pulumi-vault 6.6.0a1741415971__py3-none-any.whl → 6.7.0__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +9 -0
- pulumi_vault/_inputs.py +583 -562
- pulumi_vault/ad/__init__.py +1 -0
- pulumi_vault/ad/get_access_credentials.py +20 -19
- pulumi_vault/ad/secret_backend.py +477 -476
- pulumi_vault/ad/secret_library.py +99 -98
- pulumi_vault/ad/secret_role.py +85 -84
- pulumi_vault/alicloud/__init__.py +1 -0
- pulumi_vault/alicloud/auth_backend_role.py +183 -182
- pulumi_vault/approle/__init__.py +1 -0
- pulumi_vault/approle/auth_backend_login.py +106 -105
- pulumi_vault/approle/auth_backend_role.py +239 -238
- pulumi_vault/approle/auth_backend_role_secret_id.py +162 -161
- pulumi_vault/approle/get_auth_backend_role_id.py +18 -17
- pulumi_vault/audit.py +85 -84
- pulumi_vault/audit_request_header.py +43 -42
- pulumi_vault/auth_backend.py +106 -105
- pulumi_vault/aws/__init__.py +1 -0
- pulumi_vault/aws/auth_backend_cert.py +71 -70
- pulumi_vault/aws/auth_backend_client.py +425 -200
- pulumi_vault/aws/auth_backend_config_identity.py +85 -84
- pulumi_vault/aws/auth_backend_identity_whitelist.py +57 -56
- pulumi_vault/aws/auth_backend_login.py +209 -208
- pulumi_vault/aws/auth_backend_role.py +400 -399
- pulumi_vault/aws/auth_backend_role_tag.py +127 -126
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +57 -56
- pulumi_vault/aws/auth_backend_sts_role.py +71 -70
- pulumi_vault/aws/get_access_credentials.py +44 -43
- pulumi_vault/aws/get_static_access_credentials.py +13 -12
- pulumi_vault/aws/secret_backend.py +523 -306
- pulumi_vault/aws/secret_backend_role.py +211 -210
- pulumi_vault/aws/secret_backend_static_role.py +288 -70
- pulumi_vault/azure/__init__.py +1 -0
- pulumi_vault/azure/_inputs.py +21 -20
- pulumi_vault/azure/auth_backend_config.py +383 -130
- pulumi_vault/azure/auth_backend_role.py +253 -252
- pulumi_vault/azure/backend.py +432 -186
- pulumi_vault/azure/backend_role.py +188 -140
- pulumi_vault/azure/get_access_credentials.py +58 -57
- pulumi_vault/azure/outputs.py +11 -10
- pulumi_vault/cert_auth_backend_role.py +365 -364
- pulumi_vault/config/__init__.py +1 -0
- pulumi_vault/config/__init__.pyi +1 -0
- pulumi_vault/config/_inputs.py +11 -10
- pulumi_vault/config/outputs.py +287 -286
- pulumi_vault/config/ui_custom_message.py +113 -112
- pulumi_vault/config/vars.py +1 -0
- pulumi_vault/consul/__init__.py +1 -0
- pulumi_vault/consul/secret_backend.py +197 -196
- pulumi_vault/consul/secret_backend_role.py +183 -182
- pulumi_vault/database/__init__.py +1 -0
- pulumi_vault/database/_inputs.py +3857 -2200
- pulumi_vault/database/outputs.py +2483 -1330
- pulumi_vault/database/secret_backend_connection.py +333 -112
- pulumi_vault/database/secret_backend_role.py +169 -168
- pulumi_vault/database/secret_backend_static_role.py +283 -140
- pulumi_vault/database/secrets_mount.py +275 -266
- pulumi_vault/egp_policy.py +71 -70
- pulumi_vault/gcp/__init__.py +1 -0
- pulumi_vault/gcp/_inputs.py +82 -81
- pulumi_vault/gcp/auth_backend.py +426 -205
- pulumi_vault/gcp/auth_backend_role.py +281 -280
- pulumi_vault/gcp/get_auth_backend_role.py +70 -69
- pulumi_vault/gcp/outputs.py +50 -49
- pulumi_vault/gcp/secret_backend.py +420 -179
- pulumi_vault/gcp/secret_impersonated_account.py +92 -91
- pulumi_vault/gcp/secret_roleset.py +92 -91
- pulumi_vault/gcp/secret_static_account.py +92 -91
- pulumi_vault/generic/__init__.py +1 -0
- pulumi_vault/generic/endpoint.py +113 -112
- pulumi_vault/generic/get_secret.py +28 -27
- pulumi_vault/generic/secret.py +78 -77
- pulumi_vault/get_auth_backend.py +19 -18
- pulumi_vault/get_auth_backends.py +14 -13
- pulumi_vault/get_namespace.py +15 -14
- pulumi_vault/get_namespaces.py +68 -18
- pulumi_vault/get_nomad_access_token.py +19 -18
- pulumi_vault/get_policy_document.py +6 -5
- pulumi_vault/get_raft_autopilot_state.py +18 -17
- pulumi_vault/github/__init__.py +1 -0
- pulumi_vault/github/_inputs.py +42 -41
- pulumi_vault/github/auth_backend.py +232 -231
- pulumi_vault/github/outputs.py +26 -25
- pulumi_vault/github/team.py +57 -56
- pulumi_vault/github/user.py +57 -56
- pulumi_vault/identity/__init__.py +1 -0
- pulumi_vault/identity/entity.py +85 -84
- pulumi_vault/identity/entity_alias.py +71 -70
- pulumi_vault/identity/entity_policies.py +64 -63
- pulumi_vault/identity/get_entity.py +43 -42
- pulumi_vault/identity/get_group.py +50 -49
- pulumi_vault/identity/get_oidc_client_creds.py +14 -13
- pulumi_vault/identity/get_oidc_openid_config.py +24 -23
- pulumi_vault/identity/get_oidc_public_keys.py +13 -12
- pulumi_vault/identity/group.py +141 -140
- pulumi_vault/identity/group_alias.py +57 -56
- pulumi_vault/identity/group_member_entity_ids.py +57 -56
- pulumi_vault/identity/group_member_group_ids.py +57 -56
- pulumi_vault/identity/group_policies.py +64 -63
- pulumi_vault/identity/mfa_duo.py +148 -147
- pulumi_vault/identity/mfa_login_enforcement.py +120 -119
- pulumi_vault/identity/mfa_okta.py +134 -133
- pulumi_vault/identity/mfa_pingid.py +127 -126
- pulumi_vault/identity/mfa_totp.py +176 -175
- pulumi_vault/identity/oidc.py +29 -28
- pulumi_vault/identity/oidc_assignment.py +57 -56
- pulumi_vault/identity/oidc_client.py +127 -126
- pulumi_vault/identity/oidc_key.py +85 -84
- pulumi_vault/identity/oidc_key_allowed_client_id.py +43 -42
- pulumi_vault/identity/oidc_provider.py +92 -91
- pulumi_vault/identity/oidc_role.py +85 -84
- pulumi_vault/identity/oidc_scope.py +57 -56
- pulumi_vault/identity/outputs.py +32 -31
- pulumi_vault/jwt/__init__.py +1 -0
- pulumi_vault/jwt/_inputs.py +42 -41
- pulumi_vault/jwt/auth_backend.py +288 -287
- pulumi_vault/jwt/auth_backend_role.py +407 -406
- pulumi_vault/jwt/outputs.py +26 -25
- pulumi_vault/kmip/__init__.py +1 -0
- pulumi_vault/kmip/secret_backend.py +183 -182
- pulumi_vault/kmip/secret_role.py +295 -294
- pulumi_vault/kmip/secret_scope.py +57 -56
- pulumi_vault/kubernetes/__init__.py +1 -0
- pulumi_vault/kubernetes/auth_backend_config.py +141 -140
- pulumi_vault/kubernetes/auth_backend_role.py +225 -224
- pulumi_vault/kubernetes/get_auth_backend_config.py +47 -46
- pulumi_vault/kubernetes/get_auth_backend_role.py +70 -69
- pulumi_vault/kubernetes/get_service_account_token.py +38 -37
- pulumi_vault/kubernetes/secret_backend.py +316 -315
- pulumi_vault/kubernetes/secret_backend_role.py +197 -196
- pulumi_vault/kv/__init__.py +1 -0
- pulumi_vault/kv/_inputs.py +21 -20
- pulumi_vault/kv/get_secret.py +17 -16
- pulumi_vault/kv/get_secret_subkeys_v2.py +30 -29
- pulumi_vault/kv/get_secret_v2.py +29 -28
- pulumi_vault/kv/get_secrets_list.py +13 -12
- pulumi_vault/kv/get_secrets_list_v2.py +19 -18
- pulumi_vault/kv/outputs.py +13 -12
- pulumi_vault/kv/secret.py +50 -49
- pulumi_vault/kv/secret_backend_v2.py +71 -70
- pulumi_vault/kv/secret_v2.py +134 -133
- pulumi_vault/ldap/__init__.py +1 -0
- pulumi_vault/ldap/auth_backend.py +754 -533
- pulumi_vault/ldap/auth_backend_group.py +57 -56
- pulumi_vault/ldap/auth_backend_user.py +71 -70
- pulumi_vault/ldap/get_dynamic_credentials.py +17 -16
- pulumi_vault/ldap/get_static_credentials.py +18 -17
- pulumi_vault/ldap/secret_backend.py +720 -499
- pulumi_vault/ldap/secret_backend_dynamic_role.py +127 -126
- pulumi_vault/ldap/secret_backend_library_set.py +99 -98
- pulumi_vault/ldap/secret_backend_static_role.py +99 -98
- pulumi_vault/managed/__init__.py +1 -0
- pulumi_vault/managed/_inputs.py +229 -228
- pulumi_vault/managed/keys.py +15 -14
- pulumi_vault/managed/outputs.py +139 -138
- pulumi_vault/mfa_duo.py +113 -112
- pulumi_vault/mfa_okta.py +113 -112
- pulumi_vault/mfa_pingid.py +120 -119
- pulumi_vault/mfa_totp.py +127 -126
- pulumi_vault/mongodbatlas/__init__.py +1 -0
- pulumi_vault/mongodbatlas/secret_backend.py +64 -63
- pulumi_vault/mongodbatlas/secret_role.py +155 -154
- pulumi_vault/mount.py +274 -273
- pulumi_vault/namespace.py +64 -63
- pulumi_vault/nomad_secret_backend.py +211 -210
- pulumi_vault/nomad_secret_role.py +85 -84
- pulumi_vault/okta/__init__.py +1 -0
- pulumi_vault/okta/_inputs.py +26 -25
- pulumi_vault/okta/auth_backend.py +274 -273
- pulumi_vault/okta/auth_backend_group.py +57 -56
- pulumi_vault/okta/auth_backend_user.py +71 -70
- pulumi_vault/okta/outputs.py +16 -15
- pulumi_vault/outputs.py +73 -60
- pulumi_vault/password_policy.py +43 -42
- pulumi_vault/pkisecret/__init__.py +3 -0
- pulumi_vault/pkisecret/_inputs.py +31 -36
- pulumi_vault/pkisecret/backend_acme_eab.py +92 -91
- pulumi_vault/pkisecret/backend_config_acme.py +174 -126
- pulumi_vault/pkisecret/backend_config_auto_tidy.py +1377 -0
- pulumi_vault/pkisecret/backend_config_cluster.py +57 -56
- pulumi_vault/pkisecret/backend_config_cmpv2.py +152 -104
- pulumi_vault/pkisecret/backend_config_est.py +120 -119
- pulumi_vault/pkisecret/get_backend_cert_metadata.py +278 -0
- pulumi_vault/pkisecret/get_backend_config_cmpv2.py +35 -17
- pulumi_vault/pkisecret/get_backend_config_est.py +19 -18
- pulumi_vault/pkisecret/get_backend_issuer.py +139 -25
- pulumi_vault/pkisecret/get_backend_issuers.py +15 -14
- pulumi_vault/pkisecret/get_backend_key.py +20 -19
- pulumi_vault/pkisecret/get_backend_keys.py +15 -14
- pulumi_vault/pkisecret/outputs.py +28 -31
- pulumi_vault/pkisecret/secret_backend_cert.py +439 -297
- pulumi_vault/pkisecret/secret_backend_config_ca.py +43 -42
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +57 -56
- pulumi_vault/pkisecret/secret_backend_config_urls.py +85 -84
- pulumi_vault/pkisecret/secret_backend_crl_config.py +237 -182
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +520 -378
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +57 -56
- pulumi_vault/pkisecret/secret_backend_issuer.py +441 -175
- pulumi_vault/pkisecret/secret_backend_key.py +120 -119
- pulumi_vault/pkisecret/secret_backend_role.py +894 -644
- pulumi_vault/pkisecret/secret_backend_root_cert.py +851 -427
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +936 -357
- pulumi_vault/pkisecret/secret_backend_sign.py +347 -252
- pulumi_vault/plugin.py +127 -126
- pulumi_vault/plugin_pinned_version.py +43 -42
- pulumi_vault/policy.py +43 -42
- pulumi_vault/provider.py +120 -119
- pulumi_vault/pulumi-plugin.json +1 -1
- pulumi_vault/quota_lease_count.py +85 -84
- pulumi_vault/quota_rate_limit.py +113 -112
- pulumi_vault/rabbitmq/__init__.py +1 -0
- pulumi_vault/rabbitmq/_inputs.py +41 -40
- pulumi_vault/rabbitmq/outputs.py +25 -24
- pulumi_vault/rabbitmq/secret_backend.py +169 -168
- pulumi_vault/rabbitmq/secret_backend_role.py +57 -56
- pulumi_vault/raft_autopilot.py +113 -112
- pulumi_vault/raft_snapshot_agent_config.py +393 -392
- pulumi_vault/rgp_policy.py +57 -56
- pulumi_vault/saml/__init__.py +1 -0
- pulumi_vault/saml/auth_backend.py +155 -154
- pulumi_vault/saml/auth_backend_role.py +239 -238
- pulumi_vault/secrets/__init__.py +1 -0
- pulumi_vault/secrets/_inputs.py +16 -15
- pulumi_vault/secrets/outputs.py +10 -9
- pulumi_vault/secrets/sync_association.py +71 -70
- pulumi_vault/secrets/sync_aws_destination.py +148 -147
- pulumi_vault/secrets/sync_azure_destination.py +148 -147
- pulumi_vault/secrets/sync_config.py +43 -42
- pulumi_vault/secrets/sync_gcp_destination.py +106 -105
- pulumi_vault/secrets/sync_gh_destination.py +134 -133
- pulumi_vault/secrets/sync_github_apps.py +64 -63
- pulumi_vault/secrets/sync_vercel_destination.py +120 -119
- pulumi_vault/ssh/__init__.py +2 -0
- pulumi_vault/ssh/_inputs.py +11 -10
- pulumi_vault/ssh/get_secret_backend_sign.py +295 -0
- pulumi_vault/ssh/outputs.py +7 -6
- pulumi_vault/ssh/secret_backend_ca.py +99 -98
- pulumi_vault/ssh/secret_backend_role.py +365 -364
- pulumi_vault/terraformcloud/__init__.py +1 -0
- pulumi_vault/terraformcloud/secret_backend.py +111 -110
- pulumi_vault/terraformcloud/secret_creds.py +74 -73
- pulumi_vault/terraformcloud/secret_role.py +96 -95
- pulumi_vault/token.py +246 -245
- pulumi_vault/tokenauth/__init__.py +1 -0
- pulumi_vault/tokenauth/auth_backend_role.py +267 -266
- pulumi_vault/transform/__init__.py +1 -0
- pulumi_vault/transform/alphabet.py +57 -56
- pulumi_vault/transform/get_decode.py +47 -46
- pulumi_vault/transform/get_encode.py +47 -46
- pulumi_vault/transform/role.py +57 -56
- pulumi_vault/transform/template.py +113 -112
- pulumi_vault/transform/transformation.py +141 -140
- pulumi_vault/transit/__init__.py +3 -0
- pulumi_vault/transit/get_decrypt.py +18 -17
- pulumi_vault/transit/get_encrypt.py +21 -20
- pulumi_vault/transit/get_sign.py +325 -0
- pulumi_vault/transit/get_verify.py +355 -0
- pulumi_vault/transit/secret_backend_key.py +394 -231
- pulumi_vault/transit/secret_cache_config.py +43 -42
- {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0.dist-info}/METADATA +2 -2
- pulumi_vault-6.7.0.dist-info/RECORD +265 -0
- {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0.dist-info}/WHEEL +1 -1
- pulumi_vault-6.6.0a1741415971.dist-info/RECORD +0 -260
- {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0.dist-info}/top_level.txt +0 -0
@@ -2,6 +2,7 @@
|
|
2
2
|
# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
|
3
3
|
# *** Do not edit by hand unless you're certain you know what you are doing! ***
|
4
4
|
|
5
|
+
import builtins
|
5
6
|
import copy
|
6
7
|
import warnings
|
7
8
|
import sys
|
@@ -19,52 +20,64 @@ __all__ = ['AuthBackendClientArgs', 'AuthBackendClient']
|
|
19
20
|
@pulumi.input_type
|
20
21
|
class AuthBackendClientArgs:
|
21
22
|
def __init__(__self__, *,
|
22
|
-
access_key: Optional[pulumi.Input[str]] = None,
|
23
|
-
backend: Optional[pulumi.Input[str]] = None,
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
23
|
+
access_key: Optional[pulumi.Input[builtins.str]] = None,
|
24
|
+
backend: Optional[pulumi.Input[builtins.str]] = None,
|
25
|
+
disable_automated_rotation: Optional[pulumi.Input[builtins.bool]] = None,
|
26
|
+
ec2_endpoint: Optional[pulumi.Input[builtins.str]] = None,
|
27
|
+
iam_endpoint: Optional[pulumi.Input[builtins.str]] = None,
|
28
|
+
iam_server_id_header_value: Optional[pulumi.Input[builtins.str]] = None,
|
29
|
+
identity_token_audience: Optional[pulumi.Input[builtins.str]] = None,
|
30
|
+
identity_token_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
31
|
+
max_retries: Optional[pulumi.Input[builtins.int]] = None,
|
32
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
33
|
+
role_arn: Optional[pulumi.Input[builtins.str]] = None,
|
34
|
+
rotation_period: Optional[pulumi.Input[builtins.int]] = None,
|
35
|
+
rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
|
36
|
+
rotation_window: Optional[pulumi.Input[builtins.int]] = None,
|
37
|
+
secret_key: Optional[pulumi.Input[builtins.str]] = None,
|
38
|
+
sts_endpoint: Optional[pulumi.Input[builtins.str]] = None,
|
39
|
+
sts_region: Optional[pulumi.Input[builtins.str]] = None,
|
40
|
+
use_sts_region_from_client: Optional[pulumi.Input[builtins.bool]] = None):
|
36
41
|
"""
|
37
42
|
The set of arguments for constructing a AuthBackendClient resource.
|
38
|
-
:param pulumi.Input[str] access_key: The AWS access key that Vault should use for the
|
43
|
+
:param pulumi.Input[builtins.str] access_key: The AWS access key that Vault should use for the
|
39
44
|
auth backend. Mutually exclusive with `identity_token_audience`.
|
40
|
-
:param pulumi.Input[str] backend: The path the AWS auth backend being configured was
|
45
|
+
:param pulumi.Input[builtins.str] backend: The path the AWS auth backend being configured was
|
41
46
|
mounted at. Defaults to `aws`.
|
42
|
-
:param pulumi.Input[
|
47
|
+
:param pulumi.Input[builtins.bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
48
|
+
:param pulumi.Input[builtins.str] ec2_endpoint: Override the URL Vault uses when making EC2 API
|
43
49
|
calls.
|
44
|
-
:param pulumi.Input[str] iam_endpoint: Override the URL Vault uses when making IAM API
|
50
|
+
:param pulumi.Input[builtins.str] iam_endpoint: Override the URL Vault uses when making IAM API
|
45
51
|
calls.
|
46
|
-
:param pulumi.Input[str] iam_server_id_header_value: The value to require in the
|
52
|
+
:param pulumi.Input[builtins.str] iam_server_id_header_value: The value to require in the
|
47
53
|
`X-Vault-AWS-IAM-Server-ID` header as part of `GetCallerIdentity` requests
|
48
54
|
that are used in the IAM auth method.
|
49
|
-
:param pulumi.Input[str] identity_token_audience: The audience claim value. Mutually exclusive with `access_key`.
|
55
|
+
:param pulumi.Input[builtins.str] identity_token_audience: The audience claim value. Mutually exclusive with `access_key`.
|
50
56
|
Requires Vault 1.17+. *Available only for Vault Enterprise*
|
51
|
-
:param pulumi.Input[int] identity_token_ttl: The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
|
57
|
+
:param pulumi.Input[builtins.int] identity_token_ttl: The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
|
52
58
|
*Available only for Vault Enterprise*
|
53
|
-
:param pulumi.Input[int] max_retries: Number of max retries the client should use for recoverable errors.
|
59
|
+
:param pulumi.Input[builtins.int] max_retries: Number of max retries the client should use for recoverable errors.
|
54
60
|
The default `-1` falls back to the AWS SDK's default behavior.
|
55
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
61
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
56
62
|
The value should not contain leading or trailing forward slashes.
|
57
63
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
58
64
|
*Available only for Vault Enterprise*.
|
59
|
-
:param pulumi.Input[str] role_arn: Role ARN to assume for plugin identity token federation. Requires Vault 1.17+.
|
65
|
+
:param pulumi.Input[builtins.str] role_arn: Role ARN to assume for plugin identity token federation. Requires Vault 1.17+.
|
60
66
|
*Available only for Vault Enterprise*
|
61
|
-
:param pulumi.Input[
|
67
|
+
:param pulumi.Input[builtins.int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
|
68
|
+
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
69
|
+
:param pulumi.Input[builtins.str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
70
|
+
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
71
|
+
:param pulumi.Input[builtins.int] rotation_window: The maximum amount of time in seconds allowed to complete
|
72
|
+
a rotation when a scheduled token rotation occurs. The default rotation window is
|
73
|
+
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
|
74
|
+
:param pulumi.Input[builtins.str] secret_key: The AWS secret key that Vault should use for the
|
62
75
|
auth backend.
|
63
|
-
:param pulumi.Input[str] sts_endpoint: Override the URL Vault uses when making STS API
|
76
|
+
:param pulumi.Input[builtins.str] sts_endpoint: Override the URL Vault uses when making STS API
|
64
77
|
calls.
|
65
|
-
:param pulumi.Input[str] sts_region: Override the default region when making STS API
|
78
|
+
:param pulumi.Input[builtins.str] sts_region: Override the default region when making STS API
|
66
79
|
calls. The `sts_endpoint` argument must be set when using `sts_region`.
|
67
|
-
:param pulumi.Input[bool] use_sts_region_from_client: Available in Vault v1.15+. If set,
|
80
|
+
:param pulumi.Input[builtins.bool] use_sts_region_from_client: Available in Vault v1.15+. If set,
|
68
81
|
overrides both `sts_endpoint` and `sts_region` to instead use the region
|
69
82
|
specified in the client request headers for IAM-based authentication.
|
70
83
|
This can be useful when you have client requests coming from different
|
@@ -74,6 +87,8 @@ class AuthBackendClientArgs:
|
|
74
87
|
pulumi.set(__self__, "access_key", access_key)
|
75
88
|
if backend is not None:
|
76
89
|
pulumi.set(__self__, "backend", backend)
|
90
|
+
if disable_automated_rotation is not None:
|
91
|
+
pulumi.set(__self__, "disable_automated_rotation", disable_automated_rotation)
|
77
92
|
if ec2_endpoint is not None:
|
78
93
|
pulumi.set(__self__, "ec2_endpoint", ec2_endpoint)
|
79
94
|
if iam_endpoint is not None:
|
@@ -90,6 +105,12 @@ class AuthBackendClientArgs:
|
|
90
105
|
pulumi.set(__self__, "namespace", namespace)
|
91
106
|
if role_arn is not None:
|
92
107
|
pulumi.set(__self__, "role_arn", role_arn)
|
108
|
+
if rotation_period is not None:
|
109
|
+
pulumi.set(__self__, "rotation_period", rotation_period)
|
110
|
+
if rotation_schedule is not None:
|
111
|
+
pulumi.set(__self__, "rotation_schedule", rotation_schedule)
|
112
|
+
if rotation_window is not None:
|
113
|
+
pulumi.set(__self__, "rotation_window", rotation_window)
|
93
114
|
if secret_key is not None:
|
94
115
|
pulumi.set(__self__, "secret_key", secret_key)
|
95
116
|
if sts_endpoint is not None:
|
@@ -101,7 +122,7 @@ class AuthBackendClientArgs:
|
|
101
122
|
|
102
123
|
@property
|
103
124
|
@pulumi.getter(name="accessKey")
|
104
|
-
def access_key(self) -> Optional[pulumi.Input[str]]:
|
125
|
+
def access_key(self) -> Optional[pulumi.Input[builtins.str]]:
|
105
126
|
"""
|
106
127
|
The AWS access key that Vault should use for the
|
107
128
|
auth backend. Mutually exclusive with `identity_token_audience`.
|
@@ -109,12 +130,12 @@ class AuthBackendClientArgs:
|
|
109
130
|
return pulumi.get(self, "access_key")
|
110
131
|
|
111
132
|
@access_key.setter
|
112
|
-
def access_key(self, value: Optional[pulumi.Input[str]]):
|
133
|
+
def access_key(self, value: Optional[pulumi.Input[builtins.str]]):
|
113
134
|
pulumi.set(self, "access_key", value)
|
114
135
|
|
115
136
|
@property
|
116
137
|
@pulumi.getter
|
117
|
-
def backend(self) -> Optional[pulumi.Input[str]]:
|
138
|
+
def backend(self) -> Optional[pulumi.Input[builtins.str]]:
|
118
139
|
"""
|
119
140
|
The path the AWS auth backend being configured was
|
120
141
|
mounted at. Defaults to `aws`.
|
@@ -122,12 +143,24 @@ class AuthBackendClientArgs:
|
|
122
143
|
return pulumi.get(self, "backend")
|
123
144
|
|
124
145
|
@backend.setter
|
125
|
-
def backend(self, value: Optional[pulumi.Input[str]]):
|
146
|
+
def backend(self, value: Optional[pulumi.Input[builtins.str]]):
|
126
147
|
pulumi.set(self, "backend", value)
|
127
148
|
|
149
|
+
@property
|
150
|
+
@pulumi.getter(name="disableAutomatedRotation")
|
151
|
+
def disable_automated_rotation(self) -> Optional[pulumi.Input[builtins.bool]]:
|
152
|
+
"""
|
153
|
+
Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
154
|
+
"""
|
155
|
+
return pulumi.get(self, "disable_automated_rotation")
|
156
|
+
|
157
|
+
@disable_automated_rotation.setter
|
158
|
+
def disable_automated_rotation(self, value: Optional[pulumi.Input[builtins.bool]]):
|
159
|
+
pulumi.set(self, "disable_automated_rotation", value)
|
160
|
+
|
128
161
|
@property
|
129
162
|
@pulumi.getter(name="ec2Endpoint")
|
130
|
-
def ec2_endpoint(self) -> Optional[pulumi.Input[str]]:
|
163
|
+
def ec2_endpoint(self) -> Optional[pulumi.Input[builtins.str]]:
|
131
164
|
"""
|
132
165
|
Override the URL Vault uses when making EC2 API
|
133
166
|
calls.
|
@@ -135,12 +168,12 @@ class AuthBackendClientArgs:
|
|
135
168
|
return pulumi.get(self, "ec2_endpoint")
|
136
169
|
|
137
170
|
@ec2_endpoint.setter
|
138
|
-
def ec2_endpoint(self, value: Optional[pulumi.Input[str]]):
|
171
|
+
def ec2_endpoint(self, value: Optional[pulumi.Input[builtins.str]]):
|
139
172
|
pulumi.set(self, "ec2_endpoint", value)
|
140
173
|
|
141
174
|
@property
|
142
175
|
@pulumi.getter(name="iamEndpoint")
|
143
|
-
def iam_endpoint(self) -> Optional[pulumi.Input[str]]:
|
176
|
+
def iam_endpoint(self) -> Optional[pulumi.Input[builtins.str]]:
|
144
177
|
"""
|
145
178
|
Override the URL Vault uses when making IAM API
|
146
179
|
calls.
|
@@ -148,12 +181,12 @@ class AuthBackendClientArgs:
|
|
148
181
|
return pulumi.get(self, "iam_endpoint")
|
149
182
|
|
150
183
|
@iam_endpoint.setter
|
151
|
-
def iam_endpoint(self, value: Optional[pulumi.Input[str]]):
|
184
|
+
def iam_endpoint(self, value: Optional[pulumi.Input[builtins.str]]):
|
152
185
|
pulumi.set(self, "iam_endpoint", value)
|
153
186
|
|
154
187
|
@property
|
155
188
|
@pulumi.getter(name="iamServerIdHeaderValue")
|
156
|
-
def iam_server_id_header_value(self) -> Optional[pulumi.Input[str]]:
|
189
|
+
def iam_server_id_header_value(self) -> Optional[pulumi.Input[builtins.str]]:
|
157
190
|
"""
|
158
191
|
The value to require in the
|
159
192
|
`X-Vault-AWS-IAM-Server-ID` header as part of `GetCallerIdentity` requests
|
@@ -162,12 +195,12 @@ class AuthBackendClientArgs:
|
|
162
195
|
return pulumi.get(self, "iam_server_id_header_value")
|
163
196
|
|
164
197
|
@iam_server_id_header_value.setter
|
165
|
-
def iam_server_id_header_value(self, value: Optional[pulumi.Input[str]]):
|
198
|
+
def iam_server_id_header_value(self, value: Optional[pulumi.Input[builtins.str]]):
|
166
199
|
pulumi.set(self, "iam_server_id_header_value", value)
|
167
200
|
|
168
201
|
@property
|
169
202
|
@pulumi.getter(name="identityTokenAudience")
|
170
|
-
def identity_token_audience(self) -> Optional[pulumi.Input[str]]:
|
203
|
+
def identity_token_audience(self) -> Optional[pulumi.Input[builtins.str]]:
|
171
204
|
"""
|
172
205
|
The audience claim value. Mutually exclusive with `access_key`.
|
173
206
|
Requires Vault 1.17+. *Available only for Vault Enterprise*
|
@@ -175,12 +208,12 @@ class AuthBackendClientArgs:
|
|
175
208
|
return pulumi.get(self, "identity_token_audience")
|
176
209
|
|
177
210
|
@identity_token_audience.setter
|
178
|
-
def identity_token_audience(self, value: Optional[pulumi.Input[str]]):
|
211
|
+
def identity_token_audience(self, value: Optional[pulumi.Input[builtins.str]]):
|
179
212
|
pulumi.set(self, "identity_token_audience", value)
|
180
213
|
|
181
214
|
@property
|
182
215
|
@pulumi.getter(name="identityTokenTtl")
|
183
|
-
def identity_token_ttl(self) -> Optional[pulumi.Input[int]]:
|
216
|
+
def identity_token_ttl(self) -> Optional[pulumi.Input[builtins.int]]:
|
184
217
|
"""
|
185
218
|
The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
|
186
219
|
*Available only for Vault Enterprise*
|
@@ -188,12 +221,12 @@ class AuthBackendClientArgs:
|
|
188
221
|
return pulumi.get(self, "identity_token_ttl")
|
189
222
|
|
190
223
|
@identity_token_ttl.setter
|
191
|
-
def identity_token_ttl(self, value: Optional[pulumi.Input[int]]):
|
224
|
+
def identity_token_ttl(self, value: Optional[pulumi.Input[builtins.int]]):
|
192
225
|
pulumi.set(self, "identity_token_ttl", value)
|
193
226
|
|
194
227
|
@property
|
195
228
|
@pulumi.getter(name="maxRetries")
|
196
|
-
def max_retries(self) -> Optional[pulumi.Input[int]]:
|
229
|
+
def max_retries(self) -> Optional[pulumi.Input[builtins.int]]:
|
197
230
|
"""
|
198
231
|
Number of max retries the client should use for recoverable errors.
|
199
232
|
The default `-1` falls back to the AWS SDK's default behavior.
|
@@ -201,12 +234,12 @@ class AuthBackendClientArgs:
|
|
201
234
|
return pulumi.get(self, "max_retries")
|
202
235
|
|
203
236
|
@max_retries.setter
|
204
|
-
def max_retries(self, value: Optional[pulumi.Input[int]]):
|
237
|
+
def max_retries(self, value: Optional[pulumi.Input[builtins.int]]):
|
205
238
|
pulumi.set(self, "max_retries", value)
|
206
239
|
|
207
240
|
@property
|
208
241
|
@pulumi.getter
|
209
|
-
def namespace(self) -> Optional[pulumi.Input[str]]:
|
242
|
+
def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
|
210
243
|
"""
|
211
244
|
The namespace to provision the resource in.
|
212
245
|
The value should not contain leading or trailing forward slashes.
|
@@ -216,12 +249,12 @@ class AuthBackendClientArgs:
|
|
216
249
|
return pulumi.get(self, "namespace")
|
217
250
|
|
218
251
|
@namespace.setter
|
219
|
-
def namespace(self, value: Optional[pulumi.Input[str]]):
|
252
|
+
def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
|
220
253
|
pulumi.set(self, "namespace", value)
|
221
254
|
|
222
255
|
@property
|
223
256
|
@pulumi.getter(name="roleArn")
|
224
|
-
def role_arn(self) -> Optional[pulumi.Input[str]]:
|
257
|
+
def role_arn(self) -> Optional[pulumi.Input[builtins.str]]:
|
225
258
|
"""
|
226
259
|
Role ARN to assume for plugin identity token federation. Requires Vault 1.17+.
|
227
260
|
*Available only for Vault Enterprise*
|
@@ -229,12 +262,52 @@ class AuthBackendClientArgs:
|
|
229
262
|
return pulumi.get(self, "role_arn")
|
230
263
|
|
231
264
|
@role_arn.setter
|
232
|
-
def role_arn(self, value: Optional[pulumi.Input[str]]):
|
265
|
+
def role_arn(self, value: Optional[pulumi.Input[builtins.str]]):
|
233
266
|
pulumi.set(self, "role_arn", value)
|
234
267
|
|
268
|
+
@property
|
269
|
+
@pulumi.getter(name="rotationPeriod")
|
270
|
+
def rotation_period(self) -> Optional[pulumi.Input[builtins.int]]:
|
271
|
+
"""
|
272
|
+
The amount of time in seconds Vault should wait before rotating the root credential.
|
273
|
+
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
274
|
+
"""
|
275
|
+
return pulumi.get(self, "rotation_period")
|
276
|
+
|
277
|
+
@rotation_period.setter
|
278
|
+
def rotation_period(self, value: Optional[pulumi.Input[builtins.int]]):
|
279
|
+
pulumi.set(self, "rotation_period", value)
|
280
|
+
|
281
|
+
@property
|
282
|
+
@pulumi.getter(name="rotationSchedule")
|
283
|
+
def rotation_schedule(self) -> Optional[pulumi.Input[builtins.str]]:
|
284
|
+
"""
|
285
|
+
The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
286
|
+
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
287
|
+
"""
|
288
|
+
return pulumi.get(self, "rotation_schedule")
|
289
|
+
|
290
|
+
@rotation_schedule.setter
|
291
|
+
def rotation_schedule(self, value: Optional[pulumi.Input[builtins.str]]):
|
292
|
+
pulumi.set(self, "rotation_schedule", value)
|
293
|
+
|
294
|
+
@property
|
295
|
+
@pulumi.getter(name="rotationWindow")
|
296
|
+
def rotation_window(self) -> Optional[pulumi.Input[builtins.int]]:
|
297
|
+
"""
|
298
|
+
The maximum amount of time in seconds allowed to complete
|
299
|
+
a rotation when a scheduled token rotation occurs. The default rotation window is
|
300
|
+
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
|
301
|
+
"""
|
302
|
+
return pulumi.get(self, "rotation_window")
|
303
|
+
|
304
|
+
@rotation_window.setter
|
305
|
+
def rotation_window(self, value: Optional[pulumi.Input[builtins.int]]):
|
306
|
+
pulumi.set(self, "rotation_window", value)
|
307
|
+
|
235
308
|
@property
|
236
309
|
@pulumi.getter(name="secretKey")
|
237
|
-
def secret_key(self) -> Optional[pulumi.Input[str]]:
|
310
|
+
def secret_key(self) -> Optional[pulumi.Input[builtins.str]]:
|
238
311
|
"""
|
239
312
|
The AWS secret key that Vault should use for the
|
240
313
|
auth backend.
|
@@ -242,12 +315,12 @@ class AuthBackendClientArgs:
|
|
242
315
|
return pulumi.get(self, "secret_key")
|
243
316
|
|
244
317
|
@secret_key.setter
|
245
|
-
def secret_key(self, value: Optional[pulumi.Input[str]]):
|
318
|
+
def secret_key(self, value: Optional[pulumi.Input[builtins.str]]):
|
246
319
|
pulumi.set(self, "secret_key", value)
|
247
320
|
|
248
321
|
@property
|
249
322
|
@pulumi.getter(name="stsEndpoint")
|
250
|
-
def sts_endpoint(self) -> Optional[pulumi.Input[str]]:
|
323
|
+
def sts_endpoint(self) -> Optional[pulumi.Input[builtins.str]]:
|
251
324
|
"""
|
252
325
|
Override the URL Vault uses when making STS API
|
253
326
|
calls.
|
@@ -255,12 +328,12 @@ class AuthBackendClientArgs:
|
|
255
328
|
return pulumi.get(self, "sts_endpoint")
|
256
329
|
|
257
330
|
@sts_endpoint.setter
|
258
|
-
def sts_endpoint(self, value: Optional[pulumi.Input[str]]):
|
331
|
+
def sts_endpoint(self, value: Optional[pulumi.Input[builtins.str]]):
|
259
332
|
pulumi.set(self, "sts_endpoint", value)
|
260
333
|
|
261
334
|
@property
|
262
335
|
@pulumi.getter(name="stsRegion")
|
263
|
-
def sts_region(self) -> Optional[pulumi.Input[str]]:
|
336
|
+
def sts_region(self) -> Optional[pulumi.Input[builtins.str]]:
|
264
337
|
"""
|
265
338
|
Override the default region when making STS API
|
266
339
|
calls. The `sts_endpoint` argument must be set when using `sts_region`.
|
@@ -268,12 +341,12 @@ class AuthBackendClientArgs:
|
|
268
341
|
return pulumi.get(self, "sts_region")
|
269
342
|
|
270
343
|
@sts_region.setter
|
271
|
-
def sts_region(self, value: Optional[pulumi.Input[str]]):
|
344
|
+
def sts_region(self, value: Optional[pulumi.Input[builtins.str]]):
|
272
345
|
pulumi.set(self, "sts_region", value)
|
273
346
|
|
274
347
|
@property
|
275
348
|
@pulumi.getter(name="useStsRegionFromClient")
|
276
|
-
def use_sts_region_from_client(self) -> Optional[pulumi.Input[bool]]:
|
349
|
+
def use_sts_region_from_client(self) -> Optional[pulumi.Input[builtins.bool]]:
|
277
350
|
"""
|
278
351
|
Available in Vault v1.15+. If set,
|
279
352
|
overrides both `sts_endpoint` and `sts_region` to instead use the region
|
@@ -284,59 +357,71 @@ class AuthBackendClientArgs:
|
|
284
357
|
return pulumi.get(self, "use_sts_region_from_client")
|
285
358
|
|
286
359
|
@use_sts_region_from_client.setter
|
287
|
-
def use_sts_region_from_client(self, value: Optional[pulumi.Input[bool]]):
|
360
|
+
def use_sts_region_from_client(self, value: Optional[pulumi.Input[builtins.bool]]):
|
288
361
|
pulumi.set(self, "use_sts_region_from_client", value)
|
289
362
|
|
290
363
|
|
291
364
|
@pulumi.input_type
|
292
365
|
class _AuthBackendClientState:
|
293
366
|
def __init__(__self__, *,
|
294
|
-
access_key: Optional[pulumi.Input[str]] = None,
|
295
|
-
backend: Optional[pulumi.Input[str]] = None,
|
296
|
-
|
297
|
-
|
298
|
-
|
299
|
-
|
300
|
-
|
301
|
-
|
302
|
-
|
303
|
-
|
304
|
-
|
305
|
-
|
306
|
-
|
307
|
-
|
367
|
+
access_key: Optional[pulumi.Input[builtins.str]] = None,
|
368
|
+
backend: Optional[pulumi.Input[builtins.str]] = None,
|
369
|
+
disable_automated_rotation: Optional[pulumi.Input[builtins.bool]] = None,
|
370
|
+
ec2_endpoint: Optional[pulumi.Input[builtins.str]] = None,
|
371
|
+
iam_endpoint: Optional[pulumi.Input[builtins.str]] = None,
|
372
|
+
iam_server_id_header_value: Optional[pulumi.Input[builtins.str]] = None,
|
373
|
+
identity_token_audience: Optional[pulumi.Input[builtins.str]] = None,
|
374
|
+
identity_token_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
375
|
+
max_retries: Optional[pulumi.Input[builtins.int]] = None,
|
376
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
377
|
+
role_arn: Optional[pulumi.Input[builtins.str]] = None,
|
378
|
+
rotation_period: Optional[pulumi.Input[builtins.int]] = None,
|
379
|
+
rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
|
380
|
+
rotation_window: Optional[pulumi.Input[builtins.int]] = None,
|
381
|
+
secret_key: Optional[pulumi.Input[builtins.str]] = None,
|
382
|
+
sts_endpoint: Optional[pulumi.Input[builtins.str]] = None,
|
383
|
+
sts_region: Optional[pulumi.Input[builtins.str]] = None,
|
384
|
+
use_sts_region_from_client: Optional[pulumi.Input[builtins.bool]] = None):
|
308
385
|
"""
|
309
386
|
Input properties used for looking up and filtering AuthBackendClient resources.
|
310
|
-
:param pulumi.Input[str] access_key: The AWS access key that Vault should use for the
|
387
|
+
:param pulumi.Input[builtins.str] access_key: The AWS access key that Vault should use for the
|
311
388
|
auth backend. Mutually exclusive with `identity_token_audience`.
|
312
|
-
:param pulumi.Input[str] backend: The path the AWS auth backend being configured was
|
389
|
+
:param pulumi.Input[builtins.str] backend: The path the AWS auth backend being configured was
|
313
390
|
mounted at. Defaults to `aws`.
|
314
|
-
:param pulumi.Input[
|
391
|
+
:param pulumi.Input[builtins.bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
392
|
+
:param pulumi.Input[builtins.str] ec2_endpoint: Override the URL Vault uses when making EC2 API
|
315
393
|
calls.
|
316
|
-
:param pulumi.Input[str] iam_endpoint: Override the URL Vault uses when making IAM API
|
394
|
+
:param pulumi.Input[builtins.str] iam_endpoint: Override the URL Vault uses when making IAM API
|
317
395
|
calls.
|
318
|
-
:param pulumi.Input[str] iam_server_id_header_value: The value to require in the
|
396
|
+
:param pulumi.Input[builtins.str] iam_server_id_header_value: The value to require in the
|
319
397
|
`X-Vault-AWS-IAM-Server-ID` header as part of `GetCallerIdentity` requests
|
320
398
|
that are used in the IAM auth method.
|
321
|
-
:param pulumi.Input[str] identity_token_audience: The audience claim value. Mutually exclusive with `access_key`.
|
399
|
+
:param pulumi.Input[builtins.str] identity_token_audience: The audience claim value. Mutually exclusive with `access_key`.
|
322
400
|
Requires Vault 1.17+. *Available only for Vault Enterprise*
|
323
|
-
:param pulumi.Input[int] identity_token_ttl: The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
|
401
|
+
:param pulumi.Input[builtins.int] identity_token_ttl: The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
|
324
402
|
*Available only for Vault Enterprise*
|
325
|
-
:param pulumi.Input[int] max_retries: Number of max retries the client should use for recoverable errors.
|
403
|
+
:param pulumi.Input[builtins.int] max_retries: Number of max retries the client should use for recoverable errors.
|
326
404
|
The default `-1` falls back to the AWS SDK's default behavior.
|
327
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
405
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
328
406
|
The value should not contain leading or trailing forward slashes.
|
329
407
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
330
408
|
*Available only for Vault Enterprise*.
|
331
|
-
:param pulumi.Input[str] role_arn: Role ARN to assume for plugin identity token federation. Requires Vault 1.17+.
|
409
|
+
:param pulumi.Input[builtins.str] role_arn: Role ARN to assume for plugin identity token federation. Requires Vault 1.17+.
|
332
410
|
*Available only for Vault Enterprise*
|
333
|
-
:param pulumi.Input[
|
411
|
+
:param pulumi.Input[builtins.int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
|
412
|
+
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
413
|
+
:param pulumi.Input[builtins.str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
414
|
+
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
415
|
+
:param pulumi.Input[builtins.int] rotation_window: The maximum amount of time in seconds allowed to complete
|
416
|
+
a rotation when a scheduled token rotation occurs. The default rotation window is
|
417
|
+
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
|
418
|
+
:param pulumi.Input[builtins.str] secret_key: The AWS secret key that Vault should use for the
|
334
419
|
auth backend.
|
335
|
-
:param pulumi.Input[str] sts_endpoint: Override the URL Vault uses when making STS API
|
420
|
+
:param pulumi.Input[builtins.str] sts_endpoint: Override the URL Vault uses when making STS API
|
336
421
|
calls.
|
337
|
-
:param pulumi.Input[str] sts_region: Override the default region when making STS API
|
422
|
+
:param pulumi.Input[builtins.str] sts_region: Override the default region when making STS API
|
338
423
|
calls. The `sts_endpoint` argument must be set when using `sts_region`.
|
339
|
-
:param pulumi.Input[bool] use_sts_region_from_client: Available in Vault v1.15+. If set,
|
424
|
+
:param pulumi.Input[builtins.bool] use_sts_region_from_client: Available in Vault v1.15+. If set,
|
340
425
|
overrides both `sts_endpoint` and `sts_region` to instead use the region
|
341
426
|
specified in the client request headers for IAM-based authentication.
|
342
427
|
This can be useful when you have client requests coming from different
|
@@ -346,6 +431,8 @@ class _AuthBackendClientState:
|
|
346
431
|
pulumi.set(__self__, "access_key", access_key)
|
347
432
|
if backend is not None:
|
348
433
|
pulumi.set(__self__, "backend", backend)
|
434
|
+
if disable_automated_rotation is not None:
|
435
|
+
pulumi.set(__self__, "disable_automated_rotation", disable_automated_rotation)
|
349
436
|
if ec2_endpoint is not None:
|
350
437
|
pulumi.set(__self__, "ec2_endpoint", ec2_endpoint)
|
351
438
|
if iam_endpoint is not None:
|
@@ -362,6 +449,12 @@ class _AuthBackendClientState:
|
|
362
449
|
pulumi.set(__self__, "namespace", namespace)
|
363
450
|
if role_arn is not None:
|
364
451
|
pulumi.set(__self__, "role_arn", role_arn)
|
452
|
+
if rotation_period is not None:
|
453
|
+
pulumi.set(__self__, "rotation_period", rotation_period)
|
454
|
+
if rotation_schedule is not None:
|
455
|
+
pulumi.set(__self__, "rotation_schedule", rotation_schedule)
|
456
|
+
if rotation_window is not None:
|
457
|
+
pulumi.set(__self__, "rotation_window", rotation_window)
|
365
458
|
if secret_key is not None:
|
366
459
|
pulumi.set(__self__, "secret_key", secret_key)
|
367
460
|
if sts_endpoint is not None:
|
@@ -373,7 +466,7 @@ class _AuthBackendClientState:
|
|
373
466
|
|
374
467
|
@property
|
375
468
|
@pulumi.getter(name="accessKey")
|
376
|
-
def access_key(self) -> Optional[pulumi.Input[str]]:
|
469
|
+
def access_key(self) -> Optional[pulumi.Input[builtins.str]]:
|
377
470
|
"""
|
378
471
|
The AWS access key that Vault should use for the
|
379
472
|
auth backend. Mutually exclusive with `identity_token_audience`.
|
@@ -381,12 +474,12 @@ class _AuthBackendClientState:
|
|
381
474
|
return pulumi.get(self, "access_key")
|
382
475
|
|
383
476
|
@access_key.setter
|
384
|
-
def access_key(self, value: Optional[pulumi.Input[str]]):
|
477
|
+
def access_key(self, value: Optional[pulumi.Input[builtins.str]]):
|
385
478
|
pulumi.set(self, "access_key", value)
|
386
479
|
|
387
480
|
@property
|
388
481
|
@pulumi.getter
|
389
|
-
def backend(self) -> Optional[pulumi.Input[str]]:
|
482
|
+
def backend(self) -> Optional[pulumi.Input[builtins.str]]:
|
390
483
|
"""
|
391
484
|
The path the AWS auth backend being configured was
|
392
485
|
mounted at. Defaults to `aws`.
|
@@ -394,12 +487,24 @@ class _AuthBackendClientState:
|
|
394
487
|
return pulumi.get(self, "backend")
|
395
488
|
|
396
489
|
@backend.setter
|
397
|
-
def backend(self, value: Optional[pulumi.Input[str]]):
|
490
|
+
def backend(self, value: Optional[pulumi.Input[builtins.str]]):
|
398
491
|
pulumi.set(self, "backend", value)
|
399
492
|
|
493
|
+
@property
|
494
|
+
@pulumi.getter(name="disableAutomatedRotation")
|
495
|
+
def disable_automated_rotation(self) -> Optional[pulumi.Input[builtins.bool]]:
|
496
|
+
"""
|
497
|
+
Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
498
|
+
"""
|
499
|
+
return pulumi.get(self, "disable_automated_rotation")
|
500
|
+
|
501
|
+
@disable_automated_rotation.setter
|
502
|
+
def disable_automated_rotation(self, value: Optional[pulumi.Input[builtins.bool]]):
|
503
|
+
pulumi.set(self, "disable_automated_rotation", value)
|
504
|
+
|
400
505
|
@property
|
401
506
|
@pulumi.getter(name="ec2Endpoint")
|
402
|
-
def ec2_endpoint(self) -> Optional[pulumi.Input[str]]:
|
507
|
+
def ec2_endpoint(self) -> Optional[pulumi.Input[builtins.str]]:
|
403
508
|
"""
|
404
509
|
Override the URL Vault uses when making EC2 API
|
405
510
|
calls.
|
@@ -407,12 +512,12 @@ class _AuthBackendClientState:
|
|
407
512
|
return pulumi.get(self, "ec2_endpoint")
|
408
513
|
|
409
514
|
@ec2_endpoint.setter
|
410
|
-
def ec2_endpoint(self, value: Optional[pulumi.Input[str]]):
|
515
|
+
def ec2_endpoint(self, value: Optional[pulumi.Input[builtins.str]]):
|
411
516
|
pulumi.set(self, "ec2_endpoint", value)
|
412
517
|
|
413
518
|
@property
|
414
519
|
@pulumi.getter(name="iamEndpoint")
|
415
|
-
def iam_endpoint(self) -> Optional[pulumi.Input[str]]:
|
520
|
+
def iam_endpoint(self) -> Optional[pulumi.Input[builtins.str]]:
|
416
521
|
"""
|
417
522
|
Override the URL Vault uses when making IAM API
|
418
523
|
calls.
|
@@ -420,12 +525,12 @@ class _AuthBackendClientState:
|
|
420
525
|
return pulumi.get(self, "iam_endpoint")
|
421
526
|
|
422
527
|
@iam_endpoint.setter
|
423
|
-
def iam_endpoint(self, value: Optional[pulumi.Input[str]]):
|
528
|
+
def iam_endpoint(self, value: Optional[pulumi.Input[builtins.str]]):
|
424
529
|
pulumi.set(self, "iam_endpoint", value)
|
425
530
|
|
426
531
|
@property
|
427
532
|
@pulumi.getter(name="iamServerIdHeaderValue")
|
428
|
-
def iam_server_id_header_value(self) -> Optional[pulumi.Input[str]]:
|
533
|
+
def iam_server_id_header_value(self) -> Optional[pulumi.Input[builtins.str]]:
|
429
534
|
"""
|
430
535
|
The value to require in the
|
431
536
|
`X-Vault-AWS-IAM-Server-ID` header as part of `GetCallerIdentity` requests
|
@@ -434,12 +539,12 @@ class _AuthBackendClientState:
|
|
434
539
|
return pulumi.get(self, "iam_server_id_header_value")
|
435
540
|
|
436
541
|
@iam_server_id_header_value.setter
|
437
|
-
def iam_server_id_header_value(self, value: Optional[pulumi.Input[str]]):
|
542
|
+
def iam_server_id_header_value(self, value: Optional[pulumi.Input[builtins.str]]):
|
438
543
|
pulumi.set(self, "iam_server_id_header_value", value)
|
439
544
|
|
440
545
|
@property
|
441
546
|
@pulumi.getter(name="identityTokenAudience")
|
442
|
-
def identity_token_audience(self) -> Optional[pulumi.Input[str]]:
|
547
|
+
def identity_token_audience(self) -> Optional[pulumi.Input[builtins.str]]:
|
443
548
|
"""
|
444
549
|
The audience claim value. Mutually exclusive with `access_key`.
|
445
550
|
Requires Vault 1.17+. *Available only for Vault Enterprise*
|
@@ -447,12 +552,12 @@ class _AuthBackendClientState:
|
|
447
552
|
return pulumi.get(self, "identity_token_audience")
|
448
553
|
|
449
554
|
@identity_token_audience.setter
|
450
|
-
def identity_token_audience(self, value: Optional[pulumi.Input[str]]):
|
555
|
+
def identity_token_audience(self, value: Optional[pulumi.Input[builtins.str]]):
|
451
556
|
pulumi.set(self, "identity_token_audience", value)
|
452
557
|
|
453
558
|
@property
|
454
559
|
@pulumi.getter(name="identityTokenTtl")
|
455
|
-
def identity_token_ttl(self) -> Optional[pulumi.Input[int]]:
|
560
|
+
def identity_token_ttl(self) -> Optional[pulumi.Input[builtins.int]]:
|
456
561
|
"""
|
457
562
|
The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
|
458
563
|
*Available only for Vault Enterprise*
|
@@ -460,12 +565,12 @@ class _AuthBackendClientState:
|
|
460
565
|
return pulumi.get(self, "identity_token_ttl")
|
461
566
|
|
462
567
|
@identity_token_ttl.setter
|
463
|
-
def identity_token_ttl(self, value: Optional[pulumi.Input[int]]):
|
568
|
+
def identity_token_ttl(self, value: Optional[pulumi.Input[builtins.int]]):
|
464
569
|
pulumi.set(self, "identity_token_ttl", value)
|
465
570
|
|
466
571
|
@property
|
467
572
|
@pulumi.getter(name="maxRetries")
|
468
|
-
def max_retries(self) -> Optional[pulumi.Input[int]]:
|
573
|
+
def max_retries(self) -> Optional[pulumi.Input[builtins.int]]:
|
469
574
|
"""
|
470
575
|
Number of max retries the client should use for recoverable errors.
|
471
576
|
The default `-1` falls back to the AWS SDK's default behavior.
|
@@ -473,12 +578,12 @@ class _AuthBackendClientState:
|
|
473
578
|
return pulumi.get(self, "max_retries")
|
474
579
|
|
475
580
|
@max_retries.setter
|
476
|
-
def max_retries(self, value: Optional[pulumi.Input[int]]):
|
581
|
+
def max_retries(self, value: Optional[pulumi.Input[builtins.int]]):
|
477
582
|
pulumi.set(self, "max_retries", value)
|
478
583
|
|
479
584
|
@property
|
480
585
|
@pulumi.getter
|
481
|
-
def namespace(self) -> Optional[pulumi.Input[str]]:
|
586
|
+
def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
|
482
587
|
"""
|
483
588
|
The namespace to provision the resource in.
|
484
589
|
The value should not contain leading or trailing forward slashes.
|
@@ -488,12 +593,12 @@ class _AuthBackendClientState:
|
|
488
593
|
return pulumi.get(self, "namespace")
|
489
594
|
|
490
595
|
@namespace.setter
|
491
|
-
def namespace(self, value: Optional[pulumi.Input[str]]):
|
596
|
+
def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
|
492
597
|
pulumi.set(self, "namespace", value)
|
493
598
|
|
494
599
|
@property
|
495
600
|
@pulumi.getter(name="roleArn")
|
496
|
-
def role_arn(self) -> Optional[pulumi.Input[str]]:
|
601
|
+
def role_arn(self) -> Optional[pulumi.Input[builtins.str]]:
|
497
602
|
"""
|
498
603
|
Role ARN to assume for plugin identity token federation. Requires Vault 1.17+.
|
499
604
|
*Available only for Vault Enterprise*
|
@@ -501,12 +606,52 @@ class _AuthBackendClientState:
|
|
501
606
|
return pulumi.get(self, "role_arn")
|
502
607
|
|
503
608
|
@role_arn.setter
|
504
|
-
def role_arn(self, value: Optional[pulumi.Input[str]]):
|
609
|
+
def role_arn(self, value: Optional[pulumi.Input[builtins.str]]):
|
505
610
|
pulumi.set(self, "role_arn", value)
|
506
611
|
|
612
|
+
@property
|
613
|
+
@pulumi.getter(name="rotationPeriod")
|
614
|
+
def rotation_period(self) -> Optional[pulumi.Input[builtins.int]]:
|
615
|
+
"""
|
616
|
+
The amount of time in seconds Vault should wait before rotating the root credential.
|
617
|
+
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
618
|
+
"""
|
619
|
+
return pulumi.get(self, "rotation_period")
|
620
|
+
|
621
|
+
@rotation_period.setter
|
622
|
+
def rotation_period(self, value: Optional[pulumi.Input[builtins.int]]):
|
623
|
+
pulumi.set(self, "rotation_period", value)
|
624
|
+
|
625
|
+
@property
|
626
|
+
@pulumi.getter(name="rotationSchedule")
|
627
|
+
def rotation_schedule(self) -> Optional[pulumi.Input[builtins.str]]:
|
628
|
+
"""
|
629
|
+
The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
630
|
+
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
631
|
+
"""
|
632
|
+
return pulumi.get(self, "rotation_schedule")
|
633
|
+
|
634
|
+
@rotation_schedule.setter
|
635
|
+
def rotation_schedule(self, value: Optional[pulumi.Input[builtins.str]]):
|
636
|
+
pulumi.set(self, "rotation_schedule", value)
|
637
|
+
|
638
|
+
@property
|
639
|
+
@pulumi.getter(name="rotationWindow")
|
640
|
+
def rotation_window(self) -> Optional[pulumi.Input[builtins.int]]:
|
641
|
+
"""
|
642
|
+
The maximum amount of time in seconds allowed to complete
|
643
|
+
a rotation when a scheduled token rotation occurs. The default rotation window is
|
644
|
+
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
|
645
|
+
"""
|
646
|
+
return pulumi.get(self, "rotation_window")
|
647
|
+
|
648
|
+
@rotation_window.setter
|
649
|
+
def rotation_window(self, value: Optional[pulumi.Input[builtins.int]]):
|
650
|
+
pulumi.set(self, "rotation_window", value)
|
651
|
+
|
507
652
|
@property
|
508
653
|
@pulumi.getter(name="secretKey")
|
509
|
-
def secret_key(self) -> Optional[pulumi.Input[str]]:
|
654
|
+
def secret_key(self) -> Optional[pulumi.Input[builtins.str]]:
|
510
655
|
"""
|
511
656
|
The AWS secret key that Vault should use for the
|
512
657
|
auth backend.
|
@@ -514,12 +659,12 @@ class _AuthBackendClientState:
|
|
514
659
|
return pulumi.get(self, "secret_key")
|
515
660
|
|
516
661
|
@secret_key.setter
|
517
|
-
def secret_key(self, value: Optional[pulumi.Input[str]]):
|
662
|
+
def secret_key(self, value: Optional[pulumi.Input[builtins.str]]):
|
518
663
|
pulumi.set(self, "secret_key", value)
|
519
664
|
|
520
665
|
@property
|
521
666
|
@pulumi.getter(name="stsEndpoint")
|
522
|
-
def sts_endpoint(self) -> Optional[pulumi.Input[str]]:
|
667
|
+
def sts_endpoint(self) -> Optional[pulumi.Input[builtins.str]]:
|
523
668
|
"""
|
524
669
|
Override the URL Vault uses when making STS API
|
525
670
|
calls.
|
@@ -527,12 +672,12 @@ class _AuthBackendClientState:
|
|
527
672
|
return pulumi.get(self, "sts_endpoint")
|
528
673
|
|
529
674
|
@sts_endpoint.setter
|
530
|
-
def sts_endpoint(self, value: Optional[pulumi.Input[str]]):
|
675
|
+
def sts_endpoint(self, value: Optional[pulumi.Input[builtins.str]]):
|
531
676
|
pulumi.set(self, "sts_endpoint", value)
|
532
677
|
|
533
678
|
@property
|
534
679
|
@pulumi.getter(name="stsRegion")
|
535
|
-
def sts_region(self) -> Optional[pulumi.Input[str]]:
|
680
|
+
def sts_region(self) -> Optional[pulumi.Input[builtins.str]]:
|
536
681
|
"""
|
537
682
|
Override the default region when making STS API
|
538
683
|
calls. The `sts_endpoint` argument must be set when using `sts_region`.
|
@@ -540,12 +685,12 @@ class _AuthBackendClientState:
|
|
540
685
|
return pulumi.get(self, "sts_region")
|
541
686
|
|
542
687
|
@sts_region.setter
|
543
|
-
def sts_region(self, value: Optional[pulumi.Input[str]]):
|
688
|
+
def sts_region(self, value: Optional[pulumi.Input[builtins.str]]):
|
544
689
|
pulumi.set(self, "sts_region", value)
|
545
690
|
|
546
691
|
@property
|
547
692
|
@pulumi.getter(name="useStsRegionFromClient")
|
548
|
-
def use_sts_region_from_client(self) -> Optional[pulumi.Input[bool]]:
|
693
|
+
def use_sts_region_from_client(self) -> Optional[pulumi.Input[builtins.bool]]:
|
549
694
|
"""
|
550
695
|
Available in Vault v1.15+. If set,
|
551
696
|
overrides both `sts_endpoint` and `sts_region` to instead use the region
|
@@ -556,7 +701,7 @@ class _AuthBackendClientState:
|
|
556
701
|
return pulumi.get(self, "use_sts_region_from_client")
|
557
702
|
|
558
703
|
@use_sts_region_from_client.setter
|
559
|
-
def use_sts_region_from_client(self, value: Optional[pulumi.Input[bool]]):
|
704
|
+
def use_sts_region_from_client(self, value: Optional[pulumi.Input[builtins.bool]]):
|
560
705
|
pulumi.set(self, "use_sts_region_from_client", value)
|
561
706
|
|
562
707
|
|
@@ -565,20 +710,24 @@ class AuthBackendClient(pulumi.CustomResource):
|
|
565
710
|
def __init__(__self__,
|
566
711
|
resource_name: str,
|
567
712
|
opts: Optional[pulumi.ResourceOptions] = None,
|
568
|
-
access_key: Optional[pulumi.Input[str]] = None,
|
569
|
-
backend: Optional[pulumi.Input[str]] = None,
|
570
|
-
|
571
|
-
|
572
|
-
|
573
|
-
|
574
|
-
|
575
|
-
|
576
|
-
|
577
|
-
|
578
|
-
|
579
|
-
|
580
|
-
|
581
|
-
|
713
|
+
access_key: Optional[pulumi.Input[builtins.str]] = None,
|
714
|
+
backend: Optional[pulumi.Input[builtins.str]] = None,
|
715
|
+
disable_automated_rotation: Optional[pulumi.Input[builtins.bool]] = None,
|
716
|
+
ec2_endpoint: Optional[pulumi.Input[builtins.str]] = None,
|
717
|
+
iam_endpoint: Optional[pulumi.Input[builtins.str]] = None,
|
718
|
+
iam_server_id_header_value: Optional[pulumi.Input[builtins.str]] = None,
|
719
|
+
identity_token_audience: Optional[pulumi.Input[builtins.str]] = None,
|
720
|
+
identity_token_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
721
|
+
max_retries: Optional[pulumi.Input[builtins.int]] = None,
|
722
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
723
|
+
role_arn: Optional[pulumi.Input[builtins.str]] = None,
|
724
|
+
rotation_period: Optional[pulumi.Input[builtins.int]] = None,
|
725
|
+
rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
|
726
|
+
rotation_window: Optional[pulumi.Input[builtins.int]] = None,
|
727
|
+
secret_key: Optional[pulumi.Input[builtins.str]] = None,
|
728
|
+
sts_endpoint: Optional[pulumi.Input[builtins.str]] = None,
|
729
|
+
sts_region: Optional[pulumi.Input[builtins.str]] = None,
|
730
|
+
use_sts_region_from_client: Optional[pulumi.Input[builtins.bool]] = None,
|
582
731
|
__props__=None):
|
583
732
|
"""
|
584
733
|
## Example Usage
|
@@ -592,7 +741,9 @@ class AuthBackendClient(pulumi.CustomResource):
|
|
592
741
|
example_auth_backend_client = vault.aws.AuthBackendClient("example",
|
593
742
|
identity_token_audience="<TOKEN_AUDIENCE>",
|
594
743
|
identity_token_ttl="<TOKEN_TTL>",
|
595
|
-
role_arn="<AWS_ROLE_ARN>"
|
744
|
+
role_arn="<AWS_ROLE_ARN>",
|
745
|
+
rotation_schedule="0 * * * SAT",
|
746
|
+
rotation_window=3600)
|
596
747
|
```
|
597
748
|
|
598
749
|
```python
|
@@ -603,7 +754,9 @@ class AuthBackendClient(pulumi.CustomResource):
|
|
603
754
|
example_auth_backend_client = vault.aws.AuthBackendClient("example",
|
604
755
|
backend=example.path,
|
605
756
|
access_key="INSERT_AWS_ACCESS_KEY",
|
606
|
-
secret_key="INSERT_AWS_SECRET_KEY"
|
757
|
+
secret_key="INSERT_AWS_SECRET_KEY",
|
758
|
+
rotation_schedule="0 * * * SAT",
|
759
|
+
rotation_window=3600)
|
607
760
|
```
|
608
761
|
|
609
762
|
## Import
|
@@ -616,36 +769,44 @@ class AuthBackendClient(pulumi.CustomResource):
|
|
616
769
|
|
617
770
|
:param str resource_name: The name of the resource.
|
618
771
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
619
|
-
:param pulumi.Input[str] access_key: The AWS access key that Vault should use for the
|
772
|
+
:param pulumi.Input[builtins.str] access_key: The AWS access key that Vault should use for the
|
620
773
|
auth backend. Mutually exclusive with `identity_token_audience`.
|
621
|
-
:param pulumi.Input[str] backend: The path the AWS auth backend being configured was
|
774
|
+
:param pulumi.Input[builtins.str] backend: The path the AWS auth backend being configured was
|
622
775
|
mounted at. Defaults to `aws`.
|
623
|
-
:param pulumi.Input[
|
776
|
+
:param pulumi.Input[builtins.bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
777
|
+
:param pulumi.Input[builtins.str] ec2_endpoint: Override the URL Vault uses when making EC2 API
|
624
778
|
calls.
|
625
|
-
:param pulumi.Input[str] iam_endpoint: Override the URL Vault uses when making IAM API
|
779
|
+
:param pulumi.Input[builtins.str] iam_endpoint: Override the URL Vault uses when making IAM API
|
626
780
|
calls.
|
627
|
-
:param pulumi.Input[str] iam_server_id_header_value: The value to require in the
|
781
|
+
:param pulumi.Input[builtins.str] iam_server_id_header_value: The value to require in the
|
628
782
|
`X-Vault-AWS-IAM-Server-ID` header as part of `GetCallerIdentity` requests
|
629
783
|
that are used in the IAM auth method.
|
630
|
-
:param pulumi.Input[str] identity_token_audience: The audience claim value. Mutually exclusive with `access_key`.
|
784
|
+
:param pulumi.Input[builtins.str] identity_token_audience: The audience claim value. Mutually exclusive with `access_key`.
|
631
785
|
Requires Vault 1.17+. *Available only for Vault Enterprise*
|
632
|
-
:param pulumi.Input[int] identity_token_ttl: The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
|
786
|
+
:param pulumi.Input[builtins.int] identity_token_ttl: The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
|
633
787
|
*Available only for Vault Enterprise*
|
634
|
-
:param pulumi.Input[int] max_retries: Number of max retries the client should use for recoverable errors.
|
788
|
+
:param pulumi.Input[builtins.int] max_retries: Number of max retries the client should use for recoverable errors.
|
635
789
|
The default `-1` falls back to the AWS SDK's default behavior.
|
636
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
790
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
637
791
|
The value should not contain leading or trailing forward slashes.
|
638
792
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
639
793
|
*Available only for Vault Enterprise*.
|
640
|
-
:param pulumi.Input[str] role_arn: Role ARN to assume for plugin identity token federation. Requires Vault 1.17+.
|
794
|
+
:param pulumi.Input[builtins.str] role_arn: Role ARN to assume for plugin identity token federation. Requires Vault 1.17+.
|
641
795
|
*Available only for Vault Enterprise*
|
642
|
-
:param pulumi.Input[
|
796
|
+
:param pulumi.Input[builtins.int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
|
797
|
+
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
798
|
+
:param pulumi.Input[builtins.str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
799
|
+
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
800
|
+
:param pulumi.Input[builtins.int] rotation_window: The maximum amount of time in seconds allowed to complete
|
801
|
+
a rotation when a scheduled token rotation occurs. The default rotation window is
|
802
|
+
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
|
803
|
+
:param pulumi.Input[builtins.str] secret_key: The AWS secret key that Vault should use for the
|
643
804
|
auth backend.
|
644
|
-
:param pulumi.Input[str] sts_endpoint: Override the URL Vault uses when making STS API
|
805
|
+
:param pulumi.Input[builtins.str] sts_endpoint: Override the URL Vault uses when making STS API
|
645
806
|
calls.
|
646
|
-
:param pulumi.Input[str] sts_region: Override the default region when making STS API
|
807
|
+
:param pulumi.Input[builtins.str] sts_region: Override the default region when making STS API
|
647
808
|
calls. The `sts_endpoint` argument must be set when using `sts_region`.
|
648
|
-
:param pulumi.Input[bool] use_sts_region_from_client: Available in Vault v1.15+. If set,
|
809
|
+
:param pulumi.Input[builtins.bool] use_sts_region_from_client: Available in Vault v1.15+. If set,
|
649
810
|
overrides both `sts_endpoint` and `sts_region` to instead use the region
|
650
811
|
specified in the client request headers for IAM-based authentication.
|
651
812
|
This can be useful when you have client requests coming from different
|
@@ -669,7 +830,9 @@ class AuthBackendClient(pulumi.CustomResource):
|
|
669
830
|
example_auth_backend_client = vault.aws.AuthBackendClient("example",
|
670
831
|
identity_token_audience="<TOKEN_AUDIENCE>",
|
671
832
|
identity_token_ttl="<TOKEN_TTL>",
|
672
|
-
role_arn="<AWS_ROLE_ARN>"
|
833
|
+
role_arn="<AWS_ROLE_ARN>",
|
834
|
+
rotation_schedule="0 * * * SAT",
|
835
|
+
rotation_window=3600)
|
673
836
|
```
|
674
837
|
|
675
838
|
```python
|
@@ -680,7 +843,9 @@ class AuthBackendClient(pulumi.CustomResource):
|
|
680
843
|
example_auth_backend_client = vault.aws.AuthBackendClient("example",
|
681
844
|
backend=example.path,
|
682
845
|
access_key="INSERT_AWS_ACCESS_KEY",
|
683
|
-
secret_key="INSERT_AWS_SECRET_KEY"
|
846
|
+
secret_key="INSERT_AWS_SECRET_KEY",
|
847
|
+
rotation_schedule="0 * * * SAT",
|
848
|
+
rotation_window=3600)
|
684
849
|
```
|
685
850
|
|
686
851
|
## Import
|
@@ -706,20 +871,24 @@ class AuthBackendClient(pulumi.CustomResource):
|
|
706
871
|
def _internal_init(__self__,
|
707
872
|
resource_name: str,
|
708
873
|
opts: Optional[pulumi.ResourceOptions] = None,
|
709
|
-
access_key: Optional[pulumi.Input[str]] = None,
|
710
|
-
backend: Optional[pulumi.Input[str]] = None,
|
711
|
-
|
712
|
-
|
713
|
-
|
714
|
-
|
715
|
-
|
716
|
-
|
717
|
-
|
718
|
-
|
719
|
-
|
720
|
-
|
721
|
-
|
722
|
-
|
874
|
+
access_key: Optional[pulumi.Input[builtins.str]] = None,
|
875
|
+
backend: Optional[pulumi.Input[builtins.str]] = None,
|
876
|
+
disable_automated_rotation: Optional[pulumi.Input[builtins.bool]] = None,
|
877
|
+
ec2_endpoint: Optional[pulumi.Input[builtins.str]] = None,
|
878
|
+
iam_endpoint: Optional[pulumi.Input[builtins.str]] = None,
|
879
|
+
iam_server_id_header_value: Optional[pulumi.Input[builtins.str]] = None,
|
880
|
+
identity_token_audience: Optional[pulumi.Input[builtins.str]] = None,
|
881
|
+
identity_token_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
882
|
+
max_retries: Optional[pulumi.Input[builtins.int]] = None,
|
883
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
884
|
+
role_arn: Optional[pulumi.Input[builtins.str]] = None,
|
885
|
+
rotation_period: Optional[pulumi.Input[builtins.int]] = None,
|
886
|
+
rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
|
887
|
+
rotation_window: Optional[pulumi.Input[builtins.int]] = None,
|
888
|
+
secret_key: Optional[pulumi.Input[builtins.str]] = None,
|
889
|
+
sts_endpoint: Optional[pulumi.Input[builtins.str]] = None,
|
890
|
+
sts_region: Optional[pulumi.Input[builtins.str]] = None,
|
891
|
+
use_sts_region_from_client: Optional[pulumi.Input[builtins.bool]] = None,
|
723
892
|
__props__=None):
|
724
893
|
opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
|
725
894
|
if not isinstance(opts, pulumi.ResourceOptions):
|
@@ -731,6 +900,7 @@ class AuthBackendClient(pulumi.CustomResource):
|
|
731
900
|
|
732
901
|
__props__.__dict__["access_key"] = None if access_key is None else pulumi.Output.secret(access_key)
|
733
902
|
__props__.__dict__["backend"] = backend
|
903
|
+
__props__.__dict__["disable_automated_rotation"] = disable_automated_rotation
|
734
904
|
__props__.__dict__["ec2_endpoint"] = ec2_endpoint
|
735
905
|
__props__.__dict__["iam_endpoint"] = iam_endpoint
|
736
906
|
__props__.__dict__["iam_server_id_header_value"] = iam_server_id_header_value
|
@@ -739,6 +909,9 @@ class AuthBackendClient(pulumi.CustomResource):
|
|
739
909
|
__props__.__dict__["max_retries"] = max_retries
|
740
910
|
__props__.__dict__["namespace"] = namespace
|
741
911
|
__props__.__dict__["role_arn"] = role_arn
|
912
|
+
__props__.__dict__["rotation_period"] = rotation_period
|
913
|
+
__props__.__dict__["rotation_schedule"] = rotation_schedule
|
914
|
+
__props__.__dict__["rotation_window"] = rotation_window
|
742
915
|
__props__.__dict__["secret_key"] = None if secret_key is None else pulumi.Output.secret(secret_key)
|
743
916
|
__props__.__dict__["sts_endpoint"] = sts_endpoint
|
744
917
|
__props__.__dict__["sts_region"] = sts_region
|
@@ -755,20 +928,24 @@ class AuthBackendClient(pulumi.CustomResource):
|
|
755
928
|
def get(resource_name: str,
|
756
929
|
id: pulumi.Input[str],
|
757
930
|
opts: Optional[pulumi.ResourceOptions] = None,
|
758
|
-
access_key: Optional[pulumi.Input[str]] = None,
|
759
|
-
backend: Optional[pulumi.Input[str]] = None,
|
760
|
-
|
761
|
-
|
762
|
-
|
763
|
-
|
764
|
-
|
765
|
-
|
766
|
-
|
767
|
-
|
768
|
-
|
769
|
-
|
770
|
-
|
771
|
-
|
931
|
+
access_key: Optional[pulumi.Input[builtins.str]] = None,
|
932
|
+
backend: Optional[pulumi.Input[builtins.str]] = None,
|
933
|
+
disable_automated_rotation: Optional[pulumi.Input[builtins.bool]] = None,
|
934
|
+
ec2_endpoint: Optional[pulumi.Input[builtins.str]] = None,
|
935
|
+
iam_endpoint: Optional[pulumi.Input[builtins.str]] = None,
|
936
|
+
iam_server_id_header_value: Optional[pulumi.Input[builtins.str]] = None,
|
937
|
+
identity_token_audience: Optional[pulumi.Input[builtins.str]] = None,
|
938
|
+
identity_token_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
939
|
+
max_retries: Optional[pulumi.Input[builtins.int]] = None,
|
940
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
941
|
+
role_arn: Optional[pulumi.Input[builtins.str]] = None,
|
942
|
+
rotation_period: Optional[pulumi.Input[builtins.int]] = None,
|
943
|
+
rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
|
944
|
+
rotation_window: Optional[pulumi.Input[builtins.int]] = None,
|
945
|
+
secret_key: Optional[pulumi.Input[builtins.str]] = None,
|
946
|
+
sts_endpoint: Optional[pulumi.Input[builtins.str]] = None,
|
947
|
+
sts_region: Optional[pulumi.Input[builtins.str]] = None,
|
948
|
+
use_sts_region_from_client: Optional[pulumi.Input[builtins.bool]] = None) -> 'AuthBackendClient':
|
772
949
|
"""
|
773
950
|
Get an existing AuthBackendClient resource's state with the given name, id, and optional extra
|
774
951
|
properties used to qualify the lookup.
|
@@ -776,36 +953,44 @@ class AuthBackendClient(pulumi.CustomResource):
|
|
776
953
|
:param str resource_name: The unique name of the resulting resource.
|
777
954
|
:param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
|
778
955
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
779
|
-
:param pulumi.Input[str] access_key: The AWS access key that Vault should use for the
|
956
|
+
:param pulumi.Input[builtins.str] access_key: The AWS access key that Vault should use for the
|
780
957
|
auth backend. Mutually exclusive with `identity_token_audience`.
|
781
|
-
:param pulumi.Input[str] backend: The path the AWS auth backend being configured was
|
958
|
+
:param pulumi.Input[builtins.str] backend: The path the AWS auth backend being configured was
|
782
959
|
mounted at. Defaults to `aws`.
|
783
|
-
:param pulumi.Input[
|
960
|
+
:param pulumi.Input[builtins.bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
961
|
+
:param pulumi.Input[builtins.str] ec2_endpoint: Override the URL Vault uses when making EC2 API
|
784
962
|
calls.
|
785
|
-
:param pulumi.Input[str] iam_endpoint: Override the URL Vault uses when making IAM API
|
963
|
+
:param pulumi.Input[builtins.str] iam_endpoint: Override the URL Vault uses when making IAM API
|
786
964
|
calls.
|
787
|
-
:param pulumi.Input[str] iam_server_id_header_value: The value to require in the
|
965
|
+
:param pulumi.Input[builtins.str] iam_server_id_header_value: The value to require in the
|
788
966
|
`X-Vault-AWS-IAM-Server-ID` header as part of `GetCallerIdentity` requests
|
789
967
|
that are used in the IAM auth method.
|
790
|
-
:param pulumi.Input[str] identity_token_audience: The audience claim value. Mutually exclusive with `access_key`.
|
968
|
+
:param pulumi.Input[builtins.str] identity_token_audience: The audience claim value. Mutually exclusive with `access_key`.
|
791
969
|
Requires Vault 1.17+. *Available only for Vault Enterprise*
|
792
|
-
:param pulumi.Input[int] identity_token_ttl: The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
|
970
|
+
:param pulumi.Input[builtins.int] identity_token_ttl: The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
|
793
971
|
*Available only for Vault Enterprise*
|
794
|
-
:param pulumi.Input[int] max_retries: Number of max retries the client should use for recoverable errors.
|
972
|
+
:param pulumi.Input[builtins.int] max_retries: Number of max retries the client should use for recoverable errors.
|
795
973
|
The default `-1` falls back to the AWS SDK's default behavior.
|
796
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
974
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
797
975
|
The value should not contain leading or trailing forward slashes.
|
798
976
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
799
977
|
*Available only for Vault Enterprise*.
|
800
|
-
:param pulumi.Input[str] role_arn: Role ARN to assume for plugin identity token federation. Requires Vault 1.17+.
|
978
|
+
:param pulumi.Input[builtins.str] role_arn: Role ARN to assume for plugin identity token federation. Requires Vault 1.17+.
|
801
979
|
*Available only for Vault Enterprise*
|
802
|
-
:param pulumi.Input[
|
980
|
+
:param pulumi.Input[builtins.int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
|
981
|
+
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
982
|
+
:param pulumi.Input[builtins.str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
983
|
+
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
984
|
+
:param pulumi.Input[builtins.int] rotation_window: The maximum amount of time in seconds allowed to complete
|
985
|
+
a rotation when a scheduled token rotation occurs. The default rotation window is
|
986
|
+
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
|
987
|
+
:param pulumi.Input[builtins.str] secret_key: The AWS secret key that Vault should use for the
|
803
988
|
auth backend.
|
804
|
-
:param pulumi.Input[str] sts_endpoint: Override the URL Vault uses when making STS API
|
989
|
+
:param pulumi.Input[builtins.str] sts_endpoint: Override the URL Vault uses when making STS API
|
805
990
|
calls.
|
806
|
-
:param pulumi.Input[str] sts_region: Override the default region when making STS API
|
991
|
+
:param pulumi.Input[builtins.str] sts_region: Override the default region when making STS API
|
807
992
|
calls. The `sts_endpoint` argument must be set when using `sts_region`.
|
808
|
-
:param pulumi.Input[bool] use_sts_region_from_client: Available in Vault v1.15+. If set,
|
993
|
+
:param pulumi.Input[builtins.bool] use_sts_region_from_client: Available in Vault v1.15+. If set,
|
809
994
|
overrides both `sts_endpoint` and `sts_region` to instead use the region
|
810
995
|
specified in the client request headers for IAM-based authentication.
|
811
996
|
This can be useful when you have client requests coming from different
|
@@ -817,6 +1002,7 @@ class AuthBackendClient(pulumi.CustomResource):
|
|
817
1002
|
|
818
1003
|
__props__.__dict__["access_key"] = access_key
|
819
1004
|
__props__.__dict__["backend"] = backend
|
1005
|
+
__props__.__dict__["disable_automated_rotation"] = disable_automated_rotation
|
820
1006
|
__props__.__dict__["ec2_endpoint"] = ec2_endpoint
|
821
1007
|
__props__.__dict__["iam_endpoint"] = iam_endpoint
|
822
1008
|
__props__.__dict__["iam_server_id_header_value"] = iam_server_id_header_value
|
@@ -825,6 +1011,9 @@ class AuthBackendClient(pulumi.CustomResource):
|
|
825
1011
|
__props__.__dict__["max_retries"] = max_retries
|
826
1012
|
__props__.__dict__["namespace"] = namespace
|
827
1013
|
__props__.__dict__["role_arn"] = role_arn
|
1014
|
+
__props__.__dict__["rotation_period"] = rotation_period
|
1015
|
+
__props__.__dict__["rotation_schedule"] = rotation_schedule
|
1016
|
+
__props__.__dict__["rotation_window"] = rotation_window
|
828
1017
|
__props__.__dict__["secret_key"] = secret_key
|
829
1018
|
__props__.__dict__["sts_endpoint"] = sts_endpoint
|
830
1019
|
__props__.__dict__["sts_region"] = sts_region
|
@@ -833,7 +1022,7 @@ class AuthBackendClient(pulumi.CustomResource):
|
|
833
1022
|
|
834
1023
|
@property
|
835
1024
|
@pulumi.getter(name="accessKey")
|
836
|
-
def access_key(self) -> pulumi.Output[Optional[str]]:
|
1025
|
+
def access_key(self) -> pulumi.Output[Optional[builtins.str]]:
|
837
1026
|
"""
|
838
1027
|
The AWS access key that Vault should use for the
|
839
1028
|
auth backend. Mutually exclusive with `identity_token_audience`.
|
@@ -842,16 +1031,24 @@ class AuthBackendClient(pulumi.CustomResource):
|
|
842
1031
|
|
843
1032
|
@property
|
844
1033
|
@pulumi.getter
|
845
|
-
def backend(self) -> pulumi.Output[Optional[str]]:
|
1034
|
+
def backend(self) -> pulumi.Output[Optional[builtins.str]]:
|
846
1035
|
"""
|
847
1036
|
The path the AWS auth backend being configured was
|
848
1037
|
mounted at. Defaults to `aws`.
|
849
1038
|
"""
|
850
1039
|
return pulumi.get(self, "backend")
|
851
1040
|
|
1041
|
+
@property
|
1042
|
+
@pulumi.getter(name="disableAutomatedRotation")
|
1043
|
+
def disable_automated_rotation(self) -> pulumi.Output[Optional[builtins.bool]]:
|
1044
|
+
"""
|
1045
|
+
Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
1046
|
+
"""
|
1047
|
+
return pulumi.get(self, "disable_automated_rotation")
|
1048
|
+
|
852
1049
|
@property
|
853
1050
|
@pulumi.getter(name="ec2Endpoint")
|
854
|
-
def ec2_endpoint(self) -> pulumi.Output[Optional[str]]:
|
1051
|
+
def ec2_endpoint(self) -> pulumi.Output[Optional[builtins.str]]:
|
855
1052
|
"""
|
856
1053
|
Override the URL Vault uses when making EC2 API
|
857
1054
|
calls.
|
@@ -860,7 +1057,7 @@ class AuthBackendClient(pulumi.CustomResource):
|
|
860
1057
|
|
861
1058
|
@property
|
862
1059
|
@pulumi.getter(name="iamEndpoint")
|
863
|
-
def iam_endpoint(self) -> pulumi.Output[Optional[str]]:
|
1060
|
+
def iam_endpoint(self) -> pulumi.Output[Optional[builtins.str]]:
|
864
1061
|
"""
|
865
1062
|
Override the URL Vault uses when making IAM API
|
866
1063
|
calls.
|
@@ -869,7 +1066,7 @@ class AuthBackendClient(pulumi.CustomResource):
|
|
869
1066
|
|
870
1067
|
@property
|
871
1068
|
@pulumi.getter(name="iamServerIdHeaderValue")
|
872
|
-
def iam_server_id_header_value(self) -> pulumi.Output[Optional[str]]:
|
1069
|
+
def iam_server_id_header_value(self) -> pulumi.Output[Optional[builtins.str]]:
|
873
1070
|
"""
|
874
1071
|
The value to require in the
|
875
1072
|
`X-Vault-AWS-IAM-Server-ID` header as part of `GetCallerIdentity` requests
|
@@ -879,7 +1076,7 @@ class AuthBackendClient(pulumi.CustomResource):
|
|
879
1076
|
|
880
1077
|
@property
|
881
1078
|
@pulumi.getter(name="identityTokenAudience")
|
882
|
-
def identity_token_audience(self) -> pulumi.Output[Optional[str]]:
|
1079
|
+
def identity_token_audience(self) -> pulumi.Output[Optional[builtins.str]]:
|
883
1080
|
"""
|
884
1081
|
The audience claim value. Mutually exclusive with `access_key`.
|
885
1082
|
Requires Vault 1.17+. *Available only for Vault Enterprise*
|
@@ -888,7 +1085,7 @@ class AuthBackendClient(pulumi.CustomResource):
|
|
888
1085
|
|
889
1086
|
@property
|
890
1087
|
@pulumi.getter(name="identityTokenTtl")
|
891
|
-
def identity_token_ttl(self) -> pulumi.Output[int]:
|
1088
|
+
def identity_token_ttl(self) -> pulumi.Output[builtins.int]:
|
892
1089
|
"""
|
893
1090
|
The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
|
894
1091
|
*Available only for Vault Enterprise*
|
@@ -897,7 +1094,7 @@ class AuthBackendClient(pulumi.CustomResource):
|
|
897
1094
|
|
898
1095
|
@property
|
899
1096
|
@pulumi.getter(name="maxRetries")
|
900
|
-
def max_retries(self) -> pulumi.Output[Optional[int]]:
|
1097
|
+
def max_retries(self) -> pulumi.Output[Optional[builtins.int]]:
|
901
1098
|
"""
|
902
1099
|
Number of max retries the client should use for recoverable errors.
|
903
1100
|
The default `-1` falls back to the AWS SDK's default behavior.
|
@@ -906,7 +1103,7 @@ class AuthBackendClient(pulumi.CustomResource):
|
|
906
1103
|
|
907
1104
|
@property
|
908
1105
|
@pulumi.getter
|
909
|
-
def namespace(self) -> pulumi.Output[Optional[str]]:
|
1106
|
+
def namespace(self) -> pulumi.Output[Optional[builtins.str]]:
|
910
1107
|
"""
|
911
1108
|
The namespace to provision the resource in.
|
912
1109
|
The value should not contain leading or trailing forward slashes.
|
@@ -917,16 +1114,44 @@ class AuthBackendClient(pulumi.CustomResource):
|
|
917
1114
|
|
918
1115
|
@property
|
919
1116
|
@pulumi.getter(name="roleArn")
|
920
|
-
def role_arn(self) -> pulumi.Output[Optional[str]]:
|
1117
|
+
def role_arn(self) -> pulumi.Output[Optional[builtins.str]]:
|
921
1118
|
"""
|
922
1119
|
Role ARN to assume for plugin identity token federation. Requires Vault 1.17+.
|
923
1120
|
*Available only for Vault Enterprise*
|
924
1121
|
"""
|
925
1122
|
return pulumi.get(self, "role_arn")
|
926
1123
|
|
1124
|
+
@property
|
1125
|
+
@pulumi.getter(name="rotationPeriod")
|
1126
|
+
def rotation_period(self) -> pulumi.Output[Optional[builtins.int]]:
|
1127
|
+
"""
|
1128
|
+
The amount of time in seconds Vault should wait before rotating the root credential.
|
1129
|
+
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
1130
|
+
"""
|
1131
|
+
return pulumi.get(self, "rotation_period")
|
1132
|
+
|
1133
|
+
@property
|
1134
|
+
@pulumi.getter(name="rotationSchedule")
|
1135
|
+
def rotation_schedule(self) -> pulumi.Output[Optional[builtins.str]]:
|
1136
|
+
"""
|
1137
|
+
The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
1138
|
+
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
1139
|
+
"""
|
1140
|
+
return pulumi.get(self, "rotation_schedule")
|
1141
|
+
|
1142
|
+
@property
|
1143
|
+
@pulumi.getter(name="rotationWindow")
|
1144
|
+
def rotation_window(self) -> pulumi.Output[Optional[builtins.int]]:
|
1145
|
+
"""
|
1146
|
+
The maximum amount of time in seconds allowed to complete
|
1147
|
+
a rotation when a scheduled token rotation occurs. The default rotation window is
|
1148
|
+
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
|
1149
|
+
"""
|
1150
|
+
return pulumi.get(self, "rotation_window")
|
1151
|
+
|
927
1152
|
@property
|
928
1153
|
@pulumi.getter(name="secretKey")
|
929
|
-
def secret_key(self) -> pulumi.Output[Optional[str]]:
|
1154
|
+
def secret_key(self) -> pulumi.Output[Optional[builtins.str]]:
|
930
1155
|
"""
|
931
1156
|
The AWS secret key that Vault should use for the
|
932
1157
|
auth backend.
|
@@ -935,7 +1160,7 @@ class AuthBackendClient(pulumi.CustomResource):
|
|
935
1160
|
|
936
1161
|
@property
|
937
1162
|
@pulumi.getter(name="stsEndpoint")
|
938
|
-
def sts_endpoint(self) -> pulumi.Output[Optional[str]]:
|
1163
|
+
def sts_endpoint(self) -> pulumi.Output[Optional[builtins.str]]:
|
939
1164
|
"""
|
940
1165
|
Override the URL Vault uses when making STS API
|
941
1166
|
calls.
|
@@ -944,7 +1169,7 @@ class AuthBackendClient(pulumi.CustomResource):
|
|
944
1169
|
|
945
1170
|
@property
|
946
1171
|
@pulumi.getter(name="stsRegion")
|
947
|
-
def sts_region(self) -> pulumi.Output[Optional[str]]:
|
1172
|
+
def sts_region(self) -> pulumi.Output[Optional[builtins.str]]:
|
948
1173
|
"""
|
949
1174
|
Override the default region when making STS API
|
950
1175
|
calls. The `sts_endpoint` argument must be set when using `sts_region`.
|
@@ -953,7 +1178,7 @@ class AuthBackendClient(pulumi.CustomResource):
|
|
953
1178
|
|
954
1179
|
@property
|
955
1180
|
@pulumi.getter(name="useStsRegionFromClient")
|
956
|
-
def use_sts_region_from_client(self) -> pulumi.Output[bool]:
|
1181
|
+
def use_sts_region_from_client(self) -> pulumi.Output[builtins.bool]:
|
957
1182
|
"""
|
958
1183
|
Available in Vault v1.15+. If set,
|
959
1184
|
overrides both `sts_endpoint` and `sts_region` to instead use the region
|