pulumi-vault 6.6.0a1741836364__py3-none-any.whl → 6.7.0__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +1 -0
- pulumi_vault/_inputs.py +583 -562
- pulumi_vault/ad/__init__.py +1 -0
- pulumi_vault/ad/get_access_credentials.py +20 -19
- pulumi_vault/ad/secret_backend.py +477 -476
- pulumi_vault/ad/secret_library.py +99 -98
- pulumi_vault/ad/secret_role.py +85 -84
- pulumi_vault/alicloud/__init__.py +1 -0
- pulumi_vault/alicloud/auth_backend_role.py +183 -182
- pulumi_vault/approle/__init__.py +1 -0
- pulumi_vault/approle/auth_backend_login.py +106 -105
- pulumi_vault/approle/auth_backend_role.py +239 -238
- pulumi_vault/approle/auth_backend_role_secret_id.py +162 -161
- pulumi_vault/approle/get_auth_backend_role_id.py +18 -17
- pulumi_vault/audit.py +85 -84
- pulumi_vault/audit_request_header.py +43 -42
- pulumi_vault/auth_backend.py +106 -105
- pulumi_vault/aws/__init__.py +1 -0
- pulumi_vault/aws/auth_backend_cert.py +71 -70
- pulumi_vault/aws/auth_backend_client.py +253 -252
- pulumi_vault/aws/auth_backend_config_identity.py +85 -84
- pulumi_vault/aws/auth_backend_identity_whitelist.py +57 -56
- pulumi_vault/aws/auth_backend_login.py +209 -208
- pulumi_vault/aws/auth_backend_role.py +400 -399
- pulumi_vault/aws/auth_backend_role_tag.py +127 -126
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +57 -56
- pulumi_vault/aws/auth_backend_sts_role.py +71 -70
- pulumi_vault/aws/get_access_credentials.py +44 -43
- pulumi_vault/aws/get_static_access_credentials.py +13 -12
- pulumi_vault/aws/secret_backend.py +337 -336
- pulumi_vault/aws/secret_backend_role.py +211 -210
- pulumi_vault/aws/secret_backend_static_role.py +113 -112
- pulumi_vault/azure/__init__.py +1 -0
- pulumi_vault/azure/_inputs.py +21 -20
- pulumi_vault/azure/auth_backend_config.py +183 -182
- pulumi_vault/azure/auth_backend_role.py +253 -252
- pulumi_vault/azure/backend.py +239 -238
- pulumi_vault/azure/backend_role.py +188 -140
- pulumi_vault/azure/get_access_credentials.py +58 -57
- pulumi_vault/azure/outputs.py +11 -10
- pulumi_vault/cert_auth_backend_role.py +365 -364
- pulumi_vault/config/__init__.py +1 -0
- pulumi_vault/config/__init__.pyi +1 -0
- pulumi_vault/config/_inputs.py +11 -10
- pulumi_vault/config/outputs.py +287 -286
- pulumi_vault/config/ui_custom_message.py +113 -112
- pulumi_vault/config/vars.py +1 -0
- pulumi_vault/consul/__init__.py +1 -0
- pulumi_vault/consul/secret_backend.py +197 -196
- pulumi_vault/consul/secret_backend_role.py +183 -182
- pulumi_vault/database/__init__.py +1 -0
- pulumi_vault/database/_inputs.py +2525 -2524
- pulumi_vault/database/outputs.py +1529 -1528
- pulumi_vault/database/secret_backend_connection.py +169 -168
- pulumi_vault/database/secret_backend_role.py +169 -168
- pulumi_vault/database/secret_backend_static_role.py +179 -178
- pulumi_vault/database/secrets_mount.py +267 -266
- pulumi_vault/egp_policy.py +71 -70
- pulumi_vault/gcp/__init__.py +1 -0
- pulumi_vault/gcp/_inputs.py +82 -81
- pulumi_vault/gcp/auth_backend.py +260 -259
- pulumi_vault/gcp/auth_backend_role.py +281 -280
- pulumi_vault/gcp/get_auth_backend_role.py +70 -69
- pulumi_vault/gcp/outputs.py +50 -49
- pulumi_vault/gcp/secret_backend.py +232 -231
- pulumi_vault/gcp/secret_impersonated_account.py +92 -91
- pulumi_vault/gcp/secret_roleset.py +92 -91
- pulumi_vault/gcp/secret_static_account.py +92 -91
- pulumi_vault/generic/__init__.py +1 -0
- pulumi_vault/generic/endpoint.py +113 -112
- pulumi_vault/generic/get_secret.py +28 -27
- pulumi_vault/generic/secret.py +78 -77
- pulumi_vault/get_auth_backend.py +19 -18
- pulumi_vault/get_auth_backends.py +14 -13
- pulumi_vault/get_namespace.py +15 -14
- pulumi_vault/get_namespaces.py +68 -18
- pulumi_vault/get_nomad_access_token.py +19 -18
- pulumi_vault/get_policy_document.py +6 -5
- pulumi_vault/get_raft_autopilot_state.py +18 -17
- pulumi_vault/github/__init__.py +1 -0
- pulumi_vault/github/_inputs.py +42 -41
- pulumi_vault/github/auth_backend.py +232 -231
- pulumi_vault/github/outputs.py +26 -25
- pulumi_vault/github/team.py +57 -56
- pulumi_vault/github/user.py +57 -56
- pulumi_vault/identity/__init__.py +1 -0
- pulumi_vault/identity/entity.py +85 -84
- pulumi_vault/identity/entity_alias.py +71 -70
- pulumi_vault/identity/entity_policies.py +64 -63
- pulumi_vault/identity/get_entity.py +43 -42
- pulumi_vault/identity/get_group.py +50 -49
- pulumi_vault/identity/get_oidc_client_creds.py +14 -13
- pulumi_vault/identity/get_oidc_openid_config.py +24 -23
- pulumi_vault/identity/get_oidc_public_keys.py +13 -12
- pulumi_vault/identity/group.py +141 -140
- pulumi_vault/identity/group_alias.py +57 -56
- pulumi_vault/identity/group_member_entity_ids.py +57 -56
- pulumi_vault/identity/group_member_group_ids.py +57 -56
- pulumi_vault/identity/group_policies.py +64 -63
- pulumi_vault/identity/mfa_duo.py +148 -147
- pulumi_vault/identity/mfa_login_enforcement.py +120 -119
- pulumi_vault/identity/mfa_okta.py +134 -133
- pulumi_vault/identity/mfa_pingid.py +127 -126
- pulumi_vault/identity/mfa_totp.py +176 -175
- pulumi_vault/identity/oidc.py +29 -28
- pulumi_vault/identity/oidc_assignment.py +57 -56
- pulumi_vault/identity/oidc_client.py +127 -126
- pulumi_vault/identity/oidc_key.py +85 -84
- pulumi_vault/identity/oidc_key_allowed_client_id.py +43 -42
- pulumi_vault/identity/oidc_provider.py +92 -91
- pulumi_vault/identity/oidc_role.py +85 -84
- pulumi_vault/identity/oidc_scope.py +57 -56
- pulumi_vault/identity/outputs.py +32 -31
- pulumi_vault/jwt/__init__.py +1 -0
- pulumi_vault/jwt/_inputs.py +42 -41
- pulumi_vault/jwt/auth_backend.py +288 -287
- pulumi_vault/jwt/auth_backend_role.py +407 -406
- pulumi_vault/jwt/outputs.py +26 -25
- pulumi_vault/kmip/__init__.py +1 -0
- pulumi_vault/kmip/secret_backend.py +183 -182
- pulumi_vault/kmip/secret_role.py +295 -294
- pulumi_vault/kmip/secret_scope.py +57 -56
- pulumi_vault/kubernetes/__init__.py +1 -0
- pulumi_vault/kubernetes/auth_backend_config.py +141 -140
- pulumi_vault/kubernetes/auth_backend_role.py +225 -224
- pulumi_vault/kubernetes/get_auth_backend_config.py +47 -46
- pulumi_vault/kubernetes/get_auth_backend_role.py +70 -69
- pulumi_vault/kubernetes/get_service_account_token.py +38 -37
- pulumi_vault/kubernetes/secret_backend.py +316 -315
- pulumi_vault/kubernetes/secret_backend_role.py +197 -196
- pulumi_vault/kv/__init__.py +1 -0
- pulumi_vault/kv/_inputs.py +21 -20
- pulumi_vault/kv/get_secret.py +17 -16
- pulumi_vault/kv/get_secret_subkeys_v2.py +30 -29
- pulumi_vault/kv/get_secret_v2.py +29 -28
- pulumi_vault/kv/get_secrets_list.py +13 -12
- pulumi_vault/kv/get_secrets_list_v2.py +19 -18
- pulumi_vault/kv/outputs.py +13 -12
- pulumi_vault/kv/secret.py +50 -49
- pulumi_vault/kv/secret_backend_v2.py +71 -70
- pulumi_vault/kv/secret_v2.py +134 -133
- pulumi_vault/ldap/__init__.py +1 -0
- pulumi_vault/ldap/auth_backend.py +588 -587
- pulumi_vault/ldap/auth_backend_group.py +57 -56
- pulumi_vault/ldap/auth_backend_user.py +71 -70
- pulumi_vault/ldap/get_dynamic_credentials.py +17 -16
- pulumi_vault/ldap/get_static_credentials.py +18 -17
- pulumi_vault/ldap/secret_backend.py +554 -553
- pulumi_vault/ldap/secret_backend_dynamic_role.py +127 -126
- pulumi_vault/ldap/secret_backend_library_set.py +99 -98
- pulumi_vault/ldap/secret_backend_static_role.py +99 -98
- pulumi_vault/managed/__init__.py +1 -0
- pulumi_vault/managed/_inputs.py +229 -228
- pulumi_vault/managed/keys.py +15 -14
- pulumi_vault/managed/outputs.py +139 -138
- pulumi_vault/mfa_duo.py +113 -112
- pulumi_vault/mfa_okta.py +113 -112
- pulumi_vault/mfa_pingid.py +120 -119
- pulumi_vault/mfa_totp.py +127 -126
- pulumi_vault/mongodbatlas/__init__.py +1 -0
- pulumi_vault/mongodbatlas/secret_backend.py +64 -63
- pulumi_vault/mongodbatlas/secret_role.py +155 -154
- pulumi_vault/mount.py +274 -273
- pulumi_vault/namespace.py +64 -63
- pulumi_vault/nomad_secret_backend.py +211 -210
- pulumi_vault/nomad_secret_role.py +85 -84
- pulumi_vault/okta/__init__.py +1 -0
- pulumi_vault/okta/_inputs.py +26 -25
- pulumi_vault/okta/auth_backend.py +274 -273
- pulumi_vault/okta/auth_backend_group.py +57 -56
- pulumi_vault/okta/auth_backend_user.py +71 -70
- pulumi_vault/okta/outputs.py +16 -15
- pulumi_vault/outputs.py +73 -60
- pulumi_vault/password_policy.py +43 -42
- pulumi_vault/pkisecret/__init__.py +1 -0
- pulumi_vault/pkisecret/_inputs.py +31 -30
- pulumi_vault/pkisecret/backend_acme_eab.py +92 -91
- pulumi_vault/pkisecret/backend_config_acme.py +141 -140
- pulumi_vault/pkisecret/backend_config_auto_tidy.py +323 -322
- pulumi_vault/pkisecret/backend_config_cluster.py +57 -56
- pulumi_vault/pkisecret/backend_config_cmpv2.py +106 -105
- pulumi_vault/pkisecret/backend_config_est.py +120 -119
- pulumi_vault/pkisecret/get_backend_cert_metadata.py +22 -21
- pulumi_vault/pkisecret/get_backend_config_cmpv2.py +22 -21
- pulumi_vault/pkisecret/get_backend_config_est.py +19 -18
- pulumi_vault/pkisecret/get_backend_issuer.py +45 -44
- pulumi_vault/pkisecret/get_backend_issuers.py +15 -14
- pulumi_vault/pkisecret/get_backend_key.py +20 -19
- pulumi_vault/pkisecret/get_backend_keys.py +15 -14
- pulumi_vault/pkisecret/outputs.py +28 -27
- pulumi_vault/pkisecret/secret_backend_cert.py +337 -336
- pulumi_vault/pkisecret/secret_backend_config_ca.py +43 -42
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +57 -56
- pulumi_vault/pkisecret/secret_backend_config_urls.py +85 -84
- pulumi_vault/pkisecret/secret_backend_crl_config.py +197 -196
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +421 -420
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +57 -56
- pulumi_vault/pkisecret/secret_backend_issuer.py +232 -231
- pulumi_vault/pkisecret/secret_backend_key.py +120 -119
- pulumi_vault/pkisecret/secret_backend_role.py +715 -714
- pulumi_vault/pkisecret/secret_backend_root_cert.py +554 -553
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +526 -525
- pulumi_vault/pkisecret/secret_backend_sign.py +281 -280
- pulumi_vault/plugin.py +127 -126
- pulumi_vault/plugin_pinned_version.py +43 -42
- pulumi_vault/policy.py +43 -42
- pulumi_vault/provider.py +120 -119
- pulumi_vault/pulumi-plugin.json +1 -1
- pulumi_vault/quota_lease_count.py +85 -84
- pulumi_vault/quota_rate_limit.py +113 -112
- pulumi_vault/rabbitmq/__init__.py +1 -0
- pulumi_vault/rabbitmq/_inputs.py +41 -40
- pulumi_vault/rabbitmq/outputs.py +25 -24
- pulumi_vault/rabbitmq/secret_backend.py +169 -168
- pulumi_vault/rabbitmq/secret_backend_role.py +57 -56
- pulumi_vault/raft_autopilot.py +113 -112
- pulumi_vault/raft_snapshot_agent_config.py +393 -392
- pulumi_vault/rgp_policy.py +57 -56
- pulumi_vault/saml/__init__.py +1 -0
- pulumi_vault/saml/auth_backend.py +155 -154
- pulumi_vault/saml/auth_backend_role.py +239 -238
- pulumi_vault/secrets/__init__.py +1 -0
- pulumi_vault/secrets/_inputs.py +16 -15
- pulumi_vault/secrets/outputs.py +10 -9
- pulumi_vault/secrets/sync_association.py +71 -70
- pulumi_vault/secrets/sync_aws_destination.py +148 -147
- pulumi_vault/secrets/sync_azure_destination.py +148 -147
- pulumi_vault/secrets/sync_config.py +43 -42
- pulumi_vault/secrets/sync_gcp_destination.py +106 -105
- pulumi_vault/secrets/sync_gh_destination.py +134 -133
- pulumi_vault/secrets/sync_github_apps.py +64 -63
- pulumi_vault/secrets/sync_vercel_destination.py +120 -119
- pulumi_vault/ssh/__init__.py +1 -0
- pulumi_vault/ssh/_inputs.py +11 -10
- pulumi_vault/ssh/get_secret_backend_sign.py +52 -51
- pulumi_vault/ssh/outputs.py +7 -6
- pulumi_vault/ssh/secret_backend_ca.py +99 -98
- pulumi_vault/ssh/secret_backend_role.py +365 -364
- pulumi_vault/terraformcloud/__init__.py +1 -0
- pulumi_vault/terraformcloud/secret_backend.py +111 -110
- pulumi_vault/terraformcloud/secret_creds.py +74 -73
- pulumi_vault/terraformcloud/secret_role.py +93 -92
- pulumi_vault/token.py +246 -245
- pulumi_vault/tokenauth/__init__.py +1 -0
- pulumi_vault/tokenauth/auth_backend_role.py +267 -266
- pulumi_vault/transform/__init__.py +1 -0
- pulumi_vault/transform/alphabet.py +57 -56
- pulumi_vault/transform/get_decode.py +47 -46
- pulumi_vault/transform/get_encode.py +47 -46
- pulumi_vault/transform/role.py +57 -56
- pulumi_vault/transform/template.py +113 -112
- pulumi_vault/transform/transformation.py +141 -140
- pulumi_vault/transit/__init__.py +1 -0
- pulumi_vault/transit/get_decrypt.py +18 -17
- pulumi_vault/transit/get_encrypt.py +21 -20
- pulumi_vault/transit/get_sign.py +54 -53
- pulumi_vault/transit/get_verify.py +60 -59
- pulumi_vault/transit/secret_backend_key.py +274 -273
- pulumi_vault/transit/secret_cache_config.py +43 -42
- {pulumi_vault-6.6.0a1741836364.dist-info → pulumi_vault-6.7.0.dist-info}/METADATA +2 -2
- pulumi_vault-6.7.0.dist-info/RECORD +265 -0
- {pulumi_vault-6.6.0a1741836364.dist-info → pulumi_vault-6.7.0.dist-info}/WHEEL +1 -1
- pulumi_vault-6.6.0a1741836364.dist-info/RECORD +0 -265
- {pulumi_vault-6.6.0a1741836364.dist-info → pulumi_vault-6.7.0.dist-info}/top_level.txt +0 -0
@@ -2,6 +2,7 @@
|
|
2
2
|
# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
|
3
3
|
# *** Do not edit by hand unless you're certain you know what you are doing! ***
|
4
4
|
|
5
|
+
import builtins
|
5
6
|
import copy
|
6
7
|
import warnings
|
7
8
|
import sys
|
@@ -19,101 +20,101 @@ __all__ = ['SecretBackendArgs', 'SecretBackend']
|
|
19
20
|
@pulumi.input_type
|
20
21
|
class SecretBackendArgs:
|
21
22
|
def __init__(__self__, *,
|
22
|
-
binddn: pulumi.Input[str],
|
23
|
-
bindpass: pulumi.Input[str],
|
24
|
-
allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
25
|
-
allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
26
|
-
audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
27
|
-
audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
28
|
-
certificate: Optional[pulumi.Input[str]] = None,
|
29
|
-
client_tls_cert: Optional[pulumi.Input[str]] = None,
|
30
|
-
client_tls_key: Optional[pulumi.Input[str]] = None,
|
31
|
-
connection_timeout: Optional[pulumi.Input[int]] = None,
|
32
|
-
default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
33
|
-
delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
34
|
-
description: Optional[pulumi.Input[str]] = None,
|
35
|
-
disable_automated_rotation: Optional[pulumi.Input[bool]] = None,
|
36
|
-
disable_remount: Optional[pulumi.Input[bool]] = None,
|
37
|
-
external_entropy_access: Optional[pulumi.Input[bool]] = None,
|
38
|
-
identity_token_key: Optional[pulumi.Input[str]] = None,
|
39
|
-
insecure_tls: Optional[pulumi.Input[bool]] = None,
|
40
|
-
listing_visibility: Optional[pulumi.Input[str]] = None,
|
41
|
-
local: Optional[pulumi.Input[bool]] = None,
|
42
|
-
max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
43
|
-
namespace: Optional[pulumi.Input[str]] = None,
|
44
|
-
options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
45
|
-
passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
46
|
-
password_policy: Optional[pulumi.Input[str]] = None,
|
47
|
-
path: Optional[pulumi.Input[str]] = None,
|
48
|
-
plugin_version: Optional[pulumi.Input[str]] = None,
|
49
|
-
request_timeout: Optional[pulumi.Input[int]] = None,
|
50
|
-
rotation_period: Optional[pulumi.Input[int]] = None,
|
51
|
-
rotation_schedule: Optional[pulumi.Input[str]] = None,
|
52
|
-
rotation_window: Optional[pulumi.Input[int]] = None,
|
53
|
-
schema: Optional[pulumi.Input[str]] = None,
|
54
|
-
seal_wrap: Optional[pulumi.Input[bool]] = None,
|
55
|
-
skip_static_role_import_rotation: Optional[pulumi.Input[bool]] = None,
|
56
|
-
starttls: Optional[pulumi.Input[bool]] = None,
|
57
|
-
upndomain: Optional[pulumi.Input[str]] = None,
|
58
|
-
url: Optional[pulumi.Input[str]] = None,
|
59
|
-
userattr: Optional[pulumi.Input[str]] = None,
|
60
|
-
userdn: Optional[pulumi.Input[str]] = None):
|
23
|
+
binddn: pulumi.Input[builtins.str],
|
24
|
+
bindpass: pulumi.Input[builtins.str],
|
25
|
+
allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
26
|
+
allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
27
|
+
audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
28
|
+
audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
29
|
+
certificate: Optional[pulumi.Input[builtins.str]] = None,
|
30
|
+
client_tls_cert: Optional[pulumi.Input[builtins.str]] = None,
|
31
|
+
client_tls_key: Optional[pulumi.Input[builtins.str]] = None,
|
32
|
+
connection_timeout: Optional[pulumi.Input[builtins.int]] = None,
|
33
|
+
default_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
|
34
|
+
delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
35
|
+
description: Optional[pulumi.Input[builtins.str]] = None,
|
36
|
+
disable_automated_rotation: Optional[pulumi.Input[builtins.bool]] = None,
|
37
|
+
disable_remount: Optional[pulumi.Input[builtins.bool]] = None,
|
38
|
+
external_entropy_access: Optional[pulumi.Input[builtins.bool]] = None,
|
39
|
+
identity_token_key: Optional[pulumi.Input[builtins.str]] = None,
|
40
|
+
insecure_tls: Optional[pulumi.Input[builtins.bool]] = None,
|
41
|
+
listing_visibility: Optional[pulumi.Input[builtins.str]] = None,
|
42
|
+
local: Optional[pulumi.Input[builtins.bool]] = None,
|
43
|
+
max_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
|
44
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
45
|
+
options: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
|
46
|
+
passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
47
|
+
password_policy: Optional[pulumi.Input[builtins.str]] = None,
|
48
|
+
path: Optional[pulumi.Input[builtins.str]] = None,
|
49
|
+
plugin_version: Optional[pulumi.Input[builtins.str]] = None,
|
50
|
+
request_timeout: Optional[pulumi.Input[builtins.int]] = None,
|
51
|
+
rotation_period: Optional[pulumi.Input[builtins.int]] = None,
|
52
|
+
rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
|
53
|
+
rotation_window: Optional[pulumi.Input[builtins.int]] = None,
|
54
|
+
schema: Optional[pulumi.Input[builtins.str]] = None,
|
55
|
+
seal_wrap: Optional[pulumi.Input[builtins.bool]] = None,
|
56
|
+
skip_static_role_import_rotation: Optional[pulumi.Input[builtins.bool]] = None,
|
57
|
+
starttls: Optional[pulumi.Input[builtins.bool]] = None,
|
58
|
+
upndomain: Optional[pulumi.Input[builtins.str]] = None,
|
59
|
+
url: Optional[pulumi.Input[builtins.str]] = None,
|
60
|
+
userattr: Optional[pulumi.Input[builtins.str]] = None,
|
61
|
+
userdn: Optional[pulumi.Input[builtins.str]] = None):
|
61
62
|
"""
|
62
63
|
The set of arguments for constructing a SecretBackend resource.
|
63
|
-
:param pulumi.Input[str] binddn: Distinguished name of object to bind when performing user and group search.
|
64
|
-
:param pulumi.Input[str] bindpass: Password to use along with binddn when performing user search.
|
65
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_managed_keys: List of managed key registry entry names that the mount in question is allowed to access
|
66
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_response_headers: List of headers to allow and pass from the request to the plugin
|
67
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
|
68
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
|
69
|
-
:param pulumi.Input[str] certificate: CA certificate to use when verifying LDAP server certificate, must be
|
64
|
+
:param pulumi.Input[builtins.str] binddn: Distinguished name of object to bind when performing user and group search.
|
65
|
+
:param pulumi.Input[builtins.str] bindpass: Password to use along with binddn when performing user search.
|
66
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_managed_keys: List of managed key registry entry names that the mount in question is allowed to access
|
67
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_response_headers: List of headers to allow and pass from the request to the plugin
|
68
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
|
69
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
|
70
|
+
:param pulumi.Input[builtins.str] certificate: CA certificate to use when verifying LDAP server certificate, must be
|
70
71
|
x509 PEM encoded.
|
71
|
-
:param pulumi.Input[str] client_tls_cert: Client certificate to provide to the LDAP server, must be x509 PEM encoded.
|
72
|
-
:param pulumi.Input[str] client_tls_key: Client certificate key to provide to the LDAP server, must be x509 PEM encoded.
|
73
|
-
:param pulumi.Input[int] connection_timeout: Timeout, in seconds, when attempting to connect to the LDAP server before trying
|
72
|
+
:param pulumi.Input[builtins.str] client_tls_cert: Client certificate to provide to the LDAP server, must be x509 PEM encoded.
|
73
|
+
:param pulumi.Input[builtins.str] client_tls_key: Client certificate key to provide to the LDAP server, must be x509 PEM encoded.
|
74
|
+
:param pulumi.Input[builtins.int] connection_timeout: Timeout, in seconds, when attempting to connect to the LDAP server before trying
|
74
75
|
the next URL in the configuration.
|
75
|
-
:param pulumi.Input[int] default_lease_ttl_seconds: Default lease duration for secrets in seconds.
|
76
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] delegated_auth_accessors: List of headers to allow and pass from the request to the plugin
|
77
|
-
:param pulumi.Input[str] description: Human-friendly description of the mount for the Active Directory backend.
|
78
|
-
:param pulumi.Input[bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
79
|
-
:param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
|
80
|
-
:param pulumi.Input[bool] external_entropy_access: Enable the secrets engine to access Vault's external entropy source
|
81
|
-
:param pulumi.Input[str] identity_token_key: The key to use for signing plugin workload identity tokens
|
82
|
-
:param pulumi.Input[bool] insecure_tls: Skip LDAP server SSL Certificate verification. This is not recommended for production.
|
76
|
+
:param pulumi.Input[builtins.int] default_lease_ttl_seconds: Default lease duration for secrets in seconds.
|
77
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] delegated_auth_accessors: List of headers to allow and pass from the request to the plugin
|
78
|
+
:param pulumi.Input[builtins.str] description: Human-friendly description of the mount for the Active Directory backend.
|
79
|
+
:param pulumi.Input[builtins.bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
80
|
+
:param pulumi.Input[builtins.bool] disable_remount: If set, opts out of mount migration on path updates.
|
81
|
+
:param pulumi.Input[builtins.bool] external_entropy_access: Enable the secrets engine to access Vault's external entropy source
|
82
|
+
:param pulumi.Input[builtins.str] identity_token_key: The key to use for signing plugin workload identity tokens
|
83
|
+
:param pulumi.Input[builtins.bool] insecure_tls: Skip LDAP server SSL Certificate verification. This is not recommended for production.
|
83
84
|
Defaults to `false`.
|
84
|
-
:param pulumi.Input[str] listing_visibility: Specifies whether to show this mount in the UI-specific listing endpoint
|
85
|
-
:param pulumi.Input[bool] local: Mark the secrets engine as local-only. Local engines are not replicated or removed by
|
85
|
+
:param pulumi.Input[builtins.str] listing_visibility: Specifies whether to show this mount in the UI-specific listing endpoint
|
86
|
+
:param pulumi.Input[builtins.bool] local: Mark the secrets engine as local-only. Local engines are not replicated or removed by
|
86
87
|
replication.Tolerance duration to use when checking the last rotation time.
|
87
|
-
:param pulumi.Input[int] max_lease_ttl_seconds: Maximum possible lease duration for secrets in seconds.
|
88
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
88
|
+
:param pulumi.Input[builtins.int] max_lease_ttl_seconds: Maximum possible lease duration for secrets in seconds.
|
89
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
89
90
|
The value should not contain leading or trailing forward slashes.
|
90
91
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
91
92
|
*Available only for Vault Enterprise*.
|
92
|
-
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] options: Specifies mount type specific options that are passed to the backend
|
93
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] passthrough_request_headers: List of headers to allow and pass from the request to the plugin
|
94
|
-
:param pulumi.Input[str] password_policy: Name of the password policy to use to generate passwords.
|
95
|
-
:param pulumi.Input[str] path: The unique path this backend should be mounted at. Must
|
93
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] options: Specifies mount type specific options that are passed to the backend
|
94
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] passthrough_request_headers: List of headers to allow and pass from the request to the plugin
|
95
|
+
:param pulumi.Input[builtins.str] password_policy: Name of the password policy to use to generate passwords.
|
96
|
+
:param pulumi.Input[builtins.str] path: The unique path this backend should be mounted at. Must
|
96
97
|
not begin or end with a `/`. Defaults to `ldap`.
|
97
|
-
:param pulumi.Input[str] plugin_version: Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
|
98
|
-
:param pulumi.Input[int] request_timeout: Timeout, in seconds, for the connection when making requests against the server
|
98
|
+
:param pulumi.Input[builtins.str] plugin_version: Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
|
99
|
+
:param pulumi.Input[builtins.int] request_timeout: Timeout, in seconds, for the connection when making requests against the server
|
99
100
|
before returning back an error.
|
100
|
-
:param pulumi.Input[int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
|
101
|
+
:param pulumi.Input[builtins.int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
|
101
102
|
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
102
|
-
:param pulumi.Input[str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
103
|
+
:param pulumi.Input[builtins.str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
103
104
|
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
104
|
-
:param pulumi.Input[int] rotation_window: The maximum amount of time in seconds allowed to complete
|
105
|
+
:param pulumi.Input[builtins.int] rotation_window: The maximum amount of time in seconds allowed to complete
|
105
106
|
a rotation when a scheduled token rotation occurs. The default rotation window is
|
106
107
|
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
|
107
|
-
:param pulumi.Input[str] schema: The LDAP schema to use when storing entry passwords. Valid schemas include `openldap`, `ad`, and `racf`. Default is `openldap`.
|
108
|
-
:param pulumi.Input[bool] seal_wrap: Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
|
109
|
-
:param pulumi.Input[bool] skip_static_role_import_rotation: If set to true, static roles will not be rotated during import.
|
108
|
+
:param pulumi.Input[builtins.str] schema: The LDAP schema to use when storing entry passwords. Valid schemas include `openldap`, `ad`, and `racf`. Default is `openldap`.
|
109
|
+
:param pulumi.Input[builtins.bool] seal_wrap: Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
|
110
|
+
:param pulumi.Input[builtins.bool] skip_static_role_import_rotation: If set to true, static roles will not be rotated during import.
|
110
111
|
Defaults to false. Requires Vault 1.16 or above.
|
111
|
-
:param pulumi.Input[bool] starttls: Issue a StartTLS command after establishing unencrypted connection.
|
112
|
-
:param pulumi.Input[str] upndomain: Enables userPrincipalDomain login with [username]@UPNDomain.
|
113
|
-
:param pulumi.Input[str] url: LDAP URL to connect to. Multiple URLs can be specified by concatenating
|
112
|
+
:param pulumi.Input[builtins.bool] starttls: Issue a StartTLS command after establishing unencrypted connection.
|
113
|
+
:param pulumi.Input[builtins.str] upndomain: Enables userPrincipalDomain login with [username]@UPNDomain.
|
114
|
+
:param pulumi.Input[builtins.str] url: LDAP URL to connect to. Multiple URLs can be specified by concatenating
|
114
115
|
them with commas; they will be tried in-order. Defaults to `ldap://127.0.0.1`.
|
115
|
-
:param pulumi.Input[str] userattr: Attribute used when searching users. Defaults to `cn`.
|
116
|
-
:param pulumi.Input[str] userdn: LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.
|
116
|
+
:param pulumi.Input[builtins.str] userattr: Attribute used when searching users. Defaults to `cn`.
|
117
|
+
:param pulumi.Input[builtins.str] userdn: LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.
|
117
118
|
"""
|
118
119
|
pulumi.set(__self__, "binddn", binddn)
|
119
120
|
pulumi.set(__self__, "bindpass", bindpass)
|
@@ -194,79 +195,79 @@ class SecretBackendArgs:
|
|
194
195
|
|
195
196
|
@property
|
196
197
|
@pulumi.getter
|
197
|
-
def binddn(self) -> pulumi.Input[str]:
|
198
|
+
def binddn(self) -> pulumi.Input[builtins.str]:
|
198
199
|
"""
|
199
200
|
Distinguished name of object to bind when performing user and group search.
|
200
201
|
"""
|
201
202
|
return pulumi.get(self, "binddn")
|
202
203
|
|
203
204
|
@binddn.setter
|
204
|
-
def binddn(self, value: pulumi.Input[str]):
|
205
|
+
def binddn(self, value: pulumi.Input[builtins.str]):
|
205
206
|
pulumi.set(self, "binddn", value)
|
206
207
|
|
207
208
|
@property
|
208
209
|
@pulumi.getter
|
209
|
-
def bindpass(self) -> pulumi.Input[str]:
|
210
|
+
def bindpass(self) -> pulumi.Input[builtins.str]:
|
210
211
|
"""
|
211
212
|
Password to use along with binddn when performing user search.
|
212
213
|
"""
|
213
214
|
return pulumi.get(self, "bindpass")
|
214
215
|
|
215
216
|
@bindpass.setter
|
216
|
-
def bindpass(self, value: pulumi.Input[str]):
|
217
|
+
def bindpass(self, value: pulumi.Input[builtins.str]):
|
217
218
|
pulumi.set(self, "bindpass", value)
|
218
219
|
|
219
220
|
@property
|
220
221
|
@pulumi.getter(name="allowedManagedKeys")
|
221
|
-
def allowed_managed_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
222
|
+
def allowed_managed_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
222
223
|
"""
|
223
224
|
List of managed key registry entry names that the mount in question is allowed to access
|
224
225
|
"""
|
225
226
|
return pulumi.get(self, "allowed_managed_keys")
|
226
227
|
|
227
228
|
@allowed_managed_keys.setter
|
228
|
-
def allowed_managed_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
229
|
+
def allowed_managed_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
229
230
|
pulumi.set(self, "allowed_managed_keys", value)
|
230
231
|
|
231
232
|
@property
|
232
233
|
@pulumi.getter(name="allowedResponseHeaders")
|
233
|
-
def allowed_response_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
234
|
+
def allowed_response_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
234
235
|
"""
|
235
236
|
List of headers to allow and pass from the request to the plugin
|
236
237
|
"""
|
237
238
|
return pulumi.get(self, "allowed_response_headers")
|
238
239
|
|
239
240
|
@allowed_response_headers.setter
|
240
|
-
def allowed_response_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
241
|
+
def allowed_response_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
241
242
|
pulumi.set(self, "allowed_response_headers", value)
|
242
243
|
|
243
244
|
@property
|
244
245
|
@pulumi.getter(name="auditNonHmacRequestKeys")
|
245
|
-
def audit_non_hmac_request_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
246
|
+
def audit_non_hmac_request_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
246
247
|
"""
|
247
248
|
Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
|
248
249
|
"""
|
249
250
|
return pulumi.get(self, "audit_non_hmac_request_keys")
|
250
251
|
|
251
252
|
@audit_non_hmac_request_keys.setter
|
252
|
-
def audit_non_hmac_request_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
253
|
+
def audit_non_hmac_request_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
253
254
|
pulumi.set(self, "audit_non_hmac_request_keys", value)
|
254
255
|
|
255
256
|
@property
|
256
257
|
@pulumi.getter(name="auditNonHmacResponseKeys")
|
257
|
-
def audit_non_hmac_response_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
258
|
+
def audit_non_hmac_response_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
258
259
|
"""
|
259
260
|
Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
|
260
261
|
"""
|
261
262
|
return pulumi.get(self, "audit_non_hmac_response_keys")
|
262
263
|
|
263
264
|
@audit_non_hmac_response_keys.setter
|
264
|
-
def audit_non_hmac_response_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
265
|
+
def audit_non_hmac_response_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
265
266
|
pulumi.set(self, "audit_non_hmac_response_keys", value)
|
266
267
|
|
267
268
|
@property
|
268
269
|
@pulumi.getter
|
269
|
-
def certificate(self) -> Optional[pulumi.Input[str]]:
|
270
|
+
def certificate(self) -> Optional[pulumi.Input[builtins.str]]:
|
270
271
|
"""
|
271
272
|
CA certificate to use when verifying LDAP server certificate, must be
|
272
273
|
x509 PEM encoded.
|
@@ -274,36 +275,36 @@ class SecretBackendArgs:
|
|
274
275
|
return pulumi.get(self, "certificate")
|
275
276
|
|
276
277
|
@certificate.setter
|
277
|
-
def certificate(self, value: Optional[pulumi.Input[str]]):
|
278
|
+
def certificate(self, value: Optional[pulumi.Input[builtins.str]]):
|
278
279
|
pulumi.set(self, "certificate", value)
|
279
280
|
|
280
281
|
@property
|
281
282
|
@pulumi.getter(name="clientTlsCert")
|
282
|
-
def client_tls_cert(self) -> Optional[pulumi.Input[str]]:
|
283
|
+
def client_tls_cert(self) -> Optional[pulumi.Input[builtins.str]]:
|
283
284
|
"""
|
284
285
|
Client certificate to provide to the LDAP server, must be x509 PEM encoded.
|
285
286
|
"""
|
286
287
|
return pulumi.get(self, "client_tls_cert")
|
287
288
|
|
288
289
|
@client_tls_cert.setter
|
289
|
-
def client_tls_cert(self, value: Optional[pulumi.Input[str]]):
|
290
|
+
def client_tls_cert(self, value: Optional[pulumi.Input[builtins.str]]):
|
290
291
|
pulumi.set(self, "client_tls_cert", value)
|
291
292
|
|
292
293
|
@property
|
293
294
|
@pulumi.getter(name="clientTlsKey")
|
294
|
-
def client_tls_key(self) -> Optional[pulumi.Input[str]]:
|
295
|
+
def client_tls_key(self) -> Optional[pulumi.Input[builtins.str]]:
|
295
296
|
"""
|
296
297
|
Client certificate key to provide to the LDAP server, must be x509 PEM encoded.
|
297
298
|
"""
|
298
299
|
return pulumi.get(self, "client_tls_key")
|
299
300
|
|
300
301
|
@client_tls_key.setter
|
301
|
-
def client_tls_key(self, value: Optional[pulumi.Input[str]]):
|
302
|
+
def client_tls_key(self, value: Optional[pulumi.Input[builtins.str]]):
|
302
303
|
pulumi.set(self, "client_tls_key", value)
|
303
304
|
|
304
305
|
@property
|
305
306
|
@pulumi.getter(name="connectionTimeout")
|
306
|
-
def connection_timeout(self) -> Optional[pulumi.Input[int]]:
|
307
|
+
def connection_timeout(self) -> Optional[pulumi.Input[builtins.int]]:
|
307
308
|
"""
|
308
309
|
Timeout, in seconds, when attempting to connect to the LDAP server before trying
|
309
310
|
the next URL in the configuration.
|
@@ -311,96 +312,96 @@ class SecretBackendArgs:
|
|
311
312
|
return pulumi.get(self, "connection_timeout")
|
312
313
|
|
313
314
|
@connection_timeout.setter
|
314
|
-
def connection_timeout(self, value: Optional[pulumi.Input[int]]):
|
315
|
+
def connection_timeout(self, value: Optional[pulumi.Input[builtins.int]]):
|
315
316
|
pulumi.set(self, "connection_timeout", value)
|
316
317
|
|
317
318
|
@property
|
318
319
|
@pulumi.getter(name="defaultLeaseTtlSeconds")
|
319
|
-
def default_lease_ttl_seconds(self) -> Optional[pulumi.Input[int]]:
|
320
|
+
def default_lease_ttl_seconds(self) -> Optional[pulumi.Input[builtins.int]]:
|
320
321
|
"""
|
321
322
|
Default lease duration for secrets in seconds.
|
322
323
|
"""
|
323
324
|
return pulumi.get(self, "default_lease_ttl_seconds")
|
324
325
|
|
325
326
|
@default_lease_ttl_seconds.setter
|
326
|
-
def default_lease_ttl_seconds(self, value: Optional[pulumi.Input[int]]):
|
327
|
+
def default_lease_ttl_seconds(self, value: Optional[pulumi.Input[builtins.int]]):
|
327
328
|
pulumi.set(self, "default_lease_ttl_seconds", value)
|
328
329
|
|
329
330
|
@property
|
330
331
|
@pulumi.getter(name="delegatedAuthAccessors")
|
331
|
-
def delegated_auth_accessors(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
332
|
+
def delegated_auth_accessors(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
332
333
|
"""
|
333
334
|
List of headers to allow and pass from the request to the plugin
|
334
335
|
"""
|
335
336
|
return pulumi.get(self, "delegated_auth_accessors")
|
336
337
|
|
337
338
|
@delegated_auth_accessors.setter
|
338
|
-
def delegated_auth_accessors(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
339
|
+
def delegated_auth_accessors(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
339
340
|
pulumi.set(self, "delegated_auth_accessors", value)
|
340
341
|
|
341
342
|
@property
|
342
343
|
@pulumi.getter
|
343
|
-
def description(self) -> Optional[pulumi.Input[str]]:
|
344
|
+
def description(self) -> Optional[pulumi.Input[builtins.str]]:
|
344
345
|
"""
|
345
346
|
Human-friendly description of the mount for the Active Directory backend.
|
346
347
|
"""
|
347
348
|
return pulumi.get(self, "description")
|
348
349
|
|
349
350
|
@description.setter
|
350
|
-
def description(self, value: Optional[pulumi.Input[str]]):
|
351
|
+
def description(self, value: Optional[pulumi.Input[builtins.str]]):
|
351
352
|
pulumi.set(self, "description", value)
|
352
353
|
|
353
354
|
@property
|
354
355
|
@pulumi.getter(name="disableAutomatedRotation")
|
355
|
-
def disable_automated_rotation(self) -> Optional[pulumi.Input[bool]]:
|
356
|
+
def disable_automated_rotation(self) -> Optional[pulumi.Input[builtins.bool]]:
|
356
357
|
"""
|
357
358
|
Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
358
359
|
"""
|
359
360
|
return pulumi.get(self, "disable_automated_rotation")
|
360
361
|
|
361
362
|
@disable_automated_rotation.setter
|
362
|
-
def disable_automated_rotation(self, value: Optional[pulumi.Input[bool]]):
|
363
|
+
def disable_automated_rotation(self, value: Optional[pulumi.Input[builtins.bool]]):
|
363
364
|
pulumi.set(self, "disable_automated_rotation", value)
|
364
365
|
|
365
366
|
@property
|
366
367
|
@pulumi.getter(name="disableRemount")
|
367
|
-
def disable_remount(self) -> Optional[pulumi.Input[bool]]:
|
368
|
+
def disable_remount(self) -> Optional[pulumi.Input[builtins.bool]]:
|
368
369
|
"""
|
369
370
|
If set, opts out of mount migration on path updates.
|
370
371
|
"""
|
371
372
|
return pulumi.get(self, "disable_remount")
|
372
373
|
|
373
374
|
@disable_remount.setter
|
374
|
-
def disable_remount(self, value: Optional[pulumi.Input[bool]]):
|
375
|
+
def disable_remount(self, value: Optional[pulumi.Input[builtins.bool]]):
|
375
376
|
pulumi.set(self, "disable_remount", value)
|
376
377
|
|
377
378
|
@property
|
378
379
|
@pulumi.getter(name="externalEntropyAccess")
|
379
|
-
def external_entropy_access(self) -> Optional[pulumi.Input[bool]]:
|
380
|
+
def external_entropy_access(self) -> Optional[pulumi.Input[builtins.bool]]:
|
380
381
|
"""
|
381
382
|
Enable the secrets engine to access Vault's external entropy source
|
382
383
|
"""
|
383
384
|
return pulumi.get(self, "external_entropy_access")
|
384
385
|
|
385
386
|
@external_entropy_access.setter
|
386
|
-
def external_entropy_access(self, value: Optional[pulumi.Input[bool]]):
|
387
|
+
def external_entropy_access(self, value: Optional[pulumi.Input[builtins.bool]]):
|
387
388
|
pulumi.set(self, "external_entropy_access", value)
|
388
389
|
|
389
390
|
@property
|
390
391
|
@pulumi.getter(name="identityTokenKey")
|
391
|
-
def identity_token_key(self) -> Optional[pulumi.Input[str]]:
|
392
|
+
def identity_token_key(self) -> Optional[pulumi.Input[builtins.str]]:
|
392
393
|
"""
|
393
394
|
The key to use for signing plugin workload identity tokens
|
394
395
|
"""
|
395
396
|
return pulumi.get(self, "identity_token_key")
|
396
397
|
|
397
398
|
@identity_token_key.setter
|
398
|
-
def identity_token_key(self, value: Optional[pulumi.Input[str]]):
|
399
|
+
def identity_token_key(self, value: Optional[pulumi.Input[builtins.str]]):
|
399
400
|
pulumi.set(self, "identity_token_key", value)
|
400
401
|
|
401
402
|
@property
|
402
403
|
@pulumi.getter(name="insecureTls")
|
403
|
-
def insecure_tls(self) -> Optional[pulumi.Input[bool]]:
|
404
|
+
def insecure_tls(self) -> Optional[pulumi.Input[builtins.bool]]:
|
404
405
|
"""
|
405
406
|
Skip LDAP server SSL Certificate verification. This is not recommended for production.
|
406
407
|
Defaults to `false`.
|
@@ -408,24 +409,24 @@ class SecretBackendArgs:
|
|
408
409
|
return pulumi.get(self, "insecure_tls")
|
409
410
|
|
410
411
|
@insecure_tls.setter
|
411
|
-
def insecure_tls(self, value: Optional[pulumi.Input[bool]]):
|
412
|
+
def insecure_tls(self, value: Optional[pulumi.Input[builtins.bool]]):
|
412
413
|
pulumi.set(self, "insecure_tls", value)
|
413
414
|
|
414
415
|
@property
|
415
416
|
@pulumi.getter(name="listingVisibility")
|
416
|
-
def listing_visibility(self) -> Optional[pulumi.Input[str]]:
|
417
|
+
def listing_visibility(self) -> Optional[pulumi.Input[builtins.str]]:
|
417
418
|
"""
|
418
419
|
Specifies whether to show this mount in the UI-specific listing endpoint
|
419
420
|
"""
|
420
421
|
return pulumi.get(self, "listing_visibility")
|
421
422
|
|
422
423
|
@listing_visibility.setter
|
423
|
-
def listing_visibility(self, value: Optional[pulumi.Input[str]]):
|
424
|
+
def listing_visibility(self, value: Optional[pulumi.Input[builtins.str]]):
|
424
425
|
pulumi.set(self, "listing_visibility", value)
|
425
426
|
|
426
427
|
@property
|
427
428
|
@pulumi.getter
|
428
|
-
def local(self) -> Optional[pulumi.Input[bool]]:
|
429
|
+
def local(self) -> Optional[pulumi.Input[builtins.bool]]:
|
429
430
|
"""
|
430
431
|
Mark the secrets engine as local-only. Local engines are not replicated or removed by
|
431
432
|
replication.Tolerance duration to use when checking the last rotation time.
|
@@ -433,24 +434,24 @@ class SecretBackendArgs:
|
|
433
434
|
return pulumi.get(self, "local")
|
434
435
|
|
435
436
|
@local.setter
|
436
|
-
def local(self, value: Optional[pulumi.Input[bool]]):
|
437
|
+
def local(self, value: Optional[pulumi.Input[builtins.bool]]):
|
437
438
|
pulumi.set(self, "local", value)
|
438
439
|
|
439
440
|
@property
|
440
441
|
@pulumi.getter(name="maxLeaseTtlSeconds")
|
441
|
-
def max_lease_ttl_seconds(self) -> Optional[pulumi.Input[int]]:
|
442
|
+
def max_lease_ttl_seconds(self) -> Optional[pulumi.Input[builtins.int]]:
|
442
443
|
"""
|
443
444
|
Maximum possible lease duration for secrets in seconds.
|
444
445
|
"""
|
445
446
|
return pulumi.get(self, "max_lease_ttl_seconds")
|
446
447
|
|
447
448
|
@max_lease_ttl_seconds.setter
|
448
|
-
def max_lease_ttl_seconds(self, value: Optional[pulumi.Input[int]]):
|
449
|
+
def max_lease_ttl_seconds(self, value: Optional[pulumi.Input[builtins.int]]):
|
449
450
|
pulumi.set(self, "max_lease_ttl_seconds", value)
|
450
451
|
|
451
452
|
@property
|
452
453
|
@pulumi.getter
|
453
|
-
def namespace(self) -> Optional[pulumi.Input[str]]:
|
454
|
+
def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
|
454
455
|
"""
|
455
456
|
The namespace to provision the resource in.
|
456
457
|
The value should not contain leading or trailing forward slashes.
|
@@ -460,48 +461,48 @@ class SecretBackendArgs:
|
|
460
461
|
return pulumi.get(self, "namespace")
|
461
462
|
|
462
463
|
@namespace.setter
|
463
|
-
def namespace(self, value: Optional[pulumi.Input[str]]):
|
464
|
+
def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
|
464
465
|
pulumi.set(self, "namespace", value)
|
465
466
|
|
466
467
|
@property
|
467
468
|
@pulumi.getter
|
468
|
-
def options(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
|
469
|
+
def options(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]:
|
469
470
|
"""
|
470
471
|
Specifies mount type specific options that are passed to the backend
|
471
472
|
"""
|
472
473
|
return pulumi.get(self, "options")
|
473
474
|
|
474
475
|
@options.setter
|
475
|
-
def options(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
|
476
|
+
def options(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]):
|
476
477
|
pulumi.set(self, "options", value)
|
477
478
|
|
478
479
|
@property
|
479
480
|
@pulumi.getter(name="passthroughRequestHeaders")
|
480
|
-
def passthrough_request_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
481
|
+
def passthrough_request_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
481
482
|
"""
|
482
483
|
List of headers to allow and pass from the request to the plugin
|
483
484
|
"""
|
484
485
|
return pulumi.get(self, "passthrough_request_headers")
|
485
486
|
|
486
487
|
@passthrough_request_headers.setter
|
487
|
-
def passthrough_request_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
488
|
+
def passthrough_request_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
488
489
|
pulumi.set(self, "passthrough_request_headers", value)
|
489
490
|
|
490
491
|
@property
|
491
492
|
@pulumi.getter(name="passwordPolicy")
|
492
|
-
def password_policy(self) -> Optional[pulumi.Input[str]]:
|
493
|
+
def password_policy(self) -> Optional[pulumi.Input[builtins.str]]:
|
493
494
|
"""
|
494
495
|
Name of the password policy to use to generate passwords.
|
495
496
|
"""
|
496
497
|
return pulumi.get(self, "password_policy")
|
497
498
|
|
498
499
|
@password_policy.setter
|
499
|
-
def password_policy(self, value: Optional[pulumi.Input[str]]):
|
500
|
+
def password_policy(self, value: Optional[pulumi.Input[builtins.str]]):
|
500
501
|
pulumi.set(self, "password_policy", value)
|
501
502
|
|
502
503
|
@property
|
503
504
|
@pulumi.getter
|
504
|
-
def path(self) -> Optional[pulumi.Input[str]]:
|
505
|
+
def path(self) -> Optional[pulumi.Input[builtins.str]]:
|
505
506
|
"""
|
506
507
|
The unique path this backend should be mounted at. Must
|
507
508
|
not begin or end with a `/`. Defaults to `ldap`.
|
@@ -509,24 +510,24 @@ class SecretBackendArgs:
|
|
509
510
|
return pulumi.get(self, "path")
|
510
511
|
|
511
512
|
@path.setter
|
512
|
-
def path(self, value: Optional[pulumi.Input[str]]):
|
513
|
+
def path(self, value: Optional[pulumi.Input[builtins.str]]):
|
513
514
|
pulumi.set(self, "path", value)
|
514
515
|
|
515
516
|
@property
|
516
517
|
@pulumi.getter(name="pluginVersion")
|
517
|
-
def plugin_version(self) -> Optional[pulumi.Input[str]]:
|
518
|
+
def plugin_version(self) -> Optional[pulumi.Input[builtins.str]]:
|
518
519
|
"""
|
519
520
|
Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
|
520
521
|
"""
|
521
522
|
return pulumi.get(self, "plugin_version")
|
522
523
|
|
523
524
|
@plugin_version.setter
|
524
|
-
def plugin_version(self, value: Optional[pulumi.Input[str]]):
|
525
|
+
def plugin_version(self, value: Optional[pulumi.Input[builtins.str]]):
|
525
526
|
pulumi.set(self, "plugin_version", value)
|
526
527
|
|
527
528
|
@property
|
528
529
|
@pulumi.getter(name="requestTimeout")
|
529
|
-
def request_timeout(self) -> Optional[pulumi.Input[int]]:
|
530
|
+
def request_timeout(self) -> Optional[pulumi.Input[builtins.int]]:
|
530
531
|
"""
|
531
532
|
Timeout, in seconds, for the connection when making requests against the server
|
532
533
|
before returning back an error.
|
@@ -534,12 +535,12 @@ class SecretBackendArgs:
|
|
534
535
|
return pulumi.get(self, "request_timeout")
|
535
536
|
|
536
537
|
@request_timeout.setter
|
537
|
-
def request_timeout(self, value: Optional[pulumi.Input[int]]):
|
538
|
+
def request_timeout(self, value: Optional[pulumi.Input[builtins.int]]):
|
538
539
|
pulumi.set(self, "request_timeout", value)
|
539
540
|
|
540
541
|
@property
|
541
542
|
@pulumi.getter(name="rotationPeriod")
|
542
|
-
def rotation_period(self) -> Optional[pulumi.Input[int]]:
|
543
|
+
def rotation_period(self) -> Optional[pulumi.Input[builtins.int]]:
|
543
544
|
"""
|
544
545
|
The amount of time in seconds Vault should wait before rotating the root credential.
|
545
546
|
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
@@ -547,12 +548,12 @@ class SecretBackendArgs:
|
|
547
548
|
return pulumi.get(self, "rotation_period")
|
548
549
|
|
549
550
|
@rotation_period.setter
|
550
|
-
def rotation_period(self, value: Optional[pulumi.Input[int]]):
|
551
|
+
def rotation_period(self, value: Optional[pulumi.Input[builtins.int]]):
|
551
552
|
pulumi.set(self, "rotation_period", value)
|
552
553
|
|
553
554
|
@property
|
554
555
|
@pulumi.getter(name="rotationSchedule")
|
555
|
-
def rotation_schedule(self) -> Optional[pulumi.Input[str]]:
|
556
|
+
def rotation_schedule(self) -> Optional[pulumi.Input[builtins.str]]:
|
556
557
|
"""
|
557
558
|
The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
558
559
|
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
@@ -560,12 +561,12 @@ class SecretBackendArgs:
|
|
560
561
|
return pulumi.get(self, "rotation_schedule")
|
561
562
|
|
562
563
|
@rotation_schedule.setter
|
563
|
-
def rotation_schedule(self, value: Optional[pulumi.Input[str]]):
|
564
|
+
def rotation_schedule(self, value: Optional[pulumi.Input[builtins.str]]):
|
564
565
|
pulumi.set(self, "rotation_schedule", value)
|
565
566
|
|
566
567
|
@property
|
567
568
|
@pulumi.getter(name="rotationWindow")
|
568
|
-
def rotation_window(self) -> Optional[pulumi.Input[int]]:
|
569
|
+
def rotation_window(self) -> Optional[pulumi.Input[builtins.int]]:
|
569
570
|
"""
|
570
571
|
The maximum amount of time in seconds allowed to complete
|
571
572
|
a rotation when a scheduled token rotation occurs. The default rotation window is
|
@@ -574,36 +575,36 @@ class SecretBackendArgs:
|
|
574
575
|
return pulumi.get(self, "rotation_window")
|
575
576
|
|
576
577
|
@rotation_window.setter
|
577
|
-
def rotation_window(self, value: Optional[pulumi.Input[int]]):
|
578
|
+
def rotation_window(self, value: Optional[pulumi.Input[builtins.int]]):
|
578
579
|
pulumi.set(self, "rotation_window", value)
|
579
580
|
|
580
581
|
@property
|
581
582
|
@pulumi.getter
|
582
|
-
def schema(self) -> Optional[pulumi.Input[str]]:
|
583
|
+
def schema(self) -> Optional[pulumi.Input[builtins.str]]:
|
583
584
|
"""
|
584
585
|
The LDAP schema to use when storing entry passwords. Valid schemas include `openldap`, `ad`, and `racf`. Default is `openldap`.
|
585
586
|
"""
|
586
587
|
return pulumi.get(self, "schema")
|
587
588
|
|
588
589
|
@schema.setter
|
589
|
-
def schema(self, value: Optional[pulumi.Input[str]]):
|
590
|
+
def schema(self, value: Optional[pulumi.Input[builtins.str]]):
|
590
591
|
pulumi.set(self, "schema", value)
|
591
592
|
|
592
593
|
@property
|
593
594
|
@pulumi.getter(name="sealWrap")
|
594
|
-
def seal_wrap(self) -> Optional[pulumi.Input[bool]]:
|
595
|
+
def seal_wrap(self) -> Optional[pulumi.Input[builtins.bool]]:
|
595
596
|
"""
|
596
597
|
Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
|
597
598
|
"""
|
598
599
|
return pulumi.get(self, "seal_wrap")
|
599
600
|
|
600
601
|
@seal_wrap.setter
|
601
|
-
def seal_wrap(self, value: Optional[pulumi.Input[bool]]):
|
602
|
+
def seal_wrap(self, value: Optional[pulumi.Input[builtins.bool]]):
|
602
603
|
pulumi.set(self, "seal_wrap", value)
|
603
604
|
|
604
605
|
@property
|
605
606
|
@pulumi.getter(name="skipStaticRoleImportRotation")
|
606
|
-
def skip_static_role_import_rotation(self) -> Optional[pulumi.Input[bool]]:
|
607
|
+
def skip_static_role_import_rotation(self) -> Optional[pulumi.Input[builtins.bool]]:
|
607
608
|
"""
|
608
609
|
If set to true, static roles will not be rotated during import.
|
609
610
|
Defaults to false. Requires Vault 1.16 or above.
|
@@ -611,36 +612,36 @@ class SecretBackendArgs:
|
|
611
612
|
return pulumi.get(self, "skip_static_role_import_rotation")
|
612
613
|
|
613
614
|
@skip_static_role_import_rotation.setter
|
614
|
-
def skip_static_role_import_rotation(self, value: Optional[pulumi.Input[bool]]):
|
615
|
+
def skip_static_role_import_rotation(self, value: Optional[pulumi.Input[builtins.bool]]):
|
615
616
|
pulumi.set(self, "skip_static_role_import_rotation", value)
|
616
617
|
|
617
618
|
@property
|
618
619
|
@pulumi.getter
|
619
|
-
def starttls(self) -> Optional[pulumi.Input[bool]]:
|
620
|
+
def starttls(self) -> Optional[pulumi.Input[builtins.bool]]:
|
620
621
|
"""
|
621
622
|
Issue a StartTLS command after establishing unencrypted connection.
|
622
623
|
"""
|
623
624
|
return pulumi.get(self, "starttls")
|
624
625
|
|
625
626
|
@starttls.setter
|
626
|
-
def starttls(self, value: Optional[pulumi.Input[bool]]):
|
627
|
+
def starttls(self, value: Optional[pulumi.Input[builtins.bool]]):
|
627
628
|
pulumi.set(self, "starttls", value)
|
628
629
|
|
629
630
|
@property
|
630
631
|
@pulumi.getter
|
631
|
-
def upndomain(self) -> Optional[pulumi.Input[str]]:
|
632
|
+
def upndomain(self) -> Optional[pulumi.Input[builtins.str]]:
|
632
633
|
"""
|
633
634
|
Enables userPrincipalDomain login with [username]@UPNDomain.
|
634
635
|
"""
|
635
636
|
return pulumi.get(self, "upndomain")
|
636
637
|
|
637
638
|
@upndomain.setter
|
638
|
-
def upndomain(self, value: Optional[pulumi.Input[str]]):
|
639
|
+
def upndomain(self, value: Optional[pulumi.Input[builtins.str]]):
|
639
640
|
pulumi.set(self, "upndomain", value)
|
640
641
|
|
641
642
|
@property
|
642
643
|
@pulumi.getter
|
643
|
-
def url(self) -> Optional[pulumi.Input[str]]:
|
644
|
+
def url(self) -> Optional[pulumi.Input[builtins.str]]:
|
644
645
|
"""
|
645
646
|
LDAP URL to connect to. Multiple URLs can be specified by concatenating
|
646
647
|
them with commas; they will be tried in-order. Defaults to `ldap://127.0.0.1`.
|
@@ -648,134 +649,134 @@ class SecretBackendArgs:
|
|
648
649
|
return pulumi.get(self, "url")
|
649
650
|
|
650
651
|
@url.setter
|
651
|
-
def url(self, value: Optional[pulumi.Input[str]]):
|
652
|
+
def url(self, value: Optional[pulumi.Input[builtins.str]]):
|
652
653
|
pulumi.set(self, "url", value)
|
653
654
|
|
654
655
|
@property
|
655
656
|
@pulumi.getter
|
656
|
-
def userattr(self) -> Optional[pulumi.Input[str]]:
|
657
|
+
def userattr(self) -> Optional[pulumi.Input[builtins.str]]:
|
657
658
|
"""
|
658
659
|
Attribute used when searching users. Defaults to `cn`.
|
659
660
|
"""
|
660
661
|
return pulumi.get(self, "userattr")
|
661
662
|
|
662
663
|
@userattr.setter
|
663
|
-
def userattr(self, value: Optional[pulumi.Input[str]]):
|
664
|
+
def userattr(self, value: Optional[pulumi.Input[builtins.str]]):
|
664
665
|
pulumi.set(self, "userattr", value)
|
665
666
|
|
666
667
|
@property
|
667
668
|
@pulumi.getter
|
668
|
-
def userdn(self) -> Optional[pulumi.Input[str]]:
|
669
|
+
def userdn(self) -> Optional[pulumi.Input[builtins.str]]:
|
669
670
|
"""
|
670
671
|
LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.
|
671
672
|
"""
|
672
673
|
return pulumi.get(self, "userdn")
|
673
674
|
|
674
675
|
@userdn.setter
|
675
|
-
def userdn(self, value: Optional[pulumi.Input[str]]):
|
676
|
+
def userdn(self, value: Optional[pulumi.Input[builtins.str]]):
|
676
677
|
pulumi.set(self, "userdn", value)
|
677
678
|
|
678
679
|
|
679
680
|
@pulumi.input_type
|
680
681
|
class _SecretBackendState:
|
681
682
|
def __init__(__self__, *,
|
682
|
-
accessor: Optional[pulumi.Input[str]] = None,
|
683
|
-
allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
684
|
-
allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
685
|
-
audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
686
|
-
audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
687
|
-
binddn: Optional[pulumi.Input[str]] = None,
|
688
|
-
bindpass: Optional[pulumi.Input[str]] = None,
|
689
|
-
certificate: Optional[pulumi.Input[str]] = None,
|
690
|
-
client_tls_cert: Optional[pulumi.Input[str]] = None,
|
691
|
-
client_tls_key: Optional[pulumi.Input[str]] = None,
|
692
|
-
connection_timeout: Optional[pulumi.Input[int]] = None,
|
693
|
-
default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
694
|
-
delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
695
|
-
description: Optional[pulumi.Input[str]] = None,
|
696
|
-
disable_automated_rotation: Optional[pulumi.Input[bool]] = None,
|
697
|
-
disable_remount: Optional[pulumi.Input[bool]] = None,
|
698
|
-
external_entropy_access: Optional[pulumi.Input[bool]] = None,
|
699
|
-
identity_token_key: Optional[pulumi.Input[str]] = None,
|
700
|
-
insecure_tls: Optional[pulumi.Input[bool]] = None,
|
701
|
-
listing_visibility: Optional[pulumi.Input[str]] = None,
|
702
|
-
local: Optional[pulumi.Input[bool]] = None,
|
703
|
-
max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
704
|
-
namespace: Optional[pulumi.Input[str]] = None,
|
705
|
-
options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
706
|
-
passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
707
|
-
password_policy: Optional[pulumi.Input[str]] = None,
|
708
|
-
path: Optional[pulumi.Input[str]] = None,
|
709
|
-
plugin_version: Optional[pulumi.Input[str]] = None,
|
710
|
-
request_timeout: Optional[pulumi.Input[int]] = None,
|
711
|
-
rotation_period: Optional[pulumi.Input[int]] = None,
|
712
|
-
rotation_schedule: Optional[pulumi.Input[str]] = None,
|
713
|
-
rotation_window: Optional[pulumi.Input[int]] = None,
|
714
|
-
schema: Optional[pulumi.Input[str]] = None,
|
715
|
-
seal_wrap: Optional[pulumi.Input[bool]] = None,
|
716
|
-
skip_static_role_import_rotation: Optional[pulumi.Input[bool]] = None,
|
717
|
-
starttls: Optional[pulumi.Input[bool]] = None,
|
718
|
-
upndomain: Optional[pulumi.Input[str]] = None,
|
719
|
-
url: Optional[pulumi.Input[str]] = None,
|
720
|
-
userattr: Optional[pulumi.Input[str]] = None,
|
721
|
-
userdn: Optional[pulumi.Input[str]] = None):
|
683
|
+
accessor: Optional[pulumi.Input[builtins.str]] = None,
|
684
|
+
allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
685
|
+
allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
686
|
+
audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
687
|
+
audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
688
|
+
binddn: Optional[pulumi.Input[builtins.str]] = None,
|
689
|
+
bindpass: Optional[pulumi.Input[builtins.str]] = None,
|
690
|
+
certificate: Optional[pulumi.Input[builtins.str]] = None,
|
691
|
+
client_tls_cert: Optional[pulumi.Input[builtins.str]] = None,
|
692
|
+
client_tls_key: Optional[pulumi.Input[builtins.str]] = None,
|
693
|
+
connection_timeout: Optional[pulumi.Input[builtins.int]] = None,
|
694
|
+
default_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
|
695
|
+
delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
696
|
+
description: Optional[pulumi.Input[builtins.str]] = None,
|
697
|
+
disable_automated_rotation: Optional[pulumi.Input[builtins.bool]] = None,
|
698
|
+
disable_remount: Optional[pulumi.Input[builtins.bool]] = None,
|
699
|
+
external_entropy_access: Optional[pulumi.Input[builtins.bool]] = None,
|
700
|
+
identity_token_key: Optional[pulumi.Input[builtins.str]] = None,
|
701
|
+
insecure_tls: Optional[pulumi.Input[builtins.bool]] = None,
|
702
|
+
listing_visibility: Optional[pulumi.Input[builtins.str]] = None,
|
703
|
+
local: Optional[pulumi.Input[builtins.bool]] = None,
|
704
|
+
max_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
|
705
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
706
|
+
options: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
|
707
|
+
passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
708
|
+
password_policy: Optional[pulumi.Input[builtins.str]] = None,
|
709
|
+
path: Optional[pulumi.Input[builtins.str]] = None,
|
710
|
+
plugin_version: Optional[pulumi.Input[builtins.str]] = None,
|
711
|
+
request_timeout: Optional[pulumi.Input[builtins.int]] = None,
|
712
|
+
rotation_period: Optional[pulumi.Input[builtins.int]] = None,
|
713
|
+
rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
|
714
|
+
rotation_window: Optional[pulumi.Input[builtins.int]] = None,
|
715
|
+
schema: Optional[pulumi.Input[builtins.str]] = None,
|
716
|
+
seal_wrap: Optional[pulumi.Input[builtins.bool]] = None,
|
717
|
+
skip_static_role_import_rotation: Optional[pulumi.Input[builtins.bool]] = None,
|
718
|
+
starttls: Optional[pulumi.Input[builtins.bool]] = None,
|
719
|
+
upndomain: Optional[pulumi.Input[builtins.str]] = None,
|
720
|
+
url: Optional[pulumi.Input[builtins.str]] = None,
|
721
|
+
userattr: Optional[pulumi.Input[builtins.str]] = None,
|
722
|
+
userdn: Optional[pulumi.Input[builtins.str]] = None):
|
722
723
|
"""
|
723
724
|
Input properties used for looking up and filtering SecretBackend resources.
|
724
|
-
:param pulumi.Input[str] accessor: Accessor of the mount
|
725
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_managed_keys: List of managed key registry entry names that the mount in question is allowed to access
|
726
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_response_headers: List of headers to allow and pass from the request to the plugin
|
727
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
|
728
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
|
729
|
-
:param pulumi.Input[str] binddn: Distinguished name of object to bind when performing user and group search.
|
730
|
-
:param pulumi.Input[str] bindpass: Password to use along with binddn when performing user search.
|
731
|
-
:param pulumi.Input[str] certificate: CA certificate to use when verifying LDAP server certificate, must be
|
725
|
+
:param pulumi.Input[builtins.str] accessor: Accessor of the mount
|
726
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_managed_keys: List of managed key registry entry names that the mount in question is allowed to access
|
727
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_response_headers: List of headers to allow and pass from the request to the plugin
|
728
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
|
729
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
|
730
|
+
:param pulumi.Input[builtins.str] binddn: Distinguished name of object to bind when performing user and group search.
|
731
|
+
:param pulumi.Input[builtins.str] bindpass: Password to use along with binddn when performing user search.
|
732
|
+
:param pulumi.Input[builtins.str] certificate: CA certificate to use when verifying LDAP server certificate, must be
|
732
733
|
x509 PEM encoded.
|
733
|
-
:param pulumi.Input[str] client_tls_cert: Client certificate to provide to the LDAP server, must be x509 PEM encoded.
|
734
|
-
:param pulumi.Input[str] client_tls_key: Client certificate key to provide to the LDAP server, must be x509 PEM encoded.
|
735
|
-
:param pulumi.Input[int] connection_timeout: Timeout, in seconds, when attempting to connect to the LDAP server before trying
|
734
|
+
:param pulumi.Input[builtins.str] client_tls_cert: Client certificate to provide to the LDAP server, must be x509 PEM encoded.
|
735
|
+
:param pulumi.Input[builtins.str] client_tls_key: Client certificate key to provide to the LDAP server, must be x509 PEM encoded.
|
736
|
+
:param pulumi.Input[builtins.int] connection_timeout: Timeout, in seconds, when attempting to connect to the LDAP server before trying
|
736
737
|
the next URL in the configuration.
|
737
|
-
:param pulumi.Input[int] default_lease_ttl_seconds: Default lease duration for secrets in seconds.
|
738
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] delegated_auth_accessors: List of headers to allow and pass from the request to the plugin
|
739
|
-
:param pulumi.Input[str] description: Human-friendly description of the mount for the Active Directory backend.
|
740
|
-
:param pulumi.Input[bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
741
|
-
:param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
|
742
|
-
:param pulumi.Input[bool] external_entropy_access: Enable the secrets engine to access Vault's external entropy source
|
743
|
-
:param pulumi.Input[str] identity_token_key: The key to use for signing plugin workload identity tokens
|
744
|
-
:param pulumi.Input[bool] insecure_tls: Skip LDAP server SSL Certificate verification. This is not recommended for production.
|
738
|
+
:param pulumi.Input[builtins.int] default_lease_ttl_seconds: Default lease duration for secrets in seconds.
|
739
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] delegated_auth_accessors: List of headers to allow and pass from the request to the plugin
|
740
|
+
:param pulumi.Input[builtins.str] description: Human-friendly description of the mount for the Active Directory backend.
|
741
|
+
:param pulumi.Input[builtins.bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
742
|
+
:param pulumi.Input[builtins.bool] disable_remount: If set, opts out of mount migration on path updates.
|
743
|
+
:param pulumi.Input[builtins.bool] external_entropy_access: Enable the secrets engine to access Vault's external entropy source
|
744
|
+
:param pulumi.Input[builtins.str] identity_token_key: The key to use for signing plugin workload identity tokens
|
745
|
+
:param pulumi.Input[builtins.bool] insecure_tls: Skip LDAP server SSL Certificate verification. This is not recommended for production.
|
745
746
|
Defaults to `false`.
|
746
|
-
:param pulumi.Input[str] listing_visibility: Specifies whether to show this mount in the UI-specific listing endpoint
|
747
|
-
:param pulumi.Input[bool] local: Mark the secrets engine as local-only. Local engines are not replicated or removed by
|
747
|
+
:param pulumi.Input[builtins.str] listing_visibility: Specifies whether to show this mount in the UI-specific listing endpoint
|
748
|
+
:param pulumi.Input[builtins.bool] local: Mark the secrets engine as local-only. Local engines are not replicated or removed by
|
748
749
|
replication.Tolerance duration to use when checking the last rotation time.
|
749
|
-
:param pulumi.Input[int] max_lease_ttl_seconds: Maximum possible lease duration for secrets in seconds.
|
750
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
750
|
+
:param pulumi.Input[builtins.int] max_lease_ttl_seconds: Maximum possible lease duration for secrets in seconds.
|
751
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
751
752
|
The value should not contain leading or trailing forward slashes.
|
752
753
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
753
754
|
*Available only for Vault Enterprise*.
|
754
|
-
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] options: Specifies mount type specific options that are passed to the backend
|
755
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] passthrough_request_headers: List of headers to allow and pass from the request to the plugin
|
756
|
-
:param pulumi.Input[str] password_policy: Name of the password policy to use to generate passwords.
|
757
|
-
:param pulumi.Input[str] path: The unique path this backend should be mounted at. Must
|
755
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] options: Specifies mount type specific options that are passed to the backend
|
756
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] passthrough_request_headers: List of headers to allow and pass from the request to the plugin
|
757
|
+
:param pulumi.Input[builtins.str] password_policy: Name of the password policy to use to generate passwords.
|
758
|
+
:param pulumi.Input[builtins.str] path: The unique path this backend should be mounted at. Must
|
758
759
|
not begin or end with a `/`. Defaults to `ldap`.
|
759
|
-
:param pulumi.Input[str] plugin_version: Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
|
760
|
-
:param pulumi.Input[int] request_timeout: Timeout, in seconds, for the connection when making requests against the server
|
760
|
+
:param pulumi.Input[builtins.str] plugin_version: Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
|
761
|
+
:param pulumi.Input[builtins.int] request_timeout: Timeout, in seconds, for the connection when making requests against the server
|
761
762
|
before returning back an error.
|
762
|
-
:param pulumi.Input[int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
|
763
|
+
:param pulumi.Input[builtins.int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
|
763
764
|
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
764
|
-
:param pulumi.Input[str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
765
|
+
:param pulumi.Input[builtins.str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
765
766
|
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
766
|
-
:param pulumi.Input[int] rotation_window: The maximum amount of time in seconds allowed to complete
|
767
|
+
:param pulumi.Input[builtins.int] rotation_window: The maximum amount of time in seconds allowed to complete
|
767
768
|
a rotation when a scheduled token rotation occurs. The default rotation window is
|
768
769
|
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
|
769
|
-
:param pulumi.Input[str] schema: The LDAP schema to use when storing entry passwords. Valid schemas include `openldap`, `ad`, and `racf`. Default is `openldap`.
|
770
|
-
:param pulumi.Input[bool] seal_wrap: Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
|
771
|
-
:param pulumi.Input[bool] skip_static_role_import_rotation: If set to true, static roles will not be rotated during import.
|
770
|
+
:param pulumi.Input[builtins.str] schema: The LDAP schema to use when storing entry passwords. Valid schemas include `openldap`, `ad`, and `racf`. Default is `openldap`.
|
771
|
+
:param pulumi.Input[builtins.bool] seal_wrap: Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
|
772
|
+
:param pulumi.Input[builtins.bool] skip_static_role_import_rotation: If set to true, static roles will not be rotated during import.
|
772
773
|
Defaults to false. Requires Vault 1.16 or above.
|
773
|
-
:param pulumi.Input[bool] starttls: Issue a StartTLS command after establishing unencrypted connection.
|
774
|
-
:param pulumi.Input[str] upndomain: Enables userPrincipalDomain login with [username]@UPNDomain.
|
775
|
-
:param pulumi.Input[str] url: LDAP URL to connect to. Multiple URLs can be specified by concatenating
|
774
|
+
:param pulumi.Input[builtins.bool] starttls: Issue a StartTLS command after establishing unencrypted connection.
|
775
|
+
:param pulumi.Input[builtins.str] upndomain: Enables userPrincipalDomain login with [username]@UPNDomain.
|
776
|
+
:param pulumi.Input[builtins.str] url: LDAP URL to connect to. Multiple URLs can be specified by concatenating
|
776
777
|
them with commas; they will be tried in-order. Defaults to `ldap://127.0.0.1`.
|
777
|
-
:param pulumi.Input[str] userattr: Attribute used when searching users. Defaults to `cn`.
|
778
|
-
:param pulumi.Input[str] userdn: LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.
|
778
|
+
:param pulumi.Input[builtins.str] userattr: Attribute used when searching users. Defaults to `cn`.
|
779
|
+
:param pulumi.Input[builtins.str] userdn: LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.
|
779
780
|
"""
|
780
781
|
if accessor is not None:
|
781
782
|
pulumi.set(__self__, "accessor", accessor)
|
@@ -860,91 +861,91 @@ class _SecretBackendState:
|
|
860
861
|
|
861
862
|
@property
|
862
863
|
@pulumi.getter
|
863
|
-
def accessor(self) -> Optional[pulumi.Input[str]]:
|
864
|
+
def accessor(self) -> Optional[pulumi.Input[builtins.str]]:
|
864
865
|
"""
|
865
866
|
Accessor of the mount
|
866
867
|
"""
|
867
868
|
return pulumi.get(self, "accessor")
|
868
869
|
|
869
870
|
@accessor.setter
|
870
|
-
def accessor(self, value: Optional[pulumi.Input[str]]):
|
871
|
+
def accessor(self, value: Optional[pulumi.Input[builtins.str]]):
|
871
872
|
pulumi.set(self, "accessor", value)
|
872
873
|
|
873
874
|
@property
|
874
875
|
@pulumi.getter(name="allowedManagedKeys")
|
875
|
-
def allowed_managed_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
876
|
+
def allowed_managed_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
876
877
|
"""
|
877
878
|
List of managed key registry entry names that the mount in question is allowed to access
|
878
879
|
"""
|
879
880
|
return pulumi.get(self, "allowed_managed_keys")
|
880
881
|
|
881
882
|
@allowed_managed_keys.setter
|
882
|
-
def allowed_managed_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
883
|
+
def allowed_managed_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
883
884
|
pulumi.set(self, "allowed_managed_keys", value)
|
884
885
|
|
885
886
|
@property
|
886
887
|
@pulumi.getter(name="allowedResponseHeaders")
|
887
|
-
def allowed_response_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
888
|
+
def allowed_response_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
888
889
|
"""
|
889
890
|
List of headers to allow and pass from the request to the plugin
|
890
891
|
"""
|
891
892
|
return pulumi.get(self, "allowed_response_headers")
|
892
893
|
|
893
894
|
@allowed_response_headers.setter
|
894
|
-
def allowed_response_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
895
|
+
def allowed_response_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
895
896
|
pulumi.set(self, "allowed_response_headers", value)
|
896
897
|
|
897
898
|
@property
|
898
899
|
@pulumi.getter(name="auditNonHmacRequestKeys")
|
899
|
-
def audit_non_hmac_request_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
900
|
+
def audit_non_hmac_request_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
900
901
|
"""
|
901
902
|
Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
|
902
903
|
"""
|
903
904
|
return pulumi.get(self, "audit_non_hmac_request_keys")
|
904
905
|
|
905
906
|
@audit_non_hmac_request_keys.setter
|
906
|
-
def audit_non_hmac_request_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
907
|
+
def audit_non_hmac_request_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
907
908
|
pulumi.set(self, "audit_non_hmac_request_keys", value)
|
908
909
|
|
909
910
|
@property
|
910
911
|
@pulumi.getter(name="auditNonHmacResponseKeys")
|
911
|
-
def audit_non_hmac_response_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
912
|
+
def audit_non_hmac_response_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
912
913
|
"""
|
913
914
|
Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
|
914
915
|
"""
|
915
916
|
return pulumi.get(self, "audit_non_hmac_response_keys")
|
916
917
|
|
917
918
|
@audit_non_hmac_response_keys.setter
|
918
|
-
def audit_non_hmac_response_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
919
|
+
def audit_non_hmac_response_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
919
920
|
pulumi.set(self, "audit_non_hmac_response_keys", value)
|
920
921
|
|
921
922
|
@property
|
922
923
|
@pulumi.getter
|
923
|
-
def binddn(self) -> Optional[pulumi.Input[str]]:
|
924
|
+
def binddn(self) -> Optional[pulumi.Input[builtins.str]]:
|
924
925
|
"""
|
925
926
|
Distinguished name of object to bind when performing user and group search.
|
926
927
|
"""
|
927
928
|
return pulumi.get(self, "binddn")
|
928
929
|
|
929
930
|
@binddn.setter
|
930
|
-
def binddn(self, value: Optional[pulumi.Input[str]]):
|
931
|
+
def binddn(self, value: Optional[pulumi.Input[builtins.str]]):
|
931
932
|
pulumi.set(self, "binddn", value)
|
932
933
|
|
933
934
|
@property
|
934
935
|
@pulumi.getter
|
935
|
-
def bindpass(self) -> Optional[pulumi.Input[str]]:
|
936
|
+
def bindpass(self) -> Optional[pulumi.Input[builtins.str]]:
|
936
937
|
"""
|
937
938
|
Password to use along with binddn when performing user search.
|
938
939
|
"""
|
939
940
|
return pulumi.get(self, "bindpass")
|
940
941
|
|
941
942
|
@bindpass.setter
|
942
|
-
def bindpass(self, value: Optional[pulumi.Input[str]]):
|
943
|
+
def bindpass(self, value: Optional[pulumi.Input[builtins.str]]):
|
943
944
|
pulumi.set(self, "bindpass", value)
|
944
945
|
|
945
946
|
@property
|
946
947
|
@pulumi.getter
|
947
|
-
def certificate(self) -> Optional[pulumi.Input[str]]:
|
948
|
+
def certificate(self) -> Optional[pulumi.Input[builtins.str]]:
|
948
949
|
"""
|
949
950
|
CA certificate to use when verifying LDAP server certificate, must be
|
950
951
|
x509 PEM encoded.
|
@@ -952,36 +953,36 @@ class _SecretBackendState:
|
|
952
953
|
return pulumi.get(self, "certificate")
|
953
954
|
|
954
955
|
@certificate.setter
|
955
|
-
def certificate(self, value: Optional[pulumi.Input[str]]):
|
956
|
+
def certificate(self, value: Optional[pulumi.Input[builtins.str]]):
|
956
957
|
pulumi.set(self, "certificate", value)
|
957
958
|
|
958
959
|
@property
|
959
960
|
@pulumi.getter(name="clientTlsCert")
|
960
|
-
def client_tls_cert(self) -> Optional[pulumi.Input[str]]:
|
961
|
+
def client_tls_cert(self) -> Optional[pulumi.Input[builtins.str]]:
|
961
962
|
"""
|
962
963
|
Client certificate to provide to the LDAP server, must be x509 PEM encoded.
|
963
964
|
"""
|
964
965
|
return pulumi.get(self, "client_tls_cert")
|
965
966
|
|
966
967
|
@client_tls_cert.setter
|
967
|
-
def client_tls_cert(self, value: Optional[pulumi.Input[str]]):
|
968
|
+
def client_tls_cert(self, value: Optional[pulumi.Input[builtins.str]]):
|
968
969
|
pulumi.set(self, "client_tls_cert", value)
|
969
970
|
|
970
971
|
@property
|
971
972
|
@pulumi.getter(name="clientTlsKey")
|
972
|
-
def client_tls_key(self) -> Optional[pulumi.Input[str]]:
|
973
|
+
def client_tls_key(self) -> Optional[pulumi.Input[builtins.str]]:
|
973
974
|
"""
|
974
975
|
Client certificate key to provide to the LDAP server, must be x509 PEM encoded.
|
975
976
|
"""
|
976
977
|
return pulumi.get(self, "client_tls_key")
|
977
978
|
|
978
979
|
@client_tls_key.setter
|
979
|
-
def client_tls_key(self, value: Optional[pulumi.Input[str]]):
|
980
|
+
def client_tls_key(self, value: Optional[pulumi.Input[builtins.str]]):
|
980
981
|
pulumi.set(self, "client_tls_key", value)
|
981
982
|
|
982
983
|
@property
|
983
984
|
@pulumi.getter(name="connectionTimeout")
|
984
|
-
def connection_timeout(self) -> Optional[pulumi.Input[int]]:
|
985
|
+
def connection_timeout(self) -> Optional[pulumi.Input[builtins.int]]:
|
985
986
|
"""
|
986
987
|
Timeout, in seconds, when attempting to connect to the LDAP server before trying
|
987
988
|
the next URL in the configuration.
|
@@ -989,96 +990,96 @@ class _SecretBackendState:
|
|
989
990
|
return pulumi.get(self, "connection_timeout")
|
990
991
|
|
991
992
|
@connection_timeout.setter
|
992
|
-
def connection_timeout(self, value: Optional[pulumi.Input[int]]):
|
993
|
+
def connection_timeout(self, value: Optional[pulumi.Input[builtins.int]]):
|
993
994
|
pulumi.set(self, "connection_timeout", value)
|
994
995
|
|
995
996
|
@property
|
996
997
|
@pulumi.getter(name="defaultLeaseTtlSeconds")
|
997
|
-
def default_lease_ttl_seconds(self) -> Optional[pulumi.Input[int]]:
|
998
|
+
def default_lease_ttl_seconds(self) -> Optional[pulumi.Input[builtins.int]]:
|
998
999
|
"""
|
999
1000
|
Default lease duration for secrets in seconds.
|
1000
1001
|
"""
|
1001
1002
|
return pulumi.get(self, "default_lease_ttl_seconds")
|
1002
1003
|
|
1003
1004
|
@default_lease_ttl_seconds.setter
|
1004
|
-
def default_lease_ttl_seconds(self, value: Optional[pulumi.Input[int]]):
|
1005
|
+
def default_lease_ttl_seconds(self, value: Optional[pulumi.Input[builtins.int]]):
|
1005
1006
|
pulumi.set(self, "default_lease_ttl_seconds", value)
|
1006
1007
|
|
1007
1008
|
@property
|
1008
1009
|
@pulumi.getter(name="delegatedAuthAccessors")
|
1009
|
-
def delegated_auth_accessors(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
1010
|
+
def delegated_auth_accessors(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
1010
1011
|
"""
|
1011
1012
|
List of headers to allow and pass from the request to the plugin
|
1012
1013
|
"""
|
1013
1014
|
return pulumi.get(self, "delegated_auth_accessors")
|
1014
1015
|
|
1015
1016
|
@delegated_auth_accessors.setter
|
1016
|
-
def delegated_auth_accessors(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
1017
|
+
def delegated_auth_accessors(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
1017
1018
|
pulumi.set(self, "delegated_auth_accessors", value)
|
1018
1019
|
|
1019
1020
|
@property
|
1020
1021
|
@pulumi.getter
|
1021
|
-
def description(self) -> Optional[pulumi.Input[str]]:
|
1022
|
+
def description(self) -> Optional[pulumi.Input[builtins.str]]:
|
1022
1023
|
"""
|
1023
1024
|
Human-friendly description of the mount for the Active Directory backend.
|
1024
1025
|
"""
|
1025
1026
|
return pulumi.get(self, "description")
|
1026
1027
|
|
1027
1028
|
@description.setter
|
1028
|
-
def description(self, value: Optional[pulumi.Input[str]]):
|
1029
|
+
def description(self, value: Optional[pulumi.Input[builtins.str]]):
|
1029
1030
|
pulumi.set(self, "description", value)
|
1030
1031
|
|
1031
1032
|
@property
|
1032
1033
|
@pulumi.getter(name="disableAutomatedRotation")
|
1033
|
-
def disable_automated_rotation(self) -> Optional[pulumi.Input[bool]]:
|
1034
|
+
def disable_automated_rotation(self) -> Optional[pulumi.Input[builtins.bool]]:
|
1034
1035
|
"""
|
1035
1036
|
Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
1036
1037
|
"""
|
1037
1038
|
return pulumi.get(self, "disable_automated_rotation")
|
1038
1039
|
|
1039
1040
|
@disable_automated_rotation.setter
|
1040
|
-
def disable_automated_rotation(self, value: Optional[pulumi.Input[bool]]):
|
1041
|
+
def disable_automated_rotation(self, value: Optional[pulumi.Input[builtins.bool]]):
|
1041
1042
|
pulumi.set(self, "disable_automated_rotation", value)
|
1042
1043
|
|
1043
1044
|
@property
|
1044
1045
|
@pulumi.getter(name="disableRemount")
|
1045
|
-
def disable_remount(self) -> Optional[pulumi.Input[bool]]:
|
1046
|
+
def disable_remount(self) -> Optional[pulumi.Input[builtins.bool]]:
|
1046
1047
|
"""
|
1047
1048
|
If set, opts out of mount migration on path updates.
|
1048
1049
|
"""
|
1049
1050
|
return pulumi.get(self, "disable_remount")
|
1050
1051
|
|
1051
1052
|
@disable_remount.setter
|
1052
|
-
def disable_remount(self, value: Optional[pulumi.Input[bool]]):
|
1053
|
+
def disable_remount(self, value: Optional[pulumi.Input[builtins.bool]]):
|
1053
1054
|
pulumi.set(self, "disable_remount", value)
|
1054
1055
|
|
1055
1056
|
@property
|
1056
1057
|
@pulumi.getter(name="externalEntropyAccess")
|
1057
|
-
def external_entropy_access(self) -> Optional[pulumi.Input[bool]]:
|
1058
|
+
def external_entropy_access(self) -> Optional[pulumi.Input[builtins.bool]]:
|
1058
1059
|
"""
|
1059
1060
|
Enable the secrets engine to access Vault's external entropy source
|
1060
1061
|
"""
|
1061
1062
|
return pulumi.get(self, "external_entropy_access")
|
1062
1063
|
|
1063
1064
|
@external_entropy_access.setter
|
1064
|
-
def external_entropy_access(self, value: Optional[pulumi.Input[bool]]):
|
1065
|
+
def external_entropy_access(self, value: Optional[pulumi.Input[builtins.bool]]):
|
1065
1066
|
pulumi.set(self, "external_entropy_access", value)
|
1066
1067
|
|
1067
1068
|
@property
|
1068
1069
|
@pulumi.getter(name="identityTokenKey")
|
1069
|
-
def identity_token_key(self) -> Optional[pulumi.Input[str]]:
|
1070
|
+
def identity_token_key(self) -> Optional[pulumi.Input[builtins.str]]:
|
1070
1071
|
"""
|
1071
1072
|
The key to use for signing plugin workload identity tokens
|
1072
1073
|
"""
|
1073
1074
|
return pulumi.get(self, "identity_token_key")
|
1074
1075
|
|
1075
1076
|
@identity_token_key.setter
|
1076
|
-
def identity_token_key(self, value: Optional[pulumi.Input[str]]):
|
1077
|
+
def identity_token_key(self, value: Optional[pulumi.Input[builtins.str]]):
|
1077
1078
|
pulumi.set(self, "identity_token_key", value)
|
1078
1079
|
|
1079
1080
|
@property
|
1080
1081
|
@pulumi.getter(name="insecureTls")
|
1081
|
-
def insecure_tls(self) -> Optional[pulumi.Input[bool]]:
|
1082
|
+
def insecure_tls(self) -> Optional[pulumi.Input[builtins.bool]]:
|
1082
1083
|
"""
|
1083
1084
|
Skip LDAP server SSL Certificate verification. This is not recommended for production.
|
1084
1085
|
Defaults to `false`.
|
@@ -1086,24 +1087,24 @@ class _SecretBackendState:
|
|
1086
1087
|
return pulumi.get(self, "insecure_tls")
|
1087
1088
|
|
1088
1089
|
@insecure_tls.setter
|
1089
|
-
def insecure_tls(self, value: Optional[pulumi.Input[bool]]):
|
1090
|
+
def insecure_tls(self, value: Optional[pulumi.Input[builtins.bool]]):
|
1090
1091
|
pulumi.set(self, "insecure_tls", value)
|
1091
1092
|
|
1092
1093
|
@property
|
1093
1094
|
@pulumi.getter(name="listingVisibility")
|
1094
|
-
def listing_visibility(self) -> Optional[pulumi.Input[str]]:
|
1095
|
+
def listing_visibility(self) -> Optional[pulumi.Input[builtins.str]]:
|
1095
1096
|
"""
|
1096
1097
|
Specifies whether to show this mount in the UI-specific listing endpoint
|
1097
1098
|
"""
|
1098
1099
|
return pulumi.get(self, "listing_visibility")
|
1099
1100
|
|
1100
1101
|
@listing_visibility.setter
|
1101
|
-
def listing_visibility(self, value: Optional[pulumi.Input[str]]):
|
1102
|
+
def listing_visibility(self, value: Optional[pulumi.Input[builtins.str]]):
|
1102
1103
|
pulumi.set(self, "listing_visibility", value)
|
1103
1104
|
|
1104
1105
|
@property
|
1105
1106
|
@pulumi.getter
|
1106
|
-
def local(self) -> Optional[pulumi.Input[bool]]:
|
1107
|
+
def local(self) -> Optional[pulumi.Input[builtins.bool]]:
|
1107
1108
|
"""
|
1108
1109
|
Mark the secrets engine as local-only. Local engines are not replicated or removed by
|
1109
1110
|
replication.Tolerance duration to use when checking the last rotation time.
|
@@ -1111,24 +1112,24 @@ class _SecretBackendState:
|
|
1111
1112
|
return pulumi.get(self, "local")
|
1112
1113
|
|
1113
1114
|
@local.setter
|
1114
|
-
def local(self, value: Optional[pulumi.Input[bool]]):
|
1115
|
+
def local(self, value: Optional[pulumi.Input[builtins.bool]]):
|
1115
1116
|
pulumi.set(self, "local", value)
|
1116
1117
|
|
1117
1118
|
@property
|
1118
1119
|
@pulumi.getter(name="maxLeaseTtlSeconds")
|
1119
|
-
def max_lease_ttl_seconds(self) -> Optional[pulumi.Input[int]]:
|
1120
|
+
def max_lease_ttl_seconds(self) -> Optional[pulumi.Input[builtins.int]]:
|
1120
1121
|
"""
|
1121
1122
|
Maximum possible lease duration for secrets in seconds.
|
1122
1123
|
"""
|
1123
1124
|
return pulumi.get(self, "max_lease_ttl_seconds")
|
1124
1125
|
|
1125
1126
|
@max_lease_ttl_seconds.setter
|
1126
|
-
def max_lease_ttl_seconds(self, value: Optional[pulumi.Input[int]]):
|
1127
|
+
def max_lease_ttl_seconds(self, value: Optional[pulumi.Input[builtins.int]]):
|
1127
1128
|
pulumi.set(self, "max_lease_ttl_seconds", value)
|
1128
1129
|
|
1129
1130
|
@property
|
1130
1131
|
@pulumi.getter
|
1131
|
-
def namespace(self) -> Optional[pulumi.Input[str]]:
|
1132
|
+
def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
|
1132
1133
|
"""
|
1133
1134
|
The namespace to provision the resource in.
|
1134
1135
|
The value should not contain leading or trailing forward slashes.
|
@@ -1138,48 +1139,48 @@ class _SecretBackendState:
|
|
1138
1139
|
return pulumi.get(self, "namespace")
|
1139
1140
|
|
1140
1141
|
@namespace.setter
|
1141
|
-
def namespace(self, value: Optional[pulumi.Input[str]]):
|
1142
|
+
def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
|
1142
1143
|
pulumi.set(self, "namespace", value)
|
1143
1144
|
|
1144
1145
|
@property
|
1145
1146
|
@pulumi.getter
|
1146
|
-
def options(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
|
1147
|
+
def options(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]:
|
1147
1148
|
"""
|
1148
1149
|
Specifies mount type specific options that are passed to the backend
|
1149
1150
|
"""
|
1150
1151
|
return pulumi.get(self, "options")
|
1151
1152
|
|
1152
1153
|
@options.setter
|
1153
|
-
def options(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
|
1154
|
+
def options(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]):
|
1154
1155
|
pulumi.set(self, "options", value)
|
1155
1156
|
|
1156
1157
|
@property
|
1157
1158
|
@pulumi.getter(name="passthroughRequestHeaders")
|
1158
|
-
def passthrough_request_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
1159
|
+
def passthrough_request_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
1159
1160
|
"""
|
1160
1161
|
List of headers to allow and pass from the request to the plugin
|
1161
1162
|
"""
|
1162
1163
|
return pulumi.get(self, "passthrough_request_headers")
|
1163
1164
|
|
1164
1165
|
@passthrough_request_headers.setter
|
1165
|
-
def passthrough_request_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
1166
|
+
def passthrough_request_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
1166
1167
|
pulumi.set(self, "passthrough_request_headers", value)
|
1167
1168
|
|
1168
1169
|
@property
|
1169
1170
|
@pulumi.getter(name="passwordPolicy")
|
1170
|
-
def password_policy(self) -> Optional[pulumi.Input[str]]:
|
1171
|
+
def password_policy(self) -> Optional[pulumi.Input[builtins.str]]:
|
1171
1172
|
"""
|
1172
1173
|
Name of the password policy to use to generate passwords.
|
1173
1174
|
"""
|
1174
1175
|
return pulumi.get(self, "password_policy")
|
1175
1176
|
|
1176
1177
|
@password_policy.setter
|
1177
|
-
def password_policy(self, value: Optional[pulumi.Input[str]]):
|
1178
|
+
def password_policy(self, value: Optional[pulumi.Input[builtins.str]]):
|
1178
1179
|
pulumi.set(self, "password_policy", value)
|
1179
1180
|
|
1180
1181
|
@property
|
1181
1182
|
@pulumi.getter
|
1182
|
-
def path(self) -> Optional[pulumi.Input[str]]:
|
1183
|
+
def path(self) -> Optional[pulumi.Input[builtins.str]]:
|
1183
1184
|
"""
|
1184
1185
|
The unique path this backend should be mounted at. Must
|
1185
1186
|
not begin or end with a `/`. Defaults to `ldap`.
|
@@ -1187,24 +1188,24 @@ class _SecretBackendState:
|
|
1187
1188
|
return pulumi.get(self, "path")
|
1188
1189
|
|
1189
1190
|
@path.setter
|
1190
|
-
def path(self, value: Optional[pulumi.Input[str]]):
|
1191
|
+
def path(self, value: Optional[pulumi.Input[builtins.str]]):
|
1191
1192
|
pulumi.set(self, "path", value)
|
1192
1193
|
|
1193
1194
|
@property
|
1194
1195
|
@pulumi.getter(name="pluginVersion")
|
1195
|
-
def plugin_version(self) -> Optional[pulumi.Input[str]]:
|
1196
|
+
def plugin_version(self) -> Optional[pulumi.Input[builtins.str]]:
|
1196
1197
|
"""
|
1197
1198
|
Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
|
1198
1199
|
"""
|
1199
1200
|
return pulumi.get(self, "plugin_version")
|
1200
1201
|
|
1201
1202
|
@plugin_version.setter
|
1202
|
-
def plugin_version(self, value: Optional[pulumi.Input[str]]):
|
1203
|
+
def plugin_version(self, value: Optional[pulumi.Input[builtins.str]]):
|
1203
1204
|
pulumi.set(self, "plugin_version", value)
|
1204
1205
|
|
1205
1206
|
@property
|
1206
1207
|
@pulumi.getter(name="requestTimeout")
|
1207
|
-
def request_timeout(self) -> Optional[pulumi.Input[int]]:
|
1208
|
+
def request_timeout(self) -> Optional[pulumi.Input[builtins.int]]:
|
1208
1209
|
"""
|
1209
1210
|
Timeout, in seconds, for the connection when making requests against the server
|
1210
1211
|
before returning back an error.
|
@@ -1212,12 +1213,12 @@ class _SecretBackendState:
|
|
1212
1213
|
return pulumi.get(self, "request_timeout")
|
1213
1214
|
|
1214
1215
|
@request_timeout.setter
|
1215
|
-
def request_timeout(self, value: Optional[pulumi.Input[int]]):
|
1216
|
+
def request_timeout(self, value: Optional[pulumi.Input[builtins.int]]):
|
1216
1217
|
pulumi.set(self, "request_timeout", value)
|
1217
1218
|
|
1218
1219
|
@property
|
1219
1220
|
@pulumi.getter(name="rotationPeriod")
|
1220
|
-
def rotation_period(self) -> Optional[pulumi.Input[int]]:
|
1221
|
+
def rotation_period(self) -> Optional[pulumi.Input[builtins.int]]:
|
1221
1222
|
"""
|
1222
1223
|
The amount of time in seconds Vault should wait before rotating the root credential.
|
1223
1224
|
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
@@ -1225,12 +1226,12 @@ class _SecretBackendState:
|
|
1225
1226
|
return pulumi.get(self, "rotation_period")
|
1226
1227
|
|
1227
1228
|
@rotation_period.setter
|
1228
|
-
def rotation_period(self, value: Optional[pulumi.Input[int]]):
|
1229
|
+
def rotation_period(self, value: Optional[pulumi.Input[builtins.int]]):
|
1229
1230
|
pulumi.set(self, "rotation_period", value)
|
1230
1231
|
|
1231
1232
|
@property
|
1232
1233
|
@pulumi.getter(name="rotationSchedule")
|
1233
|
-
def rotation_schedule(self) -> Optional[pulumi.Input[str]]:
|
1234
|
+
def rotation_schedule(self) -> Optional[pulumi.Input[builtins.str]]:
|
1234
1235
|
"""
|
1235
1236
|
The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
1236
1237
|
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
@@ -1238,12 +1239,12 @@ class _SecretBackendState:
|
|
1238
1239
|
return pulumi.get(self, "rotation_schedule")
|
1239
1240
|
|
1240
1241
|
@rotation_schedule.setter
|
1241
|
-
def rotation_schedule(self, value: Optional[pulumi.Input[str]]):
|
1242
|
+
def rotation_schedule(self, value: Optional[pulumi.Input[builtins.str]]):
|
1242
1243
|
pulumi.set(self, "rotation_schedule", value)
|
1243
1244
|
|
1244
1245
|
@property
|
1245
1246
|
@pulumi.getter(name="rotationWindow")
|
1246
|
-
def rotation_window(self) -> Optional[pulumi.Input[int]]:
|
1247
|
+
def rotation_window(self) -> Optional[pulumi.Input[builtins.int]]:
|
1247
1248
|
"""
|
1248
1249
|
The maximum amount of time in seconds allowed to complete
|
1249
1250
|
a rotation when a scheduled token rotation occurs. The default rotation window is
|
@@ -1252,36 +1253,36 @@ class _SecretBackendState:
|
|
1252
1253
|
return pulumi.get(self, "rotation_window")
|
1253
1254
|
|
1254
1255
|
@rotation_window.setter
|
1255
|
-
def rotation_window(self, value: Optional[pulumi.Input[int]]):
|
1256
|
+
def rotation_window(self, value: Optional[pulumi.Input[builtins.int]]):
|
1256
1257
|
pulumi.set(self, "rotation_window", value)
|
1257
1258
|
|
1258
1259
|
@property
|
1259
1260
|
@pulumi.getter
|
1260
|
-
def schema(self) -> Optional[pulumi.Input[str]]:
|
1261
|
+
def schema(self) -> Optional[pulumi.Input[builtins.str]]:
|
1261
1262
|
"""
|
1262
1263
|
The LDAP schema to use when storing entry passwords. Valid schemas include `openldap`, `ad`, and `racf`. Default is `openldap`.
|
1263
1264
|
"""
|
1264
1265
|
return pulumi.get(self, "schema")
|
1265
1266
|
|
1266
1267
|
@schema.setter
|
1267
|
-
def schema(self, value: Optional[pulumi.Input[str]]):
|
1268
|
+
def schema(self, value: Optional[pulumi.Input[builtins.str]]):
|
1268
1269
|
pulumi.set(self, "schema", value)
|
1269
1270
|
|
1270
1271
|
@property
|
1271
1272
|
@pulumi.getter(name="sealWrap")
|
1272
|
-
def seal_wrap(self) -> Optional[pulumi.Input[bool]]:
|
1273
|
+
def seal_wrap(self) -> Optional[pulumi.Input[builtins.bool]]:
|
1273
1274
|
"""
|
1274
1275
|
Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
|
1275
1276
|
"""
|
1276
1277
|
return pulumi.get(self, "seal_wrap")
|
1277
1278
|
|
1278
1279
|
@seal_wrap.setter
|
1279
|
-
def seal_wrap(self, value: Optional[pulumi.Input[bool]]):
|
1280
|
+
def seal_wrap(self, value: Optional[pulumi.Input[builtins.bool]]):
|
1280
1281
|
pulumi.set(self, "seal_wrap", value)
|
1281
1282
|
|
1282
1283
|
@property
|
1283
1284
|
@pulumi.getter(name="skipStaticRoleImportRotation")
|
1284
|
-
def skip_static_role_import_rotation(self) -> Optional[pulumi.Input[bool]]:
|
1285
|
+
def skip_static_role_import_rotation(self) -> Optional[pulumi.Input[builtins.bool]]:
|
1285
1286
|
"""
|
1286
1287
|
If set to true, static roles will not be rotated during import.
|
1287
1288
|
Defaults to false. Requires Vault 1.16 or above.
|
@@ -1289,36 +1290,36 @@ class _SecretBackendState:
|
|
1289
1290
|
return pulumi.get(self, "skip_static_role_import_rotation")
|
1290
1291
|
|
1291
1292
|
@skip_static_role_import_rotation.setter
|
1292
|
-
def skip_static_role_import_rotation(self, value: Optional[pulumi.Input[bool]]):
|
1293
|
+
def skip_static_role_import_rotation(self, value: Optional[pulumi.Input[builtins.bool]]):
|
1293
1294
|
pulumi.set(self, "skip_static_role_import_rotation", value)
|
1294
1295
|
|
1295
1296
|
@property
|
1296
1297
|
@pulumi.getter
|
1297
|
-
def starttls(self) -> Optional[pulumi.Input[bool]]:
|
1298
|
+
def starttls(self) -> Optional[pulumi.Input[builtins.bool]]:
|
1298
1299
|
"""
|
1299
1300
|
Issue a StartTLS command after establishing unencrypted connection.
|
1300
1301
|
"""
|
1301
1302
|
return pulumi.get(self, "starttls")
|
1302
1303
|
|
1303
1304
|
@starttls.setter
|
1304
|
-
def starttls(self, value: Optional[pulumi.Input[bool]]):
|
1305
|
+
def starttls(self, value: Optional[pulumi.Input[builtins.bool]]):
|
1305
1306
|
pulumi.set(self, "starttls", value)
|
1306
1307
|
|
1307
1308
|
@property
|
1308
1309
|
@pulumi.getter
|
1309
|
-
def upndomain(self) -> Optional[pulumi.Input[str]]:
|
1310
|
+
def upndomain(self) -> Optional[pulumi.Input[builtins.str]]:
|
1310
1311
|
"""
|
1311
1312
|
Enables userPrincipalDomain login with [username]@UPNDomain.
|
1312
1313
|
"""
|
1313
1314
|
return pulumi.get(self, "upndomain")
|
1314
1315
|
|
1315
1316
|
@upndomain.setter
|
1316
|
-
def upndomain(self, value: Optional[pulumi.Input[str]]):
|
1317
|
+
def upndomain(self, value: Optional[pulumi.Input[builtins.str]]):
|
1317
1318
|
pulumi.set(self, "upndomain", value)
|
1318
1319
|
|
1319
1320
|
@property
|
1320
1321
|
@pulumi.getter
|
1321
|
-
def url(self) -> Optional[pulumi.Input[str]]:
|
1322
|
+
def url(self) -> Optional[pulumi.Input[builtins.str]]:
|
1322
1323
|
"""
|
1323
1324
|
LDAP URL to connect to. Multiple URLs can be specified by concatenating
|
1324
1325
|
them with commas; they will be tried in-order. Defaults to `ldap://127.0.0.1`.
|
@@ -1326,31 +1327,31 @@ class _SecretBackendState:
|
|
1326
1327
|
return pulumi.get(self, "url")
|
1327
1328
|
|
1328
1329
|
@url.setter
|
1329
|
-
def url(self, value: Optional[pulumi.Input[str]]):
|
1330
|
+
def url(self, value: Optional[pulumi.Input[builtins.str]]):
|
1330
1331
|
pulumi.set(self, "url", value)
|
1331
1332
|
|
1332
1333
|
@property
|
1333
1334
|
@pulumi.getter
|
1334
|
-
def userattr(self) -> Optional[pulumi.Input[str]]:
|
1335
|
+
def userattr(self) -> Optional[pulumi.Input[builtins.str]]:
|
1335
1336
|
"""
|
1336
1337
|
Attribute used when searching users. Defaults to `cn`.
|
1337
1338
|
"""
|
1338
1339
|
return pulumi.get(self, "userattr")
|
1339
1340
|
|
1340
1341
|
@userattr.setter
|
1341
|
-
def userattr(self, value: Optional[pulumi.Input[str]]):
|
1342
|
+
def userattr(self, value: Optional[pulumi.Input[builtins.str]]):
|
1342
1343
|
pulumi.set(self, "userattr", value)
|
1343
1344
|
|
1344
1345
|
@property
|
1345
1346
|
@pulumi.getter
|
1346
|
-
def userdn(self) -> Optional[pulumi.Input[str]]:
|
1347
|
+
def userdn(self) -> Optional[pulumi.Input[builtins.str]]:
|
1347
1348
|
"""
|
1348
1349
|
LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.
|
1349
1350
|
"""
|
1350
1351
|
return pulumi.get(self, "userdn")
|
1351
1352
|
|
1352
1353
|
@userdn.setter
|
1353
|
-
def userdn(self, value: Optional[pulumi.Input[str]]):
|
1354
|
+
def userdn(self, value: Optional[pulumi.Input[builtins.str]]):
|
1354
1355
|
pulumi.set(self, "userdn", value)
|
1355
1356
|
|
1356
1357
|
|
@@ -1359,45 +1360,45 @@ class SecretBackend(pulumi.CustomResource):
|
|
1359
1360
|
def __init__(__self__,
|
1360
1361
|
resource_name: str,
|
1361
1362
|
opts: Optional[pulumi.ResourceOptions] = None,
|
1362
|
-
allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1363
|
-
allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1364
|
-
audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1365
|
-
audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1366
|
-
binddn: Optional[pulumi.Input[str]] = None,
|
1367
|
-
bindpass: Optional[pulumi.Input[str]] = None,
|
1368
|
-
certificate: Optional[pulumi.Input[str]] = None,
|
1369
|
-
client_tls_cert: Optional[pulumi.Input[str]] = None,
|
1370
|
-
client_tls_key: Optional[pulumi.Input[str]] = None,
|
1371
|
-
connection_timeout: Optional[pulumi.Input[int]] = None,
|
1372
|
-
default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
1373
|
-
delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1374
|
-
description: Optional[pulumi.Input[str]] = None,
|
1375
|
-
disable_automated_rotation: Optional[pulumi.Input[bool]] = None,
|
1376
|
-
disable_remount: Optional[pulumi.Input[bool]] = None,
|
1377
|
-
external_entropy_access: Optional[pulumi.Input[bool]] = None,
|
1378
|
-
identity_token_key: Optional[pulumi.Input[str]] = None,
|
1379
|
-
insecure_tls: Optional[pulumi.Input[bool]] = None,
|
1380
|
-
listing_visibility: Optional[pulumi.Input[str]] = None,
|
1381
|
-
local: Optional[pulumi.Input[bool]] = None,
|
1382
|
-
max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
1383
|
-
namespace: Optional[pulumi.Input[str]] = None,
|
1384
|
-
options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
1385
|
-
passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1386
|
-
password_policy: Optional[pulumi.Input[str]] = None,
|
1387
|
-
path: Optional[pulumi.Input[str]] = None,
|
1388
|
-
plugin_version: Optional[pulumi.Input[str]] = None,
|
1389
|
-
request_timeout: Optional[pulumi.Input[int]] = None,
|
1390
|
-
rotation_period: Optional[pulumi.Input[int]] = None,
|
1391
|
-
rotation_schedule: Optional[pulumi.Input[str]] = None,
|
1392
|
-
rotation_window: Optional[pulumi.Input[int]] = None,
|
1393
|
-
schema: Optional[pulumi.Input[str]] = None,
|
1394
|
-
seal_wrap: Optional[pulumi.Input[bool]] = None,
|
1395
|
-
skip_static_role_import_rotation: Optional[pulumi.Input[bool]] = None,
|
1396
|
-
starttls: Optional[pulumi.Input[bool]] = None,
|
1397
|
-
upndomain: Optional[pulumi.Input[str]] = None,
|
1398
|
-
url: Optional[pulumi.Input[str]] = None,
|
1399
|
-
userattr: Optional[pulumi.Input[str]] = None,
|
1400
|
-
userdn: Optional[pulumi.Input[str]] = None,
|
1363
|
+
allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1364
|
+
allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1365
|
+
audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1366
|
+
audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1367
|
+
binddn: Optional[pulumi.Input[builtins.str]] = None,
|
1368
|
+
bindpass: Optional[pulumi.Input[builtins.str]] = None,
|
1369
|
+
certificate: Optional[pulumi.Input[builtins.str]] = None,
|
1370
|
+
client_tls_cert: Optional[pulumi.Input[builtins.str]] = None,
|
1371
|
+
client_tls_key: Optional[pulumi.Input[builtins.str]] = None,
|
1372
|
+
connection_timeout: Optional[pulumi.Input[builtins.int]] = None,
|
1373
|
+
default_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
|
1374
|
+
delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1375
|
+
description: Optional[pulumi.Input[builtins.str]] = None,
|
1376
|
+
disable_automated_rotation: Optional[pulumi.Input[builtins.bool]] = None,
|
1377
|
+
disable_remount: Optional[pulumi.Input[builtins.bool]] = None,
|
1378
|
+
external_entropy_access: Optional[pulumi.Input[builtins.bool]] = None,
|
1379
|
+
identity_token_key: Optional[pulumi.Input[builtins.str]] = None,
|
1380
|
+
insecure_tls: Optional[pulumi.Input[builtins.bool]] = None,
|
1381
|
+
listing_visibility: Optional[pulumi.Input[builtins.str]] = None,
|
1382
|
+
local: Optional[pulumi.Input[builtins.bool]] = None,
|
1383
|
+
max_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
|
1384
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
1385
|
+
options: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
|
1386
|
+
passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1387
|
+
password_policy: Optional[pulumi.Input[builtins.str]] = None,
|
1388
|
+
path: Optional[pulumi.Input[builtins.str]] = None,
|
1389
|
+
plugin_version: Optional[pulumi.Input[builtins.str]] = None,
|
1390
|
+
request_timeout: Optional[pulumi.Input[builtins.int]] = None,
|
1391
|
+
rotation_period: Optional[pulumi.Input[builtins.int]] = None,
|
1392
|
+
rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
|
1393
|
+
rotation_window: Optional[pulumi.Input[builtins.int]] = None,
|
1394
|
+
schema: Optional[pulumi.Input[builtins.str]] = None,
|
1395
|
+
seal_wrap: Optional[pulumi.Input[builtins.bool]] = None,
|
1396
|
+
skip_static_role_import_rotation: Optional[pulumi.Input[builtins.bool]] = None,
|
1397
|
+
starttls: Optional[pulumi.Input[builtins.bool]] = None,
|
1398
|
+
upndomain: Optional[pulumi.Input[builtins.str]] = None,
|
1399
|
+
url: Optional[pulumi.Input[builtins.str]] = None,
|
1400
|
+
userattr: Optional[pulumi.Input[builtins.str]] = None,
|
1401
|
+
userdn: Optional[pulumi.Input[builtins.str]] = None,
|
1401
1402
|
__props__=None):
|
1402
1403
|
"""
|
1403
1404
|
## Example Usage
|
@@ -1427,60 +1428,60 @@ class SecretBackend(pulumi.CustomResource):
|
|
1427
1428
|
|
1428
1429
|
:param str resource_name: The name of the resource.
|
1429
1430
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
1430
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_managed_keys: List of managed key registry entry names that the mount in question is allowed to access
|
1431
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_response_headers: List of headers to allow and pass from the request to the plugin
|
1432
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
|
1433
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
|
1434
|
-
:param pulumi.Input[str] binddn: Distinguished name of object to bind when performing user and group search.
|
1435
|
-
:param pulumi.Input[str] bindpass: Password to use along with binddn when performing user search.
|
1436
|
-
:param pulumi.Input[str] certificate: CA certificate to use when verifying LDAP server certificate, must be
|
1431
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_managed_keys: List of managed key registry entry names that the mount in question is allowed to access
|
1432
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_response_headers: List of headers to allow and pass from the request to the plugin
|
1433
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
|
1434
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
|
1435
|
+
:param pulumi.Input[builtins.str] binddn: Distinguished name of object to bind when performing user and group search.
|
1436
|
+
:param pulumi.Input[builtins.str] bindpass: Password to use along with binddn when performing user search.
|
1437
|
+
:param pulumi.Input[builtins.str] certificate: CA certificate to use when verifying LDAP server certificate, must be
|
1437
1438
|
x509 PEM encoded.
|
1438
|
-
:param pulumi.Input[str] client_tls_cert: Client certificate to provide to the LDAP server, must be x509 PEM encoded.
|
1439
|
-
:param pulumi.Input[str] client_tls_key: Client certificate key to provide to the LDAP server, must be x509 PEM encoded.
|
1440
|
-
:param pulumi.Input[int] connection_timeout: Timeout, in seconds, when attempting to connect to the LDAP server before trying
|
1439
|
+
:param pulumi.Input[builtins.str] client_tls_cert: Client certificate to provide to the LDAP server, must be x509 PEM encoded.
|
1440
|
+
:param pulumi.Input[builtins.str] client_tls_key: Client certificate key to provide to the LDAP server, must be x509 PEM encoded.
|
1441
|
+
:param pulumi.Input[builtins.int] connection_timeout: Timeout, in seconds, when attempting to connect to the LDAP server before trying
|
1441
1442
|
the next URL in the configuration.
|
1442
|
-
:param pulumi.Input[int] default_lease_ttl_seconds: Default lease duration for secrets in seconds.
|
1443
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] delegated_auth_accessors: List of headers to allow and pass from the request to the plugin
|
1444
|
-
:param pulumi.Input[str] description: Human-friendly description of the mount for the Active Directory backend.
|
1445
|
-
:param pulumi.Input[bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
1446
|
-
:param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
|
1447
|
-
:param pulumi.Input[bool] external_entropy_access: Enable the secrets engine to access Vault's external entropy source
|
1448
|
-
:param pulumi.Input[str] identity_token_key: The key to use for signing plugin workload identity tokens
|
1449
|
-
:param pulumi.Input[bool] insecure_tls: Skip LDAP server SSL Certificate verification. This is not recommended for production.
|
1443
|
+
:param pulumi.Input[builtins.int] default_lease_ttl_seconds: Default lease duration for secrets in seconds.
|
1444
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] delegated_auth_accessors: List of headers to allow and pass from the request to the plugin
|
1445
|
+
:param pulumi.Input[builtins.str] description: Human-friendly description of the mount for the Active Directory backend.
|
1446
|
+
:param pulumi.Input[builtins.bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
1447
|
+
:param pulumi.Input[builtins.bool] disable_remount: If set, opts out of mount migration on path updates.
|
1448
|
+
:param pulumi.Input[builtins.bool] external_entropy_access: Enable the secrets engine to access Vault's external entropy source
|
1449
|
+
:param pulumi.Input[builtins.str] identity_token_key: The key to use for signing plugin workload identity tokens
|
1450
|
+
:param pulumi.Input[builtins.bool] insecure_tls: Skip LDAP server SSL Certificate verification. This is not recommended for production.
|
1450
1451
|
Defaults to `false`.
|
1451
|
-
:param pulumi.Input[str] listing_visibility: Specifies whether to show this mount in the UI-specific listing endpoint
|
1452
|
-
:param pulumi.Input[bool] local: Mark the secrets engine as local-only. Local engines are not replicated or removed by
|
1452
|
+
:param pulumi.Input[builtins.str] listing_visibility: Specifies whether to show this mount in the UI-specific listing endpoint
|
1453
|
+
:param pulumi.Input[builtins.bool] local: Mark the secrets engine as local-only. Local engines are not replicated or removed by
|
1453
1454
|
replication.Tolerance duration to use when checking the last rotation time.
|
1454
|
-
:param pulumi.Input[int] max_lease_ttl_seconds: Maximum possible lease duration for secrets in seconds.
|
1455
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
1455
|
+
:param pulumi.Input[builtins.int] max_lease_ttl_seconds: Maximum possible lease duration for secrets in seconds.
|
1456
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
1456
1457
|
The value should not contain leading or trailing forward slashes.
|
1457
1458
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
1458
1459
|
*Available only for Vault Enterprise*.
|
1459
|
-
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] options: Specifies mount type specific options that are passed to the backend
|
1460
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] passthrough_request_headers: List of headers to allow and pass from the request to the plugin
|
1461
|
-
:param pulumi.Input[str] password_policy: Name of the password policy to use to generate passwords.
|
1462
|
-
:param pulumi.Input[str] path: The unique path this backend should be mounted at. Must
|
1460
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] options: Specifies mount type specific options that are passed to the backend
|
1461
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] passthrough_request_headers: List of headers to allow and pass from the request to the plugin
|
1462
|
+
:param pulumi.Input[builtins.str] password_policy: Name of the password policy to use to generate passwords.
|
1463
|
+
:param pulumi.Input[builtins.str] path: The unique path this backend should be mounted at. Must
|
1463
1464
|
not begin or end with a `/`. Defaults to `ldap`.
|
1464
|
-
:param pulumi.Input[str] plugin_version: Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
|
1465
|
-
:param pulumi.Input[int] request_timeout: Timeout, in seconds, for the connection when making requests against the server
|
1465
|
+
:param pulumi.Input[builtins.str] plugin_version: Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
|
1466
|
+
:param pulumi.Input[builtins.int] request_timeout: Timeout, in seconds, for the connection when making requests against the server
|
1466
1467
|
before returning back an error.
|
1467
|
-
:param pulumi.Input[int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
|
1468
|
+
:param pulumi.Input[builtins.int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
|
1468
1469
|
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
1469
|
-
:param pulumi.Input[str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
1470
|
+
:param pulumi.Input[builtins.str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
1470
1471
|
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
1471
|
-
:param pulumi.Input[int] rotation_window: The maximum amount of time in seconds allowed to complete
|
1472
|
+
:param pulumi.Input[builtins.int] rotation_window: The maximum amount of time in seconds allowed to complete
|
1472
1473
|
a rotation when a scheduled token rotation occurs. The default rotation window is
|
1473
1474
|
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
|
1474
|
-
:param pulumi.Input[str] schema: The LDAP schema to use when storing entry passwords. Valid schemas include `openldap`, `ad`, and `racf`. Default is `openldap`.
|
1475
|
-
:param pulumi.Input[bool] seal_wrap: Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
|
1476
|
-
:param pulumi.Input[bool] skip_static_role_import_rotation: If set to true, static roles will not be rotated during import.
|
1475
|
+
:param pulumi.Input[builtins.str] schema: The LDAP schema to use when storing entry passwords. Valid schemas include `openldap`, `ad`, and `racf`. Default is `openldap`.
|
1476
|
+
:param pulumi.Input[builtins.bool] seal_wrap: Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
|
1477
|
+
:param pulumi.Input[builtins.bool] skip_static_role_import_rotation: If set to true, static roles will not be rotated during import.
|
1477
1478
|
Defaults to false. Requires Vault 1.16 or above.
|
1478
|
-
:param pulumi.Input[bool] starttls: Issue a StartTLS command after establishing unencrypted connection.
|
1479
|
-
:param pulumi.Input[str] upndomain: Enables userPrincipalDomain login with [username]@UPNDomain.
|
1480
|
-
:param pulumi.Input[str] url: LDAP URL to connect to. Multiple URLs can be specified by concatenating
|
1479
|
+
:param pulumi.Input[builtins.bool] starttls: Issue a StartTLS command after establishing unencrypted connection.
|
1480
|
+
:param pulumi.Input[builtins.str] upndomain: Enables userPrincipalDomain login with [username]@UPNDomain.
|
1481
|
+
:param pulumi.Input[builtins.str] url: LDAP URL to connect to. Multiple URLs can be specified by concatenating
|
1481
1482
|
them with commas; they will be tried in-order. Defaults to `ldap://127.0.0.1`.
|
1482
|
-
:param pulumi.Input[str] userattr: Attribute used when searching users. Defaults to `cn`.
|
1483
|
-
:param pulumi.Input[str] userdn: LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.
|
1483
|
+
:param pulumi.Input[builtins.str] userattr: Attribute used when searching users. Defaults to `cn`.
|
1484
|
+
:param pulumi.Input[builtins.str] userdn: LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.
|
1484
1485
|
"""
|
1485
1486
|
...
|
1486
1487
|
@overload
|
@@ -1529,45 +1530,45 @@ class SecretBackend(pulumi.CustomResource):
|
|
1529
1530
|
def _internal_init(__self__,
|
1530
1531
|
resource_name: str,
|
1531
1532
|
opts: Optional[pulumi.ResourceOptions] = None,
|
1532
|
-
allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1533
|
-
allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1534
|
-
audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1535
|
-
audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1536
|
-
binddn: Optional[pulumi.Input[str]] = None,
|
1537
|
-
bindpass: Optional[pulumi.Input[str]] = None,
|
1538
|
-
certificate: Optional[pulumi.Input[str]] = None,
|
1539
|
-
client_tls_cert: Optional[pulumi.Input[str]] = None,
|
1540
|
-
client_tls_key: Optional[pulumi.Input[str]] = None,
|
1541
|
-
connection_timeout: Optional[pulumi.Input[int]] = None,
|
1542
|
-
default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
1543
|
-
delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1544
|
-
description: Optional[pulumi.Input[str]] = None,
|
1545
|
-
disable_automated_rotation: Optional[pulumi.Input[bool]] = None,
|
1546
|
-
disable_remount: Optional[pulumi.Input[bool]] = None,
|
1547
|
-
external_entropy_access: Optional[pulumi.Input[bool]] = None,
|
1548
|
-
identity_token_key: Optional[pulumi.Input[str]] = None,
|
1549
|
-
insecure_tls: Optional[pulumi.Input[bool]] = None,
|
1550
|
-
listing_visibility: Optional[pulumi.Input[str]] = None,
|
1551
|
-
local: Optional[pulumi.Input[bool]] = None,
|
1552
|
-
max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
1553
|
-
namespace: Optional[pulumi.Input[str]] = None,
|
1554
|
-
options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
1555
|
-
passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1556
|
-
password_policy: Optional[pulumi.Input[str]] = None,
|
1557
|
-
path: Optional[pulumi.Input[str]] = None,
|
1558
|
-
plugin_version: Optional[pulumi.Input[str]] = None,
|
1559
|
-
request_timeout: Optional[pulumi.Input[int]] = None,
|
1560
|
-
rotation_period: Optional[pulumi.Input[int]] = None,
|
1561
|
-
rotation_schedule: Optional[pulumi.Input[str]] = None,
|
1562
|
-
rotation_window: Optional[pulumi.Input[int]] = None,
|
1563
|
-
schema: Optional[pulumi.Input[str]] = None,
|
1564
|
-
seal_wrap: Optional[pulumi.Input[bool]] = None,
|
1565
|
-
skip_static_role_import_rotation: Optional[pulumi.Input[bool]] = None,
|
1566
|
-
starttls: Optional[pulumi.Input[bool]] = None,
|
1567
|
-
upndomain: Optional[pulumi.Input[str]] = None,
|
1568
|
-
url: Optional[pulumi.Input[str]] = None,
|
1569
|
-
userattr: Optional[pulumi.Input[str]] = None,
|
1570
|
-
userdn: Optional[pulumi.Input[str]] = None,
|
1533
|
+
allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1534
|
+
allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1535
|
+
audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1536
|
+
audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1537
|
+
binddn: Optional[pulumi.Input[builtins.str]] = None,
|
1538
|
+
bindpass: Optional[pulumi.Input[builtins.str]] = None,
|
1539
|
+
certificate: Optional[pulumi.Input[builtins.str]] = None,
|
1540
|
+
client_tls_cert: Optional[pulumi.Input[builtins.str]] = None,
|
1541
|
+
client_tls_key: Optional[pulumi.Input[builtins.str]] = None,
|
1542
|
+
connection_timeout: Optional[pulumi.Input[builtins.int]] = None,
|
1543
|
+
default_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
|
1544
|
+
delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1545
|
+
description: Optional[pulumi.Input[builtins.str]] = None,
|
1546
|
+
disable_automated_rotation: Optional[pulumi.Input[builtins.bool]] = None,
|
1547
|
+
disable_remount: Optional[pulumi.Input[builtins.bool]] = None,
|
1548
|
+
external_entropy_access: Optional[pulumi.Input[builtins.bool]] = None,
|
1549
|
+
identity_token_key: Optional[pulumi.Input[builtins.str]] = None,
|
1550
|
+
insecure_tls: Optional[pulumi.Input[builtins.bool]] = None,
|
1551
|
+
listing_visibility: Optional[pulumi.Input[builtins.str]] = None,
|
1552
|
+
local: Optional[pulumi.Input[builtins.bool]] = None,
|
1553
|
+
max_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
|
1554
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
1555
|
+
options: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
|
1556
|
+
passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1557
|
+
password_policy: Optional[pulumi.Input[builtins.str]] = None,
|
1558
|
+
path: Optional[pulumi.Input[builtins.str]] = None,
|
1559
|
+
plugin_version: Optional[pulumi.Input[builtins.str]] = None,
|
1560
|
+
request_timeout: Optional[pulumi.Input[builtins.int]] = None,
|
1561
|
+
rotation_period: Optional[pulumi.Input[builtins.int]] = None,
|
1562
|
+
rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
|
1563
|
+
rotation_window: Optional[pulumi.Input[builtins.int]] = None,
|
1564
|
+
schema: Optional[pulumi.Input[builtins.str]] = None,
|
1565
|
+
seal_wrap: Optional[pulumi.Input[builtins.bool]] = None,
|
1566
|
+
skip_static_role_import_rotation: Optional[pulumi.Input[builtins.bool]] = None,
|
1567
|
+
starttls: Optional[pulumi.Input[builtins.bool]] = None,
|
1568
|
+
upndomain: Optional[pulumi.Input[builtins.str]] = None,
|
1569
|
+
url: Optional[pulumi.Input[builtins.str]] = None,
|
1570
|
+
userattr: Optional[pulumi.Input[builtins.str]] = None,
|
1571
|
+
userdn: Optional[pulumi.Input[builtins.str]] = None,
|
1571
1572
|
__props__=None):
|
1572
1573
|
opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
|
1573
1574
|
if not isinstance(opts, pulumi.ResourceOptions):
|
@@ -1633,46 +1634,46 @@ class SecretBackend(pulumi.CustomResource):
|
|
1633
1634
|
def get(resource_name: str,
|
1634
1635
|
id: pulumi.Input[str],
|
1635
1636
|
opts: Optional[pulumi.ResourceOptions] = None,
|
1636
|
-
accessor: Optional[pulumi.Input[str]] = None,
|
1637
|
-
allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1638
|
-
allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1639
|
-
audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1640
|
-
audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1641
|
-
binddn: Optional[pulumi.Input[str]] = None,
|
1642
|
-
bindpass: Optional[pulumi.Input[str]] = None,
|
1643
|
-
certificate: Optional[pulumi.Input[str]] = None,
|
1644
|
-
client_tls_cert: Optional[pulumi.Input[str]] = None,
|
1645
|
-
client_tls_key: Optional[pulumi.Input[str]] = None,
|
1646
|
-
connection_timeout: Optional[pulumi.Input[int]] = None,
|
1647
|
-
default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
1648
|
-
delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1649
|
-
description: Optional[pulumi.Input[str]] = None,
|
1650
|
-
disable_automated_rotation: Optional[pulumi.Input[bool]] = None,
|
1651
|
-
disable_remount: Optional[pulumi.Input[bool]] = None,
|
1652
|
-
external_entropy_access: Optional[pulumi.Input[bool]] = None,
|
1653
|
-
identity_token_key: Optional[pulumi.Input[str]] = None,
|
1654
|
-
insecure_tls: Optional[pulumi.Input[bool]] = None,
|
1655
|
-
listing_visibility: Optional[pulumi.Input[str]] = None,
|
1656
|
-
local: Optional[pulumi.Input[bool]] = None,
|
1657
|
-
max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
1658
|
-
namespace: Optional[pulumi.Input[str]] = None,
|
1659
|
-
options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
1660
|
-
passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1661
|
-
password_policy: Optional[pulumi.Input[str]] = None,
|
1662
|
-
path: Optional[pulumi.Input[str]] = None,
|
1663
|
-
plugin_version: Optional[pulumi.Input[str]] = None,
|
1664
|
-
request_timeout: Optional[pulumi.Input[int]] = None,
|
1665
|
-
rotation_period: Optional[pulumi.Input[int]] = None,
|
1666
|
-
rotation_schedule: Optional[pulumi.Input[str]] = None,
|
1667
|
-
rotation_window: Optional[pulumi.Input[int]] = None,
|
1668
|
-
schema: Optional[pulumi.Input[str]] = None,
|
1669
|
-
seal_wrap: Optional[pulumi.Input[bool]] = None,
|
1670
|
-
skip_static_role_import_rotation: Optional[pulumi.Input[bool]] = None,
|
1671
|
-
starttls: Optional[pulumi.Input[bool]] = None,
|
1672
|
-
upndomain: Optional[pulumi.Input[str]] = None,
|
1673
|
-
url: Optional[pulumi.Input[str]] = None,
|
1674
|
-
userattr: Optional[pulumi.Input[str]] = None,
|
1675
|
-
userdn: Optional[pulumi.Input[str]] = None) -> 'SecretBackend':
|
1637
|
+
accessor: Optional[pulumi.Input[builtins.str]] = None,
|
1638
|
+
allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1639
|
+
allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1640
|
+
audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1641
|
+
audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1642
|
+
binddn: Optional[pulumi.Input[builtins.str]] = None,
|
1643
|
+
bindpass: Optional[pulumi.Input[builtins.str]] = None,
|
1644
|
+
certificate: Optional[pulumi.Input[builtins.str]] = None,
|
1645
|
+
client_tls_cert: Optional[pulumi.Input[builtins.str]] = None,
|
1646
|
+
client_tls_key: Optional[pulumi.Input[builtins.str]] = None,
|
1647
|
+
connection_timeout: Optional[pulumi.Input[builtins.int]] = None,
|
1648
|
+
default_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
|
1649
|
+
delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1650
|
+
description: Optional[pulumi.Input[builtins.str]] = None,
|
1651
|
+
disable_automated_rotation: Optional[pulumi.Input[builtins.bool]] = None,
|
1652
|
+
disable_remount: Optional[pulumi.Input[builtins.bool]] = None,
|
1653
|
+
external_entropy_access: Optional[pulumi.Input[builtins.bool]] = None,
|
1654
|
+
identity_token_key: Optional[pulumi.Input[builtins.str]] = None,
|
1655
|
+
insecure_tls: Optional[pulumi.Input[builtins.bool]] = None,
|
1656
|
+
listing_visibility: Optional[pulumi.Input[builtins.str]] = None,
|
1657
|
+
local: Optional[pulumi.Input[builtins.bool]] = None,
|
1658
|
+
max_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
|
1659
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
1660
|
+
options: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
|
1661
|
+
passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1662
|
+
password_policy: Optional[pulumi.Input[builtins.str]] = None,
|
1663
|
+
path: Optional[pulumi.Input[builtins.str]] = None,
|
1664
|
+
plugin_version: Optional[pulumi.Input[builtins.str]] = None,
|
1665
|
+
request_timeout: Optional[pulumi.Input[builtins.int]] = None,
|
1666
|
+
rotation_period: Optional[pulumi.Input[builtins.int]] = None,
|
1667
|
+
rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
|
1668
|
+
rotation_window: Optional[pulumi.Input[builtins.int]] = None,
|
1669
|
+
schema: Optional[pulumi.Input[builtins.str]] = None,
|
1670
|
+
seal_wrap: Optional[pulumi.Input[builtins.bool]] = None,
|
1671
|
+
skip_static_role_import_rotation: Optional[pulumi.Input[builtins.bool]] = None,
|
1672
|
+
starttls: Optional[pulumi.Input[builtins.bool]] = None,
|
1673
|
+
upndomain: Optional[pulumi.Input[builtins.str]] = None,
|
1674
|
+
url: Optional[pulumi.Input[builtins.str]] = None,
|
1675
|
+
userattr: Optional[pulumi.Input[builtins.str]] = None,
|
1676
|
+
userdn: Optional[pulumi.Input[builtins.str]] = None) -> 'SecretBackend':
|
1676
1677
|
"""
|
1677
1678
|
Get an existing SecretBackend resource's state with the given name, id, and optional extra
|
1678
1679
|
properties used to qualify the lookup.
|
@@ -1680,61 +1681,61 @@ class SecretBackend(pulumi.CustomResource):
|
|
1680
1681
|
:param str resource_name: The unique name of the resulting resource.
|
1681
1682
|
:param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
|
1682
1683
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
1683
|
-
:param pulumi.Input[str] accessor: Accessor of the mount
|
1684
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_managed_keys: List of managed key registry entry names that the mount in question is allowed to access
|
1685
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_response_headers: List of headers to allow and pass from the request to the plugin
|
1686
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
|
1687
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
|
1688
|
-
:param pulumi.Input[str] binddn: Distinguished name of object to bind when performing user and group search.
|
1689
|
-
:param pulumi.Input[str] bindpass: Password to use along with binddn when performing user search.
|
1690
|
-
:param pulumi.Input[str] certificate: CA certificate to use when verifying LDAP server certificate, must be
|
1684
|
+
:param pulumi.Input[builtins.str] accessor: Accessor of the mount
|
1685
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_managed_keys: List of managed key registry entry names that the mount in question is allowed to access
|
1686
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_response_headers: List of headers to allow and pass from the request to the plugin
|
1687
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
|
1688
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
|
1689
|
+
:param pulumi.Input[builtins.str] binddn: Distinguished name of object to bind when performing user and group search.
|
1690
|
+
:param pulumi.Input[builtins.str] bindpass: Password to use along with binddn when performing user search.
|
1691
|
+
:param pulumi.Input[builtins.str] certificate: CA certificate to use when verifying LDAP server certificate, must be
|
1691
1692
|
x509 PEM encoded.
|
1692
|
-
:param pulumi.Input[str] client_tls_cert: Client certificate to provide to the LDAP server, must be x509 PEM encoded.
|
1693
|
-
:param pulumi.Input[str] client_tls_key: Client certificate key to provide to the LDAP server, must be x509 PEM encoded.
|
1694
|
-
:param pulumi.Input[int] connection_timeout: Timeout, in seconds, when attempting to connect to the LDAP server before trying
|
1693
|
+
:param pulumi.Input[builtins.str] client_tls_cert: Client certificate to provide to the LDAP server, must be x509 PEM encoded.
|
1694
|
+
:param pulumi.Input[builtins.str] client_tls_key: Client certificate key to provide to the LDAP server, must be x509 PEM encoded.
|
1695
|
+
:param pulumi.Input[builtins.int] connection_timeout: Timeout, in seconds, when attempting to connect to the LDAP server before trying
|
1695
1696
|
the next URL in the configuration.
|
1696
|
-
:param pulumi.Input[int] default_lease_ttl_seconds: Default lease duration for secrets in seconds.
|
1697
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] delegated_auth_accessors: List of headers to allow and pass from the request to the plugin
|
1698
|
-
:param pulumi.Input[str] description: Human-friendly description of the mount for the Active Directory backend.
|
1699
|
-
:param pulumi.Input[bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
1700
|
-
:param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
|
1701
|
-
:param pulumi.Input[bool] external_entropy_access: Enable the secrets engine to access Vault's external entropy source
|
1702
|
-
:param pulumi.Input[str] identity_token_key: The key to use for signing plugin workload identity tokens
|
1703
|
-
:param pulumi.Input[bool] insecure_tls: Skip LDAP server SSL Certificate verification. This is not recommended for production.
|
1697
|
+
:param pulumi.Input[builtins.int] default_lease_ttl_seconds: Default lease duration for secrets in seconds.
|
1698
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] delegated_auth_accessors: List of headers to allow and pass from the request to the plugin
|
1699
|
+
:param pulumi.Input[builtins.str] description: Human-friendly description of the mount for the Active Directory backend.
|
1700
|
+
:param pulumi.Input[builtins.bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
1701
|
+
:param pulumi.Input[builtins.bool] disable_remount: If set, opts out of mount migration on path updates.
|
1702
|
+
:param pulumi.Input[builtins.bool] external_entropy_access: Enable the secrets engine to access Vault's external entropy source
|
1703
|
+
:param pulumi.Input[builtins.str] identity_token_key: The key to use for signing plugin workload identity tokens
|
1704
|
+
:param pulumi.Input[builtins.bool] insecure_tls: Skip LDAP server SSL Certificate verification. This is not recommended for production.
|
1704
1705
|
Defaults to `false`.
|
1705
|
-
:param pulumi.Input[str] listing_visibility: Specifies whether to show this mount in the UI-specific listing endpoint
|
1706
|
-
:param pulumi.Input[bool] local: Mark the secrets engine as local-only. Local engines are not replicated or removed by
|
1706
|
+
:param pulumi.Input[builtins.str] listing_visibility: Specifies whether to show this mount in the UI-specific listing endpoint
|
1707
|
+
:param pulumi.Input[builtins.bool] local: Mark the secrets engine as local-only. Local engines are not replicated or removed by
|
1707
1708
|
replication.Tolerance duration to use when checking the last rotation time.
|
1708
|
-
:param pulumi.Input[int] max_lease_ttl_seconds: Maximum possible lease duration for secrets in seconds.
|
1709
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
1709
|
+
:param pulumi.Input[builtins.int] max_lease_ttl_seconds: Maximum possible lease duration for secrets in seconds.
|
1710
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
1710
1711
|
The value should not contain leading or trailing forward slashes.
|
1711
1712
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
1712
1713
|
*Available only for Vault Enterprise*.
|
1713
|
-
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] options: Specifies mount type specific options that are passed to the backend
|
1714
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] passthrough_request_headers: List of headers to allow and pass from the request to the plugin
|
1715
|
-
:param pulumi.Input[str] password_policy: Name of the password policy to use to generate passwords.
|
1716
|
-
:param pulumi.Input[str] path: The unique path this backend should be mounted at. Must
|
1714
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] options: Specifies mount type specific options that are passed to the backend
|
1715
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] passthrough_request_headers: List of headers to allow and pass from the request to the plugin
|
1716
|
+
:param pulumi.Input[builtins.str] password_policy: Name of the password policy to use to generate passwords.
|
1717
|
+
:param pulumi.Input[builtins.str] path: The unique path this backend should be mounted at. Must
|
1717
1718
|
not begin or end with a `/`. Defaults to `ldap`.
|
1718
|
-
:param pulumi.Input[str] plugin_version: Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
|
1719
|
-
:param pulumi.Input[int] request_timeout: Timeout, in seconds, for the connection when making requests against the server
|
1719
|
+
:param pulumi.Input[builtins.str] plugin_version: Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
|
1720
|
+
:param pulumi.Input[builtins.int] request_timeout: Timeout, in seconds, for the connection when making requests against the server
|
1720
1721
|
before returning back an error.
|
1721
|
-
:param pulumi.Input[int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
|
1722
|
+
:param pulumi.Input[builtins.int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
|
1722
1723
|
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
1723
|
-
:param pulumi.Input[str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
1724
|
+
:param pulumi.Input[builtins.str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
1724
1725
|
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
1725
|
-
:param pulumi.Input[int] rotation_window: The maximum amount of time in seconds allowed to complete
|
1726
|
+
:param pulumi.Input[builtins.int] rotation_window: The maximum amount of time in seconds allowed to complete
|
1726
1727
|
a rotation when a scheduled token rotation occurs. The default rotation window is
|
1727
1728
|
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
|
1728
|
-
:param pulumi.Input[str] schema: The LDAP schema to use when storing entry passwords. Valid schemas include `openldap`, `ad`, and `racf`. Default is `openldap`.
|
1729
|
-
:param pulumi.Input[bool] seal_wrap: Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
|
1730
|
-
:param pulumi.Input[bool] skip_static_role_import_rotation: If set to true, static roles will not be rotated during import.
|
1729
|
+
:param pulumi.Input[builtins.str] schema: The LDAP schema to use when storing entry passwords. Valid schemas include `openldap`, `ad`, and `racf`. Default is `openldap`.
|
1730
|
+
:param pulumi.Input[builtins.bool] seal_wrap: Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
|
1731
|
+
:param pulumi.Input[builtins.bool] skip_static_role_import_rotation: If set to true, static roles will not be rotated during import.
|
1731
1732
|
Defaults to false. Requires Vault 1.16 or above.
|
1732
|
-
:param pulumi.Input[bool] starttls: Issue a StartTLS command after establishing unencrypted connection.
|
1733
|
-
:param pulumi.Input[str] upndomain: Enables userPrincipalDomain login with [username]@UPNDomain.
|
1734
|
-
:param pulumi.Input[str] url: LDAP URL to connect to. Multiple URLs can be specified by concatenating
|
1733
|
+
:param pulumi.Input[builtins.bool] starttls: Issue a StartTLS command after establishing unencrypted connection.
|
1734
|
+
:param pulumi.Input[builtins.str] upndomain: Enables userPrincipalDomain login with [username]@UPNDomain.
|
1735
|
+
:param pulumi.Input[builtins.str] url: LDAP URL to connect to. Multiple URLs can be specified by concatenating
|
1735
1736
|
them with commas; they will be tried in-order. Defaults to `ldap://127.0.0.1`.
|
1736
|
-
:param pulumi.Input[str] userattr: Attribute used when searching users. Defaults to `cn`.
|
1737
|
-
:param pulumi.Input[str] userdn: LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.
|
1737
|
+
:param pulumi.Input[builtins.str] userattr: Attribute used when searching users. Defaults to `cn`.
|
1738
|
+
:param pulumi.Input[builtins.str] userdn: LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.
|
1738
1739
|
"""
|
1739
1740
|
opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
|
1740
1741
|
|
@@ -1784,7 +1785,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1784
1785
|
|
1785
1786
|
@property
|
1786
1787
|
@pulumi.getter
|
1787
|
-
def accessor(self) -> pulumi.Output[str]:
|
1788
|
+
def accessor(self) -> pulumi.Output[builtins.str]:
|
1788
1789
|
"""
|
1789
1790
|
Accessor of the mount
|
1790
1791
|
"""
|
@@ -1792,7 +1793,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1792
1793
|
|
1793
1794
|
@property
|
1794
1795
|
@pulumi.getter(name="allowedManagedKeys")
|
1795
|
-
def allowed_managed_keys(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
1796
|
+
def allowed_managed_keys(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
|
1796
1797
|
"""
|
1797
1798
|
List of managed key registry entry names that the mount in question is allowed to access
|
1798
1799
|
"""
|
@@ -1800,7 +1801,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1800
1801
|
|
1801
1802
|
@property
|
1802
1803
|
@pulumi.getter(name="allowedResponseHeaders")
|
1803
|
-
def allowed_response_headers(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
1804
|
+
def allowed_response_headers(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
|
1804
1805
|
"""
|
1805
1806
|
List of headers to allow and pass from the request to the plugin
|
1806
1807
|
"""
|
@@ -1808,7 +1809,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1808
1809
|
|
1809
1810
|
@property
|
1810
1811
|
@pulumi.getter(name="auditNonHmacRequestKeys")
|
1811
|
-
def audit_non_hmac_request_keys(self) -> pulumi.Output[Sequence[str]]:
|
1812
|
+
def audit_non_hmac_request_keys(self) -> pulumi.Output[Sequence[builtins.str]]:
|
1812
1813
|
"""
|
1813
1814
|
Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
|
1814
1815
|
"""
|
@@ -1816,7 +1817,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1816
1817
|
|
1817
1818
|
@property
|
1818
1819
|
@pulumi.getter(name="auditNonHmacResponseKeys")
|
1819
|
-
def audit_non_hmac_response_keys(self) -> pulumi.Output[Sequence[str]]:
|
1820
|
+
def audit_non_hmac_response_keys(self) -> pulumi.Output[Sequence[builtins.str]]:
|
1820
1821
|
"""
|
1821
1822
|
Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
|
1822
1823
|
"""
|
@@ -1824,7 +1825,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1824
1825
|
|
1825
1826
|
@property
|
1826
1827
|
@pulumi.getter
|
1827
|
-
def binddn(self) -> pulumi.Output[str]:
|
1828
|
+
def binddn(self) -> pulumi.Output[builtins.str]:
|
1828
1829
|
"""
|
1829
1830
|
Distinguished name of object to bind when performing user and group search.
|
1830
1831
|
"""
|
@@ -1832,7 +1833,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1832
1833
|
|
1833
1834
|
@property
|
1834
1835
|
@pulumi.getter
|
1835
|
-
def bindpass(self) -> pulumi.Output[str]:
|
1836
|
+
def bindpass(self) -> pulumi.Output[builtins.str]:
|
1836
1837
|
"""
|
1837
1838
|
Password to use along with binddn when performing user search.
|
1838
1839
|
"""
|
@@ -1840,7 +1841,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1840
1841
|
|
1841
1842
|
@property
|
1842
1843
|
@pulumi.getter
|
1843
|
-
def certificate(self) -> pulumi.Output[Optional[str]]:
|
1844
|
+
def certificate(self) -> pulumi.Output[Optional[builtins.str]]:
|
1844
1845
|
"""
|
1845
1846
|
CA certificate to use when verifying LDAP server certificate, must be
|
1846
1847
|
x509 PEM encoded.
|
@@ -1849,7 +1850,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1849
1850
|
|
1850
1851
|
@property
|
1851
1852
|
@pulumi.getter(name="clientTlsCert")
|
1852
|
-
def client_tls_cert(self) -> pulumi.Output[Optional[str]]:
|
1853
|
+
def client_tls_cert(self) -> pulumi.Output[Optional[builtins.str]]:
|
1853
1854
|
"""
|
1854
1855
|
Client certificate to provide to the LDAP server, must be x509 PEM encoded.
|
1855
1856
|
"""
|
@@ -1857,7 +1858,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1857
1858
|
|
1858
1859
|
@property
|
1859
1860
|
@pulumi.getter(name="clientTlsKey")
|
1860
|
-
def client_tls_key(self) -> pulumi.Output[Optional[str]]:
|
1861
|
+
def client_tls_key(self) -> pulumi.Output[Optional[builtins.str]]:
|
1861
1862
|
"""
|
1862
1863
|
Client certificate key to provide to the LDAP server, must be x509 PEM encoded.
|
1863
1864
|
"""
|
@@ -1865,7 +1866,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1865
1866
|
|
1866
1867
|
@property
|
1867
1868
|
@pulumi.getter(name="connectionTimeout")
|
1868
|
-
def connection_timeout(self) -> pulumi.Output[Optional[int]]:
|
1869
|
+
def connection_timeout(self) -> pulumi.Output[Optional[builtins.int]]:
|
1869
1870
|
"""
|
1870
1871
|
Timeout, in seconds, when attempting to connect to the LDAP server before trying
|
1871
1872
|
the next URL in the configuration.
|
@@ -1874,7 +1875,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1874
1875
|
|
1875
1876
|
@property
|
1876
1877
|
@pulumi.getter(name="defaultLeaseTtlSeconds")
|
1877
|
-
def default_lease_ttl_seconds(self) -> pulumi.Output[int]:
|
1878
|
+
def default_lease_ttl_seconds(self) -> pulumi.Output[builtins.int]:
|
1878
1879
|
"""
|
1879
1880
|
Default lease duration for secrets in seconds.
|
1880
1881
|
"""
|
@@ -1882,7 +1883,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1882
1883
|
|
1883
1884
|
@property
|
1884
1885
|
@pulumi.getter(name="delegatedAuthAccessors")
|
1885
|
-
def delegated_auth_accessors(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
1886
|
+
def delegated_auth_accessors(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
|
1886
1887
|
"""
|
1887
1888
|
List of headers to allow and pass from the request to the plugin
|
1888
1889
|
"""
|
@@ -1890,7 +1891,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1890
1891
|
|
1891
1892
|
@property
|
1892
1893
|
@pulumi.getter
|
1893
|
-
def description(self) -> pulumi.Output[Optional[str]]:
|
1894
|
+
def description(self) -> pulumi.Output[Optional[builtins.str]]:
|
1894
1895
|
"""
|
1895
1896
|
Human-friendly description of the mount for the Active Directory backend.
|
1896
1897
|
"""
|
@@ -1898,7 +1899,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1898
1899
|
|
1899
1900
|
@property
|
1900
1901
|
@pulumi.getter(name="disableAutomatedRotation")
|
1901
|
-
def disable_automated_rotation(self) -> pulumi.Output[Optional[bool]]:
|
1902
|
+
def disable_automated_rotation(self) -> pulumi.Output[Optional[builtins.bool]]:
|
1902
1903
|
"""
|
1903
1904
|
Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
1904
1905
|
"""
|
@@ -1906,7 +1907,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1906
1907
|
|
1907
1908
|
@property
|
1908
1909
|
@pulumi.getter(name="disableRemount")
|
1909
|
-
def disable_remount(self) -> pulumi.Output[Optional[bool]]:
|
1910
|
+
def disable_remount(self) -> pulumi.Output[Optional[builtins.bool]]:
|
1910
1911
|
"""
|
1911
1912
|
If set, opts out of mount migration on path updates.
|
1912
1913
|
"""
|
@@ -1914,7 +1915,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1914
1915
|
|
1915
1916
|
@property
|
1916
1917
|
@pulumi.getter(name="externalEntropyAccess")
|
1917
|
-
def external_entropy_access(self) -> pulumi.Output[Optional[bool]]:
|
1918
|
+
def external_entropy_access(self) -> pulumi.Output[Optional[builtins.bool]]:
|
1918
1919
|
"""
|
1919
1920
|
Enable the secrets engine to access Vault's external entropy source
|
1920
1921
|
"""
|
@@ -1922,7 +1923,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1922
1923
|
|
1923
1924
|
@property
|
1924
1925
|
@pulumi.getter(name="identityTokenKey")
|
1925
|
-
def identity_token_key(self) -> pulumi.Output[Optional[str]]:
|
1926
|
+
def identity_token_key(self) -> pulumi.Output[Optional[builtins.str]]:
|
1926
1927
|
"""
|
1927
1928
|
The key to use for signing plugin workload identity tokens
|
1928
1929
|
"""
|
@@ -1930,7 +1931,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1930
1931
|
|
1931
1932
|
@property
|
1932
1933
|
@pulumi.getter(name="insecureTls")
|
1933
|
-
def insecure_tls(self) -> pulumi.Output[Optional[bool]]:
|
1934
|
+
def insecure_tls(self) -> pulumi.Output[Optional[builtins.bool]]:
|
1934
1935
|
"""
|
1935
1936
|
Skip LDAP server SSL Certificate verification. This is not recommended for production.
|
1936
1937
|
Defaults to `false`.
|
@@ -1939,7 +1940,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1939
1940
|
|
1940
1941
|
@property
|
1941
1942
|
@pulumi.getter(name="listingVisibility")
|
1942
|
-
def listing_visibility(self) -> pulumi.Output[Optional[str]]:
|
1943
|
+
def listing_visibility(self) -> pulumi.Output[Optional[builtins.str]]:
|
1943
1944
|
"""
|
1944
1945
|
Specifies whether to show this mount in the UI-specific listing endpoint
|
1945
1946
|
"""
|
@@ -1947,7 +1948,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1947
1948
|
|
1948
1949
|
@property
|
1949
1950
|
@pulumi.getter
|
1950
|
-
def local(self) -> pulumi.Output[Optional[bool]]:
|
1951
|
+
def local(self) -> pulumi.Output[Optional[builtins.bool]]:
|
1951
1952
|
"""
|
1952
1953
|
Mark the secrets engine as local-only. Local engines are not replicated or removed by
|
1953
1954
|
replication.Tolerance duration to use when checking the last rotation time.
|
@@ -1956,7 +1957,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1956
1957
|
|
1957
1958
|
@property
|
1958
1959
|
@pulumi.getter(name="maxLeaseTtlSeconds")
|
1959
|
-
def max_lease_ttl_seconds(self) -> pulumi.Output[int]:
|
1960
|
+
def max_lease_ttl_seconds(self) -> pulumi.Output[builtins.int]:
|
1960
1961
|
"""
|
1961
1962
|
Maximum possible lease duration for secrets in seconds.
|
1962
1963
|
"""
|
@@ -1964,7 +1965,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1964
1965
|
|
1965
1966
|
@property
|
1966
1967
|
@pulumi.getter
|
1967
|
-
def namespace(self) -> pulumi.Output[Optional[str]]:
|
1968
|
+
def namespace(self) -> pulumi.Output[Optional[builtins.str]]:
|
1968
1969
|
"""
|
1969
1970
|
The namespace to provision the resource in.
|
1970
1971
|
The value should not contain leading or trailing forward slashes.
|
@@ -1975,7 +1976,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1975
1976
|
|
1976
1977
|
@property
|
1977
1978
|
@pulumi.getter
|
1978
|
-
def options(self) -> pulumi.Output[Optional[Mapping[str, str]]]:
|
1979
|
+
def options(self) -> pulumi.Output[Optional[Mapping[str, builtins.str]]]:
|
1979
1980
|
"""
|
1980
1981
|
Specifies mount type specific options that are passed to the backend
|
1981
1982
|
"""
|
@@ -1983,7 +1984,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1983
1984
|
|
1984
1985
|
@property
|
1985
1986
|
@pulumi.getter(name="passthroughRequestHeaders")
|
1986
|
-
def passthrough_request_headers(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
1987
|
+
def passthrough_request_headers(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
|
1987
1988
|
"""
|
1988
1989
|
List of headers to allow and pass from the request to the plugin
|
1989
1990
|
"""
|
@@ -1991,7 +1992,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1991
1992
|
|
1992
1993
|
@property
|
1993
1994
|
@pulumi.getter(name="passwordPolicy")
|
1994
|
-
def password_policy(self) -> pulumi.Output[Optional[str]]:
|
1995
|
+
def password_policy(self) -> pulumi.Output[Optional[builtins.str]]:
|
1995
1996
|
"""
|
1996
1997
|
Name of the password policy to use to generate passwords.
|
1997
1998
|
"""
|
@@ -1999,7 +2000,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1999
2000
|
|
2000
2001
|
@property
|
2001
2002
|
@pulumi.getter
|
2002
|
-
def path(self) -> pulumi.Output[Optional[str]]:
|
2003
|
+
def path(self) -> pulumi.Output[Optional[builtins.str]]:
|
2003
2004
|
"""
|
2004
2005
|
The unique path this backend should be mounted at. Must
|
2005
2006
|
not begin or end with a `/`. Defaults to `ldap`.
|
@@ -2008,7 +2009,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
2008
2009
|
|
2009
2010
|
@property
|
2010
2011
|
@pulumi.getter(name="pluginVersion")
|
2011
|
-
def plugin_version(self) -> pulumi.Output[Optional[str]]:
|
2012
|
+
def plugin_version(self) -> pulumi.Output[Optional[builtins.str]]:
|
2012
2013
|
"""
|
2013
2014
|
Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
|
2014
2015
|
"""
|
@@ -2016,7 +2017,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
2016
2017
|
|
2017
2018
|
@property
|
2018
2019
|
@pulumi.getter(name="requestTimeout")
|
2019
|
-
def request_timeout(self) -> pulumi.Output[int]:
|
2020
|
+
def request_timeout(self) -> pulumi.Output[builtins.int]:
|
2020
2021
|
"""
|
2021
2022
|
Timeout, in seconds, for the connection when making requests against the server
|
2022
2023
|
before returning back an error.
|
@@ -2025,7 +2026,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
2025
2026
|
|
2026
2027
|
@property
|
2027
2028
|
@pulumi.getter(name="rotationPeriod")
|
2028
|
-
def rotation_period(self) -> pulumi.Output[Optional[int]]:
|
2029
|
+
def rotation_period(self) -> pulumi.Output[Optional[builtins.int]]:
|
2029
2030
|
"""
|
2030
2031
|
The amount of time in seconds Vault should wait before rotating the root credential.
|
2031
2032
|
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
@@ -2034,7 +2035,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
2034
2035
|
|
2035
2036
|
@property
|
2036
2037
|
@pulumi.getter(name="rotationSchedule")
|
2037
|
-
def rotation_schedule(self) -> pulumi.Output[Optional[str]]:
|
2038
|
+
def rotation_schedule(self) -> pulumi.Output[Optional[builtins.str]]:
|
2038
2039
|
"""
|
2039
2040
|
The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
2040
2041
|
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
@@ -2043,7 +2044,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
2043
2044
|
|
2044
2045
|
@property
|
2045
2046
|
@pulumi.getter(name="rotationWindow")
|
2046
|
-
def rotation_window(self) -> pulumi.Output[Optional[int]]:
|
2047
|
+
def rotation_window(self) -> pulumi.Output[Optional[builtins.int]]:
|
2047
2048
|
"""
|
2048
2049
|
The maximum amount of time in seconds allowed to complete
|
2049
2050
|
a rotation when a scheduled token rotation occurs. The default rotation window is
|
@@ -2053,7 +2054,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
2053
2054
|
|
2054
2055
|
@property
|
2055
2056
|
@pulumi.getter
|
2056
|
-
def schema(self) -> pulumi.Output[str]:
|
2057
|
+
def schema(self) -> pulumi.Output[builtins.str]:
|
2057
2058
|
"""
|
2058
2059
|
The LDAP schema to use when storing entry passwords. Valid schemas include `openldap`, `ad`, and `racf`. Default is `openldap`.
|
2059
2060
|
"""
|
@@ -2061,7 +2062,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
2061
2062
|
|
2062
2063
|
@property
|
2063
2064
|
@pulumi.getter(name="sealWrap")
|
2064
|
-
def seal_wrap(self) -> pulumi.Output[bool]:
|
2065
|
+
def seal_wrap(self) -> pulumi.Output[builtins.bool]:
|
2065
2066
|
"""
|
2066
2067
|
Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
|
2067
2068
|
"""
|
@@ -2069,7 +2070,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
2069
2070
|
|
2070
2071
|
@property
|
2071
2072
|
@pulumi.getter(name="skipStaticRoleImportRotation")
|
2072
|
-
def skip_static_role_import_rotation(self) -> pulumi.Output[Optional[bool]]:
|
2073
|
+
def skip_static_role_import_rotation(self) -> pulumi.Output[Optional[builtins.bool]]:
|
2073
2074
|
"""
|
2074
2075
|
If set to true, static roles will not be rotated during import.
|
2075
2076
|
Defaults to false. Requires Vault 1.16 or above.
|
@@ -2078,7 +2079,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
2078
2079
|
|
2079
2080
|
@property
|
2080
2081
|
@pulumi.getter
|
2081
|
-
def starttls(self) -> pulumi.Output[bool]:
|
2082
|
+
def starttls(self) -> pulumi.Output[builtins.bool]:
|
2082
2083
|
"""
|
2083
2084
|
Issue a StartTLS command after establishing unencrypted connection.
|
2084
2085
|
"""
|
@@ -2086,7 +2087,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
2086
2087
|
|
2087
2088
|
@property
|
2088
2089
|
@pulumi.getter
|
2089
|
-
def upndomain(self) -> pulumi.Output[str]:
|
2090
|
+
def upndomain(self) -> pulumi.Output[builtins.str]:
|
2090
2091
|
"""
|
2091
2092
|
Enables userPrincipalDomain login with [username]@UPNDomain.
|
2092
2093
|
"""
|
@@ -2094,7 +2095,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
2094
2095
|
|
2095
2096
|
@property
|
2096
2097
|
@pulumi.getter
|
2097
|
-
def url(self) -> pulumi.Output[str]:
|
2098
|
+
def url(self) -> pulumi.Output[builtins.str]:
|
2098
2099
|
"""
|
2099
2100
|
LDAP URL to connect to. Multiple URLs can be specified by concatenating
|
2100
2101
|
them with commas; they will be tried in-order. Defaults to `ldap://127.0.0.1`.
|
@@ -2103,7 +2104,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
2103
2104
|
|
2104
2105
|
@property
|
2105
2106
|
@pulumi.getter
|
2106
|
-
def userattr(self) -> pulumi.Output[str]:
|
2107
|
+
def userattr(self) -> pulumi.Output[builtins.str]:
|
2107
2108
|
"""
|
2108
2109
|
Attribute used when searching users. Defaults to `cn`.
|
2109
2110
|
"""
|
@@ -2111,7 +2112,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
2111
2112
|
|
2112
2113
|
@property
|
2113
2114
|
@pulumi.getter
|
2114
|
-
def userdn(self) -> pulumi.Output[Optional[str]]:
|
2115
|
+
def userdn(self) -> pulumi.Output[Optional[builtins.str]]:
|
2115
2116
|
"""
|
2116
2117
|
LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.
|
2117
2118
|
"""
|