pulumi-vault 5.21.0a1710160723__py3-none-any.whl → 6.5.0a1736850018__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +52 -0
- pulumi_vault/_inputs.py +560 -0
- pulumi_vault/_utilities.py +41 -5
- pulumi_vault/ad/get_access_credentials.py +22 -7
- pulumi_vault/ad/secret_backend.py +14 -144
- pulumi_vault/ad/secret_library.py +14 -11
- pulumi_vault/ad/secret_role.py +12 -11
- pulumi_vault/alicloud/auth_backend_role.py +74 -192
- pulumi_vault/approle/auth_backend_login.py +12 -11
- pulumi_vault/approle/auth_backend_role.py +75 -193
- pulumi_vault/approle/auth_backend_role_secret_id.py +106 -11
- pulumi_vault/approle/get_auth_backend_role_id.py +18 -9
- pulumi_vault/audit.py +24 -27
- pulumi_vault/audit_request_header.py +11 -6
- pulumi_vault/auth_backend.py +64 -12
- pulumi_vault/aws/auth_backend_cert.py +12 -7
- pulumi_vault/aws/auth_backend_client.py +265 -24
- pulumi_vault/aws/auth_backend_config_identity.py +12 -11
- pulumi_vault/aws/auth_backend_identity_whitelist.py +18 -17
- pulumi_vault/aws/auth_backend_login.py +19 -22
- pulumi_vault/aws/auth_backend_role.py +75 -193
- pulumi_vault/aws/auth_backend_role_tag.py +12 -7
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -17
- pulumi_vault/aws/auth_backend_sts_role.py +12 -11
- pulumi_vault/aws/get_access_credentials.py +34 -7
- pulumi_vault/aws/get_static_access_credentials.py +19 -5
- pulumi_vault/aws/secret_backend.py +75 -7
- pulumi_vault/aws/secret_backend_role.py +183 -11
- pulumi_vault/aws/secret_backend_static_role.py +14 -11
- pulumi_vault/azure/_inputs.py +24 -0
- pulumi_vault/azure/auth_backend_config.py +151 -17
- pulumi_vault/azure/auth_backend_role.py +75 -193
- pulumi_vault/azure/backend.py +223 -29
- pulumi_vault/azure/backend_role.py +42 -41
- pulumi_vault/azure/get_access_credentials.py +39 -11
- pulumi_vault/azure/outputs.py +5 -0
- pulumi_vault/cert_auth_backend_role.py +87 -271
- pulumi_vault/config/__init__.pyi +5 -0
- pulumi_vault/config/_inputs.py +73 -0
- pulumi_vault/config/outputs.py +35 -0
- pulumi_vault/config/ui_custom_message.py +529 -0
- pulumi_vault/config/vars.py +5 -0
- pulumi_vault/consul/secret_backend.py +22 -25
- pulumi_vault/consul/secret_backend_role.py +14 -80
- pulumi_vault/database/_inputs.py +2770 -881
- pulumi_vault/database/outputs.py +721 -838
- pulumi_vault/database/secret_backend_connection.py +117 -114
- pulumi_vault/database/secret_backend_role.py +29 -24
- pulumi_vault/database/secret_backend_static_role.py +85 -15
- pulumi_vault/database/secrets_mount.py +425 -138
- pulumi_vault/egp_policy.py +16 -15
- pulumi_vault/gcp/_inputs.py +111 -0
- pulumi_vault/gcp/auth_backend.py +248 -35
- pulumi_vault/gcp/auth_backend_role.py +75 -271
- pulumi_vault/gcp/get_auth_backend_role.py +43 -9
- pulumi_vault/gcp/outputs.py +5 -0
- pulumi_vault/gcp/secret_backend.py +287 -16
- pulumi_vault/gcp/secret_impersonated_account.py +74 -17
- pulumi_vault/gcp/secret_roleset.py +29 -26
- pulumi_vault/gcp/secret_static_account.py +37 -34
- pulumi_vault/generic/endpoint.py +22 -21
- pulumi_vault/generic/get_secret.py +68 -12
- pulumi_vault/generic/secret.py +19 -14
- pulumi_vault/get_auth_backend.py +24 -11
- pulumi_vault/get_auth_backends.py +33 -11
- pulumi_vault/get_namespace.py +226 -0
- pulumi_vault/get_namespaces.py +153 -0
- pulumi_vault/get_nomad_access_token.py +31 -15
- pulumi_vault/get_policy_document.py +34 -23
- pulumi_vault/get_raft_autopilot_state.py +29 -14
- pulumi_vault/github/_inputs.py +55 -0
- pulumi_vault/github/auth_backend.py +17 -16
- pulumi_vault/github/outputs.py +5 -0
- pulumi_vault/github/team.py +14 -13
- pulumi_vault/github/user.py +14 -13
- pulumi_vault/identity/entity.py +18 -15
- pulumi_vault/identity/entity_alias.py +18 -15
- pulumi_vault/identity/entity_policies.py +24 -19
- pulumi_vault/identity/get_entity.py +40 -14
- pulumi_vault/identity/get_group.py +45 -13
- pulumi_vault/identity/get_oidc_client_creds.py +21 -11
- pulumi_vault/identity/get_oidc_openid_config.py +39 -13
- pulumi_vault/identity/get_oidc_public_keys.py +29 -14
- pulumi_vault/identity/group.py +50 -49
- pulumi_vault/identity/group_alias.py +14 -11
- pulumi_vault/identity/group_member_entity_ids.py +24 -74
- pulumi_vault/identity/group_member_group_ids.py +36 -27
- pulumi_vault/identity/group_policies.py +16 -15
- pulumi_vault/identity/mfa_duo.py +9 -8
- pulumi_vault/identity/mfa_login_enforcement.py +13 -8
- pulumi_vault/identity/mfa_okta.py +9 -8
- pulumi_vault/identity/mfa_pingid.py +5 -4
- pulumi_vault/identity/mfa_totp.py +5 -4
- pulumi_vault/identity/oidc.py +12 -11
- pulumi_vault/identity/oidc_assignment.py +22 -13
- pulumi_vault/identity/oidc_client.py +34 -25
- pulumi_vault/identity/oidc_key.py +28 -19
- pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -19
- pulumi_vault/identity/oidc_provider.py +34 -23
- pulumi_vault/identity/oidc_role.py +40 -27
- pulumi_vault/identity/oidc_scope.py +18 -15
- pulumi_vault/identity/outputs.py +8 -3
- pulumi_vault/jwt/_inputs.py +55 -0
- pulumi_vault/jwt/auth_backend.py +39 -46
- pulumi_vault/jwt/auth_backend_role.py +131 -260
- pulumi_vault/jwt/outputs.py +5 -0
- pulumi_vault/kmip/secret_backend.py +22 -21
- pulumi_vault/kmip/secret_role.py +12 -11
- pulumi_vault/kmip/secret_scope.py +12 -11
- pulumi_vault/kubernetes/auth_backend_config.py +55 -7
- pulumi_vault/kubernetes/auth_backend_role.py +68 -179
- pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
- pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
- pulumi_vault/kubernetes/get_service_account_token.py +39 -15
- pulumi_vault/kubernetes/secret_backend.py +314 -29
- pulumi_vault/kubernetes/secret_backend_role.py +135 -56
- pulumi_vault/kv/_inputs.py +36 -4
- pulumi_vault/kv/get_secret.py +23 -12
- pulumi_vault/kv/get_secret_subkeys_v2.py +31 -14
- pulumi_vault/kv/get_secret_v2.py +89 -9
- pulumi_vault/kv/get_secrets_list.py +22 -15
- pulumi_vault/kv/get_secrets_list_v2.py +35 -19
- pulumi_vault/kv/outputs.py +8 -3
- pulumi_vault/kv/secret.py +19 -18
- pulumi_vault/kv/secret_backend_v2.py +12 -11
- pulumi_vault/kv/secret_v2.py +55 -52
- pulumi_vault/ldap/auth_backend.py +125 -168
- pulumi_vault/ldap/auth_backend_group.py +12 -11
- pulumi_vault/ldap/auth_backend_user.py +12 -11
- pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
- pulumi_vault/ldap/get_static_credentials.py +24 -5
- pulumi_vault/ldap/secret_backend.py +352 -84
- pulumi_vault/ldap/secret_backend_dynamic_role.py +12 -11
- pulumi_vault/ldap/secret_backend_library_set.py +14 -11
- pulumi_vault/ldap/secret_backend_static_role.py +67 -12
- pulumi_vault/managed/_inputs.py +289 -132
- pulumi_vault/managed/keys.py +27 -43
- pulumi_vault/managed/outputs.py +89 -132
- pulumi_vault/mfa_duo.py +16 -13
- pulumi_vault/mfa_okta.py +16 -13
- pulumi_vault/mfa_pingid.py +16 -13
- pulumi_vault/mfa_totp.py +22 -19
- pulumi_vault/mongodbatlas/secret_backend.py +18 -17
- pulumi_vault/mongodbatlas/secret_role.py +41 -38
- pulumi_vault/mount.py +389 -65
- pulumi_vault/namespace.py +26 -21
- pulumi_vault/nomad_secret_backend.py +16 -15
- pulumi_vault/nomad_secret_role.py +12 -11
- pulumi_vault/okta/_inputs.py +47 -8
- pulumi_vault/okta/auth_backend.py +483 -41
- pulumi_vault/okta/auth_backend_group.py +12 -11
- pulumi_vault/okta/auth_backend_user.py +12 -11
- pulumi_vault/okta/outputs.py +13 -8
- pulumi_vault/outputs.py +5 -0
- pulumi_vault/password_policy.py +18 -15
- pulumi_vault/pkisecret/__init__.py +3 -0
- pulumi_vault/pkisecret/_inputs.py +81 -0
- pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
- pulumi_vault/pkisecret/backend_config_est.py +619 -0
- pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
- pulumi_vault/pkisecret/get_backend_issuer.py +63 -7
- pulumi_vault/pkisecret/get_backend_issuers.py +21 -12
- pulumi_vault/pkisecret/get_backend_key.py +24 -13
- pulumi_vault/pkisecret/get_backend_keys.py +21 -12
- pulumi_vault/pkisecret/outputs.py +69 -0
- pulumi_vault/pkisecret/secret_backend_cert.py +18 -15
- pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -15
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +12 -11
- pulumi_vault/pkisecret/secret_backend_config_urls.py +59 -11
- pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -13
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -15
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -21
- pulumi_vault/pkisecret/secret_backend_issuer.py +12 -11
- pulumi_vault/pkisecret/secret_backend_key.py +12 -7
- pulumi_vault/pkisecret/secret_backend_role.py +19 -16
- pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -52
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -62
- pulumi_vault/pkisecret/secret_backend_sign.py +18 -60
- pulumi_vault/plugin.py +595 -0
- pulumi_vault/plugin_pinned_version.py +298 -0
- pulumi_vault/policy.py +12 -7
- pulumi_vault/provider.py +48 -53
- pulumi_vault/pulumi-plugin.json +2 -1
- pulumi_vault/quota_lease_count.py +58 -8
- pulumi_vault/quota_rate_limit.py +54 -4
- pulumi_vault/rabbitmq/_inputs.py +61 -0
- pulumi_vault/rabbitmq/outputs.py +5 -0
- pulumi_vault/rabbitmq/secret_backend.py +16 -15
- pulumi_vault/rabbitmq/secret_backend_role.py +52 -49
- pulumi_vault/raft_autopilot.py +12 -11
- pulumi_vault/raft_snapshot_agent_config.py +121 -311
- pulumi_vault/rgp_policy.py +14 -13
- pulumi_vault/saml/auth_backend.py +20 -19
- pulumi_vault/saml/auth_backend_role.py +90 -199
- pulumi_vault/secrets/__init__.py +3 -0
- pulumi_vault/secrets/_inputs.py +110 -0
- pulumi_vault/secrets/outputs.py +94 -0
- pulumi_vault/secrets/sync_association.py +56 -75
- pulumi_vault/secrets/sync_aws_destination.py +240 -29
- pulumi_vault/secrets/sync_azure_destination.py +90 -33
- pulumi_vault/secrets/sync_config.py +7 -6
- pulumi_vault/secrets/sync_gcp_destination.py +156 -27
- pulumi_vault/secrets/sync_gh_destination.py +187 -15
- pulumi_vault/secrets/sync_github_apps.py +375 -0
- pulumi_vault/secrets/sync_vercel_destination.py +72 -15
- pulumi_vault/ssh/_inputs.py +28 -32
- pulumi_vault/ssh/outputs.py +11 -32
- pulumi_vault/ssh/secret_backend_ca.py +106 -11
- pulumi_vault/ssh/secret_backend_role.py +83 -120
- pulumi_vault/terraformcloud/secret_backend.py +5 -56
- pulumi_vault/terraformcloud/secret_creds.py +14 -24
- pulumi_vault/terraformcloud/secret_role.py +14 -76
- pulumi_vault/token.py +26 -25
- pulumi_vault/tokenauth/auth_backend_role.py +76 -201
- pulumi_vault/transform/alphabet.py +16 -13
- pulumi_vault/transform/get_decode.py +45 -21
- pulumi_vault/transform/get_encode.py +45 -21
- pulumi_vault/transform/role.py +16 -13
- pulumi_vault/transform/template.py +30 -25
- pulumi_vault/transform/transformation.py +12 -7
- pulumi_vault/transit/get_decrypt.py +26 -25
- pulumi_vault/transit/get_encrypt.py +24 -19
- pulumi_vault/transit/secret_backend_key.py +25 -97
- pulumi_vault/transit/secret_cache_config.py +12 -11
- {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736850018.dist-info}/METADATA +8 -7
- pulumi_vault-6.5.0a1736850018.dist-info/RECORD +256 -0
- {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736850018.dist-info}/WHEEL +1 -1
- pulumi_vault-5.21.0a1710160723.dist-info/RECORD +0 -244
- {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736850018.dist-info}/top_level.txt +0 -0
pulumi_vault/secrets/__init__.py
CHANGED
@@ -11,4 +11,7 @@ from .sync_azure_destination import *
|
|
11
11
|
from .sync_config import *
|
12
12
|
from .sync_gcp_destination import *
|
13
13
|
from .sync_gh_destination import *
|
14
|
+
from .sync_github_apps import *
|
14
15
|
from .sync_vercel_destination import *
|
16
|
+
from ._inputs import *
|
17
|
+
from . import outputs
|
@@ -0,0 +1,110 @@
|
|
1
|
+
# coding=utf-8
|
2
|
+
# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
|
3
|
+
# *** Do not edit by hand unless you're certain you know what you are doing! ***
|
4
|
+
|
5
|
+
import copy
|
6
|
+
import warnings
|
7
|
+
import sys
|
8
|
+
import pulumi
|
9
|
+
import pulumi.runtime
|
10
|
+
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
15
|
+
from .. import _utilities
|
16
|
+
|
17
|
+
__all__ = [
|
18
|
+
'SyncAssociationMetadataArgs',
|
19
|
+
'SyncAssociationMetadataArgsDict',
|
20
|
+
]
|
21
|
+
|
22
|
+
MYPY = False
|
23
|
+
|
24
|
+
if not MYPY:
|
25
|
+
class SyncAssociationMetadataArgsDict(TypedDict):
|
26
|
+
sub_key: NotRequired[pulumi.Input[str]]
|
27
|
+
"""
|
28
|
+
Subkey of the associated secret.
|
29
|
+
"""
|
30
|
+
sync_status: NotRequired[pulumi.Input[str]]
|
31
|
+
"""
|
32
|
+
A map of sync statuses for each subkey of the associated secret
|
33
|
+
(for ex. `{kv_624bea/aws-token/dev: "SYNCED", kv_624bea/aws-token/prod: "SYNCED"}`).
|
34
|
+
"""
|
35
|
+
updated_at: NotRequired[pulumi.Input[str]]
|
36
|
+
"""
|
37
|
+
A map of duration strings specifying when each subkey of the associated
|
38
|
+
secret was last updated.
|
39
|
+
(for ex.
|
40
|
+
`{kv_624bea/aws-token/dev: "2024-03-21T12:42:02.558533-07:00",
|
41
|
+
kv_624bea/aws-token/prod: "2024-03-21T12:42:02.558533-07:00"}`).
|
42
|
+
"""
|
43
|
+
elif False:
|
44
|
+
SyncAssociationMetadataArgsDict: TypeAlias = Mapping[str, Any]
|
45
|
+
|
46
|
+
@pulumi.input_type
|
47
|
+
class SyncAssociationMetadataArgs:
|
48
|
+
def __init__(__self__, *,
|
49
|
+
sub_key: Optional[pulumi.Input[str]] = None,
|
50
|
+
sync_status: Optional[pulumi.Input[str]] = None,
|
51
|
+
updated_at: Optional[pulumi.Input[str]] = None):
|
52
|
+
"""
|
53
|
+
:param pulumi.Input[str] sub_key: Subkey of the associated secret.
|
54
|
+
:param pulumi.Input[str] sync_status: A map of sync statuses for each subkey of the associated secret
|
55
|
+
(for ex. `{kv_624bea/aws-token/dev: "SYNCED", kv_624bea/aws-token/prod: "SYNCED"}`).
|
56
|
+
:param pulumi.Input[str] updated_at: A map of duration strings specifying when each subkey of the associated
|
57
|
+
secret was last updated.
|
58
|
+
(for ex.
|
59
|
+
`{kv_624bea/aws-token/dev: "2024-03-21T12:42:02.558533-07:00",
|
60
|
+
kv_624bea/aws-token/prod: "2024-03-21T12:42:02.558533-07:00"}`).
|
61
|
+
"""
|
62
|
+
if sub_key is not None:
|
63
|
+
pulumi.set(__self__, "sub_key", sub_key)
|
64
|
+
if sync_status is not None:
|
65
|
+
pulumi.set(__self__, "sync_status", sync_status)
|
66
|
+
if updated_at is not None:
|
67
|
+
pulumi.set(__self__, "updated_at", updated_at)
|
68
|
+
|
69
|
+
@property
|
70
|
+
@pulumi.getter(name="subKey")
|
71
|
+
def sub_key(self) -> Optional[pulumi.Input[str]]:
|
72
|
+
"""
|
73
|
+
Subkey of the associated secret.
|
74
|
+
"""
|
75
|
+
return pulumi.get(self, "sub_key")
|
76
|
+
|
77
|
+
@sub_key.setter
|
78
|
+
def sub_key(self, value: Optional[pulumi.Input[str]]):
|
79
|
+
pulumi.set(self, "sub_key", value)
|
80
|
+
|
81
|
+
@property
|
82
|
+
@pulumi.getter(name="syncStatus")
|
83
|
+
def sync_status(self) -> Optional[pulumi.Input[str]]:
|
84
|
+
"""
|
85
|
+
A map of sync statuses for each subkey of the associated secret
|
86
|
+
(for ex. `{kv_624bea/aws-token/dev: "SYNCED", kv_624bea/aws-token/prod: "SYNCED"}`).
|
87
|
+
"""
|
88
|
+
return pulumi.get(self, "sync_status")
|
89
|
+
|
90
|
+
@sync_status.setter
|
91
|
+
def sync_status(self, value: Optional[pulumi.Input[str]]):
|
92
|
+
pulumi.set(self, "sync_status", value)
|
93
|
+
|
94
|
+
@property
|
95
|
+
@pulumi.getter(name="updatedAt")
|
96
|
+
def updated_at(self) -> Optional[pulumi.Input[str]]:
|
97
|
+
"""
|
98
|
+
A map of duration strings specifying when each subkey of the associated
|
99
|
+
secret was last updated.
|
100
|
+
(for ex.
|
101
|
+
`{kv_624bea/aws-token/dev: "2024-03-21T12:42:02.558533-07:00",
|
102
|
+
kv_624bea/aws-token/prod: "2024-03-21T12:42:02.558533-07:00"}`).
|
103
|
+
"""
|
104
|
+
return pulumi.get(self, "updated_at")
|
105
|
+
|
106
|
+
@updated_at.setter
|
107
|
+
def updated_at(self, value: Optional[pulumi.Input[str]]):
|
108
|
+
pulumi.set(self, "updated_at", value)
|
109
|
+
|
110
|
+
|
@@ -0,0 +1,94 @@
|
|
1
|
+
# coding=utf-8
|
2
|
+
# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
|
3
|
+
# *** Do not edit by hand unless you're certain you know what you are doing! ***
|
4
|
+
|
5
|
+
import copy
|
6
|
+
import warnings
|
7
|
+
import sys
|
8
|
+
import pulumi
|
9
|
+
import pulumi.runtime
|
10
|
+
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
15
|
+
from .. import _utilities
|
16
|
+
|
17
|
+
__all__ = [
|
18
|
+
'SyncAssociationMetadata',
|
19
|
+
]
|
20
|
+
|
21
|
+
@pulumi.output_type
|
22
|
+
class SyncAssociationMetadata(dict):
|
23
|
+
@staticmethod
|
24
|
+
def __key_warning(key: str):
|
25
|
+
suggest = None
|
26
|
+
if key == "subKey":
|
27
|
+
suggest = "sub_key"
|
28
|
+
elif key == "syncStatus":
|
29
|
+
suggest = "sync_status"
|
30
|
+
elif key == "updatedAt":
|
31
|
+
suggest = "updated_at"
|
32
|
+
|
33
|
+
if suggest:
|
34
|
+
pulumi.log.warn(f"Key '{key}' not found in SyncAssociationMetadata. Access the value via the '{suggest}' property getter instead.")
|
35
|
+
|
36
|
+
def __getitem__(self, key: str) -> Any:
|
37
|
+
SyncAssociationMetadata.__key_warning(key)
|
38
|
+
return super().__getitem__(key)
|
39
|
+
|
40
|
+
def get(self, key: str, default = None) -> Any:
|
41
|
+
SyncAssociationMetadata.__key_warning(key)
|
42
|
+
return super().get(key, default)
|
43
|
+
|
44
|
+
def __init__(__self__, *,
|
45
|
+
sub_key: Optional[str] = None,
|
46
|
+
sync_status: Optional[str] = None,
|
47
|
+
updated_at: Optional[str] = None):
|
48
|
+
"""
|
49
|
+
:param str sub_key: Subkey of the associated secret.
|
50
|
+
:param str sync_status: A map of sync statuses for each subkey of the associated secret
|
51
|
+
(for ex. `{kv_624bea/aws-token/dev: "SYNCED", kv_624bea/aws-token/prod: "SYNCED"}`).
|
52
|
+
:param str updated_at: A map of duration strings specifying when each subkey of the associated
|
53
|
+
secret was last updated.
|
54
|
+
(for ex.
|
55
|
+
`{kv_624bea/aws-token/dev: "2024-03-21T12:42:02.558533-07:00",
|
56
|
+
kv_624bea/aws-token/prod: "2024-03-21T12:42:02.558533-07:00"}`).
|
57
|
+
"""
|
58
|
+
if sub_key is not None:
|
59
|
+
pulumi.set(__self__, "sub_key", sub_key)
|
60
|
+
if sync_status is not None:
|
61
|
+
pulumi.set(__self__, "sync_status", sync_status)
|
62
|
+
if updated_at is not None:
|
63
|
+
pulumi.set(__self__, "updated_at", updated_at)
|
64
|
+
|
65
|
+
@property
|
66
|
+
@pulumi.getter(name="subKey")
|
67
|
+
def sub_key(self) -> Optional[str]:
|
68
|
+
"""
|
69
|
+
Subkey of the associated secret.
|
70
|
+
"""
|
71
|
+
return pulumi.get(self, "sub_key")
|
72
|
+
|
73
|
+
@property
|
74
|
+
@pulumi.getter(name="syncStatus")
|
75
|
+
def sync_status(self) -> Optional[str]:
|
76
|
+
"""
|
77
|
+
A map of sync statuses for each subkey of the associated secret
|
78
|
+
(for ex. `{kv_624bea/aws-token/dev: "SYNCED", kv_624bea/aws-token/prod: "SYNCED"}`).
|
79
|
+
"""
|
80
|
+
return pulumi.get(self, "sync_status")
|
81
|
+
|
82
|
+
@property
|
83
|
+
@pulumi.getter(name="updatedAt")
|
84
|
+
def updated_at(self) -> Optional[str]:
|
85
|
+
"""
|
86
|
+
A map of duration strings specifying when each subkey of the associated
|
87
|
+
secret was last updated.
|
88
|
+
(for ex.
|
89
|
+
`{kv_624bea/aws-token/dev: "2024-03-21T12:42:02.558533-07:00",
|
90
|
+
kv_624bea/aws-token/prod: "2024-03-21T12:42:02.558533-07:00"}`).
|
91
|
+
"""
|
92
|
+
return pulumi.get(self, "updated_at")
|
93
|
+
|
94
|
+
|
@@ -4,10 +4,17 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
16
|
+
from . import outputs
|
17
|
+
from ._inputs import *
|
11
18
|
|
12
19
|
__all__ = ['SyncAssociationArgs', 'SyncAssociation']
|
13
20
|
|
@@ -27,7 +34,7 @@ class SyncAssociationArgs:
|
|
27
34
|
:param pulumi.Input[str] name: Specifies the name of the destination.
|
28
35
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
29
36
|
The value should not contain leading or trailing forward slashes.
|
30
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
37
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
31
38
|
"""
|
32
39
|
pulumi.set(__self__, "mount", mount)
|
33
40
|
pulumi.set(__self__, "secret_name", secret_name)
|
@@ -91,7 +98,7 @@ class SyncAssociationArgs:
|
|
91
98
|
"""
|
92
99
|
The namespace to provision the resource in.
|
93
100
|
The value should not contain leading or trailing forward slashes.
|
94
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
101
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
95
102
|
"""
|
96
103
|
return pulumi.get(self, "namespace")
|
97
104
|
|
@@ -103,25 +110,25 @@ class SyncAssociationArgs:
|
|
103
110
|
@pulumi.input_type
|
104
111
|
class _SyncAssociationState:
|
105
112
|
def __init__(__self__, *,
|
113
|
+
metadatas: Optional[pulumi.Input[Sequence[pulumi.Input['SyncAssociationMetadataArgs']]]] = None,
|
106
114
|
mount: Optional[pulumi.Input[str]] = None,
|
107
115
|
name: Optional[pulumi.Input[str]] = None,
|
108
116
|
namespace: Optional[pulumi.Input[str]] = None,
|
109
117
|
secret_name: Optional[pulumi.Input[str]] = None,
|
110
|
-
|
111
|
-
type: Optional[pulumi.Input[str]] = None,
|
112
|
-
updated_at: Optional[pulumi.Input[str]] = None):
|
118
|
+
type: Optional[pulumi.Input[str]] = None):
|
113
119
|
"""
|
114
120
|
Input properties used for looking up and filtering SyncAssociation resources.
|
121
|
+
:param pulumi.Input[Sequence[pulumi.Input['SyncAssociationMetadataArgs']]] metadatas: Metadata for each subkey of the associated secret.
|
115
122
|
:param pulumi.Input[str] mount: Specifies the mount where the secret is located.
|
116
123
|
:param pulumi.Input[str] name: Specifies the name of the destination.
|
117
124
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
118
125
|
The value should not contain leading or trailing forward slashes.
|
119
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
126
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
120
127
|
:param pulumi.Input[str] secret_name: Specifies the name of the secret to synchronize.
|
121
|
-
:param pulumi.Input[str] sync_status: Specifies the status of the association (for eg. `SYNCED`).
|
122
128
|
:param pulumi.Input[str] type: Specifies the destination type.
|
123
|
-
:param pulumi.Input[str] updated_at: Duration string specifying when the secret was last updated.
|
124
129
|
"""
|
130
|
+
if metadatas is not None:
|
131
|
+
pulumi.set(__self__, "metadatas", metadatas)
|
125
132
|
if mount is not None:
|
126
133
|
pulumi.set(__self__, "mount", mount)
|
127
134
|
if name is not None:
|
@@ -130,12 +137,20 @@ class _SyncAssociationState:
|
|
130
137
|
pulumi.set(__self__, "namespace", namespace)
|
131
138
|
if secret_name is not None:
|
132
139
|
pulumi.set(__self__, "secret_name", secret_name)
|
133
|
-
if sync_status is not None:
|
134
|
-
pulumi.set(__self__, "sync_status", sync_status)
|
135
140
|
if type is not None:
|
136
141
|
pulumi.set(__self__, "type", type)
|
137
|
-
|
138
|
-
|
142
|
+
|
143
|
+
@property
|
144
|
+
@pulumi.getter
|
145
|
+
def metadatas(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['SyncAssociationMetadataArgs']]]]:
|
146
|
+
"""
|
147
|
+
Metadata for each subkey of the associated secret.
|
148
|
+
"""
|
149
|
+
return pulumi.get(self, "metadatas")
|
150
|
+
|
151
|
+
@metadatas.setter
|
152
|
+
def metadatas(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['SyncAssociationMetadataArgs']]]]):
|
153
|
+
pulumi.set(self, "metadatas", value)
|
139
154
|
|
140
155
|
@property
|
141
156
|
@pulumi.getter
|
@@ -167,7 +182,7 @@ class _SyncAssociationState:
|
|
167
182
|
"""
|
168
183
|
The namespace to provision the resource in.
|
169
184
|
The value should not contain leading or trailing forward slashes.
|
170
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
185
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
171
186
|
"""
|
172
187
|
return pulumi.get(self, "namespace")
|
173
188
|
|
@@ -187,18 +202,6 @@ class _SyncAssociationState:
|
|
187
202
|
def secret_name(self, value: Optional[pulumi.Input[str]]):
|
188
203
|
pulumi.set(self, "secret_name", value)
|
189
204
|
|
190
|
-
@property
|
191
|
-
@pulumi.getter(name="syncStatus")
|
192
|
-
def sync_status(self) -> Optional[pulumi.Input[str]]:
|
193
|
-
"""
|
194
|
-
Specifies the status of the association (for eg. `SYNCED`).
|
195
|
-
"""
|
196
|
-
return pulumi.get(self, "sync_status")
|
197
|
-
|
198
|
-
@sync_status.setter
|
199
|
-
def sync_status(self, value: Optional[pulumi.Input[str]]):
|
200
|
-
pulumi.set(self, "sync_status", value)
|
201
|
-
|
202
205
|
@property
|
203
206
|
@pulumi.getter
|
204
207
|
def type(self) -> Optional[pulumi.Input[str]]:
|
@@ -211,18 +214,6 @@ class _SyncAssociationState:
|
|
211
214
|
def type(self, value: Optional[pulumi.Input[str]]):
|
212
215
|
pulumi.set(self, "type", value)
|
213
216
|
|
214
|
-
@property
|
215
|
-
@pulumi.getter(name="updatedAt")
|
216
|
-
def updated_at(self) -> Optional[pulumi.Input[str]]:
|
217
|
-
"""
|
218
|
-
Duration string specifying when the secret was last updated.
|
219
|
-
"""
|
220
|
-
return pulumi.get(self, "updated_at")
|
221
|
-
|
222
|
-
@updated_at.setter
|
223
|
-
def updated_at(self, value: Optional[pulumi.Input[str]]):
|
224
|
-
pulumi.set(self, "updated_at", value)
|
225
|
-
|
226
217
|
|
227
218
|
class SyncAssociation(pulumi.CustomResource):
|
228
219
|
@overload
|
@@ -238,7 +229,6 @@ class SyncAssociation(pulumi.CustomResource):
|
|
238
229
|
"""
|
239
230
|
## Example Usage
|
240
231
|
|
241
|
-
<!--Start PulumiCodeChooser -->
|
242
232
|
```python
|
243
233
|
import pulumi
|
244
234
|
import json
|
@@ -253,21 +243,23 @@ class SyncAssociation(pulumi.CustomResource):
|
|
253
243
|
description="KV Version 2 secret engine mount")
|
254
244
|
token = vault.kv.SecretV2("token",
|
255
245
|
mount=kvv2.path,
|
246
|
+
name="token",
|
256
247
|
data_json=json.dumps({
|
257
248
|
"dev": "B!gS3cr3t",
|
258
249
|
"prod": "S3cureP4$$",
|
259
250
|
}))
|
260
251
|
gh = vault.secrets.SyncGhDestination("gh",
|
261
|
-
|
262
|
-
|
252
|
+
name="gh-dest",
|
253
|
+
access_token=access_token,
|
254
|
+
repository_owner=repo_owner,
|
263
255
|
repository_name="repo-name-example",
|
264
256
|
secret_name_template="vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}")
|
265
|
-
gh_token = vault.secrets.SyncAssociation("
|
257
|
+
gh_token = vault.secrets.SyncAssociation("gh_token",
|
258
|
+
name=gh.name,
|
266
259
|
type=gh.type,
|
267
260
|
mount=kvv2.path,
|
268
261
|
secret_name=token.name)
|
269
262
|
```
|
270
|
-
<!--End PulumiCodeChooser -->
|
271
263
|
|
272
264
|
:param str resource_name: The name of the resource.
|
273
265
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
@@ -275,7 +267,7 @@ class SyncAssociation(pulumi.CustomResource):
|
|
275
267
|
:param pulumi.Input[str] name: Specifies the name of the destination.
|
276
268
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
277
269
|
The value should not contain leading or trailing forward slashes.
|
278
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
270
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
279
271
|
:param pulumi.Input[str] secret_name: Specifies the name of the secret to synchronize.
|
280
272
|
:param pulumi.Input[str] type: Specifies the destination type.
|
281
273
|
"""
|
@@ -288,7 +280,6 @@ class SyncAssociation(pulumi.CustomResource):
|
|
288
280
|
"""
|
289
281
|
## Example Usage
|
290
282
|
|
291
|
-
<!--Start PulumiCodeChooser -->
|
292
283
|
```python
|
293
284
|
import pulumi
|
294
285
|
import json
|
@@ -303,21 +294,23 @@ class SyncAssociation(pulumi.CustomResource):
|
|
303
294
|
description="KV Version 2 secret engine mount")
|
304
295
|
token = vault.kv.SecretV2("token",
|
305
296
|
mount=kvv2.path,
|
297
|
+
name="token",
|
306
298
|
data_json=json.dumps({
|
307
299
|
"dev": "B!gS3cr3t",
|
308
300
|
"prod": "S3cureP4$$",
|
309
301
|
}))
|
310
302
|
gh = vault.secrets.SyncGhDestination("gh",
|
311
|
-
|
312
|
-
|
303
|
+
name="gh-dest",
|
304
|
+
access_token=access_token,
|
305
|
+
repository_owner=repo_owner,
|
313
306
|
repository_name="repo-name-example",
|
314
307
|
secret_name_template="vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}")
|
315
|
-
gh_token = vault.secrets.SyncAssociation("
|
308
|
+
gh_token = vault.secrets.SyncAssociation("gh_token",
|
309
|
+
name=gh.name,
|
316
310
|
type=gh.type,
|
317
311
|
mount=kvv2.path,
|
318
312
|
secret_name=token.name)
|
319
313
|
```
|
320
|
-
<!--End PulumiCodeChooser -->
|
321
314
|
|
322
315
|
:param str resource_name: The name of the resource.
|
323
316
|
:param SyncAssociationArgs args: The arguments to use to populate this resource's properties.
|
@@ -359,8 +352,7 @@ class SyncAssociation(pulumi.CustomResource):
|
|
359
352
|
if type is None and not opts.urn:
|
360
353
|
raise TypeError("Missing required property 'type'")
|
361
354
|
__props__.__dict__["type"] = type
|
362
|
-
__props__.__dict__["
|
363
|
-
__props__.__dict__["updated_at"] = None
|
355
|
+
__props__.__dict__["metadatas"] = None
|
364
356
|
super(SyncAssociation, __self__).__init__(
|
365
357
|
'vault:secrets/syncAssociation:SyncAssociation',
|
366
358
|
resource_name,
|
@@ -371,13 +363,12 @@ class SyncAssociation(pulumi.CustomResource):
|
|
371
363
|
def get(resource_name: str,
|
372
364
|
id: pulumi.Input[str],
|
373
365
|
opts: Optional[pulumi.ResourceOptions] = None,
|
366
|
+
metadatas: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SyncAssociationMetadataArgs', 'SyncAssociationMetadataArgsDict']]]]] = None,
|
374
367
|
mount: Optional[pulumi.Input[str]] = None,
|
375
368
|
name: Optional[pulumi.Input[str]] = None,
|
376
369
|
namespace: Optional[pulumi.Input[str]] = None,
|
377
370
|
secret_name: Optional[pulumi.Input[str]] = None,
|
378
|
-
|
379
|
-
type: Optional[pulumi.Input[str]] = None,
|
380
|
-
updated_at: Optional[pulumi.Input[str]] = None) -> 'SyncAssociation':
|
371
|
+
type: Optional[pulumi.Input[str]] = None) -> 'SyncAssociation':
|
381
372
|
"""
|
382
373
|
Get an existing SyncAssociation resource's state with the given name, id, and optional extra
|
383
374
|
properties used to qualify the lookup.
|
@@ -385,29 +376,35 @@ class SyncAssociation(pulumi.CustomResource):
|
|
385
376
|
:param str resource_name: The unique name of the resulting resource.
|
386
377
|
:param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
|
387
378
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
379
|
+
:param pulumi.Input[Sequence[pulumi.Input[Union['SyncAssociationMetadataArgs', 'SyncAssociationMetadataArgsDict']]]] metadatas: Metadata for each subkey of the associated secret.
|
388
380
|
:param pulumi.Input[str] mount: Specifies the mount where the secret is located.
|
389
381
|
:param pulumi.Input[str] name: Specifies the name of the destination.
|
390
382
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
391
383
|
The value should not contain leading or trailing forward slashes.
|
392
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
384
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
393
385
|
:param pulumi.Input[str] secret_name: Specifies the name of the secret to synchronize.
|
394
|
-
:param pulumi.Input[str] sync_status: Specifies the status of the association (for eg. `SYNCED`).
|
395
386
|
:param pulumi.Input[str] type: Specifies the destination type.
|
396
|
-
:param pulumi.Input[str] updated_at: Duration string specifying when the secret was last updated.
|
397
387
|
"""
|
398
388
|
opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
|
399
389
|
|
400
390
|
__props__ = _SyncAssociationState.__new__(_SyncAssociationState)
|
401
391
|
|
392
|
+
__props__.__dict__["metadatas"] = metadatas
|
402
393
|
__props__.__dict__["mount"] = mount
|
403
394
|
__props__.__dict__["name"] = name
|
404
395
|
__props__.__dict__["namespace"] = namespace
|
405
396
|
__props__.__dict__["secret_name"] = secret_name
|
406
|
-
__props__.__dict__["sync_status"] = sync_status
|
407
397
|
__props__.__dict__["type"] = type
|
408
|
-
__props__.__dict__["updated_at"] = updated_at
|
409
398
|
return SyncAssociation(resource_name, opts=opts, __props__=__props__)
|
410
399
|
|
400
|
+
@property
|
401
|
+
@pulumi.getter
|
402
|
+
def metadatas(self) -> pulumi.Output[Sequence['outputs.SyncAssociationMetadata']]:
|
403
|
+
"""
|
404
|
+
Metadata for each subkey of the associated secret.
|
405
|
+
"""
|
406
|
+
return pulumi.get(self, "metadatas")
|
407
|
+
|
411
408
|
@property
|
412
409
|
@pulumi.getter
|
413
410
|
def mount(self) -> pulumi.Output[str]:
|
@@ -430,7 +427,7 @@ class SyncAssociation(pulumi.CustomResource):
|
|
430
427
|
"""
|
431
428
|
The namespace to provision the resource in.
|
432
429
|
The value should not contain leading or trailing forward slashes.
|
433
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
430
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
434
431
|
"""
|
435
432
|
return pulumi.get(self, "namespace")
|
436
433
|
|
@@ -442,14 +439,6 @@ class SyncAssociation(pulumi.CustomResource):
|
|
442
439
|
"""
|
443
440
|
return pulumi.get(self, "secret_name")
|
444
441
|
|
445
|
-
@property
|
446
|
-
@pulumi.getter(name="syncStatus")
|
447
|
-
def sync_status(self) -> pulumi.Output[str]:
|
448
|
-
"""
|
449
|
-
Specifies the status of the association (for eg. `SYNCED`).
|
450
|
-
"""
|
451
|
-
return pulumi.get(self, "sync_status")
|
452
|
-
|
453
442
|
@property
|
454
443
|
@pulumi.getter
|
455
444
|
def type(self) -> pulumi.Output[str]:
|
@@ -458,11 +447,3 @@ class SyncAssociation(pulumi.CustomResource):
|
|
458
447
|
"""
|
459
448
|
return pulumi.get(self, "type")
|
460
449
|
|
461
|
-
@property
|
462
|
-
@pulumi.getter(name="updatedAt")
|
463
|
-
def updated_at(self) -> pulumi.Output[str]:
|
464
|
-
"""
|
465
|
-
Duration string specifying when the secret was last updated.
|
466
|
-
"""
|
467
|
-
return pulumi.get(self, "updated_at")
|
468
|
-
|