pulumi-vault 6.4.0__py3-none-any.whl → 6.4.0a1723454543__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/_inputs.py +0 -560
- pulumi_vault/_utilities.py +1 -1
- pulumi_vault/ad/get_access_credentials.py +4 -19
- pulumi_vault/ad/secret_backend.py +0 -5
- pulumi_vault/ad/secret_library.py +0 -5
- pulumi_vault/ad/secret_role.py +0 -5
- pulumi_vault/alicloud/auth_backend_role.py +0 -5
- pulumi_vault/approle/auth_backend_login.py +0 -5
- pulumi_vault/approle/auth_backend_role.py +0 -5
- pulumi_vault/approle/auth_backend_role_secret_id.py +0 -99
- pulumi_vault/approle/get_auth_backend_role_id.py +4 -17
- pulumi_vault/audit.py +0 -5
- pulumi_vault/audit_request_header.py +0 -5
- pulumi_vault/auth_backend.py +0 -5
- pulumi_vault/aws/auth_backend_cert.py +0 -5
- pulumi_vault/aws/auth_backend_client.py +0 -5
- pulumi_vault/aws/auth_backend_config_identity.py +0 -5
- pulumi_vault/aws/auth_backend_identity_whitelist.py +0 -5
- pulumi_vault/aws/auth_backend_login.py +7 -12
- pulumi_vault/aws/auth_backend_role.py +0 -5
- pulumi_vault/aws/auth_backend_role_tag.py +0 -5
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +0 -5
- pulumi_vault/aws/auth_backend_sts_role.py +0 -5
- pulumi_vault/aws/get_access_credentials.py +4 -31
- pulumi_vault/aws/get_static_access_credentials.py +4 -18
- pulumi_vault/aws/secret_backend.py +0 -5
- pulumi_vault/aws/secret_backend_role.py +0 -5
- pulumi_vault/aws/secret_backend_static_role.py +0 -5
- pulumi_vault/azure/_inputs.py +0 -24
- pulumi_vault/azure/auth_backend_config.py +0 -5
- pulumi_vault/azure/auth_backend_role.py +0 -5
- pulumi_vault/azure/backend.py +0 -5
- pulumi_vault/azure/backend_role.py +0 -5
- pulumi_vault/azure/get_access_credentials.py +4 -36
- pulumi_vault/azure/outputs.py +0 -5
- pulumi_vault/cert_auth_backend_role.py +0 -5
- pulumi_vault/config/__init__.pyi +0 -5
- pulumi_vault/config/_inputs.py +0 -21
- pulumi_vault/config/outputs.py +0 -5
- pulumi_vault/config/ui_custom_message.py +14 -19
- pulumi_vault/config/vars.py +0 -5
- pulumi_vault/consul/secret_backend.py +0 -5
- pulumi_vault/consul/secret_backend_role.py +0 -5
- pulumi_vault/database/_inputs.py +105 -2256
- pulumi_vault/database/outputs.py +54 -199
- pulumi_vault/database/secret_backend_connection.py +14 -19
- pulumi_vault/database/secret_backend_role.py +14 -19
- pulumi_vault/database/secret_backend_static_role.py +1 -69
- pulumi_vault/database/secrets_mount.py +14 -19
- pulumi_vault/egp_policy.py +0 -5
- pulumi_vault/gcp/_inputs.py +0 -111
- pulumi_vault/gcp/auth_backend.py +0 -5
- pulumi_vault/gcp/auth_backend_role.py +0 -5
- pulumi_vault/gcp/get_auth_backend_role.py +4 -42
- pulumi_vault/gcp/outputs.py +0 -5
- pulumi_vault/gcp/secret_backend.py +0 -5
- pulumi_vault/gcp/secret_impersonated_account.py +3 -62
- pulumi_vault/gcp/secret_roleset.py +0 -5
- pulumi_vault/gcp/secret_static_account.py +0 -5
- pulumi_vault/generic/endpoint.py +0 -5
- pulumi_vault/generic/get_secret.py +5 -25
- pulumi_vault/generic/secret.py +7 -12
- pulumi_vault/get_auth_backend.py +4 -21
- pulumi_vault/get_auth_backends.py +4 -16
- pulumi_vault/get_namespace.py +5 -18
- pulumi_vault/get_namespaces.py +4 -13
- pulumi_vault/get_nomad_access_token.py +8 -28
- pulumi_vault/get_policy_document.py +4 -15
- pulumi_vault/get_raft_autopilot_state.py +7 -26
- pulumi_vault/github/_inputs.py +0 -55
- pulumi_vault/github/auth_backend.py +0 -5
- pulumi_vault/github/outputs.py +0 -5
- pulumi_vault/github/team.py +0 -5
- pulumi_vault/github/user.py +0 -5
- pulumi_vault/identity/entity.py +0 -5
- pulumi_vault/identity/entity_alias.py +0 -5
- pulumi_vault/identity/entity_policies.py +0 -5
- pulumi_vault/identity/get_entity.py +5 -35
- pulumi_vault/identity/get_group.py +6 -42
- pulumi_vault/identity/get_oidc_client_creds.py +4 -16
- pulumi_vault/identity/get_oidc_openid_config.py +4 -26
- pulumi_vault/identity/get_oidc_public_keys.py +5 -16
- pulumi_vault/identity/group.py +0 -5
- pulumi_vault/identity/group_alias.py +0 -5
- pulumi_vault/identity/group_member_entity_ids.py +0 -5
- pulumi_vault/identity/group_member_group_ids.py +0 -5
- pulumi_vault/identity/group_policies.py +0 -5
- pulumi_vault/identity/mfa_duo.py +0 -5
- pulumi_vault/identity/mfa_login_enforcement.py +0 -5
- pulumi_vault/identity/mfa_okta.py +0 -5
- pulumi_vault/identity/mfa_pingid.py +0 -5
- pulumi_vault/identity/mfa_totp.py +0 -5
- pulumi_vault/identity/oidc.py +0 -5
- pulumi_vault/identity/oidc_assignment.py +0 -5
- pulumi_vault/identity/oidc_client.py +0 -5
- pulumi_vault/identity/oidc_key.py +0 -5
- pulumi_vault/identity/oidc_key_allowed_client_id.py +0 -5
- pulumi_vault/identity/oidc_provider.py +0 -5
- pulumi_vault/identity/oidc_role.py +0 -5
- pulumi_vault/identity/oidc_scope.py +0 -5
- pulumi_vault/identity/outputs.py +3 -8
- pulumi_vault/jwt/_inputs.py +0 -55
- pulumi_vault/jwt/auth_backend.py +0 -5
- pulumi_vault/jwt/auth_backend_role.py +28 -33
- pulumi_vault/jwt/outputs.py +0 -5
- pulumi_vault/kmip/secret_backend.py +0 -5
- pulumi_vault/kmip/secret_role.py +0 -5
- pulumi_vault/kmip/secret_scope.py +0 -5
- pulumi_vault/kubernetes/auth_backend_config.py +3 -55
- pulumi_vault/kubernetes/auth_backend_role.py +0 -5
- pulumi_vault/kubernetes/get_auth_backend_config.py +7 -59
- pulumi_vault/kubernetes/get_auth_backend_role.py +4 -39
- pulumi_vault/kubernetes/get_service_account_token.py +4 -28
- pulumi_vault/kubernetes/secret_backend.py +14 -19
- pulumi_vault/kubernetes/secret_backend_role.py +0 -5
- pulumi_vault/kv/_inputs.py +4 -36
- pulumi_vault/kv/get_secret.py +5 -20
- pulumi_vault/kv/get_secret_subkeys_v2.py +5 -24
- pulumi_vault/kv/get_secret_v2.py +8 -27
- pulumi_vault/kv/get_secrets_list.py +4 -15
- pulumi_vault/kv/get_secrets_list_v2.py +4 -18
- pulumi_vault/kv/outputs.py +3 -8
- pulumi_vault/kv/secret.py +7 -12
- pulumi_vault/kv/secret_backend_v2.py +0 -5
- pulumi_vault/kv/secret_v2.py +28 -33
- pulumi_vault/ldap/auth_backend.py +0 -52
- pulumi_vault/ldap/auth_backend_group.py +0 -5
- pulumi_vault/ldap/auth_backend_user.py +0 -5
- pulumi_vault/ldap/get_dynamic_credentials.py +4 -22
- pulumi_vault/ldap/get_static_credentials.py +4 -23
- pulumi_vault/ldap/secret_backend.py +14 -19
- pulumi_vault/ldap/secret_backend_dynamic_role.py +0 -5
- pulumi_vault/ldap/secret_backend_library_set.py +0 -5
- pulumi_vault/ldap/secret_backend_static_role.py +0 -5
- pulumi_vault/managed/_inputs.py +0 -205
- pulumi_vault/managed/keys.py +0 -5
- pulumi_vault/managed/outputs.py +0 -5
- pulumi_vault/mfa_duo.py +0 -5
- pulumi_vault/mfa_okta.py +0 -5
- pulumi_vault/mfa_pingid.py +0 -5
- pulumi_vault/mfa_totp.py +0 -5
- pulumi_vault/mongodbatlas/secret_backend.py +0 -5
- pulumi_vault/mongodbatlas/secret_role.py +0 -5
- pulumi_vault/mount.py +16 -21
- pulumi_vault/namespace.py +14 -19
- pulumi_vault/nomad_secret_backend.py +0 -5
- pulumi_vault/nomad_secret_role.py +0 -5
- pulumi_vault/okta/_inputs.py +0 -39
- pulumi_vault/okta/auth_backend.py +0 -5
- pulumi_vault/okta/auth_backend_group.py +0 -5
- pulumi_vault/okta/auth_backend_user.py +0 -5
- pulumi_vault/okta/outputs.py +0 -5
- pulumi_vault/outputs.py +0 -5
- pulumi_vault/password_policy.py +0 -5
- pulumi_vault/pkisecret/_inputs.py +8 -49
- pulumi_vault/pkisecret/backend_config_cluster.py +0 -5
- pulumi_vault/pkisecret/backend_config_est.py +14 -19
- pulumi_vault/pkisecret/get_backend_config_est.py +5 -23
- pulumi_vault/pkisecret/get_backend_issuer.py +4 -24
- pulumi_vault/pkisecret/get_backend_issuers.py +5 -18
- pulumi_vault/pkisecret/get_backend_key.py +4 -19
- pulumi_vault/pkisecret/get_backend_keys.py +5 -18
- pulumi_vault/pkisecret/outputs.py +12 -17
- pulumi_vault/pkisecret/secret_backend_cert.py +0 -5
- pulumi_vault/pkisecret/secret_backend_config_ca.py +0 -5
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +0 -5
- pulumi_vault/pkisecret/secret_backend_config_urls.py +0 -5
- pulumi_vault/pkisecret/secret_backend_crl_config.py +0 -5
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +0 -5
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +0 -5
- pulumi_vault/pkisecret/secret_backend_issuer.py +0 -5
- pulumi_vault/pkisecret/secret_backend_key.py +0 -5
- pulumi_vault/pkisecret/secret_backend_role.py +0 -5
- pulumi_vault/pkisecret/secret_backend_root_cert.py +0 -5
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +0 -5
- pulumi_vault/pkisecret/secret_backend_sign.py +0 -5
- pulumi_vault/plugin.py +0 -5
- pulumi_vault/plugin_pinned_version.py +0 -5
- pulumi_vault/policy.py +0 -5
- pulumi_vault/provider.py +0 -5
- pulumi_vault/pulumi-plugin.json +1 -1
- pulumi_vault/quota_lease_count.py +0 -5
- pulumi_vault/quota_rate_limit.py +0 -5
- pulumi_vault/rabbitmq/_inputs.py +0 -61
- pulumi_vault/rabbitmq/outputs.py +0 -5
- pulumi_vault/rabbitmq/secret_backend.py +0 -5
- pulumi_vault/rabbitmq/secret_backend_role.py +0 -5
- pulumi_vault/raft_autopilot.py +0 -5
- pulumi_vault/raft_snapshot_agent_config.py +0 -5
- pulumi_vault/rgp_policy.py +0 -5
- pulumi_vault/saml/auth_backend.py +0 -5
- pulumi_vault/saml/auth_backend_role.py +14 -19
- pulumi_vault/secrets/_inputs.py +0 -30
- pulumi_vault/secrets/outputs.py +0 -5
- pulumi_vault/secrets/sync_association.py +0 -5
- pulumi_vault/secrets/sync_aws_destination.py +14 -19
- pulumi_vault/secrets/sync_azure_destination.py +14 -19
- pulumi_vault/secrets/sync_config.py +0 -5
- pulumi_vault/secrets/sync_gcp_destination.py +14 -19
- pulumi_vault/secrets/sync_gh_destination.py +0 -5
- pulumi_vault/secrets/sync_github_apps.py +0 -5
- pulumi_vault/secrets/sync_vercel_destination.py +0 -5
- pulumi_vault/ssh/_inputs.py +0 -22
- pulumi_vault/ssh/outputs.py +0 -5
- pulumi_vault/ssh/secret_backend_ca.py +0 -5
- pulumi_vault/ssh/secret_backend_role.py +28 -67
- pulumi_vault/terraformcloud/secret_backend.py +0 -5
- pulumi_vault/terraformcloud/secret_creds.py +0 -5
- pulumi_vault/terraformcloud/secret_role.py +0 -5
- pulumi_vault/token.py +0 -5
- pulumi_vault/tokenauth/auth_backend_role.py +14 -5
- pulumi_vault/transform/alphabet.py +0 -5
- pulumi_vault/transform/get_decode.py +14 -38
- pulumi_vault/transform/get_encode.py +14 -38
- pulumi_vault/transform/role.py +0 -5
- pulumi_vault/transform/template.py +14 -19
- pulumi_vault/transform/transformation.py +0 -5
- pulumi_vault/transit/get_decrypt.py +4 -21
- pulumi_vault/transit/get_encrypt.py +4 -23
- pulumi_vault/transit/secret_backend_key.py +7 -12
- pulumi_vault/transit/secret_cache_config.py +0 -5
- {pulumi_vault-6.4.0.dist-info → pulumi_vault-6.4.0a1723454543.dist-info}/METADATA +2 -3
- pulumi_vault-6.4.0a1723454543.dist-info/RECORD +256 -0
- {pulumi_vault-6.4.0.dist-info → pulumi_vault-6.4.0a1723454543.dist-info}/WHEEL +1 -1
- pulumi_vault-6.4.0.dist-info/RECORD +0 -256
- {pulumi_vault-6.4.0.dist-info → pulumi_vault-6.4.0a1723454543.dist-info}/top_level.txt +0 -0
|
@@ -4,14 +4,9 @@
|
|
|
4
4
|
|
|
5
5
|
import copy
|
|
6
6
|
import warnings
|
|
7
|
-
import sys
|
|
8
7
|
import pulumi
|
|
9
8
|
import pulumi.runtime
|
|
10
9
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
|
11
|
-
if sys.version_info >= (3, 11):
|
|
12
|
-
from typing import NotRequired, TypedDict, TypeAlias
|
|
13
|
-
else:
|
|
14
|
-
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
|
15
10
|
from .. import _utilities
|
|
16
11
|
|
|
17
12
|
__all__ = ['AuthBackendRoleArgs', 'AuthBackendRole']
|
|
@@ -24,10 +19,10 @@ class AuthBackendRoleArgs:
|
|
|
24
19
|
allowed_redirect_uris: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
|
25
20
|
backend: Optional[pulumi.Input[str]] = None,
|
|
26
21
|
bound_audiences: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
|
27
|
-
bound_claims: Optional[pulumi.Input[Mapping[str,
|
|
22
|
+
bound_claims: Optional[pulumi.Input[Mapping[str, Any]]] = None,
|
|
28
23
|
bound_claims_type: Optional[pulumi.Input[str]] = None,
|
|
29
24
|
bound_subject: Optional[pulumi.Input[str]] = None,
|
|
30
|
-
claim_mappings: Optional[pulumi.Input[Mapping[str,
|
|
25
|
+
claim_mappings: Optional[pulumi.Input[Mapping[str, Any]]] = None,
|
|
31
26
|
clock_skew_leeway: Optional[pulumi.Input[int]] = None,
|
|
32
27
|
disable_bound_claims_parsing: Optional[pulumi.Input[bool]] = None,
|
|
33
28
|
expiration_leeway: Optional[pulumi.Input[int]] = None,
|
|
@@ -60,7 +55,7 @@ class AuthBackendRoleArgs:
|
|
|
60
55
|
Defaults to `jwt`.
|
|
61
56
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] bound_audiences: (Required for roles of type `jwt`, optional for roles of
|
|
62
57
|
type `oidc`) List of `aud` claims to match against. Any match is sufficient.
|
|
63
|
-
:param pulumi.Input[Mapping[str,
|
|
58
|
+
:param pulumi.Input[Mapping[str, Any]] bound_claims: If set, a map of claims to values to match against.
|
|
64
59
|
A claim's value must be a string, which may contain one value or multiple
|
|
65
60
|
comma-separated values, e.g. `"red"` or `"red,green,blue"`.
|
|
66
61
|
:param pulumi.Input[str] bound_claims_type: How to interpret values in the claims/values
|
|
@@ -68,7 +63,7 @@ class AuthBackendRoleArgs:
|
|
|
68
63
|
match). Requires Vault 1.4.0 or above.
|
|
69
64
|
:param pulumi.Input[str] bound_subject: If set, requires that the `sub` claim matches
|
|
70
65
|
this value.
|
|
71
|
-
:param pulumi.Input[Mapping[str,
|
|
66
|
+
:param pulumi.Input[Mapping[str, Any]] claim_mappings: If set, a map of claims (keys) to be copied
|
|
72
67
|
to specified metadata fields (values).
|
|
73
68
|
:param pulumi.Input[int] clock_skew_leeway: The amount of leeway to add to all claims to account for clock skew, in
|
|
74
69
|
seconds. Defaults to `60` seconds if set to `0` and can be disabled if set to `-1`.
|
|
@@ -234,7 +229,7 @@ class AuthBackendRoleArgs:
|
|
|
234
229
|
|
|
235
230
|
@property
|
|
236
231
|
@pulumi.getter(name="boundClaims")
|
|
237
|
-
def bound_claims(self) -> Optional[pulumi.Input[Mapping[str,
|
|
232
|
+
def bound_claims(self) -> Optional[pulumi.Input[Mapping[str, Any]]]:
|
|
238
233
|
"""
|
|
239
234
|
If set, a map of claims to values to match against.
|
|
240
235
|
A claim's value must be a string, which may contain one value or multiple
|
|
@@ -243,7 +238,7 @@ class AuthBackendRoleArgs:
|
|
|
243
238
|
return pulumi.get(self, "bound_claims")
|
|
244
239
|
|
|
245
240
|
@bound_claims.setter
|
|
246
|
-
def bound_claims(self, value: Optional[pulumi.Input[Mapping[str,
|
|
241
|
+
def bound_claims(self, value: Optional[pulumi.Input[Mapping[str, Any]]]):
|
|
247
242
|
pulumi.set(self, "bound_claims", value)
|
|
248
243
|
|
|
249
244
|
@property
|
|
@@ -275,7 +270,7 @@ class AuthBackendRoleArgs:
|
|
|
275
270
|
|
|
276
271
|
@property
|
|
277
272
|
@pulumi.getter(name="claimMappings")
|
|
278
|
-
def claim_mappings(self) -> Optional[pulumi.Input[Mapping[str,
|
|
273
|
+
def claim_mappings(self) -> Optional[pulumi.Input[Mapping[str, Any]]]:
|
|
279
274
|
"""
|
|
280
275
|
If set, a map of claims (keys) to be copied
|
|
281
276
|
to specified metadata fields (values).
|
|
@@ -283,7 +278,7 @@ class AuthBackendRoleArgs:
|
|
|
283
278
|
return pulumi.get(self, "claim_mappings")
|
|
284
279
|
|
|
285
280
|
@claim_mappings.setter
|
|
286
|
-
def claim_mappings(self, value: Optional[pulumi.Input[Mapping[str,
|
|
281
|
+
def claim_mappings(self, value: Optional[pulumi.Input[Mapping[str, Any]]]):
|
|
287
282
|
pulumi.set(self, "claim_mappings", value)
|
|
288
283
|
|
|
289
284
|
@property
|
|
@@ -552,10 +547,10 @@ class _AuthBackendRoleState:
|
|
|
552
547
|
allowed_redirect_uris: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
|
553
548
|
backend: Optional[pulumi.Input[str]] = None,
|
|
554
549
|
bound_audiences: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
|
555
|
-
bound_claims: Optional[pulumi.Input[Mapping[str,
|
|
550
|
+
bound_claims: Optional[pulumi.Input[Mapping[str, Any]]] = None,
|
|
556
551
|
bound_claims_type: Optional[pulumi.Input[str]] = None,
|
|
557
552
|
bound_subject: Optional[pulumi.Input[str]] = None,
|
|
558
|
-
claim_mappings: Optional[pulumi.Input[Mapping[str,
|
|
553
|
+
claim_mappings: Optional[pulumi.Input[Mapping[str, Any]]] = None,
|
|
559
554
|
clock_skew_leeway: Optional[pulumi.Input[int]] = None,
|
|
560
555
|
disable_bound_claims_parsing: Optional[pulumi.Input[bool]] = None,
|
|
561
556
|
expiration_leeway: Optional[pulumi.Input[int]] = None,
|
|
@@ -586,7 +581,7 @@ class _AuthBackendRoleState:
|
|
|
586
581
|
Defaults to `jwt`.
|
|
587
582
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] bound_audiences: (Required for roles of type `jwt`, optional for roles of
|
|
588
583
|
type `oidc`) List of `aud` claims to match against. Any match is sufficient.
|
|
589
|
-
:param pulumi.Input[Mapping[str,
|
|
584
|
+
:param pulumi.Input[Mapping[str, Any]] bound_claims: If set, a map of claims to values to match against.
|
|
590
585
|
A claim's value must be a string, which may contain one value or multiple
|
|
591
586
|
comma-separated values, e.g. `"red"` or `"red,green,blue"`.
|
|
592
587
|
:param pulumi.Input[str] bound_claims_type: How to interpret values in the claims/values
|
|
@@ -594,7 +589,7 @@ class _AuthBackendRoleState:
|
|
|
594
589
|
match). Requires Vault 1.4.0 or above.
|
|
595
590
|
:param pulumi.Input[str] bound_subject: If set, requires that the `sub` claim matches
|
|
596
591
|
this value.
|
|
597
|
-
:param pulumi.Input[Mapping[str,
|
|
592
|
+
:param pulumi.Input[Mapping[str, Any]] claim_mappings: If set, a map of claims (keys) to be copied
|
|
598
593
|
to specified metadata fields (values).
|
|
599
594
|
:param pulumi.Input[int] clock_skew_leeway: The amount of leeway to add to all claims to account for clock skew, in
|
|
600
595
|
seconds. Defaults to `60` seconds if set to `0` and can be disabled if set to `-1`.
|
|
@@ -740,7 +735,7 @@ class _AuthBackendRoleState:
|
|
|
740
735
|
|
|
741
736
|
@property
|
|
742
737
|
@pulumi.getter(name="boundClaims")
|
|
743
|
-
def bound_claims(self) -> Optional[pulumi.Input[Mapping[str,
|
|
738
|
+
def bound_claims(self) -> Optional[pulumi.Input[Mapping[str, Any]]]:
|
|
744
739
|
"""
|
|
745
740
|
If set, a map of claims to values to match against.
|
|
746
741
|
A claim's value must be a string, which may contain one value or multiple
|
|
@@ -749,7 +744,7 @@ class _AuthBackendRoleState:
|
|
|
749
744
|
return pulumi.get(self, "bound_claims")
|
|
750
745
|
|
|
751
746
|
@bound_claims.setter
|
|
752
|
-
def bound_claims(self, value: Optional[pulumi.Input[Mapping[str,
|
|
747
|
+
def bound_claims(self, value: Optional[pulumi.Input[Mapping[str, Any]]]):
|
|
753
748
|
pulumi.set(self, "bound_claims", value)
|
|
754
749
|
|
|
755
750
|
@property
|
|
@@ -781,7 +776,7 @@ class _AuthBackendRoleState:
|
|
|
781
776
|
|
|
782
777
|
@property
|
|
783
778
|
@pulumi.getter(name="claimMappings")
|
|
784
|
-
def claim_mappings(self) -> Optional[pulumi.Input[Mapping[str,
|
|
779
|
+
def claim_mappings(self) -> Optional[pulumi.Input[Mapping[str, Any]]]:
|
|
785
780
|
"""
|
|
786
781
|
If set, a map of claims (keys) to be copied
|
|
787
782
|
to specified metadata fields (values).
|
|
@@ -789,7 +784,7 @@ class _AuthBackendRoleState:
|
|
|
789
784
|
return pulumi.get(self, "claim_mappings")
|
|
790
785
|
|
|
791
786
|
@claim_mappings.setter
|
|
792
|
-
def claim_mappings(self, value: Optional[pulumi.Input[Mapping[str,
|
|
787
|
+
def claim_mappings(self, value: Optional[pulumi.Input[Mapping[str, Any]]]):
|
|
793
788
|
pulumi.set(self, "claim_mappings", value)
|
|
794
789
|
|
|
795
790
|
@property
|
|
@@ -1086,10 +1081,10 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
|
1086
1081
|
allowed_redirect_uris: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
|
1087
1082
|
backend: Optional[pulumi.Input[str]] = None,
|
|
1088
1083
|
bound_audiences: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
|
1089
|
-
bound_claims: Optional[pulumi.Input[Mapping[str,
|
|
1084
|
+
bound_claims: Optional[pulumi.Input[Mapping[str, Any]]] = None,
|
|
1090
1085
|
bound_claims_type: Optional[pulumi.Input[str]] = None,
|
|
1091
1086
|
bound_subject: Optional[pulumi.Input[str]] = None,
|
|
1092
|
-
claim_mappings: Optional[pulumi.Input[Mapping[str,
|
|
1087
|
+
claim_mappings: Optional[pulumi.Input[Mapping[str, Any]]] = None,
|
|
1093
1088
|
clock_skew_leeway: Optional[pulumi.Input[int]] = None,
|
|
1094
1089
|
disable_bound_claims_parsing: Optional[pulumi.Input[bool]] = None,
|
|
1095
1090
|
expiration_leeway: Optional[pulumi.Input[int]] = None,
|
|
@@ -1181,7 +1176,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
|
1181
1176
|
Defaults to `jwt`.
|
|
1182
1177
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] bound_audiences: (Required for roles of type `jwt`, optional for roles of
|
|
1183
1178
|
type `oidc`) List of `aud` claims to match against. Any match is sufficient.
|
|
1184
|
-
:param pulumi.Input[Mapping[str,
|
|
1179
|
+
:param pulumi.Input[Mapping[str, Any]] bound_claims: If set, a map of claims to values to match against.
|
|
1185
1180
|
A claim's value must be a string, which may contain one value or multiple
|
|
1186
1181
|
comma-separated values, e.g. `"red"` or `"red,green,blue"`.
|
|
1187
1182
|
:param pulumi.Input[str] bound_claims_type: How to interpret values in the claims/values
|
|
@@ -1189,7 +1184,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
|
1189
1184
|
match). Requires Vault 1.4.0 or above.
|
|
1190
1185
|
:param pulumi.Input[str] bound_subject: If set, requires that the `sub` claim matches
|
|
1191
1186
|
this value.
|
|
1192
|
-
:param pulumi.Input[Mapping[str,
|
|
1187
|
+
:param pulumi.Input[Mapping[str, Any]] claim_mappings: If set, a map of claims (keys) to be copied
|
|
1193
1188
|
to specified metadata fields (values).
|
|
1194
1189
|
:param pulumi.Input[int] clock_skew_leeway: The amount of leeway to add to all claims to account for clock skew, in
|
|
1195
1190
|
seconds. Defaults to `60` seconds if set to `0` and can be disabled if set to `-1`.
|
|
@@ -1319,10 +1314,10 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
|
1319
1314
|
allowed_redirect_uris: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
|
1320
1315
|
backend: Optional[pulumi.Input[str]] = None,
|
|
1321
1316
|
bound_audiences: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
|
1322
|
-
bound_claims: Optional[pulumi.Input[Mapping[str,
|
|
1317
|
+
bound_claims: Optional[pulumi.Input[Mapping[str, Any]]] = None,
|
|
1323
1318
|
bound_claims_type: Optional[pulumi.Input[str]] = None,
|
|
1324
1319
|
bound_subject: Optional[pulumi.Input[str]] = None,
|
|
1325
|
-
claim_mappings: Optional[pulumi.Input[Mapping[str,
|
|
1320
|
+
claim_mappings: Optional[pulumi.Input[Mapping[str, Any]]] = None,
|
|
1326
1321
|
clock_skew_leeway: Optional[pulumi.Input[int]] = None,
|
|
1327
1322
|
disable_bound_claims_parsing: Optional[pulumi.Input[bool]] = None,
|
|
1328
1323
|
expiration_leeway: Optional[pulumi.Input[int]] = None,
|
|
@@ -1400,10 +1395,10 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
|
1400
1395
|
allowed_redirect_uris: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
|
1401
1396
|
backend: Optional[pulumi.Input[str]] = None,
|
|
1402
1397
|
bound_audiences: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
|
1403
|
-
bound_claims: Optional[pulumi.Input[Mapping[str,
|
|
1398
|
+
bound_claims: Optional[pulumi.Input[Mapping[str, Any]]] = None,
|
|
1404
1399
|
bound_claims_type: Optional[pulumi.Input[str]] = None,
|
|
1405
1400
|
bound_subject: Optional[pulumi.Input[str]] = None,
|
|
1406
|
-
claim_mappings: Optional[pulumi.Input[Mapping[str,
|
|
1401
|
+
claim_mappings: Optional[pulumi.Input[Mapping[str, Any]]] = None,
|
|
1407
1402
|
clock_skew_leeway: Optional[pulumi.Input[int]] = None,
|
|
1408
1403
|
disable_bound_claims_parsing: Optional[pulumi.Input[bool]] = None,
|
|
1409
1404
|
expiration_leeway: Optional[pulumi.Input[int]] = None,
|
|
@@ -1439,7 +1434,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
|
1439
1434
|
Defaults to `jwt`.
|
|
1440
1435
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] bound_audiences: (Required for roles of type `jwt`, optional for roles of
|
|
1441
1436
|
type `oidc`) List of `aud` claims to match against. Any match is sufficient.
|
|
1442
|
-
:param pulumi.Input[Mapping[str,
|
|
1437
|
+
:param pulumi.Input[Mapping[str, Any]] bound_claims: If set, a map of claims to values to match against.
|
|
1443
1438
|
A claim's value must be a string, which may contain one value or multiple
|
|
1444
1439
|
comma-separated values, e.g. `"red"` or `"red,green,blue"`.
|
|
1445
1440
|
:param pulumi.Input[str] bound_claims_type: How to interpret values in the claims/values
|
|
@@ -1447,7 +1442,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
|
1447
1442
|
match). Requires Vault 1.4.0 or above.
|
|
1448
1443
|
:param pulumi.Input[str] bound_subject: If set, requires that the `sub` claim matches
|
|
1449
1444
|
this value.
|
|
1450
|
-
:param pulumi.Input[Mapping[str,
|
|
1445
|
+
:param pulumi.Input[Mapping[str, Any]] claim_mappings: If set, a map of claims (keys) to be copied
|
|
1451
1446
|
to specified metadata fields (values).
|
|
1452
1447
|
:param pulumi.Input[int] clock_skew_leeway: The amount of leeway to add to all claims to account for clock skew, in
|
|
1453
1448
|
seconds. Defaults to `60` seconds if set to `0` and can be disabled if set to `-1`.
|
|
@@ -1557,7 +1552,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
|
1557
1552
|
|
|
1558
1553
|
@property
|
|
1559
1554
|
@pulumi.getter(name="boundClaims")
|
|
1560
|
-
def bound_claims(self) -> pulumi.Output[Optional[Mapping[str,
|
|
1555
|
+
def bound_claims(self) -> pulumi.Output[Optional[Mapping[str, Any]]]:
|
|
1561
1556
|
"""
|
|
1562
1557
|
If set, a map of claims to values to match against.
|
|
1563
1558
|
A claim's value must be a string, which may contain one value or multiple
|
|
@@ -1586,7 +1581,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
|
1586
1581
|
|
|
1587
1582
|
@property
|
|
1588
1583
|
@pulumi.getter(name="claimMappings")
|
|
1589
|
-
def claim_mappings(self) -> pulumi.Output[Optional[Mapping[str,
|
|
1584
|
+
def claim_mappings(self) -> pulumi.Output[Optional[Mapping[str, Any]]]:
|
|
1590
1585
|
"""
|
|
1591
1586
|
If set, a map of claims (keys) to be copied
|
|
1592
1587
|
to specified metadata fields (values).
|
pulumi_vault/jwt/outputs.py
CHANGED
|
@@ -4,14 +4,9 @@
|
|
|
4
4
|
|
|
5
5
|
import copy
|
|
6
6
|
import warnings
|
|
7
|
-
import sys
|
|
8
7
|
import pulumi
|
|
9
8
|
import pulumi.runtime
|
|
10
9
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
|
11
|
-
if sys.version_info >= (3, 11):
|
|
12
|
-
from typing import NotRequired, TypedDict, TypeAlias
|
|
13
|
-
else:
|
|
14
|
-
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
|
15
10
|
from .. import _utilities
|
|
16
11
|
|
|
17
12
|
__all__ = [
|
|
@@ -4,14 +4,9 @@
|
|
|
4
4
|
|
|
5
5
|
import copy
|
|
6
6
|
import warnings
|
|
7
|
-
import sys
|
|
8
7
|
import pulumi
|
|
9
8
|
import pulumi.runtime
|
|
10
9
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
|
11
|
-
if sys.version_info >= (3, 11):
|
|
12
|
-
from typing import NotRequired, TypedDict, TypeAlias
|
|
13
|
-
else:
|
|
14
|
-
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
|
15
10
|
from .. import _utilities
|
|
16
11
|
|
|
17
12
|
__all__ = ['SecretBackendArgs', 'SecretBackend']
|
pulumi_vault/kmip/secret_role.py
CHANGED
|
@@ -4,14 +4,9 @@
|
|
|
4
4
|
|
|
5
5
|
import copy
|
|
6
6
|
import warnings
|
|
7
|
-
import sys
|
|
8
7
|
import pulumi
|
|
9
8
|
import pulumi.runtime
|
|
10
9
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
|
11
|
-
if sys.version_info >= (3, 11):
|
|
12
|
-
from typing import NotRequired, TypedDict, TypeAlias
|
|
13
|
-
else:
|
|
14
|
-
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
|
15
10
|
from .. import _utilities
|
|
16
11
|
|
|
17
12
|
__all__ = ['SecretRoleArgs', 'SecretRole']
|
|
@@ -4,14 +4,9 @@
|
|
|
4
4
|
|
|
5
5
|
import copy
|
|
6
6
|
import warnings
|
|
7
|
-
import sys
|
|
8
7
|
import pulumi
|
|
9
8
|
import pulumi.runtime
|
|
10
9
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
|
11
|
-
if sys.version_info >= (3, 11):
|
|
12
|
-
from typing import NotRequired, TypedDict, TypeAlias
|
|
13
|
-
else:
|
|
14
|
-
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
|
15
10
|
from .. import _utilities
|
|
16
11
|
|
|
17
12
|
__all__ = ['SecretScopeArgs', 'SecretScope']
|
|
@@ -4,14 +4,9 @@
|
|
|
4
4
|
|
|
5
5
|
import copy
|
|
6
6
|
import warnings
|
|
7
|
-
import sys
|
|
8
7
|
import pulumi
|
|
9
8
|
import pulumi.runtime
|
|
10
9
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
|
11
|
-
if sys.version_info >= (3, 11):
|
|
12
|
-
from typing import NotRequired, TypedDict, TypeAlias
|
|
13
|
-
else:
|
|
14
|
-
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
|
15
10
|
from .. import _utilities
|
|
16
11
|
|
|
17
12
|
__all__ = ['AuthBackendConfigArgs', 'AuthBackendConfig']
|
|
@@ -27,8 +22,7 @@ class AuthBackendConfigArgs:
|
|
|
27
22
|
kubernetes_ca_cert: Optional[pulumi.Input[str]] = None,
|
|
28
23
|
namespace: Optional[pulumi.Input[str]] = None,
|
|
29
24
|
pem_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
|
30
|
-
token_reviewer_jwt: Optional[pulumi.Input[str]] = None
|
|
31
|
-
use_annotations_as_alias_metadata: Optional[pulumi.Input[bool]] = None):
|
|
25
|
+
token_reviewer_jwt: Optional[pulumi.Input[str]] = None):
|
|
32
26
|
"""
|
|
33
27
|
The set of arguments for constructing a AuthBackendConfig resource.
|
|
34
28
|
:param pulumi.Input[str] kubernetes_host: Host must be a host string, a host:port pair, or a URL to the base of the Kubernetes API server.
|
|
@@ -43,7 +37,6 @@ class AuthBackendConfigArgs:
|
|
|
43
37
|
*Available only for Vault Enterprise*.
|
|
44
38
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] pem_keys: List of PEM-formatted public keys or certificates used to verify the signatures of Kubernetes service account JWTs. If a certificate is given, its public key will be extracted. Not every installation of Kubernetes exposes these keys.
|
|
45
39
|
:param pulumi.Input[str] token_reviewer_jwt: A service account JWT (or other token) used as a bearer token to access the TokenReview API to validate other JWTs during login. If not set the JWT used for login will be used to access the API.
|
|
46
|
-
:param pulumi.Input[bool] use_annotations_as_alias_metadata: Use annotations from the client token's associated service account as alias metadata for the Vault entity. Requires Vault `v1.16+` or Vault auth kubernetes plugin `v0.18.0+`
|
|
47
40
|
"""
|
|
48
41
|
pulumi.set(__self__, "kubernetes_host", kubernetes_host)
|
|
49
42
|
if backend is not None:
|
|
@@ -62,8 +55,6 @@ class AuthBackendConfigArgs:
|
|
|
62
55
|
pulumi.set(__self__, "pem_keys", pem_keys)
|
|
63
56
|
if token_reviewer_jwt is not None:
|
|
64
57
|
pulumi.set(__self__, "token_reviewer_jwt", token_reviewer_jwt)
|
|
65
|
-
if use_annotations_as_alias_metadata is not None:
|
|
66
|
-
pulumi.set(__self__, "use_annotations_as_alias_metadata", use_annotations_as_alias_metadata)
|
|
67
58
|
|
|
68
59
|
@property
|
|
69
60
|
@pulumi.getter(name="kubernetesHost")
|
|
@@ -176,18 +167,6 @@ class AuthBackendConfigArgs:
|
|
|
176
167
|
def token_reviewer_jwt(self, value: Optional[pulumi.Input[str]]):
|
|
177
168
|
pulumi.set(self, "token_reviewer_jwt", value)
|
|
178
169
|
|
|
179
|
-
@property
|
|
180
|
-
@pulumi.getter(name="useAnnotationsAsAliasMetadata")
|
|
181
|
-
def use_annotations_as_alias_metadata(self) -> Optional[pulumi.Input[bool]]:
|
|
182
|
-
"""
|
|
183
|
-
Use annotations from the client token's associated service account as alias metadata for the Vault entity. Requires Vault `v1.16+` or Vault auth kubernetes plugin `v0.18.0+`
|
|
184
|
-
"""
|
|
185
|
-
return pulumi.get(self, "use_annotations_as_alias_metadata")
|
|
186
|
-
|
|
187
|
-
@use_annotations_as_alias_metadata.setter
|
|
188
|
-
def use_annotations_as_alias_metadata(self, value: Optional[pulumi.Input[bool]]):
|
|
189
|
-
pulumi.set(self, "use_annotations_as_alias_metadata", value)
|
|
190
|
-
|
|
191
170
|
|
|
192
171
|
@pulumi.input_type
|
|
193
172
|
class _AuthBackendConfigState:
|
|
@@ -200,8 +179,7 @@ class _AuthBackendConfigState:
|
|
|
200
179
|
kubernetes_host: Optional[pulumi.Input[str]] = None,
|
|
201
180
|
namespace: Optional[pulumi.Input[str]] = None,
|
|
202
181
|
pem_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
|
203
|
-
token_reviewer_jwt: Optional[pulumi.Input[str]] = None
|
|
204
|
-
use_annotations_as_alias_metadata: Optional[pulumi.Input[bool]] = None):
|
|
182
|
+
token_reviewer_jwt: Optional[pulumi.Input[str]] = None):
|
|
205
183
|
"""
|
|
206
184
|
Input properties used for looking up and filtering AuthBackendConfig resources.
|
|
207
185
|
:param pulumi.Input[str] backend: Unique name of the kubernetes backend to configure.
|
|
@@ -216,7 +194,6 @@ class _AuthBackendConfigState:
|
|
|
216
194
|
*Available only for Vault Enterprise*.
|
|
217
195
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] pem_keys: List of PEM-formatted public keys or certificates used to verify the signatures of Kubernetes service account JWTs. If a certificate is given, its public key will be extracted. Not every installation of Kubernetes exposes these keys.
|
|
218
196
|
:param pulumi.Input[str] token_reviewer_jwt: A service account JWT (or other token) used as a bearer token to access the TokenReview API to validate other JWTs during login. If not set the JWT used for login will be used to access the API.
|
|
219
|
-
:param pulumi.Input[bool] use_annotations_as_alias_metadata: Use annotations from the client token's associated service account as alias metadata for the Vault entity. Requires Vault `v1.16+` or Vault auth kubernetes plugin `v0.18.0+`
|
|
220
197
|
"""
|
|
221
198
|
if backend is not None:
|
|
222
199
|
pulumi.set(__self__, "backend", backend)
|
|
@@ -236,8 +213,6 @@ class _AuthBackendConfigState:
|
|
|
236
213
|
pulumi.set(__self__, "pem_keys", pem_keys)
|
|
237
214
|
if token_reviewer_jwt is not None:
|
|
238
215
|
pulumi.set(__self__, "token_reviewer_jwt", token_reviewer_jwt)
|
|
239
|
-
if use_annotations_as_alias_metadata is not None:
|
|
240
|
-
pulumi.set(__self__, "use_annotations_as_alias_metadata", use_annotations_as_alias_metadata)
|
|
241
216
|
|
|
242
217
|
@property
|
|
243
218
|
@pulumi.getter
|
|
@@ -350,18 +325,6 @@ class _AuthBackendConfigState:
|
|
|
350
325
|
def token_reviewer_jwt(self, value: Optional[pulumi.Input[str]]):
|
|
351
326
|
pulumi.set(self, "token_reviewer_jwt", value)
|
|
352
327
|
|
|
353
|
-
@property
|
|
354
|
-
@pulumi.getter(name="useAnnotationsAsAliasMetadata")
|
|
355
|
-
def use_annotations_as_alias_metadata(self) -> Optional[pulumi.Input[bool]]:
|
|
356
|
-
"""
|
|
357
|
-
Use annotations from the client token's associated service account as alias metadata for the Vault entity. Requires Vault `v1.16+` or Vault auth kubernetes plugin `v0.18.0+`
|
|
358
|
-
"""
|
|
359
|
-
return pulumi.get(self, "use_annotations_as_alias_metadata")
|
|
360
|
-
|
|
361
|
-
@use_annotations_as_alias_metadata.setter
|
|
362
|
-
def use_annotations_as_alias_metadata(self, value: Optional[pulumi.Input[bool]]):
|
|
363
|
-
pulumi.set(self, "use_annotations_as_alias_metadata", value)
|
|
364
|
-
|
|
365
328
|
|
|
366
329
|
class AuthBackendConfig(pulumi.CustomResource):
|
|
367
330
|
@overload
|
|
@@ -377,7 +340,6 @@ class AuthBackendConfig(pulumi.CustomResource):
|
|
|
377
340
|
namespace: Optional[pulumi.Input[str]] = None,
|
|
378
341
|
pem_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
|
379
342
|
token_reviewer_jwt: Optional[pulumi.Input[str]] = None,
|
|
380
|
-
use_annotations_as_alias_metadata: Optional[pulumi.Input[bool]] = None,
|
|
381
343
|
__props__=None):
|
|
382
344
|
"""
|
|
383
345
|
Manages an Kubernetes auth backend config in a Vault server. See the [Vault
|
|
@@ -424,7 +386,6 @@ class AuthBackendConfig(pulumi.CustomResource):
|
|
|
424
386
|
*Available only for Vault Enterprise*.
|
|
425
387
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] pem_keys: List of PEM-formatted public keys or certificates used to verify the signatures of Kubernetes service account JWTs. If a certificate is given, its public key will be extracted. Not every installation of Kubernetes exposes these keys.
|
|
426
388
|
:param pulumi.Input[str] token_reviewer_jwt: A service account JWT (or other token) used as a bearer token to access the TokenReview API to validate other JWTs during login. If not set the JWT used for login will be used to access the API.
|
|
427
|
-
:param pulumi.Input[bool] use_annotations_as_alias_metadata: Use annotations from the client token's associated service account as alias metadata for the Vault entity. Requires Vault `v1.16+` or Vault auth kubernetes plugin `v0.18.0+`
|
|
428
389
|
"""
|
|
429
390
|
...
|
|
430
391
|
@overload
|
|
@@ -487,7 +448,6 @@ class AuthBackendConfig(pulumi.CustomResource):
|
|
|
487
448
|
namespace: Optional[pulumi.Input[str]] = None,
|
|
488
449
|
pem_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
|
489
450
|
token_reviewer_jwt: Optional[pulumi.Input[str]] = None,
|
|
490
|
-
use_annotations_as_alias_metadata: Optional[pulumi.Input[bool]] = None,
|
|
491
451
|
__props__=None):
|
|
492
452
|
opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
|
|
493
453
|
if not isinstance(opts, pulumi.ResourceOptions):
|
|
@@ -508,7 +468,6 @@ class AuthBackendConfig(pulumi.CustomResource):
|
|
|
508
468
|
__props__.__dict__["namespace"] = namespace
|
|
509
469
|
__props__.__dict__["pem_keys"] = pem_keys
|
|
510
470
|
__props__.__dict__["token_reviewer_jwt"] = None if token_reviewer_jwt is None else pulumi.Output.secret(token_reviewer_jwt)
|
|
511
|
-
__props__.__dict__["use_annotations_as_alias_metadata"] = use_annotations_as_alias_metadata
|
|
512
471
|
secret_opts = pulumi.ResourceOptions(additional_secret_outputs=["tokenReviewerJwt"])
|
|
513
472
|
opts = pulumi.ResourceOptions.merge(opts, secret_opts)
|
|
514
473
|
super(AuthBackendConfig, __self__).__init__(
|
|
@@ -529,8 +488,7 @@ class AuthBackendConfig(pulumi.CustomResource):
|
|
|
529
488
|
kubernetes_host: Optional[pulumi.Input[str]] = None,
|
|
530
489
|
namespace: Optional[pulumi.Input[str]] = None,
|
|
531
490
|
pem_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
|
532
|
-
token_reviewer_jwt: Optional[pulumi.Input[str]] = None
|
|
533
|
-
use_annotations_as_alias_metadata: Optional[pulumi.Input[bool]] = None) -> 'AuthBackendConfig':
|
|
491
|
+
token_reviewer_jwt: Optional[pulumi.Input[str]] = None) -> 'AuthBackendConfig':
|
|
534
492
|
"""
|
|
535
493
|
Get an existing AuthBackendConfig resource's state with the given name, id, and optional extra
|
|
536
494
|
properties used to qualify the lookup.
|
|
@@ -550,7 +508,6 @@ class AuthBackendConfig(pulumi.CustomResource):
|
|
|
550
508
|
*Available only for Vault Enterprise*.
|
|
551
509
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] pem_keys: List of PEM-formatted public keys or certificates used to verify the signatures of Kubernetes service account JWTs. If a certificate is given, its public key will be extracted. Not every installation of Kubernetes exposes these keys.
|
|
552
510
|
:param pulumi.Input[str] token_reviewer_jwt: A service account JWT (or other token) used as a bearer token to access the TokenReview API to validate other JWTs during login. If not set the JWT used for login will be used to access the API.
|
|
553
|
-
:param pulumi.Input[bool] use_annotations_as_alias_metadata: Use annotations from the client token's associated service account as alias metadata for the Vault entity. Requires Vault `v1.16+` or Vault auth kubernetes plugin `v0.18.0+`
|
|
554
511
|
"""
|
|
555
512
|
opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
|
|
556
513
|
|
|
@@ -565,7 +522,6 @@ class AuthBackendConfig(pulumi.CustomResource):
|
|
|
565
522
|
__props__.__dict__["namespace"] = namespace
|
|
566
523
|
__props__.__dict__["pem_keys"] = pem_keys
|
|
567
524
|
__props__.__dict__["token_reviewer_jwt"] = token_reviewer_jwt
|
|
568
|
-
__props__.__dict__["use_annotations_as_alias_metadata"] = use_annotations_as_alias_metadata
|
|
569
525
|
return AuthBackendConfig(resource_name, opts=opts, __props__=__props__)
|
|
570
526
|
|
|
571
527
|
@property
|
|
@@ -643,11 +599,3 @@ class AuthBackendConfig(pulumi.CustomResource):
|
|
|
643
599
|
"""
|
|
644
600
|
return pulumi.get(self, "token_reviewer_jwt")
|
|
645
601
|
|
|
646
|
-
@property
|
|
647
|
-
@pulumi.getter(name="useAnnotationsAsAliasMetadata")
|
|
648
|
-
def use_annotations_as_alias_metadata(self) -> pulumi.Output[bool]:
|
|
649
|
-
"""
|
|
650
|
-
Use annotations from the client token's associated service account as alias metadata for the Vault entity. Requires Vault `v1.16+` or Vault auth kubernetes plugin `v0.18.0+`
|
|
651
|
-
"""
|
|
652
|
-
return pulumi.get(self, "use_annotations_as_alias_metadata")
|
|
653
|
-
|
|
@@ -4,14 +4,9 @@
|
|
|
4
4
|
|
|
5
5
|
import copy
|
|
6
6
|
import warnings
|
|
7
|
-
import sys
|
|
8
7
|
import pulumi
|
|
9
8
|
import pulumi.runtime
|
|
10
9
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
|
11
|
-
if sys.version_info >= (3, 11):
|
|
12
|
-
from typing import NotRequired, TypedDict, TypeAlias
|
|
13
|
-
else:
|
|
14
|
-
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
|
15
10
|
from .. import _utilities
|
|
16
11
|
|
|
17
12
|
__all__ = ['AuthBackendRoleArgs', 'AuthBackendRole']
|