pulumi-vault 6.1.1a1717550614__py3-none-any.whl → 6.2.0a1712470779__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/_inputs.py +20 -0
- pulumi_vault/ad/secret_backend.py +6 -2
- pulumi_vault/ad/secret_library.py +4 -2
- pulumi_vault/ad/secret_role.py +4 -0
- pulumi_vault/alicloud/auth_backend_role.py +192 -69
- pulumi_vault/approle/auth_backend_login.py +4 -0
- pulumi_vault/approle/auth_backend_role.py +186 -63
- pulumi_vault/approle/auth_backend_role_secret_id.py +4 -0
- pulumi_vault/approle/get_auth_backend_role_id.py +4 -0
- pulumi_vault/audit.py +20 -12
- pulumi_vault/audit_request_header.py +6 -6
- pulumi_vault/aws/auth_backend_client.py +10 -6
- pulumi_vault/aws/auth_backend_config_identity.py +4 -0
- pulumi_vault/aws/auth_backend_identity_whitelist.py +10 -6
- pulumi_vault/aws/auth_backend_login.py +8 -0
- pulumi_vault/aws/auth_backend_role.py +186 -63
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +10 -6
- pulumi_vault/aws/auth_backend_sts_role.py +4 -0
- pulumi_vault/aws/secret_backend_role.py +4 -2
- pulumi_vault/aws/secret_backend_static_role.py +4 -2
- pulumi_vault/azure/auth_backend_config.py +10 -6
- pulumi_vault/azure/auth_backend_role.py +186 -63
- pulumi_vault/azure/backend.py +24 -16
- pulumi_vault/azure/backend_role.py +18 -14
- pulumi_vault/azure/get_access_credentials.py +4 -0
- pulumi_vault/cert_auth_backend_role.py +208 -75
- pulumi_vault/consul/secret_backend.py +18 -10
- pulumi_vault/consul/secret_backend_role.py +4 -2
- pulumi_vault/database/_inputs.py +784 -522
- pulumi_vault/database/outputs.py +784 -522
- pulumi_vault/database/secret_backend_connection.py +4 -2
- pulumi_vault/database/secret_backend_role.py +4 -4
- pulumi_vault/database/secret_backend_static_role.py +8 -10
- pulumi_vault/database/secrets_mount.py +4 -4
- pulumi_vault/egp_policy.py +8 -4
- pulumi_vault/gcp/auth_backend.py +36 -0
- pulumi_vault/gcp/auth_backend_role.py +264 -63
- pulumi_vault/gcp/get_auth_backend_role.py +4 -0
- pulumi_vault/gcp/secret_backend.py +6 -4
- pulumi_vault/gcp/secret_impersonated_account.py +14 -12
- pulumi_vault/gcp/secret_roleset.py +6 -4
- pulumi_vault/gcp/secret_static_account.py +16 -14
- pulumi_vault/generic/endpoint.py +8 -4
- pulumi_vault/generic/get_secret.py +4 -40
- pulumi_vault/get_auth_backend.py +4 -0
- pulumi_vault/get_auth_backends.py +8 -0
- pulumi_vault/get_namespace.py +12 -0
- pulumi_vault/get_namespaces.py +12 -4
- pulumi_vault/get_nomad_access_token.py +4 -0
- pulumi_vault/get_policy_document.py +8 -8
- pulumi_vault/get_raft_autopilot_state.py +4 -0
- pulumi_vault/github/auth_backend.py +4 -0
- pulumi_vault/github/team.py +6 -2
- pulumi_vault/github/user.py +6 -2
- pulumi_vault/identity/entity.py +8 -6
- pulumi_vault/identity/entity_alias.py +8 -6
- pulumi_vault/identity/entity_policies.py +12 -12
- pulumi_vault/identity/get_entity.py +4 -0
- pulumi_vault/identity/get_group.py +4 -0
- pulumi_vault/identity/get_oidc_client_creds.py +4 -2
- pulumi_vault/identity/get_oidc_openid_config.py +6 -10
- pulumi_vault/identity/get_oidc_public_keys.py +6 -10
- pulumi_vault/identity/group.py +42 -38
- pulumi_vault/identity/group_alias.py +4 -2
- pulumi_vault/identity/group_member_entity_ids.py +16 -12
- pulumi_vault/identity/group_member_group_ids.py +20 -24
- pulumi_vault/identity/group_policies.py +8 -4
- pulumi_vault/identity/mfa_duo.py +8 -4
- pulumi_vault/identity/mfa_login_enforcement.py +8 -8
- pulumi_vault/identity/mfa_okta.py +8 -4
- pulumi_vault/identity/mfa_pingid.py +4 -0
- pulumi_vault/identity/mfa_totp.py +4 -0
- pulumi_vault/identity/oidc.py +4 -0
- pulumi_vault/identity/oidc_assignment.py +6 -10
- pulumi_vault/identity/oidc_client.py +10 -10
- pulumi_vault/identity/oidc_key.py +12 -16
- pulumi_vault/identity/oidc_key_allowed_client_id.py +12 -16
- pulumi_vault/identity/oidc_provider.py +16 -22
- pulumi_vault/identity/oidc_role.py +20 -28
- pulumi_vault/identity/oidc_scope.py +8 -6
- pulumi_vault/jwt/auth_backend.py +32 -20
- pulumi_vault/jwt/auth_backend_role.py +190 -63
- pulumi_vault/kmip/secret_backend.py +14 -10
- pulumi_vault/kmip/secret_role.py +4 -0
- pulumi_vault/kmip/secret_scope.py +4 -0
- pulumi_vault/kubernetes/auth_backend_config.py +4 -0
- pulumi_vault/kubernetes/auth_backend_role.py +172 -56
- pulumi_vault/kubernetes/get_service_account_token.py +8 -8
- pulumi_vault/kubernetes/secret_backend.py +8 -6
- pulumi_vault/kubernetes/secret_backend_role.py +24 -24
- pulumi_vault/kv/get_secret.py +4 -0
- pulumi_vault/kv/get_secret_subkeys_v2.py +6 -4
- pulumi_vault/kv/get_secret_v2.py +0 -58
- pulumi_vault/kv/get_secrets_list.py +8 -4
- pulumi_vault/kv/get_secrets_list_v2.py +12 -14
- pulumi_vault/kv/secret.py +4 -0
- pulumi_vault/kv/secret_backend_v2.py +4 -0
- pulumi_vault/kv/secret_v2.py +4 -2
- pulumi_vault/ldap/auth_backend.py +161 -66
- pulumi_vault/ldap/auth_backend_group.py +4 -0
- pulumi_vault/ldap/auth_backend_user.py +4 -0
- pulumi_vault/ldap/secret_backend.py +8 -4
- pulumi_vault/ldap/secret_backend_dynamic_role.py +4 -0
- pulumi_vault/ldap/secret_backend_library_set.py +4 -2
- pulumi_vault/ldap/secret_backend_static_role.py +4 -0
- pulumi_vault/managed/_inputs.py +132 -84
- pulumi_vault/managed/keys.py +28 -7
- pulumi_vault/managed/outputs.py +132 -84
- pulumi_vault/mfa_duo.py +6 -4
- pulumi_vault/mfa_okta.py +6 -4
- pulumi_vault/mfa_pingid.py +6 -4
- pulumi_vault/mfa_totp.py +12 -10
- pulumi_vault/mongodbatlas/secret_backend.py +4 -0
- pulumi_vault/mongodbatlas/secret_role.py +4 -2
- pulumi_vault/mount.py +42 -26
- pulumi_vault/nomad_secret_backend.py +8 -4
- pulumi_vault/nomad_secret_role.py +4 -0
- pulumi_vault/okta/_inputs.py +8 -8
- pulumi_vault/okta/auth_backend.py +10 -6
- pulumi_vault/okta/auth_backend_group.py +4 -0
- pulumi_vault/okta/auth_backend_user.py +4 -0
- pulumi_vault/okta/outputs.py +8 -8
- pulumi_vault/outputs.py +20 -0
- pulumi_vault/password_policy.py +8 -6
- pulumi_vault/pkisecret/backend_config_cluster.py +4 -0
- pulumi_vault/pkisecret/get_backend_issuer.py +0 -36
- pulumi_vault/pkisecret/get_backend_issuers.py +4 -0
- pulumi_vault/pkisecret/get_backend_key.py +6 -2
- pulumi_vault/pkisecret/get_backend_keys.py +4 -0
- pulumi_vault/pkisecret/secret_backend_cert.py +8 -6
- pulumi_vault/pkisecret/secret_backend_config_ca.py +8 -4
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +4 -0
- pulumi_vault/pkisecret/secret_backend_config_urls.py +4 -0
- pulumi_vault/pkisecret/secret_backend_crl_config.py +6 -2
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +8 -4
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +14 -10
- pulumi_vault/pkisecret/secret_backend_issuer.py +4 -0
- pulumi_vault/pkisecret/secret_backend_role.py +4 -2
- pulumi_vault/pkisecret/secret_backend_root_cert.py +8 -4
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +10 -6
- pulumi_vault/pkisecret/secret_backend_sign.py +8 -6
- pulumi_vault/provider.py +8 -0
- pulumi_vault/pulumi-plugin.json +1 -2
- pulumi_vault/quota_lease_count.py +8 -6
- pulumi_vault/quota_rate_limit.py +4 -2
- pulumi_vault/rabbitmq/secret_backend.py +8 -4
- pulumi_vault/rabbitmq/secret_backend_role.py +4 -2
- pulumi_vault/raft_autopilot.py +4 -0
- pulumi_vault/raft_snapshot_agent_config.py +304 -109
- pulumi_vault/rgp_policy.py +6 -2
- pulumi_vault/saml/auth_backend.py +12 -8
- pulumi_vault/saml/auth_backend_role.py +178 -64
- pulumi_vault/secrets/sync_association.py +10 -12
- pulumi_vault/secrets/sync_aws_destination.py +8 -6
- pulumi_vault/secrets/sync_azure_destination.py +12 -10
- pulumi_vault/secrets/sync_config.py +6 -2
- pulumi_vault/secrets/sync_gcp_destination.py +6 -6
- pulumi_vault/secrets/sync_gh_destination.py +8 -6
- pulumi_vault/secrets/sync_github_apps.py +8 -8
- pulumi_vault/secrets/sync_vercel_destination.py +8 -6
- pulumi_vault/ssh/_inputs.py +32 -6
- pulumi_vault/ssh/outputs.py +32 -6
- pulumi_vault/ssh/secret_backend_ca.py +4 -0
- pulumi_vault/ssh/secret_backend_role.py +4 -4
- pulumi_vault/terraformcloud/secret_backend.py +56 -0
- pulumi_vault/terraformcloud/secret_creds.py +17 -2
- pulumi_vault/terraformcloud/secret_role.py +69 -2
- pulumi_vault/token.py +18 -14
- pulumi_vault/tokenauth/auth_backend_role.py +180 -64
- pulumi_vault/transform/alphabet.py +6 -4
- pulumi_vault/transform/get_decode.py +4 -4
- pulumi_vault/transform/get_encode.py +4 -4
- pulumi_vault/transform/role.py +6 -4
- pulumi_vault/transform/template.py +4 -4
- pulumi_vault/transit/get_decrypt.py +20 -4
- pulumi_vault/transit/get_encrypt.py +14 -0
- pulumi_vault/transit/secret_backend_key.py +6 -6
- pulumi_vault/transit/secret_cache_config.py +4 -0
- {pulumi_vault-6.1.1a1717550614.dist-info → pulumi_vault-6.2.0a1712470779.dist-info}/METADATA +1 -1
- pulumi_vault-6.2.0a1712470779.dist-info/RECORD +252 -0
- pulumi_vault-6.1.1a1717550614.dist-info/RECORD +0 -252
- {pulumi_vault-6.1.1a1717550614.dist-info → pulumi_vault-6.2.0a1712470779.dist-info}/WHEEL +0 -0
- {pulumi_vault-6.1.1a1717550614.dist-info → pulumi_vault-6.2.0a1712470779.dist-info}/top_level.txt +0 -0
|
@@ -224,6 +224,7 @@ class SyncAssociation(pulumi.CustomResource):
|
|
|
224
224
|
"""
|
|
225
225
|
## Example Usage
|
|
226
226
|
|
|
227
|
+
<!--Start PulumiCodeChooser -->
|
|
227
228
|
```python
|
|
228
229
|
import pulumi
|
|
229
230
|
import json
|
|
@@ -238,23 +239,21 @@ class SyncAssociation(pulumi.CustomResource):
|
|
|
238
239
|
description="KV Version 2 secret engine mount")
|
|
239
240
|
token = vault.kv.SecretV2("token",
|
|
240
241
|
mount=kvv2.path,
|
|
241
|
-
name="token",
|
|
242
242
|
data_json=json.dumps({
|
|
243
243
|
"dev": "B!gS3cr3t",
|
|
244
244
|
"prod": "S3cureP4$$",
|
|
245
245
|
}))
|
|
246
246
|
gh = vault.secrets.SyncGhDestination("gh",
|
|
247
|
-
|
|
248
|
-
|
|
249
|
-
repository_owner=repo_owner,
|
|
247
|
+
access_token=var["access_token"],
|
|
248
|
+
repository_owner=var["repo_owner"],
|
|
250
249
|
repository_name="repo-name-example",
|
|
251
250
|
secret_name_template="vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}")
|
|
252
|
-
gh_token = vault.secrets.SyncAssociation("
|
|
253
|
-
name=gh.name,
|
|
251
|
+
gh_token = vault.secrets.SyncAssociation("ghToken",
|
|
254
252
|
type=gh.type,
|
|
255
253
|
mount=kvv2.path,
|
|
256
254
|
secret_name=token.name)
|
|
257
255
|
```
|
|
256
|
+
<!--End PulumiCodeChooser -->
|
|
258
257
|
|
|
259
258
|
:param str resource_name: The name of the resource.
|
|
260
259
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
|
@@ -275,6 +274,7 @@ class SyncAssociation(pulumi.CustomResource):
|
|
|
275
274
|
"""
|
|
276
275
|
## Example Usage
|
|
277
276
|
|
|
277
|
+
<!--Start PulumiCodeChooser -->
|
|
278
278
|
```python
|
|
279
279
|
import pulumi
|
|
280
280
|
import json
|
|
@@ -289,23 +289,21 @@ class SyncAssociation(pulumi.CustomResource):
|
|
|
289
289
|
description="KV Version 2 secret engine mount")
|
|
290
290
|
token = vault.kv.SecretV2("token",
|
|
291
291
|
mount=kvv2.path,
|
|
292
|
-
name="token",
|
|
293
292
|
data_json=json.dumps({
|
|
294
293
|
"dev": "B!gS3cr3t",
|
|
295
294
|
"prod": "S3cureP4$$",
|
|
296
295
|
}))
|
|
297
296
|
gh = vault.secrets.SyncGhDestination("gh",
|
|
298
|
-
|
|
299
|
-
|
|
300
|
-
repository_owner=repo_owner,
|
|
297
|
+
access_token=var["access_token"],
|
|
298
|
+
repository_owner=var["repo_owner"],
|
|
301
299
|
repository_name="repo-name-example",
|
|
302
300
|
secret_name_template="vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}")
|
|
303
|
-
gh_token = vault.secrets.SyncAssociation("
|
|
304
|
-
name=gh.name,
|
|
301
|
+
gh_token = vault.secrets.SyncAssociation("ghToken",
|
|
305
302
|
type=gh.type,
|
|
306
303
|
mount=kvv2.path,
|
|
307
304
|
secret_name=token.name)
|
|
308
305
|
```
|
|
306
|
+
<!--End PulumiCodeChooser -->
|
|
309
307
|
|
|
310
308
|
:param str resource_name: The name of the resource.
|
|
311
309
|
:param SyncAssociationArgs args: The arguments to use to populate this resource's properties.
|
|
@@ -454,14 +454,14 @@ class SyncAwsDestination(pulumi.CustomResource):
|
|
|
454
454
|
"""
|
|
455
455
|
## Example Usage
|
|
456
456
|
|
|
457
|
+
<!--Start PulumiCodeChooser -->
|
|
457
458
|
```python
|
|
458
459
|
import pulumi
|
|
459
460
|
import pulumi_vault as vault
|
|
460
461
|
|
|
461
462
|
aws = vault.secrets.SyncAwsDestination("aws",
|
|
462
|
-
|
|
463
|
-
|
|
464
|
-
secret_access_key=secret_access_key,
|
|
463
|
+
access_key_id=var["access_key_id"],
|
|
464
|
+
secret_access_key=var["secret_access_key"],
|
|
465
465
|
region="us-east-1",
|
|
466
466
|
role_arn="role-arn",
|
|
467
467
|
external_id="external-id",
|
|
@@ -470,6 +470,7 @@ class SyncAwsDestination(pulumi.CustomResource):
|
|
|
470
470
|
"foo": "bar",
|
|
471
471
|
})
|
|
472
472
|
```
|
|
473
|
+
<!--End PulumiCodeChooser -->
|
|
473
474
|
|
|
474
475
|
## Import
|
|
475
476
|
|
|
@@ -519,14 +520,14 @@ class SyncAwsDestination(pulumi.CustomResource):
|
|
|
519
520
|
"""
|
|
520
521
|
## Example Usage
|
|
521
522
|
|
|
523
|
+
<!--Start PulumiCodeChooser -->
|
|
522
524
|
```python
|
|
523
525
|
import pulumi
|
|
524
526
|
import pulumi_vault as vault
|
|
525
527
|
|
|
526
528
|
aws = vault.secrets.SyncAwsDestination("aws",
|
|
527
|
-
|
|
528
|
-
|
|
529
|
-
secret_access_key=secret_access_key,
|
|
529
|
+
access_key_id=var["access_key_id"],
|
|
530
|
+
secret_access_key=var["secret_access_key"],
|
|
530
531
|
region="us-east-1",
|
|
531
532
|
role_arn="role-arn",
|
|
532
533
|
external_id="external-id",
|
|
@@ -535,6 +536,7 @@ class SyncAwsDestination(pulumi.CustomResource):
|
|
|
535
536
|
"foo": "bar",
|
|
536
537
|
})
|
|
537
538
|
```
|
|
539
|
+
<!--End PulumiCodeChooser -->
|
|
538
540
|
|
|
539
541
|
## Import
|
|
540
542
|
|
|
@@ -430,21 +430,22 @@ class SyncAzureDestination(pulumi.CustomResource):
|
|
|
430
430
|
"""
|
|
431
431
|
## Example Usage
|
|
432
432
|
|
|
433
|
+
<!--Start PulumiCodeChooser -->
|
|
433
434
|
```python
|
|
434
435
|
import pulumi
|
|
435
436
|
import pulumi_vault as vault
|
|
436
437
|
|
|
437
438
|
az = vault.secrets.SyncAzureDestination("az",
|
|
438
|
-
|
|
439
|
-
|
|
440
|
-
|
|
441
|
-
|
|
442
|
-
tenant_id=tenant_id,
|
|
439
|
+
key_vault_uri=var["key_vault_uri"],
|
|
440
|
+
client_id=var["client_id"],
|
|
441
|
+
client_secret=var["client_secret"],
|
|
442
|
+
tenant_id=var["tenant_id"],
|
|
443
443
|
secret_name_template="vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}",
|
|
444
444
|
custom_tags={
|
|
445
445
|
"foo": "bar",
|
|
446
446
|
})
|
|
447
447
|
```
|
|
448
|
+
<!--End PulumiCodeChooser -->
|
|
448
449
|
|
|
449
450
|
## Import
|
|
450
451
|
|
|
@@ -488,21 +489,22 @@ class SyncAzureDestination(pulumi.CustomResource):
|
|
|
488
489
|
"""
|
|
489
490
|
## Example Usage
|
|
490
491
|
|
|
492
|
+
<!--Start PulumiCodeChooser -->
|
|
491
493
|
```python
|
|
492
494
|
import pulumi
|
|
493
495
|
import pulumi_vault as vault
|
|
494
496
|
|
|
495
497
|
az = vault.secrets.SyncAzureDestination("az",
|
|
496
|
-
|
|
497
|
-
|
|
498
|
-
|
|
499
|
-
|
|
500
|
-
tenant_id=tenant_id,
|
|
498
|
+
key_vault_uri=var["key_vault_uri"],
|
|
499
|
+
client_id=var["client_id"],
|
|
500
|
+
client_secret=var["client_secret"],
|
|
501
|
+
tenant_id=var["tenant_id"],
|
|
501
502
|
secret_name_template="vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}",
|
|
502
503
|
custom_tags={
|
|
503
504
|
"foo": "bar",
|
|
504
505
|
})
|
|
505
506
|
```
|
|
507
|
+
<!--End PulumiCodeChooser -->
|
|
506
508
|
|
|
507
509
|
## Import
|
|
508
510
|
|
|
@@ -150,14 +150,16 @@ class SyncConfig(pulumi.CustomResource):
|
|
|
150
150
|
|
|
151
151
|
## Example Usage
|
|
152
152
|
|
|
153
|
+
<!--Start PulumiCodeChooser -->
|
|
153
154
|
```python
|
|
154
155
|
import pulumi
|
|
155
156
|
import pulumi_vault as vault
|
|
156
157
|
|
|
157
|
-
global_config = vault.secrets.SyncConfig("
|
|
158
|
+
global_config = vault.secrets.SyncConfig("globalConfig",
|
|
158
159
|
disabled=True,
|
|
159
160
|
queue_capacity=500000)
|
|
160
161
|
```
|
|
162
|
+
<!--End PulumiCodeChooser -->
|
|
161
163
|
|
|
162
164
|
## Import
|
|
163
165
|
|
|
@@ -189,14 +191,16 @@ class SyncConfig(pulumi.CustomResource):
|
|
|
189
191
|
|
|
190
192
|
## Example Usage
|
|
191
193
|
|
|
194
|
+
<!--Start PulumiCodeChooser -->
|
|
192
195
|
```python
|
|
193
196
|
import pulumi
|
|
194
197
|
import pulumi_vault as vault
|
|
195
198
|
|
|
196
|
-
global_config = vault.secrets.SyncConfig("
|
|
199
|
+
global_config = vault.secrets.SyncConfig("globalConfig",
|
|
197
200
|
disabled=True,
|
|
198
201
|
queue_capacity=500000)
|
|
199
202
|
```
|
|
203
|
+
<!--End PulumiCodeChooser -->
|
|
200
204
|
|
|
201
205
|
## Import
|
|
202
206
|
|
|
@@ -319,20 +319,20 @@ class SyncGcpDestination(pulumi.CustomResource):
|
|
|
319
319
|
"""
|
|
320
320
|
## Example Usage
|
|
321
321
|
|
|
322
|
+
<!--Start PulumiCodeChooser -->
|
|
322
323
|
```python
|
|
323
324
|
import pulumi
|
|
324
|
-
import pulumi_std as std
|
|
325
325
|
import pulumi_vault as vault
|
|
326
326
|
|
|
327
327
|
gcp = vault.secrets.SyncGcpDestination("gcp",
|
|
328
|
-
name="gcp-dest",
|
|
329
328
|
project_id="gcp-project-id",
|
|
330
|
-
credentials=
|
|
329
|
+
credentials=(lambda path: open(path).read())(var["credentials_file"]),
|
|
331
330
|
secret_name_template="vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}",
|
|
332
331
|
custom_tags={
|
|
333
332
|
"foo": "bar",
|
|
334
333
|
})
|
|
335
334
|
```
|
|
335
|
+
<!--End PulumiCodeChooser -->
|
|
336
336
|
|
|
337
337
|
## Import
|
|
338
338
|
|
|
@@ -370,20 +370,20 @@ class SyncGcpDestination(pulumi.CustomResource):
|
|
|
370
370
|
"""
|
|
371
371
|
## Example Usage
|
|
372
372
|
|
|
373
|
+
<!--Start PulumiCodeChooser -->
|
|
373
374
|
```python
|
|
374
375
|
import pulumi
|
|
375
|
-
import pulumi_std as std
|
|
376
376
|
import pulumi_vault as vault
|
|
377
377
|
|
|
378
378
|
gcp = vault.secrets.SyncGcpDestination("gcp",
|
|
379
|
-
name="gcp-dest",
|
|
380
379
|
project_id="gcp-project-id",
|
|
381
|
-
credentials=
|
|
380
|
+
credentials=(lambda path: open(path).read())(var["credentials_file"]),
|
|
382
381
|
secret_name_template="vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}",
|
|
383
382
|
custom_tags={
|
|
384
383
|
"foo": "bar",
|
|
385
384
|
})
|
|
386
385
|
```
|
|
386
|
+
<!--End PulumiCodeChooser -->
|
|
387
387
|
|
|
388
388
|
## Import
|
|
389
389
|
|
|
@@ -401,17 +401,18 @@ class SyncGhDestination(pulumi.CustomResource):
|
|
|
401
401
|
"""
|
|
402
402
|
## Example Usage
|
|
403
403
|
|
|
404
|
+
<!--Start PulumiCodeChooser -->
|
|
404
405
|
```python
|
|
405
406
|
import pulumi
|
|
406
407
|
import pulumi_vault as vault
|
|
407
408
|
|
|
408
409
|
gh = vault.secrets.SyncGhDestination("gh",
|
|
409
|
-
|
|
410
|
-
|
|
411
|
-
repository_owner=repo_owner,
|
|
410
|
+
access_token=var["access_token"],
|
|
411
|
+
repository_owner=var["repo_owner"],
|
|
412
412
|
repository_name="repo-name-example",
|
|
413
413
|
secret_name_template="vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}")
|
|
414
414
|
```
|
|
415
|
+
<!--End PulumiCodeChooser -->
|
|
415
416
|
|
|
416
417
|
## Import
|
|
417
418
|
|
|
@@ -455,17 +456,18 @@ class SyncGhDestination(pulumi.CustomResource):
|
|
|
455
456
|
"""
|
|
456
457
|
## Example Usage
|
|
457
458
|
|
|
459
|
+
<!--Start PulumiCodeChooser -->
|
|
458
460
|
```python
|
|
459
461
|
import pulumi
|
|
460
462
|
import pulumi_vault as vault
|
|
461
463
|
|
|
462
464
|
gh = vault.secrets.SyncGhDestination("gh",
|
|
463
|
-
|
|
464
|
-
|
|
465
|
-
repository_owner=repo_owner,
|
|
465
|
+
access_token=var["access_token"],
|
|
466
|
+
repository_owner=var["repo_owner"],
|
|
466
467
|
repository_name="repo-name-example",
|
|
467
468
|
secret_name_template="vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}")
|
|
468
469
|
```
|
|
470
|
+
<!--End PulumiCodeChooser -->
|
|
469
471
|
|
|
470
472
|
## Import
|
|
471
473
|
|
|
@@ -190,16 +190,16 @@ class SyncGithubApps(pulumi.CustomResource):
|
|
|
190
190
|
"""
|
|
191
191
|
## Example Usage
|
|
192
192
|
|
|
193
|
+
<!--Start PulumiCodeChooser -->
|
|
193
194
|
```python
|
|
194
195
|
import pulumi
|
|
195
|
-
import pulumi_std as std
|
|
196
196
|
import pulumi_vault as vault
|
|
197
197
|
|
|
198
198
|
github_apps = vault.secrets.SyncGithubApps("github-apps",
|
|
199
|
-
|
|
200
|
-
|
|
201
|
-
private_key=std.file(input=privatekey_file).result)
|
|
199
|
+
app_id=var["app_id"],
|
|
200
|
+
private_key=(lambda path: open(path).read())(var["privatekey_file"]))
|
|
202
201
|
```
|
|
202
|
+
<!--End PulumiCodeChooser -->
|
|
203
203
|
|
|
204
204
|
## Import
|
|
205
205
|
|
|
@@ -227,16 +227,16 @@ class SyncGithubApps(pulumi.CustomResource):
|
|
|
227
227
|
"""
|
|
228
228
|
## Example Usage
|
|
229
229
|
|
|
230
|
+
<!--Start PulumiCodeChooser -->
|
|
230
231
|
```python
|
|
231
232
|
import pulumi
|
|
232
|
-
import pulumi_std as std
|
|
233
233
|
import pulumi_vault as vault
|
|
234
234
|
|
|
235
235
|
github_apps = vault.secrets.SyncGithubApps("github-apps",
|
|
236
|
-
|
|
237
|
-
|
|
238
|
-
private_key=std.file(input=privatekey_file).result)
|
|
236
|
+
app_id=var["app_id"],
|
|
237
|
+
private_key=(lambda path: open(path).read())(var["privatekey_file"]))
|
|
239
238
|
```
|
|
239
|
+
<!--End PulumiCodeChooser -->
|
|
240
240
|
|
|
241
241
|
## Import
|
|
242
242
|
|
|
@@ -337,14 +337,14 @@ class SyncVercelDestination(pulumi.CustomResource):
|
|
|
337
337
|
"""
|
|
338
338
|
## Example Usage
|
|
339
339
|
|
|
340
|
+
<!--Start PulumiCodeChooser -->
|
|
340
341
|
```python
|
|
341
342
|
import pulumi
|
|
342
343
|
import pulumi_vault as vault
|
|
343
344
|
|
|
344
345
|
vercel = vault.secrets.SyncVercelDestination("vercel",
|
|
345
|
-
|
|
346
|
-
|
|
347
|
-
project_id=project_id,
|
|
346
|
+
access_token=var["access_token"],
|
|
347
|
+
project_id=var["project_id"],
|
|
348
348
|
deployment_environments=[
|
|
349
349
|
"development",
|
|
350
350
|
"preview",
|
|
@@ -352,6 +352,7 @@ class SyncVercelDestination(pulumi.CustomResource):
|
|
|
352
352
|
],
|
|
353
353
|
secret_name_template="vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}")
|
|
354
354
|
```
|
|
355
|
+
<!--End PulumiCodeChooser -->
|
|
355
356
|
|
|
356
357
|
## Import
|
|
357
358
|
|
|
@@ -387,14 +388,14 @@ class SyncVercelDestination(pulumi.CustomResource):
|
|
|
387
388
|
"""
|
|
388
389
|
## Example Usage
|
|
389
390
|
|
|
391
|
+
<!--Start PulumiCodeChooser -->
|
|
390
392
|
```python
|
|
391
393
|
import pulumi
|
|
392
394
|
import pulumi_vault as vault
|
|
393
395
|
|
|
394
396
|
vercel = vault.secrets.SyncVercelDestination("vercel",
|
|
395
|
-
|
|
396
|
-
|
|
397
|
-
project_id=project_id,
|
|
397
|
+
access_token=var["access_token"],
|
|
398
|
+
project_id=var["project_id"],
|
|
398
399
|
deployment_environments=[
|
|
399
400
|
"development",
|
|
400
401
|
"preview",
|
|
@@ -402,6 +403,7 @@ class SyncVercelDestination(pulumi.CustomResource):
|
|
|
402
403
|
],
|
|
403
404
|
secret_name_template="vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}")
|
|
404
405
|
```
|
|
406
|
+
<!--End PulumiCodeChooser -->
|
|
405
407
|
|
|
406
408
|
## Import
|
|
407
409
|
|
pulumi_vault/ssh/_inputs.py
CHANGED
|
@@ -19,9 +19,22 @@ class SecretBackendRoleAllowedUserKeyConfigArgs:
|
|
|
19
19
|
lengths: pulumi.Input[Sequence[pulumi.Input[int]]],
|
|
20
20
|
type: pulumi.Input[str]):
|
|
21
21
|
"""
|
|
22
|
-
:param pulumi.Input[Sequence[pulumi.Input[int]]] lengths:
|
|
23
|
-
|
|
24
|
-
|
|
22
|
+
:param pulumi.Input[Sequence[pulumi.Input[int]]] lengths: A list of allowed key lengths as integers.
|
|
23
|
+
For key types that do not support setting the length a value of `[0]` should be used.
|
|
24
|
+
Setting multiple lengths is only supported on Vault 1.10+. For prior releases `length`
|
|
25
|
+
must be set to a single element list.
|
|
26
|
+
|
|
27
|
+
Example configuration blocks that might be included in the `ssh.SecretBackendRole`
|
|
28
|
+
|
|
29
|
+
<!--Start PulumiCodeChooser -->
|
|
30
|
+
```python
|
|
31
|
+
import pulumi
|
|
32
|
+
```
|
|
33
|
+
<!--End PulumiCodeChooser -->
|
|
34
|
+
:param pulumi.Input[str] type: The SSH public key type.
|
|
35
|
+
*Supported key types are:*
|
|
36
|
+
`rsa`, `ecdsa`, `ec`, `dsa`, `ed25519`, `ssh-rsa`, `ssh-dss`, `ssh-ed25519`,
|
|
37
|
+
`ecdsa-sha2-nistp256`, `ecdsa-sha2-nistp384`, `ecdsa-sha2-nistp521`
|
|
25
38
|
"""
|
|
26
39
|
pulumi.set(__self__, "lengths", lengths)
|
|
27
40
|
pulumi.set(__self__, "type", type)
|
|
@@ -30,7 +43,18 @@ class SecretBackendRoleAllowedUserKeyConfigArgs:
|
|
|
30
43
|
@pulumi.getter
|
|
31
44
|
def lengths(self) -> pulumi.Input[Sequence[pulumi.Input[int]]]:
|
|
32
45
|
"""
|
|
33
|
-
|
|
46
|
+
A list of allowed key lengths as integers.
|
|
47
|
+
For key types that do not support setting the length a value of `[0]` should be used.
|
|
48
|
+
Setting multiple lengths is only supported on Vault 1.10+. For prior releases `length`
|
|
49
|
+
must be set to a single element list.
|
|
50
|
+
|
|
51
|
+
Example configuration blocks that might be included in the `ssh.SecretBackendRole`
|
|
52
|
+
|
|
53
|
+
<!--Start PulumiCodeChooser -->
|
|
54
|
+
```python
|
|
55
|
+
import pulumi
|
|
56
|
+
```
|
|
57
|
+
<!--End PulumiCodeChooser -->
|
|
34
58
|
"""
|
|
35
59
|
return pulumi.get(self, "lengths")
|
|
36
60
|
|
|
@@ -42,8 +66,10 @@ class SecretBackendRoleAllowedUserKeyConfigArgs:
|
|
|
42
66
|
@pulumi.getter
|
|
43
67
|
def type(self) -> pulumi.Input[str]:
|
|
44
68
|
"""
|
|
45
|
-
|
|
46
|
-
|
|
69
|
+
The SSH public key type.
|
|
70
|
+
*Supported key types are:*
|
|
71
|
+
`rsa`, `ecdsa`, `ec`, `dsa`, `ed25519`, `ssh-rsa`, `ssh-dss`, `ssh-ed25519`,
|
|
72
|
+
`ecdsa-sha2-nistp256`, `ecdsa-sha2-nistp384`, `ecdsa-sha2-nistp521`
|
|
47
73
|
"""
|
|
48
74
|
return pulumi.get(self, "type")
|
|
49
75
|
|
pulumi_vault/ssh/outputs.py
CHANGED
|
@@ -19,9 +19,22 @@ class SecretBackendRoleAllowedUserKeyConfig(dict):
|
|
|
19
19
|
lengths: Sequence[int],
|
|
20
20
|
type: str):
|
|
21
21
|
"""
|
|
22
|
-
:param Sequence[int] lengths:
|
|
23
|
-
|
|
24
|
-
|
|
22
|
+
:param Sequence[int] lengths: A list of allowed key lengths as integers.
|
|
23
|
+
For key types that do not support setting the length a value of `[0]` should be used.
|
|
24
|
+
Setting multiple lengths is only supported on Vault 1.10+. For prior releases `length`
|
|
25
|
+
must be set to a single element list.
|
|
26
|
+
|
|
27
|
+
Example configuration blocks that might be included in the `ssh.SecretBackendRole`
|
|
28
|
+
|
|
29
|
+
<!--Start PulumiCodeChooser -->
|
|
30
|
+
```python
|
|
31
|
+
import pulumi
|
|
32
|
+
```
|
|
33
|
+
<!--End PulumiCodeChooser -->
|
|
34
|
+
:param str type: The SSH public key type.
|
|
35
|
+
*Supported key types are:*
|
|
36
|
+
`rsa`, `ecdsa`, `ec`, `dsa`, `ed25519`, `ssh-rsa`, `ssh-dss`, `ssh-ed25519`,
|
|
37
|
+
`ecdsa-sha2-nistp256`, `ecdsa-sha2-nistp384`, `ecdsa-sha2-nistp521`
|
|
25
38
|
"""
|
|
26
39
|
pulumi.set(__self__, "lengths", lengths)
|
|
27
40
|
pulumi.set(__self__, "type", type)
|
|
@@ -30,7 +43,18 @@ class SecretBackendRoleAllowedUserKeyConfig(dict):
|
|
|
30
43
|
@pulumi.getter
|
|
31
44
|
def lengths(self) -> Sequence[int]:
|
|
32
45
|
"""
|
|
33
|
-
|
|
46
|
+
A list of allowed key lengths as integers.
|
|
47
|
+
For key types that do not support setting the length a value of `[0]` should be used.
|
|
48
|
+
Setting multiple lengths is only supported on Vault 1.10+. For prior releases `length`
|
|
49
|
+
must be set to a single element list.
|
|
50
|
+
|
|
51
|
+
Example configuration blocks that might be included in the `ssh.SecretBackendRole`
|
|
52
|
+
|
|
53
|
+
<!--Start PulumiCodeChooser -->
|
|
54
|
+
```python
|
|
55
|
+
import pulumi
|
|
56
|
+
```
|
|
57
|
+
<!--End PulumiCodeChooser -->
|
|
34
58
|
"""
|
|
35
59
|
return pulumi.get(self, "lengths")
|
|
36
60
|
|
|
@@ -38,8 +62,10 @@ class SecretBackendRoleAllowedUserKeyConfig(dict):
|
|
|
38
62
|
@pulumi.getter
|
|
39
63
|
def type(self) -> str:
|
|
40
64
|
"""
|
|
41
|
-
|
|
42
|
-
|
|
65
|
+
The SSH public key type.
|
|
66
|
+
*Supported key types are:*
|
|
67
|
+
`rsa`, `ecdsa`, `ec`, `dsa`, `ed25519`, `ssh-rsa`, `ssh-dss`, `ssh-ed25519`,
|
|
68
|
+
`ecdsa-sha2-nistp256`, `ecdsa-sha2-nistp384`, `ecdsa-sha2-nistp521`
|
|
43
69
|
"""
|
|
44
70
|
return pulumi.get(self, "type")
|
|
45
71
|
|
|
@@ -216,6 +216,7 @@ class SecretBackendCa(pulumi.CustomResource):
|
|
|
216
216
|
|
|
217
217
|
## Example Usage
|
|
218
218
|
|
|
219
|
+
<!--Start PulumiCodeChooser -->
|
|
219
220
|
```python
|
|
220
221
|
import pulumi
|
|
221
222
|
import pulumi_vault as vault
|
|
@@ -223,6 +224,7 @@ class SecretBackendCa(pulumi.CustomResource):
|
|
|
223
224
|
example = vault.Mount("example", type="ssh")
|
|
224
225
|
foo = vault.ssh.SecretBackendCa("foo", backend=example.path)
|
|
225
226
|
```
|
|
227
|
+
<!--End PulumiCodeChooser -->
|
|
226
228
|
|
|
227
229
|
## Import
|
|
228
230
|
|
|
@@ -255,6 +257,7 @@ class SecretBackendCa(pulumi.CustomResource):
|
|
|
255
257
|
|
|
256
258
|
## Example Usage
|
|
257
259
|
|
|
260
|
+
<!--Start PulumiCodeChooser -->
|
|
258
261
|
```python
|
|
259
262
|
import pulumi
|
|
260
263
|
import pulumi_vault as vault
|
|
@@ -262,6 +265,7 @@ class SecretBackendCa(pulumi.CustomResource):
|
|
|
262
265
|
example = vault.Mount("example", type="ssh")
|
|
263
266
|
foo = vault.ssh.SecretBackendCa("foo", backend=example.path)
|
|
264
267
|
```
|
|
268
|
+
<!--End PulumiCodeChooser -->
|
|
265
269
|
|
|
266
270
|
## Import
|
|
267
271
|
|
|
@@ -921,24 +921,24 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
|
921
921
|
|
|
922
922
|
## Example Usage
|
|
923
923
|
|
|
924
|
+
<!--Start PulumiCodeChooser -->
|
|
924
925
|
```python
|
|
925
926
|
import pulumi
|
|
926
927
|
import pulumi_vault as vault
|
|
927
928
|
|
|
928
929
|
example = vault.Mount("example", type="ssh")
|
|
929
930
|
foo = vault.ssh.SecretBackendRole("foo",
|
|
930
|
-
name="my-role",
|
|
931
931
|
backend=example.path,
|
|
932
932
|
key_type="ca",
|
|
933
933
|
allow_user_certificates=True)
|
|
934
934
|
bar = vault.ssh.SecretBackendRole("bar",
|
|
935
|
-
name="otp-role",
|
|
936
935
|
backend=example.path,
|
|
937
936
|
key_type="otp",
|
|
938
937
|
default_user="default",
|
|
939
938
|
allowed_users="default,baz",
|
|
940
939
|
cidr_list="0.0.0.0/0")
|
|
941
940
|
```
|
|
941
|
+
<!--End PulumiCodeChooser -->
|
|
942
942
|
|
|
943
943
|
## Import
|
|
944
944
|
|
|
@@ -995,24 +995,24 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
|
995
995
|
|
|
996
996
|
## Example Usage
|
|
997
997
|
|
|
998
|
+
<!--Start PulumiCodeChooser -->
|
|
998
999
|
```python
|
|
999
1000
|
import pulumi
|
|
1000
1001
|
import pulumi_vault as vault
|
|
1001
1002
|
|
|
1002
1003
|
example = vault.Mount("example", type="ssh")
|
|
1003
1004
|
foo = vault.ssh.SecretBackendRole("foo",
|
|
1004
|
-
name="my-role",
|
|
1005
1005
|
backend=example.path,
|
|
1006
1006
|
key_type="ca",
|
|
1007
1007
|
allow_user_certificates=True)
|
|
1008
1008
|
bar = vault.ssh.SecretBackendRole("bar",
|
|
1009
|
-
name="otp-role",
|
|
1010
1009
|
backend=example.path,
|
|
1011
1010
|
key_type="otp",
|
|
1012
1011
|
default_user="default",
|
|
1013
1012
|
allowed_users="default,baz",
|
|
1014
1013
|
cidr_list="0.0.0.0/0")
|
|
1015
1014
|
```
|
|
1015
|
+
<!--End PulumiCodeChooser -->
|
|
1016
1016
|
|
|
1017
1017
|
## Import
|
|
1018
1018
|
|