pulumi-vault 6.2.0a1712991499__py3-none-any.whl → 6.2.0a1713561465__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/ad/secret_backend.py +2 -2
- pulumi_vault/ad/secret_library.py +2 -0
- pulumi_vault/alicloud/auth_backend_role.py +6 -6
- pulumi_vault/audit.py +12 -12
- pulumi_vault/audit_request_header.py +6 -2
- pulumi_vault/aws/auth_backend_client.py +6 -6
- pulumi_vault/aws/auth_backend_identity_whitelist.py +6 -6
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +6 -6
- pulumi_vault/aws/secret_backend_role.py +2 -0
- pulumi_vault/aws/secret_backend_static_role.py +2 -0
- pulumi_vault/azure/auth_backend_config.py +6 -6
- pulumi_vault/azure/backend.py +16 -16
- pulumi_vault/azure/backend_role.py +14 -14
- pulumi_vault/cert_auth_backend_role.py +12 -8
- pulumi_vault/consul/secret_backend.py +10 -10
- pulumi_vault/consul/secret_backend_role.py +2 -0
- pulumi_vault/database/secret_backend_connection.py +2 -0
- pulumi_vault/database/secret_backend_role.py +4 -0
- pulumi_vault/database/secret_backend_static_role.py +10 -4
- pulumi_vault/database/secrets_mount.py +4 -0
- pulumi_vault/egp_policy.py +4 -4
- pulumi_vault/gcp/auth_backend.py +0 -36
- pulumi_vault/gcp/secret_backend.py +4 -2
- pulumi_vault/gcp/secret_impersonated_account.py +12 -10
- pulumi_vault/gcp/secret_roleset.py +4 -2
- pulumi_vault/gcp/secret_static_account.py +14 -12
- pulumi_vault/generic/endpoint.py +4 -4
- pulumi_vault/generic/get_secret.py +44 -0
- pulumi_vault/get_namespaces.py +4 -4
- pulumi_vault/get_policy_document.py +8 -4
- pulumi_vault/github/team.py +2 -2
- pulumi_vault/github/user.py +2 -2
- pulumi_vault/identity/entity.py +6 -4
- pulumi_vault/identity/entity_alias.py +6 -4
- pulumi_vault/identity/entity_policies.py +12 -4
- pulumi_vault/identity/get_oidc_client_creds.py +2 -0
- pulumi_vault/identity/get_oidc_openid_config.py +10 -2
- pulumi_vault/identity/get_oidc_public_keys.py +10 -2
- pulumi_vault/identity/group.py +38 -30
- pulumi_vault/identity/group_alias.py +2 -0
- pulumi_vault/identity/group_member_entity_ids.py +12 -8
- pulumi_vault/identity/group_member_group_ids.py +24 -12
- pulumi_vault/identity/group_policies.py +4 -0
- pulumi_vault/identity/mfa_duo.py +4 -4
- pulumi_vault/identity/mfa_login_enforcement.py +8 -4
- pulumi_vault/identity/mfa_okta.py +4 -4
- pulumi_vault/identity/oidc_assignment.py +10 -2
- pulumi_vault/identity/oidc_client.py +10 -6
- pulumi_vault/identity/oidc_key.py +16 -8
- pulumi_vault/identity/oidc_key_allowed_client_id.py +16 -8
- pulumi_vault/identity/oidc_provider.py +22 -12
- pulumi_vault/identity/oidc_role.py +28 -12
- pulumi_vault/identity/oidc_scope.py +6 -4
- pulumi_vault/jwt/auth_backend.py +20 -20
- pulumi_vault/kmip/secret_backend.py +10 -10
- pulumi_vault/kubernetes/get_service_account_token.py +8 -4
- pulumi_vault/kubernetes/secret_backend.py +6 -4
- pulumi_vault/kubernetes/secret_backend_role.py +24 -12
- pulumi_vault/kv/get_secret_subkeys_v2.py +4 -2
- pulumi_vault/kv/get_secret_v2.py +62 -0
- pulumi_vault/kv/get_secrets_list.py +4 -4
- pulumi_vault/kv/get_secrets_list_v2.py +14 -8
- pulumi_vault/kv/secret_v2.py +2 -0
- pulumi_vault/ldap/auth_backend.py +10 -10
- pulumi_vault/ldap/secret_backend.py +4 -4
- pulumi_vault/ldap/secret_backend_library_set.py +2 -0
- pulumi_vault/mfa_duo.py +4 -2
- pulumi_vault/mfa_okta.py +4 -2
- pulumi_vault/mfa_pingid.py +4 -2
- pulumi_vault/mfa_totp.py +10 -8
- pulumi_vault/mongodbatlas/secret_role.py +2 -0
- pulumi_vault/mount.py +26 -26
- pulumi_vault/nomad_secret_backend.py +4 -4
- pulumi_vault/okta/auth_backend.py +6 -6
- pulumi_vault/password_policy.py +6 -4
- pulumi_vault/pkisecret/get_backend_issuer.py +40 -0
- pulumi_vault/pkisecret/get_backend_key.py +2 -2
- pulumi_vault/pkisecret/secret_backend_cert.py +6 -4
- pulumi_vault/pkisecret/secret_backend_config_ca.py +4 -4
- pulumi_vault/pkisecret/secret_backend_crl_config.py +2 -2
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +4 -4
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +10 -10
- pulumi_vault/pkisecret/secret_backend_role.py +2 -0
- pulumi_vault/pkisecret/secret_backend_root_cert.py +4 -4
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +6 -6
- pulumi_vault/pkisecret/secret_backend_sign.py +6 -4
- pulumi_vault/quota_lease_count.py +6 -4
- pulumi_vault/quota_rate_limit.py +2 -0
- pulumi_vault/rabbitmq/secret_backend.py +4 -4
- pulumi_vault/rabbitmq/secret_backend_role.py +2 -0
- pulumi_vault/raft_snapshot_agent_config.py +18 -12
- pulumi_vault/rgp_policy.py +2 -2
- pulumi_vault/saml/auth_backend.py +8 -8
- pulumi_vault/saml/auth_backend_role.py +8 -6
- pulumi_vault/secrets/sync_association.py +12 -6
- pulumi_vault/secrets/sync_aws_destination.py +6 -4
- pulumi_vault/secrets/sync_azure_destination.py +10 -8
- pulumi_vault/secrets/sync_config.py +2 -2
- pulumi_vault/secrets/sync_gcp_destination.py +6 -2
- pulumi_vault/secrets/sync_gh_destination.py +6 -4
- pulumi_vault/secrets/sync_github_apps.py +8 -4
- pulumi_vault/secrets/sync_vercel_destination.py +6 -4
- pulumi_vault/ssh/_inputs.py +0 -12
- pulumi_vault/ssh/outputs.py +0 -12
- pulumi_vault/ssh/secret_backend_role.py +4 -0
- pulumi_vault/terraformcloud/secret_creds.py +2 -0
- pulumi_vault/terraformcloud/secret_role.py +2 -0
- pulumi_vault/token.py +14 -14
- pulumi_vault/tokenauth/auth_backend_role.py +8 -8
- pulumi_vault/transform/alphabet.py +4 -2
- pulumi_vault/transform/get_decode.py +4 -0
- pulumi_vault/transform/get_encode.py +4 -0
- pulumi_vault/transform/role.py +4 -2
- pulumi_vault/transform/template.py +4 -0
- pulumi_vault/transit/get_decrypt.py +4 -4
- pulumi_vault/transit/secret_backend_key.py +6 -2
- {pulumi_vault-6.2.0a1712991499.dist-info → pulumi_vault-6.2.0a1713561465.dist-info}/METADATA +1 -1
- {pulumi_vault-6.2.0a1712991499.dist-info → pulumi_vault-6.2.0a1713561465.dist-info}/RECORD +120 -120
- {pulumi_vault-6.2.0a1712991499.dist-info → pulumi_vault-6.2.0a1713561465.dist-info}/WHEEL +0 -0
- {pulumi_vault-6.2.0a1712991499.dist-info → pulumi_vault-6.2.0a1713561465.dist-info}/top_level.txt +0 -0
|
@@ -87,10 +87,12 @@ def get_oidc_public_keys(name: Optional[str] = None,
|
|
|
87
87
|
import pulumi_vault as vault
|
|
88
88
|
|
|
89
89
|
key = vault.identity.OidcKey("key",
|
|
90
|
+
name="key",
|
|
90
91
|
allowed_client_ids=["*"],
|
|
91
92
|
rotation_period=3600,
|
|
92
93
|
verification_ttl=3600)
|
|
93
94
|
app = vault.identity.OidcClient("app",
|
|
95
|
+
name="application",
|
|
94
96
|
key=key.name,
|
|
95
97
|
redirect_uris=[
|
|
96
98
|
"http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback",
|
|
@@ -99,7 +101,9 @@ def get_oidc_public_keys(name: Optional[str] = None,
|
|
|
99
101
|
],
|
|
100
102
|
id_token_ttl=2400,
|
|
101
103
|
access_token_ttl=7200)
|
|
102
|
-
provider = vault.identity.OidcProvider("provider",
|
|
104
|
+
provider = vault.identity.OidcProvider("provider",
|
|
105
|
+
name="provider",
|
|
106
|
+
allowed_client_ids=[test["clientId"]])
|
|
103
107
|
public_keys = vault.identity.get_oidc_public_keys_output(name=provider.name)
|
|
104
108
|
```
|
|
105
109
|
<!--End PulumiCodeChooser -->
|
|
@@ -137,10 +141,12 @@ def get_oidc_public_keys_output(name: Optional[pulumi.Input[str]] = None,
|
|
|
137
141
|
import pulumi_vault as vault
|
|
138
142
|
|
|
139
143
|
key = vault.identity.OidcKey("key",
|
|
144
|
+
name="key",
|
|
140
145
|
allowed_client_ids=["*"],
|
|
141
146
|
rotation_period=3600,
|
|
142
147
|
verification_ttl=3600)
|
|
143
148
|
app = vault.identity.OidcClient("app",
|
|
149
|
+
name="application",
|
|
144
150
|
key=key.name,
|
|
145
151
|
redirect_uris=[
|
|
146
152
|
"http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback",
|
|
@@ -149,7 +155,9 @@ def get_oidc_public_keys_output(name: Optional[pulumi.Input[str]] = None,
|
|
|
149
155
|
],
|
|
150
156
|
id_token_ttl=2400,
|
|
151
157
|
access_token_ttl=7200)
|
|
152
|
-
provider = vault.identity.OidcProvider("provider",
|
|
158
|
+
provider = vault.identity.OidcProvider("provider",
|
|
159
|
+
name="provider",
|
|
160
|
+
allowed_client_ids=[test["clientId"]])
|
|
153
161
|
public_keys = vault.identity.get_oidc_public_keys_output(name=provider.name)
|
|
154
162
|
```
|
|
155
163
|
<!--End PulumiCodeChooser -->
|
pulumi_vault/identity/group.py
CHANGED
|
@@ -422,14 +422,15 @@ class Group(pulumi.CustomResource):
|
|
|
422
422
|
import pulumi_vault as vault
|
|
423
423
|
|
|
424
424
|
internal = vault.identity.Group("internal",
|
|
425
|
-
|
|
426
|
-
|
|
427
|
-
},
|
|
425
|
+
name="internal",
|
|
426
|
+
type="internal",
|
|
428
427
|
policies=[
|
|
429
428
|
"dev",
|
|
430
429
|
"test",
|
|
431
430
|
],
|
|
432
|
-
|
|
431
|
+
metadata={
|
|
432
|
+
"version": "2",
|
|
433
|
+
})
|
|
433
434
|
```
|
|
434
435
|
<!--End PulumiCodeChooser -->
|
|
435
436
|
|
|
@@ -441,11 +442,12 @@ class Group(pulumi.CustomResource):
|
|
|
441
442
|
import pulumi_vault as vault
|
|
442
443
|
|
|
443
444
|
group = vault.identity.Group("group",
|
|
445
|
+
name="external",
|
|
446
|
+
type="external",
|
|
447
|
+
policies=["test"],
|
|
444
448
|
metadata={
|
|
445
449
|
"version": "1",
|
|
446
|
-
}
|
|
447
|
-
policies=["test"],
|
|
448
|
-
type="external")
|
|
450
|
+
})
|
|
449
451
|
```
|
|
450
452
|
<!--End PulumiCodeChooser -->
|
|
451
453
|
|
|
@@ -460,24 +462,26 @@ class Group(pulumi.CustomResource):
|
|
|
460
462
|
import pulumi
|
|
461
463
|
import pulumi_vault as vault
|
|
462
464
|
|
|
463
|
-
|
|
464
|
-
|
|
465
|
-
|
|
466
|
-
},
|
|
465
|
+
internal = vault.identity.Group("internal",
|
|
466
|
+
name="internal",
|
|
467
|
+
type="internal",
|
|
467
468
|
policies=[
|
|
468
469
|
"dev",
|
|
469
470
|
"test",
|
|
470
471
|
],
|
|
471
|
-
type="internal")
|
|
472
|
-
internal_group = vault.identity.Group("internalGroup",
|
|
473
472
|
metadata={
|
|
474
473
|
"version": "2",
|
|
475
|
-
}
|
|
474
|
+
})
|
|
475
|
+
internal_group = vault.identity.Group("Internal",
|
|
476
|
+
name="Internal",
|
|
477
|
+
type="internal",
|
|
476
478
|
policies=[
|
|
477
479
|
"dev",
|
|
478
480
|
"test",
|
|
479
481
|
],
|
|
480
|
-
|
|
482
|
+
metadata={
|
|
483
|
+
"version": "2",
|
|
484
|
+
})
|
|
481
485
|
```
|
|
482
486
|
<!--End PulumiCodeChooser -->
|
|
483
487
|
|
|
@@ -534,14 +538,15 @@ class Group(pulumi.CustomResource):
|
|
|
534
538
|
import pulumi_vault as vault
|
|
535
539
|
|
|
536
540
|
internal = vault.identity.Group("internal",
|
|
537
|
-
|
|
538
|
-
|
|
539
|
-
},
|
|
541
|
+
name="internal",
|
|
542
|
+
type="internal",
|
|
540
543
|
policies=[
|
|
541
544
|
"dev",
|
|
542
545
|
"test",
|
|
543
546
|
],
|
|
544
|
-
|
|
547
|
+
metadata={
|
|
548
|
+
"version": "2",
|
|
549
|
+
})
|
|
545
550
|
```
|
|
546
551
|
<!--End PulumiCodeChooser -->
|
|
547
552
|
|
|
@@ -553,11 +558,12 @@ class Group(pulumi.CustomResource):
|
|
|
553
558
|
import pulumi_vault as vault
|
|
554
559
|
|
|
555
560
|
group = vault.identity.Group("group",
|
|
561
|
+
name="external",
|
|
562
|
+
type="external",
|
|
563
|
+
policies=["test"],
|
|
556
564
|
metadata={
|
|
557
565
|
"version": "1",
|
|
558
|
-
}
|
|
559
|
-
policies=["test"],
|
|
560
|
-
type="external")
|
|
566
|
+
})
|
|
561
567
|
```
|
|
562
568
|
<!--End PulumiCodeChooser -->
|
|
563
569
|
|
|
@@ -572,24 +578,26 @@ class Group(pulumi.CustomResource):
|
|
|
572
578
|
import pulumi
|
|
573
579
|
import pulumi_vault as vault
|
|
574
580
|
|
|
575
|
-
|
|
576
|
-
|
|
577
|
-
|
|
578
|
-
},
|
|
581
|
+
internal = vault.identity.Group("internal",
|
|
582
|
+
name="internal",
|
|
583
|
+
type="internal",
|
|
579
584
|
policies=[
|
|
580
585
|
"dev",
|
|
581
586
|
"test",
|
|
582
587
|
],
|
|
583
|
-
type="internal")
|
|
584
|
-
internal_group = vault.identity.Group("internalGroup",
|
|
585
588
|
metadata={
|
|
586
589
|
"version": "2",
|
|
587
|
-
}
|
|
590
|
+
})
|
|
591
|
+
internal_group = vault.identity.Group("Internal",
|
|
592
|
+
name="Internal",
|
|
593
|
+
type="internal",
|
|
588
594
|
policies=[
|
|
589
595
|
"dev",
|
|
590
596
|
"test",
|
|
591
597
|
],
|
|
592
|
-
|
|
598
|
+
metadata={
|
|
599
|
+
"version": "2",
|
|
600
|
+
})
|
|
593
601
|
```
|
|
594
602
|
<!--End PulumiCodeChooser -->
|
|
595
603
|
|
|
@@ -187,6 +187,7 @@ class GroupAlias(pulumi.CustomResource):
|
|
|
187
187
|
import pulumi_vault as vault
|
|
188
188
|
|
|
189
189
|
group = vault.identity.Group("group",
|
|
190
|
+
name="test",
|
|
190
191
|
type="external",
|
|
191
192
|
policies=["test"])
|
|
192
193
|
github = vault.AuthBackend("github",
|
|
@@ -242,6 +243,7 @@ class GroupAlias(pulumi.CustomResource):
|
|
|
242
243
|
import pulumi_vault as vault
|
|
243
244
|
|
|
244
245
|
group = vault.identity.Group("group",
|
|
246
|
+
name="test",
|
|
245
247
|
type="external",
|
|
246
248
|
policies=["test"])
|
|
247
249
|
github = vault.AuthBackend("github",
|
|
@@ -205,12 +205,13 @@ class GroupMemberEntityIds(pulumi.CustomResource):
|
|
|
205
205
|
import pulumi_vault as vault
|
|
206
206
|
|
|
207
207
|
internal = vault.identity.Group("internal",
|
|
208
|
+
name="internal",
|
|
208
209
|
type="internal",
|
|
209
210
|
external_member_entity_ids=True,
|
|
210
211
|
metadata={
|
|
211
212
|
"version": "2",
|
|
212
213
|
})
|
|
213
|
-
user = vault.identity.Entity("user")
|
|
214
|
+
user = vault.identity.Entity("user", name="user")
|
|
214
215
|
members = vault.identity.GroupMemberEntityIds("members",
|
|
215
216
|
exclusive=True,
|
|
216
217
|
member_entity_ids=[user.id],
|
|
@@ -226,14 +227,15 @@ class GroupMemberEntityIds(pulumi.CustomResource):
|
|
|
226
227
|
import pulumi_vault as vault
|
|
227
228
|
|
|
228
229
|
internal = vault.identity.Group("internal",
|
|
230
|
+
name="internal",
|
|
229
231
|
type="internal",
|
|
230
232
|
external_member_entity_ids=True,
|
|
231
233
|
metadata={
|
|
232
234
|
"version": "2",
|
|
233
235
|
})
|
|
234
|
-
test_user = vault.identity.Entity("
|
|
235
|
-
second_test_user = vault.identity.Entity("
|
|
236
|
-
dev_user = vault.identity.Entity("
|
|
236
|
+
test_user = vault.identity.Entity("test_user", name="test")
|
|
237
|
+
second_test_user = vault.identity.Entity("second_test_user", name="second_test")
|
|
238
|
+
dev_user = vault.identity.Entity("dev_user", name="dev")
|
|
237
239
|
test = vault.identity.GroupMemberEntityIds("test",
|
|
238
240
|
member_entity_ids=[
|
|
239
241
|
test_user.id,
|
|
@@ -281,12 +283,13 @@ class GroupMemberEntityIds(pulumi.CustomResource):
|
|
|
281
283
|
import pulumi_vault as vault
|
|
282
284
|
|
|
283
285
|
internal = vault.identity.Group("internal",
|
|
286
|
+
name="internal",
|
|
284
287
|
type="internal",
|
|
285
288
|
external_member_entity_ids=True,
|
|
286
289
|
metadata={
|
|
287
290
|
"version": "2",
|
|
288
291
|
})
|
|
289
|
-
user = vault.identity.Entity("user")
|
|
292
|
+
user = vault.identity.Entity("user", name="user")
|
|
290
293
|
members = vault.identity.GroupMemberEntityIds("members",
|
|
291
294
|
exclusive=True,
|
|
292
295
|
member_entity_ids=[user.id],
|
|
@@ -302,14 +305,15 @@ class GroupMemberEntityIds(pulumi.CustomResource):
|
|
|
302
305
|
import pulumi_vault as vault
|
|
303
306
|
|
|
304
307
|
internal = vault.identity.Group("internal",
|
|
308
|
+
name="internal",
|
|
305
309
|
type="internal",
|
|
306
310
|
external_member_entity_ids=True,
|
|
307
311
|
metadata={
|
|
308
312
|
"version": "2",
|
|
309
313
|
})
|
|
310
|
-
test_user = vault.identity.Entity("
|
|
311
|
-
second_test_user = vault.identity.Entity("
|
|
312
|
-
dev_user = vault.identity.Entity("
|
|
314
|
+
test_user = vault.identity.Entity("test_user", name="test")
|
|
315
|
+
second_test_user = vault.identity.Entity("second_test_user", name="second_test")
|
|
316
|
+
dev_user = vault.identity.Entity("dev_user", name="dev")
|
|
313
317
|
test = vault.identity.GroupMemberEntityIds("test",
|
|
314
318
|
member_entity_ids=[
|
|
315
319
|
test_user.id,
|
|
@@ -219,14 +219,17 @@ class GroupMemberGroupIds(pulumi.CustomResource):
|
|
|
219
219
|
import pulumi_vault as vault
|
|
220
220
|
|
|
221
221
|
internal = vault.identity.Group("internal",
|
|
222
|
+
name="internal",
|
|
222
223
|
type="internal",
|
|
223
224
|
external_member_group_ids=True,
|
|
224
225
|
metadata={
|
|
225
226
|
"version": "2",
|
|
226
227
|
})
|
|
227
|
-
users = vault.identity.Group("users",
|
|
228
|
-
"
|
|
229
|
-
|
|
228
|
+
users = vault.identity.Group("users",
|
|
229
|
+
name="users",
|
|
230
|
+
metadata={
|
|
231
|
+
"version": "2",
|
|
232
|
+
})
|
|
230
233
|
members = vault.identity.GroupMemberGroupIds("members",
|
|
231
234
|
exclusive=True,
|
|
232
235
|
member_group_ids=[users.id],
|
|
@@ -242,14 +245,17 @@ class GroupMemberGroupIds(pulumi.CustomResource):
|
|
|
242
245
|
import pulumi_vault as vault
|
|
243
246
|
|
|
244
247
|
internal = vault.identity.Group("internal",
|
|
248
|
+
name="internal",
|
|
245
249
|
type="internal",
|
|
246
250
|
external_member_group_ids=True,
|
|
247
251
|
metadata={
|
|
248
252
|
"version": "2",
|
|
249
253
|
})
|
|
250
|
-
users = vault.identity.Group("users",
|
|
251
|
-
"
|
|
252
|
-
|
|
254
|
+
users = vault.identity.Group("users",
|
|
255
|
+
name="users",
|
|
256
|
+
metadata={
|
|
257
|
+
"version": "2",
|
|
258
|
+
})
|
|
253
259
|
members = vault.identity.GroupMemberGroupIds("members",
|
|
254
260
|
exclusive=False,
|
|
255
261
|
member_group_ids=[users.id],
|
|
@@ -295,14 +301,17 @@ class GroupMemberGroupIds(pulumi.CustomResource):
|
|
|
295
301
|
import pulumi_vault as vault
|
|
296
302
|
|
|
297
303
|
internal = vault.identity.Group("internal",
|
|
304
|
+
name="internal",
|
|
298
305
|
type="internal",
|
|
299
306
|
external_member_group_ids=True,
|
|
300
307
|
metadata={
|
|
301
308
|
"version": "2",
|
|
302
309
|
})
|
|
303
|
-
users = vault.identity.Group("users",
|
|
304
|
-
"
|
|
305
|
-
|
|
310
|
+
users = vault.identity.Group("users",
|
|
311
|
+
name="users",
|
|
312
|
+
metadata={
|
|
313
|
+
"version": "2",
|
|
314
|
+
})
|
|
306
315
|
members = vault.identity.GroupMemberGroupIds("members",
|
|
307
316
|
exclusive=True,
|
|
308
317
|
member_group_ids=[users.id],
|
|
@@ -318,14 +327,17 @@ class GroupMemberGroupIds(pulumi.CustomResource):
|
|
|
318
327
|
import pulumi_vault as vault
|
|
319
328
|
|
|
320
329
|
internal = vault.identity.Group("internal",
|
|
330
|
+
name="internal",
|
|
321
331
|
type="internal",
|
|
322
332
|
external_member_group_ids=True,
|
|
323
333
|
metadata={
|
|
324
334
|
"version": "2",
|
|
325
335
|
})
|
|
326
|
-
users = vault.identity.Group("users",
|
|
327
|
-
"
|
|
328
|
-
|
|
336
|
+
users = vault.identity.Group("users",
|
|
337
|
+
name="users",
|
|
338
|
+
metadata={
|
|
339
|
+
"version": "2",
|
|
340
|
+
})
|
|
329
341
|
members = vault.identity.GroupMemberGroupIds("members",
|
|
330
342
|
exclusive=False,
|
|
331
343
|
member_group_ids=[users.id],
|
|
@@ -220,6 +220,7 @@ class GroupPolicies(pulumi.CustomResource):
|
|
|
220
220
|
import pulumi_vault as vault
|
|
221
221
|
|
|
222
222
|
internal = vault.identity.Group("internal",
|
|
223
|
+
name="internal",
|
|
223
224
|
type="internal",
|
|
224
225
|
external_policies=True,
|
|
225
226
|
metadata={
|
|
@@ -243,6 +244,7 @@ class GroupPolicies(pulumi.CustomResource):
|
|
|
243
244
|
import pulumi_vault as vault
|
|
244
245
|
|
|
245
246
|
internal = vault.identity.Group("internal",
|
|
247
|
+
name="internal",
|
|
246
248
|
type="internal",
|
|
247
249
|
external_policies=True,
|
|
248
250
|
metadata={
|
|
@@ -295,6 +297,7 @@ class GroupPolicies(pulumi.CustomResource):
|
|
|
295
297
|
import pulumi_vault as vault
|
|
296
298
|
|
|
297
299
|
internal = vault.identity.Group("internal",
|
|
300
|
+
name="internal",
|
|
298
301
|
type="internal",
|
|
299
302
|
external_policies=True,
|
|
300
303
|
metadata={
|
|
@@ -318,6 +321,7 @@ class GroupPolicies(pulumi.CustomResource):
|
|
|
318
321
|
import pulumi_vault as vault
|
|
319
322
|
|
|
320
323
|
internal = vault.identity.Group("internal",
|
|
324
|
+
name="internal",
|
|
321
325
|
type="internal",
|
|
322
326
|
external_policies=True,
|
|
323
327
|
metadata={
|
pulumi_vault/identity/mfa_duo.py
CHANGED
|
@@ -385,8 +385,8 @@ class MfaDuo(pulumi.CustomResource):
|
|
|
385
385
|
|
|
386
386
|
example = vault.identity.MfaDuo("example",
|
|
387
387
|
api_hostname="api-xxxxxxxx.duosecurity.com",
|
|
388
|
-
|
|
389
|
-
|
|
388
|
+
secret_key="secret-key",
|
|
389
|
+
integration_key="secret-int-key")
|
|
390
390
|
```
|
|
391
391
|
<!--End PulumiCodeChooser -->
|
|
392
392
|
|
|
@@ -426,8 +426,8 @@ class MfaDuo(pulumi.CustomResource):
|
|
|
426
426
|
|
|
427
427
|
example = vault.identity.MfaDuo("example",
|
|
428
428
|
api_hostname="api-xxxxxxxx.duosecurity.com",
|
|
429
|
-
|
|
430
|
-
|
|
429
|
+
secret_key="secret-key",
|
|
430
|
+
integration_key="secret-int-key")
|
|
431
431
|
```
|
|
432
432
|
<!--End PulumiCodeChooser -->
|
|
433
433
|
|
|
@@ -321,12 +321,14 @@ class MfaLoginEnforcement(pulumi.CustomResource):
|
|
|
321
321
|
import pulumi
|
|
322
322
|
import pulumi_vault as vault
|
|
323
323
|
|
|
324
|
-
|
|
324
|
+
example = vault.identity.MfaDuo("example",
|
|
325
325
|
secret_key="secret-key",
|
|
326
326
|
integration_key="int-key",
|
|
327
327
|
api_hostname="foo.baz",
|
|
328
328
|
push_info="push-info")
|
|
329
|
-
example_mfa_login_enforcement = vault.identity.MfaLoginEnforcement("
|
|
329
|
+
example_mfa_login_enforcement = vault.identity.MfaLoginEnforcement("example",
|
|
330
|
+
name="default",
|
|
331
|
+
mfa_method_ids=[example.method_id])
|
|
330
332
|
```
|
|
331
333
|
<!--End PulumiCodeChooser -->
|
|
332
334
|
|
|
@@ -364,12 +366,14 @@ class MfaLoginEnforcement(pulumi.CustomResource):
|
|
|
364
366
|
import pulumi
|
|
365
367
|
import pulumi_vault as vault
|
|
366
368
|
|
|
367
|
-
|
|
369
|
+
example = vault.identity.MfaDuo("example",
|
|
368
370
|
secret_key="secret-key",
|
|
369
371
|
integration_key="int-key",
|
|
370
372
|
api_hostname="foo.baz",
|
|
371
373
|
push_info="push-info")
|
|
372
|
-
example_mfa_login_enforcement = vault.identity.MfaLoginEnforcement("
|
|
374
|
+
example_mfa_login_enforcement = vault.identity.MfaLoginEnforcement("example",
|
|
375
|
+
name="default",
|
|
376
|
+
mfa_method_ids=[example.method_id])
|
|
373
377
|
```
|
|
374
378
|
<!--End PulumiCodeChooser -->
|
|
375
379
|
|
|
@@ -352,9 +352,9 @@ class MfaOkta(pulumi.CustomResource):
|
|
|
352
352
|
import pulumi_vault as vault
|
|
353
353
|
|
|
354
354
|
example = vault.identity.MfaOkta("example",
|
|
355
|
+
org_name="org1",
|
|
355
356
|
api_token="token1",
|
|
356
|
-
base_url="qux.baz.com"
|
|
357
|
-
org_name="org1")
|
|
357
|
+
base_url="qux.baz.com")
|
|
358
358
|
```
|
|
359
359
|
<!--End PulumiCodeChooser -->
|
|
360
360
|
|
|
@@ -392,9 +392,9 @@ class MfaOkta(pulumi.CustomResource):
|
|
|
392
392
|
import pulumi_vault as vault
|
|
393
393
|
|
|
394
394
|
example = vault.identity.MfaOkta("example",
|
|
395
|
+
org_name="org1",
|
|
395
396
|
api_token="token1",
|
|
396
|
-
base_url="qux.baz.com"
|
|
397
|
-
org_name="org1")
|
|
397
|
+
base_url="qux.baz.com")
|
|
398
398
|
```
|
|
399
399
|
<!--End PulumiCodeChooser -->
|
|
400
400
|
|
|
@@ -189,13 +189,17 @@ class OidcAssignment(pulumi.CustomResource):
|
|
|
189
189
|
import pulumi_vault as vault
|
|
190
190
|
|
|
191
191
|
internal = vault.identity.Group("internal",
|
|
192
|
+
name="internal",
|
|
192
193
|
type="internal",
|
|
193
194
|
policies=[
|
|
194
195
|
"dev",
|
|
195
196
|
"test",
|
|
196
197
|
])
|
|
197
|
-
test = vault.identity.Entity("test",
|
|
198
|
+
test = vault.identity.Entity("test",
|
|
199
|
+
name="test",
|
|
200
|
+
policies=["test"])
|
|
198
201
|
default = vault.identity.OidcAssignment("default",
|
|
202
|
+
name="assignment",
|
|
199
203
|
entity_ids=[test.id],
|
|
200
204
|
group_ids=[internal.id])
|
|
201
205
|
```
|
|
@@ -237,13 +241,17 @@ class OidcAssignment(pulumi.CustomResource):
|
|
|
237
241
|
import pulumi_vault as vault
|
|
238
242
|
|
|
239
243
|
internal = vault.identity.Group("internal",
|
|
244
|
+
name="internal",
|
|
240
245
|
type="internal",
|
|
241
246
|
policies=[
|
|
242
247
|
"dev",
|
|
243
248
|
"test",
|
|
244
249
|
])
|
|
245
|
-
test = vault.identity.Entity("test",
|
|
250
|
+
test = vault.identity.Entity("test",
|
|
251
|
+
name="test",
|
|
252
|
+
policies=["test"])
|
|
246
253
|
default = vault.identity.OidcAssignment("default",
|
|
254
|
+
name="assignment",
|
|
247
255
|
entity_ids=[test.id],
|
|
248
256
|
group_ids=[internal.id])
|
|
249
257
|
```
|
|
@@ -378,16 +378,18 @@ class OidcClient(pulumi.CustomResource):
|
|
|
378
378
|
import pulumi
|
|
379
379
|
import pulumi_vault as vault
|
|
380
380
|
|
|
381
|
-
|
|
381
|
+
test = vault.identity.OidcAssignment("test",
|
|
382
|
+
name="my-assignment",
|
|
382
383
|
entity_ids=["ascbascas-2231a-sdfaa"],
|
|
383
384
|
group_ids=["sajkdsad-32414-sfsada"])
|
|
384
|
-
test_oidc_client = vault.identity.OidcClient("
|
|
385
|
+
test_oidc_client = vault.identity.OidcClient("test",
|
|
386
|
+
name="my-app",
|
|
385
387
|
redirect_uris=[
|
|
386
388
|
"http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback",
|
|
387
389
|
"http://127.0.0.1:8251/callback",
|
|
388
390
|
"http://127.0.0.1:8080/callback",
|
|
389
391
|
],
|
|
390
|
-
assignments=[
|
|
392
|
+
assignments=[test.name],
|
|
391
393
|
id_token_ttl=2400,
|
|
392
394
|
access_token_ttl=7200)
|
|
393
395
|
```
|
|
@@ -438,16 +440,18 @@ class OidcClient(pulumi.CustomResource):
|
|
|
438
440
|
import pulumi
|
|
439
441
|
import pulumi_vault as vault
|
|
440
442
|
|
|
441
|
-
|
|
443
|
+
test = vault.identity.OidcAssignment("test",
|
|
444
|
+
name="my-assignment",
|
|
442
445
|
entity_ids=["ascbascas-2231a-sdfaa"],
|
|
443
446
|
group_ids=["sajkdsad-32414-sfsada"])
|
|
444
|
-
test_oidc_client = vault.identity.OidcClient("
|
|
447
|
+
test_oidc_client = vault.identity.OidcClient("test",
|
|
448
|
+
name="my-app",
|
|
445
449
|
redirect_uris=[
|
|
446
450
|
"http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback",
|
|
447
451
|
"http://127.0.0.1:8251/callback",
|
|
448
452
|
"http://127.0.0.1:8080/callback",
|
|
449
453
|
],
|
|
450
|
-
assignments=[
|
|
454
|
+
assignments=[test.name],
|
|
451
455
|
id_token_ttl=2400,
|
|
452
456
|
access_token_ttl=7200)
|
|
453
457
|
```
|
|
@@ -263,11 +263,15 @@ class OidcKey(pulumi.CustomResource):
|
|
|
263
263
|
import pulumi
|
|
264
264
|
import pulumi_vault as vault
|
|
265
265
|
|
|
266
|
-
key = vault.identity.OidcKey("key",
|
|
267
|
-
|
|
268
|
-
|
|
266
|
+
key = vault.identity.OidcKey("key",
|
|
267
|
+
name="key",
|
|
268
|
+
algorithm="RS256")
|
|
269
|
+
role = vault.identity.OidcRole("role",
|
|
270
|
+
name="role",
|
|
271
|
+
key=key.name)
|
|
272
|
+
role_oidc_key_allowed_client_id = vault.identity.OidcKeyAllowedClientID("role",
|
|
269
273
|
key_name=key.name,
|
|
270
|
-
allowed_client_id=
|
|
274
|
+
allowed_client_id=role.client_id)
|
|
271
275
|
```
|
|
272
276
|
<!--End PulumiCodeChooser -->
|
|
273
277
|
|
|
@@ -308,11 +312,15 @@ class OidcKey(pulumi.CustomResource):
|
|
|
308
312
|
import pulumi
|
|
309
313
|
import pulumi_vault as vault
|
|
310
314
|
|
|
311
|
-
key = vault.identity.OidcKey("key",
|
|
312
|
-
|
|
313
|
-
|
|
315
|
+
key = vault.identity.OidcKey("key",
|
|
316
|
+
name="key",
|
|
317
|
+
algorithm="RS256")
|
|
318
|
+
role = vault.identity.OidcRole("role",
|
|
319
|
+
name="role",
|
|
320
|
+
key=key.name)
|
|
321
|
+
role_oidc_key_allowed_client_id = vault.identity.OidcKeyAllowedClientID("role",
|
|
314
322
|
key_name=key.name,
|
|
315
|
-
allowed_client_id=
|
|
323
|
+
allowed_client_id=role.client_id)
|
|
316
324
|
```
|
|
317
325
|
<!--End PulumiCodeChooser -->
|
|
318
326
|
|
|
@@ -150,11 +150,15 @@ class OidcKeyAllowedClientID(pulumi.CustomResource):
|
|
|
150
150
|
import pulumi
|
|
151
151
|
import pulumi_vault as vault
|
|
152
152
|
|
|
153
|
-
key = vault.identity.OidcKey("key",
|
|
154
|
-
|
|
155
|
-
|
|
153
|
+
key = vault.identity.OidcKey("key",
|
|
154
|
+
name="key",
|
|
155
|
+
algorithm="RS256")
|
|
156
|
+
role = vault.identity.OidcRole("role",
|
|
157
|
+
name="role",
|
|
158
|
+
key=key.name)
|
|
159
|
+
role_oidc_key_allowed_client_id = vault.identity.OidcKeyAllowedClientID("role",
|
|
156
160
|
key_name=key.name,
|
|
157
|
-
allowed_client_id=
|
|
161
|
+
allowed_client_id=role.client_id)
|
|
158
162
|
```
|
|
159
163
|
<!--End PulumiCodeChooser -->
|
|
160
164
|
|
|
@@ -181,11 +185,15 @@ class OidcKeyAllowedClientID(pulumi.CustomResource):
|
|
|
181
185
|
import pulumi
|
|
182
186
|
import pulumi_vault as vault
|
|
183
187
|
|
|
184
|
-
key = vault.identity.OidcKey("key",
|
|
185
|
-
|
|
186
|
-
|
|
188
|
+
key = vault.identity.OidcKey("key",
|
|
189
|
+
name="key",
|
|
190
|
+
algorithm="RS256")
|
|
191
|
+
role = vault.identity.OidcRole("role",
|
|
192
|
+
name="role",
|
|
193
|
+
key=key.name)
|
|
194
|
+
role_oidc_key_allowed_client_id = vault.identity.OidcKeyAllowedClientID("role",
|
|
187
195
|
key_name=key.name,
|
|
188
|
-
allowed_client_id=
|
|
196
|
+
allowed_client_id=role.client_id)
|
|
189
197
|
```
|
|
190
198
|
<!--End PulumiCodeChooser -->
|
|
191
199
|
|