pulumi-vault 6.2.0__py3-none-any.whl → 6.2.0a1712470779__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +0 -26
- pulumi_vault/_inputs.py +20 -0
- pulumi_vault/ad/secret_backend.py +6 -2
- pulumi_vault/ad/secret_library.py +4 -2
- pulumi_vault/ad/secret_role.py +4 -0
- pulumi_vault/alicloud/auth_backend_role.py +192 -69
- pulumi_vault/approle/auth_backend_login.py +4 -0
- pulumi_vault/approle/auth_backend_role.py +186 -63
- pulumi_vault/approle/auth_backend_role_secret_id.py +4 -0
- pulumi_vault/approle/get_auth_backend_role_id.py +4 -0
- pulumi_vault/audit.py +20 -12
- pulumi_vault/audit_request_header.py +6 -6
- pulumi_vault/auth_backend.py +0 -47
- pulumi_vault/aws/auth_backend_client.py +17 -253
- pulumi_vault/aws/auth_backend_config_identity.py +4 -0
- pulumi_vault/aws/auth_backend_identity_whitelist.py +10 -6
- pulumi_vault/aws/auth_backend_login.py +8 -0
- pulumi_vault/aws/auth_backend_role.py +186 -63
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +10 -6
- pulumi_vault/aws/auth_backend_sts_role.py +4 -0
- pulumi_vault/aws/secret_backend_role.py +4 -56
- pulumi_vault/aws/secret_backend_static_role.py +4 -2
- pulumi_vault/azure/auth_backend_config.py +10 -139
- pulumi_vault/azure/auth_backend_role.py +186 -63
- pulumi_vault/azure/backend.py +22 -217
- pulumi_vault/azure/backend_role.py +18 -14
- pulumi_vault/azure/get_access_credentials.py +4 -0
- pulumi_vault/cert_auth_backend_role.py +208 -75
- pulumi_vault/consul/secret_backend.py +18 -10
- pulumi_vault/consul/secret_backend_role.py +4 -2
- pulumi_vault/database/_inputs.py +784 -522
- pulumi_vault/database/outputs.py +784 -522
- pulumi_vault/database/secret_backend_connection.py +4 -2
- pulumi_vault/database/secret_backend_role.py +4 -4
- pulumi_vault/database/secret_backend_static_role.py +8 -10
- pulumi_vault/database/secrets_mount.py +4 -286
- pulumi_vault/egp_policy.py +8 -4
- pulumi_vault/gcp/auth_backend.py +18 -226
- pulumi_vault/gcp/auth_backend_role.py +264 -63
- pulumi_vault/gcp/get_auth_backend_role.py +4 -0
- pulumi_vault/gcp/secret_backend.py +9 -275
- pulumi_vault/gcp/secret_impersonated_account.py +14 -12
- pulumi_vault/gcp/secret_roleset.py +6 -4
- pulumi_vault/gcp/secret_static_account.py +16 -14
- pulumi_vault/generic/endpoint.py +8 -4
- pulumi_vault/generic/get_secret.py +4 -40
- pulumi_vault/get_auth_backend.py +4 -0
- pulumi_vault/get_auth_backends.py +8 -0
- pulumi_vault/get_namespace.py +12 -0
- pulumi_vault/get_namespaces.py +12 -4
- pulumi_vault/get_nomad_access_token.py +4 -0
- pulumi_vault/get_policy_document.py +8 -8
- pulumi_vault/get_raft_autopilot_state.py +4 -0
- pulumi_vault/github/auth_backend.py +4 -0
- pulumi_vault/github/team.py +6 -2
- pulumi_vault/github/user.py +6 -2
- pulumi_vault/identity/entity.py +8 -6
- pulumi_vault/identity/entity_alias.py +8 -6
- pulumi_vault/identity/entity_policies.py +12 -12
- pulumi_vault/identity/get_entity.py +4 -0
- pulumi_vault/identity/get_group.py +4 -0
- pulumi_vault/identity/get_oidc_client_creds.py +4 -2
- pulumi_vault/identity/get_oidc_openid_config.py +6 -10
- pulumi_vault/identity/get_oidc_public_keys.py +6 -10
- pulumi_vault/identity/group.py +42 -38
- pulumi_vault/identity/group_alias.py +4 -2
- pulumi_vault/identity/group_member_entity_ids.py +16 -12
- pulumi_vault/identity/group_member_group_ids.py +20 -24
- pulumi_vault/identity/group_policies.py +8 -4
- pulumi_vault/identity/mfa_duo.py +8 -4
- pulumi_vault/identity/mfa_login_enforcement.py +8 -8
- pulumi_vault/identity/mfa_okta.py +8 -4
- pulumi_vault/identity/mfa_pingid.py +4 -0
- pulumi_vault/identity/mfa_totp.py +4 -0
- pulumi_vault/identity/oidc.py +4 -0
- pulumi_vault/identity/oidc_assignment.py +6 -10
- pulumi_vault/identity/oidc_client.py +10 -10
- pulumi_vault/identity/oidc_key.py +12 -16
- pulumi_vault/identity/oidc_key_allowed_client_id.py +12 -16
- pulumi_vault/identity/oidc_provider.py +16 -22
- pulumi_vault/identity/oidc_role.py +20 -28
- pulumi_vault/identity/oidc_scope.py +8 -6
- pulumi_vault/jwt/auth_backend.py +32 -20
- pulumi_vault/jwt/auth_backend_role.py +225 -91
- pulumi_vault/kmip/secret_backend.py +14 -10
- pulumi_vault/kmip/secret_role.py +4 -0
- pulumi_vault/kmip/secret_scope.py +4 -0
- pulumi_vault/kubernetes/auth_backend_config.py +4 -0
- pulumi_vault/kubernetes/auth_backend_role.py +172 -56
- pulumi_vault/kubernetes/get_service_account_token.py +8 -8
- pulumi_vault/kubernetes/secret_backend.py +8 -288
- pulumi_vault/kubernetes/secret_backend_role.py +24 -24
- pulumi_vault/kv/get_secret.py +4 -0
- pulumi_vault/kv/get_secret_subkeys_v2.py +6 -4
- pulumi_vault/kv/get_secret_v2.py +0 -58
- pulumi_vault/kv/get_secrets_list.py +8 -4
- pulumi_vault/kv/get_secrets_list_v2.py +12 -14
- pulumi_vault/kv/secret.py +4 -0
- pulumi_vault/kv/secret_backend_v2.py +4 -0
- pulumi_vault/kv/secret_v2.py +4 -2
- pulumi_vault/ldap/auth_backend.py +161 -66
- pulumi_vault/ldap/auth_backend_group.py +4 -0
- pulumi_vault/ldap/auth_backend_user.py +4 -0
- pulumi_vault/ldap/secret_backend.py +8 -286
- pulumi_vault/ldap/secret_backend_dynamic_role.py +4 -0
- pulumi_vault/ldap/secret_backend_library_set.py +4 -2
- pulumi_vault/ldap/secret_backend_static_role.py +4 -0
- pulumi_vault/managed/_inputs.py +132 -84
- pulumi_vault/managed/keys.py +28 -7
- pulumi_vault/managed/outputs.py +132 -84
- pulumi_vault/mfa_duo.py +6 -4
- pulumi_vault/mfa_okta.py +6 -4
- pulumi_vault/mfa_pingid.py +6 -4
- pulumi_vault/mfa_totp.py +12 -10
- pulumi_vault/mongodbatlas/secret_backend.py +4 -0
- pulumi_vault/mongodbatlas/secret_role.py +4 -2
- pulumi_vault/mount.py +42 -350
- pulumi_vault/nomad_secret_backend.py +8 -4
- pulumi_vault/nomad_secret_role.py +4 -0
- pulumi_vault/okta/_inputs.py +8 -8
- pulumi_vault/okta/auth_backend.py +10 -459
- pulumi_vault/okta/auth_backend_group.py +4 -0
- pulumi_vault/okta/auth_backend_user.py +4 -0
- pulumi_vault/okta/outputs.py +8 -8
- pulumi_vault/outputs.py +20 -0
- pulumi_vault/password_policy.py +8 -6
- pulumi_vault/pkisecret/__init__.py +0 -2
- pulumi_vault/pkisecret/_inputs.py +0 -30
- pulumi_vault/pkisecret/backend_config_cluster.py +4 -0
- pulumi_vault/pkisecret/get_backend_issuer.py +0 -36
- pulumi_vault/pkisecret/get_backend_issuers.py +4 -0
- pulumi_vault/pkisecret/get_backend_key.py +6 -2
- pulumi_vault/pkisecret/get_backend_keys.py +4 -0
- pulumi_vault/pkisecret/outputs.py +0 -54
- pulumi_vault/pkisecret/secret_backend_cert.py +8 -6
- pulumi_vault/pkisecret/secret_backend_config_ca.py +8 -4
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +4 -0
- pulumi_vault/pkisecret/secret_backend_config_urls.py +4 -0
- pulumi_vault/pkisecret/secret_backend_crl_config.py +6 -2
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +8 -4
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +14 -10
- pulumi_vault/pkisecret/secret_backend_issuer.py +4 -0
- pulumi_vault/pkisecret/secret_backend_role.py +4 -2
- pulumi_vault/pkisecret/secret_backend_root_cert.py +8 -4
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +10 -6
- pulumi_vault/pkisecret/secret_backend_sign.py +8 -6
- pulumi_vault/provider.py +8 -0
- pulumi_vault/pulumi-plugin.json +1 -2
- pulumi_vault/quota_lease_count.py +8 -53
- pulumi_vault/quota_rate_limit.py +4 -49
- pulumi_vault/rabbitmq/secret_backend.py +8 -4
- pulumi_vault/rabbitmq/secret_backend_role.py +4 -2
- pulumi_vault/raft_autopilot.py +4 -0
- pulumi_vault/raft_snapshot_agent_config.py +304 -109
- pulumi_vault/rgp_policy.py +6 -2
- pulumi_vault/saml/auth_backend.py +12 -8
- pulumi_vault/saml/auth_backend_role.py +178 -64
- pulumi_vault/secrets/sync_association.py +10 -12
- pulumi_vault/secrets/sync_aws_destination.py +8 -6
- pulumi_vault/secrets/sync_azure_destination.py +12 -10
- pulumi_vault/secrets/sync_config.py +6 -2
- pulumi_vault/secrets/sync_gcp_destination.py +6 -6
- pulumi_vault/secrets/sync_gh_destination.py +8 -6
- pulumi_vault/secrets/sync_github_apps.py +8 -8
- pulumi_vault/secrets/sync_vercel_destination.py +8 -6
- pulumi_vault/ssh/_inputs.py +32 -6
- pulumi_vault/ssh/outputs.py +32 -6
- pulumi_vault/ssh/secret_backend_ca.py +4 -94
- pulumi_vault/ssh/secret_backend_role.py +4 -4
- pulumi_vault/terraformcloud/secret_backend.py +56 -0
- pulumi_vault/terraformcloud/secret_creds.py +17 -2
- pulumi_vault/terraformcloud/secret_role.py +69 -2
- pulumi_vault/token.py +18 -14
- pulumi_vault/tokenauth/auth_backend_role.py +180 -64
- pulumi_vault/transform/alphabet.py +6 -4
- pulumi_vault/transform/get_decode.py +4 -4
- pulumi_vault/transform/get_encode.py +4 -4
- pulumi_vault/transform/role.py +6 -4
- pulumi_vault/transform/template.py +4 -4
- pulumi_vault/transit/get_decrypt.py +20 -4
- pulumi_vault/transit/get_encrypt.py +14 -0
- pulumi_vault/transit/secret_backend_key.py +6 -6
- pulumi_vault/transit/secret_cache_config.py +4 -0
- {pulumi_vault-6.2.0.dist-info → pulumi_vault-6.2.0a1712470779.dist-info}/METADATA +1 -1
- pulumi_vault-6.2.0a1712470779.dist-info/RECORD +252 -0
- {pulumi_vault-6.2.0.dist-info → pulumi_vault-6.2.0a1712470779.dist-info}/WHEEL +1 -1
- pulumi_vault/pkisecret/backend_config_est.py +0 -614
- pulumi_vault/pkisecret/get_backend_config_est.py +0 -233
- pulumi_vault/plugin.py +0 -590
- pulumi_vault/plugin_pinned_version.py +0 -293
- pulumi_vault-6.2.0.dist-info/RECORD +0 -256
- {pulumi_vault-6.2.0.dist-info → pulumi_vault-6.2.0a1712470779.dist-info}/top_level.txt +0 -0
|
@@ -58,15 +58,32 @@ class AuthBackendRoleArgs:
|
|
|
58
58
|
The value should not contain leading or trailing forward slashes.
|
|
59
59
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
|
60
60
|
*Available only for Vault Enterprise*.
|
|
61
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs:
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
:param pulumi.Input[
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
:param pulumi.Input[int]
|
|
69
|
-
|
|
61
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: List of CIDR blocks; if set, specifies blocks of IP
|
|
62
|
+
addresses which can authenticate successfully, and ties the resulting token to these blocks
|
|
63
|
+
as well.
|
|
64
|
+
:param pulumi.Input[int] token_explicit_max_ttl: If set, will encode an
|
|
65
|
+
[explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
|
|
66
|
+
onto the token in number of seconds. This is a hard cap even if `token_ttl` and
|
|
67
|
+
`token_max_ttl` would otherwise allow a renewal.
|
|
68
|
+
:param pulumi.Input[int] token_max_ttl: The maximum lifetime for generated tokens in number of seconds.
|
|
69
|
+
Its current value will be referenced at renewal time.
|
|
70
|
+
:param pulumi.Input[bool] token_no_default_policy: If set, the default policy will not be set on
|
|
71
|
+
generated tokens; otherwise it will be added to the policies set in token_policies.
|
|
72
|
+
:param pulumi.Input[int] token_num_uses: The [maximum number](https://www.vaultproject.io/api-docs/azure#token_num_uses)
|
|
73
|
+
of times a generated token may be used (within its lifetime); 0 means unlimited.
|
|
74
|
+
:param pulumi.Input[int] token_period: If set, indicates that the
|
|
75
|
+
token generated using this role should never expire. The token should be renewed within the
|
|
76
|
+
duration specified by this value. At each renewal, the token's TTL will be set to the
|
|
77
|
+
value of this field. Specified in seconds.
|
|
78
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: List of policies to encode onto generated tokens. Depending
|
|
79
|
+
on the auth method, this list may be supplemented by user/group/other values.
|
|
80
|
+
:param pulumi.Input[int] token_ttl: The incremental lifetime for generated tokens in number of seconds.
|
|
81
|
+
Its current value will be referenced at renewal time.
|
|
82
|
+
:param pulumi.Input[str] token_type: The type of token that should be generated. Can be `service`,
|
|
83
|
+
`batch`, or `default` to use the mount's tuned default (which unless changed will be
|
|
84
|
+
`service` tokens). For token store roles, there are two additional possibilities:
|
|
85
|
+
`default-service` and `default-batch` which specify the type to return unless the client
|
|
86
|
+
requests a different type at generation time.
|
|
70
87
|
"""
|
|
71
88
|
pulumi.set(__self__, "role", role)
|
|
72
89
|
if backend is not None:
|
|
@@ -231,7 +248,9 @@ class AuthBackendRoleArgs:
|
|
|
231
248
|
@pulumi.getter(name="tokenBoundCidrs")
|
|
232
249
|
def token_bound_cidrs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
|
233
250
|
"""
|
|
234
|
-
|
|
251
|
+
List of CIDR blocks; if set, specifies blocks of IP
|
|
252
|
+
addresses which can authenticate successfully, and ties the resulting token to these blocks
|
|
253
|
+
as well.
|
|
235
254
|
"""
|
|
236
255
|
return pulumi.get(self, "token_bound_cidrs")
|
|
237
256
|
|
|
@@ -243,7 +262,10 @@ class AuthBackendRoleArgs:
|
|
|
243
262
|
@pulumi.getter(name="tokenExplicitMaxTtl")
|
|
244
263
|
def token_explicit_max_ttl(self) -> Optional[pulumi.Input[int]]:
|
|
245
264
|
"""
|
|
246
|
-
|
|
265
|
+
If set, will encode an
|
|
266
|
+
[explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
|
|
267
|
+
onto the token in number of seconds. This is a hard cap even if `token_ttl` and
|
|
268
|
+
`token_max_ttl` would otherwise allow a renewal.
|
|
247
269
|
"""
|
|
248
270
|
return pulumi.get(self, "token_explicit_max_ttl")
|
|
249
271
|
|
|
@@ -255,7 +277,8 @@ class AuthBackendRoleArgs:
|
|
|
255
277
|
@pulumi.getter(name="tokenMaxTtl")
|
|
256
278
|
def token_max_ttl(self) -> Optional[pulumi.Input[int]]:
|
|
257
279
|
"""
|
|
258
|
-
The maximum lifetime
|
|
280
|
+
The maximum lifetime for generated tokens in number of seconds.
|
|
281
|
+
Its current value will be referenced at renewal time.
|
|
259
282
|
"""
|
|
260
283
|
return pulumi.get(self, "token_max_ttl")
|
|
261
284
|
|
|
@@ -267,7 +290,8 @@ class AuthBackendRoleArgs:
|
|
|
267
290
|
@pulumi.getter(name="tokenNoDefaultPolicy")
|
|
268
291
|
def token_no_default_policy(self) -> Optional[pulumi.Input[bool]]:
|
|
269
292
|
"""
|
|
270
|
-
If
|
|
293
|
+
If set, the default policy will not be set on
|
|
294
|
+
generated tokens; otherwise it will be added to the policies set in token_policies.
|
|
271
295
|
"""
|
|
272
296
|
return pulumi.get(self, "token_no_default_policy")
|
|
273
297
|
|
|
@@ -279,7 +303,8 @@ class AuthBackendRoleArgs:
|
|
|
279
303
|
@pulumi.getter(name="tokenNumUses")
|
|
280
304
|
def token_num_uses(self) -> Optional[pulumi.Input[int]]:
|
|
281
305
|
"""
|
|
282
|
-
The maximum number
|
|
306
|
+
The [maximum number](https://www.vaultproject.io/api-docs/azure#token_num_uses)
|
|
307
|
+
of times a generated token may be used (within its lifetime); 0 means unlimited.
|
|
283
308
|
"""
|
|
284
309
|
return pulumi.get(self, "token_num_uses")
|
|
285
310
|
|
|
@@ -291,7 +316,10 @@ class AuthBackendRoleArgs:
|
|
|
291
316
|
@pulumi.getter(name="tokenPeriod")
|
|
292
317
|
def token_period(self) -> Optional[pulumi.Input[int]]:
|
|
293
318
|
"""
|
|
294
|
-
|
|
319
|
+
If set, indicates that the
|
|
320
|
+
token generated using this role should never expire. The token should be renewed within the
|
|
321
|
+
duration specified by this value. At each renewal, the token's TTL will be set to the
|
|
322
|
+
value of this field. Specified in seconds.
|
|
295
323
|
"""
|
|
296
324
|
return pulumi.get(self, "token_period")
|
|
297
325
|
|
|
@@ -303,7 +331,8 @@ class AuthBackendRoleArgs:
|
|
|
303
331
|
@pulumi.getter(name="tokenPolicies")
|
|
304
332
|
def token_policies(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
|
305
333
|
"""
|
|
306
|
-
|
|
334
|
+
List of policies to encode onto generated tokens. Depending
|
|
335
|
+
on the auth method, this list may be supplemented by user/group/other values.
|
|
307
336
|
"""
|
|
308
337
|
return pulumi.get(self, "token_policies")
|
|
309
338
|
|
|
@@ -315,7 +344,8 @@ class AuthBackendRoleArgs:
|
|
|
315
344
|
@pulumi.getter(name="tokenTtl")
|
|
316
345
|
def token_ttl(self) -> Optional[pulumi.Input[int]]:
|
|
317
346
|
"""
|
|
318
|
-
The
|
|
347
|
+
The incremental lifetime for generated tokens in number of seconds.
|
|
348
|
+
Its current value will be referenced at renewal time.
|
|
319
349
|
"""
|
|
320
350
|
return pulumi.get(self, "token_ttl")
|
|
321
351
|
|
|
@@ -327,7 +357,11 @@ class AuthBackendRoleArgs:
|
|
|
327
357
|
@pulumi.getter(name="tokenType")
|
|
328
358
|
def token_type(self) -> Optional[pulumi.Input[str]]:
|
|
329
359
|
"""
|
|
330
|
-
The type of token
|
|
360
|
+
The type of token that should be generated. Can be `service`,
|
|
361
|
+
`batch`, or `default` to use the mount's tuned default (which unless changed will be
|
|
362
|
+
`service` tokens). For token store roles, there are two additional possibilities:
|
|
363
|
+
`default-service` and `default-batch` which specify the type to return unless the client
|
|
364
|
+
requests a different type at generation time.
|
|
331
365
|
"""
|
|
332
366
|
return pulumi.get(self, "token_type")
|
|
333
367
|
|
|
@@ -383,15 +417,32 @@ class _AuthBackendRoleState:
|
|
|
383
417
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
|
384
418
|
*Available only for Vault Enterprise*.
|
|
385
419
|
:param pulumi.Input[str] role: The name of the role.
|
|
386
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs:
|
|
387
|
-
|
|
388
|
-
|
|
389
|
-
:param pulumi.Input[
|
|
390
|
-
|
|
391
|
-
|
|
392
|
-
|
|
393
|
-
:param pulumi.Input[int]
|
|
394
|
-
|
|
420
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: List of CIDR blocks; if set, specifies blocks of IP
|
|
421
|
+
addresses which can authenticate successfully, and ties the resulting token to these blocks
|
|
422
|
+
as well.
|
|
423
|
+
:param pulumi.Input[int] token_explicit_max_ttl: If set, will encode an
|
|
424
|
+
[explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
|
|
425
|
+
onto the token in number of seconds. This is a hard cap even if `token_ttl` and
|
|
426
|
+
`token_max_ttl` would otherwise allow a renewal.
|
|
427
|
+
:param pulumi.Input[int] token_max_ttl: The maximum lifetime for generated tokens in number of seconds.
|
|
428
|
+
Its current value will be referenced at renewal time.
|
|
429
|
+
:param pulumi.Input[bool] token_no_default_policy: If set, the default policy will not be set on
|
|
430
|
+
generated tokens; otherwise it will be added to the policies set in token_policies.
|
|
431
|
+
:param pulumi.Input[int] token_num_uses: The [maximum number](https://www.vaultproject.io/api-docs/azure#token_num_uses)
|
|
432
|
+
of times a generated token may be used (within its lifetime); 0 means unlimited.
|
|
433
|
+
:param pulumi.Input[int] token_period: If set, indicates that the
|
|
434
|
+
token generated using this role should never expire. The token should be renewed within the
|
|
435
|
+
duration specified by this value. At each renewal, the token's TTL will be set to the
|
|
436
|
+
value of this field. Specified in seconds.
|
|
437
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: List of policies to encode onto generated tokens. Depending
|
|
438
|
+
on the auth method, this list may be supplemented by user/group/other values.
|
|
439
|
+
:param pulumi.Input[int] token_ttl: The incremental lifetime for generated tokens in number of seconds.
|
|
440
|
+
Its current value will be referenced at renewal time.
|
|
441
|
+
:param pulumi.Input[str] token_type: The type of token that should be generated. Can be `service`,
|
|
442
|
+
`batch`, or `default` to use the mount's tuned default (which unless changed will be
|
|
443
|
+
`service` tokens). For token store roles, there are two additional possibilities:
|
|
444
|
+
`default-service` and `default-batch` which specify the type to return unless the client
|
|
445
|
+
requests a different type at generation time.
|
|
395
446
|
"""
|
|
396
447
|
if backend is not None:
|
|
397
448
|
pulumi.set(__self__, "backend", backend)
|
|
@@ -557,7 +608,9 @@ class _AuthBackendRoleState:
|
|
|
557
608
|
@pulumi.getter(name="tokenBoundCidrs")
|
|
558
609
|
def token_bound_cidrs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
|
559
610
|
"""
|
|
560
|
-
|
|
611
|
+
List of CIDR blocks; if set, specifies blocks of IP
|
|
612
|
+
addresses which can authenticate successfully, and ties the resulting token to these blocks
|
|
613
|
+
as well.
|
|
561
614
|
"""
|
|
562
615
|
return pulumi.get(self, "token_bound_cidrs")
|
|
563
616
|
|
|
@@ -569,7 +622,10 @@ class _AuthBackendRoleState:
|
|
|
569
622
|
@pulumi.getter(name="tokenExplicitMaxTtl")
|
|
570
623
|
def token_explicit_max_ttl(self) -> Optional[pulumi.Input[int]]:
|
|
571
624
|
"""
|
|
572
|
-
|
|
625
|
+
If set, will encode an
|
|
626
|
+
[explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
|
|
627
|
+
onto the token in number of seconds. This is a hard cap even if `token_ttl` and
|
|
628
|
+
`token_max_ttl` would otherwise allow a renewal.
|
|
573
629
|
"""
|
|
574
630
|
return pulumi.get(self, "token_explicit_max_ttl")
|
|
575
631
|
|
|
@@ -581,7 +637,8 @@ class _AuthBackendRoleState:
|
|
|
581
637
|
@pulumi.getter(name="tokenMaxTtl")
|
|
582
638
|
def token_max_ttl(self) -> Optional[pulumi.Input[int]]:
|
|
583
639
|
"""
|
|
584
|
-
The maximum lifetime
|
|
640
|
+
The maximum lifetime for generated tokens in number of seconds.
|
|
641
|
+
Its current value will be referenced at renewal time.
|
|
585
642
|
"""
|
|
586
643
|
return pulumi.get(self, "token_max_ttl")
|
|
587
644
|
|
|
@@ -593,7 +650,8 @@ class _AuthBackendRoleState:
|
|
|
593
650
|
@pulumi.getter(name="tokenNoDefaultPolicy")
|
|
594
651
|
def token_no_default_policy(self) -> Optional[pulumi.Input[bool]]:
|
|
595
652
|
"""
|
|
596
|
-
If
|
|
653
|
+
If set, the default policy will not be set on
|
|
654
|
+
generated tokens; otherwise it will be added to the policies set in token_policies.
|
|
597
655
|
"""
|
|
598
656
|
return pulumi.get(self, "token_no_default_policy")
|
|
599
657
|
|
|
@@ -605,7 +663,8 @@ class _AuthBackendRoleState:
|
|
|
605
663
|
@pulumi.getter(name="tokenNumUses")
|
|
606
664
|
def token_num_uses(self) -> Optional[pulumi.Input[int]]:
|
|
607
665
|
"""
|
|
608
|
-
The maximum number
|
|
666
|
+
The [maximum number](https://www.vaultproject.io/api-docs/azure#token_num_uses)
|
|
667
|
+
of times a generated token may be used (within its lifetime); 0 means unlimited.
|
|
609
668
|
"""
|
|
610
669
|
return pulumi.get(self, "token_num_uses")
|
|
611
670
|
|
|
@@ -617,7 +676,10 @@ class _AuthBackendRoleState:
|
|
|
617
676
|
@pulumi.getter(name="tokenPeriod")
|
|
618
677
|
def token_period(self) -> Optional[pulumi.Input[int]]:
|
|
619
678
|
"""
|
|
620
|
-
|
|
679
|
+
If set, indicates that the
|
|
680
|
+
token generated using this role should never expire. The token should be renewed within the
|
|
681
|
+
duration specified by this value. At each renewal, the token's TTL will be set to the
|
|
682
|
+
value of this field. Specified in seconds.
|
|
621
683
|
"""
|
|
622
684
|
return pulumi.get(self, "token_period")
|
|
623
685
|
|
|
@@ -629,7 +691,8 @@ class _AuthBackendRoleState:
|
|
|
629
691
|
@pulumi.getter(name="tokenPolicies")
|
|
630
692
|
def token_policies(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
|
631
693
|
"""
|
|
632
|
-
|
|
694
|
+
List of policies to encode onto generated tokens. Depending
|
|
695
|
+
on the auth method, this list may be supplemented by user/group/other values.
|
|
633
696
|
"""
|
|
634
697
|
return pulumi.get(self, "token_policies")
|
|
635
698
|
|
|
@@ -641,7 +704,8 @@ class _AuthBackendRoleState:
|
|
|
641
704
|
@pulumi.getter(name="tokenTtl")
|
|
642
705
|
def token_ttl(self) -> Optional[pulumi.Input[int]]:
|
|
643
706
|
"""
|
|
644
|
-
The
|
|
707
|
+
The incremental lifetime for generated tokens in number of seconds.
|
|
708
|
+
Its current value will be referenced at renewal time.
|
|
645
709
|
"""
|
|
646
710
|
return pulumi.get(self, "token_ttl")
|
|
647
711
|
|
|
@@ -653,7 +717,11 @@ class _AuthBackendRoleState:
|
|
|
653
717
|
@pulumi.getter(name="tokenType")
|
|
654
718
|
def token_type(self) -> Optional[pulumi.Input[str]]:
|
|
655
719
|
"""
|
|
656
|
-
The type of token
|
|
720
|
+
The type of token that should be generated. Can be `service`,
|
|
721
|
+
`batch`, or `default` to use the mount's tuned default (which unless changed will be
|
|
722
|
+
`service` tokens). For token store roles, there are two additional possibilities:
|
|
723
|
+
`default-service` and `default-batch` which specify the type to return unless the client
|
|
724
|
+
requests a different type at generation time.
|
|
657
725
|
"""
|
|
658
726
|
return pulumi.get(self, "token_type")
|
|
659
727
|
|
|
@@ -695,6 +763,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
|
695
763
|
|
|
696
764
|
## Example Usage
|
|
697
765
|
|
|
766
|
+
<!--Start PulumiCodeChooser -->
|
|
698
767
|
```python
|
|
699
768
|
import pulumi
|
|
700
769
|
import pulumi_vault as vault
|
|
@@ -713,6 +782,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
|
713
782
|
"prod",
|
|
714
783
|
])
|
|
715
784
|
```
|
|
785
|
+
<!--End PulumiCodeChooser -->
|
|
716
786
|
|
|
717
787
|
## Import
|
|
718
788
|
|
|
@@ -748,15 +818,32 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
|
748
818
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
|
749
819
|
*Available only for Vault Enterprise*.
|
|
750
820
|
:param pulumi.Input[str] role: The name of the role.
|
|
751
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs:
|
|
752
|
-
|
|
753
|
-
|
|
754
|
-
:param pulumi.Input[
|
|
755
|
-
|
|
756
|
-
|
|
757
|
-
|
|
758
|
-
:param pulumi.Input[int]
|
|
759
|
-
|
|
821
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: List of CIDR blocks; if set, specifies blocks of IP
|
|
822
|
+
addresses which can authenticate successfully, and ties the resulting token to these blocks
|
|
823
|
+
as well.
|
|
824
|
+
:param pulumi.Input[int] token_explicit_max_ttl: If set, will encode an
|
|
825
|
+
[explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
|
|
826
|
+
onto the token in number of seconds. This is a hard cap even if `token_ttl` and
|
|
827
|
+
`token_max_ttl` would otherwise allow a renewal.
|
|
828
|
+
:param pulumi.Input[int] token_max_ttl: The maximum lifetime for generated tokens in number of seconds.
|
|
829
|
+
Its current value will be referenced at renewal time.
|
|
830
|
+
:param pulumi.Input[bool] token_no_default_policy: If set, the default policy will not be set on
|
|
831
|
+
generated tokens; otherwise it will be added to the policies set in token_policies.
|
|
832
|
+
:param pulumi.Input[int] token_num_uses: The [maximum number](https://www.vaultproject.io/api-docs/azure#token_num_uses)
|
|
833
|
+
of times a generated token may be used (within its lifetime); 0 means unlimited.
|
|
834
|
+
:param pulumi.Input[int] token_period: If set, indicates that the
|
|
835
|
+
token generated using this role should never expire. The token should be renewed within the
|
|
836
|
+
duration specified by this value. At each renewal, the token's TTL will be set to the
|
|
837
|
+
value of this field. Specified in seconds.
|
|
838
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: List of policies to encode onto generated tokens. Depending
|
|
839
|
+
on the auth method, this list may be supplemented by user/group/other values.
|
|
840
|
+
:param pulumi.Input[int] token_ttl: The incremental lifetime for generated tokens in number of seconds.
|
|
841
|
+
Its current value will be referenced at renewal time.
|
|
842
|
+
:param pulumi.Input[str] token_type: The type of token that should be generated. Can be `service`,
|
|
843
|
+
`batch`, or `default` to use the mount's tuned default (which unless changed will be
|
|
844
|
+
`service` tokens). For token store roles, there are two additional possibilities:
|
|
845
|
+
`default-service` and `default-batch` which specify the type to return unless the client
|
|
846
|
+
requests a different type at generation time.
|
|
760
847
|
"""
|
|
761
848
|
...
|
|
762
849
|
@overload
|
|
@@ -773,6 +860,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
|
773
860
|
|
|
774
861
|
## Example Usage
|
|
775
862
|
|
|
863
|
+
<!--Start PulumiCodeChooser -->
|
|
776
864
|
```python
|
|
777
865
|
import pulumi
|
|
778
866
|
import pulumi_vault as vault
|
|
@@ -791,6 +879,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
|
791
879
|
"prod",
|
|
792
880
|
])
|
|
793
881
|
```
|
|
882
|
+
<!--End PulumiCodeChooser -->
|
|
794
883
|
|
|
795
884
|
## Import
|
|
796
885
|
|
|
@@ -921,15 +1010,32 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
|
921
1010
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
|
922
1011
|
*Available only for Vault Enterprise*.
|
|
923
1012
|
:param pulumi.Input[str] role: The name of the role.
|
|
924
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs:
|
|
925
|
-
|
|
926
|
-
|
|
927
|
-
:param pulumi.Input[
|
|
928
|
-
|
|
929
|
-
|
|
930
|
-
|
|
931
|
-
:param pulumi.Input[int]
|
|
932
|
-
|
|
1013
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: List of CIDR blocks; if set, specifies blocks of IP
|
|
1014
|
+
addresses which can authenticate successfully, and ties the resulting token to these blocks
|
|
1015
|
+
as well.
|
|
1016
|
+
:param pulumi.Input[int] token_explicit_max_ttl: If set, will encode an
|
|
1017
|
+
[explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
|
|
1018
|
+
onto the token in number of seconds. This is a hard cap even if `token_ttl` and
|
|
1019
|
+
`token_max_ttl` would otherwise allow a renewal.
|
|
1020
|
+
:param pulumi.Input[int] token_max_ttl: The maximum lifetime for generated tokens in number of seconds.
|
|
1021
|
+
Its current value will be referenced at renewal time.
|
|
1022
|
+
:param pulumi.Input[bool] token_no_default_policy: If set, the default policy will not be set on
|
|
1023
|
+
generated tokens; otherwise it will be added to the policies set in token_policies.
|
|
1024
|
+
:param pulumi.Input[int] token_num_uses: The [maximum number](https://www.vaultproject.io/api-docs/azure#token_num_uses)
|
|
1025
|
+
of times a generated token may be used (within its lifetime); 0 means unlimited.
|
|
1026
|
+
:param pulumi.Input[int] token_period: If set, indicates that the
|
|
1027
|
+
token generated using this role should never expire. The token should be renewed within the
|
|
1028
|
+
duration specified by this value. At each renewal, the token's TTL will be set to the
|
|
1029
|
+
value of this field. Specified in seconds.
|
|
1030
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: List of policies to encode onto generated tokens. Depending
|
|
1031
|
+
on the auth method, this list may be supplemented by user/group/other values.
|
|
1032
|
+
:param pulumi.Input[int] token_ttl: The incremental lifetime for generated tokens in number of seconds.
|
|
1033
|
+
Its current value will be referenced at renewal time.
|
|
1034
|
+
:param pulumi.Input[str] token_type: The type of token that should be generated. Can be `service`,
|
|
1035
|
+
`batch`, or `default` to use the mount's tuned default (which unless changed will be
|
|
1036
|
+
`service` tokens). For token store roles, there are two additional possibilities:
|
|
1037
|
+
`default-service` and `default-batch` which specify the type to return unless the client
|
|
1038
|
+
requests a different type at generation time.
|
|
933
1039
|
"""
|
|
934
1040
|
opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
|
|
935
1041
|
|
|
@@ -1046,7 +1152,9 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
|
1046
1152
|
@pulumi.getter(name="tokenBoundCidrs")
|
|
1047
1153
|
def token_bound_cidrs(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
|
1048
1154
|
"""
|
|
1049
|
-
|
|
1155
|
+
List of CIDR blocks; if set, specifies blocks of IP
|
|
1156
|
+
addresses which can authenticate successfully, and ties the resulting token to these blocks
|
|
1157
|
+
as well.
|
|
1050
1158
|
"""
|
|
1051
1159
|
return pulumi.get(self, "token_bound_cidrs")
|
|
1052
1160
|
|
|
@@ -1054,7 +1162,10 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
|
1054
1162
|
@pulumi.getter(name="tokenExplicitMaxTtl")
|
|
1055
1163
|
def token_explicit_max_ttl(self) -> pulumi.Output[Optional[int]]:
|
|
1056
1164
|
"""
|
|
1057
|
-
|
|
1165
|
+
If set, will encode an
|
|
1166
|
+
[explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
|
|
1167
|
+
onto the token in number of seconds. This is a hard cap even if `token_ttl` and
|
|
1168
|
+
`token_max_ttl` would otherwise allow a renewal.
|
|
1058
1169
|
"""
|
|
1059
1170
|
return pulumi.get(self, "token_explicit_max_ttl")
|
|
1060
1171
|
|
|
@@ -1062,7 +1173,8 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
|
1062
1173
|
@pulumi.getter(name="tokenMaxTtl")
|
|
1063
1174
|
def token_max_ttl(self) -> pulumi.Output[Optional[int]]:
|
|
1064
1175
|
"""
|
|
1065
|
-
The maximum lifetime
|
|
1176
|
+
The maximum lifetime for generated tokens in number of seconds.
|
|
1177
|
+
Its current value will be referenced at renewal time.
|
|
1066
1178
|
"""
|
|
1067
1179
|
return pulumi.get(self, "token_max_ttl")
|
|
1068
1180
|
|
|
@@ -1070,7 +1182,8 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
|
1070
1182
|
@pulumi.getter(name="tokenNoDefaultPolicy")
|
|
1071
1183
|
def token_no_default_policy(self) -> pulumi.Output[Optional[bool]]:
|
|
1072
1184
|
"""
|
|
1073
|
-
If
|
|
1185
|
+
If set, the default policy will not be set on
|
|
1186
|
+
generated tokens; otherwise it will be added to the policies set in token_policies.
|
|
1074
1187
|
"""
|
|
1075
1188
|
return pulumi.get(self, "token_no_default_policy")
|
|
1076
1189
|
|
|
@@ -1078,7 +1191,8 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
|
1078
1191
|
@pulumi.getter(name="tokenNumUses")
|
|
1079
1192
|
def token_num_uses(self) -> pulumi.Output[Optional[int]]:
|
|
1080
1193
|
"""
|
|
1081
|
-
The maximum number
|
|
1194
|
+
The [maximum number](https://www.vaultproject.io/api-docs/azure#token_num_uses)
|
|
1195
|
+
of times a generated token may be used (within its lifetime); 0 means unlimited.
|
|
1082
1196
|
"""
|
|
1083
1197
|
return pulumi.get(self, "token_num_uses")
|
|
1084
1198
|
|
|
@@ -1086,7 +1200,10 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
|
1086
1200
|
@pulumi.getter(name="tokenPeriod")
|
|
1087
1201
|
def token_period(self) -> pulumi.Output[Optional[int]]:
|
|
1088
1202
|
"""
|
|
1089
|
-
|
|
1203
|
+
If set, indicates that the
|
|
1204
|
+
token generated using this role should never expire. The token should be renewed within the
|
|
1205
|
+
duration specified by this value. At each renewal, the token's TTL will be set to the
|
|
1206
|
+
value of this field. Specified in seconds.
|
|
1090
1207
|
"""
|
|
1091
1208
|
return pulumi.get(self, "token_period")
|
|
1092
1209
|
|
|
@@ -1094,7 +1211,8 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
|
1094
1211
|
@pulumi.getter(name="tokenPolicies")
|
|
1095
1212
|
def token_policies(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
|
1096
1213
|
"""
|
|
1097
|
-
|
|
1214
|
+
List of policies to encode onto generated tokens. Depending
|
|
1215
|
+
on the auth method, this list may be supplemented by user/group/other values.
|
|
1098
1216
|
"""
|
|
1099
1217
|
return pulumi.get(self, "token_policies")
|
|
1100
1218
|
|
|
@@ -1102,7 +1220,8 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
|
1102
1220
|
@pulumi.getter(name="tokenTtl")
|
|
1103
1221
|
def token_ttl(self) -> pulumi.Output[Optional[int]]:
|
|
1104
1222
|
"""
|
|
1105
|
-
The
|
|
1223
|
+
The incremental lifetime for generated tokens in number of seconds.
|
|
1224
|
+
Its current value will be referenced at renewal time.
|
|
1106
1225
|
"""
|
|
1107
1226
|
return pulumi.get(self, "token_ttl")
|
|
1108
1227
|
|
|
@@ -1110,7 +1229,11 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
|
1110
1229
|
@pulumi.getter(name="tokenType")
|
|
1111
1230
|
def token_type(self) -> pulumi.Output[Optional[str]]:
|
|
1112
1231
|
"""
|
|
1113
|
-
The type of token
|
|
1232
|
+
The type of token that should be generated. Can be `service`,
|
|
1233
|
+
`batch`, or `default` to use the mount's tuned default (which unless changed will be
|
|
1234
|
+
`service` tokens). For token store roles, there are two additional possibilities:
|
|
1235
|
+
`default-service` and `default-batch` which specify the type to return unless the client
|
|
1236
|
+
requests a different type at generation time.
|
|
1114
1237
|
"""
|
|
1115
1238
|
return pulumi.get(self, "token_type")
|
|
1116
1239
|
|