pulumi-vault 6.6.0a1741415971__py3-none-any.whl → 6.6.0a1741836364__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +8 -0
- pulumi_vault/aws/auth_backend_client.py +228 -4
- pulumi_vault/aws/secret_backend.py +266 -50
- pulumi_vault/aws/secret_backend_static_role.py +217 -0
- pulumi_vault/azure/auth_backend_config.py +257 -5
- pulumi_vault/azure/backend.py +249 -4
- pulumi_vault/database/_inputs.py +1692 -36
- pulumi_vault/database/outputs.py +1170 -18
- pulumi_vault/database/secret_backend_connection.py +220 -0
- pulumi_vault/database/secret_backend_static_role.py +143 -1
- pulumi_vault/database/secrets_mount.py +8 -0
- pulumi_vault/gcp/auth_backend.py +222 -2
- pulumi_vault/gcp/secret_backend.py +244 -4
- pulumi_vault/ldap/auth_backend.py +222 -2
- pulumi_vault/ldap/secret_backend.py +222 -2
- pulumi_vault/pkisecret/__init__.py +2 -0
- pulumi_vault/pkisecret/_inputs.py +0 -6
- pulumi_vault/pkisecret/backend_config_acme.py +47 -0
- pulumi_vault/pkisecret/backend_config_auto_tidy.py +1376 -0
- pulumi_vault/pkisecret/backend_config_cmpv2.py +61 -14
- pulumi_vault/pkisecret/get_backend_cert_metadata.py +277 -0
- pulumi_vault/pkisecret/get_backend_config_cmpv2.py +18 -1
- pulumi_vault/pkisecret/get_backend_issuer.py +114 -1
- pulumi_vault/pkisecret/outputs.py +0 -4
- pulumi_vault/pkisecret/secret_backend_cert.py +148 -7
- pulumi_vault/pkisecret/secret_backend_crl_config.py +54 -0
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +141 -0
- pulumi_vault/pkisecret/secret_backend_issuer.py +265 -0
- pulumi_vault/pkisecret/secret_backend_role.py +252 -3
- pulumi_vault/pkisecret/secret_backend_root_cert.py +423 -0
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +581 -3
- pulumi_vault/pkisecret/secret_backend_sign.py +94 -0
- pulumi_vault/pulumi-plugin.json +1 -1
- pulumi_vault/ssh/__init__.py +1 -0
- pulumi_vault/ssh/get_secret_backend_sign.py +294 -0
- pulumi_vault/terraformcloud/secret_role.py +7 -7
- pulumi_vault/transit/__init__.py +2 -0
- pulumi_vault/transit/get_sign.py +324 -0
- pulumi_vault/transit/get_verify.py +354 -0
- pulumi_vault/transit/secret_backend_key.py +162 -0
- {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.6.0a1741836364.dist-info}/METADATA +1 -1
- {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.6.0a1741836364.dist-info}/RECORD +44 -39
- {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.6.0a1741836364.dist-info}/WHEEL +1 -1
- {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.6.0a1741836364.dist-info}/top_level.txt +0 -0
@@ -29,6 +29,7 @@ class AuthBackendArgs:
|
|
29
29
|
connection_timeout: Optional[pulumi.Input[int]] = None,
|
30
30
|
deny_null_bind: Optional[pulumi.Input[bool]] = None,
|
31
31
|
description: Optional[pulumi.Input[str]] = None,
|
32
|
+
disable_automated_rotation: Optional[pulumi.Input[bool]] = None,
|
32
33
|
disable_remount: Optional[pulumi.Input[bool]] = None,
|
33
34
|
discoverdn: Optional[pulumi.Input[bool]] = None,
|
34
35
|
groupattr: Optional[pulumi.Input[str]] = None,
|
@@ -39,6 +40,9 @@ class AuthBackendArgs:
|
|
39
40
|
max_page_size: Optional[pulumi.Input[int]] = None,
|
40
41
|
namespace: Optional[pulumi.Input[str]] = None,
|
41
42
|
path: Optional[pulumi.Input[str]] = None,
|
43
|
+
rotation_period: Optional[pulumi.Input[int]] = None,
|
44
|
+
rotation_schedule: Optional[pulumi.Input[str]] = None,
|
45
|
+
rotation_window: Optional[pulumi.Input[int]] = None,
|
42
46
|
starttls: Optional[pulumi.Input[bool]] = None,
|
43
47
|
tls_max_version: Optional[pulumi.Input[str]] = None,
|
44
48
|
tls_min_version: Optional[pulumi.Input[str]] = None,
|
@@ -67,6 +71,7 @@ class AuthBackendArgs:
|
|
67
71
|
:param pulumi.Input[int] connection_timeout: Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in `url` (integer: 30)
|
68
72
|
:param pulumi.Input[bool] deny_null_bind: Prevents users from bypassing authentication when providing an empty password.
|
69
73
|
:param pulumi.Input[str] description: Description for the LDAP auth backend mount
|
74
|
+
:param pulumi.Input[bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
70
75
|
:param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
|
71
76
|
See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
|
72
77
|
:param pulumi.Input[bool] discoverdn: Use anonymous bind to discover the bind DN of a user.
|
@@ -82,6 +87,13 @@ class AuthBackendArgs:
|
|
82
87
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
83
88
|
*Available only for Vault Enterprise*.
|
84
89
|
:param pulumi.Input[str] path: Path to mount the LDAP auth backend under
|
90
|
+
:param pulumi.Input[int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
|
91
|
+
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
92
|
+
:param pulumi.Input[str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
93
|
+
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
94
|
+
:param pulumi.Input[int] rotation_window: The maximum amount of time in seconds allowed to complete
|
95
|
+
a rotation when a scheduled token rotation occurs. The default rotation window is
|
96
|
+
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
|
85
97
|
:param pulumi.Input[bool] starttls: Control use of TLS when conecting to LDAP
|
86
98
|
:param pulumi.Input[str] tls_max_version: Maximum acceptable version of TLS
|
87
99
|
:param pulumi.Input[str] tls_min_version: Minimum acceptable version of TLS
|
@@ -120,6 +132,8 @@ class AuthBackendArgs:
|
|
120
132
|
pulumi.set(__self__, "deny_null_bind", deny_null_bind)
|
121
133
|
if description is not None:
|
122
134
|
pulumi.set(__self__, "description", description)
|
135
|
+
if disable_automated_rotation is not None:
|
136
|
+
pulumi.set(__self__, "disable_automated_rotation", disable_automated_rotation)
|
123
137
|
if disable_remount is not None:
|
124
138
|
pulumi.set(__self__, "disable_remount", disable_remount)
|
125
139
|
if discoverdn is not None:
|
@@ -140,6 +154,12 @@ class AuthBackendArgs:
|
|
140
154
|
pulumi.set(__self__, "namespace", namespace)
|
141
155
|
if path is not None:
|
142
156
|
pulumi.set(__self__, "path", path)
|
157
|
+
if rotation_period is not None:
|
158
|
+
pulumi.set(__self__, "rotation_period", rotation_period)
|
159
|
+
if rotation_schedule is not None:
|
160
|
+
pulumi.set(__self__, "rotation_schedule", rotation_schedule)
|
161
|
+
if rotation_window is not None:
|
162
|
+
pulumi.set(__self__, "rotation_window", rotation_window)
|
143
163
|
if starttls is not None:
|
144
164
|
pulumi.set(__self__, "starttls", starttls)
|
145
165
|
if tls_max_version is not None:
|
@@ -291,6 +311,18 @@ class AuthBackendArgs:
|
|
291
311
|
def description(self, value: Optional[pulumi.Input[str]]):
|
292
312
|
pulumi.set(self, "description", value)
|
293
313
|
|
314
|
+
@property
|
315
|
+
@pulumi.getter(name="disableAutomatedRotation")
|
316
|
+
def disable_automated_rotation(self) -> Optional[pulumi.Input[bool]]:
|
317
|
+
"""
|
318
|
+
Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
319
|
+
"""
|
320
|
+
return pulumi.get(self, "disable_automated_rotation")
|
321
|
+
|
322
|
+
@disable_automated_rotation.setter
|
323
|
+
def disable_automated_rotation(self, value: Optional[pulumi.Input[bool]]):
|
324
|
+
pulumi.set(self, "disable_automated_rotation", value)
|
325
|
+
|
294
326
|
@property
|
295
327
|
@pulumi.getter(name="disableRemount")
|
296
328
|
def disable_remount(self) -> Optional[pulumi.Input[bool]]:
|
@@ -416,6 +448,46 @@ class AuthBackendArgs:
|
|
416
448
|
def path(self, value: Optional[pulumi.Input[str]]):
|
417
449
|
pulumi.set(self, "path", value)
|
418
450
|
|
451
|
+
@property
|
452
|
+
@pulumi.getter(name="rotationPeriod")
|
453
|
+
def rotation_period(self) -> Optional[pulumi.Input[int]]:
|
454
|
+
"""
|
455
|
+
The amount of time in seconds Vault should wait before rotating the root credential.
|
456
|
+
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
457
|
+
"""
|
458
|
+
return pulumi.get(self, "rotation_period")
|
459
|
+
|
460
|
+
@rotation_period.setter
|
461
|
+
def rotation_period(self, value: Optional[pulumi.Input[int]]):
|
462
|
+
pulumi.set(self, "rotation_period", value)
|
463
|
+
|
464
|
+
@property
|
465
|
+
@pulumi.getter(name="rotationSchedule")
|
466
|
+
def rotation_schedule(self) -> Optional[pulumi.Input[str]]:
|
467
|
+
"""
|
468
|
+
The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
469
|
+
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
470
|
+
"""
|
471
|
+
return pulumi.get(self, "rotation_schedule")
|
472
|
+
|
473
|
+
@rotation_schedule.setter
|
474
|
+
def rotation_schedule(self, value: Optional[pulumi.Input[str]]):
|
475
|
+
pulumi.set(self, "rotation_schedule", value)
|
476
|
+
|
477
|
+
@property
|
478
|
+
@pulumi.getter(name="rotationWindow")
|
479
|
+
def rotation_window(self) -> Optional[pulumi.Input[int]]:
|
480
|
+
"""
|
481
|
+
The maximum amount of time in seconds allowed to complete
|
482
|
+
a rotation when a scheduled token rotation occurs. The default rotation window is
|
483
|
+
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
|
484
|
+
"""
|
485
|
+
return pulumi.get(self, "rotation_window")
|
486
|
+
|
487
|
+
@rotation_window.setter
|
488
|
+
def rotation_window(self, value: Optional[pulumi.Input[int]]):
|
489
|
+
pulumi.set(self, "rotation_window", value)
|
490
|
+
|
419
491
|
@property
|
420
492
|
@pulumi.getter
|
421
493
|
def starttls(self) -> Optional[pulumi.Input[bool]]:
|
@@ -646,6 +718,7 @@ class _AuthBackendState:
|
|
646
718
|
connection_timeout: Optional[pulumi.Input[int]] = None,
|
647
719
|
deny_null_bind: Optional[pulumi.Input[bool]] = None,
|
648
720
|
description: Optional[pulumi.Input[str]] = None,
|
721
|
+
disable_automated_rotation: Optional[pulumi.Input[bool]] = None,
|
649
722
|
disable_remount: Optional[pulumi.Input[bool]] = None,
|
650
723
|
discoverdn: Optional[pulumi.Input[bool]] = None,
|
651
724
|
groupattr: Optional[pulumi.Input[str]] = None,
|
@@ -656,6 +729,9 @@ class _AuthBackendState:
|
|
656
729
|
max_page_size: Optional[pulumi.Input[int]] = None,
|
657
730
|
namespace: Optional[pulumi.Input[str]] = None,
|
658
731
|
path: Optional[pulumi.Input[str]] = None,
|
732
|
+
rotation_period: Optional[pulumi.Input[int]] = None,
|
733
|
+
rotation_schedule: Optional[pulumi.Input[str]] = None,
|
734
|
+
rotation_window: Optional[pulumi.Input[int]] = None,
|
659
735
|
starttls: Optional[pulumi.Input[bool]] = None,
|
660
736
|
tls_max_version: Optional[pulumi.Input[str]] = None,
|
661
737
|
tls_min_version: Optional[pulumi.Input[str]] = None,
|
@@ -685,6 +761,7 @@ class _AuthBackendState:
|
|
685
761
|
:param pulumi.Input[int] connection_timeout: Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in `url` (integer: 30)
|
686
762
|
:param pulumi.Input[bool] deny_null_bind: Prevents users from bypassing authentication when providing an empty password.
|
687
763
|
:param pulumi.Input[str] description: Description for the LDAP auth backend mount
|
764
|
+
:param pulumi.Input[bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
688
765
|
:param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
|
689
766
|
See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
|
690
767
|
:param pulumi.Input[bool] discoverdn: Use anonymous bind to discover the bind DN of a user.
|
@@ -700,6 +777,13 @@ class _AuthBackendState:
|
|
700
777
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
701
778
|
*Available only for Vault Enterprise*.
|
702
779
|
:param pulumi.Input[str] path: Path to mount the LDAP auth backend under
|
780
|
+
:param pulumi.Input[int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
|
781
|
+
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
782
|
+
:param pulumi.Input[str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
783
|
+
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
784
|
+
:param pulumi.Input[int] rotation_window: The maximum amount of time in seconds allowed to complete
|
785
|
+
a rotation when a scheduled token rotation occurs. The default rotation window is
|
786
|
+
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
|
703
787
|
:param pulumi.Input[bool] starttls: Control use of TLS when conecting to LDAP
|
704
788
|
:param pulumi.Input[str] tls_max_version: Maximum acceptable version of TLS
|
705
789
|
:param pulumi.Input[str] tls_min_version: Minimum acceptable version of TLS
|
@@ -740,6 +824,8 @@ class _AuthBackendState:
|
|
740
824
|
pulumi.set(__self__, "deny_null_bind", deny_null_bind)
|
741
825
|
if description is not None:
|
742
826
|
pulumi.set(__self__, "description", description)
|
827
|
+
if disable_automated_rotation is not None:
|
828
|
+
pulumi.set(__self__, "disable_automated_rotation", disable_automated_rotation)
|
743
829
|
if disable_remount is not None:
|
744
830
|
pulumi.set(__self__, "disable_remount", disable_remount)
|
745
831
|
if discoverdn is not None:
|
@@ -760,6 +846,12 @@ class _AuthBackendState:
|
|
760
846
|
pulumi.set(__self__, "namespace", namespace)
|
761
847
|
if path is not None:
|
762
848
|
pulumi.set(__self__, "path", path)
|
849
|
+
if rotation_period is not None:
|
850
|
+
pulumi.set(__self__, "rotation_period", rotation_period)
|
851
|
+
if rotation_schedule is not None:
|
852
|
+
pulumi.set(__self__, "rotation_schedule", rotation_schedule)
|
853
|
+
if rotation_window is not None:
|
854
|
+
pulumi.set(__self__, "rotation_window", rotation_window)
|
763
855
|
if starttls is not None:
|
764
856
|
pulumi.set(__self__, "starttls", starttls)
|
765
857
|
if tls_max_version is not None:
|
@@ -913,6 +1005,18 @@ class _AuthBackendState:
|
|
913
1005
|
def description(self, value: Optional[pulumi.Input[str]]):
|
914
1006
|
pulumi.set(self, "description", value)
|
915
1007
|
|
1008
|
+
@property
|
1009
|
+
@pulumi.getter(name="disableAutomatedRotation")
|
1010
|
+
def disable_automated_rotation(self) -> Optional[pulumi.Input[bool]]:
|
1011
|
+
"""
|
1012
|
+
Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
1013
|
+
"""
|
1014
|
+
return pulumi.get(self, "disable_automated_rotation")
|
1015
|
+
|
1016
|
+
@disable_automated_rotation.setter
|
1017
|
+
def disable_automated_rotation(self, value: Optional[pulumi.Input[bool]]):
|
1018
|
+
pulumi.set(self, "disable_automated_rotation", value)
|
1019
|
+
|
916
1020
|
@property
|
917
1021
|
@pulumi.getter(name="disableRemount")
|
918
1022
|
def disable_remount(self) -> Optional[pulumi.Input[bool]]:
|
@@ -1038,6 +1142,46 @@ class _AuthBackendState:
|
|
1038
1142
|
def path(self, value: Optional[pulumi.Input[str]]):
|
1039
1143
|
pulumi.set(self, "path", value)
|
1040
1144
|
|
1145
|
+
@property
|
1146
|
+
@pulumi.getter(name="rotationPeriod")
|
1147
|
+
def rotation_period(self) -> Optional[pulumi.Input[int]]:
|
1148
|
+
"""
|
1149
|
+
The amount of time in seconds Vault should wait before rotating the root credential.
|
1150
|
+
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
1151
|
+
"""
|
1152
|
+
return pulumi.get(self, "rotation_period")
|
1153
|
+
|
1154
|
+
@rotation_period.setter
|
1155
|
+
def rotation_period(self, value: Optional[pulumi.Input[int]]):
|
1156
|
+
pulumi.set(self, "rotation_period", value)
|
1157
|
+
|
1158
|
+
@property
|
1159
|
+
@pulumi.getter(name="rotationSchedule")
|
1160
|
+
def rotation_schedule(self) -> Optional[pulumi.Input[str]]:
|
1161
|
+
"""
|
1162
|
+
The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
1163
|
+
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
1164
|
+
"""
|
1165
|
+
return pulumi.get(self, "rotation_schedule")
|
1166
|
+
|
1167
|
+
@rotation_schedule.setter
|
1168
|
+
def rotation_schedule(self, value: Optional[pulumi.Input[str]]):
|
1169
|
+
pulumi.set(self, "rotation_schedule", value)
|
1170
|
+
|
1171
|
+
@property
|
1172
|
+
@pulumi.getter(name="rotationWindow")
|
1173
|
+
def rotation_window(self) -> Optional[pulumi.Input[int]]:
|
1174
|
+
"""
|
1175
|
+
The maximum amount of time in seconds allowed to complete
|
1176
|
+
a rotation when a scheduled token rotation occurs. The default rotation window is
|
1177
|
+
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
|
1178
|
+
"""
|
1179
|
+
return pulumi.get(self, "rotation_window")
|
1180
|
+
|
1181
|
+
@rotation_window.setter
|
1182
|
+
def rotation_window(self, value: Optional[pulumi.Input[int]]):
|
1183
|
+
pulumi.set(self, "rotation_window", value)
|
1184
|
+
|
1041
1185
|
@property
|
1042
1186
|
@pulumi.getter
|
1043
1187
|
def starttls(self) -> Optional[pulumi.Input[bool]]:
|
@@ -1281,6 +1425,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1281
1425
|
connection_timeout: Optional[pulumi.Input[int]] = None,
|
1282
1426
|
deny_null_bind: Optional[pulumi.Input[bool]] = None,
|
1283
1427
|
description: Optional[pulumi.Input[str]] = None,
|
1428
|
+
disable_automated_rotation: Optional[pulumi.Input[bool]] = None,
|
1284
1429
|
disable_remount: Optional[pulumi.Input[bool]] = None,
|
1285
1430
|
discoverdn: Optional[pulumi.Input[bool]] = None,
|
1286
1431
|
groupattr: Optional[pulumi.Input[str]] = None,
|
@@ -1291,6 +1436,9 @@ class AuthBackend(pulumi.CustomResource):
|
|
1291
1436
|
max_page_size: Optional[pulumi.Input[int]] = None,
|
1292
1437
|
namespace: Optional[pulumi.Input[str]] = None,
|
1293
1438
|
path: Optional[pulumi.Input[str]] = None,
|
1439
|
+
rotation_period: Optional[pulumi.Input[int]] = None,
|
1440
|
+
rotation_schedule: Optional[pulumi.Input[str]] = None,
|
1441
|
+
rotation_window: Optional[pulumi.Input[int]] = None,
|
1294
1442
|
starttls: Optional[pulumi.Input[bool]] = None,
|
1295
1443
|
tls_max_version: Optional[pulumi.Input[str]] = None,
|
1296
1444
|
tls_min_version: Optional[pulumi.Input[str]] = None,
|
@@ -1328,7 +1476,9 @@ class AuthBackend(pulumi.CustomResource):
|
|
1328
1476
|
upndomain="EXAMPLE.ORG",
|
1329
1477
|
discoverdn=False,
|
1330
1478
|
groupdn="OU=Groups,DC=example,DC=org",
|
1331
|
-
groupfilter="(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))"
|
1479
|
+
groupfilter="(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))",
|
1480
|
+
rotation_schedule="0 * * * SAT",
|
1481
|
+
rotation_window=3600)
|
1332
1482
|
```
|
1333
1483
|
|
1334
1484
|
## Import
|
@@ -1348,6 +1498,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1348
1498
|
:param pulumi.Input[int] connection_timeout: Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in `url` (integer: 30)
|
1349
1499
|
:param pulumi.Input[bool] deny_null_bind: Prevents users from bypassing authentication when providing an empty password.
|
1350
1500
|
:param pulumi.Input[str] description: Description for the LDAP auth backend mount
|
1501
|
+
:param pulumi.Input[bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
1351
1502
|
:param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
|
1352
1503
|
See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
|
1353
1504
|
:param pulumi.Input[bool] discoverdn: Use anonymous bind to discover the bind DN of a user.
|
@@ -1363,6 +1514,13 @@ class AuthBackend(pulumi.CustomResource):
|
|
1363
1514
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
1364
1515
|
*Available only for Vault Enterprise*.
|
1365
1516
|
:param pulumi.Input[str] path: Path to mount the LDAP auth backend under
|
1517
|
+
:param pulumi.Input[int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
|
1518
|
+
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
1519
|
+
:param pulumi.Input[str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
1520
|
+
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
1521
|
+
:param pulumi.Input[int] rotation_window: The maximum amount of time in seconds allowed to complete
|
1522
|
+
a rotation when a scheduled token rotation occurs. The default rotation window is
|
1523
|
+
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
|
1366
1524
|
:param pulumi.Input[bool] starttls: Control use of TLS when conecting to LDAP
|
1367
1525
|
:param pulumi.Input[str] tls_max_version: Maximum acceptable version of TLS
|
1368
1526
|
:param pulumi.Input[str] tls_min_version: Minimum acceptable version of TLS
|
@@ -1406,7 +1564,9 @@ class AuthBackend(pulumi.CustomResource):
|
|
1406
1564
|
upndomain="EXAMPLE.ORG",
|
1407
1565
|
discoverdn=False,
|
1408
1566
|
groupdn="OU=Groups,DC=example,DC=org",
|
1409
|
-
groupfilter="(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))"
|
1567
|
+
groupfilter="(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))",
|
1568
|
+
rotation_schedule="0 * * * SAT",
|
1569
|
+
rotation_window=3600)
|
1410
1570
|
```
|
1411
1571
|
|
1412
1572
|
## Import
|
@@ -1441,6 +1601,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1441
1601
|
connection_timeout: Optional[pulumi.Input[int]] = None,
|
1442
1602
|
deny_null_bind: Optional[pulumi.Input[bool]] = None,
|
1443
1603
|
description: Optional[pulumi.Input[str]] = None,
|
1604
|
+
disable_automated_rotation: Optional[pulumi.Input[bool]] = None,
|
1444
1605
|
disable_remount: Optional[pulumi.Input[bool]] = None,
|
1445
1606
|
discoverdn: Optional[pulumi.Input[bool]] = None,
|
1446
1607
|
groupattr: Optional[pulumi.Input[str]] = None,
|
@@ -1451,6 +1612,9 @@ class AuthBackend(pulumi.CustomResource):
|
|
1451
1612
|
max_page_size: Optional[pulumi.Input[int]] = None,
|
1452
1613
|
namespace: Optional[pulumi.Input[str]] = None,
|
1453
1614
|
path: Optional[pulumi.Input[str]] = None,
|
1615
|
+
rotation_period: Optional[pulumi.Input[int]] = None,
|
1616
|
+
rotation_schedule: Optional[pulumi.Input[str]] = None,
|
1617
|
+
rotation_window: Optional[pulumi.Input[int]] = None,
|
1454
1618
|
starttls: Optional[pulumi.Input[bool]] = None,
|
1455
1619
|
tls_max_version: Optional[pulumi.Input[str]] = None,
|
1456
1620
|
tls_min_version: Optional[pulumi.Input[str]] = None,
|
@@ -1488,6 +1652,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1488
1652
|
__props__.__dict__["connection_timeout"] = connection_timeout
|
1489
1653
|
__props__.__dict__["deny_null_bind"] = deny_null_bind
|
1490
1654
|
__props__.__dict__["description"] = description
|
1655
|
+
__props__.__dict__["disable_automated_rotation"] = disable_automated_rotation
|
1491
1656
|
__props__.__dict__["disable_remount"] = disable_remount
|
1492
1657
|
__props__.__dict__["discoverdn"] = discoverdn
|
1493
1658
|
__props__.__dict__["groupattr"] = groupattr
|
@@ -1498,6 +1663,9 @@ class AuthBackend(pulumi.CustomResource):
|
|
1498
1663
|
__props__.__dict__["max_page_size"] = max_page_size
|
1499
1664
|
__props__.__dict__["namespace"] = namespace
|
1500
1665
|
__props__.__dict__["path"] = path
|
1666
|
+
__props__.__dict__["rotation_period"] = rotation_period
|
1667
|
+
__props__.__dict__["rotation_schedule"] = rotation_schedule
|
1668
|
+
__props__.__dict__["rotation_window"] = rotation_window
|
1501
1669
|
__props__.__dict__["starttls"] = starttls
|
1502
1670
|
__props__.__dict__["tls_max_version"] = tls_max_version
|
1503
1671
|
__props__.__dict__["tls_min_version"] = tls_min_version
|
@@ -1542,6 +1710,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1542
1710
|
connection_timeout: Optional[pulumi.Input[int]] = None,
|
1543
1711
|
deny_null_bind: Optional[pulumi.Input[bool]] = None,
|
1544
1712
|
description: Optional[pulumi.Input[str]] = None,
|
1713
|
+
disable_automated_rotation: Optional[pulumi.Input[bool]] = None,
|
1545
1714
|
disable_remount: Optional[pulumi.Input[bool]] = None,
|
1546
1715
|
discoverdn: Optional[pulumi.Input[bool]] = None,
|
1547
1716
|
groupattr: Optional[pulumi.Input[str]] = None,
|
@@ -1552,6 +1721,9 @@ class AuthBackend(pulumi.CustomResource):
|
|
1552
1721
|
max_page_size: Optional[pulumi.Input[int]] = None,
|
1553
1722
|
namespace: Optional[pulumi.Input[str]] = None,
|
1554
1723
|
path: Optional[pulumi.Input[str]] = None,
|
1724
|
+
rotation_period: Optional[pulumi.Input[int]] = None,
|
1725
|
+
rotation_schedule: Optional[pulumi.Input[str]] = None,
|
1726
|
+
rotation_window: Optional[pulumi.Input[int]] = None,
|
1555
1727
|
starttls: Optional[pulumi.Input[bool]] = None,
|
1556
1728
|
tls_max_version: Optional[pulumi.Input[str]] = None,
|
1557
1729
|
tls_min_version: Optional[pulumi.Input[str]] = None,
|
@@ -1586,6 +1758,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1586
1758
|
:param pulumi.Input[int] connection_timeout: Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in `url` (integer: 30)
|
1587
1759
|
:param pulumi.Input[bool] deny_null_bind: Prevents users from bypassing authentication when providing an empty password.
|
1588
1760
|
:param pulumi.Input[str] description: Description for the LDAP auth backend mount
|
1761
|
+
:param pulumi.Input[bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
1589
1762
|
:param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
|
1590
1763
|
See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
|
1591
1764
|
:param pulumi.Input[bool] discoverdn: Use anonymous bind to discover the bind DN of a user.
|
@@ -1601,6 +1774,13 @@ class AuthBackend(pulumi.CustomResource):
|
|
1601
1774
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
1602
1775
|
*Available only for Vault Enterprise*.
|
1603
1776
|
:param pulumi.Input[str] path: Path to mount the LDAP auth backend under
|
1777
|
+
:param pulumi.Input[int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
|
1778
|
+
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
1779
|
+
:param pulumi.Input[str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
1780
|
+
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
1781
|
+
:param pulumi.Input[int] rotation_window: The maximum amount of time in seconds allowed to complete
|
1782
|
+
a rotation when a scheduled token rotation occurs. The default rotation window is
|
1783
|
+
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
|
1604
1784
|
:param pulumi.Input[bool] starttls: Control use of TLS when conecting to LDAP
|
1605
1785
|
:param pulumi.Input[str] tls_max_version: Maximum acceptable version of TLS
|
1606
1786
|
:param pulumi.Input[str] tls_min_version: Minimum acceptable version of TLS
|
@@ -1635,6 +1815,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1635
1815
|
__props__.__dict__["connection_timeout"] = connection_timeout
|
1636
1816
|
__props__.__dict__["deny_null_bind"] = deny_null_bind
|
1637
1817
|
__props__.__dict__["description"] = description
|
1818
|
+
__props__.__dict__["disable_automated_rotation"] = disable_automated_rotation
|
1638
1819
|
__props__.__dict__["disable_remount"] = disable_remount
|
1639
1820
|
__props__.__dict__["discoverdn"] = discoverdn
|
1640
1821
|
__props__.__dict__["groupattr"] = groupattr
|
@@ -1645,6 +1826,9 @@ class AuthBackend(pulumi.CustomResource):
|
|
1645
1826
|
__props__.__dict__["max_page_size"] = max_page_size
|
1646
1827
|
__props__.__dict__["namespace"] = namespace
|
1647
1828
|
__props__.__dict__["path"] = path
|
1829
|
+
__props__.__dict__["rotation_period"] = rotation_period
|
1830
|
+
__props__.__dict__["rotation_schedule"] = rotation_schedule
|
1831
|
+
__props__.__dict__["rotation_window"] = rotation_window
|
1648
1832
|
__props__.__dict__["starttls"] = starttls
|
1649
1833
|
__props__.__dict__["tls_max_version"] = tls_max_version
|
1650
1834
|
__props__.__dict__["tls_min_version"] = tls_min_version
|
@@ -1740,6 +1924,14 @@ class AuthBackend(pulumi.CustomResource):
|
|
1740
1924
|
"""
|
1741
1925
|
return pulumi.get(self, "description")
|
1742
1926
|
|
1927
|
+
@property
|
1928
|
+
@pulumi.getter(name="disableAutomatedRotation")
|
1929
|
+
def disable_automated_rotation(self) -> pulumi.Output[Optional[bool]]:
|
1930
|
+
"""
|
1931
|
+
Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
1932
|
+
"""
|
1933
|
+
return pulumi.get(self, "disable_automated_rotation")
|
1934
|
+
|
1743
1935
|
@property
|
1744
1936
|
@pulumi.getter(name="disableRemount")
|
1745
1937
|
def disable_remount(self) -> pulumi.Output[Optional[bool]]:
|
@@ -1825,6 +2017,34 @@ class AuthBackend(pulumi.CustomResource):
|
|
1825
2017
|
"""
|
1826
2018
|
return pulumi.get(self, "path")
|
1827
2019
|
|
2020
|
+
@property
|
2021
|
+
@pulumi.getter(name="rotationPeriod")
|
2022
|
+
def rotation_period(self) -> pulumi.Output[Optional[int]]:
|
2023
|
+
"""
|
2024
|
+
The amount of time in seconds Vault should wait before rotating the root credential.
|
2025
|
+
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
2026
|
+
"""
|
2027
|
+
return pulumi.get(self, "rotation_period")
|
2028
|
+
|
2029
|
+
@property
|
2030
|
+
@pulumi.getter(name="rotationSchedule")
|
2031
|
+
def rotation_schedule(self) -> pulumi.Output[Optional[str]]:
|
2032
|
+
"""
|
2033
|
+
The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
2034
|
+
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
2035
|
+
"""
|
2036
|
+
return pulumi.get(self, "rotation_schedule")
|
2037
|
+
|
2038
|
+
@property
|
2039
|
+
@pulumi.getter(name="rotationWindow")
|
2040
|
+
def rotation_window(self) -> pulumi.Output[Optional[int]]:
|
2041
|
+
"""
|
2042
|
+
The maximum amount of time in seconds allowed to complete
|
2043
|
+
a rotation when a scheduled token rotation occurs. The default rotation window is
|
2044
|
+
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
|
2045
|
+
"""
|
2046
|
+
return pulumi.get(self, "rotation_window")
|
2047
|
+
|
1828
2048
|
@property
|
1829
2049
|
@pulumi.getter
|
1830
2050
|
def starttls(self) -> pulumi.Output[bool]:
|