pulumi-vault 6.6.0a1741415971__py3-none-any.whl → 6.7.0a1741847926__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +8 -0
- pulumi_vault/aws/auth_backend_client.py +228 -4
- pulumi_vault/aws/secret_backend.py +266 -50
- pulumi_vault/aws/secret_backend_static_role.py +217 -0
- pulumi_vault/azure/auth_backend_config.py +257 -5
- pulumi_vault/azure/backend.py +249 -4
- pulumi_vault/database/_inputs.py +1692 -36
- pulumi_vault/database/outputs.py +1170 -18
- pulumi_vault/database/secret_backend_connection.py +220 -0
- pulumi_vault/database/secret_backend_static_role.py +143 -1
- pulumi_vault/database/secrets_mount.py +8 -0
- pulumi_vault/gcp/auth_backend.py +222 -2
- pulumi_vault/gcp/secret_backend.py +244 -4
- pulumi_vault/ldap/auth_backend.py +222 -2
- pulumi_vault/ldap/secret_backend.py +222 -2
- pulumi_vault/pkisecret/__init__.py +2 -0
- pulumi_vault/pkisecret/_inputs.py +0 -6
- pulumi_vault/pkisecret/backend_config_acme.py +47 -0
- pulumi_vault/pkisecret/backend_config_auto_tidy.py +1376 -0
- pulumi_vault/pkisecret/backend_config_cmpv2.py +61 -14
- pulumi_vault/pkisecret/get_backend_cert_metadata.py +277 -0
- pulumi_vault/pkisecret/get_backend_config_cmpv2.py +18 -1
- pulumi_vault/pkisecret/get_backend_issuer.py +114 -1
- pulumi_vault/pkisecret/outputs.py +0 -4
- pulumi_vault/pkisecret/secret_backend_cert.py +148 -7
- pulumi_vault/pkisecret/secret_backend_crl_config.py +54 -0
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +141 -0
- pulumi_vault/pkisecret/secret_backend_issuer.py +265 -0
- pulumi_vault/pkisecret/secret_backend_role.py +252 -3
- pulumi_vault/pkisecret/secret_backend_root_cert.py +423 -0
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +581 -3
- pulumi_vault/pkisecret/secret_backend_sign.py +94 -0
- pulumi_vault/pulumi-plugin.json +1 -1
- pulumi_vault/ssh/__init__.py +1 -0
- pulumi_vault/ssh/get_secret_backend_sign.py +294 -0
- pulumi_vault/terraformcloud/secret_role.py +7 -7
- pulumi_vault/transit/__init__.py +2 -0
- pulumi_vault/transit/get_sign.py +324 -0
- pulumi_vault/transit/get_verify.py +354 -0
- pulumi_vault/transit/secret_backend_key.py +162 -0
- {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0a1741847926.dist-info}/METADATA +1 -1
- {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0a1741847926.dist-info}/RECORD +44 -39
- {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0a1741847926.dist-info}/WHEEL +1 -1
- {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0a1741847926.dist-info}/top_level.txt +0 -0
@@ -22,6 +22,7 @@ class SecretBackendArgs:
|
|
22
22
|
access_key: Optional[pulumi.Input[str]] = None,
|
23
23
|
default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
24
24
|
description: Optional[pulumi.Input[str]] = None,
|
25
|
+
disable_automated_rotation: Optional[pulumi.Input[bool]] = None,
|
25
26
|
disable_remount: Optional[pulumi.Input[bool]] = None,
|
26
27
|
iam_endpoint: Optional[pulumi.Input[str]] = None,
|
27
28
|
identity_token_audience: Optional[pulumi.Input[str]] = None,
|
@@ -33,6 +34,9 @@ class SecretBackendArgs:
|
|
33
34
|
path: Optional[pulumi.Input[str]] = None,
|
34
35
|
region: Optional[pulumi.Input[str]] = None,
|
35
36
|
role_arn: Optional[pulumi.Input[str]] = None,
|
37
|
+
rotation_period: Optional[pulumi.Input[int]] = None,
|
38
|
+
rotation_schedule: Optional[pulumi.Input[str]] = None,
|
39
|
+
rotation_window: Optional[pulumi.Input[int]] = None,
|
36
40
|
secret_key: Optional[pulumi.Input[str]] = None,
|
37
41
|
sts_endpoint: Optional[pulumi.Input[str]] = None,
|
38
42
|
sts_fallback_endpoints: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
@@ -46,6 +50,7 @@ class SecretBackendArgs:
|
|
46
50
|
:param pulumi.Input[int] default_lease_ttl_seconds: The default TTL for credentials
|
47
51
|
issued by this backend.
|
48
52
|
:param pulumi.Input[str] description: A human-friendly description for this backend.
|
53
|
+
:param pulumi.Input[bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
49
54
|
:param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
|
50
55
|
See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
|
51
56
|
:param pulumi.Input[str] iam_endpoint: Specifies a custom HTTP IAM endpoint to use.
|
@@ -63,6 +68,19 @@ class SecretBackendArgs:
|
|
63
68
|
not begin or end with a `/`. Defaults to `aws`.
|
64
69
|
:param pulumi.Input[str] region: The AWS region to make API calls against. Defaults to us-east-1.
|
65
70
|
:param pulumi.Input[str] role_arn: Role ARN to assume for plugin identity token federation. Requires Vault 1.16+.
|
71
|
+
:param pulumi.Input[int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
|
72
|
+
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
73
|
+
:param pulumi.Input[str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
74
|
+
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
75
|
+
:param pulumi.Input[int] rotation_window: The maximum amount of time in seconds allowed to complete
|
76
|
+
a rotation when a scheduled token rotation occurs. The default rotation window is
|
77
|
+
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
|
78
|
+
:param pulumi.Input[str] secret_key: The AWS Secret Access Key to use when generating new credentials.
|
79
|
+
:param pulumi.Input[str] sts_endpoint: Specifies a custom HTTP STS endpoint to use.
|
80
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] sts_fallback_endpoints: Ordered list of `sts_endpoint`s to try if the defined one fails. Requires Vault 1.19+
|
81
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] sts_fallback_regions: Ordered list of `sts_region`s matching the fallback endpoints. Should correspond in order with those endpoints. Requires Vault 1.19+
|
82
|
+
:param pulumi.Input[str] sts_region: Specifies the region of the STS endpoint. Should be included if `sts_endpoint` is supplied. Requires Vault 1.19+
|
83
|
+
:param pulumi.Input[str] username_template: Template describing how dynamic usernames are generated. The username template is used to generate both IAM usernames (capped at 64 characters) and STS usernames (capped at 32 characters). If no template is provided the field defaults to the template:
|
66
84
|
|
67
85
|
```
|
68
86
|
{{ if (eq .Type "STS") }}
|
@@ -72,12 +90,6 @@ class SecretBackendArgs:
|
|
72
90
|
{{ end }}
|
73
91
|
|
74
92
|
```
|
75
|
-
:param pulumi.Input[str] secret_key: The AWS Secret Access Key to use when generating new credentials.
|
76
|
-
:param pulumi.Input[str] sts_endpoint: Specifies a custom HTTP STS endpoint to use.
|
77
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] sts_fallback_endpoints: Ordered list of `sts_endpoint`s to try if the defined one fails. Requires Vault 1.19+
|
78
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] sts_fallback_regions: Ordered list of `sts_region`s matching the fallback endpoints. Should correspond in order with those endpoints. Requires Vault 1.19+
|
79
|
-
:param pulumi.Input[str] sts_region: Specifies the region of the STS endpoint. Should be included if `sts_endpoint` is supplied. Requires Vault 1.19+
|
80
|
-
:param pulumi.Input[str] username_template: Template describing how dynamic usernames are generated. The username template is used to generate both IAM usernames (capped at 64 characters) and STS usernames (capped at 32 characters). If no template is provided the field defaults to the template:
|
81
93
|
"""
|
82
94
|
if access_key is not None:
|
83
95
|
pulumi.set(__self__, "access_key", access_key)
|
@@ -85,6 +97,8 @@ class SecretBackendArgs:
|
|
85
97
|
pulumi.set(__self__, "default_lease_ttl_seconds", default_lease_ttl_seconds)
|
86
98
|
if description is not None:
|
87
99
|
pulumi.set(__self__, "description", description)
|
100
|
+
if disable_automated_rotation is not None:
|
101
|
+
pulumi.set(__self__, "disable_automated_rotation", disable_automated_rotation)
|
88
102
|
if disable_remount is not None:
|
89
103
|
pulumi.set(__self__, "disable_remount", disable_remount)
|
90
104
|
if iam_endpoint is not None:
|
@@ -107,6 +121,12 @@ class SecretBackendArgs:
|
|
107
121
|
pulumi.set(__self__, "region", region)
|
108
122
|
if role_arn is not None:
|
109
123
|
pulumi.set(__self__, "role_arn", role_arn)
|
124
|
+
if rotation_period is not None:
|
125
|
+
pulumi.set(__self__, "rotation_period", rotation_period)
|
126
|
+
if rotation_schedule is not None:
|
127
|
+
pulumi.set(__self__, "rotation_schedule", rotation_schedule)
|
128
|
+
if rotation_window is not None:
|
129
|
+
pulumi.set(__self__, "rotation_window", rotation_window)
|
110
130
|
if secret_key is not None:
|
111
131
|
pulumi.set(__self__, "secret_key", secret_key)
|
112
132
|
if sts_endpoint is not None:
|
@@ -158,6 +178,18 @@ class SecretBackendArgs:
|
|
158
178
|
def description(self, value: Optional[pulumi.Input[str]]):
|
159
179
|
pulumi.set(self, "description", value)
|
160
180
|
|
181
|
+
@property
|
182
|
+
@pulumi.getter(name="disableAutomatedRotation")
|
183
|
+
def disable_automated_rotation(self) -> Optional[pulumi.Input[bool]]:
|
184
|
+
"""
|
185
|
+
Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
186
|
+
"""
|
187
|
+
return pulumi.get(self, "disable_automated_rotation")
|
188
|
+
|
189
|
+
@disable_automated_rotation.setter
|
190
|
+
def disable_automated_rotation(self, value: Optional[pulumi.Input[bool]]):
|
191
|
+
pulumi.set(self, "disable_automated_rotation", value)
|
192
|
+
|
161
193
|
@property
|
162
194
|
@pulumi.getter(name="disableRemount")
|
163
195
|
def disable_remount(self) -> Optional[pulumi.Input[bool]]:
|
@@ -289,15 +321,6 @@ class SecretBackendArgs:
|
|
289
321
|
def role_arn(self) -> Optional[pulumi.Input[str]]:
|
290
322
|
"""
|
291
323
|
Role ARN to assume for plugin identity token federation. Requires Vault 1.16+.
|
292
|
-
|
293
|
-
```
|
294
|
-
{{ if (eq .Type "STS") }}
|
295
|
-
{{ printf "vault-%s-%s" (unix_time) (random 20) | truncate 32 }}
|
296
|
-
{{ else }}
|
297
|
-
{{ printf "vault-%s-%s-%s" (printf "%s-%s" (.DisplayName) (.PolicyName) | truncate 42) (unix_time) (random 20) | truncate 64 }}
|
298
|
-
{{ end }}
|
299
|
-
|
300
|
-
```
|
301
324
|
"""
|
302
325
|
return pulumi.get(self, "role_arn")
|
303
326
|
|
@@ -305,6 +328,46 @@ class SecretBackendArgs:
|
|
305
328
|
def role_arn(self, value: Optional[pulumi.Input[str]]):
|
306
329
|
pulumi.set(self, "role_arn", value)
|
307
330
|
|
331
|
+
@property
|
332
|
+
@pulumi.getter(name="rotationPeriod")
|
333
|
+
def rotation_period(self) -> Optional[pulumi.Input[int]]:
|
334
|
+
"""
|
335
|
+
The amount of time in seconds Vault should wait before rotating the root credential.
|
336
|
+
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
337
|
+
"""
|
338
|
+
return pulumi.get(self, "rotation_period")
|
339
|
+
|
340
|
+
@rotation_period.setter
|
341
|
+
def rotation_period(self, value: Optional[pulumi.Input[int]]):
|
342
|
+
pulumi.set(self, "rotation_period", value)
|
343
|
+
|
344
|
+
@property
|
345
|
+
@pulumi.getter(name="rotationSchedule")
|
346
|
+
def rotation_schedule(self) -> Optional[pulumi.Input[str]]:
|
347
|
+
"""
|
348
|
+
The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
349
|
+
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
350
|
+
"""
|
351
|
+
return pulumi.get(self, "rotation_schedule")
|
352
|
+
|
353
|
+
@rotation_schedule.setter
|
354
|
+
def rotation_schedule(self, value: Optional[pulumi.Input[str]]):
|
355
|
+
pulumi.set(self, "rotation_schedule", value)
|
356
|
+
|
357
|
+
@property
|
358
|
+
@pulumi.getter(name="rotationWindow")
|
359
|
+
def rotation_window(self) -> Optional[pulumi.Input[int]]:
|
360
|
+
"""
|
361
|
+
The maximum amount of time in seconds allowed to complete
|
362
|
+
a rotation when a scheduled token rotation occurs. The default rotation window is
|
363
|
+
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
|
364
|
+
"""
|
365
|
+
return pulumi.get(self, "rotation_window")
|
366
|
+
|
367
|
+
@rotation_window.setter
|
368
|
+
def rotation_window(self, value: Optional[pulumi.Input[int]]):
|
369
|
+
pulumi.set(self, "rotation_window", value)
|
370
|
+
|
308
371
|
@property
|
309
372
|
@pulumi.getter(name="secretKey")
|
310
373
|
def secret_key(self) -> Optional[pulumi.Input[str]]:
|
@@ -370,6 +433,15 @@ class SecretBackendArgs:
|
|
370
433
|
def username_template(self) -> Optional[pulumi.Input[str]]:
|
371
434
|
"""
|
372
435
|
Template describing how dynamic usernames are generated. The username template is used to generate both IAM usernames (capped at 64 characters) and STS usernames (capped at 32 characters). If no template is provided the field defaults to the template:
|
436
|
+
|
437
|
+
```
|
438
|
+
{{ if (eq .Type "STS") }}
|
439
|
+
{{ printf "vault-%s-%s" (unix_time) (random 20) | truncate 32 }}
|
440
|
+
{{ else }}
|
441
|
+
{{ printf "vault-%s-%s-%s" (printf "%s-%s" (.DisplayName) (.PolicyName) | truncate 42) (unix_time) (random 20) | truncate 64 }}
|
442
|
+
{{ end }}
|
443
|
+
|
444
|
+
```
|
373
445
|
"""
|
374
446
|
return pulumi.get(self, "username_template")
|
375
447
|
|
@@ -384,6 +456,7 @@ class _SecretBackendState:
|
|
384
456
|
access_key: Optional[pulumi.Input[str]] = None,
|
385
457
|
default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
386
458
|
description: Optional[pulumi.Input[str]] = None,
|
459
|
+
disable_automated_rotation: Optional[pulumi.Input[bool]] = None,
|
387
460
|
disable_remount: Optional[pulumi.Input[bool]] = None,
|
388
461
|
iam_endpoint: Optional[pulumi.Input[str]] = None,
|
389
462
|
identity_token_audience: Optional[pulumi.Input[str]] = None,
|
@@ -395,6 +468,9 @@ class _SecretBackendState:
|
|
395
468
|
path: Optional[pulumi.Input[str]] = None,
|
396
469
|
region: Optional[pulumi.Input[str]] = None,
|
397
470
|
role_arn: Optional[pulumi.Input[str]] = None,
|
471
|
+
rotation_period: Optional[pulumi.Input[int]] = None,
|
472
|
+
rotation_schedule: Optional[pulumi.Input[str]] = None,
|
473
|
+
rotation_window: Optional[pulumi.Input[int]] = None,
|
398
474
|
secret_key: Optional[pulumi.Input[str]] = None,
|
399
475
|
sts_endpoint: Optional[pulumi.Input[str]] = None,
|
400
476
|
sts_fallback_endpoints: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
@@ -408,6 +484,7 @@ class _SecretBackendState:
|
|
408
484
|
:param pulumi.Input[int] default_lease_ttl_seconds: The default TTL for credentials
|
409
485
|
issued by this backend.
|
410
486
|
:param pulumi.Input[str] description: A human-friendly description for this backend.
|
487
|
+
:param pulumi.Input[bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
411
488
|
:param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
|
412
489
|
See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
|
413
490
|
:param pulumi.Input[str] iam_endpoint: Specifies a custom HTTP IAM endpoint to use.
|
@@ -425,6 +502,19 @@ class _SecretBackendState:
|
|
425
502
|
not begin or end with a `/`. Defaults to `aws`.
|
426
503
|
:param pulumi.Input[str] region: The AWS region to make API calls against. Defaults to us-east-1.
|
427
504
|
:param pulumi.Input[str] role_arn: Role ARN to assume for plugin identity token federation. Requires Vault 1.16+.
|
505
|
+
:param pulumi.Input[int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
|
506
|
+
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
507
|
+
:param pulumi.Input[str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
508
|
+
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
509
|
+
:param pulumi.Input[int] rotation_window: The maximum amount of time in seconds allowed to complete
|
510
|
+
a rotation when a scheduled token rotation occurs. The default rotation window is
|
511
|
+
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
|
512
|
+
:param pulumi.Input[str] secret_key: The AWS Secret Access Key to use when generating new credentials.
|
513
|
+
:param pulumi.Input[str] sts_endpoint: Specifies a custom HTTP STS endpoint to use.
|
514
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] sts_fallback_endpoints: Ordered list of `sts_endpoint`s to try if the defined one fails. Requires Vault 1.19+
|
515
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] sts_fallback_regions: Ordered list of `sts_region`s matching the fallback endpoints. Should correspond in order with those endpoints. Requires Vault 1.19+
|
516
|
+
:param pulumi.Input[str] sts_region: Specifies the region of the STS endpoint. Should be included if `sts_endpoint` is supplied. Requires Vault 1.19+
|
517
|
+
:param pulumi.Input[str] username_template: Template describing how dynamic usernames are generated. The username template is used to generate both IAM usernames (capped at 64 characters) and STS usernames (capped at 32 characters). If no template is provided the field defaults to the template:
|
428
518
|
|
429
519
|
```
|
430
520
|
{{ if (eq .Type "STS") }}
|
@@ -434,12 +524,6 @@ class _SecretBackendState:
|
|
434
524
|
{{ end }}
|
435
525
|
|
436
526
|
```
|
437
|
-
:param pulumi.Input[str] secret_key: The AWS Secret Access Key to use when generating new credentials.
|
438
|
-
:param pulumi.Input[str] sts_endpoint: Specifies a custom HTTP STS endpoint to use.
|
439
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] sts_fallback_endpoints: Ordered list of `sts_endpoint`s to try if the defined one fails. Requires Vault 1.19+
|
440
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] sts_fallback_regions: Ordered list of `sts_region`s matching the fallback endpoints. Should correspond in order with those endpoints. Requires Vault 1.19+
|
441
|
-
:param pulumi.Input[str] sts_region: Specifies the region of the STS endpoint. Should be included if `sts_endpoint` is supplied. Requires Vault 1.19+
|
442
|
-
:param pulumi.Input[str] username_template: Template describing how dynamic usernames are generated. The username template is used to generate both IAM usernames (capped at 64 characters) and STS usernames (capped at 32 characters). If no template is provided the field defaults to the template:
|
443
527
|
"""
|
444
528
|
if access_key is not None:
|
445
529
|
pulumi.set(__self__, "access_key", access_key)
|
@@ -447,6 +531,8 @@ class _SecretBackendState:
|
|
447
531
|
pulumi.set(__self__, "default_lease_ttl_seconds", default_lease_ttl_seconds)
|
448
532
|
if description is not None:
|
449
533
|
pulumi.set(__self__, "description", description)
|
534
|
+
if disable_automated_rotation is not None:
|
535
|
+
pulumi.set(__self__, "disable_automated_rotation", disable_automated_rotation)
|
450
536
|
if disable_remount is not None:
|
451
537
|
pulumi.set(__self__, "disable_remount", disable_remount)
|
452
538
|
if iam_endpoint is not None:
|
@@ -469,6 +555,12 @@ class _SecretBackendState:
|
|
469
555
|
pulumi.set(__self__, "region", region)
|
470
556
|
if role_arn is not None:
|
471
557
|
pulumi.set(__self__, "role_arn", role_arn)
|
558
|
+
if rotation_period is not None:
|
559
|
+
pulumi.set(__self__, "rotation_period", rotation_period)
|
560
|
+
if rotation_schedule is not None:
|
561
|
+
pulumi.set(__self__, "rotation_schedule", rotation_schedule)
|
562
|
+
if rotation_window is not None:
|
563
|
+
pulumi.set(__self__, "rotation_window", rotation_window)
|
472
564
|
if secret_key is not None:
|
473
565
|
pulumi.set(__self__, "secret_key", secret_key)
|
474
566
|
if sts_endpoint is not None:
|
@@ -520,6 +612,18 @@ class _SecretBackendState:
|
|
520
612
|
def description(self, value: Optional[pulumi.Input[str]]):
|
521
613
|
pulumi.set(self, "description", value)
|
522
614
|
|
615
|
+
@property
|
616
|
+
@pulumi.getter(name="disableAutomatedRotation")
|
617
|
+
def disable_automated_rotation(self) -> Optional[pulumi.Input[bool]]:
|
618
|
+
"""
|
619
|
+
Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
620
|
+
"""
|
621
|
+
return pulumi.get(self, "disable_automated_rotation")
|
622
|
+
|
623
|
+
@disable_automated_rotation.setter
|
624
|
+
def disable_automated_rotation(self, value: Optional[pulumi.Input[bool]]):
|
625
|
+
pulumi.set(self, "disable_automated_rotation", value)
|
626
|
+
|
523
627
|
@property
|
524
628
|
@pulumi.getter(name="disableRemount")
|
525
629
|
def disable_remount(self) -> Optional[pulumi.Input[bool]]:
|
@@ -651,15 +755,6 @@ class _SecretBackendState:
|
|
651
755
|
def role_arn(self) -> Optional[pulumi.Input[str]]:
|
652
756
|
"""
|
653
757
|
Role ARN to assume for plugin identity token federation. Requires Vault 1.16+.
|
654
|
-
|
655
|
-
```
|
656
|
-
{{ if (eq .Type "STS") }}
|
657
|
-
{{ printf "vault-%s-%s" (unix_time) (random 20) | truncate 32 }}
|
658
|
-
{{ else }}
|
659
|
-
{{ printf "vault-%s-%s-%s" (printf "%s-%s" (.DisplayName) (.PolicyName) | truncate 42) (unix_time) (random 20) | truncate 64 }}
|
660
|
-
{{ end }}
|
661
|
-
|
662
|
-
```
|
663
758
|
"""
|
664
759
|
return pulumi.get(self, "role_arn")
|
665
760
|
|
@@ -667,6 +762,46 @@ class _SecretBackendState:
|
|
667
762
|
def role_arn(self, value: Optional[pulumi.Input[str]]):
|
668
763
|
pulumi.set(self, "role_arn", value)
|
669
764
|
|
765
|
+
@property
|
766
|
+
@pulumi.getter(name="rotationPeriod")
|
767
|
+
def rotation_period(self) -> Optional[pulumi.Input[int]]:
|
768
|
+
"""
|
769
|
+
The amount of time in seconds Vault should wait before rotating the root credential.
|
770
|
+
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
771
|
+
"""
|
772
|
+
return pulumi.get(self, "rotation_period")
|
773
|
+
|
774
|
+
@rotation_period.setter
|
775
|
+
def rotation_period(self, value: Optional[pulumi.Input[int]]):
|
776
|
+
pulumi.set(self, "rotation_period", value)
|
777
|
+
|
778
|
+
@property
|
779
|
+
@pulumi.getter(name="rotationSchedule")
|
780
|
+
def rotation_schedule(self) -> Optional[pulumi.Input[str]]:
|
781
|
+
"""
|
782
|
+
The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
783
|
+
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
784
|
+
"""
|
785
|
+
return pulumi.get(self, "rotation_schedule")
|
786
|
+
|
787
|
+
@rotation_schedule.setter
|
788
|
+
def rotation_schedule(self, value: Optional[pulumi.Input[str]]):
|
789
|
+
pulumi.set(self, "rotation_schedule", value)
|
790
|
+
|
791
|
+
@property
|
792
|
+
@pulumi.getter(name="rotationWindow")
|
793
|
+
def rotation_window(self) -> Optional[pulumi.Input[int]]:
|
794
|
+
"""
|
795
|
+
The maximum amount of time in seconds allowed to complete
|
796
|
+
a rotation when a scheduled token rotation occurs. The default rotation window is
|
797
|
+
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
|
798
|
+
"""
|
799
|
+
return pulumi.get(self, "rotation_window")
|
800
|
+
|
801
|
+
@rotation_window.setter
|
802
|
+
def rotation_window(self, value: Optional[pulumi.Input[int]]):
|
803
|
+
pulumi.set(self, "rotation_window", value)
|
804
|
+
|
670
805
|
@property
|
671
806
|
@pulumi.getter(name="secretKey")
|
672
807
|
def secret_key(self) -> Optional[pulumi.Input[str]]:
|
@@ -732,6 +867,15 @@ class _SecretBackendState:
|
|
732
867
|
def username_template(self) -> Optional[pulumi.Input[str]]:
|
733
868
|
"""
|
734
869
|
Template describing how dynamic usernames are generated. The username template is used to generate both IAM usernames (capped at 64 characters) and STS usernames (capped at 32 characters). If no template is provided the field defaults to the template:
|
870
|
+
|
871
|
+
```
|
872
|
+
{{ if (eq .Type "STS") }}
|
873
|
+
{{ printf "vault-%s-%s" (unix_time) (random 20) | truncate 32 }}
|
874
|
+
{{ else }}
|
875
|
+
{{ printf "vault-%s-%s-%s" (printf "%s-%s" (.DisplayName) (.PolicyName) | truncate 42) (unix_time) (random 20) | truncate 64 }}
|
876
|
+
{{ end }}
|
877
|
+
|
878
|
+
```
|
735
879
|
"""
|
736
880
|
return pulumi.get(self, "username_template")
|
737
881
|
|
@@ -748,6 +892,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
748
892
|
access_key: Optional[pulumi.Input[str]] = None,
|
749
893
|
default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
750
894
|
description: Optional[pulumi.Input[str]] = None,
|
895
|
+
disable_automated_rotation: Optional[pulumi.Input[bool]] = None,
|
751
896
|
disable_remount: Optional[pulumi.Input[bool]] = None,
|
752
897
|
iam_endpoint: Optional[pulumi.Input[str]] = None,
|
753
898
|
identity_token_audience: Optional[pulumi.Input[str]] = None,
|
@@ -759,6 +904,9 @@ class SecretBackend(pulumi.CustomResource):
|
|
759
904
|
path: Optional[pulumi.Input[str]] = None,
|
760
905
|
region: Optional[pulumi.Input[str]] = None,
|
761
906
|
role_arn: Optional[pulumi.Input[str]] = None,
|
907
|
+
rotation_period: Optional[pulumi.Input[int]] = None,
|
908
|
+
rotation_schedule: Optional[pulumi.Input[str]] = None,
|
909
|
+
rotation_window: Optional[pulumi.Input[int]] = None,
|
762
910
|
secret_key: Optional[pulumi.Input[str]] = None,
|
763
911
|
sts_endpoint: Optional[pulumi.Input[str]] = None,
|
764
912
|
sts_fallback_endpoints: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
@@ -782,6 +930,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
782
930
|
:param pulumi.Input[int] default_lease_ttl_seconds: The default TTL for credentials
|
783
931
|
issued by this backend.
|
784
932
|
:param pulumi.Input[str] description: A human-friendly description for this backend.
|
933
|
+
:param pulumi.Input[bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
785
934
|
:param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
|
786
935
|
See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
|
787
936
|
:param pulumi.Input[str] iam_endpoint: Specifies a custom HTTP IAM endpoint to use.
|
@@ -799,6 +948,19 @@ class SecretBackend(pulumi.CustomResource):
|
|
799
948
|
not begin or end with a `/`. Defaults to `aws`.
|
800
949
|
:param pulumi.Input[str] region: The AWS region to make API calls against. Defaults to us-east-1.
|
801
950
|
:param pulumi.Input[str] role_arn: Role ARN to assume for plugin identity token federation. Requires Vault 1.16+.
|
951
|
+
:param pulumi.Input[int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
|
952
|
+
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
953
|
+
:param pulumi.Input[str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
954
|
+
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
955
|
+
:param pulumi.Input[int] rotation_window: The maximum amount of time in seconds allowed to complete
|
956
|
+
a rotation when a scheduled token rotation occurs. The default rotation window is
|
957
|
+
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
|
958
|
+
:param pulumi.Input[str] secret_key: The AWS Secret Access Key to use when generating new credentials.
|
959
|
+
:param pulumi.Input[str] sts_endpoint: Specifies a custom HTTP STS endpoint to use.
|
960
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] sts_fallback_endpoints: Ordered list of `sts_endpoint`s to try if the defined one fails. Requires Vault 1.19+
|
961
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] sts_fallback_regions: Ordered list of `sts_region`s matching the fallback endpoints. Should correspond in order with those endpoints. Requires Vault 1.19+
|
962
|
+
:param pulumi.Input[str] sts_region: Specifies the region of the STS endpoint. Should be included if `sts_endpoint` is supplied. Requires Vault 1.19+
|
963
|
+
:param pulumi.Input[str] username_template: Template describing how dynamic usernames are generated. The username template is used to generate both IAM usernames (capped at 64 characters) and STS usernames (capped at 32 characters). If no template is provided the field defaults to the template:
|
802
964
|
|
803
965
|
```
|
804
966
|
{{ if (eq .Type "STS") }}
|
@@ -808,12 +970,6 @@ class SecretBackend(pulumi.CustomResource):
|
|
808
970
|
{{ end }}
|
809
971
|
|
810
972
|
```
|
811
|
-
:param pulumi.Input[str] secret_key: The AWS Secret Access Key to use when generating new credentials.
|
812
|
-
:param pulumi.Input[str] sts_endpoint: Specifies a custom HTTP STS endpoint to use.
|
813
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] sts_fallback_endpoints: Ordered list of `sts_endpoint`s to try if the defined one fails. Requires Vault 1.19+
|
814
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] sts_fallback_regions: Ordered list of `sts_region`s matching the fallback endpoints. Should correspond in order with those endpoints. Requires Vault 1.19+
|
815
|
-
:param pulumi.Input[str] sts_region: Specifies the region of the STS endpoint. Should be included if `sts_endpoint` is supplied. Requires Vault 1.19+
|
816
|
-
:param pulumi.Input[str] username_template: Template describing how dynamic usernames are generated. The username template is used to generate both IAM usernames (capped at 64 characters) and STS usernames (capped at 32 characters). If no template is provided the field defaults to the template:
|
817
973
|
"""
|
818
974
|
...
|
819
975
|
@overload
|
@@ -848,6 +1004,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
848
1004
|
access_key: Optional[pulumi.Input[str]] = None,
|
849
1005
|
default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
850
1006
|
description: Optional[pulumi.Input[str]] = None,
|
1007
|
+
disable_automated_rotation: Optional[pulumi.Input[bool]] = None,
|
851
1008
|
disable_remount: Optional[pulumi.Input[bool]] = None,
|
852
1009
|
iam_endpoint: Optional[pulumi.Input[str]] = None,
|
853
1010
|
identity_token_audience: Optional[pulumi.Input[str]] = None,
|
@@ -859,6 +1016,9 @@ class SecretBackend(pulumi.CustomResource):
|
|
859
1016
|
path: Optional[pulumi.Input[str]] = None,
|
860
1017
|
region: Optional[pulumi.Input[str]] = None,
|
861
1018
|
role_arn: Optional[pulumi.Input[str]] = None,
|
1019
|
+
rotation_period: Optional[pulumi.Input[int]] = None,
|
1020
|
+
rotation_schedule: Optional[pulumi.Input[str]] = None,
|
1021
|
+
rotation_window: Optional[pulumi.Input[int]] = None,
|
862
1022
|
secret_key: Optional[pulumi.Input[str]] = None,
|
863
1023
|
sts_endpoint: Optional[pulumi.Input[str]] = None,
|
864
1024
|
sts_fallback_endpoints: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
@@ -877,6 +1037,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
877
1037
|
__props__.__dict__["access_key"] = None if access_key is None else pulumi.Output.secret(access_key)
|
878
1038
|
__props__.__dict__["default_lease_ttl_seconds"] = default_lease_ttl_seconds
|
879
1039
|
__props__.__dict__["description"] = description
|
1040
|
+
__props__.__dict__["disable_automated_rotation"] = disable_automated_rotation
|
880
1041
|
__props__.__dict__["disable_remount"] = disable_remount
|
881
1042
|
__props__.__dict__["iam_endpoint"] = iam_endpoint
|
882
1043
|
__props__.__dict__["identity_token_audience"] = identity_token_audience
|
@@ -888,6 +1049,9 @@ class SecretBackend(pulumi.CustomResource):
|
|
888
1049
|
__props__.__dict__["path"] = path
|
889
1050
|
__props__.__dict__["region"] = region
|
890
1051
|
__props__.__dict__["role_arn"] = role_arn
|
1052
|
+
__props__.__dict__["rotation_period"] = rotation_period
|
1053
|
+
__props__.__dict__["rotation_schedule"] = rotation_schedule
|
1054
|
+
__props__.__dict__["rotation_window"] = rotation_window
|
891
1055
|
__props__.__dict__["secret_key"] = None if secret_key is None else pulumi.Output.secret(secret_key)
|
892
1056
|
__props__.__dict__["sts_endpoint"] = sts_endpoint
|
893
1057
|
__props__.__dict__["sts_fallback_endpoints"] = sts_fallback_endpoints
|
@@ -909,6 +1073,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
909
1073
|
access_key: Optional[pulumi.Input[str]] = None,
|
910
1074
|
default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
911
1075
|
description: Optional[pulumi.Input[str]] = None,
|
1076
|
+
disable_automated_rotation: Optional[pulumi.Input[bool]] = None,
|
912
1077
|
disable_remount: Optional[pulumi.Input[bool]] = None,
|
913
1078
|
iam_endpoint: Optional[pulumi.Input[str]] = None,
|
914
1079
|
identity_token_audience: Optional[pulumi.Input[str]] = None,
|
@@ -920,6 +1085,9 @@ class SecretBackend(pulumi.CustomResource):
|
|
920
1085
|
path: Optional[pulumi.Input[str]] = None,
|
921
1086
|
region: Optional[pulumi.Input[str]] = None,
|
922
1087
|
role_arn: Optional[pulumi.Input[str]] = None,
|
1088
|
+
rotation_period: Optional[pulumi.Input[int]] = None,
|
1089
|
+
rotation_schedule: Optional[pulumi.Input[str]] = None,
|
1090
|
+
rotation_window: Optional[pulumi.Input[int]] = None,
|
923
1091
|
secret_key: Optional[pulumi.Input[str]] = None,
|
924
1092
|
sts_endpoint: Optional[pulumi.Input[str]] = None,
|
925
1093
|
sts_fallback_endpoints: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
@@ -938,6 +1106,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
938
1106
|
:param pulumi.Input[int] default_lease_ttl_seconds: The default TTL for credentials
|
939
1107
|
issued by this backend.
|
940
1108
|
:param pulumi.Input[str] description: A human-friendly description for this backend.
|
1109
|
+
:param pulumi.Input[bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
941
1110
|
:param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
|
942
1111
|
See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
|
943
1112
|
:param pulumi.Input[str] iam_endpoint: Specifies a custom HTTP IAM endpoint to use.
|
@@ -955,6 +1124,19 @@ class SecretBackend(pulumi.CustomResource):
|
|
955
1124
|
not begin or end with a `/`. Defaults to `aws`.
|
956
1125
|
:param pulumi.Input[str] region: The AWS region to make API calls against. Defaults to us-east-1.
|
957
1126
|
:param pulumi.Input[str] role_arn: Role ARN to assume for plugin identity token federation. Requires Vault 1.16+.
|
1127
|
+
:param pulumi.Input[int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
|
1128
|
+
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
1129
|
+
:param pulumi.Input[str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
1130
|
+
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
1131
|
+
:param pulumi.Input[int] rotation_window: The maximum amount of time in seconds allowed to complete
|
1132
|
+
a rotation when a scheduled token rotation occurs. The default rotation window is
|
1133
|
+
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
|
1134
|
+
:param pulumi.Input[str] secret_key: The AWS Secret Access Key to use when generating new credentials.
|
1135
|
+
:param pulumi.Input[str] sts_endpoint: Specifies a custom HTTP STS endpoint to use.
|
1136
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] sts_fallback_endpoints: Ordered list of `sts_endpoint`s to try if the defined one fails. Requires Vault 1.19+
|
1137
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] sts_fallback_regions: Ordered list of `sts_region`s matching the fallback endpoints. Should correspond in order with those endpoints. Requires Vault 1.19+
|
1138
|
+
:param pulumi.Input[str] sts_region: Specifies the region of the STS endpoint. Should be included if `sts_endpoint` is supplied. Requires Vault 1.19+
|
1139
|
+
:param pulumi.Input[str] username_template: Template describing how dynamic usernames are generated. The username template is used to generate both IAM usernames (capped at 64 characters) and STS usernames (capped at 32 characters). If no template is provided the field defaults to the template:
|
958
1140
|
|
959
1141
|
```
|
960
1142
|
{{ if (eq .Type "STS") }}
|
@@ -964,12 +1146,6 @@ class SecretBackend(pulumi.CustomResource):
|
|
964
1146
|
{{ end }}
|
965
1147
|
|
966
1148
|
```
|
967
|
-
:param pulumi.Input[str] secret_key: The AWS Secret Access Key to use when generating new credentials.
|
968
|
-
:param pulumi.Input[str] sts_endpoint: Specifies a custom HTTP STS endpoint to use.
|
969
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] sts_fallback_endpoints: Ordered list of `sts_endpoint`s to try if the defined one fails. Requires Vault 1.19+
|
970
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] sts_fallback_regions: Ordered list of `sts_region`s matching the fallback endpoints. Should correspond in order with those endpoints. Requires Vault 1.19+
|
971
|
-
:param pulumi.Input[str] sts_region: Specifies the region of the STS endpoint. Should be included if `sts_endpoint` is supplied. Requires Vault 1.19+
|
972
|
-
:param pulumi.Input[str] username_template: Template describing how dynamic usernames are generated. The username template is used to generate both IAM usernames (capped at 64 characters) and STS usernames (capped at 32 characters). If no template is provided the field defaults to the template:
|
973
1149
|
"""
|
974
1150
|
opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
|
975
1151
|
|
@@ -978,6 +1154,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
978
1154
|
__props__.__dict__["access_key"] = access_key
|
979
1155
|
__props__.__dict__["default_lease_ttl_seconds"] = default_lease_ttl_seconds
|
980
1156
|
__props__.__dict__["description"] = description
|
1157
|
+
__props__.__dict__["disable_automated_rotation"] = disable_automated_rotation
|
981
1158
|
__props__.__dict__["disable_remount"] = disable_remount
|
982
1159
|
__props__.__dict__["iam_endpoint"] = iam_endpoint
|
983
1160
|
__props__.__dict__["identity_token_audience"] = identity_token_audience
|
@@ -989,6 +1166,9 @@ class SecretBackend(pulumi.CustomResource):
|
|
989
1166
|
__props__.__dict__["path"] = path
|
990
1167
|
__props__.__dict__["region"] = region
|
991
1168
|
__props__.__dict__["role_arn"] = role_arn
|
1169
|
+
__props__.__dict__["rotation_period"] = rotation_period
|
1170
|
+
__props__.__dict__["rotation_schedule"] = rotation_schedule
|
1171
|
+
__props__.__dict__["rotation_window"] = rotation_window
|
992
1172
|
__props__.__dict__["secret_key"] = secret_key
|
993
1173
|
__props__.__dict__["sts_endpoint"] = sts_endpoint
|
994
1174
|
__props__.__dict__["sts_fallback_endpoints"] = sts_fallback_endpoints
|
@@ -1023,6 +1203,14 @@ class SecretBackend(pulumi.CustomResource):
|
|
1023
1203
|
"""
|
1024
1204
|
return pulumi.get(self, "description")
|
1025
1205
|
|
1206
|
+
@property
|
1207
|
+
@pulumi.getter(name="disableAutomatedRotation")
|
1208
|
+
def disable_automated_rotation(self) -> pulumi.Output[Optional[bool]]:
|
1209
|
+
"""
|
1210
|
+
Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
1211
|
+
"""
|
1212
|
+
return pulumi.get(self, "disable_automated_rotation")
|
1213
|
+
|
1026
1214
|
@property
|
1027
1215
|
@pulumi.getter(name="disableRemount")
|
1028
1216
|
def disable_remount(self) -> pulumi.Output[Optional[bool]]:
|
@@ -1114,17 +1302,36 @@ class SecretBackend(pulumi.CustomResource):
|
|
1114
1302
|
def role_arn(self) -> pulumi.Output[Optional[str]]:
|
1115
1303
|
"""
|
1116
1304
|
Role ARN to assume for plugin identity token federation. Requires Vault 1.16+.
|
1305
|
+
"""
|
1306
|
+
return pulumi.get(self, "role_arn")
|
1117
1307
|
|
1118
|
-
|
1119
|
-
|
1120
|
-
|
1121
|
-
|
1122
|
-
|
1123
|
-
|
1308
|
+
@property
|
1309
|
+
@pulumi.getter(name="rotationPeriod")
|
1310
|
+
def rotation_period(self) -> pulumi.Output[Optional[int]]:
|
1311
|
+
"""
|
1312
|
+
The amount of time in seconds Vault should wait before rotating the root credential.
|
1313
|
+
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
1314
|
+
"""
|
1315
|
+
return pulumi.get(self, "rotation_period")
|
1124
1316
|
|
1125
|
-
|
1317
|
+
@property
|
1318
|
+
@pulumi.getter(name="rotationSchedule")
|
1319
|
+
def rotation_schedule(self) -> pulumi.Output[Optional[str]]:
|
1126
1320
|
"""
|
1127
|
-
|
1321
|
+
The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
1322
|
+
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
1323
|
+
"""
|
1324
|
+
return pulumi.get(self, "rotation_schedule")
|
1325
|
+
|
1326
|
+
@property
|
1327
|
+
@pulumi.getter(name="rotationWindow")
|
1328
|
+
def rotation_window(self) -> pulumi.Output[Optional[int]]:
|
1329
|
+
"""
|
1330
|
+
The maximum amount of time in seconds allowed to complete
|
1331
|
+
a rotation when a scheduled token rotation occurs. The default rotation window is
|
1332
|
+
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
|
1333
|
+
"""
|
1334
|
+
return pulumi.get(self, "rotation_window")
|
1128
1335
|
|
1129
1336
|
@property
|
1130
1337
|
@pulumi.getter(name="secretKey")
|
@@ -1171,6 +1378,15 @@ class SecretBackend(pulumi.CustomResource):
|
|
1171
1378
|
def username_template(self) -> pulumi.Output[str]:
|
1172
1379
|
"""
|
1173
1380
|
Template describing how dynamic usernames are generated. The username template is used to generate both IAM usernames (capped at 64 characters) and STS usernames (capped at 32 characters). If no template is provided the field defaults to the template:
|
1381
|
+
|
1382
|
+
```
|
1383
|
+
{{ if (eq .Type "STS") }}
|
1384
|
+
{{ printf "vault-%s-%s" (unix_time) (random 20) | truncate 32 }}
|
1385
|
+
{{ else }}
|
1386
|
+
{{ printf "vault-%s-%s-%s" (printf "%s-%s" (.DisplayName) (.PolicyName) | truncate 42) (unix_time) (random 20) | truncate 64 }}
|
1387
|
+
{{ end }}
|
1388
|
+
|
1389
|
+
```
|
1174
1390
|
"""
|
1175
1391
|
return pulumi.get(self, "username_template")
|
1176
1392
|
|