pulumi-vault 6.6.0a1741415971__py3-none-any.whl → 6.7.0a1741847926__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +8 -0
- pulumi_vault/aws/auth_backend_client.py +228 -4
- pulumi_vault/aws/secret_backend.py +266 -50
- pulumi_vault/aws/secret_backend_static_role.py +217 -0
- pulumi_vault/azure/auth_backend_config.py +257 -5
- pulumi_vault/azure/backend.py +249 -4
- pulumi_vault/database/_inputs.py +1692 -36
- pulumi_vault/database/outputs.py +1170 -18
- pulumi_vault/database/secret_backend_connection.py +220 -0
- pulumi_vault/database/secret_backend_static_role.py +143 -1
- pulumi_vault/database/secrets_mount.py +8 -0
- pulumi_vault/gcp/auth_backend.py +222 -2
- pulumi_vault/gcp/secret_backend.py +244 -4
- pulumi_vault/ldap/auth_backend.py +222 -2
- pulumi_vault/ldap/secret_backend.py +222 -2
- pulumi_vault/pkisecret/__init__.py +2 -0
- pulumi_vault/pkisecret/_inputs.py +0 -6
- pulumi_vault/pkisecret/backend_config_acme.py +47 -0
- pulumi_vault/pkisecret/backend_config_auto_tidy.py +1376 -0
- pulumi_vault/pkisecret/backend_config_cmpv2.py +61 -14
- pulumi_vault/pkisecret/get_backend_cert_metadata.py +277 -0
- pulumi_vault/pkisecret/get_backend_config_cmpv2.py +18 -1
- pulumi_vault/pkisecret/get_backend_issuer.py +114 -1
- pulumi_vault/pkisecret/outputs.py +0 -4
- pulumi_vault/pkisecret/secret_backend_cert.py +148 -7
- pulumi_vault/pkisecret/secret_backend_crl_config.py +54 -0
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +141 -0
- pulumi_vault/pkisecret/secret_backend_issuer.py +265 -0
- pulumi_vault/pkisecret/secret_backend_role.py +252 -3
- pulumi_vault/pkisecret/secret_backend_root_cert.py +423 -0
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +581 -3
- pulumi_vault/pkisecret/secret_backend_sign.py +94 -0
- pulumi_vault/pulumi-plugin.json +1 -1
- pulumi_vault/ssh/__init__.py +1 -0
- pulumi_vault/ssh/get_secret_backend_sign.py +294 -0
- pulumi_vault/terraformcloud/secret_role.py +7 -7
- pulumi_vault/transit/__init__.py +2 -0
- pulumi_vault/transit/get_sign.py +324 -0
- pulumi_vault/transit/get_verify.py +354 -0
- pulumi_vault/transit/secret_backend_key.py +162 -0
- {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0a1741847926.dist-info}/METADATA +1 -1
- {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0a1741847926.dist-info}/RECORD +44 -39
- {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0a1741847926.dist-info}/WHEEL +1 -1
- {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0a1741847926.dist-info}/top_level.txt +0 -0
@@ -25,6 +25,7 @@ class BackendConfigCmpv2Args:
|
|
25
25
|
audit_fields: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
26
26
|
authenticators: Optional[pulumi.Input['BackendConfigCmpv2AuthenticatorsArgs']] = None,
|
27
27
|
default_path_policy: Optional[pulumi.Input[str]] = None,
|
28
|
+
disabled_validations: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
28
29
|
enable_sentinel_parsing: Optional[pulumi.Input[bool]] = None,
|
29
30
|
enabled: Optional[pulumi.Input[bool]] = None,
|
30
31
|
namespace: Optional[pulumi.Input[str]] = None):
|
@@ -33,10 +34,11 @@ class BackendConfigCmpv2Args:
|
|
33
34
|
:param pulumi.Input[str] backend: The path to the PKI secret backend to
|
34
35
|
read the CMPv2 configuration from, with no leading or trailing `/`s.
|
35
36
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] audit_fields: Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.
|
36
|
-
|
37
|
-
<a id="nestedatt--authenticators"></a>
|
38
37
|
:param pulumi.Input['BackendConfigCmpv2AuthenticatorsArgs'] authenticators: Lists the mount accessors CMPv2 should delegate authentication requests towards (see below for nested schema).
|
39
38
|
:param pulumi.Input[str] default_path_policy: Specifies the behavior for requests using the non-role-qualified CMPv2 requests. Can be sign-verbatim or a role given by role:<role_name>.
|
39
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] disabled_validations: A comma-separated list of validations not to perform on CMPv2 messages.
|
40
|
+
|
41
|
+
<a id="nestedatt--authenticators"></a>
|
40
42
|
:param pulumi.Input[bool] enable_sentinel_parsing: If set, parse out fields from the provided CSR making them available for Sentinel policies.
|
41
43
|
:param pulumi.Input[bool] enabled: Specifies whether CMPv2 is enabled.
|
42
44
|
:param pulumi.Input[str] namespace: The namespace of the target resource.
|
@@ -51,6 +53,8 @@ class BackendConfigCmpv2Args:
|
|
51
53
|
pulumi.set(__self__, "authenticators", authenticators)
|
52
54
|
if default_path_policy is not None:
|
53
55
|
pulumi.set(__self__, "default_path_policy", default_path_policy)
|
56
|
+
if disabled_validations is not None:
|
57
|
+
pulumi.set(__self__, "disabled_validations", disabled_validations)
|
54
58
|
if enable_sentinel_parsing is not None:
|
55
59
|
pulumi.set(__self__, "enable_sentinel_parsing", enable_sentinel_parsing)
|
56
60
|
if enabled is not None:
|
@@ -76,8 +80,6 @@ class BackendConfigCmpv2Args:
|
|
76
80
|
def audit_fields(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
77
81
|
"""
|
78
82
|
Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.
|
79
|
-
|
80
|
-
<a id="nestedatt--authenticators"></a>
|
81
83
|
"""
|
82
84
|
return pulumi.get(self, "audit_fields")
|
83
85
|
|
@@ -109,6 +111,20 @@ class BackendConfigCmpv2Args:
|
|
109
111
|
def default_path_policy(self, value: Optional[pulumi.Input[str]]):
|
110
112
|
pulumi.set(self, "default_path_policy", value)
|
111
113
|
|
114
|
+
@property
|
115
|
+
@pulumi.getter(name="disabledValidations")
|
116
|
+
def disabled_validations(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
117
|
+
"""
|
118
|
+
A comma-separated list of validations not to perform on CMPv2 messages.
|
119
|
+
|
120
|
+
<a id="nestedatt--authenticators"></a>
|
121
|
+
"""
|
122
|
+
return pulumi.get(self, "disabled_validations")
|
123
|
+
|
124
|
+
@disabled_validations.setter
|
125
|
+
def disabled_validations(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
126
|
+
pulumi.set(self, "disabled_validations", value)
|
127
|
+
|
112
128
|
@property
|
113
129
|
@pulumi.getter(name="enableSentinelParsing")
|
114
130
|
def enable_sentinel_parsing(self) -> Optional[pulumi.Input[bool]]:
|
@@ -156,6 +172,7 @@ class _BackendConfigCmpv2State:
|
|
156
172
|
authenticators: Optional[pulumi.Input['BackendConfigCmpv2AuthenticatorsArgs']] = None,
|
157
173
|
backend: Optional[pulumi.Input[str]] = None,
|
158
174
|
default_path_policy: Optional[pulumi.Input[str]] = None,
|
175
|
+
disabled_validations: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
159
176
|
enable_sentinel_parsing: Optional[pulumi.Input[bool]] = None,
|
160
177
|
enabled: Optional[pulumi.Input[bool]] = None,
|
161
178
|
last_updated: Optional[pulumi.Input[str]] = None,
|
@@ -163,12 +180,13 @@ class _BackendConfigCmpv2State:
|
|
163
180
|
"""
|
164
181
|
Input properties used for looking up and filtering BackendConfigCmpv2 resources.
|
165
182
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] audit_fields: Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.
|
166
|
-
|
167
|
-
<a id="nestedatt--authenticators"></a>
|
168
183
|
:param pulumi.Input['BackendConfigCmpv2AuthenticatorsArgs'] authenticators: Lists the mount accessors CMPv2 should delegate authentication requests towards (see below for nested schema).
|
169
184
|
:param pulumi.Input[str] backend: The path to the PKI secret backend to
|
170
185
|
read the CMPv2 configuration from, with no leading or trailing `/`s.
|
171
186
|
:param pulumi.Input[str] default_path_policy: Specifies the behavior for requests using the non-role-qualified CMPv2 requests. Can be sign-verbatim or a role given by role:<role_name>.
|
187
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] disabled_validations: A comma-separated list of validations not to perform on CMPv2 messages.
|
188
|
+
|
189
|
+
<a id="nestedatt--authenticators"></a>
|
172
190
|
:param pulumi.Input[bool] enable_sentinel_parsing: If set, parse out fields from the provided CSR making them available for Sentinel policies.
|
173
191
|
:param pulumi.Input[bool] enabled: Specifies whether CMPv2 is enabled.
|
174
192
|
:param pulumi.Input[str] last_updated: A read-only timestamp representing the last time the configuration was updated.
|
@@ -185,6 +203,8 @@ class _BackendConfigCmpv2State:
|
|
185
203
|
pulumi.set(__self__, "backend", backend)
|
186
204
|
if default_path_policy is not None:
|
187
205
|
pulumi.set(__self__, "default_path_policy", default_path_policy)
|
206
|
+
if disabled_validations is not None:
|
207
|
+
pulumi.set(__self__, "disabled_validations", disabled_validations)
|
188
208
|
if enable_sentinel_parsing is not None:
|
189
209
|
pulumi.set(__self__, "enable_sentinel_parsing", enable_sentinel_parsing)
|
190
210
|
if enabled is not None:
|
@@ -199,8 +219,6 @@ class _BackendConfigCmpv2State:
|
|
199
219
|
def audit_fields(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
200
220
|
"""
|
201
221
|
Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.
|
202
|
-
|
203
|
-
<a id="nestedatt--authenticators"></a>
|
204
222
|
"""
|
205
223
|
return pulumi.get(self, "audit_fields")
|
206
224
|
|
@@ -245,6 +263,20 @@ class _BackendConfigCmpv2State:
|
|
245
263
|
def default_path_policy(self, value: Optional[pulumi.Input[str]]):
|
246
264
|
pulumi.set(self, "default_path_policy", value)
|
247
265
|
|
266
|
+
@property
|
267
|
+
@pulumi.getter(name="disabledValidations")
|
268
|
+
def disabled_validations(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
269
|
+
"""
|
270
|
+
A comma-separated list of validations not to perform on CMPv2 messages.
|
271
|
+
|
272
|
+
<a id="nestedatt--authenticators"></a>
|
273
|
+
"""
|
274
|
+
return pulumi.get(self, "disabled_validations")
|
275
|
+
|
276
|
+
@disabled_validations.setter
|
277
|
+
def disabled_validations(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
278
|
+
pulumi.set(self, "disabled_validations", value)
|
279
|
+
|
248
280
|
@property
|
249
281
|
@pulumi.getter(name="enableSentinelParsing")
|
250
282
|
def enable_sentinel_parsing(self) -> Optional[pulumi.Input[bool]]:
|
@@ -306,6 +338,7 @@ class BackendConfigCmpv2(pulumi.CustomResource):
|
|
306
338
|
authenticators: Optional[pulumi.Input[Union['BackendConfigCmpv2AuthenticatorsArgs', 'BackendConfigCmpv2AuthenticatorsArgsDict']]] = None,
|
307
339
|
backend: Optional[pulumi.Input[str]] = None,
|
308
340
|
default_path_policy: Optional[pulumi.Input[str]] = None,
|
341
|
+
disabled_validations: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
309
342
|
enable_sentinel_parsing: Optional[pulumi.Input[bool]] = None,
|
310
343
|
enabled: Optional[pulumi.Input[bool]] = None,
|
311
344
|
namespace: Optional[pulumi.Input[str]] = None,
|
@@ -326,12 +359,13 @@ class BackendConfigCmpv2(pulumi.CustomResource):
|
|
326
359
|
:param str resource_name: The name of the resource.
|
327
360
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
328
361
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] audit_fields: Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.
|
329
|
-
|
330
|
-
<a id="nestedatt--authenticators"></a>
|
331
362
|
:param pulumi.Input[Union['BackendConfigCmpv2AuthenticatorsArgs', 'BackendConfigCmpv2AuthenticatorsArgsDict']] authenticators: Lists the mount accessors CMPv2 should delegate authentication requests towards (see below for nested schema).
|
332
363
|
:param pulumi.Input[str] backend: The path to the PKI secret backend to
|
333
364
|
read the CMPv2 configuration from, with no leading or trailing `/`s.
|
334
365
|
:param pulumi.Input[str] default_path_policy: Specifies the behavior for requests using the non-role-qualified CMPv2 requests. Can be sign-verbatim or a role given by role:<role_name>.
|
366
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] disabled_validations: A comma-separated list of validations not to perform on CMPv2 messages.
|
367
|
+
|
368
|
+
<a id="nestedatt--authenticators"></a>
|
335
369
|
:param pulumi.Input[bool] enable_sentinel_parsing: If set, parse out fields from the provided CSR making them available for Sentinel policies.
|
336
370
|
:param pulumi.Input[bool] enabled: Specifies whether CMPv2 is enabled.
|
337
371
|
:param pulumi.Input[str] namespace: The namespace of the target resource.
|
@@ -377,6 +411,7 @@ class BackendConfigCmpv2(pulumi.CustomResource):
|
|
377
411
|
authenticators: Optional[pulumi.Input[Union['BackendConfigCmpv2AuthenticatorsArgs', 'BackendConfigCmpv2AuthenticatorsArgsDict']]] = None,
|
378
412
|
backend: Optional[pulumi.Input[str]] = None,
|
379
413
|
default_path_policy: Optional[pulumi.Input[str]] = None,
|
414
|
+
disabled_validations: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
380
415
|
enable_sentinel_parsing: Optional[pulumi.Input[bool]] = None,
|
381
416
|
enabled: Optional[pulumi.Input[bool]] = None,
|
382
417
|
namespace: Optional[pulumi.Input[str]] = None,
|
@@ -395,6 +430,7 @@ class BackendConfigCmpv2(pulumi.CustomResource):
|
|
395
430
|
raise TypeError("Missing required property 'backend'")
|
396
431
|
__props__.__dict__["backend"] = backend
|
397
432
|
__props__.__dict__["default_path_policy"] = default_path_policy
|
433
|
+
__props__.__dict__["disabled_validations"] = disabled_validations
|
398
434
|
__props__.__dict__["enable_sentinel_parsing"] = enable_sentinel_parsing
|
399
435
|
__props__.__dict__["enabled"] = enabled
|
400
436
|
__props__.__dict__["namespace"] = namespace
|
@@ -413,6 +449,7 @@ class BackendConfigCmpv2(pulumi.CustomResource):
|
|
413
449
|
authenticators: Optional[pulumi.Input[Union['BackendConfigCmpv2AuthenticatorsArgs', 'BackendConfigCmpv2AuthenticatorsArgsDict']]] = None,
|
414
450
|
backend: Optional[pulumi.Input[str]] = None,
|
415
451
|
default_path_policy: Optional[pulumi.Input[str]] = None,
|
452
|
+
disabled_validations: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
416
453
|
enable_sentinel_parsing: Optional[pulumi.Input[bool]] = None,
|
417
454
|
enabled: Optional[pulumi.Input[bool]] = None,
|
418
455
|
last_updated: Optional[pulumi.Input[str]] = None,
|
@@ -425,12 +462,13 @@ class BackendConfigCmpv2(pulumi.CustomResource):
|
|
425
462
|
:param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
|
426
463
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
427
464
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] audit_fields: Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.
|
428
|
-
|
429
|
-
<a id="nestedatt--authenticators"></a>
|
430
465
|
:param pulumi.Input[Union['BackendConfigCmpv2AuthenticatorsArgs', 'BackendConfigCmpv2AuthenticatorsArgsDict']] authenticators: Lists the mount accessors CMPv2 should delegate authentication requests towards (see below for nested schema).
|
431
466
|
:param pulumi.Input[str] backend: The path to the PKI secret backend to
|
432
467
|
read the CMPv2 configuration from, with no leading or trailing `/`s.
|
433
468
|
:param pulumi.Input[str] default_path_policy: Specifies the behavior for requests using the non-role-qualified CMPv2 requests. Can be sign-verbatim or a role given by role:<role_name>.
|
469
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] disabled_validations: A comma-separated list of validations not to perform on CMPv2 messages.
|
470
|
+
|
471
|
+
<a id="nestedatt--authenticators"></a>
|
434
472
|
:param pulumi.Input[bool] enable_sentinel_parsing: If set, parse out fields from the provided CSR making them available for Sentinel policies.
|
435
473
|
:param pulumi.Input[bool] enabled: Specifies whether CMPv2 is enabled.
|
436
474
|
:param pulumi.Input[str] last_updated: A read-only timestamp representing the last time the configuration was updated.
|
@@ -447,6 +485,7 @@ class BackendConfigCmpv2(pulumi.CustomResource):
|
|
447
485
|
__props__.__dict__["authenticators"] = authenticators
|
448
486
|
__props__.__dict__["backend"] = backend
|
449
487
|
__props__.__dict__["default_path_policy"] = default_path_policy
|
488
|
+
__props__.__dict__["disabled_validations"] = disabled_validations
|
450
489
|
__props__.__dict__["enable_sentinel_parsing"] = enable_sentinel_parsing
|
451
490
|
__props__.__dict__["enabled"] = enabled
|
452
491
|
__props__.__dict__["last_updated"] = last_updated
|
@@ -458,8 +497,6 @@ class BackendConfigCmpv2(pulumi.CustomResource):
|
|
458
497
|
def audit_fields(self) -> pulumi.Output[Sequence[str]]:
|
459
498
|
"""
|
460
499
|
Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.
|
461
|
-
|
462
|
-
<a id="nestedatt--authenticators"></a>
|
463
500
|
"""
|
464
501
|
return pulumi.get(self, "audit_fields")
|
465
502
|
|
@@ -488,6 +525,16 @@ class BackendConfigCmpv2(pulumi.CustomResource):
|
|
488
525
|
"""
|
489
526
|
return pulumi.get(self, "default_path_policy")
|
490
527
|
|
528
|
+
@property
|
529
|
+
@pulumi.getter(name="disabledValidations")
|
530
|
+
def disabled_validations(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
531
|
+
"""
|
532
|
+
A comma-separated list of validations not to perform on CMPv2 messages.
|
533
|
+
|
534
|
+
<a id="nestedatt--authenticators"></a>
|
535
|
+
"""
|
536
|
+
return pulumi.get(self, "disabled_validations")
|
537
|
+
|
491
538
|
@property
|
492
539
|
@pulumi.getter(name="enableSentinelParsing")
|
493
540
|
def enable_sentinel_parsing(self) -> pulumi.Output[Optional[bool]]:
|
@@ -0,0 +1,277 @@
|
|
1
|
+
# coding=utf-8
|
2
|
+
# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
|
3
|
+
# *** Do not edit by hand unless you're certain you know what you are doing! ***
|
4
|
+
|
5
|
+
import copy
|
6
|
+
import warnings
|
7
|
+
import sys
|
8
|
+
import pulumi
|
9
|
+
import pulumi.runtime
|
10
|
+
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
11
|
+
if sys.version_info >= (3, 11):
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
13
|
+
else:
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
15
|
+
from .. import _utilities
|
16
|
+
|
17
|
+
__all__ = [
|
18
|
+
'GetBackendCertMetadataResult',
|
19
|
+
'AwaitableGetBackendCertMetadataResult',
|
20
|
+
'get_backend_cert_metadata',
|
21
|
+
'get_backend_cert_metadata_output',
|
22
|
+
]
|
23
|
+
|
24
|
+
@pulumi.output_type
|
25
|
+
class GetBackendCertMetadataResult:
|
26
|
+
"""
|
27
|
+
A collection of values returned by getBackendCertMetadata.
|
28
|
+
"""
|
29
|
+
def __init__(__self__, cert_metadata=None, expiration=None, id=None, issuer_id=None, namespace=None, path=None, role=None, serial=None, serial_number=None):
|
30
|
+
if cert_metadata and not isinstance(cert_metadata, str):
|
31
|
+
raise TypeError("Expected argument 'cert_metadata' to be a str")
|
32
|
+
pulumi.set(__self__, "cert_metadata", cert_metadata)
|
33
|
+
if expiration and not isinstance(expiration, str):
|
34
|
+
raise TypeError("Expected argument 'expiration' to be a str")
|
35
|
+
pulumi.set(__self__, "expiration", expiration)
|
36
|
+
if id and not isinstance(id, str):
|
37
|
+
raise TypeError("Expected argument 'id' to be a str")
|
38
|
+
pulumi.set(__self__, "id", id)
|
39
|
+
if issuer_id and not isinstance(issuer_id, str):
|
40
|
+
raise TypeError("Expected argument 'issuer_id' to be a str")
|
41
|
+
pulumi.set(__self__, "issuer_id", issuer_id)
|
42
|
+
if namespace and not isinstance(namespace, str):
|
43
|
+
raise TypeError("Expected argument 'namespace' to be a str")
|
44
|
+
pulumi.set(__self__, "namespace", namespace)
|
45
|
+
if path and not isinstance(path, str):
|
46
|
+
raise TypeError("Expected argument 'path' to be a str")
|
47
|
+
pulumi.set(__self__, "path", path)
|
48
|
+
if role and not isinstance(role, str):
|
49
|
+
raise TypeError("Expected argument 'role' to be a str")
|
50
|
+
pulumi.set(__self__, "role", role)
|
51
|
+
if serial and not isinstance(serial, str):
|
52
|
+
raise TypeError("Expected argument 'serial' to be a str")
|
53
|
+
pulumi.set(__self__, "serial", serial)
|
54
|
+
if serial_number and not isinstance(serial_number, str):
|
55
|
+
raise TypeError("Expected argument 'serial_number' to be a str")
|
56
|
+
pulumi.set(__self__, "serial_number", serial_number)
|
57
|
+
|
58
|
+
@property
|
59
|
+
@pulumi.getter(name="certMetadata")
|
60
|
+
def cert_metadata(self) -> str:
|
61
|
+
"""
|
62
|
+
The metadata associated with the certificate
|
63
|
+
"""
|
64
|
+
return pulumi.get(self, "cert_metadata")
|
65
|
+
|
66
|
+
@property
|
67
|
+
@pulumi.getter
|
68
|
+
def expiration(self) -> str:
|
69
|
+
"""
|
70
|
+
The expiration date of the certificate in unix epoch format
|
71
|
+
"""
|
72
|
+
return pulumi.get(self, "expiration")
|
73
|
+
|
74
|
+
@property
|
75
|
+
@pulumi.getter
|
76
|
+
def id(self) -> str:
|
77
|
+
"""
|
78
|
+
The provider-assigned unique ID for this managed resource.
|
79
|
+
"""
|
80
|
+
return pulumi.get(self, "id")
|
81
|
+
|
82
|
+
@property
|
83
|
+
@pulumi.getter(name="issuerId")
|
84
|
+
def issuer_id(self) -> str:
|
85
|
+
"""
|
86
|
+
ID of the issuer.
|
87
|
+
"""
|
88
|
+
return pulumi.get(self, "issuer_id")
|
89
|
+
|
90
|
+
@property
|
91
|
+
@pulumi.getter
|
92
|
+
def namespace(self) -> Optional[str]:
|
93
|
+
return pulumi.get(self, "namespace")
|
94
|
+
|
95
|
+
@property
|
96
|
+
@pulumi.getter
|
97
|
+
def path(self) -> str:
|
98
|
+
return pulumi.get(self, "path")
|
99
|
+
|
100
|
+
@property
|
101
|
+
@pulumi.getter
|
102
|
+
def role(self) -> str:
|
103
|
+
"""
|
104
|
+
The role used to create the certificate
|
105
|
+
"""
|
106
|
+
return pulumi.get(self, "role")
|
107
|
+
|
108
|
+
@property
|
109
|
+
@pulumi.getter
|
110
|
+
def serial(self) -> str:
|
111
|
+
return pulumi.get(self, "serial")
|
112
|
+
|
113
|
+
@property
|
114
|
+
@pulumi.getter(name="serialNumber")
|
115
|
+
def serial_number(self) -> str:
|
116
|
+
"""
|
117
|
+
The serial number
|
118
|
+
"""
|
119
|
+
return pulumi.get(self, "serial_number")
|
120
|
+
|
121
|
+
|
122
|
+
class AwaitableGetBackendCertMetadataResult(GetBackendCertMetadataResult):
|
123
|
+
# pylint: disable=using-constant-test
|
124
|
+
def __await__(self):
|
125
|
+
if False:
|
126
|
+
yield self
|
127
|
+
return GetBackendCertMetadataResult(
|
128
|
+
cert_metadata=self.cert_metadata,
|
129
|
+
expiration=self.expiration,
|
130
|
+
id=self.id,
|
131
|
+
issuer_id=self.issuer_id,
|
132
|
+
namespace=self.namespace,
|
133
|
+
path=self.path,
|
134
|
+
role=self.role,
|
135
|
+
serial=self.serial,
|
136
|
+
serial_number=self.serial_number)
|
137
|
+
|
138
|
+
|
139
|
+
def get_backend_cert_metadata(namespace: Optional[str] = None,
|
140
|
+
path: Optional[str] = None,
|
141
|
+
serial: Optional[str] = None,
|
142
|
+
opts: Optional[pulumi.InvokeOptions] = None) -> AwaitableGetBackendCertMetadataResult:
|
143
|
+
"""
|
144
|
+
## Example Usage
|
145
|
+
|
146
|
+
```python
|
147
|
+
import pulumi
|
148
|
+
import pulumi_vault as vault
|
149
|
+
|
150
|
+
pki = vault.Mount("pki",
|
151
|
+
path="pki",
|
152
|
+
type="pki",
|
153
|
+
description="PKI secret engine mount")
|
154
|
+
root = vault.pki_secret.SecretBackendRootCert("root",
|
155
|
+
backend=pki.path,
|
156
|
+
type="internal",
|
157
|
+
common_name="example",
|
158
|
+
ttl="86400",
|
159
|
+
issuer_name="example")
|
160
|
+
test_secret_backend_role = vault.pki_secret.SecretBackendRole("test",
|
161
|
+
backend=test_vault_pki_secret_backend_root_cert["backend"],
|
162
|
+
name="test",
|
163
|
+
allowed_domains=["test.my.domain"],
|
164
|
+
allow_subdomains=True,
|
165
|
+
max_ttl="3600",
|
166
|
+
key_usages=[
|
167
|
+
"DigitalSignature",
|
168
|
+
"KeyAgreement",
|
169
|
+
"KeyEncipherment",
|
170
|
+
],
|
171
|
+
no_store_metadata=False)
|
172
|
+
test_secret_backend_cert = vault.pki_secret.SecretBackendCert("test",
|
173
|
+
backend=test_secret_backend_role.backend,
|
174
|
+
name=test_secret_backend_role.name,
|
175
|
+
common_name="cert.test.my.domain",
|
176
|
+
ttl="720h",
|
177
|
+
min_seconds_remaining=60,
|
178
|
+
cert_metadata="dGVzdCBtZXRhZGF0YQ==")
|
179
|
+
test = test_secret_backend_cert.serial_number.apply(lambda serial_number: vault.pkiSecret.get_backend_cert_metadata_output(path=test_root["path"],
|
180
|
+
serial=serial_number))
|
181
|
+
```
|
182
|
+
|
183
|
+
|
184
|
+
:param str namespace: The namespace of the target resource.
|
185
|
+
The value should not contain leading or trailing forward slashes.
|
186
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
187
|
+
*Available only for Vault Enterprise*.
|
188
|
+
:param str path: The path to the PKI secret backend to
|
189
|
+
read the cert metadata from, with no leading or trailing `/`s.
|
190
|
+
:param str serial: Specifies the serial of the certificate whose metadata to read.
|
191
|
+
"""
|
192
|
+
__args__ = dict()
|
193
|
+
__args__['namespace'] = namespace
|
194
|
+
__args__['path'] = path
|
195
|
+
__args__['serial'] = serial
|
196
|
+
opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts)
|
197
|
+
__ret__ = pulumi.runtime.invoke('vault:pkiSecret/getBackendCertMetadata:getBackendCertMetadata', __args__, opts=opts, typ=GetBackendCertMetadataResult).value
|
198
|
+
|
199
|
+
return AwaitableGetBackendCertMetadataResult(
|
200
|
+
cert_metadata=pulumi.get(__ret__, 'cert_metadata'),
|
201
|
+
expiration=pulumi.get(__ret__, 'expiration'),
|
202
|
+
id=pulumi.get(__ret__, 'id'),
|
203
|
+
issuer_id=pulumi.get(__ret__, 'issuer_id'),
|
204
|
+
namespace=pulumi.get(__ret__, 'namespace'),
|
205
|
+
path=pulumi.get(__ret__, 'path'),
|
206
|
+
role=pulumi.get(__ret__, 'role'),
|
207
|
+
serial=pulumi.get(__ret__, 'serial'),
|
208
|
+
serial_number=pulumi.get(__ret__, 'serial_number'))
|
209
|
+
def get_backend_cert_metadata_output(namespace: Optional[pulumi.Input[Optional[str]]] = None,
|
210
|
+
path: Optional[pulumi.Input[str]] = None,
|
211
|
+
serial: Optional[pulumi.Input[str]] = None,
|
212
|
+
opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetBackendCertMetadataResult]:
|
213
|
+
"""
|
214
|
+
## Example Usage
|
215
|
+
|
216
|
+
```python
|
217
|
+
import pulumi
|
218
|
+
import pulumi_vault as vault
|
219
|
+
|
220
|
+
pki = vault.Mount("pki",
|
221
|
+
path="pki",
|
222
|
+
type="pki",
|
223
|
+
description="PKI secret engine mount")
|
224
|
+
root = vault.pki_secret.SecretBackendRootCert("root",
|
225
|
+
backend=pki.path,
|
226
|
+
type="internal",
|
227
|
+
common_name="example",
|
228
|
+
ttl="86400",
|
229
|
+
issuer_name="example")
|
230
|
+
test_secret_backend_role = vault.pki_secret.SecretBackendRole("test",
|
231
|
+
backend=test_vault_pki_secret_backend_root_cert["backend"],
|
232
|
+
name="test",
|
233
|
+
allowed_domains=["test.my.domain"],
|
234
|
+
allow_subdomains=True,
|
235
|
+
max_ttl="3600",
|
236
|
+
key_usages=[
|
237
|
+
"DigitalSignature",
|
238
|
+
"KeyAgreement",
|
239
|
+
"KeyEncipherment",
|
240
|
+
],
|
241
|
+
no_store_metadata=False)
|
242
|
+
test_secret_backend_cert = vault.pki_secret.SecretBackendCert("test",
|
243
|
+
backend=test_secret_backend_role.backend,
|
244
|
+
name=test_secret_backend_role.name,
|
245
|
+
common_name="cert.test.my.domain",
|
246
|
+
ttl="720h",
|
247
|
+
min_seconds_remaining=60,
|
248
|
+
cert_metadata="dGVzdCBtZXRhZGF0YQ==")
|
249
|
+
test = test_secret_backend_cert.serial_number.apply(lambda serial_number: vault.pkiSecret.get_backend_cert_metadata_output(path=test_root["path"],
|
250
|
+
serial=serial_number))
|
251
|
+
```
|
252
|
+
|
253
|
+
|
254
|
+
:param str namespace: The namespace of the target resource.
|
255
|
+
The value should not contain leading or trailing forward slashes.
|
256
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
257
|
+
*Available only for Vault Enterprise*.
|
258
|
+
:param str path: The path to the PKI secret backend to
|
259
|
+
read the cert metadata from, with no leading or trailing `/`s.
|
260
|
+
:param str serial: Specifies the serial of the certificate whose metadata to read.
|
261
|
+
"""
|
262
|
+
__args__ = dict()
|
263
|
+
__args__['namespace'] = namespace
|
264
|
+
__args__['path'] = path
|
265
|
+
__args__['serial'] = serial
|
266
|
+
opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts)
|
267
|
+
__ret__ = pulumi.runtime.invoke_output('vault:pkiSecret/getBackendCertMetadata:getBackendCertMetadata', __args__, opts=opts, typ=GetBackendCertMetadataResult)
|
268
|
+
return __ret__.apply(lambda __response__: GetBackendCertMetadataResult(
|
269
|
+
cert_metadata=pulumi.get(__response__, 'cert_metadata'),
|
270
|
+
expiration=pulumi.get(__response__, 'expiration'),
|
271
|
+
id=pulumi.get(__response__, 'id'),
|
272
|
+
issuer_id=pulumi.get(__response__, 'issuer_id'),
|
273
|
+
namespace=pulumi.get(__response__, 'namespace'),
|
274
|
+
path=pulumi.get(__response__, 'path'),
|
275
|
+
role=pulumi.get(__response__, 'role'),
|
276
|
+
serial=pulumi.get(__response__, 'serial'),
|
277
|
+
serial_number=pulumi.get(__response__, 'serial_number')))
|
@@ -27,7 +27,7 @@ class GetBackendConfigCmpv2Result:
|
|
27
27
|
"""
|
28
28
|
A collection of values returned by getBackendConfigCmpv2.
|
29
29
|
"""
|
30
|
-
def __init__(__self__, audit_fields=None, authenticators=None, backend=None, default_path_policy=None, enable_sentinel_parsing=None, enabled=None, id=None, last_updated=None, namespace=None):
|
30
|
+
def __init__(__self__, audit_fields=None, authenticators=None, backend=None, default_path_policy=None, disabled_validations=None, enable_sentinel_parsing=None, enabled=None, id=None, last_updated=None, namespace=None):
|
31
31
|
if audit_fields and not isinstance(audit_fields, list):
|
32
32
|
raise TypeError("Expected argument 'audit_fields' to be a list")
|
33
33
|
pulumi.set(__self__, "audit_fields", audit_fields)
|
@@ -40,6 +40,9 @@ class GetBackendConfigCmpv2Result:
|
|
40
40
|
if default_path_policy and not isinstance(default_path_policy, str):
|
41
41
|
raise TypeError("Expected argument 'default_path_policy' to be a str")
|
42
42
|
pulumi.set(__self__, "default_path_policy", default_path_policy)
|
43
|
+
if disabled_validations and not isinstance(disabled_validations, list):
|
44
|
+
raise TypeError("Expected argument 'disabled_validations' to be a list")
|
45
|
+
pulumi.set(__self__, "disabled_validations", disabled_validations)
|
43
46
|
if enable_sentinel_parsing and not isinstance(enable_sentinel_parsing, bool):
|
44
47
|
raise TypeError("Expected argument 'enable_sentinel_parsing' to be a bool")
|
45
48
|
pulumi.set(__self__, "enable_sentinel_parsing", enable_sentinel_parsing)
|
@@ -76,6 +79,11 @@ class GetBackendConfigCmpv2Result:
|
|
76
79
|
def default_path_policy(self) -> str:
|
77
80
|
return pulumi.get(self, "default_path_policy")
|
78
81
|
|
82
|
+
@property
|
83
|
+
@pulumi.getter(name="disabledValidations")
|
84
|
+
def disabled_validations(self) -> Optional[Sequence[str]]:
|
85
|
+
return pulumi.get(self, "disabled_validations")
|
86
|
+
|
79
87
|
@property
|
80
88
|
@pulumi.getter(name="enableSentinelParsing")
|
81
89
|
def enable_sentinel_parsing(self) -> bool:
|
@@ -115,6 +123,7 @@ class AwaitableGetBackendConfigCmpv2Result(GetBackendConfigCmpv2Result):
|
|
115
123
|
authenticators=self.authenticators,
|
116
124
|
backend=self.backend,
|
117
125
|
default_path_policy=self.default_path_policy,
|
126
|
+
disabled_validations=self.disabled_validations,
|
118
127
|
enable_sentinel_parsing=self.enable_sentinel_parsing,
|
119
128
|
enabled=self.enabled,
|
120
129
|
id=self.id,
|
@@ -123,6 +132,7 @@ class AwaitableGetBackendConfigCmpv2Result(GetBackendConfigCmpv2Result):
|
|
123
132
|
|
124
133
|
|
125
134
|
def get_backend_config_cmpv2(backend: Optional[str] = None,
|
135
|
+
disabled_validations: Optional[Sequence[str]] = None,
|
126
136
|
namespace: Optional[str] = None,
|
127
137
|
opts: Optional[pulumi.InvokeOptions] = None) -> AwaitableGetBackendConfigCmpv2Result:
|
128
138
|
"""
|
@@ -144,6 +154,7 @@ def get_backend_config_cmpv2(backend: Optional[str] = None,
|
|
144
154
|
read the CMPv2 configuration from, with no leading or trailing `/`s.
|
145
155
|
|
146
156
|
# Attributes Reference
|
157
|
+
:param Sequence[str] disabled_validations: A comma-separated list of validations not to perform on CMPv2 messages.
|
147
158
|
:param str namespace: The namespace of the target resource.
|
148
159
|
The value should not contain leading or trailing forward slashes.
|
149
160
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
@@ -151,6 +162,7 @@ def get_backend_config_cmpv2(backend: Optional[str] = None,
|
|
151
162
|
"""
|
152
163
|
__args__ = dict()
|
153
164
|
__args__['backend'] = backend
|
165
|
+
__args__['disabledValidations'] = disabled_validations
|
154
166
|
__args__['namespace'] = namespace
|
155
167
|
opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts)
|
156
168
|
__ret__ = pulumi.runtime.invoke('vault:pkiSecret/getBackendConfigCmpv2:getBackendConfigCmpv2', __args__, opts=opts, typ=GetBackendConfigCmpv2Result).value
|
@@ -160,12 +172,14 @@ def get_backend_config_cmpv2(backend: Optional[str] = None,
|
|
160
172
|
authenticators=pulumi.get(__ret__, 'authenticators'),
|
161
173
|
backend=pulumi.get(__ret__, 'backend'),
|
162
174
|
default_path_policy=pulumi.get(__ret__, 'default_path_policy'),
|
175
|
+
disabled_validations=pulumi.get(__ret__, 'disabled_validations'),
|
163
176
|
enable_sentinel_parsing=pulumi.get(__ret__, 'enable_sentinel_parsing'),
|
164
177
|
enabled=pulumi.get(__ret__, 'enabled'),
|
165
178
|
id=pulumi.get(__ret__, 'id'),
|
166
179
|
last_updated=pulumi.get(__ret__, 'last_updated'),
|
167
180
|
namespace=pulumi.get(__ret__, 'namespace'))
|
168
181
|
def get_backend_config_cmpv2_output(backend: Optional[pulumi.Input[str]] = None,
|
182
|
+
disabled_validations: Optional[pulumi.Input[Optional[Sequence[str]]]] = None,
|
169
183
|
namespace: Optional[pulumi.Input[Optional[str]]] = None,
|
170
184
|
opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetBackendConfigCmpv2Result]:
|
171
185
|
"""
|
@@ -187,6 +201,7 @@ def get_backend_config_cmpv2_output(backend: Optional[pulumi.Input[str]] = None,
|
|
187
201
|
read the CMPv2 configuration from, with no leading or trailing `/`s.
|
188
202
|
|
189
203
|
# Attributes Reference
|
204
|
+
:param Sequence[str] disabled_validations: A comma-separated list of validations not to perform on CMPv2 messages.
|
190
205
|
:param str namespace: The namespace of the target resource.
|
191
206
|
The value should not contain leading or trailing forward slashes.
|
192
207
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
@@ -194,6 +209,7 @@ def get_backend_config_cmpv2_output(backend: Optional[pulumi.Input[str]] = None,
|
|
194
209
|
"""
|
195
210
|
__args__ = dict()
|
196
211
|
__args__['backend'] = backend
|
212
|
+
__args__['disabledValidations'] = disabled_validations
|
197
213
|
__args__['namespace'] = namespace
|
198
214
|
opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts)
|
199
215
|
__ret__ = pulumi.runtime.invoke_output('vault:pkiSecret/getBackendConfigCmpv2:getBackendConfigCmpv2', __args__, opts=opts, typ=GetBackendConfigCmpv2Result)
|
@@ -202,6 +218,7 @@ def get_backend_config_cmpv2_output(backend: Optional[pulumi.Input[str]] = None,
|
|
202
218
|
authenticators=pulumi.get(__response__, 'authenticators'),
|
203
219
|
backend=pulumi.get(__response__, 'backend'),
|
204
220
|
default_path_policy=pulumi.get(__response__, 'default_path_policy'),
|
221
|
+
disabled_validations=pulumi.get(__response__, 'disabled_validations'),
|
205
222
|
enable_sentinel_parsing=pulumi.get(__response__, 'enable_sentinel_parsing'),
|
206
223
|
enabled=pulumi.get(__response__, 'enabled'),
|
207
224
|
id=pulumi.get(__response__, 'id'),
|