pulumi-vault 5.21.0a1710160723__py3-none-any.whl → 6.5.0a1736850018__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +52 -0
- pulumi_vault/_inputs.py +560 -0
- pulumi_vault/_utilities.py +41 -5
- pulumi_vault/ad/get_access_credentials.py +22 -7
- pulumi_vault/ad/secret_backend.py +14 -144
- pulumi_vault/ad/secret_library.py +14 -11
- pulumi_vault/ad/secret_role.py +12 -11
- pulumi_vault/alicloud/auth_backend_role.py +74 -192
- pulumi_vault/approle/auth_backend_login.py +12 -11
- pulumi_vault/approle/auth_backend_role.py +75 -193
- pulumi_vault/approle/auth_backend_role_secret_id.py +106 -11
- pulumi_vault/approle/get_auth_backend_role_id.py +18 -9
- pulumi_vault/audit.py +24 -27
- pulumi_vault/audit_request_header.py +11 -6
- pulumi_vault/auth_backend.py +64 -12
- pulumi_vault/aws/auth_backend_cert.py +12 -7
- pulumi_vault/aws/auth_backend_client.py +265 -24
- pulumi_vault/aws/auth_backend_config_identity.py +12 -11
- pulumi_vault/aws/auth_backend_identity_whitelist.py +18 -17
- pulumi_vault/aws/auth_backend_login.py +19 -22
- pulumi_vault/aws/auth_backend_role.py +75 -193
- pulumi_vault/aws/auth_backend_role_tag.py +12 -7
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -17
- pulumi_vault/aws/auth_backend_sts_role.py +12 -11
- pulumi_vault/aws/get_access_credentials.py +34 -7
- pulumi_vault/aws/get_static_access_credentials.py +19 -5
- pulumi_vault/aws/secret_backend.py +75 -7
- pulumi_vault/aws/secret_backend_role.py +183 -11
- pulumi_vault/aws/secret_backend_static_role.py +14 -11
- pulumi_vault/azure/_inputs.py +24 -0
- pulumi_vault/azure/auth_backend_config.py +151 -17
- pulumi_vault/azure/auth_backend_role.py +75 -193
- pulumi_vault/azure/backend.py +223 -29
- pulumi_vault/azure/backend_role.py +42 -41
- pulumi_vault/azure/get_access_credentials.py +39 -11
- pulumi_vault/azure/outputs.py +5 -0
- pulumi_vault/cert_auth_backend_role.py +87 -271
- pulumi_vault/config/__init__.pyi +5 -0
- pulumi_vault/config/_inputs.py +73 -0
- pulumi_vault/config/outputs.py +35 -0
- pulumi_vault/config/ui_custom_message.py +529 -0
- pulumi_vault/config/vars.py +5 -0
- pulumi_vault/consul/secret_backend.py +22 -25
- pulumi_vault/consul/secret_backend_role.py +14 -80
- pulumi_vault/database/_inputs.py +2770 -881
- pulumi_vault/database/outputs.py +721 -838
- pulumi_vault/database/secret_backend_connection.py +117 -114
- pulumi_vault/database/secret_backend_role.py +29 -24
- pulumi_vault/database/secret_backend_static_role.py +85 -15
- pulumi_vault/database/secrets_mount.py +425 -138
- pulumi_vault/egp_policy.py +16 -15
- pulumi_vault/gcp/_inputs.py +111 -0
- pulumi_vault/gcp/auth_backend.py +248 -35
- pulumi_vault/gcp/auth_backend_role.py +75 -271
- pulumi_vault/gcp/get_auth_backend_role.py +43 -9
- pulumi_vault/gcp/outputs.py +5 -0
- pulumi_vault/gcp/secret_backend.py +287 -16
- pulumi_vault/gcp/secret_impersonated_account.py +74 -17
- pulumi_vault/gcp/secret_roleset.py +29 -26
- pulumi_vault/gcp/secret_static_account.py +37 -34
- pulumi_vault/generic/endpoint.py +22 -21
- pulumi_vault/generic/get_secret.py +68 -12
- pulumi_vault/generic/secret.py +19 -14
- pulumi_vault/get_auth_backend.py +24 -11
- pulumi_vault/get_auth_backends.py +33 -11
- pulumi_vault/get_namespace.py +226 -0
- pulumi_vault/get_namespaces.py +153 -0
- pulumi_vault/get_nomad_access_token.py +31 -15
- pulumi_vault/get_policy_document.py +34 -23
- pulumi_vault/get_raft_autopilot_state.py +29 -14
- pulumi_vault/github/_inputs.py +55 -0
- pulumi_vault/github/auth_backend.py +17 -16
- pulumi_vault/github/outputs.py +5 -0
- pulumi_vault/github/team.py +14 -13
- pulumi_vault/github/user.py +14 -13
- pulumi_vault/identity/entity.py +18 -15
- pulumi_vault/identity/entity_alias.py +18 -15
- pulumi_vault/identity/entity_policies.py +24 -19
- pulumi_vault/identity/get_entity.py +40 -14
- pulumi_vault/identity/get_group.py +45 -13
- pulumi_vault/identity/get_oidc_client_creds.py +21 -11
- pulumi_vault/identity/get_oidc_openid_config.py +39 -13
- pulumi_vault/identity/get_oidc_public_keys.py +29 -14
- pulumi_vault/identity/group.py +50 -49
- pulumi_vault/identity/group_alias.py +14 -11
- pulumi_vault/identity/group_member_entity_ids.py +24 -74
- pulumi_vault/identity/group_member_group_ids.py +36 -27
- pulumi_vault/identity/group_policies.py +16 -15
- pulumi_vault/identity/mfa_duo.py +9 -8
- pulumi_vault/identity/mfa_login_enforcement.py +13 -8
- pulumi_vault/identity/mfa_okta.py +9 -8
- pulumi_vault/identity/mfa_pingid.py +5 -4
- pulumi_vault/identity/mfa_totp.py +5 -4
- pulumi_vault/identity/oidc.py +12 -11
- pulumi_vault/identity/oidc_assignment.py +22 -13
- pulumi_vault/identity/oidc_client.py +34 -25
- pulumi_vault/identity/oidc_key.py +28 -19
- pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -19
- pulumi_vault/identity/oidc_provider.py +34 -23
- pulumi_vault/identity/oidc_role.py +40 -27
- pulumi_vault/identity/oidc_scope.py +18 -15
- pulumi_vault/identity/outputs.py +8 -3
- pulumi_vault/jwt/_inputs.py +55 -0
- pulumi_vault/jwt/auth_backend.py +39 -46
- pulumi_vault/jwt/auth_backend_role.py +131 -260
- pulumi_vault/jwt/outputs.py +5 -0
- pulumi_vault/kmip/secret_backend.py +22 -21
- pulumi_vault/kmip/secret_role.py +12 -11
- pulumi_vault/kmip/secret_scope.py +12 -11
- pulumi_vault/kubernetes/auth_backend_config.py +55 -7
- pulumi_vault/kubernetes/auth_backend_role.py +68 -179
- pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
- pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
- pulumi_vault/kubernetes/get_service_account_token.py +39 -15
- pulumi_vault/kubernetes/secret_backend.py +314 -29
- pulumi_vault/kubernetes/secret_backend_role.py +135 -56
- pulumi_vault/kv/_inputs.py +36 -4
- pulumi_vault/kv/get_secret.py +23 -12
- pulumi_vault/kv/get_secret_subkeys_v2.py +31 -14
- pulumi_vault/kv/get_secret_v2.py +89 -9
- pulumi_vault/kv/get_secrets_list.py +22 -15
- pulumi_vault/kv/get_secrets_list_v2.py +35 -19
- pulumi_vault/kv/outputs.py +8 -3
- pulumi_vault/kv/secret.py +19 -18
- pulumi_vault/kv/secret_backend_v2.py +12 -11
- pulumi_vault/kv/secret_v2.py +55 -52
- pulumi_vault/ldap/auth_backend.py +125 -168
- pulumi_vault/ldap/auth_backend_group.py +12 -11
- pulumi_vault/ldap/auth_backend_user.py +12 -11
- pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
- pulumi_vault/ldap/get_static_credentials.py +24 -5
- pulumi_vault/ldap/secret_backend.py +352 -84
- pulumi_vault/ldap/secret_backend_dynamic_role.py +12 -11
- pulumi_vault/ldap/secret_backend_library_set.py +14 -11
- pulumi_vault/ldap/secret_backend_static_role.py +67 -12
- pulumi_vault/managed/_inputs.py +289 -132
- pulumi_vault/managed/keys.py +27 -43
- pulumi_vault/managed/outputs.py +89 -132
- pulumi_vault/mfa_duo.py +16 -13
- pulumi_vault/mfa_okta.py +16 -13
- pulumi_vault/mfa_pingid.py +16 -13
- pulumi_vault/mfa_totp.py +22 -19
- pulumi_vault/mongodbatlas/secret_backend.py +18 -17
- pulumi_vault/mongodbatlas/secret_role.py +41 -38
- pulumi_vault/mount.py +389 -65
- pulumi_vault/namespace.py +26 -21
- pulumi_vault/nomad_secret_backend.py +16 -15
- pulumi_vault/nomad_secret_role.py +12 -11
- pulumi_vault/okta/_inputs.py +47 -8
- pulumi_vault/okta/auth_backend.py +483 -41
- pulumi_vault/okta/auth_backend_group.py +12 -11
- pulumi_vault/okta/auth_backend_user.py +12 -11
- pulumi_vault/okta/outputs.py +13 -8
- pulumi_vault/outputs.py +5 -0
- pulumi_vault/password_policy.py +18 -15
- pulumi_vault/pkisecret/__init__.py +3 -0
- pulumi_vault/pkisecret/_inputs.py +81 -0
- pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
- pulumi_vault/pkisecret/backend_config_est.py +619 -0
- pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
- pulumi_vault/pkisecret/get_backend_issuer.py +63 -7
- pulumi_vault/pkisecret/get_backend_issuers.py +21 -12
- pulumi_vault/pkisecret/get_backend_key.py +24 -13
- pulumi_vault/pkisecret/get_backend_keys.py +21 -12
- pulumi_vault/pkisecret/outputs.py +69 -0
- pulumi_vault/pkisecret/secret_backend_cert.py +18 -15
- pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -15
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +12 -11
- pulumi_vault/pkisecret/secret_backend_config_urls.py +59 -11
- pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -13
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -15
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -21
- pulumi_vault/pkisecret/secret_backend_issuer.py +12 -11
- pulumi_vault/pkisecret/secret_backend_key.py +12 -7
- pulumi_vault/pkisecret/secret_backend_role.py +19 -16
- pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -52
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -62
- pulumi_vault/pkisecret/secret_backend_sign.py +18 -60
- pulumi_vault/plugin.py +595 -0
- pulumi_vault/plugin_pinned_version.py +298 -0
- pulumi_vault/policy.py +12 -7
- pulumi_vault/provider.py +48 -53
- pulumi_vault/pulumi-plugin.json +2 -1
- pulumi_vault/quota_lease_count.py +58 -8
- pulumi_vault/quota_rate_limit.py +54 -4
- pulumi_vault/rabbitmq/_inputs.py +61 -0
- pulumi_vault/rabbitmq/outputs.py +5 -0
- pulumi_vault/rabbitmq/secret_backend.py +16 -15
- pulumi_vault/rabbitmq/secret_backend_role.py +52 -49
- pulumi_vault/raft_autopilot.py +12 -11
- pulumi_vault/raft_snapshot_agent_config.py +121 -311
- pulumi_vault/rgp_policy.py +14 -13
- pulumi_vault/saml/auth_backend.py +20 -19
- pulumi_vault/saml/auth_backend_role.py +90 -199
- pulumi_vault/secrets/__init__.py +3 -0
- pulumi_vault/secrets/_inputs.py +110 -0
- pulumi_vault/secrets/outputs.py +94 -0
- pulumi_vault/secrets/sync_association.py +56 -75
- pulumi_vault/secrets/sync_aws_destination.py +240 -29
- pulumi_vault/secrets/sync_azure_destination.py +90 -33
- pulumi_vault/secrets/sync_config.py +7 -6
- pulumi_vault/secrets/sync_gcp_destination.py +156 -27
- pulumi_vault/secrets/sync_gh_destination.py +187 -15
- pulumi_vault/secrets/sync_github_apps.py +375 -0
- pulumi_vault/secrets/sync_vercel_destination.py +72 -15
- pulumi_vault/ssh/_inputs.py +28 -32
- pulumi_vault/ssh/outputs.py +11 -32
- pulumi_vault/ssh/secret_backend_ca.py +106 -11
- pulumi_vault/ssh/secret_backend_role.py +83 -120
- pulumi_vault/terraformcloud/secret_backend.py +5 -56
- pulumi_vault/terraformcloud/secret_creds.py +14 -24
- pulumi_vault/terraformcloud/secret_role.py +14 -76
- pulumi_vault/token.py +26 -25
- pulumi_vault/tokenauth/auth_backend_role.py +76 -201
- pulumi_vault/transform/alphabet.py +16 -13
- pulumi_vault/transform/get_decode.py +45 -21
- pulumi_vault/transform/get_encode.py +45 -21
- pulumi_vault/transform/role.py +16 -13
- pulumi_vault/transform/template.py +30 -25
- pulumi_vault/transform/transformation.py +12 -7
- pulumi_vault/transit/get_decrypt.py +26 -25
- pulumi_vault/transit/get_encrypt.py +24 -19
- pulumi_vault/transit/secret_backend_key.py +25 -97
- pulumi_vault/transit/secret_cache_config.py +12 -11
- {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736850018.dist-info}/METADATA +8 -7
- pulumi_vault-6.5.0a1736850018.dist-info/RECORD +256 -0
- {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736850018.dist-info}/WHEEL +1 -1
- pulumi_vault-5.21.0a1710160723.dist-info/RECORD +0 -244
- {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736850018.dist-info}/top_level.txt +0 -0
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from . import _utilities
|
11
16
|
|
12
17
|
__all__ = ['RaftSnapshotAgentConfigArgs', 'RaftSnapshotAgentConfig']
|
@@ -53,60 +58,33 @@ class RaftSnapshotAgentConfigArgs:
|
|
53
58
|
or "google-gcs". The remaining parameters described below are all specific to
|
54
59
|
the selected `storage_type` and prefixed accordingly.
|
55
60
|
:param pulumi.Input[str] aws_access_key_id: AWS access key ID.
|
56
|
-
:param pulumi.Input[str] aws_s3_bucket:
|
57
|
-
:param pulumi.Input[bool] aws_s3_disable_tls: Disable TLS for the S3 endpoint. This
|
58
|
-
should only be used for testing purposes, typically in conjunction with
|
59
|
-
`aws_s3_endpoint`.
|
61
|
+
:param pulumi.Input[str] aws_s3_bucket: S3 bucket to write snapshots to.
|
62
|
+
:param pulumi.Input[bool] aws_s3_disable_tls: Disable TLS for the S3 endpoint. This should only be used for testing purposes.
|
60
63
|
:param pulumi.Input[bool] aws_s3_enable_kms: Use KMS to encrypt bucket contents.
|
61
|
-
:param pulumi.Input[str] aws_s3_endpoint: AWS endpoint. This is typically only set when
|
62
|
-
|
63
|
-
:param pulumi.Input[
|
64
|
-
|
65
|
-
:param pulumi.Input[str] aws_s3_kms_key: Use named KMS key, when `aws_s3_enable_kms = true`
|
66
|
-
:param pulumi.Input[str] aws_s3_region: `<required>` - AWS region bucket is in.
|
64
|
+
:param pulumi.Input[str] aws_s3_endpoint: AWS endpoint. This is typically only set when using a non-AWS S3 implementation like Minio.
|
65
|
+
:param pulumi.Input[bool] aws_s3_force_path_style: Use the endpoint/bucket URL style instead of bucket.endpoint.
|
66
|
+
:param pulumi.Input[str] aws_s3_kms_key: Use named KMS key, when aws_s3_enable_kms=true
|
67
|
+
:param pulumi.Input[str] aws_s3_region: AWS region bucket is in.
|
67
68
|
:param pulumi.Input[bool] aws_s3_server_side_encryption: Use AES256 to encrypt bucket contents.
|
68
69
|
:param pulumi.Input[str] aws_secret_access_key: AWS secret access key.
|
69
70
|
:param pulumi.Input[str] aws_session_token: AWS session token.
|
70
71
|
:param pulumi.Input[str] azure_account_key: Azure account key.
|
71
72
|
:param pulumi.Input[str] azure_account_name: Azure account name.
|
72
73
|
:param pulumi.Input[str] azure_blob_environment: Azure blob environment.
|
73
|
-
:param pulumi.Input[str] azure_container_name:
|
74
|
-
|
75
|
-
:param pulumi.Input[str] azure_endpoint: Azure blob storage endpoint. This is typically
|
76
|
-
only set when using a non-Azure implementation like Azurite.
|
74
|
+
:param pulumi.Input[str] azure_container_name: Azure container name to write snapshots to.
|
75
|
+
:param pulumi.Input[str] azure_endpoint: Azure blob storage endpoint. This is typically only set when using a non-Azure implementation like Azurite.
|
77
76
|
:param pulumi.Input[str] file_prefix: Within the directory or bucket
|
78
77
|
prefix given by `path_prefix`, the file or object name of snapshot files
|
79
78
|
will start with this string.
|
80
|
-
:param pulumi.Input[bool] google_disable_tls: Disable TLS for the GCS endpoint.
|
81
|
-
|
82
|
-
|
83
|
-
:param pulumi.Input[str]
|
84
|
-
|
85
|
-
:param pulumi.Input[str] google_gcs_bucket: `<required>` - GCS bucket to write snapshots to.
|
86
|
-
:param pulumi.Input[str] google_service_account_key: Google service account key in JSON format.
|
87
|
-
The raw value looks like this:
|
88
|
-
|
89
|
-
```json
|
90
|
-
{
|
91
|
-
"type": "service_account",
|
92
|
-
"project_id": "project-id",
|
93
|
-
"private_key_id": "key-id",
|
94
|
-
"private_key": "-----BEGIN RSA PRIVATE KEY-----\\nMIIEpQ ... /WZs=\\n-----END RSA PRIVATE KEY-----\\n",
|
95
|
-
"client_email": "service-account-email",
|
96
|
-
"client_id": "client-id",
|
97
|
-
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
|
98
|
-
"token_uri": "https://accounts.google.com/o/oauth2/token",
|
99
|
-
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
|
100
|
-
"client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/service-account-email"
|
101
|
-
}
|
102
|
-
```
|
103
|
-
:param pulumi.Input[int] local_max_space: For `storage_type = local`, the maximum
|
104
|
-
space, in bytes, to use for snapshots. Snapshot attempts will fail if there is not enough
|
105
|
-
space left in this allowance.
|
79
|
+
:param pulumi.Input[bool] google_disable_tls: Disable TLS for the GCS endpoint.
|
80
|
+
:param pulumi.Input[str] google_endpoint: GCS endpoint. This is typically only set when using a non-Google GCS implementation like fake-gcs-server.
|
81
|
+
:param pulumi.Input[str] google_gcs_bucket: GCS bucket to write snapshots to.
|
82
|
+
:param pulumi.Input[str] google_service_account_key: Google service account key in JSON format.
|
83
|
+
:param pulumi.Input[int] local_max_space: The maximum space, in bytes, to use for snapshots.
|
106
84
|
:param pulumi.Input[str] name: `<required>` – Name of the configuration to modify.
|
107
85
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
108
86
|
The value should not contain leading or trailing forward slashes.
|
109
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
87
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
110
88
|
*Available only for Vault Enterprise*.
|
111
89
|
:param pulumi.Input[int] retain: How many snapshots are to be kept; when writing a
|
112
90
|
snapshot, if there are more snapshots already stored than this number, the
|
@@ -223,7 +201,7 @@ class RaftSnapshotAgentConfigArgs:
|
|
223
201
|
@pulumi.getter(name="awsS3Bucket")
|
224
202
|
def aws_s3_bucket(self) -> Optional[pulumi.Input[str]]:
|
225
203
|
"""
|
226
|
-
|
204
|
+
S3 bucket to write snapshots to.
|
227
205
|
"""
|
228
206
|
return pulumi.get(self, "aws_s3_bucket")
|
229
207
|
|
@@ -235,9 +213,7 @@ class RaftSnapshotAgentConfigArgs:
|
|
235
213
|
@pulumi.getter(name="awsS3DisableTls")
|
236
214
|
def aws_s3_disable_tls(self) -> Optional[pulumi.Input[bool]]:
|
237
215
|
"""
|
238
|
-
Disable TLS for the S3 endpoint. This
|
239
|
-
should only be used for testing purposes, typically in conjunction with
|
240
|
-
`aws_s3_endpoint`.
|
216
|
+
Disable TLS for the S3 endpoint. This should only be used for testing purposes.
|
241
217
|
"""
|
242
218
|
return pulumi.get(self, "aws_s3_disable_tls")
|
243
219
|
|
@@ -261,8 +237,7 @@ class RaftSnapshotAgentConfigArgs:
|
|
261
237
|
@pulumi.getter(name="awsS3Endpoint")
|
262
238
|
def aws_s3_endpoint(self) -> Optional[pulumi.Input[str]]:
|
263
239
|
"""
|
264
|
-
AWS endpoint. This is typically only set when
|
265
|
-
using a non-AWS S3 implementation like Minio.
|
240
|
+
AWS endpoint. This is typically only set when using a non-AWS S3 implementation like Minio.
|
266
241
|
"""
|
267
242
|
return pulumi.get(self, "aws_s3_endpoint")
|
268
243
|
|
@@ -274,8 +249,7 @@ class RaftSnapshotAgentConfigArgs:
|
|
274
249
|
@pulumi.getter(name="awsS3ForcePathStyle")
|
275
250
|
def aws_s3_force_path_style(self) -> Optional[pulumi.Input[bool]]:
|
276
251
|
"""
|
277
|
-
Use the endpoint/bucket URL style
|
278
|
-
instead of bucket.endpoint. May be needed when setting `aws_s3_endpoint`.
|
252
|
+
Use the endpoint/bucket URL style instead of bucket.endpoint.
|
279
253
|
"""
|
280
254
|
return pulumi.get(self, "aws_s3_force_path_style")
|
281
255
|
|
@@ -287,7 +261,7 @@ class RaftSnapshotAgentConfigArgs:
|
|
287
261
|
@pulumi.getter(name="awsS3KmsKey")
|
288
262
|
def aws_s3_kms_key(self) -> Optional[pulumi.Input[str]]:
|
289
263
|
"""
|
290
|
-
Use named KMS key, when
|
264
|
+
Use named KMS key, when aws_s3_enable_kms=true
|
291
265
|
"""
|
292
266
|
return pulumi.get(self, "aws_s3_kms_key")
|
293
267
|
|
@@ -299,7 +273,7 @@ class RaftSnapshotAgentConfigArgs:
|
|
299
273
|
@pulumi.getter(name="awsS3Region")
|
300
274
|
def aws_s3_region(self) -> Optional[pulumi.Input[str]]:
|
301
275
|
"""
|
302
|
-
|
276
|
+
AWS region bucket is in.
|
303
277
|
"""
|
304
278
|
return pulumi.get(self, "aws_s3_region")
|
305
279
|
|
@@ -383,8 +357,7 @@ class RaftSnapshotAgentConfigArgs:
|
|
383
357
|
@pulumi.getter(name="azureContainerName")
|
384
358
|
def azure_container_name(self) -> Optional[pulumi.Input[str]]:
|
385
359
|
"""
|
386
|
-
|
387
|
-
snapshots to.
|
360
|
+
Azure container name to write snapshots to.
|
388
361
|
"""
|
389
362
|
return pulumi.get(self, "azure_container_name")
|
390
363
|
|
@@ -396,8 +369,7 @@ class RaftSnapshotAgentConfigArgs:
|
|
396
369
|
@pulumi.getter(name="azureEndpoint")
|
397
370
|
def azure_endpoint(self) -> Optional[pulumi.Input[str]]:
|
398
371
|
"""
|
399
|
-
Azure blob storage endpoint. This is typically
|
400
|
-
only set when using a non-Azure implementation like Azurite.
|
372
|
+
Azure blob storage endpoint. This is typically only set when using a non-Azure implementation like Azurite.
|
401
373
|
"""
|
402
374
|
return pulumi.get(self, "azure_endpoint")
|
403
375
|
|
@@ -423,9 +395,7 @@ class RaftSnapshotAgentConfigArgs:
|
|
423
395
|
@pulumi.getter(name="googleDisableTls")
|
424
396
|
def google_disable_tls(self) -> Optional[pulumi.Input[bool]]:
|
425
397
|
"""
|
426
|
-
Disable TLS for the GCS endpoint.
|
427
|
-
should only be used for testing purposes, typically in conjunction with
|
428
|
-
`google_endpoint`.
|
398
|
+
Disable TLS for the GCS endpoint.
|
429
399
|
"""
|
430
400
|
return pulumi.get(self, "google_disable_tls")
|
431
401
|
|
@@ -437,8 +407,7 @@ class RaftSnapshotAgentConfigArgs:
|
|
437
407
|
@pulumi.getter(name="googleEndpoint")
|
438
408
|
def google_endpoint(self) -> Optional[pulumi.Input[str]]:
|
439
409
|
"""
|
440
|
-
GCS endpoint. This is typically only set when
|
441
|
-
using a non-Google GCS implementation like fake-gcs-server.
|
410
|
+
GCS endpoint. This is typically only set when using a non-Google GCS implementation like fake-gcs-server.
|
442
411
|
"""
|
443
412
|
return pulumi.get(self, "google_endpoint")
|
444
413
|
|
@@ -450,7 +419,7 @@ class RaftSnapshotAgentConfigArgs:
|
|
450
419
|
@pulumi.getter(name="googleGcsBucket")
|
451
420
|
def google_gcs_bucket(self) -> Optional[pulumi.Input[str]]:
|
452
421
|
"""
|
453
|
-
|
422
|
+
GCS bucket to write snapshots to.
|
454
423
|
"""
|
455
424
|
return pulumi.get(self, "google_gcs_bucket")
|
456
425
|
|
@@ -462,23 +431,7 @@ class RaftSnapshotAgentConfigArgs:
|
|
462
431
|
@pulumi.getter(name="googleServiceAccountKey")
|
463
432
|
def google_service_account_key(self) -> Optional[pulumi.Input[str]]:
|
464
433
|
"""
|
465
|
-
Google service account key in JSON format.
|
466
|
-
The raw value looks like this:
|
467
|
-
|
468
|
-
```json
|
469
|
-
{
|
470
|
-
"type": "service_account",
|
471
|
-
"project_id": "project-id",
|
472
|
-
"private_key_id": "key-id",
|
473
|
-
"private_key": "-----BEGIN RSA PRIVATE KEY-----\\nMIIEpQ ... /WZs=\\n-----END RSA PRIVATE KEY-----\\n",
|
474
|
-
"client_email": "service-account-email",
|
475
|
-
"client_id": "client-id",
|
476
|
-
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
|
477
|
-
"token_uri": "https://accounts.google.com/o/oauth2/token",
|
478
|
-
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
|
479
|
-
"client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/service-account-email"
|
480
|
-
}
|
481
|
-
```
|
434
|
+
Google service account key in JSON format.
|
482
435
|
"""
|
483
436
|
return pulumi.get(self, "google_service_account_key")
|
484
437
|
|
@@ -490,9 +443,7 @@ class RaftSnapshotAgentConfigArgs:
|
|
490
443
|
@pulumi.getter(name="localMaxSpace")
|
491
444
|
def local_max_space(self) -> Optional[pulumi.Input[int]]:
|
492
445
|
"""
|
493
|
-
|
494
|
-
space, in bytes, to use for snapshots. Snapshot attempts will fail if there is not enough
|
495
|
-
space left in this allowance.
|
446
|
+
The maximum space, in bytes, to use for snapshots.
|
496
447
|
"""
|
497
448
|
return pulumi.get(self, "local_max_space")
|
498
449
|
|
@@ -518,7 +469,7 @@ class RaftSnapshotAgentConfigArgs:
|
|
518
469
|
"""
|
519
470
|
The namespace to provision the resource in.
|
520
471
|
The value should not contain leading or trailing forward slashes.
|
521
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
472
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
522
473
|
*Available only for Vault Enterprise*.
|
523
474
|
"""
|
524
475
|
return pulumi.get(self, "namespace")
|
@@ -576,61 +527,34 @@ class _RaftSnapshotAgentConfigState:
|
|
576
527
|
"""
|
577
528
|
Input properties used for looking up and filtering RaftSnapshotAgentConfig resources.
|
578
529
|
:param pulumi.Input[str] aws_access_key_id: AWS access key ID.
|
579
|
-
:param pulumi.Input[str] aws_s3_bucket:
|
580
|
-
:param pulumi.Input[bool] aws_s3_disable_tls: Disable TLS for the S3 endpoint. This
|
581
|
-
should only be used for testing purposes, typically in conjunction with
|
582
|
-
`aws_s3_endpoint`.
|
530
|
+
:param pulumi.Input[str] aws_s3_bucket: S3 bucket to write snapshots to.
|
531
|
+
:param pulumi.Input[bool] aws_s3_disable_tls: Disable TLS for the S3 endpoint. This should only be used for testing purposes.
|
583
532
|
:param pulumi.Input[bool] aws_s3_enable_kms: Use KMS to encrypt bucket contents.
|
584
|
-
:param pulumi.Input[str] aws_s3_endpoint: AWS endpoint. This is typically only set when
|
585
|
-
|
586
|
-
:param pulumi.Input[
|
587
|
-
|
588
|
-
:param pulumi.Input[str] aws_s3_kms_key: Use named KMS key, when `aws_s3_enable_kms = true`
|
589
|
-
:param pulumi.Input[str] aws_s3_region: `<required>` - AWS region bucket is in.
|
533
|
+
:param pulumi.Input[str] aws_s3_endpoint: AWS endpoint. This is typically only set when using a non-AWS S3 implementation like Minio.
|
534
|
+
:param pulumi.Input[bool] aws_s3_force_path_style: Use the endpoint/bucket URL style instead of bucket.endpoint.
|
535
|
+
:param pulumi.Input[str] aws_s3_kms_key: Use named KMS key, when aws_s3_enable_kms=true
|
536
|
+
:param pulumi.Input[str] aws_s3_region: AWS region bucket is in.
|
590
537
|
:param pulumi.Input[bool] aws_s3_server_side_encryption: Use AES256 to encrypt bucket contents.
|
591
538
|
:param pulumi.Input[str] aws_secret_access_key: AWS secret access key.
|
592
539
|
:param pulumi.Input[str] aws_session_token: AWS session token.
|
593
540
|
:param pulumi.Input[str] azure_account_key: Azure account key.
|
594
541
|
:param pulumi.Input[str] azure_account_name: Azure account name.
|
595
542
|
:param pulumi.Input[str] azure_blob_environment: Azure blob environment.
|
596
|
-
:param pulumi.Input[str] azure_container_name:
|
597
|
-
|
598
|
-
:param pulumi.Input[str] azure_endpoint: Azure blob storage endpoint. This is typically
|
599
|
-
only set when using a non-Azure implementation like Azurite.
|
543
|
+
:param pulumi.Input[str] azure_container_name: Azure container name to write snapshots to.
|
544
|
+
:param pulumi.Input[str] azure_endpoint: Azure blob storage endpoint. This is typically only set when using a non-Azure implementation like Azurite.
|
600
545
|
:param pulumi.Input[str] file_prefix: Within the directory or bucket
|
601
546
|
prefix given by `path_prefix`, the file or object name of snapshot files
|
602
547
|
will start with this string.
|
603
|
-
:param pulumi.Input[bool] google_disable_tls: Disable TLS for the GCS endpoint.
|
604
|
-
|
605
|
-
|
606
|
-
:param pulumi.Input[str]
|
607
|
-
using a non-Google GCS implementation like fake-gcs-server.
|
608
|
-
:param pulumi.Input[str] google_gcs_bucket: `<required>` - GCS bucket to write snapshots to.
|
609
|
-
:param pulumi.Input[str] google_service_account_key: Google service account key in JSON format.
|
610
|
-
The raw value looks like this:
|
611
|
-
|
612
|
-
```json
|
613
|
-
{
|
614
|
-
"type": "service_account",
|
615
|
-
"project_id": "project-id",
|
616
|
-
"private_key_id": "key-id",
|
617
|
-
"private_key": "-----BEGIN RSA PRIVATE KEY-----\\nMIIEpQ ... /WZs=\\n-----END RSA PRIVATE KEY-----\\n",
|
618
|
-
"client_email": "service-account-email",
|
619
|
-
"client_id": "client-id",
|
620
|
-
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
|
621
|
-
"token_uri": "https://accounts.google.com/o/oauth2/token",
|
622
|
-
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
|
623
|
-
"client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/service-account-email"
|
624
|
-
}
|
625
|
-
```
|
548
|
+
:param pulumi.Input[bool] google_disable_tls: Disable TLS for the GCS endpoint.
|
549
|
+
:param pulumi.Input[str] google_endpoint: GCS endpoint. This is typically only set when using a non-Google GCS implementation like fake-gcs-server.
|
550
|
+
:param pulumi.Input[str] google_gcs_bucket: GCS bucket to write snapshots to.
|
551
|
+
:param pulumi.Input[str] google_service_account_key: Google service account key in JSON format.
|
626
552
|
:param pulumi.Input[int] interval_seconds: `<required>` - Time (in seconds) between snapshots.
|
627
|
-
:param pulumi.Input[int] local_max_space:
|
628
|
-
space, in bytes, to use for snapshots. Snapshot attempts will fail if there is not enough
|
629
|
-
space left in this allowance.
|
553
|
+
:param pulumi.Input[int] local_max_space: The maximum space, in bytes, to use for snapshots.
|
630
554
|
:param pulumi.Input[str] name: `<required>` – Name of the configuration to modify.
|
631
555
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
632
556
|
The value should not contain leading or trailing forward slashes.
|
633
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
557
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
634
558
|
*Available only for Vault Enterprise*.
|
635
559
|
:param pulumi.Input[str] path_prefix: `<required>` - For `storage_type = "local"`, the directory to
|
636
560
|
write the snapshots in. For cloud storage types, the bucket prefix to use.
|
@@ -716,7 +640,7 @@ class _RaftSnapshotAgentConfigState:
|
|
716
640
|
@pulumi.getter(name="awsS3Bucket")
|
717
641
|
def aws_s3_bucket(self) -> Optional[pulumi.Input[str]]:
|
718
642
|
"""
|
719
|
-
|
643
|
+
S3 bucket to write snapshots to.
|
720
644
|
"""
|
721
645
|
return pulumi.get(self, "aws_s3_bucket")
|
722
646
|
|
@@ -728,9 +652,7 @@ class _RaftSnapshotAgentConfigState:
|
|
728
652
|
@pulumi.getter(name="awsS3DisableTls")
|
729
653
|
def aws_s3_disable_tls(self) -> Optional[pulumi.Input[bool]]:
|
730
654
|
"""
|
731
|
-
Disable TLS for the S3 endpoint. This
|
732
|
-
should only be used for testing purposes, typically in conjunction with
|
733
|
-
`aws_s3_endpoint`.
|
655
|
+
Disable TLS for the S3 endpoint. This should only be used for testing purposes.
|
734
656
|
"""
|
735
657
|
return pulumi.get(self, "aws_s3_disable_tls")
|
736
658
|
|
@@ -754,8 +676,7 @@ class _RaftSnapshotAgentConfigState:
|
|
754
676
|
@pulumi.getter(name="awsS3Endpoint")
|
755
677
|
def aws_s3_endpoint(self) -> Optional[pulumi.Input[str]]:
|
756
678
|
"""
|
757
|
-
AWS endpoint. This is typically only set when
|
758
|
-
using a non-AWS S3 implementation like Minio.
|
679
|
+
AWS endpoint. This is typically only set when using a non-AWS S3 implementation like Minio.
|
759
680
|
"""
|
760
681
|
return pulumi.get(self, "aws_s3_endpoint")
|
761
682
|
|
@@ -767,8 +688,7 @@ class _RaftSnapshotAgentConfigState:
|
|
767
688
|
@pulumi.getter(name="awsS3ForcePathStyle")
|
768
689
|
def aws_s3_force_path_style(self) -> Optional[pulumi.Input[bool]]:
|
769
690
|
"""
|
770
|
-
Use the endpoint/bucket URL style
|
771
|
-
instead of bucket.endpoint. May be needed when setting `aws_s3_endpoint`.
|
691
|
+
Use the endpoint/bucket URL style instead of bucket.endpoint.
|
772
692
|
"""
|
773
693
|
return pulumi.get(self, "aws_s3_force_path_style")
|
774
694
|
|
@@ -780,7 +700,7 @@ class _RaftSnapshotAgentConfigState:
|
|
780
700
|
@pulumi.getter(name="awsS3KmsKey")
|
781
701
|
def aws_s3_kms_key(self) -> Optional[pulumi.Input[str]]:
|
782
702
|
"""
|
783
|
-
Use named KMS key, when
|
703
|
+
Use named KMS key, when aws_s3_enable_kms=true
|
784
704
|
"""
|
785
705
|
return pulumi.get(self, "aws_s3_kms_key")
|
786
706
|
|
@@ -792,7 +712,7 @@ class _RaftSnapshotAgentConfigState:
|
|
792
712
|
@pulumi.getter(name="awsS3Region")
|
793
713
|
def aws_s3_region(self) -> Optional[pulumi.Input[str]]:
|
794
714
|
"""
|
795
|
-
|
715
|
+
AWS region bucket is in.
|
796
716
|
"""
|
797
717
|
return pulumi.get(self, "aws_s3_region")
|
798
718
|
|
@@ -876,8 +796,7 @@ class _RaftSnapshotAgentConfigState:
|
|
876
796
|
@pulumi.getter(name="azureContainerName")
|
877
797
|
def azure_container_name(self) -> Optional[pulumi.Input[str]]:
|
878
798
|
"""
|
879
|
-
|
880
|
-
snapshots to.
|
799
|
+
Azure container name to write snapshots to.
|
881
800
|
"""
|
882
801
|
return pulumi.get(self, "azure_container_name")
|
883
802
|
|
@@ -889,8 +808,7 @@ class _RaftSnapshotAgentConfigState:
|
|
889
808
|
@pulumi.getter(name="azureEndpoint")
|
890
809
|
def azure_endpoint(self) -> Optional[pulumi.Input[str]]:
|
891
810
|
"""
|
892
|
-
Azure blob storage endpoint. This is typically
|
893
|
-
only set when using a non-Azure implementation like Azurite.
|
811
|
+
Azure blob storage endpoint. This is typically only set when using a non-Azure implementation like Azurite.
|
894
812
|
"""
|
895
813
|
return pulumi.get(self, "azure_endpoint")
|
896
814
|
|
@@ -916,9 +834,7 @@ class _RaftSnapshotAgentConfigState:
|
|
916
834
|
@pulumi.getter(name="googleDisableTls")
|
917
835
|
def google_disable_tls(self) -> Optional[pulumi.Input[bool]]:
|
918
836
|
"""
|
919
|
-
Disable TLS for the GCS endpoint.
|
920
|
-
should only be used for testing purposes, typically in conjunction with
|
921
|
-
`google_endpoint`.
|
837
|
+
Disable TLS for the GCS endpoint.
|
922
838
|
"""
|
923
839
|
return pulumi.get(self, "google_disable_tls")
|
924
840
|
|
@@ -930,8 +846,7 @@ class _RaftSnapshotAgentConfigState:
|
|
930
846
|
@pulumi.getter(name="googleEndpoint")
|
931
847
|
def google_endpoint(self) -> Optional[pulumi.Input[str]]:
|
932
848
|
"""
|
933
|
-
GCS endpoint. This is typically only set when
|
934
|
-
using a non-Google GCS implementation like fake-gcs-server.
|
849
|
+
GCS endpoint. This is typically only set when using a non-Google GCS implementation like fake-gcs-server.
|
935
850
|
"""
|
936
851
|
return pulumi.get(self, "google_endpoint")
|
937
852
|
|
@@ -943,7 +858,7 @@ class _RaftSnapshotAgentConfigState:
|
|
943
858
|
@pulumi.getter(name="googleGcsBucket")
|
944
859
|
def google_gcs_bucket(self) -> Optional[pulumi.Input[str]]:
|
945
860
|
"""
|
946
|
-
|
861
|
+
GCS bucket to write snapshots to.
|
947
862
|
"""
|
948
863
|
return pulumi.get(self, "google_gcs_bucket")
|
949
864
|
|
@@ -955,23 +870,7 @@ class _RaftSnapshotAgentConfigState:
|
|
955
870
|
@pulumi.getter(name="googleServiceAccountKey")
|
956
871
|
def google_service_account_key(self) -> Optional[pulumi.Input[str]]:
|
957
872
|
"""
|
958
|
-
Google service account key in JSON format.
|
959
|
-
The raw value looks like this:
|
960
|
-
|
961
|
-
```json
|
962
|
-
{
|
963
|
-
"type": "service_account",
|
964
|
-
"project_id": "project-id",
|
965
|
-
"private_key_id": "key-id",
|
966
|
-
"private_key": "-----BEGIN RSA PRIVATE KEY-----\\nMIIEpQ ... /WZs=\\n-----END RSA PRIVATE KEY-----\\n",
|
967
|
-
"client_email": "service-account-email",
|
968
|
-
"client_id": "client-id",
|
969
|
-
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
|
970
|
-
"token_uri": "https://accounts.google.com/o/oauth2/token",
|
971
|
-
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
|
972
|
-
"client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/service-account-email"
|
973
|
-
}
|
974
|
-
```
|
873
|
+
Google service account key in JSON format.
|
975
874
|
"""
|
976
875
|
return pulumi.get(self, "google_service_account_key")
|
977
876
|
|
@@ -995,9 +894,7 @@ class _RaftSnapshotAgentConfigState:
|
|
995
894
|
@pulumi.getter(name="localMaxSpace")
|
996
895
|
def local_max_space(self) -> Optional[pulumi.Input[int]]:
|
997
896
|
"""
|
998
|
-
|
999
|
-
space, in bytes, to use for snapshots. Snapshot attempts will fail if there is not enough
|
1000
|
-
space left in this allowance.
|
897
|
+
The maximum space, in bytes, to use for snapshots.
|
1001
898
|
"""
|
1002
899
|
return pulumi.get(self, "local_max_space")
|
1003
900
|
|
@@ -1023,7 +920,7 @@ class _RaftSnapshotAgentConfigState:
|
|
1023
920
|
"""
|
1024
921
|
The namespace to provision the resource in.
|
1025
922
|
The value should not contain leading or trailing forward slashes.
|
1026
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
923
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
1027
924
|
*Available only for Vault Enterprise*.
|
1028
925
|
"""
|
1029
926
|
return pulumi.get(self, "namespace")
|
@@ -1114,22 +1011,20 @@ class RaftSnapshotAgentConfig(pulumi.CustomResource):
|
|
1114
1011
|
## Example Usage
|
1115
1012
|
|
1116
1013
|
### Local Storage
|
1117
|
-
<!--Start PulumiCodeChooser -->
|
1118
1014
|
```python
|
1119
1015
|
import pulumi
|
1120
1016
|
import pulumi_vault as vault
|
1121
1017
|
|
1122
|
-
local_backups = vault.RaftSnapshotAgentConfig("
|
1018
|
+
local_backups = vault.RaftSnapshotAgentConfig("local_backups",
|
1019
|
+
name="local",
|
1123
1020
|
interval_seconds=86400,
|
1124
|
-
local_max_space=10000000,
|
1125
|
-
path_prefix="/opt/vault/snapshots/",
|
1126
1021
|
retain=7,
|
1127
|
-
|
1022
|
+
path_prefix="/opt/vault/snapshots/",
|
1023
|
+
storage_type="local",
|
1024
|
+
local_max_space=10000000)
|
1128
1025
|
```
|
1129
|
-
<!--End PulumiCodeChooser -->
|
1130
1026
|
|
1131
1027
|
### AWS S3
|
1132
|
-
<!--Start PulumiCodeChooser -->
|
1133
1028
|
```python
|
1134
1029
|
import pulumi
|
1135
1030
|
import pulumi_aws as aws
|
@@ -1139,7 +1034,8 @@ class RaftSnapshotAgentConfig(pulumi.CustomResource):
|
|
1139
1034
|
aws_access_key_id = config.require_object("awsAccessKeyId")
|
1140
1035
|
aws_secret_access_key = config.require_object("awsSecretAccessKey")
|
1141
1036
|
current = aws.get_region()
|
1142
|
-
s3_backups = vault.RaftSnapshotAgentConfig("
|
1037
|
+
s3_backups = vault.RaftSnapshotAgentConfig("s3_backups",
|
1038
|
+
name="s3",
|
1143
1039
|
interval_seconds=86400,
|
1144
1040
|
retain=7,
|
1145
1041
|
path_prefix="/path/in/bucket",
|
@@ -1150,11 +1046,9 @@ class RaftSnapshotAgentConfig(pulumi.CustomResource):
|
|
1150
1046
|
aws_secret_access_key=aws_secret_access_key,
|
1151
1047
|
aws_s3_enable_kms=True)
|
1152
1048
|
```
|
1153
|
-
<!--End PulumiCodeChooser -->
|
1154
1049
|
|
1155
1050
|
### Azure BLOB
|
1156
1051
|
|
1157
|
-
<!--Start PulumiCodeChooser -->
|
1158
1052
|
```python
|
1159
1053
|
import pulumi
|
1160
1054
|
import pulumi_vault as vault
|
@@ -1162,7 +1056,8 @@ class RaftSnapshotAgentConfig(pulumi.CustomResource):
|
|
1162
1056
|
config = pulumi.Config()
|
1163
1057
|
azure_account_name = config.require_object("azureAccountName")
|
1164
1058
|
azure_account_key = config.require_object("azureAccountKey")
|
1165
|
-
azure_backups = vault.RaftSnapshotAgentConfig("
|
1059
|
+
azure_backups = vault.RaftSnapshotAgentConfig("azure_backups",
|
1060
|
+
name="azure_backup",
|
1166
1061
|
interval_seconds=86400,
|
1167
1062
|
retain=7,
|
1168
1063
|
path_prefix="/",
|
@@ -1171,7 +1066,6 @@ class RaftSnapshotAgentConfig(pulumi.CustomResource):
|
|
1171
1066
|
azure_account_name=azure_account_name,
|
1172
1067
|
azure_account_key=azure_account_key)
|
1173
1068
|
```
|
1174
|
-
<!--End PulumiCodeChooser -->
|
1175
1069
|
|
1176
1070
|
## Import
|
1177
1071
|
|
@@ -1184,61 +1078,34 @@ class RaftSnapshotAgentConfig(pulumi.CustomResource):
|
|
1184
1078
|
:param str resource_name: The name of the resource.
|
1185
1079
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
1186
1080
|
:param pulumi.Input[str] aws_access_key_id: AWS access key ID.
|
1187
|
-
:param pulumi.Input[str] aws_s3_bucket:
|
1188
|
-
:param pulumi.Input[bool] aws_s3_disable_tls: Disable TLS for the S3 endpoint. This
|
1189
|
-
should only be used for testing purposes, typically in conjunction with
|
1190
|
-
`aws_s3_endpoint`.
|
1081
|
+
:param pulumi.Input[str] aws_s3_bucket: S3 bucket to write snapshots to.
|
1082
|
+
:param pulumi.Input[bool] aws_s3_disable_tls: Disable TLS for the S3 endpoint. This should only be used for testing purposes.
|
1191
1083
|
:param pulumi.Input[bool] aws_s3_enable_kms: Use KMS to encrypt bucket contents.
|
1192
|
-
:param pulumi.Input[str] aws_s3_endpoint: AWS endpoint. This is typically only set when
|
1193
|
-
|
1194
|
-
:param pulumi.Input[
|
1195
|
-
|
1196
|
-
:param pulumi.Input[str] aws_s3_kms_key: Use named KMS key, when `aws_s3_enable_kms = true`
|
1197
|
-
:param pulumi.Input[str] aws_s3_region: `<required>` - AWS region bucket is in.
|
1084
|
+
:param pulumi.Input[str] aws_s3_endpoint: AWS endpoint. This is typically only set when using a non-AWS S3 implementation like Minio.
|
1085
|
+
:param pulumi.Input[bool] aws_s3_force_path_style: Use the endpoint/bucket URL style instead of bucket.endpoint.
|
1086
|
+
:param pulumi.Input[str] aws_s3_kms_key: Use named KMS key, when aws_s3_enable_kms=true
|
1087
|
+
:param pulumi.Input[str] aws_s3_region: AWS region bucket is in.
|
1198
1088
|
:param pulumi.Input[bool] aws_s3_server_side_encryption: Use AES256 to encrypt bucket contents.
|
1199
1089
|
:param pulumi.Input[str] aws_secret_access_key: AWS secret access key.
|
1200
1090
|
:param pulumi.Input[str] aws_session_token: AWS session token.
|
1201
1091
|
:param pulumi.Input[str] azure_account_key: Azure account key.
|
1202
1092
|
:param pulumi.Input[str] azure_account_name: Azure account name.
|
1203
1093
|
:param pulumi.Input[str] azure_blob_environment: Azure blob environment.
|
1204
|
-
:param pulumi.Input[str] azure_container_name:
|
1205
|
-
|
1206
|
-
:param pulumi.Input[str] azure_endpoint: Azure blob storage endpoint. This is typically
|
1207
|
-
only set when using a non-Azure implementation like Azurite.
|
1094
|
+
:param pulumi.Input[str] azure_container_name: Azure container name to write snapshots to.
|
1095
|
+
:param pulumi.Input[str] azure_endpoint: Azure blob storage endpoint. This is typically only set when using a non-Azure implementation like Azurite.
|
1208
1096
|
:param pulumi.Input[str] file_prefix: Within the directory or bucket
|
1209
1097
|
prefix given by `path_prefix`, the file or object name of snapshot files
|
1210
1098
|
will start with this string.
|
1211
|
-
:param pulumi.Input[bool] google_disable_tls: Disable TLS for the GCS endpoint.
|
1212
|
-
|
1213
|
-
|
1214
|
-
:param pulumi.Input[str]
|
1215
|
-
using a non-Google GCS implementation like fake-gcs-server.
|
1216
|
-
:param pulumi.Input[str] google_gcs_bucket: `<required>` - GCS bucket to write snapshots to.
|
1217
|
-
:param pulumi.Input[str] google_service_account_key: Google service account key in JSON format.
|
1218
|
-
The raw value looks like this:
|
1219
|
-
|
1220
|
-
```json
|
1221
|
-
{
|
1222
|
-
"type": "service_account",
|
1223
|
-
"project_id": "project-id",
|
1224
|
-
"private_key_id": "key-id",
|
1225
|
-
"private_key": "-----BEGIN RSA PRIVATE KEY-----\\nMIIEpQ ... /WZs=\\n-----END RSA PRIVATE KEY-----\\n",
|
1226
|
-
"client_email": "service-account-email",
|
1227
|
-
"client_id": "client-id",
|
1228
|
-
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
|
1229
|
-
"token_uri": "https://accounts.google.com/o/oauth2/token",
|
1230
|
-
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
|
1231
|
-
"client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/service-account-email"
|
1232
|
-
}
|
1233
|
-
```
|
1099
|
+
:param pulumi.Input[bool] google_disable_tls: Disable TLS for the GCS endpoint.
|
1100
|
+
:param pulumi.Input[str] google_endpoint: GCS endpoint. This is typically only set when using a non-Google GCS implementation like fake-gcs-server.
|
1101
|
+
:param pulumi.Input[str] google_gcs_bucket: GCS bucket to write snapshots to.
|
1102
|
+
:param pulumi.Input[str] google_service_account_key: Google service account key in JSON format.
|
1234
1103
|
:param pulumi.Input[int] interval_seconds: `<required>` - Time (in seconds) between snapshots.
|
1235
|
-
:param pulumi.Input[int] local_max_space:
|
1236
|
-
space, in bytes, to use for snapshots. Snapshot attempts will fail if there is not enough
|
1237
|
-
space left in this allowance.
|
1104
|
+
:param pulumi.Input[int] local_max_space: The maximum space, in bytes, to use for snapshots.
|
1238
1105
|
:param pulumi.Input[str] name: `<required>` – Name of the configuration to modify.
|
1239
1106
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
1240
1107
|
The value should not contain leading or trailing forward slashes.
|
1241
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
1108
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
1242
1109
|
*Available only for Vault Enterprise*.
|
1243
1110
|
:param pulumi.Input[str] path_prefix: `<required>` - For `storage_type = "local"`, the directory to
|
1244
1111
|
write the snapshots in. For cloud storage types, the bucket prefix to use.
|
@@ -1261,22 +1128,20 @@ class RaftSnapshotAgentConfig(pulumi.CustomResource):
|
|
1261
1128
|
## Example Usage
|
1262
1129
|
|
1263
1130
|
### Local Storage
|
1264
|
-
<!--Start PulumiCodeChooser -->
|
1265
1131
|
```python
|
1266
1132
|
import pulumi
|
1267
1133
|
import pulumi_vault as vault
|
1268
1134
|
|
1269
|
-
local_backups = vault.RaftSnapshotAgentConfig("
|
1135
|
+
local_backups = vault.RaftSnapshotAgentConfig("local_backups",
|
1136
|
+
name="local",
|
1270
1137
|
interval_seconds=86400,
|
1271
|
-
local_max_space=10000000,
|
1272
|
-
path_prefix="/opt/vault/snapshots/",
|
1273
1138
|
retain=7,
|
1274
|
-
|
1139
|
+
path_prefix="/opt/vault/snapshots/",
|
1140
|
+
storage_type="local",
|
1141
|
+
local_max_space=10000000)
|
1275
1142
|
```
|
1276
|
-
<!--End PulumiCodeChooser -->
|
1277
1143
|
|
1278
1144
|
### AWS S3
|
1279
|
-
<!--Start PulumiCodeChooser -->
|
1280
1145
|
```python
|
1281
1146
|
import pulumi
|
1282
1147
|
import pulumi_aws as aws
|
@@ -1286,7 +1151,8 @@ class RaftSnapshotAgentConfig(pulumi.CustomResource):
|
|
1286
1151
|
aws_access_key_id = config.require_object("awsAccessKeyId")
|
1287
1152
|
aws_secret_access_key = config.require_object("awsSecretAccessKey")
|
1288
1153
|
current = aws.get_region()
|
1289
|
-
s3_backups = vault.RaftSnapshotAgentConfig("
|
1154
|
+
s3_backups = vault.RaftSnapshotAgentConfig("s3_backups",
|
1155
|
+
name="s3",
|
1290
1156
|
interval_seconds=86400,
|
1291
1157
|
retain=7,
|
1292
1158
|
path_prefix="/path/in/bucket",
|
@@ -1297,11 +1163,9 @@ class RaftSnapshotAgentConfig(pulumi.CustomResource):
|
|
1297
1163
|
aws_secret_access_key=aws_secret_access_key,
|
1298
1164
|
aws_s3_enable_kms=True)
|
1299
1165
|
```
|
1300
|
-
<!--End PulumiCodeChooser -->
|
1301
1166
|
|
1302
1167
|
### Azure BLOB
|
1303
1168
|
|
1304
|
-
<!--Start PulumiCodeChooser -->
|
1305
1169
|
```python
|
1306
1170
|
import pulumi
|
1307
1171
|
import pulumi_vault as vault
|
@@ -1309,7 +1173,8 @@ class RaftSnapshotAgentConfig(pulumi.CustomResource):
|
|
1309
1173
|
config = pulumi.Config()
|
1310
1174
|
azure_account_name = config.require_object("azureAccountName")
|
1311
1175
|
azure_account_key = config.require_object("azureAccountKey")
|
1312
|
-
azure_backups = vault.RaftSnapshotAgentConfig("
|
1176
|
+
azure_backups = vault.RaftSnapshotAgentConfig("azure_backups",
|
1177
|
+
name="azure_backup",
|
1313
1178
|
interval_seconds=86400,
|
1314
1179
|
retain=7,
|
1315
1180
|
path_prefix="/",
|
@@ -1318,7 +1183,6 @@ class RaftSnapshotAgentConfig(pulumi.CustomResource):
|
|
1318
1183
|
azure_account_name=azure_account_name,
|
1319
1184
|
azure_account_key=azure_account_key)
|
1320
1185
|
```
|
1321
|
-
<!--End PulumiCodeChooser -->
|
1322
1186
|
|
1323
1187
|
## Import
|
1324
1188
|
|
@@ -1460,61 +1324,34 @@ class RaftSnapshotAgentConfig(pulumi.CustomResource):
|
|
1460
1324
|
:param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
|
1461
1325
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
1462
1326
|
:param pulumi.Input[str] aws_access_key_id: AWS access key ID.
|
1463
|
-
:param pulumi.Input[str] aws_s3_bucket:
|
1464
|
-
:param pulumi.Input[bool] aws_s3_disable_tls: Disable TLS for the S3 endpoint. This
|
1465
|
-
should only be used for testing purposes, typically in conjunction with
|
1466
|
-
`aws_s3_endpoint`.
|
1327
|
+
:param pulumi.Input[str] aws_s3_bucket: S3 bucket to write snapshots to.
|
1328
|
+
:param pulumi.Input[bool] aws_s3_disable_tls: Disable TLS for the S3 endpoint. This should only be used for testing purposes.
|
1467
1329
|
:param pulumi.Input[bool] aws_s3_enable_kms: Use KMS to encrypt bucket contents.
|
1468
|
-
:param pulumi.Input[str] aws_s3_endpoint: AWS endpoint. This is typically only set when
|
1469
|
-
|
1470
|
-
:param pulumi.Input[
|
1471
|
-
|
1472
|
-
:param pulumi.Input[str] aws_s3_kms_key: Use named KMS key, when `aws_s3_enable_kms = true`
|
1473
|
-
:param pulumi.Input[str] aws_s3_region: `<required>` - AWS region bucket is in.
|
1330
|
+
:param pulumi.Input[str] aws_s3_endpoint: AWS endpoint. This is typically only set when using a non-AWS S3 implementation like Minio.
|
1331
|
+
:param pulumi.Input[bool] aws_s3_force_path_style: Use the endpoint/bucket URL style instead of bucket.endpoint.
|
1332
|
+
:param pulumi.Input[str] aws_s3_kms_key: Use named KMS key, when aws_s3_enable_kms=true
|
1333
|
+
:param pulumi.Input[str] aws_s3_region: AWS region bucket is in.
|
1474
1334
|
:param pulumi.Input[bool] aws_s3_server_side_encryption: Use AES256 to encrypt bucket contents.
|
1475
1335
|
:param pulumi.Input[str] aws_secret_access_key: AWS secret access key.
|
1476
1336
|
:param pulumi.Input[str] aws_session_token: AWS session token.
|
1477
1337
|
:param pulumi.Input[str] azure_account_key: Azure account key.
|
1478
1338
|
:param pulumi.Input[str] azure_account_name: Azure account name.
|
1479
1339
|
:param pulumi.Input[str] azure_blob_environment: Azure blob environment.
|
1480
|
-
:param pulumi.Input[str] azure_container_name:
|
1481
|
-
|
1482
|
-
:param pulumi.Input[str] azure_endpoint: Azure blob storage endpoint. This is typically
|
1483
|
-
only set when using a non-Azure implementation like Azurite.
|
1340
|
+
:param pulumi.Input[str] azure_container_name: Azure container name to write snapshots to.
|
1341
|
+
:param pulumi.Input[str] azure_endpoint: Azure blob storage endpoint. This is typically only set when using a non-Azure implementation like Azurite.
|
1484
1342
|
:param pulumi.Input[str] file_prefix: Within the directory or bucket
|
1485
1343
|
prefix given by `path_prefix`, the file or object name of snapshot files
|
1486
1344
|
will start with this string.
|
1487
|
-
:param pulumi.Input[bool] google_disable_tls: Disable TLS for the GCS endpoint.
|
1488
|
-
|
1489
|
-
|
1490
|
-
:param pulumi.Input[str]
|
1491
|
-
using a non-Google GCS implementation like fake-gcs-server.
|
1492
|
-
:param pulumi.Input[str] google_gcs_bucket: `<required>` - GCS bucket to write snapshots to.
|
1493
|
-
:param pulumi.Input[str] google_service_account_key: Google service account key in JSON format.
|
1494
|
-
The raw value looks like this:
|
1495
|
-
|
1496
|
-
```json
|
1497
|
-
{
|
1498
|
-
"type": "service_account",
|
1499
|
-
"project_id": "project-id",
|
1500
|
-
"private_key_id": "key-id",
|
1501
|
-
"private_key": "-----BEGIN RSA PRIVATE KEY-----\\nMIIEpQ ... /WZs=\\n-----END RSA PRIVATE KEY-----\\n",
|
1502
|
-
"client_email": "service-account-email",
|
1503
|
-
"client_id": "client-id",
|
1504
|
-
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
|
1505
|
-
"token_uri": "https://accounts.google.com/o/oauth2/token",
|
1506
|
-
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
|
1507
|
-
"client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/service-account-email"
|
1508
|
-
}
|
1509
|
-
```
|
1345
|
+
:param pulumi.Input[bool] google_disable_tls: Disable TLS for the GCS endpoint.
|
1346
|
+
:param pulumi.Input[str] google_endpoint: GCS endpoint. This is typically only set when using a non-Google GCS implementation like fake-gcs-server.
|
1347
|
+
:param pulumi.Input[str] google_gcs_bucket: GCS bucket to write snapshots to.
|
1348
|
+
:param pulumi.Input[str] google_service_account_key: Google service account key in JSON format.
|
1510
1349
|
:param pulumi.Input[int] interval_seconds: `<required>` - Time (in seconds) between snapshots.
|
1511
|
-
:param pulumi.Input[int] local_max_space:
|
1512
|
-
space, in bytes, to use for snapshots. Snapshot attempts will fail if there is not enough
|
1513
|
-
space left in this allowance.
|
1350
|
+
:param pulumi.Input[int] local_max_space: The maximum space, in bytes, to use for snapshots.
|
1514
1351
|
:param pulumi.Input[str] name: `<required>` – Name of the configuration to modify.
|
1515
1352
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
1516
1353
|
The value should not contain leading or trailing forward slashes.
|
1517
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
1354
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
1518
1355
|
*Available only for Vault Enterprise*.
|
1519
1356
|
:param pulumi.Input[str] path_prefix: `<required>` - For `storage_type = "local"`, the directory to
|
1520
1357
|
write the snapshots in. For cloud storage types, the bucket prefix to use.
|
@@ -1573,7 +1410,7 @@ class RaftSnapshotAgentConfig(pulumi.CustomResource):
|
|
1573
1410
|
@pulumi.getter(name="awsS3Bucket")
|
1574
1411
|
def aws_s3_bucket(self) -> pulumi.Output[Optional[str]]:
|
1575
1412
|
"""
|
1576
|
-
|
1413
|
+
S3 bucket to write snapshots to.
|
1577
1414
|
"""
|
1578
1415
|
return pulumi.get(self, "aws_s3_bucket")
|
1579
1416
|
|
@@ -1581,9 +1418,7 @@ class RaftSnapshotAgentConfig(pulumi.CustomResource):
|
|
1581
1418
|
@pulumi.getter(name="awsS3DisableTls")
|
1582
1419
|
def aws_s3_disable_tls(self) -> pulumi.Output[Optional[bool]]:
|
1583
1420
|
"""
|
1584
|
-
Disable TLS for the S3 endpoint. This
|
1585
|
-
should only be used for testing purposes, typically in conjunction with
|
1586
|
-
`aws_s3_endpoint`.
|
1421
|
+
Disable TLS for the S3 endpoint. This should only be used for testing purposes.
|
1587
1422
|
"""
|
1588
1423
|
return pulumi.get(self, "aws_s3_disable_tls")
|
1589
1424
|
|
@@ -1599,8 +1434,7 @@ class RaftSnapshotAgentConfig(pulumi.CustomResource):
|
|
1599
1434
|
@pulumi.getter(name="awsS3Endpoint")
|
1600
1435
|
def aws_s3_endpoint(self) -> pulumi.Output[Optional[str]]:
|
1601
1436
|
"""
|
1602
|
-
AWS endpoint. This is typically only set when
|
1603
|
-
using a non-AWS S3 implementation like Minio.
|
1437
|
+
AWS endpoint. This is typically only set when using a non-AWS S3 implementation like Minio.
|
1604
1438
|
"""
|
1605
1439
|
return pulumi.get(self, "aws_s3_endpoint")
|
1606
1440
|
|
@@ -1608,8 +1442,7 @@ class RaftSnapshotAgentConfig(pulumi.CustomResource):
|
|
1608
1442
|
@pulumi.getter(name="awsS3ForcePathStyle")
|
1609
1443
|
def aws_s3_force_path_style(self) -> pulumi.Output[Optional[bool]]:
|
1610
1444
|
"""
|
1611
|
-
Use the endpoint/bucket URL style
|
1612
|
-
instead of bucket.endpoint. May be needed when setting `aws_s3_endpoint`.
|
1445
|
+
Use the endpoint/bucket URL style instead of bucket.endpoint.
|
1613
1446
|
"""
|
1614
1447
|
return pulumi.get(self, "aws_s3_force_path_style")
|
1615
1448
|
|
@@ -1617,7 +1450,7 @@ class RaftSnapshotAgentConfig(pulumi.CustomResource):
|
|
1617
1450
|
@pulumi.getter(name="awsS3KmsKey")
|
1618
1451
|
def aws_s3_kms_key(self) -> pulumi.Output[Optional[str]]:
|
1619
1452
|
"""
|
1620
|
-
Use named KMS key, when
|
1453
|
+
Use named KMS key, when aws_s3_enable_kms=true
|
1621
1454
|
"""
|
1622
1455
|
return pulumi.get(self, "aws_s3_kms_key")
|
1623
1456
|
|
@@ -1625,7 +1458,7 @@ class RaftSnapshotAgentConfig(pulumi.CustomResource):
|
|
1625
1458
|
@pulumi.getter(name="awsS3Region")
|
1626
1459
|
def aws_s3_region(self) -> pulumi.Output[Optional[str]]:
|
1627
1460
|
"""
|
1628
|
-
|
1461
|
+
AWS region bucket is in.
|
1629
1462
|
"""
|
1630
1463
|
return pulumi.get(self, "aws_s3_region")
|
1631
1464
|
|
@@ -1681,8 +1514,7 @@ class RaftSnapshotAgentConfig(pulumi.CustomResource):
|
|
1681
1514
|
@pulumi.getter(name="azureContainerName")
|
1682
1515
|
def azure_container_name(self) -> pulumi.Output[Optional[str]]:
|
1683
1516
|
"""
|
1684
|
-
|
1685
|
-
snapshots to.
|
1517
|
+
Azure container name to write snapshots to.
|
1686
1518
|
"""
|
1687
1519
|
return pulumi.get(self, "azure_container_name")
|
1688
1520
|
|
@@ -1690,8 +1522,7 @@ class RaftSnapshotAgentConfig(pulumi.CustomResource):
|
|
1690
1522
|
@pulumi.getter(name="azureEndpoint")
|
1691
1523
|
def azure_endpoint(self) -> pulumi.Output[Optional[str]]:
|
1692
1524
|
"""
|
1693
|
-
Azure blob storage endpoint. This is typically
|
1694
|
-
only set when using a non-Azure implementation like Azurite.
|
1525
|
+
Azure blob storage endpoint. This is typically only set when using a non-Azure implementation like Azurite.
|
1695
1526
|
"""
|
1696
1527
|
return pulumi.get(self, "azure_endpoint")
|
1697
1528
|
|
@@ -1709,9 +1540,7 @@ class RaftSnapshotAgentConfig(pulumi.CustomResource):
|
|
1709
1540
|
@pulumi.getter(name="googleDisableTls")
|
1710
1541
|
def google_disable_tls(self) -> pulumi.Output[Optional[bool]]:
|
1711
1542
|
"""
|
1712
|
-
Disable TLS for the GCS endpoint.
|
1713
|
-
should only be used for testing purposes, typically in conjunction with
|
1714
|
-
`google_endpoint`.
|
1543
|
+
Disable TLS for the GCS endpoint.
|
1715
1544
|
"""
|
1716
1545
|
return pulumi.get(self, "google_disable_tls")
|
1717
1546
|
|
@@ -1719,8 +1548,7 @@ class RaftSnapshotAgentConfig(pulumi.CustomResource):
|
|
1719
1548
|
@pulumi.getter(name="googleEndpoint")
|
1720
1549
|
def google_endpoint(self) -> pulumi.Output[Optional[str]]:
|
1721
1550
|
"""
|
1722
|
-
GCS endpoint. This is typically only set when
|
1723
|
-
using a non-Google GCS implementation like fake-gcs-server.
|
1551
|
+
GCS endpoint. This is typically only set when using a non-Google GCS implementation like fake-gcs-server.
|
1724
1552
|
"""
|
1725
1553
|
return pulumi.get(self, "google_endpoint")
|
1726
1554
|
|
@@ -1728,7 +1556,7 @@ class RaftSnapshotAgentConfig(pulumi.CustomResource):
|
|
1728
1556
|
@pulumi.getter(name="googleGcsBucket")
|
1729
1557
|
def google_gcs_bucket(self) -> pulumi.Output[Optional[str]]:
|
1730
1558
|
"""
|
1731
|
-
|
1559
|
+
GCS bucket to write snapshots to.
|
1732
1560
|
"""
|
1733
1561
|
return pulumi.get(self, "google_gcs_bucket")
|
1734
1562
|
|
@@ -1736,23 +1564,7 @@ class RaftSnapshotAgentConfig(pulumi.CustomResource):
|
|
1736
1564
|
@pulumi.getter(name="googleServiceAccountKey")
|
1737
1565
|
def google_service_account_key(self) -> pulumi.Output[Optional[str]]:
|
1738
1566
|
"""
|
1739
|
-
Google service account key in JSON format.
|
1740
|
-
The raw value looks like this:
|
1741
|
-
|
1742
|
-
```json
|
1743
|
-
{
|
1744
|
-
"type": "service_account",
|
1745
|
-
"project_id": "project-id",
|
1746
|
-
"private_key_id": "key-id",
|
1747
|
-
"private_key": "-----BEGIN RSA PRIVATE KEY-----\\nMIIEpQ ... /WZs=\\n-----END RSA PRIVATE KEY-----\\n",
|
1748
|
-
"client_email": "service-account-email",
|
1749
|
-
"client_id": "client-id",
|
1750
|
-
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
|
1751
|
-
"token_uri": "https://accounts.google.com/o/oauth2/token",
|
1752
|
-
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
|
1753
|
-
"client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/service-account-email"
|
1754
|
-
}
|
1755
|
-
```
|
1567
|
+
Google service account key in JSON format.
|
1756
1568
|
"""
|
1757
1569
|
return pulumi.get(self, "google_service_account_key")
|
1758
1570
|
|
@@ -1768,9 +1580,7 @@ class RaftSnapshotAgentConfig(pulumi.CustomResource):
|
|
1768
1580
|
@pulumi.getter(name="localMaxSpace")
|
1769
1581
|
def local_max_space(self) -> pulumi.Output[Optional[int]]:
|
1770
1582
|
"""
|
1771
|
-
|
1772
|
-
space, in bytes, to use for snapshots. Snapshot attempts will fail if there is not enough
|
1773
|
-
space left in this allowance.
|
1583
|
+
The maximum space, in bytes, to use for snapshots.
|
1774
1584
|
"""
|
1775
1585
|
return pulumi.get(self, "local_max_space")
|
1776
1586
|
|
@@ -1788,7 +1598,7 @@ class RaftSnapshotAgentConfig(pulumi.CustomResource):
|
|
1788
1598
|
"""
|
1789
1599
|
The namespace to provision the resource in.
|
1790
1600
|
The value should not contain leading or trailing forward slashes.
|
1791
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
1601
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
1792
1602
|
*Available only for Vault Enterprise*.
|
1793
1603
|
"""
|
1794
1604
|
return pulumi.get(self, "namespace")
|