pulumi-vault 6.6.0a1741415971__py3-none-any.whl → 6.7.0__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +9 -0
- pulumi_vault/_inputs.py +583 -562
- pulumi_vault/ad/__init__.py +1 -0
- pulumi_vault/ad/get_access_credentials.py +20 -19
- pulumi_vault/ad/secret_backend.py +477 -476
- pulumi_vault/ad/secret_library.py +99 -98
- pulumi_vault/ad/secret_role.py +85 -84
- pulumi_vault/alicloud/__init__.py +1 -0
- pulumi_vault/alicloud/auth_backend_role.py +183 -182
- pulumi_vault/approle/__init__.py +1 -0
- pulumi_vault/approle/auth_backend_login.py +106 -105
- pulumi_vault/approle/auth_backend_role.py +239 -238
- pulumi_vault/approle/auth_backend_role_secret_id.py +162 -161
- pulumi_vault/approle/get_auth_backend_role_id.py +18 -17
- pulumi_vault/audit.py +85 -84
- pulumi_vault/audit_request_header.py +43 -42
- pulumi_vault/auth_backend.py +106 -105
- pulumi_vault/aws/__init__.py +1 -0
- pulumi_vault/aws/auth_backend_cert.py +71 -70
- pulumi_vault/aws/auth_backend_client.py +425 -200
- pulumi_vault/aws/auth_backend_config_identity.py +85 -84
- pulumi_vault/aws/auth_backend_identity_whitelist.py +57 -56
- pulumi_vault/aws/auth_backend_login.py +209 -208
- pulumi_vault/aws/auth_backend_role.py +400 -399
- pulumi_vault/aws/auth_backend_role_tag.py +127 -126
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +57 -56
- pulumi_vault/aws/auth_backend_sts_role.py +71 -70
- pulumi_vault/aws/get_access_credentials.py +44 -43
- pulumi_vault/aws/get_static_access_credentials.py +13 -12
- pulumi_vault/aws/secret_backend.py +523 -306
- pulumi_vault/aws/secret_backend_role.py +211 -210
- pulumi_vault/aws/secret_backend_static_role.py +288 -70
- pulumi_vault/azure/__init__.py +1 -0
- pulumi_vault/azure/_inputs.py +21 -20
- pulumi_vault/azure/auth_backend_config.py +383 -130
- pulumi_vault/azure/auth_backend_role.py +253 -252
- pulumi_vault/azure/backend.py +432 -186
- pulumi_vault/azure/backend_role.py +188 -140
- pulumi_vault/azure/get_access_credentials.py +58 -57
- pulumi_vault/azure/outputs.py +11 -10
- pulumi_vault/cert_auth_backend_role.py +365 -364
- pulumi_vault/config/__init__.py +1 -0
- pulumi_vault/config/__init__.pyi +1 -0
- pulumi_vault/config/_inputs.py +11 -10
- pulumi_vault/config/outputs.py +287 -286
- pulumi_vault/config/ui_custom_message.py +113 -112
- pulumi_vault/config/vars.py +1 -0
- pulumi_vault/consul/__init__.py +1 -0
- pulumi_vault/consul/secret_backend.py +197 -196
- pulumi_vault/consul/secret_backend_role.py +183 -182
- pulumi_vault/database/__init__.py +1 -0
- pulumi_vault/database/_inputs.py +3857 -2200
- pulumi_vault/database/outputs.py +2483 -1330
- pulumi_vault/database/secret_backend_connection.py +333 -112
- pulumi_vault/database/secret_backend_role.py +169 -168
- pulumi_vault/database/secret_backend_static_role.py +283 -140
- pulumi_vault/database/secrets_mount.py +275 -266
- pulumi_vault/egp_policy.py +71 -70
- pulumi_vault/gcp/__init__.py +1 -0
- pulumi_vault/gcp/_inputs.py +82 -81
- pulumi_vault/gcp/auth_backend.py +426 -205
- pulumi_vault/gcp/auth_backend_role.py +281 -280
- pulumi_vault/gcp/get_auth_backend_role.py +70 -69
- pulumi_vault/gcp/outputs.py +50 -49
- pulumi_vault/gcp/secret_backend.py +420 -179
- pulumi_vault/gcp/secret_impersonated_account.py +92 -91
- pulumi_vault/gcp/secret_roleset.py +92 -91
- pulumi_vault/gcp/secret_static_account.py +92 -91
- pulumi_vault/generic/__init__.py +1 -0
- pulumi_vault/generic/endpoint.py +113 -112
- pulumi_vault/generic/get_secret.py +28 -27
- pulumi_vault/generic/secret.py +78 -77
- pulumi_vault/get_auth_backend.py +19 -18
- pulumi_vault/get_auth_backends.py +14 -13
- pulumi_vault/get_namespace.py +15 -14
- pulumi_vault/get_namespaces.py +68 -18
- pulumi_vault/get_nomad_access_token.py +19 -18
- pulumi_vault/get_policy_document.py +6 -5
- pulumi_vault/get_raft_autopilot_state.py +18 -17
- pulumi_vault/github/__init__.py +1 -0
- pulumi_vault/github/_inputs.py +42 -41
- pulumi_vault/github/auth_backend.py +232 -231
- pulumi_vault/github/outputs.py +26 -25
- pulumi_vault/github/team.py +57 -56
- pulumi_vault/github/user.py +57 -56
- pulumi_vault/identity/__init__.py +1 -0
- pulumi_vault/identity/entity.py +85 -84
- pulumi_vault/identity/entity_alias.py +71 -70
- pulumi_vault/identity/entity_policies.py +64 -63
- pulumi_vault/identity/get_entity.py +43 -42
- pulumi_vault/identity/get_group.py +50 -49
- pulumi_vault/identity/get_oidc_client_creds.py +14 -13
- pulumi_vault/identity/get_oidc_openid_config.py +24 -23
- pulumi_vault/identity/get_oidc_public_keys.py +13 -12
- pulumi_vault/identity/group.py +141 -140
- pulumi_vault/identity/group_alias.py +57 -56
- pulumi_vault/identity/group_member_entity_ids.py +57 -56
- pulumi_vault/identity/group_member_group_ids.py +57 -56
- pulumi_vault/identity/group_policies.py +64 -63
- pulumi_vault/identity/mfa_duo.py +148 -147
- pulumi_vault/identity/mfa_login_enforcement.py +120 -119
- pulumi_vault/identity/mfa_okta.py +134 -133
- pulumi_vault/identity/mfa_pingid.py +127 -126
- pulumi_vault/identity/mfa_totp.py +176 -175
- pulumi_vault/identity/oidc.py +29 -28
- pulumi_vault/identity/oidc_assignment.py +57 -56
- pulumi_vault/identity/oidc_client.py +127 -126
- pulumi_vault/identity/oidc_key.py +85 -84
- pulumi_vault/identity/oidc_key_allowed_client_id.py +43 -42
- pulumi_vault/identity/oidc_provider.py +92 -91
- pulumi_vault/identity/oidc_role.py +85 -84
- pulumi_vault/identity/oidc_scope.py +57 -56
- pulumi_vault/identity/outputs.py +32 -31
- pulumi_vault/jwt/__init__.py +1 -0
- pulumi_vault/jwt/_inputs.py +42 -41
- pulumi_vault/jwt/auth_backend.py +288 -287
- pulumi_vault/jwt/auth_backend_role.py +407 -406
- pulumi_vault/jwt/outputs.py +26 -25
- pulumi_vault/kmip/__init__.py +1 -0
- pulumi_vault/kmip/secret_backend.py +183 -182
- pulumi_vault/kmip/secret_role.py +295 -294
- pulumi_vault/kmip/secret_scope.py +57 -56
- pulumi_vault/kubernetes/__init__.py +1 -0
- pulumi_vault/kubernetes/auth_backend_config.py +141 -140
- pulumi_vault/kubernetes/auth_backend_role.py +225 -224
- pulumi_vault/kubernetes/get_auth_backend_config.py +47 -46
- pulumi_vault/kubernetes/get_auth_backend_role.py +70 -69
- pulumi_vault/kubernetes/get_service_account_token.py +38 -37
- pulumi_vault/kubernetes/secret_backend.py +316 -315
- pulumi_vault/kubernetes/secret_backend_role.py +197 -196
- pulumi_vault/kv/__init__.py +1 -0
- pulumi_vault/kv/_inputs.py +21 -20
- pulumi_vault/kv/get_secret.py +17 -16
- pulumi_vault/kv/get_secret_subkeys_v2.py +30 -29
- pulumi_vault/kv/get_secret_v2.py +29 -28
- pulumi_vault/kv/get_secrets_list.py +13 -12
- pulumi_vault/kv/get_secrets_list_v2.py +19 -18
- pulumi_vault/kv/outputs.py +13 -12
- pulumi_vault/kv/secret.py +50 -49
- pulumi_vault/kv/secret_backend_v2.py +71 -70
- pulumi_vault/kv/secret_v2.py +134 -133
- pulumi_vault/ldap/__init__.py +1 -0
- pulumi_vault/ldap/auth_backend.py +754 -533
- pulumi_vault/ldap/auth_backend_group.py +57 -56
- pulumi_vault/ldap/auth_backend_user.py +71 -70
- pulumi_vault/ldap/get_dynamic_credentials.py +17 -16
- pulumi_vault/ldap/get_static_credentials.py +18 -17
- pulumi_vault/ldap/secret_backend.py +720 -499
- pulumi_vault/ldap/secret_backend_dynamic_role.py +127 -126
- pulumi_vault/ldap/secret_backend_library_set.py +99 -98
- pulumi_vault/ldap/secret_backend_static_role.py +99 -98
- pulumi_vault/managed/__init__.py +1 -0
- pulumi_vault/managed/_inputs.py +229 -228
- pulumi_vault/managed/keys.py +15 -14
- pulumi_vault/managed/outputs.py +139 -138
- pulumi_vault/mfa_duo.py +113 -112
- pulumi_vault/mfa_okta.py +113 -112
- pulumi_vault/mfa_pingid.py +120 -119
- pulumi_vault/mfa_totp.py +127 -126
- pulumi_vault/mongodbatlas/__init__.py +1 -0
- pulumi_vault/mongodbatlas/secret_backend.py +64 -63
- pulumi_vault/mongodbatlas/secret_role.py +155 -154
- pulumi_vault/mount.py +274 -273
- pulumi_vault/namespace.py +64 -63
- pulumi_vault/nomad_secret_backend.py +211 -210
- pulumi_vault/nomad_secret_role.py +85 -84
- pulumi_vault/okta/__init__.py +1 -0
- pulumi_vault/okta/_inputs.py +26 -25
- pulumi_vault/okta/auth_backend.py +274 -273
- pulumi_vault/okta/auth_backend_group.py +57 -56
- pulumi_vault/okta/auth_backend_user.py +71 -70
- pulumi_vault/okta/outputs.py +16 -15
- pulumi_vault/outputs.py +73 -60
- pulumi_vault/password_policy.py +43 -42
- pulumi_vault/pkisecret/__init__.py +3 -0
- pulumi_vault/pkisecret/_inputs.py +31 -36
- pulumi_vault/pkisecret/backend_acme_eab.py +92 -91
- pulumi_vault/pkisecret/backend_config_acme.py +174 -126
- pulumi_vault/pkisecret/backend_config_auto_tidy.py +1377 -0
- pulumi_vault/pkisecret/backend_config_cluster.py +57 -56
- pulumi_vault/pkisecret/backend_config_cmpv2.py +152 -104
- pulumi_vault/pkisecret/backend_config_est.py +120 -119
- pulumi_vault/pkisecret/get_backend_cert_metadata.py +278 -0
- pulumi_vault/pkisecret/get_backend_config_cmpv2.py +35 -17
- pulumi_vault/pkisecret/get_backend_config_est.py +19 -18
- pulumi_vault/pkisecret/get_backend_issuer.py +139 -25
- pulumi_vault/pkisecret/get_backend_issuers.py +15 -14
- pulumi_vault/pkisecret/get_backend_key.py +20 -19
- pulumi_vault/pkisecret/get_backend_keys.py +15 -14
- pulumi_vault/pkisecret/outputs.py +28 -31
- pulumi_vault/pkisecret/secret_backend_cert.py +439 -297
- pulumi_vault/pkisecret/secret_backend_config_ca.py +43 -42
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +57 -56
- pulumi_vault/pkisecret/secret_backend_config_urls.py +85 -84
- pulumi_vault/pkisecret/secret_backend_crl_config.py +237 -182
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +520 -378
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +57 -56
- pulumi_vault/pkisecret/secret_backend_issuer.py +441 -175
- pulumi_vault/pkisecret/secret_backend_key.py +120 -119
- pulumi_vault/pkisecret/secret_backend_role.py +894 -644
- pulumi_vault/pkisecret/secret_backend_root_cert.py +851 -427
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +936 -357
- pulumi_vault/pkisecret/secret_backend_sign.py +347 -252
- pulumi_vault/plugin.py +127 -126
- pulumi_vault/plugin_pinned_version.py +43 -42
- pulumi_vault/policy.py +43 -42
- pulumi_vault/provider.py +120 -119
- pulumi_vault/pulumi-plugin.json +1 -1
- pulumi_vault/quota_lease_count.py +85 -84
- pulumi_vault/quota_rate_limit.py +113 -112
- pulumi_vault/rabbitmq/__init__.py +1 -0
- pulumi_vault/rabbitmq/_inputs.py +41 -40
- pulumi_vault/rabbitmq/outputs.py +25 -24
- pulumi_vault/rabbitmq/secret_backend.py +169 -168
- pulumi_vault/rabbitmq/secret_backend_role.py +57 -56
- pulumi_vault/raft_autopilot.py +113 -112
- pulumi_vault/raft_snapshot_agent_config.py +393 -392
- pulumi_vault/rgp_policy.py +57 -56
- pulumi_vault/saml/__init__.py +1 -0
- pulumi_vault/saml/auth_backend.py +155 -154
- pulumi_vault/saml/auth_backend_role.py +239 -238
- pulumi_vault/secrets/__init__.py +1 -0
- pulumi_vault/secrets/_inputs.py +16 -15
- pulumi_vault/secrets/outputs.py +10 -9
- pulumi_vault/secrets/sync_association.py +71 -70
- pulumi_vault/secrets/sync_aws_destination.py +148 -147
- pulumi_vault/secrets/sync_azure_destination.py +148 -147
- pulumi_vault/secrets/sync_config.py +43 -42
- pulumi_vault/secrets/sync_gcp_destination.py +106 -105
- pulumi_vault/secrets/sync_gh_destination.py +134 -133
- pulumi_vault/secrets/sync_github_apps.py +64 -63
- pulumi_vault/secrets/sync_vercel_destination.py +120 -119
- pulumi_vault/ssh/__init__.py +2 -0
- pulumi_vault/ssh/_inputs.py +11 -10
- pulumi_vault/ssh/get_secret_backend_sign.py +295 -0
- pulumi_vault/ssh/outputs.py +7 -6
- pulumi_vault/ssh/secret_backend_ca.py +99 -98
- pulumi_vault/ssh/secret_backend_role.py +365 -364
- pulumi_vault/terraformcloud/__init__.py +1 -0
- pulumi_vault/terraformcloud/secret_backend.py +111 -110
- pulumi_vault/terraformcloud/secret_creds.py +74 -73
- pulumi_vault/terraformcloud/secret_role.py +96 -95
- pulumi_vault/token.py +246 -245
- pulumi_vault/tokenauth/__init__.py +1 -0
- pulumi_vault/tokenauth/auth_backend_role.py +267 -266
- pulumi_vault/transform/__init__.py +1 -0
- pulumi_vault/transform/alphabet.py +57 -56
- pulumi_vault/transform/get_decode.py +47 -46
- pulumi_vault/transform/get_encode.py +47 -46
- pulumi_vault/transform/role.py +57 -56
- pulumi_vault/transform/template.py +113 -112
- pulumi_vault/transform/transformation.py +141 -140
- pulumi_vault/transit/__init__.py +3 -0
- pulumi_vault/transit/get_decrypt.py +18 -17
- pulumi_vault/transit/get_encrypt.py +21 -20
- pulumi_vault/transit/get_sign.py +325 -0
- pulumi_vault/transit/get_verify.py +355 -0
- pulumi_vault/transit/secret_backend_key.py +394 -231
- pulumi_vault/transit/secret_cache_config.py +43 -42
- {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0.dist-info}/METADATA +2 -2
- pulumi_vault-6.7.0.dist-info/RECORD +265 -0
- {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0.dist-info}/WHEEL +1 -1
- pulumi_vault-6.6.0a1741415971.dist-info/RECORD +0 -260
- {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0.dist-info}/top_level.txt +0 -0
@@ -2,6 +2,7 @@
|
|
2
2
|
# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
|
3
3
|
# *** Do not edit by hand unless you're certain you know what you are doing! ***
|
4
4
|
|
5
|
+
import builtins
|
5
6
|
import copy
|
6
7
|
import warnings
|
7
8
|
import sys
|
@@ -19,89 +20,101 @@ __all__ = ['SecretBackendArgs', 'SecretBackend']
|
|
19
20
|
@pulumi.input_type
|
20
21
|
class SecretBackendArgs:
|
21
22
|
def __init__(__self__, *,
|
22
|
-
binddn: pulumi.Input[str],
|
23
|
-
bindpass: pulumi.Input[str],
|
24
|
-
allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
25
|
-
allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
26
|
-
audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
27
|
-
audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
28
|
-
certificate: Optional[pulumi.Input[str]] = None,
|
29
|
-
client_tls_cert: Optional[pulumi.Input[str]] = None,
|
30
|
-
client_tls_key: Optional[pulumi.Input[str]] = None,
|
31
|
-
connection_timeout: Optional[pulumi.Input[int]] = None,
|
32
|
-
default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
33
|
-
delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
34
|
-
description: Optional[pulumi.Input[str]] = None,
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
|
50
|
-
|
51
|
-
|
52
|
-
|
53
|
-
|
54
|
-
|
55
|
-
|
56
|
-
|
23
|
+
binddn: pulumi.Input[builtins.str],
|
24
|
+
bindpass: pulumi.Input[builtins.str],
|
25
|
+
allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
26
|
+
allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
27
|
+
audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
28
|
+
audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
29
|
+
certificate: Optional[pulumi.Input[builtins.str]] = None,
|
30
|
+
client_tls_cert: Optional[pulumi.Input[builtins.str]] = None,
|
31
|
+
client_tls_key: Optional[pulumi.Input[builtins.str]] = None,
|
32
|
+
connection_timeout: Optional[pulumi.Input[builtins.int]] = None,
|
33
|
+
default_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
|
34
|
+
delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
35
|
+
description: Optional[pulumi.Input[builtins.str]] = None,
|
36
|
+
disable_automated_rotation: Optional[pulumi.Input[builtins.bool]] = None,
|
37
|
+
disable_remount: Optional[pulumi.Input[builtins.bool]] = None,
|
38
|
+
external_entropy_access: Optional[pulumi.Input[builtins.bool]] = None,
|
39
|
+
identity_token_key: Optional[pulumi.Input[builtins.str]] = None,
|
40
|
+
insecure_tls: Optional[pulumi.Input[builtins.bool]] = None,
|
41
|
+
listing_visibility: Optional[pulumi.Input[builtins.str]] = None,
|
42
|
+
local: Optional[pulumi.Input[builtins.bool]] = None,
|
43
|
+
max_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
|
44
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
45
|
+
options: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
|
46
|
+
passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
47
|
+
password_policy: Optional[pulumi.Input[builtins.str]] = None,
|
48
|
+
path: Optional[pulumi.Input[builtins.str]] = None,
|
49
|
+
plugin_version: Optional[pulumi.Input[builtins.str]] = None,
|
50
|
+
request_timeout: Optional[pulumi.Input[builtins.int]] = None,
|
51
|
+
rotation_period: Optional[pulumi.Input[builtins.int]] = None,
|
52
|
+
rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
|
53
|
+
rotation_window: Optional[pulumi.Input[builtins.int]] = None,
|
54
|
+
schema: Optional[pulumi.Input[builtins.str]] = None,
|
55
|
+
seal_wrap: Optional[pulumi.Input[builtins.bool]] = None,
|
56
|
+
skip_static_role_import_rotation: Optional[pulumi.Input[builtins.bool]] = None,
|
57
|
+
starttls: Optional[pulumi.Input[builtins.bool]] = None,
|
58
|
+
upndomain: Optional[pulumi.Input[builtins.str]] = None,
|
59
|
+
url: Optional[pulumi.Input[builtins.str]] = None,
|
60
|
+
userattr: Optional[pulumi.Input[builtins.str]] = None,
|
61
|
+
userdn: Optional[pulumi.Input[builtins.str]] = None):
|
57
62
|
"""
|
58
63
|
The set of arguments for constructing a SecretBackend resource.
|
59
|
-
:param pulumi.Input[str] binddn: Distinguished name of object to bind when performing user and group search.
|
60
|
-
:param pulumi.Input[str] bindpass: Password to use along with binddn when performing user search.
|
61
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_managed_keys: List of managed key registry entry names that the mount in question is allowed to access
|
62
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_response_headers: List of headers to allow and pass from the request to the plugin
|
63
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
|
64
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
|
65
|
-
:param pulumi.Input[str] certificate: CA certificate to use when verifying LDAP server certificate, must be
|
64
|
+
:param pulumi.Input[builtins.str] binddn: Distinguished name of object to bind when performing user and group search.
|
65
|
+
:param pulumi.Input[builtins.str] bindpass: Password to use along with binddn when performing user search.
|
66
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_managed_keys: List of managed key registry entry names that the mount in question is allowed to access
|
67
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_response_headers: List of headers to allow and pass from the request to the plugin
|
68
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
|
69
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
|
70
|
+
:param pulumi.Input[builtins.str] certificate: CA certificate to use when verifying LDAP server certificate, must be
|
66
71
|
x509 PEM encoded.
|
67
|
-
:param pulumi.Input[str] client_tls_cert: Client certificate to provide to the LDAP server, must be x509 PEM encoded.
|
68
|
-
:param pulumi.Input[str] client_tls_key: Client certificate key to provide to the LDAP server, must be x509 PEM encoded.
|
69
|
-
:param pulumi.Input[int] connection_timeout: Timeout, in seconds, when attempting to connect to the LDAP server before trying
|
72
|
+
:param pulumi.Input[builtins.str] client_tls_cert: Client certificate to provide to the LDAP server, must be x509 PEM encoded.
|
73
|
+
:param pulumi.Input[builtins.str] client_tls_key: Client certificate key to provide to the LDAP server, must be x509 PEM encoded.
|
74
|
+
:param pulumi.Input[builtins.int] connection_timeout: Timeout, in seconds, when attempting to connect to the LDAP server before trying
|
70
75
|
the next URL in the configuration.
|
71
|
-
:param pulumi.Input[int] default_lease_ttl_seconds: Default lease duration for secrets in seconds.
|
72
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] delegated_auth_accessors: List of headers to allow and pass from the request to the plugin
|
73
|
-
:param pulumi.Input[str] description: Human-friendly description of the mount for the Active Directory backend.
|
74
|
-
:param pulumi.Input[bool]
|
75
|
-
:param pulumi.Input[bool]
|
76
|
-
:param pulumi.Input[
|
77
|
-
:param pulumi.Input[
|
76
|
+
:param pulumi.Input[builtins.int] default_lease_ttl_seconds: Default lease duration for secrets in seconds.
|
77
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] delegated_auth_accessors: List of headers to allow and pass from the request to the plugin
|
78
|
+
:param pulumi.Input[builtins.str] description: Human-friendly description of the mount for the Active Directory backend.
|
79
|
+
:param pulumi.Input[builtins.bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
80
|
+
:param pulumi.Input[builtins.bool] disable_remount: If set, opts out of mount migration on path updates.
|
81
|
+
:param pulumi.Input[builtins.bool] external_entropy_access: Enable the secrets engine to access Vault's external entropy source
|
82
|
+
:param pulumi.Input[builtins.str] identity_token_key: The key to use for signing plugin workload identity tokens
|
83
|
+
:param pulumi.Input[builtins.bool] insecure_tls: Skip LDAP server SSL Certificate verification. This is not recommended for production.
|
78
84
|
Defaults to `false`.
|
79
|
-
:param pulumi.Input[str] listing_visibility: Specifies whether to show this mount in the UI-specific listing endpoint
|
80
|
-
:param pulumi.Input[bool] local: Mark the secrets engine as local-only. Local engines are not replicated or removed by
|
85
|
+
:param pulumi.Input[builtins.str] listing_visibility: Specifies whether to show this mount in the UI-specific listing endpoint
|
86
|
+
:param pulumi.Input[builtins.bool] local: Mark the secrets engine as local-only. Local engines are not replicated or removed by
|
81
87
|
replication.Tolerance duration to use when checking the last rotation time.
|
82
|
-
:param pulumi.Input[int] max_lease_ttl_seconds: Maximum possible lease duration for secrets in seconds.
|
83
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
88
|
+
:param pulumi.Input[builtins.int] max_lease_ttl_seconds: Maximum possible lease duration for secrets in seconds.
|
89
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
84
90
|
The value should not contain leading or trailing forward slashes.
|
85
91
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
86
92
|
*Available only for Vault Enterprise*.
|
87
|
-
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] options: Specifies mount type specific options that are passed to the backend
|
88
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] passthrough_request_headers: List of headers to allow and pass from the request to the plugin
|
89
|
-
:param pulumi.Input[str] password_policy: Name of the password policy to use to generate passwords.
|
90
|
-
:param pulumi.Input[str] path: The unique path this backend should be mounted at. Must
|
93
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] options: Specifies mount type specific options that are passed to the backend
|
94
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] passthrough_request_headers: List of headers to allow and pass from the request to the plugin
|
95
|
+
:param pulumi.Input[builtins.str] password_policy: Name of the password policy to use to generate passwords.
|
96
|
+
:param pulumi.Input[builtins.str] path: The unique path this backend should be mounted at. Must
|
91
97
|
not begin or end with a `/`. Defaults to `ldap`.
|
92
|
-
:param pulumi.Input[str] plugin_version: Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
|
93
|
-
:param pulumi.Input[int] request_timeout: Timeout, in seconds, for the connection when making requests against the server
|
98
|
+
:param pulumi.Input[builtins.str] plugin_version: Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
|
99
|
+
:param pulumi.Input[builtins.int] request_timeout: Timeout, in seconds, for the connection when making requests against the server
|
94
100
|
before returning back an error.
|
95
|
-
:param pulumi.Input[
|
96
|
-
|
97
|
-
:param pulumi.Input[
|
101
|
+
:param pulumi.Input[builtins.int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
|
102
|
+
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
103
|
+
:param pulumi.Input[builtins.str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
104
|
+
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
105
|
+
:param pulumi.Input[builtins.int] rotation_window: The maximum amount of time in seconds allowed to complete
|
106
|
+
a rotation when a scheduled token rotation occurs. The default rotation window is
|
107
|
+
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
|
108
|
+
:param pulumi.Input[builtins.str] schema: The LDAP schema to use when storing entry passwords. Valid schemas include `openldap`, `ad`, and `racf`. Default is `openldap`.
|
109
|
+
:param pulumi.Input[builtins.bool] seal_wrap: Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
|
110
|
+
:param pulumi.Input[builtins.bool] skip_static_role_import_rotation: If set to true, static roles will not be rotated during import.
|
98
111
|
Defaults to false. Requires Vault 1.16 or above.
|
99
|
-
:param pulumi.Input[bool] starttls: Issue a StartTLS command after establishing unencrypted connection.
|
100
|
-
:param pulumi.Input[str] upndomain: Enables userPrincipalDomain login with [username]@UPNDomain.
|
101
|
-
:param pulumi.Input[str] url: LDAP URL to connect to. Multiple URLs can be specified by concatenating
|
112
|
+
:param pulumi.Input[builtins.bool] starttls: Issue a StartTLS command after establishing unencrypted connection.
|
113
|
+
:param pulumi.Input[builtins.str] upndomain: Enables userPrincipalDomain login with [username]@UPNDomain.
|
114
|
+
:param pulumi.Input[builtins.str] url: LDAP URL to connect to. Multiple URLs can be specified by concatenating
|
102
115
|
them with commas; they will be tried in-order. Defaults to `ldap://127.0.0.1`.
|
103
|
-
:param pulumi.Input[str] userattr: Attribute used when searching users. Defaults to `cn`.
|
104
|
-
:param pulumi.Input[str] userdn: LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.
|
116
|
+
:param pulumi.Input[builtins.str] userattr: Attribute used when searching users. Defaults to `cn`.
|
117
|
+
:param pulumi.Input[builtins.str] userdn: LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.
|
105
118
|
"""
|
106
119
|
pulumi.set(__self__, "binddn", binddn)
|
107
120
|
pulumi.set(__self__, "bindpass", bindpass)
|
@@ -127,6 +140,8 @@ class SecretBackendArgs:
|
|
127
140
|
pulumi.set(__self__, "delegated_auth_accessors", delegated_auth_accessors)
|
128
141
|
if description is not None:
|
129
142
|
pulumi.set(__self__, "description", description)
|
143
|
+
if disable_automated_rotation is not None:
|
144
|
+
pulumi.set(__self__, "disable_automated_rotation", disable_automated_rotation)
|
130
145
|
if disable_remount is not None:
|
131
146
|
pulumi.set(__self__, "disable_remount", disable_remount)
|
132
147
|
if external_entropy_access is not None:
|
@@ -155,6 +170,12 @@ class SecretBackendArgs:
|
|
155
170
|
pulumi.set(__self__, "plugin_version", plugin_version)
|
156
171
|
if request_timeout is not None:
|
157
172
|
pulumi.set(__self__, "request_timeout", request_timeout)
|
173
|
+
if rotation_period is not None:
|
174
|
+
pulumi.set(__self__, "rotation_period", rotation_period)
|
175
|
+
if rotation_schedule is not None:
|
176
|
+
pulumi.set(__self__, "rotation_schedule", rotation_schedule)
|
177
|
+
if rotation_window is not None:
|
178
|
+
pulumi.set(__self__, "rotation_window", rotation_window)
|
158
179
|
if schema is not None:
|
159
180
|
pulumi.set(__self__, "schema", schema)
|
160
181
|
if seal_wrap is not None:
|
@@ -174,79 +195,79 @@ class SecretBackendArgs:
|
|
174
195
|
|
175
196
|
@property
|
176
197
|
@pulumi.getter
|
177
|
-
def binddn(self) -> pulumi.Input[str]:
|
198
|
+
def binddn(self) -> pulumi.Input[builtins.str]:
|
178
199
|
"""
|
179
200
|
Distinguished name of object to bind when performing user and group search.
|
180
201
|
"""
|
181
202
|
return pulumi.get(self, "binddn")
|
182
203
|
|
183
204
|
@binddn.setter
|
184
|
-
def binddn(self, value: pulumi.Input[str]):
|
205
|
+
def binddn(self, value: pulumi.Input[builtins.str]):
|
185
206
|
pulumi.set(self, "binddn", value)
|
186
207
|
|
187
208
|
@property
|
188
209
|
@pulumi.getter
|
189
|
-
def bindpass(self) -> pulumi.Input[str]:
|
210
|
+
def bindpass(self) -> pulumi.Input[builtins.str]:
|
190
211
|
"""
|
191
212
|
Password to use along with binddn when performing user search.
|
192
213
|
"""
|
193
214
|
return pulumi.get(self, "bindpass")
|
194
215
|
|
195
216
|
@bindpass.setter
|
196
|
-
def bindpass(self, value: pulumi.Input[str]):
|
217
|
+
def bindpass(self, value: pulumi.Input[builtins.str]):
|
197
218
|
pulumi.set(self, "bindpass", value)
|
198
219
|
|
199
220
|
@property
|
200
221
|
@pulumi.getter(name="allowedManagedKeys")
|
201
|
-
def allowed_managed_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
222
|
+
def allowed_managed_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
202
223
|
"""
|
203
224
|
List of managed key registry entry names that the mount in question is allowed to access
|
204
225
|
"""
|
205
226
|
return pulumi.get(self, "allowed_managed_keys")
|
206
227
|
|
207
228
|
@allowed_managed_keys.setter
|
208
|
-
def allowed_managed_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
229
|
+
def allowed_managed_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
209
230
|
pulumi.set(self, "allowed_managed_keys", value)
|
210
231
|
|
211
232
|
@property
|
212
233
|
@pulumi.getter(name="allowedResponseHeaders")
|
213
|
-
def allowed_response_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
234
|
+
def allowed_response_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
214
235
|
"""
|
215
236
|
List of headers to allow and pass from the request to the plugin
|
216
237
|
"""
|
217
238
|
return pulumi.get(self, "allowed_response_headers")
|
218
239
|
|
219
240
|
@allowed_response_headers.setter
|
220
|
-
def allowed_response_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
241
|
+
def allowed_response_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
221
242
|
pulumi.set(self, "allowed_response_headers", value)
|
222
243
|
|
223
244
|
@property
|
224
245
|
@pulumi.getter(name="auditNonHmacRequestKeys")
|
225
|
-
def audit_non_hmac_request_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
246
|
+
def audit_non_hmac_request_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
226
247
|
"""
|
227
248
|
Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
|
228
249
|
"""
|
229
250
|
return pulumi.get(self, "audit_non_hmac_request_keys")
|
230
251
|
|
231
252
|
@audit_non_hmac_request_keys.setter
|
232
|
-
def audit_non_hmac_request_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
253
|
+
def audit_non_hmac_request_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
233
254
|
pulumi.set(self, "audit_non_hmac_request_keys", value)
|
234
255
|
|
235
256
|
@property
|
236
257
|
@pulumi.getter(name="auditNonHmacResponseKeys")
|
237
|
-
def audit_non_hmac_response_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
258
|
+
def audit_non_hmac_response_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
238
259
|
"""
|
239
260
|
Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
|
240
261
|
"""
|
241
262
|
return pulumi.get(self, "audit_non_hmac_response_keys")
|
242
263
|
|
243
264
|
@audit_non_hmac_response_keys.setter
|
244
|
-
def audit_non_hmac_response_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
265
|
+
def audit_non_hmac_response_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
245
266
|
pulumi.set(self, "audit_non_hmac_response_keys", value)
|
246
267
|
|
247
268
|
@property
|
248
269
|
@pulumi.getter
|
249
|
-
def certificate(self) -> Optional[pulumi.Input[str]]:
|
270
|
+
def certificate(self) -> Optional[pulumi.Input[builtins.str]]:
|
250
271
|
"""
|
251
272
|
CA certificate to use when verifying LDAP server certificate, must be
|
252
273
|
x509 PEM encoded.
|
@@ -254,36 +275,36 @@ class SecretBackendArgs:
|
|
254
275
|
return pulumi.get(self, "certificate")
|
255
276
|
|
256
277
|
@certificate.setter
|
257
|
-
def certificate(self, value: Optional[pulumi.Input[str]]):
|
278
|
+
def certificate(self, value: Optional[pulumi.Input[builtins.str]]):
|
258
279
|
pulumi.set(self, "certificate", value)
|
259
280
|
|
260
281
|
@property
|
261
282
|
@pulumi.getter(name="clientTlsCert")
|
262
|
-
def client_tls_cert(self) -> Optional[pulumi.Input[str]]:
|
283
|
+
def client_tls_cert(self) -> Optional[pulumi.Input[builtins.str]]:
|
263
284
|
"""
|
264
285
|
Client certificate to provide to the LDAP server, must be x509 PEM encoded.
|
265
286
|
"""
|
266
287
|
return pulumi.get(self, "client_tls_cert")
|
267
288
|
|
268
289
|
@client_tls_cert.setter
|
269
|
-
def client_tls_cert(self, value: Optional[pulumi.Input[str]]):
|
290
|
+
def client_tls_cert(self, value: Optional[pulumi.Input[builtins.str]]):
|
270
291
|
pulumi.set(self, "client_tls_cert", value)
|
271
292
|
|
272
293
|
@property
|
273
294
|
@pulumi.getter(name="clientTlsKey")
|
274
|
-
def client_tls_key(self) -> Optional[pulumi.Input[str]]:
|
295
|
+
def client_tls_key(self) -> Optional[pulumi.Input[builtins.str]]:
|
275
296
|
"""
|
276
297
|
Client certificate key to provide to the LDAP server, must be x509 PEM encoded.
|
277
298
|
"""
|
278
299
|
return pulumi.get(self, "client_tls_key")
|
279
300
|
|
280
301
|
@client_tls_key.setter
|
281
|
-
def client_tls_key(self, value: Optional[pulumi.Input[str]]):
|
302
|
+
def client_tls_key(self, value: Optional[pulumi.Input[builtins.str]]):
|
282
303
|
pulumi.set(self, "client_tls_key", value)
|
283
304
|
|
284
305
|
@property
|
285
306
|
@pulumi.getter(name="connectionTimeout")
|
286
|
-
def connection_timeout(self) -> Optional[pulumi.Input[int]]:
|
307
|
+
def connection_timeout(self) -> Optional[pulumi.Input[builtins.int]]:
|
287
308
|
"""
|
288
309
|
Timeout, in seconds, when attempting to connect to the LDAP server before trying
|
289
310
|
the next URL in the configuration.
|
@@ -291,84 +312,96 @@ class SecretBackendArgs:
|
|
291
312
|
return pulumi.get(self, "connection_timeout")
|
292
313
|
|
293
314
|
@connection_timeout.setter
|
294
|
-
def connection_timeout(self, value: Optional[pulumi.Input[int]]):
|
315
|
+
def connection_timeout(self, value: Optional[pulumi.Input[builtins.int]]):
|
295
316
|
pulumi.set(self, "connection_timeout", value)
|
296
317
|
|
297
318
|
@property
|
298
319
|
@pulumi.getter(name="defaultLeaseTtlSeconds")
|
299
|
-
def default_lease_ttl_seconds(self) -> Optional[pulumi.Input[int]]:
|
320
|
+
def default_lease_ttl_seconds(self) -> Optional[pulumi.Input[builtins.int]]:
|
300
321
|
"""
|
301
322
|
Default lease duration for secrets in seconds.
|
302
323
|
"""
|
303
324
|
return pulumi.get(self, "default_lease_ttl_seconds")
|
304
325
|
|
305
326
|
@default_lease_ttl_seconds.setter
|
306
|
-
def default_lease_ttl_seconds(self, value: Optional[pulumi.Input[int]]):
|
327
|
+
def default_lease_ttl_seconds(self, value: Optional[pulumi.Input[builtins.int]]):
|
307
328
|
pulumi.set(self, "default_lease_ttl_seconds", value)
|
308
329
|
|
309
330
|
@property
|
310
331
|
@pulumi.getter(name="delegatedAuthAccessors")
|
311
|
-
def delegated_auth_accessors(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
332
|
+
def delegated_auth_accessors(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
312
333
|
"""
|
313
334
|
List of headers to allow and pass from the request to the plugin
|
314
335
|
"""
|
315
336
|
return pulumi.get(self, "delegated_auth_accessors")
|
316
337
|
|
317
338
|
@delegated_auth_accessors.setter
|
318
|
-
def delegated_auth_accessors(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
339
|
+
def delegated_auth_accessors(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
319
340
|
pulumi.set(self, "delegated_auth_accessors", value)
|
320
341
|
|
321
342
|
@property
|
322
343
|
@pulumi.getter
|
323
|
-
def description(self) -> Optional[pulumi.Input[str]]:
|
344
|
+
def description(self) -> Optional[pulumi.Input[builtins.str]]:
|
324
345
|
"""
|
325
346
|
Human-friendly description of the mount for the Active Directory backend.
|
326
347
|
"""
|
327
348
|
return pulumi.get(self, "description")
|
328
349
|
|
329
350
|
@description.setter
|
330
|
-
def description(self, value: Optional[pulumi.Input[str]]):
|
351
|
+
def description(self, value: Optional[pulumi.Input[builtins.str]]):
|
331
352
|
pulumi.set(self, "description", value)
|
332
353
|
|
354
|
+
@property
|
355
|
+
@pulumi.getter(name="disableAutomatedRotation")
|
356
|
+
def disable_automated_rotation(self) -> Optional[pulumi.Input[builtins.bool]]:
|
357
|
+
"""
|
358
|
+
Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
359
|
+
"""
|
360
|
+
return pulumi.get(self, "disable_automated_rotation")
|
361
|
+
|
362
|
+
@disable_automated_rotation.setter
|
363
|
+
def disable_automated_rotation(self, value: Optional[pulumi.Input[builtins.bool]]):
|
364
|
+
pulumi.set(self, "disable_automated_rotation", value)
|
365
|
+
|
333
366
|
@property
|
334
367
|
@pulumi.getter(name="disableRemount")
|
335
|
-
def disable_remount(self) -> Optional[pulumi.Input[bool]]:
|
368
|
+
def disable_remount(self) -> Optional[pulumi.Input[builtins.bool]]:
|
336
369
|
"""
|
337
370
|
If set, opts out of mount migration on path updates.
|
338
371
|
"""
|
339
372
|
return pulumi.get(self, "disable_remount")
|
340
373
|
|
341
374
|
@disable_remount.setter
|
342
|
-
def disable_remount(self, value: Optional[pulumi.Input[bool]]):
|
375
|
+
def disable_remount(self, value: Optional[pulumi.Input[builtins.bool]]):
|
343
376
|
pulumi.set(self, "disable_remount", value)
|
344
377
|
|
345
378
|
@property
|
346
379
|
@pulumi.getter(name="externalEntropyAccess")
|
347
|
-
def external_entropy_access(self) -> Optional[pulumi.Input[bool]]:
|
380
|
+
def external_entropy_access(self) -> Optional[pulumi.Input[builtins.bool]]:
|
348
381
|
"""
|
349
382
|
Enable the secrets engine to access Vault's external entropy source
|
350
383
|
"""
|
351
384
|
return pulumi.get(self, "external_entropy_access")
|
352
385
|
|
353
386
|
@external_entropy_access.setter
|
354
|
-
def external_entropy_access(self, value: Optional[pulumi.Input[bool]]):
|
387
|
+
def external_entropy_access(self, value: Optional[pulumi.Input[builtins.bool]]):
|
355
388
|
pulumi.set(self, "external_entropy_access", value)
|
356
389
|
|
357
390
|
@property
|
358
391
|
@pulumi.getter(name="identityTokenKey")
|
359
|
-
def identity_token_key(self) -> Optional[pulumi.Input[str]]:
|
392
|
+
def identity_token_key(self) -> Optional[pulumi.Input[builtins.str]]:
|
360
393
|
"""
|
361
394
|
The key to use for signing plugin workload identity tokens
|
362
395
|
"""
|
363
396
|
return pulumi.get(self, "identity_token_key")
|
364
397
|
|
365
398
|
@identity_token_key.setter
|
366
|
-
def identity_token_key(self, value: Optional[pulumi.Input[str]]):
|
399
|
+
def identity_token_key(self, value: Optional[pulumi.Input[builtins.str]]):
|
367
400
|
pulumi.set(self, "identity_token_key", value)
|
368
401
|
|
369
402
|
@property
|
370
403
|
@pulumi.getter(name="insecureTls")
|
371
|
-
def insecure_tls(self) -> Optional[pulumi.Input[bool]]:
|
404
|
+
def insecure_tls(self) -> Optional[pulumi.Input[builtins.bool]]:
|
372
405
|
"""
|
373
406
|
Skip LDAP server SSL Certificate verification. This is not recommended for production.
|
374
407
|
Defaults to `false`.
|
@@ -376,24 +409,24 @@ class SecretBackendArgs:
|
|
376
409
|
return pulumi.get(self, "insecure_tls")
|
377
410
|
|
378
411
|
@insecure_tls.setter
|
379
|
-
def insecure_tls(self, value: Optional[pulumi.Input[bool]]):
|
412
|
+
def insecure_tls(self, value: Optional[pulumi.Input[builtins.bool]]):
|
380
413
|
pulumi.set(self, "insecure_tls", value)
|
381
414
|
|
382
415
|
@property
|
383
416
|
@pulumi.getter(name="listingVisibility")
|
384
|
-
def listing_visibility(self) -> Optional[pulumi.Input[str]]:
|
417
|
+
def listing_visibility(self) -> Optional[pulumi.Input[builtins.str]]:
|
385
418
|
"""
|
386
419
|
Specifies whether to show this mount in the UI-specific listing endpoint
|
387
420
|
"""
|
388
421
|
return pulumi.get(self, "listing_visibility")
|
389
422
|
|
390
423
|
@listing_visibility.setter
|
391
|
-
def listing_visibility(self, value: Optional[pulumi.Input[str]]):
|
424
|
+
def listing_visibility(self, value: Optional[pulumi.Input[builtins.str]]):
|
392
425
|
pulumi.set(self, "listing_visibility", value)
|
393
426
|
|
394
427
|
@property
|
395
428
|
@pulumi.getter
|
396
|
-
def local(self) -> Optional[pulumi.Input[bool]]:
|
429
|
+
def local(self) -> Optional[pulumi.Input[builtins.bool]]:
|
397
430
|
"""
|
398
431
|
Mark the secrets engine as local-only. Local engines are not replicated or removed by
|
399
432
|
replication.Tolerance duration to use when checking the last rotation time.
|
@@ -401,24 +434,24 @@ class SecretBackendArgs:
|
|
401
434
|
return pulumi.get(self, "local")
|
402
435
|
|
403
436
|
@local.setter
|
404
|
-
def local(self, value: Optional[pulumi.Input[bool]]):
|
437
|
+
def local(self, value: Optional[pulumi.Input[builtins.bool]]):
|
405
438
|
pulumi.set(self, "local", value)
|
406
439
|
|
407
440
|
@property
|
408
441
|
@pulumi.getter(name="maxLeaseTtlSeconds")
|
409
|
-
def max_lease_ttl_seconds(self) -> Optional[pulumi.Input[int]]:
|
442
|
+
def max_lease_ttl_seconds(self) -> Optional[pulumi.Input[builtins.int]]:
|
410
443
|
"""
|
411
444
|
Maximum possible lease duration for secrets in seconds.
|
412
445
|
"""
|
413
446
|
return pulumi.get(self, "max_lease_ttl_seconds")
|
414
447
|
|
415
448
|
@max_lease_ttl_seconds.setter
|
416
|
-
def max_lease_ttl_seconds(self, value: Optional[pulumi.Input[int]]):
|
449
|
+
def max_lease_ttl_seconds(self, value: Optional[pulumi.Input[builtins.int]]):
|
417
450
|
pulumi.set(self, "max_lease_ttl_seconds", value)
|
418
451
|
|
419
452
|
@property
|
420
453
|
@pulumi.getter
|
421
|
-
def namespace(self) -> Optional[pulumi.Input[str]]:
|
454
|
+
def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
|
422
455
|
"""
|
423
456
|
The namespace to provision the resource in.
|
424
457
|
The value should not contain leading or trailing forward slashes.
|
@@ -428,48 +461,48 @@ class SecretBackendArgs:
|
|
428
461
|
return pulumi.get(self, "namespace")
|
429
462
|
|
430
463
|
@namespace.setter
|
431
|
-
def namespace(self, value: Optional[pulumi.Input[str]]):
|
464
|
+
def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
|
432
465
|
pulumi.set(self, "namespace", value)
|
433
466
|
|
434
467
|
@property
|
435
468
|
@pulumi.getter
|
436
|
-
def options(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
|
469
|
+
def options(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]:
|
437
470
|
"""
|
438
471
|
Specifies mount type specific options that are passed to the backend
|
439
472
|
"""
|
440
473
|
return pulumi.get(self, "options")
|
441
474
|
|
442
475
|
@options.setter
|
443
|
-
def options(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
|
476
|
+
def options(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]):
|
444
477
|
pulumi.set(self, "options", value)
|
445
478
|
|
446
479
|
@property
|
447
480
|
@pulumi.getter(name="passthroughRequestHeaders")
|
448
|
-
def passthrough_request_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
481
|
+
def passthrough_request_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
449
482
|
"""
|
450
483
|
List of headers to allow and pass from the request to the plugin
|
451
484
|
"""
|
452
485
|
return pulumi.get(self, "passthrough_request_headers")
|
453
486
|
|
454
487
|
@passthrough_request_headers.setter
|
455
|
-
def passthrough_request_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
488
|
+
def passthrough_request_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
456
489
|
pulumi.set(self, "passthrough_request_headers", value)
|
457
490
|
|
458
491
|
@property
|
459
492
|
@pulumi.getter(name="passwordPolicy")
|
460
|
-
def password_policy(self) -> Optional[pulumi.Input[str]]:
|
493
|
+
def password_policy(self) -> Optional[pulumi.Input[builtins.str]]:
|
461
494
|
"""
|
462
495
|
Name of the password policy to use to generate passwords.
|
463
496
|
"""
|
464
497
|
return pulumi.get(self, "password_policy")
|
465
498
|
|
466
499
|
@password_policy.setter
|
467
|
-
def password_policy(self, value: Optional[pulumi.Input[str]]):
|
500
|
+
def password_policy(self, value: Optional[pulumi.Input[builtins.str]]):
|
468
501
|
pulumi.set(self, "password_policy", value)
|
469
502
|
|
470
503
|
@property
|
471
504
|
@pulumi.getter
|
472
|
-
def path(self) -> Optional[pulumi.Input[str]]:
|
505
|
+
def path(self) -> Optional[pulumi.Input[builtins.str]]:
|
473
506
|
"""
|
474
507
|
The unique path this backend should be mounted at. Must
|
475
508
|
not begin or end with a `/`. Defaults to `ldap`.
|
@@ -477,24 +510,24 @@ class SecretBackendArgs:
|
|
477
510
|
return pulumi.get(self, "path")
|
478
511
|
|
479
512
|
@path.setter
|
480
|
-
def path(self, value: Optional[pulumi.Input[str]]):
|
513
|
+
def path(self, value: Optional[pulumi.Input[builtins.str]]):
|
481
514
|
pulumi.set(self, "path", value)
|
482
515
|
|
483
516
|
@property
|
484
517
|
@pulumi.getter(name="pluginVersion")
|
485
|
-
def plugin_version(self) -> Optional[pulumi.Input[str]]:
|
518
|
+
def plugin_version(self) -> Optional[pulumi.Input[builtins.str]]:
|
486
519
|
"""
|
487
520
|
Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
|
488
521
|
"""
|
489
522
|
return pulumi.get(self, "plugin_version")
|
490
523
|
|
491
524
|
@plugin_version.setter
|
492
|
-
def plugin_version(self, value: Optional[pulumi.Input[str]]):
|
525
|
+
def plugin_version(self, value: Optional[pulumi.Input[builtins.str]]):
|
493
526
|
pulumi.set(self, "plugin_version", value)
|
494
527
|
|
495
528
|
@property
|
496
529
|
@pulumi.getter(name="requestTimeout")
|
497
|
-
def request_timeout(self) -> Optional[pulumi.Input[int]]:
|
530
|
+
def request_timeout(self) -> Optional[pulumi.Input[builtins.int]]:
|
498
531
|
"""
|
499
532
|
Timeout, in seconds, for the connection when making requests against the server
|
500
533
|
before returning back an error.
|
@@ -502,36 +535,76 @@ class SecretBackendArgs:
|
|
502
535
|
return pulumi.get(self, "request_timeout")
|
503
536
|
|
504
537
|
@request_timeout.setter
|
505
|
-
def request_timeout(self, value: Optional[pulumi.Input[int]]):
|
538
|
+
def request_timeout(self, value: Optional[pulumi.Input[builtins.int]]):
|
506
539
|
pulumi.set(self, "request_timeout", value)
|
507
540
|
|
541
|
+
@property
|
542
|
+
@pulumi.getter(name="rotationPeriod")
|
543
|
+
def rotation_period(self) -> Optional[pulumi.Input[builtins.int]]:
|
544
|
+
"""
|
545
|
+
The amount of time in seconds Vault should wait before rotating the root credential.
|
546
|
+
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
547
|
+
"""
|
548
|
+
return pulumi.get(self, "rotation_period")
|
549
|
+
|
550
|
+
@rotation_period.setter
|
551
|
+
def rotation_period(self, value: Optional[pulumi.Input[builtins.int]]):
|
552
|
+
pulumi.set(self, "rotation_period", value)
|
553
|
+
|
554
|
+
@property
|
555
|
+
@pulumi.getter(name="rotationSchedule")
|
556
|
+
def rotation_schedule(self) -> Optional[pulumi.Input[builtins.str]]:
|
557
|
+
"""
|
558
|
+
The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
559
|
+
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
560
|
+
"""
|
561
|
+
return pulumi.get(self, "rotation_schedule")
|
562
|
+
|
563
|
+
@rotation_schedule.setter
|
564
|
+
def rotation_schedule(self, value: Optional[pulumi.Input[builtins.str]]):
|
565
|
+
pulumi.set(self, "rotation_schedule", value)
|
566
|
+
|
567
|
+
@property
|
568
|
+
@pulumi.getter(name="rotationWindow")
|
569
|
+
def rotation_window(self) -> Optional[pulumi.Input[builtins.int]]:
|
570
|
+
"""
|
571
|
+
The maximum amount of time in seconds allowed to complete
|
572
|
+
a rotation when a scheduled token rotation occurs. The default rotation window is
|
573
|
+
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
|
574
|
+
"""
|
575
|
+
return pulumi.get(self, "rotation_window")
|
576
|
+
|
577
|
+
@rotation_window.setter
|
578
|
+
def rotation_window(self, value: Optional[pulumi.Input[builtins.int]]):
|
579
|
+
pulumi.set(self, "rotation_window", value)
|
580
|
+
|
508
581
|
@property
|
509
582
|
@pulumi.getter
|
510
|
-
def schema(self) -> Optional[pulumi.Input[str]]:
|
583
|
+
def schema(self) -> Optional[pulumi.Input[builtins.str]]:
|
511
584
|
"""
|
512
585
|
The LDAP schema to use when storing entry passwords. Valid schemas include `openldap`, `ad`, and `racf`. Default is `openldap`.
|
513
586
|
"""
|
514
587
|
return pulumi.get(self, "schema")
|
515
588
|
|
516
589
|
@schema.setter
|
517
|
-
def schema(self, value: Optional[pulumi.Input[str]]):
|
590
|
+
def schema(self, value: Optional[pulumi.Input[builtins.str]]):
|
518
591
|
pulumi.set(self, "schema", value)
|
519
592
|
|
520
593
|
@property
|
521
594
|
@pulumi.getter(name="sealWrap")
|
522
|
-
def seal_wrap(self) -> Optional[pulumi.Input[bool]]:
|
595
|
+
def seal_wrap(self) -> Optional[pulumi.Input[builtins.bool]]:
|
523
596
|
"""
|
524
597
|
Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
|
525
598
|
"""
|
526
599
|
return pulumi.get(self, "seal_wrap")
|
527
600
|
|
528
601
|
@seal_wrap.setter
|
529
|
-
def seal_wrap(self, value: Optional[pulumi.Input[bool]]):
|
602
|
+
def seal_wrap(self, value: Optional[pulumi.Input[builtins.bool]]):
|
530
603
|
pulumi.set(self, "seal_wrap", value)
|
531
604
|
|
532
605
|
@property
|
533
606
|
@pulumi.getter(name="skipStaticRoleImportRotation")
|
534
|
-
def skip_static_role_import_rotation(self) -> Optional[pulumi.Input[bool]]:
|
607
|
+
def skip_static_role_import_rotation(self) -> Optional[pulumi.Input[builtins.bool]]:
|
535
608
|
"""
|
536
609
|
If set to true, static roles will not be rotated during import.
|
537
610
|
Defaults to false. Requires Vault 1.16 or above.
|
@@ -539,36 +612,36 @@ class SecretBackendArgs:
|
|
539
612
|
return pulumi.get(self, "skip_static_role_import_rotation")
|
540
613
|
|
541
614
|
@skip_static_role_import_rotation.setter
|
542
|
-
def skip_static_role_import_rotation(self, value: Optional[pulumi.Input[bool]]):
|
615
|
+
def skip_static_role_import_rotation(self, value: Optional[pulumi.Input[builtins.bool]]):
|
543
616
|
pulumi.set(self, "skip_static_role_import_rotation", value)
|
544
617
|
|
545
618
|
@property
|
546
619
|
@pulumi.getter
|
547
|
-
def starttls(self) -> Optional[pulumi.Input[bool]]:
|
620
|
+
def starttls(self) -> Optional[pulumi.Input[builtins.bool]]:
|
548
621
|
"""
|
549
622
|
Issue a StartTLS command after establishing unencrypted connection.
|
550
623
|
"""
|
551
624
|
return pulumi.get(self, "starttls")
|
552
625
|
|
553
626
|
@starttls.setter
|
554
|
-
def starttls(self, value: Optional[pulumi.Input[bool]]):
|
627
|
+
def starttls(self, value: Optional[pulumi.Input[builtins.bool]]):
|
555
628
|
pulumi.set(self, "starttls", value)
|
556
629
|
|
557
630
|
@property
|
558
631
|
@pulumi.getter
|
559
|
-
def upndomain(self) -> Optional[pulumi.Input[str]]:
|
632
|
+
def upndomain(self) -> Optional[pulumi.Input[builtins.str]]:
|
560
633
|
"""
|
561
634
|
Enables userPrincipalDomain login with [username]@UPNDomain.
|
562
635
|
"""
|
563
636
|
return pulumi.get(self, "upndomain")
|
564
637
|
|
565
638
|
@upndomain.setter
|
566
|
-
def upndomain(self, value: Optional[pulumi.Input[str]]):
|
639
|
+
def upndomain(self, value: Optional[pulumi.Input[builtins.str]]):
|
567
640
|
pulumi.set(self, "upndomain", value)
|
568
641
|
|
569
642
|
@property
|
570
643
|
@pulumi.getter
|
571
|
-
def url(self) -> Optional[pulumi.Input[str]]:
|
644
|
+
def url(self) -> Optional[pulumi.Input[builtins.str]]:
|
572
645
|
"""
|
573
646
|
LDAP URL to connect to. Multiple URLs can be specified by concatenating
|
574
647
|
them with commas; they will be tried in-order. Defaults to `ldap://127.0.0.1`.
|
@@ -576,122 +649,134 @@ class SecretBackendArgs:
|
|
576
649
|
return pulumi.get(self, "url")
|
577
650
|
|
578
651
|
@url.setter
|
579
|
-
def url(self, value: Optional[pulumi.Input[str]]):
|
652
|
+
def url(self, value: Optional[pulumi.Input[builtins.str]]):
|
580
653
|
pulumi.set(self, "url", value)
|
581
654
|
|
582
655
|
@property
|
583
656
|
@pulumi.getter
|
584
|
-
def userattr(self) -> Optional[pulumi.Input[str]]:
|
657
|
+
def userattr(self) -> Optional[pulumi.Input[builtins.str]]:
|
585
658
|
"""
|
586
659
|
Attribute used when searching users. Defaults to `cn`.
|
587
660
|
"""
|
588
661
|
return pulumi.get(self, "userattr")
|
589
662
|
|
590
663
|
@userattr.setter
|
591
|
-
def userattr(self, value: Optional[pulumi.Input[str]]):
|
664
|
+
def userattr(self, value: Optional[pulumi.Input[builtins.str]]):
|
592
665
|
pulumi.set(self, "userattr", value)
|
593
666
|
|
594
667
|
@property
|
595
668
|
@pulumi.getter
|
596
|
-
def userdn(self) -> Optional[pulumi.Input[str]]:
|
669
|
+
def userdn(self) -> Optional[pulumi.Input[builtins.str]]:
|
597
670
|
"""
|
598
671
|
LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.
|
599
672
|
"""
|
600
673
|
return pulumi.get(self, "userdn")
|
601
674
|
|
602
675
|
@userdn.setter
|
603
|
-
def userdn(self, value: Optional[pulumi.Input[str]]):
|
676
|
+
def userdn(self, value: Optional[pulumi.Input[builtins.str]]):
|
604
677
|
pulumi.set(self, "userdn", value)
|
605
678
|
|
606
679
|
|
607
680
|
@pulumi.input_type
|
608
681
|
class _SecretBackendState:
|
609
682
|
def __init__(__self__, *,
|
610
|
-
accessor: Optional[pulumi.Input[str]] = None,
|
611
|
-
allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
612
|
-
allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
613
|
-
audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
614
|
-
audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
615
|
-
binddn: Optional[pulumi.Input[str]] = None,
|
616
|
-
bindpass: Optional[pulumi.Input[str]] = None,
|
617
|
-
certificate: Optional[pulumi.Input[str]] = None,
|
618
|
-
client_tls_cert: Optional[pulumi.Input[str]] = None,
|
619
|
-
client_tls_key: Optional[pulumi.Input[str]] = None,
|
620
|
-
connection_timeout: Optional[pulumi.Input[int]] = None,
|
621
|
-
default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
622
|
-
delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
623
|
-
description: Optional[pulumi.Input[str]] = None,
|
624
|
-
|
625
|
-
|
626
|
-
|
627
|
-
|
628
|
-
|
629
|
-
|
630
|
-
|
631
|
-
|
632
|
-
|
633
|
-
|
634
|
-
|
635
|
-
|
636
|
-
|
637
|
-
|
638
|
-
|
639
|
-
|
640
|
-
|
641
|
-
|
642
|
-
|
643
|
-
|
644
|
-
|
645
|
-
|
683
|
+
accessor: Optional[pulumi.Input[builtins.str]] = None,
|
684
|
+
allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
685
|
+
allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
686
|
+
audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
687
|
+
audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
688
|
+
binddn: Optional[pulumi.Input[builtins.str]] = None,
|
689
|
+
bindpass: Optional[pulumi.Input[builtins.str]] = None,
|
690
|
+
certificate: Optional[pulumi.Input[builtins.str]] = None,
|
691
|
+
client_tls_cert: Optional[pulumi.Input[builtins.str]] = None,
|
692
|
+
client_tls_key: Optional[pulumi.Input[builtins.str]] = None,
|
693
|
+
connection_timeout: Optional[pulumi.Input[builtins.int]] = None,
|
694
|
+
default_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
|
695
|
+
delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
696
|
+
description: Optional[pulumi.Input[builtins.str]] = None,
|
697
|
+
disable_automated_rotation: Optional[pulumi.Input[builtins.bool]] = None,
|
698
|
+
disable_remount: Optional[pulumi.Input[builtins.bool]] = None,
|
699
|
+
external_entropy_access: Optional[pulumi.Input[builtins.bool]] = None,
|
700
|
+
identity_token_key: Optional[pulumi.Input[builtins.str]] = None,
|
701
|
+
insecure_tls: Optional[pulumi.Input[builtins.bool]] = None,
|
702
|
+
listing_visibility: Optional[pulumi.Input[builtins.str]] = None,
|
703
|
+
local: Optional[pulumi.Input[builtins.bool]] = None,
|
704
|
+
max_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
|
705
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
706
|
+
options: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
|
707
|
+
passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
708
|
+
password_policy: Optional[pulumi.Input[builtins.str]] = None,
|
709
|
+
path: Optional[pulumi.Input[builtins.str]] = None,
|
710
|
+
plugin_version: Optional[pulumi.Input[builtins.str]] = None,
|
711
|
+
request_timeout: Optional[pulumi.Input[builtins.int]] = None,
|
712
|
+
rotation_period: Optional[pulumi.Input[builtins.int]] = None,
|
713
|
+
rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
|
714
|
+
rotation_window: Optional[pulumi.Input[builtins.int]] = None,
|
715
|
+
schema: Optional[pulumi.Input[builtins.str]] = None,
|
716
|
+
seal_wrap: Optional[pulumi.Input[builtins.bool]] = None,
|
717
|
+
skip_static_role_import_rotation: Optional[pulumi.Input[builtins.bool]] = None,
|
718
|
+
starttls: Optional[pulumi.Input[builtins.bool]] = None,
|
719
|
+
upndomain: Optional[pulumi.Input[builtins.str]] = None,
|
720
|
+
url: Optional[pulumi.Input[builtins.str]] = None,
|
721
|
+
userattr: Optional[pulumi.Input[builtins.str]] = None,
|
722
|
+
userdn: Optional[pulumi.Input[builtins.str]] = None):
|
646
723
|
"""
|
647
724
|
Input properties used for looking up and filtering SecretBackend resources.
|
648
|
-
:param pulumi.Input[str] accessor: Accessor of the mount
|
649
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_managed_keys: List of managed key registry entry names that the mount in question is allowed to access
|
650
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_response_headers: List of headers to allow and pass from the request to the plugin
|
651
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
|
652
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
|
653
|
-
:param pulumi.Input[str] binddn: Distinguished name of object to bind when performing user and group search.
|
654
|
-
:param pulumi.Input[str] bindpass: Password to use along with binddn when performing user search.
|
655
|
-
:param pulumi.Input[str] certificate: CA certificate to use when verifying LDAP server certificate, must be
|
725
|
+
:param pulumi.Input[builtins.str] accessor: Accessor of the mount
|
726
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_managed_keys: List of managed key registry entry names that the mount in question is allowed to access
|
727
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_response_headers: List of headers to allow and pass from the request to the plugin
|
728
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
|
729
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
|
730
|
+
:param pulumi.Input[builtins.str] binddn: Distinguished name of object to bind when performing user and group search.
|
731
|
+
:param pulumi.Input[builtins.str] bindpass: Password to use along with binddn when performing user search.
|
732
|
+
:param pulumi.Input[builtins.str] certificate: CA certificate to use when verifying LDAP server certificate, must be
|
656
733
|
x509 PEM encoded.
|
657
|
-
:param pulumi.Input[str] client_tls_cert: Client certificate to provide to the LDAP server, must be x509 PEM encoded.
|
658
|
-
:param pulumi.Input[str] client_tls_key: Client certificate key to provide to the LDAP server, must be x509 PEM encoded.
|
659
|
-
:param pulumi.Input[int] connection_timeout: Timeout, in seconds, when attempting to connect to the LDAP server before trying
|
734
|
+
:param pulumi.Input[builtins.str] client_tls_cert: Client certificate to provide to the LDAP server, must be x509 PEM encoded.
|
735
|
+
:param pulumi.Input[builtins.str] client_tls_key: Client certificate key to provide to the LDAP server, must be x509 PEM encoded.
|
736
|
+
:param pulumi.Input[builtins.int] connection_timeout: Timeout, in seconds, when attempting to connect to the LDAP server before trying
|
660
737
|
the next URL in the configuration.
|
661
|
-
:param pulumi.Input[int] default_lease_ttl_seconds: Default lease duration for secrets in seconds.
|
662
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] delegated_auth_accessors: List of headers to allow and pass from the request to the plugin
|
663
|
-
:param pulumi.Input[str] description: Human-friendly description of the mount for the Active Directory backend.
|
664
|
-
:param pulumi.Input[bool]
|
665
|
-
:param pulumi.Input[bool]
|
666
|
-
:param pulumi.Input[
|
667
|
-
:param pulumi.Input[
|
738
|
+
:param pulumi.Input[builtins.int] default_lease_ttl_seconds: Default lease duration for secrets in seconds.
|
739
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] delegated_auth_accessors: List of headers to allow and pass from the request to the plugin
|
740
|
+
:param pulumi.Input[builtins.str] description: Human-friendly description of the mount for the Active Directory backend.
|
741
|
+
:param pulumi.Input[builtins.bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
742
|
+
:param pulumi.Input[builtins.bool] disable_remount: If set, opts out of mount migration on path updates.
|
743
|
+
:param pulumi.Input[builtins.bool] external_entropy_access: Enable the secrets engine to access Vault's external entropy source
|
744
|
+
:param pulumi.Input[builtins.str] identity_token_key: The key to use for signing plugin workload identity tokens
|
745
|
+
:param pulumi.Input[builtins.bool] insecure_tls: Skip LDAP server SSL Certificate verification. This is not recommended for production.
|
668
746
|
Defaults to `false`.
|
669
|
-
:param pulumi.Input[str] listing_visibility: Specifies whether to show this mount in the UI-specific listing endpoint
|
670
|
-
:param pulumi.Input[bool] local: Mark the secrets engine as local-only. Local engines are not replicated or removed by
|
747
|
+
:param pulumi.Input[builtins.str] listing_visibility: Specifies whether to show this mount in the UI-specific listing endpoint
|
748
|
+
:param pulumi.Input[builtins.bool] local: Mark the secrets engine as local-only. Local engines are not replicated or removed by
|
671
749
|
replication.Tolerance duration to use when checking the last rotation time.
|
672
|
-
:param pulumi.Input[int] max_lease_ttl_seconds: Maximum possible lease duration for secrets in seconds.
|
673
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
750
|
+
:param pulumi.Input[builtins.int] max_lease_ttl_seconds: Maximum possible lease duration for secrets in seconds.
|
751
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
674
752
|
The value should not contain leading or trailing forward slashes.
|
675
753
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
676
754
|
*Available only for Vault Enterprise*.
|
677
|
-
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] options: Specifies mount type specific options that are passed to the backend
|
678
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] passthrough_request_headers: List of headers to allow and pass from the request to the plugin
|
679
|
-
:param pulumi.Input[str] password_policy: Name of the password policy to use to generate passwords.
|
680
|
-
:param pulumi.Input[str] path: The unique path this backend should be mounted at. Must
|
755
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] options: Specifies mount type specific options that are passed to the backend
|
756
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] passthrough_request_headers: List of headers to allow and pass from the request to the plugin
|
757
|
+
:param pulumi.Input[builtins.str] password_policy: Name of the password policy to use to generate passwords.
|
758
|
+
:param pulumi.Input[builtins.str] path: The unique path this backend should be mounted at. Must
|
681
759
|
not begin or end with a `/`. Defaults to `ldap`.
|
682
|
-
:param pulumi.Input[str] plugin_version: Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
|
683
|
-
:param pulumi.Input[int] request_timeout: Timeout, in seconds, for the connection when making requests against the server
|
760
|
+
:param pulumi.Input[builtins.str] plugin_version: Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
|
761
|
+
:param pulumi.Input[builtins.int] request_timeout: Timeout, in seconds, for the connection when making requests against the server
|
684
762
|
before returning back an error.
|
685
|
-
:param pulumi.Input[
|
686
|
-
|
687
|
-
:param pulumi.Input[
|
763
|
+
:param pulumi.Input[builtins.int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
|
764
|
+
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
765
|
+
:param pulumi.Input[builtins.str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
766
|
+
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
767
|
+
:param pulumi.Input[builtins.int] rotation_window: The maximum amount of time in seconds allowed to complete
|
768
|
+
a rotation when a scheduled token rotation occurs. The default rotation window is
|
769
|
+
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
|
770
|
+
:param pulumi.Input[builtins.str] schema: The LDAP schema to use when storing entry passwords. Valid schemas include `openldap`, `ad`, and `racf`. Default is `openldap`.
|
771
|
+
:param pulumi.Input[builtins.bool] seal_wrap: Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
|
772
|
+
:param pulumi.Input[builtins.bool] skip_static_role_import_rotation: If set to true, static roles will not be rotated during import.
|
688
773
|
Defaults to false. Requires Vault 1.16 or above.
|
689
|
-
:param pulumi.Input[bool] starttls: Issue a StartTLS command after establishing unencrypted connection.
|
690
|
-
:param pulumi.Input[str] upndomain: Enables userPrincipalDomain login with [username]@UPNDomain.
|
691
|
-
:param pulumi.Input[str] url: LDAP URL to connect to. Multiple URLs can be specified by concatenating
|
774
|
+
:param pulumi.Input[builtins.bool] starttls: Issue a StartTLS command after establishing unencrypted connection.
|
775
|
+
:param pulumi.Input[builtins.str] upndomain: Enables userPrincipalDomain login with [username]@UPNDomain.
|
776
|
+
:param pulumi.Input[builtins.str] url: LDAP URL to connect to. Multiple URLs can be specified by concatenating
|
692
777
|
them with commas; they will be tried in-order. Defaults to `ldap://127.0.0.1`.
|
693
|
-
:param pulumi.Input[str] userattr: Attribute used when searching users. Defaults to `cn`.
|
694
|
-
:param pulumi.Input[str] userdn: LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.
|
778
|
+
:param pulumi.Input[builtins.str] userattr: Attribute used when searching users. Defaults to `cn`.
|
779
|
+
:param pulumi.Input[builtins.str] userdn: LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.
|
695
780
|
"""
|
696
781
|
if accessor is not None:
|
697
782
|
pulumi.set(__self__, "accessor", accessor)
|
@@ -721,6 +806,8 @@ class _SecretBackendState:
|
|
721
806
|
pulumi.set(__self__, "delegated_auth_accessors", delegated_auth_accessors)
|
722
807
|
if description is not None:
|
723
808
|
pulumi.set(__self__, "description", description)
|
809
|
+
if disable_automated_rotation is not None:
|
810
|
+
pulumi.set(__self__, "disable_automated_rotation", disable_automated_rotation)
|
724
811
|
if disable_remount is not None:
|
725
812
|
pulumi.set(__self__, "disable_remount", disable_remount)
|
726
813
|
if external_entropy_access is not None:
|
@@ -749,6 +836,12 @@ class _SecretBackendState:
|
|
749
836
|
pulumi.set(__self__, "plugin_version", plugin_version)
|
750
837
|
if request_timeout is not None:
|
751
838
|
pulumi.set(__self__, "request_timeout", request_timeout)
|
839
|
+
if rotation_period is not None:
|
840
|
+
pulumi.set(__self__, "rotation_period", rotation_period)
|
841
|
+
if rotation_schedule is not None:
|
842
|
+
pulumi.set(__self__, "rotation_schedule", rotation_schedule)
|
843
|
+
if rotation_window is not None:
|
844
|
+
pulumi.set(__self__, "rotation_window", rotation_window)
|
752
845
|
if schema is not None:
|
753
846
|
pulumi.set(__self__, "schema", schema)
|
754
847
|
if seal_wrap is not None:
|
@@ -768,91 +861,91 @@ class _SecretBackendState:
|
|
768
861
|
|
769
862
|
@property
|
770
863
|
@pulumi.getter
|
771
|
-
def accessor(self) -> Optional[pulumi.Input[str]]:
|
864
|
+
def accessor(self) -> Optional[pulumi.Input[builtins.str]]:
|
772
865
|
"""
|
773
866
|
Accessor of the mount
|
774
867
|
"""
|
775
868
|
return pulumi.get(self, "accessor")
|
776
869
|
|
777
870
|
@accessor.setter
|
778
|
-
def accessor(self, value: Optional[pulumi.Input[str]]):
|
871
|
+
def accessor(self, value: Optional[pulumi.Input[builtins.str]]):
|
779
872
|
pulumi.set(self, "accessor", value)
|
780
873
|
|
781
874
|
@property
|
782
875
|
@pulumi.getter(name="allowedManagedKeys")
|
783
|
-
def allowed_managed_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
876
|
+
def allowed_managed_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
784
877
|
"""
|
785
878
|
List of managed key registry entry names that the mount in question is allowed to access
|
786
879
|
"""
|
787
880
|
return pulumi.get(self, "allowed_managed_keys")
|
788
881
|
|
789
882
|
@allowed_managed_keys.setter
|
790
|
-
def allowed_managed_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
883
|
+
def allowed_managed_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
791
884
|
pulumi.set(self, "allowed_managed_keys", value)
|
792
885
|
|
793
886
|
@property
|
794
887
|
@pulumi.getter(name="allowedResponseHeaders")
|
795
|
-
def allowed_response_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
888
|
+
def allowed_response_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
796
889
|
"""
|
797
890
|
List of headers to allow and pass from the request to the plugin
|
798
891
|
"""
|
799
892
|
return pulumi.get(self, "allowed_response_headers")
|
800
893
|
|
801
894
|
@allowed_response_headers.setter
|
802
|
-
def allowed_response_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
895
|
+
def allowed_response_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
803
896
|
pulumi.set(self, "allowed_response_headers", value)
|
804
897
|
|
805
898
|
@property
|
806
899
|
@pulumi.getter(name="auditNonHmacRequestKeys")
|
807
|
-
def audit_non_hmac_request_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
900
|
+
def audit_non_hmac_request_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
808
901
|
"""
|
809
902
|
Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
|
810
903
|
"""
|
811
904
|
return pulumi.get(self, "audit_non_hmac_request_keys")
|
812
905
|
|
813
906
|
@audit_non_hmac_request_keys.setter
|
814
|
-
def audit_non_hmac_request_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
907
|
+
def audit_non_hmac_request_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
815
908
|
pulumi.set(self, "audit_non_hmac_request_keys", value)
|
816
909
|
|
817
910
|
@property
|
818
911
|
@pulumi.getter(name="auditNonHmacResponseKeys")
|
819
|
-
def audit_non_hmac_response_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
912
|
+
def audit_non_hmac_response_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
820
913
|
"""
|
821
914
|
Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
|
822
915
|
"""
|
823
916
|
return pulumi.get(self, "audit_non_hmac_response_keys")
|
824
917
|
|
825
918
|
@audit_non_hmac_response_keys.setter
|
826
|
-
def audit_non_hmac_response_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
919
|
+
def audit_non_hmac_response_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
827
920
|
pulumi.set(self, "audit_non_hmac_response_keys", value)
|
828
921
|
|
829
922
|
@property
|
830
923
|
@pulumi.getter
|
831
|
-
def binddn(self) -> Optional[pulumi.Input[str]]:
|
924
|
+
def binddn(self) -> Optional[pulumi.Input[builtins.str]]:
|
832
925
|
"""
|
833
926
|
Distinguished name of object to bind when performing user and group search.
|
834
927
|
"""
|
835
928
|
return pulumi.get(self, "binddn")
|
836
929
|
|
837
930
|
@binddn.setter
|
838
|
-
def binddn(self, value: Optional[pulumi.Input[str]]):
|
931
|
+
def binddn(self, value: Optional[pulumi.Input[builtins.str]]):
|
839
932
|
pulumi.set(self, "binddn", value)
|
840
933
|
|
841
934
|
@property
|
842
935
|
@pulumi.getter
|
843
|
-
def bindpass(self) -> Optional[pulumi.Input[str]]:
|
936
|
+
def bindpass(self) -> Optional[pulumi.Input[builtins.str]]:
|
844
937
|
"""
|
845
938
|
Password to use along with binddn when performing user search.
|
846
939
|
"""
|
847
940
|
return pulumi.get(self, "bindpass")
|
848
941
|
|
849
942
|
@bindpass.setter
|
850
|
-
def bindpass(self, value: Optional[pulumi.Input[str]]):
|
943
|
+
def bindpass(self, value: Optional[pulumi.Input[builtins.str]]):
|
851
944
|
pulumi.set(self, "bindpass", value)
|
852
945
|
|
853
946
|
@property
|
854
947
|
@pulumi.getter
|
855
|
-
def certificate(self) -> Optional[pulumi.Input[str]]:
|
948
|
+
def certificate(self) -> Optional[pulumi.Input[builtins.str]]:
|
856
949
|
"""
|
857
950
|
CA certificate to use when verifying LDAP server certificate, must be
|
858
951
|
x509 PEM encoded.
|
@@ -860,36 +953,36 @@ class _SecretBackendState:
|
|
860
953
|
return pulumi.get(self, "certificate")
|
861
954
|
|
862
955
|
@certificate.setter
|
863
|
-
def certificate(self, value: Optional[pulumi.Input[str]]):
|
956
|
+
def certificate(self, value: Optional[pulumi.Input[builtins.str]]):
|
864
957
|
pulumi.set(self, "certificate", value)
|
865
958
|
|
866
959
|
@property
|
867
960
|
@pulumi.getter(name="clientTlsCert")
|
868
|
-
def client_tls_cert(self) -> Optional[pulumi.Input[str]]:
|
961
|
+
def client_tls_cert(self) -> Optional[pulumi.Input[builtins.str]]:
|
869
962
|
"""
|
870
963
|
Client certificate to provide to the LDAP server, must be x509 PEM encoded.
|
871
964
|
"""
|
872
965
|
return pulumi.get(self, "client_tls_cert")
|
873
966
|
|
874
967
|
@client_tls_cert.setter
|
875
|
-
def client_tls_cert(self, value: Optional[pulumi.Input[str]]):
|
968
|
+
def client_tls_cert(self, value: Optional[pulumi.Input[builtins.str]]):
|
876
969
|
pulumi.set(self, "client_tls_cert", value)
|
877
970
|
|
878
971
|
@property
|
879
972
|
@pulumi.getter(name="clientTlsKey")
|
880
|
-
def client_tls_key(self) -> Optional[pulumi.Input[str]]:
|
973
|
+
def client_tls_key(self) -> Optional[pulumi.Input[builtins.str]]:
|
881
974
|
"""
|
882
975
|
Client certificate key to provide to the LDAP server, must be x509 PEM encoded.
|
883
976
|
"""
|
884
977
|
return pulumi.get(self, "client_tls_key")
|
885
978
|
|
886
979
|
@client_tls_key.setter
|
887
|
-
def client_tls_key(self, value: Optional[pulumi.Input[str]]):
|
980
|
+
def client_tls_key(self, value: Optional[pulumi.Input[builtins.str]]):
|
888
981
|
pulumi.set(self, "client_tls_key", value)
|
889
982
|
|
890
983
|
@property
|
891
984
|
@pulumi.getter(name="connectionTimeout")
|
892
|
-
def connection_timeout(self) -> Optional[pulumi.Input[int]]:
|
985
|
+
def connection_timeout(self) -> Optional[pulumi.Input[builtins.int]]:
|
893
986
|
"""
|
894
987
|
Timeout, in seconds, when attempting to connect to the LDAP server before trying
|
895
988
|
the next URL in the configuration.
|
@@ -897,84 +990,96 @@ class _SecretBackendState:
|
|
897
990
|
return pulumi.get(self, "connection_timeout")
|
898
991
|
|
899
992
|
@connection_timeout.setter
|
900
|
-
def connection_timeout(self, value: Optional[pulumi.Input[int]]):
|
993
|
+
def connection_timeout(self, value: Optional[pulumi.Input[builtins.int]]):
|
901
994
|
pulumi.set(self, "connection_timeout", value)
|
902
995
|
|
903
996
|
@property
|
904
997
|
@pulumi.getter(name="defaultLeaseTtlSeconds")
|
905
|
-
def default_lease_ttl_seconds(self) -> Optional[pulumi.Input[int]]:
|
998
|
+
def default_lease_ttl_seconds(self) -> Optional[pulumi.Input[builtins.int]]:
|
906
999
|
"""
|
907
1000
|
Default lease duration for secrets in seconds.
|
908
1001
|
"""
|
909
1002
|
return pulumi.get(self, "default_lease_ttl_seconds")
|
910
1003
|
|
911
1004
|
@default_lease_ttl_seconds.setter
|
912
|
-
def default_lease_ttl_seconds(self, value: Optional[pulumi.Input[int]]):
|
1005
|
+
def default_lease_ttl_seconds(self, value: Optional[pulumi.Input[builtins.int]]):
|
913
1006
|
pulumi.set(self, "default_lease_ttl_seconds", value)
|
914
1007
|
|
915
1008
|
@property
|
916
1009
|
@pulumi.getter(name="delegatedAuthAccessors")
|
917
|
-
def delegated_auth_accessors(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
1010
|
+
def delegated_auth_accessors(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
918
1011
|
"""
|
919
1012
|
List of headers to allow and pass from the request to the plugin
|
920
1013
|
"""
|
921
1014
|
return pulumi.get(self, "delegated_auth_accessors")
|
922
1015
|
|
923
1016
|
@delegated_auth_accessors.setter
|
924
|
-
def delegated_auth_accessors(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
1017
|
+
def delegated_auth_accessors(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
925
1018
|
pulumi.set(self, "delegated_auth_accessors", value)
|
926
1019
|
|
927
1020
|
@property
|
928
1021
|
@pulumi.getter
|
929
|
-
def description(self) -> Optional[pulumi.Input[str]]:
|
1022
|
+
def description(self) -> Optional[pulumi.Input[builtins.str]]:
|
930
1023
|
"""
|
931
1024
|
Human-friendly description of the mount for the Active Directory backend.
|
932
1025
|
"""
|
933
1026
|
return pulumi.get(self, "description")
|
934
1027
|
|
935
1028
|
@description.setter
|
936
|
-
def description(self, value: Optional[pulumi.Input[str]]):
|
1029
|
+
def description(self, value: Optional[pulumi.Input[builtins.str]]):
|
937
1030
|
pulumi.set(self, "description", value)
|
938
1031
|
|
1032
|
+
@property
|
1033
|
+
@pulumi.getter(name="disableAutomatedRotation")
|
1034
|
+
def disable_automated_rotation(self) -> Optional[pulumi.Input[builtins.bool]]:
|
1035
|
+
"""
|
1036
|
+
Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
1037
|
+
"""
|
1038
|
+
return pulumi.get(self, "disable_automated_rotation")
|
1039
|
+
|
1040
|
+
@disable_automated_rotation.setter
|
1041
|
+
def disable_automated_rotation(self, value: Optional[pulumi.Input[builtins.bool]]):
|
1042
|
+
pulumi.set(self, "disable_automated_rotation", value)
|
1043
|
+
|
939
1044
|
@property
|
940
1045
|
@pulumi.getter(name="disableRemount")
|
941
|
-
def disable_remount(self) -> Optional[pulumi.Input[bool]]:
|
1046
|
+
def disable_remount(self) -> Optional[pulumi.Input[builtins.bool]]:
|
942
1047
|
"""
|
943
1048
|
If set, opts out of mount migration on path updates.
|
944
1049
|
"""
|
945
1050
|
return pulumi.get(self, "disable_remount")
|
946
1051
|
|
947
1052
|
@disable_remount.setter
|
948
|
-
def disable_remount(self, value: Optional[pulumi.Input[bool]]):
|
1053
|
+
def disable_remount(self, value: Optional[pulumi.Input[builtins.bool]]):
|
949
1054
|
pulumi.set(self, "disable_remount", value)
|
950
1055
|
|
951
1056
|
@property
|
952
1057
|
@pulumi.getter(name="externalEntropyAccess")
|
953
|
-
def external_entropy_access(self) -> Optional[pulumi.Input[bool]]:
|
1058
|
+
def external_entropy_access(self) -> Optional[pulumi.Input[builtins.bool]]:
|
954
1059
|
"""
|
955
1060
|
Enable the secrets engine to access Vault's external entropy source
|
956
1061
|
"""
|
957
1062
|
return pulumi.get(self, "external_entropy_access")
|
958
1063
|
|
959
1064
|
@external_entropy_access.setter
|
960
|
-
def external_entropy_access(self, value: Optional[pulumi.Input[bool]]):
|
1065
|
+
def external_entropy_access(self, value: Optional[pulumi.Input[builtins.bool]]):
|
961
1066
|
pulumi.set(self, "external_entropy_access", value)
|
962
1067
|
|
963
1068
|
@property
|
964
1069
|
@pulumi.getter(name="identityTokenKey")
|
965
|
-
def identity_token_key(self) -> Optional[pulumi.Input[str]]:
|
1070
|
+
def identity_token_key(self) -> Optional[pulumi.Input[builtins.str]]:
|
966
1071
|
"""
|
967
1072
|
The key to use for signing plugin workload identity tokens
|
968
1073
|
"""
|
969
1074
|
return pulumi.get(self, "identity_token_key")
|
970
1075
|
|
971
1076
|
@identity_token_key.setter
|
972
|
-
def identity_token_key(self, value: Optional[pulumi.Input[str]]):
|
1077
|
+
def identity_token_key(self, value: Optional[pulumi.Input[builtins.str]]):
|
973
1078
|
pulumi.set(self, "identity_token_key", value)
|
974
1079
|
|
975
1080
|
@property
|
976
1081
|
@pulumi.getter(name="insecureTls")
|
977
|
-
def insecure_tls(self) -> Optional[pulumi.Input[bool]]:
|
1082
|
+
def insecure_tls(self) -> Optional[pulumi.Input[builtins.bool]]:
|
978
1083
|
"""
|
979
1084
|
Skip LDAP server SSL Certificate verification. This is not recommended for production.
|
980
1085
|
Defaults to `false`.
|
@@ -982,24 +1087,24 @@ class _SecretBackendState:
|
|
982
1087
|
return pulumi.get(self, "insecure_tls")
|
983
1088
|
|
984
1089
|
@insecure_tls.setter
|
985
|
-
def insecure_tls(self, value: Optional[pulumi.Input[bool]]):
|
1090
|
+
def insecure_tls(self, value: Optional[pulumi.Input[builtins.bool]]):
|
986
1091
|
pulumi.set(self, "insecure_tls", value)
|
987
1092
|
|
988
1093
|
@property
|
989
1094
|
@pulumi.getter(name="listingVisibility")
|
990
|
-
def listing_visibility(self) -> Optional[pulumi.Input[str]]:
|
1095
|
+
def listing_visibility(self) -> Optional[pulumi.Input[builtins.str]]:
|
991
1096
|
"""
|
992
1097
|
Specifies whether to show this mount in the UI-specific listing endpoint
|
993
1098
|
"""
|
994
1099
|
return pulumi.get(self, "listing_visibility")
|
995
1100
|
|
996
1101
|
@listing_visibility.setter
|
997
|
-
def listing_visibility(self, value: Optional[pulumi.Input[str]]):
|
1102
|
+
def listing_visibility(self, value: Optional[pulumi.Input[builtins.str]]):
|
998
1103
|
pulumi.set(self, "listing_visibility", value)
|
999
1104
|
|
1000
1105
|
@property
|
1001
1106
|
@pulumi.getter
|
1002
|
-
def local(self) -> Optional[pulumi.Input[bool]]:
|
1107
|
+
def local(self) -> Optional[pulumi.Input[builtins.bool]]:
|
1003
1108
|
"""
|
1004
1109
|
Mark the secrets engine as local-only. Local engines are not replicated or removed by
|
1005
1110
|
replication.Tolerance duration to use when checking the last rotation time.
|
@@ -1007,24 +1112,24 @@ class _SecretBackendState:
|
|
1007
1112
|
return pulumi.get(self, "local")
|
1008
1113
|
|
1009
1114
|
@local.setter
|
1010
|
-
def local(self, value: Optional[pulumi.Input[bool]]):
|
1115
|
+
def local(self, value: Optional[pulumi.Input[builtins.bool]]):
|
1011
1116
|
pulumi.set(self, "local", value)
|
1012
1117
|
|
1013
1118
|
@property
|
1014
1119
|
@pulumi.getter(name="maxLeaseTtlSeconds")
|
1015
|
-
def max_lease_ttl_seconds(self) -> Optional[pulumi.Input[int]]:
|
1120
|
+
def max_lease_ttl_seconds(self) -> Optional[pulumi.Input[builtins.int]]:
|
1016
1121
|
"""
|
1017
1122
|
Maximum possible lease duration for secrets in seconds.
|
1018
1123
|
"""
|
1019
1124
|
return pulumi.get(self, "max_lease_ttl_seconds")
|
1020
1125
|
|
1021
1126
|
@max_lease_ttl_seconds.setter
|
1022
|
-
def max_lease_ttl_seconds(self, value: Optional[pulumi.Input[int]]):
|
1127
|
+
def max_lease_ttl_seconds(self, value: Optional[pulumi.Input[builtins.int]]):
|
1023
1128
|
pulumi.set(self, "max_lease_ttl_seconds", value)
|
1024
1129
|
|
1025
1130
|
@property
|
1026
1131
|
@pulumi.getter
|
1027
|
-
def namespace(self) -> Optional[pulumi.Input[str]]:
|
1132
|
+
def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
|
1028
1133
|
"""
|
1029
1134
|
The namespace to provision the resource in.
|
1030
1135
|
The value should not contain leading or trailing forward slashes.
|
@@ -1034,48 +1139,48 @@ class _SecretBackendState:
|
|
1034
1139
|
return pulumi.get(self, "namespace")
|
1035
1140
|
|
1036
1141
|
@namespace.setter
|
1037
|
-
def namespace(self, value: Optional[pulumi.Input[str]]):
|
1142
|
+
def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
|
1038
1143
|
pulumi.set(self, "namespace", value)
|
1039
1144
|
|
1040
1145
|
@property
|
1041
1146
|
@pulumi.getter
|
1042
|
-
def options(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
|
1147
|
+
def options(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]:
|
1043
1148
|
"""
|
1044
1149
|
Specifies mount type specific options that are passed to the backend
|
1045
1150
|
"""
|
1046
1151
|
return pulumi.get(self, "options")
|
1047
1152
|
|
1048
1153
|
@options.setter
|
1049
|
-
def options(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
|
1154
|
+
def options(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]):
|
1050
1155
|
pulumi.set(self, "options", value)
|
1051
1156
|
|
1052
1157
|
@property
|
1053
1158
|
@pulumi.getter(name="passthroughRequestHeaders")
|
1054
|
-
def passthrough_request_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
1159
|
+
def passthrough_request_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
1055
1160
|
"""
|
1056
1161
|
List of headers to allow and pass from the request to the plugin
|
1057
1162
|
"""
|
1058
1163
|
return pulumi.get(self, "passthrough_request_headers")
|
1059
1164
|
|
1060
1165
|
@passthrough_request_headers.setter
|
1061
|
-
def passthrough_request_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
1166
|
+
def passthrough_request_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
1062
1167
|
pulumi.set(self, "passthrough_request_headers", value)
|
1063
1168
|
|
1064
1169
|
@property
|
1065
1170
|
@pulumi.getter(name="passwordPolicy")
|
1066
|
-
def password_policy(self) -> Optional[pulumi.Input[str]]:
|
1171
|
+
def password_policy(self) -> Optional[pulumi.Input[builtins.str]]:
|
1067
1172
|
"""
|
1068
1173
|
Name of the password policy to use to generate passwords.
|
1069
1174
|
"""
|
1070
1175
|
return pulumi.get(self, "password_policy")
|
1071
1176
|
|
1072
1177
|
@password_policy.setter
|
1073
|
-
def password_policy(self, value: Optional[pulumi.Input[str]]):
|
1178
|
+
def password_policy(self, value: Optional[pulumi.Input[builtins.str]]):
|
1074
1179
|
pulumi.set(self, "password_policy", value)
|
1075
1180
|
|
1076
1181
|
@property
|
1077
1182
|
@pulumi.getter
|
1078
|
-
def path(self) -> Optional[pulumi.Input[str]]:
|
1183
|
+
def path(self) -> Optional[pulumi.Input[builtins.str]]:
|
1079
1184
|
"""
|
1080
1185
|
The unique path this backend should be mounted at. Must
|
1081
1186
|
not begin or end with a `/`. Defaults to `ldap`.
|
@@ -1083,24 +1188,24 @@ class _SecretBackendState:
|
|
1083
1188
|
return pulumi.get(self, "path")
|
1084
1189
|
|
1085
1190
|
@path.setter
|
1086
|
-
def path(self, value: Optional[pulumi.Input[str]]):
|
1191
|
+
def path(self, value: Optional[pulumi.Input[builtins.str]]):
|
1087
1192
|
pulumi.set(self, "path", value)
|
1088
1193
|
|
1089
1194
|
@property
|
1090
1195
|
@pulumi.getter(name="pluginVersion")
|
1091
|
-
def plugin_version(self) -> Optional[pulumi.Input[str]]:
|
1196
|
+
def plugin_version(self) -> Optional[pulumi.Input[builtins.str]]:
|
1092
1197
|
"""
|
1093
1198
|
Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
|
1094
1199
|
"""
|
1095
1200
|
return pulumi.get(self, "plugin_version")
|
1096
1201
|
|
1097
1202
|
@plugin_version.setter
|
1098
|
-
def plugin_version(self, value: Optional[pulumi.Input[str]]):
|
1203
|
+
def plugin_version(self, value: Optional[pulumi.Input[builtins.str]]):
|
1099
1204
|
pulumi.set(self, "plugin_version", value)
|
1100
1205
|
|
1101
1206
|
@property
|
1102
1207
|
@pulumi.getter(name="requestTimeout")
|
1103
|
-
def request_timeout(self) -> Optional[pulumi.Input[int]]:
|
1208
|
+
def request_timeout(self) -> Optional[pulumi.Input[builtins.int]]:
|
1104
1209
|
"""
|
1105
1210
|
Timeout, in seconds, for the connection when making requests against the server
|
1106
1211
|
before returning back an error.
|
@@ -1108,36 +1213,76 @@ class _SecretBackendState:
|
|
1108
1213
|
return pulumi.get(self, "request_timeout")
|
1109
1214
|
|
1110
1215
|
@request_timeout.setter
|
1111
|
-
def request_timeout(self, value: Optional[pulumi.Input[int]]):
|
1216
|
+
def request_timeout(self, value: Optional[pulumi.Input[builtins.int]]):
|
1112
1217
|
pulumi.set(self, "request_timeout", value)
|
1113
1218
|
|
1219
|
+
@property
|
1220
|
+
@pulumi.getter(name="rotationPeriod")
|
1221
|
+
def rotation_period(self) -> Optional[pulumi.Input[builtins.int]]:
|
1222
|
+
"""
|
1223
|
+
The amount of time in seconds Vault should wait before rotating the root credential.
|
1224
|
+
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
1225
|
+
"""
|
1226
|
+
return pulumi.get(self, "rotation_period")
|
1227
|
+
|
1228
|
+
@rotation_period.setter
|
1229
|
+
def rotation_period(self, value: Optional[pulumi.Input[builtins.int]]):
|
1230
|
+
pulumi.set(self, "rotation_period", value)
|
1231
|
+
|
1232
|
+
@property
|
1233
|
+
@pulumi.getter(name="rotationSchedule")
|
1234
|
+
def rotation_schedule(self) -> Optional[pulumi.Input[builtins.str]]:
|
1235
|
+
"""
|
1236
|
+
The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
1237
|
+
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
1238
|
+
"""
|
1239
|
+
return pulumi.get(self, "rotation_schedule")
|
1240
|
+
|
1241
|
+
@rotation_schedule.setter
|
1242
|
+
def rotation_schedule(self, value: Optional[pulumi.Input[builtins.str]]):
|
1243
|
+
pulumi.set(self, "rotation_schedule", value)
|
1244
|
+
|
1245
|
+
@property
|
1246
|
+
@pulumi.getter(name="rotationWindow")
|
1247
|
+
def rotation_window(self) -> Optional[pulumi.Input[builtins.int]]:
|
1248
|
+
"""
|
1249
|
+
The maximum amount of time in seconds allowed to complete
|
1250
|
+
a rotation when a scheduled token rotation occurs. The default rotation window is
|
1251
|
+
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
|
1252
|
+
"""
|
1253
|
+
return pulumi.get(self, "rotation_window")
|
1254
|
+
|
1255
|
+
@rotation_window.setter
|
1256
|
+
def rotation_window(self, value: Optional[pulumi.Input[builtins.int]]):
|
1257
|
+
pulumi.set(self, "rotation_window", value)
|
1258
|
+
|
1114
1259
|
@property
|
1115
1260
|
@pulumi.getter
|
1116
|
-
def schema(self) -> Optional[pulumi.Input[str]]:
|
1261
|
+
def schema(self) -> Optional[pulumi.Input[builtins.str]]:
|
1117
1262
|
"""
|
1118
1263
|
The LDAP schema to use when storing entry passwords. Valid schemas include `openldap`, `ad`, and `racf`. Default is `openldap`.
|
1119
1264
|
"""
|
1120
1265
|
return pulumi.get(self, "schema")
|
1121
1266
|
|
1122
1267
|
@schema.setter
|
1123
|
-
def schema(self, value: Optional[pulumi.Input[str]]):
|
1268
|
+
def schema(self, value: Optional[pulumi.Input[builtins.str]]):
|
1124
1269
|
pulumi.set(self, "schema", value)
|
1125
1270
|
|
1126
1271
|
@property
|
1127
1272
|
@pulumi.getter(name="sealWrap")
|
1128
|
-
def seal_wrap(self) -> Optional[pulumi.Input[bool]]:
|
1273
|
+
def seal_wrap(self) -> Optional[pulumi.Input[builtins.bool]]:
|
1129
1274
|
"""
|
1130
1275
|
Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
|
1131
1276
|
"""
|
1132
1277
|
return pulumi.get(self, "seal_wrap")
|
1133
1278
|
|
1134
1279
|
@seal_wrap.setter
|
1135
|
-
def seal_wrap(self, value: Optional[pulumi.Input[bool]]):
|
1280
|
+
def seal_wrap(self, value: Optional[pulumi.Input[builtins.bool]]):
|
1136
1281
|
pulumi.set(self, "seal_wrap", value)
|
1137
1282
|
|
1138
1283
|
@property
|
1139
1284
|
@pulumi.getter(name="skipStaticRoleImportRotation")
|
1140
|
-
def skip_static_role_import_rotation(self) -> Optional[pulumi.Input[bool]]:
|
1285
|
+
def skip_static_role_import_rotation(self) -> Optional[pulumi.Input[builtins.bool]]:
|
1141
1286
|
"""
|
1142
1287
|
If set to true, static roles will not be rotated during import.
|
1143
1288
|
Defaults to false. Requires Vault 1.16 or above.
|
@@ -1145,36 +1290,36 @@ class _SecretBackendState:
|
|
1145
1290
|
return pulumi.get(self, "skip_static_role_import_rotation")
|
1146
1291
|
|
1147
1292
|
@skip_static_role_import_rotation.setter
|
1148
|
-
def skip_static_role_import_rotation(self, value: Optional[pulumi.Input[bool]]):
|
1293
|
+
def skip_static_role_import_rotation(self, value: Optional[pulumi.Input[builtins.bool]]):
|
1149
1294
|
pulumi.set(self, "skip_static_role_import_rotation", value)
|
1150
1295
|
|
1151
1296
|
@property
|
1152
1297
|
@pulumi.getter
|
1153
|
-
def starttls(self) -> Optional[pulumi.Input[bool]]:
|
1298
|
+
def starttls(self) -> Optional[pulumi.Input[builtins.bool]]:
|
1154
1299
|
"""
|
1155
1300
|
Issue a StartTLS command after establishing unencrypted connection.
|
1156
1301
|
"""
|
1157
1302
|
return pulumi.get(self, "starttls")
|
1158
1303
|
|
1159
1304
|
@starttls.setter
|
1160
|
-
def starttls(self, value: Optional[pulumi.Input[bool]]):
|
1305
|
+
def starttls(self, value: Optional[pulumi.Input[builtins.bool]]):
|
1161
1306
|
pulumi.set(self, "starttls", value)
|
1162
1307
|
|
1163
1308
|
@property
|
1164
1309
|
@pulumi.getter
|
1165
|
-
def upndomain(self) -> Optional[pulumi.Input[str]]:
|
1310
|
+
def upndomain(self) -> Optional[pulumi.Input[builtins.str]]:
|
1166
1311
|
"""
|
1167
1312
|
Enables userPrincipalDomain login with [username]@UPNDomain.
|
1168
1313
|
"""
|
1169
1314
|
return pulumi.get(self, "upndomain")
|
1170
1315
|
|
1171
1316
|
@upndomain.setter
|
1172
|
-
def upndomain(self, value: Optional[pulumi.Input[str]]):
|
1317
|
+
def upndomain(self, value: Optional[pulumi.Input[builtins.str]]):
|
1173
1318
|
pulumi.set(self, "upndomain", value)
|
1174
1319
|
|
1175
1320
|
@property
|
1176
1321
|
@pulumi.getter
|
1177
|
-
def url(self) -> Optional[pulumi.Input[str]]:
|
1322
|
+
def url(self) -> Optional[pulumi.Input[builtins.str]]:
|
1178
1323
|
"""
|
1179
1324
|
LDAP URL to connect to. Multiple URLs can be specified by concatenating
|
1180
1325
|
them with commas; they will be tried in-order. Defaults to `ldap://127.0.0.1`.
|
@@ -1182,31 +1327,31 @@ class _SecretBackendState:
|
|
1182
1327
|
return pulumi.get(self, "url")
|
1183
1328
|
|
1184
1329
|
@url.setter
|
1185
|
-
def url(self, value: Optional[pulumi.Input[str]]):
|
1330
|
+
def url(self, value: Optional[pulumi.Input[builtins.str]]):
|
1186
1331
|
pulumi.set(self, "url", value)
|
1187
1332
|
|
1188
1333
|
@property
|
1189
1334
|
@pulumi.getter
|
1190
|
-
def userattr(self) -> Optional[pulumi.Input[str]]:
|
1335
|
+
def userattr(self) -> Optional[pulumi.Input[builtins.str]]:
|
1191
1336
|
"""
|
1192
1337
|
Attribute used when searching users. Defaults to `cn`.
|
1193
1338
|
"""
|
1194
1339
|
return pulumi.get(self, "userattr")
|
1195
1340
|
|
1196
1341
|
@userattr.setter
|
1197
|
-
def userattr(self, value: Optional[pulumi.Input[str]]):
|
1342
|
+
def userattr(self, value: Optional[pulumi.Input[builtins.str]]):
|
1198
1343
|
pulumi.set(self, "userattr", value)
|
1199
1344
|
|
1200
1345
|
@property
|
1201
1346
|
@pulumi.getter
|
1202
|
-
def userdn(self) -> Optional[pulumi.Input[str]]:
|
1347
|
+
def userdn(self) -> Optional[pulumi.Input[builtins.str]]:
|
1203
1348
|
"""
|
1204
1349
|
LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.
|
1205
1350
|
"""
|
1206
1351
|
return pulumi.get(self, "userdn")
|
1207
1352
|
|
1208
1353
|
@userdn.setter
|
1209
|
-
def userdn(self, value: Optional[pulumi.Input[str]]):
|
1354
|
+
def userdn(self, value: Optional[pulumi.Input[builtins.str]]):
|
1210
1355
|
pulumi.set(self, "userdn", value)
|
1211
1356
|
|
1212
1357
|
|
@@ -1215,41 +1360,45 @@ class SecretBackend(pulumi.CustomResource):
|
|
1215
1360
|
def __init__(__self__,
|
1216
1361
|
resource_name: str,
|
1217
1362
|
opts: Optional[pulumi.ResourceOptions] = None,
|
1218
|
-
allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1219
|
-
allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1220
|
-
audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1221
|
-
audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1222
|
-
binddn: Optional[pulumi.Input[str]] = None,
|
1223
|
-
bindpass: Optional[pulumi.Input[str]] = None,
|
1224
|
-
certificate: Optional[pulumi.Input[str]] = None,
|
1225
|
-
client_tls_cert: Optional[pulumi.Input[str]] = None,
|
1226
|
-
client_tls_key: Optional[pulumi.Input[str]] = None,
|
1227
|
-
connection_timeout: Optional[pulumi.Input[int]] = None,
|
1228
|
-
default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
1229
|
-
delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1230
|
-
description: Optional[pulumi.Input[str]] = None,
|
1231
|
-
|
1232
|
-
|
1233
|
-
|
1234
|
-
|
1235
|
-
|
1236
|
-
|
1237
|
-
|
1238
|
-
|
1239
|
-
|
1240
|
-
|
1241
|
-
|
1242
|
-
|
1243
|
-
|
1244
|
-
|
1245
|
-
|
1246
|
-
|
1247
|
-
|
1248
|
-
|
1249
|
-
|
1250
|
-
|
1251
|
-
|
1252
|
-
|
1363
|
+
allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1364
|
+
allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1365
|
+
audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1366
|
+
audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1367
|
+
binddn: Optional[pulumi.Input[builtins.str]] = None,
|
1368
|
+
bindpass: Optional[pulumi.Input[builtins.str]] = None,
|
1369
|
+
certificate: Optional[pulumi.Input[builtins.str]] = None,
|
1370
|
+
client_tls_cert: Optional[pulumi.Input[builtins.str]] = None,
|
1371
|
+
client_tls_key: Optional[pulumi.Input[builtins.str]] = None,
|
1372
|
+
connection_timeout: Optional[pulumi.Input[builtins.int]] = None,
|
1373
|
+
default_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
|
1374
|
+
delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1375
|
+
description: Optional[pulumi.Input[builtins.str]] = None,
|
1376
|
+
disable_automated_rotation: Optional[pulumi.Input[builtins.bool]] = None,
|
1377
|
+
disable_remount: Optional[pulumi.Input[builtins.bool]] = None,
|
1378
|
+
external_entropy_access: Optional[pulumi.Input[builtins.bool]] = None,
|
1379
|
+
identity_token_key: Optional[pulumi.Input[builtins.str]] = None,
|
1380
|
+
insecure_tls: Optional[pulumi.Input[builtins.bool]] = None,
|
1381
|
+
listing_visibility: Optional[pulumi.Input[builtins.str]] = None,
|
1382
|
+
local: Optional[pulumi.Input[builtins.bool]] = None,
|
1383
|
+
max_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
|
1384
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
1385
|
+
options: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
|
1386
|
+
passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1387
|
+
password_policy: Optional[pulumi.Input[builtins.str]] = None,
|
1388
|
+
path: Optional[pulumi.Input[builtins.str]] = None,
|
1389
|
+
plugin_version: Optional[pulumi.Input[builtins.str]] = None,
|
1390
|
+
request_timeout: Optional[pulumi.Input[builtins.int]] = None,
|
1391
|
+
rotation_period: Optional[pulumi.Input[builtins.int]] = None,
|
1392
|
+
rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
|
1393
|
+
rotation_window: Optional[pulumi.Input[builtins.int]] = None,
|
1394
|
+
schema: Optional[pulumi.Input[builtins.str]] = None,
|
1395
|
+
seal_wrap: Optional[pulumi.Input[builtins.bool]] = None,
|
1396
|
+
skip_static_role_import_rotation: Optional[pulumi.Input[builtins.bool]] = None,
|
1397
|
+
starttls: Optional[pulumi.Input[builtins.bool]] = None,
|
1398
|
+
upndomain: Optional[pulumi.Input[builtins.str]] = None,
|
1399
|
+
url: Optional[pulumi.Input[builtins.str]] = None,
|
1400
|
+
userattr: Optional[pulumi.Input[builtins.str]] = None,
|
1401
|
+
userdn: Optional[pulumi.Input[builtins.str]] = None,
|
1253
1402
|
__props__=None):
|
1254
1403
|
"""
|
1255
1404
|
## Example Usage
|
@@ -1264,7 +1413,9 @@ class SecretBackend(pulumi.CustomResource):
|
|
1264
1413
|
bindpass="SuperSecretPassw0rd",
|
1265
1414
|
url="ldaps://localhost",
|
1266
1415
|
insecure_tls=True,
|
1267
|
-
userdn="CN=Users,DC=corp,DC=example,DC=net"
|
1416
|
+
userdn="CN=Users,DC=corp,DC=example,DC=net",
|
1417
|
+
rotation_schedule="0 * * * SAT",
|
1418
|
+
rotation_window=3600)
|
1268
1419
|
```
|
1269
1420
|
|
1270
1421
|
## Import
|
@@ -1277,52 +1428,60 @@ class SecretBackend(pulumi.CustomResource):
|
|
1277
1428
|
|
1278
1429
|
:param str resource_name: The name of the resource.
|
1279
1430
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
1280
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_managed_keys: List of managed key registry entry names that the mount in question is allowed to access
|
1281
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_response_headers: List of headers to allow and pass from the request to the plugin
|
1282
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
|
1283
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
|
1284
|
-
:param pulumi.Input[str] binddn: Distinguished name of object to bind when performing user and group search.
|
1285
|
-
:param pulumi.Input[str] bindpass: Password to use along with binddn when performing user search.
|
1286
|
-
:param pulumi.Input[str] certificate: CA certificate to use when verifying LDAP server certificate, must be
|
1431
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_managed_keys: List of managed key registry entry names that the mount in question is allowed to access
|
1432
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_response_headers: List of headers to allow and pass from the request to the plugin
|
1433
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
|
1434
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
|
1435
|
+
:param pulumi.Input[builtins.str] binddn: Distinguished name of object to bind when performing user and group search.
|
1436
|
+
:param pulumi.Input[builtins.str] bindpass: Password to use along with binddn when performing user search.
|
1437
|
+
:param pulumi.Input[builtins.str] certificate: CA certificate to use when verifying LDAP server certificate, must be
|
1287
1438
|
x509 PEM encoded.
|
1288
|
-
:param pulumi.Input[str] client_tls_cert: Client certificate to provide to the LDAP server, must be x509 PEM encoded.
|
1289
|
-
:param pulumi.Input[str] client_tls_key: Client certificate key to provide to the LDAP server, must be x509 PEM encoded.
|
1290
|
-
:param pulumi.Input[int] connection_timeout: Timeout, in seconds, when attempting to connect to the LDAP server before trying
|
1439
|
+
:param pulumi.Input[builtins.str] client_tls_cert: Client certificate to provide to the LDAP server, must be x509 PEM encoded.
|
1440
|
+
:param pulumi.Input[builtins.str] client_tls_key: Client certificate key to provide to the LDAP server, must be x509 PEM encoded.
|
1441
|
+
:param pulumi.Input[builtins.int] connection_timeout: Timeout, in seconds, when attempting to connect to the LDAP server before trying
|
1291
1442
|
the next URL in the configuration.
|
1292
|
-
:param pulumi.Input[int] default_lease_ttl_seconds: Default lease duration for secrets in seconds.
|
1293
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] delegated_auth_accessors: List of headers to allow and pass from the request to the plugin
|
1294
|
-
:param pulumi.Input[str] description: Human-friendly description of the mount for the Active Directory backend.
|
1295
|
-
:param pulumi.Input[bool]
|
1296
|
-
:param pulumi.Input[bool]
|
1297
|
-
:param pulumi.Input[
|
1298
|
-
:param pulumi.Input[
|
1443
|
+
:param pulumi.Input[builtins.int] default_lease_ttl_seconds: Default lease duration for secrets in seconds.
|
1444
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] delegated_auth_accessors: List of headers to allow and pass from the request to the plugin
|
1445
|
+
:param pulumi.Input[builtins.str] description: Human-friendly description of the mount for the Active Directory backend.
|
1446
|
+
:param pulumi.Input[builtins.bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
1447
|
+
:param pulumi.Input[builtins.bool] disable_remount: If set, opts out of mount migration on path updates.
|
1448
|
+
:param pulumi.Input[builtins.bool] external_entropy_access: Enable the secrets engine to access Vault's external entropy source
|
1449
|
+
:param pulumi.Input[builtins.str] identity_token_key: The key to use for signing plugin workload identity tokens
|
1450
|
+
:param pulumi.Input[builtins.bool] insecure_tls: Skip LDAP server SSL Certificate verification. This is not recommended for production.
|
1299
1451
|
Defaults to `false`.
|
1300
|
-
:param pulumi.Input[str] listing_visibility: Specifies whether to show this mount in the UI-specific listing endpoint
|
1301
|
-
:param pulumi.Input[bool] local: Mark the secrets engine as local-only. Local engines are not replicated or removed by
|
1452
|
+
:param pulumi.Input[builtins.str] listing_visibility: Specifies whether to show this mount in the UI-specific listing endpoint
|
1453
|
+
:param pulumi.Input[builtins.bool] local: Mark the secrets engine as local-only. Local engines are not replicated or removed by
|
1302
1454
|
replication.Tolerance duration to use when checking the last rotation time.
|
1303
|
-
:param pulumi.Input[int] max_lease_ttl_seconds: Maximum possible lease duration for secrets in seconds.
|
1304
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
1455
|
+
:param pulumi.Input[builtins.int] max_lease_ttl_seconds: Maximum possible lease duration for secrets in seconds.
|
1456
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
1305
1457
|
The value should not contain leading or trailing forward slashes.
|
1306
1458
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
1307
1459
|
*Available only for Vault Enterprise*.
|
1308
|
-
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] options: Specifies mount type specific options that are passed to the backend
|
1309
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] passthrough_request_headers: List of headers to allow and pass from the request to the plugin
|
1310
|
-
:param pulumi.Input[str] password_policy: Name of the password policy to use to generate passwords.
|
1311
|
-
:param pulumi.Input[str] path: The unique path this backend should be mounted at. Must
|
1460
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] options: Specifies mount type specific options that are passed to the backend
|
1461
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] passthrough_request_headers: List of headers to allow and pass from the request to the plugin
|
1462
|
+
:param pulumi.Input[builtins.str] password_policy: Name of the password policy to use to generate passwords.
|
1463
|
+
:param pulumi.Input[builtins.str] path: The unique path this backend should be mounted at. Must
|
1312
1464
|
not begin or end with a `/`. Defaults to `ldap`.
|
1313
|
-
:param pulumi.Input[str] plugin_version: Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
|
1314
|
-
:param pulumi.Input[int] request_timeout: Timeout, in seconds, for the connection when making requests against the server
|
1465
|
+
:param pulumi.Input[builtins.str] plugin_version: Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
|
1466
|
+
:param pulumi.Input[builtins.int] request_timeout: Timeout, in seconds, for the connection when making requests against the server
|
1315
1467
|
before returning back an error.
|
1316
|
-
:param pulumi.Input[
|
1317
|
-
|
1318
|
-
:param pulumi.Input[
|
1468
|
+
:param pulumi.Input[builtins.int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
|
1469
|
+
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
1470
|
+
:param pulumi.Input[builtins.str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
1471
|
+
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
1472
|
+
:param pulumi.Input[builtins.int] rotation_window: The maximum amount of time in seconds allowed to complete
|
1473
|
+
a rotation when a scheduled token rotation occurs. The default rotation window is
|
1474
|
+
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
|
1475
|
+
:param pulumi.Input[builtins.str] schema: The LDAP schema to use when storing entry passwords. Valid schemas include `openldap`, `ad`, and `racf`. Default is `openldap`.
|
1476
|
+
:param pulumi.Input[builtins.bool] seal_wrap: Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
|
1477
|
+
:param pulumi.Input[builtins.bool] skip_static_role_import_rotation: If set to true, static roles will not be rotated during import.
|
1319
1478
|
Defaults to false. Requires Vault 1.16 or above.
|
1320
|
-
:param pulumi.Input[bool] starttls: Issue a StartTLS command after establishing unencrypted connection.
|
1321
|
-
:param pulumi.Input[str] upndomain: Enables userPrincipalDomain login with [username]@UPNDomain.
|
1322
|
-
:param pulumi.Input[str] url: LDAP URL to connect to. Multiple URLs can be specified by concatenating
|
1479
|
+
:param pulumi.Input[builtins.bool] starttls: Issue a StartTLS command after establishing unencrypted connection.
|
1480
|
+
:param pulumi.Input[builtins.str] upndomain: Enables userPrincipalDomain login with [username]@UPNDomain.
|
1481
|
+
:param pulumi.Input[builtins.str] url: LDAP URL to connect to. Multiple URLs can be specified by concatenating
|
1323
1482
|
them with commas; they will be tried in-order. Defaults to `ldap://127.0.0.1`.
|
1324
|
-
:param pulumi.Input[str] userattr: Attribute used when searching users. Defaults to `cn`.
|
1325
|
-
:param pulumi.Input[str] userdn: LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.
|
1483
|
+
:param pulumi.Input[builtins.str] userattr: Attribute used when searching users. Defaults to `cn`.
|
1484
|
+
:param pulumi.Input[builtins.str] userdn: LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.
|
1326
1485
|
"""
|
1327
1486
|
...
|
1328
1487
|
@overload
|
@@ -1343,7 +1502,9 @@ class SecretBackend(pulumi.CustomResource):
|
|
1343
1502
|
bindpass="SuperSecretPassw0rd",
|
1344
1503
|
url="ldaps://localhost",
|
1345
1504
|
insecure_tls=True,
|
1346
|
-
userdn="CN=Users,DC=corp,DC=example,DC=net"
|
1505
|
+
userdn="CN=Users,DC=corp,DC=example,DC=net",
|
1506
|
+
rotation_schedule="0 * * * SAT",
|
1507
|
+
rotation_window=3600)
|
1347
1508
|
```
|
1348
1509
|
|
1349
1510
|
## Import
|
@@ -1369,41 +1530,45 @@ class SecretBackend(pulumi.CustomResource):
|
|
1369
1530
|
def _internal_init(__self__,
|
1370
1531
|
resource_name: str,
|
1371
1532
|
opts: Optional[pulumi.ResourceOptions] = None,
|
1372
|
-
allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1373
|
-
allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1374
|
-
audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1375
|
-
audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1376
|
-
binddn: Optional[pulumi.Input[str]] = None,
|
1377
|
-
bindpass: Optional[pulumi.Input[str]] = None,
|
1378
|
-
certificate: Optional[pulumi.Input[str]] = None,
|
1379
|
-
client_tls_cert: Optional[pulumi.Input[str]] = None,
|
1380
|
-
client_tls_key: Optional[pulumi.Input[str]] = None,
|
1381
|
-
connection_timeout: Optional[pulumi.Input[int]] = None,
|
1382
|
-
default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
1383
|
-
delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1384
|
-
description: Optional[pulumi.Input[str]] = None,
|
1385
|
-
|
1386
|
-
|
1387
|
-
|
1388
|
-
|
1389
|
-
|
1390
|
-
|
1391
|
-
|
1392
|
-
|
1393
|
-
|
1394
|
-
|
1395
|
-
|
1396
|
-
|
1397
|
-
|
1398
|
-
|
1399
|
-
|
1400
|
-
|
1401
|
-
|
1402
|
-
|
1403
|
-
|
1404
|
-
|
1405
|
-
|
1406
|
-
|
1533
|
+
allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1534
|
+
allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1535
|
+
audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1536
|
+
audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1537
|
+
binddn: Optional[pulumi.Input[builtins.str]] = None,
|
1538
|
+
bindpass: Optional[pulumi.Input[builtins.str]] = None,
|
1539
|
+
certificate: Optional[pulumi.Input[builtins.str]] = None,
|
1540
|
+
client_tls_cert: Optional[pulumi.Input[builtins.str]] = None,
|
1541
|
+
client_tls_key: Optional[pulumi.Input[builtins.str]] = None,
|
1542
|
+
connection_timeout: Optional[pulumi.Input[builtins.int]] = None,
|
1543
|
+
default_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
|
1544
|
+
delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1545
|
+
description: Optional[pulumi.Input[builtins.str]] = None,
|
1546
|
+
disable_automated_rotation: Optional[pulumi.Input[builtins.bool]] = None,
|
1547
|
+
disable_remount: Optional[pulumi.Input[builtins.bool]] = None,
|
1548
|
+
external_entropy_access: Optional[pulumi.Input[builtins.bool]] = None,
|
1549
|
+
identity_token_key: Optional[pulumi.Input[builtins.str]] = None,
|
1550
|
+
insecure_tls: Optional[pulumi.Input[builtins.bool]] = None,
|
1551
|
+
listing_visibility: Optional[pulumi.Input[builtins.str]] = None,
|
1552
|
+
local: Optional[pulumi.Input[builtins.bool]] = None,
|
1553
|
+
max_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
|
1554
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
1555
|
+
options: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
|
1556
|
+
passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1557
|
+
password_policy: Optional[pulumi.Input[builtins.str]] = None,
|
1558
|
+
path: Optional[pulumi.Input[builtins.str]] = None,
|
1559
|
+
plugin_version: Optional[pulumi.Input[builtins.str]] = None,
|
1560
|
+
request_timeout: Optional[pulumi.Input[builtins.int]] = None,
|
1561
|
+
rotation_period: Optional[pulumi.Input[builtins.int]] = None,
|
1562
|
+
rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
|
1563
|
+
rotation_window: Optional[pulumi.Input[builtins.int]] = None,
|
1564
|
+
schema: Optional[pulumi.Input[builtins.str]] = None,
|
1565
|
+
seal_wrap: Optional[pulumi.Input[builtins.bool]] = None,
|
1566
|
+
skip_static_role_import_rotation: Optional[pulumi.Input[builtins.bool]] = None,
|
1567
|
+
starttls: Optional[pulumi.Input[builtins.bool]] = None,
|
1568
|
+
upndomain: Optional[pulumi.Input[builtins.str]] = None,
|
1569
|
+
url: Optional[pulumi.Input[builtins.str]] = None,
|
1570
|
+
userattr: Optional[pulumi.Input[builtins.str]] = None,
|
1571
|
+
userdn: Optional[pulumi.Input[builtins.str]] = None,
|
1407
1572
|
__props__=None):
|
1408
1573
|
opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
|
1409
1574
|
if not isinstance(opts, pulumi.ResourceOptions):
|
@@ -1430,6 +1595,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1430
1595
|
__props__.__dict__["default_lease_ttl_seconds"] = default_lease_ttl_seconds
|
1431
1596
|
__props__.__dict__["delegated_auth_accessors"] = delegated_auth_accessors
|
1432
1597
|
__props__.__dict__["description"] = description
|
1598
|
+
__props__.__dict__["disable_automated_rotation"] = disable_automated_rotation
|
1433
1599
|
__props__.__dict__["disable_remount"] = disable_remount
|
1434
1600
|
__props__.__dict__["external_entropy_access"] = external_entropy_access
|
1435
1601
|
__props__.__dict__["identity_token_key"] = identity_token_key
|
@@ -1444,6 +1610,9 @@ class SecretBackend(pulumi.CustomResource):
|
|
1444
1610
|
__props__.__dict__["path"] = path
|
1445
1611
|
__props__.__dict__["plugin_version"] = plugin_version
|
1446
1612
|
__props__.__dict__["request_timeout"] = request_timeout
|
1613
|
+
__props__.__dict__["rotation_period"] = rotation_period
|
1614
|
+
__props__.__dict__["rotation_schedule"] = rotation_schedule
|
1615
|
+
__props__.__dict__["rotation_window"] = rotation_window
|
1447
1616
|
__props__.__dict__["schema"] = schema
|
1448
1617
|
__props__.__dict__["seal_wrap"] = seal_wrap
|
1449
1618
|
__props__.__dict__["skip_static_role_import_rotation"] = skip_static_role_import_rotation
|
@@ -1465,42 +1634,46 @@ class SecretBackend(pulumi.CustomResource):
|
|
1465
1634
|
def get(resource_name: str,
|
1466
1635
|
id: pulumi.Input[str],
|
1467
1636
|
opts: Optional[pulumi.ResourceOptions] = None,
|
1468
|
-
accessor: Optional[pulumi.Input[str]] = None,
|
1469
|
-
allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1470
|
-
allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1471
|
-
audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1472
|
-
audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1473
|
-
binddn: Optional[pulumi.Input[str]] = None,
|
1474
|
-
bindpass: Optional[pulumi.Input[str]] = None,
|
1475
|
-
certificate: Optional[pulumi.Input[str]] = None,
|
1476
|
-
client_tls_cert: Optional[pulumi.Input[str]] = None,
|
1477
|
-
client_tls_key: Optional[pulumi.Input[str]] = None,
|
1478
|
-
connection_timeout: Optional[pulumi.Input[int]] = None,
|
1479
|
-
default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
1480
|
-
delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1481
|
-
description: Optional[pulumi.Input[str]] = None,
|
1482
|
-
|
1483
|
-
|
1484
|
-
|
1485
|
-
|
1486
|
-
|
1487
|
-
|
1488
|
-
|
1489
|
-
|
1490
|
-
|
1491
|
-
|
1492
|
-
|
1493
|
-
|
1494
|
-
|
1495
|
-
|
1496
|
-
|
1497
|
-
|
1498
|
-
|
1499
|
-
|
1500
|
-
|
1501
|
-
|
1502
|
-
|
1503
|
-
|
1637
|
+
accessor: Optional[pulumi.Input[builtins.str]] = None,
|
1638
|
+
allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1639
|
+
allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1640
|
+
audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1641
|
+
audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1642
|
+
binddn: Optional[pulumi.Input[builtins.str]] = None,
|
1643
|
+
bindpass: Optional[pulumi.Input[builtins.str]] = None,
|
1644
|
+
certificate: Optional[pulumi.Input[builtins.str]] = None,
|
1645
|
+
client_tls_cert: Optional[pulumi.Input[builtins.str]] = None,
|
1646
|
+
client_tls_key: Optional[pulumi.Input[builtins.str]] = None,
|
1647
|
+
connection_timeout: Optional[pulumi.Input[builtins.int]] = None,
|
1648
|
+
default_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
|
1649
|
+
delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1650
|
+
description: Optional[pulumi.Input[builtins.str]] = None,
|
1651
|
+
disable_automated_rotation: Optional[pulumi.Input[builtins.bool]] = None,
|
1652
|
+
disable_remount: Optional[pulumi.Input[builtins.bool]] = None,
|
1653
|
+
external_entropy_access: Optional[pulumi.Input[builtins.bool]] = None,
|
1654
|
+
identity_token_key: Optional[pulumi.Input[builtins.str]] = None,
|
1655
|
+
insecure_tls: Optional[pulumi.Input[builtins.bool]] = None,
|
1656
|
+
listing_visibility: Optional[pulumi.Input[builtins.str]] = None,
|
1657
|
+
local: Optional[pulumi.Input[builtins.bool]] = None,
|
1658
|
+
max_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
|
1659
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
1660
|
+
options: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
|
1661
|
+
passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1662
|
+
password_policy: Optional[pulumi.Input[builtins.str]] = None,
|
1663
|
+
path: Optional[pulumi.Input[builtins.str]] = None,
|
1664
|
+
plugin_version: Optional[pulumi.Input[builtins.str]] = None,
|
1665
|
+
request_timeout: Optional[pulumi.Input[builtins.int]] = None,
|
1666
|
+
rotation_period: Optional[pulumi.Input[builtins.int]] = None,
|
1667
|
+
rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
|
1668
|
+
rotation_window: Optional[pulumi.Input[builtins.int]] = None,
|
1669
|
+
schema: Optional[pulumi.Input[builtins.str]] = None,
|
1670
|
+
seal_wrap: Optional[pulumi.Input[builtins.bool]] = None,
|
1671
|
+
skip_static_role_import_rotation: Optional[pulumi.Input[builtins.bool]] = None,
|
1672
|
+
starttls: Optional[pulumi.Input[builtins.bool]] = None,
|
1673
|
+
upndomain: Optional[pulumi.Input[builtins.str]] = None,
|
1674
|
+
url: Optional[pulumi.Input[builtins.str]] = None,
|
1675
|
+
userattr: Optional[pulumi.Input[builtins.str]] = None,
|
1676
|
+
userdn: Optional[pulumi.Input[builtins.str]] = None) -> 'SecretBackend':
|
1504
1677
|
"""
|
1505
1678
|
Get an existing SecretBackend resource's state with the given name, id, and optional extra
|
1506
1679
|
properties used to qualify the lookup.
|
@@ -1508,53 +1681,61 @@ class SecretBackend(pulumi.CustomResource):
|
|
1508
1681
|
:param str resource_name: The unique name of the resulting resource.
|
1509
1682
|
:param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
|
1510
1683
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
1511
|
-
:param pulumi.Input[str] accessor: Accessor of the mount
|
1512
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_managed_keys: List of managed key registry entry names that the mount in question is allowed to access
|
1513
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_response_headers: List of headers to allow and pass from the request to the plugin
|
1514
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
|
1515
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
|
1516
|
-
:param pulumi.Input[str] binddn: Distinguished name of object to bind when performing user and group search.
|
1517
|
-
:param pulumi.Input[str] bindpass: Password to use along with binddn when performing user search.
|
1518
|
-
:param pulumi.Input[str] certificate: CA certificate to use when verifying LDAP server certificate, must be
|
1684
|
+
:param pulumi.Input[builtins.str] accessor: Accessor of the mount
|
1685
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_managed_keys: List of managed key registry entry names that the mount in question is allowed to access
|
1686
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_response_headers: List of headers to allow and pass from the request to the plugin
|
1687
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
|
1688
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
|
1689
|
+
:param pulumi.Input[builtins.str] binddn: Distinguished name of object to bind when performing user and group search.
|
1690
|
+
:param pulumi.Input[builtins.str] bindpass: Password to use along with binddn when performing user search.
|
1691
|
+
:param pulumi.Input[builtins.str] certificate: CA certificate to use when verifying LDAP server certificate, must be
|
1519
1692
|
x509 PEM encoded.
|
1520
|
-
:param pulumi.Input[str] client_tls_cert: Client certificate to provide to the LDAP server, must be x509 PEM encoded.
|
1521
|
-
:param pulumi.Input[str] client_tls_key: Client certificate key to provide to the LDAP server, must be x509 PEM encoded.
|
1522
|
-
:param pulumi.Input[int] connection_timeout: Timeout, in seconds, when attempting to connect to the LDAP server before trying
|
1693
|
+
:param pulumi.Input[builtins.str] client_tls_cert: Client certificate to provide to the LDAP server, must be x509 PEM encoded.
|
1694
|
+
:param pulumi.Input[builtins.str] client_tls_key: Client certificate key to provide to the LDAP server, must be x509 PEM encoded.
|
1695
|
+
:param pulumi.Input[builtins.int] connection_timeout: Timeout, in seconds, when attempting to connect to the LDAP server before trying
|
1523
1696
|
the next URL in the configuration.
|
1524
|
-
:param pulumi.Input[int] default_lease_ttl_seconds: Default lease duration for secrets in seconds.
|
1525
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] delegated_auth_accessors: List of headers to allow and pass from the request to the plugin
|
1526
|
-
:param pulumi.Input[str] description: Human-friendly description of the mount for the Active Directory backend.
|
1527
|
-
:param pulumi.Input[bool]
|
1528
|
-
:param pulumi.Input[bool]
|
1529
|
-
:param pulumi.Input[
|
1530
|
-
:param pulumi.Input[
|
1697
|
+
:param pulumi.Input[builtins.int] default_lease_ttl_seconds: Default lease duration for secrets in seconds.
|
1698
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] delegated_auth_accessors: List of headers to allow and pass from the request to the plugin
|
1699
|
+
:param pulumi.Input[builtins.str] description: Human-friendly description of the mount for the Active Directory backend.
|
1700
|
+
:param pulumi.Input[builtins.bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
1701
|
+
:param pulumi.Input[builtins.bool] disable_remount: If set, opts out of mount migration on path updates.
|
1702
|
+
:param pulumi.Input[builtins.bool] external_entropy_access: Enable the secrets engine to access Vault's external entropy source
|
1703
|
+
:param pulumi.Input[builtins.str] identity_token_key: The key to use for signing plugin workload identity tokens
|
1704
|
+
:param pulumi.Input[builtins.bool] insecure_tls: Skip LDAP server SSL Certificate verification. This is not recommended for production.
|
1531
1705
|
Defaults to `false`.
|
1532
|
-
:param pulumi.Input[str] listing_visibility: Specifies whether to show this mount in the UI-specific listing endpoint
|
1533
|
-
:param pulumi.Input[bool] local: Mark the secrets engine as local-only. Local engines are not replicated or removed by
|
1706
|
+
:param pulumi.Input[builtins.str] listing_visibility: Specifies whether to show this mount in the UI-specific listing endpoint
|
1707
|
+
:param pulumi.Input[builtins.bool] local: Mark the secrets engine as local-only. Local engines are not replicated or removed by
|
1534
1708
|
replication.Tolerance duration to use when checking the last rotation time.
|
1535
|
-
:param pulumi.Input[int] max_lease_ttl_seconds: Maximum possible lease duration for secrets in seconds.
|
1536
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
1709
|
+
:param pulumi.Input[builtins.int] max_lease_ttl_seconds: Maximum possible lease duration for secrets in seconds.
|
1710
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
1537
1711
|
The value should not contain leading or trailing forward slashes.
|
1538
1712
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
1539
1713
|
*Available only for Vault Enterprise*.
|
1540
|
-
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] options: Specifies mount type specific options that are passed to the backend
|
1541
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] passthrough_request_headers: List of headers to allow and pass from the request to the plugin
|
1542
|
-
:param pulumi.Input[str] password_policy: Name of the password policy to use to generate passwords.
|
1543
|
-
:param pulumi.Input[str] path: The unique path this backend should be mounted at. Must
|
1714
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] options: Specifies mount type specific options that are passed to the backend
|
1715
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] passthrough_request_headers: List of headers to allow and pass from the request to the plugin
|
1716
|
+
:param pulumi.Input[builtins.str] password_policy: Name of the password policy to use to generate passwords.
|
1717
|
+
:param pulumi.Input[builtins.str] path: The unique path this backend should be mounted at. Must
|
1544
1718
|
not begin or end with a `/`. Defaults to `ldap`.
|
1545
|
-
:param pulumi.Input[str] plugin_version: Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
|
1546
|
-
:param pulumi.Input[int] request_timeout: Timeout, in seconds, for the connection when making requests against the server
|
1719
|
+
:param pulumi.Input[builtins.str] plugin_version: Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
|
1720
|
+
:param pulumi.Input[builtins.int] request_timeout: Timeout, in seconds, for the connection when making requests against the server
|
1547
1721
|
before returning back an error.
|
1548
|
-
:param pulumi.Input[
|
1549
|
-
|
1550
|
-
:param pulumi.Input[
|
1722
|
+
:param pulumi.Input[builtins.int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
|
1723
|
+
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
1724
|
+
:param pulumi.Input[builtins.str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
1725
|
+
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
1726
|
+
:param pulumi.Input[builtins.int] rotation_window: The maximum amount of time in seconds allowed to complete
|
1727
|
+
a rotation when a scheduled token rotation occurs. The default rotation window is
|
1728
|
+
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
|
1729
|
+
:param pulumi.Input[builtins.str] schema: The LDAP schema to use when storing entry passwords. Valid schemas include `openldap`, `ad`, and `racf`. Default is `openldap`.
|
1730
|
+
:param pulumi.Input[builtins.bool] seal_wrap: Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
|
1731
|
+
:param pulumi.Input[builtins.bool] skip_static_role_import_rotation: If set to true, static roles will not be rotated during import.
|
1551
1732
|
Defaults to false. Requires Vault 1.16 or above.
|
1552
|
-
:param pulumi.Input[bool] starttls: Issue a StartTLS command after establishing unencrypted connection.
|
1553
|
-
:param pulumi.Input[str] upndomain: Enables userPrincipalDomain login with [username]@UPNDomain.
|
1554
|
-
:param pulumi.Input[str] url: LDAP URL to connect to. Multiple URLs can be specified by concatenating
|
1733
|
+
:param pulumi.Input[builtins.bool] starttls: Issue a StartTLS command after establishing unencrypted connection.
|
1734
|
+
:param pulumi.Input[builtins.str] upndomain: Enables userPrincipalDomain login with [username]@UPNDomain.
|
1735
|
+
:param pulumi.Input[builtins.str] url: LDAP URL to connect to. Multiple URLs can be specified by concatenating
|
1555
1736
|
them with commas; they will be tried in-order. Defaults to `ldap://127.0.0.1`.
|
1556
|
-
:param pulumi.Input[str] userattr: Attribute used when searching users. Defaults to `cn`.
|
1557
|
-
:param pulumi.Input[str] userdn: LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.
|
1737
|
+
:param pulumi.Input[builtins.str] userattr: Attribute used when searching users. Defaults to `cn`.
|
1738
|
+
:param pulumi.Input[builtins.str] userdn: LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.
|
1558
1739
|
"""
|
1559
1740
|
opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
|
1560
1741
|
|
@@ -1574,6 +1755,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1574
1755
|
__props__.__dict__["default_lease_ttl_seconds"] = default_lease_ttl_seconds
|
1575
1756
|
__props__.__dict__["delegated_auth_accessors"] = delegated_auth_accessors
|
1576
1757
|
__props__.__dict__["description"] = description
|
1758
|
+
__props__.__dict__["disable_automated_rotation"] = disable_automated_rotation
|
1577
1759
|
__props__.__dict__["disable_remount"] = disable_remount
|
1578
1760
|
__props__.__dict__["external_entropy_access"] = external_entropy_access
|
1579
1761
|
__props__.__dict__["identity_token_key"] = identity_token_key
|
@@ -1588,6 +1770,9 @@ class SecretBackend(pulumi.CustomResource):
|
|
1588
1770
|
__props__.__dict__["path"] = path
|
1589
1771
|
__props__.__dict__["plugin_version"] = plugin_version
|
1590
1772
|
__props__.__dict__["request_timeout"] = request_timeout
|
1773
|
+
__props__.__dict__["rotation_period"] = rotation_period
|
1774
|
+
__props__.__dict__["rotation_schedule"] = rotation_schedule
|
1775
|
+
__props__.__dict__["rotation_window"] = rotation_window
|
1591
1776
|
__props__.__dict__["schema"] = schema
|
1592
1777
|
__props__.__dict__["seal_wrap"] = seal_wrap
|
1593
1778
|
__props__.__dict__["skip_static_role_import_rotation"] = skip_static_role_import_rotation
|
@@ -1600,7 +1785,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1600
1785
|
|
1601
1786
|
@property
|
1602
1787
|
@pulumi.getter
|
1603
|
-
def accessor(self) -> pulumi.Output[str]:
|
1788
|
+
def accessor(self) -> pulumi.Output[builtins.str]:
|
1604
1789
|
"""
|
1605
1790
|
Accessor of the mount
|
1606
1791
|
"""
|
@@ -1608,7 +1793,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1608
1793
|
|
1609
1794
|
@property
|
1610
1795
|
@pulumi.getter(name="allowedManagedKeys")
|
1611
|
-
def allowed_managed_keys(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
1796
|
+
def allowed_managed_keys(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
|
1612
1797
|
"""
|
1613
1798
|
List of managed key registry entry names that the mount in question is allowed to access
|
1614
1799
|
"""
|
@@ -1616,7 +1801,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1616
1801
|
|
1617
1802
|
@property
|
1618
1803
|
@pulumi.getter(name="allowedResponseHeaders")
|
1619
|
-
def allowed_response_headers(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
1804
|
+
def allowed_response_headers(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
|
1620
1805
|
"""
|
1621
1806
|
List of headers to allow and pass from the request to the plugin
|
1622
1807
|
"""
|
@@ -1624,7 +1809,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1624
1809
|
|
1625
1810
|
@property
|
1626
1811
|
@pulumi.getter(name="auditNonHmacRequestKeys")
|
1627
|
-
def audit_non_hmac_request_keys(self) -> pulumi.Output[Sequence[str]]:
|
1812
|
+
def audit_non_hmac_request_keys(self) -> pulumi.Output[Sequence[builtins.str]]:
|
1628
1813
|
"""
|
1629
1814
|
Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
|
1630
1815
|
"""
|
@@ -1632,7 +1817,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1632
1817
|
|
1633
1818
|
@property
|
1634
1819
|
@pulumi.getter(name="auditNonHmacResponseKeys")
|
1635
|
-
def audit_non_hmac_response_keys(self) -> pulumi.Output[Sequence[str]]:
|
1820
|
+
def audit_non_hmac_response_keys(self) -> pulumi.Output[Sequence[builtins.str]]:
|
1636
1821
|
"""
|
1637
1822
|
Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
|
1638
1823
|
"""
|
@@ -1640,7 +1825,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1640
1825
|
|
1641
1826
|
@property
|
1642
1827
|
@pulumi.getter
|
1643
|
-
def binddn(self) -> pulumi.Output[str]:
|
1828
|
+
def binddn(self) -> pulumi.Output[builtins.str]:
|
1644
1829
|
"""
|
1645
1830
|
Distinguished name of object to bind when performing user and group search.
|
1646
1831
|
"""
|
@@ -1648,7 +1833,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1648
1833
|
|
1649
1834
|
@property
|
1650
1835
|
@pulumi.getter
|
1651
|
-
def bindpass(self) -> pulumi.Output[str]:
|
1836
|
+
def bindpass(self) -> pulumi.Output[builtins.str]:
|
1652
1837
|
"""
|
1653
1838
|
Password to use along with binddn when performing user search.
|
1654
1839
|
"""
|
@@ -1656,7 +1841,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1656
1841
|
|
1657
1842
|
@property
|
1658
1843
|
@pulumi.getter
|
1659
|
-
def certificate(self) -> pulumi.Output[Optional[str]]:
|
1844
|
+
def certificate(self) -> pulumi.Output[Optional[builtins.str]]:
|
1660
1845
|
"""
|
1661
1846
|
CA certificate to use when verifying LDAP server certificate, must be
|
1662
1847
|
x509 PEM encoded.
|
@@ -1665,7 +1850,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1665
1850
|
|
1666
1851
|
@property
|
1667
1852
|
@pulumi.getter(name="clientTlsCert")
|
1668
|
-
def client_tls_cert(self) -> pulumi.Output[Optional[str]]:
|
1853
|
+
def client_tls_cert(self) -> pulumi.Output[Optional[builtins.str]]:
|
1669
1854
|
"""
|
1670
1855
|
Client certificate to provide to the LDAP server, must be x509 PEM encoded.
|
1671
1856
|
"""
|
@@ -1673,7 +1858,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1673
1858
|
|
1674
1859
|
@property
|
1675
1860
|
@pulumi.getter(name="clientTlsKey")
|
1676
|
-
def client_tls_key(self) -> pulumi.Output[Optional[str]]:
|
1861
|
+
def client_tls_key(self) -> pulumi.Output[Optional[builtins.str]]:
|
1677
1862
|
"""
|
1678
1863
|
Client certificate key to provide to the LDAP server, must be x509 PEM encoded.
|
1679
1864
|
"""
|
@@ -1681,7 +1866,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1681
1866
|
|
1682
1867
|
@property
|
1683
1868
|
@pulumi.getter(name="connectionTimeout")
|
1684
|
-
def connection_timeout(self) -> pulumi.Output[Optional[int]]:
|
1869
|
+
def connection_timeout(self) -> pulumi.Output[Optional[builtins.int]]:
|
1685
1870
|
"""
|
1686
1871
|
Timeout, in seconds, when attempting to connect to the LDAP server before trying
|
1687
1872
|
the next URL in the configuration.
|
@@ -1690,7 +1875,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1690
1875
|
|
1691
1876
|
@property
|
1692
1877
|
@pulumi.getter(name="defaultLeaseTtlSeconds")
|
1693
|
-
def default_lease_ttl_seconds(self) -> pulumi.Output[int]:
|
1878
|
+
def default_lease_ttl_seconds(self) -> pulumi.Output[builtins.int]:
|
1694
1879
|
"""
|
1695
1880
|
Default lease duration for secrets in seconds.
|
1696
1881
|
"""
|
@@ -1698,7 +1883,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1698
1883
|
|
1699
1884
|
@property
|
1700
1885
|
@pulumi.getter(name="delegatedAuthAccessors")
|
1701
|
-
def delegated_auth_accessors(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
1886
|
+
def delegated_auth_accessors(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
|
1702
1887
|
"""
|
1703
1888
|
List of headers to allow and pass from the request to the plugin
|
1704
1889
|
"""
|
@@ -1706,15 +1891,23 @@ class SecretBackend(pulumi.CustomResource):
|
|
1706
1891
|
|
1707
1892
|
@property
|
1708
1893
|
@pulumi.getter
|
1709
|
-
def description(self) -> pulumi.Output[Optional[str]]:
|
1894
|
+
def description(self) -> pulumi.Output[Optional[builtins.str]]:
|
1710
1895
|
"""
|
1711
1896
|
Human-friendly description of the mount for the Active Directory backend.
|
1712
1897
|
"""
|
1713
1898
|
return pulumi.get(self, "description")
|
1714
1899
|
|
1900
|
+
@property
|
1901
|
+
@pulumi.getter(name="disableAutomatedRotation")
|
1902
|
+
def disable_automated_rotation(self) -> pulumi.Output[Optional[builtins.bool]]:
|
1903
|
+
"""
|
1904
|
+
Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
1905
|
+
"""
|
1906
|
+
return pulumi.get(self, "disable_automated_rotation")
|
1907
|
+
|
1715
1908
|
@property
|
1716
1909
|
@pulumi.getter(name="disableRemount")
|
1717
|
-
def disable_remount(self) -> pulumi.Output[Optional[bool]]:
|
1910
|
+
def disable_remount(self) -> pulumi.Output[Optional[builtins.bool]]:
|
1718
1911
|
"""
|
1719
1912
|
If set, opts out of mount migration on path updates.
|
1720
1913
|
"""
|
@@ -1722,7 +1915,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1722
1915
|
|
1723
1916
|
@property
|
1724
1917
|
@pulumi.getter(name="externalEntropyAccess")
|
1725
|
-
def external_entropy_access(self) -> pulumi.Output[Optional[bool]]:
|
1918
|
+
def external_entropy_access(self) -> pulumi.Output[Optional[builtins.bool]]:
|
1726
1919
|
"""
|
1727
1920
|
Enable the secrets engine to access Vault's external entropy source
|
1728
1921
|
"""
|
@@ -1730,7 +1923,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1730
1923
|
|
1731
1924
|
@property
|
1732
1925
|
@pulumi.getter(name="identityTokenKey")
|
1733
|
-
def identity_token_key(self) -> pulumi.Output[Optional[str]]:
|
1926
|
+
def identity_token_key(self) -> pulumi.Output[Optional[builtins.str]]:
|
1734
1927
|
"""
|
1735
1928
|
The key to use for signing plugin workload identity tokens
|
1736
1929
|
"""
|
@@ -1738,7 +1931,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1738
1931
|
|
1739
1932
|
@property
|
1740
1933
|
@pulumi.getter(name="insecureTls")
|
1741
|
-
def insecure_tls(self) -> pulumi.Output[Optional[bool]]:
|
1934
|
+
def insecure_tls(self) -> pulumi.Output[Optional[builtins.bool]]:
|
1742
1935
|
"""
|
1743
1936
|
Skip LDAP server SSL Certificate verification. This is not recommended for production.
|
1744
1937
|
Defaults to `false`.
|
@@ -1747,7 +1940,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1747
1940
|
|
1748
1941
|
@property
|
1749
1942
|
@pulumi.getter(name="listingVisibility")
|
1750
|
-
def listing_visibility(self) -> pulumi.Output[Optional[str]]:
|
1943
|
+
def listing_visibility(self) -> pulumi.Output[Optional[builtins.str]]:
|
1751
1944
|
"""
|
1752
1945
|
Specifies whether to show this mount in the UI-specific listing endpoint
|
1753
1946
|
"""
|
@@ -1755,7 +1948,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1755
1948
|
|
1756
1949
|
@property
|
1757
1950
|
@pulumi.getter
|
1758
|
-
def local(self) -> pulumi.Output[Optional[bool]]:
|
1951
|
+
def local(self) -> pulumi.Output[Optional[builtins.bool]]:
|
1759
1952
|
"""
|
1760
1953
|
Mark the secrets engine as local-only. Local engines are not replicated or removed by
|
1761
1954
|
replication.Tolerance duration to use when checking the last rotation time.
|
@@ -1764,7 +1957,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1764
1957
|
|
1765
1958
|
@property
|
1766
1959
|
@pulumi.getter(name="maxLeaseTtlSeconds")
|
1767
|
-
def max_lease_ttl_seconds(self) -> pulumi.Output[int]:
|
1960
|
+
def max_lease_ttl_seconds(self) -> pulumi.Output[builtins.int]:
|
1768
1961
|
"""
|
1769
1962
|
Maximum possible lease duration for secrets in seconds.
|
1770
1963
|
"""
|
@@ -1772,7 +1965,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1772
1965
|
|
1773
1966
|
@property
|
1774
1967
|
@pulumi.getter
|
1775
|
-
def namespace(self) -> pulumi.Output[Optional[str]]:
|
1968
|
+
def namespace(self) -> pulumi.Output[Optional[builtins.str]]:
|
1776
1969
|
"""
|
1777
1970
|
The namespace to provision the resource in.
|
1778
1971
|
The value should not contain leading or trailing forward slashes.
|
@@ -1783,7 +1976,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1783
1976
|
|
1784
1977
|
@property
|
1785
1978
|
@pulumi.getter
|
1786
|
-
def options(self) -> pulumi.Output[Optional[Mapping[str, str]]]:
|
1979
|
+
def options(self) -> pulumi.Output[Optional[Mapping[str, builtins.str]]]:
|
1787
1980
|
"""
|
1788
1981
|
Specifies mount type specific options that are passed to the backend
|
1789
1982
|
"""
|
@@ -1791,7 +1984,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1791
1984
|
|
1792
1985
|
@property
|
1793
1986
|
@pulumi.getter(name="passthroughRequestHeaders")
|
1794
|
-
def passthrough_request_headers(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
1987
|
+
def passthrough_request_headers(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
|
1795
1988
|
"""
|
1796
1989
|
List of headers to allow and pass from the request to the plugin
|
1797
1990
|
"""
|
@@ -1799,7 +1992,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1799
1992
|
|
1800
1993
|
@property
|
1801
1994
|
@pulumi.getter(name="passwordPolicy")
|
1802
|
-
def password_policy(self) -> pulumi.Output[Optional[str]]:
|
1995
|
+
def password_policy(self) -> pulumi.Output[Optional[builtins.str]]:
|
1803
1996
|
"""
|
1804
1997
|
Name of the password policy to use to generate passwords.
|
1805
1998
|
"""
|
@@ -1807,7 +2000,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1807
2000
|
|
1808
2001
|
@property
|
1809
2002
|
@pulumi.getter
|
1810
|
-
def path(self) -> pulumi.Output[Optional[str]]:
|
2003
|
+
def path(self) -> pulumi.Output[Optional[builtins.str]]:
|
1811
2004
|
"""
|
1812
2005
|
The unique path this backend should be mounted at. Must
|
1813
2006
|
not begin or end with a `/`. Defaults to `ldap`.
|
@@ -1816,7 +2009,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1816
2009
|
|
1817
2010
|
@property
|
1818
2011
|
@pulumi.getter(name="pluginVersion")
|
1819
|
-
def plugin_version(self) -> pulumi.Output[Optional[str]]:
|
2012
|
+
def plugin_version(self) -> pulumi.Output[Optional[builtins.str]]:
|
1820
2013
|
"""
|
1821
2014
|
Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
|
1822
2015
|
"""
|
@@ -1824,16 +2017,44 @@ class SecretBackend(pulumi.CustomResource):
|
|
1824
2017
|
|
1825
2018
|
@property
|
1826
2019
|
@pulumi.getter(name="requestTimeout")
|
1827
|
-
def request_timeout(self) -> pulumi.Output[int]:
|
2020
|
+
def request_timeout(self) -> pulumi.Output[builtins.int]:
|
1828
2021
|
"""
|
1829
2022
|
Timeout, in seconds, for the connection when making requests against the server
|
1830
2023
|
before returning back an error.
|
1831
2024
|
"""
|
1832
2025
|
return pulumi.get(self, "request_timeout")
|
1833
2026
|
|
2027
|
+
@property
|
2028
|
+
@pulumi.getter(name="rotationPeriod")
|
2029
|
+
def rotation_period(self) -> pulumi.Output[Optional[builtins.int]]:
|
2030
|
+
"""
|
2031
|
+
The amount of time in seconds Vault should wait before rotating the root credential.
|
2032
|
+
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
2033
|
+
"""
|
2034
|
+
return pulumi.get(self, "rotation_period")
|
2035
|
+
|
2036
|
+
@property
|
2037
|
+
@pulumi.getter(name="rotationSchedule")
|
2038
|
+
def rotation_schedule(self) -> pulumi.Output[Optional[builtins.str]]:
|
2039
|
+
"""
|
2040
|
+
The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
2041
|
+
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
2042
|
+
"""
|
2043
|
+
return pulumi.get(self, "rotation_schedule")
|
2044
|
+
|
2045
|
+
@property
|
2046
|
+
@pulumi.getter(name="rotationWindow")
|
2047
|
+
def rotation_window(self) -> pulumi.Output[Optional[builtins.int]]:
|
2048
|
+
"""
|
2049
|
+
The maximum amount of time in seconds allowed to complete
|
2050
|
+
a rotation when a scheduled token rotation occurs. The default rotation window is
|
2051
|
+
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
|
2052
|
+
"""
|
2053
|
+
return pulumi.get(self, "rotation_window")
|
2054
|
+
|
1834
2055
|
@property
|
1835
2056
|
@pulumi.getter
|
1836
|
-
def schema(self) -> pulumi.Output[str]:
|
2057
|
+
def schema(self) -> pulumi.Output[builtins.str]:
|
1837
2058
|
"""
|
1838
2059
|
The LDAP schema to use when storing entry passwords. Valid schemas include `openldap`, `ad`, and `racf`. Default is `openldap`.
|
1839
2060
|
"""
|
@@ -1841,7 +2062,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1841
2062
|
|
1842
2063
|
@property
|
1843
2064
|
@pulumi.getter(name="sealWrap")
|
1844
|
-
def seal_wrap(self) -> pulumi.Output[bool]:
|
2065
|
+
def seal_wrap(self) -> pulumi.Output[builtins.bool]:
|
1845
2066
|
"""
|
1846
2067
|
Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
|
1847
2068
|
"""
|
@@ -1849,7 +2070,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1849
2070
|
|
1850
2071
|
@property
|
1851
2072
|
@pulumi.getter(name="skipStaticRoleImportRotation")
|
1852
|
-
def skip_static_role_import_rotation(self) -> pulumi.Output[Optional[bool]]:
|
2073
|
+
def skip_static_role_import_rotation(self) -> pulumi.Output[Optional[builtins.bool]]:
|
1853
2074
|
"""
|
1854
2075
|
If set to true, static roles will not be rotated during import.
|
1855
2076
|
Defaults to false. Requires Vault 1.16 or above.
|
@@ -1858,7 +2079,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1858
2079
|
|
1859
2080
|
@property
|
1860
2081
|
@pulumi.getter
|
1861
|
-
def starttls(self) -> pulumi.Output[bool]:
|
2082
|
+
def starttls(self) -> pulumi.Output[builtins.bool]:
|
1862
2083
|
"""
|
1863
2084
|
Issue a StartTLS command after establishing unencrypted connection.
|
1864
2085
|
"""
|
@@ -1866,7 +2087,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1866
2087
|
|
1867
2088
|
@property
|
1868
2089
|
@pulumi.getter
|
1869
|
-
def upndomain(self) -> pulumi.Output[str]:
|
2090
|
+
def upndomain(self) -> pulumi.Output[builtins.str]:
|
1870
2091
|
"""
|
1871
2092
|
Enables userPrincipalDomain login with [username]@UPNDomain.
|
1872
2093
|
"""
|
@@ -1874,7 +2095,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1874
2095
|
|
1875
2096
|
@property
|
1876
2097
|
@pulumi.getter
|
1877
|
-
def url(self) -> pulumi.Output[str]:
|
2098
|
+
def url(self) -> pulumi.Output[builtins.str]:
|
1878
2099
|
"""
|
1879
2100
|
LDAP URL to connect to. Multiple URLs can be specified by concatenating
|
1880
2101
|
them with commas; they will be tried in-order. Defaults to `ldap://127.0.0.1`.
|
@@ -1883,7 +2104,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1883
2104
|
|
1884
2105
|
@property
|
1885
2106
|
@pulumi.getter
|
1886
|
-
def userattr(self) -> pulumi.Output[str]:
|
2107
|
+
def userattr(self) -> pulumi.Output[builtins.str]:
|
1887
2108
|
"""
|
1888
2109
|
Attribute used when searching users. Defaults to `cn`.
|
1889
2110
|
"""
|
@@ -1891,7 +2112,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1891
2112
|
|
1892
2113
|
@property
|
1893
2114
|
@pulumi.getter
|
1894
|
-
def userdn(self) -> pulumi.Output[Optional[str]]:
|
2115
|
+
def userdn(self) -> pulumi.Output[Optional[builtins.str]]:
|
1895
2116
|
"""
|
1896
2117
|
LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.
|
1897
2118
|
"""
|