pulumi-vault 6.6.0a1741415971__py3-none-any.whl → 6.7.0__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +9 -0
- pulumi_vault/_inputs.py +583 -562
- pulumi_vault/ad/__init__.py +1 -0
- pulumi_vault/ad/get_access_credentials.py +20 -19
- pulumi_vault/ad/secret_backend.py +477 -476
- pulumi_vault/ad/secret_library.py +99 -98
- pulumi_vault/ad/secret_role.py +85 -84
- pulumi_vault/alicloud/__init__.py +1 -0
- pulumi_vault/alicloud/auth_backend_role.py +183 -182
- pulumi_vault/approle/__init__.py +1 -0
- pulumi_vault/approle/auth_backend_login.py +106 -105
- pulumi_vault/approle/auth_backend_role.py +239 -238
- pulumi_vault/approle/auth_backend_role_secret_id.py +162 -161
- pulumi_vault/approle/get_auth_backend_role_id.py +18 -17
- pulumi_vault/audit.py +85 -84
- pulumi_vault/audit_request_header.py +43 -42
- pulumi_vault/auth_backend.py +106 -105
- pulumi_vault/aws/__init__.py +1 -0
- pulumi_vault/aws/auth_backend_cert.py +71 -70
- pulumi_vault/aws/auth_backend_client.py +425 -200
- pulumi_vault/aws/auth_backend_config_identity.py +85 -84
- pulumi_vault/aws/auth_backend_identity_whitelist.py +57 -56
- pulumi_vault/aws/auth_backend_login.py +209 -208
- pulumi_vault/aws/auth_backend_role.py +400 -399
- pulumi_vault/aws/auth_backend_role_tag.py +127 -126
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +57 -56
- pulumi_vault/aws/auth_backend_sts_role.py +71 -70
- pulumi_vault/aws/get_access_credentials.py +44 -43
- pulumi_vault/aws/get_static_access_credentials.py +13 -12
- pulumi_vault/aws/secret_backend.py +523 -306
- pulumi_vault/aws/secret_backend_role.py +211 -210
- pulumi_vault/aws/secret_backend_static_role.py +288 -70
- pulumi_vault/azure/__init__.py +1 -0
- pulumi_vault/azure/_inputs.py +21 -20
- pulumi_vault/azure/auth_backend_config.py +383 -130
- pulumi_vault/azure/auth_backend_role.py +253 -252
- pulumi_vault/azure/backend.py +432 -186
- pulumi_vault/azure/backend_role.py +188 -140
- pulumi_vault/azure/get_access_credentials.py +58 -57
- pulumi_vault/azure/outputs.py +11 -10
- pulumi_vault/cert_auth_backend_role.py +365 -364
- pulumi_vault/config/__init__.py +1 -0
- pulumi_vault/config/__init__.pyi +1 -0
- pulumi_vault/config/_inputs.py +11 -10
- pulumi_vault/config/outputs.py +287 -286
- pulumi_vault/config/ui_custom_message.py +113 -112
- pulumi_vault/config/vars.py +1 -0
- pulumi_vault/consul/__init__.py +1 -0
- pulumi_vault/consul/secret_backend.py +197 -196
- pulumi_vault/consul/secret_backend_role.py +183 -182
- pulumi_vault/database/__init__.py +1 -0
- pulumi_vault/database/_inputs.py +3857 -2200
- pulumi_vault/database/outputs.py +2483 -1330
- pulumi_vault/database/secret_backend_connection.py +333 -112
- pulumi_vault/database/secret_backend_role.py +169 -168
- pulumi_vault/database/secret_backend_static_role.py +283 -140
- pulumi_vault/database/secrets_mount.py +275 -266
- pulumi_vault/egp_policy.py +71 -70
- pulumi_vault/gcp/__init__.py +1 -0
- pulumi_vault/gcp/_inputs.py +82 -81
- pulumi_vault/gcp/auth_backend.py +426 -205
- pulumi_vault/gcp/auth_backend_role.py +281 -280
- pulumi_vault/gcp/get_auth_backend_role.py +70 -69
- pulumi_vault/gcp/outputs.py +50 -49
- pulumi_vault/gcp/secret_backend.py +420 -179
- pulumi_vault/gcp/secret_impersonated_account.py +92 -91
- pulumi_vault/gcp/secret_roleset.py +92 -91
- pulumi_vault/gcp/secret_static_account.py +92 -91
- pulumi_vault/generic/__init__.py +1 -0
- pulumi_vault/generic/endpoint.py +113 -112
- pulumi_vault/generic/get_secret.py +28 -27
- pulumi_vault/generic/secret.py +78 -77
- pulumi_vault/get_auth_backend.py +19 -18
- pulumi_vault/get_auth_backends.py +14 -13
- pulumi_vault/get_namespace.py +15 -14
- pulumi_vault/get_namespaces.py +68 -18
- pulumi_vault/get_nomad_access_token.py +19 -18
- pulumi_vault/get_policy_document.py +6 -5
- pulumi_vault/get_raft_autopilot_state.py +18 -17
- pulumi_vault/github/__init__.py +1 -0
- pulumi_vault/github/_inputs.py +42 -41
- pulumi_vault/github/auth_backend.py +232 -231
- pulumi_vault/github/outputs.py +26 -25
- pulumi_vault/github/team.py +57 -56
- pulumi_vault/github/user.py +57 -56
- pulumi_vault/identity/__init__.py +1 -0
- pulumi_vault/identity/entity.py +85 -84
- pulumi_vault/identity/entity_alias.py +71 -70
- pulumi_vault/identity/entity_policies.py +64 -63
- pulumi_vault/identity/get_entity.py +43 -42
- pulumi_vault/identity/get_group.py +50 -49
- pulumi_vault/identity/get_oidc_client_creds.py +14 -13
- pulumi_vault/identity/get_oidc_openid_config.py +24 -23
- pulumi_vault/identity/get_oidc_public_keys.py +13 -12
- pulumi_vault/identity/group.py +141 -140
- pulumi_vault/identity/group_alias.py +57 -56
- pulumi_vault/identity/group_member_entity_ids.py +57 -56
- pulumi_vault/identity/group_member_group_ids.py +57 -56
- pulumi_vault/identity/group_policies.py +64 -63
- pulumi_vault/identity/mfa_duo.py +148 -147
- pulumi_vault/identity/mfa_login_enforcement.py +120 -119
- pulumi_vault/identity/mfa_okta.py +134 -133
- pulumi_vault/identity/mfa_pingid.py +127 -126
- pulumi_vault/identity/mfa_totp.py +176 -175
- pulumi_vault/identity/oidc.py +29 -28
- pulumi_vault/identity/oidc_assignment.py +57 -56
- pulumi_vault/identity/oidc_client.py +127 -126
- pulumi_vault/identity/oidc_key.py +85 -84
- pulumi_vault/identity/oidc_key_allowed_client_id.py +43 -42
- pulumi_vault/identity/oidc_provider.py +92 -91
- pulumi_vault/identity/oidc_role.py +85 -84
- pulumi_vault/identity/oidc_scope.py +57 -56
- pulumi_vault/identity/outputs.py +32 -31
- pulumi_vault/jwt/__init__.py +1 -0
- pulumi_vault/jwt/_inputs.py +42 -41
- pulumi_vault/jwt/auth_backend.py +288 -287
- pulumi_vault/jwt/auth_backend_role.py +407 -406
- pulumi_vault/jwt/outputs.py +26 -25
- pulumi_vault/kmip/__init__.py +1 -0
- pulumi_vault/kmip/secret_backend.py +183 -182
- pulumi_vault/kmip/secret_role.py +295 -294
- pulumi_vault/kmip/secret_scope.py +57 -56
- pulumi_vault/kubernetes/__init__.py +1 -0
- pulumi_vault/kubernetes/auth_backend_config.py +141 -140
- pulumi_vault/kubernetes/auth_backend_role.py +225 -224
- pulumi_vault/kubernetes/get_auth_backend_config.py +47 -46
- pulumi_vault/kubernetes/get_auth_backend_role.py +70 -69
- pulumi_vault/kubernetes/get_service_account_token.py +38 -37
- pulumi_vault/kubernetes/secret_backend.py +316 -315
- pulumi_vault/kubernetes/secret_backend_role.py +197 -196
- pulumi_vault/kv/__init__.py +1 -0
- pulumi_vault/kv/_inputs.py +21 -20
- pulumi_vault/kv/get_secret.py +17 -16
- pulumi_vault/kv/get_secret_subkeys_v2.py +30 -29
- pulumi_vault/kv/get_secret_v2.py +29 -28
- pulumi_vault/kv/get_secrets_list.py +13 -12
- pulumi_vault/kv/get_secrets_list_v2.py +19 -18
- pulumi_vault/kv/outputs.py +13 -12
- pulumi_vault/kv/secret.py +50 -49
- pulumi_vault/kv/secret_backend_v2.py +71 -70
- pulumi_vault/kv/secret_v2.py +134 -133
- pulumi_vault/ldap/__init__.py +1 -0
- pulumi_vault/ldap/auth_backend.py +754 -533
- pulumi_vault/ldap/auth_backend_group.py +57 -56
- pulumi_vault/ldap/auth_backend_user.py +71 -70
- pulumi_vault/ldap/get_dynamic_credentials.py +17 -16
- pulumi_vault/ldap/get_static_credentials.py +18 -17
- pulumi_vault/ldap/secret_backend.py +720 -499
- pulumi_vault/ldap/secret_backend_dynamic_role.py +127 -126
- pulumi_vault/ldap/secret_backend_library_set.py +99 -98
- pulumi_vault/ldap/secret_backend_static_role.py +99 -98
- pulumi_vault/managed/__init__.py +1 -0
- pulumi_vault/managed/_inputs.py +229 -228
- pulumi_vault/managed/keys.py +15 -14
- pulumi_vault/managed/outputs.py +139 -138
- pulumi_vault/mfa_duo.py +113 -112
- pulumi_vault/mfa_okta.py +113 -112
- pulumi_vault/mfa_pingid.py +120 -119
- pulumi_vault/mfa_totp.py +127 -126
- pulumi_vault/mongodbatlas/__init__.py +1 -0
- pulumi_vault/mongodbatlas/secret_backend.py +64 -63
- pulumi_vault/mongodbatlas/secret_role.py +155 -154
- pulumi_vault/mount.py +274 -273
- pulumi_vault/namespace.py +64 -63
- pulumi_vault/nomad_secret_backend.py +211 -210
- pulumi_vault/nomad_secret_role.py +85 -84
- pulumi_vault/okta/__init__.py +1 -0
- pulumi_vault/okta/_inputs.py +26 -25
- pulumi_vault/okta/auth_backend.py +274 -273
- pulumi_vault/okta/auth_backend_group.py +57 -56
- pulumi_vault/okta/auth_backend_user.py +71 -70
- pulumi_vault/okta/outputs.py +16 -15
- pulumi_vault/outputs.py +73 -60
- pulumi_vault/password_policy.py +43 -42
- pulumi_vault/pkisecret/__init__.py +3 -0
- pulumi_vault/pkisecret/_inputs.py +31 -36
- pulumi_vault/pkisecret/backend_acme_eab.py +92 -91
- pulumi_vault/pkisecret/backend_config_acme.py +174 -126
- pulumi_vault/pkisecret/backend_config_auto_tidy.py +1377 -0
- pulumi_vault/pkisecret/backend_config_cluster.py +57 -56
- pulumi_vault/pkisecret/backend_config_cmpv2.py +152 -104
- pulumi_vault/pkisecret/backend_config_est.py +120 -119
- pulumi_vault/pkisecret/get_backend_cert_metadata.py +278 -0
- pulumi_vault/pkisecret/get_backend_config_cmpv2.py +35 -17
- pulumi_vault/pkisecret/get_backend_config_est.py +19 -18
- pulumi_vault/pkisecret/get_backend_issuer.py +139 -25
- pulumi_vault/pkisecret/get_backend_issuers.py +15 -14
- pulumi_vault/pkisecret/get_backend_key.py +20 -19
- pulumi_vault/pkisecret/get_backend_keys.py +15 -14
- pulumi_vault/pkisecret/outputs.py +28 -31
- pulumi_vault/pkisecret/secret_backend_cert.py +439 -297
- pulumi_vault/pkisecret/secret_backend_config_ca.py +43 -42
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +57 -56
- pulumi_vault/pkisecret/secret_backend_config_urls.py +85 -84
- pulumi_vault/pkisecret/secret_backend_crl_config.py +237 -182
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +520 -378
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +57 -56
- pulumi_vault/pkisecret/secret_backend_issuer.py +441 -175
- pulumi_vault/pkisecret/secret_backend_key.py +120 -119
- pulumi_vault/pkisecret/secret_backend_role.py +894 -644
- pulumi_vault/pkisecret/secret_backend_root_cert.py +851 -427
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +936 -357
- pulumi_vault/pkisecret/secret_backend_sign.py +347 -252
- pulumi_vault/plugin.py +127 -126
- pulumi_vault/plugin_pinned_version.py +43 -42
- pulumi_vault/policy.py +43 -42
- pulumi_vault/provider.py +120 -119
- pulumi_vault/pulumi-plugin.json +1 -1
- pulumi_vault/quota_lease_count.py +85 -84
- pulumi_vault/quota_rate_limit.py +113 -112
- pulumi_vault/rabbitmq/__init__.py +1 -0
- pulumi_vault/rabbitmq/_inputs.py +41 -40
- pulumi_vault/rabbitmq/outputs.py +25 -24
- pulumi_vault/rabbitmq/secret_backend.py +169 -168
- pulumi_vault/rabbitmq/secret_backend_role.py +57 -56
- pulumi_vault/raft_autopilot.py +113 -112
- pulumi_vault/raft_snapshot_agent_config.py +393 -392
- pulumi_vault/rgp_policy.py +57 -56
- pulumi_vault/saml/__init__.py +1 -0
- pulumi_vault/saml/auth_backend.py +155 -154
- pulumi_vault/saml/auth_backend_role.py +239 -238
- pulumi_vault/secrets/__init__.py +1 -0
- pulumi_vault/secrets/_inputs.py +16 -15
- pulumi_vault/secrets/outputs.py +10 -9
- pulumi_vault/secrets/sync_association.py +71 -70
- pulumi_vault/secrets/sync_aws_destination.py +148 -147
- pulumi_vault/secrets/sync_azure_destination.py +148 -147
- pulumi_vault/secrets/sync_config.py +43 -42
- pulumi_vault/secrets/sync_gcp_destination.py +106 -105
- pulumi_vault/secrets/sync_gh_destination.py +134 -133
- pulumi_vault/secrets/sync_github_apps.py +64 -63
- pulumi_vault/secrets/sync_vercel_destination.py +120 -119
- pulumi_vault/ssh/__init__.py +2 -0
- pulumi_vault/ssh/_inputs.py +11 -10
- pulumi_vault/ssh/get_secret_backend_sign.py +295 -0
- pulumi_vault/ssh/outputs.py +7 -6
- pulumi_vault/ssh/secret_backend_ca.py +99 -98
- pulumi_vault/ssh/secret_backend_role.py +365 -364
- pulumi_vault/terraformcloud/__init__.py +1 -0
- pulumi_vault/terraformcloud/secret_backend.py +111 -110
- pulumi_vault/terraformcloud/secret_creds.py +74 -73
- pulumi_vault/terraformcloud/secret_role.py +96 -95
- pulumi_vault/token.py +246 -245
- pulumi_vault/tokenauth/__init__.py +1 -0
- pulumi_vault/tokenauth/auth_backend_role.py +267 -266
- pulumi_vault/transform/__init__.py +1 -0
- pulumi_vault/transform/alphabet.py +57 -56
- pulumi_vault/transform/get_decode.py +47 -46
- pulumi_vault/transform/get_encode.py +47 -46
- pulumi_vault/transform/role.py +57 -56
- pulumi_vault/transform/template.py +113 -112
- pulumi_vault/transform/transformation.py +141 -140
- pulumi_vault/transit/__init__.py +3 -0
- pulumi_vault/transit/get_decrypt.py +18 -17
- pulumi_vault/transit/get_encrypt.py +21 -20
- pulumi_vault/transit/get_sign.py +325 -0
- pulumi_vault/transit/get_verify.py +355 -0
- pulumi_vault/transit/secret_backend_key.py +394 -231
- pulumi_vault/transit/secret_cache_config.py +43 -42
- {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0.dist-info}/METADATA +2 -2
- pulumi_vault-6.7.0.dist-info/RECORD +265 -0
- {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0.dist-info}/WHEEL +1 -1
- pulumi_vault-6.6.0a1741415971.dist-info/RECORD +0 -260
- {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0.dist-info}/top_level.txt +0 -0
pulumi_vault/azure/backend.py
CHANGED
@@ -2,6 +2,7 @@
|
|
2
2
|
# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
|
3
3
|
# *** Do not edit by hand unless you're certain you know what you are doing! ***
|
4
4
|
|
5
|
+
import builtins
|
5
6
|
import copy
|
6
7
|
import warnings
|
7
8
|
import sys
|
@@ -19,41 +20,56 @@ __all__ = ['BackendArgs', 'Backend']
|
|
19
20
|
@pulumi.input_type
|
20
21
|
class BackendArgs:
|
21
22
|
def __init__(__self__, *,
|
22
|
-
subscription_id: pulumi.Input[str],
|
23
|
-
tenant_id: pulumi.Input[str],
|
24
|
-
client_id: Optional[pulumi.Input[str]] = None,
|
25
|
-
client_secret: Optional[pulumi.Input[str]] = None,
|
26
|
-
description: Optional[pulumi.Input[str]] = None,
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
23
|
+
subscription_id: pulumi.Input[builtins.str],
|
24
|
+
tenant_id: pulumi.Input[builtins.str],
|
25
|
+
client_id: Optional[pulumi.Input[builtins.str]] = None,
|
26
|
+
client_secret: Optional[pulumi.Input[builtins.str]] = None,
|
27
|
+
description: Optional[pulumi.Input[builtins.str]] = None,
|
28
|
+
disable_automated_rotation: Optional[pulumi.Input[builtins.bool]] = None,
|
29
|
+
disable_remount: Optional[pulumi.Input[builtins.bool]] = None,
|
30
|
+
environment: Optional[pulumi.Input[builtins.str]] = None,
|
31
|
+
identity_token_audience: Optional[pulumi.Input[builtins.str]] = None,
|
32
|
+
identity_token_key: Optional[pulumi.Input[builtins.str]] = None,
|
33
|
+
identity_token_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
34
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
35
|
+
path: Optional[pulumi.Input[builtins.str]] = None,
|
36
|
+
rotation_period: Optional[pulumi.Input[builtins.int]] = None,
|
37
|
+
rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
|
38
|
+
rotation_window: Optional[pulumi.Input[builtins.int]] = None,
|
39
|
+
use_microsoft_graph_api: Optional[pulumi.Input[builtins.bool]] = None):
|
35
40
|
"""
|
36
41
|
The set of arguments for constructing a Backend resource.
|
37
|
-
:param pulumi.Input[str] subscription_id: The subscription id for the Azure Active Directory.
|
38
|
-
:param pulumi.Input[str] tenant_id: The tenant id for the Azure Active Directory.
|
39
|
-
:param pulumi.Input[str] client_id: The OAuth2 client id to connect to Azure.
|
40
|
-
:param pulumi.Input[str] client_secret: The OAuth2 client secret to connect to Azure.
|
41
|
-
:param pulumi.Input[str] description: Human-friendly description of the mount for the backend.
|
42
|
-
:param pulumi.Input[bool]
|
42
|
+
:param pulumi.Input[builtins.str] subscription_id: The subscription id for the Azure Active Directory.
|
43
|
+
:param pulumi.Input[builtins.str] tenant_id: The tenant id for the Azure Active Directory.
|
44
|
+
:param pulumi.Input[builtins.str] client_id: The OAuth2 client id to connect to Azure.
|
45
|
+
:param pulumi.Input[builtins.str] client_secret: The OAuth2 client secret to connect to Azure.
|
46
|
+
:param pulumi.Input[builtins.str] description: Human-friendly description of the mount for the backend.
|
47
|
+
:param pulumi.Input[builtins.bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
48
|
+
*Available only for Vault Enterprise*
|
49
|
+
:param pulumi.Input[builtins.bool] disable_remount: If set, opts out of mount migration on path updates.
|
43
50
|
See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
|
44
|
-
:param pulumi.Input[str] environment: The Azure environment.
|
45
|
-
:param pulumi.Input[str] identity_token_audience: The audience claim value. Requires Vault 1.17+.
|
51
|
+
:param pulumi.Input[builtins.str] environment: The Azure environment.
|
52
|
+
:param pulumi.Input[builtins.str] identity_token_audience: The audience claim value. Requires Vault 1.17+.
|
46
53
|
*Available only for Vault Enterprise*
|
47
|
-
:param pulumi.Input[str] identity_token_key: The key to use for signing identity tokens. Requires Vault 1.17+.
|
54
|
+
:param pulumi.Input[builtins.str] identity_token_key: The key to use for signing identity tokens. Requires Vault 1.17+.
|
48
55
|
*Available only for Vault Enterprise*
|
49
|
-
:param pulumi.Input[int] identity_token_ttl: The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
|
56
|
+
:param pulumi.Input[builtins.int] identity_token_ttl: The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
|
50
57
|
*Available only for Vault Enterprise*
|
51
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
58
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
52
59
|
The value should not contain leading or trailing forward slashes.
|
53
60
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
54
61
|
*Available only for Vault Enterprise*.
|
55
|
-
:param pulumi.Input[str] path: The unique path this backend should be mounted at. Defaults to `azure`.
|
56
|
-
:param pulumi.Input[
|
62
|
+
:param pulumi.Input[builtins.str] path: The unique path this backend should be mounted at. Defaults to `azure`.
|
63
|
+
:param pulumi.Input[builtins.int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
|
64
|
+
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
65
|
+
*Available only for Vault Enterprise*
|
66
|
+
:param pulumi.Input[builtins.str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
67
|
+
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
68
|
+
*Available only for Vault Enterprise*
|
69
|
+
:param pulumi.Input[builtins.int] rotation_window: The maximum amount of time in seconds allowed to complete
|
70
|
+
a rotation when a scheduled token rotation occurs. The default rotation window is
|
71
|
+
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+. *Available only for Vault Enterprise*
|
72
|
+
:param pulumi.Input[builtins.bool] use_microsoft_graph_api: Use the Microsoft Graph API. Should be set to true on vault-1.10+
|
57
73
|
"""
|
58
74
|
pulumi.set(__self__, "subscription_id", subscription_id)
|
59
75
|
pulumi.set(__self__, "tenant_id", tenant_id)
|
@@ -63,6 +79,8 @@ class BackendArgs:
|
|
63
79
|
pulumi.set(__self__, "client_secret", client_secret)
|
64
80
|
if description is not None:
|
65
81
|
pulumi.set(__self__, "description", description)
|
82
|
+
if disable_automated_rotation is not None:
|
83
|
+
pulumi.set(__self__, "disable_automated_rotation", disable_automated_rotation)
|
66
84
|
if disable_remount is not None:
|
67
85
|
pulumi.set(__self__, "disable_remount", disable_remount)
|
68
86
|
if environment is not None:
|
@@ -77,6 +95,12 @@ class BackendArgs:
|
|
77
95
|
pulumi.set(__self__, "namespace", namespace)
|
78
96
|
if path is not None:
|
79
97
|
pulumi.set(__self__, "path", path)
|
98
|
+
if rotation_period is not None:
|
99
|
+
pulumi.set(__self__, "rotation_period", rotation_period)
|
100
|
+
if rotation_schedule is not None:
|
101
|
+
pulumi.set(__self__, "rotation_schedule", rotation_schedule)
|
102
|
+
if rotation_window is not None:
|
103
|
+
pulumi.set(__self__, "rotation_window", rotation_window)
|
80
104
|
if use_microsoft_graph_api is not None:
|
81
105
|
warnings.warn("""This field is not supported in Vault-1.12+ and is the default behavior. This field will be removed in future version of the provider.""", DeprecationWarning)
|
82
106
|
pulumi.log.warn("""use_microsoft_graph_api is deprecated: This field is not supported in Vault-1.12+ and is the default behavior. This field will be removed in future version of the provider.""")
|
@@ -85,67 +109,80 @@ class BackendArgs:
|
|
85
109
|
|
86
110
|
@property
|
87
111
|
@pulumi.getter(name="subscriptionId")
|
88
|
-
def subscription_id(self) -> pulumi.Input[str]:
|
112
|
+
def subscription_id(self) -> pulumi.Input[builtins.str]:
|
89
113
|
"""
|
90
114
|
The subscription id for the Azure Active Directory.
|
91
115
|
"""
|
92
116
|
return pulumi.get(self, "subscription_id")
|
93
117
|
|
94
118
|
@subscription_id.setter
|
95
|
-
def subscription_id(self, value: pulumi.Input[str]):
|
119
|
+
def subscription_id(self, value: pulumi.Input[builtins.str]):
|
96
120
|
pulumi.set(self, "subscription_id", value)
|
97
121
|
|
98
122
|
@property
|
99
123
|
@pulumi.getter(name="tenantId")
|
100
|
-
def tenant_id(self) -> pulumi.Input[str]:
|
124
|
+
def tenant_id(self) -> pulumi.Input[builtins.str]:
|
101
125
|
"""
|
102
126
|
The tenant id for the Azure Active Directory.
|
103
127
|
"""
|
104
128
|
return pulumi.get(self, "tenant_id")
|
105
129
|
|
106
130
|
@tenant_id.setter
|
107
|
-
def tenant_id(self, value: pulumi.Input[str]):
|
131
|
+
def tenant_id(self, value: pulumi.Input[builtins.str]):
|
108
132
|
pulumi.set(self, "tenant_id", value)
|
109
133
|
|
110
134
|
@property
|
111
135
|
@pulumi.getter(name="clientId")
|
112
|
-
def client_id(self) -> Optional[pulumi.Input[str]]:
|
136
|
+
def client_id(self) -> Optional[pulumi.Input[builtins.str]]:
|
113
137
|
"""
|
114
138
|
The OAuth2 client id to connect to Azure.
|
115
139
|
"""
|
116
140
|
return pulumi.get(self, "client_id")
|
117
141
|
|
118
142
|
@client_id.setter
|
119
|
-
def client_id(self, value: Optional[pulumi.Input[str]]):
|
143
|
+
def client_id(self, value: Optional[pulumi.Input[builtins.str]]):
|
120
144
|
pulumi.set(self, "client_id", value)
|
121
145
|
|
122
146
|
@property
|
123
147
|
@pulumi.getter(name="clientSecret")
|
124
|
-
def client_secret(self) -> Optional[pulumi.Input[str]]:
|
148
|
+
def client_secret(self) -> Optional[pulumi.Input[builtins.str]]:
|
125
149
|
"""
|
126
150
|
The OAuth2 client secret to connect to Azure.
|
127
151
|
"""
|
128
152
|
return pulumi.get(self, "client_secret")
|
129
153
|
|
130
154
|
@client_secret.setter
|
131
|
-
def client_secret(self, value: Optional[pulumi.Input[str]]):
|
155
|
+
def client_secret(self, value: Optional[pulumi.Input[builtins.str]]):
|
132
156
|
pulumi.set(self, "client_secret", value)
|
133
157
|
|
134
158
|
@property
|
135
159
|
@pulumi.getter
|
136
|
-
def description(self) -> Optional[pulumi.Input[str]]:
|
160
|
+
def description(self) -> Optional[pulumi.Input[builtins.str]]:
|
137
161
|
"""
|
138
162
|
Human-friendly description of the mount for the backend.
|
139
163
|
"""
|
140
164
|
return pulumi.get(self, "description")
|
141
165
|
|
142
166
|
@description.setter
|
143
|
-
def description(self, value: Optional[pulumi.Input[str]]):
|
167
|
+
def description(self, value: Optional[pulumi.Input[builtins.str]]):
|
144
168
|
pulumi.set(self, "description", value)
|
145
169
|
|
170
|
+
@property
|
171
|
+
@pulumi.getter(name="disableAutomatedRotation")
|
172
|
+
def disable_automated_rotation(self) -> Optional[pulumi.Input[builtins.bool]]:
|
173
|
+
"""
|
174
|
+
Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
175
|
+
*Available only for Vault Enterprise*
|
176
|
+
"""
|
177
|
+
return pulumi.get(self, "disable_automated_rotation")
|
178
|
+
|
179
|
+
@disable_automated_rotation.setter
|
180
|
+
def disable_automated_rotation(self, value: Optional[pulumi.Input[builtins.bool]]):
|
181
|
+
pulumi.set(self, "disable_automated_rotation", value)
|
182
|
+
|
146
183
|
@property
|
147
184
|
@pulumi.getter(name="disableRemount")
|
148
|
-
def disable_remount(self) -> Optional[pulumi.Input[bool]]:
|
185
|
+
def disable_remount(self) -> Optional[pulumi.Input[builtins.bool]]:
|
149
186
|
"""
|
150
187
|
If set, opts out of mount migration on path updates.
|
151
188
|
See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
|
@@ -153,24 +190,24 @@ class BackendArgs:
|
|
153
190
|
return pulumi.get(self, "disable_remount")
|
154
191
|
|
155
192
|
@disable_remount.setter
|
156
|
-
def disable_remount(self, value: Optional[pulumi.Input[bool]]):
|
193
|
+
def disable_remount(self, value: Optional[pulumi.Input[builtins.bool]]):
|
157
194
|
pulumi.set(self, "disable_remount", value)
|
158
195
|
|
159
196
|
@property
|
160
197
|
@pulumi.getter
|
161
|
-
def environment(self) -> Optional[pulumi.Input[str]]:
|
198
|
+
def environment(self) -> Optional[pulumi.Input[builtins.str]]:
|
162
199
|
"""
|
163
200
|
The Azure environment.
|
164
201
|
"""
|
165
202
|
return pulumi.get(self, "environment")
|
166
203
|
|
167
204
|
@environment.setter
|
168
|
-
def environment(self, value: Optional[pulumi.Input[str]]):
|
205
|
+
def environment(self, value: Optional[pulumi.Input[builtins.str]]):
|
169
206
|
pulumi.set(self, "environment", value)
|
170
207
|
|
171
208
|
@property
|
172
209
|
@pulumi.getter(name="identityTokenAudience")
|
173
|
-
def identity_token_audience(self) -> Optional[pulumi.Input[str]]:
|
210
|
+
def identity_token_audience(self) -> Optional[pulumi.Input[builtins.str]]:
|
174
211
|
"""
|
175
212
|
The audience claim value. Requires Vault 1.17+.
|
176
213
|
*Available only for Vault Enterprise*
|
@@ -178,12 +215,12 @@ class BackendArgs:
|
|
178
215
|
return pulumi.get(self, "identity_token_audience")
|
179
216
|
|
180
217
|
@identity_token_audience.setter
|
181
|
-
def identity_token_audience(self, value: Optional[pulumi.Input[str]]):
|
218
|
+
def identity_token_audience(self, value: Optional[pulumi.Input[builtins.str]]):
|
182
219
|
pulumi.set(self, "identity_token_audience", value)
|
183
220
|
|
184
221
|
@property
|
185
222
|
@pulumi.getter(name="identityTokenKey")
|
186
|
-
def identity_token_key(self) -> Optional[pulumi.Input[str]]:
|
223
|
+
def identity_token_key(self) -> Optional[pulumi.Input[builtins.str]]:
|
187
224
|
"""
|
188
225
|
The key to use for signing identity tokens. Requires Vault 1.17+.
|
189
226
|
*Available only for Vault Enterprise*
|
@@ -191,12 +228,12 @@ class BackendArgs:
|
|
191
228
|
return pulumi.get(self, "identity_token_key")
|
192
229
|
|
193
230
|
@identity_token_key.setter
|
194
|
-
def identity_token_key(self, value: Optional[pulumi.Input[str]]):
|
231
|
+
def identity_token_key(self, value: Optional[pulumi.Input[builtins.str]]):
|
195
232
|
pulumi.set(self, "identity_token_key", value)
|
196
233
|
|
197
234
|
@property
|
198
235
|
@pulumi.getter(name="identityTokenTtl")
|
199
|
-
def identity_token_ttl(self) -> Optional[pulumi.Input[int]]:
|
236
|
+
def identity_token_ttl(self) -> Optional[pulumi.Input[builtins.int]]:
|
200
237
|
"""
|
201
238
|
The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
|
202
239
|
*Available only for Vault Enterprise*
|
@@ -204,12 +241,12 @@ class BackendArgs:
|
|
204
241
|
return pulumi.get(self, "identity_token_ttl")
|
205
242
|
|
206
243
|
@identity_token_ttl.setter
|
207
|
-
def identity_token_ttl(self, value: Optional[pulumi.Input[int]]):
|
244
|
+
def identity_token_ttl(self, value: Optional[pulumi.Input[builtins.int]]):
|
208
245
|
pulumi.set(self, "identity_token_ttl", value)
|
209
246
|
|
210
247
|
@property
|
211
248
|
@pulumi.getter
|
212
|
-
def namespace(self) -> Optional[pulumi.Input[str]]:
|
249
|
+
def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
|
213
250
|
"""
|
214
251
|
The namespace to provision the resource in.
|
215
252
|
The value should not contain leading or trailing forward slashes.
|
@@ -219,73 +256,130 @@ class BackendArgs:
|
|
219
256
|
return pulumi.get(self, "namespace")
|
220
257
|
|
221
258
|
@namespace.setter
|
222
|
-
def namespace(self, value: Optional[pulumi.Input[str]]):
|
259
|
+
def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
|
223
260
|
pulumi.set(self, "namespace", value)
|
224
261
|
|
225
262
|
@property
|
226
263
|
@pulumi.getter
|
227
|
-
def path(self) -> Optional[pulumi.Input[str]]:
|
264
|
+
def path(self) -> Optional[pulumi.Input[builtins.str]]:
|
228
265
|
"""
|
229
266
|
The unique path this backend should be mounted at. Defaults to `azure`.
|
230
267
|
"""
|
231
268
|
return pulumi.get(self, "path")
|
232
269
|
|
233
270
|
@path.setter
|
234
|
-
def path(self, value: Optional[pulumi.Input[str]]):
|
271
|
+
def path(self, value: Optional[pulumi.Input[builtins.str]]):
|
235
272
|
pulumi.set(self, "path", value)
|
236
273
|
|
274
|
+
@property
|
275
|
+
@pulumi.getter(name="rotationPeriod")
|
276
|
+
def rotation_period(self) -> Optional[pulumi.Input[builtins.int]]:
|
277
|
+
"""
|
278
|
+
The amount of time in seconds Vault should wait before rotating the root credential.
|
279
|
+
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
280
|
+
*Available only for Vault Enterprise*
|
281
|
+
"""
|
282
|
+
return pulumi.get(self, "rotation_period")
|
283
|
+
|
284
|
+
@rotation_period.setter
|
285
|
+
def rotation_period(self, value: Optional[pulumi.Input[builtins.int]]):
|
286
|
+
pulumi.set(self, "rotation_period", value)
|
287
|
+
|
288
|
+
@property
|
289
|
+
@pulumi.getter(name="rotationSchedule")
|
290
|
+
def rotation_schedule(self) -> Optional[pulumi.Input[builtins.str]]:
|
291
|
+
"""
|
292
|
+
The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
293
|
+
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
294
|
+
*Available only for Vault Enterprise*
|
295
|
+
"""
|
296
|
+
return pulumi.get(self, "rotation_schedule")
|
297
|
+
|
298
|
+
@rotation_schedule.setter
|
299
|
+
def rotation_schedule(self, value: Optional[pulumi.Input[builtins.str]]):
|
300
|
+
pulumi.set(self, "rotation_schedule", value)
|
301
|
+
|
302
|
+
@property
|
303
|
+
@pulumi.getter(name="rotationWindow")
|
304
|
+
def rotation_window(self) -> Optional[pulumi.Input[builtins.int]]:
|
305
|
+
"""
|
306
|
+
The maximum amount of time in seconds allowed to complete
|
307
|
+
a rotation when a scheduled token rotation occurs. The default rotation window is
|
308
|
+
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+. *Available only for Vault Enterprise*
|
309
|
+
"""
|
310
|
+
return pulumi.get(self, "rotation_window")
|
311
|
+
|
312
|
+
@rotation_window.setter
|
313
|
+
def rotation_window(self, value: Optional[pulumi.Input[builtins.int]]):
|
314
|
+
pulumi.set(self, "rotation_window", value)
|
315
|
+
|
237
316
|
@property
|
238
317
|
@pulumi.getter(name="useMicrosoftGraphApi")
|
239
318
|
@_utilities.deprecated("""This field is not supported in Vault-1.12+ and is the default behavior. This field will be removed in future version of the provider.""")
|
240
|
-
def use_microsoft_graph_api(self) -> Optional[pulumi.Input[bool]]:
|
319
|
+
def use_microsoft_graph_api(self) -> Optional[pulumi.Input[builtins.bool]]:
|
241
320
|
"""
|
242
321
|
Use the Microsoft Graph API. Should be set to true on vault-1.10+
|
243
322
|
"""
|
244
323
|
return pulumi.get(self, "use_microsoft_graph_api")
|
245
324
|
|
246
325
|
@use_microsoft_graph_api.setter
|
247
|
-
def use_microsoft_graph_api(self, value: Optional[pulumi.Input[bool]]):
|
326
|
+
def use_microsoft_graph_api(self, value: Optional[pulumi.Input[builtins.bool]]):
|
248
327
|
pulumi.set(self, "use_microsoft_graph_api", value)
|
249
328
|
|
250
329
|
|
251
330
|
@pulumi.input_type
|
252
331
|
class _BackendState:
|
253
332
|
def __init__(__self__, *,
|
254
|
-
client_id: Optional[pulumi.Input[str]] = None,
|
255
|
-
client_secret: Optional[pulumi.Input[str]] = None,
|
256
|
-
description: Optional[pulumi.Input[str]] = None,
|
257
|
-
|
258
|
-
|
259
|
-
|
260
|
-
|
261
|
-
|
262
|
-
|
263
|
-
|
264
|
-
|
265
|
-
|
266
|
-
|
333
|
+
client_id: Optional[pulumi.Input[builtins.str]] = None,
|
334
|
+
client_secret: Optional[pulumi.Input[builtins.str]] = None,
|
335
|
+
description: Optional[pulumi.Input[builtins.str]] = None,
|
336
|
+
disable_automated_rotation: Optional[pulumi.Input[builtins.bool]] = None,
|
337
|
+
disable_remount: Optional[pulumi.Input[builtins.bool]] = None,
|
338
|
+
environment: Optional[pulumi.Input[builtins.str]] = None,
|
339
|
+
identity_token_audience: Optional[pulumi.Input[builtins.str]] = None,
|
340
|
+
identity_token_key: Optional[pulumi.Input[builtins.str]] = None,
|
341
|
+
identity_token_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
342
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
343
|
+
path: Optional[pulumi.Input[builtins.str]] = None,
|
344
|
+
rotation_period: Optional[pulumi.Input[builtins.int]] = None,
|
345
|
+
rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
|
346
|
+
rotation_window: Optional[pulumi.Input[builtins.int]] = None,
|
347
|
+
subscription_id: Optional[pulumi.Input[builtins.str]] = None,
|
348
|
+
tenant_id: Optional[pulumi.Input[builtins.str]] = None,
|
349
|
+
use_microsoft_graph_api: Optional[pulumi.Input[builtins.bool]] = None):
|
267
350
|
"""
|
268
351
|
Input properties used for looking up and filtering Backend resources.
|
269
|
-
:param pulumi.Input[str] client_id: The OAuth2 client id to connect to Azure.
|
270
|
-
:param pulumi.Input[str] client_secret: The OAuth2 client secret to connect to Azure.
|
271
|
-
:param pulumi.Input[str] description: Human-friendly description of the mount for the backend.
|
272
|
-
:param pulumi.Input[bool]
|
352
|
+
:param pulumi.Input[builtins.str] client_id: The OAuth2 client id to connect to Azure.
|
353
|
+
:param pulumi.Input[builtins.str] client_secret: The OAuth2 client secret to connect to Azure.
|
354
|
+
:param pulumi.Input[builtins.str] description: Human-friendly description of the mount for the backend.
|
355
|
+
:param pulumi.Input[builtins.bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
356
|
+
*Available only for Vault Enterprise*
|
357
|
+
:param pulumi.Input[builtins.bool] disable_remount: If set, opts out of mount migration on path updates.
|
273
358
|
See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
|
274
|
-
:param pulumi.Input[str] environment: The Azure environment.
|
275
|
-
:param pulumi.Input[str] identity_token_audience: The audience claim value. Requires Vault 1.17+.
|
359
|
+
:param pulumi.Input[builtins.str] environment: The Azure environment.
|
360
|
+
:param pulumi.Input[builtins.str] identity_token_audience: The audience claim value. Requires Vault 1.17+.
|
276
361
|
*Available only for Vault Enterprise*
|
277
|
-
:param pulumi.Input[str] identity_token_key: The key to use for signing identity tokens. Requires Vault 1.17+.
|
362
|
+
:param pulumi.Input[builtins.str] identity_token_key: The key to use for signing identity tokens. Requires Vault 1.17+.
|
278
363
|
*Available only for Vault Enterprise*
|
279
|
-
:param pulumi.Input[int] identity_token_ttl: The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
|
364
|
+
:param pulumi.Input[builtins.int] identity_token_ttl: The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
|
280
365
|
*Available only for Vault Enterprise*
|
281
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
366
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
282
367
|
The value should not contain leading or trailing forward slashes.
|
283
368
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
284
369
|
*Available only for Vault Enterprise*.
|
285
|
-
:param pulumi.Input[str] path: The unique path this backend should be mounted at. Defaults to `azure`.
|
286
|
-
:param pulumi.Input[
|
287
|
-
|
288
|
-
|
370
|
+
:param pulumi.Input[builtins.str] path: The unique path this backend should be mounted at. Defaults to `azure`.
|
371
|
+
:param pulumi.Input[builtins.int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
|
372
|
+
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
373
|
+
*Available only for Vault Enterprise*
|
374
|
+
:param pulumi.Input[builtins.str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
375
|
+
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
376
|
+
*Available only for Vault Enterprise*
|
377
|
+
:param pulumi.Input[builtins.int] rotation_window: The maximum amount of time in seconds allowed to complete
|
378
|
+
a rotation when a scheduled token rotation occurs. The default rotation window is
|
379
|
+
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+. *Available only for Vault Enterprise*
|
380
|
+
:param pulumi.Input[builtins.str] subscription_id: The subscription id for the Azure Active Directory.
|
381
|
+
:param pulumi.Input[builtins.str] tenant_id: The tenant id for the Azure Active Directory.
|
382
|
+
:param pulumi.Input[builtins.bool] use_microsoft_graph_api: Use the Microsoft Graph API. Should be set to true on vault-1.10+
|
289
383
|
"""
|
290
384
|
if client_id is not None:
|
291
385
|
pulumi.set(__self__, "client_id", client_id)
|
@@ -293,6 +387,8 @@ class _BackendState:
|
|
293
387
|
pulumi.set(__self__, "client_secret", client_secret)
|
294
388
|
if description is not None:
|
295
389
|
pulumi.set(__self__, "description", description)
|
390
|
+
if disable_automated_rotation is not None:
|
391
|
+
pulumi.set(__self__, "disable_automated_rotation", disable_automated_rotation)
|
296
392
|
if disable_remount is not None:
|
297
393
|
pulumi.set(__self__, "disable_remount", disable_remount)
|
298
394
|
if environment is not None:
|
@@ -307,6 +403,12 @@ class _BackendState:
|
|
307
403
|
pulumi.set(__self__, "namespace", namespace)
|
308
404
|
if path is not None:
|
309
405
|
pulumi.set(__self__, "path", path)
|
406
|
+
if rotation_period is not None:
|
407
|
+
pulumi.set(__self__, "rotation_period", rotation_period)
|
408
|
+
if rotation_schedule is not None:
|
409
|
+
pulumi.set(__self__, "rotation_schedule", rotation_schedule)
|
410
|
+
if rotation_window is not None:
|
411
|
+
pulumi.set(__self__, "rotation_window", rotation_window)
|
310
412
|
if subscription_id is not None:
|
311
413
|
pulumi.set(__self__, "subscription_id", subscription_id)
|
312
414
|
if tenant_id is not None:
|
@@ -319,43 +421,56 @@ class _BackendState:
|
|
319
421
|
|
320
422
|
@property
|
321
423
|
@pulumi.getter(name="clientId")
|
322
|
-
def client_id(self) -> Optional[pulumi.Input[str]]:
|
424
|
+
def client_id(self) -> Optional[pulumi.Input[builtins.str]]:
|
323
425
|
"""
|
324
426
|
The OAuth2 client id to connect to Azure.
|
325
427
|
"""
|
326
428
|
return pulumi.get(self, "client_id")
|
327
429
|
|
328
430
|
@client_id.setter
|
329
|
-
def client_id(self, value: Optional[pulumi.Input[str]]):
|
431
|
+
def client_id(self, value: Optional[pulumi.Input[builtins.str]]):
|
330
432
|
pulumi.set(self, "client_id", value)
|
331
433
|
|
332
434
|
@property
|
333
435
|
@pulumi.getter(name="clientSecret")
|
334
|
-
def client_secret(self) -> Optional[pulumi.Input[str]]:
|
436
|
+
def client_secret(self) -> Optional[pulumi.Input[builtins.str]]:
|
335
437
|
"""
|
336
438
|
The OAuth2 client secret to connect to Azure.
|
337
439
|
"""
|
338
440
|
return pulumi.get(self, "client_secret")
|
339
441
|
|
340
442
|
@client_secret.setter
|
341
|
-
def client_secret(self, value: Optional[pulumi.Input[str]]):
|
443
|
+
def client_secret(self, value: Optional[pulumi.Input[builtins.str]]):
|
342
444
|
pulumi.set(self, "client_secret", value)
|
343
445
|
|
344
446
|
@property
|
345
447
|
@pulumi.getter
|
346
|
-
def description(self) -> Optional[pulumi.Input[str]]:
|
448
|
+
def description(self) -> Optional[pulumi.Input[builtins.str]]:
|
347
449
|
"""
|
348
450
|
Human-friendly description of the mount for the backend.
|
349
451
|
"""
|
350
452
|
return pulumi.get(self, "description")
|
351
453
|
|
352
454
|
@description.setter
|
353
|
-
def description(self, value: Optional[pulumi.Input[str]]):
|
455
|
+
def description(self, value: Optional[pulumi.Input[builtins.str]]):
|
354
456
|
pulumi.set(self, "description", value)
|
355
457
|
|
458
|
+
@property
|
459
|
+
@pulumi.getter(name="disableAutomatedRotation")
|
460
|
+
def disable_automated_rotation(self) -> Optional[pulumi.Input[builtins.bool]]:
|
461
|
+
"""
|
462
|
+
Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
463
|
+
*Available only for Vault Enterprise*
|
464
|
+
"""
|
465
|
+
return pulumi.get(self, "disable_automated_rotation")
|
466
|
+
|
467
|
+
@disable_automated_rotation.setter
|
468
|
+
def disable_automated_rotation(self, value: Optional[pulumi.Input[builtins.bool]]):
|
469
|
+
pulumi.set(self, "disable_automated_rotation", value)
|
470
|
+
|
356
471
|
@property
|
357
472
|
@pulumi.getter(name="disableRemount")
|
358
|
-
def disable_remount(self) -> Optional[pulumi.Input[bool]]:
|
473
|
+
def disable_remount(self) -> Optional[pulumi.Input[builtins.bool]]:
|
359
474
|
"""
|
360
475
|
If set, opts out of mount migration on path updates.
|
361
476
|
See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
|
@@ -363,24 +478,24 @@ class _BackendState:
|
|
363
478
|
return pulumi.get(self, "disable_remount")
|
364
479
|
|
365
480
|
@disable_remount.setter
|
366
|
-
def disable_remount(self, value: Optional[pulumi.Input[bool]]):
|
481
|
+
def disable_remount(self, value: Optional[pulumi.Input[builtins.bool]]):
|
367
482
|
pulumi.set(self, "disable_remount", value)
|
368
483
|
|
369
484
|
@property
|
370
485
|
@pulumi.getter
|
371
|
-
def environment(self) -> Optional[pulumi.Input[str]]:
|
486
|
+
def environment(self) -> Optional[pulumi.Input[builtins.str]]:
|
372
487
|
"""
|
373
488
|
The Azure environment.
|
374
489
|
"""
|
375
490
|
return pulumi.get(self, "environment")
|
376
491
|
|
377
492
|
@environment.setter
|
378
|
-
def environment(self, value: Optional[pulumi.Input[str]]):
|
493
|
+
def environment(self, value: Optional[pulumi.Input[builtins.str]]):
|
379
494
|
pulumi.set(self, "environment", value)
|
380
495
|
|
381
496
|
@property
|
382
497
|
@pulumi.getter(name="identityTokenAudience")
|
383
|
-
def identity_token_audience(self) -> Optional[pulumi.Input[str]]:
|
498
|
+
def identity_token_audience(self) -> Optional[pulumi.Input[builtins.str]]:
|
384
499
|
"""
|
385
500
|
The audience claim value. Requires Vault 1.17+.
|
386
501
|
*Available only for Vault Enterprise*
|
@@ -388,12 +503,12 @@ class _BackendState:
|
|
388
503
|
return pulumi.get(self, "identity_token_audience")
|
389
504
|
|
390
505
|
@identity_token_audience.setter
|
391
|
-
def identity_token_audience(self, value: Optional[pulumi.Input[str]]):
|
506
|
+
def identity_token_audience(self, value: Optional[pulumi.Input[builtins.str]]):
|
392
507
|
pulumi.set(self, "identity_token_audience", value)
|
393
508
|
|
394
509
|
@property
|
395
510
|
@pulumi.getter(name="identityTokenKey")
|
396
|
-
def identity_token_key(self) -> Optional[pulumi.Input[str]]:
|
511
|
+
def identity_token_key(self) -> Optional[pulumi.Input[builtins.str]]:
|
397
512
|
"""
|
398
513
|
The key to use for signing identity tokens. Requires Vault 1.17+.
|
399
514
|
*Available only for Vault Enterprise*
|
@@ -401,12 +516,12 @@ class _BackendState:
|
|
401
516
|
return pulumi.get(self, "identity_token_key")
|
402
517
|
|
403
518
|
@identity_token_key.setter
|
404
|
-
def identity_token_key(self, value: Optional[pulumi.Input[str]]):
|
519
|
+
def identity_token_key(self, value: Optional[pulumi.Input[builtins.str]]):
|
405
520
|
pulumi.set(self, "identity_token_key", value)
|
406
521
|
|
407
522
|
@property
|
408
523
|
@pulumi.getter(name="identityTokenTtl")
|
409
|
-
def identity_token_ttl(self) -> Optional[pulumi.Input[int]]:
|
524
|
+
def identity_token_ttl(self) -> Optional[pulumi.Input[builtins.int]]:
|
410
525
|
"""
|
411
526
|
The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
|
412
527
|
*Available only for Vault Enterprise*
|
@@ -414,12 +529,12 @@ class _BackendState:
|
|
414
529
|
return pulumi.get(self, "identity_token_ttl")
|
415
530
|
|
416
531
|
@identity_token_ttl.setter
|
417
|
-
def identity_token_ttl(self, value: Optional[pulumi.Input[int]]):
|
532
|
+
def identity_token_ttl(self, value: Optional[pulumi.Input[builtins.int]]):
|
418
533
|
pulumi.set(self, "identity_token_ttl", value)
|
419
534
|
|
420
535
|
@property
|
421
536
|
@pulumi.getter
|
422
|
-
def namespace(self) -> Optional[pulumi.Input[str]]:
|
537
|
+
def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
|
423
538
|
"""
|
424
539
|
The namespace to provision the resource in.
|
425
540
|
The value should not contain leading or trailing forward slashes.
|
@@ -429,56 +544,98 @@ class _BackendState:
|
|
429
544
|
return pulumi.get(self, "namespace")
|
430
545
|
|
431
546
|
@namespace.setter
|
432
|
-
def namespace(self, value: Optional[pulumi.Input[str]]):
|
547
|
+
def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
|
433
548
|
pulumi.set(self, "namespace", value)
|
434
549
|
|
435
550
|
@property
|
436
551
|
@pulumi.getter
|
437
|
-
def path(self) -> Optional[pulumi.Input[str]]:
|
552
|
+
def path(self) -> Optional[pulumi.Input[builtins.str]]:
|
438
553
|
"""
|
439
554
|
The unique path this backend should be mounted at. Defaults to `azure`.
|
440
555
|
"""
|
441
556
|
return pulumi.get(self, "path")
|
442
557
|
|
443
558
|
@path.setter
|
444
|
-
def path(self, value: Optional[pulumi.Input[str]]):
|
559
|
+
def path(self, value: Optional[pulumi.Input[builtins.str]]):
|
445
560
|
pulumi.set(self, "path", value)
|
446
561
|
|
562
|
+
@property
|
563
|
+
@pulumi.getter(name="rotationPeriod")
|
564
|
+
def rotation_period(self) -> Optional[pulumi.Input[builtins.int]]:
|
565
|
+
"""
|
566
|
+
The amount of time in seconds Vault should wait before rotating the root credential.
|
567
|
+
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
568
|
+
*Available only for Vault Enterprise*
|
569
|
+
"""
|
570
|
+
return pulumi.get(self, "rotation_period")
|
571
|
+
|
572
|
+
@rotation_period.setter
|
573
|
+
def rotation_period(self, value: Optional[pulumi.Input[builtins.int]]):
|
574
|
+
pulumi.set(self, "rotation_period", value)
|
575
|
+
|
576
|
+
@property
|
577
|
+
@pulumi.getter(name="rotationSchedule")
|
578
|
+
def rotation_schedule(self) -> Optional[pulumi.Input[builtins.str]]:
|
579
|
+
"""
|
580
|
+
The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
581
|
+
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
582
|
+
*Available only for Vault Enterprise*
|
583
|
+
"""
|
584
|
+
return pulumi.get(self, "rotation_schedule")
|
585
|
+
|
586
|
+
@rotation_schedule.setter
|
587
|
+
def rotation_schedule(self, value: Optional[pulumi.Input[builtins.str]]):
|
588
|
+
pulumi.set(self, "rotation_schedule", value)
|
589
|
+
|
590
|
+
@property
|
591
|
+
@pulumi.getter(name="rotationWindow")
|
592
|
+
def rotation_window(self) -> Optional[pulumi.Input[builtins.int]]:
|
593
|
+
"""
|
594
|
+
The maximum amount of time in seconds allowed to complete
|
595
|
+
a rotation when a scheduled token rotation occurs. The default rotation window is
|
596
|
+
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+. *Available only for Vault Enterprise*
|
597
|
+
"""
|
598
|
+
return pulumi.get(self, "rotation_window")
|
599
|
+
|
600
|
+
@rotation_window.setter
|
601
|
+
def rotation_window(self, value: Optional[pulumi.Input[builtins.int]]):
|
602
|
+
pulumi.set(self, "rotation_window", value)
|
603
|
+
|
447
604
|
@property
|
448
605
|
@pulumi.getter(name="subscriptionId")
|
449
|
-
def subscription_id(self) -> Optional[pulumi.Input[str]]:
|
606
|
+
def subscription_id(self) -> Optional[pulumi.Input[builtins.str]]:
|
450
607
|
"""
|
451
608
|
The subscription id for the Azure Active Directory.
|
452
609
|
"""
|
453
610
|
return pulumi.get(self, "subscription_id")
|
454
611
|
|
455
612
|
@subscription_id.setter
|
456
|
-
def subscription_id(self, value: Optional[pulumi.Input[str]]):
|
613
|
+
def subscription_id(self, value: Optional[pulumi.Input[builtins.str]]):
|
457
614
|
pulumi.set(self, "subscription_id", value)
|
458
615
|
|
459
616
|
@property
|
460
617
|
@pulumi.getter(name="tenantId")
|
461
|
-
def tenant_id(self) -> Optional[pulumi.Input[str]]:
|
618
|
+
def tenant_id(self) -> Optional[pulumi.Input[builtins.str]]:
|
462
619
|
"""
|
463
620
|
The tenant id for the Azure Active Directory.
|
464
621
|
"""
|
465
622
|
return pulumi.get(self, "tenant_id")
|
466
623
|
|
467
624
|
@tenant_id.setter
|
468
|
-
def tenant_id(self, value: Optional[pulumi.Input[str]]):
|
625
|
+
def tenant_id(self, value: Optional[pulumi.Input[builtins.str]]):
|
469
626
|
pulumi.set(self, "tenant_id", value)
|
470
627
|
|
471
628
|
@property
|
472
629
|
@pulumi.getter(name="useMicrosoftGraphApi")
|
473
630
|
@_utilities.deprecated("""This field is not supported in Vault-1.12+ and is the default behavior. This field will be removed in future version of the provider.""")
|
474
|
-
def use_microsoft_graph_api(self) -> Optional[pulumi.Input[bool]]:
|
631
|
+
def use_microsoft_graph_api(self) -> Optional[pulumi.Input[builtins.bool]]:
|
475
632
|
"""
|
476
633
|
Use the Microsoft Graph API. Should be set to true on vault-1.10+
|
477
634
|
"""
|
478
635
|
return pulumi.get(self, "use_microsoft_graph_api")
|
479
636
|
|
480
637
|
@use_microsoft_graph_api.setter
|
481
|
-
def use_microsoft_graph_api(self, value: Optional[pulumi.Input[bool]]):
|
638
|
+
def use_microsoft_graph_api(self, value: Optional[pulumi.Input[builtins.bool]]):
|
482
639
|
pulumi.set(self, "use_microsoft_graph_api", value)
|
483
640
|
|
484
641
|
|
@@ -487,19 +644,23 @@ class Backend(pulumi.CustomResource):
|
|
487
644
|
def __init__(__self__,
|
488
645
|
resource_name: str,
|
489
646
|
opts: Optional[pulumi.ResourceOptions] = None,
|
490
|
-
client_id: Optional[pulumi.Input[str]] = None,
|
491
|
-
client_secret: Optional[pulumi.Input[str]] = None,
|
492
|
-
description: Optional[pulumi.Input[str]] = None,
|
493
|
-
|
494
|
-
|
495
|
-
|
496
|
-
|
497
|
-
|
498
|
-
|
499
|
-
|
500
|
-
|
501
|
-
|
502
|
-
|
647
|
+
client_id: Optional[pulumi.Input[builtins.str]] = None,
|
648
|
+
client_secret: Optional[pulumi.Input[builtins.str]] = None,
|
649
|
+
description: Optional[pulumi.Input[builtins.str]] = None,
|
650
|
+
disable_automated_rotation: Optional[pulumi.Input[builtins.bool]] = None,
|
651
|
+
disable_remount: Optional[pulumi.Input[builtins.bool]] = None,
|
652
|
+
environment: Optional[pulumi.Input[builtins.str]] = None,
|
653
|
+
identity_token_audience: Optional[pulumi.Input[builtins.str]] = None,
|
654
|
+
identity_token_key: Optional[pulumi.Input[builtins.str]] = None,
|
655
|
+
identity_token_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
656
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
657
|
+
path: Optional[pulumi.Input[builtins.str]] = None,
|
658
|
+
rotation_period: Optional[pulumi.Input[builtins.int]] = None,
|
659
|
+
rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
|
660
|
+
rotation_window: Optional[pulumi.Input[builtins.int]] = None,
|
661
|
+
subscription_id: Optional[pulumi.Input[builtins.str]] = None,
|
662
|
+
tenant_id: Optional[pulumi.Input[builtins.str]] = None,
|
663
|
+
use_microsoft_graph_api: Optional[pulumi.Input[builtins.bool]] = None,
|
503
664
|
__props__=None):
|
504
665
|
"""
|
505
666
|
## Example Usage
|
@@ -516,7 +677,9 @@ class Backend(pulumi.CustomResource):
|
|
516
677
|
tenant_id="11111111-2222-3333-4444-222222222222",
|
517
678
|
client_id="11111111-2222-3333-4444-333333333333",
|
518
679
|
identity_token_audience="<TOKEN_AUDIENCE>",
|
519
|
-
identity_token_ttl="<TOKEN_TTL>"
|
680
|
+
identity_token_ttl="<TOKEN_TTL>",
|
681
|
+
rotation_schedule="0 * * * SAT",
|
682
|
+
rotation_window=3600)
|
520
683
|
```
|
521
684
|
|
522
685
|
```python
|
@@ -529,7 +692,9 @@ class Backend(pulumi.CustomResource):
|
|
529
692
|
tenant_id="11111111-2222-3333-4444-222222222222",
|
530
693
|
client_id="11111111-2222-3333-4444-333333333333",
|
531
694
|
client_secret="12345678901234567890",
|
532
|
-
environment="AzurePublicCloud"
|
695
|
+
environment="AzurePublicCloud",
|
696
|
+
rotation_schedule="0 * * * SAT",
|
697
|
+
rotation_window=3600)
|
533
698
|
```
|
534
699
|
|
535
700
|
### *Vault-1.8 And Below*
|
@@ -549,26 +714,37 @@ class Backend(pulumi.CustomResource):
|
|
549
714
|
|
550
715
|
:param str resource_name: The name of the resource.
|
551
716
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
552
|
-
:param pulumi.Input[str] client_id: The OAuth2 client id to connect to Azure.
|
553
|
-
:param pulumi.Input[str] client_secret: The OAuth2 client secret to connect to Azure.
|
554
|
-
:param pulumi.Input[str] description: Human-friendly description of the mount for the backend.
|
555
|
-
:param pulumi.Input[bool]
|
717
|
+
:param pulumi.Input[builtins.str] client_id: The OAuth2 client id to connect to Azure.
|
718
|
+
:param pulumi.Input[builtins.str] client_secret: The OAuth2 client secret to connect to Azure.
|
719
|
+
:param pulumi.Input[builtins.str] description: Human-friendly description of the mount for the backend.
|
720
|
+
:param pulumi.Input[builtins.bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
721
|
+
*Available only for Vault Enterprise*
|
722
|
+
:param pulumi.Input[builtins.bool] disable_remount: If set, opts out of mount migration on path updates.
|
556
723
|
See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
|
557
|
-
:param pulumi.Input[str] environment: The Azure environment.
|
558
|
-
:param pulumi.Input[str] identity_token_audience: The audience claim value. Requires Vault 1.17+.
|
724
|
+
:param pulumi.Input[builtins.str] environment: The Azure environment.
|
725
|
+
:param pulumi.Input[builtins.str] identity_token_audience: The audience claim value. Requires Vault 1.17+.
|
559
726
|
*Available only for Vault Enterprise*
|
560
|
-
:param pulumi.Input[str] identity_token_key: The key to use for signing identity tokens. Requires Vault 1.17+.
|
727
|
+
:param pulumi.Input[builtins.str] identity_token_key: The key to use for signing identity tokens. Requires Vault 1.17+.
|
561
728
|
*Available only for Vault Enterprise*
|
562
|
-
:param pulumi.Input[int] identity_token_ttl: The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
|
729
|
+
:param pulumi.Input[builtins.int] identity_token_ttl: The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
|
563
730
|
*Available only for Vault Enterprise*
|
564
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
731
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
565
732
|
The value should not contain leading or trailing forward slashes.
|
566
733
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
567
734
|
*Available only for Vault Enterprise*.
|
568
|
-
:param pulumi.Input[str] path: The unique path this backend should be mounted at. Defaults to `azure`.
|
569
|
-
:param pulumi.Input[
|
570
|
-
|
571
|
-
|
735
|
+
:param pulumi.Input[builtins.str] path: The unique path this backend should be mounted at. Defaults to `azure`.
|
736
|
+
:param pulumi.Input[builtins.int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
|
737
|
+
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
738
|
+
*Available only for Vault Enterprise*
|
739
|
+
:param pulumi.Input[builtins.str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
740
|
+
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
741
|
+
*Available only for Vault Enterprise*
|
742
|
+
:param pulumi.Input[builtins.int] rotation_window: The maximum amount of time in seconds allowed to complete
|
743
|
+
a rotation when a scheduled token rotation occurs. The default rotation window is
|
744
|
+
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+. *Available only for Vault Enterprise*
|
745
|
+
:param pulumi.Input[builtins.str] subscription_id: The subscription id for the Azure Active Directory.
|
746
|
+
:param pulumi.Input[builtins.str] tenant_id: The tenant id for the Azure Active Directory.
|
747
|
+
:param pulumi.Input[builtins.bool] use_microsoft_graph_api: Use the Microsoft Graph API. Should be set to true on vault-1.10+
|
572
748
|
"""
|
573
749
|
...
|
574
750
|
@overload
|
@@ -591,7 +767,9 @@ class Backend(pulumi.CustomResource):
|
|
591
767
|
tenant_id="11111111-2222-3333-4444-222222222222",
|
592
768
|
client_id="11111111-2222-3333-4444-333333333333",
|
593
769
|
identity_token_audience="<TOKEN_AUDIENCE>",
|
594
|
-
identity_token_ttl="<TOKEN_TTL>"
|
770
|
+
identity_token_ttl="<TOKEN_TTL>",
|
771
|
+
rotation_schedule="0 * * * SAT",
|
772
|
+
rotation_window=3600)
|
595
773
|
```
|
596
774
|
|
597
775
|
```python
|
@@ -604,7 +782,9 @@ class Backend(pulumi.CustomResource):
|
|
604
782
|
tenant_id="11111111-2222-3333-4444-222222222222",
|
605
783
|
client_id="11111111-2222-3333-4444-333333333333",
|
606
784
|
client_secret="12345678901234567890",
|
607
|
-
environment="AzurePublicCloud"
|
785
|
+
environment="AzurePublicCloud",
|
786
|
+
rotation_schedule="0 * * * SAT",
|
787
|
+
rotation_window=3600)
|
608
788
|
```
|
609
789
|
|
610
790
|
### *Vault-1.8 And Below*
|
@@ -637,19 +817,23 @@ class Backend(pulumi.CustomResource):
|
|
637
817
|
def _internal_init(__self__,
|
638
818
|
resource_name: str,
|
639
819
|
opts: Optional[pulumi.ResourceOptions] = None,
|
640
|
-
client_id: Optional[pulumi.Input[str]] = None,
|
641
|
-
client_secret: Optional[pulumi.Input[str]] = None,
|
642
|
-
description: Optional[pulumi.Input[str]] = None,
|
643
|
-
|
644
|
-
|
645
|
-
|
646
|
-
|
647
|
-
|
648
|
-
|
649
|
-
|
650
|
-
|
651
|
-
|
652
|
-
|
820
|
+
client_id: Optional[pulumi.Input[builtins.str]] = None,
|
821
|
+
client_secret: Optional[pulumi.Input[builtins.str]] = None,
|
822
|
+
description: Optional[pulumi.Input[builtins.str]] = None,
|
823
|
+
disable_automated_rotation: Optional[pulumi.Input[builtins.bool]] = None,
|
824
|
+
disable_remount: Optional[pulumi.Input[builtins.bool]] = None,
|
825
|
+
environment: Optional[pulumi.Input[builtins.str]] = None,
|
826
|
+
identity_token_audience: Optional[pulumi.Input[builtins.str]] = None,
|
827
|
+
identity_token_key: Optional[pulumi.Input[builtins.str]] = None,
|
828
|
+
identity_token_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
829
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
830
|
+
path: Optional[pulumi.Input[builtins.str]] = None,
|
831
|
+
rotation_period: Optional[pulumi.Input[builtins.int]] = None,
|
832
|
+
rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
|
833
|
+
rotation_window: Optional[pulumi.Input[builtins.int]] = None,
|
834
|
+
subscription_id: Optional[pulumi.Input[builtins.str]] = None,
|
835
|
+
tenant_id: Optional[pulumi.Input[builtins.str]] = None,
|
836
|
+
use_microsoft_graph_api: Optional[pulumi.Input[builtins.bool]] = None,
|
653
837
|
__props__=None):
|
654
838
|
opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
|
655
839
|
if not isinstance(opts, pulumi.ResourceOptions):
|
@@ -662,6 +846,7 @@ class Backend(pulumi.CustomResource):
|
|
662
846
|
__props__.__dict__["client_id"] = None if client_id is None else pulumi.Output.secret(client_id)
|
663
847
|
__props__.__dict__["client_secret"] = None if client_secret is None else pulumi.Output.secret(client_secret)
|
664
848
|
__props__.__dict__["description"] = description
|
849
|
+
__props__.__dict__["disable_automated_rotation"] = disable_automated_rotation
|
665
850
|
__props__.__dict__["disable_remount"] = disable_remount
|
666
851
|
__props__.__dict__["environment"] = environment
|
667
852
|
__props__.__dict__["identity_token_audience"] = identity_token_audience
|
@@ -669,6 +854,9 @@ class Backend(pulumi.CustomResource):
|
|
669
854
|
__props__.__dict__["identity_token_ttl"] = identity_token_ttl
|
670
855
|
__props__.__dict__["namespace"] = namespace
|
671
856
|
__props__.__dict__["path"] = path
|
857
|
+
__props__.__dict__["rotation_period"] = rotation_period
|
858
|
+
__props__.__dict__["rotation_schedule"] = rotation_schedule
|
859
|
+
__props__.__dict__["rotation_window"] = rotation_window
|
672
860
|
if subscription_id is None and not opts.urn:
|
673
861
|
raise TypeError("Missing required property 'subscription_id'")
|
674
862
|
__props__.__dict__["subscription_id"] = None if subscription_id is None else pulumi.Output.secret(subscription_id)
|
@@ -688,19 +876,23 @@ class Backend(pulumi.CustomResource):
|
|
688
876
|
def get(resource_name: str,
|
689
877
|
id: pulumi.Input[str],
|
690
878
|
opts: Optional[pulumi.ResourceOptions] = None,
|
691
|
-
client_id: Optional[pulumi.Input[str]] = None,
|
692
|
-
client_secret: Optional[pulumi.Input[str]] = None,
|
693
|
-
description: Optional[pulumi.Input[str]] = None,
|
694
|
-
|
695
|
-
|
696
|
-
|
697
|
-
|
698
|
-
|
699
|
-
|
700
|
-
|
701
|
-
|
702
|
-
|
703
|
-
|
879
|
+
client_id: Optional[pulumi.Input[builtins.str]] = None,
|
880
|
+
client_secret: Optional[pulumi.Input[builtins.str]] = None,
|
881
|
+
description: Optional[pulumi.Input[builtins.str]] = None,
|
882
|
+
disable_automated_rotation: Optional[pulumi.Input[builtins.bool]] = None,
|
883
|
+
disable_remount: Optional[pulumi.Input[builtins.bool]] = None,
|
884
|
+
environment: Optional[pulumi.Input[builtins.str]] = None,
|
885
|
+
identity_token_audience: Optional[pulumi.Input[builtins.str]] = None,
|
886
|
+
identity_token_key: Optional[pulumi.Input[builtins.str]] = None,
|
887
|
+
identity_token_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
888
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
889
|
+
path: Optional[pulumi.Input[builtins.str]] = None,
|
890
|
+
rotation_period: Optional[pulumi.Input[builtins.int]] = None,
|
891
|
+
rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
|
892
|
+
rotation_window: Optional[pulumi.Input[builtins.int]] = None,
|
893
|
+
subscription_id: Optional[pulumi.Input[builtins.str]] = None,
|
894
|
+
tenant_id: Optional[pulumi.Input[builtins.str]] = None,
|
895
|
+
use_microsoft_graph_api: Optional[pulumi.Input[builtins.bool]] = None) -> 'Backend':
|
704
896
|
"""
|
705
897
|
Get an existing Backend resource's state with the given name, id, and optional extra
|
706
898
|
properties used to qualify the lookup.
|
@@ -708,26 +900,37 @@ class Backend(pulumi.CustomResource):
|
|
708
900
|
:param str resource_name: The unique name of the resulting resource.
|
709
901
|
:param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
|
710
902
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
711
|
-
:param pulumi.Input[str] client_id: The OAuth2 client id to connect to Azure.
|
712
|
-
:param pulumi.Input[str] client_secret: The OAuth2 client secret to connect to Azure.
|
713
|
-
:param pulumi.Input[str] description: Human-friendly description of the mount for the backend.
|
714
|
-
:param pulumi.Input[bool]
|
903
|
+
:param pulumi.Input[builtins.str] client_id: The OAuth2 client id to connect to Azure.
|
904
|
+
:param pulumi.Input[builtins.str] client_secret: The OAuth2 client secret to connect to Azure.
|
905
|
+
:param pulumi.Input[builtins.str] description: Human-friendly description of the mount for the backend.
|
906
|
+
:param pulumi.Input[builtins.bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
907
|
+
*Available only for Vault Enterprise*
|
908
|
+
:param pulumi.Input[builtins.bool] disable_remount: If set, opts out of mount migration on path updates.
|
715
909
|
See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
|
716
|
-
:param pulumi.Input[str] environment: The Azure environment.
|
717
|
-
:param pulumi.Input[str] identity_token_audience: The audience claim value. Requires Vault 1.17+.
|
910
|
+
:param pulumi.Input[builtins.str] environment: The Azure environment.
|
911
|
+
:param pulumi.Input[builtins.str] identity_token_audience: The audience claim value. Requires Vault 1.17+.
|
718
912
|
*Available only for Vault Enterprise*
|
719
|
-
:param pulumi.Input[str] identity_token_key: The key to use for signing identity tokens. Requires Vault 1.17+.
|
913
|
+
:param pulumi.Input[builtins.str] identity_token_key: The key to use for signing identity tokens. Requires Vault 1.17+.
|
720
914
|
*Available only for Vault Enterprise*
|
721
|
-
:param pulumi.Input[int] identity_token_ttl: The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
|
915
|
+
:param pulumi.Input[builtins.int] identity_token_ttl: The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
|
722
916
|
*Available only for Vault Enterprise*
|
723
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
917
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
724
918
|
The value should not contain leading or trailing forward slashes.
|
725
919
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
726
920
|
*Available only for Vault Enterprise*.
|
727
|
-
:param pulumi.Input[str] path: The unique path this backend should be mounted at. Defaults to `azure`.
|
728
|
-
:param pulumi.Input[
|
729
|
-
|
730
|
-
|
921
|
+
:param pulumi.Input[builtins.str] path: The unique path this backend should be mounted at. Defaults to `azure`.
|
922
|
+
:param pulumi.Input[builtins.int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
|
923
|
+
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
924
|
+
*Available only for Vault Enterprise*
|
925
|
+
:param pulumi.Input[builtins.str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
926
|
+
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
927
|
+
*Available only for Vault Enterprise*
|
928
|
+
:param pulumi.Input[builtins.int] rotation_window: The maximum amount of time in seconds allowed to complete
|
929
|
+
a rotation when a scheduled token rotation occurs. The default rotation window is
|
930
|
+
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+. *Available only for Vault Enterprise*
|
931
|
+
:param pulumi.Input[builtins.str] subscription_id: The subscription id for the Azure Active Directory.
|
932
|
+
:param pulumi.Input[builtins.str] tenant_id: The tenant id for the Azure Active Directory.
|
933
|
+
:param pulumi.Input[builtins.bool] use_microsoft_graph_api: Use the Microsoft Graph API. Should be set to true on vault-1.10+
|
731
934
|
"""
|
732
935
|
opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
|
733
936
|
|
@@ -736,6 +939,7 @@ class Backend(pulumi.CustomResource):
|
|
736
939
|
__props__.__dict__["client_id"] = client_id
|
737
940
|
__props__.__dict__["client_secret"] = client_secret
|
738
941
|
__props__.__dict__["description"] = description
|
942
|
+
__props__.__dict__["disable_automated_rotation"] = disable_automated_rotation
|
739
943
|
__props__.__dict__["disable_remount"] = disable_remount
|
740
944
|
__props__.__dict__["environment"] = environment
|
741
945
|
__props__.__dict__["identity_token_audience"] = identity_token_audience
|
@@ -743,6 +947,9 @@ class Backend(pulumi.CustomResource):
|
|
743
947
|
__props__.__dict__["identity_token_ttl"] = identity_token_ttl
|
744
948
|
__props__.__dict__["namespace"] = namespace
|
745
949
|
__props__.__dict__["path"] = path
|
950
|
+
__props__.__dict__["rotation_period"] = rotation_period
|
951
|
+
__props__.__dict__["rotation_schedule"] = rotation_schedule
|
952
|
+
__props__.__dict__["rotation_window"] = rotation_window
|
746
953
|
__props__.__dict__["subscription_id"] = subscription_id
|
747
954
|
__props__.__dict__["tenant_id"] = tenant_id
|
748
955
|
__props__.__dict__["use_microsoft_graph_api"] = use_microsoft_graph_api
|
@@ -750,7 +957,7 @@ class Backend(pulumi.CustomResource):
|
|
750
957
|
|
751
958
|
@property
|
752
959
|
@pulumi.getter(name="clientId")
|
753
|
-
def client_id(self) -> pulumi.Output[Optional[str]]:
|
960
|
+
def client_id(self) -> pulumi.Output[Optional[builtins.str]]:
|
754
961
|
"""
|
755
962
|
The OAuth2 client id to connect to Azure.
|
756
963
|
"""
|
@@ -758,7 +965,7 @@ class Backend(pulumi.CustomResource):
|
|
758
965
|
|
759
966
|
@property
|
760
967
|
@pulumi.getter(name="clientSecret")
|
761
|
-
def client_secret(self) -> pulumi.Output[Optional[str]]:
|
968
|
+
def client_secret(self) -> pulumi.Output[Optional[builtins.str]]:
|
762
969
|
"""
|
763
970
|
The OAuth2 client secret to connect to Azure.
|
764
971
|
"""
|
@@ -766,15 +973,24 @@ class Backend(pulumi.CustomResource):
|
|
766
973
|
|
767
974
|
@property
|
768
975
|
@pulumi.getter
|
769
|
-
def description(self) -> pulumi.Output[Optional[str]]:
|
976
|
+
def description(self) -> pulumi.Output[Optional[builtins.str]]:
|
770
977
|
"""
|
771
978
|
Human-friendly description of the mount for the backend.
|
772
979
|
"""
|
773
980
|
return pulumi.get(self, "description")
|
774
981
|
|
982
|
+
@property
|
983
|
+
@pulumi.getter(name="disableAutomatedRotation")
|
984
|
+
def disable_automated_rotation(self) -> pulumi.Output[Optional[builtins.bool]]:
|
985
|
+
"""
|
986
|
+
Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
987
|
+
*Available only for Vault Enterprise*
|
988
|
+
"""
|
989
|
+
return pulumi.get(self, "disable_automated_rotation")
|
990
|
+
|
775
991
|
@property
|
776
992
|
@pulumi.getter(name="disableRemount")
|
777
|
-
def disable_remount(self) -> pulumi.Output[Optional[bool]]:
|
993
|
+
def disable_remount(self) -> pulumi.Output[Optional[builtins.bool]]:
|
778
994
|
"""
|
779
995
|
If set, opts out of mount migration on path updates.
|
780
996
|
See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
|
@@ -783,7 +999,7 @@ class Backend(pulumi.CustomResource):
|
|
783
999
|
|
784
1000
|
@property
|
785
1001
|
@pulumi.getter
|
786
|
-
def environment(self) -> pulumi.Output[Optional[str]]:
|
1002
|
+
def environment(self) -> pulumi.Output[Optional[builtins.str]]:
|
787
1003
|
"""
|
788
1004
|
The Azure environment.
|
789
1005
|
"""
|
@@ -791,7 +1007,7 @@ class Backend(pulumi.CustomResource):
|
|
791
1007
|
|
792
1008
|
@property
|
793
1009
|
@pulumi.getter(name="identityTokenAudience")
|
794
|
-
def identity_token_audience(self) -> pulumi.Output[Optional[str]]:
|
1010
|
+
def identity_token_audience(self) -> pulumi.Output[Optional[builtins.str]]:
|
795
1011
|
"""
|
796
1012
|
The audience claim value. Requires Vault 1.17+.
|
797
1013
|
*Available only for Vault Enterprise*
|
@@ -800,7 +1016,7 @@ class Backend(pulumi.CustomResource):
|
|
800
1016
|
|
801
1017
|
@property
|
802
1018
|
@pulumi.getter(name="identityTokenKey")
|
803
|
-
def identity_token_key(self) -> pulumi.Output[Optional[str]]:
|
1019
|
+
def identity_token_key(self) -> pulumi.Output[Optional[builtins.str]]:
|
804
1020
|
"""
|
805
1021
|
The key to use for signing identity tokens. Requires Vault 1.17+.
|
806
1022
|
*Available only for Vault Enterprise*
|
@@ -809,7 +1025,7 @@ class Backend(pulumi.CustomResource):
|
|
809
1025
|
|
810
1026
|
@property
|
811
1027
|
@pulumi.getter(name="identityTokenTtl")
|
812
|
-
def identity_token_ttl(self) -> pulumi.Output[int]:
|
1028
|
+
def identity_token_ttl(self) -> pulumi.Output[builtins.int]:
|
813
1029
|
"""
|
814
1030
|
The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
|
815
1031
|
*Available only for Vault Enterprise*
|
@@ -818,7 +1034,7 @@ class Backend(pulumi.CustomResource):
|
|
818
1034
|
|
819
1035
|
@property
|
820
1036
|
@pulumi.getter
|
821
|
-
def namespace(self) -> pulumi.Output[Optional[str]]:
|
1037
|
+
def namespace(self) -> pulumi.Output[Optional[builtins.str]]:
|
822
1038
|
"""
|
823
1039
|
The namespace to provision the resource in.
|
824
1040
|
The value should not contain leading or trailing forward slashes.
|
@@ -829,15 +1045,45 @@ class Backend(pulumi.CustomResource):
|
|
829
1045
|
|
830
1046
|
@property
|
831
1047
|
@pulumi.getter
|
832
|
-
def path(self) -> pulumi.Output[Optional[str]]:
|
1048
|
+
def path(self) -> pulumi.Output[Optional[builtins.str]]:
|
833
1049
|
"""
|
834
1050
|
The unique path this backend should be mounted at. Defaults to `azure`.
|
835
1051
|
"""
|
836
1052
|
return pulumi.get(self, "path")
|
837
1053
|
|
1054
|
+
@property
|
1055
|
+
@pulumi.getter(name="rotationPeriod")
|
1056
|
+
def rotation_period(self) -> pulumi.Output[Optional[builtins.int]]:
|
1057
|
+
"""
|
1058
|
+
The amount of time in seconds Vault should wait before rotating the root credential.
|
1059
|
+
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
1060
|
+
*Available only for Vault Enterprise*
|
1061
|
+
"""
|
1062
|
+
return pulumi.get(self, "rotation_period")
|
1063
|
+
|
1064
|
+
@property
|
1065
|
+
@pulumi.getter(name="rotationSchedule")
|
1066
|
+
def rotation_schedule(self) -> pulumi.Output[Optional[builtins.str]]:
|
1067
|
+
"""
|
1068
|
+
The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
1069
|
+
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
1070
|
+
*Available only for Vault Enterprise*
|
1071
|
+
"""
|
1072
|
+
return pulumi.get(self, "rotation_schedule")
|
1073
|
+
|
1074
|
+
@property
|
1075
|
+
@pulumi.getter(name="rotationWindow")
|
1076
|
+
def rotation_window(self) -> pulumi.Output[Optional[builtins.int]]:
|
1077
|
+
"""
|
1078
|
+
The maximum amount of time in seconds allowed to complete
|
1079
|
+
a rotation when a scheduled token rotation occurs. The default rotation window is
|
1080
|
+
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+. *Available only for Vault Enterprise*
|
1081
|
+
"""
|
1082
|
+
return pulumi.get(self, "rotation_window")
|
1083
|
+
|
838
1084
|
@property
|
839
1085
|
@pulumi.getter(name="subscriptionId")
|
840
|
-
def subscription_id(self) -> pulumi.Output[str]:
|
1086
|
+
def subscription_id(self) -> pulumi.Output[builtins.str]:
|
841
1087
|
"""
|
842
1088
|
The subscription id for the Azure Active Directory.
|
843
1089
|
"""
|
@@ -845,7 +1091,7 @@ class Backend(pulumi.CustomResource):
|
|
845
1091
|
|
846
1092
|
@property
|
847
1093
|
@pulumi.getter(name="tenantId")
|
848
|
-
def tenant_id(self) -> pulumi.Output[str]:
|
1094
|
+
def tenant_id(self) -> pulumi.Output[builtins.str]:
|
849
1095
|
"""
|
850
1096
|
The tenant id for the Azure Active Directory.
|
851
1097
|
"""
|
@@ -854,7 +1100,7 @@ class Backend(pulumi.CustomResource):
|
|
854
1100
|
@property
|
855
1101
|
@pulumi.getter(name="useMicrosoftGraphApi")
|
856
1102
|
@_utilities.deprecated("""This field is not supported in Vault-1.12+ and is the default behavior. This field will be removed in future version of the provider.""")
|
857
|
-
def use_microsoft_graph_api(self) -> pulumi.Output[bool]:
|
1103
|
+
def use_microsoft_graph_api(self) -> pulumi.Output[builtins.bool]:
|
858
1104
|
"""
|
859
1105
|
Use the Microsoft Graph API. Should be set to true on vault-1.10+
|
860
1106
|
"""
|