pulumi-vault 5.21.0a1710160723__py3-none-any.whl → 6.5.0a1736850018__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +52 -0
- pulumi_vault/_inputs.py +560 -0
- pulumi_vault/_utilities.py +41 -5
- pulumi_vault/ad/get_access_credentials.py +22 -7
- pulumi_vault/ad/secret_backend.py +14 -144
- pulumi_vault/ad/secret_library.py +14 -11
- pulumi_vault/ad/secret_role.py +12 -11
- pulumi_vault/alicloud/auth_backend_role.py +74 -192
- pulumi_vault/approle/auth_backend_login.py +12 -11
- pulumi_vault/approle/auth_backend_role.py +75 -193
- pulumi_vault/approle/auth_backend_role_secret_id.py +106 -11
- pulumi_vault/approle/get_auth_backend_role_id.py +18 -9
- pulumi_vault/audit.py +24 -27
- pulumi_vault/audit_request_header.py +11 -6
- pulumi_vault/auth_backend.py +64 -12
- pulumi_vault/aws/auth_backend_cert.py +12 -7
- pulumi_vault/aws/auth_backend_client.py +265 -24
- pulumi_vault/aws/auth_backend_config_identity.py +12 -11
- pulumi_vault/aws/auth_backend_identity_whitelist.py +18 -17
- pulumi_vault/aws/auth_backend_login.py +19 -22
- pulumi_vault/aws/auth_backend_role.py +75 -193
- pulumi_vault/aws/auth_backend_role_tag.py +12 -7
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -17
- pulumi_vault/aws/auth_backend_sts_role.py +12 -11
- pulumi_vault/aws/get_access_credentials.py +34 -7
- pulumi_vault/aws/get_static_access_credentials.py +19 -5
- pulumi_vault/aws/secret_backend.py +75 -7
- pulumi_vault/aws/secret_backend_role.py +183 -11
- pulumi_vault/aws/secret_backend_static_role.py +14 -11
- pulumi_vault/azure/_inputs.py +24 -0
- pulumi_vault/azure/auth_backend_config.py +151 -17
- pulumi_vault/azure/auth_backend_role.py +75 -193
- pulumi_vault/azure/backend.py +223 -29
- pulumi_vault/azure/backend_role.py +42 -41
- pulumi_vault/azure/get_access_credentials.py +39 -11
- pulumi_vault/azure/outputs.py +5 -0
- pulumi_vault/cert_auth_backend_role.py +87 -271
- pulumi_vault/config/__init__.pyi +5 -0
- pulumi_vault/config/_inputs.py +73 -0
- pulumi_vault/config/outputs.py +35 -0
- pulumi_vault/config/ui_custom_message.py +529 -0
- pulumi_vault/config/vars.py +5 -0
- pulumi_vault/consul/secret_backend.py +22 -25
- pulumi_vault/consul/secret_backend_role.py +14 -80
- pulumi_vault/database/_inputs.py +2770 -881
- pulumi_vault/database/outputs.py +721 -838
- pulumi_vault/database/secret_backend_connection.py +117 -114
- pulumi_vault/database/secret_backend_role.py +29 -24
- pulumi_vault/database/secret_backend_static_role.py +85 -15
- pulumi_vault/database/secrets_mount.py +425 -138
- pulumi_vault/egp_policy.py +16 -15
- pulumi_vault/gcp/_inputs.py +111 -0
- pulumi_vault/gcp/auth_backend.py +248 -35
- pulumi_vault/gcp/auth_backend_role.py +75 -271
- pulumi_vault/gcp/get_auth_backend_role.py +43 -9
- pulumi_vault/gcp/outputs.py +5 -0
- pulumi_vault/gcp/secret_backend.py +287 -16
- pulumi_vault/gcp/secret_impersonated_account.py +74 -17
- pulumi_vault/gcp/secret_roleset.py +29 -26
- pulumi_vault/gcp/secret_static_account.py +37 -34
- pulumi_vault/generic/endpoint.py +22 -21
- pulumi_vault/generic/get_secret.py +68 -12
- pulumi_vault/generic/secret.py +19 -14
- pulumi_vault/get_auth_backend.py +24 -11
- pulumi_vault/get_auth_backends.py +33 -11
- pulumi_vault/get_namespace.py +226 -0
- pulumi_vault/get_namespaces.py +153 -0
- pulumi_vault/get_nomad_access_token.py +31 -15
- pulumi_vault/get_policy_document.py +34 -23
- pulumi_vault/get_raft_autopilot_state.py +29 -14
- pulumi_vault/github/_inputs.py +55 -0
- pulumi_vault/github/auth_backend.py +17 -16
- pulumi_vault/github/outputs.py +5 -0
- pulumi_vault/github/team.py +14 -13
- pulumi_vault/github/user.py +14 -13
- pulumi_vault/identity/entity.py +18 -15
- pulumi_vault/identity/entity_alias.py +18 -15
- pulumi_vault/identity/entity_policies.py +24 -19
- pulumi_vault/identity/get_entity.py +40 -14
- pulumi_vault/identity/get_group.py +45 -13
- pulumi_vault/identity/get_oidc_client_creds.py +21 -11
- pulumi_vault/identity/get_oidc_openid_config.py +39 -13
- pulumi_vault/identity/get_oidc_public_keys.py +29 -14
- pulumi_vault/identity/group.py +50 -49
- pulumi_vault/identity/group_alias.py +14 -11
- pulumi_vault/identity/group_member_entity_ids.py +24 -74
- pulumi_vault/identity/group_member_group_ids.py +36 -27
- pulumi_vault/identity/group_policies.py +16 -15
- pulumi_vault/identity/mfa_duo.py +9 -8
- pulumi_vault/identity/mfa_login_enforcement.py +13 -8
- pulumi_vault/identity/mfa_okta.py +9 -8
- pulumi_vault/identity/mfa_pingid.py +5 -4
- pulumi_vault/identity/mfa_totp.py +5 -4
- pulumi_vault/identity/oidc.py +12 -11
- pulumi_vault/identity/oidc_assignment.py +22 -13
- pulumi_vault/identity/oidc_client.py +34 -25
- pulumi_vault/identity/oidc_key.py +28 -19
- pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -19
- pulumi_vault/identity/oidc_provider.py +34 -23
- pulumi_vault/identity/oidc_role.py +40 -27
- pulumi_vault/identity/oidc_scope.py +18 -15
- pulumi_vault/identity/outputs.py +8 -3
- pulumi_vault/jwt/_inputs.py +55 -0
- pulumi_vault/jwt/auth_backend.py +39 -46
- pulumi_vault/jwt/auth_backend_role.py +131 -260
- pulumi_vault/jwt/outputs.py +5 -0
- pulumi_vault/kmip/secret_backend.py +22 -21
- pulumi_vault/kmip/secret_role.py +12 -11
- pulumi_vault/kmip/secret_scope.py +12 -11
- pulumi_vault/kubernetes/auth_backend_config.py +55 -7
- pulumi_vault/kubernetes/auth_backend_role.py +68 -179
- pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
- pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
- pulumi_vault/kubernetes/get_service_account_token.py +39 -15
- pulumi_vault/kubernetes/secret_backend.py +314 -29
- pulumi_vault/kubernetes/secret_backend_role.py +135 -56
- pulumi_vault/kv/_inputs.py +36 -4
- pulumi_vault/kv/get_secret.py +23 -12
- pulumi_vault/kv/get_secret_subkeys_v2.py +31 -14
- pulumi_vault/kv/get_secret_v2.py +89 -9
- pulumi_vault/kv/get_secrets_list.py +22 -15
- pulumi_vault/kv/get_secrets_list_v2.py +35 -19
- pulumi_vault/kv/outputs.py +8 -3
- pulumi_vault/kv/secret.py +19 -18
- pulumi_vault/kv/secret_backend_v2.py +12 -11
- pulumi_vault/kv/secret_v2.py +55 -52
- pulumi_vault/ldap/auth_backend.py +125 -168
- pulumi_vault/ldap/auth_backend_group.py +12 -11
- pulumi_vault/ldap/auth_backend_user.py +12 -11
- pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
- pulumi_vault/ldap/get_static_credentials.py +24 -5
- pulumi_vault/ldap/secret_backend.py +352 -84
- pulumi_vault/ldap/secret_backend_dynamic_role.py +12 -11
- pulumi_vault/ldap/secret_backend_library_set.py +14 -11
- pulumi_vault/ldap/secret_backend_static_role.py +67 -12
- pulumi_vault/managed/_inputs.py +289 -132
- pulumi_vault/managed/keys.py +27 -43
- pulumi_vault/managed/outputs.py +89 -132
- pulumi_vault/mfa_duo.py +16 -13
- pulumi_vault/mfa_okta.py +16 -13
- pulumi_vault/mfa_pingid.py +16 -13
- pulumi_vault/mfa_totp.py +22 -19
- pulumi_vault/mongodbatlas/secret_backend.py +18 -17
- pulumi_vault/mongodbatlas/secret_role.py +41 -38
- pulumi_vault/mount.py +389 -65
- pulumi_vault/namespace.py +26 -21
- pulumi_vault/nomad_secret_backend.py +16 -15
- pulumi_vault/nomad_secret_role.py +12 -11
- pulumi_vault/okta/_inputs.py +47 -8
- pulumi_vault/okta/auth_backend.py +483 -41
- pulumi_vault/okta/auth_backend_group.py +12 -11
- pulumi_vault/okta/auth_backend_user.py +12 -11
- pulumi_vault/okta/outputs.py +13 -8
- pulumi_vault/outputs.py +5 -0
- pulumi_vault/password_policy.py +18 -15
- pulumi_vault/pkisecret/__init__.py +3 -0
- pulumi_vault/pkisecret/_inputs.py +81 -0
- pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
- pulumi_vault/pkisecret/backend_config_est.py +619 -0
- pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
- pulumi_vault/pkisecret/get_backend_issuer.py +63 -7
- pulumi_vault/pkisecret/get_backend_issuers.py +21 -12
- pulumi_vault/pkisecret/get_backend_key.py +24 -13
- pulumi_vault/pkisecret/get_backend_keys.py +21 -12
- pulumi_vault/pkisecret/outputs.py +69 -0
- pulumi_vault/pkisecret/secret_backend_cert.py +18 -15
- pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -15
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +12 -11
- pulumi_vault/pkisecret/secret_backend_config_urls.py +59 -11
- pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -13
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -15
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -21
- pulumi_vault/pkisecret/secret_backend_issuer.py +12 -11
- pulumi_vault/pkisecret/secret_backend_key.py +12 -7
- pulumi_vault/pkisecret/secret_backend_role.py +19 -16
- pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -52
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -62
- pulumi_vault/pkisecret/secret_backend_sign.py +18 -60
- pulumi_vault/plugin.py +595 -0
- pulumi_vault/plugin_pinned_version.py +298 -0
- pulumi_vault/policy.py +12 -7
- pulumi_vault/provider.py +48 -53
- pulumi_vault/pulumi-plugin.json +2 -1
- pulumi_vault/quota_lease_count.py +58 -8
- pulumi_vault/quota_rate_limit.py +54 -4
- pulumi_vault/rabbitmq/_inputs.py +61 -0
- pulumi_vault/rabbitmq/outputs.py +5 -0
- pulumi_vault/rabbitmq/secret_backend.py +16 -15
- pulumi_vault/rabbitmq/secret_backend_role.py +52 -49
- pulumi_vault/raft_autopilot.py +12 -11
- pulumi_vault/raft_snapshot_agent_config.py +121 -311
- pulumi_vault/rgp_policy.py +14 -13
- pulumi_vault/saml/auth_backend.py +20 -19
- pulumi_vault/saml/auth_backend_role.py +90 -199
- pulumi_vault/secrets/__init__.py +3 -0
- pulumi_vault/secrets/_inputs.py +110 -0
- pulumi_vault/secrets/outputs.py +94 -0
- pulumi_vault/secrets/sync_association.py +56 -75
- pulumi_vault/secrets/sync_aws_destination.py +240 -29
- pulumi_vault/secrets/sync_azure_destination.py +90 -33
- pulumi_vault/secrets/sync_config.py +7 -6
- pulumi_vault/secrets/sync_gcp_destination.py +156 -27
- pulumi_vault/secrets/sync_gh_destination.py +187 -15
- pulumi_vault/secrets/sync_github_apps.py +375 -0
- pulumi_vault/secrets/sync_vercel_destination.py +72 -15
- pulumi_vault/ssh/_inputs.py +28 -32
- pulumi_vault/ssh/outputs.py +11 -32
- pulumi_vault/ssh/secret_backend_ca.py +106 -11
- pulumi_vault/ssh/secret_backend_role.py +83 -120
- pulumi_vault/terraformcloud/secret_backend.py +5 -56
- pulumi_vault/terraformcloud/secret_creds.py +14 -24
- pulumi_vault/terraformcloud/secret_role.py +14 -76
- pulumi_vault/token.py +26 -25
- pulumi_vault/tokenauth/auth_backend_role.py +76 -201
- pulumi_vault/transform/alphabet.py +16 -13
- pulumi_vault/transform/get_decode.py +45 -21
- pulumi_vault/transform/get_encode.py +45 -21
- pulumi_vault/transform/role.py +16 -13
- pulumi_vault/transform/template.py +30 -25
- pulumi_vault/transform/transformation.py +12 -7
- pulumi_vault/transit/get_decrypt.py +26 -25
- pulumi_vault/transit/get_encrypt.py +24 -19
- pulumi_vault/transit/secret_backend_key.py +25 -97
- pulumi_vault/transit/secret_cache_config.py +12 -11
- {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736850018.dist-info}/METADATA +8 -7
- pulumi_vault-6.5.0a1736850018.dist-info/RECORD +256 -0
- {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736850018.dist-info}/WHEEL +1 -1
- pulumi_vault-5.21.0a1710160723.dist-info/RECORD +0 -244
- {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736850018.dist-info}/top_level.txt +0 -0
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
|
12
17
|
__all__ = ['AuthBackendClientArgs', 'AuthBackendClient']
|
@@ -19,7 +24,11 @@ class AuthBackendClientArgs:
|
|
19
24
|
ec2_endpoint: Optional[pulumi.Input[str]] = None,
|
20
25
|
iam_endpoint: Optional[pulumi.Input[str]] = None,
|
21
26
|
iam_server_id_header_value: Optional[pulumi.Input[str]] = None,
|
27
|
+
identity_token_audience: Optional[pulumi.Input[str]] = None,
|
28
|
+
identity_token_ttl: Optional[pulumi.Input[int]] = None,
|
29
|
+
max_retries: Optional[pulumi.Input[int]] = None,
|
22
30
|
namespace: Optional[pulumi.Input[str]] = None,
|
31
|
+
role_arn: Optional[pulumi.Input[str]] = None,
|
23
32
|
secret_key: Optional[pulumi.Input[str]] = None,
|
24
33
|
sts_endpoint: Optional[pulumi.Input[str]] = None,
|
25
34
|
sts_region: Optional[pulumi.Input[str]] = None,
|
@@ -27,7 +36,7 @@ class AuthBackendClientArgs:
|
|
27
36
|
"""
|
28
37
|
The set of arguments for constructing a AuthBackendClient resource.
|
29
38
|
:param pulumi.Input[str] access_key: The AWS access key that Vault should use for the
|
30
|
-
auth backend.
|
39
|
+
auth backend. Mutually exclusive with `identity_token_audience`.
|
31
40
|
:param pulumi.Input[str] backend: The path the AWS auth backend being configured was
|
32
41
|
mounted at. Defaults to `aws`.
|
33
42
|
:param pulumi.Input[str] ec2_endpoint: Override the URL Vault uses when making EC2 API
|
@@ -37,10 +46,18 @@ class AuthBackendClientArgs:
|
|
37
46
|
:param pulumi.Input[str] iam_server_id_header_value: The value to require in the
|
38
47
|
`X-Vault-AWS-IAM-Server-ID` header as part of `GetCallerIdentity` requests
|
39
48
|
that are used in the IAM auth method.
|
49
|
+
:param pulumi.Input[str] identity_token_audience: The audience claim value. Mutually exclusive with `access_key`.
|
50
|
+
Requires Vault 1.17+. *Available only for Vault Enterprise*
|
51
|
+
:param pulumi.Input[int] identity_token_ttl: The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
|
52
|
+
*Available only for Vault Enterprise*
|
53
|
+
:param pulumi.Input[int] max_retries: Number of max retries the client should use for recoverable errors.
|
54
|
+
The default `-1` falls back to the AWS SDK's default behavior.
|
40
55
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
41
56
|
The value should not contain leading or trailing forward slashes.
|
42
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
57
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
43
58
|
*Available only for Vault Enterprise*.
|
59
|
+
:param pulumi.Input[str] role_arn: Role ARN to assume for plugin identity token federation. Requires Vault 1.17+.
|
60
|
+
*Available only for Vault Enterprise*
|
44
61
|
:param pulumi.Input[str] secret_key: The AWS secret key that Vault should use for the
|
45
62
|
auth backend.
|
46
63
|
:param pulumi.Input[str] sts_endpoint: Override the URL Vault uses when making STS API
|
@@ -63,8 +80,16 @@ class AuthBackendClientArgs:
|
|
63
80
|
pulumi.set(__self__, "iam_endpoint", iam_endpoint)
|
64
81
|
if iam_server_id_header_value is not None:
|
65
82
|
pulumi.set(__self__, "iam_server_id_header_value", iam_server_id_header_value)
|
83
|
+
if identity_token_audience is not None:
|
84
|
+
pulumi.set(__self__, "identity_token_audience", identity_token_audience)
|
85
|
+
if identity_token_ttl is not None:
|
86
|
+
pulumi.set(__self__, "identity_token_ttl", identity_token_ttl)
|
87
|
+
if max_retries is not None:
|
88
|
+
pulumi.set(__self__, "max_retries", max_retries)
|
66
89
|
if namespace is not None:
|
67
90
|
pulumi.set(__self__, "namespace", namespace)
|
91
|
+
if role_arn is not None:
|
92
|
+
pulumi.set(__self__, "role_arn", role_arn)
|
68
93
|
if secret_key is not None:
|
69
94
|
pulumi.set(__self__, "secret_key", secret_key)
|
70
95
|
if sts_endpoint is not None:
|
@@ -79,7 +104,7 @@ class AuthBackendClientArgs:
|
|
79
104
|
def access_key(self) -> Optional[pulumi.Input[str]]:
|
80
105
|
"""
|
81
106
|
The AWS access key that Vault should use for the
|
82
|
-
auth backend.
|
107
|
+
auth backend. Mutually exclusive with `identity_token_audience`.
|
83
108
|
"""
|
84
109
|
return pulumi.get(self, "access_key")
|
85
110
|
|
@@ -140,13 +165,52 @@ class AuthBackendClientArgs:
|
|
140
165
|
def iam_server_id_header_value(self, value: Optional[pulumi.Input[str]]):
|
141
166
|
pulumi.set(self, "iam_server_id_header_value", value)
|
142
167
|
|
168
|
+
@property
|
169
|
+
@pulumi.getter(name="identityTokenAudience")
|
170
|
+
def identity_token_audience(self) -> Optional[pulumi.Input[str]]:
|
171
|
+
"""
|
172
|
+
The audience claim value. Mutually exclusive with `access_key`.
|
173
|
+
Requires Vault 1.17+. *Available only for Vault Enterprise*
|
174
|
+
"""
|
175
|
+
return pulumi.get(self, "identity_token_audience")
|
176
|
+
|
177
|
+
@identity_token_audience.setter
|
178
|
+
def identity_token_audience(self, value: Optional[pulumi.Input[str]]):
|
179
|
+
pulumi.set(self, "identity_token_audience", value)
|
180
|
+
|
181
|
+
@property
|
182
|
+
@pulumi.getter(name="identityTokenTtl")
|
183
|
+
def identity_token_ttl(self) -> Optional[pulumi.Input[int]]:
|
184
|
+
"""
|
185
|
+
The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
|
186
|
+
*Available only for Vault Enterprise*
|
187
|
+
"""
|
188
|
+
return pulumi.get(self, "identity_token_ttl")
|
189
|
+
|
190
|
+
@identity_token_ttl.setter
|
191
|
+
def identity_token_ttl(self, value: Optional[pulumi.Input[int]]):
|
192
|
+
pulumi.set(self, "identity_token_ttl", value)
|
193
|
+
|
194
|
+
@property
|
195
|
+
@pulumi.getter(name="maxRetries")
|
196
|
+
def max_retries(self) -> Optional[pulumi.Input[int]]:
|
197
|
+
"""
|
198
|
+
Number of max retries the client should use for recoverable errors.
|
199
|
+
The default `-1` falls back to the AWS SDK's default behavior.
|
200
|
+
"""
|
201
|
+
return pulumi.get(self, "max_retries")
|
202
|
+
|
203
|
+
@max_retries.setter
|
204
|
+
def max_retries(self, value: Optional[pulumi.Input[int]]):
|
205
|
+
pulumi.set(self, "max_retries", value)
|
206
|
+
|
143
207
|
@property
|
144
208
|
@pulumi.getter
|
145
209
|
def namespace(self) -> Optional[pulumi.Input[str]]:
|
146
210
|
"""
|
147
211
|
The namespace to provision the resource in.
|
148
212
|
The value should not contain leading or trailing forward slashes.
|
149
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
213
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
150
214
|
*Available only for Vault Enterprise*.
|
151
215
|
"""
|
152
216
|
return pulumi.get(self, "namespace")
|
@@ -155,6 +219,19 @@ class AuthBackendClientArgs:
|
|
155
219
|
def namespace(self, value: Optional[pulumi.Input[str]]):
|
156
220
|
pulumi.set(self, "namespace", value)
|
157
221
|
|
222
|
+
@property
|
223
|
+
@pulumi.getter(name="roleArn")
|
224
|
+
def role_arn(self) -> Optional[pulumi.Input[str]]:
|
225
|
+
"""
|
226
|
+
Role ARN to assume for plugin identity token federation. Requires Vault 1.17+.
|
227
|
+
*Available only for Vault Enterprise*
|
228
|
+
"""
|
229
|
+
return pulumi.get(self, "role_arn")
|
230
|
+
|
231
|
+
@role_arn.setter
|
232
|
+
def role_arn(self, value: Optional[pulumi.Input[str]]):
|
233
|
+
pulumi.set(self, "role_arn", value)
|
234
|
+
|
158
235
|
@property
|
159
236
|
@pulumi.getter(name="secretKey")
|
160
237
|
def secret_key(self) -> Optional[pulumi.Input[str]]:
|
@@ -219,7 +296,11 @@ class _AuthBackendClientState:
|
|
219
296
|
ec2_endpoint: Optional[pulumi.Input[str]] = None,
|
220
297
|
iam_endpoint: Optional[pulumi.Input[str]] = None,
|
221
298
|
iam_server_id_header_value: Optional[pulumi.Input[str]] = None,
|
299
|
+
identity_token_audience: Optional[pulumi.Input[str]] = None,
|
300
|
+
identity_token_ttl: Optional[pulumi.Input[int]] = None,
|
301
|
+
max_retries: Optional[pulumi.Input[int]] = None,
|
222
302
|
namespace: Optional[pulumi.Input[str]] = None,
|
303
|
+
role_arn: Optional[pulumi.Input[str]] = None,
|
223
304
|
secret_key: Optional[pulumi.Input[str]] = None,
|
224
305
|
sts_endpoint: Optional[pulumi.Input[str]] = None,
|
225
306
|
sts_region: Optional[pulumi.Input[str]] = None,
|
@@ -227,7 +308,7 @@ class _AuthBackendClientState:
|
|
227
308
|
"""
|
228
309
|
Input properties used for looking up and filtering AuthBackendClient resources.
|
229
310
|
:param pulumi.Input[str] access_key: The AWS access key that Vault should use for the
|
230
|
-
auth backend.
|
311
|
+
auth backend. Mutually exclusive with `identity_token_audience`.
|
231
312
|
:param pulumi.Input[str] backend: The path the AWS auth backend being configured was
|
232
313
|
mounted at. Defaults to `aws`.
|
233
314
|
:param pulumi.Input[str] ec2_endpoint: Override the URL Vault uses when making EC2 API
|
@@ -237,10 +318,18 @@ class _AuthBackendClientState:
|
|
237
318
|
:param pulumi.Input[str] iam_server_id_header_value: The value to require in the
|
238
319
|
`X-Vault-AWS-IAM-Server-ID` header as part of `GetCallerIdentity` requests
|
239
320
|
that are used in the IAM auth method.
|
321
|
+
:param pulumi.Input[str] identity_token_audience: The audience claim value. Mutually exclusive with `access_key`.
|
322
|
+
Requires Vault 1.17+. *Available only for Vault Enterprise*
|
323
|
+
:param pulumi.Input[int] identity_token_ttl: The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
|
324
|
+
*Available only for Vault Enterprise*
|
325
|
+
:param pulumi.Input[int] max_retries: Number of max retries the client should use for recoverable errors.
|
326
|
+
The default `-1` falls back to the AWS SDK's default behavior.
|
240
327
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
241
328
|
The value should not contain leading or trailing forward slashes.
|
242
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
329
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
243
330
|
*Available only for Vault Enterprise*.
|
331
|
+
:param pulumi.Input[str] role_arn: Role ARN to assume for plugin identity token federation. Requires Vault 1.17+.
|
332
|
+
*Available only for Vault Enterprise*
|
244
333
|
:param pulumi.Input[str] secret_key: The AWS secret key that Vault should use for the
|
245
334
|
auth backend.
|
246
335
|
:param pulumi.Input[str] sts_endpoint: Override the URL Vault uses when making STS API
|
@@ -263,8 +352,16 @@ class _AuthBackendClientState:
|
|
263
352
|
pulumi.set(__self__, "iam_endpoint", iam_endpoint)
|
264
353
|
if iam_server_id_header_value is not None:
|
265
354
|
pulumi.set(__self__, "iam_server_id_header_value", iam_server_id_header_value)
|
355
|
+
if identity_token_audience is not None:
|
356
|
+
pulumi.set(__self__, "identity_token_audience", identity_token_audience)
|
357
|
+
if identity_token_ttl is not None:
|
358
|
+
pulumi.set(__self__, "identity_token_ttl", identity_token_ttl)
|
359
|
+
if max_retries is not None:
|
360
|
+
pulumi.set(__self__, "max_retries", max_retries)
|
266
361
|
if namespace is not None:
|
267
362
|
pulumi.set(__self__, "namespace", namespace)
|
363
|
+
if role_arn is not None:
|
364
|
+
pulumi.set(__self__, "role_arn", role_arn)
|
268
365
|
if secret_key is not None:
|
269
366
|
pulumi.set(__self__, "secret_key", secret_key)
|
270
367
|
if sts_endpoint is not None:
|
@@ -279,7 +376,7 @@ class _AuthBackendClientState:
|
|
279
376
|
def access_key(self) -> Optional[pulumi.Input[str]]:
|
280
377
|
"""
|
281
378
|
The AWS access key that Vault should use for the
|
282
|
-
auth backend.
|
379
|
+
auth backend. Mutually exclusive with `identity_token_audience`.
|
283
380
|
"""
|
284
381
|
return pulumi.get(self, "access_key")
|
285
382
|
|
@@ -340,13 +437,52 @@ class _AuthBackendClientState:
|
|
340
437
|
def iam_server_id_header_value(self, value: Optional[pulumi.Input[str]]):
|
341
438
|
pulumi.set(self, "iam_server_id_header_value", value)
|
342
439
|
|
440
|
+
@property
|
441
|
+
@pulumi.getter(name="identityTokenAudience")
|
442
|
+
def identity_token_audience(self) -> Optional[pulumi.Input[str]]:
|
443
|
+
"""
|
444
|
+
The audience claim value. Mutually exclusive with `access_key`.
|
445
|
+
Requires Vault 1.17+. *Available only for Vault Enterprise*
|
446
|
+
"""
|
447
|
+
return pulumi.get(self, "identity_token_audience")
|
448
|
+
|
449
|
+
@identity_token_audience.setter
|
450
|
+
def identity_token_audience(self, value: Optional[pulumi.Input[str]]):
|
451
|
+
pulumi.set(self, "identity_token_audience", value)
|
452
|
+
|
453
|
+
@property
|
454
|
+
@pulumi.getter(name="identityTokenTtl")
|
455
|
+
def identity_token_ttl(self) -> Optional[pulumi.Input[int]]:
|
456
|
+
"""
|
457
|
+
The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
|
458
|
+
*Available only for Vault Enterprise*
|
459
|
+
"""
|
460
|
+
return pulumi.get(self, "identity_token_ttl")
|
461
|
+
|
462
|
+
@identity_token_ttl.setter
|
463
|
+
def identity_token_ttl(self, value: Optional[pulumi.Input[int]]):
|
464
|
+
pulumi.set(self, "identity_token_ttl", value)
|
465
|
+
|
466
|
+
@property
|
467
|
+
@pulumi.getter(name="maxRetries")
|
468
|
+
def max_retries(self) -> Optional[pulumi.Input[int]]:
|
469
|
+
"""
|
470
|
+
Number of max retries the client should use for recoverable errors.
|
471
|
+
The default `-1` falls back to the AWS SDK's default behavior.
|
472
|
+
"""
|
473
|
+
return pulumi.get(self, "max_retries")
|
474
|
+
|
475
|
+
@max_retries.setter
|
476
|
+
def max_retries(self, value: Optional[pulumi.Input[int]]):
|
477
|
+
pulumi.set(self, "max_retries", value)
|
478
|
+
|
343
479
|
@property
|
344
480
|
@pulumi.getter
|
345
481
|
def namespace(self) -> Optional[pulumi.Input[str]]:
|
346
482
|
"""
|
347
483
|
The namespace to provision the resource in.
|
348
484
|
The value should not contain leading or trailing forward slashes.
|
349
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
485
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
350
486
|
*Available only for Vault Enterprise*.
|
351
487
|
"""
|
352
488
|
return pulumi.get(self, "namespace")
|
@@ -355,6 +491,19 @@ class _AuthBackendClientState:
|
|
355
491
|
def namespace(self, value: Optional[pulumi.Input[str]]):
|
356
492
|
pulumi.set(self, "namespace", value)
|
357
493
|
|
494
|
+
@property
|
495
|
+
@pulumi.getter(name="roleArn")
|
496
|
+
def role_arn(self) -> Optional[pulumi.Input[str]]:
|
497
|
+
"""
|
498
|
+
Role ARN to assume for plugin identity token federation. Requires Vault 1.17+.
|
499
|
+
*Available only for Vault Enterprise*
|
500
|
+
"""
|
501
|
+
return pulumi.get(self, "role_arn")
|
502
|
+
|
503
|
+
@role_arn.setter
|
504
|
+
def role_arn(self, value: Optional[pulumi.Input[str]]):
|
505
|
+
pulumi.set(self, "role_arn", value)
|
506
|
+
|
358
507
|
@property
|
359
508
|
@pulumi.getter(name="secretKey")
|
360
509
|
def secret_key(self) -> Optional[pulumi.Input[str]]:
|
@@ -421,7 +570,11 @@ class AuthBackendClient(pulumi.CustomResource):
|
|
421
570
|
ec2_endpoint: Optional[pulumi.Input[str]] = None,
|
422
571
|
iam_endpoint: Optional[pulumi.Input[str]] = None,
|
423
572
|
iam_server_id_header_value: Optional[pulumi.Input[str]] = None,
|
573
|
+
identity_token_audience: Optional[pulumi.Input[str]] = None,
|
574
|
+
identity_token_ttl: Optional[pulumi.Input[int]] = None,
|
575
|
+
max_retries: Optional[pulumi.Input[int]] = None,
|
424
576
|
namespace: Optional[pulumi.Input[str]] = None,
|
577
|
+
role_arn: Optional[pulumi.Input[str]] = None,
|
425
578
|
secret_key: Optional[pulumi.Input[str]] = None,
|
426
579
|
sts_endpoint: Optional[pulumi.Input[str]] = None,
|
427
580
|
sts_region: Optional[pulumi.Input[str]] = None,
|
@@ -430,18 +583,28 @@ class AuthBackendClient(pulumi.CustomResource):
|
|
430
583
|
"""
|
431
584
|
## Example Usage
|
432
585
|
|
433
|
-
|
586
|
+
You can setup the AWS auth engine with Workload Identity Federation (WIF) for a secret-less configuration:
|
434
587
|
```python
|
435
588
|
import pulumi
|
436
589
|
import pulumi_vault as vault
|
437
590
|
|
438
|
-
|
439
|
-
example_auth_backend_client = vault.aws.AuthBackendClient("
|
440
|
-
|
591
|
+
example = vault.AuthBackend("example", type="aws")
|
592
|
+
example_auth_backend_client = vault.aws.AuthBackendClient("example",
|
593
|
+
identity_token_audience="<TOKEN_AUDIENCE>",
|
594
|
+
identity_token_ttl="<TOKEN_TTL>",
|
595
|
+
role_arn="<AWS_ROLE_ARN>")
|
596
|
+
```
|
597
|
+
|
598
|
+
```python
|
599
|
+
import pulumi
|
600
|
+
import pulumi_vault as vault
|
601
|
+
|
602
|
+
example = vault.AuthBackend("example", type="aws")
|
603
|
+
example_auth_backend_client = vault.aws.AuthBackendClient("example",
|
604
|
+
backend=example.path,
|
441
605
|
access_key="INSERT_AWS_ACCESS_KEY",
|
442
606
|
secret_key="INSERT_AWS_SECRET_KEY")
|
443
607
|
```
|
444
|
-
<!--End PulumiCodeChooser -->
|
445
608
|
|
446
609
|
## Import
|
447
610
|
|
@@ -454,7 +617,7 @@ class AuthBackendClient(pulumi.CustomResource):
|
|
454
617
|
:param str resource_name: The name of the resource.
|
455
618
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
456
619
|
:param pulumi.Input[str] access_key: The AWS access key that Vault should use for the
|
457
|
-
auth backend.
|
620
|
+
auth backend. Mutually exclusive with `identity_token_audience`.
|
458
621
|
:param pulumi.Input[str] backend: The path the AWS auth backend being configured was
|
459
622
|
mounted at. Defaults to `aws`.
|
460
623
|
:param pulumi.Input[str] ec2_endpoint: Override the URL Vault uses when making EC2 API
|
@@ -464,10 +627,18 @@ class AuthBackendClient(pulumi.CustomResource):
|
|
464
627
|
:param pulumi.Input[str] iam_server_id_header_value: The value to require in the
|
465
628
|
`X-Vault-AWS-IAM-Server-ID` header as part of `GetCallerIdentity` requests
|
466
629
|
that are used in the IAM auth method.
|
630
|
+
:param pulumi.Input[str] identity_token_audience: The audience claim value. Mutually exclusive with `access_key`.
|
631
|
+
Requires Vault 1.17+. *Available only for Vault Enterprise*
|
632
|
+
:param pulumi.Input[int] identity_token_ttl: The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
|
633
|
+
*Available only for Vault Enterprise*
|
634
|
+
:param pulumi.Input[int] max_retries: Number of max retries the client should use for recoverable errors.
|
635
|
+
The default `-1` falls back to the AWS SDK's default behavior.
|
467
636
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
468
637
|
The value should not contain leading or trailing forward slashes.
|
469
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
638
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
470
639
|
*Available only for Vault Enterprise*.
|
640
|
+
:param pulumi.Input[str] role_arn: Role ARN to assume for plugin identity token federation. Requires Vault 1.17+.
|
641
|
+
*Available only for Vault Enterprise*
|
471
642
|
:param pulumi.Input[str] secret_key: The AWS secret key that Vault should use for the
|
472
643
|
auth backend.
|
473
644
|
:param pulumi.Input[str] sts_endpoint: Override the URL Vault uses when making STS API
|
@@ -489,18 +660,28 @@ class AuthBackendClient(pulumi.CustomResource):
|
|
489
660
|
"""
|
490
661
|
## Example Usage
|
491
662
|
|
492
|
-
|
663
|
+
You can setup the AWS auth engine with Workload Identity Federation (WIF) for a secret-less configuration:
|
664
|
+
```python
|
665
|
+
import pulumi
|
666
|
+
import pulumi_vault as vault
|
667
|
+
|
668
|
+
example = vault.AuthBackend("example", type="aws")
|
669
|
+
example_auth_backend_client = vault.aws.AuthBackendClient("example",
|
670
|
+
identity_token_audience="<TOKEN_AUDIENCE>",
|
671
|
+
identity_token_ttl="<TOKEN_TTL>",
|
672
|
+
role_arn="<AWS_ROLE_ARN>")
|
673
|
+
```
|
674
|
+
|
493
675
|
```python
|
494
676
|
import pulumi
|
495
677
|
import pulumi_vault as vault
|
496
678
|
|
497
|
-
|
498
|
-
example_auth_backend_client = vault.aws.AuthBackendClient("
|
499
|
-
backend=
|
679
|
+
example = vault.AuthBackend("example", type="aws")
|
680
|
+
example_auth_backend_client = vault.aws.AuthBackendClient("example",
|
681
|
+
backend=example.path,
|
500
682
|
access_key="INSERT_AWS_ACCESS_KEY",
|
501
683
|
secret_key="INSERT_AWS_SECRET_KEY")
|
502
684
|
```
|
503
|
-
<!--End PulumiCodeChooser -->
|
504
685
|
|
505
686
|
## Import
|
506
687
|
|
@@ -530,7 +711,11 @@ class AuthBackendClient(pulumi.CustomResource):
|
|
530
711
|
ec2_endpoint: Optional[pulumi.Input[str]] = None,
|
531
712
|
iam_endpoint: Optional[pulumi.Input[str]] = None,
|
532
713
|
iam_server_id_header_value: Optional[pulumi.Input[str]] = None,
|
714
|
+
identity_token_audience: Optional[pulumi.Input[str]] = None,
|
715
|
+
identity_token_ttl: Optional[pulumi.Input[int]] = None,
|
716
|
+
max_retries: Optional[pulumi.Input[int]] = None,
|
533
717
|
namespace: Optional[pulumi.Input[str]] = None,
|
718
|
+
role_arn: Optional[pulumi.Input[str]] = None,
|
534
719
|
secret_key: Optional[pulumi.Input[str]] = None,
|
535
720
|
sts_endpoint: Optional[pulumi.Input[str]] = None,
|
536
721
|
sts_region: Optional[pulumi.Input[str]] = None,
|
@@ -549,7 +734,11 @@ class AuthBackendClient(pulumi.CustomResource):
|
|
549
734
|
__props__.__dict__["ec2_endpoint"] = ec2_endpoint
|
550
735
|
__props__.__dict__["iam_endpoint"] = iam_endpoint
|
551
736
|
__props__.__dict__["iam_server_id_header_value"] = iam_server_id_header_value
|
737
|
+
__props__.__dict__["identity_token_audience"] = identity_token_audience
|
738
|
+
__props__.__dict__["identity_token_ttl"] = identity_token_ttl
|
739
|
+
__props__.__dict__["max_retries"] = max_retries
|
552
740
|
__props__.__dict__["namespace"] = namespace
|
741
|
+
__props__.__dict__["role_arn"] = role_arn
|
553
742
|
__props__.__dict__["secret_key"] = None if secret_key is None else pulumi.Output.secret(secret_key)
|
554
743
|
__props__.__dict__["sts_endpoint"] = sts_endpoint
|
555
744
|
__props__.__dict__["sts_region"] = sts_region
|
@@ -571,7 +760,11 @@ class AuthBackendClient(pulumi.CustomResource):
|
|
571
760
|
ec2_endpoint: Optional[pulumi.Input[str]] = None,
|
572
761
|
iam_endpoint: Optional[pulumi.Input[str]] = None,
|
573
762
|
iam_server_id_header_value: Optional[pulumi.Input[str]] = None,
|
763
|
+
identity_token_audience: Optional[pulumi.Input[str]] = None,
|
764
|
+
identity_token_ttl: Optional[pulumi.Input[int]] = None,
|
765
|
+
max_retries: Optional[pulumi.Input[int]] = None,
|
574
766
|
namespace: Optional[pulumi.Input[str]] = None,
|
767
|
+
role_arn: Optional[pulumi.Input[str]] = None,
|
575
768
|
secret_key: Optional[pulumi.Input[str]] = None,
|
576
769
|
sts_endpoint: Optional[pulumi.Input[str]] = None,
|
577
770
|
sts_region: Optional[pulumi.Input[str]] = None,
|
@@ -584,7 +777,7 @@ class AuthBackendClient(pulumi.CustomResource):
|
|
584
777
|
:param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
|
585
778
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
586
779
|
:param pulumi.Input[str] access_key: The AWS access key that Vault should use for the
|
587
|
-
auth backend.
|
780
|
+
auth backend. Mutually exclusive with `identity_token_audience`.
|
588
781
|
:param pulumi.Input[str] backend: The path the AWS auth backend being configured was
|
589
782
|
mounted at. Defaults to `aws`.
|
590
783
|
:param pulumi.Input[str] ec2_endpoint: Override the URL Vault uses when making EC2 API
|
@@ -594,10 +787,18 @@ class AuthBackendClient(pulumi.CustomResource):
|
|
594
787
|
:param pulumi.Input[str] iam_server_id_header_value: The value to require in the
|
595
788
|
`X-Vault-AWS-IAM-Server-ID` header as part of `GetCallerIdentity` requests
|
596
789
|
that are used in the IAM auth method.
|
790
|
+
:param pulumi.Input[str] identity_token_audience: The audience claim value. Mutually exclusive with `access_key`.
|
791
|
+
Requires Vault 1.17+. *Available only for Vault Enterprise*
|
792
|
+
:param pulumi.Input[int] identity_token_ttl: The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
|
793
|
+
*Available only for Vault Enterprise*
|
794
|
+
:param pulumi.Input[int] max_retries: Number of max retries the client should use for recoverable errors.
|
795
|
+
The default `-1` falls back to the AWS SDK's default behavior.
|
597
796
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
598
797
|
The value should not contain leading or trailing forward slashes.
|
599
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
798
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
600
799
|
*Available only for Vault Enterprise*.
|
800
|
+
:param pulumi.Input[str] role_arn: Role ARN to assume for plugin identity token federation. Requires Vault 1.17+.
|
801
|
+
*Available only for Vault Enterprise*
|
601
802
|
:param pulumi.Input[str] secret_key: The AWS secret key that Vault should use for the
|
602
803
|
auth backend.
|
603
804
|
:param pulumi.Input[str] sts_endpoint: Override the URL Vault uses when making STS API
|
@@ -619,7 +820,11 @@ class AuthBackendClient(pulumi.CustomResource):
|
|
619
820
|
__props__.__dict__["ec2_endpoint"] = ec2_endpoint
|
620
821
|
__props__.__dict__["iam_endpoint"] = iam_endpoint
|
621
822
|
__props__.__dict__["iam_server_id_header_value"] = iam_server_id_header_value
|
823
|
+
__props__.__dict__["identity_token_audience"] = identity_token_audience
|
824
|
+
__props__.__dict__["identity_token_ttl"] = identity_token_ttl
|
825
|
+
__props__.__dict__["max_retries"] = max_retries
|
622
826
|
__props__.__dict__["namespace"] = namespace
|
827
|
+
__props__.__dict__["role_arn"] = role_arn
|
623
828
|
__props__.__dict__["secret_key"] = secret_key
|
624
829
|
__props__.__dict__["sts_endpoint"] = sts_endpoint
|
625
830
|
__props__.__dict__["sts_region"] = sts_region
|
@@ -631,7 +836,7 @@ class AuthBackendClient(pulumi.CustomResource):
|
|
631
836
|
def access_key(self) -> pulumi.Output[Optional[str]]:
|
632
837
|
"""
|
633
838
|
The AWS access key that Vault should use for the
|
634
|
-
auth backend.
|
839
|
+
auth backend. Mutually exclusive with `identity_token_audience`.
|
635
840
|
"""
|
636
841
|
return pulumi.get(self, "access_key")
|
637
842
|
|
@@ -672,17 +877,53 @@ class AuthBackendClient(pulumi.CustomResource):
|
|
672
877
|
"""
|
673
878
|
return pulumi.get(self, "iam_server_id_header_value")
|
674
879
|
|
880
|
+
@property
|
881
|
+
@pulumi.getter(name="identityTokenAudience")
|
882
|
+
def identity_token_audience(self) -> pulumi.Output[Optional[str]]:
|
883
|
+
"""
|
884
|
+
The audience claim value. Mutually exclusive with `access_key`.
|
885
|
+
Requires Vault 1.17+. *Available only for Vault Enterprise*
|
886
|
+
"""
|
887
|
+
return pulumi.get(self, "identity_token_audience")
|
888
|
+
|
889
|
+
@property
|
890
|
+
@pulumi.getter(name="identityTokenTtl")
|
891
|
+
def identity_token_ttl(self) -> pulumi.Output[int]:
|
892
|
+
"""
|
893
|
+
The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
|
894
|
+
*Available only for Vault Enterprise*
|
895
|
+
"""
|
896
|
+
return pulumi.get(self, "identity_token_ttl")
|
897
|
+
|
898
|
+
@property
|
899
|
+
@pulumi.getter(name="maxRetries")
|
900
|
+
def max_retries(self) -> pulumi.Output[Optional[int]]:
|
901
|
+
"""
|
902
|
+
Number of max retries the client should use for recoverable errors.
|
903
|
+
The default `-1` falls back to the AWS SDK's default behavior.
|
904
|
+
"""
|
905
|
+
return pulumi.get(self, "max_retries")
|
906
|
+
|
675
907
|
@property
|
676
908
|
@pulumi.getter
|
677
909
|
def namespace(self) -> pulumi.Output[Optional[str]]:
|
678
910
|
"""
|
679
911
|
The namespace to provision the resource in.
|
680
912
|
The value should not contain leading or trailing forward slashes.
|
681
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
913
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
682
914
|
*Available only for Vault Enterprise*.
|
683
915
|
"""
|
684
916
|
return pulumi.get(self, "namespace")
|
685
917
|
|
918
|
+
@property
|
919
|
+
@pulumi.getter(name="roleArn")
|
920
|
+
def role_arn(self) -> pulumi.Output[Optional[str]]:
|
921
|
+
"""
|
922
|
+
Role ARN to assume for plugin identity token federation. Requires Vault 1.17+.
|
923
|
+
*Available only for Vault Enterprise*
|
924
|
+
"""
|
925
|
+
return pulumi.get(self, "role_arn")
|
926
|
+
|
686
927
|
@property
|
687
928
|
@pulumi.getter(name="secretKey")
|
688
929
|
def secret_key(self) -> pulumi.Output[Optional[str]]:
|
@@ -4,9 +4,14 @@
|
|
4
4
|
|
5
5
|
import copy
|
6
6
|
import warnings
|
7
|
+
import sys
|
7
8
|
import pulumi
|
8
9
|
import pulumi.runtime
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
10
15
|
from .. import _utilities
|
11
16
|
|
12
17
|
__all__ = ['AuthBackendConfigIdentityArgs', 'AuthBackendConfigIdentity']
|
@@ -33,7 +38,7 @@ class AuthBackendConfigIdentityArgs:
|
|
33
38
|
added to both audit logs, and on the `iam_alias`
|
34
39
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
35
40
|
The value should not contain leading or trailing forward slashes.
|
36
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
41
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
37
42
|
*Available only for Vault Enterprise*.
|
38
43
|
"""
|
39
44
|
if backend is not None:
|
@@ -119,7 +124,7 @@ class AuthBackendConfigIdentityArgs:
|
|
119
124
|
"""
|
120
125
|
The namespace to provision the resource in.
|
121
126
|
The value should not contain leading or trailing forward slashes.
|
122
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
127
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
123
128
|
*Available only for Vault Enterprise*.
|
124
129
|
"""
|
125
130
|
return pulumi.get(self, "namespace")
|
@@ -151,7 +156,7 @@ class _AuthBackendConfigIdentityState:
|
|
151
156
|
added to both audit logs, and on the `iam_alias`
|
152
157
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
153
158
|
The value should not contain leading or trailing forward slashes.
|
154
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
159
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
155
160
|
*Available only for Vault Enterprise*.
|
156
161
|
"""
|
157
162
|
if backend is not None:
|
@@ -237,7 +242,7 @@ class _AuthBackendConfigIdentityState:
|
|
237
242
|
"""
|
238
243
|
The namespace to provision the resource in.
|
239
244
|
The value should not contain leading or trailing forward slashes.
|
240
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
245
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
241
246
|
*Available only for Vault Enterprise*.
|
242
247
|
"""
|
243
248
|
return pulumi.get(self, "namespace")
|
@@ -266,7 +271,6 @@ class AuthBackendConfigIdentity(pulumi.CustomResource):
|
|
266
271
|
|
267
272
|
## Example Usage
|
268
273
|
|
269
|
-
<!--Start PulumiCodeChooser -->
|
270
274
|
```python
|
271
275
|
import pulumi
|
272
276
|
import pulumi_vault as vault
|
@@ -280,7 +284,6 @@ class AuthBackendConfigIdentity(pulumi.CustomResource):
|
|
280
284
|
"account_id",
|
281
285
|
])
|
282
286
|
```
|
283
|
-
<!--End PulumiCodeChooser -->
|
284
287
|
|
285
288
|
## Import
|
286
289
|
|
@@ -303,7 +306,7 @@ class AuthBackendConfigIdentity(pulumi.CustomResource):
|
|
303
306
|
added to both audit logs, and on the `iam_alias`
|
304
307
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
305
308
|
The value should not contain leading or trailing forward slashes.
|
306
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
309
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
307
310
|
*Available only for Vault Enterprise*.
|
308
311
|
"""
|
309
312
|
...
|
@@ -319,7 +322,6 @@ class AuthBackendConfigIdentity(pulumi.CustomResource):
|
|
319
322
|
|
320
323
|
## Example Usage
|
321
324
|
|
322
|
-
<!--Start PulumiCodeChooser -->
|
323
325
|
```python
|
324
326
|
import pulumi
|
325
327
|
import pulumi_vault as vault
|
@@ -333,7 +335,6 @@ class AuthBackendConfigIdentity(pulumi.CustomResource):
|
|
333
335
|
"account_id",
|
334
336
|
])
|
335
337
|
```
|
336
|
-
<!--End PulumiCodeChooser -->
|
337
338
|
|
338
339
|
## Import
|
339
340
|
|
@@ -413,7 +414,7 @@ class AuthBackendConfigIdentity(pulumi.CustomResource):
|
|
413
414
|
added to both audit logs, and on the `iam_alias`
|
414
415
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
415
416
|
The value should not contain leading or trailing forward slashes.
|
416
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
417
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
417
418
|
*Available only for Vault Enterprise*.
|
418
419
|
"""
|
419
420
|
opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
|
@@ -478,7 +479,7 @@ class AuthBackendConfigIdentity(pulumi.CustomResource):
|
|
478
479
|
"""
|
479
480
|
The namespace to provision the resource in.
|
480
481
|
The value should not contain leading or trailing forward slashes.
|
481
|
-
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
482
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
482
483
|
*Available only for Vault Enterprise*.
|
483
484
|
"""
|
484
485
|
return pulumi.get(self, "namespace")
|