pulumi-vault 6.4.0a1731738920__py3-none-any.whl → 6.4.0a1732100598__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (15) hide show
  1. pulumi_vault/approle/auth_backend_role_secret_id.py +94 -0
  2. pulumi_vault/database/_inputs.py +200 -0
  3. pulumi_vault/database/outputs.py +140 -0
  4. pulumi_vault/database/secret_backend_static_role.py +64 -1
  5. pulumi_vault/gcp/secret_impersonated_account.py +57 -3
  6. pulumi_vault/kubernetes/auth_backend_config.py +50 -3
  7. pulumi_vault/kubernetes/get_auth_backend_config.py +34 -4
  8. pulumi_vault/kv/get_secret_v2.py +0 -2
  9. pulumi_vault/ldap/auth_backend.py +47 -0
  10. pulumi_vault/pulumi-plugin.json +1 -1
  11. pulumi_vault/ssh/secret_backend_role.py +34 -0
  12. {pulumi_vault-6.4.0a1731738920.dist-info → pulumi_vault-6.4.0a1732100598.dist-info}/METADATA +1 -1
  13. {pulumi_vault-6.4.0a1731738920.dist-info → pulumi_vault-6.4.0a1732100598.dist-info}/RECORD +15 -15
  14. {pulumi_vault-6.4.0a1731738920.dist-info → pulumi_vault-6.4.0a1732100598.dist-info}/WHEEL +0 -0
  15. {pulumi_vault-6.4.0a1731738920.dist-info → pulumi_vault-6.4.0a1732100598.dist-info}/top_level.txt +0 -0
pulumi_vault/kubernetes/auth_backend_config.py CHANGED
@@ -27,7 +27,8 @@ class AuthBackendConfigArgs:
27
27
  kubernetes_ca_cert: Optional[pulumi.Input[str]] = None,
28
28
  namespace: Optional[pulumi.Input[str]] = None,
29
29
  pem_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
30
- token_reviewer_jwt: Optional[pulumi.Input[str]] = None):
30
+ token_reviewer_jwt: Optional[pulumi.Input[str]] = None,
31
+ use_annotations_as_alias_metadata: Optional[pulumi.Input[bool]] = None):
31
32
  """
32
33
  The set of arguments for constructing a AuthBackendConfig resource.
33
34
  :param pulumi.Input[str] kubernetes_host: Host must be a host string, a host:port pair, or a URL to the base of the Kubernetes API server.
@@ -42,6 +43,7 @@ class AuthBackendConfigArgs:
42
43
  *Available only for Vault Enterprise*.
43
44
  :param pulumi.Input[Sequence[pulumi.Input[str]]] pem_keys: List of PEM-formatted public keys or certificates used to verify the signatures of Kubernetes service account JWTs. If a certificate is given, its public key will be extracted. Not every installation of Kubernetes exposes these keys.
44
45
  :param pulumi.Input[str] token_reviewer_jwt: A service account JWT (or other token) used as a bearer token to access the TokenReview API to validate other JWTs during login. If not set the JWT used for login will be used to access the API.
46
+ :param pulumi.Input[bool] use_annotations_as_alias_metadata: Use annotations from the client token's associated service account as alias metadata for the Vault entity. Requires Vault `v1.16+` or Vault auth kubernetes plugin `v0.18.0+`
45
47
  """
46
48
  pulumi.set(__self__, "kubernetes_host", kubernetes_host)
47
49
  if backend is not None:
@@ -60,6 +62,8 @@ class AuthBackendConfigArgs:
60
62
  pulumi.set(__self__, "pem_keys", pem_keys)
61
63
  if token_reviewer_jwt is not None:
62
64
  pulumi.set(__self__, "token_reviewer_jwt", token_reviewer_jwt)
65
+ if use_annotations_as_alias_metadata is not None:
66
+ pulumi.set(__self__, "use_annotations_as_alias_metadata", use_annotations_as_alias_metadata)
63
67
 
64
68
  @property
65
69
  @pulumi.getter(name="kubernetesHost")
@@ -172,6 +176,18 @@ class AuthBackendConfigArgs:
172
176
  def token_reviewer_jwt(self, value: Optional[pulumi.Input[str]]):
173
177
  pulumi.set(self, "token_reviewer_jwt", value)
174
178
 
179
+ @property
180
+ @pulumi.getter(name="useAnnotationsAsAliasMetadata")
181
+ def use_annotations_as_alias_metadata(self) -> Optional[pulumi.Input[bool]]:
182
+ """
183
+ Use annotations from the client token's associated service account as alias metadata for the Vault entity. Requires Vault `v1.16+` or Vault auth kubernetes plugin `v0.18.0+`
184
+ """
185
+ return pulumi.get(self, "use_annotations_as_alias_metadata")
186
+
187
+ @use_annotations_as_alias_metadata.setter
188
+ def use_annotations_as_alias_metadata(self, value: Optional[pulumi.Input[bool]]):
189
+ pulumi.set(self, "use_annotations_as_alias_metadata", value)
190
+
175
191
 
176
192
  @pulumi.input_type
177
193
  class _AuthBackendConfigState:
@@ -184,7 +200,8 @@ class _AuthBackendConfigState:
184
200
  kubernetes_host: Optional[pulumi.Input[str]] = None,
185
201
  namespace: Optional[pulumi.Input[str]] = None,
186
202
  pem_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
187
- token_reviewer_jwt: Optional[pulumi.Input[str]] = None):
203
+ token_reviewer_jwt: Optional[pulumi.Input[str]] = None,
204
+ use_annotations_as_alias_metadata: Optional[pulumi.Input[bool]] = None):
188
205
  """
189
206
  Input properties used for looking up and filtering AuthBackendConfig resources.
190
207
  :param pulumi.Input[str] backend: Unique name of the kubernetes backend to configure.
@@ -199,6 +216,7 @@ class _AuthBackendConfigState:
199
216
  *Available only for Vault Enterprise*.
200
217
  :param pulumi.Input[Sequence[pulumi.Input[str]]] pem_keys: List of PEM-formatted public keys or certificates used to verify the signatures of Kubernetes service account JWTs. If a certificate is given, its public key will be extracted. Not every installation of Kubernetes exposes these keys.
201
218
  :param pulumi.Input[str] token_reviewer_jwt: A service account JWT (or other token) used as a bearer token to access the TokenReview API to validate other JWTs during login. If not set the JWT used for login will be used to access the API.
219
+ :param pulumi.Input[bool] use_annotations_as_alias_metadata: Use annotations from the client token's associated service account as alias metadata for the Vault entity. Requires Vault `v1.16+` or Vault auth kubernetes plugin `v0.18.0+`
202
220
  """
203
221
  if backend is not None:
204
222
  pulumi.set(__self__, "backend", backend)
@@ -218,6 +236,8 @@ class _AuthBackendConfigState:
218
236
  pulumi.set(__self__, "pem_keys", pem_keys)
219
237
  if token_reviewer_jwt is not None:
220
238
  pulumi.set(__self__, "token_reviewer_jwt", token_reviewer_jwt)
239
+ if use_annotations_as_alias_metadata is not None:
240
+ pulumi.set(__self__, "use_annotations_as_alias_metadata", use_annotations_as_alias_metadata)
221
241
 
222
242
  @property
223
243
  @pulumi.getter
@@ -330,6 +350,18 @@ class _AuthBackendConfigState:
330
350
  def token_reviewer_jwt(self, value: Optional[pulumi.Input[str]]):
331
351
  pulumi.set(self, "token_reviewer_jwt", value)
332
352
 
353
+ @property
354
+ @pulumi.getter(name="useAnnotationsAsAliasMetadata")
355
+ def use_annotations_as_alias_metadata(self) -> Optional[pulumi.Input[bool]]:
356
+ """
357
+ Use annotations from the client token's associated service account as alias metadata for the Vault entity. Requires Vault `v1.16+` or Vault auth kubernetes plugin `v0.18.0+`
358
+ """
359
+ return pulumi.get(self, "use_annotations_as_alias_metadata")
360
+
361
+ @use_annotations_as_alias_metadata.setter
362
+ def use_annotations_as_alias_metadata(self, value: Optional[pulumi.Input[bool]]):
363
+ pulumi.set(self, "use_annotations_as_alias_metadata", value)
364
+
333
365
 
334
366
  class AuthBackendConfig(pulumi.CustomResource):
335
367
  @overload
@@ -345,6 +377,7 @@ class AuthBackendConfig(pulumi.CustomResource):
345
377
  namespace: Optional[pulumi.Input[str]] = None,
346
378
  pem_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
347
379
  token_reviewer_jwt: Optional[pulumi.Input[str]] = None,
380
+ use_annotations_as_alias_metadata: Optional[pulumi.Input[bool]] = None,
348
381
  __props__=None):
349
382
  """
350
383
  Manages an Kubernetes auth backend config in a Vault server. See the [Vault
@@ -391,6 +424,7 @@ class AuthBackendConfig(pulumi.CustomResource):
391
424
  *Available only for Vault Enterprise*.
392
425
  :param pulumi.Input[Sequence[pulumi.Input[str]]] pem_keys: List of PEM-formatted public keys or certificates used to verify the signatures of Kubernetes service account JWTs. If a certificate is given, its public key will be extracted. Not every installation of Kubernetes exposes these keys.
393
426
  :param pulumi.Input[str] token_reviewer_jwt: A service account JWT (or other token) used as a bearer token to access the TokenReview API to validate other JWTs during login. If not set the JWT used for login will be used to access the API.
427
+ :param pulumi.Input[bool] use_annotations_as_alias_metadata: Use annotations from the client token's associated service account as alias metadata for the Vault entity. Requires Vault `v1.16+` or Vault auth kubernetes plugin `v0.18.0+`
394
428
  """
395
429
  ...
396
430
  @overload
@@ -453,6 +487,7 @@ class AuthBackendConfig(pulumi.CustomResource):
453
487
  namespace: Optional[pulumi.Input[str]] = None,
454
488
  pem_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
455
489
  token_reviewer_jwt: Optional[pulumi.Input[str]] = None,
490
+ use_annotations_as_alias_metadata: Optional[pulumi.Input[bool]] = None,
456
491
  __props__=None):
457
492
  opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
458
493
  if not isinstance(opts, pulumi.ResourceOptions):
@@ -473,6 +508,7 @@ class AuthBackendConfig(pulumi.CustomResource):
473
508
  __props__.__dict__["namespace"] = namespace
474
509
  __props__.__dict__["pem_keys"] = pem_keys
475
510
  __props__.__dict__["token_reviewer_jwt"] = None if token_reviewer_jwt is None else pulumi.Output.secret(token_reviewer_jwt)
511
+ __props__.__dict__["use_annotations_as_alias_metadata"] = use_annotations_as_alias_metadata
476
512
  secret_opts = pulumi.ResourceOptions(additional_secret_outputs=["tokenReviewerJwt"])
477
513
  opts = pulumi.ResourceOptions.merge(opts, secret_opts)
478
514
  super(AuthBackendConfig, __self__).__init__(
@@ -493,7 +529,8 @@ class AuthBackendConfig(pulumi.CustomResource):
493
529
  kubernetes_host: Optional[pulumi.Input[str]] = None,
494
530
  namespace: Optional[pulumi.Input[str]] = None,
495
531
  pem_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
496
- token_reviewer_jwt: Optional[pulumi.Input[str]] = None) -> 'AuthBackendConfig':
532
+ token_reviewer_jwt: Optional[pulumi.Input[str]] = None,
533
+ use_annotations_as_alias_metadata: Optional[pulumi.Input[bool]] = None) -> 'AuthBackendConfig':
497
534
  """
498
535
  Get an existing AuthBackendConfig resource's state with the given name, id, and optional extra
499
536
  properties used to qualify the lookup.
@@ -513,6 +550,7 @@ class AuthBackendConfig(pulumi.CustomResource):
513
550
  *Available only for Vault Enterprise*.
514
551
  :param pulumi.Input[Sequence[pulumi.Input[str]]] pem_keys: List of PEM-formatted public keys or certificates used to verify the signatures of Kubernetes service account JWTs. If a certificate is given, its public key will be extracted. Not every installation of Kubernetes exposes these keys.
515
552
  :param pulumi.Input[str] token_reviewer_jwt: A service account JWT (or other token) used as a bearer token to access the TokenReview API to validate other JWTs during login. If not set the JWT used for login will be used to access the API.
553
+ :param pulumi.Input[bool] use_annotations_as_alias_metadata: Use annotations from the client token's associated service account as alias metadata for the Vault entity. Requires Vault `v1.16+` or Vault auth kubernetes plugin `v0.18.0+`
516
554
  """
517
555
  opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
518
556
 
@@ -527,6 +565,7 @@ class AuthBackendConfig(pulumi.CustomResource):
527
565
  __props__.__dict__["namespace"] = namespace
528
566
  __props__.__dict__["pem_keys"] = pem_keys
529
567
  __props__.__dict__["token_reviewer_jwt"] = token_reviewer_jwt
568
+ __props__.__dict__["use_annotations_as_alias_metadata"] = use_annotations_as_alias_metadata
530
569
  return AuthBackendConfig(resource_name, opts=opts, __props__=__props__)
531
570
 
532
571
  @property
@@ -604,3 +643,11 @@ class AuthBackendConfig(pulumi.CustomResource):
604
643
  """
605
644
  return pulumi.get(self, "token_reviewer_jwt")
606
645
 
646
+ @property
647
+ @pulumi.getter(name="useAnnotationsAsAliasMetadata")
648
+ def use_annotations_as_alias_metadata(self) -> pulumi.Output[bool]:
649
+ """
650
+ Use annotations from the client token's associated service account as alias metadata for the Vault entity. Requires Vault `v1.16+` or Vault auth kubernetes plugin `v0.18.0+`
651
+ """
652
+ return pulumi.get(self, "use_annotations_as_alias_metadata")
653
+
pulumi_vault/kubernetes/get_auth_backend_config.py CHANGED
@@ -26,7 +26,7 @@ class GetAuthBackendConfigResult:
26
26
  """
27
27
  A collection of values returned by getAuthBackendConfig.
28
28
  """
29
- def __init__(__self__, backend=None, disable_iss_validation=None, disable_local_ca_jwt=None, id=None, issuer=None, kubernetes_ca_cert=None, kubernetes_host=None, namespace=None, pem_keys=None):
29
+ def __init__(__self__, backend=None, disable_iss_validation=None, disable_local_ca_jwt=None, id=None, issuer=None, kubernetes_ca_cert=None, kubernetes_host=None, namespace=None, pem_keys=None, use_annotations_as_alias_metadata=None):
30
30
  if backend and not isinstance(backend, str):
31
31
  raise TypeError("Expected argument 'backend' to be a str")
32
32
  pulumi.set(__self__, "backend", backend)
@@ -54,6 +54,9 @@ class GetAuthBackendConfigResult:
54
54
  if pem_keys and not isinstance(pem_keys, list):
55
55
  raise TypeError("Expected argument 'pem_keys' to be a list")
56
56
  pulumi.set(__self__, "pem_keys", pem_keys)
57
+ if use_annotations_as_alias_metadata and not isinstance(use_annotations_as_alias_metadata, bool):
58
+ raise TypeError("Expected argument 'use_annotations_as_alias_metadata' to be a bool")
59
+ pulumi.set(__self__, "use_annotations_as_alias_metadata", use_annotations_as_alias_metadata)
57
60
 
58
61
  @property
59
62
  @pulumi.getter
@@ -63,11 +66,17 @@ class GetAuthBackendConfigResult:
63
66
  @property
64
67
  @pulumi.getter(name="disableIssValidation")
65
68
  def disable_iss_validation(self) -> bool:
69
+ """
70
+ (Optional) Disable JWT issuer validation. Allows to skip ISS validation. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
71
+ """
66
72
  return pulumi.get(self, "disable_iss_validation")
67
73
 
68
74
  @property
69
75
  @pulumi.getter(name="disableLocalCaJwt")
70
76
  def disable_local_ca_jwt(self) -> bool:
77
+ """
78
+ (Optional) Disable defaulting to the local CA cert and service account JWT when running in a Kubernetes pod. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
79
+ """
71
80
  return pulumi.get(self, "disable_local_ca_jwt")
72
81
 
73
82
  @property
@@ -115,6 +124,14 @@ class GetAuthBackendConfigResult:
115
124
  """
116
125
  return pulumi.get(self, "pem_keys")
117
126
 
127
+ @property
128
+ @pulumi.getter(name="useAnnotationsAsAliasMetadata")
129
+ def use_annotations_as_alias_metadata(self) -> bool:
130
+ """
131
+ (Optional) Use annotations from the client token's associated service account as alias metadata for the Vault entity. Requires Vault `v1.16+` or Vault auth kubernetes plugin `v0.18.0+`
132
+ """
133
+ return pulumi.get(self, "use_annotations_as_alias_metadata")
134
+
118
135
 
119
136
  class AwaitableGetAuthBackendConfigResult(GetAuthBackendConfigResult):
120
137
  # pylint: disable=using-constant-test
@@ -130,7 +147,8 @@ class AwaitableGetAuthBackendConfigResult(GetAuthBackendConfigResult):
130
147
  kubernetes_ca_cert=self.kubernetes_ca_cert,
131
148
  kubernetes_host=self.kubernetes_host,
132
149
  namespace=self.namespace,
133
- pem_keys=self.pem_keys)
150
+ pem_keys=self.pem_keys,
151
+ use_annotations_as_alias_metadata=self.use_annotations_as_alias_metadata)
134
152
 
135
153
 
136
154
  def get_auth_backend_config(backend: Optional[str] = None,
@@ -141,6 +159,7 @@ def get_auth_backend_config(backend: Optional[str] = None,
141
159
  kubernetes_host: Optional[str] = None,
142
160
  namespace: Optional[str] = None,
143
161
  pem_keys: Optional[Sequence[str]] = None,
162
+ use_annotations_as_alias_metadata: Optional[bool] = None,
144
163
  opts: Optional[pulumi.InvokeOptions] = None) -> AwaitableGetAuthBackendConfigResult:
145
164
  """
146
165
  Reads the Role of an Kubernetes from a Vault server. See the [Vault
@@ -150,6 +169,8 @@ def get_auth_backend_config(backend: Optional[str] = None,
150
169
 
151
170
  :param str backend: The unique name for the Kubernetes backend the config to
152
171
  retrieve Role attributes for resides in. Defaults to "kubernetes".
172
+ :param bool disable_iss_validation: (Optional) Disable JWT issuer validation. Allows to skip ISS validation. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
173
+ :param bool disable_local_ca_jwt: (Optional) Disable defaulting to the local CA cert and service account JWT when running in a Kubernetes pod. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
153
174
  :param str issuer: Optional JWT issuer. If no issuer is specified, `kubernetes.io/serviceaccount` will be used as the default issuer.
154
175
  :param str kubernetes_ca_cert: PEM encoded CA cert for use by the TLS client used to talk with the Kubernetes API.
155
176
  :param str kubernetes_host: Host must be a host string, a host:port pair, or a URL to the base of the Kubernetes API server.
@@ -158,6 +179,7 @@ def get_auth_backend_config(backend: Optional[str] = None,
158
179
  The `namespace` is always relative to the provider's configured namespace.
159
180
  *Available only for Vault Enterprise*.
160
181
  :param Sequence[str] pem_keys: Optional list of PEM-formatted public keys or certificates used to verify the signatures of Kubernetes service account JWTs. If a certificate is given, its public key will be extracted. Not every installation of Kubernetes exposes these keys.
182
+ :param bool use_annotations_as_alias_metadata: (Optional) Use annotations from the client token's associated service account as alias metadata for the Vault entity. Requires Vault `v1.16+` or Vault auth kubernetes plugin `v0.18.0+`
161
183
  """
162
184
  __args__ = dict()
163
185
  __args__['backend'] = backend
@@ -168,6 +190,7 @@ def get_auth_backend_config(backend: Optional[str] = None,
168
190
  __args__['kubernetesHost'] = kubernetes_host
169
191
  __args__['namespace'] = namespace
170
192
  __args__['pemKeys'] = pem_keys
193
+ __args__['useAnnotationsAsAliasMetadata'] = use_annotations_as_alias_metadata
171
194
  opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts)
172
195
  __ret__ = pulumi.runtime.invoke('vault:kubernetes/getAuthBackendConfig:getAuthBackendConfig', __args__, opts=opts, typ=GetAuthBackendConfigResult).value
173
196
 
@@ -180,7 +203,8 @@ def get_auth_backend_config(backend: Optional[str] = None,
180
203
  kubernetes_ca_cert=pulumi.get(__ret__, 'kubernetes_ca_cert'),
181
204
  kubernetes_host=pulumi.get(__ret__, 'kubernetes_host'),
182
205
  namespace=pulumi.get(__ret__, 'namespace'),
183
- pem_keys=pulumi.get(__ret__, 'pem_keys'))
206
+ pem_keys=pulumi.get(__ret__, 'pem_keys'),
207
+ use_annotations_as_alias_metadata=pulumi.get(__ret__, 'use_annotations_as_alias_metadata'))
184
208
  def get_auth_backend_config_output(backend: Optional[pulumi.Input[Optional[str]]] = None,
185
209
  disable_iss_validation: Optional[pulumi.Input[Optional[bool]]] = None,
186
210
  disable_local_ca_jwt: Optional[pulumi.Input[Optional[bool]]] = None,
@@ -189,6 +213,7 @@ def get_auth_backend_config_output(backend: Optional[pulumi.Input[Optional[str]]
189
213
  kubernetes_host: Optional[pulumi.Input[Optional[str]]] = None,
190
214
  namespace: Optional[pulumi.Input[Optional[str]]] = None,
191
215
  pem_keys: Optional[pulumi.Input[Optional[Sequence[str]]]] = None,
216
+ use_annotations_as_alias_metadata: Optional[pulumi.Input[Optional[bool]]] = None,
192
217
  opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetAuthBackendConfigResult]:
193
218
  """
194
219
  Reads the Role of an Kubernetes from a Vault server. See the [Vault
@@ -198,6 +223,8 @@ def get_auth_backend_config_output(backend: Optional[pulumi.Input[Optional[str]]
198
223
 
199
224
  :param str backend: The unique name for the Kubernetes backend the config to
200
225
  retrieve Role attributes for resides in. Defaults to "kubernetes".
226
+ :param bool disable_iss_validation: (Optional) Disable JWT issuer validation. Allows to skip ISS validation. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
227
+ :param bool disable_local_ca_jwt: (Optional) Disable defaulting to the local CA cert and service account JWT when running in a Kubernetes pod. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
201
228
  :param str issuer: Optional JWT issuer. If no issuer is specified, `kubernetes.io/serviceaccount` will be used as the default issuer.
202
229
  :param str kubernetes_ca_cert: PEM encoded CA cert for use by the TLS client used to talk with the Kubernetes API.
203
230
  :param str kubernetes_host: Host must be a host string, a host:port pair, or a URL to the base of the Kubernetes API server.
@@ -206,6 +233,7 @@ def get_auth_backend_config_output(backend: Optional[pulumi.Input[Optional[str]]
206
233
  The `namespace` is always relative to the provider's configured namespace.
207
234
  *Available only for Vault Enterprise*.
208
235
  :param Sequence[str] pem_keys: Optional list of PEM-formatted public keys or certificates used to verify the signatures of Kubernetes service account JWTs. If a certificate is given, its public key will be extracted. Not every installation of Kubernetes exposes these keys.
236
+ :param bool use_annotations_as_alias_metadata: (Optional) Use annotations from the client token's associated service account as alias metadata for the Vault entity. Requires Vault `v1.16+` or Vault auth kubernetes plugin `v0.18.0+`
209
237
  """
210
238
  __args__ = dict()
211
239
  __args__['backend'] = backend
@@ -216,6 +244,7 @@ def get_auth_backend_config_output(backend: Optional[pulumi.Input[Optional[str]]
216
244
  __args__['kubernetesHost'] = kubernetes_host
217
245
  __args__['namespace'] = namespace
218
246
  __args__['pemKeys'] = pem_keys
247
+ __args__['useAnnotationsAsAliasMetadata'] = use_annotations_as_alias_metadata
219
248
  opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts)
220
249
  __ret__ = pulumi.runtime.invoke_output('vault:kubernetes/getAuthBackendConfig:getAuthBackendConfig', __args__, opts=opts, typ=GetAuthBackendConfigResult)
221
250
  return __ret__.apply(lambda __response__: GetAuthBackendConfigResult(
@@ -227,4 +256,5 @@ def get_auth_backend_config_output(backend: Optional[pulumi.Input[Optional[str]]
227
256
  kubernetes_ca_cert=pulumi.get(__response__, 'kubernetes_ca_cert'),
228
257
  kubernetes_host=pulumi.get(__response__, 'kubernetes_host'),
229
258
  namespace=pulumi.get(__response__, 'namespace'),
230
- pem_keys=pulumi.get(__response__, 'pem_keys')))
259
+ pem_keys=pulumi.get(__response__, 'pem_keys'),
260
+ use_annotations_as_alias_metadata=pulumi.get(__response__, 'use_annotations_as_alias_metadata')))
pulumi_vault/kv/get_secret_v2.py CHANGED
@@ -199,7 +199,6 @@ def get_secret_v2(mount: Optional[str] = None,
199
199
  example_secret_v2 = vault.kv.SecretV2("example",
200
200
  mount=kvv2.path,
201
201
  name="secret",
202
- cas=1,
203
202
  delete_all_versions=True,
204
203
  data_json=json.dumps({
205
204
  "zip": "zap",
@@ -269,7 +268,6 @@ def get_secret_v2_output(mount: Optional[pulumi.Input[str]] = None,
269
268
  example_secret_v2 = vault.kv.SecretV2("example",
270
269
  mount=kvv2.path,
271
270
  name="secret",
272
- cas=1,
273
271
  delete_all_versions=True,
274
272
  data_json=json.dumps({
275
273
  "zip": "zap",
pulumi_vault/ldap/auth_backend.py CHANGED
@@ -26,6 +26,7 @@ class AuthBackendArgs:
26
26
  certificate: Optional[pulumi.Input[str]] = None,
27
27
  client_tls_cert: Optional[pulumi.Input[str]] = None,
28
28
  client_tls_key: Optional[pulumi.Input[str]] = None,
29
+ connection_timeout: Optional[pulumi.Input[int]] = None,
29
30
  deny_null_bind: Optional[pulumi.Input[bool]] = None,
30
31
  description: Optional[pulumi.Input[str]] = None,
31
32
  disable_remount: Optional[pulumi.Input[bool]] = None,
@@ -63,6 +64,7 @@ class AuthBackendArgs:
63
64
  :param pulumi.Input[str] bindpass: Password to use with `binddn` when performing user search
64
65
  :param pulumi.Input[bool] case_sensitive_names: Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
65
66
  :param pulumi.Input[str] certificate: Trusted CA to validate TLS certificate
67
+ :param pulumi.Input[int] connection_timeout: Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in `url` (integer: 30)
66
68
  :param pulumi.Input[bool] deny_null_bind: Prevents users from bypassing authentication when providing an empty password.
67
69
  :param pulumi.Input[str] description: Description for the LDAP auth backend mount
68
70
  :param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
@@ -112,6 +114,8 @@ class AuthBackendArgs:
112
114
  pulumi.set(__self__, "client_tls_cert", client_tls_cert)
113
115
  if client_tls_key is not None:
114
116
  pulumi.set(__self__, "client_tls_key", client_tls_key)
117
+ if connection_timeout is not None:
118
+ pulumi.set(__self__, "connection_timeout", connection_timeout)
115
119
  if deny_null_bind is not None:
116
120
  pulumi.set(__self__, "deny_null_bind", deny_null_bind)
117
121
  if description is not None:
@@ -251,6 +255,18 @@ class AuthBackendArgs:
251
255
  def client_tls_key(self, value: Optional[pulumi.Input[str]]):
252
256
  pulumi.set(self, "client_tls_key", value)
253
257
 
258
+ @property
259
+ @pulumi.getter(name="connectionTimeout")
260
+ def connection_timeout(self) -> Optional[pulumi.Input[int]]:
261
+ """
262
+ Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in `url` (integer: 30)
263
+ """
264
+ return pulumi.get(self, "connection_timeout")
265
+
266
+ @connection_timeout.setter
267
+ def connection_timeout(self, value: Optional[pulumi.Input[int]]):
268
+ pulumi.set(self, "connection_timeout", value)
269
+
254
270
  @property
255
271
  @pulumi.getter(name="denyNullBind")
256
272
  def deny_null_bind(self) -> Optional[pulumi.Input[bool]]:
@@ -627,6 +643,7 @@ class _AuthBackendState:
627
643
  certificate: Optional[pulumi.Input[str]] = None,
628
644
  client_tls_cert: Optional[pulumi.Input[str]] = None,
629
645
  client_tls_key: Optional[pulumi.Input[str]] = None,
646
+ connection_timeout: Optional[pulumi.Input[int]] = None,
630
647
  deny_null_bind: Optional[pulumi.Input[bool]] = None,
631
648
  description: Optional[pulumi.Input[str]] = None,
632
649
  disable_remount: Optional[pulumi.Input[bool]] = None,
@@ -665,6 +682,7 @@ class _AuthBackendState:
665
682
  :param pulumi.Input[str] bindpass: Password to use with `binddn` when performing user search
666
683
  :param pulumi.Input[bool] case_sensitive_names: Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
667
684
  :param pulumi.Input[str] certificate: Trusted CA to validate TLS certificate
685
+ :param pulumi.Input[int] connection_timeout: Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in `url` (integer: 30)
668
686
  :param pulumi.Input[bool] deny_null_bind: Prevents users from bypassing authentication when providing an empty password.
669
687
  :param pulumi.Input[str] description: Description for the LDAP auth backend mount
670
688
  :param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
@@ -716,6 +734,8 @@ class _AuthBackendState:
716
734
  pulumi.set(__self__, "client_tls_cert", client_tls_cert)
717
735
  if client_tls_key is not None:
718
736
  pulumi.set(__self__, "client_tls_key", client_tls_key)
737
+ if connection_timeout is not None:
738
+ pulumi.set(__self__, "connection_timeout", connection_timeout)
719
739
  if deny_null_bind is not None:
720
740
  pulumi.set(__self__, "deny_null_bind", deny_null_bind)
721
741
  if description is not None:
@@ -857,6 +877,18 @@ class _AuthBackendState:
857
877
  def client_tls_key(self, value: Optional[pulumi.Input[str]]):
858
878
  pulumi.set(self, "client_tls_key", value)
859
879
 
880
+ @property
881
+ @pulumi.getter(name="connectionTimeout")
882
+ def connection_timeout(self) -> Optional[pulumi.Input[int]]:
883
+ """
884
+ Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in `url` (integer: 30)
885
+ """
886
+ return pulumi.get(self, "connection_timeout")
887
+
888
+ @connection_timeout.setter
889
+ def connection_timeout(self, value: Optional[pulumi.Input[int]]):
890
+ pulumi.set(self, "connection_timeout", value)
891
+
860
892
  @property
861
893
  @pulumi.getter(name="denyNullBind")
862
894
  def deny_null_bind(self) -> Optional[pulumi.Input[bool]]:
@@ -1246,6 +1278,7 @@ class AuthBackend(pulumi.CustomResource):
1246
1278
  certificate: Optional[pulumi.Input[str]] = None,
1247
1279
  client_tls_cert: Optional[pulumi.Input[str]] = None,
1248
1280
  client_tls_key: Optional[pulumi.Input[str]] = None,
1281
+ connection_timeout: Optional[pulumi.Input[int]] = None,
1249
1282
  deny_null_bind: Optional[pulumi.Input[bool]] = None,
1250
1283
  description: Optional[pulumi.Input[str]] = None,
1251
1284
  disable_remount: Optional[pulumi.Input[bool]] = None,
@@ -1312,6 +1345,7 @@ class AuthBackend(pulumi.CustomResource):
1312
1345
  :param pulumi.Input[str] bindpass: Password to use with `binddn` when performing user search
1313
1346
  :param pulumi.Input[bool] case_sensitive_names: Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
1314
1347
  :param pulumi.Input[str] certificate: Trusted CA to validate TLS certificate
1348
+ :param pulumi.Input[int] connection_timeout: Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in `url` (integer: 30)
1315
1349
  :param pulumi.Input[bool] deny_null_bind: Prevents users from bypassing authentication when providing an empty password.
1316
1350
  :param pulumi.Input[str] description: Description for the LDAP auth backend mount
1317
1351
  :param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
@@ -1404,6 +1438,7 @@ class AuthBackend(pulumi.CustomResource):
1404
1438
  certificate: Optional[pulumi.Input[str]] = None,
1405
1439
  client_tls_cert: Optional[pulumi.Input[str]] = None,
1406
1440
  client_tls_key: Optional[pulumi.Input[str]] = None,
1441
+ connection_timeout: Optional[pulumi.Input[int]] = None,
1407
1442
  deny_null_bind: Optional[pulumi.Input[bool]] = None,
1408
1443
  description: Optional[pulumi.Input[str]] = None,
1409
1444
  disable_remount: Optional[pulumi.Input[bool]] = None,
@@ -1450,6 +1485,7 @@ class AuthBackend(pulumi.CustomResource):
1450
1485
  __props__.__dict__["certificate"] = certificate
1451
1486
  __props__.__dict__["client_tls_cert"] = client_tls_cert
1452
1487
  __props__.__dict__["client_tls_key"] = None if client_tls_key is None else pulumi.Output.secret(client_tls_key)
1488
+ __props__.__dict__["connection_timeout"] = connection_timeout
1453
1489
  __props__.__dict__["deny_null_bind"] = deny_null_bind
1454
1490
  __props__.__dict__["description"] = description
1455
1491
  __props__.__dict__["disable_remount"] = disable_remount
@@ -1503,6 +1539,7 @@ class AuthBackend(pulumi.CustomResource):
1503
1539
  certificate: Optional[pulumi.Input[str]] = None,
1504
1540
  client_tls_cert: Optional[pulumi.Input[str]] = None,
1505
1541
  client_tls_key: Optional[pulumi.Input[str]] = None,
1542
+ connection_timeout: Optional[pulumi.Input[int]] = None,
1506
1543
  deny_null_bind: Optional[pulumi.Input[bool]] = None,
1507
1544
  description: Optional[pulumi.Input[str]] = None,
1508
1545
  disable_remount: Optional[pulumi.Input[bool]] = None,
@@ -1546,6 +1583,7 @@ class AuthBackend(pulumi.CustomResource):
1546
1583
  :param pulumi.Input[str] bindpass: Password to use with `binddn` when performing user search
1547
1584
  :param pulumi.Input[bool] case_sensitive_names: Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
1548
1585
  :param pulumi.Input[str] certificate: Trusted CA to validate TLS certificate
1586
+ :param pulumi.Input[int] connection_timeout: Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in `url` (integer: 30)
1549
1587
  :param pulumi.Input[bool] deny_null_bind: Prevents users from bypassing authentication when providing an empty password.
1550
1588
  :param pulumi.Input[str] description: Description for the LDAP auth backend mount
1551
1589
  :param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
@@ -1594,6 +1632,7 @@ class AuthBackend(pulumi.CustomResource):
1594
1632
  __props__.__dict__["certificate"] = certificate
1595
1633
  __props__.__dict__["client_tls_cert"] = client_tls_cert
1596
1634
  __props__.__dict__["client_tls_key"] = client_tls_key
1635
+ __props__.__dict__["connection_timeout"] = connection_timeout
1597
1636
  __props__.__dict__["deny_null_bind"] = deny_null_bind
1598
1637
  __props__.__dict__["description"] = description
1599
1638
  __props__.__dict__["disable_remount"] = disable_remount
@@ -1677,6 +1716,14 @@ class AuthBackend(pulumi.CustomResource):
1677
1716
  def client_tls_key(self) -> pulumi.Output[str]:
1678
1717
  return pulumi.get(self, "client_tls_key")
1679
1718
 
1719
+ @property
1720
+ @pulumi.getter(name="connectionTimeout")
1721
+ def connection_timeout(self) -> pulumi.Output[int]:
1722
+ """
1723
+ Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in `url` (integer: 30)
1724
+ """
1725
+ return pulumi.get(self, "connection_timeout")
1726
+
1680
1727
  @property
1681
1728
  @pulumi.getter(name="denyNullBind")
1682
1729
  def deny_null_bind(self) -> pulumi.Output[bool]:
pulumi_vault/pulumi-plugin.json CHANGED
@@ -1,5 +1,5 @@
1
1
  {
2
2
  "resource": true,
3
3
  "name": "vault",
4
- "version": "6.4.0-alpha.1731738920"
4
+ "version": "6.4.0-alpha.1732100598"
5
5
  }
pulumi_vault/ssh/secret_backend_role.py CHANGED
@@ -25,6 +25,7 @@ class SecretBackendRoleArgs:
25
25
  key_type: pulumi.Input[str],
26
26
  algorithm_signer: Optional[pulumi.Input[str]] = None,
27
27
  allow_bare_domains: Optional[pulumi.Input[bool]] = None,
28
+ allow_empty_principals: Optional[pulumi.Input[bool]] = None,
28
29
  allow_host_certificates: Optional[pulumi.Input[bool]] = None,
29
30
  allow_subdomains: Optional[pulumi.Input[bool]] = None,
30
31
  allow_user_certificates: Optional[pulumi.Input[bool]] = None,
@@ -88,6 +89,8 @@ class SecretBackendRoleArgs:
88
89
  pulumi.set(__self__, "algorithm_signer", algorithm_signer)
89
90
  if allow_bare_domains is not None:
90
91
  pulumi.set(__self__, "allow_bare_domains", allow_bare_domains)
92
+ if allow_empty_principals is not None:
93
+ pulumi.set(__self__, "allow_empty_principals", allow_empty_principals)
91
94
  if allow_host_certificates is not None:
92
95
  pulumi.set(__self__, "allow_host_certificates", allow_host_certificates)
93
96
  if allow_subdomains is not None:
@@ -181,6 +184,15 @@ class SecretBackendRoleArgs:
181
184
  def allow_bare_domains(self, value: Optional[pulumi.Input[bool]]):
182
185
  pulumi.set(self, "allow_bare_domains", value)
183
186
 
187
+ @property
188
+ @pulumi.getter(name="allowEmptyPrincipals")
189
+ def allow_empty_principals(self) -> Optional[pulumi.Input[bool]]:
190
+ return pulumi.get(self, "allow_empty_principals")
191
+
192
+ @allow_empty_principals.setter
193
+ def allow_empty_principals(self, value: Optional[pulumi.Input[bool]]):
194
+ pulumi.set(self, "allow_empty_principals", value)
195
+
184
196
  @property
185
197
  @pulumi.getter(name="allowHostCertificates")
186
198
  def allow_host_certificates(self) -> Optional[pulumi.Input[bool]]:
@@ -457,6 +469,7 @@ class _SecretBackendRoleState:
457
469
  def __init__(__self__, *,
458
470
  algorithm_signer: Optional[pulumi.Input[str]] = None,
459
471
  allow_bare_domains: Optional[pulumi.Input[bool]] = None,
472
+ allow_empty_principals: Optional[pulumi.Input[bool]] = None,
460
473
  allow_host_certificates: Optional[pulumi.Input[bool]] = None,
461
474
  allow_subdomains: Optional[pulumi.Input[bool]] = None,
462
475
  allow_user_certificates: Optional[pulumi.Input[bool]] = None,
@@ -520,6 +533,8 @@ class _SecretBackendRoleState:
520
533
  pulumi.set(__self__, "algorithm_signer", algorithm_signer)
521
534
  if allow_bare_domains is not None:
522
535
  pulumi.set(__self__, "allow_bare_domains", allow_bare_domains)
536
+ if allow_empty_principals is not None:
537
+ pulumi.set(__self__, "allow_empty_principals", allow_empty_principals)
523
538
  if allow_host_certificates is not None:
524
539
  pulumi.set(__self__, "allow_host_certificates", allow_host_certificates)
525
540
  if allow_subdomains is not None:
@@ -593,6 +608,15 @@ class _SecretBackendRoleState:
593
608
  def allow_bare_domains(self, value: Optional[pulumi.Input[bool]]):
594
609
  pulumi.set(self, "allow_bare_domains", value)
595
610
 
611
+ @property
612
+ @pulumi.getter(name="allowEmptyPrincipals")
613
+ def allow_empty_principals(self) -> Optional[pulumi.Input[bool]]:
614
+ return pulumi.get(self, "allow_empty_principals")
615
+
616
+ @allow_empty_principals.setter
617
+ def allow_empty_principals(self, value: Optional[pulumi.Input[bool]]):
618
+ pulumi.set(self, "allow_empty_principals", value)
619
+
596
620
  @property
597
621
  @pulumi.getter(name="allowHostCertificates")
598
622
  def allow_host_certificates(self) -> Optional[pulumi.Input[bool]]:
@@ -895,6 +919,7 @@ class SecretBackendRole(pulumi.CustomResource):
895
919
  opts: Optional[pulumi.ResourceOptions] = None,
896
920
  algorithm_signer: Optional[pulumi.Input[str]] = None,
897
921
  allow_bare_domains: Optional[pulumi.Input[bool]] = None,
922
+ allow_empty_principals: Optional[pulumi.Input[bool]] = None,
898
923
  allow_host_certificates: Optional[pulumi.Input[bool]] = None,
899
924
  allow_subdomains: Optional[pulumi.Input[bool]] = None,
900
925
  allow_user_certificates: Optional[pulumi.Input[bool]] = None,
@@ -1044,6 +1069,7 @@ class SecretBackendRole(pulumi.CustomResource):
1044
1069
  opts: Optional[pulumi.ResourceOptions] = None,
1045
1070
  algorithm_signer: Optional[pulumi.Input[str]] = None,
1046
1071
  allow_bare_domains: Optional[pulumi.Input[bool]] = None,
1072
+ allow_empty_principals: Optional[pulumi.Input[bool]] = None,
1047
1073
  allow_host_certificates: Optional[pulumi.Input[bool]] = None,
1048
1074
  allow_subdomains: Optional[pulumi.Input[bool]] = None,
1049
1075
  allow_user_certificates: Optional[pulumi.Input[bool]] = None,
@@ -1079,6 +1105,7 @@ class SecretBackendRole(pulumi.CustomResource):
1079
1105
 
1080
1106
  __props__.__dict__["algorithm_signer"] = algorithm_signer
1081
1107
  __props__.__dict__["allow_bare_domains"] = allow_bare_domains
1108
+ __props__.__dict__["allow_empty_principals"] = allow_empty_principals
1082
1109
  __props__.__dict__["allow_host_certificates"] = allow_host_certificates
1083
1110
  __props__.__dict__["allow_subdomains"] = allow_subdomains
1084
1111
  __props__.__dict__["allow_user_certificates"] = allow_user_certificates
@@ -1119,6 +1146,7 @@ class SecretBackendRole(pulumi.CustomResource):
1119
1146
  opts: Optional[pulumi.ResourceOptions] = None,
1120
1147
  algorithm_signer: Optional[pulumi.Input[str]] = None,
1121
1148
  allow_bare_domains: Optional[pulumi.Input[bool]] = None,
1149
+ allow_empty_principals: Optional[pulumi.Input[bool]] = None,
1122
1150
  allow_host_certificates: Optional[pulumi.Input[bool]] = None,
1123
1151
  allow_subdomains: Optional[pulumi.Input[bool]] = None,
1124
1152
  allow_user_certificates: Optional[pulumi.Input[bool]] = None,
@@ -1189,6 +1217,7 @@ class SecretBackendRole(pulumi.CustomResource):
1189
1217
 
1190
1218
  __props__.__dict__["algorithm_signer"] = algorithm_signer
1191
1219
  __props__.__dict__["allow_bare_domains"] = allow_bare_domains
1220
+ __props__.__dict__["allow_empty_principals"] = allow_empty_principals
1192
1221
  __props__.__dict__["allow_host_certificates"] = allow_host_certificates
1193
1222
  __props__.__dict__["allow_subdomains"] = allow_subdomains
1194
1223
  __props__.__dict__["allow_user_certificates"] = allow_user_certificates
@@ -1231,6 +1260,11 @@ class SecretBackendRole(pulumi.CustomResource):
1231
1260
  """
1232
1261
  return pulumi.get(self, "allow_bare_domains")
1233
1262
 
1263
+ @property
1264
+ @pulumi.getter(name="allowEmptyPrincipals")
1265
+ def allow_empty_principals(self) -> pulumi.Output[Optional[bool]]:
1266
+ return pulumi.get(self, "allow_empty_principals")
1267
+
1234
1268
  @property
1235
1269
  @pulumi.getter(name="allowHostCertificates")
1236
1270
  def allow_host_certificates(self) -> pulumi.Output[Optional[bool]]:
{pulumi_vault-6.4.0a1731738920.dist-info → pulumi_vault-6.4.0a1732100598.dist-info}/METADATA RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.1
2
2
  Name: pulumi_vault
3
- Version: 6.4.0a1731738920
3
+ Version: 6.4.0a1732100598
4
4
  Summary: A Pulumi package for creating and managing HashiCorp Vault cloud resources.
5
5
  License: Apache-2.0
6
6
  Project-URL: Homepage, https://pulumi.io