pulumi-vault 6.6.0a1741836364__py3-none-any.whl → 6.7.0__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +1 -0
- pulumi_vault/_inputs.py +583 -562
- pulumi_vault/ad/__init__.py +1 -0
- pulumi_vault/ad/get_access_credentials.py +20 -19
- pulumi_vault/ad/secret_backend.py +477 -476
- pulumi_vault/ad/secret_library.py +99 -98
- pulumi_vault/ad/secret_role.py +85 -84
- pulumi_vault/alicloud/__init__.py +1 -0
- pulumi_vault/alicloud/auth_backend_role.py +183 -182
- pulumi_vault/approle/__init__.py +1 -0
- pulumi_vault/approle/auth_backend_login.py +106 -105
- pulumi_vault/approle/auth_backend_role.py +239 -238
- pulumi_vault/approle/auth_backend_role_secret_id.py +162 -161
- pulumi_vault/approle/get_auth_backend_role_id.py +18 -17
- pulumi_vault/audit.py +85 -84
- pulumi_vault/audit_request_header.py +43 -42
- pulumi_vault/auth_backend.py +106 -105
- pulumi_vault/aws/__init__.py +1 -0
- pulumi_vault/aws/auth_backend_cert.py +71 -70
- pulumi_vault/aws/auth_backend_client.py +253 -252
- pulumi_vault/aws/auth_backend_config_identity.py +85 -84
- pulumi_vault/aws/auth_backend_identity_whitelist.py +57 -56
- pulumi_vault/aws/auth_backend_login.py +209 -208
- pulumi_vault/aws/auth_backend_role.py +400 -399
- pulumi_vault/aws/auth_backend_role_tag.py +127 -126
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +57 -56
- pulumi_vault/aws/auth_backend_sts_role.py +71 -70
- pulumi_vault/aws/get_access_credentials.py +44 -43
- pulumi_vault/aws/get_static_access_credentials.py +13 -12
- pulumi_vault/aws/secret_backend.py +337 -336
- pulumi_vault/aws/secret_backend_role.py +211 -210
- pulumi_vault/aws/secret_backend_static_role.py +113 -112
- pulumi_vault/azure/__init__.py +1 -0
- pulumi_vault/azure/_inputs.py +21 -20
- pulumi_vault/azure/auth_backend_config.py +183 -182
- pulumi_vault/azure/auth_backend_role.py +253 -252
- pulumi_vault/azure/backend.py +239 -238
- pulumi_vault/azure/backend_role.py +188 -140
- pulumi_vault/azure/get_access_credentials.py +58 -57
- pulumi_vault/azure/outputs.py +11 -10
- pulumi_vault/cert_auth_backend_role.py +365 -364
- pulumi_vault/config/__init__.py +1 -0
- pulumi_vault/config/__init__.pyi +1 -0
- pulumi_vault/config/_inputs.py +11 -10
- pulumi_vault/config/outputs.py +287 -286
- pulumi_vault/config/ui_custom_message.py +113 -112
- pulumi_vault/config/vars.py +1 -0
- pulumi_vault/consul/__init__.py +1 -0
- pulumi_vault/consul/secret_backend.py +197 -196
- pulumi_vault/consul/secret_backend_role.py +183 -182
- pulumi_vault/database/__init__.py +1 -0
- pulumi_vault/database/_inputs.py +2525 -2524
- pulumi_vault/database/outputs.py +1529 -1528
- pulumi_vault/database/secret_backend_connection.py +169 -168
- pulumi_vault/database/secret_backend_role.py +169 -168
- pulumi_vault/database/secret_backend_static_role.py +179 -178
- pulumi_vault/database/secrets_mount.py +267 -266
- pulumi_vault/egp_policy.py +71 -70
- pulumi_vault/gcp/__init__.py +1 -0
- pulumi_vault/gcp/_inputs.py +82 -81
- pulumi_vault/gcp/auth_backend.py +260 -259
- pulumi_vault/gcp/auth_backend_role.py +281 -280
- pulumi_vault/gcp/get_auth_backend_role.py +70 -69
- pulumi_vault/gcp/outputs.py +50 -49
- pulumi_vault/gcp/secret_backend.py +232 -231
- pulumi_vault/gcp/secret_impersonated_account.py +92 -91
- pulumi_vault/gcp/secret_roleset.py +92 -91
- pulumi_vault/gcp/secret_static_account.py +92 -91
- pulumi_vault/generic/__init__.py +1 -0
- pulumi_vault/generic/endpoint.py +113 -112
- pulumi_vault/generic/get_secret.py +28 -27
- pulumi_vault/generic/secret.py +78 -77
- pulumi_vault/get_auth_backend.py +19 -18
- pulumi_vault/get_auth_backends.py +14 -13
- pulumi_vault/get_namespace.py +15 -14
- pulumi_vault/get_namespaces.py +68 -18
- pulumi_vault/get_nomad_access_token.py +19 -18
- pulumi_vault/get_policy_document.py +6 -5
- pulumi_vault/get_raft_autopilot_state.py +18 -17
- pulumi_vault/github/__init__.py +1 -0
- pulumi_vault/github/_inputs.py +42 -41
- pulumi_vault/github/auth_backend.py +232 -231
- pulumi_vault/github/outputs.py +26 -25
- pulumi_vault/github/team.py +57 -56
- pulumi_vault/github/user.py +57 -56
- pulumi_vault/identity/__init__.py +1 -0
- pulumi_vault/identity/entity.py +85 -84
- pulumi_vault/identity/entity_alias.py +71 -70
- pulumi_vault/identity/entity_policies.py +64 -63
- pulumi_vault/identity/get_entity.py +43 -42
- pulumi_vault/identity/get_group.py +50 -49
- pulumi_vault/identity/get_oidc_client_creds.py +14 -13
- pulumi_vault/identity/get_oidc_openid_config.py +24 -23
- pulumi_vault/identity/get_oidc_public_keys.py +13 -12
- pulumi_vault/identity/group.py +141 -140
- pulumi_vault/identity/group_alias.py +57 -56
- pulumi_vault/identity/group_member_entity_ids.py +57 -56
- pulumi_vault/identity/group_member_group_ids.py +57 -56
- pulumi_vault/identity/group_policies.py +64 -63
- pulumi_vault/identity/mfa_duo.py +148 -147
- pulumi_vault/identity/mfa_login_enforcement.py +120 -119
- pulumi_vault/identity/mfa_okta.py +134 -133
- pulumi_vault/identity/mfa_pingid.py +127 -126
- pulumi_vault/identity/mfa_totp.py +176 -175
- pulumi_vault/identity/oidc.py +29 -28
- pulumi_vault/identity/oidc_assignment.py +57 -56
- pulumi_vault/identity/oidc_client.py +127 -126
- pulumi_vault/identity/oidc_key.py +85 -84
- pulumi_vault/identity/oidc_key_allowed_client_id.py +43 -42
- pulumi_vault/identity/oidc_provider.py +92 -91
- pulumi_vault/identity/oidc_role.py +85 -84
- pulumi_vault/identity/oidc_scope.py +57 -56
- pulumi_vault/identity/outputs.py +32 -31
- pulumi_vault/jwt/__init__.py +1 -0
- pulumi_vault/jwt/_inputs.py +42 -41
- pulumi_vault/jwt/auth_backend.py +288 -287
- pulumi_vault/jwt/auth_backend_role.py +407 -406
- pulumi_vault/jwt/outputs.py +26 -25
- pulumi_vault/kmip/__init__.py +1 -0
- pulumi_vault/kmip/secret_backend.py +183 -182
- pulumi_vault/kmip/secret_role.py +295 -294
- pulumi_vault/kmip/secret_scope.py +57 -56
- pulumi_vault/kubernetes/__init__.py +1 -0
- pulumi_vault/kubernetes/auth_backend_config.py +141 -140
- pulumi_vault/kubernetes/auth_backend_role.py +225 -224
- pulumi_vault/kubernetes/get_auth_backend_config.py +47 -46
- pulumi_vault/kubernetes/get_auth_backend_role.py +70 -69
- pulumi_vault/kubernetes/get_service_account_token.py +38 -37
- pulumi_vault/kubernetes/secret_backend.py +316 -315
- pulumi_vault/kubernetes/secret_backend_role.py +197 -196
- pulumi_vault/kv/__init__.py +1 -0
- pulumi_vault/kv/_inputs.py +21 -20
- pulumi_vault/kv/get_secret.py +17 -16
- pulumi_vault/kv/get_secret_subkeys_v2.py +30 -29
- pulumi_vault/kv/get_secret_v2.py +29 -28
- pulumi_vault/kv/get_secrets_list.py +13 -12
- pulumi_vault/kv/get_secrets_list_v2.py +19 -18
- pulumi_vault/kv/outputs.py +13 -12
- pulumi_vault/kv/secret.py +50 -49
- pulumi_vault/kv/secret_backend_v2.py +71 -70
- pulumi_vault/kv/secret_v2.py +134 -133
- pulumi_vault/ldap/__init__.py +1 -0
- pulumi_vault/ldap/auth_backend.py +588 -587
- pulumi_vault/ldap/auth_backend_group.py +57 -56
- pulumi_vault/ldap/auth_backend_user.py +71 -70
- pulumi_vault/ldap/get_dynamic_credentials.py +17 -16
- pulumi_vault/ldap/get_static_credentials.py +18 -17
- pulumi_vault/ldap/secret_backend.py +554 -553
- pulumi_vault/ldap/secret_backend_dynamic_role.py +127 -126
- pulumi_vault/ldap/secret_backend_library_set.py +99 -98
- pulumi_vault/ldap/secret_backend_static_role.py +99 -98
- pulumi_vault/managed/__init__.py +1 -0
- pulumi_vault/managed/_inputs.py +229 -228
- pulumi_vault/managed/keys.py +15 -14
- pulumi_vault/managed/outputs.py +139 -138
- pulumi_vault/mfa_duo.py +113 -112
- pulumi_vault/mfa_okta.py +113 -112
- pulumi_vault/mfa_pingid.py +120 -119
- pulumi_vault/mfa_totp.py +127 -126
- pulumi_vault/mongodbatlas/__init__.py +1 -0
- pulumi_vault/mongodbatlas/secret_backend.py +64 -63
- pulumi_vault/mongodbatlas/secret_role.py +155 -154
- pulumi_vault/mount.py +274 -273
- pulumi_vault/namespace.py +64 -63
- pulumi_vault/nomad_secret_backend.py +211 -210
- pulumi_vault/nomad_secret_role.py +85 -84
- pulumi_vault/okta/__init__.py +1 -0
- pulumi_vault/okta/_inputs.py +26 -25
- pulumi_vault/okta/auth_backend.py +274 -273
- pulumi_vault/okta/auth_backend_group.py +57 -56
- pulumi_vault/okta/auth_backend_user.py +71 -70
- pulumi_vault/okta/outputs.py +16 -15
- pulumi_vault/outputs.py +73 -60
- pulumi_vault/password_policy.py +43 -42
- pulumi_vault/pkisecret/__init__.py +1 -0
- pulumi_vault/pkisecret/_inputs.py +31 -30
- pulumi_vault/pkisecret/backend_acme_eab.py +92 -91
- pulumi_vault/pkisecret/backend_config_acme.py +141 -140
- pulumi_vault/pkisecret/backend_config_auto_tidy.py +323 -322
- pulumi_vault/pkisecret/backend_config_cluster.py +57 -56
- pulumi_vault/pkisecret/backend_config_cmpv2.py +106 -105
- pulumi_vault/pkisecret/backend_config_est.py +120 -119
- pulumi_vault/pkisecret/get_backend_cert_metadata.py +22 -21
- pulumi_vault/pkisecret/get_backend_config_cmpv2.py +22 -21
- pulumi_vault/pkisecret/get_backend_config_est.py +19 -18
- pulumi_vault/pkisecret/get_backend_issuer.py +45 -44
- pulumi_vault/pkisecret/get_backend_issuers.py +15 -14
- pulumi_vault/pkisecret/get_backend_key.py +20 -19
- pulumi_vault/pkisecret/get_backend_keys.py +15 -14
- pulumi_vault/pkisecret/outputs.py +28 -27
- pulumi_vault/pkisecret/secret_backend_cert.py +337 -336
- pulumi_vault/pkisecret/secret_backend_config_ca.py +43 -42
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +57 -56
- pulumi_vault/pkisecret/secret_backend_config_urls.py +85 -84
- pulumi_vault/pkisecret/secret_backend_crl_config.py +197 -196
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +421 -420
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +57 -56
- pulumi_vault/pkisecret/secret_backend_issuer.py +232 -231
- pulumi_vault/pkisecret/secret_backend_key.py +120 -119
- pulumi_vault/pkisecret/secret_backend_role.py +715 -714
- pulumi_vault/pkisecret/secret_backend_root_cert.py +554 -553
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +526 -525
- pulumi_vault/pkisecret/secret_backend_sign.py +281 -280
- pulumi_vault/plugin.py +127 -126
- pulumi_vault/plugin_pinned_version.py +43 -42
- pulumi_vault/policy.py +43 -42
- pulumi_vault/provider.py +120 -119
- pulumi_vault/pulumi-plugin.json +1 -1
- pulumi_vault/quota_lease_count.py +85 -84
- pulumi_vault/quota_rate_limit.py +113 -112
- pulumi_vault/rabbitmq/__init__.py +1 -0
- pulumi_vault/rabbitmq/_inputs.py +41 -40
- pulumi_vault/rabbitmq/outputs.py +25 -24
- pulumi_vault/rabbitmq/secret_backend.py +169 -168
- pulumi_vault/rabbitmq/secret_backend_role.py +57 -56
- pulumi_vault/raft_autopilot.py +113 -112
- pulumi_vault/raft_snapshot_agent_config.py +393 -392
- pulumi_vault/rgp_policy.py +57 -56
- pulumi_vault/saml/__init__.py +1 -0
- pulumi_vault/saml/auth_backend.py +155 -154
- pulumi_vault/saml/auth_backend_role.py +239 -238
- pulumi_vault/secrets/__init__.py +1 -0
- pulumi_vault/secrets/_inputs.py +16 -15
- pulumi_vault/secrets/outputs.py +10 -9
- pulumi_vault/secrets/sync_association.py +71 -70
- pulumi_vault/secrets/sync_aws_destination.py +148 -147
- pulumi_vault/secrets/sync_azure_destination.py +148 -147
- pulumi_vault/secrets/sync_config.py +43 -42
- pulumi_vault/secrets/sync_gcp_destination.py +106 -105
- pulumi_vault/secrets/sync_gh_destination.py +134 -133
- pulumi_vault/secrets/sync_github_apps.py +64 -63
- pulumi_vault/secrets/sync_vercel_destination.py +120 -119
- pulumi_vault/ssh/__init__.py +1 -0
- pulumi_vault/ssh/_inputs.py +11 -10
- pulumi_vault/ssh/get_secret_backend_sign.py +52 -51
- pulumi_vault/ssh/outputs.py +7 -6
- pulumi_vault/ssh/secret_backend_ca.py +99 -98
- pulumi_vault/ssh/secret_backend_role.py +365 -364
- pulumi_vault/terraformcloud/__init__.py +1 -0
- pulumi_vault/terraformcloud/secret_backend.py +111 -110
- pulumi_vault/terraformcloud/secret_creds.py +74 -73
- pulumi_vault/terraformcloud/secret_role.py +93 -92
- pulumi_vault/token.py +246 -245
- pulumi_vault/tokenauth/__init__.py +1 -0
- pulumi_vault/tokenauth/auth_backend_role.py +267 -266
- pulumi_vault/transform/__init__.py +1 -0
- pulumi_vault/transform/alphabet.py +57 -56
- pulumi_vault/transform/get_decode.py +47 -46
- pulumi_vault/transform/get_encode.py +47 -46
- pulumi_vault/transform/role.py +57 -56
- pulumi_vault/transform/template.py +113 -112
- pulumi_vault/transform/transformation.py +141 -140
- pulumi_vault/transit/__init__.py +1 -0
- pulumi_vault/transit/get_decrypt.py +18 -17
- pulumi_vault/transit/get_encrypt.py +21 -20
- pulumi_vault/transit/get_sign.py +54 -53
- pulumi_vault/transit/get_verify.py +60 -59
- pulumi_vault/transit/secret_backend_key.py +274 -273
- pulumi_vault/transit/secret_cache_config.py +43 -42
- {pulumi_vault-6.6.0a1741836364.dist-info → pulumi_vault-6.7.0.dist-info}/METADATA +2 -2
- pulumi_vault-6.7.0.dist-info/RECORD +265 -0
- {pulumi_vault-6.6.0a1741836364.dist-info → pulumi_vault-6.7.0.dist-info}/WHEEL +1 -1
- pulumi_vault-6.6.0a1741836364.dist-info/RECORD +0 -265
- {pulumi_vault-6.6.0a1741836364.dist-info → pulumi_vault-6.7.0.dist-info}/top_level.txt +0 -0
@@ -2,6 +2,7 @@
|
|
2
2
|
# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
|
3
3
|
# *** Do not edit by hand unless you're certain you know what you are doing! ***
|
4
4
|
|
5
|
+
import builtins
|
5
6
|
import copy
|
6
7
|
import warnings
|
7
8
|
import sys
|
@@ -21,39 +22,41 @@ __all__ = ['BackendRoleArgs', 'BackendRole']
|
|
21
22
|
@pulumi.input_type
|
22
23
|
class BackendRoleArgs:
|
23
24
|
def __init__(__self__, *,
|
24
|
-
role: pulumi.Input[str],
|
25
|
-
application_object_id: Optional[pulumi.Input[str]] = None,
|
25
|
+
role: pulumi.Input[builtins.str],
|
26
|
+
application_object_id: Optional[pulumi.Input[builtins.str]] = None,
|
26
27
|
azure_groups: Optional[pulumi.Input[Sequence[pulumi.Input['BackendRoleAzureGroupArgs']]]] = None,
|
27
28
|
azure_roles: Optional[pulumi.Input[Sequence[pulumi.Input['BackendRoleAzureRoleArgs']]]] = None,
|
28
|
-
backend: Optional[pulumi.Input[str]] = None,
|
29
|
-
description: Optional[pulumi.Input[str]] = None,
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
29
|
+
backend: Optional[pulumi.Input[builtins.str]] = None,
|
30
|
+
description: Optional[pulumi.Input[builtins.str]] = None,
|
31
|
+
explicit_max_ttl: Optional[pulumi.Input[builtins.str]] = None,
|
32
|
+
max_ttl: Optional[pulumi.Input[builtins.str]] = None,
|
33
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
34
|
+
permanently_delete: Optional[pulumi.Input[builtins.bool]] = None,
|
35
|
+
sign_in_audience: Optional[pulumi.Input[builtins.str]] = None,
|
36
|
+
tags: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
37
|
+
ttl: Optional[pulumi.Input[builtins.str]] = None):
|
36
38
|
"""
|
37
39
|
The set of arguments for constructing a BackendRole resource.
|
38
|
-
:param pulumi.Input[str] role: Name of the Azure role
|
39
|
-
:param pulumi.Input[str] application_object_id: Application Object ID for an existing service principal that will
|
40
|
+
:param pulumi.Input[builtins.str] role: Name of the Azure role
|
41
|
+
:param pulumi.Input[builtins.str] application_object_id: Application Object ID for an existing service principal that will
|
40
42
|
be used instead of creating dynamic service principals. If present, `azure_roles` and `permanently_delete` will be ignored.
|
41
43
|
:param pulumi.Input[Sequence[pulumi.Input['BackendRoleAzureGroupArgs']]] azure_groups: List of Azure groups to be assigned to the generated service principal.
|
42
44
|
:param pulumi.Input[Sequence[pulumi.Input['BackendRoleAzureRoleArgs']]] azure_roles: List of Azure roles to be assigned to the generated service principal.
|
43
|
-
:param pulumi.Input[str] backend: Path to the mounted Azure auth backend
|
44
|
-
:param pulumi.Input[str] description: Human-friendly description of the mount for the backend.
|
45
|
-
:param pulumi.Input[str]
|
45
|
+
:param pulumi.Input[builtins.str] backend: Path to the mounted Azure auth backend
|
46
|
+
:param pulumi.Input[builtins.str] description: Human-friendly description of the mount for the backend.
|
47
|
+
:param pulumi.Input[builtins.str] explicit_max_ttl: Specifies the explicit maximum lifetime of the lease and service principal generated using this role. If not set or set to 0, will use the system default (10 years). Requires Vault 1.18+.
|
48
|
+
:param pulumi.Input[builtins.str] max_ttl: Specifies the maximum TTL for service principals generated using this role. Accepts time
|
46
49
|
suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine max TTL time.
|
47
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
50
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
48
51
|
The value should not contain leading or trailing forward slashes.
|
49
52
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
50
53
|
*Available only for Vault Enterprise*.
|
51
|
-
:param pulumi.Input[bool] permanently_delete: Indicates whether the applications and service principals created by Vault will be permanently
|
54
|
+
:param pulumi.Input[builtins.bool] permanently_delete: Indicates whether the applications and service principals created by Vault will be permanently
|
52
55
|
deleted when the corresponding leases expire. Defaults to `false`. For Vault v1.12+.
|
53
|
-
:param pulumi.Input[str] sign_in_audience: Specifies the security principal types that are allowed to sign in to the application.
|
56
|
+
:param pulumi.Input[builtins.str] sign_in_audience: Specifies the security principal types that are allowed to sign in to the application.
|
54
57
|
Valid values are: AzureADMyOrg, AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount, PersonalMicrosoftAccount. Requires Vault 1.16+.
|
55
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] tags: A list of Azure tags to attach to an application. Requires Vault 1.16+.
|
56
|
-
:param pulumi.Input[str] ttl: Specifies the default TTL for service principals generated using this role.
|
58
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] tags: A list of Azure tags to attach to an application. Requires Vault 1.16+.
|
59
|
+
:param pulumi.Input[builtins.str] ttl: Specifies the default TTL for service principals generated using this role.
|
57
60
|
Accepts time suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine default TTL time.
|
58
61
|
"""
|
59
62
|
pulumi.set(__self__, "role", role)
|
@@ -67,6 +70,8 @@ class BackendRoleArgs:
|
|
67
70
|
pulumi.set(__self__, "backend", backend)
|
68
71
|
if description is not None:
|
69
72
|
pulumi.set(__self__, "description", description)
|
73
|
+
if explicit_max_ttl is not None:
|
74
|
+
pulumi.set(__self__, "explicit_max_ttl", explicit_max_ttl)
|
70
75
|
if max_ttl is not None:
|
71
76
|
pulumi.set(__self__, "max_ttl", max_ttl)
|
72
77
|
if namespace is not None:
|
@@ -82,19 +87,19 @@ class BackendRoleArgs:
|
|
82
87
|
|
83
88
|
@property
|
84
89
|
@pulumi.getter
|
85
|
-
def role(self) -> pulumi.Input[str]:
|
90
|
+
def role(self) -> pulumi.Input[builtins.str]:
|
86
91
|
"""
|
87
92
|
Name of the Azure role
|
88
93
|
"""
|
89
94
|
return pulumi.get(self, "role")
|
90
95
|
|
91
96
|
@role.setter
|
92
|
-
def role(self, value: pulumi.Input[str]):
|
97
|
+
def role(self, value: pulumi.Input[builtins.str]):
|
93
98
|
pulumi.set(self, "role", value)
|
94
99
|
|
95
100
|
@property
|
96
101
|
@pulumi.getter(name="applicationObjectId")
|
97
|
-
def application_object_id(self) -> Optional[pulumi.Input[str]]:
|
102
|
+
def application_object_id(self) -> Optional[pulumi.Input[builtins.str]]:
|
98
103
|
"""
|
99
104
|
Application Object ID for an existing service principal that will
|
100
105
|
be used instead of creating dynamic service principals. If present, `azure_roles` and `permanently_delete` will be ignored.
|
@@ -102,7 +107,7 @@ class BackendRoleArgs:
|
|
102
107
|
return pulumi.get(self, "application_object_id")
|
103
108
|
|
104
109
|
@application_object_id.setter
|
105
|
-
def application_object_id(self, value: Optional[pulumi.Input[str]]):
|
110
|
+
def application_object_id(self, value: Optional[pulumi.Input[builtins.str]]):
|
106
111
|
pulumi.set(self, "application_object_id", value)
|
107
112
|
|
108
113
|
@property
|
@@ -131,31 +136,43 @@ class BackendRoleArgs:
|
|
131
136
|
|
132
137
|
@property
|
133
138
|
@pulumi.getter
|
134
|
-
def backend(self) -> Optional[pulumi.Input[str]]:
|
139
|
+
def backend(self) -> Optional[pulumi.Input[builtins.str]]:
|
135
140
|
"""
|
136
141
|
Path to the mounted Azure auth backend
|
137
142
|
"""
|
138
143
|
return pulumi.get(self, "backend")
|
139
144
|
|
140
145
|
@backend.setter
|
141
|
-
def backend(self, value: Optional[pulumi.Input[str]]):
|
146
|
+
def backend(self, value: Optional[pulumi.Input[builtins.str]]):
|
142
147
|
pulumi.set(self, "backend", value)
|
143
148
|
|
144
149
|
@property
|
145
150
|
@pulumi.getter
|
146
|
-
def description(self) -> Optional[pulumi.Input[str]]:
|
151
|
+
def description(self) -> Optional[pulumi.Input[builtins.str]]:
|
147
152
|
"""
|
148
153
|
Human-friendly description of the mount for the backend.
|
149
154
|
"""
|
150
155
|
return pulumi.get(self, "description")
|
151
156
|
|
152
157
|
@description.setter
|
153
|
-
def description(self, value: Optional[pulumi.Input[str]]):
|
158
|
+
def description(self, value: Optional[pulumi.Input[builtins.str]]):
|
154
159
|
pulumi.set(self, "description", value)
|
155
160
|
|
161
|
+
@property
|
162
|
+
@pulumi.getter(name="explicitMaxTtl")
|
163
|
+
def explicit_max_ttl(self) -> Optional[pulumi.Input[builtins.str]]:
|
164
|
+
"""
|
165
|
+
Specifies the explicit maximum lifetime of the lease and service principal generated using this role. If not set or set to 0, will use the system default (10 years). Requires Vault 1.18+.
|
166
|
+
"""
|
167
|
+
return pulumi.get(self, "explicit_max_ttl")
|
168
|
+
|
169
|
+
@explicit_max_ttl.setter
|
170
|
+
def explicit_max_ttl(self, value: Optional[pulumi.Input[builtins.str]]):
|
171
|
+
pulumi.set(self, "explicit_max_ttl", value)
|
172
|
+
|
156
173
|
@property
|
157
174
|
@pulumi.getter(name="maxTtl")
|
158
|
-
def max_ttl(self) -> Optional[pulumi.Input[str]]:
|
175
|
+
def max_ttl(self) -> Optional[pulumi.Input[builtins.str]]:
|
159
176
|
"""
|
160
177
|
Specifies the maximum TTL for service principals generated using this role. Accepts time
|
161
178
|
suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine max TTL time.
|
@@ -163,12 +180,12 @@ class BackendRoleArgs:
|
|
163
180
|
return pulumi.get(self, "max_ttl")
|
164
181
|
|
165
182
|
@max_ttl.setter
|
166
|
-
def max_ttl(self, value: Optional[pulumi.Input[str]]):
|
183
|
+
def max_ttl(self, value: Optional[pulumi.Input[builtins.str]]):
|
167
184
|
pulumi.set(self, "max_ttl", value)
|
168
185
|
|
169
186
|
@property
|
170
187
|
@pulumi.getter
|
171
|
-
def namespace(self) -> Optional[pulumi.Input[str]]:
|
188
|
+
def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
|
172
189
|
"""
|
173
190
|
The namespace to provision the resource in.
|
174
191
|
The value should not contain leading or trailing forward slashes.
|
@@ -178,12 +195,12 @@ class BackendRoleArgs:
|
|
178
195
|
return pulumi.get(self, "namespace")
|
179
196
|
|
180
197
|
@namespace.setter
|
181
|
-
def namespace(self, value: Optional[pulumi.Input[str]]):
|
198
|
+
def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
|
182
199
|
pulumi.set(self, "namespace", value)
|
183
200
|
|
184
201
|
@property
|
185
202
|
@pulumi.getter(name="permanentlyDelete")
|
186
|
-
def permanently_delete(self) -> Optional[pulumi.Input[bool]]:
|
203
|
+
def permanently_delete(self) -> Optional[pulumi.Input[builtins.bool]]:
|
187
204
|
"""
|
188
205
|
Indicates whether the applications and service principals created by Vault will be permanently
|
189
206
|
deleted when the corresponding leases expire. Defaults to `false`. For Vault v1.12+.
|
@@ -191,12 +208,12 @@ class BackendRoleArgs:
|
|
191
208
|
return pulumi.get(self, "permanently_delete")
|
192
209
|
|
193
210
|
@permanently_delete.setter
|
194
|
-
def permanently_delete(self, value: Optional[pulumi.Input[bool]]):
|
211
|
+
def permanently_delete(self, value: Optional[pulumi.Input[builtins.bool]]):
|
195
212
|
pulumi.set(self, "permanently_delete", value)
|
196
213
|
|
197
214
|
@property
|
198
215
|
@pulumi.getter(name="signInAudience")
|
199
|
-
def sign_in_audience(self) -> Optional[pulumi.Input[str]]:
|
216
|
+
def sign_in_audience(self) -> Optional[pulumi.Input[builtins.str]]:
|
200
217
|
"""
|
201
218
|
Specifies the security principal types that are allowed to sign in to the application.
|
202
219
|
Valid values are: AzureADMyOrg, AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount, PersonalMicrosoftAccount. Requires Vault 1.16+.
|
@@ -204,24 +221,24 @@ class BackendRoleArgs:
|
|
204
221
|
return pulumi.get(self, "sign_in_audience")
|
205
222
|
|
206
223
|
@sign_in_audience.setter
|
207
|
-
def sign_in_audience(self, value: Optional[pulumi.Input[str]]):
|
224
|
+
def sign_in_audience(self, value: Optional[pulumi.Input[builtins.str]]):
|
208
225
|
pulumi.set(self, "sign_in_audience", value)
|
209
226
|
|
210
227
|
@property
|
211
228
|
@pulumi.getter
|
212
|
-
def tags(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
229
|
+
def tags(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
213
230
|
"""
|
214
231
|
A list of Azure tags to attach to an application. Requires Vault 1.16+.
|
215
232
|
"""
|
216
233
|
return pulumi.get(self, "tags")
|
217
234
|
|
218
235
|
@tags.setter
|
219
|
-
def tags(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
236
|
+
def tags(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
220
237
|
pulumi.set(self, "tags", value)
|
221
238
|
|
222
239
|
@property
|
223
240
|
@pulumi.getter
|
224
|
-
def ttl(self) -> Optional[pulumi.Input[str]]:
|
241
|
+
def ttl(self) -> Optional[pulumi.Input[builtins.str]]:
|
225
242
|
"""
|
226
243
|
Specifies the default TTL for service principals generated using this role.
|
227
244
|
Accepts time suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine default TTL time.
|
@@ -229,46 +246,48 @@ class BackendRoleArgs:
|
|
229
246
|
return pulumi.get(self, "ttl")
|
230
247
|
|
231
248
|
@ttl.setter
|
232
|
-
def ttl(self, value: Optional[pulumi.Input[str]]):
|
249
|
+
def ttl(self, value: Optional[pulumi.Input[builtins.str]]):
|
233
250
|
pulumi.set(self, "ttl", value)
|
234
251
|
|
235
252
|
|
236
253
|
@pulumi.input_type
|
237
254
|
class _BackendRoleState:
|
238
255
|
def __init__(__self__, *,
|
239
|
-
application_object_id: Optional[pulumi.Input[str]] = None,
|
256
|
+
application_object_id: Optional[pulumi.Input[builtins.str]] = None,
|
240
257
|
azure_groups: Optional[pulumi.Input[Sequence[pulumi.Input['BackendRoleAzureGroupArgs']]]] = None,
|
241
258
|
azure_roles: Optional[pulumi.Input[Sequence[pulumi.Input['BackendRoleAzureRoleArgs']]]] = None,
|
242
|
-
backend: Optional[pulumi.Input[str]] = None,
|
243
|
-
description: Optional[pulumi.Input[str]] = None,
|
244
|
-
|
245
|
-
|
246
|
-
|
247
|
-
|
248
|
-
|
249
|
-
|
250
|
-
|
259
|
+
backend: Optional[pulumi.Input[builtins.str]] = None,
|
260
|
+
description: Optional[pulumi.Input[builtins.str]] = None,
|
261
|
+
explicit_max_ttl: Optional[pulumi.Input[builtins.str]] = None,
|
262
|
+
max_ttl: Optional[pulumi.Input[builtins.str]] = None,
|
263
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
264
|
+
permanently_delete: Optional[pulumi.Input[builtins.bool]] = None,
|
265
|
+
role: Optional[pulumi.Input[builtins.str]] = None,
|
266
|
+
sign_in_audience: Optional[pulumi.Input[builtins.str]] = None,
|
267
|
+
tags: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
268
|
+
ttl: Optional[pulumi.Input[builtins.str]] = None):
|
251
269
|
"""
|
252
270
|
Input properties used for looking up and filtering BackendRole resources.
|
253
|
-
:param pulumi.Input[str] application_object_id: Application Object ID for an existing service principal that will
|
271
|
+
:param pulumi.Input[builtins.str] application_object_id: Application Object ID for an existing service principal that will
|
254
272
|
be used instead of creating dynamic service principals. If present, `azure_roles` and `permanently_delete` will be ignored.
|
255
273
|
:param pulumi.Input[Sequence[pulumi.Input['BackendRoleAzureGroupArgs']]] azure_groups: List of Azure groups to be assigned to the generated service principal.
|
256
274
|
:param pulumi.Input[Sequence[pulumi.Input['BackendRoleAzureRoleArgs']]] azure_roles: List of Azure roles to be assigned to the generated service principal.
|
257
|
-
:param pulumi.Input[str] backend: Path to the mounted Azure auth backend
|
258
|
-
:param pulumi.Input[str] description: Human-friendly description of the mount for the backend.
|
259
|
-
:param pulumi.Input[str]
|
275
|
+
:param pulumi.Input[builtins.str] backend: Path to the mounted Azure auth backend
|
276
|
+
:param pulumi.Input[builtins.str] description: Human-friendly description of the mount for the backend.
|
277
|
+
:param pulumi.Input[builtins.str] explicit_max_ttl: Specifies the explicit maximum lifetime of the lease and service principal generated using this role. If not set or set to 0, will use the system default (10 years). Requires Vault 1.18+.
|
278
|
+
:param pulumi.Input[builtins.str] max_ttl: Specifies the maximum TTL for service principals generated using this role. Accepts time
|
260
279
|
suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine max TTL time.
|
261
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
280
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
262
281
|
The value should not contain leading or trailing forward slashes.
|
263
282
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
264
283
|
*Available only for Vault Enterprise*.
|
265
|
-
:param pulumi.Input[bool] permanently_delete: Indicates whether the applications and service principals created by Vault will be permanently
|
284
|
+
:param pulumi.Input[builtins.bool] permanently_delete: Indicates whether the applications and service principals created by Vault will be permanently
|
266
285
|
deleted when the corresponding leases expire. Defaults to `false`. For Vault v1.12+.
|
267
|
-
:param pulumi.Input[str] role: Name of the Azure role
|
268
|
-
:param pulumi.Input[str] sign_in_audience: Specifies the security principal types that are allowed to sign in to the application.
|
286
|
+
:param pulumi.Input[builtins.str] role: Name of the Azure role
|
287
|
+
:param pulumi.Input[builtins.str] sign_in_audience: Specifies the security principal types that are allowed to sign in to the application.
|
269
288
|
Valid values are: AzureADMyOrg, AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount, PersonalMicrosoftAccount. Requires Vault 1.16+.
|
270
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] tags: A list of Azure tags to attach to an application. Requires Vault 1.16+.
|
271
|
-
:param pulumi.Input[str] ttl: Specifies the default TTL for service principals generated using this role.
|
289
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] tags: A list of Azure tags to attach to an application. Requires Vault 1.16+.
|
290
|
+
:param pulumi.Input[builtins.str] ttl: Specifies the default TTL for service principals generated using this role.
|
272
291
|
Accepts time suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine default TTL time.
|
273
292
|
"""
|
274
293
|
if application_object_id is not None:
|
@@ -281,6 +300,8 @@ class _BackendRoleState:
|
|
281
300
|
pulumi.set(__self__, "backend", backend)
|
282
301
|
if description is not None:
|
283
302
|
pulumi.set(__self__, "description", description)
|
303
|
+
if explicit_max_ttl is not None:
|
304
|
+
pulumi.set(__self__, "explicit_max_ttl", explicit_max_ttl)
|
284
305
|
if max_ttl is not None:
|
285
306
|
pulumi.set(__self__, "max_ttl", max_ttl)
|
286
307
|
if namespace is not None:
|
@@ -298,7 +319,7 @@ class _BackendRoleState:
|
|
298
319
|
|
299
320
|
@property
|
300
321
|
@pulumi.getter(name="applicationObjectId")
|
301
|
-
def application_object_id(self) -> Optional[pulumi.Input[str]]:
|
322
|
+
def application_object_id(self) -> Optional[pulumi.Input[builtins.str]]:
|
302
323
|
"""
|
303
324
|
Application Object ID for an existing service principal that will
|
304
325
|
be used instead of creating dynamic service principals. If present, `azure_roles` and `permanently_delete` will be ignored.
|
@@ -306,7 +327,7 @@ class _BackendRoleState:
|
|
306
327
|
return pulumi.get(self, "application_object_id")
|
307
328
|
|
308
329
|
@application_object_id.setter
|
309
|
-
def application_object_id(self, value: Optional[pulumi.Input[str]]):
|
330
|
+
def application_object_id(self, value: Optional[pulumi.Input[builtins.str]]):
|
310
331
|
pulumi.set(self, "application_object_id", value)
|
311
332
|
|
312
333
|
@property
|
@@ -335,31 +356,43 @@ class _BackendRoleState:
|
|
335
356
|
|
336
357
|
@property
|
337
358
|
@pulumi.getter
|
338
|
-
def backend(self) -> Optional[pulumi.Input[str]]:
|
359
|
+
def backend(self) -> Optional[pulumi.Input[builtins.str]]:
|
339
360
|
"""
|
340
361
|
Path to the mounted Azure auth backend
|
341
362
|
"""
|
342
363
|
return pulumi.get(self, "backend")
|
343
364
|
|
344
365
|
@backend.setter
|
345
|
-
def backend(self, value: Optional[pulumi.Input[str]]):
|
366
|
+
def backend(self, value: Optional[pulumi.Input[builtins.str]]):
|
346
367
|
pulumi.set(self, "backend", value)
|
347
368
|
|
348
369
|
@property
|
349
370
|
@pulumi.getter
|
350
|
-
def description(self) -> Optional[pulumi.Input[str]]:
|
371
|
+
def description(self) -> Optional[pulumi.Input[builtins.str]]:
|
351
372
|
"""
|
352
373
|
Human-friendly description of the mount for the backend.
|
353
374
|
"""
|
354
375
|
return pulumi.get(self, "description")
|
355
376
|
|
356
377
|
@description.setter
|
357
|
-
def description(self, value: Optional[pulumi.Input[str]]):
|
378
|
+
def description(self, value: Optional[pulumi.Input[builtins.str]]):
|
358
379
|
pulumi.set(self, "description", value)
|
359
380
|
|
381
|
+
@property
|
382
|
+
@pulumi.getter(name="explicitMaxTtl")
|
383
|
+
def explicit_max_ttl(self) -> Optional[pulumi.Input[builtins.str]]:
|
384
|
+
"""
|
385
|
+
Specifies the explicit maximum lifetime of the lease and service principal generated using this role. If not set or set to 0, will use the system default (10 years). Requires Vault 1.18+.
|
386
|
+
"""
|
387
|
+
return pulumi.get(self, "explicit_max_ttl")
|
388
|
+
|
389
|
+
@explicit_max_ttl.setter
|
390
|
+
def explicit_max_ttl(self, value: Optional[pulumi.Input[builtins.str]]):
|
391
|
+
pulumi.set(self, "explicit_max_ttl", value)
|
392
|
+
|
360
393
|
@property
|
361
394
|
@pulumi.getter(name="maxTtl")
|
362
|
-
def max_ttl(self) -> Optional[pulumi.Input[str]]:
|
395
|
+
def max_ttl(self) -> Optional[pulumi.Input[builtins.str]]:
|
363
396
|
"""
|
364
397
|
Specifies the maximum TTL for service principals generated using this role. Accepts time
|
365
398
|
suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine max TTL time.
|
@@ -367,12 +400,12 @@ class _BackendRoleState:
|
|
367
400
|
return pulumi.get(self, "max_ttl")
|
368
401
|
|
369
402
|
@max_ttl.setter
|
370
|
-
def max_ttl(self, value: Optional[pulumi.Input[str]]):
|
403
|
+
def max_ttl(self, value: Optional[pulumi.Input[builtins.str]]):
|
371
404
|
pulumi.set(self, "max_ttl", value)
|
372
405
|
|
373
406
|
@property
|
374
407
|
@pulumi.getter
|
375
|
-
def namespace(self) -> Optional[pulumi.Input[str]]:
|
408
|
+
def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
|
376
409
|
"""
|
377
410
|
The namespace to provision the resource in.
|
378
411
|
The value should not contain leading or trailing forward slashes.
|
@@ -382,12 +415,12 @@ class _BackendRoleState:
|
|
382
415
|
return pulumi.get(self, "namespace")
|
383
416
|
|
384
417
|
@namespace.setter
|
385
|
-
def namespace(self, value: Optional[pulumi.Input[str]]):
|
418
|
+
def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
|
386
419
|
pulumi.set(self, "namespace", value)
|
387
420
|
|
388
421
|
@property
|
389
422
|
@pulumi.getter(name="permanentlyDelete")
|
390
|
-
def permanently_delete(self) -> Optional[pulumi.Input[bool]]:
|
423
|
+
def permanently_delete(self) -> Optional[pulumi.Input[builtins.bool]]:
|
391
424
|
"""
|
392
425
|
Indicates whether the applications and service principals created by Vault will be permanently
|
393
426
|
deleted when the corresponding leases expire. Defaults to `false`. For Vault v1.12+.
|
@@ -395,24 +428,24 @@ class _BackendRoleState:
|
|
395
428
|
return pulumi.get(self, "permanently_delete")
|
396
429
|
|
397
430
|
@permanently_delete.setter
|
398
|
-
def permanently_delete(self, value: Optional[pulumi.Input[bool]]):
|
431
|
+
def permanently_delete(self, value: Optional[pulumi.Input[builtins.bool]]):
|
399
432
|
pulumi.set(self, "permanently_delete", value)
|
400
433
|
|
401
434
|
@property
|
402
435
|
@pulumi.getter
|
403
|
-
def role(self) -> Optional[pulumi.Input[str]]:
|
436
|
+
def role(self) -> Optional[pulumi.Input[builtins.str]]:
|
404
437
|
"""
|
405
438
|
Name of the Azure role
|
406
439
|
"""
|
407
440
|
return pulumi.get(self, "role")
|
408
441
|
|
409
442
|
@role.setter
|
410
|
-
def role(self, value: Optional[pulumi.Input[str]]):
|
443
|
+
def role(self, value: Optional[pulumi.Input[builtins.str]]):
|
411
444
|
pulumi.set(self, "role", value)
|
412
445
|
|
413
446
|
@property
|
414
447
|
@pulumi.getter(name="signInAudience")
|
415
|
-
def sign_in_audience(self) -> Optional[pulumi.Input[str]]:
|
448
|
+
def sign_in_audience(self) -> Optional[pulumi.Input[builtins.str]]:
|
416
449
|
"""
|
417
450
|
Specifies the security principal types that are allowed to sign in to the application.
|
418
451
|
Valid values are: AzureADMyOrg, AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount, PersonalMicrosoftAccount. Requires Vault 1.16+.
|
@@ -420,24 +453,24 @@ class _BackendRoleState:
|
|
420
453
|
return pulumi.get(self, "sign_in_audience")
|
421
454
|
|
422
455
|
@sign_in_audience.setter
|
423
|
-
def sign_in_audience(self, value: Optional[pulumi.Input[str]]):
|
456
|
+
def sign_in_audience(self, value: Optional[pulumi.Input[builtins.str]]):
|
424
457
|
pulumi.set(self, "sign_in_audience", value)
|
425
458
|
|
426
459
|
@property
|
427
460
|
@pulumi.getter
|
428
|
-
def tags(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
461
|
+
def tags(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
429
462
|
"""
|
430
463
|
A list of Azure tags to attach to an application. Requires Vault 1.16+.
|
431
464
|
"""
|
432
465
|
return pulumi.get(self, "tags")
|
433
466
|
|
434
467
|
@tags.setter
|
435
|
-
def tags(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
468
|
+
def tags(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
436
469
|
pulumi.set(self, "tags", value)
|
437
470
|
|
438
471
|
@property
|
439
472
|
@pulumi.getter
|
440
|
-
def ttl(self) -> Optional[pulumi.Input[str]]:
|
473
|
+
def ttl(self) -> Optional[pulumi.Input[builtins.str]]:
|
441
474
|
"""
|
442
475
|
Specifies the default TTL for service principals generated using this role.
|
443
476
|
Accepts time suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine default TTL time.
|
@@ -445,7 +478,7 @@ class _BackendRoleState:
|
|
445
478
|
return pulumi.get(self, "ttl")
|
446
479
|
|
447
480
|
@ttl.setter
|
448
|
-
def ttl(self, value: Optional[pulumi.Input[str]]):
|
481
|
+
def ttl(self, value: Optional[pulumi.Input[builtins.str]]):
|
449
482
|
pulumi.set(self, "ttl", value)
|
450
483
|
|
451
484
|
|
@@ -454,18 +487,19 @@ class BackendRole(pulumi.CustomResource):
|
|
454
487
|
def __init__(__self__,
|
455
488
|
resource_name: str,
|
456
489
|
opts: Optional[pulumi.ResourceOptions] = None,
|
457
|
-
application_object_id: Optional[pulumi.Input[str]] = None,
|
490
|
+
application_object_id: Optional[pulumi.Input[builtins.str]] = None,
|
458
491
|
azure_groups: Optional[pulumi.Input[Sequence[pulumi.Input[Union['BackendRoleAzureGroupArgs', 'BackendRoleAzureGroupArgsDict']]]]] = None,
|
459
492
|
azure_roles: Optional[pulumi.Input[Sequence[pulumi.Input[Union['BackendRoleAzureRoleArgs', 'BackendRoleAzureRoleArgsDict']]]]] = None,
|
460
|
-
backend: Optional[pulumi.Input[str]] = None,
|
461
|
-
description: Optional[pulumi.Input[str]] = None,
|
462
|
-
|
463
|
-
|
464
|
-
|
465
|
-
|
466
|
-
|
467
|
-
|
468
|
-
|
493
|
+
backend: Optional[pulumi.Input[builtins.str]] = None,
|
494
|
+
description: Optional[pulumi.Input[builtins.str]] = None,
|
495
|
+
explicit_max_ttl: Optional[pulumi.Input[builtins.str]] = None,
|
496
|
+
max_ttl: Optional[pulumi.Input[builtins.str]] = None,
|
497
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
498
|
+
permanently_delete: Optional[pulumi.Input[builtins.bool]] = None,
|
499
|
+
role: Optional[pulumi.Input[builtins.str]] = None,
|
500
|
+
sign_in_audience: Optional[pulumi.Input[builtins.str]] = None,
|
501
|
+
tags: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
502
|
+
ttl: Optional[pulumi.Input[builtins.str]] = None,
|
469
503
|
__props__=None):
|
470
504
|
"""
|
471
505
|
## Example Usage
|
@@ -503,25 +537,26 @@ class BackendRole(pulumi.CustomResource):
|
|
503
537
|
|
504
538
|
:param str resource_name: The name of the resource.
|
505
539
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
506
|
-
:param pulumi.Input[str] application_object_id: Application Object ID for an existing service principal that will
|
540
|
+
:param pulumi.Input[builtins.str] application_object_id: Application Object ID for an existing service principal that will
|
507
541
|
be used instead of creating dynamic service principals. If present, `azure_roles` and `permanently_delete` will be ignored.
|
508
542
|
:param pulumi.Input[Sequence[pulumi.Input[Union['BackendRoleAzureGroupArgs', 'BackendRoleAzureGroupArgsDict']]]] azure_groups: List of Azure groups to be assigned to the generated service principal.
|
509
543
|
:param pulumi.Input[Sequence[pulumi.Input[Union['BackendRoleAzureRoleArgs', 'BackendRoleAzureRoleArgsDict']]]] azure_roles: List of Azure roles to be assigned to the generated service principal.
|
510
|
-
:param pulumi.Input[str] backend: Path to the mounted Azure auth backend
|
511
|
-
:param pulumi.Input[str] description: Human-friendly description of the mount for the backend.
|
512
|
-
:param pulumi.Input[str]
|
544
|
+
:param pulumi.Input[builtins.str] backend: Path to the mounted Azure auth backend
|
545
|
+
:param pulumi.Input[builtins.str] description: Human-friendly description of the mount for the backend.
|
546
|
+
:param pulumi.Input[builtins.str] explicit_max_ttl: Specifies the explicit maximum lifetime of the lease and service principal generated using this role. If not set or set to 0, will use the system default (10 years). Requires Vault 1.18+.
|
547
|
+
:param pulumi.Input[builtins.str] max_ttl: Specifies the maximum TTL for service principals generated using this role. Accepts time
|
513
548
|
suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine max TTL time.
|
514
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
549
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
515
550
|
The value should not contain leading or trailing forward slashes.
|
516
551
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
517
552
|
*Available only for Vault Enterprise*.
|
518
|
-
:param pulumi.Input[bool] permanently_delete: Indicates whether the applications and service principals created by Vault will be permanently
|
553
|
+
:param pulumi.Input[builtins.bool] permanently_delete: Indicates whether the applications and service principals created by Vault will be permanently
|
519
554
|
deleted when the corresponding leases expire. Defaults to `false`. For Vault v1.12+.
|
520
|
-
:param pulumi.Input[str] role: Name of the Azure role
|
521
|
-
:param pulumi.Input[str] sign_in_audience: Specifies the security principal types that are allowed to sign in to the application.
|
555
|
+
:param pulumi.Input[builtins.str] role: Name of the Azure role
|
556
|
+
:param pulumi.Input[builtins.str] sign_in_audience: Specifies the security principal types that are allowed to sign in to the application.
|
522
557
|
Valid values are: AzureADMyOrg, AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount, PersonalMicrosoftAccount. Requires Vault 1.16+.
|
523
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] tags: A list of Azure tags to attach to an application. Requires Vault 1.16+.
|
524
|
-
:param pulumi.Input[str] ttl: Specifies the default TTL for service principals generated using this role.
|
558
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] tags: A list of Azure tags to attach to an application. Requires Vault 1.16+.
|
559
|
+
:param pulumi.Input[builtins.str] ttl: Specifies the default TTL for service principals generated using this role.
|
525
560
|
Accepts time suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine default TTL time.
|
526
561
|
"""
|
527
562
|
...
|
@@ -579,18 +614,19 @@ class BackendRole(pulumi.CustomResource):
|
|
579
614
|
def _internal_init(__self__,
|
580
615
|
resource_name: str,
|
581
616
|
opts: Optional[pulumi.ResourceOptions] = None,
|
582
|
-
application_object_id: Optional[pulumi.Input[str]] = None,
|
617
|
+
application_object_id: Optional[pulumi.Input[builtins.str]] = None,
|
583
618
|
azure_groups: Optional[pulumi.Input[Sequence[pulumi.Input[Union['BackendRoleAzureGroupArgs', 'BackendRoleAzureGroupArgsDict']]]]] = None,
|
584
619
|
azure_roles: Optional[pulumi.Input[Sequence[pulumi.Input[Union['BackendRoleAzureRoleArgs', 'BackendRoleAzureRoleArgsDict']]]]] = None,
|
585
|
-
backend: Optional[pulumi.Input[str]] = None,
|
586
|
-
description: Optional[pulumi.Input[str]] = None,
|
587
|
-
|
588
|
-
|
589
|
-
|
590
|
-
|
591
|
-
|
592
|
-
|
593
|
-
|
620
|
+
backend: Optional[pulumi.Input[builtins.str]] = None,
|
621
|
+
description: Optional[pulumi.Input[builtins.str]] = None,
|
622
|
+
explicit_max_ttl: Optional[pulumi.Input[builtins.str]] = None,
|
623
|
+
max_ttl: Optional[pulumi.Input[builtins.str]] = None,
|
624
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
625
|
+
permanently_delete: Optional[pulumi.Input[builtins.bool]] = None,
|
626
|
+
role: Optional[pulumi.Input[builtins.str]] = None,
|
627
|
+
sign_in_audience: Optional[pulumi.Input[builtins.str]] = None,
|
628
|
+
tags: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
629
|
+
ttl: Optional[pulumi.Input[builtins.str]] = None,
|
594
630
|
__props__=None):
|
595
631
|
opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
|
596
632
|
if not isinstance(opts, pulumi.ResourceOptions):
|
@@ -605,6 +641,7 @@ class BackendRole(pulumi.CustomResource):
|
|
605
641
|
__props__.__dict__["azure_roles"] = azure_roles
|
606
642
|
__props__.__dict__["backend"] = backend
|
607
643
|
__props__.__dict__["description"] = description
|
644
|
+
__props__.__dict__["explicit_max_ttl"] = explicit_max_ttl
|
608
645
|
__props__.__dict__["max_ttl"] = max_ttl
|
609
646
|
__props__.__dict__["namespace"] = namespace
|
610
647
|
__props__.__dict__["permanently_delete"] = permanently_delete
|
@@ -624,18 +661,19 @@ class BackendRole(pulumi.CustomResource):
|
|
624
661
|
def get(resource_name: str,
|
625
662
|
id: pulumi.Input[str],
|
626
663
|
opts: Optional[pulumi.ResourceOptions] = None,
|
627
|
-
application_object_id: Optional[pulumi.Input[str]] = None,
|
664
|
+
application_object_id: Optional[pulumi.Input[builtins.str]] = None,
|
628
665
|
azure_groups: Optional[pulumi.Input[Sequence[pulumi.Input[Union['BackendRoleAzureGroupArgs', 'BackendRoleAzureGroupArgsDict']]]]] = None,
|
629
666
|
azure_roles: Optional[pulumi.Input[Sequence[pulumi.Input[Union['BackendRoleAzureRoleArgs', 'BackendRoleAzureRoleArgsDict']]]]] = None,
|
630
|
-
backend: Optional[pulumi.Input[str]] = None,
|
631
|
-
description: Optional[pulumi.Input[str]] = None,
|
632
|
-
|
633
|
-
|
634
|
-
|
635
|
-
|
636
|
-
|
637
|
-
|
638
|
-
|
667
|
+
backend: Optional[pulumi.Input[builtins.str]] = None,
|
668
|
+
description: Optional[pulumi.Input[builtins.str]] = None,
|
669
|
+
explicit_max_ttl: Optional[pulumi.Input[builtins.str]] = None,
|
670
|
+
max_ttl: Optional[pulumi.Input[builtins.str]] = None,
|
671
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
672
|
+
permanently_delete: Optional[pulumi.Input[builtins.bool]] = None,
|
673
|
+
role: Optional[pulumi.Input[builtins.str]] = None,
|
674
|
+
sign_in_audience: Optional[pulumi.Input[builtins.str]] = None,
|
675
|
+
tags: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
676
|
+
ttl: Optional[pulumi.Input[builtins.str]] = None) -> 'BackendRole':
|
639
677
|
"""
|
640
678
|
Get an existing BackendRole resource's state with the given name, id, and optional extra
|
641
679
|
properties used to qualify the lookup.
|
@@ -643,25 +681,26 @@ class BackendRole(pulumi.CustomResource):
|
|
643
681
|
:param str resource_name: The unique name of the resulting resource.
|
644
682
|
:param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
|
645
683
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
646
|
-
:param pulumi.Input[str] application_object_id: Application Object ID for an existing service principal that will
|
684
|
+
:param pulumi.Input[builtins.str] application_object_id: Application Object ID for an existing service principal that will
|
647
685
|
be used instead of creating dynamic service principals. If present, `azure_roles` and `permanently_delete` will be ignored.
|
648
686
|
:param pulumi.Input[Sequence[pulumi.Input[Union['BackendRoleAzureGroupArgs', 'BackendRoleAzureGroupArgsDict']]]] azure_groups: List of Azure groups to be assigned to the generated service principal.
|
649
687
|
:param pulumi.Input[Sequence[pulumi.Input[Union['BackendRoleAzureRoleArgs', 'BackendRoleAzureRoleArgsDict']]]] azure_roles: List of Azure roles to be assigned to the generated service principal.
|
650
|
-
:param pulumi.Input[str] backend: Path to the mounted Azure auth backend
|
651
|
-
:param pulumi.Input[str] description: Human-friendly description of the mount for the backend.
|
652
|
-
:param pulumi.Input[str]
|
688
|
+
:param pulumi.Input[builtins.str] backend: Path to the mounted Azure auth backend
|
689
|
+
:param pulumi.Input[builtins.str] description: Human-friendly description of the mount for the backend.
|
690
|
+
:param pulumi.Input[builtins.str] explicit_max_ttl: Specifies the explicit maximum lifetime of the lease and service principal generated using this role. If not set or set to 0, will use the system default (10 years). Requires Vault 1.18+.
|
691
|
+
:param pulumi.Input[builtins.str] max_ttl: Specifies the maximum TTL for service principals generated using this role. Accepts time
|
653
692
|
suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine max TTL time.
|
654
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
693
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
655
694
|
The value should not contain leading or trailing forward slashes.
|
656
695
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
657
696
|
*Available only for Vault Enterprise*.
|
658
|
-
:param pulumi.Input[bool] permanently_delete: Indicates whether the applications and service principals created by Vault will be permanently
|
697
|
+
:param pulumi.Input[builtins.bool] permanently_delete: Indicates whether the applications and service principals created by Vault will be permanently
|
659
698
|
deleted when the corresponding leases expire. Defaults to `false`. For Vault v1.12+.
|
660
|
-
:param pulumi.Input[str] role: Name of the Azure role
|
661
|
-
:param pulumi.Input[str] sign_in_audience: Specifies the security principal types that are allowed to sign in to the application.
|
699
|
+
:param pulumi.Input[builtins.str] role: Name of the Azure role
|
700
|
+
:param pulumi.Input[builtins.str] sign_in_audience: Specifies the security principal types that are allowed to sign in to the application.
|
662
701
|
Valid values are: AzureADMyOrg, AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount, PersonalMicrosoftAccount. Requires Vault 1.16+.
|
663
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] tags: A list of Azure tags to attach to an application. Requires Vault 1.16+.
|
664
|
-
:param pulumi.Input[str] ttl: Specifies the default TTL for service principals generated using this role.
|
702
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] tags: A list of Azure tags to attach to an application. Requires Vault 1.16+.
|
703
|
+
:param pulumi.Input[builtins.str] ttl: Specifies the default TTL for service principals generated using this role.
|
665
704
|
Accepts time suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine default TTL time.
|
666
705
|
"""
|
667
706
|
opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
|
@@ -673,6 +712,7 @@ class BackendRole(pulumi.CustomResource):
|
|
673
712
|
__props__.__dict__["azure_roles"] = azure_roles
|
674
713
|
__props__.__dict__["backend"] = backend
|
675
714
|
__props__.__dict__["description"] = description
|
715
|
+
__props__.__dict__["explicit_max_ttl"] = explicit_max_ttl
|
676
716
|
__props__.__dict__["max_ttl"] = max_ttl
|
677
717
|
__props__.__dict__["namespace"] = namespace
|
678
718
|
__props__.__dict__["permanently_delete"] = permanently_delete
|
@@ -684,7 +724,7 @@ class BackendRole(pulumi.CustomResource):
|
|
684
724
|
|
685
725
|
@property
|
686
726
|
@pulumi.getter(name="applicationObjectId")
|
687
|
-
def application_object_id(self) -> pulumi.Output[Optional[str]]:
|
727
|
+
def application_object_id(self) -> pulumi.Output[Optional[builtins.str]]:
|
688
728
|
"""
|
689
729
|
Application Object ID for an existing service principal that will
|
690
730
|
be used instead of creating dynamic service principals. If present, `azure_roles` and `permanently_delete` will be ignored.
|
@@ -709,7 +749,7 @@ class BackendRole(pulumi.CustomResource):
|
|
709
749
|
|
710
750
|
@property
|
711
751
|
@pulumi.getter
|
712
|
-
def backend(self) -> pulumi.Output[Optional[str]]:
|
752
|
+
def backend(self) -> pulumi.Output[Optional[builtins.str]]:
|
713
753
|
"""
|
714
754
|
Path to the mounted Azure auth backend
|
715
755
|
"""
|
@@ -717,15 +757,23 @@ class BackendRole(pulumi.CustomResource):
|
|
717
757
|
|
718
758
|
@property
|
719
759
|
@pulumi.getter
|
720
|
-
def description(self) -> pulumi.Output[Optional[str]]:
|
760
|
+
def description(self) -> pulumi.Output[Optional[builtins.str]]:
|
721
761
|
"""
|
722
762
|
Human-friendly description of the mount for the backend.
|
723
763
|
"""
|
724
764
|
return pulumi.get(self, "description")
|
725
765
|
|
766
|
+
@property
|
767
|
+
@pulumi.getter(name="explicitMaxTtl")
|
768
|
+
def explicit_max_ttl(self) -> pulumi.Output[Optional[builtins.str]]:
|
769
|
+
"""
|
770
|
+
Specifies the explicit maximum lifetime of the lease and service principal generated using this role. If not set or set to 0, will use the system default (10 years). Requires Vault 1.18+.
|
771
|
+
"""
|
772
|
+
return pulumi.get(self, "explicit_max_ttl")
|
773
|
+
|
726
774
|
@property
|
727
775
|
@pulumi.getter(name="maxTtl")
|
728
|
-
def max_ttl(self) -> pulumi.Output[Optional[str]]:
|
776
|
+
def max_ttl(self) -> pulumi.Output[Optional[builtins.str]]:
|
729
777
|
"""
|
730
778
|
Specifies the maximum TTL for service principals generated using this role. Accepts time
|
731
779
|
suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine max TTL time.
|
@@ -734,7 +782,7 @@ class BackendRole(pulumi.CustomResource):
|
|
734
782
|
|
735
783
|
@property
|
736
784
|
@pulumi.getter
|
737
|
-
def namespace(self) -> pulumi.Output[Optional[str]]:
|
785
|
+
def namespace(self) -> pulumi.Output[Optional[builtins.str]]:
|
738
786
|
"""
|
739
787
|
The namespace to provision the resource in.
|
740
788
|
The value should not contain leading or trailing forward slashes.
|
@@ -745,7 +793,7 @@ class BackendRole(pulumi.CustomResource):
|
|
745
793
|
|
746
794
|
@property
|
747
795
|
@pulumi.getter(name="permanentlyDelete")
|
748
|
-
def permanently_delete(self) -> pulumi.Output[bool]:
|
796
|
+
def permanently_delete(self) -> pulumi.Output[builtins.bool]:
|
749
797
|
"""
|
750
798
|
Indicates whether the applications and service principals created by Vault will be permanently
|
751
799
|
deleted when the corresponding leases expire. Defaults to `false`. For Vault v1.12+.
|
@@ -754,7 +802,7 @@ class BackendRole(pulumi.CustomResource):
|
|
754
802
|
|
755
803
|
@property
|
756
804
|
@pulumi.getter
|
757
|
-
def role(self) -> pulumi.Output[str]:
|
805
|
+
def role(self) -> pulumi.Output[builtins.str]:
|
758
806
|
"""
|
759
807
|
Name of the Azure role
|
760
808
|
"""
|
@@ -762,7 +810,7 @@ class BackendRole(pulumi.CustomResource):
|
|
762
810
|
|
763
811
|
@property
|
764
812
|
@pulumi.getter(name="signInAudience")
|
765
|
-
def sign_in_audience(self) -> pulumi.Output[Optional[str]]:
|
813
|
+
def sign_in_audience(self) -> pulumi.Output[Optional[builtins.str]]:
|
766
814
|
"""
|
767
815
|
Specifies the security principal types that are allowed to sign in to the application.
|
768
816
|
Valid values are: AzureADMyOrg, AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount, PersonalMicrosoftAccount. Requires Vault 1.16+.
|
@@ -771,7 +819,7 @@ class BackendRole(pulumi.CustomResource):
|
|
771
819
|
|
772
820
|
@property
|
773
821
|
@pulumi.getter
|
774
|
-
def tags(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
822
|
+
def tags(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
|
775
823
|
"""
|
776
824
|
A list of Azure tags to attach to an application. Requires Vault 1.16+.
|
777
825
|
"""
|
@@ -779,7 +827,7 @@ class BackendRole(pulumi.CustomResource):
|
|
779
827
|
|
780
828
|
@property
|
781
829
|
@pulumi.getter
|
782
|
-
def ttl(self) -> pulumi.Output[Optional[str]]:
|
830
|
+
def ttl(self) -> pulumi.Output[Optional[builtins.str]]:
|
783
831
|
"""
|
784
832
|
Specifies the default TTL for service principals generated using this role.
|
785
833
|
Accepts time suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine default TTL time.
|