pulumi-vault 6.6.0a1741415971__py3-none-any.whl → 6.7.0__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +9 -0
- pulumi_vault/_inputs.py +583 -562
- pulumi_vault/ad/__init__.py +1 -0
- pulumi_vault/ad/get_access_credentials.py +20 -19
- pulumi_vault/ad/secret_backend.py +477 -476
- pulumi_vault/ad/secret_library.py +99 -98
- pulumi_vault/ad/secret_role.py +85 -84
- pulumi_vault/alicloud/__init__.py +1 -0
- pulumi_vault/alicloud/auth_backend_role.py +183 -182
- pulumi_vault/approle/__init__.py +1 -0
- pulumi_vault/approle/auth_backend_login.py +106 -105
- pulumi_vault/approle/auth_backend_role.py +239 -238
- pulumi_vault/approle/auth_backend_role_secret_id.py +162 -161
- pulumi_vault/approle/get_auth_backend_role_id.py +18 -17
- pulumi_vault/audit.py +85 -84
- pulumi_vault/audit_request_header.py +43 -42
- pulumi_vault/auth_backend.py +106 -105
- pulumi_vault/aws/__init__.py +1 -0
- pulumi_vault/aws/auth_backend_cert.py +71 -70
- pulumi_vault/aws/auth_backend_client.py +425 -200
- pulumi_vault/aws/auth_backend_config_identity.py +85 -84
- pulumi_vault/aws/auth_backend_identity_whitelist.py +57 -56
- pulumi_vault/aws/auth_backend_login.py +209 -208
- pulumi_vault/aws/auth_backend_role.py +400 -399
- pulumi_vault/aws/auth_backend_role_tag.py +127 -126
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +57 -56
- pulumi_vault/aws/auth_backend_sts_role.py +71 -70
- pulumi_vault/aws/get_access_credentials.py +44 -43
- pulumi_vault/aws/get_static_access_credentials.py +13 -12
- pulumi_vault/aws/secret_backend.py +523 -306
- pulumi_vault/aws/secret_backend_role.py +211 -210
- pulumi_vault/aws/secret_backend_static_role.py +288 -70
- pulumi_vault/azure/__init__.py +1 -0
- pulumi_vault/azure/_inputs.py +21 -20
- pulumi_vault/azure/auth_backend_config.py +383 -130
- pulumi_vault/azure/auth_backend_role.py +253 -252
- pulumi_vault/azure/backend.py +432 -186
- pulumi_vault/azure/backend_role.py +188 -140
- pulumi_vault/azure/get_access_credentials.py +58 -57
- pulumi_vault/azure/outputs.py +11 -10
- pulumi_vault/cert_auth_backend_role.py +365 -364
- pulumi_vault/config/__init__.py +1 -0
- pulumi_vault/config/__init__.pyi +1 -0
- pulumi_vault/config/_inputs.py +11 -10
- pulumi_vault/config/outputs.py +287 -286
- pulumi_vault/config/ui_custom_message.py +113 -112
- pulumi_vault/config/vars.py +1 -0
- pulumi_vault/consul/__init__.py +1 -0
- pulumi_vault/consul/secret_backend.py +197 -196
- pulumi_vault/consul/secret_backend_role.py +183 -182
- pulumi_vault/database/__init__.py +1 -0
- pulumi_vault/database/_inputs.py +3857 -2200
- pulumi_vault/database/outputs.py +2483 -1330
- pulumi_vault/database/secret_backend_connection.py +333 -112
- pulumi_vault/database/secret_backend_role.py +169 -168
- pulumi_vault/database/secret_backend_static_role.py +283 -140
- pulumi_vault/database/secrets_mount.py +275 -266
- pulumi_vault/egp_policy.py +71 -70
- pulumi_vault/gcp/__init__.py +1 -0
- pulumi_vault/gcp/_inputs.py +82 -81
- pulumi_vault/gcp/auth_backend.py +426 -205
- pulumi_vault/gcp/auth_backend_role.py +281 -280
- pulumi_vault/gcp/get_auth_backend_role.py +70 -69
- pulumi_vault/gcp/outputs.py +50 -49
- pulumi_vault/gcp/secret_backend.py +420 -179
- pulumi_vault/gcp/secret_impersonated_account.py +92 -91
- pulumi_vault/gcp/secret_roleset.py +92 -91
- pulumi_vault/gcp/secret_static_account.py +92 -91
- pulumi_vault/generic/__init__.py +1 -0
- pulumi_vault/generic/endpoint.py +113 -112
- pulumi_vault/generic/get_secret.py +28 -27
- pulumi_vault/generic/secret.py +78 -77
- pulumi_vault/get_auth_backend.py +19 -18
- pulumi_vault/get_auth_backends.py +14 -13
- pulumi_vault/get_namespace.py +15 -14
- pulumi_vault/get_namespaces.py +68 -18
- pulumi_vault/get_nomad_access_token.py +19 -18
- pulumi_vault/get_policy_document.py +6 -5
- pulumi_vault/get_raft_autopilot_state.py +18 -17
- pulumi_vault/github/__init__.py +1 -0
- pulumi_vault/github/_inputs.py +42 -41
- pulumi_vault/github/auth_backend.py +232 -231
- pulumi_vault/github/outputs.py +26 -25
- pulumi_vault/github/team.py +57 -56
- pulumi_vault/github/user.py +57 -56
- pulumi_vault/identity/__init__.py +1 -0
- pulumi_vault/identity/entity.py +85 -84
- pulumi_vault/identity/entity_alias.py +71 -70
- pulumi_vault/identity/entity_policies.py +64 -63
- pulumi_vault/identity/get_entity.py +43 -42
- pulumi_vault/identity/get_group.py +50 -49
- pulumi_vault/identity/get_oidc_client_creds.py +14 -13
- pulumi_vault/identity/get_oidc_openid_config.py +24 -23
- pulumi_vault/identity/get_oidc_public_keys.py +13 -12
- pulumi_vault/identity/group.py +141 -140
- pulumi_vault/identity/group_alias.py +57 -56
- pulumi_vault/identity/group_member_entity_ids.py +57 -56
- pulumi_vault/identity/group_member_group_ids.py +57 -56
- pulumi_vault/identity/group_policies.py +64 -63
- pulumi_vault/identity/mfa_duo.py +148 -147
- pulumi_vault/identity/mfa_login_enforcement.py +120 -119
- pulumi_vault/identity/mfa_okta.py +134 -133
- pulumi_vault/identity/mfa_pingid.py +127 -126
- pulumi_vault/identity/mfa_totp.py +176 -175
- pulumi_vault/identity/oidc.py +29 -28
- pulumi_vault/identity/oidc_assignment.py +57 -56
- pulumi_vault/identity/oidc_client.py +127 -126
- pulumi_vault/identity/oidc_key.py +85 -84
- pulumi_vault/identity/oidc_key_allowed_client_id.py +43 -42
- pulumi_vault/identity/oidc_provider.py +92 -91
- pulumi_vault/identity/oidc_role.py +85 -84
- pulumi_vault/identity/oidc_scope.py +57 -56
- pulumi_vault/identity/outputs.py +32 -31
- pulumi_vault/jwt/__init__.py +1 -0
- pulumi_vault/jwt/_inputs.py +42 -41
- pulumi_vault/jwt/auth_backend.py +288 -287
- pulumi_vault/jwt/auth_backend_role.py +407 -406
- pulumi_vault/jwt/outputs.py +26 -25
- pulumi_vault/kmip/__init__.py +1 -0
- pulumi_vault/kmip/secret_backend.py +183 -182
- pulumi_vault/kmip/secret_role.py +295 -294
- pulumi_vault/kmip/secret_scope.py +57 -56
- pulumi_vault/kubernetes/__init__.py +1 -0
- pulumi_vault/kubernetes/auth_backend_config.py +141 -140
- pulumi_vault/kubernetes/auth_backend_role.py +225 -224
- pulumi_vault/kubernetes/get_auth_backend_config.py +47 -46
- pulumi_vault/kubernetes/get_auth_backend_role.py +70 -69
- pulumi_vault/kubernetes/get_service_account_token.py +38 -37
- pulumi_vault/kubernetes/secret_backend.py +316 -315
- pulumi_vault/kubernetes/secret_backend_role.py +197 -196
- pulumi_vault/kv/__init__.py +1 -0
- pulumi_vault/kv/_inputs.py +21 -20
- pulumi_vault/kv/get_secret.py +17 -16
- pulumi_vault/kv/get_secret_subkeys_v2.py +30 -29
- pulumi_vault/kv/get_secret_v2.py +29 -28
- pulumi_vault/kv/get_secrets_list.py +13 -12
- pulumi_vault/kv/get_secrets_list_v2.py +19 -18
- pulumi_vault/kv/outputs.py +13 -12
- pulumi_vault/kv/secret.py +50 -49
- pulumi_vault/kv/secret_backend_v2.py +71 -70
- pulumi_vault/kv/secret_v2.py +134 -133
- pulumi_vault/ldap/__init__.py +1 -0
- pulumi_vault/ldap/auth_backend.py +754 -533
- pulumi_vault/ldap/auth_backend_group.py +57 -56
- pulumi_vault/ldap/auth_backend_user.py +71 -70
- pulumi_vault/ldap/get_dynamic_credentials.py +17 -16
- pulumi_vault/ldap/get_static_credentials.py +18 -17
- pulumi_vault/ldap/secret_backend.py +720 -499
- pulumi_vault/ldap/secret_backend_dynamic_role.py +127 -126
- pulumi_vault/ldap/secret_backend_library_set.py +99 -98
- pulumi_vault/ldap/secret_backend_static_role.py +99 -98
- pulumi_vault/managed/__init__.py +1 -0
- pulumi_vault/managed/_inputs.py +229 -228
- pulumi_vault/managed/keys.py +15 -14
- pulumi_vault/managed/outputs.py +139 -138
- pulumi_vault/mfa_duo.py +113 -112
- pulumi_vault/mfa_okta.py +113 -112
- pulumi_vault/mfa_pingid.py +120 -119
- pulumi_vault/mfa_totp.py +127 -126
- pulumi_vault/mongodbatlas/__init__.py +1 -0
- pulumi_vault/mongodbatlas/secret_backend.py +64 -63
- pulumi_vault/mongodbatlas/secret_role.py +155 -154
- pulumi_vault/mount.py +274 -273
- pulumi_vault/namespace.py +64 -63
- pulumi_vault/nomad_secret_backend.py +211 -210
- pulumi_vault/nomad_secret_role.py +85 -84
- pulumi_vault/okta/__init__.py +1 -0
- pulumi_vault/okta/_inputs.py +26 -25
- pulumi_vault/okta/auth_backend.py +274 -273
- pulumi_vault/okta/auth_backend_group.py +57 -56
- pulumi_vault/okta/auth_backend_user.py +71 -70
- pulumi_vault/okta/outputs.py +16 -15
- pulumi_vault/outputs.py +73 -60
- pulumi_vault/password_policy.py +43 -42
- pulumi_vault/pkisecret/__init__.py +3 -0
- pulumi_vault/pkisecret/_inputs.py +31 -36
- pulumi_vault/pkisecret/backend_acme_eab.py +92 -91
- pulumi_vault/pkisecret/backend_config_acme.py +174 -126
- pulumi_vault/pkisecret/backend_config_auto_tidy.py +1377 -0
- pulumi_vault/pkisecret/backend_config_cluster.py +57 -56
- pulumi_vault/pkisecret/backend_config_cmpv2.py +152 -104
- pulumi_vault/pkisecret/backend_config_est.py +120 -119
- pulumi_vault/pkisecret/get_backend_cert_metadata.py +278 -0
- pulumi_vault/pkisecret/get_backend_config_cmpv2.py +35 -17
- pulumi_vault/pkisecret/get_backend_config_est.py +19 -18
- pulumi_vault/pkisecret/get_backend_issuer.py +139 -25
- pulumi_vault/pkisecret/get_backend_issuers.py +15 -14
- pulumi_vault/pkisecret/get_backend_key.py +20 -19
- pulumi_vault/pkisecret/get_backend_keys.py +15 -14
- pulumi_vault/pkisecret/outputs.py +28 -31
- pulumi_vault/pkisecret/secret_backend_cert.py +439 -297
- pulumi_vault/pkisecret/secret_backend_config_ca.py +43 -42
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +57 -56
- pulumi_vault/pkisecret/secret_backend_config_urls.py +85 -84
- pulumi_vault/pkisecret/secret_backend_crl_config.py +237 -182
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +520 -378
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +57 -56
- pulumi_vault/pkisecret/secret_backend_issuer.py +441 -175
- pulumi_vault/pkisecret/secret_backend_key.py +120 -119
- pulumi_vault/pkisecret/secret_backend_role.py +894 -644
- pulumi_vault/pkisecret/secret_backend_root_cert.py +851 -427
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +936 -357
- pulumi_vault/pkisecret/secret_backend_sign.py +347 -252
- pulumi_vault/plugin.py +127 -126
- pulumi_vault/plugin_pinned_version.py +43 -42
- pulumi_vault/policy.py +43 -42
- pulumi_vault/provider.py +120 -119
- pulumi_vault/pulumi-plugin.json +1 -1
- pulumi_vault/quota_lease_count.py +85 -84
- pulumi_vault/quota_rate_limit.py +113 -112
- pulumi_vault/rabbitmq/__init__.py +1 -0
- pulumi_vault/rabbitmq/_inputs.py +41 -40
- pulumi_vault/rabbitmq/outputs.py +25 -24
- pulumi_vault/rabbitmq/secret_backend.py +169 -168
- pulumi_vault/rabbitmq/secret_backend_role.py +57 -56
- pulumi_vault/raft_autopilot.py +113 -112
- pulumi_vault/raft_snapshot_agent_config.py +393 -392
- pulumi_vault/rgp_policy.py +57 -56
- pulumi_vault/saml/__init__.py +1 -0
- pulumi_vault/saml/auth_backend.py +155 -154
- pulumi_vault/saml/auth_backend_role.py +239 -238
- pulumi_vault/secrets/__init__.py +1 -0
- pulumi_vault/secrets/_inputs.py +16 -15
- pulumi_vault/secrets/outputs.py +10 -9
- pulumi_vault/secrets/sync_association.py +71 -70
- pulumi_vault/secrets/sync_aws_destination.py +148 -147
- pulumi_vault/secrets/sync_azure_destination.py +148 -147
- pulumi_vault/secrets/sync_config.py +43 -42
- pulumi_vault/secrets/sync_gcp_destination.py +106 -105
- pulumi_vault/secrets/sync_gh_destination.py +134 -133
- pulumi_vault/secrets/sync_github_apps.py +64 -63
- pulumi_vault/secrets/sync_vercel_destination.py +120 -119
- pulumi_vault/ssh/__init__.py +2 -0
- pulumi_vault/ssh/_inputs.py +11 -10
- pulumi_vault/ssh/get_secret_backend_sign.py +295 -0
- pulumi_vault/ssh/outputs.py +7 -6
- pulumi_vault/ssh/secret_backend_ca.py +99 -98
- pulumi_vault/ssh/secret_backend_role.py +365 -364
- pulumi_vault/terraformcloud/__init__.py +1 -0
- pulumi_vault/terraformcloud/secret_backend.py +111 -110
- pulumi_vault/terraformcloud/secret_creds.py +74 -73
- pulumi_vault/terraformcloud/secret_role.py +96 -95
- pulumi_vault/token.py +246 -245
- pulumi_vault/tokenauth/__init__.py +1 -0
- pulumi_vault/tokenauth/auth_backend_role.py +267 -266
- pulumi_vault/transform/__init__.py +1 -0
- pulumi_vault/transform/alphabet.py +57 -56
- pulumi_vault/transform/get_decode.py +47 -46
- pulumi_vault/transform/get_encode.py +47 -46
- pulumi_vault/transform/role.py +57 -56
- pulumi_vault/transform/template.py +113 -112
- pulumi_vault/transform/transformation.py +141 -140
- pulumi_vault/transit/__init__.py +3 -0
- pulumi_vault/transit/get_decrypt.py +18 -17
- pulumi_vault/transit/get_encrypt.py +21 -20
- pulumi_vault/transit/get_sign.py +325 -0
- pulumi_vault/transit/get_verify.py +355 -0
- pulumi_vault/transit/secret_backend_key.py +394 -231
- pulumi_vault/transit/secret_cache_config.py +43 -42
- {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0.dist-info}/METADATA +2 -2
- pulumi_vault-6.7.0.dist-info/RECORD +265 -0
- {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0.dist-info}/WHEEL +1 -1
- pulumi_vault-6.6.0a1741415971.dist-info/RECORD +0 -260
- {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0.dist-info}/top_level.txt +0 -0
@@ -2,6 +2,7 @@
|
|
2
2
|
# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
|
3
3
|
# *** Do not edit by hand unless you're certain you know what you are doing! ***
|
4
4
|
|
5
|
+
import builtins
|
5
6
|
import copy
|
6
7
|
import warnings
|
7
8
|
import sys
|
@@ -19,87 +20,99 @@ __all__ = ['AuthBackendArgs', 'AuthBackend']
|
|
19
20
|
@pulumi.input_type
|
20
21
|
class AuthBackendArgs:
|
21
22
|
def __init__(__self__, *,
|
22
|
-
url: pulumi.Input[str],
|
23
|
-
binddn: Optional[pulumi.Input[str]] = None,
|
24
|
-
bindpass: Optional[pulumi.Input[str]] = None,
|
25
|
-
case_sensitive_names: Optional[pulumi.Input[bool]] = None,
|
26
|
-
certificate: Optional[pulumi.Input[str]] = None,
|
27
|
-
client_tls_cert: Optional[pulumi.Input[str]] = None,
|
28
|
-
client_tls_key: Optional[pulumi.Input[str]] = None,
|
29
|
-
connection_timeout: Optional[pulumi.Input[int]] = None,
|
30
|
-
deny_null_bind: Optional[pulumi.Input[bool]] = None,
|
31
|
-
description: Optional[pulumi.Input[str]] = None,
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
|
50
|
-
|
51
|
-
|
52
|
-
|
53
|
-
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
|
58
|
-
|
59
|
-
|
23
|
+
url: pulumi.Input[builtins.str],
|
24
|
+
binddn: Optional[pulumi.Input[builtins.str]] = None,
|
25
|
+
bindpass: Optional[pulumi.Input[builtins.str]] = None,
|
26
|
+
case_sensitive_names: Optional[pulumi.Input[builtins.bool]] = None,
|
27
|
+
certificate: Optional[pulumi.Input[builtins.str]] = None,
|
28
|
+
client_tls_cert: Optional[pulumi.Input[builtins.str]] = None,
|
29
|
+
client_tls_key: Optional[pulumi.Input[builtins.str]] = None,
|
30
|
+
connection_timeout: Optional[pulumi.Input[builtins.int]] = None,
|
31
|
+
deny_null_bind: Optional[pulumi.Input[builtins.bool]] = None,
|
32
|
+
description: Optional[pulumi.Input[builtins.str]] = None,
|
33
|
+
disable_automated_rotation: Optional[pulumi.Input[builtins.bool]] = None,
|
34
|
+
disable_remount: Optional[pulumi.Input[builtins.bool]] = None,
|
35
|
+
discoverdn: Optional[pulumi.Input[builtins.bool]] = None,
|
36
|
+
groupattr: Optional[pulumi.Input[builtins.str]] = None,
|
37
|
+
groupdn: Optional[pulumi.Input[builtins.str]] = None,
|
38
|
+
groupfilter: Optional[pulumi.Input[builtins.str]] = None,
|
39
|
+
insecure_tls: Optional[pulumi.Input[builtins.bool]] = None,
|
40
|
+
local: Optional[pulumi.Input[builtins.bool]] = None,
|
41
|
+
max_page_size: Optional[pulumi.Input[builtins.int]] = None,
|
42
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
43
|
+
path: Optional[pulumi.Input[builtins.str]] = None,
|
44
|
+
rotation_period: Optional[pulumi.Input[builtins.int]] = None,
|
45
|
+
rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
|
46
|
+
rotation_window: Optional[pulumi.Input[builtins.int]] = None,
|
47
|
+
starttls: Optional[pulumi.Input[builtins.bool]] = None,
|
48
|
+
tls_max_version: Optional[pulumi.Input[builtins.str]] = None,
|
49
|
+
tls_min_version: Optional[pulumi.Input[builtins.str]] = None,
|
50
|
+
token_bound_cidrs: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
51
|
+
token_explicit_max_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
52
|
+
token_max_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
53
|
+
token_no_default_policy: Optional[pulumi.Input[builtins.bool]] = None,
|
54
|
+
token_num_uses: Optional[pulumi.Input[builtins.int]] = None,
|
55
|
+
token_period: Optional[pulumi.Input[builtins.int]] = None,
|
56
|
+
token_policies: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
57
|
+
token_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
58
|
+
token_type: Optional[pulumi.Input[builtins.str]] = None,
|
59
|
+
upndomain: Optional[pulumi.Input[builtins.str]] = None,
|
60
|
+
use_token_groups: Optional[pulumi.Input[builtins.bool]] = None,
|
61
|
+
userattr: Optional[pulumi.Input[builtins.str]] = None,
|
62
|
+
userdn: Optional[pulumi.Input[builtins.str]] = None,
|
63
|
+
userfilter: Optional[pulumi.Input[builtins.str]] = None,
|
64
|
+
username_as_alias: Optional[pulumi.Input[builtins.bool]] = None):
|
60
65
|
"""
|
61
66
|
The set of arguments for constructing a AuthBackend resource.
|
62
|
-
:param pulumi.Input[str] url: The URL of the LDAP server
|
63
|
-
:param pulumi.Input[str] binddn: DN of object to bind when performing user search
|
64
|
-
:param pulumi.Input[str] bindpass: Password to use with `binddn` when performing user search
|
65
|
-
:param pulumi.Input[bool] case_sensitive_names: Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
|
66
|
-
:param pulumi.Input[str] certificate: Trusted CA to validate TLS certificate
|
67
|
-
:param pulumi.Input[int] connection_timeout: Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in `url` (integer: 30)
|
68
|
-
:param pulumi.Input[bool] deny_null_bind: Prevents users from bypassing authentication when providing an empty password.
|
69
|
-
:param pulumi.Input[str] description: Description for the LDAP auth backend mount
|
70
|
-
:param pulumi.Input[bool]
|
67
|
+
:param pulumi.Input[builtins.str] url: The URL of the LDAP server
|
68
|
+
:param pulumi.Input[builtins.str] binddn: DN of object to bind when performing user search
|
69
|
+
:param pulumi.Input[builtins.str] bindpass: Password to use with `binddn` when performing user search
|
70
|
+
:param pulumi.Input[builtins.bool] case_sensitive_names: Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
|
71
|
+
:param pulumi.Input[builtins.str] certificate: Trusted CA to validate TLS certificate
|
72
|
+
:param pulumi.Input[builtins.int] connection_timeout: Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in `url` (integer: 30)
|
73
|
+
:param pulumi.Input[builtins.bool] deny_null_bind: Prevents users from bypassing authentication when providing an empty password.
|
74
|
+
:param pulumi.Input[builtins.str] description: Description for the LDAP auth backend mount
|
75
|
+
:param pulumi.Input[builtins.bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
76
|
+
:param pulumi.Input[builtins.bool] disable_remount: If set, opts out of mount migration on path updates.
|
71
77
|
See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
|
72
|
-
:param pulumi.Input[bool] discoverdn: Use anonymous bind to discover the bind DN of a user.
|
73
|
-
:param pulumi.Input[str] groupattr: LDAP attribute to follow on objects returned by groupfilter
|
74
|
-
:param pulumi.Input[str] groupdn: Base DN under which to perform group search
|
75
|
-
:param pulumi.Input[str] groupfilter: Go template used to construct group membership query
|
76
|
-
:param pulumi.Input[bool] insecure_tls: Control whether or TLS certificates must be validated
|
77
|
-
:param pulumi.Input[bool] local: Specifies if the auth method is local only.
|
78
|
-
:param pulumi.Input[int] max_page_size: Sets the max page size for LDAP lookups, by default it's set to -1.
|
78
|
+
:param pulumi.Input[builtins.bool] discoverdn: Use anonymous bind to discover the bind DN of a user.
|
79
|
+
:param pulumi.Input[builtins.str] groupattr: LDAP attribute to follow on objects returned by groupfilter
|
80
|
+
:param pulumi.Input[builtins.str] groupdn: Base DN under which to perform group search
|
81
|
+
:param pulumi.Input[builtins.str] groupfilter: Go template used to construct group membership query
|
82
|
+
:param pulumi.Input[builtins.bool] insecure_tls: Control whether or TLS certificates must be validated
|
83
|
+
:param pulumi.Input[builtins.bool] local: Specifies if the auth method is local only.
|
84
|
+
:param pulumi.Input[builtins.int] max_page_size: Sets the max page size for LDAP lookups, by default it's set to -1.
|
79
85
|
*Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+*.
|
80
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
86
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
81
87
|
The value should not contain leading or trailing forward slashes.
|
82
88
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
83
89
|
*Available only for Vault Enterprise*.
|
84
|
-
:param pulumi.Input[str] path: Path to mount the LDAP auth backend under
|
85
|
-
:param pulumi.Input[
|
86
|
-
|
87
|
-
:param pulumi.Input[str]
|
88
|
-
|
89
|
-
:param pulumi.Input[int]
|
90
|
-
|
91
|
-
|
92
|
-
:param pulumi.Input[
|
93
|
-
:param pulumi.Input[
|
94
|
-
:param pulumi.Input[
|
95
|
-
:param pulumi.Input[
|
96
|
-
:param pulumi.Input[
|
97
|
-
:param pulumi.Input[
|
98
|
-
:param pulumi.Input[bool]
|
99
|
-
:param pulumi.Input[
|
100
|
-
:param pulumi.Input[
|
101
|
-
:param pulumi.Input[str]
|
102
|
-
:param pulumi.Input[
|
90
|
+
:param pulumi.Input[builtins.str] path: Path to mount the LDAP auth backend under
|
91
|
+
:param pulumi.Input[builtins.int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
|
92
|
+
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
93
|
+
:param pulumi.Input[builtins.str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
94
|
+
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
95
|
+
:param pulumi.Input[builtins.int] rotation_window: The maximum amount of time in seconds allowed to complete
|
96
|
+
a rotation when a scheduled token rotation occurs. The default rotation window is
|
97
|
+
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
|
98
|
+
:param pulumi.Input[builtins.bool] starttls: Control use of TLS when conecting to LDAP
|
99
|
+
:param pulumi.Input[builtins.str] tls_max_version: Maximum acceptable version of TLS
|
100
|
+
:param pulumi.Input[builtins.str] tls_min_version: Minimum acceptable version of TLS
|
101
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
|
102
|
+
:param pulumi.Input[builtins.int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
|
103
|
+
:param pulumi.Input[builtins.int] token_max_ttl: The maximum lifetime of the generated token
|
104
|
+
:param pulumi.Input[builtins.bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
|
105
|
+
:param pulumi.Input[builtins.int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
|
106
|
+
:param pulumi.Input[builtins.int] token_period: Generated Token's Period
|
107
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] token_policies: Generated Token's Policies
|
108
|
+
:param pulumi.Input[builtins.int] token_ttl: The initial ttl of the token to generate in seconds
|
109
|
+
:param pulumi.Input[builtins.str] token_type: The type of token to generate, service or batch
|
110
|
+
:param pulumi.Input[builtins.str] upndomain: The `userPrincipalDomain` used to construct the UPN string for the authenticating user.
|
111
|
+
:param pulumi.Input[builtins.bool] use_token_groups: Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
|
112
|
+
:param pulumi.Input[builtins.str] userattr: Attribute on user object matching username passed in
|
113
|
+
:param pulumi.Input[builtins.str] userdn: Base DN under which to perform user search
|
114
|
+
:param pulumi.Input[builtins.str] userfilter: LDAP user search filter
|
115
|
+
:param pulumi.Input[builtins.bool] username_as_alias: Force the auth method to use the username passed by the user as the alias name.
|
103
116
|
"""
|
104
117
|
pulumi.set(__self__, "url", url)
|
105
118
|
if binddn is not None:
|
@@ -120,6 +133,8 @@ class AuthBackendArgs:
|
|
120
133
|
pulumi.set(__self__, "deny_null_bind", deny_null_bind)
|
121
134
|
if description is not None:
|
122
135
|
pulumi.set(__self__, "description", description)
|
136
|
+
if disable_automated_rotation is not None:
|
137
|
+
pulumi.set(__self__, "disable_automated_rotation", disable_automated_rotation)
|
123
138
|
if disable_remount is not None:
|
124
139
|
pulumi.set(__self__, "disable_remount", disable_remount)
|
125
140
|
if discoverdn is not None:
|
@@ -140,6 +155,12 @@ class AuthBackendArgs:
|
|
140
155
|
pulumi.set(__self__, "namespace", namespace)
|
141
156
|
if path is not None:
|
142
157
|
pulumi.set(__self__, "path", path)
|
158
|
+
if rotation_period is not None:
|
159
|
+
pulumi.set(__self__, "rotation_period", rotation_period)
|
160
|
+
if rotation_schedule is not None:
|
161
|
+
pulumi.set(__self__, "rotation_schedule", rotation_schedule)
|
162
|
+
if rotation_window is not None:
|
163
|
+
pulumi.set(__self__, "rotation_window", rotation_window)
|
143
164
|
if starttls is not None:
|
144
165
|
pulumi.set(__self__, "starttls", starttls)
|
145
166
|
if tls_max_version is not None:
|
@@ -179,121 +200,133 @@ class AuthBackendArgs:
|
|
179
200
|
|
180
201
|
@property
|
181
202
|
@pulumi.getter
|
182
|
-
def url(self) -> pulumi.Input[str]:
|
203
|
+
def url(self) -> pulumi.Input[builtins.str]:
|
183
204
|
"""
|
184
205
|
The URL of the LDAP server
|
185
206
|
"""
|
186
207
|
return pulumi.get(self, "url")
|
187
208
|
|
188
209
|
@url.setter
|
189
|
-
def url(self, value: pulumi.Input[str]):
|
210
|
+
def url(self, value: pulumi.Input[builtins.str]):
|
190
211
|
pulumi.set(self, "url", value)
|
191
212
|
|
192
213
|
@property
|
193
214
|
@pulumi.getter
|
194
|
-
def binddn(self) -> Optional[pulumi.Input[str]]:
|
215
|
+
def binddn(self) -> Optional[pulumi.Input[builtins.str]]:
|
195
216
|
"""
|
196
217
|
DN of object to bind when performing user search
|
197
218
|
"""
|
198
219
|
return pulumi.get(self, "binddn")
|
199
220
|
|
200
221
|
@binddn.setter
|
201
|
-
def binddn(self, value: Optional[pulumi.Input[str]]):
|
222
|
+
def binddn(self, value: Optional[pulumi.Input[builtins.str]]):
|
202
223
|
pulumi.set(self, "binddn", value)
|
203
224
|
|
204
225
|
@property
|
205
226
|
@pulumi.getter
|
206
|
-
def bindpass(self) -> Optional[pulumi.Input[str]]:
|
227
|
+
def bindpass(self) -> Optional[pulumi.Input[builtins.str]]:
|
207
228
|
"""
|
208
229
|
Password to use with `binddn` when performing user search
|
209
230
|
"""
|
210
231
|
return pulumi.get(self, "bindpass")
|
211
232
|
|
212
233
|
@bindpass.setter
|
213
|
-
def bindpass(self, value: Optional[pulumi.Input[str]]):
|
234
|
+
def bindpass(self, value: Optional[pulumi.Input[builtins.str]]):
|
214
235
|
pulumi.set(self, "bindpass", value)
|
215
236
|
|
216
237
|
@property
|
217
238
|
@pulumi.getter(name="caseSensitiveNames")
|
218
|
-
def case_sensitive_names(self) -> Optional[pulumi.Input[bool]]:
|
239
|
+
def case_sensitive_names(self) -> Optional[pulumi.Input[builtins.bool]]:
|
219
240
|
"""
|
220
241
|
Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
|
221
242
|
"""
|
222
243
|
return pulumi.get(self, "case_sensitive_names")
|
223
244
|
|
224
245
|
@case_sensitive_names.setter
|
225
|
-
def case_sensitive_names(self, value: Optional[pulumi.Input[bool]]):
|
246
|
+
def case_sensitive_names(self, value: Optional[pulumi.Input[builtins.bool]]):
|
226
247
|
pulumi.set(self, "case_sensitive_names", value)
|
227
248
|
|
228
249
|
@property
|
229
250
|
@pulumi.getter
|
230
|
-
def certificate(self) -> Optional[pulumi.Input[str]]:
|
251
|
+
def certificate(self) -> Optional[pulumi.Input[builtins.str]]:
|
231
252
|
"""
|
232
253
|
Trusted CA to validate TLS certificate
|
233
254
|
"""
|
234
255
|
return pulumi.get(self, "certificate")
|
235
256
|
|
236
257
|
@certificate.setter
|
237
|
-
def certificate(self, value: Optional[pulumi.Input[str]]):
|
258
|
+
def certificate(self, value: Optional[pulumi.Input[builtins.str]]):
|
238
259
|
pulumi.set(self, "certificate", value)
|
239
260
|
|
240
261
|
@property
|
241
262
|
@pulumi.getter(name="clientTlsCert")
|
242
|
-
def client_tls_cert(self) -> Optional[pulumi.Input[str]]:
|
263
|
+
def client_tls_cert(self) -> Optional[pulumi.Input[builtins.str]]:
|
243
264
|
return pulumi.get(self, "client_tls_cert")
|
244
265
|
|
245
266
|
@client_tls_cert.setter
|
246
|
-
def client_tls_cert(self, value: Optional[pulumi.Input[str]]):
|
267
|
+
def client_tls_cert(self, value: Optional[pulumi.Input[builtins.str]]):
|
247
268
|
pulumi.set(self, "client_tls_cert", value)
|
248
269
|
|
249
270
|
@property
|
250
271
|
@pulumi.getter(name="clientTlsKey")
|
251
|
-
def client_tls_key(self) -> Optional[pulumi.Input[str]]:
|
272
|
+
def client_tls_key(self) -> Optional[pulumi.Input[builtins.str]]:
|
252
273
|
return pulumi.get(self, "client_tls_key")
|
253
274
|
|
254
275
|
@client_tls_key.setter
|
255
|
-
def client_tls_key(self, value: Optional[pulumi.Input[str]]):
|
276
|
+
def client_tls_key(self, value: Optional[pulumi.Input[builtins.str]]):
|
256
277
|
pulumi.set(self, "client_tls_key", value)
|
257
278
|
|
258
279
|
@property
|
259
280
|
@pulumi.getter(name="connectionTimeout")
|
260
|
-
def connection_timeout(self) -> Optional[pulumi.Input[int]]:
|
281
|
+
def connection_timeout(self) -> Optional[pulumi.Input[builtins.int]]:
|
261
282
|
"""
|
262
283
|
Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in `url` (integer: 30)
|
263
284
|
"""
|
264
285
|
return pulumi.get(self, "connection_timeout")
|
265
286
|
|
266
287
|
@connection_timeout.setter
|
267
|
-
def connection_timeout(self, value: Optional[pulumi.Input[int]]):
|
288
|
+
def connection_timeout(self, value: Optional[pulumi.Input[builtins.int]]):
|
268
289
|
pulumi.set(self, "connection_timeout", value)
|
269
290
|
|
270
291
|
@property
|
271
292
|
@pulumi.getter(name="denyNullBind")
|
272
|
-
def deny_null_bind(self) -> Optional[pulumi.Input[bool]]:
|
293
|
+
def deny_null_bind(self) -> Optional[pulumi.Input[builtins.bool]]:
|
273
294
|
"""
|
274
295
|
Prevents users from bypassing authentication when providing an empty password.
|
275
296
|
"""
|
276
297
|
return pulumi.get(self, "deny_null_bind")
|
277
298
|
|
278
299
|
@deny_null_bind.setter
|
279
|
-
def deny_null_bind(self, value: Optional[pulumi.Input[bool]]):
|
300
|
+
def deny_null_bind(self, value: Optional[pulumi.Input[builtins.bool]]):
|
280
301
|
pulumi.set(self, "deny_null_bind", value)
|
281
302
|
|
282
303
|
@property
|
283
304
|
@pulumi.getter
|
284
|
-
def description(self) -> Optional[pulumi.Input[str]]:
|
305
|
+
def description(self) -> Optional[pulumi.Input[builtins.str]]:
|
285
306
|
"""
|
286
307
|
Description for the LDAP auth backend mount
|
287
308
|
"""
|
288
309
|
return pulumi.get(self, "description")
|
289
310
|
|
290
311
|
@description.setter
|
291
|
-
def description(self, value: Optional[pulumi.Input[str]]):
|
312
|
+
def description(self, value: Optional[pulumi.Input[builtins.str]]):
|
292
313
|
pulumi.set(self, "description", value)
|
293
314
|
|
315
|
+
@property
|
316
|
+
@pulumi.getter(name="disableAutomatedRotation")
|
317
|
+
def disable_automated_rotation(self) -> Optional[pulumi.Input[builtins.bool]]:
|
318
|
+
"""
|
319
|
+
Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
320
|
+
"""
|
321
|
+
return pulumi.get(self, "disable_automated_rotation")
|
322
|
+
|
323
|
+
@disable_automated_rotation.setter
|
324
|
+
def disable_automated_rotation(self, value: Optional[pulumi.Input[builtins.bool]]):
|
325
|
+
pulumi.set(self, "disable_automated_rotation", value)
|
326
|
+
|
294
327
|
@property
|
295
328
|
@pulumi.getter(name="disableRemount")
|
296
|
-
def disable_remount(self) -> Optional[pulumi.Input[bool]]:
|
329
|
+
def disable_remount(self) -> Optional[pulumi.Input[builtins.bool]]:
|
297
330
|
"""
|
298
331
|
If set, opts out of mount migration on path updates.
|
299
332
|
See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
|
@@ -301,84 +334,84 @@ class AuthBackendArgs:
|
|
301
334
|
return pulumi.get(self, "disable_remount")
|
302
335
|
|
303
336
|
@disable_remount.setter
|
304
|
-
def disable_remount(self, value: Optional[pulumi.Input[bool]]):
|
337
|
+
def disable_remount(self, value: Optional[pulumi.Input[builtins.bool]]):
|
305
338
|
pulumi.set(self, "disable_remount", value)
|
306
339
|
|
307
340
|
@property
|
308
341
|
@pulumi.getter
|
309
|
-
def discoverdn(self) -> Optional[pulumi.Input[bool]]:
|
342
|
+
def discoverdn(self) -> Optional[pulumi.Input[builtins.bool]]:
|
310
343
|
"""
|
311
344
|
Use anonymous bind to discover the bind DN of a user.
|
312
345
|
"""
|
313
346
|
return pulumi.get(self, "discoverdn")
|
314
347
|
|
315
348
|
@discoverdn.setter
|
316
|
-
def discoverdn(self, value: Optional[pulumi.Input[bool]]):
|
349
|
+
def discoverdn(self, value: Optional[pulumi.Input[builtins.bool]]):
|
317
350
|
pulumi.set(self, "discoverdn", value)
|
318
351
|
|
319
352
|
@property
|
320
353
|
@pulumi.getter
|
321
|
-
def groupattr(self) -> Optional[pulumi.Input[str]]:
|
354
|
+
def groupattr(self) -> Optional[pulumi.Input[builtins.str]]:
|
322
355
|
"""
|
323
356
|
LDAP attribute to follow on objects returned by groupfilter
|
324
357
|
"""
|
325
358
|
return pulumi.get(self, "groupattr")
|
326
359
|
|
327
360
|
@groupattr.setter
|
328
|
-
def groupattr(self, value: Optional[pulumi.Input[str]]):
|
361
|
+
def groupattr(self, value: Optional[pulumi.Input[builtins.str]]):
|
329
362
|
pulumi.set(self, "groupattr", value)
|
330
363
|
|
331
364
|
@property
|
332
365
|
@pulumi.getter
|
333
|
-
def groupdn(self) -> Optional[pulumi.Input[str]]:
|
366
|
+
def groupdn(self) -> Optional[pulumi.Input[builtins.str]]:
|
334
367
|
"""
|
335
368
|
Base DN under which to perform group search
|
336
369
|
"""
|
337
370
|
return pulumi.get(self, "groupdn")
|
338
371
|
|
339
372
|
@groupdn.setter
|
340
|
-
def groupdn(self, value: Optional[pulumi.Input[str]]):
|
373
|
+
def groupdn(self, value: Optional[pulumi.Input[builtins.str]]):
|
341
374
|
pulumi.set(self, "groupdn", value)
|
342
375
|
|
343
376
|
@property
|
344
377
|
@pulumi.getter
|
345
|
-
def groupfilter(self) -> Optional[pulumi.Input[str]]:
|
378
|
+
def groupfilter(self) -> Optional[pulumi.Input[builtins.str]]:
|
346
379
|
"""
|
347
380
|
Go template used to construct group membership query
|
348
381
|
"""
|
349
382
|
return pulumi.get(self, "groupfilter")
|
350
383
|
|
351
384
|
@groupfilter.setter
|
352
|
-
def groupfilter(self, value: Optional[pulumi.Input[str]]):
|
385
|
+
def groupfilter(self, value: Optional[pulumi.Input[builtins.str]]):
|
353
386
|
pulumi.set(self, "groupfilter", value)
|
354
387
|
|
355
388
|
@property
|
356
389
|
@pulumi.getter(name="insecureTls")
|
357
|
-
def insecure_tls(self) -> Optional[pulumi.Input[bool]]:
|
390
|
+
def insecure_tls(self) -> Optional[pulumi.Input[builtins.bool]]:
|
358
391
|
"""
|
359
392
|
Control whether or TLS certificates must be validated
|
360
393
|
"""
|
361
394
|
return pulumi.get(self, "insecure_tls")
|
362
395
|
|
363
396
|
@insecure_tls.setter
|
364
|
-
def insecure_tls(self, value: Optional[pulumi.Input[bool]]):
|
397
|
+
def insecure_tls(self, value: Optional[pulumi.Input[builtins.bool]]):
|
365
398
|
pulumi.set(self, "insecure_tls", value)
|
366
399
|
|
367
400
|
@property
|
368
401
|
@pulumi.getter
|
369
|
-
def local(self) -> Optional[pulumi.Input[bool]]:
|
402
|
+
def local(self) -> Optional[pulumi.Input[builtins.bool]]:
|
370
403
|
"""
|
371
404
|
Specifies if the auth method is local only.
|
372
405
|
"""
|
373
406
|
return pulumi.get(self, "local")
|
374
407
|
|
375
408
|
@local.setter
|
376
|
-
def local(self, value: Optional[pulumi.Input[bool]]):
|
409
|
+
def local(self, value: Optional[pulumi.Input[builtins.bool]]):
|
377
410
|
pulumi.set(self, "local", value)
|
378
411
|
|
379
412
|
@property
|
380
413
|
@pulumi.getter(name="maxPageSize")
|
381
|
-
def max_page_size(self) -> Optional[pulumi.Input[int]]:
|
414
|
+
def max_page_size(self) -> Optional[pulumi.Input[builtins.int]]:
|
382
415
|
"""
|
383
416
|
Sets the max page size for LDAP lookups, by default it's set to -1.
|
384
417
|
*Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+*.
|
@@ -386,12 +419,12 @@ class AuthBackendArgs:
|
|
386
419
|
return pulumi.get(self, "max_page_size")
|
387
420
|
|
388
421
|
@max_page_size.setter
|
389
|
-
def max_page_size(self, value: Optional[pulumi.Input[int]]):
|
422
|
+
def max_page_size(self, value: Optional[pulumi.Input[builtins.int]]):
|
390
423
|
pulumi.set(self, "max_page_size", value)
|
391
424
|
|
392
425
|
@property
|
393
426
|
@pulumi.getter
|
394
|
-
def namespace(self) -> Optional[pulumi.Input[str]]:
|
427
|
+
def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
|
395
428
|
"""
|
396
429
|
The namespace to provision the resource in.
|
397
430
|
The value should not contain leading or trailing forward slashes.
|
@@ -401,324 +434,376 @@ class AuthBackendArgs:
|
|
401
434
|
return pulumi.get(self, "namespace")
|
402
435
|
|
403
436
|
@namespace.setter
|
404
|
-
def namespace(self, value: Optional[pulumi.Input[str]]):
|
437
|
+
def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
|
405
438
|
pulumi.set(self, "namespace", value)
|
406
439
|
|
407
440
|
@property
|
408
441
|
@pulumi.getter
|
409
|
-
def path(self) -> Optional[pulumi.Input[str]]:
|
442
|
+
def path(self) -> Optional[pulumi.Input[builtins.str]]:
|
410
443
|
"""
|
411
444
|
Path to mount the LDAP auth backend under
|
412
445
|
"""
|
413
446
|
return pulumi.get(self, "path")
|
414
447
|
|
415
448
|
@path.setter
|
416
|
-
def path(self, value: Optional[pulumi.Input[str]]):
|
449
|
+
def path(self, value: Optional[pulumi.Input[builtins.str]]):
|
417
450
|
pulumi.set(self, "path", value)
|
418
451
|
|
452
|
+
@property
|
453
|
+
@pulumi.getter(name="rotationPeriod")
|
454
|
+
def rotation_period(self) -> Optional[pulumi.Input[builtins.int]]:
|
455
|
+
"""
|
456
|
+
The amount of time in seconds Vault should wait before rotating the root credential.
|
457
|
+
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
458
|
+
"""
|
459
|
+
return pulumi.get(self, "rotation_period")
|
460
|
+
|
461
|
+
@rotation_period.setter
|
462
|
+
def rotation_period(self, value: Optional[pulumi.Input[builtins.int]]):
|
463
|
+
pulumi.set(self, "rotation_period", value)
|
464
|
+
|
465
|
+
@property
|
466
|
+
@pulumi.getter(name="rotationSchedule")
|
467
|
+
def rotation_schedule(self) -> Optional[pulumi.Input[builtins.str]]:
|
468
|
+
"""
|
469
|
+
The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
470
|
+
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
471
|
+
"""
|
472
|
+
return pulumi.get(self, "rotation_schedule")
|
473
|
+
|
474
|
+
@rotation_schedule.setter
|
475
|
+
def rotation_schedule(self, value: Optional[pulumi.Input[builtins.str]]):
|
476
|
+
pulumi.set(self, "rotation_schedule", value)
|
477
|
+
|
478
|
+
@property
|
479
|
+
@pulumi.getter(name="rotationWindow")
|
480
|
+
def rotation_window(self) -> Optional[pulumi.Input[builtins.int]]:
|
481
|
+
"""
|
482
|
+
The maximum amount of time in seconds allowed to complete
|
483
|
+
a rotation when a scheduled token rotation occurs. The default rotation window is
|
484
|
+
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
|
485
|
+
"""
|
486
|
+
return pulumi.get(self, "rotation_window")
|
487
|
+
|
488
|
+
@rotation_window.setter
|
489
|
+
def rotation_window(self, value: Optional[pulumi.Input[builtins.int]]):
|
490
|
+
pulumi.set(self, "rotation_window", value)
|
491
|
+
|
419
492
|
@property
|
420
493
|
@pulumi.getter
|
421
|
-
def starttls(self) -> Optional[pulumi.Input[bool]]:
|
494
|
+
def starttls(self) -> Optional[pulumi.Input[builtins.bool]]:
|
422
495
|
"""
|
423
496
|
Control use of TLS when conecting to LDAP
|
424
497
|
"""
|
425
498
|
return pulumi.get(self, "starttls")
|
426
499
|
|
427
500
|
@starttls.setter
|
428
|
-
def starttls(self, value: Optional[pulumi.Input[bool]]):
|
501
|
+
def starttls(self, value: Optional[pulumi.Input[builtins.bool]]):
|
429
502
|
pulumi.set(self, "starttls", value)
|
430
503
|
|
431
504
|
@property
|
432
505
|
@pulumi.getter(name="tlsMaxVersion")
|
433
|
-
def tls_max_version(self) -> Optional[pulumi.Input[str]]:
|
506
|
+
def tls_max_version(self) -> Optional[pulumi.Input[builtins.str]]:
|
434
507
|
"""
|
435
508
|
Maximum acceptable version of TLS
|
436
509
|
"""
|
437
510
|
return pulumi.get(self, "tls_max_version")
|
438
511
|
|
439
512
|
@tls_max_version.setter
|
440
|
-
def tls_max_version(self, value: Optional[pulumi.Input[str]]):
|
513
|
+
def tls_max_version(self, value: Optional[pulumi.Input[builtins.str]]):
|
441
514
|
pulumi.set(self, "tls_max_version", value)
|
442
515
|
|
443
516
|
@property
|
444
517
|
@pulumi.getter(name="tlsMinVersion")
|
445
|
-
def tls_min_version(self) -> Optional[pulumi.Input[str]]:
|
518
|
+
def tls_min_version(self) -> Optional[pulumi.Input[builtins.str]]:
|
446
519
|
"""
|
447
520
|
Minimum acceptable version of TLS
|
448
521
|
"""
|
449
522
|
return pulumi.get(self, "tls_min_version")
|
450
523
|
|
451
524
|
@tls_min_version.setter
|
452
|
-
def tls_min_version(self, value: Optional[pulumi.Input[str]]):
|
525
|
+
def tls_min_version(self, value: Optional[pulumi.Input[builtins.str]]):
|
453
526
|
pulumi.set(self, "tls_min_version", value)
|
454
527
|
|
455
528
|
@property
|
456
529
|
@pulumi.getter(name="tokenBoundCidrs")
|
457
|
-
def token_bound_cidrs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
530
|
+
def token_bound_cidrs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
458
531
|
"""
|
459
532
|
Specifies the blocks of IP addresses which are allowed to use the generated token
|
460
533
|
"""
|
461
534
|
return pulumi.get(self, "token_bound_cidrs")
|
462
535
|
|
463
536
|
@token_bound_cidrs.setter
|
464
|
-
def token_bound_cidrs(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
537
|
+
def token_bound_cidrs(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
465
538
|
pulumi.set(self, "token_bound_cidrs", value)
|
466
539
|
|
467
540
|
@property
|
468
541
|
@pulumi.getter(name="tokenExplicitMaxTtl")
|
469
|
-
def token_explicit_max_ttl(self) -> Optional[pulumi.Input[int]]:
|
542
|
+
def token_explicit_max_ttl(self) -> Optional[pulumi.Input[builtins.int]]:
|
470
543
|
"""
|
471
544
|
Generated Token's Explicit Maximum TTL in seconds
|
472
545
|
"""
|
473
546
|
return pulumi.get(self, "token_explicit_max_ttl")
|
474
547
|
|
475
548
|
@token_explicit_max_ttl.setter
|
476
|
-
def token_explicit_max_ttl(self, value: Optional[pulumi.Input[int]]):
|
549
|
+
def token_explicit_max_ttl(self, value: Optional[pulumi.Input[builtins.int]]):
|
477
550
|
pulumi.set(self, "token_explicit_max_ttl", value)
|
478
551
|
|
479
552
|
@property
|
480
553
|
@pulumi.getter(name="tokenMaxTtl")
|
481
|
-
def token_max_ttl(self) -> Optional[pulumi.Input[int]]:
|
554
|
+
def token_max_ttl(self) -> Optional[pulumi.Input[builtins.int]]:
|
482
555
|
"""
|
483
556
|
The maximum lifetime of the generated token
|
484
557
|
"""
|
485
558
|
return pulumi.get(self, "token_max_ttl")
|
486
559
|
|
487
560
|
@token_max_ttl.setter
|
488
|
-
def token_max_ttl(self, value: Optional[pulumi.Input[int]]):
|
561
|
+
def token_max_ttl(self, value: Optional[pulumi.Input[builtins.int]]):
|
489
562
|
pulumi.set(self, "token_max_ttl", value)
|
490
563
|
|
491
564
|
@property
|
492
565
|
@pulumi.getter(name="tokenNoDefaultPolicy")
|
493
|
-
def token_no_default_policy(self) -> Optional[pulumi.Input[bool]]:
|
566
|
+
def token_no_default_policy(self) -> Optional[pulumi.Input[builtins.bool]]:
|
494
567
|
"""
|
495
568
|
If true, the 'default' policy will not automatically be added to generated tokens
|
496
569
|
"""
|
497
570
|
return pulumi.get(self, "token_no_default_policy")
|
498
571
|
|
499
572
|
@token_no_default_policy.setter
|
500
|
-
def token_no_default_policy(self, value: Optional[pulumi.Input[bool]]):
|
573
|
+
def token_no_default_policy(self, value: Optional[pulumi.Input[builtins.bool]]):
|
501
574
|
pulumi.set(self, "token_no_default_policy", value)
|
502
575
|
|
503
576
|
@property
|
504
577
|
@pulumi.getter(name="tokenNumUses")
|
505
|
-
def token_num_uses(self) -> Optional[pulumi.Input[int]]:
|
578
|
+
def token_num_uses(self) -> Optional[pulumi.Input[builtins.int]]:
|
506
579
|
"""
|
507
580
|
The maximum number of times a token may be used, a value of zero means unlimited
|
508
581
|
"""
|
509
582
|
return pulumi.get(self, "token_num_uses")
|
510
583
|
|
511
584
|
@token_num_uses.setter
|
512
|
-
def token_num_uses(self, value: Optional[pulumi.Input[int]]):
|
585
|
+
def token_num_uses(self, value: Optional[pulumi.Input[builtins.int]]):
|
513
586
|
pulumi.set(self, "token_num_uses", value)
|
514
587
|
|
515
588
|
@property
|
516
589
|
@pulumi.getter(name="tokenPeriod")
|
517
|
-
def token_period(self) -> Optional[pulumi.Input[int]]:
|
590
|
+
def token_period(self) -> Optional[pulumi.Input[builtins.int]]:
|
518
591
|
"""
|
519
592
|
Generated Token's Period
|
520
593
|
"""
|
521
594
|
return pulumi.get(self, "token_period")
|
522
595
|
|
523
596
|
@token_period.setter
|
524
|
-
def token_period(self, value: Optional[pulumi.Input[int]]):
|
597
|
+
def token_period(self, value: Optional[pulumi.Input[builtins.int]]):
|
525
598
|
pulumi.set(self, "token_period", value)
|
526
599
|
|
527
600
|
@property
|
528
601
|
@pulumi.getter(name="tokenPolicies")
|
529
|
-
def token_policies(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
602
|
+
def token_policies(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
530
603
|
"""
|
531
604
|
Generated Token's Policies
|
532
605
|
"""
|
533
606
|
return pulumi.get(self, "token_policies")
|
534
607
|
|
535
608
|
@token_policies.setter
|
536
|
-
def token_policies(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
609
|
+
def token_policies(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
537
610
|
pulumi.set(self, "token_policies", value)
|
538
611
|
|
539
612
|
@property
|
540
613
|
@pulumi.getter(name="tokenTtl")
|
541
|
-
def token_ttl(self) -> Optional[pulumi.Input[int]]:
|
614
|
+
def token_ttl(self) -> Optional[pulumi.Input[builtins.int]]:
|
542
615
|
"""
|
543
616
|
The initial ttl of the token to generate in seconds
|
544
617
|
"""
|
545
618
|
return pulumi.get(self, "token_ttl")
|
546
619
|
|
547
620
|
@token_ttl.setter
|
548
|
-
def token_ttl(self, value: Optional[pulumi.Input[int]]):
|
621
|
+
def token_ttl(self, value: Optional[pulumi.Input[builtins.int]]):
|
549
622
|
pulumi.set(self, "token_ttl", value)
|
550
623
|
|
551
624
|
@property
|
552
625
|
@pulumi.getter(name="tokenType")
|
553
|
-
def token_type(self) -> Optional[pulumi.Input[str]]:
|
626
|
+
def token_type(self) -> Optional[pulumi.Input[builtins.str]]:
|
554
627
|
"""
|
555
628
|
The type of token to generate, service or batch
|
556
629
|
"""
|
557
630
|
return pulumi.get(self, "token_type")
|
558
631
|
|
559
632
|
@token_type.setter
|
560
|
-
def token_type(self, value: Optional[pulumi.Input[str]]):
|
633
|
+
def token_type(self, value: Optional[pulumi.Input[builtins.str]]):
|
561
634
|
pulumi.set(self, "token_type", value)
|
562
635
|
|
563
636
|
@property
|
564
637
|
@pulumi.getter
|
565
|
-
def upndomain(self) -> Optional[pulumi.Input[str]]:
|
638
|
+
def upndomain(self) -> Optional[pulumi.Input[builtins.str]]:
|
566
639
|
"""
|
567
640
|
The `userPrincipalDomain` used to construct the UPN string for the authenticating user.
|
568
641
|
"""
|
569
642
|
return pulumi.get(self, "upndomain")
|
570
643
|
|
571
644
|
@upndomain.setter
|
572
|
-
def upndomain(self, value: Optional[pulumi.Input[str]]):
|
645
|
+
def upndomain(self, value: Optional[pulumi.Input[builtins.str]]):
|
573
646
|
pulumi.set(self, "upndomain", value)
|
574
647
|
|
575
648
|
@property
|
576
649
|
@pulumi.getter(name="useTokenGroups")
|
577
|
-
def use_token_groups(self) -> Optional[pulumi.Input[bool]]:
|
650
|
+
def use_token_groups(self) -> Optional[pulumi.Input[builtins.bool]]:
|
578
651
|
"""
|
579
652
|
Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
|
580
653
|
"""
|
581
654
|
return pulumi.get(self, "use_token_groups")
|
582
655
|
|
583
656
|
@use_token_groups.setter
|
584
|
-
def use_token_groups(self, value: Optional[pulumi.Input[bool]]):
|
657
|
+
def use_token_groups(self, value: Optional[pulumi.Input[builtins.bool]]):
|
585
658
|
pulumi.set(self, "use_token_groups", value)
|
586
659
|
|
587
660
|
@property
|
588
661
|
@pulumi.getter
|
589
|
-
def userattr(self) -> Optional[pulumi.Input[str]]:
|
662
|
+
def userattr(self) -> Optional[pulumi.Input[builtins.str]]:
|
590
663
|
"""
|
591
664
|
Attribute on user object matching username passed in
|
592
665
|
"""
|
593
666
|
return pulumi.get(self, "userattr")
|
594
667
|
|
595
668
|
@userattr.setter
|
596
|
-
def userattr(self, value: Optional[pulumi.Input[str]]):
|
669
|
+
def userattr(self, value: Optional[pulumi.Input[builtins.str]]):
|
597
670
|
pulumi.set(self, "userattr", value)
|
598
671
|
|
599
672
|
@property
|
600
673
|
@pulumi.getter
|
601
|
-
def userdn(self) -> Optional[pulumi.Input[str]]:
|
674
|
+
def userdn(self) -> Optional[pulumi.Input[builtins.str]]:
|
602
675
|
"""
|
603
676
|
Base DN under which to perform user search
|
604
677
|
"""
|
605
678
|
return pulumi.get(self, "userdn")
|
606
679
|
|
607
680
|
@userdn.setter
|
608
|
-
def userdn(self, value: Optional[pulumi.Input[str]]):
|
681
|
+
def userdn(self, value: Optional[pulumi.Input[builtins.str]]):
|
609
682
|
pulumi.set(self, "userdn", value)
|
610
683
|
|
611
684
|
@property
|
612
685
|
@pulumi.getter
|
613
|
-
def userfilter(self) -> Optional[pulumi.Input[str]]:
|
686
|
+
def userfilter(self) -> Optional[pulumi.Input[builtins.str]]:
|
614
687
|
"""
|
615
688
|
LDAP user search filter
|
616
689
|
"""
|
617
690
|
return pulumi.get(self, "userfilter")
|
618
691
|
|
619
692
|
@userfilter.setter
|
620
|
-
def userfilter(self, value: Optional[pulumi.Input[str]]):
|
693
|
+
def userfilter(self, value: Optional[pulumi.Input[builtins.str]]):
|
621
694
|
pulumi.set(self, "userfilter", value)
|
622
695
|
|
623
696
|
@property
|
624
697
|
@pulumi.getter(name="usernameAsAlias")
|
625
|
-
def username_as_alias(self) -> Optional[pulumi.Input[bool]]:
|
698
|
+
def username_as_alias(self) -> Optional[pulumi.Input[builtins.bool]]:
|
626
699
|
"""
|
627
700
|
Force the auth method to use the username passed by the user as the alias name.
|
628
701
|
"""
|
629
702
|
return pulumi.get(self, "username_as_alias")
|
630
703
|
|
631
704
|
@username_as_alias.setter
|
632
|
-
def username_as_alias(self, value: Optional[pulumi.Input[bool]]):
|
705
|
+
def username_as_alias(self, value: Optional[pulumi.Input[builtins.bool]]):
|
633
706
|
pulumi.set(self, "username_as_alias", value)
|
634
707
|
|
635
708
|
|
636
709
|
@pulumi.input_type
|
637
710
|
class _AuthBackendState:
|
638
711
|
def __init__(__self__, *,
|
639
|
-
accessor: Optional[pulumi.Input[str]] = None,
|
640
|
-
binddn: Optional[pulumi.Input[str]] = None,
|
641
|
-
bindpass: Optional[pulumi.Input[str]] = None,
|
642
|
-
case_sensitive_names: Optional[pulumi.Input[bool]] = None,
|
643
|
-
certificate: Optional[pulumi.Input[str]] = None,
|
644
|
-
client_tls_cert: Optional[pulumi.Input[str]] = None,
|
645
|
-
client_tls_key: Optional[pulumi.Input[str]] = None,
|
646
|
-
connection_timeout: Optional[pulumi.Input[int]] = None,
|
647
|
-
deny_null_bind: Optional[pulumi.Input[bool]] = None,
|
648
|
-
description: Optional[pulumi.Input[str]] = None,
|
649
|
-
|
650
|
-
|
651
|
-
|
652
|
-
|
653
|
-
|
654
|
-
|
655
|
-
|
656
|
-
|
657
|
-
|
658
|
-
|
659
|
-
|
660
|
-
|
661
|
-
|
662
|
-
|
663
|
-
|
664
|
-
|
665
|
-
|
666
|
-
|
667
|
-
|
668
|
-
|
669
|
-
|
670
|
-
|
671
|
-
|
672
|
-
|
673
|
-
|
674
|
-
|
675
|
-
|
676
|
-
|
677
|
-
|
712
|
+
accessor: Optional[pulumi.Input[builtins.str]] = None,
|
713
|
+
binddn: Optional[pulumi.Input[builtins.str]] = None,
|
714
|
+
bindpass: Optional[pulumi.Input[builtins.str]] = None,
|
715
|
+
case_sensitive_names: Optional[pulumi.Input[builtins.bool]] = None,
|
716
|
+
certificate: Optional[pulumi.Input[builtins.str]] = None,
|
717
|
+
client_tls_cert: Optional[pulumi.Input[builtins.str]] = None,
|
718
|
+
client_tls_key: Optional[pulumi.Input[builtins.str]] = None,
|
719
|
+
connection_timeout: Optional[pulumi.Input[builtins.int]] = None,
|
720
|
+
deny_null_bind: Optional[pulumi.Input[builtins.bool]] = None,
|
721
|
+
description: Optional[pulumi.Input[builtins.str]] = None,
|
722
|
+
disable_automated_rotation: Optional[pulumi.Input[builtins.bool]] = None,
|
723
|
+
disable_remount: Optional[pulumi.Input[builtins.bool]] = None,
|
724
|
+
discoverdn: Optional[pulumi.Input[builtins.bool]] = None,
|
725
|
+
groupattr: Optional[pulumi.Input[builtins.str]] = None,
|
726
|
+
groupdn: Optional[pulumi.Input[builtins.str]] = None,
|
727
|
+
groupfilter: Optional[pulumi.Input[builtins.str]] = None,
|
728
|
+
insecure_tls: Optional[pulumi.Input[builtins.bool]] = None,
|
729
|
+
local: Optional[pulumi.Input[builtins.bool]] = None,
|
730
|
+
max_page_size: Optional[pulumi.Input[builtins.int]] = None,
|
731
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
732
|
+
path: Optional[pulumi.Input[builtins.str]] = None,
|
733
|
+
rotation_period: Optional[pulumi.Input[builtins.int]] = None,
|
734
|
+
rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
|
735
|
+
rotation_window: Optional[pulumi.Input[builtins.int]] = None,
|
736
|
+
starttls: Optional[pulumi.Input[builtins.bool]] = None,
|
737
|
+
tls_max_version: Optional[pulumi.Input[builtins.str]] = None,
|
738
|
+
tls_min_version: Optional[pulumi.Input[builtins.str]] = None,
|
739
|
+
token_bound_cidrs: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
740
|
+
token_explicit_max_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
741
|
+
token_max_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
742
|
+
token_no_default_policy: Optional[pulumi.Input[builtins.bool]] = None,
|
743
|
+
token_num_uses: Optional[pulumi.Input[builtins.int]] = None,
|
744
|
+
token_period: Optional[pulumi.Input[builtins.int]] = None,
|
745
|
+
token_policies: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
746
|
+
token_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
747
|
+
token_type: Optional[pulumi.Input[builtins.str]] = None,
|
748
|
+
upndomain: Optional[pulumi.Input[builtins.str]] = None,
|
749
|
+
url: Optional[pulumi.Input[builtins.str]] = None,
|
750
|
+
use_token_groups: Optional[pulumi.Input[builtins.bool]] = None,
|
751
|
+
userattr: Optional[pulumi.Input[builtins.str]] = None,
|
752
|
+
userdn: Optional[pulumi.Input[builtins.str]] = None,
|
753
|
+
userfilter: Optional[pulumi.Input[builtins.str]] = None,
|
754
|
+
username_as_alias: Optional[pulumi.Input[builtins.bool]] = None):
|
678
755
|
"""
|
679
756
|
Input properties used for looking up and filtering AuthBackend resources.
|
680
|
-
:param pulumi.Input[str] accessor: The accessor for this auth mount.
|
681
|
-
:param pulumi.Input[str] binddn: DN of object to bind when performing user search
|
682
|
-
:param pulumi.Input[str] bindpass: Password to use with `binddn` when performing user search
|
683
|
-
:param pulumi.Input[bool] case_sensitive_names: Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
|
684
|
-
:param pulumi.Input[str] certificate: Trusted CA to validate TLS certificate
|
685
|
-
:param pulumi.Input[int] connection_timeout: Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in `url` (integer: 30)
|
686
|
-
:param pulumi.Input[bool] deny_null_bind: Prevents users from bypassing authentication when providing an empty password.
|
687
|
-
:param pulumi.Input[str] description: Description for the LDAP auth backend mount
|
688
|
-
:param pulumi.Input[bool]
|
757
|
+
:param pulumi.Input[builtins.str] accessor: The accessor for this auth mount.
|
758
|
+
:param pulumi.Input[builtins.str] binddn: DN of object to bind when performing user search
|
759
|
+
:param pulumi.Input[builtins.str] bindpass: Password to use with `binddn` when performing user search
|
760
|
+
:param pulumi.Input[builtins.bool] case_sensitive_names: Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
|
761
|
+
:param pulumi.Input[builtins.str] certificate: Trusted CA to validate TLS certificate
|
762
|
+
:param pulumi.Input[builtins.int] connection_timeout: Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in `url` (integer: 30)
|
763
|
+
:param pulumi.Input[builtins.bool] deny_null_bind: Prevents users from bypassing authentication when providing an empty password.
|
764
|
+
:param pulumi.Input[builtins.str] description: Description for the LDAP auth backend mount
|
765
|
+
:param pulumi.Input[builtins.bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
766
|
+
:param pulumi.Input[builtins.bool] disable_remount: If set, opts out of mount migration on path updates.
|
689
767
|
See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
|
690
|
-
:param pulumi.Input[bool] discoverdn: Use anonymous bind to discover the bind DN of a user.
|
691
|
-
:param pulumi.Input[str] groupattr: LDAP attribute to follow on objects returned by groupfilter
|
692
|
-
:param pulumi.Input[str] groupdn: Base DN under which to perform group search
|
693
|
-
:param pulumi.Input[str] groupfilter: Go template used to construct group membership query
|
694
|
-
:param pulumi.Input[bool] insecure_tls: Control whether or TLS certificates must be validated
|
695
|
-
:param pulumi.Input[bool] local: Specifies if the auth method is local only.
|
696
|
-
:param pulumi.Input[int] max_page_size: Sets the max page size for LDAP lookups, by default it's set to -1.
|
768
|
+
:param pulumi.Input[builtins.bool] discoverdn: Use anonymous bind to discover the bind DN of a user.
|
769
|
+
:param pulumi.Input[builtins.str] groupattr: LDAP attribute to follow on objects returned by groupfilter
|
770
|
+
:param pulumi.Input[builtins.str] groupdn: Base DN under which to perform group search
|
771
|
+
:param pulumi.Input[builtins.str] groupfilter: Go template used to construct group membership query
|
772
|
+
:param pulumi.Input[builtins.bool] insecure_tls: Control whether or TLS certificates must be validated
|
773
|
+
:param pulumi.Input[builtins.bool] local: Specifies if the auth method is local only.
|
774
|
+
:param pulumi.Input[builtins.int] max_page_size: Sets the max page size for LDAP lookups, by default it's set to -1.
|
697
775
|
*Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+*.
|
698
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
776
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
699
777
|
The value should not contain leading or trailing forward slashes.
|
700
778
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
701
779
|
*Available only for Vault Enterprise*.
|
702
|
-
:param pulumi.Input[str] path: Path to mount the LDAP auth backend under
|
703
|
-
:param pulumi.Input[
|
704
|
-
|
705
|
-
:param pulumi.Input[str]
|
706
|
-
|
707
|
-
:param pulumi.Input[int]
|
708
|
-
|
709
|
-
|
710
|
-
:param pulumi.Input[
|
711
|
-
:param pulumi.Input[
|
712
|
-
:param pulumi.Input[
|
713
|
-
:param pulumi.Input[
|
714
|
-
:param pulumi.Input[
|
715
|
-
:param pulumi.Input[
|
716
|
-
:param pulumi.Input[
|
717
|
-
:param pulumi.Input[
|
718
|
-
:param pulumi.Input[
|
719
|
-
:param pulumi.Input[str]
|
720
|
-
:param pulumi.Input[
|
721
|
-
:param pulumi.Input[
|
780
|
+
:param pulumi.Input[builtins.str] path: Path to mount the LDAP auth backend under
|
781
|
+
:param pulumi.Input[builtins.int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
|
782
|
+
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
783
|
+
:param pulumi.Input[builtins.str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
784
|
+
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
785
|
+
:param pulumi.Input[builtins.int] rotation_window: The maximum amount of time in seconds allowed to complete
|
786
|
+
a rotation when a scheduled token rotation occurs. The default rotation window is
|
787
|
+
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
|
788
|
+
:param pulumi.Input[builtins.bool] starttls: Control use of TLS when conecting to LDAP
|
789
|
+
:param pulumi.Input[builtins.str] tls_max_version: Maximum acceptable version of TLS
|
790
|
+
:param pulumi.Input[builtins.str] tls_min_version: Minimum acceptable version of TLS
|
791
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
|
792
|
+
:param pulumi.Input[builtins.int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
|
793
|
+
:param pulumi.Input[builtins.int] token_max_ttl: The maximum lifetime of the generated token
|
794
|
+
:param pulumi.Input[builtins.bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
|
795
|
+
:param pulumi.Input[builtins.int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
|
796
|
+
:param pulumi.Input[builtins.int] token_period: Generated Token's Period
|
797
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] token_policies: Generated Token's Policies
|
798
|
+
:param pulumi.Input[builtins.int] token_ttl: The initial ttl of the token to generate in seconds
|
799
|
+
:param pulumi.Input[builtins.str] token_type: The type of token to generate, service or batch
|
800
|
+
:param pulumi.Input[builtins.str] upndomain: The `userPrincipalDomain` used to construct the UPN string for the authenticating user.
|
801
|
+
:param pulumi.Input[builtins.str] url: The URL of the LDAP server
|
802
|
+
:param pulumi.Input[builtins.bool] use_token_groups: Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
|
803
|
+
:param pulumi.Input[builtins.str] userattr: Attribute on user object matching username passed in
|
804
|
+
:param pulumi.Input[builtins.str] userdn: Base DN under which to perform user search
|
805
|
+
:param pulumi.Input[builtins.str] userfilter: LDAP user search filter
|
806
|
+
:param pulumi.Input[builtins.bool] username_as_alias: Force the auth method to use the username passed by the user as the alias name.
|
722
807
|
"""
|
723
808
|
if accessor is not None:
|
724
809
|
pulumi.set(__self__, "accessor", accessor)
|
@@ -740,6 +825,8 @@ class _AuthBackendState:
|
|
740
825
|
pulumi.set(__self__, "deny_null_bind", deny_null_bind)
|
741
826
|
if description is not None:
|
742
827
|
pulumi.set(__self__, "description", description)
|
828
|
+
if disable_automated_rotation is not None:
|
829
|
+
pulumi.set(__self__, "disable_automated_rotation", disable_automated_rotation)
|
743
830
|
if disable_remount is not None:
|
744
831
|
pulumi.set(__self__, "disable_remount", disable_remount)
|
745
832
|
if discoverdn is not None:
|
@@ -760,6 +847,12 @@ class _AuthBackendState:
|
|
760
847
|
pulumi.set(__self__, "namespace", namespace)
|
761
848
|
if path is not None:
|
762
849
|
pulumi.set(__self__, "path", path)
|
850
|
+
if rotation_period is not None:
|
851
|
+
pulumi.set(__self__, "rotation_period", rotation_period)
|
852
|
+
if rotation_schedule is not None:
|
853
|
+
pulumi.set(__self__, "rotation_schedule", rotation_schedule)
|
854
|
+
if rotation_window is not None:
|
855
|
+
pulumi.set(__self__, "rotation_window", rotation_window)
|
763
856
|
if starttls is not None:
|
764
857
|
pulumi.set(__self__, "starttls", starttls)
|
765
858
|
if tls_max_version is not None:
|
@@ -801,121 +894,133 @@ class _AuthBackendState:
|
|
801
894
|
|
802
895
|
@property
|
803
896
|
@pulumi.getter
|
804
|
-
def accessor(self) -> Optional[pulumi.Input[str]]:
|
897
|
+
def accessor(self) -> Optional[pulumi.Input[builtins.str]]:
|
805
898
|
"""
|
806
899
|
The accessor for this auth mount.
|
807
900
|
"""
|
808
901
|
return pulumi.get(self, "accessor")
|
809
902
|
|
810
903
|
@accessor.setter
|
811
|
-
def accessor(self, value: Optional[pulumi.Input[str]]):
|
904
|
+
def accessor(self, value: Optional[pulumi.Input[builtins.str]]):
|
812
905
|
pulumi.set(self, "accessor", value)
|
813
906
|
|
814
907
|
@property
|
815
908
|
@pulumi.getter
|
816
|
-
def binddn(self) -> Optional[pulumi.Input[str]]:
|
909
|
+
def binddn(self) -> Optional[pulumi.Input[builtins.str]]:
|
817
910
|
"""
|
818
911
|
DN of object to bind when performing user search
|
819
912
|
"""
|
820
913
|
return pulumi.get(self, "binddn")
|
821
914
|
|
822
915
|
@binddn.setter
|
823
|
-
def binddn(self, value: Optional[pulumi.Input[str]]):
|
916
|
+
def binddn(self, value: Optional[pulumi.Input[builtins.str]]):
|
824
917
|
pulumi.set(self, "binddn", value)
|
825
918
|
|
826
919
|
@property
|
827
920
|
@pulumi.getter
|
828
|
-
def bindpass(self) -> Optional[pulumi.Input[str]]:
|
921
|
+
def bindpass(self) -> Optional[pulumi.Input[builtins.str]]:
|
829
922
|
"""
|
830
923
|
Password to use with `binddn` when performing user search
|
831
924
|
"""
|
832
925
|
return pulumi.get(self, "bindpass")
|
833
926
|
|
834
927
|
@bindpass.setter
|
835
|
-
def bindpass(self, value: Optional[pulumi.Input[str]]):
|
928
|
+
def bindpass(self, value: Optional[pulumi.Input[builtins.str]]):
|
836
929
|
pulumi.set(self, "bindpass", value)
|
837
930
|
|
838
931
|
@property
|
839
932
|
@pulumi.getter(name="caseSensitiveNames")
|
840
|
-
def case_sensitive_names(self) -> Optional[pulumi.Input[bool]]:
|
933
|
+
def case_sensitive_names(self) -> Optional[pulumi.Input[builtins.bool]]:
|
841
934
|
"""
|
842
935
|
Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
|
843
936
|
"""
|
844
937
|
return pulumi.get(self, "case_sensitive_names")
|
845
938
|
|
846
939
|
@case_sensitive_names.setter
|
847
|
-
def case_sensitive_names(self, value: Optional[pulumi.Input[bool]]):
|
940
|
+
def case_sensitive_names(self, value: Optional[pulumi.Input[builtins.bool]]):
|
848
941
|
pulumi.set(self, "case_sensitive_names", value)
|
849
942
|
|
850
943
|
@property
|
851
944
|
@pulumi.getter
|
852
|
-
def certificate(self) -> Optional[pulumi.Input[str]]:
|
945
|
+
def certificate(self) -> Optional[pulumi.Input[builtins.str]]:
|
853
946
|
"""
|
854
947
|
Trusted CA to validate TLS certificate
|
855
948
|
"""
|
856
949
|
return pulumi.get(self, "certificate")
|
857
950
|
|
858
951
|
@certificate.setter
|
859
|
-
def certificate(self, value: Optional[pulumi.Input[str]]):
|
952
|
+
def certificate(self, value: Optional[pulumi.Input[builtins.str]]):
|
860
953
|
pulumi.set(self, "certificate", value)
|
861
954
|
|
862
955
|
@property
|
863
956
|
@pulumi.getter(name="clientTlsCert")
|
864
|
-
def client_tls_cert(self) -> Optional[pulumi.Input[str]]:
|
957
|
+
def client_tls_cert(self) -> Optional[pulumi.Input[builtins.str]]:
|
865
958
|
return pulumi.get(self, "client_tls_cert")
|
866
959
|
|
867
960
|
@client_tls_cert.setter
|
868
|
-
def client_tls_cert(self, value: Optional[pulumi.Input[str]]):
|
961
|
+
def client_tls_cert(self, value: Optional[pulumi.Input[builtins.str]]):
|
869
962
|
pulumi.set(self, "client_tls_cert", value)
|
870
963
|
|
871
964
|
@property
|
872
965
|
@pulumi.getter(name="clientTlsKey")
|
873
|
-
def client_tls_key(self) -> Optional[pulumi.Input[str]]:
|
966
|
+
def client_tls_key(self) -> Optional[pulumi.Input[builtins.str]]:
|
874
967
|
return pulumi.get(self, "client_tls_key")
|
875
968
|
|
876
969
|
@client_tls_key.setter
|
877
|
-
def client_tls_key(self, value: Optional[pulumi.Input[str]]):
|
970
|
+
def client_tls_key(self, value: Optional[pulumi.Input[builtins.str]]):
|
878
971
|
pulumi.set(self, "client_tls_key", value)
|
879
972
|
|
880
973
|
@property
|
881
974
|
@pulumi.getter(name="connectionTimeout")
|
882
|
-
def connection_timeout(self) -> Optional[pulumi.Input[int]]:
|
975
|
+
def connection_timeout(self) -> Optional[pulumi.Input[builtins.int]]:
|
883
976
|
"""
|
884
977
|
Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in `url` (integer: 30)
|
885
978
|
"""
|
886
979
|
return pulumi.get(self, "connection_timeout")
|
887
980
|
|
888
981
|
@connection_timeout.setter
|
889
|
-
def connection_timeout(self, value: Optional[pulumi.Input[int]]):
|
982
|
+
def connection_timeout(self, value: Optional[pulumi.Input[builtins.int]]):
|
890
983
|
pulumi.set(self, "connection_timeout", value)
|
891
984
|
|
892
985
|
@property
|
893
986
|
@pulumi.getter(name="denyNullBind")
|
894
|
-
def deny_null_bind(self) -> Optional[pulumi.Input[bool]]:
|
987
|
+
def deny_null_bind(self) -> Optional[pulumi.Input[builtins.bool]]:
|
895
988
|
"""
|
896
989
|
Prevents users from bypassing authentication when providing an empty password.
|
897
990
|
"""
|
898
991
|
return pulumi.get(self, "deny_null_bind")
|
899
992
|
|
900
993
|
@deny_null_bind.setter
|
901
|
-
def deny_null_bind(self, value: Optional[pulumi.Input[bool]]):
|
994
|
+
def deny_null_bind(self, value: Optional[pulumi.Input[builtins.bool]]):
|
902
995
|
pulumi.set(self, "deny_null_bind", value)
|
903
996
|
|
904
997
|
@property
|
905
998
|
@pulumi.getter
|
906
|
-
def description(self) -> Optional[pulumi.Input[str]]:
|
999
|
+
def description(self) -> Optional[pulumi.Input[builtins.str]]:
|
907
1000
|
"""
|
908
1001
|
Description for the LDAP auth backend mount
|
909
1002
|
"""
|
910
1003
|
return pulumi.get(self, "description")
|
911
1004
|
|
912
1005
|
@description.setter
|
913
|
-
def description(self, value: Optional[pulumi.Input[str]]):
|
1006
|
+
def description(self, value: Optional[pulumi.Input[builtins.str]]):
|
914
1007
|
pulumi.set(self, "description", value)
|
915
1008
|
|
1009
|
+
@property
|
1010
|
+
@pulumi.getter(name="disableAutomatedRotation")
|
1011
|
+
def disable_automated_rotation(self) -> Optional[pulumi.Input[builtins.bool]]:
|
1012
|
+
"""
|
1013
|
+
Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
1014
|
+
"""
|
1015
|
+
return pulumi.get(self, "disable_automated_rotation")
|
1016
|
+
|
1017
|
+
@disable_automated_rotation.setter
|
1018
|
+
def disable_automated_rotation(self, value: Optional[pulumi.Input[builtins.bool]]):
|
1019
|
+
pulumi.set(self, "disable_automated_rotation", value)
|
1020
|
+
|
916
1021
|
@property
|
917
1022
|
@pulumi.getter(name="disableRemount")
|
918
|
-
def disable_remount(self) -> Optional[pulumi.Input[bool]]:
|
1023
|
+
def disable_remount(self) -> Optional[pulumi.Input[builtins.bool]]:
|
919
1024
|
"""
|
920
1025
|
If set, opts out of mount migration on path updates.
|
921
1026
|
See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
|
@@ -923,84 +1028,84 @@ class _AuthBackendState:
|
|
923
1028
|
return pulumi.get(self, "disable_remount")
|
924
1029
|
|
925
1030
|
@disable_remount.setter
|
926
|
-
def disable_remount(self, value: Optional[pulumi.Input[bool]]):
|
1031
|
+
def disable_remount(self, value: Optional[pulumi.Input[builtins.bool]]):
|
927
1032
|
pulumi.set(self, "disable_remount", value)
|
928
1033
|
|
929
1034
|
@property
|
930
1035
|
@pulumi.getter
|
931
|
-
def discoverdn(self) -> Optional[pulumi.Input[bool]]:
|
1036
|
+
def discoverdn(self) -> Optional[pulumi.Input[builtins.bool]]:
|
932
1037
|
"""
|
933
1038
|
Use anonymous bind to discover the bind DN of a user.
|
934
1039
|
"""
|
935
1040
|
return pulumi.get(self, "discoverdn")
|
936
1041
|
|
937
1042
|
@discoverdn.setter
|
938
|
-
def discoverdn(self, value: Optional[pulumi.Input[bool]]):
|
1043
|
+
def discoverdn(self, value: Optional[pulumi.Input[builtins.bool]]):
|
939
1044
|
pulumi.set(self, "discoverdn", value)
|
940
1045
|
|
941
1046
|
@property
|
942
1047
|
@pulumi.getter
|
943
|
-
def groupattr(self) -> Optional[pulumi.Input[str]]:
|
1048
|
+
def groupattr(self) -> Optional[pulumi.Input[builtins.str]]:
|
944
1049
|
"""
|
945
1050
|
LDAP attribute to follow on objects returned by groupfilter
|
946
1051
|
"""
|
947
1052
|
return pulumi.get(self, "groupattr")
|
948
1053
|
|
949
1054
|
@groupattr.setter
|
950
|
-
def groupattr(self, value: Optional[pulumi.Input[str]]):
|
1055
|
+
def groupattr(self, value: Optional[pulumi.Input[builtins.str]]):
|
951
1056
|
pulumi.set(self, "groupattr", value)
|
952
1057
|
|
953
1058
|
@property
|
954
1059
|
@pulumi.getter
|
955
|
-
def groupdn(self) -> Optional[pulumi.Input[str]]:
|
1060
|
+
def groupdn(self) -> Optional[pulumi.Input[builtins.str]]:
|
956
1061
|
"""
|
957
1062
|
Base DN under which to perform group search
|
958
1063
|
"""
|
959
1064
|
return pulumi.get(self, "groupdn")
|
960
1065
|
|
961
1066
|
@groupdn.setter
|
962
|
-
def groupdn(self, value: Optional[pulumi.Input[str]]):
|
1067
|
+
def groupdn(self, value: Optional[pulumi.Input[builtins.str]]):
|
963
1068
|
pulumi.set(self, "groupdn", value)
|
964
1069
|
|
965
1070
|
@property
|
966
1071
|
@pulumi.getter
|
967
|
-
def groupfilter(self) -> Optional[pulumi.Input[str]]:
|
1072
|
+
def groupfilter(self) -> Optional[pulumi.Input[builtins.str]]:
|
968
1073
|
"""
|
969
1074
|
Go template used to construct group membership query
|
970
1075
|
"""
|
971
1076
|
return pulumi.get(self, "groupfilter")
|
972
1077
|
|
973
1078
|
@groupfilter.setter
|
974
|
-
def groupfilter(self, value: Optional[pulumi.Input[str]]):
|
1079
|
+
def groupfilter(self, value: Optional[pulumi.Input[builtins.str]]):
|
975
1080
|
pulumi.set(self, "groupfilter", value)
|
976
1081
|
|
977
1082
|
@property
|
978
1083
|
@pulumi.getter(name="insecureTls")
|
979
|
-
def insecure_tls(self) -> Optional[pulumi.Input[bool]]:
|
1084
|
+
def insecure_tls(self) -> Optional[pulumi.Input[builtins.bool]]:
|
980
1085
|
"""
|
981
1086
|
Control whether or TLS certificates must be validated
|
982
1087
|
"""
|
983
1088
|
return pulumi.get(self, "insecure_tls")
|
984
1089
|
|
985
1090
|
@insecure_tls.setter
|
986
|
-
def insecure_tls(self, value: Optional[pulumi.Input[bool]]):
|
1091
|
+
def insecure_tls(self, value: Optional[pulumi.Input[builtins.bool]]):
|
987
1092
|
pulumi.set(self, "insecure_tls", value)
|
988
1093
|
|
989
1094
|
@property
|
990
1095
|
@pulumi.getter
|
991
|
-
def local(self) -> Optional[pulumi.Input[bool]]:
|
1096
|
+
def local(self) -> Optional[pulumi.Input[builtins.bool]]:
|
992
1097
|
"""
|
993
1098
|
Specifies if the auth method is local only.
|
994
1099
|
"""
|
995
1100
|
return pulumi.get(self, "local")
|
996
1101
|
|
997
1102
|
@local.setter
|
998
|
-
def local(self, value: Optional[pulumi.Input[bool]]):
|
1103
|
+
def local(self, value: Optional[pulumi.Input[builtins.bool]]):
|
999
1104
|
pulumi.set(self, "local", value)
|
1000
1105
|
|
1001
1106
|
@property
|
1002
1107
|
@pulumi.getter(name="maxPageSize")
|
1003
|
-
def max_page_size(self) -> Optional[pulumi.Input[int]]:
|
1108
|
+
def max_page_size(self) -> Optional[pulumi.Input[builtins.int]]:
|
1004
1109
|
"""
|
1005
1110
|
Sets the max page size for LDAP lookups, by default it's set to -1.
|
1006
1111
|
*Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+*.
|
@@ -1008,12 +1113,12 @@ class _AuthBackendState:
|
|
1008
1113
|
return pulumi.get(self, "max_page_size")
|
1009
1114
|
|
1010
1115
|
@max_page_size.setter
|
1011
|
-
def max_page_size(self, value: Optional[pulumi.Input[int]]):
|
1116
|
+
def max_page_size(self, value: Optional[pulumi.Input[builtins.int]]):
|
1012
1117
|
pulumi.set(self, "max_page_size", value)
|
1013
1118
|
|
1014
1119
|
@property
|
1015
1120
|
@pulumi.getter
|
1016
|
-
def namespace(self) -> Optional[pulumi.Input[str]]:
|
1121
|
+
def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
|
1017
1122
|
"""
|
1018
1123
|
The namespace to provision the resource in.
|
1019
1124
|
The value should not contain leading or trailing forward slashes.
|
@@ -1023,247 +1128,287 @@ class _AuthBackendState:
|
|
1023
1128
|
return pulumi.get(self, "namespace")
|
1024
1129
|
|
1025
1130
|
@namespace.setter
|
1026
|
-
def namespace(self, value: Optional[pulumi.Input[str]]):
|
1131
|
+
def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
|
1027
1132
|
pulumi.set(self, "namespace", value)
|
1028
1133
|
|
1029
1134
|
@property
|
1030
1135
|
@pulumi.getter
|
1031
|
-
def path(self) -> Optional[pulumi.Input[str]]:
|
1136
|
+
def path(self) -> Optional[pulumi.Input[builtins.str]]:
|
1032
1137
|
"""
|
1033
1138
|
Path to mount the LDAP auth backend under
|
1034
1139
|
"""
|
1035
1140
|
return pulumi.get(self, "path")
|
1036
1141
|
|
1037
1142
|
@path.setter
|
1038
|
-
def path(self, value: Optional[pulumi.Input[str]]):
|
1143
|
+
def path(self, value: Optional[pulumi.Input[builtins.str]]):
|
1039
1144
|
pulumi.set(self, "path", value)
|
1040
1145
|
|
1146
|
+
@property
|
1147
|
+
@pulumi.getter(name="rotationPeriod")
|
1148
|
+
def rotation_period(self) -> Optional[pulumi.Input[builtins.int]]:
|
1149
|
+
"""
|
1150
|
+
The amount of time in seconds Vault should wait before rotating the root credential.
|
1151
|
+
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
1152
|
+
"""
|
1153
|
+
return pulumi.get(self, "rotation_period")
|
1154
|
+
|
1155
|
+
@rotation_period.setter
|
1156
|
+
def rotation_period(self, value: Optional[pulumi.Input[builtins.int]]):
|
1157
|
+
pulumi.set(self, "rotation_period", value)
|
1158
|
+
|
1159
|
+
@property
|
1160
|
+
@pulumi.getter(name="rotationSchedule")
|
1161
|
+
def rotation_schedule(self) -> Optional[pulumi.Input[builtins.str]]:
|
1162
|
+
"""
|
1163
|
+
The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
1164
|
+
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
1165
|
+
"""
|
1166
|
+
return pulumi.get(self, "rotation_schedule")
|
1167
|
+
|
1168
|
+
@rotation_schedule.setter
|
1169
|
+
def rotation_schedule(self, value: Optional[pulumi.Input[builtins.str]]):
|
1170
|
+
pulumi.set(self, "rotation_schedule", value)
|
1171
|
+
|
1172
|
+
@property
|
1173
|
+
@pulumi.getter(name="rotationWindow")
|
1174
|
+
def rotation_window(self) -> Optional[pulumi.Input[builtins.int]]:
|
1175
|
+
"""
|
1176
|
+
The maximum amount of time in seconds allowed to complete
|
1177
|
+
a rotation when a scheduled token rotation occurs. The default rotation window is
|
1178
|
+
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
|
1179
|
+
"""
|
1180
|
+
return pulumi.get(self, "rotation_window")
|
1181
|
+
|
1182
|
+
@rotation_window.setter
|
1183
|
+
def rotation_window(self, value: Optional[pulumi.Input[builtins.int]]):
|
1184
|
+
pulumi.set(self, "rotation_window", value)
|
1185
|
+
|
1041
1186
|
@property
|
1042
1187
|
@pulumi.getter
|
1043
|
-
def starttls(self) -> Optional[pulumi.Input[bool]]:
|
1188
|
+
def starttls(self) -> Optional[pulumi.Input[builtins.bool]]:
|
1044
1189
|
"""
|
1045
1190
|
Control use of TLS when conecting to LDAP
|
1046
1191
|
"""
|
1047
1192
|
return pulumi.get(self, "starttls")
|
1048
1193
|
|
1049
1194
|
@starttls.setter
|
1050
|
-
def starttls(self, value: Optional[pulumi.Input[bool]]):
|
1195
|
+
def starttls(self, value: Optional[pulumi.Input[builtins.bool]]):
|
1051
1196
|
pulumi.set(self, "starttls", value)
|
1052
1197
|
|
1053
1198
|
@property
|
1054
1199
|
@pulumi.getter(name="tlsMaxVersion")
|
1055
|
-
def tls_max_version(self) -> Optional[pulumi.Input[str]]:
|
1200
|
+
def tls_max_version(self) -> Optional[pulumi.Input[builtins.str]]:
|
1056
1201
|
"""
|
1057
1202
|
Maximum acceptable version of TLS
|
1058
1203
|
"""
|
1059
1204
|
return pulumi.get(self, "tls_max_version")
|
1060
1205
|
|
1061
1206
|
@tls_max_version.setter
|
1062
|
-
def tls_max_version(self, value: Optional[pulumi.Input[str]]):
|
1207
|
+
def tls_max_version(self, value: Optional[pulumi.Input[builtins.str]]):
|
1063
1208
|
pulumi.set(self, "tls_max_version", value)
|
1064
1209
|
|
1065
1210
|
@property
|
1066
1211
|
@pulumi.getter(name="tlsMinVersion")
|
1067
|
-
def tls_min_version(self) -> Optional[pulumi.Input[str]]:
|
1212
|
+
def tls_min_version(self) -> Optional[pulumi.Input[builtins.str]]:
|
1068
1213
|
"""
|
1069
1214
|
Minimum acceptable version of TLS
|
1070
1215
|
"""
|
1071
1216
|
return pulumi.get(self, "tls_min_version")
|
1072
1217
|
|
1073
1218
|
@tls_min_version.setter
|
1074
|
-
def tls_min_version(self, value: Optional[pulumi.Input[str]]):
|
1219
|
+
def tls_min_version(self, value: Optional[pulumi.Input[builtins.str]]):
|
1075
1220
|
pulumi.set(self, "tls_min_version", value)
|
1076
1221
|
|
1077
1222
|
@property
|
1078
1223
|
@pulumi.getter(name="tokenBoundCidrs")
|
1079
|
-
def token_bound_cidrs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
1224
|
+
def token_bound_cidrs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
1080
1225
|
"""
|
1081
1226
|
Specifies the blocks of IP addresses which are allowed to use the generated token
|
1082
1227
|
"""
|
1083
1228
|
return pulumi.get(self, "token_bound_cidrs")
|
1084
1229
|
|
1085
1230
|
@token_bound_cidrs.setter
|
1086
|
-
def token_bound_cidrs(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
1231
|
+
def token_bound_cidrs(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
1087
1232
|
pulumi.set(self, "token_bound_cidrs", value)
|
1088
1233
|
|
1089
1234
|
@property
|
1090
1235
|
@pulumi.getter(name="tokenExplicitMaxTtl")
|
1091
|
-
def token_explicit_max_ttl(self) -> Optional[pulumi.Input[int]]:
|
1236
|
+
def token_explicit_max_ttl(self) -> Optional[pulumi.Input[builtins.int]]:
|
1092
1237
|
"""
|
1093
1238
|
Generated Token's Explicit Maximum TTL in seconds
|
1094
1239
|
"""
|
1095
1240
|
return pulumi.get(self, "token_explicit_max_ttl")
|
1096
1241
|
|
1097
1242
|
@token_explicit_max_ttl.setter
|
1098
|
-
def token_explicit_max_ttl(self, value: Optional[pulumi.Input[int]]):
|
1243
|
+
def token_explicit_max_ttl(self, value: Optional[pulumi.Input[builtins.int]]):
|
1099
1244
|
pulumi.set(self, "token_explicit_max_ttl", value)
|
1100
1245
|
|
1101
1246
|
@property
|
1102
1247
|
@pulumi.getter(name="tokenMaxTtl")
|
1103
|
-
def token_max_ttl(self) -> Optional[pulumi.Input[int]]:
|
1248
|
+
def token_max_ttl(self) -> Optional[pulumi.Input[builtins.int]]:
|
1104
1249
|
"""
|
1105
1250
|
The maximum lifetime of the generated token
|
1106
1251
|
"""
|
1107
1252
|
return pulumi.get(self, "token_max_ttl")
|
1108
1253
|
|
1109
1254
|
@token_max_ttl.setter
|
1110
|
-
def token_max_ttl(self, value: Optional[pulumi.Input[int]]):
|
1255
|
+
def token_max_ttl(self, value: Optional[pulumi.Input[builtins.int]]):
|
1111
1256
|
pulumi.set(self, "token_max_ttl", value)
|
1112
1257
|
|
1113
1258
|
@property
|
1114
1259
|
@pulumi.getter(name="tokenNoDefaultPolicy")
|
1115
|
-
def token_no_default_policy(self) -> Optional[pulumi.Input[bool]]:
|
1260
|
+
def token_no_default_policy(self) -> Optional[pulumi.Input[builtins.bool]]:
|
1116
1261
|
"""
|
1117
1262
|
If true, the 'default' policy will not automatically be added to generated tokens
|
1118
1263
|
"""
|
1119
1264
|
return pulumi.get(self, "token_no_default_policy")
|
1120
1265
|
|
1121
1266
|
@token_no_default_policy.setter
|
1122
|
-
def token_no_default_policy(self, value: Optional[pulumi.Input[bool]]):
|
1267
|
+
def token_no_default_policy(self, value: Optional[pulumi.Input[builtins.bool]]):
|
1123
1268
|
pulumi.set(self, "token_no_default_policy", value)
|
1124
1269
|
|
1125
1270
|
@property
|
1126
1271
|
@pulumi.getter(name="tokenNumUses")
|
1127
|
-
def token_num_uses(self) -> Optional[pulumi.Input[int]]:
|
1272
|
+
def token_num_uses(self) -> Optional[pulumi.Input[builtins.int]]:
|
1128
1273
|
"""
|
1129
1274
|
The maximum number of times a token may be used, a value of zero means unlimited
|
1130
1275
|
"""
|
1131
1276
|
return pulumi.get(self, "token_num_uses")
|
1132
1277
|
|
1133
1278
|
@token_num_uses.setter
|
1134
|
-
def token_num_uses(self, value: Optional[pulumi.Input[int]]):
|
1279
|
+
def token_num_uses(self, value: Optional[pulumi.Input[builtins.int]]):
|
1135
1280
|
pulumi.set(self, "token_num_uses", value)
|
1136
1281
|
|
1137
1282
|
@property
|
1138
1283
|
@pulumi.getter(name="tokenPeriod")
|
1139
|
-
def token_period(self) -> Optional[pulumi.Input[int]]:
|
1284
|
+
def token_period(self) -> Optional[pulumi.Input[builtins.int]]:
|
1140
1285
|
"""
|
1141
1286
|
Generated Token's Period
|
1142
1287
|
"""
|
1143
1288
|
return pulumi.get(self, "token_period")
|
1144
1289
|
|
1145
1290
|
@token_period.setter
|
1146
|
-
def token_period(self, value: Optional[pulumi.Input[int]]):
|
1291
|
+
def token_period(self, value: Optional[pulumi.Input[builtins.int]]):
|
1147
1292
|
pulumi.set(self, "token_period", value)
|
1148
1293
|
|
1149
1294
|
@property
|
1150
1295
|
@pulumi.getter(name="tokenPolicies")
|
1151
|
-
def token_policies(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
1296
|
+
def token_policies(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
1152
1297
|
"""
|
1153
1298
|
Generated Token's Policies
|
1154
1299
|
"""
|
1155
1300
|
return pulumi.get(self, "token_policies")
|
1156
1301
|
|
1157
1302
|
@token_policies.setter
|
1158
|
-
def token_policies(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
1303
|
+
def token_policies(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
1159
1304
|
pulumi.set(self, "token_policies", value)
|
1160
1305
|
|
1161
1306
|
@property
|
1162
1307
|
@pulumi.getter(name="tokenTtl")
|
1163
|
-
def token_ttl(self) -> Optional[pulumi.Input[int]]:
|
1308
|
+
def token_ttl(self) -> Optional[pulumi.Input[builtins.int]]:
|
1164
1309
|
"""
|
1165
1310
|
The initial ttl of the token to generate in seconds
|
1166
1311
|
"""
|
1167
1312
|
return pulumi.get(self, "token_ttl")
|
1168
1313
|
|
1169
1314
|
@token_ttl.setter
|
1170
|
-
def token_ttl(self, value: Optional[pulumi.Input[int]]):
|
1315
|
+
def token_ttl(self, value: Optional[pulumi.Input[builtins.int]]):
|
1171
1316
|
pulumi.set(self, "token_ttl", value)
|
1172
1317
|
|
1173
1318
|
@property
|
1174
1319
|
@pulumi.getter(name="tokenType")
|
1175
|
-
def token_type(self) -> Optional[pulumi.Input[str]]:
|
1320
|
+
def token_type(self) -> Optional[pulumi.Input[builtins.str]]:
|
1176
1321
|
"""
|
1177
1322
|
The type of token to generate, service or batch
|
1178
1323
|
"""
|
1179
1324
|
return pulumi.get(self, "token_type")
|
1180
1325
|
|
1181
1326
|
@token_type.setter
|
1182
|
-
def token_type(self, value: Optional[pulumi.Input[str]]):
|
1327
|
+
def token_type(self, value: Optional[pulumi.Input[builtins.str]]):
|
1183
1328
|
pulumi.set(self, "token_type", value)
|
1184
1329
|
|
1185
1330
|
@property
|
1186
1331
|
@pulumi.getter
|
1187
|
-
def upndomain(self) -> Optional[pulumi.Input[str]]:
|
1332
|
+
def upndomain(self) -> Optional[pulumi.Input[builtins.str]]:
|
1188
1333
|
"""
|
1189
1334
|
The `userPrincipalDomain` used to construct the UPN string for the authenticating user.
|
1190
1335
|
"""
|
1191
1336
|
return pulumi.get(self, "upndomain")
|
1192
1337
|
|
1193
1338
|
@upndomain.setter
|
1194
|
-
def upndomain(self, value: Optional[pulumi.Input[str]]):
|
1339
|
+
def upndomain(self, value: Optional[pulumi.Input[builtins.str]]):
|
1195
1340
|
pulumi.set(self, "upndomain", value)
|
1196
1341
|
|
1197
1342
|
@property
|
1198
1343
|
@pulumi.getter
|
1199
|
-
def url(self) -> Optional[pulumi.Input[str]]:
|
1344
|
+
def url(self) -> Optional[pulumi.Input[builtins.str]]:
|
1200
1345
|
"""
|
1201
1346
|
The URL of the LDAP server
|
1202
1347
|
"""
|
1203
1348
|
return pulumi.get(self, "url")
|
1204
1349
|
|
1205
1350
|
@url.setter
|
1206
|
-
def url(self, value: Optional[pulumi.Input[str]]):
|
1351
|
+
def url(self, value: Optional[pulumi.Input[builtins.str]]):
|
1207
1352
|
pulumi.set(self, "url", value)
|
1208
1353
|
|
1209
1354
|
@property
|
1210
1355
|
@pulumi.getter(name="useTokenGroups")
|
1211
|
-
def use_token_groups(self) -> Optional[pulumi.Input[bool]]:
|
1356
|
+
def use_token_groups(self) -> Optional[pulumi.Input[builtins.bool]]:
|
1212
1357
|
"""
|
1213
1358
|
Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
|
1214
1359
|
"""
|
1215
1360
|
return pulumi.get(self, "use_token_groups")
|
1216
1361
|
|
1217
1362
|
@use_token_groups.setter
|
1218
|
-
def use_token_groups(self, value: Optional[pulumi.Input[bool]]):
|
1363
|
+
def use_token_groups(self, value: Optional[pulumi.Input[builtins.bool]]):
|
1219
1364
|
pulumi.set(self, "use_token_groups", value)
|
1220
1365
|
|
1221
1366
|
@property
|
1222
1367
|
@pulumi.getter
|
1223
|
-
def userattr(self) -> Optional[pulumi.Input[str]]:
|
1368
|
+
def userattr(self) -> Optional[pulumi.Input[builtins.str]]:
|
1224
1369
|
"""
|
1225
1370
|
Attribute on user object matching username passed in
|
1226
1371
|
"""
|
1227
1372
|
return pulumi.get(self, "userattr")
|
1228
1373
|
|
1229
1374
|
@userattr.setter
|
1230
|
-
def userattr(self, value: Optional[pulumi.Input[str]]):
|
1375
|
+
def userattr(self, value: Optional[pulumi.Input[builtins.str]]):
|
1231
1376
|
pulumi.set(self, "userattr", value)
|
1232
1377
|
|
1233
1378
|
@property
|
1234
1379
|
@pulumi.getter
|
1235
|
-
def userdn(self) -> Optional[pulumi.Input[str]]:
|
1380
|
+
def userdn(self) -> Optional[pulumi.Input[builtins.str]]:
|
1236
1381
|
"""
|
1237
1382
|
Base DN under which to perform user search
|
1238
1383
|
"""
|
1239
1384
|
return pulumi.get(self, "userdn")
|
1240
1385
|
|
1241
1386
|
@userdn.setter
|
1242
|
-
def userdn(self, value: Optional[pulumi.Input[str]]):
|
1387
|
+
def userdn(self, value: Optional[pulumi.Input[builtins.str]]):
|
1243
1388
|
pulumi.set(self, "userdn", value)
|
1244
1389
|
|
1245
1390
|
@property
|
1246
1391
|
@pulumi.getter
|
1247
|
-
def userfilter(self) -> Optional[pulumi.Input[str]]:
|
1392
|
+
def userfilter(self) -> Optional[pulumi.Input[builtins.str]]:
|
1248
1393
|
"""
|
1249
1394
|
LDAP user search filter
|
1250
1395
|
"""
|
1251
1396
|
return pulumi.get(self, "userfilter")
|
1252
1397
|
|
1253
1398
|
@userfilter.setter
|
1254
|
-
def userfilter(self, value: Optional[pulumi.Input[str]]):
|
1399
|
+
def userfilter(self, value: Optional[pulumi.Input[builtins.str]]):
|
1255
1400
|
pulumi.set(self, "userfilter", value)
|
1256
1401
|
|
1257
1402
|
@property
|
1258
1403
|
@pulumi.getter(name="usernameAsAlias")
|
1259
|
-
def username_as_alias(self) -> Optional[pulumi.Input[bool]]:
|
1404
|
+
def username_as_alias(self) -> Optional[pulumi.Input[builtins.bool]]:
|
1260
1405
|
"""
|
1261
1406
|
Force the auth method to use the username passed by the user as the alias name.
|
1262
1407
|
"""
|
1263
1408
|
return pulumi.get(self, "username_as_alias")
|
1264
1409
|
|
1265
1410
|
@username_as_alias.setter
|
1266
|
-
def username_as_alias(self, value: Optional[pulumi.Input[bool]]):
|
1411
|
+
def username_as_alias(self, value: Optional[pulumi.Input[builtins.bool]]):
|
1267
1412
|
pulumi.set(self, "username_as_alias", value)
|
1268
1413
|
|
1269
1414
|
|
@@ -1272,44 +1417,48 @@ class AuthBackend(pulumi.CustomResource):
|
|
1272
1417
|
def __init__(__self__,
|
1273
1418
|
resource_name: str,
|
1274
1419
|
opts: Optional[pulumi.ResourceOptions] = None,
|
1275
|
-
binddn: Optional[pulumi.Input[str]] = None,
|
1276
|
-
bindpass: Optional[pulumi.Input[str]] = None,
|
1277
|
-
case_sensitive_names: Optional[pulumi.Input[bool]] = None,
|
1278
|
-
certificate: Optional[pulumi.Input[str]] = None,
|
1279
|
-
client_tls_cert: Optional[pulumi.Input[str]] = None,
|
1280
|
-
client_tls_key: Optional[pulumi.Input[str]] = None,
|
1281
|
-
connection_timeout: Optional[pulumi.Input[int]] = None,
|
1282
|
-
deny_null_bind: Optional[pulumi.Input[bool]] = None,
|
1283
|
-
description: Optional[pulumi.Input[str]] = None,
|
1284
|
-
|
1285
|
-
|
1286
|
-
|
1287
|
-
|
1288
|
-
|
1289
|
-
|
1290
|
-
|
1291
|
-
|
1292
|
-
|
1293
|
-
|
1294
|
-
|
1295
|
-
|
1296
|
-
|
1297
|
-
|
1298
|
-
|
1299
|
-
|
1300
|
-
|
1301
|
-
|
1302
|
-
|
1303
|
-
|
1304
|
-
|
1305
|
-
|
1306
|
-
|
1307
|
-
|
1308
|
-
|
1309
|
-
|
1310
|
-
|
1311
|
-
|
1312
|
-
|
1420
|
+
binddn: Optional[pulumi.Input[builtins.str]] = None,
|
1421
|
+
bindpass: Optional[pulumi.Input[builtins.str]] = None,
|
1422
|
+
case_sensitive_names: Optional[pulumi.Input[builtins.bool]] = None,
|
1423
|
+
certificate: Optional[pulumi.Input[builtins.str]] = None,
|
1424
|
+
client_tls_cert: Optional[pulumi.Input[builtins.str]] = None,
|
1425
|
+
client_tls_key: Optional[pulumi.Input[builtins.str]] = None,
|
1426
|
+
connection_timeout: Optional[pulumi.Input[builtins.int]] = None,
|
1427
|
+
deny_null_bind: Optional[pulumi.Input[builtins.bool]] = None,
|
1428
|
+
description: Optional[pulumi.Input[builtins.str]] = None,
|
1429
|
+
disable_automated_rotation: Optional[pulumi.Input[builtins.bool]] = None,
|
1430
|
+
disable_remount: Optional[pulumi.Input[builtins.bool]] = None,
|
1431
|
+
discoverdn: Optional[pulumi.Input[builtins.bool]] = None,
|
1432
|
+
groupattr: Optional[pulumi.Input[builtins.str]] = None,
|
1433
|
+
groupdn: Optional[pulumi.Input[builtins.str]] = None,
|
1434
|
+
groupfilter: Optional[pulumi.Input[builtins.str]] = None,
|
1435
|
+
insecure_tls: Optional[pulumi.Input[builtins.bool]] = None,
|
1436
|
+
local: Optional[pulumi.Input[builtins.bool]] = None,
|
1437
|
+
max_page_size: Optional[pulumi.Input[builtins.int]] = None,
|
1438
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
1439
|
+
path: Optional[pulumi.Input[builtins.str]] = None,
|
1440
|
+
rotation_period: Optional[pulumi.Input[builtins.int]] = None,
|
1441
|
+
rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
|
1442
|
+
rotation_window: Optional[pulumi.Input[builtins.int]] = None,
|
1443
|
+
starttls: Optional[pulumi.Input[builtins.bool]] = None,
|
1444
|
+
tls_max_version: Optional[pulumi.Input[builtins.str]] = None,
|
1445
|
+
tls_min_version: Optional[pulumi.Input[builtins.str]] = None,
|
1446
|
+
token_bound_cidrs: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1447
|
+
token_explicit_max_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
1448
|
+
token_max_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
1449
|
+
token_no_default_policy: Optional[pulumi.Input[builtins.bool]] = None,
|
1450
|
+
token_num_uses: Optional[pulumi.Input[builtins.int]] = None,
|
1451
|
+
token_period: Optional[pulumi.Input[builtins.int]] = None,
|
1452
|
+
token_policies: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1453
|
+
token_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
1454
|
+
token_type: Optional[pulumi.Input[builtins.str]] = None,
|
1455
|
+
upndomain: Optional[pulumi.Input[builtins.str]] = None,
|
1456
|
+
url: Optional[pulumi.Input[builtins.str]] = None,
|
1457
|
+
use_token_groups: Optional[pulumi.Input[builtins.bool]] = None,
|
1458
|
+
userattr: Optional[pulumi.Input[builtins.str]] = None,
|
1459
|
+
userdn: Optional[pulumi.Input[builtins.str]] = None,
|
1460
|
+
userfilter: Optional[pulumi.Input[builtins.str]] = None,
|
1461
|
+
username_as_alias: Optional[pulumi.Input[builtins.bool]] = None,
|
1313
1462
|
__props__=None):
|
1314
1463
|
"""
|
1315
1464
|
Provides a resource for managing an [LDAP auth backend within Vault](https://www.vaultproject.io/docs/auth/ldap.html).
|
@@ -1328,7 +1477,9 @@ class AuthBackend(pulumi.CustomResource):
|
|
1328
1477
|
upndomain="EXAMPLE.ORG",
|
1329
1478
|
discoverdn=False,
|
1330
1479
|
groupdn="OU=Groups,DC=example,DC=org",
|
1331
|
-
groupfilter="(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))"
|
1480
|
+
groupfilter="(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))",
|
1481
|
+
rotation_schedule="0 * * * SAT",
|
1482
|
+
rotation_window=3600)
|
1332
1483
|
```
|
1333
1484
|
|
1334
1485
|
## Import
|
@@ -1341,47 +1492,55 @@ class AuthBackend(pulumi.CustomResource):
|
|
1341
1492
|
|
1342
1493
|
:param str resource_name: The name of the resource.
|
1343
1494
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
1344
|
-
:param pulumi.Input[str] binddn: DN of object to bind when performing user search
|
1345
|
-
:param pulumi.Input[str] bindpass: Password to use with `binddn` when performing user search
|
1346
|
-
:param pulumi.Input[bool] case_sensitive_names: Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
|
1347
|
-
:param pulumi.Input[str] certificate: Trusted CA to validate TLS certificate
|
1348
|
-
:param pulumi.Input[int] connection_timeout: Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in `url` (integer: 30)
|
1349
|
-
:param pulumi.Input[bool] deny_null_bind: Prevents users from bypassing authentication when providing an empty password.
|
1350
|
-
:param pulumi.Input[str] description: Description for the LDAP auth backend mount
|
1351
|
-
:param pulumi.Input[bool]
|
1495
|
+
:param pulumi.Input[builtins.str] binddn: DN of object to bind when performing user search
|
1496
|
+
:param pulumi.Input[builtins.str] bindpass: Password to use with `binddn` when performing user search
|
1497
|
+
:param pulumi.Input[builtins.bool] case_sensitive_names: Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
|
1498
|
+
:param pulumi.Input[builtins.str] certificate: Trusted CA to validate TLS certificate
|
1499
|
+
:param pulumi.Input[builtins.int] connection_timeout: Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in `url` (integer: 30)
|
1500
|
+
:param pulumi.Input[builtins.bool] deny_null_bind: Prevents users from bypassing authentication when providing an empty password.
|
1501
|
+
:param pulumi.Input[builtins.str] description: Description for the LDAP auth backend mount
|
1502
|
+
:param pulumi.Input[builtins.bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
1503
|
+
:param pulumi.Input[builtins.bool] disable_remount: If set, opts out of mount migration on path updates.
|
1352
1504
|
See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
|
1353
|
-
:param pulumi.Input[bool] discoverdn: Use anonymous bind to discover the bind DN of a user.
|
1354
|
-
:param pulumi.Input[str] groupattr: LDAP attribute to follow on objects returned by groupfilter
|
1355
|
-
:param pulumi.Input[str] groupdn: Base DN under which to perform group search
|
1356
|
-
:param pulumi.Input[str] groupfilter: Go template used to construct group membership query
|
1357
|
-
:param pulumi.Input[bool] insecure_tls: Control whether or TLS certificates must be validated
|
1358
|
-
:param pulumi.Input[bool] local: Specifies if the auth method is local only.
|
1359
|
-
:param pulumi.Input[int] max_page_size: Sets the max page size for LDAP lookups, by default it's set to -1.
|
1505
|
+
:param pulumi.Input[builtins.bool] discoverdn: Use anonymous bind to discover the bind DN of a user.
|
1506
|
+
:param pulumi.Input[builtins.str] groupattr: LDAP attribute to follow on objects returned by groupfilter
|
1507
|
+
:param pulumi.Input[builtins.str] groupdn: Base DN under which to perform group search
|
1508
|
+
:param pulumi.Input[builtins.str] groupfilter: Go template used to construct group membership query
|
1509
|
+
:param pulumi.Input[builtins.bool] insecure_tls: Control whether or TLS certificates must be validated
|
1510
|
+
:param pulumi.Input[builtins.bool] local: Specifies if the auth method is local only.
|
1511
|
+
:param pulumi.Input[builtins.int] max_page_size: Sets the max page size for LDAP lookups, by default it's set to -1.
|
1360
1512
|
*Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+*.
|
1361
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
1513
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
1362
1514
|
The value should not contain leading or trailing forward slashes.
|
1363
1515
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
1364
1516
|
*Available only for Vault Enterprise*.
|
1365
|
-
:param pulumi.Input[str] path: Path to mount the LDAP auth backend under
|
1366
|
-
:param pulumi.Input[
|
1367
|
-
|
1368
|
-
:param pulumi.Input[str]
|
1369
|
-
|
1370
|
-
:param pulumi.Input[int]
|
1371
|
-
|
1372
|
-
|
1373
|
-
:param pulumi.Input[
|
1374
|
-
:param pulumi.Input[
|
1375
|
-
:param pulumi.Input[
|
1376
|
-
:param pulumi.Input[
|
1377
|
-
:param pulumi.Input[
|
1378
|
-
:param pulumi.Input[
|
1379
|
-
:param pulumi.Input[
|
1380
|
-
:param pulumi.Input[
|
1381
|
-
:param pulumi.Input[
|
1382
|
-
:param pulumi.Input[str]
|
1383
|
-
:param pulumi.Input[
|
1384
|
-
:param pulumi.Input[
|
1517
|
+
:param pulumi.Input[builtins.str] path: Path to mount the LDAP auth backend under
|
1518
|
+
:param pulumi.Input[builtins.int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
|
1519
|
+
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
1520
|
+
:param pulumi.Input[builtins.str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
1521
|
+
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
1522
|
+
:param pulumi.Input[builtins.int] rotation_window: The maximum amount of time in seconds allowed to complete
|
1523
|
+
a rotation when a scheduled token rotation occurs. The default rotation window is
|
1524
|
+
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
|
1525
|
+
:param pulumi.Input[builtins.bool] starttls: Control use of TLS when conecting to LDAP
|
1526
|
+
:param pulumi.Input[builtins.str] tls_max_version: Maximum acceptable version of TLS
|
1527
|
+
:param pulumi.Input[builtins.str] tls_min_version: Minimum acceptable version of TLS
|
1528
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
|
1529
|
+
:param pulumi.Input[builtins.int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
|
1530
|
+
:param pulumi.Input[builtins.int] token_max_ttl: The maximum lifetime of the generated token
|
1531
|
+
:param pulumi.Input[builtins.bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
|
1532
|
+
:param pulumi.Input[builtins.int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
|
1533
|
+
:param pulumi.Input[builtins.int] token_period: Generated Token's Period
|
1534
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] token_policies: Generated Token's Policies
|
1535
|
+
:param pulumi.Input[builtins.int] token_ttl: The initial ttl of the token to generate in seconds
|
1536
|
+
:param pulumi.Input[builtins.str] token_type: The type of token to generate, service or batch
|
1537
|
+
:param pulumi.Input[builtins.str] upndomain: The `userPrincipalDomain` used to construct the UPN string for the authenticating user.
|
1538
|
+
:param pulumi.Input[builtins.str] url: The URL of the LDAP server
|
1539
|
+
:param pulumi.Input[builtins.bool] use_token_groups: Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
|
1540
|
+
:param pulumi.Input[builtins.str] userattr: Attribute on user object matching username passed in
|
1541
|
+
:param pulumi.Input[builtins.str] userdn: Base DN under which to perform user search
|
1542
|
+
:param pulumi.Input[builtins.str] userfilter: LDAP user search filter
|
1543
|
+
:param pulumi.Input[builtins.bool] username_as_alias: Force the auth method to use the username passed by the user as the alias name.
|
1385
1544
|
"""
|
1386
1545
|
...
|
1387
1546
|
@overload
|
@@ -1406,7 +1565,9 @@ class AuthBackend(pulumi.CustomResource):
|
|
1406
1565
|
upndomain="EXAMPLE.ORG",
|
1407
1566
|
discoverdn=False,
|
1408
1567
|
groupdn="OU=Groups,DC=example,DC=org",
|
1409
|
-
groupfilter="(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))"
|
1568
|
+
groupfilter="(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))",
|
1569
|
+
rotation_schedule="0 * * * SAT",
|
1570
|
+
rotation_window=3600)
|
1410
1571
|
```
|
1411
1572
|
|
1412
1573
|
## Import
|
@@ -1432,44 +1593,48 @@ class AuthBackend(pulumi.CustomResource):
|
|
1432
1593
|
def _internal_init(__self__,
|
1433
1594
|
resource_name: str,
|
1434
1595
|
opts: Optional[pulumi.ResourceOptions] = None,
|
1435
|
-
binddn: Optional[pulumi.Input[str]] = None,
|
1436
|
-
bindpass: Optional[pulumi.Input[str]] = None,
|
1437
|
-
case_sensitive_names: Optional[pulumi.Input[bool]] = None,
|
1438
|
-
certificate: Optional[pulumi.Input[str]] = None,
|
1439
|
-
client_tls_cert: Optional[pulumi.Input[str]] = None,
|
1440
|
-
client_tls_key: Optional[pulumi.Input[str]] = None,
|
1441
|
-
connection_timeout: Optional[pulumi.Input[int]] = None,
|
1442
|
-
deny_null_bind: Optional[pulumi.Input[bool]] = None,
|
1443
|
-
description: Optional[pulumi.Input[str]] = None,
|
1444
|
-
|
1445
|
-
|
1446
|
-
|
1447
|
-
|
1448
|
-
|
1449
|
-
|
1450
|
-
|
1451
|
-
|
1452
|
-
|
1453
|
-
|
1454
|
-
|
1455
|
-
|
1456
|
-
|
1457
|
-
|
1458
|
-
|
1459
|
-
|
1460
|
-
|
1461
|
-
|
1462
|
-
|
1463
|
-
|
1464
|
-
|
1465
|
-
|
1466
|
-
|
1467
|
-
|
1468
|
-
|
1469
|
-
|
1470
|
-
|
1471
|
-
|
1472
|
-
|
1596
|
+
binddn: Optional[pulumi.Input[builtins.str]] = None,
|
1597
|
+
bindpass: Optional[pulumi.Input[builtins.str]] = None,
|
1598
|
+
case_sensitive_names: Optional[pulumi.Input[builtins.bool]] = None,
|
1599
|
+
certificate: Optional[pulumi.Input[builtins.str]] = None,
|
1600
|
+
client_tls_cert: Optional[pulumi.Input[builtins.str]] = None,
|
1601
|
+
client_tls_key: Optional[pulumi.Input[builtins.str]] = None,
|
1602
|
+
connection_timeout: Optional[pulumi.Input[builtins.int]] = None,
|
1603
|
+
deny_null_bind: Optional[pulumi.Input[builtins.bool]] = None,
|
1604
|
+
description: Optional[pulumi.Input[builtins.str]] = None,
|
1605
|
+
disable_automated_rotation: Optional[pulumi.Input[builtins.bool]] = None,
|
1606
|
+
disable_remount: Optional[pulumi.Input[builtins.bool]] = None,
|
1607
|
+
discoverdn: Optional[pulumi.Input[builtins.bool]] = None,
|
1608
|
+
groupattr: Optional[pulumi.Input[builtins.str]] = None,
|
1609
|
+
groupdn: Optional[pulumi.Input[builtins.str]] = None,
|
1610
|
+
groupfilter: Optional[pulumi.Input[builtins.str]] = None,
|
1611
|
+
insecure_tls: Optional[pulumi.Input[builtins.bool]] = None,
|
1612
|
+
local: Optional[pulumi.Input[builtins.bool]] = None,
|
1613
|
+
max_page_size: Optional[pulumi.Input[builtins.int]] = None,
|
1614
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
1615
|
+
path: Optional[pulumi.Input[builtins.str]] = None,
|
1616
|
+
rotation_period: Optional[pulumi.Input[builtins.int]] = None,
|
1617
|
+
rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
|
1618
|
+
rotation_window: Optional[pulumi.Input[builtins.int]] = None,
|
1619
|
+
starttls: Optional[pulumi.Input[builtins.bool]] = None,
|
1620
|
+
tls_max_version: Optional[pulumi.Input[builtins.str]] = None,
|
1621
|
+
tls_min_version: Optional[pulumi.Input[builtins.str]] = None,
|
1622
|
+
token_bound_cidrs: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1623
|
+
token_explicit_max_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
1624
|
+
token_max_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
1625
|
+
token_no_default_policy: Optional[pulumi.Input[builtins.bool]] = None,
|
1626
|
+
token_num_uses: Optional[pulumi.Input[builtins.int]] = None,
|
1627
|
+
token_period: Optional[pulumi.Input[builtins.int]] = None,
|
1628
|
+
token_policies: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1629
|
+
token_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
1630
|
+
token_type: Optional[pulumi.Input[builtins.str]] = None,
|
1631
|
+
upndomain: Optional[pulumi.Input[builtins.str]] = None,
|
1632
|
+
url: Optional[pulumi.Input[builtins.str]] = None,
|
1633
|
+
use_token_groups: Optional[pulumi.Input[builtins.bool]] = None,
|
1634
|
+
userattr: Optional[pulumi.Input[builtins.str]] = None,
|
1635
|
+
userdn: Optional[pulumi.Input[builtins.str]] = None,
|
1636
|
+
userfilter: Optional[pulumi.Input[builtins.str]] = None,
|
1637
|
+
username_as_alias: Optional[pulumi.Input[builtins.bool]] = None,
|
1473
1638
|
__props__=None):
|
1474
1639
|
opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
|
1475
1640
|
if not isinstance(opts, pulumi.ResourceOptions):
|
@@ -1488,6 +1653,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1488
1653
|
__props__.__dict__["connection_timeout"] = connection_timeout
|
1489
1654
|
__props__.__dict__["deny_null_bind"] = deny_null_bind
|
1490
1655
|
__props__.__dict__["description"] = description
|
1656
|
+
__props__.__dict__["disable_automated_rotation"] = disable_automated_rotation
|
1491
1657
|
__props__.__dict__["disable_remount"] = disable_remount
|
1492
1658
|
__props__.__dict__["discoverdn"] = discoverdn
|
1493
1659
|
__props__.__dict__["groupattr"] = groupattr
|
@@ -1498,6 +1664,9 @@ class AuthBackend(pulumi.CustomResource):
|
|
1498
1664
|
__props__.__dict__["max_page_size"] = max_page_size
|
1499
1665
|
__props__.__dict__["namespace"] = namespace
|
1500
1666
|
__props__.__dict__["path"] = path
|
1667
|
+
__props__.__dict__["rotation_period"] = rotation_period
|
1668
|
+
__props__.__dict__["rotation_schedule"] = rotation_schedule
|
1669
|
+
__props__.__dict__["rotation_window"] = rotation_window
|
1501
1670
|
__props__.__dict__["starttls"] = starttls
|
1502
1671
|
__props__.__dict__["tls_max_version"] = tls_max_version
|
1503
1672
|
__props__.__dict__["tls_min_version"] = tls_min_version
|
@@ -1532,45 +1701,49 @@ class AuthBackend(pulumi.CustomResource):
|
|
1532
1701
|
def get(resource_name: str,
|
1533
1702
|
id: pulumi.Input[str],
|
1534
1703
|
opts: Optional[pulumi.ResourceOptions] = None,
|
1535
|
-
accessor: Optional[pulumi.Input[str]] = None,
|
1536
|
-
binddn: Optional[pulumi.Input[str]] = None,
|
1537
|
-
bindpass: Optional[pulumi.Input[str]] = None,
|
1538
|
-
case_sensitive_names: Optional[pulumi.Input[bool]] = None,
|
1539
|
-
certificate: Optional[pulumi.Input[str]] = None,
|
1540
|
-
client_tls_cert: Optional[pulumi.Input[str]] = None,
|
1541
|
-
client_tls_key: Optional[pulumi.Input[str]] = None,
|
1542
|
-
connection_timeout: Optional[pulumi.Input[int]] = None,
|
1543
|
-
deny_null_bind: Optional[pulumi.Input[bool]] = None,
|
1544
|
-
description: Optional[pulumi.Input[str]] = None,
|
1545
|
-
|
1546
|
-
|
1547
|
-
|
1548
|
-
|
1549
|
-
|
1550
|
-
|
1551
|
-
|
1552
|
-
|
1553
|
-
|
1554
|
-
|
1555
|
-
|
1556
|
-
|
1557
|
-
|
1558
|
-
|
1559
|
-
|
1560
|
-
|
1561
|
-
|
1562
|
-
|
1563
|
-
|
1564
|
-
|
1565
|
-
|
1566
|
-
|
1567
|
-
|
1568
|
-
|
1569
|
-
|
1570
|
-
|
1571
|
-
|
1572
|
-
|
1573
|
-
|
1704
|
+
accessor: Optional[pulumi.Input[builtins.str]] = None,
|
1705
|
+
binddn: Optional[pulumi.Input[builtins.str]] = None,
|
1706
|
+
bindpass: Optional[pulumi.Input[builtins.str]] = None,
|
1707
|
+
case_sensitive_names: Optional[pulumi.Input[builtins.bool]] = None,
|
1708
|
+
certificate: Optional[pulumi.Input[builtins.str]] = None,
|
1709
|
+
client_tls_cert: Optional[pulumi.Input[builtins.str]] = None,
|
1710
|
+
client_tls_key: Optional[pulumi.Input[builtins.str]] = None,
|
1711
|
+
connection_timeout: Optional[pulumi.Input[builtins.int]] = None,
|
1712
|
+
deny_null_bind: Optional[pulumi.Input[builtins.bool]] = None,
|
1713
|
+
description: Optional[pulumi.Input[builtins.str]] = None,
|
1714
|
+
disable_automated_rotation: Optional[pulumi.Input[builtins.bool]] = None,
|
1715
|
+
disable_remount: Optional[pulumi.Input[builtins.bool]] = None,
|
1716
|
+
discoverdn: Optional[pulumi.Input[builtins.bool]] = None,
|
1717
|
+
groupattr: Optional[pulumi.Input[builtins.str]] = None,
|
1718
|
+
groupdn: Optional[pulumi.Input[builtins.str]] = None,
|
1719
|
+
groupfilter: Optional[pulumi.Input[builtins.str]] = None,
|
1720
|
+
insecure_tls: Optional[pulumi.Input[builtins.bool]] = None,
|
1721
|
+
local: Optional[pulumi.Input[builtins.bool]] = None,
|
1722
|
+
max_page_size: Optional[pulumi.Input[builtins.int]] = None,
|
1723
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
1724
|
+
path: Optional[pulumi.Input[builtins.str]] = None,
|
1725
|
+
rotation_period: Optional[pulumi.Input[builtins.int]] = None,
|
1726
|
+
rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
|
1727
|
+
rotation_window: Optional[pulumi.Input[builtins.int]] = None,
|
1728
|
+
starttls: Optional[pulumi.Input[builtins.bool]] = None,
|
1729
|
+
tls_max_version: Optional[pulumi.Input[builtins.str]] = None,
|
1730
|
+
tls_min_version: Optional[pulumi.Input[builtins.str]] = None,
|
1731
|
+
token_bound_cidrs: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1732
|
+
token_explicit_max_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
1733
|
+
token_max_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
1734
|
+
token_no_default_policy: Optional[pulumi.Input[builtins.bool]] = None,
|
1735
|
+
token_num_uses: Optional[pulumi.Input[builtins.int]] = None,
|
1736
|
+
token_period: Optional[pulumi.Input[builtins.int]] = None,
|
1737
|
+
token_policies: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1738
|
+
token_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
1739
|
+
token_type: Optional[pulumi.Input[builtins.str]] = None,
|
1740
|
+
upndomain: Optional[pulumi.Input[builtins.str]] = None,
|
1741
|
+
url: Optional[pulumi.Input[builtins.str]] = None,
|
1742
|
+
use_token_groups: Optional[pulumi.Input[builtins.bool]] = None,
|
1743
|
+
userattr: Optional[pulumi.Input[builtins.str]] = None,
|
1744
|
+
userdn: Optional[pulumi.Input[builtins.str]] = None,
|
1745
|
+
userfilter: Optional[pulumi.Input[builtins.str]] = None,
|
1746
|
+
username_as_alias: Optional[pulumi.Input[builtins.bool]] = None) -> 'AuthBackend':
|
1574
1747
|
"""
|
1575
1748
|
Get an existing AuthBackend resource's state with the given name, id, and optional extra
|
1576
1749
|
properties used to qualify the lookup.
|
@@ -1578,48 +1751,56 @@ class AuthBackend(pulumi.CustomResource):
|
|
1578
1751
|
:param str resource_name: The unique name of the resulting resource.
|
1579
1752
|
:param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
|
1580
1753
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
1581
|
-
:param pulumi.Input[str] accessor: The accessor for this auth mount.
|
1582
|
-
:param pulumi.Input[str] binddn: DN of object to bind when performing user search
|
1583
|
-
:param pulumi.Input[str] bindpass: Password to use with `binddn` when performing user search
|
1584
|
-
:param pulumi.Input[bool] case_sensitive_names: Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
|
1585
|
-
:param pulumi.Input[str] certificate: Trusted CA to validate TLS certificate
|
1586
|
-
:param pulumi.Input[int] connection_timeout: Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in `url` (integer: 30)
|
1587
|
-
:param pulumi.Input[bool] deny_null_bind: Prevents users from bypassing authentication when providing an empty password.
|
1588
|
-
:param pulumi.Input[str] description: Description for the LDAP auth backend mount
|
1589
|
-
:param pulumi.Input[bool]
|
1754
|
+
:param pulumi.Input[builtins.str] accessor: The accessor for this auth mount.
|
1755
|
+
:param pulumi.Input[builtins.str] binddn: DN of object to bind when performing user search
|
1756
|
+
:param pulumi.Input[builtins.str] bindpass: Password to use with `binddn` when performing user search
|
1757
|
+
:param pulumi.Input[builtins.bool] case_sensitive_names: Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
|
1758
|
+
:param pulumi.Input[builtins.str] certificate: Trusted CA to validate TLS certificate
|
1759
|
+
:param pulumi.Input[builtins.int] connection_timeout: Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in `url` (integer: 30)
|
1760
|
+
:param pulumi.Input[builtins.bool] deny_null_bind: Prevents users from bypassing authentication when providing an empty password.
|
1761
|
+
:param pulumi.Input[builtins.str] description: Description for the LDAP auth backend mount
|
1762
|
+
:param pulumi.Input[builtins.bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
1763
|
+
:param pulumi.Input[builtins.bool] disable_remount: If set, opts out of mount migration on path updates.
|
1590
1764
|
See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
|
1591
|
-
:param pulumi.Input[bool] discoverdn: Use anonymous bind to discover the bind DN of a user.
|
1592
|
-
:param pulumi.Input[str] groupattr: LDAP attribute to follow on objects returned by groupfilter
|
1593
|
-
:param pulumi.Input[str] groupdn: Base DN under which to perform group search
|
1594
|
-
:param pulumi.Input[str] groupfilter: Go template used to construct group membership query
|
1595
|
-
:param pulumi.Input[bool] insecure_tls: Control whether or TLS certificates must be validated
|
1596
|
-
:param pulumi.Input[bool] local: Specifies if the auth method is local only.
|
1597
|
-
:param pulumi.Input[int] max_page_size: Sets the max page size for LDAP lookups, by default it's set to -1.
|
1765
|
+
:param pulumi.Input[builtins.bool] discoverdn: Use anonymous bind to discover the bind DN of a user.
|
1766
|
+
:param pulumi.Input[builtins.str] groupattr: LDAP attribute to follow on objects returned by groupfilter
|
1767
|
+
:param pulumi.Input[builtins.str] groupdn: Base DN under which to perform group search
|
1768
|
+
:param pulumi.Input[builtins.str] groupfilter: Go template used to construct group membership query
|
1769
|
+
:param pulumi.Input[builtins.bool] insecure_tls: Control whether or TLS certificates must be validated
|
1770
|
+
:param pulumi.Input[builtins.bool] local: Specifies if the auth method is local only.
|
1771
|
+
:param pulumi.Input[builtins.int] max_page_size: Sets the max page size for LDAP lookups, by default it's set to -1.
|
1598
1772
|
*Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+*.
|
1599
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
1773
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
1600
1774
|
The value should not contain leading or trailing forward slashes.
|
1601
1775
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
1602
1776
|
*Available only for Vault Enterprise*.
|
1603
|
-
:param pulumi.Input[str] path: Path to mount the LDAP auth backend under
|
1604
|
-
:param pulumi.Input[
|
1605
|
-
|
1606
|
-
:param pulumi.Input[str]
|
1607
|
-
|
1608
|
-
:param pulumi.Input[int]
|
1609
|
-
|
1610
|
-
|
1611
|
-
:param pulumi.Input[
|
1612
|
-
:param pulumi.Input[
|
1613
|
-
:param pulumi.Input[
|
1614
|
-
:param pulumi.Input[
|
1615
|
-
:param pulumi.Input[
|
1616
|
-
:param pulumi.Input[
|
1617
|
-
:param pulumi.Input[
|
1618
|
-
:param pulumi.Input[
|
1619
|
-
:param pulumi.Input[
|
1620
|
-
:param pulumi.Input[str]
|
1621
|
-
:param pulumi.Input[
|
1622
|
-
:param pulumi.Input[
|
1777
|
+
:param pulumi.Input[builtins.str] path: Path to mount the LDAP auth backend under
|
1778
|
+
:param pulumi.Input[builtins.int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
|
1779
|
+
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
1780
|
+
:param pulumi.Input[builtins.str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
1781
|
+
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
1782
|
+
:param pulumi.Input[builtins.int] rotation_window: The maximum amount of time in seconds allowed to complete
|
1783
|
+
a rotation when a scheduled token rotation occurs. The default rotation window is
|
1784
|
+
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
|
1785
|
+
:param pulumi.Input[builtins.bool] starttls: Control use of TLS when conecting to LDAP
|
1786
|
+
:param pulumi.Input[builtins.str] tls_max_version: Maximum acceptable version of TLS
|
1787
|
+
:param pulumi.Input[builtins.str] tls_min_version: Minimum acceptable version of TLS
|
1788
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
|
1789
|
+
:param pulumi.Input[builtins.int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
|
1790
|
+
:param pulumi.Input[builtins.int] token_max_ttl: The maximum lifetime of the generated token
|
1791
|
+
:param pulumi.Input[builtins.bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
|
1792
|
+
:param pulumi.Input[builtins.int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
|
1793
|
+
:param pulumi.Input[builtins.int] token_period: Generated Token's Period
|
1794
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] token_policies: Generated Token's Policies
|
1795
|
+
:param pulumi.Input[builtins.int] token_ttl: The initial ttl of the token to generate in seconds
|
1796
|
+
:param pulumi.Input[builtins.str] token_type: The type of token to generate, service or batch
|
1797
|
+
:param pulumi.Input[builtins.str] upndomain: The `userPrincipalDomain` used to construct the UPN string for the authenticating user.
|
1798
|
+
:param pulumi.Input[builtins.str] url: The URL of the LDAP server
|
1799
|
+
:param pulumi.Input[builtins.bool] use_token_groups: Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
|
1800
|
+
:param pulumi.Input[builtins.str] userattr: Attribute on user object matching username passed in
|
1801
|
+
:param pulumi.Input[builtins.str] userdn: Base DN under which to perform user search
|
1802
|
+
:param pulumi.Input[builtins.str] userfilter: LDAP user search filter
|
1803
|
+
:param pulumi.Input[builtins.bool] username_as_alias: Force the auth method to use the username passed by the user as the alias name.
|
1623
1804
|
"""
|
1624
1805
|
opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
|
1625
1806
|
|
@@ -1635,6 +1816,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1635
1816
|
__props__.__dict__["connection_timeout"] = connection_timeout
|
1636
1817
|
__props__.__dict__["deny_null_bind"] = deny_null_bind
|
1637
1818
|
__props__.__dict__["description"] = description
|
1819
|
+
__props__.__dict__["disable_automated_rotation"] = disable_automated_rotation
|
1638
1820
|
__props__.__dict__["disable_remount"] = disable_remount
|
1639
1821
|
__props__.__dict__["discoverdn"] = discoverdn
|
1640
1822
|
__props__.__dict__["groupattr"] = groupattr
|
@@ -1645,6 +1827,9 @@ class AuthBackend(pulumi.CustomResource):
|
|
1645
1827
|
__props__.__dict__["max_page_size"] = max_page_size
|
1646
1828
|
__props__.__dict__["namespace"] = namespace
|
1647
1829
|
__props__.__dict__["path"] = path
|
1830
|
+
__props__.__dict__["rotation_period"] = rotation_period
|
1831
|
+
__props__.__dict__["rotation_schedule"] = rotation_schedule
|
1832
|
+
__props__.__dict__["rotation_window"] = rotation_window
|
1648
1833
|
__props__.__dict__["starttls"] = starttls
|
1649
1834
|
__props__.__dict__["tls_max_version"] = tls_max_version
|
1650
1835
|
__props__.__dict__["tls_min_version"] = tls_min_version
|
@@ -1668,7 +1853,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1668
1853
|
|
1669
1854
|
@property
|
1670
1855
|
@pulumi.getter
|
1671
|
-
def accessor(self) -> pulumi.Output[str]:
|
1856
|
+
def accessor(self) -> pulumi.Output[builtins.str]:
|
1672
1857
|
"""
|
1673
1858
|
The accessor for this auth mount.
|
1674
1859
|
"""
|
@@ -1676,7 +1861,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1676
1861
|
|
1677
1862
|
@property
|
1678
1863
|
@pulumi.getter
|
1679
|
-
def binddn(self) -> pulumi.Output[str]:
|
1864
|
+
def binddn(self) -> pulumi.Output[builtins.str]:
|
1680
1865
|
"""
|
1681
1866
|
DN of object to bind when performing user search
|
1682
1867
|
"""
|
@@ -1684,7 +1869,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1684
1869
|
|
1685
1870
|
@property
|
1686
1871
|
@pulumi.getter
|
1687
|
-
def bindpass(self) -> pulumi.Output[str]:
|
1872
|
+
def bindpass(self) -> pulumi.Output[builtins.str]:
|
1688
1873
|
"""
|
1689
1874
|
Password to use with `binddn` when performing user search
|
1690
1875
|
"""
|
@@ -1692,7 +1877,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1692
1877
|
|
1693
1878
|
@property
|
1694
1879
|
@pulumi.getter(name="caseSensitiveNames")
|
1695
|
-
def case_sensitive_names(self) -> pulumi.Output[bool]:
|
1880
|
+
def case_sensitive_names(self) -> pulumi.Output[builtins.bool]:
|
1696
1881
|
"""
|
1697
1882
|
Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
|
1698
1883
|
"""
|
@@ -1700,7 +1885,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1700
1885
|
|
1701
1886
|
@property
|
1702
1887
|
@pulumi.getter
|
1703
|
-
def certificate(self) -> pulumi.Output[str]:
|
1888
|
+
def certificate(self) -> pulumi.Output[builtins.str]:
|
1704
1889
|
"""
|
1705
1890
|
Trusted CA to validate TLS certificate
|
1706
1891
|
"""
|
@@ -1708,17 +1893,17 @@ class AuthBackend(pulumi.CustomResource):
|
|
1708
1893
|
|
1709
1894
|
@property
|
1710
1895
|
@pulumi.getter(name="clientTlsCert")
|
1711
|
-
def client_tls_cert(self) -> pulumi.Output[str]:
|
1896
|
+
def client_tls_cert(self) -> pulumi.Output[builtins.str]:
|
1712
1897
|
return pulumi.get(self, "client_tls_cert")
|
1713
1898
|
|
1714
1899
|
@property
|
1715
1900
|
@pulumi.getter(name="clientTlsKey")
|
1716
|
-
def client_tls_key(self) -> pulumi.Output[str]:
|
1901
|
+
def client_tls_key(self) -> pulumi.Output[builtins.str]:
|
1717
1902
|
return pulumi.get(self, "client_tls_key")
|
1718
1903
|
|
1719
1904
|
@property
|
1720
1905
|
@pulumi.getter(name="connectionTimeout")
|
1721
|
-
def connection_timeout(self) -> pulumi.Output[int]:
|
1906
|
+
def connection_timeout(self) -> pulumi.Output[builtins.int]:
|
1722
1907
|
"""
|
1723
1908
|
Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in `url` (integer: 30)
|
1724
1909
|
"""
|
@@ -1726,7 +1911,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1726
1911
|
|
1727
1912
|
@property
|
1728
1913
|
@pulumi.getter(name="denyNullBind")
|
1729
|
-
def deny_null_bind(self) -> pulumi.Output[bool]:
|
1914
|
+
def deny_null_bind(self) -> pulumi.Output[builtins.bool]:
|
1730
1915
|
"""
|
1731
1916
|
Prevents users from bypassing authentication when providing an empty password.
|
1732
1917
|
"""
|
@@ -1734,15 +1919,23 @@ class AuthBackend(pulumi.CustomResource):
|
|
1734
1919
|
|
1735
1920
|
@property
|
1736
1921
|
@pulumi.getter
|
1737
|
-
def description(self) -> pulumi.Output[str]:
|
1922
|
+
def description(self) -> pulumi.Output[builtins.str]:
|
1738
1923
|
"""
|
1739
1924
|
Description for the LDAP auth backend mount
|
1740
1925
|
"""
|
1741
1926
|
return pulumi.get(self, "description")
|
1742
1927
|
|
1928
|
+
@property
|
1929
|
+
@pulumi.getter(name="disableAutomatedRotation")
|
1930
|
+
def disable_automated_rotation(self) -> pulumi.Output[Optional[builtins.bool]]:
|
1931
|
+
"""
|
1932
|
+
Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
1933
|
+
"""
|
1934
|
+
return pulumi.get(self, "disable_automated_rotation")
|
1935
|
+
|
1743
1936
|
@property
|
1744
1937
|
@pulumi.getter(name="disableRemount")
|
1745
|
-
def disable_remount(self) -> pulumi.Output[Optional[bool]]:
|
1938
|
+
def disable_remount(self) -> pulumi.Output[Optional[builtins.bool]]:
|
1746
1939
|
"""
|
1747
1940
|
If set, opts out of mount migration on path updates.
|
1748
1941
|
See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
|
@@ -1751,7 +1944,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1751
1944
|
|
1752
1945
|
@property
|
1753
1946
|
@pulumi.getter
|
1754
|
-
def discoverdn(self) -> pulumi.Output[bool]:
|
1947
|
+
def discoverdn(self) -> pulumi.Output[builtins.bool]:
|
1755
1948
|
"""
|
1756
1949
|
Use anonymous bind to discover the bind DN of a user.
|
1757
1950
|
"""
|
@@ -1759,7 +1952,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1759
1952
|
|
1760
1953
|
@property
|
1761
1954
|
@pulumi.getter
|
1762
|
-
def groupattr(self) -> pulumi.Output[str]:
|
1955
|
+
def groupattr(self) -> pulumi.Output[builtins.str]:
|
1763
1956
|
"""
|
1764
1957
|
LDAP attribute to follow on objects returned by groupfilter
|
1765
1958
|
"""
|
@@ -1767,7 +1960,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1767
1960
|
|
1768
1961
|
@property
|
1769
1962
|
@pulumi.getter
|
1770
|
-
def groupdn(self) -> pulumi.Output[str]:
|
1963
|
+
def groupdn(self) -> pulumi.Output[builtins.str]:
|
1771
1964
|
"""
|
1772
1965
|
Base DN under which to perform group search
|
1773
1966
|
"""
|
@@ -1775,7 +1968,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1775
1968
|
|
1776
1969
|
@property
|
1777
1970
|
@pulumi.getter
|
1778
|
-
def groupfilter(self) -> pulumi.Output[str]:
|
1971
|
+
def groupfilter(self) -> pulumi.Output[builtins.str]:
|
1779
1972
|
"""
|
1780
1973
|
Go template used to construct group membership query
|
1781
1974
|
"""
|
@@ -1783,7 +1976,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1783
1976
|
|
1784
1977
|
@property
|
1785
1978
|
@pulumi.getter(name="insecureTls")
|
1786
|
-
def insecure_tls(self) -> pulumi.Output[bool]:
|
1979
|
+
def insecure_tls(self) -> pulumi.Output[builtins.bool]:
|
1787
1980
|
"""
|
1788
1981
|
Control whether or TLS certificates must be validated
|
1789
1982
|
"""
|
@@ -1791,7 +1984,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1791
1984
|
|
1792
1985
|
@property
|
1793
1986
|
@pulumi.getter
|
1794
|
-
def local(self) -> pulumi.Output[Optional[bool]]:
|
1987
|
+
def local(self) -> pulumi.Output[Optional[builtins.bool]]:
|
1795
1988
|
"""
|
1796
1989
|
Specifies if the auth method is local only.
|
1797
1990
|
"""
|
@@ -1799,7 +1992,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1799
1992
|
|
1800
1993
|
@property
|
1801
1994
|
@pulumi.getter(name="maxPageSize")
|
1802
|
-
def max_page_size(self) -> pulumi.Output[Optional[int]]:
|
1995
|
+
def max_page_size(self) -> pulumi.Output[Optional[builtins.int]]:
|
1803
1996
|
"""
|
1804
1997
|
Sets the max page size for LDAP lookups, by default it's set to -1.
|
1805
1998
|
*Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+*.
|
@@ -1808,7 +2001,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1808
2001
|
|
1809
2002
|
@property
|
1810
2003
|
@pulumi.getter
|
1811
|
-
def namespace(self) -> pulumi.Output[Optional[str]]:
|
2004
|
+
def namespace(self) -> pulumi.Output[Optional[builtins.str]]:
|
1812
2005
|
"""
|
1813
2006
|
The namespace to provision the resource in.
|
1814
2007
|
The value should not contain leading or trailing forward slashes.
|
@@ -1819,15 +2012,43 @@ class AuthBackend(pulumi.CustomResource):
|
|
1819
2012
|
|
1820
2013
|
@property
|
1821
2014
|
@pulumi.getter
|
1822
|
-
def path(self) -> pulumi.Output[Optional[str]]:
|
2015
|
+
def path(self) -> pulumi.Output[Optional[builtins.str]]:
|
1823
2016
|
"""
|
1824
2017
|
Path to mount the LDAP auth backend under
|
1825
2018
|
"""
|
1826
2019
|
return pulumi.get(self, "path")
|
1827
2020
|
|
2021
|
+
@property
|
2022
|
+
@pulumi.getter(name="rotationPeriod")
|
2023
|
+
def rotation_period(self) -> pulumi.Output[Optional[builtins.int]]:
|
2024
|
+
"""
|
2025
|
+
The amount of time in seconds Vault should wait before rotating the root credential.
|
2026
|
+
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
2027
|
+
"""
|
2028
|
+
return pulumi.get(self, "rotation_period")
|
2029
|
+
|
2030
|
+
@property
|
2031
|
+
@pulumi.getter(name="rotationSchedule")
|
2032
|
+
def rotation_schedule(self) -> pulumi.Output[Optional[builtins.str]]:
|
2033
|
+
"""
|
2034
|
+
The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
2035
|
+
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
2036
|
+
"""
|
2037
|
+
return pulumi.get(self, "rotation_schedule")
|
2038
|
+
|
2039
|
+
@property
|
2040
|
+
@pulumi.getter(name="rotationWindow")
|
2041
|
+
def rotation_window(self) -> pulumi.Output[Optional[builtins.int]]:
|
2042
|
+
"""
|
2043
|
+
The maximum amount of time in seconds allowed to complete
|
2044
|
+
a rotation when a scheduled token rotation occurs. The default rotation window is
|
2045
|
+
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
|
2046
|
+
"""
|
2047
|
+
return pulumi.get(self, "rotation_window")
|
2048
|
+
|
1828
2049
|
@property
|
1829
2050
|
@pulumi.getter
|
1830
|
-
def starttls(self) -> pulumi.Output[bool]:
|
2051
|
+
def starttls(self) -> pulumi.Output[builtins.bool]:
|
1831
2052
|
"""
|
1832
2053
|
Control use of TLS when conecting to LDAP
|
1833
2054
|
"""
|
@@ -1835,7 +2056,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1835
2056
|
|
1836
2057
|
@property
|
1837
2058
|
@pulumi.getter(name="tlsMaxVersion")
|
1838
|
-
def tls_max_version(self) -> pulumi.Output[str]:
|
2059
|
+
def tls_max_version(self) -> pulumi.Output[builtins.str]:
|
1839
2060
|
"""
|
1840
2061
|
Maximum acceptable version of TLS
|
1841
2062
|
"""
|
@@ -1843,7 +2064,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1843
2064
|
|
1844
2065
|
@property
|
1845
2066
|
@pulumi.getter(name="tlsMinVersion")
|
1846
|
-
def tls_min_version(self) -> pulumi.Output[str]:
|
2067
|
+
def tls_min_version(self) -> pulumi.Output[builtins.str]:
|
1847
2068
|
"""
|
1848
2069
|
Minimum acceptable version of TLS
|
1849
2070
|
"""
|
@@ -1851,7 +2072,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1851
2072
|
|
1852
2073
|
@property
|
1853
2074
|
@pulumi.getter(name="tokenBoundCidrs")
|
1854
|
-
def token_bound_cidrs(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
2075
|
+
def token_bound_cidrs(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
|
1855
2076
|
"""
|
1856
2077
|
Specifies the blocks of IP addresses which are allowed to use the generated token
|
1857
2078
|
"""
|
@@ -1859,7 +2080,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1859
2080
|
|
1860
2081
|
@property
|
1861
2082
|
@pulumi.getter(name="tokenExplicitMaxTtl")
|
1862
|
-
def token_explicit_max_ttl(self) -> pulumi.Output[Optional[int]]:
|
2083
|
+
def token_explicit_max_ttl(self) -> pulumi.Output[Optional[builtins.int]]:
|
1863
2084
|
"""
|
1864
2085
|
Generated Token's Explicit Maximum TTL in seconds
|
1865
2086
|
"""
|
@@ -1867,7 +2088,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1867
2088
|
|
1868
2089
|
@property
|
1869
2090
|
@pulumi.getter(name="tokenMaxTtl")
|
1870
|
-
def token_max_ttl(self) -> pulumi.Output[Optional[int]]:
|
2091
|
+
def token_max_ttl(self) -> pulumi.Output[Optional[builtins.int]]:
|
1871
2092
|
"""
|
1872
2093
|
The maximum lifetime of the generated token
|
1873
2094
|
"""
|
@@ -1875,7 +2096,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1875
2096
|
|
1876
2097
|
@property
|
1877
2098
|
@pulumi.getter(name="tokenNoDefaultPolicy")
|
1878
|
-
def token_no_default_policy(self) -> pulumi.Output[Optional[bool]]:
|
2099
|
+
def token_no_default_policy(self) -> pulumi.Output[Optional[builtins.bool]]:
|
1879
2100
|
"""
|
1880
2101
|
If true, the 'default' policy will not automatically be added to generated tokens
|
1881
2102
|
"""
|
@@ -1883,7 +2104,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1883
2104
|
|
1884
2105
|
@property
|
1885
2106
|
@pulumi.getter(name="tokenNumUses")
|
1886
|
-
def token_num_uses(self) -> pulumi.Output[Optional[int]]:
|
2107
|
+
def token_num_uses(self) -> pulumi.Output[Optional[builtins.int]]:
|
1887
2108
|
"""
|
1888
2109
|
The maximum number of times a token may be used, a value of zero means unlimited
|
1889
2110
|
"""
|
@@ -1891,7 +2112,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1891
2112
|
|
1892
2113
|
@property
|
1893
2114
|
@pulumi.getter(name="tokenPeriod")
|
1894
|
-
def token_period(self) -> pulumi.Output[Optional[int]]:
|
2115
|
+
def token_period(self) -> pulumi.Output[Optional[builtins.int]]:
|
1895
2116
|
"""
|
1896
2117
|
Generated Token's Period
|
1897
2118
|
"""
|
@@ -1899,7 +2120,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1899
2120
|
|
1900
2121
|
@property
|
1901
2122
|
@pulumi.getter(name="tokenPolicies")
|
1902
|
-
def token_policies(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
2123
|
+
def token_policies(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
|
1903
2124
|
"""
|
1904
2125
|
Generated Token's Policies
|
1905
2126
|
"""
|
@@ -1907,7 +2128,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1907
2128
|
|
1908
2129
|
@property
|
1909
2130
|
@pulumi.getter(name="tokenTtl")
|
1910
|
-
def token_ttl(self) -> pulumi.Output[Optional[int]]:
|
2131
|
+
def token_ttl(self) -> pulumi.Output[Optional[builtins.int]]:
|
1911
2132
|
"""
|
1912
2133
|
The initial ttl of the token to generate in seconds
|
1913
2134
|
"""
|
@@ -1915,7 +2136,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1915
2136
|
|
1916
2137
|
@property
|
1917
2138
|
@pulumi.getter(name="tokenType")
|
1918
|
-
def token_type(self) -> pulumi.Output[Optional[str]]:
|
2139
|
+
def token_type(self) -> pulumi.Output[Optional[builtins.str]]:
|
1919
2140
|
"""
|
1920
2141
|
The type of token to generate, service or batch
|
1921
2142
|
"""
|
@@ -1923,7 +2144,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1923
2144
|
|
1924
2145
|
@property
|
1925
2146
|
@pulumi.getter
|
1926
|
-
def upndomain(self) -> pulumi.Output[str]:
|
2147
|
+
def upndomain(self) -> pulumi.Output[builtins.str]:
|
1927
2148
|
"""
|
1928
2149
|
The `userPrincipalDomain` used to construct the UPN string for the authenticating user.
|
1929
2150
|
"""
|
@@ -1931,7 +2152,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1931
2152
|
|
1932
2153
|
@property
|
1933
2154
|
@pulumi.getter
|
1934
|
-
def url(self) -> pulumi.Output[str]:
|
2155
|
+
def url(self) -> pulumi.Output[builtins.str]:
|
1935
2156
|
"""
|
1936
2157
|
The URL of the LDAP server
|
1937
2158
|
"""
|
@@ -1939,7 +2160,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1939
2160
|
|
1940
2161
|
@property
|
1941
2162
|
@pulumi.getter(name="useTokenGroups")
|
1942
|
-
def use_token_groups(self) -> pulumi.Output[bool]:
|
2163
|
+
def use_token_groups(self) -> pulumi.Output[builtins.bool]:
|
1943
2164
|
"""
|
1944
2165
|
Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
|
1945
2166
|
"""
|
@@ -1947,7 +2168,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1947
2168
|
|
1948
2169
|
@property
|
1949
2170
|
@pulumi.getter
|
1950
|
-
def userattr(self) -> pulumi.Output[str]:
|
2171
|
+
def userattr(self) -> pulumi.Output[builtins.str]:
|
1951
2172
|
"""
|
1952
2173
|
Attribute on user object matching username passed in
|
1953
2174
|
"""
|
@@ -1955,7 +2176,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1955
2176
|
|
1956
2177
|
@property
|
1957
2178
|
@pulumi.getter
|
1958
|
-
def userdn(self) -> pulumi.Output[str]:
|
2179
|
+
def userdn(self) -> pulumi.Output[builtins.str]:
|
1959
2180
|
"""
|
1960
2181
|
Base DN under which to perform user search
|
1961
2182
|
"""
|
@@ -1963,7 +2184,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1963
2184
|
|
1964
2185
|
@property
|
1965
2186
|
@pulumi.getter
|
1966
|
-
def userfilter(self) -> pulumi.Output[str]:
|
2187
|
+
def userfilter(self) -> pulumi.Output[builtins.str]:
|
1967
2188
|
"""
|
1968
2189
|
LDAP user search filter
|
1969
2190
|
"""
|
@@ -1971,7 +2192,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1971
2192
|
|
1972
2193
|
@property
|
1973
2194
|
@pulumi.getter(name="usernameAsAlias")
|
1974
|
-
def username_as_alias(self) -> pulumi.Output[bool]:
|
2195
|
+
def username_as_alias(self) -> pulumi.Output[builtins.bool]:
|
1975
2196
|
"""
|
1976
2197
|
Force the auth method to use the username passed by the user as the alias name.
|
1977
2198
|
"""
|