pulumi-vault 6.6.0a1741836364__py3-none-any.whl → 6.7.0__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +1 -0
- pulumi_vault/_inputs.py +583 -562
- pulumi_vault/ad/__init__.py +1 -0
- pulumi_vault/ad/get_access_credentials.py +20 -19
- pulumi_vault/ad/secret_backend.py +477 -476
- pulumi_vault/ad/secret_library.py +99 -98
- pulumi_vault/ad/secret_role.py +85 -84
- pulumi_vault/alicloud/__init__.py +1 -0
- pulumi_vault/alicloud/auth_backend_role.py +183 -182
- pulumi_vault/approle/__init__.py +1 -0
- pulumi_vault/approle/auth_backend_login.py +106 -105
- pulumi_vault/approle/auth_backend_role.py +239 -238
- pulumi_vault/approle/auth_backend_role_secret_id.py +162 -161
- pulumi_vault/approle/get_auth_backend_role_id.py +18 -17
- pulumi_vault/audit.py +85 -84
- pulumi_vault/audit_request_header.py +43 -42
- pulumi_vault/auth_backend.py +106 -105
- pulumi_vault/aws/__init__.py +1 -0
- pulumi_vault/aws/auth_backend_cert.py +71 -70
- pulumi_vault/aws/auth_backend_client.py +253 -252
- pulumi_vault/aws/auth_backend_config_identity.py +85 -84
- pulumi_vault/aws/auth_backend_identity_whitelist.py +57 -56
- pulumi_vault/aws/auth_backend_login.py +209 -208
- pulumi_vault/aws/auth_backend_role.py +400 -399
- pulumi_vault/aws/auth_backend_role_tag.py +127 -126
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +57 -56
- pulumi_vault/aws/auth_backend_sts_role.py +71 -70
- pulumi_vault/aws/get_access_credentials.py +44 -43
- pulumi_vault/aws/get_static_access_credentials.py +13 -12
- pulumi_vault/aws/secret_backend.py +337 -336
- pulumi_vault/aws/secret_backend_role.py +211 -210
- pulumi_vault/aws/secret_backend_static_role.py +113 -112
- pulumi_vault/azure/__init__.py +1 -0
- pulumi_vault/azure/_inputs.py +21 -20
- pulumi_vault/azure/auth_backend_config.py +183 -182
- pulumi_vault/azure/auth_backend_role.py +253 -252
- pulumi_vault/azure/backend.py +239 -238
- pulumi_vault/azure/backend_role.py +188 -140
- pulumi_vault/azure/get_access_credentials.py +58 -57
- pulumi_vault/azure/outputs.py +11 -10
- pulumi_vault/cert_auth_backend_role.py +365 -364
- pulumi_vault/config/__init__.py +1 -0
- pulumi_vault/config/__init__.pyi +1 -0
- pulumi_vault/config/_inputs.py +11 -10
- pulumi_vault/config/outputs.py +287 -286
- pulumi_vault/config/ui_custom_message.py +113 -112
- pulumi_vault/config/vars.py +1 -0
- pulumi_vault/consul/__init__.py +1 -0
- pulumi_vault/consul/secret_backend.py +197 -196
- pulumi_vault/consul/secret_backend_role.py +183 -182
- pulumi_vault/database/__init__.py +1 -0
- pulumi_vault/database/_inputs.py +2525 -2524
- pulumi_vault/database/outputs.py +1529 -1528
- pulumi_vault/database/secret_backend_connection.py +169 -168
- pulumi_vault/database/secret_backend_role.py +169 -168
- pulumi_vault/database/secret_backend_static_role.py +179 -178
- pulumi_vault/database/secrets_mount.py +267 -266
- pulumi_vault/egp_policy.py +71 -70
- pulumi_vault/gcp/__init__.py +1 -0
- pulumi_vault/gcp/_inputs.py +82 -81
- pulumi_vault/gcp/auth_backend.py +260 -259
- pulumi_vault/gcp/auth_backend_role.py +281 -280
- pulumi_vault/gcp/get_auth_backend_role.py +70 -69
- pulumi_vault/gcp/outputs.py +50 -49
- pulumi_vault/gcp/secret_backend.py +232 -231
- pulumi_vault/gcp/secret_impersonated_account.py +92 -91
- pulumi_vault/gcp/secret_roleset.py +92 -91
- pulumi_vault/gcp/secret_static_account.py +92 -91
- pulumi_vault/generic/__init__.py +1 -0
- pulumi_vault/generic/endpoint.py +113 -112
- pulumi_vault/generic/get_secret.py +28 -27
- pulumi_vault/generic/secret.py +78 -77
- pulumi_vault/get_auth_backend.py +19 -18
- pulumi_vault/get_auth_backends.py +14 -13
- pulumi_vault/get_namespace.py +15 -14
- pulumi_vault/get_namespaces.py +68 -18
- pulumi_vault/get_nomad_access_token.py +19 -18
- pulumi_vault/get_policy_document.py +6 -5
- pulumi_vault/get_raft_autopilot_state.py +18 -17
- pulumi_vault/github/__init__.py +1 -0
- pulumi_vault/github/_inputs.py +42 -41
- pulumi_vault/github/auth_backend.py +232 -231
- pulumi_vault/github/outputs.py +26 -25
- pulumi_vault/github/team.py +57 -56
- pulumi_vault/github/user.py +57 -56
- pulumi_vault/identity/__init__.py +1 -0
- pulumi_vault/identity/entity.py +85 -84
- pulumi_vault/identity/entity_alias.py +71 -70
- pulumi_vault/identity/entity_policies.py +64 -63
- pulumi_vault/identity/get_entity.py +43 -42
- pulumi_vault/identity/get_group.py +50 -49
- pulumi_vault/identity/get_oidc_client_creds.py +14 -13
- pulumi_vault/identity/get_oidc_openid_config.py +24 -23
- pulumi_vault/identity/get_oidc_public_keys.py +13 -12
- pulumi_vault/identity/group.py +141 -140
- pulumi_vault/identity/group_alias.py +57 -56
- pulumi_vault/identity/group_member_entity_ids.py +57 -56
- pulumi_vault/identity/group_member_group_ids.py +57 -56
- pulumi_vault/identity/group_policies.py +64 -63
- pulumi_vault/identity/mfa_duo.py +148 -147
- pulumi_vault/identity/mfa_login_enforcement.py +120 -119
- pulumi_vault/identity/mfa_okta.py +134 -133
- pulumi_vault/identity/mfa_pingid.py +127 -126
- pulumi_vault/identity/mfa_totp.py +176 -175
- pulumi_vault/identity/oidc.py +29 -28
- pulumi_vault/identity/oidc_assignment.py +57 -56
- pulumi_vault/identity/oidc_client.py +127 -126
- pulumi_vault/identity/oidc_key.py +85 -84
- pulumi_vault/identity/oidc_key_allowed_client_id.py +43 -42
- pulumi_vault/identity/oidc_provider.py +92 -91
- pulumi_vault/identity/oidc_role.py +85 -84
- pulumi_vault/identity/oidc_scope.py +57 -56
- pulumi_vault/identity/outputs.py +32 -31
- pulumi_vault/jwt/__init__.py +1 -0
- pulumi_vault/jwt/_inputs.py +42 -41
- pulumi_vault/jwt/auth_backend.py +288 -287
- pulumi_vault/jwt/auth_backend_role.py +407 -406
- pulumi_vault/jwt/outputs.py +26 -25
- pulumi_vault/kmip/__init__.py +1 -0
- pulumi_vault/kmip/secret_backend.py +183 -182
- pulumi_vault/kmip/secret_role.py +295 -294
- pulumi_vault/kmip/secret_scope.py +57 -56
- pulumi_vault/kubernetes/__init__.py +1 -0
- pulumi_vault/kubernetes/auth_backend_config.py +141 -140
- pulumi_vault/kubernetes/auth_backend_role.py +225 -224
- pulumi_vault/kubernetes/get_auth_backend_config.py +47 -46
- pulumi_vault/kubernetes/get_auth_backend_role.py +70 -69
- pulumi_vault/kubernetes/get_service_account_token.py +38 -37
- pulumi_vault/kubernetes/secret_backend.py +316 -315
- pulumi_vault/kubernetes/secret_backend_role.py +197 -196
- pulumi_vault/kv/__init__.py +1 -0
- pulumi_vault/kv/_inputs.py +21 -20
- pulumi_vault/kv/get_secret.py +17 -16
- pulumi_vault/kv/get_secret_subkeys_v2.py +30 -29
- pulumi_vault/kv/get_secret_v2.py +29 -28
- pulumi_vault/kv/get_secrets_list.py +13 -12
- pulumi_vault/kv/get_secrets_list_v2.py +19 -18
- pulumi_vault/kv/outputs.py +13 -12
- pulumi_vault/kv/secret.py +50 -49
- pulumi_vault/kv/secret_backend_v2.py +71 -70
- pulumi_vault/kv/secret_v2.py +134 -133
- pulumi_vault/ldap/__init__.py +1 -0
- pulumi_vault/ldap/auth_backend.py +588 -587
- pulumi_vault/ldap/auth_backend_group.py +57 -56
- pulumi_vault/ldap/auth_backend_user.py +71 -70
- pulumi_vault/ldap/get_dynamic_credentials.py +17 -16
- pulumi_vault/ldap/get_static_credentials.py +18 -17
- pulumi_vault/ldap/secret_backend.py +554 -553
- pulumi_vault/ldap/secret_backend_dynamic_role.py +127 -126
- pulumi_vault/ldap/secret_backend_library_set.py +99 -98
- pulumi_vault/ldap/secret_backend_static_role.py +99 -98
- pulumi_vault/managed/__init__.py +1 -0
- pulumi_vault/managed/_inputs.py +229 -228
- pulumi_vault/managed/keys.py +15 -14
- pulumi_vault/managed/outputs.py +139 -138
- pulumi_vault/mfa_duo.py +113 -112
- pulumi_vault/mfa_okta.py +113 -112
- pulumi_vault/mfa_pingid.py +120 -119
- pulumi_vault/mfa_totp.py +127 -126
- pulumi_vault/mongodbatlas/__init__.py +1 -0
- pulumi_vault/mongodbatlas/secret_backend.py +64 -63
- pulumi_vault/mongodbatlas/secret_role.py +155 -154
- pulumi_vault/mount.py +274 -273
- pulumi_vault/namespace.py +64 -63
- pulumi_vault/nomad_secret_backend.py +211 -210
- pulumi_vault/nomad_secret_role.py +85 -84
- pulumi_vault/okta/__init__.py +1 -0
- pulumi_vault/okta/_inputs.py +26 -25
- pulumi_vault/okta/auth_backend.py +274 -273
- pulumi_vault/okta/auth_backend_group.py +57 -56
- pulumi_vault/okta/auth_backend_user.py +71 -70
- pulumi_vault/okta/outputs.py +16 -15
- pulumi_vault/outputs.py +73 -60
- pulumi_vault/password_policy.py +43 -42
- pulumi_vault/pkisecret/__init__.py +1 -0
- pulumi_vault/pkisecret/_inputs.py +31 -30
- pulumi_vault/pkisecret/backend_acme_eab.py +92 -91
- pulumi_vault/pkisecret/backend_config_acme.py +141 -140
- pulumi_vault/pkisecret/backend_config_auto_tidy.py +323 -322
- pulumi_vault/pkisecret/backend_config_cluster.py +57 -56
- pulumi_vault/pkisecret/backend_config_cmpv2.py +106 -105
- pulumi_vault/pkisecret/backend_config_est.py +120 -119
- pulumi_vault/pkisecret/get_backend_cert_metadata.py +22 -21
- pulumi_vault/pkisecret/get_backend_config_cmpv2.py +22 -21
- pulumi_vault/pkisecret/get_backend_config_est.py +19 -18
- pulumi_vault/pkisecret/get_backend_issuer.py +45 -44
- pulumi_vault/pkisecret/get_backend_issuers.py +15 -14
- pulumi_vault/pkisecret/get_backend_key.py +20 -19
- pulumi_vault/pkisecret/get_backend_keys.py +15 -14
- pulumi_vault/pkisecret/outputs.py +28 -27
- pulumi_vault/pkisecret/secret_backend_cert.py +337 -336
- pulumi_vault/pkisecret/secret_backend_config_ca.py +43 -42
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +57 -56
- pulumi_vault/pkisecret/secret_backend_config_urls.py +85 -84
- pulumi_vault/pkisecret/secret_backend_crl_config.py +197 -196
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +421 -420
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +57 -56
- pulumi_vault/pkisecret/secret_backend_issuer.py +232 -231
- pulumi_vault/pkisecret/secret_backend_key.py +120 -119
- pulumi_vault/pkisecret/secret_backend_role.py +715 -714
- pulumi_vault/pkisecret/secret_backend_root_cert.py +554 -553
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +526 -525
- pulumi_vault/pkisecret/secret_backend_sign.py +281 -280
- pulumi_vault/plugin.py +127 -126
- pulumi_vault/plugin_pinned_version.py +43 -42
- pulumi_vault/policy.py +43 -42
- pulumi_vault/provider.py +120 -119
- pulumi_vault/pulumi-plugin.json +1 -1
- pulumi_vault/quota_lease_count.py +85 -84
- pulumi_vault/quota_rate_limit.py +113 -112
- pulumi_vault/rabbitmq/__init__.py +1 -0
- pulumi_vault/rabbitmq/_inputs.py +41 -40
- pulumi_vault/rabbitmq/outputs.py +25 -24
- pulumi_vault/rabbitmq/secret_backend.py +169 -168
- pulumi_vault/rabbitmq/secret_backend_role.py +57 -56
- pulumi_vault/raft_autopilot.py +113 -112
- pulumi_vault/raft_snapshot_agent_config.py +393 -392
- pulumi_vault/rgp_policy.py +57 -56
- pulumi_vault/saml/__init__.py +1 -0
- pulumi_vault/saml/auth_backend.py +155 -154
- pulumi_vault/saml/auth_backend_role.py +239 -238
- pulumi_vault/secrets/__init__.py +1 -0
- pulumi_vault/secrets/_inputs.py +16 -15
- pulumi_vault/secrets/outputs.py +10 -9
- pulumi_vault/secrets/sync_association.py +71 -70
- pulumi_vault/secrets/sync_aws_destination.py +148 -147
- pulumi_vault/secrets/sync_azure_destination.py +148 -147
- pulumi_vault/secrets/sync_config.py +43 -42
- pulumi_vault/secrets/sync_gcp_destination.py +106 -105
- pulumi_vault/secrets/sync_gh_destination.py +134 -133
- pulumi_vault/secrets/sync_github_apps.py +64 -63
- pulumi_vault/secrets/sync_vercel_destination.py +120 -119
- pulumi_vault/ssh/__init__.py +1 -0
- pulumi_vault/ssh/_inputs.py +11 -10
- pulumi_vault/ssh/get_secret_backend_sign.py +52 -51
- pulumi_vault/ssh/outputs.py +7 -6
- pulumi_vault/ssh/secret_backend_ca.py +99 -98
- pulumi_vault/ssh/secret_backend_role.py +365 -364
- pulumi_vault/terraformcloud/__init__.py +1 -0
- pulumi_vault/terraformcloud/secret_backend.py +111 -110
- pulumi_vault/terraformcloud/secret_creds.py +74 -73
- pulumi_vault/terraformcloud/secret_role.py +93 -92
- pulumi_vault/token.py +246 -245
- pulumi_vault/tokenauth/__init__.py +1 -0
- pulumi_vault/tokenauth/auth_backend_role.py +267 -266
- pulumi_vault/transform/__init__.py +1 -0
- pulumi_vault/transform/alphabet.py +57 -56
- pulumi_vault/transform/get_decode.py +47 -46
- pulumi_vault/transform/get_encode.py +47 -46
- pulumi_vault/transform/role.py +57 -56
- pulumi_vault/transform/template.py +113 -112
- pulumi_vault/transform/transformation.py +141 -140
- pulumi_vault/transit/__init__.py +1 -0
- pulumi_vault/transit/get_decrypt.py +18 -17
- pulumi_vault/transit/get_encrypt.py +21 -20
- pulumi_vault/transit/get_sign.py +54 -53
- pulumi_vault/transit/get_verify.py +60 -59
- pulumi_vault/transit/secret_backend_key.py +274 -273
- pulumi_vault/transit/secret_cache_config.py +43 -42
- {pulumi_vault-6.6.0a1741836364.dist-info → pulumi_vault-6.7.0.dist-info}/METADATA +2 -2
- pulumi_vault-6.7.0.dist-info/RECORD +265 -0
- {pulumi_vault-6.6.0a1741836364.dist-info → pulumi_vault-6.7.0.dist-info}/WHEEL +1 -1
- pulumi_vault-6.6.0a1741836364.dist-info/RECORD +0 -265
- {pulumi_vault-6.6.0a1741836364.dist-info → pulumi_vault-6.7.0.dist-info}/top_level.txt +0 -0
@@ -2,6 +2,7 @@
|
|
2
2
|
# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
|
3
3
|
# *** Do not edit by hand unless you're certain you know what you are doing! ***
|
4
4
|
|
5
|
+
import builtins
|
5
6
|
import copy
|
6
7
|
import warnings
|
7
8
|
import sys
|
@@ -60,12 +61,12 @@ class GetAuthBackendConfigResult:
|
|
60
61
|
|
61
62
|
@property
|
62
63
|
@pulumi.getter
|
63
|
-
def backend(self) -> Optional[str]:
|
64
|
+
def backend(self) -> Optional[builtins.str]:
|
64
65
|
return pulumi.get(self, "backend")
|
65
66
|
|
66
67
|
@property
|
67
68
|
@pulumi.getter(name="disableIssValidation")
|
68
|
-
def disable_iss_validation(self) -> bool:
|
69
|
+
def disable_iss_validation(self) -> builtins.bool:
|
69
70
|
"""
|
70
71
|
(Optional) Disable JWT issuer validation. Allows to skip ISS validation. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
|
71
72
|
"""
|
@@ -73,7 +74,7 @@ class GetAuthBackendConfigResult:
|
|
73
74
|
|
74
75
|
@property
|
75
76
|
@pulumi.getter(name="disableLocalCaJwt")
|
76
|
-
def disable_local_ca_jwt(self) -> bool:
|
77
|
+
def disable_local_ca_jwt(self) -> builtins.bool:
|
77
78
|
"""
|
78
79
|
(Optional) Disable defaulting to the local CA cert and service account JWT when running in a Kubernetes pod. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
|
79
80
|
"""
|
@@ -81,7 +82,7 @@ class GetAuthBackendConfigResult:
|
|
81
82
|
|
82
83
|
@property
|
83
84
|
@pulumi.getter
|
84
|
-
def id(self) -> str:
|
85
|
+
def id(self) -> builtins.str:
|
85
86
|
"""
|
86
87
|
The provider-assigned unique ID for this managed resource.
|
87
88
|
"""
|
@@ -89,7 +90,7 @@ class GetAuthBackendConfigResult:
|
|
89
90
|
|
90
91
|
@property
|
91
92
|
@pulumi.getter
|
92
|
-
def issuer(self) -> str:
|
93
|
+
def issuer(self) -> builtins.str:
|
93
94
|
"""
|
94
95
|
Optional JWT issuer. If no issuer is specified, `kubernetes.io/serviceaccount` will be used as the default issuer.
|
95
96
|
"""
|
@@ -97,7 +98,7 @@ class GetAuthBackendConfigResult:
|
|
97
98
|
|
98
99
|
@property
|
99
100
|
@pulumi.getter(name="kubernetesCaCert")
|
100
|
-
def kubernetes_ca_cert(self) -> str:
|
101
|
+
def kubernetes_ca_cert(self) -> builtins.str:
|
101
102
|
"""
|
102
103
|
PEM encoded CA cert for use by the TLS client used to talk with the Kubernetes API.
|
103
104
|
"""
|
@@ -105,7 +106,7 @@ class GetAuthBackendConfigResult:
|
|
105
106
|
|
106
107
|
@property
|
107
108
|
@pulumi.getter(name="kubernetesHost")
|
108
|
-
def kubernetes_host(self) -> str:
|
109
|
+
def kubernetes_host(self) -> builtins.str:
|
109
110
|
"""
|
110
111
|
Host must be a host string, a host:port pair, or a URL to the base of the Kubernetes API server.
|
111
112
|
"""
|
@@ -113,12 +114,12 @@ class GetAuthBackendConfigResult:
|
|
113
114
|
|
114
115
|
@property
|
115
116
|
@pulumi.getter
|
116
|
-
def namespace(self) -> Optional[str]:
|
117
|
+
def namespace(self) -> Optional[builtins.str]:
|
117
118
|
return pulumi.get(self, "namespace")
|
118
119
|
|
119
120
|
@property
|
120
121
|
@pulumi.getter(name="pemKeys")
|
121
|
-
def pem_keys(self) -> Sequence[str]:
|
122
|
+
def pem_keys(self) -> Sequence[builtins.str]:
|
122
123
|
"""
|
123
124
|
Optional list of PEM-formatted public keys or certificates used to verify the signatures of Kubernetes service account JWTs. If a certificate is given, its public key will be extracted. Not every installation of Kubernetes exposes these keys.
|
124
125
|
"""
|
@@ -126,7 +127,7 @@ class GetAuthBackendConfigResult:
|
|
126
127
|
|
127
128
|
@property
|
128
129
|
@pulumi.getter(name="useAnnotationsAsAliasMetadata")
|
129
|
-
def use_annotations_as_alias_metadata(self) -> bool:
|
130
|
+
def use_annotations_as_alias_metadata(self) -> builtins.bool:
|
130
131
|
"""
|
131
132
|
(Optional) Use annotations from the client token's associated service account as alias metadata for the Vault entity. Requires Vault `v1.16+` or Vault auth kubernetes plugin `v0.18.0+`
|
132
133
|
"""
|
@@ -151,15 +152,15 @@ class AwaitableGetAuthBackendConfigResult(GetAuthBackendConfigResult):
|
|
151
152
|
use_annotations_as_alias_metadata=self.use_annotations_as_alias_metadata)
|
152
153
|
|
153
154
|
|
154
|
-
def get_auth_backend_config(backend: Optional[str] = None,
|
155
|
-
disable_iss_validation: Optional[bool] = None,
|
156
|
-
disable_local_ca_jwt: Optional[bool] = None,
|
157
|
-
issuer: Optional[str] = None,
|
158
|
-
kubernetes_ca_cert: Optional[str] = None,
|
159
|
-
kubernetes_host: Optional[str] = None,
|
160
|
-
namespace: Optional[str] = None,
|
161
|
-
pem_keys: Optional[Sequence[str]] = None,
|
162
|
-
use_annotations_as_alias_metadata: Optional[bool] = None,
|
155
|
+
def get_auth_backend_config(backend: Optional[builtins.str] = None,
|
156
|
+
disable_iss_validation: Optional[builtins.bool] = None,
|
157
|
+
disable_local_ca_jwt: Optional[builtins.bool] = None,
|
158
|
+
issuer: Optional[builtins.str] = None,
|
159
|
+
kubernetes_ca_cert: Optional[builtins.str] = None,
|
160
|
+
kubernetes_host: Optional[builtins.str] = None,
|
161
|
+
namespace: Optional[builtins.str] = None,
|
162
|
+
pem_keys: Optional[Sequence[builtins.str]] = None,
|
163
|
+
use_annotations_as_alias_metadata: Optional[builtins.bool] = None,
|
163
164
|
opts: Optional[pulumi.InvokeOptions] = None) -> AwaitableGetAuthBackendConfigResult:
|
164
165
|
"""
|
165
166
|
Reads the Role of an Kubernetes from a Vault server. See the [Vault
|
@@ -167,19 +168,19 @@ def get_auth_backend_config(backend: Optional[str] = None,
|
|
167
168
|
information.
|
168
169
|
|
169
170
|
|
170
|
-
:param str backend: The unique name for the Kubernetes backend the config to
|
171
|
+
:param builtins.str backend: The unique name for the Kubernetes backend the config to
|
171
172
|
retrieve Role attributes for resides in. Defaults to "kubernetes".
|
172
|
-
:param bool disable_iss_validation: (Optional) Disable JWT issuer validation. Allows to skip ISS validation. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
|
173
|
-
:param bool disable_local_ca_jwt: (Optional) Disable defaulting to the local CA cert and service account JWT when running in a Kubernetes pod. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
|
174
|
-
:param str issuer: Optional JWT issuer. If no issuer is specified, `kubernetes.io/serviceaccount` will be used as the default issuer.
|
175
|
-
:param str kubernetes_ca_cert: PEM encoded CA cert for use by the TLS client used to talk with the Kubernetes API.
|
176
|
-
:param str kubernetes_host: Host must be a host string, a host:port pair, or a URL to the base of the Kubernetes API server.
|
177
|
-
:param str namespace: The namespace of the target resource.
|
173
|
+
:param builtins.bool disable_iss_validation: (Optional) Disable JWT issuer validation. Allows to skip ISS validation. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
|
174
|
+
:param builtins.bool disable_local_ca_jwt: (Optional) Disable defaulting to the local CA cert and service account JWT when running in a Kubernetes pod. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
|
175
|
+
:param builtins.str issuer: Optional JWT issuer. If no issuer is specified, `kubernetes.io/serviceaccount` will be used as the default issuer.
|
176
|
+
:param builtins.str kubernetes_ca_cert: PEM encoded CA cert for use by the TLS client used to talk with the Kubernetes API.
|
177
|
+
:param builtins.str kubernetes_host: Host must be a host string, a host:port pair, or a URL to the base of the Kubernetes API server.
|
178
|
+
:param builtins.str namespace: The namespace of the target resource.
|
178
179
|
The value should not contain leading or trailing forward slashes.
|
179
180
|
The `namespace` is always relative to the provider's configured namespace.
|
180
181
|
*Available only for Vault Enterprise*.
|
181
|
-
:param Sequence[str] pem_keys: Optional list of PEM-formatted public keys or certificates used to verify the signatures of Kubernetes service account JWTs. If a certificate is given, its public key will be extracted. Not every installation of Kubernetes exposes these keys.
|
182
|
-
:param bool use_annotations_as_alias_metadata: (Optional) Use annotations from the client token's associated service account as alias metadata for the Vault entity. Requires Vault `v1.16+` or Vault auth kubernetes plugin `v0.18.0+`
|
182
|
+
:param Sequence[builtins.str] pem_keys: Optional list of PEM-formatted public keys or certificates used to verify the signatures of Kubernetes service account JWTs. If a certificate is given, its public key will be extracted. Not every installation of Kubernetes exposes these keys.
|
183
|
+
:param builtins.bool use_annotations_as_alias_metadata: (Optional) Use annotations from the client token's associated service account as alias metadata for the Vault entity. Requires Vault `v1.16+` or Vault auth kubernetes plugin `v0.18.0+`
|
183
184
|
"""
|
184
185
|
__args__ = dict()
|
185
186
|
__args__['backend'] = backend
|
@@ -205,15 +206,15 @@ def get_auth_backend_config(backend: Optional[str] = None,
|
|
205
206
|
namespace=pulumi.get(__ret__, 'namespace'),
|
206
207
|
pem_keys=pulumi.get(__ret__, 'pem_keys'),
|
207
208
|
use_annotations_as_alias_metadata=pulumi.get(__ret__, 'use_annotations_as_alias_metadata'))
|
208
|
-
def get_auth_backend_config_output(backend: Optional[pulumi.Input[Optional[str]]] = None,
|
209
|
-
disable_iss_validation: Optional[pulumi.Input[Optional[bool]]] = None,
|
210
|
-
disable_local_ca_jwt: Optional[pulumi.Input[Optional[bool]]] = None,
|
211
|
-
issuer: Optional[pulumi.Input[Optional[str]]] = None,
|
212
|
-
kubernetes_ca_cert: Optional[pulumi.Input[Optional[str]]] = None,
|
213
|
-
kubernetes_host: Optional[pulumi.Input[Optional[str]]] = None,
|
214
|
-
namespace: Optional[pulumi.Input[Optional[str]]] = None,
|
215
|
-
pem_keys: Optional[pulumi.Input[Optional[Sequence[str]]]] = None,
|
216
|
-
use_annotations_as_alias_metadata: Optional[pulumi.Input[Optional[bool]]] = None,
|
209
|
+
def get_auth_backend_config_output(backend: Optional[pulumi.Input[Optional[builtins.str]]] = None,
|
210
|
+
disable_iss_validation: Optional[pulumi.Input[Optional[builtins.bool]]] = None,
|
211
|
+
disable_local_ca_jwt: Optional[pulumi.Input[Optional[builtins.bool]]] = None,
|
212
|
+
issuer: Optional[pulumi.Input[Optional[builtins.str]]] = None,
|
213
|
+
kubernetes_ca_cert: Optional[pulumi.Input[Optional[builtins.str]]] = None,
|
214
|
+
kubernetes_host: Optional[pulumi.Input[Optional[builtins.str]]] = None,
|
215
|
+
namespace: Optional[pulumi.Input[Optional[builtins.str]]] = None,
|
216
|
+
pem_keys: Optional[pulumi.Input[Optional[Sequence[builtins.str]]]] = None,
|
217
|
+
use_annotations_as_alias_metadata: Optional[pulumi.Input[Optional[builtins.bool]]] = None,
|
217
218
|
opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetAuthBackendConfigResult]:
|
218
219
|
"""
|
219
220
|
Reads the Role of an Kubernetes from a Vault server. See the [Vault
|
@@ -221,19 +222,19 @@ def get_auth_backend_config_output(backend: Optional[pulumi.Input[Optional[str]]
|
|
221
222
|
information.
|
222
223
|
|
223
224
|
|
224
|
-
:param str backend: The unique name for the Kubernetes backend the config to
|
225
|
+
:param builtins.str backend: The unique name for the Kubernetes backend the config to
|
225
226
|
retrieve Role attributes for resides in. Defaults to "kubernetes".
|
226
|
-
:param bool disable_iss_validation: (Optional) Disable JWT issuer validation. Allows to skip ISS validation. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
|
227
|
-
:param bool disable_local_ca_jwt: (Optional) Disable defaulting to the local CA cert and service account JWT when running in a Kubernetes pod. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
|
228
|
-
:param str issuer: Optional JWT issuer. If no issuer is specified, `kubernetes.io/serviceaccount` will be used as the default issuer.
|
229
|
-
:param str kubernetes_ca_cert: PEM encoded CA cert for use by the TLS client used to talk with the Kubernetes API.
|
230
|
-
:param str kubernetes_host: Host must be a host string, a host:port pair, or a URL to the base of the Kubernetes API server.
|
231
|
-
:param str namespace: The namespace of the target resource.
|
227
|
+
:param builtins.bool disable_iss_validation: (Optional) Disable JWT issuer validation. Allows to skip ISS validation. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
|
228
|
+
:param builtins.bool disable_local_ca_jwt: (Optional) Disable defaulting to the local CA cert and service account JWT when running in a Kubernetes pod. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
|
229
|
+
:param builtins.str issuer: Optional JWT issuer. If no issuer is specified, `kubernetes.io/serviceaccount` will be used as the default issuer.
|
230
|
+
:param builtins.str kubernetes_ca_cert: PEM encoded CA cert for use by the TLS client used to talk with the Kubernetes API.
|
231
|
+
:param builtins.str kubernetes_host: Host must be a host string, a host:port pair, or a URL to the base of the Kubernetes API server.
|
232
|
+
:param builtins.str namespace: The namespace of the target resource.
|
232
233
|
The value should not contain leading or trailing forward slashes.
|
233
234
|
The `namespace` is always relative to the provider's configured namespace.
|
234
235
|
*Available only for Vault Enterprise*.
|
235
|
-
:param Sequence[str] pem_keys: Optional list of PEM-formatted public keys or certificates used to verify the signatures of Kubernetes service account JWTs. If a certificate is given, its public key will be extracted. Not every installation of Kubernetes exposes these keys.
|
236
|
-
:param bool use_annotations_as_alias_metadata: (Optional) Use annotations from the client token's associated service account as alias metadata for the Vault entity. Requires Vault `v1.16+` or Vault auth kubernetes plugin `v0.18.0+`
|
236
|
+
:param Sequence[builtins.str] pem_keys: Optional list of PEM-formatted public keys or certificates used to verify the signatures of Kubernetes service account JWTs. If a certificate is given, its public key will be extracted. Not every installation of Kubernetes exposes these keys.
|
237
|
+
:param builtins.bool use_annotations_as_alias_metadata: (Optional) Use annotations from the client token's associated service account as alias metadata for the Vault entity. Requires Vault `v1.16+` or Vault auth kubernetes plugin `v0.18.0+`
|
237
238
|
"""
|
238
239
|
__args__ = dict()
|
239
240
|
__args__['backend'] = backend
|
@@ -2,6 +2,7 @@
|
|
2
2
|
# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
|
3
3
|
# *** Do not edit by hand unless you're certain you know what you are doing! ***
|
4
4
|
|
5
|
+
import builtins
|
5
6
|
import copy
|
6
7
|
import warnings
|
7
8
|
import sys
|
@@ -81,7 +82,7 @@ class GetAuthBackendRoleResult:
|
|
81
82
|
|
82
83
|
@property
|
83
84
|
@pulumi.getter(name="aliasNameSource")
|
84
|
-
def alias_name_source(self) -> str:
|
85
|
+
def alias_name_source(self) -> builtins.str:
|
85
86
|
"""
|
86
87
|
Method used for generating identity aliases. (vault-1.9+)
|
87
88
|
"""
|
@@ -89,7 +90,7 @@ class GetAuthBackendRoleResult:
|
|
89
90
|
|
90
91
|
@property
|
91
92
|
@pulumi.getter
|
92
|
-
def audience(self) -> Optional[str]:
|
93
|
+
def audience(self) -> Optional[builtins.str]:
|
93
94
|
"""
|
94
95
|
Audience claim to verify in the JWT.
|
95
96
|
"""
|
@@ -97,12 +98,12 @@ class GetAuthBackendRoleResult:
|
|
97
98
|
|
98
99
|
@property
|
99
100
|
@pulumi.getter
|
100
|
-
def backend(self) -> Optional[str]:
|
101
|
+
def backend(self) -> Optional[builtins.str]:
|
101
102
|
return pulumi.get(self, "backend")
|
102
103
|
|
103
104
|
@property
|
104
105
|
@pulumi.getter(name="boundServiceAccountNames")
|
105
|
-
def bound_service_account_names(self) -> Sequence[str]:
|
106
|
+
def bound_service_account_names(self) -> Sequence[builtins.str]:
|
106
107
|
"""
|
107
108
|
List of service account names able to access this role. If set to "*" all names are allowed, both this and bound_service_account_namespaces can not be "*".
|
108
109
|
"""
|
@@ -110,7 +111,7 @@ class GetAuthBackendRoleResult:
|
|
110
111
|
|
111
112
|
@property
|
112
113
|
@pulumi.getter(name="boundServiceAccountNamespaces")
|
113
|
-
def bound_service_account_namespaces(self) -> Sequence[str]:
|
114
|
+
def bound_service_account_namespaces(self) -> Sequence[builtins.str]:
|
114
115
|
"""
|
115
116
|
List of namespaces allowed to access this role. If set to "*" all namespaces are allowed, both this and bound_service_account_names can not be set to "*".
|
116
117
|
"""
|
@@ -118,7 +119,7 @@ class GetAuthBackendRoleResult:
|
|
118
119
|
|
119
120
|
@property
|
120
121
|
@pulumi.getter
|
121
|
-
def id(self) -> str:
|
122
|
+
def id(self) -> builtins.str:
|
122
123
|
"""
|
123
124
|
The provider-assigned unique ID for this managed resource.
|
124
125
|
"""
|
@@ -126,17 +127,17 @@ class GetAuthBackendRoleResult:
|
|
126
127
|
|
127
128
|
@property
|
128
129
|
@pulumi.getter
|
129
|
-
def namespace(self) -> Optional[str]:
|
130
|
+
def namespace(self) -> Optional[builtins.str]:
|
130
131
|
return pulumi.get(self, "namespace")
|
131
132
|
|
132
133
|
@property
|
133
134
|
@pulumi.getter(name="roleName")
|
134
|
-
def role_name(self) -> str:
|
135
|
+
def role_name(self) -> builtins.str:
|
135
136
|
return pulumi.get(self, "role_name")
|
136
137
|
|
137
138
|
@property
|
138
139
|
@pulumi.getter(name="tokenBoundCidrs")
|
139
|
-
def token_bound_cidrs(self) -> Optional[Sequence[str]]:
|
140
|
+
def token_bound_cidrs(self) -> Optional[Sequence[builtins.str]]:
|
140
141
|
"""
|
141
142
|
List of CIDR blocks; if set, specifies blocks of IP
|
142
143
|
addresses which can authenticate successfully, and ties the resulting token to these blocks
|
@@ -146,7 +147,7 @@ class GetAuthBackendRoleResult:
|
|
146
147
|
|
147
148
|
@property
|
148
149
|
@pulumi.getter(name="tokenExplicitMaxTtl")
|
149
|
-
def token_explicit_max_ttl(self) -> Optional[int]:
|
150
|
+
def token_explicit_max_ttl(self) -> Optional[builtins.int]:
|
150
151
|
"""
|
151
152
|
If set, will encode an
|
152
153
|
[explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
|
@@ -157,7 +158,7 @@ class GetAuthBackendRoleResult:
|
|
157
158
|
|
158
159
|
@property
|
159
160
|
@pulumi.getter(name="tokenMaxTtl")
|
160
|
-
def token_max_ttl(self) -> Optional[int]:
|
161
|
+
def token_max_ttl(self) -> Optional[builtins.int]:
|
161
162
|
"""
|
162
163
|
The maximum lifetime for generated tokens in number of seconds.
|
163
164
|
Its current value will be referenced at renewal time.
|
@@ -166,7 +167,7 @@ class GetAuthBackendRoleResult:
|
|
166
167
|
|
167
168
|
@property
|
168
169
|
@pulumi.getter(name="tokenNoDefaultPolicy")
|
169
|
-
def token_no_default_policy(self) -> Optional[bool]:
|
170
|
+
def token_no_default_policy(self) -> Optional[builtins.bool]:
|
170
171
|
"""
|
171
172
|
If set, the default policy will not be set on
|
172
173
|
generated tokens; otherwise it will be added to the policies set in token_policies.
|
@@ -175,7 +176,7 @@ class GetAuthBackendRoleResult:
|
|
175
176
|
|
176
177
|
@property
|
177
178
|
@pulumi.getter(name="tokenNumUses")
|
178
|
-
def token_num_uses(self) -> Optional[int]:
|
179
|
+
def token_num_uses(self) -> Optional[builtins.int]:
|
179
180
|
"""
|
180
181
|
The
|
181
182
|
[period](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls),
|
@@ -185,7 +186,7 @@ class GetAuthBackendRoleResult:
|
|
185
186
|
|
186
187
|
@property
|
187
188
|
@pulumi.getter(name="tokenPeriod")
|
188
|
-
def token_period(self) -> Optional[int]:
|
189
|
+
def token_period(self) -> Optional[builtins.int]:
|
189
190
|
"""
|
190
191
|
(Optional) If set, indicates that the
|
191
192
|
token generated using this role should never expire. The token should be renewed within the
|
@@ -196,7 +197,7 @@ class GetAuthBackendRoleResult:
|
|
196
197
|
|
197
198
|
@property
|
198
199
|
@pulumi.getter(name="tokenPolicies")
|
199
|
-
def token_policies(self) -> Optional[Sequence[str]]:
|
200
|
+
def token_policies(self) -> Optional[Sequence[builtins.str]]:
|
200
201
|
"""
|
201
202
|
List of policies to encode onto generated tokens. Depending
|
202
203
|
on the auth method, this list may be supplemented by user/group/other values.
|
@@ -205,7 +206,7 @@ class GetAuthBackendRoleResult:
|
|
205
206
|
|
206
207
|
@property
|
207
208
|
@pulumi.getter(name="tokenTtl")
|
208
|
-
def token_ttl(self) -> Optional[int]:
|
209
|
+
def token_ttl(self) -> Optional[builtins.int]:
|
209
210
|
"""
|
210
211
|
The incremental lifetime for generated tokens in number of seconds.
|
211
212
|
Its current value will be referenced at renewal time.
|
@@ -214,7 +215,7 @@ class GetAuthBackendRoleResult:
|
|
214
215
|
|
215
216
|
@property
|
216
217
|
@pulumi.getter(name="tokenType")
|
217
|
-
def token_type(self) -> Optional[str]:
|
218
|
+
def token_type(self) -> Optional[builtins.str]:
|
218
219
|
"""
|
219
220
|
The type of token that should be generated. Can be `service`,
|
220
221
|
`batch`, or `default` to use the mount's tuned default (which unless changed will be
|
@@ -250,19 +251,19 @@ class AwaitableGetAuthBackendRoleResult(GetAuthBackendRoleResult):
|
|
250
251
|
token_type=self.token_type)
|
251
252
|
|
252
253
|
|
253
|
-
def get_auth_backend_role(audience: Optional[str] = None,
|
254
|
-
backend: Optional[str] = None,
|
255
|
-
namespace: Optional[str] = None,
|
256
|
-
role_name: Optional[str] = None,
|
257
|
-
token_bound_cidrs: Optional[Sequence[str]] = None,
|
258
|
-
token_explicit_max_ttl: Optional[int] = None,
|
259
|
-
token_max_ttl: Optional[int] = None,
|
260
|
-
token_no_default_policy: Optional[bool] = None,
|
261
|
-
token_num_uses: Optional[int] = None,
|
262
|
-
token_period: Optional[int] = None,
|
263
|
-
token_policies: Optional[Sequence[str]] = None,
|
264
|
-
token_ttl: Optional[int] = None,
|
265
|
-
token_type: Optional[str] = None,
|
254
|
+
def get_auth_backend_role(audience: Optional[builtins.str] = None,
|
255
|
+
backend: Optional[builtins.str] = None,
|
256
|
+
namespace: Optional[builtins.str] = None,
|
257
|
+
role_name: Optional[builtins.str] = None,
|
258
|
+
token_bound_cidrs: Optional[Sequence[builtins.str]] = None,
|
259
|
+
token_explicit_max_ttl: Optional[builtins.int] = None,
|
260
|
+
token_max_ttl: Optional[builtins.int] = None,
|
261
|
+
token_no_default_policy: Optional[builtins.bool] = None,
|
262
|
+
token_num_uses: Optional[builtins.int] = None,
|
263
|
+
token_period: Optional[builtins.int] = None,
|
264
|
+
token_policies: Optional[Sequence[builtins.str]] = None,
|
265
|
+
token_ttl: Optional[builtins.int] = None,
|
266
|
+
token_type: Optional[builtins.str] = None,
|
266
267
|
opts: Optional[pulumi.InvokeOptions] = None) -> AwaitableGetAuthBackendRoleResult:
|
267
268
|
"""
|
268
269
|
Reads the Role of an Kubernetes from a Vault server. See the [Vault
|
@@ -270,37 +271,37 @@ def get_auth_backend_role(audience: Optional[str] = None,
|
|
270
271
|
information.
|
271
272
|
|
272
273
|
|
273
|
-
:param str audience: Audience claim to verify in the JWT.
|
274
|
-
:param str backend: The unique name for the Kubernetes backend the role to
|
274
|
+
:param builtins.str audience: Audience claim to verify in the JWT.
|
275
|
+
:param builtins.str backend: The unique name for the Kubernetes backend the role to
|
275
276
|
retrieve Role attributes for resides in. Defaults to "kubernetes".
|
276
|
-
:param str namespace: The namespace of the target resource.
|
277
|
+
:param builtins.str namespace: The namespace of the target resource.
|
277
278
|
The value should not contain leading or trailing forward slashes.
|
278
279
|
The `namespace` is always relative to the provider's configured namespace.
|
279
280
|
*Available only for Vault Enterprise*.
|
280
|
-
:param str role_name: The name of the role to retrieve the Role attributes for.
|
281
|
-
:param Sequence[str] token_bound_cidrs: List of CIDR blocks; if set, specifies blocks of IP
|
281
|
+
:param builtins.str role_name: The name of the role to retrieve the Role attributes for.
|
282
|
+
:param Sequence[builtins.str] token_bound_cidrs: List of CIDR blocks; if set, specifies blocks of IP
|
282
283
|
addresses which can authenticate successfully, and ties the resulting token to these blocks
|
283
284
|
as well.
|
284
|
-
:param int token_explicit_max_ttl: If set, will encode an
|
285
|
+
:param builtins.int token_explicit_max_ttl: If set, will encode an
|
285
286
|
[explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
|
286
287
|
onto the token in number of seconds. This is a hard cap even if `token_ttl` and
|
287
288
|
`token_max_ttl` would otherwise allow a renewal.
|
288
|
-
:param int token_max_ttl: The maximum lifetime for generated tokens in number of seconds.
|
289
|
+
:param builtins.int token_max_ttl: The maximum lifetime for generated tokens in number of seconds.
|
289
290
|
Its current value will be referenced at renewal time.
|
290
|
-
:param bool token_no_default_policy: If set, the default policy will not be set on
|
291
|
+
:param builtins.bool token_no_default_policy: If set, the default policy will not be set on
|
291
292
|
generated tokens; otherwise it will be added to the policies set in token_policies.
|
292
|
-
:param int token_num_uses: The
|
293
|
+
:param builtins.int token_num_uses: The
|
293
294
|
[period](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls),
|
294
295
|
if any, in number of seconds to set on the token.
|
295
|
-
:param int token_period: (Optional) If set, indicates that the
|
296
|
+
:param builtins.int token_period: (Optional) If set, indicates that the
|
296
297
|
token generated using this role should never expire. The token should be renewed within the
|
297
298
|
duration specified by this value. At each renewal, the token's TTL will be set to the
|
298
299
|
value of this field. Specified in seconds.
|
299
|
-
:param Sequence[str] token_policies: List of policies to encode onto generated tokens. Depending
|
300
|
+
:param Sequence[builtins.str] token_policies: List of policies to encode onto generated tokens. Depending
|
300
301
|
on the auth method, this list may be supplemented by user/group/other values.
|
301
|
-
:param int token_ttl: The incremental lifetime for generated tokens in number of seconds.
|
302
|
+
:param builtins.int token_ttl: The incremental lifetime for generated tokens in number of seconds.
|
302
303
|
Its current value will be referenced at renewal time.
|
303
|
-
:param str token_type: The type of token that should be generated. Can be `service`,
|
304
|
+
:param builtins.str token_type: The type of token that should be generated. Can be `service`,
|
304
305
|
`batch`, or `default` to use the mount's tuned default (which unless changed will be
|
305
306
|
`service` tokens). For token store roles, there are two additional possibilities:
|
306
307
|
`default-service` and `default-batch` which specify the type to return unless the client
|
@@ -341,19 +342,19 @@ def get_auth_backend_role(audience: Optional[str] = None,
|
|
341
342
|
token_policies=pulumi.get(__ret__, 'token_policies'),
|
342
343
|
token_ttl=pulumi.get(__ret__, 'token_ttl'),
|
343
344
|
token_type=pulumi.get(__ret__, 'token_type'))
|
344
|
-
def get_auth_backend_role_output(audience: Optional[pulumi.Input[Optional[str]]] = None,
|
345
|
-
backend: Optional[pulumi.Input[Optional[str]]] = None,
|
346
|
-
namespace: Optional[pulumi.Input[Optional[str]]] = None,
|
347
|
-
role_name: Optional[pulumi.Input[str]] = None,
|
348
|
-
token_bound_cidrs: Optional[pulumi.Input[Optional[Sequence[str]]]] = None,
|
349
|
-
token_explicit_max_ttl: Optional[pulumi.Input[Optional[int]]] = None,
|
350
|
-
token_max_ttl: Optional[pulumi.Input[Optional[int]]] = None,
|
351
|
-
token_no_default_policy: Optional[pulumi.Input[Optional[bool]]] = None,
|
352
|
-
token_num_uses: Optional[pulumi.Input[Optional[int]]] = None,
|
353
|
-
token_period: Optional[pulumi.Input[Optional[int]]] = None,
|
354
|
-
token_policies: Optional[pulumi.Input[Optional[Sequence[str]]]] = None,
|
355
|
-
token_ttl: Optional[pulumi.Input[Optional[int]]] = None,
|
356
|
-
token_type: Optional[pulumi.Input[Optional[str]]] = None,
|
345
|
+
def get_auth_backend_role_output(audience: Optional[pulumi.Input[Optional[builtins.str]]] = None,
|
346
|
+
backend: Optional[pulumi.Input[Optional[builtins.str]]] = None,
|
347
|
+
namespace: Optional[pulumi.Input[Optional[builtins.str]]] = None,
|
348
|
+
role_name: Optional[pulumi.Input[builtins.str]] = None,
|
349
|
+
token_bound_cidrs: Optional[pulumi.Input[Optional[Sequence[builtins.str]]]] = None,
|
350
|
+
token_explicit_max_ttl: Optional[pulumi.Input[Optional[builtins.int]]] = None,
|
351
|
+
token_max_ttl: Optional[pulumi.Input[Optional[builtins.int]]] = None,
|
352
|
+
token_no_default_policy: Optional[pulumi.Input[Optional[builtins.bool]]] = None,
|
353
|
+
token_num_uses: Optional[pulumi.Input[Optional[builtins.int]]] = None,
|
354
|
+
token_period: Optional[pulumi.Input[Optional[builtins.int]]] = None,
|
355
|
+
token_policies: Optional[pulumi.Input[Optional[Sequence[builtins.str]]]] = None,
|
356
|
+
token_ttl: Optional[pulumi.Input[Optional[builtins.int]]] = None,
|
357
|
+
token_type: Optional[pulumi.Input[Optional[builtins.str]]] = None,
|
357
358
|
opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetAuthBackendRoleResult]:
|
358
359
|
"""
|
359
360
|
Reads the Role of an Kubernetes from a Vault server. See the [Vault
|
@@ -361,37 +362,37 @@ def get_auth_backend_role_output(audience: Optional[pulumi.Input[Optional[str]]]
|
|
361
362
|
information.
|
362
363
|
|
363
364
|
|
364
|
-
:param str audience: Audience claim to verify in the JWT.
|
365
|
-
:param str backend: The unique name for the Kubernetes backend the role to
|
365
|
+
:param builtins.str audience: Audience claim to verify in the JWT.
|
366
|
+
:param builtins.str backend: The unique name for the Kubernetes backend the role to
|
366
367
|
retrieve Role attributes for resides in. Defaults to "kubernetes".
|
367
|
-
:param str namespace: The namespace of the target resource.
|
368
|
+
:param builtins.str namespace: The namespace of the target resource.
|
368
369
|
The value should not contain leading or trailing forward slashes.
|
369
370
|
The `namespace` is always relative to the provider's configured namespace.
|
370
371
|
*Available only for Vault Enterprise*.
|
371
|
-
:param str role_name: The name of the role to retrieve the Role attributes for.
|
372
|
-
:param Sequence[str] token_bound_cidrs: List of CIDR blocks; if set, specifies blocks of IP
|
372
|
+
:param builtins.str role_name: The name of the role to retrieve the Role attributes for.
|
373
|
+
:param Sequence[builtins.str] token_bound_cidrs: List of CIDR blocks; if set, specifies blocks of IP
|
373
374
|
addresses which can authenticate successfully, and ties the resulting token to these blocks
|
374
375
|
as well.
|
375
|
-
:param int token_explicit_max_ttl: If set, will encode an
|
376
|
+
:param builtins.int token_explicit_max_ttl: If set, will encode an
|
376
377
|
[explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
|
377
378
|
onto the token in number of seconds. This is a hard cap even if `token_ttl` and
|
378
379
|
`token_max_ttl` would otherwise allow a renewal.
|
379
|
-
:param int token_max_ttl: The maximum lifetime for generated tokens in number of seconds.
|
380
|
+
:param builtins.int token_max_ttl: The maximum lifetime for generated tokens in number of seconds.
|
380
381
|
Its current value will be referenced at renewal time.
|
381
|
-
:param bool token_no_default_policy: If set, the default policy will not be set on
|
382
|
+
:param builtins.bool token_no_default_policy: If set, the default policy will not be set on
|
382
383
|
generated tokens; otherwise it will be added to the policies set in token_policies.
|
383
|
-
:param int token_num_uses: The
|
384
|
+
:param builtins.int token_num_uses: The
|
384
385
|
[period](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls),
|
385
386
|
if any, in number of seconds to set on the token.
|
386
|
-
:param int token_period: (Optional) If set, indicates that the
|
387
|
+
:param builtins.int token_period: (Optional) If set, indicates that the
|
387
388
|
token generated using this role should never expire. The token should be renewed within the
|
388
389
|
duration specified by this value. At each renewal, the token's TTL will be set to the
|
389
390
|
value of this field. Specified in seconds.
|
390
|
-
:param Sequence[str] token_policies: List of policies to encode onto generated tokens. Depending
|
391
|
+
:param Sequence[builtins.str] token_policies: List of policies to encode onto generated tokens. Depending
|
391
392
|
on the auth method, this list may be supplemented by user/group/other values.
|
392
|
-
:param int token_ttl: The incremental lifetime for generated tokens in number of seconds.
|
393
|
+
:param builtins.int token_ttl: The incremental lifetime for generated tokens in number of seconds.
|
393
394
|
Its current value will be referenced at renewal time.
|
394
|
-
:param str token_type: The type of token that should be generated. Can be `service`,
|
395
|
+
:param builtins.str token_type: The type of token that should be generated. Can be `service`,
|
395
396
|
`batch`, or `default` to use the mount's tuned default (which unless changed will be
|
396
397
|
`service` tokens). For token store roles, there are two additional possibilities:
|
397
398
|
`default-service` and `default-batch` which specify the type to return unless the client
|