pulumi-vault 6.6.0a1741415971__py3-none-any.whl → 6.7.0__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +9 -0
- pulumi_vault/_inputs.py +583 -562
- pulumi_vault/ad/__init__.py +1 -0
- pulumi_vault/ad/get_access_credentials.py +20 -19
- pulumi_vault/ad/secret_backend.py +477 -476
- pulumi_vault/ad/secret_library.py +99 -98
- pulumi_vault/ad/secret_role.py +85 -84
- pulumi_vault/alicloud/__init__.py +1 -0
- pulumi_vault/alicloud/auth_backend_role.py +183 -182
- pulumi_vault/approle/__init__.py +1 -0
- pulumi_vault/approle/auth_backend_login.py +106 -105
- pulumi_vault/approle/auth_backend_role.py +239 -238
- pulumi_vault/approle/auth_backend_role_secret_id.py +162 -161
- pulumi_vault/approle/get_auth_backend_role_id.py +18 -17
- pulumi_vault/audit.py +85 -84
- pulumi_vault/audit_request_header.py +43 -42
- pulumi_vault/auth_backend.py +106 -105
- pulumi_vault/aws/__init__.py +1 -0
- pulumi_vault/aws/auth_backend_cert.py +71 -70
- pulumi_vault/aws/auth_backend_client.py +425 -200
- pulumi_vault/aws/auth_backend_config_identity.py +85 -84
- pulumi_vault/aws/auth_backend_identity_whitelist.py +57 -56
- pulumi_vault/aws/auth_backend_login.py +209 -208
- pulumi_vault/aws/auth_backend_role.py +400 -399
- pulumi_vault/aws/auth_backend_role_tag.py +127 -126
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +57 -56
- pulumi_vault/aws/auth_backend_sts_role.py +71 -70
- pulumi_vault/aws/get_access_credentials.py +44 -43
- pulumi_vault/aws/get_static_access_credentials.py +13 -12
- pulumi_vault/aws/secret_backend.py +523 -306
- pulumi_vault/aws/secret_backend_role.py +211 -210
- pulumi_vault/aws/secret_backend_static_role.py +288 -70
- pulumi_vault/azure/__init__.py +1 -0
- pulumi_vault/azure/_inputs.py +21 -20
- pulumi_vault/azure/auth_backend_config.py +383 -130
- pulumi_vault/azure/auth_backend_role.py +253 -252
- pulumi_vault/azure/backend.py +432 -186
- pulumi_vault/azure/backend_role.py +188 -140
- pulumi_vault/azure/get_access_credentials.py +58 -57
- pulumi_vault/azure/outputs.py +11 -10
- pulumi_vault/cert_auth_backend_role.py +365 -364
- pulumi_vault/config/__init__.py +1 -0
- pulumi_vault/config/__init__.pyi +1 -0
- pulumi_vault/config/_inputs.py +11 -10
- pulumi_vault/config/outputs.py +287 -286
- pulumi_vault/config/ui_custom_message.py +113 -112
- pulumi_vault/config/vars.py +1 -0
- pulumi_vault/consul/__init__.py +1 -0
- pulumi_vault/consul/secret_backend.py +197 -196
- pulumi_vault/consul/secret_backend_role.py +183 -182
- pulumi_vault/database/__init__.py +1 -0
- pulumi_vault/database/_inputs.py +3857 -2200
- pulumi_vault/database/outputs.py +2483 -1330
- pulumi_vault/database/secret_backend_connection.py +333 -112
- pulumi_vault/database/secret_backend_role.py +169 -168
- pulumi_vault/database/secret_backend_static_role.py +283 -140
- pulumi_vault/database/secrets_mount.py +275 -266
- pulumi_vault/egp_policy.py +71 -70
- pulumi_vault/gcp/__init__.py +1 -0
- pulumi_vault/gcp/_inputs.py +82 -81
- pulumi_vault/gcp/auth_backend.py +426 -205
- pulumi_vault/gcp/auth_backend_role.py +281 -280
- pulumi_vault/gcp/get_auth_backend_role.py +70 -69
- pulumi_vault/gcp/outputs.py +50 -49
- pulumi_vault/gcp/secret_backend.py +420 -179
- pulumi_vault/gcp/secret_impersonated_account.py +92 -91
- pulumi_vault/gcp/secret_roleset.py +92 -91
- pulumi_vault/gcp/secret_static_account.py +92 -91
- pulumi_vault/generic/__init__.py +1 -0
- pulumi_vault/generic/endpoint.py +113 -112
- pulumi_vault/generic/get_secret.py +28 -27
- pulumi_vault/generic/secret.py +78 -77
- pulumi_vault/get_auth_backend.py +19 -18
- pulumi_vault/get_auth_backends.py +14 -13
- pulumi_vault/get_namespace.py +15 -14
- pulumi_vault/get_namespaces.py +68 -18
- pulumi_vault/get_nomad_access_token.py +19 -18
- pulumi_vault/get_policy_document.py +6 -5
- pulumi_vault/get_raft_autopilot_state.py +18 -17
- pulumi_vault/github/__init__.py +1 -0
- pulumi_vault/github/_inputs.py +42 -41
- pulumi_vault/github/auth_backend.py +232 -231
- pulumi_vault/github/outputs.py +26 -25
- pulumi_vault/github/team.py +57 -56
- pulumi_vault/github/user.py +57 -56
- pulumi_vault/identity/__init__.py +1 -0
- pulumi_vault/identity/entity.py +85 -84
- pulumi_vault/identity/entity_alias.py +71 -70
- pulumi_vault/identity/entity_policies.py +64 -63
- pulumi_vault/identity/get_entity.py +43 -42
- pulumi_vault/identity/get_group.py +50 -49
- pulumi_vault/identity/get_oidc_client_creds.py +14 -13
- pulumi_vault/identity/get_oidc_openid_config.py +24 -23
- pulumi_vault/identity/get_oidc_public_keys.py +13 -12
- pulumi_vault/identity/group.py +141 -140
- pulumi_vault/identity/group_alias.py +57 -56
- pulumi_vault/identity/group_member_entity_ids.py +57 -56
- pulumi_vault/identity/group_member_group_ids.py +57 -56
- pulumi_vault/identity/group_policies.py +64 -63
- pulumi_vault/identity/mfa_duo.py +148 -147
- pulumi_vault/identity/mfa_login_enforcement.py +120 -119
- pulumi_vault/identity/mfa_okta.py +134 -133
- pulumi_vault/identity/mfa_pingid.py +127 -126
- pulumi_vault/identity/mfa_totp.py +176 -175
- pulumi_vault/identity/oidc.py +29 -28
- pulumi_vault/identity/oidc_assignment.py +57 -56
- pulumi_vault/identity/oidc_client.py +127 -126
- pulumi_vault/identity/oidc_key.py +85 -84
- pulumi_vault/identity/oidc_key_allowed_client_id.py +43 -42
- pulumi_vault/identity/oidc_provider.py +92 -91
- pulumi_vault/identity/oidc_role.py +85 -84
- pulumi_vault/identity/oidc_scope.py +57 -56
- pulumi_vault/identity/outputs.py +32 -31
- pulumi_vault/jwt/__init__.py +1 -0
- pulumi_vault/jwt/_inputs.py +42 -41
- pulumi_vault/jwt/auth_backend.py +288 -287
- pulumi_vault/jwt/auth_backend_role.py +407 -406
- pulumi_vault/jwt/outputs.py +26 -25
- pulumi_vault/kmip/__init__.py +1 -0
- pulumi_vault/kmip/secret_backend.py +183 -182
- pulumi_vault/kmip/secret_role.py +295 -294
- pulumi_vault/kmip/secret_scope.py +57 -56
- pulumi_vault/kubernetes/__init__.py +1 -0
- pulumi_vault/kubernetes/auth_backend_config.py +141 -140
- pulumi_vault/kubernetes/auth_backend_role.py +225 -224
- pulumi_vault/kubernetes/get_auth_backend_config.py +47 -46
- pulumi_vault/kubernetes/get_auth_backend_role.py +70 -69
- pulumi_vault/kubernetes/get_service_account_token.py +38 -37
- pulumi_vault/kubernetes/secret_backend.py +316 -315
- pulumi_vault/kubernetes/secret_backend_role.py +197 -196
- pulumi_vault/kv/__init__.py +1 -0
- pulumi_vault/kv/_inputs.py +21 -20
- pulumi_vault/kv/get_secret.py +17 -16
- pulumi_vault/kv/get_secret_subkeys_v2.py +30 -29
- pulumi_vault/kv/get_secret_v2.py +29 -28
- pulumi_vault/kv/get_secrets_list.py +13 -12
- pulumi_vault/kv/get_secrets_list_v2.py +19 -18
- pulumi_vault/kv/outputs.py +13 -12
- pulumi_vault/kv/secret.py +50 -49
- pulumi_vault/kv/secret_backend_v2.py +71 -70
- pulumi_vault/kv/secret_v2.py +134 -133
- pulumi_vault/ldap/__init__.py +1 -0
- pulumi_vault/ldap/auth_backend.py +754 -533
- pulumi_vault/ldap/auth_backend_group.py +57 -56
- pulumi_vault/ldap/auth_backend_user.py +71 -70
- pulumi_vault/ldap/get_dynamic_credentials.py +17 -16
- pulumi_vault/ldap/get_static_credentials.py +18 -17
- pulumi_vault/ldap/secret_backend.py +720 -499
- pulumi_vault/ldap/secret_backend_dynamic_role.py +127 -126
- pulumi_vault/ldap/secret_backend_library_set.py +99 -98
- pulumi_vault/ldap/secret_backend_static_role.py +99 -98
- pulumi_vault/managed/__init__.py +1 -0
- pulumi_vault/managed/_inputs.py +229 -228
- pulumi_vault/managed/keys.py +15 -14
- pulumi_vault/managed/outputs.py +139 -138
- pulumi_vault/mfa_duo.py +113 -112
- pulumi_vault/mfa_okta.py +113 -112
- pulumi_vault/mfa_pingid.py +120 -119
- pulumi_vault/mfa_totp.py +127 -126
- pulumi_vault/mongodbatlas/__init__.py +1 -0
- pulumi_vault/mongodbatlas/secret_backend.py +64 -63
- pulumi_vault/mongodbatlas/secret_role.py +155 -154
- pulumi_vault/mount.py +274 -273
- pulumi_vault/namespace.py +64 -63
- pulumi_vault/nomad_secret_backend.py +211 -210
- pulumi_vault/nomad_secret_role.py +85 -84
- pulumi_vault/okta/__init__.py +1 -0
- pulumi_vault/okta/_inputs.py +26 -25
- pulumi_vault/okta/auth_backend.py +274 -273
- pulumi_vault/okta/auth_backend_group.py +57 -56
- pulumi_vault/okta/auth_backend_user.py +71 -70
- pulumi_vault/okta/outputs.py +16 -15
- pulumi_vault/outputs.py +73 -60
- pulumi_vault/password_policy.py +43 -42
- pulumi_vault/pkisecret/__init__.py +3 -0
- pulumi_vault/pkisecret/_inputs.py +31 -36
- pulumi_vault/pkisecret/backend_acme_eab.py +92 -91
- pulumi_vault/pkisecret/backend_config_acme.py +174 -126
- pulumi_vault/pkisecret/backend_config_auto_tidy.py +1377 -0
- pulumi_vault/pkisecret/backend_config_cluster.py +57 -56
- pulumi_vault/pkisecret/backend_config_cmpv2.py +152 -104
- pulumi_vault/pkisecret/backend_config_est.py +120 -119
- pulumi_vault/pkisecret/get_backend_cert_metadata.py +278 -0
- pulumi_vault/pkisecret/get_backend_config_cmpv2.py +35 -17
- pulumi_vault/pkisecret/get_backend_config_est.py +19 -18
- pulumi_vault/pkisecret/get_backend_issuer.py +139 -25
- pulumi_vault/pkisecret/get_backend_issuers.py +15 -14
- pulumi_vault/pkisecret/get_backend_key.py +20 -19
- pulumi_vault/pkisecret/get_backend_keys.py +15 -14
- pulumi_vault/pkisecret/outputs.py +28 -31
- pulumi_vault/pkisecret/secret_backend_cert.py +439 -297
- pulumi_vault/pkisecret/secret_backend_config_ca.py +43 -42
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +57 -56
- pulumi_vault/pkisecret/secret_backend_config_urls.py +85 -84
- pulumi_vault/pkisecret/secret_backend_crl_config.py +237 -182
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +520 -378
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +57 -56
- pulumi_vault/pkisecret/secret_backend_issuer.py +441 -175
- pulumi_vault/pkisecret/secret_backend_key.py +120 -119
- pulumi_vault/pkisecret/secret_backend_role.py +894 -644
- pulumi_vault/pkisecret/secret_backend_root_cert.py +851 -427
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +936 -357
- pulumi_vault/pkisecret/secret_backend_sign.py +347 -252
- pulumi_vault/plugin.py +127 -126
- pulumi_vault/plugin_pinned_version.py +43 -42
- pulumi_vault/policy.py +43 -42
- pulumi_vault/provider.py +120 -119
- pulumi_vault/pulumi-plugin.json +1 -1
- pulumi_vault/quota_lease_count.py +85 -84
- pulumi_vault/quota_rate_limit.py +113 -112
- pulumi_vault/rabbitmq/__init__.py +1 -0
- pulumi_vault/rabbitmq/_inputs.py +41 -40
- pulumi_vault/rabbitmq/outputs.py +25 -24
- pulumi_vault/rabbitmq/secret_backend.py +169 -168
- pulumi_vault/rabbitmq/secret_backend_role.py +57 -56
- pulumi_vault/raft_autopilot.py +113 -112
- pulumi_vault/raft_snapshot_agent_config.py +393 -392
- pulumi_vault/rgp_policy.py +57 -56
- pulumi_vault/saml/__init__.py +1 -0
- pulumi_vault/saml/auth_backend.py +155 -154
- pulumi_vault/saml/auth_backend_role.py +239 -238
- pulumi_vault/secrets/__init__.py +1 -0
- pulumi_vault/secrets/_inputs.py +16 -15
- pulumi_vault/secrets/outputs.py +10 -9
- pulumi_vault/secrets/sync_association.py +71 -70
- pulumi_vault/secrets/sync_aws_destination.py +148 -147
- pulumi_vault/secrets/sync_azure_destination.py +148 -147
- pulumi_vault/secrets/sync_config.py +43 -42
- pulumi_vault/secrets/sync_gcp_destination.py +106 -105
- pulumi_vault/secrets/sync_gh_destination.py +134 -133
- pulumi_vault/secrets/sync_github_apps.py +64 -63
- pulumi_vault/secrets/sync_vercel_destination.py +120 -119
- pulumi_vault/ssh/__init__.py +2 -0
- pulumi_vault/ssh/_inputs.py +11 -10
- pulumi_vault/ssh/get_secret_backend_sign.py +295 -0
- pulumi_vault/ssh/outputs.py +7 -6
- pulumi_vault/ssh/secret_backend_ca.py +99 -98
- pulumi_vault/ssh/secret_backend_role.py +365 -364
- pulumi_vault/terraformcloud/__init__.py +1 -0
- pulumi_vault/terraformcloud/secret_backend.py +111 -110
- pulumi_vault/terraformcloud/secret_creds.py +74 -73
- pulumi_vault/terraformcloud/secret_role.py +96 -95
- pulumi_vault/token.py +246 -245
- pulumi_vault/tokenauth/__init__.py +1 -0
- pulumi_vault/tokenauth/auth_backend_role.py +267 -266
- pulumi_vault/transform/__init__.py +1 -0
- pulumi_vault/transform/alphabet.py +57 -56
- pulumi_vault/transform/get_decode.py +47 -46
- pulumi_vault/transform/get_encode.py +47 -46
- pulumi_vault/transform/role.py +57 -56
- pulumi_vault/transform/template.py +113 -112
- pulumi_vault/transform/transformation.py +141 -140
- pulumi_vault/transit/__init__.py +3 -0
- pulumi_vault/transit/get_decrypt.py +18 -17
- pulumi_vault/transit/get_encrypt.py +21 -20
- pulumi_vault/transit/get_sign.py +325 -0
- pulumi_vault/transit/get_verify.py +355 -0
- pulumi_vault/transit/secret_backend_key.py +394 -231
- pulumi_vault/transit/secret_cache_config.py +43 -42
- {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0.dist-info}/METADATA +2 -2
- pulumi_vault-6.7.0.dist-info/RECORD +265 -0
- {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0.dist-info}/WHEEL +1 -1
- pulumi_vault-6.6.0a1741415971.dist-info/RECORD +0 -260
- {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0.dist-info}/top_level.txt +0 -0
@@ -2,6 +2,7 @@
|
|
2
2
|
# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
|
3
3
|
# *** Do not edit by hand unless you're certain you know what you are doing! ***
|
4
4
|
|
5
|
+
import builtins
|
5
6
|
import copy
|
6
7
|
import warnings
|
7
8
|
import sys
|
@@ -19,48 +20,48 @@ __all__ = ['AuthBackendRoleArgs', 'AuthBackendRole']
|
|
19
20
|
@pulumi.input_type
|
20
21
|
class AuthBackendRoleArgs:
|
21
22
|
def __init__(__self__, *,
|
22
|
-
bound_service_account_names: pulumi.Input[Sequence[pulumi.Input[str]]],
|
23
|
-
bound_service_account_namespaces: pulumi.Input[Sequence[pulumi.Input[str]]],
|
24
|
-
role_name: pulumi.Input[str],
|
25
|
-
alias_name_source: Optional[pulumi.Input[str]] = None,
|
26
|
-
audience: Optional[pulumi.Input[str]] = None,
|
27
|
-
backend: Optional[pulumi.Input[str]] = None,
|
28
|
-
namespace: Optional[pulumi.Input[str]] = None,
|
29
|
-
token_bound_cidrs: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
30
|
-
token_explicit_max_ttl: Optional[pulumi.Input[int]] = None,
|
31
|
-
token_max_ttl: Optional[pulumi.Input[int]] = None,
|
32
|
-
token_no_default_policy: Optional[pulumi.Input[bool]] = None,
|
33
|
-
token_num_uses: Optional[pulumi.Input[int]] = None,
|
34
|
-
token_period: Optional[pulumi.Input[int]] = None,
|
35
|
-
token_policies: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
36
|
-
token_ttl: Optional[pulumi.Input[int]] = None,
|
37
|
-
token_type: Optional[pulumi.Input[str]] = None):
|
23
|
+
bound_service_account_names: pulumi.Input[Sequence[pulumi.Input[builtins.str]]],
|
24
|
+
bound_service_account_namespaces: pulumi.Input[Sequence[pulumi.Input[builtins.str]]],
|
25
|
+
role_name: pulumi.Input[builtins.str],
|
26
|
+
alias_name_source: Optional[pulumi.Input[builtins.str]] = None,
|
27
|
+
audience: Optional[pulumi.Input[builtins.str]] = None,
|
28
|
+
backend: Optional[pulumi.Input[builtins.str]] = None,
|
29
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
30
|
+
token_bound_cidrs: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
31
|
+
token_explicit_max_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
32
|
+
token_max_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
33
|
+
token_no_default_policy: Optional[pulumi.Input[builtins.bool]] = None,
|
34
|
+
token_num_uses: Optional[pulumi.Input[builtins.int]] = None,
|
35
|
+
token_period: Optional[pulumi.Input[builtins.int]] = None,
|
36
|
+
token_policies: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
37
|
+
token_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
38
|
+
token_type: Optional[pulumi.Input[builtins.str]] = None):
|
38
39
|
"""
|
39
40
|
The set of arguments for constructing a AuthBackendRole resource.
|
40
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] bound_service_account_names: List of service account names able to access this role. If set to `["*"]` all names are allowed, both this and bound_service_account_namespaces can not be "*".
|
41
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] bound_service_account_namespaces: List of namespaces allowed to access this role. If set to `["*"]` all namespaces are allowed, both this and bound_service_account_names can not be set to "*".
|
42
|
-
:param pulumi.Input[str] role_name: Name of the role.
|
43
|
-
:param pulumi.Input[str] alias_name_source: Configures how identity aliases are generated.
|
41
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] bound_service_account_names: List of service account names able to access this role. If set to `["*"]` all names are allowed, both this and bound_service_account_namespaces can not be "*".
|
42
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] bound_service_account_namespaces: List of namespaces allowed to access this role. If set to `["*"]` all namespaces are allowed, both this and bound_service_account_names can not be set to "*".
|
43
|
+
:param pulumi.Input[builtins.str] role_name: Name of the role.
|
44
|
+
:param pulumi.Input[builtins.str] alias_name_source: Configures how identity aliases are generated.
|
44
45
|
Valid choices are: `serviceaccount_uid`, `serviceaccount_name`. (vault-1.9+)
|
45
|
-
:param pulumi.Input[str] audience: Audience claim to verify in the JWT.
|
46
|
+
:param pulumi.Input[builtins.str] audience: Audience claim to verify in the JWT.
|
46
47
|
|
47
48
|
> Please see [alias_name_source](https://www.vaultproject.io/api-docs/auth/kubernetes#alias_name_source)
|
48
49
|
before setting this to something other its default value. There are **important** security
|
49
50
|
implications to be aware of.
|
50
|
-
:param pulumi.Input[str] backend: Unique name of the kubernetes backend to configure.
|
51
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
51
|
+
:param pulumi.Input[builtins.str] backend: Unique name of the kubernetes backend to configure.
|
52
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
52
53
|
The value should not contain leading or trailing forward slashes.
|
53
54
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
54
55
|
*Available only for Vault Enterprise*.
|
55
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
|
56
|
-
:param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
|
57
|
-
:param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
|
58
|
-
:param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
|
59
|
-
:param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
|
60
|
-
:param pulumi.Input[int] token_period: Generated Token's Period
|
61
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
|
62
|
-
:param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
|
63
|
-
:param pulumi.Input[str] token_type: The type of token to generate, service or batch
|
56
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
|
57
|
+
:param pulumi.Input[builtins.int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
|
58
|
+
:param pulumi.Input[builtins.int] token_max_ttl: The maximum lifetime of the generated token
|
59
|
+
:param pulumi.Input[builtins.bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
|
60
|
+
:param pulumi.Input[builtins.int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
|
61
|
+
:param pulumi.Input[builtins.int] token_period: Generated Token's Period
|
62
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] token_policies: Generated Token's Policies
|
63
|
+
:param pulumi.Input[builtins.int] token_ttl: The initial ttl of the token to generate in seconds
|
64
|
+
:param pulumi.Input[builtins.str] token_type: The type of token to generate, service or batch
|
64
65
|
"""
|
65
66
|
pulumi.set(__self__, "bound_service_account_names", bound_service_account_names)
|
66
67
|
pulumi.set(__self__, "bound_service_account_namespaces", bound_service_account_namespaces)
|
@@ -94,43 +95,43 @@ class AuthBackendRoleArgs:
|
|
94
95
|
|
95
96
|
@property
|
96
97
|
@pulumi.getter(name="boundServiceAccountNames")
|
97
|
-
def bound_service_account_names(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]:
|
98
|
+
def bound_service_account_names(self) -> pulumi.Input[Sequence[pulumi.Input[builtins.str]]]:
|
98
99
|
"""
|
99
100
|
List of service account names able to access this role. If set to `["*"]` all names are allowed, both this and bound_service_account_namespaces can not be "*".
|
100
101
|
"""
|
101
102
|
return pulumi.get(self, "bound_service_account_names")
|
102
103
|
|
103
104
|
@bound_service_account_names.setter
|
104
|
-
def bound_service_account_names(self, value: pulumi.Input[Sequence[pulumi.Input[str]]]):
|
105
|
+
def bound_service_account_names(self, value: pulumi.Input[Sequence[pulumi.Input[builtins.str]]]):
|
105
106
|
pulumi.set(self, "bound_service_account_names", value)
|
106
107
|
|
107
108
|
@property
|
108
109
|
@pulumi.getter(name="boundServiceAccountNamespaces")
|
109
|
-
def bound_service_account_namespaces(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]:
|
110
|
+
def bound_service_account_namespaces(self) -> pulumi.Input[Sequence[pulumi.Input[builtins.str]]]:
|
110
111
|
"""
|
111
112
|
List of namespaces allowed to access this role. If set to `["*"]` all namespaces are allowed, both this and bound_service_account_names can not be set to "*".
|
112
113
|
"""
|
113
114
|
return pulumi.get(self, "bound_service_account_namespaces")
|
114
115
|
|
115
116
|
@bound_service_account_namespaces.setter
|
116
|
-
def bound_service_account_namespaces(self, value: pulumi.Input[Sequence[pulumi.Input[str]]]):
|
117
|
+
def bound_service_account_namespaces(self, value: pulumi.Input[Sequence[pulumi.Input[builtins.str]]]):
|
117
118
|
pulumi.set(self, "bound_service_account_namespaces", value)
|
118
119
|
|
119
120
|
@property
|
120
121
|
@pulumi.getter(name="roleName")
|
121
|
-
def role_name(self) -> pulumi.Input[str]:
|
122
|
+
def role_name(self) -> pulumi.Input[builtins.str]:
|
122
123
|
"""
|
123
124
|
Name of the role.
|
124
125
|
"""
|
125
126
|
return pulumi.get(self, "role_name")
|
126
127
|
|
127
128
|
@role_name.setter
|
128
|
-
def role_name(self, value: pulumi.Input[str]):
|
129
|
+
def role_name(self, value: pulumi.Input[builtins.str]):
|
129
130
|
pulumi.set(self, "role_name", value)
|
130
131
|
|
131
132
|
@property
|
132
133
|
@pulumi.getter(name="aliasNameSource")
|
133
|
-
def alias_name_source(self) -> Optional[pulumi.Input[str]]:
|
134
|
+
def alias_name_source(self) -> Optional[pulumi.Input[builtins.str]]:
|
134
135
|
"""
|
135
136
|
Configures how identity aliases are generated.
|
136
137
|
Valid choices are: `serviceaccount_uid`, `serviceaccount_name`. (vault-1.9+)
|
@@ -138,12 +139,12 @@ class AuthBackendRoleArgs:
|
|
138
139
|
return pulumi.get(self, "alias_name_source")
|
139
140
|
|
140
141
|
@alias_name_source.setter
|
141
|
-
def alias_name_source(self, value: Optional[pulumi.Input[str]]):
|
142
|
+
def alias_name_source(self, value: Optional[pulumi.Input[builtins.str]]):
|
142
143
|
pulumi.set(self, "alias_name_source", value)
|
143
144
|
|
144
145
|
@property
|
145
146
|
@pulumi.getter
|
146
|
-
def audience(self) -> Optional[pulumi.Input[str]]:
|
147
|
+
def audience(self) -> Optional[pulumi.Input[builtins.str]]:
|
147
148
|
"""
|
148
149
|
Audience claim to verify in the JWT.
|
149
150
|
|
@@ -154,24 +155,24 @@ class AuthBackendRoleArgs:
|
|
154
155
|
return pulumi.get(self, "audience")
|
155
156
|
|
156
157
|
@audience.setter
|
157
|
-
def audience(self, value: Optional[pulumi.Input[str]]):
|
158
|
+
def audience(self, value: Optional[pulumi.Input[builtins.str]]):
|
158
159
|
pulumi.set(self, "audience", value)
|
159
160
|
|
160
161
|
@property
|
161
162
|
@pulumi.getter
|
162
|
-
def backend(self) -> Optional[pulumi.Input[str]]:
|
163
|
+
def backend(self) -> Optional[pulumi.Input[builtins.str]]:
|
163
164
|
"""
|
164
165
|
Unique name of the kubernetes backend to configure.
|
165
166
|
"""
|
166
167
|
return pulumi.get(self, "backend")
|
167
168
|
|
168
169
|
@backend.setter
|
169
|
-
def backend(self, value: Optional[pulumi.Input[str]]):
|
170
|
+
def backend(self, value: Optional[pulumi.Input[builtins.str]]):
|
170
171
|
pulumi.set(self, "backend", value)
|
171
172
|
|
172
173
|
@property
|
173
174
|
@pulumi.getter
|
174
|
-
def namespace(self) -> Optional[pulumi.Input[str]]:
|
175
|
+
def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
|
175
176
|
"""
|
176
177
|
The namespace to provision the resource in.
|
177
178
|
The value should not contain leading or trailing forward slashes.
|
@@ -181,163 +182,163 @@ class AuthBackendRoleArgs:
|
|
181
182
|
return pulumi.get(self, "namespace")
|
182
183
|
|
183
184
|
@namespace.setter
|
184
|
-
def namespace(self, value: Optional[pulumi.Input[str]]):
|
185
|
+
def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
|
185
186
|
pulumi.set(self, "namespace", value)
|
186
187
|
|
187
188
|
@property
|
188
189
|
@pulumi.getter(name="tokenBoundCidrs")
|
189
|
-
def token_bound_cidrs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
190
|
+
def token_bound_cidrs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
190
191
|
"""
|
191
192
|
Specifies the blocks of IP addresses which are allowed to use the generated token
|
192
193
|
"""
|
193
194
|
return pulumi.get(self, "token_bound_cidrs")
|
194
195
|
|
195
196
|
@token_bound_cidrs.setter
|
196
|
-
def token_bound_cidrs(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
197
|
+
def token_bound_cidrs(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
197
198
|
pulumi.set(self, "token_bound_cidrs", value)
|
198
199
|
|
199
200
|
@property
|
200
201
|
@pulumi.getter(name="tokenExplicitMaxTtl")
|
201
|
-
def token_explicit_max_ttl(self) -> Optional[pulumi.Input[int]]:
|
202
|
+
def token_explicit_max_ttl(self) -> Optional[pulumi.Input[builtins.int]]:
|
202
203
|
"""
|
203
204
|
Generated Token's Explicit Maximum TTL in seconds
|
204
205
|
"""
|
205
206
|
return pulumi.get(self, "token_explicit_max_ttl")
|
206
207
|
|
207
208
|
@token_explicit_max_ttl.setter
|
208
|
-
def token_explicit_max_ttl(self, value: Optional[pulumi.Input[int]]):
|
209
|
+
def token_explicit_max_ttl(self, value: Optional[pulumi.Input[builtins.int]]):
|
209
210
|
pulumi.set(self, "token_explicit_max_ttl", value)
|
210
211
|
|
211
212
|
@property
|
212
213
|
@pulumi.getter(name="tokenMaxTtl")
|
213
|
-
def token_max_ttl(self) -> Optional[pulumi.Input[int]]:
|
214
|
+
def token_max_ttl(self) -> Optional[pulumi.Input[builtins.int]]:
|
214
215
|
"""
|
215
216
|
The maximum lifetime of the generated token
|
216
217
|
"""
|
217
218
|
return pulumi.get(self, "token_max_ttl")
|
218
219
|
|
219
220
|
@token_max_ttl.setter
|
220
|
-
def token_max_ttl(self, value: Optional[pulumi.Input[int]]):
|
221
|
+
def token_max_ttl(self, value: Optional[pulumi.Input[builtins.int]]):
|
221
222
|
pulumi.set(self, "token_max_ttl", value)
|
222
223
|
|
223
224
|
@property
|
224
225
|
@pulumi.getter(name="tokenNoDefaultPolicy")
|
225
|
-
def token_no_default_policy(self) -> Optional[pulumi.Input[bool]]:
|
226
|
+
def token_no_default_policy(self) -> Optional[pulumi.Input[builtins.bool]]:
|
226
227
|
"""
|
227
228
|
If true, the 'default' policy will not automatically be added to generated tokens
|
228
229
|
"""
|
229
230
|
return pulumi.get(self, "token_no_default_policy")
|
230
231
|
|
231
232
|
@token_no_default_policy.setter
|
232
|
-
def token_no_default_policy(self, value: Optional[pulumi.Input[bool]]):
|
233
|
+
def token_no_default_policy(self, value: Optional[pulumi.Input[builtins.bool]]):
|
233
234
|
pulumi.set(self, "token_no_default_policy", value)
|
234
235
|
|
235
236
|
@property
|
236
237
|
@pulumi.getter(name="tokenNumUses")
|
237
|
-
def token_num_uses(self) -> Optional[pulumi.Input[int]]:
|
238
|
+
def token_num_uses(self) -> Optional[pulumi.Input[builtins.int]]:
|
238
239
|
"""
|
239
240
|
The maximum number of times a token may be used, a value of zero means unlimited
|
240
241
|
"""
|
241
242
|
return pulumi.get(self, "token_num_uses")
|
242
243
|
|
243
244
|
@token_num_uses.setter
|
244
|
-
def token_num_uses(self, value: Optional[pulumi.Input[int]]):
|
245
|
+
def token_num_uses(self, value: Optional[pulumi.Input[builtins.int]]):
|
245
246
|
pulumi.set(self, "token_num_uses", value)
|
246
247
|
|
247
248
|
@property
|
248
249
|
@pulumi.getter(name="tokenPeriod")
|
249
|
-
def token_period(self) -> Optional[pulumi.Input[int]]:
|
250
|
+
def token_period(self) -> Optional[pulumi.Input[builtins.int]]:
|
250
251
|
"""
|
251
252
|
Generated Token's Period
|
252
253
|
"""
|
253
254
|
return pulumi.get(self, "token_period")
|
254
255
|
|
255
256
|
@token_period.setter
|
256
|
-
def token_period(self, value: Optional[pulumi.Input[int]]):
|
257
|
+
def token_period(self, value: Optional[pulumi.Input[builtins.int]]):
|
257
258
|
pulumi.set(self, "token_period", value)
|
258
259
|
|
259
260
|
@property
|
260
261
|
@pulumi.getter(name="tokenPolicies")
|
261
|
-
def token_policies(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
262
|
+
def token_policies(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
262
263
|
"""
|
263
264
|
Generated Token's Policies
|
264
265
|
"""
|
265
266
|
return pulumi.get(self, "token_policies")
|
266
267
|
|
267
268
|
@token_policies.setter
|
268
|
-
def token_policies(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
269
|
+
def token_policies(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
269
270
|
pulumi.set(self, "token_policies", value)
|
270
271
|
|
271
272
|
@property
|
272
273
|
@pulumi.getter(name="tokenTtl")
|
273
|
-
def token_ttl(self) -> Optional[pulumi.Input[int]]:
|
274
|
+
def token_ttl(self) -> Optional[pulumi.Input[builtins.int]]:
|
274
275
|
"""
|
275
276
|
The initial ttl of the token to generate in seconds
|
276
277
|
"""
|
277
278
|
return pulumi.get(self, "token_ttl")
|
278
279
|
|
279
280
|
@token_ttl.setter
|
280
|
-
def token_ttl(self, value: Optional[pulumi.Input[int]]):
|
281
|
+
def token_ttl(self, value: Optional[pulumi.Input[builtins.int]]):
|
281
282
|
pulumi.set(self, "token_ttl", value)
|
282
283
|
|
283
284
|
@property
|
284
285
|
@pulumi.getter(name="tokenType")
|
285
|
-
def token_type(self) -> Optional[pulumi.Input[str]]:
|
286
|
+
def token_type(self) -> Optional[pulumi.Input[builtins.str]]:
|
286
287
|
"""
|
287
288
|
The type of token to generate, service or batch
|
288
289
|
"""
|
289
290
|
return pulumi.get(self, "token_type")
|
290
291
|
|
291
292
|
@token_type.setter
|
292
|
-
def token_type(self, value: Optional[pulumi.Input[str]]):
|
293
|
+
def token_type(self, value: Optional[pulumi.Input[builtins.str]]):
|
293
294
|
pulumi.set(self, "token_type", value)
|
294
295
|
|
295
296
|
|
296
297
|
@pulumi.input_type
|
297
298
|
class _AuthBackendRoleState:
|
298
299
|
def __init__(__self__, *,
|
299
|
-
alias_name_source: Optional[pulumi.Input[str]] = None,
|
300
|
-
audience: Optional[pulumi.Input[str]] = None,
|
301
|
-
backend: Optional[pulumi.Input[str]] = None,
|
302
|
-
bound_service_account_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
303
|
-
bound_service_account_namespaces: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
304
|
-
namespace: Optional[pulumi.Input[str]] = None,
|
305
|
-
role_name: Optional[pulumi.Input[str]] = None,
|
306
|
-
token_bound_cidrs: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
307
|
-
token_explicit_max_ttl: Optional[pulumi.Input[int]] = None,
|
308
|
-
token_max_ttl: Optional[pulumi.Input[int]] = None,
|
309
|
-
token_no_default_policy: Optional[pulumi.Input[bool]] = None,
|
310
|
-
token_num_uses: Optional[pulumi.Input[int]] = None,
|
311
|
-
token_period: Optional[pulumi.Input[int]] = None,
|
312
|
-
token_policies: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
313
|
-
token_ttl: Optional[pulumi.Input[int]] = None,
|
314
|
-
token_type: Optional[pulumi.Input[str]] = None):
|
300
|
+
alias_name_source: Optional[pulumi.Input[builtins.str]] = None,
|
301
|
+
audience: Optional[pulumi.Input[builtins.str]] = None,
|
302
|
+
backend: Optional[pulumi.Input[builtins.str]] = None,
|
303
|
+
bound_service_account_names: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
304
|
+
bound_service_account_namespaces: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
305
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
306
|
+
role_name: Optional[pulumi.Input[builtins.str]] = None,
|
307
|
+
token_bound_cidrs: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
308
|
+
token_explicit_max_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
309
|
+
token_max_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
310
|
+
token_no_default_policy: Optional[pulumi.Input[builtins.bool]] = None,
|
311
|
+
token_num_uses: Optional[pulumi.Input[builtins.int]] = None,
|
312
|
+
token_period: Optional[pulumi.Input[builtins.int]] = None,
|
313
|
+
token_policies: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
314
|
+
token_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
315
|
+
token_type: Optional[pulumi.Input[builtins.str]] = None):
|
315
316
|
"""
|
316
317
|
Input properties used for looking up and filtering AuthBackendRole resources.
|
317
|
-
:param pulumi.Input[str] alias_name_source: Configures how identity aliases are generated.
|
318
|
+
:param pulumi.Input[builtins.str] alias_name_source: Configures how identity aliases are generated.
|
318
319
|
Valid choices are: `serviceaccount_uid`, `serviceaccount_name`. (vault-1.9+)
|
319
|
-
:param pulumi.Input[str] audience: Audience claim to verify in the JWT.
|
320
|
+
:param pulumi.Input[builtins.str] audience: Audience claim to verify in the JWT.
|
320
321
|
|
321
322
|
> Please see [alias_name_source](https://www.vaultproject.io/api-docs/auth/kubernetes#alias_name_source)
|
322
323
|
before setting this to something other its default value. There are **important** security
|
323
324
|
implications to be aware of.
|
324
|
-
:param pulumi.Input[str] backend: Unique name of the kubernetes backend to configure.
|
325
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] bound_service_account_names: List of service account names able to access this role. If set to `["*"]` all names are allowed, both this and bound_service_account_namespaces can not be "*".
|
326
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] bound_service_account_namespaces: List of namespaces allowed to access this role. If set to `["*"]` all namespaces are allowed, both this and bound_service_account_names can not be set to "*".
|
327
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
325
|
+
:param pulumi.Input[builtins.str] backend: Unique name of the kubernetes backend to configure.
|
326
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] bound_service_account_names: List of service account names able to access this role. If set to `["*"]` all names are allowed, both this and bound_service_account_namespaces can not be "*".
|
327
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] bound_service_account_namespaces: List of namespaces allowed to access this role. If set to `["*"]` all namespaces are allowed, both this and bound_service_account_names can not be set to "*".
|
328
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
328
329
|
The value should not contain leading or trailing forward slashes.
|
329
330
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
330
331
|
*Available only for Vault Enterprise*.
|
331
|
-
:param pulumi.Input[str] role_name: Name of the role.
|
332
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
|
333
|
-
:param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
|
334
|
-
:param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
|
335
|
-
:param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
|
336
|
-
:param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
|
337
|
-
:param pulumi.Input[int] token_period: Generated Token's Period
|
338
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
|
339
|
-
:param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
|
340
|
-
:param pulumi.Input[str] token_type: The type of token to generate, service or batch
|
332
|
+
:param pulumi.Input[builtins.str] role_name: Name of the role.
|
333
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
|
334
|
+
:param pulumi.Input[builtins.int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
|
335
|
+
:param pulumi.Input[builtins.int] token_max_ttl: The maximum lifetime of the generated token
|
336
|
+
:param pulumi.Input[builtins.bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
|
337
|
+
:param pulumi.Input[builtins.int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
|
338
|
+
:param pulumi.Input[builtins.int] token_period: Generated Token's Period
|
339
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] token_policies: Generated Token's Policies
|
340
|
+
:param pulumi.Input[builtins.int] token_ttl: The initial ttl of the token to generate in seconds
|
341
|
+
:param pulumi.Input[builtins.str] token_type: The type of token to generate, service or batch
|
341
342
|
"""
|
342
343
|
if alias_name_source is not None:
|
343
344
|
pulumi.set(__self__, "alias_name_source", alias_name_source)
|
@@ -374,7 +375,7 @@ class _AuthBackendRoleState:
|
|
374
375
|
|
375
376
|
@property
|
376
377
|
@pulumi.getter(name="aliasNameSource")
|
377
|
-
def alias_name_source(self) -> Optional[pulumi.Input[str]]:
|
378
|
+
def alias_name_source(self) -> Optional[pulumi.Input[builtins.str]]:
|
378
379
|
"""
|
379
380
|
Configures how identity aliases are generated.
|
380
381
|
Valid choices are: `serviceaccount_uid`, `serviceaccount_name`. (vault-1.9+)
|
@@ -382,12 +383,12 @@ class _AuthBackendRoleState:
|
|
382
383
|
return pulumi.get(self, "alias_name_source")
|
383
384
|
|
384
385
|
@alias_name_source.setter
|
385
|
-
def alias_name_source(self, value: Optional[pulumi.Input[str]]):
|
386
|
+
def alias_name_source(self, value: Optional[pulumi.Input[builtins.str]]):
|
386
387
|
pulumi.set(self, "alias_name_source", value)
|
387
388
|
|
388
389
|
@property
|
389
390
|
@pulumi.getter
|
390
|
-
def audience(self) -> Optional[pulumi.Input[str]]:
|
391
|
+
def audience(self) -> Optional[pulumi.Input[builtins.str]]:
|
391
392
|
"""
|
392
393
|
Audience claim to verify in the JWT.
|
393
394
|
|
@@ -398,48 +399,48 @@ class _AuthBackendRoleState:
|
|
398
399
|
return pulumi.get(self, "audience")
|
399
400
|
|
400
401
|
@audience.setter
|
401
|
-
def audience(self, value: Optional[pulumi.Input[str]]):
|
402
|
+
def audience(self, value: Optional[pulumi.Input[builtins.str]]):
|
402
403
|
pulumi.set(self, "audience", value)
|
403
404
|
|
404
405
|
@property
|
405
406
|
@pulumi.getter
|
406
|
-
def backend(self) -> Optional[pulumi.Input[str]]:
|
407
|
+
def backend(self) -> Optional[pulumi.Input[builtins.str]]:
|
407
408
|
"""
|
408
409
|
Unique name of the kubernetes backend to configure.
|
409
410
|
"""
|
410
411
|
return pulumi.get(self, "backend")
|
411
412
|
|
412
413
|
@backend.setter
|
413
|
-
def backend(self, value: Optional[pulumi.Input[str]]):
|
414
|
+
def backend(self, value: Optional[pulumi.Input[builtins.str]]):
|
414
415
|
pulumi.set(self, "backend", value)
|
415
416
|
|
416
417
|
@property
|
417
418
|
@pulumi.getter(name="boundServiceAccountNames")
|
418
|
-
def bound_service_account_names(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
419
|
+
def bound_service_account_names(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
419
420
|
"""
|
420
421
|
List of service account names able to access this role. If set to `["*"]` all names are allowed, both this and bound_service_account_namespaces can not be "*".
|
421
422
|
"""
|
422
423
|
return pulumi.get(self, "bound_service_account_names")
|
423
424
|
|
424
425
|
@bound_service_account_names.setter
|
425
|
-
def bound_service_account_names(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
426
|
+
def bound_service_account_names(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
426
427
|
pulumi.set(self, "bound_service_account_names", value)
|
427
428
|
|
428
429
|
@property
|
429
430
|
@pulumi.getter(name="boundServiceAccountNamespaces")
|
430
|
-
def bound_service_account_namespaces(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
431
|
+
def bound_service_account_namespaces(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
431
432
|
"""
|
432
433
|
List of namespaces allowed to access this role. If set to `["*"]` all namespaces are allowed, both this and bound_service_account_names can not be set to "*".
|
433
434
|
"""
|
434
435
|
return pulumi.get(self, "bound_service_account_namespaces")
|
435
436
|
|
436
437
|
@bound_service_account_namespaces.setter
|
437
|
-
def bound_service_account_namespaces(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
438
|
+
def bound_service_account_namespaces(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
438
439
|
pulumi.set(self, "bound_service_account_namespaces", value)
|
439
440
|
|
440
441
|
@property
|
441
442
|
@pulumi.getter
|
442
|
-
def namespace(self) -> Optional[pulumi.Input[str]]:
|
443
|
+
def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
|
443
444
|
"""
|
444
445
|
The namespace to provision the resource in.
|
445
446
|
The value should not contain leading or trailing forward slashes.
|
@@ -449,127 +450,127 @@ class _AuthBackendRoleState:
|
|
449
450
|
return pulumi.get(self, "namespace")
|
450
451
|
|
451
452
|
@namespace.setter
|
452
|
-
def namespace(self, value: Optional[pulumi.Input[str]]):
|
453
|
+
def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
|
453
454
|
pulumi.set(self, "namespace", value)
|
454
455
|
|
455
456
|
@property
|
456
457
|
@pulumi.getter(name="roleName")
|
457
|
-
def role_name(self) -> Optional[pulumi.Input[str]]:
|
458
|
+
def role_name(self) -> Optional[pulumi.Input[builtins.str]]:
|
458
459
|
"""
|
459
460
|
Name of the role.
|
460
461
|
"""
|
461
462
|
return pulumi.get(self, "role_name")
|
462
463
|
|
463
464
|
@role_name.setter
|
464
|
-
def role_name(self, value: Optional[pulumi.Input[str]]):
|
465
|
+
def role_name(self, value: Optional[pulumi.Input[builtins.str]]):
|
465
466
|
pulumi.set(self, "role_name", value)
|
466
467
|
|
467
468
|
@property
|
468
469
|
@pulumi.getter(name="tokenBoundCidrs")
|
469
|
-
def token_bound_cidrs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
470
|
+
def token_bound_cidrs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
470
471
|
"""
|
471
472
|
Specifies the blocks of IP addresses which are allowed to use the generated token
|
472
473
|
"""
|
473
474
|
return pulumi.get(self, "token_bound_cidrs")
|
474
475
|
|
475
476
|
@token_bound_cidrs.setter
|
476
|
-
def token_bound_cidrs(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
477
|
+
def token_bound_cidrs(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
477
478
|
pulumi.set(self, "token_bound_cidrs", value)
|
478
479
|
|
479
480
|
@property
|
480
481
|
@pulumi.getter(name="tokenExplicitMaxTtl")
|
481
|
-
def token_explicit_max_ttl(self) -> Optional[pulumi.Input[int]]:
|
482
|
+
def token_explicit_max_ttl(self) -> Optional[pulumi.Input[builtins.int]]:
|
482
483
|
"""
|
483
484
|
Generated Token's Explicit Maximum TTL in seconds
|
484
485
|
"""
|
485
486
|
return pulumi.get(self, "token_explicit_max_ttl")
|
486
487
|
|
487
488
|
@token_explicit_max_ttl.setter
|
488
|
-
def token_explicit_max_ttl(self, value: Optional[pulumi.Input[int]]):
|
489
|
+
def token_explicit_max_ttl(self, value: Optional[pulumi.Input[builtins.int]]):
|
489
490
|
pulumi.set(self, "token_explicit_max_ttl", value)
|
490
491
|
|
491
492
|
@property
|
492
493
|
@pulumi.getter(name="tokenMaxTtl")
|
493
|
-
def token_max_ttl(self) -> Optional[pulumi.Input[int]]:
|
494
|
+
def token_max_ttl(self) -> Optional[pulumi.Input[builtins.int]]:
|
494
495
|
"""
|
495
496
|
The maximum lifetime of the generated token
|
496
497
|
"""
|
497
498
|
return pulumi.get(self, "token_max_ttl")
|
498
499
|
|
499
500
|
@token_max_ttl.setter
|
500
|
-
def token_max_ttl(self, value: Optional[pulumi.Input[int]]):
|
501
|
+
def token_max_ttl(self, value: Optional[pulumi.Input[builtins.int]]):
|
501
502
|
pulumi.set(self, "token_max_ttl", value)
|
502
503
|
|
503
504
|
@property
|
504
505
|
@pulumi.getter(name="tokenNoDefaultPolicy")
|
505
|
-
def token_no_default_policy(self) -> Optional[pulumi.Input[bool]]:
|
506
|
+
def token_no_default_policy(self) -> Optional[pulumi.Input[builtins.bool]]:
|
506
507
|
"""
|
507
508
|
If true, the 'default' policy will not automatically be added to generated tokens
|
508
509
|
"""
|
509
510
|
return pulumi.get(self, "token_no_default_policy")
|
510
511
|
|
511
512
|
@token_no_default_policy.setter
|
512
|
-
def token_no_default_policy(self, value: Optional[pulumi.Input[bool]]):
|
513
|
+
def token_no_default_policy(self, value: Optional[pulumi.Input[builtins.bool]]):
|
513
514
|
pulumi.set(self, "token_no_default_policy", value)
|
514
515
|
|
515
516
|
@property
|
516
517
|
@pulumi.getter(name="tokenNumUses")
|
517
|
-
def token_num_uses(self) -> Optional[pulumi.Input[int]]:
|
518
|
+
def token_num_uses(self) -> Optional[pulumi.Input[builtins.int]]:
|
518
519
|
"""
|
519
520
|
The maximum number of times a token may be used, a value of zero means unlimited
|
520
521
|
"""
|
521
522
|
return pulumi.get(self, "token_num_uses")
|
522
523
|
|
523
524
|
@token_num_uses.setter
|
524
|
-
def token_num_uses(self, value: Optional[pulumi.Input[int]]):
|
525
|
+
def token_num_uses(self, value: Optional[pulumi.Input[builtins.int]]):
|
525
526
|
pulumi.set(self, "token_num_uses", value)
|
526
527
|
|
527
528
|
@property
|
528
529
|
@pulumi.getter(name="tokenPeriod")
|
529
|
-
def token_period(self) -> Optional[pulumi.Input[int]]:
|
530
|
+
def token_period(self) -> Optional[pulumi.Input[builtins.int]]:
|
530
531
|
"""
|
531
532
|
Generated Token's Period
|
532
533
|
"""
|
533
534
|
return pulumi.get(self, "token_period")
|
534
535
|
|
535
536
|
@token_period.setter
|
536
|
-
def token_period(self, value: Optional[pulumi.Input[int]]):
|
537
|
+
def token_period(self, value: Optional[pulumi.Input[builtins.int]]):
|
537
538
|
pulumi.set(self, "token_period", value)
|
538
539
|
|
539
540
|
@property
|
540
541
|
@pulumi.getter(name="tokenPolicies")
|
541
|
-
def token_policies(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
542
|
+
def token_policies(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
542
543
|
"""
|
543
544
|
Generated Token's Policies
|
544
545
|
"""
|
545
546
|
return pulumi.get(self, "token_policies")
|
546
547
|
|
547
548
|
@token_policies.setter
|
548
|
-
def token_policies(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
549
|
+
def token_policies(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
549
550
|
pulumi.set(self, "token_policies", value)
|
550
551
|
|
551
552
|
@property
|
552
553
|
@pulumi.getter(name="tokenTtl")
|
553
|
-
def token_ttl(self) -> Optional[pulumi.Input[int]]:
|
554
|
+
def token_ttl(self) -> Optional[pulumi.Input[builtins.int]]:
|
554
555
|
"""
|
555
556
|
The initial ttl of the token to generate in seconds
|
556
557
|
"""
|
557
558
|
return pulumi.get(self, "token_ttl")
|
558
559
|
|
559
560
|
@token_ttl.setter
|
560
|
-
def token_ttl(self, value: Optional[pulumi.Input[int]]):
|
561
|
+
def token_ttl(self, value: Optional[pulumi.Input[builtins.int]]):
|
561
562
|
pulumi.set(self, "token_ttl", value)
|
562
563
|
|
563
564
|
@property
|
564
565
|
@pulumi.getter(name="tokenType")
|
565
|
-
def token_type(self) -> Optional[pulumi.Input[str]]:
|
566
|
+
def token_type(self) -> Optional[pulumi.Input[builtins.str]]:
|
566
567
|
"""
|
567
568
|
The type of token to generate, service or batch
|
568
569
|
"""
|
569
570
|
return pulumi.get(self, "token_type")
|
570
571
|
|
571
572
|
@token_type.setter
|
572
|
-
def token_type(self, value: Optional[pulumi.Input[str]]):
|
573
|
+
def token_type(self, value: Optional[pulumi.Input[builtins.str]]):
|
573
574
|
pulumi.set(self, "token_type", value)
|
574
575
|
|
575
576
|
|
@@ -578,22 +579,22 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
578
579
|
def __init__(__self__,
|
579
580
|
resource_name: str,
|
580
581
|
opts: Optional[pulumi.ResourceOptions] = None,
|
581
|
-
alias_name_source: Optional[pulumi.Input[str]] = None,
|
582
|
-
audience: Optional[pulumi.Input[str]] = None,
|
583
|
-
backend: Optional[pulumi.Input[str]] = None,
|
584
|
-
bound_service_account_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
585
|
-
bound_service_account_namespaces: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
586
|
-
namespace: Optional[pulumi.Input[str]] = None,
|
587
|
-
role_name: Optional[pulumi.Input[str]] = None,
|
588
|
-
token_bound_cidrs: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
589
|
-
token_explicit_max_ttl: Optional[pulumi.Input[int]] = None,
|
590
|
-
token_max_ttl: Optional[pulumi.Input[int]] = None,
|
591
|
-
token_no_default_policy: Optional[pulumi.Input[bool]] = None,
|
592
|
-
token_num_uses: Optional[pulumi.Input[int]] = None,
|
593
|
-
token_period: Optional[pulumi.Input[int]] = None,
|
594
|
-
token_policies: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
595
|
-
token_ttl: Optional[pulumi.Input[int]] = None,
|
596
|
-
token_type: Optional[pulumi.Input[str]] = None,
|
582
|
+
alias_name_source: Optional[pulumi.Input[builtins.str]] = None,
|
583
|
+
audience: Optional[pulumi.Input[builtins.str]] = None,
|
584
|
+
backend: Optional[pulumi.Input[builtins.str]] = None,
|
585
|
+
bound_service_account_names: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
586
|
+
bound_service_account_namespaces: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
587
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
588
|
+
role_name: Optional[pulumi.Input[builtins.str]] = None,
|
589
|
+
token_bound_cidrs: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
590
|
+
token_explicit_max_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
591
|
+
token_max_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
592
|
+
token_no_default_policy: Optional[pulumi.Input[builtins.bool]] = None,
|
593
|
+
token_num_uses: Optional[pulumi.Input[builtins.int]] = None,
|
594
|
+
token_period: Optional[pulumi.Input[builtins.int]] = None,
|
595
|
+
token_policies: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
596
|
+
token_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
597
|
+
token_type: Optional[pulumi.Input[builtins.str]] = None,
|
597
598
|
__props__=None):
|
598
599
|
"""
|
599
600
|
Manages an Kubernetes auth backend role in a Vault server. See the [Vault
|
@@ -631,30 +632,30 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
631
632
|
|
632
633
|
:param str resource_name: The name of the resource.
|
633
634
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
634
|
-
:param pulumi.Input[str] alias_name_source: Configures how identity aliases are generated.
|
635
|
+
:param pulumi.Input[builtins.str] alias_name_source: Configures how identity aliases are generated.
|
635
636
|
Valid choices are: `serviceaccount_uid`, `serviceaccount_name`. (vault-1.9+)
|
636
|
-
:param pulumi.Input[str] audience: Audience claim to verify in the JWT.
|
637
|
+
:param pulumi.Input[builtins.str] audience: Audience claim to verify in the JWT.
|
637
638
|
|
638
639
|
> Please see [alias_name_source](https://www.vaultproject.io/api-docs/auth/kubernetes#alias_name_source)
|
639
640
|
before setting this to something other its default value. There are **important** security
|
640
641
|
implications to be aware of.
|
641
|
-
:param pulumi.Input[str] backend: Unique name of the kubernetes backend to configure.
|
642
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] bound_service_account_names: List of service account names able to access this role. If set to `["*"]` all names are allowed, both this and bound_service_account_namespaces can not be "*".
|
643
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] bound_service_account_namespaces: List of namespaces allowed to access this role. If set to `["*"]` all namespaces are allowed, both this and bound_service_account_names can not be set to "*".
|
644
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
642
|
+
:param pulumi.Input[builtins.str] backend: Unique name of the kubernetes backend to configure.
|
643
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] bound_service_account_names: List of service account names able to access this role. If set to `["*"]` all names are allowed, both this and bound_service_account_namespaces can not be "*".
|
644
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] bound_service_account_namespaces: List of namespaces allowed to access this role. If set to `["*"]` all namespaces are allowed, both this and bound_service_account_names can not be set to "*".
|
645
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
645
646
|
The value should not contain leading or trailing forward slashes.
|
646
647
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
647
648
|
*Available only for Vault Enterprise*.
|
648
|
-
:param pulumi.Input[str] role_name: Name of the role.
|
649
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
|
650
|
-
:param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
|
651
|
-
:param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
|
652
|
-
:param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
|
653
|
-
:param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
|
654
|
-
:param pulumi.Input[int] token_period: Generated Token's Period
|
655
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
|
656
|
-
:param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
|
657
|
-
:param pulumi.Input[str] token_type: The type of token to generate, service or batch
|
649
|
+
:param pulumi.Input[builtins.str] role_name: Name of the role.
|
650
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
|
651
|
+
:param pulumi.Input[builtins.int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
|
652
|
+
:param pulumi.Input[builtins.int] token_max_ttl: The maximum lifetime of the generated token
|
653
|
+
:param pulumi.Input[builtins.bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
|
654
|
+
:param pulumi.Input[builtins.int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
|
655
|
+
:param pulumi.Input[builtins.int] token_period: Generated Token's Period
|
656
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] token_policies: Generated Token's Policies
|
657
|
+
:param pulumi.Input[builtins.int] token_ttl: The initial ttl of the token to generate in seconds
|
658
|
+
:param pulumi.Input[builtins.str] token_type: The type of token to generate, service or batch
|
658
659
|
"""
|
659
660
|
...
|
660
661
|
@overload
|
@@ -711,22 +712,22 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
711
712
|
def _internal_init(__self__,
|
712
713
|
resource_name: str,
|
713
714
|
opts: Optional[pulumi.ResourceOptions] = None,
|
714
|
-
alias_name_source: Optional[pulumi.Input[str]] = None,
|
715
|
-
audience: Optional[pulumi.Input[str]] = None,
|
716
|
-
backend: Optional[pulumi.Input[str]] = None,
|
717
|
-
bound_service_account_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
718
|
-
bound_service_account_namespaces: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
719
|
-
namespace: Optional[pulumi.Input[str]] = None,
|
720
|
-
role_name: Optional[pulumi.Input[str]] = None,
|
721
|
-
token_bound_cidrs: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
722
|
-
token_explicit_max_ttl: Optional[pulumi.Input[int]] = None,
|
723
|
-
token_max_ttl: Optional[pulumi.Input[int]] = None,
|
724
|
-
token_no_default_policy: Optional[pulumi.Input[bool]] = None,
|
725
|
-
token_num_uses: Optional[pulumi.Input[int]] = None,
|
726
|
-
token_period: Optional[pulumi.Input[int]] = None,
|
727
|
-
token_policies: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
728
|
-
token_ttl: Optional[pulumi.Input[int]] = None,
|
729
|
-
token_type: Optional[pulumi.Input[str]] = None,
|
715
|
+
alias_name_source: Optional[pulumi.Input[builtins.str]] = None,
|
716
|
+
audience: Optional[pulumi.Input[builtins.str]] = None,
|
717
|
+
backend: Optional[pulumi.Input[builtins.str]] = None,
|
718
|
+
bound_service_account_names: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
719
|
+
bound_service_account_namespaces: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
720
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
721
|
+
role_name: Optional[pulumi.Input[builtins.str]] = None,
|
722
|
+
token_bound_cidrs: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
723
|
+
token_explicit_max_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
724
|
+
token_max_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
725
|
+
token_no_default_policy: Optional[pulumi.Input[builtins.bool]] = None,
|
726
|
+
token_num_uses: Optional[pulumi.Input[builtins.int]] = None,
|
727
|
+
token_period: Optional[pulumi.Input[builtins.int]] = None,
|
728
|
+
token_policies: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
729
|
+
token_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
730
|
+
token_type: Optional[pulumi.Input[builtins.str]] = None,
|
730
731
|
__props__=None):
|
731
732
|
opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
|
732
733
|
if not isinstance(opts, pulumi.ResourceOptions):
|
@@ -768,22 +769,22 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
768
769
|
def get(resource_name: str,
|
769
770
|
id: pulumi.Input[str],
|
770
771
|
opts: Optional[pulumi.ResourceOptions] = None,
|
771
|
-
alias_name_source: Optional[pulumi.Input[str]] = None,
|
772
|
-
audience: Optional[pulumi.Input[str]] = None,
|
773
|
-
backend: Optional[pulumi.Input[str]] = None,
|
774
|
-
bound_service_account_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
775
|
-
bound_service_account_namespaces: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
776
|
-
namespace: Optional[pulumi.Input[str]] = None,
|
777
|
-
role_name: Optional[pulumi.Input[str]] = None,
|
778
|
-
token_bound_cidrs: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
779
|
-
token_explicit_max_ttl: Optional[pulumi.Input[int]] = None,
|
780
|
-
token_max_ttl: Optional[pulumi.Input[int]] = None,
|
781
|
-
token_no_default_policy: Optional[pulumi.Input[bool]] = None,
|
782
|
-
token_num_uses: Optional[pulumi.Input[int]] = None,
|
783
|
-
token_period: Optional[pulumi.Input[int]] = None,
|
784
|
-
token_policies: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
785
|
-
token_ttl: Optional[pulumi.Input[int]] = None,
|
786
|
-
token_type: Optional[pulumi.Input[str]] = None) -> 'AuthBackendRole':
|
772
|
+
alias_name_source: Optional[pulumi.Input[builtins.str]] = None,
|
773
|
+
audience: Optional[pulumi.Input[builtins.str]] = None,
|
774
|
+
backend: Optional[pulumi.Input[builtins.str]] = None,
|
775
|
+
bound_service_account_names: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
776
|
+
bound_service_account_namespaces: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
777
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
778
|
+
role_name: Optional[pulumi.Input[builtins.str]] = None,
|
779
|
+
token_bound_cidrs: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
780
|
+
token_explicit_max_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
781
|
+
token_max_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
782
|
+
token_no_default_policy: Optional[pulumi.Input[builtins.bool]] = None,
|
783
|
+
token_num_uses: Optional[pulumi.Input[builtins.int]] = None,
|
784
|
+
token_period: Optional[pulumi.Input[builtins.int]] = None,
|
785
|
+
token_policies: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
786
|
+
token_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
787
|
+
token_type: Optional[pulumi.Input[builtins.str]] = None) -> 'AuthBackendRole':
|
787
788
|
"""
|
788
789
|
Get an existing AuthBackendRole resource's state with the given name, id, and optional extra
|
789
790
|
properties used to qualify the lookup.
|
@@ -791,30 +792,30 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
791
792
|
:param str resource_name: The unique name of the resulting resource.
|
792
793
|
:param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
|
793
794
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
794
|
-
:param pulumi.Input[str] alias_name_source: Configures how identity aliases are generated.
|
795
|
+
:param pulumi.Input[builtins.str] alias_name_source: Configures how identity aliases are generated.
|
795
796
|
Valid choices are: `serviceaccount_uid`, `serviceaccount_name`. (vault-1.9+)
|
796
|
-
:param pulumi.Input[str] audience: Audience claim to verify in the JWT.
|
797
|
+
:param pulumi.Input[builtins.str] audience: Audience claim to verify in the JWT.
|
797
798
|
|
798
799
|
> Please see [alias_name_source](https://www.vaultproject.io/api-docs/auth/kubernetes#alias_name_source)
|
799
800
|
before setting this to something other its default value. There are **important** security
|
800
801
|
implications to be aware of.
|
801
|
-
:param pulumi.Input[str] backend: Unique name of the kubernetes backend to configure.
|
802
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] bound_service_account_names: List of service account names able to access this role. If set to `["*"]` all names are allowed, both this and bound_service_account_namespaces can not be "*".
|
803
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] bound_service_account_namespaces: List of namespaces allowed to access this role. If set to `["*"]` all namespaces are allowed, both this and bound_service_account_names can not be set to "*".
|
804
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
802
|
+
:param pulumi.Input[builtins.str] backend: Unique name of the kubernetes backend to configure.
|
803
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] bound_service_account_names: List of service account names able to access this role. If set to `["*"]` all names are allowed, both this and bound_service_account_namespaces can not be "*".
|
804
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] bound_service_account_namespaces: List of namespaces allowed to access this role. If set to `["*"]` all namespaces are allowed, both this and bound_service_account_names can not be set to "*".
|
805
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
805
806
|
The value should not contain leading or trailing forward slashes.
|
806
807
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
807
808
|
*Available only for Vault Enterprise*.
|
808
|
-
:param pulumi.Input[str] role_name: Name of the role.
|
809
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
|
810
|
-
:param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
|
811
|
-
:param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
|
812
|
-
:param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
|
813
|
-
:param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
|
814
|
-
:param pulumi.Input[int] token_period: Generated Token's Period
|
815
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
|
816
|
-
:param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
|
817
|
-
:param pulumi.Input[str] token_type: The type of token to generate, service or batch
|
809
|
+
:param pulumi.Input[builtins.str] role_name: Name of the role.
|
810
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
|
811
|
+
:param pulumi.Input[builtins.int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
|
812
|
+
:param pulumi.Input[builtins.int] token_max_ttl: The maximum lifetime of the generated token
|
813
|
+
:param pulumi.Input[builtins.bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
|
814
|
+
:param pulumi.Input[builtins.int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
|
815
|
+
:param pulumi.Input[builtins.int] token_period: Generated Token's Period
|
816
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] token_policies: Generated Token's Policies
|
817
|
+
:param pulumi.Input[builtins.int] token_ttl: The initial ttl of the token to generate in seconds
|
818
|
+
:param pulumi.Input[builtins.str] token_type: The type of token to generate, service or batch
|
818
819
|
"""
|
819
820
|
opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
|
820
821
|
|
@@ -840,7 +841,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
840
841
|
|
841
842
|
@property
|
842
843
|
@pulumi.getter(name="aliasNameSource")
|
843
|
-
def alias_name_source(self) -> pulumi.Output[str]:
|
844
|
+
def alias_name_source(self) -> pulumi.Output[builtins.str]:
|
844
845
|
"""
|
845
846
|
Configures how identity aliases are generated.
|
846
847
|
Valid choices are: `serviceaccount_uid`, `serviceaccount_name`. (vault-1.9+)
|
@@ -849,7 +850,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
849
850
|
|
850
851
|
@property
|
851
852
|
@pulumi.getter
|
852
|
-
def audience(self) -> pulumi.Output[Optional[str]]:
|
853
|
+
def audience(self) -> pulumi.Output[Optional[builtins.str]]:
|
853
854
|
"""
|
854
855
|
Audience claim to verify in the JWT.
|
855
856
|
|
@@ -861,7 +862,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
861
862
|
|
862
863
|
@property
|
863
864
|
@pulumi.getter
|
864
|
-
def backend(self) -> pulumi.Output[Optional[str]]:
|
865
|
+
def backend(self) -> pulumi.Output[Optional[builtins.str]]:
|
865
866
|
"""
|
866
867
|
Unique name of the kubernetes backend to configure.
|
867
868
|
"""
|
@@ -869,7 +870,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
869
870
|
|
870
871
|
@property
|
871
872
|
@pulumi.getter(name="boundServiceAccountNames")
|
872
|
-
def bound_service_account_names(self) -> pulumi.Output[Sequence[str]]:
|
873
|
+
def bound_service_account_names(self) -> pulumi.Output[Sequence[builtins.str]]:
|
873
874
|
"""
|
874
875
|
List of service account names able to access this role. If set to `["*"]` all names are allowed, both this and bound_service_account_namespaces can not be "*".
|
875
876
|
"""
|
@@ -877,7 +878,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
877
878
|
|
878
879
|
@property
|
879
880
|
@pulumi.getter(name="boundServiceAccountNamespaces")
|
880
|
-
def bound_service_account_namespaces(self) -> pulumi.Output[Sequence[str]]:
|
881
|
+
def bound_service_account_namespaces(self) -> pulumi.Output[Sequence[builtins.str]]:
|
881
882
|
"""
|
882
883
|
List of namespaces allowed to access this role. If set to `["*"]` all namespaces are allowed, both this and bound_service_account_names can not be set to "*".
|
883
884
|
"""
|
@@ -885,7 +886,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
885
886
|
|
886
887
|
@property
|
887
888
|
@pulumi.getter
|
888
|
-
def namespace(self) -> pulumi.Output[Optional[str]]:
|
889
|
+
def namespace(self) -> pulumi.Output[Optional[builtins.str]]:
|
889
890
|
"""
|
890
891
|
The namespace to provision the resource in.
|
891
892
|
The value should not contain leading or trailing forward slashes.
|
@@ -896,7 +897,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
896
897
|
|
897
898
|
@property
|
898
899
|
@pulumi.getter(name="roleName")
|
899
|
-
def role_name(self) -> pulumi.Output[str]:
|
900
|
+
def role_name(self) -> pulumi.Output[builtins.str]:
|
900
901
|
"""
|
901
902
|
Name of the role.
|
902
903
|
"""
|
@@ -904,7 +905,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
904
905
|
|
905
906
|
@property
|
906
907
|
@pulumi.getter(name="tokenBoundCidrs")
|
907
|
-
def token_bound_cidrs(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
908
|
+
def token_bound_cidrs(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
|
908
909
|
"""
|
909
910
|
Specifies the blocks of IP addresses which are allowed to use the generated token
|
910
911
|
"""
|
@@ -912,7 +913,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
912
913
|
|
913
914
|
@property
|
914
915
|
@pulumi.getter(name="tokenExplicitMaxTtl")
|
915
|
-
def token_explicit_max_ttl(self) -> pulumi.Output[Optional[int]]:
|
916
|
+
def token_explicit_max_ttl(self) -> pulumi.Output[Optional[builtins.int]]:
|
916
917
|
"""
|
917
918
|
Generated Token's Explicit Maximum TTL in seconds
|
918
919
|
"""
|
@@ -920,7 +921,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
920
921
|
|
921
922
|
@property
|
922
923
|
@pulumi.getter(name="tokenMaxTtl")
|
923
|
-
def token_max_ttl(self) -> pulumi.Output[Optional[int]]:
|
924
|
+
def token_max_ttl(self) -> pulumi.Output[Optional[builtins.int]]:
|
924
925
|
"""
|
925
926
|
The maximum lifetime of the generated token
|
926
927
|
"""
|
@@ -928,7 +929,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
928
929
|
|
929
930
|
@property
|
930
931
|
@pulumi.getter(name="tokenNoDefaultPolicy")
|
931
|
-
def token_no_default_policy(self) -> pulumi.Output[Optional[bool]]:
|
932
|
+
def token_no_default_policy(self) -> pulumi.Output[Optional[builtins.bool]]:
|
932
933
|
"""
|
933
934
|
If true, the 'default' policy will not automatically be added to generated tokens
|
934
935
|
"""
|
@@ -936,7 +937,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
936
937
|
|
937
938
|
@property
|
938
939
|
@pulumi.getter(name="tokenNumUses")
|
939
|
-
def token_num_uses(self) -> pulumi.Output[Optional[int]]:
|
940
|
+
def token_num_uses(self) -> pulumi.Output[Optional[builtins.int]]:
|
940
941
|
"""
|
941
942
|
The maximum number of times a token may be used, a value of zero means unlimited
|
942
943
|
"""
|
@@ -944,7 +945,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
944
945
|
|
945
946
|
@property
|
946
947
|
@pulumi.getter(name="tokenPeriod")
|
947
|
-
def token_period(self) -> pulumi.Output[Optional[int]]:
|
948
|
+
def token_period(self) -> pulumi.Output[Optional[builtins.int]]:
|
948
949
|
"""
|
949
950
|
Generated Token's Period
|
950
951
|
"""
|
@@ -952,7 +953,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
952
953
|
|
953
954
|
@property
|
954
955
|
@pulumi.getter(name="tokenPolicies")
|
955
|
-
def token_policies(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
956
|
+
def token_policies(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
|
956
957
|
"""
|
957
958
|
Generated Token's Policies
|
958
959
|
"""
|
@@ -960,7 +961,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
960
961
|
|
961
962
|
@property
|
962
963
|
@pulumi.getter(name="tokenTtl")
|
963
|
-
def token_ttl(self) -> pulumi.Output[Optional[int]]:
|
964
|
+
def token_ttl(self) -> pulumi.Output[Optional[builtins.int]]:
|
964
965
|
"""
|
965
966
|
The initial ttl of the token to generate in seconds
|
966
967
|
"""
|
@@ -968,7 +969,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
968
969
|
|
969
970
|
@property
|
970
971
|
@pulumi.getter(name="tokenType")
|
971
|
-
def token_type(self) -> pulumi.Output[Optional[str]]:
|
972
|
+
def token_type(self) -> pulumi.Output[Optional[builtins.str]]:
|
972
973
|
"""
|
973
974
|
The type of token to generate, service or batch
|
974
975
|
"""
|