pulumi-vault 6.5.0a1736836139__py3-none-any.whl → 6.5.0a1737047276__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +24 -0
- pulumi_vault/aws/auth_backend_sts_role.py +47 -0
- pulumi_vault/aws/secret_backend.py +141 -0
- pulumi_vault/database/_inputs.py +40 -0
- pulumi_vault/database/outputs.py +28 -0
- pulumi_vault/pkisecret/__init__.py +4 -0
- pulumi_vault/pkisecret/_inputs.py +34 -0
- pulumi_vault/pkisecret/backend_acme_eab.py +549 -0
- pulumi_vault/pkisecret/backend_config_acme.py +642 -0
- pulumi_vault/pkisecret/backend_config_cmpv2.py +525 -0
- pulumi_vault/pkisecret/get_backend_config_cmpv2.py +209 -0
- pulumi_vault/pkisecret/outputs.py +40 -0
- pulumi_vault/pkisecret/secret_backend_role.py +47 -0
- pulumi_vault/pulumi-plugin.json +1 -1
- pulumi_vault/ssh/secret_backend_role.py +27 -0
- {pulumi_vault-6.5.0a1736836139.dist-info → pulumi_vault-6.5.0a1737047276.dist-info}/METADATA +1 -1
- {pulumi_vault-6.5.0a1736836139.dist-info → pulumi_vault-6.5.0a1737047276.dist-info}/RECORD +19 -15
- {pulumi_vault-6.5.0a1736836139.dist-info → pulumi_vault-6.5.0a1737047276.dist-info}/WHEEL +0 -0
- {pulumi_vault-6.5.0a1736836139.dist-info → pulumi_vault-6.5.0a1737047276.dist-info}/top_level.txt +0 -0
@@ -0,0 +1,642 @@
|
|
1
|
+
# coding=utf-8
|
2
|
+
# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
|
3
|
+
# *** Do not edit by hand unless you're certain you know what you are doing! ***
|
4
|
+
|
5
|
+
import copy
|
6
|
+
import warnings
|
7
|
+
import sys
|
8
|
+
import pulumi
|
9
|
+
import pulumi.runtime
|
10
|
+
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
15
|
+
from .. import _utilities
|
16
|
+
|
17
|
+
__all__ = ['BackendConfigAcmeArgs', 'BackendConfigAcme']
|
18
|
+
|
19
|
+
@pulumi.input_type
|
20
|
+
class BackendConfigAcmeArgs:
|
21
|
+
def __init__(__self__, *,
|
22
|
+
backend: pulumi.Input[str],
|
23
|
+
enabled: pulumi.Input[bool],
|
24
|
+
allow_role_ext_key_usage: Optional[pulumi.Input[bool]] = None,
|
25
|
+
allowed_issuers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
26
|
+
allowed_roles: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
27
|
+
default_directory_policy: Optional[pulumi.Input[str]] = None,
|
28
|
+
dns_resolver: Optional[pulumi.Input[str]] = None,
|
29
|
+
eab_policy: Optional[pulumi.Input[str]] = None,
|
30
|
+
namespace: Optional[pulumi.Input[str]] = None):
|
31
|
+
"""
|
32
|
+
The set of arguments for constructing a BackendConfigAcme resource.
|
33
|
+
:param pulumi.Input[str] backend: The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
|
34
|
+
:param pulumi.Input[bool] enabled: Specifies whether ACME is enabled.
|
35
|
+
:param pulumi.Input[bool] allow_role_ext_key_usage: Specifies whether the ExtKeyUsage field from a role is used. **Vault 1.14.1+**
|
36
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_issuers: Specifies which issuers are allowed for use with ACME.
|
37
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_roles: Specifies which roles are allowed for use with ACME.
|
38
|
+
:param pulumi.Input[str] default_directory_policy: Specifies the policy to be used for non-role-qualified ACME requests.
|
39
|
+
Allowed values are `forbid`, `sign-verbatim`, `role:<role_name>`, `external-policy` or `external-policy:<policy>`.
|
40
|
+
:param pulumi.Input[str] dns_resolver: DNS resolver to use for domain resolution on this mount.
|
41
|
+
Must be in the format `<host>:<port>`, with both parts mandatory.
|
42
|
+
:param pulumi.Input[str] eab_policy: Specifies the policy to use for external account binding behaviour.
|
43
|
+
Allowed values are `not-required`, `new-account-required` or `always-required`.
|
44
|
+
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
45
|
+
The value should not contain leading or trailing forward slashes.
|
46
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
47
|
+
*Available only for Vault Enterprise*.
|
48
|
+
"""
|
49
|
+
pulumi.set(__self__, "backend", backend)
|
50
|
+
pulumi.set(__self__, "enabled", enabled)
|
51
|
+
if allow_role_ext_key_usage is not None:
|
52
|
+
pulumi.set(__self__, "allow_role_ext_key_usage", allow_role_ext_key_usage)
|
53
|
+
if allowed_issuers is not None:
|
54
|
+
pulumi.set(__self__, "allowed_issuers", allowed_issuers)
|
55
|
+
if allowed_roles is not None:
|
56
|
+
pulumi.set(__self__, "allowed_roles", allowed_roles)
|
57
|
+
if default_directory_policy is not None:
|
58
|
+
pulumi.set(__self__, "default_directory_policy", default_directory_policy)
|
59
|
+
if dns_resolver is not None:
|
60
|
+
pulumi.set(__self__, "dns_resolver", dns_resolver)
|
61
|
+
if eab_policy is not None:
|
62
|
+
pulumi.set(__self__, "eab_policy", eab_policy)
|
63
|
+
if namespace is not None:
|
64
|
+
pulumi.set(__self__, "namespace", namespace)
|
65
|
+
|
66
|
+
@property
|
67
|
+
@pulumi.getter
|
68
|
+
def backend(self) -> pulumi.Input[str]:
|
69
|
+
"""
|
70
|
+
The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
|
71
|
+
"""
|
72
|
+
return pulumi.get(self, "backend")
|
73
|
+
|
74
|
+
@backend.setter
|
75
|
+
def backend(self, value: pulumi.Input[str]):
|
76
|
+
pulumi.set(self, "backend", value)
|
77
|
+
|
78
|
+
@property
|
79
|
+
@pulumi.getter
|
80
|
+
def enabled(self) -> pulumi.Input[bool]:
|
81
|
+
"""
|
82
|
+
Specifies whether ACME is enabled.
|
83
|
+
"""
|
84
|
+
return pulumi.get(self, "enabled")
|
85
|
+
|
86
|
+
@enabled.setter
|
87
|
+
def enabled(self, value: pulumi.Input[bool]):
|
88
|
+
pulumi.set(self, "enabled", value)
|
89
|
+
|
90
|
+
@property
|
91
|
+
@pulumi.getter(name="allowRoleExtKeyUsage")
|
92
|
+
def allow_role_ext_key_usage(self) -> Optional[pulumi.Input[bool]]:
|
93
|
+
"""
|
94
|
+
Specifies whether the ExtKeyUsage field from a role is used. **Vault 1.14.1+**
|
95
|
+
"""
|
96
|
+
return pulumi.get(self, "allow_role_ext_key_usage")
|
97
|
+
|
98
|
+
@allow_role_ext_key_usage.setter
|
99
|
+
def allow_role_ext_key_usage(self, value: Optional[pulumi.Input[bool]]):
|
100
|
+
pulumi.set(self, "allow_role_ext_key_usage", value)
|
101
|
+
|
102
|
+
@property
|
103
|
+
@pulumi.getter(name="allowedIssuers")
|
104
|
+
def allowed_issuers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
105
|
+
"""
|
106
|
+
Specifies which issuers are allowed for use with ACME.
|
107
|
+
"""
|
108
|
+
return pulumi.get(self, "allowed_issuers")
|
109
|
+
|
110
|
+
@allowed_issuers.setter
|
111
|
+
def allowed_issuers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
112
|
+
pulumi.set(self, "allowed_issuers", value)
|
113
|
+
|
114
|
+
@property
|
115
|
+
@pulumi.getter(name="allowedRoles")
|
116
|
+
def allowed_roles(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
117
|
+
"""
|
118
|
+
Specifies which roles are allowed for use with ACME.
|
119
|
+
"""
|
120
|
+
return pulumi.get(self, "allowed_roles")
|
121
|
+
|
122
|
+
@allowed_roles.setter
|
123
|
+
def allowed_roles(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
124
|
+
pulumi.set(self, "allowed_roles", value)
|
125
|
+
|
126
|
+
@property
|
127
|
+
@pulumi.getter(name="defaultDirectoryPolicy")
|
128
|
+
def default_directory_policy(self) -> Optional[pulumi.Input[str]]:
|
129
|
+
"""
|
130
|
+
Specifies the policy to be used for non-role-qualified ACME requests.
|
131
|
+
Allowed values are `forbid`, `sign-verbatim`, `role:<role_name>`, `external-policy` or `external-policy:<policy>`.
|
132
|
+
"""
|
133
|
+
return pulumi.get(self, "default_directory_policy")
|
134
|
+
|
135
|
+
@default_directory_policy.setter
|
136
|
+
def default_directory_policy(self, value: Optional[pulumi.Input[str]]):
|
137
|
+
pulumi.set(self, "default_directory_policy", value)
|
138
|
+
|
139
|
+
@property
|
140
|
+
@pulumi.getter(name="dnsResolver")
|
141
|
+
def dns_resolver(self) -> Optional[pulumi.Input[str]]:
|
142
|
+
"""
|
143
|
+
DNS resolver to use for domain resolution on this mount.
|
144
|
+
Must be in the format `<host>:<port>`, with both parts mandatory.
|
145
|
+
"""
|
146
|
+
return pulumi.get(self, "dns_resolver")
|
147
|
+
|
148
|
+
@dns_resolver.setter
|
149
|
+
def dns_resolver(self, value: Optional[pulumi.Input[str]]):
|
150
|
+
pulumi.set(self, "dns_resolver", value)
|
151
|
+
|
152
|
+
@property
|
153
|
+
@pulumi.getter(name="eabPolicy")
|
154
|
+
def eab_policy(self) -> Optional[pulumi.Input[str]]:
|
155
|
+
"""
|
156
|
+
Specifies the policy to use for external account binding behaviour.
|
157
|
+
Allowed values are `not-required`, `new-account-required` or `always-required`.
|
158
|
+
"""
|
159
|
+
return pulumi.get(self, "eab_policy")
|
160
|
+
|
161
|
+
@eab_policy.setter
|
162
|
+
def eab_policy(self, value: Optional[pulumi.Input[str]]):
|
163
|
+
pulumi.set(self, "eab_policy", value)
|
164
|
+
|
165
|
+
@property
|
166
|
+
@pulumi.getter
|
167
|
+
def namespace(self) -> Optional[pulumi.Input[str]]:
|
168
|
+
"""
|
169
|
+
The namespace to provision the resource in.
|
170
|
+
The value should not contain leading or trailing forward slashes.
|
171
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
172
|
+
*Available only for Vault Enterprise*.
|
173
|
+
"""
|
174
|
+
return pulumi.get(self, "namespace")
|
175
|
+
|
176
|
+
@namespace.setter
|
177
|
+
def namespace(self, value: Optional[pulumi.Input[str]]):
|
178
|
+
pulumi.set(self, "namespace", value)
|
179
|
+
|
180
|
+
|
181
|
+
@pulumi.input_type
|
182
|
+
class _BackendConfigAcmeState:
|
183
|
+
def __init__(__self__, *,
|
184
|
+
allow_role_ext_key_usage: Optional[pulumi.Input[bool]] = None,
|
185
|
+
allowed_issuers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
186
|
+
allowed_roles: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
187
|
+
backend: Optional[pulumi.Input[str]] = None,
|
188
|
+
default_directory_policy: Optional[pulumi.Input[str]] = None,
|
189
|
+
dns_resolver: Optional[pulumi.Input[str]] = None,
|
190
|
+
eab_policy: Optional[pulumi.Input[str]] = None,
|
191
|
+
enabled: Optional[pulumi.Input[bool]] = None,
|
192
|
+
namespace: Optional[pulumi.Input[str]] = None):
|
193
|
+
"""
|
194
|
+
Input properties used for looking up and filtering BackendConfigAcme resources.
|
195
|
+
:param pulumi.Input[bool] allow_role_ext_key_usage: Specifies whether the ExtKeyUsage field from a role is used. **Vault 1.14.1+**
|
196
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_issuers: Specifies which issuers are allowed for use with ACME.
|
197
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_roles: Specifies which roles are allowed for use with ACME.
|
198
|
+
:param pulumi.Input[str] backend: The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
|
199
|
+
:param pulumi.Input[str] default_directory_policy: Specifies the policy to be used for non-role-qualified ACME requests.
|
200
|
+
Allowed values are `forbid`, `sign-verbatim`, `role:<role_name>`, `external-policy` or `external-policy:<policy>`.
|
201
|
+
:param pulumi.Input[str] dns_resolver: DNS resolver to use for domain resolution on this mount.
|
202
|
+
Must be in the format `<host>:<port>`, with both parts mandatory.
|
203
|
+
:param pulumi.Input[str] eab_policy: Specifies the policy to use for external account binding behaviour.
|
204
|
+
Allowed values are `not-required`, `new-account-required` or `always-required`.
|
205
|
+
:param pulumi.Input[bool] enabled: Specifies whether ACME is enabled.
|
206
|
+
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
207
|
+
The value should not contain leading or trailing forward slashes.
|
208
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
209
|
+
*Available only for Vault Enterprise*.
|
210
|
+
"""
|
211
|
+
if allow_role_ext_key_usage is not None:
|
212
|
+
pulumi.set(__self__, "allow_role_ext_key_usage", allow_role_ext_key_usage)
|
213
|
+
if allowed_issuers is not None:
|
214
|
+
pulumi.set(__self__, "allowed_issuers", allowed_issuers)
|
215
|
+
if allowed_roles is not None:
|
216
|
+
pulumi.set(__self__, "allowed_roles", allowed_roles)
|
217
|
+
if backend is not None:
|
218
|
+
pulumi.set(__self__, "backend", backend)
|
219
|
+
if default_directory_policy is not None:
|
220
|
+
pulumi.set(__self__, "default_directory_policy", default_directory_policy)
|
221
|
+
if dns_resolver is not None:
|
222
|
+
pulumi.set(__self__, "dns_resolver", dns_resolver)
|
223
|
+
if eab_policy is not None:
|
224
|
+
pulumi.set(__self__, "eab_policy", eab_policy)
|
225
|
+
if enabled is not None:
|
226
|
+
pulumi.set(__self__, "enabled", enabled)
|
227
|
+
if namespace is not None:
|
228
|
+
pulumi.set(__self__, "namespace", namespace)
|
229
|
+
|
230
|
+
@property
|
231
|
+
@pulumi.getter(name="allowRoleExtKeyUsage")
|
232
|
+
def allow_role_ext_key_usage(self) -> Optional[pulumi.Input[bool]]:
|
233
|
+
"""
|
234
|
+
Specifies whether the ExtKeyUsage field from a role is used. **Vault 1.14.1+**
|
235
|
+
"""
|
236
|
+
return pulumi.get(self, "allow_role_ext_key_usage")
|
237
|
+
|
238
|
+
@allow_role_ext_key_usage.setter
|
239
|
+
def allow_role_ext_key_usage(self, value: Optional[pulumi.Input[bool]]):
|
240
|
+
pulumi.set(self, "allow_role_ext_key_usage", value)
|
241
|
+
|
242
|
+
@property
|
243
|
+
@pulumi.getter(name="allowedIssuers")
|
244
|
+
def allowed_issuers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
245
|
+
"""
|
246
|
+
Specifies which issuers are allowed for use with ACME.
|
247
|
+
"""
|
248
|
+
return pulumi.get(self, "allowed_issuers")
|
249
|
+
|
250
|
+
@allowed_issuers.setter
|
251
|
+
def allowed_issuers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
252
|
+
pulumi.set(self, "allowed_issuers", value)
|
253
|
+
|
254
|
+
@property
|
255
|
+
@pulumi.getter(name="allowedRoles")
|
256
|
+
def allowed_roles(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
257
|
+
"""
|
258
|
+
Specifies which roles are allowed for use with ACME.
|
259
|
+
"""
|
260
|
+
return pulumi.get(self, "allowed_roles")
|
261
|
+
|
262
|
+
@allowed_roles.setter
|
263
|
+
def allowed_roles(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
264
|
+
pulumi.set(self, "allowed_roles", value)
|
265
|
+
|
266
|
+
@property
|
267
|
+
@pulumi.getter
|
268
|
+
def backend(self) -> Optional[pulumi.Input[str]]:
|
269
|
+
"""
|
270
|
+
The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
|
271
|
+
"""
|
272
|
+
return pulumi.get(self, "backend")
|
273
|
+
|
274
|
+
@backend.setter
|
275
|
+
def backend(self, value: Optional[pulumi.Input[str]]):
|
276
|
+
pulumi.set(self, "backend", value)
|
277
|
+
|
278
|
+
@property
|
279
|
+
@pulumi.getter(name="defaultDirectoryPolicy")
|
280
|
+
def default_directory_policy(self) -> Optional[pulumi.Input[str]]:
|
281
|
+
"""
|
282
|
+
Specifies the policy to be used for non-role-qualified ACME requests.
|
283
|
+
Allowed values are `forbid`, `sign-verbatim`, `role:<role_name>`, `external-policy` or `external-policy:<policy>`.
|
284
|
+
"""
|
285
|
+
return pulumi.get(self, "default_directory_policy")
|
286
|
+
|
287
|
+
@default_directory_policy.setter
|
288
|
+
def default_directory_policy(self, value: Optional[pulumi.Input[str]]):
|
289
|
+
pulumi.set(self, "default_directory_policy", value)
|
290
|
+
|
291
|
+
@property
|
292
|
+
@pulumi.getter(name="dnsResolver")
|
293
|
+
def dns_resolver(self) -> Optional[pulumi.Input[str]]:
|
294
|
+
"""
|
295
|
+
DNS resolver to use for domain resolution on this mount.
|
296
|
+
Must be in the format `<host>:<port>`, with both parts mandatory.
|
297
|
+
"""
|
298
|
+
return pulumi.get(self, "dns_resolver")
|
299
|
+
|
300
|
+
@dns_resolver.setter
|
301
|
+
def dns_resolver(self, value: Optional[pulumi.Input[str]]):
|
302
|
+
pulumi.set(self, "dns_resolver", value)
|
303
|
+
|
304
|
+
@property
|
305
|
+
@pulumi.getter(name="eabPolicy")
|
306
|
+
def eab_policy(self) -> Optional[pulumi.Input[str]]:
|
307
|
+
"""
|
308
|
+
Specifies the policy to use for external account binding behaviour.
|
309
|
+
Allowed values are `not-required`, `new-account-required` or `always-required`.
|
310
|
+
"""
|
311
|
+
return pulumi.get(self, "eab_policy")
|
312
|
+
|
313
|
+
@eab_policy.setter
|
314
|
+
def eab_policy(self, value: Optional[pulumi.Input[str]]):
|
315
|
+
pulumi.set(self, "eab_policy", value)
|
316
|
+
|
317
|
+
@property
|
318
|
+
@pulumi.getter
|
319
|
+
def enabled(self) -> Optional[pulumi.Input[bool]]:
|
320
|
+
"""
|
321
|
+
Specifies whether ACME is enabled.
|
322
|
+
"""
|
323
|
+
return pulumi.get(self, "enabled")
|
324
|
+
|
325
|
+
@enabled.setter
|
326
|
+
def enabled(self, value: Optional[pulumi.Input[bool]]):
|
327
|
+
pulumi.set(self, "enabled", value)
|
328
|
+
|
329
|
+
@property
|
330
|
+
@pulumi.getter
|
331
|
+
def namespace(self) -> Optional[pulumi.Input[str]]:
|
332
|
+
"""
|
333
|
+
The namespace to provision the resource in.
|
334
|
+
The value should not contain leading or trailing forward slashes.
|
335
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
336
|
+
*Available only for Vault Enterprise*.
|
337
|
+
"""
|
338
|
+
return pulumi.get(self, "namespace")
|
339
|
+
|
340
|
+
@namespace.setter
|
341
|
+
def namespace(self, value: Optional[pulumi.Input[str]]):
|
342
|
+
pulumi.set(self, "namespace", value)
|
343
|
+
|
344
|
+
|
345
|
+
class BackendConfigAcme(pulumi.CustomResource):
|
346
|
+
@overload
|
347
|
+
def __init__(__self__,
|
348
|
+
resource_name: str,
|
349
|
+
opts: Optional[pulumi.ResourceOptions] = None,
|
350
|
+
allow_role_ext_key_usage: Optional[pulumi.Input[bool]] = None,
|
351
|
+
allowed_issuers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
352
|
+
allowed_roles: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
353
|
+
backend: Optional[pulumi.Input[str]] = None,
|
354
|
+
default_directory_policy: Optional[pulumi.Input[str]] = None,
|
355
|
+
dns_resolver: Optional[pulumi.Input[str]] = None,
|
356
|
+
eab_policy: Optional[pulumi.Input[str]] = None,
|
357
|
+
enabled: Optional[pulumi.Input[bool]] = None,
|
358
|
+
namespace: Optional[pulumi.Input[str]] = None,
|
359
|
+
__props__=None):
|
360
|
+
"""
|
361
|
+
Allows setting the ACME server configuration used by specified mount.
|
362
|
+
|
363
|
+
## Example Usage
|
364
|
+
|
365
|
+
```python
|
366
|
+
import pulumi
|
367
|
+
import pulumi_vault as vault
|
368
|
+
|
369
|
+
pki = vault.Mount("pki",
|
370
|
+
path="pki",
|
371
|
+
type="pki",
|
372
|
+
default_lease_ttl_seconds=3600,
|
373
|
+
max_lease_ttl_seconds=86400)
|
374
|
+
pki_config_cluster = vault.pki_secret.BackendConfigCluster("pki_config_cluster",
|
375
|
+
backend=pki.path,
|
376
|
+
path="http://127.0.0.1:8200/v1/pki",
|
377
|
+
aia_path="http://127.0.0.1:8200/v1/pki")
|
378
|
+
example = vault.pki_secret.BackendConfigAcme("example",
|
379
|
+
backend=pki.path,
|
380
|
+
enabled=True,
|
381
|
+
allowed_issuers=["*"],
|
382
|
+
allowed_roles=["*"],
|
383
|
+
allow_role_ext_key_usage=False,
|
384
|
+
default_directory_policy="sign-verbatim",
|
385
|
+
dns_resolver="",
|
386
|
+
eab_policy="not-required")
|
387
|
+
```
|
388
|
+
|
389
|
+
## Import
|
390
|
+
|
391
|
+
The ACME configuration can be imported using the resource's `id`.
|
392
|
+
In the case of the example above the `id` would be `pki/config/acme`,
|
393
|
+
where the `pki` component is the resource's `backend`, e.g.
|
394
|
+
|
395
|
+
```sh
|
396
|
+
$ pulumi import vault:pkiSecret/backendConfigAcme:BackendConfigAcme example pki/config/acme
|
397
|
+
```
|
398
|
+
|
399
|
+
:param str resource_name: The name of the resource.
|
400
|
+
:param pulumi.ResourceOptions opts: Options for the resource.
|
401
|
+
:param pulumi.Input[bool] allow_role_ext_key_usage: Specifies whether the ExtKeyUsage field from a role is used. **Vault 1.14.1+**
|
402
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_issuers: Specifies which issuers are allowed for use with ACME.
|
403
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_roles: Specifies which roles are allowed for use with ACME.
|
404
|
+
:param pulumi.Input[str] backend: The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
|
405
|
+
:param pulumi.Input[str] default_directory_policy: Specifies the policy to be used for non-role-qualified ACME requests.
|
406
|
+
Allowed values are `forbid`, `sign-verbatim`, `role:<role_name>`, `external-policy` or `external-policy:<policy>`.
|
407
|
+
:param pulumi.Input[str] dns_resolver: DNS resolver to use for domain resolution on this mount.
|
408
|
+
Must be in the format `<host>:<port>`, with both parts mandatory.
|
409
|
+
:param pulumi.Input[str] eab_policy: Specifies the policy to use for external account binding behaviour.
|
410
|
+
Allowed values are `not-required`, `new-account-required` or `always-required`.
|
411
|
+
:param pulumi.Input[bool] enabled: Specifies whether ACME is enabled.
|
412
|
+
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
413
|
+
The value should not contain leading or trailing forward slashes.
|
414
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
415
|
+
*Available only for Vault Enterprise*.
|
416
|
+
"""
|
417
|
+
...
|
418
|
+
@overload
|
419
|
+
def __init__(__self__,
|
420
|
+
resource_name: str,
|
421
|
+
args: BackendConfigAcmeArgs,
|
422
|
+
opts: Optional[pulumi.ResourceOptions] = None):
|
423
|
+
"""
|
424
|
+
Allows setting the ACME server configuration used by specified mount.
|
425
|
+
|
426
|
+
## Example Usage
|
427
|
+
|
428
|
+
```python
|
429
|
+
import pulumi
|
430
|
+
import pulumi_vault as vault
|
431
|
+
|
432
|
+
pki = vault.Mount("pki",
|
433
|
+
path="pki",
|
434
|
+
type="pki",
|
435
|
+
default_lease_ttl_seconds=3600,
|
436
|
+
max_lease_ttl_seconds=86400)
|
437
|
+
pki_config_cluster = vault.pki_secret.BackendConfigCluster("pki_config_cluster",
|
438
|
+
backend=pki.path,
|
439
|
+
path="http://127.0.0.1:8200/v1/pki",
|
440
|
+
aia_path="http://127.0.0.1:8200/v1/pki")
|
441
|
+
example = vault.pki_secret.BackendConfigAcme("example",
|
442
|
+
backend=pki.path,
|
443
|
+
enabled=True,
|
444
|
+
allowed_issuers=["*"],
|
445
|
+
allowed_roles=["*"],
|
446
|
+
allow_role_ext_key_usage=False,
|
447
|
+
default_directory_policy="sign-verbatim",
|
448
|
+
dns_resolver="",
|
449
|
+
eab_policy="not-required")
|
450
|
+
```
|
451
|
+
|
452
|
+
## Import
|
453
|
+
|
454
|
+
The ACME configuration can be imported using the resource's `id`.
|
455
|
+
In the case of the example above the `id` would be `pki/config/acme`,
|
456
|
+
where the `pki` component is the resource's `backend`, e.g.
|
457
|
+
|
458
|
+
```sh
|
459
|
+
$ pulumi import vault:pkiSecret/backendConfigAcme:BackendConfigAcme example pki/config/acme
|
460
|
+
```
|
461
|
+
|
462
|
+
:param str resource_name: The name of the resource.
|
463
|
+
:param BackendConfigAcmeArgs args: The arguments to use to populate this resource's properties.
|
464
|
+
:param pulumi.ResourceOptions opts: Options for the resource.
|
465
|
+
"""
|
466
|
+
...
|
467
|
+
def __init__(__self__, resource_name: str, *args, **kwargs):
|
468
|
+
resource_args, opts = _utilities.get_resource_args_opts(BackendConfigAcmeArgs, pulumi.ResourceOptions, *args, **kwargs)
|
469
|
+
if resource_args is not None:
|
470
|
+
__self__._internal_init(resource_name, opts, **resource_args.__dict__)
|
471
|
+
else:
|
472
|
+
__self__._internal_init(resource_name, *args, **kwargs)
|
473
|
+
|
474
|
+
def _internal_init(__self__,
|
475
|
+
resource_name: str,
|
476
|
+
opts: Optional[pulumi.ResourceOptions] = None,
|
477
|
+
allow_role_ext_key_usage: Optional[pulumi.Input[bool]] = None,
|
478
|
+
allowed_issuers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
479
|
+
allowed_roles: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
480
|
+
backend: Optional[pulumi.Input[str]] = None,
|
481
|
+
default_directory_policy: Optional[pulumi.Input[str]] = None,
|
482
|
+
dns_resolver: Optional[pulumi.Input[str]] = None,
|
483
|
+
eab_policy: Optional[pulumi.Input[str]] = None,
|
484
|
+
enabled: Optional[pulumi.Input[bool]] = None,
|
485
|
+
namespace: Optional[pulumi.Input[str]] = None,
|
486
|
+
__props__=None):
|
487
|
+
opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
|
488
|
+
if not isinstance(opts, pulumi.ResourceOptions):
|
489
|
+
raise TypeError('Expected resource options to be a ResourceOptions instance')
|
490
|
+
if opts.id is None:
|
491
|
+
if __props__ is not None:
|
492
|
+
raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource')
|
493
|
+
__props__ = BackendConfigAcmeArgs.__new__(BackendConfigAcmeArgs)
|
494
|
+
|
495
|
+
__props__.__dict__["allow_role_ext_key_usage"] = allow_role_ext_key_usage
|
496
|
+
__props__.__dict__["allowed_issuers"] = allowed_issuers
|
497
|
+
__props__.__dict__["allowed_roles"] = allowed_roles
|
498
|
+
if backend is None and not opts.urn:
|
499
|
+
raise TypeError("Missing required property 'backend'")
|
500
|
+
__props__.__dict__["backend"] = backend
|
501
|
+
__props__.__dict__["default_directory_policy"] = default_directory_policy
|
502
|
+
__props__.__dict__["dns_resolver"] = dns_resolver
|
503
|
+
__props__.__dict__["eab_policy"] = eab_policy
|
504
|
+
if enabled is None and not opts.urn:
|
505
|
+
raise TypeError("Missing required property 'enabled'")
|
506
|
+
__props__.__dict__["enabled"] = enabled
|
507
|
+
__props__.__dict__["namespace"] = namespace
|
508
|
+
super(BackendConfigAcme, __self__).__init__(
|
509
|
+
'vault:pkiSecret/backendConfigAcme:BackendConfigAcme',
|
510
|
+
resource_name,
|
511
|
+
__props__,
|
512
|
+
opts)
|
513
|
+
|
514
|
+
@staticmethod
|
515
|
+
def get(resource_name: str,
|
516
|
+
id: pulumi.Input[str],
|
517
|
+
opts: Optional[pulumi.ResourceOptions] = None,
|
518
|
+
allow_role_ext_key_usage: Optional[pulumi.Input[bool]] = None,
|
519
|
+
allowed_issuers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
520
|
+
allowed_roles: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
521
|
+
backend: Optional[pulumi.Input[str]] = None,
|
522
|
+
default_directory_policy: Optional[pulumi.Input[str]] = None,
|
523
|
+
dns_resolver: Optional[pulumi.Input[str]] = None,
|
524
|
+
eab_policy: Optional[pulumi.Input[str]] = None,
|
525
|
+
enabled: Optional[pulumi.Input[bool]] = None,
|
526
|
+
namespace: Optional[pulumi.Input[str]] = None) -> 'BackendConfigAcme':
|
527
|
+
"""
|
528
|
+
Get an existing BackendConfigAcme resource's state with the given name, id, and optional extra
|
529
|
+
properties used to qualify the lookup.
|
530
|
+
|
531
|
+
:param str resource_name: The unique name of the resulting resource.
|
532
|
+
:param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
|
533
|
+
:param pulumi.ResourceOptions opts: Options for the resource.
|
534
|
+
:param pulumi.Input[bool] allow_role_ext_key_usage: Specifies whether the ExtKeyUsage field from a role is used. **Vault 1.14.1+**
|
535
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_issuers: Specifies which issuers are allowed for use with ACME.
|
536
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_roles: Specifies which roles are allowed for use with ACME.
|
537
|
+
:param pulumi.Input[str] backend: The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
|
538
|
+
:param pulumi.Input[str] default_directory_policy: Specifies the policy to be used for non-role-qualified ACME requests.
|
539
|
+
Allowed values are `forbid`, `sign-verbatim`, `role:<role_name>`, `external-policy` or `external-policy:<policy>`.
|
540
|
+
:param pulumi.Input[str] dns_resolver: DNS resolver to use for domain resolution on this mount.
|
541
|
+
Must be in the format `<host>:<port>`, with both parts mandatory.
|
542
|
+
:param pulumi.Input[str] eab_policy: Specifies the policy to use for external account binding behaviour.
|
543
|
+
Allowed values are `not-required`, `new-account-required` or `always-required`.
|
544
|
+
:param pulumi.Input[bool] enabled: Specifies whether ACME is enabled.
|
545
|
+
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
546
|
+
The value should not contain leading or trailing forward slashes.
|
547
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
548
|
+
*Available only for Vault Enterprise*.
|
549
|
+
"""
|
550
|
+
opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
|
551
|
+
|
552
|
+
__props__ = _BackendConfigAcmeState.__new__(_BackendConfigAcmeState)
|
553
|
+
|
554
|
+
__props__.__dict__["allow_role_ext_key_usage"] = allow_role_ext_key_usage
|
555
|
+
__props__.__dict__["allowed_issuers"] = allowed_issuers
|
556
|
+
__props__.__dict__["allowed_roles"] = allowed_roles
|
557
|
+
__props__.__dict__["backend"] = backend
|
558
|
+
__props__.__dict__["default_directory_policy"] = default_directory_policy
|
559
|
+
__props__.__dict__["dns_resolver"] = dns_resolver
|
560
|
+
__props__.__dict__["eab_policy"] = eab_policy
|
561
|
+
__props__.__dict__["enabled"] = enabled
|
562
|
+
__props__.__dict__["namespace"] = namespace
|
563
|
+
return BackendConfigAcme(resource_name, opts=opts, __props__=__props__)
|
564
|
+
|
565
|
+
@property
|
566
|
+
@pulumi.getter(name="allowRoleExtKeyUsage")
|
567
|
+
def allow_role_ext_key_usage(self) -> pulumi.Output[Optional[bool]]:
|
568
|
+
"""
|
569
|
+
Specifies whether the ExtKeyUsage field from a role is used. **Vault 1.14.1+**
|
570
|
+
"""
|
571
|
+
return pulumi.get(self, "allow_role_ext_key_usage")
|
572
|
+
|
573
|
+
@property
|
574
|
+
@pulumi.getter(name="allowedIssuers")
|
575
|
+
def allowed_issuers(self) -> pulumi.Output[Sequence[str]]:
|
576
|
+
"""
|
577
|
+
Specifies which issuers are allowed for use with ACME.
|
578
|
+
"""
|
579
|
+
return pulumi.get(self, "allowed_issuers")
|
580
|
+
|
581
|
+
@property
|
582
|
+
@pulumi.getter(name="allowedRoles")
|
583
|
+
def allowed_roles(self) -> pulumi.Output[Sequence[str]]:
|
584
|
+
"""
|
585
|
+
Specifies which roles are allowed for use with ACME.
|
586
|
+
"""
|
587
|
+
return pulumi.get(self, "allowed_roles")
|
588
|
+
|
589
|
+
@property
|
590
|
+
@pulumi.getter
|
591
|
+
def backend(self) -> pulumi.Output[str]:
|
592
|
+
"""
|
593
|
+
The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
|
594
|
+
"""
|
595
|
+
return pulumi.get(self, "backend")
|
596
|
+
|
597
|
+
@property
|
598
|
+
@pulumi.getter(name="defaultDirectoryPolicy")
|
599
|
+
def default_directory_policy(self) -> pulumi.Output[str]:
|
600
|
+
"""
|
601
|
+
Specifies the policy to be used for non-role-qualified ACME requests.
|
602
|
+
Allowed values are `forbid`, `sign-verbatim`, `role:<role_name>`, `external-policy` or `external-policy:<policy>`.
|
603
|
+
"""
|
604
|
+
return pulumi.get(self, "default_directory_policy")
|
605
|
+
|
606
|
+
@property
|
607
|
+
@pulumi.getter(name="dnsResolver")
|
608
|
+
def dns_resolver(self) -> pulumi.Output[Optional[str]]:
|
609
|
+
"""
|
610
|
+
DNS resolver to use for domain resolution on this mount.
|
611
|
+
Must be in the format `<host>:<port>`, with both parts mandatory.
|
612
|
+
"""
|
613
|
+
return pulumi.get(self, "dns_resolver")
|
614
|
+
|
615
|
+
@property
|
616
|
+
@pulumi.getter(name="eabPolicy")
|
617
|
+
def eab_policy(self) -> pulumi.Output[str]:
|
618
|
+
"""
|
619
|
+
Specifies the policy to use for external account binding behaviour.
|
620
|
+
Allowed values are `not-required`, `new-account-required` or `always-required`.
|
621
|
+
"""
|
622
|
+
return pulumi.get(self, "eab_policy")
|
623
|
+
|
624
|
+
@property
|
625
|
+
@pulumi.getter
|
626
|
+
def enabled(self) -> pulumi.Output[bool]:
|
627
|
+
"""
|
628
|
+
Specifies whether ACME is enabled.
|
629
|
+
"""
|
630
|
+
return pulumi.get(self, "enabled")
|
631
|
+
|
632
|
+
@property
|
633
|
+
@pulumi.getter
|
634
|
+
def namespace(self) -> pulumi.Output[Optional[str]]:
|
635
|
+
"""
|
636
|
+
The namespace to provision the resource in.
|
637
|
+
The value should not contain leading or trailing forward slashes.
|
638
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
639
|
+
*Available only for Vault Enterprise*.
|
640
|
+
"""
|
641
|
+
return pulumi.get(self, "namespace")
|
642
|
+
|