pulumi-vault 6.6.0a1741415971__py3-none-any.whl → 6.7.0a1741847926__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +8 -0
- pulumi_vault/aws/auth_backend_client.py +228 -4
- pulumi_vault/aws/secret_backend.py +266 -50
- pulumi_vault/aws/secret_backend_static_role.py +217 -0
- pulumi_vault/azure/auth_backend_config.py +257 -5
- pulumi_vault/azure/backend.py +249 -4
- pulumi_vault/database/_inputs.py +1692 -36
- pulumi_vault/database/outputs.py +1170 -18
- pulumi_vault/database/secret_backend_connection.py +220 -0
- pulumi_vault/database/secret_backend_static_role.py +143 -1
- pulumi_vault/database/secrets_mount.py +8 -0
- pulumi_vault/gcp/auth_backend.py +222 -2
- pulumi_vault/gcp/secret_backend.py +244 -4
- pulumi_vault/ldap/auth_backend.py +222 -2
- pulumi_vault/ldap/secret_backend.py +222 -2
- pulumi_vault/pkisecret/__init__.py +2 -0
- pulumi_vault/pkisecret/_inputs.py +0 -6
- pulumi_vault/pkisecret/backend_config_acme.py +47 -0
- pulumi_vault/pkisecret/backend_config_auto_tidy.py +1376 -0
- pulumi_vault/pkisecret/backend_config_cmpv2.py +61 -14
- pulumi_vault/pkisecret/get_backend_cert_metadata.py +277 -0
- pulumi_vault/pkisecret/get_backend_config_cmpv2.py +18 -1
- pulumi_vault/pkisecret/get_backend_issuer.py +114 -1
- pulumi_vault/pkisecret/outputs.py +0 -4
- pulumi_vault/pkisecret/secret_backend_cert.py +148 -7
- pulumi_vault/pkisecret/secret_backend_crl_config.py +54 -0
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +141 -0
- pulumi_vault/pkisecret/secret_backend_issuer.py +265 -0
- pulumi_vault/pkisecret/secret_backend_role.py +252 -3
- pulumi_vault/pkisecret/secret_backend_root_cert.py +423 -0
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +581 -3
- pulumi_vault/pkisecret/secret_backend_sign.py +94 -0
- pulumi_vault/pulumi-plugin.json +1 -1
- pulumi_vault/ssh/__init__.py +1 -0
- pulumi_vault/ssh/get_secret_backend_sign.py +294 -0
- pulumi_vault/terraformcloud/secret_role.py +7 -7
- pulumi_vault/transit/__init__.py +2 -0
- pulumi_vault/transit/get_sign.py +324 -0
- pulumi_vault/transit/get_verify.py +354 -0
- pulumi_vault/transit/secret_backend_key.py +162 -0
- {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0a1741847926.dist-info}/METADATA +1 -1
- {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0a1741847926.dist-info}/RECORD +44 -39
- {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0a1741847926.dist-info}/WHEEL +1 -1
- {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0a1741847926.dist-info}/top_level.txt +0 -0
@@ -21,15 +21,27 @@ class SecretBackendStaticRoleArgs:
|
|
21
21
|
def __init__(__self__, *,
|
22
22
|
rotation_period: pulumi.Input[int],
|
23
23
|
username: pulumi.Input[str],
|
24
|
+
assume_role_arn: Optional[pulumi.Input[str]] = None,
|
25
|
+
assume_role_session_name: Optional[pulumi.Input[str]] = None,
|
24
26
|
backend: Optional[pulumi.Input[str]] = None,
|
27
|
+
external_id: Optional[pulumi.Input[str]] = None,
|
25
28
|
name: Optional[pulumi.Input[str]] = None,
|
26
29
|
namespace: Optional[pulumi.Input[str]] = None):
|
27
30
|
"""
|
28
31
|
The set of arguments for constructing a SecretBackendStaticRole resource.
|
29
32
|
:param pulumi.Input[int] rotation_period: How often Vault should rotate the password of the user entry.
|
30
33
|
:param pulumi.Input[str] username: The username of the existing AWS IAM to manage password rotation for.
|
34
|
+
:param pulumi.Input[str] assume_role_arn: Specifies the ARN of the role that Vault should assume.
|
35
|
+
When provided, Vault will use AWS STS to assume this role and generate temporary credentials.
|
36
|
+
If `assume_role_arn` is provided, `assume_role_session_name` must also be provided.
|
37
|
+
Requires Vault 1.19+. *Available only for Vault Enterprise*.
|
38
|
+
:param pulumi.Input[str] assume_role_session_name: Specifies the session name to use when assuming the role.
|
39
|
+
If `assume_role_session_name` is provided, `assume_role_arn` must also be provided.
|
40
|
+
Requires Vault 1.19+. *Available only for Vault Enterprise*.
|
31
41
|
:param pulumi.Input[str] backend: The unique path this backend should be mounted at. Must
|
32
42
|
not begin or end with a `/`. Defaults to `aws`
|
43
|
+
:param pulumi.Input[str] external_id: Specifies the external ID to use when assuming the role.
|
44
|
+
Requires Vault 1.19+. *Available only for Vault Enterprise*.
|
33
45
|
:param pulumi.Input[str] name: The name to identify this role within the backend.
|
34
46
|
Must be unique within the backend.
|
35
47
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
@@ -39,8 +51,14 @@ class SecretBackendStaticRoleArgs:
|
|
39
51
|
"""
|
40
52
|
pulumi.set(__self__, "rotation_period", rotation_period)
|
41
53
|
pulumi.set(__self__, "username", username)
|
54
|
+
if assume_role_arn is not None:
|
55
|
+
pulumi.set(__self__, "assume_role_arn", assume_role_arn)
|
56
|
+
if assume_role_session_name is not None:
|
57
|
+
pulumi.set(__self__, "assume_role_session_name", assume_role_session_name)
|
42
58
|
if backend is not None:
|
43
59
|
pulumi.set(__self__, "backend", backend)
|
60
|
+
if external_id is not None:
|
61
|
+
pulumi.set(__self__, "external_id", external_id)
|
44
62
|
if name is not None:
|
45
63
|
pulumi.set(__self__, "name", name)
|
46
64
|
if namespace is not None:
|
@@ -70,6 +88,35 @@ class SecretBackendStaticRoleArgs:
|
|
70
88
|
def username(self, value: pulumi.Input[str]):
|
71
89
|
pulumi.set(self, "username", value)
|
72
90
|
|
91
|
+
@property
|
92
|
+
@pulumi.getter(name="assumeRoleArn")
|
93
|
+
def assume_role_arn(self) -> Optional[pulumi.Input[str]]:
|
94
|
+
"""
|
95
|
+
Specifies the ARN of the role that Vault should assume.
|
96
|
+
When provided, Vault will use AWS STS to assume this role and generate temporary credentials.
|
97
|
+
If `assume_role_arn` is provided, `assume_role_session_name` must also be provided.
|
98
|
+
Requires Vault 1.19+. *Available only for Vault Enterprise*.
|
99
|
+
"""
|
100
|
+
return pulumi.get(self, "assume_role_arn")
|
101
|
+
|
102
|
+
@assume_role_arn.setter
|
103
|
+
def assume_role_arn(self, value: Optional[pulumi.Input[str]]):
|
104
|
+
pulumi.set(self, "assume_role_arn", value)
|
105
|
+
|
106
|
+
@property
|
107
|
+
@pulumi.getter(name="assumeRoleSessionName")
|
108
|
+
def assume_role_session_name(self) -> Optional[pulumi.Input[str]]:
|
109
|
+
"""
|
110
|
+
Specifies the session name to use when assuming the role.
|
111
|
+
If `assume_role_session_name` is provided, `assume_role_arn` must also be provided.
|
112
|
+
Requires Vault 1.19+. *Available only for Vault Enterprise*.
|
113
|
+
"""
|
114
|
+
return pulumi.get(self, "assume_role_session_name")
|
115
|
+
|
116
|
+
@assume_role_session_name.setter
|
117
|
+
def assume_role_session_name(self, value: Optional[pulumi.Input[str]]):
|
118
|
+
pulumi.set(self, "assume_role_session_name", value)
|
119
|
+
|
73
120
|
@property
|
74
121
|
@pulumi.getter
|
75
122
|
def backend(self) -> Optional[pulumi.Input[str]]:
|
@@ -83,6 +130,19 @@ class SecretBackendStaticRoleArgs:
|
|
83
130
|
def backend(self, value: Optional[pulumi.Input[str]]):
|
84
131
|
pulumi.set(self, "backend", value)
|
85
132
|
|
133
|
+
@property
|
134
|
+
@pulumi.getter(name="externalId")
|
135
|
+
def external_id(self) -> Optional[pulumi.Input[str]]:
|
136
|
+
"""
|
137
|
+
Specifies the external ID to use when assuming the role.
|
138
|
+
Requires Vault 1.19+. *Available only for Vault Enterprise*.
|
139
|
+
"""
|
140
|
+
return pulumi.get(self, "external_id")
|
141
|
+
|
142
|
+
@external_id.setter
|
143
|
+
def external_id(self, value: Optional[pulumi.Input[str]]):
|
144
|
+
pulumi.set(self, "external_id", value)
|
145
|
+
|
86
146
|
@property
|
87
147
|
@pulumi.getter
|
88
148
|
def name(self) -> Optional[pulumi.Input[str]]:
|
@@ -115,15 +175,27 @@ class SecretBackendStaticRoleArgs:
|
|
115
175
|
@pulumi.input_type
|
116
176
|
class _SecretBackendStaticRoleState:
|
117
177
|
def __init__(__self__, *,
|
178
|
+
assume_role_arn: Optional[pulumi.Input[str]] = None,
|
179
|
+
assume_role_session_name: Optional[pulumi.Input[str]] = None,
|
118
180
|
backend: Optional[pulumi.Input[str]] = None,
|
181
|
+
external_id: Optional[pulumi.Input[str]] = None,
|
119
182
|
name: Optional[pulumi.Input[str]] = None,
|
120
183
|
namespace: Optional[pulumi.Input[str]] = None,
|
121
184
|
rotation_period: Optional[pulumi.Input[int]] = None,
|
122
185
|
username: Optional[pulumi.Input[str]] = None):
|
123
186
|
"""
|
124
187
|
Input properties used for looking up and filtering SecretBackendStaticRole resources.
|
188
|
+
:param pulumi.Input[str] assume_role_arn: Specifies the ARN of the role that Vault should assume.
|
189
|
+
When provided, Vault will use AWS STS to assume this role and generate temporary credentials.
|
190
|
+
If `assume_role_arn` is provided, `assume_role_session_name` must also be provided.
|
191
|
+
Requires Vault 1.19+. *Available only for Vault Enterprise*.
|
192
|
+
:param pulumi.Input[str] assume_role_session_name: Specifies the session name to use when assuming the role.
|
193
|
+
If `assume_role_session_name` is provided, `assume_role_arn` must also be provided.
|
194
|
+
Requires Vault 1.19+. *Available only for Vault Enterprise*.
|
125
195
|
:param pulumi.Input[str] backend: The unique path this backend should be mounted at. Must
|
126
196
|
not begin or end with a `/`. Defaults to `aws`
|
197
|
+
:param pulumi.Input[str] external_id: Specifies the external ID to use when assuming the role.
|
198
|
+
Requires Vault 1.19+. *Available only for Vault Enterprise*.
|
127
199
|
:param pulumi.Input[str] name: The name to identify this role within the backend.
|
128
200
|
Must be unique within the backend.
|
129
201
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
@@ -133,8 +205,14 @@ class _SecretBackendStaticRoleState:
|
|
133
205
|
:param pulumi.Input[int] rotation_period: How often Vault should rotate the password of the user entry.
|
134
206
|
:param pulumi.Input[str] username: The username of the existing AWS IAM to manage password rotation for.
|
135
207
|
"""
|
208
|
+
if assume_role_arn is not None:
|
209
|
+
pulumi.set(__self__, "assume_role_arn", assume_role_arn)
|
210
|
+
if assume_role_session_name is not None:
|
211
|
+
pulumi.set(__self__, "assume_role_session_name", assume_role_session_name)
|
136
212
|
if backend is not None:
|
137
213
|
pulumi.set(__self__, "backend", backend)
|
214
|
+
if external_id is not None:
|
215
|
+
pulumi.set(__self__, "external_id", external_id)
|
138
216
|
if name is not None:
|
139
217
|
pulumi.set(__self__, "name", name)
|
140
218
|
if namespace is not None:
|
@@ -144,6 +222,35 @@ class _SecretBackendStaticRoleState:
|
|
144
222
|
if username is not None:
|
145
223
|
pulumi.set(__self__, "username", username)
|
146
224
|
|
225
|
+
@property
|
226
|
+
@pulumi.getter(name="assumeRoleArn")
|
227
|
+
def assume_role_arn(self) -> Optional[pulumi.Input[str]]:
|
228
|
+
"""
|
229
|
+
Specifies the ARN of the role that Vault should assume.
|
230
|
+
When provided, Vault will use AWS STS to assume this role and generate temporary credentials.
|
231
|
+
If `assume_role_arn` is provided, `assume_role_session_name` must also be provided.
|
232
|
+
Requires Vault 1.19+. *Available only for Vault Enterprise*.
|
233
|
+
"""
|
234
|
+
return pulumi.get(self, "assume_role_arn")
|
235
|
+
|
236
|
+
@assume_role_arn.setter
|
237
|
+
def assume_role_arn(self, value: Optional[pulumi.Input[str]]):
|
238
|
+
pulumi.set(self, "assume_role_arn", value)
|
239
|
+
|
240
|
+
@property
|
241
|
+
@pulumi.getter(name="assumeRoleSessionName")
|
242
|
+
def assume_role_session_name(self) -> Optional[pulumi.Input[str]]:
|
243
|
+
"""
|
244
|
+
Specifies the session name to use when assuming the role.
|
245
|
+
If `assume_role_session_name` is provided, `assume_role_arn` must also be provided.
|
246
|
+
Requires Vault 1.19+. *Available only for Vault Enterprise*.
|
247
|
+
"""
|
248
|
+
return pulumi.get(self, "assume_role_session_name")
|
249
|
+
|
250
|
+
@assume_role_session_name.setter
|
251
|
+
def assume_role_session_name(self, value: Optional[pulumi.Input[str]]):
|
252
|
+
pulumi.set(self, "assume_role_session_name", value)
|
253
|
+
|
147
254
|
@property
|
148
255
|
@pulumi.getter
|
149
256
|
def backend(self) -> Optional[pulumi.Input[str]]:
|
@@ -157,6 +264,19 @@ class _SecretBackendStaticRoleState:
|
|
157
264
|
def backend(self, value: Optional[pulumi.Input[str]]):
|
158
265
|
pulumi.set(self, "backend", value)
|
159
266
|
|
267
|
+
@property
|
268
|
+
@pulumi.getter(name="externalId")
|
269
|
+
def external_id(self) -> Optional[pulumi.Input[str]]:
|
270
|
+
"""
|
271
|
+
Specifies the external ID to use when assuming the role.
|
272
|
+
Requires Vault 1.19+. *Available only for Vault Enterprise*.
|
273
|
+
"""
|
274
|
+
return pulumi.get(self, "external_id")
|
275
|
+
|
276
|
+
@external_id.setter
|
277
|
+
def external_id(self, value: Optional[pulumi.Input[str]]):
|
278
|
+
pulumi.set(self, "external_id", value)
|
279
|
+
|
160
280
|
@property
|
161
281
|
@pulumi.getter
|
162
282
|
def name(self) -> Optional[pulumi.Input[str]]:
|
@@ -215,7 +335,10 @@ class SecretBackendStaticRole(pulumi.CustomResource):
|
|
215
335
|
def __init__(__self__,
|
216
336
|
resource_name: str,
|
217
337
|
opts: Optional[pulumi.ResourceOptions] = None,
|
338
|
+
assume_role_arn: Optional[pulumi.Input[str]] = None,
|
339
|
+
assume_role_session_name: Optional[pulumi.Input[str]] = None,
|
218
340
|
backend: Optional[pulumi.Input[str]] = None,
|
341
|
+
external_id: Optional[pulumi.Input[str]] = None,
|
219
342
|
name: Optional[pulumi.Input[str]] = None,
|
220
343
|
namespace: Optional[pulumi.Input[str]] = None,
|
221
344
|
rotation_period: Optional[pulumi.Input[int]] = None,
|
@@ -238,6 +361,23 @@ class SecretBackendStaticRole(pulumi.CustomResource):
|
|
238
361
|
rotation_period=3600)
|
239
362
|
```
|
240
363
|
|
364
|
+
```python
|
365
|
+
import pulumi
|
366
|
+
import pulumi_vault as vault
|
367
|
+
|
368
|
+
aws = vault.aws.SecretBackend("aws",
|
369
|
+
path="my-aws",
|
370
|
+
description="Obtain AWS credentials.")
|
371
|
+
assume_role = vault.aws.SecretBackendStaticRole("assume-role",
|
372
|
+
backend=aws.path,
|
373
|
+
name="assume-role-test",
|
374
|
+
username="my-assume-role-user",
|
375
|
+
assume_role_arn="arn:aws:iam::123456789012:role/assume-role",
|
376
|
+
assume_role_session_name="assume-role-session",
|
377
|
+
external_id="test-id",
|
378
|
+
rotation_period=3600)
|
379
|
+
```
|
380
|
+
|
241
381
|
## Import
|
242
382
|
|
243
383
|
AWS secret backend static role can be imported using the full path to the role
|
@@ -249,8 +389,17 @@ class SecretBackendStaticRole(pulumi.CustomResource):
|
|
249
389
|
|
250
390
|
:param str resource_name: The name of the resource.
|
251
391
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
392
|
+
:param pulumi.Input[str] assume_role_arn: Specifies the ARN of the role that Vault should assume.
|
393
|
+
When provided, Vault will use AWS STS to assume this role and generate temporary credentials.
|
394
|
+
If `assume_role_arn` is provided, `assume_role_session_name` must also be provided.
|
395
|
+
Requires Vault 1.19+. *Available only for Vault Enterprise*.
|
396
|
+
:param pulumi.Input[str] assume_role_session_name: Specifies the session name to use when assuming the role.
|
397
|
+
If `assume_role_session_name` is provided, `assume_role_arn` must also be provided.
|
398
|
+
Requires Vault 1.19+. *Available only for Vault Enterprise*.
|
252
399
|
:param pulumi.Input[str] backend: The unique path this backend should be mounted at. Must
|
253
400
|
not begin or end with a `/`. Defaults to `aws`
|
401
|
+
:param pulumi.Input[str] external_id: Specifies the external ID to use when assuming the role.
|
402
|
+
Requires Vault 1.19+. *Available only for Vault Enterprise*.
|
254
403
|
:param pulumi.Input[str] name: The name to identify this role within the backend.
|
255
404
|
Must be unique within the backend.
|
256
405
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
@@ -283,6 +432,23 @@ class SecretBackendStaticRole(pulumi.CustomResource):
|
|
283
432
|
rotation_period=3600)
|
284
433
|
```
|
285
434
|
|
435
|
+
```python
|
436
|
+
import pulumi
|
437
|
+
import pulumi_vault as vault
|
438
|
+
|
439
|
+
aws = vault.aws.SecretBackend("aws",
|
440
|
+
path="my-aws",
|
441
|
+
description="Obtain AWS credentials.")
|
442
|
+
assume_role = vault.aws.SecretBackendStaticRole("assume-role",
|
443
|
+
backend=aws.path,
|
444
|
+
name="assume-role-test",
|
445
|
+
username="my-assume-role-user",
|
446
|
+
assume_role_arn="arn:aws:iam::123456789012:role/assume-role",
|
447
|
+
assume_role_session_name="assume-role-session",
|
448
|
+
external_id="test-id",
|
449
|
+
rotation_period=3600)
|
450
|
+
```
|
451
|
+
|
286
452
|
## Import
|
287
453
|
|
288
454
|
AWS secret backend static role can be imported using the full path to the role
|
@@ -307,7 +473,10 @@ class SecretBackendStaticRole(pulumi.CustomResource):
|
|
307
473
|
def _internal_init(__self__,
|
308
474
|
resource_name: str,
|
309
475
|
opts: Optional[pulumi.ResourceOptions] = None,
|
476
|
+
assume_role_arn: Optional[pulumi.Input[str]] = None,
|
477
|
+
assume_role_session_name: Optional[pulumi.Input[str]] = None,
|
310
478
|
backend: Optional[pulumi.Input[str]] = None,
|
479
|
+
external_id: Optional[pulumi.Input[str]] = None,
|
311
480
|
name: Optional[pulumi.Input[str]] = None,
|
312
481
|
namespace: Optional[pulumi.Input[str]] = None,
|
313
482
|
rotation_period: Optional[pulumi.Input[int]] = None,
|
@@ -321,7 +490,10 @@ class SecretBackendStaticRole(pulumi.CustomResource):
|
|
321
490
|
raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource')
|
322
491
|
__props__ = SecretBackendStaticRoleArgs.__new__(SecretBackendStaticRoleArgs)
|
323
492
|
|
493
|
+
__props__.__dict__["assume_role_arn"] = assume_role_arn
|
494
|
+
__props__.__dict__["assume_role_session_name"] = assume_role_session_name
|
324
495
|
__props__.__dict__["backend"] = backend
|
496
|
+
__props__.__dict__["external_id"] = external_id
|
325
497
|
__props__.__dict__["name"] = name
|
326
498
|
__props__.__dict__["namespace"] = namespace
|
327
499
|
if rotation_period is None and not opts.urn:
|
@@ -340,7 +512,10 @@ class SecretBackendStaticRole(pulumi.CustomResource):
|
|
340
512
|
def get(resource_name: str,
|
341
513
|
id: pulumi.Input[str],
|
342
514
|
opts: Optional[pulumi.ResourceOptions] = None,
|
515
|
+
assume_role_arn: Optional[pulumi.Input[str]] = None,
|
516
|
+
assume_role_session_name: Optional[pulumi.Input[str]] = None,
|
343
517
|
backend: Optional[pulumi.Input[str]] = None,
|
518
|
+
external_id: Optional[pulumi.Input[str]] = None,
|
344
519
|
name: Optional[pulumi.Input[str]] = None,
|
345
520
|
namespace: Optional[pulumi.Input[str]] = None,
|
346
521
|
rotation_period: Optional[pulumi.Input[int]] = None,
|
@@ -352,8 +527,17 @@ class SecretBackendStaticRole(pulumi.CustomResource):
|
|
352
527
|
:param str resource_name: The unique name of the resulting resource.
|
353
528
|
:param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
|
354
529
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
530
|
+
:param pulumi.Input[str] assume_role_arn: Specifies the ARN of the role that Vault should assume.
|
531
|
+
When provided, Vault will use AWS STS to assume this role and generate temporary credentials.
|
532
|
+
If `assume_role_arn` is provided, `assume_role_session_name` must also be provided.
|
533
|
+
Requires Vault 1.19+. *Available only for Vault Enterprise*.
|
534
|
+
:param pulumi.Input[str] assume_role_session_name: Specifies the session name to use when assuming the role.
|
535
|
+
If `assume_role_session_name` is provided, `assume_role_arn` must also be provided.
|
536
|
+
Requires Vault 1.19+. *Available only for Vault Enterprise*.
|
355
537
|
:param pulumi.Input[str] backend: The unique path this backend should be mounted at. Must
|
356
538
|
not begin or end with a `/`. Defaults to `aws`
|
539
|
+
:param pulumi.Input[str] external_id: Specifies the external ID to use when assuming the role.
|
540
|
+
Requires Vault 1.19+. *Available only for Vault Enterprise*.
|
357
541
|
:param pulumi.Input[str] name: The name to identify this role within the backend.
|
358
542
|
Must be unique within the backend.
|
359
543
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
@@ -367,13 +551,37 @@ class SecretBackendStaticRole(pulumi.CustomResource):
|
|
367
551
|
|
368
552
|
__props__ = _SecretBackendStaticRoleState.__new__(_SecretBackendStaticRoleState)
|
369
553
|
|
554
|
+
__props__.__dict__["assume_role_arn"] = assume_role_arn
|
555
|
+
__props__.__dict__["assume_role_session_name"] = assume_role_session_name
|
370
556
|
__props__.__dict__["backend"] = backend
|
557
|
+
__props__.__dict__["external_id"] = external_id
|
371
558
|
__props__.__dict__["name"] = name
|
372
559
|
__props__.__dict__["namespace"] = namespace
|
373
560
|
__props__.__dict__["rotation_period"] = rotation_period
|
374
561
|
__props__.__dict__["username"] = username
|
375
562
|
return SecretBackendStaticRole(resource_name, opts=opts, __props__=__props__)
|
376
563
|
|
564
|
+
@property
|
565
|
+
@pulumi.getter(name="assumeRoleArn")
|
566
|
+
def assume_role_arn(self) -> pulumi.Output[Optional[str]]:
|
567
|
+
"""
|
568
|
+
Specifies the ARN of the role that Vault should assume.
|
569
|
+
When provided, Vault will use AWS STS to assume this role and generate temporary credentials.
|
570
|
+
If `assume_role_arn` is provided, `assume_role_session_name` must also be provided.
|
571
|
+
Requires Vault 1.19+. *Available only for Vault Enterprise*.
|
572
|
+
"""
|
573
|
+
return pulumi.get(self, "assume_role_arn")
|
574
|
+
|
575
|
+
@property
|
576
|
+
@pulumi.getter(name="assumeRoleSessionName")
|
577
|
+
def assume_role_session_name(self) -> pulumi.Output[Optional[str]]:
|
578
|
+
"""
|
579
|
+
Specifies the session name to use when assuming the role.
|
580
|
+
If `assume_role_session_name` is provided, `assume_role_arn` must also be provided.
|
581
|
+
Requires Vault 1.19+. *Available only for Vault Enterprise*.
|
582
|
+
"""
|
583
|
+
return pulumi.get(self, "assume_role_session_name")
|
584
|
+
|
377
585
|
@property
|
378
586
|
@pulumi.getter
|
379
587
|
def backend(self) -> pulumi.Output[Optional[str]]:
|
@@ -383,6 +591,15 @@ class SecretBackendStaticRole(pulumi.CustomResource):
|
|
383
591
|
"""
|
384
592
|
return pulumi.get(self, "backend")
|
385
593
|
|
594
|
+
@property
|
595
|
+
@pulumi.getter(name="externalId")
|
596
|
+
def external_id(self) -> pulumi.Output[Optional[str]]:
|
597
|
+
"""
|
598
|
+
Specifies the external ID to use when assuming the role.
|
599
|
+
Requires Vault 1.19+. *Available only for Vault Enterprise*.
|
600
|
+
"""
|
601
|
+
return pulumi.get(self, "external_id")
|
602
|
+
|
386
603
|
@property
|
387
604
|
@pulumi.getter
|
388
605
|
def name(self) -> pulumi.Output[str]:
|