pulumi-vault 6.6.0a1741415971__py3-none-any.whl → 6.7.0__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +9 -0
- pulumi_vault/_inputs.py +583 -562
- pulumi_vault/ad/__init__.py +1 -0
- pulumi_vault/ad/get_access_credentials.py +20 -19
- pulumi_vault/ad/secret_backend.py +477 -476
- pulumi_vault/ad/secret_library.py +99 -98
- pulumi_vault/ad/secret_role.py +85 -84
- pulumi_vault/alicloud/__init__.py +1 -0
- pulumi_vault/alicloud/auth_backend_role.py +183 -182
- pulumi_vault/approle/__init__.py +1 -0
- pulumi_vault/approle/auth_backend_login.py +106 -105
- pulumi_vault/approle/auth_backend_role.py +239 -238
- pulumi_vault/approle/auth_backend_role_secret_id.py +162 -161
- pulumi_vault/approle/get_auth_backend_role_id.py +18 -17
- pulumi_vault/audit.py +85 -84
- pulumi_vault/audit_request_header.py +43 -42
- pulumi_vault/auth_backend.py +106 -105
- pulumi_vault/aws/__init__.py +1 -0
- pulumi_vault/aws/auth_backend_cert.py +71 -70
- pulumi_vault/aws/auth_backend_client.py +425 -200
- pulumi_vault/aws/auth_backend_config_identity.py +85 -84
- pulumi_vault/aws/auth_backend_identity_whitelist.py +57 -56
- pulumi_vault/aws/auth_backend_login.py +209 -208
- pulumi_vault/aws/auth_backend_role.py +400 -399
- pulumi_vault/aws/auth_backend_role_tag.py +127 -126
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +57 -56
- pulumi_vault/aws/auth_backend_sts_role.py +71 -70
- pulumi_vault/aws/get_access_credentials.py +44 -43
- pulumi_vault/aws/get_static_access_credentials.py +13 -12
- pulumi_vault/aws/secret_backend.py +523 -306
- pulumi_vault/aws/secret_backend_role.py +211 -210
- pulumi_vault/aws/secret_backend_static_role.py +288 -70
- pulumi_vault/azure/__init__.py +1 -0
- pulumi_vault/azure/_inputs.py +21 -20
- pulumi_vault/azure/auth_backend_config.py +383 -130
- pulumi_vault/azure/auth_backend_role.py +253 -252
- pulumi_vault/azure/backend.py +432 -186
- pulumi_vault/azure/backend_role.py +188 -140
- pulumi_vault/azure/get_access_credentials.py +58 -57
- pulumi_vault/azure/outputs.py +11 -10
- pulumi_vault/cert_auth_backend_role.py +365 -364
- pulumi_vault/config/__init__.py +1 -0
- pulumi_vault/config/__init__.pyi +1 -0
- pulumi_vault/config/_inputs.py +11 -10
- pulumi_vault/config/outputs.py +287 -286
- pulumi_vault/config/ui_custom_message.py +113 -112
- pulumi_vault/config/vars.py +1 -0
- pulumi_vault/consul/__init__.py +1 -0
- pulumi_vault/consul/secret_backend.py +197 -196
- pulumi_vault/consul/secret_backend_role.py +183 -182
- pulumi_vault/database/__init__.py +1 -0
- pulumi_vault/database/_inputs.py +3857 -2200
- pulumi_vault/database/outputs.py +2483 -1330
- pulumi_vault/database/secret_backend_connection.py +333 -112
- pulumi_vault/database/secret_backend_role.py +169 -168
- pulumi_vault/database/secret_backend_static_role.py +283 -140
- pulumi_vault/database/secrets_mount.py +275 -266
- pulumi_vault/egp_policy.py +71 -70
- pulumi_vault/gcp/__init__.py +1 -0
- pulumi_vault/gcp/_inputs.py +82 -81
- pulumi_vault/gcp/auth_backend.py +426 -205
- pulumi_vault/gcp/auth_backend_role.py +281 -280
- pulumi_vault/gcp/get_auth_backend_role.py +70 -69
- pulumi_vault/gcp/outputs.py +50 -49
- pulumi_vault/gcp/secret_backend.py +420 -179
- pulumi_vault/gcp/secret_impersonated_account.py +92 -91
- pulumi_vault/gcp/secret_roleset.py +92 -91
- pulumi_vault/gcp/secret_static_account.py +92 -91
- pulumi_vault/generic/__init__.py +1 -0
- pulumi_vault/generic/endpoint.py +113 -112
- pulumi_vault/generic/get_secret.py +28 -27
- pulumi_vault/generic/secret.py +78 -77
- pulumi_vault/get_auth_backend.py +19 -18
- pulumi_vault/get_auth_backends.py +14 -13
- pulumi_vault/get_namespace.py +15 -14
- pulumi_vault/get_namespaces.py +68 -18
- pulumi_vault/get_nomad_access_token.py +19 -18
- pulumi_vault/get_policy_document.py +6 -5
- pulumi_vault/get_raft_autopilot_state.py +18 -17
- pulumi_vault/github/__init__.py +1 -0
- pulumi_vault/github/_inputs.py +42 -41
- pulumi_vault/github/auth_backend.py +232 -231
- pulumi_vault/github/outputs.py +26 -25
- pulumi_vault/github/team.py +57 -56
- pulumi_vault/github/user.py +57 -56
- pulumi_vault/identity/__init__.py +1 -0
- pulumi_vault/identity/entity.py +85 -84
- pulumi_vault/identity/entity_alias.py +71 -70
- pulumi_vault/identity/entity_policies.py +64 -63
- pulumi_vault/identity/get_entity.py +43 -42
- pulumi_vault/identity/get_group.py +50 -49
- pulumi_vault/identity/get_oidc_client_creds.py +14 -13
- pulumi_vault/identity/get_oidc_openid_config.py +24 -23
- pulumi_vault/identity/get_oidc_public_keys.py +13 -12
- pulumi_vault/identity/group.py +141 -140
- pulumi_vault/identity/group_alias.py +57 -56
- pulumi_vault/identity/group_member_entity_ids.py +57 -56
- pulumi_vault/identity/group_member_group_ids.py +57 -56
- pulumi_vault/identity/group_policies.py +64 -63
- pulumi_vault/identity/mfa_duo.py +148 -147
- pulumi_vault/identity/mfa_login_enforcement.py +120 -119
- pulumi_vault/identity/mfa_okta.py +134 -133
- pulumi_vault/identity/mfa_pingid.py +127 -126
- pulumi_vault/identity/mfa_totp.py +176 -175
- pulumi_vault/identity/oidc.py +29 -28
- pulumi_vault/identity/oidc_assignment.py +57 -56
- pulumi_vault/identity/oidc_client.py +127 -126
- pulumi_vault/identity/oidc_key.py +85 -84
- pulumi_vault/identity/oidc_key_allowed_client_id.py +43 -42
- pulumi_vault/identity/oidc_provider.py +92 -91
- pulumi_vault/identity/oidc_role.py +85 -84
- pulumi_vault/identity/oidc_scope.py +57 -56
- pulumi_vault/identity/outputs.py +32 -31
- pulumi_vault/jwt/__init__.py +1 -0
- pulumi_vault/jwt/_inputs.py +42 -41
- pulumi_vault/jwt/auth_backend.py +288 -287
- pulumi_vault/jwt/auth_backend_role.py +407 -406
- pulumi_vault/jwt/outputs.py +26 -25
- pulumi_vault/kmip/__init__.py +1 -0
- pulumi_vault/kmip/secret_backend.py +183 -182
- pulumi_vault/kmip/secret_role.py +295 -294
- pulumi_vault/kmip/secret_scope.py +57 -56
- pulumi_vault/kubernetes/__init__.py +1 -0
- pulumi_vault/kubernetes/auth_backend_config.py +141 -140
- pulumi_vault/kubernetes/auth_backend_role.py +225 -224
- pulumi_vault/kubernetes/get_auth_backend_config.py +47 -46
- pulumi_vault/kubernetes/get_auth_backend_role.py +70 -69
- pulumi_vault/kubernetes/get_service_account_token.py +38 -37
- pulumi_vault/kubernetes/secret_backend.py +316 -315
- pulumi_vault/kubernetes/secret_backend_role.py +197 -196
- pulumi_vault/kv/__init__.py +1 -0
- pulumi_vault/kv/_inputs.py +21 -20
- pulumi_vault/kv/get_secret.py +17 -16
- pulumi_vault/kv/get_secret_subkeys_v2.py +30 -29
- pulumi_vault/kv/get_secret_v2.py +29 -28
- pulumi_vault/kv/get_secrets_list.py +13 -12
- pulumi_vault/kv/get_secrets_list_v2.py +19 -18
- pulumi_vault/kv/outputs.py +13 -12
- pulumi_vault/kv/secret.py +50 -49
- pulumi_vault/kv/secret_backend_v2.py +71 -70
- pulumi_vault/kv/secret_v2.py +134 -133
- pulumi_vault/ldap/__init__.py +1 -0
- pulumi_vault/ldap/auth_backend.py +754 -533
- pulumi_vault/ldap/auth_backend_group.py +57 -56
- pulumi_vault/ldap/auth_backend_user.py +71 -70
- pulumi_vault/ldap/get_dynamic_credentials.py +17 -16
- pulumi_vault/ldap/get_static_credentials.py +18 -17
- pulumi_vault/ldap/secret_backend.py +720 -499
- pulumi_vault/ldap/secret_backend_dynamic_role.py +127 -126
- pulumi_vault/ldap/secret_backend_library_set.py +99 -98
- pulumi_vault/ldap/secret_backend_static_role.py +99 -98
- pulumi_vault/managed/__init__.py +1 -0
- pulumi_vault/managed/_inputs.py +229 -228
- pulumi_vault/managed/keys.py +15 -14
- pulumi_vault/managed/outputs.py +139 -138
- pulumi_vault/mfa_duo.py +113 -112
- pulumi_vault/mfa_okta.py +113 -112
- pulumi_vault/mfa_pingid.py +120 -119
- pulumi_vault/mfa_totp.py +127 -126
- pulumi_vault/mongodbatlas/__init__.py +1 -0
- pulumi_vault/mongodbatlas/secret_backend.py +64 -63
- pulumi_vault/mongodbatlas/secret_role.py +155 -154
- pulumi_vault/mount.py +274 -273
- pulumi_vault/namespace.py +64 -63
- pulumi_vault/nomad_secret_backend.py +211 -210
- pulumi_vault/nomad_secret_role.py +85 -84
- pulumi_vault/okta/__init__.py +1 -0
- pulumi_vault/okta/_inputs.py +26 -25
- pulumi_vault/okta/auth_backend.py +274 -273
- pulumi_vault/okta/auth_backend_group.py +57 -56
- pulumi_vault/okta/auth_backend_user.py +71 -70
- pulumi_vault/okta/outputs.py +16 -15
- pulumi_vault/outputs.py +73 -60
- pulumi_vault/password_policy.py +43 -42
- pulumi_vault/pkisecret/__init__.py +3 -0
- pulumi_vault/pkisecret/_inputs.py +31 -36
- pulumi_vault/pkisecret/backend_acme_eab.py +92 -91
- pulumi_vault/pkisecret/backend_config_acme.py +174 -126
- pulumi_vault/pkisecret/backend_config_auto_tidy.py +1377 -0
- pulumi_vault/pkisecret/backend_config_cluster.py +57 -56
- pulumi_vault/pkisecret/backend_config_cmpv2.py +152 -104
- pulumi_vault/pkisecret/backend_config_est.py +120 -119
- pulumi_vault/pkisecret/get_backend_cert_metadata.py +278 -0
- pulumi_vault/pkisecret/get_backend_config_cmpv2.py +35 -17
- pulumi_vault/pkisecret/get_backend_config_est.py +19 -18
- pulumi_vault/pkisecret/get_backend_issuer.py +139 -25
- pulumi_vault/pkisecret/get_backend_issuers.py +15 -14
- pulumi_vault/pkisecret/get_backend_key.py +20 -19
- pulumi_vault/pkisecret/get_backend_keys.py +15 -14
- pulumi_vault/pkisecret/outputs.py +28 -31
- pulumi_vault/pkisecret/secret_backend_cert.py +439 -297
- pulumi_vault/pkisecret/secret_backend_config_ca.py +43 -42
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +57 -56
- pulumi_vault/pkisecret/secret_backend_config_urls.py +85 -84
- pulumi_vault/pkisecret/secret_backend_crl_config.py +237 -182
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +520 -378
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +57 -56
- pulumi_vault/pkisecret/secret_backend_issuer.py +441 -175
- pulumi_vault/pkisecret/secret_backend_key.py +120 -119
- pulumi_vault/pkisecret/secret_backend_role.py +894 -644
- pulumi_vault/pkisecret/secret_backend_root_cert.py +851 -427
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +936 -357
- pulumi_vault/pkisecret/secret_backend_sign.py +347 -252
- pulumi_vault/plugin.py +127 -126
- pulumi_vault/plugin_pinned_version.py +43 -42
- pulumi_vault/policy.py +43 -42
- pulumi_vault/provider.py +120 -119
- pulumi_vault/pulumi-plugin.json +1 -1
- pulumi_vault/quota_lease_count.py +85 -84
- pulumi_vault/quota_rate_limit.py +113 -112
- pulumi_vault/rabbitmq/__init__.py +1 -0
- pulumi_vault/rabbitmq/_inputs.py +41 -40
- pulumi_vault/rabbitmq/outputs.py +25 -24
- pulumi_vault/rabbitmq/secret_backend.py +169 -168
- pulumi_vault/rabbitmq/secret_backend_role.py +57 -56
- pulumi_vault/raft_autopilot.py +113 -112
- pulumi_vault/raft_snapshot_agent_config.py +393 -392
- pulumi_vault/rgp_policy.py +57 -56
- pulumi_vault/saml/__init__.py +1 -0
- pulumi_vault/saml/auth_backend.py +155 -154
- pulumi_vault/saml/auth_backend_role.py +239 -238
- pulumi_vault/secrets/__init__.py +1 -0
- pulumi_vault/secrets/_inputs.py +16 -15
- pulumi_vault/secrets/outputs.py +10 -9
- pulumi_vault/secrets/sync_association.py +71 -70
- pulumi_vault/secrets/sync_aws_destination.py +148 -147
- pulumi_vault/secrets/sync_azure_destination.py +148 -147
- pulumi_vault/secrets/sync_config.py +43 -42
- pulumi_vault/secrets/sync_gcp_destination.py +106 -105
- pulumi_vault/secrets/sync_gh_destination.py +134 -133
- pulumi_vault/secrets/sync_github_apps.py +64 -63
- pulumi_vault/secrets/sync_vercel_destination.py +120 -119
- pulumi_vault/ssh/__init__.py +2 -0
- pulumi_vault/ssh/_inputs.py +11 -10
- pulumi_vault/ssh/get_secret_backend_sign.py +295 -0
- pulumi_vault/ssh/outputs.py +7 -6
- pulumi_vault/ssh/secret_backend_ca.py +99 -98
- pulumi_vault/ssh/secret_backend_role.py +365 -364
- pulumi_vault/terraformcloud/__init__.py +1 -0
- pulumi_vault/terraformcloud/secret_backend.py +111 -110
- pulumi_vault/terraformcloud/secret_creds.py +74 -73
- pulumi_vault/terraformcloud/secret_role.py +96 -95
- pulumi_vault/token.py +246 -245
- pulumi_vault/tokenauth/__init__.py +1 -0
- pulumi_vault/tokenauth/auth_backend_role.py +267 -266
- pulumi_vault/transform/__init__.py +1 -0
- pulumi_vault/transform/alphabet.py +57 -56
- pulumi_vault/transform/get_decode.py +47 -46
- pulumi_vault/transform/get_encode.py +47 -46
- pulumi_vault/transform/role.py +57 -56
- pulumi_vault/transform/template.py +113 -112
- pulumi_vault/transform/transformation.py +141 -140
- pulumi_vault/transit/__init__.py +3 -0
- pulumi_vault/transit/get_decrypt.py +18 -17
- pulumi_vault/transit/get_encrypt.py +21 -20
- pulumi_vault/transit/get_sign.py +325 -0
- pulumi_vault/transit/get_verify.py +355 -0
- pulumi_vault/transit/secret_backend_key.py +394 -231
- pulumi_vault/transit/secret_cache_config.py +43 -42
- {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0.dist-info}/METADATA +2 -2
- pulumi_vault-6.7.0.dist-info/RECORD +265 -0
- {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0.dist-info}/WHEEL +1 -1
- pulumi_vault-6.6.0a1741415971.dist-info/RECORD +0 -260
- {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0.dist-info}/top_level.txt +0 -0
pulumi_vault/gcp/auth_backend.py
CHANGED
@@ -2,6 +2,7 @@
|
|
2
2
|
# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
|
3
3
|
# *** Do not edit by hand unless you're certain you know what you are doing! ***
|
4
4
|
|
5
|
+
import builtins
|
5
6
|
import copy
|
6
7
|
import warnings
|
7
8
|
import sys
|
@@ -21,27 +22,31 @@ __all__ = ['AuthBackendArgs', 'AuthBackend']
|
|
21
22
|
@pulumi.input_type
|
22
23
|
class AuthBackendArgs:
|
23
24
|
def __init__(__self__, *,
|
24
|
-
client_email: Optional[pulumi.Input[str]] = None,
|
25
|
-
client_id: Optional[pulumi.Input[str]] = None,
|
26
|
-
credentials: Optional[pulumi.Input[str]] = None,
|
25
|
+
client_email: Optional[pulumi.Input[builtins.str]] = None,
|
26
|
+
client_id: Optional[pulumi.Input[builtins.str]] = None,
|
27
|
+
credentials: Optional[pulumi.Input[builtins.str]] = None,
|
27
28
|
custom_endpoint: Optional[pulumi.Input['AuthBackendCustomEndpointArgs']] = None,
|
28
|
-
description: Optional[pulumi.Input[str]] = None,
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
29
|
+
description: Optional[pulumi.Input[builtins.str]] = None,
|
30
|
+
disable_automated_rotation: Optional[pulumi.Input[builtins.bool]] = None,
|
31
|
+
disable_remount: Optional[pulumi.Input[builtins.bool]] = None,
|
32
|
+
identity_token_audience: Optional[pulumi.Input[builtins.str]] = None,
|
33
|
+
identity_token_key: Optional[pulumi.Input[builtins.str]] = None,
|
34
|
+
identity_token_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
35
|
+
local: Optional[pulumi.Input[builtins.bool]] = None,
|
36
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
37
|
+
path: Optional[pulumi.Input[builtins.str]] = None,
|
38
|
+
private_key_id: Optional[pulumi.Input[builtins.str]] = None,
|
39
|
+
project_id: Optional[pulumi.Input[builtins.str]] = None,
|
40
|
+
rotation_period: Optional[pulumi.Input[builtins.int]] = None,
|
41
|
+
rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
|
42
|
+
rotation_window: Optional[pulumi.Input[builtins.int]] = None,
|
43
|
+
service_account_email: Optional[pulumi.Input[builtins.str]] = None,
|
39
44
|
tune: Optional[pulumi.Input['AuthBackendTuneArgs']] = None):
|
40
45
|
"""
|
41
46
|
The set of arguments for constructing a AuthBackend resource.
|
42
|
-
:param pulumi.Input[str] client_email: The clients email associated with the credentials
|
43
|
-
:param pulumi.Input[str] client_id: The Client ID of the credentials
|
44
|
-
:param pulumi.Input[str] credentials: A JSON string containing the contents of a GCP credentials file. If this value is empty, Vault will try to use Application Default Credentials from the machine on which the Vault server is running.
|
47
|
+
:param pulumi.Input[builtins.str] client_email: The clients email associated with the credentials
|
48
|
+
:param pulumi.Input[builtins.str] client_id: The Client ID of the credentials
|
49
|
+
:param pulumi.Input[builtins.str] credentials: A JSON string containing the contents of a GCP credentials file. If this value is empty, Vault will try to use Application Default Credentials from the machine on which the Vault server is running.
|
45
50
|
:param pulumi.Input['AuthBackendCustomEndpointArgs'] custom_endpoint: Specifies overrides to
|
46
51
|
[service endpoints](https://cloud.google.com/apis/design/glossary#api_service_endpoint)
|
47
52
|
used when making API requests. This allows specific requests made during authentication
|
@@ -49,24 +54,32 @@ class AuthBackendArgs:
|
|
49
54
|
environments. Requires Vault 1.11+.
|
50
55
|
|
51
56
|
Overrides are set at the subdomain level using the following keys:
|
52
|
-
:param pulumi.Input[str] description: A description of the auth method.
|
53
|
-
:param pulumi.Input[bool]
|
57
|
+
:param pulumi.Input[builtins.str] description: A description of the auth method.
|
58
|
+
:param pulumi.Input[builtins.bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
59
|
+
:param pulumi.Input[builtins.bool] disable_remount: If set, opts out of mount migration on path updates.
|
54
60
|
See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
|
55
|
-
:param pulumi.Input[str] identity_token_audience: The audience claim value for plugin identity
|
61
|
+
:param pulumi.Input[builtins.str] identity_token_audience: The audience claim value for plugin identity
|
56
62
|
tokens. Must match an allowed audience configured for the target [Workload Identity Pool](https://cloud.google.com/iam/docs/workload-identity-federation-with-other-providers#prepare).
|
57
63
|
Mutually exclusive with `credentials`. Requires Vault 1.17+. *Available only for Vault Enterprise*.
|
58
|
-
:param pulumi.Input[str] identity_token_key: The key to use for signing plugin identity
|
64
|
+
:param pulumi.Input[builtins.str] identity_token_key: The key to use for signing plugin identity
|
59
65
|
tokens. Requires Vault 1.17+. *Available only for Vault Enterprise*.
|
60
|
-
:param pulumi.Input[int] identity_token_ttl: The TTL of generated tokens.
|
61
|
-
:param pulumi.Input[bool] local: Specifies if the auth method is local only.
|
62
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
66
|
+
:param pulumi.Input[builtins.int] identity_token_ttl: The TTL of generated tokens.
|
67
|
+
:param pulumi.Input[builtins.bool] local: Specifies if the auth method is local only.
|
68
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
63
69
|
The value should not contain leading or trailing forward slashes.
|
64
70
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
65
71
|
*Available only for Vault Enterprise*.
|
66
|
-
:param pulumi.Input[str] path: The path to mount the auth method — this defaults to 'gcp'.
|
67
|
-
:param pulumi.Input[str] private_key_id: The ID of the private key from the credentials
|
68
|
-
:param pulumi.Input[str] project_id: The GCP Project ID
|
69
|
-
:param pulumi.Input[
|
72
|
+
:param pulumi.Input[builtins.str] path: The path to mount the auth method — this defaults to 'gcp'.
|
73
|
+
:param pulumi.Input[builtins.str] private_key_id: The ID of the private key from the credentials
|
74
|
+
:param pulumi.Input[builtins.str] project_id: The GCP Project ID
|
75
|
+
:param pulumi.Input[builtins.int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
|
76
|
+
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
77
|
+
:param pulumi.Input[builtins.str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
78
|
+
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
79
|
+
:param pulumi.Input[builtins.int] rotation_window: The maximum amount of time in seconds allowed to complete
|
80
|
+
a rotation when a scheduled token rotation occurs. The default rotation window is
|
81
|
+
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
|
82
|
+
:param pulumi.Input[builtins.str] service_account_email: Service Account to impersonate for plugin workload identity federation.
|
70
83
|
Required with `identity_token_audience`. Requires Vault 1.17+. *Available only for Vault Enterprise*.
|
71
84
|
:param pulumi.Input['AuthBackendTuneArgs'] tune: Extra configuration block. Structure is documented below.
|
72
85
|
|
@@ -82,6 +95,8 @@ class AuthBackendArgs:
|
|
82
95
|
pulumi.set(__self__, "custom_endpoint", custom_endpoint)
|
83
96
|
if description is not None:
|
84
97
|
pulumi.set(__self__, "description", description)
|
98
|
+
if disable_automated_rotation is not None:
|
99
|
+
pulumi.set(__self__, "disable_automated_rotation", disable_automated_rotation)
|
85
100
|
if disable_remount is not None:
|
86
101
|
pulumi.set(__self__, "disable_remount", disable_remount)
|
87
102
|
if identity_token_audience is not None:
|
@@ -100,6 +115,12 @@ class AuthBackendArgs:
|
|
100
115
|
pulumi.set(__self__, "private_key_id", private_key_id)
|
101
116
|
if project_id is not None:
|
102
117
|
pulumi.set(__self__, "project_id", project_id)
|
118
|
+
if rotation_period is not None:
|
119
|
+
pulumi.set(__self__, "rotation_period", rotation_period)
|
120
|
+
if rotation_schedule is not None:
|
121
|
+
pulumi.set(__self__, "rotation_schedule", rotation_schedule)
|
122
|
+
if rotation_window is not None:
|
123
|
+
pulumi.set(__self__, "rotation_window", rotation_window)
|
103
124
|
if service_account_email is not None:
|
104
125
|
pulumi.set(__self__, "service_account_email", service_account_email)
|
105
126
|
if tune is not None:
|
@@ -107,38 +128,38 @@ class AuthBackendArgs:
|
|
107
128
|
|
108
129
|
@property
|
109
130
|
@pulumi.getter(name="clientEmail")
|
110
|
-
def client_email(self) -> Optional[pulumi.Input[str]]:
|
131
|
+
def client_email(self) -> Optional[pulumi.Input[builtins.str]]:
|
111
132
|
"""
|
112
133
|
The clients email associated with the credentials
|
113
134
|
"""
|
114
135
|
return pulumi.get(self, "client_email")
|
115
136
|
|
116
137
|
@client_email.setter
|
117
|
-
def client_email(self, value: Optional[pulumi.Input[str]]):
|
138
|
+
def client_email(self, value: Optional[pulumi.Input[builtins.str]]):
|
118
139
|
pulumi.set(self, "client_email", value)
|
119
140
|
|
120
141
|
@property
|
121
142
|
@pulumi.getter(name="clientId")
|
122
|
-
def client_id(self) -> Optional[pulumi.Input[str]]:
|
143
|
+
def client_id(self) -> Optional[pulumi.Input[builtins.str]]:
|
123
144
|
"""
|
124
145
|
The Client ID of the credentials
|
125
146
|
"""
|
126
147
|
return pulumi.get(self, "client_id")
|
127
148
|
|
128
149
|
@client_id.setter
|
129
|
-
def client_id(self, value: Optional[pulumi.Input[str]]):
|
150
|
+
def client_id(self, value: Optional[pulumi.Input[builtins.str]]):
|
130
151
|
pulumi.set(self, "client_id", value)
|
131
152
|
|
132
153
|
@property
|
133
154
|
@pulumi.getter
|
134
|
-
def credentials(self) -> Optional[pulumi.Input[str]]:
|
155
|
+
def credentials(self) -> Optional[pulumi.Input[builtins.str]]:
|
135
156
|
"""
|
136
157
|
A JSON string containing the contents of a GCP credentials file. If this value is empty, Vault will try to use Application Default Credentials from the machine on which the Vault server is running.
|
137
158
|
"""
|
138
159
|
return pulumi.get(self, "credentials")
|
139
160
|
|
140
161
|
@credentials.setter
|
141
|
-
def credentials(self, value: Optional[pulumi.Input[str]]):
|
162
|
+
def credentials(self, value: Optional[pulumi.Input[builtins.str]]):
|
142
163
|
pulumi.set(self, "credentials", value)
|
143
164
|
|
144
165
|
@property
|
@@ -161,19 +182,31 @@ class AuthBackendArgs:
|
|
161
182
|
|
162
183
|
@property
|
163
184
|
@pulumi.getter
|
164
|
-
def description(self) -> Optional[pulumi.Input[str]]:
|
185
|
+
def description(self) -> Optional[pulumi.Input[builtins.str]]:
|
165
186
|
"""
|
166
187
|
A description of the auth method.
|
167
188
|
"""
|
168
189
|
return pulumi.get(self, "description")
|
169
190
|
|
170
191
|
@description.setter
|
171
|
-
def description(self, value: Optional[pulumi.Input[str]]):
|
192
|
+
def description(self, value: Optional[pulumi.Input[builtins.str]]):
|
172
193
|
pulumi.set(self, "description", value)
|
173
194
|
|
195
|
+
@property
|
196
|
+
@pulumi.getter(name="disableAutomatedRotation")
|
197
|
+
def disable_automated_rotation(self) -> Optional[pulumi.Input[builtins.bool]]:
|
198
|
+
"""
|
199
|
+
Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
200
|
+
"""
|
201
|
+
return pulumi.get(self, "disable_automated_rotation")
|
202
|
+
|
203
|
+
@disable_automated_rotation.setter
|
204
|
+
def disable_automated_rotation(self, value: Optional[pulumi.Input[builtins.bool]]):
|
205
|
+
pulumi.set(self, "disable_automated_rotation", value)
|
206
|
+
|
174
207
|
@property
|
175
208
|
@pulumi.getter(name="disableRemount")
|
176
|
-
def disable_remount(self) -> Optional[pulumi.Input[bool]]:
|
209
|
+
def disable_remount(self) -> Optional[pulumi.Input[builtins.bool]]:
|
177
210
|
"""
|
178
211
|
If set, opts out of mount migration on path updates.
|
179
212
|
See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
|
@@ -181,12 +214,12 @@ class AuthBackendArgs:
|
|
181
214
|
return pulumi.get(self, "disable_remount")
|
182
215
|
|
183
216
|
@disable_remount.setter
|
184
|
-
def disable_remount(self, value: Optional[pulumi.Input[bool]]):
|
217
|
+
def disable_remount(self, value: Optional[pulumi.Input[builtins.bool]]):
|
185
218
|
pulumi.set(self, "disable_remount", value)
|
186
219
|
|
187
220
|
@property
|
188
221
|
@pulumi.getter(name="identityTokenAudience")
|
189
|
-
def identity_token_audience(self) -> Optional[pulumi.Input[str]]:
|
222
|
+
def identity_token_audience(self) -> Optional[pulumi.Input[builtins.str]]:
|
190
223
|
"""
|
191
224
|
The audience claim value for plugin identity
|
192
225
|
tokens. Must match an allowed audience configured for the target [Workload Identity Pool](https://cloud.google.com/iam/docs/workload-identity-federation-with-other-providers#prepare).
|
@@ -195,12 +228,12 @@ class AuthBackendArgs:
|
|
195
228
|
return pulumi.get(self, "identity_token_audience")
|
196
229
|
|
197
230
|
@identity_token_audience.setter
|
198
|
-
def identity_token_audience(self, value: Optional[pulumi.Input[str]]):
|
231
|
+
def identity_token_audience(self, value: Optional[pulumi.Input[builtins.str]]):
|
199
232
|
pulumi.set(self, "identity_token_audience", value)
|
200
233
|
|
201
234
|
@property
|
202
235
|
@pulumi.getter(name="identityTokenKey")
|
203
|
-
def identity_token_key(self) -> Optional[pulumi.Input[str]]:
|
236
|
+
def identity_token_key(self) -> Optional[pulumi.Input[builtins.str]]:
|
204
237
|
"""
|
205
238
|
The key to use for signing plugin identity
|
206
239
|
tokens. Requires Vault 1.17+. *Available only for Vault Enterprise*.
|
@@ -208,36 +241,36 @@ class AuthBackendArgs:
|
|
208
241
|
return pulumi.get(self, "identity_token_key")
|
209
242
|
|
210
243
|
@identity_token_key.setter
|
211
|
-
def identity_token_key(self, value: Optional[pulumi.Input[str]]):
|
244
|
+
def identity_token_key(self, value: Optional[pulumi.Input[builtins.str]]):
|
212
245
|
pulumi.set(self, "identity_token_key", value)
|
213
246
|
|
214
247
|
@property
|
215
248
|
@pulumi.getter(name="identityTokenTtl")
|
216
|
-
def identity_token_ttl(self) -> Optional[pulumi.Input[int]]:
|
249
|
+
def identity_token_ttl(self) -> Optional[pulumi.Input[builtins.int]]:
|
217
250
|
"""
|
218
251
|
The TTL of generated tokens.
|
219
252
|
"""
|
220
253
|
return pulumi.get(self, "identity_token_ttl")
|
221
254
|
|
222
255
|
@identity_token_ttl.setter
|
223
|
-
def identity_token_ttl(self, value: Optional[pulumi.Input[int]]):
|
256
|
+
def identity_token_ttl(self, value: Optional[pulumi.Input[builtins.int]]):
|
224
257
|
pulumi.set(self, "identity_token_ttl", value)
|
225
258
|
|
226
259
|
@property
|
227
260
|
@pulumi.getter
|
228
|
-
def local(self) -> Optional[pulumi.Input[bool]]:
|
261
|
+
def local(self) -> Optional[pulumi.Input[builtins.bool]]:
|
229
262
|
"""
|
230
263
|
Specifies if the auth method is local only.
|
231
264
|
"""
|
232
265
|
return pulumi.get(self, "local")
|
233
266
|
|
234
267
|
@local.setter
|
235
|
-
def local(self, value: Optional[pulumi.Input[bool]]):
|
268
|
+
def local(self, value: Optional[pulumi.Input[builtins.bool]]):
|
236
269
|
pulumi.set(self, "local", value)
|
237
270
|
|
238
271
|
@property
|
239
272
|
@pulumi.getter
|
240
|
-
def namespace(self) -> Optional[pulumi.Input[str]]:
|
273
|
+
def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
|
241
274
|
"""
|
242
275
|
The namespace to provision the resource in.
|
243
276
|
The value should not contain leading or trailing forward slashes.
|
@@ -247,48 +280,88 @@ class AuthBackendArgs:
|
|
247
280
|
return pulumi.get(self, "namespace")
|
248
281
|
|
249
282
|
@namespace.setter
|
250
|
-
def namespace(self, value: Optional[pulumi.Input[str]]):
|
283
|
+
def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
|
251
284
|
pulumi.set(self, "namespace", value)
|
252
285
|
|
253
286
|
@property
|
254
287
|
@pulumi.getter
|
255
|
-
def path(self) -> Optional[pulumi.Input[str]]:
|
288
|
+
def path(self) -> Optional[pulumi.Input[builtins.str]]:
|
256
289
|
"""
|
257
290
|
The path to mount the auth method — this defaults to 'gcp'.
|
258
291
|
"""
|
259
292
|
return pulumi.get(self, "path")
|
260
293
|
|
261
294
|
@path.setter
|
262
|
-
def path(self, value: Optional[pulumi.Input[str]]):
|
295
|
+
def path(self, value: Optional[pulumi.Input[builtins.str]]):
|
263
296
|
pulumi.set(self, "path", value)
|
264
297
|
|
265
298
|
@property
|
266
299
|
@pulumi.getter(name="privateKeyId")
|
267
|
-
def private_key_id(self) -> Optional[pulumi.Input[str]]:
|
300
|
+
def private_key_id(self) -> Optional[pulumi.Input[builtins.str]]:
|
268
301
|
"""
|
269
302
|
The ID of the private key from the credentials
|
270
303
|
"""
|
271
304
|
return pulumi.get(self, "private_key_id")
|
272
305
|
|
273
306
|
@private_key_id.setter
|
274
|
-
def private_key_id(self, value: Optional[pulumi.Input[str]]):
|
307
|
+
def private_key_id(self, value: Optional[pulumi.Input[builtins.str]]):
|
275
308
|
pulumi.set(self, "private_key_id", value)
|
276
309
|
|
277
310
|
@property
|
278
311
|
@pulumi.getter(name="projectId")
|
279
|
-
def project_id(self) -> Optional[pulumi.Input[str]]:
|
312
|
+
def project_id(self) -> Optional[pulumi.Input[builtins.str]]:
|
280
313
|
"""
|
281
314
|
The GCP Project ID
|
282
315
|
"""
|
283
316
|
return pulumi.get(self, "project_id")
|
284
317
|
|
285
318
|
@project_id.setter
|
286
|
-
def project_id(self, value: Optional[pulumi.Input[str]]):
|
319
|
+
def project_id(self, value: Optional[pulumi.Input[builtins.str]]):
|
287
320
|
pulumi.set(self, "project_id", value)
|
288
321
|
|
322
|
+
@property
|
323
|
+
@pulumi.getter(name="rotationPeriod")
|
324
|
+
def rotation_period(self) -> Optional[pulumi.Input[builtins.int]]:
|
325
|
+
"""
|
326
|
+
The amount of time in seconds Vault should wait before rotating the root credential.
|
327
|
+
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
328
|
+
"""
|
329
|
+
return pulumi.get(self, "rotation_period")
|
330
|
+
|
331
|
+
@rotation_period.setter
|
332
|
+
def rotation_period(self, value: Optional[pulumi.Input[builtins.int]]):
|
333
|
+
pulumi.set(self, "rotation_period", value)
|
334
|
+
|
335
|
+
@property
|
336
|
+
@pulumi.getter(name="rotationSchedule")
|
337
|
+
def rotation_schedule(self) -> Optional[pulumi.Input[builtins.str]]:
|
338
|
+
"""
|
339
|
+
The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
340
|
+
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
341
|
+
"""
|
342
|
+
return pulumi.get(self, "rotation_schedule")
|
343
|
+
|
344
|
+
@rotation_schedule.setter
|
345
|
+
def rotation_schedule(self, value: Optional[pulumi.Input[builtins.str]]):
|
346
|
+
pulumi.set(self, "rotation_schedule", value)
|
347
|
+
|
348
|
+
@property
|
349
|
+
@pulumi.getter(name="rotationWindow")
|
350
|
+
def rotation_window(self) -> Optional[pulumi.Input[builtins.int]]:
|
351
|
+
"""
|
352
|
+
The maximum amount of time in seconds allowed to complete
|
353
|
+
a rotation when a scheduled token rotation occurs. The default rotation window is
|
354
|
+
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
|
355
|
+
"""
|
356
|
+
return pulumi.get(self, "rotation_window")
|
357
|
+
|
358
|
+
@rotation_window.setter
|
359
|
+
def rotation_window(self, value: Optional[pulumi.Input[builtins.int]]):
|
360
|
+
pulumi.set(self, "rotation_window", value)
|
361
|
+
|
289
362
|
@property
|
290
363
|
@pulumi.getter(name="serviceAccountEmail")
|
291
|
-
def service_account_email(self) -> Optional[pulumi.Input[str]]:
|
364
|
+
def service_account_email(self) -> Optional[pulumi.Input[builtins.str]]:
|
292
365
|
"""
|
293
366
|
Service Account to impersonate for plugin workload identity federation.
|
294
367
|
Required with `identity_token_audience`. Requires Vault 1.17+. *Available only for Vault Enterprise*.
|
@@ -296,7 +369,7 @@ class AuthBackendArgs:
|
|
296
369
|
return pulumi.get(self, "service_account_email")
|
297
370
|
|
298
371
|
@service_account_email.setter
|
299
|
-
def service_account_email(self, value: Optional[pulumi.Input[str]]):
|
372
|
+
def service_account_email(self, value: Optional[pulumi.Input[builtins.str]]):
|
300
373
|
pulumi.set(self, "service_account_email", value)
|
301
374
|
|
302
375
|
@property
|
@@ -317,29 +390,33 @@ class AuthBackendArgs:
|
|
317
390
|
@pulumi.input_type
|
318
391
|
class _AuthBackendState:
|
319
392
|
def __init__(__self__, *,
|
320
|
-
accessor: Optional[pulumi.Input[str]] = None,
|
321
|
-
client_email: Optional[pulumi.Input[str]] = None,
|
322
|
-
client_id: Optional[pulumi.Input[str]] = None,
|
323
|
-
credentials: Optional[pulumi.Input[str]] = None,
|
393
|
+
accessor: Optional[pulumi.Input[builtins.str]] = None,
|
394
|
+
client_email: Optional[pulumi.Input[builtins.str]] = None,
|
395
|
+
client_id: Optional[pulumi.Input[builtins.str]] = None,
|
396
|
+
credentials: Optional[pulumi.Input[builtins.str]] = None,
|
324
397
|
custom_endpoint: Optional[pulumi.Input['AuthBackendCustomEndpointArgs']] = None,
|
325
|
-
description: Optional[pulumi.Input[str]] = None,
|
326
|
-
|
327
|
-
|
328
|
-
|
329
|
-
|
330
|
-
|
331
|
-
|
332
|
-
|
333
|
-
|
334
|
-
|
335
|
-
|
398
|
+
description: Optional[pulumi.Input[builtins.str]] = None,
|
399
|
+
disable_automated_rotation: Optional[pulumi.Input[builtins.bool]] = None,
|
400
|
+
disable_remount: Optional[pulumi.Input[builtins.bool]] = None,
|
401
|
+
identity_token_audience: Optional[pulumi.Input[builtins.str]] = None,
|
402
|
+
identity_token_key: Optional[pulumi.Input[builtins.str]] = None,
|
403
|
+
identity_token_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
404
|
+
local: Optional[pulumi.Input[builtins.bool]] = None,
|
405
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
406
|
+
path: Optional[pulumi.Input[builtins.str]] = None,
|
407
|
+
private_key_id: Optional[pulumi.Input[builtins.str]] = None,
|
408
|
+
project_id: Optional[pulumi.Input[builtins.str]] = None,
|
409
|
+
rotation_period: Optional[pulumi.Input[builtins.int]] = None,
|
410
|
+
rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
|
411
|
+
rotation_window: Optional[pulumi.Input[builtins.int]] = None,
|
412
|
+
service_account_email: Optional[pulumi.Input[builtins.str]] = None,
|
336
413
|
tune: Optional[pulumi.Input['AuthBackendTuneArgs']] = None):
|
337
414
|
"""
|
338
415
|
Input properties used for looking up and filtering AuthBackend resources.
|
339
|
-
:param pulumi.Input[str] accessor: The mount accessor related to the auth mount. It is useful for integration with [Identity Secrets Engine](https://www.vaultproject.io/docs/secrets/identity/index.html).
|
340
|
-
:param pulumi.Input[str] client_email: The clients email associated with the credentials
|
341
|
-
:param pulumi.Input[str] client_id: The Client ID of the credentials
|
342
|
-
:param pulumi.Input[str] credentials: A JSON string containing the contents of a GCP credentials file. If this value is empty, Vault will try to use Application Default Credentials from the machine on which the Vault server is running.
|
416
|
+
:param pulumi.Input[builtins.str] accessor: The mount accessor related to the auth mount. It is useful for integration with [Identity Secrets Engine](https://www.vaultproject.io/docs/secrets/identity/index.html).
|
417
|
+
:param pulumi.Input[builtins.str] client_email: The clients email associated with the credentials
|
418
|
+
:param pulumi.Input[builtins.str] client_id: The Client ID of the credentials
|
419
|
+
:param pulumi.Input[builtins.str] credentials: A JSON string containing the contents of a GCP credentials file. If this value is empty, Vault will try to use Application Default Credentials from the machine on which the Vault server is running.
|
343
420
|
:param pulumi.Input['AuthBackendCustomEndpointArgs'] custom_endpoint: Specifies overrides to
|
344
421
|
[service endpoints](https://cloud.google.com/apis/design/glossary#api_service_endpoint)
|
345
422
|
used when making API requests. This allows specific requests made during authentication
|
@@ -347,24 +424,32 @@ class _AuthBackendState:
|
|
347
424
|
environments. Requires Vault 1.11+.
|
348
425
|
|
349
426
|
Overrides are set at the subdomain level using the following keys:
|
350
|
-
:param pulumi.Input[str] description: A description of the auth method.
|
351
|
-
:param pulumi.Input[bool]
|
427
|
+
:param pulumi.Input[builtins.str] description: A description of the auth method.
|
428
|
+
:param pulumi.Input[builtins.bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
429
|
+
:param pulumi.Input[builtins.bool] disable_remount: If set, opts out of mount migration on path updates.
|
352
430
|
See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
|
353
|
-
:param pulumi.Input[str] identity_token_audience: The audience claim value for plugin identity
|
431
|
+
:param pulumi.Input[builtins.str] identity_token_audience: The audience claim value for plugin identity
|
354
432
|
tokens. Must match an allowed audience configured for the target [Workload Identity Pool](https://cloud.google.com/iam/docs/workload-identity-federation-with-other-providers#prepare).
|
355
433
|
Mutually exclusive with `credentials`. Requires Vault 1.17+. *Available only for Vault Enterprise*.
|
356
|
-
:param pulumi.Input[str] identity_token_key: The key to use for signing plugin identity
|
434
|
+
:param pulumi.Input[builtins.str] identity_token_key: The key to use for signing plugin identity
|
357
435
|
tokens. Requires Vault 1.17+. *Available only for Vault Enterprise*.
|
358
|
-
:param pulumi.Input[int] identity_token_ttl: The TTL of generated tokens.
|
359
|
-
:param pulumi.Input[bool] local: Specifies if the auth method is local only.
|
360
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
436
|
+
:param pulumi.Input[builtins.int] identity_token_ttl: The TTL of generated tokens.
|
437
|
+
:param pulumi.Input[builtins.bool] local: Specifies if the auth method is local only.
|
438
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
361
439
|
The value should not contain leading or trailing forward slashes.
|
362
440
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
363
441
|
*Available only for Vault Enterprise*.
|
364
|
-
:param pulumi.Input[str] path: The path to mount the auth method — this defaults to 'gcp'.
|
365
|
-
:param pulumi.Input[str] private_key_id: The ID of the private key from the credentials
|
366
|
-
:param pulumi.Input[str] project_id: The GCP Project ID
|
367
|
-
:param pulumi.Input[
|
442
|
+
:param pulumi.Input[builtins.str] path: The path to mount the auth method — this defaults to 'gcp'.
|
443
|
+
:param pulumi.Input[builtins.str] private_key_id: The ID of the private key from the credentials
|
444
|
+
:param pulumi.Input[builtins.str] project_id: The GCP Project ID
|
445
|
+
:param pulumi.Input[builtins.int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
|
446
|
+
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
447
|
+
:param pulumi.Input[builtins.str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
448
|
+
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
449
|
+
:param pulumi.Input[builtins.int] rotation_window: The maximum amount of time in seconds allowed to complete
|
450
|
+
a rotation when a scheduled token rotation occurs. The default rotation window is
|
451
|
+
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
|
452
|
+
:param pulumi.Input[builtins.str] service_account_email: Service Account to impersonate for plugin workload identity federation.
|
368
453
|
Required with `identity_token_audience`. Requires Vault 1.17+. *Available only for Vault Enterprise*.
|
369
454
|
:param pulumi.Input['AuthBackendTuneArgs'] tune: Extra configuration block. Structure is documented below.
|
370
455
|
|
@@ -382,6 +467,8 @@ class _AuthBackendState:
|
|
382
467
|
pulumi.set(__self__, "custom_endpoint", custom_endpoint)
|
383
468
|
if description is not None:
|
384
469
|
pulumi.set(__self__, "description", description)
|
470
|
+
if disable_automated_rotation is not None:
|
471
|
+
pulumi.set(__self__, "disable_automated_rotation", disable_automated_rotation)
|
385
472
|
if disable_remount is not None:
|
386
473
|
pulumi.set(__self__, "disable_remount", disable_remount)
|
387
474
|
if identity_token_audience is not None:
|
@@ -400,6 +487,12 @@ class _AuthBackendState:
|
|
400
487
|
pulumi.set(__self__, "private_key_id", private_key_id)
|
401
488
|
if project_id is not None:
|
402
489
|
pulumi.set(__self__, "project_id", project_id)
|
490
|
+
if rotation_period is not None:
|
491
|
+
pulumi.set(__self__, "rotation_period", rotation_period)
|
492
|
+
if rotation_schedule is not None:
|
493
|
+
pulumi.set(__self__, "rotation_schedule", rotation_schedule)
|
494
|
+
if rotation_window is not None:
|
495
|
+
pulumi.set(__self__, "rotation_window", rotation_window)
|
403
496
|
if service_account_email is not None:
|
404
497
|
pulumi.set(__self__, "service_account_email", service_account_email)
|
405
498
|
if tune is not None:
|
@@ -407,50 +500,50 @@ class _AuthBackendState:
|
|
407
500
|
|
408
501
|
@property
|
409
502
|
@pulumi.getter
|
410
|
-
def accessor(self) -> Optional[pulumi.Input[str]]:
|
503
|
+
def accessor(self) -> Optional[pulumi.Input[builtins.str]]:
|
411
504
|
"""
|
412
505
|
The mount accessor related to the auth mount. It is useful for integration with [Identity Secrets Engine](https://www.vaultproject.io/docs/secrets/identity/index.html).
|
413
506
|
"""
|
414
507
|
return pulumi.get(self, "accessor")
|
415
508
|
|
416
509
|
@accessor.setter
|
417
|
-
def accessor(self, value: Optional[pulumi.Input[str]]):
|
510
|
+
def accessor(self, value: Optional[pulumi.Input[builtins.str]]):
|
418
511
|
pulumi.set(self, "accessor", value)
|
419
512
|
|
420
513
|
@property
|
421
514
|
@pulumi.getter(name="clientEmail")
|
422
|
-
def client_email(self) -> Optional[pulumi.Input[str]]:
|
515
|
+
def client_email(self) -> Optional[pulumi.Input[builtins.str]]:
|
423
516
|
"""
|
424
517
|
The clients email associated with the credentials
|
425
518
|
"""
|
426
519
|
return pulumi.get(self, "client_email")
|
427
520
|
|
428
521
|
@client_email.setter
|
429
|
-
def client_email(self, value: Optional[pulumi.Input[str]]):
|
522
|
+
def client_email(self, value: Optional[pulumi.Input[builtins.str]]):
|
430
523
|
pulumi.set(self, "client_email", value)
|
431
524
|
|
432
525
|
@property
|
433
526
|
@pulumi.getter(name="clientId")
|
434
|
-
def client_id(self) -> Optional[pulumi.Input[str]]:
|
527
|
+
def client_id(self) -> Optional[pulumi.Input[builtins.str]]:
|
435
528
|
"""
|
436
529
|
The Client ID of the credentials
|
437
530
|
"""
|
438
531
|
return pulumi.get(self, "client_id")
|
439
532
|
|
440
533
|
@client_id.setter
|
441
|
-
def client_id(self, value: Optional[pulumi.Input[str]]):
|
534
|
+
def client_id(self, value: Optional[pulumi.Input[builtins.str]]):
|
442
535
|
pulumi.set(self, "client_id", value)
|
443
536
|
|
444
537
|
@property
|
445
538
|
@pulumi.getter
|
446
|
-
def credentials(self) -> Optional[pulumi.Input[str]]:
|
539
|
+
def credentials(self) -> Optional[pulumi.Input[builtins.str]]:
|
447
540
|
"""
|
448
541
|
A JSON string containing the contents of a GCP credentials file. If this value is empty, Vault will try to use Application Default Credentials from the machine on which the Vault server is running.
|
449
542
|
"""
|
450
543
|
return pulumi.get(self, "credentials")
|
451
544
|
|
452
545
|
@credentials.setter
|
453
|
-
def credentials(self, value: Optional[pulumi.Input[str]]):
|
546
|
+
def credentials(self, value: Optional[pulumi.Input[builtins.str]]):
|
454
547
|
pulumi.set(self, "credentials", value)
|
455
548
|
|
456
549
|
@property
|
@@ -473,19 +566,31 @@ class _AuthBackendState:
|
|
473
566
|
|
474
567
|
@property
|
475
568
|
@pulumi.getter
|
476
|
-
def description(self) -> Optional[pulumi.Input[str]]:
|
569
|
+
def description(self) -> Optional[pulumi.Input[builtins.str]]:
|
477
570
|
"""
|
478
571
|
A description of the auth method.
|
479
572
|
"""
|
480
573
|
return pulumi.get(self, "description")
|
481
574
|
|
482
575
|
@description.setter
|
483
|
-
def description(self, value: Optional[pulumi.Input[str]]):
|
576
|
+
def description(self, value: Optional[pulumi.Input[builtins.str]]):
|
484
577
|
pulumi.set(self, "description", value)
|
485
578
|
|
579
|
+
@property
|
580
|
+
@pulumi.getter(name="disableAutomatedRotation")
|
581
|
+
def disable_automated_rotation(self) -> Optional[pulumi.Input[builtins.bool]]:
|
582
|
+
"""
|
583
|
+
Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
584
|
+
"""
|
585
|
+
return pulumi.get(self, "disable_automated_rotation")
|
586
|
+
|
587
|
+
@disable_automated_rotation.setter
|
588
|
+
def disable_automated_rotation(self, value: Optional[pulumi.Input[builtins.bool]]):
|
589
|
+
pulumi.set(self, "disable_automated_rotation", value)
|
590
|
+
|
486
591
|
@property
|
487
592
|
@pulumi.getter(name="disableRemount")
|
488
|
-
def disable_remount(self) -> Optional[pulumi.Input[bool]]:
|
593
|
+
def disable_remount(self) -> Optional[pulumi.Input[builtins.bool]]:
|
489
594
|
"""
|
490
595
|
If set, opts out of mount migration on path updates.
|
491
596
|
See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
|
@@ -493,12 +598,12 @@ class _AuthBackendState:
|
|
493
598
|
return pulumi.get(self, "disable_remount")
|
494
599
|
|
495
600
|
@disable_remount.setter
|
496
|
-
def disable_remount(self, value: Optional[pulumi.Input[bool]]):
|
601
|
+
def disable_remount(self, value: Optional[pulumi.Input[builtins.bool]]):
|
497
602
|
pulumi.set(self, "disable_remount", value)
|
498
603
|
|
499
604
|
@property
|
500
605
|
@pulumi.getter(name="identityTokenAudience")
|
501
|
-
def identity_token_audience(self) -> Optional[pulumi.Input[str]]:
|
606
|
+
def identity_token_audience(self) -> Optional[pulumi.Input[builtins.str]]:
|
502
607
|
"""
|
503
608
|
The audience claim value for plugin identity
|
504
609
|
tokens. Must match an allowed audience configured for the target [Workload Identity Pool](https://cloud.google.com/iam/docs/workload-identity-federation-with-other-providers#prepare).
|
@@ -507,12 +612,12 @@ class _AuthBackendState:
|
|
507
612
|
return pulumi.get(self, "identity_token_audience")
|
508
613
|
|
509
614
|
@identity_token_audience.setter
|
510
|
-
def identity_token_audience(self, value: Optional[pulumi.Input[str]]):
|
615
|
+
def identity_token_audience(self, value: Optional[pulumi.Input[builtins.str]]):
|
511
616
|
pulumi.set(self, "identity_token_audience", value)
|
512
617
|
|
513
618
|
@property
|
514
619
|
@pulumi.getter(name="identityTokenKey")
|
515
|
-
def identity_token_key(self) -> Optional[pulumi.Input[str]]:
|
620
|
+
def identity_token_key(self) -> Optional[pulumi.Input[builtins.str]]:
|
516
621
|
"""
|
517
622
|
The key to use for signing plugin identity
|
518
623
|
tokens. Requires Vault 1.17+. *Available only for Vault Enterprise*.
|
@@ -520,36 +625,36 @@ class _AuthBackendState:
|
|
520
625
|
return pulumi.get(self, "identity_token_key")
|
521
626
|
|
522
627
|
@identity_token_key.setter
|
523
|
-
def identity_token_key(self, value: Optional[pulumi.Input[str]]):
|
628
|
+
def identity_token_key(self, value: Optional[pulumi.Input[builtins.str]]):
|
524
629
|
pulumi.set(self, "identity_token_key", value)
|
525
630
|
|
526
631
|
@property
|
527
632
|
@pulumi.getter(name="identityTokenTtl")
|
528
|
-
def identity_token_ttl(self) -> Optional[pulumi.Input[int]]:
|
633
|
+
def identity_token_ttl(self) -> Optional[pulumi.Input[builtins.int]]:
|
529
634
|
"""
|
530
635
|
The TTL of generated tokens.
|
531
636
|
"""
|
532
637
|
return pulumi.get(self, "identity_token_ttl")
|
533
638
|
|
534
639
|
@identity_token_ttl.setter
|
535
|
-
def identity_token_ttl(self, value: Optional[pulumi.Input[int]]):
|
640
|
+
def identity_token_ttl(self, value: Optional[pulumi.Input[builtins.int]]):
|
536
641
|
pulumi.set(self, "identity_token_ttl", value)
|
537
642
|
|
538
643
|
@property
|
539
644
|
@pulumi.getter
|
540
|
-
def local(self) -> Optional[pulumi.Input[bool]]:
|
645
|
+
def local(self) -> Optional[pulumi.Input[builtins.bool]]:
|
541
646
|
"""
|
542
647
|
Specifies if the auth method is local only.
|
543
648
|
"""
|
544
649
|
return pulumi.get(self, "local")
|
545
650
|
|
546
651
|
@local.setter
|
547
|
-
def local(self, value: Optional[pulumi.Input[bool]]):
|
652
|
+
def local(self, value: Optional[pulumi.Input[builtins.bool]]):
|
548
653
|
pulumi.set(self, "local", value)
|
549
654
|
|
550
655
|
@property
|
551
656
|
@pulumi.getter
|
552
|
-
def namespace(self) -> Optional[pulumi.Input[str]]:
|
657
|
+
def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
|
553
658
|
"""
|
554
659
|
The namespace to provision the resource in.
|
555
660
|
The value should not contain leading or trailing forward slashes.
|
@@ -559,48 +664,88 @@ class _AuthBackendState:
|
|
559
664
|
return pulumi.get(self, "namespace")
|
560
665
|
|
561
666
|
@namespace.setter
|
562
|
-
def namespace(self, value: Optional[pulumi.Input[str]]):
|
667
|
+
def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
|
563
668
|
pulumi.set(self, "namespace", value)
|
564
669
|
|
565
670
|
@property
|
566
671
|
@pulumi.getter
|
567
|
-
def path(self) -> Optional[pulumi.Input[str]]:
|
672
|
+
def path(self) -> Optional[pulumi.Input[builtins.str]]:
|
568
673
|
"""
|
569
674
|
The path to mount the auth method — this defaults to 'gcp'.
|
570
675
|
"""
|
571
676
|
return pulumi.get(self, "path")
|
572
677
|
|
573
678
|
@path.setter
|
574
|
-
def path(self, value: Optional[pulumi.Input[str]]):
|
679
|
+
def path(self, value: Optional[pulumi.Input[builtins.str]]):
|
575
680
|
pulumi.set(self, "path", value)
|
576
681
|
|
577
682
|
@property
|
578
683
|
@pulumi.getter(name="privateKeyId")
|
579
|
-
def private_key_id(self) -> Optional[pulumi.Input[str]]:
|
684
|
+
def private_key_id(self) -> Optional[pulumi.Input[builtins.str]]:
|
580
685
|
"""
|
581
686
|
The ID of the private key from the credentials
|
582
687
|
"""
|
583
688
|
return pulumi.get(self, "private_key_id")
|
584
689
|
|
585
690
|
@private_key_id.setter
|
586
|
-
def private_key_id(self, value: Optional[pulumi.Input[str]]):
|
691
|
+
def private_key_id(self, value: Optional[pulumi.Input[builtins.str]]):
|
587
692
|
pulumi.set(self, "private_key_id", value)
|
588
693
|
|
589
694
|
@property
|
590
695
|
@pulumi.getter(name="projectId")
|
591
|
-
def project_id(self) -> Optional[pulumi.Input[str]]:
|
696
|
+
def project_id(self) -> Optional[pulumi.Input[builtins.str]]:
|
592
697
|
"""
|
593
698
|
The GCP Project ID
|
594
699
|
"""
|
595
700
|
return pulumi.get(self, "project_id")
|
596
701
|
|
597
702
|
@project_id.setter
|
598
|
-
def project_id(self, value: Optional[pulumi.Input[str]]):
|
703
|
+
def project_id(self, value: Optional[pulumi.Input[builtins.str]]):
|
599
704
|
pulumi.set(self, "project_id", value)
|
600
705
|
|
706
|
+
@property
|
707
|
+
@pulumi.getter(name="rotationPeriod")
|
708
|
+
def rotation_period(self) -> Optional[pulumi.Input[builtins.int]]:
|
709
|
+
"""
|
710
|
+
The amount of time in seconds Vault should wait before rotating the root credential.
|
711
|
+
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
712
|
+
"""
|
713
|
+
return pulumi.get(self, "rotation_period")
|
714
|
+
|
715
|
+
@rotation_period.setter
|
716
|
+
def rotation_period(self, value: Optional[pulumi.Input[builtins.int]]):
|
717
|
+
pulumi.set(self, "rotation_period", value)
|
718
|
+
|
719
|
+
@property
|
720
|
+
@pulumi.getter(name="rotationSchedule")
|
721
|
+
def rotation_schedule(self) -> Optional[pulumi.Input[builtins.str]]:
|
722
|
+
"""
|
723
|
+
The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
724
|
+
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
725
|
+
"""
|
726
|
+
return pulumi.get(self, "rotation_schedule")
|
727
|
+
|
728
|
+
@rotation_schedule.setter
|
729
|
+
def rotation_schedule(self, value: Optional[pulumi.Input[builtins.str]]):
|
730
|
+
pulumi.set(self, "rotation_schedule", value)
|
731
|
+
|
732
|
+
@property
|
733
|
+
@pulumi.getter(name="rotationWindow")
|
734
|
+
def rotation_window(self) -> Optional[pulumi.Input[builtins.int]]:
|
735
|
+
"""
|
736
|
+
The maximum amount of time in seconds allowed to complete
|
737
|
+
a rotation when a scheduled token rotation occurs. The default rotation window is
|
738
|
+
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
|
739
|
+
"""
|
740
|
+
return pulumi.get(self, "rotation_window")
|
741
|
+
|
742
|
+
@rotation_window.setter
|
743
|
+
def rotation_window(self, value: Optional[pulumi.Input[builtins.int]]):
|
744
|
+
pulumi.set(self, "rotation_window", value)
|
745
|
+
|
601
746
|
@property
|
602
747
|
@pulumi.getter(name="serviceAccountEmail")
|
603
|
-
def service_account_email(self) -> Optional[pulumi.Input[str]]:
|
748
|
+
def service_account_email(self) -> Optional[pulumi.Input[builtins.str]]:
|
604
749
|
"""
|
605
750
|
Service Account to impersonate for plugin workload identity federation.
|
606
751
|
Required with `identity_token_audience`. Requires Vault 1.17+. *Available only for Vault Enterprise*.
|
@@ -608,7 +753,7 @@ class _AuthBackendState:
|
|
608
753
|
return pulumi.get(self, "service_account_email")
|
609
754
|
|
610
755
|
@service_account_email.setter
|
611
|
-
def service_account_email(self, value: Optional[pulumi.Input[str]]):
|
756
|
+
def service_account_email(self, value: Optional[pulumi.Input[builtins.str]]):
|
612
757
|
pulumi.set(self, "service_account_email", value)
|
613
758
|
|
614
759
|
@property
|
@@ -631,21 +776,25 @@ class AuthBackend(pulumi.CustomResource):
|
|
631
776
|
def __init__(__self__,
|
632
777
|
resource_name: str,
|
633
778
|
opts: Optional[pulumi.ResourceOptions] = None,
|
634
|
-
client_email: Optional[pulumi.Input[str]] = None,
|
635
|
-
client_id: Optional[pulumi.Input[str]] = None,
|
636
|
-
credentials: Optional[pulumi.Input[str]] = None,
|
779
|
+
client_email: Optional[pulumi.Input[builtins.str]] = None,
|
780
|
+
client_id: Optional[pulumi.Input[builtins.str]] = None,
|
781
|
+
credentials: Optional[pulumi.Input[builtins.str]] = None,
|
637
782
|
custom_endpoint: Optional[pulumi.Input[Union['AuthBackendCustomEndpointArgs', 'AuthBackendCustomEndpointArgsDict']]] = None,
|
638
|
-
description: Optional[pulumi.Input[str]] = None,
|
639
|
-
|
640
|
-
|
641
|
-
|
642
|
-
|
643
|
-
|
644
|
-
|
645
|
-
|
646
|
-
|
647
|
-
|
648
|
-
|
783
|
+
description: Optional[pulumi.Input[builtins.str]] = None,
|
784
|
+
disable_automated_rotation: Optional[pulumi.Input[builtins.bool]] = None,
|
785
|
+
disable_remount: Optional[pulumi.Input[builtins.bool]] = None,
|
786
|
+
identity_token_audience: Optional[pulumi.Input[builtins.str]] = None,
|
787
|
+
identity_token_key: Optional[pulumi.Input[builtins.str]] = None,
|
788
|
+
identity_token_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
789
|
+
local: Optional[pulumi.Input[builtins.bool]] = None,
|
790
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
791
|
+
path: Optional[pulumi.Input[builtins.str]] = None,
|
792
|
+
private_key_id: Optional[pulumi.Input[builtins.str]] = None,
|
793
|
+
project_id: Optional[pulumi.Input[builtins.str]] = None,
|
794
|
+
rotation_period: Optional[pulumi.Input[builtins.int]] = None,
|
795
|
+
rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
|
796
|
+
rotation_window: Optional[pulumi.Input[builtins.int]] = None,
|
797
|
+
service_account_email: Optional[pulumi.Input[builtins.str]] = None,
|
649
798
|
tune: Optional[pulumi.Input[Union['AuthBackendTuneArgs', 'AuthBackendTuneArgsDict']]] = None,
|
650
799
|
__props__=None):
|
651
800
|
"""
|
@@ -662,7 +811,9 @@ class AuthBackend(pulumi.CustomResource):
|
|
662
811
|
identity_token_key="example-key",
|
663
812
|
identity_token_ttl=1800,
|
664
813
|
identity_token_audience="<TOKEN_AUDIENCE>",
|
665
|
-
service_account_email="<SERVICE_ACCOUNT_EMAIL>"
|
814
|
+
service_account_email="<SERVICE_ACCOUNT_EMAIL>",
|
815
|
+
rotation_schedule="0 * * * SAT",
|
816
|
+
rotation_window=3600)
|
666
817
|
```
|
667
818
|
|
668
819
|
## Import
|
@@ -675,9 +826,9 @@ class AuthBackend(pulumi.CustomResource):
|
|
675
826
|
|
676
827
|
:param str resource_name: The name of the resource.
|
677
828
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
678
|
-
:param pulumi.Input[str] client_email: The clients email associated with the credentials
|
679
|
-
:param pulumi.Input[str] client_id: The Client ID of the credentials
|
680
|
-
:param pulumi.Input[str] credentials: A JSON string containing the contents of a GCP credentials file. If this value is empty, Vault will try to use Application Default Credentials from the machine on which the Vault server is running.
|
829
|
+
:param pulumi.Input[builtins.str] client_email: The clients email associated with the credentials
|
830
|
+
:param pulumi.Input[builtins.str] client_id: The Client ID of the credentials
|
831
|
+
:param pulumi.Input[builtins.str] credentials: A JSON string containing the contents of a GCP credentials file. If this value is empty, Vault will try to use Application Default Credentials from the machine on which the Vault server is running.
|
681
832
|
:param pulumi.Input[Union['AuthBackendCustomEndpointArgs', 'AuthBackendCustomEndpointArgsDict']] custom_endpoint: Specifies overrides to
|
682
833
|
[service endpoints](https://cloud.google.com/apis/design/glossary#api_service_endpoint)
|
683
834
|
used when making API requests. This allows specific requests made during authentication
|
@@ -685,24 +836,32 @@ class AuthBackend(pulumi.CustomResource):
|
|
685
836
|
environments. Requires Vault 1.11+.
|
686
837
|
|
687
838
|
Overrides are set at the subdomain level using the following keys:
|
688
|
-
:param pulumi.Input[str] description: A description of the auth method.
|
689
|
-
:param pulumi.Input[bool]
|
839
|
+
:param pulumi.Input[builtins.str] description: A description of the auth method.
|
840
|
+
:param pulumi.Input[builtins.bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
841
|
+
:param pulumi.Input[builtins.bool] disable_remount: If set, opts out of mount migration on path updates.
|
690
842
|
See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
|
691
|
-
:param pulumi.Input[str] identity_token_audience: The audience claim value for plugin identity
|
843
|
+
:param pulumi.Input[builtins.str] identity_token_audience: The audience claim value for plugin identity
|
692
844
|
tokens. Must match an allowed audience configured for the target [Workload Identity Pool](https://cloud.google.com/iam/docs/workload-identity-federation-with-other-providers#prepare).
|
693
845
|
Mutually exclusive with `credentials`. Requires Vault 1.17+. *Available only for Vault Enterprise*.
|
694
|
-
:param pulumi.Input[str] identity_token_key: The key to use for signing plugin identity
|
846
|
+
:param pulumi.Input[builtins.str] identity_token_key: The key to use for signing plugin identity
|
695
847
|
tokens. Requires Vault 1.17+. *Available only for Vault Enterprise*.
|
696
|
-
:param pulumi.Input[int] identity_token_ttl: The TTL of generated tokens.
|
697
|
-
:param pulumi.Input[bool] local: Specifies if the auth method is local only.
|
698
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
848
|
+
:param pulumi.Input[builtins.int] identity_token_ttl: The TTL of generated tokens.
|
849
|
+
:param pulumi.Input[builtins.bool] local: Specifies if the auth method is local only.
|
850
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
699
851
|
The value should not contain leading or trailing forward slashes.
|
700
852
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
701
853
|
*Available only for Vault Enterprise*.
|
702
|
-
:param pulumi.Input[str] path: The path to mount the auth method — this defaults to 'gcp'.
|
703
|
-
:param pulumi.Input[str] private_key_id: The ID of the private key from the credentials
|
704
|
-
:param pulumi.Input[str] project_id: The GCP Project ID
|
705
|
-
:param pulumi.Input[
|
854
|
+
:param pulumi.Input[builtins.str] path: The path to mount the auth method — this defaults to 'gcp'.
|
855
|
+
:param pulumi.Input[builtins.str] private_key_id: The ID of the private key from the credentials
|
856
|
+
:param pulumi.Input[builtins.str] project_id: The GCP Project ID
|
857
|
+
:param pulumi.Input[builtins.int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
|
858
|
+
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
859
|
+
:param pulumi.Input[builtins.str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
860
|
+
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
861
|
+
:param pulumi.Input[builtins.int] rotation_window: The maximum amount of time in seconds allowed to complete
|
862
|
+
a rotation when a scheduled token rotation occurs. The default rotation window is
|
863
|
+
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
|
864
|
+
:param pulumi.Input[builtins.str] service_account_email: Service Account to impersonate for plugin workload identity federation.
|
706
865
|
Required with `identity_token_audience`. Requires Vault 1.17+. *Available only for Vault Enterprise*.
|
707
866
|
:param pulumi.Input[Union['AuthBackendTuneArgs', 'AuthBackendTuneArgsDict']] tune: Extra configuration block. Structure is documented below.
|
708
867
|
|
@@ -728,7 +887,9 @@ class AuthBackend(pulumi.CustomResource):
|
|
728
887
|
identity_token_key="example-key",
|
729
888
|
identity_token_ttl=1800,
|
730
889
|
identity_token_audience="<TOKEN_AUDIENCE>",
|
731
|
-
service_account_email="<SERVICE_ACCOUNT_EMAIL>"
|
890
|
+
service_account_email="<SERVICE_ACCOUNT_EMAIL>",
|
891
|
+
rotation_schedule="0 * * * SAT",
|
892
|
+
rotation_window=3600)
|
732
893
|
```
|
733
894
|
|
734
895
|
## Import
|
@@ -754,21 +915,25 @@ class AuthBackend(pulumi.CustomResource):
|
|
754
915
|
def _internal_init(__self__,
|
755
916
|
resource_name: str,
|
756
917
|
opts: Optional[pulumi.ResourceOptions] = None,
|
757
|
-
client_email: Optional[pulumi.Input[str]] = None,
|
758
|
-
client_id: Optional[pulumi.Input[str]] = None,
|
759
|
-
credentials: Optional[pulumi.Input[str]] = None,
|
918
|
+
client_email: Optional[pulumi.Input[builtins.str]] = None,
|
919
|
+
client_id: Optional[pulumi.Input[builtins.str]] = None,
|
920
|
+
credentials: Optional[pulumi.Input[builtins.str]] = None,
|
760
921
|
custom_endpoint: Optional[pulumi.Input[Union['AuthBackendCustomEndpointArgs', 'AuthBackendCustomEndpointArgsDict']]] = None,
|
761
|
-
description: Optional[pulumi.Input[str]] = None,
|
762
|
-
|
763
|
-
|
764
|
-
|
765
|
-
|
766
|
-
|
767
|
-
|
768
|
-
|
769
|
-
|
770
|
-
|
771
|
-
|
922
|
+
description: Optional[pulumi.Input[builtins.str]] = None,
|
923
|
+
disable_automated_rotation: Optional[pulumi.Input[builtins.bool]] = None,
|
924
|
+
disable_remount: Optional[pulumi.Input[builtins.bool]] = None,
|
925
|
+
identity_token_audience: Optional[pulumi.Input[builtins.str]] = None,
|
926
|
+
identity_token_key: Optional[pulumi.Input[builtins.str]] = None,
|
927
|
+
identity_token_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
928
|
+
local: Optional[pulumi.Input[builtins.bool]] = None,
|
929
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
930
|
+
path: Optional[pulumi.Input[builtins.str]] = None,
|
931
|
+
private_key_id: Optional[pulumi.Input[builtins.str]] = None,
|
932
|
+
project_id: Optional[pulumi.Input[builtins.str]] = None,
|
933
|
+
rotation_period: Optional[pulumi.Input[builtins.int]] = None,
|
934
|
+
rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
|
935
|
+
rotation_window: Optional[pulumi.Input[builtins.int]] = None,
|
936
|
+
service_account_email: Optional[pulumi.Input[builtins.str]] = None,
|
772
937
|
tune: Optional[pulumi.Input[Union['AuthBackendTuneArgs', 'AuthBackendTuneArgsDict']]] = None,
|
773
938
|
__props__=None):
|
774
939
|
opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
|
@@ -784,6 +949,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
784
949
|
__props__.__dict__["credentials"] = None if credentials is None else pulumi.Output.secret(credentials)
|
785
950
|
__props__.__dict__["custom_endpoint"] = custom_endpoint
|
786
951
|
__props__.__dict__["description"] = description
|
952
|
+
__props__.__dict__["disable_automated_rotation"] = disable_automated_rotation
|
787
953
|
__props__.__dict__["disable_remount"] = disable_remount
|
788
954
|
__props__.__dict__["identity_token_audience"] = identity_token_audience
|
789
955
|
__props__.__dict__["identity_token_key"] = identity_token_key
|
@@ -793,6 +959,9 @@ class AuthBackend(pulumi.CustomResource):
|
|
793
959
|
__props__.__dict__["path"] = path
|
794
960
|
__props__.__dict__["private_key_id"] = private_key_id
|
795
961
|
__props__.__dict__["project_id"] = project_id
|
962
|
+
__props__.__dict__["rotation_period"] = rotation_period
|
963
|
+
__props__.__dict__["rotation_schedule"] = rotation_schedule
|
964
|
+
__props__.__dict__["rotation_window"] = rotation_window
|
796
965
|
__props__.__dict__["service_account_email"] = service_account_email
|
797
966
|
__props__.__dict__["tune"] = tune
|
798
967
|
__props__.__dict__["accessor"] = None
|
@@ -808,22 +977,26 @@ class AuthBackend(pulumi.CustomResource):
|
|
808
977
|
def get(resource_name: str,
|
809
978
|
id: pulumi.Input[str],
|
810
979
|
opts: Optional[pulumi.ResourceOptions] = None,
|
811
|
-
accessor: Optional[pulumi.Input[str]] = None,
|
812
|
-
client_email: Optional[pulumi.Input[str]] = None,
|
813
|
-
client_id: Optional[pulumi.Input[str]] = None,
|
814
|
-
credentials: Optional[pulumi.Input[str]] = None,
|
980
|
+
accessor: Optional[pulumi.Input[builtins.str]] = None,
|
981
|
+
client_email: Optional[pulumi.Input[builtins.str]] = None,
|
982
|
+
client_id: Optional[pulumi.Input[builtins.str]] = None,
|
983
|
+
credentials: Optional[pulumi.Input[builtins.str]] = None,
|
815
984
|
custom_endpoint: Optional[pulumi.Input[Union['AuthBackendCustomEndpointArgs', 'AuthBackendCustomEndpointArgsDict']]] = None,
|
816
|
-
description: Optional[pulumi.Input[str]] = None,
|
817
|
-
|
818
|
-
|
819
|
-
|
820
|
-
|
821
|
-
|
822
|
-
|
823
|
-
|
824
|
-
|
825
|
-
|
826
|
-
|
985
|
+
description: Optional[pulumi.Input[builtins.str]] = None,
|
986
|
+
disable_automated_rotation: Optional[pulumi.Input[builtins.bool]] = None,
|
987
|
+
disable_remount: Optional[pulumi.Input[builtins.bool]] = None,
|
988
|
+
identity_token_audience: Optional[pulumi.Input[builtins.str]] = None,
|
989
|
+
identity_token_key: Optional[pulumi.Input[builtins.str]] = None,
|
990
|
+
identity_token_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
991
|
+
local: Optional[pulumi.Input[builtins.bool]] = None,
|
992
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
993
|
+
path: Optional[pulumi.Input[builtins.str]] = None,
|
994
|
+
private_key_id: Optional[pulumi.Input[builtins.str]] = None,
|
995
|
+
project_id: Optional[pulumi.Input[builtins.str]] = None,
|
996
|
+
rotation_period: Optional[pulumi.Input[builtins.int]] = None,
|
997
|
+
rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
|
998
|
+
rotation_window: Optional[pulumi.Input[builtins.int]] = None,
|
999
|
+
service_account_email: Optional[pulumi.Input[builtins.str]] = None,
|
827
1000
|
tune: Optional[pulumi.Input[Union['AuthBackendTuneArgs', 'AuthBackendTuneArgsDict']]] = None) -> 'AuthBackend':
|
828
1001
|
"""
|
829
1002
|
Get an existing AuthBackend resource's state with the given name, id, and optional extra
|
@@ -832,10 +1005,10 @@ class AuthBackend(pulumi.CustomResource):
|
|
832
1005
|
:param str resource_name: The unique name of the resulting resource.
|
833
1006
|
:param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
|
834
1007
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
835
|
-
:param pulumi.Input[str] accessor: The mount accessor related to the auth mount. It is useful for integration with [Identity Secrets Engine](https://www.vaultproject.io/docs/secrets/identity/index.html).
|
836
|
-
:param pulumi.Input[str] client_email: The clients email associated with the credentials
|
837
|
-
:param pulumi.Input[str] client_id: The Client ID of the credentials
|
838
|
-
:param pulumi.Input[str] credentials: A JSON string containing the contents of a GCP credentials file. If this value is empty, Vault will try to use Application Default Credentials from the machine on which the Vault server is running.
|
1008
|
+
:param pulumi.Input[builtins.str] accessor: The mount accessor related to the auth mount. It is useful for integration with [Identity Secrets Engine](https://www.vaultproject.io/docs/secrets/identity/index.html).
|
1009
|
+
:param pulumi.Input[builtins.str] client_email: The clients email associated with the credentials
|
1010
|
+
:param pulumi.Input[builtins.str] client_id: The Client ID of the credentials
|
1011
|
+
:param pulumi.Input[builtins.str] credentials: A JSON string containing the contents of a GCP credentials file. If this value is empty, Vault will try to use Application Default Credentials from the machine on which the Vault server is running.
|
839
1012
|
:param pulumi.Input[Union['AuthBackendCustomEndpointArgs', 'AuthBackendCustomEndpointArgsDict']] custom_endpoint: Specifies overrides to
|
840
1013
|
[service endpoints](https://cloud.google.com/apis/design/glossary#api_service_endpoint)
|
841
1014
|
used when making API requests. This allows specific requests made during authentication
|
@@ -843,24 +1016,32 @@ class AuthBackend(pulumi.CustomResource):
|
|
843
1016
|
environments. Requires Vault 1.11+.
|
844
1017
|
|
845
1018
|
Overrides are set at the subdomain level using the following keys:
|
846
|
-
:param pulumi.Input[str] description: A description of the auth method.
|
847
|
-
:param pulumi.Input[bool]
|
1019
|
+
:param pulumi.Input[builtins.str] description: A description of the auth method.
|
1020
|
+
:param pulumi.Input[builtins.bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
1021
|
+
:param pulumi.Input[builtins.bool] disable_remount: If set, opts out of mount migration on path updates.
|
848
1022
|
See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
|
849
|
-
:param pulumi.Input[str] identity_token_audience: The audience claim value for plugin identity
|
1023
|
+
:param pulumi.Input[builtins.str] identity_token_audience: The audience claim value for plugin identity
|
850
1024
|
tokens. Must match an allowed audience configured for the target [Workload Identity Pool](https://cloud.google.com/iam/docs/workload-identity-federation-with-other-providers#prepare).
|
851
1025
|
Mutually exclusive with `credentials`. Requires Vault 1.17+. *Available only for Vault Enterprise*.
|
852
|
-
:param pulumi.Input[str] identity_token_key: The key to use for signing plugin identity
|
1026
|
+
:param pulumi.Input[builtins.str] identity_token_key: The key to use for signing plugin identity
|
853
1027
|
tokens. Requires Vault 1.17+. *Available only for Vault Enterprise*.
|
854
|
-
:param pulumi.Input[int] identity_token_ttl: The TTL of generated tokens.
|
855
|
-
:param pulumi.Input[bool] local: Specifies if the auth method is local only.
|
856
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
1028
|
+
:param pulumi.Input[builtins.int] identity_token_ttl: The TTL of generated tokens.
|
1029
|
+
:param pulumi.Input[builtins.bool] local: Specifies if the auth method is local only.
|
1030
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
857
1031
|
The value should not contain leading or trailing forward slashes.
|
858
1032
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
859
1033
|
*Available only for Vault Enterprise*.
|
860
|
-
:param pulumi.Input[str] path: The path to mount the auth method — this defaults to 'gcp'.
|
861
|
-
:param pulumi.Input[str] private_key_id: The ID of the private key from the credentials
|
862
|
-
:param pulumi.Input[str] project_id: The GCP Project ID
|
863
|
-
:param pulumi.Input[
|
1034
|
+
:param pulumi.Input[builtins.str] path: The path to mount the auth method — this defaults to 'gcp'.
|
1035
|
+
:param pulumi.Input[builtins.str] private_key_id: The ID of the private key from the credentials
|
1036
|
+
:param pulumi.Input[builtins.str] project_id: The GCP Project ID
|
1037
|
+
:param pulumi.Input[builtins.int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
|
1038
|
+
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
1039
|
+
:param pulumi.Input[builtins.str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
1040
|
+
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
1041
|
+
:param pulumi.Input[builtins.int] rotation_window: The maximum amount of time in seconds allowed to complete
|
1042
|
+
a rotation when a scheduled token rotation occurs. The default rotation window is
|
1043
|
+
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
|
1044
|
+
:param pulumi.Input[builtins.str] service_account_email: Service Account to impersonate for plugin workload identity federation.
|
864
1045
|
Required with `identity_token_audience`. Requires Vault 1.17+. *Available only for Vault Enterprise*.
|
865
1046
|
:param pulumi.Input[Union['AuthBackendTuneArgs', 'AuthBackendTuneArgsDict']] tune: Extra configuration block. Structure is documented below.
|
866
1047
|
|
@@ -876,6 +1057,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
876
1057
|
__props__.__dict__["credentials"] = credentials
|
877
1058
|
__props__.__dict__["custom_endpoint"] = custom_endpoint
|
878
1059
|
__props__.__dict__["description"] = description
|
1060
|
+
__props__.__dict__["disable_automated_rotation"] = disable_automated_rotation
|
879
1061
|
__props__.__dict__["disable_remount"] = disable_remount
|
880
1062
|
__props__.__dict__["identity_token_audience"] = identity_token_audience
|
881
1063
|
__props__.__dict__["identity_token_key"] = identity_token_key
|
@@ -885,13 +1067,16 @@ class AuthBackend(pulumi.CustomResource):
|
|
885
1067
|
__props__.__dict__["path"] = path
|
886
1068
|
__props__.__dict__["private_key_id"] = private_key_id
|
887
1069
|
__props__.__dict__["project_id"] = project_id
|
1070
|
+
__props__.__dict__["rotation_period"] = rotation_period
|
1071
|
+
__props__.__dict__["rotation_schedule"] = rotation_schedule
|
1072
|
+
__props__.__dict__["rotation_window"] = rotation_window
|
888
1073
|
__props__.__dict__["service_account_email"] = service_account_email
|
889
1074
|
__props__.__dict__["tune"] = tune
|
890
1075
|
return AuthBackend(resource_name, opts=opts, __props__=__props__)
|
891
1076
|
|
892
1077
|
@property
|
893
1078
|
@pulumi.getter
|
894
|
-
def accessor(self) -> pulumi.Output[str]:
|
1079
|
+
def accessor(self) -> pulumi.Output[builtins.str]:
|
895
1080
|
"""
|
896
1081
|
The mount accessor related to the auth mount. It is useful for integration with [Identity Secrets Engine](https://www.vaultproject.io/docs/secrets/identity/index.html).
|
897
1082
|
"""
|
@@ -899,7 +1084,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
899
1084
|
|
900
1085
|
@property
|
901
1086
|
@pulumi.getter(name="clientEmail")
|
902
|
-
def client_email(self) -> pulumi.Output[str]:
|
1087
|
+
def client_email(self) -> pulumi.Output[builtins.str]:
|
903
1088
|
"""
|
904
1089
|
The clients email associated with the credentials
|
905
1090
|
"""
|
@@ -907,7 +1092,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
907
1092
|
|
908
1093
|
@property
|
909
1094
|
@pulumi.getter(name="clientId")
|
910
|
-
def client_id(self) -> pulumi.Output[str]:
|
1095
|
+
def client_id(self) -> pulumi.Output[builtins.str]:
|
911
1096
|
"""
|
912
1097
|
The Client ID of the credentials
|
913
1098
|
"""
|
@@ -915,7 +1100,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
915
1100
|
|
916
1101
|
@property
|
917
1102
|
@pulumi.getter
|
918
|
-
def credentials(self) -> pulumi.Output[Optional[str]]:
|
1103
|
+
def credentials(self) -> pulumi.Output[Optional[builtins.str]]:
|
919
1104
|
"""
|
920
1105
|
A JSON string containing the contents of a GCP credentials file. If this value is empty, Vault will try to use Application Default Credentials from the machine on which the Vault server is running.
|
921
1106
|
"""
|
@@ -937,15 +1122,23 @@ class AuthBackend(pulumi.CustomResource):
|
|
937
1122
|
|
938
1123
|
@property
|
939
1124
|
@pulumi.getter
|
940
|
-
def description(self) -> pulumi.Output[Optional[str]]:
|
1125
|
+
def description(self) -> pulumi.Output[Optional[builtins.str]]:
|
941
1126
|
"""
|
942
1127
|
A description of the auth method.
|
943
1128
|
"""
|
944
1129
|
return pulumi.get(self, "description")
|
945
1130
|
|
1131
|
+
@property
|
1132
|
+
@pulumi.getter(name="disableAutomatedRotation")
|
1133
|
+
def disable_automated_rotation(self) -> pulumi.Output[Optional[builtins.bool]]:
|
1134
|
+
"""
|
1135
|
+
Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
1136
|
+
"""
|
1137
|
+
return pulumi.get(self, "disable_automated_rotation")
|
1138
|
+
|
946
1139
|
@property
|
947
1140
|
@pulumi.getter(name="disableRemount")
|
948
|
-
def disable_remount(self) -> pulumi.Output[Optional[bool]]:
|
1141
|
+
def disable_remount(self) -> pulumi.Output[Optional[builtins.bool]]:
|
949
1142
|
"""
|
950
1143
|
If set, opts out of mount migration on path updates.
|
951
1144
|
See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
|
@@ -954,7 +1147,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
954
1147
|
|
955
1148
|
@property
|
956
1149
|
@pulumi.getter(name="identityTokenAudience")
|
957
|
-
def identity_token_audience(self) -> pulumi.Output[Optional[str]]:
|
1150
|
+
def identity_token_audience(self) -> pulumi.Output[Optional[builtins.str]]:
|
958
1151
|
"""
|
959
1152
|
The audience claim value for plugin identity
|
960
1153
|
tokens. Must match an allowed audience configured for the target [Workload Identity Pool](https://cloud.google.com/iam/docs/workload-identity-federation-with-other-providers#prepare).
|
@@ -964,7 +1157,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
964
1157
|
|
965
1158
|
@property
|
966
1159
|
@pulumi.getter(name="identityTokenKey")
|
967
|
-
def identity_token_key(self) -> pulumi.Output[Optional[str]]:
|
1160
|
+
def identity_token_key(self) -> pulumi.Output[Optional[builtins.str]]:
|
968
1161
|
"""
|
969
1162
|
The key to use for signing plugin identity
|
970
1163
|
tokens. Requires Vault 1.17+. *Available only for Vault Enterprise*.
|
@@ -973,7 +1166,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
973
1166
|
|
974
1167
|
@property
|
975
1168
|
@pulumi.getter(name="identityTokenTtl")
|
976
|
-
def identity_token_ttl(self) -> pulumi.Output[Optional[int]]:
|
1169
|
+
def identity_token_ttl(self) -> pulumi.Output[Optional[builtins.int]]:
|
977
1170
|
"""
|
978
1171
|
The TTL of generated tokens.
|
979
1172
|
"""
|
@@ -981,7 +1174,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
981
1174
|
|
982
1175
|
@property
|
983
1176
|
@pulumi.getter
|
984
|
-
def local(self) -> pulumi.Output[Optional[bool]]:
|
1177
|
+
def local(self) -> pulumi.Output[Optional[builtins.bool]]:
|
985
1178
|
"""
|
986
1179
|
Specifies if the auth method is local only.
|
987
1180
|
"""
|
@@ -989,7 +1182,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
989
1182
|
|
990
1183
|
@property
|
991
1184
|
@pulumi.getter
|
992
|
-
def namespace(self) -> pulumi.Output[Optional[str]]:
|
1185
|
+
def namespace(self) -> pulumi.Output[Optional[builtins.str]]:
|
993
1186
|
"""
|
994
1187
|
The namespace to provision the resource in.
|
995
1188
|
The value should not contain leading or trailing forward slashes.
|
@@ -1000,7 +1193,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1000
1193
|
|
1001
1194
|
@property
|
1002
1195
|
@pulumi.getter
|
1003
|
-
def path(self) -> pulumi.Output[Optional[str]]:
|
1196
|
+
def path(self) -> pulumi.Output[Optional[builtins.str]]:
|
1004
1197
|
"""
|
1005
1198
|
The path to mount the auth method — this defaults to 'gcp'.
|
1006
1199
|
"""
|
@@ -1008,7 +1201,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1008
1201
|
|
1009
1202
|
@property
|
1010
1203
|
@pulumi.getter(name="privateKeyId")
|
1011
|
-
def private_key_id(self) -> pulumi.Output[str]:
|
1204
|
+
def private_key_id(self) -> pulumi.Output[builtins.str]:
|
1012
1205
|
"""
|
1013
1206
|
The ID of the private key from the credentials
|
1014
1207
|
"""
|
@@ -1016,15 +1209,43 @@ class AuthBackend(pulumi.CustomResource):
|
|
1016
1209
|
|
1017
1210
|
@property
|
1018
1211
|
@pulumi.getter(name="projectId")
|
1019
|
-
def project_id(self) -> pulumi.Output[str]:
|
1212
|
+
def project_id(self) -> pulumi.Output[builtins.str]:
|
1020
1213
|
"""
|
1021
1214
|
The GCP Project ID
|
1022
1215
|
"""
|
1023
1216
|
return pulumi.get(self, "project_id")
|
1024
1217
|
|
1218
|
+
@property
|
1219
|
+
@pulumi.getter(name="rotationPeriod")
|
1220
|
+
def rotation_period(self) -> pulumi.Output[Optional[builtins.int]]:
|
1221
|
+
"""
|
1222
|
+
The amount of time in seconds Vault should wait before rotating the root credential.
|
1223
|
+
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
1224
|
+
"""
|
1225
|
+
return pulumi.get(self, "rotation_period")
|
1226
|
+
|
1227
|
+
@property
|
1228
|
+
@pulumi.getter(name="rotationSchedule")
|
1229
|
+
def rotation_schedule(self) -> pulumi.Output[Optional[builtins.str]]:
|
1230
|
+
"""
|
1231
|
+
The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
1232
|
+
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
1233
|
+
"""
|
1234
|
+
return pulumi.get(self, "rotation_schedule")
|
1235
|
+
|
1236
|
+
@property
|
1237
|
+
@pulumi.getter(name="rotationWindow")
|
1238
|
+
def rotation_window(self) -> pulumi.Output[Optional[builtins.int]]:
|
1239
|
+
"""
|
1240
|
+
The maximum amount of time in seconds allowed to complete
|
1241
|
+
a rotation when a scheduled token rotation occurs. The default rotation window is
|
1242
|
+
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
|
1243
|
+
"""
|
1244
|
+
return pulumi.get(self, "rotation_window")
|
1245
|
+
|
1025
1246
|
@property
|
1026
1247
|
@pulumi.getter(name="serviceAccountEmail")
|
1027
|
-
def service_account_email(self) -> pulumi.Output[Optional[str]]:
|
1248
|
+
def service_account_email(self) -> pulumi.Output[Optional[builtins.str]]:
|
1028
1249
|
"""
|
1029
1250
|
Service Account to impersonate for plugin workload identity federation.
|
1030
1251
|
Required with `identity_token_audience`. Requires Vault 1.17+. *Available only for Vault Enterprise*.
|