pulumi-vault 6.6.0a1741415971__py3-none-any.whl → 6.7.0__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +9 -0
- pulumi_vault/_inputs.py +583 -562
- pulumi_vault/ad/__init__.py +1 -0
- pulumi_vault/ad/get_access_credentials.py +20 -19
- pulumi_vault/ad/secret_backend.py +477 -476
- pulumi_vault/ad/secret_library.py +99 -98
- pulumi_vault/ad/secret_role.py +85 -84
- pulumi_vault/alicloud/__init__.py +1 -0
- pulumi_vault/alicloud/auth_backend_role.py +183 -182
- pulumi_vault/approle/__init__.py +1 -0
- pulumi_vault/approle/auth_backend_login.py +106 -105
- pulumi_vault/approle/auth_backend_role.py +239 -238
- pulumi_vault/approle/auth_backend_role_secret_id.py +162 -161
- pulumi_vault/approle/get_auth_backend_role_id.py +18 -17
- pulumi_vault/audit.py +85 -84
- pulumi_vault/audit_request_header.py +43 -42
- pulumi_vault/auth_backend.py +106 -105
- pulumi_vault/aws/__init__.py +1 -0
- pulumi_vault/aws/auth_backend_cert.py +71 -70
- pulumi_vault/aws/auth_backend_client.py +425 -200
- pulumi_vault/aws/auth_backend_config_identity.py +85 -84
- pulumi_vault/aws/auth_backend_identity_whitelist.py +57 -56
- pulumi_vault/aws/auth_backend_login.py +209 -208
- pulumi_vault/aws/auth_backend_role.py +400 -399
- pulumi_vault/aws/auth_backend_role_tag.py +127 -126
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +57 -56
- pulumi_vault/aws/auth_backend_sts_role.py +71 -70
- pulumi_vault/aws/get_access_credentials.py +44 -43
- pulumi_vault/aws/get_static_access_credentials.py +13 -12
- pulumi_vault/aws/secret_backend.py +523 -306
- pulumi_vault/aws/secret_backend_role.py +211 -210
- pulumi_vault/aws/secret_backend_static_role.py +288 -70
- pulumi_vault/azure/__init__.py +1 -0
- pulumi_vault/azure/_inputs.py +21 -20
- pulumi_vault/azure/auth_backend_config.py +383 -130
- pulumi_vault/azure/auth_backend_role.py +253 -252
- pulumi_vault/azure/backend.py +432 -186
- pulumi_vault/azure/backend_role.py +188 -140
- pulumi_vault/azure/get_access_credentials.py +58 -57
- pulumi_vault/azure/outputs.py +11 -10
- pulumi_vault/cert_auth_backend_role.py +365 -364
- pulumi_vault/config/__init__.py +1 -0
- pulumi_vault/config/__init__.pyi +1 -0
- pulumi_vault/config/_inputs.py +11 -10
- pulumi_vault/config/outputs.py +287 -286
- pulumi_vault/config/ui_custom_message.py +113 -112
- pulumi_vault/config/vars.py +1 -0
- pulumi_vault/consul/__init__.py +1 -0
- pulumi_vault/consul/secret_backend.py +197 -196
- pulumi_vault/consul/secret_backend_role.py +183 -182
- pulumi_vault/database/__init__.py +1 -0
- pulumi_vault/database/_inputs.py +3857 -2200
- pulumi_vault/database/outputs.py +2483 -1330
- pulumi_vault/database/secret_backend_connection.py +333 -112
- pulumi_vault/database/secret_backend_role.py +169 -168
- pulumi_vault/database/secret_backend_static_role.py +283 -140
- pulumi_vault/database/secrets_mount.py +275 -266
- pulumi_vault/egp_policy.py +71 -70
- pulumi_vault/gcp/__init__.py +1 -0
- pulumi_vault/gcp/_inputs.py +82 -81
- pulumi_vault/gcp/auth_backend.py +426 -205
- pulumi_vault/gcp/auth_backend_role.py +281 -280
- pulumi_vault/gcp/get_auth_backend_role.py +70 -69
- pulumi_vault/gcp/outputs.py +50 -49
- pulumi_vault/gcp/secret_backend.py +420 -179
- pulumi_vault/gcp/secret_impersonated_account.py +92 -91
- pulumi_vault/gcp/secret_roleset.py +92 -91
- pulumi_vault/gcp/secret_static_account.py +92 -91
- pulumi_vault/generic/__init__.py +1 -0
- pulumi_vault/generic/endpoint.py +113 -112
- pulumi_vault/generic/get_secret.py +28 -27
- pulumi_vault/generic/secret.py +78 -77
- pulumi_vault/get_auth_backend.py +19 -18
- pulumi_vault/get_auth_backends.py +14 -13
- pulumi_vault/get_namespace.py +15 -14
- pulumi_vault/get_namespaces.py +68 -18
- pulumi_vault/get_nomad_access_token.py +19 -18
- pulumi_vault/get_policy_document.py +6 -5
- pulumi_vault/get_raft_autopilot_state.py +18 -17
- pulumi_vault/github/__init__.py +1 -0
- pulumi_vault/github/_inputs.py +42 -41
- pulumi_vault/github/auth_backend.py +232 -231
- pulumi_vault/github/outputs.py +26 -25
- pulumi_vault/github/team.py +57 -56
- pulumi_vault/github/user.py +57 -56
- pulumi_vault/identity/__init__.py +1 -0
- pulumi_vault/identity/entity.py +85 -84
- pulumi_vault/identity/entity_alias.py +71 -70
- pulumi_vault/identity/entity_policies.py +64 -63
- pulumi_vault/identity/get_entity.py +43 -42
- pulumi_vault/identity/get_group.py +50 -49
- pulumi_vault/identity/get_oidc_client_creds.py +14 -13
- pulumi_vault/identity/get_oidc_openid_config.py +24 -23
- pulumi_vault/identity/get_oidc_public_keys.py +13 -12
- pulumi_vault/identity/group.py +141 -140
- pulumi_vault/identity/group_alias.py +57 -56
- pulumi_vault/identity/group_member_entity_ids.py +57 -56
- pulumi_vault/identity/group_member_group_ids.py +57 -56
- pulumi_vault/identity/group_policies.py +64 -63
- pulumi_vault/identity/mfa_duo.py +148 -147
- pulumi_vault/identity/mfa_login_enforcement.py +120 -119
- pulumi_vault/identity/mfa_okta.py +134 -133
- pulumi_vault/identity/mfa_pingid.py +127 -126
- pulumi_vault/identity/mfa_totp.py +176 -175
- pulumi_vault/identity/oidc.py +29 -28
- pulumi_vault/identity/oidc_assignment.py +57 -56
- pulumi_vault/identity/oidc_client.py +127 -126
- pulumi_vault/identity/oidc_key.py +85 -84
- pulumi_vault/identity/oidc_key_allowed_client_id.py +43 -42
- pulumi_vault/identity/oidc_provider.py +92 -91
- pulumi_vault/identity/oidc_role.py +85 -84
- pulumi_vault/identity/oidc_scope.py +57 -56
- pulumi_vault/identity/outputs.py +32 -31
- pulumi_vault/jwt/__init__.py +1 -0
- pulumi_vault/jwt/_inputs.py +42 -41
- pulumi_vault/jwt/auth_backend.py +288 -287
- pulumi_vault/jwt/auth_backend_role.py +407 -406
- pulumi_vault/jwt/outputs.py +26 -25
- pulumi_vault/kmip/__init__.py +1 -0
- pulumi_vault/kmip/secret_backend.py +183 -182
- pulumi_vault/kmip/secret_role.py +295 -294
- pulumi_vault/kmip/secret_scope.py +57 -56
- pulumi_vault/kubernetes/__init__.py +1 -0
- pulumi_vault/kubernetes/auth_backend_config.py +141 -140
- pulumi_vault/kubernetes/auth_backend_role.py +225 -224
- pulumi_vault/kubernetes/get_auth_backend_config.py +47 -46
- pulumi_vault/kubernetes/get_auth_backend_role.py +70 -69
- pulumi_vault/kubernetes/get_service_account_token.py +38 -37
- pulumi_vault/kubernetes/secret_backend.py +316 -315
- pulumi_vault/kubernetes/secret_backend_role.py +197 -196
- pulumi_vault/kv/__init__.py +1 -0
- pulumi_vault/kv/_inputs.py +21 -20
- pulumi_vault/kv/get_secret.py +17 -16
- pulumi_vault/kv/get_secret_subkeys_v2.py +30 -29
- pulumi_vault/kv/get_secret_v2.py +29 -28
- pulumi_vault/kv/get_secrets_list.py +13 -12
- pulumi_vault/kv/get_secrets_list_v2.py +19 -18
- pulumi_vault/kv/outputs.py +13 -12
- pulumi_vault/kv/secret.py +50 -49
- pulumi_vault/kv/secret_backend_v2.py +71 -70
- pulumi_vault/kv/secret_v2.py +134 -133
- pulumi_vault/ldap/__init__.py +1 -0
- pulumi_vault/ldap/auth_backend.py +754 -533
- pulumi_vault/ldap/auth_backend_group.py +57 -56
- pulumi_vault/ldap/auth_backend_user.py +71 -70
- pulumi_vault/ldap/get_dynamic_credentials.py +17 -16
- pulumi_vault/ldap/get_static_credentials.py +18 -17
- pulumi_vault/ldap/secret_backend.py +720 -499
- pulumi_vault/ldap/secret_backend_dynamic_role.py +127 -126
- pulumi_vault/ldap/secret_backend_library_set.py +99 -98
- pulumi_vault/ldap/secret_backend_static_role.py +99 -98
- pulumi_vault/managed/__init__.py +1 -0
- pulumi_vault/managed/_inputs.py +229 -228
- pulumi_vault/managed/keys.py +15 -14
- pulumi_vault/managed/outputs.py +139 -138
- pulumi_vault/mfa_duo.py +113 -112
- pulumi_vault/mfa_okta.py +113 -112
- pulumi_vault/mfa_pingid.py +120 -119
- pulumi_vault/mfa_totp.py +127 -126
- pulumi_vault/mongodbatlas/__init__.py +1 -0
- pulumi_vault/mongodbatlas/secret_backend.py +64 -63
- pulumi_vault/mongodbatlas/secret_role.py +155 -154
- pulumi_vault/mount.py +274 -273
- pulumi_vault/namespace.py +64 -63
- pulumi_vault/nomad_secret_backend.py +211 -210
- pulumi_vault/nomad_secret_role.py +85 -84
- pulumi_vault/okta/__init__.py +1 -0
- pulumi_vault/okta/_inputs.py +26 -25
- pulumi_vault/okta/auth_backend.py +274 -273
- pulumi_vault/okta/auth_backend_group.py +57 -56
- pulumi_vault/okta/auth_backend_user.py +71 -70
- pulumi_vault/okta/outputs.py +16 -15
- pulumi_vault/outputs.py +73 -60
- pulumi_vault/password_policy.py +43 -42
- pulumi_vault/pkisecret/__init__.py +3 -0
- pulumi_vault/pkisecret/_inputs.py +31 -36
- pulumi_vault/pkisecret/backend_acme_eab.py +92 -91
- pulumi_vault/pkisecret/backend_config_acme.py +174 -126
- pulumi_vault/pkisecret/backend_config_auto_tidy.py +1377 -0
- pulumi_vault/pkisecret/backend_config_cluster.py +57 -56
- pulumi_vault/pkisecret/backend_config_cmpv2.py +152 -104
- pulumi_vault/pkisecret/backend_config_est.py +120 -119
- pulumi_vault/pkisecret/get_backend_cert_metadata.py +278 -0
- pulumi_vault/pkisecret/get_backend_config_cmpv2.py +35 -17
- pulumi_vault/pkisecret/get_backend_config_est.py +19 -18
- pulumi_vault/pkisecret/get_backend_issuer.py +139 -25
- pulumi_vault/pkisecret/get_backend_issuers.py +15 -14
- pulumi_vault/pkisecret/get_backend_key.py +20 -19
- pulumi_vault/pkisecret/get_backend_keys.py +15 -14
- pulumi_vault/pkisecret/outputs.py +28 -31
- pulumi_vault/pkisecret/secret_backend_cert.py +439 -297
- pulumi_vault/pkisecret/secret_backend_config_ca.py +43 -42
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +57 -56
- pulumi_vault/pkisecret/secret_backend_config_urls.py +85 -84
- pulumi_vault/pkisecret/secret_backend_crl_config.py +237 -182
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +520 -378
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +57 -56
- pulumi_vault/pkisecret/secret_backend_issuer.py +441 -175
- pulumi_vault/pkisecret/secret_backend_key.py +120 -119
- pulumi_vault/pkisecret/secret_backend_role.py +894 -644
- pulumi_vault/pkisecret/secret_backend_root_cert.py +851 -427
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +936 -357
- pulumi_vault/pkisecret/secret_backend_sign.py +347 -252
- pulumi_vault/plugin.py +127 -126
- pulumi_vault/plugin_pinned_version.py +43 -42
- pulumi_vault/policy.py +43 -42
- pulumi_vault/provider.py +120 -119
- pulumi_vault/pulumi-plugin.json +1 -1
- pulumi_vault/quota_lease_count.py +85 -84
- pulumi_vault/quota_rate_limit.py +113 -112
- pulumi_vault/rabbitmq/__init__.py +1 -0
- pulumi_vault/rabbitmq/_inputs.py +41 -40
- pulumi_vault/rabbitmq/outputs.py +25 -24
- pulumi_vault/rabbitmq/secret_backend.py +169 -168
- pulumi_vault/rabbitmq/secret_backend_role.py +57 -56
- pulumi_vault/raft_autopilot.py +113 -112
- pulumi_vault/raft_snapshot_agent_config.py +393 -392
- pulumi_vault/rgp_policy.py +57 -56
- pulumi_vault/saml/__init__.py +1 -0
- pulumi_vault/saml/auth_backend.py +155 -154
- pulumi_vault/saml/auth_backend_role.py +239 -238
- pulumi_vault/secrets/__init__.py +1 -0
- pulumi_vault/secrets/_inputs.py +16 -15
- pulumi_vault/secrets/outputs.py +10 -9
- pulumi_vault/secrets/sync_association.py +71 -70
- pulumi_vault/secrets/sync_aws_destination.py +148 -147
- pulumi_vault/secrets/sync_azure_destination.py +148 -147
- pulumi_vault/secrets/sync_config.py +43 -42
- pulumi_vault/secrets/sync_gcp_destination.py +106 -105
- pulumi_vault/secrets/sync_gh_destination.py +134 -133
- pulumi_vault/secrets/sync_github_apps.py +64 -63
- pulumi_vault/secrets/sync_vercel_destination.py +120 -119
- pulumi_vault/ssh/__init__.py +2 -0
- pulumi_vault/ssh/_inputs.py +11 -10
- pulumi_vault/ssh/get_secret_backend_sign.py +295 -0
- pulumi_vault/ssh/outputs.py +7 -6
- pulumi_vault/ssh/secret_backend_ca.py +99 -98
- pulumi_vault/ssh/secret_backend_role.py +365 -364
- pulumi_vault/terraformcloud/__init__.py +1 -0
- pulumi_vault/terraformcloud/secret_backend.py +111 -110
- pulumi_vault/terraformcloud/secret_creds.py +74 -73
- pulumi_vault/terraformcloud/secret_role.py +96 -95
- pulumi_vault/token.py +246 -245
- pulumi_vault/tokenauth/__init__.py +1 -0
- pulumi_vault/tokenauth/auth_backend_role.py +267 -266
- pulumi_vault/transform/__init__.py +1 -0
- pulumi_vault/transform/alphabet.py +57 -56
- pulumi_vault/transform/get_decode.py +47 -46
- pulumi_vault/transform/get_encode.py +47 -46
- pulumi_vault/transform/role.py +57 -56
- pulumi_vault/transform/template.py +113 -112
- pulumi_vault/transform/transformation.py +141 -140
- pulumi_vault/transit/__init__.py +3 -0
- pulumi_vault/transit/get_decrypt.py +18 -17
- pulumi_vault/transit/get_encrypt.py +21 -20
- pulumi_vault/transit/get_sign.py +325 -0
- pulumi_vault/transit/get_verify.py +355 -0
- pulumi_vault/transit/secret_backend_key.py +394 -231
- pulumi_vault/transit/secret_cache_config.py +43 -42
- {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0.dist-info}/METADATA +2 -2
- pulumi_vault-6.7.0.dist-info/RECORD +265 -0
- {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0.dist-info}/WHEEL +1 -1
- pulumi_vault-6.6.0a1741415971.dist-info/RECORD +0 -260
- {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0.dist-info}/top_level.txt +0 -0
@@ -2,6 +2,7 @@
|
|
2
2
|
# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
|
3
3
|
# *** Do not edit by hand unless you're certain you know what you are doing! ***
|
4
4
|
|
5
|
+
import builtins
|
5
6
|
import copy
|
6
7
|
import warnings
|
7
8
|
import sys
|
@@ -19,37 +20,53 @@ __all__ = ['AuthBackendConfigArgs', 'AuthBackendConfig']
|
|
19
20
|
@pulumi.input_type
|
20
21
|
class AuthBackendConfigArgs:
|
21
22
|
def __init__(__self__, *,
|
22
|
-
resource: pulumi.Input[str],
|
23
|
-
tenant_id: pulumi.Input[str],
|
24
|
-
backend: Optional[pulumi.Input[str]] = None,
|
25
|
-
client_id: Optional[pulumi.Input[str]] = None,
|
26
|
-
client_secret: Optional[pulumi.Input[str]] = None,
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
23
|
+
resource: pulumi.Input[builtins.str],
|
24
|
+
tenant_id: pulumi.Input[builtins.str],
|
25
|
+
backend: Optional[pulumi.Input[builtins.str]] = None,
|
26
|
+
client_id: Optional[pulumi.Input[builtins.str]] = None,
|
27
|
+
client_secret: Optional[pulumi.Input[builtins.str]] = None,
|
28
|
+
disable_automated_rotation: Optional[pulumi.Input[builtins.bool]] = None,
|
29
|
+
environment: Optional[pulumi.Input[builtins.str]] = None,
|
30
|
+
identity_token_audience: Optional[pulumi.Input[builtins.str]] = None,
|
31
|
+
identity_token_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
32
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
33
|
+
rotation_period: Optional[pulumi.Input[builtins.int]] = None,
|
34
|
+
rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
|
35
|
+
rotation_window: Optional[pulumi.Input[builtins.int]] = None):
|
31
36
|
"""
|
32
37
|
The set of arguments for constructing a AuthBackendConfig resource.
|
33
|
-
:param pulumi.Input[str] resource: The configured URL for the application registered in
|
38
|
+
:param pulumi.Input[builtins.str] resource: The configured URL for the application registered in
|
34
39
|
Azure Active Directory.
|
35
|
-
:param pulumi.Input[str] tenant_id: The tenant id for the Azure Active Directory
|
40
|
+
:param pulumi.Input[builtins.str] tenant_id: The tenant id for the Azure Active Directory
|
36
41
|
organization.
|
37
|
-
:param pulumi.Input[str] backend: The path the Azure auth backend being configured was
|
42
|
+
:param pulumi.Input[builtins.str] backend: The path the Azure auth backend being configured was
|
38
43
|
mounted at. Defaults to `azure`.
|
39
|
-
:param pulumi.Input[str] client_id: The client id for credentials to query the Azure APIs.
|
44
|
+
:param pulumi.Input[builtins.str] client_id: The client id for credentials to query the Azure APIs.
|
40
45
|
Currently read permissions to query compute resources are required.
|
41
|
-
:param pulumi.Input[str] client_secret: The client secret for credentials to query the
|
46
|
+
:param pulumi.Input[builtins.str] client_secret: The client secret for credentials to query the
|
42
47
|
Azure APIs.
|
43
|
-
:param pulumi.Input[
|
48
|
+
:param pulumi.Input[builtins.bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
49
|
+
*Available only for Vault Enterprise*
|
50
|
+
:param pulumi.Input[builtins.str] environment: The Azure cloud environment. Valid values:
|
44
51
|
AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud,
|
45
52
|
AzureGermanCloud. Defaults to `AzurePublicCloud`.
|
46
|
-
:param pulumi.Input[str] identity_token_audience: The audience claim value for plugin identity tokens. Requires Vault 1.17+.
|
53
|
+
:param pulumi.Input[builtins.str] identity_token_audience: The audience claim value for plugin identity tokens. Requires Vault 1.17+.
|
47
54
|
*Available only for Vault Enterprise*
|
48
|
-
:param pulumi.Input[int] identity_token_ttl: The TTL of generated identity tokens in seconds.
|
49
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
55
|
+
:param pulumi.Input[builtins.int] identity_token_ttl: The TTL of generated identity tokens in seconds.
|
56
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
50
57
|
The value should not contain leading or trailing forward slashes.
|
51
58
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
52
59
|
*Available only for Vault Enterprise*.
|
60
|
+
:param pulumi.Input[builtins.int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
|
61
|
+
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
62
|
+
*Available only for Vault Enterprise*
|
63
|
+
:param pulumi.Input[builtins.str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
64
|
+
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
65
|
+
*Available only for Vault Enterprise*
|
66
|
+
:param pulumi.Input[builtins.int] rotation_window: The maximum amount of time in seconds allowed to complete
|
67
|
+
a rotation when a scheduled token rotation occurs. The default rotation window is
|
68
|
+
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
|
69
|
+
*Available only for Vault Enterprise*
|
53
70
|
"""
|
54
71
|
pulumi.set(__self__, "resource", resource)
|
55
72
|
pulumi.set(__self__, "tenant_id", tenant_id)
|
@@ -59,6 +76,8 @@ class AuthBackendConfigArgs:
|
|
59
76
|
pulumi.set(__self__, "client_id", client_id)
|
60
77
|
if client_secret is not None:
|
61
78
|
pulumi.set(__self__, "client_secret", client_secret)
|
79
|
+
if disable_automated_rotation is not None:
|
80
|
+
pulumi.set(__self__, "disable_automated_rotation", disable_automated_rotation)
|
62
81
|
if environment is not None:
|
63
82
|
pulumi.set(__self__, "environment", environment)
|
64
83
|
if identity_token_audience is not None:
|
@@ -67,10 +86,16 @@ class AuthBackendConfigArgs:
|
|
67
86
|
pulumi.set(__self__, "identity_token_ttl", identity_token_ttl)
|
68
87
|
if namespace is not None:
|
69
88
|
pulumi.set(__self__, "namespace", namespace)
|
89
|
+
if rotation_period is not None:
|
90
|
+
pulumi.set(__self__, "rotation_period", rotation_period)
|
91
|
+
if rotation_schedule is not None:
|
92
|
+
pulumi.set(__self__, "rotation_schedule", rotation_schedule)
|
93
|
+
if rotation_window is not None:
|
94
|
+
pulumi.set(__self__, "rotation_window", rotation_window)
|
70
95
|
|
71
96
|
@property
|
72
97
|
@pulumi.getter
|
73
|
-
def resource(self) -> pulumi.Input[str]:
|
98
|
+
def resource(self) -> pulumi.Input[builtins.str]:
|
74
99
|
"""
|
75
100
|
The configured URL for the application registered in
|
76
101
|
Azure Active Directory.
|
@@ -78,12 +103,12 @@ class AuthBackendConfigArgs:
|
|
78
103
|
return pulumi.get(self, "resource")
|
79
104
|
|
80
105
|
@resource.setter
|
81
|
-
def resource(self, value: pulumi.Input[str]):
|
106
|
+
def resource(self, value: pulumi.Input[builtins.str]):
|
82
107
|
pulumi.set(self, "resource", value)
|
83
108
|
|
84
109
|
@property
|
85
110
|
@pulumi.getter(name="tenantId")
|
86
|
-
def tenant_id(self) -> pulumi.Input[str]:
|
111
|
+
def tenant_id(self) -> pulumi.Input[builtins.str]:
|
87
112
|
"""
|
88
113
|
The tenant id for the Azure Active Directory
|
89
114
|
organization.
|
@@ -91,12 +116,12 @@ class AuthBackendConfigArgs:
|
|
91
116
|
return pulumi.get(self, "tenant_id")
|
92
117
|
|
93
118
|
@tenant_id.setter
|
94
|
-
def tenant_id(self, value: pulumi.Input[str]):
|
119
|
+
def tenant_id(self, value: pulumi.Input[builtins.str]):
|
95
120
|
pulumi.set(self, "tenant_id", value)
|
96
121
|
|
97
122
|
@property
|
98
123
|
@pulumi.getter
|
99
|
-
def backend(self) -> Optional[pulumi.Input[str]]:
|
124
|
+
def backend(self) -> Optional[pulumi.Input[builtins.str]]:
|
100
125
|
"""
|
101
126
|
The path the Azure auth backend being configured was
|
102
127
|
mounted at. Defaults to `azure`.
|
@@ -104,12 +129,12 @@ class AuthBackendConfigArgs:
|
|
104
129
|
return pulumi.get(self, "backend")
|
105
130
|
|
106
131
|
@backend.setter
|
107
|
-
def backend(self, value: Optional[pulumi.Input[str]]):
|
132
|
+
def backend(self, value: Optional[pulumi.Input[builtins.str]]):
|
108
133
|
pulumi.set(self, "backend", value)
|
109
134
|
|
110
135
|
@property
|
111
136
|
@pulumi.getter(name="clientId")
|
112
|
-
def client_id(self) -> Optional[pulumi.Input[str]]:
|
137
|
+
def client_id(self) -> Optional[pulumi.Input[builtins.str]]:
|
113
138
|
"""
|
114
139
|
The client id for credentials to query the Azure APIs.
|
115
140
|
Currently read permissions to query compute resources are required.
|
@@ -117,12 +142,12 @@ class AuthBackendConfigArgs:
|
|
117
142
|
return pulumi.get(self, "client_id")
|
118
143
|
|
119
144
|
@client_id.setter
|
120
|
-
def client_id(self, value: Optional[pulumi.Input[str]]):
|
145
|
+
def client_id(self, value: Optional[pulumi.Input[builtins.str]]):
|
121
146
|
pulumi.set(self, "client_id", value)
|
122
147
|
|
123
148
|
@property
|
124
149
|
@pulumi.getter(name="clientSecret")
|
125
|
-
def client_secret(self) -> Optional[pulumi.Input[str]]:
|
150
|
+
def client_secret(self) -> Optional[pulumi.Input[builtins.str]]:
|
126
151
|
"""
|
127
152
|
The client secret for credentials to query the
|
128
153
|
Azure APIs.
|
@@ -130,12 +155,25 @@ class AuthBackendConfigArgs:
|
|
130
155
|
return pulumi.get(self, "client_secret")
|
131
156
|
|
132
157
|
@client_secret.setter
|
133
|
-
def client_secret(self, value: Optional[pulumi.Input[str]]):
|
158
|
+
def client_secret(self, value: Optional[pulumi.Input[builtins.str]]):
|
134
159
|
pulumi.set(self, "client_secret", value)
|
135
160
|
|
161
|
+
@property
|
162
|
+
@pulumi.getter(name="disableAutomatedRotation")
|
163
|
+
def disable_automated_rotation(self) -> Optional[pulumi.Input[builtins.bool]]:
|
164
|
+
"""
|
165
|
+
Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
166
|
+
*Available only for Vault Enterprise*
|
167
|
+
"""
|
168
|
+
return pulumi.get(self, "disable_automated_rotation")
|
169
|
+
|
170
|
+
@disable_automated_rotation.setter
|
171
|
+
def disable_automated_rotation(self, value: Optional[pulumi.Input[builtins.bool]]):
|
172
|
+
pulumi.set(self, "disable_automated_rotation", value)
|
173
|
+
|
136
174
|
@property
|
137
175
|
@pulumi.getter
|
138
|
-
def environment(self) -> Optional[pulumi.Input[str]]:
|
176
|
+
def environment(self) -> Optional[pulumi.Input[builtins.str]]:
|
139
177
|
"""
|
140
178
|
The Azure cloud environment. Valid values:
|
141
179
|
AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud,
|
@@ -144,12 +182,12 @@ class AuthBackendConfigArgs:
|
|
144
182
|
return pulumi.get(self, "environment")
|
145
183
|
|
146
184
|
@environment.setter
|
147
|
-
def environment(self, value: Optional[pulumi.Input[str]]):
|
185
|
+
def environment(self, value: Optional[pulumi.Input[builtins.str]]):
|
148
186
|
pulumi.set(self, "environment", value)
|
149
187
|
|
150
188
|
@property
|
151
189
|
@pulumi.getter(name="identityTokenAudience")
|
152
|
-
def identity_token_audience(self) -> Optional[pulumi.Input[str]]:
|
190
|
+
def identity_token_audience(self) -> Optional[pulumi.Input[builtins.str]]:
|
153
191
|
"""
|
154
192
|
The audience claim value for plugin identity tokens. Requires Vault 1.17+.
|
155
193
|
*Available only for Vault Enterprise*
|
@@ -157,24 +195,24 @@ class AuthBackendConfigArgs:
|
|
157
195
|
return pulumi.get(self, "identity_token_audience")
|
158
196
|
|
159
197
|
@identity_token_audience.setter
|
160
|
-
def identity_token_audience(self, value: Optional[pulumi.Input[str]]):
|
198
|
+
def identity_token_audience(self, value: Optional[pulumi.Input[builtins.str]]):
|
161
199
|
pulumi.set(self, "identity_token_audience", value)
|
162
200
|
|
163
201
|
@property
|
164
202
|
@pulumi.getter(name="identityTokenTtl")
|
165
|
-
def identity_token_ttl(self) -> Optional[pulumi.Input[int]]:
|
203
|
+
def identity_token_ttl(self) -> Optional[pulumi.Input[builtins.int]]:
|
166
204
|
"""
|
167
205
|
The TTL of generated identity tokens in seconds.
|
168
206
|
"""
|
169
207
|
return pulumi.get(self, "identity_token_ttl")
|
170
208
|
|
171
209
|
@identity_token_ttl.setter
|
172
|
-
def identity_token_ttl(self, value: Optional[pulumi.Input[int]]):
|
210
|
+
def identity_token_ttl(self, value: Optional[pulumi.Input[builtins.int]]):
|
173
211
|
pulumi.set(self, "identity_token_ttl", value)
|
174
212
|
|
175
213
|
@property
|
176
214
|
@pulumi.getter
|
177
|
-
def namespace(self) -> Optional[pulumi.Input[str]]:
|
215
|
+
def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
|
178
216
|
"""
|
179
217
|
The namespace to provision the resource in.
|
180
218
|
The value should not contain leading or trailing forward slashes.
|
@@ -184,43 +222,102 @@ class AuthBackendConfigArgs:
|
|
184
222
|
return pulumi.get(self, "namespace")
|
185
223
|
|
186
224
|
@namespace.setter
|
187
|
-
def namespace(self, value: Optional[pulumi.Input[str]]):
|
225
|
+
def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
|
188
226
|
pulumi.set(self, "namespace", value)
|
189
227
|
|
228
|
+
@property
|
229
|
+
@pulumi.getter(name="rotationPeriod")
|
230
|
+
def rotation_period(self) -> Optional[pulumi.Input[builtins.int]]:
|
231
|
+
"""
|
232
|
+
The amount of time in seconds Vault should wait before rotating the root credential.
|
233
|
+
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
234
|
+
*Available only for Vault Enterprise*
|
235
|
+
"""
|
236
|
+
return pulumi.get(self, "rotation_period")
|
237
|
+
|
238
|
+
@rotation_period.setter
|
239
|
+
def rotation_period(self, value: Optional[pulumi.Input[builtins.int]]):
|
240
|
+
pulumi.set(self, "rotation_period", value)
|
241
|
+
|
242
|
+
@property
|
243
|
+
@pulumi.getter(name="rotationSchedule")
|
244
|
+
def rotation_schedule(self) -> Optional[pulumi.Input[builtins.str]]:
|
245
|
+
"""
|
246
|
+
The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
247
|
+
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
248
|
+
*Available only for Vault Enterprise*
|
249
|
+
"""
|
250
|
+
return pulumi.get(self, "rotation_schedule")
|
251
|
+
|
252
|
+
@rotation_schedule.setter
|
253
|
+
def rotation_schedule(self, value: Optional[pulumi.Input[builtins.str]]):
|
254
|
+
pulumi.set(self, "rotation_schedule", value)
|
255
|
+
|
256
|
+
@property
|
257
|
+
@pulumi.getter(name="rotationWindow")
|
258
|
+
def rotation_window(self) -> Optional[pulumi.Input[builtins.int]]:
|
259
|
+
"""
|
260
|
+
The maximum amount of time in seconds allowed to complete
|
261
|
+
a rotation when a scheduled token rotation occurs. The default rotation window is
|
262
|
+
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
|
263
|
+
*Available only for Vault Enterprise*
|
264
|
+
"""
|
265
|
+
return pulumi.get(self, "rotation_window")
|
266
|
+
|
267
|
+
@rotation_window.setter
|
268
|
+
def rotation_window(self, value: Optional[pulumi.Input[builtins.int]]):
|
269
|
+
pulumi.set(self, "rotation_window", value)
|
270
|
+
|
190
271
|
|
191
272
|
@pulumi.input_type
|
192
273
|
class _AuthBackendConfigState:
|
193
274
|
def __init__(__self__, *,
|
194
|
-
backend: Optional[pulumi.Input[str]] = None,
|
195
|
-
client_id: Optional[pulumi.Input[str]] = None,
|
196
|
-
client_secret: Optional[pulumi.Input[str]] = None,
|
197
|
-
|
198
|
-
|
199
|
-
|
200
|
-
|
201
|
-
|
202
|
-
|
275
|
+
backend: Optional[pulumi.Input[builtins.str]] = None,
|
276
|
+
client_id: Optional[pulumi.Input[builtins.str]] = None,
|
277
|
+
client_secret: Optional[pulumi.Input[builtins.str]] = None,
|
278
|
+
disable_automated_rotation: Optional[pulumi.Input[builtins.bool]] = None,
|
279
|
+
environment: Optional[pulumi.Input[builtins.str]] = None,
|
280
|
+
identity_token_audience: Optional[pulumi.Input[builtins.str]] = None,
|
281
|
+
identity_token_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
282
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
283
|
+
resource: Optional[pulumi.Input[builtins.str]] = None,
|
284
|
+
rotation_period: Optional[pulumi.Input[builtins.int]] = None,
|
285
|
+
rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
|
286
|
+
rotation_window: Optional[pulumi.Input[builtins.int]] = None,
|
287
|
+
tenant_id: Optional[pulumi.Input[builtins.str]] = None):
|
203
288
|
"""
|
204
289
|
Input properties used for looking up and filtering AuthBackendConfig resources.
|
205
|
-
:param pulumi.Input[str] backend: The path the Azure auth backend being configured was
|
290
|
+
:param pulumi.Input[builtins.str] backend: The path the Azure auth backend being configured was
|
206
291
|
mounted at. Defaults to `azure`.
|
207
|
-
:param pulumi.Input[str] client_id: The client id for credentials to query the Azure APIs.
|
292
|
+
:param pulumi.Input[builtins.str] client_id: The client id for credentials to query the Azure APIs.
|
208
293
|
Currently read permissions to query compute resources are required.
|
209
|
-
:param pulumi.Input[str] client_secret: The client secret for credentials to query the
|
294
|
+
:param pulumi.Input[builtins.str] client_secret: The client secret for credentials to query the
|
210
295
|
Azure APIs.
|
211
|
-
:param pulumi.Input[
|
296
|
+
:param pulumi.Input[builtins.bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
297
|
+
*Available only for Vault Enterprise*
|
298
|
+
:param pulumi.Input[builtins.str] environment: The Azure cloud environment. Valid values:
|
212
299
|
AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud,
|
213
300
|
AzureGermanCloud. Defaults to `AzurePublicCloud`.
|
214
|
-
:param pulumi.Input[str] identity_token_audience: The audience claim value for plugin identity tokens. Requires Vault 1.17+.
|
301
|
+
:param pulumi.Input[builtins.str] identity_token_audience: The audience claim value for plugin identity tokens. Requires Vault 1.17+.
|
215
302
|
*Available only for Vault Enterprise*
|
216
|
-
:param pulumi.Input[int] identity_token_ttl: The TTL of generated identity tokens in seconds.
|
217
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
303
|
+
:param pulumi.Input[builtins.int] identity_token_ttl: The TTL of generated identity tokens in seconds.
|
304
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
218
305
|
The value should not contain leading or trailing forward slashes.
|
219
306
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
220
307
|
*Available only for Vault Enterprise*.
|
221
|
-
:param pulumi.Input[str] resource: The configured URL for the application registered in
|
308
|
+
:param pulumi.Input[builtins.str] resource: The configured URL for the application registered in
|
222
309
|
Azure Active Directory.
|
223
|
-
:param pulumi.Input[
|
310
|
+
:param pulumi.Input[builtins.int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
|
311
|
+
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
312
|
+
*Available only for Vault Enterprise*
|
313
|
+
:param pulumi.Input[builtins.str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
314
|
+
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
315
|
+
*Available only for Vault Enterprise*
|
316
|
+
:param pulumi.Input[builtins.int] rotation_window: The maximum amount of time in seconds allowed to complete
|
317
|
+
a rotation when a scheduled token rotation occurs. The default rotation window is
|
318
|
+
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
|
319
|
+
*Available only for Vault Enterprise*
|
320
|
+
:param pulumi.Input[builtins.str] tenant_id: The tenant id for the Azure Active Directory
|
224
321
|
organization.
|
225
322
|
"""
|
226
323
|
if backend is not None:
|
@@ -229,6 +326,8 @@ class _AuthBackendConfigState:
|
|
229
326
|
pulumi.set(__self__, "client_id", client_id)
|
230
327
|
if client_secret is not None:
|
231
328
|
pulumi.set(__self__, "client_secret", client_secret)
|
329
|
+
if disable_automated_rotation is not None:
|
330
|
+
pulumi.set(__self__, "disable_automated_rotation", disable_automated_rotation)
|
232
331
|
if environment is not None:
|
233
332
|
pulumi.set(__self__, "environment", environment)
|
234
333
|
if identity_token_audience is not None:
|
@@ -239,12 +338,18 @@ class _AuthBackendConfigState:
|
|
239
338
|
pulumi.set(__self__, "namespace", namespace)
|
240
339
|
if resource is not None:
|
241
340
|
pulumi.set(__self__, "resource", resource)
|
341
|
+
if rotation_period is not None:
|
342
|
+
pulumi.set(__self__, "rotation_period", rotation_period)
|
343
|
+
if rotation_schedule is not None:
|
344
|
+
pulumi.set(__self__, "rotation_schedule", rotation_schedule)
|
345
|
+
if rotation_window is not None:
|
346
|
+
pulumi.set(__self__, "rotation_window", rotation_window)
|
242
347
|
if tenant_id is not None:
|
243
348
|
pulumi.set(__self__, "tenant_id", tenant_id)
|
244
349
|
|
245
350
|
@property
|
246
351
|
@pulumi.getter
|
247
|
-
def backend(self) -> Optional[pulumi.Input[str]]:
|
352
|
+
def backend(self) -> Optional[pulumi.Input[builtins.str]]:
|
248
353
|
"""
|
249
354
|
The path the Azure auth backend being configured was
|
250
355
|
mounted at. Defaults to `azure`.
|
@@ -252,12 +357,12 @@ class _AuthBackendConfigState:
|
|
252
357
|
return pulumi.get(self, "backend")
|
253
358
|
|
254
359
|
@backend.setter
|
255
|
-
def backend(self, value: Optional[pulumi.Input[str]]):
|
360
|
+
def backend(self, value: Optional[pulumi.Input[builtins.str]]):
|
256
361
|
pulumi.set(self, "backend", value)
|
257
362
|
|
258
363
|
@property
|
259
364
|
@pulumi.getter(name="clientId")
|
260
|
-
def client_id(self) -> Optional[pulumi.Input[str]]:
|
365
|
+
def client_id(self) -> Optional[pulumi.Input[builtins.str]]:
|
261
366
|
"""
|
262
367
|
The client id for credentials to query the Azure APIs.
|
263
368
|
Currently read permissions to query compute resources are required.
|
@@ -265,12 +370,12 @@ class _AuthBackendConfigState:
|
|
265
370
|
return pulumi.get(self, "client_id")
|
266
371
|
|
267
372
|
@client_id.setter
|
268
|
-
def client_id(self, value: Optional[pulumi.Input[str]]):
|
373
|
+
def client_id(self, value: Optional[pulumi.Input[builtins.str]]):
|
269
374
|
pulumi.set(self, "client_id", value)
|
270
375
|
|
271
376
|
@property
|
272
377
|
@pulumi.getter(name="clientSecret")
|
273
|
-
def client_secret(self) -> Optional[pulumi.Input[str]]:
|
378
|
+
def client_secret(self) -> Optional[pulumi.Input[builtins.str]]:
|
274
379
|
"""
|
275
380
|
The client secret for credentials to query the
|
276
381
|
Azure APIs.
|
@@ -278,12 +383,25 @@ class _AuthBackendConfigState:
|
|
278
383
|
return pulumi.get(self, "client_secret")
|
279
384
|
|
280
385
|
@client_secret.setter
|
281
|
-
def client_secret(self, value: Optional[pulumi.Input[str]]):
|
386
|
+
def client_secret(self, value: Optional[pulumi.Input[builtins.str]]):
|
282
387
|
pulumi.set(self, "client_secret", value)
|
283
388
|
|
389
|
+
@property
|
390
|
+
@pulumi.getter(name="disableAutomatedRotation")
|
391
|
+
def disable_automated_rotation(self) -> Optional[pulumi.Input[builtins.bool]]:
|
392
|
+
"""
|
393
|
+
Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
394
|
+
*Available only for Vault Enterprise*
|
395
|
+
"""
|
396
|
+
return pulumi.get(self, "disable_automated_rotation")
|
397
|
+
|
398
|
+
@disable_automated_rotation.setter
|
399
|
+
def disable_automated_rotation(self, value: Optional[pulumi.Input[builtins.bool]]):
|
400
|
+
pulumi.set(self, "disable_automated_rotation", value)
|
401
|
+
|
284
402
|
@property
|
285
403
|
@pulumi.getter
|
286
|
-
def environment(self) -> Optional[pulumi.Input[str]]:
|
404
|
+
def environment(self) -> Optional[pulumi.Input[builtins.str]]:
|
287
405
|
"""
|
288
406
|
The Azure cloud environment. Valid values:
|
289
407
|
AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud,
|
@@ -292,12 +410,12 @@ class _AuthBackendConfigState:
|
|
292
410
|
return pulumi.get(self, "environment")
|
293
411
|
|
294
412
|
@environment.setter
|
295
|
-
def environment(self, value: Optional[pulumi.Input[str]]):
|
413
|
+
def environment(self, value: Optional[pulumi.Input[builtins.str]]):
|
296
414
|
pulumi.set(self, "environment", value)
|
297
415
|
|
298
416
|
@property
|
299
417
|
@pulumi.getter(name="identityTokenAudience")
|
300
|
-
def identity_token_audience(self) -> Optional[pulumi.Input[str]]:
|
418
|
+
def identity_token_audience(self) -> Optional[pulumi.Input[builtins.str]]:
|
301
419
|
"""
|
302
420
|
The audience claim value for plugin identity tokens. Requires Vault 1.17+.
|
303
421
|
*Available only for Vault Enterprise*
|
@@ -305,24 +423,24 @@ class _AuthBackendConfigState:
|
|
305
423
|
return pulumi.get(self, "identity_token_audience")
|
306
424
|
|
307
425
|
@identity_token_audience.setter
|
308
|
-
def identity_token_audience(self, value: Optional[pulumi.Input[str]]):
|
426
|
+
def identity_token_audience(self, value: Optional[pulumi.Input[builtins.str]]):
|
309
427
|
pulumi.set(self, "identity_token_audience", value)
|
310
428
|
|
311
429
|
@property
|
312
430
|
@pulumi.getter(name="identityTokenTtl")
|
313
|
-
def identity_token_ttl(self) -> Optional[pulumi.Input[int]]:
|
431
|
+
def identity_token_ttl(self) -> Optional[pulumi.Input[builtins.int]]:
|
314
432
|
"""
|
315
433
|
The TTL of generated identity tokens in seconds.
|
316
434
|
"""
|
317
435
|
return pulumi.get(self, "identity_token_ttl")
|
318
436
|
|
319
437
|
@identity_token_ttl.setter
|
320
|
-
def identity_token_ttl(self, value: Optional[pulumi.Input[int]]):
|
438
|
+
def identity_token_ttl(self, value: Optional[pulumi.Input[builtins.int]]):
|
321
439
|
pulumi.set(self, "identity_token_ttl", value)
|
322
440
|
|
323
441
|
@property
|
324
442
|
@pulumi.getter
|
325
|
-
def namespace(self) -> Optional[pulumi.Input[str]]:
|
443
|
+
def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
|
326
444
|
"""
|
327
445
|
The namespace to provision the resource in.
|
328
446
|
The value should not contain leading or trailing forward slashes.
|
@@ -332,12 +450,12 @@ class _AuthBackendConfigState:
|
|
332
450
|
return pulumi.get(self, "namespace")
|
333
451
|
|
334
452
|
@namespace.setter
|
335
|
-
def namespace(self, value: Optional[pulumi.Input[str]]):
|
453
|
+
def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
|
336
454
|
pulumi.set(self, "namespace", value)
|
337
455
|
|
338
456
|
@property
|
339
457
|
@pulumi.getter
|
340
|
-
def resource(self) -> Optional[pulumi.Input[str]]:
|
458
|
+
def resource(self) -> Optional[pulumi.Input[builtins.str]]:
|
341
459
|
"""
|
342
460
|
The configured URL for the application registered in
|
343
461
|
Azure Active Directory.
|
@@ -345,12 +463,55 @@ class _AuthBackendConfigState:
|
|
345
463
|
return pulumi.get(self, "resource")
|
346
464
|
|
347
465
|
@resource.setter
|
348
|
-
def resource(self, value: Optional[pulumi.Input[str]]):
|
466
|
+
def resource(self, value: Optional[pulumi.Input[builtins.str]]):
|
349
467
|
pulumi.set(self, "resource", value)
|
350
468
|
|
469
|
+
@property
|
470
|
+
@pulumi.getter(name="rotationPeriod")
|
471
|
+
def rotation_period(self) -> Optional[pulumi.Input[builtins.int]]:
|
472
|
+
"""
|
473
|
+
The amount of time in seconds Vault should wait before rotating the root credential.
|
474
|
+
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
475
|
+
*Available only for Vault Enterprise*
|
476
|
+
"""
|
477
|
+
return pulumi.get(self, "rotation_period")
|
478
|
+
|
479
|
+
@rotation_period.setter
|
480
|
+
def rotation_period(self, value: Optional[pulumi.Input[builtins.int]]):
|
481
|
+
pulumi.set(self, "rotation_period", value)
|
482
|
+
|
483
|
+
@property
|
484
|
+
@pulumi.getter(name="rotationSchedule")
|
485
|
+
def rotation_schedule(self) -> Optional[pulumi.Input[builtins.str]]:
|
486
|
+
"""
|
487
|
+
The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
488
|
+
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
489
|
+
*Available only for Vault Enterprise*
|
490
|
+
"""
|
491
|
+
return pulumi.get(self, "rotation_schedule")
|
492
|
+
|
493
|
+
@rotation_schedule.setter
|
494
|
+
def rotation_schedule(self, value: Optional[pulumi.Input[builtins.str]]):
|
495
|
+
pulumi.set(self, "rotation_schedule", value)
|
496
|
+
|
497
|
+
@property
|
498
|
+
@pulumi.getter(name="rotationWindow")
|
499
|
+
def rotation_window(self) -> Optional[pulumi.Input[builtins.int]]:
|
500
|
+
"""
|
501
|
+
The maximum amount of time in seconds allowed to complete
|
502
|
+
a rotation when a scheduled token rotation occurs. The default rotation window is
|
503
|
+
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
|
504
|
+
*Available only for Vault Enterprise*
|
505
|
+
"""
|
506
|
+
return pulumi.get(self, "rotation_window")
|
507
|
+
|
508
|
+
@rotation_window.setter
|
509
|
+
def rotation_window(self, value: Optional[pulumi.Input[builtins.int]]):
|
510
|
+
pulumi.set(self, "rotation_window", value)
|
511
|
+
|
351
512
|
@property
|
352
513
|
@pulumi.getter(name="tenantId")
|
353
|
-
def tenant_id(self) -> Optional[pulumi.Input[str]]:
|
514
|
+
def tenant_id(self) -> Optional[pulumi.Input[builtins.str]]:
|
354
515
|
"""
|
355
516
|
The tenant id for the Azure Active Directory
|
356
517
|
organization.
|
@@ -358,7 +519,7 @@ class _AuthBackendConfigState:
|
|
358
519
|
return pulumi.get(self, "tenant_id")
|
359
520
|
|
360
521
|
@tenant_id.setter
|
361
|
-
def tenant_id(self, value: Optional[pulumi.Input[str]]):
|
522
|
+
def tenant_id(self, value: Optional[pulumi.Input[builtins.str]]):
|
362
523
|
pulumi.set(self, "tenant_id", value)
|
363
524
|
|
364
525
|
|
@@ -367,15 +528,19 @@ class AuthBackendConfig(pulumi.CustomResource):
|
|
367
528
|
def __init__(__self__,
|
368
529
|
resource_name: str,
|
369
530
|
opts: Optional[pulumi.ResourceOptions] = None,
|
370
|
-
backend: Optional[pulumi.Input[str]] = None,
|
371
|
-
client_id: Optional[pulumi.Input[str]] = None,
|
372
|
-
client_secret: Optional[pulumi.Input[str]] = None,
|
373
|
-
|
374
|
-
|
375
|
-
|
376
|
-
|
377
|
-
|
378
|
-
|
531
|
+
backend: Optional[pulumi.Input[builtins.str]] = None,
|
532
|
+
client_id: Optional[pulumi.Input[builtins.str]] = None,
|
533
|
+
client_secret: Optional[pulumi.Input[builtins.str]] = None,
|
534
|
+
disable_automated_rotation: Optional[pulumi.Input[builtins.bool]] = None,
|
535
|
+
environment: Optional[pulumi.Input[builtins.str]] = None,
|
536
|
+
identity_token_audience: Optional[pulumi.Input[builtins.str]] = None,
|
537
|
+
identity_token_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
538
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
539
|
+
resource: Optional[pulumi.Input[builtins.str]] = None,
|
540
|
+
rotation_period: Optional[pulumi.Input[builtins.int]] = None,
|
541
|
+
rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
|
542
|
+
rotation_window: Optional[pulumi.Input[builtins.int]] = None,
|
543
|
+
tenant_id: Optional[pulumi.Input[builtins.str]] = None,
|
379
544
|
__props__=None):
|
380
545
|
"""
|
381
546
|
## Example Usage
|
@@ -393,7 +558,9 @@ class AuthBackendConfig(pulumi.CustomResource):
|
|
393
558
|
tenant_id="11111111-2222-3333-4444-555555555555",
|
394
559
|
client_id="11111111-2222-3333-4444-555555555555",
|
395
560
|
identity_token_audience="<TOKEN_AUDIENCE>",
|
396
|
-
identity_token_ttl="<TOKEN_TTL>"
|
561
|
+
identity_token_ttl="<TOKEN_TTL>",
|
562
|
+
rotation_schedule="0 * * * SAT",
|
563
|
+
rotation_window=3600)
|
397
564
|
```
|
398
565
|
|
399
566
|
```python
|
@@ -406,7 +573,9 @@ class AuthBackendConfig(pulumi.CustomResource):
|
|
406
573
|
tenant_id="11111111-2222-3333-4444-555555555555",
|
407
574
|
client_id="11111111-2222-3333-4444-555555555555",
|
408
575
|
client_secret="01234567890123456789",
|
409
|
-
resource="https://vault.hashicorp.com"
|
576
|
+
resource="https://vault.hashicorp.com",
|
577
|
+
rotation_schedule="0 * * * SAT",
|
578
|
+
rotation_window=3600)
|
410
579
|
```
|
411
580
|
|
412
581
|
## Import
|
@@ -419,25 +588,37 @@ class AuthBackendConfig(pulumi.CustomResource):
|
|
419
588
|
|
420
589
|
:param str resource_name: The name of the resource.
|
421
590
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
422
|
-
:param pulumi.Input[str] backend: The path the Azure auth backend being configured was
|
591
|
+
:param pulumi.Input[builtins.str] backend: The path the Azure auth backend being configured was
|
423
592
|
mounted at. Defaults to `azure`.
|
424
|
-
:param pulumi.Input[str] client_id: The client id for credentials to query the Azure APIs.
|
593
|
+
:param pulumi.Input[builtins.str] client_id: The client id for credentials to query the Azure APIs.
|
425
594
|
Currently read permissions to query compute resources are required.
|
426
|
-
:param pulumi.Input[str] client_secret: The client secret for credentials to query the
|
595
|
+
:param pulumi.Input[builtins.str] client_secret: The client secret for credentials to query the
|
427
596
|
Azure APIs.
|
428
|
-
:param pulumi.Input[
|
597
|
+
:param pulumi.Input[builtins.bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
598
|
+
*Available only for Vault Enterprise*
|
599
|
+
:param pulumi.Input[builtins.str] environment: The Azure cloud environment. Valid values:
|
429
600
|
AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud,
|
430
601
|
AzureGermanCloud. Defaults to `AzurePublicCloud`.
|
431
|
-
:param pulumi.Input[str] identity_token_audience: The audience claim value for plugin identity tokens. Requires Vault 1.17+.
|
602
|
+
:param pulumi.Input[builtins.str] identity_token_audience: The audience claim value for plugin identity tokens. Requires Vault 1.17+.
|
432
603
|
*Available only for Vault Enterprise*
|
433
|
-
:param pulumi.Input[int] identity_token_ttl: The TTL of generated identity tokens in seconds.
|
434
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
604
|
+
:param pulumi.Input[builtins.int] identity_token_ttl: The TTL of generated identity tokens in seconds.
|
605
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
435
606
|
The value should not contain leading or trailing forward slashes.
|
436
607
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
437
608
|
*Available only for Vault Enterprise*.
|
438
|
-
:param pulumi.Input[str] resource: The configured URL for the application registered in
|
609
|
+
:param pulumi.Input[builtins.str] resource: The configured URL for the application registered in
|
439
610
|
Azure Active Directory.
|
440
|
-
:param pulumi.Input[
|
611
|
+
:param pulumi.Input[builtins.int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
|
612
|
+
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
613
|
+
*Available only for Vault Enterprise*
|
614
|
+
:param pulumi.Input[builtins.str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
615
|
+
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
616
|
+
*Available only for Vault Enterprise*
|
617
|
+
:param pulumi.Input[builtins.int] rotation_window: The maximum amount of time in seconds allowed to complete
|
618
|
+
a rotation when a scheduled token rotation occurs. The default rotation window is
|
619
|
+
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
|
620
|
+
*Available only for Vault Enterprise*
|
621
|
+
:param pulumi.Input[builtins.str] tenant_id: The tenant id for the Azure Active Directory
|
441
622
|
organization.
|
442
623
|
"""
|
443
624
|
...
|
@@ -462,7 +643,9 @@ class AuthBackendConfig(pulumi.CustomResource):
|
|
462
643
|
tenant_id="11111111-2222-3333-4444-555555555555",
|
463
644
|
client_id="11111111-2222-3333-4444-555555555555",
|
464
645
|
identity_token_audience="<TOKEN_AUDIENCE>",
|
465
|
-
identity_token_ttl="<TOKEN_TTL>"
|
646
|
+
identity_token_ttl="<TOKEN_TTL>",
|
647
|
+
rotation_schedule="0 * * * SAT",
|
648
|
+
rotation_window=3600)
|
466
649
|
```
|
467
650
|
|
468
651
|
```python
|
@@ -475,7 +658,9 @@ class AuthBackendConfig(pulumi.CustomResource):
|
|
475
658
|
tenant_id="11111111-2222-3333-4444-555555555555",
|
476
659
|
client_id="11111111-2222-3333-4444-555555555555",
|
477
660
|
client_secret="01234567890123456789",
|
478
|
-
resource="https://vault.hashicorp.com"
|
661
|
+
resource="https://vault.hashicorp.com",
|
662
|
+
rotation_schedule="0 * * * SAT",
|
663
|
+
rotation_window=3600)
|
479
664
|
```
|
480
665
|
|
481
666
|
## Import
|
@@ -501,15 +686,19 @@ class AuthBackendConfig(pulumi.CustomResource):
|
|
501
686
|
def _internal_init(__self__,
|
502
687
|
resource_name: str,
|
503
688
|
opts: Optional[pulumi.ResourceOptions] = None,
|
504
|
-
backend: Optional[pulumi.Input[str]] = None,
|
505
|
-
client_id: Optional[pulumi.Input[str]] = None,
|
506
|
-
client_secret: Optional[pulumi.Input[str]] = None,
|
507
|
-
|
508
|
-
|
509
|
-
|
510
|
-
|
511
|
-
|
512
|
-
|
689
|
+
backend: Optional[pulumi.Input[builtins.str]] = None,
|
690
|
+
client_id: Optional[pulumi.Input[builtins.str]] = None,
|
691
|
+
client_secret: Optional[pulumi.Input[builtins.str]] = None,
|
692
|
+
disable_automated_rotation: Optional[pulumi.Input[builtins.bool]] = None,
|
693
|
+
environment: Optional[pulumi.Input[builtins.str]] = None,
|
694
|
+
identity_token_audience: Optional[pulumi.Input[builtins.str]] = None,
|
695
|
+
identity_token_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
696
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
697
|
+
resource: Optional[pulumi.Input[builtins.str]] = None,
|
698
|
+
rotation_period: Optional[pulumi.Input[builtins.int]] = None,
|
699
|
+
rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
|
700
|
+
rotation_window: Optional[pulumi.Input[builtins.int]] = None,
|
701
|
+
tenant_id: Optional[pulumi.Input[builtins.str]] = None,
|
513
702
|
__props__=None):
|
514
703
|
opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
|
515
704
|
if not isinstance(opts, pulumi.ResourceOptions):
|
@@ -522,6 +711,7 @@ class AuthBackendConfig(pulumi.CustomResource):
|
|
522
711
|
__props__.__dict__["backend"] = backend
|
523
712
|
__props__.__dict__["client_id"] = None if client_id is None else pulumi.Output.secret(client_id)
|
524
713
|
__props__.__dict__["client_secret"] = None if client_secret is None else pulumi.Output.secret(client_secret)
|
714
|
+
__props__.__dict__["disable_automated_rotation"] = disable_automated_rotation
|
525
715
|
__props__.__dict__["environment"] = environment
|
526
716
|
__props__.__dict__["identity_token_audience"] = identity_token_audience
|
527
717
|
__props__.__dict__["identity_token_ttl"] = identity_token_ttl
|
@@ -529,6 +719,9 @@ class AuthBackendConfig(pulumi.CustomResource):
|
|
529
719
|
if resource is None and not opts.urn:
|
530
720
|
raise TypeError("Missing required property 'resource'")
|
531
721
|
__props__.__dict__["resource"] = resource
|
722
|
+
__props__.__dict__["rotation_period"] = rotation_period
|
723
|
+
__props__.__dict__["rotation_schedule"] = rotation_schedule
|
724
|
+
__props__.__dict__["rotation_window"] = rotation_window
|
532
725
|
if tenant_id is None and not opts.urn:
|
533
726
|
raise TypeError("Missing required property 'tenant_id'")
|
534
727
|
__props__.__dict__["tenant_id"] = None if tenant_id is None else pulumi.Output.secret(tenant_id)
|
@@ -544,15 +737,19 @@ class AuthBackendConfig(pulumi.CustomResource):
|
|
544
737
|
def get(resource_name: str,
|
545
738
|
id: pulumi.Input[str],
|
546
739
|
opts: Optional[pulumi.ResourceOptions] = None,
|
547
|
-
backend: Optional[pulumi.Input[str]] = None,
|
548
|
-
client_id: Optional[pulumi.Input[str]] = None,
|
549
|
-
client_secret: Optional[pulumi.Input[str]] = None,
|
550
|
-
|
551
|
-
|
552
|
-
|
553
|
-
|
554
|
-
|
555
|
-
|
740
|
+
backend: Optional[pulumi.Input[builtins.str]] = None,
|
741
|
+
client_id: Optional[pulumi.Input[builtins.str]] = None,
|
742
|
+
client_secret: Optional[pulumi.Input[builtins.str]] = None,
|
743
|
+
disable_automated_rotation: Optional[pulumi.Input[builtins.bool]] = None,
|
744
|
+
environment: Optional[pulumi.Input[builtins.str]] = None,
|
745
|
+
identity_token_audience: Optional[pulumi.Input[builtins.str]] = None,
|
746
|
+
identity_token_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
747
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
748
|
+
resource: Optional[pulumi.Input[builtins.str]] = None,
|
749
|
+
rotation_period: Optional[pulumi.Input[builtins.int]] = None,
|
750
|
+
rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
|
751
|
+
rotation_window: Optional[pulumi.Input[builtins.int]] = None,
|
752
|
+
tenant_id: Optional[pulumi.Input[builtins.str]] = None) -> 'AuthBackendConfig':
|
556
753
|
"""
|
557
754
|
Get an existing AuthBackendConfig resource's state with the given name, id, and optional extra
|
558
755
|
properties used to qualify the lookup.
|
@@ -560,25 +757,37 @@ class AuthBackendConfig(pulumi.CustomResource):
|
|
560
757
|
:param str resource_name: The unique name of the resulting resource.
|
561
758
|
:param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
|
562
759
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
563
|
-
:param pulumi.Input[str] backend: The path the Azure auth backend being configured was
|
760
|
+
:param pulumi.Input[builtins.str] backend: The path the Azure auth backend being configured was
|
564
761
|
mounted at. Defaults to `azure`.
|
565
|
-
:param pulumi.Input[str] client_id: The client id for credentials to query the Azure APIs.
|
762
|
+
:param pulumi.Input[builtins.str] client_id: The client id for credentials to query the Azure APIs.
|
566
763
|
Currently read permissions to query compute resources are required.
|
567
|
-
:param pulumi.Input[str] client_secret: The client secret for credentials to query the
|
764
|
+
:param pulumi.Input[builtins.str] client_secret: The client secret for credentials to query the
|
568
765
|
Azure APIs.
|
569
|
-
:param pulumi.Input[
|
766
|
+
:param pulumi.Input[builtins.bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
767
|
+
*Available only for Vault Enterprise*
|
768
|
+
:param pulumi.Input[builtins.str] environment: The Azure cloud environment. Valid values:
|
570
769
|
AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud,
|
571
770
|
AzureGermanCloud. Defaults to `AzurePublicCloud`.
|
572
|
-
:param pulumi.Input[str] identity_token_audience: The audience claim value for plugin identity tokens. Requires Vault 1.17+.
|
771
|
+
:param pulumi.Input[builtins.str] identity_token_audience: The audience claim value for plugin identity tokens. Requires Vault 1.17+.
|
573
772
|
*Available only for Vault Enterprise*
|
574
|
-
:param pulumi.Input[int] identity_token_ttl: The TTL of generated identity tokens in seconds.
|
575
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
773
|
+
:param pulumi.Input[builtins.int] identity_token_ttl: The TTL of generated identity tokens in seconds.
|
774
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
576
775
|
The value should not contain leading or trailing forward slashes.
|
577
776
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
578
777
|
*Available only for Vault Enterprise*.
|
579
|
-
:param pulumi.Input[str] resource: The configured URL for the application registered in
|
778
|
+
:param pulumi.Input[builtins.str] resource: The configured URL for the application registered in
|
580
779
|
Azure Active Directory.
|
581
|
-
:param pulumi.Input[
|
780
|
+
:param pulumi.Input[builtins.int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
|
781
|
+
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
782
|
+
*Available only for Vault Enterprise*
|
783
|
+
:param pulumi.Input[builtins.str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
784
|
+
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
785
|
+
*Available only for Vault Enterprise*
|
786
|
+
:param pulumi.Input[builtins.int] rotation_window: The maximum amount of time in seconds allowed to complete
|
787
|
+
a rotation when a scheduled token rotation occurs. The default rotation window is
|
788
|
+
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
|
789
|
+
*Available only for Vault Enterprise*
|
790
|
+
:param pulumi.Input[builtins.str] tenant_id: The tenant id for the Azure Active Directory
|
582
791
|
organization.
|
583
792
|
"""
|
584
793
|
opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
|
@@ -588,17 +797,21 @@ class AuthBackendConfig(pulumi.CustomResource):
|
|
588
797
|
__props__.__dict__["backend"] = backend
|
589
798
|
__props__.__dict__["client_id"] = client_id
|
590
799
|
__props__.__dict__["client_secret"] = client_secret
|
800
|
+
__props__.__dict__["disable_automated_rotation"] = disable_automated_rotation
|
591
801
|
__props__.__dict__["environment"] = environment
|
592
802
|
__props__.__dict__["identity_token_audience"] = identity_token_audience
|
593
803
|
__props__.__dict__["identity_token_ttl"] = identity_token_ttl
|
594
804
|
__props__.__dict__["namespace"] = namespace
|
595
805
|
__props__.__dict__["resource"] = resource
|
806
|
+
__props__.__dict__["rotation_period"] = rotation_period
|
807
|
+
__props__.__dict__["rotation_schedule"] = rotation_schedule
|
808
|
+
__props__.__dict__["rotation_window"] = rotation_window
|
596
809
|
__props__.__dict__["tenant_id"] = tenant_id
|
597
810
|
return AuthBackendConfig(resource_name, opts=opts, __props__=__props__)
|
598
811
|
|
599
812
|
@property
|
600
813
|
@pulumi.getter
|
601
|
-
def backend(self) -> pulumi.Output[Optional[str]]:
|
814
|
+
def backend(self) -> pulumi.Output[Optional[builtins.str]]:
|
602
815
|
"""
|
603
816
|
The path the Azure auth backend being configured was
|
604
817
|
mounted at. Defaults to `azure`.
|
@@ -607,7 +820,7 @@ class AuthBackendConfig(pulumi.CustomResource):
|
|
607
820
|
|
608
821
|
@property
|
609
822
|
@pulumi.getter(name="clientId")
|
610
|
-
def client_id(self) -> pulumi.Output[Optional[str]]:
|
823
|
+
def client_id(self) -> pulumi.Output[Optional[builtins.str]]:
|
611
824
|
"""
|
612
825
|
The client id for credentials to query the Azure APIs.
|
613
826
|
Currently read permissions to query compute resources are required.
|
@@ -616,16 +829,25 @@ class AuthBackendConfig(pulumi.CustomResource):
|
|
616
829
|
|
617
830
|
@property
|
618
831
|
@pulumi.getter(name="clientSecret")
|
619
|
-
def client_secret(self) -> pulumi.Output[Optional[str]]:
|
832
|
+
def client_secret(self) -> pulumi.Output[Optional[builtins.str]]:
|
620
833
|
"""
|
621
834
|
The client secret for credentials to query the
|
622
835
|
Azure APIs.
|
623
836
|
"""
|
624
837
|
return pulumi.get(self, "client_secret")
|
625
838
|
|
839
|
+
@property
|
840
|
+
@pulumi.getter(name="disableAutomatedRotation")
|
841
|
+
def disable_automated_rotation(self) -> pulumi.Output[Optional[builtins.bool]]:
|
842
|
+
"""
|
843
|
+
Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
844
|
+
*Available only for Vault Enterprise*
|
845
|
+
"""
|
846
|
+
return pulumi.get(self, "disable_automated_rotation")
|
847
|
+
|
626
848
|
@property
|
627
849
|
@pulumi.getter
|
628
|
-
def environment(self) -> pulumi.Output[Optional[str]]:
|
850
|
+
def environment(self) -> pulumi.Output[Optional[builtins.str]]:
|
629
851
|
"""
|
630
852
|
The Azure cloud environment. Valid values:
|
631
853
|
AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud,
|
@@ -635,7 +857,7 @@ class AuthBackendConfig(pulumi.CustomResource):
|
|
635
857
|
|
636
858
|
@property
|
637
859
|
@pulumi.getter(name="identityTokenAudience")
|
638
|
-
def identity_token_audience(self) -> pulumi.Output[Optional[str]]:
|
860
|
+
def identity_token_audience(self) -> pulumi.Output[Optional[builtins.str]]:
|
639
861
|
"""
|
640
862
|
The audience claim value for plugin identity tokens. Requires Vault 1.17+.
|
641
863
|
*Available only for Vault Enterprise*
|
@@ -644,7 +866,7 @@ class AuthBackendConfig(pulumi.CustomResource):
|
|
644
866
|
|
645
867
|
@property
|
646
868
|
@pulumi.getter(name="identityTokenTtl")
|
647
|
-
def identity_token_ttl(self) -> pulumi.Output[int]:
|
869
|
+
def identity_token_ttl(self) -> pulumi.Output[builtins.int]:
|
648
870
|
"""
|
649
871
|
The TTL of generated identity tokens in seconds.
|
650
872
|
"""
|
@@ -652,7 +874,7 @@ class AuthBackendConfig(pulumi.CustomResource):
|
|
652
874
|
|
653
875
|
@property
|
654
876
|
@pulumi.getter
|
655
|
-
def namespace(self) -> pulumi.Output[Optional[str]]:
|
877
|
+
def namespace(self) -> pulumi.Output[Optional[builtins.str]]:
|
656
878
|
"""
|
657
879
|
The namespace to provision the resource in.
|
658
880
|
The value should not contain leading or trailing forward slashes.
|
@@ -663,16 +885,47 @@ class AuthBackendConfig(pulumi.CustomResource):
|
|
663
885
|
|
664
886
|
@property
|
665
887
|
@pulumi.getter
|
666
|
-
def resource(self) -> pulumi.Output[str]:
|
888
|
+
def resource(self) -> pulumi.Output[builtins.str]:
|
667
889
|
"""
|
668
890
|
The configured URL for the application registered in
|
669
891
|
Azure Active Directory.
|
670
892
|
"""
|
671
893
|
return pulumi.get(self, "resource")
|
672
894
|
|
895
|
+
@property
|
896
|
+
@pulumi.getter(name="rotationPeriod")
|
897
|
+
def rotation_period(self) -> pulumi.Output[Optional[builtins.int]]:
|
898
|
+
"""
|
899
|
+
The amount of time in seconds Vault should wait before rotating the root credential.
|
900
|
+
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
901
|
+
*Available only for Vault Enterprise*
|
902
|
+
"""
|
903
|
+
return pulumi.get(self, "rotation_period")
|
904
|
+
|
905
|
+
@property
|
906
|
+
@pulumi.getter(name="rotationSchedule")
|
907
|
+
def rotation_schedule(self) -> pulumi.Output[Optional[builtins.str]]:
|
908
|
+
"""
|
909
|
+
The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
910
|
+
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
911
|
+
*Available only for Vault Enterprise*
|
912
|
+
"""
|
913
|
+
return pulumi.get(self, "rotation_schedule")
|
914
|
+
|
915
|
+
@property
|
916
|
+
@pulumi.getter(name="rotationWindow")
|
917
|
+
def rotation_window(self) -> pulumi.Output[Optional[builtins.int]]:
|
918
|
+
"""
|
919
|
+
The maximum amount of time in seconds allowed to complete
|
920
|
+
a rotation when a scheduled token rotation occurs. The default rotation window is
|
921
|
+
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
|
922
|
+
*Available only for Vault Enterprise*
|
923
|
+
"""
|
924
|
+
return pulumi.get(self, "rotation_window")
|
925
|
+
|
673
926
|
@property
|
674
927
|
@pulumi.getter(name="tenantId")
|
675
|
-
def tenant_id(self) -> pulumi.Output[str]:
|
928
|
+
def tenant_id(self) -> pulumi.Output[builtins.str]:
|
676
929
|
"""
|
677
930
|
The tenant id for the Azure Active Directory
|
678
931
|
organization.
|