pulumi-vault 5.21.0a1710160723__py3-none-any.whl → 6.5.0a1736850018__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +52 -0
- pulumi_vault/_inputs.py +560 -0
- pulumi_vault/_utilities.py +41 -5
- pulumi_vault/ad/get_access_credentials.py +22 -7
- pulumi_vault/ad/secret_backend.py +14 -144
- pulumi_vault/ad/secret_library.py +14 -11
- pulumi_vault/ad/secret_role.py +12 -11
- pulumi_vault/alicloud/auth_backend_role.py +74 -192
- pulumi_vault/approle/auth_backend_login.py +12 -11
- pulumi_vault/approle/auth_backend_role.py +75 -193
- pulumi_vault/approle/auth_backend_role_secret_id.py +106 -11
- pulumi_vault/approle/get_auth_backend_role_id.py +18 -9
- pulumi_vault/audit.py +24 -27
- pulumi_vault/audit_request_header.py +11 -6
- pulumi_vault/auth_backend.py +64 -12
- pulumi_vault/aws/auth_backend_cert.py +12 -7
- pulumi_vault/aws/auth_backend_client.py +265 -24
- pulumi_vault/aws/auth_backend_config_identity.py +12 -11
- pulumi_vault/aws/auth_backend_identity_whitelist.py +18 -17
- pulumi_vault/aws/auth_backend_login.py +19 -22
- pulumi_vault/aws/auth_backend_role.py +75 -193
- pulumi_vault/aws/auth_backend_role_tag.py +12 -7
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -17
- pulumi_vault/aws/auth_backend_sts_role.py +12 -11
- pulumi_vault/aws/get_access_credentials.py +34 -7
- pulumi_vault/aws/get_static_access_credentials.py +19 -5
- pulumi_vault/aws/secret_backend.py +75 -7
- pulumi_vault/aws/secret_backend_role.py +183 -11
- pulumi_vault/aws/secret_backend_static_role.py +14 -11
- pulumi_vault/azure/_inputs.py +24 -0
- pulumi_vault/azure/auth_backend_config.py +151 -17
- pulumi_vault/azure/auth_backend_role.py +75 -193
- pulumi_vault/azure/backend.py +223 -29
- pulumi_vault/azure/backend_role.py +42 -41
- pulumi_vault/azure/get_access_credentials.py +39 -11
- pulumi_vault/azure/outputs.py +5 -0
- pulumi_vault/cert_auth_backend_role.py +87 -271
- pulumi_vault/config/__init__.pyi +5 -0
- pulumi_vault/config/_inputs.py +73 -0
- pulumi_vault/config/outputs.py +35 -0
- pulumi_vault/config/ui_custom_message.py +529 -0
- pulumi_vault/config/vars.py +5 -0
- pulumi_vault/consul/secret_backend.py +22 -25
- pulumi_vault/consul/secret_backend_role.py +14 -80
- pulumi_vault/database/_inputs.py +2770 -881
- pulumi_vault/database/outputs.py +721 -838
- pulumi_vault/database/secret_backend_connection.py +117 -114
- pulumi_vault/database/secret_backend_role.py +29 -24
- pulumi_vault/database/secret_backend_static_role.py +85 -15
- pulumi_vault/database/secrets_mount.py +425 -138
- pulumi_vault/egp_policy.py +16 -15
- pulumi_vault/gcp/_inputs.py +111 -0
- pulumi_vault/gcp/auth_backend.py +248 -35
- pulumi_vault/gcp/auth_backend_role.py +75 -271
- pulumi_vault/gcp/get_auth_backend_role.py +43 -9
- pulumi_vault/gcp/outputs.py +5 -0
- pulumi_vault/gcp/secret_backend.py +287 -16
- pulumi_vault/gcp/secret_impersonated_account.py +74 -17
- pulumi_vault/gcp/secret_roleset.py +29 -26
- pulumi_vault/gcp/secret_static_account.py +37 -34
- pulumi_vault/generic/endpoint.py +22 -21
- pulumi_vault/generic/get_secret.py +68 -12
- pulumi_vault/generic/secret.py +19 -14
- pulumi_vault/get_auth_backend.py +24 -11
- pulumi_vault/get_auth_backends.py +33 -11
- pulumi_vault/get_namespace.py +226 -0
- pulumi_vault/get_namespaces.py +153 -0
- pulumi_vault/get_nomad_access_token.py +31 -15
- pulumi_vault/get_policy_document.py +34 -23
- pulumi_vault/get_raft_autopilot_state.py +29 -14
- pulumi_vault/github/_inputs.py +55 -0
- pulumi_vault/github/auth_backend.py +17 -16
- pulumi_vault/github/outputs.py +5 -0
- pulumi_vault/github/team.py +14 -13
- pulumi_vault/github/user.py +14 -13
- pulumi_vault/identity/entity.py +18 -15
- pulumi_vault/identity/entity_alias.py +18 -15
- pulumi_vault/identity/entity_policies.py +24 -19
- pulumi_vault/identity/get_entity.py +40 -14
- pulumi_vault/identity/get_group.py +45 -13
- pulumi_vault/identity/get_oidc_client_creds.py +21 -11
- pulumi_vault/identity/get_oidc_openid_config.py +39 -13
- pulumi_vault/identity/get_oidc_public_keys.py +29 -14
- pulumi_vault/identity/group.py +50 -49
- pulumi_vault/identity/group_alias.py +14 -11
- pulumi_vault/identity/group_member_entity_ids.py +24 -74
- pulumi_vault/identity/group_member_group_ids.py +36 -27
- pulumi_vault/identity/group_policies.py +16 -15
- pulumi_vault/identity/mfa_duo.py +9 -8
- pulumi_vault/identity/mfa_login_enforcement.py +13 -8
- pulumi_vault/identity/mfa_okta.py +9 -8
- pulumi_vault/identity/mfa_pingid.py +5 -4
- pulumi_vault/identity/mfa_totp.py +5 -4
- pulumi_vault/identity/oidc.py +12 -11
- pulumi_vault/identity/oidc_assignment.py +22 -13
- pulumi_vault/identity/oidc_client.py +34 -25
- pulumi_vault/identity/oidc_key.py +28 -19
- pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -19
- pulumi_vault/identity/oidc_provider.py +34 -23
- pulumi_vault/identity/oidc_role.py +40 -27
- pulumi_vault/identity/oidc_scope.py +18 -15
- pulumi_vault/identity/outputs.py +8 -3
- pulumi_vault/jwt/_inputs.py +55 -0
- pulumi_vault/jwt/auth_backend.py +39 -46
- pulumi_vault/jwt/auth_backend_role.py +131 -260
- pulumi_vault/jwt/outputs.py +5 -0
- pulumi_vault/kmip/secret_backend.py +22 -21
- pulumi_vault/kmip/secret_role.py +12 -11
- pulumi_vault/kmip/secret_scope.py +12 -11
- pulumi_vault/kubernetes/auth_backend_config.py +55 -7
- pulumi_vault/kubernetes/auth_backend_role.py +68 -179
- pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
- pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
- pulumi_vault/kubernetes/get_service_account_token.py +39 -15
- pulumi_vault/kubernetes/secret_backend.py +314 -29
- pulumi_vault/kubernetes/secret_backend_role.py +135 -56
- pulumi_vault/kv/_inputs.py +36 -4
- pulumi_vault/kv/get_secret.py +23 -12
- pulumi_vault/kv/get_secret_subkeys_v2.py +31 -14
- pulumi_vault/kv/get_secret_v2.py +89 -9
- pulumi_vault/kv/get_secrets_list.py +22 -15
- pulumi_vault/kv/get_secrets_list_v2.py +35 -19
- pulumi_vault/kv/outputs.py +8 -3
- pulumi_vault/kv/secret.py +19 -18
- pulumi_vault/kv/secret_backend_v2.py +12 -11
- pulumi_vault/kv/secret_v2.py +55 -52
- pulumi_vault/ldap/auth_backend.py +125 -168
- pulumi_vault/ldap/auth_backend_group.py +12 -11
- pulumi_vault/ldap/auth_backend_user.py +12 -11
- pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
- pulumi_vault/ldap/get_static_credentials.py +24 -5
- pulumi_vault/ldap/secret_backend.py +352 -84
- pulumi_vault/ldap/secret_backend_dynamic_role.py +12 -11
- pulumi_vault/ldap/secret_backend_library_set.py +14 -11
- pulumi_vault/ldap/secret_backend_static_role.py +67 -12
- pulumi_vault/managed/_inputs.py +289 -132
- pulumi_vault/managed/keys.py +27 -43
- pulumi_vault/managed/outputs.py +89 -132
- pulumi_vault/mfa_duo.py +16 -13
- pulumi_vault/mfa_okta.py +16 -13
- pulumi_vault/mfa_pingid.py +16 -13
- pulumi_vault/mfa_totp.py +22 -19
- pulumi_vault/mongodbatlas/secret_backend.py +18 -17
- pulumi_vault/mongodbatlas/secret_role.py +41 -38
- pulumi_vault/mount.py +389 -65
- pulumi_vault/namespace.py +26 -21
- pulumi_vault/nomad_secret_backend.py +16 -15
- pulumi_vault/nomad_secret_role.py +12 -11
- pulumi_vault/okta/_inputs.py +47 -8
- pulumi_vault/okta/auth_backend.py +483 -41
- pulumi_vault/okta/auth_backend_group.py +12 -11
- pulumi_vault/okta/auth_backend_user.py +12 -11
- pulumi_vault/okta/outputs.py +13 -8
- pulumi_vault/outputs.py +5 -0
- pulumi_vault/password_policy.py +18 -15
- pulumi_vault/pkisecret/__init__.py +3 -0
- pulumi_vault/pkisecret/_inputs.py +81 -0
- pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
- pulumi_vault/pkisecret/backend_config_est.py +619 -0
- pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
- pulumi_vault/pkisecret/get_backend_issuer.py +63 -7
- pulumi_vault/pkisecret/get_backend_issuers.py +21 -12
- pulumi_vault/pkisecret/get_backend_key.py +24 -13
- pulumi_vault/pkisecret/get_backend_keys.py +21 -12
- pulumi_vault/pkisecret/outputs.py +69 -0
- pulumi_vault/pkisecret/secret_backend_cert.py +18 -15
- pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -15
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +12 -11
- pulumi_vault/pkisecret/secret_backend_config_urls.py +59 -11
- pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -13
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -15
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -21
- pulumi_vault/pkisecret/secret_backend_issuer.py +12 -11
- pulumi_vault/pkisecret/secret_backend_key.py +12 -7
- pulumi_vault/pkisecret/secret_backend_role.py +19 -16
- pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -52
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -62
- pulumi_vault/pkisecret/secret_backend_sign.py +18 -60
- pulumi_vault/plugin.py +595 -0
- pulumi_vault/plugin_pinned_version.py +298 -0
- pulumi_vault/policy.py +12 -7
- pulumi_vault/provider.py +48 -53
- pulumi_vault/pulumi-plugin.json +2 -1
- pulumi_vault/quota_lease_count.py +58 -8
- pulumi_vault/quota_rate_limit.py +54 -4
- pulumi_vault/rabbitmq/_inputs.py +61 -0
- pulumi_vault/rabbitmq/outputs.py +5 -0
- pulumi_vault/rabbitmq/secret_backend.py +16 -15
- pulumi_vault/rabbitmq/secret_backend_role.py +52 -49
- pulumi_vault/raft_autopilot.py +12 -11
- pulumi_vault/raft_snapshot_agent_config.py +121 -311
- pulumi_vault/rgp_policy.py +14 -13
- pulumi_vault/saml/auth_backend.py +20 -19
- pulumi_vault/saml/auth_backend_role.py +90 -199
- pulumi_vault/secrets/__init__.py +3 -0
- pulumi_vault/secrets/_inputs.py +110 -0
- pulumi_vault/secrets/outputs.py +94 -0
- pulumi_vault/secrets/sync_association.py +56 -75
- pulumi_vault/secrets/sync_aws_destination.py +240 -29
- pulumi_vault/secrets/sync_azure_destination.py +90 -33
- pulumi_vault/secrets/sync_config.py +7 -6
- pulumi_vault/secrets/sync_gcp_destination.py +156 -27
- pulumi_vault/secrets/sync_gh_destination.py +187 -15
- pulumi_vault/secrets/sync_github_apps.py +375 -0
- pulumi_vault/secrets/sync_vercel_destination.py +72 -15
- pulumi_vault/ssh/_inputs.py +28 -32
- pulumi_vault/ssh/outputs.py +11 -32
- pulumi_vault/ssh/secret_backend_ca.py +106 -11
- pulumi_vault/ssh/secret_backend_role.py +83 -120
- pulumi_vault/terraformcloud/secret_backend.py +5 -56
- pulumi_vault/terraformcloud/secret_creds.py +14 -24
- pulumi_vault/terraformcloud/secret_role.py +14 -76
- pulumi_vault/token.py +26 -25
- pulumi_vault/tokenauth/auth_backend_role.py +76 -201
- pulumi_vault/transform/alphabet.py +16 -13
- pulumi_vault/transform/get_decode.py +45 -21
- pulumi_vault/transform/get_encode.py +45 -21
- pulumi_vault/transform/role.py +16 -13
- pulumi_vault/transform/template.py +30 -25
- pulumi_vault/transform/transformation.py +12 -7
- pulumi_vault/transit/get_decrypt.py +26 -25
- pulumi_vault/transit/get_encrypt.py +24 -19
- pulumi_vault/transit/secret_backend_key.py +25 -97
- pulumi_vault/transit/secret_cache_config.py +12 -11
- {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736850018.dist-info}/METADATA +8 -7
- pulumi_vault-6.5.0a1736850018.dist-info/RECORD +256 -0
- {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736850018.dist-info}/WHEEL +1 -1
- pulumi_vault-5.21.0a1710160723.dist-info/RECORD +0 -244
- {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736850018.dist-info}/top_level.txt +0 -0
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
|
12
17
|
__all__ = ['AuthBackendRoleArgs', 'AuthBackendRole']
|
@@ -43,38 +48,20 @@ class AuthBackendRoleArgs:
|
|
43
48
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] disallowed_policies_globs: Set of disallowed policies with glob match for given role.
|
44
49
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
45
50
|
The value should not contain leading or trailing forward slashes.
|
46
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
51
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
47
52
|
*Available only for Vault Enterprise*.
|
48
53
|
:param pulumi.Input[bool] orphan: If true, tokens created against this policy will be orphan tokens.
|
49
54
|
:param pulumi.Input[str] path_suffix: Tokens created against this role will have the given suffix as part of their path in addition to the role name.
|
50
|
-
|
51
|
-
> Due to a bug the resource. This *will* cause all existing tokens issued by this role to be revoked.
|
52
55
|
:param pulumi.Input[bool] renewable: Whether to disable the ability of the token to be renewed past its initial TTL.
|
53
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs:
|
54
|
-
|
55
|
-
|
56
|
-
:param pulumi.Input[
|
57
|
-
|
58
|
-
|
59
|
-
`token_max_ttl` would otherwise allow a renewal.
|
60
|
-
:param pulumi.Input[int] token_max_ttl: The maximum lifetime for generated tokens in number of seconds.
|
61
|
-
Its current value will be referenced at renewal time.
|
62
|
-
:param pulumi.Input[bool] token_no_default_policy: If set, the default policy will not be set on
|
63
|
-
generated tokens; otherwise it will be added to the policies set in token_policies.
|
64
|
-
:param pulumi.Input[int] token_num_uses: The [maximum number](https://www.vaultproject.io/api-docs/token#token_num_uses)
|
65
|
-
of times a generated token may be used (within its lifetime); 0 means unlimited.
|
66
|
-
:param pulumi.Input[int] token_period: If set, indicates that the
|
67
|
-
token generated using this role should never expire. The token should be renewed within the
|
68
|
-
duration specified by this value. At each renewal, the token's TTL will be set to the
|
69
|
-
value of this field. Specified in seconds.
|
56
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
|
57
|
+
:param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
|
58
|
+
:param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
|
59
|
+
:param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
|
60
|
+
:param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
|
61
|
+
:param pulumi.Input[int] token_period: Generated Token's Period
|
70
62
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
|
71
|
-
:param pulumi.Input[int] token_ttl: The
|
72
|
-
|
73
|
-
:param pulumi.Input[str] token_type: The type of token that should be generated. Can be `service`,
|
74
|
-
`batch`, or `default` to use the mount's tuned default (which unless changed will be
|
75
|
-
`service` tokens). For token store roles, there are two additional possibilities:
|
76
|
-
`default-service` and `default-batch` which specify the type to return unless the client
|
77
|
-
requests a different type at generation time.
|
63
|
+
:param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
|
64
|
+
:param pulumi.Input[str] token_type: The type of token to generate, service or batch
|
78
65
|
"""
|
79
66
|
pulumi.set(__self__, "role_name", role_name)
|
80
67
|
if allowed_entity_aliases is not None:
|
@@ -192,7 +179,7 @@ class AuthBackendRoleArgs:
|
|
192
179
|
"""
|
193
180
|
The namespace to provision the resource in.
|
194
181
|
The value should not contain leading or trailing forward slashes.
|
195
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
182
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
196
183
|
*Available only for Vault Enterprise*.
|
197
184
|
"""
|
198
185
|
return pulumi.get(self, "namespace")
|
@@ -218,8 +205,6 @@ class AuthBackendRoleArgs:
|
|
218
205
|
def path_suffix(self) -> Optional[pulumi.Input[str]]:
|
219
206
|
"""
|
220
207
|
Tokens created against this role will have the given suffix as part of their path in addition to the role name.
|
221
|
-
|
222
|
-
> Due to a bug the resource. This *will* cause all existing tokens issued by this role to be revoked.
|
223
208
|
"""
|
224
209
|
return pulumi.get(self, "path_suffix")
|
225
210
|
|
@@ -243,9 +228,7 @@ class AuthBackendRoleArgs:
|
|
243
228
|
@pulumi.getter(name="tokenBoundCidrs")
|
244
229
|
def token_bound_cidrs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
245
230
|
"""
|
246
|
-
|
247
|
-
addresses which can authenticate successfully, and ties the resulting token to these blocks
|
248
|
-
as well.
|
231
|
+
Specifies the blocks of IP addresses which are allowed to use the generated token
|
249
232
|
"""
|
250
233
|
return pulumi.get(self, "token_bound_cidrs")
|
251
234
|
|
@@ -257,10 +240,7 @@ class AuthBackendRoleArgs:
|
|
257
240
|
@pulumi.getter(name="tokenExplicitMaxTtl")
|
258
241
|
def token_explicit_max_ttl(self) -> Optional[pulumi.Input[int]]:
|
259
242
|
"""
|
260
|
-
|
261
|
-
[explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
|
262
|
-
onto the token in number of seconds. This is a hard cap even if `token_ttl` and
|
263
|
-
`token_max_ttl` would otherwise allow a renewal.
|
243
|
+
Generated Token's Explicit Maximum TTL in seconds
|
264
244
|
"""
|
265
245
|
return pulumi.get(self, "token_explicit_max_ttl")
|
266
246
|
|
@@ -272,8 +252,7 @@ class AuthBackendRoleArgs:
|
|
272
252
|
@pulumi.getter(name="tokenMaxTtl")
|
273
253
|
def token_max_ttl(self) -> Optional[pulumi.Input[int]]:
|
274
254
|
"""
|
275
|
-
The maximum lifetime
|
276
|
-
Its current value will be referenced at renewal time.
|
255
|
+
The maximum lifetime of the generated token
|
277
256
|
"""
|
278
257
|
return pulumi.get(self, "token_max_ttl")
|
279
258
|
|
@@ -285,8 +264,7 @@ class AuthBackendRoleArgs:
|
|
285
264
|
@pulumi.getter(name="tokenNoDefaultPolicy")
|
286
265
|
def token_no_default_policy(self) -> Optional[pulumi.Input[bool]]:
|
287
266
|
"""
|
288
|
-
If
|
289
|
-
generated tokens; otherwise it will be added to the policies set in token_policies.
|
267
|
+
If true, the 'default' policy will not automatically be added to generated tokens
|
290
268
|
"""
|
291
269
|
return pulumi.get(self, "token_no_default_policy")
|
292
270
|
|
@@ -298,8 +276,7 @@ class AuthBackendRoleArgs:
|
|
298
276
|
@pulumi.getter(name="tokenNumUses")
|
299
277
|
def token_num_uses(self) -> Optional[pulumi.Input[int]]:
|
300
278
|
"""
|
301
|
-
The
|
302
|
-
of times a generated token may be used (within its lifetime); 0 means unlimited.
|
279
|
+
The maximum number of times a token may be used, a value of zero means unlimited
|
303
280
|
"""
|
304
281
|
return pulumi.get(self, "token_num_uses")
|
305
282
|
|
@@ -311,10 +288,7 @@ class AuthBackendRoleArgs:
|
|
311
288
|
@pulumi.getter(name="tokenPeriod")
|
312
289
|
def token_period(self) -> Optional[pulumi.Input[int]]:
|
313
290
|
"""
|
314
|
-
|
315
|
-
token generated using this role should never expire. The token should be renewed within the
|
316
|
-
duration specified by this value. At each renewal, the token's TTL will be set to the
|
317
|
-
value of this field. Specified in seconds.
|
291
|
+
Generated Token's Period
|
318
292
|
"""
|
319
293
|
return pulumi.get(self, "token_period")
|
320
294
|
|
@@ -338,8 +312,7 @@ class AuthBackendRoleArgs:
|
|
338
312
|
@pulumi.getter(name="tokenTtl")
|
339
313
|
def token_ttl(self) -> Optional[pulumi.Input[int]]:
|
340
314
|
"""
|
341
|
-
The
|
342
|
-
Its current value will be referenced at renewal time.
|
315
|
+
The initial ttl of the token to generate in seconds
|
343
316
|
"""
|
344
317
|
return pulumi.get(self, "token_ttl")
|
345
318
|
|
@@ -351,11 +324,7 @@ class AuthBackendRoleArgs:
|
|
351
324
|
@pulumi.getter(name="tokenType")
|
352
325
|
def token_type(self) -> Optional[pulumi.Input[str]]:
|
353
326
|
"""
|
354
|
-
The type of token
|
355
|
-
`batch`, or `default` to use the mount's tuned default (which unless changed will be
|
356
|
-
`service` tokens). For token store roles, there are two additional possibilities:
|
357
|
-
`default-service` and `default-batch` which specify the type to return unless the client
|
358
|
-
requests a different type at generation time.
|
327
|
+
The type of token to generate, service or batch
|
359
328
|
"""
|
360
329
|
return pulumi.get(self, "token_type")
|
361
330
|
|
@@ -395,39 +364,21 @@ class _AuthBackendRoleState:
|
|
395
364
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] disallowed_policies_globs: Set of disallowed policies with glob match for given role.
|
396
365
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
397
366
|
The value should not contain leading or trailing forward slashes.
|
398
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
367
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
399
368
|
*Available only for Vault Enterprise*.
|
400
369
|
:param pulumi.Input[bool] orphan: If true, tokens created against this policy will be orphan tokens.
|
401
370
|
:param pulumi.Input[str] path_suffix: Tokens created against this role will have the given suffix as part of their path in addition to the role name.
|
402
|
-
|
403
|
-
> Due to a bug the resource. This *will* cause all existing tokens issued by this role to be revoked.
|
404
371
|
:param pulumi.Input[bool] renewable: Whether to disable the ability of the token to be renewed past its initial TTL.
|
405
372
|
:param pulumi.Input[str] role_name: The name of the role.
|
406
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs:
|
407
|
-
|
408
|
-
|
409
|
-
:param pulumi.Input[
|
410
|
-
|
411
|
-
|
412
|
-
`token_max_ttl` would otherwise allow a renewal.
|
413
|
-
:param pulumi.Input[int] token_max_ttl: The maximum lifetime for generated tokens in number of seconds.
|
414
|
-
Its current value will be referenced at renewal time.
|
415
|
-
:param pulumi.Input[bool] token_no_default_policy: If set, the default policy will not be set on
|
416
|
-
generated tokens; otherwise it will be added to the policies set in token_policies.
|
417
|
-
:param pulumi.Input[int] token_num_uses: The [maximum number](https://www.vaultproject.io/api-docs/token#token_num_uses)
|
418
|
-
of times a generated token may be used (within its lifetime); 0 means unlimited.
|
419
|
-
:param pulumi.Input[int] token_period: If set, indicates that the
|
420
|
-
token generated using this role should never expire. The token should be renewed within the
|
421
|
-
duration specified by this value. At each renewal, the token's TTL will be set to the
|
422
|
-
value of this field. Specified in seconds.
|
373
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
|
374
|
+
:param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
|
375
|
+
:param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
|
376
|
+
:param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
|
377
|
+
:param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
|
378
|
+
:param pulumi.Input[int] token_period: Generated Token's Period
|
423
379
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
|
424
|
-
:param pulumi.Input[int] token_ttl: The
|
425
|
-
|
426
|
-
:param pulumi.Input[str] token_type: The type of token that should be generated. Can be `service`,
|
427
|
-
`batch`, or `default` to use the mount's tuned default (which unless changed will be
|
428
|
-
`service` tokens). For token store roles, there are two additional possibilities:
|
429
|
-
`default-service` and `default-batch` which specify the type to return unless the client
|
430
|
-
requests a different type at generation time.
|
380
|
+
:param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
|
381
|
+
:param pulumi.Input[str] token_type: The type of token to generate, service or batch
|
431
382
|
"""
|
432
383
|
if allowed_entity_aliases is not None:
|
433
384
|
pulumi.set(__self__, "allowed_entity_aliases", allowed_entity_aliases)
|
@@ -534,7 +485,7 @@ class _AuthBackendRoleState:
|
|
534
485
|
"""
|
535
486
|
The namespace to provision the resource in.
|
536
487
|
The value should not contain leading or trailing forward slashes.
|
537
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
488
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
538
489
|
*Available only for Vault Enterprise*.
|
539
490
|
"""
|
540
491
|
return pulumi.get(self, "namespace")
|
@@ -560,8 +511,6 @@ class _AuthBackendRoleState:
|
|
560
511
|
def path_suffix(self) -> Optional[pulumi.Input[str]]:
|
561
512
|
"""
|
562
513
|
Tokens created against this role will have the given suffix as part of their path in addition to the role name.
|
563
|
-
|
564
|
-
> Due to a bug the resource. This *will* cause all existing tokens issued by this role to be revoked.
|
565
514
|
"""
|
566
515
|
return pulumi.get(self, "path_suffix")
|
567
516
|
|
@@ -597,9 +546,7 @@ class _AuthBackendRoleState:
|
|
597
546
|
@pulumi.getter(name="tokenBoundCidrs")
|
598
547
|
def token_bound_cidrs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
599
548
|
"""
|
600
|
-
|
601
|
-
addresses which can authenticate successfully, and ties the resulting token to these blocks
|
602
|
-
as well.
|
549
|
+
Specifies the blocks of IP addresses which are allowed to use the generated token
|
603
550
|
"""
|
604
551
|
return pulumi.get(self, "token_bound_cidrs")
|
605
552
|
|
@@ -611,10 +558,7 @@ class _AuthBackendRoleState:
|
|
611
558
|
@pulumi.getter(name="tokenExplicitMaxTtl")
|
612
559
|
def token_explicit_max_ttl(self) -> Optional[pulumi.Input[int]]:
|
613
560
|
"""
|
614
|
-
|
615
|
-
[explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
|
616
|
-
onto the token in number of seconds. This is a hard cap even if `token_ttl` and
|
617
|
-
`token_max_ttl` would otherwise allow a renewal.
|
561
|
+
Generated Token's Explicit Maximum TTL in seconds
|
618
562
|
"""
|
619
563
|
return pulumi.get(self, "token_explicit_max_ttl")
|
620
564
|
|
@@ -626,8 +570,7 @@ class _AuthBackendRoleState:
|
|
626
570
|
@pulumi.getter(name="tokenMaxTtl")
|
627
571
|
def token_max_ttl(self) -> Optional[pulumi.Input[int]]:
|
628
572
|
"""
|
629
|
-
The maximum lifetime
|
630
|
-
Its current value will be referenced at renewal time.
|
573
|
+
The maximum lifetime of the generated token
|
631
574
|
"""
|
632
575
|
return pulumi.get(self, "token_max_ttl")
|
633
576
|
|
@@ -639,8 +582,7 @@ class _AuthBackendRoleState:
|
|
639
582
|
@pulumi.getter(name="tokenNoDefaultPolicy")
|
640
583
|
def token_no_default_policy(self) -> Optional[pulumi.Input[bool]]:
|
641
584
|
"""
|
642
|
-
If
|
643
|
-
generated tokens; otherwise it will be added to the policies set in token_policies.
|
585
|
+
If true, the 'default' policy will not automatically be added to generated tokens
|
644
586
|
"""
|
645
587
|
return pulumi.get(self, "token_no_default_policy")
|
646
588
|
|
@@ -652,8 +594,7 @@ class _AuthBackendRoleState:
|
|
652
594
|
@pulumi.getter(name="tokenNumUses")
|
653
595
|
def token_num_uses(self) -> Optional[pulumi.Input[int]]:
|
654
596
|
"""
|
655
|
-
The
|
656
|
-
of times a generated token may be used (within its lifetime); 0 means unlimited.
|
597
|
+
The maximum number of times a token may be used, a value of zero means unlimited
|
657
598
|
"""
|
658
599
|
return pulumi.get(self, "token_num_uses")
|
659
600
|
|
@@ -665,10 +606,7 @@ class _AuthBackendRoleState:
|
|
665
606
|
@pulumi.getter(name="tokenPeriod")
|
666
607
|
def token_period(self) -> Optional[pulumi.Input[int]]:
|
667
608
|
"""
|
668
|
-
|
669
|
-
token generated using this role should never expire. The token should be renewed within the
|
670
|
-
duration specified by this value. At each renewal, the token's TTL will be set to the
|
671
|
-
value of this field. Specified in seconds.
|
609
|
+
Generated Token's Period
|
672
610
|
"""
|
673
611
|
return pulumi.get(self, "token_period")
|
674
612
|
|
@@ -692,8 +630,7 @@ class _AuthBackendRoleState:
|
|
692
630
|
@pulumi.getter(name="tokenTtl")
|
693
631
|
def token_ttl(self) -> Optional[pulumi.Input[int]]:
|
694
632
|
"""
|
695
|
-
The
|
696
|
-
Its current value will be referenced at renewal time.
|
633
|
+
The initial ttl of the token to generate in seconds
|
697
634
|
"""
|
698
635
|
return pulumi.get(self, "token_ttl")
|
699
636
|
|
@@ -705,11 +642,7 @@ class _AuthBackendRoleState:
|
|
705
642
|
@pulumi.getter(name="tokenType")
|
706
643
|
def token_type(self) -> Optional[pulumi.Input[str]]:
|
707
644
|
"""
|
708
|
-
The type of token
|
709
|
-
`batch`, or `default` to use the mount's tuned default (which unless changed will be
|
710
|
-
`service` tokens). For token store roles, there are two additional possibilities:
|
711
|
-
`default-service` and `default-batch` which specify the type to return unless the client
|
712
|
-
requests a different type at generation time.
|
645
|
+
The type of token to generate, service or batch
|
713
646
|
"""
|
714
647
|
return pulumi.get(self, "token_type")
|
715
648
|
|
@@ -750,26 +683,24 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
750
683
|
|
751
684
|
## Example Usage
|
752
685
|
|
753
|
-
<!--Start PulumiCodeChooser -->
|
754
686
|
```python
|
755
687
|
import pulumi
|
756
688
|
import pulumi_vault as vault
|
757
689
|
|
758
690
|
example = vault.tokenauth.AuthBackendRole("example",
|
759
|
-
|
691
|
+
role_name="my-role",
|
760
692
|
allowed_policies=[
|
761
693
|
"dev",
|
762
694
|
"test",
|
763
695
|
],
|
764
696
|
disallowed_policies=["default"],
|
697
|
+
allowed_entity_aliases=["test_entity"],
|
765
698
|
orphan=True,
|
766
|
-
|
699
|
+
token_period=86400,
|
767
700
|
renewable=True,
|
768
|
-
role_name="my-role",
|
769
701
|
token_explicit_max_ttl=115200,
|
770
|
-
|
702
|
+
path_suffix="path-suffix")
|
771
703
|
```
|
772
|
-
<!--End PulumiCodeChooser -->
|
773
704
|
|
774
705
|
## Import
|
775
706
|
|
@@ -788,39 +719,21 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
788
719
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] disallowed_policies_globs: Set of disallowed policies with glob match for given role.
|
789
720
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
790
721
|
The value should not contain leading or trailing forward slashes.
|
791
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
722
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
792
723
|
*Available only for Vault Enterprise*.
|
793
724
|
:param pulumi.Input[bool] orphan: If true, tokens created against this policy will be orphan tokens.
|
794
725
|
:param pulumi.Input[str] path_suffix: Tokens created against this role will have the given suffix as part of their path in addition to the role name.
|
795
|
-
|
796
|
-
> Due to a bug the resource. This *will* cause all existing tokens issued by this role to be revoked.
|
797
726
|
:param pulumi.Input[bool] renewable: Whether to disable the ability of the token to be renewed past its initial TTL.
|
798
727
|
:param pulumi.Input[str] role_name: The name of the role.
|
799
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs:
|
800
|
-
|
801
|
-
|
802
|
-
:param pulumi.Input[
|
803
|
-
|
804
|
-
|
805
|
-
`token_max_ttl` would otherwise allow a renewal.
|
806
|
-
:param pulumi.Input[int] token_max_ttl: The maximum lifetime for generated tokens in number of seconds.
|
807
|
-
Its current value will be referenced at renewal time.
|
808
|
-
:param pulumi.Input[bool] token_no_default_policy: If set, the default policy will not be set on
|
809
|
-
generated tokens; otherwise it will be added to the policies set in token_policies.
|
810
|
-
:param pulumi.Input[int] token_num_uses: The [maximum number](https://www.vaultproject.io/api-docs/token#token_num_uses)
|
811
|
-
of times a generated token may be used (within its lifetime); 0 means unlimited.
|
812
|
-
:param pulumi.Input[int] token_period: If set, indicates that the
|
813
|
-
token generated using this role should never expire. The token should be renewed within the
|
814
|
-
duration specified by this value. At each renewal, the token's TTL will be set to the
|
815
|
-
value of this field. Specified in seconds.
|
728
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
|
729
|
+
:param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
|
730
|
+
:param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
|
731
|
+
:param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
|
732
|
+
:param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
|
733
|
+
:param pulumi.Input[int] token_period: Generated Token's Period
|
816
734
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
|
817
|
-
:param pulumi.Input[int] token_ttl: The
|
818
|
-
|
819
|
-
:param pulumi.Input[str] token_type: The type of token that should be generated. Can be `service`,
|
820
|
-
`batch`, or `default` to use the mount's tuned default (which unless changed will be
|
821
|
-
`service` tokens). For token store roles, there are two additional possibilities:
|
822
|
-
`default-service` and `default-batch` which specify the type to return unless the client
|
823
|
-
requests a different type at generation time.
|
735
|
+
:param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
|
736
|
+
:param pulumi.Input[str] token_type: The type of token to generate, service or batch
|
824
737
|
"""
|
825
738
|
...
|
826
739
|
@overload
|
@@ -835,26 +748,24 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
835
748
|
|
836
749
|
## Example Usage
|
837
750
|
|
838
|
-
<!--Start PulumiCodeChooser -->
|
839
751
|
```python
|
840
752
|
import pulumi
|
841
753
|
import pulumi_vault as vault
|
842
754
|
|
843
755
|
example = vault.tokenauth.AuthBackendRole("example",
|
844
|
-
|
756
|
+
role_name="my-role",
|
845
757
|
allowed_policies=[
|
846
758
|
"dev",
|
847
759
|
"test",
|
848
760
|
],
|
849
761
|
disallowed_policies=["default"],
|
762
|
+
allowed_entity_aliases=["test_entity"],
|
850
763
|
orphan=True,
|
851
|
-
|
764
|
+
token_period=86400,
|
852
765
|
renewable=True,
|
853
|
-
role_name="my-role",
|
854
766
|
token_explicit_max_ttl=115200,
|
855
|
-
|
767
|
+
path_suffix="path-suffix")
|
856
768
|
```
|
857
|
-
<!--End PulumiCodeChooser -->
|
858
769
|
|
859
770
|
## Import
|
860
771
|
|
@@ -971,39 +882,21 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
971
882
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] disallowed_policies_globs: Set of disallowed policies with glob match for given role.
|
972
883
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
973
884
|
The value should not contain leading or trailing forward slashes.
|
974
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
885
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
975
886
|
*Available only for Vault Enterprise*.
|
976
887
|
:param pulumi.Input[bool] orphan: If true, tokens created against this policy will be orphan tokens.
|
977
888
|
:param pulumi.Input[str] path_suffix: Tokens created against this role will have the given suffix as part of their path in addition to the role name.
|
978
|
-
|
979
|
-
> Due to a bug the resource. This *will* cause all existing tokens issued by this role to be revoked.
|
980
889
|
:param pulumi.Input[bool] renewable: Whether to disable the ability of the token to be renewed past its initial TTL.
|
981
890
|
:param pulumi.Input[str] role_name: The name of the role.
|
982
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs:
|
983
|
-
|
984
|
-
|
985
|
-
:param pulumi.Input[
|
986
|
-
|
987
|
-
|
988
|
-
`token_max_ttl` would otherwise allow a renewal.
|
989
|
-
:param pulumi.Input[int] token_max_ttl: The maximum lifetime for generated tokens in number of seconds.
|
990
|
-
Its current value will be referenced at renewal time.
|
991
|
-
:param pulumi.Input[bool] token_no_default_policy: If set, the default policy will not be set on
|
992
|
-
generated tokens; otherwise it will be added to the policies set in token_policies.
|
993
|
-
:param pulumi.Input[int] token_num_uses: The [maximum number](https://www.vaultproject.io/api-docs/token#token_num_uses)
|
994
|
-
of times a generated token may be used (within its lifetime); 0 means unlimited.
|
995
|
-
:param pulumi.Input[int] token_period: If set, indicates that the
|
996
|
-
token generated using this role should never expire. The token should be renewed within the
|
997
|
-
duration specified by this value. At each renewal, the token's TTL will be set to the
|
998
|
-
value of this field. Specified in seconds.
|
891
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
|
892
|
+
:param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
|
893
|
+
:param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
|
894
|
+
:param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
|
895
|
+
:param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
|
896
|
+
:param pulumi.Input[int] token_period: Generated Token's Period
|
999
897
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
|
1000
|
-
:param pulumi.Input[int] token_ttl: The
|
1001
|
-
|
1002
|
-
:param pulumi.Input[str] token_type: The type of token that should be generated. Can be `service`,
|
1003
|
-
`batch`, or `default` to use the mount's tuned default (which unless changed will be
|
1004
|
-
`service` tokens). For token store roles, there are two additional possibilities:
|
1005
|
-
`default-service` and `default-batch` which specify the type to return unless the client
|
1006
|
-
requests a different type at generation time.
|
898
|
+
:param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
|
899
|
+
:param pulumi.Input[str] token_type: The type of token to generate, service or batch
|
1007
900
|
"""
|
1008
901
|
opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
|
1009
902
|
|
@@ -1076,7 +969,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1076
969
|
"""
|
1077
970
|
The namespace to provision the resource in.
|
1078
971
|
The value should not contain leading or trailing forward slashes.
|
1079
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
972
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
1080
973
|
*Available only for Vault Enterprise*.
|
1081
974
|
"""
|
1082
975
|
return pulumi.get(self, "namespace")
|
@@ -1094,8 +987,6 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1094
987
|
def path_suffix(self) -> pulumi.Output[Optional[str]]:
|
1095
988
|
"""
|
1096
989
|
Tokens created against this role will have the given suffix as part of their path in addition to the role name.
|
1097
|
-
|
1098
|
-
> Due to a bug the resource. This *will* cause all existing tokens issued by this role to be revoked.
|
1099
990
|
"""
|
1100
991
|
return pulumi.get(self, "path_suffix")
|
1101
992
|
|
@@ -1119,9 +1010,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1119
1010
|
@pulumi.getter(name="tokenBoundCidrs")
|
1120
1011
|
def token_bound_cidrs(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
1121
1012
|
"""
|
1122
|
-
|
1123
|
-
addresses which can authenticate successfully, and ties the resulting token to these blocks
|
1124
|
-
as well.
|
1013
|
+
Specifies the blocks of IP addresses which are allowed to use the generated token
|
1125
1014
|
"""
|
1126
1015
|
return pulumi.get(self, "token_bound_cidrs")
|
1127
1016
|
|
@@ -1129,10 +1018,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1129
1018
|
@pulumi.getter(name="tokenExplicitMaxTtl")
|
1130
1019
|
def token_explicit_max_ttl(self) -> pulumi.Output[Optional[int]]:
|
1131
1020
|
"""
|
1132
|
-
|
1133
|
-
[explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
|
1134
|
-
onto the token in number of seconds. This is a hard cap even if `token_ttl` and
|
1135
|
-
`token_max_ttl` would otherwise allow a renewal.
|
1021
|
+
Generated Token's Explicit Maximum TTL in seconds
|
1136
1022
|
"""
|
1137
1023
|
return pulumi.get(self, "token_explicit_max_ttl")
|
1138
1024
|
|
@@ -1140,8 +1026,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1140
1026
|
@pulumi.getter(name="tokenMaxTtl")
|
1141
1027
|
def token_max_ttl(self) -> pulumi.Output[Optional[int]]:
|
1142
1028
|
"""
|
1143
|
-
The maximum lifetime
|
1144
|
-
Its current value will be referenced at renewal time.
|
1029
|
+
The maximum lifetime of the generated token
|
1145
1030
|
"""
|
1146
1031
|
return pulumi.get(self, "token_max_ttl")
|
1147
1032
|
|
@@ -1149,8 +1034,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1149
1034
|
@pulumi.getter(name="tokenNoDefaultPolicy")
|
1150
1035
|
def token_no_default_policy(self) -> pulumi.Output[Optional[bool]]:
|
1151
1036
|
"""
|
1152
|
-
If
|
1153
|
-
generated tokens; otherwise it will be added to the policies set in token_policies.
|
1037
|
+
If true, the 'default' policy will not automatically be added to generated tokens
|
1154
1038
|
"""
|
1155
1039
|
return pulumi.get(self, "token_no_default_policy")
|
1156
1040
|
|
@@ -1158,8 +1042,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1158
1042
|
@pulumi.getter(name="tokenNumUses")
|
1159
1043
|
def token_num_uses(self) -> pulumi.Output[Optional[int]]:
|
1160
1044
|
"""
|
1161
|
-
The
|
1162
|
-
of times a generated token may be used (within its lifetime); 0 means unlimited.
|
1045
|
+
The maximum number of times a token may be used, a value of zero means unlimited
|
1163
1046
|
"""
|
1164
1047
|
return pulumi.get(self, "token_num_uses")
|
1165
1048
|
|
@@ -1167,10 +1050,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1167
1050
|
@pulumi.getter(name="tokenPeriod")
|
1168
1051
|
def token_period(self) -> pulumi.Output[Optional[int]]:
|
1169
1052
|
"""
|
1170
|
-
|
1171
|
-
token generated using this role should never expire. The token should be renewed within the
|
1172
|
-
duration specified by this value. At each renewal, the token's TTL will be set to the
|
1173
|
-
value of this field. Specified in seconds.
|
1053
|
+
Generated Token's Period
|
1174
1054
|
"""
|
1175
1055
|
return pulumi.get(self, "token_period")
|
1176
1056
|
|
@@ -1186,8 +1066,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1186
1066
|
@pulumi.getter(name="tokenTtl")
|
1187
1067
|
def token_ttl(self) -> pulumi.Output[Optional[int]]:
|
1188
1068
|
"""
|
1189
|
-
The
|
1190
|
-
Its current value will be referenced at renewal time.
|
1069
|
+
The initial ttl of the token to generate in seconds
|
1191
1070
|
"""
|
1192
1071
|
return pulumi.get(self, "token_ttl")
|
1193
1072
|
|
@@ -1195,11 +1074,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1195
1074
|
@pulumi.getter(name="tokenType")
|
1196
1075
|
def token_type(self) -> pulumi.Output[Optional[str]]:
|
1197
1076
|
"""
|
1198
|
-
The type of token
|
1199
|
-
`batch`, or `default` to use the mount's tuned default (which unless changed will be
|
1200
|
-
`service` tokens). For token store roles, there are two additional possibilities:
|
1201
|
-
`default-service` and `default-batch` which specify the type to return unless the client
|
1202
|
-
requests a different type at generation time.
|
1077
|
+
The type of token to generate, service or batch
|
1203
1078
|
"""
|
1204
1079
|
return pulumi.get(self, "token_type")
|
1205
1080
|
|