pulumi-vault 6.6.0a1741329548__py3-none-any.whl → 6.6.0a1741836364__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +8 -0
- pulumi_vault/aws/auth_backend_client.py +228 -4
- pulumi_vault/aws/secret_backend.py +266 -50
- pulumi_vault/aws/secret_backend_static_role.py +217 -0
- pulumi_vault/azure/auth_backend_config.py +257 -5
- pulumi_vault/azure/backend.py +249 -4
- pulumi_vault/database/_inputs.py +1692 -36
- pulumi_vault/database/outputs.py +1170 -18
- pulumi_vault/database/secret_backend_connection.py +220 -0
- pulumi_vault/database/secret_backend_static_role.py +143 -1
- pulumi_vault/database/secrets_mount.py +8 -0
- pulumi_vault/gcp/auth_backend.py +222 -2
- pulumi_vault/gcp/secret_backend.py +244 -4
- pulumi_vault/ldap/auth_backend.py +222 -2
- pulumi_vault/ldap/secret_backend.py +222 -2
- pulumi_vault/pkisecret/__init__.py +2 -0
- pulumi_vault/pkisecret/_inputs.py +0 -6
- pulumi_vault/pkisecret/backend_config_acme.py +47 -0
- pulumi_vault/pkisecret/backend_config_auto_tidy.py +1376 -0
- pulumi_vault/pkisecret/backend_config_cmpv2.py +61 -14
- pulumi_vault/pkisecret/get_backend_cert_metadata.py +277 -0
- pulumi_vault/pkisecret/get_backend_config_cmpv2.py +18 -1
- pulumi_vault/pkisecret/get_backend_issuer.py +114 -1
- pulumi_vault/pkisecret/outputs.py +0 -4
- pulumi_vault/pkisecret/secret_backend_cert.py +148 -7
- pulumi_vault/pkisecret/secret_backend_crl_config.py +54 -0
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +141 -0
- pulumi_vault/pkisecret/secret_backend_issuer.py +265 -0
- pulumi_vault/pkisecret/secret_backend_role.py +252 -3
- pulumi_vault/pkisecret/secret_backend_root_cert.py +423 -0
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +581 -3
- pulumi_vault/pkisecret/secret_backend_sign.py +94 -0
- pulumi_vault/pulumi-plugin.json +1 -1
- pulumi_vault/ssh/__init__.py +1 -0
- pulumi_vault/ssh/get_secret_backend_sign.py +294 -0
- pulumi_vault/terraformcloud/secret_role.py +7 -7
- pulumi_vault/transit/__init__.py +2 -0
- pulumi_vault/transit/get_sign.py +324 -0
- pulumi_vault/transit/get_verify.py +354 -0
- pulumi_vault/transit/secret_backend_key.py +162 -0
- {pulumi_vault-6.6.0a1741329548.dist-info → pulumi_vault-6.6.0a1741836364.dist-info}/METADATA +1 -1
- {pulumi_vault-6.6.0a1741329548.dist-info → pulumi_vault-6.6.0a1741836364.dist-info}/RECORD +44 -39
- {pulumi_vault-6.6.0a1741329548.dist-info → pulumi_vault-6.6.0a1741836364.dist-info}/WHEEL +1 -1
- {pulumi_vault-6.6.0a1741329548.dist-info → pulumi_vault-6.6.0a1741836364.dist-info}/top_level.txt +0 -0
@@ -24,10 +24,14 @@ class AuthBackendConfigArgs:
|
|
24
24
|
backend: Optional[pulumi.Input[str]] = None,
|
25
25
|
client_id: Optional[pulumi.Input[str]] = None,
|
26
26
|
client_secret: Optional[pulumi.Input[str]] = None,
|
27
|
+
disable_automated_rotation: Optional[pulumi.Input[bool]] = None,
|
27
28
|
environment: Optional[pulumi.Input[str]] = None,
|
28
29
|
identity_token_audience: Optional[pulumi.Input[str]] = None,
|
29
30
|
identity_token_ttl: Optional[pulumi.Input[int]] = None,
|
30
|
-
namespace: Optional[pulumi.Input[str]] = None
|
31
|
+
namespace: Optional[pulumi.Input[str]] = None,
|
32
|
+
rotation_period: Optional[pulumi.Input[int]] = None,
|
33
|
+
rotation_schedule: Optional[pulumi.Input[str]] = None,
|
34
|
+
rotation_window: Optional[pulumi.Input[int]] = None):
|
31
35
|
"""
|
32
36
|
The set of arguments for constructing a AuthBackendConfig resource.
|
33
37
|
:param pulumi.Input[str] resource: The configured URL for the application registered in
|
@@ -40,6 +44,8 @@ class AuthBackendConfigArgs:
|
|
40
44
|
Currently read permissions to query compute resources are required.
|
41
45
|
:param pulumi.Input[str] client_secret: The client secret for credentials to query the
|
42
46
|
Azure APIs.
|
47
|
+
:param pulumi.Input[bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
48
|
+
*Available only for Vault Enterprise*
|
43
49
|
:param pulumi.Input[str] environment: The Azure cloud environment. Valid values:
|
44
50
|
AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud,
|
45
51
|
AzureGermanCloud. Defaults to `AzurePublicCloud`.
|
@@ -50,6 +56,16 @@ class AuthBackendConfigArgs:
|
|
50
56
|
The value should not contain leading or trailing forward slashes.
|
51
57
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
52
58
|
*Available only for Vault Enterprise*.
|
59
|
+
:param pulumi.Input[int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
|
60
|
+
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
61
|
+
*Available only for Vault Enterprise*
|
62
|
+
:param pulumi.Input[str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
63
|
+
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
64
|
+
*Available only for Vault Enterprise*
|
65
|
+
:param pulumi.Input[int] rotation_window: The maximum amount of time in seconds allowed to complete
|
66
|
+
a rotation when a scheduled token rotation occurs. The default rotation window is
|
67
|
+
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
|
68
|
+
*Available only for Vault Enterprise*
|
53
69
|
"""
|
54
70
|
pulumi.set(__self__, "resource", resource)
|
55
71
|
pulumi.set(__self__, "tenant_id", tenant_id)
|
@@ -59,6 +75,8 @@ class AuthBackendConfigArgs:
|
|
59
75
|
pulumi.set(__self__, "client_id", client_id)
|
60
76
|
if client_secret is not None:
|
61
77
|
pulumi.set(__self__, "client_secret", client_secret)
|
78
|
+
if disable_automated_rotation is not None:
|
79
|
+
pulumi.set(__self__, "disable_automated_rotation", disable_automated_rotation)
|
62
80
|
if environment is not None:
|
63
81
|
pulumi.set(__self__, "environment", environment)
|
64
82
|
if identity_token_audience is not None:
|
@@ -67,6 +85,12 @@ class AuthBackendConfigArgs:
|
|
67
85
|
pulumi.set(__self__, "identity_token_ttl", identity_token_ttl)
|
68
86
|
if namespace is not None:
|
69
87
|
pulumi.set(__self__, "namespace", namespace)
|
88
|
+
if rotation_period is not None:
|
89
|
+
pulumi.set(__self__, "rotation_period", rotation_period)
|
90
|
+
if rotation_schedule is not None:
|
91
|
+
pulumi.set(__self__, "rotation_schedule", rotation_schedule)
|
92
|
+
if rotation_window is not None:
|
93
|
+
pulumi.set(__self__, "rotation_window", rotation_window)
|
70
94
|
|
71
95
|
@property
|
72
96
|
@pulumi.getter
|
@@ -133,6 +157,19 @@ class AuthBackendConfigArgs:
|
|
133
157
|
def client_secret(self, value: Optional[pulumi.Input[str]]):
|
134
158
|
pulumi.set(self, "client_secret", value)
|
135
159
|
|
160
|
+
@property
|
161
|
+
@pulumi.getter(name="disableAutomatedRotation")
|
162
|
+
def disable_automated_rotation(self) -> Optional[pulumi.Input[bool]]:
|
163
|
+
"""
|
164
|
+
Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
165
|
+
*Available only for Vault Enterprise*
|
166
|
+
"""
|
167
|
+
return pulumi.get(self, "disable_automated_rotation")
|
168
|
+
|
169
|
+
@disable_automated_rotation.setter
|
170
|
+
def disable_automated_rotation(self, value: Optional[pulumi.Input[bool]]):
|
171
|
+
pulumi.set(self, "disable_automated_rotation", value)
|
172
|
+
|
136
173
|
@property
|
137
174
|
@pulumi.getter
|
138
175
|
def environment(self) -> Optional[pulumi.Input[str]]:
|
@@ -187,6 +224,49 @@ class AuthBackendConfigArgs:
|
|
187
224
|
def namespace(self, value: Optional[pulumi.Input[str]]):
|
188
225
|
pulumi.set(self, "namespace", value)
|
189
226
|
|
227
|
+
@property
|
228
|
+
@pulumi.getter(name="rotationPeriod")
|
229
|
+
def rotation_period(self) -> Optional[pulumi.Input[int]]:
|
230
|
+
"""
|
231
|
+
The amount of time in seconds Vault should wait before rotating the root credential.
|
232
|
+
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
233
|
+
*Available only for Vault Enterprise*
|
234
|
+
"""
|
235
|
+
return pulumi.get(self, "rotation_period")
|
236
|
+
|
237
|
+
@rotation_period.setter
|
238
|
+
def rotation_period(self, value: Optional[pulumi.Input[int]]):
|
239
|
+
pulumi.set(self, "rotation_period", value)
|
240
|
+
|
241
|
+
@property
|
242
|
+
@pulumi.getter(name="rotationSchedule")
|
243
|
+
def rotation_schedule(self) -> Optional[pulumi.Input[str]]:
|
244
|
+
"""
|
245
|
+
The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
246
|
+
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
247
|
+
*Available only for Vault Enterprise*
|
248
|
+
"""
|
249
|
+
return pulumi.get(self, "rotation_schedule")
|
250
|
+
|
251
|
+
@rotation_schedule.setter
|
252
|
+
def rotation_schedule(self, value: Optional[pulumi.Input[str]]):
|
253
|
+
pulumi.set(self, "rotation_schedule", value)
|
254
|
+
|
255
|
+
@property
|
256
|
+
@pulumi.getter(name="rotationWindow")
|
257
|
+
def rotation_window(self) -> Optional[pulumi.Input[int]]:
|
258
|
+
"""
|
259
|
+
The maximum amount of time in seconds allowed to complete
|
260
|
+
a rotation when a scheduled token rotation occurs. The default rotation window is
|
261
|
+
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
|
262
|
+
*Available only for Vault Enterprise*
|
263
|
+
"""
|
264
|
+
return pulumi.get(self, "rotation_window")
|
265
|
+
|
266
|
+
@rotation_window.setter
|
267
|
+
def rotation_window(self, value: Optional[pulumi.Input[int]]):
|
268
|
+
pulumi.set(self, "rotation_window", value)
|
269
|
+
|
190
270
|
|
191
271
|
@pulumi.input_type
|
192
272
|
class _AuthBackendConfigState:
|
@@ -194,11 +274,15 @@ class _AuthBackendConfigState:
|
|
194
274
|
backend: Optional[pulumi.Input[str]] = None,
|
195
275
|
client_id: Optional[pulumi.Input[str]] = None,
|
196
276
|
client_secret: Optional[pulumi.Input[str]] = None,
|
277
|
+
disable_automated_rotation: Optional[pulumi.Input[bool]] = None,
|
197
278
|
environment: Optional[pulumi.Input[str]] = None,
|
198
279
|
identity_token_audience: Optional[pulumi.Input[str]] = None,
|
199
280
|
identity_token_ttl: Optional[pulumi.Input[int]] = None,
|
200
281
|
namespace: Optional[pulumi.Input[str]] = None,
|
201
282
|
resource: Optional[pulumi.Input[str]] = None,
|
283
|
+
rotation_period: Optional[pulumi.Input[int]] = None,
|
284
|
+
rotation_schedule: Optional[pulumi.Input[str]] = None,
|
285
|
+
rotation_window: Optional[pulumi.Input[int]] = None,
|
202
286
|
tenant_id: Optional[pulumi.Input[str]] = None):
|
203
287
|
"""
|
204
288
|
Input properties used for looking up and filtering AuthBackendConfig resources.
|
@@ -208,6 +292,8 @@ class _AuthBackendConfigState:
|
|
208
292
|
Currently read permissions to query compute resources are required.
|
209
293
|
:param pulumi.Input[str] client_secret: The client secret for credentials to query the
|
210
294
|
Azure APIs.
|
295
|
+
:param pulumi.Input[bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
296
|
+
*Available only for Vault Enterprise*
|
211
297
|
:param pulumi.Input[str] environment: The Azure cloud environment. Valid values:
|
212
298
|
AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud,
|
213
299
|
AzureGermanCloud. Defaults to `AzurePublicCloud`.
|
@@ -220,6 +306,16 @@ class _AuthBackendConfigState:
|
|
220
306
|
*Available only for Vault Enterprise*.
|
221
307
|
:param pulumi.Input[str] resource: The configured URL for the application registered in
|
222
308
|
Azure Active Directory.
|
309
|
+
:param pulumi.Input[int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
|
310
|
+
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
311
|
+
*Available only for Vault Enterprise*
|
312
|
+
:param pulumi.Input[str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
313
|
+
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
314
|
+
*Available only for Vault Enterprise*
|
315
|
+
:param pulumi.Input[int] rotation_window: The maximum amount of time in seconds allowed to complete
|
316
|
+
a rotation when a scheduled token rotation occurs. The default rotation window is
|
317
|
+
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
|
318
|
+
*Available only for Vault Enterprise*
|
223
319
|
:param pulumi.Input[str] tenant_id: The tenant id for the Azure Active Directory
|
224
320
|
organization.
|
225
321
|
"""
|
@@ -229,6 +325,8 @@ class _AuthBackendConfigState:
|
|
229
325
|
pulumi.set(__self__, "client_id", client_id)
|
230
326
|
if client_secret is not None:
|
231
327
|
pulumi.set(__self__, "client_secret", client_secret)
|
328
|
+
if disable_automated_rotation is not None:
|
329
|
+
pulumi.set(__self__, "disable_automated_rotation", disable_automated_rotation)
|
232
330
|
if environment is not None:
|
233
331
|
pulumi.set(__self__, "environment", environment)
|
234
332
|
if identity_token_audience is not None:
|
@@ -239,6 +337,12 @@ class _AuthBackendConfigState:
|
|
239
337
|
pulumi.set(__self__, "namespace", namespace)
|
240
338
|
if resource is not None:
|
241
339
|
pulumi.set(__self__, "resource", resource)
|
340
|
+
if rotation_period is not None:
|
341
|
+
pulumi.set(__self__, "rotation_period", rotation_period)
|
342
|
+
if rotation_schedule is not None:
|
343
|
+
pulumi.set(__self__, "rotation_schedule", rotation_schedule)
|
344
|
+
if rotation_window is not None:
|
345
|
+
pulumi.set(__self__, "rotation_window", rotation_window)
|
242
346
|
if tenant_id is not None:
|
243
347
|
pulumi.set(__self__, "tenant_id", tenant_id)
|
244
348
|
|
@@ -281,6 +385,19 @@ class _AuthBackendConfigState:
|
|
281
385
|
def client_secret(self, value: Optional[pulumi.Input[str]]):
|
282
386
|
pulumi.set(self, "client_secret", value)
|
283
387
|
|
388
|
+
@property
|
389
|
+
@pulumi.getter(name="disableAutomatedRotation")
|
390
|
+
def disable_automated_rotation(self) -> Optional[pulumi.Input[bool]]:
|
391
|
+
"""
|
392
|
+
Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
393
|
+
*Available only for Vault Enterprise*
|
394
|
+
"""
|
395
|
+
return pulumi.get(self, "disable_automated_rotation")
|
396
|
+
|
397
|
+
@disable_automated_rotation.setter
|
398
|
+
def disable_automated_rotation(self, value: Optional[pulumi.Input[bool]]):
|
399
|
+
pulumi.set(self, "disable_automated_rotation", value)
|
400
|
+
|
284
401
|
@property
|
285
402
|
@pulumi.getter
|
286
403
|
def environment(self) -> Optional[pulumi.Input[str]]:
|
@@ -348,6 +465,49 @@ class _AuthBackendConfigState:
|
|
348
465
|
def resource(self, value: Optional[pulumi.Input[str]]):
|
349
466
|
pulumi.set(self, "resource", value)
|
350
467
|
|
468
|
+
@property
|
469
|
+
@pulumi.getter(name="rotationPeriod")
|
470
|
+
def rotation_period(self) -> Optional[pulumi.Input[int]]:
|
471
|
+
"""
|
472
|
+
The amount of time in seconds Vault should wait before rotating the root credential.
|
473
|
+
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
474
|
+
*Available only for Vault Enterprise*
|
475
|
+
"""
|
476
|
+
return pulumi.get(self, "rotation_period")
|
477
|
+
|
478
|
+
@rotation_period.setter
|
479
|
+
def rotation_period(self, value: Optional[pulumi.Input[int]]):
|
480
|
+
pulumi.set(self, "rotation_period", value)
|
481
|
+
|
482
|
+
@property
|
483
|
+
@pulumi.getter(name="rotationSchedule")
|
484
|
+
def rotation_schedule(self) -> Optional[pulumi.Input[str]]:
|
485
|
+
"""
|
486
|
+
The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
487
|
+
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
488
|
+
*Available only for Vault Enterprise*
|
489
|
+
"""
|
490
|
+
return pulumi.get(self, "rotation_schedule")
|
491
|
+
|
492
|
+
@rotation_schedule.setter
|
493
|
+
def rotation_schedule(self, value: Optional[pulumi.Input[str]]):
|
494
|
+
pulumi.set(self, "rotation_schedule", value)
|
495
|
+
|
496
|
+
@property
|
497
|
+
@pulumi.getter(name="rotationWindow")
|
498
|
+
def rotation_window(self) -> Optional[pulumi.Input[int]]:
|
499
|
+
"""
|
500
|
+
The maximum amount of time in seconds allowed to complete
|
501
|
+
a rotation when a scheduled token rotation occurs. The default rotation window is
|
502
|
+
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
|
503
|
+
*Available only for Vault Enterprise*
|
504
|
+
"""
|
505
|
+
return pulumi.get(self, "rotation_window")
|
506
|
+
|
507
|
+
@rotation_window.setter
|
508
|
+
def rotation_window(self, value: Optional[pulumi.Input[int]]):
|
509
|
+
pulumi.set(self, "rotation_window", value)
|
510
|
+
|
351
511
|
@property
|
352
512
|
@pulumi.getter(name="tenantId")
|
353
513
|
def tenant_id(self) -> Optional[pulumi.Input[str]]:
|
@@ -370,11 +530,15 @@ class AuthBackendConfig(pulumi.CustomResource):
|
|
370
530
|
backend: Optional[pulumi.Input[str]] = None,
|
371
531
|
client_id: Optional[pulumi.Input[str]] = None,
|
372
532
|
client_secret: Optional[pulumi.Input[str]] = None,
|
533
|
+
disable_automated_rotation: Optional[pulumi.Input[bool]] = None,
|
373
534
|
environment: Optional[pulumi.Input[str]] = None,
|
374
535
|
identity_token_audience: Optional[pulumi.Input[str]] = None,
|
375
536
|
identity_token_ttl: Optional[pulumi.Input[int]] = None,
|
376
537
|
namespace: Optional[pulumi.Input[str]] = None,
|
377
538
|
resource: Optional[pulumi.Input[str]] = None,
|
539
|
+
rotation_period: Optional[pulumi.Input[int]] = None,
|
540
|
+
rotation_schedule: Optional[pulumi.Input[str]] = None,
|
541
|
+
rotation_window: Optional[pulumi.Input[int]] = None,
|
378
542
|
tenant_id: Optional[pulumi.Input[str]] = None,
|
379
543
|
__props__=None):
|
380
544
|
"""
|
@@ -393,7 +557,9 @@ class AuthBackendConfig(pulumi.CustomResource):
|
|
393
557
|
tenant_id="11111111-2222-3333-4444-555555555555",
|
394
558
|
client_id="11111111-2222-3333-4444-555555555555",
|
395
559
|
identity_token_audience="<TOKEN_AUDIENCE>",
|
396
|
-
identity_token_ttl="<TOKEN_TTL>"
|
560
|
+
identity_token_ttl="<TOKEN_TTL>",
|
561
|
+
rotation_schedule="0 * * * SAT",
|
562
|
+
rotation_window=3600)
|
397
563
|
```
|
398
564
|
|
399
565
|
```python
|
@@ -406,7 +572,9 @@ class AuthBackendConfig(pulumi.CustomResource):
|
|
406
572
|
tenant_id="11111111-2222-3333-4444-555555555555",
|
407
573
|
client_id="11111111-2222-3333-4444-555555555555",
|
408
574
|
client_secret="01234567890123456789",
|
409
|
-
resource="https://vault.hashicorp.com"
|
575
|
+
resource="https://vault.hashicorp.com",
|
576
|
+
rotation_schedule="0 * * * SAT",
|
577
|
+
rotation_window=3600)
|
410
578
|
```
|
411
579
|
|
412
580
|
## Import
|
@@ -425,6 +593,8 @@ class AuthBackendConfig(pulumi.CustomResource):
|
|
425
593
|
Currently read permissions to query compute resources are required.
|
426
594
|
:param pulumi.Input[str] client_secret: The client secret for credentials to query the
|
427
595
|
Azure APIs.
|
596
|
+
:param pulumi.Input[bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
597
|
+
*Available only for Vault Enterprise*
|
428
598
|
:param pulumi.Input[str] environment: The Azure cloud environment. Valid values:
|
429
599
|
AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud,
|
430
600
|
AzureGermanCloud. Defaults to `AzurePublicCloud`.
|
@@ -437,6 +607,16 @@ class AuthBackendConfig(pulumi.CustomResource):
|
|
437
607
|
*Available only for Vault Enterprise*.
|
438
608
|
:param pulumi.Input[str] resource: The configured URL for the application registered in
|
439
609
|
Azure Active Directory.
|
610
|
+
:param pulumi.Input[int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
|
611
|
+
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
612
|
+
*Available only for Vault Enterprise*
|
613
|
+
:param pulumi.Input[str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
614
|
+
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
615
|
+
*Available only for Vault Enterprise*
|
616
|
+
:param pulumi.Input[int] rotation_window: The maximum amount of time in seconds allowed to complete
|
617
|
+
a rotation when a scheduled token rotation occurs. The default rotation window is
|
618
|
+
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
|
619
|
+
*Available only for Vault Enterprise*
|
440
620
|
:param pulumi.Input[str] tenant_id: The tenant id for the Azure Active Directory
|
441
621
|
organization.
|
442
622
|
"""
|
@@ -462,7 +642,9 @@ class AuthBackendConfig(pulumi.CustomResource):
|
|
462
642
|
tenant_id="11111111-2222-3333-4444-555555555555",
|
463
643
|
client_id="11111111-2222-3333-4444-555555555555",
|
464
644
|
identity_token_audience="<TOKEN_AUDIENCE>",
|
465
|
-
identity_token_ttl="<TOKEN_TTL>"
|
645
|
+
identity_token_ttl="<TOKEN_TTL>",
|
646
|
+
rotation_schedule="0 * * * SAT",
|
647
|
+
rotation_window=3600)
|
466
648
|
```
|
467
649
|
|
468
650
|
```python
|
@@ -475,7 +657,9 @@ class AuthBackendConfig(pulumi.CustomResource):
|
|
475
657
|
tenant_id="11111111-2222-3333-4444-555555555555",
|
476
658
|
client_id="11111111-2222-3333-4444-555555555555",
|
477
659
|
client_secret="01234567890123456789",
|
478
|
-
resource="https://vault.hashicorp.com"
|
660
|
+
resource="https://vault.hashicorp.com",
|
661
|
+
rotation_schedule="0 * * * SAT",
|
662
|
+
rotation_window=3600)
|
479
663
|
```
|
480
664
|
|
481
665
|
## Import
|
@@ -504,11 +688,15 @@ class AuthBackendConfig(pulumi.CustomResource):
|
|
504
688
|
backend: Optional[pulumi.Input[str]] = None,
|
505
689
|
client_id: Optional[pulumi.Input[str]] = None,
|
506
690
|
client_secret: Optional[pulumi.Input[str]] = None,
|
691
|
+
disable_automated_rotation: Optional[pulumi.Input[bool]] = None,
|
507
692
|
environment: Optional[pulumi.Input[str]] = None,
|
508
693
|
identity_token_audience: Optional[pulumi.Input[str]] = None,
|
509
694
|
identity_token_ttl: Optional[pulumi.Input[int]] = None,
|
510
695
|
namespace: Optional[pulumi.Input[str]] = None,
|
511
696
|
resource: Optional[pulumi.Input[str]] = None,
|
697
|
+
rotation_period: Optional[pulumi.Input[int]] = None,
|
698
|
+
rotation_schedule: Optional[pulumi.Input[str]] = None,
|
699
|
+
rotation_window: Optional[pulumi.Input[int]] = None,
|
512
700
|
tenant_id: Optional[pulumi.Input[str]] = None,
|
513
701
|
__props__=None):
|
514
702
|
opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
|
@@ -522,6 +710,7 @@ class AuthBackendConfig(pulumi.CustomResource):
|
|
522
710
|
__props__.__dict__["backend"] = backend
|
523
711
|
__props__.__dict__["client_id"] = None if client_id is None else pulumi.Output.secret(client_id)
|
524
712
|
__props__.__dict__["client_secret"] = None if client_secret is None else pulumi.Output.secret(client_secret)
|
713
|
+
__props__.__dict__["disable_automated_rotation"] = disable_automated_rotation
|
525
714
|
__props__.__dict__["environment"] = environment
|
526
715
|
__props__.__dict__["identity_token_audience"] = identity_token_audience
|
527
716
|
__props__.__dict__["identity_token_ttl"] = identity_token_ttl
|
@@ -529,6 +718,9 @@ class AuthBackendConfig(pulumi.CustomResource):
|
|
529
718
|
if resource is None and not opts.urn:
|
530
719
|
raise TypeError("Missing required property 'resource'")
|
531
720
|
__props__.__dict__["resource"] = resource
|
721
|
+
__props__.__dict__["rotation_period"] = rotation_period
|
722
|
+
__props__.__dict__["rotation_schedule"] = rotation_schedule
|
723
|
+
__props__.__dict__["rotation_window"] = rotation_window
|
532
724
|
if tenant_id is None and not opts.urn:
|
533
725
|
raise TypeError("Missing required property 'tenant_id'")
|
534
726
|
__props__.__dict__["tenant_id"] = None if tenant_id is None else pulumi.Output.secret(tenant_id)
|
@@ -547,11 +739,15 @@ class AuthBackendConfig(pulumi.CustomResource):
|
|
547
739
|
backend: Optional[pulumi.Input[str]] = None,
|
548
740
|
client_id: Optional[pulumi.Input[str]] = None,
|
549
741
|
client_secret: Optional[pulumi.Input[str]] = None,
|
742
|
+
disable_automated_rotation: Optional[pulumi.Input[bool]] = None,
|
550
743
|
environment: Optional[pulumi.Input[str]] = None,
|
551
744
|
identity_token_audience: Optional[pulumi.Input[str]] = None,
|
552
745
|
identity_token_ttl: Optional[pulumi.Input[int]] = None,
|
553
746
|
namespace: Optional[pulumi.Input[str]] = None,
|
554
747
|
resource: Optional[pulumi.Input[str]] = None,
|
748
|
+
rotation_period: Optional[pulumi.Input[int]] = None,
|
749
|
+
rotation_schedule: Optional[pulumi.Input[str]] = None,
|
750
|
+
rotation_window: Optional[pulumi.Input[int]] = None,
|
555
751
|
tenant_id: Optional[pulumi.Input[str]] = None) -> 'AuthBackendConfig':
|
556
752
|
"""
|
557
753
|
Get an existing AuthBackendConfig resource's state with the given name, id, and optional extra
|
@@ -566,6 +762,8 @@ class AuthBackendConfig(pulumi.CustomResource):
|
|
566
762
|
Currently read permissions to query compute resources are required.
|
567
763
|
:param pulumi.Input[str] client_secret: The client secret for credentials to query the
|
568
764
|
Azure APIs.
|
765
|
+
:param pulumi.Input[bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
766
|
+
*Available only for Vault Enterprise*
|
569
767
|
:param pulumi.Input[str] environment: The Azure cloud environment. Valid values:
|
570
768
|
AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud,
|
571
769
|
AzureGermanCloud. Defaults to `AzurePublicCloud`.
|
@@ -578,6 +776,16 @@ class AuthBackendConfig(pulumi.CustomResource):
|
|
578
776
|
*Available only for Vault Enterprise*.
|
579
777
|
:param pulumi.Input[str] resource: The configured URL for the application registered in
|
580
778
|
Azure Active Directory.
|
779
|
+
:param pulumi.Input[int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
|
780
|
+
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
781
|
+
*Available only for Vault Enterprise*
|
782
|
+
:param pulumi.Input[str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
783
|
+
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
784
|
+
*Available only for Vault Enterprise*
|
785
|
+
:param pulumi.Input[int] rotation_window: The maximum amount of time in seconds allowed to complete
|
786
|
+
a rotation when a scheduled token rotation occurs. The default rotation window is
|
787
|
+
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
|
788
|
+
*Available only for Vault Enterprise*
|
581
789
|
:param pulumi.Input[str] tenant_id: The tenant id for the Azure Active Directory
|
582
790
|
organization.
|
583
791
|
"""
|
@@ -588,11 +796,15 @@ class AuthBackendConfig(pulumi.CustomResource):
|
|
588
796
|
__props__.__dict__["backend"] = backend
|
589
797
|
__props__.__dict__["client_id"] = client_id
|
590
798
|
__props__.__dict__["client_secret"] = client_secret
|
799
|
+
__props__.__dict__["disable_automated_rotation"] = disable_automated_rotation
|
591
800
|
__props__.__dict__["environment"] = environment
|
592
801
|
__props__.__dict__["identity_token_audience"] = identity_token_audience
|
593
802
|
__props__.__dict__["identity_token_ttl"] = identity_token_ttl
|
594
803
|
__props__.__dict__["namespace"] = namespace
|
595
804
|
__props__.__dict__["resource"] = resource
|
805
|
+
__props__.__dict__["rotation_period"] = rotation_period
|
806
|
+
__props__.__dict__["rotation_schedule"] = rotation_schedule
|
807
|
+
__props__.__dict__["rotation_window"] = rotation_window
|
596
808
|
__props__.__dict__["tenant_id"] = tenant_id
|
597
809
|
return AuthBackendConfig(resource_name, opts=opts, __props__=__props__)
|
598
810
|
|
@@ -623,6 +835,15 @@ class AuthBackendConfig(pulumi.CustomResource):
|
|
623
835
|
"""
|
624
836
|
return pulumi.get(self, "client_secret")
|
625
837
|
|
838
|
+
@property
|
839
|
+
@pulumi.getter(name="disableAutomatedRotation")
|
840
|
+
def disable_automated_rotation(self) -> pulumi.Output[Optional[bool]]:
|
841
|
+
"""
|
842
|
+
Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
843
|
+
*Available only for Vault Enterprise*
|
844
|
+
"""
|
845
|
+
return pulumi.get(self, "disable_automated_rotation")
|
846
|
+
|
626
847
|
@property
|
627
848
|
@pulumi.getter
|
628
849
|
def environment(self) -> pulumi.Output[Optional[str]]:
|
@@ -670,6 +891,37 @@ class AuthBackendConfig(pulumi.CustomResource):
|
|
670
891
|
"""
|
671
892
|
return pulumi.get(self, "resource")
|
672
893
|
|
894
|
+
@property
|
895
|
+
@pulumi.getter(name="rotationPeriod")
|
896
|
+
def rotation_period(self) -> pulumi.Output[Optional[int]]:
|
897
|
+
"""
|
898
|
+
The amount of time in seconds Vault should wait before rotating the root credential.
|
899
|
+
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
900
|
+
*Available only for Vault Enterprise*
|
901
|
+
"""
|
902
|
+
return pulumi.get(self, "rotation_period")
|
903
|
+
|
904
|
+
@property
|
905
|
+
@pulumi.getter(name="rotationSchedule")
|
906
|
+
def rotation_schedule(self) -> pulumi.Output[Optional[str]]:
|
907
|
+
"""
|
908
|
+
The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
909
|
+
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
910
|
+
*Available only for Vault Enterprise*
|
911
|
+
"""
|
912
|
+
return pulumi.get(self, "rotation_schedule")
|
913
|
+
|
914
|
+
@property
|
915
|
+
@pulumi.getter(name="rotationWindow")
|
916
|
+
def rotation_window(self) -> pulumi.Output[Optional[int]]:
|
917
|
+
"""
|
918
|
+
The maximum amount of time in seconds allowed to complete
|
919
|
+
a rotation when a scheduled token rotation occurs. The default rotation window is
|
920
|
+
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
|
921
|
+
*Available only for Vault Enterprise*
|
922
|
+
"""
|
923
|
+
return pulumi.get(self, "rotation_window")
|
924
|
+
|
673
925
|
@property
|
674
926
|
@pulumi.getter(name="tenantId")
|
675
927
|
def tenant_id(self) -> pulumi.Output[str]:
|