pulumi-vault 6.6.0a1741415971__py3-none-any.whl → 6.6.0a1741836364__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +8 -0
- pulumi_vault/aws/auth_backend_client.py +228 -4
- pulumi_vault/aws/secret_backend.py +266 -50
- pulumi_vault/aws/secret_backend_static_role.py +217 -0
- pulumi_vault/azure/auth_backend_config.py +257 -5
- pulumi_vault/azure/backend.py +249 -4
- pulumi_vault/database/_inputs.py +1692 -36
- pulumi_vault/database/outputs.py +1170 -18
- pulumi_vault/database/secret_backend_connection.py +220 -0
- pulumi_vault/database/secret_backend_static_role.py +143 -1
- pulumi_vault/database/secrets_mount.py +8 -0
- pulumi_vault/gcp/auth_backend.py +222 -2
- pulumi_vault/gcp/secret_backend.py +244 -4
- pulumi_vault/ldap/auth_backend.py +222 -2
- pulumi_vault/ldap/secret_backend.py +222 -2
- pulumi_vault/pkisecret/__init__.py +2 -0
- pulumi_vault/pkisecret/_inputs.py +0 -6
- pulumi_vault/pkisecret/backend_config_acme.py +47 -0
- pulumi_vault/pkisecret/backend_config_auto_tidy.py +1376 -0
- pulumi_vault/pkisecret/backend_config_cmpv2.py +61 -14
- pulumi_vault/pkisecret/get_backend_cert_metadata.py +277 -0
- pulumi_vault/pkisecret/get_backend_config_cmpv2.py +18 -1
- pulumi_vault/pkisecret/get_backend_issuer.py +114 -1
- pulumi_vault/pkisecret/outputs.py +0 -4
- pulumi_vault/pkisecret/secret_backend_cert.py +148 -7
- pulumi_vault/pkisecret/secret_backend_crl_config.py +54 -0
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +141 -0
- pulumi_vault/pkisecret/secret_backend_issuer.py +265 -0
- pulumi_vault/pkisecret/secret_backend_role.py +252 -3
- pulumi_vault/pkisecret/secret_backend_root_cert.py +423 -0
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +581 -3
- pulumi_vault/pkisecret/secret_backend_sign.py +94 -0
- pulumi_vault/pulumi-plugin.json +1 -1
- pulumi_vault/ssh/__init__.py +1 -0
- pulumi_vault/ssh/get_secret_backend_sign.py +294 -0
- pulumi_vault/terraformcloud/secret_role.py +7 -7
- pulumi_vault/transit/__init__.py +2 -0
- pulumi_vault/transit/get_sign.py +324 -0
- pulumi_vault/transit/get_verify.py +354 -0
- pulumi_vault/transit/secret_backend_key.py +162 -0
- {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.6.0a1741836364.dist-info}/METADATA +1 -1
- {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.6.0a1741836364.dist-info}/RECORD +44 -39
- {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.6.0a1741836364.dist-info}/WHEEL +1 -1
- {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.6.0a1741836364.dist-info}/top_level.txt +0 -0
pulumi_vault/gcp/auth_backend.py
CHANGED
@@ -26,6 +26,7 @@ class AuthBackendArgs:
|
|
26
26
|
credentials: Optional[pulumi.Input[str]] = None,
|
27
27
|
custom_endpoint: Optional[pulumi.Input['AuthBackendCustomEndpointArgs']] = None,
|
28
28
|
description: Optional[pulumi.Input[str]] = None,
|
29
|
+
disable_automated_rotation: Optional[pulumi.Input[bool]] = None,
|
29
30
|
disable_remount: Optional[pulumi.Input[bool]] = None,
|
30
31
|
identity_token_audience: Optional[pulumi.Input[str]] = None,
|
31
32
|
identity_token_key: Optional[pulumi.Input[str]] = None,
|
@@ -35,6 +36,9 @@ class AuthBackendArgs:
|
|
35
36
|
path: Optional[pulumi.Input[str]] = None,
|
36
37
|
private_key_id: Optional[pulumi.Input[str]] = None,
|
37
38
|
project_id: Optional[pulumi.Input[str]] = None,
|
39
|
+
rotation_period: Optional[pulumi.Input[int]] = None,
|
40
|
+
rotation_schedule: Optional[pulumi.Input[str]] = None,
|
41
|
+
rotation_window: Optional[pulumi.Input[int]] = None,
|
38
42
|
service_account_email: Optional[pulumi.Input[str]] = None,
|
39
43
|
tune: Optional[pulumi.Input['AuthBackendTuneArgs']] = None):
|
40
44
|
"""
|
@@ -50,6 +54,7 @@ class AuthBackendArgs:
|
|
50
54
|
|
51
55
|
Overrides are set at the subdomain level using the following keys:
|
52
56
|
:param pulumi.Input[str] description: A description of the auth method.
|
57
|
+
:param pulumi.Input[bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
53
58
|
:param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
|
54
59
|
See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
|
55
60
|
:param pulumi.Input[str] identity_token_audience: The audience claim value for plugin identity
|
@@ -66,6 +71,13 @@ class AuthBackendArgs:
|
|
66
71
|
:param pulumi.Input[str] path: The path to mount the auth method — this defaults to 'gcp'.
|
67
72
|
:param pulumi.Input[str] private_key_id: The ID of the private key from the credentials
|
68
73
|
:param pulumi.Input[str] project_id: The GCP Project ID
|
74
|
+
:param pulumi.Input[int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
|
75
|
+
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
76
|
+
:param pulumi.Input[str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
77
|
+
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
78
|
+
:param pulumi.Input[int] rotation_window: The maximum amount of time in seconds allowed to complete
|
79
|
+
a rotation when a scheduled token rotation occurs. The default rotation window is
|
80
|
+
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
|
69
81
|
:param pulumi.Input[str] service_account_email: Service Account to impersonate for plugin workload identity federation.
|
70
82
|
Required with `identity_token_audience`. Requires Vault 1.17+. *Available only for Vault Enterprise*.
|
71
83
|
:param pulumi.Input['AuthBackendTuneArgs'] tune: Extra configuration block. Structure is documented below.
|
@@ -82,6 +94,8 @@ class AuthBackendArgs:
|
|
82
94
|
pulumi.set(__self__, "custom_endpoint", custom_endpoint)
|
83
95
|
if description is not None:
|
84
96
|
pulumi.set(__self__, "description", description)
|
97
|
+
if disable_automated_rotation is not None:
|
98
|
+
pulumi.set(__self__, "disable_automated_rotation", disable_automated_rotation)
|
85
99
|
if disable_remount is not None:
|
86
100
|
pulumi.set(__self__, "disable_remount", disable_remount)
|
87
101
|
if identity_token_audience is not None:
|
@@ -100,6 +114,12 @@ class AuthBackendArgs:
|
|
100
114
|
pulumi.set(__self__, "private_key_id", private_key_id)
|
101
115
|
if project_id is not None:
|
102
116
|
pulumi.set(__self__, "project_id", project_id)
|
117
|
+
if rotation_period is not None:
|
118
|
+
pulumi.set(__self__, "rotation_period", rotation_period)
|
119
|
+
if rotation_schedule is not None:
|
120
|
+
pulumi.set(__self__, "rotation_schedule", rotation_schedule)
|
121
|
+
if rotation_window is not None:
|
122
|
+
pulumi.set(__self__, "rotation_window", rotation_window)
|
103
123
|
if service_account_email is not None:
|
104
124
|
pulumi.set(__self__, "service_account_email", service_account_email)
|
105
125
|
if tune is not None:
|
@@ -171,6 +191,18 @@ class AuthBackendArgs:
|
|
171
191
|
def description(self, value: Optional[pulumi.Input[str]]):
|
172
192
|
pulumi.set(self, "description", value)
|
173
193
|
|
194
|
+
@property
|
195
|
+
@pulumi.getter(name="disableAutomatedRotation")
|
196
|
+
def disable_automated_rotation(self) -> Optional[pulumi.Input[bool]]:
|
197
|
+
"""
|
198
|
+
Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
199
|
+
"""
|
200
|
+
return pulumi.get(self, "disable_automated_rotation")
|
201
|
+
|
202
|
+
@disable_automated_rotation.setter
|
203
|
+
def disable_automated_rotation(self, value: Optional[pulumi.Input[bool]]):
|
204
|
+
pulumi.set(self, "disable_automated_rotation", value)
|
205
|
+
|
174
206
|
@property
|
175
207
|
@pulumi.getter(name="disableRemount")
|
176
208
|
def disable_remount(self) -> Optional[pulumi.Input[bool]]:
|
@@ -286,6 +318,46 @@ class AuthBackendArgs:
|
|
286
318
|
def project_id(self, value: Optional[pulumi.Input[str]]):
|
287
319
|
pulumi.set(self, "project_id", value)
|
288
320
|
|
321
|
+
@property
|
322
|
+
@pulumi.getter(name="rotationPeriod")
|
323
|
+
def rotation_period(self) -> Optional[pulumi.Input[int]]:
|
324
|
+
"""
|
325
|
+
The amount of time in seconds Vault should wait before rotating the root credential.
|
326
|
+
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
327
|
+
"""
|
328
|
+
return pulumi.get(self, "rotation_period")
|
329
|
+
|
330
|
+
@rotation_period.setter
|
331
|
+
def rotation_period(self, value: Optional[pulumi.Input[int]]):
|
332
|
+
pulumi.set(self, "rotation_period", value)
|
333
|
+
|
334
|
+
@property
|
335
|
+
@pulumi.getter(name="rotationSchedule")
|
336
|
+
def rotation_schedule(self) -> Optional[pulumi.Input[str]]:
|
337
|
+
"""
|
338
|
+
The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
339
|
+
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
340
|
+
"""
|
341
|
+
return pulumi.get(self, "rotation_schedule")
|
342
|
+
|
343
|
+
@rotation_schedule.setter
|
344
|
+
def rotation_schedule(self, value: Optional[pulumi.Input[str]]):
|
345
|
+
pulumi.set(self, "rotation_schedule", value)
|
346
|
+
|
347
|
+
@property
|
348
|
+
@pulumi.getter(name="rotationWindow")
|
349
|
+
def rotation_window(self) -> Optional[pulumi.Input[int]]:
|
350
|
+
"""
|
351
|
+
The maximum amount of time in seconds allowed to complete
|
352
|
+
a rotation when a scheduled token rotation occurs. The default rotation window is
|
353
|
+
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
|
354
|
+
"""
|
355
|
+
return pulumi.get(self, "rotation_window")
|
356
|
+
|
357
|
+
@rotation_window.setter
|
358
|
+
def rotation_window(self, value: Optional[pulumi.Input[int]]):
|
359
|
+
pulumi.set(self, "rotation_window", value)
|
360
|
+
|
289
361
|
@property
|
290
362
|
@pulumi.getter(name="serviceAccountEmail")
|
291
363
|
def service_account_email(self) -> Optional[pulumi.Input[str]]:
|
@@ -323,6 +395,7 @@ class _AuthBackendState:
|
|
323
395
|
credentials: Optional[pulumi.Input[str]] = None,
|
324
396
|
custom_endpoint: Optional[pulumi.Input['AuthBackendCustomEndpointArgs']] = None,
|
325
397
|
description: Optional[pulumi.Input[str]] = None,
|
398
|
+
disable_automated_rotation: Optional[pulumi.Input[bool]] = None,
|
326
399
|
disable_remount: Optional[pulumi.Input[bool]] = None,
|
327
400
|
identity_token_audience: Optional[pulumi.Input[str]] = None,
|
328
401
|
identity_token_key: Optional[pulumi.Input[str]] = None,
|
@@ -332,6 +405,9 @@ class _AuthBackendState:
|
|
332
405
|
path: Optional[pulumi.Input[str]] = None,
|
333
406
|
private_key_id: Optional[pulumi.Input[str]] = None,
|
334
407
|
project_id: Optional[pulumi.Input[str]] = None,
|
408
|
+
rotation_period: Optional[pulumi.Input[int]] = None,
|
409
|
+
rotation_schedule: Optional[pulumi.Input[str]] = None,
|
410
|
+
rotation_window: Optional[pulumi.Input[int]] = None,
|
335
411
|
service_account_email: Optional[pulumi.Input[str]] = None,
|
336
412
|
tune: Optional[pulumi.Input['AuthBackendTuneArgs']] = None):
|
337
413
|
"""
|
@@ -348,6 +424,7 @@ class _AuthBackendState:
|
|
348
424
|
|
349
425
|
Overrides are set at the subdomain level using the following keys:
|
350
426
|
:param pulumi.Input[str] description: A description of the auth method.
|
427
|
+
:param pulumi.Input[bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
351
428
|
:param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
|
352
429
|
See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
|
353
430
|
:param pulumi.Input[str] identity_token_audience: The audience claim value for plugin identity
|
@@ -364,6 +441,13 @@ class _AuthBackendState:
|
|
364
441
|
:param pulumi.Input[str] path: The path to mount the auth method — this defaults to 'gcp'.
|
365
442
|
:param pulumi.Input[str] private_key_id: The ID of the private key from the credentials
|
366
443
|
:param pulumi.Input[str] project_id: The GCP Project ID
|
444
|
+
:param pulumi.Input[int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
|
445
|
+
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
446
|
+
:param pulumi.Input[str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
447
|
+
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
448
|
+
:param pulumi.Input[int] rotation_window: The maximum amount of time in seconds allowed to complete
|
449
|
+
a rotation when a scheduled token rotation occurs. The default rotation window is
|
450
|
+
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
|
367
451
|
:param pulumi.Input[str] service_account_email: Service Account to impersonate for plugin workload identity federation.
|
368
452
|
Required with `identity_token_audience`. Requires Vault 1.17+. *Available only for Vault Enterprise*.
|
369
453
|
:param pulumi.Input['AuthBackendTuneArgs'] tune: Extra configuration block. Structure is documented below.
|
@@ -382,6 +466,8 @@ class _AuthBackendState:
|
|
382
466
|
pulumi.set(__self__, "custom_endpoint", custom_endpoint)
|
383
467
|
if description is not None:
|
384
468
|
pulumi.set(__self__, "description", description)
|
469
|
+
if disable_automated_rotation is not None:
|
470
|
+
pulumi.set(__self__, "disable_automated_rotation", disable_automated_rotation)
|
385
471
|
if disable_remount is not None:
|
386
472
|
pulumi.set(__self__, "disable_remount", disable_remount)
|
387
473
|
if identity_token_audience is not None:
|
@@ -400,6 +486,12 @@ class _AuthBackendState:
|
|
400
486
|
pulumi.set(__self__, "private_key_id", private_key_id)
|
401
487
|
if project_id is not None:
|
402
488
|
pulumi.set(__self__, "project_id", project_id)
|
489
|
+
if rotation_period is not None:
|
490
|
+
pulumi.set(__self__, "rotation_period", rotation_period)
|
491
|
+
if rotation_schedule is not None:
|
492
|
+
pulumi.set(__self__, "rotation_schedule", rotation_schedule)
|
493
|
+
if rotation_window is not None:
|
494
|
+
pulumi.set(__self__, "rotation_window", rotation_window)
|
403
495
|
if service_account_email is not None:
|
404
496
|
pulumi.set(__self__, "service_account_email", service_account_email)
|
405
497
|
if tune is not None:
|
@@ -483,6 +575,18 @@ class _AuthBackendState:
|
|
483
575
|
def description(self, value: Optional[pulumi.Input[str]]):
|
484
576
|
pulumi.set(self, "description", value)
|
485
577
|
|
578
|
+
@property
|
579
|
+
@pulumi.getter(name="disableAutomatedRotation")
|
580
|
+
def disable_automated_rotation(self) -> Optional[pulumi.Input[bool]]:
|
581
|
+
"""
|
582
|
+
Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
583
|
+
"""
|
584
|
+
return pulumi.get(self, "disable_automated_rotation")
|
585
|
+
|
586
|
+
@disable_automated_rotation.setter
|
587
|
+
def disable_automated_rotation(self, value: Optional[pulumi.Input[bool]]):
|
588
|
+
pulumi.set(self, "disable_automated_rotation", value)
|
589
|
+
|
486
590
|
@property
|
487
591
|
@pulumi.getter(name="disableRemount")
|
488
592
|
def disable_remount(self) -> Optional[pulumi.Input[bool]]:
|
@@ -598,6 +702,46 @@ class _AuthBackendState:
|
|
598
702
|
def project_id(self, value: Optional[pulumi.Input[str]]):
|
599
703
|
pulumi.set(self, "project_id", value)
|
600
704
|
|
705
|
+
@property
|
706
|
+
@pulumi.getter(name="rotationPeriod")
|
707
|
+
def rotation_period(self) -> Optional[pulumi.Input[int]]:
|
708
|
+
"""
|
709
|
+
The amount of time in seconds Vault should wait before rotating the root credential.
|
710
|
+
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
711
|
+
"""
|
712
|
+
return pulumi.get(self, "rotation_period")
|
713
|
+
|
714
|
+
@rotation_period.setter
|
715
|
+
def rotation_period(self, value: Optional[pulumi.Input[int]]):
|
716
|
+
pulumi.set(self, "rotation_period", value)
|
717
|
+
|
718
|
+
@property
|
719
|
+
@pulumi.getter(name="rotationSchedule")
|
720
|
+
def rotation_schedule(self) -> Optional[pulumi.Input[str]]:
|
721
|
+
"""
|
722
|
+
The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
723
|
+
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
724
|
+
"""
|
725
|
+
return pulumi.get(self, "rotation_schedule")
|
726
|
+
|
727
|
+
@rotation_schedule.setter
|
728
|
+
def rotation_schedule(self, value: Optional[pulumi.Input[str]]):
|
729
|
+
pulumi.set(self, "rotation_schedule", value)
|
730
|
+
|
731
|
+
@property
|
732
|
+
@pulumi.getter(name="rotationWindow")
|
733
|
+
def rotation_window(self) -> Optional[pulumi.Input[int]]:
|
734
|
+
"""
|
735
|
+
The maximum amount of time in seconds allowed to complete
|
736
|
+
a rotation when a scheduled token rotation occurs. The default rotation window is
|
737
|
+
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
|
738
|
+
"""
|
739
|
+
return pulumi.get(self, "rotation_window")
|
740
|
+
|
741
|
+
@rotation_window.setter
|
742
|
+
def rotation_window(self, value: Optional[pulumi.Input[int]]):
|
743
|
+
pulumi.set(self, "rotation_window", value)
|
744
|
+
|
601
745
|
@property
|
602
746
|
@pulumi.getter(name="serviceAccountEmail")
|
603
747
|
def service_account_email(self) -> Optional[pulumi.Input[str]]:
|
@@ -636,6 +780,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
636
780
|
credentials: Optional[pulumi.Input[str]] = None,
|
637
781
|
custom_endpoint: Optional[pulumi.Input[Union['AuthBackendCustomEndpointArgs', 'AuthBackendCustomEndpointArgsDict']]] = None,
|
638
782
|
description: Optional[pulumi.Input[str]] = None,
|
783
|
+
disable_automated_rotation: Optional[pulumi.Input[bool]] = None,
|
639
784
|
disable_remount: Optional[pulumi.Input[bool]] = None,
|
640
785
|
identity_token_audience: Optional[pulumi.Input[str]] = None,
|
641
786
|
identity_token_key: Optional[pulumi.Input[str]] = None,
|
@@ -645,6 +790,9 @@ class AuthBackend(pulumi.CustomResource):
|
|
645
790
|
path: Optional[pulumi.Input[str]] = None,
|
646
791
|
private_key_id: Optional[pulumi.Input[str]] = None,
|
647
792
|
project_id: Optional[pulumi.Input[str]] = None,
|
793
|
+
rotation_period: Optional[pulumi.Input[int]] = None,
|
794
|
+
rotation_schedule: Optional[pulumi.Input[str]] = None,
|
795
|
+
rotation_window: Optional[pulumi.Input[int]] = None,
|
648
796
|
service_account_email: Optional[pulumi.Input[str]] = None,
|
649
797
|
tune: Optional[pulumi.Input[Union['AuthBackendTuneArgs', 'AuthBackendTuneArgsDict']]] = None,
|
650
798
|
__props__=None):
|
@@ -662,7 +810,9 @@ class AuthBackend(pulumi.CustomResource):
|
|
662
810
|
identity_token_key="example-key",
|
663
811
|
identity_token_ttl=1800,
|
664
812
|
identity_token_audience="<TOKEN_AUDIENCE>",
|
665
|
-
service_account_email="<SERVICE_ACCOUNT_EMAIL>"
|
813
|
+
service_account_email="<SERVICE_ACCOUNT_EMAIL>",
|
814
|
+
rotation_schedule="0 * * * SAT",
|
815
|
+
rotation_window=3600)
|
666
816
|
```
|
667
817
|
|
668
818
|
## Import
|
@@ -686,6 +836,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
686
836
|
|
687
837
|
Overrides are set at the subdomain level using the following keys:
|
688
838
|
:param pulumi.Input[str] description: A description of the auth method.
|
839
|
+
:param pulumi.Input[bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
689
840
|
:param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
|
690
841
|
See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
|
691
842
|
:param pulumi.Input[str] identity_token_audience: The audience claim value for plugin identity
|
@@ -702,6 +853,13 @@ class AuthBackend(pulumi.CustomResource):
|
|
702
853
|
:param pulumi.Input[str] path: The path to mount the auth method — this defaults to 'gcp'.
|
703
854
|
:param pulumi.Input[str] private_key_id: The ID of the private key from the credentials
|
704
855
|
:param pulumi.Input[str] project_id: The GCP Project ID
|
856
|
+
:param pulumi.Input[int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
|
857
|
+
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
858
|
+
:param pulumi.Input[str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
859
|
+
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
860
|
+
:param pulumi.Input[int] rotation_window: The maximum amount of time in seconds allowed to complete
|
861
|
+
a rotation when a scheduled token rotation occurs. The default rotation window is
|
862
|
+
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
|
705
863
|
:param pulumi.Input[str] service_account_email: Service Account to impersonate for plugin workload identity federation.
|
706
864
|
Required with `identity_token_audience`. Requires Vault 1.17+. *Available only for Vault Enterprise*.
|
707
865
|
:param pulumi.Input[Union['AuthBackendTuneArgs', 'AuthBackendTuneArgsDict']] tune: Extra configuration block. Structure is documented below.
|
@@ -728,7 +886,9 @@ class AuthBackend(pulumi.CustomResource):
|
|
728
886
|
identity_token_key="example-key",
|
729
887
|
identity_token_ttl=1800,
|
730
888
|
identity_token_audience="<TOKEN_AUDIENCE>",
|
731
|
-
service_account_email="<SERVICE_ACCOUNT_EMAIL>"
|
889
|
+
service_account_email="<SERVICE_ACCOUNT_EMAIL>",
|
890
|
+
rotation_schedule="0 * * * SAT",
|
891
|
+
rotation_window=3600)
|
732
892
|
```
|
733
893
|
|
734
894
|
## Import
|
@@ -759,6 +919,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
759
919
|
credentials: Optional[pulumi.Input[str]] = None,
|
760
920
|
custom_endpoint: Optional[pulumi.Input[Union['AuthBackendCustomEndpointArgs', 'AuthBackendCustomEndpointArgsDict']]] = None,
|
761
921
|
description: Optional[pulumi.Input[str]] = None,
|
922
|
+
disable_automated_rotation: Optional[pulumi.Input[bool]] = None,
|
762
923
|
disable_remount: Optional[pulumi.Input[bool]] = None,
|
763
924
|
identity_token_audience: Optional[pulumi.Input[str]] = None,
|
764
925
|
identity_token_key: Optional[pulumi.Input[str]] = None,
|
@@ -768,6 +929,9 @@ class AuthBackend(pulumi.CustomResource):
|
|
768
929
|
path: Optional[pulumi.Input[str]] = None,
|
769
930
|
private_key_id: Optional[pulumi.Input[str]] = None,
|
770
931
|
project_id: Optional[pulumi.Input[str]] = None,
|
932
|
+
rotation_period: Optional[pulumi.Input[int]] = None,
|
933
|
+
rotation_schedule: Optional[pulumi.Input[str]] = None,
|
934
|
+
rotation_window: Optional[pulumi.Input[int]] = None,
|
771
935
|
service_account_email: Optional[pulumi.Input[str]] = None,
|
772
936
|
tune: Optional[pulumi.Input[Union['AuthBackendTuneArgs', 'AuthBackendTuneArgsDict']]] = None,
|
773
937
|
__props__=None):
|
@@ -784,6 +948,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
784
948
|
__props__.__dict__["credentials"] = None if credentials is None else pulumi.Output.secret(credentials)
|
785
949
|
__props__.__dict__["custom_endpoint"] = custom_endpoint
|
786
950
|
__props__.__dict__["description"] = description
|
951
|
+
__props__.__dict__["disable_automated_rotation"] = disable_automated_rotation
|
787
952
|
__props__.__dict__["disable_remount"] = disable_remount
|
788
953
|
__props__.__dict__["identity_token_audience"] = identity_token_audience
|
789
954
|
__props__.__dict__["identity_token_key"] = identity_token_key
|
@@ -793,6 +958,9 @@ class AuthBackend(pulumi.CustomResource):
|
|
793
958
|
__props__.__dict__["path"] = path
|
794
959
|
__props__.__dict__["private_key_id"] = private_key_id
|
795
960
|
__props__.__dict__["project_id"] = project_id
|
961
|
+
__props__.__dict__["rotation_period"] = rotation_period
|
962
|
+
__props__.__dict__["rotation_schedule"] = rotation_schedule
|
963
|
+
__props__.__dict__["rotation_window"] = rotation_window
|
796
964
|
__props__.__dict__["service_account_email"] = service_account_email
|
797
965
|
__props__.__dict__["tune"] = tune
|
798
966
|
__props__.__dict__["accessor"] = None
|
@@ -814,6 +982,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
814
982
|
credentials: Optional[pulumi.Input[str]] = None,
|
815
983
|
custom_endpoint: Optional[pulumi.Input[Union['AuthBackendCustomEndpointArgs', 'AuthBackendCustomEndpointArgsDict']]] = None,
|
816
984
|
description: Optional[pulumi.Input[str]] = None,
|
985
|
+
disable_automated_rotation: Optional[pulumi.Input[bool]] = None,
|
817
986
|
disable_remount: Optional[pulumi.Input[bool]] = None,
|
818
987
|
identity_token_audience: Optional[pulumi.Input[str]] = None,
|
819
988
|
identity_token_key: Optional[pulumi.Input[str]] = None,
|
@@ -823,6 +992,9 @@ class AuthBackend(pulumi.CustomResource):
|
|
823
992
|
path: Optional[pulumi.Input[str]] = None,
|
824
993
|
private_key_id: Optional[pulumi.Input[str]] = None,
|
825
994
|
project_id: Optional[pulumi.Input[str]] = None,
|
995
|
+
rotation_period: Optional[pulumi.Input[int]] = None,
|
996
|
+
rotation_schedule: Optional[pulumi.Input[str]] = None,
|
997
|
+
rotation_window: Optional[pulumi.Input[int]] = None,
|
826
998
|
service_account_email: Optional[pulumi.Input[str]] = None,
|
827
999
|
tune: Optional[pulumi.Input[Union['AuthBackendTuneArgs', 'AuthBackendTuneArgsDict']]] = None) -> 'AuthBackend':
|
828
1000
|
"""
|
@@ -844,6 +1016,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
844
1016
|
|
845
1017
|
Overrides are set at the subdomain level using the following keys:
|
846
1018
|
:param pulumi.Input[str] description: A description of the auth method.
|
1019
|
+
:param pulumi.Input[bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
847
1020
|
:param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
|
848
1021
|
See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
|
849
1022
|
:param pulumi.Input[str] identity_token_audience: The audience claim value for plugin identity
|
@@ -860,6 +1033,13 @@ class AuthBackend(pulumi.CustomResource):
|
|
860
1033
|
:param pulumi.Input[str] path: The path to mount the auth method — this defaults to 'gcp'.
|
861
1034
|
:param pulumi.Input[str] private_key_id: The ID of the private key from the credentials
|
862
1035
|
:param pulumi.Input[str] project_id: The GCP Project ID
|
1036
|
+
:param pulumi.Input[int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
|
1037
|
+
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
1038
|
+
:param pulumi.Input[str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
1039
|
+
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
1040
|
+
:param pulumi.Input[int] rotation_window: The maximum amount of time in seconds allowed to complete
|
1041
|
+
a rotation when a scheduled token rotation occurs. The default rotation window is
|
1042
|
+
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
|
863
1043
|
:param pulumi.Input[str] service_account_email: Service Account to impersonate for plugin workload identity federation.
|
864
1044
|
Required with `identity_token_audience`. Requires Vault 1.17+. *Available only for Vault Enterprise*.
|
865
1045
|
:param pulumi.Input[Union['AuthBackendTuneArgs', 'AuthBackendTuneArgsDict']] tune: Extra configuration block. Structure is documented below.
|
@@ -876,6 +1056,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
876
1056
|
__props__.__dict__["credentials"] = credentials
|
877
1057
|
__props__.__dict__["custom_endpoint"] = custom_endpoint
|
878
1058
|
__props__.__dict__["description"] = description
|
1059
|
+
__props__.__dict__["disable_automated_rotation"] = disable_automated_rotation
|
879
1060
|
__props__.__dict__["disable_remount"] = disable_remount
|
880
1061
|
__props__.__dict__["identity_token_audience"] = identity_token_audience
|
881
1062
|
__props__.__dict__["identity_token_key"] = identity_token_key
|
@@ -885,6 +1066,9 @@ class AuthBackend(pulumi.CustomResource):
|
|
885
1066
|
__props__.__dict__["path"] = path
|
886
1067
|
__props__.__dict__["private_key_id"] = private_key_id
|
887
1068
|
__props__.__dict__["project_id"] = project_id
|
1069
|
+
__props__.__dict__["rotation_period"] = rotation_period
|
1070
|
+
__props__.__dict__["rotation_schedule"] = rotation_schedule
|
1071
|
+
__props__.__dict__["rotation_window"] = rotation_window
|
888
1072
|
__props__.__dict__["service_account_email"] = service_account_email
|
889
1073
|
__props__.__dict__["tune"] = tune
|
890
1074
|
return AuthBackend(resource_name, opts=opts, __props__=__props__)
|
@@ -943,6 +1127,14 @@ class AuthBackend(pulumi.CustomResource):
|
|
943
1127
|
"""
|
944
1128
|
return pulumi.get(self, "description")
|
945
1129
|
|
1130
|
+
@property
|
1131
|
+
@pulumi.getter(name="disableAutomatedRotation")
|
1132
|
+
def disable_automated_rotation(self) -> pulumi.Output[Optional[bool]]:
|
1133
|
+
"""
|
1134
|
+
Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
1135
|
+
"""
|
1136
|
+
return pulumi.get(self, "disable_automated_rotation")
|
1137
|
+
|
946
1138
|
@property
|
947
1139
|
@pulumi.getter(name="disableRemount")
|
948
1140
|
def disable_remount(self) -> pulumi.Output[Optional[bool]]:
|
@@ -1022,6 +1214,34 @@ class AuthBackend(pulumi.CustomResource):
|
|
1022
1214
|
"""
|
1023
1215
|
return pulumi.get(self, "project_id")
|
1024
1216
|
|
1217
|
+
@property
|
1218
|
+
@pulumi.getter(name="rotationPeriod")
|
1219
|
+
def rotation_period(self) -> pulumi.Output[Optional[int]]:
|
1220
|
+
"""
|
1221
|
+
The amount of time in seconds Vault should wait before rotating the root credential.
|
1222
|
+
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
1223
|
+
"""
|
1224
|
+
return pulumi.get(self, "rotation_period")
|
1225
|
+
|
1226
|
+
@property
|
1227
|
+
@pulumi.getter(name="rotationSchedule")
|
1228
|
+
def rotation_schedule(self) -> pulumi.Output[Optional[str]]:
|
1229
|
+
"""
|
1230
|
+
The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
1231
|
+
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
1232
|
+
"""
|
1233
|
+
return pulumi.get(self, "rotation_schedule")
|
1234
|
+
|
1235
|
+
@property
|
1236
|
+
@pulumi.getter(name="rotationWindow")
|
1237
|
+
def rotation_window(self) -> pulumi.Output[Optional[int]]:
|
1238
|
+
"""
|
1239
|
+
The maximum amount of time in seconds allowed to complete
|
1240
|
+
a rotation when a scheduled token rotation occurs. The default rotation window is
|
1241
|
+
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
|
1242
|
+
"""
|
1243
|
+
return pulumi.get(self, "rotation_window")
|
1244
|
+
|
1025
1245
|
@property
|
1026
1246
|
@pulumi.getter(name="serviceAccountEmail")
|
1027
1247
|
def service_account_email(self) -> pulumi.Output[Optional[str]]:
|