=None):
|
485
803
|
"""
|
486
804
|
Provides a resource for managing an
|
@@ -488,28 +806,26 @@ class AuthBackend(pulumi.CustomResource):
|
|
488
806
|
|
489
807
|
## Example Usage
|
490
808
|
|
491
|
-
<!--Start PulumiCodeChooser -->
|
492
809
|
```python
|
493
810
|
import pulumi
|
494
811
|
import pulumi_vault as vault
|
495
812
|
|
496
813
|
example = vault.okta.AuthBackend("example",
|
497
814
|
description="Demonstration of the Terraform Okta auth backend",
|
498
|
-
|
499
|
-
|
500
|
-
|
815
|
+
organization="example",
|
816
|
+
token="something that should be kept secret",
|
817
|
+
groups=[{
|
818
|
+
"group_name": "foo",
|
819
|
+
"policies": [
|
501
820
|
"one",
|
502
821
|
"two",
|
503
822
|
],
|
504
|
-
|
505
|
-
|
506
|
-
|
507
|
-
|
508
|
-
|
509
|
-
username="bar",
|
510
|
-
)])
|
823
|
+
}],
|
824
|
+
users=[{
|
825
|
+
"username": "bar",
|
826
|
+
"groups": ["foo"],
|
827
|
+
}])
|
511
828
|
```
|
512
|
-
<!--End PulumiCodeChooser -->
|
513
829
|
|
514
830
|
## Import
|
515
831
|
|
@@ -526,21 +842,30 @@ class AuthBackend(pulumi.CustomResource):
|
|
526
842
|
:param pulumi.Input[str] description: The description of the auth backend
|
527
843
|
:param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
|
528
844
|
See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
|
529
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
845
|
+
:param pulumi.Input[Sequence[pulumi.Input[Union['AuthBackendGroupArgs', 'AuthBackendGroupArgsDict']]]] groups: Associate Okta groups with policies within Vault.
|
530
846
|
See below for more details.
|
531
847
|
:param pulumi.Input[str] max_ttl: Maximum duration after which authentication will be expired
|
532
848
|
[See the documentation for info on valid duration formats](https://golang.org/pkg/time/#ParseDuration).
|
533
849
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
534
850
|
The value should not contain leading or trailing forward slashes.
|
535
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
851
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
536
852
|
*Available only for Vault Enterprise*.
|
537
853
|
:param pulumi.Input[str] organization: The Okta organization. This will be the first part of the url `https://XXX.okta.com`
|
538
854
|
:param pulumi.Input[str] path: Path to mount the Okta auth backend. Default to path `okta`.
|
539
855
|
:param pulumi.Input[str] token: The Okta API token. This is required to query Okta for user group membership.
|
540
856
|
If this is not supplied only locally configured groups will be enabled.
|
857
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
|
858
|
+
:param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
|
859
|
+
:param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
|
860
|
+
:param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
|
861
|
+
:param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
|
862
|
+
:param pulumi.Input[int] token_period: Generated Token's Period
|
863
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
|
864
|
+
:param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
|
865
|
+
:param pulumi.Input[str] token_type: The type of token to generate, service or batch
|
541
866
|
:param pulumi.Input[str] ttl: Duration after which authentication will be expired.
|
542
867
|
[See the documentation for info on valid duration formats](https://golang.org/pkg/time/#ParseDuration).
|
543
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
868
|
+
:param pulumi.Input[Sequence[pulumi.Input[Union['AuthBackendUserArgs', 'AuthBackendUserArgsDict']]]] users: Associate Okta users with groups or policies within Vault.
|
544
869
|
See below for more details.
|
545
870
|
"""
|
546
871
|
...
|
@@ -555,28 +880,26 @@ class AuthBackend(pulumi.CustomResource):
|
|
555
880
|
|
556
881
|
## Example Usage
|
557
882
|
|
558
|
-
<!--Start PulumiCodeChooser -->
|
559
883
|
```python
|
560
884
|
import pulumi
|
561
885
|
import pulumi_vault as vault
|
562
886
|
|
563
887
|
example = vault.okta.AuthBackend("example",
|
564
888
|
description="Demonstration of the Terraform Okta auth backend",
|
565
|
-
|
566
|
-
|
567
|
-
|
889
|
+
organization="example",
|
890
|
+
token="something that should be kept secret",
|
891
|
+
groups=[{
|
892
|
+
"group_name": "foo",
|
893
|
+
"policies": [
|
568
894
|
"one",
|
569
895
|
"two",
|
570
896
|
],
|
571
|
-
|
572
|
-
|
573
|
-
|
574
|
-
|
575
|
-
|
576
|
-
username="bar",
|
577
|
-
)])
|
897
|
+
}],
|
898
|
+
users=[{
|
899
|
+
"username": "bar",
|
900
|
+
"groups": ["foo"],
|
901
|
+
}])
|
578
902
|
```
|
579
|
-
<!--End PulumiCodeChooser -->
|
580
903
|
|
581
904
|
## Import
|
582
905
|
|
@@ -605,14 +928,23 @@ class AuthBackend(pulumi.CustomResource):
|
|
605
928
|
bypass_okta_mfa: Optional[pulumi.Input[bool]] = None,
|
606
929
|
description: Optional[pulumi.Input[str]] = None,
|
607
930
|
disable_remount: Optional[pulumi.Input[bool]] = None,
|
608
|
-
groups: Optional[pulumi.Input[Sequence[pulumi.Input[
|
931
|
+
groups: Optional[pulumi.Input[Sequence[pulumi.Input[Union['AuthBackendGroupArgs', 'AuthBackendGroupArgsDict']]]]] = None,
|
609
932
|
max_ttl: Optional[pulumi.Input[str]] = None,
|
610
933
|
namespace: Optional[pulumi.Input[str]] = None,
|
611
934
|
organization: Optional[pulumi.Input[str]] = None,
|
612
935
|
path: Optional[pulumi.Input[str]] = None,
|
613
936
|
token: Optional[pulumi.Input[str]] = None,
|
937
|
+
token_bound_cidrs: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
938
|
+
token_explicit_max_ttl: Optional[pulumi.Input[int]] = None,
|
939
|
+
token_max_ttl: Optional[pulumi.Input[int]] = None,
|
940
|
+
token_no_default_policy: Optional[pulumi.Input[bool]] = None,
|
941
|
+
token_num_uses: Optional[pulumi.Input[int]] = None,
|
942
|
+
token_period: Optional[pulumi.Input[int]] = None,
|
943
|
+
token_policies: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
944
|
+
token_ttl: Optional[pulumi.Input[int]] = None,
|
945
|
+
token_type: Optional[pulumi.Input[str]] = None,
|
614
946
|
ttl: Optional[pulumi.Input[str]] = None,
|
615
|
-
users: Optional[pulumi.Input[Sequence[pulumi.Input[
|
947
|
+
users: Optional[pulumi.Input[Sequence[pulumi.Input[Union['AuthBackendUserArgs', 'AuthBackendUserArgsDict']]]]] = None,
|
616
948
|
__props__=None):
|
617
949
|
opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
|
618
950
|
if not isinstance(opts, pulumi.ResourceOptions):
|
@@ -634,6 +966,15 @@ class AuthBackend(pulumi.CustomResource):
|
|
634
966
|
__props__.__dict__["organization"] = organization
|
635
967
|
__props__.__dict__["path"] = path
|
636
968
|
__props__.__dict__["token"] = None if token is None else pulumi.Output.secret(token)
|
969
|
+
__props__.__dict__["token_bound_cidrs"] = token_bound_cidrs
|
970
|
+
__props__.__dict__["token_explicit_max_ttl"] = token_explicit_max_ttl
|
971
|
+
__props__.__dict__["token_max_ttl"] = token_max_ttl
|
972
|
+
__props__.__dict__["token_no_default_policy"] = token_no_default_policy
|
973
|
+
__props__.__dict__["token_num_uses"] = token_num_uses
|
974
|
+
__props__.__dict__["token_period"] = token_period
|
975
|
+
__props__.__dict__["token_policies"] = token_policies
|
976
|
+
__props__.__dict__["token_ttl"] = token_ttl
|
977
|
+
__props__.__dict__["token_type"] = token_type
|
637
978
|
__props__.__dict__["ttl"] = ttl
|
638
979
|
__props__.__dict__["users"] = users
|
639
980
|
__props__.__dict__["accessor"] = None
|
@@ -654,14 +995,23 @@ class AuthBackend(pulumi.CustomResource):
|
|
654
995
|
bypass_okta_mfa: Optional[pulumi.Input[bool]] = None,
|
655
996
|
description: Optional[pulumi.Input[str]] = None,
|
656
997
|
disable_remount: Optional[pulumi.Input[bool]] = None,
|
657
|
-
groups: Optional[pulumi.Input[Sequence[pulumi.Input[
|
998
|
+
groups: Optional[pulumi.Input[Sequence[pulumi.Input[Union['AuthBackendGroupArgs', 'AuthBackendGroupArgsDict']]]]] = None,
|
658
999
|
max_ttl: Optional[pulumi.Input[str]] = None,
|
659
1000
|
namespace: Optional[pulumi.Input[str]] = None,
|
660
1001
|
organization: Optional[pulumi.Input[str]] = None,
|
661
1002
|
path: Optional[pulumi.Input[str]] = None,
|
662
1003
|
token: Optional[pulumi.Input[str]] = None,
|
1004
|
+
token_bound_cidrs: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1005
|
+
token_explicit_max_ttl: Optional[pulumi.Input[int]] = None,
|
1006
|
+
token_max_ttl: Optional[pulumi.Input[int]] = None,
|
1007
|
+
token_no_default_policy: Optional[pulumi.Input[bool]] = None,
|
1008
|
+
token_num_uses: Optional[pulumi.Input[int]] = None,
|
1009
|
+
token_period: Optional[pulumi.Input[int]] = None,
|
1010
|
+
token_policies: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1011
|
+
token_ttl: Optional[pulumi.Input[int]] = None,
|
1012
|
+
token_type: Optional[pulumi.Input[str]] = None,
|
663
1013
|
ttl: Optional[pulumi.Input[str]] = None,
|
664
|
-
users: Optional[pulumi.Input[Sequence[pulumi.Input[
|
1014
|
+
users: Optional[pulumi.Input[Sequence[pulumi.Input[Union['AuthBackendUserArgs', 'AuthBackendUserArgsDict']]]]] = None) -> 'AuthBackend':
|
665
1015
|
"""
|
666
1016
|
Get an existing AuthBackend resource's state with the given name, id, and optional extra
|
667
1017
|
properties used to qualify the lookup.
|
@@ -675,21 +1025,30 @@ class AuthBackend(pulumi.CustomResource):
|
|
675
1025
|
:param pulumi.Input[str] description: The description of the auth backend
|
676
1026
|
:param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
|
677
1027
|
See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
|
678
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
1028
|
+
:param pulumi.Input[Sequence[pulumi.Input[Union['AuthBackendGroupArgs', 'AuthBackendGroupArgsDict']]]] groups: Associate Okta groups with policies within Vault.
|
679
1029
|
See below for more details.
|
680
1030
|
:param pulumi.Input[str] max_ttl: Maximum duration after which authentication will be expired
|
681
1031
|
[See the documentation for info on valid duration formats](https://golang.org/pkg/time/#ParseDuration).
|
682
1032
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
683
1033
|
The value should not contain leading or trailing forward slashes.
|
684
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
1034
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
685
1035
|
*Available only for Vault Enterprise*.
|
686
1036
|
:param pulumi.Input[str] organization: The Okta organization. This will be the first part of the url `https://XXX.okta.com`
|
687
1037
|
:param pulumi.Input[str] path: Path to mount the Okta auth backend. Default to path `okta`.
|
688
1038
|
:param pulumi.Input[str] token: The Okta API token. This is required to query Okta for user group membership.
|
689
1039
|
If this is not supplied only locally configured groups will be enabled.
|
1040
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
|
1041
|
+
:param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
|
1042
|
+
:param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
|
1043
|
+
:param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
|
1044
|
+
:param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
|
1045
|
+
:param pulumi.Input[int] token_period: Generated Token's Period
|
1046
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
|
1047
|
+
:param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
|
1048
|
+
:param pulumi.Input[str] token_type: The type of token to generate, service or batch
|
690
1049
|
:param pulumi.Input[str] ttl: Duration after which authentication will be expired.
|
691
1050
|
[See the documentation for info on valid duration formats](https://golang.org/pkg/time/#ParseDuration).
|
692
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
1051
|
+
:param pulumi.Input[Sequence[pulumi.Input[Union['AuthBackendUserArgs', 'AuthBackendUserArgsDict']]]] users: Associate Okta users with groups or policies within Vault.
|
693
1052
|
See below for more details.
|
694
1053
|
"""
|
695
1054
|
opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
|
@@ -707,6 +1066,15 @@ class AuthBackend(pulumi.CustomResource):
|
|
707
1066
|
__props__.__dict__["organization"] = organization
|
708
1067
|
__props__.__dict__["path"] = path
|
709
1068
|
__props__.__dict__["token"] = token
|
1069
|
+
__props__.__dict__["token_bound_cidrs"] = token_bound_cidrs
|
1070
|
+
__props__.__dict__["token_explicit_max_ttl"] = token_explicit_max_ttl
|
1071
|
+
__props__.__dict__["token_max_ttl"] = token_max_ttl
|
1072
|
+
__props__.__dict__["token_no_default_policy"] = token_no_default_policy
|
1073
|
+
__props__.__dict__["token_num_uses"] = token_num_uses
|
1074
|
+
__props__.__dict__["token_period"] = token_period
|
1075
|
+
__props__.__dict__["token_policies"] = token_policies
|
1076
|
+
__props__.__dict__["token_ttl"] = token_ttl
|
1077
|
+
__props__.__dict__["token_type"] = token_type
|
710
1078
|
__props__.__dict__["ttl"] = ttl
|
711
1079
|
__props__.__dict__["users"] = users
|
712
1080
|
return AuthBackend(resource_name, opts=opts, __props__=__props__)
|
@@ -763,6 +1131,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
763
1131
|
|
764
1132
|
@property
|
765
1133
|
@pulumi.getter(name="maxTtl")
|
1134
|
+
@_utilities.deprecated("""Deprecated. Please use `token_max_ttl` instead.""")
|
766
1135
|
def max_ttl(self) -> pulumi.Output[Optional[str]]:
|
767
1136
|
"""
|
768
1137
|
Maximum duration after which authentication will be expired
|
@@ -776,7 +1145,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
776
1145
|
"""
|
777
1146
|
The namespace to provision the resource in.
|
778
1147
|
The value should not contain leading or trailing forward slashes.
|
779
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
1148
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
780
1149
|
*Available only for Vault Enterprise*.
|
781
1150
|
"""
|
782
1151
|
return pulumi.get(self, "namespace")
|
@@ -806,8 +1175,81 @@ class AuthBackend(pulumi.CustomResource):
|
|
806
1175
|
"""
|
807
1176
|
return pulumi.get(self, "token")
|
808
1177
|
|
1178
|
+
@property
|
1179
|
+
@pulumi.getter(name="tokenBoundCidrs")
|
1180
|
+
def token_bound_cidrs(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
1181
|
+
"""
|
1182
|
+
Specifies the blocks of IP addresses which are allowed to use the generated token
|
1183
|
+
"""
|
1184
|
+
return pulumi.get(self, "token_bound_cidrs")
|
1185
|
+
|
1186
|
+
@property
|
1187
|
+
@pulumi.getter(name="tokenExplicitMaxTtl")
|
1188
|
+
def token_explicit_max_ttl(self) -> pulumi.Output[Optional[int]]:
|
1189
|
+
"""
|
1190
|
+
Generated Token's Explicit Maximum TTL in seconds
|
1191
|
+
"""
|
1192
|
+
return pulumi.get(self, "token_explicit_max_ttl")
|
1193
|
+
|
1194
|
+
@property
|
1195
|
+
@pulumi.getter(name="tokenMaxTtl")
|
1196
|
+
def token_max_ttl(self) -> pulumi.Output[Optional[int]]:
|
1197
|
+
"""
|
1198
|
+
The maximum lifetime of the generated token
|
1199
|
+
"""
|
1200
|
+
return pulumi.get(self, "token_max_ttl")
|
1201
|
+
|
1202
|
+
@property
|
1203
|
+
@pulumi.getter(name="tokenNoDefaultPolicy")
|
1204
|
+
def token_no_default_policy(self) -> pulumi.Output[Optional[bool]]:
|
1205
|
+
"""
|
1206
|
+
If true, the 'default' policy will not automatically be added to generated tokens
|
1207
|
+
"""
|
1208
|
+
return pulumi.get(self, "token_no_default_policy")
|
1209
|
+
|
1210
|
+
@property
|
1211
|
+
@pulumi.getter(name="tokenNumUses")
|
1212
|
+
def token_num_uses(self) -> pulumi.Output[Optional[int]]:
|
1213
|
+
"""
|
1214
|
+
The maximum number of times a token may be used, a value of zero means unlimited
|
1215
|
+
"""
|
1216
|
+
return pulumi.get(self, "token_num_uses")
|
1217
|
+
|
1218
|
+
@property
|
1219
|
+
@pulumi.getter(name="tokenPeriod")
|
1220
|
+
def token_period(self) -> pulumi.Output[Optional[int]]:
|
1221
|
+
"""
|
1222
|
+
Generated Token's Period
|
1223
|
+
"""
|
1224
|
+
return pulumi.get(self, "token_period")
|
1225
|
+
|
1226
|
+
@property
|
1227
|
+
@pulumi.getter(name="tokenPolicies")
|
1228
|
+
def token_policies(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
1229
|
+
"""
|
1230
|
+
Generated Token's Policies
|
1231
|
+
"""
|
1232
|
+
return pulumi.get(self, "token_policies")
|
1233
|
+
|
1234
|
+
@property
|
1235
|
+
@pulumi.getter(name="tokenTtl")
|
1236
|
+
def token_ttl(self) -> pulumi.Output[Optional[int]]:
|
1237
|
+
"""
|
1238
|
+
The initial ttl of the token to generate in seconds
|
1239
|
+
"""
|
1240
|
+
return pulumi.get(self, "token_ttl")
|
1241
|
+
|
1242
|
+
@property
|
1243
|
+
@pulumi.getter(name="tokenType")
|
1244
|
+
def token_type(self) -> pulumi.Output[Optional[str]]:
|
1245
|
+
"""
|
1246
|
+
The type of token to generate, service or batch
|
1247
|
+
"""
|
1248
|
+
return pulumi.get(self, "token_type")
|
1249
|
+
|
809
1250
|
@property
|
810
1251
|
@pulumi.getter
|
1252
|
+
@_utilities.deprecated("""Deprecated. Please use `token_ttl` instead.""")
|
811
1253
|
def ttl(self) -> pulumi.Output[Optional[str]]:
|
812
1254
|
"""
|
813
1255
|
Duration after which authentication will be expired.
|