pulumi-vault 6.6.0a1741415971__py3-none-any.whl → 6.7.0a1741847926__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +8 -0
- pulumi_vault/aws/auth_backend_client.py +228 -4
- pulumi_vault/aws/secret_backend.py +266 -50
- pulumi_vault/aws/secret_backend_static_role.py +217 -0
- pulumi_vault/azure/auth_backend_config.py +257 -5
- pulumi_vault/azure/backend.py +249 -4
- pulumi_vault/database/_inputs.py +1692 -36
- pulumi_vault/database/outputs.py +1170 -18
- pulumi_vault/database/secret_backend_connection.py +220 -0
- pulumi_vault/database/secret_backend_static_role.py +143 -1
- pulumi_vault/database/secrets_mount.py +8 -0
- pulumi_vault/gcp/auth_backend.py +222 -2
- pulumi_vault/gcp/secret_backend.py +244 -4
- pulumi_vault/ldap/auth_backend.py +222 -2
- pulumi_vault/ldap/secret_backend.py +222 -2
- pulumi_vault/pkisecret/__init__.py +2 -0
- pulumi_vault/pkisecret/_inputs.py +0 -6
- pulumi_vault/pkisecret/backend_config_acme.py +47 -0
- pulumi_vault/pkisecret/backend_config_auto_tidy.py +1376 -0
- pulumi_vault/pkisecret/backend_config_cmpv2.py +61 -14
- pulumi_vault/pkisecret/get_backend_cert_metadata.py +277 -0
- pulumi_vault/pkisecret/get_backend_config_cmpv2.py +18 -1
- pulumi_vault/pkisecret/get_backend_issuer.py +114 -1
- pulumi_vault/pkisecret/outputs.py +0 -4
- pulumi_vault/pkisecret/secret_backend_cert.py +148 -7
- pulumi_vault/pkisecret/secret_backend_crl_config.py +54 -0
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +141 -0
- pulumi_vault/pkisecret/secret_backend_issuer.py +265 -0
- pulumi_vault/pkisecret/secret_backend_role.py +252 -3
- pulumi_vault/pkisecret/secret_backend_root_cert.py +423 -0
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +581 -3
- pulumi_vault/pkisecret/secret_backend_sign.py +94 -0
- pulumi_vault/pulumi-plugin.json +1 -1
- pulumi_vault/ssh/__init__.py +1 -0
- pulumi_vault/ssh/get_secret_backend_sign.py +294 -0
- pulumi_vault/terraformcloud/secret_role.py +7 -7
- pulumi_vault/transit/__init__.py +2 -0
- pulumi_vault/transit/get_sign.py +324 -0
- pulumi_vault/transit/get_verify.py +354 -0
- pulumi_vault/transit/secret_backend_key.py +162 -0
- {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0a1741847926.dist-info}/METADATA +1 -1
- {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0a1741847926.dist-info}/RECORD +44 -39
- {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0a1741847926.dist-info}/WHEEL +1 -1
- {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0a1741847926.dist-info}/top_level.txt +0 -0
@@ -22,6 +22,7 @@ class SecretBackendArgs:
|
|
22
22
|
credentials: Optional[pulumi.Input[str]] = None,
|
23
23
|
default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
24
24
|
description: Optional[pulumi.Input[str]] = None,
|
25
|
+
disable_automated_rotation: Optional[pulumi.Input[bool]] = None,
|
25
26
|
disable_remount: Optional[pulumi.Input[bool]] = None,
|
26
27
|
identity_token_audience: Optional[pulumi.Input[str]] = None,
|
27
28
|
identity_token_key: Optional[pulumi.Input[str]] = None,
|
@@ -30,6 +31,9 @@ class SecretBackendArgs:
|
|
30
31
|
max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
31
32
|
namespace: Optional[pulumi.Input[str]] = None,
|
32
33
|
path: Optional[pulumi.Input[str]] = None,
|
34
|
+
rotation_period: Optional[pulumi.Input[int]] = None,
|
35
|
+
rotation_schedule: Optional[pulumi.Input[str]] = None,
|
36
|
+
rotation_window: Optional[pulumi.Input[int]] = None,
|
33
37
|
service_account_email: Optional[pulumi.Input[str]] = None):
|
34
38
|
"""
|
35
39
|
The set of arguments for constructing a SecretBackend resource.
|
@@ -37,6 +41,8 @@ class SecretBackendArgs:
|
|
37
41
|
:param pulumi.Input[int] default_lease_ttl_seconds: The default TTL for credentials
|
38
42
|
issued by this backend. Defaults to '0'.
|
39
43
|
:param pulumi.Input[str] description: A human-friendly description for this backend.
|
44
|
+
:param pulumi.Input[bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
45
|
+
*Available only for Vault Enterprise*.
|
40
46
|
:param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
|
41
47
|
See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
|
42
48
|
:param pulumi.Input[str] identity_token_audience: The audience claim value for plugin identity
|
@@ -54,6 +60,14 @@ class SecretBackendArgs:
|
|
54
60
|
*Available only for Vault Enterprise*.
|
55
61
|
:param pulumi.Input[str] path: The unique path this backend should be mounted at. Must
|
56
62
|
not begin or end with a `/`. Defaults to `gcp`.
|
63
|
+
:param pulumi.Input[int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
|
64
|
+
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
65
|
+
*Available only for Vault Enterprise*.
|
66
|
+
:param pulumi.Input[str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
67
|
+
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+. *Available only for Vault Enterprise*.
|
68
|
+
:param pulumi.Input[int] rotation_window: The maximum amount of time in seconds allowed to complete
|
69
|
+
a rotation when a scheduled token rotation occurs. The default rotation window is
|
70
|
+
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+. *Available only for Vault Enterprise*.
|
57
71
|
:param pulumi.Input[str] service_account_email: Service Account to impersonate for plugin workload identity federation.
|
58
72
|
Required with `identity_token_audience`. Requires Vault 1.17+. *Available only for Vault Enterprise*.
|
59
73
|
"""
|
@@ -63,6 +77,8 @@ class SecretBackendArgs:
|
|
63
77
|
pulumi.set(__self__, "default_lease_ttl_seconds", default_lease_ttl_seconds)
|
64
78
|
if description is not None:
|
65
79
|
pulumi.set(__self__, "description", description)
|
80
|
+
if disable_automated_rotation is not None:
|
81
|
+
pulumi.set(__self__, "disable_automated_rotation", disable_automated_rotation)
|
66
82
|
if disable_remount is not None:
|
67
83
|
pulumi.set(__self__, "disable_remount", disable_remount)
|
68
84
|
if identity_token_audience is not None:
|
@@ -79,6 +95,12 @@ class SecretBackendArgs:
|
|
79
95
|
pulumi.set(__self__, "namespace", namespace)
|
80
96
|
if path is not None:
|
81
97
|
pulumi.set(__self__, "path", path)
|
98
|
+
if rotation_period is not None:
|
99
|
+
pulumi.set(__self__, "rotation_period", rotation_period)
|
100
|
+
if rotation_schedule is not None:
|
101
|
+
pulumi.set(__self__, "rotation_schedule", rotation_schedule)
|
102
|
+
if rotation_window is not None:
|
103
|
+
pulumi.set(__self__, "rotation_window", rotation_window)
|
82
104
|
if service_account_email is not None:
|
83
105
|
pulumi.set(__self__, "service_account_email", service_account_email)
|
84
106
|
|
@@ -119,6 +141,19 @@ class SecretBackendArgs:
|
|
119
141
|
def description(self, value: Optional[pulumi.Input[str]]):
|
120
142
|
pulumi.set(self, "description", value)
|
121
143
|
|
144
|
+
@property
|
145
|
+
@pulumi.getter(name="disableAutomatedRotation")
|
146
|
+
def disable_automated_rotation(self) -> Optional[pulumi.Input[bool]]:
|
147
|
+
"""
|
148
|
+
Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
149
|
+
*Available only for Vault Enterprise*.
|
150
|
+
"""
|
151
|
+
return pulumi.get(self, "disable_automated_rotation")
|
152
|
+
|
153
|
+
@disable_automated_rotation.setter
|
154
|
+
def disable_automated_rotation(self, value: Optional[pulumi.Input[bool]]):
|
155
|
+
pulumi.set(self, "disable_automated_rotation", value)
|
156
|
+
|
122
157
|
@property
|
123
158
|
@pulumi.getter(name="disableRemount")
|
124
159
|
def disable_remount(self) -> Optional[pulumi.Input[bool]]:
|
@@ -224,6 +259,47 @@ class SecretBackendArgs:
|
|
224
259
|
def path(self, value: Optional[pulumi.Input[str]]):
|
225
260
|
pulumi.set(self, "path", value)
|
226
261
|
|
262
|
+
@property
|
263
|
+
@pulumi.getter(name="rotationPeriod")
|
264
|
+
def rotation_period(self) -> Optional[pulumi.Input[int]]:
|
265
|
+
"""
|
266
|
+
The amount of time in seconds Vault should wait before rotating the root credential.
|
267
|
+
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
268
|
+
*Available only for Vault Enterprise*.
|
269
|
+
"""
|
270
|
+
return pulumi.get(self, "rotation_period")
|
271
|
+
|
272
|
+
@rotation_period.setter
|
273
|
+
def rotation_period(self, value: Optional[pulumi.Input[int]]):
|
274
|
+
pulumi.set(self, "rotation_period", value)
|
275
|
+
|
276
|
+
@property
|
277
|
+
@pulumi.getter(name="rotationSchedule")
|
278
|
+
def rotation_schedule(self) -> Optional[pulumi.Input[str]]:
|
279
|
+
"""
|
280
|
+
The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
281
|
+
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+. *Available only for Vault Enterprise*.
|
282
|
+
"""
|
283
|
+
return pulumi.get(self, "rotation_schedule")
|
284
|
+
|
285
|
+
@rotation_schedule.setter
|
286
|
+
def rotation_schedule(self, value: Optional[pulumi.Input[str]]):
|
287
|
+
pulumi.set(self, "rotation_schedule", value)
|
288
|
+
|
289
|
+
@property
|
290
|
+
@pulumi.getter(name="rotationWindow")
|
291
|
+
def rotation_window(self) -> Optional[pulumi.Input[int]]:
|
292
|
+
"""
|
293
|
+
The maximum amount of time in seconds allowed to complete
|
294
|
+
a rotation when a scheduled token rotation occurs. The default rotation window is
|
295
|
+
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+. *Available only for Vault Enterprise*.
|
296
|
+
"""
|
297
|
+
return pulumi.get(self, "rotation_window")
|
298
|
+
|
299
|
+
@rotation_window.setter
|
300
|
+
def rotation_window(self, value: Optional[pulumi.Input[int]]):
|
301
|
+
pulumi.set(self, "rotation_window", value)
|
302
|
+
|
227
303
|
@property
|
228
304
|
@pulumi.getter(name="serviceAccountEmail")
|
229
305
|
def service_account_email(self) -> Optional[pulumi.Input[str]]:
|
@@ -245,6 +321,7 @@ class _SecretBackendState:
|
|
245
321
|
credentials: Optional[pulumi.Input[str]] = None,
|
246
322
|
default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
247
323
|
description: Optional[pulumi.Input[str]] = None,
|
324
|
+
disable_automated_rotation: Optional[pulumi.Input[bool]] = None,
|
248
325
|
disable_remount: Optional[pulumi.Input[bool]] = None,
|
249
326
|
identity_token_audience: Optional[pulumi.Input[str]] = None,
|
250
327
|
identity_token_key: Optional[pulumi.Input[str]] = None,
|
@@ -253,6 +330,9 @@ class _SecretBackendState:
|
|
253
330
|
max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
254
331
|
namespace: Optional[pulumi.Input[str]] = None,
|
255
332
|
path: Optional[pulumi.Input[str]] = None,
|
333
|
+
rotation_period: Optional[pulumi.Input[int]] = None,
|
334
|
+
rotation_schedule: Optional[pulumi.Input[str]] = None,
|
335
|
+
rotation_window: Optional[pulumi.Input[int]] = None,
|
256
336
|
service_account_email: Optional[pulumi.Input[str]] = None):
|
257
337
|
"""
|
258
338
|
Input properties used for looking up and filtering SecretBackend resources.
|
@@ -261,6 +341,8 @@ class _SecretBackendState:
|
|
261
341
|
:param pulumi.Input[int] default_lease_ttl_seconds: The default TTL for credentials
|
262
342
|
issued by this backend. Defaults to '0'.
|
263
343
|
:param pulumi.Input[str] description: A human-friendly description for this backend.
|
344
|
+
:param pulumi.Input[bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
345
|
+
*Available only for Vault Enterprise*.
|
264
346
|
:param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
|
265
347
|
See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
|
266
348
|
:param pulumi.Input[str] identity_token_audience: The audience claim value for plugin identity
|
@@ -278,6 +360,14 @@ class _SecretBackendState:
|
|
278
360
|
*Available only for Vault Enterprise*.
|
279
361
|
:param pulumi.Input[str] path: The unique path this backend should be mounted at. Must
|
280
362
|
not begin or end with a `/`. Defaults to `gcp`.
|
363
|
+
:param pulumi.Input[int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
|
364
|
+
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
365
|
+
*Available only for Vault Enterprise*.
|
366
|
+
:param pulumi.Input[str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
367
|
+
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+. *Available only for Vault Enterprise*.
|
368
|
+
:param pulumi.Input[int] rotation_window: The maximum amount of time in seconds allowed to complete
|
369
|
+
a rotation when a scheduled token rotation occurs. The default rotation window is
|
370
|
+
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+. *Available only for Vault Enterprise*.
|
281
371
|
:param pulumi.Input[str] service_account_email: Service Account to impersonate for plugin workload identity federation.
|
282
372
|
Required with `identity_token_audience`. Requires Vault 1.17+. *Available only for Vault Enterprise*.
|
283
373
|
"""
|
@@ -289,6 +379,8 @@ class _SecretBackendState:
|
|
289
379
|
pulumi.set(__self__, "default_lease_ttl_seconds", default_lease_ttl_seconds)
|
290
380
|
if description is not None:
|
291
381
|
pulumi.set(__self__, "description", description)
|
382
|
+
if disable_automated_rotation is not None:
|
383
|
+
pulumi.set(__self__, "disable_automated_rotation", disable_automated_rotation)
|
292
384
|
if disable_remount is not None:
|
293
385
|
pulumi.set(__self__, "disable_remount", disable_remount)
|
294
386
|
if identity_token_audience is not None:
|
@@ -305,6 +397,12 @@ class _SecretBackendState:
|
|
305
397
|
pulumi.set(__self__, "namespace", namespace)
|
306
398
|
if path is not None:
|
307
399
|
pulumi.set(__self__, "path", path)
|
400
|
+
if rotation_period is not None:
|
401
|
+
pulumi.set(__self__, "rotation_period", rotation_period)
|
402
|
+
if rotation_schedule is not None:
|
403
|
+
pulumi.set(__self__, "rotation_schedule", rotation_schedule)
|
404
|
+
if rotation_window is not None:
|
405
|
+
pulumi.set(__self__, "rotation_window", rotation_window)
|
308
406
|
if service_account_email is not None:
|
309
407
|
pulumi.set(__self__, "service_account_email", service_account_email)
|
310
408
|
|
@@ -357,6 +455,19 @@ class _SecretBackendState:
|
|
357
455
|
def description(self, value: Optional[pulumi.Input[str]]):
|
358
456
|
pulumi.set(self, "description", value)
|
359
457
|
|
458
|
+
@property
|
459
|
+
@pulumi.getter(name="disableAutomatedRotation")
|
460
|
+
def disable_automated_rotation(self) -> Optional[pulumi.Input[bool]]:
|
461
|
+
"""
|
462
|
+
Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
463
|
+
*Available only for Vault Enterprise*.
|
464
|
+
"""
|
465
|
+
return pulumi.get(self, "disable_automated_rotation")
|
466
|
+
|
467
|
+
@disable_automated_rotation.setter
|
468
|
+
def disable_automated_rotation(self, value: Optional[pulumi.Input[bool]]):
|
469
|
+
pulumi.set(self, "disable_automated_rotation", value)
|
470
|
+
|
360
471
|
@property
|
361
472
|
@pulumi.getter(name="disableRemount")
|
362
473
|
def disable_remount(self) -> Optional[pulumi.Input[bool]]:
|
@@ -462,6 +573,47 @@ class _SecretBackendState:
|
|
462
573
|
def path(self, value: Optional[pulumi.Input[str]]):
|
463
574
|
pulumi.set(self, "path", value)
|
464
575
|
|
576
|
+
@property
|
577
|
+
@pulumi.getter(name="rotationPeriod")
|
578
|
+
def rotation_period(self) -> Optional[pulumi.Input[int]]:
|
579
|
+
"""
|
580
|
+
The amount of time in seconds Vault should wait before rotating the root credential.
|
581
|
+
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
582
|
+
*Available only for Vault Enterprise*.
|
583
|
+
"""
|
584
|
+
return pulumi.get(self, "rotation_period")
|
585
|
+
|
586
|
+
@rotation_period.setter
|
587
|
+
def rotation_period(self, value: Optional[pulumi.Input[int]]):
|
588
|
+
pulumi.set(self, "rotation_period", value)
|
589
|
+
|
590
|
+
@property
|
591
|
+
@pulumi.getter(name="rotationSchedule")
|
592
|
+
def rotation_schedule(self) -> Optional[pulumi.Input[str]]:
|
593
|
+
"""
|
594
|
+
The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
595
|
+
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+. *Available only for Vault Enterprise*.
|
596
|
+
"""
|
597
|
+
return pulumi.get(self, "rotation_schedule")
|
598
|
+
|
599
|
+
@rotation_schedule.setter
|
600
|
+
def rotation_schedule(self, value: Optional[pulumi.Input[str]]):
|
601
|
+
pulumi.set(self, "rotation_schedule", value)
|
602
|
+
|
603
|
+
@property
|
604
|
+
@pulumi.getter(name="rotationWindow")
|
605
|
+
def rotation_window(self) -> Optional[pulumi.Input[int]]:
|
606
|
+
"""
|
607
|
+
The maximum amount of time in seconds allowed to complete
|
608
|
+
a rotation when a scheduled token rotation occurs. The default rotation window is
|
609
|
+
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+. *Available only for Vault Enterprise*.
|
610
|
+
"""
|
611
|
+
return pulumi.get(self, "rotation_window")
|
612
|
+
|
613
|
+
@rotation_window.setter
|
614
|
+
def rotation_window(self, value: Optional[pulumi.Input[int]]):
|
615
|
+
pulumi.set(self, "rotation_window", value)
|
616
|
+
|
465
617
|
@property
|
466
618
|
@pulumi.getter(name="serviceAccountEmail")
|
467
619
|
def service_account_email(self) -> Optional[pulumi.Input[str]]:
|
@@ -484,6 +636,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
484
636
|
credentials: Optional[pulumi.Input[str]] = None,
|
485
637
|
default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
486
638
|
description: Optional[pulumi.Input[str]] = None,
|
639
|
+
disable_automated_rotation: Optional[pulumi.Input[bool]] = None,
|
487
640
|
disable_remount: Optional[pulumi.Input[bool]] = None,
|
488
641
|
identity_token_audience: Optional[pulumi.Input[str]] = None,
|
489
642
|
identity_token_key: Optional[pulumi.Input[str]] = None,
|
@@ -492,6 +645,9 @@ class SecretBackend(pulumi.CustomResource):
|
|
492
645
|
max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
493
646
|
namespace: Optional[pulumi.Input[str]] = None,
|
494
647
|
path: Optional[pulumi.Input[str]] = None,
|
648
|
+
rotation_period: Optional[pulumi.Input[int]] = None,
|
649
|
+
rotation_schedule: Optional[pulumi.Input[str]] = None,
|
650
|
+
rotation_window: Optional[pulumi.Input[int]] = None,
|
495
651
|
service_account_email: Optional[pulumi.Input[str]] = None,
|
496
652
|
__props__=None):
|
497
653
|
"""
|
@@ -506,7 +662,9 @@ class SecretBackend(pulumi.CustomResource):
|
|
506
662
|
identity_token_key="example-key",
|
507
663
|
identity_token_ttl=1800,
|
508
664
|
identity_token_audience="<TOKEN_AUDIENCE>",
|
509
|
-
service_account_email="<SERVICE_ACCOUNT_EMAIL>"
|
665
|
+
service_account_email="<SERVICE_ACCOUNT_EMAIL>",
|
666
|
+
rotation_schedule="0 * * * SAT",
|
667
|
+
rotation_window=3600)
|
510
668
|
```
|
511
669
|
|
512
670
|
```python
|
@@ -514,7 +672,10 @@ class SecretBackend(pulumi.CustomResource):
|
|
514
672
|
import pulumi_std as std
|
515
673
|
import pulumi_vault as vault
|
516
674
|
|
517
|
-
gcp = vault.gcp.SecretBackend("gcp",
|
675
|
+
gcp = vault.gcp.SecretBackend("gcp",
|
676
|
+
credentials=std.file(input="credentials.json").result,
|
677
|
+
rotation_schedule="0 * * * SAT",
|
678
|
+
rotation_window=3600)
|
518
679
|
```
|
519
680
|
|
520
681
|
:param str resource_name: The name of the resource.
|
@@ -523,6 +684,8 @@ class SecretBackend(pulumi.CustomResource):
|
|
523
684
|
:param pulumi.Input[int] default_lease_ttl_seconds: The default TTL for credentials
|
524
685
|
issued by this backend. Defaults to '0'.
|
525
686
|
:param pulumi.Input[str] description: A human-friendly description for this backend.
|
687
|
+
:param pulumi.Input[bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
688
|
+
*Available only for Vault Enterprise*.
|
526
689
|
:param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
|
527
690
|
See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
|
528
691
|
:param pulumi.Input[str] identity_token_audience: The audience claim value for plugin identity
|
@@ -540,6 +703,14 @@ class SecretBackend(pulumi.CustomResource):
|
|
540
703
|
*Available only for Vault Enterprise*.
|
541
704
|
:param pulumi.Input[str] path: The unique path this backend should be mounted at. Must
|
542
705
|
not begin or end with a `/`. Defaults to `gcp`.
|
706
|
+
:param pulumi.Input[int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
|
707
|
+
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
708
|
+
*Available only for Vault Enterprise*.
|
709
|
+
:param pulumi.Input[str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
710
|
+
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+. *Available only for Vault Enterprise*.
|
711
|
+
:param pulumi.Input[int] rotation_window: The maximum amount of time in seconds allowed to complete
|
712
|
+
a rotation when a scheduled token rotation occurs. The default rotation window is
|
713
|
+
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+. *Available only for Vault Enterprise*.
|
543
714
|
:param pulumi.Input[str] service_account_email: Service Account to impersonate for plugin workload identity federation.
|
544
715
|
Required with `identity_token_audience`. Requires Vault 1.17+. *Available only for Vault Enterprise*.
|
545
716
|
"""
|
@@ -561,7 +732,9 @@ class SecretBackend(pulumi.CustomResource):
|
|
561
732
|
identity_token_key="example-key",
|
562
733
|
identity_token_ttl=1800,
|
563
734
|
identity_token_audience="<TOKEN_AUDIENCE>",
|
564
|
-
service_account_email="<SERVICE_ACCOUNT_EMAIL>"
|
735
|
+
service_account_email="<SERVICE_ACCOUNT_EMAIL>",
|
736
|
+
rotation_schedule="0 * * * SAT",
|
737
|
+
rotation_window=3600)
|
565
738
|
```
|
566
739
|
|
567
740
|
```python
|
@@ -569,7 +742,10 @@ class SecretBackend(pulumi.CustomResource):
|
|
569
742
|
import pulumi_std as std
|
570
743
|
import pulumi_vault as vault
|
571
744
|
|
572
|
-
gcp = vault.gcp.SecretBackend("gcp",
|
745
|
+
gcp = vault.gcp.SecretBackend("gcp",
|
746
|
+
credentials=std.file(input="credentials.json").result,
|
747
|
+
rotation_schedule="0 * * * SAT",
|
748
|
+
rotation_window=3600)
|
573
749
|
```
|
574
750
|
|
575
751
|
:param str resource_name: The name of the resource.
|
@@ -590,6 +766,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
590
766
|
credentials: Optional[pulumi.Input[str]] = None,
|
591
767
|
default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
592
768
|
description: Optional[pulumi.Input[str]] = None,
|
769
|
+
disable_automated_rotation: Optional[pulumi.Input[bool]] = None,
|
593
770
|
disable_remount: Optional[pulumi.Input[bool]] = None,
|
594
771
|
identity_token_audience: Optional[pulumi.Input[str]] = None,
|
595
772
|
identity_token_key: Optional[pulumi.Input[str]] = None,
|
@@ -598,6 +775,9 @@ class SecretBackend(pulumi.CustomResource):
|
|
598
775
|
max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
599
776
|
namespace: Optional[pulumi.Input[str]] = None,
|
600
777
|
path: Optional[pulumi.Input[str]] = None,
|
778
|
+
rotation_period: Optional[pulumi.Input[int]] = None,
|
779
|
+
rotation_schedule: Optional[pulumi.Input[str]] = None,
|
780
|
+
rotation_window: Optional[pulumi.Input[int]] = None,
|
601
781
|
service_account_email: Optional[pulumi.Input[str]] = None,
|
602
782
|
__props__=None):
|
603
783
|
opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
|
@@ -611,6 +791,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
611
791
|
__props__.__dict__["credentials"] = None if credentials is None else pulumi.Output.secret(credentials)
|
612
792
|
__props__.__dict__["default_lease_ttl_seconds"] = default_lease_ttl_seconds
|
613
793
|
__props__.__dict__["description"] = description
|
794
|
+
__props__.__dict__["disable_automated_rotation"] = disable_automated_rotation
|
614
795
|
__props__.__dict__["disable_remount"] = disable_remount
|
615
796
|
__props__.__dict__["identity_token_audience"] = identity_token_audience
|
616
797
|
__props__.__dict__["identity_token_key"] = identity_token_key
|
@@ -619,6 +800,9 @@ class SecretBackend(pulumi.CustomResource):
|
|
619
800
|
__props__.__dict__["max_lease_ttl_seconds"] = max_lease_ttl_seconds
|
620
801
|
__props__.__dict__["namespace"] = namespace
|
621
802
|
__props__.__dict__["path"] = path
|
803
|
+
__props__.__dict__["rotation_period"] = rotation_period
|
804
|
+
__props__.__dict__["rotation_schedule"] = rotation_schedule
|
805
|
+
__props__.__dict__["rotation_window"] = rotation_window
|
622
806
|
__props__.__dict__["service_account_email"] = service_account_email
|
623
807
|
__props__.__dict__["accessor"] = None
|
624
808
|
secret_opts = pulumi.ResourceOptions(additional_secret_outputs=["credentials"])
|
@@ -637,6 +821,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
637
821
|
credentials: Optional[pulumi.Input[str]] = None,
|
638
822
|
default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
639
823
|
description: Optional[pulumi.Input[str]] = None,
|
824
|
+
disable_automated_rotation: Optional[pulumi.Input[bool]] = None,
|
640
825
|
disable_remount: Optional[pulumi.Input[bool]] = None,
|
641
826
|
identity_token_audience: Optional[pulumi.Input[str]] = None,
|
642
827
|
identity_token_key: Optional[pulumi.Input[str]] = None,
|
@@ -645,6 +830,9 @@ class SecretBackend(pulumi.CustomResource):
|
|
645
830
|
max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
646
831
|
namespace: Optional[pulumi.Input[str]] = None,
|
647
832
|
path: Optional[pulumi.Input[str]] = None,
|
833
|
+
rotation_period: Optional[pulumi.Input[int]] = None,
|
834
|
+
rotation_schedule: Optional[pulumi.Input[str]] = None,
|
835
|
+
rotation_window: Optional[pulumi.Input[int]] = None,
|
648
836
|
service_account_email: Optional[pulumi.Input[str]] = None) -> 'SecretBackend':
|
649
837
|
"""
|
650
838
|
Get an existing SecretBackend resource's state with the given name, id, and optional extra
|
@@ -658,6 +846,8 @@ class SecretBackend(pulumi.CustomResource):
|
|
658
846
|
:param pulumi.Input[int] default_lease_ttl_seconds: The default TTL for credentials
|
659
847
|
issued by this backend. Defaults to '0'.
|
660
848
|
:param pulumi.Input[str] description: A human-friendly description for this backend.
|
849
|
+
:param pulumi.Input[bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
850
|
+
*Available only for Vault Enterprise*.
|
661
851
|
:param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
|
662
852
|
See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
|
663
853
|
:param pulumi.Input[str] identity_token_audience: The audience claim value for plugin identity
|
@@ -675,6 +865,14 @@ class SecretBackend(pulumi.CustomResource):
|
|
675
865
|
*Available only for Vault Enterprise*.
|
676
866
|
:param pulumi.Input[str] path: The unique path this backend should be mounted at. Must
|
677
867
|
not begin or end with a `/`. Defaults to `gcp`.
|
868
|
+
:param pulumi.Input[int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
|
869
|
+
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
870
|
+
*Available only for Vault Enterprise*.
|
871
|
+
:param pulumi.Input[str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
872
|
+
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+. *Available only for Vault Enterprise*.
|
873
|
+
:param pulumi.Input[int] rotation_window: The maximum amount of time in seconds allowed to complete
|
874
|
+
a rotation when a scheduled token rotation occurs. The default rotation window is
|
875
|
+
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+. *Available only for Vault Enterprise*.
|
678
876
|
:param pulumi.Input[str] service_account_email: Service Account to impersonate for plugin workload identity federation.
|
679
877
|
Required with `identity_token_audience`. Requires Vault 1.17+. *Available only for Vault Enterprise*.
|
680
878
|
"""
|
@@ -686,6 +884,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
686
884
|
__props__.__dict__["credentials"] = credentials
|
687
885
|
__props__.__dict__["default_lease_ttl_seconds"] = default_lease_ttl_seconds
|
688
886
|
__props__.__dict__["description"] = description
|
887
|
+
__props__.__dict__["disable_automated_rotation"] = disable_automated_rotation
|
689
888
|
__props__.__dict__["disable_remount"] = disable_remount
|
690
889
|
__props__.__dict__["identity_token_audience"] = identity_token_audience
|
691
890
|
__props__.__dict__["identity_token_key"] = identity_token_key
|
@@ -694,6 +893,9 @@ class SecretBackend(pulumi.CustomResource):
|
|
694
893
|
__props__.__dict__["max_lease_ttl_seconds"] = max_lease_ttl_seconds
|
695
894
|
__props__.__dict__["namespace"] = namespace
|
696
895
|
__props__.__dict__["path"] = path
|
896
|
+
__props__.__dict__["rotation_period"] = rotation_period
|
897
|
+
__props__.__dict__["rotation_schedule"] = rotation_schedule
|
898
|
+
__props__.__dict__["rotation_window"] = rotation_window
|
697
899
|
__props__.__dict__["service_account_email"] = service_account_email
|
698
900
|
return SecretBackend(resource_name, opts=opts, __props__=__props__)
|
699
901
|
|
@@ -730,6 +932,15 @@ class SecretBackend(pulumi.CustomResource):
|
|
730
932
|
"""
|
731
933
|
return pulumi.get(self, "description")
|
732
934
|
|
935
|
+
@property
|
936
|
+
@pulumi.getter(name="disableAutomatedRotation")
|
937
|
+
def disable_automated_rotation(self) -> pulumi.Output[Optional[bool]]:
|
938
|
+
"""
|
939
|
+
Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
940
|
+
*Available only for Vault Enterprise*.
|
941
|
+
"""
|
942
|
+
return pulumi.get(self, "disable_automated_rotation")
|
943
|
+
|
733
944
|
@property
|
734
945
|
@pulumi.getter(name="disableRemount")
|
735
946
|
def disable_remount(self) -> pulumi.Output[Optional[bool]]:
|
@@ -803,6 +1014,35 @@ class SecretBackend(pulumi.CustomResource):
|
|
803
1014
|
"""
|
804
1015
|
return pulumi.get(self, "path")
|
805
1016
|
|
1017
|
+
@property
|
1018
|
+
@pulumi.getter(name="rotationPeriod")
|
1019
|
+
def rotation_period(self) -> pulumi.Output[Optional[int]]:
|
1020
|
+
"""
|
1021
|
+
The amount of time in seconds Vault should wait before rotating the root credential.
|
1022
|
+
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
1023
|
+
*Available only for Vault Enterprise*.
|
1024
|
+
"""
|
1025
|
+
return pulumi.get(self, "rotation_period")
|
1026
|
+
|
1027
|
+
@property
|
1028
|
+
@pulumi.getter(name="rotationSchedule")
|
1029
|
+
def rotation_schedule(self) -> pulumi.Output[Optional[str]]:
|
1030
|
+
"""
|
1031
|
+
The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
1032
|
+
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+. *Available only for Vault Enterprise*.
|
1033
|
+
"""
|
1034
|
+
return pulumi.get(self, "rotation_schedule")
|
1035
|
+
|
1036
|
+
@property
|
1037
|
+
@pulumi.getter(name="rotationWindow")
|
1038
|
+
def rotation_window(self) -> pulumi.Output[Optional[int]]:
|
1039
|
+
"""
|
1040
|
+
The maximum amount of time in seconds allowed to complete
|
1041
|
+
a rotation when a scheduled token rotation occurs. The default rotation window is
|
1042
|
+
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+. *Available only for Vault Enterprise*.
|
1043
|
+
"""
|
1044
|
+
return pulumi.get(self, "rotation_window")
|
1045
|
+
|
806
1046
|
@property
|
807
1047
|
@pulumi.getter(name="serviceAccountEmail")
|
808
1048
|
def service_account_email(self) -> pulumi.Output[Optional[str]]:
|