pulumi-vault 6.2.0a1712991499__py3-none-any.whl → 6.2.0a1713561465__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/ad/secret_backend.py +2 -2
- pulumi_vault/ad/secret_library.py +2 -0
- pulumi_vault/alicloud/auth_backend_role.py +6 -6
- pulumi_vault/audit.py +12 -12
- pulumi_vault/audit_request_header.py +6 -2
- pulumi_vault/aws/auth_backend_client.py +6 -6
- pulumi_vault/aws/auth_backend_identity_whitelist.py +6 -6
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +6 -6
- pulumi_vault/aws/secret_backend_role.py +2 -0
- pulumi_vault/aws/secret_backend_static_role.py +2 -0
- pulumi_vault/azure/auth_backend_config.py +6 -6
- pulumi_vault/azure/backend.py +16 -16
- pulumi_vault/azure/backend_role.py +14 -14
- pulumi_vault/cert_auth_backend_role.py +12 -8
- pulumi_vault/consul/secret_backend.py +10 -10
- pulumi_vault/consul/secret_backend_role.py +2 -0
- pulumi_vault/database/secret_backend_connection.py +2 -0
- pulumi_vault/database/secret_backend_role.py +4 -0
- pulumi_vault/database/secret_backend_static_role.py +10 -4
- pulumi_vault/database/secrets_mount.py +4 -0
- pulumi_vault/egp_policy.py +4 -4
- pulumi_vault/gcp/auth_backend.py +0 -36
- pulumi_vault/gcp/secret_backend.py +4 -2
- pulumi_vault/gcp/secret_impersonated_account.py +12 -10
- pulumi_vault/gcp/secret_roleset.py +4 -2
- pulumi_vault/gcp/secret_static_account.py +14 -12
- pulumi_vault/generic/endpoint.py +4 -4
- pulumi_vault/generic/get_secret.py +44 -0
- pulumi_vault/get_namespaces.py +4 -4
- pulumi_vault/get_policy_document.py +8 -4
- pulumi_vault/github/team.py +2 -2
- pulumi_vault/github/user.py +2 -2
- pulumi_vault/identity/entity.py +6 -4
- pulumi_vault/identity/entity_alias.py +6 -4
- pulumi_vault/identity/entity_policies.py +12 -4
- pulumi_vault/identity/get_oidc_client_creds.py +2 -0
- pulumi_vault/identity/get_oidc_openid_config.py +10 -2
- pulumi_vault/identity/get_oidc_public_keys.py +10 -2
- pulumi_vault/identity/group.py +38 -30
- pulumi_vault/identity/group_alias.py +2 -0
- pulumi_vault/identity/group_member_entity_ids.py +12 -8
- pulumi_vault/identity/group_member_group_ids.py +24 -12
- pulumi_vault/identity/group_policies.py +4 -0
- pulumi_vault/identity/mfa_duo.py +4 -4
- pulumi_vault/identity/mfa_login_enforcement.py +8 -4
- pulumi_vault/identity/mfa_okta.py +4 -4
- pulumi_vault/identity/oidc_assignment.py +10 -2
- pulumi_vault/identity/oidc_client.py +10 -6
- pulumi_vault/identity/oidc_key.py +16 -8
- pulumi_vault/identity/oidc_key_allowed_client_id.py +16 -8
- pulumi_vault/identity/oidc_provider.py +22 -12
- pulumi_vault/identity/oidc_role.py +28 -12
- pulumi_vault/identity/oidc_scope.py +6 -4
- pulumi_vault/jwt/auth_backend.py +20 -20
- pulumi_vault/kmip/secret_backend.py +10 -10
- pulumi_vault/kubernetes/get_service_account_token.py +8 -4
- pulumi_vault/kubernetes/secret_backend.py +6 -4
- pulumi_vault/kubernetes/secret_backend_role.py +24 -12
- pulumi_vault/kv/get_secret_subkeys_v2.py +4 -2
- pulumi_vault/kv/get_secret_v2.py +62 -0
- pulumi_vault/kv/get_secrets_list.py +4 -4
- pulumi_vault/kv/get_secrets_list_v2.py +14 -8
- pulumi_vault/kv/secret_v2.py +2 -0
- pulumi_vault/ldap/auth_backend.py +10 -10
- pulumi_vault/ldap/secret_backend.py +4 -4
- pulumi_vault/ldap/secret_backend_library_set.py +2 -0
- pulumi_vault/mfa_duo.py +4 -2
- pulumi_vault/mfa_okta.py +4 -2
- pulumi_vault/mfa_pingid.py +4 -2
- pulumi_vault/mfa_totp.py +10 -8
- pulumi_vault/mongodbatlas/secret_role.py +2 -0
- pulumi_vault/mount.py +26 -26
- pulumi_vault/nomad_secret_backend.py +4 -4
- pulumi_vault/okta/auth_backend.py +6 -6
- pulumi_vault/password_policy.py +6 -4
- pulumi_vault/pkisecret/get_backend_issuer.py +40 -0
- pulumi_vault/pkisecret/get_backend_key.py +2 -2
- pulumi_vault/pkisecret/secret_backend_cert.py +6 -4
- pulumi_vault/pkisecret/secret_backend_config_ca.py +4 -4
- pulumi_vault/pkisecret/secret_backend_crl_config.py +2 -2
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +4 -4
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +10 -10
- pulumi_vault/pkisecret/secret_backend_role.py +2 -0
- pulumi_vault/pkisecret/secret_backend_root_cert.py +4 -4
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +6 -6
- pulumi_vault/pkisecret/secret_backend_sign.py +6 -4
- pulumi_vault/quota_lease_count.py +6 -4
- pulumi_vault/quota_rate_limit.py +2 -0
- pulumi_vault/rabbitmq/secret_backend.py +4 -4
- pulumi_vault/rabbitmq/secret_backend_role.py +2 -0
- pulumi_vault/raft_snapshot_agent_config.py +18 -12
- pulumi_vault/rgp_policy.py +2 -2
- pulumi_vault/saml/auth_backend.py +8 -8
- pulumi_vault/saml/auth_backend_role.py +8 -6
- pulumi_vault/secrets/sync_association.py +12 -6
- pulumi_vault/secrets/sync_aws_destination.py +6 -4
- pulumi_vault/secrets/sync_azure_destination.py +10 -8
- pulumi_vault/secrets/sync_config.py +2 -2
- pulumi_vault/secrets/sync_gcp_destination.py +6 -2
- pulumi_vault/secrets/sync_gh_destination.py +6 -4
- pulumi_vault/secrets/sync_github_apps.py +8 -4
- pulumi_vault/secrets/sync_vercel_destination.py +6 -4
- pulumi_vault/ssh/_inputs.py +0 -12
- pulumi_vault/ssh/outputs.py +0 -12
- pulumi_vault/ssh/secret_backend_role.py +4 -0
- pulumi_vault/terraformcloud/secret_creds.py +2 -0
- pulumi_vault/terraformcloud/secret_role.py +2 -0
- pulumi_vault/token.py +14 -14
- pulumi_vault/tokenauth/auth_backend_role.py +8 -8
- pulumi_vault/transform/alphabet.py +4 -2
- pulumi_vault/transform/get_decode.py +4 -0
- pulumi_vault/transform/get_encode.py +4 -0
- pulumi_vault/transform/role.py +4 -2
- pulumi_vault/transform/template.py +4 -0
- pulumi_vault/transit/get_decrypt.py +4 -4
- pulumi_vault/transit/secret_backend_key.py +6 -2
- {pulumi_vault-6.2.0a1712991499.dist-info → pulumi_vault-6.2.0a1713561465.dist-info}/METADATA +1 -1
- {pulumi_vault-6.2.0a1712991499.dist-info → pulumi_vault-6.2.0a1713561465.dist-info}/RECORD +120 -120
- {pulumi_vault-6.2.0a1712991499.dist-info → pulumi_vault-6.2.0a1713561465.dist-info}/WHEEL +0 -0
- {pulumi_vault-6.2.0a1712991499.dist-info → pulumi_vault-6.2.0a1713561465.dist-info}/top_level.txt +0 -0
|
@@ -279,15 +279,18 @@ class OidcProvider(pulumi.CustomResource):
|
|
|
279
279
|
import json
|
|
280
280
|
import pulumi_vault as vault
|
|
281
281
|
|
|
282
|
-
|
|
282
|
+
test = vault.identity.OidcKey("test",
|
|
283
|
+
name="my-key",
|
|
283
284
|
allowed_client_ids=["*"],
|
|
284
285
|
rotation_period=3600,
|
|
285
286
|
verification_ttl=3600)
|
|
286
|
-
test_oidc_assignment = vault.identity.OidcAssignment("
|
|
287
|
+
test_oidc_assignment = vault.identity.OidcAssignment("test",
|
|
288
|
+
name="my-assignment",
|
|
287
289
|
entity_ids=["fake-ascbascas-2231a-sdfaa"],
|
|
288
290
|
group_ids=["fake-sajkdsad-32414-sfsada"])
|
|
289
|
-
test_oidc_client = vault.identity.OidcClient("
|
|
290
|
-
|
|
291
|
+
test_oidc_client = vault.identity.OidcClient("test",
|
|
292
|
+
name="application",
|
|
293
|
+
key=test.name,
|
|
291
294
|
redirect_uris=[
|
|
292
295
|
"http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback",
|
|
293
296
|
"http://127.0.0.1:8251/callback",
|
|
@@ -296,12 +299,14 @@ class OidcProvider(pulumi.CustomResource):
|
|
|
296
299
|
assignments=[test_oidc_assignment.name],
|
|
297
300
|
id_token_ttl=2400,
|
|
298
301
|
access_token_ttl=7200)
|
|
299
|
-
test_oidc_scope = vault.identity.OidcScope("
|
|
302
|
+
test_oidc_scope = vault.identity.OidcScope("test",
|
|
303
|
+
name="groups",
|
|
300
304
|
template=json.dumps({
|
|
301
305
|
"groups": "{{identity.entity.groups.names}}",
|
|
302
306
|
}),
|
|
303
307
|
description="Groups scope.")
|
|
304
|
-
test_oidc_provider = vault.identity.OidcProvider("
|
|
308
|
+
test_oidc_provider = vault.identity.OidcProvider("test",
|
|
309
|
+
name="my-provider",
|
|
305
310
|
https_enabled=False,
|
|
306
311
|
issuer_host="127.0.0.1:8200",
|
|
307
312
|
allowed_client_ids=[test_oidc_client.client_id],
|
|
@@ -348,15 +353,18 @@ class OidcProvider(pulumi.CustomResource):
|
|
|
348
353
|
import json
|
|
349
354
|
import pulumi_vault as vault
|
|
350
355
|
|
|
351
|
-
|
|
356
|
+
test = vault.identity.OidcKey("test",
|
|
357
|
+
name="my-key",
|
|
352
358
|
allowed_client_ids=["*"],
|
|
353
359
|
rotation_period=3600,
|
|
354
360
|
verification_ttl=3600)
|
|
355
|
-
test_oidc_assignment = vault.identity.OidcAssignment("
|
|
361
|
+
test_oidc_assignment = vault.identity.OidcAssignment("test",
|
|
362
|
+
name="my-assignment",
|
|
356
363
|
entity_ids=["fake-ascbascas-2231a-sdfaa"],
|
|
357
364
|
group_ids=["fake-sajkdsad-32414-sfsada"])
|
|
358
|
-
test_oidc_client = vault.identity.OidcClient("
|
|
359
|
-
|
|
365
|
+
test_oidc_client = vault.identity.OidcClient("test",
|
|
366
|
+
name="application",
|
|
367
|
+
key=test.name,
|
|
360
368
|
redirect_uris=[
|
|
361
369
|
"http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback",
|
|
362
370
|
"http://127.0.0.1:8251/callback",
|
|
@@ -365,12 +373,14 @@ class OidcProvider(pulumi.CustomResource):
|
|
|
365
373
|
assignments=[test_oidc_assignment.name],
|
|
366
374
|
id_token_ttl=2400,
|
|
367
375
|
access_token_ttl=7200)
|
|
368
|
-
test_oidc_scope = vault.identity.OidcScope("
|
|
376
|
+
test_oidc_scope = vault.identity.OidcScope("test",
|
|
377
|
+
name="groups",
|
|
369
378
|
template=json.dumps({
|
|
370
379
|
"groups": "{{identity.entity.groups.names}}",
|
|
371
380
|
}),
|
|
372
381
|
description="Groups scope.")
|
|
373
|
-
test_oidc_provider = vault.identity.OidcProvider("
|
|
382
|
+
test_oidc_provider = vault.identity.OidcProvider("test",
|
|
383
|
+
name="my-provider",
|
|
374
384
|
https_enabled=False,
|
|
375
385
|
issuer_host="127.0.0.1:8200",
|
|
376
386
|
allowed_client_ids=[test_oidc_client.client_id],
|
|
@@ -276,11 +276,15 @@ class OidcRole(pulumi.CustomResource):
|
|
|
276
276
|
import pulumi_vault as vault
|
|
277
277
|
|
|
278
278
|
config = pulumi.Config()
|
|
279
|
+
# Name of the OIDC Key
|
|
279
280
|
key = config.get("key")
|
|
280
281
|
if key is None:
|
|
281
282
|
key = "key"
|
|
282
|
-
role = vault.identity.OidcRole("role",
|
|
283
|
-
|
|
283
|
+
role = vault.identity.OidcRole("role",
|
|
284
|
+
name="role",
|
|
285
|
+
key=key)
|
|
286
|
+
key_oidc_key = vault.identity.OidcKey("key",
|
|
287
|
+
name=key,
|
|
284
288
|
algorithm="RS256",
|
|
285
289
|
allowed_client_ids=[role.client_id])
|
|
286
290
|
```
|
|
@@ -295,11 +299,15 @@ class OidcRole(pulumi.CustomResource):
|
|
|
295
299
|
import pulumi
|
|
296
300
|
import pulumi_vault as vault
|
|
297
301
|
|
|
298
|
-
key = vault.identity.OidcKey("key",
|
|
299
|
-
|
|
300
|
-
|
|
302
|
+
key = vault.identity.OidcKey("key",
|
|
303
|
+
name="key",
|
|
304
|
+
algorithm="RS256")
|
|
305
|
+
role = vault.identity.OidcRole("role",
|
|
306
|
+
name="role",
|
|
307
|
+
key=key.name)
|
|
308
|
+
role_oidc_key_allowed_client_id = vault.identity.OidcKeyAllowedClientID("role",
|
|
301
309
|
key_name=key.name,
|
|
302
|
-
allowed_client_id=
|
|
310
|
+
allowed_client_id=role.client_id)
|
|
303
311
|
```
|
|
304
312
|
<!--End PulumiCodeChooser -->
|
|
305
313
|
|
|
@@ -348,11 +356,15 @@ class OidcRole(pulumi.CustomResource):
|
|
|
348
356
|
import pulumi_vault as vault
|
|
349
357
|
|
|
350
358
|
config = pulumi.Config()
|
|
359
|
+
# Name of the OIDC Key
|
|
351
360
|
key = config.get("key")
|
|
352
361
|
if key is None:
|
|
353
362
|
key = "key"
|
|
354
|
-
role = vault.identity.OidcRole("role",
|
|
355
|
-
|
|
363
|
+
role = vault.identity.OidcRole("role",
|
|
364
|
+
name="role",
|
|
365
|
+
key=key)
|
|
366
|
+
key_oidc_key = vault.identity.OidcKey("key",
|
|
367
|
+
name=key,
|
|
356
368
|
algorithm="RS256",
|
|
357
369
|
allowed_client_ids=[role.client_id])
|
|
358
370
|
```
|
|
@@ -367,11 +379,15 @@ class OidcRole(pulumi.CustomResource):
|
|
|
367
379
|
import pulumi
|
|
368
380
|
import pulumi_vault as vault
|
|
369
381
|
|
|
370
|
-
key = vault.identity.OidcKey("key",
|
|
371
|
-
|
|
372
|
-
|
|
382
|
+
key = vault.identity.OidcKey("key",
|
|
383
|
+
name="key",
|
|
384
|
+
algorithm="RS256")
|
|
385
|
+
role = vault.identity.OidcRole("role",
|
|
386
|
+
name="role",
|
|
387
|
+
key=key.name)
|
|
388
|
+
role_oidc_key_allowed_client_id = vault.identity.OidcKeyAllowedClientID("role",
|
|
373
389
|
key_name=key.name,
|
|
374
|
-
allowed_client_id=
|
|
390
|
+
allowed_client_id=role.client_id)
|
|
375
391
|
```
|
|
376
392
|
<!--End PulumiCodeChooser -->
|
|
377
393
|
|
|
@@ -189,8 +189,9 @@ class OidcScope(pulumi.CustomResource):
|
|
|
189
189
|
import pulumi_vault as vault
|
|
190
190
|
|
|
191
191
|
groups = vault.identity.OidcScope("groups",
|
|
192
|
-
|
|
193
|
-
template="{\\"groups\\":{{identity.entity.groups.names}}}"
|
|
192
|
+
name="groups",
|
|
193
|
+
template="{\\"groups\\":{{identity.entity.groups.names}}}",
|
|
194
|
+
description="Vault OIDC Groups Scope")
|
|
194
195
|
```
|
|
195
196
|
<!--End PulumiCodeChooser -->
|
|
196
197
|
|
|
@@ -230,8 +231,9 @@ class OidcScope(pulumi.CustomResource):
|
|
|
230
231
|
import pulumi_vault as vault
|
|
231
232
|
|
|
232
233
|
groups = vault.identity.OidcScope("groups",
|
|
233
|
-
|
|
234
|
-
template="{\\"groups\\":{{identity.entity.groups.names}}}"
|
|
234
|
+
name="groups",
|
|
235
|
+
template="{\\"groups\\":{{identity.entity.groups.names}}}",
|
|
236
|
+
description="Vault OIDC Groups Scope")
|
|
235
237
|
```
|
|
236
238
|
<!--End PulumiCodeChooser -->
|
|
237
239
|
|
pulumi_vault/jwt/auth_backend.py
CHANGED
|
@@ -782,10 +782,10 @@ class AuthBackend(pulumi.CustomResource):
|
|
|
782
782
|
import pulumi_vault as vault
|
|
783
783
|
|
|
784
784
|
example = vault.jwt.AuthBackend("example",
|
|
785
|
-
bound_issuer="https://myco.auth0.com/",
|
|
786
785
|
description="Demonstration of the Terraform JWT auth backend",
|
|
786
|
+
path="jwt",
|
|
787
787
|
oidc_discovery_url="https://myco.auth0.com/",
|
|
788
|
-
|
|
788
|
+
bound_issuer="https://myco.auth0.com/")
|
|
789
789
|
```
|
|
790
790
|
<!--End PulumiCodeChooser -->
|
|
791
791
|
|
|
@@ -797,16 +797,16 @@ class AuthBackend(pulumi.CustomResource):
|
|
|
797
797
|
import pulumi_vault as vault
|
|
798
798
|
|
|
799
799
|
example = vault.jwt.AuthBackend("example",
|
|
800
|
-
bound_issuer="https://myco.auth0.com/",
|
|
801
800
|
description="Demonstration of the Terraform JWT auth backend",
|
|
801
|
+
path="oidc",
|
|
802
|
+
type="oidc",
|
|
803
|
+
oidc_discovery_url="https://myco.auth0.com/",
|
|
802
804
|
oidc_client_id="1234567890",
|
|
803
805
|
oidc_client_secret="secret123456",
|
|
804
|
-
|
|
805
|
-
path="oidc",
|
|
806
|
+
bound_issuer="https://myco.auth0.com/",
|
|
806
807
|
tune=vault.jwt.AuthBackendTuneArgs(
|
|
807
808
|
listing_visibility="unauth",
|
|
808
|
-
)
|
|
809
|
-
type="oidc")
|
|
809
|
+
))
|
|
810
810
|
```
|
|
811
811
|
<!--End PulumiCodeChooser -->
|
|
812
812
|
|
|
@@ -821,13 +821,13 @@ class AuthBackend(pulumi.CustomResource):
|
|
|
821
821
|
description="OIDC backend",
|
|
822
822
|
oidc_discovery_url="https://accounts.google.com",
|
|
823
823
|
path="oidc",
|
|
824
|
+
type="oidc",
|
|
824
825
|
provider_config={
|
|
826
|
+
"provider": "gsuite",
|
|
825
827
|
"fetch_groups": "true",
|
|
826
828
|
"fetch_user_info": "true",
|
|
827
829
|
"groups_recurse_max_depth": "1",
|
|
828
|
-
|
|
829
|
-
},
|
|
830
|
-
type="oidc")
|
|
830
|
+
})
|
|
831
831
|
```
|
|
832
832
|
<!--End PulumiCodeChooser -->
|
|
833
833
|
|
|
@@ -895,10 +895,10 @@ class AuthBackend(pulumi.CustomResource):
|
|
|
895
895
|
import pulumi_vault as vault
|
|
896
896
|
|
|
897
897
|
example = vault.jwt.AuthBackend("example",
|
|
898
|
-
bound_issuer="https://myco.auth0.com/",
|
|
899
898
|
description="Demonstration of the Terraform JWT auth backend",
|
|
899
|
+
path="jwt",
|
|
900
900
|
oidc_discovery_url="https://myco.auth0.com/",
|
|
901
|
-
|
|
901
|
+
bound_issuer="https://myco.auth0.com/")
|
|
902
902
|
```
|
|
903
903
|
<!--End PulumiCodeChooser -->
|
|
904
904
|
|
|
@@ -910,16 +910,16 @@ class AuthBackend(pulumi.CustomResource):
|
|
|
910
910
|
import pulumi_vault as vault
|
|
911
911
|
|
|
912
912
|
example = vault.jwt.AuthBackend("example",
|
|
913
|
-
bound_issuer="https://myco.auth0.com/",
|
|
914
913
|
description="Demonstration of the Terraform JWT auth backend",
|
|
914
|
+
path="oidc",
|
|
915
|
+
type="oidc",
|
|
916
|
+
oidc_discovery_url="https://myco.auth0.com/",
|
|
915
917
|
oidc_client_id="1234567890",
|
|
916
918
|
oidc_client_secret="secret123456",
|
|
917
|
-
|
|
918
|
-
path="oidc",
|
|
919
|
+
bound_issuer="https://myco.auth0.com/",
|
|
919
920
|
tune=vault.jwt.AuthBackendTuneArgs(
|
|
920
921
|
listing_visibility="unauth",
|
|
921
|
-
)
|
|
922
|
-
type="oidc")
|
|
922
|
+
))
|
|
923
923
|
```
|
|
924
924
|
<!--End PulumiCodeChooser -->
|
|
925
925
|
|
|
@@ -934,13 +934,13 @@ class AuthBackend(pulumi.CustomResource):
|
|
|
934
934
|
description="OIDC backend",
|
|
935
935
|
oidc_discovery_url="https://accounts.google.com",
|
|
936
936
|
path="oidc",
|
|
937
|
+
type="oidc",
|
|
937
938
|
provider_config={
|
|
939
|
+
"provider": "gsuite",
|
|
938
940
|
"fetch_groups": "true",
|
|
939
941
|
"fetch_user_info": "true",
|
|
940
942
|
"groups_recurse_max_depth": "1",
|
|
941
|
-
|
|
942
|
-
},
|
|
943
|
-
type="oidc")
|
|
943
|
+
})
|
|
944
944
|
```
|
|
945
945
|
<!--End PulumiCodeChooser -->
|
|
946
946
|
|
|
@@ -494,17 +494,17 @@ class SecretBackend(pulumi.CustomResource):
|
|
|
494
494
|
import pulumi_vault as vault
|
|
495
495
|
|
|
496
496
|
default = vault.kmip.SecretBackend("default",
|
|
497
|
-
|
|
498
|
-
default_tls_client_key_type="rsa",
|
|
499
|
-
default_tls_client_ttl=86400,
|
|
497
|
+
path="kmip",
|
|
500
498
|
description="Vault KMIP backend",
|
|
501
499
|
listen_addrs=[
|
|
502
500
|
"127.0.0.1:5696",
|
|
503
501
|
"127.0.0.1:8080",
|
|
504
502
|
],
|
|
505
|
-
|
|
503
|
+
tls_ca_key_type="rsa",
|
|
506
504
|
tls_ca_key_bits=4096,
|
|
507
|
-
|
|
505
|
+
default_tls_client_key_type="rsa",
|
|
506
|
+
default_tls_client_key_bits=4096,
|
|
507
|
+
default_tls_client_ttl=86400)
|
|
508
508
|
```
|
|
509
509
|
<!--End PulumiCodeChooser -->
|
|
510
510
|
|
|
@@ -556,17 +556,17 @@ class SecretBackend(pulumi.CustomResource):
|
|
|
556
556
|
import pulumi_vault as vault
|
|
557
557
|
|
|
558
558
|
default = vault.kmip.SecretBackend("default",
|
|
559
|
-
|
|
560
|
-
default_tls_client_key_type="rsa",
|
|
561
|
-
default_tls_client_ttl=86400,
|
|
559
|
+
path="kmip",
|
|
562
560
|
description="Vault KMIP backend",
|
|
563
561
|
listen_addrs=[
|
|
564
562
|
"127.0.0.1:5696",
|
|
565
563
|
"127.0.0.1:8080",
|
|
566
564
|
],
|
|
567
|
-
|
|
565
|
+
tls_ca_key_type="rsa",
|
|
568
566
|
tls_ca_key_bits=4096,
|
|
569
|
-
|
|
567
|
+
default_tls_client_key_type="rsa",
|
|
568
|
+
default_tls_client_key_bits=4096,
|
|
569
|
+
default_tls_client_ttl=86400)
|
|
570
570
|
```
|
|
571
571
|
<!--End PulumiCodeChooser -->
|
|
572
572
|
|
|
@@ -183,17 +183,19 @@ def get_service_account_token(backend: Optional[str] = None,
|
|
|
183
183
|
<!--Start PulumiCodeChooser -->
|
|
184
184
|
```python
|
|
185
185
|
import pulumi
|
|
186
|
+
import pulumi_std as std
|
|
186
187
|
import pulumi_vault as vault
|
|
187
188
|
|
|
188
189
|
config = vault.kubernetes.SecretBackend("config",
|
|
189
190
|
path="kubernetes",
|
|
190
191
|
description="kubernetes secrets engine description",
|
|
191
192
|
kubernetes_host="https://127.0.0.1:61233",
|
|
192
|
-
kubernetes_ca_cert=
|
|
193
|
-
service_account_jwt=
|
|
193
|
+
kubernetes_ca_cert=std.file(input="/path/to/cert").result,
|
|
194
|
+
service_account_jwt=std.file(input="/path/to/token").result,
|
|
194
195
|
disable_local_ca_jwt=False)
|
|
195
196
|
role = vault.kubernetes.SecretBackendRole("role",
|
|
196
197
|
backend=config.path,
|
|
198
|
+
name="service-account-name-role",
|
|
197
199
|
allowed_kubernetes_namespaces=["*"],
|
|
198
200
|
token_max_ttl=43200,
|
|
199
201
|
token_default_ttl=21600,
|
|
@@ -270,17 +272,19 @@ def get_service_account_token_output(backend: Optional[pulumi.Input[str]] = None
|
|
|
270
272
|
<!--Start PulumiCodeChooser -->
|
|
271
273
|
```python
|
|
272
274
|
import pulumi
|
|
275
|
+
import pulumi_std as std
|
|
273
276
|
import pulumi_vault as vault
|
|
274
277
|
|
|
275
278
|
config = vault.kubernetes.SecretBackend("config",
|
|
276
279
|
path="kubernetes",
|
|
277
280
|
description="kubernetes secrets engine description",
|
|
278
281
|
kubernetes_host="https://127.0.0.1:61233",
|
|
279
|
-
kubernetes_ca_cert=
|
|
280
|
-
service_account_jwt=
|
|
282
|
+
kubernetes_ca_cert=std.file(input="/path/to/cert").result,
|
|
283
|
+
service_account_jwt=std.file(input="/path/to/token").result,
|
|
281
284
|
disable_local_ca_jwt=False)
|
|
282
285
|
role = vault.kubernetes.SecretBackendRole("role",
|
|
283
286
|
backend=config.path,
|
|
287
|
+
name="service-account-name-role",
|
|
284
288
|
allowed_kubernetes_namespaces=["*"],
|
|
285
289
|
token_max_ttl=43200,
|
|
286
290
|
token_default_ttl=21600,
|
|
@@ -626,6 +626,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
|
626
626
|
<!--Start PulumiCodeChooser -->
|
|
627
627
|
```python
|
|
628
628
|
import pulumi
|
|
629
|
+
import pulumi_std as std
|
|
629
630
|
import pulumi_vault as vault
|
|
630
631
|
|
|
631
632
|
config = vault.kubernetes.SecretBackend("config",
|
|
@@ -634,8 +635,8 @@ class SecretBackend(pulumi.CustomResource):
|
|
|
634
635
|
default_lease_ttl_seconds=43200,
|
|
635
636
|
max_lease_ttl_seconds=86400,
|
|
636
637
|
kubernetes_host="https://127.0.0.1:61233",
|
|
637
|
-
kubernetes_ca_cert=
|
|
638
|
-
service_account_jwt=
|
|
638
|
+
kubernetes_ca_cert=std.file(input="/path/to/cert").result,
|
|
639
|
+
service_account_jwt=std.file(input="/path/to/token").result,
|
|
639
640
|
disable_local_ca_jwt=False)
|
|
640
641
|
```
|
|
641
642
|
<!--End PulumiCodeChooser -->
|
|
@@ -690,6 +691,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
|
690
691
|
<!--Start PulumiCodeChooser -->
|
|
691
692
|
```python
|
|
692
693
|
import pulumi
|
|
694
|
+
import pulumi_std as std
|
|
693
695
|
import pulumi_vault as vault
|
|
694
696
|
|
|
695
697
|
config = vault.kubernetes.SecretBackend("config",
|
|
@@ -698,8 +700,8 @@ class SecretBackend(pulumi.CustomResource):
|
|
|
698
700
|
default_lease_ttl_seconds=43200,
|
|
699
701
|
max_lease_ttl_seconds=86400,
|
|
700
702
|
kubernetes_host="https://127.0.0.1:61233",
|
|
701
|
-
kubernetes_ca_cert=
|
|
702
|
-
service_account_jwt=
|
|
703
|
+
kubernetes_ca_cert=std.file(input="/path/to/cert").result,
|
|
704
|
+
service_account_jwt=std.file(input="/path/to/token").result,
|
|
703
705
|
disable_local_ca_jwt=False)
|
|
704
706
|
```
|
|
705
707
|
<!--End PulumiCodeChooser -->
|
|
@@ -594,17 +594,19 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
|
594
594
|
<!--Start PulumiCodeChooser -->
|
|
595
595
|
```python
|
|
596
596
|
import pulumi
|
|
597
|
+
import pulumi_std as std
|
|
597
598
|
import pulumi_vault as vault
|
|
598
599
|
|
|
599
600
|
config = vault.kubernetes.SecretBackend("config",
|
|
600
601
|
path="kubernetes",
|
|
601
602
|
description="kubernetes secrets engine description",
|
|
602
603
|
kubernetes_host="https://127.0.0.1:61233",
|
|
603
|
-
kubernetes_ca_cert=
|
|
604
|
-
service_account_jwt=
|
|
604
|
+
kubernetes_ca_cert=std.file(input="/path/to/cert").result,
|
|
605
|
+
service_account_jwt=std.file(input="/path/to/token").result,
|
|
605
606
|
disable_local_ca_jwt=False)
|
|
606
607
|
sa_example = vault.kubernetes.SecretBackendRole("sa-example",
|
|
607
608
|
backend=config.path,
|
|
609
|
+
name="service-account-name-role",
|
|
608
610
|
allowed_kubernetes_namespaces=["*"],
|
|
609
611
|
token_max_ttl=43200,
|
|
610
612
|
token_default_ttl=21600,
|
|
@@ -625,17 +627,19 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
|
625
627
|
<!--Start PulumiCodeChooser -->
|
|
626
628
|
```python
|
|
627
629
|
import pulumi
|
|
630
|
+
import pulumi_std as std
|
|
628
631
|
import pulumi_vault as vault
|
|
629
632
|
|
|
630
633
|
config = vault.kubernetes.SecretBackend("config",
|
|
631
634
|
path="kubernetes",
|
|
632
635
|
description="kubernetes secrets engine description",
|
|
633
636
|
kubernetes_host="https://127.0.0.1:61233",
|
|
634
|
-
kubernetes_ca_cert=
|
|
635
|
-
service_account_jwt=
|
|
637
|
+
kubernetes_ca_cert=std.file(input="/path/to/cert").result,
|
|
638
|
+
service_account_jwt=std.file(input="/path/to/token").result,
|
|
636
639
|
disable_local_ca_jwt=False)
|
|
637
640
|
name_example = vault.kubernetes.SecretBackendRole("name-example",
|
|
638
641
|
backend=config.path,
|
|
642
|
+
name="service-account-name-role",
|
|
639
643
|
allowed_kubernetes_namespaces=["*"],
|
|
640
644
|
token_max_ttl=43200,
|
|
641
645
|
token_default_ttl=21600,
|
|
@@ -656,17 +660,19 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
|
656
660
|
<!--Start PulumiCodeChooser -->
|
|
657
661
|
```python
|
|
658
662
|
import pulumi
|
|
663
|
+
import pulumi_std as std
|
|
659
664
|
import pulumi_vault as vault
|
|
660
665
|
|
|
661
666
|
config = vault.kubernetes.SecretBackend("config",
|
|
662
667
|
path="kubernetes",
|
|
663
668
|
description="kubernetes secrets engine description",
|
|
664
669
|
kubernetes_host="https://127.0.0.1:61233",
|
|
665
|
-
kubernetes_ca_cert=
|
|
666
|
-
service_account_jwt=
|
|
670
|
+
kubernetes_ca_cert=std.file(input="/path/to/cert").result,
|
|
671
|
+
service_account_jwt=std.file(input="/path/to/token").result,
|
|
667
672
|
disable_local_ca_jwt=False)
|
|
668
673
|
rules_example = vault.kubernetes.SecretBackendRole("rules-example",
|
|
669
674
|
backend=config.path,
|
|
675
|
+
name="service-account-name-role",
|
|
670
676
|
allowed_kubernetes_namespaces=["*"],
|
|
671
677
|
token_max_ttl=43200,
|
|
672
678
|
token_default_ttl=21600,
|
|
@@ -751,17 +757,19 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
|
751
757
|
<!--Start PulumiCodeChooser -->
|
|
752
758
|
```python
|
|
753
759
|
import pulumi
|
|
760
|
+
import pulumi_std as std
|
|
754
761
|
import pulumi_vault as vault
|
|
755
762
|
|
|
756
763
|
config = vault.kubernetes.SecretBackend("config",
|
|
757
764
|
path="kubernetes",
|
|
758
765
|
description="kubernetes secrets engine description",
|
|
759
766
|
kubernetes_host="https://127.0.0.1:61233",
|
|
760
|
-
kubernetes_ca_cert=
|
|
761
|
-
service_account_jwt=
|
|
767
|
+
kubernetes_ca_cert=std.file(input="/path/to/cert").result,
|
|
768
|
+
service_account_jwt=std.file(input="/path/to/token").result,
|
|
762
769
|
disable_local_ca_jwt=False)
|
|
763
770
|
sa_example = vault.kubernetes.SecretBackendRole("sa-example",
|
|
764
771
|
backend=config.path,
|
|
772
|
+
name="service-account-name-role",
|
|
765
773
|
allowed_kubernetes_namespaces=["*"],
|
|
766
774
|
token_max_ttl=43200,
|
|
767
775
|
token_default_ttl=21600,
|
|
@@ -782,17 +790,19 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
|
782
790
|
<!--Start PulumiCodeChooser -->
|
|
783
791
|
```python
|
|
784
792
|
import pulumi
|
|
793
|
+
import pulumi_std as std
|
|
785
794
|
import pulumi_vault as vault
|
|
786
795
|
|
|
787
796
|
config = vault.kubernetes.SecretBackend("config",
|
|
788
797
|
path="kubernetes",
|
|
789
798
|
description="kubernetes secrets engine description",
|
|
790
799
|
kubernetes_host="https://127.0.0.1:61233",
|
|
791
|
-
kubernetes_ca_cert=
|
|
792
|
-
service_account_jwt=
|
|
800
|
+
kubernetes_ca_cert=std.file(input="/path/to/cert").result,
|
|
801
|
+
service_account_jwt=std.file(input="/path/to/token").result,
|
|
793
802
|
disable_local_ca_jwt=False)
|
|
794
803
|
name_example = vault.kubernetes.SecretBackendRole("name-example",
|
|
795
804
|
backend=config.path,
|
|
805
|
+
name="service-account-name-role",
|
|
796
806
|
allowed_kubernetes_namespaces=["*"],
|
|
797
807
|
token_max_ttl=43200,
|
|
798
808
|
token_default_ttl=21600,
|
|
@@ -813,17 +823,19 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
|
813
823
|
<!--Start PulumiCodeChooser -->
|
|
814
824
|
```python
|
|
815
825
|
import pulumi
|
|
826
|
+
import pulumi_std as std
|
|
816
827
|
import pulumi_vault as vault
|
|
817
828
|
|
|
818
829
|
config = vault.kubernetes.SecretBackend("config",
|
|
819
830
|
path="kubernetes",
|
|
820
831
|
description="kubernetes secrets engine description",
|
|
821
832
|
kubernetes_host="https://127.0.0.1:61233",
|
|
822
|
-
kubernetes_ca_cert=
|
|
823
|
-
service_account_jwt=
|
|
833
|
+
kubernetes_ca_cert=std.file(input="/path/to/cert").result,
|
|
834
|
+
service_account_jwt=std.file(input="/path/to/token").result,
|
|
824
835
|
disable_local_ca_jwt=False)
|
|
825
836
|
rules_example = vault.kubernetes.SecretBackendRole("rules-example",
|
|
826
837
|
backend=config.path,
|
|
838
|
+
name="service-account-name-role",
|
|
827
839
|
allowed_kubernetes_namespaces=["*"],
|
|
828
840
|
token_max_ttl=43200,
|
|
829
841
|
token_default_ttl=21600,
|
|
@@ -147,8 +147,9 @@ def get_secret_subkeys_v2(depth: Optional[int] = None,
|
|
|
147
147
|
"version": "2",
|
|
148
148
|
},
|
|
149
149
|
description="KV Version 2 secret engine mount")
|
|
150
|
-
aws_secret = vault.kv.SecretV2("
|
|
150
|
+
aws_secret = vault.kv.SecretV2("aws_secret",
|
|
151
151
|
mount=kvv2.path,
|
|
152
|
+
name="aws_secret",
|
|
152
153
|
data_json=json.dumps({
|
|
153
154
|
"zip": "zap",
|
|
154
155
|
"foo": "bar",
|
|
@@ -223,8 +224,9 @@ def get_secret_subkeys_v2_output(depth: Optional[pulumi.Input[Optional[int]]] =
|
|
|
223
224
|
"version": "2",
|
|
224
225
|
},
|
|
225
226
|
description="KV Version 2 secret engine mount")
|
|
226
|
-
aws_secret = vault.kv.SecretV2("
|
|
227
|
+
aws_secret = vault.kv.SecretV2("aws_secret",
|
|
227
228
|
mount=kvv2.path,
|
|
229
|
+
name="aws_secret",
|
|
228
230
|
data_json=json.dumps({
|
|
229
231
|
"zip": "zap",
|
|
230
232
|
"foo": "bar",
|
pulumi_vault/kv/get_secret_v2.py
CHANGED
|
@@ -179,6 +179,37 @@ def get_secret_v2(mount: Optional[str] = None,
|
|
|
179
179
|
"""
|
|
180
180
|
## Example Usage
|
|
181
181
|
|
|
182
|
+
<!--Start PulumiCodeChooser -->
|
|
183
|
+
```python
|
|
184
|
+
import pulumi
|
|
185
|
+
import json
|
|
186
|
+
import pulumi_vault as vault
|
|
187
|
+
|
|
188
|
+
kvv2 = vault.Mount("kvv2",
|
|
189
|
+
path="kvv2",
|
|
190
|
+
type="kv",
|
|
191
|
+
options={
|
|
192
|
+
"version": "2",
|
|
193
|
+
},
|
|
194
|
+
description="KV Version 2 secret engine mount")
|
|
195
|
+
example_secret_v2 = vault.kv.SecretV2("example",
|
|
196
|
+
mount=kvv2.path,
|
|
197
|
+
name="secret",
|
|
198
|
+
cas=1,
|
|
199
|
+
delete_all_versions=True,
|
|
200
|
+
data_json=json.dumps({
|
|
201
|
+
"zip": "zap",
|
|
202
|
+
"foo": "bar",
|
|
203
|
+
}))
|
|
204
|
+
example = vault.kv.get_secret_v2_output(mount=kvv2.path,
|
|
205
|
+
name=example_secret_v2.name)
|
|
206
|
+
```
|
|
207
|
+
<!--End PulumiCodeChooser -->
|
|
208
|
+
|
|
209
|
+
## Required Vault Capabilities
|
|
210
|
+
|
|
211
|
+
Use of this resource requires the `read` capability on the given path.
|
|
212
|
+
|
|
182
213
|
|
|
183
214
|
:param str mount: Path where KV-V2 engine is mounted.
|
|
184
215
|
:param str name: Full name of the secret. For a nested secret
|
|
@@ -223,6 +254,37 @@ def get_secret_v2_output(mount: Optional[pulumi.Input[str]] = None,
|
|
|
223
254
|
"""
|
|
224
255
|
## Example Usage
|
|
225
256
|
|
|
257
|
+
<!--Start PulumiCodeChooser -->
|
|
258
|
+
```python
|
|
259
|
+
import pulumi
|
|
260
|
+
import json
|
|
261
|
+
import pulumi_vault as vault
|
|
262
|
+
|
|
263
|
+
kvv2 = vault.Mount("kvv2",
|
|
264
|
+
path="kvv2",
|
|
265
|
+
type="kv",
|
|
266
|
+
options={
|
|
267
|
+
"version": "2",
|
|
268
|
+
},
|
|
269
|
+
description="KV Version 2 secret engine mount")
|
|
270
|
+
example_secret_v2 = vault.kv.SecretV2("example",
|
|
271
|
+
mount=kvv2.path,
|
|
272
|
+
name="secret",
|
|
273
|
+
cas=1,
|
|
274
|
+
delete_all_versions=True,
|
|
275
|
+
data_json=json.dumps({
|
|
276
|
+
"zip": "zap",
|
|
277
|
+
"foo": "bar",
|
|
278
|
+
}))
|
|
279
|
+
example = vault.kv.get_secret_v2_output(mount=kvv2.path,
|
|
280
|
+
name=example_secret_v2.name)
|
|
281
|
+
```
|
|
282
|
+
<!--End PulumiCodeChooser -->
|
|
283
|
+
|
|
284
|
+
## Required Vault Capabilities
|
|
285
|
+
|
|
286
|
+
Use of this resource requires the `read` capability on the given path.
|
|
287
|
+
|
|
226
288
|
|
|
227
289
|
:param str mount: Path where KV-V2 engine is mounted.
|
|
228
290
|
:param str name: Full name of the secret. For a nested secret
|