pulumi-vault 6.7.0a1743576047__py3-none-any.whl → 6.7.0a1744183682__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +1 -0
- pulumi_vault/_inputs.py +554 -553
- pulumi_vault/ad/__init__.py +1 -0
- pulumi_vault/ad/get_access_credentials.py +20 -19
- pulumi_vault/ad/secret_backend.py +477 -476
- pulumi_vault/ad/secret_library.py +99 -98
- pulumi_vault/ad/secret_role.py +85 -84
- pulumi_vault/alicloud/__init__.py +1 -0
- pulumi_vault/alicloud/auth_backend_role.py +183 -182
- pulumi_vault/approle/__init__.py +1 -0
- pulumi_vault/approle/auth_backend_login.py +106 -105
- pulumi_vault/approle/auth_backend_role.py +239 -238
- pulumi_vault/approle/auth_backend_role_secret_id.py +162 -161
- pulumi_vault/approle/get_auth_backend_role_id.py +18 -17
- pulumi_vault/audit.py +85 -84
- pulumi_vault/audit_request_header.py +43 -42
- pulumi_vault/auth_backend.py +106 -105
- pulumi_vault/aws/__init__.py +1 -0
- pulumi_vault/aws/auth_backend_cert.py +71 -70
- pulumi_vault/aws/auth_backend_client.py +253 -252
- pulumi_vault/aws/auth_backend_config_identity.py +85 -84
- pulumi_vault/aws/auth_backend_identity_whitelist.py +57 -56
- pulumi_vault/aws/auth_backend_login.py +209 -208
- pulumi_vault/aws/auth_backend_role.py +400 -399
- pulumi_vault/aws/auth_backend_role_tag.py +127 -126
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +57 -56
- pulumi_vault/aws/auth_backend_sts_role.py +71 -70
- pulumi_vault/aws/get_access_credentials.py +44 -43
- pulumi_vault/aws/get_static_access_credentials.py +13 -12
- pulumi_vault/aws/secret_backend.py +337 -336
- pulumi_vault/aws/secret_backend_role.py +211 -210
- pulumi_vault/aws/secret_backend_static_role.py +113 -112
- pulumi_vault/azure/__init__.py +1 -0
- pulumi_vault/azure/_inputs.py +21 -20
- pulumi_vault/azure/auth_backend_config.py +183 -182
- pulumi_vault/azure/auth_backend_role.py +253 -252
- pulumi_vault/azure/backend.py +239 -238
- pulumi_vault/azure/backend_role.py +141 -140
- pulumi_vault/azure/get_access_credentials.py +58 -57
- pulumi_vault/azure/outputs.py +11 -10
- pulumi_vault/cert_auth_backend_role.py +365 -364
- pulumi_vault/config/__init__.py +1 -0
- pulumi_vault/config/__init__.pyi +1 -0
- pulumi_vault/config/_inputs.py +11 -10
- pulumi_vault/config/outputs.py +287 -286
- pulumi_vault/config/ui_custom_message.py +113 -112
- pulumi_vault/config/vars.py +1 -0
- pulumi_vault/consul/__init__.py +1 -0
- pulumi_vault/consul/secret_backend.py +197 -196
- pulumi_vault/consul/secret_backend_role.py +183 -182
- pulumi_vault/database/__init__.py +1 -0
- pulumi_vault/database/_inputs.py +2525 -2524
- pulumi_vault/database/outputs.py +1529 -1528
- pulumi_vault/database/secret_backend_connection.py +169 -168
- pulumi_vault/database/secret_backend_role.py +169 -168
- pulumi_vault/database/secret_backend_static_role.py +179 -178
- pulumi_vault/database/secrets_mount.py +267 -266
- pulumi_vault/egp_policy.py +71 -70
- pulumi_vault/gcp/__init__.py +1 -0
- pulumi_vault/gcp/_inputs.py +82 -81
- pulumi_vault/gcp/auth_backend.py +260 -259
- pulumi_vault/gcp/auth_backend_role.py +281 -280
- pulumi_vault/gcp/get_auth_backend_role.py +70 -69
- pulumi_vault/gcp/outputs.py +50 -49
- pulumi_vault/gcp/secret_backend.py +232 -231
- pulumi_vault/gcp/secret_impersonated_account.py +92 -91
- pulumi_vault/gcp/secret_roleset.py +92 -91
- pulumi_vault/gcp/secret_static_account.py +92 -91
- pulumi_vault/generic/__init__.py +1 -0
- pulumi_vault/generic/endpoint.py +113 -112
- pulumi_vault/generic/get_secret.py +28 -27
- pulumi_vault/generic/secret.py +78 -77
- pulumi_vault/get_auth_backend.py +19 -18
- pulumi_vault/get_auth_backends.py +14 -13
- pulumi_vault/get_namespace.py +15 -14
- pulumi_vault/get_namespaces.py +8 -7
- pulumi_vault/get_nomad_access_token.py +19 -18
- pulumi_vault/get_policy_document.py +6 -5
- pulumi_vault/get_raft_autopilot_state.py +18 -17
- pulumi_vault/github/__init__.py +1 -0
- pulumi_vault/github/_inputs.py +42 -41
- pulumi_vault/github/auth_backend.py +232 -231
- pulumi_vault/github/outputs.py +26 -25
- pulumi_vault/github/team.py +57 -56
- pulumi_vault/github/user.py +57 -56
- pulumi_vault/identity/__init__.py +1 -0
- pulumi_vault/identity/entity.py +85 -84
- pulumi_vault/identity/entity_alias.py +71 -70
- pulumi_vault/identity/entity_policies.py +64 -63
- pulumi_vault/identity/get_entity.py +43 -42
- pulumi_vault/identity/get_group.py +50 -49
- pulumi_vault/identity/get_oidc_client_creds.py +14 -13
- pulumi_vault/identity/get_oidc_openid_config.py +24 -23
- pulumi_vault/identity/get_oidc_public_keys.py +13 -12
- pulumi_vault/identity/group.py +141 -140
- pulumi_vault/identity/group_alias.py +57 -56
- pulumi_vault/identity/group_member_entity_ids.py +57 -56
- pulumi_vault/identity/group_member_group_ids.py +57 -56
- pulumi_vault/identity/group_policies.py +64 -63
- pulumi_vault/identity/mfa_duo.py +148 -147
- pulumi_vault/identity/mfa_login_enforcement.py +120 -119
- pulumi_vault/identity/mfa_okta.py +134 -133
- pulumi_vault/identity/mfa_pingid.py +127 -126
- pulumi_vault/identity/mfa_totp.py +176 -175
- pulumi_vault/identity/oidc.py +29 -28
- pulumi_vault/identity/oidc_assignment.py +57 -56
- pulumi_vault/identity/oidc_client.py +127 -126
- pulumi_vault/identity/oidc_key.py +85 -84
- pulumi_vault/identity/oidc_key_allowed_client_id.py +43 -42
- pulumi_vault/identity/oidc_provider.py +92 -91
- pulumi_vault/identity/oidc_role.py +85 -84
- pulumi_vault/identity/oidc_scope.py +57 -56
- pulumi_vault/identity/outputs.py +32 -31
- pulumi_vault/jwt/__init__.py +1 -0
- pulumi_vault/jwt/_inputs.py +42 -41
- pulumi_vault/jwt/auth_backend.py +288 -287
- pulumi_vault/jwt/auth_backend_role.py +407 -406
- pulumi_vault/jwt/outputs.py +26 -25
- pulumi_vault/kmip/__init__.py +1 -0
- pulumi_vault/kmip/secret_backend.py +183 -182
- pulumi_vault/kmip/secret_role.py +295 -294
- pulumi_vault/kmip/secret_scope.py +57 -56
- pulumi_vault/kubernetes/__init__.py +1 -0
- pulumi_vault/kubernetes/auth_backend_config.py +141 -140
- pulumi_vault/kubernetes/auth_backend_role.py +225 -224
- pulumi_vault/kubernetes/get_auth_backend_config.py +47 -46
- pulumi_vault/kubernetes/get_auth_backend_role.py +70 -69
- pulumi_vault/kubernetes/get_service_account_token.py +38 -37
- pulumi_vault/kubernetes/secret_backend.py +316 -315
- pulumi_vault/kubernetes/secret_backend_role.py +197 -196
- pulumi_vault/kv/__init__.py +1 -0
- pulumi_vault/kv/_inputs.py +21 -20
- pulumi_vault/kv/get_secret.py +17 -16
- pulumi_vault/kv/get_secret_subkeys_v2.py +30 -29
- pulumi_vault/kv/get_secret_v2.py +29 -28
- pulumi_vault/kv/get_secrets_list.py +13 -12
- pulumi_vault/kv/get_secrets_list_v2.py +19 -18
- pulumi_vault/kv/outputs.py +13 -12
- pulumi_vault/kv/secret.py +50 -49
- pulumi_vault/kv/secret_backend_v2.py +71 -70
- pulumi_vault/kv/secret_v2.py +134 -133
- pulumi_vault/ldap/__init__.py +1 -0
- pulumi_vault/ldap/auth_backend.py +588 -587
- pulumi_vault/ldap/auth_backend_group.py +57 -56
- pulumi_vault/ldap/auth_backend_user.py +71 -70
- pulumi_vault/ldap/get_dynamic_credentials.py +17 -16
- pulumi_vault/ldap/get_static_credentials.py +18 -17
- pulumi_vault/ldap/secret_backend.py +554 -553
- pulumi_vault/ldap/secret_backend_dynamic_role.py +127 -126
- pulumi_vault/ldap/secret_backend_library_set.py +99 -98
- pulumi_vault/ldap/secret_backend_static_role.py +99 -98
- pulumi_vault/managed/__init__.py +1 -0
- pulumi_vault/managed/_inputs.py +229 -228
- pulumi_vault/managed/keys.py +15 -14
- pulumi_vault/managed/outputs.py +139 -138
- pulumi_vault/mfa_duo.py +113 -112
- pulumi_vault/mfa_okta.py +113 -112
- pulumi_vault/mfa_pingid.py +120 -119
- pulumi_vault/mfa_totp.py +127 -126
- pulumi_vault/mongodbatlas/__init__.py +1 -0
- pulumi_vault/mongodbatlas/secret_backend.py +64 -63
- pulumi_vault/mongodbatlas/secret_role.py +155 -154
- pulumi_vault/mount.py +274 -273
- pulumi_vault/namespace.py +64 -63
- pulumi_vault/nomad_secret_backend.py +211 -210
- pulumi_vault/nomad_secret_role.py +85 -84
- pulumi_vault/okta/__init__.py +1 -0
- pulumi_vault/okta/_inputs.py +26 -25
- pulumi_vault/okta/auth_backend.py +274 -273
- pulumi_vault/okta/auth_backend_group.py +57 -56
- pulumi_vault/okta/auth_backend_user.py +71 -70
- pulumi_vault/okta/outputs.py +16 -15
- pulumi_vault/outputs.py +56 -55
- pulumi_vault/password_policy.py +43 -42
- pulumi_vault/pkisecret/__init__.py +1 -0
- pulumi_vault/pkisecret/_inputs.py +31 -30
- pulumi_vault/pkisecret/backend_acme_eab.py +92 -91
- pulumi_vault/pkisecret/backend_config_acme.py +141 -140
- pulumi_vault/pkisecret/backend_config_auto_tidy.py +323 -322
- pulumi_vault/pkisecret/backend_config_cluster.py +57 -56
- pulumi_vault/pkisecret/backend_config_cmpv2.py +106 -105
- pulumi_vault/pkisecret/backend_config_est.py +120 -119
- pulumi_vault/pkisecret/get_backend_cert_metadata.py +22 -21
- pulumi_vault/pkisecret/get_backend_config_cmpv2.py +22 -21
- pulumi_vault/pkisecret/get_backend_config_est.py +19 -18
- pulumi_vault/pkisecret/get_backend_issuer.py +45 -44
- pulumi_vault/pkisecret/get_backend_issuers.py +15 -14
- pulumi_vault/pkisecret/get_backend_key.py +20 -19
- pulumi_vault/pkisecret/get_backend_keys.py +15 -14
- pulumi_vault/pkisecret/outputs.py +28 -27
- pulumi_vault/pkisecret/secret_backend_cert.py +337 -336
- pulumi_vault/pkisecret/secret_backend_config_ca.py +43 -42
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +57 -56
- pulumi_vault/pkisecret/secret_backend_config_urls.py +85 -84
- pulumi_vault/pkisecret/secret_backend_crl_config.py +197 -196
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +421 -420
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +57 -56
- pulumi_vault/pkisecret/secret_backend_issuer.py +232 -231
- pulumi_vault/pkisecret/secret_backend_key.py +120 -119
- pulumi_vault/pkisecret/secret_backend_role.py +715 -714
- pulumi_vault/pkisecret/secret_backend_root_cert.py +554 -553
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +526 -525
- pulumi_vault/pkisecret/secret_backend_sign.py +281 -280
- pulumi_vault/plugin.py +127 -126
- pulumi_vault/plugin_pinned_version.py +43 -42
- pulumi_vault/policy.py +43 -42
- pulumi_vault/provider.py +120 -119
- pulumi_vault/pulumi-plugin.json +1 -1
- pulumi_vault/quota_lease_count.py +85 -84
- pulumi_vault/quota_rate_limit.py +113 -112
- pulumi_vault/rabbitmq/__init__.py +1 -0
- pulumi_vault/rabbitmq/_inputs.py +41 -40
- pulumi_vault/rabbitmq/outputs.py +25 -24
- pulumi_vault/rabbitmq/secret_backend.py +169 -168
- pulumi_vault/rabbitmq/secret_backend_role.py +57 -56
- pulumi_vault/raft_autopilot.py +113 -112
- pulumi_vault/raft_snapshot_agent_config.py +393 -392
- pulumi_vault/rgp_policy.py +57 -56
- pulumi_vault/saml/__init__.py +1 -0
- pulumi_vault/saml/auth_backend.py +155 -154
- pulumi_vault/saml/auth_backend_role.py +239 -238
- pulumi_vault/secrets/__init__.py +1 -0
- pulumi_vault/secrets/_inputs.py +16 -15
- pulumi_vault/secrets/outputs.py +10 -9
- pulumi_vault/secrets/sync_association.py +71 -70
- pulumi_vault/secrets/sync_aws_destination.py +148 -147
- pulumi_vault/secrets/sync_azure_destination.py +148 -147
- pulumi_vault/secrets/sync_config.py +43 -42
- pulumi_vault/secrets/sync_gcp_destination.py +106 -105
- pulumi_vault/secrets/sync_gh_destination.py +134 -133
- pulumi_vault/secrets/sync_github_apps.py +64 -63
- pulumi_vault/secrets/sync_vercel_destination.py +120 -119
- pulumi_vault/ssh/__init__.py +1 -0
- pulumi_vault/ssh/_inputs.py +11 -10
- pulumi_vault/ssh/get_secret_backend_sign.py +52 -51
- pulumi_vault/ssh/outputs.py +7 -6
- pulumi_vault/ssh/secret_backend_ca.py +99 -98
- pulumi_vault/ssh/secret_backend_role.py +365 -364
- pulumi_vault/terraformcloud/__init__.py +1 -0
- pulumi_vault/terraformcloud/secret_backend.py +111 -110
- pulumi_vault/terraformcloud/secret_creds.py +74 -73
- pulumi_vault/terraformcloud/secret_role.py +93 -92
- pulumi_vault/token.py +246 -245
- pulumi_vault/tokenauth/__init__.py +1 -0
- pulumi_vault/tokenauth/auth_backend_role.py +267 -266
- pulumi_vault/transform/__init__.py +1 -0
- pulumi_vault/transform/alphabet.py +57 -56
- pulumi_vault/transform/get_decode.py +47 -46
- pulumi_vault/transform/get_encode.py +47 -46
- pulumi_vault/transform/role.py +57 -56
- pulumi_vault/transform/template.py +113 -112
- pulumi_vault/transform/transformation.py +141 -140
- pulumi_vault/transit/__init__.py +1 -0
- pulumi_vault/transit/get_decrypt.py +18 -17
- pulumi_vault/transit/get_encrypt.py +21 -20
- pulumi_vault/transit/get_sign.py +54 -53
- pulumi_vault/transit/get_verify.py +60 -59
- pulumi_vault/transit/secret_backend_key.py +274 -273
- pulumi_vault/transit/secret_cache_config.py +43 -42
- {pulumi_vault-6.7.0a1743576047.dist-info → pulumi_vault-6.7.0a1744183682.dist-info}/METADATA +1 -1
- pulumi_vault-6.7.0a1744183682.dist-info/RECORD +265 -0
- pulumi_vault-6.7.0a1743576047.dist-info/RECORD +0 -265
- {pulumi_vault-6.7.0a1743576047.dist-info → pulumi_vault-6.7.0a1744183682.dist-info}/WHEEL +0 -0
- {pulumi_vault-6.7.0a1743576047.dist-info → pulumi_vault-6.7.0a1744183682.dist-info}/top_level.txt +0 -0
pulumi_vault/gcp/auth_backend.py
CHANGED
@@ -2,6 +2,7 @@
|
|
2
2
|
# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
|
3
3
|
# *** Do not edit by hand unless you're certain you know what you are doing! ***
|
4
4
|
|
5
|
+
import builtins
|
5
6
|
import copy
|
6
7
|
import warnings
|
7
8
|
import sys
|
@@ -21,31 +22,31 @@ __all__ = ['AuthBackendArgs', 'AuthBackend']
|
|
21
22
|
@pulumi.input_type
|
22
23
|
class AuthBackendArgs:
|
23
24
|
def __init__(__self__, *,
|
24
|
-
client_email: Optional[pulumi.Input[str]] = None,
|
25
|
-
client_id: Optional[pulumi.Input[str]] = None,
|
26
|
-
credentials: Optional[pulumi.Input[str]] = None,
|
25
|
+
client_email: Optional[pulumi.Input[builtins.str]] = None,
|
26
|
+
client_id: Optional[pulumi.Input[builtins.str]] = None,
|
27
|
+
credentials: Optional[pulumi.Input[builtins.str]] = None,
|
27
28
|
custom_endpoint: Optional[pulumi.Input['AuthBackendCustomEndpointArgs']] = None,
|
28
|
-
description: Optional[pulumi.Input[str]] = None,
|
29
|
-
disable_automated_rotation: Optional[pulumi.Input[bool]] = None,
|
30
|
-
disable_remount: Optional[pulumi.Input[bool]] = None,
|
31
|
-
identity_token_audience: Optional[pulumi.Input[str]] = None,
|
32
|
-
identity_token_key: Optional[pulumi.Input[str]] = None,
|
33
|
-
identity_token_ttl: Optional[pulumi.Input[int]] = None,
|
34
|
-
local: Optional[pulumi.Input[bool]] = None,
|
35
|
-
namespace: Optional[pulumi.Input[str]] = None,
|
36
|
-
path: Optional[pulumi.Input[str]] = None,
|
37
|
-
private_key_id: Optional[pulumi.Input[str]] = None,
|
38
|
-
project_id: Optional[pulumi.Input[str]] = None,
|
39
|
-
rotation_period: Optional[pulumi.Input[int]] = None,
|
40
|
-
rotation_schedule: Optional[pulumi.Input[str]] = None,
|
41
|
-
rotation_window: Optional[pulumi.Input[int]] = None,
|
42
|
-
service_account_email: Optional[pulumi.Input[str]] = None,
|
29
|
+
description: Optional[pulumi.Input[builtins.str]] = None,
|
30
|
+
disable_automated_rotation: Optional[pulumi.Input[builtins.bool]] = None,
|
31
|
+
disable_remount: Optional[pulumi.Input[builtins.bool]] = None,
|
32
|
+
identity_token_audience: Optional[pulumi.Input[builtins.str]] = None,
|
33
|
+
identity_token_key: Optional[pulumi.Input[builtins.str]] = None,
|
34
|
+
identity_token_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
35
|
+
local: Optional[pulumi.Input[builtins.bool]] = None,
|
36
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
37
|
+
path: Optional[pulumi.Input[builtins.str]] = None,
|
38
|
+
private_key_id: Optional[pulumi.Input[builtins.str]] = None,
|
39
|
+
project_id: Optional[pulumi.Input[builtins.str]] = None,
|
40
|
+
rotation_period: Optional[pulumi.Input[builtins.int]] = None,
|
41
|
+
rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
|
42
|
+
rotation_window: Optional[pulumi.Input[builtins.int]] = None,
|
43
|
+
service_account_email: Optional[pulumi.Input[builtins.str]] = None,
|
43
44
|
tune: Optional[pulumi.Input['AuthBackendTuneArgs']] = None):
|
44
45
|
"""
|
45
46
|
The set of arguments for constructing a AuthBackend resource.
|
46
|
-
:param pulumi.Input[str] client_email: The clients email associated with the credentials
|
47
|
-
:param pulumi.Input[str] client_id: The Client ID of the credentials
|
48
|
-
:param pulumi.Input[str] credentials: A JSON string containing the contents of a GCP credentials file. If this value is empty, Vault will try to use Application Default Credentials from the machine on which the Vault server is running.
|
47
|
+
:param pulumi.Input[builtins.str] client_email: The clients email associated with the credentials
|
48
|
+
:param pulumi.Input[builtins.str] client_id: The Client ID of the credentials
|
49
|
+
:param pulumi.Input[builtins.str] credentials: A JSON string containing the contents of a GCP credentials file. If this value is empty, Vault will try to use Application Default Credentials from the machine on which the Vault server is running.
|
49
50
|
:param pulumi.Input['AuthBackendCustomEndpointArgs'] custom_endpoint: Specifies overrides to
|
50
51
|
[service endpoints](https://cloud.google.com/apis/design/glossary#api_service_endpoint)
|
51
52
|
used when making API requests. This allows specific requests made during authentication
|
@@ -53,32 +54,32 @@ class AuthBackendArgs:
|
|
53
54
|
environments. Requires Vault 1.11+.
|
54
55
|
|
55
56
|
Overrides are set at the subdomain level using the following keys:
|
56
|
-
:param pulumi.Input[str] description: A description of the auth method.
|
57
|
-
:param pulumi.Input[bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
58
|
-
:param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
|
57
|
+
:param pulumi.Input[builtins.str] description: A description of the auth method.
|
58
|
+
:param pulumi.Input[builtins.bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
59
|
+
:param pulumi.Input[builtins.bool] disable_remount: If set, opts out of mount migration on path updates.
|
59
60
|
See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
|
60
|
-
:param pulumi.Input[str] identity_token_audience: The audience claim value for plugin identity
|
61
|
+
:param pulumi.Input[builtins.str] identity_token_audience: The audience claim value for plugin identity
|
61
62
|
tokens. Must match an allowed audience configured for the target [Workload Identity Pool](https://cloud.google.com/iam/docs/workload-identity-federation-with-other-providers#prepare).
|
62
63
|
Mutually exclusive with `credentials`. Requires Vault 1.17+. *Available only for Vault Enterprise*.
|
63
|
-
:param pulumi.Input[str] identity_token_key: The key to use for signing plugin identity
|
64
|
+
:param pulumi.Input[builtins.str] identity_token_key: The key to use for signing plugin identity
|
64
65
|
tokens. Requires Vault 1.17+. *Available only for Vault Enterprise*.
|
65
|
-
:param pulumi.Input[int] identity_token_ttl: The TTL of generated tokens.
|
66
|
-
:param pulumi.Input[bool] local: Specifies if the auth method is local only.
|
67
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
66
|
+
:param pulumi.Input[builtins.int] identity_token_ttl: The TTL of generated tokens.
|
67
|
+
:param pulumi.Input[builtins.bool] local: Specifies if the auth method is local only.
|
68
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
68
69
|
The value should not contain leading or trailing forward slashes.
|
69
70
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
70
71
|
*Available only for Vault Enterprise*.
|
71
|
-
:param pulumi.Input[str] path: The path to mount the auth method — this defaults to 'gcp'.
|
72
|
-
:param pulumi.Input[str] private_key_id: The ID of the private key from the credentials
|
73
|
-
:param pulumi.Input[str] project_id: The GCP Project ID
|
74
|
-
:param pulumi.Input[int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
|
72
|
+
:param pulumi.Input[builtins.str] path: The path to mount the auth method — this defaults to 'gcp'.
|
73
|
+
:param pulumi.Input[builtins.str] private_key_id: The ID of the private key from the credentials
|
74
|
+
:param pulumi.Input[builtins.str] project_id: The GCP Project ID
|
75
|
+
:param pulumi.Input[builtins.int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
|
75
76
|
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
76
|
-
:param pulumi.Input[str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
77
|
+
:param pulumi.Input[builtins.str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
77
78
|
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
78
|
-
:param pulumi.Input[int] rotation_window: The maximum amount of time in seconds allowed to complete
|
79
|
+
:param pulumi.Input[builtins.int] rotation_window: The maximum amount of time in seconds allowed to complete
|
79
80
|
a rotation when a scheduled token rotation occurs. The default rotation window is
|
80
81
|
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
|
81
|
-
:param pulumi.Input[str] service_account_email: Service Account to impersonate for plugin workload identity federation.
|
82
|
+
:param pulumi.Input[builtins.str] service_account_email: Service Account to impersonate for plugin workload identity federation.
|
82
83
|
Required with `identity_token_audience`. Requires Vault 1.17+. *Available only for Vault Enterprise*.
|
83
84
|
:param pulumi.Input['AuthBackendTuneArgs'] tune: Extra configuration block. Structure is documented below.
|
84
85
|
|
@@ -127,38 +128,38 @@ class AuthBackendArgs:
|
|
127
128
|
|
128
129
|
@property
|
129
130
|
@pulumi.getter(name="clientEmail")
|
130
|
-
def client_email(self) -> Optional[pulumi.Input[str]]:
|
131
|
+
def client_email(self) -> Optional[pulumi.Input[builtins.str]]:
|
131
132
|
"""
|
132
133
|
The clients email associated with the credentials
|
133
134
|
"""
|
134
135
|
return pulumi.get(self, "client_email")
|
135
136
|
|
136
137
|
@client_email.setter
|
137
|
-
def client_email(self, value: Optional[pulumi.Input[str]]):
|
138
|
+
def client_email(self, value: Optional[pulumi.Input[builtins.str]]):
|
138
139
|
pulumi.set(self, "client_email", value)
|
139
140
|
|
140
141
|
@property
|
141
142
|
@pulumi.getter(name="clientId")
|
142
|
-
def client_id(self) -> Optional[pulumi.Input[str]]:
|
143
|
+
def client_id(self) -> Optional[pulumi.Input[builtins.str]]:
|
143
144
|
"""
|
144
145
|
The Client ID of the credentials
|
145
146
|
"""
|
146
147
|
return pulumi.get(self, "client_id")
|
147
148
|
|
148
149
|
@client_id.setter
|
149
|
-
def client_id(self, value: Optional[pulumi.Input[str]]):
|
150
|
+
def client_id(self, value: Optional[pulumi.Input[builtins.str]]):
|
150
151
|
pulumi.set(self, "client_id", value)
|
151
152
|
|
152
153
|
@property
|
153
154
|
@pulumi.getter
|
154
|
-
def credentials(self) -> Optional[pulumi.Input[str]]:
|
155
|
+
def credentials(self) -> Optional[pulumi.Input[builtins.str]]:
|
155
156
|
"""
|
156
157
|
A JSON string containing the contents of a GCP credentials file. If this value is empty, Vault will try to use Application Default Credentials from the machine on which the Vault server is running.
|
157
158
|
"""
|
158
159
|
return pulumi.get(self, "credentials")
|
159
160
|
|
160
161
|
@credentials.setter
|
161
|
-
def credentials(self, value: Optional[pulumi.Input[str]]):
|
162
|
+
def credentials(self, value: Optional[pulumi.Input[builtins.str]]):
|
162
163
|
pulumi.set(self, "credentials", value)
|
163
164
|
|
164
165
|
@property
|
@@ -181,31 +182,31 @@ class AuthBackendArgs:
|
|
181
182
|
|
182
183
|
@property
|
183
184
|
@pulumi.getter
|
184
|
-
def description(self) -> Optional[pulumi.Input[str]]:
|
185
|
+
def description(self) -> Optional[pulumi.Input[builtins.str]]:
|
185
186
|
"""
|
186
187
|
A description of the auth method.
|
187
188
|
"""
|
188
189
|
return pulumi.get(self, "description")
|
189
190
|
|
190
191
|
@description.setter
|
191
|
-
def description(self, value: Optional[pulumi.Input[str]]):
|
192
|
+
def description(self, value: Optional[pulumi.Input[builtins.str]]):
|
192
193
|
pulumi.set(self, "description", value)
|
193
194
|
|
194
195
|
@property
|
195
196
|
@pulumi.getter(name="disableAutomatedRotation")
|
196
|
-
def disable_automated_rotation(self) -> Optional[pulumi.Input[bool]]:
|
197
|
+
def disable_automated_rotation(self) -> Optional[pulumi.Input[builtins.bool]]:
|
197
198
|
"""
|
198
199
|
Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
199
200
|
"""
|
200
201
|
return pulumi.get(self, "disable_automated_rotation")
|
201
202
|
|
202
203
|
@disable_automated_rotation.setter
|
203
|
-
def disable_automated_rotation(self, value: Optional[pulumi.Input[bool]]):
|
204
|
+
def disable_automated_rotation(self, value: Optional[pulumi.Input[builtins.bool]]):
|
204
205
|
pulumi.set(self, "disable_automated_rotation", value)
|
205
206
|
|
206
207
|
@property
|
207
208
|
@pulumi.getter(name="disableRemount")
|
208
|
-
def disable_remount(self) -> Optional[pulumi.Input[bool]]:
|
209
|
+
def disable_remount(self) -> Optional[pulumi.Input[builtins.bool]]:
|
209
210
|
"""
|
210
211
|
If set, opts out of mount migration on path updates.
|
211
212
|
See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
|
@@ -213,12 +214,12 @@ class AuthBackendArgs:
|
|
213
214
|
return pulumi.get(self, "disable_remount")
|
214
215
|
|
215
216
|
@disable_remount.setter
|
216
|
-
def disable_remount(self, value: Optional[pulumi.Input[bool]]):
|
217
|
+
def disable_remount(self, value: Optional[pulumi.Input[builtins.bool]]):
|
217
218
|
pulumi.set(self, "disable_remount", value)
|
218
219
|
|
219
220
|
@property
|
220
221
|
@pulumi.getter(name="identityTokenAudience")
|
221
|
-
def identity_token_audience(self) -> Optional[pulumi.Input[str]]:
|
222
|
+
def identity_token_audience(self) -> Optional[pulumi.Input[builtins.str]]:
|
222
223
|
"""
|
223
224
|
The audience claim value for plugin identity
|
224
225
|
tokens. Must match an allowed audience configured for the target [Workload Identity Pool](https://cloud.google.com/iam/docs/workload-identity-federation-with-other-providers#prepare).
|
@@ -227,12 +228,12 @@ class AuthBackendArgs:
|
|
227
228
|
return pulumi.get(self, "identity_token_audience")
|
228
229
|
|
229
230
|
@identity_token_audience.setter
|
230
|
-
def identity_token_audience(self, value: Optional[pulumi.Input[str]]):
|
231
|
+
def identity_token_audience(self, value: Optional[pulumi.Input[builtins.str]]):
|
231
232
|
pulumi.set(self, "identity_token_audience", value)
|
232
233
|
|
233
234
|
@property
|
234
235
|
@pulumi.getter(name="identityTokenKey")
|
235
|
-
def identity_token_key(self) -> Optional[pulumi.Input[str]]:
|
236
|
+
def identity_token_key(self) -> Optional[pulumi.Input[builtins.str]]:
|
236
237
|
"""
|
237
238
|
The key to use for signing plugin identity
|
238
239
|
tokens. Requires Vault 1.17+. *Available only for Vault Enterprise*.
|
@@ -240,36 +241,36 @@ class AuthBackendArgs:
|
|
240
241
|
return pulumi.get(self, "identity_token_key")
|
241
242
|
|
242
243
|
@identity_token_key.setter
|
243
|
-
def identity_token_key(self, value: Optional[pulumi.Input[str]]):
|
244
|
+
def identity_token_key(self, value: Optional[pulumi.Input[builtins.str]]):
|
244
245
|
pulumi.set(self, "identity_token_key", value)
|
245
246
|
|
246
247
|
@property
|
247
248
|
@pulumi.getter(name="identityTokenTtl")
|
248
|
-
def identity_token_ttl(self) -> Optional[pulumi.Input[int]]:
|
249
|
+
def identity_token_ttl(self) -> Optional[pulumi.Input[builtins.int]]:
|
249
250
|
"""
|
250
251
|
The TTL of generated tokens.
|
251
252
|
"""
|
252
253
|
return pulumi.get(self, "identity_token_ttl")
|
253
254
|
|
254
255
|
@identity_token_ttl.setter
|
255
|
-
def identity_token_ttl(self, value: Optional[pulumi.Input[int]]):
|
256
|
+
def identity_token_ttl(self, value: Optional[pulumi.Input[builtins.int]]):
|
256
257
|
pulumi.set(self, "identity_token_ttl", value)
|
257
258
|
|
258
259
|
@property
|
259
260
|
@pulumi.getter
|
260
|
-
def local(self) -> Optional[pulumi.Input[bool]]:
|
261
|
+
def local(self) -> Optional[pulumi.Input[builtins.bool]]:
|
261
262
|
"""
|
262
263
|
Specifies if the auth method is local only.
|
263
264
|
"""
|
264
265
|
return pulumi.get(self, "local")
|
265
266
|
|
266
267
|
@local.setter
|
267
|
-
def local(self, value: Optional[pulumi.Input[bool]]):
|
268
|
+
def local(self, value: Optional[pulumi.Input[builtins.bool]]):
|
268
269
|
pulumi.set(self, "local", value)
|
269
270
|
|
270
271
|
@property
|
271
272
|
@pulumi.getter
|
272
|
-
def namespace(self) -> Optional[pulumi.Input[str]]:
|
273
|
+
def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
|
273
274
|
"""
|
274
275
|
The namespace to provision the resource in.
|
275
276
|
The value should not contain leading or trailing forward slashes.
|
@@ -279,48 +280,48 @@ class AuthBackendArgs:
|
|
279
280
|
return pulumi.get(self, "namespace")
|
280
281
|
|
281
282
|
@namespace.setter
|
282
|
-
def namespace(self, value: Optional[pulumi.Input[str]]):
|
283
|
+
def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
|
283
284
|
pulumi.set(self, "namespace", value)
|
284
285
|
|
285
286
|
@property
|
286
287
|
@pulumi.getter
|
287
|
-
def path(self) -> Optional[pulumi.Input[str]]:
|
288
|
+
def path(self) -> Optional[pulumi.Input[builtins.str]]:
|
288
289
|
"""
|
289
290
|
The path to mount the auth method — this defaults to 'gcp'.
|
290
291
|
"""
|
291
292
|
return pulumi.get(self, "path")
|
292
293
|
|
293
294
|
@path.setter
|
294
|
-
def path(self, value: Optional[pulumi.Input[str]]):
|
295
|
+
def path(self, value: Optional[pulumi.Input[builtins.str]]):
|
295
296
|
pulumi.set(self, "path", value)
|
296
297
|
|
297
298
|
@property
|
298
299
|
@pulumi.getter(name="privateKeyId")
|
299
|
-
def private_key_id(self) -> Optional[pulumi.Input[str]]:
|
300
|
+
def private_key_id(self) -> Optional[pulumi.Input[builtins.str]]:
|
300
301
|
"""
|
301
302
|
The ID of the private key from the credentials
|
302
303
|
"""
|
303
304
|
return pulumi.get(self, "private_key_id")
|
304
305
|
|
305
306
|
@private_key_id.setter
|
306
|
-
def private_key_id(self, value: Optional[pulumi.Input[str]]):
|
307
|
+
def private_key_id(self, value: Optional[pulumi.Input[builtins.str]]):
|
307
308
|
pulumi.set(self, "private_key_id", value)
|
308
309
|
|
309
310
|
@property
|
310
311
|
@pulumi.getter(name="projectId")
|
311
|
-
def project_id(self) -> Optional[pulumi.Input[str]]:
|
312
|
+
def project_id(self) -> Optional[pulumi.Input[builtins.str]]:
|
312
313
|
"""
|
313
314
|
The GCP Project ID
|
314
315
|
"""
|
315
316
|
return pulumi.get(self, "project_id")
|
316
317
|
|
317
318
|
@project_id.setter
|
318
|
-
def project_id(self, value: Optional[pulumi.Input[str]]):
|
319
|
+
def project_id(self, value: Optional[pulumi.Input[builtins.str]]):
|
319
320
|
pulumi.set(self, "project_id", value)
|
320
321
|
|
321
322
|
@property
|
322
323
|
@pulumi.getter(name="rotationPeriod")
|
323
|
-
def rotation_period(self) -> Optional[pulumi.Input[int]]:
|
324
|
+
def rotation_period(self) -> Optional[pulumi.Input[builtins.int]]:
|
324
325
|
"""
|
325
326
|
The amount of time in seconds Vault should wait before rotating the root credential.
|
326
327
|
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
@@ -328,12 +329,12 @@ class AuthBackendArgs:
|
|
328
329
|
return pulumi.get(self, "rotation_period")
|
329
330
|
|
330
331
|
@rotation_period.setter
|
331
|
-
def rotation_period(self, value: Optional[pulumi.Input[int]]):
|
332
|
+
def rotation_period(self, value: Optional[pulumi.Input[builtins.int]]):
|
332
333
|
pulumi.set(self, "rotation_period", value)
|
333
334
|
|
334
335
|
@property
|
335
336
|
@pulumi.getter(name="rotationSchedule")
|
336
|
-
def rotation_schedule(self) -> Optional[pulumi.Input[str]]:
|
337
|
+
def rotation_schedule(self) -> Optional[pulumi.Input[builtins.str]]:
|
337
338
|
"""
|
338
339
|
The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
339
340
|
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
@@ -341,12 +342,12 @@ class AuthBackendArgs:
|
|
341
342
|
return pulumi.get(self, "rotation_schedule")
|
342
343
|
|
343
344
|
@rotation_schedule.setter
|
344
|
-
def rotation_schedule(self, value: Optional[pulumi.Input[str]]):
|
345
|
+
def rotation_schedule(self, value: Optional[pulumi.Input[builtins.str]]):
|
345
346
|
pulumi.set(self, "rotation_schedule", value)
|
346
347
|
|
347
348
|
@property
|
348
349
|
@pulumi.getter(name="rotationWindow")
|
349
|
-
def rotation_window(self) -> Optional[pulumi.Input[int]]:
|
350
|
+
def rotation_window(self) -> Optional[pulumi.Input[builtins.int]]:
|
350
351
|
"""
|
351
352
|
The maximum amount of time in seconds allowed to complete
|
352
353
|
a rotation when a scheduled token rotation occurs. The default rotation window is
|
@@ -355,12 +356,12 @@ class AuthBackendArgs:
|
|
355
356
|
return pulumi.get(self, "rotation_window")
|
356
357
|
|
357
358
|
@rotation_window.setter
|
358
|
-
def rotation_window(self, value: Optional[pulumi.Input[int]]):
|
359
|
+
def rotation_window(self, value: Optional[pulumi.Input[builtins.int]]):
|
359
360
|
pulumi.set(self, "rotation_window", value)
|
360
361
|
|
361
362
|
@property
|
362
363
|
@pulumi.getter(name="serviceAccountEmail")
|
363
|
-
def service_account_email(self) -> Optional[pulumi.Input[str]]:
|
364
|
+
def service_account_email(self) -> Optional[pulumi.Input[builtins.str]]:
|
364
365
|
"""
|
365
366
|
Service Account to impersonate for plugin workload identity federation.
|
366
367
|
Required with `identity_token_audience`. Requires Vault 1.17+. *Available only for Vault Enterprise*.
|
@@ -368,7 +369,7 @@ class AuthBackendArgs:
|
|
368
369
|
return pulumi.get(self, "service_account_email")
|
369
370
|
|
370
371
|
@service_account_email.setter
|
371
|
-
def service_account_email(self, value: Optional[pulumi.Input[str]]):
|
372
|
+
def service_account_email(self, value: Optional[pulumi.Input[builtins.str]]):
|
372
373
|
pulumi.set(self, "service_account_email", value)
|
373
374
|
|
374
375
|
@property
|
@@ -389,33 +390,33 @@ class AuthBackendArgs:
|
|
389
390
|
@pulumi.input_type
|
390
391
|
class _AuthBackendState:
|
391
392
|
def __init__(__self__, *,
|
392
|
-
accessor: Optional[pulumi.Input[str]] = None,
|
393
|
-
client_email: Optional[pulumi.Input[str]] = None,
|
394
|
-
client_id: Optional[pulumi.Input[str]] = None,
|
395
|
-
credentials: Optional[pulumi.Input[str]] = None,
|
393
|
+
accessor: Optional[pulumi.Input[builtins.str]] = None,
|
394
|
+
client_email: Optional[pulumi.Input[builtins.str]] = None,
|
395
|
+
client_id: Optional[pulumi.Input[builtins.str]] = None,
|
396
|
+
credentials: Optional[pulumi.Input[builtins.str]] = None,
|
396
397
|
custom_endpoint: Optional[pulumi.Input['AuthBackendCustomEndpointArgs']] = None,
|
397
|
-
description: Optional[pulumi.Input[str]] = None,
|
398
|
-
disable_automated_rotation: Optional[pulumi.Input[bool]] = None,
|
399
|
-
disable_remount: Optional[pulumi.Input[bool]] = None,
|
400
|
-
identity_token_audience: Optional[pulumi.Input[str]] = None,
|
401
|
-
identity_token_key: Optional[pulumi.Input[str]] = None,
|
402
|
-
identity_token_ttl: Optional[pulumi.Input[int]] = None,
|
403
|
-
local: Optional[pulumi.Input[bool]] = None,
|
404
|
-
namespace: Optional[pulumi.Input[str]] = None,
|
405
|
-
path: Optional[pulumi.Input[str]] = None,
|
406
|
-
private_key_id: Optional[pulumi.Input[str]] = None,
|
407
|
-
project_id: Optional[pulumi.Input[str]] = None,
|
408
|
-
rotation_period: Optional[pulumi.Input[int]] = None,
|
409
|
-
rotation_schedule: Optional[pulumi.Input[str]] = None,
|
410
|
-
rotation_window: Optional[pulumi.Input[int]] = None,
|
411
|
-
service_account_email: Optional[pulumi.Input[str]] = None,
|
398
|
+
description: Optional[pulumi.Input[builtins.str]] = None,
|
399
|
+
disable_automated_rotation: Optional[pulumi.Input[builtins.bool]] = None,
|
400
|
+
disable_remount: Optional[pulumi.Input[builtins.bool]] = None,
|
401
|
+
identity_token_audience: Optional[pulumi.Input[builtins.str]] = None,
|
402
|
+
identity_token_key: Optional[pulumi.Input[builtins.str]] = None,
|
403
|
+
identity_token_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
404
|
+
local: Optional[pulumi.Input[builtins.bool]] = None,
|
405
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
406
|
+
path: Optional[pulumi.Input[builtins.str]] = None,
|
407
|
+
private_key_id: Optional[pulumi.Input[builtins.str]] = None,
|
408
|
+
project_id: Optional[pulumi.Input[builtins.str]] = None,
|
409
|
+
rotation_period: Optional[pulumi.Input[builtins.int]] = None,
|
410
|
+
rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
|
411
|
+
rotation_window: Optional[pulumi.Input[builtins.int]] = None,
|
412
|
+
service_account_email: Optional[pulumi.Input[builtins.str]] = None,
|
412
413
|
tune: Optional[pulumi.Input['AuthBackendTuneArgs']] = None):
|
413
414
|
"""
|
414
415
|
Input properties used for looking up and filtering AuthBackend resources.
|
415
|
-
:param pulumi.Input[str] accessor: The mount accessor related to the auth mount. It is useful for integration with [Identity Secrets Engine](https://www.vaultproject.io/docs/secrets/identity/index.html).
|
416
|
-
:param pulumi.Input[str] client_email: The clients email associated with the credentials
|
417
|
-
:param pulumi.Input[str] client_id: The Client ID of the credentials
|
418
|
-
:param pulumi.Input[str] credentials: A JSON string containing the contents of a GCP credentials file. If this value is empty, Vault will try to use Application Default Credentials from the machine on which the Vault server is running.
|
416
|
+
:param pulumi.Input[builtins.str] accessor: The mount accessor related to the auth mount. It is useful for integration with [Identity Secrets Engine](https://www.vaultproject.io/docs/secrets/identity/index.html).
|
417
|
+
:param pulumi.Input[builtins.str] client_email: The clients email associated with the credentials
|
418
|
+
:param pulumi.Input[builtins.str] client_id: The Client ID of the credentials
|
419
|
+
:param pulumi.Input[builtins.str] credentials: A JSON string containing the contents of a GCP credentials file. If this value is empty, Vault will try to use Application Default Credentials from the machine on which the Vault server is running.
|
419
420
|
:param pulumi.Input['AuthBackendCustomEndpointArgs'] custom_endpoint: Specifies overrides to
|
420
421
|
[service endpoints](https://cloud.google.com/apis/design/glossary#api_service_endpoint)
|
421
422
|
used when making API requests. This allows specific requests made during authentication
|
@@ -423,32 +424,32 @@ class _AuthBackendState:
|
|
423
424
|
environments. Requires Vault 1.11+.
|
424
425
|
|
425
426
|
Overrides are set at the subdomain level using the following keys:
|
426
|
-
:param pulumi.Input[str] description: A description of the auth method.
|
427
|
-
:param pulumi.Input[bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
428
|
-
:param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
|
427
|
+
:param pulumi.Input[builtins.str] description: A description of the auth method.
|
428
|
+
:param pulumi.Input[builtins.bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
429
|
+
:param pulumi.Input[builtins.bool] disable_remount: If set, opts out of mount migration on path updates.
|
429
430
|
See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
|
430
|
-
:param pulumi.Input[str] identity_token_audience: The audience claim value for plugin identity
|
431
|
+
:param pulumi.Input[builtins.str] identity_token_audience: The audience claim value for plugin identity
|
431
432
|
tokens. Must match an allowed audience configured for the target [Workload Identity Pool](https://cloud.google.com/iam/docs/workload-identity-federation-with-other-providers#prepare).
|
432
433
|
Mutually exclusive with `credentials`. Requires Vault 1.17+. *Available only for Vault Enterprise*.
|
433
|
-
:param pulumi.Input[str] identity_token_key: The key to use for signing plugin identity
|
434
|
+
:param pulumi.Input[builtins.str] identity_token_key: The key to use for signing plugin identity
|
434
435
|
tokens. Requires Vault 1.17+. *Available only for Vault Enterprise*.
|
435
|
-
:param pulumi.Input[int] identity_token_ttl: The TTL of generated tokens.
|
436
|
-
:param pulumi.Input[bool] local: Specifies if the auth method is local only.
|
437
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
436
|
+
:param pulumi.Input[builtins.int] identity_token_ttl: The TTL of generated tokens.
|
437
|
+
:param pulumi.Input[builtins.bool] local: Specifies if the auth method is local only.
|
438
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
438
439
|
The value should not contain leading or trailing forward slashes.
|
439
440
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
440
441
|
*Available only for Vault Enterprise*.
|
441
|
-
:param pulumi.Input[str] path: The path to mount the auth method — this defaults to 'gcp'.
|
442
|
-
:param pulumi.Input[str] private_key_id: The ID of the private key from the credentials
|
443
|
-
:param pulumi.Input[str] project_id: The GCP Project ID
|
444
|
-
:param pulumi.Input[int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
|
442
|
+
:param pulumi.Input[builtins.str] path: The path to mount the auth method — this defaults to 'gcp'.
|
443
|
+
:param pulumi.Input[builtins.str] private_key_id: The ID of the private key from the credentials
|
444
|
+
:param pulumi.Input[builtins.str] project_id: The GCP Project ID
|
445
|
+
:param pulumi.Input[builtins.int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
|
445
446
|
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
446
|
-
:param pulumi.Input[str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
447
|
+
:param pulumi.Input[builtins.str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
447
448
|
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
448
|
-
:param pulumi.Input[int] rotation_window: The maximum amount of time in seconds allowed to complete
|
449
|
+
:param pulumi.Input[builtins.int] rotation_window: The maximum amount of time in seconds allowed to complete
|
449
450
|
a rotation when a scheduled token rotation occurs. The default rotation window is
|
450
451
|
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
|
451
|
-
:param pulumi.Input[str] service_account_email: Service Account to impersonate for plugin workload identity federation.
|
452
|
+
:param pulumi.Input[builtins.str] service_account_email: Service Account to impersonate for plugin workload identity federation.
|
452
453
|
Required with `identity_token_audience`. Requires Vault 1.17+. *Available only for Vault Enterprise*.
|
453
454
|
:param pulumi.Input['AuthBackendTuneArgs'] tune: Extra configuration block. Structure is documented below.
|
454
455
|
|
@@ -499,50 +500,50 @@ class _AuthBackendState:
|
|
499
500
|
|
500
501
|
@property
|
501
502
|
@pulumi.getter
|
502
|
-
def accessor(self) -> Optional[pulumi.Input[str]]:
|
503
|
+
def accessor(self) -> Optional[pulumi.Input[builtins.str]]:
|
503
504
|
"""
|
504
505
|
The mount accessor related to the auth mount. It is useful for integration with [Identity Secrets Engine](https://www.vaultproject.io/docs/secrets/identity/index.html).
|
505
506
|
"""
|
506
507
|
return pulumi.get(self, "accessor")
|
507
508
|
|
508
509
|
@accessor.setter
|
509
|
-
def accessor(self, value: Optional[pulumi.Input[str]]):
|
510
|
+
def accessor(self, value: Optional[pulumi.Input[builtins.str]]):
|
510
511
|
pulumi.set(self, "accessor", value)
|
511
512
|
|
512
513
|
@property
|
513
514
|
@pulumi.getter(name="clientEmail")
|
514
|
-
def client_email(self) -> Optional[pulumi.Input[str]]:
|
515
|
+
def client_email(self) -> Optional[pulumi.Input[builtins.str]]:
|
515
516
|
"""
|
516
517
|
The clients email associated with the credentials
|
517
518
|
"""
|
518
519
|
return pulumi.get(self, "client_email")
|
519
520
|
|
520
521
|
@client_email.setter
|
521
|
-
def client_email(self, value: Optional[pulumi.Input[str]]):
|
522
|
+
def client_email(self, value: Optional[pulumi.Input[builtins.str]]):
|
522
523
|
pulumi.set(self, "client_email", value)
|
523
524
|
|
524
525
|
@property
|
525
526
|
@pulumi.getter(name="clientId")
|
526
|
-
def client_id(self) -> Optional[pulumi.Input[str]]:
|
527
|
+
def client_id(self) -> Optional[pulumi.Input[builtins.str]]:
|
527
528
|
"""
|
528
529
|
The Client ID of the credentials
|
529
530
|
"""
|
530
531
|
return pulumi.get(self, "client_id")
|
531
532
|
|
532
533
|
@client_id.setter
|
533
|
-
def client_id(self, value: Optional[pulumi.Input[str]]):
|
534
|
+
def client_id(self, value: Optional[pulumi.Input[builtins.str]]):
|
534
535
|
pulumi.set(self, "client_id", value)
|
535
536
|
|
536
537
|
@property
|
537
538
|
@pulumi.getter
|
538
|
-
def credentials(self) -> Optional[pulumi.Input[str]]:
|
539
|
+
def credentials(self) -> Optional[pulumi.Input[builtins.str]]:
|
539
540
|
"""
|
540
541
|
A JSON string containing the contents of a GCP credentials file. If this value is empty, Vault will try to use Application Default Credentials from the machine on which the Vault server is running.
|
541
542
|
"""
|
542
543
|
return pulumi.get(self, "credentials")
|
543
544
|
|
544
545
|
@credentials.setter
|
545
|
-
def credentials(self, value: Optional[pulumi.Input[str]]):
|
546
|
+
def credentials(self, value: Optional[pulumi.Input[builtins.str]]):
|
546
547
|
pulumi.set(self, "credentials", value)
|
547
548
|
|
548
549
|
@property
|
@@ -565,31 +566,31 @@ class _AuthBackendState:
|
|
565
566
|
|
566
567
|
@property
|
567
568
|
@pulumi.getter
|
568
|
-
def description(self) -> Optional[pulumi.Input[str]]:
|
569
|
+
def description(self) -> Optional[pulumi.Input[builtins.str]]:
|
569
570
|
"""
|
570
571
|
A description of the auth method.
|
571
572
|
"""
|
572
573
|
return pulumi.get(self, "description")
|
573
574
|
|
574
575
|
@description.setter
|
575
|
-
def description(self, value: Optional[pulumi.Input[str]]):
|
576
|
+
def description(self, value: Optional[pulumi.Input[builtins.str]]):
|
576
577
|
pulumi.set(self, "description", value)
|
577
578
|
|
578
579
|
@property
|
579
580
|
@pulumi.getter(name="disableAutomatedRotation")
|
580
|
-
def disable_automated_rotation(self) -> Optional[pulumi.Input[bool]]:
|
581
|
+
def disable_automated_rotation(self) -> Optional[pulumi.Input[builtins.bool]]:
|
581
582
|
"""
|
582
583
|
Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
583
584
|
"""
|
584
585
|
return pulumi.get(self, "disable_automated_rotation")
|
585
586
|
|
586
587
|
@disable_automated_rotation.setter
|
587
|
-
def disable_automated_rotation(self, value: Optional[pulumi.Input[bool]]):
|
588
|
+
def disable_automated_rotation(self, value: Optional[pulumi.Input[builtins.bool]]):
|
588
589
|
pulumi.set(self, "disable_automated_rotation", value)
|
589
590
|
|
590
591
|
@property
|
591
592
|
@pulumi.getter(name="disableRemount")
|
592
|
-
def disable_remount(self) -> Optional[pulumi.Input[bool]]:
|
593
|
+
def disable_remount(self) -> Optional[pulumi.Input[builtins.bool]]:
|
593
594
|
"""
|
594
595
|
If set, opts out of mount migration on path updates.
|
595
596
|
See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
|
@@ -597,12 +598,12 @@ class _AuthBackendState:
|
|
597
598
|
return pulumi.get(self, "disable_remount")
|
598
599
|
|
599
600
|
@disable_remount.setter
|
600
|
-
def disable_remount(self, value: Optional[pulumi.Input[bool]]):
|
601
|
+
def disable_remount(self, value: Optional[pulumi.Input[builtins.bool]]):
|
601
602
|
pulumi.set(self, "disable_remount", value)
|
602
603
|
|
603
604
|
@property
|
604
605
|
@pulumi.getter(name="identityTokenAudience")
|
605
|
-
def identity_token_audience(self) -> Optional[pulumi.Input[str]]:
|
606
|
+
def identity_token_audience(self) -> Optional[pulumi.Input[builtins.str]]:
|
606
607
|
"""
|
607
608
|
The audience claim value for plugin identity
|
608
609
|
tokens. Must match an allowed audience configured for the target [Workload Identity Pool](https://cloud.google.com/iam/docs/workload-identity-federation-with-other-providers#prepare).
|
@@ -611,12 +612,12 @@ class _AuthBackendState:
|
|
611
612
|
return pulumi.get(self, "identity_token_audience")
|
612
613
|
|
613
614
|
@identity_token_audience.setter
|
614
|
-
def identity_token_audience(self, value: Optional[pulumi.Input[str]]):
|
615
|
+
def identity_token_audience(self, value: Optional[pulumi.Input[builtins.str]]):
|
615
616
|
pulumi.set(self, "identity_token_audience", value)
|
616
617
|
|
617
618
|
@property
|
618
619
|
@pulumi.getter(name="identityTokenKey")
|
619
|
-
def identity_token_key(self) -> Optional[pulumi.Input[str]]:
|
620
|
+
def identity_token_key(self) -> Optional[pulumi.Input[builtins.str]]:
|
620
621
|
"""
|
621
622
|
The key to use for signing plugin identity
|
622
623
|
tokens. Requires Vault 1.17+. *Available only for Vault Enterprise*.
|
@@ -624,36 +625,36 @@ class _AuthBackendState:
|
|
624
625
|
return pulumi.get(self, "identity_token_key")
|
625
626
|
|
626
627
|
@identity_token_key.setter
|
627
|
-
def identity_token_key(self, value: Optional[pulumi.Input[str]]):
|
628
|
+
def identity_token_key(self, value: Optional[pulumi.Input[builtins.str]]):
|
628
629
|
pulumi.set(self, "identity_token_key", value)
|
629
630
|
|
630
631
|
@property
|
631
632
|
@pulumi.getter(name="identityTokenTtl")
|
632
|
-
def identity_token_ttl(self) -> Optional[pulumi.Input[int]]:
|
633
|
+
def identity_token_ttl(self) -> Optional[pulumi.Input[builtins.int]]:
|
633
634
|
"""
|
634
635
|
The TTL of generated tokens.
|
635
636
|
"""
|
636
637
|
return pulumi.get(self, "identity_token_ttl")
|
637
638
|
|
638
639
|
@identity_token_ttl.setter
|
639
|
-
def identity_token_ttl(self, value: Optional[pulumi.Input[int]]):
|
640
|
+
def identity_token_ttl(self, value: Optional[pulumi.Input[builtins.int]]):
|
640
641
|
pulumi.set(self, "identity_token_ttl", value)
|
641
642
|
|
642
643
|
@property
|
643
644
|
@pulumi.getter
|
644
|
-
def local(self) -> Optional[pulumi.Input[bool]]:
|
645
|
+
def local(self) -> Optional[pulumi.Input[builtins.bool]]:
|
645
646
|
"""
|
646
647
|
Specifies if the auth method is local only.
|
647
648
|
"""
|
648
649
|
return pulumi.get(self, "local")
|
649
650
|
|
650
651
|
@local.setter
|
651
|
-
def local(self, value: Optional[pulumi.Input[bool]]):
|
652
|
+
def local(self, value: Optional[pulumi.Input[builtins.bool]]):
|
652
653
|
pulumi.set(self, "local", value)
|
653
654
|
|
654
655
|
@property
|
655
656
|
@pulumi.getter
|
656
|
-
def namespace(self) -> Optional[pulumi.Input[str]]:
|
657
|
+
def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
|
657
658
|
"""
|
658
659
|
The namespace to provision the resource in.
|
659
660
|
The value should not contain leading or trailing forward slashes.
|
@@ -663,48 +664,48 @@ class _AuthBackendState:
|
|
663
664
|
return pulumi.get(self, "namespace")
|
664
665
|
|
665
666
|
@namespace.setter
|
666
|
-
def namespace(self, value: Optional[pulumi.Input[str]]):
|
667
|
+
def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
|
667
668
|
pulumi.set(self, "namespace", value)
|
668
669
|
|
669
670
|
@property
|
670
671
|
@pulumi.getter
|
671
|
-
def path(self) -> Optional[pulumi.Input[str]]:
|
672
|
+
def path(self) -> Optional[pulumi.Input[builtins.str]]:
|
672
673
|
"""
|
673
674
|
The path to mount the auth method — this defaults to 'gcp'.
|
674
675
|
"""
|
675
676
|
return pulumi.get(self, "path")
|
676
677
|
|
677
678
|
@path.setter
|
678
|
-
def path(self, value: Optional[pulumi.Input[str]]):
|
679
|
+
def path(self, value: Optional[pulumi.Input[builtins.str]]):
|
679
680
|
pulumi.set(self, "path", value)
|
680
681
|
|
681
682
|
@property
|
682
683
|
@pulumi.getter(name="privateKeyId")
|
683
|
-
def private_key_id(self) -> Optional[pulumi.Input[str]]:
|
684
|
+
def private_key_id(self) -> Optional[pulumi.Input[builtins.str]]:
|
684
685
|
"""
|
685
686
|
The ID of the private key from the credentials
|
686
687
|
"""
|
687
688
|
return pulumi.get(self, "private_key_id")
|
688
689
|
|
689
690
|
@private_key_id.setter
|
690
|
-
def private_key_id(self, value: Optional[pulumi.Input[str]]):
|
691
|
+
def private_key_id(self, value: Optional[pulumi.Input[builtins.str]]):
|
691
692
|
pulumi.set(self, "private_key_id", value)
|
692
693
|
|
693
694
|
@property
|
694
695
|
@pulumi.getter(name="projectId")
|
695
|
-
def project_id(self) -> Optional[pulumi.Input[str]]:
|
696
|
+
def project_id(self) -> Optional[pulumi.Input[builtins.str]]:
|
696
697
|
"""
|
697
698
|
The GCP Project ID
|
698
699
|
"""
|
699
700
|
return pulumi.get(self, "project_id")
|
700
701
|
|
701
702
|
@project_id.setter
|
702
|
-
def project_id(self, value: Optional[pulumi.Input[str]]):
|
703
|
+
def project_id(self, value: Optional[pulumi.Input[builtins.str]]):
|
703
704
|
pulumi.set(self, "project_id", value)
|
704
705
|
|
705
706
|
@property
|
706
707
|
@pulumi.getter(name="rotationPeriod")
|
707
|
-
def rotation_period(self) -> Optional[pulumi.Input[int]]:
|
708
|
+
def rotation_period(self) -> Optional[pulumi.Input[builtins.int]]:
|
708
709
|
"""
|
709
710
|
The amount of time in seconds Vault should wait before rotating the root credential.
|
710
711
|
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
@@ -712,12 +713,12 @@ class _AuthBackendState:
|
|
712
713
|
return pulumi.get(self, "rotation_period")
|
713
714
|
|
714
715
|
@rotation_period.setter
|
715
|
-
def rotation_period(self, value: Optional[pulumi.Input[int]]):
|
716
|
+
def rotation_period(self, value: Optional[pulumi.Input[builtins.int]]):
|
716
717
|
pulumi.set(self, "rotation_period", value)
|
717
718
|
|
718
719
|
@property
|
719
720
|
@pulumi.getter(name="rotationSchedule")
|
720
|
-
def rotation_schedule(self) -> Optional[pulumi.Input[str]]:
|
721
|
+
def rotation_schedule(self) -> Optional[pulumi.Input[builtins.str]]:
|
721
722
|
"""
|
722
723
|
The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
723
724
|
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
@@ -725,12 +726,12 @@ class _AuthBackendState:
|
|
725
726
|
return pulumi.get(self, "rotation_schedule")
|
726
727
|
|
727
728
|
@rotation_schedule.setter
|
728
|
-
def rotation_schedule(self, value: Optional[pulumi.Input[str]]):
|
729
|
+
def rotation_schedule(self, value: Optional[pulumi.Input[builtins.str]]):
|
729
730
|
pulumi.set(self, "rotation_schedule", value)
|
730
731
|
|
731
732
|
@property
|
732
733
|
@pulumi.getter(name="rotationWindow")
|
733
|
-
def rotation_window(self) -> Optional[pulumi.Input[int]]:
|
734
|
+
def rotation_window(self) -> Optional[pulumi.Input[builtins.int]]:
|
734
735
|
"""
|
735
736
|
The maximum amount of time in seconds allowed to complete
|
736
737
|
a rotation when a scheduled token rotation occurs. The default rotation window is
|
@@ -739,12 +740,12 @@ class _AuthBackendState:
|
|
739
740
|
return pulumi.get(self, "rotation_window")
|
740
741
|
|
741
742
|
@rotation_window.setter
|
742
|
-
def rotation_window(self, value: Optional[pulumi.Input[int]]):
|
743
|
+
def rotation_window(self, value: Optional[pulumi.Input[builtins.int]]):
|
743
744
|
pulumi.set(self, "rotation_window", value)
|
744
745
|
|
745
746
|
@property
|
746
747
|
@pulumi.getter(name="serviceAccountEmail")
|
747
|
-
def service_account_email(self) -> Optional[pulumi.Input[str]]:
|
748
|
+
def service_account_email(self) -> Optional[pulumi.Input[builtins.str]]:
|
748
749
|
"""
|
749
750
|
Service Account to impersonate for plugin workload identity federation.
|
750
751
|
Required with `identity_token_audience`. Requires Vault 1.17+. *Available only for Vault Enterprise*.
|
@@ -752,7 +753,7 @@ class _AuthBackendState:
|
|
752
753
|
return pulumi.get(self, "service_account_email")
|
753
754
|
|
754
755
|
@service_account_email.setter
|
755
|
-
def service_account_email(self, value: Optional[pulumi.Input[str]]):
|
756
|
+
def service_account_email(self, value: Optional[pulumi.Input[builtins.str]]):
|
756
757
|
pulumi.set(self, "service_account_email", value)
|
757
758
|
|
758
759
|
@property
|
@@ -775,25 +776,25 @@ class AuthBackend(pulumi.CustomResource):
|
|
775
776
|
def __init__(__self__,
|
776
777
|
resource_name: str,
|
777
778
|
opts: Optional[pulumi.ResourceOptions] = None,
|
778
|
-
client_email: Optional[pulumi.Input[str]] = None,
|
779
|
-
client_id: Optional[pulumi.Input[str]] = None,
|
780
|
-
credentials: Optional[pulumi.Input[str]] = None,
|
779
|
+
client_email: Optional[pulumi.Input[builtins.str]] = None,
|
780
|
+
client_id: Optional[pulumi.Input[builtins.str]] = None,
|
781
|
+
credentials: Optional[pulumi.Input[builtins.str]] = None,
|
781
782
|
custom_endpoint: Optional[pulumi.Input[Union['AuthBackendCustomEndpointArgs', 'AuthBackendCustomEndpointArgsDict']]] = None,
|
782
|
-
description: Optional[pulumi.Input[str]] = None,
|
783
|
-
disable_automated_rotation: Optional[pulumi.Input[bool]] = None,
|
784
|
-
disable_remount: Optional[pulumi.Input[bool]] = None,
|
785
|
-
identity_token_audience: Optional[pulumi.Input[str]] = None,
|
786
|
-
identity_token_key: Optional[pulumi.Input[str]] = None,
|
787
|
-
identity_token_ttl: Optional[pulumi.Input[int]] = None,
|
788
|
-
local: Optional[pulumi.Input[bool]] = None,
|
789
|
-
namespace: Optional[pulumi.Input[str]] = None,
|
790
|
-
path: Optional[pulumi.Input[str]] = None,
|
791
|
-
private_key_id: Optional[pulumi.Input[str]] = None,
|
792
|
-
project_id: Optional[pulumi.Input[str]] = None,
|
793
|
-
rotation_period: Optional[pulumi.Input[int]] = None,
|
794
|
-
rotation_schedule: Optional[pulumi.Input[str]] = None,
|
795
|
-
rotation_window: Optional[pulumi.Input[int]] = None,
|
796
|
-
service_account_email: Optional[pulumi.Input[str]] = None,
|
783
|
+
description: Optional[pulumi.Input[builtins.str]] = None,
|
784
|
+
disable_automated_rotation: Optional[pulumi.Input[builtins.bool]] = None,
|
785
|
+
disable_remount: Optional[pulumi.Input[builtins.bool]] = None,
|
786
|
+
identity_token_audience: Optional[pulumi.Input[builtins.str]] = None,
|
787
|
+
identity_token_key: Optional[pulumi.Input[builtins.str]] = None,
|
788
|
+
identity_token_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
789
|
+
local: Optional[pulumi.Input[builtins.bool]] = None,
|
790
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
791
|
+
path: Optional[pulumi.Input[builtins.str]] = None,
|
792
|
+
private_key_id: Optional[pulumi.Input[builtins.str]] = None,
|
793
|
+
project_id: Optional[pulumi.Input[builtins.str]] = None,
|
794
|
+
rotation_period: Optional[pulumi.Input[builtins.int]] = None,
|
795
|
+
rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
|
796
|
+
rotation_window: Optional[pulumi.Input[builtins.int]] = None,
|
797
|
+
service_account_email: Optional[pulumi.Input[builtins.str]] = None,
|
797
798
|
tune: Optional[pulumi.Input[Union['AuthBackendTuneArgs', 'AuthBackendTuneArgsDict']]] = None,
|
798
799
|
__props__=None):
|
799
800
|
"""
|
@@ -825,9 +826,9 @@ class AuthBackend(pulumi.CustomResource):
|
|
825
826
|
|
826
827
|
:param str resource_name: The name of the resource.
|
827
828
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
828
|
-
:param pulumi.Input[str] client_email: The clients email associated with the credentials
|
829
|
-
:param pulumi.Input[str] client_id: The Client ID of the credentials
|
830
|
-
:param pulumi.Input[str] credentials: A JSON string containing the contents of a GCP credentials file. If this value is empty, Vault will try to use Application Default Credentials from the machine on which the Vault server is running.
|
829
|
+
:param pulumi.Input[builtins.str] client_email: The clients email associated with the credentials
|
830
|
+
:param pulumi.Input[builtins.str] client_id: The Client ID of the credentials
|
831
|
+
:param pulumi.Input[builtins.str] credentials: A JSON string containing the contents of a GCP credentials file. If this value is empty, Vault will try to use Application Default Credentials from the machine on which the Vault server is running.
|
831
832
|
:param pulumi.Input[Union['AuthBackendCustomEndpointArgs', 'AuthBackendCustomEndpointArgsDict']] custom_endpoint: Specifies overrides to
|
832
833
|
[service endpoints](https://cloud.google.com/apis/design/glossary#api_service_endpoint)
|
833
834
|
used when making API requests. This allows specific requests made during authentication
|
@@ -835,32 +836,32 @@ class AuthBackend(pulumi.CustomResource):
|
|
835
836
|
environments. Requires Vault 1.11+.
|
836
837
|
|
837
838
|
Overrides are set at the subdomain level using the following keys:
|
838
|
-
:param pulumi.Input[str] description: A description of the auth method.
|
839
|
-
:param pulumi.Input[bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
840
|
-
:param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
|
839
|
+
:param pulumi.Input[builtins.str] description: A description of the auth method.
|
840
|
+
:param pulumi.Input[builtins.bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
841
|
+
:param pulumi.Input[builtins.bool] disable_remount: If set, opts out of mount migration on path updates.
|
841
842
|
See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
|
842
|
-
:param pulumi.Input[str] identity_token_audience: The audience claim value for plugin identity
|
843
|
+
:param pulumi.Input[builtins.str] identity_token_audience: The audience claim value for plugin identity
|
843
844
|
tokens. Must match an allowed audience configured for the target [Workload Identity Pool](https://cloud.google.com/iam/docs/workload-identity-federation-with-other-providers#prepare).
|
844
845
|
Mutually exclusive with `credentials`. Requires Vault 1.17+. *Available only for Vault Enterprise*.
|
845
|
-
:param pulumi.Input[str] identity_token_key: The key to use for signing plugin identity
|
846
|
+
:param pulumi.Input[builtins.str] identity_token_key: The key to use for signing plugin identity
|
846
847
|
tokens. Requires Vault 1.17+. *Available only for Vault Enterprise*.
|
847
|
-
:param pulumi.Input[int] identity_token_ttl: The TTL of generated tokens.
|
848
|
-
:param pulumi.Input[bool] local: Specifies if the auth method is local only.
|
849
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
848
|
+
:param pulumi.Input[builtins.int] identity_token_ttl: The TTL of generated tokens.
|
849
|
+
:param pulumi.Input[builtins.bool] local: Specifies if the auth method is local only.
|
850
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
850
851
|
The value should not contain leading or trailing forward slashes.
|
851
852
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
852
853
|
*Available only for Vault Enterprise*.
|
853
|
-
:param pulumi.Input[str] path: The path to mount the auth method — this defaults to 'gcp'.
|
854
|
-
:param pulumi.Input[str] private_key_id: The ID of the private key from the credentials
|
855
|
-
:param pulumi.Input[str] project_id: The GCP Project ID
|
856
|
-
:param pulumi.Input[int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
|
854
|
+
:param pulumi.Input[builtins.str] path: The path to mount the auth method — this defaults to 'gcp'.
|
855
|
+
:param pulumi.Input[builtins.str] private_key_id: The ID of the private key from the credentials
|
856
|
+
:param pulumi.Input[builtins.str] project_id: The GCP Project ID
|
857
|
+
:param pulumi.Input[builtins.int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
|
857
858
|
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
858
|
-
:param pulumi.Input[str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
859
|
+
:param pulumi.Input[builtins.str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
859
860
|
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
860
|
-
:param pulumi.Input[int] rotation_window: The maximum amount of time in seconds allowed to complete
|
861
|
+
:param pulumi.Input[builtins.int] rotation_window: The maximum amount of time in seconds allowed to complete
|
861
862
|
a rotation when a scheduled token rotation occurs. The default rotation window is
|
862
863
|
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
|
863
|
-
:param pulumi.Input[str] service_account_email: Service Account to impersonate for plugin workload identity federation.
|
864
|
+
:param pulumi.Input[builtins.str] service_account_email: Service Account to impersonate for plugin workload identity federation.
|
864
865
|
Required with `identity_token_audience`. Requires Vault 1.17+. *Available only for Vault Enterprise*.
|
865
866
|
:param pulumi.Input[Union['AuthBackendTuneArgs', 'AuthBackendTuneArgsDict']] tune: Extra configuration block. Structure is documented below.
|
866
867
|
|
@@ -914,25 +915,25 @@ class AuthBackend(pulumi.CustomResource):
|
|
914
915
|
def _internal_init(__self__,
|
915
916
|
resource_name: str,
|
916
917
|
opts: Optional[pulumi.ResourceOptions] = None,
|
917
|
-
client_email: Optional[pulumi.Input[str]] = None,
|
918
|
-
client_id: Optional[pulumi.Input[str]] = None,
|
919
|
-
credentials: Optional[pulumi.Input[str]] = None,
|
918
|
+
client_email: Optional[pulumi.Input[builtins.str]] = None,
|
919
|
+
client_id: Optional[pulumi.Input[builtins.str]] = None,
|
920
|
+
credentials: Optional[pulumi.Input[builtins.str]] = None,
|
920
921
|
custom_endpoint: Optional[pulumi.Input[Union['AuthBackendCustomEndpointArgs', 'AuthBackendCustomEndpointArgsDict']]] = None,
|
921
|
-
description: Optional[pulumi.Input[str]] = None,
|
922
|
-
disable_automated_rotation: Optional[pulumi.Input[bool]] = None,
|
923
|
-
disable_remount: Optional[pulumi.Input[bool]] = None,
|
924
|
-
identity_token_audience: Optional[pulumi.Input[str]] = None,
|
925
|
-
identity_token_key: Optional[pulumi.Input[str]] = None,
|
926
|
-
identity_token_ttl: Optional[pulumi.Input[int]] = None,
|
927
|
-
local: Optional[pulumi.Input[bool]] = None,
|
928
|
-
namespace: Optional[pulumi.Input[str]] = None,
|
929
|
-
path: Optional[pulumi.Input[str]] = None,
|
930
|
-
private_key_id: Optional[pulumi.Input[str]] = None,
|
931
|
-
project_id: Optional[pulumi.Input[str]] = None,
|
932
|
-
rotation_period: Optional[pulumi.Input[int]] = None,
|
933
|
-
rotation_schedule: Optional[pulumi.Input[str]] = None,
|
934
|
-
rotation_window: Optional[pulumi.Input[int]] = None,
|
935
|
-
service_account_email: Optional[pulumi.Input[str]] = None,
|
922
|
+
description: Optional[pulumi.Input[builtins.str]] = None,
|
923
|
+
disable_automated_rotation: Optional[pulumi.Input[builtins.bool]] = None,
|
924
|
+
disable_remount: Optional[pulumi.Input[builtins.bool]] = None,
|
925
|
+
identity_token_audience: Optional[pulumi.Input[builtins.str]] = None,
|
926
|
+
identity_token_key: Optional[pulumi.Input[builtins.str]] = None,
|
927
|
+
identity_token_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
928
|
+
local: Optional[pulumi.Input[builtins.bool]] = None,
|
929
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
930
|
+
path: Optional[pulumi.Input[builtins.str]] = None,
|
931
|
+
private_key_id: Optional[pulumi.Input[builtins.str]] = None,
|
932
|
+
project_id: Optional[pulumi.Input[builtins.str]] = None,
|
933
|
+
rotation_period: Optional[pulumi.Input[builtins.int]] = None,
|
934
|
+
rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
|
935
|
+
rotation_window: Optional[pulumi.Input[builtins.int]] = None,
|
936
|
+
service_account_email: Optional[pulumi.Input[builtins.str]] = None,
|
936
937
|
tune: Optional[pulumi.Input[Union['AuthBackendTuneArgs', 'AuthBackendTuneArgsDict']]] = None,
|
937
938
|
__props__=None):
|
938
939
|
opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
|
@@ -976,26 +977,26 @@ class AuthBackend(pulumi.CustomResource):
|
|
976
977
|
def get(resource_name: str,
|
977
978
|
id: pulumi.Input[str],
|
978
979
|
opts: Optional[pulumi.ResourceOptions] = None,
|
979
|
-
accessor: Optional[pulumi.Input[str]] = None,
|
980
|
-
client_email: Optional[pulumi.Input[str]] = None,
|
981
|
-
client_id: Optional[pulumi.Input[str]] = None,
|
982
|
-
credentials: Optional[pulumi.Input[str]] = None,
|
980
|
+
accessor: Optional[pulumi.Input[builtins.str]] = None,
|
981
|
+
client_email: Optional[pulumi.Input[builtins.str]] = None,
|
982
|
+
client_id: Optional[pulumi.Input[builtins.str]] = None,
|
983
|
+
credentials: Optional[pulumi.Input[builtins.str]] = None,
|
983
984
|
custom_endpoint: Optional[pulumi.Input[Union['AuthBackendCustomEndpointArgs', 'AuthBackendCustomEndpointArgsDict']]] = None,
|
984
|
-
description: Optional[pulumi.Input[str]] = None,
|
985
|
-
disable_automated_rotation: Optional[pulumi.Input[bool]] = None,
|
986
|
-
disable_remount: Optional[pulumi.Input[bool]] = None,
|
987
|
-
identity_token_audience: Optional[pulumi.Input[str]] = None,
|
988
|
-
identity_token_key: Optional[pulumi.Input[str]] = None,
|
989
|
-
identity_token_ttl: Optional[pulumi.Input[int]] = None,
|
990
|
-
local: Optional[pulumi.Input[bool]] = None,
|
991
|
-
namespace: Optional[pulumi.Input[str]] = None,
|
992
|
-
path: Optional[pulumi.Input[str]] = None,
|
993
|
-
private_key_id: Optional[pulumi.Input[str]] = None,
|
994
|
-
project_id: Optional[pulumi.Input[str]] = None,
|
995
|
-
rotation_period: Optional[pulumi.Input[int]] = None,
|
996
|
-
rotation_schedule: Optional[pulumi.Input[str]] = None,
|
997
|
-
rotation_window: Optional[pulumi.Input[int]] = None,
|
998
|
-
service_account_email: Optional[pulumi.Input[str]] = None,
|
985
|
+
description: Optional[pulumi.Input[builtins.str]] = None,
|
986
|
+
disable_automated_rotation: Optional[pulumi.Input[builtins.bool]] = None,
|
987
|
+
disable_remount: Optional[pulumi.Input[builtins.bool]] = None,
|
988
|
+
identity_token_audience: Optional[pulumi.Input[builtins.str]] = None,
|
989
|
+
identity_token_key: Optional[pulumi.Input[builtins.str]] = None,
|
990
|
+
identity_token_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
991
|
+
local: Optional[pulumi.Input[builtins.bool]] = None,
|
992
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
993
|
+
path: Optional[pulumi.Input[builtins.str]] = None,
|
994
|
+
private_key_id: Optional[pulumi.Input[builtins.str]] = None,
|
995
|
+
project_id: Optional[pulumi.Input[builtins.str]] = None,
|
996
|
+
rotation_period: Optional[pulumi.Input[builtins.int]] = None,
|
997
|
+
rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
|
998
|
+
rotation_window: Optional[pulumi.Input[builtins.int]] = None,
|
999
|
+
service_account_email: Optional[pulumi.Input[builtins.str]] = None,
|
999
1000
|
tune: Optional[pulumi.Input[Union['AuthBackendTuneArgs', 'AuthBackendTuneArgsDict']]] = None) -> 'AuthBackend':
|
1000
1001
|
"""
|
1001
1002
|
Get an existing AuthBackend resource's state with the given name, id, and optional extra
|
@@ -1004,10 +1005,10 @@ class AuthBackend(pulumi.CustomResource):
|
|
1004
1005
|
:param str resource_name: The unique name of the resulting resource.
|
1005
1006
|
:param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
|
1006
1007
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
1007
|
-
:param pulumi.Input[str] accessor: The mount accessor related to the auth mount. It is useful for integration with [Identity Secrets Engine](https://www.vaultproject.io/docs/secrets/identity/index.html).
|
1008
|
-
:param pulumi.Input[str] client_email: The clients email associated with the credentials
|
1009
|
-
:param pulumi.Input[str] client_id: The Client ID of the credentials
|
1010
|
-
:param pulumi.Input[str] credentials: A JSON string containing the contents of a GCP credentials file. If this value is empty, Vault will try to use Application Default Credentials from the machine on which the Vault server is running.
|
1008
|
+
:param pulumi.Input[builtins.str] accessor: The mount accessor related to the auth mount. It is useful for integration with [Identity Secrets Engine](https://www.vaultproject.io/docs/secrets/identity/index.html).
|
1009
|
+
:param pulumi.Input[builtins.str] client_email: The clients email associated with the credentials
|
1010
|
+
:param pulumi.Input[builtins.str] client_id: The Client ID of the credentials
|
1011
|
+
:param pulumi.Input[builtins.str] credentials: A JSON string containing the contents of a GCP credentials file. If this value is empty, Vault will try to use Application Default Credentials from the machine on which the Vault server is running.
|
1011
1012
|
:param pulumi.Input[Union['AuthBackendCustomEndpointArgs', 'AuthBackendCustomEndpointArgsDict']] custom_endpoint: Specifies overrides to
|
1012
1013
|
[service endpoints](https://cloud.google.com/apis/design/glossary#api_service_endpoint)
|
1013
1014
|
used when making API requests. This allows specific requests made during authentication
|
@@ -1015,32 +1016,32 @@ class AuthBackend(pulumi.CustomResource):
|
|
1015
1016
|
environments. Requires Vault 1.11+.
|
1016
1017
|
|
1017
1018
|
Overrides are set at the subdomain level using the following keys:
|
1018
|
-
:param pulumi.Input[str] description: A description of the auth method.
|
1019
|
-
:param pulumi.Input[bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
1020
|
-
:param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
|
1019
|
+
:param pulumi.Input[builtins.str] description: A description of the auth method.
|
1020
|
+
:param pulumi.Input[builtins.bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
1021
|
+
:param pulumi.Input[builtins.bool] disable_remount: If set, opts out of mount migration on path updates.
|
1021
1022
|
See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
|
1022
|
-
:param pulumi.Input[str] identity_token_audience: The audience claim value for plugin identity
|
1023
|
+
:param pulumi.Input[builtins.str] identity_token_audience: The audience claim value for plugin identity
|
1023
1024
|
tokens. Must match an allowed audience configured for the target [Workload Identity Pool](https://cloud.google.com/iam/docs/workload-identity-federation-with-other-providers#prepare).
|
1024
1025
|
Mutually exclusive with `credentials`. Requires Vault 1.17+. *Available only for Vault Enterprise*.
|
1025
|
-
:param pulumi.Input[str] identity_token_key: The key to use for signing plugin identity
|
1026
|
+
:param pulumi.Input[builtins.str] identity_token_key: The key to use for signing plugin identity
|
1026
1027
|
tokens. Requires Vault 1.17+. *Available only for Vault Enterprise*.
|
1027
|
-
:param pulumi.Input[int] identity_token_ttl: The TTL of generated tokens.
|
1028
|
-
:param pulumi.Input[bool] local: Specifies if the auth method is local only.
|
1029
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
1028
|
+
:param pulumi.Input[builtins.int] identity_token_ttl: The TTL of generated tokens.
|
1029
|
+
:param pulumi.Input[builtins.bool] local: Specifies if the auth method is local only.
|
1030
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
1030
1031
|
The value should not contain leading or trailing forward slashes.
|
1031
1032
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
1032
1033
|
*Available only for Vault Enterprise*.
|
1033
|
-
:param pulumi.Input[str] path: The path to mount the auth method — this defaults to 'gcp'.
|
1034
|
-
:param pulumi.Input[str] private_key_id: The ID of the private key from the credentials
|
1035
|
-
:param pulumi.Input[str] project_id: The GCP Project ID
|
1036
|
-
:param pulumi.Input[int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
|
1034
|
+
:param pulumi.Input[builtins.str] path: The path to mount the auth method — this defaults to 'gcp'.
|
1035
|
+
:param pulumi.Input[builtins.str] private_key_id: The ID of the private key from the credentials
|
1036
|
+
:param pulumi.Input[builtins.str] project_id: The GCP Project ID
|
1037
|
+
:param pulumi.Input[builtins.int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
|
1037
1038
|
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
1038
|
-
:param pulumi.Input[str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
1039
|
+
:param pulumi.Input[builtins.str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
1039
1040
|
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
1040
|
-
:param pulumi.Input[int] rotation_window: The maximum amount of time in seconds allowed to complete
|
1041
|
+
:param pulumi.Input[builtins.int] rotation_window: The maximum amount of time in seconds allowed to complete
|
1041
1042
|
a rotation when a scheduled token rotation occurs. The default rotation window is
|
1042
1043
|
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
|
1043
|
-
:param pulumi.Input[str] service_account_email: Service Account to impersonate for plugin workload identity federation.
|
1044
|
+
:param pulumi.Input[builtins.str] service_account_email: Service Account to impersonate for plugin workload identity federation.
|
1044
1045
|
Required with `identity_token_audience`. Requires Vault 1.17+. *Available only for Vault Enterprise*.
|
1045
1046
|
:param pulumi.Input[Union['AuthBackendTuneArgs', 'AuthBackendTuneArgsDict']] tune: Extra configuration block. Structure is documented below.
|
1046
1047
|
|
@@ -1075,7 +1076,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1075
1076
|
|
1076
1077
|
@property
|
1077
1078
|
@pulumi.getter
|
1078
|
-
def accessor(self) -> pulumi.Output[str]:
|
1079
|
+
def accessor(self) -> pulumi.Output[builtins.str]:
|
1079
1080
|
"""
|
1080
1081
|
The mount accessor related to the auth mount. It is useful for integration with [Identity Secrets Engine](https://www.vaultproject.io/docs/secrets/identity/index.html).
|
1081
1082
|
"""
|
@@ -1083,7 +1084,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1083
1084
|
|
1084
1085
|
@property
|
1085
1086
|
@pulumi.getter(name="clientEmail")
|
1086
|
-
def client_email(self) -> pulumi.Output[str]:
|
1087
|
+
def client_email(self) -> pulumi.Output[builtins.str]:
|
1087
1088
|
"""
|
1088
1089
|
The clients email associated with the credentials
|
1089
1090
|
"""
|
@@ -1091,7 +1092,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1091
1092
|
|
1092
1093
|
@property
|
1093
1094
|
@pulumi.getter(name="clientId")
|
1094
|
-
def client_id(self) -> pulumi.Output[str]:
|
1095
|
+
def client_id(self) -> pulumi.Output[builtins.str]:
|
1095
1096
|
"""
|
1096
1097
|
The Client ID of the credentials
|
1097
1098
|
"""
|
@@ -1099,7 +1100,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1099
1100
|
|
1100
1101
|
@property
|
1101
1102
|
@pulumi.getter
|
1102
|
-
def credentials(self) -> pulumi.Output[Optional[str]]:
|
1103
|
+
def credentials(self) -> pulumi.Output[Optional[builtins.str]]:
|
1103
1104
|
"""
|
1104
1105
|
A JSON string containing the contents of a GCP credentials file. If this value is empty, Vault will try to use Application Default Credentials from the machine on which the Vault server is running.
|
1105
1106
|
"""
|
@@ -1121,7 +1122,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1121
1122
|
|
1122
1123
|
@property
|
1123
1124
|
@pulumi.getter
|
1124
|
-
def description(self) -> pulumi.Output[Optional[str]]:
|
1125
|
+
def description(self) -> pulumi.Output[Optional[builtins.str]]:
|
1125
1126
|
"""
|
1126
1127
|
A description of the auth method.
|
1127
1128
|
"""
|
@@ -1129,7 +1130,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1129
1130
|
|
1130
1131
|
@property
|
1131
1132
|
@pulumi.getter(name="disableAutomatedRotation")
|
1132
|
-
def disable_automated_rotation(self) -> pulumi.Output[Optional[bool]]:
|
1133
|
+
def disable_automated_rotation(self) -> pulumi.Output[Optional[builtins.bool]]:
|
1133
1134
|
"""
|
1134
1135
|
Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
1135
1136
|
"""
|
@@ -1137,7 +1138,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1137
1138
|
|
1138
1139
|
@property
|
1139
1140
|
@pulumi.getter(name="disableRemount")
|
1140
|
-
def disable_remount(self) -> pulumi.Output[Optional[bool]]:
|
1141
|
+
def disable_remount(self) -> pulumi.Output[Optional[builtins.bool]]:
|
1141
1142
|
"""
|
1142
1143
|
If set, opts out of mount migration on path updates.
|
1143
1144
|
See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
|
@@ -1146,7 +1147,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1146
1147
|
|
1147
1148
|
@property
|
1148
1149
|
@pulumi.getter(name="identityTokenAudience")
|
1149
|
-
def identity_token_audience(self) -> pulumi.Output[Optional[str]]:
|
1150
|
+
def identity_token_audience(self) -> pulumi.Output[Optional[builtins.str]]:
|
1150
1151
|
"""
|
1151
1152
|
The audience claim value for plugin identity
|
1152
1153
|
tokens. Must match an allowed audience configured for the target [Workload Identity Pool](https://cloud.google.com/iam/docs/workload-identity-federation-with-other-providers#prepare).
|
@@ -1156,7 +1157,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1156
1157
|
|
1157
1158
|
@property
|
1158
1159
|
@pulumi.getter(name="identityTokenKey")
|
1159
|
-
def identity_token_key(self) -> pulumi.Output[Optional[str]]:
|
1160
|
+
def identity_token_key(self) -> pulumi.Output[Optional[builtins.str]]:
|
1160
1161
|
"""
|
1161
1162
|
The key to use for signing plugin identity
|
1162
1163
|
tokens. Requires Vault 1.17+. *Available only for Vault Enterprise*.
|
@@ -1165,7 +1166,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1165
1166
|
|
1166
1167
|
@property
|
1167
1168
|
@pulumi.getter(name="identityTokenTtl")
|
1168
|
-
def identity_token_ttl(self) -> pulumi.Output[Optional[int]]:
|
1169
|
+
def identity_token_ttl(self) -> pulumi.Output[Optional[builtins.int]]:
|
1169
1170
|
"""
|
1170
1171
|
The TTL of generated tokens.
|
1171
1172
|
"""
|
@@ -1173,7 +1174,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1173
1174
|
|
1174
1175
|
@property
|
1175
1176
|
@pulumi.getter
|
1176
|
-
def local(self) -> pulumi.Output[Optional[bool]]:
|
1177
|
+
def local(self) -> pulumi.Output[Optional[builtins.bool]]:
|
1177
1178
|
"""
|
1178
1179
|
Specifies if the auth method is local only.
|
1179
1180
|
"""
|
@@ -1181,7 +1182,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1181
1182
|
|
1182
1183
|
@property
|
1183
1184
|
@pulumi.getter
|
1184
|
-
def namespace(self) -> pulumi.Output[Optional[str]]:
|
1185
|
+
def namespace(self) -> pulumi.Output[Optional[builtins.str]]:
|
1185
1186
|
"""
|
1186
1187
|
The namespace to provision the resource in.
|
1187
1188
|
The value should not contain leading or trailing forward slashes.
|
@@ -1192,7 +1193,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1192
1193
|
|
1193
1194
|
@property
|
1194
1195
|
@pulumi.getter
|
1195
|
-
def path(self) -> pulumi.Output[Optional[str]]:
|
1196
|
+
def path(self) -> pulumi.Output[Optional[builtins.str]]:
|
1196
1197
|
"""
|
1197
1198
|
The path to mount the auth method — this defaults to 'gcp'.
|
1198
1199
|
"""
|
@@ -1200,7 +1201,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1200
1201
|
|
1201
1202
|
@property
|
1202
1203
|
@pulumi.getter(name="privateKeyId")
|
1203
|
-
def private_key_id(self) -> pulumi.Output[str]:
|
1204
|
+
def private_key_id(self) -> pulumi.Output[builtins.str]:
|
1204
1205
|
"""
|
1205
1206
|
The ID of the private key from the credentials
|
1206
1207
|
"""
|
@@ -1208,7 +1209,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1208
1209
|
|
1209
1210
|
@property
|
1210
1211
|
@pulumi.getter(name="projectId")
|
1211
|
-
def project_id(self) -> pulumi.Output[str]:
|
1212
|
+
def project_id(self) -> pulumi.Output[builtins.str]:
|
1212
1213
|
"""
|
1213
1214
|
The GCP Project ID
|
1214
1215
|
"""
|
@@ -1216,7 +1217,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1216
1217
|
|
1217
1218
|
@property
|
1218
1219
|
@pulumi.getter(name="rotationPeriod")
|
1219
|
-
def rotation_period(self) -> pulumi.Output[Optional[int]]:
|
1220
|
+
def rotation_period(self) -> pulumi.Output[Optional[builtins.int]]:
|
1220
1221
|
"""
|
1221
1222
|
The amount of time in seconds Vault should wait before rotating the root credential.
|
1222
1223
|
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
@@ -1225,7 +1226,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1225
1226
|
|
1226
1227
|
@property
|
1227
1228
|
@pulumi.getter(name="rotationSchedule")
|
1228
|
-
def rotation_schedule(self) -> pulumi.Output[Optional[str]]:
|
1229
|
+
def rotation_schedule(self) -> pulumi.Output[Optional[builtins.str]]:
|
1229
1230
|
"""
|
1230
1231
|
The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
1231
1232
|
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
@@ -1234,7 +1235,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1234
1235
|
|
1235
1236
|
@property
|
1236
1237
|
@pulumi.getter(name="rotationWindow")
|
1237
|
-
def rotation_window(self) -> pulumi.Output[Optional[int]]:
|
1238
|
+
def rotation_window(self) -> pulumi.Output[Optional[builtins.int]]:
|
1238
1239
|
"""
|
1239
1240
|
The maximum amount of time in seconds allowed to complete
|
1240
1241
|
a rotation when a scheduled token rotation occurs. The default rotation window is
|
@@ -1244,7 +1245,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
1244
1245
|
|
1245
1246
|
@property
|
1246
1247
|
@pulumi.getter(name="serviceAccountEmail")
|
1247
|
-
def service_account_email(self) -> pulumi.Output[Optional[str]]:
|
1248
|
+
def service_account_email(self) -> pulumi.Output[Optional[builtins.str]]:
|
1248
1249
|
"""
|
1249
1250
|
Service Account to impersonate for plugin workload identity federation.
|
1250
1251
|
Required with `identity_token_audience`. Requires Vault 1.17+. *Available only for Vault Enterprise*.
|