pulumi-vault 6.6.0a1741415971__py3-none-any.whl → 6.6.0a1741836364__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +8 -0
- pulumi_vault/aws/auth_backend_client.py +228 -4
- pulumi_vault/aws/secret_backend.py +266 -50
- pulumi_vault/aws/secret_backend_static_role.py +217 -0
- pulumi_vault/azure/auth_backend_config.py +257 -5
- pulumi_vault/azure/backend.py +249 -4
- pulumi_vault/database/_inputs.py +1692 -36
- pulumi_vault/database/outputs.py +1170 -18
- pulumi_vault/database/secret_backend_connection.py +220 -0
- pulumi_vault/database/secret_backend_static_role.py +143 -1
- pulumi_vault/database/secrets_mount.py +8 -0
- pulumi_vault/gcp/auth_backend.py +222 -2
- pulumi_vault/gcp/secret_backend.py +244 -4
- pulumi_vault/ldap/auth_backend.py +222 -2
- pulumi_vault/ldap/secret_backend.py +222 -2
- pulumi_vault/pkisecret/__init__.py +2 -0
- pulumi_vault/pkisecret/_inputs.py +0 -6
- pulumi_vault/pkisecret/backend_config_acme.py +47 -0
- pulumi_vault/pkisecret/backend_config_auto_tidy.py +1376 -0
- pulumi_vault/pkisecret/backend_config_cmpv2.py +61 -14
- pulumi_vault/pkisecret/get_backend_cert_metadata.py +277 -0
- pulumi_vault/pkisecret/get_backend_config_cmpv2.py +18 -1
- pulumi_vault/pkisecret/get_backend_issuer.py +114 -1
- pulumi_vault/pkisecret/outputs.py +0 -4
- pulumi_vault/pkisecret/secret_backend_cert.py +148 -7
- pulumi_vault/pkisecret/secret_backend_crl_config.py +54 -0
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +141 -0
- pulumi_vault/pkisecret/secret_backend_issuer.py +265 -0
- pulumi_vault/pkisecret/secret_backend_role.py +252 -3
- pulumi_vault/pkisecret/secret_backend_root_cert.py +423 -0
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +581 -3
- pulumi_vault/pkisecret/secret_backend_sign.py +94 -0
- pulumi_vault/pulumi-plugin.json +1 -1
- pulumi_vault/ssh/__init__.py +1 -0
- pulumi_vault/ssh/get_secret_backend_sign.py +294 -0
- pulumi_vault/terraformcloud/secret_role.py +7 -7
- pulumi_vault/transit/__init__.py +2 -0
- pulumi_vault/transit/get_sign.py +324 -0
- pulumi_vault/transit/get_verify.py +354 -0
- pulumi_vault/transit/secret_backend_key.py +162 -0
- {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.6.0a1741836364.dist-info}/METADATA +1 -1
- {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.6.0a1741836364.dist-info}/RECORD +44 -39
- {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.6.0a1741836364.dist-info}/WHEEL +1 -1
- {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.6.0a1741836364.dist-info}/top_level.txt +0 -0
pulumi_vault/azure/backend.py
CHANGED
|
@@ -24,6 +24,7 @@ class BackendArgs:
|
|
|
24
24
|
client_id: Optional[pulumi.Input[str]] = None,
|
|
25
25
|
client_secret: Optional[pulumi.Input[str]] = None,
|
|
26
26
|
description: Optional[pulumi.Input[str]] = None,
|
|
27
|
+
disable_automated_rotation: Optional[pulumi.Input[bool]] = None,
|
|
27
28
|
disable_remount: Optional[pulumi.Input[bool]] = None,
|
|
28
29
|
environment: Optional[pulumi.Input[str]] = None,
|
|
29
30
|
identity_token_audience: Optional[pulumi.Input[str]] = None,
|
|
@@ -31,6 +32,9 @@ class BackendArgs:
|
|
|
31
32
|
identity_token_ttl: Optional[pulumi.Input[int]] = None,
|
|
32
33
|
namespace: Optional[pulumi.Input[str]] = None,
|
|
33
34
|
path: Optional[pulumi.Input[str]] = None,
|
|
35
|
+
rotation_period: Optional[pulumi.Input[int]] = None,
|
|
36
|
+
rotation_schedule: Optional[pulumi.Input[str]] = None,
|
|
37
|
+
rotation_window: Optional[pulumi.Input[int]] = None,
|
|
34
38
|
use_microsoft_graph_api: Optional[pulumi.Input[bool]] = None):
|
|
35
39
|
"""
|
|
36
40
|
The set of arguments for constructing a Backend resource.
|
|
@@ -39,6 +43,8 @@ class BackendArgs:
|
|
|
39
43
|
:param pulumi.Input[str] client_id: The OAuth2 client id to connect to Azure.
|
|
40
44
|
:param pulumi.Input[str] client_secret: The OAuth2 client secret to connect to Azure.
|
|
41
45
|
:param pulumi.Input[str] description: Human-friendly description of the mount for the backend.
|
|
46
|
+
:param pulumi.Input[bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
|
47
|
+
*Available only for Vault Enterprise*
|
|
42
48
|
:param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
|
|
43
49
|
See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
|
|
44
50
|
:param pulumi.Input[str] environment: The Azure environment.
|
|
@@ -53,6 +59,15 @@ class BackendArgs:
|
|
|
53
59
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
|
54
60
|
*Available only for Vault Enterprise*.
|
|
55
61
|
:param pulumi.Input[str] path: The unique path this backend should be mounted at. Defaults to `azure`.
|
|
62
|
+
:param pulumi.Input[int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
|
|
63
|
+
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
|
64
|
+
*Available only for Vault Enterprise*
|
|
65
|
+
:param pulumi.Input[str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
|
66
|
+
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
|
67
|
+
*Available only for Vault Enterprise*
|
|
68
|
+
:param pulumi.Input[int] rotation_window: The maximum amount of time in seconds allowed to complete
|
|
69
|
+
a rotation when a scheduled token rotation occurs. The default rotation window is
|
|
70
|
+
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+. *Available only for Vault Enterprise*
|
|
56
71
|
:param pulumi.Input[bool] use_microsoft_graph_api: Use the Microsoft Graph API. Should be set to true on vault-1.10+
|
|
57
72
|
"""
|
|
58
73
|
pulumi.set(__self__, "subscription_id", subscription_id)
|
|
@@ -63,6 +78,8 @@ class BackendArgs:
|
|
|
63
78
|
pulumi.set(__self__, "client_secret", client_secret)
|
|
64
79
|
if description is not None:
|
|
65
80
|
pulumi.set(__self__, "description", description)
|
|
81
|
+
if disable_automated_rotation is not None:
|
|
82
|
+
pulumi.set(__self__, "disable_automated_rotation", disable_automated_rotation)
|
|
66
83
|
if disable_remount is not None:
|
|
67
84
|
pulumi.set(__self__, "disable_remount", disable_remount)
|
|
68
85
|
if environment is not None:
|
|
@@ -77,6 +94,12 @@ class BackendArgs:
|
|
|
77
94
|
pulumi.set(__self__, "namespace", namespace)
|
|
78
95
|
if path is not None:
|
|
79
96
|
pulumi.set(__self__, "path", path)
|
|
97
|
+
if rotation_period is not None:
|
|
98
|
+
pulumi.set(__self__, "rotation_period", rotation_period)
|
|
99
|
+
if rotation_schedule is not None:
|
|
100
|
+
pulumi.set(__self__, "rotation_schedule", rotation_schedule)
|
|
101
|
+
if rotation_window is not None:
|
|
102
|
+
pulumi.set(__self__, "rotation_window", rotation_window)
|
|
80
103
|
if use_microsoft_graph_api is not None:
|
|
81
104
|
warnings.warn("""This field is not supported in Vault-1.12+ and is the default behavior. This field will be removed in future version of the provider.""", DeprecationWarning)
|
|
82
105
|
pulumi.log.warn("""use_microsoft_graph_api is deprecated: This field is not supported in Vault-1.12+ and is the default behavior. This field will be removed in future version of the provider.""")
|
|
@@ -143,6 +166,19 @@ class BackendArgs:
|
|
|
143
166
|
def description(self, value: Optional[pulumi.Input[str]]):
|
|
144
167
|
pulumi.set(self, "description", value)
|
|
145
168
|
|
|
169
|
+
@property
|
|
170
|
+
@pulumi.getter(name="disableAutomatedRotation")
|
|
171
|
+
def disable_automated_rotation(self) -> Optional[pulumi.Input[bool]]:
|
|
172
|
+
"""
|
|
173
|
+
Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
|
174
|
+
*Available only for Vault Enterprise*
|
|
175
|
+
"""
|
|
176
|
+
return pulumi.get(self, "disable_automated_rotation")
|
|
177
|
+
|
|
178
|
+
@disable_automated_rotation.setter
|
|
179
|
+
def disable_automated_rotation(self, value: Optional[pulumi.Input[bool]]):
|
|
180
|
+
pulumi.set(self, "disable_automated_rotation", value)
|
|
181
|
+
|
|
146
182
|
@property
|
|
147
183
|
@pulumi.getter(name="disableRemount")
|
|
148
184
|
def disable_remount(self) -> Optional[pulumi.Input[bool]]:
|
|
@@ -234,6 +270,48 @@ class BackendArgs:
|
|
|
234
270
|
def path(self, value: Optional[pulumi.Input[str]]):
|
|
235
271
|
pulumi.set(self, "path", value)
|
|
236
272
|
|
|
273
|
+
@property
|
|
274
|
+
@pulumi.getter(name="rotationPeriod")
|
|
275
|
+
def rotation_period(self) -> Optional[pulumi.Input[int]]:
|
|
276
|
+
"""
|
|
277
|
+
The amount of time in seconds Vault should wait before rotating the root credential.
|
|
278
|
+
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
|
279
|
+
*Available only for Vault Enterprise*
|
|
280
|
+
"""
|
|
281
|
+
return pulumi.get(self, "rotation_period")
|
|
282
|
+
|
|
283
|
+
@rotation_period.setter
|
|
284
|
+
def rotation_period(self, value: Optional[pulumi.Input[int]]):
|
|
285
|
+
pulumi.set(self, "rotation_period", value)
|
|
286
|
+
|
|
287
|
+
@property
|
|
288
|
+
@pulumi.getter(name="rotationSchedule")
|
|
289
|
+
def rotation_schedule(self) -> Optional[pulumi.Input[str]]:
|
|
290
|
+
"""
|
|
291
|
+
The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
|
292
|
+
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
|
293
|
+
*Available only for Vault Enterprise*
|
|
294
|
+
"""
|
|
295
|
+
return pulumi.get(self, "rotation_schedule")
|
|
296
|
+
|
|
297
|
+
@rotation_schedule.setter
|
|
298
|
+
def rotation_schedule(self, value: Optional[pulumi.Input[str]]):
|
|
299
|
+
pulumi.set(self, "rotation_schedule", value)
|
|
300
|
+
|
|
301
|
+
@property
|
|
302
|
+
@pulumi.getter(name="rotationWindow")
|
|
303
|
+
def rotation_window(self) -> Optional[pulumi.Input[int]]:
|
|
304
|
+
"""
|
|
305
|
+
The maximum amount of time in seconds allowed to complete
|
|
306
|
+
a rotation when a scheduled token rotation occurs. The default rotation window is
|
|
307
|
+
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+. *Available only for Vault Enterprise*
|
|
308
|
+
"""
|
|
309
|
+
return pulumi.get(self, "rotation_window")
|
|
310
|
+
|
|
311
|
+
@rotation_window.setter
|
|
312
|
+
def rotation_window(self, value: Optional[pulumi.Input[int]]):
|
|
313
|
+
pulumi.set(self, "rotation_window", value)
|
|
314
|
+
|
|
237
315
|
@property
|
|
238
316
|
@pulumi.getter(name="useMicrosoftGraphApi")
|
|
239
317
|
@_utilities.deprecated("""This field is not supported in Vault-1.12+ and is the default behavior. This field will be removed in future version of the provider.""")
|
|
@@ -254,6 +332,7 @@ class _BackendState:
|
|
|
254
332
|
client_id: Optional[pulumi.Input[str]] = None,
|
|
255
333
|
client_secret: Optional[pulumi.Input[str]] = None,
|
|
256
334
|
description: Optional[pulumi.Input[str]] = None,
|
|
335
|
+
disable_automated_rotation: Optional[pulumi.Input[bool]] = None,
|
|
257
336
|
disable_remount: Optional[pulumi.Input[bool]] = None,
|
|
258
337
|
environment: Optional[pulumi.Input[str]] = None,
|
|
259
338
|
identity_token_audience: Optional[pulumi.Input[str]] = None,
|
|
@@ -261,6 +340,9 @@ class _BackendState:
|
|
|
261
340
|
identity_token_ttl: Optional[pulumi.Input[int]] = None,
|
|
262
341
|
namespace: Optional[pulumi.Input[str]] = None,
|
|
263
342
|
path: Optional[pulumi.Input[str]] = None,
|
|
343
|
+
rotation_period: Optional[pulumi.Input[int]] = None,
|
|
344
|
+
rotation_schedule: Optional[pulumi.Input[str]] = None,
|
|
345
|
+
rotation_window: Optional[pulumi.Input[int]] = None,
|
|
264
346
|
subscription_id: Optional[pulumi.Input[str]] = None,
|
|
265
347
|
tenant_id: Optional[pulumi.Input[str]] = None,
|
|
266
348
|
use_microsoft_graph_api: Optional[pulumi.Input[bool]] = None):
|
|
@@ -269,6 +351,8 @@ class _BackendState:
|
|
|
269
351
|
:param pulumi.Input[str] client_id: The OAuth2 client id to connect to Azure.
|
|
270
352
|
:param pulumi.Input[str] client_secret: The OAuth2 client secret to connect to Azure.
|
|
271
353
|
:param pulumi.Input[str] description: Human-friendly description of the mount for the backend.
|
|
354
|
+
:param pulumi.Input[bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
|
355
|
+
*Available only for Vault Enterprise*
|
|
272
356
|
:param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
|
|
273
357
|
See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
|
|
274
358
|
:param pulumi.Input[str] environment: The Azure environment.
|
|
@@ -283,6 +367,15 @@ class _BackendState:
|
|
|
283
367
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
|
284
368
|
*Available only for Vault Enterprise*.
|
|
285
369
|
:param pulumi.Input[str] path: The unique path this backend should be mounted at. Defaults to `azure`.
|
|
370
|
+
:param pulumi.Input[int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
|
|
371
|
+
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
|
372
|
+
*Available only for Vault Enterprise*
|
|
373
|
+
:param pulumi.Input[str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
|
374
|
+
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
|
375
|
+
*Available only for Vault Enterprise*
|
|
376
|
+
:param pulumi.Input[int] rotation_window: The maximum amount of time in seconds allowed to complete
|
|
377
|
+
a rotation when a scheduled token rotation occurs. The default rotation window is
|
|
378
|
+
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+. *Available only for Vault Enterprise*
|
|
286
379
|
:param pulumi.Input[str] subscription_id: The subscription id for the Azure Active Directory.
|
|
287
380
|
:param pulumi.Input[str] tenant_id: The tenant id for the Azure Active Directory.
|
|
288
381
|
:param pulumi.Input[bool] use_microsoft_graph_api: Use the Microsoft Graph API. Should be set to true on vault-1.10+
|
|
@@ -293,6 +386,8 @@ class _BackendState:
|
|
|
293
386
|
pulumi.set(__self__, "client_secret", client_secret)
|
|
294
387
|
if description is not None:
|
|
295
388
|
pulumi.set(__self__, "description", description)
|
|
389
|
+
if disable_automated_rotation is not None:
|
|
390
|
+
pulumi.set(__self__, "disable_automated_rotation", disable_automated_rotation)
|
|
296
391
|
if disable_remount is not None:
|
|
297
392
|
pulumi.set(__self__, "disable_remount", disable_remount)
|
|
298
393
|
if environment is not None:
|
|
@@ -307,6 +402,12 @@ class _BackendState:
|
|
|
307
402
|
pulumi.set(__self__, "namespace", namespace)
|
|
308
403
|
if path is not None:
|
|
309
404
|
pulumi.set(__self__, "path", path)
|
|
405
|
+
if rotation_period is not None:
|
|
406
|
+
pulumi.set(__self__, "rotation_period", rotation_period)
|
|
407
|
+
if rotation_schedule is not None:
|
|
408
|
+
pulumi.set(__self__, "rotation_schedule", rotation_schedule)
|
|
409
|
+
if rotation_window is not None:
|
|
410
|
+
pulumi.set(__self__, "rotation_window", rotation_window)
|
|
310
411
|
if subscription_id is not None:
|
|
311
412
|
pulumi.set(__self__, "subscription_id", subscription_id)
|
|
312
413
|
if tenant_id is not None:
|
|
@@ -353,6 +454,19 @@ class _BackendState:
|
|
|
353
454
|
def description(self, value: Optional[pulumi.Input[str]]):
|
|
354
455
|
pulumi.set(self, "description", value)
|
|
355
456
|
|
|
457
|
+
@property
|
|
458
|
+
@pulumi.getter(name="disableAutomatedRotation")
|
|
459
|
+
def disable_automated_rotation(self) -> Optional[pulumi.Input[bool]]:
|
|
460
|
+
"""
|
|
461
|
+
Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
|
462
|
+
*Available only for Vault Enterprise*
|
|
463
|
+
"""
|
|
464
|
+
return pulumi.get(self, "disable_automated_rotation")
|
|
465
|
+
|
|
466
|
+
@disable_automated_rotation.setter
|
|
467
|
+
def disable_automated_rotation(self, value: Optional[pulumi.Input[bool]]):
|
|
468
|
+
pulumi.set(self, "disable_automated_rotation", value)
|
|
469
|
+
|
|
356
470
|
@property
|
|
357
471
|
@pulumi.getter(name="disableRemount")
|
|
358
472
|
def disable_remount(self) -> Optional[pulumi.Input[bool]]:
|
|
@@ -444,6 +558,48 @@ class _BackendState:
|
|
|
444
558
|
def path(self, value: Optional[pulumi.Input[str]]):
|
|
445
559
|
pulumi.set(self, "path", value)
|
|
446
560
|
|
|
561
|
+
@property
|
|
562
|
+
@pulumi.getter(name="rotationPeriod")
|
|
563
|
+
def rotation_period(self) -> Optional[pulumi.Input[int]]:
|
|
564
|
+
"""
|
|
565
|
+
The amount of time in seconds Vault should wait before rotating the root credential.
|
|
566
|
+
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
|
567
|
+
*Available only for Vault Enterprise*
|
|
568
|
+
"""
|
|
569
|
+
return pulumi.get(self, "rotation_period")
|
|
570
|
+
|
|
571
|
+
@rotation_period.setter
|
|
572
|
+
def rotation_period(self, value: Optional[pulumi.Input[int]]):
|
|
573
|
+
pulumi.set(self, "rotation_period", value)
|
|
574
|
+
|
|
575
|
+
@property
|
|
576
|
+
@pulumi.getter(name="rotationSchedule")
|
|
577
|
+
def rotation_schedule(self) -> Optional[pulumi.Input[str]]:
|
|
578
|
+
"""
|
|
579
|
+
The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
|
580
|
+
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
|
581
|
+
*Available only for Vault Enterprise*
|
|
582
|
+
"""
|
|
583
|
+
return pulumi.get(self, "rotation_schedule")
|
|
584
|
+
|
|
585
|
+
@rotation_schedule.setter
|
|
586
|
+
def rotation_schedule(self, value: Optional[pulumi.Input[str]]):
|
|
587
|
+
pulumi.set(self, "rotation_schedule", value)
|
|
588
|
+
|
|
589
|
+
@property
|
|
590
|
+
@pulumi.getter(name="rotationWindow")
|
|
591
|
+
def rotation_window(self) -> Optional[pulumi.Input[int]]:
|
|
592
|
+
"""
|
|
593
|
+
The maximum amount of time in seconds allowed to complete
|
|
594
|
+
a rotation when a scheduled token rotation occurs. The default rotation window is
|
|
595
|
+
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+. *Available only for Vault Enterprise*
|
|
596
|
+
"""
|
|
597
|
+
return pulumi.get(self, "rotation_window")
|
|
598
|
+
|
|
599
|
+
@rotation_window.setter
|
|
600
|
+
def rotation_window(self, value: Optional[pulumi.Input[int]]):
|
|
601
|
+
pulumi.set(self, "rotation_window", value)
|
|
602
|
+
|
|
447
603
|
@property
|
|
448
604
|
@pulumi.getter(name="subscriptionId")
|
|
449
605
|
def subscription_id(self) -> Optional[pulumi.Input[str]]:
|
|
@@ -490,6 +646,7 @@ class Backend(pulumi.CustomResource):
|
|
|
490
646
|
client_id: Optional[pulumi.Input[str]] = None,
|
|
491
647
|
client_secret: Optional[pulumi.Input[str]] = None,
|
|
492
648
|
description: Optional[pulumi.Input[str]] = None,
|
|
649
|
+
disable_automated_rotation: Optional[pulumi.Input[bool]] = None,
|
|
493
650
|
disable_remount: Optional[pulumi.Input[bool]] = None,
|
|
494
651
|
environment: Optional[pulumi.Input[str]] = None,
|
|
495
652
|
identity_token_audience: Optional[pulumi.Input[str]] = None,
|
|
@@ -497,6 +654,9 @@ class Backend(pulumi.CustomResource):
|
|
|
497
654
|
identity_token_ttl: Optional[pulumi.Input[int]] = None,
|
|
498
655
|
namespace: Optional[pulumi.Input[str]] = None,
|
|
499
656
|
path: Optional[pulumi.Input[str]] = None,
|
|
657
|
+
rotation_period: Optional[pulumi.Input[int]] = None,
|
|
658
|
+
rotation_schedule: Optional[pulumi.Input[str]] = None,
|
|
659
|
+
rotation_window: Optional[pulumi.Input[int]] = None,
|
|
500
660
|
subscription_id: Optional[pulumi.Input[str]] = None,
|
|
501
661
|
tenant_id: Optional[pulumi.Input[str]] = None,
|
|
502
662
|
use_microsoft_graph_api: Optional[pulumi.Input[bool]] = None,
|
|
@@ -516,7 +676,9 @@ class Backend(pulumi.CustomResource):
|
|
|
516
676
|
tenant_id="11111111-2222-3333-4444-222222222222",
|
|
517
677
|
client_id="11111111-2222-3333-4444-333333333333",
|
|
518
678
|
identity_token_audience="<TOKEN_AUDIENCE>",
|
|
519
|
-
identity_token_ttl="<TOKEN_TTL>"
|
|
679
|
+
identity_token_ttl="<TOKEN_TTL>",
|
|
680
|
+
rotation_schedule="0 * * * SAT",
|
|
681
|
+
rotation_window=3600)
|
|
520
682
|
```
|
|
521
683
|
|
|
522
684
|
```python
|
|
@@ -529,7 +691,9 @@ class Backend(pulumi.CustomResource):
|
|
|
529
691
|
tenant_id="11111111-2222-3333-4444-222222222222",
|
|
530
692
|
client_id="11111111-2222-3333-4444-333333333333",
|
|
531
693
|
client_secret="12345678901234567890",
|
|
532
|
-
environment="AzurePublicCloud"
|
|
694
|
+
environment="AzurePublicCloud",
|
|
695
|
+
rotation_schedule="0 * * * SAT",
|
|
696
|
+
rotation_window=3600)
|
|
533
697
|
```
|
|
534
698
|
|
|
535
699
|
### *Vault-1.8 And Below*
|
|
@@ -552,6 +716,8 @@ class Backend(pulumi.CustomResource):
|
|
|
552
716
|
:param pulumi.Input[str] client_id: The OAuth2 client id to connect to Azure.
|
|
553
717
|
:param pulumi.Input[str] client_secret: The OAuth2 client secret to connect to Azure.
|
|
554
718
|
:param pulumi.Input[str] description: Human-friendly description of the mount for the backend.
|
|
719
|
+
:param pulumi.Input[bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
|
720
|
+
*Available only for Vault Enterprise*
|
|
555
721
|
:param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
|
|
556
722
|
See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
|
|
557
723
|
:param pulumi.Input[str] environment: The Azure environment.
|
|
@@ -566,6 +732,15 @@ class Backend(pulumi.CustomResource):
|
|
|
566
732
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
|
567
733
|
*Available only for Vault Enterprise*.
|
|
568
734
|
:param pulumi.Input[str] path: The unique path this backend should be mounted at. Defaults to `azure`.
|
|
735
|
+
:param pulumi.Input[int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
|
|
736
|
+
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
|
737
|
+
*Available only for Vault Enterprise*
|
|
738
|
+
:param pulumi.Input[str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
|
739
|
+
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
|
740
|
+
*Available only for Vault Enterprise*
|
|
741
|
+
:param pulumi.Input[int] rotation_window: The maximum amount of time in seconds allowed to complete
|
|
742
|
+
a rotation when a scheduled token rotation occurs. The default rotation window is
|
|
743
|
+
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+. *Available only for Vault Enterprise*
|
|
569
744
|
:param pulumi.Input[str] subscription_id: The subscription id for the Azure Active Directory.
|
|
570
745
|
:param pulumi.Input[str] tenant_id: The tenant id for the Azure Active Directory.
|
|
571
746
|
:param pulumi.Input[bool] use_microsoft_graph_api: Use the Microsoft Graph API. Should be set to true on vault-1.10+
|
|
@@ -591,7 +766,9 @@ class Backend(pulumi.CustomResource):
|
|
|
591
766
|
tenant_id="11111111-2222-3333-4444-222222222222",
|
|
592
767
|
client_id="11111111-2222-3333-4444-333333333333",
|
|
593
768
|
identity_token_audience="<TOKEN_AUDIENCE>",
|
|
594
|
-
identity_token_ttl="<TOKEN_TTL>"
|
|
769
|
+
identity_token_ttl="<TOKEN_TTL>",
|
|
770
|
+
rotation_schedule="0 * * * SAT",
|
|
771
|
+
rotation_window=3600)
|
|
595
772
|
```
|
|
596
773
|
|
|
597
774
|
```python
|
|
@@ -604,7 +781,9 @@ class Backend(pulumi.CustomResource):
|
|
|
604
781
|
tenant_id="11111111-2222-3333-4444-222222222222",
|
|
605
782
|
client_id="11111111-2222-3333-4444-333333333333",
|
|
606
783
|
client_secret="12345678901234567890",
|
|
607
|
-
environment="AzurePublicCloud"
|
|
784
|
+
environment="AzurePublicCloud",
|
|
785
|
+
rotation_schedule="0 * * * SAT",
|
|
786
|
+
rotation_window=3600)
|
|
608
787
|
```
|
|
609
788
|
|
|
610
789
|
### *Vault-1.8 And Below*
|
|
@@ -640,6 +819,7 @@ class Backend(pulumi.CustomResource):
|
|
|
640
819
|
client_id: Optional[pulumi.Input[str]] = None,
|
|
641
820
|
client_secret: Optional[pulumi.Input[str]] = None,
|
|
642
821
|
description: Optional[pulumi.Input[str]] = None,
|
|
822
|
+
disable_automated_rotation: Optional[pulumi.Input[bool]] = None,
|
|
643
823
|
disable_remount: Optional[pulumi.Input[bool]] = None,
|
|
644
824
|
environment: Optional[pulumi.Input[str]] = None,
|
|
645
825
|
identity_token_audience: Optional[pulumi.Input[str]] = None,
|
|
@@ -647,6 +827,9 @@ class Backend(pulumi.CustomResource):
|
|
|
647
827
|
identity_token_ttl: Optional[pulumi.Input[int]] = None,
|
|
648
828
|
namespace: Optional[pulumi.Input[str]] = None,
|
|
649
829
|
path: Optional[pulumi.Input[str]] = None,
|
|
830
|
+
rotation_period: Optional[pulumi.Input[int]] = None,
|
|
831
|
+
rotation_schedule: Optional[pulumi.Input[str]] = None,
|
|
832
|
+
rotation_window: Optional[pulumi.Input[int]] = None,
|
|
650
833
|
subscription_id: Optional[pulumi.Input[str]] = None,
|
|
651
834
|
tenant_id: Optional[pulumi.Input[str]] = None,
|
|
652
835
|
use_microsoft_graph_api: Optional[pulumi.Input[bool]] = None,
|
|
@@ -662,6 +845,7 @@ class Backend(pulumi.CustomResource):
|
|
|
662
845
|
__props__.__dict__["client_id"] = None if client_id is None else pulumi.Output.secret(client_id)
|
|
663
846
|
__props__.__dict__["client_secret"] = None if client_secret is None else pulumi.Output.secret(client_secret)
|
|
664
847
|
__props__.__dict__["description"] = description
|
|
848
|
+
__props__.__dict__["disable_automated_rotation"] = disable_automated_rotation
|
|
665
849
|
__props__.__dict__["disable_remount"] = disable_remount
|
|
666
850
|
__props__.__dict__["environment"] = environment
|
|
667
851
|
__props__.__dict__["identity_token_audience"] = identity_token_audience
|
|
@@ -669,6 +853,9 @@ class Backend(pulumi.CustomResource):
|
|
|
669
853
|
__props__.__dict__["identity_token_ttl"] = identity_token_ttl
|
|
670
854
|
__props__.__dict__["namespace"] = namespace
|
|
671
855
|
__props__.__dict__["path"] = path
|
|
856
|
+
__props__.__dict__["rotation_period"] = rotation_period
|
|
857
|
+
__props__.__dict__["rotation_schedule"] = rotation_schedule
|
|
858
|
+
__props__.__dict__["rotation_window"] = rotation_window
|
|
672
859
|
if subscription_id is None and not opts.urn:
|
|
673
860
|
raise TypeError("Missing required property 'subscription_id'")
|
|
674
861
|
__props__.__dict__["subscription_id"] = None if subscription_id is None else pulumi.Output.secret(subscription_id)
|
|
@@ -691,6 +878,7 @@ class Backend(pulumi.CustomResource):
|
|
|
691
878
|
client_id: Optional[pulumi.Input[str]] = None,
|
|
692
879
|
client_secret: Optional[pulumi.Input[str]] = None,
|
|
693
880
|
description: Optional[pulumi.Input[str]] = None,
|
|
881
|
+
disable_automated_rotation: Optional[pulumi.Input[bool]] = None,
|
|
694
882
|
disable_remount: Optional[pulumi.Input[bool]] = None,
|
|
695
883
|
environment: Optional[pulumi.Input[str]] = None,
|
|
696
884
|
identity_token_audience: Optional[pulumi.Input[str]] = None,
|
|
@@ -698,6 +886,9 @@ class Backend(pulumi.CustomResource):
|
|
|
698
886
|
identity_token_ttl: Optional[pulumi.Input[int]] = None,
|
|
699
887
|
namespace: Optional[pulumi.Input[str]] = None,
|
|
700
888
|
path: Optional[pulumi.Input[str]] = None,
|
|
889
|
+
rotation_period: Optional[pulumi.Input[int]] = None,
|
|
890
|
+
rotation_schedule: Optional[pulumi.Input[str]] = None,
|
|
891
|
+
rotation_window: Optional[pulumi.Input[int]] = None,
|
|
701
892
|
subscription_id: Optional[pulumi.Input[str]] = None,
|
|
702
893
|
tenant_id: Optional[pulumi.Input[str]] = None,
|
|
703
894
|
use_microsoft_graph_api: Optional[pulumi.Input[bool]] = None) -> 'Backend':
|
|
@@ -711,6 +902,8 @@ class Backend(pulumi.CustomResource):
|
|
|
711
902
|
:param pulumi.Input[str] client_id: The OAuth2 client id to connect to Azure.
|
|
712
903
|
:param pulumi.Input[str] client_secret: The OAuth2 client secret to connect to Azure.
|
|
713
904
|
:param pulumi.Input[str] description: Human-friendly description of the mount for the backend.
|
|
905
|
+
:param pulumi.Input[bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
|
906
|
+
*Available only for Vault Enterprise*
|
|
714
907
|
:param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
|
|
715
908
|
See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
|
|
716
909
|
:param pulumi.Input[str] environment: The Azure environment.
|
|
@@ -725,6 +918,15 @@ class Backend(pulumi.CustomResource):
|
|
|
725
918
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
|
726
919
|
*Available only for Vault Enterprise*.
|
|
727
920
|
:param pulumi.Input[str] path: The unique path this backend should be mounted at. Defaults to `azure`.
|
|
921
|
+
:param pulumi.Input[int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
|
|
922
|
+
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
|
923
|
+
*Available only for Vault Enterprise*
|
|
924
|
+
:param pulumi.Input[str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
|
925
|
+
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
|
926
|
+
*Available only for Vault Enterprise*
|
|
927
|
+
:param pulumi.Input[int] rotation_window: The maximum amount of time in seconds allowed to complete
|
|
928
|
+
a rotation when a scheduled token rotation occurs. The default rotation window is
|
|
929
|
+
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+. *Available only for Vault Enterprise*
|
|
728
930
|
:param pulumi.Input[str] subscription_id: The subscription id for the Azure Active Directory.
|
|
729
931
|
:param pulumi.Input[str] tenant_id: The tenant id for the Azure Active Directory.
|
|
730
932
|
:param pulumi.Input[bool] use_microsoft_graph_api: Use the Microsoft Graph API. Should be set to true on vault-1.10+
|
|
@@ -736,6 +938,7 @@ class Backend(pulumi.CustomResource):
|
|
|
736
938
|
__props__.__dict__["client_id"] = client_id
|
|
737
939
|
__props__.__dict__["client_secret"] = client_secret
|
|
738
940
|
__props__.__dict__["description"] = description
|
|
941
|
+
__props__.__dict__["disable_automated_rotation"] = disable_automated_rotation
|
|
739
942
|
__props__.__dict__["disable_remount"] = disable_remount
|
|
740
943
|
__props__.__dict__["environment"] = environment
|
|
741
944
|
__props__.__dict__["identity_token_audience"] = identity_token_audience
|
|
@@ -743,6 +946,9 @@ class Backend(pulumi.CustomResource):
|
|
|
743
946
|
__props__.__dict__["identity_token_ttl"] = identity_token_ttl
|
|
744
947
|
__props__.__dict__["namespace"] = namespace
|
|
745
948
|
__props__.__dict__["path"] = path
|
|
949
|
+
__props__.__dict__["rotation_period"] = rotation_period
|
|
950
|
+
__props__.__dict__["rotation_schedule"] = rotation_schedule
|
|
951
|
+
__props__.__dict__["rotation_window"] = rotation_window
|
|
746
952
|
__props__.__dict__["subscription_id"] = subscription_id
|
|
747
953
|
__props__.__dict__["tenant_id"] = tenant_id
|
|
748
954
|
__props__.__dict__["use_microsoft_graph_api"] = use_microsoft_graph_api
|
|
@@ -772,6 +978,15 @@ class Backend(pulumi.CustomResource):
|
|
|
772
978
|
"""
|
|
773
979
|
return pulumi.get(self, "description")
|
|
774
980
|
|
|
981
|
+
@property
|
|
982
|
+
@pulumi.getter(name="disableAutomatedRotation")
|
|
983
|
+
def disable_automated_rotation(self) -> pulumi.Output[Optional[bool]]:
|
|
984
|
+
"""
|
|
985
|
+
Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
|
986
|
+
*Available only for Vault Enterprise*
|
|
987
|
+
"""
|
|
988
|
+
return pulumi.get(self, "disable_automated_rotation")
|
|
989
|
+
|
|
775
990
|
@property
|
|
776
991
|
@pulumi.getter(name="disableRemount")
|
|
777
992
|
def disable_remount(self) -> pulumi.Output[Optional[bool]]:
|
|
@@ -835,6 +1050,36 @@ class Backend(pulumi.CustomResource):
|
|
|
835
1050
|
"""
|
|
836
1051
|
return pulumi.get(self, "path")
|
|
837
1052
|
|
|
1053
|
+
@property
|
|
1054
|
+
@pulumi.getter(name="rotationPeriod")
|
|
1055
|
+
def rotation_period(self) -> pulumi.Output[Optional[int]]:
|
|
1056
|
+
"""
|
|
1057
|
+
The amount of time in seconds Vault should wait before rotating the root credential.
|
|
1058
|
+
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
|
1059
|
+
*Available only for Vault Enterprise*
|
|
1060
|
+
"""
|
|
1061
|
+
return pulumi.get(self, "rotation_period")
|
|
1062
|
+
|
|
1063
|
+
@property
|
|
1064
|
+
@pulumi.getter(name="rotationSchedule")
|
|
1065
|
+
def rotation_schedule(self) -> pulumi.Output[Optional[str]]:
|
|
1066
|
+
"""
|
|
1067
|
+
The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
|
1068
|
+
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
|
1069
|
+
*Available only for Vault Enterprise*
|
|
1070
|
+
"""
|
|
1071
|
+
return pulumi.get(self, "rotation_schedule")
|
|
1072
|
+
|
|
1073
|
+
@property
|
|
1074
|
+
@pulumi.getter(name="rotationWindow")
|
|
1075
|
+
def rotation_window(self) -> pulumi.Output[Optional[int]]:
|
|
1076
|
+
"""
|
|
1077
|
+
The maximum amount of time in seconds allowed to complete
|
|
1078
|
+
a rotation when a scheduled token rotation occurs. The default rotation window is
|
|
1079
|
+
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+. *Available only for Vault Enterprise*
|
|
1080
|
+
"""
|
|
1081
|
+
return pulumi.get(self, "rotation_window")
|
|
1082
|
+
|
|
838
1083
|
@property
|
|
839
1084
|
@pulumi.getter(name="subscriptionId")
|
|
840
1085
|
def subscription_id(self) -> pulumi.Output[str]:
|