pulumi-vault 6.6.0a1741415971__py3-none-any.whl → 6.7.0__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +9 -0
- pulumi_vault/_inputs.py +583 -562
- pulumi_vault/ad/__init__.py +1 -0
- pulumi_vault/ad/get_access_credentials.py +20 -19
- pulumi_vault/ad/secret_backend.py +477 -476
- pulumi_vault/ad/secret_library.py +99 -98
- pulumi_vault/ad/secret_role.py +85 -84
- pulumi_vault/alicloud/__init__.py +1 -0
- pulumi_vault/alicloud/auth_backend_role.py +183 -182
- pulumi_vault/approle/__init__.py +1 -0
- pulumi_vault/approle/auth_backend_login.py +106 -105
- pulumi_vault/approle/auth_backend_role.py +239 -238
- pulumi_vault/approle/auth_backend_role_secret_id.py +162 -161
- pulumi_vault/approle/get_auth_backend_role_id.py +18 -17
- pulumi_vault/audit.py +85 -84
- pulumi_vault/audit_request_header.py +43 -42
- pulumi_vault/auth_backend.py +106 -105
- pulumi_vault/aws/__init__.py +1 -0
- pulumi_vault/aws/auth_backend_cert.py +71 -70
- pulumi_vault/aws/auth_backend_client.py +425 -200
- pulumi_vault/aws/auth_backend_config_identity.py +85 -84
- pulumi_vault/aws/auth_backend_identity_whitelist.py +57 -56
- pulumi_vault/aws/auth_backend_login.py +209 -208
- pulumi_vault/aws/auth_backend_role.py +400 -399
- pulumi_vault/aws/auth_backend_role_tag.py +127 -126
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +57 -56
- pulumi_vault/aws/auth_backend_sts_role.py +71 -70
- pulumi_vault/aws/get_access_credentials.py +44 -43
- pulumi_vault/aws/get_static_access_credentials.py +13 -12
- pulumi_vault/aws/secret_backend.py +523 -306
- pulumi_vault/aws/secret_backend_role.py +211 -210
- pulumi_vault/aws/secret_backend_static_role.py +288 -70
- pulumi_vault/azure/__init__.py +1 -0
- pulumi_vault/azure/_inputs.py +21 -20
- pulumi_vault/azure/auth_backend_config.py +383 -130
- pulumi_vault/azure/auth_backend_role.py +253 -252
- pulumi_vault/azure/backend.py +432 -186
- pulumi_vault/azure/backend_role.py +188 -140
- pulumi_vault/azure/get_access_credentials.py +58 -57
- pulumi_vault/azure/outputs.py +11 -10
- pulumi_vault/cert_auth_backend_role.py +365 -364
- pulumi_vault/config/__init__.py +1 -0
- pulumi_vault/config/__init__.pyi +1 -0
- pulumi_vault/config/_inputs.py +11 -10
- pulumi_vault/config/outputs.py +287 -286
- pulumi_vault/config/ui_custom_message.py +113 -112
- pulumi_vault/config/vars.py +1 -0
- pulumi_vault/consul/__init__.py +1 -0
- pulumi_vault/consul/secret_backend.py +197 -196
- pulumi_vault/consul/secret_backend_role.py +183 -182
- pulumi_vault/database/__init__.py +1 -0
- pulumi_vault/database/_inputs.py +3857 -2200
- pulumi_vault/database/outputs.py +2483 -1330
- pulumi_vault/database/secret_backend_connection.py +333 -112
- pulumi_vault/database/secret_backend_role.py +169 -168
- pulumi_vault/database/secret_backend_static_role.py +283 -140
- pulumi_vault/database/secrets_mount.py +275 -266
- pulumi_vault/egp_policy.py +71 -70
- pulumi_vault/gcp/__init__.py +1 -0
- pulumi_vault/gcp/_inputs.py +82 -81
- pulumi_vault/gcp/auth_backend.py +426 -205
- pulumi_vault/gcp/auth_backend_role.py +281 -280
- pulumi_vault/gcp/get_auth_backend_role.py +70 -69
- pulumi_vault/gcp/outputs.py +50 -49
- pulumi_vault/gcp/secret_backend.py +420 -179
- pulumi_vault/gcp/secret_impersonated_account.py +92 -91
- pulumi_vault/gcp/secret_roleset.py +92 -91
- pulumi_vault/gcp/secret_static_account.py +92 -91
- pulumi_vault/generic/__init__.py +1 -0
- pulumi_vault/generic/endpoint.py +113 -112
- pulumi_vault/generic/get_secret.py +28 -27
- pulumi_vault/generic/secret.py +78 -77
- pulumi_vault/get_auth_backend.py +19 -18
- pulumi_vault/get_auth_backends.py +14 -13
- pulumi_vault/get_namespace.py +15 -14
- pulumi_vault/get_namespaces.py +68 -18
- pulumi_vault/get_nomad_access_token.py +19 -18
- pulumi_vault/get_policy_document.py +6 -5
- pulumi_vault/get_raft_autopilot_state.py +18 -17
- pulumi_vault/github/__init__.py +1 -0
- pulumi_vault/github/_inputs.py +42 -41
- pulumi_vault/github/auth_backend.py +232 -231
- pulumi_vault/github/outputs.py +26 -25
- pulumi_vault/github/team.py +57 -56
- pulumi_vault/github/user.py +57 -56
- pulumi_vault/identity/__init__.py +1 -0
- pulumi_vault/identity/entity.py +85 -84
- pulumi_vault/identity/entity_alias.py +71 -70
- pulumi_vault/identity/entity_policies.py +64 -63
- pulumi_vault/identity/get_entity.py +43 -42
- pulumi_vault/identity/get_group.py +50 -49
- pulumi_vault/identity/get_oidc_client_creds.py +14 -13
- pulumi_vault/identity/get_oidc_openid_config.py +24 -23
- pulumi_vault/identity/get_oidc_public_keys.py +13 -12
- pulumi_vault/identity/group.py +141 -140
- pulumi_vault/identity/group_alias.py +57 -56
- pulumi_vault/identity/group_member_entity_ids.py +57 -56
- pulumi_vault/identity/group_member_group_ids.py +57 -56
- pulumi_vault/identity/group_policies.py +64 -63
- pulumi_vault/identity/mfa_duo.py +148 -147
- pulumi_vault/identity/mfa_login_enforcement.py +120 -119
- pulumi_vault/identity/mfa_okta.py +134 -133
- pulumi_vault/identity/mfa_pingid.py +127 -126
- pulumi_vault/identity/mfa_totp.py +176 -175
- pulumi_vault/identity/oidc.py +29 -28
- pulumi_vault/identity/oidc_assignment.py +57 -56
- pulumi_vault/identity/oidc_client.py +127 -126
- pulumi_vault/identity/oidc_key.py +85 -84
- pulumi_vault/identity/oidc_key_allowed_client_id.py +43 -42
- pulumi_vault/identity/oidc_provider.py +92 -91
- pulumi_vault/identity/oidc_role.py +85 -84
- pulumi_vault/identity/oidc_scope.py +57 -56
- pulumi_vault/identity/outputs.py +32 -31
- pulumi_vault/jwt/__init__.py +1 -0
- pulumi_vault/jwt/_inputs.py +42 -41
- pulumi_vault/jwt/auth_backend.py +288 -287
- pulumi_vault/jwt/auth_backend_role.py +407 -406
- pulumi_vault/jwt/outputs.py +26 -25
- pulumi_vault/kmip/__init__.py +1 -0
- pulumi_vault/kmip/secret_backend.py +183 -182
- pulumi_vault/kmip/secret_role.py +295 -294
- pulumi_vault/kmip/secret_scope.py +57 -56
- pulumi_vault/kubernetes/__init__.py +1 -0
- pulumi_vault/kubernetes/auth_backend_config.py +141 -140
- pulumi_vault/kubernetes/auth_backend_role.py +225 -224
- pulumi_vault/kubernetes/get_auth_backend_config.py +47 -46
- pulumi_vault/kubernetes/get_auth_backend_role.py +70 -69
- pulumi_vault/kubernetes/get_service_account_token.py +38 -37
- pulumi_vault/kubernetes/secret_backend.py +316 -315
- pulumi_vault/kubernetes/secret_backend_role.py +197 -196
- pulumi_vault/kv/__init__.py +1 -0
- pulumi_vault/kv/_inputs.py +21 -20
- pulumi_vault/kv/get_secret.py +17 -16
- pulumi_vault/kv/get_secret_subkeys_v2.py +30 -29
- pulumi_vault/kv/get_secret_v2.py +29 -28
- pulumi_vault/kv/get_secrets_list.py +13 -12
- pulumi_vault/kv/get_secrets_list_v2.py +19 -18
- pulumi_vault/kv/outputs.py +13 -12
- pulumi_vault/kv/secret.py +50 -49
- pulumi_vault/kv/secret_backend_v2.py +71 -70
- pulumi_vault/kv/secret_v2.py +134 -133
- pulumi_vault/ldap/__init__.py +1 -0
- pulumi_vault/ldap/auth_backend.py +754 -533
- pulumi_vault/ldap/auth_backend_group.py +57 -56
- pulumi_vault/ldap/auth_backend_user.py +71 -70
- pulumi_vault/ldap/get_dynamic_credentials.py +17 -16
- pulumi_vault/ldap/get_static_credentials.py +18 -17
- pulumi_vault/ldap/secret_backend.py +720 -499
- pulumi_vault/ldap/secret_backend_dynamic_role.py +127 -126
- pulumi_vault/ldap/secret_backend_library_set.py +99 -98
- pulumi_vault/ldap/secret_backend_static_role.py +99 -98
- pulumi_vault/managed/__init__.py +1 -0
- pulumi_vault/managed/_inputs.py +229 -228
- pulumi_vault/managed/keys.py +15 -14
- pulumi_vault/managed/outputs.py +139 -138
- pulumi_vault/mfa_duo.py +113 -112
- pulumi_vault/mfa_okta.py +113 -112
- pulumi_vault/mfa_pingid.py +120 -119
- pulumi_vault/mfa_totp.py +127 -126
- pulumi_vault/mongodbatlas/__init__.py +1 -0
- pulumi_vault/mongodbatlas/secret_backend.py +64 -63
- pulumi_vault/mongodbatlas/secret_role.py +155 -154
- pulumi_vault/mount.py +274 -273
- pulumi_vault/namespace.py +64 -63
- pulumi_vault/nomad_secret_backend.py +211 -210
- pulumi_vault/nomad_secret_role.py +85 -84
- pulumi_vault/okta/__init__.py +1 -0
- pulumi_vault/okta/_inputs.py +26 -25
- pulumi_vault/okta/auth_backend.py +274 -273
- pulumi_vault/okta/auth_backend_group.py +57 -56
- pulumi_vault/okta/auth_backend_user.py +71 -70
- pulumi_vault/okta/outputs.py +16 -15
- pulumi_vault/outputs.py +73 -60
- pulumi_vault/password_policy.py +43 -42
- pulumi_vault/pkisecret/__init__.py +3 -0
- pulumi_vault/pkisecret/_inputs.py +31 -36
- pulumi_vault/pkisecret/backend_acme_eab.py +92 -91
- pulumi_vault/pkisecret/backend_config_acme.py +174 -126
- pulumi_vault/pkisecret/backend_config_auto_tidy.py +1377 -0
- pulumi_vault/pkisecret/backend_config_cluster.py +57 -56
- pulumi_vault/pkisecret/backend_config_cmpv2.py +152 -104
- pulumi_vault/pkisecret/backend_config_est.py +120 -119
- pulumi_vault/pkisecret/get_backend_cert_metadata.py +278 -0
- pulumi_vault/pkisecret/get_backend_config_cmpv2.py +35 -17
- pulumi_vault/pkisecret/get_backend_config_est.py +19 -18
- pulumi_vault/pkisecret/get_backend_issuer.py +139 -25
- pulumi_vault/pkisecret/get_backend_issuers.py +15 -14
- pulumi_vault/pkisecret/get_backend_key.py +20 -19
- pulumi_vault/pkisecret/get_backend_keys.py +15 -14
- pulumi_vault/pkisecret/outputs.py +28 -31
- pulumi_vault/pkisecret/secret_backend_cert.py +439 -297
- pulumi_vault/pkisecret/secret_backend_config_ca.py +43 -42
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +57 -56
- pulumi_vault/pkisecret/secret_backend_config_urls.py +85 -84
- pulumi_vault/pkisecret/secret_backend_crl_config.py +237 -182
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +520 -378
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +57 -56
- pulumi_vault/pkisecret/secret_backend_issuer.py +441 -175
- pulumi_vault/pkisecret/secret_backend_key.py +120 -119
- pulumi_vault/pkisecret/secret_backend_role.py +894 -644
- pulumi_vault/pkisecret/secret_backend_root_cert.py +851 -427
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +936 -357
- pulumi_vault/pkisecret/secret_backend_sign.py +347 -252
- pulumi_vault/plugin.py +127 -126
- pulumi_vault/plugin_pinned_version.py +43 -42
- pulumi_vault/policy.py +43 -42
- pulumi_vault/provider.py +120 -119
- pulumi_vault/pulumi-plugin.json +1 -1
- pulumi_vault/quota_lease_count.py +85 -84
- pulumi_vault/quota_rate_limit.py +113 -112
- pulumi_vault/rabbitmq/__init__.py +1 -0
- pulumi_vault/rabbitmq/_inputs.py +41 -40
- pulumi_vault/rabbitmq/outputs.py +25 -24
- pulumi_vault/rabbitmq/secret_backend.py +169 -168
- pulumi_vault/rabbitmq/secret_backend_role.py +57 -56
- pulumi_vault/raft_autopilot.py +113 -112
- pulumi_vault/raft_snapshot_agent_config.py +393 -392
- pulumi_vault/rgp_policy.py +57 -56
- pulumi_vault/saml/__init__.py +1 -0
- pulumi_vault/saml/auth_backend.py +155 -154
- pulumi_vault/saml/auth_backend_role.py +239 -238
- pulumi_vault/secrets/__init__.py +1 -0
- pulumi_vault/secrets/_inputs.py +16 -15
- pulumi_vault/secrets/outputs.py +10 -9
- pulumi_vault/secrets/sync_association.py +71 -70
- pulumi_vault/secrets/sync_aws_destination.py +148 -147
- pulumi_vault/secrets/sync_azure_destination.py +148 -147
- pulumi_vault/secrets/sync_config.py +43 -42
- pulumi_vault/secrets/sync_gcp_destination.py +106 -105
- pulumi_vault/secrets/sync_gh_destination.py +134 -133
- pulumi_vault/secrets/sync_github_apps.py +64 -63
- pulumi_vault/secrets/sync_vercel_destination.py +120 -119
- pulumi_vault/ssh/__init__.py +2 -0
- pulumi_vault/ssh/_inputs.py +11 -10
- pulumi_vault/ssh/get_secret_backend_sign.py +295 -0
- pulumi_vault/ssh/outputs.py +7 -6
- pulumi_vault/ssh/secret_backend_ca.py +99 -98
- pulumi_vault/ssh/secret_backend_role.py +365 -364
- pulumi_vault/terraformcloud/__init__.py +1 -0
- pulumi_vault/terraformcloud/secret_backend.py +111 -110
- pulumi_vault/terraformcloud/secret_creds.py +74 -73
- pulumi_vault/terraformcloud/secret_role.py +96 -95
- pulumi_vault/token.py +246 -245
- pulumi_vault/tokenauth/__init__.py +1 -0
- pulumi_vault/tokenauth/auth_backend_role.py +267 -266
- pulumi_vault/transform/__init__.py +1 -0
- pulumi_vault/transform/alphabet.py +57 -56
- pulumi_vault/transform/get_decode.py +47 -46
- pulumi_vault/transform/get_encode.py +47 -46
- pulumi_vault/transform/role.py +57 -56
- pulumi_vault/transform/template.py +113 -112
- pulumi_vault/transform/transformation.py +141 -140
- pulumi_vault/transit/__init__.py +3 -0
- pulumi_vault/transit/get_decrypt.py +18 -17
- pulumi_vault/transit/get_encrypt.py +21 -20
- pulumi_vault/transit/get_sign.py +325 -0
- pulumi_vault/transit/get_verify.py +355 -0
- pulumi_vault/transit/secret_backend_key.py +394 -231
- pulumi_vault/transit/secret_cache_config.py +43 -42
- {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0.dist-info}/METADATA +2 -2
- pulumi_vault-6.7.0.dist-info/RECORD +265 -0
- {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0.dist-info}/WHEEL +1 -1
- pulumi_vault-6.6.0a1741415971.dist-info/RECORD +0 -260
- {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0.dist-info}/top_level.txt +0 -0
@@ -2,6 +2,7 @@
|
|
2
2
|
# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
|
3
3
|
# *** Do not edit by hand unless you're certain you know what you are doing! ***
|
4
4
|
|
5
|
+
import builtins
|
5
6
|
import copy
|
6
7
|
import warnings
|
7
8
|
import sys
|
@@ -19,43 +20,54 @@ __all__ = ['SecretBackendStaticRoleArgs', 'SecretBackendStaticRole']
|
|
19
20
|
@pulumi.input_type
|
20
21
|
class SecretBackendStaticRoleArgs:
|
21
22
|
def __init__(__self__, *,
|
22
|
-
backend: pulumi.Input[str],
|
23
|
-
db_name: pulumi.Input[str],
|
24
|
-
username: pulumi.Input[str],
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
23
|
+
backend: pulumi.Input[builtins.str],
|
24
|
+
db_name: pulumi.Input[builtins.str],
|
25
|
+
username: pulumi.Input[builtins.str],
|
26
|
+
credential_config: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
|
27
|
+
credential_type: Optional[pulumi.Input[builtins.str]] = None,
|
28
|
+
name: Optional[pulumi.Input[builtins.str]] = None,
|
29
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
30
|
+
rotation_period: Optional[pulumi.Input[builtins.int]] = None,
|
31
|
+
rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
|
32
|
+
rotation_statements: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
33
|
+
rotation_window: Optional[pulumi.Input[builtins.int]] = None,
|
34
|
+
self_managed_password: Optional[pulumi.Input[builtins.str]] = None,
|
35
|
+
skip_import_rotation: Optional[pulumi.Input[builtins.bool]] = None):
|
32
36
|
"""
|
33
37
|
The set of arguments for constructing a SecretBackendStaticRole resource.
|
34
|
-
:param pulumi.Input[str] backend: The unique name of the Vault mount to configure.
|
35
|
-
:param pulumi.Input[str] db_name: The unique name of the database connection to use for the static role.
|
36
|
-
:param pulumi.Input[str] username: The database username that this static role corresponds to.
|
37
|
-
:param pulumi.Input[str]
|
38
|
-
|
38
|
+
:param pulumi.Input[builtins.str] backend: The unique name of the Vault mount to configure.
|
39
|
+
:param pulumi.Input[builtins.str] db_name: The unique name of the database connection to use for the static role.
|
40
|
+
:param pulumi.Input[builtins.str] username: The database username that this static role corresponds to.
|
41
|
+
:param pulumi.Input[builtins.str] credential_type: The credential type for the user, can be one of "password", "rsa_private_key" or "client_certificate".The configuration
|
42
|
+
can be done in `credential_config`.
|
43
|
+
:param pulumi.Input[builtins.str] name: A unique name to give the static role.
|
44
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
39
45
|
The value should not contain leading or trailing forward slashes.
|
40
46
|
The `namespace` is always relative to the provider's configured namespace.
|
41
47
|
*Available only for Vault Enterprise*.
|
42
|
-
:param pulumi.Input[int] rotation_period: The amount of time Vault should wait before rotating the password, in seconds.
|
48
|
+
:param pulumi.Input[builtins.int] rotation_period: The amount of time Vault should wait before rotating the password, in seconds.
|
43
49
|
Mutually exclusive with `rotation_schedule`.
|
44
|
-
:param pulumi.Input[str] rotation_schedule: A cron-style string that will define the schedule on which rotations should occur.
|
50
|
+
:param pulumi.Input[builtins.str] rotation_schedule: A cron-style string that will define the schedule on which rotations should occur.
|
45
51
|
Mutually exclusive with `rotation_period`.
|
46
52
|
|
47
53
|
**Warning**: The `rotation_period` and `rotation_schedule` fields are
|
48
54
|
mutually exclusive. One of them must be set but not both.
|
49
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] rotation_statements: Database statements to execute to rotate the password for the configured database user.
|
50
|
-
:param pulumi.Input[int] rotation_window: The amount of time, in seconds, in which rotations are allowed to occur starting
|
55
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] rotation_statements: Database statements to execute to rotate the password for the configured database user.
|
56
|
+
:param pulumi.Input[builtins.int] rotation_window: The amount of time, in seconds, in which rotations are allowed to occur starting
|
51
57
|
from a given `rotation_schedule`.
|
52
|
-
:param pulumi.Input[str] self_managed_password: The password corresponding to the username in the database.
|
58
|
+
:param pulumi.Input[builtins.str] self_managed_password: The password corresponding to the username in the database.
|
53
59
|
Required when using the Rootless Password Rotation workflow for static roles. Only enabled for
|
54
60
|
select DB engines (Postgres). Requires Vault 1.18+ Enterprise.
|
61
|
+
:param pulumi.Input[builtins.bool] skip_import_rotation: If set to true, Vault will skip the
|
62
|
+
initial secret rotation on import. Requires Vault 1.18+ Enterprise.
|
55
63
|
"""
|
56
64
|
pulumi.set(__self__, "backend", backend)
|
57
65
|
pulumi.set(__self__, "db_name", db_name)
|
58
66
|
pulumi.set(__self__, "username", username)
|
67
|
+
if credential_config is not None:
|
68
|
+
pulumi.set(__self__, "credential_config", credential_config)
|
69
|
+
if credential_type is not None:
|
70
|
+
pulumi.set(__self__, "credential_type", credential_type)
|
59
71
|
if name is not None:
|
60
72
|
pulumi.set(__self__, "name", name)
|
61
73
|
if namespace is not None:
|
@@ -70,58 +82,82 @@ class SecretBackendStaticRoleArgs:
|
|
70
82
|
pulumi.set(__self__, "rotation_window", rotation_window)
|
71
83
|
if self_managed_password is not None:
|
72
84
|
pulumi.set(__self__, "self_managed_password", self_managed_password)
|
85
|
+
if skip_import_rotation is not None:
|
86
|
+
pulumi.set(__self__, "skip_import_rotation", skip_import_rotation)
|
73
87
|
|
74
88
|
@property
|
75
89
|
@pulumi.getter
|
76
|
-
def backend(self) -> pulumi.Input[str]:
|
90
|
+
def backend(self) -> pulumi.Input[builtins.str]:
|
77
91
|
"""
|
78
92
|
The unique name of the Vault mount to configure.
|
79
93
|
"""
|
80
94
|
return pulumi.get(self, "backend")
|
81
95
|
|
82
96
|
@backend.setter
|
83
|
-
def backend(self, value: pulumi.Input[str]):
|
97
|
+
def backend(self, value: pulumi.Input[builtins.str]):
|
84
98
|
pulumi.set(self, "backend", value)
|
85
99
|
|
86
100
|
@property
|
87
101
|
@pulumi.getter(name="dbName")
|
88
|
-
def db_name(self) -> pulumi.Input[str]:
|
102
|
+
def db_name(self) -> pulumi.Input[builtins.str]:
|
89
103
|
"""
|
90
104
|
The unique name of the database connection to use for the static role.
|
91
105
|
"""
|
92
106
|
return pulumi.get(self, "db_name")
|
93
107
|
|
94
108
|
@db_name.setter
|
95
|
-
def db_name(self, value: pulumi.Input[str]):
|
109
|
+
def db_name(self, value: pulumi.Input[builtins.str]):
|
96
110
|
pulumi.set(self, "db_name", value)
|
97
111
|
|
98
112
|
@property
|
99
113
|
@pulumi.getter
|
100
|
-
def username(self) -> pulumi.Input[str]:
|
114
|
+
def username(self) -> pulumi.Input[builtins.str]:
|
101
115
|
"""
|
102
116
|
The database username that this static role corresponds to.
|
103
117
|
"""
|
104
118
|
return pulumi.get(self, "username")
|
105
119
|
|
106
120
|
@username.setter
|
107
|
-
def username(self, value: pulumi.Input[str]):
|
121
|
+
def username(self, value: pulumi.Input[builtins.str]):
|
108
122
|
pulumi.set(self, "username", value)
|
109
123
|
|
124
|
+
@property
|
125
|
+
@pulumi.getter(name="credentialConfig")
|
126
|
+
def credential_config(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]:
|
127
|
+
return pulumi.get(self, "credential_config")
|
128
|
+
|
129
|
+
@credential_config.setter
|
130
|
+
def credential_config(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]):
|
131
|
+
pulumi.set(self, "credential_config", value)
|
132
|
+
|
133
|
+
@property
|
134
|
+
@pulumi.getter(name="credentialType")
|
135
|
+
def credential_type(self) -> Optional[pulumi.Input[builtins.str]]:
|
136
|
+
"""
|
137
|
+
The credential type for the user, can be one of "password", "rsa_private_key" or "client_certificate".The configuration
|
138
|
+
can be done in `credential_config`.
|
139
|
+
"""
|
140
|
+
return pulumi.get(self, "credential_type")
|
141
|
+
|
142
|
+
@credential_type.setter
|
143
|
+
def credential_type(self, value: Optional[pulumi.Input[builtins.str]]):
|
144
|
+
pulumi.set(self, "credential_type", value)
|
145
|
+
|
110
146
|
@property
|
111
147
|
@pulumi.getter
|
112
|
-
def name(self) -> Optional[pulumi.Input[str]]:
|
148
|
+
def name(self) -> Optional[pulumi.Input[builtins.str]]:
|
113
149
|
"""
|
114
150
|
A unique name to give the static role.
|
115
151
|
"""
|
116
152
|
return pulumi.get(self, "name")
|
117
153
|
|
118
154
|
@name.setter
|
119
|
-
def name(self, value: Optional[pulumi.Input[str]]):
|
155
|
+
def name(self, value: Optional[pulumi.Input[builtins.str]]):
|
120
156
|
pulumi.set(self, "name", value)
|
121
157
|
|
122
158
|
@property
|
123
159
|
@pulumi.getter
|
124
|
-
def namespace(self) -> Optional[pulumi.Input[str]]:
|
160
|
+
def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
|
125
161
|
"""
|
126
162
|
The namespace to provision the resource in.
|
127
163
|
The value should not contain leading or trailing forward slashes.
|
@@ -131,12 +167,12 @@ class SecretBackendStaticRoleArgs:
|
|
131
167
|
return pulumi.get(self, "namespace")
|
132
168
|
|
133
169
|
@namespace.setter
|
134
|
-
def namespace(self, value: Optional[pulumi.Input[str]]):
|
170
|
+
def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
|
135
171
|
pulumi.set(self, "namespace", value)
|
136
172
|
|
137
173
|
@property
|
138
174
|
@pulumi.getter(name="rotationPeriod")
|
139
|
-
def rotation_period(self) -> Optional[pulumi.Input[int]]:
|
175
|
+
def rotation_period(self) -> Optional[pulumi.Input[builtins.int]]:
|
140
176
|
"""
|
141
177
|
The amount of time Vault should wait before rotating the password, in seconds.
|
142
178
|
Mutually exclusive with `rotation_schedule`.
|
@@ -144,12 +180,12 @@ class SecretBackendStaticRoleArgs:
|
|
144
180
|
return pulumi.get(self, "rotation_period")
|
145
181
|
|
146
182
|
@rotation_period.setter
|
147
|
-
def rotation_period(self, value: Optional[pulumi.Input[int]]):
|
183
|
+
def rotation_period(self, value: Optional[pulumi.Input[builtins.int]]):
|
148
184
|
pulumi.set(self, "rotation_period", value)
|
149
185
|
|
150
186
|
@property
|
151
187
|
@pulumi.getter(name="rotationSchedule")
|
152
|
-
def rotation_schedule(self) -> Optional[pulumi.Input[str]]:
|
188
|
+
def rotation_schedule(self) -> Optional[pulumi.Input[builtins.str]]:
|
153
189
|
"""
|
154
190
|
A cron-style string that will define the schedule on which rotations should occur.
|
155
191
|
Mutually exclusive with `rotation_period`.
|
@@ -160,24 +196,24 @@ class SecretBackendStaticRoleArgs:
|
|
160
196
|
return pulumi.get(self, "rotation_schedule")
|
161
197
|
|
162
198
|
@rotation_schedule.setter
|
163
|
-
def rotation_schedule(self, value: Optional[pulumi.Input[str]]):
|
199
|
+
def rotation_schedule(self, value: Optional[pulumi.Input[builtins.str]]):
|
164
200
|
pulumi.set(self, "rotation_schedule", value)
|
165
201
|
|
166
202
|
@property
|
167
203
|
@pulumi.getter(name="rotationStatements")
|
168
|
-
def rotation_statements(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
204
|
+
def rotation_statements(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
169
205
|
"""
|
170
206
|
Database statements to execute to rotate the password for the configured database user.
|
171
207
|
"""
|
172
208
|
return pulumi.get(self, "rotation_statements")
|
173
209
|
|
174
210
|
@rotation_statements.setter
|
175
|
-
def rotation_statements(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
211
|
+
def rotation_statements(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
176
212
|
pulumi.set(self, "rotation_statements", value)
|
177
213
|
|
178
214
|
@property
|
179
215
|
@pulumi.getter(name="rotationWindow")
|
180
|
-
def rotation_window(self) -> Optional[pulumi.Input[int]]:
|
216
|
+
def rotation_window(self) -> Optional[pulumi.Input[builtins.int]]:
|
181
217
|
"""
|
182
218
|
The amount of time, in seconds, in which rotations are allowed to occur starting
|
183
219
|
from a given `rotation_schedule`.
|
@@ -185,12 +221,12 @@ class SecretBackendStaticRoleArgs:
|
|
185
221
|
return pulumi.get(self, "rotation_window")
|
186
222
|
|
187
223
|
@rotation_window.setter
|
188
|
-
def rotation_window(self, value: Optional[pulumi.Input[int]]):
|
224
|
+
def rotation_window(self, value: Optional[pulumi.Input[builtins.int]]):
|
189
225
|
pulumi.set(self, "rotation_window", value)
|
190
226
|
|
191
227
|
@property
|
192
228
|
@pulumi.getter(name="selfManagedPassword")
|
193
|
-
def self_managed_password(self) -> Optional[pulumi.Input[str]]:
|
229
|
+
def self_managed_password(self) -> Optional[pulumi.Input[builtins.str]]:
|
194
230
|
"""
|
195
231
|
The password corresponding to the username in the database.
|
196
232
|
Required when using the Rootless Password Rotation workflow for static roles. Only enabled for
|
@@ -199,49 +235,73 @@ class SecretBackendStaticRoleArgs:
|
|
199
235
|
return pulumi.get(self, "self_managed_password")
|
200
236
|
|
201
237
|
@self_managed_password.setter
|
202
|
-
def self_managed_password(self, value: Optional[pulumi.Input[str]]):
|
238
|
+
def self_managed_password(self, value: Optional[pulumi.Input[builtins.str]]):
|
203
239
|
pulumi.set(self, "self_managed_password", value)
|
204
240
|
|
241
|
+
@property
|
242
|
+
@pulumi.getter(name="skipImportRotation")
|
243
|
+
def skip_import_rotation(self) -> Optional[pulumi.Input[builtins.bool]]:
|
244
|
+
"""
|
245
|
+
If set to true, Vault will skip the
|
246
|
+
initial secret rotation on import. Requires Vault 1.18+ Enterprise.
|
247
|
+
"""
|
248
|
+
return pulumi.get(self, "skip_import_rotation")
|
249
|
+
|
250
|
+
@skip_import_rotation.setter
|
251
|
+
def skip_import_rotation(self, value: Optional[pulumi.Input[builtins.bool]]):
|
252
|
+
pulumi.set(self, "skip_import_rotation", value)
|
253
|
+
|
205
254
|
|
206
255
|
@pulumi.input_type
|
207
256
|
class _SecretBackendStaticRoleState:
|
208
257
|
def __init__(__self__, *,
|
209
|
-
backend: Optional[pulumi.Input[str]] = None,
|
210
|
-
|
211
|
-
|
212
|
-
|
213
|
-
|
214
|
-
|
215
|
-
|
216
|
-
|
217
|
-
|
218
|
-
|
258
|
+
backend: Optional[pulumi.Input[builtins.str]] = None,
|
259
|
+
credential_config: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
|
260
|
+
credential_type: Optional[pulumi.Input[builtins.str]] = None,
|
261
|
+
db_name: Optional[pulumi.Input[builtins.str]] = None,
|
262
|
+
name: Optional[pulumi.Input[builtins.str]] = None,
|
263
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
264
|
+
rotation_period: Optional[pulumi.Input[builtins.int]] = None,
|
265
|
+
rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
|
266
|
+
rotation_statements: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
267
|
+
rotation_window: Optional[pulumi.Input[builtins.int]] = None,
|
268
|
+
self_managed_password: Optional[pulumi.Input[builtins.str]] = None,
|
269
|
+
skip_import_rotation: Optional[pulumi.Input[builtins.bool]] = None,
|
270
|
+
username: Optional[pulumi.Input[builtins.str]] = None):
|
219
271
|
"""
|
220
272
|
Input properties used for looking up and filtering SecretBackendStaticRole resources.
|
221
|
-
:param pulumi.Input[str] backend: The unique name of the Vault mount to configure.
|
222
|
-
:param pulumi.Input[str]
|
223
|
-
|
224
|
-
:param pulumi.Input[str]
|
273
|
+
:param pulumi.Input[builtins.str] backend: The unique name of the Vault mount to configure.
|
274
|
+
:param pulumi.Input[builtins.str] credential_type: The credential type for the user, can be one of "password", "rsa_private_key" or "client_certificate".The configuration
|
275
|
+
can be done in `credential_config`.
|
276
|
+
:param pulumi.Input[builtins.str] db_name: The unique name of the database connection to use for the static role.
|
277
|
+
:param pulumi.Input[builtins.str] name: A unique name to give the static role.
|
278
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
225
279
|
The value should not contain leading or trailing forward slashes.
|
226
280
|
The `namespace` is always relative to the provider's configured namespace.
|
227
281
|
*Available only for Vault Enterprise*.
|
228
|
-
:param pulumi.Input[int] rotation_period: The amount of time Vault should wait before rotating the password, in seconds.
|
282
|
+
:param pulumi.Input[builtins.int] rotation_period: The amount of time Vault should wait before rotating the password, in seconds.
|
229
283
|
Mutually exclusive with `rotation_schedule`.
|
230
|
-
:param pulumi.Input[str] rotation_schedule: A cron-style string that will define the schedule on which rotations should occur.
|
284
|
+
:param pulumi.Input[builtins.str] rotation_schedule: A cron-style string that will define the schedule on which rotations should occur.
|
231
285
|
Mutually exclusive with `rotation_period`.
|
232
286
|
|
233
287
|
**Warning**: The `rotation_period` and `rotation_schedule` fields are
|
234
288
|
mutually exclusive. One of them must be set but not both.
|
235
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] rotation_statements: Database statements to execute to rotate the password for the configured database user.
|
236
|
-
:param pulumi.Input[int] rotation_window: The amount of time, in seconds, in which rotations are allowed to occur starting
|
289
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] rotation_statements: Database statements to execute to rotate the password for the configured database user.
|
290
|
+
:param pulumi.Input[builtins.int] rotation_window: The amount of time, in seconds, in which rotations are allowed to occur starting
|
237
291
|
from a given `rotation_schedule`.
|
238
|
-
:param pulumi.Input[str] self_managed_password: The password corresponding to the username in the database.
|
292
|
+
:param pulumi.Input[builtins.str] self_managed_password: The password corresponding to the username in the database.
|
239
293
|
Required when using the Rootless Password Rotation workflow for static roles. Only enabled for
|
240
294
|
select DB engines (Postgres). Requires Vault 1.18+ Enterprise.
|
241
|
-
:param pulumi.Input[
|
295
|
+
:param pulumi.Input[builtins.bool] skip_import_rotation: If set to true, Vault will skip the
|
296
|
+
initial secret rotation on import. Requires Vault 1.18+ Enterprise.
|
297
|
+
:param pulumi.Input[builtins.str] username: The database username that this static role corresponds to.
|
242
298
|
"""
|
243
299
|
if backend is not None:
|
244
300
|
pulumi.set(__self__, "backend", backend)
|
301
|
+
if credential_config is not None:
|
302
|
+
pulumi.set(__self__, "credential_config", credential_config)
|
303
|
+
if credential_type is not None:
|
304
|
+
pulumi.set(__self__, "credential_type", credential_type)
|
245
305
|
if db_name is not None:
|
246
306
|
pulumi.set(__self__, "db_name", db_name)
|
247
307
|
if name is not None:
|
@@ -258,48 +318,72 @@ class _SecretBackendStaticRoleState:
|
|
258
318
|
pulumi.set(__self__, "rotation_window", rotation_window)
|
259
319
|
if self_managed_password is not None:
|
260
320
|
pulumi.set(__self__, "self_managed_password", self_managed_password)
|
321
|
+
if skip_import_rotation is not None:
|
322
|
+
pulumi.set(__self__, "skip_import_rotation", skip_import_rotation)
|
261
323
|
if username is not None:
|
262
324
|
pulumi.set(__self__, "username", username)
|
263
325
|
|
264
326
|
@property
|
265
327
|
@pulumi.getter
|
266
|
-
def backend(self) -> Optional[pulumi.Input[str]]:
|
328
|
+
def backend(self) -> Optional[pulumi.Input[builtins.str]]:
|
267
329
|
"""
|
268
330
|
The unique name of the Vault mount to configure.
|
269
331
|
"""
|
270
332
|
return pulumi.get(self, "backend")
|
271
333
|
|
272
334
|
@backend.setter
|
273
|
-
def backend(self, value: Optional[pulumi.Input[str]]):
|
335
|
+
def backend(self, value: Optional[pulumi.Input[builtins.str]]):
|
274
336
|
pulumi.set(self, "backend", value)
|
275
337
|
|
338
|
+
@property
|
339
|
+
@pulumi.getter(name="credentialConfig")
|
340
|
+
def credential_config(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]:
|
341
|
+
return pulumi.get(self, "credential_config")
|
342
|
+
|
343
|
+
@credential_config.setter
|
344
|
+
def credential_config(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]):
|
345
|
+
pulumi.set(self, "credential_config", value)
|
346
|
+
|
347
|
+
@property
|
348
|
+
@pulumi.getter(name="credentialType")
|
349
|
+
def credential_type(self) -> Optional[pulumi.Input[builtins.str]]:
|
350
|
+
"""
|
351
|
+
The credential type for the user, can be one of "password", "rsa_private_key" or "client_certificate".The configuration
|
352
|
+
can be done in `credential_config`.
|
353
|
+
"""
|
354
|
+
return pulumi.get(self, "credential_type")
|
355
|
+
|
356
|
+
@credential_type.setter
|
357
|
+
def credential_type(self, value: Optional[pulumi.Input[builtins.str]]):
|
358
|
+
pulumi.set(self, "credential_type", value)
|
359
|
+
|
276
360
|
@property
|
277
361
|
@pulumi.getter(name="dbName")
|
278
|
-
def db_name(self) -> Optional[pulumi.Input[str]]:
|
362
|
+
def db_name(self) -> Optional[pulumi.Input[builtins.str]]:
|
279
363
|
"""
|
280
364
|
The unique name of the database connection to use for the static role.
|
281
365
|
"""
|
282
366
|
return pulumi.get(self, "db_name")
|
283
367
|
|
284
368
|
@db_name.setter
|
285
|
-
def db_name(self, value: Optional[pulumi.Input[str]]):
|
369
|
+
def db_name(self, value: Optional[pulumi.Input[builtins.str]]):
|
286
370
|
pulumi.set(self, "db_name", value)
|
287
371
|
|
288
372
|
@property
|
289
373
|
@pulumi.getter
|
290
|
-
def name(self) -> Optional[pulumi.Input[str]]:
|
374
|
+
def name(self) -> Optional[pulumi.Input[builtins.str]]:
|
291
375
|
"""
|
292
376
|
A unique name to give the static role.
|
293
377
|
"""
|
294
378
|
return pulumi.get(self, "name")
|
295
379
|
|
296
380
|
@name.setter
|
297
|
-
def name(self, value: Optional[pulumi.Input[str]]):
|
381
|
+
def name(self, value: Optional[pulumi.Input[builtins.str]]):
|
298
382
|
pulumi.set(self, "name", value)
|
299
383
|
|
300
384
|
@property
|
301
385
|
@pulumi.getter
|
302
|
-
def namespace(self) -> Optional[pulumi.Input[str]]:
|
386
|
+
def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
|
303
387
|
"""
|
304
388
|
The namespace to provision the resource in.
|
305
389
|
The value should not contain leading or trailing forward slashes.
|
@@ -309,12 +393,12 @@ class _SecretBackendStaticRoleState:
|
|
309
393
|
return pulumi.get(self, "namespace")
|
310
394
|
|
311
395
|
@namespace.setter
|
312
|
-
def namespace(self, value: Optional[pulumi.Input[str]]):
|
396
|
+
def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
|
313
397
|
pulumi.set(self, "namespace", value)
|
314
398
|
|
315
399
|
@property
|
316
400
|
@pulumi.getter(name="rotationPeriod")
|
317
|
-
def rotation_period(self) -> Optional[pulumi.Input[int]]:
|
401
|
+
def rotation_period(self) -> Optional[pulumi.Input[builtins.int]]:
|
318
402
|
"""
|
319
403
|
The amount of time Vault should wait before rotating the password, in seconds.
|
320
404
|
Mutually exclusive with `rotation_schedule`.
|
@@ -322,12 +406,12 @@ class _SecretBackendStaticRoleState:
|
|
322
406
|
return pulumi.get(self, "rotation_period")
|
323
407
|
|
324
408
|
@rotation_period.setter
|
325
|
-
def rotation_period(self, value: Optional[pulumi.Input[int]]):
|
409
|
+
def rotation_period(self, value: Optional[pulumi.Input[builtins.int]]):
|
326
410
|
pulumi.set(self, "rotation_period", value)
|
327
411
|
|
328
412
|
@property
|
329
413
|
@pulumi.getter(name="rotationSchedule")
|
330
|
-
def rotation_schedule(self) -> Optional[pulumi.Input[str]]:
|
414
|
+
def rotation_schedule(self) -> Optional[pulumi.Input[builtins.str]]:
|
331
415
|
"""
|
332
416
|
A cron-style string that will define the schedule on which rotations should occur.
|
333
417
|
Mutually exclusive with `rotation_period`.
|
@@ -338,24 +422,24 @@ class _SecretBackendStaticRoleState:
|
|
338
422
|
return pulumi.get(self, "rotation_schedule")
|
339
423
|
|
340
424
|
@rotation_schedule.setter
|
341
|
-
def rotation_schedule(self, value: Optional[pulumi.Input[str]]):
|
425
|
+
def rotation_schedule(self, value: Optional[pulumi.Input[builtins.str]]):
|
342
426
|
pulumi.set(self, "rotation_schedule", value)
|
343
427
|
|
344
428
|
@property
|
345
429
|
@pulumi.getter(name="rotationStatements")
|
346
|
-
def rotation_statements(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
430
|
+
def rotation_statements(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
347
431
|
"""
|
348
432
|
Database statements to execute to rotate the password for the configured database user.
|
349
433
|
"""
|
350
434
|
return pulumi.get(self, "rotation_statements")
|
351
435
|
|
352
436
|
@rotation_statements.setter
|
353
|
-
def rotation_statements(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
437
|
+
def rotation_statements(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
354
438
|
pulumi.set(self, "rotation_statements", value)
|
355
439
|
|
356
440
|
@property
|
357
441
|
@pulumi.getter(name="rotationWindow")
|
358
|
-
def rotation_window(self) -> Optional[pulumi.Input[int]]:
|
442
|
+
def rotation_window(self) -> Optional[pulumi.Input[builtins.int]]:
|
359
443
|
"""
|
360
444
|
The amount of time, in seconds, in which rotations are allowed to occur starting
|
361
445
|
from a given `rotation_schedule`.
|
@@ -363,12 +447,12 @@ class _SecretBackendStaticRoleState:
|
|
363
447
|
return pulumi.get(self, "rotation_window")
|
364
448
|
|
365
449
|
@rotation_window.setter
|
366
|
-
def rotation_window(self, value: Optional[pulumi.Input[int]]):
|
450
|
+
def rotation_window(self, value: Optional[pulumi.Input[builtins.int]]):
|
367
451
|
pulumi.set(self, "rotation_window", value)
|
368
452
|
|
369
453
|
@property
|
370
454
|
@pulumi.getter(name="selfManagedPassword")
|
371
|
-
def self_managed_password(self) -> Optional[pulumi.Input[str]]:
|
455
|
+
def self_managed_password(self) -> Optional[pulumi.Input[builtins.str]]:
|
372
456
|
"""
|
373
457
|
The password corresponding to the username in the database.
|
374
458
|
Required when using the Rootless Password Rotation workflow for static roles. Only enabled for
|
@@ -377,19 +461,32 @@ class _SecretBackendStaticRoleState:
|
|
377
461
|
return pulumi.get(self, "self_managed_password")
|
378
462
|
|
379
463
|
@self_managed_password.setter
|
380
|
-
def self_managed_password(self, value: Optional[pulumi.Input[str]]):
|
464
|
+
def self_managed_password(self, value: Optional[pulumi.Input[builtins.str]]):
|
381
465
|
pulumi.set(self, "self_managed_password", value)
|
382
466
|
|
467
|
+
@property
|
468
|
+
@pulumi.getter(name="skipImportRotation")
|
469
|
+
def skip_import_rotation(self) -> Optional[pulumi.Input[builtins.bool]]:
|
470
|
+
"""
|
471
|
+
If set to true, Vault will skip the
|
472
|
+
initial secret rotation on import. Requires Vault 1.18+ Enterprise.
|
473
|
+
"""
|
474
|
+
return pulumi.get(self, "skip_import_rotation")
|
475
|
+
|
476
|
+
@skip_import_rotation.setter
|
477
|
+
def skip_import_rotation(self, value: Optional[pulumi.Input[builtins.bool]]):
|
478
|
+
pulumi.set(self, "skip_import_rotation", value)
|
479
|
+
|
383
480
|
@property
|
384
481
|
@pulumi.getter
|
385
|
-
def username(self) -> Optional[pulumi.Input[str]]:
|
482
|
+
def username(self) -> Optional[pulumi.Input[builtins.str]]:
|
386
483
|
"""
|
387
484
|
The database username that this static role corresponds to.
|
388
485
|
"""
|
389
486
|
return pulumi.get(self, "username")
|
390
487
|
|
391
488
|
@username.setter
|
392
|
-
def username(self, value: Optional[pulumi.Input[str]]):
|
489
|
+
def username(self, value: Optional[pulumi.Input[builtins.str]]):
|
393
490
|
pulumi.set(self, "username", value)
|
394
491
|
|
395
492
|
|
@@ -398,16 +495,19 @@ class SecretBackendStaticRole(pulumi.CustomResource):
|
|
398
495
|
def __init__(__self__,
|
399
496
|
resource_name: str,
|
400
497
|
opts: Optional[pulumi.ResourceOptions] = None,
|
401
|
-
backend: Optional[pulumi.Input[str]] = None,
|
402
|
-
|
403
|
-
|
404
|
-
|
405
|
-
|
406
|
-
|
407
|
-
|
408
|
-
|
409
|
-
|
410
|
-
|
498
|
+
backend: Optional[pulumi.Input[builtins.str]] = None,
|
499
|
+
credential_config: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
|
500
|
+
credential_type: Optional[pulumi.Input[builtins.str]] = None,
|
501
|
+
db_name: Optional[pulumi.Input[builtins.str]] = None,
|
502
|
+
name: Optional[pulumi.Input[builtins.str]] = None,
|
503
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
504
|
+
rotation_period: Optional[pulumi.Input[builtins.int]] = None,
|
505
|
+
rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
|
506
|
+
rotation_statements: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
507
|
+
rotation_window: Optional[pulumi.Input[builtins.int]] = None,
|
508
|
+
self_managed_password: Optional[pulumi.Input[builtins.str]] = None,
|
509
|
+
skip_import_rotation: Optional[pulumi.Input[builtins.bool]] = None,
|
510
|
+
username: Optional[pulumi.Input[builtins.str]] = None,
|
411
511
|
__props__=None):
|
412
512
|
"""
|
413
513
|
Creates a Database Secret Backend static role in Vault. Database secret backend
|
@@ -459,27 +559,31 @@ class SecretBackendStaticRole(pulumi.CustomResource):
|
|
459
559
|
|
460
560
|
:param str resource_name: The name of the resource.
|
461
561
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
462
|
-
:param pulumi.Input[str] backend: The unique name of the Vault mount to configure.
|
463
|
-
:param pulumi.Input[str]
|
464
|
-
|
465
|
-
:param pulumi.Input[str]
|
562
|
+
:param pulumi.Input[builtins.str] backend: The unique name of the Vault mount to configure.
|
563
|
+
:param pulumi.Input[builtins.str] credential_type: The credential type for the user, can be one of "password", "rsa_private_key" or "client_certificate".The configuration
|
564
|
+
can be done in `credential_config`.
|
565
|
+
:param pulumi.Input[builtins.str] db_name: The unique name of the database connection to use for the static role.
|
566
|
+
:param pulumi.Input[builtins.str] name: A unique name to give the static role.
|
567
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
466
568
|
The value should not contain leading or trailing forward slashes.
|
467
569
|
The `namespace` is always relative to the provider's configured namespace.
|
468
570
|
*Available only for Vault Enterprise*.
|
469
|
-
:param pulumi.Input[int] rotation_period: The amount of time Vault should wait before rotating the password, in seconds.
|
571
|
+
:param pulumi.Input[builtins.int] rotation_period: The amount of time Vault should wait before rotating the password, in seconds.
|
470
572
|
Mutually exclusive with `rotation_schedule`.
|
471
|
-
:param pulumi.Input[str] rotation_schedule: A cron-style string that will define the schedule on which rotations should occur.
|
573
|
+
:param pulumi.Input[builtins.str] rotation_schedule: A cron-style string that will define the schedule on which rotations should occur.
|
472
574
|
Mutually exclusive with `rotation_period`.
|
473
575
|
|
474
576
|
**Warning**: The `rotation_period` and `rotation_schedule` fields are
|
475
577
|
mutually exclusive. One of them must be set but not both.
|
476
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] rotation_statements: Database statements to execute to rotate the password for the configured database user.
|
477
|
-
:param pulumi.Input[int] rotation_window: The amount of time, in seconds, in which rotations are allowed to occur starting
|
578
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] rotation_statements: Database statements to execute to rotate the password for the configured database user.
|
579
|
+
:param pulumi.Input[builtins.int] rotation_window: The amount of time, in seconds, in which rotations are allowed to occur starting
|
478
580
|
from a given `rotation_schedule`.
|
479
|
-
:param pulumi.Input[str] self_managed_password: The password corresponding to the username in the database.
|
581
|
+
:param pulumi.Input[builtins.str] self_managed_password: The password corresponding to the username in the database.
|
480
582
|
Required when using the Rootless Password Rotation workflow for static roles. Only enabled for
|
481
583
|
select DB engines (Postgres). Requires Vault 1.18+ Enterprise.
|
482
|
-
:param pulumi.Input[
|
584
|
+
:param pulumi.Input[builtins.bool] skip_import_rotation: If set to true, Vault will skip the
|
585
|
+
initial secret rotation on import. Requires Vault 1.18+ Enterprise.
|
586
|
+
:param pulumi.Input[builtins.str] username: The database username that this static role corresponds to.
|
483
587
|
"""
|
484
588
|
...
|
485
589
|
@overload
|
@@ -550,16 +654,19 @@ class SecretBackendStaticRole(pulumi.CustomResource):
|
|
550
654
|
def _internal_init(__self__,
|
551
655
|
resource_name: str,
|
552
656
|
opts: Optional[pulumi.ResourceOptions] = None,
|
553
|
-
backend: Optional[pulumi.Input[str]] = None,
|
554
|
-
|
555
|
-
|
556
|
-
|
557
|
-
|
558
|
-
|
559
|
-
|
560
|
-
|
561
|
-
|
562
|
-
|
657
|
+
backend: Optional[pulumi.Input[builtins.str]] = None,
|
658
|
+
credential_config: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
|
659
|
+
credential_type: Optional[pulumi.Input[builtins.str]] = None,
|
660
|
+
db_name: Optional[pulumi.Input[builtins.str]] = None,
|
661
|
+
name: Optional[pulumi.Input[builtins.str]] = None,
|
662
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
663
|
+
rotation_period: Optional[pulumi.Input[builtins.int]] = None,
|
664
|
+
rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
|
665
|
+
rotation_statements: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
666
|
+
rotation_window: Optional[pulumi.Input[builtins.int]] = None,
|
667
|
+
self_managed_password: Optional[pulumi.Input[builtins.str]] = None,
|
668
|
+
skip_import_rotation: Optional[pulumi.Input[builtins.bool]] = None,
|
669
|
+
username: Optional[pulumi.Input[builtins.str]] = None,
|
563
670
|
__props__=None):
|
564
671
|
opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
|
565
672
|
if not isinstance(opts, pulumi.ResourceOptions):
|
@@ -572,6 +679,8 @@ class SecretBackendStaticRole(pulumi.CustomResource):
|
|
572
679
|
if backend is None and not opts.urn:
|
573
680
|
raise TypeError("Missing required property 'backend'")
|
574
681
|
__props__.__dict__["backend"] = backend
|
682
|
+
__props__.__dict__["credential_config"] = credential_config
|
683
|
+
__props__.__dict__["credential_type"] = credential_type
|
575
684
|
if db_name is None and not opts.urn:
|
576
685
|
raise TypeError("Missing required property 'db_name'")
|
577
686
|
__props__.__dict__["db_name"] = db_name
|
@@ -582,6 +691,7 @@ class SecretBackendStaticRole(pulumi.CustomResource):
|
|
582
691
|
__props__.__dict__["rotation_statements"] = rotation_statements
|
583
692
|
__props__.__dict__["rotation_window"] = rotation_window
|
584
693
|
__props__.__dict__["self_managed_password"] = None if self_managed_password is None else pulumi.Output.secret(self_managed_password)
|
694
|
+
__props__.__dict__["skip_import_rotation"] = skip_import_rotation
|
585
695
|
if username is None and not opts.urn:
|
586
696
|
raise TypeError("Missing required property 'username'")
|
587
697
|
__props__.__dict__["username"] = username
|
@@ -597,16 +707,19 @@ class SecretBackendStaticRole(pulumi.CustomResource):
|
|
597
707
|
def get(resource_name: str,
|
598
708
|
id: pulumi.Input[str],
|
599
709
|
opts: Optional[pulumi.ResourceOptions] = None,
|
600
|
-
backend: Optional[pulumi.Input[str]] = None,
|
601
|
-
|
602
|
-
|
603
|
-
|
604
|
-
|
605
|
-
|
606
|
-
|
607
|
-
|
608
|
-
|
609
|
-
|
710
|
+
backend: Optional[pulumi.Input[builtins.str]] = None,
|
711
|
+
credential_config: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
|
712
|
+
credential_type: Optional[pulumi.Input[builtins.str]] = None,
|
713
|
+
db_name: Optional[pulumi.Input[builtins.str]] = None,
|
714
|
+
name: Optional[pulumi.Input[builtins.str]] = None,
|
715
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
716
|
+
rotation_period: Optional[pulumi.Input[builtins.int]] = None,
|
717
|
+
rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
|
718
|
+
rotation_statements: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
719
|
+
rotation_window: Optional[pulumi.Input[builtins.int]] = None,
|
720
|
+
self_managed_password: Optional[pulumi.Input[builtins.str]] = None,
|
721
|
+
skip_import_rotation: Optional[pulumi.Input[builtins.bool]] = None,
|
722
|
+
username: Optional[pulumi.Input[builtins.str]] = None) -> 'SecretBackendStaticRole':
|
610
723
|
"""
|
611
724
|
Get an existing SecretBackendStaticRole resource's state with the given name, id, and optional extra
|
612
725
|
properties used to qualify the lookup.
|
@@ -614,33 +727,39 @@ class SecretBackendStaticRole(pulumi.CustomResource):
|
|
614
727
|
:param str resource_name: The unique name of the resulting resource.
|
615
728
|
:param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
|
616
729
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
617
|
-
:param pulumi.Input[str] backend: The unique name of the Vault mount to configure.
|
618
|
-
:param pulumi.Input[str]
|
619
|
-
|
620
|
-
:param pulumi.Input[str]
|
730
|
+
:param pulumi.Input[builtins.str] backend: The unique name of the Vault mount to configure.
|
731
|
+
:param pulumi.Input[builtins.str] credential_type: The credential type for the user, can be one of "password", "rsa_private_key" or "client_certificate".The configuration
|
732
|
+
can be done in `credential_config`.
|
733
|
+
:param pulumi.Input[builtins.str] db_name: The unique name of the database connection to use for the static role.
|
734
|
+
:param pulumi.Input[builtins.str] name: A unique name to give the static role.
|
735
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
621
736
|
The value should not contain leading or trailing forward slashes.
|
622
737
|
The `namespace` is always relative to the provider's configured namespace.
|
623
738
|
*Available only for Vault Enterprise*.
|
624
|
-
:param pulumi.Input[int] rotation_period: The amount of time Vault should wait before rotating the password, in seconds.
|
739
|
+
:param pulumi.Input[builtins.int] rotation_period: The amount of time Vault should wait before rotating the password, in seconds.
|
625
740
|
Mutually exclusive with `rotation_schedule`.
|
626
|
-
:param pulumi.Input[str] rotation_schedule: A cron-style string that will define the schedule on which rotations should occur.
|
741
|
+
:param pulumi.Input[builtins.str] rotation_schedule: A cron-style string that will define the schedule on which rotations should occur.
|
627
742
|
Mutually exclusive with `rotation_period`.
|
628
743
|
|
629
744
|
**Warning**: The `rotation_period` and `rotation_schedule` fields are
|
630
745
|
mutually exclusive. One of them must be set but not both.
|
631
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] rotation_statements: Database statements to execute to rotate the password for the configured database user.
|
632
|
-
:param pulumi.Input[int] rotation_window: The amount of time, in seconds, in which rotations are allowed to occur starting
|
746
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] rotation_statements: Database statements to execute to rotate the password for the configured database user.
|
747
|
+
:param pulumi.Input[builtins.int] rotation_window: The amount of time, in seconds, in which rotations are allowed to occur starting
|
633
748
|
from a given `rotation_schedule`.
|
634
|
-
:param pulumi.Input[str] self_managed_password: The password corresponding to the username in the database.
|
749
|
+
:param pulumi.Input[builtins.str] self_managed_password: The password corresponding to the username in the database.
|
635
750
|
Required when using the Rootless Password Rotation workflow for static roles. Only enabled for
|
636
751
|
select DB engines (Postgres). Requires Vault 1.18+ Enterprise.
|
637
|
-
:param pulumi.Input[
|
752
|
+
:param pulumi.Input[builtins.bool] skip_import_rotation: If set to true, Vault will skip the
|
753
|
+
initial secret rotation on import. Requires Vault 1.18+ Enterprise.
|
754
|
+
:param pulumi.Input[builtins.str] username: The database username that this static role corresponds to.
|
638
755
|
"""
|
639
756
|
opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
|
640
757
|
|
641
758
|
__props__ = _SecretBackendStaticRoleState.__new__(_SecretBackendStaticRoleState)
|
642
759
|
|
643
760
|
__props__.__dict__["backend"] = backend
|
761
|
+
__props__.__dict__["credential_config"] = credential_config
|
762
|
+
__props__.__dict__["credential_type"] = credential_type
|
644
763
|
__props__.__dict__["db_name"] = db_name
|
645
764
|
__props__.__dict__["name"] = name
|
646
765
|
__props__.__dict__["namespace"] = namespace
|
@@ -649,20 +768,35 @@ class SecretBackendStaticRole(pulumi.CustomResource):
|
|
649
768
|
__props__.__dict__["rotation_statements"] = rotation_statements
|
650
769
|
__props__.__dict__["rotation_window"] = rotation_window
|
651
770
|
__props__.__dict__["self_managed_password"] = self_managed_password
|
771
|
+
__props__.__dict__["skip_import_rotation"] = skip_import_rotation
|
652
772
|
__props__.__dict__["username"] = username
|
653
773
|
return SecretBackendStaticRole(resource_name, opts=opts, __props__=__props__)
|
654
774
|
|
655
775
|
@property
|
656
776
|
@pulumi.getter
|
657
|
-
def backend(self) -> pulumi.Output[str]:
|
777
|
+
def backend(self) -> pulumi.Output[builtins.str]:
|
658
778
|
"""
|
659
779
|
The unique name of the Vault mount to configure.
|
660
780
|
"""
|
661
781
|
return pulumi.get(self, "backend")
|
662
782
|
|
783
|
+
@property
|
784
|
+
@pulumi.getter(name="credentialConfig")
|
785
|
+
def credential_config(self) -> pulumi.Output[Optional[Mapping[str, builtins.str]]]:
|
786
|
+
return pulumi.get(self, "credential_config")
|
787
|
+
|
788
|
+
@property
|
789
|
+
@pulumi.getter(name="credentialType")
|
790
|
+
def credential_type(self) -> pulumi.Output[builtins.str]:
|
791
|
+
"""
|
792
|
+
The credential type for the user, can be one of "password", "rsa_private_key" or "client_certificate".The configuration
|
793
|
+
can be done in `credential_config`.
|
794
|
+
"""
|
795
|
+
return pulumi.get(self, "credential_type")
|
796
|
+
|
663
797
|
@property
|
664
798
|
@pulumi.getter(name="dbName")
|
665
|
-
def db_name(self) -> pulumi.Output[str]:
|
799
|
+
def db_name(self) -> pulumi.Output[builtins.str]:
|
666
800
|
"""
|
667
801
|
The unique name of the database connection to use for the static role.
|
668
802
|
"""
|
@@ -670,7 +804,7 @@ class SecretBackendStaticRole(pulumi.CustomResource):
|
|
670
804
|
|
671
805
|
@property
|
672
806
|
@pulumi.getter
|
673
|
-
def name(self) -> pulumi.Output[str]:
|
807
|
+
def name(self) -> pulumi.Output[builtins.str]:
|
674
808
|
"""
|
675
809
|
A unique name to give the static role.
|
676
810
|
"""
|
@@ -678,7 +812,7 @@ class SecretBackendStaticRole(pulumi.CustomResource):
|
|
678
812
|
|
679
813
|
@property
|
680
814
|
@pulumi.getter
|
681
|
-
def namespace(self) -> pulumi.Output[Optional[str]]:
|
815
|
+
def namespace(self) -> pulumi.Output[Optional[builtins.str]]:
|
682
816
|
"""
|
683
817
|
The namespace to provision the resource in.
|
684
818
|
The value should not contain leading or trailing forward slashes.
|
@@ -689,7 +823,7 @@ class SecretBackendStaticRole(pulumi.CustomResource):
|
|
689
823
|
|
690
824
|
@property
|
691
825
|
@pulumi.getter(name="rotationPeriod")
|
692
|
-
def rotation_period(self) -> pulumi.Output[Optional[int]]:
|
826
|
+
def rotation_period(self) -> pulumi.Output[Optional[builtins.int]]:
|
693
827
|
"""
|
694
828
|
The amount of time Vault should wait before rotating the password, in seconds.
|
695
829
|
Mutually exclusive with `rotation_schedule`.
|
@@ -698,7 +832,7 @@ class SecretBackendStaticRole(pulumi.CustomResource):
|
|
698
832
|
|
699
833
|
@property
|
700
834
|
@pulumi.getter(name="rotationSchedule")
|
701
|
-
def rotation_schedule(self) -> pulumi.Output[Optional[str]]:
|
835
|
+
def rotation_schedule(self) -> pulumi.Output[Optional[builtins.str]]:
|
702
836
|
"""
|
703
837
|
A cron-style string that will define the schedule on which rotations should occur.
|
704
838
|
Mutually exclusive with `rotation_period`.
|
@@ -710,7 +844,7 @@ class SecretBackendStaticRole(pulumi.CustomResource):
|
|
710
844
|
|
711
845
|
@property
|
712
846
|
@pulumi.getter(name="rotationStatements")
|
713
|
-
def rotation_statements(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
847
|
+
def rotation_statements(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
|
714
848
|
"""
|
715
849
|
Database statements to execute to rotate the password for the configured database user.
|
716
850
|
"""
|
@@ -718,7 +852,7 @@ class SecretBackendStaticRole(pulumi.CustomResource):
|
|
718
852
|
|
719
853
|
@property
|
720
854
|
@pulumi.getter(name="rotationWindow")
|
721
|
-
def rotation_window(self) -> pulumi.Output[Optional[int]]:
|
855
|
+
def rotation_window(self) -> pulumi.Output[Optional[builtins.int]]:
|
722
856
|
"""
|
723
857
|
The amount of time, in seconds, in which rotations are allowed to occur starting
|
724
858
|
from a given `rotation_schedule`.
|
@@ -727,7 +861,7 @@ class SecretBackendStaticRole(pulumi.CustomResource):
|
|
727
861
|
|
728
862
|
@property
|
729
863
|
@pulumi.getter(name="selfManagedPassword")
|
730
|
-
def self_managed_password(self) -> pulumi.Output[Optional[str]]:
|
864
|
+
def self_managed_password(self) -> pulumi.Output[Optional[builtins.str]]:
|
731
865
|
"""
|
732
866
|
The password corresponding to the username in the database.
|
733
867
|
Required when using the Rootless Password Rotation workflow for static roles. Only enabled for
|
@@ -735,9 +869,18 @@ class SecretBackendStaticRole(pulumi.CustomResource):
|
|
735
869
|
"""
|
736
870
|
return pulumi.get(self, "self_managed_password")
|
737
871
|
|
872
|
+
@property
|
873
|
+
@pulumi.getter(name="skipImportRotation")
|
874
|
+
def skip_import_rotation(self) -> pulumi.Output[Optional[builtins.bool]]:
|
875
|
+
"""
|
876
|
+
If set to true, Vault will skip the
|
877
|
+
initial secret rotation on import. Requires Vault 1.18+ Enterprise.
|
878
|
+
"""
|
879
|
+
return pulumi.get(self, "skip_import_rotation")
|
880
|
+
|
738
881
|
@property
|
739
882
|
@pulumi.getter
|
740
|
-
def username(self) -> pulumi.Output[str]:
|
883
|
+
def username(self) -> pulumi.Output[builtins.str]:
|
741
884
|
"""
|
742
885
|
The database username that this static role corresponds to.
|
743
886
|
"""
|