pulumi-vault 6.6.0a1741329548__py3-none-any.whl → 6.6.0a1741836364__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +8 -0
- pulumi_vault/aws/auth_backend_client.py +228 -4
- pulumi_vault/aws/secret_backend.py +266 -50
- pulumi_vault/aws/secret_backend_static_role.py +217 -0
- pulumi_vault/azure/auth_backend_config.py +257 -5
- pulumi_vault/azure/backend.py +249 -4
- pulumi_vault/database/_inputs.py +1692 -36
- pulumi_vault/database/outputs.py +1170 -18
- pulumi_vault/database/secret_backend_connection.py +220 -0
- pulumi_vault/database/secret_backend_static_role.py +143 -1
- pulumi_vault/database/secrets_mount.py +8 -0
- pulumi_vault/gcp/auth_backend.py +222 -2
- pulumi_vault/gcp/secret_backend.py +244 -4
- pulumi_vault/ldap/auth_backend.py +222 -2
- pulumi_vault/ldap/secret_backend.py +222 -2
- pulumi_vault/pkisecret/__init__.py +2 -0
- pulumi_vault/pkisecret/_inputs.py +0 -6
- pulumi_vault/pkisecret/backend_config_acme.py +47 -0
- pulumi_vault/pkisecret/backend_config_auto_tidy.py +1376 -0
- pulumi_vault/pkisecret/backend_config_cmpv2.py +61 -14
- pulumi_vault/pkisecret/get_backend_cert_metadata.py +277 -0
- pulumi_vault/pkisecret/get_backend_config_cmpv2.py +18 -1
- pulumi_vault/pkisecret/get_backend_issuer.py +114 -1
- pulumi_vault/pkisecret/outputs.py +0 -4
- pulumi_vault/pkisecret/secret_backend_cert.py +148 -7
- pulumi_vault/pkisecret/secret_backend_crl_config.py +54 -0
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +141 -0
- pulumi_vault/pkisecret/secret_backend_issuer.py +265 -0
- pulumi_vault/pkisecret/secret_backend_role.py +252 -3
- pulumi_vault/pkisecret/secret_backend_root_cert.py +423 -0
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +581 -3
- pulumi_vault/pkisecret/secret_backend_sign.py +94 -0
- pulumi_vault/pulumi-plugin.json +1 -1
- pulumi_vault/ssh/__init__.py +1 -0
- pulumi_vault/ssh/get_secret_backend_sign.py +294 -0
- pulumi_vault/terraformcloud/secret_role.py +7 -7
- pulumi_vault/transit/__init__.py +2 -0
- pulumi_vault/transit/get_sign.py +324 -0
- pulumi_vault/transit/get_verify.py +354 -0
- pulumi_vault/transit/secret_backend_key.py +162 -0
- {pulumi_vault-6.6.0a1741329548.dist-info → pulumi_vault-6.6.0a1741836364.dist-info}/METADATA +1 -1
- {pulumi_vault-6.6.0a1741329548.dist-info → pulumi_vault-6.6.0a1741836364.dist-info}/RECORD +44 -39
- {pulumi_vault-6.6.0a1741329548.dist-info → pulumi_vault-6.6.0a1741836364.dist-info}/WHEEL +1 -1
- {pulumi_vault-6.6.0a1741329548.dist-info → pulumi_vault-6.6.0a1741836364.dist-info}/top_level.txt +0 -0
@@ -32,6 +32,7 @@ class SecretBackendArgs:
|
|
32
32
|
default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
33
33
|
delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
34
34
|
description: Optional[pulumi.Input[str]] = None,
|
35
|
+
disable_automated_rotation: Optional[pulumi.Input[bool]] = None,
|
35
36
|
disable_remount: Optional[pulumi.Input[bool]] = None,
|
36
37
|
external_entropy_access: Optional[pulumi.Input[bool]] = None,
|
37
38
|
identity_token_key: Optional[pulumi.Input[str]] = None,
|
@@ -46,6 +47,9 @@ class SecretBackendArgs:
|
|
46
47
|
path: Optional[pulumi.Input[str]] = None,
|
47
48
|
plugin_version: Optional[pulumi.Input[str]] = None,
|
48
49
|
request_timeout: Optional[pulumi.Input[int]] = None,
|
50
|
+
rotation_period: Optional[pulumi.Input[int]] = None,
|
51
|
+
rotation_schedule: Optional[pulumi.Input[str]] = None,
|
52
|
+
rotation_window: Optional[pulumi.Input[int]] = None,
|
49
53
|
schema: Optional[pulumi.Input[str]] = None,
|
50
54
|
seal_wrap: Optional[pulumi.Input[bool]] = None,
|
51
55
|
skip_static_role_import_rotation: Optional[pulumi.Input[bool]] = None,
|
@@ -71,6 +75,7 @@ class SecretBackendArgs:
|
|
71
75
|
:param pulumi.Input[int] default_lease_ttl_seconds: Default lease duration for secrets in seconds.
|
72
76
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] delegated_auth_accessors: List of headers to allow and pass from the request to the plugin
|
73
77
|
:param pulumi.Input[str] description: Human-friendly description of the mount for the Active Directory backend.
|
78
|
+
:param pulumi.Input[bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
74
79
|
:param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
|
75
80
|
:param pulumi.Input[bool] external_entropy_access: Enable the secrets engine to access Vault's external entropy source
|
76
81
|
:param pulumi.Input[str] identity_token_key: The key to use for signing plugin workload identity tokens
|
@@ -92,6 +97,13 @@ class SecretBackendArgs:
|
|
92
97
|
:param pulumi.Input[str] plugin_version: Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
|
93
98
|
:param pulumi.Input[int] request_timeout: Timeout, in seconds, for the connection when making requests against the server
|
94
99
|
before returning back an error.
|
100
|
+
:param pulumi.Input[int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
|
101
|
+
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
102
|
+
:param pulumi.Input[str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
103
|
+
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
104
|
+
:param pulumi.Input[int] rotation_window: The maximum amount of time in seconds allowed to complete
|
105
|
+
a rotation when a scheduled token rotation occurs. The default rotation window is
|
106
|
+
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
|
95
107
|
:param pulumi.Input[str] schema: The LDAP schema to use when storing entry passwords. Valid schemas include `openldap`, `ad`, and `racf`. Default is `openldap`.
|
96
108
|
:param pulumi.Input[bool] seal_wrap: Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
|
97
109
|
:param pulumi.Input[bool] skip_static_role_import_rotation: If set to true, static roles will not be rotated during import.
|
@@ -127,6 +139,8 @@ class SecretBackendArgs:
|
|
127
139
|
pulumi.set(__self__, "delegated_auth_accessors", delegated_auth_accessors)
|
128
140
|
if description is not None:
|
129
141
|
pulumi.set(__self__, "description", description)
|
142
|
+
if disable_automated_rotation is not None:
|
143
|
+
pulumi.set(__self__, "disable_automated_rotation", disable_automated_rotation)
|
130
144
|
if disable_remount is not None:
|
131
145
|
pulumi.set(__self__, "disable_remount", disable_remount)
|
132
146
|
if external_entropy_access is not None:
|
@@ -155,6 +169,12 @@ class SecretBackendArgs:
|
|
155
169
|
pulumi.set(__self__, "plugin_version", plugin_version)
|
156
170
|
if request_timeout is not None:
|
157
171
|
pulumi.set(__self__, "request_timeout", request_timeout)
|
172
|
+
if rotation_period is not None:
|
173
|
+
pulumi.set(__self__, "rotation_period", rotation_period)
|
174
|
+
if rotation_schedule is not None:
|
175
|
+
pulumi.set(__self__, "rotation_schedule", rotation_schedule)
|
176
|
+
if rotation_window is not None:
|
177
|
+
pulumi.set(__self__, "rotation_window", rotation_window)
|
158
178
|
if schema is not None:
|
159
179
|
pulumi.set(__self__, "schema", schema)
|
160
180
|
if seal_wrap is not None:
|
@@ -330,6 +350,18 @@ class SecretBackendArgs:
|
|
330
350
|
def description(self, value: Optional[pulumi.Input[str]]):
|
331
351
|
pulumi.set(self, "description", value)
|
332
352
|
|
353
|
+
@property
|
354
|
+
@pulumi.getter(name="disableAutomatedRotation")
|
355
|
+
def disable_automated_rotation(self) -> Optional[pulumi.Input[bool]]:
|
356
|
+
"""
|
357
|
+
Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
358
|
+
"""
|
359
|
+
return pulumi.get(self, "disable_automated_rotation")
|
360
|
+
|
361
|
+
@disable_automated_rotation.setter
|
362
|
+
def disable_automated_rotation(self, value: Optional[pulumi.Input[bool]]):
|
363
|
+
pulumi.set(self, "disable_automated_rotation", value)
|
364
|
+
|
333
365
|
@property
|
334
366
|
@pulumi.getter(name="disableRemount")
|
335
367
|
def disable_remount(self) -> Optional[pulumi.Input[bool]]:
|
@@ -505,6 +537,46 @@ class SecretBackendArgs:
|
|
505
537
|
def request_timeout(self, value: Optional[pulumi.Input[int]]):
|
506
538
|
pulumi.set(self, "request_timeout", value)
|
507
539
|
|
540
|
+
@property
|
541
|
+
@pulumi.getter(name="rotationPeriod")
|
542
|
+
def rotation_period(self) -> Optional[pulumi.Input[int]]:
|
543
|
+
"""
|
544
|
+
The amount of time in seconds Vault should wait before rotating the root credential.
|
545
|
+
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
546
|
+
"""
|
547
|
+
return pulumi.get(self, "rotation_period")
|
548
|
+
|
549
|
+
@rotation_period.setter
|
550
|
+
def rotation_period(self, value: Optional[pulumi.Input[int]]):
|
551
|
+
pulumi.set(self, "rotation_period", value)
|
552
|
+
|
553
|
+
@property
|
554
|
+
@pulumi.getter(name="rotationSchedule")
|
555
|
+
def rotation_schedule(self) -> Optional[pulumi.Input[str]]:
|
556
|
+
"""
|
557
|
+
The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
558
|
+
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
559
|
+
"""
|
560
|
+
return pulumi.get(self, "rotation_schedule")
|
561
|
+
|
562
|
+
@rotation_schedule.setter
|
563
|
+
def rotation_schedule(self, value: Optional[pulumi.Input[str]]):
|
564
|
+
pulumi.set(self, "rotation_schedule", value)
|
565
|
+
|
566
|
+
@property
|
567
|
+
@pulumi.getter(name="rotationWindow")
|
568
|
+
def rotation_window(self) -> Optional[pulumi.Input[int]]:
|
569
|
+
"""
|
570
|
+
The maximum amount of time in seconds allowed to complete
|
571
|
+
a rotation when a scheduled token rotation occurs. The default rotation window is
|
572
|
+
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
|
573
|
+
"""
|
574
|
+
return pulumi.get(self, "rotation_window")
|
575
|
+
|
576
|
+
@rotation_window.setter
|
577
|
+
def rotation_window(self, value: Optional[pulumi.Input[int]]):
|
578
|
+
pulumi.set(self, "rotation_window", value)
|
579
|
+
|
508
580
|
@property
|
509
581
|
@pulumi.getter
|
510
582
|
def schema(self) -> Optional[pulumi.Input[str]]:
|
@@ -621,6 +693,7 @@ class _SecretBackendState:
|
|
621
693
|
default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
622
694
|
delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
623
695
|
description: Optional[pulumi.Input[str]] = None,
|
696
|
+
disable_automated_rotation: Optional[pulumi.Input[bool]] = None,
|
624
697
|
disable_remount: Optional[pulumi.Input[bool]] = None,
|
625
698
|
external_entropy_access: Optional[pulumi.Input[bool]] = None,
|
626
699
|
identity_token_key: Optional[pulumi.Input[str]] = None,
|
@@ -635,6 +708,9 @@ class _SecretBackendState:
|
|
635
708
|
path: Optional[pulumi.Input[str]] = None,
|
636
709
|
plugin_version: Optional[pulumi.Input[str]] = None,
|
637
710
|
request_timeout: Optional[pulumi.Input[int]] = None,
|
711
|
+
rotation_period: Optional[pulumi.Input[int]] = None,
|
712
|
+
rotation_schedule: Optional[pulumi.Input[str]] = None,
|
713
|
+
rotation_window: Optional[pulumi.Input[int]] = None,
|
638
714
|
schema: Optional[pulumi.Input[str]] = None,
|
639
715
|
seal_wrap: Optional[pulumi.Input[bool]] = None,
|
640
716
|
skip_static_role_import_rotation: Optional[pulumi.Input[bool]] = None,
|
@@ -661,6 +737,7 @@ class _SecretBackendState:
|
|
661
737
|
:param pulumi.Input[int] default_lease_ttl_seconds: Default lease duration for secrets in seconds.
|
662
738
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] delegated_auth_accessors: List of headers to allow and pass from the request to the plugin
|
663
739
|
:param pulumi.Input[str] description: Human-friendly description of the mount for the Active Directory backend.
|
740
|
+
:param pulumi.Input[bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
664
741
|
:param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
|
665
742
|
:param pulumi.Input[bool] external_entropy_access: Enable the secrets engine to access Vault's external entropy source
|
666
743
|
:param pulumi.Input[str] identity_token_key: The key to use for signing plugin workload identity tokens
|
@@ -682,6 +759,13 @@ class _SecretBackendState:
|
|
682
759
|
:param pulumi.Input[str] plugin_version: Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
|
683
760
|
:param pulumi.Input[int] request_timeout: Timeout, in seconds, for the connection when making requests against the server
|
684
761
|
before returning back an error.
|
762
|
+
:param pulumi.Input[int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
|
763
|
+
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
764
|
+
:param pulumi.Input[str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
765
|
+
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
766
|
+
:param pulumi.Input[int] rotation_window: The maximum amount of time in seconds allowed to complete
|
767
|
+
a rotation when a scheduled token rotation occurs. The default rotation window is
|
768
|
+
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
|
685
769
|
:param pulumi.Input[str] schema: The LDAP schema to use when storing entry passwords. Valid schemas include `openldap`, `ad`, and `racf`. Default is `openldap`.
|
686
770
|
:param pulumi.Input[bool] seal_wrap: Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
|
687
771
|
:param pulumi.Input[bool] skip_static_role_import_rotation: If set to true, static roles will not be rotated during import.
|
@@ -721,6 +805,8 @@ class _SecretBackendState:
|
|
721
805
|
pulumi.set(__self__, "delegated_auth_accessors", delegated_auth_accessors)
|
722
806
|
if description is not None:
|
723
807
|
pulumi.set(__self__, "description", description)
|
808
|
+
if disable_automated_rotation is not None:
|
809
|
+
pulumi.set(__self__, "disable_automated_rotation", disable_automated_rotation)
|
724
810
|
if disable_remount is not None:
|
725
811
|
pulumi.set(__self__, "disable_remount", disable_remount)
|
726
812
|
if external_entropy_access is not None:
|
@@ -749,6 +835,12 @@ class _SecretBackendState:
|
|
749
835
|
pulumi.set(__self__, "plugin_version", plugin_version)
|
750
836
|
if request_timeout is not None:
|
751
837
|
pulumi.set(__self__, "request_timeout", request_timeout)
|
838
|
+
if rotation_period is not None:
|
839
|
+
pulumi.set(__self__, "rotation_period", rotation_period)
|
840
|
+
if rotation_schedule is not None:
|
841
|
+
pulumi.set(__self__, "rotation_schedule", rotation_schedule)
|
842
|
+
if rotation_window is not None:
|
843
|
+
pulumi.set(__self__, "rotation_window", rotation_window)
|
752
844
|
if schema is not None:
|
753
845
|
pulumi.set(__self__, "schema", schema)
|
754
846
|
if seal_wrap is not None:
|
@@ -936,6 +1028,18 @@ class _SecretBackendState:
|
|
936
1028
|
def description(self, value: Optional[pulumi.Input[str]]):
|
937
1029
|
pulumi.set(self, "description", value)
|
938
1030
|
|
1031
|
+
@property
|
1032
|
+
@pulumi.getter(name="disableAutomatedRotation")
|
1033
|
+
def disable_automated_rotation(self) -> Optional[pulumi.Input[bool]]:
|
1034
|
+
"""
|
1035
|
+
Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
1036
|
+
"""
|
1037
|
+
return pulumi.get(self, "disable_automated_rotation")
|
1038
|
+
|
1039
|
+
@disable_automated_rotation.setter
|
1040
|
+
def disable_automated_rotation(self, value: Optional[pulumi.Input[bool]]):
|
1041
|
+
pulumi.set(self, "disable_automated_rotation", value)
|
1042
|
+
|
939
1043
|
@property
|
940
1044
|
@pulumi.getter(name="disableRemount")
|
941
1045
|
def disable_remount(self) -> Optional[pulumi.Input[bool]]:
|
@@ -1111,6 +1215,46 @@ class _SecretBackendState:
|
|
1111
1215
|
def request_timeout(self, value: Optional[pulumi.Input[int]]):
|
1112
1216
|
pulumi.set(self, "request_timeout", value)
|
1113
1217
|
|
1218
|
+
@property
|
1219
|
+
@pulumi.getter(name="rotationPeriod")
|
1220
|
+
def rotation_period(self) -> Optional[pulumi.Input[int]]:
|
1221
|
+
"""
|
1222
|
+
The amount of time in seconds Vault should wait before rotating the root credential.
|
1223
|
+
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
1224
|
+
"""
|
1225
|
+
return pulumi.get(self, "rotation_period")
|
1226
|
+
|
1227
|
+
@rotation_period.setter
|
1228
|
+
def rotation_period(self, value: Optional[pulumi.Input[int]]):
|
1229
|
+
pulumi.set(self, "rotation_period", value)
|
1230
|
+
|
1231
|
+
@property
|
1232
|
+
@pulumi.getter(name="rotationSchedule")
|
1233
|
+
def rotation_schedule(self) -> Optional[pulumi.Input[str]]:
|
1234
|
+
"""
|
1235
|
+
The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
1236
|
+
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
1237
|
+
"""
|
1238
|
+
return pulumi.get(self, "rotation_schedule")
|
1239
|
+
|
1240
|
+
@rotation_schedule.setter
|
1241
|
+
def rotation_schedule(self, value: Optional[pulumi.Input[str]]):
|
1242
|
+
pulumi.set(self, "rotation_schedule", value)
|
1243
|
+
|
1244
|
+
@property
|
1245
|
+
@pulumi.getter(name="rotationWindow")
|
1246
|
+
def rotation_window(self) -> Optional[pulumi.Input[int]]:
|
1247
|
+
"""
|
1248
|
+
The maximum amount of time in seconds allowed to complete
|
1249
|
+
a rotation when a scheduled token rotation occurs. The default rotation window is
|
1250
|
+
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
|
1251
|
+
"""
|
1252
|
+
return pulumi.get(self, "rotation_window")
|
1253
|
+
|
1254
|
+
@rotation_window.setter
|
1255
|
+
def rotation_window(self, value: Optional[pulumi.Input[int]]):
|
1256
|
+
pulumi.set(self, "rotation_window", value)
|
1257
|
+
|
1114
1258
|
@property
|
1115
1259
|
@pulumi.getter
|
1116
1260
|
def schema(self) -> Optional[pulumi.Input[str]]:
|
@@ -1228,6 +1372,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1228
1372
|
default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
1229
1373
|
delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1230
1374
|
description: Optional[pulumi.Input[str]] = None,
|
1375
|
+
disable_automated_rotation: Optional[pulumi.Input[bool]] = None,
|
1231
1376
|
disable_remount: Optional[pulumi.Input[bool]] = None,
|
1232
1377
|
external_entropy_access: Optional[pulumi.Input[bool]] = None,
|
1233
1378
|
identity_token_key: Optional[pulumi.Input[str]] = None,
|
@@ -1242,6 +1387,9 @@ class SecretBackend(pulumi.CustomResource):
|
|
1242
1387
|
path: Optional[pulumi.Input[str]] = None,
|
1243
1388
|
plugin_version: Optional[pulumi.Input[str]] = None,
|
1244
1389
|
request_timeout: Optional[pulumi.Input[int]] = None,
|
1390
|
+
rotation_period: Optional[pulumi.Input[int]] = None,
|
1391
|
+
rotation_schedule: Optional[pulumi.Input[str]] = None,
|
1392
|
+
rotation_window: Optional[pulumi.Input[int]] = None,
|
1245
1393
|
schema: Optional[pulumi.Input[str]] = None,
|
1246
1394
|
seal_wrap: Optional[pulumi.Input[bool]] = None,
|
1247
1395
|
skip_static_role_import_rotation: Optional[pulumi.Input[bool]] = None,
|
@@ -1264,7 +1412,9 @@ class SecretBackend(pulumi.CustomResource):
|
|
1264
1412
|
bindpass="SuperSecretPassw0rd",
|
1265
1413
|
url="ldaps://localhost",
|
1266
1414
|
insecure_tls=True,
|
1267
|
-
userdn="CN=Users,DC=corp,DC=example,DC=net"
|
1415
|
+
userdn="CN=Users,DC=corp,DC=example,DC=net",
|
1416
|
+
rotation_schedule="0 * * * SAT",
|
1417
|
+
rotation_window=3600)
|
1268
1418
|
```
|
1269
1419
|
|
1270
1420
|
## Import
|
@@ -1292,6 +1442,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1292
1442
|
:param pulumi.Input[int] default_lease_ttl_seconds: Default lease duration for secrets in seconds.
|
1293
1443
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] delegated_auth_accessors: List of headers to allow and pass from the request to the plugin
|
1294
1444
|
:param pulumi.Input[str] description: Human-friendly description of the mount for the Active Directory backend.
|
1445
|
+
:param pulumi.Input[bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
1295
1446
|
:param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
|
1296
1447
|
:param pulumi.Input[bool] external_entropy_access: Enable the secrets engine to access Vault's external entropy source
|
1297
1448
|
:param pulumi.Input[str] identity_token_key: The key to use for signing plugin workload identity tokens
|
@@ -1313,6 +1464,13 @@ class SecretBackend(pulumi.CustomResource):
|
|
1313
1464
|
:param pulumi.Input[str] plugin_version: Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
|
1314
1465
|
:param pulumi.Input[int] request_timeout: Timeout, in seconds, for the connection when making requests against the server
|
1315
1466
|
before returning back an error.
|
1467
|
+
:param pulumi.Input[int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
|
1468
|
+
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
1469
|
+
:param pulumi.Input[str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
1470
|
+
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
1471
|
+
:param pulumi.Input[int] rotation_window: The maximum amount of time in seconds allowed to complete
|
1472
|
+
a rotation when a scheduled token rotation occurs. The default rotation window is
|
1473
|
+
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
|
1316
1474
|
:param pulumi.Input[str] schema: The LDAP schema to use when storing entry passwords. Valid schemas include `openldap`, `ad`, and `racf`. Default is `openldap`.
|
1317
1475
|
:param pulumi.Input[bool] seal_wrap: Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
|
1318
1476
|
:param pulumi.Input[bool] skip_static_role_import_rotation: If set to true, static roles will not be rotated during import.
|
@@ -1343,7 +1501,9 @@ class SecretBackend(pulumi.CustomResource):
|
|
1343
1501
|
bindpass="SuperSecretPassw0rd",
|
1344
1502
|
url="ldaps://localhost",
|
1345
1503
|
insecure_tls=True,
|
1346
|
-
userdn="CN=Users,DC=corp,DC=example,DC=net"
|
1504
|
+
userdn="CN=Users,DC=corp,DC=example,DC=net",
|
1505
|
+
rotation_schedule="0 * * * SAT",
|
1506
|
+
rotation_window=3600)
|
1347
1507
|
```
|
1348
1508
|
|
1349
1509
|
## Import
|
@@ -1382,6 +1542,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1382
1542
|
default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
1383
1543
|
delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1384
1544
|
description: Optional[pulumi.Input[str]] = None,
|
1545
|
+
disable_automated_rotation: Optional[pulumi.Input[bool]] = None,
|
1385
1546
|
disable_remount: Optional[pulumi.Input[bool]] = None,
|
1386
1547
|
external_entropy_access: Optional[pulumi.Input[bool]] = None,
|
1387
1548
|
identity_token_key: Optional[pulumi.Input[str]] = None,
|
@@ -1396,6 +1557,9 @@ class SecretBackend(pulumi.CustomResource):
|
|
1396
1557
|
path: Optional[pulumi.Input[str]] = None,
|
1397
1558
|
plugin_version: Optional[pulumi.Input[str]] = None,
|
1398
1559
|
request_timeout: Optional[pulumi.Input[int]] = None,
|
1560
|
+
rotation_period: Optional[pulumi.Input[int]] = None,
|
1561
|
+
rotation_schedule: Optional[pulumi.Input[str]] = None,
|
1562
|
+
rotation_window: Optional[pulumi.Input[int]] = None,
|
1399
1563
|
schema: Optional[pulumi.Input[str]] = None,
|
1400
1564
|
seal_wrap: Optional[pulumi.Input[bool]] = None,
|
1401
1565
|
skip_static_role_import_rotation: Optional[pulumi.Input[bool]] = None,
|
@@ -1430,6 +1594,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1430
1594
|
__props__.__dict__["default_lease_ttl_seconds"] = default_lease_ttl_seconds
|
1431
1595
|
__props__.__dict__["delegated_auth_accessors"] = delegated_auth_accessors
|
1432
1596
|
__props__.__dict__["description"] = description
|
1597
|
+
__props__.__dict__["disable_automated_rotation"] = disable_automated_rotation
|
1433
1598
|
__props__.__dict__["disable_remount"] = disable_remount
|
1434
1599
|
__props__.__dict__["external_entropy_access"] = external_entropy_access
|
1435
1600
|
__props__.__dict__["identity_token_key"] = identity_token_key
|
@@ -1444,6 +1609,9 @@ class SecretBackend(pulumi.CustomResource):
|
|
1444
1609
|
__props__.__dict__["path"] = path
|
1445
1610
|
__props__.__dict__["plugin_version"] = plugin_version
|
1446
1611
|
__props__.__dict__["request_timeout"] = request_timeout
|
1612
|
+
__props__.__dict__["rotation_period"] = rotation_period
|
1613
|
+
__props__.__dict__["rotation_schedule"] = rotation_schedule
|
1614
|
+
__props__.__dict__["rotation_window"] = rotation_window
|
1447
1615
|
__props__.__dict__["schema"] = schema
|
1448
1616
|
__props__.__dict__["seal_wrap"] = seal_wrap
|
1449
1617
|
__props__.__dict__["skip_static_role_import_rotation"] = skip_static_role_import_rotation
|
@@ -1479,6 +1647,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1479
1647
|
default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
1480
1648
|
delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1481
1649
|
description: Optional[pulumi.Input[str]] = None,
|
1650
|
+
disable_automated_rotation: Optional[pulumi.Input[bool]] = None,
|
1482
1651
|
disable_remount: Optional[pulumi.Input[bool]] = None,
|
1483
1652
|
external_entropy_access: Optional[pulumi.Input[bool]] = None,
|
1484
1653
|
identity_token_key: Optional[pulumi.Input[str]] = None,
|
@@ -1493,6 +1662,9 @@ class SecretBackend(pulumi.CustomResource):
|
|
1493
1662
|
path: Optional[pulumi.Input[str]] = None,
|
1494
1663
|
plugin_version: Optional[pulumi.Input[str]] = None,
|
1495
1664
|
request_timeout: Optional[pulumi.Input[int]] = None,
|
1665
|
+
rotation_period: Optional[pulumi.Input[int]] = None,
|
1666
|
+
rotation_schedule: Optional[pulumi.Input[str]] = None,
|
1667
|
+
rotation_window: Optional[pulumi.Input[int]] = None,
|
1496
1668
|
schema: Optional[pulumi.Input[str]] = None,
|
1497
1669
|
seal_wrap: Optional[pulumi.Input[bool]] = None,
|
1498
1670
|
skip_static_role_import_rotation: Optional[pulumi.Input[bool]] = None,
|
@@ -1524,6 +1696,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1524
1696
|
:param pulumi.Input[int] default_lease_ttl_seconds: Default lease duration for secrets in seconds.
|
1525
1697
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] delegated_auth_accessors: List of headers to allow and pass from the request to the plugin
|
1526
1698
|
:param pulumi.Input[str] description: Human-friendly description of the mount for the Active Directory backend.
|
1699
|
+
:param pulumi.Input[bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
1527
1700
|
:param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
|
1528
1701
|
:param pulumi.Input[bool] external_entropy_access: Enable the secrets engine to access Vault's external entropy source
|
1529
1702
|
:param pulumi.Input[str] identity_token_key: The key to use for signing plugin workload identity tokens
|
@@ -1545,6 +1718,13 @@ class SecretBackend(pulumi.CustomResource):
|
|
1545
1718
|
:param pulumi.Input[str] plugin_version: Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
|
1546
1719
|
:param pulumi.Input[int] request_timeout: Timeout, in seconds, for the connection when making requests against the server
|
1547
1720
|
before returning back an error.
|
1721
|
+
:param pulumi.Input[int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
|
1722
|
+
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
1723
|
+
:param pulumi.Input[str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
1724
|
+
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
1725
|
+
:param pulumi.Input[int] rotation_window: The maximum amount of time in seconds allowed to complete
|
1726
|
+
a rotation when a scheduled token rotation occurs. The default rotation window is
|
1727
|
+
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
|
1548
1728
|
:param pulumi.Input[str] schema: The LDAP schema to use when storing entry passwords. Valid schemas include `openldap`, `ad`, and `racf`. Default is `openldap`.
|
1549
1729
|
:param pulumi.Input[bool] seal_wrap: Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
|
1550
1730
|
:param pulumi.Input[bool] skip_static_role_import_rotation: If set to true, static roles will not be rotated during import.
|
@@ -1574,6 +1754,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1574
1754
|
__props__.__dict__["default_lease_ttl_seconds"] = default_lease_ttl_seconds
|
1575
1755
|
__props__.__dict__["delegated_auth_accessors"] = delegated_auth_accessors
|
1576
1756
|
__props__.__dict__["description"] = description
|
1757
|
+
__props__.__dict__["disable_automated_rotation"] = disable_automated_rotation
|
1577
1758
|
__props__.__dict__["disable_remount"] = disable_remount
|
1578
1759
|
__props__.__dict__["external_entropy_access"] = external_entropy_access
|
1579
1760
|
__props__.__dict__["identity_token_key"] = identity_token_key
|
@@ -1588,6 +1769,9 @@ class SecretBackend(pulumi.CustomResource):
|
|
1588
1769
|
__props__.__dict__["path"] = path
|
1589
1770
|
__props__.__dict__["plugin_version"] = plugin_version
|
1590
1771
|
__props__.__dict__["request_timeout"] = request_timeout
|
1772
|
+
__props__.__dict__["rotation_period"] = rotation_period
|
1773
|
+
__props__.__dict__["rotation_schedule"] = rotation_schedule
|
1774
|
+
__props__.__dict__["rotation_window"] = rotation_window
|
1591
1775
|
__props__.__dict__["schema"] = schema
|
1592
1776
|
__props__.__dict__["seal_wrap"] = seal_wrap
|
1593
1777
|
__props__.__dict__["skip_static_role_import_rotation"] = skip_static_role_import_rotation
|
@@ -1712,6 +1896,14 @@ class SecretBackend(pulumi.CustomResource):
|
|
1712
1896
|
"""
|
1713
1897
|
return pulumi.get(self, "description")
|
1714
1898
|
|
1899
|
+
@property
|
1900
|
+
@pulumi.getter(name="disableAutomatedRotation")
|
1901
|
+
def disable_automated_rotation(self) -> pulumi.Output[Optional[bool]]:
|
1902
|
+
"""
|
1903
|
+
Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
1904
|
+
"""
|
1905
|
+
return pulumi.get(self, "disable_automated_rotation")
|
1906
|
+
|
1715
1907
|
@property
|
1716
1908
|
@pulumi.getter(name="disableRemount")
|
1717
1909
|
def disable_remount(self) -> pulumi.Output[Optional[bool]]:
|
@@ -1831,6 +2023,34 @@ class SecretBackend(pulumi.CustomResource):
|
|
1831
2023
|
"""
|
1832
2024
|
return pulumi.get(self, "request_timeout")
|
1833
2025
|
|
2026
|
+
@property
|
2027
|
+
@pulumi.getter(name="rotationPeriod")
|
2028
|
+
def rotation_period(self) -> pulumi.Output[Optional[int]]:
|
2029
|
+
"""
|
2030
|
+
The amount of time in seconds Vault should wait before rotating the root credential.
|
2031
|
+
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
2032
|
+
"""
|
2033
|
+
return pulumi.get(self, "rotation_period")
|
2034
|
+
|
2035
|
+
@property
|
2036
|
+
@pulumi.getter(name="rotationSchedule")
|
2037
|
+
def rotation_schedule(self) -> pulumi.Output[Optional[str]]:
|
2038
|
+
"""
|
2039
|
+
The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
2040
|
+
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
2041
|
+
"""
|
2042
|
+
return pulumi.get(self, "rotation_schedule")
|
2043
|
+
|
2044
|
+
@property
|
2045
|
+
@pulumi.getter(name="rotationWindow")
|
2046
|
+
def rotation_window(self) -> pulumi.Output[Optional[int]]:
|
2047
|
+
"""
|
2048
|
+
The maximum amount of time in seconds allowed to complete
|
2049
|
+
a rotation when a scheduled token rotation occurs. The default rotation window is
|
2050
|
+
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
|
2051
|
+
"""
|
2052
|
+
return pulumi.get(self, "rotation_window")
|
2053
|
+
|
1834
2054
|
@property
|
1835
2055
|
@pulumi.getter
|
1836
2056
|
def schema(self) -> pulumi.Output[str]:
|
@@ -7,9 +7,11 @@ import typing
|
|
7
7
|
# Export this package's modules as members:
|
8
8
|
from .backend_acme_eab import *
|
9
9
|
from .backend_config_acme import *
|
10
|
+
from .backend_config_auto_tidy import *
|
10
11
|
from .backend_config_cluster import *
|
11
12
|
from .backend_config_cmpv2 import *
|
12
13
|
from .backend_config_est import *
|
14
|
+
from .get_backend_cert_metadata import *
|
13
15
|
from .get_backend_config_cmpv2 import *
|
14
16
|
from .get_backend_config_est import *
|
15
17
|
from .get_backend_issuer import *
|
@@ -118,8 +118,6 @@ if not MYPY:
|
|
118
118
|
cps: NotRequired[pulumi.Input[str]]
|
119
119
|
"""
|
120
120
|
The URL of the CPS for the policy identifier
|
121
|
-
|
122
|
-
Example usage:
|
123
121
|
"""
|
124
122
|
notice: NotRequired[pulumi.Input[str]]
|
125
123
|
"""
|
@@ -137,8 +135,6 @@ class SecretBackendRolePolicyIdentifierArgs:
|
|
137
135
|
"""
|
138
136
|
:param pulumi.Input[str] oid: The OID for the policy identifier
|
139
137
|
:param pulumi.Input[str] cps: The URL of the CPS for the policy identifier
|
140
|
-
|
141
|
-
Example usage:
|
142
138
|
:param pulumi.Input[str] notice: A notice for the policy identifier
|
143
139
|
"""
|
144
140
|
pulumi.set(__self__, "oid", oid)
|
@@ -164,8 +160,6 @@ class SecretBackendRolePolicyIdentifierArgs:
|
|
164
160
|
def cps(self) -> Optional[pulumi.Input[str]]:
|
165
161
|
"""
|
166
162
|
The URL of the CPS for the policy identifier
|
167
|
-
|
168
|
-
Example usage:
|
169
163
|
"""
|
170
164
|
return pulumi.get(self, "cps")
|
171
165
|
|
@@ -27,6 +27,7 @@ class BackendConfigAcmeArgs:
|
|
27
27
|
default_directory_policy: Optional[pulumi.Input[str]] = None,
|
28
28
|
dns_resolver: Optional[pulumi.Input[str]] = None,
|
29
29
|
eab_policy: Optional[pulumi.Input[str]] = None,
|
30
|
+
max_ttl: Optional[pulumi.Input[int]] = None,
|
30
31
|
namespace: Optional[pulumi.Input[str]] = None):
|
31
32
|
"""
|
32
33
|
The set of arguments for constructing a BackendConfigAcme resource.
|
@@ -41,6 +42,7 @@ class BackendConfigAcmeArgs:
|
|
41
42
|
Must be in the format `<host>:<port>`, with both parts mandatory.
|
42
43
|
:param pulumi.Input[str] eab_policy: Specifies the policy to use for external account binding behaviour.
|
43
44
|
Allowed values are `not-required`, `new-account-required` or `always-required`.
|
45
|
+
:param pulumi.Input[int] max_ttl: The maximum TTL in seconds for certificates issued by ACME. **Vault 1.17.0+**
|
44
46
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
45
47
|
The value should not contain leading or trailing forward slashes.
|
46
48
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
@@ -60,6 +62,8 @@ class BackendConfigAcmeArgs:
|
|
60
62
|
pulumi.set(__self__, "dns_resolver", dns_resolver)
|
61
63
|
if eab_policy is not None:
|
62
64
|
pulumi.set(__self__, "eab_policy", eab_policy)
|
65
|
+
if max_ttl is not None:
|
66
|
+
pulumi.set(__self__, "max_ttl", max_ttl)
|
63
67
|
if namespace is not None:
|
64
68
|
pulumi.set(__self__, "namespace", namespace)
|
65
69
|
|
@@ -162,6 +166,18 @@ class BackendConfigAcmeArgs:
|
|
162
166
|
def eab_policy(self, value: Optional[pulumi.Input[str]]):
|
163
167
|
pulumi.set(self, "eab_policy", value)
|
164
168
|
|
169
|
+
@property
|
170
|
+
@pulumi.getter(name="maxTtl")
|
171
|
+
def max_ttl(self) -> Optional[pulumi.Input[int]]:
|
172
|
+
"""
|
173
|
+
The maximum TTL in seconds for certificates issued by ACME. **Vault 1.17.0+**
|
174
|
+
"""
|
175
|
+
return pulumi.get(self, "max_ttl")
|
176
|
+
|
177
|
+
@max_ttl.setter
|
178
|
+
def max_ttl(self, value: Optional[pulumi.Input[int]]):
|
179
|
+
pulumi.set(self, "max_ttl", value)
|
180
|
+
|
165
181
|
@property
|
166
182
|
@pulumi.getter
|
167
183
|
def namespace(self) -> Optional[pulumi.Input[str]]:
|
@@ -189,6 +205,7 @@ class _BackendConfigAcmeState:
|
|
189
205
|
dns_resolver: Optional[pulumi.Input[str]] = None,
|
190
206
|
eab_policy: Optional[pulumi.Input[str]] = None,
|
191
207
|
enabled: Optional[pulumi.Input[bool]] = None,
|
208
|
+
max_ttl: Optional[pulumi.Input[int]] = None,
|
192
209
|
namespace: Optional[pulumi.Input[str]] = None):
|
193
210
|
"""
|
194
211
|
Input properties used for looking up and filtering BackendConfigAcme resources.
|
@@ -203,6 +220,7 @@ class _BackendConfigAcmeState:
|
|
203
220
|
:param pulumi.Input[str] eab_policy: Specifies the policy to use for external account binding behaviour.
|
204
221
|
Allowed values are `not-required`, `new-account-required` or `always-required`.
|
205
222
|
:param pulumi.Input[bool] enabled: Specifies whether ACME is enabled.
|
223
|
+
:param pulumi.Input[int] max_ttl: The maximum TTL in seconds for certificates issued by ACME. **Vault 1.17.0+**
|
206
224
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
207
225
|
The value should not contain leading or trailing forward slashes.
|
208
226
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
@@ -224,6 +242,8 @@ class _BackendConfigAcmeState:
|
|
224
242
|
pulumi.set(__self__, "eab_policy", eab_policy)
|
225
243
|
if enabled is not None:
|
226
244
|
pulumi.set(__self__, "enabled", enabled)
|
245
|
+
if max_ttl is not None:
|
246
|
+
pulumi.set(__self__, "max_ttl", max_ttl)
|
227
247
|
if namespace is not None:
|
228
248
|
pulumi.set(__self__, "namespace", namespace)
|
229
249
|
|
@@ -326,6 +346,18 @@ class _BackendConfigAcmeState:
|
|
326
346
|
def enabled(self, value: Optional[pulumi.Input[bool]]):
|
327
347
|
pulumi.set(self, "enabled", value)
|
328
348
|
|
349
|
+
@property
|
350
|
+
@pulumi.getter(name="maxTtl")
|
351
|
+
def max_ttl(self) -> Optional[pulumi.Input[int]]:
|
352
|
+
"""
|
353
|
+
The maximum TTL in seconds for certificates issued by ACME. **Vault 1.17.0+**
|
354
|
+
"""
|
355
|
+
return pulumi.get(self, "max_ttl")
|
356
|
+
|
357
|
+
@max_ttl.setter
|
358
|
+
def max_ttl(self, value: Optional[pulumi.Input[int]]):
|
359
|
+
pulumi.set(self, "max_ttl", value)
|
360
|
+
|
329
361
|
@property
|
330
362
|
@pulumi.getter
|
331
363
|
def namespace(self) -> Optional[pulumi.Input[str]]:
|
@@ -355,6 +387,7 @@ class BackendConfigAcme(pulumi.CustomResource):
|
|
355
387
|
dns_resolver: Optional[pulumi.Input[str]] = None,
|
356
388
|
eab_policy: Optional[pulumi.Input[str]] = None,
|
357
389
|
enabled: Optional[pulumi.Input[bool]] = None,
|
390
|
+
max_ttl: Optional[pulumi.Input[int]] = None,
|
358
391
|
namespace: Optional[pulumi.Input[str]] = None,
|
359
392
|
__props__=None):
|
360
393
|
"""
|
@@ -409,6 +442,7 @@ class BackendConfigAcme(pulumi.CustomResource):
|
|
409
442
|
:param pulumi.Input[str] eab_policy: Specifies the policy to use for external account binding behaviour.
|
410
443
|
Allowed values are `not-required`, `new-account-required` or `always-required`.
|
411
444
|
:param pulumi.Input[bool] enabled: Specifies whether ACME is enabled.
|
445
|
+
:param pulumi.Input[int] max_ttl: The maximum TTL in seconds for certificates issued by ACME. **Vault 1.17.0+**
|
412
446
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
413
447
|
The value should not contain leading or trailing forward slashes.
|
414
448
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
@@ -482,6 +516,7 @@ class BackendConfigAcme(pulumi.CustomResource):
|
|
482
516
|
dns_resolver: Optional[pulumi.Input[str]] = None,
|
483
517
|
eab_policy: Optional[pulumi.Input[str]] = None,
|
484
518
|
enabled: Optional[pulumi.Input[bool]] = None,
|
519
|
+
max_ttl: Optional[pulumi.Input[int]] = None,
|
485
520
|
namespace: Optional[pulumi.Input[str]] = None,
|
486
521
|
__props__=None):
|
487
522
|
opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
|
@@ -504,6 +539,7 @@ class BackendConfigAcme(pulumi.CustomResource):
|
|
504
539
|
if enabled is None and not opts.urn:
|
505
540
|
raise TypeError("Missing required property 'enabled'")
|
506
541
|
__props__.__dict__["enabled"] = enabled
|
542
|
+
__props__.__dict__["max_ttl"] = max_ttl
|
507
543
|
__props__.__dict__["namespace"] = namespace
|
508
544
|
super(BackendConfigAcme, __self__).__init__(
|
509
545
|
'vault:pkiSecret/backendConfigAcme:BackendConfigAcme',
|
@@ -523,6 +559,7 @@ class BackendConfigAcme(pulumi.CustomResource):
|
|
523
559
|
dns_resolver: Optional[pulumi.Input[str]] = None,
|
524
560
|
eab_policy: Optional[pulumi.Input[str]] = None,
|
525
561
|
enabled: Optional[pulumi.Input[bool]] = None,
|
562
|
+
max_ttl: Optional[pulumi.Input[int]] = None,
|
526
563
|
namespace: Optional[pulumi.Input[str]] = None) -> 'BackendConfigAcme':
|
527
564
|
"""
|
528
565
|
Get an existing BackendConfigAcme resource's state with the given name, id, and optional extra
|
@@ -542,6 +579,7 @@ class BackendConfigAcme(pulumi.CustomResource):
|
|
542
579
|
:param pulumi.Input[str] eab_policy: Specifies the policy to use for external account binding behaviour.
|
543
580
|
Allowed values are `not-required`, `new-account-required` or `always-required`.
|
544
581
|
:param pulumi.Input[bool] enabled: Specifies whether ACME is enabled.
|
582
|
+
:param pulumi.Input[int] max_ttl: The maximum TTL in seconds for certificates issued by ACME. **Vault 1.17.0+**
|
545
583
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
546
584
|
The value should not contain leading or trailing forward slashes.
|
547
585
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
|
@@ -559,6 +597,7 @@ class BackendConfigAcme(pulumi.CustomResource):
|
|
559
597
|
__props__.__dict__["dns_resolver"] = dns_resolver
|
560
598
|
__props__.__dict__["eab_policy"] = eab_policy
|
561
599
|
__props__.__dict__["enabled"] = enabled
|
600
|
+
__props__.__dict__["max_ttl"] = max_ttl
|
562
601
|
__props__.__dict__["namespace"] = namespace
|
563
602
|
return BackendConfigAcme(resource_name, opts=opts, __props__=__props__)
|
564
603
|
|
@@ -629,6 +668,14 @@ class BackendConfigAcme(pulumi.CustomResource):
|
|
629
668
|
"""
|
630
669
|
return pulumi.get(self, "enabled")
|
631
670
|
|
671
|
+
@property
|
672
|
+
@pulumi.getter(name="maxTtl")
|
673
|
+
def max_ttl(self) -> pulumi.Output[int]:
|
674
|
+
"""
|
675
|
+
The maximum TTL in seconds for certificates issued by ACME. **Vault 1.17.0+**
|
676
|
+
"""
|
677
|
+
return pulumi.get(self, "max_ttl")
|
678
|
+
|
632
679
|
@property
|
633
680
|
@pulumi.getter
|
634
681
|
def namespace(self) -> pulumi.Output[Optional[str]]:
|