pulumi-vault 6.7.0a1743576047__py3-none-any.whl → 6.7.0a1744183682__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +1 -0
- pulumi_vault/_inputs.py +554 -553
- pulumi_vault/ad/__init__.py +1 -0
- pulumi_vault/ad/get_access_credentials.py +20 -19
- pulumi_vault/ad/secret_backend.py +477 -476
- pulumi_vault/ad/secret_library.py +99 -98
- pulumi_vault/ad/secret_role.py +85 -84
- pulumi_vault/alicloud/__init__.py +1 -0
- pulumi_vault/alicloud/auth_backend_role.py +183 -182
- pulumi_vault/approle/__init__.py +1 -0
- pulumi_vault/approle/auth_backend_login.py +106 -105
- pulumi_vault/approle/auth_backend_role.py +239 -238
- pulumi_vault/approle/auth_backend_role_secret_id.py +162 -161
- pulumi_vault/approle/get_auth_backend_role_id.py +18 -17
- pulumi_vault/audit.py +85 -84
- pulumi_vault/audit_request_header.py +43 -42
- pulumi_vault/auth_backend.py +106 -105
- pulumi_vault/aws/__init__.py +1 -0
- pulumi_vault/aws/auth_backend_cert.py +71 -70
- pulumi_vault/aws/auth_backend_client.py +253 -252
- pulumi_vault/aws/auth_backend_config_identity.py +85 -84
- pulumi_vault/aws/auth_backend_identity_whitelist.py +57 -56
- pulumi_vault/aws/auth_backend_login.py +209 -208
- pulumi_vault/aws/auth_backend_role.py +400 -399
- pulumi_vault/aws/auth_backend_role_tag.py +127 -126
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +57 -56
- pulumi_vault/aws/auth_backend_sts_role.py +71 -70
- pulumi_vault/aws/get_access_credentials.py +44 -43
- pulumi_vault/aws/get_static_access_credentials.py +13 -12
- pulumi_vault/aws/secret_backend.py +337 -336
- pulumi_vault/aws/secret_backend_role.py +211 -210
- pulumi_vault/aws/secret_backend_static_role.py +113 -112
- pulumi_vault/azure/__init__.py +1 -0
- pulumi_vault/azure/_inputs.py +21 -20
- pulumi_vault/azure/auth_backend_config.py +183 -182
- pulumi_vault/azure/auth_backend_role.py +253 -252
- pulumi_vault/azure/backend.py +239 -238
- pulumi_vault/azure/backend_role.py +141 -140
- pulumi_vault/azure/get_access_credentials.py +58 -57
- pulumi_vault/azure/outputs.py +11 -10
- pulumi_vault/cert_auth_backend_role.py +365 -364
- pulumi_vault/config/__init__.py +1 -0
- pulumi_vault/config/__init__.pyi +1 -0
- pulumi_vault/config/_inputs.py +11 -10
- pulumi_vault/config/outputs.py +287 -286
- pulumi_vault/config/ui_custom_message.py +113 -112
- pulumi_vault/config/vars.py +1 -0
- pulumi_vault/consul/__init__.py +1 -0
- pulumi_vault/consul/secret_backend.py +197 -196
- pulumi_vault/consul/secret_backend_role.py +183 -182
- pulumi_vault/database/__init__.py +1 -0
- pulumi_vault/database/_inputs.py +2525 -2524
- pulumi_vault/database/outputs.py +1529 -1528
- pulumi_vault/database/secret_backend_connection.py +169 -168
- pulumi_vault/database/secret_backend_role.py +169 -168
- pulumi_vault/database/secret_backend_static_role.py +179 -178
- pulumi_vault/database/secrets_mount.py +267 -266
- pulumi_vault/egp_policy.py +71 -70
- pulumi_vault/gcp/__init__.py +1 -0
- pulumi_vault/gcp/_inputs.py +82 -81
- pulumi_vault/gcp/auth_backend.py +260 -259
- pulumi_vault/gcp/auth_backend_role.py +281 -280
- pulumi_vault/gcp/get_auth_backend_role.py +70 -69
- pulumi_vault/gcp/outputs.py +50 -49
- pulumi_vault/gcp/secret_backend.py +232 -231
- pulumi_vault/gcp/secret_impersonated_account.py +92 -91
- pulumi_vault/gcp/secret_roleset.py +92 -91
- pulumi_vault/gcp/secret_static_account.py +92 -91
- pulumi_vault/generic/__init__.py +1 -0
- pulumi_vault/generic/endpoint.py +113 -112
- pulumi_vault/generic/get_secret.py +28 -27
- pulumi_vault/generic/secret.py +78 -77
- pulumi_vault/get_auth_backend.py +19 -18
- pulumi_vault/get_auth_backends.py +14 -13
- pulumi_vault/get_namespace.py +15 -14
- pulumi_vault/get_namespaces.py +8 -7
- pulumi_vault/get_nomad_access_token.py +19 -18
- pulumi_vault/get_policy_document.py +6 -5
- pulumi_vault/get_raft_autopilot_state.py +18 -17
- pulumi_vault/github/__init__.py +1 -0
- pulumi_vault/github/_inputs.py +42 -41
- pulumi_vault/github/auth_backend.py +232 -231
- pulumi_vault/github/outputs.py +26 -25
- pulumi_vault/github/team.py +57 -56
- pulumi_vault/github/user.py +57 -56
- pulumi_vault/identity/__init__.py +1 -0
- pulumi_vault/identity/entity.py +85 -84
- pulumi_vault/identity/entity_alias.py +71 -70
- pulumi_vault/identity/entity_policies.py +64 -63
- pulumi_vault/identity/get_entity.py +43 -42
- pulumi_vault/identity/get_group.py +50 -49
- pulumi_vault/identity/get_oidc_client_creds.py +14 -13
- pulumi_vault/identity/get_oidc_openid_config.py +24 -23
- pulumi_vault/identity/get_oidc_public_keys.py +13 -12
- pulumi_vault/identity/group.py +141 -140
- pulumi_vault/identity/group_alias.py +57 -56
- pulumi_vault/identity/group_member_entity_ids.py +57 -56
- pulumi_vault/identity/group_member_group_ids.py +57 -56
- pulumi_vault/identity/group_policies.py +64 -63
- pulumi_vault/identity/mfa_duo.py +148 -147
- pulumi_vault/identity/mfa_login_enforcement.py +120 -119
- pulumi_vault/identity/mfa_okta.py +134 -133
- pulumi_vault/identity/mfa_pingid.py +127 -126
- pulumi_vault/identity/mfa_totp.py +176 -175
- pulumi_vault/identity/oidc.py +29 -28
- pulumi_vault/identity/oidc_assignment.py +57 -56
- pulumi_vault/identity/oidc_client.py +127 -126
- pulumi_vault/identity/oidc_key.py +85 -84
- pulumi_vault/identity/oidc_key_allowed_client_id.py +43 -42
- pulumi_vault/identity/oidc_provider.py +92 -91
- pulumi_vault/identity/oidc_role.py +85 -84
- pulumi_vault/identity/oidc_scope.py +57 -56
- pulumi_vault/identity/outputs.py +32 -31
- pulumi_vault/jwt/__init__.py +1 -0
- pulumi_vault/jwt/_inputs.py +42 -41
- pulumi_vault/jwt/auth_backend.py +288 -287
- pulumi_vault/jwt/auth_backend_role.py +407 -406
- pulumi_vault/jwt/outputs.py +26 -25
- pulumi_vault/kmip/__init__.py +1 -0
- pulumi_vault/kmip/secret_backend.py +183 -182
- pulumi_vault/kmip/secret_role.py +295 -294
- pulumi_vault/kmip/secret_scope.py +57 -56
- pulumi_vault/kubernetes/__init__.py +1 -0
- pulumi_vault/kubernetes/auth_backend_config.py +141 -140
- pulumi_vault/kubernetes/auth_backend_role.py +225 -224
- pulumi_vault/kubernetes/get_auth_backend_config.py +47 -46
- pulumi_vault/kubernetes/get_auth_backend_role.py +70 -69
- pulumi_vault/kubernetes/get_service_account_token.py +38 -37
- pulumi_vault/kubernetes/secret_backend.py +316 -315
- pulumi_vault/kubernetes/secret_backend_role.py +197 -196
- pulumi_vault/kv/__init__.py +1 -0
- pulumi_vault/kv/_inputs.py +21 -20
- pulumi_vault/kv/get_secret.py +17 -16
- pulumi_vault/kv/get_secret_subkeys_v2.py +30 -29
- pulumi_vault/kv/get_secret_v2.py +29 -28
- pulumi_vault/kv/get_secrets_list.py +13 -12
- pulumi_vault/kv/get_secrets_list_v2.py +19 -18
- pulumi_vault/kv/outputs.py +13 -12
- pulumi_vault/kv/secret.py +50 -49
- pulumi_vault/kv/secret_backend_v2.py +71 -70
- pulumi_vault/kv/secret_v2.py +134 -133
- pulumi_vault/ldap/__init__.py +1 -0
- pulumi_vault/ldap/auth_backend.py +588 -587
- pulumi_vault/ldap/auth_backend_group.py +57 -56
- pulumi_vault/ldap/auth_backend_user.py +71 -70
- pulumi_vault/ldap/get_dynamic_credentials.py +17 -16
- pulumi_vault/ldap/get_static_credentials.py +18 -17
- pulumi_vault/ldap/secret_backend.py +554 -553
- pulumi_vault/ldap/secret_backend_dynamic_role.py +127 -126
- pulumi_vault/ldap/secret_backend_library_set.py +99 -98
- pulumi_vault/ldap/secret_backend_static_role.py +99 -98
- pulumi_vault/managed/__init__.py +1 -0
- pulumi_vault/managed/_inputs.py +229 -228
- pulumi_vault/managed/keys.py +15 -14
- pulumi_vault/managed/outputs.py +139 -138
- pulumi_vault/mfa_duo.py +113 -112
- pulumi_vault/mfa_okta.py +113 -112
- pulumi_vault/mfa_pingid.py +120 -119
- pulumi_vault/mfa_totp.py +127 -126
- pulumi_vault/mongodbatlas/__init__.py +1 -0
- pulumi_vault/mongodbatlas/secret_backend.py +64 -63
- pulumi_vault/mongodbatlas/secret_role.py +155 -154
- pulumi_vault/mount.py +274 -273
- pulumi_vault/namespace.py +64 -63
- pulumi_vault/nomad_secret_backend.py +211 -210
- pulumi_vault/nomad_secret_role.py +85 -84
- pulumi_vault/okta/__init__.py +1 -0
- pulumi_vault/okta/_inputs.py +26 -25
- pulumi_vault/okta/auth_backend.py +274 -273
- pulumi_vault/okta/auth_backend_group.py +57 -56
- pulumi_vault/okta/auth_backend_user.py +71 -70
- pulumi_vault/okta/outputs.py +16 -15
- pulumi_vault/outputs.py +56 -55
- pulumi_vault/password_policy.py +43 -42
- pulumi_vault/pkisecret/__init__.py +1 -0
- pulumi_vault/pkisecret/_inputs.py +31 -30
- pulumi_vault/pkisecret/backend_acme_eab.py +92 -91
- pulumi_vault/pkisecret/backend_config_acme.py +141 -140
- pulumi_vault/pkisecret/backend_config_auto_tidy.py +323 -322
- pulumi_vault/pkisecret/backend_config_cluster.py +57 -56
- pulumi_vault/pkisecret/backend_config_cmpv2.py +106 -105
- pulumi_vault/pkisecret/backend_config_est.py +120 -119
- pulumi_vault/pkisecret/get_backend_cert_metadata.py +22 -21
- pulumi_vault/pkisecret/get_backend_config_cmpv2.py +22 -21
- pulumi_vault/pkisecret/get_backend_config_est.py +19 -18
- pulumi_vault/pkisecret/get_backend_issuer.py +45 -44
- pulumi_vault/pkisecret/get_backend_issuers.py +15 -14
- pulumi_vault/pkisecret/get_backend_key.py +20 -19
- pulumi_vault/pkisecret/get_backend_keys.py +15 -14
- pulumi_vault/pkisecret/outputs.py +28 -27
- pulumi_vault/pkisecret/secret_backend_cert.py +337 -336
- pulumi_vault/pkisecret/secret_backend_config_ca.py +43 -42
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +57 -56
- pulumi_vault/pkisecret/secret_backend_config_urls.py +85 -84
- pulumi_vault/pkisecret/secret_backend_crl_config.py +197 -196
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +421 -420
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +57 -56
- pulumi_vault/pkisecret/secret_backend_issuer.py +232 -231
- pulumi_vault/pkisecret/secret_backend_key.py +120 -119
- pulumi_vault/pkisecret/secret_backend_role.py +715 -714
- pulumi_vault/pkisecret/secret_backend_root_cert.py +554 -553
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +526 -525
- pulumi_vault/pkisecret/secret_backend_sign.py +281 -280
- pulumi_vault/plugin.py +127 -126
- pulumi_vault/plugin_pinned_version.py +43 -42
- pulumi_vault/policy.py +43 -42
- pulumi_vault/provider.py +120 -119
- pulumi_vault/pulumi-plugin.json +1 -1
- pulumi_vault/quota_lease_count.py +85 -84
- pulumi_vault/quota_rate_limit.py +113 -112
- pulumi_vault/rabbitmq/__init__.py +1 -0
- pulumi_vault/rabbitmq/_inputs.py +41 -40
- pulumi_vault/rabbitmq/outputs.py +25 -24
- pulumi_vault/rabbitmq/secret_backend.py +169 -168
- pulumi_vault/rabbitmq/secret_backend_role.py +57 -56
- pulumi_vault/raft_autopilot.py +113 -112
- pulumi_vault/raft_snapshot_agent_config.py +393 -392
- pulumi_vault/rgp_policy.py +57 -56
- pulumi_vault/saml/__init__.py +1 -0
- pulumi_vault/saml/auth_backend.py +155 -154
- pulumi_vault/saml/auth_backend_role.py +239 -238
- pulumi_vault/secrets/__init__.py +1 -0
- pulumi_vault/secrets/_inputs.py +16 -15
- pulumi_vault/secrets/outputs.py +10 -9
- pulumi_vault/secrets/sync_association.py +71 -70
- pulumi_vault/secrets/sync_aws_destination.py +148 -147
- pulumi_vault/secrets/sync_azure_destination.py +148 -147
- pulumi_vault/secrets/sync_config.py +43 -42
- pulumi_vault/secrets/sync_gcp_destination.py +106 -105
- pulumi_vault/secrets/sync_gh_destination.py +134 -133
- pulumi_vault/secrets/sync_github_apps.py +64 -63
- pulumi_vault/secrets/sync_vercel_destination.py +120 -119
- pulumi_vault/ssh/__init__.py +1 -0
- pulumi_vault/ssh/_inputs.py +11 -10
- pulumi_vault/ssh/get_secret_backend_sign.py +52 -51
- pulumi_vault/ssh/outputs.py +7 -6
- pulumi_vault/ssh/secret_backend_ca.py +99 -98
- pulumi_vault/ssh/secret_backend_role.py +365 -364
- pulumi_vault/terraformcloud/__init__.py +1 -0
- pulumi_vault/terraformcloud/secret_backend.py +111 -110
- pulumi_vault/terraformcloud/secret_creds.py +74 -73
- pulumi_vault/terraformcloud/secret_role.py +93 -92
- pulumi_vault/token.py +246 -245
- pulumi_vault/tokenauth/__init__.py +1 -0
- pulumi_vault/tokenauth/auth_backend_role.py +267 -266
- pulumi_vault/transform/__init__.py +1 -0
- pulumi_vault/transform/alphabet.py +57 -56
- pulumi_vault/transform/get_decode.py +47 -46
- pulumi_vault/transform/get_encode.py +47 -46
- pulumi_vault/transform/role.py +57 -56
- pulumi_vault/transform/template.py +113 -112
- pulumi_vault/transform/transformation.py +141 -140
- pulumi_vault/transit/__init__.py +1 -0
- pulumi_vault/transit/get_decrypt.py +18 -17
- pulumi_vault/transit/get_encrypt.py +21 -20
- pulumi_vault/transit/get_sign.py +54 -53
- pulumi_vault/transit/get_verify.py +60 -59
- pulumi_vault/transit/secret_backend_key.py +274 -273
- pulumi_vault/transit/secret_cache_config.py +43 -42
- {pulumi_vault-6.7.0a1743576047.dist-info → pulumi_vault-6.7.0a1744183682.dist-info}/METADATA +1 -1
- pulumi_vault-6.7.0a1744183682.dist-info/RECORD +265 -0
- pulumi_vault-6.7.0a1743576047.dist-info/RECORD +0 -265
- {pulumi_vault-6.7.0a1743576047.dist-info → pulumi_vault-6.7.0a1744183682.dist-info}/WHEEL +0 -0
- {pulumi_vault-6.7.0a1743576047.dist-info → pulumi_vault-6.7.0a1744183682.dist-info}/top_level.txt +0 -0
@@ -2,6 +2,7 @@
|
|
2
2
|
# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
|
3
3
|
# *** Do not edit by hand unless you're certain you know what you are doing! ***
|
4
4
|
|
5
|
+
import builtins
|
5
6
|
import copy
|
6
7
|
import warnings
|
7
8
|
import sys
|
@@ -19,75 +20,75 @@ __all__ = ['SecretBackendRoleArgs', 'SecretBackendRole']
|
|
19
20
|
@pulumi.input_type
|
20
21
|
class SecretBackendRoleArgs:
|
21
22
|
def __init__(__self__, *,
|
22
|
-
backend: pulumi.Input[str],
|
23
|
-
credential_type: pulumi.Input[str],
|
24
|
-
default_sts_ttl: Optional[pulumi.Input[int]] = None,
|
25
|
-
external_id: Optional[pulumi.Input[str]] = None,
|
26
|
-
iam_groups: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
27
|
-
iam_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
28
|
-
max_sts_ttl: Optional[pulumi.Input[int]] = None,
|
29
|
-
name: Optional[pulumi.Input[str]] = None,
|
30
|
-
namespace: Optional[pulumi.Input[str]] = None,
|
31
|
-
permissions_boundary_arn: Optional[pulumi.Input[str]] = None,
|
32
|
-
policy_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
33
|
-
policy_document: Optional[pulumi.Input[str]] = None,
|
34
|
-
role_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
35
|
-
session_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
36
|
-
user_path: Optional[pulumi.Input[str]] = None):
|
23
|
+
backend: pulumi.Input[builtins.str],
|
24
|
+
credential_type: pulumi.Input[builtins.str],
|
25
|
+
default_sts_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
26
|
+
external_id: Optional[pulumi.Input[builtins.str]] = None,
|
27
|
+
iam_groups: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
28
|
+
iam_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
|
29
|
+
max_sts_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
30
|
+
name: Optional[pulumi.Input[builtins.str]] = None,
|
31
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
32
|
+
permissions_boundary_arn: Optional[pulumi.Input[builtins.str]] = None,
|
33
|
+
policy_arns: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
34
|
+
policy_document: Optional[pulumi.Input[builtins.str]] = None,
|
35
|
+
role_arns: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
36
|
+
session_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
|
37
|
+
user_path: Optional[pulumi.Input[builtins.str]] = None):
|
37
38
|
"""
|
38
39
|
The set of arguments for constructing a SecretBackendRole resource.
|
39
|
-
:param pulumi.Input[str] backend: The path the AWS secret backend is mounted at,
|
40
|
+
:param pulumi.Input[builtins.str] backend: The path the AWS secret backend is mounted at,
|
40
41
|
with no leading or trailing `/`s.
|
41
|
-
:param pulumi.Input[str] credential_type: Specifies the type of credential to be used when
|
42
|
+
:param pulumi.Input[builtins.str] credential_type: Specifies the type of credential to be used when
|
42
43
|
retrieving credentials from the role. Must be one of `iam_user`, `assumed_role`, or
|
43
44
|
`federation_token`.
|
44
|
-
:param pulumi.Input[int] default_sts_ttl: The default TTL in seconds for STS credentials.
|
45
|
+
:param pulumi.Input[builtins.int] default_sts_ttl: The default TTL in seconds for STS credentials.
|
45
46
|
When a TTL is not specified when STS credentials are requested,
|
46
47
|
and a default TTL is specified on the role,
|
47
48
|
then this default TTL will be used. Valid only when `credential_type` is one of
|
48
49
|
`assumed_role` or `federation_token`.
|
49
|
-
:param pulumi.Input[str] external_id: External ID to set for assume role creds.
|
50
|
+
:param pulumi.Input[builtins.str] external_id: External ID to set for assume role creds.
|
50
51
|
Valid only when `credential_type` is set to `assumed_role`.
|
51
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] iam_groups: A list of IAM group names. IAM users generated
|
52
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] iam_groups: A list of IAM group names. IAM users generated
|
52
53
|
against this vault role will be added to these IAM Groups. For a credential
|
53
54
|
type of `assumed_role` or `federation_token`, the policies sent to the
|
54
55
|
corresponding AWS call (sts:AssumeRole or sts:GetFederation) will be the
|
55
56
|
policies from each group in `iam_groups` combined with the `policy_document`
|
56
57
|
and `policy_arns` parameters.
|
57
|
-
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] iam_tags: A map of strings representing key/value pairs
|
58
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] iam_tags: A map of strings representing key/value pairs
|
58
59
|
to be used as tags for any IAM user that is created by this role.
|
59
|
-
:param pulumi.Input[int] max_sts_ttl: The max allowed TTL in seconds for STS credentials
|
60
|
+
:param pulumi.Input[builtins.int] max_sts_ttl: The max allowed TTL in seconds for STS credentials
|
60
61
|
(credentials TTL are capped to `max_sts_ttl`). Valid only when `credential_type` is
|
61
62
|
one of `assumed_role` or `federation_token`.
|
62
|
-
:param pulumi.Input[str] name: The name to identify this role within the backend.
|
63
|
+
:param pulumi.Input[builtins.str] name: The name to identify this role within the backend.
|
63
64
|
Must be unique within the backend.
|
64
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
65
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
65
66
|
The value should not contain leading or trailing forward slashes.
|
66
67
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
67
68
|
*Available only for Vault Enterprise*.
|
68
|
-
:param pulumi.Input[str] permissions_boundary_arn: The ARN of the AWS Permissions
|
69
|
+
:param pulumi.Input[builtins.str] permissions_boundary_arn: The ARN of the AWS Permissions
|
69
70
|
Boundary to attach to IAM users created in the role. Valid only when
|
70
71
|
`credential_type` is `iam_user`. If not specified, then no permissions boundary
|
71
72
|
policy will be attached.
|
72
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] policy_arns: Specifies a list of AWS managed policy ARNs. The
|
73
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] policy_arns: Specifies a list of AWS managed policy ARNs. The
|
73
74
|
behavior depends on the credential type. With `iam_user`, the policies will be
|
74
75
|
attached to IAM users when they are requested. With `assumed_role` and
|
75
76
|
`federation_token`, the policy ARNs will act as a filter on what the credentials
|
76
77
|
can do, similar to `policy_document`. When `credential_type` is `iam_user` or
|
77
78
|
`federation_token`, at least one of `policy_document` or `policy_arns` must
|
78
79
|
be specified.
|
79
|
-
:param pulumi.Input[str] policy_document: The IAM policy document for the role. The
|
80
|
+
:param pulumi.Input[builtins.str] policy_document: The IAM policy document for the role. The
|
80
81
|
behavior depends on the credential type. With `iam_user`, the policy document
|
81
82
|
will be attached to the IAM user generated and augment the permissions the IAM
|
82
83
|
user has. With `assumed_role` and `federation_token`, the policy document will
|
83
84
|
act as a filter on what the credentials can do, similar to `policy_arns`.
|
84
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] role_arns: Specifies the ARNs of the AWS roles this Vault role
|
85
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] role_arns: Specifies the ARNs of the AWS roles this Vault role
|
85
86
|
is allowed to assume. Required when `credential_type` is `assumed_role` and
|
86
87
|
prohibited otherwise.
|
87
|
-
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] session_tags: A map of strings representing key/value pairs to be set
|
88
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] session_tags: A map of strings representing key/value pairs to be set
|
88
89
|
during assume role creds creation. Valid only when `credential_type` is set to
|
89
90
|
`assumed_role`.
|
90
|
-
:param pulumi.Input[str] user_path: The path for the user name. Valid only when
|
91
|
+
:param pulumi.Input[builtins.str] user_path: The path for the user name. Valid only when
|
91
92
|
`credential_type` is `iam_user`. Default is `/`.
|
92
93
|
"""
|
93
94
|
pulumi.set(__self__, "backend", backend)
|
@@ -121,7 +122,7 @@ class SecretBackendRoleArgs:
|
|
121
122
|
|
122
123
|
@property
|
123
124
|
@pulumi.getter
|
124
|
-
def backend(self) -> pulumi.Input[str]:
|
125
|
+
def backend(self) -> pulumi.Input[builtins.str]:
|
125
126
|
"""
|
126
127
|
The path the AWS secret backend is mounted at,
|
127
128
|
with no leading or trailing `/`s.
|
@@ -129,12 +130,12 @@ class SecretBackendRoleArgs:
|
|
129
130
|
return pulumi.get(self, "backend")
|
130
131
|
|
131
132
|
@backend.setter
|
132
|
-
def backend(self, value: pulumi.Input[str]):
|
133
|
+
def backend(self, value: pulumi.Input[builtins.str]):
|
133
134
|
pulumi.set(self, "backend", value)
|
134
135
|
|
135
136
|
@property
|
136
137
|
@pulumi.getter(name="credentialType")
|
137
|
-
def credential_type(self) -> pulumi.Input[str]:
|
138
|
+
def credential_type(self) -> pulumi.Input[builtins.str]:
|
138
139
|
"""
|
139
140
|
Specifies the type of credential to be used when
|
140
141
|
retrieving credentials from the role. Must be one of `iam_user`, `assumed_role`, or
|
@@ -143,12 +144,12 @@ class SecretBackendRoleArgs:
|
|
143
144
|
return pulumi.get(self, "credential_type")
|
144
145
|
|
145
146
|
@credential_type.setter
|
146
|
-
def credential_type(self, value: pulumi.Input[str]):
|
147
|
+
def credential_type(self, value: pulumi.Input[builtins.str]):
|
147
148
|
pulumi.set(self, "credential_type", value)
|
148
149
|
|
149
150
|
@property
|
150
151
|
@pulumi.getter(name="defaultStsTtl")
|
151
|
-
def default_sts_ttl(self) -> Optional[pulumi.Input[int]]:
|
152
|
+
def default_sts_ttl(self) -> Optional[pulumi.Input[builtins.int]]:
|
152
153
|
"""
|
153
154
|
The default TTL in seconds for STS credentials.
|
154
155
|
When a TTL is not specified when STS credentials are requested,
|
@@ -159,12 +160,12 @@ class SecretBackendRoleArgs:
|
|
159
160
|
return pulumi.get(self, "default_sts_ttl")
|
160
161
|
|
161
162
|
@default_sts_ttl.setter
|
162
|
-
def default_sts_ttl(self, value: Optional[pulumi.Input[int]]):
|
163
|
+
def default_sts_ttl(self, value: Optional[pulumi.Input[builtins.int]]):
|
163
164
|
pulumi.set(self, "default_sts_ttl", value)
|
164
165
|
|
165
166
|
@property
|
166
167
|
@pulumi.getter(name="externalId")
|
167
|
-
def external_id(self) -> Optional[pulumi.Input[str]]:
|
168
|
+
def external_id(self) -> Optional[pulumi.Input[builtins.str]]:
|
168
169
|
"""
|
169
170
|
External ID to set for assume role creds.
|
170
171
|
Valid only when `credential_type` is set to `assumed_role`.
|
@@ -172,12 +173,12 @@ class SecretBackendRoleArgs:
|
|
172
173
|
return pulumi.get(self, "external_id")
|
173
174
|
|
174
175
|
@external_id.setter
|
175
|
-
def external_id(self, value: Optional[pulumi.Input[str]]):
|
176
|
+
def external_id(self, value: Optional[pulumi.Input[builtins.str]]):
|
176
177
|
pulumi.set(self, "external_id", value)
|
177
178
|
|
178
179
|
@property
|
179
180
|
@pulumi.getter(name="iamGroups")
|
180
|
-
def iam_groups(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
181
|
+
def iam_groups(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
181
182
|
"""
|
182
183
|
A list of IAM group names. IAM users generated
|
183
184
|
against this vault role will be added to these IAM Groups. For a credential
|
@@ -189,12 +190,12 @@ class SecretBackendRoleArgs:
|
|
189
190
|
return pulumi.get(self, "iam_groups")
|
190
191
|
|
191
192
|
@iam_groups.setter
|
192
|
-
def iam_groups(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
193
|
+
def iam_groups(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
193
194
|
pulumi.set(self, "iam_groups", value)
|
194
195
|
|
195
196
|
@property
|
196
197
|
@pulumi.getter(name="iamTags")
|
197
|
-
def iam_tags(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
|
198
|
+
def iam_tags(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]:
|
198
199
|
"""
|
199
200
|
A map of strings representing key/value pairs
|
200
201
|
to be used as tags for any IAM user that is created by this role.
|
@@ -202,12 +203,12 @@ class SecretBackendRoleArgs:
|
|
202
203
|
return pulumi.get(self, "iam_tags")
|
203
204
|
|
204
205
|
@iam_tags.setter
|
205
|
-
def iam_tags(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
|
206
|
+
def iam_tags(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]):
|
206
207
|
pulumi.set(self, "iam_tags", value)
|
207
208
|
|
208
209
|
@property
|
209
210
|
@pulumi.getter(name="maxStsTtl")
|
210
|
-
def max_sts_ttl(self) -> Optional[pulumi.Input[int]]:
|
211
|
+
def max_sts_ttl(self) -> Optional[pulumi.Input[builtins.int]]:
|
211
212
|
"""
|
212
213
|
The max allowed TTL in seconds for STS credentials
|
213
214
|
(credentials TTL are capped to `max_sts_ttl`). Valid only when `credential_type` is
|
@@ -216,12 +217,12 @@ class SecretBackendRoleArgs:
|
|
216
217
|
return pulumi.get(self, "max_sts_ttl")
|
217
218
|
|
218
219
|
@max_sts_ttl.setter
|
219
|
-
def max_sts_ttl(self, value: Optional[pulumi.Input[int]]):
|
220
|
+
def max_sts_ttl(self, value: Optional[pulumi.Input[builtins.int]]):
|
220
221
|
pulumi.set(self, "max_sts_ttl", value)
|
221
222
|
|
222
223
|
@property
|
223
224
|
@pulumi.getter
|
224
|
-
def name(self) -> Optional[pulumi.Input[str]]:
|
225
|
+
def name(self) -> Optional[pulumi.Input[builtins.str]]:
|
225
226
|
"""
|
226
227
|
The name to identify this role within the backend.
|
227
228
|
Must be unique within the backend.
|
@@ -229,12 +230,12 @@ class SecretBackendRoleArgs:
|
|
229
230
|
return pulumi.get(self, "name")
|
230
231
|
|
231
232
|
@name.setter
|
232
|
-
def name(self, value: Optional[pulumi.Input[str]]):
|
233
|
+
def name(self, value: Optional[pulumi.Input[builtins.str]]):
|
233
234
|
pulumi.set(self, "name", value)
|
234
235
|
|
235
236
|
@property
|
236
237
|
@pulumi.getter
|
237
|
-
def namespace(self) -> Optional[pulumi.Input[str]]:
|
238
|
+
def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
|
238
239
|
"""
|
239
240
|
The namespace to provision the resource in.
|
240
241
|
The value should not contain leading or trailing forward slashes.
|
@@ -244,12 +245,12 @@ class SecretBackendRoleArgs:
|
|
244
245
|
return pulumi.get(self, "namespace")
|
245
246
|
|
246
247
|
@namespace.setter
|
247
|
-
def namespace(self, value: Optional[pulumi.Input[str]]):
|
248
|
+
def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
|
248
249
|
pulumi.set(self, "namespace", value)
|
249
250
|
|
250
251
|
@property
|
251
252
|
@pulumi.getter(name="permissionsBoundaryArn")
|
252
|
-
def permissions_boundary_arn(self) -> Optional[pulumi.Input[str]]:
|
253
|
+
def permissions_boundary_arn(self) -> Optional[pulumi.Input[builtins.str]]:
|
253
254
|
"""
|
254
255
|
The ARN of the AWS Permissions
|
255
256
|
Boundary to attach to IAM users created in the role. Valid only when
|
@@ -259,12 +260,12 @@ class SecretBackendRoleArgs:
|
|
259
260
|
return pulumi.get(self, "permissions_boundary_arn")
|
260
261
|
|
261
262
|
@permissions_boundary_arn.setter
|
262
|
-
def permissions_boundary_arn(self, value: Optional[pulumi.Input[str]]):
|
263
|
+
def permissions_boundary_arn(self, value: Optional[pulumi.Input[builtins.str]]):
|
263
264
|
pulumi.set(self, "permissions_boundary_arn", value)
|
264
265
|
|
265
266
|
@property
|
266
267
|
@pulumi.getter(name="policyArns")
|
267
|
-
def policy_arns(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
268
|
+
def policy_arns(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
268
269
|
"""
|
269
270
|
Specifies a list of AWS managed policy ARNs. The
|
270
271
|
behavior depends on the credential type. With `iam_user`, the policies will be
|
@@ -277,12 +278,12 @@ class SecretBackendRoleArgs:
|
|
277
278
|
return pulumi.get(self, "policy_arns")
|
278
279
|
|
279
280
|
@policy_arns.setter
|
280
|
-
def policy_arns(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
281
|
+
def policy_arns(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
281
282
|
pulumi.set(self, "policy_arns", value)
|
282
283
|
|
283
284
|
@property
|
284
285
|
@pulumi.getter(name="policyDocument")
|
285
|
-
def policy_document(self) -> Optional[pulumi.Input[str]]:
|
286
|
+
def policy_document(self) -> Optional[pulumi.Input[builtins.str]]:
|
286
287
|
"""
|
287
288
|
The IAM policy document for the role. The
|
288
289
|
behavior depends on the credential type. With `iam_user`, the policy document
|
@@ -293,12 +294,12 @@ class SecretBackendRoleArgs:
|
|
293
294
|
return pulumi.get(self, "policy_document")
|
294
295
|
|
295
296
|
@policy_document.setter
|
296
|
-
def policy_document(self, value: Optional[pulumi.Input[str]]):
|
297
|
+
def policy_document(self, value: Optional[pulumi.Input[builtins.str]]):
|
297
298
|
pulumi.set(self, "policy_document", value)
|
298
299
|
|
299
300
|
@property
|
300
301
|
@pulumi.getter(name="roleArns")
|
301
|
-
def role_arns(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
302
|
+
def role_arns(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
302
303
|
"""
|
303
304
|
Specifies the ARNs of the AWS roles this Vault role
|
304
305
|
is allowed to assume. Required when `credential_type` is `assumed_role` and
|
@@ -307,12 +308,12 @@ class SecretBackendRoleArgs:
|
|
307
308
|
return pulumi.get(self, "role_arns")
|
308
309
|
|
309
310
|
@role_arns.setter
|
310
|
-
def role_arns(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
311
|
+
def role_arns(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
311
312
|
pulumi.set(self, "role_arns", value)
|
312
313
|
|
313
314
|
@property
|
314
315
|
@pulumi.getter(name="sessionTags")
|
315
|
-
def session_tags(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
|
316
|
+
def session_tags(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]:
|
316
317
|
"""
|
317
318
|
A map of strings representing key/value pairs to be set
|
318
319
|
during assume role creds creation. Valid only when `credential_type` is set to
|
@@ -321,12 +322,12 @@ class SecretBackendRoleArgs:
|
|
321
322
|
return pulumi.get(self, "session_tags")
|
322
323
|
|
323
324
|
@session_tags.setter
|
324
|
-
def session_tags(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
|
325
|
+
def session_tags(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]):
|
325
326
|
pulumi.set(self, "session_tags", value)
|
326
327
|
|
327
328
|
@property
|
328
329
|
@pulumi.getter(name="userPath")
|
329
|
-
def user_path(self) -> Optional[pulumi.Input[str]]:
|
330
|
+
def user_path(self) -> Optional[pulumi.Input[builtins.str]]:
|
330
331
|
"""
|
331
332
|
The path for the user name. Valid only when
|
332
333
|
`credential_type` is `iam_user`. Default is `/`.
|
@@ -334,82 +335,82 @@ class SecretBackendRoleArgs:
|
|
334
335
|
return pulumi.get(self, "user_path")
|
335
336
|
|
336
337
|
@user_path.setter
|
337
|
-
def user_path(self, value: Optional[pulumi.Input[str]]):
|
338
|
+
def user_path(self, value: Optional[pulumi.Input[builtins.str]]):
|
338
339
|
pulumi.set(self, "user_path", value)
|
339
340
|
|
340
341
|
|
341
342
|
@pulumi.input_type
|
342
343
|
class _SecretBackendRoleState:
|
343
344
|
def __init__(__self__, *,
|
344
|
-
backend: Optional[pulumi.Input[str]] = None,
|
345
|
-
credential_type: Optional[pulumi.Input[str]] = None,
|
346
|
-
default_sts_ttl: Optional[pulumi.Input[int]] = None,
|
347
|
-
external_id: Optional[pulumi.Input[str]] = None,
|
348
|
-
iam_groups: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
349
|
-
iam_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
350
|
-
max_sts_ttl: Optional[pulumi.Input[int]] = None,
|
351
|
-
name: Optional[pulumi.Input[str]] = None,
|
352
|
-
namespace: Optional[pulumi.Input[str]] = None,
|
353
|
-
permissions_boundary_arn: Optional[pulumi.Input[str]] = None,
|
354
|
-
policy_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
355
|
-
policy_document: Optional[pulumi.Input[str]] = None,
|
356
|
-
role_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
357
|
-
session_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
358
|
-
user_path: Optional[pulumi.Input[str]] = None):
|
345
|
+
backend: Optional[pulumi.Input[builtins.str]] = None,
|
346
|
+
credential_type: Optional[pulumi.Input[builtins.str]] = None,
|
347
|
+
default_sts_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
348
|
+
external_id: Optional[pulumi.Input[builtins.str]] = None,
|
349
|
+
iam_groups: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
350
|
+
iam_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
|
351
|
+
max_sts_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
352
|
+
name: Optional[pulumi.Input[builtins.str]] = None,
|
353
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
354
|
+
permissions_boundary_arn: Optional[pulumi.Input[builtins.str]] = None,
|
355
|
+
policy_arns: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
356
|
+
policy_document: Optional[pulumi.Input[builtins.str]] = None,
|
357
|
+
role_arns: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
358
|
+
session_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
|
359
|
+
user_path: Optional[pulumi.Input[builtins.str]] = None):
|
359
360
|
"""
|
360
361
|
Input properties used for looking up and filtering SecretBackendRole resources.
|
361
|
-
:param pulumi.Input[str] backend: The path the AWS secret backend is mounted at,
|
362
|
+
:param pulumi.Input[builtins.str] backend: The path the AWS secret backend is mounted at,
|
362
363
|
with no leading or trailing `/`s.
|
363
|
-
:param pulumi.Input[str] credential_type: Specifies the type of credential to be used when
|
364
|
+
:param pulumi.Input[builtins.str] credential_type: Specifies the type of credential to be used when
|
364
365
|
retrieving credentials from the role. Must be one of `iam_user`, `assumed_role`, or
|
365
366
|
`federation_token`.
|
366
|
-
:param pulumi.Input[int] default_sts_ttl: The default TTL in seconds for STS credentials.
|
367
|
+
:param pulumi.Input[builtins.int] default_sts_ttl: The default TTL in seconds for STS credentials.
|
367
368
|
When a TTL is not specified when STS credentials are requested,
|
368
369
|
and a default TTL is specified on the role,
|
369
370
|
then this default TTL will be used. Valid only when `credential_type` is one of
|
370
371
|
`assumed_role` or `federation_token`.
|
371
|
-
:param pulumi.Input[str] external_id: External ID to set for assume role creds.
|
372
|
+
:param pulumi.Input[builtins.str] external_id: External ID to set for assume role creds.
|
372
373
|
Valid only when `credential_type` is set to `assumed_role`.
|
373
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] iam_groups: A list of IAM group names. IAM users generated
|
374
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] iam_groups: A list of IAM group names. IAM users generated
|
374
375
|
against this vault role will be added to these IAM Groups. For a credential
|
375
376
|
type of `assumed_role` or `federation_token`, the policies sent to the
|
376
377
|
corresponding AWS call (sts:AssumeRole or sts:GetFederation) will be the
|
377
378
|
policies from each group in `iam_groups` combined with the `policy_document`
|
378
379
|
and `policy_arns` parameters.
|
379
|
-
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] iam_tags: A map of strings representing key/value pairs
|
380
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] iam_tags: A map of strings representing key/value pairs
|
380
381
|
to be used as tags for any IAM user that is created by this role.
|
381
|
-
:param pulumi.Input[int] max_sts_ttl: The max allowed TTL in seconds for STS credentials
|
382
|
+
:param pulumi.Input[builtins.int] max_sts_ttl: The max allowed TTL in seconds for STS credentials
|
382
383
|
(credentials TTL are capped to `max_sts_ttl`). Valid only when `credential_type` is
|
383
384
|
one of `assumed_role` or `federation_token`.
|
384
|
-
:param pulumi.Input[str] name: The name to identify this role within the backend.
|
385
|
+
:param pulumi.Input[builtins.str] name: The name to identify this role within the backend.
|
385
386
|
Must be unique within the backend.
|
386
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
387
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
387
388
|
The value should not contain leading or trailing forward slashes.
|
388
389
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
389
390
|
*Available only for Vault Enterprise*.
|
390
|
-
:param pulumi.Input[str] permissions_boundary_arn: The ARN of the AWS Permissions
|
391
|
+
:param pulumi.Input[builtins.str] permissions_boundary_arn: The ARN of the AWS Permissions
|
391
392
|
Boundary to attach to IAM users created in the role. Valid only when
|
392
393
|
`credential_type` is `iam_user`. If not specified, then no permissions boundary
|
393
394
|
policy will be attached.
|
394
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] policy_arns: Specifies a list of AWS managed policy ARNs. The
|
395
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] policy_arns: Specifies a list of AWS managed policy ARNs. The
|
395
396
|
behavior depends on the credential type. With `iam_user`, the policies will be
|
396
397
|
attached to IAM users when they are requested. With `assumed_role` and
|
397
398
|
`federation_token`, the policy ARNs will act as a filter on what the credentials
|
398
399
|
can do, similar to `policy_document`. When `credential_type` is `iam_user` or
|
399
400
|
`federation_token`, at least one of `policy_document` or `policy_arns` must
|
400
401
|
be specified.
|
401
|
-
:param pulumi.Input[str] policy_document: The IAM policy document for the role. The
|
402
|
+
:param pulumi.Input[builtins.str] policy_document: The IAM policy document for the role. The
|
402
403
|
behavior depends on the credential type. With `iam_user`, the policy document
|
403
404
|
will be attached to the IAM user generated and augment the permissions the IAM
|
404
405
|
user has. With `assumed_role` and `federation_token`, the policy document will
|
405
406
|
act as a filter on what the credentials can do, similar to `policy_arns`.
|
406
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] role_arns: Specifies the ARNs of the AWS roles this Vault role
|
407
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] role_arns: Specifies the ARNs of the AWS roles this Vault role
|
407
408
|
is allowed to assume. Required when `credential_type` is `assumed_role` and
|
408
409
|
prohibited otherwise.
|
409
|
-
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] session_tags: A map of strings representing key/value pairs to be set
|
410
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] session_tags: A map of strings representing key/value pairs to be set
|
410
411
|
during assume role creds creation. Valid only when `credential_type` is set to
|
411
412
|
`assumed_role`.
|
412
|
-
:param pulumi.Input[str] user_path: The path for the user name. Valid only when
|
413
|
+
:param pulumi.Input[builtins.str] user_path: The path for the user name. Valid only when
|
413
414
|
`credential_type` is `iam_user`. Default is `/`.
|
414
415
|
"""
|
415
416
|
if backend is not None:
|
@@ -445,7 +446,7 @@ class _SecretBackendRoleState:
|
|
445
446
|
|
446
447
|
@property
|
447
448
|
@pulumi.getter
|
448
|
-
def backend(self) -> Optional[pulumi.Input[str]]:
|
449
|
+
def backend(self) -> Optional[pulumi.Input[builtins.str]]:
|
449
450
|
"""
|
450
451
|
The path the AWS secret backend is mounted at,
|
451
452
|
with no leading or trailing `/`s.
|
@@ -453,12 +454,12 @@ class _SecretBackendRoleState:
|
|
453
454
|
return pulumi.get(self, "backend")
|
454
455
|
|
455
456
|
@backend.setter
|
456
|
-
def backend(self, value: Optional[pulumi.Input[str]]):
|
457
|
+
def backend(self, value: Optional[pulumi.Input[builtins.str]]):
|
457
458
|
pulumi.set(self, "backend", value)
|
458
459
|
|
459
460
|
@property
|
460
461
|
@pulumi.getter(name="credentialType")
|
461
|
-
def credential_type(self) -> Optional[pulumi.Input[str]]:
|
462
|
+
def credential_type(self) -> Optional[pulumi.Input[builtins.str]]:
|
462
463
|
"""
|
463
464
|
Specifies the type of credential to be used when
|
464
465
|
retrieving credentials from the role. Must be one of `iam_user`, `assumed_role`, or
|
@@ -467,12 +468,12 @@ class _SecretBackendRoleState:
|
|
467
468
|
return pulumi.get(self, "credential_type")
|
468
469
|
|
469
470
|
@credential_type.setter
|
470
|
-
def credential_type(self, value: Optional[pulumi.Input[str]]):
|
471
|
+
def credential_type(self, value: Optional[pulumi.Input[builtins.str]]):
|
471
472
|
pulumi.set(self, "credential_type", value)
|
472
473
|
|
473
474
|
@property
|
474
475
|
@pulumi.getter(name="defaultStsTtl")
|
475
|
-
def default_sts_ttl(self) -> Optional[pulumi.Input[int]]:
|
476
|
+
def default_sts_ttl(self) -> Optional[pulumi.Input[builtins.int]]:
|
476
477
|
"""
|
477
478
|
The default TTL in seconds for STS credentials.
|
478
479
|
When a TTL is not specified when STS credentials are requested,
|
@@ -483,12 +484,12 @@ class _SecretBackendRoleState:
|
|
483
484
|
return pulumi.get(self, "default_sts_ttl")
|
484
485
|
|
485
486
|
@default_sts_ttl.setter
|
486
|
-
def default_sts_ttl(self, value: Optional[pulumi.Input[int]]):
|
487
|
+
def default_sts_ttl(self, value: Optional[pulumi.Input[builtins.int]]):
|
487
488
|
pulumi.set(self, "default_sts_ttl", value)
|
488
489
|
|
489
490
|
@property
|
490
491
|
@pulumi.getter(name="externalId")
|
491
|
-
def external_id(self) -> Optional[pulumi.Input[str]]:
|
492
|
+
def external_id(self) -> Optional[pulumi.Input[builtins.str]]:
|
492
493
|
"""
|
493
494
|
External ID to set for assume role creds.
|
494
495
|
Valid only when `credential_type` is set to `assumed_role`.
|
@@ -496,12 +497,12 @@ class _SecretBackendRoleState:
|
|
496
497
|
return pulumi.get(self, "external_id")
|
497
498
|
|
498
499
|
@external_id.setter
|
499
|
-
def external_id(self, value: Optional[pulumi.Input[str]]):
|
500
|
+
def external_id(self, value: Optional[pulumi.Input[builtins.str]]):
|
500
501
|
pulumi.set(self, "external_id", value)
|
501
502
|
|
502
503
|
@property
|
503
504
|
@pulumi.getter(name="iamGroups")
|
504
|
-
def iam_groups(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
505
|
+
def iam_groups(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
505
506
|
"""
|
506
507
|
A list of IAM group names. IAM users generated
|
507
508
|
against this vault role will be added to these IAM Groups. For a credential
|
@@ -513,12 +514,12 @@ class _SecretBackendRoleState:
|
|
513
514
|
return pulumi.get(self, "iam_groups")
|
514
515
|
|
515
516
|
@iam_groups.setter
|
516
|
-
def iam_groups(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
517
|
+
def iam_groups(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
517
518
|
pulumi.set(self, "iam_groups", value)
|
518
519
|
|
519
520
|
@property
|
520
521
|
@pulumi.getter(name="iamTags")
|
521
|
-
def iam_tags(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
|
522
|
+
def iam_tags(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]:
|
522
523
|
"""
|
523
524
|
A map of strings representing key/value pairs
|
524
525
|
to be used as tags for any IAM user that is created by this role.
|
@@ -526,12 +527,12 @@ class _SecretBackendRoleState:
|
|
526
527
|
return pulumi.get(self, "iam_tags")
|
527
528
|
|
528
529
|
@iam_tags.setter
|
529
|
-
def iam_tags(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
|
530
|
+
def iam_tags(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]):
|
530
531
|
pulumi.set(self, "iam_tags", value)
|
531
532
|
|
532
533
|
@property
|
533
534
|
@pulumi.getter(name="maxStsTtl")
|
534
|
-
def max_sts_ttl(self) -> Optional[pulumi.Input[int]]:
|
535
|
+
def max_sts_ttl(self) -> Optional[pulumi.Input[builtins.int]]:
|
535
536
|
"""
|
536
537
|
The max allowed TTL in seconds for STS credentials
|
537
538
|
(credentials TTL are capped to `max_sts_ttl`). Valid only when `credential_type` is
|
@@ -540,12 +541,12 @@ class _SecretBackendRoleState:
|
|
540
541
|
return pulumi.get(self, "max_sts_ttl")
|
541
542
|
|
542
543
|
@max_sts_ttl.setter
|
543
|
-
def max_sts_ttl(self, value: Optional[pulumi.Input[int]]):
|
544
|
+
def max_sts_ttl(self, value: Optional[pulumi.Input[builtins.int]]):
|
544
545
|
pulumi.set(self, "max_sts_ttl", value)
|
545
546
|
|
546
547
|
@property
|
547
548
|
@pulumi.getter
|
548
|
-
def name(self) -> Optional[pulumi.Input[str]]:
|
549
|
+
def name(self) -> Optional[pulumi.Input[builtins.str]]:
|
549
550
|
"""
|
550
551
|
The name to identify this role within the backend.
|
551
552
|
Must be unique within the backend.
|
@@ -553,12 +554,12 @@ class _SecretBackendRoleState:
|
|
553
554
|
return pulumi.get(self, "name")
|
554
555
|
|
555
556
|
@name.setter
|
556
|
-
def name(self, value: Optional[pulumi.Input[str]]):
|
557
|
+
def name(self, value: Optional[pulumi.Input[builtins.str]]):
|
557
558
|
pulumi.set(self, "name", value)
|
558
559
|
|
559
560
|
@property
|
560
561
|
@pulumi.getter
|
561
|
-
def namespace(self) -> Optional[pulumi.Input[str]]:
|
562
|
+
def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
|
562
563
|
"""
|
563
564
|
The namespace to provision the resource in.
|
564
565
|
The value should not contain leading or trailing forward slashes.
|
@@ -568,12 +569,12 @@ class _SecretBackendRoleState:
|
|
568
569
|
return pulumi.get(self, "namespace")
|
569
570
|
|
570
571
|
@namespace.setter
|
571
|
-
def namespace(self, value: Optional[pulumi.Input[str]]):
|
572
|
+
def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
|
572
573
|
pulumi.set(self, "namespace", value)
|
573
574
|
|
574
575
|
@property
|
575
576
|
@pulumi.getter(name="permissionsBoundaryArn")
|
576
|
-
def permissions_boundary_arn(self) -> Optional[pulumi.Input[str]]:
|
577
|
+
def permissions_boundary_arn(self) -> Optional[pulumi.Input[builtins.str]]:
|
577
578
|
"""
|
578
579
|
The ARN of the AWS Permissions
|
579
580
|
Boundary to attach to IAM users created in the role. Valid only when
|
@@ -583,12 +584,12 @@ class _SecretBackendRoleState:
|
|
583
584
|
return pulumi.get(self, "permissions_boundary_arn")
|
584
585
|
|
585
586
|
@permissions_boundary_arn.setter
|
586
|
-
def permissions_boundary_arn(self, value: Optional[pulumi.Input[str]]):
|
587
|
+
def permissions_boundary_arn(self, value: Optional[pulumi.Input[builtins.str]]):
|
587
588
|
pulumi.set(self, "permissions_boundary_arn", value)
|
588
589
|
|
589
590
|
@property
|
590
591
|
@pulumi.getter(name="policyArns")
|
591
|
-
def policy_arns(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
592
|
+
def policy_arns(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
592
593
|
"""
|
593
594
|
Specifies a list of AWS managed policy ARNs. The
|
594
595
|
behavior depends on the credential type. With `iam_user`, the policies will be
|
@@ -601,12 +602,12 @@ class _SecretBackendRoleState:
|
|
601
602
|
return pulumi.get(self, "policy_arns")
|
602
603
|
|
603
604
|
@policy_arns.setter
|
604
|
-
def policy_arns(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
605
|
+
def policy_arns(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
605
606
|
pulumi.set(self, "policy_arns", value)
|
606
607
|
|
607
608
|
@property
|
608
609
|
@pulumi.getter(name="policyDocument")
|
609
|
-
def policy_document(self) -> Optional[pulumi.Input[str]]:
|
610
|
+
def policy_document(self) -> Optional[pulumi.Input[builtins.str]]:
|
610
611
|
"""
|
611
612
|
The IAM policy document for the role. The
|
612
613
|
behavior depends on the credential type. With `iam_user`, the policy document
|
@@ -617,12 +618,12 @@ class _SecretBackendRoleState:
|
|
617
618
|
return pulumi.get(self, "policy_document")
|
618
619
|
|
619
620
|
@policy_document.setter
|
620
|
-
def policy_document(self, value: Optional[pulumi.Input[str]]):
|
621
|
+
def policy_document(self, value: Optional[pulumi.Input[builtins.str]]):
|
621
622
|
pulumi.set(self, "policy_document", value)
|
622
623
|
|
623
624
|
@property
|
624
625
|
@pulumi.getter(name="roleArns")
|
625
|
-
def role_arns(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
626
|
+
def role_arns(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
626
627
|
"""
|
627
628
|
Specifies the ARNs of the AWS roles this Vault role
|
628
629
|
is allowed to assume. Required when `credential_type` is `assumed_role` and
|
@@ -631,12 +632,12 @@ class _SecretBackendRoleState:
|
|
631
632
|
return pulumi.get(self, "role_arns")
|
632
633
|
|
633
634
|
@role_arns.setter
|
634
|
-
def role_arns(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
635
|
+
def role_arns(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
635
636
|
pulumi.set(self, "role_arns", value)
|
636
637
|
|
637
638
|
@property
|
638
639
|
@pulumi.getter(name="sessionTags")
|
639
|
-
def session_tags(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
|
640
|
+
def session_tags(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]:
|
640
641
|
"""
|
641
642
|
A map of strings representing key/value pairs to be set
|
642
643
|
during assume role creds creation. Valid only when `credential_type` is set to
|
@@ -645,12 +646,12 @@ class _SecretBackendRoleState:
|
|
645
646
|
return pulumi.get(self, "session_tags")
|
646
647
|
|
647
648
|
@session_tags.setter
|
648
|
-
def session_tags(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
|
649
|
+
def session_tags(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]):
|
649
650
|
pulumi.set(self, "session_tags", value)
|
650
651
|
|
651
652
|
@property
|
652
653
|
@pulumi.getter(name="userPath")
|
653
|
-
def user_path(self) -> Optional[pulumi.Input[str]]:
|
654
|
+
def user_path(self) -> Optional[pulumi.Input[builtins.str]]:
|
654
655
|
"""
|
655
656
|
The path for the user name. Valid only when
|
656
657
|
`credential_type` is `iam_user`. Default is `/`.
|
@@ -658,7 +659,7 @@ class _SecretBackendRoleState:
|
|
658
659
|
return pulumi.get(self, "user_path")
|
659
660
|
|
660
661
|
@user_path.setter
|
661
|
-
def user_path(self, value: Optional[pulumi.Input[str]]):
|
662
|
+
def user_path(self, value: Optional[pulumi.Input[builtins.str]]):
|
662
663
|
pulumi.set(self, "user_path", value)
|
663
664
|
|
664
665
|
|
@@ -667,21 +668,21 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
667
668
|
def __init__(__self__,
|
668
669
|
resource_name: str,
|
669
670
|
opts: Optional[pulumi.ResourceOptions] = None,
|
670
|
-
backend: Optional[pulumi.Input[str]] = None,
|
671
|
-
credential_type: Optional[pulumi.Input[str]] = None,
|
672
|
-
default_sts_ttl: Optional[pulumi.Input[int]] = None,
|
673
|
-
external_id: Optional[pulumi.Input[str]] = None,
|
674
|
-
iam_groups: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
675
|
-
iam_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
676
|
-
max_sts_ttl: Optional[pulumi.Input[int]] = None,
|
677
|
-
name: Optional[pulumi.Input[str]] = None,
|
678
|
-
namespace: Optional[pulumi.Input[str]] = None,
|
679
|
-
permissions_boundary_arn: Optional[pulumi.Input[str]] = None,
|
680
|
-
policy_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
681
|
-
policy_document: Optional[pulumi.Input[str]] = None,
|
682
|
-
role_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
683
|
-
session_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
684
|
-
user_path: Optional[pulumi.Input[str]] = None,
|
671
|
+
backend: Optional[pulumi.Input[builtins.str]] = None,
|
672
|
+
credential_type: Optional[pulumi.Input[builtins.str]] = None,
|
673
|
+
default_sts_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
674
|
+
external_id: Optional[pulumi.Input[builtins.str]] = None,
|
675
|
+
iam_groups: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
676
|
+
iam_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
|
677
|
+
max_sts_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
678
|
+
name: Optional[pulumi.Input[builtins.str]] = None,
|
679
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
680
|
+
permissions_boundary_arn: Optional[pulumi.Input[builtins.str]] = None,
|
681
|
+
policy_arns: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
682
|
+
policy_document: Optional[pulumi.Input[builtins.str]] = None,
|
683
|
+
role_arns: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
684
|
+
session_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
|
685
|
+
user_path: Optional[pulumi.Input[builtins.str]] = None,
|
685
686
|
__props__=None):
|
686
687
|
"""
|
687
688
|
## Example Usage
|
@@ -720,58 +721,58 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
720
721
|
|
721
722
|
:param str resource_name: The name of the resource.
|
722
723
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
723
|
-
:param pulumi.Input[str] backend: The path the AWS secret backend is mounted at,
|
724
|
+
:param pulumi.Input[builtins.str] backend: The path the AWS secret backend is mounted at,
|
724
725
|
with no leading or trailing `/`s.
|
725
|
-
:param pulumi.Input[str] credential_type: Specifies the type of credential to be used when
|
726
|
+
:param pulumi.Input[builtins.str] credential_type: Specifies the type of credential to be used when
|
726
727
|
retrieving credentials from the role. Must be one of `iam_user`, `assumed_role`, or
|
727
728
|
`federation_token`.
|
728
|
-
:param pulumi.Input[int] default_sts_ttl: The default TTL in seconds for STS credentials.
|
729
|
+
:param pulumi.Input[builtins.int] default_sts_ttl: The default TTL in seconds for STS credentials.
|
729
730
|
When a TTL is not specified when STS credentials are requested,
|
730
731
|
and a default TTL is specified on the role,
|
731
732
|
then this default TTL will be used. Valid only when `credential_type` is one of
|
732
733
|
`assumed_role` or `federation_token`.
|
733
|
-
:param pulumi.Input[str] external_id: External ID to set for assume role creds.
|
734
|
+
:param pulumi.Input[builtins.str] external_id: External ID to set for assume role creds.
|
734
735
|
Valid only when `credential_type` is set to `assumed_role`.
|
735
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] iam_groups: A list of IAM group names. IAM users generated
|
736
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] iam_groups: A list of IAM group names. IAM users generated
|
736
737
|
against this vault role will be added to these IAM Groups. For a credential
|
737
738
|
type of `assumed_role` or `federation_token`, the policies sent to the
|
738
739
|
corresponding AWS call (sts:AssumeRole or sts:GetFederation) will be the
|
739
740
|
policies from each group in `iam_groups` combined with the `policy_document`
|
740
741
|
and `policy_arns` parameters.
|
741
|
-
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] iam_tags: A map of strings representing key/value pairs
|
742
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] iam_tags: A map of strings representing key/value pairs
|
742
743
|
to be used as tags for any IAM user that is created by this role.
|
743
|
-
:param pulumi.Input[int] max_sts_ttl: The max allowed TTL in seconds for STS credentials
|
744
|
+
:param pulumi.Input[builtins.int] max_sts_ttl: The max allowed TTL in seconds for STS credentials
|
744
745
|
(credentials TTL are capped to `max_sts_ttl`). Valid only when `credential_type` is
|
745
746
|
one of `assumed_role` or `federation_token`.
|
746
|
-
:param pulumi.Input[str] name: The name to identify this role within the backend.
|
747
|
+
:param pulumi.Input[builtins.str] name: The name to identify this role within the backend.
|
747
748
|
Must be unique within the backend.
|
748
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
749
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
749
750
|
The value should not contain leading or trailing forward slashes.
|
750
751
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
751
752
|
*Available only for Vault Enterprise*.
|
752
|
-
:param pulumi.Input[str] permissions_boundary_arn: The ARN of the AWS Permissions
|
753
|
+
:param pulumi.Input[builtins.str] permissions_boundary_arn: The ARN of the AWS Permissions
|
753
754
|
Boundary to attach to IAM users created in the role. Valid only when
|
754
755
|
`credential_type` is `iam_user`. If not specified, then no permissions boundary
|
755
756
|
policy will be attached.
|
756
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] policy_arns: Specifies a list of AWS managed policy ARNs. The
|
757
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] policy_arns: Specifies a list of AWS managed policy ARNs. The
|
757
758
|
behavior depends on the credential type. With `iam_user`, the policies will be
|
758
759
|
attached to IAM users when they are requested. With `assumed_role` and
|
759
760
|
`federation_token`, the policy ARNs will act as a filter on what the credentials
|
760
761
|
can do, similar to `policy_document`. When `credential_type` is `iam_user` or
|
761
762
|
`federation_token`, at least one of `policy_document` or `policy_arns` must
|
762
763
|
be specified.
|
763
|
-
:param pulumi.Input[str] policy_document: The IAM policy document for the role. The
|
764
|
+
:param pulumi.Input[builtins.str] policy_document: The IAM policy document for the role. The
|
764
765
|
behavior depends on the credential type. With `iam_user`, the policy document
|
765
766
|
will be attached to the IAM user generated and augment the permissions the IAM
|
766
767
|
user has. With `assumed_role` and `federation_token`, the policy document will
|
767
768
|
act as a filter on what the credentials can do, similar to `policy_arns`.
|
768
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] role_arns: Specifies the ARNs of the AWS roles this Vault role
|
769
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] role_arns: Specifies the ARNs of the AWS roles this Vault role
|
769
770
|
is allowed to assume. Required when `credential_type` is `assumed_role` and
|
770
771
|
prohibited otherwise.
|
771
|
-
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] session_tags: A map of strings representing key/value pairs to be set
|
772
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] session_tags: A map of strings representing key/value pairs to be set
|
772
773
|
during assume role creds creation. Valid only when `credential_type` is set to
|
773
774
|
`assumed_role`.
|
774
|
-
:param pulumi.Input[str] user_path: The path for the user name. Valid only when
|
775
|
+
:param pulumi.Input[builtins.str] user_path: The path for the user name. Valid only when
|
775
776
|
`credential_type` is `iam_user`. Default is `/`.
|
776
777
|
"""
|
777
778
|
...
|
@@ -830,21 +831,21 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
830
831
|
def _internal_init(__self__,
|
831
832
|
resource_name: str,
|
832
833
|
opts: Optional[pulumi.ResourceOptions] = None,
|
833
|
-
backend: Optional[pulumi.Input[str]] = None,
|
834
|
-
credential_type: Optional[pulumi.Input[str]] = None,
|
835
|
-
default_sts_ttl: Optional[pulumi.Input[int]] = None,
|
836
|
-
external_id: Optional[pulumi.Input[str]] = None,
|
837
|
-
iam_groups: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
838
|
-
iam_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
839
|
-
max_sts_ttl: Optional[pulumi.Input[int]] = None,
|
840
|
-
name: Optional[pulumi.Input[str]] = None,
|
841
|
-
namespace: Optional[pulumi.Input[str]] = None,
|
842
|
-
permissions_boundary_arn: Optional[pulumi.Input[str]] = None,
|
843
|
-
policy_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
844
|
-
policy_document: Optional[pulumi.Input[str]] = None,
|
845
|
-
role_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
846
|
-
session_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
847
|
-
user_path: Optional[pulumi.Input[str]] = None,
|
834
|
+
backend: Optional[pulumi.Input[builtins.str]] = None,
|
835
|
+
credential_type: Optional[pulumi.Input[builtins.str]] = None,
|
836
|
+
default_sts_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
837
|
+
external_id: Optional[pulumi.Input[builtins.str]] = None,
|
838
|
+
iam_groups: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
839
|
+
iam_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
|
840
|
+
max_sts_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
841
|
+
name: Optional[pulumi.Input[builtins.str]] = None,
|
842
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
843
|
+
permissions_boundary_arn: Optional[pulumi.Input[builtins.str]] = None,
|
844
|
+
policy_arns: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
845
|
+
policy_document: Optional[pulumi.Input[builtins.str]] = None,
|
846
|
+
role_arns: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
847
|
+
session_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
|
848
|
+
user_path: Optional[pulumi.Input[builtins.str]] = None,
|
848
849
|
__props__=None):
|
849
850
|
opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
|
850
851
|
if not isinstance(opts, pulumi.ResourceOptions):
|
@@ -883,21 +884,21 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
883
884
|
def get(resource_name: str,
|
884
885
|
id: pulumi.Input[str],
|
885
886
|
opts: Optional[pulumi.ResourceOptions] = None,
|
886
|
-
backend: Optional[pulumi.Input[str]] = None,
|
887
|
-
credential_type: Optional[pulumi.Input[str]] = None,
|
888
|
-
default_sts_ttl: Optional[pulumi.Input[int]] = None,
|
889
|
-
external_id: Optional[pulumi.Input[str]] = None,
|
890
|
-
iam_groups: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
891
|
-
iam_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
892
|
-
max_sts_ttl: Optional[pulumi.Input[int]] = None,
|
893
|
-
name: Optional[pulumi.Input[str]] = None,
|
894
|
-
namespace: Optional[pulumi.Input[str]] = None,
|
895
|
-
permissions_boundary_arn: Optional[pulumi.Input[str]] = None,
|
896
|
-
policy_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
897
|
-
policy_document: Optional[pulumi.Input[str]] = None,
|
898
|
-
role_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
899
|
-
session_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
900
|
-
user_path: Optional[pulumi.Input[str]] = None) -> 'SecretBackendRole':
|
887
|
+
backend: Optional[pulumi.Input[builtins.str]] = None,
|
888
|
+
credential_type: Optional[pulumi.Input[builtins.str]] = None,
|
889
|
+
default_sts_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
890
|
+
external_id: Optional[pulumi.Input[builtins.str]] = None,
|
891
|
+
iam_groups: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
892
|
+
iam_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
|
893
|
+
max_sts_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
894
|
+
name: Optional[pulumi.Input[builtins.str]] = None,
|
895
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
896
|
+
permissions_boundary_arn: Optional[pulumi.Input[builtins.str]] = None,
|
897
|
+
policy_arns: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
898
|
+
policy_document: Optional[pulumi.Input[builtins.str]] = None,
|
899
|
+
role_arns: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
900
|
+
session_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
|
901
|
+
user_path: Optional[pulumi.Input[builtins.str]] = None) -> 'SecretBackendRole':
|
901
902
|
"""
|
902
903
|
Get an existing SecretBackendRole resource's state with the given name, id, and optional extra
|
903
904
|
properties used to qualify the lookup.
|
@@ -905,58 +906,58 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
905
906
|
:param str resource_name: The unique name of the resulting resource.
|
906
907
|
:param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
|
907
908
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
908
|
-
:param pulumi.Input[str] backend: The path the AWS secret backend is mounted at,
|
909
|
+
:param pulumi.Input[builtins.str] backend: The path the AWS secret backend is mounted at,
|
909
910
|
with no leading or trailing `/`s.
|
910
|
-
:param pulumi.Input[str] credential_type: Specifies the type of credential to be used when
|
911
|
+
:param pulumi.Input[builtins.str] credential_type: Specifies the type of credential to be used when
|
911
912
|
retrieving credentials from the role. Must be one of `iam_user`, `assumed_role`, or
|
912
913
|
`federation_token`.
|
913
|
-
:param pulumi.Input[int] default_sts_ttl: The default TTL in seconds for STS credentials.
|
914
|
+
:param pulumi.Input[builtins.int] default_sts_ttl: The default TTL in seconds for STS credentials.
|
914
915
|
When a TTL is not specified when STS credentials are requested,
|
915
916
|
and a default TTL is specified on the role,
|
916
917
|
then this default TTL will be used. Valid only when `credential_type` is one of
|
917
918
|
`assumed_role` or `federation_token`.
|
918
|
-
:param pulumi.Input[str] external_id: External ID to set for assume role creds.
|
919
|
+
:param pulumi.Input[builtins.str] external_id: External ID to set for assume role creds.
|
919
920
|
Valid only when `credential_type` is set to `assumed_role`.
|
920
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] iam_groups: A list of IAM group names. IAM users generated
|
921
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] iam_groups: A list of IAM group names. IAM users generated
|
921
922
|
against this vault role will be added to these IAM Groups. For a credential
|
922
923
|
type of `assumed_role` or `federation_token`, the policies sent to the
|
923
924
|
corresponding AWS call (sts:AssumeRole or sts:GetFederation) will be the
|
924
925
|
policies from each group in `iam_groups` combined with the `policy_document`
|
925
926
|
and `policy_arns` parameters.
|
926
|
-
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] iam_tags: A map of strings representing key/value pairs
|
927
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] iam_tags: A map of strings representing key/value pairs
|
927
928
|
to be used as tags for any IAM user that is created by this role.
|
928
|
-
:param pulumi.Input[int] max_sts_ttl: The max allowed TTL in seconds for STS credentials
|
929
|
+
:param pulumi.Input[builtins.int] max_sts_ttl: The max allowed TTL in seconds for STS credentials
|
929
930
|
(credentials TTL are capped to `max_sts_ttl`). Valid only when `credential_type` is
|
930
931
|
one of `assumed_role` or `federation_token`.
|
931
|
-
:param pulumi.Input[str] name: The name to identify this role within the backend.
|
932
|
+
:param pulumi.Input[builtins.str] name: The name to identify this role within the backend.
|
932
933
|
Must be unique within the backend.
|
933
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
934
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
934
935
|
The value should not contain leading or trailing forward slashes.
|
935
936
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
936
937
|
*Available only for Vault Enterprise*.
|
937
|
-
:param pulumi.Input[str] permissions_boundary_arn: The ARN of the AWS Permissions
|
938
|
+
:param pulumi.Input[builtins.str] permissions_boundary_arn: The ARN of the AWS Permissions
|
938
939
|
Boundary to attach to IAM users created in the role. Valid only when
|
939
940
|
`credential_type` is `iam_user`. If not specified, then no permissions boundary
|
940
941
|
policy will be attached.
|
941
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] policy_arns: Specifies a list of AWS managed policy ARNs. The
|
942
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] policy_arns: Specifies a list of AWS managed policy ARNs. The
|
942
943
|
behavior depends on the credential type. With `iam_user`, the policies will be
|
943
944
|
attached to IAM users when they are requested. With `assumed_role` and
|
944
945
|
`federation_token`, the policy ARNs will act as a filter on what the credentials
|
945
946
|
can do, similar to `policy_document`. When `credential_type` is `iam_user` or
|
946
947
|
`federation_token`, at least one of `policy_document` or `policy_arns` must
|
947
948
|
be specified.
|
948
|
-
:param pulumi.Input[str] policy_document: The IAM policy document for the role. The
|
949
|
+
:param pulumi.Input[builtins.str] policy_document: The IAM policy document for the role. The
|
949
950
|
behavior depends on the credential type. With `iam_user`, the policy document
|
950
951
|
will be attached to the IAM user generated and augment the permissions the IAM
|
951
952
|
user has. With `assumed_role` and `federation_token`, the policy document will
|
952
953
|
act as a filter on what the credentials can do, similar to `policy_arns`.
|
953
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] role_arns: Specifies the ARNs of the AWS roles this Vault role
|
954
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] role_arns: Specifies the ARNs of the AWS roles this Vault role
|
954
955
|
is allowed to assume. Required when `credential_type` is `assumed_role` and
|
955
956
|
prohibited otherwise.
|
956
|
-
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] session_tags: A map of strings representing key/value pairs to be set
|
957
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] session_tags: A map of strings representing key/value pairs to be set
|
957
958
|
during assume role creds creation. Valid only when `credential_type` is set to
|
958
959
|
`assumed_role`.
|
959
|
-
:param pulumi.Input[str] user_path: The path for the user name. Valid only when
|
960
|
+
:param pulumi.Input[builtins.str] user_path: The path for the user name. Valid only when
|
960
961
|
`credential_type` is `iam_user`. Default is `/`.
|
961
962
|
"""
|
962
963
|
opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
|
@@ -982,7 +983,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
982
983
|
|
983
984
|
@property
|
984
985
|
@pulumi.getter
|
985
|
-
def backend(self) -> pulumi.Output[str]:
|
986
|
+
def backend(self) -> pulumi.Output[builtins.str]:
|
986
987
|
"""
|
987
988
|
The path the AWS secret backend is mounted at,
|
988
989
|
with no leading or trailing `/`s.
|
@@ -991,7 +992,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
991
992
|
|
992
993
|
@property
|
993
994
|
@pulumi.getter(name="credentialType")
|
994
|
-
def credential_type(self) -> pulumi.Output[str]:
|
995
|
+
def credential_type(self) -> pulumi.Output[builtins.str]:
|
995
996
|
"""
|
996
997
|
Specifies the type of credential to be used when
|
997
998
|
retrieving credentials from the role. Must be one of `iam_user`, `assumed_role`, or
|
@@ -1001,7 +1002,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1001
1002
|
|
1002
1003
|
@property
|
1003
1004
|
@pulumi.getter(name="defaultStsTtl")
|
1004
|
-
def default_sts_ttl(self) -> pulumi.Output[int]:
|
1005
|
+
def default_sts_ttl(self) -> pulumi.Output[builtins.int]:
|
1005
1006
|
"""
|
1006
1007
|
The default TTL in seconds for STS credentials.
|
1007
1008
|
When a TTL is not specified when STS credentials are requested,
|
@@ -1013,7 +1014,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1013
1014
|
|
1014
1015
|
@property
|
1015
1016
|
@pulumi.getter(name="externalId")
|
1016
|
-
def external_id(self) -> pulumi.Output[Optional[str]]:
|
1017
|
+
def external_id(self) -> pulumi.Output[Optional[builtins.str]]:
|
1017
1018
|
"""
|
1018
1019
|
External ID to set for assume role creds.
|
1019
1020
|
Valid only when `credential_type` is set to `assumed_role`.
|
@@ -1022,7 +1023,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1022
1023
|
|
1023
1024
|
@property
|
1024
1025
|
@pulumi.getter(name="iamGroups")
|
1025
|
-
def iam_groups(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
1026
|
+
def iam_groups(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
|
1026
1027
|
"""
|
1027
1028
|
A list of IAM group names. IAM users generated
|
1028
1029
|
against this vault role will be added to these IAM Groups. For a credential
|
@@ -1035,7 +1036,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1035
1036
|
|
1036
1037
|
@property
|
1037
1038
|
@pulumi.getter(name="iamTags")
|
1038
|
-
def iam_tags(self) -> pulumi.Output[Optional[Mapping[str, str]]]:
|
1039
|
+
def iam_tags(self) -> pulumi.Output[Optional[Mapping[str, builtins.str]]]:
|
1039
1040
|
"""
|
1040
1041
|
A map of strings representing key/value pairs
|
1041
1042
|
to be used as tags for any IAM user that is created by this role.
|
@@ -1044,7 +1045,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1044
1045
|
|
1045
1046
|
@property
|
1046
1047
|
@pulumi.getter(name="maxStsTtl")
|
1047
|
-
def max_sts_ttl(self) -> pulumi.Output[int]:
|
1048
|
+
def max_sts_ttl(self) -> pulumi.Output[builtins.int]:
|
1048
1049
|
"""
|
1049
1050
|
The max allowed TTL in seconds for STS credentials
|
1050
1051
|
(credentials TTL are capped to `max_sts_ttl`). Valid only when `credential_type` is
|
@@ -1054,7 +1055,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1054
1055
|
|
1055
1056
|
@property
|
1056
1057
|
@pulumi.getter
|
1057
|
-
def name(self) -> pulumi.Output[str]:
|
1058
|
+
def name(self) -> pulumi.Output[builtins.str]:
|
1058
1059
|
"""
|
1059
1060
|
The name to identify this role within the backend.
|
1060
1061
|
Must be unique within the backend.
|
@@ -1063,7 +1064,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1063
1064
|
|
1064
1065
|
@property
|
1065
1066
|
@pulumi.getter
|
1066
|
-
def namespace(self) -> pulumi.Output[Optional[str]]:
|
1067
|
+
def namespace(self) -> pulumi.Output[Optional[builtins.str]]:
|
1067
1068
|
"""
|
1068
1069
|
The namespace to provision the resource in.
|
1069
1070
|
The value should not contain leading or trailing forward slashes.
|
@@ -1074,7 +1075,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1074
1075
|
|
1075
1076
|
@property
|
1076
1077
|
@pulumi.getter(name="permissionsBoundaryArn")
|
1077
|
-
def permissions_boundary_arn(self) -> pulumi.Output[Optional[str]]:
|
1078
|
+
def permissions_boundary_arn(self) -> pulumi.Output[Optional[builtins.str]]:
|
1078
1079
|
"""
|
1079
1080
|
The ARN of the AWS Permissions
|
1080
1081
|
Boundary to attach to IAM users created in the role. Valid only when
|
@@ -1085,7 +1086,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1085
1086
|
|
1086
1087
|
@property
|
1087
1088
|
@pulumi.getter(name="policyArns")
|
1088
|
-
def policy_arns(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
1089
|
+
def policy_arns(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
|
1089
1090
|
"""
|
1090
1091
|
Specifies a list of AWS managed policy ARNs. The
|
1091
1092
|
behavior depends on the credential type. With `iam_user`, the policies will be
|
@@ -1099,7 +1100,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1099
1100
|
|
1100
1101
|
@property
|
1101
1102
|
@pulumi.getter(name="policyDocument")
|
1102
|
-
def policy_document(self) -> pulumi.Output[Optional[str]]:
|
1103
|
+
def policy_document(self) -> pulumi.Output[Optional[builtins.str]]:
|
1103
1104
|
"""
|
1104
1105
|
The IAM policy document for the role. The
|
1105
1106
|
behavior depends on the credential type. With `iam_user`, the policy document
|
@@ -1111,7 +1112,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1111
1112
|
|
1112
1113
|
@property
|
1113
1114
|
@pulumi.getter(name="roleArns")
|
1114
|
-
def role_arns(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
1115
|
+
def role_arns(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
|
1115
1116
|
"""
|
1116
1117
|
Specifies the ARNs of the AWS roles this Vault role
|
1117
1118
|
is allowed to assume. Required when `credential_type` is `assumed_role` and
|
@@ -1121,7 +1122,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1121
1122
|
|
1122
1123
|
@property
|
1123
1124
|
@pulumi.getter(name="sessionTags")
|
1124
|
-
def session_tags(self) -> pulumi.Output[Optional[Mapping[str, str]]]:
|
1125
|
+
def session_tags(self) -> pulumi.Output[Optional[Mapping[str, builtins.str]]]:
|
1125
1126
|
"""
|
1126
1127
|
A map of strings representing key/value pairs to be set
|
1127
1128
|
during assume role creds creation. Valid only when `credential_type` is set to
|
@@ -1131,7 +1132,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1131
1132
|
|
1132
1133
|
@property
|
1133
1134
|
@pulumi.getter(name="userPath")
|
1134
|
-
def user_path(self) -> pulumi.Output[Optional[str]]:
|
1135
|
+
def user_path(self) -> pulumi.Output[Optional[builtins.str]]:
|
1135
1136
|
"""
|
1136
1137
|
The path for the user name. Valid only when
|
1137
1138
|
`credential_type` is `iam_user`. Default is `/`.
|