pulumi-vault 6.6.0a1741415971__py3-none-any.whl → 6.7.0a1741847926__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +8 -0
- pulumi_vault/aws/auth_backend_client.py +228 -4
- pulumi_vault/aws/secret_backend.py +266 -50
- pulumi_vault/aws/secret_backend_static_role.py +217 -0
- pulumi_vault/azure/auth_backend_config.py +257 -5
- pulumi_vault/azure/backend.py +249 -4
- pulumi_vault/database/_inputs.py +1692 -36
- pulumi_vault/database/outputs.py +1170 -18
- pulumi_vault/database/secret_backend_connection.py +220 -0
- pulumi_vault/database/secret_backend_static_role.py +143 -1
- pulumi_vault/database/secrets_mount.py +8 -0
- pulumi_vault/gcp/auth_backend.py +222 -2
- pulumi_vault/gcp/secret_backend.py +244 -4
- pulumi_vault/ldap/auth_backend.py +222 -2
- pulumi_vault/ldap/secret_backend.py +222 -2
- pulumi_vault/pkisecret/__init__.py +2 -0
- pulumi_vault/pkisecret/_inputs.py +0 -6
- pulumi_vault/pkisecret/backend_config_acme.py +47 -0
- pulumi_vault/pkisecret/backend_config_auto_tidy.py +1376 -0
- pulumi_vault/pkisecret/backend_config_cmpv2.py +61 -14
- pulumi_vault/pkisecret/get_backend_cert_metadata.py +277 -0
- pulumi_vault/pkisecret/get_backend_config_cmpv2.py +18 -1
- pulumi_vault/pkisecret/get_backend_issuer.py +114 -1
- pulumi_vault/pkisecret/outputs.py +0 -4
- pulumi_vault/pkisecret/secret_backend_cert.py +148 -7
- pulumi_vault/pkisecret/secret_backend_crl_config.py +54 -0
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +141 -0
- pulumi_vault/pkisecret/secret_backend_issuer.py +265 -0
- pulumi_vault/pkisecret/secret_backend_role.py +252 -3
- pulumi_vault/pkisecret/secret_backend_root_cert.py +423 -0
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +581 -3
- pulumi_vault/pkisecret/secret_backend_sign.py +94 -0
- pulumi_vault/pulumi-plugin.json +1 -1
- pulumi_vault/ssh/__init__.py +1 -0
- pulumi_vault/ssh/get_secret_backend_sign.py +294 -0
- pulumi_vault/terraformcloud/secret_role.py +7 -7
- pulumi_vault/transit/__init__.py +2 -0
- pulumi_vault/transit/get_sign.py +324 -0
- pulumi_vault/transit/get_verify.py +354 -0
- pulumi_vault/transit/secret_backend_key.py +162 -0
- {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0a1741847926.dist-info}/METADATA +1 -1
- {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0a1741847926.dist-info}/RECORD +44 -39
- {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0a1741847926.dist-info}/WHEEL +1 -1
- {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0a1741847926.dist-info}/top_level.txt +0 -0
@@ -22,18 +22,23 @@ class SecretBackendStaticRoleArgs:
|
|
22
22
|
backend: pulumi.Input[str],
|
23
23
|
db_name: pulumi.Input[str],
|
24
24
|
username: pulumi.Input[str],
|
25
|
+
credential_config: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
26
|
+
credential_type: Optional[pulumi.Input[str]] = None,
|
25
27
|
name: Optional[pulumi.Input[str]] = None,
|
26
28
|
namespace: Optional[pulumi.Input[str]] = None,
|
27
29
|
rotation_period: Optional[pulumi.Input[int]] = None,
|
28
30
|
rotation_schedule: Optional[pulumi.Input[str]] = None,
|
29
31
|
rotation_statements: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
30
32
|
rotation_window: Optional[pulumi.Input[int]] = None,
|
31
|
-
self_managed_password: Optional[pulumi.Input[str]] = None
|
33
|
+
self_managed_password: Optional[pulumi.Input[str]] = None,
|
34
|
+
skip_import_rotation: Optional[pulumi.Input[bool]] = None):
|
32
35
|
"""
|
33
36
|
The set of arguments for constructing a SecretBackendStaticRole resource.
|
34
37
|
:param pulumi.Input[str] backend: The unique name of the Vault mount to configure.
|
35
38
|
:param pulumi.Input[str] db_name: The unique name of the database connection to use for the static role.
|
36
39
|
:param pulumi.Input[str] username: The database username that this static role corresponds to.
|
40
|
+
:param pulumi.Input[str] credential_type: The credential type for the user, can be one of "password", "rsa_private_key" or "client_certificate".The configuration
|
41
|
+
can be done in `credential_config`.
|
37
42
|
:param pulumi.Input[str] name: A unique name to give the static role.
|
38
43
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
39
44
|
The value should not contain leading or trailing forward slashes.
|
@@ -52,10 +57,16 @@ class SecretBackendStaticRoleArgs:
|
|
52
57
|
:param pulumi.Input[str] self_managed_password: The password corresponding to the username in the database.
|
53
58
|
Required when using the Rootless Password Rotation workflow for static roles. Only enabled for
|
54
59
|
select DB engines (Postgres). Requires Vault 1.18+ Enterprise.
|
60
|
+
:param pulumi.Input[bool] skip_import_rotation: If set to true, Vault will skip the
|
61
|
+
initial secret rotation on import. Requires Vault 1.18+ Enterprise.
|
55
62
|
"""
|
56
63
|
pulumi.set(__self__, "backend", backend)
|
57
64
|
pulumi.set(__self__, "db_name", db_name)
|
58
65
|
pulumi.set(__self__, "username", username)
|
66
|
+
if credential_config is not None:
|
67
|
+
pulumi.set(__self__, "credential_config", credential_config)
|
68
|
+
if credential_type is not None:
|
69
|
+
pulumi.set(__self__, "credential_type", credential_type)
|
59
70
|
if name is not None:
|
60
71
|
pulumi.set(__self__, "name", name)
|
61
72
|
if namespace is not None:
|
@@ -70,6 +81,8 @@ class SecretBackendStaticRoleArgs:
|
|
70
81
|
pulumi.set(__self__, "rotation_window", rotation_window)
|
71
82
|
if self_managed_password is not None:
|
72
83
|
pulumi.set(__self__, "self_managed_password", self_managed_password)
|
84
|
+
if skip_import_rotation is not None:
|
85
|
+
pulumi.set(__self__, "skip_import_rotation", skip_import_rotation)
|
73
86
|
|
74
87
|
@property
|
75
88
|
@pulumi.getter
|
@@ -107,6 +120,28 @@ class SecretBackendStaticRoleArgs:
|
|
107
120
|
def username(self, value: pulumi.Input[str]):
|
108
121
|
pulumi.set(self, "username", value)
|
109
122
|
|
123
|
+
@property
|
124
|
+
@pulumi.getter(name="credentialConfig")
|
125
|
+
def credential_config(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
|
126
|
+
return pulumi.get(self, "credential_config")
|
127
|
+
|
128
|
+
@credential_config.setter
|
129
|
+
def credential_config(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
|
130
|
+
pulumi.set(self, "credential_config", value)
|
131
|
+
|
132
|
+
@property
|
133
|
+
@pulumi.getter(name="credentialType")
|
134
|
+
def credential_type(self) -> Optional[pulumi.Input[str]]:
|
135
|
+
"""
|
136
|
+
The credential type for the user, can be one of "password", "rsa_private_key" or "client_certificate".The configuration
|
137
|
+
can be done in `credential_config`.
|
138
|
+
"""
|
139
|
+
return pulumi.get(self, "credential_type")
|
140
|
+
|
141
|
+
@credential_type.setter
|
142
|
+
def credential_type(self, value: Optional[pulumi.Input[str]]):
|
143
|
+
pulumi.set(self, "credential_type", value)
|
144
|
+
|
110
145
|
@property
|
111
146
|
@pulumi.getter
|
112
147
|
def name(self) -> Optional[pulumi.Input[str]]:
|
@@ -202,11 +237,26 @@ class SecretBackendStaticRoleArgs:
|
|
202
237
|
def self_managed_password(self, value: Optional[pulumi.Input[str]]):
|
203
238
|
pulumi.set(self, "self_managed_password", value)
|
204
239
|
|
240
|
+
@property
|
241
|
+
@pulumi.getter(name="skipImportRotation")
|
242
|
+
def skip_import_rotation(self) -> Optional[pulumi.Input[bool]]:
|
243
|
+
"""
|
244
|
+
If set to true, Vault will skip the
|
245
|
+
initial secret rotation on import. Requires Vault 1.18+ Enterprise.
|
246
|
+
"""
|
247
|
+
return pulumi.get(self, "skip_import_rotation")
|
248
|
+
|
249
|
+
@skip_import_rotation.setter
|
250
|
+
def skip_import_rotation(self, value: Optional[pulumi.Input[bool]]):
|
251
|
+
pulumi.set(self, "skip_import_rotation", value)
|
252
|
+
|
205
253
|
|
206
254
|
@pulumi.input_type
|
207
255
|
class _SecretBackendStaticRoleState:
|
208
256
|
def __init__(__self__, *,
|
209
257
|
backend: Optional[pulumi.Input[str]] = None,
|
258
|
+
credential_config: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
259
|
+
credential_type: Optional[pulumi.Input[str]] = None,
|
210
260
|
db_name: Optional[pulumi.Input[str]] = None,
|
211
261
|
name: Optional[pulumi.Input[str]] = None,
|
212
262
|
namespace: Optional[pulumi.Input[str]] = None,
|
@@ -215,10 +265,13 @@ class _SecretBackendStaticRoleState:
|
|
215
265
|
rotation_statements: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
216
266
|
rotation_window: Optional[pulumi.Input[int]] = None,
|
217
267
|
self_managed_password: Optional[pulumi.Input[str]] = None,
|
268
|
+
skip_import_rotation: Optional[pulumi.Input[bool]] = None,
|
218
269
|
username: Optional[pulumi.Input[str]] = None):
|
219
270
|
"""
|
220
271
|
Input properties used for looking up and filtering SecretBackendStaticRole resources.
|
221
272
|
:param pulumi.Input[str] backend: The unique name of the Vault mount to configure.
|
273
|
+
:param pulumi.Input[str] credential_type: The credential type for the user, can be one of "password", "rsa_private_key" or "client_certificate".The configuration
|
274
|
+
can be done in `credential_config`.
|
222
275
|
:param pulumi.Input[str] db_name: The unique name of the database connection to use for the static role.
|
223
276
|
:param pulumi.Input[str] name: A unique name to give the static role.
|
224
277
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
@@ -238,10 +291,16 @@ class _SecretBackendStaticRoleState:
|
|
238
291
|
:param pulumi.Input[str] self_managed_password: The password corresponding to the username in the database.
|
239
292
|
Required when using the Rootless Password Rotation workflow for static roles. Only enabled for
|
240
293
|
select DB engines (Postgres). Requires Vault 1.18+ Enterprise.
|
294
|
+
:param pulumi.Input[bool] skip_import_rotation: If set to true, Vault will skip the
|
295
|
+
initial secret rotation on import. Requires Vault 1.18+ Enterprise.
|
241
296
|
:param pulumi.Input[str] username: The database username that this static role corresponds to.
|
242
297
|
"""
|
243
298
|
if backend is not None:
|
244
299
|
pulumi.set(__self__, "backend", backend)
|
300
|
+
if credential_config is not None:
|
301
|
+
pulumi.set(__self__, "credential_config", credential_config)
|
302
|
+
if credential_type is not None:
|
303
|
+
pulumi.set(__self__, "credential_type", credential_type)
|
245
304
|
if db_name is not None:
|
246
305
|
pulumi.set(__self__, "db_name", db_name)
|
247
306
|
if name is not None:
|
@@ -258,6 +317,8 @@ class _SecretBackendStaticRoleState:
|
|
258
317
|
pulumi.set(__self__, "rotation_window", rotation_window)
|
259
318
|
if self_managed_password is not None:
|
260
319
|
pulumi.set(__self__, "self_managed_password", self_managed_password)
|
320
|
+
if skip_import_rotation is not None:
|
321
|
+
pulumi.set(__self__, "skip_import_rotation", skip_import_rotation)
|
261
322
|
if username is not None:
|
262
323
|
pulumi.set(__self__, "username", username)
|
263
324
|
|
@@ -273,6 +334,28 @@ class _SecretBackendStaticRoleState:
|
|
273
334
|
def backend(self, value: Optional[pulumi.Input[str]]):
|
274
335
|
pulumi.set(self, "backend", value)
|
275
336
|
|
337
|
+
@property
|
338
|
+
@pulumi.getter(name="credentialConfig")
|
339
|
+
def credential_config(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
|
340
|
+
return pulumi.get(self, "credential_config")
|
341
|
+
|
342
|
+
@credential_config.setter
|
343
|
+
def credential_config(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
|
344
|
+
pulumi.set(self, "credential_config", value)
|
345
|
+
|
346
|
+
@property
|
347
|
+
@pulumi.getter(name="credentialType")
|
348
|
+
def credential_type(self) -> Optional[pulumi.Input[str]]:
|
349
|
+
"""
|
350
|
+
The credential type for the user, can be one of "password", "rsa_private_key" or "client_certificate".The configuration
|
351
|
+
can be done in `credential_config`.
|
352
|
+
"""
|
353
|
+
return pulumi.get(self, "credential_type")
|
354
|
+
|
355
|
+
@credential_type.setter
|
356
|
+
def credential_type(self, value: Optional[pulumi.Input[str]]):
|
357
|
+
pulumi.set(self, "credential_type", value)
|
358
|
+
|
276
359
|
@property
|
277
360
|
@pulumi.getter(name="dbName")
|
278
361
|
def db_name(self) -> Optional[pulumi.Input[str]]:
|
@@ -380,6 +463,19 @@ class _SecretBackendStaticRoleState:
|
|
380
463
|
def self_managed_password(self, value: Optional[pulumi.Input[str]]):
|
381
464
|
pulumi.set(self, "self_managed_password", value)
|
382
465
|
|
466
|
+
@property
|
467
|
+
@pulumi.getter(name="skipImportRotation")
|
468
|
+
def skip_import_rotation(self) -> Optional[pulumi.Input[bool]]:
|
469
|
+
"""
|
470
|
+
If set to true, Vault will skip the
|
471
|
+
initial secret rotation on import. Requires Vault 1.18+ Enterprise.
|
472
|
+
"""
|
473
|
+
return pulumi.get(self, "skip_import_rotation")
|
474
|
+
|
475
|
+
@skip_import_rotation.setter
|
476
|
+
def skip_import_rotation(self, value: Optional[pulumi.Input[bool]]):
|
477
|
+
pulumi.set(self, "skip_import_rotation", value)
|
478
|
+
|
383
479
|
@property
|
384
480
|
@pulumi.getter
|
385
481
|
def username(self) -> Optional[pulumi.Input[str]]:
|
@@ -399,6 +495,8 @@ class SecretBackendStaticRole(pulumi.CustomResource):
|
|
399
495
|
resource_name: str,
|
400
496
|
opts: Optional[pulumi.ResourceOptions] = None,
|
401
497
|
backend: Optional[pulumi.Input[str]] = None,
|
498
|
+
credential_config: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
499
|
+
credential_type: Optional[pulumi.Input[str]] = None,
|
402
500
|
db_name: Optional[pulumi.Input[str]] = None,
|
403
501
|
name: Optional[pulumi.Input[str]] = None,
|
404
502
|
namespace: Optional[pulumi.Input[str]] = None,
|
@@ -407,6 +505,7 @@ class SecretBackendStaticRole(pulumi.CustomResource):
|
|
407
505
|
rotation_statements: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
408
506
|
rotation_window: Optional[pulumi.Input[int]] = None,
|
409
507
|
self_managed_password: Optional[pulumi.Input[str]] = None,
|
508
|
+
skip_import_rotation: Optional[pulumi.Input[bool]] = None,
|
410
509
|
username: Optional[pulumi.Input[str]] = None,
|
411
510
|
__props__=None):
|
412
511
|
"""
|
@@ -460,6 +559,8 @@ class SecretBackendStaticRole(pulumi.CustomResource):
|
|
460
559
|
:param str resource_name: The name of the resource.
|
461
560
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
462
561
|
:param pulumi.Input[str] backend: The unique name of the Vault mount to configure.
|
562
|
+
:param pulumi.Input[str] credential_type: The credential type for the user, can be one of "password", "rsa_private_key" or "client_certificate".The configuration
|
563
|
+
can be done in `credential_config`.
|
463
564
|
:param pulumi.Input[str] db_name: The unique name of the database connection to use for the static role.
|
464
565
|
:param pulumi.Input[str] name: A unique name to give the static role.
|
465
566
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
@@ -479,6 +580,8 @@ class SecretBackendStaticRole(pulumi.CustomResource):
|
|
479
580
|
:param pulumi.Input[str] self_managed_password: The password corresponding to the username in the database.
|
480
581
|
Required when using the Rootless Password Rotation workflow for static roles. Only enabled for
|
481
582
|
select DB engines (Postgres). Requires Vault 1.18+ Enterprise.
|
583
|
+
:param pulumi.Input[bool] skip_import_rotation: If set to true, Vault will skip the
|
584
|
+
initial secret rotation on import. Requires Vault 1.18+ Enterprise.
|
482
585
|
:param pulumi.Input[str] username: The database username that this static role corresponds to.
|
483
586
|
"""
|
484
587
|
...
|
@@ -551,6 +654,8 @@ class SecretBackendStaticRole(pulumi.CustomResource):
|
|
551
654
|
resource_name: str,
|
552
655
|
opts: Optional[pulumi.ResourceOptions] = None,
|
553
656
|
backend: Optional[pulumi.Input[str]] = None,
|
657
|
+
credential_config: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
658
|
+
credential_type: Optional[pulumi.Input[str]] = None,
|
554
659
|
db_name: Optional[pulumi.Input[str]] = None,
|
555
660
|
name: Optional[pulumi.Input[str]] = None,
|
556
661
|
namespace: Optional[pulumi.Input[str]] = None,
|
@@ -559,6 +664,7 @@ class SecretBackendStaticRole(pulumi.CustomResource):
|
|
559
664
|
rotation_statements: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
560
665
|
rotation_window: Optional[pulumi.Input[int]] = None,
|
561
666
|
self_managed_password: Optional[pulumi.Input[str]] = None,
|
667
|
+
skip_import_rotation: Optional[pulumi.Input[bool]] = None,
|
562
668
|
username: Optional[pulumi.Input[str]] = None,
|
563
669
|
__props__=None):
|
564
670
|
opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
|
@@ -572,6 +678,8 @@ class SecretBackendStaticRole(pulumi.CustomResource):
|
|
572
678
|
if backend is None and not opts.urn:
|
573
679
|
raise TypeError("Missing required property 'backend'")
|
574
680
|
__props__.__dict__["backend"] = backend
|
681
|
+
__props__.__dict__["credential_config"] = credential_config
|
682
|
+
__props__.__dict__["credential_type"] = credential_type
|
575
683
|
if db_name is None and not opts.urn:
|
576
684
|
raise TypeError("Missing required property 'db_name'")
|
577
685
|
__props__.__dict__["db_name"] = db_name
|
@@ -582,6 +690,7 @@ class SecretBackendStaticRole(pulumi.CustomResource):
|
|
582
690
|
__props__.__dict__["rotation_statements"] = rotation_statements
|
583
691
|
__props__.__dict__["rotation_window"] = rotation_window
|
584
692
|
__props__.__dict__["self_managed_password"] = None if self_managed_password is None else pulumi.Output.secret(self_managed_password)
|
693
|
+
__props__.__dict__["skip_import_rotation"] = skip_import_rotation
|
585
694
|
if username is None and not opts.urn:
|
586
695
|
raise TypeError("Missing required property 'username'")
|
587
696
|
__props__.__dict__["username"] = username
|
@@ -598,6 +707,8 @@ class SecretBackendStaticRole(pulumi.CustomResource):
|
|
598
707
|
id: pulumi.Input[str],
|
599
708
|
opts: Optional[pulumi.ResourceOptions] = None,
|
600
709
|
backend: Optional[pulumi.Input[str]] = None,
|
710
|
+
credential_config: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
711
|
+
credential_type: Optional[pulumi.Input[str]] = None,
|
601
712
|
db_name: Optional[pulumi.Input[str]] = None,
|
602
713
|
name: Optional[pulumi.Input[str]] = None,
|
603
714
|
namespace: Optional[pulumi.Input[str]] = None,
|
@@ -606,6 +717,7 @@ class SecretBackendStaticRole(pulumi.CustomResource):
|
|
606
717
|
rotation_statements: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
607
718
|
rotation_window: Optional[pulumi.Input[int]] = None,
|
608
719
|
self_managed_password: Optional[pulumi.Input[str]] = None,
|
720
|
+
skip_import_rotation: Optional[pulumi.Input[bool]] = None,
|
609
721
|
username: Optional[pulumi.Input[str]] = None) -> 'SecretBackendStaticRole':
|
610
722
|
"""
|
611
723
|
Get an existing SecretBackendStaticRole resource's state with the given name, id, and optional extra
|
@@ -615,6 +727,8 @@ class SecretBackendStaticRole(pulumi.CustomResource):
|
|
615
727
|
:param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
|
616
728
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
617
729
|
:param pulumi.Input[str] backend: The unique name of the Vault mount to configure.
|
730
|
+
:param pulumi.Input[str] credential_type: The credential type for the user, can be one of "password", "rsa_private_key" or "client_certificate".The configuration
|
731
|
+
can be done in `credential_config`.
|
618
732
|
:param pulumi.Input[str] db_name: The unique name of the database connection to use for the static role.
|
619
733
|
:param pulumi.Input[str] name: A unique name to give the static role.
|
620
734
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
@@ -634,6 +748,8 @@ class SecretBackendStaticRole(pulumi.CustomResource):
|
|
634
748
|
:param pulumi.Input[str] self_managed_password: The password corresponding to the username in the database.
|
635
749
|
Required when using the Rootless Password Rotation workflow for static roles. Only enabled for
|
636
750
|
select DB engines (Postgres). Requires Vault 1.18+ Enterprise.
|
751
|
+
:param pulumi.Input[bool] skip_import_rotation: If set to true, Vault will skip the
|
752
|
+
initial secret rotation on import. Requires Vault 1.18+ Enterprise.
|
637
753
|
:param pulumi.Input[str] username: The database username that this static role corresponds to.
|
638
754
|
"""
|
639
755
|
opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
|
@@ -641,6 +757,8 @@ class SecretBackendStaticRole(pulumi.CustomResource):
|
|
641
757
|
__props__ = _SecretBackendStaticRoleState.__new__(_SecretBackendStaticRoleState)
|
642
758
|
|
643
759
|
__props__.__dict__["backend"] = backend
|
760
|
+
__props__.__dict__["credential_config"] = credential_config
|
761
|
+
__props__.__dict__["credential_type"] = credential_type
|
644
762
|
__props__.__dict__["db_name"] = db_name
|
645
763
|
__props__.__dict__["name"] = name
|
646
764
|
__props__.__dict__["namespace"] = namespace
|
@@ -649,6 +767,7 @@ class SecretBackendStaticRole(pulumi.CustomResource):
|
|
649
767
|
__props__.__dict__["rotation_statements"] = rotation_statements
|
650
768
|
__props__.__dict__["rotation_window"] = rotation_window
|
651
769
|
__props__.__dict__["self_managed_password"] = self_managed_password
|
770
|
+
__props__.__dict__["skip_import_rotation"] = skip_import_rotation
|
652
771
|
__props__.__dict__["username"] = username
|
653
772
|
return SecretBackendStaticRole(resource_name, opts=opts, __props__=__props__)
|
654
773
|
|
@@ -660,6 +779,20 @@ class SecretBackendStaticRole(pulumi.CustomResource):
|
|
660
779
|
"""
|
661
780
|
return pulumi.get(self, "backend")
|
662
781
|
|
782
|
+
@property
|
783
|
+
@pulumi.getter(name="credentialConfig")
|
784
|
+
def credential_config(self) -> pulumi.Output[Optional[Mapping[str, str]]]:
|
785
|
+
return pulumi.get(self, "credential_config")
|
786
|
+
|
787
|
+
@property
|
788
|
+
@pulumi.getter(name="credentialType")
|
789
|
+
def credential_type(self) -> pulumi.Output[str]:
|
790
|
+
"""
|
791
|
+
The credential type for the user, can be one of "password", "rsa_private_key" or "client_certificate".The configuration
|
792
|
+
can be done in `credential_config`.
|
793
|
+
"""
|
794
|
+
return pulumi.get(self, "credential_type")
|
795
|
+
|
663
796
|
@property
|
664
797
|
@pulumi.getter(name="dbName")
|
665
798
|
def db_name(self) -> pulumi.Output[str]:
|
@@ -735,6 +868,15 @@ class SecretBackendStaticRole(pulumi.CustomResource):
|
|
735
868
|
"""
|
736
869
|
return pulumi.get(self, "self_managed_password")
|
737
870
|
|
871
|
+
@property
|
872
|
+
@pulumi.getter(name="skipImportRotation")
|
873
|
+
def skip_import_rotation(self) -> pulumi.Output[Optional[bool]]:
|
874
|
+
"""
|
875
|
+
If set to true, Vault will skip the
|
876
|
+
initial secret rotation on import. Requires Vault 1.18+ Enterprise.
|
877
|
+
"""
|
878
|
+
return pulumi.get(self, "skip_import_rotation")
|
879
|
+
|
738
880
|
@property
|
739
881
|
@pulumi.getter
|
740
882
|
def username(self) -> pulumi.Output[str]:
|
@@ -1354,6 +1354,8 @@ class SecretsMount(pulumi.CustomResource):
|
|
1354
1354
|
"password": "super_secret_1",
|
1355
1355
|
"connection_url": "sqlserver://{{username}}:{{password}}@127.0.0.1:1433",
|
1356
1356
|
"allowed_roles": ["dev1"],
|
1357
|
+
"rotation_schedule": "0 * * * SAT",
|
1358
|
+
"rotation_window": 3600,
|
1357
1359
|
}],
|
1358
1360
|
postgresqls=[{
|
1359
1361
|
"name": "db2",
|
@@ -1362,6 +1364,8 @@ class SecretsMount(pulumi.CustomResource):
|
|
1362
1364
|
"connection_url": "postgresql://{{username}}:{{password}}@127.0.0.1:5432/postgres",
|
1363
1365
|
"verify_connection": True,
|
1364
1366
|
"allowed_roles": ["dev2"],
|
1367
|
+
"rotation_schedule": "0 * * * SAT",
|
1368
|
+
"rotation_window": 3600,
|
1365
1369
|
}])
|
1366
1370
|
dev1 = vault.database.SecretBackendRole("dev1",
|
1367
1371
|
name="dev1",
|
@@ -1470,6 +1474,8 @@ class SecretsMount(pulumi.CustomResource):
|
|
1470
1474
|
"password": "super_secret_1",
|
1471
1475
|
"connection_url": "sqlserver://{{username}}:{{password}}@127.0.0.1:1433",
|
1472
1476
|
"allowed_roles": ["dev1"],
|
1477
|
+
"rotation_schedule": "0 * * * SAT",
|
1478
|
+
"rotation_window": 3600,
|
1473
1479
|
}],
|
1474
1480
|
postgresqls=[{
|
1475
1481
|
"name": "db2",
|
@@ -1478,6 +1484,8 @@ class SecretsMount(pulumi.CustomResource):
|
|
1478
1484
|
"connection_url": "postgresql://{{username}}:{{password}}@127.0.0.1:5432/postgres",
|
1479
1485
|
"verify_connection": True,
|
1480
1486
|
"allowed_roles": ["dev2"],
|
1487
|
+
"rotation_schedule": "0 * * * SAT",
|
1488
|
+
"rotation_window": 3600,
|
1481
1489
|
}])
|
1482
1490
|
dev1 = vault.database.SecretBackendRole("dev1",
|
1483
1491
|
name="dev1",
|