pulumi-vault 6.5.0a1736850018__py3-none-any.whl → 6.6.0__py3-none-any.whl

pulumi_vault/ssh/secret_backend_role.py

@@ -54,6 +54,9 @@ class SecretBackendRoleArgs:
         :param pulumi.Input[str] key_type: Specifies the type of credentials generated by this role. This can be either `otp`, `dynamic` or `ca`.
         :param pulumi.Input[str] algorithm_signer: When supplied, this value specifies a signing algorithm for the key. Possible values: ssh-rsa, rsa-sha2-256, rsa-sha2-512.
         :param pulumi.Input[bool] allow_bare_domains: Specifies if host certificates that are requested are allowed to use the base domains listed in `allowed_domains`.
+        :param pulumi.Input[bool] allow_empty_principals: Allow signing certificates with no
+               valid principals (e.g. any valid principal). For backwards compatibility
+               only. The default of false is highly recommended.
         :param pulumi.Input[bool] allow_host_certificates: Specifies if certificates are allowed to be signed for use as a 'host'.
         :param pulumi.Input[bool] allow_subdomains: Specifies if host certificates that are requested are allowed to be subdomains of those listed in `allowed_domains`.
         :param pulumi.Input[bool] allow_user_certificates: Specifies if certificates are allowed to be signed for use as a 'user'.
@@ -187,6 +190,11 @@ class SecretBackendRoleArgs:
     @property
     @pulumi.getter(name="allowEmptyPrincipals")
     def allow_empty_principals(self) -> Optional[pulumi.Input[bool]]:
+        """
+        Allow signing certificates with no
+        valid principals (e.g. any valid principal). For backwards compatibility
+        only. The default of false is highly recommended.
+        """
         return pulumi.get(self, "allow_empty_principals")
 
     @allow_empty_principals.setter
@@ -498,6 +506,9 @@ class _SecretBackendRoleState:
         Input properties used for looking up and filtering SecretBackendRole resources.
         :param pulumi.Input[str] algorithm_signer: When supplied, this value specifies a signing algorithm for the key. Possible values: ssh-rsa, rsa-sha2-256, rsa-sha2-512.
         :param pulumi.Input[bool] allow_bare_domains: Specifies if host certificates that are requested are allowed to use the base domains listed in `allowed_domains`.
+        :param pulumi.Input[bool] allow_empty_principals: Allow signing certificates with no
+               valid principals (e.g. any valid principal). For backwards compatibility
+               only. The default of false is highly recommended.
         :param pulumi.Input[bool] allow_host_certificates: Specifies if certificates are allowed to be signed for use as a 'host'.
         :param pulumi.Input[bool] allow_subdomains: Specifies if host certificates that are requested are allowed to be subdomains of those listed in `allowed_domains`.
         :param pulumi.Input[bool] allow_user_certificates: Specifies if certificates are allowed to be signed for use as a 'user'.
@@ -611,6 +622,11 @@ class _SecretBackendRoleState:
     @property
     @pulumi.getter(name="allowEmptyPrincipals")
     def allow_empty_principals(self) -> Optional[pulumi.Input[bool]]:
+        """
+        Allow signing certificates with no
+        valid principals (e.g. any valid principal). For backwards compatibility
+        only. The default of false is highly recommended.
+        """
         return pulumi.get(self, "allow_empty_principals")
 
     @allow_empty_principals.setter
@@ -982,6 +998,9 @@ class SecretBackendRole(pulumi.CustomResource):
         :param pulumi.ResourceOptions opts: Options for the resource.
         :param pulumi.Input[str] algorithm_signer: When supplied, this value specifies a signing algorithm for the key. Possible values: ssh-rsa, rsa-sha2-256, rsa-sha2-512.
         :param pulumi.Input[bool] allow_bare_domains: Specifies if host certificates that are requested are allowed to use the base domains listed in `allowed_domains`.
+        :param pulumi.Input[bool] allow_empty_principals: Allow signing certificates with no
+               valid principals (e.g. any valid principal). For backwards compatibility
+               only. The default of false is highly recommended.
         :param pulumi.Input[bool] allow_host_certificates: Specifies if certificates are allowed to be signed for use as a 'host'.
         :param pulumi.Input[bool] allow_subdomains: Specifies if host certificates that are requested are allowed to be subdomains of those listed in `allowed_domains`.
         :param pulumi.Input[bool] allow_user_certificates: Specifies if certificates are allowed to be signed for use as a 'user'.
@@ -1180,6 +1199,9 @@ class SecretBackendRole(pulumi.CustomResource):
         :param pulumi.ResourceOptions opts: Options for the resource.
         :param pulumi.Input[str] algorithm_signer: When supplied, this value specifies a signing algorithm for the key. Possible values: ssh-rsa, rsa-sha2-256, rsa-sha2-512.
         :param pulumi.Input[bool] allow_bare_domains: Specifies if host certificates that are requested are allowed to use the base domains listed in `allowed_domains`.
+        :param pulumi.Input[bool] allow_empty_principals: Allow signing certificates with no
+               valid principals (e.g. any valid principal). For backwards compatibility
+               only. The default of false is highly recommended.
         :param pulumi.Input[bool] allow_host_certificates: Specifies if certificates are allowed to be signed for use as a 'host'.
         :param pulumi.Input[bool] allow_subdomains: Specifies if host certificates that are requested are allowed to be subdomains of those listed in `allowed_domains`.
         :param pulumi.Input[bool] allow_user_certificates: Specifies if certificates are allowed to be signed for use as a 'user'.
@@ -1263,6 +1285,11 @@ class SecretBackendRole(pulumi.CustomResource):
     @property
     @pulumi.getter(name="allowEmptyPrincipals")
     def allow_empty_principals(self) -> pulumi.Output[Optional[bool]]:
+        """
+        Allow signing certificates with no
+        valid principals (e.g. any valid principal). For backwards compatibility
+        only. The default of false is highly recommended.
+        """
         return pulumi.get(self, "allow_empty_principals")
 
     @property

pulumi_vault/terraformcloud/secret_role.py

@@ -34,7 +34,7 @@ class SecretRoleArgs:
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
-        :param pulumi.Input[int] ttl: Specifies the TTL for this role.
+        :param pulumi.Input[int] ttl: Specifies the TTL for this role, in seconds.
         """
         if backend is not None:
             pulumi.set(__self__, "backend", backend)
@@ -120,7 +120,7 @@ class SecretRoleArgs:
     @pulumi.getter
     def ttl(self) -> Optional[pulumi.Input[int]]:
         """
-        Specifies the TTL for this role.
+        Specifies the TTL for this role, in seconds.
         """
         return pulumi.get(self, "ttl")
 
@@ -156,7 +156,7 @@ class _SecretRoleState:
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
-        :param pulumi.Input[int] ttl: Specifies the TTL for this role.
+        :param pulumi.Input[int] ttl: Specifies the TTL for this role, in seconds.
         """
         if backend is not None:
             pulumi.set(__self__, "backend", backend)
@@ -242,7 +242,7 @@ class _SecretRoleState:
     @pulumi.getter
     def ttl(self) -> Optional[pulumi.Input[int]]:
         """
-        Specifies the TTL for this role.
+        Specifies the TTL for this role, in seconds.
         """
         return pulumi.get(self, "ttl")
 
@@ -307,7 +307,7 @@ class SecretRole(pulumi.CustomResource):
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
-        :param pulumi.Input[int] ttl: Specifies the TTL for this role.
+        :param pulumi.Input[int] ttl: Specifies the TTL for this role, in seconds.
         """
         ...
     @overload
@@ -411,7 +411,7 @@ class SecretRole(pulumi.CustomResource):
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
-        :param pulumi.Input[int] ttl: Specifies the TTL for this role.
+        :param pulumi.Input[int] ttl: Specifies the TTL for this role, in seconds.
         """
         opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
 
@@ -470,7 +470,7 @@ class SecretRole(pulumi.CustomResource):
     @pulumi.getter
     def ttl(self) -> pulumi.Output[Optional[int]]:
         """
-        Specifies the TTL for this role.
+        Specifies the TTL for this role, in seconds.
         """
         return pulumi.get(self, "ttl")
 

pulumi_vault/transit/__init__.py

@@ -7,5 +7,7 @@ import typing
 # Export this package's modules as members:
 from .get_decrypt import *
 from .get_encrypt import *
+from .get_sign import *
+from .get_verify import *
 from .secret_backend_key import *
 from .secret_cache_config import *

pulumi_vault/transit/get_sign.py

@@ -0,0 +1,324 @@
+# coding=utf-8
+# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
+# *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+import copy
+import warnings
+import sys
+import pulumi
+import pulumi.runtime
+from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
+from .. import _utilities
+
+__all__ = [
+    'GetSignResult',
+    'AwaitableGetSignResult',
+    'get_sign',
+    'get_sign_output',
+]
+
+@pulumi.output_type
+class GetSignResult:
+    """
+    A collection of values returned by getSign.
+    """
+    def __init__(__self__, batch_inputs=None, batch_results=None, context=None, hash_algorithm=None, id=None, input=None, key_version=None, marshaling_algorithm=None, name=None, namespace=None, path=None, prehashed=None, reference=None, salt_length=None, signature=None, signature_algorithm=None, signature_context=None):
+        if batch_inputs and not isinstance(batch_inputs, list):
+            raise TypeError("Expected argument 'batch_inputs' to be a list")
+        pulumi.set(__self__, "batch_inputs", batch_inputs)
+        if batch_results and not isinstance(batch_results, list):
+            raise TypeError("Expected argument 'batch_results' to be a list")
+        pulumi.set(__self__, "batch_results", batch_results)
+        if context and not isinstance(context, str):
+            raise TypeError("Expected argument 'context' to be a str")
+        pulumi.set(__self__, "context", context)
+        if hash_algorithm and not isinstance(hash_algorithm, str):
+            raise TypeError("Expected argument 'hash_algorithm' to be a str")
+        pulumi.set(__self__, "hash_algorithm", hash_algorithm)
+        if id and not isinstance(id, str):
+            raise TypeError("Expected argument 'id' to be a str")
+        pulumi.set(__self__, "id", id)
+        if input and not isinstance(input, str):
+            raise TypeError("Expected argument 'input' to be a str")
+        pulumi.set(__self__, "input", input)
+        if key_version and not isinstance(key_version, int):
+            raise TypeError("Expected argument 'key_version' to be a int")
+        pulumi.set(__self__, "key_version", key_version)
+        if marshaling_algorithm and not isinstance(marshaling_algorithm, str):
+            raise TypeError("Expected argument 'marshaling_algorithm' to be a str")
+        pulumi.set(__self__, "marshaling_algorithm", marshaling_algorithm)
+        if name and not isinstance(name, str):
+            raise TypeError("Expected argument 'name' to be a str")
+        pulumi.set(__self__, "name", name)
+        if namespace and not isinstance(namespace, str):
+            raise TypeError("Expected argument 'namespace' to be a str")
+        pulumi.set(__self__, "namespace", namespace)
+        if path and not isinstance(path, str):
+            raise TypeError("Expected argument 'path' to be a str")
+        pulumi.set(__self__, "path", path)
+        if prehashed and not isinstance(prehashed, bool):
+            raise TypeError("Expected argument 'prehashed' to be a bool")
+        pulumi.set(__self__, "prehashed", prehashed)
+        if reference and not isinstance(reference, str):
+            raise TypeError("Expected argument 'reference' to be a str")
+        pulumi.set(__self__, "reference", reference)
+        if salt_length and not isinstance(salt_length, str):
+            raise TypeError("Expected argument 'salt_length' to be a str")
+        pulumi.set(__self__, "salt_length", salt_length)
+        if signature and not isinstance(signature, str):
+            raise TypeError("Expected argument 'signature' to be a str")
+        pulumi.set(__self__, "signature", signature)
+        if signature_algorithm and not isinstance(signature_algorithm, str):
+            raise TypeError("Expected argument 'signature_algorithm' to be a str")
+        pulumi.set(__self__, "signature_algorithm", signature_algorithm)
+        if signature_context and not isinstance(signature_context, str):
+            raise TypeError("Expected argument 'signature_context' to be a str")
+        pulumi.set(__self__, "signature_context", signature_context)
+
+    @property
+    @pulumi.getter(name="batchInputs")
+    def batch_inputs(self) -> Optional[Sequence[Mapping[str, str]]]:
+        return pulumi.get(self, "batch_inputs")
+
+    @property
+    @pulumi.getter(name="batchResults")
+    def batch_results(self) -> Sequence[Mapping[str, str]]:
+        """
+        The results returned from Vault if using `batch_input`
+        """
+        return pulumi.get(self, "batch_results")
+
+    @property
+    @pulumi.getter
+    def context(self) -> Optional[str]:
+        return pulumi.get(self, "context")
+
+    @property
+    @pulumi.getter(name="hashAlgorithm")
+    def hash_algorithm(self) -> Optional[str]:
+        return pulumi.get(self, "hash_algorithm")
+
+    @property
+    @pulumi.getter
+    def id(self) -> str:
+        """
+        The provider-assigned unique ID for this managed resource.
+        """
+        return pulumi.get(self, "id")
+
+    @property
+    @pulumi.getter
+    def input(self) -> Optional[str]:
+        return pulumi.get(self, "input")
+
+    @property
+    @pulumi.getter(name="keyVersion")
+    def key_version(self) -> Optional[int]:
+        return pulumi.get(self, "key_version")
+
+    @property
+    @pulumi.getter(name="marshalingAlgorithm")
+    def marshaling_algorithm(self) -> Optional[str]:
+        return pulumi.get(self, "marshaling_algorithm")
+
+    @property
+    @pulumi.getter
+    def name(self) -> str:
+        return pulumi.get(self, "name")
+
+    @property
+    @pulumi.getter
+    def namespace(self) -> Optional[str]:
+        return pulumi.get(self, "namespace")
+
+    @property
+    @pulumi.getter
+    def path(self) -> str:
+        return pulumi.get(self, "path")
+
+    @property
+    @pulumi.getter
+    def prehashed(self) -> Optional[bool]:
+        return pulumi.get(self, "prehashed")
+
+    @property
+    @pulumi.getter
+    def reference(self) -> Optional[str]:
+        return pulumi.get(self, "reference")
+
+    @property
+    @pulumi.getter(name="saltLength")
+    def salt_length(self) -> Optional[str]:
+        return pulumi.get(self, "salt_length")
+
+    @property
+    @pulumi.getter
+    def signature(self) -> str:
+        """
+        The signature returned from Vault if using `input`
+        """
+        return pulumi.get(self, "signature")
+
+    @property
+    @pulumi.getter(name="signatureAlgorithm")
+    def signature_algorithm(self) -> Optional[str]:
+        return pulumi.get(self, "signature_algorithm")
+
+    @property
+    @pulumi.getter(name="signatureContext")
+    def signature_context(self) -> Optional[str]:
+        return pulumi.get(self, "signature_context")
+
+
+class AwaitableGetSignResult(GetSignResult):
+    # pylint: disable=using-constant-test
+    def __await__(self):
+        if False:
+            yield self
+        return GetSignResult(
+            batch_inputs=self.batch_inputs,
+            batch_results=self.batch_results,
+            context=self.context,
+            hash_algorithm=self.hash_algorithm,
+            id=self.id,
+            input=self.input,
+            key_version=self.key_version,
+            marshaling_algorithm=self.marshaling_algorithm,
+            name=self.name,
+            namespace=self.namespace,
+            path=self.path,
+            prehashed=self.prehashed,
+            reference=self.reference,
+            salt_length=self.salt_length,
+            signature=self.signature,
+            signature_algorithm=self.signature_algorithm,
+            signature_context=self.signature_context)
+
+
+def get_sign(batch_inputs: Optional[Sequence[Mapping[str, str]]] = None,
+             batch_results: Optional[Sequence[Mapping[str, str]]] = None,
+             context: Optional[str] = None,
+             hash_algorithm: Optional[str] = None,
+             input: Optional[str] = None,
+             key_version: Optional[int] = None,
+             marshaling_algorithm: Optional[str] = None,
+             name: Optional[str] = None,
+             namespace: Optional[str] = None,
+             path: Optional[str] = None,
+             prehashed: Optional[bool] = None,
+             reference: Optional[str] = None,
+             salt_length: Optional[str] = None,
+             signature: Optional[str] = None,
+             signature_algorithm: Optional[str] = None,
+             signature_context: Optional[str] = None,
+             opts: Optional[pulumi.InvokeOptions] = None) -> AwaitableGetSignResult:
+    """
+    This is a data source which can be used to generate a signature using a Vault Transit key.
+
+
+    :param Sequence[Mapping[str, str]] batch_results: The results returned from Vault if using `batch_input`
+    :param str signature: The signature returned from Vault if using `input`
+    """
+    __args__ = dict()
+    __args__['batchInputs'] = batch_inputs
+    __args__['batchResults'] = batch_results
+    __args__['context'] = context
+    __args__['hashAlgorithm'] = hash_algorithm
+    __args__['input'] = input
+    __args__['keyVersion'] = key_version
+    __args__['marshalingAlgorithm'] = marshaling_algorithm
+    __args__['name'] = name
+    __args__['namespace'] = namespace
+    __args__['path'] = path
+    __args__['prehashed'] = prehashed
+    __args__['reference'] = reference
+    __args__['saltLength'] = salt_length
+    __args__['signature'] = signature
+    __args__['signatureAlgorithm'] = signature_algorithm
+    __args__['signatureContext'] = signature_context
+    opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts)
+    __ret__ = pulumi.runtime.invoke('vault:transit/getSign:getSign', __args__, opts=opts, typ=GetSignResult).value
+
+    return AwaitableGetSignResult(
+        batch_inputs=pulumi.get(__ret__, 'batch_inputs'),
+        batch_results=pulumi.get(__ret__, 'batch_results'),
+        context=pulumi.get(__ret__, 'context'),
+        hash_algorithm=pulumi.get(__ret__, 'hash_algorithm'),
+        id=pulumi.get(__ret__, 'id'),
+        input=pulumi.get(__ret__, 'input'),
+        key_version=pulumi.get(__ret__, 'key_version'),
+        marshaling_algorithm=pulumi.get(__ret__, 'marshaling_algorithm'),
+        name=pulumi.get(__ret__, 'name'),
+        namespace=pulumi.get(__ret__, 'namespace'),
+        path=pulumi.get(__ret__, 'path'),
+        prehashed=pulumi.get(__ret__, 'prehashed'),
+        reference=pulumi.get(__ret__, 'reference'),
+        salt_length=pulumi.get(__ret__, 'salt_length'),
+        signature=pulumi.get(__ret__, 'signature'),
+        signature_algorithm=pulumi.get(__ret__, 'signature_algorithm'),
+        signature_context=pulumi.get(__ret__, 'signature_context'))
+def get_sign_output(batch_inputs: Optional[pulumi.Input[Optional[Sequence[Mapping[str, str]]]]] = None,
+                    batch_results: Optional[pulumi.Input[Optional[Sequence[Mapping[str, str]]]]] = None,
+                    context: Optional[pulumi.Input[Optional[str]]] = None,
+                    hash_algorithm: Optional[pulumi.Input[Optional[str]]] = None,
+                    input: Optional[pulumi.Input[Optional[str]]] = None,
+                    key_version: Optional[pulumi.Input[Optional[int]]] = None,
+                    marshaling_algorithm: Optional[pulumi.Input[Optional[str]]] = None,
+                    name: Optional[pulumi.Input[str]] = None,
+                    namespace: Optional[pulumi.Input[Optional[str]]] = None,
+                    path: Optional[pulumi.Input[str]] = None,
+                    prehashed: Optional[pulumi.Input[Optional[bool]]] = None,
+                    reference: Optional[pulumi.Input[Optional[str]]] = None,
+                    salt_length: Optional[pulumi.Input[Optional[str]]] = None,
+                    signature: Optional[pulumi.Input[Optional[str]]] = None,
+                    signature_algorithm: Optional[pulumi.Input[Optional[str]]] = None,
+                    signature_context: Optional[pulumi.Input[Optional[str]]] = None,
+                    opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetSignResult]:
+    """
+    This is a data source which can be used to generate a signature using a Vault Transit key.
+
+
+    :param Sequence[Mapping[str, str]] batch_results: The results returned from Vault if using `batch_input`
+    :param str signature: The signature returned from Vault if using `input`
+    """
+    __args__ = dict()
+    __args__['batchInputs'] = batch_inputs
+    __args__['batchResults'] = batch_results
+    __args__['context'] = context
+    __args__['hashAlgorithm'] = hash_algorithm
+    __args__['input'] = input
+    __args__['keyVersion'] = key_version
+    __args__['marshalingAlgorithm'] = marshaling_algorithm
+    __args__['name'] = name
+    __args__['namespace'] = namespace
+    __args__['path'] = path
+    __args__['prehashed'] = prehashed
+    __args__['reference'] = reference
+    __args__['saltLength'] = salt_length
+    __args__['signature'] = signature
+    __args__['signatureAlgorithm'] = signature_algorithm
+    __args__['signatureContext'] = signature_context
+    opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts)
+    __ret__ = pulumi.runtime.invoke_output('vault:transit/getSign:getSign', __args__, opts=opts, typ=GetSignResult)
+    return __ret__.apply(lambda __response__: GetSignResult(
+        batch_inputs=pulumi.get(__response__, 'batch_inputs'),
+        batch_results=pulumi.get(__response__, 'batch_results'),
+        context=pulumi.get(__response__, 'context'),
+        hash_algorithm=pulumi.get(__response__, 'hash_algorithm'),
+        id=pulumi.get(__response__, 'id'),
+        input=pulumi.get(__response__, 'input'),
+        key_version=pulumi.get(__response__, 'key_version'),
+        marshaling_algorithm=pulumi.get(__response__, 'marshaling_algorithm'),
+        name=pulumi.get(__response__, 'name'),
+        namespace=pulumi.get(__response__, 'namespace'),
+        path=pulumi.get(__response__, 'path'),
+        prehashed=pulumi.get(__response__, 'prehashed'),
+        reference=pulumi.get(__response__, 'reference'),
+        salt_length=pulumi.get(__response__, 'salt_length'),
+        signature=pulumi.get(__response__, 'signature'),
+        signature_algorithm=pulumi.get(__response__, 'signature_algorithm'),
+        signature_context=pulumi.get(__response__, 'signature_context')))