pulumi-vault 6.1.1__py3-none-any.whl → 6.2.0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (29) hide show
  1. pulumi_vault/__init__.py +26 -0
  2. pulumi_vault/auth_backend.py +47 -0
  3. pulumi_vault/aws/auth_backend_client.py +247 -7
  4. pulumi_vault/aws/secret_backend_role.py +54 -0
  5. pulumi_vault/azure/auth_backend_config.py +133 -0
  6. pulumi_vault/azure/backend.py +203 -0
  7. pulumi_vault/database/secrets_mount.py +282 -0
  8. pulumi_vault/gcp/auth_backend.py +244 -0
  9. pulumi_vault/gcp/secret_backend.py +271 -3
  10. pulumi_vault/jwt/auth_backend_role.py +28 -35
  11. pulumi_vault/kubernetes/secret_backend.py +282 -0
  12. pulumi_vault/ldap/secret_backend.py +282 -0
  13. pulumi_vault/mount.py +324 -0
  14. pulumi_vault/okta/auth_backend.py +453 -0
  15. pulumi_vault/pkisecret/__init__.py +2 -0
  16. pulumi_vault/pkisecret/_inputs.py +30 -0
  17. pulumi_vault/pkisecret/backend_config_est.py +614 -0
  18. pulumi_vault/pkisecret/get_backend_config_est.py +233 -0
  19. pulumi_vault/pkisecret/outputs.py +54 -0
  20. pulumi_vault/plugin.py +590 -0
  21. pulumi_vault/plugin_pinned_version.py +293 -0
  22. pulumi_vault/pulumi-plugin.json +1 -1
  23. pulumi_vault/quota_lease_count.py +47 -0
  24. pulumi_vault/quota_rate_limit.py +47 -0
  25. pulumi_vault/ssh/secret_backend_ca.py +94 -0
  26. {pulumi_vault-6.1.1.dist-info → pulumi_vault-6.2.0.dist-info}/METADATA +1 -1
  27. {pulumi_vault-6.1.1.dist-info → pulumi_vault-6.2.0.dist-info}/RECORD +29 -25
  28. {pulumi_vault-6.1.1.dist-info → pulumi_vault-6.2.0.dist-info}/WHEEL +1 -1
  29. {pulumi_vault-6.1.1.dist-info → pulumi_vault-6.2.0.dist-info}/top_level.txt +0 -0
pulumi_vault/jwt/auth_backend_role.py CHANGED
@@ -53,9 +53,8 @@ class AuthBackendRoleArgs:
53
53
  Required for OIDC roles
54
54
  :param pulumi.Input[str] backend: The unique name of the auth backend to configure.
55
55
  Defaults to `jwt`.
56
- :param pulumi.Input[Sequence[pulumi.Input[str]]] bound_audiences: (For "jwt" roles, at least one of `bound_audiences`, `bound_subject`, `bound_claims`
57
- or `token_bound_cidrs` is required. Optional for "oidc" roles.) List of `aud` claims to match against.
58
- Any match is sufficient.
56
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] bound_audiences: (Required for roles of type `jwt`, optional for roles of
57
+ type `oidc`) List of `aud` claims to match against. Any match is sufficient.
59
58
  :param pulumi.Input[Mapping[str, Any]] bound_claims: If set, a map of claims to values to match against.
60
59
  A claim's value must be a string, which may contain one value or multiple
61
60
  comma-separated values, e.g. `"red"` or `"red,green,blue"`.
@@ -71,7 +70,7 @@ class AuthBackendRoleArgs:
71
70
  Only applicable with "jwt" roles.
72
71
  :param pulumi.Input[bool] disable_bound_claims_parsing: Disable bound claim value parsing. Useful when values contain commas.
73
72
  :param pulumi.Input[int] expiration_leeway: The amount of leeway to add to expiration (`exp`) claims to account for
74
- clock skew, in seconds. Defaults to `60` seconds if set to `0` and can be disabled if set to `-1`.
73
+ clock skew, in seconds. Defaults to `150` seconds if set to `0` and can be disabled if set to `-1`.
75
74
  Only applicable with "jwt" roles.
76
75
  :param pulumi.Input[str] groups_claim: The claim to use to uniquely identify
77
76
  the set of groups to which the user belongs; this will be used as the names
@@ -84,7 +83,7 @@ class AuthBackendRoleArgs:
84
83
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
85
84
  *Available only for Vault Enterprise*.
86
85
  :param pulumi.Input[int] not_before_leeway: The amount of leeway to add to not before (`nbf`) claims to account for
87
- clock skew, in seconds. Defaults to `60` seconds if set to `0` and can be disabled if set to `-1`.
86
+ clock skew, in seconds. Defaults to `150` seconds if set to `0` and can be disabled if set to `-1`.
88
87
  Only applicable with "jwt" roles.
89
88
  :param pulumi.Input[Sequence[pulumi.Input[str]]] oidc_scopes: If set, a list of OIDC scopes to be used with an OIDC role.
90
89
  The standard scope "openid" is automatically included and need not be specified.
@@ -219,9 +218,8 @@ class AuthBackendRoleArgs:
219
218
  @pulumi.getter(name="boundAudiences")
220
219
  def bound_audiences(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
221
220
  """
222
- (For "jwt" roles, at least one of `bound_audiences`, `bound_subject`, `bound_claims`
223
- or `token_bound_cidrs` is required. Optional for "oidc" roles.) List of `aud` claims to match against.
224
- Any match is sufficient.
221
+ (Required for roles of type `jwt`, optional for roles of
222
+ type `oidc`) List of `aud` claims to match against. Any match is sufficient.
225
223
  """
226
224
  return pulumi.get(self, "bound_audiences")
227
225
 
@@ -314,7 +312,7 @@ class AuthBackendRoleArgs:
314
312
  def expiration_leeway(self) -> Optional[pulumi.Input[int]]:
315
313
  """
316
314
  The amount of leeway to add to expiration (`exp`) claims to account for
317
- clock skew, in seconds. Defaults to `60` seconds if set to `0` and can be disabled if set to `-1`.
315
+ clock skew, in seconds. Defaults to `150` seconds if set to `0` and can be disabled if set to `-1`.
318
316
  Only applicable with "jwt" roles.
319
317
  """
320
318
  return pulumi.get(self, "expiration_leeway")
@@ -371,7 +369,7 @@ class AuthBackendRoleArgs:
371
369
  def not_before_leeway(self) -> Optional[pulumi.Input[int]]:
372
370
  """
373
371
  The amount of leeway to add to not before (`nbf`) claims to account for
374
- clock skew, in seconds. Defaults to `60` seconds if set to `0` and can be disabled if set to `-1`.
372
+ clock skew, in seconds. Defaults to `150` seconds if set to `0` and can be disabled if set to `-1`.
375
373
  Only applicable with "jwt" roles.
376
374
  """
377
375
  return pulumi.get(self, "not_before_leeway")
@@ -581,9 +579,8 @@ class _AuthBackendRoleState:
581
579
  Required for OIDC roles
582
580
  :param pulumi.Input[str] backend: The unique name of the auth backend to configure.
583
581
  Defaults to `jwt`.
584
- :param pulumi.Input[Sequence[pulumi.Input[str]]] bound_audiences: (For "jwt" roles, at least one of `bound_audiences`, `bound_subject`, `bound_claims`
585
- or `token_bound_cidrs` is required. Optional for "oidc" roles.) List of `aud` claims to match against.
586
- Any match is sufficient.
582
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] bound_audiences: (Required for roles of type `jwt`, optional for roles of
583
+ type `oidc`) List of `aud` claims to match against. Any match is sufficient.
587
584
  :param pulumi.Input[Mapping[str, Any]] bound_claims: If set, a map of claims to values to match against.
588
585
  A claim's value must be a string, which may contain one value or multiple
589
586
  comma-separated values, e.g. `"red"` or `"red,green,blue"`.
@@ -599,7 +596,7 @@ class _AuthBackendRoleState:
599
596
  Only applicable with "jwt" roles.
600
597
  :param pulumi.Input[bool] disable_bound_claims_parsing: Disable bound claim value parsing. Useful when values contain commas.
601
598
  :param pulumi.Input[int] expiration_leeway: The amount of leeway to add to expiration (`exp`) claims to account for
602
- clock skew, in seconds. Defaults to `60` seconds if set to `0` and can be disabled if set to `-1`.
599
+ clock skew, in seconds. Defaults to `150` seconds if set to `0` and can be disabled if set to `-1`.
603
600
  Only applicable with "jwt" roles.
604
601
  :param pulumi.Input[str] groups_claim: The claim to use to uniquely identify
605
602
  the set of groups to which the user belongs; this will be used as the names
@@ -612,7 +609,7 @@ class _AuthBackendRoleState:
612
609
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
613
610
  *Available only for Vault Enterprise*.
614
611
  :param pulumi.Input[int] not_before_leeway: The amount of leeway to add to not before (`nbf`) claims to account for
615
- clock skew, in seconds. Defaults to `60` seconds if set to `0` and can be disabled if set to `-1`.
612
+ clock skew, in seconds. Defaults to `150` seconds if set to `0` and can be disabled if set to `-1`.
616
613
  Only applicable with "jwt" roles.
617
614
  :param pulumi.Input[Sequence[pulumi.Input[str]]] oidc_scopes: If set, a list of OIDC scopes to be used with an OIDC role.
618
615
  The standard scope "openid" is automatically included and need not be specified.
@@ -727,9 +724,8 @@ class _AuthBackendRoleState:
727
724
  @pulumi.getter(name="boundAudiences")
728
725
  def bound_audiences(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
729
726
  """
730
- (For "jwt" roles, at least one of `bound_audiences`, `bound_subject`, `bound_claims`
731
- or `token_bound_cidrs` is required. Optional for "oidc" roles.) List of `aud` claims to match against.
732
- Any match is sufficient.
727
+ (Required for roles of type `jwt`, optional for roles of
728
+ type `oidc`) List of `aud` claims to match against. Any match is sufficient.
733
729
  """
734
730
  return pulumi.get(self, "bound_audiences")
735
731
 
@@ -822,7 +818,7 @@ class _AuthBackendRoleState:
822
818
  def expiration_leeway(self) -> Optional[pulumi.Input[int]]:
823
819
  """
824
820
  The amount of leeway to add to expiration (`exp`) claims to account for
825
- clock skew, in seconds. Defaults to `60` seconds if set to `0` and can be disabled if set to `-1`.
821
+ clock skew, in seconds. Defaults to `150` seconds if set to `0` and can be disabled if set to `-1`.
826
822
  Only applicable with "jwt" roles.
827
823
  """
828
824
  return pulumi.get(self, "expiration_leeway")
@@ -879,7 +875,7 @@ class _AuthBackendRoleState:
879
875
  def not_before_leeway(self) -> Optional[pulumi.Input[int]]:
880
876
  """
881
877
  The amount of leeway to add to not before (`nbf`) claims to account for
882
- clock skew, in seconds. Defaults to `60` seconds if set to `0` and can be disabled if set to `-1`.
878
+ clock skew, in seconds. Defaults to `150` seconds if set to `0` and can be disabled if set to `-1`.
883
879
  Only applicable with "jwt" roles.
884
880
  """
885
881
  return pulumi.get(self, "not_before_leeway")
@@ -1178,9 +1174,8 @@ class AuthBackendRole(pulumi.CustomResource):
1178
1174
  Required for OIDC roles
1179
1175
  :param pulumi.Input[str] backend: The unique name of the auth backend to configure.
1180
1176
  Defaults to `jwt`.
1181
- :param pulumi.Input[Sequence[pulumi.Input[str]]] bound_audiences: (For "jwt" roles, at least one of `bound_audiences`, `bound_subject`, `bound_claims`
1182
- or `token_bound_cidrs` is required. Optional for "oidc" roles.) List of `aud` claims to match against.
1183
- Any match is sufficient.
1177
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] bound_audiences: (Required for roles of type `jwt`, optional for roles of
1178
+ type `oidc`) List of `aud` claims to match against. Any match is sufficient.
1184
1179
  :param pulumi.Input[Mapping[str, Any]] bound_claims: If set, a map of claims to values to match against.
1185
1180
  A claim's value must be a string, which may contain one value or multiple
1186
1181
  comma-separated values, e.g. `"red"` or `"red,green,blue"`.
@@ -1196,7 +1191,7 @@ class AuthBackendRole(pulumi.CustomResource):
1196
1191
  Only applicable with "jwt" roles.
1197
1192
  :param pulumi.Input[bool] disable_bound_claims_parsing: Disable bound claim value parsing. Useful when values contain commas.
1198
1193
  :param pulumi.Input[int] expiration_leeway: The amount of leeway to add to expiration (`exp`) claims to account for
1199
- clock skew, in seconds. Defaults to `60` seconds if set to `0` and can be disabled if set to `-1`.
1194
+ clock skew, in seconds. Defaults to `150` seconds if set to `0` and can be disabled if set to `-1`.
1200
1195
  Only applicable with "jwt" roles.
1201
1196
  :param pulumi.Input[str] groups_claim: The claim to use to uniquely identify
1202
1197
  the set of groups to which the user belongs; this will be used as the names
@@ -1209,7 +1204,7 @@ class AuthBackendRole(pulumi.CustomResource):
1209
1204
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
1210
1205
  *Available only for Vault Enterprise*.
1211
1206
  :param pulumi.Input[int] not_before_leeway: The amount of leeway to add to not before (`nbf`) claims to account for
1212
- clock skew, in seconds. Defaults to `60` seconds if set to `0` and can be disabled if set to `-1`.
1207
+ clock skew, in seconds. Defaults to `150` seconds if set to `0` and can be disabled if set to `-1`.
1213
1208
  Only applicable with "jwt" roles.
1214
1209
  :param pulumi.Input[Sequence[pulumi.Input[str]]] oidc_scopes: If set, a list of OIDC scopes to be used with an OIDC role.
1215
1210
  The standard scope "openid" is automatically included and need not be specified.
@@ -1437,9 +1432,8 @@ class AuthBackendRole(pulumi.CustomResource):
1437
1432
  Required for OIDC roles
1438
1433
  :param pulumi.Input[str] backend: The unique name of the auth backend to configure.
1439
1434
  Defaults to `jwt`.
1440
- :param pulumi.Input[Sequence[pulumi.Input[str]]] bound_audiences: (For "jwt" roles, at least one of `bound_audiences`, `bound_subject`, `bound_claims`
1441
- or `token_bound_cidrs` is required. Optional for "oidc" roles.) List of `aud` claims to match against.
1442
- Any match is sufficient.
1435
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] bound_audiences: (Required for roles of type `jwt`, optional for roles of
1436
+ type `oidc`) List of `aud` claims to match against. Any match is sufficient.
1443
1437
  :param pulumi.Input[Mapping[str, Any]] bound_claims: If set, a map of claims to values to match against.
1444
1438
  A claim's value must be a string, which may contain one value or multiple
1445
1439
  comma-separated values, e.g. `"red"` or `"red,green,blue"`.
@@ -1455,7 +1449,7 @@ class AuthBackendRole(pulumi.CustomResource):
1455
1449
  Only applicable with "jwt" roles.
1456
1450
  :param pulumi.Input[bool] disable_bound_claims_parsing: Disable bound claim value parsing. Useful when values contain commas.
1457
1451
  :param pulumi.Input[int] expiration_leeway: The amount of leeway to add to expiration (`exp`) claims to account for
1458
- clock skew, in seconds. Defaults to `60` seconds if set to `0` and can be disabled if set to `-1`.
1452
+ clock skew, in seconds. Defaults to `150` seconds if set to `0` and can be disabled if set to `-1`.
1459
1453
  Only applicable with "jwt" roles.
1460
1454
  :param pulumi.Input[str] groups_claim: The claim to use to uniquely identify
1461
1455
  the set of groups to which the user belongs; this will be used as the names
@@ -1468,7 +1462,7 @@ class AuthBackendRole(pulumi.CustomResource):
1468
1462
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
1469
1463
  *Available only for Vault Enterprise*.
1470
1464
  :param pulumi.Input[int] not_before_leeway: The amount of leeway to add to not before (`nbf`) claims to account for
1471
- clock skew, in seconds. Defaults to `60` seconds if set to `0` and can be disabled if set to `-1`.
1465
+ clock skew, in seconds. Defaults to `150` seconds if set to `0` and can be disabled if set to `-1`.
1472
1466
  Only applicable with "jwt" roles.
1473
1467
  :param pulumi.Input[Sequence[pulumi.Input[str]]] oidc_scopes: If set, a list of OIDC scopes to be used with an OIDC role.
1474
1468
  The standard scope "openid" is automatically included and need not be specified.
@@ -1551,9 +1545,8 @@ class AuthBackendRole(pulumi.CustomResource):
1551
1545
  @pulumi.getter(name="boundAudiences")
1552
1546
  def bound_audiences(self) -> pulumi.Output[Optional[Sequence[str]]]:
1553
1547
  """
1554
- (For "jwt" roles, at least one of `bound_audiences`, `bound_subject`, `bound_claims`
1555
- or `token_bound_cidrs` is required. Optional for "oidc" roles.) List of `aud` claims to match against.
1556
- Any match is sufficient.
1548
+ (Required for roles of type `jwt`, optional for roles of
1549
+ type `oidc`) List of `aud` claims to match against. Any match is sufficient.
1557
1550
  """
1558
1551
  return pulumi.get(self, "bound_audiences")
1559
1552
 
@@ -1618,7 +1611,7 @@ class AuthBackendRole(pulumi.CustomResource):
1618
1611
  def expiration_leeway(self) -> pulumi.Output[Optional[int]]:
1619
1612
  """
1620
1613
  The amount of leeway to add to expiration (`exp`) claims to account for
1621
- clock skew, in seconds. Defaults to `60` seconds if set to `0` and can be disabled if set to `-1`.
1614
+ clock skew, in seconds. Defaults to `150` seconds if set to `0` and can be disabled if set to `-1`.
1622
1615
  Only applicable with "jwt" roles.
1623
1616
  """
1624
1617
  return pulumi.get(self, "expiration_leeway")
@@ -1659,7 +1652,7 @@ class AuthBackendRole(pulumi.CustomResource):
1659
1652
  def not_before_leeway(self) -> pulumi.Output[Optional[int]]:
1660
1653
  """
1661
1654
  The amount of leeway to add to not before (`nbf`) claims to account for
1662
- clock skew, in seconds. Defaults to `60` seconds if set to `0` and can be disabled if set to `-1`.
1655
+ clock skew, in seconds. Defaults to `150` seconds if set to `0` and can be disabled if set to `-1`.
1663
1656
  Only applicable with "jwt" roles.
1664
1657
  """
1665
1658
  return pulumi.get(self, "not_before_leeway")